@open-core/identity 1.0.0

package/dist/services/account.service.d.ts

@@ -0,0 +1,78 @@
+import { Server } from "@open-core/framework";
+import type { Account } from "../entities/account.entity";
+import type { AccountIdentifiers, BanOptions, IdentifierType } from "../types";
+import { AccountRepository } from "../repositories/account.repository";
+import { RoleService } from "./role.service";
+export declare class AccountService {
+    private readonly repo;
+    private readonly roleService;
+    private readonly config;
+    constructor(repo: AccountRepository, roleService: RoleService, config: Server.ConfigService);
+    findById(id: number): Promise<Account | null>;
+    findByLinkedId(linkedId: string): Promise<Account | null>;
+    findByIdentifier(type: IdentifierType, value: string): Promise<Account | null>;
+    findOrCreate(identifiers: AccountIdentifiers): Promise<{
+        account: Account;
+        isNew: boolean;
+    }>;
+    ban(accountId: number, options: BanOptions): Promise<void>;
+    unban(accountId: number): Promise<void>;
+    isBanExpired(account: Account): boolean;
+    /**
+     * Add a custom permission to an account (override/additional to role).
+     *
+     * @param accountId - Account ID
+     * @param permission - Permission string to add
+     */
+    addCustomPermission(accountId: number, permission: string): Promise<void>;
+    /**
+     * Remove a custom permission from an account.
+     *
+     * @param accountId - Account ID
+     * @param permission - Permission string to remove
+     */
+    removeCustomPermission(accountId: number, permission: string): Promise<void>;
+    /**
+     * Get effective permissions for an account (role + custom).
+     *
+     * @param accountId - Account ID
+     * @returns Combined permissions array
+     */
+    getEffectivePermissions(accountId: number): Promise<string[]>;
+    /**
+     * Assign a role to an account.
+     *
+     * @param accountId - Account ID
+     * @param roleId - Role ID to assign (null to remove role)
+     */
+    assignRole(accountId: number, roleId: number | null): Promise<void>;
+    /**
+     * Combine role permissions with account custom permissions.
+     * Custom permissions starting with '-' negate the base permission.
+     *
+     * @param role - Role with base permissions
+     * @param customPerms - Account custom permissions
+     * @returns Combined permissions array
+     */
+    private combinePermissions;
+    touchLastLogin(accountId: number, date?: Date): Promise<void>;
+    private lookupExisting;
+    private identifierPriority;
+    /**
+     * Find account by username (for credentials auth)
+     * Note: This is a basic implementation. For production, add an index on username.
+     */
+    findByUsername(_username: string): Promise<Account | null>;
+    /**
+     * Update account identifiers (for credentials auth identifier merging)
+     */
+    updateIdentifiers(): Promise<void>;
+    /**
+     * Create account with credentials (for CredentialsAuthProvider)
+     */
+    createWithCredentials(input: {
+        username: string;
+        passwordHash: string;
+        identifiers: AccountIdentifiers;
+    }): Promise<Account>;
+}

