handshake-auth 0.1.0

package/LICENSE

@@ -0,0 +1,15 @@
+ISC License
+
+Copyright (c) 2026 Andrew Chilton
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.

package/ReadMe.md

@@ -0,0 +1,136 @@
+# Handshake Auth
+
+Lightweight, storage-agnostic authentication for Express.js.
+
+> **Work in Progress** - This library is under active development and not yet ready for production use.
+
+## Overview
+
+Handshake Auth is a lightweight authentication library that follows the strategy pattern similar to Passport.js, but without requiring a database connection. You provide callbacks for all storage operations (Inversion of Control), giving you complete control over how accounts are stored and retrieved.
+
+### Core Philosophy
+
+> "Handshake Auth authenticates requests. It does not log users in."
+
+The library handles the "handshakes" and "proofs" without demanding a seat at your database table. After successful authentication, you receive an Account object and decide what to do with it.
+
+## Features
+
+- **Storage-agnostic** - You provide callbacks, you own your data
+- **Express-only** - Focused on Express.js with `cookie-session`
+- **TypeScript-first** - Full type safety with generics
+- **Modern** - async/await throughout, ESM-first
+- **Strategies included** - Password, Magic Link, Google OAuth, GitHub OAuth
+
+## Installation
+
+```bash
+npm install handshake-auth
+```
+
+## Basic Usage
+
+```typescript
+import { Handshake, PasswordStrategy } from 'handshake-auth';
+
+// Define your account type
+interface Account {
+  id: string;
+  email: string;
+  passwordHash: string;
+}
+
+// Create a Handshake instance with your callbacks
+const hs = new Handshake<Account>({
+  findAccount: async (email) => {
+    // Your database lookup here
+    return db.accounts.findByEmail(email);
+  },
+  verifyPassword: async (account, password) => {
+    // Your password verification here (e.g., bcrypt.compare)
+    return await bcrypt.compare(password, account.passwordHash);
+  },
+});
+
+// Register the password strategy
+hs.use(new PasswordStrategy());
+
+// Authenticate
+const result = await hs.authenticate('password', 'user@example.com', 'their-password');
+
+if (result.account) {
+  // Authentication successful
+  console.log('Logged in:', result.account.email);
+} else {
+  // Authentication failed
+  console.log('Error:', result.error);
+}
+```
+
+## Express Integration
+
+Use with Express and `cookie-session` for a complete authentication setup:
+
+```typescript
+import express from 'express';
+import cookieSession from 'cookie-session';
+import {
+  Handshake,
+  PasswordStrategy,
+  handshakeMiddleware,
+  login,
+  logout,
+  isLoggedIn,
+} from 'handshake-auth';
+
+const app = express();
+app.use(express.json());
+
+// Configure cookie-session
+app.use(cookieSession({
+  name: 'session',
+  keys: [process.env.SESSION_SECRET!],
+  maxAge: 24 * 60 * 60 * 1000, // 24 hours
+}));
+
+// Set up Handshake
+const hs = new Handshake<Account>({
+  findAccount: async (email) => db.accounts.findByEmail(email),
+  verifyPassword: async (account, password) => bcrypt.compare(password, account.passwordHash),
+});
+hs.use(new PasswordStrategy());
+
+// Add middleware (attaches authenticate helper to req)
+app.use(handshakeMiddleware(hs));
+
+// Login route
+app.post('/login', async (req, res) => {
+  const { email, password } = req.body;
+  const result = await hs.authenticate('password', email, password);
+
+  if (result.account) {
+    login(req, result.account);
+    res.json({ success: true });
+  } else {
+    res.status(401).json({ error: result.error });
+  }
+});
+
+// Logout route
+app.post('/logout', (req, res) => {
+  logout(req);
+  res.json({ success: true });
+});
+
+// Protected route
+app.get('/me', (req, res) => {
+  if (!isLoggedIn(req)) {
+    return res.status(401).json({ error: 'Not logged in' });
+  }
+  res.json({ accountId: req.session?.accountId });
+});
+```
+
+## License
+
+ISC

