@warlock.js/auth 4.0.5 → 4.0.25

package/cjs/commands/auth-cleanup-command.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Register the auth:cleanup CLI command
+ *
+ * @example
+ * ```bash
+ * warlock auth:cleanup
+ * ```
+ */
+export declare function registerAuthCleanupCommand(): any;
+//# sourceMappingURL=auth-cleanup-command.d.ts.map

package/cjs/commands/auth-cleanup-command.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-cleanup-command.d.ts","sourceRoot":"","sources":["../../src/commands/auth-cleanup-command.ts"],"names":[],"mappings":"AAIA;;;;;;;GAOG;AACH,wBAAgB,0BAA0B,QAqBzC"}

package/cjs/commands/auth-cleanup-command.js

@@ -0,0 +1,29 @@
+'use strict';var copper=require('@mongez/copper'),core=require('@warlock.js/core'),auth_service=require('../services/auth.service.js');/**
+ * Register the auth:cleanup CLI command
+ *
+ * @example
+ * ```bash
+ * warlock auth:cleanup
+ * ```
+ */
+function registerAuthCleanupCommand() {
+    return core.command({
+        name: "auth.cleanup",
+        description: "Remove expired refresh tokens from the database",
+        preload: {
+            env: true,
+            config: ["auth", "database"],
+            connectors: ["database"],
+        },
+        action: async () => {
+            console.log(copper.colors.cyan("🧹 Cleaning up expired tokens..."));
+            const count = await auth_service.authService.cleanupExpiredTokens();
+            if (count === 0) {
+                console.log(copper.colors.green("✅ No expired tokens found."));
+            }
+            else {
+                console.log(copper.colors.green(`✅ Removed ${count} expired token(s).`));
+            }
+        },
+    });
+}exports.registerAuthCleanupCommand=registerAuthCleanupCommand;//# sourceMappingURL=auth-cleanup-command.js.map

package/cjs/commands/auth-cleanup-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-cleanup-command.js","sources":["../../src/commands/auth-cleanup-command.ts"],"sourcesContent":[null],"names":["command","colors","authService"],"mappings":"uIAIA;;;;;;;AAOG;SACa,0BAA0B,GAAA;AACxC,IAAA,OAAOA,YAAO,CAAC;AACb,QAAA,IAAI,EAAE,cAAc;AACpB,QAAA,WAAW,EAAE,iDAAiD;AAC9D,QAAA,OAAO,EAAE;AACP,YAAA,GAAG,EAAE,IAAI;AACT,YAAA,MAAM,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC;YAC5B,UAAU,EAAE,CAAC,UAAU,CAAC;AACzB,SAAA;QACD,MAAM,EAAE,YAAW;YACjB,OAAO,CAAC,GAAG,CAACC,aAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,CAAC;AAE7D,YAAA,MAAM,KAAK,GAAG,MAAMC,wBAAW,CAAC,oBAAoB,EAAE,CAAC;YAEvD,IAAI,KAAK,KAAK,CAAC,EAAE;gBACf,OAAO,CAAC,GAAG,CAACD,aAAM,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;AACzD,aAAA;AAAM,iBAAA;AACL,gBAAA,OAAO,CAAC,GAAG,CAACA,aAAM,CAAC,KAAK,CAAC,CAAA,UAAA,EAAa,KAAK,CAAA,kBAAA,CAAoB,CAAC,CAAC,CAAC;AACnE,aAAA;SACF;AACF,KAAA,CAAC,CAAC;AACL"}

package/cjs/commands/jwt-secret-generator-command.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-secret-generator-command.d.ts","sourceRoot":"","sources":["../../src/commands/jwt-secret-generator-command.ts"],"names":[],"mappings":"AAGA,wBAAgB,iCAAiC,QAEhD"}
+{"version":3,"file":"jwt-secret-generator-command.d.ts","sourceRoot":"","sources":["../../src/commands/jwt-secret-generator-command.ts"],"names":[],"mappings":"AAGA,wBAAgB,iCAAiC,QAMhD"}

package/cjs/commands/jwt-secret-generator-command.js

@@ -1,3 +1,7 @@
 'use strict';var core=require('@warlock.js/core'),generateJwtSecret=require('../services/generate-jwt-secret.js');function registerJWTSecretGeneratorCommand() {
-    return core.command("jwt.generate").action(generateJwtSecret.generateJWTSecret);
+    return core.command({
+        name: "jwt.generate",
+        description: "Generate JWT Secret key in .env file",
+        action: generateJwtSecret.generateJWTSecret,
+    });
 }exports.registerJWTSecretGeneratorCommand=registerJWTSecretGeneratorCommand;//# sourceMappingURL=jwt-secret-generator-command.js.map

package/cjs/commands/jwt-secret-generator-command.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-secret-generator-command.js","sources":["../../src/commands/jwt-secret-generator-command.ts"],"sourcesContent":[null],"names":["command","generateJWTSecret"],"mappings":"2HAGgB,iCAAiC,GAAA;IAC/C,OAAOA,YAAO,CAAC,cAAc,CAAC,CAAC,MAAM,CAACC,mCAAiB,CAAC,CAAC;AAC3D"}
+{"version":3,"file":"jwt-secret-generator-command.js","sources":["../../src/commands/jwt-secret-generator-command.ts"],"sourcesContent":[null],"names":["command","generateJWTSecret"],"mappings":"2HAGgB,iCAAiC,GAAA;AAC/C,IAAA,OAAOA,YAAO,CAAC;AACb,QAAA,IAAI,EAAE,cAAc;AACpB,QAAA,WAAW,EAAE,sCAAsC;AACnD,QAAA,MAAM,EAAEC,mCAAiB;AAC1B,KAAA,CAAC,CAAC;AACL"}

