npm - @plyaz/auth - Versions diffs - 1.0.0 - Mend

@plyaz/auth 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

package/.github/pull_request_template.md +71 -0
package/.github/workflows/deploy.yml +9 -0
package/.github/workflows/publish.yml +14 -0
package/.github/workflows/security.yml +20 -0
package/README.md +89 -0
package/commits.txt +5 -0
package/dist/common/index.cjs +48 -0
package/dist/common/index.cjs.map +1 -0
package/dist/common/index.mjs +43 -0
package/dist/common/index.mjs.map +1 -0
package/dist/index.cjs +20411 -0
package/dist/index.cjs.map +1 -0
package/dist/index.mjs +5139 -0
package/dist/index.mjs.map +1 -0
package/eslint.config.mjs +13 -0
package/index.html +13 -0
package/package.json +141 -0
package/src/adapters/auth-adapter-factory.ts +26 -0
package/src/adapters/auth-adapter.mapper.ts +53 -0
package/src/adapters/base-auth.adapter.ts +119 -0
package/src/adapters/clerk/clerk.adapter.ts +204 -0
package/src/adapters/custom/custom.adapter.ts +119 -0
package/src/adapters/index.ts +4 -0
package/src/adapters/next-auth/authOptions.ts +81 -0
package/src/adapters/next-auth/next-auth.adapter.ts +211 -0
package/src/api/client.ts +37 -0
package/src/audit/audit.logger.ts +52 -0
package/src/client/components/ProtectedRoute.tsx +37 -0
package/src/client/hooks/useAuth.ts +128 -0
package/src/client/hooks/useConnectedAccounts.ts +108 -0
package/src/client/hooks/usePermissions.ts +36 -0
package/src/client/hooks/useRBAC.ts +36 -0
package/src/client/hooks/useSession.ts +18 -0
package/src/client/providers/AuthProvider.tsx +104 -0
package/src/client/store/auth.store.ts +306 -0
package/src/client/utils/storage.ts +70 -0
package/src/common/constants/oauth-providers.ts +49 -0
package/src/common/errors/auth.errors.ts +64 -0
package/src/common/errors/specific-auth-errors.ts +201 -0
package/src/common/index.ts +19 -0
package/src/common/regex/index.ts +27 -0
package/src/common/types/auth.types.ts +641 -0
package/src/common/types/index.ts +297 -0
package/src/common/utils/index.ts +84 -0
package/src/core/blacklist/token.blacklist.ts +60 -0
package/src/core/index.ts +2 -0
package/src/core/jwt/jwt.manager.ts +131 -0
package/src/core/session/session.manager.ts +56 -0
package/src/db/repositories/connected-account.repository.ts +415 -0
package/src/db/repositories/role.repository.ts +519 -0
package/src/db/repositories/session.repository.ts +308 -0
package/src/db/repositories/user.repository.ts +320 -0
package/src/flows/index.ts +2 -0
package/src/flows/sign-in.flow.ts +106 -0
package/src/flows/sign-up.flow.ts +121 -0
package/src/index.ts +54 -0
package/src/libs/clerk.helper.ts +36 -0
package/src/libs/supabase.helper.ts +255 -0
package/src/libs/supabaseClient.ts +6 -0
package/src/providers/base/auth-provider.interface.ts +42 -0
package/src/providers/base/index.ts +1 -0
package/src/providers/index.ts +2 -0
package/src/providers/oauth/facebook.provider.ts +97 -0
package/src/providers/oauth/github.provider.ts +148 -0
package/src/providers/oauth/google.provider.ts +126 -0
package/src/providers/oauth/index.ts +3 -0
package/src/rbac/dynamic-roles.ts +552 -0
package/src/rbac/index.ts +4 -0
package/src/rbac/permission-checker.ts +464 -0
package/src/rbac/role-hierarchy.ts +545 -0
package/src/rbac/role.manager.ts +75 -0
package/src/security/csrf/csrf.protection.ts +37 -0
package/src/security/index.ts +3 -0
package/src/security/rate-limiting/auth/auth.controller.ts +12 -0
package/src/security/rate-limiting/auth/rate-limiting.interface.ts +67 -0
package/src/security/rate-limiting/auth.module.ts +32 -0
package/src/server/auth.module.ts +158 -0
package/src/server/decorators/auth.decorator.ts +43 -0
package/src/server/decorators/auth.decorators.ts +31 -0
package/src/server/decorators/current-user.decorator.ts +49 -0
package/src/server/decorators/permission.decorator.ts +49 -0
package/src/server/guards/auth.guard.ts +56 -0
package/src/server/guards/custom-throttler.guard.ts +46 -0
package/src/server/guards/permissions.guard.ts +115 -0
package/src/server/guards/roles.guard.ts +31 -0
package/src/server/middleware/auth.middleware.ts +46 -0
package/src/server/middleware/index.ts +2 -0
package/src/server/middleware/middleware.ts +11 -0
package/src/server/middleware/session.middleware.ts +255 -0
package/src/server/services/account.service.ts +269 -0
package/src/server/services/auth.service.ts +79 -0
package/src/server/services/brute-force.service.ts +98 -0
package/src/server/services/index.ts +15 -0
package/src/server/services/rate-limiter.service.ts +60 -0
package/src/server/services/session.service.ts +287 -0
package/src/server/services/token.service.ts +262 -0
package/src/session/cookie-store.ts +255 -0
package/src/session/enhanced-session-manager.ts +406 -0
package/src/session/index.ts +14 -0
package/src/session/memory-store.ts +320 -0
package/src/session/redis-store.ts +443 -0
package/src/strategies/oauth.strategy.ts +128 -0
package/src/strategies/traditional-auth.strategy.ts +116 -0
package/src/tokens/index.ts +4 -0
package/src/tokens/refresh-token-manager.ts +448 -0
package/src/tokens/token-validator.ts +311 -0
package/tsconfig.build.json +28 -0
package/tsconfig.json +38 -0
package/tsup.config.mjs +28 -0
package/vitest.config.mjs +16 -0
package/vitest.setup.d.ts +2 -0
package/vitest.setup.d.ts.map +1 -0
package/vitest.setup.ts +1 -0

