@warlock.js/auth 4.0.48 → 4.0.58

package/cjs/commands/auth-cleanup-command.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Register the auth:cleanup CLI command
+ *
+ * @example
+ * ```bash
+ * warlock auth:cleanup
+ * ```
+ */
+export declare function registerAuthCleanupCommand(): any;
+//# sourceMappingURL=auth-cleanup-command.d.ts.map

package/cjs/commands/auth-cleanup-command.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-cleanup-command.d.ts","sourceRoot":"","sources":["../../src/commands/auth-cleanup-command.ts"],"names":[],"mappings":"AAIA;;;;;;;GAOG;AACH,wBAAgB,0BAA0B,QAqBzC"}

package/cjs/commands/auth-cleanup-command.js

@@ -0,0 +1,29 @@
+'use strict';var copper=require('@mongez/copper'),core=require('@warlock.js/core'),auth_service=require('../services/auth.service.js');/**
+ * Register the auth:cleanup CLI command
+ *
+ * @example
+ * ```bash
+ * warlock auth:cleanup
+ * ```
+ */
+function registerAuthCleanupCommand() {
+    return core.command({
+        name: "auth.cleanup",
+        description: "Remove expired refresh tokens from the database",
+        preload: {
+            env: true,
+            config: ["auth", "database"],
+            connectors: ["database"],
+        },
+        action: async () => {
+            console.log(copper.colors.cyan("🧹 Cleaning up expired tokens..."));
+            const count = await auth_service.authService.cleanupExpiredTokens();
+            if (count === 0) {
+                console.log(copper.colors.green("✅ No expired tokens found."));
+            }
+            else {
+                console.log(copper.colors.green(`✅ Removed ${count} expired token(s).`));
+            }
+        },
+    });
+}exports.registerAuthCleanupCommand=registerAuthCleanupCommand;//# sourceMappingURL=auth-cleanup-command.js.map

package/cjs/commands/auth-cleanup-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-cleanup-command.js","sources":["../../src/commands/auth-cleanup-command.ts"],"sourcesContent":[null],"names":["command","colors","authService"],"mappings":"uIAIA;;;;;;;AAOG;SACa,0BAA0B,GAAA;AACxC,IAAA,OAAOA,YAAO,CAAC;AACb,QAAA,IAAI,EAAE,cAAc;AACpB,QAAA,WAAW,EAAE,iDAAiD;AAC9D,QAAA,OAAO,EAAE;AACP,YAAA,GAAG,EAAE,IAAI;AACT,YAAA,MAAM,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC;YAC5B,UAAU,EAAE,CAAC,UAAU,CAAC;AACzB,SAAA;QACD,MAAM,EAAE,YAAW;YACjB,OAAO,CAAC,GAAG,CAACC,aAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,CAAC;AAE7D,YAAA,MAAM,KAAK,GAAG,MAAMC,wBAAW,CAAC,oBAAoB,EAAE,CAAC;YAEvD,IAAI,KAAK,KAAK,CAAC,EAAE;gBACf,OAAO,CAAC,GAAG,CAACD,aAAM,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;AACzD,aAAA;AAAM,iBAAA;AACL,gBAAA,OAAO,CAAC,GAAG,CAACA,aAAM,CAAC,KAAK,CAAC,CAAA,UAAA,EAAa,KAAK,CAAA,kBAAA,CAAoB,CAAC,CAAC,CAAC;AACnE,aAAA;SACF;AACF,KAAA,CAAC,CAAC;AACL"}

package/cjs/commands/jwt-secret-generator-command.d.ts

@@ -0,0 +1,2 @@
+export declare function registerJWTSecretGeneratorCommand(): any;
+//# sourceMappingURL=jwt-secret-generator-command.d.ts.map

package/cjs/commands/jwt-secret-generator-command.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-secret-generator-command.d.ts","sourceRoot":"","sources":["../../src/commands/jwt-secret-generator-command.ts"],"names":[],"mappings":"AAGA,wBAAgB,iCAAiC,QAMhD"}

