authhero 8.8.1 → 8.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/dist/assets/u/widget/index.esm.js +1 -1
  2. package/dist/authhero.cjs +109 -107
  3. package/dist/authhero.d.ts +271 -228
  4. package/dist/authhero.mjs +11289 -10645
  5. package/dist/stats.html +1 -1
  6. package/dist/tsconfig.types.tsbuildinfo +1 -1
  7. package/dist/types/authentication-flows/password.d.ts +10 -1
  8. package/dist/types/authentication-flows/passwordless.d.ts +4 -4
  9. package/dist/types/helpers/dcr/metadata-mapping.d.ts +1 -1
  10. package/dist/types/helpers/tenant-export-import/export.d.ts +21 -0
  11. package/dist/types/helpers/tenant-export-import/import.d.ts +12 -0
  12. package/dist/types/helpers/tenant-export-import/index.d.ts +4 -0
  13. package/dist/types/helpers/tenant-export-import/manifest.d.ts +12 -0
  14. package/dist/types/helpers/tenant-export-import/row-access.d.ts +20 -0
  15. package/dist/types/helpers/tenant-export-import/types.d.ts +53 -0
  16. package/dist/types/index.d.ts +270 -227
  17. package/dist/types/routes/auth-api/index.d.ts +28 -28
  18. package/dist/types/routes/auth-api/passwordless.d.ts +10 -10
  19. package/dist/types/routes/auth-api/register/index.d.ts +2 -2
  20. package/dist/types/routes/auth-api/revoke.d.ts +6 -6
  21. package/dist/types/routes/auth-api/token.d.ts +10 -10
  22. package/dist/types/routes/management-api/action-executions.d.ts +1 -1
  23. package/dist/types/routes/management-api/branding.d.ts +12 -12
  24. package/dist/types/routes/management-api/clients.d.ts +9 -9
  25. package/dist/types/routes/management-api/connections.d.ts +6 -6
  26. package/dist/types/routes/management-api/email-templates.d.ts +18 -18
  27. package/dist/types/routes/management-api/failed-events.d.ts +1 -1
  28. package/dist/types/routes/management-api/forms.d.ts +126 -126
  29. package/dist/types/routes/management-api/guardian.d.ts +5 -5
  30. package/dist/types/routes/management-api/index.d.ts +237 -194
  31. package/dist/types/routes/management-api/logs.d.ts +3 -3
  32. package/dist/types/routes/management-api/migration-sources.d.ts +6 -6
  33. package/dist/types/routes/management-api/organizations.d.ts +1 -1
  34. package/dist/types/routes/management-api/prompts.d.ts +4 -4
  35. package/dist/types/routes/management-api/tenant-export-import.d.ts +49 -0
  36. package/dist/types/routes/management-api/tenants.d.ts +1 -1
  37. package/dist/types/routes/management-api/themes.d.ts +6 -6
  38. package/dist/types/routes/management-api/users.d.ts +2 -2
  39. package/dist/types/routes/universal-login/common.d.ts +10 -10
  40. package/dist/types/routes/universal-login/flow-api.d.ts +12 -12
  41. package/dist/types/routes/universal-login/u2-index.d.ts +5 -5
  42. package/dist/types/routes/universal-login/u2-routes.d.ts +5 -5
  43. package/dist/types/types/IdToken.d.ts +2 -2
  44. package/package.json +5 -5
@@ -1,7 +1,16 @@
1
1
  import { Context } from "hono";
2
- import { AuthParams, LoginSession } from "@authhero/adapter-interfaces";
2
+ import { AuthParams, LoginSession, User } from "@authhero/adapter-interfaces";
3
3
  import { EnrichedClient } from "../helpers/client";
4
4
  import { Bindings, GrantFlowUserResult, Variables } from "../types";
5
+ /**
6
+ * Clear the failed-login counter for a user. Failed logins are always
7
+ * recorded on the primary account (see {@link recordFailedLogin}), so this
8
+ * resolves the linked primary before clearing. Called on a successful
9
+ * password login and after a successful password reset — both are strong
10
+ * evidence the legitimate account owner is back in control, so a stale
11
+ * lockout shouldn't block them.
12
+ */
13
+ export declare function clearFailedLogins(data: Bindings["data"], tenantId: string, user: User): Promise<void>;
5
14
  export declare function passwordGrant(ctx: Context<{
6
15
  Bindings: Bindings;
7
16
  Variables: Variables;
@@ -414,7 +414,7 @@ export declare function passwordlessGrantUser(ctx: Context<{
414
414
  } | undefined;
415
415
  } | undefined;
416
416
  passkey_options?: {
417
- challenge_ui?: "both" | "autofill" | "button" | undefined;
417
+ challenge_ui?: "button" | "both" | "autofill" | undefined;
418
418
  local_enrollment_enabled?: boolean | undefined;
419
419
  progressive_enrollment_enabled?: boolean | undefined;
420
420
  } | undefined;
@@ -458,7 +458,7 @@ export declare function passwordlessGrantUser(ctx: Context<{
458
458
  custom_login_page_preview?: string | undefined;
459
459
  form_template?: string | undefined;
460
460
  addons?: Record<string, any> | undefined;
461
- token_endpoint_auth_method?: "none" | "private_key_jwt" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | undefined;
461
+ token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | "private_key_jwt" | undefined;
462
462
  client_metadata?: Record<string, string> | undefined;
463
463
  hide_sign_up_disabled_error?: boolean | undefined;
464
464
  mobile?: Record<string, any> | undefined;
@@ -541,8 +541,8 @@ export declare function passwordlessGrantUser(ctx: Context<{
541
541
  } | undefined;
542
542
  authenticated_at?: string | undefined;
543
543
  };
544
- connectionType: "username" | "sms" | "email";
545
- authConnection: "username" | "sms" | "email";
544
+ connectionType: "username" | "email" | "sms";
545
+ authConnection: "username" | "email" | "sms";
546
546
  session_id: string | undefined;
547
547
  authParams: {
548
548
  client_id: string;
@@ -24,10 +24,10 @@ export declare const dcrRequestSchema: z.ZodObject<{
24
24
  response_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
25
25
  token_endpoint_auth_method: z.ZodOptional<z.ZodEnum<{
26
26
  none: "none";
27
- private_key_jwt: "private_key_jwt";
28
27
  client_secret_post: "client_secret_post";
29
28
  client_secret_basic: "client_secret_basic";
30
29
  client_secret_jwt: "client_secret_jwt";
30
+ private_key_jwt: "private_key_jwt";
31
31
  }>>;
32
32
  jwks_uri: z.ZodOptional<z.ZodString>;
33
33
  jwks: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
@@ -0,0 +1,21 @@
1
+ import { DataAdapters } from "@authhero/adapter-interfaces";
2
+ import { ExportLine, ExportOptions } from "./types";
3
+ /**
4
+ * Lazily yield an ordered stream of `{ entity, data }` lines covering all
5
+ * durable data for `tenant_id`. The order matches {@link EXPORT_ORDER} so a
6
+ * sequential importer satisfies foreign keys (parents before children).
7
+ *
8
+ * This is a generator so the HTTP layer can serialize each line straight to the
9
+ * response (and into gzip) without ever materializing the whole export in
10
+ * memory. Only bounded per-entity working sets (id lists, the hook buffer) are
11
+ * held at a time.
12
+ *
13
+ * Ephemeral/audit entities and the global key pool are never emitted.
14
+ */
15
+ export declare function exportTenantLines(data: DataAdapters, tenant_id: string, opts: ExportOptions): AsyncGenerator<ExportLine>;
16
+ /**
17
+ * Collect {@link exportTenantLines} into an array. Convenience for callers
18
+ * (e.g. tests) that want the whole export in memory; the HTTP layer streams the
19
+ * generator directly instead.
20
+ */
21
+ export declare function exportTenant(data: DataAdapters, tenant_id: string, opts: ExportOptions): Promise<ExportLine[]>;
@@ -0,0 +1,12 @@
1
+ import { DataAdapters } from "@authhero/adapter-interfaces";
2
+ import { ExportLine, ImportOptions, ImportResult } from "./types";
3
+ /**
4
+ * Recreate every row from an export stream under `tenant_id`, in the stream's
5
+ * FK-safe order, preserving ids/timestamps via `importMetadata`. Per-row
6
+ * failures are collected rather than aborting the whole run.
7
+ *
8
+ * The target tenant is created from the `tenants` line only when it does not
9
+ * already exist, and always under `tenant_id` (the source id is overridden) so
10
+ * an export can be loaded into a freshly-provisioned tenant.
11
+ */
12
+ export declare function importTenant(data: DataAdapters, tenant_id: string, lines: ExportLine[], opts: ImportOptions): Promise<ImportResult>;
@@ -0,0 +1,4 @@
1
+ export { exportTenant, exportTenantLines } from "./export";
2
+ export { importTenant } from "./import";
3
+ export { EXPORT_ORDER } from "./manifest";
4
+ export type { ExportLine, ExportOptions, ImportOptions, ImportError, ImportResult, } from "./types";
@@ -0,0 +1,12 @@
1
+ /**
2
+ * FK-safe import order: parents are listed before their children so a
3
+ * sequential importer can always satisfy foreign keys. The exporter emits
4
+ * lines in this same order.
