@warlock.js/auth 4.0.162 → 4.0.164

package/esm/index.d.ts

@@ -0,0 +1,8 @@
+export * from "./commands/auth-cleanup-command";
+export * from "./commands/jwt-secret-generator-command";
+export * from "./contracts";
+export * from "./middleware";
+export * from "./models";
+export * from "./services";
+export * from "./utils";
+//# sourceMappingURL=index.d.ts.map

package/esm/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iCAAiC,CAAC;AAChD,cAAc,yCAAyC,CAAC;AACxD,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,cAAc,YAAY,CAAC;AAC3B,cAAc,SAAS,CAAC"}

package/esm/index.js

@@ -0,0 +1 @@
+export{registerAuthCleanupCommand}from'./commands/auth-cleanup-command.js';export{registerJWTSecretGeneratorCommand}from'./commands/jwt-secret-generator-command.js';export{NO_EXPIRATION}from'./contracts/types.js';export{authMiddleware}from'./middleware/auth.middleware.js';export{authMigrations}from'./models/index.js';export{authEvents}from'./services/auth-events.js';export{authService}from'./services/auth.service.js';export{generateJWTSecret}from'./services/generate-jwt-secret.js';export{jwt}from'./services/jwt.js';export{AuthErrorCodes}from'./utils/auth-error-codes.js';export{parseExpirationToMs,toJwtExpiresIn}from'./utils/duration.js';export{AccessToken}from'./models/access-token/access-token.model.js';export{Auth}from'./models/auth.model.js';export{RefreshToken}from'./models/refresh-token/refresh-token.model.js';//# sourceMappingURL=index.js.map

package/esm/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sources":[],"sourcesContent":[],"names":[],"mappings":""}

package/esm/middleware/auth.middleware.d.ts

@@ -0,0 +1,2 @@
+export declare function authMiddleware(allowedUserType?: string | string[]): Middleware;
+//# sourceMappingURL=auth.middleware.d.ts.map

package/esm/middleware/auth.middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.middleware.d.ts","sourceRoot":"","sources":["../../src/middleware/auth.middleware.ts"],"names":[],"mappings":"AAMA,wBAAgB,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,cAsFjE"}

package/esm/middleware/auth.middleware.js

@@ -0,0 +1,72 @@
+import {t,config}from'@warlock.js/core';import {log}from'@warlock.js/logger';import {AccessToken}from'../models/access-token/access-token.model.js';import {jwt}from'../services/jwt.js';import {AuthErrorCodes}from'../utils/auth-error-codes.js';function authMiddleware(allowedUserType) {
+    const allowedTypes = !allowedUserType
+        ? []
+        : Array.isArray(allowedUserType)
+            ? allowedUserType
+            : [allowedUserType];
+    const auth = async (request, response) => {
+        try {
+            const authorizationValue = request.authorizationValue;
+            if (!allowedTypes.length && !authorizationValue)
+                return;
+            if (!authorizationValue) {
+                return response.unauthorized({
+                    error: t("auth.errors.missingAccessToken"),
+                    errorCode: AuthErrorCodes.MissingAccessToken,
+                });
+            }
+            // get current user jwt
+            const user = await jwt.verify(authorizationValue);
+            // store decoded access token object in request object
+            request.decodedAccessToken = user;
+            // use our own jwt verify to verify the token
+            const accessToken = await AccessToken.first({
+                token: authorizationValue,
+            });
+            if (!accessToken) {
+                return response.unauthorized({
+                    error: t("auth.errors.invalidAccessToken"),
+                    errorCode: AuthErrorCodes.InvalidAccessToken,
+                });
+            }
+            // now, we need to get an instance of user using its corresponding model
+            const userType = user.userType || accessToken.get("userType");
+            // check if the user type is allowed
+            if (allowedTypes.length && !allowedTypes.includes(userType)) {
+                return response.unauthorized({
+                    error: t("auth.errors.unauthorized"),
+                    errorCode: AuthErrorCodes.Unauthorized,
+                });
+            }
+            // get user model class
+            const UserModel = config.key(`auth.userType.${userType}`);
+            if (!UserModel) {
+                throw new Error(`User type ${userType} is unknown type.`);
+            }
+            // get user model instance
+            const currentUser = await UserModel.find(user.id);
+            if (!currentUser) {
+                accessToken.destroy();
+                return response.unauthorized({
+                    error: t("auth.errors.invalidAccessToken"),
+                    errorCode: AuthErrorCodes.InvalidAccessToken,
+                });
+            }
+            // update last access
+            // accessToken.set("lastAccess", new Date());
+            // await accessToken.save({ skipEvents: true });
+            // set current user
+            request.user = currentUser;
+        }
+        catch (err) {
+            log.error("http", "auth", err);
+            // unset current user
+            request.clearCurrentUser();
+            return response.unauthorized({
+                error: t("auth.errors.invalidAccessToken"),
+                errorCode: AuthErrorCodes.InvalidAccessToken,
+            });
+        }
+    };
+    return auth;
+}export{authMiddleware};//# sourceMappingURL=auth.middleware.js.map

