@objectstack/spec 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (174) hide show
  1. package/README.md +73 -1
  2. package/dist/api/contract.zod.d.ts +1733 -0
  3. package/dist/api/contract.zod.d.ts.map +1 -0
  4. package/dist/api/contract.zod.js +138 -0
  5. package/dist/data/dataset.zod.d.ts +2 -2
  6. package/dist/data/field.zod.d.ts +1648 -10
  7. package/dist/data/field.zod.d.ts.map +1 -1
  8. package/dist/data/field.zod.js +149 -8
  9. package/dist/data/filter.zod.d.ts +295 -0
  10. package/dist/data/filter.zod.d.ts.map +1 -0
  11. package/dist/data/filter.zod.js +226 -0
  12. package/dist/data/mapping.zod.d.ts +215 -2
  13. package/dist/data/mapping.zod.d.ts.map +1 -1
  14. package/dist/data/object.zod.d.ts +505 -25
  15. package/dist/data/object.zod.d.ts.map +1 -1
  16. package/dist/data/object.zod.js +32 -5
  17. package/dist/data/query.zod.d.ts +349 -0
  18. package/dist/data/query.zod.d.ts.map +1 -1
  19. package/dist/data/query.zod.js +77 -1
  20. package/dist/data/trigger.zod.d.ts +354 -0
  21. package/dist/data/trigger.zod.d.ts.map +1 -0
  22. package/dist/data/trigger.zod.js +195 -0
  23. package/dist/data/validation.zod.d.ts +83 -43
  24. package/dist/data/validation.zod.d.ts.map +1 -1
  25. package/dist/data/validation.zod.js +51 -5
  26. package/dist/index.d.ts +10 -0
  27. package/dist/index.d.ts.map +1 -1
  28. package/dist/index.js +11 -0
  29. package/dist/system/api.zod.d.ts +130 -4
  30. package/dist/system/api.zod.d.ts.map +1 -1
  31. package/dist/system/api.zod.js +4 -1
  32. package/dist/system/auth.zod.d.ts +2287 -0
  33. package/dist/system/auth.zod.d.ts.map +1 -0
  34. package/dist/system/auth.zod.js +365 -0
  35. package/dist/system/datasource.zod.d.ts +193 -30
  36. package/dist/system/datasource.zod.d.ts.map +1 -1
  37. package/dist/system/datasource.zod.js +58 -11
  38. package/dist/system/discovery.zod.d.ts +174 -0
  39. package/dist/system/discovery.zod.d.ts.map +1 -0
  40. package/dist/system/discovery.zod.js +53 -0
  41. package/dist/system/driver.zod.d.ts +1631 -0
  42. package/dist/system/driver.zod.d.ts.map +1 -0
  43. package/dist/system/driver.zod.js +337 -0
  44. package/dist/system/license.zod.d.ts +2 -2
  45. package/dist/system/manifest.zod.d.ts +323 -52
  46. package/dist/system/manifest.zod.d.ts.map +1 -1
  47. package/dist/system/manifest.zod.js +91 -17
  48. package/dist/system/plugin.zod.d.ts +3516 -0
  49. package/dist/system/plugin.zod.d.ts.map +1 -0
  50. package/dist/system/plugin.zod.js +226 -0
  51. package/dist/system/policy.zod.d.ts +10 -10
  52. package/dist/system/territory.zod.d.ts +1 -1
  53. package/dist/system/webhook.zod.d.ts +3 -3
  54. package/dist/ui/action.zod.d.ts +19 -12
  55. package/dist/ui/action.zod.d.ts.map +1 -1
  56. package/dist/ui/action.zod.js +7 -1
  57. package/dist/ui/app.zod.d.ts +109 -3
  58. package/dist/ui/app.zod.d.ts.map +1 -1
  59. package/dist/ui/app.zod.js +13 -2
  60. package/dist/ui/dashboard.zod.d.ts +19 -13
  61. package/dist/ui/dashboard.zod.d.ts.map +1 -1
  62. package/dist/ui/dashboard.zod.js +10 -3
  63. package/dist/ui/page.zod.d.ts +6 -6
  64. package/dist/ui/report.zod.d.ts +13 -32
  65. package/dist/ui/report.zod.d.ts.map +1 -1
  66. package/dist/ui/report.zod.js +10 -9
  67. package/dist/ui/theme.zod.d.ts +1221 -0
  68. package/dist/ui/theme.zod.d.ts.map +1 -0
  69. package/dist/ui/theme.zod.js +202 -0
  70. package/dist/ui/widget.zod.d.ts +350 -0
  71. package/dist/ui/widget.zod.d.ts.map +1 -0
  72. package/dist/ui/widget.zod.js +66 -0
  73. package/json-schema/AccountLinkingConfig.json +27 -0
  74. package/json-schema/Action.json +8 -2
  75. package/json-schema/ActionParam.json +8 -2
  76. package/json-schema/Address.json +40 -0
  77. package/json-schema/AggregationFunction.json +19 -0
  78. package/json-schema/AggregationNode.json +42 -0
  79. package/json-schema/Animation.json +56 -0
  80. package/json-schema/ApiCapabilities.json +28 -0
  81. package/json-schema/ApiError.json +27 -0
  82. package/json-schema/ApiRoutes.json +41 -0
  83. package/json-schema/App.json +13 -2
  84. package/json-schema/AsyncValidation.json +70 -0
  85. package/json-schema/AuthConfig.json +606 -0
  86. package/json-schema/AuthPluginConfig.json +28 -0
  87. package/json-schema/AuthStrategy.json +17 -0
  88. package/json-schema/AuthenticationConfig.json +601 -0
  89. package/json-schema/AuthenticationProvider.json +617 -0
  90. package/json-schema/BaseResponse.json +63 -0
  91. package/json-schema/BorderRadius.json +44 -0
  92. package/json-schema/Breakpoints.json +36 -0
  93. package/json-schema/BulkRequest.json +29 -0
  94. package/json-schema/BulkResponse.json +108 -0
  95. package/json-schema/CSRFConfig.json +31 -0
  96. package/json-schema/ColorPalette.json +83 -0
  97. package/json-schema/ComparisonOperator.json +56 -0
  98. package/json-schema/ConditionalValidation.json +793 -0
  99. package/json-schema/CreateRequest.json +20 -0
  100. package/json-schema/CrossFieldValidation.json +56 -0
  101. package/json-schema/CustomValidator.json +57 -0
  102. package/json-schema/Dashboard.json +20 -0
  103. package/json-schema/DashboardWidget.json +20 -0
  104. package/json-schema/DatabaseAdapter.json +38 -0
  105. package/json-schema/Datasource.json +25 -23
  106. package/json-schema/DatasourceCapabilities.json +25 -5
  107. package/json-schema/DeleteResponse.json +68 -0
  108. package/json-schema/Discovery.json +114 -0
  109. package/json-schema/DriverCapabilities.json +69 -0
  110. package/json-schema/DriverDefinition.json +86 -0
  111. package/json-schema/DriverInterface.json +88 -0
  112. package/json-schema/DriverOptions.json +23 -0
  113. package/json-schema/DriverType.json +1 -18
  114. package/json-schema/EmailPasswordConfig.json +43 -0
  115. package/json-schema/EqualityOperator.json +14 -0
  116. package/json-schema/ExportRequest.json +786 -0
  117. package/json-schema/Field.json +75 -4
  118. package/json-schema/FieldOperators.json +108 -0
  119. package/json-schema/FieldType.json +8 -2
  120. package/json-schema/FieldWidgetProps.json +327 -0
  121. package/json-schema/FilterCondition.json +28 -0
  122. package/json-schema/I18nContext.json +12 -0
  123. package/json-schema/JoinNode.json +455 -0
  124. package/json-schema/JoinType.json +15 -0
  125. package/json-schema/ListRecordResponse.json +103 -0
  126. package/json-schema/LocationCoordinates.json +36 -0
  127. package/json-schema/Logger.json +25 -0
  128. package/json-schema/MagicLinkConfig.json +21 -0
  129. package/json-schema/Manifest.json +243 -18
  130. package/json-schema/Mapping.json +328 -0
  131. package/json-schema/ModificationResult.json +46 -0
  132. package/json-schema/NormalizedFilter.json +348 -0
  133. package/json-schema/OAuthProvider.json +66 -0
  134. package/json-schema/Object.json +103 -6
  135. package/json-schema/ObjectCapabilities.json +26 -0
  136. package/json-schema/ObjectQLClient.json +12 -0
  137. package/json-schema/PasskeyConfig.json +54 -0
  138. package/json-schema/Plugin.json +20 -0
  139. package/json-schema/PluginContext.json +91 -0
  140. package/json-schema/PluginLifecycle.json +11 -0
  141. package/json-schema/Query.json +328 -0
  142. package/json-schema/QueryFilter.json +34 -0
  143. package/json-schema/RangeOperator.json +41 -0
  144. package/json-schema/RateLimitConfig.json +36 -0
  145. package/json-schema/RecordData.json +11 -0
  146. package/json-schema/Report.json +20 -26
  147. package/json-schema/Router.json +12 -0
  148. package/json-schema/Scheduler.json +12 -0
  149. package/json-schema/ScopedStorage.json +12 -0
  150. package/json-schema/SessionConfig.json +56 -0
  151. package/json-schema/SetOperator.json +18 -0
  152. package/json-schema/Shadow.json +44 -0
  153. package/json-schema/SingleRecordResponse.json +69 -0
  154. package/json-schema/Spacing.json +64 -0
  155. package/json-schema/SpecialOperator.json +18 -0
  156. package/json-schema/StandardAuthProvider.json +622 -0
  157. package/json-schema/StringOperator.json +21 -0
  158. package/json-schema/SystemAPI.json +12 -0
  159. package/json-schema/Theme.json +543 -0
  160. package/json-schema/ThemeMode.json +14 -0
  161. package/json-schema/Trigger.json +73 -0
  162. package/json-schema/TriggerAction.json +14 -0
  163. package/json-schema/TriggerContext.json +61 -0
  164. package/json-schema/TriggerTiming.json +13 -0
  165. package/json-schema/TwoFactorConfig.json +40 -0
  166. package/json-schema/Typography.json +142 -0
  167. package/json-schema/UpdateRequest.json +20 -0
  168. package/json-schema/UserFieldMapping.json +47 -0
  169. package/json-schema/ValidationRule.json +583 -0
  170. package/json-schema/WindowFunction.json +24 -0
  171. package/json-schema/WindowFunctionNode.json +104 -0
  172. package/json-schema/WindowSpec.json +65 -0
  173. package/json-schema/ZIndex.json +44 -0
  174. package/package.json +8 -3
package/dist/system/auth.zod.d.ts ADDED
@@ -0,0 +1,2287 @@
1
+ import { z } from 'zod';
2
+ /**
3
+ * Authentication Protocol
4
+ *
5
+ * Defines the standard authentication specification for the ObjectStack ecosystem.
6
+ * This protocol supports multiple authentication strategies, session management,
7
+ * and comprehensive security features.
8
+ *
9
+ * This is a framework-agnostic specification that can be implemented with any
10
+ * authentication library (better-auth, Auth.js, Passport, etc.)
