@technomoron/api-server-base 2.0.0-beta.14 → 2.0.0-beta.15

package/dist/cjs/api-module.d.ts

@@ -1,5 +1,6 @@
 import type { ApiRequest } from './api-server-base.js';
-export type ApiHandler = (apiReq: ApiRequest) => Promise<[number] | [number, any] | [number, any, string]>;
+export type ApiHandlerResult<Data = unknown> = [number] | [number, Data] | [number, Data, string];
+export type ApiHandler<Data = unknown> = (apiReq: ApiRequest) => Promise<ApiHandlerResult<Data>>;
 export type ApiAuthType = 'none' | 'maybe' | 'yes' | 'strict' | 'apikey';
 export type ApiAuthClass = 'any' | 'admin';
 export interface ApiKey {
@@ -14,7 +15,7 @@ export type ApiRoute = {
         req: ApiAuthClass;
     };
 };
-export declare class ApiModule<T> {
+export declare class ApiModule<T = unknown> {
     server: T;
     namespace: string;
     mountpath: string;

package/dist/cjs/api-server-base.cjs

@@ -49,11 +49,14 @@ function guess_exception_text(error, defMsg = 'Unknown Error') {
         msg.push(error);
     }
     else if (error && typeof error === 'object') {
-        if (typeof error.message === 'string' && error.message.trim() !== '') {
-            msg.push(error.message);
+        const errorDetails = error;
+        if (typeof errorDetails.message === 'string' && errorDetails.message.trim() !== '') {
+            msg.push(errorDetails.message);
         }
-        if (error.parent && typeof error.parent.message === 'string' && error.parent.message.trim() !== '') {
-            msg.push(error.parent.message);
+        if (errorDetails.parent &&
+            typeof errorDetails.parent.message === 'string' &&
+            errorDetails.parent.message.trim() !== '') {
+            msg.push(errorDetails.parent.message);
         }
     }
     return msg.length > 0 ? msg.join(' / ') : defMsg;
@@ -367,6 +370,7 @@ function fillConfig(config) {
 class ApiServer {
     constructor(config = {}) {
         this.currReq = null;
+        this.serverAuthAdapter = null;
         this.apiNotFoundHandler = null;
         this.tokenStoreAdapter = null;
         this.userStoreAdapter = null;
@@ -387,7 +391,7 @@ class ApiServer {
             this.passkeyServiceAdapter = passkeyService ?? null;
             this.oauthStoreAdapter = oauthStore ?? null;
             this.canImpersonateAdapter = canImpersonate ?? null;
-            this.storageAdapter = this;
+            this.storageAdapter = this.getServerAuthAdapter();
         }
         this.app = (0, express_1.default)();
         if (config.uploadPath) {
@@ -428,9 +432,9 @@ class ApiServer {
     }
     setTokenStore(store) {
         this.tokenStoreAdapter = store;
-        // If using direct stores, expose self as the auth storage.
+        // If using direct stores, expose the server-backed auth adapter.
         if (this.userStoreAdapter) {
-            this.storageAdapter = this;
+            this.storageAdapter = this.getServerAuthAdapter();
         }
         return this;
     }
@@ -467,6 +471,33 @@ class ApiServer {
         }
         return this.oauthStoreAdapter;
     }
+    getServerAuthAdapter() {
+        if (this.serverAuthAdapter) {
+            return this.serverAuthAdapter;
+        }
+        const server = this;
+        this.serverAuthAdapter = {
+            getUser: (identifier) => server.getUser(identifier),
+            getUserPasswordHash: (user) => server.getUserPasswordHash(user),
+            getUserId: (user) => server.getUserId(user),
+            filterUser: (user) => server.filterUser(user),
+            verifyPassword: (password, hash) => server.verifyPassword(password, hash),
+            storeToken: (data) => server.storeToken(data),
+            getToken: (query, opts) => server.getToken(query, opts),
+            deleteToken: (query) => server.deleteToken(query),
+            updateToken: (updates) => server.updateToken(updates),
+            createPasskeyChallenge: (params) => server.createPasskeyChallenge(params),
+            verifyPasskeyResponse: (params) => server.verifyPasskeyResponse(params),
+            listUserCredentials: (userId) => server.listUserCredentials(userId),
+            deletePasskeyCredential: (credentialId) => server.deletePasskeyCredential(credentialId),
+            getClient: (clientId) => server.getClient(clientId),
+            verifyClientSecret: (client, clientSecret) => server.verifyClientSecret(client, clientSecret),
+            createAuthCode: (request) => server.createAuthCode(request),
+            consumeAuthCode: (code, clientId) => server.consumeAuthCode(code, clientId),
+            canImpersonate: (params) => server.canImpersonate(params)
+        };
+        return this.serverAuthAdapter;
+    }
     // AuthAdapter-compatible helpers (used by AuthModule)
     async getUser(identifier) {
         return this.userStoreAdapter ? this.userStoreAdapter.findUser(identifier) : null;
@@ -487,8 +518,9 @@ class ApiServer {
         if (this.tokenStoreAdapter) {
             return this.tokenStoreAdapter.save(data);
         }
-        if (typeof this.storageAdapter.storeToken === 'function') {
-            return this.storageAdapter.storeToken(data);
+        const storage = this.storageAdapter;
+        if (typeof storage.storeToken === 'function') {
+            return storage.storeToken(data);
         }
         throw new Error('Token store is not configured');
     }
@@ -501,8 +533,9 @@ class ApiServer {
         if (this.tokenStoreAdapter) {
             return this.tokenStoreAdapter.get(normalized, opts);
         }
-        if (typeof this.storageAdapter.getToken === 'function') {
-            return this.storageAdapter.getToken(normalized, opts);
+        const storage = this.storageAdapter;
+        if (typeof storage.getToken === 'function') {
+            return storage.getToken(normalized, opts);
         }
         return null;
     }
@@ -515,8 +548,9 @@ class ApiServer {
         if (this.tokenStoreAdapter) {
             return this.tokenStoreAdapter.delete(normalized);
         }
-        if (typeof this.storageAdapter.deleteToken === 'function') {
-            return this.storageAdapter.deleteToken(normalized);
+        const storage = this.storageAdapter;
+        if (typeof storage.deleteToken === 'function') {
+            return storage.deleteToken(normalized);
         }
         return 0;
     }
@@ -589,8 +623,9 @@ class ApiServer {
         if (this.tokenStoreAdapter) {
             return this.tokenStoreAdapter.update(updates);
         }
-        if (typeof this.storageAdapter.updateToken === 'function') {
-            return this.storageAdapter.updateToken(updates);
+        const storage = this.storageAdapter;
+        if (typeof storage.updateToken === 'function') {
+            return storage.updateToken(updates);
         }
         return false;
     }
@@ -723,7 +758,7 @@ class ApiServer {
         if (!this.apiNotFoundHandler) {
             return;
         }
-        const stack = this.app?._router?.stack;
+        const stack = this.app._router?.stack;
         if (!stack) {
             return;
         }
@@ -1216,7 +1251,8 @@ class ApiServer {
     api(module) {
         const router = express_1.default.Router();
         module.server = this;
-        if (module?.moduleType === 'auth') {
+        const moduleType = module.moduleType;
+        if (moduleType === 'auth') {
             this.authModule(module);
         }
         module.checkConfig();
@@ -1226,7 +1262,20 @@ class ApiServer {
         module.mountpath = mountPath;
         module.defineRoutes().forEach((r) => {
             const handler = this.handle_request(r.handler, r.auth);
-            router[r.method](r.path, handler);
+            switch (r.method) {
+                case 'get':
+                    router.get(r.path, handler);
+                    break;
+                case 'post':
+                    router.post(r.path, handler);
+                    break;
+                case 'put':
+                    router.put(r.path, handler);
+                    break;
+                case 'delete':
+                    router.delete(r.path, handler);
+                    break;
+            }
             if (this.config.debug) {
                 console.log(`Adding ${mountPath}${r.path} (${r.method.toUpperCase()})`);
             }

package/dist/cjs/api-server-base.d.ts

@@ -6,7 +6,7 @@
  */
 import { Application, Request, Response, type ErrorRequestHandler, type RequestHandler } from 'express';
 import { ApiModule } from './api-module.js';
-import { TokenStore, type JwtDecodeResult, type JwtSignResult, type JwtVerifyResult } from './token/base.js';
+import { TokenStore, type JwtDecodeResult, type JwtSignPayload, type JwtSignResult, type JwtVerifyResult } from './token/base.js';
 import type { ApiAuthClass, ApiAuthType, ApiKey } from './api-module.js';
 import type { AuthProviderModule } from './auth-api/module.js';
 import type { AuthAdapter, AuthIdentifier } from './auth-api/types.js';
@@ -32,7 +32,7 @@ export interface ApiTokenData extends JwtPayload, Partial<Token> {
     exp?: number;
 }
 export interface ApiRequest {
-    server: any;
+    server: ApiServer;
     req: ExtendedReq;
     res: Response;
     tokenData?: ApiTokenData | null;
@@ -64,7 +64,7 @@ export interface ClientInfo extends ClientAgentProfile {
     ipchain: string[];
 }
 export interface ApiServerAuthStores {
-    userStore: UserStore<any, any>;
+    userStore: UserStore<unknown, unknown>;
     tokenStore: TokenStore;
     passkeyService?: PasskeyService;
     oauthStore?: OAuthStore;
@@ -77,13 +77,13 @@ export { ApiModule } from './api-module.js';
 export type { ApiHandler, ApiAuthType, ApiAuthClass, ApiRoute, ApiKey } from './api-module.js';
 export interface ApiErrorParams {
     code?: number;
-    message?: any;
-    data?: any;
+    message?: unknown;
+    data?: unknown;
     errors?: Record<string, string>;
 }
 export declare class ApiError extends Error {
     code: number;
-    data: any;
+    data: unknown;
     errors: Record<string, string>;
     constructor({ code, message, data, errors }: ApiErrorParams);
 }
@@ -123,6 +123,7 @@ export declare class ApiServer {
     private readonly apiBasePath;
     private storageAdapter;
     private moduleAdapter;
+    private serverAuthAdapter;
     private apiNotFoundHandler;
     private tokenStoreAdapter;
     private userStoreAdapter;
@@ -141,8 +142,8 @@ export declare class ApiServer {
      * @deprecated Use {@link ApiServer.authModule} instead.
      */
     useAuthModule<UserRow>(module: AuthProviderModule<UserRow>): this;
-    getAuthStorage(): AuthAdapter<any, any>;
-    getAuthModule(): AuthProviderModule<any>;
+    getAuthStorage<UserRow = unknown, SafeUser = unknown>(): AuthAdapter<UserRow, SafeUser>;
+    getAuthModule<UserRow = unknown>(): AuthProviderModule<UserRow>;
     setTokenStore(store: TokenStore): this;
     getTokenStore(): TokenStore | null;
     private ensureUserStore;
@@ -151,10 +152,11 @@ export declare class ApiServer {
     listUserCredentials(userId: AuthIdentifier): Promise<StoredPasskeyCredential[]>;
     deletePasskeyCredential(credentialId: Buffer | string): Promise<boolean>;
     private ensureOAuthStore;
-    getUser(identifier: AuthIdentifier): Promise<any | null>;
-    getUserPasswordHash(user: any): string;
-    getUserId(user: any): AuthIdentifier;
-    filterUser(user: any): any;
+    private getServerAuthAdapter;
+    getUser(identifier: AuthIdentifier): Promise<unknown | null>;
+    getUserPasswordHash(user: unknown): string;
+    getUserId(user: unknown): AuthIdentifier;
+    filterUser(user: unknown): unknown;
     verifyPassword(password: string, hash: string): Promise<boolean>;
     storeToken(data: Token): Promise<void>;
     getToken(query: Partial<Token> & {
@@ -177,7 +179,7 @@ export declare class ApiServer {
         realUserId: AuthIdentifier;
         effectiveUserId: AuthIdentifier;
     }): Promise<boolean>;
-    jwtSign(payload: any, secret: string, expiresInSeconds: number, options?: SignOptions): JwtSignResult;
+    jwtSign(payload: JwtSignPayload, secret: string, expiresInSeconds: number, options?: SignOptions): JwtSignResult;
     jwtVerify<T>(token: string, secret: string, options?: VerifyOptions): JwtVerifyResult<T>;
     jwtDecode<T>(token: string, options?: import('jsonwebtoken').DecodeOptions): JwtDecodeResult<T>;
     getApiKey<T = ApiKey>(token: string): Promise<T | null>;
@@ -188,7 +190,7 @@ export declare class ApiServer {
     updateToken(updates: Partial<Token> & {
         refreshToken: string;
     }): Promise<boolean>;
-    guessExceptionText(error: any, defMsg?: string): string;
+    guessExceptionText(error: unknown, defMsg?: string): string;
     protected authorize(apiReq: ApiRequest, requiredClass: ApiAuthClass): Promise<void>;
     private middlewares;
     private installPingHandler;
@@ -220,7 +222,7 @@ export declare class ApiServer {
     }): RequestHandler;
     expressErrorHandler(): ErrorRequestHandler;
     private handle_request;
-    api<T extends ApiModule<any>>(module: T): this;
+    api<T extends ApiModule<unknown>>(module: T): this;
     dumpRequest(apiReq: ApiRequest): void;
     private formatDebugValue;
     dumpResponse(apiReq: ApiRequest, payload: unknown, status: number): void;

package/dist/cjs/auth-api/auth-module.js

@@ -1052,26 +1052,26 @@ class AuthModule extends module_js_1.BaseAuthModule {
         throw new api_server_base_js_1.ApiError({ code: 401, message: 'Authorization requires user authentication' });
     }
     hasPasskeyService() {
-        const storageAny = this.storage;
-        if (storageAny.passkeyService || storageAny.passkeyStore) {
+        const storageHints = this.storage;
+        if (storageHints.passkeyService || storageHints.passkeyStore) {
             return true;
         }
-        if (storageAny.adapter?.passkeyService || storageAny.adapter?.passkeyStore) {
+        if (storageHints.adapter?.passkeyService || storageHints.adapter?.passkeyStore) {
             return true;
         }
-        const serverAny = this.server;
-        return !!serverAny.passkeyServiceAdapter;
+        const serverHints = this.server;
+        return !!serverHints.passkeyServiceAdapter;
     }
     hasOAuthStore() {
-        const storageAny = this.storage;
-        if (storageAny.oauthStore) {
+        const storageHints = this.storage;
+        if (storageHints.oauthStore) {
             return true;
         }
-        if (storageAny.adapter?.oauthStore) {
+        if (storageHints.adapter?.oauthStore) {
             return true;
         }
-        const serverAny = this.server;
-        return !!serverAny.oauthStoreAdapter;
+        const serverHints = this.server;
+        return !!serverHints.oauthStoreAdapter;
     }
     storageImplements(key) {
         const candidate = this.storage[key];

package/dist/cjs/auth-api/module.d.ts

@@ -8,7 +8,7 @@ export interface AuthProviderModule<UserRow = unknown> {
         expires?: Date;
     }): Promise<TokenPair>;
 }
-export declare abstract class BaseAuthModule<UserRow = unknown> extends ApiModule<any> implements AuthProviderModule<UserRow> {
+export declare abstract class BaseAuthModule<UserRow = unknown> extends ApiModule implements AuthProviderModule<UserRow> {
     readonly moduleType: "auth";
     protected constructor(opts: {
         namespace: string;

package/dist/cjs/passkey/service.js

@@ -96,11 +96,13 @@ function toBufferOrNull(value) {
 }
 async function spkiToCosePublicKey(spki) {
     try {
-        const subtle = globalThis.crypto?.subtle ?? (await Promise.resolve().then(() => __importStar(require('crypto')))).webcrypto?.subtle;
+        const subtle = (globalThis.crypto?.subtle ??
+            (await Promise.resolve().then(() => __importStar(require('crypto')))).webcrypto?.subtle);
         if (!subtle) {
             return null;
         }
-        const key = await subtle.importKey('spki', spki, { name: 'ECDSA', namedCurve: 'P-256' }, true, ['verify']);
+        const spkiView = new Uint8Array(spki);
+        const key = await subtle.importKey('spki', spkiView, { name: 'ECDSA', namedCurve: 'P-256' }, true, ['verify']);
         const raw = Buffer.from(await subtle.exportKey('raw', key));
         if (raw.length !== 65 || raw[0] !== 0x04) {
             return null;
@@ -248,15 +250,16 @@ class PasskeyService {
             return { verified: false };
         }
         const registrationInfo = result.registrationInfo;
-        const attestationResponse = params.response?.response;
+        const attestationResponse = params.response.response;
         const credentialIdPrimary = toBufferOrNull(registrationInfo.credentialID);
-        const credentialIdFallback = toBufferOrNull(params.response?.id);
+        const credentialIdFallback = toBufferOrNull(params.response.id);
         const credentialId = credentialIdPrimary && credentialIdPrimary.length > 0 ? credentialIdPrimary : credentialIdFallback;
         const publicKeyPrimary = toBufferOrNull(registrationInfo.credentialPublicKey);
         let publicKeyFallback = toBufferOrNull(attestationResponse?.publicKey);
         if ((!publicKeyPrimary || publicKeyPrimary.length === 0) && attestationResponse?.attestationObject) {
             try {
-                const attObj = (0, helpers_1.decodeAttestationObject)(helpers_1.isoBase64URL.toBuffer(attestationResponse.attestationObject));
+                const attestationObject = String(attestationResponse.attestationObject);
+                const attObj = (0, helpers_1.decodeAttestationObject)(helpers_1.isoBase64URL.toBuffer(attestationObject));
                 const parsedAuth = (0, helpers_1.parseAuthenticatorData)(attObj.get('authData'));
                 publicKeyFallback = toBufferOrNull(parsedAuth.credentialPublicKey) ?? publicKeyFallback;
             }
@@ -318,13 +321,10 @@ class PasskeyService {
         }
         const user = await this.requireUser({ userId: credential.userId, login: record.login });
         const storedAuthData = {
-            id: credential.credentialId,
-            publicKey: toBuffer(credential.publicKey),
-            credentialPublicKey: toBuffer(credential.publicKey),
+            id: toBase64Url(credential.credentialId),
+            publicKey: new Uint8Array(toBuffer(credential.publicKey)),
             counter: credential.counter,
-            transports: credential.transports ?? undefined,
-            credentialBackedUp: credential.backedUp,
-            credentialDeviceType: credential.deviceType
+            transports: credential.transports ?? undefined
             // simplewebauthn accepts either Uint8Array or Buffer; ensure Buffer
             // see https://github.com/MasterKale/SimpleWebAuthn/blob/master/packages/server/src/authentication/verifyAuthenticationResponse.ts
         };

package/dist/cjs/token/base.d.ts

@@ -5,6 +5,7 @@ export interface JwtSignResult {
     token?: string;
     error?: string;
 }
+export type JwtSignPayload = string | Buffer | Record<string, unknown>;
 export interface JwtVerifyResult<T> {
     success: boolean;
     data?: T;
@@ -32,7 +33,7 @@ export declare abstract class TokenStore {
     }): Promise<Token[]>;
     abstract close(): Promise<void>;
     normalizeToken(token: Partial<Token>): Token;
-    jwtSign(payload: any, secret: string, expiresInSeconds: number, options?: SignOptions): JwtSignResult;
+    jwtSign(payload: JwtSignPayload, secret: string, expiresInSeconds: number, options?: SignOptions): JwtSignResult;
     jwtVerify<T>(token: string, secret: string, options?: VerifyOptions): JwtVerifyResult<T>;
     jwtDecode<T>(token: string, options?: DecodeOptions): JwtDecodeResult<T>;
 }

package/dist/esm/api-module.d.ts

@@ -1,5 +1,6 @@
 import type { ApiRequest } from './api-server-base.js';
-export type ApiHandler = (apiReq: ApiRequest) => Promise<[number] | [number, any] | [number, any, string]>;
+export type ApiHandlerResult<Data = unknown> = [number] | [number, Data] | [number, Data, string];
+export type ApiHandler<Data = unknown> = (apiReq: ApiRequest) => Promise<ApiHandlerResult<Data>>;
 export type ApiAuthType = 'none' | 'maybe' | 'yes' | 'strict' | 'apikey';
 export type ApiAuthClass = 'any' | 'admin';
 export interface ApiKey {
@@ -14,7 +15,7 @@ export type ApiRoute = {
         req: ApiAuthClass;
     };
 };
-export declare class ApiModule<T> {
+export declare class ApiModule<T = unknown> {
     server: T;
     namespace: string;
     mountpath: string;

package/dist/esm/api-server-base.d.ts

@@ -6,7 +6,7 @@
  */
 import { Application, Request, Response, type ErrorRequestHandler, type RequestHandler } from 'express';
 import { ApiModule } from './api-module.js';
-import { TokenStore, type JwtDecodeResult, type JwtSignResult, type JwtVerifyResult } from './token/base.js';
+import { TokenStore, type JwtDecodeResult, type JwtSignPayload, type JwtSignResult, type JwtVerifyResult } from './token/base.js';
 import type { ApiAuthClass, ApiAuthType, ApiKey } from './api-module.js';
 import type { AuthProviderModule } from './auth-api/module.js';
 import type { AuthAdapter, AuthIdentifier } from './auth-api/types.js';
@@ -32,7 +32,7 @@ export interface ApiTokenData extends JwtPayload, Partial<Token> {
     exp?: number;
 }
 export interface ApiRequest {
-    server: any;
+    server: ApiServer;
     req: ExtendedReq;
     res: Response;
     tokenData?: ApiTokenData | null;
@@ -64,7 +64,7 @@ export interface ClientInfo extends ClientAgentProfile {
     ipchain: string[];
 }
 export interface ApiServerAuthStores {
-    userStore: UserStore<any, any>;
+    userStore: UserStore<unknown, unknown>;
     tokenStore: TokenStore;
     passkeyService?: PasskeyService;
     oauthStore?: OAuthStore;
@@ -77,13 +77,13 @@ export { ApiModule } from './api-module.js';
 export type { ApiHandler, ApiAuthType, ApiAuthClass, ApiRoute, ApiKey } from './api-module.js';
 export interface ApiErrorParams {
     code?: number;
-    message?: any;
-    data?: any;
+    message?: unknown;
+    data?: unknown;
     errors?: Record<string, string>;
 }
 export declare class ApiError extends Error {
     code: number;
-    data: any;
+    data: unknown;
     errors: Record<string, string>;
     constructor({ code, message, data, errors }: ApiErrorParams);
 }
@@ -123,6 +123,7 @@ export declare class ApiServer {
     private readonly apiBasePath;
     private storageAdapter;
     private moduleAdapter;
+    private serverAuthAdapter;
     private apiNotFoundHandler;
     private tokenStoreAdapter;
     private userStoreAdapter;
@@ -141,8 +142,8 @@ export declare class ApiServer {
      * @deprecated Use {@link ApiServer.authModule} instead.
      */
     useAuthModule<UserRow>(module: AuthProviderModule<UserRow>): this;
-    getAuthStorage(): AuthAdapter<any, any>;
-    getAuthModule(): AuthProviderModule<any>;
+    getAuthStorage<UserRow = unknown, SafeUser = unknown>(): AuthAdapter<UserRow, SafeUser>;
+    getAuthModule<UserRow = unknown>(): AuthProviderModule<UserRow>;
     setTokenStore(store: TokenStore): this;
     getTokenStore(): TokenStore | null;
     private ensureUserStore;
@@ -151,10 +152,11 @@ export declare class ApiServer {
     listUserCredentials(userId: AuthIdentifier): Promise<StoredPasskeyCredential[]>;
     deletePasskeyCredential(credentialId: Buffer | string): Promise<boolean>;
     private ensureOAuthStore;
-    getUser(identifier: AuthIdentifier): Promise<any | null>;
-    getUserPasswordHash(user: any): string;
-    getUserId(user: any): AuthIdentifier;
-    filterUser(user: any): any;
+    private getServerAuthAdapter;
+    getUser(identifier: AuthIdentifier): Promise<unknown | null>;
+    getUserPasswordHash(user: unknown): string;
+    getUserId(user: unknown): AuthIdentifier;
+    filterUser(user: unknown): unknown;
     verifyPassword(password: string, hash: string): Promise<boolean>;
     storeToken(data: Token): Promise<void>;
     getToken(query: Partial<Token> & {
@@ -177,7 +179,7 @@ export declare class ApiServer {
         realUserId: AuthIdentifier;
         effectiveUserId: AuthIdentifier;
     }): Promise<boolean>;
-    jwtSign(payload: any, secret: string, expiresInSeconds: number, options?: SignOptions): JwtSignResult;
+    jwtSign(payload: JwtSignPayload, secret: string, expiresInSeconds: number, options?: SignOptions): JwtSignResult;
     jwtVerify<T>(token: string, secret: string, options?: VerifyOptions): JwtVerifyResult<T>;
     jwtDecode<T>(token: string, options?: import('jsonwebtoken').DecodeOptions): JwtDecodeResult<T>;
     getApiKey<T = ApiKey>(token: string): Promise<T | null>;
@@ -188,7 +190,7 @@ export declare class ApiServer {
     updateToken(updates: Partial<Token> & {
         refreshToken: string;
     }): Promise<boolean>;
-    guessExceptionText(error: any, defMsg?: string): string;
+    guessExceptionText(error: unknown, defMsg?: string): string;
     protected authorize(apiReq: ApiRequest, requiredClass: ApiAuthClass): Promise<void>;
     private middlewares;
     private installPingHandler;
@@ -220,7 +222,7 @@ export declare class ApiServer {
     }): RequestHandler;
     expressErrorHandler(): ErrorRequestHandler;
     private handle_request;
-    api<T extends ApiModule<any>>(module: T): this;
+    api<T extends ApiModule<unknown>>(module: T): this;
     dumpRequest(apiReq: ApiRequest): void;
     private formatDebugValue;
     dumpResponse(apiReq: ApiRequest, payload: unknown, status: number): void;

package/dist/esm/api-server-base.js

@@ -42,11 +42,14 @@ function guess_exception_text(error, defMsg = 'Unknown Error') {
         msg.push(error);
     }
     else if (error && typeof error === 'object') {
-        if (typeof error.message === 'string' && error.message.trim() !== '') {
-            msg.push(error.message);
+        const errorDetails = error;
+        if (typeof errorDetails.message === 'string' && errorDetails.message.trim() !== '') {
+            msg.push(errorDetails.message);
         }
-        if (error.parent && typeof error.parent.message === 'string' && error.parent.message.trim() !== '') {
-            msg.push(error.parent.message);
+        if (errorDetails.parent &&
+            typeof errorDetails.parent.message === 'string' &&
+            errorDetails.parent.message.trim() !== '') {
+            msg.push(errorDetails.parent.message);
         }
     }
     return msg.length > 0 ? msg.join(' / ') : defMsg;
@@ -359,6 +362,7 @@ function fillConfig(config) {
 export class ApiServer {
     constructor(config = {}) {
         this.currReq = null;
+        this.serverAuthAdapter = null;
         this.apiNotFoundHandler = null;
         this.tokenStoreAdapter = null;
         this.userStoreAdapter = null;
@@ -379,7 +383,7 @@ export class ApiServer {
             this.passkeyServiceAdapter = passkeyService ?? null;
             this.oauthStoreAdapter = oauthStore ?? null;
             this.canImpersonateAdapter = canImpersonate ?? null;
-            this.storageAdapter = this;
+            this.storageAdapter = this.getServerAuthAdapter();
         }
         this.app = express();
         if (config.uploadPath) {
@@ -420,9 +424,9 @@ export class ApiServer {
     }
     setTokenStore(store) {
         this.tokenStoreAdapter = store;
-        // If using direct stores, expose self as the auth storage.
+        // If using direct stores, expose the server-backed auth adapter.
         if (this.userStoreAdapter) {
-            this.storageAdapter = this;
+            this.storageAdapter = this.getServerAuthAdapter();
         }
         return this;
     }
@@ -459,6 +463,33 @@ export class ApiServer {
         }
         return this.oauthStoreAdapter;
     }
+    getServerAuthAdapter() {
+        if (this.serverAuthAdapter) {
+            return this.serverAuthAdapter;
+        }
+        const server = this;
+        this.serverAuthAdapter = {
+            getUser: (identifier) => server.getUser(identifier),
+            getUserPasswordHash: (user) => server.getUserPasswordHash(user),
+            getUserId: (user) => server.getUserId(user),
+            filterUser: (user) => server.filterUser(user),
+            verifyPassword: (password, hash) => server.verifyPassword(password, hash),
+            storeToken: (data) => server.storeToken(data),
+            getToken: (query, opts) => server.getToken(query, opts),
+            deleteToken: (query) => server.deleteToken(query),
+            updateToken: (updates) => server.updateToken(updates),
+            createPasskeyChallenge: (params) => server.createPasskeyChallenge(params),
+            verifyPasskeyResponse: (params) => server.verifyPasskeyResponse(params),
+            listUserCredentials: (userId) => server.listUserCredentials(userId),
+            deletePasskeyCredential: (credentialId) => server.deletePasskeyCredential(credentialId),
+            getClient: (clientId) => server.getClient(clientId),
+            verifyClientSecret: (client, clientSecret) => server.verifyClientSecret(client, clientSecret),
+            createAuthCode: (request) => server.createAuthCode(request),
+            consumeAuthCode: (code, clientId) => server.consumeAuthCode(code, clientId),
+            canImpersonate: (params) => server.canImpersonate(params)
+        };
+        return this.serverAuthAdapter;
+    }
     // AuthAdapter-compatible helpers (used by AuthModule)
     async getUser(identifier) {
         return this.userStoreAdapter ? this.userStoreAdapter.findUser(identifier) : null;
@@ -479,8 +510,9 @@ export class ApiServer {
         if (this.tokenStoreAdapter) {
             return this.tokenStoreAdapter.save(data);
         }
-        if (typeof this.storageAdapter.storeToken === 'function') {
-            return this.storageAdapter.storeToken(data);
+        const storage = this.storageAdapter;
+        if (typeof storage.storeToken === 'function') {
+            return storage.storeToken(data);
         }
         throw new Error('Token store is not configured');
     }
@@ -493,8 +525,9 @@ export class ApiServer {
         if (this.tokenStoreAdapter) {
             return this.tokenStoreAdapter.get(normalized, opts);
         }
-        if (typeof this.storageAdapter.getToken === 'function') {
-            return this.storageAdapter.getToken(normalized, opts);
+        const storage = this.storageAdapter;
+        if (typeof storage.getToken === 'function') {
+            return storage.getToken(normalized, opts);
         }
         return null;
     }
@@ -507,8 +540,9 @@ export class ApiServer {
         if (this.tokenStoreAdapter) {
             return this.tokenStoreAdapter.delete(normalized);
         }
-        if (typeof this.storageAdapter.deleteToken === 'function') {
-            return this.storageAdapter.deleteToken(normalized);
+        const storage = this.storageAdapter;
+        if (typeof storage.deleteToken === 'function') {
+            return storage.deleteToken(normalized);
         }
         return 0;
     }
@@ -581,8 +615,9 @@ export class ApiServer {
         if (this.tokenStoreAdapter) {
             return this.tokenStoreAdapter.update(updates);
         }
-        if (typeof this.storageAdapter.updateToken === 'function') {
-            return this.storageAdapter.updateToken(updates);
+        const storage = this.storageAdapter;
+        if (typeof storage.updateToken === 'function') {
+            return storage.updateToken(updates);
         }
         return false;
     }
@@ -715,7 +750,7 @@ export class ApiServer {
         if (!this.apiNotFoundHandler) {
             return;
         }
-        const stack = this.app?._router?.stack;
+        const stack = this.app._router?.stack;
         if (!stack) {
             return;
         }
@@ -1208,7 +1243,8 @@ export class ApiServer {
     api(module) {
         const router = express.Router();
         module.server = this;
-        if (module?.moduleType === 'auth') {
+        const moduleType = module.moduleType;
+        if (moduleType === 'auth') {
             this.authModule(module);
         }
         module.checkConfig();
@@ -1218,7 +1254,20 @@ export class ApiServer {
         module.mountpath = mountPath;
         module.defineRoutes().forEach((r) => {
             const handler = this.handle_request(r.handler, r.auth);
-            router[r.method](r.path, handler);
+            switch (r.method) {
+                case 'get':
+                    router.get(r.path, handler);
+                    break;
+                case 'post':
+                    router.post(r.path, handler);
+                    break;
+                case 'put':
+                    router.put(r.path, handler);
+                    break;
+                case 'delete':
+                    router.delete(r.path, handler);
+                    break;
+            }
             if (this.config.debug) {
                 console.log(`Adding ${mountPath}${r.path} (${r.method.toUpperCase()})`);
             }

package/dist/esm/auth-api/auth-module.js

@@ -1050,26 +1050,26 @@ class AuthModule extends BaseAuthModule {
         throw new ApiError({ code: 401, message: 'Authorization requires user authentication' });
     }
     hasPasskeyService() {
-        const storageAny = this.storage;
-        if (storageAny.passkeyService || storageAny.passkeyStore) {
+        const storageHints = this.storage;
+        if (storageHints.passkeyService || storageHints.passkeyStore) {
             return true;
         }
-        if (storageAny.adapter?.passkeyService || storageAny.adapter?.passkeyStore) {
+        if (storageHints.adapter?.passkeyService || storageHints.adapter?.passkeyStore) {
             return true;
         }
-        const serverAny = this.server;
-        return !!serverAny.passkeyServiceAdapter;
+        const serverHints = this.server;
+        return !!serverHints.passkeyServiceAdapter;
     }
     hasOAuthStore() {
-        const storageAny = this.storage;
-        if (storageAny.oauthStore) {
+        const storageHints = this.storage;
+        if (storageHints.oauthStore) {
             return true;
         }
-        if (storageAny.adapter?.oauthStore) {
+        if (storageHints.adapter?.oauthStore) {
             return true;
         }
-        const serverAny = this.server;
-        return !!serverAny.oauthStoreAdapter;
+        const serverHints = this.server;
+        return !!serverHints.oauthStoreAdapter;
     }
     storageImplements(key) {
         const candidate = this.storage[key];

package/dist/esm/auth-api/module.d.ts

@@ -8,7 +8,7 @@ export interface AuthProviderModule<UserRow = unknown> {
         expires?: Date;
     }): Promise<TokenPair>;
 }
-export declare abstract class BaseAuthModule<UserRow = unknown> extends ApiModule<any> implements AuthProviderModule<UserRow> {
+export declare abstract class BaseAuthModule<UserRow = unknown> extends ApiModule implements AuthProviderModule<UserRow> {
     readonly moduleType: "auth";
     protected constructor(opts: {
         namespace: string;

package/dist/esm/passkey/service.js

@@ -60,11 +60,13 @@ function toBufferOrNull(value) {
 }
 async function spkiToCosePublicKey(spki) {
     try {
-        const subtle = globalThis.crypto?.subtle ?? (await import('crypto')).webcrypto?.subtle;
+        const subtle = (globalThis.crypto?.subtle ??
+            (await import('crypto')).webcrypto?.subtle);
         if (!subtle) {
             return null;
         }
-        const key = await subtle.importKey('spki', spki, { name: 'ECDSA', namedCurve: 'P-256' }, true, ['verify']);
+        const spkiView = new Uint8Array(spki);
+        const key = await subtle.importKey('spki', spkiView, { name: 'ECDSA', namedCurve: 'P-256' }, true, ['verify']);
         const raw = Buffer.from(await subtle.exportKey('raw', key));
         if (raw.length !== 65 || raw[0] !== 0x04) {
             return null;
@@ -212,15 +214,16 @@ export class PasskeyService {
             return { verified: false };
         }
         const registrationInfo = result.registrationInfo;
-        const attestationResponse = params.response?.response;
+        const attestationResponse = params.response.response;
         const credentialIdPrimary = toBufferOrNull(registrationInfo.credentialID);
-        const credentialIdFallback = toBufferOrNull(params.response?.id);
+        const credentialIdFallback = toBufferOrNull(params.response.id);
         const credentialId = credentialIdPrimary && credentialIdPrimary.length > 0 ? credentialIdPrimary : credentialIdFallback;
         const publicKeyPrimary = toBufferOrNull(registrationInfo.credentialPublicKey);
         let publicKeyFallback = toBufferOrNull(attestationResponse?.publicKey);
         if ((!publicKeyPrimary || publicKeyPrimary.length === 0) && attestationResponse?.attestationObject) {
             try {
-                const attObj = decodeAttestationObject(isoBase64URL.toBuffer(attestationResponse.attestationObject));
+                const attestationObject = String(attestationResponse.attestationObject);
+                const attObj = decodeAttestationObject(isoBase64URL.toBuffer(attestationObject));
                 const parsedAuth = parseAuthenticatorData(attObj.get('authData'));
                 publicKeyFallback = toBufferOrNull(parsedAuth.credentialPublicKey) ?? publicKeyFallback;
             }
@@ -282,13 +285,10 @@ export class PasskeyService {
         }
         const user = await this.requireUser({ userId: credential.userId, login: record.login });
         const storedAuthData = {
-            id: credential.credentialId,
-            publicKey: toBuffer(credential.publicKey),
-            credentialPublicKey: toBuffer(credential.publicKey),
+            id: toBase64Url(credential.credentialId),
+            publicKey: new Uint8Array(toBuffer(credential.publicKey)),
             counter: credential.counter,
-            transports: credential.transports ?? undefined,
-            credentialBackedUp: credential.backedUp,
-            credentialDeviceType: credential.deviceType
+            transports: credential.transports ?? undefined
             // simplewebauthn accepts either Uint8Array or Buffer; ensure Buffer
             // see https://github.com/MasterKale/SimpleWebAuthn/blob/master/packages/server/src/authentication/verifyAuthenticationResponse.ts
         };

package/dist/esm/token/base.d.ts

@@ -5,6 +5,7 @@ export interface JwtSignResult {
     token?: string;
     error?: string;
 }
+export type JwtSignPayload = string | Buffer | Record<string, unknown>;
 export interface JwtVerifyResult<T> {
     success: boolean;
     data?: T;
@@ -32,7 +33,7 @@ export declare abstract class TokenStore {
     }): Promise<Token[]>;
     abstract close(): Promise<void>;
     normalizeToken(token: Partial<Token>): Token;
-    jwtSign(payload: any, secret: string, expiresInSeconds: number, options?: SignOptions): JwtSignResult;
+    jwtSign(payload: JwtSignPayload, secret: string, expiresInSeconds: number, options?: SignOptions): JwtSignResult;
     jwtVerify<T>(token: string, secret: string, options?: VerifyOptions): JwtVerifyResult<T>;
     jwtDecode<T>(token: string, options?: DecodeOptions): JwtDecodeResult<T>;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@technomoron/api-server-base",
-	"version": "2.0.0-beta.14",
+	"version": "2.0.0-beta.15",
 	"description": "Api Server Skeleton / Base Class",
 	"type": "module",
 	"main": "./dist/cjs/index.cjs",
@@ -59,11 +59,12 @@
 		"test:functional": "vitest run tests/functional",
 		"test:watch": "vitest --watch",
 		"prepublishOnly": "node scripts/run-builds.cjs",
-		"lint": "eslint --ext .js,.ts,.vue ./",
-		"lintfix": "eslint --fix --ext .js,.ts,.vue ./",
-		"format": "eslint --fix --ext .js,.ts,.vue ./ && prettier --write \"**/*.{js,jsx,ts,tsx,vue,json,css,scss,md}\"",
-		"cleanbuild": "rm -rf ./dist/ && eslint --fix --ext .js,.ts,.vue ./ && prettier --log-level warn --write \"**/*.{js,jsx,ts,tsx,vue,json,css,scss,md}\" && node scripts/run-builds.cjs",
-		"pretty": "prettier --write \"**/*.{js,jsx,ts,tsx,vue,json,css,scss,md}\""
+		"lint": "eslint --no-error-on-unmatched-pattern --ext .js,.cjs,.mjs,.ts,.mts,.tsx,.vue,.json ./",
+		"lintfix": "eslint --fix --no-error-on-unmatched-pattern --ext .js,.cjs,.mjs,.ts,.mts,.tsx,.vue,.json ./",
+		"format": "npm run lintfix && npm run pretty",
+		"cleanbuild": "rm -rf ./dist/ && npm run format && npm run build",
+		"pretty": "prettier --write \"**/*.{js,jsx,cjs,mjs,ts,tsx,mts,vue,json,md}\"",
+		"lintconfig": "node lintconfig.cjs"
 	},
 	"dependencies": {
 		"@simplewebauthn/server": "^13.2.2",
@@ -85,11 +86,10 @@
 		"@types/supertest": "^6.0.3",
 		"@typescript-eslint/eslint-plugin": "^8.50.1",
 		"@typescript-eslint/parser": "^8.50.1",
-		"@vue/eslint-config-prettier": "10.2.0",
-		"@vue/eslint-config-typescript": "^14.6.0",
 		"eslint": "^9.39.2",
+		"eslint-config-prettier": "^10.1.8",
 		"eslint-plugin-import": "^2.32.0",
-		"eslint-plugin-vue": "^10.6.2",
+		"jsonc-eslint-parser": "^2.4.1",
 		"mysql2": "^3.16.0",
 		"pg": "^8.16.3",
 		"prettier": "^3.7.4",
@@ -129,5 +129,6 @@
 		"dist/",
 		"docs/swagger/openapi.json",
 		"package.json"
-	]
+	],
+	"packageManager": "pnpm@10.27.0+sha512.72d699da16b1179c14ba9e64dc71c9a40988cbdc65c264cb0e489db7de917f20dcf4d64d8723625f2969ba52d4b7e2a1170682d9ac2a5dcaeaab732b7e16f04a"
 }