@pureq/auth 0.2.0

package/dist/adapter/sql.js

@@ -0,0 +1,268 @@
+const DEFAULT_TABLES = {
+    users: "auth_users",
+    accounts: "auth_accounts",
+    sessions: "auth_sessions",
+    verificationTokens: "auth_verification_tokens",
+};
+function isSafeIdentifier(name) {
+    return /^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name);
+}
+function resolveTableNames(partial) {
+    const merged = {
+        users: partial?.users ?? DEFAULT_TABLES.users,
+        accounts: partial?.accounts ?? DEFAULT_TABLES.accounts,
+        sessions: partial?.sessions ?? DEFAULT_TABLES.sessions,
+        verificationTokens: partial?.verificationTokens ?? DEFAULT_TABLES.verificationTokens,
+    };
+    for (const name of Object.values(merged)) {
+        if (!isSafeIdentifier(name)) {
+            throw new Error(`pureq: invalid table name: ${name}`);
+        }
+    }
+    return merged;
+}
+function toDate(value) {
+    if (value instanceof Date) {
+        return value;
+    }
+    if (typeof value === "string" || typeof value === "number") {
+        return new Date(value);
+    }
+    return new Date(0);
+}
+function normalizeNullableString(value) {
+    return typeof value === "string" ? value : null;
+}
+function now() {
+    return new Date();
+}
+function createId() {
+    if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
+        return crypto.randomUUID();
+    }
+    return `user_${Math.random().toString(36).slice(2)}_${Date.now()}`;
+}
+function rowToUser(row) {
+    return {
+        id: String(row.id),
+        email: normalizeNullableString(row.email),
+        emailVerified: row.email_verified == null ? null : toDate(row.email_verified),
+        name: normalizeNullableString(row.name),
+        image: normalizeNullableString(row.image),
+    };
+}
+function rowToSession(row) {
+    return {
+        sessionToken: String(row.session_token),
+        userId: String(row.user_id),
+        expiresAt: toDate(row.expires_at),
+    };
+}
+function mapAccountType(value) {
+    if (value === "oauth" || value === "oidc" || value === "credentials" || value === "email") {
+        return value;
+    }
+    return "oidc";
+}
+function placeholder(dialect, index) {
+    return dialect === "postgres" ? `$${index}` : "?";
+}
+function placeholders(dialect, count, start = 1) {
+    return Array.from({ length: count }, (_, i) => placeholder(dialect, i + start)).join(", ");
+}
+export function createPostgresExecutor(client) {
+    return {
+        async select(sql, params) {
+            const result = await client.query(sql, params);
+            return result.rows ?? [];
+        },
+        async execute(sql, params) {
+            const result = await client.query(sql, params);
+            return { affectedRows: result.rowCount ?? 0 };
+        },
+    };
+}
+function toMySqlRows(result) {
+    if (!Array.isArray(result)) {
+        return [];
+    }
+    return result;
+}
+function toMySqlAffectedRows(result) {
+    if (!result || typeof result !== "object") {
+        return 0;
+    }
+    if ("affectedRows" in result && typeof result.affectedRows === "number") {
+        return result.affectedRows;
+    }
+    return 0;
+}
+export function createMySqlExecutor(client) {
+    return {
+        async select(sql, params) {
+            const [rows] = await client.execute(sql, params);
+            return toMySqlRows(rows);
+        },
+        async execute(sql, params) {
+            const [result] = await client.execute(sql, params);
+            return { affectedRows: toMySqlAffectedRows(result) };
+        },
+    };
+}
+export function createSqlAdapter(dialect, executor, options = {}) {
+    const tables = resolveTableNames(options.tableNames);
+    return {
+        async createUser(user) {
+            const id = createId();
+            const insertSql = `INSERT INTO ${tables.users} (id, email, email_verified, name, image) VALUES (${placeholders(dialect, 5)})`;
+            await executor.execute(insertSql, [id, user.email ?? null, user.emailVerified ?? null, user.name ?? null, user.image ?? null]);
+            return {
+                id,
+                email: user.email ?? null,
+                emailVerified: user.emailVerified ?? null,
+                name: user.name ?? null,
+                image: user.image ?? null,
+            };
+        },
+        async getUser(id) {
+            const sql = `SELECT id, email, email_verified, name, image FROM ${tables.users} WHERE id = ${placeholder(dialect, 1)} LIMIT 1`;
+            const rows = await executor.select(sql, [id]);
+            return rows[0] ? rowToUser(rows[0]) : null;
+        },
+        async getUserByEmail(email) {
+            const sql = `SELECT id, email, email_verified, name, image FROM ${tables.users} WHERE email = ${placeholder(dialect, 1)} LIMIT 1`;
+            const rows = await executor.select(sql, [email]);
+            return rows[0] ? rowToUser(rows[0]) : null;
+        },
+        async getUserByAccount(provider, providerAccountId) {
+            const sql = `SELECT u.id, u.email, u.email_verified, u.name, u.image FROM ${tables.accounts} a JOIN ${tables.users} u ON u.id = a.user_id WHERE a.provider = ${placeholder(dialect, 1)} AND a.provider_account_id = ${placeholder(dialect, 2)} LIMIT 1`;
+            const rows = await executor.select(sql, [provider, providerAccountId]);
+            return rows[0] ? rowToUser(rows[0]) : null;
+        },
+        async updateUser(user) {
+            const existing = await this.getUser(user.id);
+            if (!existing) {
+                throw new Error(`pureq: user ${user.id} not found`);
+            }
+            const merged = {
+                ...existing,
+                ...user,
+            };
+            const sql = `UPDATE ${tables.users} SET email = ${placeholder(dialect, 1)}, email_verified = ${placeholder(dialect, 2)}, name = ${placeholder(dialect, 3)}, image = ${placeholder(dialect, 4)} WHERE id = ${placeholder(dialect, 5)}`;
+            await executor.execute(sql, [merged.email ?? null, merged.emailVerified ?? null, merged.name ?? null, merged.image ?? null, merged.id]);
+            return merged;
+        },
+        async deleteUser(id) {
+            await executor.execute(`DELETE FROM ${tables.users} WHERE id = ${placeholder(dialect, 1)}`, [id]);
+        },
+        async linkAccount(account) {
+            const sql = `INSERT INTO ${tables.accounts} (user_id, type, provider, provider_account_id, access_token, refresh_token, expires_at, token_type, scope, id_token) VALUES (${placeholders(dialect, 10)})`;
+            await executor.execute(sql, [
+                account.userId,
+                account.type,
+                account.provider,
+                account.providerAccountId,
+                account.accessToken ?? null,
