@spfn/auth 0.2.0-beta.20 → 0.2.0-beta.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +2 -10
  2. package/dist/config.d.ts +42 -142
  3. package/dist/config.js +0 -67
  4. package/dist/config.js.map +1 -1
  5. package/package.json +4 -4
package/README.md CHANGED
@@ -144,16 +144,8 @@ SPFN_AUTH_GOOGLE_REDIRECT_URI=http://localhost:8790/_auth/oauth/google/callback
144
144
  SPFN_AUTH_OAUTH_SUCCESS_URL=/auth/callback
145
145
  SPFN_AUTH_OAUTH_ERROR_URL=http://localhost:3000/auth/error?error={error}
146
146
 
147
- # AWS SES (Email)
148
- SPFN_AUTH_AWS_REGION=ap-northeast-2
149
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID=AKIA...
150
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY=...
151
- SPFN_AUTH_AWS_SES_FROM_EMAIL=noreply@yourdomain.com
152
-
153
- # AWS SNS (SMS)
154
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID=AKIA...
155
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY=...
156
- SPFN_AUTH_AWS_SNS_SENDER_ID=MyApp
147
+ # Email/SMS configure via @spfn/notification
148
+ # See @spfn/notification README for AWS SES/SNS settings
157
149
  ```
158
150
 
159
151
  ### 5. Run Migrations
package/dist/config.d.ts CHANGED
@@ -31,7 +31,7 @@ declare const authEnvSchema: {
31
31
  description: string;
32
32
  required: boolean;
33
33
  fallbackKeys: string[];
34
- validator: _spfn_core_env.Parser<string>;
34
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
35
35
  sensitive: boolean;
36
36
  nextjs: boolean;
37
37
  examples: string[];
@@ -46,6 +46,7 @@ declare const authEnvSchema: {
46
46
  nextjs: boolean;
47
47
  examples: string[];
48
48
  type: "string";
49
+ validator: (value: string) => string;
49
50
  } & {
50
51
  key: "SPFN_AUTH_SESSION_TTL";
51
52
  };
@@ -55,6 +56,7 @@ declare const authEnvSchema: {
55
56
  required: boolean;
56
57
  examples: string[];
57
58
  type: "string";
59
+ validator: (value: string) => string;
58
60
  } & {
59
61
  key: "SPFN_AUTH_JWT_SECRET";
60
62
  };
@@ -64,6 +66,7 @@ declare const authEnvSchema: {
64
66
  required: boolean;
65
67
  examples: string[];
66
68
  type: "string";
69
+ validator: (value: string) => string;
67
70
  } & {
68
71
  key: "SPFN_AUTH_JWT_EXPIRES_IN";
69
72
  };
@@ -83,6 +86,7 @@ declare const authEnvSchema: {
83
86
  required: boolean;
84
87
  examples: string[];
85
88
  type: "string";
89
+ validator: (value: string) => string;
86
90
  } & {
87
91
  key: "SPFN_AUTH_VERIFICATION_TOKEN_SECRET";
88
92
  };
@@ -91,6 +95,7 @@ declare const authEnvSchema: {
91
95
  required: boolean;
92
96
  examples: string[];
93
97
  type: "string";
98
+ validator: (value: string) => string;
94
99
  } & {
95
100
  key: "SPFN_AUTH_ADMIN_ACCOUNTS";
96
101
  };
@@ -99,6 +104,7 @@ declare const authEnvSchema: {
99
104
  required: boolean;
100
105
  examples: string[];
101
106
  type: "string";
107
+ validator: (value: string) => string;
102
108
  } & {
103
109
  key: "SPFN_AUTH_ADMIN_EMAILS";
104
110
  };
@@ -107,6 +113,7 @@ declare const authEnvSchema: {
107
113
  required: boolean;
108
114
  examples: string[];
109
115
  type: "string";
116
+ validator: (value: string) => string;
110
117
  } & {
111
118
  key: "SPFN_AUTH_ADMIN_PASSWORDS";
112
119
  };
@@ -115,6 +122,7 @@ declare const authEnvSchema: {
115
122
  required: boolean;
116
123
  examples: string[];
117
124
  type: "string";
125
+ validator: (value: string) => string;
118
126
  } & {
119
127
  key: "SPFN_AUTH_ADMIN_ROLES";
120
128
  };
@@ -123,13 +131,14 @@ declare const authEnvSchema: {
123
131
  required: boolean;
124
132
  examples: string[];
125
133
  type: "string";
134
+ validator: (value: string) => string;
126
135
  } & {
127
136
  key: "SPFN_AUTH_ADMIN_EMAIL";
128
137
  };
129
138
  SPFN_AUTH_ADMIN_PASSWORD: {
130
139
  description: string;
131
140
  required: boolean;
132
- validator: _spfn_core_env.Parser<string>;
141
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
133
142
  sensitive: boolean;
134
143
  examples: string[];
135
144
  type: "string";
@@ -142,6 +151,7 @@ declare const authEnvSchema: {
142
151
  required: boolean;
143
152
  examples: string[];
144
153
  type: "string";
154
+ validator: (value: string) => string;
145
155
  } & {
146
156
  key: "SPFN_API_URL";
147
157
  };
@@ -150,84 +160,17 @@ declare const authEnvSchema: {
150
160
  required: boolean;
151
161
  examples: string[];
152
162
  type: "string";
163
+ validator: (value: string) => string;
153
164
  } & {
154
165
  key: "NEXT_PUBLIC_SPFN_API_URL";
155
166
  };
156
- SPFN_AUTH_AWS_REGION: {
157
- description: string;
158
- default: string;
159
- required: boolean;
160
- examples: string[];
161
- type: "string";
162
- } & {
163
- key: "SPFN_AUTH_AWS_REGION";
164
- };
165
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
166
- description: string;
167
- required: boolean;
168
- sensitive: boolean;
169
- examples: string[];
170
- type: "string";
171
- } & {
172
- key: "SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID";
173
- };
174
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
175
- description: string;
176
- required: boolean;
177
- sensitive: boolean;
178
- examples: string[];
179
- type: "string";
180
- } & {
181
- key: "SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY";
182
- };
183
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
184
- description: string;
185
- required: boolean;
186
- examples: string[];
187
- type: "string";
188
- } & {
189
- key: "SPFN_AUTH_AWS_SNS_SENDER_ID";
190
- };
191
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
192
- description: string;
193
- required: boolean;
194
- sensitive: boolean;
195
- examples: string[];
196
- type: "string";
197
- } & {
198
- key: "SPFN_AUTH_AWS_SES_ACCESS_KEY_ID";
