npm - @spfn/auth - Versions diffs - 0.1.0-alpha.88 → 0.2.0-beta.2 - Mend

@spfn/auth 0.1.0-alpha.88 → 0.2.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (151) hide show

package/README.md +1385 -1199
package/dist/config.d.ts +405 -0
package/dist/config.js +240 -0
package/dist/config.js.map +1 -0
package/dist/dto-CLYtuAom.d.ts +630 -0
package/dist/errors.d.ts +196 -0
package/dist/errors.js +173 -0
package/dist/errors.js.map +1 -0
package/dist/index.d.ts +273 -14
package/dist/index.js +511 -6665
package/dist/index.js.map +1 -1
package/dist/nextjs/api.js +345 -0
package/dist/nextjs/api.js.map +1 -0
package/dist/{adapters/nextjs → nextjs}/server.d.ts +47 -65
package/dist/nextjs/server.js +179 -0
package/dist/nextjs/server.js.map +1 -0
package/dist/server.d.ts +4328 -529
package/dist/server.js +7841 -1247
package/dist/server.js.map +1 -1
package/migrations/{0000_skinny_christian_walker.sql → 0000_marvelous_justice.sql} +53 -23
package/migrations/meta/0000_snapshot.json +281 -46
package/migrations/meta/_journal.json +2 -2
package/package.json +31 -31
package/dist/adapters/nextjs/api.d.ts +0 -446
package/dist/adapters/nextjs/api.js +0 -3279
package/dist/adapters/nextjs/api.js.map +0 -1
package/dist/adapters/nextjs/server.js +0 -3645
package/dist/adapters/nextjs/server.js.map +0 -1
package/dist/lib/api/auth-codes-verify.d.ts +0 -37
package/dist/lib/api/auth-codes-verify.js +0 -2949
package/dist/lib/api/auth-codes-verify.js.map +0 -1
package/dist/lib/api/auth-codes.d.ts +0 -37
package/dist/lib/api/auth-codes.js +0 -2949
package/dist/lib/api/auth-codes.js.map +0 -1
package/dist/lib/api/auth-exists.d.ts +0 -38
package/dist/lib/api/auth-exists.js +0 -2949
package/dist/lib/api/auth-exists.js.map +0 -1
package/dist/lib/api/auth-invitations-accept.d.ts +0 -38
package/dist/lib/api/auth-invitations-accept.js +0 -2883
package/dist/lib/api/auth-invitations-accept.js.map +0 -1
package/dist/lib/api/auth-invitations-cancel.d.ts +0 -37
package/dist/lib/api/auth-invitations-cancel.js +0 -2883
package/dist/lib/api/auth-invitations-cancel.js.map +0 -1
package/dist/lib/api/auth-invitations-delete.d.ts +0 -36
package/dist/lib/api/auth-invitations-delete.js +0 -2883
package/dist/lib/api/auth-invitations-delete.js.map +0 -1
package/dist/lib/api/auth-invitations-resend.d.ts +0 -37
package/dist/lib/api/auth-invitations-resend.js +0 -2883
package/dist/lib/api/auth-invitations-resend.js.map +0 -1
package/dist/lib/api/auth-invitations.d.ts +0 -109
package/dist/lib/api/auth-invitations.js +0 -2887
package/dist/lib/api/auth-invitations.js.map +0 -1
package/dist/lib/api/auth-keys-rotate.d.ts +0 -37
package/dist/lib/api/auth-keys-rotate.js +0 -2949
package/dist/lib/api/auth-keys-rotate.js.map +0 -1
package/dist/lib/api/auth-login.d.ts +0 -39
package/dist/lib/api/auth-login.js +0 -2949
package/dist/lib/api/auth-login.js.map +0 -1
package/dist/lib/api/auth-logout.d.ts +0 -36
package/dist/lib/api/auth-logout.js +0 -2949
package/dist/lib/api/auth-logout.js.map +0 -1
package/dist/lib/api/auth-me.d.ts +0 -50
package/dist/lib/api/auth-me.js +0 -2949
package/dist/lib/api/auth-me.js.map +0 -1
package/dist/lib/api/auth-password.d.ts +0 -36
package/dist/lib/api/auth-password.js +0 -2949
package/dist/lib/api/auth-password.js.map +0 -1
package/dist/lib/api/auth-register.d.ts +0 -38
package/dist/lib/api/auth-register.js +0 -2949
package/dist/lib/api/auth-register.js.map +0 -1
package/dist/lib/api/index.d.ts +0 -356
package/dist/lib/api/index.js +0 -3261
package/dist/lib/api/index.js.map +0 -1
package/dist/lib/config.d.ts +0 -70
package/dist/lib/config.js +0 -64
package/dist/lib/config.js.map +0 -1
package/dist/lib/contracts/auth.d.ts +0 -302
package/dist/lib/contracts/auth.js +0 -2951
