@warlock.js/auth 4.0.5 → 4.0.10

package/esm/models/auth.d.ts

@@ -1,18 +1,40 @@
 import type { ChildModel } from "@warlock.js/cascade";
 import { Model } from "@warlock.js/cascade";
+import type { DeviceInfo, TokenPair } from "../contracts/types";
+import type { RefreshToken } from "./refresh-token/refresh-token";
 export declare abstract class Auth extends Model {
     /**
      * Get user type
      */
     abstract get userType(): string;
     /**
-     * Generate jwt token
+     * Get access token payload
+     */
+    accessTokenPayload(): any;
+    /**
+     * Create both access and refresh tokens
+     */
+    createTokenPair(deviceInfo?: DeviceInfo): Promise<TokenPair>;
+    /**
+     * Generate access token
      */
     generateAccessToken(data?: any): Promise<string>;
+    /**
+     * Generate refresh token
+     */
+    generateRefreshToken(deviceInfo?: DeviceInfo): Promise<RefreshToken>;
     /**
      * Remove current access token
      */
     removeAccessToken(token: string): Promise<void>;
+    /**
+     * Revoke all tokens (logout from all devices)
+     */
+    revokeAllTokens(): Promise<void>;
+    /**
+     * Get active sessions
+     */
+    activeSessions(): Promise<RefreshToken[]>;
     /**
      * Attempt to login the user
      */
@@ -20,6 +42,6 @@ export declare abstract class Auth extends Model {
     /**
      * Confirm password
      */
-    confirmPassword(password: string): any;
+    confirmPassword(password: string): boolean;
 }
 //# sourceMappingURL=auth.d.ts.map

package/esm/models/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/models/auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAI5C,8BAAsB,IAAK,SAAQ,KAAK;IACtC;;OAEG;IACH,aAAoB,QAAQ,IAAI,MAAM,CAAC;IAEvC;;OAEG;IACU,mBAAmB,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IA2B7D;;OAEG;IACU,iBAAiB,CAAC,KAAK,EAAE,MAAM;IAO5C;;OAEG;WACiB,OAAO,CAAC,CAAC,EAC3B,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,EACnB,IAAI,EAAE,GAAG,GACR,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC;IAkBpB;;OAEG;IACI,eAAe,CAAC,QAAQ,EAAE,MAAM;CAGxC"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/models/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAC5C,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAEhE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAElE,8BAAsB,IAAK,SAAQ,KAAK;IACtC;;OAEG;IACH,aAAoB,QAAQ,IAAI,MAAM,CAAC;IAEvC;;OAEG;IACI,kBAAkB;IAMzB;;OAEG;IACU,eAAe,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IAIzE;;OAEG;IACU,mBAAmB,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAI7D;;OAEG;IACU,oBAAoB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC;IAIjF;;OAEG;IACU,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5D;;OAEG;IACU,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAI7C;;OAEG;IACU,cAAc,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;IAItD;;OAEG;WACiB,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC;IAIjF;;OAEG;IACI,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;CAGlD"}

