@qwickapps/server 1.1.9 → 1.3.0

package/dist/plugins/auth/auth-plugin.js

@@ -0,0 +1,255 @@
+/**
+ * Auth Plugin
+ *
+ * Pluggable authentication plugin for @qwickapps/server.
+ * Supports multiple adapters (Auth0, Supabase, Basic) with fallback chain.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+// Store the plugin instance for helper access
+let currentAdapter = null;
+let fallbackAdapters = [];
+/**
+ * Create the Auth plugin
+ */
+export function createAuthPlugin(config) {
+    const excludePaths = config.excludePaths || [];
+    const authRequired = config.authRequired !== false;
+    const debug = config.debug || false;
+    function log(message, data) {
+        if (debug) {
+            console.log(`[AuthPlugin] ${message}`, data || '');
+        }
+    }
+    return {
+        id: 'auth',
+        name: 'Auth Plugin',
+        version: '1.0.0',
+        async onStart(_pluginConfig, registry) {
+            const app = registry.getApp();
+            // Store adapters for helper access
+            currentAdapter = config.adapter;
+            fallbackAdapters = config.fallback || [];
+            log('Initializing auth plugin', {
+                adapter: config.adapter.name,
+                fallback: fallbackAdapters.map((a) => a.name),
+                excludePaths,
+                authRequired,
+            });
+            // Initialize the primary adapter
+            const primaryMiddleware = config.adapter.initialize();
+            if (Array.isArray(primaryMiddleware)) {
+                primaryMiddleware.forEach((mw) => app.use(mw));
+            }
+            else {
+                app.use(primaryMiddleware);
+            }
+            // Initialize fallback adapters
+            for (const fallback of fallbackAdapters) {
+                const fallbackMiddleware = fallback.initialize();
+                if (Array.isArray(fallbackMiddleware)) {
+                    fallbackMiddleware.forEach((mw) => app.use(mw));
+                }
+                else {
+                    app.use(fallbackMiddleware);
+                }
+            }
+            // Add the auth checking middleware
+            app.use(createAuthMiddleware());
+            // Register auth status route
+            registry.addRoute({
+                method: 'get',
+                path: '/api/auth/status',
+                handler: (_req, res) => {
+                    const authReq = _req;
+                    res.json({
+                        authenticated: authReq.auth?.isAuthenticated || false,
+                        user: authReq.auth?.user
+                            ? {
+                                id: authReq.auth.user.id,
+                                email: authReq.auth.user.email,
+                                name: authReq.auth.user.name,
+                                picture: authReq.auth.user.picture,
+                                roles: authReq.auth.user.roles,
+                            }
+                            : null,
+                        adapter: authReq.auth?.adapter,
+                    });
+                },
+                pluginId: 'auth',
+            });
+            log('Auth plugin initialized');
+        },
+        async onStop() {
+            log('Shutting down auth plugin');
+            // Cleanup adapters
+            if (currentAdapter?.shutdown) {
+                await currentAdapter.shutdown();
+            }
+            for (const fallback of fallbackAdapters) {
+                if (fallback.shutdown) {
+                    await fallback.shutdown();
+                }
+            }
+            currentAdapter = null;
+            fallbackAdapters = [];
+        },
+    };
+    /**
+     * Create the auth checking middleware
+     */
+    function createAuthMiddleware() {
+        return async (req, res, next) => {
+            const authReq = req;
+            // Initialize auth object
+            authReq.auth = {
+                isAuthenticated: false,
+                user: null,
+                adapter: 'none',
+            };
+            // Check if path is excluded
+            const isExcluded = excludePaths.some((path) => {
+                if (path.endsWith('*')) {
+                    return req.path.startsWith(path.slice(0, -1));
+                }
+                return req.path === path || req.path.startsWith(path + '/');
+            });
+            if (isExcluded) {
+                log('Path excluded from auth', { path: req.path });
+                return next();
+            }
+            // Try primary adapter
+            let authenticated = false;
