npm - @warlock.js/auth - Versions diffs - 4.0.42 → 4.0.47 - Mend

@warlock.js/auth 4.0.42 → 4.0.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/cjs/index.js CHANGED Viewed

@@ -1,725 +1,56 @@
 'use strict';
-var copper = require('@mongez/copper');
-var core = require('@warlock.js/core');
-var password = require('@mongez/password');
-var reinforcements = require('@mongez/reinforcements');
-var cascade = require('@warlock.js/cascade');
-var seal = require('@warlock.js/seal');
-var events = require('@mongez/events');
-var fastJwt = require('fast-jwt');
-var fs = require('@mongez/fs');
-var logger = require('@warlock.js/logger');
+var authCleanupCommand = require('./commands/auth-cleanup-command');
+var jwtSecretGeneratorCommand = require('./commands/jwt-secret-generator-command');
+var contracts = require('./contracts');
+var middleware = require('./middleware');
+var models = require('./models');
+var services = require('./services');
+var utils = require('./utils');
-function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
-var events__default = /*#__PURE__*/_interopDefault(events);
-// ../../warlock.js/auth/src/commands/auth-cleanup-command.ts
-var accessTokenSchema = seal.v.object({
-  token: seal.v.string().required(),
-  lastAccess: seal.v.date().default(() => /* @__PURE__ */ new Date()),
-  user: seal.v.object({
-    id: seal.v.number().required(),
-    userType: seal.v.string()
-  }).allowUnknown().required()
+Object.keys(authCleanupCommand).forEach(function (k) {
+	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+		enumerable: true,
+		get: function () { return authCleanupCommand[k]; }
+	});
 });
-var AccessToken = class extends cascade.Model {
-  /**
-   * {@inheritDoc}
-   */
-  static table = "accessTokens";
-  static schema = accessTokenSchema;
-};
-cascade.migrate(AccessToken, {
-  name: "accessToken",
-  up() {
-    this.string("accessToken").index();
-    this.date("lastAccess");
-  },
-  down() {
-    this.dropIndex("token");
-  }
+Object.keys(jwtSecretGeneratorCommand).forEach(function (k) {
+	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+		enumerable: true,
+		get: function () { return jwtSecretGeneratorCommand[k]; }
+	});
 });
-var refreshTokenSchema = seal.v.object({
-  token: seal.v.string().required(),
-  userId: seal.v.number().required(),
-  userType: seal.v.string().required(),
-  familyId: seal.v.string().required(),
-  expiresAt: seal.v.date().required(),
-  lastUsedAt: seal.v.date().default(() => /* @__PURE__ */ new Date()),
-  revokedAt: seal.v.date(),
-  deviceInfo: seal.v.record(seal.v.any())
+Object.keys(contracts).forEach(function (k) {
+	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+		enumerable: true,
+		get: function () { return contracts[k]; }
+	});
+});
+Object.keys(middleware).forEach(function (k) {
+	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+		enumerable: true,
+		get: function () { return middleware[k]; }
+	});
+});
+Object.keys(models).forEach(function (k) {
+	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+		enumerable: true,
+		get: function () { return models[k]; }
+	});
+});
+Object.keys(services).forEach(function (k) {
+	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+		enumerable: true,
+		get: function () { return services[k]; }
+	});
+});
+Object.keys(utils).forEach(function (k) {
+	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+		enumerable: true,
+		get: function () { return utils[k]; }
+	});
 });
-var RefreshToken = class extends cascade.Model {
-  /**
-   * {@inheritDoc}
-   */
-  static table = "refreshTokens";
-  /**
-   * {@inheritDoc}
-   */
-  static schema = refreshTokenSchema;
-  /**
-   * Check if token is expired
-   */
-  get isExpired() {
-    const expiresAt = this.get("expiresAt");
-    if (!expiresAt) return false;
-    return /* @__PURE__ */ new Date() > new Date(expiresAt);