package/cjs/contracts/types.d.ts

@@ -1,5 +1,26 @@
 import { type Algorithm } from "fast-jwt";
 import type { Auth } from "../models/auth";
+import type { Duration, ExpiresIn } from "../utils/duration";
+/**
+ * Symbol to indicate no expiration for tokens
+ * Use this when you explicitly want tokens to never expire
+ *
+ * @example
+ * ```typescript
+ * // src/config/auth.ts
+ * import { NO_EXPIRATION, type AuthConfigurations } from "@warlock.js/auth";
+ *
+ * const authConfigurations: AuthConfigurations = {
+ *   jwt: {
+ *     secret: env("JWT_SECRET"),
+ *     expiresIn: NO_EXPIRATION,  // Token never expires
+ *   },
+ * };
+ *
+ * export default authConfigurations;
+ * ```
+ */
+export declare const NO_EXPIRATION: unique symbol;
 export type AuthConfigurations = {
     /**
      * Define all user types
@@ -12,11 +33,50 @@ export type AuthConfigurations = {
      * JWT configurations
      */
     jwt: {
+        /**
+         * JWT secret key for signing access tokens
+         */
         secret: string;
+        /**
+         * JWT algorithm
+         * @default "HS256"
+         */
         algorithm?: Algorithm;
+        /**
+         * Access token expiration time
+         * Supports Duration object, string format, or NO_EXPIRATION
+         * @example { hours: 1 }, { days: 7, hours: 12 }, "1h", "1d 2h", NO_EXPIRATION
+         * @default { hours: 1 }
+         */
+        expiresIn?: ExpiresIn;
+        /**
+         * Refresh token configurations
+         */
         refresh?: {
+            /**
+             * Separate secret for refresh tokens (recommended for security)
+             * If not provided, falls back to main JWT secret
+             */
             secret?: string;
-            expiresIn?: number | string;
+            /**
+             * Refresh token expiration time
+             * Supports Duration object or string format
+             * @example { days: 7 }, { weeks: 1 }, "7d", "1w"
+             * @default { days: 7 }
+             */
+            expiresIn?: Duration | string | number;
+            /**
+             * Enable token rotation (issue new refresh token on each use)
+             * Old refresh token is invalidated after use
+             * @default true
+             */
+            rotation?: boolean;
+            /**
+             * Maximum number of active refresh tokens per user
+             * When exceeded, oldest tokens are revoked
+             * @default 5
+             */
+            maxPerUser?: number;
         };
     };
     /**
@@ -32,4 +92,43 @@ export type AuthConfigurations = {
         salt?: number;
     };
 };
+/**
+ * Token pair returned after login or token refresh
+ */
+export type TokenPair = {
+    /**
+     * JWT access token (short-lived)
+     */
+    accessToken: string;
+    /**
+     * JWT refresh token (long-lived)
+     */
+    refreshToken: string;
+    /**
+     * Access token expiration time in seconds or time string
+     */
+    expiresIn: number | string;
+};
+/**
+ * Device information for session tracking
+ */
+export type DeviceInfo = {
+    /**
+     * User agent string from request
+     */
+    userAgent?: string;
+    /**
+     * Client IP address
+     */
+    ip?: string;
+    /**
+     * Optional device identifier
+     */
+    deviceId?: string;
+    /**
+     * Token family ID (for rotation tracking)
+     * @internal
+     */
+    familyId?: string;
+};
 //# sourceMappingURL=types.d.ts.map

package/cjs/contracts/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/contracts/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAE3C,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;OAGG;IACH,QAAQ,EAAE;QACR,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,IAAI,CAAC;KACjC,CAAC;IACF;;OAEG;IACH,GAAG,EAAE;QACH,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB,OAAO,CAAC,EAAE;YACR,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;SAC7B,CAAC;KACH,CAAC;IACF;;OAEG;IACH,QAAQ,CAAC,EAAE;QACT;;;;;WAKG;QACH,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/contracts/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE7D;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,aAAa,eAA0B,CAAC;AAErD,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;OAGG;IACH,QAAQ,EAAE;QACR,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,IAAI,CAAC;KACjC,CAAC;IACF;;OAEG;IACH,GAAG,EAAE;QACH;;WAEG;QACH,MAAM,EAAE,MAAM,CAAC;QACf;;;WAGG;QACH,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB;;;;;WAKG;QACH,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB;;WAEG;QACH,OAAO,CAAC,EAAE;YACR;;;eAGG;YACH,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB;;;;;eAKG;YACH,SAAS,CAAC,EAAE,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC;YACvC;;;;eAIG;YACH,QAAQ,CAAC,EAAE,OAAO,CAAC;YACnB;;;;eAIG;YACH,UAAU,CAAC,EAAE,MAAM,CAAC;SACrB,CAAC;KACH,CAAC;IACF;;OAEG;IACH,QAAQ,CAAC,EAAE;QACT;;;;;WAKG;QACH,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG;IACtB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;OAEG;IACH,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC"}

package/cjs/contracts/types.js

@@ -0,0 +1,20 @@
+'use strict';/**
+ * Symbol to indicate no expiration for tokens
+ * Use this when you explicitly want tokens to never expire
+ *
+ * @example
+ * ```typescript
+ * // src/config/auth.ts
+ * import { NO_EXPIRATION, type AuthConfigurations } from "@warlock.js/auth";
+ *
+ * const authConfigurations: AuthConfigurations = {
+ *   jwt: {
+ *     secret: env("JWT_SECRET"),
+ *     expiresIn: NO_EXPIRATION,  // Token never expires
+ *   },
+ * };
+ *
+ * export default authConfigurations;
+ * ```
+ */
+const NO_EXPIRATION = Symbol("NO_EXPIRATION");exports.NO_EXPIRATION=NO_EXPIRATION;//# sourceMappingURL=types.js.map

