@warlock.js/auth 4.0.5 → 4.0.25

package/esm/services/auth.service.js

@@ -0,0 +1,265 @@
+import {verify}from'@mongez/password';import {Random}from'@mongez/reinforcements';import {config}from'@warlock.js/core';import {AccessToken}from'../models/access-token/access-token.js';import'../models/access-token/migration.js';import {RefreshToken}from'../models/refresh-token/refresh-token.js';import {toJwtExpiresIn,parseExpirationToMs}from'../utils/duration.js';import {authEvents}from'./auth-events.js';import {jwt}from'./jwt.js';class AuthService {
+    /**
+     * Build access token payload from user
+     */
+    buildAccessTokenPayload(user) {
+        return {
+            id: user.id,
+            _id: user._id,
+            userType: user.userType,
+            createdAt: Date.now(),
+        };
+    }
+    /**
+     * Generate access token for user
+     */
+    async generateAccessToken(user, payload) {
+        const data = payload || this.buildAccessTokenPayload(user);
+        const expiresInConfig = config.key("auth.jwt.expiresIn");
+        const expiresIn = toJwtExpiresIn(expiresInConfig, 3600000); // default 1 hour
+        // If expiresIn is undefined, token never expires
+        const token = expiresIn ? await jwt.generate(data, { expiresIn }) : await jwt.generate(data);
+        // Store in database (fire and forget)
+        AccessToken.create({
+            token,
+            user: data,
+        });
+        return token;
+    }
+    /**
+     * Create refresh token for user
+     */
+    async createRefreshToken(user, deviceInfo) {
+        const familyId = deviceInfo?.familyId || Random.string(32);
+        const expiresInConfig = config.key("auth.jwt.refresh.expiresIn");
+        const expiresInMs = parseExpirationToMs(expiresInConfig, 7 * 24 * 60 * 60 * 1000); // default 7 days
+        const payload = {
+            userId: user.id,
+            userType: user.userType,
+            familyId,
+        };
+        const token = await jwt.generateRefreshToken(payload);
+        // Enforce max tokens per user
+        await this.enforceMaxRefreshTokens(user);
+        // Calculate expiration date (undefined means never expires, but we still set a far future date)
+        const expiresAt = expiresInMs
+            ? new Date(Date.now() + expiresInMs)
+            : new Date(Date.now() + 100 * 365 * 24 * 60 * 60 * 1000);
+        // Store in database
+        return RefreshToken.create({
+            token,
+            userId: user.id,
+            userType: user.userType,
+            familyId,
+            expiresAt,
+            deviceInfo: deviceInfo
+                ? {
+                    userAgent: deviceInfo.userAgent,
+                    ip: deviceInfo.ip,
+                    deviceId: deviceInfo.deviceId,
+                }
+                : undefined,
+        });
+    }
+    /**
+     * Create both access and refresh tokens
+     */
+    async createTokenPair(user, deviceInfo) {
+        const accessToken = await this.generateAccessToken(user);
+        const refreshToken = await this.createRefreshToken(user, deviceInfo);
+        const tokenPair = {
+            accessToken,
+            refreshToken: refreshToken.get("token"),
+            expiresIn: config.key("auth.jwt.expiresIn", "1h"),
+        };
+        // Emit events
+        authEvents.emit("token.created", user, tokenPair);
+        authEvents.emit("session.created", user, refreshToken, deviceInfo);
+        return tokenPair;
+    }
+    /**
+     * Refresh tokens using a refresh token
+     */
+    async refreshTokens(refreshTokenString, deviceInfo) {
+        try {
+            // 1. Verify JWT signature
+            const decoded = await jwt.verifyRefreshToken(refreshTokenString);
+            if (!decoded)
+                return null;
+            // 2. Find token in database
+            const refreshToken = await RefreshToken.first({ token: refreshTokenString });
+            if (!refreshToken?.isValid) {
+                // If token was already used (rotation detection), revoke entire family
+                if (refreshToken) {
+                    await this.revokeTokenFamily(refreshToken.get("familyId"));
+                }
+                return null;
+            }
+            // 3. Get user model and find user
+            const UserModel = config.key(`auth.userType.${decoded.userType}`);
+            if (!UserModel)
+                return null;
+            const user = (await UserModel.find(decoded.userId));
+            if (!user)
+                return null;
+            // 4. Rotate token if enabled (revoke old token)
+            const rotationEnabled = config.key("auth.jwt.refresh.rotation", true);
+            if (rotationEnabled) {
+                await refreshToken.revoke();
+            }
+            else {
+                await refreshToken.markAsUsed();
+            }
+            // 5. Generate new token pair (keep same family)
+            const newTokenPair = await this.createTokenPair(user, {
+                ...deviceInfo,
+                familyId: refreshToken.get("familyId"),
+            });
+            // Emit token refreshed event
+            authEvents.emit("token.refreshed", user, newTokenPair, refreshToken);
+            return newTokenPair;
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Verify password
+     */
+    verifyPassword(hashedPassword, plainPassword) {
+        return verify(String(hashedPassword), String(plainPassword));
+    }
+    /**
+     * Attempt to login user with given credentials
+     */
+    async attemptLogin(Model, data) {
+        const { password, ...otherData } = data;
+        // Emit login attempt event
+        authEvents.emit("login.attempt", otherData);
+        const user = (await Model.first(otherData));
+        if (!user) {
+            authEvents.emit("login.failed", otherData, "User not found");
+            return null;
+        }
+        if (!this.verifyPassword(user.get("password"), password)) {
+            authEvents.emit("login.failed", otherData, "Invalid password");
+            return null;
+        }
+        return user;
+    }
+    /**
+     * Full login flow: validate credentials, create tokens, emit events
+     * Returns token pair on success, null on failure
+     */
+    async login(Model, credentials, deviceInfo) {
+        const user = await this.attemptLogin(Model, credentials);
+        if (!user) {
+            return null;
+        }
+        const tokens = await this.createTokenPair(user, deviceInfo);
+        // Emit login success event
+        authEvents.emit("login.success", user, tokens, deviceInfo);
+        return { user, tokens };
+    }
+    /**
+     * Logout user (revoke specific refresh token)
+     */
+    async logout(user, refreshToken) {
+        if (refreshToken) {
+            await refreshToken.revoke();
+            authEvents.emit("session.destroyed", user, refreshToken);
+        }
+        // Emit logout event
+        authEvents.emit("logout", user);
+    }
+    /**
+     * Remove specific access token
+     */
+    async removeAccessToken(user, token) {
+        AccessToken.delete({
+            token,
+            "user.id": user.id,
+        });
+    }
+    /**
+     * Revoke all tokens for a user
+     */
+    async revokeAllTokens(user) {
+        // Revoke all refresh tokens
+        const refreshTokens = await RefreshToken.aggregate()
+            .where("userId", user.id)
+            .where("userType", user.userType)
+            .where("revokedAt", null)
+            .get();
+        for (const token of refreshTokens) {
+            await token.revoke();
+            authEvents.emit("token.revoked", user, token);
+        }
+        // Delete all access tokens
+        await AccessToken.delete({
+            "user.id": user.id,
+            "user.userType": user.userType,
+        });
+        // Emit logout all event
+        authEvents.emit("logout.all", user);
+    }
+    /**
+     * Revoke entire token family (for rotation breach detection)
+     */
+    async revokeTokenFamily(familyId) {
+        const tokens = await RefreshToken.aggregate()
+            .where("familyId", familyId)
+            .where("revokedAt", null)
+            .get();
+        for (const token of tokens) {
+            await token.revoke();
+        }
+        // Emit family revoked event
+        authEvents.emit("token.familyRevoked", familyId, tokens);
+    }
+    /**
+     * Cleanup expired tokens
+     */
+    async cleanupExpiredTokens() {
+        const expiredTokens = await RefreshToken.aggregate().where("expiresAt", "<", new Date()).get();
+        for (const token of expiredTokens) {
+            authEvents.emit("token.expired", token);
+            await token.destroy();
+        }
+        // Emit cleanup completed event
+        authEvents.emit("cleanup.completed", expiredTokens.length);
+        return expiredTokens.length;
+    }
+    /**
+     * Enforce max refresh tokens per user
+     */
+    async enforceMaxRefreshTokens(user) {
+        const maxPerUser = config.key("auth.jwt.refresh.maxPerUser", 5);
+        const activeTokens = await RefreshToken.aggregate()
+            .where("userId", user.id)
+            .where("userType", user.userType)
+            .where("revokedAt", null)
+            .sort("createdAt", "asc")
+            .get();
+        // Revoke oldest tokens if exceeding limit
+        if (activeTokens.length >= maxPerUser) {
+            const tokensToRevoke = activeTokens.slice(0, activeTokens.length - maxPerUser + 1);
+            for (const token of tokensToRevoke) {
+                await token.revoke();
+            }
+        }
+    }
+    /**
+     * Get active sessions for user
+     */
+    async getActiveSessions(user) {
+        return RefreshToken.aggregate()
+            .where("userId", user.id)
+            .where("userType", user.userType)
+            .where("revokedAt", null)
+            .where("expiresAt", ">", new Date())
+            .sort("createdAt", "desc")
+            .get();
+    }
+}
+const authService = new AuthService();export{authService};//# sourceMappingURL=auth.service.js.map

