@parsrun/auth 0.1.0

package/dist/jwt-manager-CH8H0kmm.d.ts

@@ -0,0 +1,182 @@
+import * as jose from 'jose';
+
+/**
+ * JWT Manager with Key Rotation Support
+ * Uses jose library for multi-runtime compatibility (Node, Deno, CF Workers, Bun)
+ */
+
+/**
+ * JWT configuration
+ */
+interface JwtConfig {
+    /** Secret key for signing tokens */
+    secret: string;
+    /** Token issuer */
+    issuer: string;
+    /** Token audience */
+    audience: string;
+    /** Access token TTL (e.g., '15m', '1h') */
+    accessTokenTTL?: string;
+    /** Refresh token TTL (e.g., '7d', '12h') */
+    refreshTokenTTL?: string;
+    /** Previous secrets for key rotation */
+    previousSecrets?: string[];
+    /** Current key version */
+    keyVersion?: number;
+}
+/**
+ * JWT payload structure
+ */
+interface JwtPayload {
+    /** User ID */
+    sub: string;
+    /** Tenant ID */
+    tid?: string;
+    /** Session ID */
+    sid?: string;
+    /** Issued at timestamp */
+    iat: number;
+    /** Expiration timestamp */
+    exp: number;
+    /** Issuer */
+    iss: string;
+    /** Audience */
+    aud: string | string[];
+    /** User roles */
+    roles?: string[];
+    /** User permissions */
+    permissions?: string[];
+    /** Additional claims */
+    [key: string]: unknown;
+}
+/**
+ * Token pair (access + refresh)
+ */
+interface TokenPair {
+    accessToken: string;
+    refreshToken: string;
+    accessExpiresAt: Date;
+    refreshExpiresAt: Date;
+}
+/**
+ * Key rotation result
+ */
+interface KeyRotationResult {
+    previousSecret: string;
+    newSecret: string;
+    keyVersion: number;
+    rotatedAt: Date;
+}
+/**
+ * Parse duration string to seconds
+ * Supports: s (seconds), m (minutes), h (hours), d (days), w (weeks)
+ */
+declare function parseDuration(duration: string): number;
+/**
+ * JWT Manager
+ * Handles token generation, verification, and key rotation
+ */
+declare class JwtManager {
+    private secret;
+    private previousSecrets;
+    private config;
+    private keyVersion;
+    constructor(config: JwtConfig);
+    /**
+     * Get current key version
+     */
+    getKeyVersion(): number;
+    /**
+     * Rotate the signing key
+     * Moves current secret to previousSecrets and sets new secret
+     */
+    rotateKey(newSecret: string, options?: {
+        maxPreviousSecrets?: number;
+    }): KeyRotationResult;
+    /**
+     * Get current configuration (for persistence)
+     */
+    getConfig(): JwtConfig;
+    /**
+     * Generate access token
+     */
+    generateAccessToken(payload: {
+        userId: string;
+        tenantId?: string;
+        sessionId?: string;
+        roles?: string[];
+        permissions?: string[];
+        claims?: Record<string, unknown>;
+    }): Promise<{
+        token: string;
+        expiresAt: Date;
+    }>;
+    /**
+     * Generate refresh token
+     */
+    generateRefreshToken(payload: {
+        userId: string;
+        tenantId?: string;
+        sessionId?: string;
+    }): Promise<{
+        token: string;
+        expiresAt: Date;
+    }>;
+    /**
+     * Generate token pair (access + refresh)
+     */
+    generateTokenPair(payload: {
+        userId: string;
+        tenantId?: string;
+        sessionId?: string;
+        roles?: string[];
+        permissions?: string[];
+        claims?: Record<string, unknown>;
+    }): Promise<TokenPair>;
+    /**
+     * Verify access token
+     * Tries current secret first, then falls back to previous secrets for graceful rotation
+     */
+    verifyAccessToken(token: string): Promise<JwtPayload>;
+    /**
+     * Verify refresh token
+     */
+    verifyRefreshToken(token: string): Promise<{
+        userId: string;
+        tenantId?: string;
+        sessionId?: string;
+    }>;
+    /**
+     * Decode token without verification (for inspection)
+     */
+    decodeToken(token: string): jose.JWTPayload | null;
+    /**
+     * Check if token is expired (without signature verification)
+     */
+    isTokenExpired(token: string): boolean;
+    /**
+     * Get token expiration date (without signature verification)
+     */
+    getTokenExpiration(token: string): Date | null;
+    /**
+     * Get time until token expires in seconds
+     */
+    getTokenTTL(token: string): number;
+}
+/**
+ * JWT Error class
+ */
+declare class JwtError extends Error {
+    readonly code: 'TOKEN_EXPIRED' | 'INVALID_TOKEN' | 'INVALID_TOKEN_TYPE' | 'VERIFICATION_FAILED';
+    constructor(message: string, code: 'TOKEN_EXPIRED' | 'INVALID_TOKEN' | 'INVALID_TOKEN_TYPE' | 'VERIFICATION_FAILED');
+}
+/**
+ * Extract token from Authorization header
+ */
+declare function extractBearerToken(authHeader: string | null | undefined): string | null;
+/**
+ * Create a JwtManager instance
+ */
+declare function createJwtManager(config: JwtConfig): JwtManager;
+
+export { JwtManager as J, type KeyRotationResult as K, type TokenPair as T, JwtError as a, type JwtConfig as b, createJwtManager as c, type JwtPayload as d, extractBearerToken as e, parseDuration as p };