+            let user = null;
+            let activeAdapter = config.adapter;
+            if (config.adapter.isAuthenticated(req)) {
+                user = await Promise.resolve(config.adapter.getUser(req));
+                if (user) {
+                    authenticated = true;
+                    log('Authenticated via primary adapter', { adapter: config.adapter.name });
+                }
+            }
+            // Try fallback adapters if primary didn't authenticate
+            if (!authenticated && fallbackAdapters.length > 0) {
+                for (const fallback of fallbackAdapters) {
+                    if (fallback.isAuthenticated(req)) {
+                        user = await Promise.resolve(fallback.getUser(req));
+                        if (user) {
+                            authenticated = true;
+                            activeAdapter = fallback;
+                            log('Authenticated via fallback adapter', { adapter: fallback.name });
+                            break;
+                        }
+                    }
+                }
+            }
+            // Set auth info on request
+            authReq.auth = {
+                isAuthenticated: authenticated,
+                user,
+                adapter: activeAdapter.name,
+                accessToken: activeAdapter.getAccessToken?.(req) || undefined,
+            };
+            // Check if auth is required but user is not authenticated
+            if (authRequired && !authenticated) {
+                log('Auth required but not authenticated', { path: req.path });
+                // Use custom handler if provided
+                if (config.onUnauthorized) {
+                    return config.onUnauthorized(req, res);
+                }
+                // Use adapter's unauthorized handler
+                if (activeAdapter.onUnauthorized) {
+                    return activeAdapter.onUnauthorized(req, res);
+                }
+                // Default unauthorized response
+                return res.status(401).json({
+                    error: 'Unauthorized',
+                    message: 'Authentication required',
+                });
+            }
+            next();
+        };
+    }
+}
+/**
+ * Check if the current request is authenticated
+ */
+export function isAuthenticated(req) {
+    const authReq = req;
+    return authReq.auth?.isAuthenticated || false;
+}
+/**
+ * Get the authenticated user from the request
+ */
+export function getAuthenticatedUser(req) {
+    const authReq = req;
+    return authReq.auth?.user || null;
+}
+/**
+ * Get the access token from the request
+ */
+export function getAccessToken(req) {
+    const authReq = req;
+    return authReq.auth?.accessToken || null;
+}
+/**
+ * Middleware to require authentication
+ */
+export function requireAuth() {
+    return (req, res, next) => {
+        if (!isAuthenticated(req)) {
+            return res.status(401).json({
+                error: 'Unauthorized',
+                message: 'Authentication required',
+            });
+        }
+        next();
+    };
+}
+/**
+ * Middleware to require specific roles
+ */
+export function requireRoles(...roles) {
+    return (req, res, next) => {
+        const user = getAuthenticatedUser(req);
+        if (!user) {
+            return res.status(401).json({
+                error: 'Unauthorized',
+                message: 'Authentication required',
+            });
+        }
+        const userRoles = user.roles || [];
+        const hasAllRoles = roles.every((role) => userRoles.includes(role));
+        if (!hasAllRoles) {
+            return res.status(403).json({
+                error: 'Forbidden',
+                message: `Required roles: ${roles.join(', ')}`,
+            });
+        }
+        next();
+    };
+}
+/**
+ * Middleware to require any of the specified roles
+ */
+export function requireAnyRole(...roles) {
+    return (req, res, next) => {
+        const user = getAuthenticatedUser(req);
+        if (!user) {
+            return res.status(401).json({
+                error: 'Unauthorized',
+                message: 'Authentication required',
+            });
+        }
+        const userRoles = user.roles || [];
+        const hasAnyRole = roles.some((role) => userRoles.includes(role));
+        if (!hasAnyRole) {
+            return res.status(403).json({
+                error: 'Forbidden',
+                message: `Required one of roles: ${roles.join(', ')}`,
+            });
+        }
+        next();
+    };
+}
+//# sourceMappingURL=auth-plugin.js.map