package/cjs/contracts/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sources":["../../src/contracts/types.ts"],"sourcesContent":[null],"names":[],"mappings":"aAIA;;;;;;;;;;;;;;;;;;AAkBG;MACU,aAAa,GAAG,MAAM,CAAC,eAAe"}

package/cjs/index.d.ts

@@ -1,7 +1,8 @@
+export * from "./commands/auth-cleanup-command";
 export * from "./commands/jwt-secret-generator-command";
 export * from "./contracts";
-export * from "./controllers";
 export * from "./middleware";
 export * from "./models";
 export * from "./services";
+export * from "./utils";
 //# sourceMappingURL=index.d.ts.map

package/cjs/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,yCAAyC,CAAC;AACxD,cAAc,aAAa,CAAC;AAC5B,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,cAAc,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iCAAiC,CAAC;AAChD,cAAc,yCAAyC,CAAC;AACxD,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,cAAc,YAAY,CAAC;AAC3B,cAAc,SAAS,CAAC"}

package/cjs/index.js

@@ -1 +1 @@
-'use strict';var jwtSecretGeneratorCommand=require('./commands/jwt-secret-generator-command.js'),guestLogin=require('./controllers/guest-login.js'),auth_middleware=require('./middleware/auth.middleware.js'),accessToken=require('./models/access-token/access-token.js');require('./models/access-token/migration.js');var auth=require('./models/auth.js'),castPassword=require('./models/casts/cast-password.js'),guest=require('./models/guest/guest.js');require('./models/guest/migration.js');var generateGuestToken=require('./services/generate-guest-token.js'),generateJwtSecret=require('./services/generate-jwt-secret.js'),jwt=require('./services/jwt.js');exports.registerJWTSecretGeneratorCommand=jwtSecretGeneratorCommand.registerJWTSecretGeneratorCommand;exports.guestLogin=guestLogin.guestLogin;exports.authMiddleware=auth_middleware.authMiddleware;exports.AccessToken=accessToken.AccessToken;exports.Auth=auth.Auth;exports.castPassword=castPassword.castPassword;exports.Guest=guest.Guest;exports.generateGuestToken=generateGuestToken.generateGuestToken;exports.generateJWTSecret=generateJwtSecret.generateJWTSecret;exports.jwt=jwt.jwt;//# sourceMappingURL=index.js.map
+'use strict';var authCleanupCommand=require('./commands/auth-cleanup-command.js'),jwtSecretGeneratorCommand=require('./commands/jwt-secret-generator-command.js'),types=require('./contracts/types.js'),auth_middleware=require('./middleware/auth.middleware.js'),accessToken=require('./models/access-token/access-token.js');require('./models/access-token/migration.js');var auth=require('./models/auth.js'),castPassword=require('./models/casts/cast-password.js'),refreshToken=require('./models/refresh-token/refresh-token.js'),authEvents=require('./services/auth-events.js'),auth_service=require('./services/auth.service.js'),generateJwtSecret=require('./services/generate-jwt-secret.js'),jwt=require('./services/jwt.js'),authErrorCodes=require('./utils/auth-error-codes.js'),duration=require('./utils/duration.js');exports.registerAuthCleanupCommand=authCleanupCommand.registerAuthCleanupCommand;exports.registerJWTSecretGeneratorCommand=jwtSecretGeneratorCommand.registerJWTSecretGeneratorCommand;exports.NO_EXPIRATION=types.NO_EXPIRATION;exports.authMiddleware=auth_middleware.authMiddleware;exports.AccessToken=accessToken.AccessToken;exports.Auth=auth.Auth;exports.castPassword=castPassword.castPassword;exports.RefreshToken=refreshToken.RefreshToken;exports.authEvents=authEvents.authEvents;exports.authService=auth_service.authService;exports.generateJWTSecret=generateJwtSecret.generateJWTSecret;exports.jwt=jwt.jwt;Object.defineProperty(exports,'AuthErrorCodes',{enumerable:true,get:function(){return authErrorCodes.AuthErrorCodes}});exports.parseExpirationToMs=duration.parseExpirationToMs;exports.toJwtExpiresIn=duration.toJwtExpiresIn;//# sourceMappingURL=index.js.map

package/cjs/middleware/auth.middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.middleware.d.ts","sourceRoot":"","sources":["../../src/middleware/auth.middleware.ts"],"names":[],"mappings":"AAMA,wBAAgB,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,cAqHjE"}
+{"version":3,"file":"auth.middleware.d.ts","sourceRoot":"","sources":["../../src/middleware/auth.middleware.ts"],"names":[],"mappings":"AAMA,wBAAgB,cAAc,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,cAuFjE"}

