@upyo/smtp 0.5.0-dev.120 → 0.5.0-dev.136

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.cts CHANGED
@@ -182,19 +182,63 @@ interface SmtpConfig {
182
182
  /**
183
183
  * Authentication configuration for SMTP connections.
184
184
  *
185
- * Defines the credentials and authentication method to use when
186
- * connecting to an SMTP server that requires authentication.
185
+ * This is a discriminated union of the supported authentication strategies:
186
+ *
187
+ * - {@link SmtpUserPassAuth}: traditional username/password authentication
188
+ * (SASL `PLAIN`, `LOGIN`, …), discriminated by the `pass` field.
189
+ * - {@link SmtpOAuth2TokenAuth}: OAuth 2.0 authentication using a static or
190
+ * dynamically provided access token, discriminated by the `accessToken`
191
+ * field.
192
+ * - {@link SmtpOAuth2RefreshAuth}: OAuth 2.0 authentication using the built-in
193
+ * `refresh_token` grant flow, discriminated by the `refreshToken` field.
194
+ *
195
+ * @example
196
+ * ```typescript
197
+ * // Username/password
198
+ * const passwordAuth: SmtpAuth = {
199
+ * user: 'username@domain.com',
200
+ * pass: 'password',
201
+ * method: 'plain' // or 'login', 'cram-md5'
202
+ * };
203
+ *
204
+ * // OAuth 2.0 with a (possibly refreshing) access token
205
+ * const tokenAuth: SmtpAuth = {
206
+ * user: 'username@gmail.com',
207
+ * accessToken: 'ya29.a0Af…',
208
+ * method: 'xoauth2' // or 'oauthbearer'
209
+ * };
210
+ * ```
211
+ */
212
+ type SmtpAuth = SmtpUserPassAuth | SmtpOAuth2TokenAuth | SmtpOAuth2RefreshAuth;
213
+ /**
214
+ * OAuth 2.0 access token aggregate that supplies access tokens on demand.
215
+ *
216
+ * The transport invokes the provider each time it needs to authenticate a new
217
+ * connection, which lets the caller plug in an external OAuth client (e.g.,
218
+ * `google-auth-library` or `msal-node`) and refresh expired tokens
219
+ * transparently.
220
+ *
221
+ * @param signal An optional {@link AbortSignal} to cancel token acquisition.
222
+ * @returns The OAuth 2.0 access token (bearer token), or a promise of it.
223
+ * @since 0.5.0
224
+ */
225
+ type OAuth2TokenProvider = (signal?: AbortSignal) => string | Promise<string>;
226
+ /**
227
+ * Username/password authentication configuration for SMTP connections.
228
+ *
229
+ * Defines the credentials and SASL method to use when connecting to an SMTP
230
+ * server that requires password-based authentication.
187
231
  *
188
232
  * @example
189
233
  * ```typescript
190
- * const auth: SmtpAuth = {
234
+ * const auth: SmtpUserPassAuth = {
191
235
  * user: 'username@domain.com',
192
236
  * pass: 'password',
193
237
  * method: 'plain' // or 'login', 'cram-md5'
194
238
  * };
195
239
  * ```
196
240
  */
197
- interface SmtpAuth {
241
+ interface SmtpUserPassAuth {
198
242
  /**
199
243
  * Username for authentication.
200
244
  */
@@ -209,6 +253,110 @@ interface SmtpAuth {
209
253
  */
210
254
  readonly method?: "plain" | "login" | "cram-md5";
211
255
  }
256
+ /**
257
+ * OAuth 2.0 authentication configuration using a directly supplied access
258
+ * token.
259
+ *
260
+ * The `accessToken` may be a static string or an {@link OAuth2TokenProvider}
261
+ * callback that returns a fresh token on demand. Use the callback form to
262
+ * integrate an external OAuth client (such as `google-auth-library` or
263
+ * `msal-node`) so that expired tokens are refreshed automatically.
264
+ *
265
+ * @example
266
+ * ```typescript
267
+ * const auth: SmtpOAuth2TokenAuth = {
268
+ * user: 'username@gmail.com',
269
+ * accessToken: async () => await getFreshAccessToken(),
270
+ * method: 'xoauth2',
271
+ * };
272
+ * ```
273
+ * @since 0.5.0
274
+ */
275
+ interface SmtpOAuth2TokenAuth {
276
+ /**
277
+ * The user (email address) to authenticate as.
278
+ */
279
+ readonly user: string;
280
+ /**
281
+ * The OAuth 2.0 access token, or a provider callback returning one.
282
+ *
283
+ * When a callback is given, it is invoked every time a new connection is
284
+ * authenticated, allowing the caller to refresh expired tokens.
285
+ */
286
+ readonly accessToken: string | OAuth2TokenProvider;
287
+ /**
288
+ * The SASL mechanism to use. When omitted, the mechanism is chosen
289
+ * automatically based on the server's advertised capabilities, preferring
290
+ * `xoauth2`.
291
+ * @default "xoauth2"
292
+ */
293
+ readonly method?: "xoauth2" | "oauthbearer";
294
+ }
295
+ /**
296
+ * OAuth 2.0 authentication configuration using the built-in `refresh_token`
297
+ * grant flow.
298
+ *
299
+ * The transport exchanges the refresh token for an access token at the given
300
+ * token endpoint and caches it until shortly before it expires, refreshing it
301
+ * automatically as needed. No external OAuth library is required.
302
+ *
303
+ * @example
304
+ * ```typescript
305
+ * const auth: SmtpOAuth2RefreshAuth = {
306
+ * user: 'username@gmail.com',
307
+ * clientId: '…apps.googleusercontent.com',
308
+ * clientSecret: '…',
309
+ * refreshToken: '1//…',
310
+ * tokenEndpoint: 'https://oauth2.googleapis.com/token',
311
+ * };
312
+ * ```
313
+ * @since 0.5.0
314
+ */
315
+ interface SmtpOAuth2RefreshAuth {
316
+ /**
317
+ * The user (email address) to authenticate as.
318
+ */
319
+ readonly user: string;
320
+ /**
321
+ * The OAuth 2.0 client identifier.
322
+ */
323
+ readonly clientId: string;
324
+ /**
325
+ * The OAuth 2.0 client secret. May be omitted for public clients (e.g.,
326
+ * clients using PKCE) that have no secret.
327
+ */
328
+ readonly clientSecret?: string;
329
+ /**
330
+ * The OAuth 2.0 refresh token used to obtain access tokens.
331
+ */
332
+ readonly refreshToken: string;
333
+ /**
334
+ * The token endpoint URL where the refresh token is exchanged for an access
335
+ * token (e.g., `https://oauth2.googleapis.com/token`).
336
+ */
337
+ readonly tokenEndpoint: string;
338
+ /**
339
+ * An optional space-delimited list of OAuth 2.0 scopes to request.
340
+ */
341
+ readonly scope?: string;
342
+ /**
343
+ * The SASL mechanism to use. When omitted, the mechanism is chosen
344
+ * automatically based on the server's advertised capabilities, preferring
345
+ * `xoauth2`.
346
+ * @default "xoauth2"
347
+ */
348
+ readonly method?: "xoauth2" | "oauthbearer";
349
+ }
350
+ /**
351
+ * OAuth 2.0 authentication configuration for SMTP connections.
352
+ *
353
+ * A union of the OAuth 2.0 authentication strategies: a directly supplied
354
+ * (or callback-provided) access token ({@link SmtpOAuth2TokenAuth}) or the
355
+ * built-in `refresh_token` grant flow ({@link SmtpOAuth2RefreshAuth}).
356
+ *
357
+ * @since 0.5.0
358
+ */
359
+ type SmtpOAuth2Auth = SmtpOAuth2TokenAuth | SmtpOAuth2RefreshAuth;
212
360
  /**
213
361
  * TLS/SSL configuration options for secure SMTP connections.
214
362
  *
@@ -304,6 +452,13 @@ declare class SmtpTransport implements Transport, AsyncDisposable {
304
452
  */
305
453
  poolSize: number;
306
454
  private connectionPool;
455
+ /**
456
+ * A token manager shared across all pooled connections, present only when the
457
+ * configured authentication uses OAuth 2.0. Sharing it ensures the
458
+ * refresh-token exchange happens at most once per token lifetime instead of
459
+ * once per connection.
460
+ */
461
+ private readonly tokenManager;
307
462
  /**
308
463
  * Creates a new SMTP transport instance.
