@qwickapps/server 1.2.0 → 1.3.0

package/dist/plugins/auth/adapters/auth0-adapter.js

@@ -0,0 +1,179 @@
+/**
+ * Auth0 Adapter
+ *
+ * Provides Auth0 authentication using express-openid-connect.
+ * Enhanced with RBAC support, domain whitelisting, and token exposure.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+/**
+ * Extract user roles from Auth0 claims
+ */
+function extractUserRoles(req, domain) {
+    const oidc = req.oidc;
+    const user = oidc?.user;
+    if (!user)
+        return [];
+    // Check various common locations for roles
+    const roles = [];
+    // Standard RBAC claim
+    if (Array.isArray(user['https://roles'])) {
+        roles.push(...user['https://roles']);
+    }
+    // Namespaced roles (common pattern)
+    const namespace = domain ? `https://${domain}/` : '';
+    if (namespace && Array.isArray(user[`${namespace}roles`])) {
+        roles.push(...user[`${namespace}roles`]);
+    }
+    // Auth0 authorization extension
+    if (Array.isArray(user.roles)) {
+        roles.push(...user.roles);
+    }
+    // Custom claims
+    if (Array.isArray(user['custom:roles'])) {
+        roles.push(...user['custom:roles']);
+    }
+    return [...new Set(roles)]; // Deduplicate
+}
+/**
+ * Create an Auth0 authentication adapter
+ */
+export function auth0Adapter(config) {
+    let authMiddleware = null;
+    let initializationError = null;
+    const adapter = {
+        name: 'auth0',
+        initialize() {
+            // Return a middleware that lazily initializes Auth0
+            return async (req, res, next) => {
+                // Skip if already initialized with error
+                if (initializationError) {
+                    return res.status(500).json({
+                        error: 'Auth Configuration Error',
+                        message: 'Auth0 is not properly configured.',
+                    });
+                }
+                // Lazy initialize the Auth0 middleware
+                if (!authMiddleware) {
+                    try {
+                        const { auth } = await import('express-openid-connect');
+                        const authConfig = {
+                            authRequired: false, // We handle auth requirement ourselves
+                            auth0Logout: true,
+                            secret: config.secret,
+                            baseURL: config.baseUrl,
+                            clientID: config.clientId,
+                            issuerBaseURL: `https://${config.domain}`,
+                            clientSecret: config.clientSecret,
+                            idpLogout: true,
+                            routes: {
+                                login: config.routes?.login || '/login',
+                                logout: config.routes?.logout || '/logout',
+                                callback: config.routes?.callback || '/callback',
+                            },
+                        };
+                        // Add audience if specified (for API access tokens)
+                        if (config.audience) {
+                            authConfig.authorizationParams = {
+                                audience: config.audience,
+                                scope: (config.scopes || ['openid', 'profile', 'email']).join(' '),
+                            };
+                        }
+                        // Enable access token fetching if needed
+                        if (config.exposeAccessToken && config.audience) {
+                            authConfig.afterCallback = (_req, _res, session) => {
+                                // Access token is automatically stored in session
+                                return session;
+                            };
+                        }
+                        authMiddleware = auth(authConfig);
+                    }
+                    catch (error) {
+                        initializationError =
+                            error instanceof Error ? error : new Error('Failed to initialize Auth0');
+                        console.error('[Auth0Adapter] Initialization error:', error);
+                        return res.status(500).json({
+                            error: 'Auth Configuration Error',
+                            message: 'Auth0 is not properly configured. Install express-openid-connect package.',
+                        });
+                    }
+                }
+                // Apply the Auth0 middleware
+                authMiddleware(req, res, next);
+            };
+        },
+        isAuthenticated(req) {
+            const oidc = req.oidc;
+            if (!oidc?.isAuthenticated()) {
+                return false;
+            }
+            // Check domain whitelist if configured
+            if (config.allowedDomains && config.allowedDomains.length > 0) {
+                const email = oidc.user?.email;
+                if (!email)
+                    return false;
+                const domain = email.split('@')[1];
+                if (!config.allowedDomains.includes(domain) && !config.allowedDomains.includes(`@${domain}`)) {
+                    return false;
+                }
+            }
+            // Check role whitelist if configured
+            if (config.allowedRoles && config.allowedRoles.length > 0) {
+                const userRoles = extractUserRoles(req, config.domain);
+                const hasRole = config.allowedRoles.some((role) => userRoles.includes(role));
+                if (!hasRole) {
+                    return false;
+                }
+            }
+            return true;
+        },
+        getUser(req) {
+            const oidc = req.oidc;
+            if (!adapter.isAuthenticated(req)) {
+                return null;
+            }
+            const user = oidc.user;
+            if (!user)
+                return null;
+            return {
+                id: user.sub,
+                email: user.email,
+                name: user.name || user.nickname,
+                picture: user.picture,
+                emailVerified: user.email_verified,
+                roles: extractUserRoles(req, config.domain),
+                raw: user,
+            };
+        },
+        hasRoles(req, roles) {
+            const userRoles = extractUserRoles(req, config.domain);
+            return roles.every((role) => userRoles.includes(role));
+        },
+        getAccessToken(req) {
+            if (!config.exposeAccessToken) {
+                return null;
+            }
+            const oidc = req.oidc;
+            return oidc?.accessToken?.access_token || null;
+        },
+        onUnauthorized(req, res) {
+            // Check if it's an API request
+            const isApiRequest = req.headers.accept?.includes('application/json') || req.path.startsWith('/api/');
+            if (isApiRequest) {
+                res.status(401).json({
+                    error: 'Unauthorized',
+                    message: 'Authentication required',
+                    loginUrl: config.routes?.login || '/login',
+                });
+            }
+            else {
+                // Redirect to login for browser requests
+                const loginPath = config.routes?.login || '/login';
+                const returnTo = encodeURIComponent(req.originalUrl);
+                res.redirect(`${loginPath}?returnTo=${returnTo}`);
+            }
+        },
+    };
+    return adapter;
+}
+//# sourceMappingURL=auth0-adapter.js.map

