@tyravel/auth 0.1.0

package/dist/auth-manager.d.ts

@@ -0,0 +1,27 @@
+import type { TyravelRequest } from '@tyravel/http';
+import type { Middleware } from '@tyravel/http';
+import { SessionGuard } from './session-guard.js';
+import type { Authenticatable, AuthConfig, Guard } from './types.js';
+type WebResponse = globalThis.Response;
+export declare class AuthManager {
+    private readonly config;
+    private readonly guards;
+    private readonly sessionGuardName;
+    private defaultGuard;
+    constructor(config: AuthConfig, guardFactories: Record<string, () => Guard>, sessionGuardName: string);
+    guard(name?: string): Guard;
+    sessionGuard(): SessionGuard;
+    user(guardName?: string): Authenticatable | null;
+    id(guardName?: string): string | number | null;
+    check(guardName?: string): Promise<boolean>;
+    attempt(credentials: Record<string, string>, guardName?: string): Promise<boolean>;
+    login(user: Authenticatable, guardName?: string): Promise<void>;
+    logout(guardName?: string): Promise<void>;
+    startRequest(request: TyravelRequest): Promise<void>;
+    endRequest(response: WebResponse): Promise<WebResponse>;
+}
+export declare function createAuthMiddleware(auth: AuthManager, guardName?: string): Middleware;
+export declare function createGuestMiddleware(auth: AuthManager, guardName?: string): Middleware;
+export declare function createStartSessionMiddleware(auth: AuthManager): Middleware;
+export { SessionGuard } from './session-guard.js';
+//# sourceMappingURL=auth-manager.d.ts.map

package/dist/auth-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAGhD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,KAAK,EAAE,eAAe,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAErE,KAAK,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC;AAEvC,qBAAa,WAAW;IAMpB,OAAO,CAAC,QAAQ,CAAC,MAAM;IALzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA4B;IACnD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,YAAY,CAAS;gBAGV,MAAM,EAAE,UAAU,EACnC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,KAAK,CAAC,EAC3C,gBAAgB,EAAE,MAAM;IAS1B,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,KAAK;IAS3B,YAAY,IAAI,YAAY;IAQ5B,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI;IAIhD,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,IAAI;IAIxC,KAAK,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK3C,OAAO,CACX,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,OAAO,CAAC;IAKb,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/D,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOzC,YAAY,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAcpD,UAAU,CAAC,QAAQ,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;CAG9D;AAED,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,CAYtF;AAED,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,CASvF;AAED,wBAAgB,4BAA4B,CAAC,IAAI,EAAE,WAAW,GAAG,UAAU,CAM1E;AAED,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/auth-manager.js