11
+ */
12
+ /**
13
+ * Supported authentication strategies
14
+ */
15
+ export declare const AuthStrategy: z.ZodEnum<["email_password", "magic_link", "oauth", "passkey", "otp", "anonymous"]>;
16
+ export type AuthStrategy = z.infer<typeof AuthStrategy>;
17
+ /**
18
+ * OAuth Provider Configuration
19
+ * Supports popular OAuth2 providers
20
+ */
21
+ export declare const OAuthProviderSchema: z.ZodObject<{
22
+ provider: z.ZodEnum<["google", "github", "facebook", "twitter", "linkedin", "microsoft", "apple", "discord", "gitlab", "custom"]>;
23
+ clientId: z.ZodString;
24
+ clientSecret: z.ZodString;
25
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
26
+ redirectUri: z.ZodOptional<z.ZodString>;
27
+ enabled: z.ZodDefault<z.ZodBoolean>;
28
+ displayName: z.ZodOptional<z.ZodString>;
29
+ icon: z.ZodOptional<z.ZodString>;
30
+ }, "strip", z.ZodTypeAny, {
31
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
32
+ enabled: boolean;
33
+ clientId: string;
34
+ clientSecret: string;
35
+ icon?: string | undefined;
36
+ scopes?: string[] | undefined;
37
+ redirectUri?: string | undefined;
38
+ displayName?: string | undefined;
39
+ }, {
40
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
41
+ clientId: string;
42
+ clientSecret: string;
43
+ icon?: string | undefined;
44
+ enabled?: boolean | undefined;
45
+ scopes?: string[] | undefined;
46
+ redirectUri?: string | undefined;
47
+ displayName?: string | undefined;
48
+ }>;
49
+ export type OAuthProvider = z.infer<typeof OAuthProviderSchema>;
50
+ /**
51
+ * Email & Password Strategy Configuration
52
+ */
53
+ export declare const EmailPasswordConfigSchema: z.ZodObject<{
54
+ enabled: z.ZodDefault<z.ZodBoolean>;
55
+ requireEmailVerification: z.ZodDefault<z.ZodBoolean>;
56
+ minPasswordLength: z.ZodDefault<z.ZodNumber>;
57
+ requirePasswordComplexity: z.ZodDefault<z.ZodBoolean>;
58
+ allowPasswordReset: z.ZodDefault<z.ZodBoolean>;
59
+ passwordResetExpiry: z.ZodDefault<z.ZodNumber>;
60
+ }, "strip", z.ZodTypeAny, {
61
+ enabled: boolean;
62
+ requireEmailVerification: boolean;
63
+ minPasswordLength: number;
64
+ requirePasswordComplexity: boolean;
65
+ allowPasswordReset: boolean;
66
+ passwordResetExpiry: number;
67
+ }, {
68
+ enabled?: boolean | undefined;
69
+ requireEmailVerification?: boolean | undefined;
70
+ minPasswordLength?: number | undefined;
71
+ requirePasswordComplexity?: boolean | undefined;
72
+ allowPasswordReset?: boolean | undefined;
73
+ passwordResetExpiry?: number | undefined;
74
+ }>;
75
+ export type EmailPasswordConfig = z.infer<typeof EmailPasswordConfigSchema>;
76
+ /**
77
+ * Magic Link Strategy Configuration
78
+ */
79
+ export declare const MagicLinkConfigSchema: z.ZodObject<{
80
+ enabled: z.ZodDefault<z.ZodBoolean>;
81
+ expiryTime: z.ZodDefault<z.ZodNumber>;
82
+ sendEmail: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
83
+ to: z.ZodString;
84
+ link: z.ZodString;
85
+ token: z.ZodString;
86
+ }, "strip", z.ZodTypeAny, {
87
+ to: string;
88
+ link: string;
89
+ token: string;
90
+ }, {
91
+ to: string;
92
+ link: string;
93
+ token: string;
94
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
95
+ }, "strip", z.ZodTypeAny, {
96
+ enabled: boolean;
97
+ expiryTime: number;
98
+ sendEmail?: ((args_0: {
99
+ to: string;
100
+ link: string;
101
+ token: string;
102
+ }, ...args: unknown[]) => Promise<void>) | undefined;
103
+ }, {
104
+ enabled?: boolean | undefined;
105
+ expiryTime?: number | undefined;
106
+ sendEmail?: ((args_0: {
107
+ to: string;
108
+ link: string;
109
+ token: string;
110
+ }, ...args: unknown[]) => Promise<void>) | undefined;
111
+ }>;
112
+ export type MagicLinkConfig = z.infer<typeof MagicLinkConfigSchema>;
113
+ /**
114
+ * Passkey (WebAuthn) Strategy Configuration
115
+ */
116
+ export declare const PasskeyConfigSchema: z.ZodObject<{
117
+ enabled: z.ZodDefault<z.ZodBoolean>;
118
+ rpName: z.ZodString;
119
+ rpId: z.ZodOptional<z.ZodString>;
120
+ allowedOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
121
+ userVerification: z.ZodDefault<z.ZodEnum<["required", "preferred", "discouraged"]>>;
122
+ attestation: z.ZodDefault<z.ZodEnum<["none", "indirect", "direct", "enterprise"]>>;
123
+ }, "strip", z.ZodTypeAny, {
124
+ enabled: boolean;
125
+ rpName: string;
126
+ userVerification: "required" | "preferred" | "discouraged";
127
+ attestation: "none" | "indirect" | "direct" | "enterprise";
128
+ rpId?: string | undefined;
129
+ allowedOrigins?: string[] | undefined;
130
+ }, {
131
+ rpName: string;
132
+ enabled?: boolean | undefined;
133
+ rpId?: string | undefined;
134
+ allowedOrigins?: string[] | undefined;
135
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
136
+ attestation?: "none" | "indirect" | "direct" | "enterprise" | undefined;
137
+ }>;
138
+ export type PasskeyConfig = z.infer<typeof PasskeyConfigSchema>;
139
+ /**
140
+ * Session Configuration
141
+ */
142
+ export declare const SessionConfigSchema: z.ZodObject<{
143
+ expiresIn: z.ZodDefault<z.ZodNumber>;
144
+ updateAge: z.ZodDefault<z.ZodNumber>;
145
+ cookieName: z.ZodDefault<z.ZodString>;
146
+ cookieSecure: z.ZodDefault<z.ZodBoolean>;
147
+ cookieSameSite: z.ZodDefault<z.ZodEnum<["strict", "lax", "none"]>>;
148
+ cookieDomain: z.ZodOptional<z.ZodString>;
149
+ cookiePath: z.ZodDefault<z.ZodString>;
150
+ cookieHttpOnly: z.ZodDefault<z.ZodBoolean>;
151
+ }, "strip", z.ZodTypeAny, {
152
+ expiresIn: number;
153
+ updateAge: number;
154
+ cookieName: string;
155
+ cookieSecure: boolean;
156
+ cookieSameSite: "strict" | "none" | "lax";
157
+ cookiePath: string;
158
+ cookieHttpOnly: boolean;
159
+ cookieDomain?: string | undefined;
160
+ }, {
161
+ expiresIn?: number | undefined;
162
+ updateAge?: number | undefined;
163
+ cookieName?: string | undefined;
164
+ cookieSecure?: boolean | undefined;
165
+ cookieSameSite?: "strict" | "none" | "lax" | undefined;
166
+ cookieDomain?: string | undefined;
167
+ cookiePath?: string | undefined;
168
+ cookieHttpOnly?: boolean | undefined;
169
+ }>;
170
+ export type SessionConfig = z.infer<typeof SessionConfigSchema>;
171
+ /**
172
+ * Rate Limiting Configuration
173
+ */
174
+ export declare const RateLimitConfigSchema: z.ZodObject<{
175
+ enabled: z.ZodDefault<z.ZodBoolean>;
176
+ maxAttempts: z.ZodDefault<z.ZodNumber>;
177
+ windowMs: z.ZodDefault<z.ZodNumber>;
178
+ blockDuration: z.ZodDefault<z.ZodNumber>;
179
+ skipSuccessfulRequests: z.ZodDefault<z.ZodBoolean>;
180
+ }, "strip", z.ZodTypeAny, {
181
+ enabled: boolean;
182
+ windowMs: number;
183
+ maxAttempts: number;
184
+ blockDuration: number;
185
+ skipSuccessfulRequests: boolean;
186
+ }, {
187
+ enabled?: boolean | undefined;
188
+ windowMs?: number | undefined;
189
+ maxAttempts?: number | undefined;
190
+ blockDuration?: number | undefined;
191
+ skipSuccessfulRequests?: boolean | undefined;
192
+ }>;
193
+ export type RateLimitConfig = z.infer<typeof RateLimitConfigSchema>;
194
+ /**
195
+ * CSRF Protection Configuration
196
+ */
197
+ export declare const CSRFConfigSchema: z.ZodObject<{
198
+ enabled: z.ZodDefault<z.ZodBoolean>;
199
+ tokenLength: z.ZodDefault<z.ZodNumber>;
200
+ cookieName: z.ZodDefault<z.ZodString>;
201
+ headerName: z.ZodDefault<z.ZodString>;
202
+ }, "strip", z.ZodTypeAny, {
203
+ enabled: boolean;
204
+ cookieName: string;
205
+ tokenLength: number;
206
+ headerName: string;
207
+ }, {
208
+ enabled?: boolean | undefined;
209
+ cookieName?: string | undefined;
210
+ tokenLength?: number | undefined;
211
+ headerName?: string | undefined;
212
+ }>;
213
+ export type CSRFConfig = z.infer<typeof CSRFConfigSchema>;
214
+ /**
215
+ * Account Linking Configuration
216
+ * Allows linking multiple auth methods to a single user account
217
+ */
218
+ export declare const AccountLinkingConfigSchema: z.ZodObject<{
219
+ enabled: z.ZodDefault<z.ZodBoolean>;
220
+ autoLink: z.ZodDefault<z.ZodBoolean>;
221
+ requireVerification: z.ZodDefault<z.ZodBoolean>;
222
+ }, "strip", z.ZodTypeAny, {
223
+ enabled: boolean;
224
+ autoLink: boolean;
225
+ requireVerification: boolean;
226
+ }, {
227
+ enabled?: boolean | undefined;
228
+ autoLink?: boolean | undefined;
229
+ requireVerification?: boolean | undefined;
230
+ }>;
231
+ export type AccountLinkingConfig = z.infer<typeof AccountLinkingConfigSchema>;
232
+ /**
233
+ * Two-Factor Authentication (2FA) Configuration
234
+ */
235
+ export declare const TwoFactorConfigSchema: z.ZodObject<{
236
+ enabled: z.ZodDefault<z.ZodBoolean>;
237
+ issuer: z.ZodOptional<z.ZodString>;
238
+ qrCodeSize: z.ZodDefault<z.ZodNumber>;
239
+ backupCodes: z.ZodOptional<z.ZodObject<{
240
+ enabled: z.ZodDefault<z.ZodBoolean>;
241
+ count: z.ZodDefault<z.ZodNumber>;
242
+ }, "strip", z.ZodTypeAny, {
243
+ count: number;
244
+ enabled: boolean;
245
+ }, {
246
+ count?: number | undefined;
247
+ enabled?: boolean | undefined;
248
+ }>>;
249
+ }, "strip", z.ZodTypeAny, {
250
+ enabled: boolean;
251
+ qrCodeSize: number;
252
+ issuer?: string | undefined;
253
+ backupCodes?: {
254
+ count: number;
255
+ enabled: boolean;
256
+ } | undefined;
257
+ }, {
258
+ enabled?: boolean | undefined;
259
+ issuer?: string | undefined;
260
+ qrCodeSize?: number | undefined;
261
+ backupCodes?: {
262
+ count?: number | undefined;
263
+ enabled?: boolean | undefined;
264
+ } | undefined;
265
+ }>;
266
+ export type TwoFactorConfig = z.infer<typeof TwoFactorConfigSchema>;
267
+ /**
268
+ * User Field Mapping Configuration
269
+ * Maps authentication user fields to ObjectStack user object fields
270
+ */
271
+ export declare const UserFieldMappingSchema: z.ZodObject<{
272
+ id: z.ZodDefault<z.ZodString>;
273
+ email: z.ZodDefault<z.ZodString>;
274
+ name: z.ZodDefault<z.ZodString>;
275
+ image: z.ZodOptional<z.ZodDefault<z.ZodString>>;
276
+ emailVerified: z.ZodDefault<z.ZodString>;
277
+ createdAt: z.ZodDefault<z.ZodString>;
278
+ updatedAt: z.ZodDefault<z.ZodString>;
279
+ }, "strip", z.ZodTypeAny, {
280
+ email: string;
281
+ name: string;
282
+ id: string;
283
+ emailVerified: string;
284
+ createdAt: string;
285
+ updatedAt: string;
286
+ image?: string | undefined;
287
+ }, {
288
+ email?: string | undefined;
289
+ image?: string | undefined;
290
+ name?: string | undefined;
291
+ id?: string | undefined;
292
+ emailVerified?: string | undefined;
293
+ createdAt?: string | undefined;
294
+ updatedAt?: string | undefined;
295
+ }>;
296
+ export type UserFieldMapping = z.infer<typeof UserFieldMappingSchema>;
297
+ /**
298
+ * Database Adapter Configuration
299
+ */
300
+ export declare const DatabaseAdapterSchema: z.ZodObject<{
301
+ type: z.ZodEnum<["prisma", "drizzle", "kysely", "custom"]>;
302
+ connectionString: z.ZodOptional<z.ZodString>;
303
+ tablePrefix: z.ZodDefault<z.ZodString>;
304
+ schema: z.ZodOptional<z.ZodString>;
305
+ }, "strip", z.ZodTypeAny, {
306
+ type: "custom" | "prisma" | "drizzle" | "kysely";
307
+ tablePrefix: string;
308
+ connectionString?: string | undefined;
309
+ schema?: string | undefined;
310
+ }, {
311
+ type: "custom" | "prisma" | "drizzle" | "kysely";
312
+ connectionString?: string | undefined;
313
+ tablePrefix?: string | undefined;
314
+ schema?: string | undefined;
315
+ }>;
316
+ export type DatabaseAdapter = z.infer<typeof DatabaseAdapterSchema>;
317
+ /**
318
+ * Authentication Plugin Configuration
319
+ * Extends authentication with additional features
320
+ */
321
+ export declare const AuthPluginConfigSchema: z.ZodObject<{
322
+ name: z.ZodString;
323
+ enabled: z.ZodDefault<z.ZodBoolean>;
324
+ options: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
325
+ }, "strip", z.ZodTypeAny, {
326
+ name: string;
327
+ enabled: boolean;
328
+ options?: Record<string, any> | undefined;
329
+ }, {
330
+ name: string;
331
+ options?: Record<string, any> | undefined;
332
+ enabled?: boolean | undefined;
333
+ }>;
334
+ export type AuthPluginConfig = z.infer<typeof AuthPluginConfigSchema>;
335
+ /**
336
+ * Complete Authentication Configuration Schema
337
+ *
338
+ * This is the main configuration object for authentication
339
+ * in an ObjectStack application.