package/cjs/commands/jwt-secret-generator-command.js

@@ -0,0 +1,7 @@
+'use strict';var core=require('@warlock.js/core'),generateJwtSecret=require('../services/generate-jwt-secret.js');function registerJWTSecretGeneratorCommand() {
+    return core.command({
+        name: "jwt.generate",
+        description: "Generate JWT Secret key in .env file",
+        action: generateJwtSecret.generateJWTSecret,
+    });
+}exports.registerJWTSecretGeneratorCommand=registerJWTSecretGeneratorCommand;//# sourceMappingURL=jwt-secret-generator-command.js.map

package/cjs/commands/jwt-secret-generator-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-secret-generator-command.js","sources":["../../src/commands/jwt-secret-generator-command.ts"],"sourcesContent":[null],"names":["command","generateJWTSecret"],"mappings":"2HAGgB,iCAAiC,GAAA;AAC/C,IAAA,OAAOA,YAAO,CAAC;AACb,QAAA,IAAI,EAAE,cAAc;AACpB,QAAA,WAAW,EAAE,sCAAsC;AACnD,QAAA,MAAM,EAAEC,mCAAiB;AAC1B,KAAA,CAAC,CAAC;AACL"}

package/cjs/contracts/auth-contract.d.ts

@@ -0,0 +1,23 @@
+export interface Authenticable {
+    /**
+     * Generate access token
+     */
+    generateAccessToken(): Promise<string>;
+    /**
+     * Generate refresh token
+     */
+    generateRefreshToken(): Promise<string>;
+    /**
+     * Change password
+     */
+    changePassword(password: string): Promise<void>;
+    /**
+     * Verify Password
+     */
+    verifyPassword(password: string): Promise<boolean>;
+    /**
+     * Get user type
+     */
+    getUserType(): string;
+}
+//# sourceMappingURL=auth-contract.d.ts.map

package/cjs/contracts/auth-contract.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-contract.d.ts","sourceRoot":"","sources":["../../src/contracts/auth-contract.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,mBAAmB,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvC;;OAEG;IACH,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAExC;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhD;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEnD;;OAEG;IACH,WAAW,IAAI,MAAM,CAAC;CACvB"}

package/cjs/contracts/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./auth-contract";
+export * from "./types";
+//# sourceMappingURL=index.d.ts.map

package/cjs/contracts/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/contracts/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,SAAS,CAAC"}