package/eslint.config.mjs ADDED Viewed

@@ -0,0 +1,13 @@
+import { presets } from '@plyaz/devtools/eslint/base.shared.mjs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+export default presets.types({
+  tsconfigDir: __dirname,
+  globals: {
+    NodeJS: true,
+  },
+});

package/index.html ADDED Viewed

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Vite + TS</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/index.ts"></script>
+  </body>
+</html>

package/package.json ADDED Viewed

@@ -0,0 +1,141 @@
+{
+  "name": "@plyaz/auth",
+  "version": "1.0.0",
+  "description": "Authentication package for Plyaz ecosystem",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "engines": {
+    "node": ">=23.0.0",
+    "pnpm": ">=8.0.0"
+  },
+  "keywords": [
+    "auth",
+    "authentication",
+    "authorization",
+    "nestjs",
+    "jwt",
+    "rbac",
+    "clerk",
+    "mfa"
+  ],
+  "packageManager": "pnpm@10.11.0",
+  "dependencies": {
+    "@clerk/backend": "^2.29.0",
+    "@clerk/clerk-sdk-node": "^4.13.14",
+    "@clerk/nextjs": "^6.36.3",
+    "@nest-lab/throttler-storage-redis": "^1.1.0",
+    "@nestjs/common": "^10.2.8",
+    "@nestjs/config": "^4.0.2",
+    "@nestjs/core": "^10.2.8",
+    "@nestjs/jwt": "^11.0.2",
+    "@nestjs/throttler": "^6.5.0",
+    "@plyaz/config": "^1.10.2",
+    "@plyaz/errors": "^1.5.6",
+    "@supabase/supabase-js": "^2.38.4",
+    "bcryptjs": "^3.0.3",
+    "express": "^5.2.1",
+    "ioredis": "^5.8.2",
+    "jsonwebtoken": "^9.0.2",
+    "next": "^16.1.1",
+    "next-auth": "^4.24.13",
+    "react": "18.3.1",
+    "react-dom": "^18.3.1",
+    "zustand": "^4.4.7"
+  },
+  "devDependencies": {
+    "@auth/core": "^0.34.3",
+    "@changesets/cli": "^2.29.8",
+    "@darraghor/eslint-plugin-nestjs-typed": "^7.1.12",
+    "@eslint/eslintrc": "^3.3.3",
+    "@eslint/js": "^9.39.2",
+    "@eslint/markdown": "^7.5.1",
+    "@next/eslint-plugin-next": "^16.1.1",
+    "@plyaz/devtools": "^1.10.0",
+    "@plyaz/testing": "^1.5.5",
+    "@plyaz/types": "^1.45.2",
+    "@tanstack/react-query": "^5.90.16",
+    "@testing-library/jest-dom": "^6.9.1",
+    "@testing-library/react": "^16.3.1",
+    "@testing-library/user-event": "^14.6.1",
+    "@types/express": "^5.0.6",
+    "@types/jsonwebtoken": "^9.0.5",
+    "@types/node": "^20.8.9",
+    "@types/react": "18",
+    "@types/react-dom": "18",
+    "@typescript-eslint/eslint-plugin": "^8.52.0",
+    "@typescript-eslint/parser": "^8.52.0",
+    "@vitest/coverage-istanbul": "^4.0.16",
+    "@vitest/coverage-v8": "^4.0.16",
+    "dotenv": "^16.3.1",
+    "eslint": "^9.39.2",
