@stratal/framework 0.0.13 → 0.0.15

package/dist/auth/index.d.mts

@@ -0,0 +1,202 @@
+import { AsyncModuleOptions, DynamicModule } from "stratal/module";
+import { ApplicationError } from "stratal/errors";
+import { Auth, BetterAuthOptions } from "better-auth";
+import { APIError } from "better-auth/api";
+import { MiddlewareConfigurable, MiddlewareConsumer } from "stratal/middleware";
+import { Middleware, RouterContext } from "stratal/router";
+
+//#region src/auth/auth.module.d.ts
+declare class AuthModule implements MiddlewareConfigurable {
+  /**
+   * Configure auth middleware.
+   *
+   * Registers middlewares in order:
+   * 1. AuthContextMiddleware - Creates and registers AuthContext in request container
+   * 2. SessionVerificationMiddleware - Verifies session and populates AuthContext with userId
+   */
+  configure(consumer: MiddlewareConsumer): void;
+  /**
+   * Configure AuthModule with async options factory
+   */
+  static forRootAsync<TOptions extends BetterAuthOptions>(options: AsyncModuleOptions<TOptions>): DynamicModule;
+}
+//#endregion
+//#region src/auth/auth.tokens.d.ts
+/** Token for AuthService - core authentication service */
+declare const AUTH_SERVICE: unique symbol;
+/** Token for Better Auth options configuration */
+declare const AUTH_OPTIONS: unique symbol;
+//#endregion
+//#region src/auth/errors/auth-errors.d.ts
+declare class UserNotFoundError extends ApplicationError {
+  constructor(email?: string);
+}
+declare class InvalidCredentialsError extends ApplicationError {
+  constructor();
+}
+declare class InvalidPasswordError extends ApplicationError {
+  constructor();
+}
+declare class InvalidEmailError extends ApplicationError {
+  constructor(email?: string);
+}
+declare class SessionExpiredError extends ApplicationError {
+  constructor();
+}
+declare class EmailNotVerifiedError extends ApplicationError {
+  constructor(email?: string);
+}
+declare class PasswordTooShortError extends ApplicationError {
+  constructor(minLength: number);
+}
+declare class PasswordTooLongError extends ApplicationError {
+  constructor(maxLength: number);
+}
+declare class AccountAlreadyExistsError extends ApplicationError {
+  constructor(email?: string);
+}
+declare class FailedToCreateUserError extends ApplicationError {
+  constructor(reason?: string);
+}
+declare class FailedToCreateSessionError extends ApplicationError {
+  constructor(reason?: string);
+}
+declare class FailedToUpdateUserError extends ApplicationError {
+  constructor(reason?: string);
+}
+declare class SocialAccountLinkedError extends ApplicationError {
+  constructor(provider?: string);
+}
+declare class CannotUnlinkLastAccountError extends ApplicationError {
+  constructor();
+}
+declare class ProviderNotFoundError extends ApplicationError {
+  constructor(provider?: string);
+}
+declare class UserEmailNotFoundError extends ApplicationError {
+  constructor();
+}
+declare class AccountNotFoundError extends ApplicationError {
+  constructor();
+}
+declare class CredentialAccountNotFoundError extends ApplicationError {
+  constructor();
+}
+declare class UserAlreadyHasPasswordError extends ApplicationError {
+  constructor();
+}
+declare class EmailCannotBeUpdatedError extends ApplicationError {
+  constructor(reason?: string);
+}
+declare class FailedToGetSessionError extends ApplicationError {
+  constructor(reason?: string);
+}
+declare class FailedToGetUserInfoError extends ApplicationError {
+  constructor(reason?: string);
+}
+declare class IdTokenNotSupportedError extends ApplicationError {
+  constructor();
+}
+declare class TokenExpiredError extends ApplicationError {
+  constructor();
+}
+//#endregion
+//#region src/auth/errors/invalid-token.error.d.ts
+declare class InvalidTokenError extends ApplicationError {
+  constructor();
+}
+//#endregion
+//#region src/auth/errors/token-required.error.d.ts
+declare class TokenRequiredError extends ApplicationError {
+  constructor();
+}
+//#endregion
+//#region src/auth/errors/verification-failed.error.d.ts
+declare class VerificationFailedError extends ApplicationError {
+  constructor();
+}
+//#endregion
+//#region src/auth/middleware/auth-context.middleware.d.ts
+/**
+ * Auth Context Middleware
+ *
+ * Registers AuthContext in the request container at the start of each request.
+ * This MUST run before SessionVerificationMiddleware and any other middleware
+ * that depends on AuthContext.
+ */
+declare class AuthContextMiddleware implements Middleware {
+  handle(ctx: RouterContext, next: () => Promise<void>): Promise<void>;
+}
+//#endregion
+//#region src/auth/services/auth.service.d.ts
+/**
+ * AuthService
+ *
+ * Base authentication service using Better Auth.
+ * Configured via AuthModule.forRootAsync() from the application layer.
+ *
+ * **Extensibility:**
+ * Extend this class in application layer to add custom methods.
+ *
+ * @example
+ * ```typescript
+ * @Transient(AUTH_SERVICE)
+ * export class AppAuthService extends AuthService<AuthOptions> {
+ *   async signInMagicLink(email: string) {
+ *     return wrapBetterAuth(async () => {
+ *       return this.auth.api.signInMagicLink({ body: { email }, headers: new Headers() })
+ *     })
+ *   }
+ * }
+ * ```
+ */
+declare class AuthService<TOptions extends BetterAuthOptions = BetterAuthOptions> {
+  protected readonly options: TOptions;
+  private authInstance;
+  constructor(options: TOptions);
+  /**
+   * Get the Better Auth instance
+   */
+  get auth(): Auth<TOptions>;
+}
+//#endregion
+//#region src/auth/middleware/session-verification.middleware.d.ts
+/**
+ * Session Verification Middleware
+ *
+ * Verifies user session via Better Auth and populates AuthContext with userId.
+ *
+ * **Responsibilities:**
+ * - Calls Better Auth's getSession() API
+ * - Populates AuthContext with userId if session is valid
+ * - Continues request chain regardless of session status
+ */
+declare class SessionVerificationMiddleware implements Middleware {
+  private readonly authService;
+  constructor(authService: AuthService);
+  handle(ctx: RouterContext, next: () => Promise<void>): Promise<void>;
+}
+//#endregion
+//#region src/auth/utils/auth-helpers.d.ts
+/**
+ * Get shared Better Auth error handler configuration.
+ * Use this in Better Auth config's onAPIError option.
+ */
+declare function getErrorHandlerConfig(): BetterAuthOptions['onAPIError'];
+/**
+ * Wrap a Better Auth function in a try/catch block and map errors to ApplicationError.
+ */
+declare const wrapBetterAuth: <T>(fn: () => Promise<T>) => Promise<T>;
+//#endregion
+//#region src/auth/utils/better-auth-error-handler.d.ts
+/**
+ * Maps Better Auth API error codes to ApplicationError instances.
+ */
+declare function mapBetterAuthError(error: APIError): ApplicationError;
+/**
+ * Type guard to check if an error is a Better Auth APIError
+ */
+declare function isAPIError(error: unknown): error is APIError;
+//#endregion
+export { AUTH_OPTIONS, AUTH_SERVICE, AccountAlreadyExistsError, AccountNotFoundError, AuthContextMiddleware, AuthModule, AuthService, CannotUnlinkLastAccountError, CredentialAccountNotFoundError, EmailCannotBeUpdatedError, EmailNotVerifiedError, FailedToCreateSessionError, FailedToCreateUserError, FailedToGetSessionError, FailedToGetUserInfoError, FailedToUpdateUserError, IdTokenNotSupportedError, InvalidCredentialsError, InvalidEmailError, InvalidPasswordError, InvalidTokenError, PasswordTooLongError, PasswordTooShortError, ProviderNotFoundError, SessionExpiredError, SessionVerificationMiddleware, SocialAccountLinkedError, TokenExpiredError, TokenRequiredError, UserAlreadyHasPasswordError, UserEmailNotFoundError, UserNotFoundError, VerificationFailedError, getErrorHandlerConfig, isAPIError, mapBetterAuthError, wrapBetterAuth };
+//# sourceMappingURL=index.d.mts.map

package/dist/auth/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/auth/auth.module.ts","../../src/auth/auth.tokens.ts","../../src/auth/errors/auth-errors.ts","../../src/auth/errors/invalid-token.error.ts","../../src/auth/errors/token-required.error.ts","../../src/auth/errors/verification-failed.error.ts","../../src/auth/middleware/auth-context.middleware.ts","../../src/auth/services/auth.service.ts","../../src/auth/middleware/session-verification.middleware.ts","../../src/auth/utils/auth-helpers.ts","../../src/auth/utils/better-auth-error-handler.ts"],"mappings":";;;;;;;;cAgCa,UAAA,YAAsB,sBAAA;EAqB1B;;;;;;;EAbP,SAAA,CAAU,QAAA,EAAU,kBAAA;EAeJ;;;EAAA,OAFT,YAAA,kBAA8B,iBAAA,CAAA,CACnC,OAAA,EAAS,kBAAA,CAAmB,QAAA,IAC3B,aAAA;AAAA;;;;cCtDQ,YAAA;;cAGA,YAAA;;;cCFA,iBAAA,SAA0B,gBAAA;cACzB,KAAA;AAAA;AAAA,cAKD,uBAAA,SAAgC,gBAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAMhC,oBAAA,SAA6B,gBAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAM7B,iBAAA,SAA0B,gBAAA;cACzB,KAAA;AAAA;AAAA,cAKD,mBAAA,SAA4B,gBAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAM5B,qBAAA,SAA8B,gBAAA;cAC7B,KAAA;AAAA;AAAA,cAKD,qBAAA,SAA8B,gBAAA;cAC7B,SAAA;AAAA;AAAA,cAKD,oBAAA,SAA6B,gBAAA;cAC5B,SAAA;AAAA;AAAA,cAKD,yBAAA,SAAkC,gBAAA;cACjC,KAAA;AAAA;AAAA,cAKD,uBAAA,SAAgC,gBAAA;cAC/B,MAAA;AAAA;AAAA,cAKD,0BAAA,SAAmC,gBAAA;cAClC,MAAA;AAAA;AAAA,cAKD,uBAAA,SAAgC,gBAAA;cAC/B,MAAA;AAAA;AAAA,cAKD,wBAAA,SAAiC,gBAAA;cAChC,QAAA;AAAA;AAAA,cAKD,4BAAA,SAAqC,gBAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAMrC,qBAAA,SAA8B,gBAAA;cAC7B,QAAA;AAAA;AAAA,cAKD,sBAAA,SAA+B,gBAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAM/B,oBAAA,SAA6B,gBAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAM7B,8BAAA,SAAuC,gBAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAMvC,2BAAA,SAAoC,gBAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAMpC,yBAAA,SAAkC,gBAAA;cACjC,MAAA;AAAA;AAAA,cAKD,uBAAA,SAAgC,gBAAA;cAC/B,MAAA;AAAA;AAAA,cAKD,wBAAA,SAAiC,gBAAA;cAChC,MAAA;AAAA;AAAA,cAKD,wBAAA,SAAiC,gBAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAMjC,iBAAA,SAA0B,gBAAA;EAAA,WAAA,CAAA;AAAA;;;cC1I1B,iBAAA,SAA0B,gBAAA;EAAA,WAAA,CAAA;AAAA;;;cCA1B,kBAAA,SAA2B,gBAAA;EAAA,WAAA,CAAA;AAAA;;;cCA3B,uBAAA,SAAgC,gBAAA;EAAA,WAAA,CAAA;AAAA;;;;;;;;;;cCUhC,qBAAA,YAAiC,UAAA;EACtC,MAAA,CAAO,GAAA,EAAK,aAAA,EAAe,IAAA,QAAY,OAAA,SAAgB,OAAA;AAAA;;;;;;;;;;ANgB/D;;;;;;;;;;;;;;cOAa,WAAA,kBAA6B,iBAAA,GAAoB,iBAAA;EAAA,mBAIjB,OAAA,EAAS,QAAA;EAAA,QAH5C,YAAA;cAGmC,OAAA,EAAS,QAAA;EPqBzC;;;EAAA,IOVP,IAAA,CAAA,GAAQ,IAAA,CAAK,QAAA;AAAA;;;;;;;;;APfnB;;;;cQXa,6BAAA,YAAyC,UAAA;EAAA,iBAGjC,WAAA;cAAA,WAAA,EAAa,WAAA;EAG1B,MAAA,CAAO,GAAA,EAAK,aAAA,EAAe,IAAA,QAAY,OAAA,SAAgB,OAAA;AAAA;;;;;;;iBCjB/C,qBAAA,CAAA,GAAyB,iBAAA;;;ATsBzC;cSPa,cAAA,MAA2B,EAAA,QAAU,OAAA,CAAQ,CAAA,MAAK,OAAA,CAAQ,CAAA;;;;;;iBCavD,kBAAA,CAAmB,KAAA,EAAO,QAAA,GAAW,gBAAA;;;AVNrD;iBUkFgB,UAAA,CAAW,KAAA,YAAiB,KAAA,IAAS,QAAA"}

package/dist/auth/index.mjs

@@ -0,0 +1,323 @@
+import "../errors-C_KIIU1v.mjs";
+import { t as __decorate } from "../decorate-RSane8dy.mjs";
+import { t as AuthContext } from "../auth-context-CV3Ko1ew.mjs";
+import { t as __decorateMetadata } from "../decorateMetadata-CETItPez.mjs";
+import { t as __decorateParam } from "../decorateParam-CcTvpNsw.mjs";
+import { Module } from "stratal/module";
+import { DI_TOKENS, Transient } from "stratal/di";
+import { ApplicationError, ERROR_CODES, InternalError } from "stratal/errors";
+import { inject } from "tsyringe";
+import { betterAuth } from "better-auth";
+import { APIError } from "better-auth/api";
+//#region src/auth/auth.tokens.ts
+/** Token for AuthService - core authentication service */
+const AUTH_SERVICE = Symbol.for("stratal:auth:service");
+/** Token for Better Auth options configuration */
+const AUTH_OPTIONS = Symbol.for("stratal:auth:options");
+//#endregion
+//#region src/auth/middleware/auth-context.middleware.ts
+let AuthContextMiddleware = class AuthContextMiddleware {
+	async handle(ctx, next) {
+		const requestContainer = ctx.getContainer();
+		const authContext = new AuthContext();
+		requestContainer.registerValue(DI_TOKENS.AuthContext, authContext);
+		await next();
+	}
+};
+AuthContextMiddleware = __decorate([Transient()], AuthContextMiddleware);
+//#endregion
+//#region src/auth/middleware/session-verification.middleware.ts
+let SessionVerificationMiddleware = class SessionVerificationMiddleware {
+	constructor(authService) {
+		this.authService = authService;
+	}
+	async handle(ctx, next) {
+		const session = await this.authService.auth.api.getSession({ headers: ctx.c.req.raw.headers });
+		if (session) ctx.getContainer().resolve(DI_TOKENS.AuthContext).setAuthContext({ userId: session.user.id });
+		await next();
+	}
+};
+SessionVerificationMiddleware = __decorate([
+	Transient(),
+	__decorateParam(0, inject(AUTH_SERVICE)),
+	__decorateMetadata("design:paramtypes", [Object])
+], SessionVerificationMiddleware);
+//#endregion
+//#region src/auth/errors/auth-errors.ts
+var UserNotFoundError = class extends ApplicationError {
+	constructor(email) {
+		super("errors.auth.userNotFound", ERROR_CODES.RESOURCE.NOT_FOUND, email ? { email } : void 0);
+	}
+};
+var InvalidCredentialsError = class extends ApplicationError {
+	constructor() {
+		super("errors.auth.invalidCredentials", ERROR_CODES.AUTH.INVALID_CREDENTIALS);
+	}
+};
+var InvalidPasswordError = class extends ApplicationError {
+	constructor() {
+		super("errors.auth.invalidPassword", ERROR_CODES.AUTH.INVALID_CREDENTIALS);
+	}
+};
+var InvalidEmailError = class extends ApplicationError {
+	constructor(email) {
+		super("errors.auth.invalidEmail", ERROR_CODES.VALIDATION.INVALID_FORMAT, email ? { email } : void 0);
+	}
+};
+var SessionExpiredError = class extends ApplicationError {
+	constructor() {
+		super("errors.auth.sessionExpired", ERROR_CODES.AUTH.SESSION_EXPIRED);
+	}
+};
+var EmailNotVerifiedError = class extends ApplicationError {
+	constructor(email) {
+		super("errors.auth.emailNotVerified", ERROR_CODES.AUTH.EMAIL_NOT_VERIFIED, email ? { email } : void 0);
+	}
+};
+var PasswordTooShortError = class extends ApplicationError {
+	constructor(minLength) {
+		super("errors.auth.passwordTooShort", ERROR_CODES.AUTH.PASSWORD_TOO_SHORT, { minLength });
+	}
+};
+var PasswordTooLongError = class extends ApplicationError {
+	constructor(maxLength) {
+		super("errors.auth.passwordTooLong", ERROR_CODES.AUTH.PASSWORD_TOO_LONG, { maxLength });
+	}
+};
+var AccountAlreadyExistsError = class extends ApplicationError {
+	constructor(email) {
+		super("errors.auth.accountAlreadyExists", ERROR_CODES.AUTH.ACCOUNT_ALREADY_EXISTS, email ? { email } : void 0);
+	}
+};
+var FailedToCreateUserError = class extends ApplicationError {
+	constructor(reason) {
+		super("errors.auth.failedToCreateUser", ERROR_CODES.AUTH.FAILED_TO_CREATE_USER, reason ? { reason } : void 0);
+	}
+};
+var FailedToCreateSessionError = class extends ApplicationError {
+	constructor(reason) {
+		super("errors.auth.failedToCreateSession", ERROR_CODES.AUTH.FAILED_TO_CREATE_SESSION, reason ? { reason } : void 0);
+	}
+};
+var FailedToUpdateUserError = class extends ApplicationError {
+	constructor(reason) {
+		super("errors.auth.failedToUpdateUser", ERROR_CODES.AUTH.FAILED_TO_UPDATE_USER, reason ? { reason } : void 0);
+	}
+};
+var SocialAccountLinkedError = class extends ApplicationError {
+	constructor(provider) {
+		super("errors.auth.socialAccountLinked", ERROR_CODES.AUTH.SOCIAL_ACCOUNT_LINKED, provider ? { provider } : void 0);
+	}
+};
+var CannotUnlinkLastAccountError = class extends ApplicationError {
+	constructor() {
+		super("errors.auth.cannotUnlinkLastAccount", ERROR_CODES.AUTH.CANNOT_UNLINK_LAST_ACCOUNT);
+	}
+};
+var ProviderNotFoundError = class extends ApplicationError {
+	constructor(provider) {
+		super("errors.auth.providerNotFound", ERROR_CODES.RESOURCE.NOT_FOUND, provider ? { provider } : void 0);
+	}
+};
+var UserEmailNotFoundError = class extends ApplicationError {
+	constructor() {
+		super("errors.auth.userEmailNotFound", ERROR_CODES.RESOURCE.NOT_FOUND);
+	}
+};
+var AccountNotFoundError = class extends ApplicationError {
+	constructor() {
+		super("errors.auth.accountNotFound", ERROR_CODES.RESOURCE.NOT_FOUND);
+	}
+};
+var CredentialAccountNotFoundError = class extends ApplicationError {
+	constructor() {
+		super("errors.auth.credentialAccountNotFound", ERROR_CODES.RESOURCE.NOT_FOUND);
+	}
+};
+var UserAlreadyHasPasswordError = class extends ApplicationError {
+	constructor() {
+		super("errors.auth.userAlreadyHasPassword", ERROR_CODES.RESOURCE.CONFLICT);
+	}
+};
+var EmailCannotBeUpdatedError = class extends ApplicationError {
+	constructor(reason) {
+		super("errors.auth.emailCannotBeUpdated", ERROR_CODES.VALIDATION.GENERIC, reason ? { reason } : void 0);
+	}
+};
+var FailedToGetSessionError = class extends ApplicationError {
+	constructor(reason) {
+		super("errors.auth.failedToGetSession", ERROR_CODES.SYSTEM.INTERNAL_ERROR, reason ? { reason } : void 0);
+	}
+};
+var FailedToGetUserInfoError = class extends ApplicationError {
+	constructor(reason) {
+		super("errors.auth.failedToGetUserInfo", ERROR_CODES.SYSTEM.INTERNAL_ERROR, reason ? { reason } : void 0);
+	}
+};
+var IdTokenNotSupportedError = class extends ApplicationError {
+	constructor() {
+		super("errors.auth.invalidToken", ERROR_CODES.VALIDATION.GENERIC);
+	}
+};
+var TokenExpiredError = class extends ApplicationError {
+	constructor() {
+		super("errors.auth.tokenExpired", ERROR_CODES.VALIDATION.GENERIC);
+	}
+};
+//#endregion
+//#region src/auth/errors/invalid-token.error.ts
+var InvalidTokenError = class extends ApplicationError {
+	constructor() {
+		super("errors.auth.invalidToken", ERROR_CODES.AUTH.INVALID_TOKEN);
+	}
+};
+//#endregion
+//#region src/auth/errors/token-required.error.ts
+var TokenRequiredError = class extends ApplicationError {
+	constructor() {
+		super("errors.auth.tokenRequired", ERROR_CODES.VALIDATION.REQUIRED_FIELD, { field: "token" });
+	}
+};
+//#endregion
+//#region src/auth/errors/verification-failed.error.ts
+var VerificationFailedError = class extends ApplicationError {
+	constructor() {
+		super("errors.auth.verificationFailed", ERROR_CODES.AUTH.INVALID_CREDENTIALS);
+	}
+};
+//#endregion
+//#region src/auth/utils/better-auth-error-handler.ts
+/**
+* Maps Better Auth API error codes to ApplicationError instances.
+*/
+function mapBetterAuthError(error) {
+	const errorCode = error.body?.code;
+	if (error.status === "FOUND") {
+		if (error.headers.get("location")?.includes("INVALID_TOKEN")) return new InvalidTokenError();
+	}
+	if (!errorCode) return new InternalError({
+		originalError: `Better Auth error: ${error.message}`,
+		stack: error.stack
+	});
+	if (errorCode === "USER_NOT_FOUND") return new UserNotFoundError();
+	if (errorCode === "USER_EMAIL_NOT_FOUND") return new UserEmailNotFoundError();
+	if (errorCode === "INVALID_EMAIL_OR_PASSWORD") return new InvalidCredentialsError();
+	if (errorCode === "INVALID_PASSWORD") return new InvalidPasswordError();
+	if (errorCode === "INVALID_EMAIL") return new InvalidEmailError();
+	if (errorCode === "SESSION_EXPIRED") return new SessionExpiredError();
+	if (errorCode === "FAILED_TO_CREATE_SESSION") return new FailedToCreateSessionError();
+	if (errorCode === "FAILED_TO_GET_SESSION") return new FailedToGetSessionError();
+	if (errorCode === "EMAIL_NOT_VERIFIED") return new EmailNotVerifiedError();
+	if (errorCode === "EMAIL_CAN_NOT_BE_UPDATED") return new EmailCannotBeUpdatedError();
+	if (errorCode === "PASSWORD_TOO_SHORT") return new PasswordTooShortError(8);
+	if (errorCode === "PASSWORD_TOO_LONG") return new PasswordTooLongError(128);
+	if (errorCode === "USER_ALREADY_EXISTS" || errorCode === "USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL") return new AccountAlreadyExistsError();
+	if (errorCode === "ACCOUNT_NOT_FOUND") return new AccountNotFoundError();
+	if (errorCode === "CREDENTIAL_ACCOUNT_NOT_FOUND") return new CredentialAccountNotFoundError();
+	if (errorCode === "FAILED_TO_UNLINK_LAST_ACCOUNT") return new CannotUnlinkLastAccountError();
+	if (errorCode === "FAILED_TO_CREATE_USER") return new FailedToCreateUserError();
+	if (errorCode === "FAILED_TO_UPDATE_USER") return new FailedToUpdateUserError();
+	if (errorCode === "FAILED_TO_GET_USER_INFO") return new FailedToGetUserInfoError();
+	if (errorCode === "SOCIAL_ACCOUNT_ALREADY_LINKED") return new SocialAccountLinkedError();
+	if (errorCode === "PROVIDER_NOT_FOUND") return new ProviderNotFoundError();
+	if (errorCode === "ID_TOKEN_NOT_SUPPORTED") return new IdTokenNotSupportedError();
+	if (errorCode === "INVALID_TOKEN") return new IdTokenNotSupportedError();
+	if (errorCode === "TOKEN_EXPIRED") return new TokenExpiredError();
+	if (errorCode === "USER_ALREADY_HAS_PASSWORD") return new UserAlreadyHasPasswordError();
+	return new InternalError({
+		originalError: `Better Auth error [${errorCode}]: ${error.message}`,
+		stack: error.stack
+	});
+}
+/**
+* Type guard to check if an error is a Better Auth APIError
+*/
+function isAPIError(error) {
+	return error instanceof APIError;
+}
+//#endregion
+//#region src/auth/utils/auth-helpers.ts
+/**
+* Get shared Better Auth error handler configuration.
+* Use this in Better Auth config's onAPIError option.
+*/
+function getErrorHandlerConfig() {
+	return {
+		throw: false,
+		onError: (error) => {
+			if (isAPIError(error)) throw mapBetterAuthError(error);
+			throw error;
+		}
+	};
+}
+/**
+* Wrap a Better Auth function in a try/catch block and map errors to ApplicationError.
+*/
+const wrapBetterAuth = async (fn) => {
+	try {
+		return await fn();
+	} catch (error) {
+		if (isAPIError(error)) throw mapBetterAuthError(error);
+		throw error;
+	}
+};
+//#endregion
+//#region src/auth/services/auth.service.ts
+let AuthService = class AuthService {
+	authInstance;
+	constructor(options) {
+		this.options = options;
+		this.authInstance = betterAuth({
+			...this.options,
+			onAPIError: getErrorHandlerConfig()
+		});
+	}
+	/**
+	* Get the Better Auth instance
+	*/
+	get auth() {
+		return this.authInstance;
+	}
+};
+AuthService = __decorate([
+	Transient(AUTH_SERVICE),
+	__decorateParam(0, inject(AUTH_OPTIONS)),
+	__decorateMetadata("design:paramtypes", [Object])
+], AuthService);
+//#endregion
+//#region src/auth/auth.module.ts
+var _AuthModule;
+let AuthModule = _AuthModule = class AuthModule {
+	/**
+	* Configure auth middleware.
+	*
+	* Registers middlewares in order:
+	* 1. AuthContextMiddleware - Creates and registers AuthContext in request container
+	* 2. SessionVerificationMiddleware - Verifies session and populates AuthContext with userId
+	*/
+	configure(consumer) {
+		consumer.apply(AuthContextMiddleware).forRoutes("*");
+		consumer.apply(SessionVerificationMiddleware).forRoutes("*");
+	}
+	/**
+	* Configure AuthModule with async options factory
+	*/
+	static forRootAsync(options) {
+		return {
+			module: _AuthModule,
+			providers: [{
+				provide: AUTH_OPTIONS,
+				useFactory: options.useFactory,
+				inject: options.inject
+			}, {
+				provide: AUTH_SERVICE,
+				useClass: AuthService
+			}]
+		};
+	}
+};
+AuthModule = _AuthModule = __decorate([Module({ providers: [] })], AuthModule);
+//#endregion
+export { AUTH_OPTIONS, AUTH_SERVICE, AccountAlreadyExistsError, AccountNotFoundError, AuthContextMiddleware, AuthModule, AuthService, CannotUnlinkLastAccountError, CredentialAccountNotFoundError, EmailCannotBeUpdatedError, EmailNotVerifiedError, FailedToCreateSessionError, FailedToCreateUserError, FailedToGetSessionError, FailedToGetUserInfoError, FailedToUpdateUserError, IdTokenNotSupportedError, InvalidCredentialsError, InvalidEmailError, InvalidPasswordError, InvalidTokenError, PasswordTooLongError, PasswordTooShortError, ProviderNotFoundError, SessionExpiredError, SessionVerificationMiddleware, SocialAccountLinkedError, TokenExpiredError, TokenRequiredError, UserAlreadyHasPasswordError, UserEmailNotFoundError, UserNotFoundError, VerificationFailedError, getErrorHandlerConfig, isAPIError, mapBetterAuthError, wrapBetterAuth };
+
+//# sourceMappingURL=index.mjs.map

package/dist/auth/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":[],"sources":["../../src/auth/auth.tokens.ts","../../src/auth/middleware/auth-context.middleware.ts","../../src/auth/middleware/session-verification.middleware.ts","../../src/auth/errors/auth-errors.ts","../../src/auth/errors/invalid-token.error.ts","../../src/auth/errors/token-required.error.ts","../../src/auth/errors/verification-failed.error.ts","../../src/auth/utils/better-auth-error-handler.ts","../../src/auth/utils/auth-helpers.ts","../../src/auth/services/auth.service.ts","../../src/auth/auth.module.ts"],"sourcesContent":["/** Token for AuthService - core authentication service */\nexport const AUTH_SERVICE = Symbol.for('stratal:auth:service')\n\n/** Token for Better Auth options configuration */\nexport const AUTH_OPTIONS = Symbol.for('stratal:auth:options')\n","import { Transient, DI_TOKENS } from 'stratal/di'\nimport type { Middleware, RouterContext } from 'stratal/router'\nimport { AuthContext } from '../../context/auth-context'\n\n/**\n * Auth Context Middleware\n *\n * Registers AuthContext in the request container at the start of each request.\n * This MUST run before SessionVerificationMiddleware and any other middleware\n * that depends on AuthContext.\n */\n@Transient()\nexport class AuthContextMiddleware implements Middleware {\n  async handle(ctx: RouterContext, next: () => Promise<void>): Promise<void> {\n    const requestContainer = ctx.getContainer()\n\n    const authContext = new AuthContext()\n    requestContainer.registerValue(DI_TOKENS.AuthContext, authContext)\n\n    await next()\n  }\n}\n","import { inject } from 'tsyringe'\nimport { Transient, DI_TOKENS } from 'stratal/di'\nimport type { Middleware, RouterContext } from 'stratal/router'\nimport { AuthContext } from '../../context/auth-context'\nimport { AUTH_SERVICE } from '../auth.tokens'\nimport type { AuthService } from '../services/auth.service'\n\n/**\n * Session Verification Middleware\n *\n * Verifies user session via Better Auth and populates AuthContext with userId.\n *\n * **Responsibilities:**\n * - Calls Better Auth's getSession() API\n * - Populates AuthContext with userId if session is valid\n * - Continues request chain regardless of session status\n */\n@Transient()\nexport class SessionVerificationMiddleware implements Middleware {\n  constructor(\n    @inject(AUTH_SERVICE)\n    private readonly authService: AuthService\n  ) {}\n\n  async handle(ctx: RouterContext, next: () => Promise<void>): Promise<void> {\n    const session = await this.authService.auth.api.getSession({\n      headers: ctx.c.req.raw.headers\n    })\n\n    if (session) {\n      const authContext = ctx.getContainer().resolve<AuthContext>(DI_TOKENS.AuthContext)\n      authContext.setAuthContext({ userId: session.user.id })\n    }\n\n    await next()\n  }\n}\n","import { ApplicationError, ERROR_CODES } from 'stratal/errors'\n\nexport class UserNotFoundError extends ApplicationError {\n  constructor(email?: string) {\n    super('errors.auth.userNotFound', ERROR_CODES.RESOURCE.NOT_FOUND, email ? { email } : undefined)\n  }\n}\n\nexport class InvalidCredentialsError extends ApplicationError {\n  constructor() {\n    super('errors.auth.invalidCredentials', ERROR_CODES.AUTH.INVALID_CREDENTIALS)\n  }\n}\n\nexport class InvalidPasswordError extends ApplicationError {\n  constructor() {\n    super('errors.auth.invalidPassword', ERROR_CODES.AUTH.INVALID_CREDENTIALS)\n  }\n}\n\nexport class InvalidEmailError extends ApplicationError {\n  constructor(email?: string) {\n    super('errors.auth.invalidEmail', ERROR_CODES.VALIDATION.INVALID_FORMAT, email ? { email } : undefined)\n  }\n}\n\nexport class SessionExpiredError extends ApplicationError {\n  constructor() {\n    super('errors.auth.sessionExpired', ERROR_CODES.AUTH.SESSION_EXPIRED)\n  }\n}\n\nexport class EmailNotVerifiedError extends ApplicationError {\n  constructor(email?: string) {\n    super('errors.auth.emailNotVerified', ERROR_CODES.AUTH.EMAIL_NOT_VERIFIED, email ? { email } : undefined)\n  }\n}\n\nexport class PasswordTooShortError extends ApplicationError {\n  constructor(minLength: number) {\n    super('errors.auth.passwordTooShort', ERROR_CODES.AUTH.PASSWORD_TOO_SHORT, { minLength })\n  }\n}\n\nexport class PasswordTooLongError extends ApplicationError {\n  constructor(maxLength: number) {\n    super('errors.auth.passwordTooLong', ERROR_CODES.AUTH.PASSWORD_TOO_LONG, { maxLength })\n  }\n}\n\nexport class AccountAlreadyExistsError extends ApplicationError {\n  constructor(email?: string) {\n    super('errors.auth.accountAlreadyExists', ERROR_CODES.AUTH.ACCOUNT_ALREADY_EXISTS, email ? { email } : undefined)\n  }\n}\n\nexport class FailedToCreateUserError extends ApplicationError {\n  constructor(reason?: string) {\n    super('errors.auth.failedToCreateUser', ERROR_CODES.AUTH.FAILED_TO_CREATE_USER, reason ? { reason } : undefined)\n  }\n}\n\nexport class FailedToCreateSessionError extends ApplicationError {\n  constructor(reason?: string) {\n    super('errors.auth.failedToCreateSession', ERROR_CODES.AUTH.FAILED_TO_CREATE_SESSION, reason ? { reason } : undefined)\n  }\n}\n\nexport class FailedToUpdateUserError extends ApplicationError {\n  constructor(reason?: string) {\n    super('errors.auth.failedToUpdateUser', ERROR_CODES.AUTH.FAILED_TO_UPDATE_USER, reason ? { reason } : undefined)\n  }\n}\n\nexport class SocialAccountLinkedError extends ApplicationError {\n  constructor(provider?: string) {\n    super('errors.auth.socialAccountLinked', ERROR_CODES.AUTH.SOCIAL_ACCOUNT_LINKED, provider ? { provider } : undefined)\n  }\n}\n\nexport class CannotUnlinkLastAccountError extends ApplicationError {\n  constructor() {\n    super('errors.auth.cannotUnlinkLastAccount', ERROR_CODES.AUTH.CANNOT_UNLINK_LAST_ACCOUNT)\n  }\n}\n\nexport class ProviderNotFoundError extends ApplicationError {\n  constructor(provider?: string) {\n    super('errors.auth.providerNotFound', ERROR_CODES.RESOURCE.NOT_FOUND, provider ? { provider } : undefined)\n  }\n}\n\nexport class UserEmailNotFoundError extends ApplicationError {\n  constructor() {\n    super('errors.auth.userEmailNotFound', ERROR_CODES.RESOURCE.NOT_FOUND)\n  }\n}\n\nexport class AccountNotFoundError extends ApplicationError {\n  constructor() {\n    super('errors.auth.accountNotFound', ERROR_CODES.RESOURCE.NOT_FOUND)\n  }\n}\n\nexport class CredentialAccountNotFoundError extends ApplicationError {\n  constructor() {\n    super('errors.auth.credentialAccountNotFound', ERROR_CODES.RESOURCE.NOT_FOUND)\n  }\n}\n\nexport class UserAlreadyHasPasswordError extends ApplicationError {\n  constructor() {\n    super('errors.auth.userAlreadyHasPassword', ERROR_CODES.RESOURCE.CONFLICT)\n  }\n}\n\nexport class EmailCannotBeUpdatedError extends ApplicationError {\n  constructor(reason?: string) {\n    super('errors.auth.emailCannotBeUpdated', ERROR_CODES.VALIDATION.GENERIC, reason ? { reason } : undefined)\n  }\n}\n\nexport class FailedToGetSessionError extends ApplicationError {\n  constructor(reason?: string) {\n    super('errors.auth.failedToGetSession', ERROR_CODES.SYSTEM.INTERNAL_ERROR, reason ? { reason } : undefined)\n  }\n}\n\nexport class FailedToGetUserInfoError extends ApplicationError {\n  constructor(reason?: string) {\n    super('errors.auth.failedToGetUserInfo', ERROR_CODES.SYSTEM.INTERNAL_ERROR, reason ? { reason } : undefined)\n  }\n}\n\nexport class IdTokenNotSupportedError extends ApplicationError {\n  constructor() {\n    super('errors.auth.invalidToken', ERROR_CODES.VALIDATION.GENERIC)\n  }\n}\n\nexport class TokenExpiredError extends ApplicationError {\n  constructor() {\n    super('errors.auth.tokenExpired', ERROR_CODES.VALIDATION.GENERIC)\n  }\n}\n","import { ApplicationError, ERROR_CODES } from 'stratal/errors'\n\nexport class InvalidTokenError extends ApplicationError {\n  constructor() {\n    super('errors.auth.invalidToken', ERROR_CODES.AUTH.INVALID_TOKEN)\n  }\n}\n","import { ApplicationError, ERROR_CODES } from 'stratal/errors'\n\nexport class TokenRequiredError extends ApplicationError {\n  constructor() {\n    super('errors.auth.tokenRequired', ERROR_CODES.VALIDATION.REQUIRED_FIELD, { field: 'token' })\n  }\n}\n","import { ApplicationError, ERROR_CODES } from 'stratal/errors'\n\nexport class VerificationFailedError extends ApplicationError {\n  constructor() {\n    super('errors.auth.verificationFailed', ERROR_CODES.AUTH.INVALID_CREDENTIALS)\n  }\n}\n","import { type BASE_ERROR_CODES } from '@better-auth/core/error'\nimport { APIError } from 'better-auth/api'\nimport type { ApplicationError } from 'stratal/errors'\nimport { InternalError } from 'stratal/errors'\nimport {\n  AccountAlreadyExistsError,\n  AccountNotFoundError,\n  CannotUnlinkLastAccountError,\n  CredentialAccountNotFoundError,\n  EmailCannotBeUpdatedError,\n  EmailNotVerifiedError,\n  FailedToCreateSessionError,\n  FailedToCreateUserError,\n  FailedToGetSessionError,\n  FailedToGetUserInfoError,\n  FailedToUpdateUserError,\n  IdTokenNotSupportedError,\n  InvalidCredentialsError,\n  InvalidEmailError,\n  InvalidPasswordError,\n  InvalidTokenError,\n  PasswordTooLongError,\n  PasswordTooShortError,\n  ProviderNotFoundError,\n  SessionExpiredError,\n  SocialAccountLinkedError,\n  TokenExpiredError,\n  UserAlreadyHasPasswordError,\n  UserEmailNotFoundError,\n  UserNotFoundError,\n} from '../errors'\n\n/**\n * Maps Better Auth API error codes to ApplicationError instances.\n */\nexport function mapBetterAuthError(error: APIError): ApplicationError {\n  const errorCode = error.body?.code as keyof typeof BASE_ERROR_CODES | 'TOKEN_EXPIRED' | undefined\n\n  if (error.status === 'FOUND') {\n    const headers = error.headers as Headers\n    const hasInvalidToken = headers.get('location')?.includes('INVALID_TOKEN')\n\n    if (hasInvalidToken) {\n      return new InvalidTokenError()\n    }\n  }\n\n  if (!errorCode) {\n    return new InternalError({\n      originalError: `Better Auth error: ${error.message}`,\n      stack: error.stack,\n    })\n  }\n\n  // User errors\n  if (errorCode === 'USER_NOT_FOUND') return new UserNotFoundError()\n  if (errorCode === 'USER_EMAIL_NOT_FOUND') return new UserEmailNotFoundError()\n\n  // Credential errors\n  if (errorCode === 'INVALID_EMAIL_OR_PASSWORD') return new InvalidCredentialsError()\n  if (errorCode === 'INVALID_PASSWORD') return new InvalidPasswordError()\n  if (errorCode === 'INVALID_EMAIL') return new InvalidEmailError()\n\n  // Session errors\n  if (errorCode === 'SESSION_EXPIRED') return new SessionExpiredError()\n  if (errorCode === 'FAILED_TO_CREATE_SESSION') return new FailedToCreateSessionError()\n  if (errorCode === 'FAILED_TO_GET_SESSION') return new FailedToGetSessionError()\n\n  // Email verification\n  if (errorCode === 'EMAIL_NOT_VERIFIED') return new EmailNotVerifiedError()\n  if (errorCode === 'EMAIL_CAN_NOT_BE_UPDATED') return new EmailCannotBeUpdatedError()\n\n  // Password validation\n  if (errorCode === 'PASSWORD_TOO_SHORT') return new PasswordTooShortError(8)\n  if (errorCode === 'PASSWORD_TOO_LONG') return new PasswordTooLongError(128)\n\n  // Account errors\n  if (errorCode === 'USER_ALREADY_EXISTS' || errorCode === 'USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL') {\n    return new AccountAlreadyExistsError()\n  }\n  if (errorCode === 'ACCOUNT_NOT_FOUND') return new AccountNotFoundError()\n  if (errorCode === 'CREDENTIAL_ACCOUNT_NOT_FOUND') return new CredentialAccountNotFoundError()\n  if (errorCode === 'FAILED_TO_UNLINK_LAST_ACCOUNT') return new CannotUnlinkLastAccountError()\n\n  // User creation/update errors\n  if (errorCode === 'FAILED_TO_CREATE_USER') return new FailedToCreateUserError()\n  if (errorCode === 'FAILED_TO_UPDATE_USER') return new FailedToUpdateUserError()\n  if (errorCode === 'FAILED_TO_GET_USER_INFO') return new FailedToGetUserInfoError()\n\n  // Social account errors\n  if (errorCode === 'SOCIAL_ACCOUNT_ALREADY_LINKED') return new SocialAccountLinkedError()\n  if (errorCode === 'PROVIDER_NOT_FOUND') return new ProviderNotFoundError()\n\n  // Token errors\n  if (errorCode === 'ID_TOKEN_NOT_SUPPORTED') return new IdTokenNotSupportedError()\n  if (errorCode === 'INVALID_TOKEN') return new IdTokenNotSupportedError()\n  if (errorCode === 'TOKEN_EXPIRED') return new TokenExpiredError()\n\n  // Password management\n  if (errorCode === 'USER_ALREADY_HAS_PASSWORD') return new UserAlreadyHasPasswordError()\n\n  // Unknown error code\n  return new InternalError({\n    originalError: `Better Auth error [${errorCode}]: ${error.message}`,\n    stack: error.stack,\n  })\n}\n\n/**\n * Type guard to check if an error is a Better Auth APIError\n */\nexport function isAPIError(error: unknown): error is APIError {\n  return error instanceof APIError\n}\n","import type { BetterAuthOptions } from 'better-auth'\nimport { isAPIError, mapBetterAuthError } from './better-auth-error-handler'\n\n/**\n * Get shared Better Auth error handler configuration.\n * Use this in Better Auth config's onAPIError option.\n */\nexport function getErrorHandlerConfig(): BetterAuthOptions['onAPIError'] {\n  return {\n    throw: false,\n    onError: (error) => {\n      if (isAPIError(error)) {\n        throw mapBetterAuthError(error)\n      }\n      throw error\n    },\n  }\n}\n\n/**\n * Wrap a Better Auth function in a try/catch block and map errors to ApplicationError.\n */\nexport const wrapBetterAuth = async <T>(fn: () => Promise<T>): Promise<T> => {\n  try {\n    return await fn()\n  } catch (error) {\n    if (isAPIError(error)) {\n      throw mapBetterAuthError(error)\n    }\n    throw error\n  }\n}\n","import type { Auth, BetterAuthOptions } from 'better-auth'\nimport { betterAuth } from 'better-auth'\nimport { inject } from 'tsyringe'\nimport { Transient } from 'stratal/di'\nimport { AUTH_OPTIONS, AUTH_SERVICE } from '../auth.tokens'\nimport { getErrorHandlerConfig } from '../utils'\n\n/**\n * AuthService\n *\n * Base authentication service using Better Auth.\n * Configured via AuthModule.forRootAsync() from the application layer.\n *\n * **Extensibility:**\n * Extend this class in application layer to add custom methods.\n *\n * @example\n * ```typescript\n * @Transient(AUTH_SERVICE)\n * export class AppAuthService extends AuthService<AuthOptions> {\n *   async signInMagicLink(email: string) {\n *     return wrapBetterAuth(async () => {\n *       return this.auth.api.signInMagicLink({ body: { email }, headers: new Headers() })\n *     })\n *   }\n * }\n * ```\n */\n@Transient(AUTH_SERVICE)\nexport class AuthService<TOptions extends BetterAuthOptions = BetterAuthOptions> {\n  private authInstance: Auth<TOptions>\n\n  constructor(\n    @inject(AUTH_OPTIONS) protected readonly options: TOptions\n  ) {\n    this.authInstance = betterAuth({\n      ...this.options,\n      onAPIError: getErrorHandlerConfig()\n    }) as Auth<TOptions>\n  }\n\n  /**\n   * Get the Better Auth instance\n   */\n  get auth(): Auth<TOptions> {\n    return this.authInstance\n  }\n}\n","/**\n * Auth Module\n *\n * Provides configurable authentication using Better Auth.\n * Use `forRootAsync` to configure Better Auth options from the application layer.\n *\n * @example\n * ```typescript\n * @Module({\n *   imports: [\n *     AuthModule.forRootAsync({\n *       inject: [DI_TOKENS.Database, CONFIG_TOKENS.ConfigService],\n *       useFactory: (db, config) => createAuthOptions(db, config)\n *     })\n *   ]\n * })\n * export class AppModule {}\n * ```\n */\n\nimport type { BetterAuthOptions } from 'better-auth'\nimport type { MiddlewareConfigurable, MiddlewareConsumer } from 'stratal/middleware'\nimport { Module } from 'stratal/module'\nimport type { AsyncModuleOptions, DynamicModule } from 'stratal/module'\nimport { AUTH_OPTIONS, AUTH_SERVICE } from './auth.tokens'\nimport { AuthContextMiddleware } from './middleware/auth-context.middleware'\nimport { SessionVerificationMiddleware } from './middleware/session-verification.middleware'\nimport { AuthService } from './services/auth.service'\n\n@Module({\n  providers: []\n})\nexport class AuthModule implements MiddlewareConfigurable {\n  /**\n   * Configure auth middleware.\n   *\n   * Registers middlewares in order:\n   * 1. AuthContextMiddleware - Creates and registers AuthContext in request container\n   * 2. SessionVerificationMiddleware - Verifies session and populates AuthContext with userId\n   */\n  configure(consumer: MiddlewareConsumer): void {\n    consumer\n      .apply(AuthContextMiddleware)\n      .forRoutes('*')\n\n    consumer\n      .apply(SessionVerificationMiddleware)\n      .forRoutes('*')\n  }\n\n  /**\n   * Configure AuthModule with async options factory\n   */\n  static forRootAsync<TOptions extends BetterAuthOptions>(\n    options: AsyncModuleOptions<TOptions>\n  ): DynamicModule {\n    return {\n      module: AuthModule,\n      providers: [\n        {\n          provide: AUTH_OPTIONS,\n          useFactory: options.useFactory,\n          inject: options.inject\n        },\n        {\n          provide: AUTH_SERVICE,\n          useClass: AuthService\n        }\n      ]\n    }\n  }\n}\n"],"mappings":";;;;;;;;;;;;;AACA,MAAa,eAAe,OAAO,IAAI,uBAAuB;;AAG9D,MAAa,eAAe,OAAO,IAAI,uBAAuB;;;ACQvD,IAAA,wBAAA,MAAM,sBAA4C;CACvD,MAAM,OAAO,KAAoB,MAA0C;EACzE,MAAM,mBAAmB,IAAI,cAAc;EAE3C,MAAM,cAAc,IAAI,aAAa;AACrC,mBAAiB,cAAc,UAAU,aAAa,YAAY;AAElE,QAAM,MAAM;;;oCARf,WAAW,CAAA,EAAA,sBAAA;;;ACOL,IAAA,gCAAA,MAAM,8BAAoD;CAC/D,YACE,aAEA;AADiB,OAAA,cAAA;;CAGnB,MAAM,OAAO,KAAoB,MAA0C;EACzE,MAAM,UAAU,MAAM,KAAK,YAAY,KAAK,IAAI,WAAW,EACzD,SAAS,IAAI,EAAE,IAAI,IAAI,SACxB,CAAC;AAEF,MAAI,QACkB,KAAI,cAAc,CAAC,QAAqB,UAAU,YAAY,CACtE,eAAe,EAAE,QAAQ,QAAQ,KAAK,IAAI,CAAC;AAGzD,QAAM,MAAM;;;;CAjBf,WAAW;oBAGP,OAAO,aAAa,CAAA;;;;;AClBzB,IAAa,oBAAb,cAAuC,iBAAiB;CACtD,YAAY,OAAgB;AAC1B,QAAM,4BAA4B,YAAY,SAAS,WAAW,QAAQ,EAAE,OAAO,GAAG,KAAA,EAAU;;;AAIpG,IAAa,0BAAb,cAA6C,iBAAiB;CAC5D,cAAc;AACZ,QAAM,kCAAkC,YAAY,KAAK,oBAAoB;;;AAIjF,IAAa,uBAAb,cAA0C,iBAAiB;CACzD,cAAc;AACZ,QAAM,+BAA+B,YAAY,KAAK,oBAAoB;;;AAI9E,IAAa,oBAAb,cAAuC,iBAAiB;CACtD,YAAY,OAAgB;AAC1B,QAAM,4BAA4B,YAAY,WAAW,gBAAgB,QAAQ,EAAE,OAAO,GAAG,KAAA,EAAU;;;AAI3G,IAAa,sBAAb,cAAyC,iBAAiB;CACxD,cAAc;AACZ,QAAM,8BAA8B,YAAY,KAAK,gBAAgB;;;AAIzE,IAAa,wBAAb,cAA2C,iBAAiB;CAC1D,YAAY,OAAgB;AAC1B,QAAM,gCAAgC,YAAY,KAAK,oBAAoB,QAAQ,EAAE,OAAO,GAAG,KAAA,EAAU;;;AAI7G,IAAa,wBAAb,cAA2C,iBAAiB;CAC1D,YAAY,WAAmB;AAC7B,QAAM,gCAAgC,YAAY,KAAK,oBAAoB,EAAE,WAAW,CAAC;;;AAI7F,IAAa,uBAAb,cAA0C,iBAAiB;CACzD,YAAY,WAAmB;AAC7B,QAAM,+BAA+B,YAAY,KAAK,mBAAmB,EAAE,WAAW,CAAC;;;AAI3F,IAAa,4BAAb,cAA+C,iBAAiB;CAC9D,YAAY,OAAgB;AAC1B,QAAM,oCAAoC,YAAY,KAAK,wBAAwB,QAAQ,EAAE,OAAO,GAAG,KAAA,EAAU;;;AAIrH,IAAa,0BAAb,cAA6C,iBAAiB;CAC5D,YAAY,QAAiB;AAC3B,QAAM,kCAAkC,YAAY,KAAK,uBAAuB,SAAS,EAAE,QAAQ,GAAG,KAAA,EAAU;;;AAIpH,IAAa,6BAAb,cAAgD,iBAAiB;CAC/D,YAAY,QAAiB;AAC3B,QAAM,qCAAqC,YAAY,KAAK,0BAA0B,SAAS,EAAE,QAAQ,GAAG,KAAA,EAAU;;;AAI1H,IAAa,0BAAb,cAA6C,iBAAiB;CAC5D,YAAY,QAAiB;AAC3B,QAAM,kCAAkC,YAAY,KAAK,uBAAuB,SAAS,EAAE,QAAQ,GAAG,KAAA,EAAU;;;AAIpH,IAAa,2BAAb,cAA8C,iBAAiB;CAC7D,YAAY,UAAmB;AAC7B,QAAM,mCAAmC,YAAY,KAAK,uBAAuB,WAAW,EAAE,UAAU,GAAG,KAAA,EAAU;;;AAIzH,IAAa,+BAAb,cAAkD,iBAAiB;CACjE,cAAc;AACZ,QAAM,uCAAuC,YAAY,KAAK,2BAA2B;;;AAI7F,IAAa,wBAAb,cAA2C,iBAAiB;CAC1D,YAAY,UAAmB;AAC7B,QAAM,gCAAgC,YAAY,SAAS,WAAW,WAAW,EAAE,UAAU,GAAG,KAAA,EAAU;;;AAI9G,IAAa,yBAAb,cAA4C,iBAAiB;CAC3D,cAAc;AACZ,QAAM,iCAAiC,YAAY,SAAS,UAAU;;;AAI1E,IAAa,uBAAb,cAA0C,iBAAiB;CACzD,cAAc;AACZ,QAAM,+BAA+B,YAAY,SAAS,UAAU;;;AAIxE,IAAa,iCAAb,cAAoD,iBAAiB;CACnE,cAAc;AACZ,QAAM,yCAAyC,YAAY,SAAS,UAAU;;;AAIlF,IAAa,8BAAb,cAAiD,iBAAiB;CAChE,cAAc;AACZ,QAAM,sCAAsC,YAAY,SAAS,SAAS;;;AAI9E,IAAa,4BAAb,cAA+C,iBAAiB;CAC9D,YAAY,QAAiB;AAC3B,QAAM,oCAAoC,YAAY,WAAW,SAAS,SAAS,EAAE,QAAQ,GAAG,KAAA,EAAU;;;AAI9G,IAAa,0BAAb,cAA6C,iBAAiB;CAC5D,YAAY,QAAiB;AAC3B,QAAM,kCAAkC,YAAY,OAAO,gBAAgB,SAAS,EAAE,QAAQ,GAAG,KAAA,EAAU;;;AAI/G,IAAa,2BAAb,cAA8C,iBAAiB;CAC7D,YAAY,QAAiB;AAC3B,QAAM,mCAAmC,YAAY,OAAO,gBAAgB,SAAS,EAAE,QAAQ,GAAG,KAAA,EAAU;;;AAIhH,IAAa,2BAAb,cAA8C,iBAAiB;CAC7D,cAAc;AACZ,QAAM,4BAA4B,YAAY,WAAW,QAAQ;;;AAIrE,IAAa,oBAAb,cAAuC,iBAAiB;CACtD,cAAc;AACZ,QAAM,4BAA4B,YAAY,WAAW,QAAQ;;;;;AC5IrE,IAAa,oBAAb,cAAuC,iBAAiB;CACtD,cAAc;AACZ,QAAM,4BAA4B,YAAY,KAAK,cAAc;;;;;ACFrE,IAAa,qBAAb,cAAwC,iBAAiB;CACvD,cAAc;AACZ,QAAM,6BAA6B,YAAY,WAAW,gBAAgB,EAAE,OAAO,SAAS,CAAC;;;;;ACFjG,IAAa,0BAAb,cAA6C,iBAAiB;CAC5D,cAAc;AACZ,QAAM,kCAAkC,YAAY,KAAK,oBAAoB;;;;;;;;AC+BjF,SAAgB,mBAAmB,OAAmC;CACpE,MAAM,YAAY,MAAM,MAAM;AAE9B,KAAI,MAAM,WAAW;MACH,MAAM,QACU,IAAI,WAAW,EAAE,SAAS,gBAAgB,CAGxE,QAAO,IAAI,mBAAmB;;AAIlC,KAAI,CAAC,UACH,QAAO,IAAI,cAAc;EACvB,eAAe,sBAAsB,MAAM;EAC3C,OAAO,MAAM;EACd,CAAC;AAIJ,KAAI,cAAc,iBAAkB,QAAO,IAAI,mBAAmB;AAClE,KAAI,cAAc,uBAAwB,QAAO,IAAI,wBAAwB;AAG7E,KAAI,cAAc,4BAA6B,QAAO,IAAI,yBAAyB;AACnF,KAAI,cAAc,mBAAoB,QAAO,IAAI,sBAAsB;AACvE,KAAI,cAAc,gBAAiB,QAAO,IAAI,mBAAmB;AAGjE,KAAI,cAAc,kBAAmB,QAAO,IAAI,qBAAqB;AACrE,KAAI,cAAc,2BAA4B,QAAO,IAAI,4BAA4B;AACrF,KAAI,cAAc,wBAAyB,QAAO,IAAI,yBAAyB;AAG/E,KAAI,cAAc,qBAAsB,QAAO,IAAI,uBAAuB;AAC1E,KAAI,cAAc,2BAA4B,QAAO,IAAI,2BAA2B;AAGpF,KAAI,cAAc,qBAAsB,QAAO,IAAI,sBAAsB,EAAE;AAC3E,KAAI,cAAc,oBAAqB,QAAO,IAAI,qBAAqB,IAAI;AAG3E,KAAI,cAAc,yBAAyB,cAAc,wCACvD,QAAO,IAAI,2BAA2B;AAExC,KAAI,cAAc,oBAAqB,QAAO,IAAI,sBAAsB;AACxE,KAAI,cAAc,+BAAgC,QAAO,IAAI,gCAAgC;AAC7F,KAAI,cAAc,gCAAiC,QAAO,IAAI,8BAA8B;AAG5F,KAAI,cAAc,wBAAyB,QAAO,IAAI,yBAAyB;AAC/E,KAAI,cAAc,wBAAyB,QAAO,IAAI,yBAAyB;AAC/E,KAAI,cAAc,0BAA2B,QAAO,IAAI,0BAA0B;AAGlF,KAAI,cAAc,gCAAiC,QAAO,IAAI,0BAA0B;AACxF,KAAI,cAAc,qBAAsB,QAAO,IAAI,uBAAuB;AAG1E,KAAI,cAAc,yBAA0B,QAAO,IAAI,0BAA0B;AACjF,KAAI,cAAc,gBAAiB,QAAO,IAAI,0BAA0B;AACxE,KAAI,cAAc,gBAAiB,QAAO,IAAI,mBAAmB;AAGjE,KAAI,cAAc,4BAA6B,QAAO,IAAI,6BAA6B;AAGvF,QAAO,IAAI,cAAc;EACvB,eAAe,sBAAsB,UAAU,KAAK,MAAM;EAC1D,OAAO,MAAM;EACd,CAAC;;;;;AAMJ,SAAgB,WAAW,OAAmC;AAC5D,QAAO,iBAAiB;;;;;;;;ACzG1B,SAAgB,wBAAyD;AACvE,QAAO;EACL,OAAO;EACP,UAAU,UAAU;AAClB,OAAI,WAAW,MAAM,CACnB,OAAM,mBAAmB,MAAM;AAEjC,SAAM;;EAET;;;;;AAMH,MAAa,iBAAiB,OAAU,OAAqC;AAC3E,KAAI;AACF,SAAO,MAAM,IAAI;UACV,OAAO;AACd,MAAI,WAAW,MAAM,CACnB,OAAM,mBAAmB,MAAM;AAEjC,QAAM;;;;;ACAH,IAAA,cAAA,MAAM,YAAoE;CAC/E;CAEA,YACE,SACA;AADyC,OAAA,UAAA;AAEzC,OAAK,eAAe,WAAW;GAC7B,GAAG,KAAK;GACR,YAAY,uBAAuB;GACpC,CAAC;;;;;CAMJ,IAAI,OAAuB;AACzB,SAAO,KAAK;;;;CAjBf,UAAU,aAAa;oBAKnB,OAAO,aAAa,CAAA;;;;;;ACDlB,IAAA,aAAA,cAAA,MAAM,WAA6C;;;;;;;;CAQxD,UAAU,UAAoC;AAC5C,WACG,MAAM,sBAAsB,CAC5B,UAAU,IAAI;AAEjB,WACG,MAAM,8BAA8B,CACpC,UAAU,IAAI;;;;;CAMnB,OAAO,aACL,SACe;AACf,SAAO;GACL,QAAA;GACA,WAAW,CACT;IACE,SAAS;IACT,YAAY,QAAQ;IACpB,QAAQ,QAAQ;IACjB,EACD;IACE,SAAS;IACT,UAAU;IACX,CACF;GACF;;;uCAxCJ,OAAO,EACN,WAAW,EAAE,EACd,CAAC,CAAA,EAAA,WAAA"}

package/dist/auth-context-BD2ApWg1.d.mts

@@ -0,0 +1,38 @@
+//#region src/context/auth-context.d.ts
+interface AuthInfo {
+  userId?: string;
+}
+declare class AuthContext {
+  protected userId?: string;
+  /**
+   * Set authentication context.
+   * This should be called once per request with user information.
+   */
+  setAuthContext(info: AuthInfo): void;
+  /**
+   * Get user ID if available.
+   * Returns undefined if no user is authenticated.
+   */
+  getUserId(): string | undefined;
+  /**
+   * Get user ID or throw if not authenticated.
+   * Use this when authentication is required.
+   */
+  requireUserId(): string;
+  /**
+   * Get full authentication context or throw if not initialized.
+   */
+  getAuthContext(): AuthInfo;
+  /**
+   * Check if user is authenticated.
+   */
+  isAuthenticated(): boolean;
+  /**
+   * Clear authentication context.
+   * Useful for testing or cleanup.
+   */
+  clearAuthContext(): void;
+}
+//#endregion
+export { AuthInfo as n, AuthContext as t };
+//# sourceMappingURL=auth-context-BD2ApWg1.d.mts.map

package/dist/auth-context-BD2ApWg1.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-context-BD2ApWg1.d.mts","names":[],"sources":["../src/context/auth-context.ts"],"mappings":";UAMiB,QAAA;EACf,MAAA;AAAA;AAAA,cAIW,WAAA;EAAA,UACD,MAAA;EALJ;AAGR;;;EAQE,cAAA,CAAe,IAAA,EAAM,QAAA;EANX;;;;EAcV,SAAA,CAAA;EAQA;;;;EAAA,aAAA,CAAA;EA+BgB;;;EApBhB,cAAA,CAAA,GAAkB,QAAA;;;;EAYlB,eAAA,CAAA;;;;;EAQA,gBAAA,CAAA;AAAA"}