@seamless-auth/express 0.1.2 → 0.3.0

package/dist/index.js

@@ -139,11 +139,12 @@ import { finishLoginHandler } from "@seamless-auth/core/handlers/finishLogin";
 // src/internal/buildAuthorization.ts
 import { createServiceToken } from "@seamless-auth/core";
 function buildServiceAuthorization(req, opts) {
-  if (!req.cookiePayload?.sub && !req.user.sub) {
+  const subject = req.cookiePayload?.sub || req.user?.sub;
+  if (!subject) {
     return void 0;
   }
   const token = createServiceToken({
-    subject: req.cookiePayload?.sub || req.user.sub,
+    subject,
     issuer: opts.issuer,
     audience: opts.audience,
     serviceSecret: opts.serviceSecret,
@@ -194,6 +195,174 @@ async function finishLogin(req, res, opts) {
 
 // src/handlers/register.ts
 import { registerHandler } from "@seamless-auth/core/handlers/register";
+
+// src/internal/deliverAuthMessage.ts
+function applyEmailOverride(override, input, defaults, appName) {
+  return override ? override(input, defaults, { appName }) : defaults;
+}
+function applySmsOverride(override, input, defaults, appName) {
+  return override ? override(input, defaults, { appName }) : defaults;
+}
+function buildOtpEmailMessage(input, messaging) {
+  const appName = messaging.defaults?.appName ?? "Seamless Auth";
+  return applyEmailOverride(
+    messaging.overrides?.otpEmail,
+    {
+      to: input.to,
+      token: input.token,
+      from: messaging.defaults?.emailFrom,
+      subject: `${appName} - Verify your email`
+    },
+    {
+      to: input.to,
+      from: messaging.defaults?.emailFrom,
+      subject: `${appName} - Verify your email`,
+      text: `Verify your account with ${appName}.
+
+Your verification code is: ${input.token}
+
+If you did not request this code, you can safely ignore this message.`,
+      html: `<div><h1>Verify your account with ${appName}</h1><p>Please use the verification code below:</p><p><strong>${input.token}</strong></p><p>If you did not request this code, you can safely ignore this message.</p></div>`
+    },
+    appName
+  );
+}
+function buildOtpSmsMessage(input, messaging) {
+  const appName = messaging.defaults?.appName ?? "Seamless Auth";
+  return applySmsOverride(
+    messaging.overrides?.otpSms,
+    {
+      to: input.to,
+      token: input.token,
+      from: messaging.defaults?.smsFrom
+    },
+    {
+      to: input.to,
+      from: messaging.defaults?.smsFrom,
+      body: `Your ${appName} verification code is: ${input.token}. No one will ever ask you for this code. Do not share it.`
+    },
+    appName
+  );
+}
+function buildMagicLinkMessage(input, messaging) {
+  const appName = messaging.defaults?.appName ?? "Seamless Auth";
+  return applyEmailOverride(
+    messaging.overrides?.magicLinkEmail,
+    {
+      to: input.to,
+      magicLinkUrl: input.magicLinkUrl,
+      token: input.token,
+      from: messaging.defaults?.emailFrom,
+      subject: `${appName} - Your sign-in link`
+    },
+    {
+      to: input.to,
+      from: messaging.defaults?.emailFrom,
+      subject: `${appName} - Your sign-in link`,
+      text: `Use the link below to sign in to ${appName}:
+
+${input.magicLinkUrl}
+
+If you did not request this email, you can safely ignore it.`,
+      html: `<div><h1>Sign in to ${appName}</h1><p>Use the link below to complete sign-in:</p><p><a href="${input.magicLinkUrl}">${input.magicLinkUrl}</a></p><p>If you did not request this email, you can safely ignore it.</p></div>`
+    },
+    appName
+  );
+}
+function buildBootstrapInviteMessage(input, messaging) {
+  const appName = messaging.defaults?.appName ?? "Seamless Auth";
+  return applyEmailOverride(
+    messaging.overrides?.bootstrapInviteEmail,
+    {
+      to: input.to,
+      inviteUrl: input.inviteUrl,
+      token: input.token,
+      from: messaging.defaults?.emailFrom,
+      subject: `${appName} - Bootstrap invite`
+    },
+    {
+      to: input.to,
+      from: messaging.defaults?.emailFrom,
+      subject: `${appName} - Bootstrap invite`,
+      text: `You have been invited to bootstrap ${appName}.