309
464
  *
@@ -402,4 +557,33 @@ declare class SmtpTransport implements Transport, AsyncDisposable {
402
557
  [Symbol.asyncDispose](): Promise<void>;
403
558
  }
404
559
  //#endregion
405
- export { DkimAlgorithm, DkimCanonicalization, DkimConfig, DkimSignature, DkimSigningFailureAction, SmtpAuth, SmtpConfig, SmtpTlsOptions, SmtpTransport };
560
+ //#region src/oauth2.d.ts
561
+ /**
562
+ * An error thrown when SMTP authentication fails, including OAuth 2.0 token
563
+ * acquisition and SASL exchange failures.
564
+ *
565
+ * @since 0.5.0
566
+ */
567
+ declare class SmtpAuthError extends Error {
568
+ /**
569
+ * Creates a new {@link SmtpAuthError}.
570
+ * @param message A human-readable description of the failure.
571
+ */
572
+ constructor(message: string);
573
+ }
574
+ /**
575
+ * Builds the SASL `XOAUTH2` initial client response for SMTP authentication.
576
+ *
577
+ * The unencoded payload follows Google's XOAUTH2 format
578
+ * (`user=<user>^Aauth=Bearer <token>^A^A`, where `^A` is the `0x01` control
579
+ * character) and is returned Base64-encoded, ready to be sent as the argument
580
+ * of `AUTH XOAUTH2`.
581
+ *
582
+ * @param user The user (email address) to authenticate as.
583
+ * @param accessToken The OAuth 2.0 access token.
584
+ * @returns The Base64-encoded XOAUTH2 initial client response.
585
+ * @since 0.5.0
586
+ */
587
+
588
+ //#endregion
589
+ export { DkimAlgorithm, DkimCanonicalization, DkimConfig, DkimSignature, DkimSigningFailureAction, OAuth2TokenProvider, SmtpAuth, SmtpAuthError, SmtpConfig, SmtpOAuth2Auth, SmtpOAuth2RefreshAuth, SmtpOAuth2TokenAuth, SmtpTlsOptions, SmtpTransport, SmtpUserPassAuth };
package/dist/index.d.ts CHANGED
@@ -182,19 +182,63 @@ interface SmtpConfig {
182
182
  /**
183
183
  * Authentication configuration for SMTP connections.
184
184
  *
185
- * Defines the credentials and authentication method to use when
186
- * connecting to an SMTP server that requires authentication.
185
+ * This is a discriminated union of the supported authentication strategies:
186
+ *
187
+ * - {@link SmtpUserPassAuth}: traditional username/password authentication
188
+ * (SASL `PLAIN`, `LOGIN`, …), discriminated by the `pass` field.
189
+ * - {@link SmtpOAuth2TokenAuth}: OAuth 2.0 authentication using a static or
190
+ * dynamically provided access token, discriminated by the `accessToken`
191
+ * field.
192
+ * - {@link SmtpOAuth2RefreshAuth}: OAuth 2.0 authentication using the built-in
193
+ * `refresh_token` grant flow, discriminated by the `refreshToken` field.
194
+ *
195
+ * @example
196
+ * ```typescript
197
+ * // Username/password
198
+ * const passwordAuth: SmtpAuth = {
199
+ * user: 'username@domain.com',
200
+ * pass: 'password',
201
+ * method: 'plain' // or 'login', 'cram-md5'
202
+ * };
203
+ *
204
+ * // OAuth 2.0 with a (possibly refreshing) access token
205
+ * const tokenAuth: SmtpAuth = {
206
+ * user: 'username@gmail.com',
207
+ * accessToken: 'ya29.a0Af…',
208
+ * method: 'xoauth2' // or 'oauthbearer'
209
+ * };
210
+ * ```
211
+ */
212
+ type SmtpAuth = SmtpUserPassAuth | SmtpOAuth2TokenAuth | SmtpOAuth2RefreshAuth;
213
+ /**
214
+ * OAuth 2.0 access token aggregate that supplies access tokens on demand.
215
+ *
216
+ * The transport invokes the provider each time it needs to authenticate a new
217
+ * connection, which lets the caller plug in an external OAuth client (e.g.,
218
+ * `google-auth-library` or `msal-node`) and refresh expired tokens
219
+ * transparently.