package/esm/middleware/auth.middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.middleware.js","sources":["../../src/middleware/auth.middleware.ts"],"sourcesContent":[null],"names":[],"mappings":"mPAMM,SAAU,cAAc,CAAC,eAAmC,EAAA;IAChE,MAAM,YAAY,GAAG,CAAC,eAAe;AACnC,UAAE,EAAE;AACJ,UAAE,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC;AAC9B,cAAE,eAAe;AACjB,cAAE,CAAC,eAAe,CAAC,CAAC;IAExB,MAAM,IAAI,GAAe,OAAO,OAAgB,EAAE,QAAkB,KAAI;QACtE,IAAI;AACF,YAAA,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;AAEtD,YAAA,IAAI,CAAC,YAAY,CAAC,MAAM,IAAI,CAAC,kBAAkB;gBAAE,OAAO;YAExD,IAAI,CAAC,kBAAkB,EAAE;gBACvB,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,oBAAA,KAAK,EAAE,CAAC,CAAC,gCAAgC,CAAC;oBAC1C,SAAS,EAAE,cAAc,CAAC,kBAAkB;AAC7C,iBAAA,CAAC,CAAC;AACJ,aAAA;;YAGD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;;AAGlD,YAAA,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;;AAElC,YAAA,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC;AAC1C,gBAAA,KAAK,EAAE,kBAAkB;AAC1B,aAAA,CAAC,CAAC;YAEH,IAAI,CAAC,WAAW,EAAE;gBAChB,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,oBAAA,KAAK,EAAE,CAAC,CAAC,gCAAgC,CAAC;oBAC1C,SAAS,EAAE,cAAc,CAAC,kBAAkB;AAC7C,iBAAA,CAAC,CAAC;AACJ,aAAA;;AAGD,YAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;;YAG9D,IAAI,YAAY,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBAC3D,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,oBAAA,KAAK,EAAE,CAAC,CAAC,0BAA0B,CAAC;oBACpC,SAAS,EAAE,cAAc,CAAC,YAAY;AACvC,iBAAA,CAAC,CAAC;AACJ,aAAA;;YAGD,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,CAAiB,cAAA,EAAA,QAAQ,CAAE,CAAA,CAAC,CAAC;YAE1D,IAAI,CAAC,SAAS,EAAE;AACd,gBAAA,MAAM,IAAI,KAAK,CAAC,aAAa,QAAQ,CAAA,iBAAA,CAAmB,CAAC,CAAC;AAC3D,aAAA;;YAGD,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAElD,IAAI,CAAC,WAAW,EAAE;gBAChB,WAAW,CAAC,OAAO,EAAE,CAAC;gBACtB,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,oBAAA,KAAK,EAAE,CAAC,CAAC,gCAAgC,CAAC;oBAC1C,SAAS,EAAE,cAAc,CAAC,kBAAkB;AAC7C,iBAAA,CAAC,CAAC;AACJ,aAAA;;;;;AAOD,YAAA,OAAO,CAAC,IAAI,GAAG,WAAW,CAAC;AAC5B,SAAA;AAAC,QAAA,OAAO,GAAQ,EAAE;YACjB,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;;YAG/B,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAE3B,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,gBAAA,KAAK,EAAE,CAAC,CAAC,gCAAgC,CAAC;gBAC1C,SAAS,EAAE,cAAc,CAAC,kBAAkB;AAC7C,aAAA,CAAC,CAAC;AACJ,SAAA;AACH,KAAC,CAAC;AAEF,IAAA,OAAO,IAAI,CAAC;AACd"}

