@warlock.js/auth 4.0.161 → 4.0.163

package/esm/services/auth.service.js

@@ -0,0 +1,322 @@
+import {Random}from'@mongez/reinforcements';import {config,verifyPassword,hashPassword}from'@warlock.js/core';import {AccessToken}from'../models/access-token/access-token.model.js';import {RefreshToken}from'../models/refresh-token/refresh-token.model.js';import {toJwtExpiresIn}from'../utils/duration.js';import {authEvents}from'./auth-events.js';import {jwt}from'./jwt.js';class AuthService {
+    /**
+     * Build access token payload from user
+     */
+    buildAccessTokenPayload(user) {
+        return {
+            id: user.id,
+            userType: user.userType,
+            created_at: Date.now(),
+        };
+    }
+    /**
+     * Generate access token for user
+     */
+    async generateAccessToken(user, payload) {
+        const data = payload || this.buildAccessTokenPayload(user);
+        const expiresInConfig = config.key("auth.jwt.expiresIn");
+        const expiresIn = toJwtExpiresIn(expiresInConfig, 3_600); // default 1 hour
+        // If expiresIn is undefined, token never expires
+        const token = await jwt.generate(data, { expiresIn });
+        const decoed = await jwt.verify(token);
+        // Store in database
+        await AccessToken.create({
+            token,
+            user_id: user.id,
+            user_type: user.userType,
+        });
+        return { token, expiresAt: new Date(decoed.exp * 1_000).toISOString() };
+    }
+    /**
+     * Create refresh token for user
+     */
+    async createRefreshToken(user, deviceInfo) {
+        const familyId = deviceInfo?.familyId || Random.string(32);
+        const payload = {
+            userId: user.id,
+            userType: user.userType,
+            familyId,
+        };
+        const token = await jwt.generateRefreshToken(payload);
+        const decoed = await jwt.verifyRefreshToken(token);
+        // Calculate expiration date (undefined means never expires, but we still set a far future date)
+        const expiresAt = new Date(decoed.exp * 1_000).toISOString();
+        // Enforce max tokens per user
+        await this.enforceMaxRefreshTokens(user);
+        // Store in database
+        return RefreshToken.create({
+            token,
+            user_id: user.id,
+            user_type: user.userType,
+            family_id: familyId,
+            expires_at: expiresAt,
+            device_info: deviceInfo
+                ? {
+                    userAgent: deviceInfo.userAgent,
+                    ip: deviceInfo.ip,
+                    deviceId: deviceInfo.deviceId,
+                }
+                : undefined,
+        });
+    }
+    /**
+     * Create both access and refresh tokens
+     */
+    async createTokenPair(user, deviceInfo) {
+        const accessToken = await this.generateAccessToken(user, deviceInfo?.payload);
+        const refreshToken = await this.createRefreshToken(user, deviceInfo);
+        const tokenPair = {
+            accessToken,
+            refreshToken: {
+                token: refreshToken.get("token"),
+                expiresAt: refreshToken.get("expires_at"),
+            },
+        };
+        // Emit events
+        authEvents.emit("token.created", user, tokenPair);
+        authEvents.emit("session.created", user, refreshToken, deviceInfo);
+        return tokenPair;
+    }
+    /**
+     * Refresh tokens using a refresh token
+     */
+    async refreshTokens(refreshTokenString, deviceInfo) {
+        try {
+            // 1. Verify JWT signature
+            const decoded = await jwt.verifyRefreshToken(refreshTokenString);
+            if (!decoded)
+                return null;
+            // 2. Find token in database
+            const refreshToken = await RefreshToken.first({ token: refreshTokenString });
+            if (!refreshToken?.isValid) {
+                // If token was already used (rotation detection), revoke entire family
+                if (refreshToken) {
+                    await this.revokeTokenFamily(refreshToken.get("family_id"));
+                }
+                return null;
+            }
+            // 3. Get user model and find user
+            const UserModel = config.key(`auth.userType.${decoded.userType}`);
+            if (!UserModel)
+                return null;
+            const user = (await UserModel.find(decoded.userId));
+            if (!user)
+                return null;
+            // 4. Rotate token if enabled (revoke old token)
+            const rotationEnabled = config.key("auth.jwt.refresh.rotation", true);
+            if (rotationEnabled) {
+                await refreshToken.revoke();
+            }
+            else {
+                await refreshToken.markAsUsed();
+            }
+            // 5. Generate new token pair (keep same family)
+            const newTokenPair = await this.createTokenPair(user, {
+                ...deviceInfo,
+                familyId: refreshToken.get("family_id"),
+            });
+            // Emit token refreshed event
+            authEvents.emit("token.refreshed", user, newTokenPair, refreshToken);
+            return newTokenPair;
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Verify password
+     */
+    async verifyPassword(plainPassword, hashedPassword) {
+        return verifyPassword(plainPassword, hashedPassword);
+    }
+    /**
+     * Hash password
+     */
+    async hashPassword(password) {
+        return hashPassword(password);
+    }
+    /**
+     * Attempt to login user with given credentials
+     */
+    async attemptLogin(Model, data) {
+        const { password, ...otherData } = data;
+        // Emit login attempt event
+        authEvents.emit("login.attempt", otherData);
+        const user = (await Model.first(otherData));
+        if (!user) {
+            authEvents.emit("login.failed", otherData, "User not found");
+            return null;
+        }
+        if (!(await this.verifyPassword(password, user.string("password")))) {
