@prsm/auth 1.0.0

package/types/errors.d.ts

@@ -0,0 +1,108 @@
+export class AuthError extends Error {
+    /** @param {string} message */
+    constructor(message: string);
+}
+export class ConfirmationExpiredError extends AuthError {
+    constructor();
+}
+export class ConfirmationNotFoundError extends AuthError {
+    constructor();
+}
+export class EmailNotVerifiedError extends AuthError {
+    constructor();
+}
+export class EmailTakenError extends AuthError {
+    constructor();
+}
+export class InvalidEmailError extends AuthError {
+    constructor();
+}
+export class InvalidPasswordError extends AuthError {
+    constructor();
+}
+export class InvalidTokenError extends AuthError {
+    constructor();
+}
+export class ResetDisabledError extends AuthError {
+    constructor();
+}
+export class ResetExpiredError extends AuthError {
+    constructor();
+}
+export class ResetNotFoundError extends AuthError {
+    constructor();
+}
+export class TooManyResetsError extends AuthError {
+    constructor();
+}
+export class UserInactiveError extends AuthError {
+    constructor();
+}
+export class UserNotFoundError extends AuthError {
+    constructor();
+}
+export class UserNotLoggedInError extends AuthError {
+    constructor();
+}
+export class RateLimitedError extends AuthError {
+    /** @param {number} [retryAfter] milliseconds until the next attempt is allowed */
+    constructor(retryAfter?: number);
+    retryAfter: number;
+}
+export class SecondFactorRequiredError extends AuthError {
+    /**
+     * @param {{ totp?: boolean, email?: { otpValue: string, maskedContact: string }, sms?: { otpValue: string, maskedContact: string } }} availableMethods
+     */
+    constructor(availableMethods: {
+        totp?: boolean;
+        email?: {
+            otpValue: string;
+            maskedContact: string;
+        };
+        sms?: {
+            otpValue: string;
+            maskedContact: string;
+        };
+    });
+    availableMethods: {
+        totp?: boolean;
+        email?: {
+            otpValue: string;
+            maskedContact: string;
+        };
+        sms?: {
+            otpValue: string;
+            maskedContact: string;
+        };
+    };
+}
+export class InvalidTwoFactorCodeError extends AuthError {
+    constructor();
+}
+export class TwoFactorExpiredError extends AuthError {
+    constructor();
+}
+export class TwoFactorNotSetupError extends AuthError {
+    constructor();
+}
+export class TwoFactorAlreadyEnabledError extends AuthError {
+    constructor();
+}
+export class InvalidBackupCodeError extends AuthError {
+    constructor();
+}
+export class TwoFactorSetupIncompleteError extends AuthError {
+    constructor();
+}
+export class ImpersonationDisabledError extends AuthError {
+    constructor();
+}
+export class ImpersonationNotAllowedError extends AuthError {
+    constructor();
+}
+export class AlreadyImpersonatingError extends AuthError {
+    constructor();
+}
+export class NotImpersonatingError extends AuthError {
+    constructor();
+}

package/types/hooks.d.ts

@@ -0,0 +1,30 @@
+/**
+ * @typedef {import("./types.js").Tracer} Tracer
+ * @typedef {import("./types.js").Limiter} Limiter
+ */
+/**
+ * Run fn inside a tracing span when a tracer is provided, otherwise run it plain.
+ * Matches the @prsm/trace tracer shape: tracer.span(name, attributes, fn).
+ * @template T
+ * @param {Tracer | undefined} tracer
+ * @param {string} name
+ * @param {Record<string, any>} attributes
+ * @param {() => Promise<T>} fn
+ * @returns {Promise<T>}
+ */
+export function withSpan<T>(tracer: Tracer | undefined, name: string, attributes: Record<string, any>, fn: () => Promise<T>): Promise<T>;
+/**
+ * Consume one unit against a limiter for the given key. The @prsm/limit
+ * algorithms expose different verbs (tokenBucket.take, slidingWindow.hit,
+ * leakyBucket.drip); all return { allowed, retryAfter }. We accept any of them
+ * plus a generic consume/check so callers can pass a limiter instance directly.
+ * @param {Limiter | undefined} limiter
+ * @param {string} key
+ * @returns {Promise<{ allowed: boolean, retryAfter?: number } | null>}
+ */
+export function consumeLimit(limiter: Limiter | undefined, key: string): Promise<{
+    allowed: boolean;
+    retryAfter?: number;
+} | null>;
+export type Tracer = import("./types.js").Tracer;
+export type Limiter = import("./types.js").Limiter;