package/dist/providers/index.d.ts

@@ -0,0 +1,90 @@
+import { A as AuthProvider, P as ProviderType, a as ProviderInfo, O as OAuthProvider, T as TwoFactorProvider } from '../base-BKyR8rcE.js';
+export { b as AuthInput, c as AuthResult, B as BaseProvider, f as OAuthUserInfo, e as TwoFactorSetupResult, V as VerifyInput, d as VerifyResult } from '../base-BKyR8rcE.js';
+import '../types-DSjafxJ4.js';
+
+/**
+ * Provider Registry
+ * Manages authentication providers
+ */
+
+/**
+ * Provider registry for managing auth providers
+ */
+declare class ProviderRegistry {
+    private providers;
+    /**
+     * Register a provider
+     */
+    register(provider: AuthProvider): void;
+    /**
+     * Unregister a provider
+     */
+    unregister(name: string): boolean;
+    /**
+     * Get a provider by name
+     */
+    get(name: string): AuthProvider | undefined;
+    /**
+     * Get a provider by name (throws if not found)
+     */
+    getOrThrow(name: string): AuthProvider;
+    /**
+     * Check if a provider is registered
+     */
+    has(name: string): boolean;
+    /**
+     * Get all providers of a specific type
+     */
+    getByType(type: ProviderType): AuthProvider[];
+    /**
+     * Get all enabled providers
+     */
+    getEnabled(): AuthProvider[];
+    /**
+     * Get all enabled providers of a specific type
+     */
+    getEnabledByType(type: ProviderType): AuthProvider[];
+    /**
+     * Get all registered providers
+     */
+    getAll(): AuthProvider[];
+    /**
+     * Get provider names
+     */
+    getNames(): string[];
+    /**
+     * Get provider info for all providers
+     */
+    getInfo(): ProviderInfo[];
+    /**
+     * Get OAuth providers
+     */
+    getOAuthProviders(): OAuthProvider[];
+    /**
+     * Get 2FA providers
+     */
+    getTwoFactorProviders(): TwoFactorProvider[];
+    /**
+     * Check if a provider type is enabled
+     */
+    isTypeEnabled(type: ProviderType): boolean;
+    /**
+     * Get the primary authentication provider
+     * Returns the first enabled provider in order: otp > magic-link > oauth > password
+     */
+    getPrimary(): AuthProvider | undefined;
+    /**
+     * Clear all providers
+     */
+    clear(): void;
+    /**
+     * Get provider count
+     */
+    get size(): number;
+}
+/**
+ * Create a new provider registry
+ */
+declare function createProviderRegistry(): ProviderRegistry;
+
+export { AuthProvider, OAuthProvider, ProviderInfo, ProviderRegistry, ProviderType, TwoFactorProvider, createProviderRegistry };

package/dist/providers/index.js

@@ -0,0 +1,3 @@
+export { BaseProvider, ProviderRegistry, createProviderRegistry } from '../chunk-G5I3T73A.js';
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/providers/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"names":[],"mappings":"","file":"index.js"}

package/dist/providers/otp/index.d.ts

@@ -0,0 +1,3 @@
+import '../../types-DSjafxJ4.js';
+import '../../base-BKyR8rcE.js';
+export { e as OTPConfig, a as OTPManager, O as OTPProvider, R as RequestOTPInput, d as RequestOTPResult, b as createOTPManager, c as createOTPProvider } from '../../index-C3kz9XqE.js';

