@spfn/auth 0.2.0-beta.68 → 0.2.0-beta.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/server.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { j as AuthInitOptions, k as OAuthProvider, e as VerificationPurpose, i as PermissionCategory, l as AuthContext } from './authenticate-Cn5krz5U.js';
2
- export { w as ChangePasswordParams, s as CheckAccountExistsParams, C as CheckAccountExistsResult, a6 as EmailSchema, I as IssueOneTimeTokenResult, u as LoginParams, L as LoginResult, v as LogoutParams, ad as NativeVerifyOptions, ab as NormalizedIdentity, a0 as OAuthCallbackParams, a1 as OAuthCallbackResult, a3 as OAuthNativeParams, c as OAuthNativeResult, $ as OAuthStartParams, O as OAuthStartResult, ac as OAuthTokens, a8 as PasswordSchema, a7 as PhoneSchema, t as RegisterParams, H as RegisterPublicKeyParams, a as RegisterResult, K as RevokeKeyParams, J as RotateKeyParams, b as RotateKeyResult, z as SendVerificationCodeParams, S as SendVerificationCodeResult, a9 as TargetTypeSchema, g as VERIFICATION_PURPOSES, f as VERIFICATION_TARGET_TYPES, aa as VerificationPurposeSchema, V as VerificationTargetType, B as VerifyCodeParams, D as VerifyCodeResult, m as authRouter, a4 as authenticate, W as buildOAuthErrorUrl, q as changePasswordService, n as checkAccountExistsService, Z as getEnabledOAuthProviders, _ as getGoogleAccessToken, af as getOAuthProvider, ag as getRegisteredProviders, X as isOAuthProviderEnabled, M as issueOneTimeTokenService, o as loginService, p as logoutService, T as oauthCallbackService, a2 as oauthNativeService, Q as oauthStartService, a5 as optionalAuth, ae as registerOAuthProvider, E as registerPublicKeyService, r as registerService, Y as requireEnabledProvider, G as revokeKeyService, F as rotateKeyService, x as sendVerificationCodeService, y as verifyCodeService, N as verifyOneTimeTokenService } from './authenticate-Cn5krz5U.js';
1
+ import { j as AuthInitOptions, k as OAuthProvider, e as VerificationPurpose, i as PermissionCategory, l as AuthContext } from './authenticate-tmmbh1ux.js';
2
+ export { C as ChangePasswordParams, a3 as EmailSchema, I as IssueOneTimeTokenResult, s as LoginParams, L as LoginResult, t as LogoutParams, aa as NativeVerifyOptions, a8 as NormalizedIdentity, Z as OAuthCallbackParams, _ as OAuthCallbackResult, a0 as OAuthNativeParams, c as OAuthNativeResult, Y as OAuthStartParams, O as OAuthStartResult, a9 as OAuthTokens, a5 as PasswordSchema, a4 as PhoneSchema, q as RegisterParams, E as RegisterPublicKeyParams, a as RegisterResult, G as RevokeKeyParams, F as RotateKeyParams, b as RotateKeyResult, w as SendVerificationCodeParams, S as SendVerificationCodeResult, a6 as TargetTypeSchema, g as VERIFICATION_PURPOSES, f as VERIFICATION_TARGET_TYPES, a7 as VerificationPurposeSchema, V as VerificationTargetType, x as VerifyCodeParams, y as VerifyCodeResult, m as authRouter, a1 as authenticate, N as buildOAuthErrorUrl, p as changePasswordService, W as getEnabledOAuthProviders, X as getGoogleAccessToken, ac as getOAuthProvider, ad as getRegisteredProviders, Q as isOAuthProviderEnabled, H as issueOneTimeTokenService, n as loginService, o as logoutService, M as oauthCallbackService, $ as oauthNativeService, K as oauthStartService, a2 as optionalAuth, ab as registerOAuthProvider, z as registerPublicKeyService, r as registerService, T as requireEnabledProvider, D as revokeKeyService, B as rotateKeyService, u as sendVerificationCodeService, v as verifyCodeService, J as verifyOneTimeTokenService } from './authenticate-tmmbh1ux.js';
3
3
  import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
4
4
  import { K as KeyAlgorithmType, b as InvitationStatus, d as SocialProvider } from './types-BtksCI9X.js';
5
5
  export { I as INVITATION_STATUSES, a as KEY_ALGORITHM, S as SOCIAL_PROVIDERS, U as USER_STATUSES, c as UserStatus } from './types-BtksCI9X.js';
@@ -520,6 +520,24 @@ declare function hasRole(userId: string | number | bigint, roleName: string): Pr
520
520
  * @returns true if user has at least one role
521
521
  */
522
522
  declare function hasAnyRole(userId: string | number | bigint, roleNames: string[]): Promise<boolean>;
523
+ /**
524
+ * Assert that the caller is allowed to assign the given role.
