@warlock.js/auth 4.0.161 → 4.0.162

package/esm/commands/auth-cleanup-command.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Register the auth:cleanup CLI command
+ *
+ * @example
+ * ```bash
+ * warlock auth:cleanup
+ * ```
+ */
+export declare function registerAuthCleanupCommand(): any;
+//# sourceMappingURL=auth-cleanup-command.d.ts.map

package/esm/commands/auth-cleanup-command.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-cleanup-command.d.ts","sourceRoot":"","sources":["../../src/commands/auth-cleanup-command.ts"],"names":[],"mappings":"AAIA;;;;;;;GAOG;AACH,wBAAgB,0BAA0B,QAqBzC"}

package/esm/commands/auth-cleanup-command.js

@@ -0,0 +1,29 @@
+import {colors}from'@mongez/copper';import {command}from'@warlock.js/core';import {authService}from'../services/auth.service.js';/**
+ * Register the auth:cleanup CLI command
+ *
+ * @example
+ * ```bash
+ * warlock auth:cleanup
+ * ```
+ */
+function registerAuthCleanupCommand() {
+    return command({
+        name: "auth.cleanup",
+        description: "Remove expired refresh tokens from the database",
+        preload: {
+            env: true,
+            config: ["auth", "database"],
+            connectors: ["database"],
+        },
+        action: async () => {
+            console.log(colors.cyan("🧹 Cleaning up expired tokens..."));
+            const count = await authService.cleanupExpiredTokens();
+            if (count === 0) {
+                console.log(colors.green("✅ No expired tokens found."));
+            }
+            else {
+                console.log(colors.green(`✅ Removed ${count} expired token(s).`));
+            }
+        },
+    });
+}export{registerAuthCleanupCommand};//# sourceMappingURL=auth-cleanup-command.js.map

package/esm/commands/auth-cleanup-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-cleanup-command.js","sources":["../../src/commands/auth-cleanup-command.ts"],"sourcesContent":[null],"names":[],"mappings":"iIAIA;;;;;;;AAOG;SACa,0BAA0B,GAAA;AACxC,IAAA,OAAO,OAAO,CAAC;AACb,QAAA,IAAI,EAAE,cAAc;AACpB,QAAA,WAAW,EAAE,iDAAiD;AAC9D,QAAA,OAAO,EAAE;AACP,YAAA,GAAG,EAAE,IAAI;AACT,YAAA,MAAM,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC;YAC5B,UAAU,EAAE,CAAC,UAAU,CAAC;AACzB,SAAA;QACD,MAAM,EAAE,YAAW;YACjB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,CAAC;AAE7D,YAAA,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,oBAAoB,EAAE,CAAC;YAEvD,IAAI,KAAK,KAAK,CAAC,EAAE;gBACf,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;AACzD,aAAA;AAAM,iBAAA;AACL,gBAAA,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA,UAAA,EAAa,KAAK,CAAA,kBAAA,CAAoB,CAAC,CAAC,CAAC;AACnE,aAAA;SACF;AACF,KAAA,CAAC,CAAC;AACL"}

package/esm/commands/jwt-secret-generator-command.d.ts

@@ -0,0 +1,2 @@
+export declare function registerJWTSecretGeneratorCommand(): any;
+//# sourceMappingURL=jwt-secret-generator-command.d.ts.map

package/esm/commands/jwt-secret-generator-command.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-secret-generator-command.d.ts","sourceRoot":"","sources":["../../src/commands/jwt-secret-generator-command.ts"],"names":[],"mappings":"AAGA,wBAAgB,iCAAiC,QAMhD"}

package/esm/commands/jwt-secret-generator-command.js

@@ -0,0 +1,7 @@
+import {command}from'@warlock.js/core';import {generateJWTSecret}from'../services/generate-jwt-secret.js';function registerJWTSecretGeneratorCommand() {
+    return command({
+        name: "jwt.generate",
+        description: "Generate JWT Secret key in .env file",
+        action: generateJWTSecret,
+    });
+}export{registerJWTSecretGeneratorCommand};//# sourceMappingURL=jwt-secret-generator-command.js.map

package/esm/commands/jwt-secret-generator-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-secret-generator-command.js","sources":["../../src/commands/jwt-secret-generator-command.ts"],"sourcesContent":[null],"names":[],"mappings":"mHAGgB,iCAAiC,GAAA;AAC/C,IAAA,OAAO,OAAO,CAAC;AACb,QAAA,IAAI,EAAE,cAAc;AACpB,QAAA,WAAW,EAAE,sCAAsC;AACnD,QAAA,MAAM,EAAE,iBAAiB;AAC1B,KAAA,CAAC,CAAC;AACL"}

