@rudderjs/passport 0.1.2 → 0.1.4

package/README.md

@@ -0,0 +1,375 @@
+# @rudderjs/passport
+
+OAuth 2 server for RudderJS — the Laravel Passport equivalent. Turns your app into an OAuth 2 provider that issues JWT-signed access tokens, refresh tokens, and personal access tokens.
+
+## Features
+
+- **Four OAuth 2 grants** — authorization code (with PKCE), client credentials, refresh token, device code
+- **Personal access tokens** — Laravel-style `user.createToken()` via the `HasApiTokens` mixin
+- **JWT with RS256** — signed with an RSA private key; third parties can verify tokens without calling your server
+- **Auto-registered routes** — `/oauth/authorize`, `/oauth/token`, `/oauth/scopes`, `/oauth/device/*`, plus token revocation
+- **Bearer middleware** — `RequireBearer()` + `scope('read', 'write')` for per-route API auth
+- **Customization hooks** — swap any model, wire a custom consent screen, disable routes selectively
+
+## Installation
+
+```bash
+pnpm add @rudderjs/passport @rudderjs/auth @rudderjs/orm-prisma
+```
+
+Add the Prisma schema to your playground's multi-file schema setup:
+
+```prisma
+// prisma/schema/passport.prisma
+// Copy the models from @rudderjs/passport/schema/passport.prisma
+```
+
+Then regenerate the client and push the schema:
+
+```bash
+pnpm exec prisma generate
+pnpm exec prisma db push
+```
+
+Generate RSA keys (required before issuing tokens):
+
+```bash
+pnpm rudder passport:keys
+```
+
+Keys land in `storage/oauth-{private,public}.key`. In production, load them from env vars instead — see **Configuration** below.
+
+## Setup
+
+```ts
+// config/passport.ts
+import type { PassportConfig } from '@rudderjs/passport'
+
+export default {
+  scopes: {
+    read:  'Read access',
+    write: 'Write access',
+    admin: 'Full administrative access',
+  },
+  tokensExpireIn:              15 * 24 * 60 * 60 * 1000,  // 15 days
+  refreshTokensExpireIn:       30 * 24 * 60 * 60 * 1000,  // 30 days
+  personalAccessTokensExpireIn: 6 * 30 * 24 * 60 * 60 * 1000, // ~6 months
+} satisfies PassportConfig
+```
+
+Add the provider — auto-discovery picks it up automatically after `pnpm rudder providers:discover`. Or register explicitly:
+
+```ts
+// bootstrap/providers.ts
+import { PassportProvider } from '@rudderjs/passport'
+
+export default [
+  // ...auth, session, orm first
+  PassportProvider,
+]
+```
+
+Register the OAuth routes. API routes are the right home because they're stateless — but the consent + device-approve endpoints both need a signed-in user, so if you use those, mount them on the `web` group:
+
+```ts
+// routes/api.ts
+import { registerPassportRoutes } from '@rudderjs/passport'
+
+export default (router) => {
+  registerPassportRoutes(router)
+}
+```
+
+## Protecting API Routes
+
+`RequireBearer()` validates the JWT signature, checks expiration, and confirms the token hasn't been revoked. `scope(...)` enforces OAuth scopes on the token.
+
+```ts
+import { RequireBearer, scope } from '@rudderjs/passport'
+
+router.get('/api/user',    [RequireBearer()],                 (req) => req.user)
+router.get('/api/posts',   [RequireBearer(), scope('read')],  listPosts)
+router.post('/api/posts',  [RequireBearer(), scope('write')], createPost)
+router.post('/api/admin',  [RequireBearer(), scope('admin')], adminAction)
+```
+
+A valid request attaches the resolved user to `req.user`, so handlers read it the same way they would under session auth.
+
+The wildcard scope `*` grants everything — useful for personal access tokens issued without a specific scope restriction.
+
+## OAuth Flows
+
+### Authorization Code + PKCE (web apps, SPAs, mobile)
+
+Standard 3-legged flow. Client redirects the user to `/oauth/authorize`, user approves, client exchanges the auth code at `/oauth/token`.