-  }
-  /**
-   * Check if token is revoked
-   */
-  get isRevoked() {
-    return !!this.get("revokedAt");
-  }
-  /**
-   * Check if token is valid (not expired and not revoked)
-   */
-  get isValid() {
-    return !this.isExpired && !this.isRevoked;
-  }
-  /**
-   * Revoke this token
-   */
-  async revoke() {
-    return this.merge({ revokedAt: /* @__PURE__ */ new Date() }).save();
-  }
-  /**
-   * Mark token as used (update lastUsedAt)
-   */
-  async markAsUsed() {
-    await this.merge({ lastUsedAt: /* @__PURE__ */ new Date() }).save();
-  }
-};
-// ../../warlock.js/auth/src/contracts/types.ts
-var NO_EXPIRATION = /* @__PURE__ */ Symbol("NO_EXPIRATION");
-// ../../warlock.js/auth/src/utils/duration.ts
-function parseExpirationToMs(expiration, defaultMs = 36e5) {
-  if (expiration === void 0) {
-    return defaultMs;
-  }
-  if (expiration === NO_EXPIRATION) {
-    return void 0;
-  }
-  if (typeof expiration === "number") {
-    return expiration;
-  }
-  if (typeof expiration === "string") {
-    return parseStringDuration(expiration);
-  }
-  return parseDurationObject(expiration);
-}
-function parseDurationObject(duration) {
-  let ms = 0;
-  if (duration.milliseconds) ms += duration.milliseconds;
-  if (duration.seconds) ms += duration.seconds * 1e3;
-  if (duration.minutes) ms += duration.minutes * 60 * 1e3;
-  if (duration.hours) ms += duration.hours * 60 * 60 * 1e3;
-  if (duration.days) ms += duration.days * 24 * 60 * 60 * 1e3;
-  if (duration.weeks) ms += duration.weeks * 7 * 24 * 60 * 60 * 1e3;
-  return ms;
-}
-function parseStringDuration(str) {
-  let totalMs = 0;
-  const parts = str.trim().split(/\s+/);
-  for (const part of parts) {
-    const match = part.match(/^(\d+(?:\.\d+)?)([smhdw])$/i);
-    if (!match) continue;
-    const value = parseFloat(match[1]);
-    const unit = match[2].toLowerCase();
-    switch (unit) {
-      case "s":
-        totalMs += value * 1e3;
-        break;
-      case "m":
-        totalMs += value * 60 * 1e3;
-        break;
-      case "h":
-        totalMs += value * 60 * 60 * 1e3;
-        break;
-      case "d":
-        totalMs += value * 24 * 60 * 60 * 1e3;
-        break;
-      case "w":
-        totalMs += value * 7 * 24 * 60 * 60 * 1e3;
-        break;
-    }
-  }
-  return totalMs || 36e5;
-}
-function toJwtExpiresIn(expiration, defaultMs = 36e5) {
-  const ms = parseExpirationToMs(expiration, defaultMs);
-  if (ms === void 0) return void 0;
-  return Math.floor(ms / 1e3) + "s";
-}
-var AUTH_EVENT_PREFIX = "auth.";
-var authEvents = {
-  /**
-   * Subscribe to an auth event
-   */
-  on(event, callback) {
-    return events__default.default.subscribe(AUTH_EVENT_PREFIX + event, callback);
-  },
-  /**
-   * Subscribe to an auth event (alias for `on`)
-   */
-  subscribe(event, callback) {
-    return this.on(event, callback);
-  },
-  /**
-   * Emit an auth event
-   */
-  emit(event, ...args) {
-    events__default.default.trigger(AUTH_EVENT_PREFIX + event, ...args);
-  },
-  /**
-   * Emit an auth event (alias for `emit`)
-   */
-  trigger(event, ...args) {
-    this.emit(event, ...args);
-  },
-  /**
-   * Unsubscribe from all auth events
-   */
-  unsubscribeAll() {
-    events__default.default.unsubscribeNamespace(AUTH_EVENT_PREFIX.slice(0, -1));
-  },
-  /**
-   * Unsubscribe from a specific auth event
-   */
-  off(event) {
-    if (event) {
-      events__default.default.unsubscribe(AUTH_EVENT_PREFIX + event);
-    } else {
-      this.unsubscribeAll();
-    }
-  }
-};
-var getSecretKey = () => core.config.key("auth.jwt.secret");
-var getAlgorithm = () => core.config.key("auth.jwt.algorithm");
-var getRefreshSecretKey = () => core.config.key("auth.jwt.refresh.secret");
-var getRefreshTokenValidity = () => core.config.key("auth.jwt.refresh.expiresIn");
-var jwt = {
-  /**
-   * Generate a new JWT token for the user.