5
+ *
6
+ * Excluded entirely (never exported or imported):
7
+ * - keys — global signing-key pool; the target generates its own.
8
+ * - ephemeral / audit: sessions, refresh_tokens, codes, login_sessions,
9
+ * logs, action_executions, outbox_events, grants.
10
+ */
11
+ export declare const EXPORT_ORDER: readonly ["tenants", "clients", "connections", "resource_servers", "roles", "organizations", "users", "passwords", "authentication_methods", "user_roles", "user_permissions", "role_permissions", "organization_connections", "user_organizations", "client_grants", "invites", "actions", "action_versions", "hook_code", "hooks", "flows", "forms", "themes", "branding", "prompt_settings", "universal_login_templates", "custom_text", "email_providers", "email_templates", "custom_domains", "log_streams", "migration_sources", "proxy_routes"];
12
+ export type ExportEntity = (typeof EXPORT_ORDER)[number];
@@ -0,0 +1,20 @@
1
+ /**
2
+ * Minimal, `as`-free helpers for reading fields off the `unknown` rows carried
3
+ * in an export stream. Import code only needs to pluck a handful of string
4
+ * fields (id columns + timestamps) to reconstruct `importMetadata`; the full
5
+ * row is forwarded to the adapter as the typed insert payload after a single
6
+ * narrowing step.
7
+ */
8
+ /** Narrow an unknown value to a plain record, or `undefined` if it isn't one. */
9
+ export declare function asRecord(value: unknown): Record<string, unknown> | undefined;
10
+ /** Read a string field off an unknown row, or `undefined` when absent. */
11
+ export declare function getString(value: unknown, key: string): string | undefined;
12
+ /**
13
+ * Return a shallow copy of an unknown row with `null`/`undefined` top-level
14
+ * fields removed. Export rows are full entities whose optional enum/object
15
+ * columns are often serialized as `null`; the matching *Insert* zod schemas
16
+ * mark those fields optional (not nullable), so they reject a present-but-null
17
+ * value. Dropping nullish keys lets a faithful row parse cleanly while keeping
18
+ * every real value intact.
19
+ */
20
+ export declare function withoutNullish(value: unknown): Record<string, unknown>;
@@ -0,0 +1,53 @@
1
+ import { DataAdapters, ImportMetadata } from "@authhero/adapter-interfaces";
2
+ /**
3
+ * A single JSON-lines record in a tenant export stream.
4
+ *
5
+ * `entity` is the durable entity name (see {@link EXPORT_ORDER}); `data` is the
6
+ * raw row as returned by the source adapter's read methods. The stream is
7
+ * ordered so that a sequential importer can recreate FK parents before their
8
+ * children.
9
+ */
10
+ export interface ExportLine {
11
+ entity: string;
12
+ data: unknown;
13
+ }
14
+ export interface ExportOptions {
15
+ /**
16
+ * When false, the `passwords` entity is skipped entirely on export so the
17
+ * stream never carries password hashes. Defaults to false at the call sites
18
+ * that want a redacted export.
19
+ */
20
+ includePasswordHashes: boolean;
21
+ }
22
+ export interface ImportOptions {
23
+ /**
24
+ * When false, any `passwords` lines present in the stream are ignored on
25
+ * import (defence in depth — a redacted export shouldn't contain them, but
26
+ * the importer refuses to write them regardless).
27
+ */
28
+ includePasswordHashes: boolean;
29
+ }
30
+ /** One failed row during import, surfaced rather than aborting the whole run. */
31
+ export interface ImportError {
32
+ entity: string;
33
+ error: string;
34
+ }
35
+ export interface ImportResult {
36
+ /** Number of rows successfully written, keyed by entity name. */
37
+ counts: Record<string, number>;
38
+ /** Non-fatal per-row failures collected during the run. */
39
+ errors: ImportError[];
40
+ }
41
+ /**
42
+ * Build the `importMetadata` argument from a row, preserving id/timestamps.
43
+ * Returns `undefined` when none of the fields are present so callers can spread
44
+ * it without sending an empty object.
45
+ */
46
+ export declare function buildImportMetadata(params: {
47
+ id?: string;
48
+ created_at?: string;
49
+ updated_at?: string;
50
+ }): {
51
+ importMetadata: ImportMetadata;
52
+ } | undefined;
53
+ export type { DataAdapters };