package/cjs/contracts/types.d.ts

@@ -0,0 +1,157 @@
+import { ChildModel } from "@warlock.js/cascade";
+import { type Algorithm } from "fast-jwt";
+import type { Auth } from "../models/auth";
+import type { Duration, ExpiresIn } from "../utils/duration";
+/**
+ * Symbol to indicate no expiration for tokens
+ * Use this when you explicitly want tokens to never expire
+ *
+ * @example
+ * ```typescript
+ * // src/config/auth.ts
+ * import { NO_EXPIRATION, type AuthConfigurations } from "@warlock.js/auth";
+ *
+ * const authConfigurations: AuthConfigurations = {
+ *   jwt: {
+ *     secret: env("JWT_SECRET"),
+ *     expiresIn: NO_EXPIRATION,  // Token never expires
+ *   },
+ * };
+ *
+ * export default authConfigurations;
+ * ```
+ */
+export declare const NO_EXPIRATION: unique symbol;
+/**
+ * Behavior when logout is called without a refresh token
+ * - "revoke-all": Revoke all refresh tokens for the user (secure default)
+ * - "error": Return an error requiring the refresh token
+ */
+export type LogoutWithoutTokenBehavior = "revoke-all" | "error";
+export type AuthConfigurations = {
+    /**
+     * Define all user types
+     * This is important to differentiate between user types when validating and generating tokens
+     */
+    userType: {
+        [userType: string]: ChildModel<Auth>;
+    };
+    /**
+     * JWT configurations
+     */
+    jwt: {
+        /**
+         * JWT secret key for signing access tokens
+         */
+        secret: string;
+        /**
+         * JWT algorithm
+         * @default "HS256"
+         */
+        algorithm?: Algorithm;
+        /**
+         * Access token expiration time
+         * Supports Duration object, string format, or NO_EXPIRATION
+         * @example { hours: 1 }, { days: 7, hours: 12 }, "1h", "1d 2h", NO_EXPIRATION
+         * @default { hours: 1 }
+         */
+        expiresIn?: ExpiresIn;
+        /**
+         * Refresh token configurations
+         */
+        refresh?: {
+            /**
+             * Separate secret for refresh tokens (recommended for security)
+             * If not provided, falls back to main JWT secret
+             */
+            secret?: string;
+            /**
+             * Enable refresh token
+             * @default true
+             */
+            enabled?: boolean;
+            /**
+             * Refresh token expiration time
+             * Supports Duration object or string format
+             * @example { days: 7 }, { weeks: 1 }, "7d", "1w"
+             * @default { days: 7 }
+             */
+            expiresIn?: Duration | string | number;
+            /**
+             * Enable token rotation (issue new refresh token on each use)
+             * Old refresh token is invalidated after use
+             * @default true
+             */
+            rotation?: boolean;
+            /**
+             * Maximum number of active refresh tokens per user
+             * When exceeded, oldest tokens are revoked
+             * @default 5
+             */
+            maxPerUser?: number;
+            /**
+             * Behavior when logout is called without a refresh token
+             * - "revoke-all": Revoke all tokens for security (default)
+             * - "error": Require refresh token, return error if missing
+             * @default "revoke-all"
+             */
+            logoutWithoutToken?: LogoutWithoutTokenBehavior;
+        };
+    };
+    /**
+     * Password configurations
+     */
+    password?: {
+        /**
+         * Password salt
+         * The higher the salt, the more secure the password is
+         * But, it will take more time to generate the password
+         * @default 12
+         */
+        salt?: number;
+    };
+};
+/**
+ * Token pair returned after login or token refresh
+ */
+export type TokenPair = {
+    /**
+     * JWT access token (short-lived)
+     */
+    accessToken: string;
+    /**
+     * JWT refresh token (long-lived)
+     */
+    refreshToken: string;
+    /**
+     * Access token expiration time in seconds or time string
+     */
+    expiresIn: number | string;
+};
+/**
+ * Device information for session tracking
+ */
+export type DeviceInfo = {
+    /**
+     * User agent string from request
+     */
+    userAgent?: string;
+    /**
+     * Client IP address
+     */
+    ip?: string;
+    /**
+     * Optional device identifier
+     */
+    deviceId?: string;
+    /**
+     * Token family ID (for rotation tracking)
+     * @internal
+     */
+    familyId?: string;
+    /**
+     * Access token payload
+     */
+    payload?: Record<string, any>;
+};
+//# sourceMappingURL=types.d.ts.map

package/cjs/contracts/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/contracts/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE7D;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,aAAa,eAA0B,CAAC;AAErD;;;;GAIG;AACH,MAAM,MAAM,0BAA0B,GAAG,YAAY,GAAG,OAAO,CAAC;AAEhE,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;OAGG;IACH,QAAQ,EAAE;QACR,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;KACtC,CAAC;IACF;;OAEG;IACH,GAAG,EAAE;QACH;;WAEG;QACH,MAAM,EAAE,MAAM,CAAC;QACf;;;WAGG;QACH,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB;;;;;WAKG;QACH,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB;;WAEG;QACH,OAAO,CAAC,EAAE;YACR;;;eAGG;YACH,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB;;;eAGG;YACH,OAAO,CAAC,EAAE,OAAO,CAAC;YAClB;;;;;eAKG;YACH,SAAS,CAAC,EAAE,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC;YACvC;;;;eAIG;YACH,QAAQ,CAAC,EAAE,OAAO,CAAC;YACnB;;;;eAIG;YACH,UAAU,CAAC,EAAE,MAAM,CAAC;YACpB;;;;;eAKG;YACH,kBAAkB,CAAC,EAAE,0BAA0B,CAAC;SACjD,CAAC;KACH,CAAC;IACF;;OAEG;IACH,QAAQ,CAAC,EAAE;QACT;;;;;WAKG;QACH,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG;IACtB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;OAEG;IACH,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B,CAAC"}