+            authEvents.emit("login.failed", otherData, "Invalid password");
+            return null;
+        }
+        return user;
+    }
+    /**
+     * Full login flow: validate credentials, create tokens, emit events
+     * Returns token pair on success, null on failure
+     */
+    async login(Model, credentials, deviceInfo) {
+        const user = await this.attemptLogin(Model, credentials);
+        if (!user) {
+            return null;
+        }
+        // if no refresh token in config, then return user and access token only
+        if (!config.key("auth.jwt.refresh.enabled", true)) {
+            const accessToken = await this.generateAccessToken(user, deviceInfo?.payload);
+            return { user, tokens: { accessToken } };
+        }
+        const tokens = await this.createTokenPair(user, deviceInfo);
+        // Emit login success event
+        authEvents.emit("login.success", user, tokens, deviceInfo);
+        return { user, tokens };
+    }
+    /**
+     * Logout user
+     * @param user - The authenticated user
+     * @param accessToken - Optional access token string to revoke
+     * @param refreshToken - Optional refresh token string to revoke
+     * If refresh token is not provided, behavior is determined by config:
+     * - "revoke-all" (default): Revoke ALL refresh tokens for security
+     * - "error": Throw error requiring refresh token
+     */
+    async logout(user, accessToken, refreshToken) {
+        // Remove access token if provided
+        if (accessToken) {
+            await this.removeAccessToken(user, accessToken);
+        }
+        if (refreshToken) {
+            // Revoke specific refresh token
+            const token = await RefreshToken.first({
+                token: refreshToken,
+                userId: user.id, // Security: ensure token belongs to this user
+            });
+            if (token) {
+                await token.revoke();
+                authEvents.emit("session.destroyed", user, token);
+            }
+        }
+        else {
+            // No refresh token provided - check configured behavior
+            const behavior = config.key("auth.jwt.refresh.logoutWithoutToken", "revoke-all");
+            if (behavior === "error") {
+                throw new Error("Refresh token required for logout");
+            }
+            // Default: revoke-all (fail-safe)
+            await this.revokeAllTokens(user);
+            authEvents.emit("logout.failsafe", user);
+        }
+        // Emit logout event
+        authEvents.emit("logout", user);
+    }
+    /**
+     * Remove specific access token
+     */
+    async removeAccessToken(user, token) {
+        AccessToken.delete({
+            token,
+            userId: user.id,
+        });
+    }
+    /**
+     * Remove all access tokens for a user
+     */
+    async removeAllAccessTokens(user) {
+        // Delete access token
+        AccessToken.delete({
+            user_id: user.id,
+        });
+    }
+    /**
+     * Remove specific refresh token
+     */
+    async removeRefreshToken(user, token) {
+        RefreshToken.delete({
+            token,
+            userId: user.id,
+        });
+    }
+    /**
+     * Revoke all tokens for a user
+     */
+    async revokeAllTokens(user) {
+        // Revoke all refresh tokens
+        const refreshTokens = await RefreshToken.query()
+            .where("user_id", user.id)
+            .where("user_type", user.userType)
+            .where("revoked_at", null)
+            .get();
+        for (const token of refreshTokens) {
+            await token.revoke();
+            authEvents.emit("token.revoked", user, token);
+        }
+        // Delete all access tokens
+        await this.removeAllAccessTokens(user);
+        // Emit logout all event
+        authEvents.emit("logout.all", user);
+    }
+    /**
+     * Revoke entire token family (for rotation breach detection)
+     */
+    async revokeTokenFamily(familyId) {
+        const tokens = await RefreshToken.query()
+            .where("family_id", familyId)
+            .where("revoked_at", null)
+            .get();
+        for (const token of tokens) {
+            await token.revoke();
+        }
+        // Emit family revoked event
+        authEvents.emit("token.familyRevoked", familyId, tokens);
+    }
+    /**
+     * Cleanup expired tokens
+     */
+    async cleanupExpiredTokens() {
+        const expiredTokens = await RefreshToken.query().where("expires_at", "<", new Date()).get();
+        for (const token of expiredTokens) {
+            authEvents.emit("token.expired", token);
+            await token.destroy();
+        }
+        // Emit cleanup completed event
+        authEvents.emit("cleanup.completed", expiredTokens.length);
+        return expiredTokens.length;
+    }
+    /**
+     * Enforce max refresh tokens per user
+     */
+    async enforceMaxRefreshTokens(user) {
+        const maxPerUser = config.key("auth.jwt.refresh.maxPerUser", 5);
+        const activeTokens = await RefreshToken.query()
+            .where({
+            user_id: user.id,
+            user_type: user.userType,
+            revoked_at: null,
+        })
+            .orderBy("created_at", "asc")
+            .get();
+        // Revoke oldest tokens if exceeding limit
+        if (activeTokens.length >= maxPerUser) {
+            const tokensToRevoke = activeTokens.slice(0, activeTokens.length - maxPerUser + 1);
+            for (const token of tokensToRevoke) {
+                await token.revoke();
+            }
+        }
+    }
+    /**
+     * Get active sessions for user
+     */
+    async getActiveSessions(user) {
+        return RefreshToken.query()
+            .where({
+            user_id: user.id,
+            user_type: user.userType,
+            revoked_at: null,
+        })
+            .where("expires_at", ">", new Date())
+            .orderBy("created_at", "desc")
+            .get();
+    }
+}
+const authService = new AuthService();export{authService};//# sourceMappingURL=auth.service.js.map

