@rapidraptor/auth-server 0.2.0

package/dist/tokenVerifier/joseTokenVerifier.js

@@ -0,0 +1,157 @@
+import * as jose from 'jose';
+import fs from 'fs/promises';
+import { TokenVerificationFailedError, TokenVerifierConfigurationError, } from './errors.js';
+/**
+ * Default JWT token verifier implementation using jose library
+ * Supports JWKS URIs, static public keys, and skip verification mode
+ */
+export class JoseTokenVerifier {
+    config;
+    logger;
+    jwksClient;
+    cachedPublicKey;
+    constructor(config, logger) {
+        this.config = config;
+        this.logger = logger;
+        // Validate configuration for production mode
+        if (!config.skipVerification && !config.publicKey && !config.jwksUri) {
+            throw new TokenVerifierConfigurationError('Either publicKey or jwksUri must be provided when skipVerification is false');
+        }
+    }
+    async verify(token, correlationId) {
+        if (this.config.skipVerification) {
+            // Development/test mode - return mock user
+            this.logger?.debug?.('JWT verification skipped - using mock user', {
+                event: 'jwt_verification_skipped',
+                mockUser: this.config.mockUser,
+                correlationId,
+            });
+            return (this.config.mockUser || {
+                sub: 'dev-user',
+                email: 'dev@example.com',
+            });
+        }
+        try {
+            // Decode JWT for logging
+            const payload = jose.decodeJwt(token);
+            const protectedHeader = jose.decodeProtectedHeader(token);
+            this.logger?.debug?.('JWT token decoded for verification', {
+                event: 'jwt_token_decoded',
+                header: {
+                    alg: protectedHeader.alg,
+                    typ: protectedHeader.typ,
+                    kid: protectedHeader.kid, // Key ID - safe to log
+                },
+                payload: {
+                    sub: payload.sub,
+                    email: payload.email,
+                    exp: payload.exp,
+                    iat: payload.iat,
+                },
+                config: {
+                    skipVerification: this.config.skipVerification,
+                    publicKey: this.config.publicKey ? '[PROVIDED]' : undefined,
+                    jwksUri: this.config.jwksUri,
+                    issuer: this.config.issuer,
+                    audience: this.config.audience,
+                },
+                correlationId,
+            });
+        }
+        catch (e) {
+            this.logger?.warn?.('Could not decode JWT token for logging - may be malformed', {
+                event: 'jwt_decode_failed',
+                error: e instanceof Error ? e.message : 'Unknown error',
+                correlationId,
+            });
+        }
+        try {
+            const key = await this.getVerificationKey(correlationId);
+            // TypeScript can't infer that the union type matches jwtVerify's expected type
+            // but both KeyLike and createRemoteJWKSet return value are valid
+            const { payload } = await jose.jwtVerify(token, key, {
+                issuer: this.config.issuer,
+                audience: this.config.audience,
+            });
+            this.logger?.info?.('JWT verification successful', {
+                event: 'jwt_verification_success',
+                userId: payload.sub,
+                email: payload.email,
+                correlationId,
+            });
+            return {
+                sub: payload.sub,
+                email: payload.email,
+                name: payload.name,
+            };
+        }
+        catch (error) {
+            // Handle expired token specifically
+            if (error instanceof jose.errors.JWTExpired) {
+                this.logger?.warn?.('JWT token has expired', {
+                    event: 'jwt_token_expired',
+                    error: error.message,
+                    correlationId,
+                });
+                throw new TokenVerificationFailedError('Token has expired', true, error);
+            }
+            this.logger?.error?.('JWT verification failed', {
+                event: 'jwt_verification_failed',
+                error: {
+                    name: error instanceof Error ? error.name : 'Unknown',
+                    message: error instanceof Error ? error.message : 'Unknown error',
+                },
+                correlationId,
+            });
+            throw new TokenVerificationFailedError(`JWT verification failed: ${error.message}`, false, error instanceof Error ? error : undefined);
+        }
+    }
+    async getVerificationKey(correlationId) {
+        // Prefer static public key if provided
+        if (this.config.publicKey) {
+            if (!this.cachedPublicKey) {
+                this.logger?.debug?.('Loading static public key for JWT verification', {
+                    event: 'jwt_static_key_loading',
+                    keyType: this.config.publicKey.startsWith('file://') ? 'file' : 'inline',
+                    correlationId,
+                });
+                let pem = this.config.publicKey;
+                // If value starts with file:// treat as path
+                if (pem.startsWith('file://')) {
+                    const path = pem.replace('file://', '');
+                    pem = await fs.readFile(path, 'utf-8');
+                }
+                this.cachedPublicKey = await jose.importSPKI(pem, 'RS256');
+                this.logger?.debug?.('Static public key loaded successfully', {
+                    event: 'jwt_static_key_loaded',
+                    correlationId,
+                });
+            }
+            return this.cachedPublicKey;
+        }
+        // Otherwise fallback to remote JWKS
+        if (!this.jwksClient) {
+            if (!this.config.jwksUri) {
+                throw new TokenVerifierConfigurationError('JWKS URI not configured');
+            }
+            this.logger?.debug?.('Creating remote JWKS client', {
+                event: 'jwt_jwks_client_created',
+                jwksUri: this.config.jwksUri,
+                correlationId,
+            });
+            this.jwksClient = jose.createRemoteJWKSet(new URL(this.config.jwksUri));
+        }
+        return this.jwksClient;
+    }
+    /**
+     * Clear cached keys (useful for testing or key rotation)
+     */
+    clearCache() {
+        this.jwksClient = undefined;
+        this.cachedPublicKey = undefined;
+        this.logger?.debug?.('JWT verification cache cleared', {
+            event: 'jwt_cache_cleared',
+        });
+    }
+}
+//# sourceMappingURL=joseTokenVerifier.js.map

