npm - @peterbud/nuxt-aegis - Versions diffs - 1.1.0-alpha - Mend

@peterbud/nuxt-aegis 1.1.0-alpha

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (134) hide show

package/README.md +166 -0
package/dist/module.d.mts +6 -0
package/dist/module.json +9 -0
package/dist/module.mjs +354 -0
package/dist/runtime/app/composables/useAuth.d.ts +85 -0
package/dist/runtime/app/composables/useAuth.js +187 -0
package/dist/runtime/app/middleware/auth-logged-in.d.ts +16 -0
package/dist/runtime/app/middleware/auth-logged-in.js +25 -0
package/dist/runtime/app/middleware/auth-logged-out.d.ts +20 -0
package/dist/runtime/app/middleware/auth-logged-out.js +17 -0
package/dist/runtime/app/pages/AuthCallback.d.vue.ts +3 -0
package/dist/runtime/app/pages/AuthCallback.vue +92 -0
package/dist/runtime/app/pages/AuthCallback.vue.d.ts +3 -0
package/dist/runtime/app/plugins/api.client.d.ts +11 -0
package/dist/runtime/app/plugins/api.client.js +92 -0
package/dist/runtime/app/plugins/api.server.d.ts +13 -0
package/dist/runtime/app/plugins/api.server.js +28 -0
package/dist/runtime/app/plugins/ssr-state.server.d.ts +2 -0
package/dist/runtime/app/plugins/ssr-state.server.js +13 -0
package/dist/runtime/app/router.options.d.ts +12 -0
package/dist/runtime/app/router.options.js +11 -0
package/dist/runtime/app/utils/logger.d.ts +18 -0
package/dist/runtime/app/utils/logger.js +48 -0
package/dist/runtime/app/utils/redirectValidation.d.ts +18 -0
package/dist/runtime/app/utils/redirectValidation.js +21 -0
package/dist/runtime/app/utils/routeMatching.d.ts +13 -0
package/dist/runtime/app/utils/routeMatching.js +10 -0
package/dist/runtime/app/utils/tokenStore.d.ts +24 -0
package/dist/runtime/app/utils/tokenStore.js +14 -0
package/dist/runtime/app/utils/tokenUtils.d.ts +17 -0
package/dist/runtime/app/utils/tokenUtils.js +4 -0
package/dist/runtime/server/middleware/auth.d.ts +6 -0
package/dist/runtime/server/middleware/auth.js +82 -0
package/dist/runtime/server/plugins/ssr-auth.d.ts +7 -0
package/dist/runtime/server/plugins/ssr-auth.js +82 -0
package/dist/runtime/server/providers/auth0.d.ts +12 -0
package/dist/runtime/server/providers/auth0.js +57 -0
package/dist/runtime/server/providers/github.d.ts +12 -0
package/dist/runtime/server/providers/github.js +44 -0
package/dist/runtime/server/providers/google.d.ts +12 -0
package/dist/runtime/server/providers/google.js +46 -0
package/dist/runtime/server/providers/mock.d.ts +37 -0
package/dist/runtime/server/providers/mock.js +129 -0
package/dist/runtime/server/providers/oauthBase.d.ts +72 -0
package/dist/runtime/server/providers/oauthBase.js +183 -0
package/dist/runtime/server/routes/impersonate.post.d.ts +21 -0
package/dist/runtime/server/routes/impersonate.post.js +68 -0
package/dist/runtime/server/routes/logout.post.d.ts +9 -0
package/dist/runtime/server/routes/logout.post.js +24 -0
package/dist/runtime/server/routes/me.get.d.ts +6 -0
package/dist/runtime/server/routes/me.get.js +11 -0
package/dist/runtime/server/routes/mock/authorize.get.d.ts +29 -0
package/dist/runtime/server/routes/mock/authorize.get.js +103 -0
package/dist/runtime/server/routes/mock/token.post.d.ts +31 -0
package/dist/runtime/server/routes/mock/token.post.js +88 -0
package/dist/runtime/server/routes/mock/userinfo.get.d.ts +27 -0
package/dist/runtime/server/routes/mock/userinfo.get.js +59 -0
package/dist/runtime/server/routes/password/change.post.d.ts +4 -0
package/dist/runtime/server/routes/password/change.post.js +108 -0
package/dist/runtime/server/routes/password/login-verify.get.d.ts +2 -0
package/dist/runtime/server/routes/password/login-verify.get.js +79 -0
package/dist/runtime/server/routes/password/login.post.d.ts +4 -0
package/dist/runtime/server/routes/password/login.post.js +66 -0
package/dist/runtime/server/routes/password/register-verify.get.d.ts +2 -0