package/dist/providers/otp/index.js

@@ -0,0 +1,4 @@
+export { OTPManager, OTPProvider, createOTPManager, createOTPProvider } from '../../chunk-IB4WUQDZ.js';
+import '../../chunk-42MGHABB.js';
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/providers/otp/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"names":[],"mappings":"","file":"index.js"}

package/dist/redis-5TIS6XCA.js

@@ -0,0 +1,121 @@
+// src/storage/redis.ts
+var RedisStorage = class {
+  client;
+  prefix;
+  constructor(client, prefix) {
+    this.client = client;
+    this.prefix = prefix ?? "";
+  }
+  getKey(key) {
+    return this.prefix ? `${this.prefix}:${key}` : key;
+  }
+  async get(key) {
+    const fullKey = this.getKey(key);
+    const value = await this.client.get(fullKey);
+    if (value === null) return null;
+    try {
+      return JSON.parse(value);
+    } catch {
+      return value;
+    }
+  }
+  async set(key, value, ttl) {
+    const fullKey = this.getKey(key);
+    const serialized = JSON.stringify(value);
+    if (ttl) {
+      await this.client.set(fullKey, serialized, "EX", ttl);
+    } else {
+      await this.client.set(fullKey, serialized);
+    }
+  }
+  async delete(key) {
+    const fullKey = this.getKey(key);
+    await this.client.del(fullKey);
+  }
+  async has(key) {
+    const fullKey = this.getKey(key);
+    const exists = await this.client.exists(fullKey);
+    return exists > 0;
+  }
+  async getMany(keys) {
+    if (keys.length === 0) return [];
+    const fullKeys = keys.map((k) => this.getKey(k));
+    const values = await this.client.mget(...fullKeys);
+    return values.map((value) => {
+      if (value === null) return null;
+      try {
+        return JSON.parse(value);
+      } catch {
+        return value;
+      }
+    });
+  }
+  async setMany(entries) {
+    await Promise.all(
+      entries.map(([key, value, ttl]) => this.set(key, value, ttl))
+    );
+  }
+  async deleteMany(keys) {
+    if (keys.length === 0) return;
+    const fullKeys = keys.map((k) => this.getKey(k));
+    await this.client.del(fullKeys);
+  }
+  async keys(pattern) {
+    const searchPattern = pattern ? this.getKey(pattern) : this.prefix ? `${this.prefix}:*` : "*";
+    const keys = await this.client.keys(searchPattern);
+    const prefixLength = this.prefix ? this.prefix.length + 1 : 0;
+    return keys.map((k) => prefixLength ? k.slice(prefixLength) : k);
+  }
+  async clear() {
+    if (this.prefix) {
+      const keys = await this.client.keys(`${this.prefix}:*`);
+      if (keys.length > 0) {
+        await this.client.del(keys);
+      }
+    } else {
+      console.warn(
+        "[Pars Auth] Cannot clear Redis storage without prefix. Use Redis FLUSHDB command directly if needed."
+      );
+    }
+  }
+  async close() {
+    if (this.client.quit) {
+      await this.client.quit();
+    } else if (this.client.disconnect) {
+      await this.client.disconnect();
+    }
+  }
+};
+async function createRedisClientFromUrl(url) {
+  try {
+    const { Redis } = await import('ioredis');
+    return new Redis(url);
+  } catch {
+  }
+  try {
+    const { Redis } = await import('@upstash/redis');
+    const client = new Redis({ url, token: "" });
+    return client;
+  } catch {
+  }
+  throw new Error(
+    '[Pars Auth] No Redis client available. Install either "ioredis" or "@upstash/redis"'
+  );
+}
+async function createRedisStorage(config) {
+  let client;
+  if (config.client) {
+    client = config.client;
+  } else if (config.url) {
+    client = await createRedisClientFromUrl(config.url);
+  } else {
+    throw new Error(
+      "[Pars Auth] Redis storage requires either url or client configuration"
+    );
+  }
+  return new RedisStorage(client, config.prefix);
+}
+
+export { RedisStorage, createRedisStorage };
+//# sourceMappingURL=redis-5TIS6XCA.js.map
+//# sourceMappingURL=redis-5TIS6XCA.js.map