+
+```bash
+# 1. User is redirected to:
+GET /oauth/authorize
+  ?response_type=code
+  &client_id=<id>
+  &redirect_uri=https://app.example.com/callback
+  &scope=read+write
+  &state=<csrf>
+  &code_challenge=<s256-hash>
+  &code_challenge_method=S256
+
+# 2. After user approves (POST /oauth/authorize), they're redirected back with:
+#    https://app.example.com/callback?code=<authcode>&state=<csrf>
+
+# 3. App exchanges the code for tokens:
+POST /oauth/token
+{
+  "grant_type":    "authorization_code",
+  "code":          "<authcode>",
+  "client_id":     "<id>",
+  "client_secret": "<secret>",        // omit for public clients
+  "redirect_uri":  "https://app.example.com/callback",
+  "code_verifier": "<pkce-verifier>"
+}
+```
+
+**PKCE is required for public clients.** Confidential clients may skip it but are still allowed to use it.
+
+### Client Credentials (machine-to-machine)
+
+For service-to-service auth with no end-user. Only confidential clients.
+
+```bash
+POST /oauth/token
+{
+  "grant_type":    "client_credentials",
+  "client_id":     "<id>",
+  "client_secret": "<secret>",
+  "scope":         "read write"
+}
+```
+
+### Refresh Token
+
+Rotates the access/refresh token pair. The old pair is revoked atomically — reusing a refresh token fails.
+
+```bash
+POST /oauth/token
+{
+  "grant_type":    "refresh_token",
+  "refresh_token": "<jwt>",
+  "client_id":     "<id>",
+  "client_secret": "<secret>"
+}
+```
+
+### Device Code (CLIs, smart TVs, IoT)
+
+Device requests a short user code, user approves it in a browser, device polls the token endpoint.
+
+```bash
+# 1. Device requests a code
+POST /oauth/device/code
+{ "client_id": "<id>", "scope": "read" }
+
+# Response:
+{
+  "device_code":      "<long-opaque>",
+  "user_code":        "ABCD-1234",
+  "verification_uri": "https://app.example.com/oauth/device",
+  "expires_in":       600,
+  "interval":         5
+}
+
+# 2. User visits verification_uri, enters user_code, approves:
+POST /oauth/device/approve  (web — needs signed-in user)
+{ "user_code": "ABCD-1234", "approved": true }
+
+# 3. Device polls:
+POST /oauth/token
+{
+  "grant_type":  "urn:ietf:params:oauth:grant-type:device_code",
+  "device_code": "<long-opaque>",
+  "client_id":   "<id>"
+}
+# Returns 400 authorization_pending / 429 slow_down until approved,
+# then 200 with the token pair.
+```
+
+## Personal Access Tokens
+
+For long-lived API tokens — like GitHub personal access tokens. The user generates a token from their account UI; the token is shown once and never re-displayed.
+
+Enable on your User model with the `HasApiTokens` mixin:
+
+```ts
+// app/Models/User.ts
+import { Model } from '@rudderjs/orm'
+import { HasApiTokens } from '@rudderjs/passport'
+
+export class User extends HasApiTokens(Model) {
+  static table = 'user'
+  // ...
+}
+```
+
+Then issue and manage tokens:
+
+```ts
+const user = await User.find(userId)
+
+// Create — returns the JWT once + the persisted record
+const { plainTextToken, token } = await user.createToken('my-cli', ['read', 'write'])
+// plainTextToken: 'eyJ...' — show this to the user ONCE
+
+// List
+const tokens = await user.tokens()
+
+// Revoke all
+const count = await user.revokeAllTokens()
+
+// Check current request token's scope (inside a BearerMiddleware-protected route)
+if (user.tokenCan('admin')) { ... }
+```
+
+Personal access tokens are issued against an internal `__personal_access__` OAuth client that Passport auto-creates on first use.
+
+## Customization Hooks
+
+Every surface — models, consent screen, route registration — can be swapped.
