npm - @technomoron/api-server-base - Versions diffs - 1.1.13 → 2.0.0-beta.2 - Mend

@technomoron/api-server-base 1.1.13 → 2.0.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (115) hide show

package/dist/cjs/api-server-base.cjs +181 -74
package/dist/cjs/api-server-base.d.ts +66 -29
package/dist/cjs/auth-api/auth-module.d.ts +96 -0
package/dist/cjs/auth-api/auth-module.js +1032 -0
package/dist/cjs/auth-api/compat-auth-storage.d.ts +55 -0
package/dist/cjs/auth-api/compat-auth-storage.js +116 -0
package/dist/cjs/auth-api/mem-auth-store.d.ts +66 -0
package/dist/cjs/auth-api/mem-auth-store.js +135 -0
package/dist/cjs/{auth-module.d.ts → auth-api/module.d.ts} +7 -7
package/dist/cjs/{auth-module.cjs → auth-api/module.js} +1 -1
package/dist/cjs/auth-api/sql-auth-store.d.ts +75 -0
package/dist/cjs/auth-api/sql-auth-store.js +166 -0
package/dist/cjs/auth-api/storage.d.ts +36 -0
package/dist/cjs/{auth-storage.cjs → auth-api/storage.js} +2 -2
package/dist/cjs/auth-api/types.d.ts +29 -0
package/dist/cjs/auth-api/types.js +2 -0
package/dist/cjs/index.cjs +41 -7
package/dist/cjs/index.d.ts +29 -5
package/dist/cjs/oauth/base.d.ts +10 -0
package/dist/cjs/oauth/base.js +6 -0
package/dist/cjs/oauth/memory.d.ts +16 -0
package/dist/cjs/oauth/memory.js +99 -0
package/dist/cjs/oauth/models.d.ts +45 -0
package/dist/cjs/oauth/models.js +58 -0
package/dist/cjs/oauth/sequelize.d.ts +68 -0
package/dist/cjs/oauth/sequelize.js +210 -0
package/dist/cjs/oauth/types.d.ts +50 -0
package/dist/cjs/oauth/types.js +3 -0
package/dist/cjs/passkey/base.d.ts +15 -0
package/dist/cjs/passkey/base.js +6 -0
package/dist/cjs/passkey/memory.d.ts +26 -0
package/dist/cjs/passkey/memory.js +82 -0
package/dist/cjs/passkey/models.d.ts +25 -0
package/dist/cjs/passkey/models.js +115 -0
package/dist/cjs/passkey/sequelize.d.ts +54 -0
package/dist/cjs/passkey/sequelize.js +211 -0
package/dist/cjs/passkey/service.d.ts +17 -0
package/dist/cjs/passkey/service.js +221 -0
package/dist/cjs/passkey/types.d.ts +75 -0
package/dist/cjs/passkey/types.js +2 -0
package/dist/cjs/token/base.d.ts +38 -0
package/dist/cjs/token/base.js +114 -0
package/dist/cjs/token/memory.d.ts +19 -0
package/dist/cjs/token/memory.js +149 -0
package/dist/cjs/token/sequelize.d.ts +58 -0
package/dist/cjs/token/sequelize.js +404 -0
package/dist/cjs/token/types.d.ts +27 -0
package/dist/cjs/token/types.js +2 -0
package/dist/cjs/user/base.d.ts +26 -0
package/dist/cjs/user/base.js +45 -0
package/dist/cjs/user/memory.d.ts +35 -0
package/dist/cjs/user/memory.js +173 -0
package/dist/cjs/user/sequelize.d.ts +41 -0
package/dist/cjs/user/sequelize.js +182 -0
package/dist/cjs/user/types.d.ts +11 -0
package/dist/cjs/user/types.js +2 -0
package/dist/esm/api-server-base.d.ts +66 -29
package/dist/esm/api-server-base.js +179 -72
package/dist/esm/auth-api/auth-module.d.ts +96 -0
package/dist/esm/auth-api/auth-module.js +1030 -0
package/dist/esm/auth-api/compat-auth-storage.d.ts +55 -0
package/dist/esm/auth-api/compat-auth-storage.js +112 -0
package/dist/esm/auth-api/mem-auth-store.d.ts +66 -0
package/dist/esm/auth-api/mem-auth-store.js +131 -0
package/dist/esm/{auth-module.d.ts → auth-api/module.d.ts} +7 -7
package/dist/esm/{auth-module.js → auth-api/module.js} +1 -1
package/dist/esm/auth-api/sql-auth-store.d.ts +75 -0
package/dist/esm/auth-api/sql-auth-store.js +162 -0
package/dist/esm/auth-api/storage.d.ts +36 -0
package/dist/esm/{auth-storage.js → auth-api/storage.js} +2 -2
package/dist/esm/auth-api/types.d.ts +29 -0
package/dist/esm/auth-api/types.js +1 -0
package/dist/esm/index.d.ts +29 -5
package/dist/esm/index.js +19 -2
package/dist/esm/oauth/base.d.ts +10 -0
package/dist/esm/oauth/base.js +2 -0
package/dist/esm/oauth/memory.d.ts +16 -0
package/dist/esm/oauth/memory.js +92 -0
package/dist/esm/oauth/models.d.ts +45 -0
package/dist/esm/oauth/models.js +51 -0
package/dist/esm/oauth/sequelize.d.ts +68 -0
package/dist/esm/oauth/sequelize.js +199 -0
package/dist/esm/oauth/types.d.ts +50 -0
package/dist/esm/oauth/types.js +2 -0
package/dist/esm/passkey/base.d.ts +15 -0
package/dist/esm/passkey/base.js +2 -0
package/dist/esm/passkey/memory.d.ts +26 -0
package/dist/esm/passkey/memory.js +78 -0
package/dist/esm/passkey/models.d.ts +25 -0
package/dist/esm/passkey/models.js +108 -0
package/dist/esm/passkey/sequelize.d.ts +54 -0
package/dist/esm/passkey/sequelize.js +207 -0
package/dist/esm/passkey/service.d.ts +17 -0
package/dist/esm/passkey/service.js +217 -0
package/dist/esm/passkey/types.d.ts +75 -0
package/dist/esm/passkey/types.js +1 -0
package/dist/esm/token/base.d.ts +38 -0
package/dist/esm/token/base.js +107 -0
package/dist/esm/token/memory.d.ts +19 -0
package/dist/esm/token/memory.js +145 -0
package/dist/esm/token/sequelize.d.ts +58 -0
package/dist/esm/token/sequelize.js +400 -0
package/dist/esm/token/types.d.ts +27 -0
package/dist/esm/token/types.js +1 -0
package/dist/esm/user/base.d.ts +26 -0
package/dist/esm/user/base.js +38 -0
package/dist/esm/user/memory.d.ts +35 -0
package/dist/esm/user/memory.js +169 -0
package/dist/esm/user/sequelize.d.ts +41 -0
package/dist/esm/user/sequelize.js +176 -0
package/dist/esm/user/types.d.ts +11 -0
package/dist/esm/user/types.js +1 -0
package/package.json +11 -3
package/dist/cjs/auth-storage.d.ts +0 -133
package/dist/esm/auth-storage.d.ts +0 -133

package/dist/cjs/token/memory.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { TokenStore } from './base.js';
+import type { Token } from './types.js';
+export declare class MemoryTokenStore extends TokenStore {
+    private readonly tokens;
+    save(record: Token): Promise<void>;
+    get(query: Partial<Token>, opts?: {
+        includeExpired?: boolean;
+    }): Promise<Token | null>;
+    delete(query: Partial<Token>): Promise<number>;
+    update(params: Partial<Token> & {
+        refreshToken: string;
+    }): Promise<boolean>;
+    list(userId: string | number, opts?: {
+        limit?: number;
+        offset?: number;
+        includeExpired?: boolean;
+    }): Promise<Token[]>;
+    close(): Promise<void>;
+}

package/dist/cjs/token/memory.js ADDED Viewed

@@ -0,0 +1,149 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MemoryTokenStore = void 0;
+const base_js_1 = require("./base.js");
+function comparableUserId(value) {
+    if (value === undefined || value === null) {
+        return undefined;
+    }
+    return String(value);
+}
+function cloneToken(record) {
+    // this.normalizeToken is not available in static context; caller passes through instance.