package/dist/plugins/auth/adapters/auth0-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth0-adapter.js","sourceRoot":"","sources":["../../../../src/plugins/auth/adapters/auth0-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH;;GAEG;AACH,SAAS,gBAAgB,CAAC,GAAY,EAAE,MAAc;IACpD,MAAM,IAAI,GAAI,GAAW,CAAC,IAAI,CAAC;IAC/B,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,CAAC;IAExB,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IAErB,2CAA2C;IAC3C,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,sBAAsB;IACtB,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC;QACzC,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,oCAAoC;IACpC,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,WAAW,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACrD,IAAI,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,SAAS,OAAO,CAAC,CAAC,EAAE,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,SAAS,OAAO,CAAC,CAAC,CAAC;IAC3C,CAAC;IAED,gCAAgC;IAChC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC;IAED,gBAAgB;IAChB,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,cAAc;AAC5C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,MAA0B;IACrD,IAAI,cAAc,GAA0B,IAAI,CAAC;IACjD,IAAI,mBAAmB,GAAiB,IAAI,CAAC;IAE7C,MAAM,OAAO,GAAgB;QAC3B,IAAI,EAAE,OAAO;QAEb,UAAU;YACR,oDAAoD;YACpD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAI,EAAE,EAAE;gBACjD,yCAAyC;gBACzC,IAAI,mBAAmB,EAAE,CAAC;oBACxB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBAC1B,KAAK,EAAE,0BAA0B;wBACjC,OAAO,EAAE,mCAAmC;qBAC7C,CAAC,CAAC;gBACL,CAAC;gBAED,uCAAuC;gBACvC,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpB,IAAI,CAAC;wBACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;wBAExD,MAAM,UAAU,GAA4B;4BAC1C,YAAY,EAAE,KAAK,EAAE,uCAAuC;4BAC5D,WAAW,EAAE,IAAI;4BACjB,MAAM,EAAE,MAAM,CAAC,MAAM;4BACrB,OAAO,EAAE,MAAM,CAAC,OAAO;4BACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;4BACzB,aAAa,EAAE,WAAW,MAAM,CAAC,MAAM,EAAE;4BACzC,YAAY,EAAE,MAAM,CAAC,YAAY;4BACjC,SAAS,EAAE,IAAI;4BACf,MAAM,EAAE;gCACN,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,IAAI,QAAQ;gCACvC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS;gCAC1C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,IAAI,WAAW;6BACjD;yBACF,CAAC;wBAEF,oDAAoD;wBACpD,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;4BACpB,UAAU,CAAC,mBAAmB,GAAG;gCAC/B,QAAQ,EAAE,MAAM,CAAC,QAAQ;gCACzB,KAAK,EAAE,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;6BACnE,CAAC;wBACJ,CAAC;wBAED,yCAAyC;wBACzC,IAAI,MAAM,CAAC,iBAAiB,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;4BAChD,UAAU,CAAC,aAAa,GAAG,CACzB,IAAa,EACb,IAAc,EACd,OAAgC,EAChC,EAAE;gCACF,kDAAkD;gCAClD,OAAO,OAAO,CAAC;4BACjB,CAAC,CAAC;wBACJ,CAAC;wBAED,cAAc,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;oBACpC,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,mBAAmB;4BACjB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;wBAC3E,OAAO,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;wBAC7D,