@owujib/sabi-auth 0.0.1

package/dist/auth/AuthGuard.d.ts

@@ -0,0 +1,25 @@
+import type { Request, Response, NextFunction } from 'express';
+import type { AuthService } from './AuthService.js';
+/**
+ * Express middleware that protects a route by requiring a valid Bearer token.
+ *
+ * On success it attaches the decoded user to `req.user` so controllers can
+ * read it via `ctx.request.user()`.
+ *
+ * On failure it returns a 401 JSON response — the request never reaches the controller.
+ *
+ * @example
+ * // Protect an entire group of routes
+ * import { authenticate } from '@owujib/sabi-auth';
+ *
+ * const guard = authenticate(authService);
+ *
+ * Route.group('/users', [guard], () => {
+ *   Route.get('/', [UserController, 'index']);
+ * });
+ *
+ * // Or a single route
+ * Route.get('/me', [AuthController, 'me'], [guard]);
+ */
+export declare function authenticate(authService: AuthService): (req: Request, res: Response, next: NextFunction) => void;
+//# sourceMappingURL=AuthGuard.d.ts.map

package/dist/auth/AuthGuard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthGuard.d.ts","sourceRoot":"","sources":["../../src/auth/AuthGuard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAIpD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,YAAY,CAAC,WAAW,EAAE,WAAW,IAC3C,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,KAAG,IAAI,CAiB/D"}

package/dist/auth/AuthGuard.js

@@ -0,0 +1,41 @@
+// ─── authenticate ─────────────────────────────────────────────────────────────
+/**
+ * Express middleware that protects a route by requiring a valid Bearer token.
+ *
+ * On success it attaches the decoded user to `req.user` so controllers can
+ * read it via `ctx.request.user()`.
+ *
+ * On failure it returns a 401 JSON response — the request never reaches the controller.
+ *
+ * @example
+ * // Protect an entire group of routes
+ * import { authenticate } from '@owujib/sabi-auth';
+ *
+ * const guard = authenticate(authService);
+ *
+ * Route.group('/users', [guard], () => {
+ *   Route.get('/', [UserController, 'index']);
+ * });
+ *
+ * // Or a single route
+ * Route.get('/me', [AuthController, 'me'], [guard]);
+ */
+export function authenticate(authService) {
+    return (req, res, next) => {
+        const header = req.headers.authorization;
+        if (!header?.startsWith('Bearer ')) {
+            res.status(401).json({ message: 'Unauthorized — missing token' });
+            return;
+        }
+        try {
+            const token = header.slice(7);
+            const user = authService.verifyAccessToken(token);
+            req.user = user;
+            next();
+        }
+        catch {
+            res.status(401).json({ message: 'Unauthorized — invalid or expired token' });
+        }
+    };
+}
+//# sourceMappingURL=AuthGuard.js.map

package/dist/auth/AuthGuard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthGuard.js","sourceRoot":"","sources":["../../src/auth/AuthGuard.ts"],"names":[],"mappings":"AAGA,iFAAiF;AAEjF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,YAAY,CAAC,WAAwB;IACnD,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAQ,EAAE;QAC/D,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAEzC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACnC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,IAAI,GAAI,WAAW,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAClD,GAAW,CAAC,IAAI,GAAG,IAAI,CAAC;YACzB,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/auth/AuthService.d.ts

@@ -0,0 +1,43 @@
+import type { SabiAuthConfig, AuthUser, TokenPair } from '../types.js';
+/**
+ * Core authentication service.
+ *
+ * Handles password hashing, token generation, and token verification.
+ * Obtain an instance from the DI container via AUTH_SERVICE.
+ *
+ * @example
+ * const authService = app.make<AuthService>(AUTH_SERVICE);
+ *
+ * const hash = await authService.hashPassword('secret');
+ * const ok   = await authService.verifyPassword('secret', hash); // true
+ *
+ * const tokens = authService.generateTokens({ id: 1, email: 'a@b.com' });
+ * const user   = authService.verifyAccessToken(tokens.accessToken);
+ */
+export declare class AuthService {
+    private readonly secret;
+    private readonly accessTokenExpiry;
+    private readonly refreshTokenExpiry;
+    private readonly saltRounds;
+    constructor(config: SabiAuthConfig);
+    /** Hash a plain-text password. Store the result in your database — never the plain text. */
+    hashPassword(plain: string): Promise<string>;
+    /** Compare a plain-text password against a stored hash. Returns true if they match. */
+    verifyPassword(plain: string, hashed: string): Promise<boolean>;
+    /**
+     * Generate an access + refresh token pair for the given user.
+     * Call this on successful login or registration.
+     */
+    generateTokens(user: AuthUser): TokenPair;
+    /**
+     * Verify an access token and return the user payload.
+     * Throws if the token is missing, expired, or tampered with.
+     */
+    verifyAccessToken(token: string): AuthUser;
+    /**
+     * Verify a refresh token and return a new token pair.
+     * Call this when the access token expires.
+     */
+    refreshTokens(refreshToken: string): TokenPair;
+}
+//# sourceMappingURL=AuthService.d.ts.map