+    // cloning handled via store instance methods.
+    const normalized = record;
+    return {
+        ...normalized,
+        scope: normalized.scope ? [...normalized.scope] : undefined
+    };
+}
+function matchesQuery(record, query, includeExpired) {
+    if (query.refreshToken && record.refreshToken !== query.refreshToken) {
+        return false;
+    }
+    if (query.accessToken && record.accessToken !== query.accessToken) {
+        return false;
+    }
+    if (query.userId !== undefined && comparableUserId(record.userId) !== comparableUserId(query.userId)) {
+        return false;
+    }
+    if (query.clientId && record.clientId !== query.clientId) {
+        return false;
+    }
+    if (query.domain !== undefined && (record.domain ?? '') !== (query.domain ?? '')) {
+        return false;
+    }
+    if (query.fingerprint !== undefined && (record.fingerprint ?? '') !== (query.fingerprint ?? '')) {
+        return false;
+    }
+    if (query.loginType !== undefined && record.loginType !== (query.loginType ?? undefined)) {
+        return false;
+    }
+    if (query.label && record.label !== query.label) {
+        return false;
+    }
+    if (!includeExpired && (record.expires ?? new Date(0)).getTime() < Date.now()) {
+        return false;
+    }
+    return true;
+}
+class MemoryTokenStore extends base_js_1.TokenStore {
+    constructor() {
+        super(...arguments);
+        this.tokens = [];
+    }
+    async save(record) {
+        const stored = this.normalizeToken(record);
+        const normalizedUserId = comparableUserId(stored.userId);
+        const domainProvided = record.domain !== undefined;
+        const fingerprintProvided = record.fingerprint !== undefined;
+        for (let index = this.tokens.length - 1; index >= 0; index -= 1) {
+            const existing = this.tokens[index];
+            if (comparableUserId(existing.userId) !== normalizedUserId) {
+                continue;
+            }
+            if (record.clientId && existing.clientId !== record.clientId) {
+                continue;
+            }
+            if (domainProvided && existing.domain !== stored.domain) {
+                continue;
+            }
+            if (fingerprintProvided && existing.fingerprint !== stored.fingerprint) {
+                continue;
+            }
+            this.tokens.splice(index, 1);
+        }
+        this.tokens.push(stored);
+    }
+    async get(query, opts) {
+        if (!query.refreshToken && !query.accessToken && query.userId === undefined) {
+            throw new Error('At least one token lookup field must be provided');
+        }
+        const includeExpired = opts?.includeExpired ?? false;
+        const record = this.tokens.find((token) => matchesQuery(token, query, includeExpired));
+        return record ? cloneToken(record) : null;
+    }
+    async delete(query) {
+        if (!query.refreshToken && !query.accessToken && query.userId === undefined && !query.clientId) {
+            return 0;
+        }
+        let removed = 0;
+        for (let index = this.tokens.length - 1; index >= 0; index -= 1) {
+            if (matchesQuery(this.tokens[index], query, true)) {
+                this.tokens.splice(index, 1);
+                removed += 1;
+            }
+        }
+        return removed;
+    }
+    async update(params) {
+        const token = this.tokens.find((record) => {
+            if (record.refreshToken !== params.refreshToken) {
+                return false;
+            }
+            if (params.clientId && record.clientId !== params.clientId) {
+                return false;
+            }
+            return true;
+        });
+        if (!token) {
+            return false;
+        }
+        const merged = { ...token };
+        const maybeAssign = (key) => {
+            const value = params[key];
+            if (value !== undefined) {
+                merged[key] = value;
+            }
+        };
+        maybeAssign('accessToken');
+        maybeAssign('expires');
+        maybeAssign('scope');
+        maybeAssign('label');
+        maybeAssign('domain');
+        maybeAssign('fingerprint');
+        maybeAssign('browser');
+        maybeAssign('device');
+        maybeAssign('ip');
+        maybeAssign('os');
+        maybeAssign('refreshTtlSeconds');
+        maybeAssign('loginType');
+        maybeAssign('issuedAt');
+        maybeAssign('lastSeenAt');
+        maybeAssign('sessionCookie');
+        const normalized = this.normalizeToken(merged);
+        Object.assign(token, normalized);
+        return true;
+    }
+    async list(userId, opts = {}) {
+        const includeExpired = opts.includeExpired ?? false;
+        const filtered = this.tokens.filter((token) => matchesQuery(token, { userId: comparableUserId(userId) }, includeExpired));
+        const offset = opts.offset ?? 0;
+        const limit = opts.limit ?? filtered.length;
+        return filtered.slice(offset, offset + limit).map(cloneToken);
+    }
+    async close() {
+        return;
+    }
+}
+exports.MemoryTokenStore = MemoryTokenStore;

package/dist/cjs/token/sequelize.d.ts ADDED Viewed

@@ -0,0 +1,58 @@
+import { CreationOptional, Model, type InferAttributes, type InferCreationAttributes, type ModelStatic, type Sequelize } from 'sequelize';
+import { TokenStore } from './base.js';
+import type { Token } from './types.js';
+declare class TokenModel extends Model<InferAttributes<TokenModel>, InferCreationAttributes<TokenModel>> implements InferAttributes<TokenModel> {
+    token_id: CreationOptional<number>;
+    user_id: string;
+    real_user_id: CreationOptional<string | null>;
+    expires: Date;
+    issued_at: CreationOptional<Date>;
+    last_seen_at: CreationOptional<Date>;
+    access: string;
+    refresh: string;
+    domain: CreationOptional<string>;
+    fingerprint: CreationOptional<string>;
+    label: CreationOptional<string>;
+    browser: CreationOptional<string>;
+    device: CreationOptional<string>;
+    ip: CreationOptional<string>;
+    os: CreationOptional<string>;
+    client_id: CreationOptional<string | null>;
+    scope: CreationOptional<string>;
+    login_type: CreationOptional<string>;
+    refresh_ttl_seconds: CreationOptional<number | null>;
+    session_cookie: CreationOptional<boolean>;
+}
+export type TokenAttributes = InferAttributes<TokenModel>;
+export type TokenCreationAttributes = InferCreationAttributes<TokenModel>;
+export interface SequelizeTokenStoreOptions {
+    sequelize: Sequelize;
+    tokenModel?: ModelStatic<TokenModel>;
+    tokenModelFactory?: (sequelize: Sequelize) => ModelStatic<TokenModel>;
+}
+export declare class SequelizeTokenStore extends TokenStore {
+    readonly Tokens: ModelStatic<TokenModel>;
+    constructor(options: SequelizeTokenStoreOptions);
+    save(record: Token): Promise<void>;
+    get(query: Partial<Token>, opts?: {
+        includeExpired?: boolean;
+    }): Promise<Token | null>;
+    delete(query: Partial<Token>): Promise<number>;
+    update(params: Partial<Token> & {
+        refreshToken: string;
+    }): Promise<boolean>;
+    list(userId: string | number, opts?: {
+        limit?: number;
+        offset?: number;
+        includeExpired?: boolean;
+    }): Promise<Token[]>;
+    close(): Promise<void>;
+    private normalizeUserId;
+    private resolveRealUserId;
+    private encodeStringArray;
+    private decodeStringArray;
+    private encodeScope;
+    private decodeScope;
+    private toTokenRecord;
+}
+export {};

package/dist/cjs/token/sequelize.js ADDED Viewed

@@ -0,0 +1,404 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SequelizeTokenStore = void 0;
+const sequelize_1 = require("sequelize");
+const base_js_1 = require("./base.js");
+const DIALECTS_SUPPORTING_UNSIGNED = new Set(['mysql', 'mariadb']);
+class TokenModel extends sequelize_1.Model {
+}
+function tokenTableOptions(sequelize) {
+    const opts = {
+        sequelize,
+        tableName: 'jwttokens',
+        timestamps: false
+    };
+    if (DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect())) {
+        opts.charset = 'utf8mb4';
+        opts.collate = 'utf8mb4_unicode_ci';
+    }
+    return opts;
+}
+function initTokenModel(sequelize) {
+    TokenModel.init({
+        token_id: {
+            type: DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect())
+                ? sequelize_1.DataTypes.INTEGER.UNSIGNED
+                : sequelize_1.DataTypes.INTEGER,
+            autoIncrement: true,
+            allowNull: false,
+            primaryKey: true
+        },
+        user_id: {
+            type: sequelize_1.DataTypes.STRING(191),
+            allowNull: false
+        },
+        real_user_id: {
+            type: sequelize_1.DataTypes.STRING(191),
+            allowNull: true,
+            defaultValue: null
+        },
+        expires: {
+            type: sequelize_1.DataTypes.DATE,
+            allowNull: false
+        },
+        issued_at: {
+            type: sequelize_1.DataTypes.DATE,
+            allowNull: false,
+            defaultValue: sequelize_1.DataTypes.NOW
+        },
+        last_seen_at: {
+            type: sequelize_1.DataTypes.DATE,
+            allowNull: false,
+            defaultValue: sequelize_1.DataTypes.NOW
+        },
+        access: {
+            type: sequelize_1.DataTypes.STRING(512),
+            allowNull: false
+        },
+        refresh: {
+            type: sequelize_1.DataTypes.STRING(512),
+            allowNull: false
+        },
+        domain: {
+            type: sequelize_1.DataTypes.STRING(64),
+            allowNull: false,
+            defaultValue: ''
+        },
+        fingerprint: {
+            type: sequelize_1.DataTypes.STRING(64),
+            allowNull: false,
+            defaultValue: ''
+        },
+        label: {
+            type: sequelize_1.DataTypes.STRING(128),
+            allowNull: false,
+            defaultValue: ''
+        },
+        browser: {
+            type: sequelize_1.DataTypes.STRING(64),
+            allowNull: false,
+            defaultValue: ''
+        },
+        device: {
+            type: sequelize_1.DataTypes.STRING(64),
+            allowNull: false,
+            defaultValue: ''
+        },
+        ip: {
+            type: sequelize_1.DataTypes.STRING(45),
+            allowNull: false,
+            defaultValue: ''
+        },
+        os: {
+            type: sequelize_1.DataTypes.STRING(64),
+            allowNull: false,
+            defaultValue: ''
+        },
+        login_type: {
+            type: sequelize_1.DataTypes.STRING(64),
+            allowNull: false,
+            defaultValue: ''
+        },
+        refresh_ttl_seconds: {
+            type: sequelize_1.DataTypes.INTEGER,
+            allowNull: true,
+            defaultValue: null
+        },
+        session_cookie: {
+            type: sequelize_1.DataTypes.BOOLEAN,
+            allowNull: false,
+            defaultValue: false
+        },
+        client_id: {
+            type: sequelize_1.DataTypes.STRING(128),
+            allowNull: true,
+            defaultValue: null
+        },
+        scope: {
+            type: sequelize_1.DataTypes.TEXT,
+            allowNull: false,
+            defaultValue: '[]'
+        }
+    }, {
+        ...tokenTableOptions(sequelize),
+        indexes: [
+            { name: 'jwt_access_unique', unique: true, fields: ['access'] },
+            { name: 'jwt_refresh_unique', unique: true, fields: ['refresh'] }
+        ]
+    });
+    return TokenModel;
+}
+class SequelizeTokenStore extends base_js_1.TokenStore {
+    constructor(options) {
+        super();
+        if (!options?.sequelize) {
+            throw new Error('SequelizeTokenStore requires an initialised Sequelize instance');
+        }
+        this.Tokens = options.tokenModel ?? (options.tokenModelFactory ?? initTokenModel)(options.sequelize);
+    }
+    async save(record) {
+        const normalized = this.normalizeToken(record);
+        const resolvedUserId = this.normalizeUserId(normalized.userId);
+        const resolvedRealUserId = this.resolveRealUserId(normalized.ruid);
+        const domain = normalized.domain;
+        const fingerprint = normalized.fingerprint;
+        const browser = normalized.browser;
+        const device = normalized.device;
+        const ip = normalized.ip;
+        const os = normalized.os;
+        const label = normalized.label;
+        const loginType = normalized.loginType ?? '';
+        const refreshTtlSeconds = typeof normalized.refreshTtlSeconds === 'number' && normalized.refreshTtlSeconds > 0
+            ? Math.floor(normalized.refreshTtlSeconds)
+            : null;
+        const issuedAt = normalized.issuedAt ?? new Date();
+        const lastSeenAt = normalized.lastSeenAt ?? issuedAt;
+        const sessionCookie = normalized.sessionCookie ?? false;
+        const removalWhere = { user_id: resolvedUserId };
+        if (normalized.domain !== undefined && record.domain !== undefined) {
+            removalWhere.domain = domain;
+        }
+        if (normalized.fingerprint !== undefined && record.fingerprint !== undefined) {
+            removalWhere.fingerprint = fingerprint;
+        }
+        if (normalized.clientId) {
+            removalWhere.client_id = normalized.clientId;
+        }
+        await this.Tokens.destroy({ where: removalWhere });
+        await this.Tokens.create({
+            user_id: resolvedUserId,
+            real_user_id: resolvedRealUserId,
+            access: normalized.accessToken ?? '',
+            refresh: normalized.refreshToken,
+            expires: normalized.expires,
+            issued_at: issuedAt,
+            last_seen_at: lastSeenAt,
+            domain,
+            fingerprint,
+            label,
+            browser,
+            device,
+            ip,
+            os,
+            client_id: normalized.clientId ?? null,
+            scope: this.encodeScope(normalized.scope),
+            login_type: loginType,
+            refresh_ttl_seconds: refreshTtlSeconds,
+            session_cookie: sessionCookie
+        });
+    }
+    async get(query, opts) {
+        if (!query.refreshToken && !query.accessToken && query.userId === undefined) {
+            throw new Error('At least one token lookup field must be provided');
+        }
+        const where = {};
+        if (query.refreshToken) {
+            where.refresh = query.refreshToken;
+        }
+        if (query.accessToken) {
+            where.access = query.accessToken;
+        }
+        if (query.userId !== undefined) {
+            where.user_id = this.normalizeUserId(query.userId);
+        }
+        if (query.clientId) {
+            where.client_id = query.clientId;
+        }
+        if (query.domain !== undefined && query.domain !== null) {
+            where.domain = query.domain;
+        }
+        if (query.fingerprint !== undefined && query.fingerprint !== null) {
+            where.fingerprint = query.fingerprint;
+        }
+        if (query.label) {
+            where.label = query.label;
+        }
+        if (!(opts?.includeExpired ?? false)) {
+            where.expires = { [sequelize_1.Op.gt]: new Date() };
+        }
+        const model = await this.Tokens.findOne({ where });
+        return model ? this.toTokenRecord(model) : null;
+    }
+    async delete(query) {
+        if (!query.refreshToken && !query.accessToken && query.userId === undefined && !query.clientId) {
+            return 0;
+        }
+        const where = {};
+        if (query.refreshToken) {
+            where.refresh = query.refreshToken;
+        }
+        if (query.accessToken) {
+            where.access = query.accessToken;
+        }
+        if (query.userId !== undefined) {
+            where.user_id = this.normalizeUserId(query.userId);
+        }
+        if (query.clientId) {
+            where.client_id = query.clientId;
+        }
+        if (query.domain !== undefined && query.domain !== null) {
+            where.domain = query.domain;
+        }
+        if (query.fingerprint !== undefined && query.fingerprint !== null) {
+            where.fingerprint = query.fingerprint;
+        }
+        if (query.label) {
+            where.label = query.label;
+        }
+        return this.Tokens.destroy({ where });
+    }
+    async update(params) {
+        const where = { refresh: params.refreshToken };
+        if (params.clientId) {
+            where.client_id = params.clientId;
+        }
+        const updates = {};
+        if (params.accessToken !== undefined) {
+            updates.access = params.accessToken ?? null;
+        }
+        if (params.expires !== undefined) {
+            updates.expires = params.expires ?? null;
+        }
+        if (params.scope !== undefined) {
+            updates.scope = this.encodeScope(params.scope);
+        }
+        if (params.label !== undefined) {
+            updates.label = params.label ?? '';
+        }
+        if (params.domain !== undefined) {
+            updates.domain = params.domain ?? '';
+        }
+        if (params.fingerprint !== undefined) {
+            updates.fingerprint = params.fingerprint ?? '';
+        }
+        if (params.browser !== undefined) {
+            updates.browser = params.browser ?? '';
+        }
+        if (params.device !== undefined) {
+            updates.device = params.device ?? '';
+        }
+        if (params.ip !== undefined) {
+            updates.ip = params.ip ?? '';
+        }
+        if (params.os !== undefined) {
+            updates.os = params.os ?? '';
+        }
+        if (params.refreshTtlSeconds !== undefined) {
+            updates.refresh_ttl_seconds =
+                typeof params.refreshTtlSeconds === 'number' && params.refreshTtlSeconds > 0
+                    ? Math.floor(params.refreshTtlSeconds)
+                    : null;
+        }
+        if (params.loginType !== undefined) {
+            updates.login_type = params.loginType ?? '';
+        }
+        if (params.sessionCookie !== undefined) {
+            updates.session_cookie = params.sessionCookie;
+        }
+        if (params.issuedAt !== undefined) {
+            updates.issued_at = params.issuedAt ?? null;
+        }
+        if (params.lastSeenAt !== undefined) {
+            updates.last_seen_at = params.lastSeenAt ?? null;
+        }
+        if (Object.keys(updates).length === 0) {
+            return false;
+        }
+        const [updated] = await this.Tokens.update(updates, { where });
+        return updated > 0;
+    }
+    async list(userId, opts = {}) {
+        const where = { user_id: this.normalizeUserId(userId) };
+        if (!(opts.includeExpired ?? false)) {
+            where.expires = { [sequelize_1.Op.gt]: new Date() };
+        }
+        const models = await this.Tokens.findAll({
+            where,
+            order: [['issued_at', 'DESC']],
+            limit: opts.limit,
+            offset: opts.offset
+        });
+        return models.map((model) => this.toTokenRecord(model));
+    }
+    async close() {
+        return;
+    }
+    normalizeUserId(identifier) {
+        if (identifier === undefined || identifier === null) {
+            throw new Error(`Unable to normalise user identifier: ${identifier}`);
+        }
+        return String(identifier);
+    }
+    resolveRealUserId(ruid) {
+        if (ruid === undefined || ruid === null) {
+            return null;
+        }
+        const value = String(ruid);
+        if (value.length === 0 || value === '0') {
+            return null;
+        }
+        return value;
+    }
+    encodeStringArray(values) {
+        return JSON.stringify(values ?? []);
+    }
+    decodeStringArray(raw) {
+        if (!raw) {
+            return [];
+        }
+        try {
+            const parsed = JSON.parse(raw);
+            if (Array.isArray(parsed)) {
+                return parsed.filter((entry) => typeof entry === 'string' && entry.length > 0);
+            }
+        }
+        catch {
+            // ignore malformed values
+        }
+        return raw
+            .split(/\s+/)
+            .map((entry) => entry.trim())
+            .filter((entry) => entry.length > 0);
+    }
+    encodeScope(scope) {
+        if (!scope || (Array.isArray(scope) && scope.length === 0)) {
+            return '[]';
+        }
+        if (Array.isArray(scope)) {
+            return this.encodeStringArray(scope);
+        }
+        return this.encodeStringArray(scope.split(/\s+/).filter((entry) => entry.length > 0));
+    }
+    decodeScope(raw) {
+        return this.decodeStringArray(raw);
+    }
+    toTokenRecord(model) {
+        const scope = this.decodeScope(model.scope);
+        const normalized = this.normalizeToken({
+            userId: model.user_id,
+            refreshToken: model.refresh,
+            accessToken: model.access,
+            expires: model.expires,
+            issuedAt: model.issued_at,
+            lastSeenAt: model.last_seen_at,
+            domain: model.domain,
+            fingerprint: model.fingerprint,
+            label: model.label,
+            browser: model.browser,
+            device: model.device,
+            ip: model.ip,
+            os: model.os,
+            clientId: model.client_id ?? undefined,
+            scope,
+            loginType: model.login_type || undefined,
+            refreshTtlSeconds: model.refresh_ttl_seconds ?? undefined,
+            ruid: model.real_user_id ?? undefined,
+            sessionCookie: model.session_cookie
+        });
+        return {
+            ...normalized,
+            scope: normalized.scope ? [...normalized.scope] : undefined
+        };
+    }
+}
+exports.SequelizeTokenStore = SequelizeTokenStore;

package/dist/cjs/token/types.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+export type TokenStatus = 'active' | 'expired' | 'revoked';
+export interface Token {
+    accessToken: string;
+    refreshToken: string;
+    userId: string;
+    expires?: Date;
+    issuedAt?: Date;
+    lastSeenAt?: Date;
+    status?: TokenStatus;
+    ruid?: string;
+    clientId?: string;
+    domain?: string;
+    fingerprint?: string;
+    label?: string;
+    browser?: string;
+    device?: string;
+    ip?: string;
+    os?: string;
+    scope?: string | string[];
+    loginType?: string;
+    refreshTtlSeconds?: number;
+    sessionCookie?: boolean;
+}
+export interface TokenPair {
+    accessToken: string;
+    refreshToken: string;
+}

package/dist/cjs/token/types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/cjs/user/base.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import type { CreateUserInput, PublicUserMapper, UpdateUserInput } from './types.js';
+import type { AuthIdentifier } from '../auth-api/types.js';
+export declare abstract class UserStore<User, PublicUser> {
+    protected readonly toPublicUser: PublicUserMapper<User, PublicUser>;
+    private readonly bcryptRounds;
+    private readonly bcryptPepper?;
+    constructor(opts?: {
+        toPublic?: PublicUserMapper<User, PublicUser>;
+        bcryptRounds?: number;
+        bcryptPepper?: string;
+    });
+    protected hashPassword(plain: string): Promise<string>;
+    verifyPassword(plain: string, hashed: string): Promise<boolean>;
+    protected normalizeUserInput(input: Partial<CreateUserInput>): CreateUserInput;
+    abstract findUser(identifier: AuthIdentifier | string): Promise<User | null>;
+    abstract findById(id: AuthIdentifier): Promise<User | null>;
+    abstract findByLoginOrEmail(loginOrEmail: string): Promise<User | null>;
+    abstract createUser(input: CreateUserInput): Promise<User>;
+    abstract upsertUser(input: CreateUserInput): Promise<User>;
+    abstract updateUser(id: AuthIdentifier, patch: UpdateUserInput): Promise<User>;
+    abstract setPasswordHash(id: AuthIdentifier, hash: string): Promise<void>;
+    abstract getPasswordHash(user: User): string | null;
+    abstract getUserId(user: User): AuthIdentifier;
+    toPublic(user: User): PublicUser;
+}
+export type { CreateUserInput, UpdateUserInput, PublicUserMapper } from './types.js';