package/dist/env.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Get an environment variable or return undefined if not set
+ */
+export declare function getEnv(key: string): string | undefined;
+/**
+ * Get an environment variable or throw if not set
+ */
+export declare function requireEnv(key: string): string;
+/**
+ * Configuration for checking if a strategy has its required environment variables
+ */
+export interface StrategyEnvConfig {
+    required: string[];
+    optional?: string[];
+}
+/**
+ * Check if a strategy is configured by verifying its required environment variables.
+ * Returns true if all required vars are set, false otherwise.
+ */
+export declare function checkStrategyEnv(config: StrategyEnvConfig): boolean;
+/**
+ * Get all environment values for a strategy.
+ * Returns an object with values for required and optional vars, or null if not all required vars are set.
+ */
+export declare function getStrategyEnv<T extends Record<string, string | undefined>>(config: StrategyEnvConfig): T | null;
+//# sourceMappingURL=env.d.ts.map

package/dist/env.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../src/env.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAEtD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAM9C;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAEnE;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,EACzE,MAAM,EAAE,iBAAiB,GACxB,CAAC,GAAG,IAAI,CAkBV"}

package/dist/env.js

@@ -0,0 +1,43 @@
+/**
+ * Get an environment variable or return undefined if not set
+ */
+export function getEnv(key) {
+    return process.env[key];
+}
+/**
+ * Get an environment variable or throw if not set
+ */
+export function requireEnv(key) {
+    const value = process.env[key];
+    if (value === undefined) {
+        throw new Error(`Missing required environment variable: ${key}`);
+    }
+    return value;
+}
+/**
+ * Check if a strategy is configured by verifying its required environment variables.
+ * Returns true if all required vars are set, false otherwise.
+ */
+export function checkStrategyEnv(config) {
+    return config.required.every((key) => process.env[key] !== undefined);
+}
+/**
+ * Get all environment values for a strategy.
+ * Returns an object with values for required and optional vars, or null if not all required vars are set.
+ */
+export function getStrategyEnv(config) {
+    if (!checkStrategyEnv(config)) {
+        return null;
+    }
+    const result = {};
+    for (const key of config.required) {
+        result[key] = process.env[key];
+    }
+    if (config.optional) {
+        for (const key of config.optional) {
+            result[key] = process.env[key];
+        }
+    }
+    return result;
+}
+//# sourceMappingURL=env.js.map

package/dist/env.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.js","sourceRoot":"","sources":["../src/env.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,UAAU,MAAM,CAAC,GAAW;IAChC,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,0CAA0C,GAAG,EAAE,CAAC,CAAC;IACnE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAUD;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAyB;IACxD,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC,CAAC;AACxE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAC5B,MAAyB;IAEzB,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAuC,EAAE,CAAC;IAEtD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YAClC,MAAM,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,OAAO,MAAW,CAAC;AACrB,CAAC"}

package/dist/gatekeeper-auth.d.ts

@@ -0,0 +1,43 @@
+import type { AuthResult, Strategy, GatekeeperOptions } from './types.js';
+/**
+ * Main Gatekeeper class for managing authentication strategies.
+ *
+ * @typeParam TAccount - The shape of your account object
+ */
+export declare class Gatekeeper<TAccount> {
+    private options;
+    private strategies;
+    constructor(options: GatekeeperOptions<TAccount>);
+    /**
+     * Register an authentication strategy.
+     *
+     * @param strategy - The strategy to register
+     * @returns this (for chaining)
+     */
+    use(strategy: Strategy<TAccount>): this;
+    /**
+     * Authenticate using a named strategy.
+     *
+     * @param strategyName - The name of the strategy to use
+     * @param args - Arguments to pass to the strategy's authenticate method
+     * @returns The authentication result
+     */
+    authenticate(strategyName: string, ...args: unknown[]): Promise<AuthResult<TAccount>>;
+    /**
+     * Get a registered strategy by name.
+     *
+     * @param name - The strategy name
+     * @returns The strategy, or undefined if not registered
+     */
+    getStrategy(name: string): Strategy<TAccount> | undefined;
+    /**
+     * Get the list of registered strategy names.
+     */
+    get registeredStrategies(): string[];
+    /**
+     * Get the callbacks/options provided to this Gatekeeper instance.
+     * Strategies can use this to access shared callbacks like findAccount.
+     */
+    get callbacks(): GatekeeperOptions<TAccount>;
+}
+//# sourceMappingURL=gatekeeper-auth.d.ts.map

