@rudderjs/auth 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +109 -0
- package/boost/guidelines.md +137 -0
- package/dist/auth-manager.d.ts +40 -0
- package/dist/auth-manager.d.ts.map +1 -0
- package/dist/auth-manager.js +85 -0
- package/dist/auth-manager.js.map +1 -0
- package/dist/contracts.d.ts +27 -0
- package/dist/contracts.d.ts.map +1 -0
- package/dist/contracts.js +3 -0
- package/dist/contracts.js.map +1 -0
- package/dist/gate.d.ts +49 -0
- package/dist/gate.d.ts.map +1 -0
- package/dist/gate.js +181 -0
- package/dist/gate.js.map +1 -0
- package/dist/index.d.ts +41 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +123 -0
- package/dist/index.js.map +1 -0
- package/dist/password-reset.d.ts +56 -0
- package/dist/password-reset.d.ts.map +1 -0
- package/dist/password-reset.js +101 -0
- package/dist/password-reset.js.map +1 -0
- package/dist/providers.d.ts +20 -0
- package/dist/providers.d.ts.map +1 -0
- package/dist/providers.js +41 -0
- package/dist/providers.js.map +1 -0
- package/dist/session-guard.d.ts +21 -0
- package/dist/session-guard.d.ts.map +1 -0
- package/dist/session-guard.js +52 -0
- package/dist/session-guard.js.map +1 -0
- package/dist/verification.d.ts +58 -0
- package/dist/verification.d.ts.map +1 -0
- package/dist/verification.js +93 -0
- package/dist/verification.js.map +1 -0
- package/package.json +57 -0
- package/pages/react/forgot-password/+Page.tsx +64 -0
- package/pages/react/login/+Page.tsx +70 -0
- package/pages/react/login/+guard.ts +15 -0
- package/pages/react/register/+Page.tsx +78 -0
- package/pages/react/register/+guard.ts +15 -0
- package/pages/react/reset-password/+Page.tsx +118 -0
- package/pages/solid/forgot-password/+Page.tsx +62 -0
- package/pages/solid/login/+Page.tsx +66 -0
- package/pages/solid/login/+guard.ts +15 -0
- package/pages/solid/register/+Page.tsx +72 -0
- package/pages/solid/register/+guard.ts +15 -0
- package/pages/solid/reset-password/+Page.tsx +94 -0
- package/pages/vue/forgot-password/+Page.vue +60 -0
- package/pages/vue/login/+Page.vue +63 -0
- package/pages/vue/login/+guard.ts +15 -0
- package/pages/vue/register/+Page.vue +68 -0
- package/pages/vue/register/+guard.ts +15 -0
- package/pages/vue/reset-password/+Page.vue +93 -0
- package/schema/auth.drizzle.mysql.ts +48 -0
- package/schema/auth.drizzle.pg.ts +48 -0
- package/schema/auth.drizzle.sqlite.ts +48 -0
- package/schema/auth.prisma +50 -0
package/dist/gate.js
ADDED
|
@@ -0,0 +1,181 @@
|
|
|
1
|
+
import { currentAuth } from './auth-manager.js';
|
|
2
|
+
// ─── Policy Base Class ────────────────────────────────────
|
|
3
|
+
export class Policy {
|
|
4
|
+
}
|
|
5
|
+
// ─── Gate ─────────────────────────────────────────────────
|
|
6
|
+
export class Gate {
|
|
7
|
+
static _abilities = new Map();
|
|
8
|
+
static _policies = new Map();
|
|
9
|
+
static _beforeCallbacks = [];
|
|
10
|
+
// ── Define abilities ──────────────────────────────────
|
|
11
|
+
static define(ability, callback) {
|
|
12
|
+
this._abilities.set(ability, callback);
|
|
13
|
+
}
|
|
14
|
+
static before(callback) {
|
|
15
|
+
this._beforeCallbacks.push(callback);
|
|
16
|
+
}
|
|
17
|
+
static policy(model, policy) {
|
|
18
|
+
this._policies.set(model, policy);
|
|
19
|
+
}
|
|
20
|
+
// ── Check abilities ───────────────────────────────────
|
|
21
|
+
static async allows(ability, ...args) {
|
|
22
|
+
const user = await this.resolveUser();
|
|
23
|
+
if (!user)
|
|
24
|
+
return false;
|
|
25
|
+
return this._check(user, ability, ...args);
|
|
26
|
+
}
|
|
27
|
+
static async denies(ability, ...args) {
|
|
28
|
+
return !(await this.allows(ability, ...args));
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* Check ability — throw 403 if denied.
|
|
32
|
+
*/
|
|
33
|
+
static async authorize(ability, ...args) {
|
|
34
|
+
if (await this.denies(ability, ...args)) {
|
|
35
|
+
throw new AuthorizationError(`This action is unauthorized. [${ability}]`);
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
// ── Scoped to a specific user ─────────────────────────
|
|
39
|
+
static forUser(user) {
|
|
40
|
+
return new GateForUser(user, this._abilities, this._policies, this._beforeCallbacks);
|
|
41
|
+
}
|
|
42
|
+
// ── Internal ──────────────────────────────────────────
|
|
43
|
+
static async resolveUser() {
|
|
44
|
+
try {
|
|
45
|
+
const manager = currentAuth();
|
|
46
|
+
return await manager.guard().user();
|
|
47
|
+
}
|
|
48
|
+
catch {
|
|
49
|
+
return null;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
static async _check(user, ability, ...args) {
|
|
53
|
+
// Run before callbacks
|
|
54
|
+
for (const cb of this._beforeCallbacks) {
|
|
55
|
+
const result = await cb(user, ability);
|
|
56
|
+
if (result === true)
|
|
57
|
+
return true;
|
|
58
|
+
if (result === false)
|
|
59
|
+
return false;
|
|
60
|
+
}
|
|
61
|
+
// Check if the first arg is a model instance with a registered policy
|
|
62
|
+
const model = args[0];
|
|
63
|
+
if (model && typeof model === 'object') {
|
|
64
|
+
const policyClass = this.findPolicy(model);
|
|
65
|
+
if (policyClass) {
|
|
66
|
+
return this.callPolicy(policyClass, user, ability, ...args);
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
// Fall back to defined abilities
|
|
70
|
+
const callback = this._abilities.get(ability);
|
|
71
|
+
if (!callback)
|
|
72
|
+
return false;
|
|
73
|
+
return callback(user, ...args);
|
|
74
|
+
}
|
|
75
|
+
static findPolicy(model) {
|
|
76
|
+
if (!model || typeof model !== 'object')
|
|
77
|
+
return undefined;
|
|
78
|
+
const constructor = model.constructor;
|
|
79
|
+
if (!constructor)
|
|
80
|
+
return undefined;
|
|
81
|
+
