@pureq/auth 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +293 -0
- package/dist/adapter/capabilities.d.ts +23 -0
- package/dist/adapter/capabilities.d.ts.map +1 -0
- package/dist/adapter/capabilities.js +77 -0
- package/dist/adapter/capabilities.js.map +1 -0
- package/dist/adapter/index.d.ts +12 -0
- package/dist/adapter/index.d.ts.map +1 -0
- package/dist/adapter/index.js +121 -0
- package/dist/adapter/index.js.map +1 -0
- package/dist/adapter/sql.d.ts +36 -0
- package/dist/adapter/sql.d.ts.map +1 -0
- package/dist/adapter/sql.js +268 -0
- package/dist/adapter/sql.js.map +1 -0
- package/dist/adapters/index.d.ts +4 -0
- package/dist/adapters/index.d.ts.map +1 -0
- package/dist/adapters/index.js +42 -0
- package/dist/adapters/index.js.map +1 -0
- package/dist/authorization/index.d.ts +8 -0
- package/dist/authorization/index.d.ts.map +1 -0
- package/dist/authorization/index.js +49 -0
- package/dist/authorization/index.js.map +1 -0
- package/dist/bridge/index.d.ts +23 -0
- package/dist/bridge/index.d.ts.map +1 -0
- package/dist/bridge/index.js +124 -0
- package/dist/bridge/index.js.map +1 -0
- package/dist/callbacks/index.d.ts +8 -0
- package/dist/callbacks/index.d.ts.map +1 -0
- package/dist/callbacks/index.js +53 -0
- package/dist/callbacks/index.js.map +1 -0
- package/dist/core/index.d.ts +12 -0
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +481 -0
- package/dist/core/index.js.map +1 -0
- package/dist/core/kit.d.ts +7 -0
- package/dist/core/kit.d.ts.map +1 -0
- package/dist/core/kit.js +145 -0
- package/dist/core/kit.js.map +1 -0
- package/dist/core/starter.d.ts +28 -0
- package/dist/core/starter.d.ts.map +1 -0
- package/dist/core/starter.js +67 -0
- package/dist/core/starter.js.map +1 -0
- package/dist/csrf/index.d.ts +7 -0
- package/dist/csrf/index.d.ts.map +1 -0
- package/dist/csrf/index.js +126 -0
- package/dist/csrf/index.js.map +1 -0
- package/dist/debug/index.d.ts +8 -0
- package/dist/debug/index.d.ts.map +1 -0
- package/dist/debug/index.js +21 -0
- package/dist/debug/index.js.map +1 -0
- package/dist/encryption/index.d.ts +8 -0
- package/dist/encryption/index.d.ts.map +1 -0
- package/dist/encryption/index.js +43 -0
- package/dist/encryption/index.js.map +1 -0
- package/dist/events/index.d.ts +22 -0
- package/dist/events/index.d.ts.map +1 -0
- package/dist/events/index.js +53 -0
- package/dist/events/index.js.map +1 -0
- package/dist/framework/index.d.ts +10 -0
- package/dist/framework/index.d.ts.map +1 -0
- package/dist/framework/index.js +68 -0
- package/dist/framework/index.js.map +1 -0
- package/dist/framework/packs.d.ts +54 -0
- package/dist/framework/packs.d.ts.map +1 -0
- package/dist/framework/packs.js +124 -0
- package/dist/framework/packs.js.map +1 -0
- package/dist/framework/recipes.d.ts +6 -0
- package/dist/framework/recipes.d.ts.map +1 -0
- package/dist/framework/recipes.js +108 -0
- package/dist/framework/recipes.js.map +1 -0
- package/dist/hooks/index.d.ts +11 -0
- package/dist/hooks/index.d.ts.map +1 -0
- package/dist/hooks/index.js +95 -0
- package/dist/hooks/index.js.map +1 -0
- package/dist/hooks/react.d.ts +9 -0
- package/dist/hooks/react.d.ts.map +1 -0
- package/dist/hooks/react.js +24 -0
- package/dist/hooks/react.js.map +1 -0
- package/dist/hooks/vue.d.ts +4 -0
- package/dist/hooks/vue.d.ts.map +1 -0
- package/dist/hooks/vue.js +32 -0
- package/dist/hooks/vue.js.map +1 -0
- package/dist/index.d.ts +36 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +31 -0
- package/dist/index.js.map +1 -0
- package/dist/jwt/index.d.ts +13 -0
- package/dist/jwt/index.d.ts.map +1 -0
- package/dist/jwt/index.js +82 -0
- package/dist/jwt/index.js.map +1 -0
- package/dist/middleware/authBasic.d.ts +5 -0
- package/dist/middleware/authBasic.d.ts.map +1 -0
- package/dist/middleware/authBasic.js +25 -0
- package/dist/middleware/authBasic.js.map +1 -0
- package/dist/middleware/authBearer.d.ts +4 -0
- package/dist/middleware/authBearer.d.ts.map +1 -0
- package/dist/middleware/authBearer.js +26 -0
- package/dist/middleware/authBearer.js.map +1 -0
- package/dist/middleware/authCustom.d.ts +4 -0
- package/dist/middleware/authCustom.d.ts.map +1 -0
- package/dist/middleware/authCustom.js +22 -0
- package/dist/middleware/authCustom.js.map +1 -0
- package/dist/middleware/authRefresh.d.ts +4 -0
- package/dist/middleware/authRefresh.d.ts.map +1 -0
- package/dist/middleware/authRefresh.js +68 -0
- package/dist/middleware/authRefresh.js.map +1 -0
- package/dist/middleware/authSession.d.ts +5 -0
- package/dist/middleware/authSession.d.ts.map +1 -0
- package/dist/middleware/authSession.js +35 -0
- package/dist/middleware/authSession.js.map +1 -0
- package/dist/middleware/broadcastSync.d.ts +7 -0
- package/dist/middleware/broadcastSync.d.ts.map +1 -0
- package/dist/middleware/broadcastSync.js +36 -0
- package/dist/middleware/broadcastSync.js.map +1 -0
- package/dist/middleware/common.d.ts +3 -0
- package/dist/middleware/common.d.ts.map +1 -0
- package/dist/middleware/common.js +10 -0
- package/dist/middleware/common.js.map +1 -0
- package/dist/middleware/index.d.ts +8 -0
- package/dist/middleware/index.d.ts.map +1 -0
- package/dist/middleware/index.js +8 -0
- package/dist/middleware/index.js.map +1 -0
- package/dist/middleware/tokenLifecycle.d.ts +4 -0
- package/dist/middleware/tokenLifecycle.d.ts.map +1 -0
- package/dist/middleware/tokenLifecycle.js +52 -0
- package/dist/middleware/tokenLifecycle.js.map +1 -0