package/dist/runtime/server/routes/password/register-verify.get.js +86 -0
package/dist/runtime/server/routes/password/register.post.d.ts +4 -0
package/dist/runtime/server/routes/password/register.post.js +87 -0
package/dist/runtime/server/routes/password/reset-complete.post.d.ts +4 -0
package/dist/runtime/server/routes/password/reset-complete.post.js +75 -0
package/dist/runtime/server/routes/password/reset-request.post.d.ts +5 -0
package/dist/runtime/server/routes/password/reset-request.post.js +52 -0
package/dist/runtime/server/routes/password/reset-verify.get.d.ts +2 -0
package/dist/runtime/server/routes/password/reset-verify.get.js +50 -0
package/dist/runtime/server/routes/refresh.post.d.ts +8 -0
package/dist/runtime/server/routes/refresh.post.js +102 -0
package/dist/runtime/server/routes/token.post.d.ts +28 -0
package/dist/runtime/server/routes/token.post.js +90 -0
package/dist/runtime/server/routes/unimpersonate.post.d.ts +16 -0
package/dist/runtime/server/routes/unimpersonate.post.js +65 -0
package/dist/runtime/server/tsconfig.json +3 -0
package/dist/runtime/server/utils/auth.d.ts +94 -0
package/dist/runtime/server/utils/auth.js +54 -0
package/dist/runtime/server/utils/authCodeStore.d.ts +137 -0
package/dist/runtime/server/utils/authCodeStore.js +123 -0
package/dist/runtime/server/utils/cookies.d.ts +15 -0
package/dist/runtime/server/utils/cookies.js +23 -0
package/dist/runtime/server/utils/customClaims.d.ts +37 -0
package/dist/runtime/server/utils/customClaims.js +45 -0
package/dist/runtime/server/utils/handler.d.ts +77 -0
package/dist/runtime/server/utils/handler.js +7 -0
package/dist/runtime/server/utils/impersonation.d.ts +48 -0
package/dist/runtime/server/utils/impersonation.js +259 -0
package/dist/runtime/server/utils/jwt.d.ts +24 -0
package/dist/runtime/server/utils/jwt.js +77 -0
package/dist/runtime/server/utils/logger.d.ts +18 -0
package/dist/runtime/server/utils/logger.js +49 -0
package/dist/runtime/server/utils/magicCodeStore.d.ts +27 -0
package/dist/runtime/server/utils/magicCodeStore.js +66 -0
package/dist/runtime/server/utils/mockCodeStore.d.ts +89 -0
package/dist/runtime/server/utils/mockCodeStore.js +71 -0
package/dist/runtime/server/utils/password.d.ts +33 -0
package/dist/runtime/server/utils/password.js +48 -0
package/dist/runtime/server/utils/refreshToken.d.ts +74 -0
package/dist/runtime/server/utils/refreshToken.js +108 -0
package/dist/runtime/server/utils/resetSessionStore.d.ts +12 -0
package/dist/runtime/server/utils/resetSessionStore.js +29 -0
package/dist/runtime/tasks/cleanup/magic-codes.d.ts +10 -0
package/dist/runtime/tasks/cleanup/magic-codes.js +79 -0
package/dist/runtime/tasks/cleanup/refresh-tokens.d.ts +10 -0
package/dist/runtime/tasks/cleanup/refresh-tokens.js +55 -0
package/dist/runtime/tasks/cleanup/reset-sessions.d.ts +8 -0
package/dist/runtime/tasks/cleanup/reset-sessions.js +45 -0
package/dist/runtime/types/augmentation.d.ts +73 -0
package/dist/runtime/types/augmentation.js +0 -0
package/dist/runtime/types/authCode.d.ts +60 -0
package/dist/runtime/types/authCode.js +0 -0
package/dist/runtime/types/callbacks.d.ts +54 -0
package/dist/runtime/types/callbacks.js +0 -0
package/dist/runtime/types/config.d.ts +129 -0
package/dist/runtime/types/config.js +0 -0
package/dist/runtime/types/hooks.d.ts +118 -0
package/dist/runtime/types/hooks.js +0 -0
package/dist/runtime/types/index.d.ts +13 -0
package/dist/runtime/types/index.js +1 -0
package/dist/runtime/types/providers.d.ts +212 -0
package/dist/runtime/types/providers.js +0 -0
package/dist/runtime/types/refresh.d.ts +61 -0
package/dist/runtime/types/refresh.js +0 -0
package/dist/runtime/types/routes.d.ts +30 -0
package/dist/runtime/types/routes.js +0 -0
package/dist/runtime/types/token.d.ts +182 -0
package/dist/runtime/types/token.js +0 -0
package/dist/types.d.mts +7 -0
package/package.json +80 -0