package/cjs/contracts/types.js

@@ -0,0 +1,20 @@
+'use strict';/**
+ * Symbol to indicate no expiration for tokens
+ * Use this when you explicitly want tokens to never expire
+ *
+ * @example
+ * ```typescript
+ * // src/config/auth.ts
+ * import { NO_EXPIRATION, type AuthConfigurations } from "@warlock.js/auth";
+ *
+ * const authConfigurations: AuthConfigurations = {
+ *   jwt: {
+ *     secret: env("JWT_SECRET"),
+ *     expiresIn: NO_EXPIRATION,  // Token never expires
+ *   },
+ * };
+ *
+ * export default authConfigurations;
+ * ```
+ */
+const NO_EXPIRATION = Symbol("NO_EXPIRATION");exports.NO_EXPIRATION=NO_EXPIRATION;//# sourceMappingURL=types.js.map

package/cjs/contracts/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sources":["../../src/contracts/types.ts"],"sourcesContent":[null],"names":[],"mappings":"aAKA;;;;;;;;;;;;;;;;;;AAkBG;MACU,aAAa,GAAG,MAAM,CAAC,eAAe"}

package/cjs/index.d.ts

@@ -0,0 +1,8 @@
+export * from "./commands/auth-cleanup-command";
+export * from "./commands/jwt-secret-generator-command";
+export * from "./contracts";
+export * from "./middleware";
+export * from "./models";
+export * from "./services";
+export * from "./utils";
+//# sourceMappingURL=index.d.ts.map

package/cjs/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iCAAiC,CAAC;AAChD,cAAc,yCAAyC,CAAC;AACxD,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,cAAc,YAAY,CAAC;AAC3B,cAAc,SAAS,CAAC"}

package/cjs/index.js

@@ -1,56 +1 @@
-'use strict';
-
-var authCleanupCommand = require('./commands/auth-cleanup-command');
-var jwtSecretGeneratorCommand = require('./commands/jwt-secret-generator-command');
-var contracts = require('./contracts');
-var middleware = require('./middleware');
-var models = require('./models');
-var services = require('./services');
-var utils = require('./utils');
-
-
-
-Object.keys(authCleanupCommand).forEach(function (k) {
-	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
-		enumerable: true,
-		get: function () { return authCleanupCommand[k]; }
-	});
-});
-Object.keys(jwtSecretGeneratorCommand).forEach(function (k) {
-	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
-		enumerable: true,
-		get: function () { return jwtSecretGeneratorCommand[k]; }
-	});
-});
-Object.keys(contracts).forEach(function (k) {
-	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
-		enumerable: true,
-		get: function () { return contracts[k]; }
-	});
-});
-Object.keys(middleware).forEach(function (k) {
-	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
-		enumerable: true,
-		get: function () { return middleware[k]; }
-	});
-});
-Object.keys(models).forEach(function (k) {
-	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
-		enumerable: true,
-		get: function () { return models[k]; }
-	});
-});
-Object.keys(services).forEach(function (k) {
-	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
-		enumerable: true,
-		get: function () { return services[k]; }
-	});
-});
-Object.keys(utils).forEach(function (k) {
-	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
-		enumerable: true,
-		get: function () { return utils[k]; }
-	});
-});
-//# sourceMappingURL=index.js.map
-//# sourceMappingURL=index.js.map
+'use strict';var authCleanupCommand=require('./commands/auth-cleanup-command.js'),jwtSecretGeneratorCommand=require('./commands/jwt-secret-generator-command.js'),types=require('./contracts/types.js'),auth_middleware=require('./middleware/auth.middleware.js'),accessToken=require('./models/access-token/access-token.js');require('./models/access-token/migration.js');var auth=require('./models/auth.js'),refreshToken=require('./models/refresh-token/refresh-token.js'),authEvents=require('./services/auth-events.js'),auth_service=require('./services/auth.service.js'),generateJwtSecret=require('./services/generate-jwt-secret.js'),jwt=require('./services/jwt.js'),authErrorCodes=require('./utils/auth-error-codes.js'),duration=require('./utils/duration.js');exports.registerAuthCleanupCommand=authCleanupCommand.registerAuthCleanupCommand;exports.registerJWTSecretGeneratorCommand=jwtSecretGeneratorCommand.registerJWTSecretGeneratorCommand;exports.NO_EXPIRATION=types.NO_EXPIRATION;exports.authMiddleware=auth_middleware.authMiddleware;exports.AccessToken=accessToken.AccessToken;exports.Auth=auth.Auth;exports.RefreshToken=refreshToken.RefreshToken;exports.authEvents=authEvents.authEvents;exports.authService=auth_service.authService;exports.generateJWTSecret=generateJwtSecret.generateJWTSecret;exports.jwt=jwt.jwt;Object.defineProperty(exports,'AuthErrorCodes',{enumerable:true,get:function(){return authErrorCodes.AuthErrorCodes}});exports.parseExpirationToMs=duration.parseExpirationToMs;exports.toJwtExpiresIn=duration.toJwtExpiresIn;//# sourceMappingURL=index.js.map