+    "eslint-config-next": "^16.1.1",
+    "eslint-config-prettier": "^10.1.8",
+    "eslint-import-resolver-typescript": "^4.4.4",
+    "eslint-mdx": "^3.6.2",
+    "eslint-plugin-better-tailwindcss": "^3.8.0",
+    "eslint-plugin-functional": "^9.0.2",
+    "eslint-plugin-import": "^2.32.0",
+    "eslint-plugin-jest": "^29.12.1",
+    "eslint-plugin-jsdoc": "^62.0.0",
+    "eslint-plugin-jsonc": "^2.21.0",
+    "eslint-plugin-jsx-a11y": "^6.10.2",
+    "eslint-plugin-markdownlint": "^0.9.0",
+    "eslint-plugin-mdx": "^3.6.2",
+    "eslint-plugin-n": "^17.23.1",
+    "eslint-plugin-prettier": "^5.5.4",
+    "eslint-plugin-promise": "^7.2.1",
+    "eslint-plugin-react": "^7.37.5",
+    "eslint-plugin-react-hooks": "^7.0.1",
+    "eslint-plugin-react-refresh": "^0.4.26",
+    "eslint-plugin-regexp": "^2.10.0",
+    "eslint-plugin-security": "^3.0.1",
+    "eslint-plugin-simple-import-sort": "^12.1.1",
+    "eslint-plugin-sonarjs": "^3.0.5",
+    "eslint-plugin-storybook": "^10.1.11",
+    "eslint-plugin-testing-library": "^7.15.4",
+    "eslint-plugin-unicorn": "^62.0.0",
+    "eslint-plugin-unused-imports": "^4.3.0",
+    "jiti": "^2.6.1",
+    "jsdom": "^27.4.0",
+    "markdownlint": "^0.40.0",
+    "nodemailer": "^7.0.12",
+    "prettier": "^3.7.4",
+    "standard-version": "^9.5.0",
+    "tailwindcss": "^4.1.18",
+    "tsup": "^8.5.1",
+    "tsx": "^4.6.0",
+    "typescript": "5.4.5",
+    "vite": "^7.3.1",
+    "vite-plugin-dts": "^4.5.4",
+    "vitest": "^4.0.16"
+  },
+  "peerDependencies": {
+    "@nestjs/common": ">=8.0.0",
+    "react": ">=16.8.0"
+  },
+  "scripts": {
+    "build": "pnpm clean && pnpm build:js && pnpm build:types",
+    "build:js": "tsup",
+    "build:types": "tsc -p tsconfig.build.json",
+    "build:watch": "tsup --watch",
+    "dev": "tsup --watch",
+    "lint": "eslint ./src",
+    "lint:fix": "eslint ./src --fix",
+    "format": "prettier --write './**/*.{ts,tsx,js,jsx}'",
+    "format:check": "prettier --check './**/*.{ts,tsx,js,jsx}'",
+    "type:check": "tsc --noEmit",
+    "test": "vitest run --no-watch",
+    "test:ci": "vitest run --no-watch",
+    "test:watch": "vitest --watch",
+    "test:coverage": "vitest run --coverage",
+    "test:ui": "vitest --ui",
+    "clean": "rm -rf dist",
+    "audit": "pnpm audit",
+    "audit:moderate": "pnpm audit --audit-level moderate",
+    "audit:high": "pnpm audit --audit-level high",
+    "audit:critical": "pnpm audit --audit-level critical",
+    "audit:fix": "pnpm audit --fix",
+    "audit:enhanced": "npx audit-ci --moderate",
+    "security:check": "pnpm audit:moderate && npx audit-ci --moderate"
+  }
+}