+
+### Custom Models
+
+Extend any Passport model to add columns or override behavior, then register:
+
+```ts
+import { Passport, OAuthClient } from '@rudderjs/passport'
+
+class CustomOAuthClient extends OAuthClient {
+  static table = 'myOAuthClient'
+  // ...extra columns, overrides
+}
+
+// In a provider's boot()
+Passport.useClientModel(CustomOAuthClient)
+```
+
+Same pattern for `useTokenModel`, `useRefreshTokenModel`, `useAuthCodeModel`, `useDeviceCodeModel`.
+
+### Custom Consent Screen
+
+`GET /oauth/authorize` returns JSON by default. Wire a `@rudderjs/view` page for real consent UX:
+
+```ts
+import { Passport } from '@rudderjs/passport'
+import { view } from '@rudderjs/view'
+
+// In a provider's boot()
+Passport.authorizationView((ctx) => {
+  return view('oauth.authorize', {
+    client:       ctx.client,
+    scopes:       ctx.scopes,
+    redirectUri:  ctx.redirectUri,
+    state:        ctx.state,
+    codeChallenge: ctx.codeChallenge,
+  })
+})
+```
+
+The view posts back to `POST /oauth/authorize` with the same params + the current user's session.
+
+### Selective Route Registration
+
+Skip route groups you want to handle yourself:
+
+```ts
+registerPassportRoutes(router, {
+  except: ['authorize', 'scopes'], // mount your own consent + scopes endpoints
+  prefix: '/api/oauth',            // default is '/oauth'
+})
+```
+
+Available groups: `authorize`, `token`, `revoke`, `scopes`, `device`.
+
+To disable route registration entirely, call `Passport.ignoreRoutes()` before the provider boots. `registerPassportRoutes()` becomes a no-op.
+
+## Configuration
+
+### Key Management
+
+Three ways to provide the RSA keypair, in precedence order:
+
+1. **Env vars** (recommended for production):
+   ```ts
+   // config/passport.ts
+   export default {
+     privateKey: process.env.PASSPORT_PRIVATE_KEY,
+     publicKey:  process.env.PASSPORT_PUBLIC_KEY,
+   }
+   ```
+
+2. **Custom key directory**:
+   ```ts
+   export default { keyPath: 'secure/keys' }
+   // Reads secure/keys/oauth-private.key + oauth-public.key
+   ```
+
+3. **Default** — files in `storage/oauth-{private,public}.key`, generated by `rudder passport:keys`.
+
+### Token Lifetimes
+
+All in milliseconds:
+
+| Option | Default | Purpose |
+|---|---|---|
+| `tokensExpireIn` | 15 days | Access token lifetime |
+| `refreshTokensExpireIn` | 30 days | Refresh token lifetime |
+| `personalAccessTokensExpireIn` | ~6 months | Personal access token lifetime |
+
+## CLI Commands
+
+```bash
+# Generate an RSA keypair (refuses to overwrite without --force)
+pnpm rudder passport:keys [--force]
+
+# Create an OAuth client
+pnpm rudder passport:client "My App"
+pnpm rudder passport:client "SPA" --public                  # public (PKCE-required)
+pnpm rudder passport:client "Service" --client-credentials   # M2M
+pnpm rudder passport:client "TV App" --device                # device code
+pnpm rudder passport:client "__personal_access__" --personal # personal token issuer
+
+# Remove expired + revoked tokens, auth codes, device codes
+pnpm rudder passport:purge
+```
+
+`passport:client` prints the client ID and (for confidential clients) the secret. Secrets are SHA-256 hashed on write — store the printed secret immediately; it is not recoverable.
+
+## Architecture
+
+**Tables** — five in `schema/passport.prisma`:
+
+| Table | Purpose |
+|---|---|
+| `oauth_clients` | Registered client apps + their secrets |
+| `oauth_access_tokens` | Issued access tokens (for revocation lookup) |
+| `oauth_refresh_tokens` | Refresh tokens, linked 1:1 to an access token |
+| `oauth_auth_codes` | Short-lived authorization codes (single-use, 10 min) |
+| `oauth_device_codes` | Device authorization flow state |
+
+**Token shape** — JWTs carry `jti` (token ID), `sub` (user ID), `aud` (client ID), `scopes`, `iat`, `exp`. Revocation is checked against the DB row keyed by `jti`.
