@rapidd/core 2.1.0 → 2.1.2

package/.env.example

@@ -40,10 +40,10 @@ DB_USER_PASSWORD_FIELD=
 # Auto-detected from unique string fields; comma-separated (default: email)
 DB_USER_IDENTIFIER_FIELDS=
 # Comma-separated: bearer, basic, cookie, header (default: bearer)
-AUTH_STRATEGIES=bearer
-# Cookie name for cookie strategy (default: token)
+AUTH_METHODS=bearer
+# Cookie name for cookie auth method (default: token)
 AUTH_COOKIE_NAME=token
-# Header name for header strategy (default: X-Auth-Token)
+# Header name for header auth method (default: X-Auth-Token)
 AUTH_CUSTOM_HEADER=X-Auth-Token
 
 # ── API Settings ───────────────────────────────────────

package/README.md

@@ -4,6 +4,7 @@
 
 Code-first REST API framework for TypeScript. Database in, API out.
 
+[![npm](https://img.shields.io/npm/v/@rapidd/core?color=cb3837&logo=npm&logoColor=white)](https://www.npmjs.com/package/@rapidd/core)
 [![TypeScript](https://img.shields.io/badge/TypeScript-5.x-3178C6?logo=typescript&logoColor=white)](https://www.typescriptlang.org/)
 [![Fastify](https://img.shields.io/badge/Fastify-5.x-000000?logo=fastify&logoColor=white)](https://fastify.dev/)
 [![Prisma](https://img.shields.io/badge/Prisma-7.x-2D3748?logo=prisma&logoColor=white)](https://www.prisma.io/)
@@ -29,7 +30,9 @@ Rapidd generates a fully-featured REST API from your database schema — then ge
 ## Quick Start
 
 ```bash
-npm install @rapidd/build
+mkdir my-api && cd my-api
+npx rapidd create-project # scaffold project files
+npm install
 ```
 
 ```env
@@ -44,7 +47,7 @@ npm run dev               # http://localhost:3000
 
 Every table gets full CRUD endpoints. Auth is enabled automatically when a user table is detected. Every auto-detected value — auth fields, password hashing, JWT secrets, session store — is overridable via env vars. See [`.env.example`](.env.example) for the full list.
 
-> 📖 **[Getting Started guide →](https://github.com/MertDalbudak/rapidd/wiki/Getting-Started)** — full walkthrough with project structure
+> **[Getting Started guide](https://github.com/MertDalbudak/rapidd/wiki/Getting-Started)** — full walkthrough with project structure
 
 ---
 
@@ -56,7 +59,7 @@ Every table gets full CRUD endpoints. Auth is enabled automatically when a user
 | Query filtering (20+ operators) | ✓ | ✓ |
 | Relations & deep includes | ✓ | ✓ |
 | Field selection | ✓ | ✓ |
-| JWT authentication (4 strategies) | ✓ | ✓ |
+| JWT authentication (4 methods) | ✓ | ✓ |
 | Per-model ACL | ✓ | ✓ |
 | Row-Level Security (database-enforced) | ✓ | — |
 | Rate limiting (Redis + memory fallback) | ✓ | ✓ |
@@ -83,7 +86,7 @@ GET /api/v1/posts?sortBy=createdAt&sortOrder=desc&limit=10&offset=20
 
 20+ filter operators for strings, numbers, dates, arrays, nulls, and nested relation fields. Responses include pagination metadata with `total`, `count`, `limit`, `offset`, and `hasMore`.
 
-> 📖 **[Query API wiki →](https://github.com/MertDalbudak/rapidd/wiki/Query-API)** — all operators, composite PKs, relation filtering
+> **[Query API wiki](https://github.com/MertDalbudak/rapidd/wiki/Query-API)** — all operators, composite PKs, relation filtering
 
 ---
 
@@ -98,11 +101,24 @@ POST /auth/refresh        { "refreshToken": "..." }
 GET  /auth/me             Authorization: Bearer <token>
 ```
 
-Four strategies — **bearer** (default), **basic**, **cookie**, and **custom header** — configurable per-route. Multi-identifier login lets users authenticate with any unique field (email, username, phone) in a single endpoint.
+Four methods — **bearer** (default), **basic**, **cookie**, and **custom header** — configurable globally via `AUTH_METHODS` env var or per endpoint prefix in `config/app.json`:
 
-⚠️ **Production:** `JWT_SECRET` and `JWT_REFRESH_SECRET` must be set explicitly. The server refuses to start without them to prevent session invalidation on restart.
+```json
+{
+    "endpointAuthMethod": {
+        "/api/v1": ["basic", "bearer"],
+        "/api/v2": "bearer"
+    }
+}
+```
+
+Set `null` for the global default, a string for a single method, or an array for multiple. Route-level config takes highest priority, then prefix match, then global default.
+
+Multi-identifier login lets users authenticate with any unique field (email, username, phone) in a single endpoint.
 
