@revealui/auth 0.0.1-pre.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +22 -202
- package/README.md +101 -0
- package/dist/index.d.ts +10 -1
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +10 -4
- package/dist/react/index.d.ts +15 -0
- package/dist/react/index.d.ts.map +1 -0
- package/dist/react/index.js +10 -0
- package/dist/react/useSession.d.ts +32 -0
- package/dist/react/useSession.d.ts.map +1 -0
- package/dist/react/useSession.js +98 -0
- package/dist/react/useSignIn.d.ts +41 -0
- package/dist/react/useSignIn.d.ts.map +1 -0
- package/dist/react/useSignIn.js +99 -0
- package/dist/react/useSignOut.d.ts +30 -0
- package/dist/react/useSignOut.d.ts.map +1 -0
- package/dist/react/useSignOut.js +57 -0
- package/dist/react/useSignUp.d.ts +43 -0
- package/dist/react/useSignUp.d.ts.map +1 -0
- package/dist/react/useSignUp.js +90 -0
- package/dist/server/auth.d.ts +46 -0
- package/dist/server/auth.d.ts.map +1 -0
- package/dist/server/auth.js +314 -0
- package/dist/server/brute-force.d.ts +44 -0
- package/dist/server/brute-force.d.ts.map +1 -0
- package/dist/server/brute-force.js +149 -0
- package/dist/server/errors.d.ts +28 -0
- package/dist/server/errors.d.ts.map +1 -0
- package/dist/server/errors.js +51 -0
- package/dist/server/index.d.ts +17 -0
- package/dist/server/index.d.ts.map +1 -0
- package/dist/server/index.js +14 -0
- package/dist/server/oauth.d.ts +49 -0
- package/dist/server/oauth.d.ts.map +1 -0
- package/dist/server/oauth.js +223 -0
- package/dist/server/password-reset.d.ts +55 -0
- package/dist/server/password-reset.d.ts.map +1 -0
- package/dist/server/password-reset.js +232 -0
- package/dist/server/password-validation.d.ts +25 -0
- package/dist/server/password-validation.d.ts.map +1 -0
- package/dist/server/password-validation.js +47 -0
- package/dist/server/providers/github.d.ts +14 -0
- package/dist/server/providers/github.d.ts.map +1 -0
- package/dist/server/providers/github.js +73 -0
- package/dist/server/providers/google.d.ts +11 -0
- package/dist/server/providers/google.d.ts.map +1 -0
- package/dist/server/providers/google.js +53 -0
- package/dist/server/providers/vercel.d.ts +11 -0
- package/dist/server/providers/vercel.d.ts.map +1 -0
- package/dist/server/providers/vercel.js +47 -0
- package/dist/server/rate-limit.d.ts +45 -0
- package/dist/server/rate-limit.d.ts.map +1 -0
- package/dist/server/rate-limit.js +130 -0
- package/dist/server/session.d.ts +47 -0
- package/dist/server/session.d.ts.map +1 -0
- package/dist/server/session.js +248 -0
- package/dist/server/storage/database.d.ts +26 -0
- package/dist/server/storage/database.d.ts.map +1 -0
- package/dist/server/storage/database.js +102 -0
- package/dist/server/storage/in-memory.d.ts +28 -0
- package/dist/server/storage/in-memory.d.ts.map +1 -0
- package/dist/server/storage/in-memory.js +80 -0
- package/dist/server/storage/index.d.ts +26 -0
- package/dist/server/storage/index.d.ts.map +1 -0
- package/dist/server/storage/index.js +80 -0
- package/dist/server/storage/interface.d.ts +46 -0
- package/dist/server/storage/interface.d.ts.map +1 -0
- package/dist/server/storage/interface.js +6 -0
- package/dist/types.d.ts +66 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +8 -0
- package/dist/utils/database.d.ts +53 -0
- package/dist/utils/database.d.ts.map +1 -0
- package/dist/utils/database.js +144 -0
- package/dist/utils/token.d.ts +30 -0
- package/dist/utils/token.d.ts.map +1 -0
- package/dist/utils/token.js +39 -0
- package/package.json +50 -106
- package/dist/better-auth/adapter/__tests__/transform.test.js +0 -213
- package/dist/better-auth/adapter/__tests__/transform.test.js.map +0 -1
- package/dist/better-auth/adapter/generate-schema/biome.d.js +0 -2
- package/dist/better-auth/adapter/generate-schema/biome.d.js.map +0 -1
- package/dist/better-auth/adapter/generate-schema/generate-schema-builder.d.ts +0 -5
- package/dist/better-auth/adapter/generate-schema/generate-schema-builder.js +0 -482
- package/dist/better-auth/adapter/generate-schema/generate-schema-builder.js.map +0 -1
- package/dist/better-auth/adapter/generate-schema/get-payload-schema.d.ts +0 -1
- package/dist/better-auth/adapter/generate-schema/get-payload-schema.js +0 -42
- package/dist/better-auth/adapter/generate-schema/get-payload-schema.js.map +0 -1
- package/dist/better-auth/adapter/generate-schema/index.d.ts +0 -4
- package/dist/better-auth/adapter/generate-schema/index.js +0 -19
- package/dist/better-auth/adapter/generate-schema/index.js.map +0 -1
- package/dist/better-auth/adapter/generate-schema/utils.d.ts +0 -2
- package/dist/better-auth/adapter/generate-schema/utils.js +0 -20
- package/dist/better-auth/adapter/generate-schema/utils.js.map +0 -1
- package/dist/better-auth/adapter/index.d.ts +0 -15
- package/dist/better-auth/adapter/index.js +0 -731
- package/dist/better-auth/adapter/index.js.map +0 -1
- package/dist/better-auth/adapter/tests/adapter.test.js +0 -174
- package/dist/better-auth/adapter/tests/adapter.test.js.map +0 -1
- package/dist/better-auth/adapter/tests/base-collections-tests.js +0 -575
- package/dist/better-auth/adapter/tests/base-collections-tests.js.map +0 -1
- package/dist/better-auth/adapter/tests/dev/index.js +0 -117
- package/dist/better-auth/adapter/tests/dev/index.js.map +0 -1
- package/dist/better-auth/adapter/tests/dev/migrate.js +0 -26
- package/dist/better-auth/adapter/tests/dev/migrate.js.map +0 -1
- package/dist/better-auth/adapter/tests/dev/migrations/20250423_232936_init.js +0 -218
- package/dist/better-auth/adapter/tests/dev/migrations/20250423_232936_init.js.map +0 -1
- package/dist/better-auth/adapter/tests/dev/schema.js +0 -160
- package/dist/better-auth/adapter/tests/dev/schema.js.map +0 -1
- package/dist/better-auth/adapter/tests/plugins-tests.js +0 -2
- package/dist/better-auth/adapter/tests/plugins-tests.js.map +0 -1
- package/dist/better-auth/adapter/transform/index.d.ts +0 -27
- package/dist/better-auth/adapter/transform/index.js +0 -664
- package/dist/better-auth/adapter/transform/index.js.map +0 -1
- package/dist/better-auth/adapter/types.d.ts +0 -10
- package/dist/better-auth/adapter/types.js +0 -3
- package/dist/better-auth/adapter/types.js.map +0 -1
- package/dist/better-auth/generated-types.d.ts +0 -285
- package/dist/better-auth/index.d.ts +0 -3
- package/dist/better-auth/index.js +0 -5
- package/dist/better-auth/index.js.map +0 -1
- package/dist/better-auth/plugin/__tests__/plugin.test.js +0 -162
- package/dist/better-auth/plugin/__tests__/plugin.test.js.map +0 -1
- package/dist/better-auth/plugin/constants.d.ts +0 -220
- package/dist/better-auth/plugin/constants.js +0 -249
- package/dist/better-auth/plugin/constants.js.map +0 -1
- package/dist/better-auth/plugin/helpers/check-plugin-exists.d.ts +0 -12
- package/dist/better-auth/plugin/helpers/check-plugin-exists.js +0 -14
- package/dist/better-auth/plugin/helpers/check-plugin-exists.js.map +0 -1
- package/dist/better-auth/plugin/helpers/generate-verify-email-url.d.ts +0 -29
- package/dist/better-auth/plugin/helpers/generate-verify-email-url.js +0 -46
- package/dist/better-auth/plugin/helpers/generate-verify-email-url.js.map +0 -1
- package/dist/better-auth/plugin/helpers/get-admin-access.d.ts +0 -7
- package/dist/better-auth/plugin/helpers/get-admin-access.js +0 -22
- package/dist/better-auth/plugin/helpers/get-admin-access.js.map +0 -1
- package/dist/better-auth/plugin/helpers/get-all-roles.d.ts +0 -5
- package/dist/better-auth/plugin/helpers/get-all-roles.js +0 -20
- package/dist/better-auth/plugin/helpers/get-all-roles.js.map +0 -1
- package/dist/better-auth/plugin/helpers/get-better-auth-schema.d.ts +0 -18
- package/dist/better-auth/plugin/helpers/get-better-auth-schema.js +0 -70
- package/dist/better-auth/plugin/helpers/get-better-auth-schema.js.map +0 -1
- package/dist/better-auth/plugin/helpers/get-collection-slug.d.ts +0 -5
- package/dist/better-auth/plugin/helpers/get-collection-slug.js +0 -20
- package/dist/better-auth/plugin/helpers/get-collection-slug.js.map +0 -1
- package/dist/better-auth/plugin/helpers/get-collection.d.ts +0 -15
- package/dist/better-auth/plugin/helpers/get-collection.js +0 -29
- package/dist/better-auth/plugin/helpers/get-collection.js.map +0 -1
- package/dist/better-auth/plugin/helpers/get-ip.d.ts +0 -2
- package/dist/better-auth/plugin/helpers/get-ip.js +0 -31
- package/dist/better-auth/plugin/helpers/get-ip.js.map +0 -1