package/dist/auth/AuthService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthService.d.ts","sourceRoot":"","sources":["../../src/auth/AuthService.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAIvE;;;;;;;;;;;;;;GAcG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAS;IAC3C,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAS;IAC5C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;gBAExB,MAAM,EAAE,cAAc;IASlC,4FAA4F;IACtF,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIlD,uFAAuF;IACjF,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAMrE;;;OAGG;IACH,cAAc,CAAC,IAAI,EAAE,QAAQ,GAAG,SAAS;IAgBzC;;;OAGG;IACH,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ;IAK1C;;;OAGG;IACH,aAAa,CAAC,YAAY,EAAE,MAAM,GAAG,SAAS;CAI/C"}

package/dist/auth/AuthService.js

@@ -0,0 +1,73 @@
+import bcrypt from 'bcryptjs';
+import jwt from 'jsonwebtoken';
+// ─── AuthService ──────────────────────────────────────────────────────────────
+/**
+ * Core authentication service.
+ *
+ * Handles password hashing, token generation, and token verification.
+ * Obtain an instance from the DI container via AUTH_SERVICE.
+ *
+ * @example
+ * const authService = app.make<AuthService>(AUTH_SERVICE);
+ *
+ * const hash = await authService.hashPassword('secret');
+ * const ok   = await authService.verifyPassword('secret', hash); // true
+ *
+ * const tokens = authService.generateTokens({ id: 1, email: 'a@b.com' });
+ * const user   = authService.verifyAccessToken(tokens.accessToken);
+ */
+export class AuthService {
+    secret;
+    accessTokenExpiry;
+    refreshTokenExpiry;
+    saltRounds;
+    constructor(config) {
+        this.secret = config.secret;
+        this.accessTokenExpiry = config.accessTokenExpiry ?? '15m';
+        this.refreshTokenExpiry = config.refreshTokenExpiry ?? '7d';
+        this.saltRounds = config.saltRounds ?? 12;
+    }
+    // ─── Passwords ─────────────────────────────────────────────────────────────
+    /** Hash a plain-text password. Store the result in your database — never the plain text. */
+    async hashPassword(plain) {
+        return bcrypt.hash(plain, this.saltRounds);
+    }
+    /** Compare a plain-text password against a stored hash. Returns true if they match. */
+    async verifyPassword(plain, hashed) {
+        return bcrypt.compare(plain, hashed);
+    }
+    // ─── Tokens ────────────────────────────────────────────────────────────────
+    /**
+     * Generate an access + refresh token pair for the given user.
+     * Call this on successful login or registration.
+     */
+    generateTokens(user) {
+        const payload = { id: user.id, email: user.email };
+        const accessToken = jwt.sign(payload, this.secret, {
+            expiresIn: this.accessTokenExpiry,
+            subject: String(user.id),
+        });
+        const refreshToken = jwt.sign(payload, this.secret + ':refresh', {
+            expiresIn: this.refreshTokenExpiry,
+            subject: String(user.id),
+        });
+        return { accessToken, refreshToken };
+    }
+    /**
+     * Verify an access token and return the user payload.
+     * Throws if the token is missing, expired, or tampered with.
+     */
+    verifyAccessToken(token) {
+        const payload = jwt.verify(token, this.secret);
+        return { id: payload.id, email: payload.email, ...payload };
+    }
+    /**
+     * Verify a refresh token and return a new token pair.
+     * Call this when the access token expires.
+     */
+    refreshTokens(refreshToken) {
+        const payload = jwt.verify(refreshToken, this.secret + ':refresh');
+        return this.generateTokens({ id: payload.id, email: payload.email });
+    }
+}
+//# sourceMappingURL=AuthService.js.map