package/types/index.d.ts

@@ -0,0 +1,13 @@
+export { createAuthMiddleware } from "./middleware.js";
+export { createAuthContext } from "./auth-context.js";
+export * as authFunctions from "./auth-functions.js";
+export * from "./auth-functions.js";
+export * from "./types.js";
+export * from "./errors.js";
+export { ActivityLogger } from "./activity-logger.js";
+export { closeInvalidationListeners } from "./invalidation.js";
+export { createAuthTables, dropAuthTables, cleanupExpiredTokens, getAuthTableStats } from "./schema.js";
+export { defineRoles, addRoleToUser, removeRoleFromUser, setUserRoles, getUserRoles } from "./user-roles.js";
+export { isValidEmail, validateEmail } from "./util.js";
+export { TwoFactorManager, TotpProvider, OtpProvider } from "./two-factor/index.js";
+export { GitHubProvider, GoogleProvider, AzureProvider, BaseOAuthProvider } from "./providers/index.js";

package/types/invalidation.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Start the LISTEN connection for this config's pool/channel if it isn't already
+ * running. Idempotent and non-blocking - the first call kicks off the connection
+ * and returns; failures mark the listener broken so callers fall back to polling.
+ * @param {AuthConfig} config
+ */
+export function ensureListener(config: AuthConfig): void;
+/**
+ * Broadcast that an account's auth state changed so other instances resync it
+ * immediately. No-op unless invalidation is enabled.
+ * @param {AuthConfig} config
+ * @param {number} accountId
+ * @returns {Promise<void>}
+ */
+export function notifyInvalidation(config: AuthConfig, accountId: number): Promise<void>;
+/**
+ * Whether the given account was signaled invalid more recently than `sinceTs`.
+ * @param {AuthConfig} config
+ * @param {number} accountId
+ * @param {number} sinceTs epoch millis
+ * @returns {boolean}
+ */
+export function wasInvalidatedSince(config: AuthConfig, accountId: number, sinceTs: number): boolean;
+/**
+ * Release all listener connections. Intended for test teardown and graceful
+ * shutdown - production processes normally keep listeners for their lifetime.
+ * @returns {Promise<void>}
+ */
+export function closeInvalidationListeners(): Promise<void>;
+export type AuthConfig = import("./types.js").AuthConfig;
+export type ListenerState = {
+    channel: string;
+    /**
+     * accountId -> timestamp of last signal
+     */
+    invalidated: Map<number, number>;
+    started: boolean;
+    broken: boolean;
+    client: import("pg").PoolClient | null;
+};

package/types/middleware.d.ts

@@ -0,0 +1,11 @@
+/**
+ * @typedef {import("./types.js").AuthConfig} AuthConfig
+ */
+/**
+ * Create the Express middleware that attaches an AuthManager to req.auth,
+ * resyncs the session, and processes any remember-me token.
+ * @param {AuthConfig} config
+ * @returns {import("express").RequestHandler}
+ */
+export function createAuthMiddleware(config: AuthConfig): import("express").RequestHandler;
+export type AuthConfig = import("./types.js").AuthConfig;