340
+ *
341
+ * @example
342
+ * ```typescript
343
+ * const authConfig: AuthConfig = {
344
+ * name: 'main_auth',
345
+ * label: 'Main Authentication',
346
+ * strategies: ['email_password', 'oauth'],
347
+ * baseUrl: 'https://app.example.com',
348
+ * secret: process.env.AUTH_SECRET,
349
+ * driver: 'better-auth', // Optional, defaults to 'better-auth'
350
+ * emailPassword: {
351
+ * enabled: true,
352
+ * minPasswordLength: 8,
353
+ * },
354
+ * oauth: {
355
+ * providers: [{
356
+ * provider: 'google',
357
+ * clientId: process.env.GOOGLE_CLIENT_ID,
358
+ * clientSecret: process.env.GOOGLE_CLIENT_SECRET,
359
+ * }],
360
+ * },
361
+ * session: {
362
+ * expiresIn: 604800, // 7 days
363
+ * },
364
+ * };
365
+ * ```
366
+ */
367
+ export declare const AuthConfigSchema: z.ZodObject<{
368
+ /**
369
+ * Unique identifier for this auth configuration
370
+ * Must be in snake_case following ObjectStack conventions
371
+ */
372
+ name: z.ZodString;
373
+ /**
374
+ * Human-readable label
375
+ */
376
+ label: z.ZodString;
377
+ /**
378
+ * The underlying authentication implementation driver
379
+ * Default: 'better-auth' (the reference implementation)
380
+ * Can be: 'better-auth', 'auth-js', 'passport', or custom driver name
381
+ */
382
+ driver: z.ZodDefault<z.ZodString>;
383
+ /**
384
+ * Enabled authentication strategies
385
+ */
386
+ strategies: z.ZodArray<z.ZodEnum<["email_password", "magic_link", "oauth", "passkey", "otp", "anonymous"]>, "many">;
387
+ /**
388
+ * Base URL for the application
389
+ */
390
+ baseUrl: z.ZodString;
391
+ /**
392
+ * Secret key for signing tokens and cookies
393
+ * Should be loaded from environment variables
394
+ */
395
+ secret: z.ZodString;
396
+ /**
397
+ * Email & Password configuration
398
+ */
399
+ emailPassword: z.ZodOptional<z.ZodObject<{
400
+ enabled: z.ZodDefault<z.ZodBoolean>;
401
+ requireEmailVerification: z.ZodDefault<z.ZodBoolean>;
402
+ minPasswordLength: z.ZodDefault<z.ZodNumber>;
403
+ requirePasswordComplexity: z.ZodDefault<z.ZodBoolean>;
404
+ allowPasswordReset: z.ZodDefault<z.ZodBoolean>;
405
+ passwordResetExpiry: z.ZodDefault<z.ZodNumber>;
406
+ }, "strip", z.ZodTypeAny, {
407
+ enabled: boolean;
408
+ requireEmailVerification: boolean;
409
+ minPasswordLength: number;
410
+ requirePasswordComplexity: boolean;
411
+ allowPasswordReset: boolean;
412
+ passwordResetExpiry: number;
413
+ }, {
414
+ enabled?: boolean | undefined;
415
+ requireEmailVerification?: boolean | undefined;
416
+ minPasswordLength?: number | undefined;
417
+ requirePasswordComplexity?: boolean | undefined;
418
+ allowPasswordReset?: boolean | undefined;
419
+ passwordResetExpiry?: number | undefined;
420
+ }>>;
421
+ /**
422
+ * Magic Link configuration
423
+ */
424
+ magicLink: z.ZodOptional<z.ZodObject<{
425
+ enabled: z.ZodDefault<z.ZodBoolean>;
426
+ expiryTime: z.ZodDefault<z.ZodNumber>;
427
+ sendEmail: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
428
+ to: z.ZodString;
429
+ link: z.ZodString;
430
+ token: z.ZodString;
431
+ }, "strip", z.ZodTypeAny, {
432
+ to: string;
433
+ link: string;
434
+ token: string;
435
+ }, {
436
+ to: string;
437
+ link: string;
438
+ token: string;
439
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
440
+ }, "strip", z.ZodTypeAny, {
441
+ enabled: boolean;
442
+ expiryTime: number;
443
+ sendEmail?: ((args_0: {
444
+ to: string;
445
+ link: string;
446
+ token: string;
447
+ }, ...args: unknown[]) => Promise<void>) | undefined;
448
+ }, {
449
+ enabled?: boolean | undefined;
450
+ expiryTime?: number | undefined;
451
+ sendEmail?: ((args_0: {
452
+ to: string;
453
+ link: string;
454
+ token: string;
455
+ }, ...args: unknown[]) => Promise<void>) | undefined;
456
+ }>>;
457
+ /**
458
+ * Passkey (WebAuthn) configuration
459
+ */
460
+ passkey: z.ZodOptional<z.ZodObject<{
461
+ enabled: z.ZodDefault<z.ZodBoolean>;
462
+ rpName: z.ZodString;
463
+ rpId: z.ZodOptional<z.ZodString>;
464
+ allowedOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
465
+ userVerification: z.ZodDefault<z.ZodEnum<["required", "preferred", "discouraged"]>>;
466
+ attestation: z.ZodDefault<z.ZodEnum<["none", "indirect", "direct", "enterprise"]>>;
467
+ }, "strip", z.ZodTypeAny, {
468
+ enabled: boolean;
469
+ rpName: string;
470
+ userVerification: "required" | "preferred" | "discouraged";
471
+ attestation: "none" | "indirect" | "direct" | "enterprise";
472
+ rpId?: string | undefined;
473
+ allowedOrigins?: string[] | undefined;
474
+ }, {
475
+ rpName: string;
476
+ enabled?: boolean | undefined;
477
+ rpId?: string | undefined;
478
+ allowedOrigins?: string[] | undefined;
479
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
480
+ attestation?: "none" | "indirect" | "direct" | "enterprise" | undefined;
481
+ }>>;
482
+ /**
483
+ * OAuth configuration
484
+ */
485
+ oauth: z.ZodOptional<z.ZodObject<{
486
+ providers: z.ZodArray<z.ZodObject<{
487
+ provider: z.ZodEnum<["google", "github", "facebook", "twitter", "linkedin", "microsoft", "apple", "discord", "gitlab", "custom"]>;
488
+ clientId: z.ZodString;
489
+ clientSecret: z.ZodString;
490
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
491
+ redirectUri: z.ZodOptional<z.ZodString>;
492
+ enabled: z.ZodDefault<z.ZodBoolean>;
493
+ displayName: z.ZodOptional<z.ZodString>;
494
+ icon: z.ZodOptional<z.ZodString>;
495
+ }, "strip", z.ZodTypeAny, {
496
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
497
+ enabled: boolean;
498
+ clientId: string;
499
+ clientSecret: string;
500
+ icon?: string | undefined;
501
+ scopes?: string[] | undefined;
502
+ redirectUri?: string | undefined;
503
+ displayName?: string | undefined;
504
+ }, {
505
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
506
+ clientId: string;
507
+ clientSecret: string;
508
+ icon?: string | undefined;
509
+ enabled?: boolean | undefined;
510
+ scopes?: string[] | undefined;
511
+ redirectUri?: string | undefined;
512
+ displayName?: string | undefined;
513
+ }>, "many">;
514
+ }, "strip", z.ZodTypeAny, {
515
+ providers: {
516
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
517
+ enabled: boolean;
518
+ clientId: string;
519
+ clientSecret: string;
520
+ icon?: string | undefined;
521
+ scopes?: string[] | undefined;
522
+ redirectUri?: string | undefined;
523
+ displayName?: string | undefined;
524
+ }[];
525
+ }, {
526
+ providers: {
527
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
528
+ clientId: string;
529
+ clientSecret: string;
530
+ icon?: string | undefined;
531
+ enabled?: boolean | undefined;
532
+ scopes?: string[] | undefined;
533
+ redirectUri?: string | undefined;
534
+ displayName?: string | undefined;
535
+ }[];
536
+ }>>;
537
+ /**
538
+ * Session configuration
539
+ */
540
+ session: z.ZodDefault<z.ZodObject<{
541
+ expiresIn: z.ZodDefault<z.ZodNumber>;
542
+ updateAge: z.ZodDefault<z.ZodNumber>;
543
+ cookieName: z.ZodDefault<z.ZodString>;
544
+ cookieSecure: z.ZodDefault<z.ZodBoolean>;
545
+ cookieSameSite: z.ZodDefault<z.ZodEnum<["strict", "lax", "none"]>>;
546
+ cookieDomain: z.ZodOptional<z.ZodString>;
547
+ cookiePath: z.ZodDefault<z.ZodString>;
548
+ cookieHttpOnly: z.ZodDefault<z.ZodBoolean>;
549
+ }, "strip", z.ZodTypeAny, {
550
+ expiresIn: number;
551
+ updateAge: number;
552
+ cookieName: string;
553
+ cookieSecure: boolean;
554
+ cookieSameSite: "strict" | "none" | "lax";
555
+ cookiePath: string;
556
+ cookieHttpOnly: boolean;
557
+ cookieDomain?: string | undefined;
558
+ }, {
559
+ expiresIn?: number | undefined;
560
+ updateAge?: number | undefined;
561
+ cookieName?: string | undefined;
562
+ cookieSecure?: boolean | undefined;
563
+ cookieSameSite?: "strict" | "none" | "lax" | undefined;
564
+ cookieDomain?: string | undefined;
565
+ cookiePath?: string | undefined;
566
+ cookieHttpOnly?: boolean | undefined;
567
+ }>>;
568
+ /**
569
+ * Rate limiting configuration
570
+ */
571
+ rateLimit: z.ZodDefault<z.ZodObject<{
572
+ enabled: z.ZodDefault<z.ZodBoolean>;
573
+ maxAttempts: z.ZodDefault<z.ZodNumber>;
574
+ windowMs: z.ZodDefault<z.ZodNumber>;
575
+ blockDuration: z.ZodDefault<z.ZodNumber>;
576
+ skipSuccessfulRequests: z.ZodDefault<z.ZodBoolean>;
577
+ }, "strip", z.ZodTypeAny, {
578
+ enabled: boolean;
579
+ windowMs: number;
580
+ maxAttempts: number;
581
+ blockDuration: number;
582
+ skipSuccessfulRequests: boolean;
583
+ }, {
584
+ enabled?: boolean | undefined;
585
+ windowMs?: number | undefined;
586
+ maxAttempts?: number | undefined;
587
+ blockDuration?: number | undefined;
588
+ skipSuccessfulRequests?: boolean | undefined;
589
+ }>>;
590
+ /**
591
+ * CSRF protection configuration
592
+ */
593
+ csrf: z.ZodDefault<z.ZodObject<{
594
+ enabled: z.ZodDefault<z.ZodBoolean>;
595
+ tokenLength: z.ZodDefault<z.ZodNumber>;
596
+ cookieName: z.ZodDefault<z.ZodString>;
597
+ headerName: z.ZodDefault<z.ZodString>;
598
+ }, "strip", z.ZodTypeAny, {
599
+ enabled: boolean;
600
+ cookieName: string;
601
+ tokenLength: number;
602
+ headerName: string;
603
+ }, {
604
+ enabled?: boolean | undefined;
605
+ cookieName?: string | undefined;
606
+ tokenLength?: number | undefined;
607
+ headerName?: string | undefined;
608
+ }>>;
609
+ /**
610
+ * Account linking configuration
611
+ */
612
+ accountLinking: z.ZodDefault<z.ZodObject<{
613
+ enabled: z.ZodDefault<z.ZodBoolean>;
614
+ autoLink: z.ZodDefault<z.ZodBoolean>;
615
+ requireVerification: z.ZodDefault<z.ZodBoolean>;
616
+ }, "strip", z.ZodTypeAny, {
617
+ enabled: boolean;
618
+ autoLink: boolean;
619
+ requireVerification: boolean;
620
+ }, {
621
+ enabled?: boolean | undefined;
622
+ autoLink?: boolean | undefined;
623
+ requireVerification?: boolean | undefined;
624
+ }>>;
625
+ /**
626
+ * Two-factor authentication configuration
627
+ */
628
+ twoFactor: z.ZodOptional<z.ZodObject<{
629
+ enabled: z.ZodDefault<z.ZodBoolean>;
630
+ issuer: z.ZodOptional<z.ZodString>;
631
+ qrCodeSize: z.ZodDefault<z.ZodNumber>;
632
+ backupCodes: z.ZodOptional<z.ZodObject<{
633
+ enabled: z.ZodDefault<z.ZodBoolean>;
634
+ count: z.ZodDefault<z.ZodNumber>;
635
+ }, "strip", z.ZodTypeAny, {
636
+ count: number;
637
+ enabled: boolean;
638
+ }, {
639
+ count?: number | undefined;
640
+ enabled?: boolean | undefined;
641
+ }>>;
642
+ }, "strip", z.ZodTypeAny, {
643
+ enabled: boolean;
644
+ qrCodeSize: number;
645
+ issuer?: string | undefined;
646
+ backupCodes?: {
647
+ count: number;
648
+ enabled: boolean;
649
+ } | undefined;
650
+ }, {
651
+ enabled?: boolean | undefined;
652
+ issuer?: string | undefined;
653
+ qrCodeSize?: number | undefined;
654
+ backupCodes?: {
655
+ count?: number | undefined;
656
+ enabled?: boolean | undefined;
657
+ } | undefined;
658
+ }>>;
659
+ /**
660
+ * User field mapping
661
+ */
662
+ userFieldMapping: z.ZodDefault<z.ZodObject<{
663
+ id: z.ZodDefault<z.ZodString>;
664
+ email: z.ZodDefault<z.ZodString>;
665
+ name: z.ZodDefault<z.ZodString>;
666