package/dist/plugins/auth/auth-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-plugin.js","sourceRoot":"","sources":["../../../src/plugins/auth/auth-plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAWH,8CAA8C;AAC9C,IAAI,cAAc,GAAuB,IAAI,CAAC;AAC9C,IAAI,gBAAgB,GAAkB,EAAE,CAAC;AAEzC;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAwB;IACvD,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC;IAC/C,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,KAAK,KAAK,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,KAAK,CAAC;IAEpC,SAAS,GAAG,CAAC,OAAe,EAAE,IAA8B;QAC1D,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,OAAO;QACL,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,OAAO;QAEhB,KAAK,CAAC,OAAO,CAAC,aAA2B,EAAE,QAAwB;YACjE,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;YAE9B,mCAAmC;YACnC,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC;YAChC,gBAAgB,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;YAEzC,GAAG,CAAC,0BAA0B,EAAE;gBAC9B,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;gBAC5B,QAAQ,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC7C,YAAY;gBACZ,YAAY;aACb,CAAC,CAAC;YAEH,iCAAiC;YACjC,MAAM,iBAAiB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;YACtD,IAAI,KAAK,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBACrC,iBAAiB,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YAC7B,CAAC;YAED,+BAA+B;YAC/B,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;gBACxC,MAAM,kBAAkB,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;gBACjD,IAAI,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;oBACtC,kBAAkB,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;gBAClD,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC;YAED,mCAAmC;YACnC,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,CAAC;YAEhC,6BAA6B;YAC7B,QAAQ,CAAC,QAAQ,CAAC;gBAChB,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,kBAAkB;gBACxB,OAAO,EAAE,CAAC,IAAa,EAAE,GAAa,EAAE,EAAE;oBACxC,MAAM,OAAO,GAAG,IAA4B,CAAC;oBAC7C,GAAG,CAAC,IAAI,CAAC;wBACP,aAAa,EAAE,OAAO,CAAC,IAAI,EAAE,eAAe,IAAI,KAAK;wBACrD,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI;4BACtB,CAAC,CAAC;gCACE,EAAE,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gCACxB,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;gCAC9B,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;gCAC5B,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO;gCAClC,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;6BAC/B;4BACH,CAAC,CAAC,IAAI;wBACR,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE,OAAO;qBAC/B,CAAC,CAAC;gBACL,CAAC;gBACD,QAAQ,EAAE,MAAM;aACjB,CAAC,CAAC;YAEH,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACjC,CAAC;QAED,KAAK,CAAC,MAAM;YACV,GAAG,CAAC,2BAA2B,CAAC,CAAC;YAEjC,mBAAmB;YACnB,IAAI,cAAc,EAAE,QAAQ,EAAE,CAAC;gBAC7B,MAAM,cAAc,CAAC,QAAQ,EAAE,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;gBACxC,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;oBACtB,MAAM,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBAC5B,CAAC;YACH,CAAC;YAED,cAAc,GAAG,IAAI,CAAC;YACtB,gBAAgB,GAAG,EAAE,CAAC;QACxB,CAAC;KACF,CAAC;IAEF;;OAEG;IACH,SAAS,oBAAoB;QAC3B,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAC/D,MAAM,OAAO,GAAG,GAA2B,CAAC;YAE5C,yBAAyB;YACzB,OAAO,CAAC,IAAI,GAAG;gBACb,eAAe,EAAE,KAAK;gBACtB,IAAI,EAAE,IAAI;gBACV,OAAO,EAAE,MAAM;aAChB,CAAC;YAEF,4BAA4B;YAC5B,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;gBAC5C,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACvB,OAAO,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;gBAChD,CAAC;gBACD,OAAO,GAAG,CAAC,IAAI,KAAK,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC;YAC9D,CAAC,CAAC,CAAC;YAEH,IAAI,UAAU,EAAE,CAAC;gBACf,GAAG,CAAC,yBAAyB,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;gBACnD,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;YAED,sBAAsB;YACtB,IAAI,aAAa,GAAG,KAAK,CAAC;YAC1B,IAAI,IAAI,GAA6B,IAAI,CAAC;YAC1C,IAAI,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC;YAEnC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,IAAI,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC1D,IAAI,IAAI,EAAE,CAAC;oBACT,aAAa,GAAG,IAAI,CAAC;oBACrB,GAAG,CAAC,mCAAmC,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC7E,CAAC;YACH,CAAC;YAED,uDAAuD;YACvD,IAAI,CAAC,aAAa,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClD,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;oBACxC,IAAI,QAAQ,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;wBAClC,IAAI,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;wBACpD,IAAI,IAAI,EAAE,CAAC;4BACT,aAAa,GAAG,IAAI,CAAC;4BACrB,aAAa,GAAG,QAAQ,CAAC;4BACzB,GAAG,CAAC,oCAAoC,EAAE,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;4BACtE,MAAM;wBACR,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,2BAA2B;YAC3B,OAAO,CAAC,IAAI,GAAG;gBACb,eAAe,EAAE,aAAa;gBAC9B,IAAI;gBACJ,OAAO,EAAE,aAAa,CAAC,IAAI;gBAC3B,WAAW,EAAE,aAAa,CAAC,cAAc,EAAE,CAAC,GAAG,CAAC,IAAI,SAAS;aAC9D,CAAC;YAEF,0DAA0D;YAC1D,IAAI,YAAY,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnC,GAAG,CAAC,qCAAqC,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;gBAE/D,iCAAiC;gBACjC,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;oBAC1B,OAAO,MAAM,CAAC,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACzC,CAAC;gBAED,qCAAqC;gBACrC,IAAI,aAAa,CAAC,cAAc,EAAE,CAAC;oBACjC,OAAO,aAAa,CAAC,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBAChD,CAAC;gBAED,gCAAgC;gBAChC,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC1B,KAAK,EAAE,cAAc;oBACrB,OAAO,EAAE,yBAAyB;iBACnC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,EAAE,CAAC;QACT,CAAC,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,GAAY;IAC1C,MAAM,OAAO,GAAG,GAA2B,CAAC;IAC5C,OAAO,OAAO,CAAC,IAAI,EAAE,eAAe,IAAI,KAAK,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAY;IAC/C,MAAM,OAAO,GAAG,GAA2B,CAAC;IAC5C,OAAO,OAAO,CAAC,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,MAAM,OAAO,GAAG,GAA2B,CAAC;IAC5C,OAAO,OAAO,CAAC,IAAI,EAAE,WAAW,IAAI,IAAI,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QACzD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,yBAAyB;aACnC,CAAC,CAAC;QACL,CAAC;QACD,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,GAAG,KAAe;IAC7C,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QACzD,MAAM,IAAI,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAEvC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,yBAAyB;aACnC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QACnC,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAEpE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,KAAK,EAAE,WAAW;gBAClB,OAAO,EAAE,mBAAmB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aAC/C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,GAAG,KAAe;IAC/C,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QACzD,MAAM,IAAI,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAEvC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,yBAAyB;aACnC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QACnC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAElE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,KAAK,EAAE,WAAW;gBAClB,OAAO,EAAE,0BAA0B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aACtD,CAAC,CAAC;QACL,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC"}