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;4BAC1B,KAAK,EAAE,0BAA0B;4BACjC,OAAO,EACL,2EAA2E;yBAC9E,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,6BAA6B;gBAC7B,cAAe,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAClC,CAAC,CAAC;QACJ,CAAC;QAED,eAAe,CAAC,GAAY;YAC1B,MAAM,IAAI,GAAI,GAAW,CAAC,IAAI,CAAC;YAC/B,IAAI,CAAC,IAAI,EAAE,eAAe,EAAE,EAAE,CAAC;gBAC7B,OAAO,KAAK,CAAC;YACf,CAAC;YAED,uCAAuC;YACvC,IAAI,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC;gBAC/B,IAAI,CAAC,KAAK;oBAAE,OAAO,KAAK,CAAC;gBAEzB,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACnC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC,EAAE,CAAC;oBAC7F,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YAED,qCAAqC;YACrC,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1D,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;gBACvD,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC7E,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,CAAC,GAAY;YAClB,MAAM,IAAI,GAAI,GAAW,CAAC,IAAI,CAAC;YAE/B,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;gBAClC,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAI,CAAC;YAEvB,OAAO;gBACL,EAAE,EAAE,IAAI,CAAC,GAAG;gBACZ,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ;gBAChC,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,aAAa,EAAE,IAAI,CAAC,cAAc;gBAClC,KAAK,EAAE,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC;gBAC3C,GAAG,EAAE,IAAI;aACV,CAAC;QACJ,CAAC;QAED,QAAQ,CAAC,GAAY,EAAE,KAAe;YACpC,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;YACvD,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QACzD,CAAC;QAED,cAAc,CAAC,GAAY;YACzB,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;gBAC9B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,IAAI,GAAI,GAAW,CAAC,IAAI,CAAC;YAC/B,OAAO,IAAI,EAAE,WAAW,EAAE,YAAY,IAAI,IAAI,CAAC;QACjD,CAAC;QAED,cAAc,CAAC,GAAY,EAAE,GAAa;YACxC,+BAA+B;YAC/B,MAAM,YAAY,GAChB,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAEnF,IAAI,YAAY,EAAE,CAAC;gBACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,cAAc;oBACrB,OAAO,EAAE,yBAAyB;oBAClC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,IAAI,QAAQ;iBAC3C,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,yCAAyC;gBACzC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,IAAI,QAAQ,CAAC;gBACnD,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACrD,GAAG,CAAC,QAAQ,CAAC,GAAG,SAAS,aAAa,QAAQ,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;KACF,CAAC;IAEF,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/plugins/auth/adapters/basic-adapter.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Basic Auth Adapter
+ *
+ * Provides HTTP Basic authentication for simple use cases.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+import type { AuthAdapter, BasicAdapterConfig } from '../types.js';
+/**
+ * Create a Basic authentication adapter
+ */
+export declare function basicAdapter(config: BasicAdapterConfig): AuthAdapter;
+//# sourceMappingURL=basic-adapter.d.ts.map