package/esm/middleware/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./auth.middleware";
+//# sourceMappingURL=index.d.ts.map

package/esm/middleware/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC"}

package/esm/models/access-token/access-token.model.d.ts

@@ -0,0 +1,9 @@
+import { Model } from "@warlock.js/cascade";
+export declare class AccessToken extends Model {
+    /**
+     * {@inheritDoc}
+     */
+    static table: string;
+    static schema: any;
+}
+//# sourceMappingURL=access-token.model.d.ts.map

package/esm/models/access-token/access-token.model.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-token.model.d.ts","sourceRoot":"","sources":["../../../src/models/access-token/access-token.model.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAW5C,qBAAa,WAAY,SAAQ,KAAK;IACpC;;OAEG;IACH,OAAc,KAAK,SAAmB;IAEtC,OAAc,MAAM,MAAqB;CAC1C"}

package/esm/models/access-token/access-token.model.js

@@ -0,0 +1,14 @@
+import {Model}from'@warlock.js/cascade';import {v}from'@warlock.js/seal';const accessTokenSchema = v.object({
+    token: v.string().required(),
+    last_access: v.date().defaultNow().optional(),
+    user_id: v.scalar().required(),
+    user_type: v.string().required(),
+    is_active: v.boolean().default(true),
+});
+class AccessToken extends Model {
+    /**
+     * {@inheritDoc}
+     */
+    static table = "access_tokens";
+    static schema = accessTokenSchema;
+}export{AccessToken};//# sourceMappingURL=access-token.model.js.map

package/esm/models/access-token/access-token.model.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-token.model.js","sources":["../../../src/models/access-token/access-token.model.ts"],"sourcesContent":[null],"names":[],"mappings":"yEAGA,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;AACjC,IAAA,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,WAAW,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE;AAC7C,IAAA,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAC9B,IAAA,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;AACrC,CAAA,CAAC,CAAC;AAEG,MAAO,WAAY,SAAQ,KAAK,CAAA;AACpC;;AAEG;AACI,IAAA,OAAO,KAAK,GAAG,eAAe,CAAC;AAE/B,IAAA,OAAO,MAAM,GAAG,iBAAiB,CAAC;"}

package/esm/models/access-token/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./access-token.model";
+//# sourceMappingURL=index.d.ts.map

package/esm/models/access-token/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/models/access-token/index.ts"],"names":[],"mappings":"AAAA,cAAc,sBAAsB,CAAC"}

package/esm/models/access-token/migration.d.ts

@@ -0,0 +1,2 @@
+export declare const AccessTokenMigration: any;
+//# sourceMappingURL=migration.d.ts.map

package/esm/models/access-token/migration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migration.d.ts","sourceRoot":"","sources":["../../../src/models/access-token/migration.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,oBAAoB,KA0B/B,CAAC"}

package/esm/models/access-token/migration.js

@@ -0,0 +1,22 @@
+import {migrate}from'@warlock.js/cascade';import {AccessToken}from'./access-token.model.js';const AccessTokenMigration = migrate(AccessToken, {
+    name: "accessToken",
+    up() {
+        // Create table
+        this.createTableIfNotExists();
+        // Primary key
+        this.primaryUuid();
+        // Token field
+        this.text("token").unique();
+        this.timestamp("last_access").nullable();
+        // User reference (flat columns for cross-driver compatibility)
+        this.uuid("user_id").index();
+        this.string("user_type", 50).nullable();
+        // Status (for token revocation)
+        this.boolean("is_active").nullable();
+        // Timestamps
+        this.timestamps();
+    },
+    down() {
+        this.dropTableIfExists();
+    },
+});export{AccessTokenMigration};//# sourceMappingURL=migration.js.map

package/esm/models/access-token/migration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"migration.js","sources":["../../../src/models/access-token/migration.ts"],"sourcesContent":[null],"names":[],"mappings":"4FAGa,MAAA,oBAAoB,GAAG,OAAO,CAAC,WAAW,EAAE;AACvD,IAAA,IAAI,EAAE,aAAa;IACnB,EAAE,GAAA;;QAEA,IAAI,CAAC,sBAAsB,EAAE,CAAC;;QAG9B,IAAI,CAAC,WAAW,EAAE,CAAC;;QAGnB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,QAAQ,EAAE,CAAC;;QAGzC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;;QAGxC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC;;QAGrC,IAAI,CAAC,UAAU,EAAE,CAAC;KACnB;IACD,IAAI,GAAA;QACF,IAAI,CAAC,iBAAiB,EAAE,CAAC;KAC1B;AACF,CAAA"}