+ image: z.ZodOptional<z.ZodDefault<z.ZodString>>;
667
+ emailVerified: z.ZodDefault<z.ZodString>;
668
+ createdAt: z.ZodDefault<z.ZodString>;
669
+ updatedAt: z.ZodDefault<z.ZodString>;
670
+ }, "strip", z.ZodTypeAny, {
671
+ email: string;
672
+ name: string;
673
+ id: string;
674
+ emailVerified: string;
675
+ createdAt: string;
676
+ updatedAt: string;
677
+ image?: string | undefined;
678
+ }, {
679
+ email?: string | undefined;
680
+ image?: string | undefined;
681
+ name?: string | undefined;
682
+ id?: string | undefined;
683
+ emailVerified?: string | undefined;
684
+ createdAt?: string | undefined;
685
+ updatedAt?: string | undefined;
686
+ }>>;
687
+ /**
688
+ * Database adapter configuration
689
+ */
690
+ database: z.ZodOptional<z.ZodObject<{
691
+ type: z.ZodEnum<["prisma", "drizzle", "kysely", "custom"]>;
692
+ connectionString: z.ZodOptional<z.ZodString>;
693
+ tablePrefix: z.ZodDefault<z.ZodString>;
694
+ schema: z.ZodOptional<z.ZodString>;
695
+ }, "strip", z.ZodTypeAny, {
696
+ type: "custom" | "prisma" | "drizzle" | "kysely";
697
+ tablePrefix: string;
698
+ connectionString?: string | undefined;
699
+ schema?: string | undefined;
700
+ }, {
701
+ type: "custom" | "prisma" | "drizzle" | "kysely";
702
+ connectionString?: string | undefined;
703
+ tablePrefix?: string | undefined;
704
+ schema?: string | undefined;
705
+ }>>;
706
+ /**
707
+ * Additional authentication plugins
708
+ */
709
+ plugins: z.ZodDefault<z.ZodArray<z.ZodObject<{
710
+ name: z.ZodString;
711
+ enabled: z.ZodDefault<z.ZodBoolean>;
712
+ options: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
713
+ }, "strip", z.ZodTypeAny, {
714
+ name: string;
715
+ enabled: boolean;
716
+ options?: Record<string, any> | undefined;
717
+ }, {
718
+ name: string;
719
+ options?: Record<string, any> | undefined;
720
+ enabled?: boolean | undefined;
721
+ }>, "many">>;
722
+ /**
723
+ * Custom hooks for authentication events
724
+ */
725
+ hooks: z.ZodOptional<z.ZodObject<{
726
+ beforeSignIn: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
727
+ email: z.ZodString;
728
+ }, "strip", z.ZodTypeAny, {
729
+ email: string;
730
+ }, {
731
+ email: string;
732
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
733
+ afterSignIn: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
734
+ user: z.ZodAny;
735
+ session: z.ZodAny;
736
+ }, "strip", z.ZodTypeAny, {
737
+ user?: any;
738
+ session?: any;
739
+ }, {
740
+ user?: any;
741
+ session?: any;
742
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
743
+ beforeSignUp: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
744
+ email: z.ZodString;
745
+ name: z.ZodOptional<z.ZodString>;
746
+ }, "strip", z.ZodTypeAny, {
747
+ email: string;
748
+ name?: string | undefined;
749
+ }, {
750
+ email: string;
751
+ name?: string | undefined;
752
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
753
+ afterSignUp: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
754
+ user: z.ZodAny;
755
+ }, "strip", z.ZodTypeAny, {
756
+ user?: any;
757
+ }, {
758
+ user?: any;
759
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
760
+ beforeSignOut: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
761
+ sessionId: z.ZodString;
762
+ }, "strip", z.ZodTypeAny, {
763
+ sessionId: string;
764
+ }, {
765
+ sessionId: string;
766
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
767
+ afterSignOut: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
768
+ sessionId: z.ZodString;
769
+ }, "strip", z.ZodTypeAny, {
770
+ sessionId: string;
771
+ }, {
772
+ sessionId: string;
773
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
774
+ }, "strip", z.ZodTypeAny, {
775
+ beforeSignIn?: ((args_0: {
776
+ email: string;
777
+ }, ...args: unknown[]) => Promise<void>) | undefined;
778
+ afterSignIn?: ((args_0: {
779
+ user?: any;
780
+ session?: any;
781
+ }, ...args: unknown[]) => Promise<void>) | undefined;
782
+ beforeSignUp?: ((args_0: {
783
+ email: string;
784
+ name?: string | undefined;
785
+ }, ...args: unknown[]) => Promise<void>) | undefined;
786
+ afterSignUp?: ((args_0: {
787
+ user?: any;
788
+ }, ...args: unknown[]) => Promise<void>) | undefined;
789
+ beforeSignOut?: ((args_0: {
790
+ sessionId: string;
791
+ }, ...args: unknown[]) => Promise<void>) | undefined;
792
+ afterSignOut?: ((args_0: {
793
+ sessionId: string;
794
+ }, ...args: unknown[]) => Promise<void>) | undefined;
795
+ }, {
796
+ beforeSignIn?: ((args_0: {
797
+ email: string;
798
+ }, ...args: unknown[]) => Promise<void>) | undefined;
799
+ afterSignIn?: ((args_0: {
800
+ user?: any;
801
+ session?: any;
802
+ }, ...args: unknown[]) => Promise<void>) | undefined;
803
+ beforeSignUp?: ((args_0: {
804
+ email: string;
805
+ name?: string | undefined;
806
+ }, ...args: unknown[]) => Promise<void>) | undefined;
807
+ afterSignUp?: ((args_0: {
808
+ user?: any;
809
+ }, ...args: unknown[]) => Promise<void>) | undefined;
810
+ beforeSignOut?: ((args_0: {
811
+ sessionId: string;
812
+ }, ...args: unknown[]) => Promise<void>) | undefined;
813
+ afterSignOut?: ((args_0: {
814
+ sessionId: string;
815
+ }, ...args: unknown[]) => Promise<void>) | undefined;
816
+ }>>;
817
+ /**
818
+ * Advanced security settings
819
+ */
820
+ security: z.ZodOptional<z.ZodObject<{
821
+ allowedOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
822
+ trustProxy: z.ZodDefault<z.ZodBoolean>;
823
+ ipRateLimiting: z.ZodDefault<z.ZodBoolean>;
824
+ sessionFingerprinting: z.ZodDefault<z.ZodBoolean>;
825
+ maxSessions: z.ZodDefault<z.ZodNumber>;
826
+ }, "strip", z.ZodTypeAny, {
827
+ trustProxy: boolean;
828
+ ipRateLimiting: boolean;
829
+ sessionFingerprinting: boolean;
830
+ maxSessions: number;
831
+ allowedOrigins?: string[] | undefined;
832
+ }, {
833
+ allowedOrigins?: string[] | undefined;
834
+ trustProxy?: boolean | undefined;
835
+ ipRateLimiting?: boolean | undefined;
836
+ sessionFingerprinting?: boolean | undefined;
837
+ maxSessions?: number | undefined;
838
+ }>>;
839
+ /**
840
+ * Email configuration for transactional emails
841
+ */
842
+ email: z.ZodOptional<z.ZodObject<{
843
+ from: z.ZodString;
844
+ fromName: z.ZodOptional<z.ZodString>;
845
+ provider: z.ZodEnum<["smtp", "sendgrid", "mailgun", "ses", "resend", "custom"]>;
846
+ config: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
847
+ }, "strip", z.ZodTypeAny, {
848
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
849
+ from: string;
850
+ config?: Record<string, any> | undefined;
851
+ fromName?: string | undefined;
852
+ }, {
853
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
854
+ from: string;
855
+ config?: Record<string, any> | undefined;
856
+ fromName?: string | undefined;
857
+ }>>;
858
+ /**
859
+ * UI customization options
860
+ */
861
+ ui: z.ZodOptional<z.ZodObject<{
862
+ brandName: z.ZodOptional<z.ZodString>;
863
+ logo: z.ZodOptional<z.ZodString>;
864
+ primaryColor: z.ZodOptional<z.ZodString>;
865
+ customCss: z.ZodOptional<z.ZodString>;
866
+ }, "strip", z.ZodTypeAny, {
867
+ primaryColor?: string | undefined;
868
+ logo?: string | undefined;
869
+ brandName?: string | undefined;
870
+ customCss?: string | undefined;
871
+ }, {
872
+ primaryColor?: string | undefined;
873
+ logo?: string | undefined;
874
+ brandName?: string | undefined;
875
+ customCss?: string | undefined;
876
+ }>>;
877
+ /**
878
+ * Whether this auth provider is active
879
+ */
880
+ active: z.ZodDefault<z.ZodBoolean>;
881
+ /**
882
+ * Whether to allow new user registration
883
+ */
884
+ allowRegistration: z.ZodDefault<z.ZodBoolean>;
885
+ }, "strip", z.ZodTypeAny, {
886
+ label: string;
887
+ name: string;
888
+ active: boolean;
889
+ driver: string;
890
+ secret: string;
891
+ rateLimit: {
892
+ enabled: boolean;
893
+ windowMs: number;
894
+ maxAttempts: number;
895
+ blockDuration: number;
896
+ skipSuccessfulRequests: boolean;
897
+ };
898
+ strategies: ("email_password" | "magic_link" | "oauth" | "passkey" | "otp" | "anonymous")[];
899
+ baseUrl: string;
900
+ session: {
901
+ expiresIn: number;
902
+ updateAge: number;
903
+ cookieName: string;
904
+ cookieSecure: boolean;
905
+ cookieSameSite: "strict" | "none" | "lax";
906
+ cookiePath: string;
907
+ cookieHttpOnly: boolean;
908
+ cookieDomain?: string | undefined;
909
+ };
910
+ csrf: {
911
+ enabled: boolean;
912
+ cookieName: string;
913
+ tokenLength: number;
914
+ headerName: string;
915
+ };
916
+ accountLinking: {
917
+ enabled: boolean;
918
+ autoLink: boolean;
919
+ requireVerification: boolean;
920
+ };
921
+ userFieldMapping: {
922
+ email: string;
923
+ name: string;
924
+ id: string;
925
+ emailVerified: string;
926
+ createdAt: string;
927
+ updatedAt: string;
928
+ image?: string | undefined;
929
+ };
930
+ plugins: {
931
+ name: string;
932
+ enabled: boolean;
933
+ options?: Record<string, any> | undefined;
934
+ }[];
935
+ allowRegistration: boolean;
936
+ email?: {
937
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
938
+ from: string;
939
+ config?: Record<string, any> | undefined;
940
+ fromName?: string | undefined;
941
+ } | undefined;
942
+ oauth?: {
943
+ providers: {
944
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
945
+ enabled: boolean;
946
+ clientId: string;
947
+ clientSecret: string;
948
+ icon?: string | undefined;
949
+ scopes?: string[] | undefined;
950
+ redirectUri?: string | undefined;
951
+ displayName?: string | undefined;
952
+ }[];
953
+ } | undefined;
954
+ passkey?: {
955
+ enabled: boolean;
956
+ rpName: string;
957
+ userVerification: "required" | "preferred" | "discouraged";
958
+ attestation: "none" | "indirect" | "direct" | "enterprise";
959
+ rpId?: string | undefined;
960
+ allowedOrigins?: string[] | undefined;
961
+ } | undefined;
962
+ emailPassword?: {
963
+ enabled: boolean;
964
+ requireEmailVerification: boolean;
965
+ minPasswordLength: number;
966
+ requirePasswordComplexity: boolean;
967
+ allowPasswordReset: boolean;
968
+ passwordResetExpiry: number;
969
+ } | undefined;
970
+ magicLink?: {
971
+ enabled: boolean;
972
+ expiryTime: number;
973
+ sendEmail?: ((args_0: {
974
+ to: string;
975
+ link: string;
976
+ token: string;
977
+ }, ...args: unknown[]) => Promise<void>) | undefined;
978
+ } | undefined;
979
+ twoFactor?: {
980
+ enabled: boolean;
981
+ qrCodeSize: number;
982
+ issuer?: string | undefined;
983
+ backupCodes?: {
984
+ count: number;
985
+ enabled: boolean;
986
+ } | undefined;
987
+ } | undefined;
988
+ database?: {
989
+ type: "custom" | "prisma" | "drizzle" | "kysely";
990
+ tablePrefix: string;
991
+ connectionString?: string | undefined;
992
+ schema?: string | undefined;
993
+ } | undefined;
994
+ hooks?: {
995
+ beforeSignIn?: ((args_0: {
996
+ email: string;
997
+ }, ...args: unknown[]) => Promise<void>) | undefined;
998
+ afterSignIn?: ((args_0: {
999
+ user?: any;
1000
+ session?: any;
1001
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1002
+ beforeSignUp?: ((args_0: {
1003