package/dist/runtime/server/routes/mock/userinfo.get.js ADDED Viewed

@@ -0,0 +1,59 @@
+import { defineEventHandler, getHeader, createError } from "h3";
+import { useRuntimeConfig } from "#imports";
+import { getUserForMockToken } from "../../utils/mockCodeStore.js";
+import { createLogger } from "../../utils/logger.js";
+const logger = createLogger("MockUserInfo");
+export default defineEventHandler(async (event) => {
+  const runtimeConfig = useRuntimeConfig(event);
+  const mockConfig = runtimeConfig.nuxtAegis?.providers?.mock;
+  if (!mockConfig) {
+    throw createError({
+      statusCode: 500,
+      statusMessage: "Internal Server Error",
+      message: "[nuxt-aegis] Mock provider not configured"
+    });
+  }
+  const authHeader = getHeader(event, "authorization");
+  if (!authHeader) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Unauthorized",
+      message: "Missing authorization header"
+    });
+  }
+  if (!authHeader.startsWith("Bearer ")) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Unauthorized",
+      message: "Invalid authorization header format"
+    });
+  }
+  const accessToken = authHeader.substring(7);
+  if (!accessToken.startsWith("mock_aegis_access_")) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Unauthorized",
+      message: "Invalid access token"
+    });
+  }
+  const userId = getUserForMockToken(accessToken);
+  if (!userId) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Unauthorized",
+      message: "Invalid or expired access token"
+    });
+  }
+  const userData = mockConfig.mockUsers[userId];
+  if (!userData) {
+    throw createError({
+      statusCode: 500,
+      statusMessage: "Internal Server Error",
+      message: `[nuxt-aegis] Mock user '${userId}' not found in configuration`
+    });
+  }
+  logger.debug("UserInfo request returning user:", userId);
+  return {
+    ...userData
+  };
+});

package/dist/runtime/server/routes/password/change.post.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    success: boolean;
+}>>;
+export default _default;