package/esm/services/auth.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.js","sources":["../../src/services/auth.service.ts"],"sourcesContent":[null],"names":[],"mappings":"sXAWA,MAAM,WAAW,CAAA;AACf;;AAEG;AACI,IAAA,uBAAuB,CAAC,IAAU,EAAA;QACvC,OAAO;YACL,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;AACvB,YAAA,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACvB,CAAC;KACH;AAED;;AAEG;AACI,IAAA,MAAM,mBAAmB,CAAC,IAAU,EAAE,OAAa,EAAA;QACxD,MAAM,IAAI,GAAG,OAAO,IAAI,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG,cAAc,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;;AAGzD,QAAA,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;;QAGvC,MAAM,WAAW,CAAC,MAAM,CAAC;YACvB,KAAK;YACL,OAAO,EAAE,IAAI,CAAC,EAAE;YAChB,SAAS,EAAE,IAAI,CAAC,QAAQ;AACzB,SAAA,CAAC,CAAC;AAEH,QAAA,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;KACzE;AAED;;AAEG;AACI,IAAA,MAAM,kBAAkB,CAAC,IAAU,EAAE,UAAuB,EAAA;AACjE,QAAA,MAAM,QAAQ,GAAG,UAAU,EAAE,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAE3D,QAAA,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ;SACT,CAAC;QAEF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;;AAGnD,QAAA,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;;AAG7D,QAAA,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;;QAGzC,OAAO,YAAY,CAAC,MAAM,CAAC;YACzB,KAAK;YACL,OAAO,EAAE,IAAI,CAAC,EAAE;YAChB,SAAS,EAAE,IAAI,CAAC,QAAQ;AACxB,YAAA,SAAS,EAAE,QAAQ;AACnB,YAAA,UAAU,EAAE,SAAS;AACrB,YAAA,WAAW,EAAE,UAAU;AACrB,kBAAE;oBACE,SAAS,EAAE,UAAU,CAAC,SAAS;oBAC/B,EAAE,EAAE,UAAU,CAAC,EAAE;oBACjB,QAAQ,EAAE,UAAU,CAAC,QAAQ;AAC9B,iBAAA;AACH,kBAAE,SAAS;AACd,SAAA,CAAC,CAAC;KACJ;AAED;;AAEG;AACI,IAAA,MAAM,eAAe,CAAC,IAAU,EAAE,UAAuB,EAAA;AAC9D,QAAA,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QAC9E,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AAErE,QAAA,MAAM,SAAS,GAAc;YAC3B,WAAW;AACX,YAAA,YAAY,EAAE;AACZ,gBAAA,KAAK,EAAE,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;AAChC,gBAAA,SAAS,EAAE,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC;AAC1C,aAAA;SACF,CAAC;;QAGF,UAAU,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QAClD,UAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;AAEnE,QAAA,OAAO,SAAS,CAAC;KAClB;AAED;;AAEG;AACI,IAAA,MAAM,aAAa,CACxB,kBAA0B,EAC1B,UAAuB,EAAA;QAEvB,IAAI;;YAEF,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,kBAAkB,CAIzC,kBAAkB,CAAC,CAAC;AAEvB,YAAA,IAAI,CAAC,OAAO;AAAE,gBAAA,OAAO,IAAI,CAAC;;AAG1B,YAAA,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;AAE7E,YAAA,IAAI,CAAC,YAAY,EAAE,OAAO,EAAE;;AAE1B,gBAAA,IAAI,YAAY,EAAE;oBAChB,MAAM,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC;AAC7D,iBAAA;AACD,gBAAA,OAAO,IAAI,CAAC;AACb,aAAA;;AAGD,YAAA,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,CAAiB,cAAA,EAAA,OAAO,CAAC,QAAQ,CAAE,CAAA,CAAC,CAAC;AAClE,YAAA,IAAI,CAAC,SAAS;AAAE,gBAAA,OAAO,IAAI,CAAC;AAE5B,YAAA,MAAM,IAAI,IAAI,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAgB,CAAC;AACnE,YAAA,IAAI,CAAC,IAAI;AAAE,gBAAA,OAAO,IAAI,CAAC;;YAGvB,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;AACtE,YAAA,IAAI,eAAe,EAAE;AACnB,gBAAA,MAAM,YAAY,CAAC,MAAM,EAAE,CAAC;AAC7B,aAAA;AAAM,iBAAA;AACL,gBAAA,MAAM,YAAY,CAAC,UAAU,EAAE,CAAC;AACjC,aAAA;;YAGD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE;AACpD,gBAAA,GAAG,UAAU;AACb,gBAAA,QAAQ,EAAE,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC;AACxC,aAAA,CAAC,CAAC;;YAGH,UAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;AAErE,YAAA,OAAO,YAAY,CAAC;AACrB,SAAA;QAAC,MAAM;AACN,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;KACF;AAED;;AAEG;AACI,IAAA,MAAM,cAAc,CAAC,aAAqB,EAAE,cAAsB,EAAA;AACvE,QAAA,OAAO,cAAc,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;KACtD;AAED;;AAEG;IACI,MAAM,YAAY,CAAC,QAAgB,EAAA;AACxC,QAAA,OAAO,YAAY,CAAC,QAAQ,CAAC,CAAC;KAC/B;AAED;;AAEG;AACI,IAAA,MAAM,YAAY,CAAiB,KAAoB,EAAE,IAAS,EAAA;QACvE,MAAM,EAAE,QAAQ,EAAE,GAAG,SAAS,EAAE,GAAG,IAAI,CAAC;;AAGxC,QAAA,UAAU,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAE5C,MAAM,IAAI,IAAI,MAAM,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAa,CAAC;QAExD,IAAI,CAAC,IAAI,EAAE;YACT,UAAU,CAAC,IAAI,CAAC,cAAc,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;AAC7D,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;AAED,QAAA,IAAI,EAAE,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAE,CAAC,CAAC,EAAE;YACpE,UAAU,CAAC,IAAI,CAAC,cAAc,EAAE,SAAS,EAAE,kBAAkB,CAAC,CAAC;AAC/D,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;AAED,QAAA,OAAO,IAAI,CAAC;KACb;AAED;;;AAGG;AACI,IAAA,MAAM,KAAK,CAChB,KAAoB,EACpB,WAAgB,EAChB,UAAuB,EAAA;QAEvB