package/dist/gatekeeper-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gatekeeper-auth.d.ts","sourceRoot":"","sources":["../src/gatekeeper-auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE1E;;;;GAIG;AACH,qBAAa,UAAU,CAAC,QAAQ;IAGlB,OAAO,CAAC,OAAO;IAF3B,OAAO,CAAC,UAAU,CAAyC;gBAEvC,OAAO,EAAE,iBAAiB,CAAC,QAAQ,CAAC;IAExD;;;;;OAKG;IACH,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,GAAG,IAAI;IAQvC;;;;;;OAMG;IACG,YAAY,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAQ3F;;;;;OAKG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,SAAS;IAIzD;;OAEG;IACH,IAAI,oBAAoB,IAAI,MAAM,EAAE,CAEnC;IAED;;;OAGG;IACH,IAAI,SAAS,IAAI,iBAAiB,CAAC,QAAQ,CAAC,CAE3C;CACF"}

package/dist/gatekeeper-auth.js

@@ -0,0 +1,62 @@
+/**
+ * Main Gatekeeper class for managing authentication strategies.
+ *
+ * @typeParam TAccount - The shape of your account object
+ */
+export class Gatekeeper {
+    options;
+    strategies = new Map();
+    constructor(options) {
+        this.options = options;
+    }
+    /**
+     * Register an authentication strategy.
+     *
+     * @param strategy - The strategy to register
+     * @returns this (for chaining)
+     */
+    use(strategy) {
+        if (this.strategies.has(strategy.name)) {
+            throw new Error(`Strategy "${strategy.name}" is already registered`);
+        }
+        this.strategies.set(strategy.name, strategy);
+        return this;
+    }
+    /**
+     * Authenticate using a named strategy.
+     *
+     * @param strategyName - The name of the strategy to use
+     * @param args - Arguments to pass to the strategy's authenticate method
+     * @returns The authentication result
+     */
+    async authenticate(strategyName, ...args) {
+        const strategy = this.strategies.get(strategyName);
+        if (!strategy) {
+            return { account: null, error: `Unknown strategy: ${strategyName}` };
+        }
+        return strategy.authenticate(this.options, ...args);
+    }
+    /**
+     * Get a registered strategy by name.
+     *
+     * @param name - The strategy name
+     * @returns The strategy, or undefined if not registered
+     */
+    getStrategy(name) {
+        return this.strategies.get(name);
+    }
+    /**
+     * Get the list of registered strategy names.
+     */
+    get registeredStrategies() {
+        return Array.from(this.strategies.keys());
+    }
+    /**
+     * Get the callbacks/options provided to this Gatekeeper instance.
+     * Strategies can use this to access shared callbacks like findAccount.
+     */
+    get callbacks() {
+        return this.options;
+    }
+}
+//# sourceMappingURL=gatekeeper-auth.js.map

package/dist/gatekeeper-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gatekeeper-auth.js","sourceRoot":"","sources":["../src/gatekeeper-auth.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,MAAM,OAAO,UAAU;IAGD;IAFZ,UAAU,GAAG,IAAI,GAAG,EAA8B,CAAC;IAE3D,YAAoB,OAAoC;QAApC,YAAO,GAAP,OAAO,CAA6B;IAAG,CAAC;IAE5D;;;;;OAKG;IACH,GAAG,CAAC,QAA4B;QAC9B,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,aAAa,QAAQ,CAAC,IAAI,yBAAyB,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,YAAY,CAAC,YAAoB,EAAE,GAAG,IAAe;QACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,qBAAqB,YAAY,EAAE,EAAE,CAAC;QACvE,CAAC;QACD,OAAO,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IACtD,CAAC;IAED;;;;;OAKG;IACH,WAAW,CAAC,IAAY;QACtB,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,IAAI,oBAAoB;QACtB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED;;;OAGG;IACH,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;CACF"}