package/esm/services/auth.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.js","sources":["../../src/services/auth.service.ts"],"sourcesContent":[null],"names":[],"mappings":"obAYA,MAAM,WAAW,CAAA;AACf;;AAEG;AACI,IAAA,uBAAuB,CAAC,IAAU,EAAA;QACvC,OAAO;YACL,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;AACvB,YAAA,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;KACH;AAED;;AAEG;AACI,IAAA,MAAM,mBAAmB,CAAC,IAAU,EAAE,OAAa,EAAA;QACxD,MAAM,IAAI,GAAG,OAAO,IAAI,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG,cAAc,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;;QAG3D,MAAM,KAAK,GAAG,SAAS,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;;QAG7F,WAAW,CAAC,MAAM,CAAC;YACjB,KAAK;AACL,YAAA,IAAI,EAAE,IAAI;AACX,SAAA,CAAC,CAAC;AAEH,QAAA,OAAO,KAAK,CAAC;KACd;AAED;;AAEG;AACI,IAAA,MAAM,kBAAkB,CAAC,IAAU,EAAE,UAAuB,EAAA;AACjE,QAAA,MAAM,QAAQ,GAAG,UAAU,EAAE,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3D,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;AACjE,QAAA,MAAM,WAAW,GAAG,mBAAmB,CAAC,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;AAElF,QAAA,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ;SACT,CAAC;QAEF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;;AAGtD,QAAA,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;;QAGzC,MAAM,SAAS,GAAG,WAAW;cACzB,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;cAClC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;;QAG3D,OAAO,YAAY,CAAC,MAAM,CAAC;YACzB,KAAK;YACL,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ;YACR,SAAS;AACT,YAAA,UAAU,EAAE,UAAU;AACpB,kBAAE;oBACE,SAAS,EAAE,UAAU,CAAC,SAAS;oBAC/B,EAAE,EAAE,UAAU,CAAC,EAAE;oBACjB,QAAQ,EAAE,UAAU,CAAC,QAAQ;AAC9B,iBAAA;AACH,kBAAE,SAAS;AACd,SAAA,CAAC,CAAC;KACJ;AAED;;AAEG;AACI,IAAA,MAAM,eAAe,CAAC,IAAU,EAAE,UAAuB,EAAA;QAC9D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AAErE,QAAA,MAAM,SAAS,GAAc;YAC3B,WAAW;AACX,YAAA,YAAY,EAAE,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;YACvC,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,IAAI,CAAC;SAClD,CAAC;;QAGF,UAAU,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QAClD,UAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;AAEnE,QAAA,OAAO,SAAS,CAAC;KAClB;AAED;;AAEG;AACI,IAAA,MAAM,aAAa,CACxB,kBAA0B,EAC1B,UAAuB,EAAA;QAEvB,IAAI;;YAEF,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,kBAAkB,CAIzC,kBAAkB,CAAC,CAAC;AAEvB,YAAA,IAAI,CAAC,OAAO;AAAE,gBAAA,OAAO,IAAI,CAAC;;AAG1B,YAAA,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;AAE7E,YAAA,IAAI,CAAC,YAAY,EAAE,OAAO,EAAE;;AAE1B,gBAAA,IAAI,YAAY,EAAE;oBAChB,MAAM,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAC5D,iBAAA;AACD,gBAAA,OAAO,IAAI,CAAC;AACb,aAAA;;AAGD,YAAA,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,CAAiB,cAAA,EAAA,OAAO,CAAC,QAAQ,CAAE,CAAA,CAAC,CAAC;AAClE,YAAA,IAAI,CAAC,SAAS;AAAE,gBAAA,OAAO,IAAI,CAAC;AAE5B,YAAA,MAAM,IAAI,IAAI,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAgB,CAAC;AACnE,YAAA,IAAI,CAAC,IAAI;AAAE,gBAAA,OAAO,IAAI,CAAC;;YAGvB,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;AACtE,YAAA,IAAI,eAAe,EAAE;AACnB,gBAAA,MAAM,YAAY,CAAC,MAAM,EAAE,CAAC;AAC7B,aAAA;AAAM,iBAAA;AACL,gBAAA,MAAM,YAAY,CAAC,UAAU,EAAE,CAAC;AACjC,aAAA;;YAGD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE;AACpD,gBAAA,GAAG,UAAU;AACb,gBAAA,QAAQ,EAAE,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC;AACvC,aAAA,CAAC,CAAC;;YAGH,UAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;AAErE,YAAA,OAAO,YAAY,CAAC;AACrB,SAAA;QAAC,MAAM;AACN,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;KACF;AAED;;AAEG;IACI,cAAc,CAAC,cAAsB,EAAE,aAAqB,EAAA;AACjE,QAAA,OAAO,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;KAC9D;AAED;;AAEG;AACI,IAAA,MAAM,YAAY,CAAI,KAAoB,EAAE,IAAS,EAAA;QAC1D,MAAM,EAAE,QAAQ,EAAE,GAAG,SAAS,EAAE,GAAG,IAAI,CAAC;;AAGxC,QAAA,UAAU,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAE5C,MAAM,IAAI,IAAI,MAAM,KAAK,CAAC,KAAK,CAAI,SAAS,CAAC,CAAgB,CAAC;QAE9D,IAAI,CAAC,IAAI,EAAE;YACT,UAAU,CAAC,IAAI,CAAC,cAAc,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