+                account.refreshToken ?? null,
+                account.expiresAt ?? null,
+                account.tokenType ?? null,
+                account.scope ?? null,
+                account.idToken ?? null,
+            ]);
+            return account;
+        },
+        async unlinkAccount(provider, providerAccountId) {
+            const sql = `DELETE FROM ${tables.accounts} WHERE provider = ${placeholder(dialect, 1)} AND provider_account_id = ${placeholder(dialect, 2)}`;
+            await executor.execute(sql, [provider, providerAccountId]);
+        },
+        async createSession(session) {
+            const sql = `INSERT INTO ${tables.sessions} (session_token, user_id, expires_at) VALUES (${placeholders(dialect, 3)})`;
+            await executor.execute(sql, [session.sessionToken, session.userId, session.expiresAt]);
+            return session;
+        },
+        async getSessionAndUser(sessionToken) {
+            const sql = `SELECT s.session_token, s.user_id, s.expires_at, u.id, u.email, u.email_verified, u.name, u.image FROM ${tables.sessions} s JOIN ${tables.users} u ON u.id = s.user_id WHERE s.session_token = ${placeholder(dialect, 1)} LIMIT 1`;
+            const rows = await executor.select(sql, [sessionToken]);
+            const row = rows[0];
+            if (!row) {
+                return null;
+            }
+            const session = rowToSession(row);
+            if (session.expiresAt < now()) {
+                await executor.execute(`DELETE FROM ${tables.sessions} WHERE session_token = ${placeholder(dialect, 1)}`, [sessionToken]);
+                return null;
+            }
+            return {
+                session,
+                user: rowToUser(row),
+            };
+        },
+        async updateSession(session) {
+            const existing = await executor.select(`SELECT session_token, user_id, expires_at FROM ${tables.sessions} WHERE session_token = ${placeholder(dialect, 1)} LIMIT 1`, [session.sessionToken]);
+            if (!existing[0]) {
+                return null;
+            }
+            const current = rowToSession(existing[0]);
+            const next = {
+                sessionToken: current.sessionToken,
+                userId: session.userId ?? current.userId,
+                expiresAt: session.expiresAt ?? current.expiresAt,
+            };
+            const sql = `UPDATE ${tables.sessions} SET user_id = ${placeholder(dialect, 1)}, expires_at = ${placeholder(dialect, 2)} WHERE session_token = ${placeholder(dialect, 3)}`;
+            await executor.execute(sql, [next.userId, next.expiresAt, next.sessionToken]);
+            return next;
+        },
+        async deleteSession(sessionToken) {
+            await executor.execute(`DELETE FROM ${tables.sessions} WHERE session_token = ${placeholder(dialect, 1)}`, [sessionToken]);
+        },
+        async createVerificationToken(token) {
+            const sql = `INSERT INTO ${tables.verificationTokens} (identifier, token, expires_at) VALUES (${placeholders(dialect, 3)})`;
+            await executor.execute(sql, [token.identifier, token.token, token.expiresAt]);
+            return token;
+        },
+        async useVerificationToken(params) {
+            const selectSql = `SELECT identifier, token, expires_at FROM ${tables.verificationTokens} WHERE identifier = ${placeholder(dialect, 1)} AND token = ${placeholder(dialect, 2)} LIMIT 1`;
+            const rows = await executor.select(selectSql, [params.identifier, params.token]);
+            const row = rows[0];
+            if (!row) {
+                return null;
+            }
+            await executor.execute(`DELETE FROM ${tables.verificationTokens} WHERE identifier = ${placeholder(dialect, 1)} AND token = ${placeholder(dialect, 2)}`, [params.identifier, params.token]);
+            const token = {
+                identifier: String(row.identifier),
+                token: String(row.token),
+                expiresAt: toDate(row.expires_at),
+            };
+            if (token.expiresAt < now()) {
+                return null;
+            }
+            return token;
+        },
+    };
+}
+export function createPostgresAdapter(client, options = {}) {
+    return createSqlAdapter("postgres", createPostgresExecutor(client), options);
+}
+export function createMySqlAdapter(client, options = {}) {
+    return createSqlAdapter("mysql", createMySqlExecutor(client), options);
+}
+export function getSqlSchemaStatements(dialect, options = {}) {
+    const tables = resolveTableNames(options.tableNames);
+    if (dialect === "postgres") {
+        return [
+            `CREATE TABLE IF NOT EXISTS ${tables.users} (id TEXT PRIMARY KEY, email TEXT UNIQUE, email_verified TIMESTAMPTZ NULL, name TEXT NULL, image TEXT NULL);`,
+            `CREATE TABLE IF NOT EXISTS ${tables.accounts} (user_id TEXT NOT NULL, type TEXT NOT NULL, provider TEXT NOT NULL, provider_account_id TEXT NOT NULL, access_token TEXT NULL, refresh_token TEXT NULL, expires_at BIGINT NULL, token_type TEXT NULL, scope TEXT NULL, id_token TEXT NULL, PRIMARY KEY (provider, provider_account_id));`,
+            `CREATE TABLE IF NOT EXISTS ${tables.sessions} (session_token TEXT PRIMARY KEY, user_id TEXT NOT NULL, expires_at TIMESTAMPTZ NOT NULL);`,
+            `CREATE TABLE IF NOT EXISTS ${tables.verificationTokens} (identifier TEXT NOT NULL, token TEXT NOT NULL, expires_at TIMESTAMPTZ NOT NULL, PRIMARY KEY (identifier, token));`,
+            `CREATE INDEX IF NOT EXISTS ${tables.accounts}_user_id_idx ON ${tables.accounts} (user_id);`,
+            `CREATE INDEX IF NOT EXISTS ${tables.sessions}_user_id_idx ON ${tables.sessions} (user_id);`,
+        ];
+    }
+    return [
+        `CREATE TABLE IF NOT EXISTS ${tables.users} (id VARCHAR(191) PRIMARY KEY, email VARCHAR(320) UNIQUE NULL, email_verified DATETIME NULL, name TEXT NULL, image TEXT NULL);`,
+        `CREATE TABLE IF NOT EXISTS ${tables.accounts} (user_id VARCHAR(191) NOT NULL, type VARCHAR(32) NOT NULL, provider VARCHAR(191) NOT NULL, provider_account_id VARCHAR(191) NOT NULL, access_token TEXT NULL, refresh_token TEXT NULL, expires_at BIGINT NULL, token_type VARCHAR(64) NULL, scope TEXT NULL, id_token LONGTEXT NULL, PRIMARY KEY (provider, provider_account_id), INDEX ${tables.accounts}_user_id_idx (user_id));`,
+        `CREATE TABLE IF NOT EXISTS ${tables.sessions} (session_token VARCHAR(191) PRIMARY KEY, user_id VARCHAR(191) NOT NULL, expires_at DATETIME NOT NULL, INDEX ${tables.sessions}_user_id_idx (user_id));`,
+        `CREATE TABLE IF NOT EXISTS ${tables.verificationTokens} (identifier VARCHAR(320) NOT NULL, token VARCHAR(191) NOT NULL, expires_at DATETIME NOT NULL, PRIMARY KEY (identifier, token));`,
+    ];
+}
+//# sourceMappingURL=sql.js.map