// Direct match
|
|
82
|
+
const direct = this._policies.get(constructor);
|
|
83
|
+
if (direct)
|
|
84
|
+
return direct;
|
|
85
|
+
// Check prototype chain
|
|
86
|
+
for (const [modelClass, policyClass] of this._policies) {
|
|
87
|
+
if (model instanceof modelClass)
|
|
88
|
+
return policyClass;
|
|
89
|
+
}
|
|
90
|
+
return undefined;
|
|
91
|
+
}
|
|
92
|
+
static async callPolicy(PolicyCtor, user, ability, ...args) {
|
|
93
|
+
const policy = new PolicyCtor();
|
|
94
|
+
// Policy.before
|
|
95
|
+
if (policy.before) {
|
|
96
|
+
const result = await policy.before(user);
|
|
97
|
+
if (result === true)
|
|
98
|
+
return true;
|
|
99
|
+
if (result === false)
|
|
100
|
+
return false;
|
|
101
|
+
}
|
|
102
|
+
// Call the specific method
|
|
103
|
+
const method = policy[ability];
|
|
104
|
+
if (typeof method !== 'function')
|
|
105
|
+
return false;
|
|
106
|
+
return method.call(policy, user, ...args);
|
|
107
|
+
}
|
|
108
|
+
/** @internal — reset all definitions. Used for testing. */
|
|
109
|
+
static reset() {
|
|
110
|
+
this._abilities.clear();
|
|
111
|
+
this._policies.clear();
|
|
112
|
+
this._beforeCallbacks = [];
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
// ─── GateForUser ──────────────────────────────────────────
|
|
116
|
+
class GateForUser {
|
|
117
|
+
user;
|
|
118
|
+
abilities;
|
|
119
|
+
policies;
|
|
120
|
+
beforeCallbacks;
|
|
121
|
+
constructor(user, abilities, policies, beforeCallbacks) {
|
|
122
|
+
this.user = user;
|
|
123
|
+
this.abilities = abilities;
|
|
124
|
+
this.policies = policies;
|
|
125
|
+
this.beforeCallbacks = beforeCallbacks;
|
|
126
|
+
}
|
|
127
|
+
async allows(ability, ...args) {
|
|
128
|
+
// Before callbacks
|
|
129
|
+
for (const cb of this.beforeCallbacks) {
|
|
130
|
+
const result = await cb(this.user, ability);
|
|
131
|
+
if (result === true)
|
|
132
|
+
return true;
|
|
133
|
+
if (result === false)
|
|
134
|
+
return false;
|
|
135
|
+
}
|
|
136
|
+
// Policy check
|
|
137
|
+
const model = args[0];
|
|
138
|
+
if (model && typeof model === 'object') {
|
|
139
|
+
const constructor = model.constructor;
|
|
140
|
+
if (constructor) {
|
|
141
|
+
const PolicyCtor = this.policies.get(constructor);
|
|
142
|
+
if (PolicyCtor) {
|
|
143
|
+
const policy = new PolicyCtor();
|
|
144
|
+
if (policy.before) {
|
|
145
|
+
const result = await policy.before(this.user);
|
|
146
|
+
if (result === true)
|
|
147
|
+
return true;
|
|
148
|
+
if (result === false)
|
|
149
|
+
return false;
|
|
150
|
+
}
|
|
151
|
+
const method = policy[ability];
|
|
152
|
+
if (typeof method !== 'function')
|
|
153
|
+
return false;
|
|
154
|
+
return method.call(policy, this.user, ...args);
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
// Ability check
|
|
159
|
+
const callback = this.abilities.get(ability);
|
|
160
|
+
if (!callback)
|
|
161
|
+
return false;
|
|
162
|
+
return callback(this.user, ...args);
|
|
163
|
+
}
|
|
164
|
+
async denies(ability, ...args) {
|
|
165
|
+
return !(await this.allows(ability, ...args));
|
|
166
|
+
}
|
|
167
|
+
async authorize(ability, ...args) {
|
|
168
|
+
if (await this.denies(ability, ...args)) {
|
|
169
|
+
throw new AuthorizationError(`This action is unauthorized. [${ability}]`);
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
}
|
|
173
|
+
// ─── Authorization Error ──────────────────────────────────
|
|
174
|
+
export class AuthorizationError extends Error {
|
|
175
|
+
status = 403;
|
|
176
|
+
constructor(message = 'This action is unauthorized.') {
|
|
177
|
+
super(message);
|
|
178
|
+
this.name = 'AuthorizationError';
|
|
179
|
+
}
|
|
180
|
+
}
|
|
181
|
+
//# sourceMappingURL=gate.js.map
|
package/dist/gate.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"gate.js","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAO/C,6DAA6D;AAE7D,MAAM,OAAgB,MAAM;CAM3B;AAMD,6DAA6D;AAE7D,MAAM,OAAO,IAAI;IACP,MAAM,CAAC,UAAU,GAAG,IAAI,GAAG,EAA2B,CAAA;IACtD,MAAM,CAAC,SAAS,GAAG,IAAI,GAAG,EAA2B,CAAA;IACrD,MAAM,CAAC,gBAAgB,GAAqB,EAAE,CAAA;IAEtD,yDAAyD;IAEzD,MAAM,CAAC,MAAM,CAAC,OAAe,EAAE,QAAyB;QACtD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;IACxC,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,QAAwB;QACpC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACtC,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAiB,EAAE,MAAmB;QAClD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;IACnC,CAAC;IAED,yDAAyD;IAEzD,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QACrD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAA;QACrC,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAA;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAA;IAC5C,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QACrD,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,CAAA;IAC/C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,OAAe,EAAE,GAAG,IAAe;QACxD,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,kBAAkB,CAAC,iCAAiC,OAAO,GAAG,CAAC,CAAA;QAC3E,CAAC;IACH,CAAC;IAED,yDAAyD;IAEzD,MAAM,CAAC,OAAO,CAAC,IAAqB;QAClC,OAAO,IAAI,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAA;IACtF,CAAC;IAED,yDAAyD;IAEjD,MAAM,CAAC,KAAK,CAAC,WAAW;QAC9B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,WAAW,EAAE,CAAA;YAC7B,OAAO,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAqB,EAAE,OAAe,EAAE,GAAG,IAAe;QACpF,uBAAuB;QACvB,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;YACtC,IAAI,MAAM,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAA;YAChC,IAAI,MAAM,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAA;QACpC,CAAC;QAED,sEAAsE;QACtE,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACvC,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