- package/dist/migration/index.d.ts +40 -0
- package/dist/migration/index.d.ts.map +1 -0
- package/dist/migration/index.js +136 -0
- package/dist/migration/index.js.map +1 -0
- package/dist/oidc/index.d.ts +25 -0
- package/dist/oidc/index.d.ts.map +1 -0
- package/dist/oidc/index.js +392 -0
- package/dist/oidc/index.js.map +1 -0
- package/dist/oidc/providers.d.ts +21 -0
- package/dist/oidc/providers.d.ts.map +1 -0
- package/dist/oidc/providers.js +51 -0
- package/dist/oidc/providers.js.map +1 -0
- package/dist/presets/index.d.ts +13 -0
- package/dist/presets/index.d.ts.map +1 -0
- package/dist/presets/index.js +12 -0
- package/dist/presets/index.js.map +1 -0
- package/dist/providers/callbackContracts.d.ts +14 -0
- package/dist/providers/callbackContracts.d.ts.map +1 -0
- package/dist/providers/callbackContracts.js +14 -0
- package/dist/providers/callbackContracts.js.map +1 -0
- package/dist/providers/errors.d.ts +9 -0
- package/dist/providers/errors.d.ts.map +1 -0
- package/dist/providers/errors.js +66 -0
- package/dist/providers/errors.js.map +1 -0
- package/dist/providers/index.d.ts +28 -0
- package/dist/providers/index.d.ts.map +1 -0
- package/dist/providers/index.js +29 -0
- package/dist/providers/index.js.map +1 -0
- package/dist/providers/presets.d.ts +17 -0
- package/dist/providers/presets.d.ts.map +1 -0
- package/dist/providers/presets.js +84 -0
- package/dist/providers/presets.js.map +1 -0
- package/dist/revocation/index.d.ts +10 -0
- package/dist/revocation/index.d.ts.map +1 -0
- package/dist/revocation/index.js +182 -0
- package/dist/revocation/index.js.map +1 -0
- package/dist/session/exporters.d.ts +15 -0
- package/dist/session/exporters.d.ts.map +1 -0
- package/dist/session/exporters.js +62 -0
- package/dist/session/exporters.js.map +1 -0
- package/dist/session/index.d.ts +11 -0
- package/dist/session/index.d.ts.map +1 -0
- package/dist/session/index.js +324 -0
- package/dist/session/index.js.map +1 -0
- package/dist/shared/encoding.d.ts +5 -0
- package/dist/shared/encoding.d.ts.map +1 -0
- package/dist/shared/encoding.js +27 -0
- package/dist/shared/encoding.js.map +1 -0
- package/dist/shared/errors.d.ts +13 -0
- package/dist/shared/errors.d.ts.map +1 -0
- package/dist/shared/errors.js +12 -0
- package/dist/shared/errors.js.map +1 -0
- package/dist/shared/index.d.ts +5 -0
- package/dist/shared/index.d.ts.map +1 -0
- package/dist/shared/index.js +5 -0
- package/dist/shared/index.js.map +1 -0
- package/dist/shared/types.d.ts +585 -0
- package/dist/shared/types.d.ts.map +1 -0
- package/dist/shared/types.js +2 -0
- package/dist/shared/types.js.map +1 -0
- package/dist/shared/values.d.ts +3 -0
- package/dist/shared/values.d.ts.map +1 -0
- package/dist/shared/values.js +23 -0
- package/dist/shared/values.js.map +1 -0
- package/dist/storage/index.d.ts +44 -0
- package/dist/storage/index.d.ts.map +1 -0
- package/dist/storage/index.js +318 -0
- package/dist/storage/index.js.map +1 -0
- package/dist/templates/index.d.ts +9 -0
- package/dist/templates/index.d.ts.map +1 -0
- package/dist/templates/index.js +146 -0
- package/dist/templates/index.js.map +1 -0
- package/package.json +173 -0
package/README.md
ADDED
|
@@ -0,0 +1,293 @@
|
|
|
1
|
+
# @pureq/auth
|
|
2
|
+
|
|
3
|
+
@pureq/auth is the authentication and session layer for the pureq ecosystem.
|
|
4
|
+
|
|
5
|
+
It is designed to give teams both:
|
|
6
|
+
|
|
7
|
+
- a short, practical onboarding path for shipping auth quickly
|
|
8
|
+
- explicit policy control for security, runtime behavior, and operations
|
|
9
|
+
|
|
10
|
+
## Design Goals
|
|
11
|
+
|
|
12
|
+
- framework-neutral core that works across browser, SSR/BFF, Node, and edge
|
|
13
|
+
- explicit security and lifecycle contracts instead of hidden auth behavior
|
|
14
|
+
- production-aware adapter and provider ergonomics
|
|
15
|
+
- migration tooling that turns cutover risk into measurable checks
|
|
16
|
+
|
|
17
|
+
## Comparison with Better Auth and Auth.js (NextAuth)
|
|
18
|
+
|
|
19
|
+
All three target modern TypeScript auth, but they optimize for different adoption and operations profiles.
|
|
20
|
+
|
|
21
|
+
| Concern | Better Auth (general tendency) | Auth.js / NextAuth (general tendency) | @pureq/auth |
|
|
22
|
+
| --- | --- | --- | --- |
|
|
23
|
+
| Primary orientation | framework/app integration speed | Next.js-centric ecosystem with broad adoption history | policy-explicit, framework-neutral core |
|
|
24
|
+
| Default developer flow | batteries-included framework DX | strong Next.js onboarding and established provider patterns | AuthKit/Starter fast path plus explicit lower-level control |
|
|
25
|
+
| Runtime model | framework-focused server flows | primarily Next.js server/client integration surface | browser, SSR/BFF, Node, and edge with shared primitives |
|
|
26
|
+
| Security visibility | secure defaults in framework context | battle-tested defaults with framework conventions | explicit mode-based defaults and policy override diagnostics |
|
|
27
|
+
| Adapter production gate | adapter usage depends on app checks | adapter ecosystem maturity is strong, readiness checks are app-defined | built-in readiness assessment (`probe` + `assess`) |
|
|
28
|
+
| Migration support | docs-driven migration | migration mostly docs/conventions and ecosystem tooling | diagnostics APIs and cutover/rollback checklist generation |
|
|
29
|
+
|
|
30
|
+
Use Better Auth when tight framework-native velocity is the top priority.