package/dist/adapter/sql.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sql.js","sourceRoot":"","sources":["../../src/adapter/sql.ts"],"names":[],"mappings":"AAqCA,MAAM,cAAc,GAAe;IACjC,KAAK,EAAE,YAAY;IACnB,QAAQ,EAAE,eAAe;IACzB,QAAQ,EAAE,eAAe;IACzB,kBAAkB,EAAE,0BAA0B;CAC/C,CAAC;AAEF,SAAS,gBAAgB,CAAC,IAAY;IACpC,OAAO,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,iBAAiB,CAAC,OAA6B;IACtD,MAAM,MAAM,GAAe;QACzB,KAAK,EAAE,OAAO,EAAE,KAAK,IAAI,cAAc,CAAC,KAAK;QAC7C,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,cAAc,CAAC,QAAQ;QACtD,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,cAAc,CAAC,QAAQ;QACtD,kBAAkB,EAAE,OAAO,EAAE,kBAAkB,IAAI,cAAc,CAAC,kBAAkB;KACrF,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QACzC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,MAAM,CAAC,KAAc;IAC5B,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC3D,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,uBAAuB,CAAC,KAAc;IAC7C,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAClD,CAAC;AAED,SAAS,GAAG;IACV,OAAO,IAAI,IAAI,EAAE,CAAC;AACpB,CAAC;AAED,SAAS,QAAQ;IACf,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;QAC7E,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;IAC7B,CAAC;IACD,OAAO,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;AACrE,CAAC;AAED,SAAS,SAAS,CAAC,GAAW;IAC5B,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,KAAK,EAAE,uBAAuB,CAAC,GAAG,CAAC,KAAK,CAAC;QACzC,aAAa,EAAE,GAAG,CAAC,cAAc,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC;QAC7E,IAAI,EAAE,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC;QACvC,KAAK,EAAE,uBAAuB,CAAC,GAAG,CAAC,KAAK,CAAC;KAC1C,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,OAAO;QACL,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC;QACvC,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC;QAC3B,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC;KAClC,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,aAAa,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;QAC1F,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAAC,OAAmB,EAAE,KAAa;IACrD,OAAO,OAAO,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;AACpD,CAAC;AAED,SAAS,YAAY,CAAC,OAAmB,EAAE,KAAa,EAAE,KAAK,GAAG,CAAC;IACjE,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,MAA0B;IAC/D,OAAO;QACL,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM;YACtB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC/C,OAAO,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,CAAC;QACD,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM;YACvB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC;QAChD,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,MAAe;IAClC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,OAAO,MAA2B,CAAC;AACrC,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAe;IAC1C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,OAAO,CAAC,CAAC;IACX,CAAC;IACD,IAAI,cAAc,IAAI,MAAM,IAAI,OAAQ,MAAqC,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;QACxG,OAAQ,MAAmC,CAAC,YAAY,CAAC;IAC3D,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,MAAuB;IACzD,OAAO;QACL,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM;YACtB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACjD,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QACD,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM;YACvB,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACnD,OAAO,EAAE,YAAY,EAAE,mBAAmB,CAAC,MAAM,CAAC,EAAE,CAAC;QACvD,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,OAAmB,EACnB,QAAqB,EACrB,UAA6B,EAAE;IAE/B,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAErD,OAAO;QACL,KAAK,CAAC,UAAU,CAAC,IAAI;YACnB,MAAM,EAAE,GAAG,QAAQ,EAAE,CAAC;YACtB,MAAM,SAAS,GAAG,eAAe,MAAM,CAAC,KAAK,qDAAqD,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC;YAC9H,MAAM,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,EAAE,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,EAAE,IAAI,CAAC,aAAa,IAAI,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC;YAC/H,OAAO;gBACL,EAAE;gBACF,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI;gBACzB,aAAa,EAAE,IAAI,CAAC,aAAa,IAAI,IAAI;gBACzC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI;gBACvB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI;aAC1B,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,EAAE;YACd,MAAM,GAAG,GAAG,sDAAsD,MAAM,CAAC,KAAK,eAAe,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,UAAU,CAAC;YAC/H,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;YAC9C,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7C,CAAC;QAED,KAAK,CAAC,cAAc,CAAC,KAAK;YACxB,MAAM,GAAG,GAAG,sDAAsD,MAAM,CAAC,KAAK,kBAAkB,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,UAAU,CAAC;YAClI,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YACjD,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7C,CAAC;QAED,KAAK,CAAC,gBAAgB,CAAC,QAAQ,EAAE,iBAAiB;YAChD,MAAM,GAAG,GAAG,gEAAgE,MAAM,CAAC,QAAQ,WAAW,MAAM,CAAC,KAAK,6CAA6C,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,gCAAgC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,UAAU,CAAC;YACxP,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC;YACvE,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7C,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,IAAI;YACnB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,eAAe,IAAI,CAAC,EAAE,YAAY,CAAC,CAAC;YACtD,CAAC;YAED,MAAM,MAAM,GAAa;gBACvB,GAAG,QAAQ;gBACX,GAAG,IAAI;aACR,CAAC;YAEF,MAAM,GAAG,GAAG,UAAU,MAAM,CAAC,KAAK,gBAAgB,