@technomoron/api-server-base 2.0.0-beta.15 → 2.0.0-beta.17

package/README.txt

@@ -102,6 +102,7 @@ apiBasePath (string, default '/api') Prefix applied to every module namespace.
 origins (string array, default empty array) CORS allowlist; empty allows all origins.
 uploadPath (string, default empty string) Enables multer.any() when provided.
 uploadMax (number, default 30 * 1024 * 1024) Maximum upload size in bytes.
+staticDirs (record, default empty object) Map of mount path => disk path for serving static files as-is (ex: { '/assets': './public' }).
 accessSecret (string, default empty string) Required for JWT signing and verification.
 refreshSecret (string, default empty string) Used for refresh tokens if you implement them.
 cookieDomain (string, default '.somewhere-over-the-rainbow.com') Domain applied to auth cookies.
@@ -141,6 +142,22 @@ Use your storage adapter's filterUser helper to trim sensitive data before retur
 Provide your own authorize method to enforce role based access control using the ApiAuthClass enum.
 Create feature modules by extending ApiModule. Use the optional checkConfig hook to validate prerequisites before routes mount.
 
+Sequelize Table Prefixes
+------------------------
+Sequelize-backed stores accept `tablePrefix` to prepend to the built-in table names (`users`, `jwttokens`, `passkey_credentials`, `passkey_challenges`, `oauth_clients`, `oauth_codes`).
+
+SqlAuthStore supports both a global prefix (`tablePrefix`) and per-module overrides (`tablePrefixes.user|token|passkey|oauth`). When present, `tokenStoreOptions.tablePrefix` and `oauthStoreOptions.tablePrefix` take precedence.
+
+Example:
+
+	const store = new SqlAuthStore({
+		sequelize,
+		tablePrefix: 'myapp_'
+	});
+	// Creates tables like myapp_users, myapp_jwttokens, myapp_oauth_clients, ...
+
+If you need a different base name (for example `myapp_tokens` instead of `myapp_jwttokens`), pass a custom model or model factory to the store and set the `tableName` yourself.
+
 Custom Express Endpoints
 ------------------------
 ApiModule routes run inside the tuple wrapper (always responding with a standardized JSON envelope). For endpoints that need raw Express control (streaming, webhooks, tus uploads, etc.), mount your own handlers directly.

package/dist/cjs/api-server-base.cjs

@@ -343,6 +343,7 @@ function fillConfig(config) {
         apiHost: config.apiHost ?? 'localhost',
         uploadPath: config.uploadPath ?? '',
         uploadMax: config.uploadMax ?? 30 * 1024 * 1024,
+        staticDirs: config.staticDirs,
         origins: config.origins ?? [],
         debug: config.debug ?? false,
         apiBasePath: config.apiBasePath ?? '/api',
@@ -399,6 +400,7 @@ class ApiServer {
             this.app.use(upload.any());
         }
         this.middlewares();
+        this.installStaticDirs();
         this.installPingHandler();
         this.installSwaggerHandler();
         // addSwaggerUi(this.app);
@@ -656,6 +658,21 @@ class ApiServer {
         };
         this.app.use((0, cors_1.default)(corsOptions));
     }
+    installStaticDirs() {
+        const staticDirs = this.config.staticDirs;
+        if (!staticDirs || !isPlainObject(staticDirs)) {
+            return;
+        }
+        for (const [mountRaw, dirRaw] of Object.entries(staticDirs)) {
+            const mount = typeof mountRaw === 'string' ? mountRaw.trim() : '';
+            const dir = typeof dirRaw === 'string' ? dirRaw.trim() : '';
+            if (!mount || !dir) {
+                continue;
+            }
+            const resolvedMount = mount.startsWith('/') ? mount : `/${mount}`;
+            this.app.use(resolvedMount, express_1.default.static(dir));
+        }
+    }
     installPingHandler() {
         const path = `${this.apiBasePath}/v1/ping`;
         this.app.get(path, (_req, res) => {