package/dist/handshake.d.ts

@@ -0,0 +1,43 @@
+import type { AuthResult, Strategy, HandshakeOptions } from './types.js';
+/**
+ * Main Handshake class for managing authentication strategies.
+ *
+ * @typeParam TAccount - The shape of your account object
+ */
+export declare class Handshake<TAccount> {
+    private options;
+    private strategies;
+    constructor(options: HandshakeOptions<TAccount>);
+    /**
+     * Register an authentication strategy.
+     *
+     * @param strategy - The strategy to register
+     * @returns this (for chaining)
+     */
+    use(strategy: Strategy<TAccount>): this;
+    /**
+     * Authenticate using a named strategy.
+     *
+     * @param strategyName - The name of the strategy to use
+     * @param args - Arguments to pass to the strategy's authenticate method
+     * @returns The authentication result
+     */
+    authenticate(strategyName: string, ...args: unknown[]): Promise<AuthResult<TAccount>>;
+    /**
+     * Get a registered strategy by name.
+     *
+     * @param name - The strategy name
+     * @returns The strategy, or undefined if not registered
+     */
+    getStrategy(name: string): Strategy<TAccount> | undefined;
+    /**
+     * Get the list of registered strategy names.
+     */
+    get registeredStrategies(): string[];
+    /**
+     * Get the callbacks/options provided to this Handshake instance.
+     * Strategies can use this to access shared callbacks like findAccount.
+     */
+    get callbacks(): HandshakeOptions<TAccount>;
+}
+//# sourceMappingURL=handshake.d.ts.map

package/dist/handshake.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handshake.d.ts","sourceRoot":"","sources":["../src/handshake.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEzE;;;;GAIG;AACH,qBAAa,SAAS,CAAC,QAAQ;IAGjB,OAAO,CAAC,OAAO;IAF3B,OAAO,CAAC,UAAU,CAAyC;gBAEvC,OAAO,EAAE,gBAAgB,CAAC,QAAQ,CAAC;IAEvD;;;;;OAKG;IACH,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,GAAG,IAAI;IAQvC;;;;;;OAMG;IACG,YAAY,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAQ3F;;;;;OAKG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,SAAS;IAIzD;;OAEG;IACH,IAAI,oBAAoB,IAAI,MAAM,EAAE,CAEnC;IAED;;;OAGG;IACH,IAAI,SAAS,IAAI,gBAAgB,CAAC,QAAQ,CAAC,CAE1C;CACF"}

package/dist/handshake.js

@@ -0,0 +1,62 @@
+/**
+ * Main Handshake class for managing authentication strategies.
+ *
+ * @typeParam TAccount - The shape of your account object
+ */
+export class Handshake {
+    options;
+    strategies = new Map();
+    constructor(options) {
+        this.options = options;
+    }
+    /**
+     * Register an authentication strategy.
+     *
+     * @param strategy - The strategy to register
+     * @returns this (for chaining)
+     */
+    use(strategy) {
+        if (this.strategies.has(strategy.name)) {
+            throw new Error(`Strategy "${strategy.name}" is already registered`);
+        }
+        this.strategies.set(strategy.name, strategy);
+        return this;
+    }
+    /**
+     * Authenticate using a named strategy.
+     *
+     * @param strategyName - The name of the strategy to use
+     * @param args - Arguments to pass to the strategy's authenticate method
+     * @returns The authentication result
+     */
+    async authenticate(strategyName, ...args) {
+        const strategy = this.strategies.get(strategyName);
+        if (!strategy) {
+            return { account: null, error: `Unknown strategy: ${strategyName}` };
+        }
+        return strategy.authenticate(this.options, ...args);
+    }
+    /**
+     * Get a registered strategy by name.
+     *
+     * @param name - The strategy name
+     * @returns The strategy, or undefined if not registered
+     */
+    getStrategy(name) {
+        return this.strategies.get(name);
+    }
+    /**
+     * Get the list of registered strategy names.
+     */
+    get registeredStrategies() {
+        return Array.from(this.strategies.keys());
+    }
+    /**
+     * Get the callbacks/options provided to this Handshake instance.
+     * Strategies can use this to access shared callbacks like findAccount.
+     */
+    get callbacks() {
+        return this.options;
+    }
+}
+//# sourceMappingURL=handshake.js.map

package/dist/handshake.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handshake.js","sourceRoot":"","sources":["../src/handshake.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,MAAM,OAAO,SAAS;IAGA;IAFZ,UAAU,GAAG,IAAI,GAAG,EAA8B,CAAC;IAE3D,YAAoB,OAAmC;QAAnC,YAAO,GAAP,OAAO,CAA4B;IAAG,CAAC;IAE3D;;;;;OAKG;IACH,GAAG,CAAC,QAA4B;QAC9B,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,aAAa,QAAQ,CAAC,IAAI,yBAAyB,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,YAAY,CAAC,YAAoB,EAAE,GAAG,IAAe;QACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,qBAAqB,YAAY,EAAE,EAAE,CAAC;QACvE,CAAC;QACD,OAAO,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IACtD,CAAC;IAED;;;;;OAKG;IACH,WAAW,CAAC,IAAY;QACtB,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,IAAI,oBAAoB;QACtB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED;;;OAGG;IACH,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export type { AuthResult, Strategy, HandshakeCallbacks, HandshakeOptions, OAuthProfile, } from './types.js';
+export { Handshake } from './handshake.js';
+export { PasswordStrategy } from './strategies/index.js';
+export { handshakeMiddleware, login, logout, isLoggedIn, getSessionAccountId, } from './middleware/index.js';
+export type { HandshakeSession, RequestWithAuth } from './middleware/index.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,UAAU,EACV,QAAQ,EACR,kBAAkB,EAClB,gBAAgB,EAChB,YAAY,GACb,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGzD,OAAO,EACL,mBAAmB,EACnB,KAAK,EACL,MAAM,EACN,UAAU,EACV,mBAAmB,GACpB,MAAM,uBAAuB,CAAC;AAE/B,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/index.js

@@ -0,0 +1,7 @@
+// Main class
+export { Handshake } from './handshake.js';
+// Strategies
+export { PasswordStrategy } from './strategies/index.js';
+// Express middleware
+export { handshakeMiddleware, login, logout, isLoggedIn, getSessionAccountId, } from './middleware/index.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AASA,aAAa;AACb,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAE3C,aAAa;AACb,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD,qBAAqB;AACrB,OAAO,EACL,mBAAmB,EACnB,KAAK,EACL,MAAM,EACN,UAAU,EACV,mBAAmB,GACpB,MAAM,uBAAuB,CAAC"}

package/dist/middleware/express.d.ts

@@ -0,0 +1,77 @@
+import type { Request, Response, NextFunction } from 'express';
+import type { Handshake } from '../handshake.js';
+import type { AuthResult } from '../types.js';
+/**
+ * Session data stored in cookie-session.
+ * Users can extend this with their own fields.
+ */
+export interface HandshakeSession {
+    accountId?: string;
+    [key: string]: unknown;
+}
+/**
+ * Express middleware that attaches Handshake's authenticate helper to the request.
+ *
+ * @param hs - The Handshake instance
+ * @returns Express middleware function
+ *
+ * @example
+ * ```typescript
+ * const hs = new Handshake({ ... });
+ * hs.use(new PasswordStrategy());
+ * app.use(handshakeMiddleware(hs));
+ * ```
+ */
+export declare function handshakeMiddleware<TAccount>(hs: Handshake<TAccount>): (req: Request, _res: Response, next: NextFunction) => void;
+/**
+ * Store account information in the session after successful authentication.
+ *
+ * @param req - Express request with cookie-session
+ * @param account - The authenticated account
+ *
+ * @example
+ * ```typescript
+ * const result = await hs.authenticate('password', email, password);
+ * if (result.account) {
+ *   login(req, result.account);
+ * }
+ * ```
+ */
+export declare function login<TAccount extends {
+    id: string;
+}>(req: Request, account: TAccount): void;
+/**
+ * Clear the session, logging the user out.
+ *
+ * @param req - Express request with cookie-session
+ *
+ * @example
+ * ```typescript
+ * app.post('/logout', (req, res) => {
+ *   logout(req);
+ *   res.json({ success: true });
+ * });
+ * ```
+ */
+export declare function logout(req: Request): void;
+/**
+ * Check if a user is currently logged in (has an accountId in session).
+ *
+ * @param req - Express request with cookie-session
+ * @returns true if logged in, false otherwise
+ */
+export declare function isLoggedIn(req: Request): boolean;
+/**
+ * Get the account ID from the session, if logged in.
+ *
+ * @param req - Express request with cookie-session
+ * @returns The account ID or undefined if not logged in
+ */
+export declare function getSessionAccountId(req: Request): string | undefined;
+/**
+ * Extended Express Request with Handshake's authenticate helper.
+ */
+export interface RequestWithAuth<TAccount> extends Request {
+    authenticate: (strategyName: string, ...args: unknown[]) => Promise<AuthResult<TAccount>>;
+}
+//# sourceMappingURL=express.d.ts.map

