@technomoron/api-server-base 2.0.0-beta.19 → 2.0.0-beta.20

package/dist/cjs/api-server-base.cjs

@@ -11,7 +11,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ApiServer = exports.ApiError = exports.ApiModule = void 0;
 const node_crypto_1 = require("node:crypto");
-const node_fs_1 = __importDefault(require("node:fs"));
+const promises_1 = require("node:fs/promises");
 const node_module_1 = require("node:module");
 const node_path_1 = __importDefault(require("node:path"));
 const cookie_parser_1 = __importDefault(require("cookie-parser"));
@@ -20,6 +20,7 @@ const express_1 = __importDefault(require("express"));
 const multer_1 = __importDefault(require("multer"));
 const module_js_1 = require("./auth-api/module.js");
 const storage_js_1 = require("./auth-api/storage.js");
+const user_id_js_1 = require("./auth-api/user-id.js");
 const auth_cookie_options_js_1 = require("./auth-cookie-options.js");
 const base_js_1 = require("./token/base.js");
 class JwtHelperStore extends base_js_1.TokenStore {
@@ -274,7 +275,9 @@ function collectClientIpChain(req) {
     }
     const realIp = req.headers['x-real-ip'];
     if (Array.isArray(realIp)) {
-        realIp.forEach((value) => pushNormalized(normalizeIpAddress(value)));
+        for (const value of realIp) {
+            pushNormalized(normalizeIpAddress(value));
+        }
     }
     else if (typeof realIp === 'string') {
         pushNormalized(normalizeIpAddress(realIp));
@@ -429,6 +432,10 @@ class ApiServer {
             this.canImpersonateAdapter = canImpersonate ?? null;
             this.storageAdapter = this.getServerAuthAdapter();
         }
+        if ((this.config.authApi || this.config.authStores) &&
+            (!this.config.accessSecret || !this.config.refreshSecret)) {
+            console.warn('[api-server-base] Auth is enabled but accessSecret and/or refreshSecret are empty. JWT signing will fail at runtime.');
+        }
         this.app = (0, express_1.default)();
         // Mount API modules and any custom endpoints under `apiBasePath` on this router so we can keep
         // the API 404 handler ordered last without relying on Express internals.
@@ -616,8 +623,8 @@ class ApiServer {
     async getToken(query, opts) {
         const normalized = {
             ...query,
-            userId: query.userId !== undefined && query.userId !== null ? String(query.userId) : undefined,
-            ruid: query.ruid !== undefined && query.ruid !== null ? String(query.ruid) : undefined
+            userId: (0, user_id_js_1.toOptionalStringId)(query.userId),
+            ruid: (0, user_id_js_1.toOptionalStringId)(query.ruid)
         };
         if (this.tokenStoreAdapter) {
             return this.tokenStoreAdapter.get(normalized, opts);
@@ -631,8 +638,8 @@ class ApiServer {
     async deleteToken(query) {
         const normalized = {
             ...query,
-            userId: query.userId !== undefined && query.userId !== null ? String(query.userId) : undefined,
-            ruid: query.ruid !== undefined && query.ruid !== null ? String(query.ruid) : undefined
+            userId: (0, user_id_js_1.toOptionalStringId)(query.userId),
+            ruid: (0, user_id_js_1.toOptionalStringId)(query.ruid)
         };
         if (this.tokenStoreAdapter) {
             return this.tokenStoreAdapter.delete(normalized);
@@ -795,7 +802,7 @@ class ApiServer {
             res.status(200).json({ success: true, code: 200, message: 'Success', data: payload, errors: {} });
         });
     }
-    loadSwaggerSpec() {
+    async loadSwaggerSpec() {
         const candidates = [node_path_1.default.resolve(process.cwd(), 'docs/swagger/openapi.json')];