|
|
31
|
+
|
|
32
|
+
Use Auth.js/NextAuth when Next.js ecosystem fit and long adoption history are the primary decision factors.
|
|
33
|
+
|
|
34
|
+
Use @pureq/auth when you need one auth core with explicit policy boundaries, deployment-readiness gates, and migration telemetry across mixed runtimes.
|
|
35
|
+
|
|
36
|
+
## What Is Included
|
|
37
|
+
|
|
38
|
+
### Core construction APIs
|
|
39
|
+
|
|
40
|
+
- createAuth
|
|
41
|
+
- createAuthKit
|
|
42
|
+
- createAuthStarter
|
|
43
|
+
|
|
44
|
+
### Route and framework integration
|
|
45
|
+
|
|
46
|
+
- createAuthRouteHandlerRecipe
|
|
47
|
+
- createAuthServerActionRecipe
|
|
48
|
+
- createAuthFrameworkContext
|
|
49
|
+
- createAuthRequestAdapter
|
|
50
|
+
- createNextAuthKitPack
|
|
51
|
+
- createExpressAuthKitPack
|
|
52
|
+
- createFastifyAuthKitPack
|
|
53
|
+
- createReactAuthKitBootstrapPack
|
|
54
|
+
|
|
55
|
+
### Session and state lifecycle
|
|
56
|
+
|
|
57
|
+
- createAuthSessionManager
|
|
58
|
+
- createAuthSessionStore
|
|
59
|
+
- createReactAuthHooks
|
|
60
|
+
- createVueAuthSessionComposable
|
|
61
|
+
- createBufferedSessionEventExporter
|
|
62
|
+
- composeSessionEventAudits
|
|
63
|
+
- createConsoleSessionEventAudit
|
|
64
|
+
|
|
65
|
+
### Providers and OIDC
|
|
66
|
+
|
|
67
|
+
- credentialsProvider
|
|
68
|
+
- emailProvider
|
|
69
|
+
- createTopProviderPreset
|
|
70
|
+
- listTopProviderPresets
|
|
71
|
+
- createOIDCFlow
|
|
72
|
+
- createOIDCFlowFromProvider
|
|
73
|
+
- oidcProviders
|
|
74
|
+
- validateProviderCallbackContract
|
|
75
|
+
- normalizeProviderError
|
|
76
|
+
- PROVIDER_ERROR_NORMALIZATION_TABLE
|
|
77
|
+
|
|
78
|
+
### Adapters and SQL
|
|
79
|
+
|
|
80
|
+
- createInMemoryAdapter
|
|
81
|
+
- createPostgresAdapter
|
|
82
|
+
- createMySqlAdapter
|
|
83
|
+
- createSqlAdapter
|
|
84
|
+
- createPostgresExecutor
|
|
85
|
+
- createMySqlExecutor
|
|
86
|
+
- getSqlSchemaStatements
|
|
87
|
+
- probeAdapterCapabilities
|
|
88
|
+
- assessAdapterReadiness
|
|
89
|
+
|
|
90
|
+
### Security controls
|
|
91
|
+
|
|
92
|
+
- createAuthCsrfProtection
|
|
93
|
+
- withCsrfProtection
|
|
94
|
+
- createAuthRevocationRegistry
|
|
95
|
+
- withRevocationGuard
|
|
96
|
+
- authEncryptedStore
|
|
97
|
+
- createAuthEncryption
|
|
98
|
+
- verifyJwt
|
|
99
|
+
|
|
100
|
+
### Migration and diagnostics
|
|
101
|
+
|
|
102
|
+
- normalizeLegacyAuthTokens
|
|
103
|
+
- migrateLegacyTokensToStore
|
|
104
|
+
- hydrateSessionManagerFromLegacy
|
|
105
|
+
- analyzeAuthMigration
|
|
106
|
+
- formatMigrationParityReport
|
|
107
|
+
- generateMigrationChecklists
|
|
108
|
+
|
|
109
|
+
## Installation
|
|
110
|
+
|
|
111
|
+
```bash
|
|
112
|
+
pnpm add @pureq/auth
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
## Quick Start (Recommended)
|
|
116
|
+
|
|
117
|
+
For the shortest implementation path, start from createAuthStarter.
|
|
118
|
+
|
|
119
|
+
```ts
|
|
120
|
+
import { createAuthStarter, createInMemoryAdapter, credentialsProvider } from "@pureq/auth";
|
|
121
|
+
|
|
122
|
+
const starter = await createAuthStarter({
|
|
123
|
+
security: { mode: "ssr-bff" },
|
|
124
|
+
adapter: createInMemoryAdapter(),
|
|
125
|
+
providers: [
|
|
126
|
+
credentialsProvider({
|
|
127
|
+
authorize: async (credentials) => {
|
|
128
|
+
if (credentials.username === "alice" && credentials.password === "secret") {
|
|
129
|
+
return { id: "alice", email: "alice@example.com" };
|
|
130
|
+
}
|
|
131
|
+
return null;
|
|
132
|
+
},
|
|
133
|
+
}),
|
|
134
|
+
],
|
|
135
|
+
});
|
|
136
|
+
|
|
137
|
+
export const handlers = starter.kit.handlers;
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
## AuthKit-First Setup
|
|
141
|
+
|
|
142
|
+
If you want explicit assembly while keeping strong defaults, use createAuthKit.
|
|
143
|
+
|
|
144
|
+
```ts
|
|
145
|
+
import { createAuthKit, createInMemoryAdapter } from "@pureq/auth";
|
|
146
|
+
|
|
147
|
+
const kit = createAuthKit({
|
|
148
|
+
security: { mode: "ssr-bff" },
|
|
149
|
+
adapter: createInMemoryAdapter(),
|
|
150
|
+
});
|
|
151
|
+
|
|
152
|
+
export const { handleSignIn, handleCallback, handleSession, handleSignOut } = kit.handlers;
|
|
153
|
+
```
|
|
154
|
+
|
|
155
|
+
## Providers
|
|
156
|
+
|
|
157
|
+
Top-provider presets and generic OIDC helpers are available.