package/src/adapters/auth-adapter-factory.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import type { AuthProviderAdapter } from "@plyaz/types";
+import type { AuthProviderType} from "./auth-adapter.mapper";
+import { resolveAuthAdapter } from "./auth-adapter.mapper";
+/**
+ * Factory function to create and return the active authentication adapter.
+ *
+ * The adapter is resolved based on the `AUTH_PROVIDER` environment variable.
+ * If no provider is specified, it defaults to `"custom"`.
+ *
+ * This allows seamless switching between authentication providers
+ * (e.g., Clerk, NextAuth, Custom) without changing application code.
+ *
+ * @returns A resolved AuthProviderAdapter implementation
+ */
+export function createAuthAdapter():AuthProviderAdapter {
+  /**
+   * Resolve the authentication provider from environment variables.
+   */
+  const provider = (globalThis.process.env.AUTH_PROVIDER as AuthProviderType) ?? "custom";
+  /**
+   * Return the adapter mapped to the selected provider.
+   */
+  return resolveAuthAdapter(provider);
+}

package/src/adapters/auth-adapter.mapper.ts ADDED Viewed

@@ -0,0 +1,53 @@
+import type { AuthProviderAdapter } from "@plyaz/types";
+import { ClerkAdapter } from "./clerk/clerk.adapter";
+import { CustomAdapter } from "./custom/custom.adapter";
+import { NextAuthAdapter } from "./next-auth/next-auth.adapter";
+/**
+ * Supported authentication provider types.
+ */
+export type AuthProviderType = "clerk" | "next-auth" | "custom";
+/**
+ * Constructor type for an AuthProviderAdapter implementation.
+ *
+ * Every adapter MUST:
+ * - be constructable with `new`
+ * - return an object implementing AuthProviderAdapter
+ */
+type AdapterConstructor = new () => AuthProviderAdapter;
+/**
+ * Mapping from AuthProviderType → Adapter class.
+ *
+ * `satisfies` ensures:
+ * - No provider keys are missing.
+ * - All values are valid constructor functions.
+ * - Full type safety at compile time without changing the type of the object.
+ */
+const AUTH_ADAPTER_MAP = {
+  clerk: ClerkAdapter,
+  "next-auth": NextAuthAdapter,
+  custom: CustomAdapter,
+} satisfies Record<AuthProviderType, AdapterConstructor>;
+/**
+ * Resolves and instantiates the AuthProviderAdapter for a given provider type.
+ *
+ * @example
+ * const adapter = resolveAuthAdapter("clerk");
+ * @throws {Error} If the provider type is unknown.
+ */
+export function resolveAuthAdapter(
+  provider: AuthProviderType
+): AuthProviderAdapter {
+  const Adapter = AUTH_ADAPTER_MAP[provider];
+  // This check is technically redundant due to TypeScript's type checking,
+  // but it provides a clear runtime error if the code is somehow bypassed.
+  if (!Adapter) {
+    throw new Error(`Unknown auth provider: ${provider}`);
+  }
+  return new Adapter();
+}