+
+Use the link below to continue:
+${input.inviteUrl}`,
+      html: `<div><h1>Bootstrap invite for ${appName}</h1><p>Use the link below to continue:</p><p><a href="${input.inviteUrl}">${input.inviteUrl}</a></p></div>`
+    },
+    appName
+  );
+}
+async function deliverAuthMessage(messaging, delivery) {
+  if (!messaging || !delivery) {
+    return;
+  }
+  switch (delivery.kind) {
+    case "otp_email":
+      if (messaging.handlers?.sendOtpEmail) {
+        await messaging.handlers.sendOtpEmail({
+          to: delivery.to,
+          token: delivery.token,
+          from: messaging.defaults?.emailFrom
+        });
+        return;
+      }
+      if (!messaging.email) {
+        throw new Error("Missing email transport for OTP email delivery.");
+      }
+      await messaging.email.send(buildOtpEmailMessage(delivery, messaging));
+      return;
+    case "otp_sms":
+      if (messaging.handlers?.sendOtpSms) {
+        await messaging.handlers.sendOtpSms({
+          to: delivery.to,
+          token: delivery.token,
+          from: messaging.defaults?.smsFrom
+        });
+        return;
+      }
+      if (!messaging.sms) {
+        throw new Error("Missing SMS transport for OTP SMS delivery.");
+      }
+      await messaging.sms.send(buildOtpSmsMessage(delivery, messaging));
+      return;
+    case "magic_link_email":
+      if (messaging.handlers?.sendMagicLinkEmail) {
+        await messaging.handlers.sendMagicLinkEmail({
+          to: delivery.to,
+          token: delivery.token,
+          magicLinkUrl: delivery.magicLinkUrl,
+          from: messaging.defaults?.emailFrom
+        });
+        return;
+      }
+      if (!messaging.email) {
+        throw new Error("Missing email transport for magic link delivery.");
+      }
+      await messaging.email.send(buildMagicLinkMessage(delivery, messaging));
+      return;
+    case "bootstrap_invite_email":
+      if (messaging.handlers?.sendBootstrapInviteEmail) {
+        await messaging.handlers.sendBootstrapInviteEmail({
+          to: delivery.to,
+          inviteUrl: delivery.inviteUrl,
+          from: messaging.defaults?.emailFrom
+        });
+        return;
+      }
+      if (!messaging.email) {
+        throw new Error("Missing email transport for bootstrap invite delivery.");
+      }
+      await messaging.email.send(buildBootstrapInviteMessage(delivery, messaging));
+      return;
+  }
+}
+function stripDelivery(body) {
+  const { delivery: _delivery, ...rest } = body;
+  return rest;
+}
+
+// src/handlers/register.ts
 async function register(req, res, opts) {
   const cookieSigner = {
     secret: opts.cookieSecret,
@@ -205,7 +374,8 @@ async function register(req, res, opts) {
     {
       authServerUrl: opts.authServerUrl,
       cookieDomain: opts.cookieDomain,
-      registrationCookieName: opts.registrationCookieName
+      registrationCookieName: opts.registrationCookieName,
+      externalDelivery: Boolean(opts.messaging)
     }
   );
   if (!cookieSigner.secret) {
@@ -216,9 +386,9 @@ async function register(req, res, opts) {
       setSessionCookie(
         res,
         {
-          name: opts.registrationCookieName || "seamless-auth-registraion",
+          name: c.name,
           payload: c.value,
-          domain: c.domain,
+          domain: c.domain ?? opts.cookieDomain,
           ttlSeconds: c.ttl
         },
         cookieSigner
@@ -228,11 +398,45 @@ async function register(req, res, opts) {
   if (result.error) {
     return res.status(result.status).json(result.error);
   }
+  if (result.body && typeof result.body === "object" && "delivery" in result.body) {
+    await deliverAuthMessage(
+      opts.messaging,
+      result.body.delivery
+    );
+    return res.status(result.status).json(stripDelivery(result.body)).end();
+  }
   res.status(result.status).json(result.body).end();
 }
 
+// src/handlers/requestOtp.ts
+import { requestOtpHandler } from "@seamless-auth/core/handlers/requestOtpHandler";
+async function requestOtp(req, res, opts, kind) {