-   * @param payload The payload to encode in the JWT token.
-   */
-  async generate(payload, {
-    key = getSecretKey(),
-    algorithm = getAlgorithm(),
-    ...options
-  } = {}) {
-    const sign = fastJwt.createSigner({ key, ...options, algorithm });
-    return sign({ ...payload });
-  },
-  /**
-   * Verify the given token.
-   * @param token The JWT token to verify.
-   * @returns The decoded token payload if verification is successful.
-   */
-  async verify(token, {
-    key = getSecretKey(),
-    algorithms = getAlgorithm() ? [getAlgorithm()] : void 0,
-    ...options
-  } = {}) {
-    const verify2 = fastJwt.createVerifier({ key, ...options, algorithms });
-    return await verify2(token);
-  },
-  /**
-   * Generate a new refresh token for the user.
-   */
-  async generateRefreshToken(payload, {
-    key = getRefreshSecretKey(),
-    expiresIn = getRefreshTokenValidity(),
-    algorithm = getAlgorithm(),
-    ...options
-  } = {}) {
-    const sign = fastJwt.createSigner({ key, expiresIn, algorithm, ...options });
-    return sign({ ...payload });
-  },
-  /**
-   * Verify the given refresh token.
-   */
-  async verifyRefreshToken(token, {
-    key = getRefreshSecretKey(),
-    algorithms = [getAlgorithm()],
-    ...options
-  } = {}) {
-    const verify2 = fastJwt.createVerifier({ key, algorithms, ...options });
-    return await verify2(token);
-  }
-};
-// ../../warlock.js/auth/src/services/auth.service.ts
-var AuthService = class {
-  /**
-   * Build access token payload from user
-   */
-  buildAccessTokenPayload(user) {
-    return {
-      id: user.id,
-      _id: user.get("_id"),
-      userType: user.userType,
-      createdAt: Date.now()
-    };
-  }
-  /**
-   * Generate access token for user
-   */
-  async generateAccessToken(user, payload) {
-    const data = payload || this.buildAccessTokenPayload(user);
-    const expiresInConfig = core.config.key("auth.jwt.expiresIn");
-    const expiresIn = toJwtExpiresIn(expiresInConfig, 36e5);
-    const token = expiresIn ? await jwt.generate(data, { expiresIn }) : await jwt.generate(data);
-    await AccessToken.create({
-      token,
-      user: data
-    });
-    return token;
-  }
-  /**
-   * Create refresh token for user
-   */
-  async createRefreshToken(user, deviceInfo) {
-    const familyId = deviceInfo?.familyId || reinforcements.Random.string(32);
-    const expiresInConfig = core.config.key("auth.jwt.refresh.expiresIn");
-    const expiresInMs = parseExpirationToMs(expiresInConfig, 7 * 24 * 60 * 60 * 1e3);
-    const payload = {
-      userId: user.id,
-      userType: user.userType,
-      familyId
-    };
-    const token = await jwt.generateRefreshToken(payload);
-    await this.enforceMaxRefreshTokens(user);
-    const expiresAt = expiresInMs ? new Date(Date.now() + expiresInMs) : new Date(Date.now() + 100 * 365 * 24 * 60 * 60 * 1e3);
-    return RefreshToken.create({
-      token,
-      userId: user.id,
-      userType: user.userType,
-      familyId,
-      expiresAt,
-      deviceInfo: deviceInfo ? {
-        userAgent: deviceInfo.userAgent,
-        ip: deviceInfo.ip,
-        deviceId: deviceInfo.deviceId
-      } : void 0
-    });
-  }
-  /**
-   * Create both access and refresh tokens
-   */
-  async createTokenPair(user, deviceInfo) {
-    const accessToken = await this.generateAccessToken(user, deviceInfo?.payload);
-    const refreshToken = await this.createRefreshToken(user, deviceInfo);
-    const tokenPair = {
-      accessToken,
-      refreshToken: refreshToken.get("token"),
