@warlock.js/auth 4.0.5 → 4.0.10

package/cjs/models/refresh-token/refresh-token.js

@@ -0,0 +1,52 @@
+'use strict';var cascade=require('@warlock.js/cascade');class RefreshToken extends cascade.Model {
+    /**
+     * {@inheritDoc}
+     */
+    static collection = "refreshTokens";
+    /**
+     * {@inheritDoc}
+     */
+    casts = {
+        token: "string",
+        userId: "int",
+        userType: "string",
+        familyId: "string",
+        expiresAt: "date",
+        lastUsedAt: "date",
+        revokedAt: "date",
+        deviceInfo: "object",
+    };
+    /**
+     * Check if token is expired
+     */
+    get isExpired() {
+        const expiresAt = this.get("expiresAt");
+        if (!expiresAt)
+            return false;
+        return new Date() > new Date(expiresAt);
+    }
+    /**
+     * Check if token is revoked
+     */
+    get isRevoked() {
+        return !!this.get("revokedAt");
+    }
+    /**
+     * Check if token is valid (not expired and not revoked)
+     */
+    get isValid() {
+        return !this.isExpired && !this.isRevoked;
+    }
+    /**
+     * Revoke this token
+     */
+    async revoke() {
+        return this.save({ revokedAt: new Date() });
+    }
+    /**
+     * Mark token as used (update lastUsedAt)
+     */
+    async markAsUsed() {
+        this.silentSaving({ lastUsedAt: new Date() });
+    }
+}exports.RefreshToken=RefreshToken;//# sourceMappingURL=refresh-token.js.map

package/cjs/models/refresh-token/refresh-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh-token.js","sources":["../../../src/models/refresh-token/refresh-token.ts"],"sourcesContent":[null],"names":["Model"],"mappings":"wDAEM,MAAO,YAAa,SAAQA,aAAK,CAAA;AACrC;;AAEG;AACI,IAAA,OAAO,UAAU,GAAG,eAAe,CAAC;AAE3C;;AAEG;AACO,IAAA,KAAK,GAAU;AACvB,QAAA,KAAK,EAAE,QAAQ;AACf,QAAA,MAAM,EAAE,KAAK;AACb,QAAA,QAAQ,EAAE,QAAQ;AAClB,QAAA,QAAQ,EAAE,QAAQ;AAClB,QAAA,SAAS,EAAE,MAAM;AACjB,QAAA,UAAU,EAAE,MAAM;AAClB,QAAA,SAAS,EAAE,MAAM;AACjB,QAAA,UAAU,EAAE,QAAQ;KACrB,CAAC;AAEF;;AAEG;AACH,IAAA,IAAW,SAAS,GAAA;QAClB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AACxC,QAAA,IAAI,CAAC,SAAS;AAAE,YAAA,OAAO,KAAK,CAAC;QAC7B,OAAO,IAAI,IAAI,EAAE,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;KACzC;AAED;;AAEG;AACH,IAAA,IAAW,SAAS,GAAA;QAClB,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;KAChC;AAED;;AAEG;AACH,IAAA,IAAW,OAAO,GAAA;QAChB,OAAO,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;KAC3C;AAED;;AAEG;AACI,IAAA,MAAM,MAAM,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;KAC7C;AAED;;AAEG;AACI,IAAA,MAAM,UAAU,GAAA;QACrB,IAAI,CAAC,YAAY,CAAC,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;KAC/C;"}

package/cjs/services/auth-events.d.ts

@@ -0,0 +1,84 @@
+import { type EventSubscription } from "@mongez/events";
+import type { DeviceInfo, TokenPair } from "../contracts/types";
+import type { Auth } from "../models/auth";
+import type { RefreshToken } from "../models/refresh-token";
+/**
+ * Auth event payload types
+ */
+export type AuthEventPayloads = {
+    "login.success": [user: Auth, tokenPair: TokenPair, deviceInfo?: DeviceInfo];
+    "login.failed": [credentials: {
+        email?: string;
+        username?: string;
+    }, reason: string];
+    "login.attempt": [credentials: {
+        email?: string;
+        username?: string;
+    }];
+    logout: [user: Auth];
+    "logout.all": [user: Auth];
+    "token.created": [user: Auth, tokenPair: TokenPair];
+    "token.refreshed": [user: Auth, newTokenPair: TokenPair, oldRefreshToken: RefreshToken];
+    "token.revoked": [user: Auth, token: RefreshToken];
+    "token.expired": [token: RefreshToken];
+    "token.familyRevoked": [familyId: string, tokens: RefreshToken[]];
+    "password.changed": [user: Auth];
+    "password.resetRequested": [user: Auth, resetToken: string];
+    "password.reset": [user: Auth];
+    "session.created": [user: Auth, refreshToken: RefreshToken, deviceInfo?: DeviceInfo];
+    "session.destroyed": [user: Auth, refreshToken: RefreshToken];
+    "cleanup.completed": [expiredCount: number];
+};
+/**
+ * Auth event names
+ */
+export type AuthEventName = keyof AuthEventPayloads;
+/**
+ * Callback type for a specific event
+ */
+export type AuthEventCallback<T extends AuthEventName> = (...args: AuthEventPayloads[T]) => void | Promise<void>;
+/**
+ * Type-safe auth events manager
+ *
+ * @example
+ * ```typescript
+ * // Subscribe to events with full autocomplete
+ * authEvents.on("login.success", (user, tokenPair, deviceInfo) => {
+ *   console.log(`User ${user.id} logged in`);
+ * });
+ *
+ * authEvents.on("token.refreshed", (user, newPair, oldToken) => {
+ *   console.log(`Token refreshed for user ${user.id}`);
+ * });
+ *
+ * // Trigger events
+ * authEvents.emit("login.success", user, tokenPair, deviceInfo);
+ * ```
+ */
+export declare const authEvents: {
+    /**
+     * Subscribe to an auth event
+     */
+    on<T extends keyof AuthEventPayloads>(event: T, callback: AuthEventCallback<T>): EventSubscription;
+    /**
+     * Subscribe to an auth event (alias for `on`)
+     */
+    subscribe<T_1 extends keyof AuthEventPayloads>(event: T_1, callback: AuthEventCallback<T_1>): EventSubscription;
+    /**
+     * Emit an auth event
+     */
+    emit<T_2 extends keyof AuthEventPayloads>(event: T_2, ...args: AuthEventPayloads[T_2]): void;
+    /**
+     * Emit an auth event (alias for `emit`)
+     */
+    trigger<T_3 extends keyof AuthEventPayloads>(event: T_3, ...args: AuthEventPayloads[T_3]): void;
+    /**
+     * Unsubscribe from all auth events
+     */
+    unsubscribeAll(): void;
+    /**
+     * Unsubscribe from a specific auth event
+     */
+    off(event?: AuthEventName): void;
+};
+//# sourceMappingURL=auth-events.d.ts.map