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QAEzD,IAAI,CAAC,IAAI,EAAE;AACT,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;;QAGD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,0BAA0B,EAAE,IAAI,CAAC,EAAE;AACjD,YAAA,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;YAC9E,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,CAAC;AAC1C,SAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;;QAG5D,UAAU,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;AAE3D,QAAA,OAAO,EAAE,IAAI,EAAE,MAAM,EAAoB,CAAC;KAC3C;AAED;;;;;;;;AAQG;AACI,IAAA,MAAM,MAAM,CAAC,IAAU,EAAE,WAAoB,EAAE,YAAqB,EAAA;;AAEzE,QAAA,IAAI,WAAW,EAAE;YACf,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;AACjD,SAAA;AAED,QAAA,IAAI,YAAY,EAAE;;AAEhB,YAAA,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC;AACrC,gBAAA,KAAK,EAAE,YAAY;AACnB,gBAAA,MAAM,EAAE,IAAI,CAAC,EAAE;AAChB,aAAA,CAAC,CAAC;AAEH,YAAA,IAAI,KAAK,EAAE;AACT,gBAAA,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC;gBACrB,UAAU,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;AACnD,aAAA;AACF,SAAA;AAAM,aAAA;;YAEL,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,qCAAqC,EAAE,YAAY,CAEpE,CAAC;YAEZ,IAAI,QAAQ,KAAK,OAAO,EAAE;AACxB,gBAAA,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;AACtD,aAAA;;AAGD,YAAA,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;AACjC,YAAA,UAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;AAC1C,SAAA;;AAGD,QAAA,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;KACjC;AAED;;AAEG;AACI,IAAA,MAAM,iBAAiB,CAAC,IAAU,EAAE,KAAa,EAAA;QACtD,WAAW,CAAC,MAAM,CAAC;YACjB,KAAK;YACL,MAAM,EAAE,IAAI,CAAC,EAAE;AAChB,SAAA,CAAC,CAAC;KACJ;AAED;;AAEG;IACI,MAAM,qBAAqB,CAAC,IAAU,EAAA;;QAE3C,WAAW,CAAC,MAAM,CAAC;YACjB,OAAO,EAAE,IAAI,CAAC,EAAE;AACjB,SAAA,CAAC,CAAC;KACJ;AAED;;AAEG;AACI,IAAA,MAAM,kBAAkB,CAAC,IAAU,EAAE,KAAa,EAAA;QACvD,YAAY,CAAC,MAAM,CAAC;YAClB,KAAK;YACL,MAAM,EAAE,IAAI,CAAC,EAAE;AAChB,SAAA,CAAC,CAAC;KACJ;AAED;;AAEG;IACI,MAAM,eAAe,CAAC,IAAU,EAAA;;AAErC,QAAA,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,KAAK,EAAE;AAC7C,aAAA,KAAK,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC;AACzB,aAAA,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC;AACjC,aAAA,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC;AACzB,aAAA,GAAG,EAAE,CAAC;AAET,QAAA,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE;AACjC,YAAA,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC;YACrB,UAAU,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;AAC/C,SAAA;;AAGD,QAAA,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC;;AAGvC,QAAA,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;KACrC;AAED;;AAEG;IACI,MAAM,iBAAiB,CAAC,QAAgB,EAAA;AAC7C,QAAA,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,EAAE;AACtC,aAAA,KAAK,CAAC,WAAW,EAAE,QAAQ,CAAC;AAC5B,aAAA,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC;AACzB,aAAA,GAAG,EAAE,CAAC;AAET,QAAA,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;AAC1B,YAAA,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC;AACtB,SAAA;;QAGD,UAAU,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;KAC1D;AAED;;AAEG;AACI,IAAA,MAAM,oBAAoB,GAAA;QAC/B,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC;AAE5F,QAAA,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE;AACjC,YAAA,UAAU,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;AACxC,YAAA,MAAM,KAAK,CAAC,OAAO,EAAE,CAAC;AACvB,SAAA;;QAGD,UAAU,CAAC,IAAI,CAAC,mBAAmB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;QAE3D,OAAO,aAAa,CAAC,MAAM,CAAC;KAC7B;AAED;;AAEG;IACK,MAAM,uBAAuB,CAAC,IAAU,EAAA;QAC9C,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,6BAA6B,EAAE,CAAC,CAAC,CAAC;AAEhE,QAAA,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,KAAK,EAAE;AAC5C,aAAA,KAAK,CAAC;YACL,OAAO,EAAE,IAAI,CAAC,EAAE;YAChB,SAAS,EAAE,IAAI,CAAC,QAAQ;AACxB,YAAA,UAAU,EAAE,IAAI;SACjB,CAAC;AACD,aAAA,OAAO,CAAC,YAAY,EAAE,KAAK,CAAC;AAC5B,aAAA,GAAG,EAAE,CAAC;;AAGT,QAAA,IAAI,YAAY,CAAC,MAAM,IAAI,UAAU,EAAE;AACrC,YAAA,MAAM,cAAc,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,CAAC;AACnF,YAAA,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE;AAClC,gBAAA,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC;AACtB,aAAA;AACF,SAAA;KACF;AAED;;AAEG;IACI,MAAM,iBAAiB,CAAC,IAAU,EAAA;QACvC,OAAO,YAAY,CAAC,KAAK,EAAE;AACxB,aAAA,KAAK,CAAC;YACL,OAAO,EAAE,IAAI,CAAC,EAAE;YAChB,SAAS,EAAE,IAAI,CAAC,QAAQ;AACxB,YAAA,UAAU,EAAE,IAAI;SACjB,CAAC;aACD,KAAK,CAAC,YAAY,EAAE,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC;AACpC,aAAA,OAAO,CAAC,YAAY,EAAE,MAAM,CAAC;AAC7B,aAAA,GAAG,EAAE,CAAC;KACV;AACF,CAAA;AAEY,MAAA,WAAW,GAAG,IAAI,WAAW"}