-> 📖 **[Authentication wiki →](https://github.com/MertDalbudak/rapidd/wiki/Authentication)** — session stores, route protection, per-endpoint strategy overrides
+**Production:** `JWT_SECRET` and `JWT_REFRESH_SECRET` must be set explicitly. The server refuses to start without them to prevent session invalidation on restart.
+
+> **[Authentication wiki](https://github.com/MertDalbudak/rapidd/wiki/Authentication)** — session stores, route protection, per-endpoint method overrides
 
 ---
 
@@ -126,7 +142,7 @@ const acl: AclConfig = {
 
 Return `{}` for full access, a filter object to scope records, or `false` to deny.
 
-> 📖 **[Access Control wiki →](https://github.com/MertDalbudak/rapidd/wiki/Access-Control-(ACL))** — all 5 ACL methods, relation ACL, 404 vs 403 distinction
+> **[Access Control wiki](https://github.com/MertDalbudak/rapidd/wiki/Access-Control-(ACL))** — all 5 ACL methods, relation ACL, 404 vs 403 distinction
 
 ---
 
@@ -152,7 +168,7 @@ Model.middleware.use('before', 'delete', async (ctx) => {
 
 Supports `create`, `update`, `upsert`, `upsertMany`, `delete`, `get`, `getMany`, and `count`. Middleware can abort operations, modify data, and short-circuit with cached results.
 
-> 📖 **[Model Middleware wiki →](https://github.com/MertDalbudak/rapidd/wiki/Model-Middleware)** — all hooks, context object, patterns (soft delete, validation, caching)
+> **[Model Middleware wiki](https://github.com/MertDalbudak/rapidd/wiki/Model-Middleware)** — all hooks, context object, patterns (soft delete, validation, caching)
 
 ---
 
@@ -173,7 +189,7 @@ CREATE POLICY tenant_isolation ON orders
     USING (tenant_id = current_setting('app.current_tenant_id')::int);
 ```
 
-> 📖 **[Row-Level Security wiki →](https://github.com/MertDalbudak/rapidd/wiki/Row%E2%80%90Level-Security-(RLS))** — policy examples, RLS vs ACL comparison
+> **[Row-Level Security wiki](https://github.com/MertDalbudak/rapidd/wiki/Row%E2%80%90Level-Security-(RLS))** — policy examples, RLS vs ACL comparison
 
 ---
 
@@ -181,11 +197,11 @@ CREATE POLICY tenant_isolation ON orders
 
 | Utility | Description | Docs |
 |---------|-------------|------|
-| **ApiClient** | Config-driven HTTP client with Bearer, Basic, API Key, and OAuth2 auth. Automatic token caching, retries, and fluent builder. | [Wiki →](https://github.com/MertDalbudak/rapidd/wiki/ApiClient) |
-| **Mailer** | SMTP email with EJS template rendering, layout wrappers, i18n support, batch sending, and attachments. | [Wiki →](https://github.com/MertDalbudak/rapidd/wiki/Mailer) |
-| **File Uploads** | Multipart uploads with MIME validation, size limits, and type presets (`images`, `documents`, etc.). | [Wiki →](https://github.com/MertDalbudak/rapidd/wiki/File-Uploads) |
-| **Rate Limiting** | Redis-backed with automatic memory fallback. Per-path configuration via `config/rate-limit.json`. | [Wiki →](https://github.com/MertDalbudak/rapidd/wiki/Rate-Limiting) |
-| **i18n** | 10 languages included. Auto-detected from `Accept-Language` header. Parameter interpolation in error messages. | [Wiki →](https://github.com/MertDalbudak/rapidd/wiki/Internationalization-(i18n)) |
+| **ApiClient** | Config-driven HTTP client with Bearer, Basic, API Key, and OAuth2 auth. Automatic token caching, retries, and fluent builder. | [Wiki](https://github.com/MertDalbudak/rapidd/wiki/ApiClient) |
+| **Mailer** | SMTP email with EJS template rendering, layout wrappers, i18n support, batch sending, and attachments. | [Wiki](https://github.com/MertDalbudak/rapidd/wiki/Mailer) |
+| **File Uploads** | Multipart uploads with MIME validation, size limits, and type presets (`images`, `documents`, etc.). | [Wiki](https://github.com/MertDalbudak/rapidd/wiki/File-Uploads) |
+| **Rate Limiting** | Redis-backed with automatic memory fallback. Per-path configuration via `config/rate-limit.json`. | [Wiki](https://github.com/MertDalbudak/rapidd/wiki/Rate-Limiting) |
+| **i18n** | 10 languages included. Auto-detected from `Accept-Language` header. Parameter interpolation in error messages. | [Wiki](https://github.com/MertDalbudak/rapidd/wiki/Internationalization-(i18n)) |
 
 ---
 
@@ -203,12 +219,28 @@ TRUST_PROXY=true
 npm run build && npm start
 
 # or Docker
-docker build -t rapidd . && docker run -p 3000:3000 --env-file .env rapidd
+docker build -t my-api . && docker run -p 3000:3000 --env-file .env my-api
 ```
 
