npm - @veloxts/auth - Versions diffs - 0.6.56 → 0.6.58 - Mend

@veloxts/auth 0.6.56 → 0.6.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,23 @@
 # @veloxts/auth
+## 0.6.58
+### Patch Changes
+- feat(router): add OpenAPI 3.0.3 specification generator
+- Updated dependencies
+  - @veloxts/core@0.6.58
+  - @veloxts/router@0.6.58
+## 0.6.57
+### Patch Changes
+- feat: add DI support to ecosystem packages and main packages
+- Updated dependencies
+  - @veloxts/core@0.6.57
+  - @veloxts/router@0.6.57
 ## 0.6.56
 ### Patch Changes

package/dist/index.d.ts CHANGED Viewed

@@ -20,7 +20,7 @@ export { hashPassword, PasswordHasher, passwordHasher, verifyPassword, } from '.
 export { allOf, anyOf, authenticated, defineGuard, emailVerified, executeGuard, executeGuards, guard, hasAnyPermission, hasPermission, hasRole, not, userCan, } from './guards.js';
 export { authorize, can, cannot, clearPolicies, createAdminOnlyPolicy, createOwnerOrAdminPolicy, createPolicyBuilder, createReadOnlyPolicy, definePolicy, getPolicy, registerPolicy, } from './policies.js';
 export { authMiddleware, clearRateLimitStore, rateLimitMiddleware, } from './middleware.js';
-export type { AuthRateLimitConfig, AuthRateLimiterConfig } from './rate-limit.js';
+export type { AuthRateLimitConfig, AuthRateLimiter, AuthRateLimiterConfig } from './rate-limit.js';
 export { authRateLimiter, clearAuthRateLimitStore, createAuthRateLimiter, stopAuthRateLimitCleanup, } from './rate-limit.js';
 export type { AuthPluginOptions, AuthService } from './plugin.js';
 export { authPlugin, defaultAuthPlugin, } from './plugin.js';
@@ -34,3 +34,24 @@ export type { BetterAuthAdapterConfig, BetterAuthApi, BetterAuthHandler, BetterA
 export { BetterAuthAdapter, createBetterAuthAdapter } from './adapters/better-auth.js';
 export type { PasswordPolicyConfig, PasswordValidationResult, UserInfo, } from './password-policy.js';
 export { checkPasswordBreach, checkPasswordStrength, isCommonPassword, PasswordPolicy, PasswordStrength, passwordPolicy, } from './password-policy.js';
+/**
+ * DI tokens and providers for @veloxts/auth
+ *
+ * Use these to integrate auth services with the @veloxts/core DI container.
+ *
+ * @example
+ * ```typescript
+ * import { Container } from '@veloxts/core';
+ * import { registerAuthProviders, JWT_MANAGER, PASSWORD_HASHER } from '@veloxts/auth';
+ *
+ * const container = new Container();
+ * registerAuthProviders(container, {
+ *   jwt: { secret: process.env.JWT_SECRET! }
+ * });
+ *
+ * const jwt = container.resolve(JWT_MANAGER);
+ * const hasher = container.resolve(PASSWORD_HASHER);
+ * ```
+ */
+export { authServiceProvider, jwtManagerProvider, passwordHasherProvider, passwordHasherProviderWithDefaults, registerAuthProviders, } from './providers.js';
+export { AUTH_CONFIG, AUTH_RATE_LIMITER, AUTH_SERVICE, CSRF_CONFIG, HASH_CONFIG, JWT_CONFIG, JWT_MANAGER, PASSWORD_HASHER, RATE_LIMIT_CONFIG, SESSION_CONFIG, SESSION_STORE, TOKEN_STORE, } from './tokens.js';