- package/dist/better-auth/plugin/helpers/get-signed-cookie.d.ts +0 -2
- package/dist/better-auth/plugin/helpers/get-signed-cookie.js +0 -65
- package/dist/better-auth/plugin/helpers/get-signed-cookie.js.map +0 -1
- package/dist/better-auth/plugin/helpers/index.d.ts +0 -1
- package/dist/better-auth/plugin/helpers/index.js +0 -3
- package/dist/better-auth/plugin/helpers/index.js.map +0 -1
- package/dist/better-auth/plugin/helpers/prepare-session-data.d.ts +0 -59
- package/dist/better-auth/plugin/helpers/prepare-session-data.js +0 -49
- package/dist/better-auth/plugin/helpers/prepare-session-data.js.map +0 -1
- package/dist/better-auth/plugin/helpers/sync-resolved-schema-with-collection-map.d.ts +0 -20
- package/dist/better-auth/plugin/helpers/sync-resolved-schema-with-collection-map.js +0 -67
- package/dist/better-auth/plugin/helpers/sync-resolved-schema-with-collection-map.js.map +0 -1
- package/dist/better-auth/plugin/index.d.ts +0 -11
- package/dist/better-auth/plugin/index.js +0 -125
- package/dist/better-auth/plugin/index.js.map +0 -1
- package/dist/better-auth/plugin/lib/apply-disabled-default-auth-config.d.ts +0 -12
- package/dist/better-auth/plugin/lib/apply-disabled-default-auth-config.js +0 -87
- package/dist/better-auth/plugin/lib/apply-disabled-default-auth-config.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/accounts/hooks/sync-password-to-user.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/accounts/hooks/sync-password-to-user.js +0 -60
- package/dist/better-auth/plugin/lib/build-collections/accounts/hooks/sync-password-to-user.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/accounts/index.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/accounts/index.js +0 -154
- package/dist/better-auth/plugin/lib/build-collections/accounts/index.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/admin-invitations/hooks/get-url-after-read.d.ts +0 -5
- package/dist/better-auth/plugin/lib/build-collections/admin-invitations/hooks/get-url-after-read.js +0 -11
- package/dist/better-auth/plugin/lib/build-collections/admin-invitations/hooks/get-url-after-read.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/admin-invitations/hooks/get-url-before-change.d.ts +0 -2
- package/dist/better-auth/plugin/lib/build-collections/admin-invitations/hooks/get-url-before-change.js +0 -8
- package/dist/better-auth/plugin/lib/build-collections/admin-invitations/hooks/get-url-before-change.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/admin-invitations/index.d.ts +0 -6
- package/dist/better-auth/plugin/lib/build-collections/admin-invitations/index.js +0 -119
- package/dist/better-auth/plugin/lib/build-collections/admin-invitations/index.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/api-keys.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/api-keys.js +0 -177
- package/dist/better-auth/plugin/lib/build-collections/api-keys.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/device-code.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/device-code.js +0 -50
- package/dist/better-auth/plugin/lib/build-collections/device-code.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/index.d.ts +0 -10
- package/dist/better-auth/plugin/lib/build-collections/index.js +0 -73
- package/dist/better-auth/plugin/lib/build-collections/index.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/invitations.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/invitations.js +0 -94
- package/dist/better-auth/plugin/lib/build-collections/invitations.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/jwks.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/jwks.js +0 -59
- package/dist/better-auth/plugin/lib/build-collections/jwks.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/members.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/members.js +0 -73
- package/dist/better-auth/plugin/lib/build-collections/members.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/oauth-access-tokens.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/oauth-access-tokens.js +0 -107
- package/dist/better-auth/plugin/lib/build-collections/oauth-access-tokens.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/oauth-applications.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/oauth-applications.js +0 -118
- package/dist/better-auth/plugin/lib/build-collections/oauth-applications.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/oauth-consents.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/oauth-consents.js +0 -89
- package/dist/better-auth/plugin/lib/build-collections/oauth-consents.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/organizations.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/organizations.js +0 -70
- package/dist/better-auth/plugin/lib/build-collections/organizations.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/passkeys.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/passkeys.js +0 -115
- package/dist/better-auth/plugin/lib/build-collections/passkeys.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/sessions.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/sessions.js +0 -170
- package/dist/better-auth/plugin/lib/build-collections/sessions.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/sso-providers.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/sso-providers.js +0 -81
- package/dist/better-auth/plugin/lib/build-collections/sso-providers.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/subscriptions.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/subscriptions.js +0 -111
- package/dist/better-auth/plugin/lib/build-collections/subscriptions.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/team-members.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/team-members.js +0 -57
- package/dist/better-auth/plugin/lib/build-collections/team-members.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/teams.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/teams.js +0 -76
- package/dist/better-auth/plugin/lib/build-collections/teams.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/two-factors.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/two-factors.js +0 -67
- package/dist/better-auth/plugin/lib/build-collections/two-factors.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/better-auth-strategy.d.ts +0 -7
- package/dist/better-auth/plugin/lib/build-collections/users/better-auth-strategy.js +0 -53
- package/dist/better-auth/plugin/lib/build-collections/users/better-auth-strategy.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/generate-invite-url.d.ts +0 -11
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/generate-invite-url.js +0 -75
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/generate-invite-url.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/index.d.ts +0 -4
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/index.js +0 -6
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/index.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/refresh-token.d.ts +0 -2
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/refresh-token.js +0 -115
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/refresh-token.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/send-invite-url.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/send-invite-url.js +0 -64
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/send-invite-url.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/set-admin-role.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/set-admin-role.js +0 -80
- package/dist/better-auth/plugin/lib/build-collections/users/endpoints/set-admin-role.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/after-login.d.ts +0 -6
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/after-login.js +0 -79
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/after-login.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/after-logout.d.ts +0 -2
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/after-logout.js +0 -82
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/after-logout.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/before-delete.d.ts +0 -2
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/before-delete.js +0 -54
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/before-delete.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/before-login.d.ts +0 -6