package/esm/contracts/auth-contract.d.ts

@@ -0,0 +1,23 @@
+export interface Authenticable {
+    /**
+     * Generate access token
+     */
+    generateAccessToken(): Promise<string>;
+    /**
+     * Generate refresh token
+     */
+    generateRefreshToken(): Promise<string>;
+    /**
+     * Change password
+     */
+    changePassword(password: string): Promise<void>;
+    /**
+     * Verify Password
+     */
+    verifyPassword(password: string): Promise<boolean>;
+    /**
+     * Get user type
+     */
+    getUserType(): string;
+}
+//# sourceMappingURL=auth-contract.d.ts.map

package/esm/contracts/auth-contract.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-contract.d.ts","sourceRoot":"","sources":["../../src/contracts/auth-contract.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,mBAAmB,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvC;;OAEG;IACH,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAExC;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhD;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEnD;;OAEG;IACH,WAAW,IAAI,MAAM,CAAC;CACvB"}

package/esm/contracts/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./auth-contract";
+export * from "./types";
+//# sourceMappingURL=index.d.ts.map

package/esm/contracts/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/contracts/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,SAAS,CAAC"}

package/esm/contracts/types.d.ts

@@ -0,0 +1,167 @@
+import { ChildModel } from "@warlock.js/cascade";
+import { type Algorithm } from "fast-jwt";
+import type { Auth } from "../models/auth.model";
+import type { Duration, ExpiresIn } from "../utils/duration";
+/**
+ * Symbol to indicate no expiration for tokens
+ * Use this when you explicitly want tokens to never expire
+ *
+ * @example
+ * ```typescript
+ * // src/config/auth.ts
+ * import { NO_EXPIRATION, type AuthConfigurations } from "@warlock.js/auth";
+ *
+ * const authConfigurations: AuthConfigurations = {
+ *   jwt: {
+ *     secret: env("JWT_SECRET"),
+ *     expiresIn: NO_EXPIRATION,  // Token never expires
+ *   },
+ * };
+ *
+ * export default authConfigurations;
+ * ```
+ */
+export declare const NO_EXPIRATION: unique symbol;
+/**
+ * Behavior when logout is called without a refresh token
+ * - "revoke-all": Revoke all refresh tokens for the user (secure default)
+ * - "error": Return an error requiring the refresh token
+ */
+export type LogoutWithoutTokenBehavior = "revoke-all" | "error";
+export type AuthConfigurations = {
+    /**
+     * Define all user types
+     * This is important to differentiate between user types when validating and generating tokens
+     */
+    userType: {
+        [userType: string]: ChildModel<Auth>;
+    };
+    /**
+     * JWT configurations
+     */
+    jwt: {
+        /**
+         * JWT secret key for signing access tokens
+         */
+        secret: string;
+        /**
+         * JWT algorithm
+         * @default "HS256"
+         */
+        algorithm?: Algorithm;
+        /**
+         * Access token expiration time
+         * Supports Duration object, string format, or NO_EXPIRATION
+         * @example { hours: 1 }, { days: 7, hours: 12 }, "1h", "1d 2h", NO_EXPIRATION
+         * @default { hours: 1 }
+         */
+        expiresIn?: ExpiresIn;
+        /**
+         * Refresh token configurations
+         */
+        refresh?: {
+            /**
+             * Separate secret for refresh tokens (recommended for security)
+             * If not provided, falls back to main JWT secret
+             */
+            secret?: string;
+            /**
+             * Enable refresh token
+             * @default true
+             */
+            enabled?: boolean;
+            /**
+             * Refresh token expiration time
+             * Supports Duration object or string format
+             * @example { days: 7 }, { weeks: 1 }, "7d", "1w"
+             * @default { days: 7 }
+             */
+            expiresIn?: Duration | string | number;
+            /**
+             * Enable token rotation (issue new refresh token on each use)
+             * Old refresh token is invalidated after use
+             * @default true
+             */
+            rotation?: boolean;
+            /**
+             * Maximum number of active refresh tokens per user
+             * When exceeded, oldest tokens are revoked
+             * @default 5
+             */
+            maxPerUser?: number;
+            /**
+             * Behavior when logout is called without a refresh token
+             * - "revoke-all": Revoke all tokens for security (default)
+             * - "error": Require refresh token, return error if missing
+             * @default "revoke-all"
+             */
+            logoutWithoutToken?: LogoutWithoutTokenBehavior;
+        };
+    };
+    /**
+     * Password configurations
+     */
+    password?: {
+        /**
+         * Password salt
+         * The higher the salt, the more secure the password is
+         * But, it will take more time to generate the password
+         * @default 12
+         */
+        salt?: number;
+    };
+};
+export type AccessTokenOutput = {
+    /**
+     * JWT Token
+     */
+    token: string;
+    /**
+     * Exprie time in ISO format UTC time
+     */
+    expiresAt: string;
+};
+/**
+ * Token pair returned after login or token refresh
+ */
+export type TokenPair = {
+    /**
+     * JWT access token (short-lived)
+     */
+    accessToken: AccessTokenOutput;
+    /**
+     * JWT refresh token (long-lived)
+     */
+    refreshToken?: AccessTokenOutput;
+};
+/**
+ * Device information for session tracking
+ */
+export type DeviceInfo = {
+    /**
+     * User agent string from request
+     */
+    userAgent?: string;
+    /**
+     * Client IP address
+     */
+    ip?: string;
+    /**
+     * Optional device identifier
+     */
+    deviceId?: string;
+    /**
+     * Token family ID (for rotation tracking)
+     * @internal
+     */
+    familyId?: string;
+    /**
+     * Access token payload
+     */
+    payload?: Record<string, any>;
+};
+export type LoginResult<UserType extends Auth> = {
+    user: UserType;
+    tokens: TokenPair;
+};
+//# sourceMappingURL=types.d.ts.map

