@pureq/auth 0.2.0

package/dist/index.d.ts

@@ -0,0 +1,36 @@
+export type { AuthStore, AuthBearerOptions, AuthRefreshOptions, TokenLifecycleOptions, AuthBasicOptions, AuthCustomOptions, BroadcastSyncOptions, OIDCFlow, OIDCFlowOptions, OIDCAuthorizationOptions, OIDCAuthorizationResult, OIDCTokenEndpointAuthMethod, OIDCProviderDefinition, OIDCCallbackParams, TokenResponse, AuthTokens, AuthSessionState, AuthSessionStatus, AuthSessionHookResult, AuthSessionManager, AuthSessionManagerOptions, AuthSessionEvent, AuthSessionEventAudit, AuthSessionEventExporter, AuthSessionEventListener, AuthTokenRotationPolicy, AuthSessionMiddlewareOptions, AuthCsrfOptions, AuthCsrfProtection, AuthRevocationClaims, AuthRevocationRegistry, AuthRevocationRegistryBackend, AuthRevocationGuardOptions, AuthBridge, AuthBridgeCookieOptions, AuthBridgeRequestLike, AuthFrameworkContext, AuthFrameworkContextOptions, AuthMappedHttpError, AuthRouteHandlerRecipe, AuthRouteHandlerRecipeOptions, AuthRequestAdapter, AuthRequestAdapterOptions, AuthServerActionFailure, AuthServerActionRecipe, AuthServerActionResult, AuthServerActionSuccess, AuthPreset, AuthPresetOptions, AuthSessionStore, AuthSessionStoreOptions, ReactAuthHooks, ReactUseSyncExternalStore, VueAuthSessionComposable, VueRuntimeBindings, AuthTemplateThreatModel, MultiTenantAuthPresetFactory, MultiTenantAuthPresetFactoryOptions, MultiTenantAuthTemplatePack, MultiTenantAuthTemplatePackOptions, SingleTenantAuthTemplate, SingleTenantAuthTemplateOptions, AuthLegacyTokenSnapshot, AuthMigrationResult, AuthUser, AuthAccount, AuthPersistedSession, AuthVerificationToken, AuthDatabaseAdapter, AuthProvider, AuthCredentialsProviderOptions, AuthEmailProviderOptions, AuthCallbacks, AuthEncryption, AuthAuthorization, AuthAuthorizationOptions, AuthDebugLogger, AuthConfig, AuthInstance, AuthKit, AuthKitConfig, AuthRouteHandlers, } from "./shared";
+export { authMemoryStore, authLocalStorage, authSessionStorage, authCookieStore, authCustomStore, authHybridStore, authEncryptedStore, } from "./storage/index";
+export { authBearer, authRefresh, authSession, withTokenLifecycle, authBasic, authCustom, withBroadcastSync } from "./middleware/index";
+export { decodeJwt, verifyJwt } from "./jwt/index";
+export { createOIDCFlow, createOIDCFlowFromProvider, createOIDCflow, createOIDCflowFromProvider, parseOIDCCallbackParams, oidcProviders } from "./oidc/index";
+export { createAuthError, buildAuthError } from "./shared";
+export { createAuthCsrfProtection, withCsrfProtection } from "./csrf/index";
+export { createAuthRevocationRegistry, withRevocationGuard } from "./revocation/index";
+export { createAuthEventAdapter, composeAuthEventListeners } from "./events/index";
+export { createAuthBridge } from "./bridge/index";
+export { createAuthPreset } from "./presets/index";
+export { createAuthRequestAdapter } from "./adapters/index";
+export { createAuthFrameworkContext } from "./framework/index";
+export { createAuthRouteHandlerRecipe, createAuthServerActionRecipe, mapAuthErrorToHttp } from "./framework/recipes";
+export { createExpressAuthKitPack, createFastifyAuthKitPack, createNextAuthKitPack, createReactAuthKitBootstrapPack, } from "./framework/packs";
+export { createAuthSessionStore } from "./hooks/index";
+export { createReactAuthHooks, createVueAuthSessionComposable } from "./hooks/index";
+export { createMultiTenantAuthPresetFactory } from "./templates/index";
+export { createSingleTenantAuthTemplate, createMultiTenantAuthTemplatePack } from "./templates/index";
+export { normalizeLegacyAuthTokens, migrateLegacyTokensToStore, hydrateSessionManagerFromLegacy, analyzeAuthMigration, formatMigrationParityReport, generateMigrationChecklists, } from "./migration/index";
+export { createAuthSessionManager, composeSessionEventAudits, createConsoleSessionEventAudit, createBufferedSessionEventExporter, } from "./session/index";
+export type { SessionEventBufferedExporter, SessionEventExporterOptions } from "./session/index";
+export type { AuthEventAdapter, AuthEventAdapterOptions } from "./events/index";
+export { createInMemoryAdapter, createMySqlAdapter, createMySqlExecutor, createPostgresAdapter, createPostgresExecutor, createSqlAdapter, getSqlSchemaStatements, probeAdapterCapabilities, assessAdapterReadiness, } from "./adapter/index";
+export type { AdapterCapabilityReport, AdapterReadinessOptions, AdapterReadinessReport, MySqlClientLike, PostgresClientLike, SqlAdapterOptions, SqlDialect, SqlExecutor, SqlRow, SqlValue, TableNames, } from "./adapter/index";
+export { credentialsProvider, emailProvider, createTopProviderPreset, listTopProviderPresets, validateProviderCallbackContract, normalizeProviderError, PROVIDER_ERROR_NORMALIZATION_TABLE, } from "./providers/index";
+export type { TopProviderPreset, TopProviderPresetOptions, ProviderCallbackContractInput, ProviderCallbackContractResult, ProviderNormalizedError, } from "./providers/index";
+export { composeAuthCallbacks } from "./callbacks/index";
+export { createAuthEncryption } from "./encryption/index";
+export { createAuthorization } from "./authorization/index";
+export { createAuthDebugLogger } from "./debug/index";
+export { createAuth } from "./core/index";
+export { createAuthKit } from "./core/kit";
+export { createAuthStarter } from "./core/starter";
+export type { AuthStarter, AuthStarterConfig } from "./core/starter";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACX,SAAS,EACT,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,EACpB,QAAQ,EACR,eAAe,EACf,wBAAwB,EACxB,uBAAuB,EACvB,2BAA2B,EAC3B,sBAAsB,EACtB,kBAAkB,EAClB,aAAa,EACb,UAAU,EACV,gBAAgB,EAChB,iBAAiB,EACjB,qBAAqB,EACrB,kBAAkB,EAClB,yBAAyB,EACzB,gBAAgB,EAChB,qBAAqB,EACrB,wBAAwB,EACxB,wBAAwB,EACxB,uBAAuB,EACvB,4BAA4B,EAC5B,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,sBAAsB,EACtB,6BAA6B,EAC7B,0BAA0B,EAC1B,UAAU,EACV,uBAAuB,EACvB,qBAAqB,EACrB,oBAAoB,EACpB,2BAA2B,EAC3B,mBAAmB,EACnB,sBAAsB,EACtB,6BAA6B,EAC7B,kBAAkB,EAClB,yBAAyB,EACzB,uBAAuB,EACvB,sBAAsB,EACtB,sBAAsB,EACtB,uBAAuB,EACvB,UAAU,EACV,iBAAiB,EACjB,gBAAgB,EAChB,uBAAuB,EACvB,cAAc,EACd,yBAAyB,EACzB,wBAAwB,EACxB,kBAAkB,EAClB,uBAAuB,EACvB,4BAA4B,EAC5B,mCAAmC,EACnC,2BAA2B,EAC3B,kCAAkC,EAClC,wBAAwB,EACxB,+BAA+B,EAC/B,uBAAuB,EACvB,mBAAmB,EAEnB,QAAQ,EACR,WAAW,EACX,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,EACnB,YAAY,EACZ,8BAA8B,EAC9B,wBAAwB,EACxB,aAAa,EACb,cAAc,EACd,iBAAiB,EACjB,wBAAwB,EACxB,eAAe,EACf,UAAU,EACV,YAAY,EACZ,OAAO,EACP,aAAa,EACb,iBAAiB,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EACN,eAAe,EACf,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,eAAe,EACf,kBAAkB,GAClB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,kBAAkB,EAAE,SAAS,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACxI,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,0BAA0B,EAAE,cAAc,EAAE,0BAA0B,EAAE,uBAAuB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC9J,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC3D,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAAE,4BAA4B,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvF,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAC;AACnF,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,4BAA4B,EAAE,4BAA4B,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACrH,OAAO,EACN,wBAAwB,EACxB,wBAAwB,EACxB,qBAAqB,EACrB,+BAA+B,GAC/B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,8BAA8B,EAAE,MAAM,eAAe,CAAC;AACrF,OAAO,EAAE,kCAAkC,EAAE,MAAM,mBAAmB,CAAC;AACvE,OAAO,EAAE,8BAA8B,EAAE,iCAAiC,EAAE,MAAM,mBAAmB,CAAC;AACtG,OAAO,EACN,yBAAyB,EACzB,0BAA0B,EAC1B,+BAA+B,EAC/B,oBAAoB,EACpB,2BAA2B,EAC3B,2BAA2B,GAC3B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACN,wBAAwB,EACxB,yBAAyB,EACzB,8BAA8B,EAC9B,kCAAkC,GAClC,MAAM,iBAAiB,CAAC;AACzB,YAAY,EAAE,4BAA4B,EAAE,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AACjG,YAAY,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AAGhF,OAAO,EACN,qBAAqB,EACrB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,sBAAsB,EACtB,gBAAgB,EAChB,sBAAsB,EACtB,wBAAwB,EACxB,sBAAsB,GACtB,MAAM,iBAAiB,CAAC;AACzB,YAAY,EACX,uBAAuB,EACvB,uBAAuB,EACvB,sBAAsB,EACtB,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EACjB,UAAU,EACV,WAAW,EACX,MAAM,EACN,QAAQ,EACR,UAAU,GACV,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACN,mBAAmB,EACnB,aAAa,EACb,uBAAuB,EACvB,sBAAsB,EACtB,gCAAgC,EAChC,sBAAsB,EACtB,kCAAkC,GAClC,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACX,iBAAiB,EACjB,wBAAwB,EACxB,6BAA6B,EAC7B,8BAA8B,EAC9B,uBAAuB,GACvB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,YAAY,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/index.js