package/cjs/services/auth-events.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-events.d.ts","sourceRoot":"","sources":["../../src/services/auth-events.ts"],"names":[],"mappings":"AAAA,OAAe,EAAE,KAAK,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAChE,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAChE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAE5D;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAE9B,eAAe,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;IAC7E,cAAc,EAAE,CAAC,WAAW,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IACrF,eAAe,EAAE,CAAC,WAAW,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAGtE,MAAM,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACrB,YAAY,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAG3B,eAAe,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IACpD,iBAAiB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,CAAC,CAAC;IACxF,eAAe,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;IACnD,eAAe,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACvC,qBAAqB,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;IAGlE,kBAAkB,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACjC,yBAAyB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAC5D,gBAAgB,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAG/B,iBAAiB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;IACrF,mBAAmB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;IAG9D,mBAAmB,EAAE,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;CAC7C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC;AAEpD;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,aAAa,IAAI,CACvD,GAAG,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC,KAC1B,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAO1B;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,UAAU;IACrB;;OAEG;qFACoE,iBAAiB;IAIxF;;OAEG;kGAC2E,iBAAiB;IAI/F;;OAEG;4FACqE,IAAI;IAI5E;;OAEG;+FACwE,IAAI;IAI/E;;OAEG;sBACe,IAAI;IAItB;;OAEG;gBACS,aAAa,GAAG,IAAI;CAOjC,CAAC"}

package/cjs/services/auth-events.js

@@ -0,0 +1,65 @@
+'use strict';var events=require('@mongez/events');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}var events__default=/*#__PURE__*/_interopDefault(events);/**
+ * Event namespace prefix for auth events
+ */
+const AUTH_EVENT_PREFIX = "auth.";
+/**
+ * Type-safe auth events manager
+ *
+ * @example
+ * ```typescript
+ * // Subscribe to events with full autocomplete
+ * authEvents.on("login.success", (user, tokenPair, deviceInfo) => {
+ *   console.log(`User ${user.id} logged in`);
+ * });
+ *
+ * authEvents.on("token.refreshed", (user, newPair, oldToken) => {
+ *   console.log(`Token refreshed for user ${user.id}`);
+ * });
+ *
+ * // Trigger events
+ * authEvents.emit("login.success", user, tokenPair, deviceInfo);
+ * ```
+ */
+const authEvents = {
+    /**
+     * Subscribe to an auth event
+     */
+    on(event, callback) {
+        return events__default.default.subscribe(AUTH_EVENT_PREFIX + event, callback);
+    },
+    /**
+     * Subscribe to an auth event (alias for `on`)
+     */
+    subscribe(event, callback) {
+        return this.on(event, callback);
+    },
+    /**
+     * Emit an auth event
+     */
+    emit(event, ...args) {
+        events__default.default.trigger(AUTH_EVENT_PREFIX + event, ...args);
+    },
+    /**
+     * Emit an auth event (alias for `emit`)
+     */
+    trigger(event, ...args) {
+        this.emit(event, ...args);
+    },
+    /**
+     * Unsubscribe from all auth events
+     */
+    unsubscribeAll() {
+        events__default.default.unsubscribeNamespace(AUTH_EVENT_PREFIX.slice(0, -1));
+    },
+    /**
+     * Unsubscribe from a specific auth event
+     */
+    off(event) {
+        if (event) {
+            events__default.default.unsubscribe(AUTH_EVENT_PREFIX + event);
+        }
+        else {
+            this.unsubscribeAll();
+        }
+    },
+};exports.authEvents=authEvents;//# sourceMappingURL=auth-events.js.map

package/cjs/services/auth-events.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-events.js","sources":["../../src/services/auth-events.ts"],"sourcesContent":[null],"names":["events"],"mappings":"4KAkDA;;AAEG;AACH,MAAM,iBAAiB,GAAG,OAAO,CAAC;AAElC;;;;;;;;;;;;;;;;;AAiBG;AACU,MAAA,UAAU,GAAG;AACxB;;AAEG;IACH,EAAE,CAA0B,KAAQ,EAAE,QAA8B,EAAA;QAClE,OAAOA,uBAAM,CAAC,SAAS,CAAC,iBAAiB,GAAG,KAAK,EAAE,QAAoB,CAAC,CAAC;KAC1E;AAED;;AAEG;IACH,SAAS,CAA0B,KAAQ,EAAE,QAA8B,EAAA;QACzE,OAAO,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;KACjC;AAED;;AAEG;AACH,IAAA,IAAI,CAA0B,KAAQ,EAAE,GAAG,IAA0B,EAAA;QACnEA,uBAAM,CAAC,OAAO,CAAC,iBAAiB,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC;KACpD;AAED;;AAEG;AACH,IAAA,OAAO,CAA0B,KAAQ,EAAE,GAAG,IAA0B,EAAA;QACtE,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC;KAC3B;AAED;;AAEG;IACH,cAAc,GAAA;AACZ,QAAAA,uBAAM,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;KAC7D;AAED;;AAEG;AACH,IAAA,GAAG,CAAC,KAAqB,EAAA;AACvB,QAAA,IAAI,KAAK,EAAE;AACT,YAAAA,uBAAM,CAAC,WAAW,CAAC,iBAAiB,GAAG,KAAK,CAAC,CAAC;AAC/C,SAAA;AAAM,aAAA;YACL,IAAI,CAAC,cAAc,EAAE,CAAC;AACvB,SAAA;KACF;"}

package/cjs/services/auth.service.d.ts

@@ -0,0 +1,78 @@
+import type { ChildModel } from "@warlock.js/cascade";
+import type { DeviceInfo, TokenPair } from "../contracts/types";
+import type { Auth } from "../models/auth";
+import { RefreshToken } from "../models/refresh-token";
+declare class AuthService {
+    /**
+     * Build access token payload from user
+     */
+    buildAccessTokenPayload(user: Auth): {
+        id: any;
+        _id: any;
+        userType: string;
+        createdAt: number;
+    };
+    /**
+     * Generate access token for user
+     */
+    generateAccessToken(user: Auth, payload?: any): Promise<string>;
+    /**
+     * Create refresh token for user
+     */
+    createRefreshToken(user: Auth, deviceInfo?: DeviceInfo): Promise<RefreshToken>;
+    /**
+     * Create both access and refresh tokens
+     */
+    createTokenPair(user: Auth, deviceInfo?: DeviceInfo): Promise<TokenPair>;
+    /**
+     * Refresh tokens using a refresh token
+     */
+    refreshTokens(refreshTokenString: string, deviceInfo?: DeviceInfo): Promise<TokenPair | null>;
+    /**
+     * Verify password
+     */
+    verifyPassword(hashedPassword: string, plainPassword: string): boolean;
+    /**
+     * Attempt to login user with given credentials
+     */
+    attemptLogin<T>(Model: ChildModel<T>, data: any): Promise<T | null>;
+    /**
+     * Full login flow: validate credentials, create tokens, emit events
+     * Returns token pair on success, null on failure
+     */
+    login<T extends Auth>(Model: ChildModel<T>, credentials: any, deviceInfo?: DeviceInfo): Promise<{
+        user: T;
+        tokens: TokenPair;
+    } | null>;
+    /**
+     * Logout user (revoke specific refresh token)
+     */
+    logout(user: Auth, refreshToken?: RefreshToken): Promise<void>;
+    /**
+     * Remove specific access token
+     */
+    removeAccessToken(user: Auth, token: string): Promise<void>;
+    /**
+     * Revoke all tokens for a user
+     */
+    revokeAllTokens(user: Auth): Promise<void>;
+    /**
+     * Revoke entire token family (for rotation breach detection)
+     */
+    revokeTokenFamily(familyId: string): Promise<void>;
+    /**
+     * Cleanup expired tokens
+     */
+    cleanupExpiredTokens(): Promise<number>;
+    /**
+     * Enforce max refresh tokens per user
+     */
+    private enforceMaxRefreshTokens;
+    /**
+     * Get active sessions for user
+     */
+    getActiveSessions(user: Auth): Promise<RefreshToken[]>;
+}
+export declare const authService: AuthService;
+export {};
+//# sourceMappingURL=auth.service.d.ts.map

package/cjs/services/auth.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/services/auth.service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEtD,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAEhE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAKvD,cAAM,WAAW;IACf;;OAEG;IACI,uBAAuB,CAAC,IAAI,EAAE,IAAI;;;;;;IASzC;;OAEG;IACU,mBAAmB,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAiB5E;;OAEG;IACU,kBAAkB,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC;IAsC3F;;OAEG;IACU,eAAe,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IAiBrF;;OAEG;IACU,aAAa,CACxB,kBAAkB,EAAE,MAAM,EAC1B,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAoD5B;;OAEG;IACI,cAAc,CAAC,cAAc,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO;IAI7E;;OAEG;IACU,YAAY,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC;IAqBhF;;;OAGG;IACU,KAAK,CAAC,CAAC,SAAS,IAAI,EAC/B,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,EACpB,WAAW,EAAE,GAAG,EAChB,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC;QAAE,IAAI,EAAE,CAAC,CAAC;QAAC,MAAM,EAAE,SAAS,CAAA;KAAE,GAAG,IAAI,CAAC;IAejD;;OAEG;IACU,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAU3E;;OAEG;IACU,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOxE;;OAEG;IACU,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBvD;;OAEG;IACU,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAc/D;;OAEG;IACU,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC;IAcpD;;OAEG;YACW,uBAAuB;IAmBrC;;OAEG;IACU,iBAAiB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;CASpE;AAED,eAAO,MAAM,WAAW,aAAoB,CAAC"}

package/cjs/services/auth.service.js

@@ -0,0 +1,265 @@
+'use strict';var password=require('@mongez/password'),reinforcements=require('@mongez/reinforcements'),core=require('@warlock.js/core'),accessToken=require('../models/access-token/access-token.js');require('../models/access-token/migration.js');var refreshToken=require('../models/refresh-token/refresh-token.js'),duration=require('../utils/duration.js'),authEvents=require('./auth-events.js'),jwt=require('./jwt.js');class AuthService {
+    /**
+     * Build access token payload from user
+     */
+    buildAccessTokenPayload(user) {
+        return {
+            id: user.id,
+            _id: user._id,
+            userType: user.userType,
+            createdAt: Date.now(),
+        };
+    }
+    /**
+     * Generate access token for user
+     */
+    async generateAccessToken(user, payload) {
+        const data = payload || this.buildAccessTokenPayload(user);
+        const expiresInConfig = core.config.key("auth.jwt.expiresIn");
+        const expiresIn = duration.toJwtExpiresIn(expiresInConfig, 3600000); // default 1 hour
+        // If expiresIn is undefined, token never expires
+        const token = expiresIn ? await jwt.jwt.generate(data, { expiresIn }) : await jwt.jwt.generate(data);
+        // Store in database (fire and forget)
+        accessToken.AccessToken.create({
+            token,
+            user: data,
+        });
+        return token;
+    }
+    /**
+     * Create refresh token for user
+     */
+    async createRefreshToken(user, deviceInfo) {
+        const familyId = deviceInfo?.familyId || reinforcements.Random.string(32);
+        const expiresInConfig = core.config.key("auth.jwt.refresh.expiresIn");
+        const expiresInMs = duration.parseExpirationToMs(expiresInConfig, 7 * 24 * 60 * 60 * 1000); // default 7 days
+        const payload = {
+            userId: user.id,
+            userType: user.userType,
+            familyId,
+        };
+        const token = await jwt.jwt.generateRefreshToken(payload);
+        // Enforce max tokens per user
+        await this.enforceMaxRefreshTokens(user);
+        // Calculate expiration date (undefined means never expires, but we still set a far future date)
+        const expiresAt = expiresInMs
+            ? new Date(Date.now() + expiresInMs)
+            : new Date(Date.now() + 100 * 365 * 24 * 60 * 60 * 1000);
+        // Store in database
+        return refreshToken.RefreshToken.create({
+            token,
+            userId: user.id,
+            userType: user.userType,
+            familyId,
+            expiresAt,
+            deviceInfo: deviceInfo
+                ? {
+                    userAgent: deviceInfo.userAgent,
+                    ip: deviceInfo.ip,
+                    deviceId: deviceInfo.deviceId,
+                }
+                : undefined,
+        });
+    }
+    /**
+     * Create both access and refresh tokens
+     */
+    async createTokenPair(user, deviceInfo) {
+        const accessToken = await this.generateAccessToken(user);
+        const refreshToken = await this.createRefreshToken(user, deviceInfo);
+        const tokenPair = {
+            accessToken,
+            refreshToken: refreshToken.get("token"),
+            expiresIn: core.config.key("auth.jwt.expiresIn", "1h"),
+        };
+        // Emit events
+        authEvents.authEvents.emit("token.created", user, tokenPair);
+        authEvents.authEvents.emit("session.created", user, refreshToken, deviceInfo);
+        return tokenPair;
+    }
+    /**
+     * Refresh tokens using a refresh token
+     */
+    async refreshTokens(refreshTokenString, deviceInfo) {
+        try {
+            // 1. Verify JWT signature
+            const decoded = await jwt.jwt.verifyRefreshToken(refreshTokenString);
+            if (!decoded)
+                return null;
+            // 2. Find token in database
+            const refreshToken$1 = await refreshToken.RefreshToken.first({ token: refreshTokenString });
+            if (!refreshToken$1?.isValid) {
+                // If token was already used (rotation detection), revoke entire family
+                if (refreshToken$1) {
+                    await this.revokeTokenFamily(refreshToken$1.get("familyId"));
+                }
+                return null;
+            }
+            // 3. Get user model and find user
+            const UserModel = core.config.key(`auth.userType.${decoded.userType}`);
+            if (!UserModel)
+                return null;
+            const user = (await UserModel.find(decoded.userId));
+            if (!user)
+                return null;
+            // 4. Rotate token if enabled (revoke old token)
+            const rotationEnabled = core.config.key("auth.jwt.refresh.rotation", true);
+            if (rotationEnabled) {
+                await refreshToken$1.revoke();
+            }
+            else {
+                await refreshToken$1.markAsUsed();
+            }
+            // 5. Generate new token pair (keep same family)
+            const newTokenPair = await this.createTokenPair(user, {
+                ...deviceInfo,
+                familyId: refreshToken$1.get("familyId"),
+            });
+            // Emit token refreshed event
+            authEvents.authEvents.emit("token.refreshed", user, newTokenPair, refreshToken$1);
+            return newTokenPair;
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Verify password
+     */
+    verifyPassword(hashedPassword, plainPassword) {
+        return password.verify(String(hashedPassword), String(plainPassword));
+    }
+    /**
+     * Attempt to login user with given credentials
+     */
+    async attemptLogin(Model, data) {
+        const { password, ...otherData } = data;
+        // Emit login attempt event
+        authEvents.authEvents.emit("login.attempt", otherData);
+        const user = (await Model.first(otherData));
+        if (!user) {
+            authEvents.authEvents.emit("login.failed", otherData, "User not found");
+            return null;
+        }
+        if (!this.verifyPassword(user.get("password"), password)) {
+            authEvents.authEvents.emit("login.failed", otherData, "Invalid password");
+            return null;
+        }
+        return user;
+    }
+    /**
+     * Full login flow: validate credentials, create tokens, emit events
+     * Returns token pair on success, null on failure
+     */
+    async login(Model, credentials, deviceInfo) {
+        const user = await this.attemptLogin(Model, credentials);
+        if (!user) {
+            return null;
+        }
+        const tokens = await this.createTokenPair(user, deviceInfo);
+        // Emit login success event
+        authEvents.authEvents.emit("login.success", user, tokens, deviceInfo);
+        return { user, tokens };
+    }
+    /**
+     * Logout user (revoke specific refresh token)
+     */
+    async logout(user, refreshToken) {
+        if (refreshToken) {
+            await refreshToken.revoke();
+            authEvents.authEvents.emit("session.destroyed", user, refreshToken);
+        }
+        // Emit logout event
+        authEvents.authEvents.emit("logout", user);
+    }
+    /**
+     * Remove specific access token
+     */
+    async removeAccessToken(user, token) {
+        accessToken.AccessToken.delete({
+            token,
+            "user.id": user.id,
+        });
+    }
+    /**
+     * Revoke all tokens for a user
+     */
+    async revokeAllTokens(user) {
+        // Revoke all refresh tokens
+        const refreshTokens = await refreshToken.RefreshToken.aggregate()
+            .where("userId", user.id)
+            .where("userType", user.userType)
+            .where("revokedAt", null)
+            .get();
+        for (const token of refreshTokens) {
+            await token.revoke();
+            authEvents.authEvents.emit("token.revoked", user, token);
+        }
+        // Delete all access tokens
+        await accessToken.AccessToken.delete({
+            "user.id": user.id,
+            "user.userType": user.userType,
+        });
+        // Emit logout all event
+        authEvents.authEvents.emit("logout.all", user);
+    }
+    /**
+     * Revoke entire token family (for rotation breach detection)
+     */
+    async revokeTokenFamily(familyId) {
+        const tokens = await refreshToken.RefreshToken.aggregate()
+            .where("familyId", familyId)
+            .where("revokedAt", null)
+            .get();
+        for (const token of tokens) {
+            await token.revoke();
+        }
+        // Emit family revoked event
+        authEvents.authEvents.emit("token.familyRevoked", familyId, tokens);
+    }
+    /**
+     * Cleanup expired tokens
+     */
+    async cleanupExpiredTokens() {
+        const expiredTokens = await refreshToken.RefreshToken.aggregate().where("expiresAt", "<", new Date()).get();
+        for (const token of expiredTokens) {
+            authEvents.authEvents.emit("token.expired", token);
+            await token.destroy();
+        }
+        // Emit cleanup completed event
+        authEvents.authEvents.emit("cleanup.completed", expiredTokens.length);
+        return expiredTokens.length;
+    }
+    /**
+     * Enforce max refresh tokens per user
+     */
+    async enforceMaxRefreshTokens(user) {
+        const maxPerUser = core.config.key("auth.jwt.refresh.maxPerUser", 5);
+        const activeTokens = await refreshToken.RefreshToken.aggregate()
+            .where("userId", user.id)
+            .where("userType", user.userType)
+            .where("revokedAt", null)
+            .sort("createdAt", "asc")
+            .get();
+        // Revoke oldest tokens if exceeding limit
+        if (activeTokens.length >= maxPerUser) {
+            const tokensToRevoke = activeTokens.slice(0, activeTokens.length - maxPerUser + 1);
+            for (const token of tokensToRevoke) {
+                await token.revoke();
+            }
+        }
+    }
+    /**
+     * Get active sessions for user
+     */
+    async getActiveSessions(user) {
+        return refreshToken.RefreshToken.aggregate()
+            .where("userId", user.id)
+            .where("userType", user.userType)
+            .where("revokedAt", null)
+            .where("expiresAt", ">", new Date())
+            .sort("createdAt", "desc")
+            .get();
+    }
+}
+const authService = new AuthService();exports.authService=authService;//# sourceMappingURL=auth.service.js.map

