@spfn/auth 0.1.0-alpha.88 → 0.2.0-beta.1

package/dist/lib/config.d.ts

@@ -1,70 +0,0 @@
-/**
- * @spfn/auth - Global Configuration
- *
- * Manages global auth configuration including session TTL
- */
-/**
- * Cookie names used by SPFN Auth
- */
-declare const COOKIE_NAMES: {
-    /** Encrypted session data (userId, privateKey, keyId, algorithm) */
-    readonly SESSION: "spfn_session";
-    /** Current key ID (for key rotation) */
-    readonly SESSION_KEY_ID: "spfn_session_key_id";
-};
-/**
- * Parse duration string to seconds
- *
- * Supports: '30d', '12h', '45m', '3600s', or plain number
- *
- * @example
- * parseDuration('30d')   // 2592000 (30 days in seconds)
- * parseDuration('12h')   // 43200
- * parseDuration('45m')   // 2700
- * parseDuration('3600')  // 3600
- */
-declare function parseDuration(duration: string | number): number;
-/**
- * Auth configuration
- */
-interface AuthConfig {
-    /**
-     * Default session TTL in seconds or duration string
-     *
-     * Supports:
-     * - Number: seconds (e.g., 2592000)
-     * - String: '30d', '12h', '45m', '3600s'
-     *
-     * @default 7d (7 days)
-     */
-    sessionTtl?: string | number;
-}
-/**
- * Configure global auth settings
- *
- * @param config - Auth configuration
- *
- * @example
- * ```typescript
- * configureAuth({
- *   sessionTtl: '30d',  // 30 days
- * });
- * ```
- */
-declare function configureAuth(config: AuthConfig): void;
-/**
- * Get current auth configuration
- */
-declare function getAuthConfig(): AuthConfig;
-/**
- * Get session TTL in seconds
- *
- * Priority:
- * 1. Runtime override (remember parameter)
- * 2. Global config (configureAuth)
- * 3. Environment variable (SPFN_AUTH_SESSION_TTL)
- * 4. Default (7 days)
- */
-declare function getSessionTtl(override?: string | number): number;
-
-export { type AuthConfig, COOKIE_NAMES, configureAuth, getAuthConfig, getSessionTtl, parseDuration };

package/dist/lib/config.js

@@ -1,64 +0,0 @@
-// src/lib/config.ts
-var COOKIE_NAMES = {
-  /** Encrypted session data (userId, privateKey, keyId, algorithm) */
-  SESSION: "spfn_session",
-  /** Current key ID (for key rotation) */
-  SESSION_KEY_ID: "spfn_session_key_id"
-};
-function parseDuration(duration) {
-  if (typeof duration === "number") {
-    return duration;
-  }
-  const match = duration.match(/^(\d+)([dhms]?)$/);
-  if (!match) {
-    throw new Error(`Invalid duration format: ${duration}. Use format like '30d', '12h', '45m', '3600s', or plain number.`);
-  }
-  const value = parseInt(match[1], 10);
-  const unit = match[2] || "s";
-  switch (unit) {
-    case "d":
-      return value * 24 * 60 * 60;
-    case "h":
-      return value * 60 * 60;
-    case "m":
-      return value * 60;
-    case "s":
-      return value;
-    default:
-      throw new Error(`Unknown duration unit: ${unit}`);
-  }
-}
-var globalConfig = {
-  sessionTtl: "7d"
-  // Default: 7 days
-};
-function configureAuth(config) {
-  globalConfig = {
-    ...globalConfig,
-    ...config
-  };
-}
-function getAuthConfig() {
-  return { ...globalConfig };
-}
-function getSessionTtl(override) {
-  if (override !== void 0) {
-    return parseDuration(override);
-  }
-  if (globalConfig.sessionTtl !== void 0) {
-    return parseDuration(globalConfig.sessionTtl);
-  }
-  const envTtl = process.env.SPFN_AUTH_SESSION_TTL;
-  if (envTtl) {
-    return parseDuration(envTtl);
-  }
-  return 7 * 24 * 60 * 60;
-}
-export {
-  COOKIE_NAMES,
-  configureAuth,
-  getAuthConfig,
-  getSessionTtl,
-  parseDuration
-};
-//# sourceMappingURL=config.js.map

