@warlock.js/auth 4.0.48 → 4.0.58

package/cjs/models/auth.js

@@ -0,0 +1,56 @@
+'use strict';var cascade=require('@warlock.js/cascade');require('@mongez/events');var auth_service=require('../services/auth.service.js');require('@mongez/fs'),require('@mongez/reinforcements'),require('@warlock.js/core'),require('@warlock.js/logger'),require('fast-jwt');class Auth extends cascade.Model {
+    /**
+     * Get access token payload
+     */
+    accessTokenPayload() {
+        return auth_service.authService.buildAccessTokenPayload(this);
+    }
+    /**
+     * Create both access and refresh tokens
+     */
+    async createTokenPair(deviceInfo) {
+        return auth_service.authService.createTokenPair(this, deviceInfo);
+    }
+    /**
+     * Generate access token
+     */
+    async generateAccessToken(data) {
+        return auth_service.authService.generateAccessToken(this, data);
+    }
+    /**
+     * Generate refresh token
+     */
+    async generateRefreshToken(deviceInfo) {
+        return auth_service.authService.createRefreshToken(this, deviceInfo);
+    }
+    /**
+     * Remove current access token
+     */
+    async removeAccessToken(token) {
+        return auth_service.authService.removeAccessToken(this, token);
+    }
+    /**
+     * Revoke all tokens (logout from all devices)
+     */
+    async revokeAllTokens() {
+        return auth_service.authService.revokeAllTokens(this);
+    }
+    /**
+     * Get active sessions
+     */
+    async activeSessions() {
+        return auth_service.authService.getActiveSessions(this);
+    }
+    /**
+     * Attempt to login the user
+     */
+    static async attempt(data) {
+        return auth_service.authService.attemptLogin(this, data);
+    }
+    /**
+     * Confirm password
+     */
+    confirmPassword(password) {
+        return auth_service.authService.verifyPassword(this.string("password"), password);
+    }
+}exports.Auth=Auth;//# sourceMappingURL=auth.js.map

package/cjs/models/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sources":["../../src/models/auth.ts"],"sourcesContent":[null],"names":["Model","authService"],"mappings":"gRAKM,MAAgB,IAA+C,SAAQA,aAAa,CAAA;AAMxF;;AAEG;IACI,kBAAkB,GAAA;AACvB,QAAA,OAAOC,wBAAW,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;KAClD;AAED;;AAEG;IACI,MAAM,eAAe,CAAC,UAAuB,EAAA;QAClD,OAAOA,wBAAW,CAAC,eAAe,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KACtD;AAED;;AAEG;IACI,MAAM,mBAAmB,CAAC,IAAU,EAAA;QACzC,OAAOA,wBAAW,CAAC,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;KACpD;AAED;;AAEG;IACI,MAAM,oBAAoB,CAAC,UAAuB,EAAA;QACvD,OAAOA,wBAAW,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KACzD;AAED;;AAEG;IACI,MAAM,iBAAiB,CAAC,KAAa,EAAA;QAC1C,OAAOA,wBAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;KACnD;AAED;;AAEG;AACI,IAAA,MAAM,eAAe,GAAA;AAC1B,QAAA,OAAOA,wBAAW,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;KAC1C;AAED;;AAEG;AACI,IAAA,MAAM,cAAc,GAAA;AACzB,QAAA,OAAOA,wBAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;KAC5C;AAED;;AAEG;AACI,IAAA,aAAa,OAAO,CAAyB,IAAS,EAAA;QAC3D,OAAOA,wBAAW,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;KAC7C;AAED;;AAEG;AACI,IAAA,eAAe,CAAC,QAAgB,EAAA;AACrC,QAAA,OAAOA,wBAAW,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAE,EAAE,QAAQ,CAAC,CAAC;KACvE;AACF"}

package/cjs/models/casts/cast-password.d.ts

@@ -0,0 +1,7 @@
+import type { Model } from "@warlock.js/cascade";
+/**
+ * Cast password on model save
+ * If the password is not changed, keep it as is
+ */
+export declare function castPassword(value: any, column: string, model: Model): any;
+//# sourceMappingURL=cast-password.d.ts.map

