@revealui/auth 0.3.4 → 0.3.5

package/README.md

@@ -90,6 +90,20 @@ pnpm typecheck
 pnpm test
 ```
 
+## When to Use This
+
+- You need session-based auth with database-backed sessions for a RevealUI app
+- You want built-in brute force protection and rate limiting without external services
+- You need React hooks for client-side session management (`useSession`, `useSignIn`, `useSignOut`)
+- **Not** for OAuth-only flows — use a dedicated OAuth provider and wire tokens through this package
+- **Not** for stateless JWT auth — this package uses database sessions by design
+
+## JOSHUA Alignment
+
+- **Sovereign**: Sessions live in your PostgreSQL database, not a third-party auth service
+- **Hermetic**: HTTP-only, SameSite cookies and SHA-256 token hashing prevent cross-boundary leaks
+- **Justifiable**: Every security layer (bcrypt, progressive lockout, rate limiting) exists because the threat model demands it
+
 ## Related
 
 - [Core Package](../core/README.md) — CMS engine (uses auth for access control)

package/dist/server/password-validation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"password-validation.d.ts","sourceRoot":"","sources":["../../src/server/password-validation.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,MAAM,GAAG,wBAAwB,CAgCnF;AAED;;;;;;GAMG;AACH,wBAAgB,gCAAgC,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE1E"}
+{"version":3,"file":"password-validation.d.ts","sourceRoot":"","sources":["../../src/server/password-validation.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,MAAM,GAAG,wBAAwB,CA2BnF;AAED;;;;;;GAMG;AACH,wBAAgB,gCAAgC,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE1E"}

package/dist/server/password-validation.js

@@ -3,6 +3,15 @@
  *
  * Password strength validation and requirements.
  */
+/** Check if any character in the string falls within the given char code range (inclusive) */
+function hasCharInRange(str, low, high) {
+    for (let i = 0; i < str.length; i++) {
+        const code = str.charCodeAt(i);
+        if (code >= low && code <= high)
+            return true;
+    }
+    return false;
+}
 /**
  * Validates password strength
  *
@@ -17,19 +26,15 @@ export function validatePasswordStrength(password) {
     if (password.length > 128) {
         errors.push('Password must be less than 128 characters');
     }
-    if (!/[a-z]/.test(password)) {
+    if (!hasCharInRange(password, 97, 122)) {
         errors.push('Password must contain at least one lowercase letter');
     }
-    if (!/[A-Z]/.test(password)) {
+    if (!hasCharInRange(password, 65, 90)) {
         errors.push('Password must contain at least one uppercase letter');
     }
-    if (!/[0-9]/.test(password)) {
+    if (!hasCharInRange(password, 48, 57)) {
         errors.push('Password must contain at least one number');
     }
-    // Optional: special characters (not too strict)
-    // if (!/[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(password)) {
-    //   errors.push('Password must contain at least one special character')
-    // }
     return {
         valid: errors.length === 0,
         errors,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@revealui/auth",
-  "version": "0.3.4",
+  "version": "0.3.5",
   "description": "Authentication system for RevealUI - database-backed sessions with Better Auth patterns",
   "keywords": [
     "auth",
@@ -14,10 +14,10 @@
     "bcryptjs": "^3.0.3",
     "drizzle-orm": "^0.45.2",
     "zod": "^4.3.6",
-    "@revealui/core": "0.5.2",
-    "@revealui/db": "0.3.3",
-    "@revealui/contracts": "1.3.3",
-    "@revealui/config": "0.3.0"
+    "@revealui/config": "0.3.1",
+    "@revealui/contracts": "1.3.4",
+    "@revealui/core": "0.5.3",
+    "@revealui/db": "0.3.4"
   },
   "devDependencies": {
     "@simplewebauthn/browser": "^13.3.0",