@@ -0,0 +1,31 @@
+export { authMemoryStore, authLocalStorage, authSessionStorage, authCookieStore, authCustomStore, authHybridStore, authEncryptedStore, } from "./storage/index";
+export { authBearer, authRefresh, authSession, withTokenLifecycle, authBasic, authCustom, withBroadcastSync } from "./middleware/index";
+export { decodeJwt, verifyJwt } from "./jwt/index";
+export { createOIDCFlow, createOIDCFlowFromProvider, createOIDCflow, createOIDCflowFromProvider, parseOIDCCallbackParams, oidcProviders } from "./oidc/index";
+export { createAuthError, buildAuthError } from "./shared";
+export { createAuthCsrfProtection, withCsrfProtection } from "./csrf/index";
+export { createAuthRevocationRegistry, withRevocationGuard } from "./revocation/index";
+export { createAuthEventAdapter, composeAuthEventListeners } from "./events/index";
+export { createAuthBridge } from "./bridge/index";
+export { createAuthPreset } from "./presets/index";
+export { createAuthRequestAdapter } from "./adapters/index";
+export { createAuthFrameworkContext } from "./framework/index";
+export { createAuthRouteHandlerRecipe, createAuthServerActionRecipe, mapAuthErrorToHttp } from "./framework/recipes";
+export { createExpressAuthKitPack, createFastifyAuthKitPack, createNextAuthKitPack, createReactAuthKitBootstrapPack, } from "./framework/packs";
+export { createAuthSessionStore } from "./hooks/index";
+export { createReactAuthHooks, createVueAuthSessionComposable } from "./hooks/index";
+export { createMultiTenantAuthPresetFactory } from "./templates/index";
+export { createSingleTenantAuthTemplate, createMultiTenantAuthTemplatePack } from "./templates/index";
+export { normalizeLegacyAuthTokens, migrateLegacyTokensToStore, hydrateSessionManagerFromLegacy, analyzeAuthMigration, formatMigrationParityReport, generateMigrationChecklists, } from "./migration/index";
+export { createAuthSessionManager, composeSessionEventAudits, createConsoleSessionEventAudit, createBufferedSessionEventExporter, } from "./session/index";
+// New module exports
+export { createInMemoryAdapter, createMySqlAdapter, createMySqlExecutor, createPostgresAdapter, createPostgresExecutor, createSqlAdapter, getSqlSchemaStatements, probeAdapterCapabilities, assessAdapterReadiness, } from "./adapter/index";
+export { credentialsProvider, emailProvider, createTopProviderPreset, listTopProviderPresets, validateProviderCallbackContract, normalizeProviderError, PROVIDER_ERROR_NORMALIZATION_TABLE, } from "./providers/index";
+export { composeAuthCallbacks } from "./callbacks/index";
+export { createAuthEncryption } from "./encryption/index";
+export { createAuthorization } from "./authorization/index";
+export { createAuthDebugLogger } from "./debug/index";
+export { createAuth } from "./core/index";
+export { createAuthKit } from "./core/kit";
+export { createAuthStarter } from "./core/starter";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAqFA,OAAO,EACN,eAAe,EACf,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,eAAe,EACf,kBAAkB,GAClB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,kBAAkB,EAAE,SAAS,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACxI,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,0BAA0B,EAAE,cAAc,EAAE,0BAA0B,EAAE,uBAAuB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC9J,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC3D,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAAE,4BAA4B,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvF,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAC;AACnF,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,4BAA4B,EAAE,4BAA4B,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACrH,OAAO,EACN,wBAAwB,EACxB,wBAAwB,EACxB,qBAAqB,EACrB,+BAA+B,GAC/B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,8BAA8B,EAAE,MAAM,eAAe,CAAC;AACrF,OAAO,EAAE,kCAAkC,EAAE,MAAM,mBAAmB,CAAC;AACvE,OAAO,EAAE,8BAA8B,EAAE,iCAAiC,EAAE,MAAM,mBAAmB,CAAC;AACtG,OAAO,EACN,yBAAyB,EACzB,0BAA0B,EAC1B,+BAA+B,EAC/B,oBAAoB,EACpB,2BAA2B,EAC3B,2BAA2B,GAC3B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACN,wBAAwB,EACxB,yBAAyB,EACzB,8BAA8B,EAC9B,kCAAkC,GAClC,MAAM,iBAAiB,CAAC;AAIzB,qBAAqB;AACrB,OAAO,EACN,qBAAqB,EACrB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,sBAAsB,EACtB,gBAAgB,EAChB,sBAAsB,EACtB,wBAAwB,EACxB,sBAAsB,GACtB,MAAM,iBAAiB,CAAC;AAczB,OAAO,EACN,mBAAmB,EACnB,aAAa,EACb,uBAAuB,EACvB,sBAAsB,EACtB,gCAAgC,EAChC,sBAAsB,EACtB,kCAAkC,GAClC,MAAM,mBAAmB,CAAC;AAQ3B,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/jwt/index.d.ts