package/cjs/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"index.js","sourcesContent":[]}
+{"version":3,"file":"index.js","sources":[],"sourcesContent":[],"names":[],"mappings":""}

package/cjs/middleware/auth.middleware.d.ts

@@ -0,0 +1,2 @@
+export declare function authMiddleware(allowedUserType?: string | string[]): Middleware;
+//# sourceMappingURL=auth.middleware.d.ts.map

package/cjs/middleware/auth.middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.middleware.d.ts","sourceRoot":"","sources":["../../src/middleware/auth.middleware.ts"],"names":[],"mappings":"AAMA,wBAAgB,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,cAsFjE"}

package/cjs/middleware/auth.middleware.js

@@ -0,0 +1,72 @@
+'use strict';var core=require('@warlock.js/core'),logger=require('@warlock.js/logger'),accessToken=require('../models/access-token/access-token.js');require('../models/access-token/migration.js');var jwt=require('../services/jwt.js'),authErrorCodes=require('../utils/auth-error-codes.js');function authMiddleware(allowedUserType) {
+    const allowedTypes = !allowedUserType
+        ? []
+        : Array.isArray(allowedUserType)
+            ? allowedUserType
+            : [allowedUserType];
+    const auth = async (request, response) => {
+        try {
+            const authorizationValue = request.authorizationValue;
+            if (!allowedTypes.length && !authorizationValue)
+                return;
+            if (!authorizationValue) {
+                return response.unauthorized({
+                    error: core.t("auth.errors.missingAccessToken"),
+                    errorCode: authErrorCodes.AuthErrorCodes.MissingAccessToken,
+                });
+            }
+            // get current user jwt
+            const user = await jwt.jwt.verify(authorizationValue);
+            // store decoded access token object in request object
+            request.decodedAccessToken = user;
+            // use our own jwt verify to verify the token
+            const accessToken$1 = await accessToken.AccessToken.first({
+                token: authorizationValue,
+            });
+            if (!accessToken$1) {
+                return response.unauthorized({
+                    error: core.t("auth.errors.invalidAccessToken"),
+                    errorCode: authErrorCodes.AuthErrorCodes.InvalidAccessToken,
+                });
+            }
+            // now, we need to get an instance of user using its corresponding model
+            const userType = user.userType || accessToken$1.get("userType");
+            // check if the user type is allowed
+            if (allowedTypes.length && !allowedTypes.includes(userType)) {
+                return response.unauthorized({
+                    error: core.t("auth.errors.unauthorized"),
+                    errorCode: authErrorCodes.AuthErrorCodes.Unauthorized,
+                });
+            }
+            // get user model class
+            const UserModel = core.config.key(`auth.userType.${userType}`);
+            if (!UserModel) {
+                throw new Error(`User type ${userType} is unknown type.`);
+            }
+            // get user model instance
+            const currentUser = await UserModel.find(user.id);
+            if (!currentUser) {
+                accessToken$1.destroy();
+                return response.unauthorized({
+                    error: core.t("auth.errors.invalidAccessToken"),
+                    errorCode: authErrorCodes.AuthErrorCodes.InvalidAccessToken,
+                });
+            }
+            // update last access
+            accessToken$1.set("lastAccess", new Date());
+            await accessToken$1.save({ skipEvents: true });
+            // set current user
+            request.user = currentUser;
+        }
+        catch (err) {
+            logger.log.error("http", "auth", err);
+            // unset current user
+            request.clearCurrentUser();
+            return response.unauthorized({
+                error: core.t("auth.errors.invalidAccessToken"),
+                errorCode: authErrorCodes.AuthErrorCodes.InvalidAccessToken,
+            });
+        }
+    };
+    return auth;
+}exports.authMiddleware=authMiddleware;//# sourceMappingURL=auth.middleware.js.map