199
- };
200
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
201
- description: string;
202
- required: boolean;
203
- sensitive: boolean;
204
- examples: string[];
205
- type: "string";
206
- } & {
207
- key: "SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY";
208
- };
209
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
210
- description: string;
211
- required: boolean;
212
- examples: string[];
213
- type: "string";
214
- } & {
215
- key: "SPFN_AUTH_AWS_SES_FROM_EMAIL";
216
- };
217
- SPFN_AUTH_AWS_SES_FROM_NAME: {
218
- description: string;
219
- required: boolean;
220
- examples: string[];
221
- type: "string";
222
- } & {
223
- key: "SPFN_AUTH_AWS_SES_FROM_NAME";
224
- };
225
167
  SPFN_APP_URL: {
226
168
  description: string;
227
169
  default: string;
228
170
  required: boolean;
229
171
  examples: string[];
230
172
  type: "string";
173
+ validator: (value: string) => string;
231
174
  } & {
232
175
  key: "SPFN_APP_URL";
233
176
  };
@@ -236,6 +179,7 @@ declare const authEnvSchema: {
236
179
  required: boolean;
237
180
  examples: string[];
238
181
  type: "string";
182
+ validator: (value: string) => string;
239
183
  } & {
240
184
  key: "NEXT_PUBLIC_SPFN_APP_URL";
241
185
  };
@@ -244,6 +188,7 @@ declare const authEnvSchema: {
244
188
  required: boolean;
245
189
  examples: string[];
246
190
  type: "string";
191
+ validator: (value: string) => string;
247
192
  } & {
248
193
  key: "SPFN_AUTH_GOOGLE_CLIENT_ID";
249
194
  };
@@ -253,6 +198,7 @@ declare const authEnvSchema: {
253
198
  sensitive: boolean;
254
199
  examples: string[];
255
200
  type: "string";
201
+ validator: (value: string) => string;
256
202
  } & {
257
203
  key: "SPFN_AUTH_GOOGLE_CLIENT_SECRET";
258
204
  };
@@ -261,6 +207,7 @@ declare const authEnvSchema: {
261
207
  required: boolean;
262
208
  examples: string[];
263
209
  type: "string";
210
+ validator: (value: string) => string;
264
211
  } & {
265
212
  key: "SPFN_AUTH_GOOGLE_SCOPES";
266
213
  };
@@ -269,6 +216,7 @@ declare const authEnvSchema: {
269
216
  required: boolean;
270
217
  examples: string[];
271
218
  type: "string";
219
+ validator: (value: string) => string;
272
220
  } & {
273
221
  key: "SPFN_AUTH_GOOGLE_REDIRECT_URI";
274
222
  };
@@ -278,6 +226,7 @@ declare const authEnvSchema: {
278
226
  default: string;
279
227
  examples: string[];
280
228
  type: "string";
229
+ validator: (value: string) => string;
281
230
  } & {
282
231
  key: "SPFN_AUTH_OAUTH_SUCCESS_URL";
283
232
  };
@@ -287,6 +236,7 @@ declare const authEnvSchema: {
287
236
  default: string;
288
237
  examples: string[];
289
238
  type: "string";
239
+ validator: (value: string) => string;
290
240
  } & {
291
241
  key: "SPFN_AUTH_OAUTH_ERROR_URL";
292
242
  };
@@ -297,7 +247,7 @@ declare const env: _spfn_core_env.InferEnvType<{
297
247
  description: string;
298
248
  required: boolean;
299
249
  fallbackKeys: string[];
300
- validator: _spfn_core_env.Parser<string>;
250
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
301
251
  sensitive: boolean;
302
252
  nextjs: boolean;
303
253
  examples: string[];
@@ -312,6 +262,7 @@ declare const env: _spfn_core_env.InferEnvType<{
312
262
  nextjs: boolean;
313
263
  examples: string[];
314
264
  type: "string";
265
+ validator: (value: string) => string;
315
266
  } & {
316
267
  key: "SPFN_AUTH_SESSION_TTL";
317
268
  };
@@ -321,6 +272,7 @@ declare const env: _spfn_core_env.InferEnvType<{
321
272
  required: boolean;
322
273
  examples: string[];
323
274
  type: "string";
275
+ validator: (value: string) => string;
324
276
  } & {
325
277
  key: "SPFN_AUTH_JWT_SECRET";
326
278
  };
@@ -330,6 +282,7 @@ declare const env: _spfn_core_env.InferEnvType<{
330
282
  required: boolean;
331
283
  examples: string[];
332
284
  type: "string";
285
+ validator: (value: string) => string;
333
286
  } & {
334
287
  key: "SPFN_AUTH_JWT_EXPIRES_IN";
335
288
  };
@@ -349,6 +302,7 @@ declare const env: _spfn_core_env.InferEnvType<{
349
302
  required: boolean;
350
303
  examples: string[];
351
304
  type: "string";
305
+ validator: (value: string) => string;
352
306
  } & {
353
307
  key: "SPFN_AUTH_VERIFICATION_TOKEN_SECRET";
354
308
  };
@@ -357,6 +311,7 @@ declare const env: _spfn_core_env.InferEnvType<{
357
311
  required: boolean;
358
312
  examples: string[];
359
313
  type: "string";
314
+ validator: (value: string) => string;
360
315
  } & {
361
316
  key: "SPFN_AUTH_ADMIN_ACCOUNTS";
362
317
  };
@@ -365,6 +320,7 @@ declare const env: _spfn_core_env.InferEnvType<{
365
320
  required: boolean;
366
321
  examples: string[];
367
322
  type: "string";
323
+ validator: (value: string) => string;
368
324
  } & {
369
325
  key: "SPFN_AUTH_ADMIN_EMAILS";
370
326
  };
@@ -373,6 +329,7 @@ declare const env: _spfn_core_env.InferEnvType<{
373
329
  required: boolean;
374
330
  examples: string[];
375
331
  type: "string";
332
+ validator: (value: string) => string;
376
333
  } & {
377
334
  key: "SPFN_AUTH_ADMIN_PASSWORDS";
378
335
  };
@@ -381,6 +338,7 @@ declare const env: _spfn_core_env.InferEnvType<{
381
338
  required: boolean;
382
339
  examples: string[];
383
340
  type: "string";
341
+ validator: (value: string) => string;
384
342
  } & {
385
343
  key: "SPFN_AUTH_ADMIN_ROLES";
386
344
  };
@@ -389,13 +347,14 @@ declare const env: _spfn_core_env.InferEnvType<{
389
347
  required: boolean;
390
348
  examples: string[];
391
349
  type: "string";
350
+ validator: (value: string) => string;
392
351
  } & {
393
352
  key: "SPFN_AUTH_ADMIN_EMAIL";
394
353
  };
395
354
  SPFN_AUTH_ADMIN_PASSWORD: {
396
355
  description: string;
397
356
  required: boolean;
398
- validator: _spfn_core_env.Parser<string>;