@@ -0,0 +1,13 @@
+/** Decode a JWT payload without signature verification. */
+export declare function decodeJwt<T = unknown>(token: string): T;
+/**
+ * Verify a JWT signature and return the decoded payload.
+ *
+ * @param token - The JWT string to verify.
+ * @param keyOrSecret - HMAC secret string, CryptoKey, or raw key bytes.
+ * @param options - Must include `algorithms` to prevent algorithm confusion attacks.
+ */
+export declare function verifyJwt<T = unknown>(token: string, keyOrSecret: string | CryptoKey | ArrayBuffer | Uint8Array, options: {
+    readonly algorithms: readonly string[];
+}): Promise<T>;
+//# sourceMappingURL=index.d.ts.map

package/dist/jwt/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/jwt/index.ts"],"names":[],"mappings":"AAOA,2DAA2D;AAC3D,wBAAgB,SAAS,CAAC,CAAC,GAAG,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,CAAC,CAOvD;AA2BD;;;;;;GAMG;AACH,wBAAsB,SAAS,CAAC,CAAC,GAAG,OAAO,EACzC,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,GAAG,SAAS,GAAG,WAAW,GAAG,UAAU,EAC1D,OAAO,EAAE;IAAE,QAAQ,CAAC,UAAU,EAAE,SAAS,MAAM,EAAE,CAAA;CAAE,GAClD,OAAO,CAAC,CAAC,CAAC,CAkEZ"}