 **Security defaults in production:** HSTS, Content-Security-Policy, X-Content-Type-Options, Referrer-Policy, and CORS with explicit origin whitelisting — all enabled automatically.
 
-> 📖 **[Deployment wiki →](https://github.com/MertDalbudak/rapidd/wiki/Deployment-&-Production)** — Docker Compose, nginx reverse proxy, production checklist, horizontal scaling
+> **[Deployment wiki](https://github.com/MertDalbudak/rapidd/wiki/Deployment-&-Production)** — Docker Compose, nginx reverse proxy, production checklist, horizontal scaling
+
+---
+
+## Packages
+
+| Package | Description |
+|---------|-------------|
+| [`@rapidd/core`](https://www.npmjs.com/package/@rapidd/core) | Framework runtime, project scaffolding, and unified `npx rapidd` CLI |
+| [`@rapidd/build`](https://www.npmjs.com/package/@rapidd/build) | Code generation — models, routes, and ACL from your Prisma schema |
+
+All commands go through `npx rapidd`:
+
+```bash
+npx rapidd create-project   # scaffold a new project (@rapidd/core)
+npx rapidd build             # generate from schema  (@rapidd/build)
+```
 
 ---
 

package/bin/cli.js

@@ -2,20 +2,40 @@
 
 const fs = require('fs');
 const path = require('path');
+const { execFileSync } = require('child_process');
 
 const COMMANDS = { 'create-project': createProject };
 
 const args = process.argv.slice(2);
 const command = args[0];
 
-if (!command || !COMMANDS[command]) {
+if (!command) {
     console.log('Usage: npx rapidd <command>\n');
     console.log('Commands:');
     console.log('  create-project   Scaffold a new Rapidd project in the current directory');
-    process.exit(command ? 1 : 0);
+    console.log('  build            Generate models, routes & ACL from Prisma schema (@rapidd/build)');
+    process.exit(0);
 }
 
-COMMANDS[command](args.slice(1));
+if (COMMANDS[command]) {
+    COMMANDS[command](args.slice(1));
+} else if (command === 'build') {
+    // Proxy to @rapidd/build
+    try {
+        const buildBin = require.resolve('@rapidd/build/bin/cli.js');
+        execFileSync(process.execPath, [buildBin, ...args], { stdio: 'inherit' });
+    } catch (err) {
+        if (err.code === 'MODULE_NOT_FOUND') {
+            console.error('@rapidd/build is not installed.\n');
+            console.error('  npm install -D @rapidd/build');
+            process.exit(1);
+        }
+        process.exit(err.status ?? 1);
+    }
+} else {
+    console.error(`Unknown command: ${command}`);
+    process.exit(1);
+}
 
 function createProject() {
     const targetDir = process.cwd();

package/config/app.json

@@ -151,6 +151,9 @@
             "name": "Support Team"
         }
     },
+    "endpointAuthMethod": {
+        "/api/v1": null
+    },
     "languages": [
         "en_US",
         "es_ES",