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/before-login.js +0 -15
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/before-login.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/index.d.ts +0 -6
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/index.js +0 -8
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/index.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/on-verified-change.d.ts +0 -2
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/on-verified-change.js +0 -17
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/on-verified-change.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/sync-account.d.ts +0 -2
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/sync-account.js +0 -91
- package/dist/better-auth/plugin/lib/build-collections/users/hooks/sync-account.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/users/index.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/users/index.js +0 -341
- package/dist/better-auth/plugin/lib/build-collections/users/index.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/utils/collection-schema.d.ts +0 -15
- package/dist/better-auth/plugin/lib/build-collections/utils/collection-schema.js +0 -24
- package/dist/better-auth/plugin/lib/build-collections/utils/collection-schema.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/utils/filter-duplicate-fields.d.ts +0 -10
- package/dist/better-auth/plugin/lib/build-collections/utils/filter-duplicate-fields.js +0 -67
- package/dist/better-auth/plugin/lib/build-collections/utils/filter-duplicate-fields.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/utils/filter-properties.d.ts +0 -9
- package/dist/better-auth/plugin/lib/build-collections/utils/filter-properties.js +0 -94
- package/dist/better-auth/plugin/lib/build-collections/utils/filter-properties.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/utils/get-timestamp-fields.d.ts +0 -7
- package/dist/better-auth/plugin/lib/build-collections/utils/get-timestamp-fields.js +0 -35
- package/dist/better-auth/plugin/lib/build-collections/utils/get-timestamp-fields.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/utils/model-field-transformations.d.ts +0 -12
- package/dist/better-auth/plugin/lib/build-collections/utils/model-field-transformations.js +0 -25
- package/dist/better-auth/plugin/lib/build-collections/utils/model-field-transformations.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/utils/payload-access.d.ts +0 -14
- package/dist/better-auth/plugin/lib/build-collections/utils/payload-access.js +0 -67
- package/dist/better-auth/plugin/lib/build-collections/utils/payload-access.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/utils/transform-schema-fields-to-payload.d.ts +0 -20
- package/dist/better-auth/plugin/lib/build-collections/utils/transform-schema-fields-to-payload.js +0 -98
- package/dist/better-auth/plugin/lib/build-collections/utils/transform-schema-fields-to-payload.js.map +0 -1
- package/dist/better-auth/plugin/lib/build-collections/verifications.d.ts +0 -3
- package/dist/better-auth/plugin/lib/build-collections/verifications.js +0 -87
- package/dist/better-auth/plugin/lib/build-collections/verifications.js.map +0 -1
- package/dist/better-auth/plugin/lib/get-payload-auth.d.ts +0 -5
- package/dist/better-auth/plugin/lib/get-payload-auth.js +0 -9
- package/dist/better-auth/plugin/lib/get-payload-auth.js.map +0 -1
- package/dist/better-auth/plugin/lib/init-better-auth.d.ts +0 -7
- package/dist/better-auth/plugin/lib/init-better-auth.js +0 -46
- package/dist/better-auth/plugin/lib/init-better-auth.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/admin-plugin.d.ts +0 -2
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/admin-plugin.js +0 -9
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/admin-plugin.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/api-key-plugin.d.ts +0 -2
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/api-key-plugin.js +0 -10
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/api-key-plugin.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/device-authorization-plugin.d.ts +0 -2
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/device-authorization-plugin.js +0 -8
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/device-authorization-plugin.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/index.d.ts +0 -10
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/index.js +0 -156
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/index.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/oidc-plugin.d.ts +0 -2
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/oidc-plugin.js +0 -18
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/oidc-plugin.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/organizations-plugin.d.ts +0 -2
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/organizations-plugin.js +0 -34
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/organizations-plugin.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/passkey-plugin.d.ts +0 -2
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/passkey-plugin.js +0 -11
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/passkey-plugin.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/sso-plugin.d.ts +0 -2
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/sso-plugin.js +0 -10
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/sso-plugin.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/two-factor-plugin.d.ts +0 -2
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/two-factor-plugin.js +0 -11
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/two-factor-plugin.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/ensure-password-set-before-create.d.ts +0 -7
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/ensure-password-set-before-create.js +0 -23
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/ensure-password-set-before-create.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/password.d.ts +0 -25
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/password.js +0 -62
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/password.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/require-admin-invite-for-sign-up-middleware.d.ts +0 -9
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/require-admin-invite-for-sign-up-middleware.js +0 -47
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/require-admin-invite-for-sign-up-middleware.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/save-to-jwt-middleware.d.ts +0 -15
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/save-to-jwt-middleware.js +0 -42
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/save-to-jwt-middleware.js.map +0 -1
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/use-admin-invite-after-email-sign-up-middleware.d.ts +0 -9
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/use-admin-invite-after-email-sign-up-middleware.js +0 -63
- package/dist/better-auth/plugin/lib/sanitize-better-auth-options/utils/use-admin-invite-after-email-sign-up-middleware.js.map +0 -1
- package/dist/better-auth/plugin/lib/set-login-methods.d.ts +0 -4
- package/dist/better-auth/plugin/lib/set-login-methods.js +0 -14
- package/dist/better-auth/plugin/lib/set-login-methods.js.map +0 -1
- package/dist/better-auth/plugin/payload/components/admin-buttons/index.d.ts +0 -9
- package/dist/better-auth/plugin/payload/components/admin-buttons/index.js +0 -143
- package/dist/better-auth/plugin/payload/components/admin-buttons/index.js.map +0 -1
- package/dist/better-auth/plugin/payload/components/admin-invite-button/index.d.ts +0 -10
- package/dist/better-auth/plugin/payload/components/admin-invite-button/index.js +0 -219
- package/dist/better-auth/plugin/payload/components/admin-invite-button/index.js.map +0 -1
- package/dist/better-auth/plugin/payload/components/logout-button.d.ts +0 -4
- package/dist/better-auth/plugin/payload/components/logout-button.js +0 -24
- package/dist/better-auth/plugin/payload/components/logout-button.js.map +0 -1
- package/dist/better-auth/plugin/payload/components/passkeys/add-button.d.ts +0 -8
- package/dist/better-auth/plugin/payload/components/passkeys/add-button.js +0 -117
- package/dist/better-auth/plugin/payload/components/passkeys/add-button.js.map +0 -1
- package/dist/better-auth/plugin/payload/components/passkeys/client.d.ts +0 -3
- package/dist/better-auth/plugin/payload/components/passkeys/client.js +0 -66