package/dist/jwt/index.js

@@ -0,0 +1,82 @@
+import { base64UrlDecode } from "../shared";
+function parseSegment(segment) {
+    const text = new TextDecoder().decode(base64UrlDecode(segment));
+    return JSON.parse(text);
+}
+/** Decode a JWT payload without signature verification. */
+export function decodeJwt(token) {
+    const segments = token.split(".");
+    if (segments.length < 2 || !segments[1]) {
+        throw new Error("pureq: invalid JWT format");
+    }
+    return parseSegment(segments[1]);
+}
+const SUPPORTED_ALGORITHMS = ["HS256", "RS256", "ES256"];
+function isSupportedAlgorithm(alg) {
+    return SUPPORTED_ALGORITHMS.includes(alg);
+}
+function algorithmParams(alg) {
+    switch (alg) {
+        case "HS256":
+            return { name: "HMAC", hash: "SHA-256" };
+        case "RS256":
+            return { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" };
+        case "ES256":
+            return { name: "ECDSA", namedCurve: "P-256" };
+    }
+}
+function verifyAlgorithmParams(alg) {
+    if (alg === "ES256") {
+        return { name: "ECDSA", hash: "SHA-256" };
+    }
+    return algorithmParams(alg);
+}
+/**
+ * Verify a JWT signature and return the decoded payload.
+ *
+ * @param token - The JWT string to verify.
+ * @param keyOrSecret - HMAC secret string, CryptoKey, or raw key bytes.
+ * @param options - Must include `algorithms` to prevent algorithm confusion attacks.
+ */
+export async function verifyJwt(token, keyOrSecret, options) {
+    const [headerSegment, payloadSegment, signatureSegment] = token.split(".");
+    if (!headerSegment || !payloadSegment) {
+        throw new Error("pureq: invalid JWT format");
+    }
+    const header = parseSegment(headerSegment);
+    const alg = header.alg ?? "";
+    // SEC-C1: Reject alg: "none" unconditionally
+    if (alg === "none" || alg === "") {
+        throw new Error("pureq: JWT algorithm \"none\" is not permitted");
+    }
+    if (!signatureSegment) {
+        throw new Error("pureq: invalid JWT format");
+    }
+    // SEC-C2: Reject algorithms not in the caller's allowlist
+    if (!options.algorithms.includes(alg)) {
+        throw new Error(`pureq: unsupported JWT algorithm ${alg}`);
+    }
+    if (!isSupportedAlgorithm(alg)) {
+        throw new Error(`pureq: JWT verification is not implemented for algorithm ${alg}`);
+    }
+    const unsigned = `${headerSegment}.${payloadSegment}`;
+    const encoder = new TextEncoder();
+    const signature = base64UrlDecode(signatureSegment);
+    let key;
+    if (keyOrSecret instanceof CryptoKey) {
+        key = keyOrSecret;
+    }
+    else if (typeof keyOrSecret === "string") {
+        key = await crypto.subtle.importKey("raw", encoder.encode(keyOrSecret), algorithmParams(alg), false, ["verify"]);
+    }
+    else {
+        const rawBytes = keyOrSecret instanceof ArrayBuffer ? new Uint8Array(keyOrSecret) : keyOrSecret;
+        key = await crypto.subtle.importKey("raw", rawBytes, algorithmParams(alg), false, ["verify"]);
+    }
+    const verified = await crypto.subtle.verify(verifyAlgorithmParams(alg), key, signature, encoder.encode(unsigned));
+    if (!verified) {
+        throw new Error("pureq: JWT signature verification failed");
+    }
+    return parseSegment(payloadSegment);
+}
+//# sourceMappingURL=index.js.map

package/dist/jwt/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/jwt/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,SAAS,YAAY,CAAI,OAAe;IACtC,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC;IAChE,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAM,CAAC;AAC/B,CAAC;AAED,2DAA2D;AAC3D,MAAM,UAAU,SAAS,CAAc,KAAa;IAClD,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,YAAY,CAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,oBAAoB,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAU,CAAC;AAGlE,SAAS,oBAAoB,CAAC,GAAW;IACvC,OAAQ,oBAA0C,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,eAAe,CAAC,GAAuB;IAC9C,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAsB,CAAC;QAC/D,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAA2B,CAAC;QACjF,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAuB,CAAC;IACvE,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,GAAuB;IACpD,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QACpB,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAiB,CAAC;IAC3D,CAAC;IACD,OAAO,eAAe,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,KAAa,EACb,WAA0D,EAC1D,OAAmD;IAEnD,MAAM,CAAC,aAAa,EAAE,cAAc,EAAE,gBAAgB,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3E,IAAI,CAAC,aAAa,IAAI,CAAC,cAAc,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAA4B,aAAa,CAAC,CAAC;IACtE,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC;IAE7B,6CAA6C;IAC7C,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,EAAE,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IAED,0DAA0D;IAC1D,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,oCAAoC,GAAG,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,4DAA4D,GAAG,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,QAAQ,GAAG,GAAG,aAAa,IAAI,cAAc,EAAE,CAAC;IACtD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,SAAS,GAAG,eAAe,CAAC,gBAAgB,CAAC,CAAC;IAEpD,IAAI,GAAc,CAAC;IAEnB,IAAI,WAAW,YAAY,SAAS,EAAE,CAAC;QACrC,GAAG,GAAG,WAAW,CAAC;IACpB,CAAC;SAAM,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;QAC3C,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACjC,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,EAC3B,eAAe,CAAC,GAAG,CAAC,EACpB,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,QAAQ,GAAG,WAAW,YAAY,WAAW,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;QAChG,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACjC,KAAK,EACL,QAAe,EACf,eAAe,CAAC,GAAG,CAAC,EACpB,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACzC,qBAAqB,CAAC,GAAG,CAAC,EAC1B,GAAG,EACH,SAAgB,EAChB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAQ,CAChC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IAED,OAAO,YAAY,CAAI,cAAc,CAAC,CAAC;AACzC,CAAC"}

package/dist/middleware/authBasic.d.ts

@@ -0,0 +1,5 @@
+import type { Middleware } from "@pureq/pureq";
+import type { AuthBasicOptions } from "../shared";
+/** HTTP Basic authentication middleware. SEC-H4: validates credentials for injection safety. */
+export declare function authBasic(options: AuthBasicOptions): Middleware;
+//# sourceMappingURL=authBasic.d.ts.map

package/dist/middleware/authBasic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authBasic.d.ts","sourceRoot":"","sources":["../../src/middleware/authBasic.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAiB,MAAM,cAAc,CAAC;AAE9D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAQlD,gGAAgG;AAChG,wBAAgB,SAAS,CAAC,OAAO,EAAE,gBAAgB,GAAG,UAAU,CAqB/D"}

