@spfn/auth 0.2.0-beta.43 → 0.2.0-beta.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/README.md +2 -0
  2. package/dist/{authenticate-CAJr3A4H.d.ts → authenticate-CRDUKQbi.d.ts} +6 -0
  3. package/dist/index.d.ts +4 -2
  4. package/dist/nextjs/server.d.ts +1 -0
  5. package/dist/server.d.ts +148 -4
  6. package/dist/server.js +197 -86
  7. package/dist/server.js.map +1 -1
  8. package/migrations/0003_perfect_deathbird.sql +3 -0
  9. package/migrations/0004_concerned_rawhide_kid.sql +5 -0
  10. package/migrations/meta/0003_snapshot.json +1689 -0
  11. package/migrations/meta/0004_snapshot.json +1721 -0
  12. package/migrations/meta/_journal.json +14 -0
  13. package/package.json +2 -2
package/README.md CHANGED
@@ -1623,6 +1623,7 @@ Main user identity table.
1623
1623
  ```sql
1624
1624
  CREATE TABLE users (
1625
1625
  id BIGSERIAL PRIMARY KEY,
1626
+ public_id UUID NOT NULL UNIQUE DEFAULT gen_random_uuid(),
1626
1627
  email TEXT UNIQUE,
1627
1628
  phone TEXT UNIQUE,
1628
1629
  username TEXT UNIQUE,
@@ -1643,6 +1644,7 @@ CREATE TABLE users (
1643
1644
  ```
1644
1645
 
1645
1646
  **Key Points:**
1647
+ - `public_id` is a UUID v4 for external-facing URLs and APIs (never expose internal `id`)
1646
1648
  - At least one of `email` OR `phone` required
1647
1649
  - `username` is unique and nullable (optional display/mention identifier)
1648
1650
  - `passwordHash` is bcrypt ($2b$10$..., 60 chars)
package/dist/{authenticate-CAJr3A4H.d.ts → authenticate-CRDUKQbi.d.ts} RENAMED
@@ -36,6 +36,7 @@ interface Permission {
36
36
  }
37
37
  interface AuthSession {
38
38
  userId: number;
39
+ publicId: string;
39
40
  email: string | null;
40
41
  emailVerified: boolean;
41
42
  phoneVerified: boolean;
@@ -71,6 +72,7 @@ interface ProfileInfo {
71
72
  */
72
73
  interface UserProfile {
73
74
  userId: number;
75
+ publicId: string;
74
76
  email: string | null;
75
77
  username: string | null;
76
78
  emailVerified: boolean;
@@ -153,6 +155,7 @@ interface RegisterParams {
153
155
  }
154
156
  interface RegisterResult {
155
157
  userId: string;
158
+ publicId: string;
156
159
  email?: string;
157
160
  phone?: string;
158
161
  }
@@ -168,6 +171,7 @@ interface LoginParams {
168
171
  }
169
172
  interface LoginResult {
170
173
  userId: string;
174
+ publicId: string;
171
175
  email?: string;
172
176
  phone?: string;
173
177
  passwordChangeRequired: boolean;
@@ -548,6 +552,7 @@ declare const mainAuthRouter: _spfn_core_route.Router<{
548
552
  category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
549
553
  }[];
550
554
  userId: number;
555
+ publicId: string;
551
556
  email: string | null;
552
557
  emailVerified: boolean;
553
558
  phoneVerified: boolean;
@@ -734,6 +739,7 @@ declare const mainAuthRouter: _spfn_core_route.Router<{
734
739
  createdAt: Date;
735
740
  updatedAt: Date;
736
741
  id: number;
742
+ publicId: string;
737
743
  email: string | null;
738
744
  phone: string | null;
739
745
  username: string | null;
package/dist/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import * as _spfn_core_nextjs from '@spfn/core/nextjs';
2
- import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-CAJr3A4H.js';
3
- export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './authenticate-CAJr3A4H.js';
2
+ import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-CRDUKQbi.js';
3
+ export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './authenticate-CRDUKQbi.js';
4
4
  import * as _spfn_core_route from '@spfn/core/route';
5
5
  import { HttpMethod } from '@spfn/core/route';
6
6
  import * as _sinclair_typebox from '@sinclair/typebox';
@@ -172,6 +172,7 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
172
172
  category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
173
173
  }[];
174
174
  userId: number;
175
+ publicId: string;
175
176
  email: string | null;
176
177
  emailVerified: boolean;
177
178
  phoneVerified: boolean;
@@ -358,6 +359,7 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
358
359
  createdAt: Date;
359
360
  updatedAt: Date;
360
361
  id: number;
362
+ publicId: string;
361
363
  email: string | null;
362
364
  phone: string | null;
363
365
  username: string | null;
package/dist/nextjs/server.d.ts CHANGED
@@ -156,6 +156,7 @@ declare function getAuthSessionData(): Promise<{
156
156
  category: "auth" | "user" | "rbac" | "system" | "custom" | undefined;
157
157
  }[];
158
158
  userId: number;
159
+ publicId: string;
159
160
  email: string | null;
160
161
  emailVerified: boolean;
161
162
  phoneVerified: boolean;
package/dist/server.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, p as SocialProvider, q as AuthContext } from './authenticate-CAJr3A4H.js';