package/dist/services/account.service.js

@@ -0,0 +1,207 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccountService = void 0;
+const tsyringe_1 = require("tsyringe");
+const framework_1 = require("@open-core/framework");
+const crypto_1 = require("crypto");
+const account_repository_1 = require("../repositories/account.repository");
+const role_service_1 = require("./role.service");
+let AccountService = class AccountService {
+    constructor(repo, roleService, config) {
+        this.repo = repo;
+        this.roleService = roleService;
+        this.config = config;
+    }
+    async findById(id) {
+        return this.repo.findById(id);
+    }
+    async findByLinkedId(linkedId) {
+        return this.repo.findByLinkedId(linkedId);
+    }
+    async findByIdentifier(type, value) {
+        return this.repo.findByIdentifier(type, value);
+    }
+    async findOrCreate(identifiers) {
+        const existing = await this.lookupExisting(identifiers);
+        if (existing) {
+            return { account: existing, isNew: false };
+        }
+        // Get default role for new accounts
+        const defaultRole = await this.roleService.getDefaultRole();
+        // Auto-generate linkedId by default (UUID format for local accounts)
+        const created = await this.repo.createAccount({
+            linkedId: (0, crypto_1.randomUUID)(),
+            externalSource: "local",
+            license: identifiers.license ?? null,
+            discord: identifiers.discord ?? null,
+            steam: identifiers.steam ?? null,
+            username: null,
+            roleId: defaultRole?.id ?? null,
+        });
+        return { account: created, isNew: true };
+    }
+    async ban(accountId, options) {
+        const expires = options.durationMs
+            ? new Date(Date.now() + options.durationMs)
+            : null;
+        await this.repo.setBan(accountId, true, options.reason ?? "Banned", expires);
+    }
+    async unban(accountId) {
+        await this.repo.setBan(accountId, false, null, null);
+    }
+    isBanExpired(account) {
+        if (!account.banned)
+            return false;
+        if (!account.banExpires)
+            return false;
+        return account.banExpires.getTime() <= Date.now();
+    }
+    /**
+     * Add a custom permission to an account (override/additional to role).
+     *
+     * @param accountId - Account ID
+     * @param permission - Permission string to add
+     */
+    async addCustomPermission(accountId, permission) {
+        const account = await this.repo.findById(accountId);
+        if (!account)
+            return;
+        const permissions = new Set(account.customPermissions ?? []);
+        permissions.add(permission);
+        await this.repo.updateCustomPermissions(accountId, Array.from(permissions));
+    }
+    /**
+     * Remove a custom permission from an account.
+     *
+     * @param accountId - Account ID
+     * @param permission - Permission string to remove
+     */
+    async removeCustomPermission(accountId, permission) {
+        const account = await this.repo.findById(accountId);
+        if (!account)
+            return;
+        const filtered = (account.customPermissions ?? []).filter((p) => p !== permission && p !== `-${permission}`);
+        await this.repo.updateCustomPermissions(accountId, filtered);
+    }
+    /**
+     * Get effective permissions for an account (role + custom).
+     *
+     * @param accountId - Account ID
+     * @returns Combined permissions array
+     */
+    async getEffectivePermissions(accountId) {
+        const result = await this.repo.findByIdWithRole(accountId);
+        if (!result)
+            return [];
+        return this.combinePermissions(result.role, result.account.customPermissions);
+    }
+    /**
+     * Assign a role to an account.
+     *
+     * @param accountId - Account ID
+     * @param roleId - Role ID to assign (null to remove role)
+     */
+    async assignRole(accountId, roleId) {
+        await this.repo.updateRole(accountId, roleId);
+    }
+    /**
+     * Combine role permissions with account custom permissions.
+     * Custom permissions starting with '-' negate the base permission.
+     *
+     * @param role - Role with base permissions
+     * @param customPerms - Account custom permissions
+     * @returns Combined permissions array
+     */
+    combinePermissions(role, customPerms) {
+        const base = new Set(role?.permissions ?? []);
+        for (const perm of customPerms) {
+            if (perm.startsWith("-")) {
+                // Negation: remove the base permission
+                base.delete(perm.slice(1));
+            }
+            else {
+                // Addition: add custom permission
+                base.add(perm);
+            }
+        }
+        return Array.from(base);
+    }
+    async touchLastLogin(accountId, date = new Date()) {
+        await this.repo.updateLastLogin(accountId, date);
+    }
+    async lookupExisting(identifiers) {
+        const ordered = this.identifierPriority();
+        for (const key of ordered) {
+            const value = identifiers[key];
+            if (!value)
+                continue;
+            const found = await this.repo.findByIdentifier(key, value);
+            if (found)
+                return found;
+        }
+        // Fallback: try any provided identifiers
+        for (const [key, value] of Object.entries(identifiers)) {
+            if (!value)
+                continue;
+            const found = await this.repo.findByIdentifier(key, value);
+            if (found)
+                return found;
+        }
+        return null;
+    }
+    identifierPriority() {
+        const fromConfig = this.config.get("identity_primary_identifier", "license");
+        const base = ["license", "discord", "steam"];
+        return [fromConfig, ...base.filter((id) => id !== fromConfig)];
+    }
+    /**
+     * Find account by username (for credentials auth)
+     * Note: This is a basic implementation. For production, add an index on username.
+     */
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    async findByUsername(_username) {
+        // TODO: Add findByUsername method to AccountRepository for better performance
+        // For now, this is a placeholder that credentials auth will need
+        throw new Error("findByUsername not implemented - add to AccountRepository for credentials auth");
+    }
+    /**
+     * Update account identifiers (for credentials auth identifier merging)
+     */
+    async updateIdentifiers() {
+        // This is a placeholder - in production you'd want a proper update method
+        // For now, credentials auth can work without this
+        console.warn("updateIdentifiers not fully implemented - identifiers not merged");
+    }
+    /**
+     * Create account with credentials (for CredentialsAuthProvider)
+     */
+    async createWithCredentials(input) {
+        const defaultRole = await this.roleService.getDefaultRole();
+        // Note: This creates an account without password_hash field
+        // You'll need to add password_hash to Account entity and migration 005
+        return this.repo.createAccount({
+            linkedId: (0, crypto_1.randomUUID)(),
+            externalSource: "credentials",
+            username: input.username,
+            license: input.identifiers.license ?? null,
+            discord: input.identifiers.discord ?? null,
+            steam: input.identifiers.steam ?? null,
+            roleId: defaultRole?.id ?? null,
+        });
+    }
+};
+exports.AccountService = AccountService;
+exports.AccountService = AccountService = __decorate([
+    (0, tsyringe_1.injectable)(),
+    __metadata("design:paramtypes", [account_repository_1.AccountRepository,
+        role_service_1.RoleService, framework_1.Server.ConfigService])
+], AccountService);