@@ -0,0 +1,102 @@
+import { Response as HttpResponse } from '@tyravel/http';
+import { AuthenticationException } from './exceptions.js';
+import { SessionGuard } from './session-guard.js';
+export class AuthManager {
+    config;
+    guards = new Map();
+    sessionGuardName;
+    defaultGuard;
+    constructor(config, guardFactories, sessionGuardName) {
+        this.config = config;
+        this.defaultGuard = config.defaults.guard;
+        this.sessionGuardName = sessionGuardName;
+        for (const [name, factory] of Object.entries(guardFactories)) {
+            this.guards.set(name, factory());
+        }
+    }
+    guard(name) {
+        const guardName = name ?? this.defaultGuard;
+        const guard = this.guards.get(guardName);
+        if (!guard) {
+            throw new Error(`Auth guard not configured: ${guardName}`);
+        }
+        return guard;
+    }
+    sessionGuard() {
+        const guard = this.guards.get(this.sessionGuardName);
+        if (!guard || !(guard instanceof SessionGuard)) {
+            throw new Error(`Session guard not configured: ${this.sessionGuardName}`);
+        }
+        return guard;
+    }
+    user(guardName) {
+        return this.guard(guardName).user();
+    }
+    id(guardName) {
+        return this.guard(guardName).id();
+    }
+    async check(guardName) {
+        const result = this.guard(guardName).check();
+        return result instanceof Promise ? result : result;
+    }
+    async attempt(credentials, guardName) {
+        const guard = this.sessionGuard();
+        return guard.attempt(credentials);
+    }
+    async login(user, guardName) {
+        if (guardName && guardName !== this.sessionGuardName) {
+            throw new Error('Login is only supported on the session guard.');
+        }
+        await this.sessionGuard().login(user);
+    }
+    async logout(guardName) {
+        if (guardName && guardName !== this.sessionGuardName) {
+            return;
+        }
+        await this.sessionGuard().logout();
+    }
+    async startRequest(request) {
+        for (const guard of this.guards.values()) {
+            guard.setRequest(request);
+        }
+        await this.sessionGuard().startSession();
+        for (const guard of this.guards.values()) {
+            if ('authenticate' in guard && typeof guard.authenticate === 'function') {
+                await guard.authenticate();
+            }
+        }
+    }
+    async endRequest(response) {
+        return this.sessionGuard().persistSession(response);
+    }
+}
+export function createAuthMiddleware(auth, guardName) {
+    return async (request, next) => {
+        const guard = auth.guard(guardName);
+        const ok = guard.check();
+        const authenticated = ok instanceof Promise ? await ok : ok;
+        if (!authenticated) {
+            throw new AuthenticationException();
+        }
+        request.user = guard.user();
+        return next();
+    };
+}
+export function createGuestMiddleware(auth, guardName) {
+    return async (_request, next) => {
+        const session = auth.sessionGuard();
+        if (session.check()) {
+            return HttpResponse.json({ message: 'Already authenticated.' }, { status: 409 });
+        }
+        return next();
+    };
+}
+export function createStartSessionMiddleware(auth) {
+    return async (request, next) => {
+        await auth.startRequest(request);
+        const response = await next();
+        return auth.endRequest(response);
+    };
+}
+export { SessionGuard } from './session-guard.js';
+//# sourceMappingURL=auth-manager.js.map

package/dist/auth-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-manager.js","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,IAAI,YAAY,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAMlD,MAAM,OAAO,WAAW;IAMH;IALF,MAAM,GAAG,IAAI,GAAG,EAAiB,CAAC;IAClC,gBAAgB,CAAS;IAClC,YAAY,CAAS;IAE7B,YACmB,MAAkB,EACnC,cAA2C,EAC3C,gBAAwB;QAFP,WAAM,GAAN,MAAM,CAAY;QAInC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAC1C,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;QACzC,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YAC7D,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAa;QACjB,MAAM,SAAS,GAAG,IAAI,IAAI,IAAI,CAAC,YAAY,CAAC;QAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,8BAA8B,SAAS,EAAE,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,YAAY;QACV,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QACrD,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,KAAK,YAAY,YAAY,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,iCAAiC,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAC5E,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC,SAAkB;QACrB,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;IACtC,CAAC;IAED,EAAE,CAAC,SAAkB;QACnB,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,SAAkB;QAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,CAAC;QAC7C,OAAO,MAAM,YAAY,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,OAAO,CACX,WAAmC,EACnC,SAAkB;QAElB,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAClC,OAAO,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,IAAqB,EAAE,SAAkB;QACnD,IAAI,SAAS,IAAI,SAAS,KAAK,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QACD,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAkB;QAC7B,IAAI,SAAS,IAAI,SAAS,KAAK,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACrD,OAAO;QACT,CAAC;QACD,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAAuB;QACxC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;YACzC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC5B,CAAC;QAED,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC,YAAY,EAAE,CAAC;QAEzC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;YACzC,IAAI,cAAc,IAAI,KAAK,IAAI,OAAO,KAAK,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBACxE,MAAO,KAAoB,CAAC,YAAY,EAAE,CAAC;YAC7C,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAqB;QACpC,OAAO,IAAI,CAAC,YAAY,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACtD,CAAC;CACF;AAED,MAAM,UAAU,oBAAoB,CAAC,IAAiB,EAAE,SAAkB;IACxE,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACpC,MAAM,EAAE,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,MAAM,aAAa,GAAG,EAAE,YAAY,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,uBAAuB,EAAE,CAAC;QACtC,CAAC;QAED,OAAO,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC5B,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAiB,EAAE,SAAkB;IACzE,OAAO,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;QAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACpC,IAAI,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;YACpB,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACnF,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,IAAiB;IAC5D,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC7B,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QACjC,MAAM,QAAQ,GAAG,MAAM,IAAI,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC,CAAC;AACJ,CAAC;AAED,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/auth.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=auth.test.d.ts.map