package/dist/runtime/server/routes/password/change.post.js ADDED Viewed

@@ -0,0 +1,108 @@
+import { defineEventHandler, readBody, createError, getHeader, getCookie } from "h3";
+import { useRuntimeConfig } from "#imports";
+import { useAegisHandler } from "../../utils/handler.js";
+import { verifyToken } from "../../utils/jwt.js";
+import { verifyPassword, validatePasswordStrength, hashPassword, normalizeEmail } from "../../utils/password.js";
+import { deleteUserRefreshTokens, hashRefreshToken } from "../../utils/refreshToken.js";
+export default defineEventHandler(async (event) => {
+  const config = useRuntimeConfig();
+  const passwordConfig = config.nuxtAegis?.providers?.password;
+  if (!passwordConfig) {
+    throw createError({
+      statusCode: 404,
+      message: "Password provider is not configured"
+    });
+  }
+  const handler = useAegisHandler();
+  if (!handler?.password) {
+    throw createError({
+      statusCode: 500,
+      message: "Password handler is not implemented"
+    });
+  }
+  const authHeader = getHeader(event, "authorization");
+  if (!authHeader?.startsWith("Bearer ")) {
+    throw createError({
+      statusCode: 401,
+      message: "Authentication required"
+    });
+  }
+  const token = authHeader.substring(7);
+  const tokenConfig = config.nuxtAegis?.token;
+  if (!tokenConfig?.secret) {
+    throw createError({
+      statusCode: 500,
+      message: "Token secret is not configured"
+    });
+  }
+  const payload = await verifyToken(token, tokenConfig.secret).catch(() => {
+    throw createError({
+      statusCode: 401,
+      message: "Invalid token"
+    });
+  });
+  if (!payload) {
+    throw createError({
+      statusCode: 401,
+      message: "Invalid token payload"
+    });
+  }
+  const email = payload.email;
+  if (!email) {
+    throw createError({
+      statusCode: 401,
+      message: "Invalid token payload"
+    });
+  }
+  const body = await readBody(event);
+  const { currentPassword, newPassword } = body;
+  if (!currentPassword || !newPassword) {
+    throw createError({
+      statusCode: 400,
+      message: "Current and new password are required"
+    });
+  }
+  const normalizedEmail = normalizeEmail(email);
+  const user = await handler.password.findUser(normalizedEmail);
+  if (!user) {
+    throw createError({
+      statusCode: 404,
+      message: "User not found"
+    });
+  }
+  const isValidPassword = handler.password.verifyPassword ? await handler.password.verifyPassword(currentPassword, user.hashedPassword) : await verifyPassword(currentPassword, user.hashedPassword);
+  if (!isValidPassword) {
+    throw createError({
+      statusCode: 401,
+      message: "Current password is incorrect"
+    });
+  }
+  const passwordPolicy = passwordConfig.passwordPolicy || {};
+  const passwordValidation = handler.password.validatePassword ? await handler.password.validatePassword(newPassword) : validatePasswordStrength(newPassword, passwordPolicy);
+  if (passwordValidation !== true) {
+    let errors = ["Invalid password"];
+    if (Array.isArray(passwordValidation)) {
+      errors = passwordValidation;
+    } else if (typeof passwordValidation === "object" && passwordValidation !== null && "errors" in passwordValidation) {
+      errors = passwordValidation.errors;
+    }
+    throw createError({
+      statusCode: 400,
+      message: "New password does not meet requirements",
+      data: { errors }
+    });
+  }
+  const newHashedPassword = handler.password.hashPassword ? await handler.password.hashPassword(newPassword) : await hashPassword(newPassword);
+  await handler.password.upsertUser({
+    ...user,
+    hashedPassword: newHashedPassword
+  });
+  const refreshCookieName = config.nuxtAegis?.tokenRefresh?.cookie?.cookieName || "nuxt-aegis-refresh";
+  const currentRefreshToken = getCookie(event, refreshCookieName);
+  let currentTokenHash;
+  if (currentRefreshToken) {
+    currentTokenHash = hashRefreshToken(currentRefreshToken);
+  }
+  await deleteUserRefreshTokens(normalizedEmail, currentTokenHash, event);
+  return { success: true };
+});

package/dist/runtime/server/routes/password/login-verify.get.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<void>>;
2	+ export default _default;