package/dist/services/auth/api-auth.provider.d.ts

@@ -0,0 +1,30 @@
+import { Server } from "@open-core/framework";
+import { MemoryCacheService } from "../cache/memory-cache.service";
+/**
+ * API-based authentication provider that delegates auth to external API.
+ * Does NOT require local database (uses memory cache only).
+ *
+ * Features:
+ * - POSTs credentials + identifiers to external API
+ * - Receives linkedId from API (no local generation)
+ * - Caches auth results in RAM with configurable TTL
+ * - Optionally syncs to local DB if configured
+ *
+ * Expected API endpoint: POST {apiUrl}/auth
+ * Request: { credentials: {...}, identifiers: {license, discord, steam} }
+ * Response: { success: boolean, linkedId?: string, error?: string }
+ */
+export declare class ApiAuthProvider implements Server.AuthProviderContract {
+    private readonly config;
+    private readonly http;
+    private readonly cache;
+    private apiConfig;
+    private cacheTtl;
+    constructor(config: Server.ConfigService, http: Server.HttpService, cache: MemoryCacheService);
+    authenticate(player: Server.Player, credentials: Record<string, unknown>): Promise<Server.AuthResult>;
+    register(player: Server.Player, credentials: Record<string, unknown>): Promise<Server.AuthResult>;
+    validateSession(player: Server.Player): Promise<Server.AuthResult>;
+    logout(player: Server.Player): Promise<void>;
+    private extractFromPlayer;
+    private parseHeaders;
+}