package/dist/middleware/authBasic.js

@@ -0,0 +1,25 @@
+import { markPolicyMiddleware } from "@pureq/pureq";
+import { base64Encode, resolveStringValue, createAuthError } from "../shared";
+import { mergeHeaders } from "./common";
+function hasUnsafeChars(value) {
+    return /[\r\n\0]/u.test(value);
+}
+/** HTTP Basic authentication middleware. SEC-H4: validates credentials for injection safety. */
+export function authBasic(options) {
+    const headerName = options.header ?? "Authorization";
+    const middleware = async (req, next) => {
+        const username = await resolveStringValue(options.username);
+        const password = await resolveStringValue(options.password);
+        // SEC-H4: Reject username containing ':' and unsafe header chars
+        if (username.includes(":")) {
+            throw createAuthError("PUREQ_AUTH_INVALID_CREDENTIALS", "pureq: Basic auth username must not contain ':'");
+        }
+        if (hasUnsafeChars(username) || hasUnsafeChars(password)) {
+            throw createAuthError("PUREQ_AUTH_INVALID_CREDENTIALS", "pureq: Basic auth credentials contain unsafe characters");
+        }
+        const encoded = base64Encode(`${username}:${password}`);
+        return next(mergeHeaders(req, { [headerName]: `Basic ${encoded}` }));
+    };
+    return markPolicyMiddleware(middleware, { name: "authBasic", kind: "auth" });
+}
+//# sourceMappingURL=authBasic.js.map

package/dist/middleware/authBasic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authBasic.js","sourceRoot":"","sources":["../../src/middleware/authBasic.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEpD,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC9E,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,SAAS,cAAc,CAAC,KAAa;IACnC,OAAO,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACjC,CAAC;AAED,gGAAgG;AAChG,MAAM,UAAU,SAAS,CAAC,OAAyB;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,IAAI,eAAe,CAAC;IAErD,MAAM,UAAU,GAAe,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACjD,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE5D,iEAAiE;QACjE,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,eAAe,CAAC,gCAAgC,EAAE,iDAAiD,CAAC,CAAC;QAC7G,CAAC;QACD,IAAI,cAAc,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzD,MAAM,eAAe,CAAC,gCAAgC,EAAE,yDAAyD,CAAC,CAAC;QACrH,CAAC;QAED,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC;QAExD,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,SAAS,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC;IAEF,OAAO,oBAAoB,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;AAC/E,CAAC"}

package/dist/middleware/authBearer.d.ts

@@ -0,0 +1,4 @@
+import type { Middleware } from "@pureq/pureq";
+import type { AuthBearerOptions } from "../shared";
+export declare function authBearer(options: AuthBearerOptions): Middleware;
+//# sourceMappingURL=authBearer.d.ts.map

package/dist/middleware/authBearer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authBearer.d.ts","sourceRoot":"","sources":["../../src/middleware/authBearer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE/C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAUnD,wBAAgB,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,UAAU,CAoBjE"}

package/dist/middleware/authBearer.js

@@ -0,0 +1,26 @@
+import { markPolicyMiddleware } from "@pureq/pureq";
+import { buildAuthError } from "../shared";
+import { mergeHeaders } from "./common";
+const MAX_BEARER_TOKEN_LENGTH = 8192;
+function hasUnsafeHeaderChars(token) {
+    return /[\r\n\0]/u.test(token);
+}
+export function authBearer(options) {
+    const headerName = options.header ?? "Authorization";
+    const formatValue = options.formatValue ?? ((token) => `Bearer ${token}`);
+    const middleware = async (req, next) => {
+        const token = await options.getToken(req);
+        if (!token || !token.trim()) {
+            throw buildAuthError("PUREQ_AUTH_MISSING_TOKEN", "pureq: no authentication token available");
+        }
+        if (token.length > MAX_BEARER_TOKEN_LENGTH || hasUnsafeHeaderChars(token)) {
+            throw buildAuthError("PUREQ_AUTH_INVALID_TOKEN", "pureq: authentication token contains unsafe header value");
+        }
+        if (options.validate && !(await options.validate(token))) {
+            throw buildAuthError("PUREQ_AUTH_INVALID_TOKEN", "pureq: authentication token validation failed");
+        }
+        return next(mergeHeaders(req, { [headerName]: formatValue(token) }));
+    };
+    return markPolicyMiddleware(middleware, { name: "authBearer", kind: "auth" });
+}
+//# sourceMappingURL=authBearer.js.map

package/dist/middleware/authBearer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authBearer.js","sourceRoot":"","sources":["../../src/middleware/authBearer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEpD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,MAAM,uBAAuB,GAAG,IAAI,CAAC;AAErC,SAAS,oBAAoB,CAAC,KAAa;IACzC,OAAO,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,OAA0B;IACnD,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,IAAI,eAAe,CAAC;IACrD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC,KAAa,EAAE,EAAE,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC;IAElF,MAAM,UAAU,GAAe,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACjD,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;YAC5B,MAAM,cAAc,CAAC,0BAA0B,EAAE,0CAA0C,CAAC,CAAC;QAC/F,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,GAAG,uBAAuB,IAAI,oBAAoB,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1E,MAAM,cAAc,CAAC,0BAA0B,EAAE,0DAA0D,CAAC,CAAC;QAC/G,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,IAAI,CAAC,CAAC,MAAM,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACzD,MAAM,cAAc,CAAC,0BAA0B,EAAE,+CAA+C,CAAC,CAAC;QACpG,CAAC;QAED,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC;IAEF,OAAO,oBAAoB,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;AAChF,CAAC"}

package/dist/middleware/authCustom.d.ts

@@ -0,0 +1,4 @@
+import type { Middleware } from "@pureq/pureq";
+import type { AuthCustomOptions } from "../shared";
+export declare function authCustom(options: AuthCustomOptions): Middleware;
+//# sourceMappingURL=authCustom.d.ts.map

package/dist/middleware/authCustom.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authCustom.d.ts","sourceRoot":"","sources":["../../src/middleware/authCustom.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE/C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAInD,wBAAgB,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,UAAU,CAqBjE"}