package/types/providers/azure-provider.d.ts

@@ -0,0 +1,35 @@
+/**
+ * @typedef {import("../types.js").AuthConfig} AuthConfig
+ * @typedef {import("../types.js").OAuthUserData} OAuthUserData
+ * @typedef {import("../types.js").AzureProviderConfig} AzureProviderConfig
+ */
+export class AzureProvider extends BaseOAuthProvider {
+    /**
+     * @param {AzureProviderConfig} config
+     * @param {AuthConfig} authConfig
+     * @param {import("../auth-manager.js").AuthManager} authManager
+     */
+    constructor(config: AzureProviderConfig, authConfig: AuthConfig, authManager: import("../auth-manager.js").AuthManager);
+    /**
+     * Build the Azure AD authorization URL.
+     * @param {string} [state]
+     * @param {string[]} [scopes]
+     * @returns {string}
+     */
+    getAuthUrl(state?: string, scopes?: string[]): string;
+    /**
+     * Exchange the callback code and resolve the Azure user profile.
+     * @param {import("express").Request} req
+     * @returns {Promise<OAuthUserData>}
+     * @throws {Error} when no code is provided or no email is found
+     */
+    getUserData(req: import("express").Request): Promise<OAuthUserData>;
+    /**
+     * @returns {string}
+     */
+    getProviderName(): string;
+}
+export type AuthConfig = import("../types.js").AuthConfig;
+export type OAuthUserData = import("../types.js").OAuthUserData;
+export type AzureProviderConfig = import("../types.js").AzureProviderConfig;
+import { BaseOAuthProvider } from "./base-provider.js";

package/types/providers/base-provider.d.ts

@@ -0,0 +1,52 @@
+/**
+ * @typedef {import("../types.js").AuthConfig} AuthConfig
+ * @typedef {import("../types.js").OAuthUserData} OAuthUserData
+ * @typedef {import("../types.js").OAuthCallbackResult} OAuthCallbackResult
+ * @typedef {import("../types.js").OAuthProviderConfig} OAuthProviderConfig
+ */
+export class BaseOAuthProvider {
+    /**
+     * @param {OAuthProviderConfig} config
+     * @param {AuthConfig} authConfig
+     * @param {import("../auth-manager.js").AuthManager} authManager
+     */
+    constructor(config: OAuthProviderConfig, authConfig: AuthConfig, authManager: import("../auth-manager.js").AuthManager);
+    config: import("../types.js").OAuthProviderConfig;
+    authConfig: import("../types.js").AuthConfig;
+    authManager: import("../auth-manager.js").AuthManager;
+    /**
+     * Handle an OAuth provider callback request and resolve the login.
+     * @param {import("express").Request} req
+     * @returns {Promise<OAuthCallbackResult>}
+     */
+    handleCallback(req: import("express").Request): Promise<OAuthCallbackResult>;
+    /**
+     * Resolve or create an account for the OAuth user and record the login.
+     * @param {OAuthUserData} userData
+     * @param {import("express").Request} req
+     * @returns {Promise<OAuthCallbackResult>}
+     * @throws {Error} when an account already exists for the user's email
+     */
+    processOAuthLogin(userData: OAuthUserData, req: import("express").Request): Promise<OAuthCallbackResult>;
+    /**
+     * Exchange an authorization code for an access token.
+     * @param {string} code
+     * @param {string} tokenUrl
+     * @returns {Promise<string>}
+     * @throws {Error} when the exchange fails or no access token is returned
+     */
+    exchangeCodeForToken(code: string, tokenUrl: string): Promise<string>;
+    /**
+     * Fetch the authenticated user profile from a provider API.
+     * @param {string} accessToken
+     * @param {string} apiUrl
+     * @param {Record<string, string>} [headers]
+     * @returns {Promise<any>}
+     * @throws {Error} when the request fails
+     */
+    fetchUserFromAPI(accessToken: string, apiUrl: string, headers?: Record<string, string>): Promise<any>;
+}
+export type AuthConfig = import("../types.js").AuthConfig;
+export type OAuthUserData = import("../types.js").OAuthUserData;
+export type OAuthCallbackResult = import("../types.js").OAuthCallbackResult;
+export type OAuthProviderConfig = import("../types.js").OAuthProviderConfig;