package/dist/lib/config.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/lib/config.ts"],"sourcesContent":["/**\n * @spfn/auth - Global Configuration\n *\n * Manages global auth configuration including session TTL\n */\n\n/**\n * Cookie names used by SPFN Auth\n */\nexport const COOKIE_NAMES = {\n    /** Encrypted session data (userId, privateKey, keyId, algorithm) */\n    SESSION: 'spfn_session',\n    /** Current key ID (for key rotation) */\n    SESSION_KEY_ID: 'spfn_session_key_id',\n} as const;\n\n/**\n * Parse duration string to seconds\n *\n * Supports: '30d', '12h', '45m', '3600s', or plain number\n *\n * @example\n * parseDuration('30d')   // 2592000 (30 days in seconds)\n * parseDuration('12h')   // 43200\n * parseDuration('45m')   // 2700\n * parseDuration('3600')  // 3600\n */\nexport function parseDuration(duration: string | number): number\n{\n    if (typeof duration === 'number')\n    {\n        return duration;\n    }\n\n    const match = duration.match(/^(\\d+)([dhms]?)$/);\n    if (!match)\n    {\n        throw new Error(`Invalid duration format: ${duration}. Use format like '30d', '12h', '45m', '3600s', or plain number.`);\n    }\n\n    const value = parseInt(match[1], 10);\n    const unit = match[2] || 's';\n\n    switch (unit)\n    {\n        case 'd':\n            return value * 24 * 60 * 60;\n        case 'h':\n            return value * 60 * 60;\n        case 'm':\n            return value * 60;\n        case 's':\n            return value;\n        default:\n            throw new Error(`Unknown duration unit: ${unit}`);\n    }\n}\n\n/**\n * Auth configuration\n */\nexport interface AuthConfig\n{\n    /**\n     * Default session TTL in seconds or duration string\n     *\n     * Supports:\n     * - Number: seconds (e.g., 2592000)\n     * - String: '30d', '12h', '45m', '3600s'\n     *\n     * @default 7d (7 days)\n     */\n    sessionTtl?: string | number;\n}\n\n/**\n * Global auth configuration state\n */\nlet globalConfig: AuthConfig = {\n    sessionTtl: '7d', // Default: 7 days\n};\n\n/**\n * Configure global auth settings\n *\n * @param config - Auth configuration\n *\n * @example\n * ```typescript\n * configureAuth({\n *   sessionTtl: '30d',  // 30 days\n * });\n * ```\n */\nexport function configureAuth(config: AuthConfig): void\n{\n    globalConfig = {\n        ...globalConfig,\n        ...config,\n    };\n}\n\n/**\n * Get current auth configuration\n */\nexport function getAuthConfig(): AuthConfig\n{\n    return { ...globalConfig };\n}\n\n/**\n * Get session TTL in seconds\n *\n * Priority:\n * 1. Runtime override (remember parameter)\n * 2. Global config (configureAuth)\n * 3. Environment variable (SPFN_AUTH_SESSION_TTL)\n * 4. Default (7 days)\n */\nexport function getSessionTtl(override?: string | number): number\n{\n    // 1. Runtime override\n    if (override !== undefined)\n    {\n        return parseDuration(override);\n    }\n\n    // 2. Global config\n    if (globalConfig.sessionTtl !== undefined)\n    {\n        return parseDuration(globalConfig.sessionTtl);\n    }\n\n    // 3. Environment variable\n    const envTtl = process.env.SPFN_AUTH_SESSION_TTL;\n    if (envTtl)\n    {\n        return parseDuration(envTtl);\n    }\n\n    // 4. Default: 7 days\n    return 7 * 24 * 60 * 60;\n}"],"mappings":";AASO,IAAM,eAAe;AAAA;AAAA,EAExB,SAAS;AAAA;AAAA,EAET,gBAAgB;AACpB;AAaO,SAAS,cAAc,UAC9B;AACI,MAAI,OAAO,aAAa,UACxB;AACI,WAAO;AAAA,EACX;AAEA,QAAM,QAAQ,SAAS,MAAM,kBAAkB;AAC/C,MAAI,CAAC,OACL;AACI,UAAM,IAAI,MAAM,4BAA4B,QAAQ,kEAAkE;AAAA,EAC1H;AAEA,QAAM,QAAQ,SAAS,MAAM,CAAC,GAAG,EAAE;AACnC,QAAM,OAAO,MAAM,CAAC,KAAK;AAEzB,UAAQ,MACR;AAAA,IACI,KAAK;AACD,aAAO,QAAQ,KAAK,KAAK;AAAA,IAC7B,KAAK;AACD,aAAO,QAAQ,KAAK;AAAA,IACxB,KAAK;AACD,aAAO,QAAQ;AAAA,IACnB,KAAK;AACD,aAAO;AAAA,IACX;AACI,YAAM,IAAI,MAAM,0BAA0B,IAAI,EAAE;AAAA,EACxD;AACJ;AAsBA,IAAI,eAA2B;AAAA,EAC3B,YAAY;AAAA;AAChB;AAcO,SAAS,cAAc,QAC9B;AACI,iBAAe;AAAA,IACX,GAAG;AAAA,IACH,GAAG;AAAA,EACP;AACJ;AAKO,SAAS,gBAChB;AACI,SAAO,EAAE,GAAG,aAAa;AAC7B;AAWO,SAAS,cAAc,UAC9B;AAEI,MAAI,aAAa,QACjB;AACI,WAAO,cAAc,QAAQ;AAAA,EACjC;AAGA,MAAI,aAAa,eAAe,QAChC;AACI,WAAO,cAAc,aAAa,UAAU;AAAA,EAChD;AAGA,QAAM,SAAS,QAAQ,IAAI;AAC3B,MAAI,QACJ;AACI,WAAO,cAAc,MAAM;AAAA,EAC/B;AAGA,SAAO,IAAI,KAAK,KAAK;AACzB;","names":[]}

package/dist/lib/contracts/auth.d.ts

@@ -1,302 +0,0 @@
-import * as _sinclair_typebox from '@sinclair/typebox';
-
-/**
- * @spfn/auth - Auth API Contracts
- *
- * Type-safe API contracts for authentication operations