package/esm/models/auth.js

@@ -1,59 +1,58 @@
-import {verify}from'@mongez/password';import {Model}from'@warlock.js/cascade';import {jwt}from'../services/jwt.js';import {AccessToken}from'./access-token/access-token.js';import'./access-token/migration.js';class Auth extends Model {
+import {Model}from'@warlock.js/cascade';import'@mongez/events';import {authService}from'../services/auth.service.js';import'@mongez/fs';import'@mongez/reinforcements';import'@warlock.js/core';import'@warlock.js/logger';import'fast-jwt';class Auth extends Model {
     /**
-     * Generate jwt token
+     * Get access token payload
+     */
+    accessTokenPayload() {
+        // Dynamically import to avoid circular dependency
+        const { authService } = require("../services/auth.service");
+        return authService.buildAccessTokenPayload(this);
+    }
+    /**
+     * Create both access and refresh tokens
+     */
+    async createTokenPair(deviceInfo) {
+        return authService.createTokenPair(this, deviceInfo);
+    }
+    /**
+     * Generate access token
      */
     async generateAccessToken(data) {
-        // store the main data in the data object
-        // we need to store the user data in an object
-        // that we'll sue to generate the token
-        // and also it will be saved in the Access Token model under `user` column
-        if (!data) {
-            data = {
-                ...this.only(["id", "_id"]),
-                userType: this.userType,
-                createdAt: Date.now(),
-            };
-        }
-        // use our own jwt generator to generate a token for the guest
-        const token = await jwt.generate(data);
-        // store token and the auth model data in the access token model
-        // note that we didn't make it sync because we don't want to wait for the token to be stored in the database
-        // as nothing depends on it
-        AccessToken.create({
-            token,
-            user: data,
-        });
-        return token;
+        return authService.generateAccessToken(this, data);
+    }
+    /**
+     * Generate refresh token
+     */
+    async generateRefreshToken(deviceInfo) {
+        return authService.createRefreshToken(this, deviceInfo);
     }
     /**
      * Remove current access token
      */
     async removeAccessToken(token) {
-        AccessToken.delete({
-            token: token,
-            "user.id": this.id,
-        });
+        return authService.removeAccessToken(this, token);
+    }
+    /**
+     * Revoke all tokens (logout from all devices)
+     */
+    async revokeAllTokens() {
+        return authService.revokeAllTokens(this);
+    }
+    /**
+     * Get active sessions
+     */
+    async activeSessions() {
+        return authService.getActiveSessions(this);
     }
     /**
      * Attempt to login the user
      */
     static async attempt(data) {
-        // find first user with the given data, but exclude from it the password
-        const { password, ...otherData } = data;
-        const user = (await this.first(otherData));
-        if (!user) {
-            return null;
-        }
-        // now verify the password
-        if (!user.confirmPassword(password)) {
-            return null;
-        }
-        return user;
+        return authService.attemptLogin(this, data);
     }
     /**
      * Confirm password
      */
     confirmPassword(password) {
-        return verify(String(this.get("password")), String(password));
+        return authService.verifyPassword(this.get("password"), password);
     }
 }export{Auth};//# sourceMappingURL=auth.js.map

package/esm/models/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sources":["../../src/models/auth.ts"],"sourcesContent":[null],"names":[],"mappings":"gNAMM,MAAgB,IAAK,SAAQ,KAAK,CAAA;AAMtC;;AAEG;IACI,MAAM,mBAAmB,CAAC,IAAU,EAAA;;;;;QAKzC,IAAI,CAAC,IAAI,EAAE;AACT,YAAA,IAAI,GAAG;gBACL,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;AACvB,gBAAA,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;AACH,SAAA;;QAGD,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;;;;QAKvC,WAAW,CAAC,MAAM,CAAC;YACjB,KAAK;AACL,YAAA,IAAI,EAAE,IAAI;AACX,SAAA,CAAC,CAAC;AAEH,QAAA,OAAO,KAAK,CAAC;KACd;AAED;;AAEG;IACI,MAAM,iBAAiB,CAAC,KAAa,EAAA;QAC1C,WAAW,CAAC,MAAM,CAAC;AACjB,YAAA,KAAK,EAAE,KAAK;YACZ,SAAS,EAAE,IAAI,CAAC,EAAE;AACnB,SAAA,CAAC,CAAC;KACJ;AAED;;AAEG;AACI,IAAA,aAAa,OAAO,CAEzB,IAAS,EAAA;;QAGT,MAAM,EAAE,QAAQ,EAAE,GAAG,SAAS,EAAE,GAAG,IAAI,CAAC;QAExC,MAAM,IAAI,IAAI,MAAM,IAAI,CAAC,KAAK,CAAI,SAAS,CAAC,CAAgB,CAAC;QAE7D,IAAI,CAAC,IAAI,EAAE;AACT,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;;AAGD,QAAA,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE;AACnC,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;AAED,QAAA,OAAO,IAAS,CAAC;KAClB;AAED;;AAEG;AACI,IAAA,eAAe,CAAC,QAAgB,EAAA;AACrC,QAAA,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;KAC/D;AACF"}
+{"version":3,"file":"auth.js","sources":["../../src/models/auth.ts"],"sourcesContent":[null],"names":[],"mappings":"4OAMM,MAAgB,IAAK,SAAQ,KAAK,CAAA;AAMtC;;AAEG;IACI,kBAAkB,GAAA;;QAEvB,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;AAC5D,QAAA,OAAO,WAAW,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;KAClD;AAED;;AAEG;IACI,MAAM,eAAe,CAAC,UAAuB,EAAA;QAClD,OAAO,WAAW,CAAC,eAAe,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KACtD;AAED;;AAEG;IACI,MAAM,mBAAmB,CAAC,IAAU,EAAA;QACzC,OAAO,WAAW,CAAC,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;KACpD;AAED;;AAEG;IACI,MAAM,oBAAoB,CAAC,UAAuB,EAAA;QACvD,OAAO,WAAW,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KACzD;AAED;;AAEG;IACI,MAAM,iBAAiB,CAAC,KAAa,EAAA;QAC1C,OAAO,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;KACnD;AAED;;AAEG;AACI,IAAA,MAAM,eAAe,GAAA;AAC1B,QAAA,OAAO,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;KAC1C;AAED;;AAEG;AACI,IAAA,MAAM,cAAc,GAAA;AACzB,QAAA,OAAO,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;KAC5C;AAED;;AAEG;AACI,IAAA,aAAa,OAAO,CAAyB,IAAS,EAAA;QAC3D,OAAO,WAAW,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;KAC7C;AAED;;AAEG;AACI,IAAA,eAAe,CAAC,QAAgB,EAAA;AACrC,QAAA,OAAO,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,CAAC;KACnE;AACF"}