package/dist/runtime/server/routes/password/login-verify.get.js ADDED Viewed

@@ -0,0 +1,79 @@
+import { defineEventHandler, getQuery, createError, sendRedirect } from "h3";
+import { useRuntimeConfig } from "#imports";
+import { createLogger } from "../../utils/logger.js";
+import { useAegisHandler } from "../../utils/handler.js";
+import { validateAndIncrementAttempts, retrieveAndDeleteMagicCode } from "../../utils/magicCodeStore.js";
+import { storeAuthCode, generateAuthCode } from "../../utils/authCodeStore.js";
+const logger = createLogger("PasswordLoginVerify");
+export default defineEventHandler(async (event) => {
+  const config = useRuntimeConfig();
+  const passwordConfig = config.nuxtAegis?.providers?.password;
+  if (!passwordConfig) {
+    throw createError({
+      statusCode: 404,
+      message: "Password provider is not configured"
+    });
+  }
+  const handler = useAegisHandler();
+  if (!handler?.password) {
+    throw createError({
+      statusCode: 500,
+      message: "Password handler is not implemented"
+    });
+  }
+  const query = getQuery(event);
+  const code = query.code;
+  if (!code) {
+    throw createError({
+      statusCode: 400,
+      message: "Verification code is required"
+    });
+  }
+  const magicCodeData = await validateAndIncrementAttempts(code);
+  if (!magicCodeData) {
+    throw createError({
+      statusCode: 400,
+      message: "Invalid or expired code"
+    });
+  }
+  if (magicCodeData.type !== "login") {
+    throw createError({
+      statusCode: 400,
+      message: "Invalid code type"
+    });
+  }
+  const { email } = magicCodeData;
+  try {
+    const user = await handler.password.findUser(email);
+    if (!user) {
+      throw createError({
+        statusCode: 404,
+        message: "User not found"
+      });
+    }
+    await retrieveAndDeleteMagicCode(code);
+    const providerUserInfo = {
+      sub: user.id || user.email,
+      provider: "password",
+      ...user
+    };
+    const authCode = generateAuthCode();
+    await storeAuthCode(
+      authCode,
+      providerUserInfo,
+      { access_token: "password_auth" },
+      "password",
+      void 0,
+      60,
+      event
+    );
+    const redirectUrl = `/auth/callback?code=${authCode}`;
+    return await sendRedirect(event, redirectUrl, 302);
+  } catch (error) {
+    logger.error("Login verification failed", error);
+    throw createError({
+      statusCode: 500,
+      message: "Login failed"
+    });
+  }
+});

package/dist/runtime/server/routes/password/login.post.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    success: boolean;
+}>>;
+export default _default;

package/dist/runtime/server/routes/password/login.post.js ADDED Viewed

@@ -0,0 +1,66 @@
+import { defineEventHandler, readBody, createError } from "h3";
+import { useRuntimeConfig } from "#imports";
+import { createLogger } from "../../utils/logger.js";
+import { useAegisHandler } from "../../utils/handler.js";
+import {
+  normalizeEmail,
+  verifyPassword,
+  obfuscateMagicCode
+} from "../../utils/password.js";
+import { storeMagicCode } from "../../utils/magicCodeStore.js";
+const logger = createLogger("PasswordLogin");
+export default defineEventHandler(async (event) => {
+  const config = useRuntimeConfig();
+  const passwordConfig = config.nuxtAegis?.providers?.password;
+  if (!passwordConfig) {
+    throw createError({
+      statusCode: 404,
+      message: "Password provider is not configured"
+    });
+  }
+  const handler = useAegisHandler();
+  if (!handler?.password) {
+    throw createError({
+      statusCode: 500,
+      message: "Password handler is not implemented"
+    });
+  }
+  const body = await readBody(event);
+  const { email, password } = body;
+  if (!email || !password) {
+    throw createError({
+      statusCode: 400,
+      message: "Email and password are required"
+    });
+  }
+  const normalizedEmail = normalizeEmail(email);
+  const user = await handler.password.findUser(normalizedEmail);
+  let isValidPassword = false;
+  if (user) {
+    isValidPassword = handler.password.verifyPassword ? await handler.password.verifyPassword(password, user.hashedPassword) : await verifyPassword(password, user.hashedPassword);
+  }
+  if (!user || !isValidPassword) {
+    throw createError({
+      statusCode: 401,
+      message: "Invalid email or password"
+    });
+  }
+  const code = await storeMagicCode(
+    normalizedEmail,
+    "login",
+    {},
+    passwordConfig.magicCodeTTL,
+    passwordConfig.magicCodeMaxAttempts
+  );
+  logger.debug(`Magic code generated for ${normalizedEmail}: ${obfuscateMagicCode(code)}`);
+  try {
+    await handler.password.sendVerificationCode(normalizedEmail, code, "login");
+  } catch (error) {
+    logger.error("Failed to send verification code", error);
+    throw createError({
+      statusCode: 500,
+      message: "Failed to send verification code"
+    });
+  }
+  return { success: true };
+});