package/dist/tokenVerifier/joseTokenVerifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"joseTokenVerifier.js","sourceRoot":"","sources":["../../src/tokenVerifier/joseTokenVerifier.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,MAAM,aAAa,CAAC;AAE7B,OAAO,EACL,4BAA4B,EAC5B,+BAA+B,GAChC,MAAM,aAAa,CAAC;AAGrB;;;GAGG;AACH,MAAM,OAAO,iBAAiB;IAKlB;IACA;IALF,UAAU,CAA8C;IACxD,eAAe,CAAgB;IAEvC,YACU,MAA2B,EAC3B,MAAe;QADf,WAAM,GAAN,MAAM,CAAqB;QAC3B,WAAM,GAAN,MAAM,CAAS;QAEvB,6CAA6C;QAC7C,IAAI,CAAC,MAAM,CAAC,gBAAgB,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACrE,MAAM,IAAI,+BAA+B,CACvC,6EAA6E,CAC9E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CACV,KAAa,EACb,aAAsB;QAEtB,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACjC,2CAA2C;YAC3C,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,4CAA4C,EAAE;gBACjE,KAAK,EAAE,0BAA0B;gBACjC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC9B,aAAa;aACd,CAAC,CAAC;YAEH,OAAO,CACL,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI;gBACtB,GAAG,EAAE,UAAU;gBACf,KAAK,EAAE,iBAAiB;aACzB,CACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,yBAAyB;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YACtC,MAAM,eAAe,GAAG,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YAE1D,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,oCAAoC,EAAE;gBACzD,KAAK,EAAE,mBAAmB;gBAC1B,MAAM,EAAE;oBACN,GAAG,EAAE,eAAe,CAAC,GAAG;oBACxB,GAAG,EAAE,eAAe,CAAC,GAAG;oBACxB,GAAG,EAAE,eAAe,CAAC,GAAG,EAAE,uBAAuB;iBAClD;gBACD,OAAO,EAAE;oBACP,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;iBACjB;gBACD,MAAM,EAAE;oBACN,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB;oBAC9C,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;oBAC3D,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;oBAC5B,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;oBAC1B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;iBAC/B;gBACD,aAAa;aACd,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CACjB,2DAA2D,EAC3D;gBACE,KAAK,EAAE,mBAAmB;gBAC1B,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;gBACvD,aAAa;aACd,CACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;YACzD,+EAA+E;YAC/E,iEAAiE;YACjE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CACtC,KAAK,EACL,GAA2C,EAC3C;gBACE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;gBAC1B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;aAC/B,CACF,CAAC;YAEF,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,6BAA6B,EAAE;gBACjD,KAAK,EAAE,0BAA0B;gBACjC,MAAM,EAAE,OAAO,CAAC,GAAG;gBACnB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,aAAa;aACd,CAAC,CAAC;YAEH,OAAO;gBACL,GAAG,EAAE,OAAO,CAAC,GAAI;gBACjB,KAAK,EAAE,OAAO,CAAC,KAA2B;gBAC1C,IAAI,EAAE,OAAO,CAAC,IAA0B;aACzC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,oCAAoC;YACpC,IAAI,KAAK,YAAY,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;gBAC5C,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,uBAAuB,EAAE;oBAC3C,KAAK,EAAE,mBAAmB;oBAC1B,KAAK,EAAE,KAAK,CAAC,OAAO;oBACpB,aAAa;iBACd,CAAC,CAAC;gBAEH,MAAM,IAAI,4BAA4B,CACpC,mBAAmB,EACnB,IAAI,EACJ,KAAK,CACN,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,yBAAyB,EAAE;gBAC9C,KAAK,EAAE,yBAAyB;gBAChC,KAAK,EAAE;oBACL,IAAI,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;oBACrD,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;iBAClE;gBACD,aAAa;aACd,CAAC,CAAC;YAEH,MAAM,IAAI,4BAA4B,CACpC,4BAA6B,KAAe,CAAC,OAAO,EAAE,EACtD,KAAK,EACL,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAC3C,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,aAAsB;QAEtB,uCAAuC;QACvC,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC1B,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC1B,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,gDAAgD,EAAE;oBACrE,KAAK,EAAE,wBAAwB;oBAC/B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;oBACxE,aAAa;iBACd,CAAC,CAAC;gBAEH,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;gBAChC,6CAA6C;gBAC7C,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC9B,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;oBACxC,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBACzC,CAAC;gBACD,IAAI,CAAC,eAAe,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;gBAE3D,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,uCAAuC,EAAE;oBAC5D,KAAK,EAAE,uBAAuB;oBAC9B,aAAa;iBACd,CAAC,CAAC;YACL,CAAC;YACD,OAAO,IAAI,CAAC,eAAe,CAAC;QAC9B,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACzB,MAAM,IAAI,+BAA+B,CAAC,yBAAyB,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,6BAA6B,EAAE;gBAClD,KAAK,EAAE,yBAAyB;gBAChC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;gBAC5B,aAAa;aACd,CAAC,CAAC;YAEH,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,UAAU;QACR,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,eAAe,GAAG,SAAS,CAAC;QAEjC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,gCAAgC,EAAE;YACrD,KAAK,EAAE,mBAAmB;SAC3B,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/tokenVerifier/types.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Configuration for JWT token verification
+ */
+export interface TokenVerifierConfig {
+    /**
+     * Skip verification (development/test mode only)
+     * When true, returns a mock user without verifying the token
+     */
+    skipVerification?: boolean;
+    /**
+     * Static public key in PEM format for JWT verification
+     * Can be provided inline or as a file path (prefix with 'file://')
+     * Example: 'file:///path/to/public-key.pem' or '-----BEGIN PUBLIC KEY-----\n...'
+     */
+    publicKey?: string;
+    /**
+     * JWKS (JSON Web Key Set) URI for remote key lookup
+     * Used for OAuth providers like Firebase, Auth0, etc.
+     * Example: 'https://www.googleapis.com/service_accounts/v1/jwk/...'
+     */
+    jwksUri?: string;
+    /**
+     * Expected JWT issuer (iss claim)
+     * If provided, tokens must have matching issuer
+     */
+    issuer?: string;
+    /**
+     * Expected JWT audience (aud claim)
+     * If provided, tokens must have matching audience
+     */
+    audience?: string;
+    /**
+     * Mock user to return when skipVerification is true
+     */
+    mockUser?: {
+        sub: string;
+        email?: string;
+        name?: string;
+    };
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/tokenVerifier/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/tokenVerifier/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,QAAQ,CAAC,EAAE;QACT,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH"}