package/types/providers/github-provider.d.ts

@@ -0,0 +1,29 @@
+/**
+ * @typedef {import("../types.js").AuthConfig} AuthConfig
+ * @typedef {import("../types.js").OAuthUserData} OAuthUserData
+ * @typedef {import("../types.js").GitHubProviderConfig} GitHubProviderConfig
+ */
+export class GitHubProvider extends BaseOAuthProvider {
+    /**
+     * Build the GitHub authorization URL.
+     * @param {string} [state]
+     * @param {string[]} [scopes]
+     * @returns {string}
+     */
+    getAuthUrl(state?: string, scopes?: string[]): string;
+    /**
+     * Exchange the callback code and resolve the GitHub user profile.
+     * @param {import("express").Request} req
+     * @returns {Promise<OAuthUserData>}
+     * @throws {Error} when no code is provided or no verified email is found
+     */
+    getUserData(req: import("express").Request): Promise<OAuthUserData>;
+    /**
+     * @returns {string}
+     */
+    getProviderName(): string;
+}
+export type AuthConfig = import("../types.js").AuthConfig;
+export type OAuthUserData = import("../types.js").OAuthUserData;
+export type GitHubProviderConfig = import("../types.js").GitHubProviderConfig;
+import { BaseOAuthProvider } from "./base-provider.js";

package/types/providers/google-provider.d.ts

@@ -0,0 +1,29 @@
+/**
+ * @typedef {import("../types.js").AuthConfig} AuthConfig
+ * @typedef {import("../types.js").OAuthUserData} OAuthUserData
+ * @typedef {import("../types.js").GoogleProviderConfig} GoogleProviderConfig
+ */
+export class GoogleProvider extends BaseOAuthProvider {
+    /**
+     * Build the Google authorization URL.
+     * @param {string} [state]
+     * @param {string[]} [scopes]
+     * @returns {string}
+     */
+    getAuthUrl(state?: string, scopes?: string[]): string;
+    /**
+     * Exchange the callback code and resolve the Google user profile.
+     * @param {import("express").Request} req
+     * @returns {Promise<OAuthUserData>}
+     * @throws {Error} when no code is provided or no email is found
+     */
+    getUserData(req: import("express").Request): Promise<OAuthUserData>;
+    /**
+     * @returns {string}
+     */
+    getProviderName(): string;
+}
+export type AuthConfig = import("../types.js").AuthConfig;
+export type OAuthUserData = import("../types.js").OAuthUserData;
+export type GoogleProviderConfig = import("../types.js").GoogleProviderConfig;
+import { BaseOAuthProvider } from "./base-provider.js";

package/types/providers/index.d.ts

@@ -0,0 +1,4 @@
+export { BaseOAuthProvider } from "./base-provider.js";
+export { GitHubProvider } from "./github-provider.js";
+export { GoogleProvider } from "./google-provider.js";
+export { AzureProvider } from "./azure-provider.js";