525
+ *
526
+ * Centralizes the privilege rule shared by direct role assignment and invitation:
527
+ * a non-superadmin caller may never grant the superadmin role, and may grant the
528
+ * admin role only when they hold the `admin:promote` permission. Assigning any
529
+ * lower role is unrestricted (the route's own permission guard still applies).
530
+ *
531
+ * @param callerUserId - User performing the assignment
532
+ * @param targetRoleId - Role being assigned
533
+ * @throws ForbiddenError when the caller lacks the authority for the target role
534
+ *
535
+ * @example
536
+ * ```typescript
537
+ * await assertCanAssignRole(auth.userId, body.roleId);
538
+ * ```
539
+ */
540
+ declare function assertCanAssignRole(callerUserId: string | number | bigint, targetRoleId: number): Promise<void>;
523
541
 
524
542
  /**
525
543
  * @spfn/auth - Roles Entity
@@ -1334,7 +1352,7 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
1334
1352
  id: number;
1335
1353
  name: string;
1336
1354
  displayName: string;
1337
- category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
1355
+ category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
1338
1356
  }[];
1339
1357
  userId: number;
1340
1358
  publicId: string;
@@ -2635,7 +2653,7 @@ declare const permissions: drizzle_orm_pg_core.PgTableWithColumns<{
2635
2653
  tableName: "permissions";
2636
2654
  dataType: "string";
2637
2655
  columnType: "PgText";
2638
- data: "auth" | "custom" | "user" | "rbac" | "system";
2656
+ data: "custom" | "user" | "auth" | "rbac" | "system";
2639
2657
  driverParam: string;
2640
2658
  notNull: false;
2641
2659
  hasDefault: false;
@@ -3228,15 +3246,15 @@ declare class UsersRepository extends BaseRepository {
3228
3246
  create(data: NewUser): Promise<{
3229
3247
  email: string | null;
3230
3248
  phone: string | null;
3249
+ status: "active" | "inactive" | "suspended";
3250
+ username: string | null;
3231
3251
  id: number;
3252
+ createdAt: Date;
3253
+ updatedAt: Date;
3232
3254
  publicId: string;
3233
- username: string | null;
3234
3255
  passwordHash: string | null;
3235
3256
  passwordChangeRequired: boolean;
3236
3257
  roleId: number;
3237
- createdAt: Date;
3238
- updatedAt: Date;
3239
- status: "active" | "inactive" | "suspended";
3240
3258
  emailVerifiedAt: Date | null;
3241
3259
  phoneVerifiedAt: Date | null;
3242
3260
  lastLoginAt: Date | null;
@@ -3308,15 +3326,15 @@ declare class UsersRepository extends BaseRepository {
3308
3326
  deleteById(id: number): Promise<{
3309
3327
  email: string | null;
3310
3328
  phone: string | null;
3329
+ status: "active" | "inactive" | "suspended";
3330
+ username: string | null;
3311
3331
  id: number;
3332
+ createdAt: Date;
3333