package/esm/services/generate-jwt-secret.d.ts

@@ -0,0 +1,2 @@
+export declare function generateJWTSecret(): Promise<void>;
+//# sourceMappingURL=generate-jwt-secret.d.ts.map

package/esm/services/generate-jwt-secret.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate-jwt-secret.d.ts","sourceRoot":"","sources":["../../src/services/generate-jwt-secret.ts"],"names":[],"mappings":"AAKA,wBAAsB,iBAAiB,kBAuDtC"}

package/esm/services/generate-jwt-secret.js

@@ -0,0 +1,47 @@
+import {fileExistsAsync,getFileAsync,putFileAsync}from'@mongez/fs';import {Random}from'@mongez/reinforcements';import {rootPath,environment}from'@warlock.js/core';import {log}from'@warlock.js/logger';async function generateJWTSecret() {
+    let envFile = rootPath(".env");
+    log.info("jwt", "generating", "Generating JWT secrets");
+    const environmentMode = environment();
+    if (!(await fileExistsAsync(envFile))) {
+        const envFileType = environmentMode === "production" ? ".env.production" : ".env.development";
+        envFile = rootPath(envFileType);
+    }
+    if (!(await fileExistsAsync(envFile))) {
+        log.error("jwt", "error", ".env file not found");
+        return;
+    }
+    let contents = await getFileAsync(envFile);
+    const hasJwtSecret = contents.includes("JWT_SECRET");
+    const hasJwtRefreshSecret = contents.includes("JWT_REFRESH_SECRET");
+    if (hasJwtSecret && hasJwtRefreshSecret) {
+        log.warn("jwt", "exists", "JWT secrets already exist in the .env file.");
+        return;
+    }
+    let secretsToAdd = "";
+    if (!hasJwtSecret) {
+        const jwtSecret = Random.string(32);
+        secretsToAdd += `
+# JWT Secret
+JWT_SECRET=${jwtSecret}
+`;
+        log.success("jwt", "generated", "JWT_SECRET generated and added to the .env file.");
+    }
+    else {
+        log.info("jwt", "exists", "JWT_SECRET already exists in the .env file.");
+    }
+    if (!hasJwtRefreshSecret) {
+        const jwtRefreshSecret = Random.string(32);
+        secretsToAdd += `
+# JWT Refresh Secret
+JWT_REFRESH_SECRET=${jwtRefreshSecret}
+`;
+        log.success("jwt", "generated", "JWT_REFRESH_SECRET generated and added to the .env file.");
+    }
+    else {
+        log.info("jwt", "exists", "JWT_REFRESH_SECRET already exists in the .env file.");
+    }
+    if (secretsToAdd) {
+        contents += secretsToAdd;
+        await putFileAsync(envFile, contents);
+    }
+}export{generateJWTSecret};//# sourceMappingURL=generate-jwt-secret.js.map

package/esm/services/generate-jwt-secret.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate-jwt-secret.js","sources":["../../src/services/generate-jwt-secret.ts"],"sourcesContent":[null],"names":[],"mappings":"wMAKO,eAAe,iBAAiB,GAAA;AACrC,IAAA,IAAI,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;IAE/B,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,wBAAwB,CAAC,CAAC;AAExD,IAAA,MAAM,eAAe,GAAG,WAAW,EAAE,CAAC;IAEtC,IAAI,EAAE,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC,EAAE;AACrC,QAAA,MAAM,WAAW,GAAG,eAAe,KAAK,YAAY,GAAG,iBAAiB,GAAG,kBAAkB,CAAC;AAC9F,QAAA,OAAO,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC;AACjC,KAAA;IAED,IAAI,EAAE,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC,EAAE;QACrC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,qBAAqB,CAAC,CAAC;QACjD,OAAO;AACR,KAAA;AAED,IAAA,IAAI,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;IAE3C,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IACrD,MAAM,mBAAmB,GAAG,QAAQ,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;IAEpE,IAAI,YAAY,IAAI,mBAAmB,EAAE;QACvC,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,6CAA6C,CAAC,CAAC;QACzE,OAAO;AACR,KAAA;IAED,IAAI,YAAY,GAAG,EAAE,CAAC;IAEtB,IAAI,CAAC,YAAY,EAAE;QACjB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AACpC,QAAA,YAAY,IAAI,CAAA;;aAEP,SAAS,CAAA;CACrB,CAAC;QACE,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,kDAAkD,CAAC,CAAC;AACrF,KAAA;AAAM,SAAA;QACL,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,6CAA6C,CAAC,CAAC;AAC1E,KAAA;IAED,IAAI,CAAC,mBAAmB,EAAE;QACxB,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAC3C,QAAA,YAAY,IAAI,CAAA;;qBAEC,gBAAgB,CAAA;CACpC,CAAC;QACE,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,0DAA0D,CAAC,CAAC;AAC7F,KAAA;AAAM,SAAA;QACL,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,qDAAqD,CAAC,CAAC;AAClF,KAAA;AAED,IAAA,IAAI,YAAY,EAAE;QAChB,QAAQ,IAAI,YAAY,CAAC;AACzB,QAAA,MAAM,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;AACvC,KAAA;AACH"}

package/esm/services/index.d.ts

@@ -0,0 +1,5 @@
+export * from "./auth-events";
+export * from "./auth.service";
+export * from "./generate-jwt-secret";
+export * from "./jwt";
+//# sourceMappingURL=index.d.ts.map

package/esm/services/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,uBAAuB,CAAC;AACtC,cAAc,OAAO,CAAC"}

package/esm/services/jwt.d.ts

@@ -0,0 +1,23 @@
+import { type SignerOptions, type VerifierOptions } from "fast-jwt";
+export declare const jwt: {
+    /**
+     * Generate a new JWT token for the user.
+     * @param payload The payload to encode in the JWT token.
+     */
+    generate(payload: any, { key, algorithm, ...options }?: any): Promise<string>;
+    /**
+     * Verify the given token.
+     * @param token The JWT token to verify.
+     * @returns The decoded token payload if verification is successful.
+     */
+    verify<T = any>(token: string, { key, algorithms, ...options }?: any): Promise<T>;
+    /**
+     * Generate a new refresh token for the user.
+     */
+    generateRefreshToken(payload: any, { key, expiresIn, algorithm, ...options }?: any): Promise<string>;
+    /**
+     * Verify the given refresh token.
+     */
+    verifyRefreshToken<T_1 = any>(token: string, { key, algorithms, ...options }?: any): Promise<T_1>;
+};
+//# sourceMappingURL=jwt.d.ts.map

package/esm/services/jwt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../src/services/jwt.ts"],"names":[],"mappings":"AACA,OAAO,EAIL,KAAK,aAAa,EAClB,KAAK,eAAe,EACrB,MAAM,UAAU,CAAC;AASlB,eAAO,MAAM,GAAG;IACd;;;OAGG;sBAEQ,GAAG,yCAMX,QAAQ,MAAM,CAAC;IAQlB;;;;OAIG;2BAEM,MAAM;IAYf;;OAEG;kCAEQ,GAAG,oDAOX,QAAQ,MAAM,CAAC;IAKlB;;OAEG;yCAEM,MAAM;CAUhB,CAAC"}

