@revealui/auth 0.2.0 → 0.3.0

package/dist/types.js

@@ -2,7 +2,7 @@
  * Auth Types
  *
  * Type definitions for authentication system.
- * Uses concrete interfaces instead of z.infer<> aliases to ensure
- * ESLint type-checked rules can resolve all types.
+ * Uses concrete interfaces instead of z.infer<> aliases for
+ * clear type definitions and better IDE support.
  */
 export {};

package/dist/utils/database.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../src/utils/database.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAA;AAEhD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,EAAE,MAAM,CAAA;CACzB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,CAU3C;AAED;;GAEG;AACH,wBAAgB,wBAAwB,2CAMvC;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAmBtE;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CA0B7E;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,SAAS,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,GAC3B,OAAO,CAAC,OAAO,CAAC,CAsBlB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAKxE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAStF;AAED;;GAEG;AACH,wBAAsB,0BAA0B,CAC9C,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CASf;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,aAAa,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,EAC7B,gBAAgB,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,GAClC,OAAO,CAAC;IAAE,IAAI,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC,CAI3C"}
+{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../src/utils/database.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAEjD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,CAU3C;AAED;;GAEG;AACH,wBAAgB,wBAAwB,2CAMvC;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAmBtE;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CA+B7E;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,SAAS,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,GAC3B,OAAO,CAAC,OAAO,CAAC,CAuBlB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CASxE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAStF;AAED;;GAEG;AACH,wBAAsB,0BAA0B,CAC9C,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CASf;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,aAAa,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,EAC7B,gBAAgB,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,GAClC,OAAO,CAAC;IAAE,IAAI,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC,CAI3C"}

package/dist/utils/database.js

@@ -6,7 +6,7 @@
  */
 import { getClient } from '@revealui/db/client';
 import { sessions, users } from '@revealui/db/schema';
-import { eq } from 'drizzle-orm';
+import { and, eq, isNull } from 'drizzle-orm';
 /**
  * Gets the test database connection string from environment variables
  */
@@ -66,6 +66,11 @@ export async function createTestUser(overrides) {
         agentModel: null,
         agentCapabilities: null,
         agentConfig: null,
+        emailVerified: false,
+        emailVerificationToken: null,
+        emailVerifiedAt: null,
+        mfaEnabled: false,
+        mfaVerifiedAt: null,
         preferences: null,
         createdAt: new Date(),
         updatedAt: new Date(),
@@ -93,6 +98,7 @@ export async function createTestSession(userId, overrides) {
         persistent: overrides?.persistent ?? null,
         lastActivityAt: overrides?.lastActivityAt || new Date(),
         createdAt: overrides?.createdAt || new Date(),
+        metadata: overrides?.metadata ?? null,
     };
     await db.insert(sessions).values(testSession);
     return testSession;
@@ -102,7 +108,11 @@ export async function createTestSession(userId, overrides) {
  */
 export async function getUserByEmail(email) {
     const db = getClient();
-    const result = await db.select().from(users).where(eq(users.email, email)).limit(1);
+    const result = await db
+        .select()
+        .from(users)
+        .where(and(eq(users.email, email), isNull(users.deletedAt)))
+        .limit(1);
     const user = result[0];
     return user ?? null;
 }

package/dist/utils/token.d.ts

@@ -5,7 +5,15 @@
  * Uses SHA-256 for fast hashing (sessions are short-lived).
  */
 /**
- * Hash a session token for storage in database
+ * Hash a session token using SHA-256.
+ *
+ * SHA-256 is appropriate for high-entropy session tokens (256-bit / 32 random bytes).
+ * Unlike passwords (low entropy, user-chosen), these tokens have sufficient keyspace
+ * (~2^256) to make brute-force infeasible even with fast hashes. Using bcrypt/argon2
+ * would add ~100ms latency per request with no meaningful security benefit.
+ *
+ * Security relies on: (1) token entropy >= 128 bits, (2) session expiry enforcement,
+ * (3) token regeneration on privilege changes.
  *
  * @param token - Plain session token
  * @returns Hashed token (SHA-256)

package/dist/utils/token.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../src/utils/token.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAMhE"}
+{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../src/utils/token.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;;;;;;;GAaG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAMhE"}

package/dist/utils/token.js

@@ -6,7 +6,15 @@
  */
 import { createHash, timingSafeEqual } from 'node:crypto';
 /**
- * Hash a session token for storage in database
+ * Hash a session token using SHA-256.
+ *
+ * SHA-256 is appropriate for high-entropy session tokens (256-bit / 32 random bytes).
+ * Unlike passwords (low entropy, user-chosen), these tokens have sufficient keyspace
+ * (~2^256) to make brute-force infeasible even with fast hashes. Using bcrypt/argon2
+ * would add ~100ms latency per request with no meaningful security benefit.
+ *
+ * Security relies on: (1) token entropy >= 128 bits, (2) session expiry enforcement,
+ * (3) token regeneration on privilege changes.
  *
  * @param token - Plain session token
  * @returns Hashed token (SHA-256)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@revealui/auth",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "Authentication system for RevealUI - database-backed sessions with Better Auth patterns",
   "keywords": [
     "auth",
@@ -10,24 +10,35 @@
   ],
   "license": "MIT",
   "dependencies": {
+    "@simplewebauthn/server": "^13.3.0",
     "bcryptjs": "^3.0.3",
     "drizzle-orm": "^0.45.1",
-    "zod": "^4.3.5",
-    "@revealui/config": "0.2.0",
-    "@revealui/contracts": "1.0.0",
-    "@revealui/core": "0.2.0",
-    "@revealui/db": "0.2.0"
+    "zod": "^4.3.6",
+    "@revealui/core": "0.3.0",
+    "@revealui/db": "0.3.0",
+    "@revealui/config": "0.3.0",
+    "@revealui/contracts": "1.2.0"
   },
   "devDependencies": {
+    "@simplewebauthn/browser": "^13.3.0",
+    "@testing-library/react": "^16.3.2",
     "@types/node": "^25.3.0",
     "@types/react": "^19.2.14",
     "@vitest/coverage-v8": "^4.0.18",
+    "happy-dom": "^20.8.4",
     "react": "^19.2.3",
     "typescript": "^5.9.3",
     "vitest": "^4.0.18",
     "dev": "0.0.1"
   },
+  "engines": {
+    "node": ">=24.13.0"
+  },
   "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
     "./server": {
       "types": "./dist/server/index.d.ts",
       "import": "./dist/server/index.js"
@@ -44,22 +55,29 @@
   "files": [
     "dist"
   ],
+  "main": "./dist/index.js",
   "peerDependencies": {
+    "@simplewebauthn/browser": "^13.0.0",
     "react": "^18.0.0 || ^19.0.0"
   },
+  "peerDependenciesMeta": {
+    "@simplewebauthn/browser": {
+      "optional": true
+    }
+  },
   "publishConfig": {
     "access": "public",
     "registry": "https://registry.npmjs.org"
   },
   "type": "module",
+  "types": "./dist/index.d.ts",
   "scripts": {
     "build": "tsc",
     "clean": "rm -rf dist",
     "dev": "tsc --watch",
     "lint": "biome check .",
-    "lint:eslint": "eslint .",
     "test": "vitest run",
-    "test:coverage": "vitest run --coverage",
+    "test:coverage": "vitest run --coverage --coverage.reporter=json-summary --coverage.reporter=html --coverage.reporter=text",
     "test:watch": "vitest",
     "typecheck": "tsc --noEmit"
   }