357
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
399
358
  sensitive: boolean;
400
359
  examples: string[];
401
360
  type: "string";
@@ -408,6 +367,7 @@ declare const env: _spfn_core_env.InferEnvType<{
408
367
  required: boolean;
409
368
  examples: string[];
410
369
  type: "string";
370
+ validator: (value: string) => string;
411
371
  } & {
412
372
  key: "SPFN_API_URL";
413
373
  };
@@ -416,84 +376,17 @@ declare const env: _spfn_core_env.InferEnvType<{
416
376
  required: boolean;
417
377
  examples: string[];
418
378
  type: "string";
379
+ validator: (value: string) => string;
419
380
  } & {
420
381
  key: "NEXT_PUBLIC_SPFN_API_URL";
421
382
  };
422
- SPFN_AUTH_AWS_REGION: {
423
- description: string;
424
- default: string;
425
- required: boolean;
426
- examples: string[];
427
- type: "string";
428
- } & {
429
- key: "SPFN_AUTH_AWS_REGION";
430
- };
431
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
432
- description: string;
433
- required: boolean;
434
- sensitive: boolean;
435
- examples: string[];
436
- type: "string";
437
- } & {
438
- key: "SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID";
439
- };
440
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
441
- description: string;
442
- required: boolean;
443
- sensitive: boolean;
444
- examples: string[];
445
- type: "string";
446
- } & {
447
- key: "SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY";
448
- };
449
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
450
- description: string;
451
- required: boolean;
452
- examples: string[];
453
- type: "string";
454
- } & {
455
- key: "SPFN_AUTH_AWS_SNS_SENDER_ID";
456
- };
457
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
458
- description: string;
459
- required: boolean;
460
- sensitive: boolean;
461
- examples: string[];
462
- type: "string";
463
- } & {
464
- key: "SPFN_AUTH_AWS_SES_ACCESS_KEY_ID";
465
- };
466
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
467
- description: string;
468
- required: boolean;
469
- sensitive: boolean;
470
- examples: string[];
471
- type: "string";
472
- } & {
473
- key: "SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY";
474
- };
475
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
476
- description: string;
477
- required: boolean;
478
- examples: string[];
479
- type: "string";
480
- } & {
481
- key: "SPFN_AUTH_AWS_SES_FROM_EMAIL";
482
- };
483
- SPFN_AUTH_AWS_SES_FROM_NAME: {
484
- description: string;
485
- required: boolean;
486
- examples: string[];
487
- type: "string";
488
- } & {
489
- key: "SPFN_AUTH_AWS_SES_FROM_NAME";
490
- };
491
383
  SPFN_APP_URL: {
492
384
  description: string;
493
385
  default: string;
494
386
  required: boolean;
495
387
  examples: string[];
496
388
  type: "string";
389
+ validator: (value: string) => string;
497
390
  } & {
498
391
  key: "SPFN_APP_URL";
499
392
  };
@@ -502,6 +395,7 @@ declare const env: _spfn_core_env.InferEnvType<{
502
395
  required: boolean;
503
396
  examples: string[];
504
397
  type: "string";
398
+ validator: (value: string) => string;
505
399
  } & {
506
400
  key: "NEXT_PUBLIC_SPFN_APP_URL";
507
401
  };
@@ -510,6 +404,7 @@ declare const env: _spfn_core_env.InferEnvType<{
510
404
  required: boolean;
511
405
  examples: string[];
512
406
  type: "string";
407
+ validator: (value: string) => string;
513
408
  } & {
514
409
  key: "SPFN_AUTH_GOOGLE_CLIENT_ID";
515
410
  };
@@ -519,6 +414,7 @@ declare const env: _spfn_core_env.InferEnvType<{
519
414
  sensitive: boolean;
520
415
  examples: string[];
521
416
  type: "string";
417
+ validator: (value: string) => string;
522
418
  } & {
523
419
  key: "SPFN_AUTH_GOOGLE_CLIENT_SECRET";
524
420
  };
@@ -527,6 +423,7 @@ declare const env: _spfn_core_env.InferEnvType<{
527
423
  required: boolean;
528
424
  examples: string[];
529
425
  type: "string";
426
+ validator: (value: string) => string;
530
427
  } & {
531
428
  key: "SPFN_AUTH_GOOGLE_SCOPES";
532
429
  };
@@ -535,6 +432,7 @@ declare const env: _spfn_core_env.InferEnvType<{
535
432
  required: boolean;
536
433
  examples: string[];
537
434
  type: "string";
435
+ validator: (value: string) => string;
538
436
  } & {
539
437
  key: "SPFN_AUTH_GOOGLE_REDIRECT_URI";
540
438
  };
@@ -544,6 +442,7 @@ declare const env: _spfn_core_env.InferEnvType<{
544
442
  default: string;
545
443
  examples: string[];
546
444
  type: "string";
445
+ validator: (value: string) => string;
547
446
  } & {
548
447
  key: "SPFN_AUTH_OAUTH_SUCCESS_URL";
549
448
  };
@@ -553,6 +452,7 @@ declare const env: _spfn_core_env.InferEnvType<{
553
452
  default: string;
554
453
  examples: string[];
555
454
  type: "string";
455
+ validator: (value: string) => string;
556
456
  } & {
557
457
  key: "SPFN_AUTH_OAUTH_ERROR_URL";
558
458
  };
package/dist/config.js CHANGED
@@ -175,73 +175,6 @@ var authEnvSchema = defineEnvSchema({
175
175
  ]
176
176
  })
177
177
  },
178
- // ============================================================================
179
- // AWS SNS Configuration (SMS)
180
- // ============================================================================
181
- SPFN_AUTH_AWS_REGION: {
182
- ...envString({
183
- description: "AWS region for SNS service",
184
- default: "ap-northeast-2",
185
- required: false,
186
- examples: ["ap-northeast-2", "us-east-1", "eu-west-1"]
187
- })
188
- },
189
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
190
- ...envString({
191
- description: "AWS SNS access key ID (optional, uses default credentials chain if not provided)",
192
- required: false,
193
- sensitive: true,
194
- examples: ["AKIAIOSFODNN7EXAMPLE"]
195
- })
196
- },
197
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