package/cjs/services/auth.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.js","sources":["../../src/services/auth.service.ts"],"sourcesContent":[null],"names":["config","toJwtExpiresIn","jwt","AccessToken","Random","parseExpirationToMs","RefreshToken","authEvents","refreshToken","verify"],"mappings":"kaAYA,MAAM,WAAW,CAAA;AACf;;AAEG;AACI,IAAA,uBAAuB,CAAC,IAAU,EAAA;QACvC,OAAO;YACL,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;AACvB,YAAA,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;KACH;AAED;;AAEG;AACI,IAAA,MAAM,mBAAmB,CAAC,IAAU,EAAE,OAAa,EAAA;QACxD,MAAM,IAAI,GAAG,OAAO,IAAI,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,eAAe,GAAGA,WAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;QACzD,MAAM,SAAS,GAAGC,uBAAc,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;;QAG3D,MAAM,KAAK,GAAG,SAAS,GAAG,MAAMC,OAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,GAAG,MAAMA,OAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;;QAG7FC,uBAAW,CAAC,MAAM,CAAC;YACjB,KAAK;AACL,YAAA,IAAI,EAAE,IAAI;AACX,SAAA,CAAC,CAAC;AAEH,QAAA,OAAO,KAAK,CAAC;KACd;AAED;;AAEG;AACI,IAAA,MAAM,kBAAkB,CAAC,IAAU,EAAE,UAAuB,EAAA;AACjE,QAAA,MAAM,QAAQ,GAAG,UAAU,EAAE,QAAQ,IAAIC,qBAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3D,MAAM,eAAe,GAAGJ,WAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;AACjE,QAAA,MAAM,WAAW,GAAGK,4BAAmB,CAAC,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;AAElF,QAAA,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ;SACT,CAAC;QAEF,MAAM,KAAK,GAAG,MAAMH,OAAG,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;;AAGtD,QAAA,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;;QAGzC,MAAM,SAAS,GAAG,WAAW;cACzB,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;cAClC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;;QAG3D,OAAOI,yBAAY,CAAC,MAAM,CAAC;YACzB,KAAK;YACL,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ;YACR,SAAS;AACT,YAAA,UAAU,EAAE,UAAU;AACpB,kBAAE;oBACE,SAAS,EAAE,UAAU,CAAC,SAAS;oBAC/B,EAAE,EAAE,UAAU,CAAC,EAAE;oBACjB,QAAQ,EAAE,UAAU,CAAC,QAAQ;AAC9B,iBAAA;AACH,kBAAE,SAAS;AACd,SAAA,CAAC,CAAC;KACJ;AAED;;AAEG;AACI,IAAA,MAAM,eAAe,CAAC,IAAU,EAAE,UAAuB,EAAA;QAC9D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AAErE,QAAA,MAAM,SAAS,GAAc;YAC3B,WAAW;AACX,YAAA,YAAY,EAAE,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;YACvC,SAAS,EAAEN,WAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,IAAI,CAAC;SAClD,CAAC;;QAGFO,qBAAU,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QAClDA,qBAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;AAEnE,QAAA,OAAO,SAAS,CAAC;KAClB;AAED;;AAEG;AACI,IAAA,MAAM,aAAa,CACxB,kBAA0B,EAC1B,UAAuB,EAAA;QAEvB,IAAI;;YAEF,MAAM,OAAO,GAAG,MAAML,OAAG,CAAC,kBAAkB,CAIzC,kBAAkB,CAAC,CAAC;AAEvB,YAAA,IAAI,CAAC,OAAO;AAAE,gBAAA,OAAO,IAAI,CAAC;;AAG1B,YAAA,MAAMM,cAAY,GAAG,MAAMF,yBAAY,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;AAE7E,YAAA,IAAI,CAACE,cAAY,EAAE,OAAO,EAAE;;AAE1B,gBAAA,IAAIA,cAAY,EAAE;oBAChB,MAAM,IAAI,CAAC,iBAAiB,CAACA,cAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAC5D,iBAAA;AACD,gBAAA,OAAO,IAAI,CAAC;AACb,aAAA;;AAGD,YAAA,MAAM,SAAS,GAAGR,WAAM,CAAC,GAAG,CAAC,CAAiB,cAAA,EAAA,OAAO,CAAC,QAAQ,CAAE,CAAA,CAAC,CAAC;AAClE,YAAA,IAAI,CAAC,SAAS;AAAE,gBAAA,OAAO,IAAI,CAAC;AAE5B,YAAA,MAAM,IAAI,IAAI,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAgB,CAAC;AACnE,YAAA,IAAI,CAAC,IAAI;AAAE,gBAAA,OAAO,IAAI,CAAC;;YAGvB,MAAM,eAAe,GAAGA,WAAM,CAAC,GAAG,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;AACtE,YAAA,IAAI,eAAe,EAAE;AACnB,gBAAA,MAAMQ,cAAY,CAAC,MAAM,EAAE,CAAC;AAC7B,aAAA;AAAM,iBAAA;AACL,gBAAA,MAAMA,cAAY,CAAC,UAAU,EAAE,CAAC;AACjC,aAAA;;YAGD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE;AACpD,gBAAA,GAAG,UAAU;AACb,gBAAA,QAAQ,EAAEA,cAAY,CAAC,GAAG,CAAC,UAAU,CAAC;AACvC,aAAA,CAAC,CAAC;;YAGHD,qBAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,IAAI,EAAE,YAAY,EAAEC,cAAY,CAAC,CAAC;AAErE,YAAA,OAAO,YAAY,CAAC;AACrB,SAAA;QAAC,MAAM;AACN,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;KACF;AAED;;AAEG;IACI,cAAc,CAAC,cAAsB,EAAE,aAAqB,EAAA;AACjE,QAAA,OAAOC,eAAM,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;KAC9D;AAED;;AAEG;AACI,IAAA,MAAM,YAAY,CAAI,KAAoB,EAAE,IAAS,EAAA;QAC1D,MAAM,EAAE,QAAQ,EAAE,GAAG,SAAS,EAAE,GAAG,IAAI,