package/dist/auth/AuthService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthService.js","sourceRoot":"","sources":["../../src/auth/AuthService.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,UAAU,CAAC;AAC9B,OAAO,GAAG,MAAM,cAAc,CAAC;AAG/B,iFAAiF;AAEjF;;;;;;;;;;;;;;GAcG;AACH,MAAM,OAAO,WAAW;IACL,MAAM,CAAS;IACf,iBAAiB,CAAS;IAC1B,kBAAkB,CAAS;IAC3B,UAAU,CAAS;IAEpC,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAe,MAAM,CAAC,MAAM,CAAC;QACxC,IAAI,CAAC,iBAAiB,GAAI,MAAM,CAAC,iBAAiB,IAAK,KAAK,CAAC;QAC7D,IAAI,CAAC,kBAAkB,GAAG,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC;QAC5D,IAAI,CAAC,UAAU,GAAW,MAAM,CAAC,UAAU,IAAY,EAAE,CAAC;IAC5D,CAAC;IAED,8EAA8E;IAE9E,4FAA4F;IAC5F,KAAK,CAAC,YAAY,CAAC,KAAa;QAC9B,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAC7C,CAAC;IAED,uFAAuF;IACvF,KAAK,CAAC,cAAc,CAAC,KAAa,EAAE,MAAc;QAChD,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,8EAA8E;IAE9E;;;OAGG;IACH,cAAc,CAAC,IAAc;QAC3B,MAAM,OAAO,GAAG,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;QAEnD,MAAM,WAAW,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE;YACjD,SAAS,EAAE,IAAI,CAAC,iBAAwB;YACxC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;SACzB,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,GAAG,UAAU,EAAE;YAC/D,SAAS,EAAE,IAAI,CAAC,kBAAyB;YACzC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;SACzB,CAAC,CAAC;QAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;IACvC,CAAC;IAED;;;OAGG;IACH,iBAAiB,CAAC,KAAa;QAC7B,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAQ,CAAC;QACtD,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC;IAC9D,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,YAAoB;QAChC,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,GAAG,UAAU,CAAQ,CAAC;QAC1E,OAAO,IAAI,CAAC,cAAc,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IACvE,CAAC;CACF"}

package/dist/auth/AuthServiceProvider.d.ts

@@ -0,0 +1,41 @@
+import type { SabiAuthConfig } from '../types.js';
+export declare const AUTH_SERVICE: unique symbol;
+/**
+ * Registers auth services with the DI container.
+ *
+ * Works with any DI container that exposes `bindFactory` and `make`.
+ *
+ * @example
+ * // bootstrap/app.ts
+ * export class AppAuthServiceProvider extends ServiceProvider {
+ *   private authProvider!: AuthServiceProvider;
+ *
+ *   register() {
+ *     this.authProvider = new AuthServiceProvider(this.app, {
+ *       secret: process.env.APP_SECRET!,
+ *       accessTokenExpiry: '15m',
+ *       refreshTokenExpiry: '7d',
+ *     });
+ *     this.authProvider.register();
+ *   }
+ *
+ *   boot() { this.authProvider.boot(); }
+ * }
+ */
+export declare class AuthServiceProvider {
+    private readonly app;
+    private readonly config;
+    constructor(app: any, config: SabiAuthConfig);
+    register(): void;
+    /**
+     * Returns a ready-to-use `authenticate` middleware bound to the registered AuthService.
+     * Call after `boot()` when you need a guard reference.
+     *
+     * @example
+     * const guard = authProvider.guard();
+     * Route.group('/api', [guard], () => { ... });
+     */
+    guard(): (req: import("express").Request, res: import("express").Response, next: import("express").NextFunction) => void;
+    boot(): void;
+}
+//# sourceMappingURL=AuthServiceProvider.d.ts.map

package/dist/auth/AuthServiceProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthServiceProvider.d.ts","sourceRoot":"","sources":["../../src/auth/AuthServiceProvider.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAIlD,eAAO,MAAM,YAAY,eAAwB,CAAC;AAIlD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,mBAAmB;IAE5B,OAAO,CAAC,QAAQ,CAAC,GAAG;IACpB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,GAAG,EAAE,GAAG,EACR,MAAM,EAAE,cAAc;IAGzC,QAAQ,IAAI,IAAI;IAQhB;;;;;;;OAOG;IACH,KAAK;IAKL,IAAI,IAAI,IAAI;CAGb"}

package/dist/auth/AuthServiceProvider.js

@@ -0,0 +1,54 @@
+import { AuthService } from './AuthService.js';
+import { authenticate } from './AuthGuard.js';
+// ─── Symbols ──────────────────────────────────────────────────────────────────
+export const AUTH_SERVICE = Symbol('AuthService');
+// ─── AuthServiceProvider ──────────────────────────────────────────────────────
+/**
+ * Registers auth services with the DI container.
+ *
+ * Works with any DI container that exposes `bindFactory` and `make`.
+ *
+ * @example
+ * // bootstrap/app.ts
+ * export class AppAuthServiceProvider extends ServiceProvider {
+ *   private authProvider!: AuthServiceProvider;
+ *
+ *   register() {
+ *     this.authProvider = new AuthServiceProvider(this.app, {
+ *       secret: process.env.APP_SECRET!,
+ *       accessTokenExpiry: '15m',
+ *       refreshTokenExpiry: '7d',
+ *     });
+ *     this.authProvider.register();
+ *   }
+ *
+ *   boot() { this.authProvider.boot(); }
+ * }
+ */
+export class AuthServiceProvider {
+    app;
+    config;
+    constructor(app, config) {
+        this.app = app;
+        this.config = config;
+    }
+    register() {
+        this.app.bindFactory(AUTH_SERVICE, () => new AuthService(this.config), true);
+    }
+    /**
+     * Returns a ready-to-use `authenticate` middleware bound to the registered AuthService.
+     * Call after `boot()` when you need a guard reference.
+     *
+     * @example
+     * const guard = authProvider.guard();
+     * Route.group('/api', [guard], () => { ... });
+     */
+    guard() {
+        const authService = this.app.make(AUTH_SERVICE);
+        return authenticate(authService);
+    }
+    boot() {
+        // nothing to boot — AuthService is stateless
+    }
+}
+//# sourceMappingURL=AuthServiceProvider.js.map