+ email: string;
1004
+ name?: string | undefined;
1005
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1006
+ afterSignUp?: ((args_0: {
1007
+ user?: any;
1008
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1009
+ beforeSignOut?: ((args_0: {
1010
+ sessionId: string;
1011
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1012
+ afterSignOut?: ((args_0: {
1013
+ sessionId: string;
1014
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1015
+ } | undefined;
1016
+ security?: {
1017
+ trustProxy: boolean;
1018
+ ipRateLimiting: boolean;
1019
+ sessionFingerprinting: boolean;
1020
+ maxSessions: number;
1021
+ allowedOrigins?: string[] | undefined;
1022
+ } | undefined;
1023
+ ui?: {
1024
+ primaryColor?: string | undefined;
1025
+ logo?: string | undefined;
1026
+ brandName?: string | undefined;
1027
+ customCss?: string | undefined;
1028
+ } | undefined;
1029
+ }, {
1030
+ label: string;
1031
+ name: string;
1032
+ secret: string;
1033
+ strategies: ("email_password" | "magic_link" | "oauth" | "passkey" | "otp" | "anonymous")[];
1034
+ baseUrl: string;
1035
+ email?: {
1036
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
1037
+ from: string;
1038
+ config?: Record<string, any> | undefined;
1039
+ fromName?: string | undefined;
1040
+ } | undefined;
1041
+ active?: boolean | undefined;
1042
+ driver?: string | undefined;
1043
+ rateLimit?: {
1044
+ enabled?: boolean | undefined;
1045
+ windowMs?: number | undefined;
1046
+ maxAttempts?: number | undefined;
1047
+ blockDuration?: number | undefined;
1048
+ skipSuccessfulRequests?: boolean | undefined;
1049
+ } | undefined;
1050
+ oauth?: {
1051
+ providers: {
1052
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
1053
+ clientId: string;
1054
+ clientSecret: string;
1055
+ icon?: string | undefined;
1056
+ enabled?: boolean | undefined;
1057
+ scopes?: string[] | undefined;
1058
+ redirectUri?: string | undefined;
1059
+ displayName?: string | undefined;
1060
+ }[];
1061
+ } | undefined;
1062
+ passkey?: {
1063
+ rpName: string;
1064
+ enabled?: boolean | undefined;
1065
+ rpId?: string | undefined;
1066
+ allowedOrigins?: string[] | undefined;
1067
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
1068
+ attestation?: "none" | "indirect" | "direct" | "enterprise" | undefined;
1069
+ } | undefined;
1070
+ emailPassword?: {
1071
+ enabled?: boolean | undefined;
1072
+ requireEmailVerification?: boolean | undefined;
1073
+ minPasswordLength?: number | undefined;
1074
+ requirePasswordComplexity?: boolean | undefined;
1075
+ allowPasswordReset?: boolean | undefined;
1076
+ passwordResetExpiry?: number | undefined;
1077
+ } | undefined;
1078
+ magicLink?: {
1079
+ enabled?: boolean | undefined;
1080
+ expiryTime?: number | undefined;
1081
+ sendEmail?: ((args_0: {
1082
+ to: string;
1083
+ link: string;
1084
+ token: string;
1085
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1086
+ } | undefined;
1087
+ session?: {
1088
+ expiresIn?: number | undefined;
1089
+ updateAge?: number | undefined;
1090
+ cookieName?: string | undefined;
1091
+ cookieSecure?: boolean | undefined;
1092
+ cookieSameSite?: "strict" | "none" | "lax" | undefined;
1093
+ cookieDomain?: string | undefined;
1094
+ cookiePath?: string | undefined;
1095
+ cookieHttpOnly?: boolean | undefined;
1096
+ } | undefined;
1097
+ csrf?: {
1098
+ enabled?: boolean | undefined;
1099
+ cookieName?: string | undefined;
1100
+ tokenLength?: number | undefined;
1101
+ headerName?: string | undefined;
1102
+ } | undefined;
1103
+ accountLinking?: {
1104
+ enabled?: boolean | undefined;
1105
+ autoLink?: boolean | undefined;
1106
+ requireVerification?: boolean | undefined;
1107
+ } | undefined;
1108
+ twoFactor?: {
1109
+ enabled?: boolean | undefined;
1110
+ issuer?: string | undefined;
1111
+ qrCodeSize?: number | undefined;
1112
+ backupCodes?: {
1113
+ count?: number | undefined;
1114
+ enabled?: boolean | undefined;
1115
+ } | undefined;
1116
+ } | undefined;
1117
+ userFieldMapping?: {
1118
+ email?: string | undefined;
1119
+ image?: string | undefined;
1120
+ name?: string | undefined;
1121
+ id?: string | undefined;
1122
+ emailVerified?: string | undefined;
1123
+ createdAt?: string | undefined;
1124
+ updatedAt?: string | undefined;
1125
+ } | undefined;
1126
+ database?: {
1127
+ type: "custom" | "prisma" | "drizzle" | "kysely";
1128
+ connectionString?: string | undefined;
1129
+ tablePrefix?: string | undefined;
1130
+ schema?: string | undefined;
1131
+ } | undefined;
1132
+ plugins?: {
1133
+ name: string;
1134
+ options?: Record<string, any> | undefined;
1135
+ enabled?: boolean | undefined;
1136
+ }[] | undefined;
1137
+ hooks?: {
1138
+ beforeSignIn?: ((args_0: {
1139
+ email: string;
1140
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1141
+ afterSignIn?: ((args_0: {
1142
+ user?: any;
1143
+ session?: any;
1144
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1145
+ beforeSignUp?: ((args_0: {
1146
+ email: string;
1147
+ name?: string | undefined;
1148
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1149
+ afterSignUp?: ((args_0: {
1150
+ user?: any;
1151
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1152
+ beforeSignOut?: ((args_0: {
1153
+ sessionId: string;
1154
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1155
+ afterSignOut?: ((args_0: {
1156
+ sessionId: string;
1157
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1158
+ } | undefined;
1159
+ security?: {
1160
+ allowedOrigins?: string[] | undefined;
1161
+ trustProxy?: boolean | undefined;
1162
+ ipRateLimiting?: boolean | undefined;
1163
+ sessionFingerprinting?: boolean | undefined;
1164
+ maxSessions?: number | undefined;
1165
+ } | undefined;
1166
+ ui?: {
1167
+ primaryColor?: string | undefined;
1168
+ logo?: string | undefined;
1169
+ brandName?: string | undefined;
1170
+ customCss?: string | undefined;
1171
+ } | undefined;
1172
+ allowRegistration?: boolean | undefined;
1173
+ }>;
1174
+ /**
1175
+ * TypeScript type inferred from AuthConfigSchema
1176
+ */
1177
+ export type AuthConfig = z.infer<typeof AuthConfigSchema>;
1178
+ /**
1179
+ * Standard Authentication Provider Schema
1180
+ * Wraps the configuration for use in the identity system
1181
+ */
1182
+ export declare const StandardAuthProviderSchema: z.ZodObject<{
1183
+ type: z.ZodLiteral<"standard_auth">;
1184
+ config: z.ZodObject<{
1185
+ /**
1186
+ * Unique identifier for this auth configuration
1187
+ * Must be in snake_case following ObjectStack conventions
1188
+ */
1189
+ name: z.ZodString;
1190
+ /**
1191
+ * Human-readable label
1192
+ */
1193
+ label: z.ZodString;
1194
+ /**
1195
+ * The underlying authentication implementation driver
1196
+ * Default: 'better-auth' (the reference implementation)
1197
+ * Can be: 'better-auth', 'auth-js', 'passport', or custom driver name
1198
+ */
1199
+ driver: z.ZodDefault<z.ZodString>;
1200
+ /**
1201
+ * Enabled authentication strategies
1202
+ */
1203
+ strategies: z.ZodArray<z.ZodEnum<["email_password", "magic_link", "oauth", "passkey", "otp", "anonymous"]>, "many">;
1204
+ /**
1205
+ * Base URL for the application
1206
+ */
1207
+ baseUrl: z.ZodString;
1208
+ /**
1209
+ * Secret key for signing tokens and cookies
1210
+ * Should be loaded from environment variables
1211
+ */
1212
+ secret: z.ZodString;
1213
+ /**
1214
+ * Email & Password configuration
1215
+ */
1216
+ emailPassword: z.ZodOptional<z.ZodObject<{
1217
+ enabled: z.ZodDefault<z.ZodBoolean>;
1218
+ requireEmailVerification: z.ZodDefault<z.ZodBoolean>;
1219
+ minPasswordLength: z.ZodDefault<z.ZodNumber>;
1220
+ requirePasswordComplexity: z.ZodDefault<z.ZodBoolean>;
1221
+ allowPasswordReset: z.ZodDefault<z.ZodBoolean>;
1222
+ passwordResetExpiry: z.ZodDefault<z.ZodNumber>;
1223
+ }, "strip", z.ZodTypeAny, {
1224
+ enabled: boolean;
1225
+ requireEmailVerification: boolean;
1226
+ minPasswordLength: number;
1227
+ requirePasswordComplexity: boolean;
1228
+ allowPasswordReset: boolean;
1229
+ passwordResetExpiry: number;
1230
+ }, {
1231
+ enabled?: boolean | undefined;
1232
+ requireEmailVerification?: boolean | undefined;
1233
+ minPasswordLength?: number | undefined;
1234
+ requirePasswordComplexity?: boolean | undefined;
1235
+ allowPasswordReset?: boolean | undefined;
1236
+ passwordResetExpiry?: number | undefined;
1237
+ }>>;
1238
+ /**
1239
+ * Magic Link configuration
1240
+ */
1241
+ magicLink: z.ZodOptional<z.ZodObject<{
1242
+ enabled: z.ZodDefault<z.ZodBoolean>;
1243
+ expiryTime: z.ZodDefault<z.ZodNumber>;
1244
+ sendEmail: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1245
+ to: z.ZodString;
1246
+ link: z.ZodString;
1247
+ token: z.ZodString;
1248
+ }, "strip", z.ZodTypeAny, {
1249
+ to: string;
1250
+ link: string;
1251
+ token: string;
1252
+ }, {
1253
+ to: string;
1254
+ link: string;
1255
+ token: string;
1256
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1257
+ }, "strip", z.ZodTypeAny, {
1258
+ enabled: boolean;
1259
+ expiryTime: number;
1260
+ sendEmail?: ((args_0: {
1261
+ to: string;
1262
+ link: string;
1263
+ token: string;
1264
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1265
+ }, {
1266
+ enabled?: boolean | undefined;
1267
+ expiryTime?: number | undefined;
1268
+ sendEmail?: ((args_0: {
1269
+ to: string;
1270
+ link: string;
1271
+ token: string;
1272
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1273
+ }>>;
1274
+ /**
1275
+ * Passkey (WebAuthn) configuration
1276
+ */
1277
+ passkey: z.ZodOptional<z.ZodObject<{
1278
+ enabled: z.ZodDefault<z.ZodBoolean>;
1279
+ rpName: z.ZodString;
1280
+ rpId: z.ZodOptional<z.ZodString>;
1281
+ allowedOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1282
+ userVerification: z.ZodDefault<z.ZodEnum<["required", "preferred", "discouraged"]>>;
1283
+ attestation: z.ZodDefault<z.ZodEnum<["none", "indirect", "direct", "enterprise"]>>;
1284
+ }, "strip", z.ZodTypeAny, {
1285
+ enabled: boolean;
1286
+ rpName: string;
1287
+ userVerification: "required" | "preferred" | "discouraged";
1288
+ attestation: "none" | "indirect" | "direct" | "enterprise";
1289
+ rpId?: string | undefined;
1290
+ allowedOrigins?: string[] | undefined;
1291
+ }, {
1292
+ rpName: string;
1293
+ enabled?: boolean | undefined;
1294
+ rpId?: string | undefined;
1295
+ allowedOrigins?: string[] | undefined;
1296
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
1297
+ attestation?: "none" | "indirect" | "direct" | "enterprise" | undefined;
1298
+ }>>;
1299
+ /**
1300
+ * OAuth configuration
1301
+ */
1302
+ oauth: z.ZodOptional<z.ZodObject<{
1303
+ providers: z.ZodArray<z.ZodObject<{
1304
+ provider: z.ZodEnum<["google", "github", "facebook", "twitter", "linkedin", "microsoft", "apple", "discord", "gitlab", "custom"]>;
1305
+ clientId: z.ZodString;
1306
+ clientSecret: z.ZodString;
1307
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1308
+ redirectUri: z.ZodOptional<z.ZodString>;
1309