package/types/queries.d.ts

@@ -0,0 +1,287 @@
+/**
+ * @typedef {import("./types.js").AuthConfig} AuthConfig
+ * @typedef {import("./types.js").AuthAccount} AuthAccount
+ * @typedef {import("./types.js").AuthConfirmation} AuthConfirmation
+ * @typedef {import("./types.js").AuthRemember} AuthRemember
+ * @typedef {import("./types.js").AuthReset} AuthReset
+ * @typedef {import("./types.js").AuthProvider} AuthProvider
+ * @typedef {import("./types.js").TwoFactorMethod} TwoFactorMethod
+ * @typedef {import("./types.js").TwoFactorToken} TwoFactorToken
+ * @typedef {import("./types.js").TwoFactorMechanism} TwoFactorMechanism
+ */
+export class AuthQueries {
+    /**
+     * @param {AuthConfig} config
+     */
+    constructor(config: AuthConfig);
+    config: import("./types.js").AuthConfig;
+    db: import("pg").Pool;
+    tablePrefix: string;
+    get accountsTable(): string;
+    get confirmationsTable(): string;
+    get remembersTable(): string;
+    get resetsTable(): string;
+    get providersTable(): string;
+    get twoFactorMethodsTable(): string;
+    get twoFactorTokensTable(): string;
+    /**
+     * @param {number} id
+     * @returns {Promise<AuthAccount | null>}
+     */
+    findAccountById(id: number): Promise<AuthAccount | null>;
+    /**
+     * @param {string | number} userId
+     * @returns {Promise<AuthAccount | null>}
+     */
+    findAccountByUserId(userId: string | number): Promise<AuthAccount | null>;
+    /**
+     * @param {string} email
+     * @returns {Promise<AuthAccount | null>}
+     */
+    findAccountByEmail(email: string): Promise<AuthAccount | null>;
+    /**
+     * List accounts with optional email search, newest first. Used by the
+     * @prsm/devtools admin panel binding.
+     * @param {{ limit?: number, offset?: number, search?: string }} [opts]
+     * @returns {Promise<AuthAccount[]>}
+     */
+    listAccounts({ limit, offset, search }?: {
+        limit?: number;
+        offset?: number;
+        search?: string;
+    }): Promise<AuthAccount[]>;
+    /**
+     * @param {string} [search]
+     * @returns {Promise<number>}
+     */
+    countAccounts(search?: string): Promise<number>;
+    /**
+     * @param {{ userId: string | number, email: string, password: string | null, verified: boolean, status: number, rolemask: number }} data
+     * @returns {Promise<AuthAccount>}
+     */
+    createAccount(data: {
+        userId: string | number;
+        email: string;
+        password: string | null;
+        verified: boolean;
+        status: number;
+        rolemask: number;
+    }): Promise<AuthAccount>;
+    /**
+     * @param {number} id
+     * @param {Partial<AuthAccount>} updates
+     * @returns {Promise<void>}
+     */
+    updateAccount(id: number, updates: Partial<AuthAccount>): Promise<void>;
+    /**
+     * @param {number} id
+     * @returns {Promise<void>}
+     */
+    updateAccountLastLogin(id: number): Promise<void>;
+    /**
+     * @param {number} id
+     * @returns {Promise<void>}
+     */
+    incrementForceLogout(id: number): Promise<void>;
+    /**
+     * @param {number} id
+     * @returns {Promise<void>}
+     */
+    deleteAccount(id: number): Promise<void>;
+    /**
+     * @param {{ accountId: number, token: string, email: string, expires: Date }} data
+     * @returns {Promise<void>}
+     */
+    createConfirmation(data: {
+        accountId: number;
+        token: string;
+        email: string;
+        expires: Date;
+    }): Promise<void>;
+    /**
+     * @param {string} token
+     * @returns {Promise<AuthConfirmation | null>}
+     */
+    findConfirmation(token: string): Promise<AuthConfirmation | null>;
+    /**
+     * @param {number} accountId
+     * @returns {Promise<AuthConfirmation | null>}
+     */
+    findLatestConfirmationForAccount(accountId: number): Promise<AuthConfirmation | null>;
+    /**
+     * @param {string} token
+     * @returns {Promise<void>}
+     */
+    deleteConfirmation(token: string): Promise<void>;
+    /**
+     * @param {{ accountId: number, token: string, expires: Date }} data
+     * @returns {Promise<void>}
+     */
+    createRememberToken(data: {
+        accountId: number;
+        token: string;
+        expires: Date;
+    }): Promise<void>;
+    /**
+     * @param {string} token
+     * @returns {Promise<AuthRemember | null>}
+     */
+    findRememberToken(token: string): Promise<AuthRemember | null>;
+    /**
+     * @param {string} token
+     * @returns {Promise<void>}
+     */
+    deleteRememberToken(token: string): Promise<void>;
+    /**
+     * @param {number} accountId
+     * @returns {Promise<void>}
+     */
+    deleteRememberTokensForAccount(accountId: number): Promise<void>;
+    /**
+     * @param {number} accountId
+     * @returns {Promise<void>}
+     */
+    deleteExpiredRememberTokensForAccount(accountId: number): Promise<void>;
+    /**
+     * @param {{ accountId: number, token: string, expires: Date }} data
+     * @returns {Promise<void>}
+     */
+    createResetToken(data: {
+        accountId: number;
+        token: string;
+        expires: Date;