- */
-/**
- * POST /codes - Send verification code
- *
- * Sends a 6-digit verification code to email or phone
- * Final path: /_auth/codes
- */
-declare const sendVerificationCodeContract: {
-    readonly method: "POST";
-    readonly path: "/_auth/codes";
-    readonly body: _sinclair_typebox.TObject<{
-        target: _sinclair_typebox.TString;
-        targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
-        purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">]>;
-    }>;
-    readonly response: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<true>;
-        data: _sinclair_typebox.TObject<{
-            success: _sinclair_typebox.TBoolean;
-            expiresAt: _sinclair_typebox.TString;
-        }>;
-        message: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-    }>, _sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<false>;
-        error: _sinclair_typebox.TObject<{
-            code: _sinclair_typebox.TString;
-            message: _sinclair_typebox.TString;
-            details: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
-        }>;
-    }>]>;
-};
-/**
- * POST /codes/verify - Verify code (without creating account)
- *
- * Validates verification code, returns a temporary token
- * Final path: /_auth/codes/verify
- */
-declare const verifyCodeContract: {
-    readonly method: "POST";
-    readonly path: "/_auth/codes/verify";
-    readonly body: _sinclair_typebox.TObject<{
-        target: _sinclair_typebox.TString;
-        targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
-        code: _sinclair_typebox.TString;
-        purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">]>;
-    }>;
-    readonly response: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<true>;
-        data: _sinclair_typebox.TObject<{
-            valid: _sinclair_typebox.TBoolean;
-            verificationToken: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-        }>;
-        message: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-    }>, _sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<false>;
-        error: _sinclair_typebox.TObject<{
-            code: _sinclair_typebox.TString;
-            message: _sinclair_typebox.TString;
-            details: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
-        }>;
-    }>]>;
-};
-/**
- * POST /exists - Check if account exists
- *
- * Checks if an email or phone number is already registered
- * Final path: /_auth/exists (prefix added from package.json)
- */
-declare const checkAccountExistsContract: {
-    readonly method: "POST";
-    readonly path: "/_auth/exists";
-    readonly body: _sinclair_typebox.TObject<{
-        email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-        phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-    }>;
-    readonly response: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<true>;
-        data: _sinclair_typebox.TObject<{
-            exists: _sinclair_typebox.TBoolean;
-            identifier: _sinclair_typebox.TString;
-            identifierType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
-        }>;
-        message: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-    }>, _sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<false>;
-        error: _sinclair_typebox.TObject<{
-            code: _sinclair_typebox.TString;
-            message: _sinclair_typebox.TString;
-            details: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
-        }>;
-    }>]>;
-};
-/**
- * POST /register - Register new user
- *
- * Register with email/phone and password, includes public key
- * Final path: /_auth/register (prefix added from package.json)
- */
-declare const registerContract: {
-    readonly method: "POST";
-    readonly path: "/_auth/register";
-    readonly body: _sinclair_typebox.TObject<{
-        email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-        phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-        verificationToken: _sinclair_typebox.TString;