package/dist/middleware/authCustom.js

@@ -0,0 +1,22 @@
+import { markPolicyMiddleware } from "@pureq/pureq";
+import { appendQueryParam, resolveStringValue } from "../shared";
+import { mergeHeaders } from "./common";
+export function authCustom(options) {
+    const middleware = async (req, next) => {
+        let nextReq = req;
+        if (options.header) {
+            nextReq = mergeHeaders(nextReq, {
+                [options.header.name]: await resolveStringValue(options.header.value),
+            });
+        }
+        if (options.queryParam) {
+            nextReq = {
+                ...nextReq,
+                url: appendQueryParam(nextReq.url, options.queryParam.name, await resolveStringValue(options.queryParam.value)),
+            };
+        }
+        return next(nextReq);
+    };
+    return markPolicyMiddleware(middleware, { name: "authCustom", kind: "auth" });
+}
+//# sourceMappingURL=authCustom.js.map

package/dist/middleware/authCustom.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authCustom.js","sourceRoot":"","sources":["../../src/middleware/authCustom.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEpD,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,MAAM,UAAU,UAAU,CAAC,OAA0B;IACnD,MAAM,UAAU,GAAe,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACjD,IAAI,OAAO,GAAG,GAAG,CAAC;QAElB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE;gBAC9B,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,kBAAkB,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;aACtE,CAAC,CAAC;QACL,CAAC;QAED,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,OAAO,GAAG;gBACR,GAAG,OAAO;gBACV,GAAG,EAAE,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;aAChH,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;IACvB,CAAC,CAAC;IAEF,OAAO,oBAAoB,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;AAChF,CAAC"}

package/dist/middleware/authRefresh.d.ts

@@ -0,0 +1,4 @@
+import type { Middleware } from "@pureq/pureq";
+import type { AuthRefreshOptions } from "../shared";
+export declare function authRefresh(options: AuthRefreshOptions): Middleware;
+//# sourceMappingURL=authRefresh.d.ts.map

package/dist/middleware/authRefresh.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authRefresh.d.ts","sourceRoot":"","sources":["../../src/middleware/authRefresh.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAiB,MAAM,cAAc,CAAC;AAE9D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAmBpD,wBAAgB,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,UAAU,CA6DnE"}

package/dist/middleware/authRefresh.js

@@ -0,0 +1,68 @@
+import { markPolicyMiddleware } from "@pureq/pureq";
+import { buildAuthError } from "../shared";
+import { mergeHeaders } from "./common";
+function readHeader(headers, name) {
+    if (!headers) {
+        return null;
+    }
+    const normalized = name.toLowerCase();
+    for (const [key, value] of Object.entries(headers)) {
+        if (key.toLowerCase() === normalized) {
+            return typeof value === "string" ? value : null;
+        }
+    }
+    return null;
+}
+export function authRefresh(options) {
+    const triggerStatus = options.triggerStatus ?? 401;
+    const maxAttempts = options.maxAttempts ?? 1;
+    const updateRequest = options.updateRequest ??
+        ((req, newToken) => mergeHeaders(req, { Authorization: `Bearer ${newToken}` }));
+    const getRefreshScopeKey = options.getRefreshScopeKey ??
+        ((req) => readHeader(req.headers, "authorization") ?? "__global_refresh_scope__");
+    const refreshByScope = new Map();
+    const getOrStartRefresh = (req) => {
+        const scopeKey = getRefreshScopeKey(req) || "__global_refresh_scope__";
+        const existing = refreshByScope.get(scopeKey);
+        if (existing) {
+            return existing;
+        }
+        const refreshPromise = options
+            .refresh(req)
+            .then(async (newToken) => {
+            await options.onSuccess?.(newToken);
+            return newToken;
+        })
+            .catch(async (error) => {
+            const normalized = error instanceof Error ? error : new Error(String(error));
+            await options.onFailure?.(normalized);
+            throw normalized;
+        })
+            .finally(() => {
+            refreshByScope.delete(scopeKey);
+        });
+        refreshByScope.set(scopeKey, refreshPromise);
+        return refreshPromise;
+    };
+    const middleware = async (req, next) => {
+        let attempts = 0;
+        let currentReq = req;
+        while (attempts <= maxAttempts) {
+            const response = await next(currentReq);
+            if (response.status !== triggerStatus || attempts >= maxAttempts) {
+                return response;
+            }
+            attempts += 1;
+            try {
+                const newToken = await getOrStartRefresh(currentReq);
+                currentReq = updateRequest(currentReq, newToken);
+            }
+            catch (error) {
+                throw buildAuthError("PUREQ_AUTH_REFRESH_FAILED", "pureq: token refresh failed", error);
+            }
+        }
+        throw buildAuthError("PUREQ_AUTH_UNAUTHORIZED", "pureq: authentication refresh loop exited unexpectedly");
+    };
+    return markPolicyMiddleware(middleware, { name: "authRefresh", kind: "auth" });
+}
+//# sourceMappingURL=authRefresh.js.map