package/cjs/middleware/auth.middleware.js

@@ -1,4 +1,4 @@
-'use strict';var config=require('@mongez/config'),logger=require('@warlock.js/logger'),accessToken=require('../models/access-token/access-token.js');require('../models/access-token/migration.js');var jwt=require('../services/jwt.js');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}var config__default=/*#__PURE__*/_interopDefault(config);function authMiddleware(allowedUserType) {
+'use strict';var core=require('@warlock.js/core'),logger=require('@warlock.js/logger'),accessToken=require('../models/access-token/access-token.js');require('../models/access-token/migration.js');var jwt=require('../services/jwt.js'),authErrorCodes=require('../utils/auth-error-codes.js');function authMiddleware(allowedUserType) {
     const allowedTypes = !allowedUserType
         ? []
         : Array.isArray(allowedUserType)
@@ -11,20 +11,22 @@
                 return;
             if (!authorizationValue) {
                 return response.unauthorized({
-                    // TODO: translate this message
-                    error: "Unauthorized: Access Token is missing",
+                    error: core.t("auth.errors.missingAccessToken"),
+                    errorCode: authErrorCodes.AuthErrorCodes.MissingAccessToken,
                 });
             }
             // get current user jwt
             const user = await jwt.jwt.verify(authorizationValue);
+            // store decoded access token object in request object
+            request.decodedAccessToken = user;
             // use our own jwt verify to verify the token
             const accessToken$1 = await accessToken.AccessToken.first({
                 token: authorizationValue,
             });
             if (!accessToken$1) {
                 return response.unauthorized({
-                    // TODO: translate this message
-                    error: "Unauthorized: Invalid Access Token",
+                    error: core.t("auth.errors.invalidAccessToken"),
+                    errorCode: authErrorCodes.AuthErrorCodes.InvalidAccessToken,
                 });
             }
             // now, we need to get an instance of user using its corresponding model
@@ -32,14 +34,13 @@
             // check if the user type is allowed
             if (allowedTypes.length && !allowedTypes.includes(userType)) {
                 return response.unauthorized({
-                    // TODO: translate this message
-                    error: "You are not allowed to access this resource",
+                    error: core.t("auth.errors.unauthorized"),
+                    errorCode: authErrorCodes.AuthErrorCodes.Unauthorized,
                 });
             }
             // get user model class
-            const UserModel = config__default.default.get(`auth.userType.${userType}`);
+            const UserModel = core.config.key(`auth.userType.${userType}`);
             if (!UserModel) {
-                // TODO: translate this message
                 throw new Error(`User type ${userType} is unknown type.`);
             }
             // get user model instance
@@ -47,8 +48,8 @@
             if (!currentUser) {
                 accessToken$1.destroy();
                 return response.unauthorized({
-                    // TODO: translate this message
-                    error: "Unauthorized: Invalid Access Token",
+                    error: core.t("auth.errors.invalidAccessToken"),
+                    errorCode: authErrorCodes.AuthErrorCodes.InvalidAccessToken,
                 });
             }
             // update last access
@@ -63,34 +64,10 @@
             // unset current user
             request.clearCurrentUser();
             return response.unauthorized({
-                // TODO: translate this message
-                error: "Unauthorized: Invalid Access Token",
+                error: core.t("auth.errors.invalidAccessToken"),
+                errorCode: authErrorCodes.AuthErrorCodes.InvalidAccessToken,
             });
         }
     };
-    if (allowedUserType) {
-        const userAccessTokenKey = `${allowedUserType}AccessToken`;
-        const userAccessTokenKeyNameHeader = `${allowedUserType}AccessTokenHeader`;
-        auth.postman = {
-            onCollectingVariables(variables) {
-                if (variables.find(variable => variable.key === userAccessTokenKeyNameHeader))
-                    return;
-                variables.push({
-                    key: userAccessTokenKey,
-                    value: "YOUR_TOKEN_HERE",
-                });
-                variables.push({
-                    key: userAccessTokenKeyNameHeader,
-                    value: `Bearer {{${userAccessTokenKey}}}`,
-                });
-            },
-            onAddingRequest({ request }) {
-                request.header.push({
-                    key: "Authorization",
-                    value: `{{${userAccessTokenKeyNameHeader}}}`,
-                });
-            },
-        };
-    }
     return auth;
 }exports.authMiddleware=authMiddleware;//# sourceMappingURL=auth.middleware.js.map