package/dist/auth.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.test.d.ts","sourceRoot":"","sources":["../src/auth.test.ts"],"names":[],"mappings":""}

package/dist/auth.test.js

@@ -0,0 +1,67 @@
+import { describe, expect, it } from 'vitest';
+import { TyravelRequest } from '@tyravel/http';
+import { Hasher } from './hasher.js';
+import { MemorySessionStore, SessionGuard } from './index.js';
+class StubUser {
+    id;
+    passwordHash;
+    constructor(id, passwordHash) {
+        this.id = id;
+        this.passwordHash = passwordHash;
+    }
+    getAuthIdentifier() {
+        return this.id;
+    }
+    getAuthPassword() {
+        return this.passwordHash;
+    }
+}
+class StubProvider {
+    hasher;
+    constructor(hasher) {
+        this.hasher = hasher;
+    }
+    async retrieveById(id) {
+        if (Number(id) === 1) {
+            return new StubUser(1, this.hasher.make('secret'));
+        }
+        return null;
+    }
+    async retrieveByCredentials(credentials) {
+        if (credentials.email === 'a@b.c') {
+            return new StubUser(1, this.hasher.make('secret'));
+        }
+        return null;
+    }
+    async validateCredentials(user, credentials) {
+        return this.hasher.check(credentials.password ?? '', user.getAuthPassword());
+    }
+}
+describe('SessionGuard', () => {
+    const config = {
+        cookie: 'tyravel_session',
+        lifetimeMinutes: 120,
+        table: 'sessions',
+    };
+    it('logs in and sets session cookie', async () => {
+        const hasher = new Hasher();
+        const guard = new SessionGuard('web', new StubProvider(hasher), new MemorySessionStore(), config);
+        const request = new TyravelRequest(new Request('http://localhost/login', { method: 'POST' }));
+        guard.setRequest(request);
+        await guard.startSession();
+        await guard.attempt({ email: 'a@b.c', password: 'secret' });
+        expect(guard.check()).toBe(true);
+        expect(guard.id()).toBe(1);
+        const response = await guard.persistSession(new globalThis.Response(JSON.stringify({ ok: true }), { status: 200 }));
+        expect(response.headers.get('set-cookie')).toContain('tyravel_session=');
+    });
+});
+describe('Hasher', () => {
+    it('hashes and verifies passwords', () => {
+        const hasher = new Hasher();
+        const hash = hasher.make('password');
+        expect(hasher.check('password', hash)).toBe(true);
+        expect(hasher.check('wrong', hash)).toBe(false);
+    });
+});
+//# sourceMappingURL=auth.test.js.map

package/dist/auth.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.test.js","sourceRoot":"","sources":["../src/auth.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAI9D,MAAM,QAAQ;IAEO;IACA;IAFnB,YACmB,EAAU,EACV,YAAoB;QADpB,OAAE,GAAF,EAAE,CAAQ;QACV,iBAAY,GAAZ,YAAY,CAAQ;IACpC,CAAC;IAEJ,iBAAiB;QACf,OAAO,IAAI,CAAC,EAAE,CAAC;IACjB,CAAC;IAED,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;CACF;AAED,MAAM,YAAY;IACa;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,KAAK,CAAC,YAAY,CAAC,EAAmB;QACpC,IAAI,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;YACrB,OAAO,IAAI,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,WAAmC;QAEnC,IAAI,WAAW,CAAC,KAAK,KAAK,OAAO,EAAE,CAAC;YAClC,OAAO,IAAI,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,IAAqB,EACrB,WAAmC;QAEnC,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,QAAQ,IAAI,EAAE,EAAE,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC;IAC/E,CAAC;CACF;AAED,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,MAAM,MAAM,GAA0B;QACpC,MAAM,EAAE,iBAAiB;QACzB,eAAe,EAAE,GAAG;QACpB,KAAK,EAAE,UAAU;KAClB,CAAC;IAEF,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,IAAI,YAAY,CAC5B,KAAK,EACL,IAAI,YAAY,CAAC,MAAM,CAAC,EACxB,IAAI,kBAAkB,EAAE,EACxB,MAAM,CACP,CAAC;QACF,MAAM,OAAO,GAAG,IAAI,cAAc,CAChC,IAAI,OAAO,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAC1D,CAAC;QACF,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC1B,MAAM,KAAK,CAAC,YAAY,EAAE,CAAC;QAE3B,MAAM,KAAK,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC5D,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAE3B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,CACzC,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CACvE,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;IACtB,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/authorization-exceptions.d.ts