package/dist/index.js CHANGED Viewed

@@ -66,3 +66,37 @@ createAdapterAuthMiddleware, createAuthAdapterPlugin, defineAuthAdapter,
 isAuthAdapter, } from './adapter.js';
 export { BetterAuthAdapter, createBetterAuthAdapter } from './adapters/better-auth.js';
 export { checkPasswordBreach, checkPasswordStrength, isCommonPassword, PasswordPolicy, PasswordStrength, passwordPolicy, } from './password-policy.js';
+// ============================================================================
+// Dependency Injection
+// ============================================================================
+/**
+ * DI tokens and providers for @veloxts/auth
+ *
+ * Use these to integrate auth services with the @veloxts/core DI container.
+ *
+ * @example
+ * ```typescript
+ * import { Container } from '@veloxts/core';
+ * import { registerAuthProviders, JWT_MANAGER, PASSWORD_HASHER } from '@veloxts/auth';
+ *
+ * const container = new Container();
+ * registerAuthProviders(container, {
+ *   jwt: { secret: process.env.JWT_SECRET! }
+ * });
+ *
+ * const jwt = container.resolve(JWT_MANAGER);
+ * const hasher = container.resolve(PASSWORD_HASHER);
+ * ```
+ */
+// Provider exports - factory functions for registering services
+export { authServiceProvider, jwtManagerProvider, passwordHasherProvider, passwordHasherProviderWithDefaults,
+// Bulk registration helper
+registerAuthProviders, } from './providers.js';
+// Token exports - unique identifiers for DI resolution
+export {
+// Config tokens
+AUTH_CONFIG, AUTH_RATE_LIMITER,
+// Service tokens
+AUTH_SERVICE, CSRF_CONFIG, HASH_CONFIG, JWT_CONFIG, JWT_MANAGER, PASSWORD_HASHER, RATE_LIMIT_CONFIG, SESSION_CONFIG,
+// Store tokens
+SESSION_STORE, TOKEN_STORE, } from './tokens.js';

package/dist/plugin.d.ts CHANGED Viewed

@@ -3,7 +3,7 @@
  * Fastify plugin that integrates authentication with VeloxApp
  * @module auth/plugin
  */
-import type { VeloxPlugin } from '@veloxts/core';
+import type { Container, VeloxPlugin } from '@veloxts/core';
 import { PasswordHasher } from './hash.js';
 import { JwtManager } from './jwt.js';
 import { authMiddleware } from './middleware.js';
@@ -19,6 +19,32 @@ export interface AuthPluginOptions extends AuthConfig {
      * @default false
      */
     debug?: boolean;
+    /**
+     * DI container for service registration and resolution (optional)
+     *
+     * When provided, auth services are registered with the container and can be:
+     * - Resolved from the container directly
+     * - Mocked in tests by overriding registrations
+     * - Managed alongside other application services
+     *
+     * When not provided, services are created directly (legacy behavior).
+     *
+     * @example
+     * ```typescript
+     * import { Container } from '@veloxts/core';
+     * import { authPlugin, JWT_MANAGER } from '@veloxts/auth';
+     *
+     * const container = new Container();
+     * app.register(authPlugin({
+     *   jwt: { secret: '...' },
+     *   container,
+     * }));
+     *
+     * // Services now available from container
+     * const jwt = container.resolve(JWT_MANAGER);
+     * ```
+     */
+    container?: Container;
 }
 /**
  * Auth service instance attached to Fastify