2
- export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, a6 as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, a2 as OAuthCallbackParams, a3 as OAuthCallbackResult, a1 as OAuthStartParams, O as OAuthStartResult, a8 as PasswordSchema, a7 as PhoneSchema, x as RegisterParams, Q as RegisterPublicKeyParams, a as RegisterResult, W as RevokeKeyParams, T as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, a9 as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, aa as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, a4 as authenticate, Z as buildOAuthErrorUrl, v as changePasswordService, r as checkAccountExistsService, $ as getEnabledOAuthProviders, a0 as getGoogleAccessToken, _ as isOAuthProviderEnabled, t as loginService, u as logoutService, Y as oauthCallbackService, X as oauthStartService, a5 as optionalAuth, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './authenticate-CAJr3A4H.js';
1
+ import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, p as SocialProvider, q as AuthContext } from './authenticate-CRDUKQbi.js';
2
+ export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, a6 as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, a2 as OAuthCallbackParams, a3 as OAuthCallbackResult, a1 as OAuthStartParams, O as OAuthStartResult, a8 as PasswordSchema, a7 as PhoneSchema, x as RegisterParams, Q as RegisterPublicKeyParams, a as RegisterResult, W as RevokeKeyParams, T as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, a9 as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, aa as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, a4 as authenticate, Z as buildOAuthErrorUrl, v as changePasswordService, r as checkAccountExistsService, $ as getEnabledOAuthProviders, a0 as getGoogleAccessToken, _ as isOAuthProviderEnabled, t as loginService, u as logoutService, Y as oauthCallbackService, X as oauthStartService, a5 as optionalAuth, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './authenticate-CRDUKQbi.js';
3
3
  import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
4
4
  import { UserProfile as UserProfile$1, ProfileInfo } from '@spfn/auth';
5
5
  import { BaseRepository } from '@spfn/core/db';
@@ -79,6 +79,23 @@ declare const users: drizzle_orm_pg_core.PgTableWithColumns<{
79
79
  identity: undefined;
80
80
  generated: undefined;
81
81
  }, {}, {}>;
82
+ publicId: drizzle_orm_pg_core.PgColumn<{
83
+ name: "public_id";
84
+ tableName: "users";
85
+ dataType: "string";
86
+ columnType: "PgUUID";
87
+ data: string;
88
+ driverParam: string;
89
+ notNull: true;
90
+ hasDefault: true;
91
+ isPrimaryKey: false;
92
+ isAutoincrement: false;
93
+ hasRuntimeDefault: false;
94
+ enumValues: undefined;
95
+ baseColumn: never;
96
+ identity: undefined;
97
+ generated: undefined;
98
+ }, {}, {}>;
82
99
  email: drizzle_orm_pg_core.PgColumn<{
83
100
  name: "email";
84
101
  tableName: "users";
@@ -268,6 +285,7 @@ declare function getUserByIdService(userId: number): Promise<{
268
285
  createdAt: Date;
269
286
  updatedAt: Date;
270
287
  id: number;
288
+ publicId: string;
271
289
  email: string | null;
272
290
  phone: string | null;
273
291
  username: string | null;
@@ -286,6 +304,7 @@ declare function getUserByEmailService(email: string): Promise<{
286
304
  createdAt: Date;
287
305
  updatedAt: Date;
288
306
  id: number;
307
+ publicId: string;
289
308
  email: string | null;
290
309
  phone: string | null;
291
310
  username: string | null;
@@ -304,6 +323,7 @@ declare function getUserByPhoneService(phone: string): Promise<{
304
323
  createdAt: Date;
305
324
  updatedAt: Date;
306
325
  id: number;
326
+ publicId: string;
307
327
  email: string | null;
308
328
  phone: string | null;
309
329
  username: string | null;
@@ -341,6 +361,7 @@ declare function updateUsernameService(userId: string | number | bigint, usernam
341
361
  createdAt: Date;
342
362
  updatedAt: Date;
343
363
  id: number;
364
+ publicId: string;
344
365
  email: string | null;
345
366
  phone: string | null;
346
367
  username: string | null;
@@ -357,12 +378,14 @@ declare function updateUsernameService(userId: string | number | bigint, usernam
357
378
  * @spfn/auth - RBAC Initialization Service
358
379
  *
359
380
  * Initialize roles, permissions, and their mappings
381
+ * Uses hash-based change detection to skip unnecessary DB operations
360
382
  */
361
383
 
362
384
  /**
363
385
  * Initialize auth package with RBAC system
364
386
  *
365
- * Creates built-in roles, permissions, and custom configurations
387
+ * Creates built-in roles, permissions, and custom configurations.