package/dist/plugins/auth/auth-plugin.test.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Auth Plugin Tests
+ *
+ * Unit tests for the authentication plugin and adapters.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+export {};
+//# sourceMappingURL=auth-plugin.test.d.ts.map

package/dist/plugins/auth/auth-plugin.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-plugin.test.d.ts","sourceRoot":"","sources":["../../../src/plugins/auth/auth-plugin.test.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}

package/dist/plugins/auth/auth-plugin.test.js

@@ -0,0 +1,147 @@
+/**
+ * Auth Plugin Tests
+ *
+ * Unit tests for the authentication plugin and adapters.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { basicAdapter } from './adapters/basic-adapter.js';
+// Mock request/response helpers
+function createMockRequest(overrides = {}) {
+    return {
+        headers: {},
+        path: '/',
+        originalUrl: '/',
+        ...overrides,
+    };
+}
+function createMockResponse() {
+    const res = {
+        status: vi.fn().mockReturnThis(),
+        json: vi.fn().mockReturnThis(),
+        setHeader: vi.fn().mockReturnThis(),
+        redirect: vi.fn().mockReturnThis(),
+    };
+    return res;
+}
+describe('basicAdapter', () => {
+    const config = {
+        username: 'admin',
+        password: 'secret123',
+        realm: 'Test Realm',
+    };
+    let adapter;
+    beforeEach(() => {
+        adapter = basicAdapter(config);
+    });
+    describe('name', () => {
+        it('should return "basic"', () => {
+            expect(adapter.name).toBe('basic');
+        });
+    });
+    describe('initialize', () => {
+        it('should return a pass-through middleware', () => {
+            const middleware = adapter.initialize();
+            const req = createMockRequest();
+            const res = createMockResponse();
+            const next = vi.fn();
+            // Handle both single middleware and array of middlewares
+            if (Array.isArray(middleware)) {
+                middleware[0](req, res, next);
+            }
+            else {
+                middleware(req, res, next);
+            }
+            expect(next).toHaveBeenCalled();
+        });
+    });
+    describe('isAuthenticated', () => {
+        it('should return true for valid basic auth credentials', () => {
+            const expectedAuth = `Basic ${Buffer.from('admin:secret123').toString('base64')}`;
+            const req = createMockRequest({
+                headers: { authorization: expectedAuth },
+            });
+            expect(adapter.isAuthenticated(req)).toBe(true);
+        });
+        it('should return false for invalid credentials', () => {
+            const wrongAuth = `Basic ${Buffer.from('admin:wrongpassword').toString('base64')}`;
+            const req = createMockRequest({
+                headers: { authorization: wrongAuth },
+            });
+            expect(adapter.isAuthenticated(req)).toBe(false);
+        });
+        it('should return false for missing authorization header', () => {
+            const req = createMockRequest();
+            expect(adapter.isAuthenticated(req)).toBe(false);
+        });
+        it('should return false for non-basic auth header', () => {
+            const req = createMockRequest({
+                headers: { authorization: 'Bearer some-token' },
+            });
+            expect(adapter.isAuthenticated(req)).toBe(false);
+        });
+    });
+    describe('getUser', () => {
+        it('should return user for authenticated request', async () => {
+            const expectedAuth = `Basic ${Buffer.from('admin:secret123').toString('base64')}`;
+            const req = createMockRequest({
+                headers: { authorization: expectedAuth },
+            });
+            const user = await Promise.resolve(adapter.getUser(req));
+            expect(user).not.toBeNull();
+            expect(user?.id).toBe('basic-auth-user');
+            expect(user?.email).toBe('admin@localhost');
+            expect(user?.name).toBe('admin');
+            expect(user?.roles).toContain('admin');
+        });
+        it('should return null for unauthenticated request', async () => {
+            const req = createMockRequest();
+            expect(await Promise.resolve(adapter.getUser(req))).toBeNull();
+        });
+    });
+    describe('hasRoles', () => {
+        it('should return true if user has the role', () => {
+            const expectedAuth = `Basic ${Buffer.from('admin:secret123').toString('base64')}`;
+            const req = createMockRequest({
+                headers: { authorization: expectedAuth },
+            });
+            expect(adapter.hasRoles(req, ['admin'])).toBe(true);
+        });
+        it('should return false if user does not have the role', () => {
+            const expectedAuth = `Basic ${Buffer.from('admin:secret123').toString('base64')}`;
+            const req = createMockRequest({
+                headers: { authorization: expectedAuth },
+            });
+            expect(adapter.hasRoles(req, ['superadmin'])).toBe(false);
+        });
+    });
+    describe('onUnauthorized', () => {
+        it('should set WWW-Authenticate header and return 401', () => {
+            const req = createMockRequest();
+            const res = createMockResponse();
+            adapter.onUnauthorized(req, res);
+            expect(res.setHeader).toHaveBeenCalledWith('WWW-Authenticate', 'Basic realm="Test Realm"');
+            expect(res.status).toHaveBeenCalledWith(401);
+            expect(res.json).toHaveBeenCalledWith({
+                error: 'Unauthorized',
+                message: 'Authentication required.',
+            });
+        });
+    });
+});
+describe('Auth Plugin helpers', () => {
+    // These tests would require more complex setup with express app
+    // For now, we test the basic functionality
+    it('should export all required functions', async () => {
+        const authModule = await import('./auth-plugin.js');
+        expect(authModule.createAuthPlugin).toBeDefined();
+        expect(authModule.isAuthenticated).toBeDefined();
+        expect(authModule.getAuthenticatedUser).toBeDefined();
+        expect(authModule.getAccessToken).toBeDefined();
+        expect(authModule.requireAuth).toBeDefined();
+        expect(authModule.requireRoles).toBeDefined();
+        expect(authModule.requireAnyRole).toBeDefined();
+    });
+});
+//# sourceMappingURL=auth-plugin.test.js.map