package/dist/plugin.js CHANGED Viewed

@@ -7,6 +7,8 @@ import { createRequire } from 'node:module';
 import { PasswordHasher } from './hash.js';
 import { JwtManager } from './jwt.js';
 import { authMiddleware } from './middleware.js';
+import { registerAuthProviders } from './providers.js';
+import { AUTH_SERVICE } from './tokens.js';
 // Read version from package.json dynamically
 const require = createRequire(import.meta.url);
 const packageJson = require('../package.json');
@@ -62,40 +64,50 @@ export function authPlugin(options) {
         // The plugin decorates Fastify with auth functionality
         async register(server, _opts) {
             const config = { ...options, ..._opts };
-            const { debug = false } = config;
+            const { debug = false, container } = config;
             if (debug) {
                 server.log.info('Registering @veloxts/auth plugin');
             }
-            // Create instances
-            const jwt = new JwtManager(config.jwt);
-            const hasher = new PasswordHasher(config.hash);
-            const authMw = authMiddleware(config);
-            // Create auth service
-            const authService = {
-                jwt,
-                hasher,
-                createTokens(user, additionalClaims) {
-                    return jwt.createTokenPair(user, additionalClaims);
-                },
-                verifyToken(token) {
-                    const payload = jwt.verifyToken(token);
-                    return {
-                        user: {
-                            id: payload.sub,
-                            email: payload.email,
-                        },
-                        token: payload,
-                        isAuthenticated: true,
-                    };
-                },
-                refreshTokens(refreshToken) {
-                    if (config.userLoader) {
-                        return jwt.refreshTokens(refreshToken, config.userLoader);
-                    }
-                    return jwt.refreshTokens(refreshToken);
-                },
-                middleware: authMw,
-            };
+            let authService;
+            if (container) {
+                // DI-enabled path: Register providers and resolve from container
+                if (debug) {
+                    server.log.info('Using DI container for auth services');
+                }
+                registerAuthProviders(container, config);
+                authService = container.resolve(AUTH_SERVICE);
+            }
+            else {
+                // Legacy path: Direct instantiation (backward compatible)
+                const jwt = new JwtManager(config.jwt);
+                const hasher = new PasswordHasher(config.hash);
+                const authMw = authMiddleware(config);
+                authService = {
+                    jwt,
+                    hasher,
+                    createTokens(user, additionalClaims) {
+                        return jwt.createTokenPair(user, additionalClaims);
+                    },
+                    verifyToken(token) {
+                        const payload = jwt.verifyToken(token);
+                        return {
+                            user: {
+                                id: payload.sub,
+                                email: payload.email,
+                            },
+                            token: payload,
+                            isAuthenticated: true,
+                        };
+                    },
+                    refreshTokens(refreshToken) {
+                        if (config.userLoader) {
+                            return jwt.refreshTokens(refreshToken, config.userLoader);
+                        }
+                        return jwt.refreshTokens(refreshToken);
+                    },
+                    middleware: authMw,
+                };
+            }
             // Decorate server with auth service
             server.decorate('auth', authService);
             // Decorate requests with auth context (undefined initial value)
@@ -105,10 +117,10 @@ export function authPlugin(options) {
             if (config.autoExtract !== false) {
                 server.addHook('preHandler', async (request) => {
                     const authHeader = request.headers.authorization;
-                    const token = jwt.extractFromHeader(authHeader);
+                    const token = authService.jwt.extractFromHeader(authHeader);
                     if (token) {
                         try {
-                            const payload = jwt.verifyToken(token);
+                            const payload = authService.jwt.verifyToken(token);
                             // Check if token is revoked
                             if (config.isTokenRevoked && payload.jti) {
                                 const revoked = await config.isTokenRevoked(payload.jti);

