@technomoron/api-server-base 2.0.0-beta.2 → 2.0.0-beta.20

package/dist/esm/token/memory.js

@@ -1,17 +1,17 @@
 import { TokenStore } from './base.js';
 function comparableUserId(value) {
-    if (value === undefined || value === null) {
+    if (value === undefined) {
         return undefined;
     }
     return String(value);
 }
 function cloneToken(record) {
-    // this.normalizeToken is not available in static context; caller passes through instance.
-    // cloning handled via store instance methods.
-    const normalized = record;
     return {
-        ...normalized,
-        scope: normalized.scope ? [...normalized.scope] : undefined
+        ...record,
+        scope: record.scope ? [...record.scope] : undefined,
+        expires: record.expires ? new Date(record.expires) : undefined,
+        issuedAt: record.issuedAt ? new Date(record.issuedAt) : undefined,
+        lastSeenAt: record.lastSeenAt ? new Date(record.lastSeenAt) : undefined
     };
 }
 function matchesQuery(record, query, includeExpired) {
@@ -45,17 +45,63 @@ function matchesQuery(record, query, includeExpired) {
     return true;
 }
 export class MemoryTokenStore extends TokenStore {
-    constructor() {
-        super(...arguments);
-        this.tokens = [];
+    constructor(options = {}) {
+        super();
+        this.tokens = new Map();
+        this.tokensByUser = new Map();
+        this.maxTokens =
+            typeof options.maxTokens === 'number' && Number.isFinite(options.maxTokens) && options.maxTokens > 0
+                ? Math.floor(options.maxTokens)
+                : undefined;
+    }
+    indexToken(token) {
+        const userId = comparableUserId(token.userId);
+        if (!userId) {
+            return;
+        }
+        let userTokens = this.tokensByUser.get(userId);
+        if (!userTokens) {
+            userTokens = new Set();
+            this.tokensByUser.set(userId, userTokens);
+        }
+        userTokens.add(token.refreshToken);
+    }
+    unindexToken(token) {
+        const userId = comparableUserId(token.userId);
+        if (!userId) {
+            return;
+        }
+        const userTokens = this.tokensByUser.get(userId);
+        if (!userTokens) {
+            return;
+        }
+        userTokens.delete(token.refreshToken);
+        if (userTokens.size === 0) {
+            this.tokensByUser.delete(userId);
+        }
+    }
+    removeByRefreshToken(refreshToken) {
+        const existing = this.tokens.get(refreshToken);
+        if (!existing) {
+            return;
+        }
+        this.unindexToken(existing);
+        this.tokens.delete(refreshToken);
     }
     async save(record) {
         const stored = this.normalizeToken(record);
         const normalizedUserId = comparableUserId(stored.userId);
+        if (!normalizedUserId) {
+            throw new Error('userId is required');
+        }
         const domainProvided = record.domain !== undefined;
         const fingerprintProvided = record.fingerprint !== undefined;
-        for (let index = this.tokens.length - 1; index >= 0; index -= 1) {
-            const existing = this.tokens[index];
+        const userRefreshTokens = [...(this.tokensByUser.get(normalizedUserId) ?? [])];
+        for (const refreshToken of userRefreshTokens) {
+            const existing = this.tokens.get(refreshToken);
+            if (!existing) {
+                continue;
+            }
             if (comparableUserId(existing.userId) !== normalizedUserId) {
                 continue;
             }
@@ -68,44 +114,52 @@ export class MemoryTokenStore extends TokenStore {
             if (fingerprintProvided && existing.fingerprint !== stored.fingerprint) {
                 continue;
             }
-            this.tokens.splice(index, 1);
+            this.removeByRefreshToken(existing.refreshToken);
         }
-        this.tokens.push(stored);
+        this.removeByRefreshToken(stored.refreshToken);
+        this.tokens.set(stored.refreshToken, stored);
+        this.indexToken(stored);
+        this.enforceCapacity();
     }
     async get(query, opts) {
         if (!query.refreshToken && !query.accessToken && query.userId === undefined) {
             throw new Error('At least one token lookup field must be provided');
         }
         const includeExpired = opts?.includeExpired ?? false;
-        const record = this.tokens.find((token) => matchesQuery(token, query, includeExpired));
-        return record ? cloneToken(record) : null;
+        if (query.refreshToken) {
+            const record = this.tokens.get(query.refreshToken);
+            return record && matchesQuery(record, query, includeExpired) ? cloneToken(record) : null;
+        }
+        for (const token of this.tokens.values()) {
+            if (matchesQuery(token, query, includeExpired)) {
+                return cloneToken(token);
+            }
+        }
+        return null;
     }
     async delete(query) {
         if (!query.refreshToken && !query.accessToken && query.userId === undefined && !query.clientId) {
             return 0;
         }
         let removed = 0;
-        for (let index = this.tokens.length - 1; index >= 0; index -= 1) {
-            if (matchesQuery(this.tokens[index], query, true)) {
-                this.tokens.splice(index, 1);
+        const refreshTokens = [...this.tokens.keys()];
+        for (const refreshToken of refreshTokens) {
+            const token = this.tokens.get(refreshToken);
+            if (token && matchesQuery(token, query, true)) {
+                this.removeByRefreshToken(refreshToken);
                 removed += 1;
             }
         }
         return removed;
     }
     async update(params) {
-        const token = this.tokens.find((record) => {
-            if (record.refreshToken !== params.refreshToken) {
-                return false;
-            }
-            if (params.clientId && record.clientId !== params.clientId) {
-                return false;
-            }
-            return true;
-        });
+        const token = this.tokens.get(params.refreshToken);
         if (!token) {
             return false;
         }
+        if (params.clientId && token.clientId !== params.clientId) {
+            return false;
+        }
         const merged = { ...token };
         const maybeAssign = (key) => {
             const value = params[key];
@@ -113,8 +167,12 @@ export class MemoryTokenStore extends TokenStore {
                 merged[key] = value;
             }
         };
-        maybeAssign('accessToken');
-        maybeAssign('expires');
+        if (params.accessToken !== undefined && params.accessToken !== null) {
+            merged.accessToken = params.accessToken;
+        }
+        if (params.expires !== undefined && params.expires !== null) {
+            merged.expires = params.expires;
+        }
         maybeAssign('scope');
         maybeAssign('label');
         maybeAssign('domain');
@@ -125,16 +183,36 @@ export class MemoryTokenStore extends TokenStore {
         maybeAssign('os');
         maybeAssign('refreshTtlSeconds');
         maybeAssign('loginType');
-        maybeAssign('issuedAt');
-        maybeAssign('lastSeenAt');
+        if (params.issuedAt !== undefined && params.issuedAt !== null) {
+            merged.issuedAt = params.issuedAt;
+        }
+        if (params.lastSeenAt !== undefined && params.lastSeenAt !== null) {
+            merged.lastSeenAt = params.lastSeenAt;
+        }
         maybeAssign('sessionCookie');
         const normalized = this.normalizeToken(merged);
+        const previousUserId = token.userId;
+        const previousRefreshToken = token.refreshToken;
+        const userChanged = comparableUserId(previousUserId) !== comparableUserId(normalized.userId);
         Object.assign(token, normalized);
+        if (userChanged || previousRefreshToken !== token.refreshToken) {
+            this.unindexToken({ ...token, userId: previousUserId, refreshToken: previousRefreshToken });
+            this.indexToken(token);
+            if (previousRefreshToken !== token.refreshToken) {
+                this.tokens.delete(previousRefreshToken);
+                this.tokens.set(token.refreshToken, token);
+            }
+        }
         return true;
     }
     async list(userId, opts = {}) {
         const includeExpired = opts.includeExpired ?? false;
-        const filtered = this.tokens.filter((token) => matchesQuery(token, { userId: comparableUserId(userId) }, includeExpired));
+        const normalizedUserId = comparableUserId(userId);
+        const userRefreshTokens = normalizedUserId ? [...(this.tokensByUser.get(normalizedUserId) ?? [])] : [];
+        const filtered = userRefreshTokens
+            .map((refreshToken) => this.tokens.get(refreshToken))
+            .filter((token) => Boolean(token))
+            .filter((token) => matchesQuery(token, { userId: normalizedUserId }, includeExpired));
         const offset = opts.offset ?? 0;
         const limit = opts.limit ?? filtered.length;
         return filtered.slice(offset, offset + limit).map(cloneToken);
@@ -142,4 +220,16 @@ export class MemoryTokenStore extends TokenStore {
     async close() {
         return;
     }
+    enforceCapacity() {
+        if (!this.maxTokens) {
+            return;
+        }
+        while (this.tokens.size > this.maxTokens) {
+            const oldestRefresh = this.tokens.keys().next().value;
+            if (!oldestRefresh) {
+                return;
+            }
+            this.removeByRefreshToken(oldestRefresh);
+        }
+    }
 }

package/dist/esm/token/sequelize.d.ts

@@ -27,8 +27,11 @@ export type TokenAttributes = InferAttributes<TokenModel>;
 export type TokenCreationAttributes = InferCreationAttributes<TokenModel>;
 export interface SequelizeTokenStoreOptions {
     sequelize: Sequelize;
+    tablePrefix?: string;
     tokenModel?: ModelStatic<TokenModel>;
-    tokenModelFactory?: (sequelize: Sequelize) => ModelStatic<TokenModel>;
+    tokenModelFactory?: (sequelize: Sequelize, options?: {
+        tablePrefix?: string;
+    }) => ModelStatic<TokenModel>;
 }
 export declare class SequelizeTokenStore extends TokenStore {
     readonly Tokens: ModelStatic<TokenModel>;
@@ -49,10 +52,7 @@ export declare class SequelizeTokenStore extends TokenStore {
     close(): Promise<void>;
     private normalizeUserId;
     private resolveRealUserId;
-    private encodeStringArray;
-    private decodeStringArray;
     private encodeScope;
-    private decodeScope;
     private toTokenRecord;
 }
 export {};

package/dist/esm/token/sequelize.js

@@ -1,26 +1,17 @@
 import { DataTypes, Model, Op } from 'sequelize';
+import { normalizeStringUserId } from '../auth-api/user-id.js';
+import { applyTablePrefix, decodeStringArray, encodeStringArray, integerIdType, tableOptions } from '../sequelize-utils.js';
 import { TokenStore } from './base.js';
-const DIALECTS_SUPPORTING_UNSIGNED = new Set(['mysql', 'mariadb']);
 class TokenModel extends Model {
 }
-function tokenTableOptions(sequelize) {
-    const opts = {
-        sequelize,
-        tableName: 'jwttokens',
-        timestamps: false
-    };
-    if (DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect())) {
-        opts.charset = 'utf8mb4';
-        opts.collate = 'utf8mb4_unicode_ci';
-    }
-    return opts;
-}
-function initTokenModel(sequelize) {
+function initTokenModel(sequelize, options = {}) {
+    const tableName = applyTablePrefix(options.tablePrefix, 'jwttokens');
+    const usePrefixedIndexNames = tableName !== 'jwttokens';
+    const accessIndexName = usePrefixedIndexNames ? `${tableName}_access_unique` : 'jwt_access_unique';
+    const refreshIndexName = usePrefixedIndexNames ? `${tableName}_refresh_unique` : 'jwt_refresh_unique';
     TokenModel.init({
         token_id: {
-            type: DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect())
-                ? DataTypes.INTEGER.UNSIGNED
-                : DataTypes.INTEGER,
+            type: integerIdType(sequelize),
             autoIncrement: true,
             allowNull: false,
             primaryKey: true
@@ -49,11 +40,11 @@ function initTokenModel(sequelize) {
             defaultValue: DataTypes.NOW
         },
         access: {
-            type: DataTypes.STRING(512),
+            type: DataTypes.STRING(768),
             allowNull: false
         },
         refresh: {
-            type: DataTypes.STRING(512),
+            type: DataTypes.STRING(768),
             allowNull: false
         },
         domain: {
@@ -117,10 +108,10 @@ function initTokenModel(sequelize) {
             defaultValue: '[]'
         }
     }, {
-        ...tokenTableOptions(sequelize),
+        ...tableOptions(sequelize, 'jwttokens', options.tablePrefix, { timestamps: false }),
         indexes: [
-            { name: 'jwt_access_unique', unique: true, fields: ['access'] },
-            { name: 'jwt_refresh_unique', unique: true, fields: ['refresh'] }
+            { name: accessIndexName, unique: true, fields: ['access'] },
+            { name: refreshIndexName, unique: true, fields: ['refresh'] }
         ]
     });
     return TokenModel;
@@ -131,7 +122,11 @@ export class SequelizeTokenStore extends TokenStore {
         if (!options?.sequelize) {
             throw new Error('SequelizeTokenStore requires an initialised Sequelize instance');
         }
-        this.Tokens = options.tokenModel ?? (options.tokenModelFactory ?? initTokenModel)(options.sequelize);
+        this.Tokens =
+            options.tokenModel ??
+                (options.tokenModelFactory ?? initTokenModel)(options.sequelize, {
+                    tablePrefix: options.tablePrefix
+                });
     }
     async save(record) {
         const normalized = this.normalizeToken(record);
@@ -152,36 +147,50 @@ export class SequelizeTokenStore extends TokenStore {
         const lastSeenAt = normalized.lastSeenAt ?? issuedAt;
         const sessionCookie = normalized.sessionCookie ?? false;
         const removalWhere = { user_id: resolvedUserId };
-        if (normalized.domain !== undefined && record.domain !== undefined) {
+        if (record.domain !== undefined) {
             removalWhere.domain = domain;
         }
-        if (normalized.fingerprint !== undefined && record.fingerprint !== undefined) {
+        if (record.fingerprint !== undefined) {
             removalWhere.fingerprint = fingerprint;
         }
         if (normalized.clientId) {
             removalWhere.client_id = normalized.clientId;
         }
-        await this.Tokens.destroy({ where: removalWhere });
-        await this.Tokens.create({
-            user_id: resolvedUserId,
-            real_user_id: resolvedRealUserId,
-            access: normalized.accessToken ?? '',
-            refresh: normalized.refreshToken,
-            expires: normalized.expires,
-            issued_at: issuedAt,
-            last_seen_at: lastSeenAt,
-            domain,
-            fingerprint,
-            label,
-            browser,
-            device,
-            ip,
-            os,
-            client_id: normalized.clientId ?? null,
-            scope: this.encodeScope(normalized.scope),
-            login_type: loginType,
-            refresh_ttl_seconds: refreshTtlSeconds,
-            session_cookie: sessionCookie
+        const sequelize = this.Tokens.sequelize;
+        if (!sequelize) {
+            throw new Error('Token model is not bound to a Sequelize instance');
+        }
+        await sequelize.transaction(async (transaction) => {
+            await this.Tokens.destroy({ where: removalWhere, transaction });
+            // Access/refresh columns are unique. Remove stale collisions before insert to avoid
+            // transient uniqueness failures during retries/rotation edge-cases.
+            await this.Tokens.destroy({
+                where: {
+                    [Op.or]: [{ access: normalized.accessToken ?? '' }, { refresh: normalized.refreshToken }]
+                },
+                transaction
+            });
+            await this.Tokens.create({
+                user_id: resolvedUserId,
+                real_user_id: resolvedRealUserId,
+                access: normalized.accessToken ?? '',
+                refresh: normalized.refreshToken,
+                expires: normalized.expires,
+                issued_at: issuedAt,
+                last_seen_at: lastSeenAt,
+                domain,
+                fingerprint,
+                label,
+                browser,
+                device,
+                ip,
+                os,
+                client_id: normalized.clientId ?? null,
+                scope: this.encodeScope(normalized.scope),
+                login_type: loginType,
+                refresh_ttl_seconds: refreshTtlSeconds,
+                session_cookie: sessionCookie
+            }, { transaction });
         });
     }
     async get(query, opts) {
@@ -250,11 +259,11 @@ export class SequelizeTokenStore extends TokenStore {
             where.client_id = params.clientId;
         }
         const updates = {};
-        if (params.accessToken !== undefined) {
-            updates.access = params.accessToken ?? null;
+        if (params.accessToken !== undefined && params.accessToken !== null) {
+            updates.access = params.accessToken;
         }
-        if (params.expires !== undefined) {
-            updates.expires = params.expires ?? null;
+        if (params.expires !== undefined && params.expires !== null) {
+            updates.expires = params.expires;
         }
         if (params.scope !== undefined) {
             updates.scope = this.encodeScope(params.scope);
@@ -292,11 +301,11 @@ export class SequelizeTokenStore extends TokenStore {
         if (params.sessionCookie !== undefined) {
             updates.session_cookie = params.sessionCookie;
         }
-        if (params.issuedAt !== undefined) {
-            updates.issued_at = params.issuedAt ?? null;
+        if (params.issuedAt !== undefined && params.issuedAt !== null) {
+            updates.issued_at = params.issuedAt;
         }
-        if (params.lastSeenAt !== undefined) {
-            updates.last_seen_at = params.lastSeenAt ?? null;
+        if (params.lastSeenAt !== undefined && params.lastSeenAt !== null) {
+            updates.last_seen_at = params.lastSeenAt;
         }
         if (Object.keys(updates).length === 0) {
             return false;
@@ -321,10 +330,7 @@ export class SequelizeTokenStore extends TokenStore {
         return;
     }
     normalizeUserId(identifier) {
-        if (identifier === undefined || identifier === null) {
-            throw new Error(`Unable to normalise user identifier: ${identifier}`);
-        }
-        return String(identifier);
+        return normalizeStringUserId(identifier);
     }
     resolveRealUserId(ruid) {
         if (ruid === undefined || ruid === null) {
@@ -336,41 +342,17 @@ export class SequelizeTokenStore extends TokenStore {
         }
         return value;
     }
-    encodeStringArray(values) {
-        return JSON.stringify(values ?? []);
-    }
-    decodeStringArray(raw) {
-        if (!raw) {
-            return [];
-        }
-        try {
-            const parsed = JSON.parse(raw);
-            if (Array.isArray(parsed)) {
-                return parsed.filter((entry) => typeof entry === 'string' && entry.length > 0);
-            }
-        }
-        catch {
-            // ignore malformed values
-        }
-        return raw
-            .split(/\s+/)
-            .map((entry) => entry.trim())
-            .filter((entry) => entry.length > 0);
-    }
     encodeScope(scope) {
         if (!scope || (Array.isArray(scope) && scope.length === 0)) {
             return '[]';
         }
         if (Array.isArray(scope)) {
-            return this.encodeStringArray(scope);
+            return encodeStringArray(scope);
         }
-        return this.encodeStringArray(scope.split(/\s+/).filter((entry) => entry.length > 0));
-    }
-    decodeScope(raw) {
-        return this.decodeStringArray(raw);
+        return encodeStringArray(scope.split(/\s+/).filter((entry) => entry.length > 0));
     }
     toTokenRecord(model) {
-        const scope = this.decodeScope(model.scope);
+        const scope = decodeStringArray(model.scope);
         const normalized = this.normalizeToken({
             userId: model.user_id,
             refreshToken: model.refresh,

package/dist/esm/token/types.d.ts

@@ -9,14 +9,21 @@ export interface Token {
     status?: TokenStatus;
     ruid?: string;
     clientId?: string;
+    /**
+     * Optional session partition key. Token stores may use `domain` and `fingerprint`
+     * to replace previous sessions that match the same bucket.
+     */
     domain?: string;
+    /**
+     * Optional device/session fingerprint used together with `domain` for session bucketing.
+     */
     fingerprint?: string;
     label?: string;
     browser?: string;
     device?: string;
     ip?: string;
     os?: string;
-    scope?: string | string[];
+    scope?: string[];
     loginType?: string;
     refreshTtlSeconds?: number;
     sessionCookie?: boolean;

package/dist/esm/user/base.d.ts

@@ -9,6 +9,7 @@ export declare abstract class UserStore<User, PublicUser> {
         bcryptRounds?: number;
         bcryptPepper?: string;
     });
+    private applyPepper;
     protected hashPassword(plain: string): Promise<string>;
     verifyPassword(plain: string, hashed: string): Promise<boolean>;
     protected normalizeUserInput(input: Partial<CreateUserInput>): CreateUserInput;

package/dist/esm/user/base.js

@@ -1,3 +1,4 @@
+import { createHmac } from 'node:crypto';
 import bcrypt from 'bcryptjs';
 export class UserStore {
     constructor(opts = {}) {
@@ -9,12 +10,18 @@ export class UserStore {
         this.bcryptPepper =
             typeof opts.bcryptPepper === 'string' && opts.bcryptPepper.length > 0 ? opts.bcryptPepper : undefined;
     }
+    applyPepper(plain) {
+        if (!this.bcryptPepper) {
+            return plain;
+        }
+        return createHmac('sha256', this.bcryptPepper).update(plain).digest('hex');
+    }
     async hashPassword(plain) {
-        const candidate = this.bcryptPepper ? `${plain}${this.bcryptPepper}` : plain;
+        const candidate = this.applyPepper(plain);
         return bcrypt.hash(candidate, this.bcryptRounds);
     }
     async verifyPassword(plain, hashed) {
-        const candidate = this.bcryptPepper ? `${plain}${this.bcryptPepper}` : plain;
+        const candidate = this.applyPepper(plain);
         return bcrypt.compare(candidate, hashed);
     }
     normalizeUserInput(input) {
@@ -29,8 +36,8 @@ export class UserStore {
     toPublic(user) {
         const mapped = this.toPublicUser(user);
         if (mapped && typeof mapped === 'object') {
-            const { password: _password, ...rest } = mapped;
-            void _password;
+            const rest = { ...mapped };
+            delete rest.password;
             return rest;
         }
         return mapped;

package/dist/esm/user/memory.d.ts

@@ -14,12 +14,14 @@ export interface MemoryUserStoreOptions<UserAttributes extends MemoryUserAttribu
     toPublic?: PublicUserMapper<UserAttributes, PublicUserShape>;
     userIdFactory?: () => number;
     startingUserId?: number;
+    maxUsers?: number;
 }
 export declare class MemoryUserStore<UserAttributes extends MemoryUserAttributes = MemoryUserAttributes, PublicUserShape extends Omit<UserAttributes, 'password'> = Omit<UserAttributes, 'password'>> extends UserStore<UserAttributes, PublicUserShape> {
     private readonly usersById;
     private readonly loginToId;
     private readonly emailToId;
     private readonly userIdFactory;
+    private readonly maxUsers?;
     private nextUserId;
     constructor(options?: MemoryUserStoreOptions<UserAttributes, PublicUserShape>);
     findUser(identifier: AuthIdentifier | string): Promise<UserAttributes | null>;

package/dist/esm/user/memory.js

@@ -1,16 +1,8 @@
+import { normalizeNumericUserId } from '../auth-api/user-id.js';
 import { UserStore } from './base.js';
 function cloneUser(user) {
     return { ...user };
 }
-function normalizeUserId(identifier) {
-    if (typeof identifier === 'number' && Number.isFinite(identifier)) {
-        return identifier;
-    }
-    if (typeof identifier === 'string' && /^\d+$/.test(identifier)) {
-        return Number(identifier);
-    }
-    throw new Error(`Unable to normalise user identifier: ${identifier}`);
-}
 export class MemoryUserStore extends UserStore {
     constructor(options = {}) {
         super({
@@ -22,6 +14,10 @@ export class MemoryUserStore extends UserStore {
         this.loginToId = new Map();
         this.emailToId = new Map();
         this.nextUserId = Number.isFinite(options.startingUserId) ? Number(options.startingUserId) : 1;
+        this.maxUsers =
+            typeof options.maxUsers === 'number' && Number.isFinite(options.maxUsers) && options.maxUsers > 0
+                ? Math.floor(options.maxUsers)
+                : undefined;
         this.userIdFactory =
             options.userIdFactory ??
                 (() => {
@@ -56,7 +52,7 @@ export class MemoryUserStore extends UserStore {
     }
     async findById(id) {
         try {
-            const numeric = normalizeUserId(id);
+            const numeric = normalizeNumericUserId(id);
             const user = this.usersById.get(numeric);
             return user ? cloneUser(user) : null;
         }
@@ -74,6 +70,9 @@ export class MemoryUserStore extends UserStore {
         if (this.usersById.has(userId)) {
             throw new Error(`User ${userId} already exists`);
         }
+        if (this.maxUsers !== undefined && this.usersById.size >= this.maxUsers) {
+            throw new Error('MemoryUserStore maxUsers limit reached');
+        }
         if (this.loginToId.has(normalizedInput.login)) {
             throw new Error(`User with login ${normalizedInput.login} already exists`);
         }

package/dist/esm/user/sequelize.d.ts

@@ -10,15 +10,20 @@ export declare class AuthUserModel extends Model<InferAttributes<AuthUserModel>,
 }
 export type AuthUserAttributes = InferAttributes<AuthUserModel>;
 export type AuthUserCreationAttributes = InferCreationAttributes<AuthUserModel>;
-export declare function initAuthUserModel(sequelize: Sequelize): typeof AuthUserModel;
+export declare function initAuthUserModel(sequelize: Sequelize, options?: {
+    tablePrefix?: string;
+}): typeof AuthUserModel;
 export type GenericUserModel = Model<Record<string, unknown>, Record<string, unknown>>;
 export type GenericUserModelStatic = ModelStatic<GenericUserModel>;
 export interface SequelizeUserStoreOptions<UserAttributes extends AuthUserAttributes = AuthUserAttributes, PublicUserShape extends Omit<UserAttributes, 'password'> = Omit<UserAttributes, 'password'>> {
     bcryptRounds?: number;
     bcryptPepper?: string;
     sequelize: Sequelize;
+    tablePrefix?: string;
     userModel?: GenericUserModelStatic;
-    userModelFactory?: (sequelize: Sequelize) => GenericUserModelStatic;
+    userModelFactory?: (sequelize: Sequelize, options?: {
+        tablePrefix?: string;
+    }) => GenericUserModelStatic;
     recordMapper?: (model: GenericUserModel) => UserAttributes;
     toPublic?: PublicUserMapper<UserAttributes, PublicUserShape>;
 }