220
+ *
221
+ * @param signal An optional {@link AbortSignal} to cancel token acquisition.
222
+ * @returns The OAuth 2.0 access token (bearer token), or a promise of it.
223
+ * @since 0.5.0
224
+ */
225
+ type OAuth2TokenProvider = (signal?: AbortSignal) => string | Promise<string>;
226
+ /**
227
+ * Username/password authentication configuration for SMTP connections.
228
+ *
229
+ * Defines the credentials and SASL method to use when connecting to an SMTP
230
+ * server that requires password-based authentication.
187
231
  *
188
232
  * @example
189
233
  * ```typescript
190
- * const auth: SmtpAuth = {
234
+ * const auth: SmtpUserPassAuth = {
191
235
  * user: 'username@domain.com',
192
236
  * pass: 'password',
193
237
  * method: 'plain' // or 'login', 'cram-md5'
194
238
  * };
195
239
  * ```
196
240
  */
197
- interface SmtpAuth {
241
+ interface SmtpUserPassAuth {
198
242
  /**
199
243
  * Username for authentication.
200
244
  */
@@ -209,6 +253,110 @@ interface SmtpAuth {
209
253
  */
210
254
  readonly method?: "plain" | "login" | "cram-md5";
211
255
  }
256
+ /**
257
+ * OAuth 2.0 authentication configuration using a directly supplied access
258
+ * token.
259
+ *
260
+ * The `accessToken` may be a static string or an {@link OAuth2TokenProvider}
261
+ * callback that returns a fresh token on demand. Use the callback form to
262
+ * integrate an external OAuth client (such as `google-auth-library` or
263
+ * `msal-node`) so that expired tokens are refreshed automatically.
264
+ *
265
+ * @example
266
+ * ```typescript
267
+ * const auth: SmtpOAuth2TokenAuth = {
268
+ * user: 'username@gmail.com',
269
+ * accessToken: async () => await getFreshAccessToken(),
270
+ * method: 'xoauth2',
271
+ * };
272
+ * ```
273
+ * @since 0.5.0
274
+ */
275
+ interface SmtpOAuth2TokenAuth {
276
+ /**
277
+ * The user (email address) to authenticate as.
278
+ */
279
+ readonly user: string;
280
+ /**
281
+ * The OAuth 2.0 access token, or a provider callback returning one.
282
+ *
283
+ * When a callback is given, it is invoked every time a new connection is
284
+ * authenticated, allowing the caller to refresh expired tokens.
285
+ */
286
+ readonly accessToken: string | OAuth2TokenProvider;
287
+ /**
288
+ * The SASL mechanism to use. When omitted, the mechanism is chosen
289
+ * automatically based on the server's advertised capabilities, preferring
290
+ * `xoauth2`.
291
+ * @default "xoauth2"
292
+ */
293
+ readonly method?: "xoauth2" | "oauthbearer";
294
+ }
295
+ /**
296
+ * OAuth 2.0 authentication configuration using the built-in `refresh_token`
297
+ * grant flow.
298
+ *
299
+ * The transport exchanges the refresh token for an access token at the given
300
+ * token endpoint and caches it until shortly before it expires, refreshing it
301
+ * automatically as needed. No external OAuth library is required.
302
+ *
303
+ * @example
304
+ * ```typescript
305
+ * const auth: SmtpOAuth2RefreshAuth = {
306
+ * user: 'username@gmail.com',
307
+ * clientId: '…apps.googleusercontent.com',
308
+ * clientSecret: '…',
309
+ * refreshToken: '1//…',
310
+ * tokenEndpoint: 'https://oauth2.googleapis.com/token',
311
+ * };
312
+ * ```
313
+ * @since 0.5.0
314
+ */
315
+ interface SmtpOAuth2RefreshAuth {
316
+ /**
317
+ * The user (email address) to authenticate as.
318
+ */
319
+ readonly user: string;
320
+ /**
321
+ * The OAuth 2.0 client identifier.
322
+ */
323
+ readonly clientId: string;
324
+ /**
325
+ * The OAuth 2.0 client secret. May be omitted for public clients (e.g.,
326
+ * clients using PKCE) that have no secret.