package/esm/models/auth.model.d.ts

@@ -0,0 +1,58 @@
+import { type ChildModel, Model, type ModelSchema } from "@warlock.js/cascade";
+import type { AccessTokenOutput, DeviceInfo, TokenPair } from "../contracts/types";
+import type { RefreshToken } from "./refresh-token/refresh-token.model";
+export declare abstract class Auth<Schema extends ModelSchema = ModelSchema> extends Model<Schema> {
+    /**
+     * Get user type
+     */
+    abstract get userType(): string;
+    /**
+     * Get access token payload
+     */
+    accessTokenPayload(): {
+        id: any;
+        userType: string;
+        created_at: number;
+    };
+    /**
+     * Create both access and refresh tokens
+     */
+    createTokenPair(deviceInfo?: DeviceInfo): Promise<TokenPair>;
+    /**
+     * Generate access token
+     */
+    generateAccessToken(data?: any): Promise<AccessTokenOutput>;
+    /**
+     * Generate refresh token
+     */
+    generateRefreshToken(deviceInfo?: DeviceInfo): Promise<RefreshToken>;
+    /**
+     * Remove current access token
+     */
+    removeAccessToken(token: string): Promise<void>;
+    /**
+     * Remove refresh token
+     */
+    removeRefreshToken(token: string): Promise<void>;
+    /**
+     * Remove all access tokens
+     */
+    removeAllAccessTokens(): Promise<void>;
+    /**
+     * Revoke all tokens (logout from all devices)
+     */
+    revokeAllTokens(): Promise<void>;
+    /**
+     * Get active sessions
+     */
+    activeSessions(): Promise<RefreshToken[]>;
+    /**
+     * Attempt to login the user
+     */
+    static attempt(this: ChildModel<Auth>, data: any): Promise<Auth | null>;
+    /**
+     * Confirm password
+     */
+    confirmPassword(password: string): Promise<boolean>;
+}
+//# sourceMappingURL=auth.model.d.ts.map

package/esm/models/auth.model.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.model.d.ts","sourceRoot":"","sources":["../../src/models/auth.model.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,UAAU,EAAE,KAAK,EAAE,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC/E,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAEnF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AAExE,8BAAsB,IAAI,CAAC,MAAM,SAAS,WAAW,GAAG,WAAW,CAAE,SAAQ,KAAK,CAAC,MAAM,CAAC;IACxF;;OAEG;IACH,aAAoB,QAAQ,IAAI,MAAM,CAAC;IAEvC;;OAEG;IACI,kBAAkB;;;;;IAIzB;;OAEG;IACU,eAAe,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IAIzE;;OAEG;IACU,mBAAmB,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAIxE;;OAEG;IACU,oBAAoB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC;IAIjF;;OAEG;IACU,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5D;;OAEG;IACU,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI7D;;OAEG;IACU,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC;IAInD;;OAEG;IACU,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAI7C;;OAEG;IACU,cAAc,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;IAItD;;OAEG;WACiB,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAIpF;;OAEG;IACU,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAGjE"}