+ updatedAt: Date;
3312
3334
  publicId: string;
3313
- username: string | null;
3314
3335
  passwordHash: string | null;
3315
3336
  passwordChangeRequired: boolean;
3316
3337
  roleId: number;
3317
- createdAt: Date;
3318
- updatedAt: Date;
3319
- status: "active" | "inactive" | "suspended";
3320
3338
  emailVerifiedAt: Date | null;
3321
3339
  phoneVerifiedAt: Date | null;
3322
3340
  lastLoginAt: Date | null;
@@ -3339,7 +3357,7 @@ declare class UsersRepository extends BaseRepository {
3339
3357
  id: number;
3340
3358
  name: string;
3341
3359
  displayName: string;
3342
- category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
3360
+ category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
3343
3361
  }[];
3344
3362
  }>;
3345
3363
  /**
@@ -3454,16 +3472,16 @@ declare class KeysRepository extends BaseRepository {
3454
3472
  * Write primary 사용
3455
3473
  */
3456
3474
  create(data: NewUserPublicKey): Promise<{
3457
- publicKey: string;
3458
- keyId: string;
3459
- fingerprint: string;
3460
- algorithm: "ES256" | "RS256";
3461
3475
  userId: number;
3476
+ keyId: string;
3462
3477
  id: number;
3463
3478
  isActive: boolean;
3464
3479
  createdAt: Date;
3465
- expiresAt: Date | null;
3480
+ publicKey: string;
3481
+ algorithm: "ES256" | "RS256";
3482
+ fingerprint: string;
3466
3483
  lastUsedAt: Date | null;
3484
+ expiresAt: Date | null;
3467
3485
  revokedAt: Date | null;
3468
3486
  revokedReason: string | null;
3469
3487
  }>;
@@ -3490,16 +3508,16 @@ declare class KeysRepository extends BaseRepository {
3490
3508
  * Write primary 사용
3491
3509
  */
3492
3510
  deleteByKeyIdAndUserId(keyId: string, userId: number): Promise<{
3493
- publicKey: string;
3494
- keyId: string;
3495
- fingerprint: string;
3496
- algorithm: "ES256" | "RS256";
3497
3511
  userId: number;
3512
+ keyId: string;
3498
3513
  id: number;
3499
3514
  isActive: boolean;
3500
3515
  createdAt: Date;
3501
- expiresAt: Date | null;
3516
+ publicKey: string;
3517
+ algorithm: "ES256" | "RS256";
3518
+ fingerprint: string;
3502
3519
  lastUsedAt: Date | null;
3520
+ expiresAt: Date | null;
3503
3521
  revokedAt: Date | null;
3504
3522
  revokedReason: string | null;
3505
3523
  }>;
@@ -3541,22 +3559,14 @@ declare class KeysRepository extends BaseRepository {
3541
3559
  }>;
3542
3560
  /**
3543
3561
  * Primary key로 마지막 사용 시간 업데이트 (authenticate용)
3544
- * Write primary 사용
3562
+ * Write primary 사용.
3563
+ *
3564
+ * Throttled: only writes when lastUsedAt is stale (older than
3565
+ * LAST_USED_THROTTLE_MS), so a busy key isn't UPDATEd on every request. The
3566
+ * throttle lives in the WHERE clause — atomic, no read-then-write race. No
3567
+ * RETURNING (callers fire-and-forget and discard the row).