package/dist/tokenVerifier/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/tokenVerifier/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/tokenVerifier/types.ts"],"names":[],"mappings":""}

package/dist/types/middleware.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Interface for user token verifier
+ * Implementations should verify JWT tokens (signature, expiration, issuer, audience)
+ * and return the user information from the token payload.
+ *
+ * This is a generic interface that can be implemented by any project using this library.
+ * The implementation is provided via dependency injection to createAuthMiddleware().
+ */
+export interface UserTokenVerifier {
+    verify(token: string, correlationId?: string): Promise<{
+        sub: string;
+        email?: string;
+        name?: string;
+    }>;
+}
+/**
+ * Interface for user token verification error
+ * Implementations should throw errors that match this interface
+ */
+export interface UserTokenVerificationError extends Error {
+    isExpired?: boolean;
+}
+/**
+ * Logger interface (compatible with winston)
+ * Uses Record<string, unknown> for type-safe metadata
+ */
+export interface Logger {
+    debug?: (message: string, meta?: Record<string, unknown>) => void;
+    info?: (message: string, meta?: Record<string, unknown>) => void;
+    warn?: (message: string, meta?: Record<string, unknown>) => void;
+    error?: (message: string, meta?: Record<string, unknown>) => void;
+}
+//# sourceMappingURL=middleware.d.ts.map

package/dist/types/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/types/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACxG;AAED;;;GAGG;AACH,MAAM,WAAW,0BAA2B,SAAQ,KAAK;IACvD,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,MAAM;IACrB,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IAClE,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IACjE,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IACjE,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;CACnE"}

package/dist/types/middleware.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=middleware.js.map

package/dist/types/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/types/middleware.ts"],"names":[],"mappings":""}

package/dist/types/session.d.ts

@@ -0,0 +1,7 @@
+import type { SessionInfo } from '@rapidraptor/auth-shared';
+/**
+ * Type alias for session storage maps
+ * Used for in-memory caches and write queues
+ */
+export type SessionMap = Map<string, SessionInfo>;
+//# sourceMappingURL=session.d.ts.map

package/dist/types/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/types/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAE5D;;;GAGG;AACH,MAAM,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC"}

package/dist/types/session.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=session.js.map

package/dist/types/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/types/session.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,36 @@
+{
+  "name": "@rapidraptor/auth-server",
+  "version": "0.2.0",
+  "description": "Server-side authentication library for Node.js/Express applications",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc",
+    "clean": "rm -rf dist",
+    "test": "vitest"
+  },
+  "dependencies": {
+    "@rapidraptor/auth-shared": "file:../shared",
+    "firebase-admin": "^12.0.0",
+    "jose": "^5.2.0"
+  },
+  "devDependencies": {
+    "@types/express": "^4.17.21",
+    "@types/node": "^20.12.12",
+    "express": "^4.19.2",
+    "typescript": "^5.4.5",
+    "vitest": "^1.6.1"
+  }
+}