package/esm/models/auth.model.js

@@ -0,0 +1,68 @@
+import {Model}from'@warlock.js/cascade';import'@mongez/events';import {authService}from'../services/auth.service.js';import'@mongez/fs';import'@mongez/reinforcements';import'@warlock.js/core';import'@warlock.js/logger';import'fast-jwt';class Auth extends Model {
+    /**
+     * Get access token payload
+     */
+    accessTokenPayload() {
+        return authService.buildAccessTokenPayload(this);
+    }
+    /**
+     * Create both access and refresh tokens
+     */
+    async createTokenPair(deviceInfo) {
+        return authService.createTokenPair(this, deviceInfo);
+    }
+    /**
+     * Generate access token
+     */
+    async generateAccessToken(data) {
+        return authService.generateAccessToken(this, data);
+    }
+    /**
+     * Generate refresh token
+     */
+    async generateRefreshToken(deviceInfo) {
+        return authService.createRefreshToken(this, deviceInfo);
+    }
+    /**
+     * Remove current access token
+     */
+    async removeAccessToken(token) {
+        return authService.removeAccessToken(this, token);
+    }
+    /**
+     * Remove refresh token
+     */
+    async removeRefreshToken(token) {
+        return authService.removeRefreshToken(this, token);
+    }
+    /**
+     * Remove all access tokens
+     */
+    async removeAllAccessTokens() {
+        return authService.removeAllAccessTokens(this);
+    }
+    /**
+     * Revoke all tokens (logout from all devices)
+     */
+    async revokeAllTokens() {
+        return authService.revokeAllTokens(this);
+    }
+    /**
+     * Get active sessions
+     */
+    async activeSessions() {
+        return authService.getActiveSessions(this);
+    }
+    /**
+     * Attempt to login the user
+     */
+    static async attempt(data) {
+        return authService.attemptLogin(this, data);
+    }
+    /**
+     * Confirm password
+     */
+    async confirmPassword(password) {
+        return authService.verifyPassword(this.string("password"), password);
+    }
+}export{Auth};//# sourceMappingURL=auth.model.js.map

package/esm/models/auth.model.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.model.js","sources":["../../src/models/auth.model.ts"],"sourcesContent":[null],"names":[],"mappings":"4OAKM,MAAgB,IAA+C,SAAQ,KAAa,CAAA;AAMxF;;AAEG;IACI,kBAAkB,GAAA;AACvB,QAAA,OAAO,WAAW,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;KAClD;AAED;;AAEG;IACI,MAAM,eAAe,CAAC,UAAuB,EAAA;QAClD,OAAO,WAAW,CAAC,eAAe,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KACtD;AAED;;AAEG;IACI,MAAM,mBAAmB,CAAC,IAAU,EAAA;QACzC,OAAO,WAAW,CAAC,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;KACpD;AAED;;AAEG;IACI,MAAM,oBAAoB,CAAC,UAAuB,EAAA;QACvD,OAAO,WAAW,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KACzD;AAED;;AAEG;IACI,MAAM,iBAAiB,CAAC,KAAa,EAAA;QAC1C,OAAO,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;KACnD;AAED;;AAEG;IACI,MAAM,kBAAkB,CAAC,KAAa,EAAA;QAC3C,OAAO,WAAW,CAAC,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;KACpD;AAED;;AAEG;AACI,IAAA,MAAM,qBAAqB,GAAA;AAChC,QAAA,OAAO,WAAW,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC;KAChD;AAED;;AAEG;AACI,IAAA,MAAM,eAAe,GAAA;AAC1B,QAAA,OAAO,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;KAC1C;AAED;;AAEG;AACI,IAAA,MAAM,cAAc,GAAA;AACzB,QAAA,OAAO,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;KAC5C;AAED;;AAEG;AACI,IAAA,aAAa,OAAO,CAAyB,IAAS,EAAA;QAC3D,OAAO,WAAW,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;KAC7C;AAED;;AAEG;IACI,MAAM,eAAe,CAAC,QAAgB,EAAA;AAC3C,QAAA,OAAO,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAE,EAAE,QAAQ,CAAC,CAAC;KACvE;AACF"}

package/esm/models/index.d.ts

@@ -0,0 +1,5 @@
+export * from "./access-token";
+export * from "./auth.model";
+export * from "./refresh-token";
+export declare const authMigrations: any[];
+//# sourceMappingURL=index.d.ts.map

package/esm/models/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/models/index.ts"],"names":[],"mappings":"AAGA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,iBAAiB,CAAC;AAEhC,eAAO,MAAM,cAAc,OAAgD,CAAC"}

package/esm/models/index.js

@@ -0,0 +1 @@
+import {AccessTokenMigration}from'./access-token/migration.js';import {RefreshTokenMigration}from'./refresh-token/migration.js';export{AccessToken}from'./access-token/access-token.model.js';import'@warlock.js/cascade';import'@mongez/events';import'@mongez/reinforcements';import'@warlock.js/core';export{RefreshToken}from'./refresh-token/refresh-token.model.js';import'fast-jwt';import'@mongez/fs';import'@warlock.js/logger';const authMigrations = [AccessTokenMigration, RefreshTokenMigration];export{authMigrations};//# sourceMappingURL=index.js.map