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,sBAAsB,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,YAAY,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,aAAa,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,eAAe,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC;YACtO,MAAM,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,IAAI,IAAI,EAAE,MAAM,CAAC,aAAa,IAAI,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,IAAI,EAAE,MAAM,CAAC,KAAK,IAAI,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;YAExI,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,EAAE;YACjB,MAAM,QAAQ,CAAC,OAAO,CAAC,eAAe,MAAM,CAAC,KAAK,eAAe,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACpG,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,OAAO;YACvB,MAAM,GAAG,GAAG,eAAe,MAAM,CAAC,QAAQ,iIAAiI,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC,GAAG,CAAC;YACxM,MAAM,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE;gBAC1B,OAAO,CAAC,MAAM;gBACd,OAAO,CAAC,IAAI;gBACZ,OAAO,CAAC,QAAQ;gBAChB,OAAO,CAAC,iBAAiB;gBACzB,OAAO,CAAC,WAAW,IAAI,IAAI;gBAC3B,OAAO,CAAC,YAAY,IAAI,IAAI;gBAC5B,OAAO,CAAC,SAAS,IAAI,IAAI;gBACzB,OAAO,CAAC,SAAS,IAAI,IAAI;gBACzB,OAAO,CAAC,KAAK,IAAI,IAAI;gBACrB,OAAO,CAAC,OAAO,IAAI,IAAI;aACxB,CAAC,CAAC;YACH,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,QAAQ,EAAE,iBAAiB;YAC7C,MAAM,GAAG,GAAG,eAAe,MAAM,CAAC,QAAQ,qBAAqB,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,8BAA8B,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC;YAC9I,MAAM,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC;QAC7D,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,OAAO;YACzB,MAAM,GAAG,GAAG,eAAe,MAAM,CAAC,QAAQ,iDAAiD,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC;YACvH,MAAM,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;YACvF,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,KAAK,CAAC,iBAAiB,CAAC,YAAY;YAClC,MAAM,GAAG,GAAG,0GAA0G,MAAM,CAAC,QAAQ,WAAW,MAAM,CAAC,KAAK,kDAAkD,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,UAAU,CAAC;YAChP,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC;YACxD,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,OAAO,CAAC,SAAS,GAAG,GAAG,EAAE,EAAE,CAAC;gBAC9B,MAAM,QAAQ,CAAC,OAAO,CAAC,eAAe,MAAM,CAAC,QAAQ,0BAA0B,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC;gBAC1H,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO;gBACL,OAAO;gBACP,IAAI,EAAE,SAAS,CAAC,GAAG,CAAC;aACrB,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,OAAO;YACzB,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,MAAM,CACpC,kDAAkD,MAAM,CAAC,QAAQ,0BAA0B,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,UAAU,EAC5H,CAAC,OAAO,CAAC,YAAY,CAAC,CACvB,CAAC;YACF,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAyB;gBACjC,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM;gBACxC,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS;aAClD,CAAC;YAEF,MAAM,GAAG,GAAG,UAAU,MAAM,CAAC,QAAQ,kBAAkB,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,kBAAkB,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,0BAA0B,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC;YAC3K,MAAM,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;YAC9E,OAAO,IAAI,CAAC;QACd,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,YAAY;YAC9B,MAAM,QAAQ,CAAC,OAAO,CAAC,eAAe,MAAM,CAAC,QAAQ,0BAA0B,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC;QAC5H,CAAC;QAED,KAAK,CAAC,uBAAuB,CAAC,KAAK;YACjC,MAAM,GAAG,GAAG,eAAe,MAAM,CAAC,kBAAkB,4CAA4C,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC;YAC5H,MAAM,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;YAC9E,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,CAAC,oBAAoB,CAAC,MAAM;YAC/B,MAAM,SAAS,GAAG,6CAA6C,MAAM,CAAC,kBAAkB,uBAAuB,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,gBAAgB,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,UAAU,CAAC;YACxL,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YACjF,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,QAAQ,CAAC,OAAO,CACpB,eAAe,MAAM,CAAC,kBAAkB,uBAAuB,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,gBAAgB,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAC/H,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,KAAK,CAAC,CAClC,CAAC;YAEF,MAAM,KAAK,GAA0B;gBACnC,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC;gBAClC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC;gBACxB,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC;aAClC,CAAC;YAEF,IAAI,KAAK,CAAC,SAAS,GAAG,GAAG,EAAE,EAAE,CAAC;gBAC5B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,MAA0B,EAC1B,UAA6B,EAAE;IAE/B,OAAO,gBAAgB,CAAC,UAAU,EAAE,sBAAsB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,MAAuB,EACvB,UAA6B,EAAE;IAE/B,OAAO,gBAAgB,CAAC,OAAO,EAAE,mBAAmB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,CAAC;AACzE,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,OAAmB,EAAE,UAA6B,EAAE;IACzF,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAErD,IAAI,OAAO,KAAK,UAAU,EAAE,CAAC;QAC3B,OAAO;YACL,8BAA8B,MAAM,CAAC,KAAK,8GAA8G;YACxJ,8BAA8B,MAAM,CAAC,QAAQ,2RAA2R;YACxU,8BAA8B,MAAM,CAAC,QAAQ,4FAA4F;YACzI,8BAA8B,MAAM,CAAC,kBAAkB,qHAAqH;YAC5K,8BAA8B,MAAM,CAAC,QAAQ,mBAAmB,MAAM,CAAC,QAAQ,aAAa;YAC5F,8BAA8B,MAAM,CAAC,QAAQ,mBAAmB,MAAM,CAAC,QAAQ,aAAa;SAC7F,CAAC;IACJ,CAAC;IAED,OAAO;QACL,8BAA8B,MAAM,CAAC,KAAK,gIAAgI;QAC1K,8BAA8B,MAAM,CAAC,QAAQ,4UAA4U,MAAM,CAAC,QAAQ,0BAA0B;QACla,8BAA8B,MAAM,CAAC,QAAQ,gHAAgH,MAAM,CAAC,QAAQ,0BAA0B;QACtM,8BAA8B,MAAM,CAAC,kBAAkB,kIAAkI;KAC1L,CAAC;AACJ,CAAC"}