@@ -0,0 +1,7 @@
+export declare class AuthorizationException extends Error {
+    constructor(message?: string);
+}
+export declare class InvalidResetTokenException extends Error {
+    constructor(message?: string);
+}
+//# sourceMappingURL=authorization-exceptions.d.ts.map

package/dist/authorization-exceptions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-exceptions.d.ts","sourceRoot":"","sources":["../src/authorization-exceptions.ts"],"names":[],"mappings":"AAAA,qBAAa,sBAAuB,SAAQ,KAAK;gBACnC,OAAO,SAAiC;CAIrD;AAED,qBAAa,0BAA2B,SAAQ,KAAK;gBACvC,OAAO,SAA0C;CAI9D"}

package/dist/authorization-exceptions.js

@@ -0,0 +1,13 @@
+export class AuthorizationException extends Error {
+    constructor(message = 'This action is unauthorized.') {
+        super(message);
+        this.name = 'AuthorizationException';
+    }
+}
+export class InvalidResetTokenException extends Error {
+    constructor(message = 'This password reset token is invalid.') {
+        super(message);
+        this.name = 'InvalidResetTokenException';
+    }
+}
+//# sourceMappingURL=authorization-exceptions.js.map

package/dist/authorization-exceptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-exceptions.js","sourceRoot":"","sources":["../src/authorization-exceptions.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAC/C,YAAY,OAAO,GAAG,8BAA8B;QAClD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF;AAED,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAO,GAAG,uCAAuC;QAC3D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,4BAA4B,CAAC;IAC3C,CAAC;CACF"}

package/dist/exceptions.d.ts

@@ -0,0 +1,7 @@
+export declare class AuthenticationException extends Error {
+    constructor(message?: string);
+}
+export declare class InvalidCredentialsException extends Error {
+    constructor(message?: string);
+}
+//# sourceMappingURL=exceptions.d.ts.map

package/dist/exceptions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exceptions.d.ts","sourceRoot":"","sources":["../src/exceptions.ts"],"names":[],"mappings":"AAAA,qBAAa,uBAAwB,SAAQ,KAAK;gBACpC,OAAO,SAAqB;CAIzC;AAED,qBAAa,2BAA4B,SAAQ,KAAK;gBACxC,OAAO,SAAgD;CAIpE"}

package/dist/exceptions.js

@@ -0,0 +1,13 @@
+export class AuthenticationException extends Error {
+    constructor(message = 'Unauthenticated.') {
+        super(message);
+        this.name = 'AuthenticationException';
+    }
+}
+export class InvalidCredentialsException extends Error {
+    constructor(message = 'These credentials do not match our records.') {
+        super(message);
+        this.name = 'InvalidCredentialsException';
+    }
+}
+//# sourceMappingURL=exceptions.js.map

package/dist/exceptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exceptions.js","sourceRoot":"","sources":["../src/exceptions.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAChD,YAAY,OAAO,GAAG,kBAAkB;QACtC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IACpD,YAAY,OAAO,GAAG,6CAA6C;QACjE,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF"}

package/dist/gate.d.ts

@@ -0,0 +1,16 @@
+import type { Container } from '@tyravel/container';
+import type { Constructor } from '@tyravel/container';
+import type { Authenticatable } from './types.js';
+import type { PolicyConstructor } from './types.js';
+export declare class Gate {
+    private readonly container;
+    private readonly policyMap;
+    constructor(container: Container, policies?: Record<string, PolicyConstructor>);
+    policy(model: Constructor<unknown>, policy: PolicyConstructor): this;
+    allows(user: Authenticatable | null, ability: string, model?: unknown): Promise<boolean>;
+    authorize(user: Authenticatable | null, ability: string, model?: unknown): Promise<void>;
+    denyUnless(user: Authenticatable | null, ability: string, model?: unknown): Promise<void>;
+    private resolvePolicy;
+}
+export declare function createAuthorizeMiddleware(gate: Gate, ability: string, resolveModel?: (request: import('@tyravel/http').TyravelRequest) => Promise<unknown> | unknown): import('@tyravel/http').Middleware;
+//# sourceMappingURL=gate.d.ts.map