;YAC1C,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAA;YAC7D,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC7C,IAAI,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAA;QAC3B,OAAO,QAAQ,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAA;IAChC,CAAC;IAEO,MAAM,CAAC,UAAU,CAAC,KAAc;QACtC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAA;QACzD,MAAM,WAAW,GAAI,KAAiD,CAAC,WAAW,CAAA;QAClF,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAA;QAElC,eAAe;QACf,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QAC9C,IAAI,MAAM;YAAE,OAAO,MAAM,CAAA;QAEzB,wBAAwB;QACxB,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACvD,IAAI,KAAK,YAAY,UAAU;gBAAE,OAAO,WAAW,CAAA;QACrD,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,UAAU,CAC7B,UAAuB,EACvB,IAAqB,EACrB,OAAe,EACf,GAAG,IAAe;QAElB,MAAM,MAAM,GAAG,IAAI,UAAU,EAAE,CAAA;QAE/B,gBAAgB;QAChB,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACxC,IAAI,MAAM,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAA;YAChC,IAAI,MAAM,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAA;QACpC,CAAC;QAED,2BAA2B;QAC3B,MAAM,MAAM,GAAI,MAAkC,CAAC,OAAO,CAAC,CAAA;QAC3D,IAAI,OAAO,MAAM,KAAK,UAAU;YAAE,OAAO,KAAK,CAAA;QAC9C,OAAQ,MAA0D,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,CAAA;IAChG,CAAC;IAED,2DAA2D;IAC3D,MAAM,CAAC,KAAK;QACV,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAA;QACvB,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;QACtB,IAAI,CAAC,gBAAgB,GAAG,EAAE,CAAA;IAC5B,CAAC;;AAGH,6DAA6D;AAE7D,MAAM,WAAW;IAEI;IACA;IACA;IACA;IAJnB,YACmB,IAAqB,EACrB,SAAuC,EACvC,QAAsC,EACtC,eAAiC;QAHjC,SAAI,GAAJ,IAAI,CAAiB;QACrB,cAAS,GAAT,SAAS,CAA8B;QACvC,aAAQ,GAAR,QAAQ,CAA8B;QACtC,oBAAe,GAAf,eAAe,CAAkB;IACjD,CAAC;IAEJ,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QAC9C,mBAAmB;QACnB,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;YAC3C,IAAI,MAAM,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAA;YAChC,IAAI,MAAM,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAA;QACpC,CAAC;QAED,eAAe;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACvC,MAAM,WAAW,GAAI,KAAiD,CAAC,WAAW,CAAA;YAClF,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;gBACjD,IAAI,UAAU,EAAE,CAAC;oBACf,MAAM,MAAM,GAAG,IAAI,UAAU,EAAE,CAAA;oBAC/B,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;wBAClB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;wBAC7C,IAAI,MAAM,KAAK,IAAI;4BAAE,OAAO,IAAI,CAAA;wBAChC,IAAI,MAAM,KAAK,KAAK;4BAAE,OAAO,KAAK,CAAA;oBACpC,CAAC;oBACD,MAAM,MAAM,GAAI,MAAkC,CAAC,OAAO,CAAC,CAAA;oBAC3D,IAAI,OAAO,MAAM,KAAK,UAAU;wBAAE,OAAO,KAAK,CAAA;oBAC9C,OAAQ,MAA0D,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAA;gBACrG,CAAC;YACH,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC5C,IAAI,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAA;QAC3B,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAA;IACrC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QAC9C,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAAe,EAAE,GAAG,IAAe;QACjD,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,kBAAkB,CAAC,iCAAiC,OAAO,GAAG,CAAC,CAAA;QAC3E,CAAC;IACH,CAAC;CACF;AAED,6DAA6D;AAE7D,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAClC,MAAM,GAAG,GAAG,CAAA;IAErB,YAAY,OAAO,GAAG,8BAA8B;QAClD,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAA;IAClC,CAAC;CACF"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import { ServiceProvider, type Application } from '@rudderjs/core';
|
|
2
|
+
import type { MiddlewareHandler } from '@rudderjs/contracts';
|
|
3
|
+
import { type AuthConfig } from './auth-manager.js';
|
|
4
|
+
import type { AuthUser } from './contracts.js';
|
|
5
|
+
declare module '@rudderjs/contracts' {
|
|
6
|
+
interface AppRequest {
|
|
7
|
+
user?: AuthUser;
|
|
8
|
+
}
|
|
9
|
+
}
|
|
10
|
+
export { Auth } from './auth-manager.js';
|
|
11
|
+
export { AuthManager, runWithAuth } from './auth-manager.js';
|
|
12
|
+
export { SessionGuard } from './session-guard.js';
|
|
13
|
+
export { EloquentUserProvider, toAuthenticatable } from './providers.js';
|
|
14
|
+
export { Gate, Policy, AuthorizationError } from './gate.js';
|
|
15
|
+
export { PasswordBroker, MemoryTokenRepository } from './password-reset.js';
|
|
16
|
+
export { EnsureEmailIsVerified, verificationUrl, handleEmailVerification, mustVerifyEmail } from './verification.js';
|
|
17
|
+
export type { Authenticatable, AuthUser, Guard, UserProvider } from './contracts.js';
|
|
18
|
+
export type { MustVerifyEmail } from './verification.js';
|
|
19
|
+
export type { TokenRepository, PasswordResetStatus, PasswordResetConfig } from './password-reset.js';
|
|
20
|
+
export type { AuthConfig, AuthGuardConfig, AuthProviderConfig } from './auth-manager.js';
|
|
21
|
+
export type { SessionStore } from './session-guard.js';
|
|
22
|
+
/**
|
|
23
|
+
* Middleware that sets up the Auth context for the current request.
|
|
24
|
+
* Attaches `req.user` if authenticated (does not block unauthenticated requests).
|
|
25
|
+
*/
|
|
26
|
+
export declare function AuthMiddleware(guardName?: string): MiddlewareHandler;
|
|
27
|
+
/**
|
|
28
|
+
* Middleware that requires authentication — returns 401 if not authenticated.
|
|
29
|
+
*/
|
|
30
|
+
export declare function RequireAuth(guardName?: string): MiddlewareHandler;
|
|
31
|
+
/**
|
|
32
|
+
* Returns an AuthServiceProvider configured with guards + providers.
|
|
33
|
+
*
|
|
34
|
+
* Requires: @rudderjs/session (session middleware), @rudderjs/hash
|
|
35
|
+
*
|
|
36
|
+
* Usage in bootstrap/providers.ts:
|
|
37
|
+
* import { auth } from '@rudderjs/auth'
|
|
38
|
+
* export default [session(configs.session), hash(configs.hash), auth(configs.auth), ...]