package/dist/services/auth/api-auth.provider.js

@@ -0,0 +1,134 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiAuthProvider = void 0;
+const tsyringe_1 = require("tsyringe");
+const framework_1 = require("@open-core/framework");
+const memory_cache_service_1 = require("../cache/memory-cache.service");
+/**
+ * API-based authentication provider that delegates auth to external API.
+ * Does NOT require local database (uses memory cache only).
+ *
+ * Features:
+ * - POSTs credentials + identifiers to external API
+ * - Receives linkedId from API (no local generation)
+ * - Caches auth results in RAM with configurable TTL
+ * - Optionally syncs to local DB if configured
+ *
+ * Expected API endpoint: POST {apiUrl}/auth
+ * Request: { credentials: {...}, identifiers: {license, discord, steam} }
+ * Response: { success: boolean, linkedId?: string, error?: string }
+ */
+let ApiAuthProvider = class ApiAuthProvider {
+    constructor(config, http, cache) {
+        this.config = config;
+        this.http = http;
+        this.cache = cache;
+        // Load API configuration from convars
+        this.apiConfig = {
+            authUrl: this.config.get("identity_api_auth_url", "http://localhost:3000/api/auth"),
+            headers: this.parseHeaders(this.config.get("identity_api_headers", "")),
+            timeoutMs: this.config.getNumber("identity_api_timeout", 5000),
+        };
+        this.cacheTtl = this.config.getNumber("identity_cache_ttl", 300000); // 5 min default
+    }
+    async authenticate(player, credentials) {
+        const identifiers = this.extractFromPlayer(player);
+        try {
+            const response = await this.http.post(this.apiConfig.authUrl, {
+                credentials,
+                identifiers,
+            }, {
+                headers: this.apiConfig.headers,
+                timeoutMs: this.apiConfig.timeoutMs,
+            });
+            if (!response.success || !response.linkedId) {
+                return {
+                    success: false,
+                    error: response.error ?? "Authentication failed",
+                };
+            }
+            // Cache the auth result
+            this.cache.set(`auth:${response.linkedId}`, { linkedId: response.linkedId, identifiers }, this.cacheTtl);
+            // Link account
+            player.linkAccount(response.linkedId);
+            return {
+                success: true,
+                accountID: response.linkedId,
+                isNewAccount: response.isNewAccount ?? false,
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : "API authentication failed",
+            };
+        }
+    }
+    async register(player, credentials) {
+        // Registration is the same as authentication for API-based auth
+        // The external API decides if it's a new account or not
+        return this.authenticate(player, credentials);
+    }
+    async validateSession(player) {
+        const linked = player.accountID;
+        if (!linked) {
+            return { success: false, error: "Not authenticated" };
+        }
+        // Check cache first
+        const cached = this.cache.get(`auth:${linked}`);
+        if (cached) {
+            return { success: true, accountID: cached.linkedId };
+        }
+        // If not in cache, we could optionally validate with API
+        // For now, we trust the linkedId if it exists
+        return { success: true, accountID: String(linked) };
+    }
+    async logout(player) {
+        const linked = player.accountID;
+        if (linked) {
+            this.cache.delete(`auth:${linked}`);
+        }
+        player.setMeta("identity:session", null);
+    }
+    extractFromPlayer(player) {
+        const identifiers = player.getIdentifiers();
+        const result = {
+            license: null,
+            discord: null,
+            steam: null,
+        };
+        for (const raw of identifiers) {
+            if (raw.startsWith("license:"))
+                result.license = raw.slice("license:".length);
+            if (raw.startsWith("discord:"))
+                result.discord = raw.slice("discord:".length);
+            if (raw.startsWith("steam:"))
+                result.steam = raw.slice("steam:".length);
+        }
+        return result;
+    }
+    parseHeaders(headersString) {
+        if (!headersString)
+            return {};
+        try {
+            return JSON.parse(headersString);
+        }
+        catch {
+            return {};
+        }
+    }
+};
+exports.ApiAuthProvider = ApiAuthProvider;
+exports.ApiAuthProvider = ApiAuthProvider = __decorate([
+    (0, tsyringe_1.injectable)(),
+    __metadata("design:paramtypes", [framework_1.Server.ConfigService, framework_1.Server.HttpService, memory_cache_service_1.MemoryCacheService])
+], ApiAuthProvider);

package/dist/services/auth/credentials-auth.provider.d.ts

@@ -0,0 +1,27 @@
+import { Server } from "@open-core/framework";
+import { AccountService } from "../account.service";
+/**
+ * Credentials-based authentication provider using username/password.
+ * Requires password_hash column in accounts table (migration 005).
+ *
+ * Features:
+ * - Validates username and password
+ * - Uses bcrypt for password hashing
+ * - Does NOT auto-create accounts (must be registered first)
+ * - Can optionally merge FiveM identifiers after authentication
+ */
+export declare class CredentialsAuthProvider implements Server.AuthProviderContract {
+    private readonly accounts;
+    private readonly config;
+    private readonly saltRounds;
+    constructor(accounts: AccountService, config: Server.ConfigService);
+    /**
+     * Get the linked account ID (linkedId or numeric ID as fallback)
+     */
+    private getLinkedId;
+    authenticate(player: Server.Player, credentials: Record<string, unknown>): Promise<Server.AuthResult>;
+    register(player: Server.Player, credentials: Record<string, unknown>): Promise<Server.AuthResult>;
+    validateSession(player: Server.Player): Promise<Server.AuthResult>;
+    logout(player: Server.Player): Promise<void>;
+    private extractFromPlayer;
+}