package/cjs/middleware/auth.middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.middleware.js","sources":["../../src/middleware/auth.middleware.ts"],"sourcesContent":[null],"names":["t","AuthErrorCodes","jwt","accessToken","AccessToken","config","log"],"mappings":"iSAMM,SAAU,cAAc,CAAC,eAAmC,EAAA;IAChE,MAAM,YAAY,GAAG,CAAC,eAAe;AACnC,UAAE,EAAE;AACJ,UAAE,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC;AAC9B,cAAE,eAAe;AACjB,cAAE,CAAC,eAAe,CAAC,CAAC;IAExB,MAAM,IAAI,GAAe,OAAO,OAAgB,EAAE,QAAkB,KAAI;QACtE,IAAI;AACF,YAAA,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;AAEtD,YAAA,IAAI,CAAC,YAAY,CAAC,MAAM,IAAI,CAAC,kBAAkB;gBAAE,OAAO;YAExD,IAAI,CAAC,kBAAkB,EAAE;gBACvB,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,oBAAA,KAAK,EAAEA,MAAC,CAAC,gCAAgC,CAAC;oBAC1C,SAAS,EAAEC,6BAAc,CAAC,kBAAkB;AAC7C,iBAAA,CAAC,CAAC;AACJ,aAAA;;YAGD,MAAM,IAAI,GAAG,MAAMC,OAAG,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;;AAGlD,YAAA,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;;AAElC,YAAA,MAAMC,aAAW,GAAG,MAAMC,uBAAW,CAAC,KAAK,CAAC;AAC1C,gBAAA,KAAK,EAAE,kBAAkB;AAC1B,aAAA,CAAC,CAAC;YAEH,IAAI,CAACD,aAAW,EAAE;gBAChB,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,oBAAA,KAAK,EAAEH,MAAC,CAAC,gCAAgC,CAAC;oBAC1C,SAAS,EAAEC,6BAAc,CAAC,kBAAkB;AAC7C,iBAAA,CAAC,CAAC;AACJ,aAAA;;AAGD,YAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAIE,aAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;;YAG9D,IAAI,YAAY,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBAC3D,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,oBAAA,KAAK,EAAEH,MAAC,CAAC,0BAA0B,CAAC;oBACpC,SAAS,EAAEC,6BAAc,CAAC,YAAY;AACvC,iBAAA,CAAC,CAAC;AACJ,aAAA;;YAGD,MAAM,SAAS,GAAGI,WAAM,CAAC,GAAG,CAAC,CAAiB,cAAA,EAAA,QAAQ,CAAE,CAAA,CAAC,CAAC;YAE1D,IAAI,CAAC,SAAS,EAAE;AACd,gBAAA,MAAM,IAAI,KAAK,CAAC,aAAa,QAAQ,CAAA,iBAAA,CAAmB,CAAC,CAAC;AAC3D,aAAA;;YAGD,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAElD,IAAI,CAAC,WAAW,EAAE;gBAChBF,aAAW,CAAC,OAAO,EAAE,CAAC;gBACtB,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,oBAAA,KAAK,EAAEH,MAAC,CAAC,gCAAgC,CAAC;oBAC1C,SAAS,EAAEC,6BAAc,CAAC,kBAAkB;AAC7C,iBAAA,CAAC,CAAC;AACJ,aAAA;;YAGDE,aAAW,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;YAC1C,MAAMA,aAAW,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;;AAG7C,YAAA,OAAO,CAAC,IAAI,GAAG,WAAW,CAAC;AAC5B,SAAA;AAAC,QAAA,OAAO,GAAQ,EAAE;YACjBG,UAAG,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;;YAG/B,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAE3B,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,gBAAA,KAAK,EAAEN,MAAC,CAAC,gCAAgC,CAAC;gBAC1C,SAAS,EAAEC,6BAAc,CAAC,kBAAkB;AAC7C,aAAA,CAAC,CAAC;AACJ,SAAA;AACH,KAAC,CAAC;AAEF,IAAA,OAAO,IAAI,CAAC;AACd"}