package/cjs/middleware/auth.middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.middleware.js","sources":["../../src/middleware/auth.middleware.ts"],"sourcesContent":[null],"names":["jwt","accessToken","AccessToken","config","log"],"mappings":"oWAMM,SAAU,cAAc,CAAC,eAAmC,EAAA;IAChE,MAAM,YAAY,GAAG,CAAC,eAAe;AACnC,UAAE,EAAE;AACJ,UAAE,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC;AAC9B,cAAE,eAAe;AACjB,cAAE,CAAC,eAAe,CAAC,CAAC;IAExB,MAAM,IAAI,GAAe,OAAO,OAAgB,EAAE,QAAkB,KAAI;QACtE,IAAI;AACF,YAAA,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;AAEtD,YAAA,IAAI,CAAC,YAAY,CAAC,MAAM,IAAI,CAAC,kBAAkB;gBAAE,OAAO;YAExD,IAAI,CAAC,kBAAkB,EAAE;gBACvB,OAAO,QAAQ,CAAC,YAAY,CAAC;;AAE3B,oBAAA,KAAK,EAAE,uCAAuC;AAC/C,iBAAA,CAAC,CAAC;AACJ,aAAA;;YAGD,MAAM,IAAI,GAAG,MAAMA,OAAG,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;;AAGlD,YAAA,MAAMC,aAAW,GAAG,MAAMC,uBAAW,CAAC,KAAK,CAAC;AAC1C,gBAAA,KAAK,EAAE,kBAAkB;AAC1B,aAAA,CAAC,CAAC;YAEH,IAAI,CAACD,aAAW,EAAE;gBAChB,OAAO,QAAQ,CAAC,YAAY,CAAC;;AAE3B,oBAAA,KAAK,EAAE,oCAAoC;AAC5C,iBAAA,CAAC,CAAC;AACJ,aAAA;;AAGD,YAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAIA,aAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;;YAG9D,IAAI,YAAY,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBAC3D,OAAO,QAAQ,CAAC,YAAY,CAAC;;AAE3B,oBAAA,KAAK,EAAE,6CAA6C;AACrD,iBAAA,CAAC,CAAC;AACJ,aAAA;;YAGD,MAAM,SAAS,GAAGE,uBAAM,CAAC,GAAG,CAAC,CAAiB,cAAA,EAAA,QAAQ,CAAE,CAAA,CAAC,CAAC;YAE1D,IAAI,CAAC,SAAS,EAAE;;AAEd,gBAAA,MAAM,IAAI,KAAK,CAAC,aAAa,QAAQ,CAAA,iBAAA,CAAmB,CAAC,CAAC;AAC3D,aAAA;;YAGD,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAElD,IAAI,CAAC,WAAW,EAAE;gBAChBF,aAAW,CAAC,OAAO,EAAE,CAAC;gBACtB,OAAO,QAAQ,CAAC,YAAY,CAAC;;AAE3B,oBAAA,KAAK,EAAE,oCAAoC;AAC5C,iBAAA,CAAC,CAAC;AACJ,aAAA;;YAGDA,aAAW,CAAC,YAAY,CAAC;gBACvB,UAAU,EAAE,IAAI,IAAI,EAAE;AACvB,aAAA,CAAC,CAAC;;AAGH,YAAA,OAAO,CAAC,IAAI,GAAG,WAAW,CAAC;AAC5B,SAAA;AAAC,QAAA,OAAO,GAAQ,EAAE;YACjBG,UAAG,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;;YAG/B,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAE3B,OAAO,QAAQ,CAAC,YAAY,CAAC;;AAE3B,gBAAA,KAAK,EAAE,oCAAoC;AAC5C,aAAA,CAAC,CAAC;AACJ,SAAA;AACH,KAAC,CAAC;AAEF,IAAA,IAAI,eAAe,EAAE;AACnB,QAAA,MAAM,kBAAkB,GAAG,CAAG,EAAA,eAAe,aAAa,CAAC;AAC3D,QAAA,MAAM,4BAA4B,GAAG,CAAG,EAAA,eAAe,mBAAmB,CAAC;QAC3E,IAAI,CAAC,OAAO,GAAG;AACb,YAAA,qBAAqB,CAAC,SAAS,EAAA;AAC7B,gBAAA,IACE,SAAS,CAAC,IAAI,CACZ,QAAQ,IAAI,QAAQ,CAAC,GAAG,KAAK,4BAA4B,CAC1D;oBAED,OAAO;gBAET,SAAS,CAAC,IAAI,CAAC;AACb,oBAAA,GAAG,EAAE,kBAAkB;AACvB,oBAAA,KAAK,EAAE,iBAAiB;AACzB,iBAAA,CAAC,CAAC;gBAEH,SAAS,CAAC,IAAI,CAAC;AACb,oBAAA,GAAG,EAAE,4BAA4B;oBACjC,KAAK,EAAE,CAAY,SAAA,EAAA,kBAAkB,CAAI,EAAA,CAAA;AAC1C,iBAAA,CAAC,CAAC;aACJ;YACD,eAAe,CAAC,EAAE,OAAO,EAAE,EAAA;AACzB,gBAAA,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC;AAClB,oBAAA,GAAG,EAAE,eAAe;oBACpB,KAAK,EAAE,CAAK,EAAA,EAAA,4BAA4B,CAAI,EAAA,CAAA;AAC7C,iBAAA,CAAC,CAAC;aACJ;SACF,CAAC;AACH,KAAA;AAED,IAAA,OAAO,IAAI,CAAC;AACd"}
+{"version":3,"file":"auth.middleware.js","sources":["../../src/middleware/auth.middleware.ts"],"sourcesContent":[null],"names":["t","AuthErrorCodes","jwt","accessToken","AccessToken","config","log"],"mappings":"iSAMM,SAAU,cAAc,CAAC,eAAmC,EAAA;IAChE,MAAM,YAAY,GAAG,CAAC,eAAe;AACnC,UAAE,EAAE;AACJ,UAAE,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC;AAC9B,cAAE,eAAe;AACjB,cAAE,CAAC,eAAe,CAAC,CAAC;IAExB,MAAM,IAAI,GAAe,OAAO,OAAgB,EAAE,QAAkB,KAAI;QACtE,IAAI;AACF,YAAA,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;AAEtD,YAAA,IAAI,CAAC,YAAY,CAAC,MAAM,IAAI,CAAC,kBAAkB;gBAAE,OAAO;YAExD,IAAI,CAAC,kBAAkB,EAAE;gBACvB,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,oBAAA,KAAK,EAAEA,MAAC,CAAC,gCAAgC,CAAC;oBAC1C,SAAS,EAAEC,6BAAc,CAAC,kBAAkB;AAC7C,iBAAA,CAAC,CAAC;AACJ,aAAA;;YAGD,MAAM,IAAI,GAAG,MAAMC,OAAG,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;;AAGlD,YAAA,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;;AAElC,YAAA,MAAMC,aAAW,GAAG,MAAMC,uBAAW,CAAC,KAAK,CAAC;AAC1C,gBAAA,KAAK,EAAE,kBAAkB;AAC1B,aAAA,CAAC,CAAC;YAEH,IAAI,CAACD,aAAW,EAAE;gBAChB,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,oBAAA,KAAK,EAAEH,MAAC,CAAC,gCAAgC,CAAC;oBAC1C,SAAS,EAAEC,6BAAc,CAAC,kBAAkB;AAC7C,iBAAA,CAAC,CAAC;AACJ,aAAA;;AAGD,YAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAIE,aAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;;YAG9D,IAAI,YAAY,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBAC3D,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,oBAAA,KAAK,EAAEH,MAAC,CAAC,0BAA0B,CAAC;oBACpC,SAAS,EAAEC,6BAAc,CAAC,YAAY;AACvC,iBAAA,CAAC,CAAC;AACJ,aAAA;;YAGD,MAAM,SAAS,GAAGI,WAAM,CAAC,GAAG,CAAC,CAAiB,cAAA,EAAA,QAAQ,CAAE,CAAA,CAAC,CAAC;YAE1D,IAAI,CAAC,SAAS,EAAE;AACd,gBAAA,MAAM,IAAI,KAAK,CAAC,aAAa,QAAQ,CAAA,iBAAA,CAAmB,CAAC,CAAC;AAC3D,aAAA;;YAGD,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAElD,IAAI,CAAC,WAAW,EAAE;gBAChBF,aAAW,CAAC,OAAO,EAAE,CAAC;gBACtB,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,oBAAA,KAAK,EAAEH,MAAC,CAAC,gCAAgC,CAAC;oBAC1C,SAAS,EAAEC,6BAAc,CAAC,kBAAkB;AAC7C,iBAAA,CAAC,CAAC;AACJ,aAAA;;YAGDE,aAAW,CAAC,YAAY,CAAC;gBACvB,UAAU,EAAE,IAAI,IAAI,EAAE;AACvB,aAAA,CAAC,CAAC;;AAGH,YAAA,OAAO,CAAC,IAAI,GAAG,WAAW,CAAC;AAC5B,SAAA;AAAC,QAAA,OAAO,GAAQ,EAAE;YACjBG,UAAG,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;;YAG/B,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAE3B,OAAO,QAAQ,CAAC,YAAY,CAAC;AAC3B,gBAAA,KAAK,EAAEN,MAAC,CAAC,gCAAgC,CAAC;gBAC1C,SAAS,EAAEC,6BAAc,CAAC,kBAAkB;AAC7C,aAAA,CAAC,CAAC;AACJ,SAAA;AACH,KAAC,CAAC;AAEF,IAAA,OAAO,IAAI,CAAC;AACd"}