3545
3568
  */
3546
- updateLastUsedById(id: number): Promise<{
3547
- id: number;
3548
- userId: number;
3549
- keyId: string;
3550
- publicKey: string;
3551
- algorithm: "ES256" | "RS256";
3552
- fingerprint: string;
3553
- isActive: boolean;
3554
- createdAt: Date;
3555
- lastUsedAt: Date | null;
3556
- expiresAt: Date | null;
3557
- revokedAt: Date | null;
3558
- revokedReason: string | null;
3559
- }>;
3569
+ updateLastUsedById(id: number): Promise<void>;
3560
3570
  }
3561
3571
  declare const keysRepository: KeysRepository;
3562
3572
 
@@ -3614,14 +3624,14 @@ declare class VerificationCodesRepository extends BaseRepository {
3614
3624
  * Write primary 사용
3615
3625
  */
3616
3626
  create(data: NewVerificationCode): Promise<{
3617
- target: string;
3618
- targetType: "email" | "phone";
3619
- purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
3620
- code: string;
3621
3627
  id: number;
3622
3628
  createdAt: Date;
3623
3629
  updatedAt: Date;
3624
3630
  expiresAt: Date;
3631
+ target: string;
3632
+ targetType: "email" | "phone";
3633
+ code: string;
3634
+ purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
3625
3635
  usedAt: Date | null;
3626
3636
  attempts: number;
3627
3637
  }>;
@@ -3810,7 +3820,7 @@ declare class PermissionsRepository extends BaseRepository {
3810
3820
  name: string;
3811
3821
  displayName: string;
3812
3822
  description: string | null;
3813
- category: "auth" | "custom" | "user" | "rbac" | "system" | null;
3823
+ category: "custom" | "user" | "auth" | "rbac" | "system" | null;
3814
3824
  isBuiltin: boolean;
3815
3825
  isSystem: boolean;
3816
3826
  isActive: boolean;
@@ -3826,7 +3836,7 @@ declare class PermissionsRepository extends BaseRepository {
3826
3836
  name: string;
3827
3837
  displayName: string;
3828
3838
  description: string | null;
3829
- category: "auth" | "custom" | "user" | "rbac" | "system" | null;
3839
+ category: "custom" | "user" | "auth" | "rbac" | "system" | null;
3830
3840
  isBuiltin: boolean;
3831
3841
  isSystem: boolean;
3832
3842
  isActive: boolean;
@@ -3866,7 +3876,7 @@ declare class PermissionsRepository extends BaseRepository {
3866
3876
  name: string;
3867
3877
  displayName: string;
3868
3878
  description: string | null;
3869
- category: "auth" | "custom" | "user" | "rbac" | "system" | null;
3879
+ category: "custom" | "user" | "auth" | "rbac" | "system" | null;
3870
3880
  isBuiltin: boolean;
3871
3881
  isSystem: boolean;
3872
3882
  isActive: boolean;
@@ -3877,7 +3887,6 @@ declare class PermissionsRepository extends BaseRepository {
3877
3887
  */
3878
3888
  deleteById(id: number): Promise<{
3879
3889
  description: string | null;
3880
- metadata: Record<string, any> | null;
3881
3890
  id: number;
3882
3891
  name: string;
3883
3892
  displayName: string;
@@ -3886,7 +3895,8 @@ declare class PermissionsRepository extends BaseRepository {
3886
3895
  isActive: boolean;
3887
3896
  createdAt: Date;
3888
3897
  updatedAt: Date;
3889
- category: "auth" | "custom" | "user" | "rbac" | "system" | null;
3898
+ metadata: Record<string, any> | null;
3899
+ category: "custom" | "user" | "auth" | "rbac" | "system" | null;
3890