-      expiresIn: core.config.key("auth.jwt.expiresIn", "1h")
-    };
-    authEvents.emit("token.created", user, tokenPair);
-    authEvents.emit("session.created", user, refreshToken, deviceInfo);
-    return tokenPair;
-  }
-  /**
-   * Refresh tokens using a refresh token
-   */
-  async refreshTokens(refreshTokenString, deviceInfo) {
-    try {
-      const decoded = await jwt.verifyRefreshToken(refreshTokenString);
-      if (!decoded) return null;
-      const refreshToken = await RefreshToken.first({ token: refreshTokenString });
-      if (!refreshToken?.isValid) {
-        if (refreshToken) {
-          await this.revokeTokenFamily(refreshToken.get("familyId"));
-        }
-        return null;
-      }
-      const UserModel = core.config.key(`auth.userType.${decoded.userType}`);
-      if (!UserModel) return null;
-      const user = await UserModel.find(decoded.userId);
-      if (!user) return null;
-      const rotationEnabled = core.config.key("auth.jwt.refresh.rotation", true);
-      if (rotationEnabled) {
-        await refreshToken.revoke();
-      } else {
-        await refreshToken.markAsUsed();
-      }
-      const newTokenPair = await this.createTokenPair(user, {
-        ...deviceInfo,
-        familyId: refreshToken.get("familyId")
-      });
-      authEvents.emit("token.refreshed", user, newTokenPair, refreshToken);
-      return newTokenPair;
-    } catch {
-      return null;
-    }
-  }
-  /**
-   * Verify password
-   */
-  verifyPassword(hashedPassword, plainPassword) {
-    return password.verify(String(hashedPassword), String(plainPassword));
-  }
-  /**
-   * Hash password
-   */
-  hashPassword(password$1) {
-    return password.hash(String(password$1), core.config.key("auth.password.salt", 12));
-  }
-  /**
-   * Attempt to login user with given credentials
-   */
-  async attemptLogin(Model4, data) {
-    const { password, ...otherData } = data;
-    authEvents.emit("login.attempt", otherData);
-    const user = await Model4.first(otherData);
-    if (!user) {
-      authEvents.emit("login.failed", otherData, "User not found");
-      return null;
-    }
-    if (!this.verifyPassword(user.string("password"), password)) {
-      authEvents.emit("login.failed", otherData, "Invalid password");
-      return null;
-    }
-    return user;
-  }
-  /**
-   * Full login flow: validate credentials, create tokens, emit events
-   * Returns token pair on success, null on failure
-   */
-  async login(Model4, credentials, deviceInfo) {
-    const user = await this.attemptLogin(Model4, credentials);
-    if (!user) {
-      return null;
-    }
-    if (!core.config.key("auth.jwt.refresh.enabled", true)) {
-      const accessToken = await this.generateAccessToken(user, deviceInfo?.payload);
-      return { user, accessToken };
-    }
-    const tokens = await this.createTokenPair(user, deviceInfo);
-    authEvents.emit("login.success", user, tokens, deviceInfo);
-    return { user, tokens };
-  }
-  /**
-   * Logout user
-   * @param user - The authenticated user
-   * @param accessToken - Optional access token string to revoke
-   * @param refreshToken - Optional refresh token string to revoke
-   * If refresh token is not provided, behavior is determined by config:
-   * - "revoke-all" (default): Revoke ALL refresh tokens for security
-   * - "error": Throw error requiring refresh token
-   */
-  async logout(user, accessToken, refreshToken) {
-    if (accessToken) {
-      await this.removeAccessToken(user, accessToken);