package/src/adapters/base-auth.adapter.ts ADDED Viewed

@@ -0,0 +1,119 @@
+import type { AuthAdapterUser, AUTHPROVIDER, AuthProviderAdapter, AuthSession, ConnectedAccount, Tokens } from "@plyaz/types";
+/**
+ * BaseAuthProviderAdapter
+ *
+ * Abstract base class for all authentication provider adapters.
+ * Provides the standard contract for implementing any auth provider
+ * (e.g., Clerk, NextAuth, Custom).
+ *
+ * All concrete adapters must implement these methods to ensure
+ * consistency across the system.
+ */
+export abstract class BaseAuthProviderAdapter implements AuthProviderAdapter {
+  /**
+   * Sign in an existing user.
+   *
+   * @param provider - Authentication provider identifier
+   * @param credentials - Provider-specific credentials
+   * @returns Auth result containing user, session, and tokens
+   */
+  abstract signIn(
+    provider: AUTHPROVIDER,
+    credentials?: unknown
+  ): Promise<{ user: AuthAdapterUser; session: AuthSession; tokens: Tokens }>;
+  /**
+   * Sign up a new user.
+   *
+   * @param provider - Authentication provider identifier
+   * @param credentials - Provider-specific credentials
+   * @param data - Optional additional user data
+   * @returns Auth result or void if handled externally
+   */
+  abstract signUp(
+    provider: AUTHPROVIDER,
+    credentials: unknown,
+    data?: unknown
+  ): Promise<{ user: AuthAdapterUser; session: AuthSession; tokens: Tokens }> | Promise<void>;
+  /**
+   * Sign out a user session.
+   *
+   * @param sessionId - Session identifier
+   */
+  abstract signOut(sessionId: string): Promise<void>;
+  /**
+   * Retrieve a session by its identifier.
+   *
+   * @param sessionId - Session identifier
+   * @returns Session or null if not found or expired
+   */
+  abstract getSession(sessionId: string): Promise<AuthSession | null>;
+  /**
+   * Validate a session.
+   *
+   * @param sessionId - Session identifier
+   * @returns True if session is valid, otherwise false
+   */
+  abstract validateSession(sessionId: string): Promise<boolean>;
+  /**
+   * Refresh an existing session using a refresh token.
+   *
+   * @param refreshToken - Refresh token
+   * @returns New session and tokens, or void if not supported
+   */
+  abstract refreshSession(
+    refreshToken: string
+  ): Promise<{ session: AuthSession; tokens: Tokens } | void>;
+  /**
+   * Generate an OAuth authorization URL.
+   *
+   * @param provider - OAuth provider
+   * @param redirectUri - Redirect URI after authentication
+   * @returns Authorization URL or void if handled externally
+   */
+  abstract getOAuthUrl(
+    provider: AUTHPROVIDER,
+    redirectUri: string
+  ): Promise<string | void>;
+  /**
+   * Handle OAuth callback after provider authentication.
+   *
+   * @param provider - OAuth provider
+   * @param code - Authorization code returned by provider
+   * @returns Provider account data or void if handled externally
+   */
+  abstract handleOAuthCallback(
+    provider: AUTHPROVIDER,
+    code: string
+  ): Promise<{ providerAccountId: string; profile: unknown } | void>;
+  /**
+   * Link an external provider account to an existing user.
+   *
+   * @param userId - Local user identifier
+   * @param provider - Authentication provider
+   * @param data - Connected account metadata
+   * @returns Linked connected account or void if handled externally
+   */
+  abstract linkAccount(
+    userId: string,
+    provider: AUTHPROVIDER,
+    data: ConnectedAccount
+  ): Promise<ConnectedAccount | void>;
+  /**
+   * Unlink an external provider account from a user.
+   *
+   * @param userId - Local user identifier
+   * @param accountId - Connected account identifier
+   */
+  abstract unlinkAccount(userId: string, accountId: string): Promise<void>;
+}