package/cjs/middleware/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./auth.middleware";
+//# sourceMappingURL=index.d.ts.map

package/cjs/middleware/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC"}

package/cjs/models/access-token/access-token.d.ts

@@ -0,0 +1,9 @@
+import { Model } from "@warlock.js/cascade";
+export declare class AccessToken extends Model {
+    /**
+     * {@inheritDoc}
+     */
+    static table: string;
+    static schema: any;
+}
+//# sourceMappingURL=access-token.d.ts.map

package/cjs/models/access-token/access-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-token.d.ts","sourceRoot":"","sources":["../../../src/models/access-token/access-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAe5C,qBAAa,WAAY,SAAQ,KAAK;IACpC;;OAEG;IACH,OAAc,KAAK,SAAkB;IAErC,OAAc,MAAM,MAAqB;CAC1C"}

package/cjs/models/access-token/access-token.js

@@ -0,0 +1,18 @@
+'use strict';var cascade=require('@warlock.js/cascade'),seal=require('@warlock.js/seal');const accessTokenSchema = seal.v.object({
+    token: seal.v.string().required(),
+    lastAccess: seal.v.date().default(() => new Date()),
+    user: seal.v
+        .object({
+        id: seal.v.number().required(),
+        userType: seal.v.string(),
+    })
+        .allowUnknown()
+        .required(),
+});
+class AccessToken extends cascade.Model {
+    /**
+     * {@inheritDoc}
+     */
+    static table = "accessTokens";
+    static schema = accessTokenSchema;
+}exports.AccessToken=AccessToken;//# sourceMappingURL=access-token.js.map

package/cjs/models/access-token/access-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-token.js","sources":["../../../src/models/access-token/access-token.ts"],"sourcesContent":[null],"names":["v","Model"],"mappings":"yFAGA,MAAM,iBAAiB,GAAGA,MAAC,CAAC,MAAM,CAAC;AACjC,IAAA,KAAK,EAAEA,MAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAC5B,IAAA,UAAU,EAAEA,MAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC;AAC9C,IAAA,IAAI,EAAEA,MAAC;AACJ,SAAA,MAAM,CAAC;AACN,QAAA,EAAE,EAAEA,MAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AACzB,QAAA,QAAQ,EAAEA,MAAC,CAAC,MAAM,EAAE;KACrB,CAAC;AACD,SAAA,YAAY,EAAE;AACd,SAAA,QAAQ,EAAE;AACd,CAAA,CAAC,CAAC;AAEG,MAAO,WAAY,SAAQC,aAAK,CAAA;AACpC;;AAEG;AACI,IAAA,OAAO,KAAK,GAAG,cAAc,CAAC;AAE9B,IAAA,OAAO,MAAM,GAAG,iBAAiB,CAAC;"}

package/cjs/models/access-token/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./access-token";
+export * from "./migration";
+//# sourceMappingURL=index.d.ts.map

package/cjs/models/access-token/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/models/access-token/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,aAAa,CAAC"}