+  const result = await requestOtpHandler(
+    {
+      kind,
+      authorization: buildServiceAuthorization(req, opts)
+    },
+    {
+      authServerUrl: opts.authServerUrl,
+      externalDelivery: Boolean(opts.messaging)
+    }
+  );
+  if (result.error) {
+    return res.status(result.status).json(result.error);
+  }
+  if (result.body && typeof result.body === "object" && "delivery" in result.body) {
+    await deliverAuthMessage(
+      opts.messaging,
+      result.body.delivery
+    );
+    return res.status(result.status).json(stripDelivery(result.body));
+  }
+  return res.status(result.status).json(result.body);
+}
+
 // src/handlers/finishRegister.ts
 import { finishRegisterHandler } from "@seamless-auth/core/handlers/finishRegister";
+import { verifyCookieJwt } from "@seamless-auth/core";
 async function finishRegister(req, res, opts) {
   const cookieSigner = {
     secret: opts.cookieSecret,
@@ -240,8 +444,24 @@ async function finishRegister(req, res, opts) {
     sameSite: process.env.NODE_ENV === "production" ? "none" : "lax"
   };
   const authorization = buildServiceAuthorization(req, opts);
+  const bootstrapToken = req.cookies?.["seamless_bootstrap_token"];
+  const headers = {};
+  if (bootstrapToken) {
+    const payload = verifyCookieJwt(bootstrapToken, opts.cookieSecret);
+    if (!payload || !payload.sub) {
+      res.status(401).json({
+        error: "Invalid or expired session"
+      });
+      return;
+    }
+    headers["cookie"] = `seamless_bootstrap_token=${payload.sub}`;
+  }
   const result = await finishRegisterHandler(
-    { body: req.body, authorization },
+    {
+      body: req.body,
+      authorization,
+      headers
+    },
     {
       authServerUrl: opts.authServerUrl,
       cookieDomain: opts.cookieDomain,
@@ -346,10 +566,305 @@ async function pollMagicLinkConfirmation(req, res, opts) {
   res.status(result.status).json(result.body).end();
 }
 
+// src/handlers/requestMagicLink.ts
+import { requestMagicLinkHandler } from "@seamless-auth/core/handlers/requestMagicLinkHandler";
+async function requestMagicLink(req, res, opts) {
+  const result = await requestMagicLinkHandler(
+    {
+      authorization: buildServiceAuthorization(req, opts)
+    },
+    {
+      authServerUrl: opts.authServerUrl,
+      externalDelivery: Boolean(opts.messaging)
+    }
+  );
+  if (result.error) {
+    return res.status(result.status).json(result.error);
+  }
+  if (result.body && typeof result.body === "object" && "delivery" in result.body) {
+    await deliverAuthMessage(
+      opts.messaging,
+      result.body.delivery
+    );
+    return res.status(result.status).json(stripDelivery(result.body));
+  }
+  return res.status(result.status).json(result.body);
+}
+
+// src/handlers/admin.ts
+import {
+  getUsersHandler,
+  createUserHandler,
+  deleteUserHandler,
+  updateUserHandler,
+  getUserDetailHandler,
+  getUserAnomaliesHandler,
+  getAuthEventsHandler,
+  getCredentialCountHandler,
+  listAllSessionsHandler,
+  listUserSessionsHandler,
+  revokeAllUserSessionsHandler
+} from "@seamless-auth/core/handlers/admin";
+function handle(res, result) {
+  if (result.error) {
+    return res.status(result.status).json({ error: result.error });
+  }
+  return res.status(result.status).json(result.body);
+}
+var getUsers = async (req, res, opts) => handle(
+  res,
+  await getUsersHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization: buildServiceAuthorization(req, opts)
+  })
+);
+var createUser = async (req, res, opts) => handle(
+  res,
+  await createUserHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization: buildServiceAuthorization(req, opts),
+    body: req.body
+  })
+);
+var deleteUser = async (req, res, opts) => handle(
+  res,
+  await deleteUserHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization: buildServiceAuthorization(req, opts)
+  })
+);
+var updateUser = async (req, res, opts) => handle(
+  res,
+  await updateUserHandler(req.params.userId, {
+    authServerUrl: opts.authServerUrl,
+    authorization: buildServiceAuthorization(req, opts),