CAAC;;AAGxC,QAAAF,qBAAU,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAE5C,MAAM,IAAI,IAAI,MAAM,KAAK,CAAC,KAAK,CAAI,SAAS,CAAC,CAAgB,CAAC;QAE9D,IAAI,CAAC,IAAI,EAAE;YACTA,qBAAU,CAAC,IAAI,CAAC,cAAc,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;AAC7D,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;AAED,QAAA,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,EAAE;YACxDA,qBAAU,CAAC,IAAI,CAAC,cAAc,EAAE,SAAS,EAAE,kBAAkB,CAAC,CAAC;AAC/D,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;AAED,QAAA,OAAO,IAAS,CAAC;KAClB;AAED;;;AAGG;AACI,IAAA,MAAM,KAAK,CAChB,KAAoB,EACpB,WAAgB,EAChB,UAAuB,EAAA;QAEvB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAI,KAAK,EAAE,WAAW,CAAC,CAAC;QAE5D,IAAI,CAAC,IAAI,EAAE;AACT,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;;QAG5DA,qBAAU,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;AAE3D,QAAA,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;KACzB;AAED;;AAEG;AACI,IAAA,MAAM,MAAM,CAAC,IAAU,EAAE,YAA2B,EAAA;AACzD,QAAA,IAAI,YAAY,EAAE;AAChB,YAAA,MAAM,YAAY,CAAC,MAAM,EAAE,CAAC;YAC5BA,qBAAU,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC;AAC1D,SAAA;;AAGD,QAAAA,qBAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;KACjC;AAED;;AAEG;AACI,IAAA,MAAM,iBAAiB,CAAC,IAAU,EAAE,KAAa,EAAA;QACtDJ,uBAAW,CAAC,MAAM,CAAC;YACjB,KAAK;YACL,SAAS,EAAE,IAAI,CAAC,EAAE;AACnB,SAAA,CAAC,CAAC;KACJ;AAED;;AAEG;IACI,MAAM,eAAe,CAAC,IAAU,EAAA;;AAErC,QAAA,MAAM,aAAa,GAAG,MAAMG,yBAAY,CAAC,SAAS,EAAE;AACjD,aAAA,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC;AACxB,aAAA,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC;AAChC,aAAA,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC;AACxB,aAAA,GAAG,EAAE,CAAC;AAET,QAAA,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE;AACjC,YAAA,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC;YACrBC,qBAAU,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;AAC/C,SAAA;;QAGD,MAAMJ,uBAAW,CAAC,MAAM,CAAC;YACvB,SAAS,EAAE,IAAI,CAAC,EAAE;YAClB,eAAe,EAAE,IAAI,CAAC,QAAQ;AAC/B,SAAA,CAAC,CAAC;;AAGH,QAAAI,qBAAU,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;KACrC;AAED;;AAEG;IACI,MAAM,iBAAiB,CAAC,QAAgB,EAAA;AAC7C,QAAA,MAAM,MAAM,GAAG,MAAMD,yBAAY,CAAC,SAAS,EAAE;AAC1C,aAAA,KAAK,CAAC,UAAU,EAAE,QAAQ,CAAC;AAC3B,aAAA,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC;AACxB,aAAA,GAAG,EAAE,CAAC;AAET,QAAA,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;AAC1B,YAAA,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC;AACtB,SAAA;;QAGDC,qBAAU,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;KAC1D;AAED;;AAEG;AACI,IAAA,MAAM,oBAAoB,GAAA;QAC/B,MAAM,aAAa,GAAG,MAAMD,yBAAY,CAAC,SAAS,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC;AAE/F,QAAA,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE;AACjC,YAAAC,qBAAU,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;AACxC,YAAA,MAAM,KAAK,CAAC,OAAO,EAAE,CAAC;AACvB,SAAA;;QAGDA,qBAAU,CAAC,IAAI,CAAC,mBAAmB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;QAE3D,OAAO,aAAa,CAAC,MAAM,CAAC;KAC7B;AAED;;AAEG;IACK,MAAM,uBAAuB,CAAC,IAAU,EAAA;QAC9C,MAAM,UAAU,GAAGP,WAAM,CAAC,GAAG,CAAC,6BAA6B,EAAE,CAAC,CAAC,CAAC;AAEhE,QAAA,MAAM,YAAY,GAAG,MAAMM,yBAAY,CAAC,SAAS,EAAE;AAChD,aAAA,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC;AACxB,aAAA,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC;AAChC,aAAA,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC;AACxB,aAAA,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC;AACxB,aAAA,GAAG,EAAE,CAAC;;AAGT,QAAA,IAAI,YAAY,CAAC,MAAM,IAAI,UAAU,EAAE;AACrC,YAAA,MAAM,cAAc,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,CAAC;AACnF,YAAA,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE;AAClC,gBAAA,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC;AACtB,aAAA;AACF,SAAA;KACF;AAED;;AAEG;IACI,MAAM,iBAAiB,CAAC,IAAU,EAAA;QACvC,OAAOA,yBAAY,CAAC,SAAS,EAAE;AAC5B,aAAA,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC;AACxB,aAAA,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC;AAChC,aAAA,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC;aACxB,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC;AACnC,aAAA,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC;AACzB,aAAA,GAAG,EAAE,CAAC;KACV;AACF,CAAA;AAEY,MAAA,WAAW,GAAG,IAAI,WAAW"}

package/cjs/services/generate-jwt-secret.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"generate-jwt-secret.d.ts","sourceRoot":"","sources":["../../src/services/generate-jwt-secret.ts"],"names":[],"mappings":"AAKA,wBAAsB,iBAAiB,kBAwCtC"}
+{"version":3,"file":"generate-jwt-secret.d.ts","sourceRoot":"","sources":["../../src/services/generate-jwt-secret.ts"],"names":[],"mappings":"AAKA,wBAAsB,iBAAiB,kBAmCtC"}

package/cjs/services/generate-jwt-secret.js

@@ -2,15 +2,15 @@
     let envFile = core.rootPath(".env");
     logger.log.info("jwt", "generating", "Generating jwt secret");
     const environmentMode = core.environment();
-    if (!fs.fileExists(envFile)) {
+    if (!(await fs.fileExistsAsync(envFile))) {
         const envFileType = environmentMode === "production" ? ".env.production" : ".env.development";
         envFile = core.rootPath(envFileType);
     }
-    if (!fs.fileExists(envFile)) {
+    if (!(await fs.fileExistsAsync(envFile))) {
         logger.log.error("jwt", "error", ".env file not found");
         return;
     }
-    let contents = fs.getFile(envFile);
+    let contents = await fs.getFileAsync(envFile);
     if (contents.includes("JWT_SECRET")) {
         logger.log.warn("jwt", "exists", "JWT secret already exists in the .env file.");
         return;
@@ -21,6 +21,6 @@
 # JWT Secret
 JWT_SECRET=${key}
 `;
-    fs.putFile(envFile, contents);
+    await fs.putFileAsync(envFile, contents);
     logger.log.success("jwt", "generated", `JWT secret key generated and added to the .env file.`);
 }exports.generateJWTSecret=generateJWTSecret;//# sourceMappingURL=generate-jwt-secret.js.map