         if (typeof __dirname === 'string') {
             candidates.push(node_path_1.default.resolve(__dirname, '../../docs/swagger/openapi.json'));
@@ -810,11 +817,14 @@ class ApiServer {
             // Ignore resolution failures; fall back to any existing candidate.
         }
         for (const candidate of candidates) {
-            if (!node_fs_1.default.existsSync(candidate)) {
+            try {
+                await (0, promises_1.access)(candidate);
+            }
+            catch {
                 continue;
             }
             try {
-                const raw = node_fs_1.default.readFileSync(candidate, 'utf8');
+                const raw = await (0, promises_1.readFile)(candidate, 'utf8');
                 return JSON.parse(raw);
             }
             catch {
@@ -832,12 +842,12 @@ class ApiServer {
         const base = this.apiBasePath === '/' ? '' : this.apiBasePath;
         const resolved = rawPath.length > 0 ? rawPath : `${base}/swagger`;
         const path = resolved.startsWith('/') ? resolved : `/${resolved}`;
-        let specCache;
-        this.app.get(path, (_req, res) => {
-            if (specCache === undefined) {
-                specCache = this.loadSwaggerSpec();
+        let specPromise;
+        this.app.get(path, async (_req, res) => {
+            if (!specPromise) {
+                specPromise = this.loadSwaggerSpec();
             }
-            const spec = specCache;
+            const spec = await specPromise;
             if (!spec) {
                 res.status(500).json({
                     success: false,
@@ -1050,7 +1060,7 @@ class ApiServer {
         let tokenData;
         let error;
         let expired = false;
-        if (!token || token === null) {
+        if (!token) {
             if (authType === 'maybe') {
                 if (!this.config.refreshMaybe) {
                     return null;
@@ -1203,9 +1213,6 @@ class ApiServer {
         if (rawReal === null) {
             return effectiveUserId;
         }
-        if (typeof rawReal === 'number' && rawReal === 0) {
-            return effectiveUserId;
-        }
         return rawReal;
     }
     useExpress(pathOrHandler, ...handlers) {
@@ -1429,9 +1436,29 @@ class ApiServer {
         console.log('URL:', url);
         console.log('Method:', req.method);
         console.log('Query Params:', req.query || {});
-        console.log('Body Params:', req.body || {});
-        console.log('Cookies:', req.cookies || {});
-        console.log('Headers:', req.headers);
+        const sensitiveBodyKeys = ['password', 'client_secret', 'clientSecret', 'secret'];
+        const body = req.body && typeof req.body === 'object' ? { ...req.body } : req.body;
+        if (body && typeof body === 'object') {
+            for (const key of sensitiveBodyKeys) {
+                if (key in body) {
+                    body[key] = '[REDACTED]';
+                }
+            }
+        }
+        console.log('Body Params:', body || {});
+        const cookies = req.cookies ? { ...req.cookies } : {};
+        const sensitiveCookieKeys = [this.config.accessCookie, this.config.refreshCookie];
+        for (const key of sensitiveCookieKeys) {
+            if (key in cookies) {
+                cookies[key] = '[REDACTED]';
+            }
+        }
+        console.log('Cookies:', cookies);
+        const headers = { ...req.headers };
+        if (headers.authorization) {
+            headers.authorization = '[REDACTED]';
+        }
+        console.log('Headers:', headers);
         console.log('------------------------');
     }
     formatDebugValue(value, maxLength = 50, seen = new WeakSet()) {