+    body: req.body
+  })
+);
+var getUserDetail = async (req, res, opts) => handle(
+  res,
+  await getUserDetailHandler(req.params.userId, {
+    authServerUrl: opts.authServerUrl,
+    authorization: buildServiceAuthorization(req, opts)
+  })
+);
+var getUserAnomalies = async (req, res, opts) => handle(
+  res,
+  await getUserAnomaliesHandler(req.params.userId, {
+    authServerUrl: opts.authServerUrl,
+    authorization: buildServiceAuthorization(req, opts)
+  })
+);
+var getAuthEvents = async (req, res, opts) => handle(
+  res,
+  await getAuthEventsHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization: buildServiceAuthorization(req, opts),
+    query: req.query
+  })
+);
+var getCredentialCount = async (req, res, opts) => handle(
+  res,
+  await getCredentialCountHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization: buildServiceAuthorization(req, opts)
+  })
+);
+var listAllSessions = async (req, res, opts) => handle(
+  res,
+  await listAllSessionsHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization: buildServiceAuthorization(req, opts),
+    query: req.query
+  })
+);
+var listUserSessions = async (req, res, opts) => handle(
+  res,
+  await listUserSessionsHandler(req.params.userId, {
+    authServerUrl: opts.authServerUrl,
+    authorization: buildServiceAuthorization(req, opts)
+  })
+);
+var revokeAllUserSessions = async (req, res, opts) => handle(
+  res,
+  await revokeAllUserSessionsHandler(req.params.userId, {
+    authServerUrl: opts.authServerUrl,
+    authorization: buildServiceAuthorization(req, opts)
+  })
+);
+
 // src/createServer.ts
 import {
   authFetch
 } from "@seamless-auth/core";
+
+// src/handlers/bootstrapAdmininvite.ts
+import { bootstrapAdminInviteHandler } from "@seamless-auth/core/handlers/bootstrapAdminInvite";
+async function bootstrapAdminInvite(req, res, opts) {
+  const result = await bootstrapAdminInviteHandler({
+    authServerUrl: opts.authServerUrl,
+    email: req.body.email,
+    authorization: req.headers["authorization"],
+    externalDelivery: Boolean(opts.messaging)
+  });
+  if (result.error) {
+    return res.status(result.status).json({ error: result.error });
+  }
+  if (result.body && typeof result.body === "object" && "delivery" in result.body) {
+    await deliverAuthMessage(
+      opts.messaging,
+      result.body.delivery
+    );
+    return res.status(result.status).json(stripDelivery(result.body));
+  }
+  res.status(result.status).json(result.body);
+}
+
+// src/handlers/systemConfig.ts
+import {
+  getAvailableRolesHandler,
+  getSystemConfigAdminHandler,
+  updateSystemConfigHandler
+} from "@seamless-auth/core/handlers/systemConfig";
+async function getAvailableRoles(req, res, opts) {
+  const authorization = buildServiceAuthorization(req, opts);
+  const result = await getAvailableRolesHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization
+  });
+  if (result.error) {
+    return res.status(result.status).json({ error: result.error });
+  }
+  res.status(result.status).json(result.body);
+}
+async function getSystemConfigAdmin(req, res, opts) {
+  const authorization = buildServiceAuthorization(req, opts);
+  const result = await getSystemConfigAdminHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization
+  });
+  if (result.error) {
+    return res.status(result.status).json({ error: result.error });
+  }
+  res.status(result.status).json(result.body);
+}
+async function updateSystemConfig(req, res, opts) {
+  const authorization = buildServiceAuthorization(req, opts);
+  const result = await updateSystemConfigHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization,
+    payload: req.body
+  });
+  if (result.error) {
+    return res.status(result.status).json({ error: result.error });
+  }
+  res.status(result.status).json(result.body);
+}
+
+// src/handlers/internalMetrics.ts
+import {
+  getAuthEventSummaryHandler,
+  getAuthEventTimeseriesHandler,
+  getLoginStatsHandler,
+  getSecurityAnomaliesHandler,
+  getDashboardMetricsHandler,