package/dist/gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gate.d.ts","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAIpD,qBAAa,IAAI;IAIb,OAAO,CAAC,QAAQ,CAAC,SAAS;IAH5B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAwC;gBAG/C,SAAS,EAAE,SAAS,EACrC,QAAQ,GAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAM;IAOlD,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,iBAAiB,GAAG,IAAI;IAK9D,MAAM,CACV,IAAI,EAAE,eAAe,GAAG,IAAI,EAC5B,OAAO,EAAE,MAAM,EACf,KAAK,CAAC,EAAE,OAAO,GACd,OAAO,CAAC,OAAO,CAAC;IAmBb,SAAS,CACb,IAAI,EAAE,eAAe,GAAG,IAAI,EAC5B,OAAO,EAAE,MAAM,EACf,KAAK,CAAC,EAAE,OAAO,GACd,OAAO,CAAC,IAAI,CAAC;IAOV,UAAU,CACd,IAAI,EAAE,eAAe,GAAG,IAAI,EAC5B,OAAO,EAAE,MAAM,EACf,KAAK,CAAC,EAAE,OAAO,GACd,OAAO,CAAC,IAAI,CAAC;IAIhB,OAAO,CAAC,aAAa;CAuBtB;AAED,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,MAAM,EACf,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,eAAe,EAAE,cAAc,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,GAC7F,OAAO,eAAe,EAAE,UAAU,CAOpC"}

package/dist/gate.js

@@ -0,0 +1,66 @@
+import { AuthorizationException } from './authorization-exceptions.js';
+export class Gate {
+    container;
+    policyMap = new Map();
+    constructor(container, policies = {}) {
+        this.container = container;
+        for (const [modelName, policy] of Object.entries(policies)) {
+            this.policyMap.set(modelName, policy);
+        }
+    }
+    policy(model, policy) {
+        this.policyMap.set(model.name, policy);
+        return this;
+    }
+    async allows(user, ability, model) {
+        if (!user) {
+            return false;
+        }
+        const policy = this.resolvePolicy(model);
+        if (!policy) {
+            return false;
+        }
+        const handler = policy[ability];
+        if (typeof handler !== 'function') {
+            return false;
+        }
+        const result = await handler.call(policy, user, model);
+        return Boolean(result);
+    }
+    async authorize(user, ability, model) {
+        const allowed = await this.allows(user, ability, model);
+        if (!allowed) {
+            throw new AuthorizationException();
+        }
+    }
+    async denyUnless(user, ability, model) {
+        await this.authorize(user, ability, model);
+    }
+    resolvePolicy(model) {
+        if (!model) {
+            return null;
+        }
+        const modelName = typeof model === 'object' && model !== null && 'constructor' in model
+            ? model.constructor.name
+            : typeof model === 'function'
+                ? model.name
+                : undefined;
+        if (!modelName) {
+            return null;
+        }
+        const PolicyClass = this.policyMap.get(modelName);
+        if (!PolicyClass) {
+            return null;
+        }
+        return this.container.make(PolicyClass);
+    }
+}
+export function createAuthorizeMiddleware(gate, ability, resolveModel) {
+    return async (request, next) => {
+        const user = request.user;
+        const model = resolveModel ? await resolveModel(request) : undefined;
+        await gate.authorize(user, ability, model);
+        return next();
+    };
+}
+//# sourceMappingURL=gate.js.map