;AAC7D,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;AAED,QAAA,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,EAAE;YACxD,UAAU,CAAC,IAAI,CAAC,cAAc,EAAE,SAAS,EAAE,kBAAkB,CAAC,CAAC;AAC/D,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;AAED,QAAA,OAAO,IAAS,CAAC;KAClB;AAED;;;AAGG;AACI,IAAA,MAAM,KAAK,CAChB,KAAoB,EACpB,WAAgB,EAChB,UAAuB,EAAA;QAEvB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAI,KAAK,EAAE,WAAW,CAAC,CAAC;QAE5D,IAAI,CAAC,IAAI,EAAE;AACT,YAAA,OAAO,IAAI,CAAC;AACb,SAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;;QAG5D,UAAU,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;AAE3D,QAAA,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;KACzB;AAED;;AAEG;AACI,IAAA,MAAM,MAAM,CAAC,IAAU,EAAE,YAA2B,EAAA;AACzD,QAAA,IAAI,YAAY,EAAE;AAChB,YAAA,MAAM,YAAY,CAAC,MAAM,EAAE,CAAC;YAC5B,UAAU,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC;AAC1D,SAAA;;AAGD,QAAA,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;KACjC;AAED;;AAEG;AACI,IAAA,MAAM,iBAAiB,CAAC,IAAU,EAAE,KAAa,EAAA;QACtD,WAAW,CAAC,MAAM,CAAC;YACjB,KAAK;YACL,SAAS,EAAE,IAAI,CAAC,EAAE;AACnB,SAAA,CAAC,CAAC;KACJ;AAED;;AAEG;IACI,MAAM,eAAe,CAAC,IAAU,EAAA;;AAErC,QAAA,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE;AACjD,aAAA,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC;AACxB,aAAA,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC;AAChC,aAAA,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC;AACxB,aAAA,GAAG,EAAE,CAAC;AAET,QAAA,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE;AACjC,YAAA,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC;YACrB,UAAU,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;AAC/C,SAAA;;QAGD,MAAM,WAAW,CAAC,MAAM,CAAC;YACvB,SAAS,EAAE,IAAI,CAAC,EAAE;YAClB,eAAe,EAAE,IAAI,CAAC,QAAQ;AAC/B,SAAA,CAAC,CAAC;;AAGH,QAAA,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;KACrC;AAED;;AAEG;IACI,MAAM,iBAAiB,CAAC,QAAgB,EAAA;AAC7C,QAAA,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE;AAC1C,aAAA,KAAK,CAAC,UAAU,EAAE,QAAQ,CAAC;AAC3B,aAAA,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC;AACxB,aAAA,GAAG,EAAE,CAAC;AAET,QAAA,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;AAC1B,YAAA,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC;AACtB,SAAA;;QAGD,UAAU,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;KAC1D;AAED;;AAEG;AACI,IAAA,MAAM,oBAAoB,GAAA;QAC/B,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC;AAE/F,QAAA,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE;AACjC,YAAA,UAAU,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;AACxC,YAAA,MAAM,KAAK,CAAC,OAAO,EAAE,CAAC;AACvB,SAAA;;QAGD,UAAU,CAAC,IAAI,CAAC,mBAAmB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;QAE3D,OAAO,aAAa,CAAC,MAAM,CAAC;KAC7B;AAED;;AAEG;IACK,MAAM,uBAAuB,CAAC,IAAU,EAAA;QAC9C,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,6BAA6B,EAAE,CAAC,CAAC,CAAC;AAEhE,QAAA,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE;AAChD,aAAA,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC;AACxB,aAAA,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC;AAChC,aAAA,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC;AACxB,aAAA,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC;AACxB,aAAA,GAAG,EAAE,CAAC;;AAGT,QAAA,IAAI,YAAY,CAAC,MAAM,IAAI,UAAU,EAAE;AACrC,YAAA,MAAM,cAAc,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,CAAC;AACnF,YAAA,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE;AAClC,gBAAA,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC;AACtB,aAAA;AACF,SAAA;KACF;AAED;;AAEG;IACI,MAAM,iBAAiB,CAAC,IAAU,EAAA;QACvC,OAAO,YAAY,CAAC,SAAS,EAAE;AAC5B,aAAA,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC;AACxB,aAAA,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC;AAChC,aAAA,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC;aACxB,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC;AACnC,aAAA,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC;AACzB,aAAA,GAAG,EAAE,CAAC;KACV;AACF,CAAA;AAEY,MAAA,WAAW,GAAG,IAAI,WAAW"}