package/main.ts

@@ -16,6 +16,12 @@ export async function start(): Promise<void> {
         await app.listen({ port, host });
         console.log(`[Rapidd] Server running at http://${host}:${port}`);
         console.log(`[Rapidd] Environment: ${getEnv('NODE_ENV')}`);
+
+        // Warn if running compiled build with development NODE_ENV
+        if (process.argv[1]?.includes('/dist/') && getEnv('NODE_ENV') === 'development') {
+            console.warn('[Rapidd] Warning: Running compiled build with NODE_ENV=development.');
+            console.warn('[Rapidd] Set NODE_ENV=production in your .env for production use.');
+        }
     } catch (err) {
         console.error('[Startup Error]', (err as Error).message);
         process.exit(1);

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "2.1.0",
+  "version": "2.1.2",
   "description": "Code-first REST API framework for TypeScript. Database in, API out.",
   "main": "dist/main.js",
   "bin": {
@@ -83,7 +83,7 @@
     "pg": "^8.16.3"
   },
   "devDependencies": {
-    "@rapidd/build": "^2.1.3",
+    "@rapidd/build": "^2.1.5",
     "@types/bcrypt": "^6.0.0",
     "@types/ejs": "^3.1.5",
     "@types/jest": "^30.0.0",

package/routes/api/v1/index.ts

@@ -1,12 +1,11 @@
 import { FastifyPluginAsync, FastifyRequest, FastifyReply } from 'fastify';
-import { Auth } from '../../../src/auth/Auth';
 import { ErrorResponse } from '../../../src/core/errors';
 
 /**
  * Auth routes — /register, /login, /logout, /refresh, /me
  */
 const rootRoutes: FastifyPluginAsync = async (fastify) => {
-    const auth = fastify.auth ?? new Auth();
+    const auth = fastify.auth;
 
     /**
      * POST /register

package/src/app.ts

@@ -22,6 +22,13 @@ import rlsPlugin from './plugins/rls';
 
 import type { RapiddOptions } from './types';
 
+// ─── BigInt Serialization ────────────────────────────
+// Prisma returns BigInt values that JSON.stringify cannot handle natively.
+// This polyfill converts them to strings during serialization.
+(BigInt.prototype as any).toJSON = function () {
+    return this.toString();
+};
+
 // ─── Path Setup ─────────────────────────────────────
 // Use process.cwd() as the project root — works from both source (tsx) and compiled (dist/) contexts.
 

package/src/auth/Auth.ts

@@ -5,7 +5,7 @@ import { authPrisma } from '../core/prisma';
 import { ErrorResponse } from '../core/errors';
 import { createStore, SessionStoreManager } from './stores';
 import { loadDMMF, findUserModel, findIdentifierFields, findPasswordField } from '../core/dmmf';
-import type { RapiddUser, AuthOptions, AuthStrategy, ISessionStore } from '../types';
+import type { RapiddUser, AuthOptions, AuthMethod, ISessionStore } from '../types';
 
 /**
  * Authentication class for user login, logout, and session management
@@ -26,7 +26,7 @@ import type { RapiddUser, AuthOptions, AuthStrategy, ISessionStore } from '../ty
 export class Auth {
     options: Required<Pick<AuthOptions, 'passwordField' | 'saltRounds'>> & AuthOptions & {
         identifierFields: string[];
-        strategies: AuthStrategy[];
+        methods: AuthMethod[];
         cookieName: string;
         customHeaderName: string;
         session: { ttl: number; store?: string };
@@ -68,8 +68,8 @@ export class Auth {
                 ...options.jwt,
             },
             saltRounds: options.saltRounds || parseInt(process.env.AUTH_SALT_ROUNDS || '10', 10),
-            strategies: options.strategies
-                || (process.env.AUTH_STRATEGIES?.split(',').map(s => s.trim()) as AuthStrategy[])
+            methods: options.methods
+                || (process.env.AUTH_METHODS?.split(',').map(s => s.trim()) as AuthMethod[])
                 || ['bearer'],
             cookieName: options.cookieName || process.env.AUTH_COOKIE_NAME || 'token',
             customHeaderName: options.customHeaderName || process.env.AUTH_CUSTOM_HEADER || 'X-Auth-Token',