+ enabled: z.ZodDefault<z.ZodBoolean>;
1310
+ displayName: z.ZodOptional<z.ZodString>;
1311
+ icon: z.ZodOptional<z.ZodString>;
1312
+ }, "strip", z.ZodTypeAny, {
1313
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
1314
+ enabled: boolean;
1315
+ clientId: string;
1316
+ clientSecret: string;
1317
+ icon?: string | undefined;
1318
+ scopes?: string[] | undefined;
1319
+ redirectUri?: string | undefined;
1320
+ displayName?: string | undefined;
1321
+ }, {
1322
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
1323
+ clientId: string;
1324
+ clientSecret: string;
1325
+ icon?: string | undefined;
1326
+ enabled?: boolean | undefined;
1327
+ scopes?: string[] | undefined;
1328
+ redirectUri?: string | undefined;
1329
+ displayName?: string | undefined;
1330
+ }>, "many">;
1331
+ }, "strip", z.ZodTypeAny, {
1332
+ providers: {
1333
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
1334
+ enabled: boolean;
1335
+ clientId: string;
1336
+ clientSecret: string;
1337
+ icon?: string | undefined;
1338
+ scopes?: string[] | undefined;
1339
+ redirectUri?: string | undefined;
1340
+ displayName?: string | undefined;
1341
+ }[];
1342
+ }, {
1343
+ providers: {
1344
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
1345
+ clientId: string;
1346
+ clientSecret: string;
1347
+ icon?: string | undefined;
1348
+ enabled?: boolean | undefined;
1349
+ scopes?: string[] | undefined;
1350
+ redirectUri?: string | undefined;
1351
+ displayName?: string | undefined;
1352
+ }[];
1353
+ }>>;
1354
+ /**
1355
+ * Session configuration
1356
+ */
1357
+ session: z.ZodDefault<z.ZodObject<{
1358
+ expiresIn: z.ZodDefault<z.ZodNumber>;
1359
+ updateAge: z.ZodDefault<z.ZodNumber>;
1360
+ cookieName: z.ZodDefault<z.ZodString>;
1361
+ cookieSecure: z.ZodDefault<z.ZodBoolean>;
1362
+ cookieSameSite: z.ZodDefault<z.ZodEnum<["strict", "lax", "none"]>>;
1363
+ cookieDomain: z.ZodOptional<z.ZodString>;
1364
+ cookiePath: z.ZodDefault<z.ZodString>;
1365
+ cookieHttpOnly: z.ZodDefault<z.ZodBoolean>;
1366
+ }, "strip", z.ZodTypeAny, {
1367
+ expiresIn: number;
1368
+ updateAge: number;
1369
+ cookieName: string;
1370
+ cookieSecure: boolean;
1371
+ cookieSameSite: "strict" | "none" | "lax";
1372
+ cookiePath: string;
1373
+ cookieHttpOnly: boolean;
1374
+ cookieDomain?: string | undefined;
1375
+ }, {
1376
+ expiresIn?: number | undefined;
1377
+ updateAge?: number | undefined;
1378
+ cookieName?: string | undefined;
1379
+ cookieSecure?: boolean | undefined;
1380
+ cookieSameSite?: "strict" | "none" | "lax" | undefined;
1381
+ cookieDomain?: string | undefined;
1382
+ cookiePath?: string | undefined;
1383
+ cookieHttpOnly?: boolean | undefined;
1384
+ }>>;
1385
+ /**
1386
+ * Rate limiting configuration
1387
+ */
1388
+ rateLimit: z.ZodDefault<z.ZodObject<{
1389
+ enabled: z.ZodDefault<z.ZodBoolean>;
1390
+ maxAttempts: z.ZodDefault<z.ZodNumber>;
1391
+ windowMs: z.ZodDefault<z.ZodNumber>;
1392
+ blockDuration: z.ZodDefault<z.ZodNumber>;
1393
+ skipSuccessfulRequests: z.ZodDefault<z.ZodBoolean>;
1394
+ }, "strip", z.ZodTypeAny, {
1395
+ enabled: boolean;
1396
+ windowMs: number;
1397
+ maxAttempts: number;
1398
+ blockDuration: number;
1399
+ skipSuccessfulRequests: boolean;
1400
+ }, {
1401
+ enabled?: boolean | undefined;
1402
+ windowMs?: number | undefined;
1403
+ maxAttempts?: number | undefined;
1404
+ blockDuration?: number | undefined;
1405
+ skipSuccessfulRequests?: boolean | undefined;
1406
+ }>>;
1407
+ /**
1408
+ * CSRF protection configuration
1409
+ */
1410
+ csrf: z.ZodDefault<z.ZodObject<{
1411
+ enabled: z.ZodDefault<z.ZodBoolean>;
1412
+ tokenLength: z.ZodDefault<z.ZodNumber>;
1413
+ cookieName: z.ZodDefault<z.ZodString>;
1414
+ headerName: z.ZodDefault<z.ZodString>;
1415
+ }, "strip", z.ZodTypeAny, {
1416
+ enabled: boolean;
1417
+ cookieName: string;
1418
+ tokenLength: number;
1419
+ headerName: string;
1420
+ }, {
1421
+ enabled?: boolean | undefined;
1422
+ cookieName?: string | undefined;
1423
+ tokenLength?: number | undefined;
1424
+ headerName?: string | undefined;
1425
+ }>>;
1426
+ /**
1427
+ * Account linking configuration
1428
+ */
1429
+ accountLinking: z.ZodDefault<z.ZodObject<{
1430
+ enabled: z.ZodDefault<z.ZodBoolean>;
1431
+ autoLink: z.ZodDefault<z.ZodBoolean>;
1432
+ requireVerification: z.ZodDefault<z.ZodBoolean>;
1433
+ }, "strip", z.ZodTypeAny, {
1434
+ enabled: boolean;
1435
+ autoLink: boolean;
1436
+ requireVerification: boolean;
1437
+ }, {
1438
+ enabled?: boolean | undefined;
1439
+ autoLink?: boolean | undefined;
1440
+ requireVerification?: boolean | undefined;
1441
+ }>>;
1442
+ /**
1443
+ * Two-factor authentication configuration
1444
+ */
1445
+ twoFactor: z.ZodOptional<z.ZodObject<{
1446
+ enabled: z.ZodDefault<z.ZodBoolean>;
1447
+ issuer: z.ZodOptional<z.ZodString>;
1448
+ qrCodeSize: z.ZodDefault<z.ZodNumber>;
1449
+ backupCodes: z.ZodOptional<z.ZodObject<{
1450
+ enabled: z.ZodDefault<z.ZodBoolean>;
1451
+ count: z.ZodDefault<z.ZodNumber>;
1452
+ }, "strip", z.ZodTypeAny, {
1453
+ count: number;
1454
+ enabled: boolean;
1455
+ }, {
1456
+ count?: number | undefined;
1457
+ enabled?: boolean | undefined;
1458
+ }>>;
1459
+ }, "strip", z.ZodTypeAny, {
1460
+ enabled: boolean;
1461
+ qrCodeSize: number;
1462
+ issuer?: string | undefined;
1463
+ backupCodes?: {
1464
+ count: number;
1465
+ enabled: boolean;
1466
+ } | undefined;
1467
+ }, {
1468
+ enabled?: boolean | undefined;
1469
+ issuer?: string | undefined;
1470
+ qrCodeSize?: number | undefined;
1471
+ backupCodes?: {
1472
+ count?: number | undefined;
1473
+ enabled?: boolean | undefined;
1474
+ } | undefined;
1475
+ }>>;
1476
+ /**
1477
+ * User field mapping
1478
+ */
1479
+ userFieldMapping: z.ZodDefault<z.ZodObject<{
1480
+ id: z.ZodDefault<z.ZodString>;
1481
+ email: z.ZodDefault<z.ZodString>;
1482
+ name: z.ZodDefault<z.ZodString>;
1483
+ image: z.ZodOptional<z.ZodDefault<z.ZodString>>;
1484
+ emailVerified: z.ZodDefault<z.ZodString>;
1485
+ createdAt: z.ZodDefault<z.ZodString>;
1486
+ updatedAt: z.ZodDefault<z.ZodString>;
1487
+ }, "strip", z.ZodTypeAny, {
1488
+ email: string;
1489
+ name: string;
1490
+ id: string;
1491
+ emailVerified: string;
1492
+ createdAt: string;
1493
+ updatedAt: string;
1494
+ image?: string | undefined;
1495
+ }, {
1496
+ email?: string | undefined;
1497
+ image?: string | undefined;
1498
+ name?: string | undefined;
1499
+ id?: string | undefined;
1500
+ emailVerified?: string | undefined;
1501
+ createdAt?: string | undefined;
1502
+ updatedAt?: string | undefined;
1503
+ }>>;
1504
+ /**
1505
+ * Database adapter configuration
1506
+ */
1507
+ database: z.ZodOptional<z.ZodObject<{
1508
+ type: z.ZodEnum<["prisma", "drizzle", "kysely", "custom"]>;
1509
+ connectionString: z.ZodOptional<z.ZodString>;
1510
+ tablePrefix: z.ZodDefault<z.ZodString>;
1511
+ schema: z.ZodOptional<z.ZodString>;
1512
+ }, "strip", z.ZodTypeAny, {
1513
+ type: "custom" | "prisma" | "drizzle" | "kysely";
1514
+ tablePrefix: string;
1515
+ connectionString?: string | undefined;
1516
+ schema?: string | undefined;
1517
+ }, {
1518
+ type: "custom" | "prisma" | "drizzle" | "kysely";
1519
+ connectionString?: string | undefined;
1520
+ tablePrefix?: string | undefined;
1521
+ schema?: string | undefined;
1522
+ }>>;
1523
+ /**
1524
+ * Additional authentication plugins
1525
+ */
1526
+ plugins: z.ZodDefault<z.ZodArray<z.ZodObject<{
1527
+ name: z.ZodString;
1528
+ enabled: z.ZodDefault<z.ZodBoolean>;
1529
+ options: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
1530
+ }, "strip", z.ZodTypeAny, {
1531
+ name: string;
1532
+ enabled: boolean;
1533
+ options?: Record<string, any> | undefined;
1534
+ }, {
1535
+ name: string;
1536
+ options?: Record<string, any> | undefined;
1537
+ enabled?: boolean | undefined;
1538
+ }>, "many">>;
1539
+ /**
1540
+ * Custom hooks for authentication events
1541
+ */
1542
+ hooks: z.ZodOptional<z.ZodObject<{
1543
+ beforeSignIn: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1544
+ email: z.ZodString;
1545
+ }, "strip", z.ZodTypeAny, {
1546
+ email: string;
1547
+ }, {
1548
+ email: string;
1549
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1550
+ afterSignIn: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1551
+ user: z.ZodAny;
1552
+ session: z.ZodAny;
1553
+ }, "strip", z.ZodTypeAny, {
1554
+ user?: any;
1555
+ session?: any;
1556
+ }, {
1557
+ user?: any;
1558
+ session?: any;
1559
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1560
+ beforeSignUp: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1561
+ email: z.ZodString;
1562
+ name: z.ZodOptional<z.ZodString>;
1563
+ }, "strip", z.ZodTypeAny, {
1564
+ email: string;
1565
+ name?: string | undefined;
1566
+ }, {
1567
+ email: string;
1568
+ name?: string | undefined;
1569
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1570
+ afterSignUp: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1571
+ user: z.ZodAny;
1572
+ }, "strip", z.ZodTypeAny, {
1573
+ user?: any;
1574
+ }, {
1575
+ user?: any;
1576
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1577
+ beforeSignOut: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1578
+ sessionId: z.ZodString;
1579
+ }, "strip", z.ZodTypeAny, {
1580
+ sessionId: string;
1581
+ }, {
1582
+ sessionId: string;
1583
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1584
+ afterSignOut: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodObject<{
1585
+ sessionId: z.ZodString;
1586
+ }, "strip", z.ZodTypeAny, {
1587
+ sessionId: string;
1588
+ }, {
1589
+ sessionId: string;
1590
+ }>], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>>;
1591
+ }, "strip", z.ZodTypeAny, {
1592
+ beforeSignIn?: ((args_0: {
1593
+ email: string;
1594
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1595
+ afterSignIn?: ((args_0: {
1596
+ user?: any;
1597
+ session?: any;
1598
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1599
+ beforeSignUp?: ((args_0: {
1600
+ email: string;
1601
+ name?: string | undefined;
1602
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1603
+ afterSignUp?: ((args_0: {
1604
+ user?: any;
1605
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1606
+ beforeSignOut?: ((args_0: {
1607
+ sessionId: string;
1608
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1609
+ afterSignOut?: ((args_0: {
1610
+ sessionId: string;
1611
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1612
+ }, {
1613
+ beforeSignIn?: ((args_0: {
1614
+ email: string;
1615
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1616
+ afterSignIn?: ((args_0: {
1617
+ user?: any;
1618
+ session?: any;
1619
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1620
+ beforeSignUp?: ((args_0: {
1621
+ email: string;
1622
+ name?: string | undefined;
1623
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1624
+ afterSignUp?: ((args_0: {
1625
+ user?: any;
1626
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1627
+ beforeSignOut?: ((args_0: {