-    }
-    if (refreshToken) {
-      const token = await RefreshToken.first({
-        token: refreshToken,
-        userId: user.id
-        // Security: ensure token belongs to this user
-      });
-      if (token) {
-        await token.revoke();
-        authEvents.emit("session.destroyed", user, token);
-      }
-    } else {
-      const behavior = core.config.key("auth.jwt.refresh.logoutWithoutToken", "revoke-all");
-      if (behavior === "error") {
-        throw new Error("Refresh token required for logout");
-      }
-      await this.revokeAllTokens(user);
-      authEvents.emit("logout.failsafe", user);
-    }
-    authEvents.emit("logout", user);
-  }
-  /**
-   * Remove specific access token
-   */
-  async removeAccessToken(user, token) {
-    AccessToken.delete({
-      token,
-      "user.id": user.id
-    });
-  }
-  /**
-   * Revoke all tokens for a user
-   */
-  async revokeAllTokens(user) {
-    const refreshTokens = await RefreshToken.query().where("userId", user.id).where("userType", user.userType).where("revokedAt", null).get();
-    for (const token of refreshTokens) {
-      await token.revoke();
-      authEvents.emit("token.revoked", user, token);
-    }
-    await AccessToken.delete({
-      "user.id": user.id,
-      "user.userType": user.userType
-    });
-    authEvents.emit("logout.all", user);
-  }
-  /**
-   * Revoke entire token family (for rotation breach detection)
-   */
-  async revokeTokenFamily(familyId) {
-    const tokens = await RefreshToken.query().where("familyId", familyId).where("revokedAt", null).get();
-    for (const token of tokens) {
-      await token.revoke();
-    }
-    authEvents.emit("token.familyRevoked", familyId, tokens);
-  }
-  /**
-   * Cleanup expired tokens
-   */
-  async cleanupExpiredTokens() {
-    const expiredTokens = await RefreshToken.query().where("expiresAt", "<", /* @__PURE__ */ new Date()).get();
-    for (const token of expiredTokens) {
-      authEvents.emit("token.expired", token);
-      await token.destroy();
-    }
-    authEvents.emit("cleanup.completed", expiredTokens.length);
-    return expiredTokens.length;
-  }
-  /**
-   * Enforce max refresh tokens per user
-   */
-  async enforceMaxRefreshTokens(user) {
-    const maxPerUser = core.config.key("auth.jwt.refresh.maxPerUser", 5);
-    const activeTokens = await RefreshToken.query().where("userId", user.id).where("userType", user.userType).where("revokedAt", null).orderBy("createdAt", "asc").get();
-    if (activeTokens.length >= maxPerUser) {
-      const tokensToRevoke = activeTokens.slice(0, activeTokens.length - maxPerUser + 1);
-      for (const token of tokensToRevoke) {
-        await token.revoke();
-      }
-    }
-  }
-  /**
-   * Get active sessions for user
-   */
-  async getActiveSessions(user) {
-    return RefreshToken.query().where("userId", user.id).where("userType", user.userType).where("revokedAt", null).where("expiresAt", ">", /* @__PURE__ */ new Date()).orderBy("createdAt", "desc").get();
-  }
-};
-var authService = new AuthService();
-// ../../warlock.js/auth/src/commands/auth-cleanup-command.ts
-function registerAuthCleanupCommand() {
-  return core.command({
-    name: "auth.cleanup",
-    description: "Remove expired refresh tokens from the database",
-    preload: {
-      env: true,
-      config: ["auth", "database"],
-      connectors: ["database"]
-    },
-    action: async () => {
-      console.log(copper.colors.cyan("\u{1F9F9} Cleaning up expired tokens..."));