package/dist/gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gate.js","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAEvE,MAAM,OAAO,IAAI;IAII;IAHF,SAAS,GAAG,IAAI,GAAG,EAA6B,CAAC;IAElE,YACmB,SAAoB,EACrC,WAA8C,EAAE;QAD/B,cAAS,GAAT,SAAS,CAAW;QAGrC,KAAK,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAA2B,EAAE,MAAyB;QAC3D,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,MAAM,CACV,IAA4B,EAC5B,OAAe,EACf,KAAe;QAEf,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,OAAO,GAAI,MAAkC,CAAC,OAAO,CAAC,CAAC;QAC7D,IAAI,OAAO,OAAO,KAAK,UAAU,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QACvD,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,SAAS,CACb,IAA4B,EAC5B,OAAe,EACf,KAAe;QAEf,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,sBAAsB,EAAE,CAAC;QACrC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CACd,IAA4B,EAC5B,OAAe,EACf,KAAe;QAEf,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAC7C,CAAC;IAEO,aAAa,CAAC,KAAe;QACnC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,SAAS,GACb,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,aAAa,IAAI,KAAK;YACnE,CAAC,CAAE,KAAK,CAAC,WAAgC,CAAC,IAAI;YAC9C,CAAC,CAAC,OAAO,KAAK,KAAK,UAAU;gBAC3B,CAAC,CAAE,KAA0B,CAAC,IAAI;gBAClC,CAAC,CAAC,SAAS,CAAC;QAElB,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC1C,CAAC;CACF;AAED,MAAM,UAAU,yBAAyB,CACvC,IAAU,EACV,OAAe,EACf,YAA8F;IAE9F,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QAC7B,MAAM,IAAI,GAAG,OAAO,CAAC,IAA8B,CAAC;QACpD,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACrE,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QAC3C,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}

package/dist/gate.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=gate.test.d.ts.map

package/dist/gate.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gate.test.d.ts","sourceRoot":"","sources":["../src/gate.test.ts"],"names":[],"mappings":""}

package/dist/gate.test.js

@@ -0,0 +1,33 @@
+import { describe, expect, it } from 'vitest';
+import { Container } from '@tyravel/container';
+import { Gate, Policy } from './index.js';
+import { AuthorizationException } from './authorization-exceptions.js';
+class Post {
+    id = 1;
+}
+class PostPolicy extends Policy {
+    update(user, post) {
+        return user.getAuthIdentifier() === post.id;
+    }
+}
+const user = {
+    getAuthIdentifier: () => 1,
+    getAuthPassword: () => 'x',
+};
+describe('Gate', () => {
+    it('authorizes when policy allows', async () => {
+        const container = new Container();
+        container.bind(PostPolicy, () => new PostPolicy());
+        const gate = new Gate(container, { Post: PostPolicy });
+        await expect(gate.authorize(user, 'update', new Post())).resolves.toBeUndefined();
+    });
+    it('throws when policy denies', async () => {
+        const container = new Container();
+        container.bind(PostPolicy, () => new PostPolicy());
+        const gate = new Gate(container, { Post: PostPolicy });
+        const post = new Post();
+        post.id = 2;
+        await expect(gate.authorize(user, 'update', post)).rejects.toBeInstanceOf(AuthorizationException);
+    });
+});
+//# sourceMappingURL=gate.test.js.map

package/dist/gate.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gate.test.js","sourceRoot":"","sources":["../src/gate.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAE1C,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAEvE,MAAM,IAAI;IACR,EAAE,GAAG,CAAC,CAAC;CACR;AAED,MAAM,UAAW,SAAQ,MAAM;IAC7B,MAAM,CAAC,IAAqB,EAAE,IAAU;QACtC,OAAO,IAAI,CAAC,iBAAiB,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;IAC9C,CAAC;CACF;AAED,MAAM,IAAI,GAAoB;IAC5B,iBAAiB,EAAE,GAAG,EAAE,CAAC,CAAC;IAC1B,eAAe,EAAE,GAAG,EAAE,CAAC,GAAG;CAC3B,CAAC;AAEF,QAAQ,CAAC,MAAM,EAAE,GAAG,EAAE;IACpB,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;QAC7C,MAAM,SAAS,GAAG,IAAI,SAAS,EAAE,CAAC;QAClC,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,EAAE,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;QAEvD,MAAM,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;IACpF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;QACzC,MAAM,SAAS,GAAG,IAAI,SAAS,EAAE,CAAC;QAClC,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,EAAE,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;QACvD,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QACxB,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC;QAEZ,MAAM,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CACvE,sBAAsB,CACvB,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/hasher.d.ts