package/dist/adapters/index.d.ts

@@ -0,0 +1,4 @@
+import type { AuthRequestAdapter, AuthRequestAdapterOptions } from "../shared";
+export declare function createAuthRequestAdapter(options?: AuthRequestAdapterOptions): AuthRequestAdapter;
+export type { AuthBridge, AuthPreset, AuthRequestAdapter, AuthRequestAdapterOptions, AuthSessionManager, AuthSessionState, AuthStore } from "../shared";
+//# sourceMappingURL=index.d.ts.map

package/dist/adapters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAGV,kBAAkB,EAClB,yBAAyB,EAI1B,MAAM,WAAW,CAAC;AASnB,wBAAgB,wBAAwB,CAAC,OAAO,GAAE,yBAA8B,GAAG,kBAAkB,CAwCpG;AAED,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC"}

package/dist/adapters/index.js

@@ -0,0 +1,42 @@
+import { createAuthPreset } from "../presets";
+function appendSetCookieHeaders(headers, values) {
+    for (const value of values) {
+        headers.append("Set-Cookie", value);
+    }
+}
+export function createAuthRequestAdapter(options = {}) {
+    const preset = createAuthPreset(options);
+    const defaultRequest = options.request ?? {};
+    const readSession = (request = defaultRequest) => {
+        return preset.bridge.readSession(request);
+    };
+    const bootstrap = async (request = defaultRequest) => {
+        return preset.bridge.hydrateSessionManager(preset.session, request);
+    };
+    const buildSetCookieHeaders = (session) => {
+        return preset.bridge.buildSetCookieHeaders(session);
+    };
+    const buildResponseHeaders = (session, headers) => {
+        const result = new Headers(headers);
+        appendSetCookieHeaders(result, buildSetCookieHeaders(session));
+        return result;
+    };
+    const buildResponseInit = (session, init = {}) => {
+        return {
+            ...init,
+            headers: buildResponseHeaders(session, init.headers),
+        };
+    };
+    return {
+        preset,
+        storage: preset.storage,
+        session: preset.session,
+        bridge: preset.bridge,
+        readSession,
+        bootstrap,
+        buildSetCookieHeaders,
+        buildResponseHeaders,
+        buildResponseInit,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/adapters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,SAAS,sBAAsB,CAAC,OAAgB,EAAE,MAAyB;IACzE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IACtC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,UAAqC,EAAE;IAC9E,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;IAE7C,MAAM,WAAW,GAAG,CAAC,UAAoD,cAAc,EAAoB,EAAE;QAC3G,OAAO,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC,CAAC;IAEF,MAAM,SAAS,GAAG,KAAK,EAAE,UAA8D,cAAc,EAA6B,EAAE;QAClI,OAAO,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACtE,CAAC,CAAC;IAEF,MAAM,qBAAqB,GAAG,CAAC,OAAyB,EAAqB,EAAE;QAC7E,OAAO,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;IACtD,CAAC,CAAC;IAEF,MAAM,oBAAoB,GAAG,CAAC,OAAyB,EAAE,OAAqB,EAAW,EAAE;QACzF,MAAM,MAAM,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;QACpC,sBAAsB,CAAC,MAAM,EAAE,qBAAqB,CAAC,OAAO,CAAC,CAAC,CAAC;QAC/D,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,MAAM,iBAAiB,GAAG,CAAC,OAAyB,EAAE,OAAqB,EAAE,EAAgB,EAAE;QAC7F,OAAO;YACL,GAAG,IAAI;YACP,OAAO,EAAE,oBAAoB,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC;SACrD,CAAC;IACJ,CAAC,CAAC;IAEF,OAAO;QACL,MAAM;QACN,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,WAAW;QACX,SAAS;QACT,qBAAqB;QACrB,oBAAoB;QACpB,iBAAiB;KAClB,CAAC;AACJ,CAAC"}