package/dist/plugins/auth/auth-plugin.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-plugin.test.js","sourceRoot":"","sources":["../../../src/plugins/auth/auth-plugin.test.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9D,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAG3D,gCAAgC;AAChC,SAAS,iBAAiB,CAAC,YAA8B,EAAE;IACzD,OAAO;QACL,OAAO,EAAE,EAAE;QACX,IAAI,EAAE,GAAG;QACT,WAAW,EAAE,GAAG;QAChB,GAAG,SAAS;KACS,CAAC;AAC1B,CAAC;AAED,SAAS,kBAAkB;IACzB,MAAM,GAAG,GAAG;QACV,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE;QAChC,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE;QAC9B,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE;QACnC,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,cAAc,EAAE;KACnC,CAAC;IACF,OAAO,GAA0B,CAAC;AACpC,CAAC;AAED,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE,OAAO;QACjB,QAAQ,EAAE,WAAW;QACrB,KAAK,EAAE,YAAY;KACpB,CAAC;IAEF,IAAI,OAAwC,CAAC;IAE7C,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,MAAM,EAAE,GAAG,EAAE;QACpB,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;YACxC,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,kBAAkB,EAAE,CAAC;YACjC,MAAM,IAAI,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;YAErB,yDAAyD;YACzD,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9B,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAChC,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAC7B,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC7D,MAAM,YAAY,GAAG,SAAS,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClF,MAAM,GAAG,GAAG,iBAAiB,CAAC;gBAC5B,OAAO,EAAE,EAAE,aAAa,EAAE,YAAY,EAAE;aACzC,CAAC,CAAC;YAEH,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,SAAS,GAAG,SAAS,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnF,MAAM,GAAG,GAAG,iBAAiB,CAAC;gBAC5B,OAAO,EAAE,EAAE,aAAa,EAAE,SAAS,EAAE;aACtC,CAAC,CAAC;YAEH,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;YAC9D,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;YAChC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,MAAM,GAAG,GAAG,iBAAiB,CAAC;gBAC5B,OAAO,EAAE,EAAE,aAAa,EAAE,mBAAmB,EAAE;aAChD,CAAC,CAAC;YACH,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE;QACvB,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;YAC5D,MAAM,YAAY,GAAG,SAAS,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClF,MAAM,GAAG,GAAG,iBAAiB,CAAC;gBAC5B,OAAO,EAAE,EAAE,aAAa,EAAE,YAAY,EAAE;aACzC,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;YACzD,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACzC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YAC5C,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACjC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;YAC9D,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;YAChC,MAAM,CAAC,MAAM,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACjE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;QACxB,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,YAAY,GAAG,SAAS,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClF,MAAM,GAAG,GAAG,iBAAiB,CAAC;gBAC5B,OAAO,EAAE,EAAE,aAAa,EAAE,YAAY,EAAE;aACzC,CAAC,CAAC;YAEH,MAAM,CAAC,OAAO,CAAC,QAAS,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,MAAM,YAAY,GAAG,SAAS,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClF,MAAM,GAAG,GAAG,iBAAiB,CAAC;gBAC5B,OAAO,EAAE,EAAE,aAAa,EAAE,YAAY,EAAE;aACzC,CAAC,CAAC;YAEH,MAAM,CAAC,OAAO,CAAC,QAAS,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,kBAAkB,EAAE,CAAC;YAEjC,OAAO,CAAC,cAAe,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAElC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,oBAAoB,CAAC,kBAAkB,EAAE,0BAA0B,CAAC,CAAC;YAC3F,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;YAC7C,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC;gBACpC,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,0BAA0B;aACpC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,gEAAgE;IAChE,2CAA2C;IAE3C,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAEpD,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,WAAW,EAAE,CAAC;QAClD,MAAM,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;QACjD,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC,WAAW,EAAE,CAAC;QACtD,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC;QAChD,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7C,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9C,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC;IAClD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/plugins/auth/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Auth Plugin Index
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+export { createAuthPlugin, isAuthenticated, getAuthenticatedUser, getAccessToken, requireAuth, requireRoles, requireAnyRole, } from './auth-plugin.js';
+export type { AuthPluginConfig, AuthAdapter, AuthenticatedUser, AuthenticatedRequest, Auth0AdapterConfig, SupabaseAdapterConfig, BasicAdapterConfig, } from './types.js';
+export { isAuthenticatedRequest } from './types.js';
+export { auth0Adapter } from './adapters/auth0-adapter.js';
+export { basicAdapter } from './adapters/basic-adapter.js';
+export { supabaseAdapter } from './adapters/supabase-adapter.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/plugins/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/auth/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,oBAAoB,EACpB,cAAc,EACd,WAAW,EACX,YAAY,EACZ,cAAc,GACf,MAAM,kBAAkB,CAAC;AAG1B,YAAY,EACV,gBAAgB,EAChB,WAAW,EACX,iBAAiB,EACjB,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAGpD,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC"}