+  getGroupedEventSummaryHandler
+} from "@seamless-auth/core/handlers/internalMetrics";
+function handle2(res, result) {
+  if (result.error) {
+    return res.status(result.status).json({ error: result.error });
+  }
+  return res.status(result.status).json(result.body);
+}
+async function getAuthEventSummary(req, res, opts) {
+  const authorization = buildServiceAuthorization(req, opts);
+  const result = await getAuthEventSummaryHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization,
+    query: req.query
+  });
+  return handle2(res, result);
+}
+async function getAuthEventTimeseries(req, res, opts) {
+  const authorization = buildServiceAuthorization(req, opts);
+  const result = await getAuthEventTimeseriesHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization,
+    query: req.query
+  });
+  return handle2(res, result);
+}
+async function getLoginStats(req, res, opts) {
+  const authorization = buildServiceAuthorization(req, opts);
+  const result = await getLoginStatsHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization
+  });
+  return handle2(res, result);
+}
+async function getSecurityAnomalies(req, res, opts) {
+  const authorization = buildServiceAuthorization(req, opts);
+  const result = await getSecurityAnomaliesHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization
+  });
+  return handle2(res, result);
+}
+async function getDashboardMetrics(req, res, opts) {
+  const authorization = buildServiceAuthorization(req, opts);
+  const result = await getDashboardMetricsHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization
+  });
+  return handle2(res, result);
+}
+async function getGroupedEventSummary(req, res, opts) {
+  const authorization = buildServiceAuthorization(req, opts);
+  const result = await getGroupedEventSummaryHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization
+  });
+  return handle2(res, result);
+}
+
+// src/handlers/sessions.ts
+import {
+  listSessionsHandler,
+  revokeSessionHandler,
+  revokeAllSessionsHandler
+} from "@seamless-auth/core/handlers/sessions";
+function handle3(res, result) {
+  if (result.error) {
+    return res.status(result.status).json({ error: result.error });
+  }
+  return res.status(result.status).json(result.body);
+}
+async function listSessions(req, res, opts) {
+  const authorization = buildServiceAuthorization(req, opts);
+  const result = await listSessionsHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization
+  });
+  return handle3(res, result);
+}
+async function revokeSession(req, res, opts) {
+  const authorization = buildServiceAuthorization(req, opts);
+  const result = await revokeSessionHandler(req.params.id, {
+    authServerUrl: opts.authServerUrl,
+    authorization
+  });
+  return handle3(res, result);
+}
+async function revokeAllSessions(req, res, opts) {
+  const authorization = buildServiceAuthorization(req, opts);
+  const result = await revokeAllSessionsHandler({
+    authServerUrl: opts.authServerUrl,
+    authorization
+  });
+  return handle3(res, result);
+}
+
+// src/createServer.ts
 function createSeamlessAuthServer(opts) {
   const r = express.Router();
   r.use(express.json());
@@ -365,7 +880,8 @@ function createSeamlessAuthServer(opts) {
     accessCookieName: opts.accessCookieName ?? "seamless-access",
     registrationCookieName: opts.registrationCookieName ?? "seamless-ephemeral",
     refreshCookieName: opts.refreshCookieName ?? "seamless-refresh",
-    preAuthCookieName: opts.preAuthCookieName ?? "seamless-ephemeral"
+    preAuthCookieName: opts.preAuthCookieName ?? "seamless-ephemeral",
+    messaging: opts.messaging
   };
   const proxyWithIdentity = (path, identity, method = "POST") => async (req, res) => {
     if (!req.cookiePayload?.sub) {
@@ -438,11 +954,11 @@ function createSeamlessAuthServer(opts) {
   );
   r.get(
     "/otp/generate-phone-otp",
-    proxyWithIdentity("otp/generate-phone-otp", "preAuth", "GET")
+    (req, res) => requestOtp(req, res, resolvedOpts, "phone")
   );
   r.get(
     "/otp/generate-email-otp",