327
+ */
328
+ readonly clientSecret?: string;
329
+ /**
330
+ * The OAuth 2.0 refresh token used to obtain access tokens.
331
+ */
332
+ readonly refreshToken: string;
333
+ /**
334
+ * The token endpoint URL where the refresh token is exchanged for an access
335
+ * token (e.g., `https://oauth2.googleapis.com/token`).
336
+ */
337
+ readonly tokenEndpoint: string;
338
+ /**
339
+ * An optional space-delimited list of OAuth 2.0 scopes to request.
340
+ */
341
+ readonly scope?: string;
342
+ /**
343
+ * The SASL mechanism to use. When omitted, the mechanism is chosen
344
+ * automatically based on the server's advertised capabilities, preferring
345
+ * `xoauth2`.
346
+ * @default "xoauth2"
347
+ */
348
+ readonly method?: "xoauth2" | "oauthbearer";
349
+ }
350
+ /**
351
+ * OAuth 2.0 authentication configuration for SMTP connections.
352
+ *
353
+ * A union of the OAuth 2.0 authentication strategies: a directly supplied
354
+ * (or callback-provided) access token ({@link SmtpOAuth2TokenAuth}) or the
355
+ * built-in `refresh_token` grant flow ({@link SmtpOAuth2RefreshAuth}).
356
+ *
357
+ * @since 0.5.0
358
+ */
359
+ type SmtpOAuth2Auth = SmtpOAuth2TokenAuth | SmtpOAuth2RefreshAuth;
212
360
  /**
213
361
  * TLS/SSL configuration options for secure SMTP connections.
214
362
  *
@@ -304,6 +452,13 @@ declare class SmtpTransport implements Transport, AsyncDisposable {
304
452
  */
305
453
  poolSize: number;
306
454
  private connectionPool;
455
+ /**
456
+ * A token manager shared across all pooled connections, present only when the
457
+ * configured authentication uses OAuth 2.0. Sharing it ensures the
458
+ * refresh-token exchange happens at most once per token lifetime instead of
459
+ * once per connection.
460
+ */
461
+ private readonly tokenManager;
307
462
  /**
308
463
  * Creates a new SMTP transport instance.
309
464
  *
@@ -402,4 +557,33 @@ declare class SmtpTransport implements Transport, AsyncDisposable {
402
557
  [Symbol.asyncDispose](): Promise<void>;
403
558
  }
404
559
  //#endregion
405
- export { DkimAlgorithm, DkimCanonicalization, DkimConfig, DkimSignature, DkimSigningFailureAction, SmtpAuth, SmtpConfig, SmtpTlsOptions, SmtpTransport };
560
+ //#region src/oauth2.d.ts
561
+ /**
562
+ * An error thrown when SMTP authentication fails, including OAuth 2.0 token
563
+ * acquisition and SASL exchange failures.
564
+ *
565
+ * @since 0.5.0
566
+ */
567
+ declare class SmtpAuthError extends Error {
568
+ /**
569
+ * Creates a new {@link SmtpAuthError}.
570
+ * @param message A human-readable description of the failure.
571
+ */
572
+ constructor(message: string);
573
+ }
574
+ /**
575
+ * Builds the SASL `XOAUTH2` initial client response for SMTP authentication.
576
+ *
577
+ * The unencoded payload follows Google's XOAUTH2 format
578
+ * (`user=<user>^Aauth=Bearer <token>^A^A`, where `^A` is the `0x01` control
579
+ * character) and is returned Base64-encoded, ready to be sent as the argument
580
+ * of `AUTH XOAUTH2`.
581
+ *
582
+ * @param user The user (email address) to authenticate as.
583
+ * @param accessToken The OAuth 2.0 access token.
584
+ * @returns The Base64-encoded XOAUTH2 initial client response.
585
+ * @since 0.5.0
586
+ */
587
+
588
+ //#endregion
589
+ export { DkimAlgorithm, DkimCanonicalization, DkimConfig, DkimSignature, DkimSigningFailureAction, OAuth2TokenProvider, SmtpAuth, SmtpAuthError, SmtpConfig, SmtpOAuth2Auth, SmtpOAuth2RefreshAuth, SmtpOAuth2TokenAuth, SmtpTlsOptions, SmtpTransport, SmtpUserPassAuth };