3900
  }>;
3891
3901
  }
3892
3902
  declare const permissionsRepository: PermissionsRepository;
@@ -3931,9 +3941,9 @@ declare class RolePermissionsRepository extends BaseRepository {
3931
3941
  */
3932
3942
  createMany(data: NewRolePermission[]): Promise<{
3933
3943
  id: number;
3934
- roleId: number;
3935
3944
  createdAt: Date;
3936
3945
  updatedAt: Date;
3946
+ roleId: number;
3937
3947
  permissionId: number;
3938
3948
  }[]>;
3939
3949
  /**
@@ -3949,9 +3959,9 @@ declare class RolePermissionsRepository extends BaseRepository {
3949
3959
  */
3950
3960
  setPermissionsForRole(roleId: number, permissionIds: number[]): Promise<{
3951
3961
  id: number;
3952
- roleId: number;
3953
3962
  createdAt: Date;
3954
3963
  updatedAt: Date;
3964
+ roleId: number;
3955
3965
  permissionId: number;
3956
3966
  }[]>;
3957
3967
  }
@@ -4016,10 +4026,10 @@ declare class UserPermissionsRepository extends BaseRepository {
4016
4026
  id: number;
4017
4027
  createdAt: Date;
4018
4028
  updatedAt: Date;
4019
- permissionId: number;
4020
4029
  expiresAt: Date | null;
4021
- reason: string | null;
4030
+ permissionId: number;
4022
4031
  granted: boolean;
4032
+ reason: string | null;
4023
4033
  }>;
4024
4034
  /**
4025
4035
  * 사용자 권한 오버라이드 업데이트
@@ -4042,10 +4052,10 @@ declare class UserPermissionsRepository extends BaseRepository {
4042
4052
  id: number;
4043
4053
  createdAt: Date;
4044
4054
  updatedAt: Date;
4045
- permissionId: number;
4046
4055
  expiresAt: Date | null;
4047
- reason: string | null;
4056
+ permissionId: number;
4048
4057
  granted: boolean;
4058
+ reason: string | null;
4049
4059
  }>;
4050
4060
  /**
4051
4061
  * 사용자의 모든 권한 오버라이드 삭제
@@ -4123,7 +4133,6 @@ declare class UserProfilesRepository extends BaseRepository {
4123
4133
  * 프로필 생성
4124
4134
  */
4125
4135
  create(data: NewUserProfile): Promise<{
4126
- metadata: Record<string, any> | null;
4127
4136
  userId: number;
4128
4137
  id: number;
4129
4138
  displayName: string | null;
@@ -4141,6 +4150,7 @@ declare class UserProfilesRepository extends BaseRepository {
4141
4150
  location: string | null;
4142
4151
  company: string | null;
4143
4152
  jobTitle: string | null;
4153
+ metadata: Record<string, any> | null;
4144
4154
  }>;
4145
4155
  /**
4146
4156
  * 프로필 업데이트 (by ID)
@@ -4192,7 +4202,6 @@ declare class UserProfilesRepository extends BaseRepository {
4192
4202
  * 프로필 삭제 (by ID)
4193
4203
  */
4194
4204
  deleteById(id: number): Promise<{
4195
- metadata: Record<string, any> | null;
4196
4205
  userId: number;
4197
4206
  id: number;
4198
4207
  displayName: string | null;
@@ -4210,12 +4219,12 @@ declare class UserProfilesRepository extends BaseRepository {
4210
4219
  location: string | null;
4211
4220
  company: string | null;
4212
4221
  jobTitle: string | null;
4222
+ metadata: Record<string, any> | null;
4213
4223
  }>;
4214
4224
  /**
4215
4225
  * 프로필 삭제 (by User ID)
4216
4226
  */
4217
4227
  deleteByUserId(userId: number): Promise<{
4218
- metadata: Record<string, any> | null;
4219
4228
  userId: number;
4220
4229
  id: number;
4221
4230
  displayName: string | null;
@@ -4233,6 +4242,7 @@ declare class UserProfilesRepository extends BaseRepository {