|
|
39
|
+
*/
|
|
40
|
+
export declare function auth(config: AuthConfig): new (app: Application) => ServiceProvider;
|
|
41
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,KAAK,WAAW,EAAO,MAAM,gBAAgB,CAAA;AACvE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAC5D,OAAO,EAAkC,KAAK,UAAU,EAAE,MAAM,mBAAmB,CAAA;AACnF,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AAK9C,OAAO,QAAQ,qBAAqB,CAAC;IACnC,UAAU,UAAU;QAClB,IAAI,CAAC,EAAE,QAAQ,CAAA;KAChB;CACF;AAID,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAA;AACxC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAA;AAC5D,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAA;AAC3E,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,uBAAuB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEpH,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AACpF,YAAY,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACxD,YAAY,EAAE,eAAe,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAA;AACpG,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA;AACxF,YAAY,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAsBtD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,iBAAiB,CAiBpE;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,iBAAiB,CAoBjE;AAID;;;;;;;;GAQG;AACH,wBAAgB,IAAI,CAAC,MAAM,EAAE,UAAU,GAAG,KAAK,GAAG,EAAE,WAAW,KAAK,eAAe,CA2ClF"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
import { ServiceProvider, app } from '@rudderjs/core';
|
|
2
|
+
import { AuthManager, Auth, runWithAuth } from './auth-manager.js';
|
|
3
|
+
// ─── Re-exports ───────────────────────────────────────────
|
|
4
|
+
export { Auth } from './auth-manager.js';
|
|
5
|
+
export { AuthManager, runWithAuth } from './auth-manager.js';
|
|
6
|
+
export { SessionGuard } from './session-guard.js';
|
|
7
|
+
export { EloquentUserProvider, toAuthenticatable } from './providers.js';
|
|
8
|
+
export { Gate, Policy, AuthorizationError } from './gate.js';
|
|
9
|
+
export { PasswordBroker, MemoryTokenRepository } from './password-reset.js';
|
|
10
|
+
export { EnsureEmailIsVerified, verificationUrl, handleEmailVerification, mustVerifyEmail } from './verification.js';
|
|
11
|
+
// ─── Helpers ──────────────────────────────────────────────
|
|
12
|
+
function userToPlain(user) {
|
|
13
|
+
const u = user;
|
|
14
|
+
const plain = {};
|
|
15
|
+
for (const [k, v] of Object.entries(u)) {
|
|
16
|
+
if (typeof v === 'function')
|
|
17
|
+
continue;
|
|
18
|
+
if (k === 'password')
|
|
19
|
+
continue;
|
|
20
|
+
plain[k] = v;
|
|
21
|
+
}
|
|
22
|
+
return {
|
|
23
|
+
id: String(plain['id'] ?? ''),
|
|
24
|
+
name: String(plain['name'] ?? ''),
|
|
25
|
+
email: String(plain['email'] ?? ''),
|
|
26
|
+
...plain,
|
|
27
|
+
};
|
|
28
|
+
}
|
|
29
|
+
// ─── Auth Middleware ──────────────────────────────────────
|
|
30
|
+
/**
|
|
31
|
+
* Middleware that sets up the Auth context for the current request.
|
|
32
|
+
* Attaches `req.user` if authenticated (does not block unauthenticated requests).
|
|
33
|
+
*/
|
|
34
|
+
export function AuthMiddleware(guardName) {
|
|
35
|
+
return async function AuthMiddleware(req, res, next) {
|
|
36
|
+
const manager = app().make('auth.manager');
|
|
37
|
+
await runWithAuth(manager, async () => {
|
|
38
|
+
const guard = Auth.guard(guardName ?? manager.config.defaults.guard);
|
|
39
|
+
const user = await guard.user();
|
|
40
|
+
if (user) {
|
|
41
|
+
const plain = userToPlain(user);
|
|
42
|
+
req.raw['__rjs_user'] = plain;
|
|
43
|
+
try {
|
|
44
|
+
req['user'] = plain;
|
|
45
|
+
}
|
|
46
|
+
catch { /* read-only */ }
|
|
47
|
+
}
|
|
48
|
+
await next();
|
|
49
|
+
});
|
|
50
|
+
};
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Middleware that requires authentication — returns 401 if not authenticated.
|
|
54
|
+
*/
|
|
55
|
+
export function RequireAuth(guardName) {
|
|
56
|
+
return async function RequireAuth(req, res, next) {
|
|
57
|
+
const manager = app().make('auth.manager');
|
|
58
|
+
await runWithAuth(manager, async () => {
|
|
59
|
+
const guard = Auth.guard(guardName ?? manager.config.defaults.guard);
|
|
60
|
+
const user = await guard.user();
|
|
61
|
+
if (!user) {
|
|
62
|
+
res.status(401).json({ message: 'Unauthorized.' });
|
|
63
|
+
return;
|
|
64
|
+
}
|
|
65
|
+
const plain = userToPlain(user);
|
|
66
|
+
req.raw['__rjs_user'] = plain;
|
|
67
|
+
try {
|
|
68
|
+
req['user'] = plain;
|
|
69
|
+
}
|
|
70
|
+
catch { /* read-only */ }
|
|
71
|
+
await next();
|
|
72
|
+
});
|
|
73
|
+
};
|
|
74
|
+
}
|
|
75
|
+
// ─── Service Provider Factory ─────────────────────────────
|
|
76
|
+
/**
|
|
77
|
+
* Returns an AuthServiceProvider configured with guards + providers.
|
|
78
|
+
*
|
|
79
|
+
* Requires: @rudderjs/session (session middleware), @rudderjs/hash
|
|
80
|
+
*
|
|
81
|
+
* Usage in bootstrap/providers.ts:
|
|
82
|
+
* import { auth } from '@rudderjs/auth'
|
|
83
|
+
* export default [session(configs.session), hash(configs.hash), auth(configs.auth), ...]