package/dist/providers.d.ts ADDED Viewed

@@ -0,0 +1,129 @@
+/**
+ * DI Providers for @veloxts/auth
+ *
+ * Factory provider functions for registering auth services with the DI container.
+ * These providers allow services to be managed by the container for testability and flexibility.
+ *
+ * @module auth/providers
+ *
+ * @example
+ * ```typescript
+ * import { Container } from '@veloxts/core';
+ * import { registerAuthProviders, JWT_MANAGER } from '@veloxts/auth';
+ *
+ * const container = new Container();
+ * registerAuthProviders(container, {
+ *   jwt: { secret: process.env.JWT_SECRET! }
+ * });
+ *
+ * const jwt = container.resolve(JWT_MANAGER);
+ * ```
+ */
+import { type Container, type FactoryProvider } from '@veloxts/core';
+import { PasswordHasher } from './hash.js';
+import { JwtManager } from './jwt.js';
+import type { AuthService } from './plugin.js';
+import type { AuthConfig } from './types.js';
+/**
+ * Creates a factory provider for JwtManager
+ *
+ * Requires JWT_CONFIG to be registered in the container.
+ *
+ * @example
+ * ```typescript
+ * container.register({ provide: JWT_CONFIG, useValue: { secret: '...' } });
+ * container.register(jwtManagerProvider());
+ * const jwt = container.resolve(JWT_MANAGER);
+ * ```
+ */
+export declare function jwtManagerProvider(): FactoryProvider<JwtManager>;
+/**
+ * Creates a factory provider for PasswordHasher
+ *
+ * Uses HASH_CONFIG if available, otherwise uses default config.
+ *
+ * @example
+ * ```typescript
+ * // With config
+ * container.register({ provide: HASH_CONFIG, useValue: { algorithm: 'argon2' } });
+ * container.register(passwordHasherProvider());
+ *
+ * // Or without config (uses defaults)
+ * container.register(passwordHasherProviderWithDefaults());
+ * ```
+ */
+export declare function passwordHasherProvider(): FactoryProvider<PasswordHasher>;
+/**
+ * Creates a factory provider for PasswordHasher with default config
+ *
+ * Use this when you don't need custom hash configuration.
+ */
+export declare function passwordHasherProviderWithDefaults(): FactoryProvider<PasswordHasher>;
+/**
+ * Creates a factory provider for the composite AuthService
+ *
+ * Requires JWT_MANAGER, PASSWORD_HASHER, and AUTH_CONFIG to be registered.
+ *
+ * @example
+ * ```typescript
+ * registerAuthProviders(container, config);
+ * const auth = container.resolve(AUTH_SERVICE);
+ * const tokens = auth.createTokens(user);
+ * ```
+ */
+export declare function authServiceProvider(): FactoryProvider<AuthService>;
+/**
+ * Registers all auth providers with a container
+ *
+ * This is the recommended way to set up auth services with DI.
+ * It registers config values and all service providers in the correct order.
+ *
+ * @param container - The DI container to register providers with
+ * @param config - Auth configuration (jwt config is required)
+ *
+ * @example
+ * ```typescript
+ * import { Container } from '@veloxts/core';
+ * import { registerAuthProviders, JWT_MANAGER, PASSWORD_HASHER } from '@veloxts/auth';
+ *
+ * const container = new Container();
+ *
+ * registerAuthProviders(container, {
+ *   jwt: {
+ *     secret: process.env.JWT_SECRET!,
+ *     accessTokenExpiry: '15m',
+ *     refreshTokenExpiry: '7d',
+ *   },
+ *   hash: {
+ *     algorithm: 'bcrypt',
+ *     bcryptRounds: 12,
+ *   },
+ * });
+ *
+ * // Now resolve services from container
+ * const jwt = container.resolve(JWT_MANAGER);
+ * const hasher = container.resolve(PASSWORD_HASHER);
+ * const auth = container.resolve(AUTH_SERVICE);
+ * ```
+ */
+export declare function registerAuthProviders(container: Container, config: AuthConfig): void;
+/**
+ * Registers mock-friendly auth providers for testing
+ *
+ * Same as registerAuthProviders but allows individual service overrides.
+ *
+ * @example
+ * ```typescript
+ * // In tests
+ * const container = new Container();
+ * registerAuthProviders(container, testConfig);
+ *
+ * // Override with mock
+ * const mockJwt = { createTokenPair: vi.fn() } as unknown as JwtManager;
+ * container.register({ provide: JWT_MANAGER, useValue: mockJwt });
+ *
+ * // AuthService will now use the mock
+ * const auth = container.resolve(AUTH_SERVICE);
+ * ```
+ */
+export { registerAuthProviders as registerAuthProvidersForTesting };