package/esm/services/jwt.js

@@ -0,0 +1,40 @@
+import {config}from'@warlock.js/core';import {createSigner,createVerifier}from'fast-jwt';const getSecretKey = () => config.key("auth.jwt.secret");
+const getAlgorithm = () => config.key("auth.jwt.algorithm", "HS256");
+const getRefreshSecretKey = () => config.key("auth.jwt.refresh.secret");
+// Assuming there's a separate config for refresh token validity, for example, '7d' for 7 days
+const getRefreshTokenValidity = () => config.key("auth.jwt.refresh.expiresIn");
+const jwt = {
+    /**
+     * Generate a new JWT token for the user.
+     * @param payload The payload to encode in the JWT token.
+     */
+    async generate(payload, { key = getSecretKey(), algorithm = getAlgorithm(), ...options } = {}) {
+        // Create a signer function with predefined options
+        const sign = createSigner({ key, ...options, algorithm });
+        const token = await sign({ ...payload });
+        return token;
+    },
+    /**
+     * Verify the given token.
+     * @param token The JWT token to verify.
+     * @returns The decoded token payload if verification is successful.
+     */
+    async verify(token, { key = getSecretKey(), algorithms = getAlgorithm() ? [getAlgorithm()] : undefined, ...options } = {}) {
+        const verify = createVerifier({ key, ...options, algorithms });
+        return await verify(token);
+    },
+    /**
+     * Generate a new refresh token for the user.
+     */
+    async generateRefreshToken(payload, { key = getRefreshSecretKey(), expiresIn = getRefreshTokenValidity(), algorithm = getAlgorithm(), ...options } = {}) {
+        const sign = createSigner({ key, expiresIn, algorithm, ...options });
+        return sign({ ...payload });
+    },
+    /**
+     * Verify the given refresh token.
+     */
+    async verifyRefreshToken(token, { key = getRefreshSecretKey(), algorithms = [getAlgorithm()], ...options } = {}) {
+        const verify = createVerifier({ key, algorithms, ...options });
+        return await verify(token);
+    },
+};export{jwt};//# sourceMappingURL=jwt.js.map

package/esm/services/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sources":["../../src/services/jwt.ts"],"sourcesContent":[null],"names":[],"mappings":"yFASA,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAW,CAAC;AACnE,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,OAAO,CAAc,CAAC;AAElF,MAAM,mBAAmB,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,yBAAyB,CAAW,CAAC;AAClF;AACA,MAAM,uBAAuB,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAoB,CAAC;AAErF,MAAA,GAAG,GAAG;AACjB;;;AAGG;AACH,IAAA,MAAM,QAAQ,CACZ,OAAY,EACZ,EACE,GAAG,GAAG,YAAY,EAAE,EACpB,SAAS,GAAG,YAAY,EAAE,EAC1B,GAAG,OAAO,KAC0B,EAAE,EAAA;;AAGxC,QAAA,MAAM,IAAI,GAAG,YAAY,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;QAE1D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;AACzC,QAAA,OAAO,KAAK,CAAC;KACd;AAED;;;;AAIG;AACH,IAAA,MAAM,MAAM,CACV,KAAa,EACb,EACE,GAAG,GAAG,YAAY,EAAE,EACpB,UAAU,GAAG,YAAY,EAAE,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,SAAS,EAC1D,GAAG,OAAO,KAC4B,EAAE,EAAA;AAE1C,QAAA,MAAM,MAAM,GAAG,cAAc,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC;AAE/D,QAAA,OAAO,MAAM,MAAM,CAAC,KAAe,CAAC,CAAC;KACtC;AAED;;AAEG;IACH,MAAM,oBAAoB,CACxB,OAAY,EACZ,EACE,GAAG,GAAG,mBAAmB,EAAE,EAC3B,SAAS,GAAG,uBAAuB,EAAE,EACrC,SAAS,GAAG,YAAY,EAAE,EAC1B,GAAG,OAAO,EAAA,GAC0B,EAAE,EAAA;AAExC,QAAA,MAAM,IAAI,GAAG,YAAY,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;AACrE,QAAA,OAAO,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;KAC7B;AAED;;AAEG;IACH,MAAM,kBAAkB,CACtB,KAAa,EACb,EACE,GAAG,GAAG,mBAAmB,EAAE,EAC3B,UAAU,GAAG,CAAC,YAAY,EAAE,CAAC,EAC7B,GAAG,OAAO,EAAA,GAC4B,EAAE,EAAA;AAE1C,QAAA,MAAM,MAAM,GAAG,cAAc,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;AAC/D,QAAA,OAAO,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC;KAC5B;"}

package/esm/utils/auth-error-codes.d.ts

@@ -0,0 +1,18 @@
+export declare enum AuthErrorCodes {
+    /**
+     * Missing Access Token Error Code EC001
+     * EC001 = Missing Access Token
+     */
+    MissingAccessToken = "EC001",
+    /**
+     * Invalid Access Token Error Code EC002
+     * EC002 = Invalid Access Token
+     */
+    InvalidAccessToken = "EC002",
+    /**
+     * Unauthorized Error Code EC003
+     * EC003 = Unauthorized
+     */
+    Unauthorized = "EC003"
+}
+//# sourceMappingURL=auth-error-codes.d.ts.map