package/esm/models/casts/cast-password.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cast-password.d.ts","sourceRoot":"","sources":["../../../src/models/casts/cast-password.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAEjD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,OAIpE"}
+{"version":3,"file":"cast-password.d.ts","sourceRoot":"","sources":["../../../src/models/casts/cast-password.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAGjD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,OAIpE"}

package/esm/models/casts/cast-password.js

@@ -1,9 +1,9 @@
-import config from'@mongez/config';import {hash}from'@mongez/password';/**
+import {hash}from'@mongez/password';import {config}from'@warlock.js/core';/**
  * Cast password on model save
  * If the password is not changed, keep it as is
  */
 function castPassword(value, column, model) {
     return value
-        ? hash(String(value), config.get("auth.password.salt", 12))
+        ? hash(String(value), config.key("auth.password.salt", 12))
         : model.getInitial(column);
 }export{castPassword};//# sourceMappingURL=cast-password.js.map

package/esm/models/casts/cast-password.js.map

@@ -1 +1 @@
-{"version":3,"file":"cast-password.js","sources":["../../../src/models/casts/cast-password.ts"],"sourcesContent":[null],"names":[],"mappings":"uEAIA;;;AAGG;SACa,YAAY,CAAC,KAAU,EAAE,MAAc,EAAE,KAAY,EAAA;AACnE,IAAA,OAAO,KAAK;AACV,UAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAC3D,UAAE,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AAC/B"}
+{"version":3,"file":"cast-password.js","sources":["../../../src/models/casts/cast-password.ts"],"sourcesContent":[null],"names":[],"mappings":"0EAIA;;;AAGG;SACa,YAAY,CAAC,KAAU,EAAE,MAAc,EAAE,KAAY,EAAA;AACnE,IAAA,OAAO,KAAK;AACV,UAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAC3D,UAAE,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AAC/B"}

package/esm/models/index.d.ts

@@ -1,5 +1,5 @@
 export * from "./access-token";
 export * from "./auth";
 export * from "./casts";
-export * from "./guest";
+export * from "./refresh-token";
 //# sourceMappingURL=index.d.ts.map

package/esm/models/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/models/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/models/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,iBAAiB,CAAC"}

package/esm/models/refresh-token/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./refresh-token";
+//# sourceMappingURL=index.d.ts.map

package/esm/models/refresh-token/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/models/refresh-token/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC"}

package/esm/models/refresh-token/migration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migration.d.ts","sourceRoot":"","sources":["../../../src/models/refresh-token/migration.ts"],"names":[],"mappings":";AAGA,wBAeG"}

package/esm/models/refresh-token/refresh-token.d.ts

@@ -0,0 +1,32 @@
+import { Model, type Casts } from "@warlock.js/cascade";
+export declare class RefreshToken extends Model {
+    /**
+     * {@inheritDoc}
+     */
+    static collection: string;
+    /**
+     * {@inheritDoc}
+     */
+    protected casts: Casts;
+    /**
+     * Check if token is expired
+     */
+    get isExpired(): boolean;
+    /**
+     * Check if token is revoked
+     */
+    get isRevoked(): boolean;
+    /**
+     * Check if token is valid (not expired and not revoked)
+     */
+    get isValid(): boolean;
+    /**
+     * Revoke this token
+     */
+    revoke(): Promise<this>;
+    /**
+     * Mark token as used (update lastUsedAt)
+     */
+    markAsUsed(): Promise<void>;
+}
+//# sourceMappingURL=refresh-token.d.ts.map