388
+ * Uses hash-based change detection - skips DB operations when config is unchanged.
366
389
  *
367
390
  * @param options - Initialization options
368
391
  *
@@ -1309,6 +1332,7 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
1309
1332
  category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
1310
1333
  }[];
1311
1334
  userId: number;
1335
+ publicId: string;
1312
1336
  email: string | null;
1313
1337
  emailVerified: boolean;
1314
1338
  phoneVerified: boolean;
@@ -2799,6 +2823,73 @@ declare const userPermissions: drizzle_orm_pg_core.PgTableWithColumns<{
2799
2823
  type UserPermission = typeof userPermissions.$inferSelect;
2800
2824
  type NewUserPermission = typeof userPermissions.$inferInsert;
2801
2825
 
2826
+ /**
2827
+ * @spfn/auth - Auth Metadata Entity
2828
+ *
2829
+ * Key-value store for auth system metadata
2830
+ * Used for storing RBAC config hash and other system-level settings
2831
+ */
2832
+ declare const authMetadata: drizzle_orm_pg_core.PgTableWithColumns<{
2833
+ name: "auth_metadata";
2834
+ schema: string;
2835
+ columns: {
2836
+ key: drizzle_orm_pg_core.PgColumn<{
2837
+ name: "key";
2838
+ tableName: "auth_metadata";
2839
+ dataType: "string";
2840
+ columnType: "PgText";
2841
+ data: string;
2842
+ driverParam: string;
2843
+ notNull: true;
2844
+ hasDefault: false;
2845
+ isPrimaryKey: true;
2846
+ isAutoincrement: false;
2847
+ hasRuntimeDefault: false;
2848
+ enumValues: [string, ...string[]];
2849
+ baseColumn: never;
2850
+ identity: undefined;
2851
+ generated: undefined;
2852
+ }, {}, {}>;
2853
+ value: drizzle_orm_pg_core.PgColumn<{
2854
+ name: "value";
2855
+ tableName: "auth_metadata";
2856
+ dataType: "string";
2857
+ columnType: "PgText";
2858
+ data: string;
2859
+ driverParam: string;
2860
+ notNull: true;
2861
+ hasDefault: false;
2862
+ isPrimaryKey: false;
2863
+ isAutoincrement: false;
2864
+ hasRuntimeDefault: false;
2865
+ enumValues: [string, ...string[]];
2866
+ baseColumn: never;
2867
+ identity: undefined;
2868
+ generated: undefined;
2869
+ }, {}, {}>;
2870
+ updatedAt: drizzle_orm_pg_core.PgColumn<{
2871
+ name: "updated_at";
2872
+ tableName: "auth_metadata";
2873
+ dataType: "date";
2874
+ columnType: "PgTimestamp";
2875
+ data: Date;
2876
+ driverParam: string;
2877
+ notNull: true;
2878
+ hasDefault: true;
2879
+ isPrimaryKey: false;
2880
+ isAutoincrement: false;
2881
+ hasRuntimeDefault: false;
2882
+ enumValues: undefined;
2883
+ baseColumn: never;
2884
+ identity: undefined;
2885
+ generated: undefined;
2886
+ }, {}, {}>;
2887
+ };
2888
+ dialect: "pg";
2889
+ }>;
2890
+ type AuthMetadataEntity = typeof authMetadata.$inferSelect;
2891
+ type NewAuthMetadataEntity = typeof authMetadata.$inferInsert;
2892
+
2802
2893
  /**
2803
2894
  * Users Repository
2804
2895
  *
@@ -2823,6 +2914,7 @@ declare class UsersRepository extends BaseRepository {
2823
2914
  createdAt: Date;
2824
2915
  updatedAt: Date;
2825
2916
  id: number;
2917
+ publicId: string;
2826
2918
  email: string | null;
2827
2919
  phone: string | null;
2828
2920
  username: string | null;
@@ -2842,6 +2934,7 @@ declare class UsersRepository extends BaseRepository {
2842
2934
  createdAt: Date;
2843
2935
  updatedAt: Date;
2844
2936
  id: number;
2937
+ publicId: string;
2845
2938
  email: string | null;
2846
2939
  phone: string | null;
2847
2940
  username: string | null;
@@ -2861,6 +2954,7 @@ declare class UsersRepository extends BaseRepository {