- package/dist/better-auth/plugin/payload/components/passkeys/client.js.map +0 -1
- package/dist/better-auth/plugin/payload/components/passkeys/index.d.ts +0 -4
- package/dist/better-auth/plugin/payload/components/passkeys/index.js +0 -52
- package/dist/better-auth/plugin/payload/components/passkeys/index.js.map +0 -1
- package/dist/better-auth/plugin/payload/components/passkeys/list.d.ts +0 -8
- package/dist/better-auth/plugin/payload/components/passkeys/list.js +0 -57
- package/dist/better-auth/plugin/payload/components/passkeys/list.js.map +0 -1
- package/dist/better-auth/plugin/payload/components/passkeys/types.d.ts +0 -22
- package/dist/better-auth/plugin/payload/components/passkeys/types.js +0 -3
- package/dist/better-auth/plugin/payload/components/passkeys/types.js.map +0 -1
- package/dist/better-auth/plugin/payload/components/rsc-redirect.d.ts +0 -6
- package/dist/better-auth/plugin/payload/components/rsc-redirect.js +0 -7
- package/dist/better-auth/plugin/payload/components/rsc-redirect.js.map +0 -1
- package/dist/better-auth/plugin/payload/components/social-provider-buttons/index.d.ts +0 -15
- package/dist/better-auth/plugin/payload/components/social-provider-buttons/index.js +0 -157
- package/dist/better-auth/plugin/payload/components/social-provider-buttons/index.js.map +0 -1
- package/dist/better-auth/plugin/payload/components/token-field.d.ts +0 -4
- package/dist/better-auth/plugin/payload/components/token-field.js +0 -31
- package/dist/better-auth/plugin/payload/components/token-field.js.map +0 -1
- package/dist/better-auth/plugin/payload/components/two-factor-auth/index.d.ts +0 -8
- package/dist/better-auth/plugin/payload/components/two-factor-auth/index.js +0 -300
- package/dist/better-auth/plugin/payload/components/two-factor-auth/index.js.map +0 -1
- package/dist/better-auth/plugin/payload/exports/client.d.ts +0 -6
- package/dist/better-auth/plugin/payload/exports/client.js +0 -8
- package/dist/better-auth/plugin/payload/exports/client.js.map +0 -1
- package/dist/better-auth/plugin/payload/exports/rsc.d.ts +0 -8
- package/dist/better-auth/plugin/payload/exports/rsc.js +0 -10
- package/dist/better-auth/plugin/payload/exports/rsc.js.map +0 -1
- package/dist/better-auth/plugin/payload/utils/generate-admin-invite-url.d.ts +0 -2
- package/dist/better-auth/plugin/payload/utils/generate-admin-invite-url.js +0 -9
- package/dist/better-auth/plugin/payload/utils/generate-admin-invite-url.js.map +0 -1
- package/dist/better-auth/plugin/payload/utils/get-safe-redirect.d.ts +0 -1
- package/dist/better-auth/plugin/payload/utils/get-safe-redirect.js +0 -22
- package/dist/better-auth/plugin/payload/utils/get-safe-redirect.js.map +0 -1
- package/dist/better-auth/plugin/payload/views/admin-login/client.d.ts +0 -19
- package/dist/better-auth/plugin/payload/views/admin-login/client.js +0 -226
- package/dist/better-auth/plugin/payload/views/admin-login/client.js.map +0 -1
- package/dist/better-auth/plugin/payload/views/admin-login/index.d.ts +0 -10
- package/dist/better-auth/plugin/payload/views/admin-login/index.js +0 -150
- package/dist/better-auth/plugin/payload/views/admin-login/index.js.map +0 -1
- package/dist/better-auth/plugin/payload/views/admin-signup/client.d.ts +0 -16
- package/dist/better-auth/plugin/payload/views/admin-signup/client.js +0 -299
- package/dist/better-auth/plugin/payload/views/admin-signup/client.js.map +0 -1
- package/dist/better-auth/plugin/payload/views/admin-signup/index.d.ts +0 -9
- package/dist/better-auth/plugin/payload/views/admin-signup/index.js +0 -104
- package/dist/better-auth/plugin/payload/views/admin-signup/index.js.map +0 -1
- package/dist/better-auth/plugin/payload/views/forgot-password/client.d.ts +0 -7
- package/dist/better-auth/plugin/payload/views/forgot-password/client.js +0 -119
- package/dist/better-auth/plugin/payload/views/forgot-password/client.js.map +0 -1
- package/dist/better-auth/plugin/payload/views/forgot-password/index.d.ts +0 -8
- package/dist/better-auth/plugin/payload/views/forgot-password/index.js +0 -78
- package/dist/better-auth/plugin/payload/views/forgot-password/index.js.map +0 -1
- package/dist/better-auth/plugin/payload/views/reset-password/client.d.ts +0 -10
- package/dist/better-auth/plugin/payload/views/reset-password/client.js +0 -144
- package/dist/better-auth/plugin/payload/views/reset-password/client.js.map +0 -1
- package/dist/better-auth/plugin/payload/views/reset-password/index.d.ts +0 -8
- package/dist/better-auth/plugin/payload/views/reset-password/index.js +0 -96
- package/dist/better-auth/plugin/payload/views/reset-password/index.js.map +0 -1
- package/dist/better-auth/plugin/payload/views/two-factor-verify/client.d.ts +0 -6
- package/dist/better-auth/plugin/payload/views/two-factor-verify/client.js +0 -96
- package/dist/better-auth/plugin/payload/views/two-factor-verify/client.js.map +0 -1
- package/dist/better-auth/plugin/payload/views/two-factor-verify/index.d.ts +0 -9
- package/dist/better-auth/plugin/payload/views/two-factor-verify/index.js +0 -56
- package/dist/better-auth/plugin/payload/views/two-factor-verify/index.js.map +0 -1
- package/dist/better-auth/plugin/types.d.ts +0 -429
- package/dist/better-auth/plugin/types.js +0 -3
- package/dist/better-auth/plugin/types.js.map +0 -1
- package/dist/better-auth/plugin/utils/set.d.ts +0 -39
- package/dist/better-auth/plugin/utils/set.js +0 -103
- package/dist/better-auth/plugin/utils/set.js.map +0 -1
- package/dist/better-auth/scripts/generate-types.d.ts +0 -1
- package/dist/better-auth/scripts/generate-types.js +0 -234
- package/dist/better-auth/scripts/generate-types.js.map +0 -1
- package/dist/better-auth/types.d.ts +0 -2
- package/dist/better-auth/types.js +0 -4
- package/dist/better-auth/types.js.map +0 -1
- package/dist/index.js.map +0 -1
- package/dist/shared/components/icons.d.ts +0 -7
- package/dist/shared/components/icons.js +0 -442
- package/dist/shared/components/icons.js.map +0 -1
- package/dist/shared/components/logo.d.ts +0 -3
- package/dist/shared/components/logo.js +0 -24
- package/dist/shared/components/logo.js.map +0 -1
- package/dist/shared/form/components/submit.d.ts +0 -7
- package/dist/shared/form/components/submit.js +0 -16
- package/dist/shared/form/components/submit.js.map +0 -1
- package/dist/shared/form/fields/text-field.d.ts +0 -8
- package/dist/shared/form/fields/text-field.js +0 -37
- package/dist/shared/form/fields/text-field.js.map +0 -1
- package/dist/shared/form/index.d.ts +0 -4
- package/dist/shared/form/index.js +0 -8
- package/dist/shared/form/index.js.map +0 -1
- package/dist/shared/form/ui/header/index.d.ts +0 -8
- package/dist/shared/form/ui/header/index.js +0 -24
- package/dist/shared/form/ui/header/index.js.map +0 -1
- package/dist/shared/form/ui/index.d.ts +0 -31
- package/dist/shared/form/ui/index.js +0 -57
- package/dist/shared/form/ui/index.js.map +0 -1
- package/dist/shared/form/validation.d.ts +0 -51
- package/dist/shared/form/validation.js +0 -127
- package/dist/shared/form/validation.js.map +0 -1
- package/dist/shared/index.d.ts +0 -2
- package/dist/shared/index.js +0 -4
- package/dist/shared/index.js.map +0 -1
- package/dist/shared/payload/fields/field-copy-button/index.d.ts +0 -3
- package/dist/shared/payload/fields/field-copy-button/index.js +0 -38
- package/dist/shared/payload/fields/field-copy-button/index.js.map +0 -1
- package/dist/shared/payload/fields/generate-uuid-button/index.d.ts +0 -3
- package/dist/shared/payload/fields/generate-uuid-button/index.js +0 -26
- package/dist/shared/payload/fields/generate-uuid-button/index.js.map +0 -1
- package/dist/shared/payload/fields/index.d.ts +0 -2
- package/dist/shared/payload/fields/index.js +0 -4
- package/dist/shared/payload/fields/index.js.map +0 -1
- package/dist/shared/utils/regex.d.ts +0 -2
- package/dist/shared/utils/regex.js +0 -4
- package/dist/shared/utils/regex.js.map +0 -1
- package/dist/shared/utils/try-catch.d.ts +0 -11
- package/dist/shared/utils/try-catch.js +0 -17
- package/dist/shared/utils/try-catch.js.map +0 -1
- package/dist/shared/utils/value-or-default.d.ts +0 -9
- package/dist/shared/utils/value-or-default.js +0 -12
- package/dist/shared/utils/value-or-default.js.map +0 -1
|
@@ -0,0 +1,232 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Password Reset Utilities
|
|
3
|
+
*
|
|
4
|
+
* Token generation and validation for password reset flows.