198
- ...envString({
199
- description: "AWS SNS secret access key (optional, uses default credentials chain if not provided)",
200
- required: false,
201
- sensitive: true,
202
- examples: ["wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"]
203
- })
204
- },
205
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
206
- ...envString({
207
- description: "SMS sender ID displayed to recipients (max 11 characters, alphanumeric)",
208
- required: false,
209
- examples: ["MyApp", "YourBrand"]
210
- })
211
- },
212
- // ============================================================================
213
- // AWS SES Configuration (Email)
214
- // ============================================================================
215
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
216
- ...envString({
217
- description: "AWS SES access key ID (optional, uses default credentials chain if not provided)",
218
- required: false,
219
- sensitive: true,
220
- examples: ["AKIAIOSFODNN7EXAMPLE"]
221
- })
222
- },
223
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
224
- ...envString({
225
- description: "AWS SES secret access key (optional, uses default credentials chain if not provided)",
226
- required: false,
227
- sensitive: true,
228
- examples: ["wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"]
229
- })
230
- },
231
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
232
- ...envString({
233
- description: "Sender email address (must be verified in AWS SES)",
234
- required: false,
235
- examples: ["noreply@example.com", "auth@yourdomain.com"]
236
- })
237
- },
238
- SPFN_AUTH_AWS_SES_FROM_NAME: {
239
- ...envString({
240
- description: "Sender display name",
241
- required: false,
242
- examples: ["MyApp", "Your Company"]
243
- })
244
- },
245
178
  SPFN_APP_URL: {
246
179
  ...envString({
247
180
  description: "Next.js application URL (internal). Used for server-to-server communication.",
package/dist/config.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/config/index.ts","../src/config/schema.ts"],"sourcesContent":["/**\n * Core Package Configuration\n *\n * @example\n * ```typescript\n * import { registry } from '@spfn/core/config';\n *\n * const env = registry.validate();\n * console.log(env.DB_POOL_MAX);\n * ```\n *\n * @module config\n */\n\nimport { createEnvRegistry } from '@spfn/core/env';\nimport { authEnvSchema } from './schema';\n\nexport { authEnvSchema as envSchema } from './schema';\n\n/**\n * Environment registry\n */\nconst registry = createEnvRegistry(authEnvSchema);\nexport const env = registry.validate();","/**\n * Auth Environment Variable Schema\n *\n * Centralized schema definition for all environment variables used in @spfn/auth.\n * This provides type safety, validation, and documentation for Auth configuration.\n *\n * @module config/schema\n */\n\nimport {\n defineEnvSchema,\n envString,\n envNumber,\n createSecureSecretParser,\n createPasswordParser,\n} from '@spfn/core/env';\n\n/**\n * Auth environment variable schema\n *\n * Defines all Auth environment variables with:\n * - Type information\n * - Default values\n * - Validation rules\n * - Documentation\n *\n * @example\n * ```typescript\n * import { authEnvSchema } from '@spfn/auth/config';\n *\n * // Access schema information\n * console.log(authEnvSchema.SPFN_AUTH_SESSION_SECRET.description);\n * console.log(authEnvSchema.SPFN_AUTH_JWT_EXPIRES_IN.default);\n * ```\n */\nexport const authEnvSchema = defineEnvSchema({\n // ============================================================================\n // Session Configuration\n // ============================================================================\n SPFN_AUTH_SESSION_SECRET: {\n ...envString({\n description: 'Session encryption secret (minimum 32 characters for AES-256)',\n required: true,\n fallbackKeys: ['SESSION_SECRET'],\n validator: createSecureSecretParser({\n minLength: 32,\n minUniqueChars: 16,\n minEntropy: 3.5,\n }),\n sensitive: true,\n nextjs: true, // Required for Next.js RSC session validation\n examples: [\n 'my-super-secret-session-key-at-least-32-chars-long',\n 'use-a-cryptographically-secure-random-string-here',\n ],\n }),\n },\n\n SPFN_AUTH_SESSION_TTL: {\n ...envString({\n description: 'Session TTL (time to live) - supports duration strings like \\'7d\\', \\'12h\\', \\'45m\\'',\n default: '7d',\n required: false,\n nextjs: true, // May be needed for session validation in Next.js RSC\n examples: ['7d', '30d', '12h', '45m', '3600'],\n }),\n },\n\n // ============================================================================\n // JWT Configuration\n // ============================================================================\n SPFN_AUTH_JWT_SECRET: {\n ...envString({\n description: 'JWT signing secret for server-signed tokens (legacy mode)',\n default: 'dev-secret-key-change-in-production',\n required: false,\n examples: [\n 'your-jwt-secret-key-here',\n 'use-different-from-session-secret',\n ],\n }),\n },\n\n SPFN_AUTH_JWT_EXPIRES_IN: {\n ...envString({\n description: 'JWT token expiration time (e.g., \\'7d\\', \\'24h\\', \\'1h\\')',\n default: '7d',\n required: false,\n examples: ['7d', '24h', '1h', '30m'],\n }),\n },\n\n // ============================================================================\n // Security Configuration\n // ============================================================================\n SPFN_AUTH_BCRYPT_SALT_ROUNDS: {\n ...envNumber({\n description: 'Bcrypt salt rounds (cost factor, higher = more secure but slower)',\n default: 10,\n required: false,\n examples: [10, 12, 14],\n }),\n key: 'SPFN_AUTH_BCRYPT_SALT_ROUNDS',\n },\n\n