package/dist/lib/contracts/auth.js.map +0 -1
package/dist/lib/contracts/index.d.ts +0 -3
package/dist/lib/contracts/index.js +0 -3190
package/dist/lib/contracts/index.js.map +0 -1
package/dist/lib/contracts/invitation.d.ts +0 -243
package/dist/lib/contracts/invitation.js +0 -2883
package/dist/lib/contracts/invitation.js.map +0 -1
package/dist/lib/crypto.d.ts +0 -76
package/dist/lib/crypto.js +0 -127
package/dist/lib/crypto.js.map +0 -1
package/dist/lib/index.d.ts +0 -4
package/dist/lib/index.js +0 -313
package/dist/lib/index.js.map +0 -1
package/dist/lib/session.d.ts +0 -68
package/dist/lib/session.js +0 -126
package/dist/lib/session.js.map +0 -1
package/dist/lib/types/api.d.ts +0 -45
package/dist/lib/types/api.js +0 -1
package/dist/lib/types/api.js.map +0 -1
package/dist/lib/types/index.d.ts +0 -3
package/dist/lib/types/index.js +0 -2647
package/dist/lib/types/index.js.map +0 -1
package/dist/lib/types/schemas.d.ts +0 -45
package/dist/lib/types/schemas.js +0 -2647
package/dist/lib/types/schemas.js.map +0 -1
package/dist/lib.js +0 -1
package/dist/lib.js.map +0 -1
package/dist/plugin.d.ts +0 -12
package/dist/plugin.js +0 -9083
package/dist/plugin.js.map +0 -1
package/dist/server/entities/index.d.ts +0 -11
package/dist/server/entities/index.js +0 -395
package/dist/server/entities/index.js.map +0 -1
package/dist/server/entities/invitations.d.ts +0 -241
package/dist/server/entities/invitations.js +0 -184
package/dist/server/entities/invitations.js.map +0 -1
package/dist/server/entities/permissions.d.ts +0 -196
package/dist/server/entities/permissions.js +0 -49
package/dist/server/entities/permissions.js.map +0 -1
package/dist/server/entities/role-permissions.d.ts +0 -107
package/dist/server/entities/role-permissions.js +0 -115
package/dist/server/entities/role-permissions.js.map +0 -1
package/dist/server/entities/roles.d.ts +0 -196
package/dist/server/entities/roles.js +0 -50
package/dist/server/entities/roles.js.map +0 -1
package/dist/server/entities/schema.d.ts +0 -14
package/dist/server/entities/schema.js +0 -7
package/dist/server/entities/schema.js.map +0 -1
package/dist/server/entities/user-permissions.d.ts +0 -163
package/dist/server/entities/user-permissions.js +0 -193
package/dist/server/entities/user-permissions.js.map +0 -1
package/dist/server/entities/user-public-keys.d.ts +0 -227
package/dist/server/entities/user-public-keys.js +0 -156
package/dist/server/entities/user-public-keys.js.map +0 -1
package/dist/server/entities/user-social-accounts.d.ts +0 -189
package/dist/server/entities/user-social-accounts.js +0 -149
package/dist/server/entities/user-social-accounts.js.map +0 -1
package/dist/server/entities/users.d.ts +0 -235
package/dist/server/entities/users.js +0 -117
package/dist/server/entities/users.js.map +0 -1
package/dist/server/entities/verification-codes.d.ts +0 -191
package/dist/server/entities/verification-codes.js +0 -49
package/dist/server/entities/verification-codes.js.map +0 -1
package/dist/server/routes/auth/index.d.ts +0 -10
package/dist/server/routes/auth/index.js +0 -4460
package/dist/server/routes/auth/index.js.map +0 -1
package/dist/server/routes/index.d.ts +0 -6
package/dist/server/routes/index.js +0 -6584
package/dist/server/routes/index.js.map +0 -1
package/dist/server/routes/invitations/index.d.ts +0 -10
package/dist/server/routes/invitations/index.js +0 -4395
package/dist/server/routes/invitations/index.js.map +0 -1
/package/dist/{lib.d.ts → nextjs/api.d.ts} +0 -0

package/dist/config.d.ts ADDED Viewed

@@ -0,0 +1,405 @@
+import * as _spfn_core_env from '@spfn/core/env';
+/**
+ * Auth Environment Variable Schema
+ *
+ * Centralized schema definition for all environment variables used in @spfn/auth.
+ * This provides type safety, validation, and documentation for Auth configuration.
+ *
+ * @module config/schema
+ */
+/**
+ * Auth environment variable schema
+ *
+ * Defines all Auth environment variables with:
+ * - Type information
+ * - Default values
+ * - Validation rules
+ * - Documentation
+ *
+ * @example
+ * ```typescript
+ * import { authEnvSchema } from '@spfn/auth/config';
+ *
+ * // Access schema information
+ * console.log(authEnvSchema.SPFN_AUTH_SESSION_SECRET.description);
+ * console.log(authEnvSchema.SPFN_AUTH_JWT_EXPIRES_IN.default);
+ * ```
+ */
+declare const authEnvSchema: {
+    SPFN_AUTH_SESSION_SECRET: {
+        description: string;
+        required: boolean;
+        fallbackKeys: string[];
+        validator: _spfn_core_env.Parser<string>;
+        sensitive: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_SESSION_SECRET";
+    };
+    SPFN_AUTH_SESSION_TTL: {
+        description: string;
+        default: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_SESSION_TTL";
+    };
+    SPFN_AUTH_JWT_SECRET: {
+        description: string;
+        default: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_JWT_SECRET";
+    };
+    SPFN_AUTH_JWT_EXPIRES_IN: {
+        description: string;
+        default: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_JWT_EXPIRES_IN";
+    };
+    SPFN_AUTH_BCRYPT_SALT_ROUNDS: {
+        key: string;
+        description: string;
+        default: number;
+        required: boolean;
+        examples: number[];
+        type: "number";
+        validator: (value: string) => number;
+    } & {
+        key: "SPFN_AUTH_BCRYPT_SALT_ROUNDS";
+    };
+    SPFN_AUTH_VERIFICATION_TOKEN_SECRET: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_VERIFICATION_TOKEN_SECRET";
+    };
+    SPFN_AUTH_ADMIN_ACCOUNTS: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_ADMIN_ACCOUNTS";
+    };
+    SPFN_AUTH_ADMIN_EMAILS: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_ADMIN_EMAILS";
+    };
+    SPFN_AUTH_ADMIN_PASSWORDS: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_ADMIN_PASSWORDS";
+    };
+    SPFN_AUTH_ADMIN_ROLES: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_ADMIN_ROLES";
+    };
+    SPFN_AUTH_ADMIN_EMAIL: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_ADMIN_EMAIL";
+    };
+    SPFN_AUTH_ADMIN_PASSWORD: {
+        description: string;
+        required: boolean;
+        validator: _spfn_core_env.Parser<string>;
+        sensitive: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_ADMIN_PASSWORD";
+    };
+    SPFN_API_URL: {
+        description: string;
+        default: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_API_URL";
+    };
+    SPFN_AUTH_AWS_REGION: {
+        description: string;
+        default: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_REGION";
+    };
+    SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
+        description: string;
+        required: boolean;
+        sensitive: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID";
+    };
+    SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
+        description: string;
+        required: boolean;
+        sensitive: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY";
+    };
+    SPFN_AUTH_AWS_SNS_SENDER_ID: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SNS_SENDER_ID";
+    };
+    SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
+        description: string;
+        required: boolean;
+        sensitive: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SES_ACCESS_KEY_ID";
+    };
+    SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
+        description: string;
+        required: boolean;
+        sensitive: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY";
+    };
+    SPFN_AUTH_AWS_SES_FROM_EMAIL: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SES_FROM_EMAIL";
+    };
+    SPFN_AUTH_AWS_SES_FROM_NAME: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SES_FROM_NAME";
+    };
+};
+declare const env: _spfn_core_env.InferEnvType<{
+    SPFN_AUTH_SESSION_SECRET: {
+        description: string;
+        required: boolean;
+        fallbackKeys: string[];
+        validator: _spfn_core_env.Parser<string>;
+        sensitive: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_SESSION_SECRET";
+    };
+    SPFN_AUTH_SESSION_TTL: {
+        description: string;
+        default: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_SESSION_TTL";
+    };
+    SPFN_AUTH_JWT_SECRET: {
+        description: string;
+        default: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_JWT_SECRET";
+    };
+    SPFN_AUTH_JWT_EXPIRES_IN: {
+        description: string;
+        default: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_JWT_EXPIRES_IN";
+    };
+    SPFN_AUTH_BCRYPT_SALT_ROUNDS: {
+        key: string;
+        description: string;
+        default: number;
+        required: boolean;
+        examples: number[];
+        type: "number";
+        validator: (value: string) => number;
+    } & {
+        key: "SPFN_AUTH_BCRYPT_SALT_ROUNDS";
+    };
+    SPFN_AUTH_VERIFICATION_TOKEN_SECRET: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_VERIFICATION_TOKEN_SECRET";
+    };
+    SPFN_AUTH_ADMIN_ACCOUNTS: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_ADMIN_ACCOUNTS";
+    };
+    SPFN_AUTH_ADMIN_EMAILS: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_ADMIN_EMAILS";
+    };
+    SPFN_AUTH_ADMIN_PASSWORDS: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_ADMIN_PASSWORDS";
+    };
+    SPFN_AUTH_ADMIN_ROLES: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_ADMIN_ROLES";
+    };
+    SPFN_AUTH_ADMIN_EMAIL: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_ADMIN_EMAIL";
+    };
+    SPFN_AUTH_ADMIN_PASSWORD: {
+        description: string;
+        required: boolean;
+        validator: _spfn_core_env.Parser<string>;
+        sensitive: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_ADMIN_PASSWORD";
+    };
+    SPFN_API_URL: {
+        description: string;
+        default: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_API_URL";
+    };
+    SPFN_AUTH_AWS_REGION: {
+        description: string;
+        default: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_REGION";
+    };
+    SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
+        description: string;
+        required: boolean;
+        sensitive: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID";
+    };
+    SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
+        description: string;
+        required: boolean;
+        sensitive: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY";
+    };
+    SPFN_AUTH_AWS_SNS_SENDER_ID: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SNS_SENDER_ID";
+    };
+    SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
+        description: string;
+        required: boolean;
+        sensitive: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SES_ACCESS_KEY_ID";
+    };
+    SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
+        description: string;
+        required: boolean;
+        sensitive: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY";
+    };
+    SPFN_AUTH_AWS_SES_FROM_EMAIL: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SES_FROM_EMAIL";
+    };
+    SPFN_AUTH_AWS_SES_FROM_NAME: {
+        description: string;
+        required: boolean;
+        examples: string[];
+        type: "string";
+    } & {
+        key: "SPFN_AUTH_AWS_SES_FROM_NAME";
+    };
+}>;
+export { env, authEnvSchema as envSchema };

package/dist/config.js ADDED Viewed

@@ -0,0 +1,240 @@
+// src/config/index.ts
+import { createEnvRegistry } from "@spfn/core/env";
+// src/config/schema.ts
+import {
+  defineEnvSchema,
+  envString,
+  envNumber,
+  createSecureSecretParser,
+  createPasswordParser
+} from "@spfn/core/env";
+var authEnvSchema = defineEnvSchema({
+  // ============================================================================
+  // Session Configuration
+  // ============================================================================
+  SPFN_AUTH_SESSION_SECRET: {
+    ...envString({
+      description: "Session encryption secret (minimum 32 characters for AES-256)",
+      required: true,
+      fallbackKeys: ["SESSION_SECRET"],
+      validator: createSecureSecretParser({
+        minLength: 32,
+        minUniqueChars: 16,
+        minEntropy: 3.5
+      }),
+      sensitive: true,
+      examples: [
+        "my-super-secret-session-key-at-least-32-chars-long",
+        "use-a-cryptographically-secure-random-string-here"
+      ]
+    })
+  },
+  SPFN_AUTH_SESSION_TTL: {
+    ...envString({
+      description: "Session TTL (time to live) - supports duration strings like '7d', '12h', '45m'",
+      default: "7d",
+      required: false,
+      examples: ["7d", "30d", "12h", "45m", "3600"]
+    })
+  },
+  // ============================================================================
+  // JWT Configuration
+  // ============================================================================
+  SPFN_AUTH_JWT_SECRET: {
+    ...envString({
+      description: "JWT signing secret for server-signed tokens (legacy mode)",
+      default: "dev-secret-key-change-in-production",
+      required: false,
+      examples: [
+        "your-jwt-secret-key-here",
+        "use-different-from-session-secret"
+      ]
+    })
+  },
+  SPFN_AUTH_JWT_EXPIRES_IN: {
+    ...envString({
+      description: "JWT token expiration time (e.g., '7d', '24h', '1h')",
+      default: "7d",
+      required: false,
+      examples: ["7d", "24h", "1h", "30m"]
+    })
+  },
+  // ============================================================================
+  // Security Configuration
+  // ============================================================================
+  SPFN_AUTH_BCRYPT_SALT_ROUNDS: {
+    ...envNumber({
+      description: "Bcrypt salt rounds (cost factor, higher = more secure but slower)",
+      default: 10,
+      required: false,
+      examples: [10, 12, 14]
+    }),
+    key: "SPFN_AUTH_BCRYPT_SALT_ROUNDS"
+  },
+  SPFN_AUTH_VERIFICATION_TOKEN_SECRET: {
+    ...envString({
+      description: "Verification token secret for email verification, password reset, etc.",
+      required: true,
+      examples: [
+        "your-verification-token-secret",
+        "can-be-different-from-jwt-secret"
+      ]
+    })
+  },
+  // ============================================================================
+  // Admin Account Configuration
+  // ============================================================================
+  SPFN_AUTH_ADMIN_ACCOUNTS: {
+    ...envString({
+      description: "JSON array of admin accounts (recommended for multiple admins)",
+      required: false,
+      examples: [
+        '[{"email":"admin@example.com","password":"secure-pass","role":"admin"}]',
+        '[{"email":"super@example.com","password":"pass1","role":"superadmin"},{"email":"admin@example.com","password":"pass2","role":"admin"}]'
+      ]
+    })
+  },
+  SPFN_AUTH_ADMIN_EMAILS: {
+    ...envString({
+      description: "Comma-separated list of admin emails (legacy CSV format)",
+      required: false,
+      examples: [
+        "admin@example.com,user@example.com",
+        "super@example.com,admin@example.com,user@example.com"
+      ]
+    })
+  },
+  SPFN_AUTH_ADMIN_PASSWORDS: {
+    ...envString({
+      description: "Comma-separated list of admin passwords (legacy CSV format)",
+      required: false,
+      examples: [
+        "admin-pass,user-pass",
+        "super-pass,admin-pass,user-pass"
+      ]
+    })
+  },
+  SPFN_AUTH_ADMIN_ROLES: {
+    ...envString({
+      description: "Comma-separated list of admin roles (legacy CSV format)",
+      required: false,
+      examples: [
+        "admin,user",
+        "superadmin,admin,user"
+      ]
+    })
+  },
+  SPFN_AUTH_ADMIN_EMAIL: {
+    ...envString({
+      description: "Single admin email (simplest format)",
+      required: false,
+      examples: ["admin@example.com"]
+    })
+  },
+  SPFN_AUTH_ADMIN_PASSWORD: {
+    ...envString({
+      description: "Single admin password (simplest format)",
+      required: false,
+      validator: createPasswordParser({
+        minLength: 8,
+        requireUppercase: true,
+        requireLowercase: true,
+        requireNumber: true,
+        requireSpecial: true
+      }),
+      sensitive: true,
+      examples: ["SecureAdmin123!"]
+    })
+  },
+  // ============================================================================
+  // API Configuration
+  // ============================================================================
+  SPFN_API_URL: {
+    ...envString({
+      description: "Base API URL for invitation links and other external-facing URLs",
+      default: "http://localhost:8790",
+      required: false,
+      examples: [
+        "https://api.example.com",
+        "http://localhost:8790"
+      ]
+    })
+  },
+  // ============================================================================
+  // AWS SNS Configuration (SMS)
+  // ============================================================================
+  SPFN_AUTH_AWS_REGION: {
+    ...envString({
+      description: "AWS region for SNS service",
+      default: "ap-northeast-2",
+      required: false,
+      examples: ["ap-northeast-2", "us-east-1", "eu-west-1"]
+    })
+  },
+  SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
+    ...envString({
+      description: "AWS SNS access key ID (optional, uses default credentials chain if not provided)",
+      required: false,
+      sensitive: true,
+      examples: ["AKIAIOSFODNN7EXAMPLE"]
+    })
+  },
+  SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
+    ...envString({
+      description: "AWS SNS secret access key (optional, uses default credentials chain if not provided)",
+      required: false,
+      sensitive: true,
+      examples: ["wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"]
+    })
+  },
+  SPFN_AUTH_AWS_SNS_SENDER_ID: {
+    ...envString({
+      description: "SMS sender ID displayed to recipients (max 11 characters, alphanumeric)",
+      required: false,
+      examples: ["MyApp", "YourBrand"]
+    })
+  },
+  // ============================================================================
+  // AWS SES Configuration (Email)
+  // ============================================================================
+  SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
+    ...envString({
+      description: "AWS SES access key ID (optional, uses default credentials chain if not provided)",
+      required: false,
+      sensitive: true,
+      examples: ["AKIAIOSFODNN7EXAMPLE"]
+    })
+  },
+  SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
+    ...envString({
+      description: "AWS SES secret access key (optional, uses default credentials chain if not provided)",
+      required: false,
+      sensitive: true,
+      examples: ["wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"]
+    })
+  },
+  SPFN_AUTH_AWS_SES_FROM_EMAIL: {
+    ...envString({
+      description: "Sender email address (must be verified in AWS SES)",
+      required: false,
+      examples: ["noreply@example.com", "auth@yourdomain.com"]
+    })
+  },
+  SPFN_AUTH_AWS_SES_FROM_NAME: {
+    ...envString({
+      description: "Sender display name",
+      required: false,
+      examples: ["MyApp", "Your Company"]
+    })
+  }
+});
+// src/config/index.ts
+var registry = createEnvRegistry(authEnvSchema);
+var env = registry.validate();
+export {
+  env,
+  authEnvSchema as envSchema
+};
+//# sourceMappingURL=config.js.map

package/dist/config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/config/index.ts","../src/config/schema.ts"],"sourcesContent":["/**\n * Core Package Configuration\n *\n * @example\n * ```typescript\n * import { registry } from '@spfn/core/config';\n *\n * const env = registry.validate();\n * console.log(env.DB_POOL_MAX);\n * ```\n *\n * @module config\n */\n\nimport { createEnvRegistry } from '@spfn/core/env';\nimport { authEnvSchema } from './schema';\n\nexport { authEnvSchema as envSchema } from './schema';\n\n/**\n * Environment registry\n */\nconst registry = createEnvRegistry(authEnvSchema);\nexport const env = registry.validate();","/**\n * Auth Environment Variable Schema\n *\n * Centralized schema definition for all environment variables used in @spfn/auth.\n * This provides type safety, validation, and documentation for Auth configuration.