|
|
5
|
+
* Tokens are stored in the database with expiry and single-use enforcement.
|
|
6
|
+
*/
|
|
7
|
+
import crypto from 'node:crypto';
|
|
8
|
+
import { logger } from '@revealui/core/observability/logger';
|
|
9
|
+
import { getClient } from '@revealui/db/client';
|
|
10
|
+
import { passwordResetTokens, sessions, users } from '@revealui/db/schema';
|
|
11
|
+
import bcrypt from 'bcryptjs';
|
|
12
|
+
import { and, eq, gt, isNull } from 'drizzle-orm';
|
|
13
|
+
const TOKEN_EXPIRY_MS = 15 * 60 * 1000; // 15 minutes
|
|
14
|
+
/**
|
|
15
|
+
* Hash a token using HMAC-SHA256 with a per-token salt.
|
|
16
|
+
* The salt is stored in the DB alongside the hash; this defeats rainbow
|
|
17
|
+
* table attacks even if the database is fully compromised.
|
|
18
|
+
*
|
|
19
|
+
* @param token - Plain-text token
|
|
20
|
+
* @param salt - 16-byte random salt (hex string)
|
|
21
|
+
*/
|
|
22
|
+
function hashToken(token, salt) {
|
|
23
|
+
return crypto.createHmac('sha256', salt).update(token).digest('hex');
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Generate a 16-byte random salt (hex string).
|
|
27
|
+
*/
|
|
28
|
+
function generateSalt() {
|
|
29
|
+
return crypto.randomBytes(16).toString('hex');
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Generates a password reset token for a user
|
|
33
|
+
*
|
|
34
|
+
* @param email - User email
|
|
35
|
+
* @returns Reset token and expiry
|
|
36
|
+
*/
|
|
37
|
+
export async function generatePasswordResetToken(email) {
|
|
38
|
+
try {
|
|
39
|
+
const db = getClient();
|
|
40
|
+
// Find user by email
|
|
41
|
+
const [user] = await db.select().from(users).where(eq(users.email, email)).limit(1);
|
|
42
|
+
if (!user) {
|
|
43
|
+
// Don't reveal if user exists (security best practice)
|
|
44
|
+
return {
|
|
45
|
+
success: true,
|
|
46
|
+
token: crypto.randomBytes(32).toString('hex'),
|
|
47
|
+
};
|
|
48
|
+
}
|
|
49
|
+
// Invalidate any existing unused reset tokens for this user before creating a new one.
|
|
50
|
+
// This limits active tokens to one per user, preventing table accumulation that would
|
|
51
|
+
// slow the time-bounded full-table scan in validatePasswordResetToken.
|
|
52
|
+
await db
|
|
53
|
+
.update(passwordResetTokens)
|
|
54
|
+
.set({ usedAt: new Date() })
|
|
55
|
+
.where(and(eq(passwordResetTokens.userId, user.id), isNull(passwordResetTokens.usedAt)));
|
|
56
|
+
// Generate secure token with per-token salt
|
|
57
|
+
const token = crypto.randomBytes(32).toString('hex');
|
|
58
|
+
const tokenSalt = generateSalt();
|
|
59
|
+
const tokenHash = hashToken(token, tokenSalt);
|
|
60
|
+
const expiresAt = new Date(Date.now() + TOKEN_EXPIRY_MS);
|
|
61
|
+
const id = crypto.randomUUID();
|
|
62
|
+
// Store hashed token + salt in database (salt is not secret, just unique)
|
|
63
|
+
await db.insert(passwordResetTokens).values({
|
|
64
|
+
id,
|
|
65
|
+
userId: user.id,
|
|
66
|
+
tokenHash,
|
|
67
|
+
tokenSalt,
|
|
68
|
+
expiresAt,
|
|
69
|
+
});
|
|
70
|
+
return {
|
|
71
|
+
success: true,
|
|
72
|
+
token,
|
|
73
|
+
tokenId: id,
|
|
74
|
+
};
|
|
75
|
+
}
|
|
76
|
+
catch (error) {
|
|
77
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
78
|
+
const isSchemaError = errorMessage.includes('column') ||
|
|
79
|
+
errorMessage.includes('relation') ||
|
|
80
|
+
errorMessage.includes('does not exist');
|
|
81
|
+
if (isSchemaError) {
|
|
82
|
+
logger.error('Password reset token generation failed due to DB schema mismatch. ' +
|
|
83
|
+
'Ensure migration 0006_add_password_reset_token_salt.sql has been applied.', error instanceof Error ? error : new Error(String(error)));
|
|
84
|
+
}
|
|
85
|
+
else {
|
|
86
|
+
logger.error('Error generating password reset token', error instanceof Error ? error : new Error(String(error)));
|
|
87
|
+
}
|
|
88
|
+
return {
|
|
89
|
+
success: false,
|
|
90
|
+
error: 'Failed to generate reset token',
|
|
91
|
+
};
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
/**
|
|
95
|
+
* Validates a password reset token
|
|
96
|
+
*
|
|
97
|
+
* Uses O(1) lookup by token ID, then verifies the token hash with timingSafeEqual
|
|
98
|
+
* against the single matching row.
|
|
99
|
+
*
|
|
100
|
+
* @param tokenId - Token row ID (from the reset URL)
|
|
101
|
+
* @param token - Reset token (plain text, from the reset URL)
|
|
102
|
+
* @returns User ID if valid, null otherwise
|
|
103
|
+
*/
|
|
104
|
+
export async function validatePasswordResetToken(tokenId, token) {
|
|
105
|
+
try {
|
|
106
|
+
const db = getClient();
|
|
107
|
+
// O(1) lookup by primary key, filtered to unexpired and unused tokens
|
|
108
|
+
const [entry] = await db
|
|
109
|
+
.select()
|
|
110
|
+
.from(passwordResetTokens)
|
|
111
|
+
.where(and(eq(passwordResetTokens.id, tokenId), gt(passwordResetTokens.expiresAt, new Date()), isNull(passwordResetTokens.usedAt)))
|
|
112
|
+
.limit(1);
|
|
113
|
+
if (!entry) {
|
|
114
|
+
return null;
|
|
115
|
+
}
|
|
116
|
+
// Verify the token hash using timing-safe comparison
|
|
117
|
+
const expectedHash = hashToken(token, entry.tokenSalt);
|
|
118
|
+
const expectedBuf = Buffer.from(expectedHash);
|
|
119
|
+
const actualBuf = Buffer.from(entry.tokenHash);
|
|
120
|
+
if (expectedBuf.length === actualBuf.length && crypto.timingSafeEqual(expectedBuf, actualBuf)) {
|
|
121
|
+
return entry.userId;
|
|
122
|
+
}
|
|
123
|
+
return null;
|
|
124
|
+
}
|
|
125
|
+
catch (error) {
|
|
126
|
+
logger.error('Error validating password reset token', error instanceof Error ? error : new Error(String(error)));
|
|
127
|
+
return null;
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
/**
|
|
131
|
+
* Resets password using a token
|
|
132
|
+
*
|
|
133
|
+
* Uses O(1) lookup by token ID, then verifies the token hash.