package/esm/models/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sources":["../../src/models/index.ts"],"sourcesContent":[null],"names":[],"mappings":"+aAOa,cAAc,GAAG,CAAC,oBAAoB,EAAE,qBAAqB"}

package/esm/models/refresh-token/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./refresh-token.model";
+//# sourceMappingURL=index.d.ts.map

package/esm/models/refresh-token/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/models/refresh-token/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC"}

package/esm/models/refresh-token/migration.d.ts

@@ -0,0 +1,2 @@
+export declare const RefreshTokenMigration: any;
+//# sourceMappingURL=migration.d.ts.map

package/esm/models/refresh-token/migration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migration.d.ts","sourceRoot":"","sources":["../../../src/models/refresh-token/migration.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,qBAAqB,KAyBhC,CAAC"}

package/esm/models/refresh-token/migration.js

@@ -0,0 +1,23 @@
+import {migrate}from'@warlock.js/cascade';import {RefreshToken}from'./refresh-token.model.js';const RefreshTokenMigration = migrate(RefreshToken, {
+    name: "refreshToken",
+    up() {
+        // Create table
+        this.createTableIfNotExists();
+        // Primary key
+        this.primaryUuid();
+        // Token fields
+        this.text("token").unique();
+        this.uuid("user_id").index();
+        this.string("user_type", 50).nullable();
+        this.text("family_id").index().nullable();
+        this.timestamp("expires_at").index().nullable();
+        this.timestamp("last_used_at").nullable();
+        this.timestamp("revoked_at").nullable();
+        this.json("device_info").nullable();
+        // Timestamps
+        this.timestamps();
+    },
+    down() {
+        this.dropTableIfExists();
+    },
+});export{RefreshTokenMigration};//# sourceMappingURL=migration.js.map

package/esm/models/refresh-token/migration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"migration.js","sources":["../../../src/models/refresh-token/migration.ts"],"sourcesContent":[null],"names":[],"mappings":"8FAGa,MAAA,qBAAqB,GAAG,OAAO,CAAC,YAAY,EAAE;AACzD,IAAA,IAAI,EAAE,cAAc;IACpB,EAAE,GAAA;;QAEA,IAAI,CAAC,sBAAsB,EAAE,CAAC;;QAG9B,IAAI,CAAC,WAAW,EAAE,CAAC;;QAGnB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,CAAC;QAC1C,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,CAAC;QAChD,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC1C,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,EAAE,CAAC;;QAGpC,IAAI,CAAC,UAAU,EAAE,CAAC;KACnB;IACD,IAAI,GAAA;QACF,IAAI,CAAC,iBAAiB,EAAE,CAAC;KAC1B;AACF,CAAA"}

package/esm/models/refresh-token/refresh-token.model.d.ts

@@ -0,0 +1,32 @@
+import { Model } from "@warlock.js/cascade";
+export declare class RefreshToken extends Model {
+    /**
+     * {@inheritDoc}
+     */
+    static table: string;
+    /**
+     * {@inheritDoc}
+     */
+    static schema: any;
+    /**
+     * Check if token is expired
+     */
+    get isExpired(): boolean;
+    /**
+     * Check if token is revoked
+     */
+    get isRevoked(): boolean;
+    /**
+     * Check if token is valid (not expired and not revoked)
+     */
+    get isValid(): boolean;
+    /**
+     * Revoke this token
+     */
+    revoke(): Promise<this>;
+    /**
+     * Mark token as used (update last_used_at)
+     */
+    markAsUsed(): Promise<void>;
+}
+//# sourceMappingURL=refresh-token.model.d.ts.map

package/esm/models/refresh-token/refresh-token.model.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh-token.model.d.ts","sourceRoot":"","sources":["../../../src/models/refresh-token/refresh-token.model.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAc5C,qBAAa,YAAa,SAAQ,KAAK;IACrC;;OAEG;IACH,OAAc,KAAK,SAAoB;IAEvC;;OAEG;IACH,OAAc,MAAM,MAAsB;IAE1C;;OAEG;IACH,IAAW,SAAS,IAAI,OAAO,CAI9B;IAED;;OAEG;IACH,IAAW,SAAS,IAAI,OAAO,CAE9B;IAED;;OAEG;IACH,IAAW,OAAO,IAAI,OAAO,CAE5B;IAED;;OAEG;IACU,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAIpC;;OAEG;IACU,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAGzC"}