|
|
84
|
+
*/
|
|
85
|
+
export function auth(config) {
|
|
86
|
+
class AuthServiceProvider extends ServiceProvider {
|
|
87
|
+
register() {
|
|
88
|
+
// Auth pages (framework-specific)
|
|
89
|
+
this.publishes({ from: new URL(/* @vite-ignore */ '../pages/react', import.meta.url).pathname, to: 'pages/(auth)', tag: 'auth-pages' });
|
|
90
|
+
this.publishes({ from: new URL(/* @vite-ignore */ '../pages/react', import.meta.url).pathname, to: 'pages/(auth)', tag: 'auth-pages-react' });
|
|
91
|
+
this.publishes({ from: new URL(/* @vite-ignore */ '../pages/vue', import.meta.url).pathname, to: 'pages/(auth)', tag: 'auth-pages-vue' });
|
|
92
|
+
this.publishes({ from: new URL(/* @vite-ignore */ '../pages/solid', import.meta.url).pathname, to: 'pages/(auth)', tag: 'auth-pages-solid' });
|
|
93
|
+
// Auth schema (ORM + driver-specific)
|
|
94
|
+
const schemaDir = new URL(/* @vite-ignore */ '../schema', import.meta.url).pathname;
|
|
95
|
+
this.publishes([
|
|
96
|
+
{ from: `${schemaDir}/auth.prisma`, to: 'prisma/schema', tag: 'auth-schema', orm: 'prisma' },
|
|
97
|
+
{ from: `${schemaDir}/auth.drizzle.sqlite.ts`, to: 'database/schema', tag: 'auth-schema', orm: 'drizzle', driver: 'sqlite' },
|
|
98
|
+
{ from: `${schemaDir}/auth.drizzle.pg.ts`, to: 'database/schema', tag: 'auth-schema', orm: 'drizzle', driver: 'postgresql' },
|
|
99
|
+
{ from: `${schemaDir}/auth.drizzle.mysql.ts`, to: 'database/schema', tag: 'auth-schema', orm: 'drizzle', driver: 'mysql' },
|
|
100
|
+
]);
|
|
101
|
+
}
|
|
102
|
+
async boot() {
|
|
103
|
+
// Resolve Hash.check from DI
|
|
104
|
+
let hashCheck;
|
|
105
|
+
try {
|
|
106
|
+
const hashDriver = this.app.make('hash');
|
|
107
|
+
hashCheck = (plain, hashed) => hashDriver.check(plain, hashed);
|
|
108
|
+
}
|
|
109
|
+
catch {
|
|
110
|
+
throw new Error('[RudderJS Auth] No hash driver found. Register hash() provider before auth().');
|
|
111
|
+
}
|
|
112
|
+
// Resolve session facade — bound by @rudderjs/session as 'session.facade'
|
|
113
|
+
const getSession = () => {
|
|
114
|
+
return this.app.make('session.facade');
|
|
115
|
+
};
|
|
116
|
+
const manager = new AuthManager(config, hashCheck, getSession);
|
|
117
|
+
this.app.instance('auth.manager', manager);
|
|
118
|
+
this.app.instance('auth', Auth);
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
return AuthServiceProvider;
|
|
122
|
+
}
|
|
123
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAoB,GAAG,EAAE,MAAM,gBAAgB,CAAA;AAEvE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAmB,MAAM,mBAAmB,CAAA;AAYnF,6DAA6D;AAE7D,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAA;AACxC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAA;AAC5D,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAA;AAC3E,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,uBAAuB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAQpH,6DAA6D;AAE7D,SAAS,WAAW,CAAC,IAAa;IAChC,MAAM,CAAC,GAAG,IAA+B,CAAA;IACzC,MAAM,KAAK,GAA4B,EAAE,CAAA;IACzC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,KAAK,UAAU;YAAE,SAAQ;QACrC,IAAI,CAAC,KAAK,UAAU;YAAE,SAAQ;QAC9B,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IACD,OAAO;QACL,EAAE,EAAK,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAChC,IAAI,EAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAClC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACnC,GAAG,KAAK;KACT,CAAA;AACH,CAAC;AAED,6DAA6D;AAE7D;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,SAAkB;IAC/C,OAAO,KAAK,UAAU,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;QACjD,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,IAAI,CAAc,cAAc,CAAC,CAAA;QAEvD,MAAM,WAAW,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,IAAK,OAA6C,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;YAC3G,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,CAAA;YAE/B,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAC9B;gBAAC,GAAG,CAAC,GAA+B,CAAC,YAAY,CAAC,GAAG,KAAK,CAAA;gBAC3D,IAAI,CAAC;oBAAE,GAA0C,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;YAC/F,CAAC;YAED,MAAM,IAAI,EAAE,CAAA;QACd,CAAC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,SAAkB;IAC5C,OAAO,KAAK,UAAU,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;QAC9C,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,IAAI,CAAc,cAAc,CAAC,CAAA;QAEvD,MAAM,WAAW,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,IAAK,OAA6C,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;YAC3G,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,CAAA;YAE/B,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAA;gBAClD,OAAM;YACR,CAAC;YAED,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAC9B;YAAC,GAAG,CAAC,GAA+B,CAAC,YAAY,CAAC,GAAG,KAAK,CAAA;YAC3D,IAAI,CAAC;gBAAE,GAA0C,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;YAE7F,MAAM,IAAI,EAAE,CAAA;QACd,CAAC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC;AAED,6DAA6D;AAE7D;;;;;;;;GAQG;AACH,MAAM,UAAU,IAAI,CAAC,MAAkB;IACrC,MAAM,mBAAoB,SAAQ,eAAe;QAC/C,QAAQ;YACN,kCAAkC;YAClC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,kBAAkB,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAA;YACvI,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,kBAAkB,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,kBAAkB,EAAE,CAAC,CAAA;YAC7I,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,kBAAkB,CAAC,cAAc,EAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,gBAAgB,EAAE,CAAC,CAAA;YAC3I,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,kBAAkB,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,kBAAkB,EAAE,CAAC,CAAA;YAE7I,sCAAsC;YACtC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAA;YACnF,IAAI,CAAC,SAAS,CAAC;gBACb,EAAE,IAAI,EAAE,GAAG,SAAS,cAAc,EAAa,EAAE,EAAE,eAAe,EAAI,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,QAAiB,EAAE;gBAClH,EAAE,IAAI,EAAE,GAAG,SAAS,yBAAyB,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,SAAkB,EAAE,MAAM,EAAE,QAAiB,EAAE;gBAC9I,EAAE,IAAI,EAAE,GAAG,SAAS,qBAAqB,EAAM,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,SAAkB,EAAE,MAAM,EAAE,YAAqB,EAAE;gBAClJ,EAAE,IAAI,EAAE,GAAG,SAAS,wBAAwB,EAAG,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,SAAkB,EAAE,MAAM,EAAE,OAAgB,EAAE;aAC9I,CAAC,CAAA;QACJ,CAAC;QAED,KAAK,CAAC,IAAI;YACR,6BAA6B;YAC7B,IAAI,SAA8D,CAAA;YAClE,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAoD,MAAM,CAAC,CAAA;gBAC3F,SAAS,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;YAChE,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAA;YACH,CAAC;YAED,0EAA0E;YAC1E,MAAM,UAAU,GAAG,GAAiB,EAAE;gBACpC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAe,gBAAgB,CAAC,CAAA;YACtD,CAAC,CAAA;YAED,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAA;YAC9D,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC,CAAA;YAC1C,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;QACjC,CAAC;KACF;IAED,OAAO,mBAAmB,CAAA;AAC5B,CAAC"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
import type { Authenticatable, UserProvider } from './contracts.js';
|
|
2
|
+
export interface TokenRepository {
|
|
3
|
+
create(email: string, token: string, expiresAt: Date): Promise<void>;
|
|
4
|
+
find(email: string): Promise<{
|
|
5
|
+
token: string;
|
|
6
|
+
createdAt: Date;
|
|
7
|
+
} | null>;
|
|
8
|
+
delete(email: string): Promise<void>;
|
|
9
|
+
deleteExpired(): Promise<void>;
|
|
10
|
+
}
|
|
11
|
+
export type PasswordResetStatus = 'RESET_LINK_SENT' | 'PASSWORD_RESET' | 'INVALID_USER' | 'INVALID_TOKEN' | 'TOKEN_EXPIRED' | 'THROTTLED';
|
|
12
|
+
export interface PasswordResetConfig {
|
|
13
|
+
/** Minutes before a reset token expires (default: 60) */
|
|
14
|
+
expire?: number;
|
|
15
|
+
/** Seconds between reset requests for the same email (default: 60) */
|
|
16
|
+
throttle?: number;
|
|
17
|
+
}
|
|
18
|
+
export declare class PasswordBroker {
|
|
19
|
+
private readonly tokens;
|
|
20
|
+
private readonly users;
|
|
21
|
+
private readonly config;
|
|
22
|
+
private readonly expire;
|
|
23
|
+
private readonly throttle;
|
|
24
|
+
constructor(tokens: TokenRepository, users: UserProvider, config?: PasswordResetConfig);
|
|
25
|
+
/**
|
|
26
|
+
* Send a password reset link.