package/dist/plugins/auth/index.js

@@ -0,0 +1,13 @@
+/**
+ * Auth Plugin Index
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+// Main plugin
+export { createAuthPlugin, isAuthenticated, getAuthenticatedUser, getAccessToken, requireAuth, requireRoles, requireAnyRole, } from './auth-plugin.js';
+export { isAuthenticatedRequest } from './types.js';
+// Adapters
+export { auth0Adapter } from './adapters/auth0-adapter.js';
+export { basicAdapter } from './adapters/basic-adapter.js';
+export { supabaseAdapter } from './adapters/supabase-adapter.js';
+//# sourceMappingURL=index.js.map

package/dist/plugins/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/auth/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc;AACd,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,oBAAoB,EACpB,cAAc,EACd,WAAW,EACX,YAAY,EACZ,cAAc,GACf,MAAM,kBAAkB,CAAC;AAY1B,OAAO,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAEpD,WAAW;AACX,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC"}

package/dist/plugins/auth/types.d.ts

@@ -0,0 +1,148 @@
+/**
+ * Auth Plugin Types
+ *
+ * Type definitions for the pluggable authentication system.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+import type { Request, Response, RequestHandler } from 'express';
+/**
+ * Authenticated user information
+ */
+export interface AuthenticatedUser {
+    /** Unique user ID from the provider */
+    id: string;
+    /** User's email address */
+    email: string;
+    /** User's display name */
+    name?: string;
+    /** User's profile picture URL */
+    picture?: string;
+    /** Whether the email is verified */
+    emailVerified?: boolean;
+    /** User's roles from the provider */
+    roles?: string[];
+    /** Raw user object from the provider */
+    raw?: Record<string, unknown>;
+}
+/**
+ * Auth adapter interface - all adapters must implement this
+ */
+export interface AuthAdapter {
+    /** Adapter name (e.g., 'auth0', 'supabase', 'basic') */
+    name: string;
+    /**
+     * Initialize the adapter - called once during plugin setup
+     * Returns middleware to apply to the Express app
+     */
+    initialize(): RequestHandler | RequestHandler[];
+    /**
+     * Check if the request is authenticated
+     */
+    isAuthenticated(req: Request): boolean;
+    /**
+     * Get the authenticated user from the request
+     * Can be async for adapters that need to validate tokens
+     */
+    getUser(req: Request): AuthenticatedUser | null | Promise<AuthenticatedUser | null>;
+    /**
+     * Check if user has required roles (optional)
+     */
+    hasRoles?(req: Request, roles: string[]): boolean;
+    /**
+     * Get the access token for downstream API calls (optional)
+     */
+    getAccessToken?(req: Request): string | null;
+    /**
+     * Handler for unauthorized requests (optional custom behavior)
+     */
+    onUnauthorized?(req: Request, res: Response): void;
+    /**
+     * Cleanup resources on shutdown (optional)
+     */
+    shutdown?(): Promise<void>;
+}
+/**
+ * Auth0 adapter configuration
+ */
+export interface Auth0AdapterConfig {
+    /** Auth0 domain (e.g., 'myapp.auth0.com') */
+    domain: string;
+    /** Auth0 client ID */
+    clientId: string;
+    /** Auth0 client secret */
+    clientSecret: string;
+    /** Base URL of the application */
+    baseUrl: string;
+    /** Session secret for cookie encryption */
+    secret: string;
+    /** API audience for access tokens (optional) */
+    audience?: string;
+    /** Scopes to request (default: ['openid', 'profile', 'email']) */
+    scopes?: string[];
+    /** Allowed roles - only these roles can access (optional) */
+    allowedRoles?: string[];
+    /** Allowed email domains - only these domains can access (optional) */
+    allowedDomains?: string[];
+    /** Whether to expose the access token to handlers (default: false) */
+    exposeAccessToken?: boolean;
+    /** Auth routes configuration */
+    routes?: {
+        login?: string;
+        logout?: string;
+        callback?: string;
+    };
+}
+/**
+ * Supabase adapter configuration
+ */
+export interface SupabaseAdapterConfig {
+    /** Supabase project URL */
+    url: string;
+    /** Supabase anon key */
+    anonKey: string;
+}
+/**
+ * Basic auth adapter configuration
+ */
+export interface BasicAdapterConfig {
+    /** Username for basic auth */
+    username: string;
+    /** Password for basic auth */
+    password: string;
+    /** Realm name for the WWW-Authenticate header */
+    realm?: string;
+}
+/**
+ * Auth plugin configuration
+ */
+export interface AuthPluginConfig {
+    /** Primary adapter for authentication */
+    adapter: AuthAdapter;
+    /** Fallback adapters checked in order if primary fails (optional) */
+    fallback?: AuthAdapter[];
+    /** Paths to exclude from authentication */
+    excludePaths?: string[];
+    /** Whether auth is required for all routes (default: true) */
+    authRequired?: boolean;
+    /** Custom unauthorized handler */
+    onUnauthorized?: (req: Request, res: Response) => void;
+    /** Enable debug logging */
+    debug?: boolean;
+}
+/**
+ * Extended Express Request with auth info
+ */
+export interface AuthenticatedRequest extends Request {
+    auth: {
+        isAuthenticated: boolean;
+        user: AuthenticatedUser | null;
+        adapter: string;
+        accessToken?: string;
+    };
+}
+/**
+ * Helper type guard for authenticated requests
+ */
+export declare function isAuthenticatedRequest(req: Request): req is AuthenticatedRequest;
+//# sourceMappingURL=types.d.ts.map