package/src/index.ts

@@ -73,7 +73,7 @@ export { buildApp } from './app';
 // ── Types ────────────────────────────────────────────────────────────────────
 export type {
     RapiddUser,
-    AuthStrategy,
+    AuthMethod,
     RouteAuthConfig,
     ModelOptions,
     GetManyResult,

package/src/orm/Model.ts

@@ -177,6 +177,7 @@ class Model {
         const field = this.fields[fieldName];
         if (!field) return value;
         if (field.type === 'Int') return parseInt(value, 10);
+        if (field.type === 'BigInt') return BigInt(value);
         if (field.type === 'Float' || field.type === 'Decimal') return parseFloat(value);
         if (field.type === 'Boolean') return value === 'true';
         return value;
@@ -239,10 +240,13 @@ class Model {
         sortBy = sortBy?.trim();
         sortOrder = sortOrder?.trim();
 
-        // Validate sort field - fall back to default for composite PK names
+        // Validate sort field - fall back to default for composite PK names or missing 'id'
         if (!sortBy.includes('.') && this.fields[sortBy] == undefined) {
-            // If the sortBy is a composite key name (e.g., "email_companyId"), use first PK field
             if (sortBy === this.primaryKey && this.isCompositePK) {
+                // Composite key name (e.g., "email_companyId") → use first PK field
+                sortBy = this.defaultSortField;
+            } else if (sortBy === 'id') {
+                // Model doesn't have an 'id' field → fall back to actual primary key
                 sortBy = this.defaultSortField;
             } else {
                 throw new ErrorResponse(400, "invalid_sort_field", { sortBy, modelName: this.constructor.name });

package/src/orm/QueryBuilder.ts

@@ -501,10 +501,10 @@ class QueryBuilder {
     /**
      * Parse numeric filter operators
      */
-    #filterNumber(value: string): Record<string, number> | null {
+    #filterNumber(value: string): Record<string, number | bigint> | null {
         const numOperators = ['lt:', 'lte:', 'gt:', 'gte:', 'eq:', 'ne:', 'between:'];
         const foundOperator = numOperators.find((op: string) => value.startsWith(op));
-        let numValue: string | number = value;
+        let numValue: string = value;
         let prismaOp = 'equals';
 
         if (foundOperator) {
@@ -517,19 +517,36 @@ class QueryBuilder {
                 case 'eq:': prismaOp = 'equals'; break;
                 case 'ne:': prismaOp = 'not'; break;
                 case 'between:': {
-                    // Support between for decimals: between:1.5;3.7
-                    const [start, end] = (numValue as string).split(';').map((v: string) => parseFloat(v.trim()));
-                    if (isNaN(start) || isNaN(end)) return null;
+                    const parts = numValue.split(';').map((v: string) => v.trim());
+                    const [startStr, endStr] = parts;
+                    const start = this.#parseNumericValue(startStr);
+                    const end = this.#parseNumericValue(endStr);
+                    if (start == null || end == null) return null;
                     return { gte: start, lte: end };
                 }
             }
         }
 
-        // Support decimal numbers
-        numValue = parseFloat(numValue as string);
-        if (isNaN(numValue)) return null;
+        const parsed = this.#parseNumericValue(numValue);
+        if (parsed == null) return null;
 
-        return { [prismaOp]: numValue };
+        return { [prismaOp]: parsed };
+    }
+
+    /**
+     * Parse a numeric string, returning BigInt for integers beyond safe range
+     */
+    #parseNumericValue(value: string): number | bigint | null {
+        if (value.includes('.')) {
+            const num = parseFloat(value);
+            return isNaN(num) ? null : num;
+        }
+        const num = Number(value);
+        if (isNaN(num)) return null;
+        if (!Number.isSafeInteger(num)) {
+            try { return BigInt(value); } catch { return null; }
+        }
+        return num;
     }
 
     /**

package/src/plugins/auth.ts

@@ -1,8 +1,9 @@
+import path from 'path';
 import { FastifyPluginAsync, FastifyRequest } from 'fastify';
 import fp from 'fastify-plugin';
 import { Auth } from '../auth/Auth';
 import { ErrorResponse } from '../core/errors';
-import type { RapiddUser, AuthOptions, AuthStrategy, RouteAuthConfig } from '../types';
+import type { RapiddUser, AuthOptions, AuthMethod, RouteAuthConfig } from '../types';
 
 interface AuthPluginOptions {
     auth?: Auth;
@@ -35,20 +36,54 @@ const authPlugin: FastifyPluginAsync<AuthPluginOptions> = async (fastify, option
         return;
     }
 