|
|
27
|
+
* @param credentials - must include `email`
|
|
28
|
+
* @param sendLink - callback to actually send the email/notification
|
|
29
|
+
*/
|
|
30
|
+
sendResetLink(credentials: {
|
|
31
|
+
email: string;
|
|
32
|
+
}, sendLink: (user: Authenticatable, token: string) => Promise<void>): Promise<PasswordResetStatus>;
|
|
33
|
+
/**
|
|
34
|
+
* Reset the user's password.
|
|
35
|
+
* @param credentials - must include `email`, `token`, `password`
|
|
36
|
+
* @param callback - receives the user and new password to perform the actual update
|
|
37
|
+
*/
|
|
38
|
+
reset(credentials: {
|
|
39
|
+
email: string;
|
|
40
|
+
token: string;
|
|
41
|
+
password: string;
|
|
42
|
+
}, callback: (user: Authenticatable, password: string) => Promise<void>): Promise<PasswordResetStatus>;
|
|
43
|
+
private hashToken;
|
|
44
|
+
private verifyToken;
|
|
45
|
+
}
|
|
46
|
+
export declare class MemoryTokenRepository implements TokenRepository {
|
|
47
|
+
private store;
|
|
48
|
+
create(email: string, token: string, expiresAt: Date): Promise<void>;
|
|
49
|
+
find(email: string): Promise<{
|
|
50
|
+
token: string;
|
|
51
|
+
createdAt: Date;
|
|
52
|
+
} | null>;
|
|
53
|
+
delete(email: string): Promise<void>;
|
|
54
|
+
deleteExpired(): Promise<void>;
|
|
55
|
+
}
|
|
56
|
+
//# sourceMappingURL=password-reset.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"password-reset.d.ts","sourceRoot":"","sources":["../src/password-reset.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAInE,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACpE,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IACvE,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACpC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CAC/B;AAID,MAAM,MAAM,mBAAmB,GAC3B,iBAAiB,GACjB,gBAAgB,GAChB,cAAc,GACd,eAAe,GACf,eAAe,GACf,WAAW,CAAA;AAIf,MAAM,WAAW,mBAAmB;IAClC,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,sEAAsE;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAID,qBAAa,cAAc;IAKvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM;IANzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAQ;gBAGd,MAAM,EAAE,eAAe,EACvB,KAAK,EAAE,YAAY,EACnB,MAAM,GAAE,mBAAwB;IAMnD;;;;OAIG;IACG,aAAa,CACjB,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,EAC9B,QAAQ,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GAChE,OAAO,CAAC,mBAAmB,CAAC;IA0B/B;;;;OAIG;IACG,KAAK,CACT,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,EAC/D,QAAQ,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GACnE,OAAO,CAAC,mBAAmB,CAAC;IAwB/B,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,WAAW;CAMpB;AAID,qBAAa,qBAAsB,YAAW,eAAe;IAC3D,OAAO,CAAC,KAAK,CAAyE;IAEhF,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpE,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC;IAKvE,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;CAMrC"}
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
import { createHmac, randomBytes, timingSafeEqual } from 'node:crypto';
|
|
2
|
+
// ─── Password Broker ──────────────────────────────────────
|
|
3
|
+
export class PasswordBroker {
|
|
4
|
+
tokens;
|
|
5
|
+
users;
|
|
6
|
+
config;
|
|
7
|
+
expire;
|
|
8
|
+
throttle;
|
|
9
|
+
constructor(tokens, users, config = {}) {
|
|
10
|
+
this.tokens = tokens;
|
|
11
|
+
this.users = users;
|
|
12
|
+
this.config = config;
|
|
13
|
+
this.expire = config.expire ?? 60;
|
|
14
|
+
this.throttle = config.throttle ?? 60;
|
|
15
|
+
}
|
|
16
|
+
/**
|
|
17
|
+
* Send a password reset link.
|
|
18
|
+
* @param credentials - must include `email`
|
|
19
|
+
* @param sendLink - callback to actually send the email/notification
|
|
20
|
+
*/
|
|
21
|
+
async sendResetLink(credentials, sendLink) {
|
|
22
|
+
const user = await this.users.retrieveByCredentials({ email: credentials.email });
|
|
23
|
+
if (!user)
|
|
24
|
+
return 'INVALID_USER';
|
|
25
|
+
// Throttle check
|
|
26
|
+
const existing = await this.tokens.find(credentials.email);
|
|
27
|
+
if (existing) {
|
|
28
|
+
const elapsed = (Date.now() - existing.createdAt.getTime()) / 1000;
|
|
29
|
+
if (elapsed < this.throttle)
|
|
30
|
+
return 'THROTTLED';
|
|
31
|
+
}
|
|
32
|
+
// Generate token
|
|
33
|
+
const plainToken = randomBytes(32).toString('hex');
|
|
34
|
+
const hashedToken = this.hashToken(plainToken);
|
|
35
|
+
const expiresAt = new Date(Date.now() + this.expire * 60_000);
|
|
36
|
+
// Delete old token, create new one
|
|
37
|
+
await this.tokens.delete(credentials.email);
|
|
38
|
+
await this.tokens.create(credentials.email, hashedToken, expiresAt);
|
|
39
|
+
// Send the link with the plain token
|
|
40
|
+
await sendLink(user, plainToken);
|
|
41
|
+
return 'RESET_LINK_SENT';
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Reset the user's password.