|
|
134
|
+
*
|
|
135
|
+
* @param tokenId - Token row ID (from the reset URL)
|
|
136
|
+
* @param token - Reset token (plain text, from the reset URL)
|
|
137
|
+
* @param newPassword - New password
|
|
138
|
+
* @returns Success result
|
|
139
|
+
*/
|
|
140
|
+
export async function resetPasswordWithToken(tokenId, token, newPassword) {
|
|
141
|
+
try {
|
|
142
|
+
const db = getClient();
|
|
143
|
+
// O(1) lookup by primary key, filtered to unexpired and unused tokens
|
|
144
|
+
const [entry] = await db
|
|
145
|
+
.select()
|
|
146
|
+
.from(passwordResetTokens)
|
|
147
|
+
.where(and(eq(passwordResetTokens.id, tokenId), gt(passwordResetTokens.expiresAt, new Date()), isNull(passwordResetTokens.usedAt)))
|
|
148
|
+
.limit(1);
|
|
149
|
+
if (!entry) {
|
|
150
|
+
return {
|
|
151
|
+
success: false,
|
|
152
|
+
error: 'Invalid or expired reset token',
|
|
153
|
+
};
|
|
154
|
+
}
|
|
155
|
+
// Verify the token hash using timing-safe comparison
|
|
156
|
+
const expectedHash = hashToken(token, entry.tokenSalt);
|
|
157
|
+
const expectedBuf = Buffer.from(expectedHash);
|
|
158
|
+
const actualBuf = Buffer.from(entry.tokenHash);
|
|
159
|
+
if (!(expectedBuf.length === actualBuf.length && crypto.timingSafeEqual(expectedBuf, actualBuf))) {
|
|
160
|
+
return {
|
|
161
|
+
success: false,
|
|
162
|
+
error: 'Invalid or expired reset token',
|
|
163
|
+
};
|
|
164
|
+
}
|
|
165
|
+
// Validate password strength
|
|
166
|
+
const { validatePasswordStrength } = await import('./password-validation.js');
|
|
167
|
+
const passwordValidation = validatePasswordStrength(newPassword);
|
|
168
|
+
if (!passwordValidation.valid) {
|
|
169
|
+
return {
|
|
170
|
+
success: false,
|
|
171
|
+
error: passwordValidation.errors.join('. '),
|
|
172
|
+
};
|
|
173
|
+
}
|
|
174
|
+
// Hash new password
|
|
175
|
+
const password = await bcrypt.hash(newPassword, 12);
|
|
176
|
+
// Update user password
|
|
177
|
+
await db.update(users).set({ password }).where(eq(users.id, entry.userId));
|
|
178
|
+
// Invalidate all existing sessions for this user so any attacker who had
|
|
179
|
+
// a compromised session can no longer use it after the password change.
|
|
180
|
+
await db.delete(sessions).where(eq(sessions.userId, entry.userId));
|
|
181
|
+
// Mark token as used (single-use enforcement)
|
|
182
|
+
await db
|
|
183
|
+
.update(passwordResetTokens)
|
|
184
|
+
.set({ usedAt: new Date() })
|
|
185
|
+
.where(eq(passwordResetTokens.id, entry.id));
|
|
186
|
+
return {
|
|
187
|
+
success: true,
|
|
188
|
+
};
|
|
189
|
+
}
|
|
190
|
+
catch (error) {
|
|
191
|
+
logger.error('Error resetting password', error instanceof Error ? error : new Error(String(error)));
|
|
192
|
+
return {
|
|
193
|
+
success: false,
|
|
194
|
+
error: 'Failed to reset password',
|
|
195
|
+
};
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
/**
|
|
199
|
+
* Invalidates a password reset token
|
|
200
|
+
*
|
|
201
|
+
* Uses O(1) lookup by token ID, then verifies the token hash before marking as used.
|
|
202
|
+
*
|
|
203
|
+
* @param tokenId - Token row ID (from the reset URL)
|
|
204
|
+
* @param token - Reset token (plain text, from the reset URL)
|
|
205
|
+
*/
|
|
206
|
+
export async function invalidatePasswordResetToken(tokenId, token) {
|
|
207
|
+
try {
|
|
208
|
+
const db = getClient();
|
|
209
|
+
// O(1) lookup by primary key
|
|
210
|
+
const [entry] = await db
|
|
211
|
+
.select()
|
|
212
|
+
.from(passwordResetTokens)
|
|
213
|
+
.where(and(eq(passwordResetTokens.id, tokenId), gt(passwordResetTokens.expiresAt, new Date()), isNull(passwordResetTokens.usedAt)))
|
|
214
|
+
.limit(1);
|
|
215
|
+
if (!entry) {
|
|
216
|
+
return;
|
|
217
|
+
}
|
|
218
|
+
// Verify the token hash before invalidating
|
|
219
|
+
const expectedHash = hashToken(token, entry.tokenSalt);
|
|
220
|
+
const expectedBuf = Buffer.from(expectedHash);
|
|
221
|
+
const actualBuf = Buffer.from(entry.tokenHash);
|
|
222
|
+
if (expectedBuf.length === actualBuf.length && crypto.timingSafeEqual(expectedBuf, actualBuf)) {
|
|
223
|
+
await db
|
|
224
|
+
.update(passwordResetTokens)
|
|
225
|
+
.set({ usedAt: new Date() })
|
|
226
|
+
.where(eq(passwordResetTokens.id, entry.id));
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
catch (error) {
|
|
230
|
+
logger.error('Error invalidating password reset token', error instanceof Error ? error : new Error(String(error)));
|
|
231
|
+
}
|
|
232
|
+
}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Password Validation Utilities
|
|
3
|
+
*
|
|
4
|
+
* Password strength validation and requirements.
|
|
5
|
+
*/
|
|
6
|
+
export interface PasswordValidationResult {
|
|
7
|
+
valid: boolean;
|
|
8
|
+
errors: string[];
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Validates password strength
|
|
12
|
+
*
|
|
13
|
+
* @param password - Password to validate
|
|
14
|
+
* @returns Validation result with errors
|
|
15
|
+
*/
|
|
16
|
+
export declare function validatePasswordStrength(password: string): PasswordValidationResult;
|
|
17
|
+
/**
|
|
18
|
+
* Checks if password meets minimum requirements (length only)
|
|
19
|
+
* Used for less strict validation
|
|
20
|
+
*
|
|
21
|
+
* @param password - Password to check
|
|
22
|
+
* @returns True if meets minimum requirements
|
|
23
|
+
*/
|
|
24
|
+
export declare function meetsMinimumPasswordRequirements(password: string): boolean;
|
|
25
|
+
//# sourceMappingURL=password-validation.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"password-validation.d.ts","sourceRoot":"","sources":["../../src/server/password-validation.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,OAAO,CAAA;IACd,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,MAAM,GAAG,wBAAwB,CAgCnF;AAED;;;;;;GAMG;AACH,wBAAgB,gCAAgC,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE1E"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Password Validation Utilities
|
|
3
|
+
*
|
|
4
|
+
* Password strength validation and requirements.
|
|
5
|
+
*/
|
|
6
|
+
/**
|
|
7
|
+
* Validates password strength
|
|
8
|
+
*
|
|
9
|
+
* @param password - Password to validate
|
|
10
|
+
* @returns Validation result with errors
|
|
11
|
+
*/
|
|
12
|
+
export function validatePasswordStrength(password) {
|
|
13
|
+
const errors = [];
|
|
14
|
+
if (password.length < 8) {
|
|
15
|
+
errors.push('Password must be at least 8 characters long');
|
|
16
|
+
}
|
|
17
|
+
if (password.length > 128) {
|
|
18
|
+
errors.push('Password must be less than 128 characters');
|
|
19
|
+
}
|
|
20
|
+
if (!/[a-z]/.test(password)) {
|
|
21
|
+
errors.push('Password must contain at least one lowercase letter');
|
|
22
|
+
}
|
|
23
|
+
if (!/[A-Z]/.test(password)) {
|
|
24
|
+
errors.push('Password must contain at least one uppercase letter');
|
|
25
|
+
}
|
|
26
|
+
if (!/[0-9]/.test(password)) {
|
|
27
|
+
errors.push('Password must contain at least one number');
|
|
28
|
+
}
|
|
29
|
+
// Optional: special characters (not too strict)
|
|
30
|
+
// if (!/[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(password)) {
|
|
31
|
+
// errors.push('Password must contain at least one special character')
|
|
32
|
+
// }
|
|
33
|
+
return {
|
|
34
|
+
valid: errors.length === 0,
|
|
35
|
+
errors,
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Checks if password meets minimum requirements (length only)
|
|
40
|
+
* Used for less strict validation
|
|
41
|
+
*
|
|
42
|
+
* @param password - Password to check
|
|
43
|
+
* @returns True if meets minimum requirements
|
|
44
|
+
*/
|
|
45
|
+
export function meetsMinimumPasswordRequirements(password) {
|
|
46
|
+
return password.length >= 8 && password.length <= 128;
|
|
47
|
+
}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GitHub OAuth Provider
|
|
3
|
+
*
|
|
4
|
+
* Uses native fetch — no additional npm dependencies.
