npm - @oglofus/auth - Versions diffs - 1.0.0 → 1.1.0 - Mend

@oglofus/auth 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/README.md +20 -6
package/dist/core/auth.d.ts +5 -4
package/dist/core/auth.js +219 -38
package/dist/core/utils.d.ts +1 -0
package/dist/core/utils.js +2 -1
package/dist/plugins/email-otp.js +28 -4
package/dist/plugins/magic-link.js +15 -18
package/dist/plugins/oauth2.d.ts +8 -1
package/dist/plugins/oauth2.js +65 -36
package/dist/plugins/organizations.js +38 -6
package/dist/plugins/passkey.js +20 -26
package/dist/plugins/password.js +1 -1
package/dist/plugins/two-factor.js +1 -4
package/dist/types/adapters.d.ts +26 -22
package/dist/types/model.d.ts +16 -13
package/dist/types/plugins.d.ts +24 -5
package/package.json +2 -2

package/dist/types/plugins.d.ts CHANGED Viewed

@@ -1,9 +1,10 @@
 import type { CoreAdapters, OrganizationsPluginHandlers } from "./adapters.js";
-import type { AccountDiscoveryMode, AuthRequestContext, CompleteProfileInput, DiscoverAccountInput, DiscoverAccountDecision, MembershipBase, OrganizationBase, OrganizationEntitlementSnapshot, SecondFactorMethod, TwoFactorVerifyInput, UserBase } from "./model.js";
+import type { AccountDiscoveryMode, AuthRequestContext, CompleteProfileInput, DiscoverAccountInput, DiscoverAccountDecision, MembershipBase, OrganizationBase, OrganizationEntitlementSnapshot, ProfileCompletionState, SecondFactorMethod, TwoFactorVerifyInput, UserBase } from "./model.js";
 import type { AuthResult, OperationResult } from "./results.js";
 export interface AuthPluginContext<U extends UserBase> {
     adapters: CoreAdapters<U>;
     now(): Date;
+    security?: AuthSecurityConfig;
     request?: AuthRequestContext;
 }
 export interface BasePlugin<Method extends string, U extends UserBase, ExposedApi extends object = {}> {
@@ -12,6 +13,10 @@ export interface BasePlugin<Method extends string, U extends UserBase, ExposedAp
     version: string;
     createApi?: (ctx: Omit<AuthPluginContext<U>, "request">) => ExposedApi;
 }
+export interface CompletePendingProfileInput<U extends UserBase> {
+    record: ProfileCompletionState<U>;
+    user: U;
+}
 export interface AuthMethodPlugin<Method extends string, RegisterInput extends {
     method: Method;
 }, AuthenticateInput extends {
@@ -35,6 +40,7 @@ export interface AuthMethodPlugin<Method extends string, RegisterInput extends {
     authenticate: (ctx: AuthPluginContext<U>, input: AuthenticateInput) => Promise<OperationResult<{
         user: U;
     }>>;
+    completePendingProfile?: (ctx: AuthPluginContext<U>, input: CompletePendingProfileInput<U>) => Promise<OperationResult<void>>;
 }
 export interface DomainPlugin<Method extends string, U extends UserBase, ExposedApi extends object = {}> extends BasePlugin<Method, U, ExposedApi> {
     kind: "domain";
@@ -113,6 +119,13 @@ export interface OrganizationsPluginApi<O extends OrganizationBase, Role extends
         organizationId: string;
         membership: M;
     }>>;
+    setActiveOrganization(input: {
+        sessionId: string;
+        organizationId?: string;
+    }, request?: AuthRequestContext): Promise<OperationResult<{
+        sessionId: string;
+        activeOrganizationId: string | null;
+    }>>;
     setMemberRole(input: {
         organizationId: string;
         membershipId: string;
@@ -176,6 +189,15 @@ export interface OrganizationsPluginConfig<O extends OrganizationBase, Role exte
     organizationRequiredFields?: readonly Extract<RequiredOrgFields, string>[];
     handlers: OrganizationsPluginHandlers<O, Role, M, Permission, Feature, LimitKey>;
 }
+export type AuthSecurityRateLimitScope = "discover" | "register" | "authenticate" | "emailOtpRequest" | "magicLinkRequest" | "otpVerify";
+export interface AuthSecurityRateLimitPolicy {
+    limit: number;
+    windowSeconds: number;
+}
+export interface AuthSecurityConfig {
+    rateLimits?: Partial<Record<AuthSecurityRateLimitScope, AuthSecurityRateLimitPolicy>>;
+    oauth2IdempotencyTtlSeconds?: number;
+}
 export type AnyMethodPlugin<U extends UserBase> = AuthMethodPlugin<string, any, any, U, any>;
 export type AnyDomainPlugin<U extends UserBase> = DomainPlugin<string, U, any>;
 export type AnyPlugin<U extends UserBase> = AnyMethodPlugin<U> | AnyDomainPlugin<U>;
@@ -208,6 +230,7 @@ export interface AuthConfig<U extends UserBase, P extends readonly AnyPlugin<U>[
     session?: {
         ttlSeconds?: number;
     };
+    security?: AuthSecurityConfig;
     validateConfigOnStart?: boolean;
 }
 export interface AuthPublicApi<U extends UserBase, P extends readonly AnyPlugin<U>[]> {
@@ -217,10 +240,6 @@ export interface AuthPublicApi<U extends UserBase, P extends readonly AnyPlugin<
     method<M extends PluginMethodsWithApi<P>>(method: M): PluginApiMap<P>[M];
     verifySecondFactor(input: TwoFactorVerifyInput, request?: AuthRequestContext): Promise<AuthResult<U>>;
     completeProfile(input: CompleteProfileInput<U>, request?: AuthRequestContext): Promise<AuthResult<U>>;
-    setActiveOrganization(sessionId: string, organizationId: string, request?: AuthRequestContext): Promise<OperationResult<{
-        sessionId: string;
-        activeOrganizationId: string;
-    }>>;
     validateSession(sessionId: string, request?: AuthRequestContext): Promise<{
         ok: true;
         userId: string;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@oglofus/auth",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Type-safe, plugin-first authentication core",
   "homepage": "https://github.com/oglofus/auth#readme",
   "bugs": {
@@ -26,7 +26,7 @@
     "LICENSE"
   ],
   "devDependencies": {
-    "@types/node": "^25.3.0",
+    "@types/node": "^25.3.5",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3"
   },