package/dist/plugins/auth/adapters/basic-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"basic-adapter.d.ts","sourceRoot":"","sources":["../../../../src/plugins/auth/adapters/basic-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAqB,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEtF;;GAEG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,kBAAkB,GAAG,WAAW,CA8CpE"}

package/dist/plugins/auth/adapters/basic-adapter.js

@@ -0,0 +1,51 @@
+/**
+ * Basic Auth Adapter
+ *
+ * Provides HTTP Basic authentication for simple use cases.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+/**
+ * Create a Basic authentication adapter
+ */
+export function basicAdapter(config) {
+    const expectedAuth = `Basic ${Buffer.from(`${config.username}:${config.password}`).toString('base64')}`;
+    const realm = config.realm || 'Protected';
+    // Create a static user for basic auth
+    const staticUser = {
+        id: 'basic-auth-user',
+        email: `${config.username}@localhost`,
+        name: config.username,
+        roles: ['admin'], // Basic auth users typically have full access
+    };
+    return {
+        name: 'basic',
+        initialize() {
+            // Basic auth doesn't need initialization middleware
+            // Just return a pass-through middleware
+            return (_req, _res, next) => next();
+        },
+        isAuthenticated(req) {
+            const authHeader = req.headers.authorization;
+            return authHeader === expectedAuth;
+        },
+        getUser(req) {
+            if (!this.isAuthenticated(req)) {
+                return null;
+            }
+            return staticUser;
+        },
+        hasRoles(_req, roles) {
+            // Basic auth user has 'admin' role
+            return roles.every((role) => staticUser.roles?.includes(role));
+        },
+        onUnauthorized(_req, res) {
+            res.setHeader('WWW-Authenticate', `Basic realm="${realm}"`);
+            res.status(401).json({
+                error: 'Unauthorized',
+                message: 'Authentication required.',
+            });
+        },
+    };
+}
+//# sourceMappingURL=basic-adapter.js.map

package/dist/plugins/auth/adapters/basic-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"basic-adapter.js","sourceRoot":"","sources":["../../../../src/plugins/auth/adapters/basic-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,MAA0B;IACrD,MAAM,YAAY,GAAG,SAAS,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;IACxG,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,WAAW,CAAC;IAE1C,sCAAsC;IACtC,MAAM,UAAU,GAAsB;QACpC,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,GAAG,MAAM,CAAC,QAAQ,YAAY;QACrC,IAAI,EAAE,MAAM,CAAC,QAAQ;QACrB,KAAK,EAAE,CAAC,OAAO,CAAC,EAAE,8CAA8C;KACjE,CAAC;IAEF,OAAO;QACL,IAAI,EAAE,OAAO;QAEb,UAAU;YACR,oDAAoD;YACpD,wCAAwC;YACxC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC;QAED,eAAe,CAAC,GAAY;YAC1B,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;YAC7C,OAAO,UAAU,KAAK,YAAY,CAAC;QACrC,CAAC;QAED,OAAO,CAAC,GAAY;YAClB,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,QAAQ,CAAC,IAAa,EAAE,KAAe;YACrC,mCAAmC;YACnC,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QACjE,CAAC;QAED,cAAc,CAAC,IAAa,EAAE,GAAa;YACzC,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,gBAAgB,KAAK,GAAG,CAAC,CAAC;YAC5D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,0BAA0B;aACpC,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/plugins/auth/adapters/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Auth Adapters Index
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+export { auth0Adapter } from './auth0-adapter.js';
+export { basicAdapter } from './basic-adapter.js';
+export { supabaseAdapter } from './supabase-adapter.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/plugins/auth/adapters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/plugins/auth/adapters/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/plugins/auth/adapters/index.js

@@ -0,0 +1,9 @@
+/**
+ * Auth Adapters Index
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+export { auth0Adapter } from './auth0-adapter.js';
+export { basicAdapter } from './basic-adapter.js';
+export { supabaseAdapter } from './supabase-adapter.js';
+//# sourceMappingURL=index.js.map

package/dist/plugins/auth/adapters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/auth/adapters/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/plugins/auth/adapters/supabase-adapter.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Supabase Auth Adapter
+ *
+ * Provides Supabase authentication using JWT validation.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+import type { AuthAdapter, SupabaseAdapterConfig } from '../types.js';
+/**
+ * Create a Supabase authentication adapter
+ */
+export declare function supabaseAdapter(config: SupabaseAdapterConfig): AuthAdapter;
+//# sourceMappingURL=supabase-adapter.d.ts.map

package/dist/plugins/auth/adapters/supabase-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"supabase-adapter.d.ts","sourceRoot":"","sources":["../../../../src/plugins/auth/adapters/supabase-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAqB,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEzF;;GAEG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,qBAAqB,GAAG,WAAW,CA8H1E"}