package/dist/providers.js ADDED Viewed

@@ -0,0 +1,213 @@
+/**
+ * DI Providers for @veloxts/auth
+ *
+ * Factory provider functions for registering auth services with the DI container.
+ * These providers allow services to be managed by the container for testability and flexibility.
+ *
+ * @module auth/providers
+ *
+ * @example
+ * ```typescript
+ * import { Container } from '@veloxts/core';
+ * import { registerAuthProviders, JWT_MANAGER } from '@veloxts/auth';
+ *
+ * const container = new Container();
+ * registerAuthProviders(container, {
+ *   jwt: { secret: process.env.JWT_SECRET! }
+ * });
+ *
+ * const jwt = container.resolve(JWT_MANAGER);
+ * ```
+ */
+import { Scope } from '@veloxts/core';
+import { PasswordHasher } from './hash.js';
+import { JwtManager } from './jwt.js';
+import { authMiddleware } from './middleware.js';
+import { AUTH_CONFIG, AUTH_SERVICE, HASH_CONFIG, JWT_CONFIG, JWT_MANAGER, PASSWORD_HASHER, } from './tokens.js';
+// ============================================================================
+// Service Providers
+// ============================================================================
+/**
+ * Creates a factory provider for JwtManager
+ *
+ * Requires JWT_CONFIG to be registered in the container.
+ *
+ * @example
+ * ```typescript
+ * container.register({ provide: JWT_CONFIG, useValue: { secret: '...' } });
+ * container.register(jwtManagerProvider());
+ * const jwt = container.resolve(JWT_MANAGER);
+ * ```
+ */
+export function jwtManagerProvider() {
+    return {
+        provide: JWT_MANAGER,
+        useFactory: (config) => new JwtManager(config),
+        inject: [JWT_CONFIG],
+        scope: Scope.SINGLETON,
+    };
+}
+/**
+ * Creates a factory provider for PasswordHasher
+ *
+ * Uses HASH_CONFIG if available, otherwise uses default config.
+ *
+ * @example
+ * ```typescript
+ * // With config
+ * container.register({ provide: HASH_CONFIG, useValue: { algorithm: 'argon2' } });
+ * container.register(passwordHasherProvider());
+ *
+ * // Or without config (uses defaults)
+ * container.register(passwordHasherProviderWithDefaults());
+ * ```
+ */
+export function passwordHasherProvider() {
+    return {
+        provide: PASSWORD_HASHER,
+        useFactory: (config) => new PasswordHasher(config),
+        inject: [HASH_CONFIG],
+        scope: Scope.SINGLETON,
+    };
+}
+/**
+ * Creates a factory provider for PasswordHasher with default config
+ *
+ * Use this when you don't need custom hash configuration.
+ */
+export function passwordHasherProviderWithDefaults() {
+    return {
+        provide: PASSWORD_HASHER,
+        useFactory: () => new PasswordHasher(),
+        inject: [],
+        scope: Scope.SINGLETON,
+    };
+}
+/**
+ * Creates a factory provider for the composite AuthService
+ *
+ * Requires JWT_MANAGER, PASSWORD_HASHER, and AUTH_CONFIG to be registered.
+ *
+ * @example
+ * ```typescript
+ * registerAuthProviders(container, config);
+ * const auth = container.resolve(AUTH_SERVICE);
+ * const tokens = auth.createTokens(user);
+ * ```
+ */
+export function authServiceProvider() {
+    return {
+        provide: AUTH_SERVICE,
+        useFactory: (jwt, hasher, config) => {
+            const authMw = authMiddleware(config);
+            return {
+                jwt,
+                hasher,
+                createTokens(user, additionalClaims) {
+                    return jwt.createTokenPair(user, additionalClaims);
+                },
+                verifyToken(token) {