SPFN_AUTH_VERIFICATION_TOKEN_SECRET: {\n ...envString({\n description: 'Verification token secret for email verification, password reset, etc.',\n required: true,\n examples: [\n 'your-verification-token-secret',\n 'can-be-different-from-jwt-secret',\n ],\n }),\n },\n\n // ============================================================================\n // Admin Account Configuration\n // ============================================================================\n SPFN_AUTH_ADMIN_ACCOUNTS: {\n ...envString({\n description: 'JSON array of admin accounts (recommended for multiple admins)',\n required: false,\n examples: [\n '[{\"email\":\"admin@example.com\",\"password\":\"secure-pass\",\"role\":\"admin\"}]',\n '[{\"email\":\"super@example.com\",\"password\":\"pass1\",\"role\":\"superadmin\"},{\"email\":\"admin@example.com\",\"password\":\"pass2\",\"role\":\"admin\"}]',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAILS: {\n ...envString({\n description: 'Comma-separated list of admin emails (legacy CSV format)',\n required: false,\n examples: [\n 'admin@example.com,user@example.com',\n 'super@example.com,admin@example.com,user@example.com',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORDS: {\n ...envString({\n description: 'Comma-separated list of admin passwords (legacy CSV format)',\n required: false,\n examples: [\n 'admin-pass,user-pass',\n 'super-pass,admin-pass,user-pass',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_ROLES: {\n ...envString({\n description: 'Comma-separated list of admin roles (legacy CSV format)',\n required: false,\n examples: [\n 'admin,user',\n 'superadmin,admin,user',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAIL: {\n ...envString({\n description: 'Single admin email (simplest format)',\n required: false,\n examples: ['admin@example.com'],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORD: {\n ...envString({\n description: 'Single admin password (simplest format)',\n required: false,\n validator: createPasswordParser({\n minLength: 8,\n requireUppercase: true,\n requireLowercase: true,\n requireNumber: true,\n requireSpecial: true,\n }),\n sensitive: true,\n examples: ['SecureAdmin123!'],\n }),\n },\n\n // ============================================================================\n // API Configuration\n // ============================================================================\n SPFN_API_URL: {\n ...envString({\n description: 'Internal API URL for server-to-server communication',\n default: 'http://localhost:8790',\n required: false,\n examples: [\n 'https://api.example.com',\n 'http://localhost:8790',\n ],\n }),\n },\n\n NEXT_PUBLIC_SPFN_API_URL: {\n ...envString({\n description: 'Public-facing API URL used for browser-facing redirects (e.g. OAuth callback). Falls back to SPFN_API_URL if not set.',\n required: false,\n examples: [\n 'https://api.example.com',\n 'http://localhost:8790',\n ],\n }),\n },\n\n // ============================================================================\n // AWS SNS Configuration (SMS)\n // ============================================================================\n SPFN_AUTH_AWS_REGION: {\n ...envString({\n description: 'AWS region for SNS service',\n default: 'ap-northeast-2',\n required: false,\n examples: ['ap-northeast-2', 'us-east-1', 'eu-west-1'],\n }),\n },\n\n SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {\n ...envString({\n description: 'AWS SNS access key ID (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['AKIAIOSFODNN7EXAMPLE'],\n }),\n },\n\n SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {\n ...envString({\n description: 'AWS SNS secret access key (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'],\n }),\n },\n\n SPFN_AUTH_AWS_SNS_SENDER_ID: {\n ...envString({\n description: 'SMS sender ID displayed to recipients (max 11 characters, alphanumeric)',\n required: false,\n examples: ['MyApp', 'YourBrand'],\n }),\n },\n\n // ============================================================================\n // AWS SES Configuration (Email)\n // ============================================================================\n SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {\n ...envString({\n description: 'AWS SES access key ID (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['AKIAIOSFODNN7EXAMPLE'],\n }),\n },\n\n SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {\n ...envString({\n description: 'AWS SES secret access key (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'],\n }),\n },\n\n SPFN_AUTH_AWS_SES_FROM_EMAIL: {\n ...envString({\n description: 'Sender email address (must be verified in AWS SES)',\n required: false,\n examples: ['noreply@example.com', 'auth@yourdomain.com'],\n }),\n },\n\n SPFN_AUTH_AWS_SES_FROM_NAME: {\n ...envString({\n description: 'Sender display name',\n required: false,\n examples: ['MyApp', 'Your Company'],\n }),\n },\n\n SPFN_APP_URL: {\n ...envString({\n description: 'Next.js application URL (internal). Used for server-to-server communication.',\n default: 'http://localhost:3000',\n required: false,\n examples: [\n 'https://app.example.com',\n 'http://localhost:3000',\n ],\n }),\n },\n\n NEXT_PUBLIC_SPFN_APP_URL: {\n ...envString({\n description: 'Public-facing Next.js app URL for browser redirects (e.g. OAuth redirect). Falls back to SPFN_APP_URL if not set.',\n required: false,\n examples: [\n 'https://app.example.com',\n 'http://localhost:3000',\n ],\n }),\n },\n\n // ============================================================================\n // OAuth Configuration - Google\n // ============================================================================\n SPFN_AUTH_GOOGLE_CLIENT_ID: {\n ...envString({\n description: 'Google OAuth 2.0 Client ID. When set, Google OAuth routes are automatically enabled.',\n required: false,\n examples: ['123456789-abc123.apps.googleusercontent.com'],\n }),\n },\n\n SPFN_AUTH_GOOGLE_CLIENT_SECRET: {\n ...envString({\n description: 'Google OAuth 2.0 Client Secret',\n required: false,\n sensitive: true,\n examples: ['GOCSPX-abcdefghijklmnop'],\n }),\n },\n\n SPFN_AUTH_GOOGLE_SCOPES: {\n ...envString({\n description: 'Comma-separated Google OAuth scopes. Defaults to \"email,profile\" if not set.',\n required: false,\n examples: [\n 'email,profile',\n 'email,profile,https://www.googleapis.com/auth/gmail.readonly',\n 'email,profile,https://www.googleapis.com/auth/calendar.readonly',\n ],\n }),\n },\n\n SPFN_AUTH_GOOGLE_REDIRECT_URI: {\n ...envString({\n description: 'Google OAuth callback URL. Defaults to {NEXT_PUBLIC_SPFN_API_URL || SPFN_API_URL}/_auth/oauth/google/callback',\n required: false,\n examples: [\n 'https://api.example.com/_auth/oauth/google/callback',\n 'http://localhost:8790/_auth/oauth/google/callback',\n ],\n }),\n },\n\n SPFN_AUTH_OAUTH_SUCCESS_URL: {\n ...envString({\n description: 'OAuth callback page URL. This page should use OAuthCallback component to finalize session.',\n required: false,\n default: '/auth/callback',\n examples: [\n '/auth/callback',\n 'https://app.example.com/auth/callback',\n ],\n }),\n },\n\n SPFN_AUTH_OAUTH_ERROR_URL: {\n ...envString({\n description: 'URL to redirect after OAuth error. Use {error} placeholder for error message.',\n required: false,\n default: 'http://localhost:3000/auth/error?error={error}',\n examples: [\n 'https://app.example.com/auth/error?error={error}',\n 'http://localhost:3000/auth/error?error={error}',\n ],\n }),\n },\n});"],"mappings":";AAcA,SAAS,yBAAyB;;;ACLlC;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AAoBA,IAAM,gBAAgB,gBAAgB;AAAA;AAAA;AAAA;AAAA,EAIzC,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,cAAc,CAAC,gBAAgB;AAAA,MAC/B,WAAW,yBAAyB;AAAA,QAChC,WAAW;AAAA,QACX,gBAAgB;AAAA,QAChB,YAAY;AAAA,MAChB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,QAAQ;AAAA;AAAA,MACR,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,QAAQ;AAAA;AAAA,MACR,UAAU,CAAC,MAAM,OAAO,OAAO,OAAO,MAAM;AAAA,IAChD,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB;AAAA,IAClB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,MAAM,OAAO,MAAM,KAAK;AAAA,IACvC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,8BAA8B;AAAA,IAC1B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,IAAI,IAAI,EAAE;AAAA,IACzB,CAAC;AAAA,IACD,KAAK;AAAA,EACT;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,wBAAwB;AAAA,IACpB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,2BAA2B;AAAA,IACvB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,mBAAmB;AAAA,IAClC,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW,qBAAqB;AAAA,QAC5B,WAAW;AAAA,QACX,kBAAkB;AAAA,QAClB,kBAAkB;AAAA,QAClB,eAAe;AAAA,QACf,gBAAgB;AAAA,MACpB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,UAAU,CAAC,iBAAiB;AAAA,IAChC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc;AAAA,IACV,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB;AAAA,IAClB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,kBAAkB,aAAa,WAAW;AAAA,IACzD,CAAC;AAAA,EACL;AAAA,EAEA,iCAAiC;AAAA,IAC7B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,sBAAsB;AAAA,IACrC,CAAC;AAAA,EACL;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,0CAA0C;AAAA,IACzD,CAAC;AAAA,EACL;AAAA,EAEA,6BAA6B;AAAA,IACzB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,SAAS,WAAW;AAAA,IACnC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,iCAAiC;AAAA,IAC7B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,sBAAsB;AAAA,IACrC,CAAC;AAAA,EACL;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,0CAA0C;AAAA,IACzD,CAAC;AAAA,EACL;AAAA,EAEA,8BAA8B;AAAA,IAC1B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,uBAAuB,qBAAqB;AAAA,IAC3D,CAAC;AAAA,EACL;AAAA,EAEA,6BAA6B;AAAA,IACzB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,SAAS,cAAc;AAAA,IACtC,CAAC;AAAA,EACL;AAAA,EAEA,cAAc;AAAA,IACV,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,4BAA4B;AAAA,IACxB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,6CAA6C;AAAA,IAC5D,CAAC;AAAA,EACL;AAAA,EAEA,gCAAgC;AAAA,IAC5B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,yBAAyB;AAAA,IACxC,CAAC;AAAA,EACL;AAAA,EAEA,yBAAyB;AAAA,IACrB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,+BAA+B;AAAA,IAC3B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,6BAA6B;AAAA,IACzB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,SAAS;AAAA,MACT,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,2BAA2B;AAAA,IACvB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,SAAS;AAAA,MACT,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AACJ,CAAC;;;ADnWD,IAAM,WAAW,kBAAkB,aAAa;AACzC,IAAM,MAAM,SAAS,SAAS;","names":[]}
1