4233
4242
  location: string | null;
4234
4243
  company: string | null;
4235
4244
  jobTitle: string | null;
4245
+ metadata: Record<string, any> | null;
4236
4246
  }>;
4237
4247
  /**
4238
4248
  * 프로필 Upsert (by User ID)
@@ -4241,7 +4251,6 @@ declare class UserProfilesRepository extends BaseRepository {
4241
4251
  * 새로 생성 시 displayName은 필수 (없으면 'User'로 설정)
4242
4252
  */
4243
4253
  upsertByUserId(userId: number, data: Partial<Omit<NewUserProfile, 'userId'>>): Promise<{
4244
- metadata: Record<string, any> | null;
4245
4254
  userId: number;
4246
4255
  id: number;
4247
4256
  displayName: string | null;
@@ -4259,6 +4268,7 @@ declare class UserProfilesRepository extends BaseRepository {
4259
4268
  location: string | null;
4260
4269
  company: string | null;
4261
4270
  jobTitle: string | null;
4271
+ metadata: Record<string, any> | null;
4262
4272
  }>;
4263
4273
  /**
4264
4274
  * User ID로 프로필 데이터 조회 (formatted)
@@ -4386,15 +4396,15 @@ declare class InvitationsRepository extends BaseRepository {
4386
4396
  */
4387
4397
  create(data: NewInvitation): Promise<{
4388
4398
  email: string;
4389
- metadata: Record<string, any> | null;
4399
+ status: "pending" | "accepted" | "expired" | "cancelled";
4390
4400
  id: number;
4391
- roleId: number;
4392
4401
  createdAt: Date;
4393
4402
  updatedAt: Date;
4394
- status: "pending" | "accepted" | "expired" | "cancelled";
4403
+ roleId: number;
4404
+ metadata: Record<string, any> | null;
4405
+ expiresAt: Date;
4395
4406
  token: string;
4396
4407
  invitedBy: number;
4397
- expiresAt: Date;
4398
4408
  acceptedAt: Date | null;
4399
4409
  cancelledAt: Date | null;
4400
4410
  }>;
@@ -4420,15 +4430,15 @@ declare class InvitationsRepository extends BaseRepository {
4420
4430
  */
4421
4431
  deleteById(id: number): Promise<{
4422
4432
  email: string;
4423
- metadata: Record<string, any> | null;
4433
+ status: "pending" | "accepted" | "expired" | "cancelled";
4424
4434
  id: number;
4425
- roleId: number;
4426
4435
  createdAt: Date;
4427
4436
  updatedAt: Date;
4428
- status: "pending" | "accepted" | "expired" | "cancelled";
4437
+ roleId: number;
4438
+ metadata: Record<string, any> | null;
4439
+ expiresAt: Date;
4429
4440
  token: string;
4430
4441
  invitedBy: number;
4431
- expiresAt: Date;
4432
4442
  acceptedAt: Date | null;
4433
4443
  cancelledAt: Date | null;
4434
4444
  }>;
@@ -4713,10 +4723,17 @@ declare const authMetadataRepository: AuthMetadataRepository;
4713
4723
  /**
4714
4724
  * @spfn/auth - Password Helpers
4715
4725
  *
4716
- * Password hashing and verification using bcrypt
4726
+ * Password hashing and verification using bcrypt (@node-rs/bcrypt).
4727
+ *
4728
+ * Uses the native (Rust/napi) implementation, which runs the CPU-bound key
4729
+ * derivation on the libuv threadpool instead of the main event loop — so
4730
+ * concurrent logins run in parallel and don't head-of-line-block other requests.
4731
+ * Hashes are standard bcrypt ($2*$) and verify against existing bcryptjs hashes.
4732
+ * For very high concurrent-login load, raise UV_THREADPOOL_SIZE toward the core
4733
+ * count (default pool is 4).