\n *\n * @module config/schema\n */\n\nimport {\n defineEnvSchema,\n envString,\n envNumber,\n createSecureSecretParser,\n createPasswordParser,\n} from '@spfn/core/env';\n\n/**\n * Auth environment variable schema\n *\n * Defines all Auth environment variables with:\n * - Type information\n * - Default values\n * - Validation rules\n * - Documentation\n *\n * @example\n * ```typescript\n * import { authEnvSchema } from '@spfn/auth/config';\n *\n * // Access schema information\n * console.log(authEnvSchema.SPFN_AUTH_SESSION_SECRET.description);\n * console.log(authEnvSchema.SPFN_AUTH_JWT_EXPIRES_IN.default);\n * ```\n */\nexport const authEnvSchema = defineEnvSchema({\n // ============================================================================\n // Session Configuration\n // ============================================================================\n SPFN_AUTH_SESSION_SECRET: {\n ...envString({\n description: 'Session encryption secret (minimum 32 characters for AES-256)',\n required: true,\n fallbackKeys: ['SESSION_SECRET'],\n validator: createSecureSecretParser({\n minLength: 32,\n minUniqueChars: 16,\n minEntropy: 3.5,\n }),\n sensitive: true,\n examples: [\n 'my-super-secret-session-key-at-least-32-chars-long',\n 'use-a-cryptographically-secure-random-string-here',\n ],\n }),\n },\n\n SPFN_AUTH_SESSION_TTL: {\n ...envString({\n description: 'Session TTL (time to live) - supports duration strings like \\'7d\\', \\'12h\\', \\'45m\\'',\n default: '7d',\n required: false,\n examples: ['7d', '30d', '12h', '45m', '3600'],\n }),\n },\n\n // ============================================================================\n // JWT Configuration\n // ============================================================================\n SPFN_AUTH_JWT_SECRET: {\n ...envString({\n description: 'JWT signing secret for server-signed tokens (legacy mode)',\n default: 'dev-secret-key-change-in-production',\n required: false,\n examples: [\n 'your-jwt-secret-key-here',\n 'use-different-from-session-secret',\n ],\n }),\n },\n\n SPFN_AUTH_JWT_EXPIRES_IN: {\n ...envString({\n description: 'JWT token expiration time (e.g., \\'7d\\', \\'24h\\', \\'1h\\')',\n default: '7d',\n required: false,\n examples: ['7d', '24h', '1h', '30m'],\n }),\n },\n\n // ============================================================================\n // Security Configuration\n // ============================================================================\n SPFN_AUTH_BCRYPT_SALT_ROUNDS: {\n ...envNumber({\n description: 'Bcrypt salt rounds (cost factor, higher = more secure but slower)',\n default: 10,\n required: false,\n examples: [10, 12, 14],\n }),\n key: 'SPFN_AUTH_BCRYPT_SALT_ROUNDS',\n },\n\n SPFN_AUTH_VERIFICATION_TOKEN_SECRET: {\n ...envString({\n description: 'Verification token secret for email verification, password reset, etc.',\n required: true,\n examples: [\n 'your-verification-token-secret',\n 'can-be-different-from-jwt-secret',\n ],\n }),\n },\n\n // ============================================================================\n // Admin Account Configuration\n // ============================================================================\n SPFN_AUTH_ADMIN_ACCOUNTS: {\n ...envString({\n description: 'JSON array of admin accounts (recommended for multiple admins)',\n required: false,\n examples: [\n '[{\"email\":\"admin@example.com\",\"password\":\"secure-pass\",\"role\":\"admin\"}]',\n '[{\"email\":\"super@example.com\",\"password\":\"pass1\",\"role\":\"superadmin\"},{\"email\":\"admin@example.com\",\"password\":\"pass2\",\"role\":\"admin\"}]',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAILS: {\n ...envString({\n description: 'Comma-separated list of admin emails (legacy CSV format)',\n required: false,\n examples: [\n 'admin@example.com,user@example.com',\n 'super@example.com,admin@example.com,user@example.com',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORDS: {\n ...envString({\n description: 'Comma-separated list of admin passwords (legacy CSV format)',\n required: false,\n examples: [\n 'admin-pass,user-pass',\n 'super-pass,admin-pass,user-pass',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_ROLES: {\n ...envString({\n description: 'Comma-separated list of admin roles (legacy CSV format)',\n required: false,\n examples: [\n 'admin,user',\n 'superadmin,admin,user',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAIL: {\n ...envString({\n description: 'Single admin email (simplest format)',\n required: false,\n examples: ['admin@example.com'],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORD: {\n ...envString({\n description: 'Single admin password (simplest format)',\n required: false,\n validator: createPasswordParser({\n minLength: 8,\n requireUppercase: true,\n requireLowercase: true,\n requireNumber: true,\n requireSpecial: true,\n }),\n sensitive: true,\n examples: ['SecureAdmin123!'],\n }),\n },\n\n // ============================================================================\n // API Configuration\n // ============================================================================\n SPFN_API_URL: {\n ...envString({\n description: 'Base API URL for invitation links and other external-facing URLs',\n default: 'http://localhost:8790',\n required: false,\n examples: [\n 'https://api.example.com',\n 'http://localhost:8790',\n ],\n }),\n },\n\n // ============================================================================\n // AWS SNS Configuration (SMS)\n // ============================================================================\n SPFN_AUTH_AWS_REGION: {\n ...envString({\n description: 'AWS region for SNS service',\n default: 'ap-northeast-2',\n required: false,\n examples: ['ap-northeast-2', 'us-east-1', 'eu-west-1'],\n }),\n },\n\n SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {\n ...envString({\n description: 'AWS SNS access key ID (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['AKIAIOSFODNN7EXAMPLE'],\n }),\n },\n\n SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {\n ...envString({\n description: 'AWS SNS secret access key (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'],\n }),\n },\n\n SPFN_AUTH_AWS_SNS_SENDER_ID: {\n ...envString({\n description: 'SMS sender ID displayed to recipients (max 11 characters, alphanumeric)',\n required: false,\n examples: ['MyApp', 'YourBrand'],\n }),\n },\n\n // ============================================================================\n // AWS SES Configuration (Email)\n // ============================================================================\n SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {\n ...envString({\n description: 'AWS SES access key ID (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['AKIAIOSFODNN7EXAMPLE'],\n }),\n },\n\n SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {\n ...envString({\n description: 'AWS SES secret access key (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'],\n }),\n },\n\n SPFN_AUTH_AWS_SES_FROM_EMAIL: {\n ...envString({\n description: 'Sender email address (must be verified in AWS SES)',\n required: false,\n examples: ['noreply@example.com', 'auth@yourdomain.com'],\n }),\n },\n\n SPFN_AUTH_AWS_SES_FROM_NAME: {\n ...envString({\n description: 'Sender display name',\n required: false,\n examples: ['MyApp', 'Your Company'],\n }),\n },\n});"],"mappings":";AAcA,SAAS,yBAAyB;;;ACLlC;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AAoBA,IAAM,gBAAgB,gBAAgB;AAAA;AAAA;AAAA;AAAA,EAIzC,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,cAAc,CAAC,gBAAgB;AAAA,MAC/B,WAAW,yBAAyB;AAAA,QAChC,WAAW;AAAA,QACX,gBAAgB;AAAA,QAChB,YAAY;AAAA,MAChB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,MAAM,OAAO,OAAO,OAAO,MAAM;AAAA,IAChD,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB;AAAA,IAClB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,MAAM,OAAO,MAAM,KAAK;AAAA,IACvC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,8BAA8B;AAAA,IAC1B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,IAAI,IAAI,EAAE;AAAA,IACzB,CAAC;AAAA,IACD,KAAK;AAAA,EACT;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,wBAAwB;AAAA,IACpB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,2BAA2B;AAAA,IACvB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,mBAAmB;AAAA,IAClC,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW,qBAAqB;AAAA,QAC5B,WAAW;AAAA,QACX,kBAAkB;AAAA,QAClB,kBAAkB;AAAA,QAClB,eAAe;AAAA,QACf,gBAAgB;AAAA,MACpB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,UAAU,CAAC,iBAAiB;AAAA,IAChC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc;AAAA,IACV,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB;AAAA,IAClB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,kBAAkB,aAAa,WAAW;AAAA,IACzD,CAAC;AAAA,EACL;AAAA,EAEA,iCAAiC;AAAA,IAC7B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,sBAAsB;AAAA,IACrC,CAAC;AAAA,EACL;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,0CAA0C;AAAA,IACzD,CAAC;AAAA,EACL;AAAA,EAEA,6BAA6B;AAAA,IACzB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,SAAS,WAAW;AAAA,IACnC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,iCAAiC;AAAA,IAC7B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,sBAAsB;AAAA,IACrC,CAAC;AAAA,EACL;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,0CAA0C;AAAA,IACzD,CAAC;AAAA,EACL;AAAA,EAEA,8BAA8B;AAAA,IAC1B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,uBAAuB,qBAAqB;AAAA,IAC3D,CAAC;AAAA,EACL;AAAA,EAEA,6BAA6B;AAAA,IACzB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,SAAS,cAAc;AAAA,IACtC,CAAC;AAAA,EACL;AACJ,CAAC;;;AD5PD,IAAM,WAAW,kBAAkB,aAAa;AACzC,IAAM,MAAM,SAAS,SAAS;","names":[]}