package/dist/redis-5TIS6XCA.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/storage/redis.ts"],"names":[],"mappings":";AA0BO,IAAM,eAAN,MAAwC;AAAA,EACrC,MAAA;AAAA,EACS,MAAA;AAAA,EAEjB,WAAA,CAAY,QAAqB,MAAA,EAAiB;AAChD,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,SAAS,MAAA,IAAU,EAAA;AAAA,EAC1B;AAAA,EAEQ,OAAO,GAAA,EAAqB;AAClC,IAAA,OAAO,KAAK,MAAA,GAAS,CAAA,EAAG,KAAK,MAAM,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA,GAAK,GAAA;AAAA,EACjD;AAAA,EAEA,MAAM,IAAiB,GAAA,EAAgC;AACrD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,MAAA,CAAO,GAAG,CAAA;AAC/B,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,MAAA,CAAO,IAAI,OAAO,CAAA;AAE3C,IAAA,IAAI,KAAA,KAAU,MAAM,OAAO,IAAA;AAE3B,IAAA,IAAI;AACF,MAAA,OAAO,IAAA,CAAK,MAAM,KAAK,CAAA;AAAA,IACzB,CAAA,CAAA,MAAQ;AAEN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,GAAA,CAAiB,GAAA,EAAa,KAAA,EAAU,GAAA,EAA6B;AACzE,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,MAAA,CAAO,GAAG,CAAA;AAC/B,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,SAAA,CAAU,KAAK,CAAA;AAEvC,IAAA,IAAI,GAAA,EAAK;AAEP,MAAA,MAAM,KAAK,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,UAAA,EAAY,MAAM,GAAG,CAAA;AAAA,IACtD,CAAA,MAAO;AACL,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,UAAU,CAAA;AAAA,IAC3C;AAAA,EACF;AAAA,EAEA,MAAM,OAAO,GAAA,EAA4B;AACvC,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,MAAA,CAAO,GAAG,CAAA;AAC/B,IAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA;AAAA,EAC/B;AAAA,EAEA,MAAM,IAAI,GAAA,EAA+B;AACvC,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,MAAA,CAAO,GAAG,CAAA;AAC/B,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAO,OAAO,OAAO,CAAA;AAC/C,IAAA,OAAO,MAAA,GAAS,CAAA;AAAA,EAClB;AAAA,EAEA,MAAM,QAAqB,IAAA,EAAuC;AAChE,IAAA,IAAI,IAAA,CAAK,MAAA,KAAW,CAAA,EAAG,OAAO,EAAC;AAE/B,IAAA,MAAM,QAAA,GAAW,KAAK,GAAA,CAAI,CAAC,MAAM,IAAA,CAAK,MAAA,CAAO,CAAC,CAAC,CAAA;AAC/C,IAAA,MAAM,SAAS,MAAM,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,GAAG,QAAQ,CAAA;AAEjD,IAAA,OAAO,MAAA,CAAO,GAAA,CAAI,CAAC,KAAA,KAAU;AAC3B,MAAA,IAAI,KAAA,KAAU,MAAM,OAAO,IAAA;AAC3B,MAAA,IAAI;AACF,QAAA,OAAO,IAAA,CAAK,MAAM,KAAK,CAAA;AAAA,MACzB,CAAA,CAAA,MAAQ;AACN,QAAA,OAAO,KAAA;AAAA,MACT;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,QACJ,OAAA,EACe;AAEf,IAAA,MAAM,OAAA,CAAQ,GAAA;AAAA,MACZ,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAC,GAAA,EAAK,KAAA,EAAO,GAAG,CAAA,KAAM,IAAA,CAAK,GAAA,CAAI,GAAA,EAAK,KAAA,EAAO,GAAG,CAAC;AAAA,KAC9D;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,IAAA,EAA+B;AAC9C,IAAA,IAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AAEvB,IAAA,MAAM,QAAA,GAAW,KAAK,GAAA,CAAI,CAAC,MAAM,IAAA,CAAK,MAAA,CAAO,CAAC,CAAC,CAAA;AAC/C,IAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,QAAQ,CAAA;AAAA,EAChC;AAAA,EAEA,MAAM,KAAK,OAAA,EAAqC;AAC9C,IAAA,MAAM,aAAA,GAAgB,OAAA,GAClB,IAAA,CAAK,MAAA,CAAO,OAAO,CAAA,GACnB,IAAA,CAAK,MAAA,GACH,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,EAAA,CAAA,GACd,GAAA;AAEN,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,MAAA,CAAO,KAAK,aAAa,CAAA;AACjD,IAAA,MAAM,eAAe,IAAA,CAAK,MAAA,GAAS,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA,GAAI,CAAA;AAE5D,IAAA,OAAO,IAAA,CAAK,IAAI,CAAC,CAAA,KAAO,eAAe,CAAA,CAAE,KAAA,CAAM,YAAY,CAAA,GAAI,CAAE,CAAA;AAAA,EACnE;AAAA,EAEA,MAAM,KAAA,GAAuB;AAC3B,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,EAAA,CAAI,CAAA;AACtD,MAAA,IAAI,IAAA,CAAK,SAAS,CAAA,EAAG;AACnB,QAAA,MAAM,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,IAAI,CAAA;AAAA,MAC5B;AAAA,IACF,CAAA,MAAO;AACL,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