package/cjs/models/auth.d.ts

@@ -1,18 +1,40 @@
 import type { ChildModel } from "@warlock.js/cascade";
 import { Model } from "@warlock.js/cascade";
+import type { DeviceInfo, TokenPair } from "../contracts/types";
+import type { RefreshToken } from "./refresh-token/refresh-token";
 export declare abstract class Auth extends Model {
     /**
      * Get user type
      */
     abstract get userType(): string;
     /**
-     * Generate jwt token
+     * Get access token payload
+     */
+    accessTokenPayload(): any;
+    /**
+     * Create both access and refresh tokens
+     */
+    createTokenPair(deviceInfo?: DeviceInfo): Promise<TokenPair>;
+    /**
+     * Generate access token
      */
     generateAccessToken(data?: any): Promise<string>;
+    /**
+     * Generate refresh token
+     */
+    generateRefreshToken(deviceInfo?: DeviceInfo): Promise<RefreshToken>;
     /**
      * Remove current access token
      */
     removeAccessToken(token: string): Promise<void>;
+    /**
+     * Revoke all tokens (logout from all devices)
+     */
+    revokeAllTokens(): Promise<void>;
+    /**
+     * Get active sessions
+     */
+    activeSessions(): Promise<RefreshToken[]>;
     /**
      * Attempt to login the user
      */
@@ -20,6 +42,6 @@ export declare abstract class Auth extends Model {
     /**
      * Confirm password
      */
-    confirmPassword(password: string): any;
+    confirmPassword(password: string): boolean;
 }
 //# sourceMappingURL=auth.d.ts.map

package/cjs/models/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/models/auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAI5C,8BAAsB,IAAK,SAAQ,KAAK;IACtC;;OAEG;IACH,aAAoB,QAAQ,IAAI,MAAM,CAAC;IAEvC;;OAEG;IACU,mBAAmB,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IA2B7D;;OAEG;IACU,iBAAiB,CAAC,KAAK,EAAE,MAAM;IAO5C;;OAEG;WACiB,OAAO,CAAC,CAAC,EAC3B,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,EACnB,IAAI,EAAE,GAAG,GACR,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC;IAkBpB;;OAEG;IACI,eAAe,CAAC,QAAQ,EAAE,MAAM;CAGxC"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/models/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAC5C,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAEhE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAElE,8BAAsB,IAAK,SAAQ,KAAK;IACtC;;OAEG;IACH,aAAoB,QAAQ,IAAI,MAAM,CAAC;IAEvC;;OAEG;IACI,kBAAkB;IAMzB;;OAEG;IACU,eAAe,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IAIzE;;OAEG;IACU,mBAAmB,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAI7D;;OAEG;IACU,oBAAoB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC;IAIjF;;OAEG;IACU,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5D;;OAEG;IACU,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAI7C;;OAEG;IACU,cAAc,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;IAItD;;OAEG;WACiB,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC;IAIjF;;OAEG;IACI,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;CAGlD"}