package/esm/models/refresh-token/refresh-token.model.js

@@ -0,0 +1,53 @@
+import {Model}from'@warlock.js/cascade';import {v}from'@warlock.js/seal';const refreshTokenSchema = v.object({
+    token: v.string().required(),
+    user_id: v.scalar().required(),
+    user_type: v.string().required(),
+    family_id: v.string().required(),
+    expires_at: v.date().required(),
+    last_used_at: v.date().default(() => new Date()),
+    revoked_at: v.date().optional(),
+    device_info: v.record(v.any()).optional(),
+});
+class RefreshToken extends Model {
+    /**
+     * {@inheritDoc}
+     */
+    static table = "refresh_tokens";
+    /**
+     * {@inheritDoc}
+     */
+    static schema = refreshTokenSchema;
+    /**
+     * Check if token is expired
+     */
+    get isExpired() {
+        const expiresAt = this.get("expires_at");
+        if (!expiresAt)
+            return false;
+        return new Date() > new Date(expiresAt);
+    }
+    /**
+     * Check if token is revoked
+     */
+    get isRevoked() {
+        return !!this.get("revoked_at");
+    }
+    /**
+     * Check if token is valid (not expired and not revoked)
+     */
+    get isValid() {
+        return !this.isExpired && !this.isRevoked;
+    }
+    /**
+     * Revoke this token
+     */
+    async revoke() {
+        return this.merge({ revoked_at: new Date() }).save();
+    }
+    /**
+     * Mark token as used (update last_used_at)
+     */
+    async markAsUsed() {
+        await this.merge({ last_used_at: new Date() }).save();
+    }
+}export{RefreshToken};//# sourceMappingURL=refresh-token.model.js.map

package/esm/models/refresh-token/refresh-token.model.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh-token.model.js","sources":["../../../src/models/refresh-token/refresh-token.model.ts"],"sourcesContent":[null],"names":[],"mappings":"yEAGA,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;AAClC,IAAA,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAC5B,IAAA,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAC9B,IAAA,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAChC,IAAA,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAChC,IAAA,UAAU,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;AAC/B,IAAA,YAAY,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC;AAChD,IAAA,UAAU,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;AAC/B,IAAA,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC1C,CAAA,CAAC,CAAC;AAEG,MAAO,YAAa,SAAQ,KAAK,CAAA;AACrC;;AAEG;AACI,IAAA,OAAO,KAAK,GAAG,gBAAgB,CAAC;AAEvC;;AAEG;AACI,IAAA,OAAO,MAAM,GAAG,kBAAkB,CAAC;AAE1C;;AAEG;AACH,IAAA,IAAW,SAAS,GAAA;QAClB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;AACzC,QAAA,IAAI,CAAC,SAAS;AAAE,YAAA,OAAO,KAAK,CAAC;QAC7B,OAAO,IAAI,IAAI,EAAE,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;KACzC;AAED;;AAEG;AACH,IAAA,IAAW,SAAS,GAAA;QAClB,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;KACjC;AAED;;AAEG;AACH,IAAA,IAAW,OAAO,GAAA;QAChB,OAAO,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;KAC3C;AAED;;AAEG;AACI,IAAA,MAAM,MAAM,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;KACtD;AAED;;AAEG;AACI,IAAA,MAAM,UAAU,GAAA;AACrB,QAAA,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,YAAY,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;KACvD;"}