package/esm/models/refresh-token/refresh-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh-token.d.ts","sourceRoot":"","sources":["../../../src/models/refresh-token/refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,KAAK,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAExD,qBAAa,YAAa,SAAQ,KAAK;IACrC;;OAEG;IACH,OAAc,UAAU,SAAmB;IAE3C;;OAEG;IACH,SAAS,CAAC,KAAK,EAAE,KAAK,CASpB;IAEF;;OAEG;IACH,IAAW,SAAS,IAAI,OAAO,CAI9B;IAED;;OAEG;IACH,IAAW,SAAS,IAAI,OAAO,CAE9B;IAED;;OAEG;IACH,IAAW,OAAO,IAAI,OAAO,CAE5B;IAED;;OAEG;IACU,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAIpC;;OAEG;IACU,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAGzC"}

package/esm/models/refresh-token/refresh-token.js

@@ -0,0 +1,52 @@
+import {Model}from'@warlock.js/cascade';class RefreshToken extends Model {
+    /**
+     * {@inheritDoc}
+     */
+    static collection = "refreshTokens";
+    /**
+     * {@inheritDoc}
+     */
+    casts = {
+        token: "string",
+        userId: "int",
+        userType: "string",
+        familyId: "string",
+        expiresAt: "date",
+        lastUsedAt: "date",
+        revokedAt: "date",
+        deviceInfo: "object",
+    };
+    /**
+     * Check if token is expired
+     */
+    get isExpired() {
+        const expiresAt = this.get("expiresAt");
+        if (!expiresAt)
+            return false;
+        return new Date() > new Date(expiresAt);
+    }
+    /**
+     * Check if token is revoked
+     */
+    get isRevoked() {
+        return !!this.get("revokedAt");
+    }
+    /**
+     * Check if token is valid (not expired and not revoked)
+     */
+    get isValid() {
+        return !this.isExpired && !this.isRevoked;
+    }
+    /**
+     * Revoke this token
+     */
+    async revoke() {
+        return this.save({ revokedAt: new Date() });
+    }
+    /**
+     * Mark token as used (update lastUsedAt)
+     */
+    async markAsUsed() {
+        this.silentSaving({ lastUsedAt: new Date() });
+    }
+}export{RefreshToken};//# sourceMappingURL=refresh-token.js.map

package/esm/models/refresh-token/refresh-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh-token.js","sources":["../../../src/models/refresh-token/refresh-token.ts"],"sourcesContent":[null],"names":[],"mappings":"wCAEM,MAAO,YAAa,SAAQ,KAAK,CAAA;AACrC;;AAEG;AACI,IAAA,OAAO,UAAU,GAAG,eAAe,CAAC;AAE3C;;AAEG;AACO,IAAA,KAAK,GAAU;AACvB,QAAA,KAAK,EAAE,QAAQ;AACf,QAAA,MAAM,EAAE,KAAK;AACb,QAAA,QAAQ,EAAE,QAAQ;AAClB,QAAA,QAAQ,EAAE,QAAQ;AAClB,QAAA,SAAS,EAAE,MAAM;AACjB,QAAA,UAAU,EAAE,MAAM;AAClB,QAAA,SAAS,EAAE,MAAM;AACjB,QAAA,UAAU,EAAE,QAAQ;KACrB,CAAC;AAEF;;AAEG;AACH,IAAA,IAAW,SAAS,GAAA;QAClB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AACxC,QAAA,IAAI,CAAC,SAAS;AAAE,YAAA,OAAO,KAAK,CAAC;QAC7B,OAAO,IAAI,IAAI,EAAE,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;KACzC;AAED;;AAEG;AACH,IAAA,IAAW,SAAS,GAAA;QAClB,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;KAChC;AAED;;AAEG;AACH,IAAA,IAAW,OAAO,GAAA;QAChB,OAAO,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;KAC3C;AAED;;AAEG;AACI,IAAA,MAAM,MAAM,GAAA;AACjB,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;KAC7C;AAED;;AAEG;AACI,IAAA,MAAM,UAAU,GAAA;QACrB,IAAI,CAAC,YAAY,CAAC,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;KAC/C;"}