+ {"version":3,"sources":["../src/config/index.ts","../src/config/schema.ts"],"sourcesContent":["/**\n * Core Package Configuration\n *\n * @example\n * ```typescript\n * import { registry } from '@spfn/core/config';\n *\n * const env = registry.validate();\n * console.log(env.DB_POOL_MAX);\n * ```\n *\n * @module config\n */\n\nimport { createEnvRegistry } from '@spfn/core/env';\nimport { authEnvSchema } from './schema';\n\nexport { authEnvSchema as envSchema } from './schema';\n\n/**\n * Environment registry\n */\nconst registry = createEnvRegistry(authEnvSchema);\nexport const env = registry.validate();","/**\n * Auth Environment Variable Schema\n *\n * Centralized schema definition for all environment variables used in @spfn/auth.\n * This provides type safety, validation, and documentation for Auth configuration.\n *\n * @module config/schema\n */\n\nimport {\n defineEnvSchema,\n envString,\n envNumber,\n createSecureSecretParser,\n createPasswordParser,\n} from '@spfn/core/env';\n\n/**\n * Auth environment variable schema\n *\n * Defines all Auth environment variables with:\n * - Type information\n * - Default values\n * - Validation rules\n * - Documentation\n *\n * @example\n * ```typescript\n * import { authEnvSchema } from '@spfn/auth/config';\n *\n * // Access schema information\n * console.log(authEnvSchema.SPFN_AUTH_SESSION_SECRET.description);\n * console.log(authEnvSchema.SPFN_AUTH_JWT_EXPIRES_IN.default);\n * ```\n */\nexport const authEnvSchema = defineEnvSchema({\n // ============================================================================\n // Session Configuration\n // ============================================================================\n SPFN_AUTH_SESSION_SECRET: {\n ...envString({\n description: 'Session encryption secret (minimum 32 characters for AES-256)',\n required: true,\n fallbackKeys: ['SESSION_SECRET'],\n validator: createSecureSecretParser({\n minLength: 32,\n minUniqueChars: 16,\n minEntropy: 3.5,\n }),\n sensitive: true,\n nextjs: true, // Required for Next.js RSC session validation\n examples: [\n 'my-super-secret-session-key-at-least-32-chars-long',\n 'use-a-cryptographically-secure-random-string-here',\n ],\n }),\n },\n\n SPFN_AUTH_SESSION_TTL: {\n ...envString({\n description: 'Session TTL (time to live) - supports duration strings like \\'7d\\', \\'12h\\', \\'45m\\'',\n default: '7d',\n required: false,\n nextjs: true, // May be needed for session validation in Next.js RSC\n examples: ['7d', '30d', '12h', '45m', '3600'],\n }),\n },\n\n // ============================================================================\n // JWT Configuration\n // ============================================================================\n SPFN_AUTH_JWT_SECRET: {\n ...envString({\n description: 'JWT signing secret for server-signed tokens (legacy mode)',\n default: 'dev-secret-key-change-in-production',\n required: false,\n examples: [\n 'your-jwt-secret-key-here',\n 'use-different-from-session-secret',\n ],\n }),\n },\n\n SPFN_AUTH_JWT_EXPIRES_IN: {\n ...envString({\n description: 'JWT token expiration time (e.g., \\'7d\\', \\'24h\\', \\'1h\\')',\n default: '7d',\n required: false,\n examples: ['7d', '24h', '1h', '30m'],\n }),\n },\n\n // ============================================================================\n // Security Configuration\n // ============================================================================\n SPFN_AUTH_BCRYPT_SALT_ROUNDS: {\n ...envNumber({\n description: 'Bcrypt salt rounds (cost factor, higher = more secure but slower)',\n default: 10,\n required: false,\n examples: [10, 12, 14],\n }),\n key: 'SPFN_AUTH_BCRYPT_SALT_ROUNDS',\n },\n\n SPFN_AUTH_VERIFICATION_TOKEN_SECRET: {\n ...envString({\n description: 'Verification token secret for email verification, password reset, etc.',\n required: true,\n examples: [\n 'your-verification-token-secret',\n 'can-be-different-from-jwt-secret',\n ],\n }),\n },\n\n // ============================================================================\n // Admin Account Configuration\n // ============================================================================\n SPFN_AUTH_ADMIN_ACCOUNTS: {\n ...envString({\n description: 'JSON array of admin accounts (recommended for multiple admins)',\n required: false,\n examples: [\n '[{\"email\":\"admin@example.com\",\"password\":\"secure-pass\",\"role\":\"admin\"}]',\n '[{\"email\":\"super@example.com\",\"password\":\"pass1\",\"role\":\"superadmin\"},{\"email\":\"admin@example.com\",\"password\":\"pass2\",\"role\":\"admin\"}]',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAILS: {\n ...envString({\n description: 'Comma-separated list of admin emails (legacy CSV format)',\n required: false,\n examples: [\n 'admin@example.com,user@example.com',\n 'super@example.com,admin@example.com,user@example.com',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORDS: {\n ...envString({\n description: 'Comma-separated list of admin passwords (legacy CSV format)',\n required: false,\n examples: [\n 'admin-pass,user-pass',\n 'super-pass,admin-pass,user-pass',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_ROLES: {\n ...envString({\n description: 'Comma-separated list of admin roles (legacy CSV format)',\n required: false,\n examples: [\n 'admin,user',\n 'superadmin,admin,user',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAIL: {\n ...envString({\n description: 'Single admin email (simplest format)',\n required: false,\n examples: ['admin@example.com'],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORD: {\n ...envString({\n description: 'Single admin password (simplest format)',\n required: false,\n validator: createPasswordParser({\n minLength: 8,\n requireUppercase: true,\n requireLowercase: true,\n requireNumber: true,\n requireSpecial: true,\n }),\n sensitive: true,\n examples: ['SecureAdmin123!'],\n }),\n },\n\n // ============================================================================\n // API Configuration\n // ============================================================================\n SPFN_API_URL: {\n ...envString({\n description: 'Internal API URL for server-to-server communication',\n default: 'http://localhost:8790',\n required: false,\n examples: [\n 'https://api.example.com',\n 'http://localhost:8790',\n ],\n }),\n },\n\n NEXT_PUBLIC_SPFN_API_URL: {\n ...envString({\n description: 'Public-facing API URL used for browser-facing redirects (e.g. OAuth callback). Falls back to SPFN_API_URL if not set.',\n required: false,\n examples: [\n 'https://api.example.com',\n 'http://localhost:8790',\n ],\n }),\n },\n\n SPFN_APP_URL: {\n ...envString({\n description: 'Next.js application URL (internal). Used for server-to-server communication.',\n default: 'http://localhost:3000',\n required: false,\n examples: [\n 'https://app.example.com',\n 'http://localhost:3000',\n ],\n }),\n },\n\n NEXT_PUBLIC_SPFN_APP_URL: {\n ...envString({\n description: 'Public-facing Next.js app URL for browser redirects (e.g. OAuth redirect). Falls back to SPFN_APP_URL if not set.',\n required: false,\n examples: [\n 'https://app.example.com',\n 'http://localhost:3000',\n ],\n }),\n },\n\n // ============================================================================\n // OAuth Configuration - Google\n // ============================================================================\n SPFN_AUTH_GOOGLE_CLIENT_ID: {\n ...envString({\n description: 'Google OAuth 2.0 Client ID. When set, Google OAuth routes are automatically enabled.',\n required: false,\n examples: ['123456789-abc123.apps.googleusercontent.com'],\n }),\n },\n\n SPFN_AUTH_GOOGLE_CLIENT_SECRET: {\n ...envString({\n description: 'Google OAuth 2.0 Client Secret',\n required: false,\n sensitive: true,\n examples: ['GOCSPX-abcdefghijklmnop'],\n }),\n },\n\n SPFN_AUTH_GOOGLE_SCOPES: {\n ...envString({\n description: 'Comma-separated Google OAuth scopes. Defaults to \"email,profile\" if not set.',\n required: false,\n examples: [\n 'email,profile',\n 'email,profile,https://www.googleapis.com/auth/gmail.readonly',\n 'email,profile,https://www.googleapis.com/auth/calendar.readonly',\n ],\n }),\n },\n\n SPFN_AUTH_GOOGLE_REDIRECT_URI: {\n ...envString({\n description: 'Google OAuth callback URL. Defaults to {NEXT_PUBLIC_SPFN_API_URL || SPFN_API_URL}/_auth/oauth/google/callback',\n required: false,\n examples: [\n 'https://api.example.com/_auth/oauth/google/callback',\n 'http://localhost:8790/_auth/oauth/google/callback',\n ],\n }),\n },\n\n SPFN_AUTH_OAUTH_SUCCESS_URL: {\n ...envString({\n description: 'OAuth callback page URL. This page should use OAuthCallback component to finalize session.',\n required: false,\n default: '/auth/callback',\n examples: [\n '/auth/callback',\n 'https://app.example.com/auth/callback',\n ],\n }),\n },\n\n SPFN_AUTH_OAUTH_ERROR_URL: {\n ...envString({\n description: 'URL to redirect after OAuth error. Use {error} placeholder for error message.',\n required: false,\n default: 'http://localhost:3000/auth/error?error={error}',\n examples: [\n 'https://app.example.com/auth/error?error={error}',\n 'http://localhost:3000/auth/error?error={error}',\n ],\n }),\n },\n});"],"mappings":";AAcA,SAAS,yBAAyB;;;ACLlC;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AAoBA,IAAM,gBAAgB,gBAAgB;AAAA;AAAA;AAAA;AAAA,EAIzC,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,cAAc,CAAC,gBAAgB;AAAA,MAC/B,WAAW,yBAAyB;AAAA,QAChC,WAAW;AAAA,QACX,gBAAgB;AAAA,QAChB,YAAY;AAAA,MAChB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,QAAQ;AAAA;AAAA,MACR,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,QAAQ;AAAA;AAAA,MACR,UAAU,CAAC,MAAM,OAAO,OAAO,OAAO,MAAM;AAAA,IAChD,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB;AAAA,IAClB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,MAAM,OAAO,MAAM,KAAK;AAAA,IACvC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,8BAA8B;AAAA,IAC1B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,IAAI,IAAI,EAAE;AAAA,IACzB,CAAC;AAAA,IACD,KAAK;AAAA,EACT;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,wBAAwB;AAAA,IACpB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,2BAA2B;AAAA,IACvB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,mBAAmB;AAAA,IAClC,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW,qBAAqB;AAAA,QAC5B,WAAW;AAAA,QACX,kBAAkB;AAAA,QAClB,kBAAkB;AAAA,QAClB,eAAe;AAAA,QACf,gBAAgB;AAAA,MACpB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,UAAU,CAAC,iBAAiB;AAAA,IAChC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc;AAAA,IACV,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,cAAc;AAAA,IACV,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,4BAA4B;AAAA,IACxB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,6CAA6C;AAAA,IAC5D,CAAC;AAAA,EACL;AAAA,EAEA,gCAAgC;AAAA,IAC5B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,yBAAyB;AAAA,IACxC,CAAC;AAAA,EACL;AAAA,EAEA,yBAAyB;AAAA,IACrB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,+BAA+B;AAAA,IAC3B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,6BAA6B;AAAA,IACzB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,SAAS;AAAA,MACT,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,2BAA2B;AAAA,IACvB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,SAAS;AAAA,MACT,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AACJ,CAAC;;;ADxRD,IAAM,WAAW,kBAAkB,aAAa;AACzC,IAAM,MAAM,SAAS,SAAS;","names":[]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@spfn/auth",
3
- "version": "0.2.0-beta.20",
3
+ "version": "0.2.0-beta.22",
4
4
  "type": "module",
5
5
  "description": "Authentication, authorization, and RBAC module for SPFN",
6
6
  "main": "./dist/index.js",
@@ -85,8 +85,8 @@
85
85
  "jose": "^6.1.0",
86
86
  "jsonwebtoken": "^9.0.2",
87
87
  "postgres": "^3.4.0",
88
- "@spfn/notification": "0.1.0-beta.2",
89
- "@spfn/core": "0.2.0-beta.16"
88
+ "@spfn/core": "0.2.0-beta.20",
89
+ "@spfn/notification": "0.1.0-beta.8"
90
90
  },
91
91
  "devDependencies": {
92
92
  "@types/bcryptjs": "^2.4.6",
@@ -103,7 +103,7 @@
103
103
  "tsx": "^4.20.6",
104
104
  "typescript": "^5.3.3",
105
105
  "vitest": "^4.0.6",
106
- "spfn": "0.2.0-beta.13"
106
+ "spfn": "0.2.0-beta.19"
107
107
  },
108
108
  "peerDependencies": {
109
109
  "next": "^15.0.0 || ^16.0.0"