+                    const payload = jwt.verifyToken(token);
+                    return {
+                        user: {
+                            id: payload.sub,
+                            email: payload.email,
+                        },
+                        token: payload,
+                        isAuthenticated: true,
+                    };
+                },
+                refreshTokens(refreshToken) {
+                    if (config.userLoader) {
+                        return jwt.refreshTokens(refreshToken, config.userLoader);
+                    }
+                    return jwt.refreshTokens(refreshToken);
+                },
+                middleware: authMw,
+            };
+        },
+        inject: [JWT_MANAGER, PASSWORD_HASHER, AUTH_CONFIG],
+        scope: Scope.SINGLETON,
+    };
+}
+// ============================================================================
+// Bulk Registration Helper
+// ============================================================================
+/**
+ * Registers all auth providers with a container
+ *
+ * This is the recommended way to set up auth services with DI.
+ * It registers config values and all service providers in the correct order.
+ *
+ * @param container - The DI container to register providers with
+ * @param config - Auth configuration (jwt config is required)
+ *
+ * @example
+ * ```typescript
+ * import { Container } from '@veloxts/core';
+ * import { registerAuthProviders, JWT_MANAGER, PASSWORD_HASHER } from '@veloxts/auth';
+ *
+ * const container = new Container();
+ *
+ * registerAuthProviders(container, {
+ *   jwt: {
+ *     secret: process.env.JWT_SECRET!,
+ *     accessTokenExpiry: '15m',
+ *     refreshTokenExpiry: '7d',
+ *   },
+ *   hash: {
+ *     algorithm: 'bcrypt',
+ *     bcryptRounds: 12,
+ *   },
+ * });
+ *
+ * // Now resolve services from container
+ * const jwt = container.resolve(JWT_MANAGER);
+ * const hasher = container.resolve(PASSWORD_HASHER);
+ * const auth = container.resolve(AUTH_SERVICE);
+ * ```
+ */
+export function registerAuthProviders(container, config) {
+    // Register config values
+    container.register({
+        provide: AUTH_CONFIG,
+        useValue: config,
+    });
+    container.register({
+        provide: JWT_CONFIG,
+        useValue: config.jwt,
+    });
+    // Register HASH_CONFIG if provided, otherwise use undefined
+    // PasswordHasher handles undefined config gracefully
+    container.register({
+        provide: HASH_CONFIG,
+        useValue: config.hash,
+    });
+    // Register service providers
+    container.register(jwtManagerProvider());
+    container.register(passwordHasherProvider());
+    container.register(authServiceProvider());
+}
+// ============================================================================
+// Testing Utilities
+// ============================================================================
+/**
+ * Registers mock-friendly auth providers for testing
+ *
+ * Same as registerAuthProviders but allows individual service overrides.
+ *
+ * @example
+ * ```typescript
+ * // In tests
+ * const container = new Container();
+ * registerAuthProviders(container, testConfig);
+ *
+ * // Override with mock
+ * const mockJwt = { createTokenPair: vi.fn() } as unknown as JwtManager;
+ * container.register({ provide: JWT_MANAGER, useValue: mockJwt });
+ *
+ * // AuthService will now use the mock
+ * const auth = container.resolve(AUTH_SERVICE);
+ * ```
+ */
+export { registerAuthProviders as registerAuthProvidersForTesting };