package/esm/utils/auth-error-codes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-error-codes.d.ts","sourceRoot":"","sources":["../../src/utils/auth-error-codes.ts"],"names":[],"mappings":"AAAA,oBAAY,cAAc;IACxB;;;OAGG;IACH,kBAAkB,UAAU;IAC5B;;;OAGG;IACH,kBAAkB,UAAU;IAC5B;;;OAGG;IACH,YAAY,UAAU;CACvB"}

package/esm/utils/auth-error-codes.js

@@ -0,0 +1,18 @@
+var AuthErrorCodes;
+(function (AuthErrorCodes) {
+    /**
+     * Missing Access Token Error Code EC001
+     * EC001 = Missing Access Token
+     */
+    AuthErrorCodes["MissingAccessToken"] = "EC001";
+    /**
+     * Invalid Access Token Error Code EC002
+     * EC002 = Invalid Access Token
+     */
+    AuthErrorCodes["InvalidAccessToken"] = "EC002";
+    /**
+     * Unauthorized Error Code EC003
+     * EC003 = Unauthorized
+     */
+    AuthErrorCodes["Unauthorized"] = "EC003";
+})(AuthErrorCodes || (AuthErrorCodes = {}));export{AuthErrorCodes};//# sourceMappingURL=auth-error-codes.js.map

package/esm/utils/auth-error-codes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-error-codes.js","sources":["../../src/utils/auth-error-codes.ts"],"sourcesContent":[null],"names":[],"mappings":"IAAY,eAgBX;AAhBD,CAAA,UAAY,cAAc,EAAA;AACxB;;;AAGG;AACH,IAAA,cAAA,CAAA,oBAAA,CAAA,GAAA,OAA4B,CAAA;AAC5B;;;AAGG;AACH,IAAA,cAAA,CAAA,oBAAA,CAAA,GAAA,OAA4B,CAAA;AAC5B;;;AAGG;AACH,IAAA,cAAA,CAAA,cAAA,CAAA,GAAA,OAAsB,CAAA;AACxB,CAAC,EAhBW,cAAc,KAAd,cAAc,GAgBzB,EAAA,CAAA,CAAA"}

package/esm/utils/duration.d.ts

@@ -0,0 +1,45 @@
+import { NO_EXPIRATION } from "../contracts/types";
+/**
+ * Duration object for specifying time periods
+ * All units are additive (e.g., { days: 1, hours: 6 } = 30 hours)
+ *
+ * @example
+ * ```typescript
+ * { hours: 1 }           // 1 hour
+ * { days: 7, hours: 12 } // 7.5 days
+ * { minutes: 30 }        // 30 minutes
+ * ```
+ */
+export type Duration = {
+    milliseconds?: number;
+    seconds?: number;
+    minutes?: number;
+    hours?: number;
+    days?: number;
+    weeks?: number;
+};
+/**
+ * Expiration value type - can be a Duration object, string format, or NO_EXPIRATION
+ */
+export type ExpiresIn = Duration | typeof NO_EXPIRATION | string | number;
+/**
+ * Parse duration to milliseconds
+ * Supports Duration object, string format ("1d 2h 30m"), or number (raw ms)
+ *
+ * @example
+ * ```typescript
+ * parseExpirationToMs({ hours: 1 })       // 3600000
+ * parseExpirationToMs({ days: 1 })        // 86400000
+ * parseExpirationToMs("1h")               // 3600000
+ * parseExpirationToMs("1d 2h 30m")        // 95400000
+ * parseExpirationToMs(3600000)            // 3600000
+ * parseExpirationToMs(NO_EXPIRATION)      // undefined
+ * ```
+ */
+export declare function parseExpirationToMs(expiration: ExpiresIn | undefined, defaultMs?: number): number | undefined;
+/**
+ * Convert ExpiresIn to a value suitable for jwt.generate (string or number)
+ * Returns undefined if NO_EXPIRATION
+ */
+export declare function toJwtExpiresIn(expiration: ExpiresIn | undefined, defaultMs?: number): string | undefined;
+//# sourceMappingURL=duration.d.ts.map

package/esm/utils/duration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"duration.d.ts","sourceRoot":"","sources":["../../src/utils/duration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD;;;;;;;;;;GAUG;AACH,MAAM,MAAM,QAAQ,GAAG;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,QAAQ,GAAG,OAAO,aAAa,GAAG,MAAM,GAAG,MAAM,CAAC;AAE1E;;;;;;;;;;;;;GAaG;AACH,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,SAAS,GAAG,SAAS,EACjC,SAAS,GAAE,MAAgB,GAC1B,MAAM,GAAG,SAAS,CAmBpB;AAuDD;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,UAAU,EAAE,SAAS,GAAG,SAAS,EACjC,SAAS,GAAE,MAAgB,GAC1B,MAAM,GAAG,SAAS,CAMpB"}