package/cjs/services/generate-jwt-secret.js.map

@@ -1 +1 @@
-{"version":3,"file":"generate-jwt-secret.js","sources":["../../src/services/generate-jwt-secret.ts"],"sourcesContent":[null],"names":["rootPath","log","environment","fileExists","getFile","Random","putFile"],"mappings":"iKAKO,eAAe,iBAAiB,GAAA;AACrC,IAAA,IAAI,OAAO,GAAGA,aAAQ,CAAC,MAAM,CAAC,CAAC;IAE/BC,UAAG,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,uBAAuB,CAAC,CAAC;AAEvD,IAAA,MAAM,eAAe,GAAGC,gBAAW,EAAE,CAAC;AAEtC,IAAA,IAAI,CAACC,aAAU,CAAC,OAAO,CAAC,EAAE;AACxB,QAAA,MAAM,WAAW,GACf,eAAe,KAAK,YAAY,GAAG,iBAAiB,GAAG,kBAAkB,CAAC;AAC5E,QAAA,OAAO,GAAGH,aAAQ,CAAC,WAAW,CAAC,CAAC;AACjC,KAAA;AAED,IAAA,IAAI,CAACG,aAAU,CAAC,OAAO,CAAC,EAAE;QACxBF,UAAG,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,qBAAqB,CAAC,CAAC;QACjD,OAAO;AACR,KAAA;AAED,IAAA,IAAI,QAAQ,GAAGG,UAAO,CAAC,OAAO,CAAC,CAAC;AAEhC,IAAA,IAAI,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;QACnCH,UAAG,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,6CAA6C,CAAC,CAAC;QACzE,OAAO;AACR,KAAA;IAED,MAAM,GAAG,GAAGI,qBAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAE9B,IAAA,QAAQ,IAAI,CAAA;;;aAGD,GAAG,CAAA;CACf,CAAC;AAEA,IAAAC,UAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAE3BL,UAAG,CAAC,OAAO,CACT,KAAK,EACL,WAAW,EACX,CAAsD,oDAAA,CAAA,CACvD,CAAC;AACJ"}
+{"version":3,"file":"generate-jwt-secret.js","sources":["../../src/services/generate-jwt-secret.ts"],"sourcesContent":[null],"names":["rootPath","log","environment","fileExistsAsync","getFileAsync","Random","putFileAsync"],"mappings":"iKAKO,eAAe,iBAAiB,GAAA;AACrC,IAAA,IAAI,OAAO,GAAGA,aAAQ,CAAC,MAAM,CAAC,CAAC;IAE/BC,UAAG,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,uBAAuB,CAAC,CAAC;AAEvD,IAAA,MAAM,eAAe,GAAGC,gBAAW,EAAE,CAAC;IAEtC,IAAI,EAAE,MAAMC,kBAAe,CAAC,OAAO,CAAC,CAAC,EAAE;AACrC,QAAA,MAAM,WAAW,GAAG,eAAe,KAAK,YAAY,GAAG,iBAAiB,GAAG,kBAAkB,CAAC;AAC9F,QAAA,OAAO,GAAGH,aAAQ,CAAC,WAAW,CAAC,CAAC;AACjC,KAAA;IAED,IAAI,EAAE,MAAMG,kBAAe,CAAC,OAAO,CAAC,CAAC,EAAE;QACrCF,UAAG,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,qBAAqB,CAAC,CAAC;QACjD,OAAO;AACR,KAAA;AAED,IAAA,IAAI,QAAQ,GAAG,MAAMG,eAAY,CAAC,OAAO,CAAC,CAAC;AAE3C,IAAA,IAAI,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;QACnCH,UAAG,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,6CAA6C,CAAC,CAAC;QACzE,OAAO;AACR,KAAA;IAED,MAAM,GAAG,GAAGI,qBAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAE9B,IAAA,QAAQ,IAAI,CAAA;;;aAGD,GAAG,CAAA;CACf,CAAC;AAEA,IAAA,MAAMC,eAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAEtCL,UAAG,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,CAAsD,oDAAA,CAAA,CAAC,CAAC;AAC1F"}

package/cjs/services/index.d.ts

@@ -1,4 +1,5 @@
-export * from "./generate-guest-token";
+export * from "./auth-events";
+export * from "./auth.service";
 export * from "./generate-jwt-secret";
 export * from "./jwt";
 //# sourceMappingURL=index.d.ts.map

package/cjs/services/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AACvC,cAAc,uBAAuB,CAAC;AACtC,cAAc,OAAO,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,uBAAuB,CAAC;AACtC,cAAc,OAAO,CAAC"}

package/cjs/services/jwt.d.ts

@@ -10,7 +10,7 @@ export declare const jwt: {
      * @param token The JWT token to verify.
      * @returns The decoded token payload if verification is successful.
      */
-    verify(token: string, { key, algorithms, ...options }?: any): Promise<any>;
+    verify<T = any>(token: string, { key, algorithms, ...options }?: any): Promise<T>;
     /**
      * Generate a new refresh token for the user.
      */
@@ -18,6 +18,6 @@ export declare const jwt: {
     /**
      * Verify the given refresh token.
      */
-    verifyRefreshToken(token: string, { key, algorithms, ...options }?: any): Promise<any>;
+    verifyRefreshToken<T_1 = any>(token: string, { key, algorithms, ...options }?: any): Promise<T_1>;
 };
 //# sourceMappingURL=jwt.d.ts.map

package/cjs/services/jwt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../src/services/jwt.ts"],"names":[],"mappings":"AACA,OAAO,EAIL,KAAK,aAAa,EAClB,KAAK,eAAe,EACrB,MAAM,UAAU,CAAC;AAWlB,eAAO,MAAM,GAAG;IACd;;;OAGG;sBAEQ,GAAG,yCAMX,QAAQ,MAAM,CAAC;IAOlB;;;;OAIG;kBAEM,MAAM;IAYf;;OAEG;kCAEQ,GAAG,oDAOX,QAAQ,MAAM,CAAC;IAKlB;;OAEG;8BAEM,MAAM;CAUhB,CAAC"}
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../src/services/jwt.ts"],"names":[],"mappings":"AACA,OAAO,EAIL,KAAK,aAAa,EAClB,KAAK,eAAe,EACrB,MAAM,UAAU,CAAC;AASlB,eAAO,MAAM,GAAG;IACd;;;OAGG;sBAEQ,GAAG,yCAMX,QAAQ,MAAM,CAAC;IAOlB;;;;OAIG;2BAEM,MAAM;IAYf;;OAEG;kCAEQ,GAAG,oDAOX,QAAQ,MAAM,CAAC;IAKlB;;OAEG;yCAEM,MAAM;CAUhB,CAAC"}