package/esm/services/auth-events.d.ts

@@ -0,0 +1,85 @@
+import { type EventSubscription } from "@mongez/events";
+import type { DeviceInfo, TokenPair } from "../contracts/types";
+import type { Auth } from "../models/auth.model";
+import type { RefreshToken } from "../models/refresh-token";
+/**
+ * Auth event payload types
+ */
+export type AuthEventPayloads = {
+    "login.success": [user: Auth, tokenPair: TokenPair, deviceInfo?: DeviceInfo];
+    "login.failed": [credentials: {
+        email?: string;
+        username?: string;
+    }, reason: string];
+    "login.attempt": [credentials: {
+        email?: string;
+        username?: string;
+    }];
+    logout: [user: Auth];
+    "logout.all": [user: Auth];
+    "logout.failsafe": [user: Auth];
+    "token.created": [user: Auth, tokenPair: TokenPair];
+    "token.refreshed": [user: Auth, newTokenPair: TokenPair, oldRefreshToken: RefreshToken];
+    "token.revoked": [user: Auth, token: RefreshToken];
+    "token.expired": [token: RefreshToken];
+    "token.familyRevoked": [familyId: string, tokens: RefreshToken[]];
+    "password.changed": [user: Auth];
+    "password.resetRequested": [user: Auth, resetToken: string];
+    "password.reset": [user: Auth];
+    "session.created": [user: Auth, refreshToken: RefreshToken, deviceInfo?: DeviceInfo];
+    "session.destroyed": [user: Auth, refreshToken: RefreshToken];
+    "cleanup.completed": [expiredCount: number];
+};
+/**
+ * Auth event names
+ */
+export type AuthEventName = keyof AuthEventPayloads;
+/**
+ * Callback type for a specific event
+ */
+export type AuthEventCallback<T extends AuthEventName> = (...args: AuthEventPayloads[T]) => void | Promise<void>;
+/**
+ * Type-safe auth events manager
+ *
+ * @example
+ * ```typescript
+ * // Subscribe to events with full autocomplete
+ * authEvents.on("login.success", (user, tokenPair, deviceInfo) => {
+ *   console.log(`User ${user.id} logged in`);
+ * });
+ *
+ * authEvents.on("token.refreshed", (user, newPair, oldToken) => {
+ *   console.log(`Token refreshed for user ${user.id}`);
+ * });
+ *
+ * // Trigger events
+ * authEvents.emit("login.success", user, tokenPair, deviceInfo);
+ * ```
+ */
+export declare const authEvents: {
+    /**
+     * Subscribe to an auth event
+     */
+    on<T extends keyof AuthEventPayloads>(event: T, callback: AuthEventCallback<T>): EventSubscription;
+    /**
+     * Subscribe to an auth event (alias for `on`)
+     */
+    subscribe<T_1 extends keyof AuthEventPayloads>(event: T_1, callback: AuthEventCallback<T_1>): EventSubscription;
+    /**
+     * Emit an auth event
+     */
+    emit<T_2 extends keyof AuthEventPayloads>(event: T_2, ...args: AuthEventPayloads[T_2]): void;
+    /**
+     * Emit an auth event (alias for `emit`)
+     */
+    trigger<T_3 extends keyof AuthEventPayloads>(event: T_3, ...args: AuthEventPayloads[T_3]): void;
+    /**
+     * Unsubscribe from all auth events
+     */
+    unsubscribeAll(): void;
+    /**
+     * Unsubscribe from a specific auth event
+     */
+    off(event?: AuthEventName): void;
+};
+//# sourceMappingURL=auth-events.d.ts.map

package/esm/services/auth-events.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-events.d.ts","sourceRoot":"","sources":["../../src/services/auth-events.ts"],"names":[],"mappings":"AAAA,OAAe,EAAE,KAAK,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAChE,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAChE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAE5D;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAE9B,eAAe,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;IAC7E,cAAc,EAAE,CAAC,WAAW,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IACrF,eAAe,EAAE,CAAC,WAAW,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAGtE,MAAM,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACrB,YAAY,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC3B,iBAAiB,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAGhC,eAAe,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IACpD,iBAAiB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,CAAC,CAAC;IACxF,eAAe,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;IACnD,eAAe,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACvC,qBAAqB,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;IAGlE,kBAAkB,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACjC,yBAAyB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAC5D,gBAAgB,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAG/B,iBAAiB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;IACrF,mBAAmB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;IAG9D,mBAAmB,EAAE,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;CAC7C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC;AAEpD;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,aAAa,IAAI,CACvD,GAAG,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC,KAC1B,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAO1B;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,UAAU;IACrB;;OAEG;qFACoE,iBAAiB;IAIxF;;OAEG;kGAC2E,iBAAiB;IAI/F;;OAEG;4FACqE,IAAI;IAI5E;;OAEG;+FACwE,IAAI;IAI/E;;OAEG;sBACe,IAAI;IAItB;;OAEG;gBACS,aAAa,GAAG,IAAI;CAOjC,CAAC"}