package/dist/plugins/auth/adapters/supabase-adapter.js

@@ -0,0 +1,109 @@
+/**
+ * Supabase Auth Adapter
+ *
+ * Provides Supabase authentication using JWT validation.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+/**
+ * Create a Supabase authentication adapter
+ */
+export function supabaseAdapter(config) {
+    // Cache for validated users (short TTL to avoid stale data)
+    const userCache = new Map();
+    const CACHE_TTL = 60 * 1000; // 1 minute
+    return {
+        name: 'supabase',
+        initialize() {
+            // Supabase validation happens per-request, no initialization needed
+            return (_req, _res, next) => next();
+        },
+        isAuthenticated(req) {
+            // Check if we already validated this request
+            if (req._supabaseUser) {
+                return true;
+            }
+            const authHeader = req.headers.authorization;
+            return !!authHeader && authHeader.startsWith('Bearer ');
+        },
+        async getUser(req) {
+            // Return cached user if available
+            if (req._supabaseUser) {
+                return req._supabaseUser;
+            }
+            const authHeader = req.headers.authorization;
+            if (!authHeader || !authHeader.startsWith('Bearer ')) {
+                return null;
+            }
+            const token = authHeader.substring(7);
+            // Check token cache
+            const cached = userCache.get(token);
+            if (cached && cached.expires > Date.now()) {
+                req._supabaseUser = cached.user;
+                return cached.user;
+            }
+            try {
+                // Validate the JWT with Supabase
+                const response = await fetch(`${config.url}/auth/v1/user`, {
+                    headers: {
+                        Authorization: `Bearer ${token}`,
+                        apikey: config.anonKey,
+                    },
+                });
+                if (!response.ok) {
+                    return null;
+                }
+                const supabaseUser = (await response.json());
+                const user = {
+                    id: supabaseUser.id,
+                    email: supabaseUser.email,
+                    name: supabaseUser.user_metadata?.full_name || supabaseUser.user_metadata?.name,
+                    picture: supabaseUser.user_metadata?.avatar_url,
+                    emailVerified: !!supabaseUser.email_confirmed_at,
+                    roles: supabaseUser.app_metadata?.roles || [],
+                    raw: supabaseUser,
+                };
+                // Cache the validated user
+                userCache.set(token, { user, expires: Date.now() + CACHE_TTL });
+                req._supabaseUser = user;
+                // Cleanup old cache entries periodically
+                if (userCache.size > 1000) {
+                    const now = Date.now();
+                    for (const [key, value] of userCache) {
+                        if (value.expires < now) {
+                            userCache.delete(key);
+                        }
+                    }
+                }
+                return user;
+            }
+            catch (error) {
+                console.error('[SupabaseAdapter] Token validation error:', error);
+                return null;
+            }
+        },
+        hasRoles(req, roles) {
+            const user = req._supabaseUser;
+            if (!user?.roles)
+                return false;
+            return roles.every((role) => user.roles?.includes(role));
+        },
+        getAccessToken(req) {
+            const authHeader = req.headers.authorization;
+            if (!authHeader || !authHeader.startsWith('Bearer ')) {
+                return null;
+            }
+            return authHeader.substring(7);
+        },
+        onUnauthorized(_req, res) {
+            res.status(401).json({
+                error: 'Unauthorized',
+                message: 'Missing or invalid authorization header. Expected: Bearer <token>',
+            });
+        },
+        async shutdown() {
+            userCache.clear();
+        },
+    };
+}
+//# sourceMappingURL=supabase-adapter.js.map