package/dist/authorization/index.d.ts

@@ -0,0 +1,8 @@
+import type { AuthAuthorization, AuthAuthorizationOptions } from "../shared";
+/**
+ * FEAT-M1: Create RBAC authorization helpers.
+ * Provides role checking and middleware for protecting routes by role.
+ */
+export declare function createAuthorization<TRole extends string = string>(options: AuthAuthorizationOptions<TRole>): AuthAuthorization<TRole>;
+export type { AuthAuthorization, AuthAuthorizationOptions } from "../shared";
+//# sourceMappingURL=index.d.ts.map

package/dist/authorization/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/authorization/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,wBAAwB,EAAoB,MAAM,WAAW,CAAC;AAI/F;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,SAAS,MAAM,GAAG,MAAM,EAC/D,OAAO,EAAE,wBAAwB,CAAC,KAAK,CAAC,GACvC,iBAAiB,CAAC,KAAK,CAAC,CA+C1B;AAED,YAAY,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,MAAM,WAAW,CAAC"}

package/dist/authorization/index.js

@@ -0,0 +1,49 @@
+import { markPolicyMiddleware } from "@pureq/pureq";
+import { buildAuthError } from "../shared";
+import { decodeJwt } from "../jwt";
+/**
+ * FEAT-M1: Create RBAC authorization helpers.
+ * Provides role checking and middleware for protecting routes by role.
+ */
+export function createAuthorization(options) {
+    const extractRoles = options.extractRoles;
+    return {
+        hasRole(session, role) {
+            const roles = extractRoles(session);
+            return roles.includes(role);
+        },
+        hasAnyRole(session, roles) {
+            const userRoles = extractRoles(session);
+            return roles.some((r) => userRoles.includes(r));
+        },
+        requireRole(role) {
+            const middleware = async (req, next) => {
+                // Extract session state from Authorization header token
+                const authHeader = req.headers?.["Authorization"] ?? req.headers?.["authorization"] ?? "";
+                const token = authHeader.replace(/^Bearer\s+/i, "");
+                if (!token) {
+                    throw buildAuthError("PUREQ_AUTH_MISSING_TOKEN", "pureq: no access token for role check");
+                }
+                let session;
+                try {
+                    const claims = decodeJwt(token);
+                    session = {
+                        accessToken: token,
+                        refreshToken: null,
+                        ...claims,
+                    };
+                }
+                catch {
+                    session = { accessToken: token, refreshToken: null };
+                }
+                const roles = extractRoles(session);
+                if (!roles.includes(role)) {
+                    throw buildAuthError("PUREQ_AUTH_FORBIDDEN", `pureq: required role "${role}" not found`);
+                }
+                return next(req);
+            };
+            return markPolicyMiddleware(middleware, { name: `requireRole:${role}`, kind: "auth" });
+        },
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/authorization/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/authorization/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEpD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAEnC;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAwC;IAExC,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAE1C,OAAO;QACL,OAAO,CAAC,OAAyB,EAAE,IAAW;YAC5C,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YACpC,OAAO,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC9B,CAAC;QAED,UAAU,CAAC,OAAyB,EAAE,KAAuB;YAC3D,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YACxC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAClD,CAAC;QAED,WAAW,CAAC,IAAW;YACrB,MAAM,UAAU,GAAe,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;gBACjD,wDAAwD;gBACxD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;gBAC1F,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;gBAEpD,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,cAAc,CAAC,0BAA0B,EAAE,uCAAuC,CAAC,CAAC;gBAC5F,CAAC;gBAED,IAAI,OAAyB,CAAC;gBAC9B,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,SAAS,CAA0B,KAAK,CAAC,CAAC;oBACzD,OAAO,GAAG;wBACR,WAAW,EAAE,KAAK;wBAClB,YAAY,EAAE,IAAI;wBAClB,GAAG,MAAM;qBACV,CAAC;gBACJ,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;gBACvD,CAAC;gBAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;gBACpC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC1B,MAAM,cAAc,CAAC,sBAAsB,EAAE,yBAAyB,IAAI,aAAa,CAAC,CAAC;gBAC3F,CAAC;gBAED,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC,CAAC;YAEF,OAAO,oBAAoB,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,eAAe,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QACzF,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/bridge/index.d.ts

@@ -0,0 +1,23 @@
+import type { AuthSessionManager, AuthSessionState } from "../shared";
+export interface AuthBridgeRequestLike {
+    readonly headers?: Headers | Readonly<Record<string, string | null | undefined>>;
+}
+export interface AuthBridgeCookieOptions {
+    readonly accessTokenCookieName?: string;
+    readonly refreshTokenCookieName?: string;
+    readonly authorizationHeaderName?: string;
+    readonly cookiePath?: string;
+    readonly sameSite?: "lax" | "strict" | "none";
+    readonly secure?: boolean;
+    readonly httpOnly?: boolean;
+    readonly domain?: string;
+    readonly maxAgeSeconds?: number;
+}
+export interface AuthBridge {
+    readSession(request: AuthBridgeRequestLike): AuthSessionState;
+    buildSetCookieHeaders(session: AuthSessionState): readonly string[];
+    hydrateSessionManager(session: AuthSessionManager, request: AuthBridgeRequestLike): Promise<AuthSessionState>;
+}
+/** Create an SSR/BFF bridge for reading sessions from requests and building Set-Cookie response headers. */
+export declare function createAuthBridge(options?: AuthBridgeCookieOptions): AuthBridge;
+//# sourceMappingURL=index.d.ts.map