|
|
5
|
+
* Scopes: read:user user:email
|
|
6
|
+
*
|
|
7
|
+
* Note: GitHub may return null email if user has set it private.
|
|
8
|
+
* In that case we fetch from /user/emails and pick the primary verified one.
|
|
9
|
+
*/
|
|
10
|
+
import type { ProviderUser } from '../oauth.js';
|
|
11
|
+
export declare function buildAuthUrl(clientId: string, redirectUri: string, state: string): string;
|
|
12
|
+
export declare function exchangeCode(code: string, redirectUri: string): Promise<string>;
|
|
13
|
+
export declare function fetchUser(accessToken: string): Promise<ProviderUser>;
|
|
14
|
+
//# sourceMappingURL=github.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../../src/server/providers/github.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAE/C,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAOzF;AAED,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA4BrF;AAED,wBAAsB,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CA2C1E"}
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GitHub OAuth Provider
|
|
3
|
+
*
|
|
4
|
+
* Uses native fetch — no additional npm dependencies.
|
|
5
|
+
* Scopes: read:user user:email
|
|
6
|
+
*
|
|
7
|
+
* Note: GitHub may return null email if user has set it private.
|
|
8
|
+
* In that case we fetch from /user/emails and pick the primary verified one.
|
|
9
|
+
*/
|
|
10
|
+
export function buildAuthUrl(clientId, redirectUri, state) {
|
|
11
|
+
const url = new URL('https://github.com/login/oauth/authorize');
|
|
12
|
+
url.searchParams.set('client_id', clientId);
|
|
13
|
+
url.searchParams.set('redirect_uri', redirectUri);
|
|
14
|
+
url.searchParams.set('scope', 'read:user user:email');
|
|
15
|
+
url.searchParams.set('state', state);
|
|
16
|
+
return url.toString();
|
|
17
|
+
}
|
|
18
|
+
export async function exchangeCode(code, redirectUri) {
|
|
19
|
+
const response = await fetch('https://github.com/login/oauth/access_token', {
|
|
20
|
+
method: 'POST',
|
|
21
|
+
headers: {
|
|
22
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
23
|
+
// biome-ignore lint/style/useNamingConvention: HTTP header names are case-sensitive per RFC 7230
|
|
24
|
+
Accept: 'application/json',
|
|
25
|
+
},
|
|
26
|
+
body: new URLSearchParams({
|
|
27
|
+
code,
|
|
28
|
+
client_id: process.env.GITHUB_CLIENT_ID ?? '',
|
|
29
|
+
client_secret: process.env.GITHUB_CLIENT_SECRET ?? '',
|
|
30
|
+
redirect_uri: redirectUri,
|
|
31
|
+
}),
|
|
32
|
+
});
|
|
33
|
+
if (!response.ok) {
|
|
34
|
+
throw new Error(`GitHub token exchange failed: ${response.status}`);
|
|
35
|
+
}
|
|
36
|
+
const data = (await response.json());
|
|
37
|
+
if (data.error) {
|
|
38
|
+
throw new Error(`GitHub token exchange error: ${data.error}`);
|
|
39
|
+
}
|
|
40
|
+
if (!data.access_token || typeof data.access_token !== 'string') {
|
|
41
|
+
throw new Error('GitHub token exchange returned no access_token');
|
|
42
|
+
}
|
|
43
|
+
return data.access_token;
|
|
44
|
+
}
|
|
45
|
+
export async function fetchUser(accessToken) {
|
|
46
|
+
const headers = {
|
|
47
|
+
// biome-ignore lint/style/useNamingConvention: HTTP header names are case-sensitive per RFC 7230
|
|
48
|
+
Authorization: `Bearer ${accessToken}`,
|
|
49
|
+
// biome-ignore lint/style/useNamingConvention: HTTP header names are case-sensitive per RFC 7230
|
|
50
|
+
Accept: 'application/vnd.github+json',
|
|
51
|
+
};
|
|
52
|
+
const userResponse = await fetch('https://api.github.com/user', { headers });
|
|
53
|
+
if (!userResponse.ok) {
|
|
54
|
+
throw new Error(`GitHub user fetch failed: ${userResponse.status}`);
|
|
55
|
+
}
|
|
56
|
+
const user = (await userResponse.json());
|
|
57
|
+
let email = user.email ?? null;
|
|
58
|
+
// Fetch emails if not public
|
|
59
|
+
if (!email) {
|
|
60
|
+
const emailsResponse = await fetch('https://api.github.com/user/emails', { headers });
|
|
61
|
+
if (emailsResponse.ok) {
|
|
62
|
+
const emails = (await emailsResponse.json());
|
|
63
|
+
const primary = emails.find((e) => e.primary && e.verified);
|
|
64
|
+
email = primary?.email ?? null;
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
return {
|
|
68
|
+
id: String(user.id),
|
|
69
|
+
email,
|
|
70
|
+
name: user.name ?? user.login,
|
|
71
|
+
avatarUrl: user.avatar_url ?? null,
|
|
72
|
+
};
|
|
73
|
+
}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Google OAuth 2.0 Provider
|
|
3
|
+
*
|
|
4
|
+
* Uses native fetch — no additional npm dependencies.
|
|
5
|
+
* Scopes: openid email profile
|
|
6
|
+
*/
|
|
7
|
+
import type { ProviderUser } from '../oauth.js';
|
|
8
|
+
export declare function buildAuthUrl(clientId: string, redirectUri: string, state: string): string;
|
|
9
|
+
export declare function exchangeCode(code: string, redirectUri: string): Promise<string>;
|
|
10
|
+
export declare function fetchUser(accessToken: string): Promise<ProviderUser>;
|
|
11
|
+
//# sourceMappingURL=google.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../../src/server/providers/google.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAE/C,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CASzF;AAED,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAsBrF;AAED,wBAAsB,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAuB1E"}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Google OAuth 2.0 Provider
|
|
3
|
+
*
|
|
4
|
+
* Uses native fetch — no additional npm dependencies.