package/dist/plugins/auth/adapters/supabase-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"supabase-adapter.js","sourceRoot":"","sources":["../../../../src/plugins/auth/adapters/supabase-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,MAA6B;IAC3D,4DAA4D;IAC5D,MAAM,SAAS,GAAG,IAAI,GAAG,EAAwD,CAAC;IAClF,MAAM,SAAS,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW;IAExC,OAAO;QACL,IAAI,EAAE,UAAU;QAEhB,UAAU;YACR,oEAAoE;YACpE,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC;QAED,eAAe,CAAC,GAAY;YAC1B,6CAA6C;YAC7C,IAAK,GAAW,CAAC,aAAa,EAAE,CAAC;gBAC/B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;YAC7C,OAAO,CAAC,CAAC,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC1D,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,GAAY;YACxB,kCAAkC;YAClC,IAAK,GAAW,CAAC,aAAa,EAAE,CAAC;gBAC/B,OAAQ,GAAW,CAAC,aAAa,CAAC;YACpC,CAAC;YAED,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;YAC7C,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;YAEtC,oBAAoB;YACpB,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpC,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBACzC,GAAW,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC;gBACzC,OAAO,MAAM,CAAC,IAAI,CAAC;YACrB,CAAC;YAED,IAAI,CAAC;gBACH,iCAAiC;gBACjC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,CAAC,GAAG,eAAe,EAAE;oBACzD,OAAO,EAAE;wBACP,aAAa,EAAE,UAAU,KAAK,EAAE;wBAChC,MAAM,EAAE,MAAM,CAAC,OAAO;qBACvB;iBACF,CAAC,CAAC;gBAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,YAAY,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAY1C,CAAC;gBAEF,MAAM,IAAI,GAAsB;oBAC9B,EAAE,EAAE,YAAY,CAAC,EAAE;oBACnB,KAAK,EAAE,YAAY,CAAC,KAAK;oBACzB,IAAI,EAAE,YAAY,CAAC,aAAa,EAAE,SAAS,IAAI,YAAY,CAAC,aAAa,EAAE,IAAI;oBAC/E,OAAO,EAAE,YAAY,CAAC,aAAa,EAAE,UAAU;oBAC/C,aAAa,EAAE,CAAC,CAAC,YAAY,CAAC,kBAAkB;oBAChD,KAAK,EAAE,YAAY,CAAC,YAAY,EAAE,KAAK,IAAI,EAAE;oBAC7C,GAAG,EAAE,YAAY;iBAClB,CAAC;gBAEF,2BAA2B;gBAC3B,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,EAAE,CAAC,CAAC;gBAC/D,GAAW,CAAC,aAAa,GAAG,IAAI,CAAC;gBAElC,yCAAyC;gBACzC,IAAI,SAAS,CAAC,IAAI,GAAG,IAAI,EAAE,CAAC;oBAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;oBACvB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,SAAS,EAAE,CAAC;wBACrC,IAAI,KAAK,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC;4BACxB,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;wBACxB,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;gBAClE,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,QAAQ,CAAC,GAAY,EAAE,KAAe;YACpC,MAAM,IAAI,GAAI,GAAW,CAAC,aAA8C,CAAC;YACzE,IAAI,CAAC,IAAI,EAAE,KAAK;gBAAE,OAAO,KAAK,CAAC;YAC/B,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3D,CAAC;QAED,cAAc,CAAC,GAAY;YACzB,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;YAC7C,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACjC,CAAC;QAED,cAAc,CAAC,IAAa,EAAE,GAAa;YACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,mEAAmE;aAC7E,CAAC,CAAC;QACL,CAAC;QAED,KAAK,CAAC,QAAQ;YACZ,SAAS,CAAC,KAAK,EAAE,CAAC;QACpB,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/plugins/auth/auth-plugin.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Auth Plugin
+ *
+ * Pluggable authentication plugin for @qwickapps/server.
+ * Supports multiple adapters (Auth0, Supabase, Basic) with fallback chain.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+import type { Request, RequestHandler } from 'express';
+import type { Plugin } from '../../core/plugin-registry.js';
+import type { AuthPluginConfig, AuthenticatedUser } from './types.js';
+/**
+ * Create the Auth plugin
+ */
+export declare function createAuthPlugin(config: AuthPluginConfig): Plugin;
+/**
+ * Check if the current request is authenticated
+ */
+export declare function isAuthenticated(req: Request): boolean;
+/**
+ * Get the authenticated user from the request
+ */
+export declare function getAuthenticatedUser(req: Request): AuthenticatedUser | null;
+/**
+ * Get the access token from the request
+ */
+export declare function getAccessToken(req: Request): string | null;
+/**
+ * Middleware to require authentication
+ */
+export declare function requireAuth(): RequestHandler;
+/**
+ * Middleware to require specific roles
+ */
+export declare function requireRoles(...roles: string[]): RequestHandler;
+/**
+ * Middleware to require any of the specified roles
+ */
+export declare function requireAnyRole(...roles: string[]): RequestHandler;
+//# sourceMappingURL=auth-plugin.d.ts.map

package/dist/plugins/auth/auth-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-plugin.d.ts","sourceRoot":"","sources":["../../../src/plugins/auth/auth-plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,OAAO,EAA0B,cAAc,EAAE,MAAM,SAAS,CAAC;AAC/E,OAAO,KAAK,EAAE,MAAM,EAAgC,MAAM,+BAA+B,CAAC;AAC1F,OAAO,KAAK,EACV,gBAAgB,EAEhB,iBAAiB,EAElB,MAAM,YAAY,CAAC;AAMpB;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,CAsLjE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAGrD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,OAAO,GAAG,iBAAiB,GAAG,IAAI,CAG3E;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAG1D;AAED;;GAEG;AACH,wBAAgB,WAAW,IAAI,cAAc,CAU5C;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,cAAc,CAuB/D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,cAAc,CAuBjE"}