package/dist/bridge/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/bridge/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAEtE,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC;CAClF;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IACxC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IACzC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IAC1C,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,QAAQ,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IAC9C,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,CAAC,OAAO,EAAE,qBAAqB,GAAG,gBAAgB,CAAC;IAC9D,qBAAqB,CAAC,OAAO,EAAE,gBAAgB,GAAG,SAAS,MAAM,EAAE,CAAC;IACpE,qBAAqB,CAAC,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;CAC/G;AA2GD,4GAA4G;AAC5G,wBAAgB,gBAAgB,CAAC,OAAO,GAAE,uBAA4B,GAAG,UAAU,CAsDlF"}

package/dist/bridge/index.js

@@ -0,0 +1,124 @@
+const MAX_COOKIE_HEADER_LENGTH = 16 * 1024;
+const MAX_COOKIE_SEGMENTS = 256;
+const DEFAULT_MAX_AGE_SECONDS = 30 * 24 * 60 * 60;
+function readHeaderValue(headers, name) {
+    if (!headers) {
+        return null;
+    }
+    if (typeof Headers !== "undefined" && headers instanceof Headers) {
+        return headers.get(name) ?? headers.get(name.toLowerCase()) ?? headers.get(name.toUpperCase());
+    }
+    const normalized = name.toLowerCase();
+    for (const [key, value] of Object.entries(headers)) {
+        if (key.toLowerCase() === normalized) {
+            return value ?? null;
+        }
+    }
+    return null;
+}
+function parseCookieHeader(cookieHeader) {
+    const result = {};
+    if (cookieHeader.length > MAX_COOKIE_HEADER_LENGTH) {
+        return result;
+    }
+    let segmentCount = 0;
+    for (const segment of cookieHeader.split(";")) {
+        segmentCount += 1;
+        if (segmentCount > MAX_COOKIE_SEGMENTS) {
+            break;
+        }
+        const [rawName, ...rawValueParts] = segment.trim().split("=");
+        if (!rawName || rawValueParts.length === 0) {
+            continue;
+        }
+        const name = rawName.trim();
+        const value = rawValueParts.join("=").trim();
+        if (name) {
+            try {
+                result[decodeURIComponent(name)] = decodeURIComponent(value);
+            }
+            catch {
+                result[name] = value;
+            }
+        }
+    }
+    return result;
+}
+function parseBearerToken(headerValue) {
+    if (!headerValue) {
+        return null;
+    }
+    const match = /^Bearer\s+(.+)$/iu.exec(headerValue.trim());
+    return match?.[1]?.trim() || null;
+}
+function createCookieHeader(name, value, options) {
+    const parts = [`${encodeURIComponent(name)}=${encodeURIComponent(value ?? "")}`, `Path=${options.cookiePath}`, `SameSite=${options.sameSite}`];
+    if (options.domain) {
+        parts.push(`Domain=${options.domain}`);
+    }
+    if (options.secure) {
+        parts.push("Secure");
+    }
+    // SEC-C4: HttpOnly by default
+    if (options.httpOnly) {
+        parts.push("HttpOnly");
+    }
+    if (value === null) {
+        parts.push("Max-Age=0");
+    }
+    else if (options.maxAgeSeconds !== undefined) {
+        parts.push(`Max-Age=${options.maxAgeSeconds}`);
+    }
+    return parts.join("; ");
+}
+/** Create an SSR/BFF bridge for reading sessions from requests and building Set-Cookie response headers. */
+export function createAuthBridge(options = {}) {
+    const accessTokenCookieName = options.accessTokenCookieName ?? "pureq_access_token";
+    const refreshTokenCookieName = options.refreshTokenCookieName ?? "pureq_refresh_token";
+    const authorizationHeaderName = options.authorizationHeaderName ?? "authorization";
+    const cookiePath = options.cookiePath ?? "/";
+    const sameSite = options.sameSite ?? "lax";
+    const secure = options.secure ?? true;
+    const httpOnly = options.httpOnly ?? true;
+    const readSession = (request) => {
+        const cookieHeader = readHeaderValue(request.headers, "cookie");
+        const cookies = cookieHeader ? parseCookieHeader(cookieHeader) : {};
+        const accessTokenFromCookie = cookies[accessTokenCookieName] ?? null;
+        const refreshTokenFromCookie = cookies[refreshTokenCookieName] ?? null;
+        const bearerToken = parseBearerToken(readHeaderValue(request.headers, authorizationHeaderName));
+        return {
+            accessToken: accessTokenFromCookie ?? bearerToken,
+            refreshToken: refreshTokenFromCookie,
+        };
+    };
+    return {
+        readSession,
+        buildSetCookieHeaders(session) {
+            const cookieOptions = {
+                cookiePath,
+                sameSite,
+                secure,
+                httpOnly,
+                ...(options.domain !== undefined ? { domain: options.domain } : {}),
+                maxAgeSeconds: options.maxAgeSeconds ?? DEFAULT_MAX_AGE_SECONDS,
+            };
+            return [
+                createCookieHeader(accessTokenCookieName, session.accessToken, cookieOptions),
+                createCookieHeader(refreshTokenCookieName, session.refreshToken, cookieOptions),
+            ];
+        },
+        async hydrateSessionManager(session, request) {
+            const snapshot = readSession(request);
+            if (!snapshot.accessToken) {
+                await session.clear();
+                return snapshot;
+            }
+            await session.setTokens({
+                accessToken: snapshot.accessToken,
+                ...(snapshot.refreshToken ? { refreshToken: snapshot.refreshToken } : {}),
+            });
+            return snapshot;
+        },
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/bridge/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/bridge/index.ts"],"names":[],"mappings":"AAwBA,MAAM,wBAAwB,GAAG,EAAE,GAAG,IAAI,CAAC;AAC3C,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAChC,MAAM,uBAAuB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAElD,SAAS,eAAe,CACtB,OAAyC,EACzC,IAAY;IAEZ,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,YAAY,OAAO,EAAE,CAAC;QACjE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACtC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,UAAU,EAAE,CAAC;YACrC,OAAO,KAAK,IAAI,IAAI,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,iBAAiB,CAAC,YAAoB;IAC7C,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,IAAI,YAAY,CAAC,MAAM,GAAG,wBAAwB,EAAE,CAAC;QACnD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,KAAK,MAAM,OAAO,IAAI,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9C,YAAY,IAAI,CAAC,CAAC;QAClB,IAAI,YAAY,GAAG,mBAAmB,EAAE,CAAC;YACvC,MAAM;QACR,CAAC;QAED,MAAM,CAAC,OAAO,EAAE,GAAG,aAAa,CAAC,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9D,IAAI,CAAC,OAAO,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3C,SAAS;QACX,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7C,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC;gBACH,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAC/D,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,gBAAgB,CAAC,WAA0B;IAClD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;AACpC,CAAC;AAED,SAAS,kBAAkB,CACzB,IAAY,EACZ,KAAoB,EACpB,OAOC;IAED,MAAM,KAAK,GAAG,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,kBAAkB,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE,QAAQ,OAAO,CAAC,UAAU,EAAE,EAAE,YAAY,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IAE/I,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,UAAU,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACvB,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACzB,CAAC;IAED,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC1B,CAAC;SAAM,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,WAAW,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,4GAA4G;AAC5G,MAAM,UAAU,gBAAgB,CAAC,UAAmC,EAAE;IACpE,MAAM,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,IAAI,oBAAoB,CAAC;IACpF,MAAM,sBAAsB,GAAG,OAAO,CAAC,sBAAsB,IAAI,qBAAqB,CAAC;IACvF,MAAM,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,IAAI,eAAe,CAAC;IACnF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,GAAG,CAAC;IAC7C,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAC;IAC3C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC;IACtC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC;IAE1C,MAAM,WAAW,GAAG,CAAC,OAA8B,EAAoB,EAAE;QACvE,MAAM,YAAY,GAAG,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACpE,MAAM,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,CAAC,IAAI,IAAI,CAAC;QACrE,MAAM,sBAAsB,GAAG,OAAO,CAAC,sBAAsB,CAAC,IAAI,IAAI,CAAC;QACvE,MAAM,WAAW,GAAG,gBAAgB,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC,CAAC;QAEhG,OAAO;YACL,WAAW,EAAE,qBAAqB,IAAI,WAAW;YACjD,YAAY,EAAE,sBAAsB;SACrC,CAAC;IACJ,CAAC,CAAC;IAEF,OAAO;QACL,WAAW;QACX,qBAAqB,CAAC,OAAyB;YAC7C,MAAM,aAAa,GAAG;gBACpB,UAAU;gBACV,QAAQ;gBACR,MAAM;gBACN,QAAQ;gBACR,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnE,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,uBAAuB;aAChE,CAAC;YAEF,OAAO;gBACL,kBAAkB,CAAC,qBAAqB,EAAE,OAAO,CAAC,WAAW,EAAE,aAAa,CAAC;gBAC7E,kBAAkB,CAAC,sBAAsB,EAAE,OAAO,CAAC,YAAY,EAAE,aAAa,CAAC;aAChF,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,qBAAqB,CAAC,OAA2B,EAAE,OAA8B;YACrF,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;YACtC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;gBAC1B,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;gBACtB,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,MAAM,OAAO,CAAC,SAAS,CAAC;gBACtB,WAAW,EAAE,QAAQ,CAAC,WAAW;gBACjC,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC1E,CAAC,CAAC;YAEH,OAAO,QAAQ,CAAC;QAClB,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/callbacks/index.d.ts