2861
2954
  createdAt: Date;
2862
2955
  updatedAt: Date;
2863
2956
  id: number;
2957
+ publicId: string;
2864
2958
  email: string | null;
2865
2959
  phone: string | null;
2866
2960
  username: string | null;
@@ -2880,6 +2974,27 @@ declare class UsersRepository extends BaseRepository {
2880
2974
  createdAt: Date;
2881
2975
  updatedAt: Date;
2882
2976
  id: number;
2977
+ publicId: string;
2978
+ email: string | null;
2979
+ phone: string | null;
2980
+ username: string | null;
2981
+ passwordHash: string | null;
2982
+ passwordChangeRequired: boolean;
2983
+ roleId: number;
2984
+ status: "active" | "inactive" | "suspended";
2985
+ emailVerifiedAt: Date | null;
2986
+ phoneVerifiedAt: Date | null;
2987
+ lastLoginAt: Date | null;
2988
+ }>;
2989
+ /**
2990
+ * Public ID(UUID)로 사용자 조회
2991
+ * Read replica 사용
2992
+ */
2993
+ findByPublicId(publicId: string): Promise<{
2994
+ createdAt: Date;
2995
+ updatedAt: Date;
2996
+ id: number;
2997
+ publicId: string;
2883
2998
  email: string | null;
2884
2999
  phone: string | null;
2885
3000
  username: string | null;
@@ -2899,6 +3014,7 @@ declare class UsersRepository extends BaseRepository {
2899
3014
  createdAt: Date;
2900
3015
  updatedAt: Date;
2901
3016
  id: number;
3017
+ publicId: string;
2902
3018
  email: string | null;
2903
3019
  phone: string | null;
2904
3020
  username: string | null;
@@ -2921,6 +3037,7 @@ declare class UsersRepository extends BaseRepository {
2921
3037
  createdAt: Date;
2922
3038
  updatedAt: Date;
2923
3039
  id: number;
3040
+ publicId: string;
2924
3041
  email: string | null;
2925
3042
  phone: string | null;
2926
3043
  username: string | null;
@@ -2946,6 +3063,7 @@ declare class UsersRepository extends BaseRepository {
2946
3063
  email: string | null;
2947
3064
  phone: string | null;
2948
3065
  id: number;
3066
+ publicId: string;
2949
3067
  username: string | null;
2950
3068
  passwordHash: string | null;
2951
3069
  passwordChangeRequired: boolean;
@@ -2965,6 +3083,7 @@ declare class UsersRepository extends BaseRepository {
2965
3083
  createdAt: Date;
2966
3084
  updatedAt: Date;
2967
3085
  id: number;
3086
+ publicId: string;
2968
3087
  email: string | null;
2969
3088
  phone: string | null;
2970
3089
  username: string | null;
@@ -2984,6 +3103,7 @@ declare class UsersRepository extends BaseRepository {
2984
3103
  createdAt: Date;
2985
3104
  updatedAt: Date;
2986
3105
  id: number;
3106
+ publicId: string;
2987
3107
  email: string | null;
2988
3108
  phone: string | null;
2989
3109
  username: string | null;
@@ -3003,6 +3123,7 @@ declare class UsersRepository extends BaseRepository {
3003
3123
  createdAt: Date;
3004
3124
  updatedAt: Date;
3005
3125
  id: number;
3126
+ publicId: string;
3006
3127
  email: string | null;
3007
3128
  phone: string | null;
3008
3129
  username: string | null;
@@ -3022,6 +3143,7 @@ declare class UsersRepository extends BaseRepository {
3022
3143
  email: string | null;
3023
3144
  phone: string | null;
3024
3145
  id: number;
3146
+ publicId: string;
3025
3147
  username: string | null;
3026
3148
  passwordHash: string | null;
3027
3149
  passwordChangeRequired: boolean;
@@ -3063,6 +3185,7 @@ declare class UsersRepository extends BaseRepository {
3063
3185
  */
3064
3186
  fetchMinimalUserData(userId: number): Promise<{
3065
3187
  userId: number;
3188
+ publicId: string;
3066
3189