package/dist/auth/AuthServiceProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthServiceProvider.js","sourceRoot":"","sources":["../../src/auth/AuthServiceProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAG9C,iFAAiF;AAEjF,MAAM,CAAC,MAAM,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC;AAElD,iFAAiF;AAEjF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,OAAO,mBAAmB;IAEX;IACA;IAFnB,YACmB,GAAQ,EACR,MAAsB;QADtB,QAAG,GAAH,GAAG,CAAK;QACR,WAAM,GAAN,MAAM,CAAgB;IACtC,CAAC;IAEJ,QAAQ;QACN,IAAI,CAAC,GAAG,CAAC,WAAW,CAClB,YAAY,EACZ,GAAG,EAAE,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,EAClC,IAAI,CACL,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACH,KAAK;QACH,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAgB,CAAC;QAC/D,OAAO,YAAY,CAAC,WAAW,CAAC,CAAC;IACnC,CAAC;IAED,IAAI;QACF,6CAA6C;IAC/C,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export { AuthService } from './auth/AuthService.js';
+export { authenticate } from './auth/AuthGuard.js';
+export { AuthServiceProvider, AUTH_SERVICE } from './auth/AuthServiceProvider.js';
+export type { SabiAuthConfig, AuthUser, TokenPair } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAClF,YAAY,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,4 @@
+export { AuthService } from './auth/AuthService.js';
+export { authenticate } from './auth/AuthGuard.js';
+export { AuthServiceProvider, AUTH_SERVICE } from './auth/AuthServiceProvider.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Configuration for @owujib/sabi-auth.
+ *
+ * @example
+ * const config: SabiAuthConfig = {
+ *   secret: process.env.APP_SECRET!,
+ *   accessTokenExpiry:  '15m',
+ *   refreshTokenExpiry: '7d',
+ * };
+ */
+export interface SabiAuthConfig {
+    /** Secret used to sign tokens. Use a long random string in production. */
+    secret: string;
+    /** How long access tokens are valid. Default: '15m' */
+    accessTokenExpiry?: string;
+    /** How long refresh tokens are valid. Default: '7d' */
+    refreshTokenExpiry?: string;
+    /** bcrypt cost factor. Higher = slower but more secure. Default: 12 */
+    saltRounds?: number;
+}
+/**
+ * The authenticated user payload stored inside a token and attached to the request.
+ * Extend this with your own fields via declaration merging if needed.
+ */
+export interface AuthUser {
+    id: number | string;
+    email: string;
+    [key: string]: unknown;
+}
+/**
+ * A pair of access and refresh tokens returned on login or token refresh.
+ */
+export interface TokenPair {
+    accessToken: string;
+    refreshToken: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA;;;;;;;;;GASG;AACH,MAAM,WAAW,cAAc;IAC7B,0EAA0E;IAC1E,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,uDAAuD;IACvD,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB"}

package/dist/types.js

@@ -0,0 +1,3 @@
+// ─── Developer-facing types ───────────────────────────────────────────────────
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,iFAAiF"}

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "@owujib/sabi-auth",
+  "version": "0.0.1",
+  "description": "Authentication package for the Sabi framework — JWT tokens, password hashing, and route guards",
+  "keywords": [
+    "auth",
+    "jwt",
+    "sabi",
+    "typescript",
+    "nodejs"
+  ],
+  "homepage": "https://github.com/owujib/sabi#readme",
+  "bugs": {
+    "url": "https://github.com/owujib/sabi/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/owujib/sabi.git"
+  },
+  "license": "ISC",
+  "author": "owujib",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "prepublishOnly": "npm run build",
+    "publish:public": "npm publish --access public"
+  },
+  "dependencies": {
+    "bcryptjs": "^2.4.3",
+    "jsonwebtoken": "^9.0.2"
+  },
+  "devDependencies": {
+    "@types/bcryptjs": "^2.4.6",
+    "@types/express": "^5.0.6",
+    "@types/jsonwebtoken": "^9.0.7",
+    "@types/node": "^20.0.0",
+    "typescript": "^5.0.0"
+  },
+  "peerDependencies": {
+    "@owujib/sabi": ">=0.0.1"
+  }
+}