-    proxyWithIdentity("otp/generate-email-otp", "preAuth", "GET")
+    (req, res) => requestOtp(req, res, resolvedOpts, "email")
   );
   r.post("/login", (req, res) => login(req, res, resolvedOpts));
   r.post(
@@ -460,7 +976,10 @@ function createSeamlessAuthServer(opts) {
     "/users/credentials",
     proxyWithIdentity("users/credentials", "access")
   );
-  r.get("/magic-link", proxyWithIdentity("magic-link", "preAuth", "GET"));
+  r.get(
+    "/magic-link",
+    (req, res) => requestMagicLink(req, res, resolvedOpts)
+  );
   r.get("/magic-link/verify/:token", async (req, res) => {
     const upstream = await authFetch(
       `${resolvedOpts.authServerUrl}/magic-link/verify/${req.params.token}`,
@@ -473,11 +992,101 @@ function createSeamlessAuthServer(opts) {
     "/magic-link/check",
     (req, res) => pollMagicLinkConfirmation(req, res, resolvedOpts)
   );
+  r.post(
+    "/internal/bootstrap/admin-invite",
+    (req, res) => bootstrapAdminInvite(req, res, resolvedOpts)
+  );
+  r.get(
+    "/system-config/roles",
+    (req, res) => getAvailableRoles(req, res, resolvedOpts)
+  );
+  r.get(
+    "/system-config/admin",
+    (req, res) => getSystemConfigAdmin(req, res, resolvedOpts)
+  );
+  r.patch(
+    "/system-config/admin",
+    (req, res) => updateSystemConfig(req, res, resolvedOpts)
+  );
+  r.get(
+    "/internal/auth-events/summary",
+    (req, res) => getAuthEventSummary(req, res, resolvedOpts)
+  );
+  r.get(
+    "/internal/auth-events/timeseries",
+    (req, res) => getAuthEventTimeseries(req, res, resolvedOpts)
+  );
+  r.get(
+    "/internal/auth-events/login-stats",
+    (req, res) => getLoginStats(req, res, resolvedOpts)
+  );
+  r.get(
+    "/internal/security/anomalies",
+    (req, res) => getSecurityAnomalies(req, res, resolvedOpts)
+  );
+  r.get(
+    "/internal/metrics/dashboard",
+    (req, res) => getDashboardMetrics(req, res, resolvedOpts)
+  );
+  r.get(
+    "/internal/auth-events/grouped",
+    (req, res) => getGroupedEventSummary(req, res, resolvedOpts)
+  );
+  r.get("/admin/users", (req, res) => getUsers(req, res, resolvedOpts));
+  r.post(
+    "/admin/users",
+    (req, res) => createUser(req, res, resolvedOpts)
+  );
+  r.delete(
+    "/admin/users",
+    (req, res) => deleteUser(req, res, resolvedOpts)
+  );
+  r.patch(
+    "/admin/users/:userId",
+    (req, res) => updateUser(req, res, resolvedOpts)
+  );
+  r.get(
+    "/admin/users/:userId",
+    (req, res) => getUserDetail(req, res, resolvedOpts)
+  );
+  r.get(
+    "/admin/users/:userId/anomalies",
+    (req, res) => getUserAnomalies(req, res, resolvedOpts)
+  );
+  r.get(
+    "/admin/auth-events",
+    (req, res) => getAuthEvents(req, res, resolvedOpts)
+  );
+  r.get(
+    "/admin/credential-count",
+    (req, res) => getCredentialCount(req, res, resolvedOpts)
+  );
+  r.get(
+    "/admin/sessions",
+    (req, res) => listAllSessions(req, res, resolvedOpts)
+  );
+  r.get(
+    "/admin/sessions/:userId",
+    (req, res) => listUserSessions(req, res, resolvedOpts)
+  );
+  r.delete(
+    "/admin/sessions/:userId/revoke-all",
+    (req, res) => revokeAllUserSessions(req, res, resolvedOpts)
+  );
+  r.get("/sessions", (req, res) => listSessions(req, res, resolvedOpts));
+  r.delete(
+    "/sessions/:id",
+    (req, res) => revokeSession(req, res, resolvedOpts)
+  );
+  r.delete(
+    "/sessions",
+    (req, res) => revokeAllSessions(req, res, resolvedOpts)
+  );
   return r;
 }
 
 // src/middleware/requireAuth.ts
-import { verifyCookieJwt } from "@seamless-auth/core";
+import { verifyCookieJwt as verifyCookieJwt2 } from "@seamless-auth/core";
 function requireAuth(opts) {
   const { cookieName = "seamless-access", cookieSecret } = opts;
   if (!cookieSecret) {
@@ -495,7 +1104,7 @@ function requireAuth(opts) {
       });
       return;
     }
-    const payload = verifyCookieJwt(token, cookieSecret);
+    const payload = verifyCookieJwt2(token, cookieSecret);
     if (!payload || !payload.sub) {
       res.status(401).json({
         error: "Invalid or expired session"