package/dist/services/auth/credentials-auth.provider.js

@@ -0,0 +1,214 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CredentialsAuthProvider = void 0;
+const tsyringe_1 = require("tsyringe");
+const framework_1 = require("@open-core/framework");
+const bcrypt = __importStar(require("bcrypt"));
+const account_service_1 = require("../account.service");
+/**
+ * Credentials-based authentication provider using username/password.
+ * Requires password_hash column in accounts table (migration 005).
+ *
+ * Features:
+ * - Validates username and password
+ * - Uses bcrypt for password hashing
+ * - Does NOT auto-create accounts (must be registered first)
+ * - Can optionally merge FiveM identifiers after authentication
+ */
+let CredentialsAuthProvider = class CredentialsAuthProvider {
+    constructor(accounts, config) {
+        this.accounts = accounts;
+        this.config = config;
+        this.saltRounds = 10;
+    }
+    /**
+     * Get the linked account ID (linkedId or numeric ID as fallback)
+     */
+    getLinkedId(account) {
+        return account.linkedId ?? String(account.id);
+    }
+    async authenticate(player, credentials) {
+        const username = credentials.username;
+        const password = credentials.password;
+        if (!username || !password) {
+            return {
+                success: false,
+                error: "Username and password are required",
+            };
+        }
+        // Find account by username
+        const account = await this.accounts.findByUsername(username);
+        if (!account) {
+            return {
+                success: false,
+                error: "Invalid credentials",
+            };
+        }
+        // Validate password (requires password_hash in Account entity)
+        const passwordHash = account
+            .passwordHash;
+        if (!passwordHash) {
+            return {
+                success: false,
+                error: "Account has no password set",
+            };
+        }
+        const isValid = await bcrypt.compare(password, passwordHash);
+        if (!isValid) {
+            return {
+                success: false,
+                error: "Invalid credentials",
+            };
+        }
+        // Check ban status
+        if (this.accounts.isBanExpired(account)) {
+            await this.accounts.unban(account.id);
+            account.banned = false;
+        }
+        if (account.banned) {
+            return {
+                success: false,
+                error: account.banReason ?? "Account banned",
+                accountID: this.getLinkedId(account),
+            };
+        }
+        // Link account and update last login
+        const linkedId = this.getLinkedId(account);
+        player.linkAccount(linkedId);
+        await this.accounts.touchLastLogin(account.id);
+        // Optionally merge FiveM identifiers
+        const shouldMergeIdentifiers = this.config.getBoolean("identity_merge_identifiers", false);
+        if (shouldMergeIdentifiers) {
+            // TODO: Implement updateIdentifiers in AccountService
+            // const identifiers = this.extractFromPlayer(player);
+            // await this.accounts.updateIdentifiers(account.id, identifiers);
+        }
+        return {
+            success: true,
+            accountID: linkedId,
+            isNewAccount: false,
+        };
+    }
+    async register(player, credentials) {
+        const username = credentials.username;
+        const password = credentials.password;
+        if (!username || !password) {
+            return {
+                success: false,
+                error: "Username and password are required",
+            };
+        }
+        // Check if username already exists
+        const existing = await this.accounts.findByUsername(username);
+        if (existing) {
+            return {
+                success: false,
+                error: "Username already taken",
+            };
+        }
+        // Hash password
+        const passwordHash = await bcrypt.hash(password, this.saltRounds);
+        // Create account with password
+        const account = await this.accounts.createWithCredentials({
+            username,
+            passwordHash,
+            identifiers: this.extractFromPlayer(player),
+        });
+        const linkedId = this.getLinkedId(account);
+        player.linkAccount(linkedId);
+        return {
+            success: true,
+            accountID: linkedId,
+            isNewAccount: true,
+        };
+    }
+    async validateSession(player) {
+        const linked = player.accountID;
+        if (!linked) {
+            return { success: false, error: "Not authenticated" };
+        }
+        const account = await this.accounts.findByLinkedId(String(linked));
+        if (!account) {
+            return { success: false, error: "Account not found", accountID: linked };
+        }
+        if (this.accounts.isBanExpired(account)) {
+            await this.accounts.unban(account.id);
+            account.banned = false;
+        }
+        if (account.banned) {
+            return {
+                success: false,
+                error: account.banReason ?? "Account banned",
+                accountID: this.getLinkedId(account),
+            };
+        }
+        return { success: true, accountID: this.getLinkedId(account) };
+    }
+    async logout(player) {
+        player.setMeta("identity:session", null);
+    }
+    extractFromPlayer(player) {
+        const identifiers = player.getIdentifiers();
+        const result = {
+            license: null,
+            discord: null,
+            steam: null,
+        };
+        for (const raw of identifiers) {
+            if (raw.startsWith("license:"))
+                result.license = raw.slice("license:".length);
+            if (raw.startsWith("discord:"))
+                result.discord = raw.slice("discord:".length);
+            if (raw.startsWith("steam:"))
+                result.steam = raw.slice("steam:".length);
+        }
+        return result;
+    }
+};
+exports.CredentialsAuthProvider = CredentialsAuthProvider;
+exports.CredentialsAuthProvider = CredentialsAuthProvider = __decorate([
+    (0, tsyringe_1.injectable)(),
+    __metadata("design:paramtypes", [account_service_1.AccountService, framework_1.Server.ConfigService])
+], CredentialsAuthProvider);