-      const count = await authService.cleanupExpiredTokens();
-      if (count === 0) {
-        console.log(copper.colors.green("\u2705 No expired tokens found."));
-      } else {
-        console.log(copper.colors.green(`\u2705 Removed ${count} expired token(s).`));
-      }
-    }
-  });
-}
-async function generateJWTSecret() {
-  let envFile = core.rootPath(".env");
-  logger.log.info("jwt", "generating", "Generating JWT secrets");
-  const environmentMode = core.environment();
-  if (!await fs.fileExistsAsync(envFile)) {
-    const envFileType = environmentMode === "production" ? ".env.production" : ".env.development";
-    envFile = core.rootPath(envFileType);
-  }
-  if (!await fs.fileExistsAsync(envFile)) {
-    logger.log.error("jwt", "error", ".env file not found");
-    return;
-  }
-  let contents = await fs.getFileAsync(envFile);
-  const hasJwtSecret = contents.includes("JWT_SECRET");
-  const hasJwtRefreshSecret = contents.includes("JWT_REFRESH_SECRET");
-  if (hasJwtSecret && hasJwtRefreshSecret) {
-    logger.log.warn("jwt", "exists", "JWT secrets already exist in the .env file.");
-    return;
-  }
-  let secretsToAdd = "";
-  if (!hasJwtSecret) {
-    const jwtSecret = reinforcements.Random.string(32);
-    secretsToAdd += `
-# JWT Secret
-JWT_SECRET=${jwtSecret}
-`;
-    logger.log.success("jwt", "generated", "JWT_SECRET generated and added to the .env file.");
-  } else {
-    logger.log.info("jwt", "exists", "JWT_SECRET already exists in the .env file.");
-  }
-  if (!hasJwtRefreshSecret) {
-    const jwtRefreshSecret = reinforcements.Random.string(32);
-    secretsToAdd += `
-# JWT Refresh Secret
-JWT_REFRESH_SECRET=${jwtRefreshSecret}
-`;
-    logger.log.success("jwt", "generated", "JWT_REFRESH_SECRET generated and added to the .env file.");
-  } else {
-    logger.log.info("jwt", "exists", "JWT_REFRESH_SECRET already exists in the .env file.");
-  }
-  if (secretsToAdd) {
-    contents += secretsToAdd;
-    await fs.putFileAsync(envFile, contents);
-  }
-}
-// ../../warlock.js/auth/src/commands/jwt-secret-generator-command.ts
-function registerJWTSecretGeneratorCommand() {
-  return core.command({
-    name: "jwt.generate",
-    description: "Generate JWT Secret key in .env file",
-    action: generateJWTSecret
-  });
-}
-// ../../warlock.js/auth/src/utils/auth-error-codes.ts
-var AuthErrorCodes = /* @__PURE__ */ ((AuthErrorCodes2) => {
-  AuthErrorCodes2["MissingAccessToken"] = "EC001";
-  AuthErrorCodes2["InvalidAccessToken"] = "EC002";
-  AuthErrorCodes2["Unauthorized"] = "EC003";
-  return AuthErrorCodes2;
-})(AuthErrorCodes || {});
-// ../../warlock.js/auth/src/middleware/auth.middleware.ts
-function authMiddleware(allowedUserType) {
-  const allowedTypes = !allowedUserType ? [] : Array.isArray(allowedUserType) ? allowedUserType : [allowedUserType];
-  const auth = async (request, response) => {
-    try {
-      const authorizationValue = request.authorizationValue;
-      if (!allowedTypes.length && !authorizationValue) return;
-      if (!authorizationValue) {
-        return response.unauthorized({
-          error: core.t("auth.errors.missingAccessToken"),
-          errorCode: "EC001" /* MissingAccessToken */
-        });
-      }
-      const user = await jwt.verify(authorizationValue);
-      request.decodedAccessToken = user;
-      const accessToken = await AccessToken.first({
-        token: authorizationValue
-      });
-      if (!accessToken) {
-        return response.unauthorized({