package/cjs/models/casts/cast-password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cast-password.d.ts","sourceRoot":"","sources":["../../../src/models/casts/cast-password.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAGjD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,OAIpE"}

package/cjs/models/casts/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./cast-password";
+//# sourceMappingURL=index.d.ts.map

package/cjs/models/casts/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/models/casts/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC"}

package/cjs/models/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./access-token";
+export * from "./auth";
+export * from "./refresh-token";
+//# sourceMappingURL=index.d.ts.map

package/cjs/models/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/models/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,QAAQ,CAAC;AACvB,cAAc,iBAAiB,CAAC"}

package/cjs/models/refresh-token/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./refresh-token";
+//# sourceMappingURL=index.d.ts.map

package/cjs/models/refresh-token/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/models/refresh-token/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC"}

package/cjs/models/refresh-token/migration.d.ts

@@ -0,0 +1,3 @@
+declare const _default: any;
+export default _default;
+//# sourceMappingURL=migration.d.ts.map

package/cjs/models/refresh-token/migration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migration.d.ts","sourceRoot":"","sources":["../../../src/models/refresh-token/migration.ts"],"names":[],"mappings":";AAGA,wBAcG"}

package/cjs/models/refresh-token/refresh-token.d.ts

@@ -0,0 +1,32 @@
+import { Model } from "@warlock.js/cascade";
+export declare class RefreshToken extends Model {
+    /**
+     * {@inheritDoc}
+     */
+    static table: string;
+    /**
+     * {@inheritDoc}
+     */
+    static schema: any;
+    /**
+     * Check if token is expired
+     */
+    get isExpired(): boolean;
+    /**
+     * Check if token is revoked
+     */
+    get isRevoked(): boolean;
+    /**
+     * Check if token is valid (not expired and not revoked)
+     */
+    get isValid(): boolean;
+    /**
+     * Revoke this token
+     */
+    revoke(): Promise<this>;
+    /**
+     * Mark token as used (update lastUsedAt)
+     */
+    markAsUsed(): Promise<void>;
+}
+//# sourceMappingURL=refresh-token.d.ts.map

package/cjs/models/refresh-token/refresh-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh-token.d.ts","sourceRoot":"","sources":["../../../src/models/refresh-token/refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAc5C,qBAAa,YAAa,SAAQ,KAAK;IACrC;;OAEG;IACH,OAAc,KAAK,SAAmB;IAEtC;;OAEG;IACH,OAAc,MAAM,MAAsB;IAE1C;;OAEG;IACH,IAAW,SAAS,IAAI,OAAO,CAI9B;IAED;;OAEG;IACH,IAAW,SAAS,IAAI,OAAO,CAE9B;IAED;;OAEG;IACH,IAAW,OAAO,IAAI,OAAO,CAE5B;IAED;;OAEG;IACU,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAIpC;;OAEG;IACU,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAGzC"}

package/cjs/models/refresh-token/refresh-token.js

@@ -0,0 +1,53 @@
+'use strict';var cascade=require('@warlock.js/cascade'),seal=require('@warlock.js/seal');const refreshTokenSchema = seal.v.object({
+    token: seal.v.string().required(),
+    userId: seal.v.number().required(),
+    userType: seal.v.string().required(),
+    familyId: seal.v.string().required(),
+    expiresAt: seal.v.date().required(),
+    lastUsedAt: seal.v.date().default(() => new Date()),
+    revokedAt: seal.v.date(),
+    deviceInfo: seal.v.record(seal.v.any()),
+});
+class RefreshToken extends cascade.Model {
+    /**
+     * {@inheritDoc}
+     */
+    static table = "refreshTokens";
+    /**
+     * {@inheritDoc}
+     */
+    static schema = refreshTokenSchema;
+    /**
+     * Check if token is expired
+     */
+    get isExpired() {
+        const expiresAt = this.get("expiresAt");
+        if (!expiresAt)
+            return false;
+        return new Date() > new Date(expiresAt);
+    }
+    /**
+     * Check if token is revoked
+     */
+    get isRevoked() {
+        return !!this.get("revokedAt");
+    }
+    /**
+     * Check if token is valid (not expired and not revoked)
+     */
+    get isValid() {
+        return !this.isExpired && !this.isRevoked;
+    }
+    /**
+     * Revoke this token
+     */
+    async revoke() {
+        return this.merge({ revokedAt: new Date() }).save();
+    }
+    /**
+     * Mark token as used (update lastUsedAt)
+     */
+    async markAsUsed() {
+        await this.merge({ lastUsedAt: new Date() }).save();
+    }
+}exports.RefreshToken=RefreshToken;//# sourceMappingURL=refresh-token.js.map

package/cjs/models/refresh-token/refresh-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh-token.js","sources":["../../../src/models/refresh-token/refresh-token.ts"],"sourcesContent":[null],"names":["v","Model"],"mappings":"yFAGA,MAAM,kBAAkB,GAAGA,MAAC,CAAC,MAAM,CAAC;AAClC,IAAA,KAAK,EAAEA,MAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAC5B,IAAA,MAAM,EAAEA,MAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAC7B,IAAA,QAAQ,EAAEA,MAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAC/B,IAAA,QAAQ,EAAEA,MAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AAC/B,IAAA,SAAS,EAAEA,MAAC,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;AAC9B,IAAA,UAAU,EAAEA,MAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC;AAC9C,IAAA,SAAS,EAAEA,MAAC,CAAC,IAAI,EAAE;IACnB,UAAU,EAAEA,MAAC,CAAC,MAAM,CAACA,MAAC,CAAC,GAAG,EAAE,CAAC;AAC9B,CAAA,CAAC,CAAC;AAEG,MAAO,YAAa,SAAQC,aAAK,CAAA;AACrC;;AAEG;AACI,IAAA,OAAO,KAAK,GAAG,eAAe,CAAC;AAEtC;;AAEG;AACI,IAAA,OAAO,MAAM,GAAG,kBAAkB,CAAC;AAE1C;;AAEG;AACH,IAAA,IAAW,SAAS,GAAA;QAClB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AACxC,QAAA,IAAI,CAAC,SAAS;AAAE,YAAA,OAAO,KAAK,CAAC;QAC7B,OAAO,IAAI,IAAI,EAAE,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;KACzC;AAED;;AAEG;AACH,IAAA,IAAW,SAAS,GAAA;QAClB,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;KAChC;AAED;;AAEG;AACH,IAAA,IAAW,OAAO,GAAA;QAChB,OAAO,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;KAC3C;AAED;;AAEG;AACI,IAAA,MAAM,MAAM,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;KACrD;AAED;;AAEG;AACI,IAAA,MAAM,UAAU,GAAA;AACrB,QAAA,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;KACrD;"}

package/cjs/services/auth-events.d.ts

@@ -0,0 +1,85 @@
+import { type EventSubscription } from "@mongez/events";
+import type { DeviceInfo, TokenPair } from "../contracts/types";
+import type { Auth } from "../models/auth";
+import type { RefreshToken } from "../models/refresh-token";
+/**
+ * Auth event payload types
+ */
+export type AuthEventPayloads = {
+    "login.success": [user: Auth, tokenPair: TokenPair, deviceInfo?: DeviceInfo];
+    "login.failed": [credentials: {
+        email?: string;
+        username?: string;
+    }, reason: string];
+    "login.attempt": [credentials: {
+        email?: string;
+        username?: string;
+    }];
+    logout: [user: Auth];
+    "logout.all": [user: Auth];
+    "logout.failsafe": [user: Auth];
+    "token.created": [user: Auth, tokenPair: TokenPair];
+    "token.refreshed": [user: Auth, newTokenPair: TokenPair, oldRefreshToken: RefreshToken];
+    "token.revoked": [user: Auth, token: RefreshToken];
+    "token.expired": [token: RefreshToken];
+    "token.familyRevoked": [familyId: string, tokens: RefreshToken[]];
+    "password.changed": [user: Auth];
+    "password.resetRequested": [user: Auth, resetToken: string];
+    "password.reset": [user: Auth];
+    "session.created": [user: Auth, refreshToken: RefreshToken, deviceInfo?: DeviceInfo];
+    "session.destroyed": [user: Auth, refreshToken: RefreshToken];
+    "cleanup.completed": [expiredCount: number];
+};
+/**
+ * Auth event names
+ */
+export type AuthEventName = keyof AuthEventPayloads;
+/**
+ * Callback type for a specific event
+ */
+export type AuthEventCallback<T extends AuthEventName> = (...args: AuthEventPayloads[T]) => void | Promise<void>;
+/**
+ * Type-safe auth events manager
+ *
+ * @example
+ * ```typescript
+ * // Subscribe to events with full autocomplete
+ * authEvents.on("login.success", (user, tokenPair, deviceInfo) => {
+ *   console.log(`User ${user.id} logged in`);
+ * });
+ *
+ * authEvents.on("token.refreshed", (user, newPair, oldToken) => {
+ *   console.log(`Token refreshed for user ${user.id}`);
+ * });
+ *
+ * // Trigger events
+ * authEvents.emit("login.success", user, tokenPair, deviceInfo);
+ * ```
+ */
+export declare const authEvents: {
+    /**
+     * Subscribe to an auth event
+     */
+    on<T extends keyof AuthEventPayloads>(event: T, callback: AuthEventCallback<T>): EventSubscription;
+    /**
+     * Subscribe to an auth event (alias for `on`)
+     */
+    subscribe<T_1 extends keyof AuthEventPayloads>(event: T_1, callback: AuthEventCallback<T_1>): EventSubscription;
+    /**
+     * Emit an auth event
+     */
+    emit<T_2 extends keyof AuthEventPayloads>(event: T_2, ...args: AuthEventPayloads[T_2]): void;
+    /**
+     * Emit an auth event (alias for `emit`)
+     */
+    trigger<T_3 extends keyof AuthEventPayloads>(event: T_3, ...args: AuthEventPayloads[T_3]): void;
+    /**
+     * Unsubscribe from all auth events
+     */
+    unsubscribeAll(): void;
+    /**
+     * Unsubscribe from a specific auth event
+     */
+    off(event?: AuthEventName): void;
+};
+//# sourceMappingURL=auth-events.d.ts.map

package/cjs/services/auth-events.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-events.d.ts","sourceRoot":"","sources":["../../src/services/auth-events.ts"],"names":[],"mappings":"AAAA,OAAe,EAAE,KAAK,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAChE,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAChE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAE5D;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAE9B,eAAe,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;IAC7E,cAAc,EAAE,CAAC,WAAW,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IACrF,eAAe,EAAE,CAAC,WAAW,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAGtE,MAAM,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACrB,YAAY,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC3B,iBAAiB,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAGhC,eAAe,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IACpD,iBAAiB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,CAAC,CAAC;IACxF,eAAe,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;IACnD,eAAe,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACvC,qBAAqB,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;IAGlE,kBAAkB,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACjC,yBAAyB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAC5D,gBAAgB,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAG/B,iBAAiB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;IACrF,mBAAmB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;IAG9D,mBAAmB,EAAE,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;CAC7C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC;AAEpD;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,aAAa,IAAI,CACvD,GAAG,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC,KAC1B,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAO1B;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,UAAU;IACrB;;OAEG;qFACoE,iBAAiB;IAIxF;;OAEG;kGAC2E,iBAAiB;IAI/F;;OAEG;4FACqE,IAAI;IAI5E;;OAEG;+FACwE,IAAI;IAI/E;;OAEG;sBACe,IAAI;IAItB;;OAEG;gBACS,aAAa,GAAG,IAAI;CAOjC,CAAC"}

package/cjs/services/auth-events.js

@@ -0,0 +1,65 @@
+'use strict';var events=require('@mongez/events');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}var events__default=/*#__PURE__*/_interopDefault(events);/**
+ * Event namespace prefix for auth events
+ */
+const AUTH_EVENT_PREFIX = "auth.";
+/**
+ * Type-safe auth events manager
+ *
+ * @example
+ * ```typescript
+ * // Subscribe to events with full autocomplete
+ * authEvents.on("login.success", (user, tokenPair, deviceInfo) => {
+ *   console.log(`User ${user.id} logged in`);
+ * });
+ *
+ * authEvents.on("token.refreshed", (user, newPair, oldToken) => {
+ *   console.log(`Token refreshed for user ${user.id}`);
+ * });
+ *
+ * // Trigger events
+ * authEvents.emit("login.success", user, tokenPair, deviceInfo);
+ * ```
+ */
+const authEvents = {
+    /**
+     * Subscribe to an auth event
+     */
+    on(event, callback) {
+        return events__default.default.subscribe(AUTH_EVENT_PREFIX + event, callback);
+    },
+    /**
+     * Subscribe to an auth event (alias for `on`)
+     */
+    subscribe(event, callback) {
+        return this.on(event, callback);
+    },
+    /**
+     * Emit an auth event
+     */
+    emit(event, ...args) {
+        events__default.default.trigger(AUTH_EVENT_PREFIX + event, ...args);
+    },
+    /**
+     * Emit an auth event (alias for `emit`)
+     */
+    trigger(event, ...args) {
+        this.emit(event, ...args);
+    },
+    /**
+     * Unsubscribe from all auth events
+     */
+    unsubscribeAll() {
+        events__default.default.unsubscribeNamespace(AUTH_EVENT_PREFIX.slice(0, -1));
+    },
+    /**
+     * Unsubscribe from a specific auth event
+     */
+    off(event) {
+        if (event) {
+            events__default.default.unsubscribe(AUTH_EVENT_PREFIX + event);
+        }
+        else {
+            this.unsubscribeAll();
+        }
+    },
+};exports.authEvents=authEvents;//# sourceMappingURL=auth-events.js.map

package/cjs/services/auth-events.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-events.js","sources":["../../src/services/auth-events.ts"],"sourcesContent":[null],"names":["events"],"mappings":"4KAmDA;;AAEG;AACH,MAAM,iBAAiB,GAAG,OAAO,CAAC;AAElC;;;;;;;;;;;;;;;;;AAiBG;AACU,MAAA,UAAU,GAAG;AACxB;;AAEG;IACH,EAAE,CAA0B,KAAQ,EAAE,QAA8B,EAAA;QAClE,OAAOA,uBAAM,CAAC,SAAS,CAAC,iBAAiB,GAAG,KAAK,EAAE,QAAoB,CAAC,CAAC;KAC1E;AAED;;AAEG;IACH,SAAS,CAA0B,KAAQ,EAAE,QAA8B,EAAA;QACzE,OAAO,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;KACjC;AAED;;AAEG;AACH,IAAA,IAAI,CAA0B,KAAQ,EAAE,GAAG,IAA0B,EAAA;QACnEA,uBAAM,CAAC,OAAO,CAAC,iBAAiB,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC;KACpD;AAED;;AAEG;AACH,IAAA,OAAO,CAA0B,KAAQ,EAAE,GAAG,IAA0B,EAAA;QACtE,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC;KAC3B;AAED;;AAEG;IACH,cAAc,GAAA;AACZ,QAAAA,uBAAM,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;KAC7D;AAED;;AAEG;AACH,IAAA,GAAG,CAAC,KAAqB,EAAA;AACvB,QAAA,IAAI,KAAK,EAAE;AACT,YAAAA,uBAAM,CAAC,WAAW,CAAC,iBAAiB,GAAG,KAAK,CAAC,CAAC;AAC/C,SAAA;AAAM,aAAA;YACL,IAAI,CAAC,cAAc,EAAE,CAAC;AACvB,SAAA;KACF;"}