package/dist/cjs/auth-api/auth-module.js

@@ -157,6 +157,9 @@ class AuthModule extends module_js_1.BaseAuthModule {
             return candidate ? {} : { sessionCookie: true, refreshTtlSeconds: this.sessionRefreshTtlSeconds() };
         }
         if (typeof candidate === 'number') {
+            if (candidate === 0) {
+                return { sessionCookie: true, refreshTtlSeconds: this.sessionRefreshTtlSeconds() };
+            }
             const ttl = this.normalizeRefreshTtlSeconds(candidate);
             return ttl ? { sessionCookie: false, refreshTtlSeconds: ttl } : {};
         }
@@ -449,20 +452,12 @@ class AuthModule extends module_js_1.BaseAuthModule {
         this.assertAuthReady();
         const { login, password, ...metadata } = this.parseLoginBody(apiReq);
         const user = await this.storage.getUser(login);
-        if (!user) {
+        const hash = user ? this.storage.getUserPasswordHash(user) : '';
+        const verified = user ? await this.storage.verifyPassword(password, hash) : false;
+        if (!user || !verified) {
             throw new api_server_base_js_1.ApiError({
                 code: 400,
-                message: 'Invalid credentials',
-                errors: { login: 'Unknown user' }
-            });
-        }
-        const hash = this.storage.getUserPasswordHash(user);
-        const verified = await this.storage.verifyPassword(password, hash);
-        if (!verified) {
-            throw new api_server_base_js_1.ApiError({
-                code: 400,
-                message: 'Invalid credentials',
-                errors: { password: 'Wrong password' }
+                message: 'Invalid credentials'
             });
         }
         const pair = await this.issueTokens(apiReq, user, metadata);
@@ -504,6 +499,7 @@ class AuthModule extends module_js_1.BaseAuthModule {
             refreshTtlSeconds: sessionPrefs.refreshTtlSeconds ?? stored.refreshTtlSeconds,
             sessionCookie: sessionPrefs.sessionCookie ?? stored.sessionCookie
         };
+        await this.storage.deleteToken({ refreshToken: providedToken });
         const pair = await this.issueTokens(apiReq, user, metadata);
         const publicUser = this.storage.filterUser(user);
         return [200, { ...pair, user: publicUser }];
@@ -913,7 +909,7 @@ class AuthModule extends module_js_1.BaseAuthModule {
                 }
             }
         }
-        else if (!clientSecretProvided && client.clientSecret) {
+        else if (!clientSecretProvided && (client.hasSecret ?? Boolean(client.clientSecret))) {
             throw new api_server_base_js_1.ApiError({ code: 400, message: 'Client authentication required when no PKCE challenge present' });
         }
         const user = await this.getUserOrThrow(record.userId, 'User not found');
@@ -948,6 +944,7 @@ class AuthModule extends module_js_1.BaseAuthModule {
             throw new api_server_base_js_1.ApiError({ code: 400, message: 'Refresh token issued to another client' });
         }
         const user = await this.getUserOrThrow(stored.userId ?? verify.data.uid, 'User not found');
+        await this.storage.deleteToken({ refreshToken });
         const tokens = await this.issueTokens(apiReq, user, {
             clientId: client.clientId,
             scope: stored.scope,
@@ -956,11 +953,7 @@ class AuthModule extends module_js_1.BaseAuthModule {
             loginType: stored.loginType ?? 'oauth'
         });
         this.clearOAuthCookies(apiReq);
-        const scope = Array.isArray(stored.scope)
-            ? stored.scope
-            : typeof stored.scope === 'string'
-                ? stored.scope.split(/\s+/).filter((entry) => entry.length > 0)
-                : [];
+        const scope = Array.isArray(stored.scope) ? stored.scope : [];
         return [200, this.buildTokenResponse(tokens, client, scope)];
     }
     clearOAuthCookies(apiReq) {
@@ -1023,7 +1016,7 @@ class AuthModule extends module_js_1.BaseAuthModule {
         if (!client) {
             throw new api_server_base_js_1.ApiError({ code: 400, message: 'Unknown client_id' });
         }
-        const requiresSecret = !!client.clientSecret;
+        const requiresSecret = client.hasSecret ?? Boolean(client.clientSecret);
         if (requiresSecret) {
             if (!secretProvided) {
                 throw new api_server_base_js_1.ApiError({ code: 400, message: 'Client authentication is required' });
@@ -1059,17 +1052,10 @@ class AuthModule extends module_js_1.BaseAuthModule {
         const password = toStringOrNull(body.password);
         if (login && password) {
             const user = await this.storage.getUser(login);
-            if (!user) {
-                throw new api_server_base_js_1.ApiError({ code: 400, message: 'Invalid credentials', errors: { login: 'Unknown user' } });
-            }
-            const hash = this.storage.getUserPasswordHash(user);
-            const verified = await this.storage.verifyPassword(password, hash);
-            if (!verified) {
-                throw new api_server_base_js_1.ApiError({
-                    code: 400,
-                    message: 'Invalid credentials',
-                    errors: { password: 'Wrong password' }
-                });
+            const hash = user ? this.storage.getUserPasswordHash(user) : '';
+            const verified = user ? await this.storage.verifyPassword(password, hash) : false;
+            if (!user || !verified) {
+                throw new api_server_base_js_1.ApiError({ code: 400, message: 'Invalid credentials' });
             }
             return user;
         }