package/dist/cjs/api-server-base.d.ts

@@ -92,6 +92,7 @@ export interface ApiServerConf {
     apiHost: string;
     uploadPath: string;
     uploadMax: number;
+    staticDirs?: Record<string, string>;
     origins: string[];
     debug: boolean;
     apiBasePath: string;
@@ -193,6 +194,7 @@ export declare class ApiServer {
     guessExceptionText(error: unknown, defMsg?: string): string;
     protected authorize(apiReq: ApiRequest, requiredClass: ApiAuthClass): Promise<void>;
     private middlewares;
+    private installStaticDirs;
     private installPingHandler;
     private loadSwaggerSpec;
     private installSwaggerHandler;

package/dist/cjs/auth-api/sql-auth-store.d.ts

@@ -11,13 +11,23 @@ import type { Token } from '../token/types.js';
 interface PasskeyOptions extends Partial<PasskeyServiceConfig> {
     enabled?: boolean;
 }
+export interface SqlAuthStoreTablePrefixes {
+    user?: string;
+    token?: string;
+    passkey?: string;
+    oauth?: string;
+}
 export interface SqlAuthStoreParams<UserAttributes extends AuthUserAttributes = AuthUserAttributes, PublicUserShape extends Omit<UserAttributes, 'password'> = Omit<UserAttributes, 'password'>> {
     sequelize: Sequelize;
     syncOptions?: SyncOptions;
     bcryptRounds?: number;
     passwordPepper?: string;
+    tablePrefix?: string;
+    tablePrefixes?: SqlAuthStoreTablePrefixes;
     userModel?: GenericUserModelStatic;
-    userModelFactory?: (sequelize: Sequelize) => GenericUserModelStatic;
+    userModelFactory?: (sequelize: Sequelize, options?: {
+        tablePrefix?: string;
+    }) => GenericUserModelStatic;
     userRecordMapper?: (model: GenericUserModel) => UserAttributes;
     publicUserMapper?: (user: UserAttributes) => PublicUserShape;
     passkeyUserMapper?: (user: UserAttributes) => PasskeyUserDescriptor;

package/dist/cjs/auth-api/sql-auth-store.js

@@ -13,6 +13,22 @@ const DEFAULT_PASSKEY_CONFIG = {
     timeoutMs: 5 * 60 * 1000,
     userVerification: 'preferred'
 };
+function normalizeTablePrefix(prefix) {
+    if (!prefix) {
+        return undefined;
+    }
+    const trimmed = prefix.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+function resolveTablePrefix(...prefixes) {
+    for (const prefix of prefixes) {
+        const normalized = normalizeTablePrefix(prefix);
+        if (normalized) {
+            return normalized;
+        }
+    }
+    return undefined;
+}
 function isOriginString(origin) {
     return typeof origin === 'string' && origin.trim().length > 0;
 }
@@ -36,6 +52,8 @@ class SqlAuthStore {
         }
         this.sequelize = params.sequelize;
         this.syncOptions = params.syncOptions;
+        const moduleTablePrefixes = params.tablePrefixes ?? {};
+        const userTablePrefix = resolveTablePrefix(moduleTablePrefixes.user, params.tablePrefix);
         this.userStore = new sequelize_js_4.SequelizeUserStore({
             sequelize: this.sequelize,
             userModel: params.userModel,
@@ -43,18 +61,28 @@ class SqlAuthStore {
             recordMapper: params.userRecordMapper,
             toPublic: params.publicUserMapper,
             bcryptRounds: params.bcryptRounds,
-            bcryptPepper: params.passwordPepper
+            bcryptPepper: params.passwordPepper,
+            tablePrefix: userTablePrefix
         });
+        const tokenTablePrefix = resolveTablePrefix(params.tokenStoreOptions?.tablePrefix, moduleTablePrefixes.token, params.tablePrefix);
         this.tokenStore =
-            params.tokenStore ?? new sequelize_js_3.SequelizeTokenStore({ sequelize: this.sequelize, ...params.tokenStoreOptions });
+            params.tokenStore ??
+                new sequelize_js_3.SequelizeTokenStore({
+                    sequelize: this.sequelize,
+                    ...params.tokenStoreOptions,
+                    tablePrefix: tokenTablePrefix
+                });
+        const oauthTablePrefix = resolveTablePrefix(params.oauthStoreOptions?.tablePrefix, moduleTablePrefixes.oauth, params.tablePrefix);
         this.oauthStore = new sequelize_js_1.SequelizeOAuthStore({
             sequelize: this.sequelize,
             ...params.oauthStoreOptions,
+            tablePrefix: oauthTablePrefix,
             bcryptRounds: params.bcryptRounds
         });
         let passkeyStore;
         let passkeyConfig;
         if (params.passkeys !== false) {
+            const passkeyTablePrefix = resolveTablePrefix(moduleTablePrefixes.passkey, params.tablePrefix);
             passkeyConfig = normalizePasskeyConfig(params.passkeys ?? {});
             const resolveUser = async (lookup) => {
                 const found = await this.userStore.findUser(lookup.userId ?? lookup.login ?? '');
@@ -69,7 +97,11 @@ class SqlAuthStore {
                     }));
                 return mapper(found);
             };
-            passkeyStore = new sequelize_js_2.SequelizePasskeyStore({ sequelize: this.sequelize, resolveUser });
+            passkeyStore = new sequelize_js_2.SequelizePasskeyStore({
+                sequelize: this.sequelize,
+                resolveUser,
+                tablePrefix: passkeyTablePrefix
+            });
             this.passkeyStore = passkeyStore;
         }
         this.adapter = new compat_auth_storage_js_1.CompositeAuthAdapter({

package/dist/cjs/oauth/models.d.ts

@@ -18,7 +18,9 @@ export declare class OAuthClientModel extends Model<OAuthClientAttributes, OAuth
     metadata: string | null;
     first_party: boolean;
 }
-export declare function initOAuthClientModel(sequelize: Sequelize): typeof OAuthClientModel;
+export declare function initOAuthClientModel(sequelize: Sequelize, options?: {
+    tablePrefix?: string;
+}): typeof OAuthClientModel;
 export interface OAuthCodeAttributes {
     code: string;
     client_id: string;
@@ -42,4 +44,6 @@ export declare class OAuthCodeModel extends Model<OAuthCodeAttributes, OAuthCode
     expires: Date;
     metadata: string | null;
 }
-export declare function initOAuthCodeModel(sequelize: Sequelize): typeof OAuthCodeModel;
+export declare function initOAuthCodeModel(sequelize: Sequelize, options?: {
+    tablePrefix?: string;
+}): typeof OAuthCodeModel;

package/dist/cjs/oauth/models.js

@@ -5,11 +5,22 @@ exports.initOAuthClientModel = initOAuthClientModel;
 exports.initOAuthCodeModel = initOAuthCodeModel;
 const sequelize_1 = require("sequelize");
 const DIALECTS_SUPPORTING_UNSIGNED = new Set(['mysql', 'mariadb']);
+function normalizeTablePrefix(prefix) {
+    if (!prefix) {
+        return undefined;
+    }
+    const trimmed = prefix.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+function applyTablePrefix(prefix, tableName) {
+    const normalized = normalizeTablePrefix(prefix);
+    return normalized ? `${normalized}${tableName}` : tableName;
+}
 function integerIdType(sequelize) {
     return DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect()) ? sequelize_1.DataTypes.INTEGER.UNSIGNED : sequelize_1.DataTypes.INTEGER;
 }
-function tableOptions(sequelize, tableName, extra) {
-    const opts = { sequelize, tableName };
+function tableOptions(sequelize, tableName, tablePrefix, extra) {
+    const opts = { sequelize, tableName: applyTablePrefix(tablePrefix, tableName) };
     if (extra) {
         Object.assign(opts, extra);
     }
@@ -22,7 +33,7 @@ function tableOptions(sequelize, tableName, extra) {
 class OAuthClientModel extends sequelize_1.Model {
 }
 exports.OAuthClientModel = OAuthClientModel;
-function initOAuthClientModel(sequelize) {
+function initOAuthClientModel(sequelize, options = {}) {
     OAuthClientModel.init({
         client_id: { type: sequelize_1.DataTypes.STRING(128), allowNull: false, primaryKey: true },
         client_secret: { type: sequelize_1.DataTypes.STRING(255), allowNull: false, defaultValue: '' },
@@ -32,14 +43,14 @@ function initOAuthClientModel(sequelize) {
         metadata: { type: sequelize_1.DataTypes.TEXT, allowNull: true, defaultValue: null },
         first_party: { type: sequelize_1.DataTypes.BOOLEAN, allowNull: false, defaultValue: false }
     }, {
-        ...tableOptions(sequelize, 'oauth_clients', { timestamps: false })
+        ...tableOptions(sequelize, 'oauth_clients', options.tablePrefix, { timestamps: false })
     });
     return OAuthClientModel;
 }
 class OAuthCodeModel extends sequelize_1.Model {
 }
 exports.OAuthCodeModel = OAuthCodeModel;
-function initOAuthCodeModel(sequelize) {
+function initOAuthCodeModel(sequelize, options = {}) {
     const idType = integerIdType(sequelize);
     OAuthCodeModel.init({
         code: { type: sequelize_1.DataTypes.STRING(128), allowNull: false, primaryKey: true },
@@ -52,7 +63,7 @@ function initOAuthCodeModel(sequelize) {
         expires: { type: sequelize_1.DataTypes.DATE, allowNull: false },
         metadata: { type: sequelize_1.DataTypes.TEXT, allowNull: true, defaultValue: null }
     }, {
-        ...tableOptions(sequelize, 'oauth_codes', { timestamps: false })
+        ...tableOptions(sequelize, 'oauth_codes', options.tablePrefix, { timestamps: false })
     });
     return OAuthCodeModel;
 }

package/dist/cjs/oauth/sequelize.d.ts

@@ -19,7 +19,9 @@ export declare class OAuthClientModel extends Model<OAuthClientAttributes, OAuth
     metadata: string | null;
     first_party: boolean;
 }
-export declare function initOAuthClientModel(sequelize: Sequelize): typeof OAuthClientModel;
+export declare function initOAuthClientModel(sequelize: Sequelize, options?: {
+    tablePrefix?: string;
+}): typeof OAuthClientModel;
 export interface OAuthCodeAttributes {
     code: string;
     client_id: string;
@@ -43,13 +45,20 @@ export declare class OAuthCodeModel extends Model<OAuthCodeAttributes, OAuthCode
     expires: Date;
     metadata: string | null;
 }
-export declare function initOAuthCodeModel(sequelize: Sequelize): typeof OAuthCodeModel;
+export declare function initOAuthCodeModel(sequelize: Sequelize, options?: {
+    tablePrefix?: string;
+}): typeof OAuthCodeModel;
 export interface SequelizeOAuthStoreOptions {
     sequelize: Sequelize;
+    tablePrefix?: string;
     clientModel?: typeof OAuthClientModel;
     codeModel?: typeof OAuthCodeModel;
-    clientModelFactory?: (sequelize: Sequelize) => typeof OAuthClientModel;
-    codeModelFactory?: (sequelize: Sequelize) => typeof OAuthCodeModel;
+    clientModelFactory?: (sequelize: Sequelize, options?: {
+        tablePrefix?: string;
+    }) => typeof OAuthClientModel;
+    codeModelFactory?: (sequelize: Sequelize, options?: {
+        tablePrefix?: string;
+    }) => typeof OAuthCodeModel;
     bcryptRounds?: number;
 }
 export declare class SequelizeOAuthStore extends OAuthStore {

package/dist/cjs/oauth/sequelize.js

@@ -10,11 +10,22 @@ const bcryptjs_1 = __importDefault(require("bcryptjs"));
 const sequelize_1 = require("sequelize");
 const base_js_1 = require("./base.js");
 const DIALECTS_SUPPORTING_UNSIGNED = new Set(['mysql', 'mariadb']);
+function normalizeTablePrefix(prefix) {
+    if (!prefix) {
+        return undefined;
+    }
+    const trimmed = prefix.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+function applyTablePrefix(prefix, tableName) {
+    const normalized = normalizeTablePrefix(prefix);
+    return normalized ? `${normalized}${tableName}` : tableName;
+}
 function integerIdType(sequelize) {
     return DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect()) ? sequelize_1.DataTypes.INTEGER.UNSIGNED : sequelize_1.DataTypes.INTEGER;
 }
-function tableOptions(sequelize, tableName, extra) {
-    const opts = { sequelize, tableName };
+function tableOptions(sequelize, tableName, tablePrefix, extra) {
+    const opts = { sequelize, tableName: applyTablePrefix(tablePrefix, tableName) };
     if (extra) {
         Object.assign(opts, extra);
     }
@@ -27,7 +38,7 @@ function tableOptions(sequelize, tableName, extra) {
 class OAuthClientModel extends sequelize_1.Model {
 }
 exports.OAuthClientModel = OAuthClientModel;
-function initOAuthClientModel(sequelize) {
+function initOAuthClientModel(sequelize, options = {}) {
     OAuthClientModel.init({
         client_id: { type: sequelize_1.DataTypes.STRING(128), allowNull: false, primaryKey: true },
         client_secret: { type: sequelize_1.DataTypes.STRING(255), allowNull: false, defaultValue: '' },
@@ -36,13 +47,13 @@ function initOAuthClientModel(sequelize) {
         scope: { type: sequelize_1.DataTypes.TEXT, allowNull: false, defaultValue: '[]' },
         metadata: { type: sequelize_1.DataTypes.TEXT, allowNull: true, defaultValue: null },
         first_party: { type: sequelize_1.DataTypes.BOOLEAN, allowNull: false, defaultValue: false }
-    }, tableOptions(sequelize, 'oauth_clients', { timestamps: false }));
+    }, tableOptions(sequelize, 'oauth_clients', options.tablePrefix, { timestamps: false }));
     return OAuthClientModel;
 }
 class OAuthCodeModel extends sequelize_1.Model {
 }
 exports.OAuthCodeModel = OAuthCodeModel;
-function initOAuthCodeModel(sequelize) {
+function initOAuthCodeModel(sequelize, options = {}) {
     const idType = integerIdType(sequelize);
     OAuthCodeModel.init({
         code: { type: sequelize_1.DataTypes.STRING(128), allowNull: false, primaryKey: true },
@@ -54,7 +65,7 @@ function initOAuthCodeModel(sequelize) {
         code_challenge_method: { type: sequelize_1.DataTypes.STRING(10), allowNull: true, defaultValue: null },
         expires: { type: sequelize_1.DataTypes.DATE, allowNull: false },
         metadata: { type: sequelize_1.DataTypes.TEXT, allowNull: true, defaultValue: null }
-    }, tableOptions(sequelize, 'oauth_codes', { timestamps: false }));
+    }, tableOptions(sequelize, 'oauth_codes', options.tablePrefix, { timestamps: false }));
     return OAuthCodeModel;
 }
 function encodeStringArray(values) {
@@ -114,8 +125,16 @@ class SequelizeOAuthStore extends base_js_1.OAuthStore {
         if (!options?.sequelize) {
             throw new Error('SequelizeOAuthStore requires an initialised Sequelize instance');
         }
-        this.clients = options.clientModel ?? (options.clientModelFactory ?? initOAuthClientModel)(options.sequelize);
-        this.codes = options.codeModel ?? (options.codeModelFactory ?? initOAuthCodeModel)(options.sequelize);
+        this.clients =
+            options.clientModel ??
+                (options.clientModelFactory ?? initOAuthClientModel)(options.sequelize, {
+                    tablePrefix: options.tablePrefix
+                });
+        this.codes =
+            options.codeModel ??
+                (options.codeModelFactory ?? initOAuthCodeModel)(options.sequelize, {
+                    tablePrefix: options.tablePrefix
+                });
         this.bcryptRounds = options.bcryptRounds ?? 12;
     }
     async getClient(clientId) {

package/dist/cjs/passkey/models.d.ts

@@ -26,5 +26,9 @@ export declare class PasskeyChallengeModel extends Model<InferAttributes<Passkey
     createdAt?: Date;
     updatedAt?: Date;
 }
-export declare function initPasskeyCredentialModel(sequelize: Sequelize): ModelStatic<PasskeyCredentialModel>;
-export declare function initPasskeyChallengeModel(sequelize: Sequelize): ModelStatic<PasskeyChallengeModel>;
+export declare function initPasskeyCredentialModel(sequelize: Sequelize, options?: {
+    tablePrefix?: string;
+}): ModelStatic<PasskeyCredentialModel>;
+export declare function initPasskeyChallengeModel(sequelize: Sequelize, options?: {
+    tablePrefix?: string;
+}): ModelStatic<PasskeyChallengeModel>;

package/dist/cjs/passkey/models.js

@@ -5,6 +5,17 @@ exports.initPasskeyCredentialModel = initPasskeyCredentialModel;
 exports.initPasskeyChallengeModel = initPasskeyChallengeModel;
 const sequelize_1 = require("sequelize");
 const DIALECTS_SUPPORTING_UNSIGNED = new Set(['mysql', 'mariadb']);
+function normalizeTablePrefix(prefix) {
+    if (!prefix) {
+        return undefined;
+    }
+    const trimmed = prefix.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+function applyTablePrefix(prefix, tableName) {
+    const normalized = normalizeTablePrefix(prefix);
+    return normalized ? `${normalized}${tableName}` : tableName;
+}
 function integerIdType(sequelize) {
     return DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect()) ? sequelize_1.DataTypes.INTEGER.UNSIGNED : sequelize_1.DataTypes.INTEGER;
 }
@@ -14,7 +25,7 @@ exports.PasskeyCredentialModel = PasskeyCredentialModel;
 class PasskeyChallengeModel extends sequelize_1.Model {
 }
 exports.PasskeyChallengeModel = PasskeyChallengeModel;
-function initPasskeyCredentialModel(sequelize) {
+function initPasskeyCredentialModel(sequelize, options = {}) {
     const idType = integerIdType(sequelize);
     return PasskeyCredentialModel.init({
         credentialId: {
@@ -104,12 +115,12 @@ function initPasskeyCredentialModel(sequelize) {
         }
     }, {
         sequelize,
-        tableName: 'passkey_credentials',
+        tableName: applyTablePrefix(options.tablePrefix, 'passkey_credentials'),
         timestamps: true,
         underscored: true
     });
 }
-function initPasskeyChallengeModel(sequelize) {
+function initPasskeyChallengeModel(sequelize, options = {}) {
     const idType = integerIdType(sequelize);
     return PasskeyChallengeModel.init({
         challenge: {
@@ -137,7 +148,7 @@ function initPasskeyChallengeModel(sequelize) {
         }
     }, {
         sequelize,
-        tableName: 'passkey_challenges',
+        tableName: applyTablePrefix(options.tablePrefix, 'passkey_challenges'),
         timestamps: true,
         underscored: true,
         indexes: [{ fields: ['expires_at'] }, { fields: ['user_id'] }]

package/dist/cjs/passkey/sequelize.d.ts

@@ -31,10 +31,15 @@ declare class PasskeyChallengeModel extends Model<InferAttributes<PasskeyChallen
 }
 export interface SequelizePasskeyStoreOptions {
     sequelize: Sequelize;
+    tablePrefix?: string;
     credentialModel?: ModelStatic<PasskeyCredentialModel>;
     challengeModel?: ModelStatic<PasskeyChallengeModel>;
-    credentialModelFactory?: (sequelize: Sequelize) => ModelStatic<PasskeyCredentialModel>;
-    challengeModelFactory?: (sequelize: Sequelize) => ModelStatic<PasskeyChallengeModel>;
+    credentialModelFactory?: (sequelize: Sequelize, options?: {
+        tablePrefix?: string;
+    }) => ModelStatic<PasskeyCredentialModel>;
+    challengeModelFactory?: (sequelize: Sequelize, options?: {
+        tablePrefix?: string;
+    }) => ModelStatic<PasskeyChallengeModel>;
     resolveUser: (params: {
         userId?: AuthIdentifier;
         login?: string;

package/dist/cjs/passkey/sequelize.js

@@ -4,6 +4,17 @@ exports.SequelizePasskeyStore = void 0;
 const sequelize_1 = require("sequelize");
 const base_js_1 = require("./base.js");
 const DIALECTS_SUPPORTING_UNSIGNED = new Set(['mysql', 'mariadb']);
+function normalizeTablePrefix(prefix) {
+    if (!prefix) {
+        return undefined;
+    }
+    const trimmed = prefix.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+function applyTablePrefix(prefix, tableName) {
+    const normalized = normalizeTablePrefix(prefix);
+    return normalized ? `${normalized}${tableName}` : tableName;
+}
 function integerIdType(sequelize) {
     return DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect()) ? sequelize_1.DataTypes.INTEGER.UNSIGNED : sequelize_1.DataTypes.INTEGER;
 }
@@ -23,7 +34,7 @@ class PasskeyCredentialModel extends sequelize_1.Model {
 }
 class PasskeyChallengeModel extends sequelize_1.Model {
 }
-function initPasskeyCredentialModel(sequelize) {
+function initPasskeyCredentialModel(sequelize, options = {}) {
     const idType = integerIdType(sequelize);
     return PasskeyCredentialModel.init({
         credentialId: {
@@ -113,12 +124,12 @@ function initPasskeyCredentialModel(sequelize) {
         }
     }, {
         sequelize,
-        tableName: 'passkey_credentials',
+        tableName: applyTablePrefix(options.tablePrefix, 'passkey_credentials'),
         timestamps: true,
         underscored: true
     });
 }
-function initPasskeyChallengeModel(sequelize) {
+function initPasskeyChallengeModel(sequelize, options = {}) {
     const idType = integerIdType(sequelize);
     return PasskeyChallengeModel.init({
         challenge: {
@@ -146,7 +157,7 @@ function initPasskeyChallengeModel(sequelize) {
         }
     }, {
         sequelize,
-        tableName: 'passkey_challenges',
+        tableName: applyTablePrefix(options.tablePrefix, 'passkey_challenges'),
         timestamps: true,
         underscored: true,
         indexes: [{ fields: ['expires_at'] }, { fields: ['user_id'] }]
@@ -161,9 +172,14 @@ class SequelizePasskeyStore extends base_js_1.PasskeyStore {
         this.resolveUserFn = options.resolveUser;
         this.credentials =
             options.credentialModel ??
-                (options.credentialModelFactory ?? initPasskeyCredentialModel)(options.sequelize);
+                (options.credentialModelFactory ?? initPasskeyCredentialModel)(options.sequelize, {
+                    tablePrefix: options.tablePrefix
+                });
         this.challenges =
-            options.challengeModel ?? (options.challengeModelFactory ?? initPasskeyChallengeModel)(options.sequelize);
+            options.challengeModel ??
+                (options.challengeModelFactory ?? initPasskeyChallengeModel)(options.sequelize, {
+                    tablePrefix: options.tablePrefix
+                });
     }
     async resolveUser(params) {
         return this.resolveUserFn(params);

package/dist/cjs/token/sequelize.d.ts

@@ -27,8 +27,11 @@ export type TokenAttributes = InferAttributes<TokenModel>;
 export type TokenCreationAttributes = InferCreationAttributes<TokenModel>;
 export interface SequelizeTokenStoreOptions {
     sequelize: Sequelize;
+    tablePrefix?: string;
     tokenModel?: ModelStatic<TokenModel>;
-    tokenModelFactory?: (sequelize: Sequelize) => ModelStatic<TokenModel>;
+    tokenModelFactory?: (sequelize: Sequelize, options?: {
+        tablePrefix?: string;
+    }) => ModelStatic<TokenModel>;
 }
 export declare class SequelizeTokenStore extends TokenStore {
     readonly Tokens: ModelStatic<TokenModel>;

package/dist/cjs/token/sequelize.js

@@ -4,12 +4,23 @@ exports.SequelizeTokenStore = void 0;
 const sequelize_1 = require("sequelize");
 const base_js_1 = require("./base.js");
 const DIALECTS_SUPPORTING_UNSIGNED = new Set(['mysql', 'mariadb']);
+function normalizeTablePrefix(prefix) {
+    if (!prefix) {
+        return undefined;
+    }
+    const trimmed = prefix.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+function applyTablePrefix(prefix, tableName) {
+    const normalized = normalizeTablePrefix(prefix);
+    return normalized ? `${normalized}${tableName}` : tableName;
+}
 class TokenModel extends sequelize_1.Model {
 }
-function tokenTableOptions(sequelize) {
+function tokenTableOptions(sequelize, tablePrefix) {
     const opts = {
         sequelize,
-        tableName: 'jwttokens',
+        tableName: applyTablePrefix(tablePrefix, 'jwttokens'),
         timestamps: false
     };
     if (DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect())) {
@@ -18,7 +29,11 @@ function tokenTableOptions(sequelize) {
     }
     return opts;
 }
-function initTokenModel(sequelize) {
+function initTokenModel(sequelize, options = {}) {
+    const tableName = applyTablePrefix(options.tablePrefix, 'jwttokens');
+    const usePrefixedIndexNames = tableName !== 'jwttokens';
+    const accessIndexName = usePrefixedIndexNames ? `${tableName}_access_unique` : 'jwt_access_unique';
+    const refreshIndexName = usePrefixedIndexNames ? `${tableName}_refresh_unique` : 'jwt_refresh_unique';
     TokenModel.init({
         token_id: {
             type: DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect())
@@ -120,10 +135,10 @@ function initTokenModel(sequelize) {
             defaultValue: '[]'
         }
     }, {
-        ...tokenTableOptions(sequelize),
+        ...tokenTableOptions(sequelize, options.tablePrefix),
         indexes: [
-            { name: 'jwt_access_unique', unique: true, fields: ['access'] },
-            { name: 'jwt_refresh_unique', unique: true, fields: ['refresh'] }
+            { name: accessIndexName, unique: true, fields: ['access'] },
+            { name: refreshIndexName, unique: true, fields: ['refresh'] }
         ]
     });
     return TokenModel;
@@ -134,7 +149,11 @@ class SequelizeTokenStore extends base_js_1.TokenStore {
         if (!options?.sequelize) {
             throw new Error('SequelizeTokenStore requires an initialised Sequelize instance');
         }
-        this.Tokens = options.tokenModel ?? (options.tokenModelFactory ?? initTokenModel)(options.sequelize);
+        this.Tokens =
+            options.tokenModel ??
+                (options.tokenModelFactory ?? initTokenModel)(options.sequelize, {
+                    tablePrefix: options.tablePrefix
+                });
     }
     async save(record) {
         const normalized = this.normalizeToken(record);

package/dist/cjs/user/sequelize.d.ts

@@ -10,15 +10,20 @@ export declare class AuthUserModel extends Model<InferAttributes<AuthUserModel>,
 }
 export type AuthUserAttributes = InferAttributes<AuthUserModel>;
 export type AuthUserCreationAttributes = InferCreationAttributes<AuthUserModel>;
-export declare function initAuthUserModel(sequelize: Sequelize): typeof AuthUserModel;
+export declare function initAuthUserModel(sequelize: Sequelize, options?: {
+    tablePrefix?: string;
+}): typeof AuthUserModel;
 export type GenericUserModel = Model<Record<string, unknown>, Record<string, unknown>>;
 export type GenericUserModelStatic = ModelStatic<GenericUserModel>;
 export interface SequelizeUserStoreOptions<UserAttributes extends AuthUserAttributes = AuthUserAttributes, PublicUserShape extends Omit<UserAttributes, 'password'> = Omit<UserAttributes, 'password'>> {
     bcryptRounds?: number;
     bcryptPepper?: string;
     sequelize: Sequelize;
+    tablePrefix?: string;
     userModel?: GenericUserModelStatic;
-    userModelFactory?: (sequelize: Sequelize) => GenericUserModelStatic;
+    userModelFactory?: (sequelize: Sequelize, options?: {
+        tablePrefix?: string;
+    }) => GenericUserModelStatic;
     recordMapper?: (model: GenericUserModel) => UserAttributes;
     toPublic?: PublicUserMapper<UserAttributes, PublicUserShape>;
 }