-        password: _sinclair_typebox.TString;
-        publicKey: _sinclair_typebox.TString;
-        keyId: _sinclair_typebox.TString;
-        fingerprint: _sinclair_typebox.TString;
-        algorithm: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"ES256">, _sinclair_typebox.TLiteral<"RS256">]>;
-        keySize: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
-    }>;
-    readonly response: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<true>;
-        data: _sinclair_typebox.TObject<{
-            userId: _sinclair_typebox.TString;
-            email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-            phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-        }>;
-        message: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-    }>, _sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<false>;
-        error: _sinclair_typebox.TObject<{
-            code: _sinclair_typebox.TString;
-            message: _sinclair_typebox.TString;
-            details: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
-        }>;
-    }>]>;
-};
-/**
- * POST /login - User login
- *
- * Authenticate user with email/phone and password
- * Replaces existing key with new one
- * Final path: /_auth/login (prefix added from package.json)
- */
-declare const loginContract: {
-    readonly method: "POST";
-    readonly path: "/_auth/login";
-    readonly body: _sinclair_typebox.TObject<{
-        email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-        phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-        password: _sinclair_typebox.TString;
-        publicKey: _sinclair_typebox.TString;
-        keyId: _sinclair_typebox.TString;
-        fingerprint: _sinclair_typebox.TString;
-        oldKeyId: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-        algorithm: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"ES256">, _sinclair_typebox.TLiteral<"RS256">]>;
-        keySize: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
-    }>;
-    readonly response: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<true>;
-        data: _sinclair_typebox.TObject<{
-            userId: _sinclair_typebox.TString;
-            email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-            phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-            passwordChangeRequired: _sinclair_typebox.TBoolean;
-        }>;
-        message: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-    }>, _sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<false>;
-        error: _sinclair_typebox.TObject<{
-            code: _sinclair_typebox.TString;
-            message: _sinclair_typebox.TString;
-            details: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
-        }>;
-    }>]>;
-};
-/**
- * POST /logout - Logout user
- *
- * Revokes current key (requires authentication)
- * Final path: /_auth/logout (prefix added from package.json)
- */
-declare const logoutContract: {
-    readonly method: "POST";
-    readonly path: "/_auth/logout";
-    readonly body: _sinclair_typebox.TObject<{}>;
-    readonly response: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<true>;
-        data: _sinclair_typebox.TObject<{
-            success: _sinclair_typebox.TBoolean;
-        }>;
-        message: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-    }>, _sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<false>;
-        error: _sinclair_typebox.TObject<{
-            code: _sinclair_typebox.TString;
-            message: _sinclair_typebox.TString;
-            details: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
-        }>;
-    }>]>;
-};
-/**
- * POST /keys/rotate - Rotate key
- *
- * Replace current key with new one (requires authentication)
- * Final path: /_auth/keys/rotate (prefix added from package.json)
- */
-declare const rotateKeyContract: {
-    readonly method: "POST";
