@spfn/auth 0.1.0-alpha.0 → 0.1.0-alpha.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 INFLIKE Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1166,8 +1166,8 @@ if (shouldRotate) {
 
 ```bash
 # .env
-JWT_SECRET=your-secret-key-change-in-production  # For legacy tokens
-JWT_EXPIRES_IN=7d                                 # Token expiry
+SPFN_AUTH_JWT_SECRET=your-secret-key-change-in-production  # For legacy tokens
+SPFN_AUTH_JWT_EXPIRES_IN=7d                                 # Token expiry
 ```
 
 ---
@@ -1196,12 +1196,70 @@ This creates the auth schema with 8 tables:
 
 ### 2. Configure Environment Variables
 
+#### Core Settings (Required)
+
 ```bash
 # .env
-JWT_SECRET=your-secret-key-change-in-production
-JWT_EXPIRES_IN=7d
+
+# ========================================
+# Core Authentication Settings (Required)
+# ========================================
+
+# JWT Token Settings
+SPFN_AUTH_JWT_SECRET=your-secret-key-change-in-production  # JWT signing secret (REQUIRED)
+SPFN_AUTH_JWT_EXPIRES_IN=7d                                 # JWT token expiry (default: 7d)
+
+# Verification Token Settings
+SPFN_AUTH_VERIFICATION_TOKEN_SECRET=separate-secret-key     # Optional: separate secret for verification tokens
+                                                            # If not set, uses SPFN_AUTH_JWT_SECRET
+
+# Password Hashing
+SPFN_AUTH_BCRYPT_SALT_ROUNDS=10                            # bcrypt salt rounds (default: 10)
+                                                            # Higher = more secure but slower (10-12 recommended)
+
+# ========================================
+# Client-Side Settings (Optional)
+# ========================================
+
+# Session Management (for client-side session encryption)
+SPFN_AUTH_SESSION_SECRET=session-encryption-key             # Required if using client-side session features
+
+# API URL Configuration (for client-side API calls)
+SPFN_API_URL=http://localhost:8790                         # SPFN API server URL
+NEXT_PUBLIC_API_URL=http://localhost:8790                   # Next.js public API URL (takes precedence)
+
+# Environment
+NODE_ENV=production                               # production | development
 ```
 
+#### Admin Account Creation (Optional)
+
+See [Section 3: Create Initial Admin Accounts](#3-create-initial-admin-accounts-optional) below for details.
+
+d---
+
+### Legacy Environment Variables (Backward Compatibility)
+
+For backward compatibility, the package also supports legacy environment variable names without the `SPFN_AUTH_` prefix. The new prefixed versions take precedence:
+
+```bash
+# Legacy (still supported, but deprecated)
+JWT_SECRET=...
+JWT_EXPIRES_IN=...
+VERIFICATION_TOKEN_SECRET=...
+BCRYPT_SALT_ROUNDS=...
+SESSION_SECRET=...
+
+ADMIN_ACCOUNTS=...
+ADMIN_EMAILS=...
+ADMIN_PASSWORDS=...
+ADMIN_ROLES=...
+ADMIN_EMAIL=...
+ADMIN_PASSWORD=...
+```
+
+**Recommendation:** Use the new `SPFN_AUTH_*` prefixed variables to avoid conflicts with other packages.
+
 ### 3. Create Initial Admin Accounts (Optional)
 
 You can automatically create admin accounts on server startup using environment variables. Three formats are supported:
@@ -1212,7 +1270,7 @@ Allows full control over each account's configuration.
 
 ```bash
 # .env
-ADMIN_ACCOUNTS='[
+SPFN_AUTH_ADMIN_ACCOUNTS='[
   {
     "email": "super@example.com",
     "password": "super-password",
@@ -1249,14 +1307,14 @@ Quick setup for multiple accounts with basic configuration.
 
 ```bash
 # .env
-ADMIN_EMAILS=super@example.com,admin@example.com,user@example.com
-ADMIN_PASSWORDS=super-pass,admin-pass,user-pass
-ADMIN_ROLES=superadmin,admin,user  # Optional, defaults to 'user'
+SPFN_AUTH_ADMIN_EMAILS=super@example.com,admin@example.com,user@example.com
+SPFN_AUTH_ADMIN_PASSWORDS=super-pass,admin-pass,user-pass
+SPFN_AUTH_ADMIN_ROLES=superadmin,admin,user  # Optional, defaults to 'user'
 ```
 
 **Requirements:**
-- `ADMIN_EMAILS` and `ADMIN_PASSWORDS` must have the same number of items
-- `ADMIN_ROLES` is optional (defaults to `user` for each account)
+- `SPFN_AUTH_ADMIN_EMAILS` and `SPFN_AUTH_ADMIN_PASSWORDS` must have the same number of items
+- `SPFN_AUTH_ADMIN_ROLES` is optional (defaults to `user` for each account)
 - All accounts will have `passwordChangeRequired: true`
 
 ---
@@ -1267,8 +1325,8 @@ For backward compatibility, you can create a single superadmin account.
 
 ```bash
 # .env
-ADMIN_EMAIL=admin@example.com
-ADMIN_PASSWORD=secure-password
+SPFN_AUTH_ADMIN_EMAIL=admin@example.com
+SPFN_AUTH_ADMIN_PASSWORD=secure-password
 ```
 
 This creates a single account with:

package/dist/api-BcQM4WKb.d.ts

@@ -0,0 +1,45 @@
+/**
+ * @spfn/auth - API Response Types
+ *
+ * Auth-specific types for API endpoints
+ * For standard response types, import from '@spfn/core/route'
+ */
+/**
+ * Session types
+ */
+interface SessionPayload {
+    userId: string;
+    role?: string;
+}
+/**
+ * RBAC types
+ */
+interface Permission {
+    resource: string;
+    action: string;
+}
+/**
+ * API Response Types for specific endpoints
+ */
+interface CheckAccountExistsData {
+    exists: boolean;
+    identifier: string;
+    identifierType: 'email' | 'phone';
+}
+interface LoginData {
+    token: string;
+    user: {
+        id: string;
+        email?: string;
+        phone?: string;
+        role: string;
+        emailVerifiedAt?: string;
+        phoneVerifiedAt?: string;
+    };
+    passwordChangeRequired: boolean;
+}
+interface ChangePasswordData {
+    success: boolean;
+}
+
+export type { CheckAccountExistsData as C, LoginData as L, Permission as P, SessionPayload as S, ChangePasswordData as a };

package/dist/client.d.ts

@@ -0,0 +1,2 @@
+
+export {  }

package/dist/client.js

@@ -0,0 +1 @@
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/index.d.ts

@@ -0,0 +1,57 @@
+export { spfnPlugin } from './plugin.js';
+export { a as ChangePasswordData, C as CheckAccountExistsData, L as LoginData, P as Permission, S as SessionPayload } from './api-BcQM4WKb.js';
+import * as _sinclair_typebox from '@sinclair/typebox';
+import { TObject } from '@sinclair/typebox';
+export { NewUser, User, UserStatus, UserWithVerification, users } from './server/entities/users.js';
+export { NewUserSocialAccount, UserSocialAccount, userSocialAccounts } from './server/entities/user-social-accounts.js';
+export { NewUserPublicKey, UserPublicKey, userPublicKeys } from './server/entities/user-public-keys.js';
+export { NewVerificationCode, VerificationCode, verificationCodes } from './server/entities/verification-codes.js';
+export { NewRole, NewRoleEntity, Role, RoleEntity, roles } from './server/entities/roles.js';
+export { NewPermissionEntity, PermissionEntity, permissions } from './server/entities/permissions.js';
+export { NewRolePermission, RolePermission, rolePermissions } from './server/entities/role-permissions.js';
+export { NewUserPermission, UserPermission, userPermissions } from './server/entities/user-permissions.js';
+import '@spfn/core/server';
+import 'drizzle-orm/pg-core';
+
+/**
+ * Success response schema wrapper
+ *
+ * Wraps a data schema with success: true and optional message
+ */
+declare const SuccessResponseSchema: <T extends TObject>(dataSchema: T) => TObject<{
+    success: _sinclair_typebox.TLiteral<true>;
+    data: T;
+    message: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+}>;
+/**
+ * Error response schema
+ *
+ * Standard error format with code, message, and optional details
+ */
+declare const ErrorResponseSchema: TObject<{
+    success: _sinclair_typebox.TLiteral<false>;
+    error: TObject<{
+        code: _sinclair_typebox.TString;
+        message: _sinclair_typebox.TString;
+        details: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
+    }>;
+}>;
+/**
+ * API Response schema (union of success and error)
+ *
+ * Use this to define contract responses that can be either success or error
+ */
+declare const ApiResponseSchema: <T extends TObject>(dataSchema: T) => _sinclair_typebox.TUnion<[TObject<{
+    success: _sinclair_typebox.TLiteral<true>;
+    data: T;
+    message: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+}>, TObject<{
+    success: _sinclair_typebox.TLiteral<false>;
+    error: TObject<{
+        code: _sinclair_typebox.TString;
+        message: _sinclair_typebox.TString;
+        details: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
+    }>;
+}>]>;
+
+export { ApiResponseSchema, ErrorResponseSchema, SuccessResponseSchema };