|
|
5
|
+
* Scopes: openid email profile
|
|
6
|
+
*/
|
|
7
|
+
export function buildAuthUrl(clientId, redirectUri, state) {
|
|
8
|
+
const url = new URL('https://accounts.google.com/o/oauth2/v2/auth');
|
|
9
|
+
url.searchParams.set('client_id', clientId);
|
|
10
|
+
url.searchParams.set('redirect_uri', redirectUri);
|
|
11
|
+
url.searchParams.set('response_type', 'code');
|
|
12
|
+
url.searchParams.set('scope', 'openid email profile');
|
|
13
|
+
url.searchParams.set('state', state);
|
|
14
|
+
url.searchParams.set('access_type', 'online');
|
|
15
|
+
return url.toString();
|
|
16
|
+
}
|
|
17
|
+
export async function exchangeCode(code, redirectUri) {
|
|
18
|
+
const response = await fetch('https://oauth2.googleapis.com/token', {
|
|
19
|
+
method: 'POST',
|
|
20
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
21
|
+
body: new URLSearchParams({
|
|
22
|
+
code,
|
|
23
|
+
client_id: process.env.GOOGLE_CLIENT_ID ?? '',
|
|
24
|
+
client_secret: process.env.GOOGLE_CLIENT_SECRET ?? '',
|
|
25
|
+
redirect_uri: redirectUri,
|
|
26
|
+
grant_type: 'authorization_code',
|
|
27
|
+
}),
|
|
28
|
+
});
|
|
29
|
+
if (!response.ok) {
|
|
30
|
+
throw new Error(`Google token exchange failed: ${response.status}`);
|
|
31
|
+
}
|
|
32
|
+
const data = (await response.json());
|
|
33
|
+
if (!data.access_token || typeof data.access_token !== 'string') {
|
|
34
|
+
throw new Error('Google token exchange returned no access_token');
|
|
35
|
+
}
|
|
36
|
+
return data.access_token;
|
|
37
|
+
}
|
|
38
|
+
export async function fetchUser(accessToken) {
|
|
39
|
+
const response = await fetch('https://openidconnect.googleapis.com/v1/userinfo', {
|
|
40
|
+
// biome-ignore lint/style/useNamingConvention: HTTP header names are case-sensitive per RFC 7230
|
|
41
|
+
headers: { Authorization: `Bearer ${accessToken}` },
|
|
42
|
+
});
|
|
43
|
+
if (!response.ok) {
|
|
44
|
+
throw new Error(`Google userinfo fetch failed: ${response.status}`);
|
|
45
|
+
}
|
|
46
|
+
const data = (await response.json());
|
|
47
|
+
return {
|
|
48
|
+
id: data.sub,
|
|
49
|
+
email: data.email ?? null,
|
|
50
|
+
name: data.name ?? 'Google User',
|
|
51
|
+
avatarUrl: data.picture ?? null,
|
|
52
|
+
};
|
|
53
|
+
}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Vercel OAuth Provider
|
|
3
|
+
*
|
|
4
|
+
* Uses native fetch — no additional npm dependencies.
|
|
5
|
+
* No scopes required — Vercel uses full access by default.
|
|
6
|
+
*/
|
|
7
|
+
import type { ProviderUser } from '../oauth.js';
|
|
8
|
+
export declare function buildAuthUrl(clientId: string, redirectUri: string, state: string): string;
|
|
9
|
+
export declare function exchangeCode(code: string, redirectUri: string): Promise<string>;
|
|
10
|
+
export declare function fetchUser(accessToken: string): Promise<ProviderUser>;
|
|
11
|
+
//# sourceMappingURL=vercel.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"vercel.d.ts","sourceRoot":"","sources":["../../../src/server/providers/vercel.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAE/C,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAMzF;AAED,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAkBrF;AAED,wBAAsB,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CA2B1E"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Vercel OAuth Provider
|
|
3
|
+
*
|
|
4
|
+
* Uses native fetch — no additional npm dependencies.
|
|
5
|
+
* No scopes required — Vercel uses full access by default.
|
|
6
|
+
*/
|
|
7
|
+
export function buildAuthUrl(clientId, redirectUri, state) {
|
|
8
|
+
const url = new URL('https://vercel.com/oauth/authorize');
|
|
9
|
+
url.searchParams.set('client_id', clientId);
|
|
10
|
+
url.searchParams.set('redirect_uri', redirectUri);
|
|
11
|
+
url.searchParams.set('state', state);
|
|
12
|
+
return url.toString();
|
|
13
|
+
}
|
|
14
|
+
export async function exchangeCode(code, redirectUri) {
|
|
15
|
+
const response = await fetch('https://api.vercel.com/v2/oauth/access_token', {
|
|
16
|
+
method: 'POST',
|
|
17
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
18
|
+
body: new URLSearchParams({
|
|
19
|
+
code,
|
|
20
|
+
client_id: process.env.VERCEL_CLIENT_ID ?? '',
|
|
21
|
+
client_secret: process.env.VERCEL_CLIENT_SECRET ?? '',
|
|
22
|
+
redirect_uri: redirectUri,
|
|
23
|
+
}),
|
|
24
|
+
});
|
|
25
|
+
if (!response.ok) {
|
|
26
|
+
throw new Error(`Vercel token exchange failed: ${response.status}`);
|
|
27
|
+
}
|
|
28
|
+
const data = (await response.json());
|
|
29
|
+
return data.access_token;
|
|
30
|
+
}
|
|
31
|
+
export async function fetchUser(accessToken) {
|
|
32
|
+
const response = await fetch('https://api.vercel.com/v2/user', {
|
|
33
|
+
// biome-ignore lint/style/useNamingConvention: HTTP header names are case-sensitive per RFC 7230
|
|
34
|
+
headers: { Authorization: `Bearer ${accessToken}` },
|
|
35
|
+
});
|
|
36
|
+
if (!response.ok) {
|
|
37
|
+
throw new Error(`Vercel user fetch failed: ${response.status}`);
|
|
38
|
+
}
|
|
39
|
+
const data = (await response.json());
|
|
40
|
+
const u = data.user;
|
|
41
|
+
return {
|
|
42
|
+
id: u.id,
|
|
43
|
+
email: u.email,
|
|
44
|
+
name: u.name ?? u.username ?? 'Vercel User',
|
|
45
|
+
avatarUrl: u.avatar ? `https://avatar.vercel.sh/${u.avatar}` : null,
|
|
46
|
+
};
|
|
47
|
+
}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Rate Limiting Utilities
|
|
3
|
+
*
|
|
4
|
+
* Rate limiting for authentication endpoints using storage abstraction.
|
|
5
|
+
* Supports in-memory (dev), Redis (production), or database (fallback).
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* Rate limit configuration
|
|
9
|
+
*/
|
|
10
|
+
export interface RateLimitConfig {
|
|
11
|
+
maxAttempts: number;
|
|
12
|
+
windowMs: number;
|
|
13
|
+
blockDurationMs?: number;
|
|
14
|
+
}
|
|
15
|
+
/**
|
|
16
|
+
* Checks if an action should be rate limited
|
|
17
|
+
*
|
|
18
|
+
* @param key - Rate limit key (e.g., email, IP address)
|
|
19
|
+
* @param config - Rate limit configuration
|
|
20
|
+
* @returns Rate limit result
|
|
21
|
+
*/
|
|
22
|
+
export declare function checkRateLimit(key: string, config?: RateLimitConfig): Promise<{
|
|
23
|
+
allowed: boolean;
|
|
24
|
+
remaining: number;
|
|
25
|
+
resetAt: number;
|
|
26
|
+
}>;
|
|
27
|
+
/**
|
|
28
|
+
* Resets rate limit for a key
|
|
29
|
+
*
|
|
30
|
+
* @param key - Rate limit key
|
|
31
|
+
*/
|
|
32
|
+
export declare function resetRateLimit(key: string): Promise<void>;
|
|
33
|
+
/**
|
|
34
|
+
* Gets rate limit status for a key
|
|
35
|
+
*
|
|
36
|
+
* @param key - Rate limit key
|
|
37
|
+
* @param config - Rate limit configuration
|
|
38
|
+
* @returns Rate limit status
|
|
39
|
+
*/
|
|
40
|
+
export declare function getRateLimitStatus(key: string, config?: RateLimitConfig): Promise<{
|
|
41
|
+
count: number;
|
|
42
|
+
remaining: number;
|
|
43
|
+
resetAt: number;
|
|
44
|
+
}>;
|
|
45
|
+
//# sourceMappingURL=rate-limit.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/server/rate-limit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AASH;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,MAAM,CAAA;IAChB,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AAqCD;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,MAAM,EACX,MAAM,GAAE,eAAgC,GACvC,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAuDnE;AAED;;;;GAIG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAI/D;AAED;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,MAAM,EACX,MAAM,GAAE,eAAgC,GACvC,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAqBhE"}
|