package/esm/services/generate-jwt-secret.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"generate-jwt-secret.d.ts","sourceRoot":"","sources":["../../src/services/generate-jwt-secret.ts"],"names":[],"mappings":"AAKA,wBAAsB,iBAAiB,kBAwCtC"}
+{"version":3,"file":"generate-jwt-secret.d.ts","sourceRoot":"","sources":["../../src/services/generate-jwt-secret.ts"],"names":[],"mappings":"AAKA,wBAAsB,iBAAiB,kBAmCtC"}

package/esm/services/generate-jwt-secret.js

@@ -1,16 +1,16 @@
-import {fileExists,getFile,putFile}from'@mongez/fs';import {Random}from'@mongez/reinforcements';import {rootPath,environment}from'@warlock.js/core';import {log}from'@warlock.js/logger';async function generateJWTSecret() {
+import {fileExistsAsync,getFileAsync,putFileAsync}from'@mongez/fs';import {Random}from'@mongez/reinforcements';import {rootPath,environment}from'@warlock.js/core';import {log}from'@warlock.js/logger';async function generateJWTSecret() {
     let envFile = rootPath(".env");
     log.info("jwt", "generating", "Generating jwt secret");
     const environmentMode = environment();
-    if (!fileExists(envFile)) {
+    if (!(await fileExistsAsync(envFile))) {
         const envFileType = environmentMode === "production" ? ".env.production" : ".env.development";
         envFile = rootPath(envFileType);
     }
-    if (!fileExists(envFile)) {
+    if (!(await fileExistsAsync(envFile))) {
         log.error("jwt", "error", ".env file not found");
         return;
     }
-    let contents = getFile(envFile);
+    let contents = await getFileAsync(envFile);
     if (contents.includes("JWT_SECRET")) {
         log.warn("jwt", "exists", "JWT secret already exists in the .env file.");
         return;
@@ -21,6 +21,6 @@ import {fileExists,getFile,putFile}from'@mongez/fs';import {Random}from'@mongez/
 # JWT Secret
 JWT_SECRET=${key}
 `;
-    putFile(envFile, contents);
+    await putFileAsync(envFile, contents);
     log.success("jwt", "generated", `JWT secret key generated and added to the .env file.`);
 }export{generateJWTSecret};//# sourceMappingURL=generate-jwt-secret.js.map

package/esm/services/generate-jwt-secret.js.map

@@ -1 +1 @@
-{"version":3,"file":"generate-jwt-secret.js","sources":["../../src/services/generate-jwt-secret.ts"],"sourcesContent":[null],"names":[],"mappings":"yLAKO,eAAe,iBAAiB,GAAA;AACrC,IAAA,IAAI,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;IAE/B,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,uBAAuB,CAAC,CAAC;AAEvD,IAAA,MAAM,eAAe,GAAG,WAAW,EAAE,CAAC;AAEtC,IAAA,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;AACxB,QAAA,MAAM,WAAW,GACf,eAAe,KAAK,YAAY,GAAG,iBAAiB,GAAG,kBAAkB,CAAC;AAC5E,QAAA,OAAO,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC;AACjC,KAAA;AAED,IAAA,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QACxB,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,qBAAqB,CAAC,CAAC;QACjD,OAAO;AACR,KAAA;AAED,IAAA,IAAI,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;AAEhC,IAAA,IAAI,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;QACnC,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,6CAA6C,CAAC,CAAC;QACzE,OAAO;AACR,KAAA;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAE9B,IAAA,QAAQ,IAAI,CAAA;;;aAGD,GAAG,CAAA;CACf,CAAC;AAEA,IAAA,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAE3B,GAAG,CAAC,OAAO,CACT,KAAK,EACL,WAAW,EACX,CAAsD,oDAAA,CAAA,CACvD,CAAC;AACJ"}
+{"version":3,"file":"generate-jwt-secret.js","sources":["../../src/services/generate-jwt-secret.ts"],"sourcesContent":[null],"names":[],"mappings":"wMAKO,eAAe,iBAAiB,GAAA;AACrC,IAAA,IAAI,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;IAE/B,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,uBAAuB,CAAC,CAAC;AAEvD,IAAA,MAAM,eAAe,GAAG,WAAW,EAAE,CAAC;IAEtC,IAAI,EAAE,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC,EAAE;AACrC,QAAA,MAAM,WAAW,GAAG,eAAe,KAAK,YAAY,GAAG,iBAAiB,GAAG,kBAAkB,CAAC;AAC9F,QAAA,OAAO,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC;AACjC,KAAA;IAED,IAAI,EAAE,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC,EAAE;QACrC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,qBAAqB,CAAC,CAAC;QACjD,OAAO;AACR,KAAA;AAED,IAAA,IAAI,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;AAE3C,IAAA,IAAI,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;QACnC,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,6CAA6C,CAAC,CAAC;QACzE,OAAO;AACR,KAAA;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAE9B,IAAA,QAAQ,IAAI,CAAA;;;aAGD,GAAG,CAAA;CACf,CAAC;AAEA,IAAA,MAAM,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAEtC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,CAAsD,oDAAA,CAAA,CAAC,CAAC;AAC1F"}