|
|
158
|
+
|
|
159
|
+
```ts
|
|
160
|
+
import { createTopProviderPreset, listTopProviderPresets } from "@pureq/auth";
|
|
161
|
+
|
|
162
|
+
const supported = listTopProviderPresets();
|
|
163
|
+
const google = createTopProviderPreset("google");
|
|
164
|
+
```
|
|
165
|
+
|
|
166
|
+
Built-in top presets include:
|
|
167
|
+
|
|
168
|
+
- google
|
|
169
|
+
- github
|
|
170
|
+
- microsoft
|
|
171
|
+
- auth0
|
|
172
|
+
- apple
|
|
173
|
+
- okta
|
|
174
|
+
- keycloak
|
|
175
|
+
- cognito
|
|
176
|
+
- gitlab
|
|
177
|
+
- discord
|
|
178
|
+
- slack
|
|
179
|
+
- generic
|
|
180
|
+
|
|
181
|
+
## SQL Adapters and Readiness
|
|
182
|
+
|
|
183
|
+
```ts
|
|
184
|
+
import {
|
|
185
|
+
createPostgresAdapter,
|
|
186
|
+
getSqlSchemaStatements,
|
|
187
|
+
assessAdapterReadiness,
|
|
188
|
+
} from "@pureq/auth";
|
|
189
|
+
|
|
190
|
+
const adapter = createPostgresAdapter(pgPool);
|
|
191
|
+
const report = assessAdapterReadiness(adapter, {
|
|
192
|
+
deployment: "production",
|
|
193
|
+
requireEmailProviderSupport: true,
|
|
194
|
+
});
|
|
195
|
+
|
|
196
|
+
if (report.status !== "ready") {
|
|
197
|
+
throw new Error(`adapter not ready: ${report.status}`);
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
for (const sql of getSqlSchemaStatements("postgres")) {
|
|
201
|
+
await pgPool.query(sql);
|
|
202
|
+
}
|
|
203
|
+
```
|
|
204
|
+
|
|
205
|
+
Versioned SQL templates are included in:
|
|
206
|
+
|
|
207
|
+
- [PostgreSQL v1 template](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/sql/migrations/v1/postgres.sql)
|
|
208
|
+
- [MySQL v1 template](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/sql/migrations/v1/mysql.sql)
|
|
209
|
+
|
|
210
|
+
## Security Model
|
|
211
|
+
|
|
212
|
+
### Automatic behavior
|
|
213
|
+
|
|
214
|
+
- OIDC callback replay protection with TTL cache
|
|
215
|
+
- JWT verification hardening (no alg:none acceptance)
|
|
216
|
+
- secure cookie defaults in cookie-backed flows
|
|
217
|
+
|
|
218
|
+
### Opt-in behavior
|
|
219
|
+
|
|
220
|
+
- CSRF middleware for browser-mutating endpoints
|
|
221
|
+
- revocation guard for jti/sid/sub invalidation
|
|
222
|
+
- encrypted token storage
|
|
223
|
+
- broadcast sync for multi-tab state propagation
|
|
224
|
+
|
|
225
|
+
### Runtime-mode defaults
|
|
226
|
+
|
|
227
|
+
Security defaults are mode-aware:
|
|
228
|
+
|
|
229
|
+
- browser-spa
|
|
230
|
+
- ssr-bff
|
|
231
|
+
- edge
|
|
232
|
+
|
|
233
|
+
Policy overrides are diagnosable through onPolicyOverride hooks.
|
|
234
|
+
|
|
235
|
+
## Migration Workflow
|
|
236
|
+
|
|
237
|
+
Migration helpers are provided for:
|
|
238
|
+
|
|
239
|
+
- legacy token normalization
|
|
240
|
+
- store/session hydration
|
|
241
|
+
- parity report generation
|
|
242
|
+
- cutover and rollback checklist generation
|
|
243
|
+
|
|
244
|
+
Starter can run adapter preflight at process boot and fail early on blocked readiness.
|
|
245
|
+
|
|
246
|
+
## Framework and Runtime Coverage
|
|
247
|
+
|
|
248
|
+
Core primitives are framework-neutral.
|
|
249
|
+
|
|
250
|
+
Thin packs and recipes are provided for:
|
|
251
|
+
|
|
252
|
+
- Next.js
|
|
253
|
+
- Express
|
|
254
|
+
- Fastify
|
|
255
|
+
- React bootstrap
|
|
256
|
+
- SSR/BFF bridge patterns
|
|
257
|
+
- edge-compatible context and response handoff
|
|
258
|
+
|
|
259
|
+
## Documentation
|
|
260
|
+
|
|
261
|
+
- [Documentation Index](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/README.md)
|
|
262
|
+
- [Package Overview](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/auth_package.md)
|
|
263
|
+
- [AuthKit Quickstart](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/authkit_quickstart.md)
|
|
264
|
+
- [Auth Starter](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/auth_starter.md)
|
|
265
|
+
- [Implementation Examples](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/implementation_examples.md)
|
|
266
|
+
- [Framework Packs](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/framework_packs.md)
|
|
267
|
+
- [Framework Adapters](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/framework_adapters.md)
|
|
268
|
+
- [Framework Hooks](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/framework_hooks.md)
|
|
269
|
+
- [Security Controls](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/security_controls.md)
|
|
270
|
+
- [Session Event Operations](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/session_event_operations.md)
|
|
271
|
+
- [SSR Bridge](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/ssr_bridge.md)
|
|
272
|
+
- [SQL Adapters Quickstart](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/sql_adapters_quickstart.md)
|
|
273
|
+
- [Adapter Compatibility Matrix](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/adapter_compatibility_matrix.md)
|
|
274
|
+
- [Adapter Harness](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/adapter_harness.md)
|
|
275
|
+
- [Provider Priorities](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/provider_priorities.md)
|
|
276
|
+
- [Provider Error Normalization](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/provider_error_normalization.md)
|
|
277
|
+
- [Migration Guide](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/migration_guide.md)
|
|
278
|
+
- [Migration Playbook](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/migration_playbook.md)
|
|
279
|
+
- [Templates and Presets](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/templates_and_presets.md)
|
|
280
|
+