package/esm/contracts/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/contracts/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE7D;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,aAAa,eAA0B,CAAC;AAErD;;;;GAIG;AACH,MAAM,MAAM,0BAA0B,GAAG,YAAY,GAAG,OAAO,CAAC;AAEhE,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;OAGG;IACH,QAAQ,EAAE;QACR,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;KACtC,CAAC;IACF;;OAEG;IACH,GAAG,EAAE;QACH;;WAEG;QACH,MAAM,EAAE,MAAM,CAAC;QACf;;;WAGG;QACH,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB;;;;;WAKG;QACH,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB;;WAEG;QACH,OAAO,CAAC,EAAE;YACR;;;eAGG;YACH,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB;;;eAGG;YACH,OAAO,CAAC,EAAE,OAAO,CAAC;YAClB;;;;;eAKG;YACH,SAAS,CAAC,EAAE,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC;YACvC;;;;eAIG;YACH,QAAQ,CAAC,EAAE,OAAO,CAAC;YACnB;;;;eAIG;YACH,UAAU,CAAC,EAAE,MAAM,CAAC;YACpB;;;;;eAKG;YACH,kBAAkB,CAAC,EAAE,0BAA0B,CAAC;SACjD,CAAC;KACH,CAAC;IACF;;OAEG;IACH,QAAQ,CAAC,EAAE;QACT;;;;;WAKG;QACH,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IACd;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG;IACtB;;OAEG;IACH,WAAW,EAAE,iBAAiB,CAAC;IAC/B;;OAEG;IACH,YAAY,CAAC,EAAE,iBAAiB,CAAC;CAClC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,WAAW,CAAC,QAAQ,SAAS,IAAI,IAAI;IAC/C,IAAI,EAAE,QAAQ,CAAC;IACf,MAAM,EAAE,SAAS,CAAC;CACnB,CAAC"}

package/esm/contracts/types.js

@@ -0,0 +1,20 @@
+/**
+ * Symbol to indicate no expiration for tokens
+ * Use this when you explicitly want tokens to never expire
+ *
+ * @example
+ * ```typescript
+ * // src/config/auth.ts
+ * import { NO_EXPIRATION, type AuthConfigurations } from "@warlock.js/auth";
+ *
+ * const authConfigurations: AuthConfigurations = {
+ *   jwt: {
+ *     secret: env("JWT_SECRET"),
+ *     expiresIn: NO_EXPIRATION,  // Token never expires
+ *   },
+ * };
+ *
+ * export default authConfigurations;
+ * ```
+ */
+const NO_EXPIRATION = Symbol("NO_EXPIRATION");export{NO_EXPIRATION};//# sourceMappingURL=types.js.map

package/esm/contracts/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sources":["../../src/contracts/types.ts"],"sourcesContent":[null],"names":[],"mappings":"AAKA;;;;;;;;;;;;;;;;;;AAkBG;MACU,aAAa,GAAG,MAAM,CAAC,eAAe"}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@warlock.js/auth",
-    "version": "4.0.161",
+    "version": "4.0.162",
     "description": "Authentication system for Warlock.js applications",
     "main": "./esm/index.js",
     "dependencies": {
@@ -12,10 +12,10 @@
         "@mongez/events": "^2.1.0",
         "@mongez/fs": "^3.0.5",
         "@mongez/reinforcements": "^2.3.17",
-        "@warlock.js/cascade": "4.0.161",
-        "@warlock.js/core": "4.0.161",
-        "@warlock.js/logger": "4.0.161",
-        "@warlock.js/seal": "4.0.161"
+        "@warlock.js/cascade": "4.0.162",
+        "@warlock.js/core": "4.0.162",
+        "@warlock.js/logger": "4.0.162",
+        "@warlock.js/seal": "4.0.162"
     },
     "repository": {
         "type": "git",