1628
+ sessionId: string;
1629
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1630
+ afterSignOut?: ((args_0: {
1631
+ sessionId: string;
1632
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1633
+ }>>;
1634
+ /**
1635
+ * Advanced security settings
1636
+ */
1637
+ security: z.ZodOptional<z.ZodObject<{
1638
+ allowedOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1639
+ trustProxy: z.ZodDefault<z.ZodBoolean>;
1640
+ ipRateLimiting: z.ZodDefault<z.ZodBoolean>;
1641
+ sessionFingerprinting: z.ZodDefault<z.ZodBoolean>;
1642
+ maxSessions: z.ZodDefault<z.ZodNumber>;
1643
+ }, "strip", z.ZodTypeAny, {
1644
+ trustProxy: boolean;
1645
+ ipRateLimiting: boolean;
1646
+ sessionFingerprinting: boolean;
1647
+ maxSessions: number;
1648
+ allowedOrigins?: string[] | undefined;
1649
+ }, {
1650
+ allowedOrigins?: string[] | undefined;
1651
+ trustProxy?: boolean | undefined;
1652
+ ipRateLimiting?: boolean | undefined;
1653
+ sessionFingerprinting?: boolean | undefined;
1654
+ maxSessions?: number | undefined;
1655
+ }>>;
1656
+ /**
1657
+ * Email configuration for transactional emails
1658
+ */
1659
+ email: z.ZodOptional<z.ZodObject<{
1660
+ from: z.ZodString;
1661
+ fromName: z.ZodOptional<z.ZodString>;
1662
+ provider: z.ZodEnum<["smtp", "sendgrid", "mailgun", "ses", "resend", "custom"]>;
1663
+ config: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
1664
+ }, "strip", z.ZodTypeAny, {
1665
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
1666
+ from: string;
1667
+ config?: Record<string, any> | undefined;
1668
+ fromName?: string | undefined;
1669
+ }, {
1670
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
1671
+ from: string;
1672
+ config?: Record<string, any> | undefined;
1673
+ fromName?: string | undefined;
1674
+ }>>;
1675
+ /**
1676
+ * UI customization options
1677
+ */
1678
+ ui: z.ZodOptional<z.ZodObject<{
1679
+ brandName: z.ZodOptional<z.ZodString>;
1680
+ logo: z.ZodOptional<z.ZodString>;
1681
+ primaryColor: z.ZodOptional<z.ZodString>;
1682
+ customCss: z.ZodOptional<z.ZodString>;
1683
+ }, "strip", z.ZodTypeAny, {
1684
+ primaryColor?: string | undefined;
1685
+ logo?: string | undefined;
1686
+ brandName?: string | undefined;
1687
+ customCss?: string | undefined;
1688
+ }, {
1689
+ primaryColor?: string | undefined;
1690
+ logo?: string | undefined;
1691
+ brandName?: string | undefined;
1692
+ customCss?: string | undefined;
1693
+ }>>;
1694
+ /**
1695
+ * Whether this auth provider is active
1696
+ */
1697
+ active: z.ZodDefault<z.ZodBoolean>;
1698
+ /**
1699
+ * Whether to allow new user registration
1700
+ */
1701
+ allowRegistration: z.ZodDefault<z.ZodBoolean>;
1702
+ }, "strip", z.ZodTypeAny, {
1703
+ label: string;
1704
+ name: string;
1705
+ active: boolean;
1706
+ driver: string;
1707
+ secret: string;
1708
+ rateLimit: {
1709
+ enabled: boolean;
1710
+ windowMs: number;
1711
+ maxAttempts: number;
1712
+ blockDuration: number;
1713
+ skipSuccessfulRequests: boolean;
1714
+ };
1715
+ strategies: ("email_password" | "magic_link" | "oauth" | "passkey" | "otp" | "anonymous")[];
1716
+ baseUrl: string;
1717
+ session: {
1718
+ expiresIn: number;
1719
+ updateAge: number;
1720
+ cookieName: string;
1721
+ cookieSecure: boolean;
1722
+ cookieSameSite: "strict" | "none" | "lax";
1723
+ cookiePath: string;
1724
+ cookieHttpOnly: boolean;
1725
+ cookieDomain?: string | undefined;
1726
+ };
1727
+ csrf: {
1728
+ enabled: boolean;
1729
+ cookieName: string;
1730
+ tokenLength: number;
1731
+ headerName: string;
1732
+ };
1733
+ accountLinking: {
1734
+ enabled: boolean;
1735
+ autoLink: boolean;
1736
+ requireVerification: boolean;
1737
+ };
1738
+ userFieldMapping: {
1739
+ email: string;
1740
+ name: string;
1741
+ id: string;
1742
+ emailVerified: string;
1743
+ createdAt: string;
1744
+ updatedAt: string;
1745
+ image?: string | undefined;
1746
+ };
1747
+ plugins: {
1748
+ name: string;
1749
+ enabled: boolean;
1750
+ options?: Record<string, any> | undefined;
1751
+ }[];
1752
+ allowRegistration: boolean;
1753
+ email?: {
1754
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
1755
+ from: string;
1756
+ config?: Record<string, any> | undefined;
1757
+ fromName?: string | undefined;
1758
+ } | undefined;
1759
+ oauth?: {
1760
+ providers: {
1761
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
1762
+ enabled: boolean;
1763
+ clientId: string;
1764
+ clientSecret: string;
1765
+ icon?: string | undefined;
1766
+ scopes?: string[] | undefined;
1767
+ redirectUri?: string | undefined;
1768
+ displayName?: string | undefined;
1769
+ }[];
1770
+ } | undefined;
1771
+ passkey?: {
1772
+ enabled: boolean;
1773
+ rpName: string;
1774
+ userVerification: "required" | "preferred" | "discouraged";
1775
+ attestation: "none" | "indirect" | "direct" | "enterprise";
1776
+ rpId?: string | undefined;
1777
+ allowedOrigins?: string[] | undefined;
1778
+ } | undefined;
1779
+ emailPassword?: {
1780
+ enabled: boolean;
1781
+ requireEmailVerification: boolean;
1782
+ minPasswordLength: number;
1783
+ requirePasswordComplexity: boolean;
1784
+ allowPasswordReset: boolean;
1785
+ passwordResetExpiry: number;
1786
+ } | undefined;
1787
+ magicLink?: {
1788
+ enabled: boolean;
1789
+ expiryTime: number;
1790
+ sendEmail?: ((args_0: {
1791
+ to: string;
1792
+ link: string;
1793
+ token: string;
1794
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1795
+ } | undefined;
1796
+ twoFactor?: {
1797
+ enabled: boolean;
1798
+ qrCodeSize: number;
1799
+ issuer?: string | undefined;
1800
+ backupCodes?: {
1801
+ count: number;
1802
+ enabled: boolean;
1803
+ } | undefined;
1804
+ } | undefined;
1805
+ database?: {
1806
+ type: "custom" | "prisma" | "drizzle" | "kysely";
1807
+ tablePrefix: string;
1808
+ connectionString?: string | undefined;
1809
+ schema?: string | undefined;
1810
+ } | undefined;
1811
+ hooks?: {
1812
+ beforeSignIn?: ((args_0: {
1813
+ email: string;
1814
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1815
+ afterSignIn?: ((args_0: {
1816
+ user?: any;
1817
+ session?: any;
1818
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1819
+ beforeSignUp?: ((args_0: {
1820
+ email: string;
1821
+ name?: string | undefined;
1822
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1823
+ afterSignUp?: ((args_0: {
1824
+ user?: any;
1825
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1826
+ beforeSignOut?: ((args_0: {
1827
+ sessionId: string;
1828
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1829
+ afterSignOut?: ((args_0: {
1830
+ sessionId: string;
1831
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1832
+ } | undefined;
1833
+ security?: {
1834
+ trustProxy: boolean;
1835
+ ipRateLimiting: boolean;
1836
+ sessionFingerprinting: boolean;
1837
+ maxSessions: number;
1838
+ allowedOrigins?: string[] | undefined;
1839
+ } | undefined;
1840
+ ui?: {
1841
+ primaryColor?: string | undefined;
1842
+ logo?: string | undefined;
1843
+ brandName?: string | undefined;
1844
+ customCss?: string | undefined;
1845
+ } | undefined;
1846
+ }, {
1847
+ label: string;
1848
+ name: string;
1849
+ secret: string;
1850
+ strategies: ("email_password" | "magic_link" | "oauth" | "passkey" | "otp" | "anonymous")[];
1851
+ baseUrl: string;
1852
+ email?: {
1853
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
1854
+ from: string;
1855
+ config?: Record<string, any> | undefined;
1856
+ fromName?: string | undefined;
1857
+ } | undefined;
1858
+ active?: boolean | undefined;
1859
+ driver?: string | undefined;
1860
+ rateLimit?: {
1861
+ enabled?: boolean | undefined;
1862
+ windowMs?: number | undefined;
1863
+ maxAttempts?: number | undefined;
1864
+ blockDuration?: number | undefined;
1865
+ skipSuccessfulRequests?: boolean | undefined;
1866
+ } | undefined;
1867
+ oauth?: {
1868
+ providers: {
1869
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
1870
+ clientId: string;
1871
+ clientSecret: string;
1872
+ icon?: string | undefined;
1873
+ enabled?: boolean | undefined;
1874
+ scopes?: string[] | undefined;
1875
+ redirectUri?: string | undefined;
1876
+ displayName?: string | undefined;
1877
+ }[];
1878
+ } | undefined;
1879
+ passkey?: {
1880
+ rpName: string;
1881
+ enabled?: boolean | undefined;
1882
+ rpId?: string | undefined;
1883
+ allowedOrigins?: string[] | undefined;
1884
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
1885
+ attestation?: "none" | "indirect" | "direct" | "enterprise" | undefined;
1886
+ } | undefined;
1887
+ emailPassword?: {
1888
+ enabled?: boolean | undefined;
1889
+ requireEmailVerification?: boolean | undefined;
1890
+ minPasswordLength?: number | undefined;
1891
+ requirePasswordComplexity?: boolean | undefined;
1892
+ allowPasswordReset?: boolean | undefined;
1893
+ passwordResetExpiry?: number | undefined;
1894
+ } | undefined;
1895
+ magicLink?: {
1896
+ enabled?: boolean | undefined;
1897
+ expiryTime?: number | undefined;
1898
+ sendEmail?: ((args_0: {
1899
+ to: string;
1900
+ link: string;
1901
+ token: string;
1902
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1903
+ } | undefined;
1904
+ session?: {
1905
+ expiresIn?: number | undefined;
1906
+ updateAge?: number | undefined;
1907
+ cookieName?: string | undefined;
1908
+ cookieSecure?: boolean | undefined;
1909
+ cookieSameSite?: "strict" | "none" | "lax" | undefined;
1910
+ cookieDomain?: string | undefined;
1911
+ cookiePath?: string | undefined;
1912
+ cookieHttpOnly?: boolean | undefined;
1913
+ } | undefined;
1914
+ csrf?: {
1915
+ enabled?: boolean | undefined;
1916
+ cookieName?: string | undefined;
1917
+ tokenLength?: number | undefined;
1918
+ headerName?: string | undefined;
1919
+ } | undefined;
1920
+ accountLinking?: {
1921
+ enabled?: boolean | undefined;
1922
+ autoLink?: boolean | undefined;
1923
+ requireVerification?: boolean | undefined;
1924
+ } | undefined;
1925
+ twoFactor?: {
1926
+ enabled?: boolean | undefined;
1927
+ issuer?: string | undefined;
1928
+ qrCodeSize?: number | undefined;
1929
+ backupCodes?: {
1930
+ count?: number | undefined;
1931
+ enabled?: boolean | undefined;
1932
+ } | undefined;
1933
+ } | undefined;
1934
+ userFieldMapping?: {
1935
+ email?: string | undefined;
1936
+ image?: string | undefined;
1937
+ name?: string | undefined;
1938
+ id?: string | undefined;
1939
+ emailVerified?: string | undefined;
1940
+ createdAt?: string | undefined;
1941
+ updatedAt?: string | undefined;
1942
+ } | undefined;
1943
+ database?: {
1944
+ type: "custom" | "prisma" | "drizzle" | "kysely";
1945
+ connectionString?: string | undefined;
1946
+ tablePrefix?: string | undefined;
1947
+ schema?: string | undefined;
1948
+ } | undefined;
1949
+ plugins?: {
1950
+ name: string;
1951
+ options?: Record<string, any> | undefined;
1952
+ enabled?: boolean | undefined;
1953
+ }[] | undefined;
1954
+ hooks?: {
1955
+ beforeSignIn?: ((args_0: {
1956
+ email: string;
1957