package/cjs/models/access-token/migration.d.ts

@@ -0,0 +1,3 @@
+declare const _default: any;
+export default _default;
+//# sourceMappingURL=migration.d.ts.map

package/cjs/models/access-token/migration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migration.d.ts","sourceRoot":"","sources":["../../../src/models/access-token/migration.ts"],"names":[],"mappings":";AAGA,wBASG"}

package/cjs/models/access-token/migration.js

@@ -0,0 +1,10 @@
+'use strict';var cascade=require('@warlock.js/cascade'),accessToken=require('./access-token.js');cascade.migrate(accessToken.AccessToken, {
+    name: "accessToken",
+    up() {
+        this.string("accessToken").index();
+        this.date("lastAccess");
+    },
+    down() {
+        this.dropIndex("token");
+    },
+});//# sourceMappingURL=migration.js.map

package/cjs/models/access-token/migration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"migration.js","sources":["../../../src/models/access-token/migration.ts"],"sourcesContent":[null],"names":["migrate","AccessToken"],"mappings":"iGAGeA,eAAO,CAACC,uBAAW,EAAE;AAClC,IAAA,IAAI,EAAE,aAAa;IACnB,EAAE,GAAA;QACA,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,KAAK,EAAE,CAAC;AACnC,QAAA,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;KACzB;IACD,IAAI,GAAA;AACF,QAAA,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;KACzB;AACF,CAAA,CAAC"}

package/cjs/models/auth.d.ts

@@ -0,0 +1,54 @@
+import { type ChildModel, Model, type ModelSchema } from "@warlock.js/cascade";
+import type { DeviceInfo, TokenPair } from "../contracts/types";
+import type { RefreshToken } from "./refresh-token/refresh-token";
+export declare abstract class Auth<Schema extends ModelSchema = ModelSchema> extends Model<Schema> {
+    /**
+     * Get user type
+     */
+    abstract get userType(): string;
+    /**
+     * Get access token payload
+     */
+    accessTokenPayload(): {
+        id: any;
+        _id: any;
+        userType: string;
+        /**
+         * Generate access token
+         */
+        createdAt: number;
+    };
+    /**
+     * Create both access and refresh tokens
+     */
+    createTokenPair(deviceInfo?: DeviceInfo): Promise<TokenPair>;
+    /**
+     * Generate access token
+     */
+    generateAccessToken(data?: any): Promise<string>;
+    /**
+     * Generate refresh token
+     */
+    generateRefreshToken(deviceInfo?: DeviceInfo): Promise<RefreshToken>;
+    /**
+     * Remove current access token
+     */
+    removeAccessToken(token: string): Promise<void>;
+    /**
+     * Revoke all tokens (logout from all devices)
+     */
+    revokeAllTokens(): Promise<void>;
+    /**
+     * Get active sessions
+     */
+    activeSessions(): Promise<RefreshToken[]>;
+    /**
+     * Attempt to login the user
+     */
+    static attempt(this: ChildModel<Auth>, data: any): Promise<Auth | null>;
+    /**
+     * Confirm password
+     */
+    confirmPassword(password: string): boolean;
+}
+//# sourceMappingURL=auth.d.ts.map

package/cjs/models/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/models/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,UAAU,EAAE,KAAK,EAAE,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC/E,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAEhE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAElE,8BAAsB,IAAI,CAAC,MAAM,SAAS,WAAW,GAAG,WAAW,CAAE,SAAQ,KAAK,CAAC,MAAM,CAAC;IACxF;;OAEG;IACH,aAAoB,QAAQ,IAAI,MAAM,CAAC;IAEvC;;OAEG;IACI,kBAAkB;;;;QAWzB;;WAEG;;;IATH;;OAEG;IACU,eAAe,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IAIzE;;OAEG;IACU,mBAAmB,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAI7D;;OAEG;IACU,oBAAoB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC;IAIjF;;OAEG;IACU,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5D;;OAEG;IACU,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAI7C;;OAEG;IACU,cAAc,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;IAItD;;OAEG;WACiB,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAIpF;;OAEG;IACI,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;CAGlD"}