package/dist/runtime/server/routes/password/register-verify.get.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<void>>;
2	+ export default _default;

package/dist/runtime/server/routes/password/register-verify.get.js ADDED Viewed

@@ -0,0 +1,86 @@
+import { defineEventHandler, getQuery, createError, sendRedirect } from "h3";
+import { useRuntimeConfig } from "#imports";
+import { createLogger } from "../../utils/logger.js";
+import { useAegisHandler } from "../../utils/handler.js";
+import { validateAndIncrementAttempts, retrieveAndDeleteMagicCode } from "../../utils/magicCodeStore.js";
+import { storeAuthCode, generateAuthCode } from "../../utils/authCodeStore.js";
+const logger = createLogger("PasswordRegisterVerify");
+export default defineEventHandler(async (event) => {
+  const config = useRuntimeConfig();
+  const passwordConfig = config.nuxtAegis?.providers?.password;
+  if (!passwordConfig) {
+    throw createError({
+      statusCode: 404,
+      message: "Password provider is not configured"
+    });
+  }
+  const handler = useAegisHandler();
+  if (!handler?.password) {
+    throw createError({
+      statusCode: 500,
+      message: "Password handler is not implemented"
+    });
+  }
+  const query = getQuery(event);
+  const code = query.code;
+  if (!code) {
+    throw createError({
+      statusCode: 400,
+      message: "Verification code is required"
+    });
+  }
+  const magicCodeData = await validateAndIncrementAttempts(code);
+  if (!magicCodeData) {
+    throw createError({
+      statusCode: 400,
+      message: "Invalid or expired code"
+    });
+  }
+  if (magicCodeData.type !== "register") {
+    throw createError({
+      statusCode: 400,
+      message: "Invalid code type"
+    });
+  }
+  const { email, hashedPassword } = magicCodeData;
+  if (!hashedPassword) {
+    throw createError({
+      statusCode: 500,
+      message: "Invalid code data"
+    });
+  }
+  try {
+    await handler.password.upsertUser({
+      email,
+      hashedPassword
+    });
+    const user = await handler.password.findUser(email);
+    if (!user) {
+      throw new Error("User not found after creation");
+    }
+    await retrieveAndDeleteMagicCode(code);
+    const providerUserInfo = {
+      sub: user.id || user.email,
+      provider: "password",
+      ...user
+    };
+    const authCode = generateAuthCode();
+    await storeAuthCode(
+      authCode,
+      providerUserInfo,
+      { access_token: "password_auth" },
+      "password",
+      void 0,
+      60,
+      event
+    );
+    const redirectUrl = `/auth/callback?code=${authCode}`;
+    return await sendRedirect(event, redirectUrl, 302);
+  } catch (error) {
+    logger.error("Registration verification failed", error);
+    throw createError({
+      statusCode: 500,
+      message: "Registration failed"
+    });
+  }
+});

package/dist/runtime/server/routes/password/register.post.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    success: boolean;
+}>>;
+export default _default;