package/dist/plugins/auth/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/plugins/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAgB,cAAc,EAAE,MAAM,SAAS,CAAC;AAE/E;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,uCAAuC;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,2BAA2B;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,0BAA0B;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oCAAoC;IACpC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,qCAAqC;IACrC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,wCAAwC;IACxC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,wDAAwD;IACxD,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,UAAU,IAAI,cAAc,GAAG,cAAc,EAAE,CAAC;IAEhD;;OAEG;IACH,eAAe,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC;IAEvC;;;OAGG;IACH,OAAO,CAAC,GAAG,EAAE,OAAO,GAAG,iBAAiB,GAAG,IAAI,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC;IAEpF;;OAEG;IACH,QAAQ,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAElD;;OAEG;IACH,cAAc,CAAC,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC;IAE7C;;OAEG;IACH,cAAc,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,IAAI,CAAC;IAEnD;;OAEG;IACH,QAAQ,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,6CAA6C;IAC7C,MAAM,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,0BAA0B;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,2CAA2C;IAC3C,MAAM,EAAE,MAAM,CAAC;IACf,gDAAgD;IAChD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kEAAkE;IAClE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,6DAA6D;IAC7D,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,uEAAuE;IACvE,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,sEAAsE;IACtE,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,gCAAgC;IAChC,MAAM,CAAC,EAAE;QACP,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,2BAA2B;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,wBAAwB;IACxB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,iDAAiD;IACjD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,yCAAyC;IACzC,OAAO,EAAE,WAAW,CAAC;IACrB,qEAAqE;IACrE,QAAQ,CAAC,EAAE,WAAW,EAAE,CAAC;IACzB,2CAA2C;IAC3C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,8DAA8D;IAC9D,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,kCAAkC;IAClC,cAAc,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,KAAK,IAAI,CAAC;IACvD,2BAA2B;IAC3B,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAqB,SAAQ,OAAO;IACnD,IAAI,EAAE;QACJ,eAAe,EAAE,OAAO,CAAC;QACzB,IAAI,EAAE,iBAAiB,GAAG,IAAI,CAAC;QAC/B,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,oBAAoB,CAEhF"}

package/dist/plugins/auth/types.js

@@ -0,0 +1,14 @@
+/**
+ * Auth Plugin Types
+ *
+ * Type definitions for the pluggable authentication system.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+/**
+ * Helper type guard for authenticated requests
+ */
+export function isAuthenticatedRequest(req) {
+    return 'auth' in req && req.auth?.isAuthenticated === true;
+}
+//# sourceMappingURL=types.js.map

package/dist/plugins/auth/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/plugins/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAyJH;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAY;IACjD,OAAO,MAAM,IAAI,GAAG,IAAK,GAA4B,CAAC,IAAI,EAAE,eAAe,KAAK,IAAI,CAAC;AACvF,CAAC"}