package/dist/rate-limit.d.ts CHANGED Viewed

@@ -159,6 +159,13 @@ export declare function createAuthRateLimiter(config?: AuthRateLimiterConfig): {
      */
     getRemainingAttempts: (key: string, operation: "login" | "register" | "password-reset" | "refresh") => number;
 };
+/**
+ * Type for the auth rate limiter instance returned by createAuthRateLimiter
+ *
+ * Provides rate limiting methods for login, register, password reset, and token refresh.
+ * Also includes utility methods for recording failures, resetting limits, and checking lockout status.
+ */
+export type AuthRateLimiter = ReturnType<typeof createAuthRateLimiter>;
 /**
  * Pre-configured auth rate limiter with sensible defaults
  *

package/dist/tokens.d.ts ADDED Viewed

@@ -0,0 +1,135 @@
+/**
+ * DI Tokens for @veloxts/auth
+ *
+ * Symbol-based tokens for type-safe dependency injection.
+ * These tokens allow services to be registered, resolved, and mocked via the DI container.
+ *
+ * @module auth/tokens
+ *
+ * @example
+ * ```typescript
+ * import { Container } from '@veloxts/core';
+ * import { JWT_MANAGER, JWT_CONFIG, registerAuthProviders } from '@veloxts/auth';
+ *
+ * const container = new Container();
+ * registerAuthProviders(container, { jwt: { secret: '...' } });
+ *
+ * const jwt = container.resolve(JWT_MANAGER);
+ * ```
+ */
+import type { CsrfConfig } from './csrf.js';
+import type { PasswordHasher } from './hash.js';
+import type { JwtManager, TokenStore } from './jwt.js';
+import type { AuthService } from './plugin.js';
+import type { AuthRateLimiterConfig } from './rate-limit.js';
+import type { SessionConfig, SessionStore } from './session.js';
+import type { AuthConfig, HashConfig, JwtConfig } from './types.js';
+/**
+ * Main auth configuration token
+ *
+ * Contains JWT config, hash config, and other auth settings.
+ */
+export declare const AUTH_CONFIG: import("@veloxts/core").SymbolToken<AuthConfig>;
+/**
+ * JWT configuration token
+ *
+ * Used to configure JwtManager (secret, expiry times, issuer, etc.)
+ */
+export declare const JWT_CONFIG: import("@veloxts/core").SymbolToken<JwtConfig>;
+/**
+ * Password hashing configuration token
+ *
+ * Used to configure PasswordHasher (algorithm, rounds, etc.)
+ */
+export declare const HASH_CONFIG: import("@veloxts/core").SymbolToken<HashConfig>;
+/**
+ * Session configuration token
+ *
+ * Used to configure SessionManager (store, cookie settings, expiration)
+ */
+export declare const SESSION_CONFIG: import("@veloxts/core").SymbolToken<SessionConfig>;
+/**
+ * CSRF protection configuration token
+ *
+ * Used to configure CsrfManager (cookie settings, validation rules)
+ */
+export declare const CSRF_CONFIG: import("@veloxts/core").SymbolToken<CsrfConfig>;
+/**
+ * Auth rate limiter configuration token
+ *
+ * Used to configure per-endpoint rate limits (login, register, reset, refresh)
+ */
+export declare const RATE_LIMIT_CONFIG: import("@veloxts/core").SymbolToken<AuthRateLimiterConfig>;
+/**
+ * JWT manager service token
+ *
+ * Provides token creation, verification, and refresh capabilities.
+ *
+ * @example
+ * ```typescript
+ * const jwt = container.resolve(JWT_MANAGER);
+ * const tokens = jwt.createTokenPair({ id: '1', email: 'user@example.com' });
+ * ```
+ */
+export declare const JWT_MANAGER: import("@veloxts/core").SymbolToken<JwtManager>;
+/**
+ * Password hasher service token
+ *
+ * Provides secure password hashing and verification.
+ *
+ * @example
+ * ```typescript
+ * const hasher = container.resolve(PASSWORD_HASHER);
+ * const hash = await hasher.hash('password123');
+ * const valid = await hasher.verify('password123', hash);
+ * ```
+ */
+export declare const PASSWORD_HASHER: import("@veloxts/core").SymbolToken<PasswordHasher>;
+/**
+ * Auth service composite token
+ *
+ * Aggregates JWT manager, password hasher, and middleware into a single service.
+ * This is the main service attached to Fastify by the auth plugin.
+ */
+export declare const AUTH_SERVICE: import("@veloxts/core").SymbolToken<AuthService>;
+/**
+ * Auth rate limiter service token
+ *
+ * Provides per-endpoint rate limiting for authentication operations.
+ * Includes login, register, password reset, and refresh endpoints.
+ *
+ * @example
+ * ```typescript
+ * const rateLimiter = container.resolve(AUTH_RATE_LIMITER);
+ * // Use in procedures:
+ * procedure().use(rateLimiter.login((ctx) => ctx.input.email))
+ * ```
+ */
+export declare const AUTH_RATE_LIMITER: import("@veloxts/core").SymbolToken<{
+    login: <TInput, TContext extends import("@veloxts/core").BaseContext, TOutput>(identifierFn?: (ctx: TContext & {
+        input?: unknown;
+    }) => string) => import("@veloxts/router").MiddlewareFunction<TInput, TContext, TContext, TOutput>;
+    register: <TInput, TContext extends import("@veloxts/core").BaseContext, TOutput>() => import("@veloxts/router").MiddlewareFunction<TInput, TContext, TContext, TOutput>;
+    passwordReset: <TInput, TContext extends import("@veloxts/core").BaseContext, TOutput>(identifierFn?: (ctx: TContext & {
+        input?: unknown;
+    }) => string) => import("@veloxts/router").MiddlewareFunction<TInput, TContext, TContext, TOutput>;
+    refresh: <TInput, TContext extends import("@veloxts/core").BaseContext, TOutput>() => import("@veloxts/router").MiddlewareFunction<TInput, TContext, TContext, TOutput>;
+    recordFailure: (key: string, operation: "login" | "register" | "password-reset") => void;
+    resetLimit: (key: string, operation: "login" | "register" | "password-reset") => void;
+    isLockedOut: (key: string, operation: "login" | "register" | "password-reset") => boolean;
+    getRemainingAttempts: (key: string, operation: "login" | "register" | "password-reset" | "refresh") => number;
+}>;
+/**
+ * Session store token
+ *
+ * Pluggable backend for session storage.
+ * Default: in-memory store (use Redis for production)
+ */
+export declare const SESSION_STORE: import("@veloxts/core").SymbolToken<SessionStore>;
+/**
+ * Token store token
+ *
+ * Pluggable backend for token revocation tracking.
+ * Used for JWT blacklist functionality.
+ */
+export declare const TOKEN_STORE: import("@veloxts/core").SymbolToken<TokenStore>;