-    // Parse auth on every request using configured strategies (checked in order).
-    // Routes can override via config.auth: { strategies, cookieName, customHeaderName }
+    // Load endpointAuthMethod from config/app.json (prefix → method(s) mapping)
+    let endpointAuthMethod: Record<string, AuthMethod | AuthMethod[] | null> = {};
+    try {
+        const appConfig = require(path.join(process.cwd(), 'config', 'app.json'));
+        if (appConfig.endpointAuthMethod) {
+            endpointAuthMethod = appConfig.endpointAuthMethod;
+        }
+    } catch {
+        // No app.json or no endpointAuthMethod — use global default
+    }
+
+    // Pre-sort prefixes by length (longest first) for correct matching
+    const sortedPrefixes = Object.keys(endpointAuthMethod)
+        .sort((a, b) => b.length - a.length);
+
+    // Parse auth on every request using configured methods (checked in order).
+    // Priority: route config > endpointAuthMethod prefix match > global default
     fastify.addHook('onRequest', async (request) => {
         const routeAuth = (request.routeOptions?.config as any)?.auth as RouteAuthConfig | undefined;
-        const strategies = routeAuth?.strategies || auth.options.strategies;
+
+        let methods: AuthMethod[];
+        if (routeAuth?.methods) {
+            methods = routeAuth.methods;
+        } else {
+            const matchedPrefix = sortedPrefixes.find(p => request.url.startsWith(p));
+            if (matchedPrefix) {
+                const value = endpointAuthMethod[matchedPrefix];
+                if (value === null) {
+                    methods = auth.options.methods;
+                } else if (typeof value === 'string') {
+                    methods = [value];
+                } else {
+                    methods = value;
+                }
+            } else {
+                methods = auth.options.methods;
+            }
+        }
+
         const cookieName = routeAuth?.cookieName || auth.options.cookieName;
         const customHeaderName = routeAuth?.customHeaderName || auth.options.customHeaderName;
 
         let user: RapiddUser | null = null;
 
-        for (const strategy of strategies) {
+        for (const method of methods) {
             if (user) break;
 
-            switch (strategy) {
+            switch (method) {
                 case 'bearer': {
                     const h = request.headers.authorization;
                     if (h?.startsWith('Bearer ')) {
@@ -90,7 +125,7 @@ const authPlugin: FastifyPluginAsync<AuthPluginOptions> = async (fastify, option
     fastify.post('/auth/login', async (request, reply) => {
         const result = await auth.login(request.body as { user: string; password: string });
 
-        if (auth.options.strategies.includes('cookie')) {
+        if (auth.options.methods.includes('cookie')) {
             reply.setCookie(auth.options.cookieName, result.accessToken, {
                 path: '/',
                 httpOnly: true,
@@ -106,7 +141,7 @@ const authPlugin: FastifyPluginAsync<AuthPluginOptions> = async (fastify, option
     fastify.post('/auth/logout', async (request, reply) => {
         const result = await auth.logout(request.headers.authorization);
 
-        if (auth.options.strategies.includes('cookie')) {
+        if (auth.options.methods.includes('cookie')) {
             reply.clearCookie(auth.options.cookieName, { path: '/' });
         }
 

package/src/types.ts

@@ -10,10 +10,10 @@ export interface RapiddUser {
     [key: string]: unknown;
 }
 
-export type AuthStrategy = 'bearer' | 'basic' | 'cookie' | 'header';
+export type AuthMethod = 'bearer' | 'basic' | 'cookie' | 'header';
 
 export interface RouteAuthConfig {
-    strategies?: AuthStrategy[];
+    methods?: AuthMethod[];
     cookieName?: string;
     customHeaderName?: string;
 }
@@ -32,7 +32,7 @@ export interface AuthOptions {
         refreshExpiry?: string;
     };
     saltRounds?: number;
-    strategies?: AuthStrategy[];
+    methods?: AuthMethod[];
     cookieName?: string;
     customHeaderName?: string;
 }