- [Event Adapters](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/event_adapters.md)
|
|
281
|
+
- [Error Code Reference](https://github.com/shiro-shihi/pureq/blob/main/packages/auth/docs/error_code_reference.md)
|
|
282
|
+
|
|
283
|
+
## Testing
|
|
284
|
+
|
|
285
|
+
```bash
|
|
286
|
+
pnpm --filter @pureq/auth test:unit
|
|
287
|
+
pnpm --filter @pureq/auth test:contract
|
|
288
|
+
pnpm --filter @pureq/auth test:integration
|
|
289
|
+
```
|
|
290
|
+
|
|
291
|
+
## License
|
|
292
|
+
|
|
293
|
+
MIT © Shihiro
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import type { AuthDatabaseAdapter } from "../shared";
|
|
2
|
+
export interface AdapterCapabilityReport {
|
|
3
|
+
readonly hasCoreUserMethods: boolean;
|
|
4
|
+
readonly hasCoreAccountMethods: boolean;
|
|
5
|
+
readonly hasCoreSessionMethods: boolean;
|
|
6
|
+
readonly hasVerificationTokenMethods: boolean;
|
|
7
|
+
readonly missingRequired: readonly string[];
|
|
8
|
+
readonly missingRecommended: readonly string[];
|
|
9
|
+
readonly level: "level-a" | "level-b" | "level-c";
|
|
10
|
+
}
|
|
11
|
+
export interface AdapterReadinessOptions {
|
|
12
|
+
readonly deployment?: "development" | "production";
|
|
13
|
+
readonly requireEmailProviderSupport?: boolean;
|
|
14
|
+
}
|
|
15
|
+
export interface AdapterReadinessReport {
|
|
16
|
+
readonly capability: AdapterCapabilityReport;
|
|
17
|
+
readonly blockers: readonly string[];
|
|
18
|
+
readonly warnings: readonly string[];
|
|
19
|
+
readonly status: "ready" | "needs-attention" | "blocked";
|
|
20
|
+
}
|
|
21
|
+
export declare function probeAdapterCapabilities(adapter: AuthDatabaseAdapter): AdapterCapabilityReport;
|
|
22
|
+
export declare function assessAdapterReadiness(adapter: AuthDatabaseAdapter, options?: AdapterReadinessOptions): AdapterReadinessReport;
|
|
23
|
+
//# sourceMappingURL=capabilities.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"capabilities.d.ts","sourceRoot":"","sources":["../../src/adapter/capabilities.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAErD,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,kBAAkB,EAAE,OAAO,CAAC;IACrC,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAC;IACxC,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAC;IACxC,QAAQ,CAAC,2BAA2B,EAAE,OAAO,CAAC;IAC9C,QAAQ,CAAC,eAAe,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,kBAAkB,EAAE,SAAS,MAAM,EAAE,CAAC;IAC/C,QAAQ,CAAC,KAAK,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;CACnD;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,UAAU,CAAC,EAAE,aAAa,GAAG,YAAY,CAAC;IACnD,QAAQ,CAAC,2BAA2B,CAAC,EAAE,OAAO,CAAC;CAChD;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,UAAU,EAAE,uBAAuB,CAAC;IAC7C,QAAQ,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC,QAAQ,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC,QAAQ,CAAC,MAAM,EAAE,OAAO,GAAG,iBAAiB,GAAG,SAAS,CAAC;CAC1D;AAMD,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,mBAAmB,GAAG,uBAAuB,CAwD9F;AAED,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,mBAAmB,EAC5B,OAAO,GAAE,uBAA4B,GACpC,sBAAsB,CA+BxB"}
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
function hasMethod(target, key) {
|
|
2
|
+
return typeof target[String(key)] === "function";
|
|
3
|
+
}
|
|
4
|
+
export function probeAdapterCapabilities(adapter) {
|
|
5
|
+
const required = [
|
|
6
|
+
"createUser",
|
|
7
|
+
"getUser",
|
|
8
|
+
"getUserByEmail",
|
|
9
|
+
"getUserByAccount",
|
|
10
|
+
"updateUser",
|
|
11
|
+
"linkAccount",
|
|
12
|
+
"createSession",
|
|
13
|
+
"getSessionAndUser",
|
|
14
|
+
"updateSession",
|
|
15
|
+
"deleteSession",
|
|
16
|
+
];
|
|
17
|
+
const recommended = [
|
|
18
|
+
"deleteUser",
|
|
19
|
+
"unlinkAccount",
|
|
20
|
+
"createVerificationToken",
|
|
21
|
+
"useVerificationToken",
|
|
22
|
+
];
|
|
23
|
+
const missingRequired = required.filter((key) => !hasMethod(adapter, key)).map(String);
|
|
24
|
+
const missingRecommended = recommended.filter((key) => !hasMethod(adapter, key)).map(String);
|
|
25
|
+
const hasCoreUserMethods = hasMethod(adapter, "createUser") &&
|
|
26
|
+
hasMethod(adapter, "getUser") &&
|
|
27
|
+
hasMethod(adapter, "getUserByEmail") &&
|
|
28
|
+
hasMethod(adapter, "updateUser");
|
|
29
|
+
const hasCoreAccountMethods = hasMethod(adapter, "getUserByAccount") && hasMethod(adapter, "linkAccount");
|
|
30
|
+
const hasCoreSessionMethods = hasMethod(adapter, "createSession") &&
|
|
31
|
+
hasMethod(adapter, "getSessionAndUser") &&
|
|
32
|
+
hasMethod(adapter, "updateSession") &&
|
|
33
|
+
hasMethod(adapter, "deleteSession");
|
|
34
|
+
const hasVerificationTokenMethods = hasMethod(adapter, "createVerificationToken") && hasMethod(adapter, "useVerificationToken");
|
|
35
|
+
const level = missingRequired.length === 0 && missingRecommended.length === 0
|
|
36
|
+
? "level-a"
|
|
37
|
+
: missingRequired.length === 0
|
|
38
|
+
? "level-b"
|
|
39
|
+
: "level-c";
|
|
40
|
+
return {
|
|
41
|
+
hasCoreUserMethods,
|
|
42
|
+
hasCoreAccountMethods,
|
|
43
|
+
hasCoreSessionMethods,
|
|
44
|
+
hasVerificationTokenMethods,
|
|
45
|
+
missingRequired,
|
|
46
|
+
missingRecommended,
|
|
47
|
+
level,
|
|
48
|
+
};
|
|
49
|
+
}
|
|
50
|
+
export function assessAdapterReadiness(adapter, options = {}) {
|
|
51
|
+
const capability = probeAdapterCapabilities(adapter);
|
|
52
|
+
const blockers = [];
|
|
53
|
+
const warnings = [];
|
|
54
|
+
const deployment = options.deployment ?? "development";
|
|
55
|
+
for (const missing of capability.missingRequired) {
|
|
56
|
+
blockers.push(`missing required adapter method: ${missing}`);
|
|
57