+
+**Provider order** — `PassportProvider` boots at the `infrastructure` stage and depends on `@rudderjs/auth` + `@rudderjs/orm-prisma`. Auto-discovery resolves the order automatically.
+
+## Pitfalls
+
+- **Missing keys** — `pnpm rudder passport:keys` before issuing any token, or set `PASSPORT_PRIVATE_KEY` + `PASSPORT_PUBLIC_KEY`.
+- **Schema not migrated** — copy `schema/passport.prisma` into your project's Prisma schema and run `prisma db push`.
+- **Bearer middleware on web routes** — use it on `api.ts` routes. Web routes have session-based auth already via `AuthMiddleware` on the `web` group.
+- **PKCE on public clients** — public clients *must* send `code_challenge` + `code_challenge_method=S256`. No PKCE = `invalid_request`.
+- **Refresh token replay** — reusing an old refresh token returns `invalid_grant`; the rotation already revoked it.
+- **Stale personal-access client cache** — `resetPersonalAccessClient()` is test-only. Don't call it at runtime.
+- **Prisma delegate vs `@@map`** — if you override a model, `static table` must be the Prisma delegate name (camelCase), not the `@@map`'d SQL name. `oauthClient`, not `oauth_clients`.
+- **Scope middleware ordering** — `scope(...)` must run after `RequireBearer()` or `BearerMiddleware()`. It reads token scopes from the request state set by the bearer middleware.
+
+## Related
+
+- [`@rudderjs/auth`](../auth) — session-based web auth (login, register, password reset)
+- [`@rudderjs/orm`](../orm) — ORM for the OAuth models
+- [OAuth 2.1 draft](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10) — the spec Passport targets

package/dist/index.js

@@ -92,7 +92,7 @@ export class PassportProvider extends ServiceProvider {
             }).description('Remove expired tokens and auth codes');
             // Register make:* scaffolder for passport
             try {
-                const { registerMakeSpecs } = await import('@rudderjs/rudder');
+                const { registerMakeSpecs } = await import('@rudderjs/console');
                 registerMakeSpecs({
                     command: 'make:passport-client',
                     description: 'Create a new OAuth client seeder',

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAExD,6DAA6D;AAE7D,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAGxC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAGlE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAEnD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACxE,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAA;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AAEnD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAEjD,SAAS;AACT,OAAO,EACL,WAAW,EACX,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,GACf,MAAM,mBAAmB,CAAA;AAY1B,yBAAyB;AACzB,OAAO,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAA;AAGrF,SAAS;AACT,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAA;AAqBpD,6DAA6D;AAE7D,MAAM,OAAO,gBAAiB,SAAQ,eAAe;IACnD,QAAQ,KAAU,CAAC;IAEnB,KAAK,CAAC,IAAI;QACR,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAA;QAElD,MAAM,GAAG,GAAG,MAAM,CAAiB,UAAU,CAAC,CAAA;QAE9C,iBAAiB;QACjB,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YACpC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAA;QACjD,CAAC;aAAM,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YACvB,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACpC,CAAC;QAED,sBAAsB;QACtB,IAAI,GAAG,CAAC,cAAc;YAAE,QAAQ,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;QACnE,IAAI,GAAG,CAAC,qBAAqB;YAAE,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QACxF,IAAI,GAAG,CAAC,4BAA4B;YAAE,QAAQ,CAAC,4BAA4B,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAA;QAE7G,mBAAmB;QACnB,IAAI,GAAG,CAAC,MAAM;YAAE,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAE9C,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAA;QAEvC,wBAAwB;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAA;YAEjD,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,EAAE,IAAc,EAAE,EAAE;gBACvD,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