,KAAA,GAAuB;AAC3B,IAAA,IAAI,IAAA,CAAK,OAAO,IAAA,EAAM;AACpB,MAAA,MAAM,IAAA,CAAK,OAAO,IAAA,EAAK;AAAA,IACzB,CAAA,MAAA,IAAW,IAAA,CAAK,MAAA,CAAO,UAAA,EAAY;AACjC,MAAA,MAAM,IAAA,CAAK,OAAO,UAAA,EAAW;AAAA,IAC/B;AAAA,EACF;AACF;AAMA,eAAe,yBAAyB,GAAA,EAAmC;AAEzE,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,KAAA,EAAM,GAAI,MAAM,OAAO,SAAS,CAAA;AACxC,IAAA,OAAO,IAAI,MAAM,GAAG,CAAA;AAAA,EACtB,CAAA,CAAA,MAAQ;AAAA,EAER;AAGA,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,KAAA,EAAM,GAAI,MAAM,OAAO,gBAAgB,CAAA;AAI/C,IAAA,MAAM,SAAS,IAAI,KAAA,CAAM,EAAE,GAAA,EAAK,KAAA,EAAO,IAAW,CAAA;AAClD,IAAA,OAAO,MAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,MAAM,IAAI,KAAA;AAAA,IACR;AAAA,GACF;AACF;AAsBA,eAAsB,mBACpB,MAAA,EACoB;AACpB,EAAA,IAAI,MAAA;AAEJ,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,MAAA,GAAS,MAAA,CAAO,MAAA;AAAA,EAClB,CAAA,MAAA,IAAW,OAAO,GAAA,EAAK;AACrB,IAAA,MAAA,GAAS,MAAM,wBAAA,CAAyB,MAAA,CAAO,GAAG,CAAA;AAAA,EACpD,CAAA,MAAO;AACL,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,IAAI,YAAA,CAAa,MAAA,EAAQ,MAAA,CAAO,MAAM,CAAA;AAC/C","file":"redis-5TIS6XCA.js","sourcesContent":["/**\n * Redis KV Storage adapter\n * Supports both ioredis and Upstash Redis\n */\n\nimport type { KVStorage, RedisConfig } from './types.js';\n\n/**\n * Generic Redis client interface\n * Compatible with both ioredis and Upstash Redis\n */\ninterface RedisClient {\n  get(key: string): Promise<string | null>;\n  set(key: string, value: string, ...args: unknown[]): Promise<unknown>;\n  del(key: string | string[]): Promise<number>;\n  exists(key: string | string[]): Promise<number>;\n  keys(pattern: string): Promise<string[]>;\n  mget(...keys: string[]): Promise<(string | null)[]>;\n  expire(key: string, seconds: number): Promise<number>;\n  quit?(): Promise<unknown>;\n  disconnect?(): Promise<void>;\n}\n\n/**\n * Redis storage adapter\n */\nexport class RedisStorage implements KVStorage {\n  private client: RedisClient;\n  private readonly prefix: string;\n\n  constructor(client: RedisClient, prefix?: string) {\n    this.client = client;\n    this.prefix = prefix ?? '';\n  }\n\n  private getKey(key: string): string {\n    return this.prefix ? `${this.prefix}:${key}` : key;\n  }\n\n  async get<T = unknown>(key: string): Promise<T | null> {\n    const fullKey = this.getKey(key);\n    const value = await this.client.get(fullKey);\n\n    if (value === null) return null;\n\n    try {\n      return JSON.parse(value) as T;\n    } catch {\n      // Return as string if not valid JSON\n      return value as unknown as T;\n    }\n  }\n\n  async set<T = unknown>(key: string, value: T, ttl?: number): Promise<void> {\n    const fullKey = this.getKey(key);\n    const serialized = JSON.stringify(value);\n\n    if (ttl) {\n      // Use EX for seconds TTL\n      await this.client.set(fullKey, serialized, 'EX', ttl);\n    } else {\n      await this.client.set(fullKey, serialized);\n    }\n  }\n\n  async delete(key: string): Promise<void> {\n    const fullKey = this.getKey(key);\n    await this.client.del(fullKey);\n  }\n\n  async has(key: string): Promise<boolean> {\n    const fullKey = this.getKey(key);\n    const exists = await this.client.exists(fullKey);\n    return exists > 0;\n  }\n\n  async getMany<T = unknown>(keys: string[]): Promise<(T | null)[]> {\n    if (keys.length === 0) return [];\n\n    const fullKeys = keys.map((k) => this.getKey(k));\n    const values = await this.client.mget(...fullKeys);\n\n    return values.map((value) => {\n      if (value === null) return