|
|
45
|
+
* @param credentials - must include `email`, `token`, `password`
|
|
46
|
+
* @param callback - receives the user and new password to perform the actual update
|
|
47
|
+
*/
|
|
48
|
+
async reset(credentials, callback) {
|
|
49
|
+
const user = await this.users.retrieveByCredentials({ email: credentials.email });
|
|
50
|
+
if (!user)
|
|
51
|
+
return 'INVALID_USER';
|
|
52
|
+
const record = await this.tokens.find(credentials.email);
|
|
53
|
+
if (!record)
|
|
54
|
+
return 'INVALID_TOKEN';
|
|
55
|
+
// Verify token
|
|
56
|
+
if (!this.verifyToken(credentials.token, record.token))
|
|
57
|
+
return 'INVALID_TOKEN';
|
|
58
|
+
// Check expiry
|
|
59
|
+
const age = (Date.now() - record.createdAt.getTime()) / 60_000;
|
|
60
|
+
if (age > this.expire) {
|
|
61
|
+
await this.tokens.delete(credentials.email);
|
|
62
|
+
return 'TOKEN_EXPIRED';
|
|
63
|
+
}
|
|
64
|
+
// Reset
|
|
65
|
+
await callback(user, credentials.password);
|
|
66
|
+
await this.tokens.delete(credentials.email);
|
|
67
|
+
return 'PASSWORD_RESET';
|
|
68
|
+
}
|
|
69
|
+
hashToken(token) {
|
|
70
|
+
return createHmac('sha256', 'password-reset').update(token).digest('hex');
|
|
71
|
+
}
|
|
72
|
+
verifyToken(plain, hashed) {
|
|
73
|
+
const computed = Buffer.from(this.hashToken(plain), 'hex');
|
|
74
|
+
const stored = Buffer.from(hashed, 'hex');
|
|
75
|
+
if (computed.length !== stored.length)
|
|
76
|
+
return false;
|
|
77
|
+
return timingSafeEqual(computed, stored);
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
// ─── In-Memory Token Repository (for testing / dev) ───────
|
|
81
|
+
export class MemoryTokenRepository {
|
|
82
|
+
store = new Map();
|
|
83
|
+
async create(email, token, expiresAt) {
|
|
84
|
+
this.store.set(email, { token, createdAt: new Date(), expiresAt });
|
|
85
|
+
}
|
|
86
|
+
async find(email) {
|
|
87
|
+
const entry = this.store.get(email);
|
|
88
|
+
return entry ? { token: entry.token, createdAt: entry.createdAt } : null;
|
|
89
|
+
}
|
|
90
|
+
async delete(email) {
|
|
91
|
+
this.store.delete(email);
|
|
92
|
+
}
|
|
93
|
+
async deleteExpired() {
|
|
94
|
+
const now = Date.now();
|
|
95
|
+
for (const [email, entry] of this.store) {
|
|
96
|
+
if (entry.expiresAt.getTime() < now)
|
|
97
|
+
this.store.delete(email);
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
//# sourceMappingURL=password-reset.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"password-reset.js","sourceRoot":"","sources":["../src/password-reset.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AA+BtE,6DAA6D;AAE7D,MAAM,OAAO,cAAc;IAKN;IACA;IACA;IANF,MAAM,CAAQ;IACd,QAAQ,CAAQ;IAEjC,YACmB,MAAuB,EACvB,KAAmB,EACnB,SAA8B,EAAE;QAFhC,WAAM,GAAN,MAAM,CAAiB;QACvB,UAAK,GAAL,KAAK,CAAc;QACnB,WAAM,GAAN,MAAM,CAA0B;QAEjD,IAAI,CAAC,MAAM,GAAK,MAAM,CAAC,MAAM,IAAM,EAAE,CAAA;QACrC,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAA;IACvC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa,CACjB,WAA8B,EAC9B,QAAiE;QAEjE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAA;QACjF,IAAI,CAAC,IAAI;YAAE,OAAO,cAAc,CAAA;QAEhC,iBAAiB;QACjB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QAC1D,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,CAAA;YAClE,IAAI,OAAO,GAAG,IAAI,CAAC,QAAQ;gBAAE,OAAO,WAAW,CAAA;QACjD,CAAC;QAED,iBAAiB;QACjB,MAAM,UAAU,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAClD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QAC9C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,CAAA;QAE7D,mCAAmC;QACnC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QAC3C,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,WAAW,EAAE,SAAS,CAAC,CAAA;QAEnE,qCAAqC;QACrC,MAAM,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;QAEhC,OAAO,iBAAiB,CAAA;IAC1B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,KAAK,CACT,WAA+D,EAC/D,QAAoE;QAEpE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAA;QACjF,IAAI,CAAC,IAAI;YAAE,OAAO,cAAc,CAAA;QAEhC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QACxD,IAAI,CAAC,MAAM;YAAE,OAAO,eAAe,CAAA;QAEnC,eAAe;QACf,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;YAAE,OAAO,eAAe,CAAA;QAE9E,eAAe;QACf,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,GAAG,MAAM,CAAA;QAC9D,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;YAC3C,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,QAAQ;QACR,MAAM,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAA;QAC1C,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QAE3C,OAAO,gBAAgB,CAAA;IACzB,CAAC;IAEO,SAAS,CAAC,KAAa;QAC7B,OAAO,UAAU,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAC3E,CAAC;IAEO,WAAW,CAAC,KAAa,EAAE,MAAc;QAC/C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC,CAAA;QAC1D,MAAM,MAAM,GAAK,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAC3C,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QACnD,OAAO,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;IAC1C,CAAC;CACF;AAED,6DAA6D;AAE7D,MAAM,OAAO,qBAAqB;IACxB,KAAK,GAAG,IAAI,GAAG,EAA+D,CAAA;IAEtF,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,KAAa,EAAE,SAAe;QACxD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa;QACtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACnC,OAAO,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;IAC1E,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAC1B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACxC,IAAI,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,GAAG;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC/D,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import type { Authenticatable, UserProvider } from './contracts.js';
|
|
2
|
+
type ModelClass = {
|
|
3
|
+
query(): {
|
|
4
|
+
where(col: string, val: unknown): {
|
|
5
|
+
first(): Promise<Record<string, unknown> | null>;
|
|
6
|
+
};
|
|
7
|
+
};
|
|
8
|
+
find(id: string | number): Promise<Record<string, unknown> | null>;
|
|
9
|
+
};
|
|
10
|
+
export declare class EloquentUserProvider implements UserProvider {
|
|
11
|
+
private readonly model;
|
|
12
|
+
private readonly hashCheck;
|
|
13
|
+
constructor(model: ModelClass, hashCheck: (plain: string, hashed: string) => Promise<boolean>);
|
|
14
|
+
retrieveById(id: string): Promise<Authenticatable | null>;
|
|
15
|
+
retrieveByCredentials(credentials: Record<string, unknown>): Promise<Authenticatable | null>;
|
|
16