  email: string | null;
3067
3190
  username: string | null;
3068
3191
  isEmailVerified: boolean;
@@ -3077,6 +3200,7 @@ declare class UsersRepository extends BaseRepository {
3077
3200
  */
3078
3201
  fetchFullUserData(userId: number): Promise<{
3079
3202
  userId: number;
3203
+ publicId: string;
3080
3204
  email: string | null;
3081
3205
  username: string | null;
3082
3206
  isEmailVerified: boolean;
@@ -4392,6 +4516,25 @@ declare class SocialAccountsRepository extends BaseRepository {
4392
4516
  }
4393
4517
  declare const socialAccountsRepository: SocialAccountsRepository;
4394
4518
 
4519
+ /**
4520
+ * Auth Metadata Repository
4521
+ *
4522
+ * Key-value 기반 시스템 메타데이터 저장소
4523
+ * RBAC 설정 해시 등 시스템 설정값 관리
4524
+ */
4525
+
4526
+ declare class AuthMetadataRepository extends BaseRepository {
4527
+ /**
4528
+ * 키로 값 조회
4529
+ */
4530
+ get(key: string): Promise<string | null>;
4531
+ /**
4532
+ * 키-값 저장 (upsert)
4533
+ */
4534
+ set(key: string, value: string): Promise<void>;
4535
+ }
4536
+ declare const authMetadataRepository: AuthMetadataRepository;
4537
+
4395
4538
  /**
4396
4539
  * @spfn/auth - Password Helpers
4397
4540
  *
@@ -4805,6 +4948,7 @@ declare function getUser(c: Context | {
4805
4948
  email: string | null;
4806
4949
  phone: string | null;
4807
4950
  id: number;
4951
+ publicId: string;
4808
4952
  username: string | null;
4809
4953
  passwordHash: string | null;
4810
4954
  passwordChangeRequired: boolean;
@@ -5378,4 +5522,4 @@ type AuthRegisterPayload = typeof authRegisterEvent._payload;
5378
5522
  type InvitationCreatedPayload = typeof invitationCreatedEvent._payload;
5379
5523
  type InvitationAcceptedPayload = typeof invitationAcceptedEvent._payload;
5380
5524
 
5381
- export { type AuthConfig, AuthContext, type AuthLoginPayload, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, type InvitationAcceptedPayload, type InvitationCreatedPayload, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionData, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, acceptInvitation, addPermissionToRole, authLogger, authLoginEvent, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionInfo, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initializeAuth, invitationAcceptedEvent, invitationCreatedEvent, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, sealSession, setRolePermissions, shouldRefreshSession, shouldRotateKey, socialAccountsRepository, unsealSession, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };
5525
+ export { type AuthConfig, AuthContext, type AuthLoginPayload, type AuthMetadataEntity, AuthMetadataRepository, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, type InvitationAcceptedPayload, type InvitationCreatedPayload, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewAuthMetadataEntity, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionData, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, acceptInvitation, addPermissionToRole, authLogger, authLoginEvent, authMetadata, authMetadataRepository, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionInfo, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initializeAuth, invitationAcceptedEvent, invitationCreatedEvent, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, sealSession, setRolePermissions, shouldRefreshSession, shouldRotateKey, socialAccountsRepository, unsealSession, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };