@xcelsior/auth 0.1.1

package/.turbo/turbo-build.log

@@ -0,0 +1,22 @@
+
+> @xcelsior/auth@0.1.1 build /Users/tuannguyen/Work/excelsior-packages/packages/services/auth
+> tsup
+
+CLI Building entry: src/index.ts
+CLI Using tsconfig: tsconfig.json
+CLI tsup v8.5.0
+CLI Using tsup config: /Users/tuannguyen/Work/excelsior-packages/packages/services/auth/tsup.config.ts
+CLI Target: es2020
+CLI Cleaning output folder
+CJS Build start
+ESM Build start
+CJS dist/index.js     16.47 KB
+CJS dist/index.js.map 30.61 KB
+CJS ⚡️ Build success in 146ms
+ESM dist/index.mjs     14.28 KB
+ESM dist/index.mjs.map 30.43 KB
+ESM ⚡️ Build success in 146ms
+DTS Build start
+DTS ⚡️ Build success in 3500ms
+DTS dist/index.d.ts  3.71 KB
+DTS dist/index.d.mts 3.71 KB

package/.turbo/turbo-lint.log

@@ -0,0 +1,5 @@
+
+> @xcelsior/auth@0.1.0 lint /Users/tuannguyen/Work/excelsior-packages/packages/services/auth
+> biome check .
+
+Checked 21 files in 28ms. No fixes applied.

package/.turbo/turbo-test.log

@@ -0,0 +1,12 @@
+
+> @xcelsior/auth@0.1.0 test /Users/tuannguyen/Work/excelsior-packages/packages/services/auth
+> jest --passWithNoTests
+
+Determining test suites to run...No tests found, exiting with code 0
+
+
+
+
+
+
+

package/CHANGELOG.md

@@ -0,0 +1,7 @@
+# @xcelsior/auth
+
+## 0.1.1
+
+### Patch Changes
+
+- initial auth package

package/README.md

@@ -0,0 +1,213 @@
+# @xcelsior/serverless-auth
+
+A reusable serverless authentication package with role-based access control and configurable email notifications.
+
+## Features
+
+- User authentication (signup, signin)
+- Email verification
+- Password reset flow
+- Role-based access control (RBAC)
+- Configurable email providers (SMTP, AWS SES)
+- Multiple storage providers (DynamoDB, with MongoDB and PostgreSQL coming soon)
+- JWT-based authentication
+- Middleware for protecting routes
+
+## Installation
+
+```bash
+npm install @xcelsior/serverless-auth
+# or
+yarn add @xcelsior/serverless-auth
+# or
+pnpm add @xcelsior/serverless-auth
+```
+
+## Usage
+
+### Configuration
+
+```typescript
+import { AuthService, AuthConfig } from '@xcelsior/serverless-auth';
+
+const config: AuthConfig = {
+  jwt: {
+    secret: 'your-jwt-secret',
+    expiresIn: '1d',
+  },
+  // Storage configuration
+  storage: {
+    // DynamoDB configuration
+    type: 'dynamodb',
+    options: {
+      tableName: 'your-users-table',
+      region: 'us-east-1',
+    },
+    // Or MongoDB configuration (coming soon)
+    // type: 'mongodb',
+    // options: {
+    //   uri: 'mongodb://localhost:27017',
+    //   dbName: 'auth',
+    //   collectionName: 'users',
+    // },
+    // Or PostgreSQL configuration (coming soon)
+    // type: 'postgres',
+    // options: {
+    //   connectionString: 'postgresql://user:pass@localhost:5432/db',
+    //   schema: 'public',
+    //   tableName: 'users',
+    // },
+  },
+  // Email configuration
+  email: {
+    // SMTP configuration
+    type: 'smtp',
+    from: 'noreply@yourdomain.com',
+    options: {
+      host: 'smtp.provider.com',
+      port: 587,
+      secure: false,
+      auth: {
+        user: 'your-smtp-username',
+        pass: 'your-smtp-password',
+      },
+    },
+    // Or AWS SES configuration
+    // type: 'ses',
+    // from: 'noreply@yourdomain.com',
+    // options: {
+    //   region: 'us-east-1',
+    //   credentials: {
+    //     accessKeyId: 'your-access-key',
+    //     secretAccessKey: 'your-secret-key',
+    //   },
+    //   sourceArn: 'arn:aws:ses:region:account-id:identity/yourdomain.com', // Optional: ARN of the verified identity
+    // },
+    // Optional: Custom email templates (defaults will be used if not provided)
+    templates: {
+      verification: {
+        subject: 'Verify your email',
+        html: (token) => `
+          <h1>Verify your email</h1>
+          <p>Click the link below to verify your email:</p>
+          <a href="https://yourdomain.com/verify-email?token=${token}">Verify Email</a>
+        `,
+      },
+      resetPassword: {
+        subject: 'Reset your password',
+        html: (token) => `
+          <h1>Reset your password</h1>
+          <p>Click the link below to reset your password:</p>
+          <a href="https://yourdomain.com/reset-password?token=${token}">Reset Password</a>
+        `,
+      },
+    },
+  },
+};
+
+const authService = new AuthService(config);
+```
+
+### Authentication
+
+```typescript
+// Signup
+const { user, token } = await authService.signup('user@example.com', 'password');
+
+// Signin
+const { user, token } = await authService.signin('user@example.com', 'password');
+
+// Verify email
+await authService.verifyEmail(verificationToken);
+
+// Reset password flow
+await authService.initiatePasswordReset('user@example.com');
+await authService.resetPassword(resetToken, 'newPassword');
+```
+
+### Middleware Usage
+
+```typescript
+import express from 'express';
+import { AuthMiddleware } from '@xcelsior/serverless-auth';
+
+const app = express();
+const authMiddleware = new AuthMiddleware(authService);
+
+// Protect routes
+app.use(authMiddleware.verifyToken());
+
+// Require specific roles
+app.get('/admin', 
+  authMiddleware.requireRoles(['ADMIN']),
+  (req, res) => {
+    res.json({ message: 'Admin access granted' });
+  }
+);
+
+// Require verified email
+app.post('/sensitive-action',
+  authMiddleware.requireEmailVerified(),
+  (req, res) => {
+    res.json({ message: 'Action performed' });
+  }
+);
+```
+
+## Storage Providers
+
+### DynamoDB
+
+Create a DynamoDB table with the following structure:
+
+- Table Name: (your choice)
+- Partition Key: id (string)
+- GSI (EmailIndex):
+  - Partition Key: email (string)
+
+### MongoDB (Coming Soon)
+
+The MongoDB provider will support:
+- Custom database and collection names
+- Automatic indexing setup
+- Flexible schema support
+
+### PostgreSQL (Coming Soon)
+
+The PostgreSQL provider will support:
+- Custom schema and table names
+- Automatic table creation
+- Migration support
+
+## Email Providers
+
+Both email providers come with built-in default templates for:
+- Email verification
+- Password reset
+
+The default templates are responsive, mobile-friendly, and follow email best practices. You can override these templates by providing your own in the configuration.
+
+### SMTP
+
+The SMTP provider supports any SMTP server, including:
+- Gmail
+- SendGrid
+- Mailgun
+- Custom SMTP servers
+
+### AWS SES
+
+The AWS SES provider supports:
+- Direct email sending through AWS SES
+- Region configuration
+- AWS credentials management
+- Production access management
+- Source ARN configuration for verified identities
+
+## Contributing
+
+Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
+
+## License
+
+MIT

package/biome.json

@@ -0,0 +1,3 @@
+{
+    "extends": "//"
+}

package/dist/index.d.mts

@@ -0,0 +1,139 @@
+import { z } from 'zod';
+
+interface StorageConfig {
+    type: 'dynamodb' | 'mongodb' | 'postgres';
+    options: DynamoDBConfig | MongoDBConfig | PostgresConfig;
+}
+interface DynamoDBConfig {
+    tableName: string;
+    region: string;
+}
+interface MongoDBConfig {
+    uri: string;
+    dbName: string;
+    collectionName: string;
+}
+interface PostgresConfig {
+    connectionString: string;
+    schema?: string;
+    tableName: string;
+}
+
+interface EmailTemplates {
+    verification: {
+        subject: string;
+        html: (token: string) => string;
+    };
+    resetPassword: {
+        subject: string;
+        html: (token: string) => string;
+    };
+}
+interface SMTPConfig {
+    host: string;
+    port: number;
+    secure: boolean;
+    auth: {
+        user: string;
+        pass: string;
+    };
+}
+interface SESConfig {
+    region: string;
+    credentials?: {
+        accessKeyId: string;
+        secretAccessKey: string;
+    };
+    sourceArn?: string;
+}
+interface EmailConfig {
+    type: 'smtp' | 'ses';
+    from: string;
+    options: SMTPConfig | SESConfig;
+    templates?: EmailTemplates;
+}
+
+declare const UserRoleSchema: z.ZodEnum<["ADMIN", "USER", "GUEST"]>;
+type UserRole = z.infer<typeof UserRoleSchema>;
+declare const UserSchema: z.ZodObject<{
+    id: z.ZodString;
+    email: z.ZodString;
+    passwordHash: z.ZodString;
+    roles: z.ZodArray<z.ZodEnum<["ADMIN", "USER", "GUEST"]>, "many">;
+    isEmailVerified: z.ZodBoolean;
+    verificationToken: z.ZodOptional<z.ZodString>;
+    resetPasswordToken: z.ZodOptional<z.ZodString>;
+    resetPasswordExpires: z.ZodOptional<z.ZodNumber>;
+    createdAt: z.ZodNumber;
+    updatedAt: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    id: string;
+    email: string;
+    passwordHash: string;
+    roles: ("ADMIN" | "USER" | "GUEST")[];
+    isEmailVerified: boolean;
+    createdAt: number;
+    updatedAt: number;
+    verificationToken?: string | undefined;
+    resetPasswordToken?: string | undefined;
+    resetPasswordExpires?: number | undefined;
+}, {
+    id: string;
+    email: string;
+    passwordHash: string;
+    roles: ("ADMIN" | "USER" | "GUEST")[];
+    isEmailVerified: boolean;
+    createdAt: number;
+    updatedAt: number;
+    verificationToken?: string | undefined;
+    resetPasswordToken?: string | undefined;
+    resetPasswordExpires?: number | undefined;
+}>;
+type User = z.infer<typeof UserSchema>;
+interface AuthConfig {
+    jwt: {
+        privateKey: string;
+        publicKey: string;
+        keyId: string;
+        expiresIn: string;
+    };
+    storage: StorageConfig;
+    email: EmailConfig;
+}
+
+declare class AuthService {
+    private storage;
+    private email;
+    private config;
+    constructor(config: AuthConfig);
+    private generateToken;
+    private hashPassword;
+    signup(email: string, password: string, roles?: UserRole[]): Promise<{
+        user: User;
+        token: string;
+    }>;
+    signin(email: string, password: string): Promise<{
+        user: User;
+        token: string;
+    }>;
+    verifyEmail(token: string): Promise<void>;
+    initiatePasswordReset(email: string): Promise<void>;
+    resetPassword(token: string, newPassword: string): Promise<void>;
+    verifyToken(token: string): Promise<{
+        id: string;
+        email: string;
+        roles: UserRole[];
+        isEmailVerified: boolean;
+    }>;
+    hasRole(userId: string, requiredRoles: UserRole[]): Promise<boolean>;
+}
+
+declare class AuthMiddleware {
+    private authService;
+    constructor(authService: AuthService);
+    verifyToken(): (req: any, res: any, next: any) => Promise<void>;
+    requireRoles(roles: UserRole[]): (req: any, res: any, next: any) => Promise<void>;
+    requireEmailVerified(): (req: any, res: any, next: any) => any;
+}
+
+export { type AuthConfig, AuthMiddleware, AuthService, type User, type UserRole, UserRoleSchema, UserSchema };

package/dist/index.d.ts

@@ -0,0 +1,139 @@
+import { z } from 'zod';
+
+interface StorageConfig {
+    type: 'dynamodb' | 'mongodb' | 'postgres';
+    options: DynamoDBConfig | MongoDBConfig | PostgresConfig;
+}
+interface DynamoDBConfig {
+    tableName: string;
+    region: string;
+}
+interface MongoDBConfig {
+    uri: string;
+    dbName: string;
+    collectionName: string;
+}
+interface PostgresConfig {
+    connectionString: string;
+    schema?: string;
+    tableName: string;
+}
+
+interface EmailTemplates {
+    verification: {
+        subject: string;
+        html: (token: string) => string;
+    };
+    resetPassword: {
+        subject: string;
+        html: (token: string) => string;
+    };
+}
+interface SMTPConfig {
+    host: string;
+    port: number;
+    secure: boolean;
+    auth: {
+        user: string;
+        pass: string;
+    };
+}
+interface SESConfig {
+    region: string;
+    credentials?: {
+        accessKeyId: string;
+        secretAccessKey: string;
+    };
+    sourceArn?: string;
+}
+interface EmailConfig {
+    type: 'smtp' | 'ses';
+    from: string;
+    options: SMTPConfig | SESConfig;
+    templates?: EmailTemplates;
+}
+
+declare const UserRoleSchema: z.ZodEnum<["ADMIN", "USER", "GUEST"]>;
+type UserRole = z.infer<typeof UserRoleSchema>;
+declare const UserSchema: z.ZodObject<{
+    id: z.ZodString;
+    email: z.ZodString;
+    passwordHash: z.ZodString;
+    roles: z.ZodArray<z.ZodEnum<["ADMIN", "USER", "GUEST"]>, "many">;
+    isEmailVerified: z.ZodBoolean;
+    verificationToken: z.ZodOptional<z.ZodString>;
+    resetPasswordToken: z.ZodOptional<z.ZodString>;
+    resetPasswordExpires: z.ZodOptional<z.ZodNumber>;
+    createdAt: z.ZodNumber;
+    updatedAt: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    id: string;
+    email: string;
+    passwordHash: string;
+    roles: ("ADMIN" | "USER" | "GUEST")[];
+    isEmailVerified: boolean;
+    createdAt: number;
+    updatedAt: number;
+    verificationToken?: string | undefined;
+    resetPasswordToken?: string | undefined;
+    resetPasswordExpires?: number | undefined;
+}, {
+    id: string;
+    email: string;
+    passwordHash: string;
+    roles: ("ADMIN" | "USER" | "GUEST")[];
+    isEmailVerified: boolean;
+    createdAt: number;
+    updatedAt: number;
+    verificationToken?: string | undefined;
+    resetPasswordToken?: string | undefined;
+    resetPasswordExpires?: number | undefined;
+}>;
+type User = z.infer<typeof UserSchema>;
+interface AuthConfig {
+    jwt: {
+        privateKey: string;
+        publicKey: string;
+        keyId: string;
+        expiresIn: string;
+    };
+    storage: StorageConfig;
+    email: EmailConfig;
+}
+
+declare class AuthService {
+    private storage;
+    private email;
+    private config;
+    constructor(config: AuthConfig);
+    private generateToken;
+    private hashPassword;
+    signup(email: string, password: string, roles?: UserRole[]): Promise<{
+        user: User;
+        token: string;
+    }>;
+    signin(email: string, password: string): Promise<{
+        user: User;
+        token: string;
+    }>;
+    verifyEmail(token: string): Promise<void>;
+    initiatePasswordReset(email: string): Promise<void>;
+    resetPassword(token: string, newPassword: string): Promise<void>;
+    verifyToken(token: string): Promise<{
+        id: string;
+        email: string;
+        roles: UserRole[];
+        isEmailVerified: boolean;
+    }>;
+    hasRole(userId: string, requiredRoles: UserRole[]): Promise<boolean>;
+}
+
+declare class AuthMiddleware {
+    private authService;
+    constructor(authService: AuthService);
+    verifyToken(): (req: any, res: any, next: any) => Promise<void>;
+    requireRoles(roles: UserRole[]): (req: any, res: any, next: any) => Promise<void>;
+    requireEmailVerified(): (req: any, res: any, next: any) => any;
+}
+
+export { type AuthConfig, AuthMiddleware, AuthService, type User, type UserRole, UserRoleSchema, UserSchema };