package/esm/services/index.d.ts

@@ -1,4 +1,5 @@
-export * from "./generate-guest-token";
+export * from "./auth-events";
+export * from "./auth.service";
 export * from "./generate-jwt-secret";
 export * from "./jwt";
 //# sourceMappingURL=index.d.ts.map

package/esm/services/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AACvC,cAAc,uBAAuB,CAAC;AACtC,cAAc,OAAO,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,uBAAuB,CAAC;AACtC,cAAc,OAAO,CAAC"}

package/esm/services/jwt.d.ts

@@ -10,7 +10,7 @@ export declare const jwt: {
      * @param token The JWT token to verify.
      * @returns The decoded token payload if verification is successful.
      */
-    verify(token: string, { key, algorithms, ...options }?: any): Promise<any>;
+    verify<T = any>(token: string, { key, algorithms, ...options }?: any): Promise<T>;
     /**
      * Generate a new refresh token for the user.
      */
@@ -18,6 +18,6 @@ export declare const jwt: {
     /**
      * Verify the given refresh token.
      */
-    verifyRefreshToken(token: string, { key, algorithms, ...options }?: any): Promise<any>;
+    verifyRefreshToken<T_1 = any>(token: string, { key, algorithms, ...options }?: any): Promise<T_1>;
 };
 //# sourceMappingURL=jwt.d.ts.map

package/esm/services/jwt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../src/services/jwt.ts"],"names":[],"mappings":"AACA,OAAO,EAIL,KAAK,aAAa,EAClB,KAAK,eAAe,EACrB,MAAM,UAAU,CAAC;AAWlB,eAAO,MAAM,GAAG;IACd;;;OAGG;sBAEQ,GAAG,yCAMX,QAAQ,MAAM,CAAC;IAOlB;;;;OAIG;kBAEM,MAAM;IAYf;;OAEG;kCAEQ,GAAG,oDAOX,QAAQ,MAAM,CAAC;IAKlB;;OAEG;8BAEM,MAAM;CAUhB,CAAC"}
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../src/services/jwt.ts"],"names":[],"mappings":"AACA,OAAO,EAIL,KAAK,aAAa,EAClB,KAAK,eAAe,EACrB,MAAM,UAAU,CAAC;AASlB,eAAO,MAAM,GAAG;IACd;;;OAGG;sBAEQ,GAAG,yCAMX,QAAQ,MAAM,CAAC;IAOlB;;;;OAIG;2BAEM,MAAM;IAYf;;OAEG;kCAEQ,GAAG,oDAOX,QAAQ,MAAM,CAAC;IAKlB;;OAEG;yCAEM,MAAM;CAUhB,CAAC"}

package/esm/services/jwt.js

@@ -1,8 +1,8 @@
-import config from'@mongez/config';import {createSigner,createVerifier}from'fast-jwt';const getSecretKey = () => config.get("auth.jwt.secret");
-const getAlgorithm = () => config.get("auth.jwt.algorithm");
-const getRefreshSecretKey = () => config.get("auth.jwt.refresh.secret");
+import {config}from'@warlock.js/core';import {createSigner,createVerifier}from'fast-jwt';const getSecretKey = () => config.key("auth.jwt.secret");
+const getAlgorithm = () => config.key("auth.jwt.algorithm");
+const getRefreshSecretKey = () => config.key("auth.jwt.refresh.secret");
 // Assuming there's a separate config for refresh token validity, for example, '7d' for 7 days
-const getRefreshTokenValidity = () => config.get("auth.jwt.refresh.expiresIn");
+const getRefreshTokenValidity = () => config.key("auth.jwt.refresh.expiresIn");
 const jwt = {
     /**
      * Generate a new JWT token for the user.

package/esm/services/jwt.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.js","sources":["../../src/services/jwt.ts"],"sourcesContent":[null],"names":[],"mappings":"sFASA,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAW,CAAC;AACnE,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAc,CAAC;AAEzE,MAAM,mBAAmB,GAAG,MAC1B,MAAM,CAAC,GAAG,CAAC,yBAAyB,CAAW,CAAC;AAClD;AACA,MAAM,uBAAuB,GAAG,MAC9B,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAoB,CAAC;AAEjD,MAAA,GAAG,GAAG;AACjB;;;AAGG;AACH,IAAA,MAAM,QAAQ,CACZ,OAAY,EACZ,EACE,GAAG,GAAG,YAAY,EAAE,EACpB,SAAS,GAAG,YAAY,EAAE,EAC1B,GAAG,OAAO,KAC0B,EAAE,EAAA;;AAGxC,QAAA,MAAM,IAAI,GAAG,YAAY,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;AAE1D,QAAA,OAAO,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;KAC7B;AAED;;;;AAIG;AACH,IAAA,MAAM,MAAM,CACV,KAAa,EACb,EACE,GAAG,GAAG,YAAY,EAAE,EACpB,UAAU,GAAG,YAAY,EAAE,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,SAAS,EAC1D,GAAG,OAAO,KAC4B,EAAE,EAAA;AAE1C,QAAA,MAAM,MAAM,GAAG,cAAc,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC;AAE/D,QAAA,OAAO,MAAM,MAAM,CAAC,KAAe,CAAC,CAAC;KACtC;AAED;;AAEG;IACH,MAAM,oBAAoB,CACxB,OAAY,EACZ,EACE,GAAG,GAAG,mBAAmB,EAAE,EAC3B,SAAS,GAAG,uBAAuB,EAAE,EACrC,SAAS,GAAG,YAAY,EAAE,EAC1B,GAAG,OAAO,EAAA,GAC0B,EAAE,EAAA;AAExC,QAAA,MAAM,IAAI,GAAG,YAAY,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;AACrE,QAAA,OAAO,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;KAC7B;AAED;;AAEG;IACH,MAAM,kBAAkB,CACtB,KAAa,EACb,EACE,GAAG,GAAG,mBAAmB,EAAE,EAC3B,UAAU,GAAG,CAAC,YAAY,EAAE,CAAC,EAC7B,GAAG,OAAO,EAAA,GAC4B,EAAE,EAAA;AAE1C,QAAA,MAAM,MAAM,GAAG,cAAc,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;AAC/D,QAAA,OAAO,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC;KAC5B;"}
+{"version":3,"file":"jwt.js","sources":["../../src/services/jwt.ts"],"sourcesContent":[null],"names":[],"mappings":"yFASA,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAW,CAAC;AACnE,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAc,CAAC;AAEzE,MAAM,mBAAmB,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,yBAAyB,CAAW,CAAC;AAClF;AACA,MAAM,uBAAuB,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAoB,CAAC;AAErF,MAAA,GAAG,GAAG;AACjB;;;AAGG;AACH,IAAA,MAAM,QAAQ,CACZ,OAAY,EACZ,EACE,GAAG,GAAG,YAAY,EAAE,EACpB,SAAS,GAAG,YAAY,EAAE,EAC1B,GAAG,OAAO,KAC0B,EAAE,EAAA;;AAGxC,QAAA,MAAM,IAAI,GAAG,YAAY,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;AAE1D,QAAA,OAAO,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;KAC7B;AAED;;;;AAIG;AACH,IAAA,MAAM,MAAM,CACV,KAAa,EACb,EACE,GAAG,GAAG,YAAY,EAAE,EACpB,UAAU,GAAG,YAAY,EAAE,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,SAAS,EAC1D,GAAG,OAAO,KAC4B,EAAE,EAAA;AAE1C,QAAA,MAAM,MAAM,GAAG,cAAc,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC;AAE/D,QAAA,OAAO,MAAM,MAAM,CAAC,KAAe,CAAC,CAAC;KACtC;AAED;;AAEG;IACH,MAAM,oBAAoB,CACxB,OAAY,EACZ,EACE,GAAG,GAAG,mBAAmB,EAAE,EAC3B,SAAS,GAAG,uBAAuB,EAAE,EACrC,SAAS,GAAG,YAAY,EAAE,EAC1B,GAAG,OAAO,EAAA,GAC0B,EAAE,EAAA;AAExC,QAAA,MAAM,IAAI,GAAG,YAAY,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;AACrE,QAAA,OAAO,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;KAC7B;AAED;;AAEG;IACH,MAAM,kBAAkB,CACtB,KAAa,EACb,EACE,GAAG,GAAG,mBAAmB,EAAE,EAC3B,UAAU,GAAG,CAAC,YAAY,EAAE,CAAC,EAC7B,GAAG,OAAO,EAAA,GAC4B,EAAE,EAAA;AAE1C,QAAA,MAAM,MAAM,GAAG,cAAc,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;AAC/D,QAAA,OAAO,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC;KAC5B;"}

package/esm/utils/auth-error-codes.d.ts

@@ -0,0 +1,18 @@
+export declare enum AuthErrorCodes {
+    /**
+     * Missing Access Token Error Code EC001
+     * EC001 = Missing Access Token
+     */
+    MissingAccessToken = "EC001",
+    /**
+     * Invalid Access Token Error Code EC002
+     * EC002 = Invalid Access Token
+     */
+    InvalidAccessToken = "EC002",
+    /**
+     * Unauthorized Error Code EC003
+     * EC003 = Unauthorized
+     */
+    Unauthorized = "EC003"
+}
+//# sourceMappingURL=auth-error-codes.d.ts.map

package/esm/utils/auth-error-codes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-error-codes.d.ts","sourceRoot":"","sources":["../../src/utils/auth-error-codes.ts"],"names":[],"mappings":"AAAA,oBAAY,cAAc;IACxB;;;OAGG;IACH,kBAAkB,UAAU;IAC5B;;;OAGG;IACH,kBAAkB,UAAU;IAC5B;;;OAGG;IACH,YAAY,UAAU;CACvB"}

package/esm/utils/auth-error-codes.js

@@ -0,0 +1,18 @@
+var AuthErrorCodes;
+(function (AuthErrorCodes) {
+    /**
+     * Missing Access Token Error Code EC001
+     * EC001 = Missing Access Token
+     */
+    AuthErrorCodes["MissingAccessToken"] = "EC001";
+    /**
+     * Invalid Access Token Error Code EC002
+     * EC002 = Invalid Access Token
+     */
+    AuthErrorCodes["InvalidAccessToken"] = "EC002";
+    /**
+     * Unauthorized Error Code EC003
+     * EC003 = Unauthorized
+     */
+    AuthErrorCodes["Unauthorized"] = "EC003";
+})(AuthErrorCodes || (AuthErrorCodes = {}));export{AuthErrorCodes};//# sourceMappingURL=auth-error-codes.js.map

package/esm/utils/auth-error-codes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-error-codes.js","sources":["../../src/utils/auth-error-codes.ts"],"sourcesContent":[null],"names":[],"mappings":"IAAY,eAgBX;AAhBD,CAAA,UAAY,cAAc,EAAA;AACxB;;;AAGG;AACH,IAAA,cAAA,CAAA,oBAAA,CAAA,GAAA,OAA4B,CAAA;AAC5B;;;AAGG;AACH,IAAA,cAAA,CAAA,oBAAA,CAAA,GAAA,OAA4B,CAAA;AAC5B;;;AAGG;AACH,IAAA,cAAA,CAAA,cAAA,CAAA,GAAA,OAAsB,CAAA;AACxB,CAAC,EAhBW,cAAc,KAAd,cAAc,GAgBzB,EAAA,CAAA,CAAA"}