package/cjs/models/auth.js

@@ -1,59 +1,58 @@
-'use strict';var password=require('@mongez/password'),cascade=require('@warlock.js/cascade'),jwt=require('../services/jwt.js'),accessToken=require('./access-token/access-token.js');require('./access-token/migration.js');class Auth extends cascade.Model {
+'use strict';var cascade=require('@warlock.js/cascade');require('@mongez/events');var auth_service=require('../services/auth.service.js');require('@mongez/fs'),require('@mongez/reinforcements'),require('@warlock.js/core'),require('@warlock.js/logger'),require('fast-jwt');class Auth extends cascade.Model {
     /**
-     * Generate jwt token
+     * Get access token payload
+     */
+    accessTokenPayload() {
+        // Dynamically import to avoid circular dependency
+        const { authService } = require("../services/auth.service");
+        return authService.buildAccessTokenPayload(this);
+    }
+    /**
+     * Create both access and refresh tokens
+     */
+    async createTokenPair(deviceInfo) {
+        return auth_service.authService.createTokenPair(this, deviceInfo);
+    }
+    /**
+     * Generate access token
      */
     async generateAccessToken(data) {
-        // store the main data in the data object
-        // we need to store the user data in an object
-        // that we'll sue to generate the token
-        // and also it will be saved in the Access Token model under `user` column
-        if (!data) {
-            data = {
-                ...this.only(["id", "_id"]),
-                userType: this.userType,
-                createdAt: Date.now(),
-            };
-        }
-        // use our own jwt generator to generate a token for the guest
-        const token = await jwt.jwt.generate(data);
-        // store token and the auth model data in the access token model
-        // note that we didn't make it sync because we don't want to wait for the token to be stored in the database
-        // as nothing depends on it
-        accessToken.AccessToken.create({
-            token,
-            user: data,
-        });
-        return token;
+        return auth_service.authService.generateAccessToken(this, data);
+    }
+    /**
+     * Generate refresh token
+     */
+    async generateRefreshToken(deviceInfo) {
+        return auth_service.authService.createRefreshToken(this, deviceInfo);
     }
     /**
      * Remove current access token
      */
     async removeAccessToken(token) {
-        accessToken.AccessToken.delete({
-            token: token,
-            "user.id": this.id,
-        });
+        return auth_service.authService.removeAccessToken(this, token);
+    }
+    /**
+     * Revoke all tokens (logout from all devices)
+     */
+    async revokeAllTokens() {
+        return auth_service.authService.revokeAllTokens(this);
+    }
+    /**
+     * Get active sessions
+     */
+    async activeSessions() {
+        return auth_service.authService.getActiveSessions(this);
     }
     /**
      * Attempt to login the user
      */
     static async attempt(data) {
-        // find first user with the given data, but exclude from it the password
-        const { password, ...otherData } = data;
-        const user = (await this.first(otherData));
-        if (!user) {
-            return null;
-        }
-        // now verify the password
-        if (!user.confirmPassword(password)) {
-            return null;
-        }
-        return user;
+        return auth_service.authService.attemptLogin(this, data);
     }
     /**
      * Confirm password
      */
-    confirmPassword(password$1) {
-        return password.verify(String(this.get("password")), String(password$1));
+    confirmPassword(password) {
+        return auth_service.authService.verifyPassword(this.get("password"), password);
     }
 }exports.Auth=Auth;//# sourceMappingURL=auth.js.map

package/cjs/models/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sources":["../../src/models/auth.ts"],"sourcesContent":[null],"names":["Model","jwt","AccessToken","password","verify"],"mappings":"4NAMM,MAAgB,IAAK,SAAQA,aAAK,CAAA;AAMtC;;AAEG;IACI,MAAM,mBAAmB,CAAC,IAAU,EAAA;;;;;QAKzC,IAAI,CAAC,IAAI,EAAE;AACT,YAAA,IAAI,GAAG;gBACL,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;AACvB,gBAAA,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;AACH,SAAA;;QAGD,MAAM,KAAK,GAAG,MAAMC,OAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;;;;QAKvCC,uBAAW,CAAC,MAAM,CAAC;YACjB,KAAK;AACL,YAAA,IAAI,EAAE,IAAI;AACX,SAAA,CAAC,CAAC;AAEH,QAAA,OAAO,KAAK,CAAC;KACd;AAED;;AAEG;IACI,MAAM,iBAAiB,CAAC,KAAa,EAAA;QAC1CA,uBAAW,CAAC,MAAM,CAAC;AACjB,YAAA,KAAK,EAAE,KAAK;YACZ,SAAS,EAAE,IAAI,CAAC,EAAE;AACnB,SAAA,CAAC,CAAC;KACJ;AAED;;AAEG;AACI,IAAA,aAAa,OAAO,CAEzB,IAAS,EAAA;;QAGT,MAAM,EAAE,QAAQ,EAAE,GAAG,SAAS,EAAE,GAAG,IAAI,CAAC;QAExC,MAAM,IAAI,IAAI,MAAM,IAAI,CAAC,KAAK,CAAI,SAAS,CAAC,CAAgB,CAAC;QAE7D,IAAI,CAAC,IAAI,EAAE;AACT,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;;AAGD,QAAA,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE;AACnC,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;AAED,QAAA,OAAO,IAAS,CAAC;KAClB;AAED;;AAEG;AACI,IAAA,eAAe,CAACC,UAAgB,EAAA;AACrC,QAAA,OAAOC,eAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EAAE,MAAM,CAACD,UAAQ,CAAC,CAAC,CAAC;KAC/D;AACF"}
+{"version":3,"file":"auth.js","sources":["../../src/models/auth.ts"],"sourcesContent":[null],"names":["Model","authService"],"mappings":"gRAMM,MAAgB,IAAK,SAAQA,aAAK,CAAA;AAMtC;;AAEG;IACI,kBAAkB,GAAA;;QAEvB,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;AAC5D,QAAA,OAAO,WAAW,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;KAClD;AAED;;AAEG;IACI,MAAM,eAAe,CAAC,UAAuB,EAAA;QAClD,OAAOC,wBAAW,CAAC,eAAe,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KACtD;AAED;;AAEG;IACI,MAAM,mBAAmB,CAAC,IAAU,EAAA;QACzC,OAAOA,wBAAW,CAAC,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;KACpD;AAED;;AAEG;IACI,MAAM,oBAAoB,CAAC,UAAuB,EAAA;QACvD,OAAOA,wBAAW,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KACzD;AAED;;AAEG;IACI,MAAM,iBAAiB,CAAC,KAAa,EAAA;QAC1C,OAAOA,wBAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;KACnD;AAED;;AAEG;AACI,IAAA,MAAM,eAAe,GAAA;AAC1B,QAAA,OAAOA,wBAAW,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;KAC1C;AAED;;AAEG;AACI,IAAA,MAAM,cAAc,GAAA;AACzB,QAAA,OAAOA,wBAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;KAC5C;AAED;;AAEG;AACI,IAAA,aAAa,OAAO,CAAyB,IAAS,EAAA;QAC3D,OAAOA,wBAAW,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;KAC7C;AAED;;AAEG;AACI,IAAA,eAAe,CAAC,QAAgB,EAAA;AACrC,QAAA,OAAOA,wBAAW,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,CAAC;KACnE;AACF"}