package/esm/services/auth-events.d.ts

@@ -0,0 +1,84 @@
+import { type EventSubscription } from "@mongez/events";
+import type { DeviceInfo, TokenPair } from "../contracts/types";
+import type { Auth } from "../models/auth";
+import type { RefreshToken } from "../models/refresh-token";
+/**
+ * Auth event payload types
+ */
+export type AuthEventPayloads = {
+    "login.success": [user: Auth, tokenPair: TokenPair, deviceInfo?: DeviceInfo];
+    "login.failed": [credentials: {
+        email?: string;
+        username?: string;
+    }, reason: string];
+    "login.attempt": [credentials: {
+        email?: string;
+        username?: string;
+    }];
+    logout: [user: Auth];
+    "logout.all": [user: Auth];
+    "token.created": [user: Auth, tokenPair: TokenPair];
+    "token.refreshed": [user: Auth, newTokenPair: TokenPair, oldRefreshToken: RefreshToken];
+    "token.revoked": [user: Auth, token: RefreshToken];
+    "token.expired": [token: RefreshToken];
+    "token.familyRevoked": [familyId: string, tokens: RefreshToken[]];
+    "password.changed": [user: Auth];
+    "password.resetRequested": [user: Auth, resetToken: string];
+    "password.reset": [user: Auth];
+    "session.created": [user: Auth, refreshToken: RefreshToken, deviceInfo?: DeviceInfo];
+    "session.destroyed": [user: Auth, refreshToken: RefreshToken];
+    "cleanup.completed": [expiredCount: number];
+};
+/**
+ * Auth event names
+ */
+export type AuthEventName = keyof AuthEventPayloads;
+/**
+ * Callback type for a specific event
+ */
+export type AuthEventCallback<T extends AuthEventName> = (...args: AuthEventPayloads[T]) => void | Promise<void>;
+/**
+ * Type-safe auth events manager
+ *
+ * @example
+ * ```typescript
+ * // Subscribe to events with full autocomplete
+ * authEvents.on("login.success", (user, tokenPair, deviceInfo) => {
+ *   console.log(`User ${user.id} logged in`);
+ * });
+ *
+ * authEvents.on("token.refreshed", (user, newPair, oldToken) => {
+ *   console.log(`Token refreshed for user ${user.id}`);
+ * });
+ *
+ * // Trigger events
+ * authEvents.emit("login.success", user, tokenPair, deviceInfo);
+ * ```
+ */
+export declare const authEvents: {
+    /**
+     * Subscribe to an auth event
+     */
+    on<T extends keyof AuthEventPayloads>(event: T, callback: AuthEventCallback<T>): EventSubscription;
+    /**
+     * Subscribe to an auth event (alias for `on`)
+     */
+    subscribe<T_1 extends keyof AuthEventPayloads>(event: T_1, callback: AuthEventCallback<T_1>): EventSubscription;
+    /**
+     * Emit an auth event
+     */
+    emit<T_2 extends keyof AuthEventPayloads>(event: T_2, ...args: AuthEventPayloads[T_2]): void;
+    /**
+     * Emit an auth event (alias for `emit`)
+     */
+    trigger<T_3 extends keyof AuthEventPayloads>(event: T_3, ...args: AuthEventPayloads[T_3]): void;
+    /**
+     * Unsubscribe from all auth events
+     */
+    unsubscribeAll(): void;
+    /**
+     * Unsubscribe from a specific auth event
+     */
+    off(event?: AuthEventName): void;
+};
+//# sourceMappingURL=auth-events.d.ts.map

package/esm/services/auth-events.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-events.d.ts","sourceRoot":"","sources":["../../src/services/auth-events.ts"],"names":[],"mappings":"AAAA,OAAe,EAAE,KAAK,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAChE,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAChE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAE5D;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAE9B,eAAe,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;IAC7E,cAAc,EAAE,CAAC,WAAW,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IACrF,eAAe,EAAE,CAAC,WAAW,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAGtE,MAAM,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACrB,YAAY,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAG3B,eAAe,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IACpD,iBAAiB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,CAAC,CAAC;IACxF,eAAe,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;IACnD,eAAe,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACvC,qBAAqB,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;IAGlE,kBAAkB,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACjC,yBAAyB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAC5D,gBAAgB,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAG/B,iBAAiB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;IACrF,mBAAmB,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;IAG9D,mBAAmB,EAAE,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;CAC7C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC;AAEpD;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,aAAa,IAAI,CACvD,GAAG,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC,KAC1B,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAO1B;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,UAAU;IACrB;;OAEG;qFACoE,iBAAiB;IAIxF;;OAEG;kGAC2E,iBAAiB;IAI/F;;OAEG;4FACqE,IAAI;IAI5E;;OAEG;+FACwE,IAAI;IAI/E;;OAEG;sBACe,IAAI;IAItB;;OAEG;gBACS,aAAa,GAAG,IAAI;CAOjC,CAAC"}