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1958
+ afterSignIn?: ((args_0: {
1959
+ user?: any;
1960
+ session?: any;
1961
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1962
+ beforeSignUp?: ((args_0: {
1963
+ email: string;
1964
+ name?: string | undefined;
1965
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1966
+ afterSignUp?: ((args_0: {
1967
+ user?: any;
1968
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1969
+ beforeSignOut?: ((args_0: {
1970
+ sessionId: string;
1971
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1972
+ afterSignOut?: ((args_0: {
1973
+ sessionId: string;
1974
+ }, ...args: unknown[]) => Promise<void>) | undefined;
1975
+ } | undefined;
1976
+ security?: {
1977
+ allowedOrigins?: string[] | undefined;
1978
+ trustProxy?: boolean | undefined;
1979
+ ipRateLimiting?: boolean | undefined;
1980
+ sessionFingerprinting?: boolean | undefined;
1981
+ maxSessions?: number | undefined;
1982
+ } | undefined;
1983
+ ui?: {
1984
+ primaryColor?: string | undefined;
1985
+ logo?: string | undefined;
1986
+ brandName?: string | undefined;
1987
+ customCss?: string | undefined;
1988
+ } | undefined;
1989
+ allowRegistration?: boolean | undefined;
1990
+ }>;
1991
+ }, "strip", z.ZodTypeAny, {
1992
+ type: "standard_auth";
1993
+ config: {
1994
+ label: string;
1995
+ name: string;
1996
+ active: boolean;
1997
+ driver: string;
1998
+ secret: string;
1999
+ rateLimit: {
2000
+ enabled: boolean;
2001
+ windowMs: number;
2002
+ maxAttempts: number;
2003
+ blockDuration: number;
2004
+ skipSuccessfulRequests: boolean;
2005
+ };
2006
+ strategies: ("email_password" | "magic_link" | "oauth" | "passkey" | "otp" | "anonymous")[];
2007
+ baseUrl: string;
2008
+ session: {
2009
+ expiresIn: number;
2010
+ updateAge: number;
2011
+ cookieName: string;
2012
+ cookieSecure: boolean;
2013
+ cookieSameSite: "strict" | "none" | "lax";
2014
+ cookiePath: string;
2015
+ cookieHttpOnly: boolean;
2016
+ cookieDomain?: string | undefined;
2017
+ };
2018
+ csrf: {
2019
+ enabled: boolean;
2020
+ cookieName: string;
2021
+ tokenLength: number;
2022
+ headerName: string;
2023
+ };
2024
+ accountLinking: {
2025
+ enabled: boolean;
2026
+ autoLink: boolean;
2027
+ requireVerification: boolean;
2028
+ };
2029
+ userFieldMapping: {
2030
+ email: string;
2031
+ name: string;
2032
+ id: string;
2033
+ emailVerified: string;
2034
+ createdAt: string;
2035
+ updatedAt: string;
2036
+ image?: string | undefined;
2037
+ };
2038
+ plugins: {
2039
+ name: string;
2040
+ enabled: boolean;
2041
+ options?: Record<string, any> | undefined;
2042
+ }[];
2043
+ allowRegistration: boolean;
2044
+ email?: {
2045
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
2046
+ from: string;
2047
+ config?: Record<string, any> | undefined;
2048
+ fromName?: string | undefined;
2049
+ } | undefined;
2050
+ oauth?: {
2051
+ providers: {
2052
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
2053
+ enabled: boolean;
2054
+ clientId: string;
2055
+ clientSecret: string;
2056
+ icon?: string | undefined;
2057
+ scopes?: string[] | undefined;
2058
+ redirectUri?: string | undefined;
2059
+ displayName?: string | undefined;
2060
+ }[];
2061
+ } | undefined;
2062
+ passkey?: {
2063
+ enabled: boolean;
2064
+ rpName: string;
2065
+ userVerification: "required" | "preferred" | "discouraged";
2066
+ attestation: "none" | "indirect" | "direct" | "enterprise";
2067
+ rpId?: string | undefined;
2068
+ allowedOrigins?: string[] | undefined;
2069
+ } | undefined;
2070
+ emailPassword?: {
2071
+ enabled: boolean;
2072
+ requireEmailVerification: boolean;
2073
+ minPasswordLength: number;
2074
+ requirePasswordComplexity: boolean;
2075
+ allowPasswordReset: boolean;
2076
+ passwordResetExpiry: number;
2077
+ } | undefined;
2078
+ magicLink?: {
2079
+ enabled: boolean;
2080
+ expiryTime: number;
2081
+ sendEmail?: ((args_0: {
2082
+ to: string;
2083
+ link: string;
2084
+ token: string;
2085
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2086
+ } | undefined;
2087
+ twoFactor?: {
2088
+ enabled: boolean;
2089
+ qrCodeSize: number;
2090
+ issuer?: string | undefined;
2091
+ backupCodes?: {
2092
+ count: number;
2093
+ enabled: boolean;
2094
+ } | undefined;
2095
+ } | undefined;
2096
+ database?: {
2097
+ type: "custom" | "prisma" | "drizzle" | "kysely";
2098
+ tablePrefix: string;
2099
+ connectionString?: string | undefined;
2100
+ schema?: string | undefined;
2101
+ } | undefined;
2102
+ hooks?: {
2103
+ beforeSignIn?: ((args_0: {
2104
+ email: string;
2105
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2106
+ afterSignIn?: ((args_0: {
2107
+ user?: any;
2108
+ session?: any;
2109
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2110
+ beforeSignUp?: ((args_0: {
2111
+ email: string;
2112
+ name?: string | undefined;
2113
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2114
+ afterSignUp?: ((args_0: {
2115
+ user?: any;
2116
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2117
+ beforeSignOut?: ((args_0: {
2118
+ sessionId: string;
2119
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2120
+ afterSignOut?: ((args_0: {
2121
+ sessionId: string;
2122
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2123
+ } | undefined;
2124
+ security?: {
2125
+ trustProxy: boolean;
2126
+ ipRateLimiting: boolean;
2127
+ sessionFingerprinting: boolean;
2128
+ maxSessions: number;
2129
+ allowedOrigins?: string[] | undefined;
2130
+ } | undefined;
2131
+ ui?: {
2132
+ primaryColor?: string | undefined;
2133
+ logo?: string | undefined;
2134
+ brandName?: string | undefined;
2135
+ customCss?: string | undefined;
2136
+ } | undefined;
2137
+ };
2138
+ }, {
2139
+ type: "standard_auth";
2140
+ config: {
2141
+ label: string;
2142
+ name: string;
2143
+ secret: string;
2144
+ strategies: ("email_password" | "magic_link" | "oauth" | "passkey" | "otp" | "anonymous")[];
2145
+ baseUrl: string;
2146
+ email?: {
2147
+ provider: "custom" | "smtp" | "sendgrid" | "mailgun" | "ses" | "resend";
2148
+ from: string;
2149
+ config?: Record<string, any> | undefined;
2150
+ fromName?: string | undefined;
2151
+ } | undefined;
2152
+ active?: boolean | undefined;
2153
+ driver?: string | undefined;
2154
+ rateLimit?: {
2155
+ enabled?: boolean | undefined;
2156
+ windowMs?: number | undefined;
2157
+ maxAttempts?: number | undefined;
2158
+ blockDuration?: number | undefined;
2159
+ skipSuccessfulRequests?: boolean | undefined;
2160
+ } | undefined;
2161
+ oauth?: {
2162
+ providers: {
2163
+ provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
2164
+ clientId: string;
2165
+ clientSecret: string;
2166
+ icon?: string | undefined;
2167
+ enabled?: boolean | undefined;
2168
+ scopes?: string[] | undefined;
2169
+ redirectUri?: string | undefined;
2170
+ displayName?: string | undefined;
2171
+ }[];
2172
+ } | undefined;
2173
+ passkey?: {
2174
+ rpName: string;
2175
+ enabled?: boolean | undefined;
2176
+ rpId?: string | undefined;
2177
+ allowedOrigins?: string[] | undefined;
2178
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
2179
+ attestation?: "none" | "indirect" | "direct" | "enterprise" | undefined;
2180
+ } | undefined;
2181
+ emailPassword?: {
2182
+ enabled?: boolean | undefined;
2183
+ requireEmailVerification?: boolean | undefined;
2184
+ minPasswordLength?: number | undefined;
2185
+ requirePasswordComplexity?: boolean | undefined;
2186
+ allowPasswordReset?: boolean | undefined;
2187
+ passwordResetExpiry?: number | undefined;
2188
+ } | undefined;
2189
+ magicLink?: {
2190
+ enabled?: boolean | undefined;
2191
+ expiryTime?: number | undefined;
2192
+ sendEmail?: ((args_0: {
2193
+ to: string;
2194
+ link: string;
2195
+ token: string;
2196
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2197
+ } | undefined;
2198
+ session?: {
2199
+ expiresIn?: number | undefined;
2200
+ updateAge?: number | undefined;
2201
+ cookieName?: string | undefined;
2202
+ cookieSecure?: boolean | undefined;
2203
+ cookieSameSite?: "strict" | "none" | "lax" | undefined;
2204
+ cookieDomain?: string | undefined;
2205
+ cookiePath?: string | undefined;
2206
+ cookieHttpOnly?: boolean | undefined;
2207
+ } | undefined;
2208
+ csrf?: {
2209
+ enabled?: boolean | undefined;
2210
+ cookieName?: string | undefined;
2211
+ tokenLength?: number | undefined;
2212
+ headerName?: string | undefined;
2213
+ } | undefined;
2214
+ accountLinking?: {
2215
+ enabled?: boolean | undefined;
2216
+ autoLink?: boolean | undefined;
2217
+ requireVerification?: boolean | undefined;
2218
+ } | undefined;
2219
+ twoFactor?: {
2220
+ enabled?: boolean | undefined;
2221
+ issuer?: string | undefined;
2222
+ qrCodeSize?: number | undefined;
2223
+ backupCodes?: {
2224
+ count?: number | undefined;
2225
+ enabled?: boolean | undefined;
2226
+ } | undefined;
2227
+ } | undefined;
2228
+ userFieldMapping?: {
2229
+ email?: string | undefined;
2230
+ image?: string | undefined;
2231
+ name?: string | undefined;
2232
+ id?: string | undefined;
2233
+ emailVerified?: string | undefined;
2234
+ createdAt?: string | undefined;
2235
+ updatedAt?: string | undefined;
2236
+ } | undefined;
2237
+ database?: {
2238
+ type: "custom" | "prisma" | "drizzle" | "kysely";
2239
+ connectionString?: string | undefined;
2240
+ tablePrefix?: string | undefined;
2241
+ schema?: string | undefined;
2242
+ } | undefined;
2243
+ plugins?: {
2244
+ name: string;
2245
+ options?: Record<string, any> | undefined;
2246
+ enabled?: boolean | undefined;
2247
+ }[] | undefined;
2248
+ hooks?: {
2249
+ beforeSignIn?: ((args_0: {
2250
+ email: string;
2251
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2252
+ afterSignIn?: ((args_0: {
2253
+ user?: any;
2254
+ session?: any;
2255
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2256
+ beforeSignUp?: ((args_0: {
2257
+ email: string;
2258
+ name?: string | undefined;
2259
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2260
+ afterSignUp?: ((args_0: {
2261
+ user?: any;
2262
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2263
+ beforeSignOut?: ((args_0: {
2264
+ sessionId: string;
2265
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2266
+ afterSignOut?: ((args_0: {
2267
+ sessionId: string;
2268
+ }, ...args: unknown[]) => Promise<void>) | undefined;
2269
+ } | undefined;
2270
+ security?: {
2271
+ allowedOrigins?: string[] | undefined;
2272
+ trustProxy?: boolean | undefined;
2273
+ ipRateLimiting?: boolean | undefined;
2274
+ sessionFingerprinting?: boolean | undefined;
2275
+ maxSessions?: number | undefined;
2276
+ } | undefined;
2277
+ ui?: {
2278
+ primaryColor?: string | undefined;
2279
+ logo?: string | undefined;
2280
+ brandName?: string | undefined;
2281
+ customCss?: string | undefined;
2282
+ } | undefined;
2283
+ allowRegistration?: boolean | undefined;
2284
+ };
2285
+ }>;
2286
+ export type StandardAuthProvider = z.infer<typeof StandardAuthProviderSchema>;
2287
+ //# sourceMappingURL=auth.zod.d.ts.map