+    }): Promise<void>;
+    /**
+     * @param {string} token
+     * @returns {Promise<AuthReset | null>}
+     */
+    findResetToken(token: string): Promise<AuthReset | null>;
+    /**
+     * @param {number} accountId
+     * @returns {Promise<number>}
+     */
+    countActiveResetTokensForAccount(accountId: number): Promise<number>;
+    /**
+     * @param {string} token
+     * @returns {Promise<void>}
+     */
+    deleteResetToken(token: string): Promise<void>;
+    /**
+     * @param {number} accountId
+     * @returns {Promise<void>}
+     */
+    deleteResetTokensForAccount(accountId: number): Promise<void>;
+    /**
+     * @param {{ accountId: number, provider: string, providerId: string, providerEmail: string | null, providerUsername: string | null, providerName: string | null, providerAvatar: string | null }} data
+     * @returns {Promise<AuthProvider>}
+     */
+    createProvider(data: {
+        accountId: number;
+        provider: string;
+        providerId: string;
+        providerEmail: string | null;
+        providerUsername: string | null;
+        providerName: string | null;
+        providerAvatar: string | null;
+    }): Promise<AuthProvider>;
+    /**
+     * @param {string} providerId
+     * @param {string} provider
+     * @returns {Promise<AuthProvider | null>}
+     */
+    findProviderByProviderIdAndType(providerId: string, provider: string): Promise<AuthProvider | null>;
+    /**
+     * @param {number} accountId
+     * @returns {Promise<AuthProvider[]>}
+     */
+    findProvidersByAccountId(accountId: number): Promise<AuthProvider[]>;
+    /**
+     * @param {number} id
+     * @returns {Promise<void>}
+     */
+    deleteProvider(id: number): Promise<void>;
+    /**
+     * @param {number} accountId
+     * @returns {Promise<void>}
+     */
+    deleteProvidersByAccountId(accountId: number): Promise<void>;
+    /**
+     * @param {number} accountId
+     * @returns {Promise<TwoFactorMethod[]>}
+     */
+    findTwoFactorMethodsByAccountId(accountId: number): Promise<TwoFactorMethod[]>;
+    /**
+     * @param {number} accountId
+     * @param {TwoFactorMechanism} mechanism
+     * @returns {Promise<TwoFactorMethod | null>}
+     */
+    findTwoFactorMethodByAccountAndMechanism(accountId: number, mechanism: TwoFactorMechanism): Promise<TwoFactorMethod | null>;
+    /**
+     * @param {{ accountId: number, mechanism: TwoFactorMechanism, secret?: string, backupCodes?: string[], verified?: boolean }} data
+     * @returns {Promise<TwoFactorMethod>}
+     */
+    createTwoFactorMethod(data: {
+        accountId: number;
+        mechanism: TwoFactorMechanism;
+        secret?: string;
+        backupCodes?: string[];
+        verified?: boolean;
+    }): Promise<TwoFactorMethod>;
+    /**
+     * @param {number} id
+     * @param {Partial<Pick<TwoFactorMethod, "secret" | "backup_codes" | "verified" | "last_used_at">>} updates
+     * @returns {Promise<void>}
+     */
+    updateTwoFactorMethod(id: number, updates: Partial<Pick<TwoFactorMethod, "secret" | "backup_codes" | "verified" | "last_used_at">>): Promise<void>;
+    /**
+     * @param {number} id
+     * @returns {Promise<void>}
+     */
+    deleteTwoFactorMethod(id: number): Promise<void>;
+    /**
+     * @param {number} accountId
+     * @returns {Promise<void>}
+     */
+    deleteTwoFactorMethodsByAccountId(accountId: number): Promise<void>;
+    /**
+     * @param {{ accountId: number, mechanism: TwoFactorMechanism, selector: string, tokenHash: string, expiresAt: Date }} data
+     * @returns {Promise<TwoFactorToken>}
+     */
+    createTwoFactorToken(data: {
+        accountId: number;
+        mechanism: TwoFactorMechanism;
+        selector: string;
+        tokenHash: string;
+        expiresAt: Date;
+    }): Promise<TwoFactorToken>;
+    /**
+     * @param {string} selector
+     * @returns {Promise<TwoFactorToken | null>}
+     */
+    findTwoFactorTokenBySelector(selector: string): Promise<TwoFactorToken | null>;
+    /**
+     * @param {number} id
+     * @returns {Promise<void>}
+     */
+    deleteTwoFactorToken(id: number): Promise<void>;
+    /**
+     * @param {number} accountId
+     * @returns {Promise<void>}
+     */
+    deleteTwoFactorTokensByAccountId(accountId: number): Promise<void>;
+    /**
+     * @param {number} accountId
+     * @param {TwoFactorMechanism} mechanism
+     * @returns {Promise<void>}
+     */
+    deleteTwoFactorTokensByAccountAndMechanism(accountId: number, mechanism: TwoFactorMechanism): Promise<void>;
+}
+export type AuthConfig = import("./types.js").AuthConfig;
+export type AuthAccount = import("./types.js").AuthAccount;
+export type AuthConfirmation = import("./types.js").AuthConfirmation;
+export type AuthRemember = import("./types.js").AuthRemember;
+export type AuthReset = import("./types.js").AuthReset;
+export type AuthProvider = import("./types.js").AuthProvider;
+export type TwoFactorMethod = import("./types.js").TwoFactorMethod;
+export type TwoFactorToken = import("./types.js").TwoFactorToken;
+export type TwoFactorMechanism = any;