package/src/adapters/clerk/clerk.adapter.ts ADDED Viewed

@@ -0,0 +1,204 @@
+/* eslint-disable no-unused-vars */
+/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
+/* eslint-disable @typescript-eslint/explicit-function-return-type */
+import { clerkClient } from "@clerk/nextjs/server";
+import type { AuthCredentials, AUTHPROVIDER, ConnectedAccount, DeviceInfo } from "@plyaz/types";
+import type { AuthUser } from "@supabase/supabase-js";
+import { DatabasePackageError } from "@plyaz/errors";
+import { BaseAuthProviderAdapter } from "../base-auth.adapter";
+import { createUser } from "../../libs/supabase.helper";
+import { supabase } from "../../libs/supabaseClient";
+/**
+ * ClerkAdapter
+ *
+ * Auth provider adapter implementation for Clerk.
+ * This adapter delegates authentication and session management to Clerk,
+ * while ensuring local user and account synchronization with Supabase.
+ *
+ * Responsibilities:
+ * - Authenticate users via Clerk
+ * - Sync Clerk users with local Supabase tables
+ * - Maintain compatibility with the unified AuthProviderAdapter interface
+ */
+export class ClerkAdapter extends BaseAuthProviderAdapter {
+  /**
+   * Sign in a user using Clerk.
+   *
+   * Fetches the Clerk user, syncs it with Supabase, and returns
+   * a standardized auth response.
+   *
+   * @param provider - Auth provider name (unused, Clerk-specific)
+   * @param credentials - Clerk credentials containing user ID
+   * @param deviceInfo - Optional device metadata
+   * @returns Auth result including user, session, and tokens
+   */
+  async signIn(
+    provider: string,
+    credentials: Credential,
+  ): Promise<{
+    user: { id: string; email: string };
+    session: { id: string; userId: string; expiresAt: Date };
+    tokens: { accessToken: string };
+  }> {
+    const client = await clerkClient();
+    const user = await client.users.getUser(credentials.id);
+    await migrateClerkConnection(user.id);
+    return {
+      user: { id: user.id, email: user.emailAddresses[0].emailAddress },
+      session: { id: "clerk-session", userId: user.id, expiresAt: new Date() },
+      tokens: { accessToken: "managed-by-clerk" },
+    };
+  }
+  /**
+   * Sign up a new user.
+   *
+   * User creation is delegated to Clerk, while this method
+   * ensures a corresponding Supabase user exists.
+   *
+   * @param provider - Auth provider identifier
+   * @param credentials - Signup credentials
+   * @param data - Optional additional user data
+   * @param deviceInfo - Optional device metadata
+   */
+  async signUp(
+    provider: string,
+    credentials: AuthCredentials,
+    data?: Partial<AuthUser>
+  ) {
+     await createUser(
+      credentials.email,
+      provider,
+      data,
+      credentials.password
+    );
+  }
+  /**
+   * Sign out a user.
+   *
+   * Session handling is fully managed by Clerk.
+   *
+   * @param sessionId - Session identifier
+   */
+  async signOut(sessionId: string) {}
+  /**
+   * Retrieve a session by ID.
+   *
+   * Clerk manages sessions externally, so this always returns null.
+   *
+   * @param sessionId - Session identifier
+   * @returns null
+   */
+  async getSession(sessionId: string) {
+    return null;
+  }
+  /**
+   * Validate a session.
+   *
+   * Clerk handles session validation internally.
+   *
+   * @param sessionId - Session identifier
+   * @returns true
+   */
+  async validateSession(sessionId: string) {
+    return true;
+  }
+  /**
+   * Refresh a session.
+   *
+   * Not supported because Clerk manages token refresh.
+   *
+   * @param sessionId - Session identifier
+   * @throws DatabasePackageError
+   */
+  async refreshSession(sessionId: string) {
+    throw new DatabasePackageError("Not supported");
+  }
+  /**
+   * Generate an OAuth authorization URL.
+   *
+   * OAuth flow is handled by Clerk UI.
+   *
+   * @param provider - OAuth provider
+   * @param redirectUri - Redirect URI
+   * @throws DatabasePackageError
+   */
+  async getOAuthUrl(provider: string, redirectUri: string) {
+    throw new DatabasePackageError("Handled by Clerk");
+  }
+  /**
+   * Handle OAuth callback.
+   *
+   * OAuth callbacks are handled by Clerk.
+   *
+   * @param provider - OAuth provider
+   * @param code - Authorization code
+   * @throws DatabasePackageError
+   */
+  async handleOAuthCallback(provider: string, code: string) {
+    throw new DatabasePackageError("Handled by Clerk");
+  }
+  async linkAccount(
+    userId: string,
+    provider: AUTHPROVIDER,
+    data: ConnectedAccount
+  ) {
+    throw new DatabasePackageError("Handled by Clerk");
+  }
+  async unlinkAccount(userId: string, accountId: string) {
+    throw new DatabasePackageError("Handled by Clerk");
+  }
+  async getLinkedAccounts(userId: string) {
+    throw new DatabasePackageError("Handled by Clerk");
+  }
+}
+/**
+ * Sync Clerk user → Supabase users + connected_accounts
+ * Safe to call on every sign-in
+ */
+export async function migrateClerkConnection(clerkUserId: string) {
+  const { data: existingUser, error: userFetchError } = await supabase
+    .from("users")
+    .select("id")
+    .eq("clerk_user_id", clerkUserId)
+    .single();
+  if (userFetchError && userFetchError.code !== "PGRST116") {
+    throw userFetchError;
+  }
+  if (!existingUser) {
+    throw new DatabasePackageError("User Not Found");
+  }
+  const { error: accountError } = await supabase
+    .from("connected_accounts")
+    .upsert({
+      provider: "clerk",
+      provider_account_id: clerkUserId,
+    });
+  if (accountError) {
+    throw accountError;
+  }
+  return {
+    provider: "clerk",
+    providerAccountId: clerkUserId,
+  };
+}