package/dist/runtime/server/routes/password/register.post.js ADDED Viewed

@@ -0,0 +1,87 @@
+import { defineEventHandler, readBody, createError } from "h3";
+import { useRuntimeConfig } from "#imports";
+import { createLogger } from "../../utils/logger.js";
+import { useAegisHandler } from "../../utils/handler.js";
+import {
+  normalizeEmail,
+  validateEmailFormat,
+  validatePasswordStrength,
+  hashPassword,
+  obfuscateMagicCode
+} from "../../utils/password.js";
+import { storeMagicCode } from "../../utils/magicCodeStore.js";
+const logger = createLogger("PasswordRegister");
+export default defineEventHandler(async (event) => {
+  const config = useRuntimeConfig();
+  const passwordConfig = config.nuxtAegis?.providers?.password;
+  logger.debug("Register endpoint called");
+  if (!passwordConfig) {
+    logger.error("Password provider is not configured");
+    throw createError({
+      statusCode: 404,
+      message: "Password provider is not configured"
+    });
+  }
+  const handler = useAegisHandler();
+  if (!handler?.password) {
+    logger.error("Password handler is not implemented");
+    throw createError({
+      statusCode: 500,
+      message: "Password handler is not implemented"
+    });
+  }
+  const body = await readBody(event);
+  logger.debug("Request body:", body);
+  const { email, password } = body;
+  if (!email || !password) {
+    logger.error("Email or password missing", { email: !!email, password: !!password });
+    throw createError({
+      statusCode: 400,
+      message: "Email and password are required"
+    });
+  }
+  const normalizedEmail = normalizeEmail(email);
+  const emailValidation = validateEmailFormat(normalizedEmail);
+  if (!emailValidation.valid) {
+    throw createError({
+      statusCode: 400,
+      message: emailValidation.error
+    });
+  }
+  const passwordPolicy = passwordConfig.passwordPolicy || {};
+  const passwordValidation = handler.password.validatePassword ? await handler.password.validatePassword(password) : validatePasswordStrength(password, passwordPolicy);
+  if (passwordValidation !== true) {
+    const errors = Array.isArray(passwordValidation) ? passwordValidation : ["Invalid password"];
+    throw createError({
+      statusCode: 400,
+      message: "Password does not meet requirements",
+      data: { errors }
+    });
+  }
+  const existingUser = await handler.password.findUser(normalizedEmail);
+  if (existingUser) {
+    throw createError({
+      statusCode: 409,
+      message: "User already exists"
+    });
+  }
+  const hashedPassword = handler.password.hashPassword ? await handler.password.hashPassword(password) : await hashPassword(password);
+  const code = await storeMagicCode(
+    normalizedEmail,
+    "register",
+    { hashedPassword },
+    passwordConfig.magicCodeTTL,
+    passwordConfig.magicCodeMaxAttempts
+  );
+  logger.debug(`Magic code generated for ${normalizedEmail}: ${obfuscateMagicCode(code)}`);
+  try {
+    await handler.password.sendVerificationCode(normalizedEmail, code, "register");
+  } catch (error) {
+    logger.error("Failed to send verification code", error);
+    throw createError({
+      statusCode: 500,
+      message: "Failed to send verification code"
+    });
+  }
+  return { success: true };
+});

package/dist/runtime/server/routes/password/reset-complete.post.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    success: boolean;
+}>>;
+export default _default;