package/cjs/services/auth.service.d.ts

@@ -0,0 +1,91 @@
+import type { ChildModel } from "@warlock.js/cascade";
+import type { DeviceInfo, TokenPair } from "../contracts/types";
+import type { Auth } from "../models/auth";
+import { RefreshToken } from "../models/refresh-token";
+declare class AuthService {
+    /**
+     * Build access token payload from user
+     */
+    buildAccessTokenPayload(user: Auth): {
+        id: any;
+        _id: any;
+        userType: string;
+        createdAt: number;
+    };
+    /**
+     * Generate access token for user
+     */
+    generateAccessToken(user: Auth, payload?: any): Promise<string>;
+    /**
+     * Create refresh token for user
+     */
+    createRefreshToken(user: Auth, deviceInfo?: DeviceInfo): Promise<RefreshToken>;
+    /**
+     * Create both access and refresh tokens
+     */
+    createTokenPair(user: Auth, deviceInfo?: DeviceInfo): Promise<TokenPair>;
+    /**
+     * Refresh tokens using a refresh token
+     */
+    refreshTokens(refreshTokenString: string, deviceInfo?: DeviceInfo): Promise<TokenPair | null>;
+    /**
+     * Verify password
+     */
+    verifyPassword(hashedPassword: string, plainPassword: string): boolean;
+    /**
+     * Hash password
+     */
+    hashPassword(password: string): string;
+    /**
+     * Attempt to login user with given credentials
+     */
+    attemptLogin(Model: ChildModel<Auth>, data: any): Promise<Auth | null>;
+    /**
+     * Full login flow: validate credentials, create tokens, emit events
+     * Returns token pair on success, null on failure
+     */
+    login(Model: ChildModel<Auth>, credentials: any, deviceInfo?: DeviceInfo): Promise<{
+        user: Auth;
+        tokens: TokenPair;
+    } | null | {
+        user: Auth;
+        accessToken: string;
+    }>;
+    /**
+     * Logout user
+     * @param user - The authenticated user
+     * @param accessToken - Optional access token string to revoke
+     * @param refreshToken - Optional refresh token string to revoke
+     * If refresh token is not provided, behavior is determined by config:
+     * - "revoke-all" (default): Revoke ALL refresh tokens for security
+     * - "error": Throw error requiring refresh token
+     */
+    logout(user: Auth, accessToken?: string, refreshToken?: string): Promise<void>;
+    /**
+     * Remove specific access token
+     */
+    removeAccessToken(user: Auth, token: string): Promise<void>;
+    /**
+     * Revoke all tokens for a user
+     */
+    revokeAllTokens(user: Auth): Promise<void>;
+    /**
+     * Revoke entire token family (for rotation breach detection)
+     */
+    revokeTokenFamily(familyId: string): Promise<void>;
+    /**
+     * Cleanup expired tokens
+     */
+    cleanupExpiredTokens(): Promise<number>;
+    /**
+     * Enforce max refresh tokens per user
+     */
+    private enforceMaxRefreshTokens;
+    /**
+     * Get active sessions for user
+     */
+    getActiveSessions(user: Auth): Promise<RefreshToken[]>;
+}
+export declare const authService: AuthService;
+export {};
+//# sourceMappingURL=auth.service.d.ts.map

package/cjs/services/auth.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/services/auth.service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEtD,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAEhE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAKvD,cAAM,WAAW;IACf;;OAEG;IACI,uBAAuB,CAAC,IAAI,EAAE,IAAI;;;;;;IASzC;;OAEG;IACU,mBAAmB,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAiB5E;;OAEG;IACU,kBAAkB,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC;IAsC3F;;OAEG;IACU,eAAe,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IAiBrF;;OAEG;IACU,aAAa,CACxB,kBAAkB,EAAE,MAAM,EAC1B,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAoD5B;;OAEG;IACI,cAAc,CAAC,cAAc,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO;IAI7E;;OAEG;IACI,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAI7C;;OAEG;IACU,YAAY,CAAC,KAAK,EAAE,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAqBnF;;;OAGG;IACU,KAAK,CAChB,KAAK,EAAE,UAAU,CAAC,IAAI,CAAC,EACvB,WAAW,EAAE,GAAG,EAChB,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,MAAM,EAAE,SAAS,CAAA;KAAE,GAAG,IAAI,GAAG;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC;IAqB1F;;;;;;;;OAQG;IACU,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAoC3F;;OAEG;IACU,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOxE;;OAEG;IACU,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBvD;;OAEG;IACU,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAc/D;;OAEG;IACU,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC;IAcpD;;OAEG;YACW,uBAAuB;IAmBrC;;OAEG;IACU,iBAAiB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;CASpE;AAED,eAAO,MAAM,WAAW,aAAoB,CAAC"}