@@ -0,0 +1,5 @@
+export declare class Hasher {
+    make(plain: string): string;
+    check(plain: string, hashed: string): boolean;
+}
+//# sourceMappingURL=hasher.d.ts.map

package/dist/hasher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hasher.d.ts","sourceRoot":"","sources":["../src/hasher.ts"],"names":[],"mappings":"AAKA,qBAAa,MAAM;IACjB,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAM3B,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;CA0B9C"}

package/dist/hasher.js

@@ -0,0 +1,28 @@
+import { randomBytes, scryptSync, timingSafeEqual } from 'node:crypto';
+const SCRYPT_PARAMS = { N: 16384, r: 8, p: 1 };
+const KEY_LENGTH = 64;
+export class Hasher {
+    make(plain) {
+        const salt = randomBytes(16);
+        const hash = scryptSync(plain, salt, KEY_LENGTH, SCRYPT_PARAMS);
+        return `scrypt:${salt.toString('base64url')}:${hash.toString('base64url')}`;
+    }
+    check(plain, hashed) {
+        if (!hashed.startsWith('scrypt:')) {
+            return false;
+        }
+        const parts = hashed.split(':');
+        const salt = parts[1];
+        const digest = parts[2];
+        if (!salt || !digest) {
+            return false;
+        }
+        const expected = Buffer.from(digest, 'base64url');
+        const actual = scryptSync(plain, Buffer.from(salt, 'base64url'), expected.length, SCRYPT_PARAMS);
+        if (expected.length !== actual.length) {
+            return false;
+        }
+        return timingSafeEqual(expected, actual);
+    }
+}
+//# sourceMappingURL=hasher.js.map

package/dist/hasher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hasher.js","sourceRoot":"","sources":["../src/hasher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEvE,MAAM,aAAa,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAW,CAAC;AACxD,MAAM,UAAU,GAAG,EAAE,CAAC;AAEtB,MAAM,OAAO,MAAM;IACjB,IAAI,CAAC,KAAa;QAChB,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;QAChE,OAAO,UAAU,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;IAC9E,CAAC;IAED,KAAK,CAAC,KAAa,EAAE,MAAc;QACjC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACrB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,UAAU,CACvB,KAAK,EACL,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,EAC9B,QAAQ,CAAC,MAAM,EACf,aAAa,CACd,CAAC;QAEF,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;YACtC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC3C,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,18 @@
+export { AuthManager, createAuthMiddleware, createGuestMiddleware, createStartSessionMiddleware, } from './auth-manager.js';
+export { SessionGuard } from './session-guard.js';
+export { TokenGuard } from './token-guard.js';
+export { Gate, createAuthorizeMiddleware } from './gate.js';
+export { Policy } from './policy.js';
+export { OAuthManager, GithubOAuthDriver, GoogleOAuthDriver } from './oauth.js';
+export type { OAuthUserProfile, OAuthDriver } from './oauth.js';
+export { PasswordResetBroker } from './password-reset-broker.js';
+export { PersonalAccessTokenRepository } from './personal-access-token-repository.js';
+export { AuthenticationException, InvalidCredentialsException } from './exceptions.js';
+export { AuthorizationException, InvalidResetTokenException, } from './authorization-exceptions.js';
+export { Hasher } from './hasher.js';
+export { Session } from './session.js';
+export { DatabaseSessionStore, MemorySessionStore } from './session-store.js';
+export { EloquentUserProvider } from './user-provider.js';
+export type { UserProvider } from './user-provider.js';
+export type { Authenticatable, AuthConfig, EloquentUserProviderConfig, Guard, GuardConfig, SessionGuardConfig, TokenGuardConfig, UserModelConstructor, PasswordBrokerConfig, OAuthProviderConfig, PolicyConstructor, NewAccessToken, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,oBAAoB,EACpB,qBAAqB,EACrB,4BAA4B,GAC7B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,yBAAyB,EAAE,MAAM,WAAW,CAAC;AAC5D,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAChF,YAAY,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,6BAA6B,EAAE,MAAM,uCAAuC,CAAC;AACtF,OAAO,EAAE,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AACvF,OAAO,EACL,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC9E,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1D,YAAY,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACvD,YAAY,EACV,eAAe,EACf,UAAU,EACV,0BAA0B,EAC1B,KAAK,EACL,WAAW,EACX,kBAAkB,EAClB,gBAAgB,EAChB,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,iBAAiB,EACjB,cAAc,GACf,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,15 @@
+export { AuthManager, createAuthMiddleware, createGuestMiddleware, createStartSessionMiddleware, } from './auth-manager.js';
+export { SessionGuard } from './session-guard.js';
+export { TokenGuard } from './token-guard.js';
+export { Gate, createAuthorizeMiddleware } from './gate.js';
+export { Policy } from './policy.js';
+export { OAuthManager, GithubOAuthDriver, GoogleOAuthDriver } from './oauth.js';
+export { PasswordResetBroker } from './password-reset-broker.js';
+export { PersonalAccessTokenRepository } from './personal-access-token-repository.js';
+export { AuthenticationException, InvalidCredentialsException } from './exceptions.js';
+export { AuthorizationException, InvalidResetTokenException, } from './authorization-exceptions.js';
+export { Hasher } from './hasher.js';
+export { Session } from './session.js';
+export { DatabaseSessionStore, MemorySessionStore } from './session-store.js';
+export { EloquentUserProvider } from './user-provider.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,oBAAoB,EACpB,qBAAqB,EACrB,4BAA4B,GAC7B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,yBAAyB,EAAE,MAAM,WAAW,CAAC;AAC5D,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEhF,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,6BAA6B,EAAE,MAAM,uCAAuC,CAAC;AACtF,OAAO,EAAE,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AACvF,OAAO,EACL,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC9E,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/oauth.d.ts