package/src/adapters/custom/custom.adapter.ts ADDED Viewed

@@ -0,0 +1,119 @@
+/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
+/* eslint-disable @typescript-eslint/explicit-function-return-type */
+// custom.adapter.ts
+import type { AuthDeviceInfo, AUTHPROVIDER, AuthUser, ConnectedAccount, AuthCredentials } from "@plyaz/types";
+import {
+  createUser,
+  findUserByEmailProvider,
+  updateLastLogin,
+  createUserSession,
+  getSession,
+  validateSessionDB,
+  deleteSession,
+  refreshSessionDB,
+  linkConnectedAccount,
+  unlinkConnectedAccount,
+  getLinkedAccounts,
+} from "../../libs/supabase.helper";
+import { DatabasePackageError } from "@plyaz/errors";
+import { BaseAuthProviderAdapter } from "../base-auth.adapter";
+export class CustomAdapter extends BaseAuthProviderAdapter {
+  async signIn(
+    provider: string,
+    credentials: AuthCredentials,
+    deviceInfo?: AuthDeviceInfo
+  ) {
+    const user = await findUserByEmailProvider(credentials.email, provider);
+    if (!user) throw new Error("User not found");
+    if (!user.isActive || user.isSuspended)
+      throw new Error("User not active or suspended");
+    await updateLastLogin(user.id);
+    const session = await createUserSession(
+      user.id,
+      deviceInfo ?? {
+        ip: "",
+        browser: "",
+        os: "",
+        userAgent: "",
+      }
+    );
+    return { user, session, tokens: { accessToken: session.accessToken } };
+  }
+  async signUp(
+    provider: string,
+    credentials: AuthCredentials,
+    data?: Partial<AuthUser>,
+    deviceInfo?: AuthDeviceInfo
+  ) {
+    const userFindByEmail = await findUserByEmailProvider(data?.email ?? "", provider);
+    if (userFindByEmail) {
+      throw new DatabasePackageError("User already register");
+    }
+    const user = await createUser(
+      credentials.email,
+      provider,
+      data,
+      credentials.password
+    );
+    const session = await createUserSession(
+      user.id,
+      deviceInfo ?? {
+        ip: "",
+        browser: "",
+        os: "",
+        userAgent: "",
+      }
+    );
+    return { user, session, tokens: { accessToken: session.accessToken } };
+  }
+  async signOut(sessionId: string) {
+    await deleteSession(sessionId);
+  }
+  async getSession(sessionId: string) {
+    return await getSession(sessionId);
+  }
+  async validateSession(sessionId: string) {
+    return await validateSessionDB(sessionId);
+  }
+  async refreshSession(sessionId: string) {
+    const session = await refreshSessionDB(sessionId);
+    return { session, tokens: { accessToken: session.accessToken } };
+  }
+  async getOAuthUrl(provider: string, redirectUri: string) {
+    return `https://provider/oauth?redirect_uri=${redirectUri}`;
+  }
+  async handleOAuthCallback(provider: string, code: string) {
+    globalThis.console.log(provider,code)
+    return { providerAccountId: "id", profile: {} };
+  }
+  async linkAccount(
+    userId: string,
+    provider: AUTHPROVIDER,
+    data: ConnectedAccount
+  ) : Promise<ConnectedAccount | void> {
+    return await linkConnectedAccount(userId, provider, data);
+  }
+  async unlinkAccount(userId: string, accountId: string) {
+    await unlinkConnectedAccount(userId, accountId);
+  }
+  async getLinkedAccounts(userId: string) {
+    return await getLinkedAccounts(userId);
+  }
+}

package/src/adapters/index.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export { ClerkAdapter } from "./clerk/clerk.adapter";
+export { NextAuthAdapter } from "./next-auth/next-auth.adapter";
+export { CustomAdapter } from "./custom/custom.adapter";