package/esm/services/auth-events.js

@@ -0,0 +1,65 @@
+import events from'@mongez/events';/**
+ * Event namespace prefix for auth events
+ */
+const AUTH_EVENT_PREFIX = "auth.";
+/**
+ * Type-safe auth events manager
+ *
+ * @example
+ * ```typescript
+ * // Subscribe to events with full autocomplete
+ * authEvents.on("login.success", (user, tokenPair, deviceInfo) => {
+ *   console.log(`User ${user.id} logged in`);
+ * });
+ *
+ * authEvents.on("token.refreshed", (user, newPair, oldToken) => {
+ *   console.log(`Token refreshed for user ${user.id}`);
+ * });
+ *
+ * // Trigger events
+ * authEvents.emit("login.success", user, tokenPair, deviceInfo);
+ * ```
+ */
+const authEvents = {
+    /**
+     * Subscribe to an auth event
+     */
+    on(event, callback) {
+        return events.subscribe(AUTH_EVENT_PREFIX + event, callback);
+    },
+    /**
+     * Subscribe to an auth event (alias for `on`)
+     */
+    subscribe(event, callback) {
+        return this.on(event, callback);
+    },
+    /**
+     * Emit an auth event
+     */
+    emit(event, ...args) {
+        events.trigger(AUTH_EVENT_PREFIX + event, ...args);
+    },
+    /**
+     * Emit an auth event (alias for `emit`)
+     */
+    trigger(event, ...args) {
+        this.emit(event, ...args);
+    },
+    /**
+     * Unsubscribe from all auth events
+     */
+    unsubscribeAll() {
+        events.unsubscribeNamespace(AUTH_EVENT_PREFIX.slice(0, -1));
+    },
+    /**
+     * Unsubscribe from a specific auth event
+     */
+    off(event) {
+        if (event) {
+            events.unsubscribe(AUTH_EVENT_PREFIX + event);
+        }
+        else {
+            this.unsubscribeAll();
+        }
+    },
+};export{authEvents};//# sourceMappingURL=auth-events.js.map

package/esm/services/auth-events.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-events.js","sources":["../../src/services/auth-events.ts"],"sourcesContent":[null],"names":[],"mappings":"mCAkDA;;AAEG;AACH,MAAM,iBAAiB,GAAG,OAAO,CAAC;AAElC;;;;;;;;;;;;;;;;;AAiBG;AACU,MAAA,UAAU,GAAG;AACxB;;AAEG;IACH,EAAE,CAA0B,KAAQ,EAAE,QAA8B,EAAA;QAClE,OAAO,MAAM,CAAC,SAAS,CAAC,iBAAiB,GAAG,KAAK,EAAE,QAAoB,CAAC,CAAC;KAC1E;AAED;;AAEG;IACH,SAAS,CAA0B,KAAQ,EAAE,QAA8B,EAAA;QACzE,OAAO,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;KACjC;AAED;;AAEG;AACH,IAAA,IAAI,CAA0B,KAAQ,EAAE,GAAG,IAA0B,EAAA;QACnE,MAAM,CAAC,OAAO,CAAC,iBAAiB,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC;KACpD;AAED;;AAEG;AACH,IAAA,OAAO,CAA0B,KAAQ,EAAE,GAAG,IAA0B,EAAA;QACtE,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC;KAC3B;AAED;;AAEG;IACH,cAAc,GAAA;AACZ,QAAA,MAAM,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;KAC7D;AAED;;AAEG;AACH,IAAA,GAAG,CAAC,KAAqB,EAAA;AACvB,QAAA,IAAI,KAAK,EAAE;AACT,YAAA,MAAM,CAAC,WAAW,CAAC,iBAAiB,GAAG,KAAK,CAAC,CAAC;AAC/C,SAAA;AAAM,aAAA;YACL,IAAI,CAAC,cAAc,EAAE,CAAC;AACvB,SAAA;KACF;"}