;gBACtC,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAA;gBAC3D,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,CAAC,EAAE,KAAK,EAAE,CAAC,CAAA;gBACjE,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;gBACpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAA;gBAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,UAAU,EAAE,CAAC,CAAA;YAC3C,CAAC,CAAC,CAAC,WAAW,CAAC,+CAA+C,CAAC,CAAA;YAE/D,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,EAAE,IAAc,EAAE,EAAE;gBACzD,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAA;gBAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;gBAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;gBAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;gBAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;gBAEnD,MAAM,UAAU,GAAG,QAAQ;oBACzB,CAAC,CAAC,CAAC,8CAA8C,CAAC;oBAClD,CAAC,CAAC,UAAU;wBACV,CAAC,CAAC,CAAC,iBAAiB,CAAC;wBACrB,CAAC,CAAC,KAAK;4BACL,CAAC,CAAC,CAAC,oBAAoB,CAAC;4BACxB,CAAC,CAAC,CAAC,oBAAoB,EAAE,eAAe,CAAC,CAAA;gBAE/C,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAA;gBAC7D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC;oBAC5C,IAAI;oBACJ,YAAY,EAAE,CAAC,QAAQ,IAAI,CAAC,QAAQ;oBACpC,UAAU;iBACX,CAAC,CAAA;gBAEF,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAA;gBACtC,OAAO,CAAC,GAAG,CAAC,kBAAmB,MAAc,CAAC,EAAE,EAAE,CAAC,CAAA;gBACnD,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;gBAC5C,IAAI,MAAM,EAAE,CAAC;oBACX,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,EAAE,CAAC,CAAA;oBACvC,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAA;gBACnE,CAAC;YACH,CAAC,CAAC,CAAC,WAAW,CAAC,2BAA2B,CAAC,CAAA;YAE3C,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE,KAAK,IAAI,EAAE;gBAC1C,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAA;gBAC3D,MAAM,MAAM,GAAG,MAAM,WAAW,EAAE,CAAA;gBAClC,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,WAAW,CAAA;gBAChG,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,6BAA6B,CAAC,CAAA;gBAC3D,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,YAAY,EAAE,CAAC,CAAA;gBACzD,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,aAAa,EAAE,CAAC,CAAA;gBAC1D,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAA;gBACtD,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAA;YAC1D,CAAC,CAAC,CAAC,WAAW,CAAC,sCAAsC,CAAC,CAAA;YAEtD,0CAA0C;YAC1C,IAAI,CAAC;gBACH,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAA;gBAC9D,iBAAiB,CAAC;oBAChB,OAAO,EAAM,sBAAsB;oBACnC,WAAW,EAAE,kCAAkC;oBAC/C,KAAK,EAAQ,gCAAgC;oBAC7C,SAAS,EAAI,aAAa;oBAC1B,IAAI,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC;;wBAEP,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE;;;;;;;;;;CAUrE;iBACQ,CAAC,CAAA;YACJ,CAAC;YAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;IACxC,CAAC;CACF"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAExD,6DAA6D;AAE7D,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAGxC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAGlE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAEnD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACxE,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAA;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AAEnD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAEjD,SAAS;AACT,OAAO,EACL,WAAW,EACX,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,GACf,MAAM,mBAAmB,CAAA;AAY1B,yBAAyB;AACzB,OAAO,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAA;AAGrF,SAAS;AACT,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAA;AAqBpD,6DAA6D;AAE7D,MAAM,OAAO,gBAAiB,SAAQ,eAAe;IACnD,QAAQ,KAAU,CAAC;IAEnB,KAAK,CAAC,IAAI;QACR,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAA;QAElD,MAAM,GAAG,GAAG,MAAM,CAAiB,UAAU,CAAC,CAAA;QAE9C,iBAAiB;QACjB,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YACpC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAA;QACjD,CAAC;aAAM,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YACvB,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACpC,CAAC;QAED,sBAAsB;QACtB,IAAI,GAAG,CAAC,cAAc;YAAE,QAAQ,