null;\n      try {\n        return JSON.parse(value) as T;\n      } catch {\n        return value as unknown as T;\n      }\n    });\n  }\n\n  async setMany<T = unknown>(\n    entries: Array<[key: string, value: T, ttl?: number]>\n  ): Promise<void> {\n    // Redis doesn't have native MSET with TTL, so we use individual sets\n    await Promise.all(\n      entries.map(([key, value, ttl]) => this.set(key, value, ttl))\n    );\n  }\n\n  async deleteMany(keys: string[]): Promise<void> {\n    if (keys.length === 0) return;\n\n    const fullKeys = keys.map((k) => this.getKey(k));\n    await this.client.del(fullKeys);\n  }\n\n  async keys(pattern?: string): Promise<string[]> {\n    const searchPattern = pattern\n      ? this.getKey(pattern)\n      : this.prefix\n        ? `${this.prefix}:*`\n        : '*';\n\n    const keys = await this.client.keys(searchPattern);\n    const prefixLength = this.prefix ? this.prefix.length + 1 : 0;\n\n    return keys.map((k) => (prefixLength ? k.slice(prefixLength) : k));\n  }\n\n  async clear(): Promise<void> {\n    if (this.prefix) {\n      const keys = await this.client.keys(`${this.prefix}:*`);\n      if (keys.length > 0) {\n        await this.client.del(keys);\n      }\n    } else {\n      console.warn(\n        '[Pars Auth] Cannot clear Redis storage without prefix. Use Redis FLUSHDB command directly if needed.'\n      );\n    }\n  }\n\n  async close(): Promise<void> {\n    if (this.client.quit) {\n      await this.client.quit();\n    } else if (this.client.disconnect) {\n      await this.client.disconnect();\n    }\n  }\n}\n\n/**\n * Create Redis storage from URL\n * Dynamically imports ioredis or @upstash/redis\n */\nasync function createRedisClientFromUrl(url: string): Promise<RedisClient> {\n  // Try ioredis first (Node.js)\n  try {\n    const { Redis } = await import('ioredis');\n    return new Redis(url) as unknown as RedisClient;\n  } catch {\n    // ioredis not available\n  }\n\n  // Try @upstash/redis (Edge/Serverless)\n  try {\n    const { Redis } = await import('@upstash/redis');\n    // Upstash Redis v2+ accepts url and token as separate config\n    // Type assertion needed for compatibility with different Upstash versions\n    // eslint-disable-next-line @typescript-eslint/no-explicit-any\n    const client = new Redis({ url, token: '' } as any);\n    return client as unknown as RedisClient;\n  } catch {\n    // Upstash not available\n  }\n\n  throw new Error(\n    '[Pars Auth] No Redis client available. Install either \"ioredis\" or \"@upstash/redis\"'\n  );\n}\n\n/**\n * Create Redis storage adapter\n *\n * @example\n * ```ts\n * // With URL (auto-detects client)\n * const storage = await createRedisStorage({ url: 'redis://localhost:6379' });\n *\n * // With existing client\n * import Redis from 'ioredis';\n * const client = new Redis();\n * const storage = await createRedisStorage({ client });\n *\n * // With prefix\n * const storage = await createRedisStorage({\n *   url: 'redis://localhost:6379',\n *   prefix: 'pars:auth'\n * });\n * ```\n */\nexport async function createRedisStorage(\n  config: RedisConfig\n): Promise<KVStorage> {\n  let client: RedisClient;\n\n  if (config.client) {\n    client = config.client as RedisClient;\n  } else if (config.url) {\n    client = await createRedisClientFromUrl(config.url);\n  } else {\n    throw new Error(\n      '[Pars Auth] Redis storage requires either url or client configuration'\n    );\n  }\n\n  return new RedisStorage(client, config.prefix);\n}\n"]}