-    readonly path: "/_auth/keys/rotate";
-    readonly body: _sinclair_typebox.TObject<{
-        publicKey: _sinclair_typebox.TString;
-        keyId: _sinclair_typebox.TString;
-        fingerprint: _sinclair_typebox.TString;
-        algorithm: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"ES256">, _sinclair_typebox.TLiteral<"RS256">]>;
-        keySize: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
-    }>;
-    readonly response: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<true>;
-        data: _sinclair_typebox.TObject<{
-            success: _sinclair_typebox.TBoolean;
-            keyId: _sinclair_typebox.TString;
-        }>;
-        message: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-    }>, _sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<false>;
-        error: _sinclair_typebox.TObject<{
-            code: _sinclair_typebox.TString;
-            message: _sinclair_typebox.TString;
-            details: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
-        }>;
-    }>]>;
-};
-/**
- * PUT /password - Change user password
- *
- * Allows authenticated users to change their password
- * Requires current password for verification
- * Final path: /_auth/password (prefix added from package.json)
- */
-declare const changePasswordContract: {
-    readonly method: "PUT";
-    readonly path: "/_auth/password";
-    readonly body: _sinclair_typebox.TObject<{
-        currentPassword: _sinclair_typebox.TString;
-        newPassword: _sinclair_typebox.TString;
-    }>;
-    readonly response: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<true>;
-        data: _sinclair_typebox.TObject<{
-            success: _sinclair_typebox.TBoolean;
-        }>;
-        message: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-    }>, _sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<false>;
-        error: _sinclair_typebox.TObject<{
-            code: _sinclair_typebox.TString;
-            message: _sinclair_typebox.TString;
-            details: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
-        }>;
-    }>]>;
-};
-/**
- * GET /me - Get current user info
- *
- * Returns authenticated user's information including role and permissions
- * Requires authentication
- * Final path: /_auth/me (prefix added from package.json)
- */
-declare const getMeContract: {
-    readonly method: "GET";
-    readonly path: "/_auth/me";
-    readonly body: _sinclair_typebox.TObject<{}>;
-    readonly response: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<true>;
-        data: _sinclair_typebox.TObject<{
-            userId: _sinclair_typebox.TString;
-            email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-            phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-            role: _sinclair_typebox.TObject<{
-                id: _sinclair_typebox.TNumber;
-                name: _sinclair_typebox.TString;
-                displayName: _sinclair_typebox.TString;
-                priority: _sinclair_typebox.TNumber;
-            }>;
-            permissions: _sinclair_typebox.TArray<_sinclair_typebox.TObject<{
-                id: _sinclair_typebox.TNumber;
-                name: _sinclair_typebox.TString;
-                displayName: _sinclair_typebox.TString;
-                category: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-            }>>;
-        }>;
-        message: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
-    }>, _sinclair_typebox.TObject<{
-        success: _sinclair_typebox.TLiteral<false>;
-        error: _sinclair_typebox.TObject<{
-            code: _sinclair_typebox.TString;
-            message: _sinclair_typebox.TString;
-            details: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
-        }>;
-    }>]>;
-};
-
-export { changePasswordContract, checkAccountExistsContract, getMeContract, loginContract, logoutContract, registerContract, rotateKeyContract, sendVerificationCodeContract, verifyCodeContract };