package/dist/middleware/authRefresh.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authRefresh.js","sourceRoot":"","sources":["../../src/middleware/authRefresh.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEpD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,SAAS,UAAU,CAAC,OAAiC,EAAE,IAAY;IACjE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACtC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,UAAU,EAAE,CAAC;YACrC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAClD,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAA2B;IACrD,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,GAAG,CAAC;IACnD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC;IAC7C,MAAM,aAAa,GACjB,OAAO,CAAC,aAAa;QACrB,CAAC,CAAC,GAAkB,EAAE,QAAgB,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,UAAU,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC;IACzG,MAAM,kBAAkB,GACtB,OAAO,CAAC,kBAAkB;QAC1B,CAAC,CAAC,GAA4B,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,0BAA0B,CAAC,CAAC;IAC7G,MAAM,cAAc,GAAG,IAAI,GAAG,EAA2B,CAAC;IAE1D,MAAM,iBAAiB,GAAG,CAAC,GAA4B,EAAmB,EAAE;QAC1E,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,0BAA0B,CAAC;QACvE,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9C,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,MAAM,cAAc,GAAG,OAAO;aAC3B,OAAO,CAAC,GAAG,CAAC;aACZ,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;YACvB,MAAM,OAAO,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,CAAC;YACpC,OAAO,QAAQ,CAAC;QAClB,CAAC,CAAC;aACD,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACrB,MAAM,UAAU,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YAC7E,MAAM,OAAO,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,CAAC;YACtC,MAAM,UAAU,CAAC;QACnB,CAAC,CAAC;aACD,OAAO,CAAC,GAAG,EAAE;YACZ,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEL,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;QAC7C,OAAO,cAAc,CAAC;IACxB,CAAC,CAAC;IAEF,MAAM,UAAU,GAAe,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACjD,IAAI,QAAQ,GAAG,CAAC,CAAC;QACjB,IAAI,UAAU,GAAG,GAAG,CAAC;QAErB,OAAO,QAAQ,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,CAAC;YACxC,IAAI,QAAQ,CAAC,MAAM,KAAK,aAAa,IAAI,QAAQ,IAAI,WAAW,EAAE,CAAC;gBACjE,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,QAAQ,IAAI,CAAC,CAAC;YAEd,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,UAAU,CAAC,CAAC;gBACrD,UAAU,GAAG,aAAa,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YACnD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,cAAc,CAAC,2BAA2B,EAAE,6BAA6B,EAAE,KAAK,CAAC,CAAC;YAC1F,CAAC;QACH,CAAC;QAED,MAAM,cAAc,CAAC,yBAAyB,EAAE,wDAAwD,CAAC,CAAC;IAC5G,CAAC,CAAC;IAEF,OAAO,oBAAoB,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;AACjF,CAAC"}

package/dist/middleware/authSession.d.ts

@@ -0,0 +1,5 @@
+import type { Middleware } from "@pureq/pureq";
+import type { AuthSessionMiddlewareOptions } from "../shared";
+/** Session middleware — refreshes tokens as needed and injects the access token into the request (DX-L2). */
+export declare function authSession(options: AuthSessionMiddlewareOptions): Middleware;
+//# sourceMappingURL=authSession.d.ts.map

package/dist/middleware/authSession.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authSession.d.ts","sourceRoot":"","sources":["../../src/middleware/authSession.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAiB,MAAM,cAAc,CAAC;AAE9D,OAAO,KAAK,EAAE,4BAA4B,EAAoB,MAAM,WAAW,CAAC;AAchF,6GAA6G;AAC7G,wBAAgB,WAAW,CAAC,OAAO,EAAE,4BAA4B,GAAG,UAAU,CAwB7E"}

package/dist/middleware/authSession.js

@@ -0,0 +1,35 @@
+import { markPolicyMiddleware } from "@pureq/pureq";
+import { buildAuthError } from "../shared";
+import { mergeHeaders } from "./common";
+async function ensureAuthState(options) {
+    try {
+        return await options.session.refreshIfNeeded(options.refresh, options.refreshThresholdMs ?? 60000);
+    }
+    catch (error) {
+        const normalized = error instanceof Error ? error : new Error(String(error));
+        await options.onRefreshError?.(normalized);
+        throw buildAuthError("PUREQ_AUTH_REFRESH_FAILED", "pureq: failed to refresh session token", error);
+    }
+}
+/** Session middleware — refreshes tokens as needed and injects the access token into the request (DX-L2). */
+export function authSession(options) {
+    const middleware = async (req, next) => {
+        const before = await options.session.getState();
+        const state = await ensureAuthState(options);
+        const refreshed = before.accessToken !== state.accessToken;
+        if (refreshed) {
+            await options.onRefreshed?.(state);
+        }
+        if ((options.requireAccessToken ?? true) && !state.accessToken) {
+            throw buildAuthError("PUREQ_AUTH_MISSING_TOKEN", "pureq: no active session access token");
+        }
+        // DX-L2: Inject the current access token into the request
+        let nextReq = req;
+        if (state.accessToken) {
+            nextReq = mergeHeaders(req, { Authorization: `Bearer ${state.accessToken}` });
+        }
+        return next(nextReq);
+    };
+    return markPolicyMiddleware(middleware, { name: "authSession", kind: "auth" });
+}
+//# sourceMappingURL=authSession.js.map

package/dist/middleware/authSession.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authSession.js","sourceRoot":"","sources":["../../src/middleware/authSession.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEpD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,KAAK,UAAU,eAAe,CAAC,OAAqC;IAClE,IAAI,CAAC;QACH,OAAO,MAAM,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,kBAAkB,IAAI,KAAM,CAAC,CAAC;IACtG,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,UAAU,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC7E,MAAM,OAAO,CAAC,cAAc,EAAE,CAAC,UAAU,CAAC,CAAC;QAC3C,MAAM,cAAc,CAAC,2BAA2B,EAAE,wCAAwC,EAAE,KAAK,CAAC,CAAC;IACrG,CAAC;AACH,CAAC;AAED,6GAA6G;AAC7G,MAAM,UAAU,WAAW,CAAC,OAAqC;IAC/D,MAAM,UAAU,GAAe,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACjD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QAChD,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC;QAE7C,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,KAAK,KAAK,CAAC,WAAW,CAAC;QAC3D,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC;QACrC,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,kBAAkB,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;YAC/D,MAAM,cAAc,CAAC,0BAA0B,EAAE,uCAAuC,CAAC,CAAC;QAC5F,CAAC;QAED,0DAA0D;QAC1D,IAAI,OAAO,GAAG,GAAG,CAAC;QAClB,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,GAAG,YAAY,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;IACvB,CAAC,CAAC;IAEF,OAAO,oBAAoB,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;AACjF,CAAC"}

package/dist/middleware/broadcastSync.d.ts

@@ -0,0 +1,7 @@
+import type { Middleware } from "@pureq/pureq";
+import type { BroadcastSyncOptions } from "../shared";
+/** DX-L1: BroadcastSync with dispose support. */
+export declare function withBroadcastSync(options: BroadcastSyncOptions): Middleware & {
+    dispose(): void;
+};
+//# sourceMappingURL=broadcastSync.d.ts.map