|
+
}
|
|
58
|
+
if (options.requireEmailProviderSupport && !capability.hasVerificationTokenMethods) {
|
|
59
|
+
blockers.push("email provider flows require createVerificationToken/useVerificationToken support");
|
|
60
|
+
}
|
|
61
|
+
if (deployment === "production") {
|
|
62
|
+
if (capability.level === "level-c") {
|
|
63
|
+
blockers.push("level-c adapters are not production-ready");
|
|
64
|
+
}
|
|
65
|
+
for (const missing of capability.missingRecommended) {
|
|
66
|
+
warnings.push(`missing recommended production method: ${missing}`);
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
const status = blockers.length > 0 ? "blocked" : warnings.length > 0 ? "needs-attention" : "ready";
|
|
70
|
+
return {
|
|
71
|
+
capability,
|
|
72
|
+
blockers,
|
|
73
|
+
warnings,
|
|
74
|
+
status,
|
|
75
|
+
};
|
|
76
|
+
}
|
|
77
|
+
//# sourceMappingURL=capabilities.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"capabilities.js","sourceRoot":"","sources":["../../src/adapter/capabilities.ts"],"names":[],"mappings":"AAwBA,SAAS,SAAS,CAAmB,MAAS,EAAE,GAA8B;IAC5E,OAAO,OAAQ,MAAkC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC;AAChF,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,OAA4B;IACnE,MAAM,QAAQ,GAAqC;QACjD,YAAY;QACZ,SAAS;QACT,gBAAgB;QAChB,kBAAkB;QAClB,YAAY;QACZ,aAAa;QACb,eAAe;QACf,mBAAmB;QACnB,eAAe;QACf,eAAe;KAChB,CAAC;IAEF,MAAM,WAAW,GAAqC;QACpD,YAAY;QACZ,eAAe;QACf,yBAAyB;QACzB,sBAAsB;KACvB,CAAC;IAEF,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvF,MAAM,kBAAkB,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAE7F,MAAM,kBAAkB,GACtB,SAAS,CAAC,OAAO,EAAE,YAAY,CAAC;QAChC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC;QAC7B,SAAS,CAAC,OAAO,EAAE,gBAAgB,CAAC;QACpC,SAAS,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAEnC,MAAM,qBAAqB,GAAG,SAAS,CAAC,OAAO,EAAE,kBAAkB,CAAC,IAAI,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAE1G,MAAM,qBAAqB,GACzB,SAAS,CAAC,OAAO,EAAE,eAAe,CAAC;QACnC,SAAS,CAAC,OAAO,EAAE,mBAAmB,CAAC;QACvC,SAAS,CAAC,OAAO,EAAE,eAAe,CAAC;QACnC,SAAS,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAEtC,MAAM,2BAA2B,GAAG,SAAS,CAAC,OAAO,EAAE,yBAAyB,CAAC,IAAI,SAAS,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;IAEhI,MAAM,KAAK,GACT,eAAe,CAAC,MAAM,KAAK,CAAC,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC;QAC7D,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC;YAC5B,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,SAAS,CAAC;IAElB,OAAO;QACL,kBAAkB;QAClB,qBAAqB;QACrB,qBAAqB;QACrB,2BAA2B;QAC3B,eAAe;QACf,kBAAkB;QAClB,KAAK;KACN,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,OAA4B,EAC5B,UAAmC,EAAE;IAErC,MAAM,UAAU,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,aAAa,CAAC;IAEvD,KAAK,MAAM,OAAO,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC;QACjD,QAAQ,CAAC,IAAI,CAAC,oCAAoC,OAAO,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,OAAO,CAAC,2BAA2B,IAAI,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC;QACnF,QAAQ,CAAC,IAAI,CAAC,mFAAmF,CAAC,CAAC;IACrG,CAAC;IAED,IAAI,UAAU,KAAK,YAAY,EAAE,CAAC;QAChC,IAAI,UAAU,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YACnC,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAC7D,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,UAAU,CAAC,kBAAkB,EAAE,CAAC;YACpD,QAAQ,CAAC,IAAI,CAAC,0CAA0C,OAAO,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAqC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,OAAO,CAAC;IAErI,OAAO;QACL,UAAU;QACV,QAAQ;QACR,QAAQ;QACR,MAAM;KACP,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { AuthDatabaseAdapter } from "../shared";
|
|
2
|
+
export { probeAdapterCapabilities, assessAdapterReadiness } from "./capabilities";
|
|
3
|
+
export type { AdapterCapabilityReport, AdapterReadinessOptions, AdapterReadinessReport } from "./capabilities";
|
|
4
|
+
export { createMySqlAdapter, createMySqlExecutor, createPostgresAdapter, createPostgresExecutor, createSqlAdapter, getSqlSchemaStatements, } from "./sql";
|
|
5
|
+
export type { MySqlClientLike, PostgresClientLike, SqlAdapterOptions, SqlDialect, SqlExecutor, SqlRow, SqlValue, TableNames, } from "./sql";
|
|
6
|
+
/**
|
|
7
|
+
* In-memory database adapter for testing and development.
|
|
8
|
+
* FEAT-H1: Implements the full AuthDatabaseAdapter interface.
|
|
9
|
+
*/
|
|
10
|
+
export declare function createInMemoryAdapter(): AuthDatabaseAdapter;
|
|
11
|
+
export type { AuthDatabaseAdapter, AuthUser, AuthAccount, AuthPersistedSession, AuthVerificationToken } from "../shared";
|
|
12
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/adapter/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,mBAAmB,EAKpB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,wBAAwB,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAClF,YAAY,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAC/G,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,sBAAsB,EACtB,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,OAAO,CAAC;AACf,YAAY,EACV,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EACjB,UAAU,EACV,WAAW,EACX,MAAM,EACN,QAAQ,EACR,UAAU,GACX,MAAM,OAAO,CAAC;AAEf;;;GAGG;AACH,wBAAgB,qBAAqB,IAAI,mBAAmB,CAoI3D;AAED,YAAY,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC"}
|
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
export { probeAdapterCapabilities, assessAdapterReadiness } from "./capabilities";
|
|
2
|
+
export { createMySqlAdapter, createMySqlExecutor, createPostgresAdapter, createPostgresExecutor, createSqlAdapter, getSqlSchemaStatements, } from "./sql";
|
|
3
|
+
/**
|
|
4
|
+
* In-memory database adapter for testing and development.
|
|
5
|
+
* FEAT-H1: Implements the full AuthDatabaseAdapter interface.
|
|
6
|
+
*/
|
|
7
|
+
export function createInMemoryAdapter() {
|
|
8
|
+
const users = new Map();
|
|
9
|
+
const accounts = [];
|
|
10
|
+
const sessions = new Map();
|
|
11
|
+
const verificationTokens = new Map();
|
|
12
|
+
let userIdCounter = 0;
|
|
13
|
+
const generateId = () => {
|
|
14
|
+
userIdCounter += 1;
|
|
15
|
+
return `user-${userIdCounter}-${Math.random().toString(36).slice(2, 8)}`;
|
|
16
|
+
};
|
|
17
|
+
return {
|
|
18
|
+
async createUser(user) {
|
|
19
|
+
const id = generateId();
|
|
20
|
+
const newUser = { ...user, id };
|
|
21
|
+
users.set(id, newUser);
|
|
22
|
+
return newUser;
|
|
23
|
+
},
|
|
24
|
+
async getUser(id) {
|
|
25
|
+
return users.get(id) ?? null;
|
|
26
|
+
},
|
|
27
|
+
async getUserByEmail(email) {
|
|
28
|
+
for (const user of users.values()) {
|
|
29
|
+
if (user.email === email) {
|
|
30
|
+
return user;
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
return null;
|
|
34
|
+
},
|
|
35
|
+
async getUserByAccount(provider, providerAccountId) {
|
|
36
|
+
const account = accounts.find((a) => a.provider === provider && a.providerAccountId === providerAccountId);
|
|
37
|
+
if (!account) {
|
|
38
|
+
return null;
|
|
39
|
+
}
|
|
40
|
+
return users.get(account.userId) ?? null;
|
|
41
|
+
},
|
|
42
|
+
async updateUser(user) {
|
|
43
|
+
const existing = users.get(user.id);
|
|
44
|
+
if (!existing) {
|
|
45
|
+
throw new Error(`pureq: user ${user.id} not found`);
|
|
46
|
+
}
|
|
47
|
+
const updated = { ...existing, ...user };
|
|
48
|
+
users.set(user.id, updated);
|
|
49
|
+
return updated;
|
|
50
|
+
},
|
|
51
|
+
async deleteUser(id) {
|
|
52
|
+
users.delete(id);
|
|
53
|
+
const toRemove = accounts.filter((a) => a.userId === id);
|
|
54
|
+
for (const acc of toRemove) {
|
|
55
|
+
const idx = accounts.indexOf(acc);
|
|
56
|
+
if (idx !== -1) {
|
|
57
|
+
accounts.splice(idx, 1);
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
},
|
|
61
|
+
async linkAccount(account) {
|
|
62
|
+
accounts.push(account);
|
|
63
|
+
return account;
|
|
64
|
+
},
|
|
65
|
+
async unlinkAccount(provider, providerAccountId) {
|
|
66
|
+
const idx = accounts.findIndex((a) => a.provider === provider && a.providerAccountId === providerAccountId);
|
|
67
|
+
if (idx !== -1) {
|
|
68
|
+
accounts.splice(idx, 1);
|
|
69
|
+
}
|
|
70
|
+
},
|
|
71
|
+
async createSession(session) {
|
|
72
|
+
sessions.set(session.sessionToken, { session, userId: session.userId });
|
|
73
|
+
return session;
|
|
74
|
+
},
|
|
75
|
+
async getSessionAndUser(sessionToken) {
|
|
76
|
+
const entry = sessions.get(sessionToken);
|
|
77
|
+
if (!entry) {
|
|
78
|
+
return null;
|
|
79
|
+
}
|
|
80
|
+
if (entry.session.expiresAt < new Date()) {
|
|
81
|
+
sessions.delete(sessionToken);
|
|
82
|
+
return null;
|
|
83
|
+
}
|
|
84
|
+
const user = users.get(entry.userId);
|
|
85
|
+
if (!user) {
|
|
86
|
+
return null;
|
|
87
|
+
}
|
|
88
|
+
return { session: entry.session, user };
|
|
89
|
+
},
|
|
90
|
+
async updateSession(session) {
|
|
91
|
+
const existing = sessions.get(session.sessionToken);
|
|
92
|
+
if (!existing) {
|
|
93
|
+
return null;
|
|
94
|
+
}
|
|
95
|
+
const updated = { ...existing.session, ...session };
|
|
96
|
+
sessions.set(session.sessionToken, { session: updated, userId: existing.userId });
|
|
97
|
+
return updated;
|
|
98
|
+
},
|
|
99
|
+
async deleteSession(sessionToken) {
|
|
100
|
+
sessions.delete(sessionToken);
|
|
101
|
+
},
|
|
102
|
+
async createVerificationToken(token) {
|
|
103
|
+
const key = `${token.identifier}:${token.token}`;
|
|
104
|
+
verificationTokens.set(key, token);
|
|
105
|
+
return token;
|
|
106
|
+
},
|
|
107
|
+
async useVerificationToken(params) {
|
|
108
|
+
const key = `${params.identifier}:${params.token}`;
|
|
109
|
+
const token = verificationTokens.get(key);
|
|
110
|
+
if (!token) {
|
|
111
|
+
return null;
|
|
112
|
+
}
|
|
113
|
+
verificationTokens.delete(key);
|
|
114
|
+
if (token.expiresAt < new Date()) {
|
|
115
|
+
return null;
|
|
116
|
+
}
|
|
117
|
+
return token;
|
|
118
|
+
},
|
|
119
|
+
};
|
|
120
|
+
}
|
|
121
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/adapter/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,wBAAwB,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAElF,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,sBAAsB,EACtB,gBAAgB,EAChB,sBAAsB,GACvB,MAAM,OAAO,CAAC;AAYf;;;GAGG;AACH,MAAM,UAAU,qBAAqB;IACnC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC1C,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA6D,CAAC;IACtF,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAiC,CAAC;IACpE,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,MAAM,UAAU,GAAG,GAAW,EAAE;QAC9B,aAAa,IAAI,CAAC,CAAC;QACnB,OAAO,QAAQ,aAAa,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IAC3E,CAAC,CAAC;IAEF,OAAO;QACL,KAAK,CAAC,UAAU,CAAC,IAAI;YACnB,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;YACxB,MAAM,OAAO,GAAa,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,CAAC;YAC1C,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YACvB,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,EAAE;YACd,OAAO,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC;QAC/B,CAAC;QAED,KAAK,CAAC,cAAc,CAAC,KAAK;YACxB,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAClC,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;oBACzB,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,KAAK,CAAC,gBAAgB,CAAC,QAAQ,EAAE,iBAAiB;YAChD,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAC3B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,iBAAiB,KAAK,iBAAiB,CAC5E,CAAC;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC;QAC3C,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,IAAI;YACnB,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACpC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,eAAe,IAAI,CAAC,EAAE,YAAY,CAAC,CAAC;YACtD,CAAC;YACD,MAAM,OAAO,GAAG,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAC;YACzC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