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;QACnE,IAAI,GAAG,CAAC,qBAAqB;YAAE,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QACxF,IAAI,GAAG,CAAC,4BAA4B;YAAE,QAAQ,CAAC,4BAA4B,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAA;QAE7G,mBAAmB;QACnB,IAAI,GAAG,CAAC,MAAM;YAAE,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAE9C,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAA;QAEvC,wBAAwB;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAA;YAEjD,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,EAAE,IAAc,EAAE,EAAE;gBACvD,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;gBACtC,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAA;gBAC3D,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,CAAC,EAAE,KAAK,EAAE,CAAC,CAAA;gBACjE,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;gBACpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAA;gBAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,UAAU,EAAE,CAAC,CAAA;YAC3C,CAAC,CAAC,CAAC,WAAW,CAAC,+CAA+C,CAAC,CAAA;YAE/D,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,EAAE,IAAc,EAAE,EAAE;gBACzD,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAA;gBAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;gBAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;gBAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;gBAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;gBAEnD,MAAM,UAAU,GAAG,QAAQ;oBACzB,CAAC,CAAC,CAAC,8CAA8C,CAAC;oBAClD,CAAC,CAAC,UAAU;wBACV,CAAC,CAAC,CAAC,iBAAiB,CAAC;wBACrB,CAAC,CAAC,KAAK;4BACL,CAAC,CAAC,CAAC,oBAAoB,CAAC;4BACxB,CAAC,CAAC,CAAC,oBAAoB,EAAE,eAAe,CAAC,CAAA;gBAE/C,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAA;gBAC7D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC;oBAC5C,IAAI;oBACJ,YAAY,EAAE,CAAC,QAAQ,IAAI,CAAC,QAAQ;oBACpC,UAAU;iBACX,CAAC,CAAA;gBAEF,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAA;gBACtC,OAAO,CAAC,GAAG,CAAC,kBAAmB,MAAc,CAAC,EAAE,EAAE,CAAC,CAAA;gBACnD,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;gBAC5C,IAAI,MAAM,EAAE,CAAC;oBACX,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,EAAE,CAAC,CAAA;oBACvC,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAA;gBACnE,CAAC;YACH,CAAC,CAAC,CAAC,WAAW,CAAC,2BAA2B,CAAC,CAAA;YAE3C,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE,KAAK,IAAI,EAAE;gBAC1C,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAA;gBAC3D,MAAM,MAAM,GAAG,MAAM,WAAW,EAAE,CAAA;gBAClC,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,WAAW,CAAA;gBAChG,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,6BAA6B,CAAC,CAAA;gBAC3D,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,YAAY,EAAE,CAAC,CAAA;gBACzD,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,aAAa,EAAE,CAAC,CAAA;gBAC1D,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAA;gBACtD,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAA;YAC1D,CAAC,CAAC,CAAC,WAAW,CAAC,sCAAsC,CAAC,CAAA;YAEtD,0CAA0C;YAC1C,IAAI,CAAC;gBACH,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAA;gBAC/D,iBAAiB,CAAC;oBAChB,OAAO,EAAM,sBAAsB;oBACnC,WAAW,EAAE,kCAAkC;oBAC/C,KAAK,EAAQ,gCAAgC;oBAC7C,SAAS,EAAI,aAAa;oBAC1B,IAAI,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC;;wBAEP,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE;;;;;;;;;;CAUrE;iBACQ,CAAC,CAAA;YACJ,CAAC;YAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;IACxC,CAAC;CACF"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rudderjs/passport",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "rudderjs": {
     "provider": "PassportProvider",
     "stage": "infrastructure",
@@ -33,15 +33,15 @@
     }
   },
   "dependencies": {
-    "@rudderjs/contracts": "0.1.0",
-    "@rudderjs/core": "0.1.1",
-    "@rudderjs/orm": "0.1.1"
+    "@rudderjs/core": "^0.1.4",
+    "@rudderjs/contracts": "^0.2.0",
+    "@rudderjs/orm": "^0.1.2"
   },
   "devDependencies": {
     "@types/node": "^20.0.0",
     "typescript": "^5.4.0",
     "tsx": "^4.0.0",
-    "@rudderjs/rudder": "0.0.3"
+    "@rudderjs/console": "^0.0.4"
   },
   "author": "Suleiman Shahbari",
   "scripts": {