package/esm/services/auth.service.d.ts

@@ -0,0 +1,78 @@
+import type { ChildModel } from "@warlock.js/cascade";
+import type { DeviceInfo, TokenPair } from "../contracts/types";
+import type { Auth } from "../models/auth";
+import { RefreshToken } from "../models/refresh-token";
+declare class AuthService {
+    /**
+     * Build access token payload from user
+     */
+    buildAccessTokenPayload(user: Auth): {
+        id: any;
+        _id: any;
+        userType: string;
+        createdAt: number;
+    };
+    /**
+     * Generate access token for user
+     */
+    generateAccessToken(user: Auth, payload?: any): Promise<string>;
+    /**
+     * Create refresh token for user
+     */
+    createRefreshToken(user: Auth, deviceInfo?: DeviceInfo): Promise<RefreshToken>;
+    /**
+     * Create both access and refresh tokens
+     */
+    createTokenPair(user: Auth, deviceInfo?: DeviceInfo): Promise<TokenPair>;
+    /**
+     * Refresh tokens using a refresh token
+     */
+    refreshTokens(refreshTokenString: string, deviceInfo?: DeviceInfo): Promise<TokenPair | null>;
+    /**
+     * Verify password
+     */
+    verifyPassword(hashedPassword: string, plainPassword: string): boolean;
+    /**
+     * Attempt to login user with given credentials
+     */
+    attemptLogin<T>(Model: ChildModel<T>, data: any): Promise<T | null>;
+    /**
+     * Full login flow: validate credentials, create tokens, emit events
+     * Returns token pair on success, null on failure
+     */
+    login<T extends Auth>(Model: ChildModel<T>, credentials: any, deviceInfo?: DeviceInfo): Promise<{
+        user: T;
+        tokens: TokenPair;
+    } | null>;
+    /**
+     * Logout user (revoke specific refresh token)
+     */
+    logout(user: Auth, refreshToken?: RefreshToken): Promise<void>;
+    /**
+     * Remove specific access token
+     */
+    removeAccessToken(user: Auth, token: string): Promise<void>;
+    /**
+     * Revoke all tokens for a user
+     */
+    revokeAllTokens(user: Auth): Promise<void>;
+    /**
+     * Revoke entire token family (for rotation breach detection)
+     */
+    revokeTokenFamily(familyId: string): Promise<void>;
+    /**
+     * Cleanup expired tokens
+     */
+    cleanupExpiredTokens(): Promise<number>;
+    /**
+     * Enforce max refresh tokens per user
+     */
+    private enforceMaxRefreshTokens;
+    /**
+     * Get active sessions for user
+     */
+    getActiveSessions(user: Auth): Promise<RefreshToken[]>;
+}
+export declare const authService: AuthService;
+export {};
+//# sourceMappingURL=auth.service.d.ts.map

package/esm/services/auth.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/services/auth.service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEtD,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAEhE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAKvD,cAAM,WAAW;IACf;;OAEG;IACI,uBAAuB,CAAC,IAAI,EAAE,IAAI;;;;;;IASzC;;OAEG;IACU,mBAAmB,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAiB5E;;OAEG;IACU,kBAAkB,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC;IAsC3F;;OAEG;IACU,eAAe,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IAiBrF;;OAEG;IACU,aAAa,CACxB,kBAAkB,EAAE,MAAM,EAC1B,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAoD5B;;OAEG;IACI,cAAc,CAAC,cAAc,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO;IAI7E;;OAEG;IACU,YAAY,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC;IAqBhF;;;OAGG;IACU,KAAK,CAAC,CAAC,SAAS,IAAI,EAC/B,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,EACpB,WAAW,EAAE,GAAG,EAChB,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC;QAAE,IAAI,EAAE,CAAC,CAAC;QAAC,MAAM,EAAE,SAAS,CAAA;KAAE,GAAG,IAAI,CAAC;IAejD;;OAEG;IACU,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAU3E;;OAEG;IACU,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOxE;;OAEG;IACU,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBvD;;OAEG;IACU,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAc/D;;OAEG;IACU,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC;IAcpD;;OAEG;YACW,uBAAuB;IAmBrC;;OAEG;IACU,iBAAiB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;CASpE;AAED,eAAO,MAAM,WAAW,aAAoB,CAAC"}