-          error: core.t("auth.errors.invalidAccessToken"),
-          errorCode: "EC002" /* InvalidAccessToken */
-        });
-      }
-      const userType = user.userType || accessToken.get("userType");
-      if (allowedTypes.length && !allowedTypes.includes(userType)) {
-        return response.unauthorized({
-          error: core.t("auth.errors.unauthorized"),
-          errorCode: "EC003" /* Unauthorized */
-        });
-      }
-      const UserModel = core.config.key(`auth.userType.${userType}`);
-      if (!UserModel) {
-        throw new Error(`User type ${userType} is unknown type.`);
-      }
-      const currentUser = await UserModel.find(user.id);
-      if (!currentUser) {
-        accessToken.destroy();
-        return response.unauthorized({
-          error: core.t("auth.errors.invalidAccessToken"),
-          errorCode: "EC002" /* InvalidAccessToken */
-        });
-      }
-      accessToken.set("lastAccess", /* @__PURE__ */ new Date());
-      await accessToken.save({ skipEvents: true });
-      request.user = currentUser;
-    } catch (err) {
-      logger.log.error("http", "auth", err);
-      request.clearCurrentUser();
-      return response.unauthorized({
-        error: core.t("auth.errors.invalidAccessToken"),
-        errorCode: "EC002" /* InvalidAccessToken */
-      });
-    }
-  };
-  return auth;
-}
-var Auth = class extends cascade.Model {
-  /**
-   * Get access token payload
-   */
-  accessTokenPayload() {
-    return authService.buildAccessTokenPayload(this);
-  }
-  /**
-   * Create both access and refresh tokens
-   */
-  async createTokenPair(deviceInfo) {
-    return authService.createTokenPair(this, deviceInfo);
-  }
-  /**
-   * Generate access token
-   */
-  async generateAccessToken(data) {
-    return authService.generateAccessToken(this, data);
-  }
-  /**
-   * Generate refresh token
-   */
-  async generateRefreshToken(deviceInfo) {
-    return authService.createRefreshToken(this, deviceInfo);
-  }
-  /**
-   * Remove current access token
-   */
-  async removeAccessToken(token) {
-    return authService.removeAccessToken(this, token);
-  }
-  /**
-   * Revoke all tokens (logout from all devices)
-   */
-  async revokeAllTokens() {
-    return authService.revokeAllTokens(this);
-  }
-  /**
-   * Get active sessions
-   */
-  async activeSessions() {
-    return authService.getActiveSessions(this);
-  }
-  /**
-   * Attempt to login the user
-   */
-  static async attempt(data) {
-    return authService.attemptLogin(this, data);
-  }
-  /**
-   * Confirm password
-   */
-  confirmPassword(password) {
-    return authService.verifyPassword(this.string("password"), password);
-  }
-};
-function castPassword(value, column, model) {
-  return value ? password.hash(String(value), core.config.key("auth.password.salt", 12)) : model.getInitial(column);
-}
-exports.AccessToken = AccessToken;
-exports.Auth = Auth;
-exports.AuthErrorCodes = AuthErrorCodes;
-exports.NO_EXPIRATION = NO_EXPIRATION;
-exports.RefreshToken = RefreshToken;
-exports.authEvents = authEvents;
-exports.authMiddleware = authMiddleware;
-exports.authService = authService;
-exports.castPassword = castPassword;
-exports.generateJWTSecret = generateJWTSecret;
-exports.jwt = jwt;
-exports.parseExpirationToMs = parseExpirationToMs;
-exports.registerAuthCleanupCommand = registerAuthCleanupCommand;
-exports.registerJWTSecretGeneratorCommand = registerJWTSecretGeneratorCommand;
-exports.toJwtExpiresIn = toJwtExpiresIn;
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map