package/dist/middleware/broadcastSync.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"broadcastSync.d.ts","sourceRoot":"","sources":["../../src/middleware/broadcastSync.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE/C,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAEtD,iDAAiD;AACjD,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,oBAAoB,GAAG,UAAU,GAAG;IAAE,OAAO,IAAI,IAAI,CAAA;CAAE,CAqCjG"}

package/dist/middleware/broadcastSync.js

@@ -0,0 +1,36 @@
+import { markPolicyMiddleware } from "@pureq/pureq";
+/** DX-L1: BroadcastSync with dispose support. */
+export function withBroadcastSync(options) {
+    const channelName = options.channel ?? "auth:token";
+    let initialized = false;
+    let channel = null;
+    const initialize = () => {
+        if (initialized || typeof BroadcastChannel !== "function") {
+            initialized = true;
+            return;
+        }
+        channel = new BroadcastChannel(channelName);
+        channel.onmessage = (event) => {
+            const token = typeof event.data === "string" ? event.data : event.data?.token;
+            if (typeof token === "string" && token.length > 0) {
+                void options.onRemoteRefresh(token);
+            }
+        };
+        initialized = true;
+    };
+    const middleware = async (req, next) => {
+        initialize();
+        return next(req);
+    };
+    const marked = markPolicyMiddleware(middleware, { name: "withBroadcastSync", kind: "auth" });
+    return Object.assign(marked, {
+        dispose() {
+            if (channel) {
+                channel.onmessage = null;
+                channel.close();
+                channel = null;
+            }
+        },
+    });
+}
+//# sourceMappingURL=broadcastSync.js.map

package/dist/middleware/broadcastSync.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"broadcastSync.js","sourceRoot":"","sources":["../../src/middleware/broadcastSync.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAGpD,iDAAiD;AACjD,MAAM,UAAU,iBAAiB,CAAC,OAA6B;IAC7D,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,IAAI,YAAY,CAAC;IACpD,IAAI,WAAW,GAAG,KAAK,CAAC;IACxB,IAAI,OAAO,GAA4B,IAAI,CAAC;IAE5C,MAAM,UAAU,GAAG,GAAS,EAAE;QAC5B,IAAI,WAAW,IAAI,OAAO,gBAAgB,KAAK,UAAU,EAAE,CAAC;YAC1D,WAAW,GAAG,IAAI,CAAC;YACnB,OAAO;QACT,CAAC;QAED,OAAO,GAAG,IAAI,gBAAgB,CAAC,WAAW,CAAC,CAAC;QAC5C,OAAO,CAAC,SAAS,GAAG,CAAC,KAAK,EAAE,EAAE;YAC5B,MAAM,KAAK,GAAG,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC;YAC9E,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClD,KAAK,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YACtC,CAAC;QACH,CAAC,CAAC;QACF,WAAW,GAAG,IAAI,CAAC;IACrB,CAAC,CAAC;IAEF,MAAM,UAAU,GAAe,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACjD,UAAU,EAAE,CAAC;QACb,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC,CAAC;IAEF,MAAM,MAAM,GAAG,oBAAoB,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IAE7F,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE;QAC3B,OAAO;YACL,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;gBACzB,OAAO,CAAC,KAAK,EAAE,CAAC;gBAChB,OAAO,GAAG,IAAI,CAAC;YACjB,CAAC;QACH,CAAC;KACF,CAAC,CAAC;AACL,CAAC"}

package/dist/middleware/common.d.ts

@@ -0,0 +1,3 @@
+import type { RequestConfig } from "@pureq/pureq";
+export declare function mergeHeaders(req: RequestConfig, headers: Readonly<Record<string, string>>): RequestConfig;
+//# sourceMappingURL=common.d.ts.map

package/dist/middleware/common.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../src/middleware/common.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAElD,wBAAgB,YAAY,CAAC,GAAG,EAAE,aAAa,EAAE,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,GAAG,aAAa,CAQzG"}

package/dist/middleware/common.js

@@ -0,0 +1,10 @@
+export function mergeHeaders(req, headers) {
+    return {
+        ...req,
+        headers: {
+            ...req.headers,
+            ...headers,
+        },
+    };
+}
+//# sourceMappingURL=common.js.map

package/dist/middleware/common.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.js","sourceRoot":"","sources":["../../src/middleware/common.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,YAAY,CAAC,GAAkB,EAAE,OAAyC;IACxF,OAAO;QACL,GAAG,GAAG;QACN,OAAO,EAAE;YACP,GAAG,GAAG,CAAC,OAAO;YACd,GAAG,OAAO;SACX;KACF,CAAC;AACJ,CAAC"}

package/dist/middleware/index.d.ts

@@ -0,0 +1,8 @@
+export { authBearer } from "./authBearer";
+export { authRefresh } from "./authRefresh";
+export { authSession } from "./authSession";
+export { withTokenLifecycle } from "./tokenLifecycle";
+export { authBasic } from "./authBasic";
+export { authCustom } from "./authCustom";
+export { withBroadcastSync } from "./broadcastSync";
+//# sourceMappingURL=index.d.ts.map

package/dist/middleware/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/middleware/index.js

@@ -0,0 +1,8 @@
+export { authBearer } from "./authBearer";
+export { authRefresh } from "./authRefresh";
+export { authSession } from "./authSession";
+export { withTokenLifecycle } from "./tokenLifecycle";
+export { authBasic } from "./authBasic";
+export { authCustom } from "./authCustom";
+export { withBroadcastSync } from "./broadcastSync";
+//# sourceMappingURL=index.js.map

package/dist/middleware/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/middleware/tokenLifecycle.d.ts

@@ -0,0 +1,4 @@
+import type { Middleware } from "@pureq/pureq";
+import type { TokenLifecycleOptions } from "../shared";
+export declare function withTokenLifecycle(options: TokenLifecycleOptions): Middleware;
+//# sourceMappingURL=tokenLifecycle.d.ts.map

package/dist/middleware/tokenLifecycle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenLifecycle.d.ts","sourceRoot":"","sources":["../../src/middleware/tokenLifecycle.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE/C,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAIvD,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,qBAAqB,GAAG,UAAU,CAiD7E"}