package/dist/runtime/server/routes/password/reset-complete.post.js ADDED Viewed

@@ -0,0 +1,75 @@
+import { defineEventHandler, readBody, createError } from "h3";
+import { useRuntimeConfig } from "#imports";
+import { createLogger } from "../../utils/logger.js";
+import { useAegisHandler } from "../../utils/handler.js";
+import { validateAndDeleteResetSession } from "../../utils/resetSessionStore.js";
+import { validatePasswordStrength, hashPassword } from "../../utils/password.js";
+const logger = createLogger("PasswordResetComplete");
+export default defineEventHandler(async (event) => {
+  const config = useRuntimeConfig();
+  const passwordConfig = config.nuxtAegis?.providers?.password;
+  if (!passwordConfig) {
+    throw createError({
+      statusCode: 404,
+      message: "Password provider is not configured"
+    });
+  }
+  const handler = useAegisHandler();
+  if (!handler?.password) {
+    throw createError({
+      statusCode: 500,
+      message: "Password handler is not implemented"
+    });
+  }
+  const body = await readBody(event);
+  const { sessionId, password } = body;
+  if (!sessionId || !password) {
+    throw createError({
+      statusCode: 400,
+      message: "Session ID and password are required"
+    });
+  }
+  const email = await validateAndDeleteResetSession(sessionId);
+  if (!email) {
+    throw createError({
+      statusCode: 400,
+      message: "Invalid or expired reset session"
+    });
+  }
+  const passwordPolicy = passwordConfig.passwordPolicy || {};
+  const passwordValidation = handler.password.validatePassword ? await handler.password.validatePassword(password) : validatePasswordStrength(password, passwordPolicy);
+  if (passwordValidation !== true) {
+    let errors = ["Invalid password"];
+    if (Array.isArray(passwordValidation)) {
+      errors = passwordValidation;
+    } else if (typeof passwordValidation === "object" && passwordValidation !== null && "errors" in passwordValidation) {
+      errors = passwordValidation.errors;
+    }
+    throw createError({
+      statusCode: 400,
+      message: "Password does not meet requirements",
+      data: { errors }
+    });
+  }
+  try {
+    const hashedPassword = handler.password.hashPassword ? await handler.password.hashPassword(password) : await hashPassword(password);
+    const user = await handler.password.findUser(email);
+    if (!user) {
+      throw createError({
+        statusCode: 404,
+        message: "User not found"
+      });
+    }
+    await handler.password.upsertUser({
+      ...user,
+      hashedPassword
+    });
+    return { success: true };
+  } catch (error) {
+    logger.error("Password reset failed", error);
+    throw createError({
+      statusCode: 500,
+      message: "Password reset failed"
+    });
+  }
+});

package/dist/runtime/server/routes/password/reset-request.post.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    success: boolean;
+    message: string;
+}>>;
+export default _default;

package/dist/runtime/server/routes/password/reset-request.post.js ADDED Viewed

@@ -0,0 +1,52 @@
+import { defineEventHandler, readBody, createError } from "h3";
+import { useRuntimeConfig } from "#imports";
+import { createLogger } from "../../utils/logger.js";
+import { useAegisHandler } from "../../utils/handler.js";
+import { normalizeEmail, obfuscateMagicCode } from "../../utils/password.js";
+import { storeMagicCode } from "../../utils/magicCodeStore.js";
+const logger = createLogger("PasswordResetRequest");
+export default defineEventHandler(async (event) => {
+  const config = useRuntimeConfig();
+  const passwordConfig = config.nuxtAegis?.providers?.password;
+  if (!passwordConfig) {
+    throw createError({
+      statusCode: 404,
+      message: "Password provider is not configured"
+    });
+  }
+  const handler = useAegisHandler();
+  if (!handler?.password) {
+    throw createError({
+      statusCode: 500,
+      message: "Password handler is not implemented"
+    });
+  }
+  const body = await readBody(event);
+  const { email } = body;
+  if (!email) {
+    throw createError({
+      statusCode: 400,
+      message: "Email is required"
+    });
+  }
+  const normalizedEmail = normalizeEmail(email);
+  const user = await handler.password.findUser(normalizedEmail);
+  if (user) {
+    const code = await storeMagicCode(
+      normalizedEmail,
+      "reset",
+      {},
+      passwordConfig.magicCodeTTL,
+      passwordConfig.magicCodeMaxAttempts
+    );
+    logger.debug(`Magic code generated for ${normalizedEmail}: ${obfuscateMagicCode(code)}`);
+    try {
+      await handler.password.sendVerificationCode(normalizedEmail, code, "reset");
+    } catch (error) {
+      logger.error("Failed to send verification code", error);
+    }
+  } else {
+    logger.debug(`Password reset requested for non-existent user: ${normalizedEmail}`);
+  }
+  return { success: true, message: "If an account exists with this email, a verification code has been sent." };
+});

package/dist/runtime/server/routes/password/reset-verify.get.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<void>>;
2	+ export default _default;