|
+
validateCredentials(user: Authenticatable, credentials: Record<string, unknown>): Promise<boolean>;
|
|
17
|
+
}
|
|
18
|
+
export declare function toAuthenticatable(record: Record<string, unknown>): Authenticatable & Record<string, unknown>;
|
|
19
|
+
export {};
|
|
20
|
+
//# sourceMappingURL=providers.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"providers.d.ts","sourceRoot":"","sources":["../src/providers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAInE,KAAK,UAAU,GAAG;IAChB,KAAK,IAAI;QAAE,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,GAAG;YAAE,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAAA;SAAE,CAAA;KAAE,CAAA;IACnG,IAAI,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAAA;CACnE,CAAA;AAED,qBAAa,oBAAqB,YAAW,YAAY;IAErD,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,SAAS;gBADT,KAAK,EAAE,UAAU,EACjB,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC;IAG3E,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAKzD,qBAAqB,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAa5F,mBAAmB,CAAC,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;CAKzG;AAID,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAQ5G"}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
export class EloquentUserProvider {
|
|
2
|
+
model;
|
|
3
|
+
hashCheck;
|
|
4
|
+
constructor(model, hashCheck) {
|
|
5
|
+
this.model = model;
|
|
6
|
+
this.hashCheck = hashCheck;
|
|
7
|
+
}
|
|
8
|
+
async retrieveById(id) {
|
|
9
|
+
const record = await this.model.find(id);
|
|
10
|
+
return record ? toAuthenticatable(record) : null;
|
|
11
|
+
}
|
|
12
|
+
async retrieveByCredentials(credentials) {
|
|
13
|
+
const query = { ...credentials };
|
|
14
|
+
delete query['password'];
|
|
15
|
+
if (Object.keys(query).length === 0)
|
|
16
|
+
return null;
|
|
17
|
+
let q = this.model.query();
|
|
18
|
+
for (const [col, val] of Object.entries(query)) {
|
|
19
|
+
q = q.where(col, val);
|
|
20
|
+
}
|
|
21
|
+
const record = await q.first();
|
|
22
|
+
return record ? toAuthenticatable(record) : null;
|
|
23
|
+
}
|
|
24
|
+
async validateCredentials(user, credentials) {
|
|
25
|
+
const plain = credentials['password'];
|
|
26
|
+
if (typeof plain !== 'string')
|
|
27
|
+
return false;
|
|
28
|
+
return this.hashCheck(plain, user.getAuthPassword());
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
// ─── Helpers ──────────────────────────────────────────────
|
|
32
|
+
export function toAuthenticatable(record) {
|
|
33
|
+
return {
|
|
34
|
+
...record,
|
|
35
|
+
getAuthIdentifier: () => String(record['id'] ?? ''),
|
|
36
|
+
getAuthPassword: () => String(record['password'] ?? ''),
|
|
37
|
+
getRememberToken: () => record['rememberToken'] ?? null,
|
|
38
|
+
setRememberToken: (token) => { record['rememberToken'] = token; },
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
//# sourceMappingURL=providers.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"providers.js","sourceRoot":"","sources":["../src/providers.ts"],"names":[],"mappings":"AASA,MAAM,OAAO,oBAAoB;IAEZ;IACA;IAFnB,YACmB,KAAiB,EACjB,SAA8D;QAD9D,UAAK,GAAL,KAAK,CAAY;QACjB,cAAS,GAAT,SAAS,CAAqD;IAC9E,CAAC;IAEJ,KAAK,CAAC,YAAY,CAAC,EAAU;QAC3B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACxC,OAAO,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,WAAoC;QAC9D,MAAM,KAAK,GAAG,EAAE,GAAG,WAAW,EAAE,CAAA;QAChC,OAAO,KAAK,CAAC,UAAU,CAAC,CAAA;QACxB,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QAEhD,IAAI,CAAC,GAAY,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAA;QACnC,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC/C,CAAC,GAAI,CAA+C,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QACtE,CAAC;QACD,MAAM,MAAM,GAAG,MAAO,CAA0D,CAAC,KAAK,EAAE,CAAA;QACxF,OAAO,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,IAAqB,EAAE,WAAoC;QACnF,MAAM,KAAK,GAAG,WAAW,CAAC,UAAU,CAAC,CAAA;QACrC,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAA;QAC3C,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,eAAe,EAAE,CAAC,CAAA;IACtD,CAAC;CACF;AAED,6DAA6D;AAE7D,MAAM,UAAU,iBAAiB,CAAC,MAA+B;IAC/D,OAAO;QACL,GAAG,MAAM;QACT,iBAAiB,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACnD,eAAe,EAAI,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACzD,gBAAgB,EAAG,GAAG,EAAE,CAAE,MAAM,CAAC,eAAe,CAAmB,IAAI,IAAI;QAC3E,gBAAgB,EAAG,CAAC,KAAa,EAAE,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,GAAG,KAAK,CAAA,CAAC,CAAC;KAC1E,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import type { Authenticatable, Guard, UserProvider } from './contracts.js';
|
|
2
|
+
export interface SessionStore {
|
|
3
|
+
get<T>(key: string, fallback?: T): T | undefined;
|
|
4
|
+
put(key: string, value: unknown): void;
|
|
5
|
+
forget(key: string): void;
|
|
6
|
+
regenerate(): Promise<void>;
|
|
7
|
+
}
|
|
8
|
+
export declare class SessionGuard implements Guard {
|
|
9
|
+
private readonly provider;
|
|
10
|
+
private readonly session;
|
|
11
|
+
private _user;
|
|
12
|
+
constructor(provider: UserProvider, session: SessionStore);
|
|
13
|
+
user(): Promise<Authenticatable | null>;
|
|
14
|
+
id(): Promise<string | null>;
|
|
15
|
+
check(): Promise<boolean>;
|
|
16
|
+
guest(): Promise<boolean>;
|
|
17
|
+
attempt(credentials: Record<string, unknown>, _remember?: boolean): Promise<boolean>;
|
|
18
|
+
login(user: Authenticatable, _remember?: boolean): Promise<void>;
|
|
19
|
+
logout(): Promise<void>;
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=session-guard.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session-guard.d.ts","sourceRoot":"","sources":["../src/session-guard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAK1E,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,SAAS,CAAA;IAChD,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAAA;IACtC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CAC5B;AAED,qBAAa,YAAa,YAAW,KAAK;IAItC,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,OAAO;IAJ1B,OAAO,CAAC,KAAK,CAAgD;gBAG1C,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,YAAY;IAGlC,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAYvC,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAK5B,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAWpF,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAMhE,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAK9B"}
|