package/dist/tokens.js ADDED Viewed

@@ -0,0 +1,125 @@
+/**
+ * DI Tokens for @veloxts/auth
+ *
+ * Symbol-based tokens for type-safe dependency injection.
+ * These tokens allow services to be registered, resolved, and mocked via the DI container.
+ *
+ * @module auth/tokens
+ *
+ * @example
+ * ```typescript
+ * import { Container } from '@veloxts/core';
+ * import { JWT_MANAGER, JWT_CONFIG, registerAuthProviders } from '@veloxts/auth';
+ *
+ * const container = new Container();
+ * registerAuthProviders(container, { jwt: { secret: '...' } });
+ *
+ * const jwt = container.resolve(JWT_MANAGER);
+ * ```
+ */
+import { token } from '@veloxts/core';
+// ============================================================================
+// Configuration Tokens
+// ============================================================================
+/**
+ * Main auth configuration token
+ *
+ * Contains JWT config, hash config, and other auth settings.
+ */
+export const AUTH_CONFIG = token.symbol('AUTH_CONFIG');
+/**
+ * JWT configuration token
+ *
+ * Used to configure JwtManager (secret, expiry times, issuer, etc.)
+ */
+export const JWT_CONFIG = token.symbol('JWT_CONFIG');
+/**
+ * Password hashing configuration token
+ *
+ * Used to configure PasswordHasher (algorithm, rounds, etc.)
+ */
+export const HASH_CONFIG = token.symbol('HASH_CONFIG');
+/**
+ * Session configuration token
+ *
+ * Used to configure SessionManager (store, cookie settings, expiration)
+ */
+export const SESSION_CONFIG = token.symbol('SESSION_CONFIG');
+/**
+ * CSRF protection configuration token
+ *
+ * Used to configure CsrfManager (cookie settings, validation rules)
+ */
+export const CSRF_CONFIG = token.symbol('CSRF_CONFIG');
+/**
+ * Auth rate limiter configuration token
+ *
+ * Used to configure per-endpoint rate limits (login, register, reset, refresh)
+ */
+export const RATE_LIMIT_CONFIG = token.symbol('RATE_LIMIT_CONFIG');
+// ============================================================================
+// Service Tokens
+// ============================================================================
+/**
+ * JWT manager service token
+ *
+ * Provides token creation, verification, and refresh capabilities.
+ *
+ * @example
+ * ```typescript
+ * const jwt = container.resolve(JWT_MANAGER);
+ * const tokens = jwt.createTokenPair({ id: '1', email: 'user@example.com' });
+ * ```
+ */
+export const JWT_MANAGER = token.symbol('JWT_MANAGER');
+/**
+ * Password hasher service token
+ *
+ * Provides secure password hashing and verification.
+ *
+ * @example
+ * ```typescript
+ * const hasher = container.resolve(PASSWORD_HASHER);
+ * const hash = await hasher.hash('password123');
+ * const valid = await hasher.verify('password123', hash);
+ * ```
+ */
+export const PASSWORD_HASHER = token.symbol('PASSWORD_HASHER');
+/**
+ * Auth service composite token
+ *
+ * Aggregates JWT manager, password hasher, and middleware into a single service.
+ * This is the main service attached to Fastify by the auth plugin.
+ */
+export const AUTH_SERVICE = token.symbol('AUTH_SERVICE');
+/**
+ * Auth rate limiter service token
+ *
+ * Provides per-endpoint rate limiting for authentication operations.
+ * Includes login, register, password reset, and refresh endpoints.
+ *
+ * @example
+ * ```typescript
+ * const rateLimiter = container.resolve(AUTH_RATE_LIMITER);
+ * // Use in procedures:
+ * procedure().use(rateLimiter.login((ctx) => ctx.input.email))
+ * ```
+ */
+export const AUTH_RATE_LIMITER = token.symbol('AUTH_RATE_LIMITER');
+// ============================================================================
+// Store Tokens (Pluggable Backends)
+// ============================================================================
+/**
+ * Session store token
+ *
+ * Pluggable backend for session storage.
+ * Default: in-memory store (use Redis for production)
+ */
+export const SESSION_STORE = token.symbol('SESSION_STORE');
+/**
+ * Token store token
+ *
+ * Pluggable backend for token revocation tracking.
+ * Used for JWT blacklist functionality.
+ */
+export const TOKEN_STORE = token.symbol('TOKEN_STORE');

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@veloxts/auth",
-  "version": "0.6.56",
+  "version": "0.6.58",
   "description": "Authentication and authorization system for VeloxTS framework",
   "type": "module",
   "main": "dist/index.js",
@@ -57,8 +57,8 @@
   "dependencies": {
     "@fastify/cookie": "11.0.2",
     "fastify": "5.6.2",
-    "@veloxts/core": "0.6.56",
-    "@veloxts/router": "0.6.56"
+    "@veloxts/core": "0.6.58",
+    "@veloxts/router": "0.6.58"
   },
   "peerDependencies": {
     "argon2": ">=0.30.0",
@@ -82,8 +82,8 @@
     "fastify-plugin": "5.1.0",
     "typescript": "5.9.3",
     "vitest": "4.0.16",
-    "@veloxts/testing": "0.6.56",
-    "@veloxts/validation": "0.6.56"
+    "@veloxts/testing": "0.6.58",
+    "@veloxts/validation": "0.6.58"
   },
   "keywords": [
     "velox",