package/dist/cjs/auth-api/mem-auth-store.js

@@ -7,6 +7,7 @@ const memory_js_2 = require("../passkey/memory.js");
 const memory_js_3 = require("../token/memory.js");
 const memory_js_4 = require("../user/memory.js");
 const compat_auth_storage_js_1 = require("./compat-auth-storage.js");
+const user_id_js_1 = require("./user-id.js");
 class MemAuthStore {
     constructor(params = {}) {
         this.userStore = new memory_js_4.MemoryUserStore({
@@ -73,16 +74,16 @@ class MemAuthStore {
     async getToken(query, opts) {
         const normalized = {
             ...query,
-            userId: query.userId !== undefined && query.userId !== null ? String(query.userId) : undefined,
-            ruid: query.ruid !== undefined && query.ruid !== null ? String(query.ruid) : undefined
+            userId: (0, user_id_js_1.toOptionalStringId)(query.userId),
+            ruid: (0, user_id_js_1.toOptionalStringId)(query.ruid)
         };
         return this.adapter.getToken(normalized, opts);
     }
     async deleteToken(query) {
         const normalized = {
             ...query,
-            userId: query.userId !== undefined && query.userId !== null ? String(query.userId) : undefined,
-            ruid: query.ruid !== undefined && query.ruid !== null ? String(query.ruid) : undefined
+            userId: (0, user_id_js_1.toOptionalStringId)(query.userId),
+            ruid: (0, user_id_js_1.toOptionalStringId)(query.ruid)
         };
         return this.adapter.deleteToken(normalized);
     }

package/dist/cjs/auth-api/sql-auth-store.js

@@ -8,6 +8,7 @@ const sequelize_utils_js_1 = require("../sequelize-utils.js");
 const sequelize_js_3 = require("../token/sequelize.js");
 const sequelize_js_4 = require("../user/sequelize.js");
 const compat_auth_storage_js_1 = require("./compat-auth-storage.js");
+const user_id_js_1 = require("./user-id.js");
 function resolveTablePrefix(...prefixes) {
     for (const prefix of prefixes) {
         const normalized = (0, sequelize_utils_js_1.normalizeTablePrefix)(prefix);
@@ -106,6 +107,7 @@ class SqlAuthStore {
             }
         }
         finally {
+            // Prevent double-close errors when the same Sequelize instance is shared with other code.
             this.sequelize.close = async () => { };
         }
     }
@@ -130,16 +132,16 @@ class SqlAuthStore {
     async getToken(query, opts) {
         const normalized = {
             ...query,
-            userId: query.userId !== undefined && query.userId !== null ? String(query.userId) : undefined,
-            ruid: query.ruid !== undefined && query.ruid !== null ? String(query.ruid) : undefined
+            userId: (0, user_id_js_1.toOptionalStringId)(query.userId),
+            ruid: (0, user_id_js_1.toOptionalStringId)(query.ruid)
         };
         return this.adapter.getToken(normalized, opts);
     }
     async deleteToken(query) {
         const normalized = {
             ...query,
-            userId: query.userId !== undefined && query.userId !== null ? String(query.userId) : undefined,
-            ruid: query.ruid !== undefined && query.ruid !== null ? String(query.ruid) : undefined
+            userId: (0, user_id_js_1.toOptionalStringId)(query.userId),
+            ruid: (0, user_id_js_1.toOptionalStringId)(query.ruid)
         };
         return this.adapter.deleteToken(normalized);
     }

package/dist/cjs/auth-api/user-id.d.ts

@@ -2,3 +2,4 @@ import type { AuthIdentifier } from './types.js';
 export declare function normalizeComparableUserId(identifier: AuthIdentifier): string;
 export declare function normalizeNumericUserId(identifier: AuthIdentifier): number;
 export declare function normalizeStringUserId(identifier: AuthIdentifier): string;
+export declare function toOptionalStringId(value: AuthIdentifier | undefined | null): string | undefined;

package/dist/cjs/auth-api/user-id.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.normalizeComparableUserId = normalizeComparableUserId;
 exports.normalizeNumericUserId = normalizeNumericUserId;
 exports.normalizeStringUserId = normalizeStringUserId;
+exports.toOptionalStringId = toOptionalStringId;
 function normalizeComparableUserId(identifier) {
     if (typeof identifier === 'number' && Number.isFinite(identifier)) {
         return String(identifier);
@@ -29,3 +30,9 @@ function normalizeNumericUserId(identifier) {
 function normalizeStringUserId(identifier) {
     return normalizeComparableUserId(identifier);
 }
+function toOptionalStringId(value) {
+    if (value === undefined || value === null) {
+        return undefined;
+    }
+    return String(value);
+}

package/dist/cjs/auth-cookie-options.js

@@ -31,7 +31,16 @@ function buildAuthCookieOptions(config, req) {
     const forwardedProto = firstHeaderValue(req.headers['x-forwarded-proto']).split(',')[0].trim().toLowerCase();
     const isHttps = forwardedProto === 'https' || req.protocol === 'https';
     const origin = firstHeaderValue(req.headers.origin ?? req.headers.referer);
-    const secure = config.cookieSecure === true ? true : config.cookieSecure === false ? false : /* auto */ Boolean(isHttps);
+    let secure;
+    if (config.cookieSecure === true) {
+        secure = true;
+    }
+    else if (config.cookieSecure === false) {
+        secure = false;
+    }
+    else {
+        secure = isHttps;
+    }
     let sameSite = config.cookieSameSite ?? 'lax';
     if (sameSite !== 'lax' && sameSite !== 'strict' && sameSite !== 'none') {
         sameSite = 'lax';

package/dist/cjs/oauth/memory.d.ts

@@ -1,11 +1,15 @@
 import { OAuthStore, type AuthCode, type OAuthClient } from './base.js';
 export interface MemoryOAuthStoreOptions {
     bcryptRounds?: number;
+    maxClients?: number;
+    maxAuthCodes?: number;
 }
 export declare class MemoryOAuthStore extends OAuthStore {
     private readonly clients;
     private readonly codes;
     private readonly bcryptRounds;
+    private readonly maxClients?;
+    private readonly maxAuthCodes?;
     constructor(options?: MemoryOAuthStoreOptions);
     getClient(clientId: string): Promise<OAuthClient | null>;
     createClient(input: OAuthClient): Promise<OAuthClient>;
@@ -13,4 +17,6 @@ export declare class MemoryOAuthStore extends OAuthStore {
     createAuthCode(code: AuthCode): Promise<void>;
     consumeAuthCode(code: string): Promise<AuthCode | null>;
     close(): Promise<void>;
+    private enforceClientCapacity;
+    private enforceCodeCapacity;
 }

package/dist/cjs/oauth/memory.js

@@ -13,8 +13,7 @@ function cloneClient(client) {
     }
     return {
         clientId: client.clientId,
-        // clientSecret is stored hashed; do not return the hash.
-        clientSecret: client.clientSecret ? '__stored__' : undefined,
+        hasSecret: Boolean(client.clientSecret),
         name: client.name,
         redirectUris: [...client.redirectUris],
         scope: client.scope ? [...client.scope] : undefined,
@@ -25,18 +24,28 @@ function cloneClient(client) {
 function cloneCode(code) {
     return {
         ...code,
+        userId: (0, user_id_js_1.normalizeComparableUserId)(code.userId),
         scope: code.scope ? [...code.scope] : undefined,
         expiresAt: new Date(code.expiresAt),
         metadata: code.metadata ? { ...code.metadata } : undefined
     };
 }
-const normalizeUserId = user_id_js_1.normalizeNumericUserId;
 class MemoryOAuthStore extends base_js_1.OAuthStore {
     constructor(options = {}) {
         super();
         this.clients = new Map();
         this.codes = new Map();
         this.bcryptRounds = options.bcryptRounds ?? 12;
+        this.maxClients =
+            typeof options.maxClients === 'number' && Number.isFinite(options.maxClients) && options.maxClients > 0
+                ? Math.floor(options.maxClients)
+                : undefined;
+        this.maxAuthCodes =
+            typeof options.maxAuthCodes === 'number' &&
+                Number.isFinite(options.maxAuthCodes) &&
+                options.maxAuthCodes > 0
+                ? Math.floor(options.maxAuthCodes)
+                : undefined;
     }
     async getClient(clientId) {
         return cloneClient(this.clients.get(clientId));
@@ -53,6 +62,7 @@ class MemoryOAuthStore extends base_js_1.OAuthStore {
             firstParty: input.firstParty
         };
         this.clients.set(stored.clientId, stored);
+        this.enforceClientCapacity();
         return cloneClient(stored);
     }
     async verifyClientSecret(clientId, secret) {
@@ -71,23 +81,52 @@ class MemoryOAuthStore extends base_js_1.OAuthStore {
     async createAuthCode(code) {
         const record = {
             ...code,
-            userId: normalizeUserId(code.userId),
+            userId: (0, user_id_js_1.normalizeComparableUserId)(code.userId),
             scope: code.scope ? [...code.scope] : undefined,
             expiresAt: code.expiresAt,
             metadata: code.metadata ? { ...code.metadata } : undefined
         };
         this.codes.set(record.code, record);
+        this.enforceCodeCapacity();
     }
     async consumeAuthCode(code) {
         const record = this.codes.get(code);
         if (!record) {
             return null;
         }
+        if (record.expiresAt.getTime() <= Date.now()) {
+            this.codes.delete(code);
+            return null;
+        }
         this.codes.delete(code);
         return cloneCode(record);
     }
     async close() {
         return;
     }
+    enforceClientCapacity() {
+        if (!this.maxClients) {
+            return;
+        }
+        while (this.clients.size > this.maxClients) {
+            const oldest = this.clients.keys().next().value;
+            if (!oldest) {
+                return;
+            }
+            this.clients.delete(oldest);
+        }
+    }
+    enforceCodeCapacity() {
+        if (!this.maxAuthCodes) {
+            return;
+        }
+        while (this.codes.size > this.maxAuthCodes) {
+            const oldest = this.codes.keys().next().value;
+            if (!oldest) {
+                return;
+            }
+            this.codes.delete(oldest);
+        }
+    }
 }
 exports.MemoryOAuthStore = MemoryOAuthStore;

package/dist/cjs/oauth/models.d.ts

@@ -1,4 +1,5 @@
 import { Model, type Optional, type Sequelize } from 'sequelize';
+export { integerIdType, tableOptions } from '../sequelize-utils.js';
 export interface OAuthClientAttributes {
     client_id: string;
     client_secret: string;

package/dist/cjs/oauth/models.js

@@ -1,24 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.OAuthCodeModel = exports.OAuthClientModel = void 0;
+exports.OAuthCodeModel = exports.OAuthClientModel = exports.tableOptions = exports.integerIdType = void 0;
 exports.initOAuthClientModel = initOAuthClientModel;
 exports.initOAuthCodeModel = initOAuthCodeModel;
 const sequelize_1 = require("sequelize");
 const sequelize_utils_js_1 = require("../sequelize-utils.js");
-function integerIdType(sequelize) {
-    return sequelize_utils_js_1.DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect()) ? sequelize_1.DataTypes.INTEGER.UNSIGNED : sequelize_1.DataTypes.INTEGER;
-}
-function tableOptions(sequelize, tableName, tablePrefix, extra) {
-    const opts = { sequelize, tableName: (0, sequelize_utils_js_1.applyTablePrefix)(tablePrefix, tableName) };
-    if (extra) {
-        Object.assign(opts, extra);
-    }
-    if (sequelize_utils_js_1.DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect())) {
-        opts.charset = 'utf8mb4';
-        opts.collate = 'utf8mb4_unicode_ci';
-    }
-    return opts;
-}
+var sequelize_utils_js_2 = require("../sequelize-utils.js");
+Object.defineProperty(exports, "integerIdType", { enumerable: true, get: function () { return sequelize_utils_js_2.integerIdType; } });
+Object.defineProperty(exports, "tableOptions", { enumerable: true, get: function () { return sequelize_utils_js_2.tableOptions; } });
 class OAuthClientModel extends sequelize_1.Model {
 }
 exports.OAuthClientModel = OAuthClientModel;
@@ -32,7 +21,7 @@ function initOAuthClientModel(sequelize, options = {}) {
         metadata: { type: sequelize_1.DataTypes.TEXT, allowNull: true, defaultValue: null },
         first_party: { type: sequelize_1.DataTypes.BOOLEAN, allowNull: false, defaultValue: false }
     }, {
-        ...tableOptions(sequelize, 'oauth_clients', options.tablePrefix, { timestamps: false })
+        ...(0, sequelize_utils_js_1.tableOptions)(sequelize, 'oauth_clients', options.tablePrefix, { timestamps: false })
     });
     return OAuthClientModel;
 }
@@ -40,7 +29,7 @@ class OAuthCodeModel extends sequelize_1.Model {
 }
 exports.OAuthCodeModel = OAuthCodeModel;
 function initOAuthCodeModel(sequelize, options = {}) {
-    const idType = integerIdType(sequelize);
+    const idType = (0, sequelize_utils_js_1.integerIdType)(sequelize);
     OAuthCodeModel.init({
         code: { type: sequelize_1.DataTypes.STRING(128), allowNull: false, primaryKey: true },
         client_id: { type: sequelize_1.DataTypes.STRING(128), allowNull: false },
@@ -52,7 +41,7 @@ function initOAuthCodeModel(sequelize, options = {}) {
         expires: { type: sequelize_1.DataTypes.DATE, allowNull: false },
         metadata: { type: sequelize_1.DataTypes.TEXT, allowNull: true, defaultValue: null }
     }, {
-        ...tableOptions(sequelize, 'oauth_codes', options.tablePrefix, { timestamps: false })
+        ...(0, sequelize_utils_js_1.tableOptions)(sequelize, 'oauth_codes', options.tablePrefix, { timestamps: false })
     });
     return OAuthCodeModel;
 }

package/dist/cjs/oauth/sequelize.d.ts

@@ -1,66 +1,19 @@
-import { Model, type Optional, type Sequelize } from 'sequelize';
 import { OAuthStore, type AuthCode, type OAuthClient } from './base.js';
-export interface OAuthClientAttributes {
-    client_id: string;
-    client_secret: string;
-    name: string | null;
-    redirect_uris: string;
-    scope: string;
-    metadata: string | null;
-    first_party: boolean;
-}
-export type OAuthClientCreationAttributes = Optional<OAuthClientAttributes, 'client_secret' | 'name' | 'scope' | 'metadata' | 'first_party'>;
-export declare class OAuthClientModel extends Model<OAuthClientAttributes, OAuthClientCreationAttributes> implements OAuthClientAttributes {
-    client_id: string;
-    client_secret: string;
-    name: string | null;
-    redirect_uris: string;
-    scope: string;
-    metadata: string | null;
-    first_party: boolean;
-}
-export declare function initOAuthClientModel(sequelize: Sequelize, options?: {
-    tablePrefix?: string;
-}): typeof OAuthClientModel;
-export interface OAuthCodeAttributes {
-    code: string;
-    client_id: string;
-    user_id: number;
-    redirect_uri: string;
-    scope: string;
-    code_challenge: string | null;
-    code_challenge_method: 'plain' | 'S256' | null;
-    expires: Date;
-    metadata: string | null;
-}
-export type OAuthCodeCreationAttributes = Optional<OAuthCodeAttributes, 'code_challenge' | 'code_challenge_method' | 'metadata'>;
-export declare class OAuthCodeModel extends Model<OAuthCodeAttributes, OAuthCodeCreationAttributes> implements OAuthCodeAttributes {
-    code: string;
-    client_id: string;
-    user_id: number;
-    redirect_uri: string;
-    scope: string;
-    code_challenge: string | null;
-    code_challenge_method: 'plain' | 'S256' | null;
-    expires: Date;
-    metadata: string | null;
-}
-export declare function initOAuthCodeModel(sequelize: Sequelize, options?: {
-    tablePrefix?: string;
-}): typeof OAuthCodeModel;
+import { OAuthClientModel, OAuthCodeModel } from './models.js';
 export interface SequelizeOAuthStoreOptions {
-    sequelize: Sequelize;
+    sequelize: import('sequelize').Sequelize;
     tablePrefix?: string;
     clientModel?: typeof OAuthClientModel;
     codeModel?: typeof OAuthCodeModel;
-    clientModelFactory?: (sequelize: Sequelize, options?: {
+    clientModelFactory?: (sequelize: import('sequelize').Sequelize, options?: {
         tablePrefix?: string;
     }) => typeof OAuthClientModel;
-    codeModelFactory?: (sequelize: Sequelize, options?: {
+    codeModelFactory?: (sequelize: import('sequelize').Sequelize, options?: {
         tablePrefix?: string;
     }) => typeof OAuthCodeModel;
     bcryptRounds?: number;
 }
+export { OAuthClientModel, OAuthCodeModel, initOAuthClientModel, initOAuthCodeModel, type OAuthClientAttributes, type OAuthClientCreationAttributes, type OAuthCodeAttributes, type OAuthCodeCreationAttributes } from './models.js';
 export declare class SequelizeOAuthStore extends OAuthStore {
     private readonly clients;
     private readonly codes;