package/cjs/models/casts/cast-password.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cast-password.d.ts","sourceRoot":"","sources":["../../../src/models/casts/cast-password.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAEjD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,OAIpE"}
+{"version":3,"file":"cast-password.d.ts","sourceRoot":"","sources":["../../../src/models/casts/cast-password.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAGjD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,OAIpE"}

package/cjs/models/casts/cast-password.js

@@ -1,9 +1,9 @@
-'use strict';var config=require('@mongez/config'),password=require('@mongez/password');function _interopDefault(e){return e&&e.__esModule?e:{default:e}}var config__default=/*#__PURE__*/_interopDefault(config);/**
+'use strict';var password=require('@mongez/password'),core=require('@warlock.js/core');/**
  * Cast password on model save
  * If the password is not changed, keep it as is
  */
 function castPassword(value, column, model) {
     return value
-        ? password.hash(String(value), config__default.default.get("auth.password.salt", 12))
+        ? password.hash(String(value), core.config.key("auth.password.salt", 12))
         : model.getInitial(column);
 }exports.castPassword=castPassword;//# sourceMappingURL=cast-password.js.map

package/cjs/models/casts/cast-password.js.map

@@ -1 +1 @@
-{"version":3,"file":"cast-password.js","sources":["../../../src/models/casts/cast-password.ts"],"sourcesContent":[null],"names":["hash","config"],"mappings":"iNAIA;;;AAGG;SACa,YAAY,CAAC,KAAU,EAAE,MAAc,EAAE,KAAY,EAAA;AACnE,IAAA,OAAO,KAAK;AACV,UAAEA,aAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAEC,uBAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAC3D,UAAE,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AAC/B"}
+{"version":3,"file":"cast-password.js","sources":["../../../src/models/casts/cast-password.ts"],"sourcesContent":[null],"names":["hash","config"],"mappings":"uFAIA;;;AAGG;SACa,YAAY,CAAC,KAAU,EAAE,MAAc,EAAE,KAAY,EAAA;AACnE,IAAA,OAAO,KAAK;AACV,UAAEA,aAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAEC,WAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAC3D,UAAE,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AAC/B"}

package/cjs/models/index.d.ts

@@ -1,5 +1,5 @@
 export * from "./access-token";
 export * from "./auth";
 export * from "./casts";
-export * from "./guest";
+export * from "./refresh-token";
 //# sourceMappingURL=index.d.ts.map

package/cjs/models/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/models/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/models/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,iBAAiB,CAAC"}

package/cjs/models/refresh-token/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./refresh-token";
+//# sourceMappingURL=index.d.ts.map

package/cjs/models/refresh-token/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/models/refresh-token/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC"}

package/cjs/models/refresh-token/migration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migration.d.ts","sourceRoot":"","sources":["../../../src/models/refresh-token/migration.ts"],"names":[],"mappings":";AAGA,wBAeG"}

package/cjs/models/refresh-token/refresh-token.d.ts

@@ -0,0 +1,32 @@
+import { Model, type Casts } from "@warlock.js/cascade";
+export declare class RefreshToken extends Model {
+    /**
+     * {@inheritDoc}
+     */
+    static collection: string;
+    /**
+     * {@inheritDoc}
+     */
+    protected casts: Casts;
+    /**
+     * Check if token is expired
+     */
+    get isExpired(): boolean;
+    /**
+     * Check if token is revoked
+     */
+    get isRevoked(): boolean;
+    /**
+     * Check if token is valid (not expired and not revoked)
+     */
+    get isValid(): boolean;
+    /**
+     * Revoke this token
+     */
+    revoke(): Promise<this>;
+    /**
+     * Mark token as used (update lastUsedAt)
+     */
+    markAsUsed(): Promise<void>;
+}
+//# sourceMappingURL=refresh-token.d.ts.map

package/cjs/models/refresh-token/refresh-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh-token.d.ts","sourceRoot":"","sources":["../../../src/models/refresh-token/refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,KAAK,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAExD,qBAAa,YAAa,SAAQ,KAAK;IACrC;;OAEG;IACH,OAAc,UAAU,SAAmB;IAE3C;;OAEG;IACH,SAAS,CAAC,KAAK,EAAE,KAAK,CASpB;IAEF;;OAEG;IACH,IAAW,SAAS,IAAI,OAAO,CAI9B;IAED;;OAEG;IACH,IAAW,SAAS,IAAI,OAAO,CAE9B;IAED;;OAEG;IACH,IAAW,OAAO,IAAI,OAAO,CAE5B;IAED;;OAEG;IACU,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAIpC;;OAEG;IACU,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAGzC"}