package/types/schema.d.ts

@@ -0,0 +1,37 @@
+/**
+ * @typedef {import("./types.js").AuthConfig} AuthConfig
+ */
+/**
+ * Create all auth tables and indexes. Must run before the first request uses auth.
+ * @param {AuthConfig} config
+ * @returns {Promise<void>}
+ */
+export function createAuthTables(config: AuthConfig): Promise<void>;
+/**
+ * @param {AuthConfig} config
+ * @returns {Promise<void>}
+ */
+export function dropAuthTables(config: AuthConfig): Promise<void>;
+/**
+ * @param {AuthConfig} config
+ * @returns {Promise<void>}
+ */
+export function cleanupExpiredTokens(config: AuthConfig): Promise<void>;
+/**
+ * @param {AuthConfig} config
+ * @returns {Promise<{ accounts: number, providers: number, confirmations: number, remembers: number, resets: number, twoFactorMethods: number, twoFactorTokens: number, expiredConfirmations: number, expiredRemembers: number, expiredResets: number, expiredTwoFactorTokens: number }>}
+ */
+export function getAuthTableStats(config: AuthConfig): Promise<{
+    accounts: number;
+    providers: number;
+    confirmations: number;
+    remembers: number;
+    resets: number;
+    twoFactorMethods: number;
+    twoFactorTokens: number;
+    expiredConfirmations: number;
+    expiredRemembers: number;
+    expiredResets: number;
+    expiredTwoFactorTokens: number;
+}>;
+export type AuthConfig = import("./types.js").AuthConfig;