4717
4734
  *
4718
4735
  * Security:
4719
- * - Adaptive hashing (configurable rounds)
4736
+ * - Adaptive hashing (configurable rounds, default 12)
4720
4737
  * - Automatic salt generation (per-password)
4721
4738
  * - Constant-time comparison (timing attack protection)
4722
4739
  * - Rainbow table protection
@@ -4729,10 +4746,10 @@ declare const authMetadataRepository: AuthMetadataRepository;
4729
4746
  * 2. Apply bcrypt key derivation (2^rounds iterations)
4730
4747
  * 3. Return $2b$rounds$[salt][hash] (60 chars)
4731
4748
  *
4732
- * Salt rounds are configured via SPFN_AUTH_BCRYPT_SALT_ROUNDS:
4733
- * - 10 rounds: ~100ms (default, balanced)
4734
- * - 12 rounds: ~400ms (more secure, slower)
4735
- * - 14 rounds: ~1600ms (very secure, too slow for most apps)
4749
+ * Salt rounds are configured via SPFN_AUTH_BCRYPT_SALT_ROUNDS (native timings):
4750
+ * - 12 rounds: ~200ms (default — OWASP-aligned, off the event loop)
4751
+ * - 10 rounds: ~55ms (faster, lower work factor)
4752
+ * - 14 rounds: ~800ms (very secure, heavy)
4736
4753
  *
4737
4754
  * @param password - Plain text password to hash
4738
4755
  * @returns Bcrypt hash string (includes salt)
@@ -5145,15 +5162,15 @@ declare function getUser(c: Context | {
5145
5162
  }): {
5146
5163
  email: string | null;
5147
5164
  phone: string | null;
5165
+ status: "active" | "inactive" | "suspended";
5166
+ username: string | null;
5148
5167
  id: number;
5168
+ createdAt: Date;
5169
+ updatedAt: Date;
5149
5170
  publicId: string;
5150
- username: string | null;
5151
5171
  passwordHash: string | null;
5152
5172
  passwordChangeRequired: boolean;
5153
5173
  roleId: number;
5154
- createdAt: Date;
5155
- updatedAt: Date;
5156
- status: "active" | "inactive" | "suspended";
5157
5174
  emailVerifiedAt: Date | null;
5158
5175
  phoneVerifiedAt: Date | null;
5159
5176
  lastLoginAt: Date | null;
@@ -5615,9 +5632,9 @@ declare const invitationCreatedEvent: _spfn_core_event.EventDef<{
5615
5632
  } | undefined;
5616
5633
  email: string;
5617
5634
  roleId: number;
5635
+ expiresAt: string;
5618
5636
  token: string;
5619
5637
  invitedBy: string;
5620
- expiresAt: string;
5621
5638
  invitationId: string;
5622
5639
  isResend: boolean;
5623
5640
  }>;
@@ -5652,4 +5669,4 @@ type AuthRegisterPayload = typeof authRegisterEvent._payload;
5652
5669
  type InvitationCreatedPayload = typeof invitationCreatedEvent._payload;
5653
5670
  type InvitationAcceptedPayload = typeof invitationAcceptedEvent._payload;
5654
5671
 
5655
- export { type AuthConfig, AuthContext, type AuthLifecycleConfig, type AuthLifecycleOptions, type AuthLoginPayload, type AuthMetadataEntity, AuthMetadataRepository, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, type InvitationAcceptedPayload, type InvitationCreatedPayload, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewAuthMetadataEntity, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, OAuthProvider, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, type VerifyIdTokenParams, acceptInvitation, addPermissionToRole, appleProvider, authLogger, authLoginEvent, authMetadata, authMetadataRepository, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOneTimeTokenManager, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, googleProvider, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initOneTimeTokenManager, initializeAuth, invitationAcceptedEvent, invitationCreatedEvent, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, oneTimeTokenAuth, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, setRolePermissions, shouldRotateKey, socialAccountsRepository, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyIdToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };
5672
+ export { type AuthConfig, AuthContext, type AuthLifecycleConfig, type AuthLifecycleOptions, type AuthLoginPayload, type AuthMetadataEntity, AuthMetadataRepository, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, type InvitationAcceptedPayload, type InvitationCreatedPayload, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewAuthMetadataEntity, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, OAuthProvider, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, type VerifyIdTokenParams, acceptInvitation, addPermissionToRole, appleProvider, assertCanAssignRole, authLogger, authLoginEvent, authMetadata, authMetadataRepository, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOneTimeTokenManager, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, googleProvider, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initOneTimeTokenManager, initializeAuth, invitationAcceptedEvent, invitationCreatedEvent, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, oneTimeTokenAuth, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, setRolePermissions, shouldRotateKey, socialAccountsRepository, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyIdToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };