npm - auth-vir - Versions diffs - 3.1.0 → 3.1.1 - Mend

auth-vir 3.1.0 → 3.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/README.md +7 -8
package/dist/auth-client/backend-auth.client.d.ts +9 -0
package/dist/auth-client/backend-auth.client.js +25 -13
package/dist/auth-client/frontend-auth.client.d.ts +4 -2
package/dist/auth-client/frontend-auth.client.js +11 -21
package/dist/auth.d.ts +8 -7
package/dist/auth.js +6 -10
package/dist/csrf-token-store.d.ts +21 -0
package/dist/csrf-token-store.js +35 -0
package/dist/csrf-token.d.ts +16 -15
package/dist/csrf-token.js +10 -9
package/dist/generated/internal/class.js +2 -2
package/dist/index.d.ts +2 -1
package/dist/index.js +2 -1
package/dist/mock-csrf-token-store.d.ts +64 -0
package/dist/{mock-local-storage.js → mock-csrf-token-store.js} +48 -0
package/package.json +7 -6
package/src/auth-client/backend-auth.client.ts +37 -22
package/src/auth-client/frontend-auth.client.ts +12 -24
package/src/auth.ts +9 -15
package/src/csrf-token-store.ts +54 -0
package/src/csrf-token.ts +22 -24
package/src/generated/internal/class.ts +2 -2
package/src/index.ts +2 -1
package/src/{mock-local-storage.ts → mock-csrf-token-store.ts} +66 -0
package/dist/mock-local-storage.d.ts +0 -33

package/README.md CHANGED Viewed

@@ -252,8 +252,7 @@ Use this on your client / frontend for storing and sending session authorization
 1. Send a login fetch request to your host / server / backend with `{credentials: 'include'}` set on the request.
 2. Pass the `Response` from step 1 into [`handleAuthResponse`](https://electrovir.github.io/auth-vir/functions/handleAuthResponse.html).
-3. In all subsequent fetch requests to the host / server / backend, set `{credentials: 'include'}` and include `{headers: {[AuthHeaderName.CsrfToken]: getCurrentCsrfToken()}}`.
-4. Upon user logout, call [`wipeCurrentCsrfToken()`](https://electrovir.github.io/auth-vir/functions/wipeCurrentCsrfToken.html)
+3. In all subsequent fetch requests to the host / server / backend, set `{credentials: 'include'}` and include `{headers: {[AuthHeaderName.CsrfToken]: (await getCurrentCsrfToken()).csrfToken}}`.
 Here's a full example of how to use all the client / frontend side auth functionality:
@@ -282,7 +281,7 @@ export async function sendLoginRequest(
     userLoginData: {username: string; password: string},
     loginUrl: string,
 ) {
-    if (getCurrentCsrfToken(csrfOption).csrfToken) {
+    if ((await getCurrentCsrfToken(csrfOption)).csrfToken) {
         throw new Error('Already logged in.');
     }
@@ -292,7 +291,7 @@ export async function sendLoginRequest(
         credentials: 'include',
     });
-    handleAuthResponse(response, csrfOption);
+    await handleAuthResponse(response, csrfOption);
     return response;
 }
@@ -303,7 +302,7 @@ export async function sendAuthenticatedRequest(
     requestInit: Omit<RequestInit, 'headers'> = {},
     headers: Record<string, string> = {},
 ) {
-    const {csrfToken} = getCurrentCsrfToken(csrfOption);
+    const {csrfToken} = await getCurrentCsrfToken(csrfOption);
     if (!csrfToken) {
         throw new Error('Not authenticated.');
@@ -324,7 +323,7 @@ export async function sendAuthenticatedRequest(
      * another tab.)
      */
     if (response.status === HttpStatus.Unauthorized) {
-        wipeCurrentCsrfToken(csrfOption);
+        await wipeCurrentCsrfToken(csrfOption);
         throw new Error(`User no longer logged in.`);
     } else {
         return response;
@@ -332,8 +331,8 @@ export async function sendAuthenticatedRequest(
 }
 /** Call this when the user explicitly clicks a "log out" button. */
-export function logout() {
-    wipeCurrentCsrfToken(csrfOption);
+export async function logout() {
+    await wipeCurrentCsrfToken(csrfOption);
 }
 ```

package/dist/auth-client/backend-auth.client.d.ts CHANGED Viewed

@@ -209,6 +209,15 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
     }>): Promise<Record<string, string | string[]> & {
         'set-cookie': string[];
     }>;
+    /**
+     * Refreshes a login session by reissuing the auth cookie with the same CSRF token instead of
+     * generating a new one.
+     */
+    protected refreshLoginHeaders({ userId, cookieParams, existingUserIdResult, }: {
+        userId: UserId;
+        cookieParams: Readonly<CookieParams>;
+        existingUserIdResult: Readonly<UserIdResult<UserId>>;
+    }): Promise<Record<string, string>>;
     /** Use these headers to log a user in. */
     createLoginHeaders({ userId, requestHeaders, isSignUpCookie, }: {
         userId: UserId;

package/dist/auth-client/backend-auth.client.js CHANGED Viewed

@@ -256,24 +256,30 @@ export class BackendAuthClient {
             ? generateLogoutHeaders(await this.getCookieParams({
                 isSignUpCookie: true,
                 requestHeaders: undefined,
-            }), this.config.csrf)
+            }))
             : undefined;
         const authCookieHeaders = params.allCookies || !params.isSignUpCookie
             ? generateLogoutHeaders(await this.getCookieParams({
                 isSignUpCookie: false,
                 requestHeaders: undefined,
-            }), this.config.csrf)
+            }))
             : undefined;
-        const setCookieHeader = {
+        return {
             'set-cookie': mergeHeaderValues(signUpCookieHeaders?.['set-cookie'], authCookieHeaders?.['set-cookie']),
         };
-        const csrfTokenHeader = {
-            ...authCookieHeaders,
-            ...signUpCookieHeaders,
-        };
+    }
+    /**
+     * Refreshes a login session by reissuing the auth cookie with the same CSRF token instead of
+     * generating a new one.
+     */
+    async refreshLoginHeaders({ userId, cookieParams, existingUserIdResult, }) {
+        const { cookie } = await generateAuthCookie({
+            csrfToken: existingUserIdResult.csrfToken,
+            userId,
+            sessionStartedAt: existingUserIdResult.sessionStartedAt,
+        }, cookieParams);
         return {
-            ...csrfTokenHeader,
-            ...setCookieHeader,
+            'set-cookie': cookie,
         };
     }
     /** Use these headers to log a user in. */
@@ -284,14 +290,20 @@ export class BackendAuthClient {
             ? generateLogoutHeaders(await this.getCookieParams({
                 isSignUpCookie: !isSignUpCookie,
                 requestHeaders,
-            }), this.config.csrf)
+            }))
             : undefined;
         const existingUserIdResult = await extractUserIdFromRequestHeaders(requestHeaders, await this.getJwtParams(), this.config.csrf, isSignUpCookie ? AuthCookieName.SignUp : AuthCookieName.Auth);
-        const sessionStartedAt = existingUserIdResult?.sessionStartedAt;
-        const newCookieHeaders = await generateSuccessfulLoginHeaders(userId, await this.getCookieParams({
+        const cookieParams = await this.getCookieParams({
             isSignUpCookie,
             requestHeaders,
-        }), this.config.csrf, sessionStartedAt);
+        });
+        const newCookieHeaders = existingUserIdResult
+            ? await this.refreshLoginHeaders({
+                userId,
+                cookieParams,
+                existingUserIdResult,
+            })
+            : await generateSuccessfulLoginHeaders(userId, cookieParams, this.config.csrf);
         return {
             ...newCookieHeaders,
             'set-cookie': mergeHeaderValues(newCookieHeaders['set-cookie'], discardOppositeCookieHeaders?.['set-cookie']),

package/dist/auth-client/frontend-auth.client.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { type createBlockingInterval, type JsonCompatibleObject, type MaybePromise, type PartialWithUndefined, type SelectFrom } from '@augment-vir/common';
 import { type AnyDuration } from 'date-vir';
 import { type EmptyObject } from 'type-fest';
+import { type CsrfTokenStore } from '../csrf-token-store.js';
 import { type CsrfHeaderNameOption } from '../csrf-token.js';
 /**
  * Config for {@link FrontendAuthClient}.
@@ -57,6 +58,7 @@ export type FrontendAuthClientConfig = Readonly<{
     allowedClockSkew: Readonly<AnyDuration>;
     overrides: PartialWithUndefined<{
         localStorage: Pick<Storage, 'setItem' | 'removeItem' | 'getItem'>;
+        csrfTokenStore: CsrfTokenStore;
     }>;
 }>;
 /**
@@ -78,7 +80,7 @@ export declare class FrontendAuthClient<AssumedUserParams extends JsonCompatible
      */
     destroy(): void;
     /** Wraps {@link getCurrentCsrfToken} to automatically handle wiping an invalid CSRF token. */
-    getCurrentCsrfToken(): string | undefined;
+    getCurrentCsrfToken(): Promise<string | undefined>;
     /**
      * Assume the given user. Pass `undefined` to wipe the currently assumed user.
      *
@@ -93,7 +95,7 @@ export declare class FrontendAuthClient<AssumedUserParams extends JsonCompatible
      * `@augment-vir/common`](https://electrovir.github.io/augment-vir/functions/mergeDeep.html) to
      * combine them with these.
      */
-    createAuthenticatedRequestInit(): RequestInit;
+    createAuthenticatedRequestInit(): Promise<RequestInit>;
     /** Wipes the current user auth. */
     logout(): Promise<void>;
     /**

package/dist/auth-client/frontend-auth.client.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { HttpStatus, } from '@augment-vir/common';
 import { listenToActivity } from 'detect-activity';
-import { CsrfTokenFailureReason, defaultAllowedClockSkew, extractCsrfTokenHeader, getCurrentCsrfToken, resolveCsrfHeaderName, storeCsrfToken, wipeCurrentCsrfToken, } from '../csrf-token.js';
+import { defaultAllowedClockSkew, extractCsrfTokenHeader, getCurrentCsrfToken, resolveCsrfHeaderName, storeCsrfToken, } from '../csrf-token.js';
 import { AuthHeaderName } from '../headers.js';
 /**
  * An auth client for sending and validating client requests to a backend. This should only be used
@@ -42,19 +42,13 @@ export class FrontendAuthClient {
         this.removeActivityListener?.();
     }
     /** Wraps {@link getCurrentCsrfToken} to automatically handle wiping an invalid CSRF token. */
-    getCurrentCsrfToken() {
-        const csrfTokenResult = getCurrentCsrfToken({
+    async getCurrentCsrfToken() {
+        const csrfTokenResult = await getCurrentCsrfToken({
             ...this.config.csrf,
-            localStorage: this.config.overrides?.localStorage,
+            csrfTokenStore: this.config.overrides?.csrfTokenStore,
             allowedClockSkew: this.config.allowedClockSkew || defaultAllowedClockSkew,
         });
         if (csrfTokenResult.failure) {
-            if (csrfTokenResult.failure !== CsrfTokenFailureReason.DoesNotExist) {
-                wipeCurrentCsrfToken({
-                    ...this.config.csrf,
-                    localStorage: this.config.overrides?.localStorage,
-                });
-            }
             return undefined;
         }
         return csrfTokenResult.csrfToken.token;
@@ -71,7 +65,7 @@ export class FrontendAuthClient {
             localStorage.removeItem(storageKey);
             return true;
         }
-        if (!(await this.config.canAssumeUser?.())) {
+        else if (!(await this.config.canAssumeUser?.())) {
             return false;
         }
         localStorage.setItem(storageKey, JSON.stringify(assumedUserParams));
@@ -96,8 +90,8 @@ export class FrontendAuthClient {
      * `@augment-vir/common`](https://electrovir.github.io/augment-vir/functions/mergeDeep.html) to
      * combine them with these.
      */
-    createAuthenticatedRequestInit() {
-        const csrfToken = this.getCurrentCsrfToken();
+    async createAuthenticatedRequestInit() {
+        const csrfToken = await this.getCurrentCsrfToken();
         const assumedUser = this.getAssumedUser();
         const headers = {
             ...(csrfToken
@@ -119,10 +113,6 @@ export class FrontendAuthClient {
     /** Wipes the current user auth. */
     async logout() {
         await this.config.authClearedCallback?.();
-        wipeCurrentCsrfToken({
-            ...this.config.csrf,
-            localStorage: this.config.overrides?.localStorage,
-        });
     }
     /**
      * Use to handle a login response. Automatically stores the CSRF token.
@@ -142,9 +132,9 @@ export class FrontendAuthClient {
             await this.logout();
             throw new Error('Did not receive any CSRF token.');
         }
-        storeCsrfToken(csrfToken, {
+        await storeCsrfToken(csrfToken, {
             ...this.config.csrf,
-            localStorage: this.config.overrides?.localStorage,
+            csrfTokenStore: this.config.overrides?.csrfTokenStore,
         });
     }
     /**
@@ -164,9 +154,9 @@ export class FrontendAuthClient {
             allowedClockSkew: this.config.allowedClockSkew || defaultAllowedClockSkew,
         });
         if (csrfToken) {
-            storeCsrfToken(csrfToken, {
+            await storeCsrfToken(csrfToken, {
                 ...this.config.csrf,
-                localStorage: this.config.overrides?.localStorage,
+                csrfTokenStore: this.config.overrides?.csrfTokenStore,
             });
         }
         return true;

package/dist/auth.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { type PartialWithUndefined } from '@augment-vir/common';
 import { type FullDate, type UtcTimezone } from 'date-vir';
 import { type CookieParams } from './cookie.js';
+import { type CsrfTokenStore } from './csrf-token-store.js';
 import { type CsrfHeaderNameOption } from './csrf-token.js';
 import { type ParseJwtParams } from './jwt/jwt.js';
 import { type JwtUserData } from './jwt/user-jwt.js';
@@ -66,11 +67,11 @@ sessionStartedAt?: number | undefined): Promise<Record<string, string>>;
  *
  * @category Auth : Host
  */
-export declare function generateLogoutHeaders(cookieConfig: Readonly<Pick<CookieParams, 'cookieName' | 'hostOrigin' | 'isDev'>>, csrfHeaderNameOption: Readonly<CsrfHeaderNameOption>): Record<string, string>;
+export declare function generateLogoutHeaders(cookieConfig: Readonly<Pick<CookieParams, 'cookieName' | 'hostOrigin' | 'isDev'>>): Record<string, string>;
 /**
  * Store auth data on a client (frontend) after receiving an auth response from the host (backend).
- * Specifically, this stores the CSRF token into local storage (which doesn't need to be a secret).
- * Alternatively, if the given response failed, this will wipe the existing (if anyone) stored CSRF
+ * Specifically, this stores the CSRF token into IndexedDB (which doesn't need to be a secret).
+ * Alternatively, if the given response failed, this will wipe the existing (if any) stored CSRF
  * token.
  *
  * @category Auth : Client
@@ -78,9 +79,9 @@ export declare function generateLogoutHeaders(cookieConfig: Readonly<Pick<Cookie
  */
 export declare function handleAuthResponse(response: Readonly<Pick<Response, 'ok' | 'headers'>>, options: Readonly<CsrfHeaderNameOption> & PartialWithUndefined<{
     /**
-     * Allows mocking or overriding the global `localStorage`.
+     * Allows mocking or overriding the default CSRF token store.
      *
-     * @default globalThis.localStorage
+     * @default getDefaultCsrfTokenStore()
      */
-    localStorage: Pick<Storage, 'setItem' | 'removeItem'>;
-}>): void;
+    csrfTokenStore: CsrfTokenStore;
+}>): Promise<void>;

package/dist/auth.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { AuthCookieName, clearAuthCookie, extractCookieJwt, generateAuthCookie, } from './cookie.js';
-import { extractCsrfTokenHeader, generateCsrfToken, parseCsrfToken, resolveCsrfHeaderName, storeCsrfToken, wipeCurrentCsrfToken, } from './csrf-token.js';
+import { extractCsrfTokenHeader, generateCsrfToken, parseCsrfToken, resolveCsrfHeaderName, storeCsrfToken, } from './csrf-token.js';
 function readHeader(headers, headerName) {
     if (headers instanceof Headers) {
         return headers.get(headerName) || undefined;
@@ -122,31 +122,27 @@ sessionStartedAt) {
  *
  * @category Auth : Host
  */
-export function generateLogoutHeaders(cookieConfig, csrfHeaderNameOption) {
-    const csrfHeaderName = resolveCsrfHeaderName(csrfHeaderNameOption);
+export function generateLogoutHeaders(cookieConfig) {
     return {
         'set-cookie': clearAuthCookie(cookieConfig),
-        [csrfHeaderName]: 'redacted',
     };
 }
 /**
  * Store auth data on a client (frontend) after receiving an auth response from the host (backend).
- * Specifically, this stores the CSRF token into local storage (which doesn't need to be a secret).
- * Alternatively, if the given response failed, this will wipe the existing (if anyone) stored CSRF
+ * Specifically, this stores the CSRF token into IndexedDB (which doesn't need to be a secret).
+ * Alternatively, if the given response failed, this will wipe the existing (if any) stored CSRF
  * token.
  *
  * @category Auth : Client
  * @throws Error if no CSRF token header is found.
  */
-export function handleAuthResponse(response, options) {
+export async function handleAuthResponse(response, options) {
     if (!response.ok) {
-        wipeCurrentCsrfToken(options);
         return;
     }
     const { csrfToken } = extractCsrfTokenHeader(response, options);
     if (!csrfToken) {
-        wipeCurrentCsrfToken(options);
         throw new Error('Did not receive any CSRF token.');
     }
-    storeCsrfToken(csrfToken, options);
+    await storeCsrfToken(csrfToken, options);
 }

package/dist/csrf-token-store.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+/**
+ * The interface used for overriding the default CSRF token store in storage functions.
+ *
+ * @category Internal
+ */
+export type CsrfTokenStore = {
+    /** Retrieves the stored CSRF token, if any. */
+    getCsrfToken(): Promise<string | undefined>;
+    /** Stores a CSRF token. */
+    setCsrfToken(value: string): Promise<void>;
+    /** Deletes the stored CSRF token. */
+    deleteCsrfToken(): Promise<void>;
+};
+/**
+ * The default {@link LocalDbClient} instance used for storing CSRF tokens. This uses a dedicated
+ * store name to avoid collisions with other storage. Lazily initialized to avoid crashes in Node.js
+ * environments where IndexedDB is not available.
+ *
+ * @category Internal
+ */
+export declare function getDefaultCsrfTokenStore(): Promise<CsrfTokenStore>;

package/dist/csrf-token-store.js ADDED Viewed

@@ -0,0 +1,35 @@
+import { LocalDbClient } from 'local-db-client';
+import { defineShape } from 'object-shape-tester';
+const csrfTokenDbShapes = {
+    csrfToken: defineShape(''),
+};
+async function createDefaultCsrfTokenStore() {
+    const client = await LocalDbClient.createClient(csrfTokenDbShapes, {
+        storeName: 'auth-vir-csrf',
+    });
+    return {
+        async getCsrfToken() {
+            return (await client.load.csrfToken()) || undefined;
+        },
+        async setCsrfToken(value) {
+            await client.set.csrfToken(value);
+        },
+        async deleteCsrfToken() {
+            await client.delete.csrfToken();
+        },
+    };
+}
+/**
+ * The default {@link LocalDbClient} instance used for storing CSRF tokens. This uses a dedicated
+ * store name to avoid collisions with other storage. Lazily initialized to avoid crashes in Node.js
+ * environments where IndexedDB is not available.
+ *
+ * @category Internal
+ */
+export async function getDefaultCsrfTokenStore() {
+    if (!cachedStorePromise) {
+        cachedStorePromise = createDefaultCsrfTokenStore();
+    }
+    return cachedStorePromise;
+}
+let cachedStorePromise;

package/dist/csrf-token.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { type PartialWithUndefined, type SelectFrom } from '@augment-vir/common';
 import { type AnyDuration } from 'date-vir';
 import { type RequireExactlyOne } from 'type-fest';
+import { type CsrfTokenStore } from './csrf-token-store.js';
 /**
  * Shape definition for {@link CsrfToken}.
  *
@@ -100,18 +101,18 @@ export declare function extractCsrfTokenHeader(response: Readonly<PartialWithUnd
     allowedClockSkew: Readonly<AnyDuration>;
 }>): Readonly<GetCsrfTokenResult>;
 /**
- * Stores the given CSRF token into local storage.
+ * Stores the given CSRF token into IndexedDB.
  *
  * @category Auth : Client
  */
 export declare function storeCsrfToken(csrfToken: Readonly<CsrfToken>, options: Readonly<CsrfHeaderNameOption> & PartialWithUndefined<{
     /**
-     * Allows mocking or overriding the global `localStorage`.
+     * Allows mocking or overriding the default CSRF token store.
      *
-     * @default globalThis.localStorage
+     * @default getDefaultCsrfTokenStore()
      */
-    localStorage: Pick<Storage, 'setItem' | 'removeItem'>;
-}>): void;
+    csrfTokenStore: CsrfTokenStore;
+}>): Promise<void>;
 /**
  * Parse a raw CSRF token JSON string.
  *
@@ -134,29 +135,29 @@ export declare function parseCsrfToken(value: string | undefined | null, options
  */
 export declare function getCurrentCsrfToken(options: Readonly<CsrfHeaderNameOption> & PartialWithUndefined<{
     /**
-     * Allows mocking or overriding the global `localStorage`.
+     * Allows mocking or overriding the default CSRF token store.
      *
-     * @default globalThis.localStorage
+     * @default getDefaultCsrfTokenStore()
      */
-    localStorage: Pick<Storage, 'getItem'>;
+    csrfTokenStore: CsrfTokenStore;
     /**
      * Allowed clock skew tolerance for CSRF token expiration checks.
      *
      * @default {minutes: 5}
      */
     allowedClockSkew: Readonly<AnyDuration>;
-}>): Readonly<GetCsrfTokenResult>;
+}>): Promise<Readonly<GetCsrfTokenResult>>;
 /**
- * Wipes the current stored CSRF token. This should be used by client (frontend) code to logout a
- * user or react to a session timeout.
+ * Wipes the current stored CSRF token. This should be used by client (frontend) code to react to a
+ * session timeout.
  *
  * @category Auth : Client
  */
 export declare function wipeCurrentCsrfToken(options: Readonly<CsrfHeaderNameOption> & PartialWithUndefined<{
     /**
-     * Allows mocking or overriding the global `localStorage`.
+     * Allows mocking or overriding the default CSRF token store.
      *
-     * @default globalThis.localStorage
+     * @default getDefaultCsrfTokenStore()
      */
-    localStorage: Pick<Storage, 'removeItem'>;
-}>): void;
+    csrfTokenStore: CsrfTokenStore;
+}>): Promise<void>;

package/dist/csrf-token.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import { randomString, wrapInTry, } from '@augment-vir/common';
 import { calculateRelativeDate, fullDateShape, getNowInUtcTimezone, isDateAfter, } from 'date-vir';
 import { defineShape, parseJsonWithShape } from 'object-shape-tester';
+import { getDefaultCsrfTokenStore } from './csrf-token-store.js';
 /**
  * Shape definition for {@link CsrfToken}.
  *
@@ -76,12 +77,12 @@ export function extractCsrfTokenHeader(response, csrfHeaderNameOption, options)
     return parseCsrfToken(rawCsrfToken, options);
 }
 /**
- * Stores the given CSRF token into local storage.
+ * Stores the given CSRF token into IndexedDB.
  *
  * @category Auth : Client
  */
-export function storeCsrfToken(csrfToken, options) {
-    (options.localStorage || globalThis.localStorage).setItem(resolveCsrfHeaderName(options), JSON.stringify(csrfToken));
+export async function storeCsrfToken(csrfToken, options) {
+    await (options.csrfTokenStore || (await getDefaultCsrfTokenStore())).setCsrfToken(JSON.stringify(csrfToken));
 }
 /**
  * Parse a raw CSRF token JSON string.
@@ -124,17 +125,17 @@ export function parseCsrfToken(value, options) {
  *
  * @category Auth : Client
  */
-export function getCurrentCsrfToken(options) {
-    const rawCsrfToken = (options.localStorage || globalThis.localStorage).getItem(resolveCsrfHeaderName(options)) ||
+export async function getCurrentCsrfToken(options) {
+    const rawCsrfToken = (await (options.csrfTokenStore || (await getDefaultCsrfTokenStore())).getCsrfToken()) ||
         undefined;
     return parseCsrfToken(rawCsrfToken, options);
 }
 /**
- * Wipes the current stored CSRF token. This should be used by client (frontend) code to logout a
- * user or react to a session timeout.
+ * Wipes the current stored CSRF token. This should be used by client (frontend) code to react to a
+ * session timeout.
  *
  * @category Auth : Client
  */
-export function wipeCurrentCsrfToken(options) {
-    return (options.localStorage || globalThis.localStorage).removeItem(resolveCsrfHeaderName(options));
+export async function wipeCurrentCsrfToken(options) {
+    await (options.csrfTokenStore || (await getDefaultCsrfTokenStore())).deleteCsrfToken();
 }

package/dist/generated/internal/class.js CHANGED Viewed

@@ -22,8 +22,8 @@ const config = {
             "fromEnvVar": null
         },
         "config": {
-            "engineType": "client",
-            "moduleFormat": "esm"
+            "moduleFormat": "esm",
+            "engineType": "client"
         },
         "binaryTargets": [
             {

package/dist/index.d.ts CHANGED Viewed

@@ -3,10 +3,11 @@ export * from './auth-client/frontend-auth.client.js';
 export * from './auth-client/is-session-refresh-ready.js';
 export * from './auth.js';
 export * from './cookie.js';
+export * from './csrf-token-store.js';
 export * from './csrf-token.js';
 export * from './hash.js';
 export * from './headers.js';
 export * from './jwt/jwt-keys.js';
 export * from './jwt/jwt.js';
 export * from './jwt/user-jwt.js';
-export * from './mock-local-storage.js';
+export * from './mock-csrf-token-store.js';

package/dist/index.js CHANGED Viewed

@@ -3,10 +3,11 @@ export * from './auth-client/frontend-auth.client.js';
 export * from './auth-client/is-session-refresh-ready.js';
 export * from './auth.js';
 export * from './cookie.js';
+export * from './csrf-token-store.js';
 export * from './csrf-token.js';
 export * from './hash.js';
 export * from './headers.js';
 export * from './jwt/jwt-keys.js';
 export * from './jwt/jwt.js';
 export * from './jwt/user-jwt.js';
-export * from './mock-local-storage.js';
+export * from './mock-csrf-token-store.js';

package/dist/mock-csrf-token-store.d.ts ADDED Viewed

@@ -0,0 +1,64 @@
+import { type CsrfTokenStore } from './csrf-token-store.js';
+/**
+ * `accessRecord` type for {@link createMockLocalStorage}'s output.
+ *
+ * @category Internal
+ */
+export type MockLocalStorageAccessRecord = {
+    getItem: string[];
+    removeItem: string[];
+    setItem: {
+        key: string;
+        value: string;
+    }[];
+    key: number[];
+};
+/**
+ * Create an empty `accessRecord` object, this is to be used in conjunction with
+ * {@link createMockLocalStorage}.
+ *
+ * @category Mock
+ */
+export declare function createEmptyMockLocalStorageAccessRecord(): MockLocalStorageAccessRecord;
+/**
+ * Create a LocalStorage mock.
+ *
+ * @category Mock
+ */
+export declare function createMockLocalStorage(
+/** Set values in here to initialize the mocked localStorage data store contents. */
+init?: Record<string, string>): {
+    localStorage: Storage;
+    store: Record<string, string>;
+    accessRecord: MockLocalStorageAccessRecord;
+};
+/**
+ * `accessRecord` type for {@link createMockCsrfTokenStore}'s output.
+ *
+ * @category Internal
+ */
+export type MockCsrfTokenStoreAccessRecord = {
+    getCsrfToken: number;
+    setCsrfToken: string[];
+    deleteCsrfToken: number;
+};
+/**
+ * Create an empty `accessRecord` object, this is to be used in conjunction with
+ * {@link createMockCsrfTokenStore}.
+ *
+ * @category Mock
+ */
+export declare function createEmptyMockCsrfTokenStoreAccessRecord(): MockCsrfTokenStoreAccessRecord;
+/**
+ * Create a mock {@link CsrfTokenStore} backed by a simple in-memory object, for use in tests.
+ *
+ * @category Mock
+ */
+export declare function createMockCsrfTokenStore(
+/** Set an initial value to initialize the mocked store contents. */
+init?: string | undefined): {
+    csrfTokenStore: CsrfTokenStore;
+    /** The current value held in the mock store. */
+    readonly storedValue: string | undefined;
+    accessRecord: MockCsrfTokenStoreAccessRecord;
+};

package/dist/{mock-local-storage.js → mock-csrf-token-store.js} RENAMED Viewed

@@ -57,3 +57,51 @@ init = {}) {
         accessRecord,
     };
 }
+/**
+ * Create an empty `accessRecord` object, this is to be used in conjunction with
+ * {@link createMockCsrfTokenStore}.
+ *
+ * @category Mock
+ */
+export function createEmptyMockCsrfTokenStoreAccessRecord() {
+    return {
+        getCsrfToken: 0,
+        setCsrfToken: [],
+        deleteCsrfToken: 0,
+    };
+}
+/**
+ * Create a mock {@link CsrfTokenStore} backed by a simple in-memory object, for use in tests.
+ *
+ * @category Mock
+ */
+export function createMockCsrfTokenStore(
+/** Set an initial value to initialize the mocked store contents. */
+init) {
+    let storedValue = init;
+    const accessRecord = createEmptyMockCsrfTokenStoreAccessRecord();
+    const csrfTokenStore = {
+        getCsrfToken() {
+            accessRecord.getCsrfToken++;
+            return Promise.resolve(storedValue);
+        },
+        setCsrfToken(value) {
+            accessRecord.setCsrfToken.push(value);
+            storedValue = value;
+            return Promise.resolve();
+        },
+        deleteCsrfToken() {
+            accessRecord.deleteCsrfToken++;
+            storedValue = undefined;
+            return Promise.resolve();
+        },
+    };
+    return {
+        csrfTokenStore,
+        /** The current value held in the mock store. */
+        get storedValue() {
+            return storedValue;
+        },
+        accessRecord,
+    };
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "auth-vir",
-    "version": "3.1.0",
+    "version": "3.1.1",
     "description": "Auth made easy and secure via JWT cookies, CSRF tokens, and password hashing helpers.",
     "keywords": [
         "auth",
@@ -41,18 +41,19 @@
         "test:web": "virmator test web"
     },
     "dependencies": {
-        "@augment-vir/assert": "^31.67.1",
-        "@augment-vir/common": "^31.67.1",
-        "date-vir": "^8.2.0",
+        "@augment-vir/assert": "^31.68.1",
+        "@augment-vir/common": "^31.68.1",
+        "date-vir": "^8.2.1",
         "detect-activity": "^1.0.0",
         "hash-wasm": "^4.12.0",
-        "jose": "^6.1.3",
+        "jose": "^6.2.1",
+        "local-db-client": "^1.0.0",
         "object-shape-tester": "^6.11.0",
         "type-fest": "^5.4.4",
         "url-vir": "^2.1.7"
     },
     "devDependencies": {
-        "@augment-vir/test": "^31.67.1",
+        "@augment-vir/test": "^31.68.1",
         "@prisma/client": "^6.19.2",
         "@types/node": "^25.3.3",
         "@web/dev-server-esbuild": "^1.0.5",

package/src/auth-client/backend-auth.client.ts CHANGED Viewed

@@ -575,7 +575,6 @@ export class BackendAuthClient<
                           isSignUpCookie: true,
                           requestHeaders: undefined,
                       }),
-                      this.config.csrf,
                   )
                 : undefined;
         const authCookieHeaders =
@@ -585,26 +584,41 @@ export class BackendAuthClient<
                           isSignUpCookie: false,
                           requestHeaders: undefined,
                       }),
-                      this.config.csrf,
                   )
                 : undefined;
-        const setCookieHeader: {
-            'set-cookie': string[];
-        } = {
+        return {
             'set-cookie': mergeHeaderValues(
                 signUpCookieHeaders?.['set-cookie'],
                 authCookieHeaders?.['set-cookie'],
             ),
         };
-        const csrfTokenHeader = {
-            ...authCookieHeaders,
-            ...signUpCookieHeaders,
-        };
+    }
+    /**
+     * Refreshes a login session by reissuing the auth cookie with the same CSRF token instead of
+     * generating a new one.
+     */
+    protected async refreshLoginHeaders({
+        userId,
+        cookieParams,
+        existingUserIdResult,
+    }: {
+        userId: UserId;
+        cookieParams: Readonly<CookieParams>;
+        existingUserIdResult: Readonly<UserIdResult<UserId>>;
+    }): Promise<Record<string, string>> {
+        const {cookie} = await generateAuthCookie(
+            {
+                csrfToken: existingUserIdResult.csrfToken,
+                userId,
+                sessionStartedAt: existingUserIdResult.sessionStartedAt,
+            },
+            cookieParams,
+        );
         return {
-            ...csrfTokenHeader,
-            ...setCookieHeader,
+            'set-cookie': cookie,
         };
     }
@@ -627,7 +641,6 @@ export class BackendAuthClient<
                       isSignUpCookie: !isSignUpCookie,
                       requestHeaders,
                   }),
-                  this.config.csrf,
               )
             : undefined;
@@ -637,17 +650,19 @@ export class BackendAuthClient<
             this.config.csrf,
             isSignUpCookie ? AuthCookieName.SignUp : AuthCookieName.Auth,
         );
-        const sessionStartedAt = existingUserIdResult?.sessionStartedAt;
-        const newCookieHeaders = await generateSuccessfulLoginHeaders(
-            userId,
-            await this.getCookieParams({
-                isSignUpCookie,
-                requestHeaders,
-            }),
-            this.config.csrf,
-            sessionStartedAt,
-        );
+        const cookieParams = await this.getCookieParams({
+            isSignUpCookie,
+            requestHeaders,
+        });
+        const newCookieHeaders = existingUserIdResult
+            ? await this.refreshLoginHeaders({
+                  userId,
+                  cookieParams,
+                  existingUserIdResult,
+              })
+            : await generateSuccessfulLoginHeaders(userId, cookieParams, this.config.csrf);
         return {
             ...newCookieHeaders,

package/src/auth-client/frontend-auth.client.ts CHANGED Viewed

@@ -9,15 +9,14 @@ import {
 import {type AnyDuration} from 'date-vir';
 import {listenToActivity} from 'detect-activity';
 import {type EmptyObject} from 'type-fest';
+import {type CsrfTokenStore} from '../csrf-token-store.js';
 import {
     type CsrfHeaderNameOption,
-    CsrfTokenFailureReason,
     defaultAllowedClockSkew,
     extractCsrfTokenHeader,
     getCurrentCsrfToken,
     resolveCsrfHeaderName,
     storeCsrfToken,
-    wipeCurrentCsrfToken,
 } from '../csrf-token.js';
 import {AuthHeaderName} from '../headers.js';
@@ -85,6 +84,7 @@ export type FrontendAuthClientConfig = Readonly<{
         overrides: PartialWithUndefined<{
             localStorage: Pick<Storage, 'setItem' | 'removeItem' | 'getItem'>;
+            csrfTokenStore: CsrfTokenStore;
         }>;
     }>;
@@ -130,20 +130,14 @@ export class FrontendAuthClient<AssumedUserParams extends JsonCompatibleObject =
     }
     /** Wraps {@link getCurrentCsrfToken} to automatically handle wiping an invalid CSRF token. */
-    public getCurrentCsrfToken(): string | undefined {
-        const csrfTokenResult = getCurrentCsrfToken({
+    public async getCurrentCsrfToken(): Promise<string | undefined> {
+        const csrfTokenResult = await getCurrentCsrfToken({
             ...this.config.csrf,
-            localStorage: this.config.overrides?.localStorage,
+            csrfTokenStore: this.config.overrides?.csrfTokenStore,
             allowedClockSkew: this.config.allowedClockSkew || defaultAllowedClockSkew,
         });
         if (csrfTokenResult.failure) {
-            if (csrfTokenResult.failure !== CsrfTokenFailureReason.DoesNotExist) {
-                wipeCurrentCsrfToken({
-                    ...this.config.csrf,
-                    localStorage: this.config.overrides?.localStorage,
-                });
-            }
             return undefined;
         }
@@ -164,9 +158,7 @@ export class FrontendAuthClient<AssumedUserParams extends JsonCompatibleObject =
         if (!assumedUserParams) {
             localStorage.removeItem(storageKey);
             return true;
-        }
-        if (!(await this.config.canAssumeUser?.())) {
+        } else if (!(await this.config.canAssumeUser?.())) {
             return false;
         }
@@ -197,8 +189,8 @@ export class FrontendAuthClient<AssumedUserParams extends JsonCompatibleObject =
      * `@augment-vir/common`](https://electrovir.github.io/augment-vir/functions/mergeDeep.html) to
      * combine them with these.
      */
-    public createAuthenticatedRequestInit(): RequestInit {
-        const csrfToken = this.getCurrentCsrfToken();
+    public async createAuthenticatedRequestInit(): Promise<RequestInit> {
+        const csrfToken = await this.getCurrentCsrfToken();
         const assumedUser = this.getAssumedUser();
         const headers: HeadersInit = {
@@ -224,10 +216,6 @@ export class FrontendAuthClient<AssumedUserParams extends JsonCompatibleObject =
     /** Wipes the current user auth. */
     public async logout() {
         await this.config.authClearedCallback?.();
-        wipeCurrentCsrfToken({
-            ...this.config.csrf,
-            localStorage: this.config.overrides?.localStorage,
-        });
     }
     /**
@@ -261,9 +249,9 @@ export class FrontendAuthClient<AssumedUserParams extends JsonCompatibleObject =
             throw new Error('Did not receive any CSRF token.');
         }
-        storeCsrfToken(csrfToken, {
+        await storeCsrfToken(csrfToken, {
             ...this.config.csrf,
-            localStorage: this.config.overrides?.localStorage,
+            csrfTokenStore: this.config.overrides?.csrfTokenStore,
         });
     }
@@ -299,9 +287,9 @@ export class FrontendAuthClient<AssumedUserParams extends JsonCompatibleObject =
             allowedClockSkew: this.config.allowedClockSkew || defaultAllowedClockSkew,
         });
         if (csrfToken) {
-            storeCsrfToken(csrfToken, {
+            await storeCsrfToken(csrfToken, {
                 ...this.config.csrf,
-                localStorage: this.config.overrides?.localStorage,
+                csrfTokenStore: this.config.overrides?.csrfTokenStore,
             });
         }

package/src/auth.ts CHANGED Viewed

@@ -7,6 +7,7 @@ import {
     extractCookieJwt,
     generateAuthCookie,
 } from './cookie.js';
+import {type CsrfTokenStore} from './csrf-token-store.js';
 import {
     type CsrfHeaderNameOption,
     extractCsrfTokenHeader,
@@ -14,7 +15,6 @@ import {
     parseCsrfToken,
     resolveCsrfHeaderName,
     storeCsrfToken,
-    wipeCurrentCsrfToken,
 } from './csrf-token.js';
 import {type ParseJwtParams} from './jwt/jwt.js';
 import {type JwtUserData} from './jwt/user-jwt.js';
@@ -202,48 +202,42 @@ export async function generateSuccessfulLoginHeaders(
  */
 export function generateLogoutHeaders(
     cookieConfig: Readonly<Pick<CookieParams, 'cookieName' | 'hostOrigin' | 'isDev'>>,
-    csrfHeaderNameOption: Readonly<CsrfHeaderNameOption>,
 ): Record<string, string> {
-    const csrfHeaderName = resolveCsrfHeaderName(csrfHeaderNameOption);
     return {
         'set-cookie': clearAuthCookie(cookieConfig),
-        [csrfHeaderName]: 'redacted',
     };
 }
 /**
  * Store auth data on a client (frontend) after receiving an auth response from the host (backend).
- * Specifically, this stores the CSRF token into local storage (which doesn't need to be a secret).
- * Alternatively, if the given response failed, this will wipe the existing (if anyone) stored CSRF
+ * Specifically, this stores the CSRF token into IndexedDB (which doesn't need to be a secret).
+ * Alternatively, if the given response failed, this will wipe the existing (if any) stored CSRF
  * token.
  *
  * @category Auth : Client
  * @throws Error if no CSRF token header is found.
  */
-export function handleAuthResponse(
+export async function handleAuthResponse(
     response: Readonly<Pick<Response, 'ok' | 'headers'>>,
     options: Readonly<CsrfHeaderNameOption> &
         PartialWithUndefined<{
             /**
-             * Allows mocking or overriding the global `localStorage`.
+             * Allows mocking or overriding the default CSRF token store.
              *
-             * @default globalThis.localStorage
+             * @default getDefaultCsrfTokenStore()
              */
-            localStorage: Pick<Storage, 'setItem' | 'removeItem'>;
+            csrfTokenStore: CsrfTokenStore;
         }>,
-) {
+): Promise<void> {
     if (!response.ok) {
-        wipeCurrentCsrfToken(options);
         return;
     }
     const {csrfToken} = extractCsrfTokenHeader(response, options);
     if (!csrfToken) {
-        wipeCurrentCsrfToken(options);
         throw new Error('Did not receive any CSRF token.');
     }
-    storeCsrfToken(csrfToken, options);
+    await storeCsrfToken(csrfToken, options);
 }

package/src/csrf-token-store.ts ADDED Viewed

@@ -0,0 +1,54 @@
+import {LocalDbClient} from 'local-db-client';
+import {defineShape} from 'object-shape-tester';
+const csrfTokenDbShapes = {
+    csrfToken: defineShape(''),
+} as const;
+/**
+ * The interface used for overriding the default CSRF token store in storage functions.
+ *
+ * @category Internal
+ */
+export type CsrfTokenStore = {
+    /** Retrieves the stored CSRF token, if any. */
+    getCsrfToken(): Promise<string | undefined>;
+    /** Stores a CSRF token. */
+    setCsrfToken(value: string): Promise<void>;
+    /** Deletes the stored CSRF token. */
+    deleteCsrfToken(): Promise<void>;
+};
+async function createDefaultCsrfTokenStore(): Promise<CsrfTokenStore> {
+    const client = await LocalDbClient.createClient(csrfTokenDbShapes, {
+        storeName: 'auth-vir-csrf',
+    });
+    return {
+        async getCsrfToken() {
+            return (await client.load.csrfToken()) || undefined;
+        },
+        async setCsrfToken(value) {
+            await client.set.csrfToken(value);
+        },
+        async deleteCsrfToken() {
+            await client.delete.csrfToken();
+        },
+    };
+}
+/**
+ * The default {@link LocalDbClient} instance used for storing CSRF tokens. This uses a dedicated
+ * store name to avoid collisions with other storage. Lazily initialized to avoid crashes in Node.js
+ * environments where IndexedDB is not available.
+ *
+ * @category Internal
+ */
+export async function getDefaultCsrfTokenStore(): Promise<CsrfTokenStore> {
+    if (!cachedStorePromise) {
+        cachedStorePromise = createDefaultCsrfTokenStore();
+    }
+    return cachedStorePromise;
+}
+let cachedStorePromise: Promise<CsrfTokenStore> | undefined;

package/src/csrf-token.ts CHANGED Viewed

@@ -13,6 +13,7 @@ import {
 } from 'date-vir';
 import {defineShape, parseJsonWithShape} from 'object-shape-tester';
 import {type RequireExactlyOne} from 'type-fest';
+import {getDefaultCsrfTokenStore, type CsrfTokenStore} from './csrf-token-store.js';
 /**
  * Shape definition for {@link CsrfToken}.
@@ -137,24 +138,23 @@ export function extractCsrfTokenHeader(
 }
 /**
- * Stores the given CSRF token into local storage.
+ * Stores the given CSRF token into IndexedDB.
  *
  * @category Auth : Client
  */
-export function storeCsrfToken(
+export async function storeCsrfToken(
     csrfToken: Readonly<CsrfToken>,
     options: Readonly<CsrfHeaderNameOption> &
         PartialWithUndefined<{
             /**
-             * Allows mocking or overriding the global `localStorage`.
+             * Allows mocking or overriding the default CSRF token store.
              *
-             * @default globalThis.localStorage
+             * @default getDefaultCsrfTokenStore()
              */
-            localStorage: Pick<Storage, 'setItem' | 'removeItem'>;
+            csrfTokenStore: CsrfTokenStore;
         }>,
-) {
-    (options.localStorage || globalThis.localStorage).setItem(
-        resolveCsrfHeaderName(options),
+): Promise<void> {
+    await (options.csrfTokenStore || (await getDefaultCsrfTokenStore())).setCsrfToken(
         JSON.stringify(csrfToken),
     );
 }
@@ -226,15 +226,15 @@ export function parseCsrfToken(
  *
  * @category Auth : Client
  */
-export function getCurrentCsrfToken(
+export async function getCurrentCsrfToken(
     options: Readonly<CsrfHeaderNameOption> &
         PartialWithUndefined<{
             /**
-             * Allows mocking or overriding the global `localStorage`.
+             * Allows mocking or overriding the default CSRF token store.
              *
-             * @default globalThis.localStorage
+             * @default getDefaultCsrfTokenStore()
              */
-            localStorage: Pick<Storage, 'getItem'>;
+            csrfTokenStore: CsrfTokenStore;
             /**
              * Allowed clock skew tolerance for CSRF token expiration checks.
              *
@@ -242,32 +242,30 @@ export function getCurrentCsrfToken(
              */
             allowedClockSkew: Readonly<AnyDuration>;
         }>,
-): Readonly<GetCsrfTokenResult> {
+): Promise<Readonly<GetCsrfTokenResult>> {
     const rawCsrfToken: string | undefined =
-        (options.localStorage || globalThis.localStorage).getItem(resolveCsrfHeaderName(options)) ||
+        (await (options.csrfTokenStore || (await getDefaultCsrfTokenStore())).getCsrfToken()) ||
         undefined;
     return parseCsrfToken(rawCsrfToken, options);
 }
 /**
- * Wipes the current stored CSRF token. This should be used by client (frontend) code to logout a
- * user or react to a session timeout.
+ * Wipes the current stored CSRF token. This should be used by client (frontend) code to react to a
+ * session timeout.
  *
  * @category Auth : Client
  */
-export function wipeCurrentCsrfToken(
+export async function wipeCurrentCsrfToken(
     options: Readonly<CsrfHeaderNameOption> &
         PartialWithUndefined<{
             /**
-             * Allows mocking or overriding the global `localStorage`.
+             * Allows mocking or overriding the default CSRF token store.
              *
-             * @default globalThis.localStorage
+             * @default getDefaultCsrfTokenStore()
              */
-            localStorage: Pick<Storage, 'removeItem'>;
+            csrfTokenStore: CsrfTokenStore;
         }>,
-) {
-    return (options.localStorage || globalThis.localStorage).removeItem(
-        resolveCsrfHeaderName(options),
-    );
+): Promise<void> {
+    await (options.csrfTokenStore || (await getDefaultCsrfTokenStore())).deleteCsrfToken();
 }

package/src/generated/internal/class.ts CHANGED Viewed

@@ -27,8 +27,8 @@ const config: runtime.GetPrismaClientConfig = {
       "fromEnvVar": null
     },
     "config": {
-      "engineType": "client",
-      "moduleFormat": "esm"
+      "moduleFormat": "esm",
+      "engineType": "client"
     },
     "binaryTargets": [
       {

package/src/index.ts CHANGED Viewed

@@ -3,10 +3,11 @@ export * from './auth-client/frontend-auth.client.js';
 export * from './auth-client/is-session-refresh-ready.js';
 export * from './auth.js';
 export * from './cookie.js';
+export * from './csrf-token-store.js';
 export * from './csrf-token.js';
 export * from './hash.js';
 export * from './headers.js';
 export * from './jwt/jwt-keys.js';
 export * from './jwt/jwt.js';
 export * from './jwt/user-jwt.js';
-export * from './mock-local-storage.js';
+export * from './mock-csrf-token-store.js';

package/src/{mock-local-storage.ts → mock-csrf-token-store.ts} RENAMED Viewed

@@ -1,3 +1,5 @@
+import {type CsrfTokenStore} from './csrf-token-store.js';
 /**
  * `accessRecord` type for {@link createMockLocalStorage}'s output.
  *
@@ -73,3 +75,67 @@ export function createMockLocalStorage(
         accessRecord,
     };
 }
+/**
+ * `accessRecord` type for {@link createMockCsrfTokenStore}'s output.
+ *
+ * @category Internal
+ */
+export type MockCsrfTokenStoreAccessRecord = {
+    getCsrfToken: number;
+    setCsrfToken: string[];
+    deleteCsrfToken: number;
+};
+/**
+ * Create an empty `accessRecord` object, this is to be used in conjunction with
+ * {@link createMockCsrfTokenStore}.
+ *
+ * @category Mock
+ */
+export function createEmptyMockCsrfTokenStoreAccessRecord(): MockCsrfTokenStoreAccessRecord {
+    return {
+        getCsrfToken: 0,
+        setCsrfToken: [],
+        deleteCsrfToken: 0,
+    };
+}
+/**
+ * Create a mock {@link CsrfTokenStore} backed by a simple in-memory object, for use in tests.
+ *
+ * @category Mock
+ */
+export function createMockCsrfTokenStore(
+    /** Set an initial value to initialize the mocked store contents. */
+    init?: string | undefined,
+) {
+    let storedValue: string | undefined = init;
+    const accessRecord = createEmptyMockCsrfTokenStoreAccessRecord();
+    const csrfTokenStore: CsrfTokenStore = {
+        getCsrfToken() {
+            accessRecord.getCsrfToken++;
+            return Promise.resolve(storedValue);
+        },
+        setCsrfToken(value: string) {
+            accessRecord.setCsrfToken.push(value);
+            storedValue = value;
+            return Promise.resolve();
+        },
+        deleteCsrfToken() {
+            accessRecord.deleteCsrfToken++;
+            storedValue = undefined;
+            return Promise.resolve();
+        },
+    };
+    return {
+        csrfTokenStore,
+        /** The current value held in the mock store. */
+        get storedValue() {
+            return storedValue;
+        },
+        accessRecord,
+    };
+}

package/dist/mock-local-storage.d.ts DELETED Viewed

@@ -1,33 +0,0 @@
-/**
- * `accessRecord` type for {@link createMockLocalStorage}'s output.
- *
- * @category Internal
- */
-export type MockLocalStorageAccessRecord = {
-    getItem: string[];
-    removeItem: string[];
-    setItem: {
-        key: string;
-        value: string;
-    }[];
-    key: number[];
-};
-/**
- * Create an empty `accessRecord` object, this is to be used in conjunction with
- * {@link createMockLocalStorage}.
- *
- * @category Mock
- */
-export declare function createEmptyMockLocalStorageAccessRecord(): MockLocalStorageAccessRecord;
-/**
- * Create a LocalStorage mock.
- *
- * @category Mock
- */
-export declare function createMockLocalStorage(
-/** Set values in here to initialize the mocked localStorage data store contents. */
-init?: Record<string, string>): {
-    localStorage: Storage;
-    store: Record<string, string>;
-    accessRecord: MockLocalStorageAccessRecord;
-};