@@ -0,0 +1,40 @@
+import type { DatabaseConnection } from '@tyravel/database';
+import type { OAuthProviderConfig } from './types.js';
+import type { Authenticatable, UserModelConstructor } from './types.js';
+export interface OAuthUserProfile {
+    id: string;
+    email: string | null;
+    name: string | null;
+    avatar: string | null;
+}
+export interface OAuthDriver {
+    readonly name: string;
+    authorizationUrl(state: string): string;
+    exchangeCode(code: string): Promise<OAuthUserProfile>;
+}
+export declare class GithubOAuthDriver implements OAuthDriver {
+    private readonly config;
+    readonly name = "github";
+    constructor(config: OAuthProviderConfig);
+    authorizationUrl(state: string): string;
+    exchangeCode(code: string): Promise<OAuthUserProfile>;
+}
+export declare class GoogleOAuthDriver implements OAuthDriver {
+    private readonly config;
+    readonly name = "google";
+    constructor(config: OAuthProviderConfig);
+    authorizationUrl(state: string): string;
+    exchangeCode(code: string): Promise<OAuthUserProfile>;
+}
+export declare class OAuthManager {
+    private readonly connection;
+    private readonly accountsTable;
+    private readonly userModel;
+    private readonly drivers;
+    constructor(providers: Record<string, OAuthProviderConfig>, connection: DatabaseConnection, accountsTable: string, userModel: UserModelConstructor);
+    createState(): string;
+    redirectUrl(provider: string, state: string): string;
+    handleCallback(provider: string, code: string): Promise<OAuthUserProfile>;
+    findOrCreateUser(provider: string, profile: OAuthUserProfile): Promise<Authenticatable>;
+}
+//# sourceMappingURL=oauth.d.ts.map

package/dist/oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAE5D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,KAAK,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAExE,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAUD,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC;IACxC,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;CACvD;AAED,qBAAa,iBAAkB,YAAW,WAAW;IAGvC,OAAO,CAAC,QAAQ,CAAC,MAAM;IAFnC,QAAQ,CAAC,IAAI,YAAY;gBAEI,MAAM,EAAE,mBAAmB;IAExD,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAUjC,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;CA2C5D;AAED,qBAAa,iBAAkB,YAAW,WAAW;IAGvC,OAAO,CAAC,QAAQ,CAAC,MAAM;IAFnC,QAAQ,CAAC,IAAI,YAAY;gBAEI,MAAM,EAAE,mBAAmB;IAExD,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAYjC,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;CAoC5D;AAED,qBAAa,YAAY;IAKrB,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAN5B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAkC;gBAGxD,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,EAC7B,UAAU,EAAE,kBAAkB,EAC9B,aAAa,EAAE,MAAM,EACrB,SAAS,EAAE,oBAAoB;IAWlD,WAAW,IAAI,MAAM;IAIrB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM;IAS9C,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IASzE,gBAAgB,CACpB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,gBAAgB,GACxB,OAAO,CAAC,eAAe,CAAC;CAuD5B"}