@@ -0,0 +1,8 @@
+import type { AuthCallbacks } from "../shared";
+/**
+ * FEAT-H5: Compose multiple callback registrations into one.
+ * Useful for combining app callbacks with plugin callbacks.
+ */
+export declare function composeAuthCallbacks(...callbackSets: readonly Partial<AuthCallbacks>[]): AuthCallbacks;
+export type { AuthCallbacks } from "../shared";
+//# sourceMappingURL=index.d.ts.map

package/dist/callbacks/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/callbacks/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE/C;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,YAAY,EAAE,SAAS,OAAO,CAAC,aAAa,CAAC,EAAE,GAAG,aAAa,CA+CtG;AAED,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC"}

package/dist/callbacks/index.js

@@ -0,0 +1,53 @@
+/**
+ * FEAT-H5: Compose multiple callback registrations into one.
+ * Useful for combining app callbacks with plugin callbacks.
+ */
+export function composeAuthCallbacks(...callbackSets) {
+    return {
+        async signIn(params) {
+            for (const cb of callbackSets) {
+                if (cb.signIn) {
+                    const result = await cb.signIn(params);
+                    if (result === false) {
+                        return false;
+                    }
+                }
+            }
+            return true;
+        },
+        async signOut(params) {
+            for (const cb of callbackSets) {
+                await cb.signOut?.(params);
+            }
+        },
+        async createUser(params) {
+            for (const cb of callbackSets) {
+                await cb.createUser?.(params);
+            }
+        },
+        async linkAccount(params) {
+            for (const cb of callbackSets) {
+                await cb.linkAccount?.(params);
+            }
+        },
+        async session(params) {
+            let session = params.session;
+            for (const cb of callbackSets) {
+                if (cb.session) {
+                    session = await cb.session({ ...params, session });
+                }
+            }
+            return session;
+        },
+        async jwt(params) {
+            let token = params.token;
+            for (const cb of callbackSets) {
+                if (cb.jwt) {
+                    token = await cb.jwt({ ...params, token });
+                }
+            }
+            return token;
+        },
+    };
+}
+//# sourceMappingURL=index.js.map