YAC5B,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,EAAE;YACjB,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACjB,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,EAAE,CAAC,CAAC;YACzD,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAClC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;oBACf,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,OAAO;YACvB,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACvB,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,QAAQ,EAAE,iBAAiB;YAC7C,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,iBAAiB,KAAK,iBAAiB,CAC5E,CAAC;YACF,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;gBACf,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,OAAO;YACzB,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YACxE,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,KAAK,CAAC,iBAAiB,CAAC,YAAY;YAClC,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACzC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBACzC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAC9B,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACrC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC;QAC1C,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,OAAO;YACzB,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,OAAO,GAAG,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE,GAAG,OAAO,EAAE,CAAC;YACpD,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAClF,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,YAAY;YAC9B,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAChC,CAAC;QAED,KAAK,CAAC,uBAAuB,CAAC,KAAK;YACjC,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YACjD,kBAAkB,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACnC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,CAAC,oBAAoB,CAAC,MAAM;YAC/B,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACnD,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,IAAI,CAAC;YACd,CAAC;YACD,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,KAAK,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBACjC,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import type { AuthDatabaseAdapter } from "../shared";
|
|
2
|
+
type SqlValue = string | number | boolean | Date | null;
|
|
3
|
+
type SqlRow = Readonly<Record<string, unknown>>;
|
|
4
|
+
type SqlDialect = "postgres" | "mysql";
|
|
5
|
+
interface TableNames {
|
|
6
|
+
readonly users: string;
|
|
7
|
+
readonly accounts: string;
|
|
8
|
+
readonly sessions: string;
|
|
9
|
+
readonly verificationTokens: string;
|
|
10
|
+
}
|
|
11
|
+
interface SqlExecutor {
|
|
12
|
+
readonly select: (sql: string, params: readonly SqlValue[]) => Promise<readonly SqlRow[]>;
|
|
13
|
+
readonly execute: (sql: string, params: readonly SqlValue[]) => Promise<{
|
|
14
|
+
readonly affectedRows: number;
|
|
15
|
+
}>;
|
|
16
|
+
}
|
|
17
|
+
interface SqlAdapterOptions {
|
|
18
|
+
readonly tableNames?: Partial<TableNames>;
|
|
19
|
+
}
|
|
20
|
+
export interface PostgresClientLike {
|
|
21
|
+
query(sql: string, params?: readonly SqlValue[]): Promise<{
|
|
22
|
+
readonly rows?: readonly SqlRow[];
|
|
23
|
+
readonly rowCount?: number | null;
|
|
24
|
+
}>;
|
|
25
|
+
}
|
|
26
|
+
export interface MySqlClientLike {
|
|
27
|
+
execute(sql: string, params?: readonly SqlValue[]): Promise<readonly [unknown, unknown?]>;
|
|
28
|
+
}
|
|
29
|
+
export declare function createPostgresExecutor(client: PostgresClientLike): SqlExecutor;
|
|
30
|
+
export declare function createMySqlExecutor(client: MySqlClientLike): SqlExecutor;
|
|
31
|
+
export declare function createSqlAdapter(dialect: SqlDialect, executor: SqlExecutor, options?: SqlAdapterOptions): AuthDatabaseAdapter;
|
|
32
|
+
export declare function createPostgresAdapter(client: PostgresClientLike, options?: SqlAdapterOptions): AuthDatabaseAdapter;
|
|
33
|
+
export declare function createMySqlAdapter(client: MySqlClientLike, options?: SqlAdapterOptions): AuthDatabaseAdapter;
|
|
34
|
+
export declare function getSqlSchemaStatements(dialect: SqlDialect, options?: SqlAdapterOptions): readonly string[];
|
|
35
|
+
export type { SqlDialect, SqlAdapterOptions, TableNames, SqlExecutor, SqlRow, SqlValue };
|
|
36
|
+
//# sourceMappingURL=sql.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sql.d.ts","sourceRoot":"","sources":["../../src/adapter/sql.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,mBAAmB,EAIpB,MAAM,WAAW,CAAC;AAEnB,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,GAAG,IAAI,CAAC;AACxD,KAAK,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAEhD,KAAK,UAAU,GAAG,UAAU,GAAG,OAAO,CAAC;AAEvC,UAAU,UAAU;IAClB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;CACrC;AAED,UAAU,WAAW;IACnB,QAAQ,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,QAAQ,EAAE,KAAK,OAAO,CAAC,SAAS,MAAM,EAAE,CAAC,CAAC;IAC1F,QAAQ,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,QAAQ,EAAE,KAAK,OAAO,CAAC;QAAE,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC5G;AAED,UAAU,iBAAiB;IACzB,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;CAC3C;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,SAAS,QAAQ,EAAE,GAAG,OAAO,CAAC;QAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;QAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;CACrI;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,SAAS,QAAQ,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;CAC3F;AAwFD,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,kBAAkB,GAAG,WAAW,CAW9E;AAmBD,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,eAAe,GAAG,WAAW,CAWxE;AAED,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,UAAU,EACnB,QAAQ,EAAE,WAAW,EACrB,OAAO,GAAE,iBAAsB,GAC9B,mBAAmB,CAgKrB;AAED,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,kBAAkB,EAC1B,OAAO,GAAE,iBAAsB,GAC9B,mBAAmB,CAErB;AAED,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,eAAe,EACvB,OAAO,GAAE,iBAAsB,GAC9B,mBAAmB,CAErB;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,GAAE,iBAAsB,GAAG,SAAS,MAAM,EAAE,CAoB9G;AAED,YAAY,EAAE,UAAU,EAAE,iBAAiB,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC"}
|