package/esm/utils/duration.d.ts

@@ -0,0 +1,45 @@
+import { NO_EXPIRATION } from "../contracts/types";
+/**
+ * Duration object for specifying time periods
+ * All units are additive (e.g., { days: 1, hours: 6 } = 30 hours)
+ *
+ * @example
+ * ```typescript
+ * { hours: 1 }           // 1 hour
+ * { days: 7, hours: 12 } // 7.5 days
+ * { minutes: 30 }        // 30 minutes
+ * ```
+ */
+export type Duration = {
+    milliseconds?: number;
+    seconds?: number;
+    minutes?: number;
+    hours?: number;
+    days?: number;
+    weeks?: number;
+};
+/**
+ * Expiration value type - can be a Duration object, string format, or NO_EXPIRATION
+ */
+export type ExpiresIn = Duration | typeof NO_EXPIRATION | string | number;
+/**
+ * Parse duration to milliseconds
+ * Supports Duration object, string format ("1d 2h 30m"), or number (raw ms)
+ *
+ * @example
+ * ```typescript
+ * parseExpirationToMs({ hours: 1 })       // 3600000
+ * parseExpirationToMs({ days: 1 })        // 86400000
+ * parseExpirationToMs("1h")               // 3600000
+ * parseExpirationToMs("1d 2h 30m")        // 95400000
+ * parseExpirationToMs(3600000)            // 3600000
+ * parseExpirationToMs(NO_EXPIRATION)      // undefined
+ * ```
+ */
+export declare function parseExpirationToMs(expiration: ExpiresIn | undefined, defaultMs?: number): number | undefined;
+/**
+ * Convert ExpiresIn to a value suitable for jwt.generate (string or number)
+ * Returns undefined if NO_EXPIRATION
+ */
+export declare function toJwtExpiresIn(expiration: ExpiresIn | undefined, defaultMs?: number): string | undefined;
+//# sourceMappingURL=duration.d.ts.map

package/esm/utils/duration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"duration.d.ts","sourceRoot":"","sources":["../../src/utils/duration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD;;;;;;;;;;GAUG;AACH,MAAM,MAAM,QAAQ,GAAG;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,QAAQ,GAAG,OAAO,aAAa,GAAG,MAAM,GAAG,MAAM,CAAC;AAE1E;;;;;;;;;;;;;GAaG;AACH,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,SAAS,GAAG,SAAS,EACjC,SAAS,GAAE,MAAgB,GAC1B,MAAM,GAAG,SAAS,CAmBpB;AAuDD;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,UAAU,EAAE,SAAS,GAAG,SAAS,EACjC,SAAS,GAAE,MAAgB,GAC1B,MAAM,GAAG,SAAS,CAMpB"}

package/esm/utils/duration.js

@@ -0,0 +1,93 @@
+import {NO_EXPIRATION}from'../contracts/types.js';/**
+ * Parse duration to milliseconds
+ * Supports Duration object, string format ("1d 2h 30m"), or number (raw ms)
+ *
+ * @example
+ * ```typescript
+ * parseExpirationToMs({ hours: 1 })       // 3600000
+ * parseExpirationToMs({ days: 1 })        // 86400000
+ * parseExpirationToMs("1h")               // 3600000
+ * parseExpirationToMs("1d 2h 30m")        // 95400000
+ * parseExpirationToMs(3600000)            // 3600000
+ * parseExpirationToMs(NO_EXPIRATION)      // undefined
+ * ```
+ */
+function parseExpirationToMs(expiration, defaultMs = 3600000) {
+    if (expiration === undefined) {
+        return defaultMs;
+    }
+    if (expiration === NO_EXPIRATION) {
+        return undefined;
+    }
+    if (typeof expiration === "number") {
+        return expiration;
+    }
+    if (typeof expiration === "string") {
+        return parseStringDuration(expiration);
+    }
+    // It's a Duration object
+    return parseDurationObject(expiration);
+}
+/**
+ * Parse a Duration object to milliseconds
+ */
+function parseDurationObject(duration) {
+    let ms = 0;
+    if (duration.milliseconds)
+        ms += duration.milliseconds;
+    if (duration.seconds)
+        ms += duration.seconds * 1000;
+    if (duration.minutes)
+        ms += duration.minutes * 60 * 1000;
+    if (duration.hours)
+        ms += duration.hours * 60 * 60 * 1000;
+    if (duration.days)
+        ms += duration.days * 24 * 60 * 60 * 1000;
+    if (duration.weeks)
+        ms += duration.weeks * 7 * 24 * 60 * 60 * 1000;
+    return ms;
+}
+/**
+ * Parse a string duration to milliseconds
+ * Supports formats: "1h", "7d", "30m", "90s", "1d 2h 30m"
+ */
+function parseStringDuration(str) {
+    let totalMs = 0;
+    const parts = str.trim().split(/\s+/);
+    for (const part of parts) {
+        const match = part.match(/^(\d+(?:\.\d+)?)([smhdw])$/i);
+        if (!match)
+            continue;
+        const value = parseFloat(match[1]);
+        const unit = match[2].toLowerCase();
+        switch (unit) {
+            case "s":
+                totalMs += value * 1000;
+                break;
+            case "m":
+                totalMs += value * 60 * 1000;
+                break;
+            case "h":
+                totalMs += value * 60 * 60 * 1000;
+                break;
+            case "d":
+                totalMs += value * 24 * 60 * 60 * 1000;
+                break;
+            case "w":
+                totalMs += value * 7 * 24 * 60 * 60 * 1000;
+                break;
+        }
+    }
+    return totalMs || 3600000; // Default to 1 hour if nothing parsed
+}
+/**
+ * Convert ExpiresIn to a value suitable for jwt.generate (string or number)
+ * Returns undefined if NO_EXPIRATION
+ */
+function toJwtExpiresIn(expiration, defaultMs = 3600000) {
+    const ms = parseExpirationToMs(expiration, defaultMs);
+    if (ms === undefined)
+        return undefined;
+    // Convert ms to seconds for JWT (more common format)
+    return Math.floor(ms / 1000) + "s";
+}export{parseExpirationToMs,toJwtExpiresIn};//# sourceMappingURL=duration.js.map

package/esm/utils/duration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"duration.js","sources":["../../src/utils/duration.ts"],"sourcesContent":[null],"names":[],"mappings":"kDA2BA;;;;;;;;;;;;;AAaG;SACa,mBAAmB,CACjC,UAAiC,EACjC,YAAoB,OAAO,EAAA;IAE3B,IAAI,UAAU,KAAK,SAAS,EAAE;AAC5B,QAAA,OAAO,SAAS,CAAC;AAClB,KAAA;IAED,IAAI,UAAU,KAAK,aAAa,EAAE;AAChC,QAAA,OAAO,SAAS,CAAC;AAClB,KAAA;AAED,IAAA,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE;AAClC,QAAA,OAAO,UAAU,CAAC;AACnB,KAAA;AAED,IAAA,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE;AAClC,QAAA,OAAO,mBAAmB,CAAC,UAAU,CAAC,CAAC;AACxC,KAAA;;AAGD,IAAA,OAAO,mBAAmB,CAAC,UAAU,CAAC,CAAC;AACzC,CAAC;AAED;;AAEG;AACH,SAAS,mBAAmB,CAAC,QAAkB,EAAA;IAC7C,IAAI,EAAE,GAAG,CAAC,CAAC;IAEX,IAAI,QAAQ,CAAC,YAAY;AAAE,QAAA,EAAE,IAAI,QAAQ,CAAC,YAAY,CAAC;IACvD,IAAI,QAAQ,CAAC,OAAO;AAAE,QAAA,EAAE,IAAI,QAAQ,CAAC,OAAO,GAAG,IAAI,CAAC;IACpD,IAAI,QAAQ,CAAC,OAAO;QAAE,EAAE,IAAI,QAAQ,CAAC,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC;IACzD,IAAI,QAAQ,CAAC,KAAK;QAAE,EAAE,IAAI,QAAQ,CAAC,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAC1D,IAAI,QAAQ,CAAC,IAAI;AAAE,QAAA,EAAE,IAAI,QAAQ,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAC7D,IAAI,QAAQ,CAAC,KAAK;AAAE,QAAA,EAAE,IAAI,QAAQ,CAAC,KAAK,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnE,IAAA,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;AAGG;AACH,SAAS,mBAAmB,CAAC,GAAW,EAAA;IACtC,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;AAEtC,IAAA,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;QACxB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;AACxD,QAAA,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;AAEpC,QAAA,QAAQ,IAAI;AACV,YAAA,KAAK,GAAG;AACN,gBAAA,OAAO,IAAI,KAAK,GAAG,IAAI,CAAC;gBACxB,MAAM;AACR,YAAA,KAAK,GAAG;AACN,gBAAA,OAAO,IAAI,KAAK,GAAG,EAAE,GAAG,IAAI,CAAC;gBAC7B,MAAM;AACR,YAAA,KAAK,GAAG;gBACN,OAAO,IAAI,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;gBAClC,MAAM;AACR,YAAA,KAAK,GAAG;gBACN,OAAO,IAAI,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;gBACvC,MAAM;AACR,YAAA,KAAK,GAAG;AACN,gBAAA,OAAO,IAAI,KAAK,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;gBAC3C,MAAM;AACT,SAAA;AACF,KAAA;AAED,IAAA,OAAO,OAAO,IAAI,OAAO,CAAC;AAC5B,CAAC;AAED;;;AAGG;SACa,cAAc,CAC5B,UAAiC,EACjC,YAAoB,OAAO,EAAA;IAE3B,MAAM,EAAE,GAAG,mBAAmB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACtD,IAAI,EAAE,KAAK,SAAS;AAAE,QAAA,OAAO,SAAS,CAAC;;IAGvC,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC;AACrC"}

package/esm/utils/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./auth-error-codes";
+export * from "./duration";
+//# sourceMappingURL=index.d.ts.map

package/esm/utils/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC;AACnC,cAAc,YAAY,CAAC"}

package/package.json

@@ -1,18 +1,20 @@
 {
     "name": "@warlock.js/auth",
-    "version": "4.0.5",
+    "version": "4.0.25",
     "description": "Authentication system for Warlock.js applications",
-    "main": "./cjs/index.js",
+    "main": "./esm/index.js",
     "dependencies": {
         "@mongez/password": "^1.0.2",
-        "fast-jwt": "^4.0.1"
+        "fast-jwt": "^6.1.0"
     },
     "peerDependencies": {
-        "@mongez/fs": "^3.0.4",
-        "@warlock.js/cascade": "4.0.5",
-        "@warlock.js/logger": "4.0.5",
-        "@mongez/reinforcements": "^2.3.9",
-        "@mongez/supportive-is": "^2.0.3"
+        "@mongez/fs": "^3.0.5",
+        "@warlock.js/cascade": "4.0.25",
+        "@warlock.js/core": "4.0.25",
+        "@warlock.js/logger": "4.0.25",
+        "@mongez/events": "^2.1.0",
+        "@mongez/reinforcements": "^2.3.12",
+        "@mongez/copper": "^1.0.1"
     },
     "repository": {
         "type": "git",
@@ -29,5 +31,6 @@
     "author": "hassanzohdy",
     "license": "MIT",
     "module": "./esm/index.js",
-    "typings": "./cjs/index.d.ts"
+    "typings": "./esm/index.d.ts",
+    "type": "module"
 }

package/cjs/commands/index.d.ts

@@ -1,2 +0,0 @@
-export declare function registerJWTSecretGeneratorCommand(): any;
-//# sourceMappingURL=index.d.ts.map

package/cjs/commands/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":"AAGA,wBAAgB,iCAAiC,QAEhD"}

package/cjs/controllers/guest-login.d.ts

@@ -1,3 +0,0 @@
-import type { Request, Response } from "@warlock.js/core";
-export declare function guestLogin(_request: Request, response: Response): Promise<any>;
-//# sourceMappingURL=guest-login.d.ts.map

package/cjs/controllers/guest-login.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"guest-login.d.ts","sourceRoot":"","sources":["../../src/controllers/guest-login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG1D,wBAAsB,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,gBAIrE"}