package/dist/middleware/express.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.d.ts","sourceRoot":"","sources":["../../src/middleware/express.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,EAAE,EAAE,SAAS,CAAC,QAAQ,CAAC,IAC3D,KAAK,OAAO,EAAE,MAAM,QAAQ,EAAE,MAAM,YAAY,KAAG,IAAI,CAWhE;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,KAAK,CAAC,QAAQ,SAAS;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,EACnD,GAAG,EAAE,OAAO,EACZ,OAAO,EAAE,QAAQ,GAChB,IAAI,CAKN;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,MAAM,CAAC,GAAG,EAAE,OAAO,GAAG,IAAI,CAEzC;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAEhD;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAEpE;AAED;;GAEG;AACH,MAAM,WAAW,eAAe,CAAC,QAAQ,CAAE,SAAQ,OAAO;IACxD,YAAY,EAAE,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;CAC3F"}

package/dist/middleware/express.js

@@ -0,0 +1,77 @@
+/**
+ * Express middleware that attaches Handshake's authenticate helper to the request.
+ *
+ * @param hs - The Handshake instance
+ * @returns Express middleware function
+ *
+ * @example
+ * ```typescript
+ * const hs = new Handshake({ ... });
+ * hs.use(new PasswordStrategy());
+ * app.use(handshakeMiddleware(hs));
+ * ```
+ */
+export function handshakeMiddleware(hs) {
+    return (req, _res, next) => {
+        // Attach authenticate helper to request
+        req.authenticate = async (strategyName, ...args) => {
+            return hs.authenticate(strategyName, ...args);
+        };
+        next();
+    };
+}
+/**
+ * Store account information in the session after successful authentication.
+ *
+ * @param req - Express request with cookie-session
+ * @param account - The authenticated account
+ *
+ * @example
+ * ```typescript
+ * const result = await hs.authenticate('password', email, password);
+ * if (result.account) {
+ *   login(req, result.account);
+ * }
+ * ```
+ */
+export function login(req, account) {
+    if (!req.session) {
+        throw new Error('Session not available. Make sure cookie-session middleware is configured.');
+    }
+    req.session.accountId = account.id;
+}
+/**
+ * Clear the session, logging the user out.
+ *
+ * @param req - Express request with cookie-session
+ *
+ * @example
+ * ```typescript
+ * app.post('/logout', (req, res) => {
+ *   logout(req);
+ *   res.json({ success: true });
+ * });
+ * ```
+ */
+export function logout(req) {
+    req.session = null;
+}
+/**
+ * Check if a user is currently logged in (has an accountId in session).
+ *
+ * @param req - Express request with cookie-session
+ * @returns true if logged in, false otherwise
+ */
+export function isLoggedIn(req) {
+    return req.session?.accountId !== undefined;
+}
+/**
+ * Get the account ID from the session, if logged in.
+ *
+ * @param req - Express request with cookie-session
+ * @returns The account ID or undefined if not logged in
+ */
+export function getSessionAccountId(req) {
+    return req.session?.accountId;
+}
+//# sourceMappingURL=express.js.map

package/dist/middleware/express.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.js","sourceRoot":"","sources":["../../src/middleware/express.ts"],"names":[],"mappings":"AAaA;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,mBAAmB,CAAW,EAAuB;IACnE,OAAO,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB,EAAQ,EAAE;QAChE,wCAAwC;QACvC,GAAiC,CAAC,YAAY,GAAG,KAAK,EACrD,YAAoB,EACpB,GAAG,IAAe,EACa,EAAE;YACjC,OAAO,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,CAAC;QAChD,CAAC,CAAC;QAEF,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,KAAK,CACnB,GAAY,EACZ,OAAiB;IAEjB,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;IAC/F,CAAC;IACD,GAAG,CAAC,OAAO,CAAC,SAAS,GAAG,OAAO,CAAC,EAAE,CAAC;AACrC,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,MAAM,CAAC,GAAY;IACjC,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;AACrB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,GAAY;IACrC,OAAO,GAAG,CAAC,OAAO,EAAE,SAAS,KAAK,SAAS,CAAC;AAC9C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAY;IAC9C,OAAO,GAAG,CAAC,OAAO,EAAE,SAA+B,CAAC;AACtD,CAAC"}

package/dist/middleware/index.d.ts

@@ -0,0 +1,3 @@
+export { handshakeMiddleware, login, logout, isLoggedIn, getSessionAccountId, } from './express.js';
+export type { HandshakeSession, RequestWithAuth } from './express.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/middleware/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,KAAK,EACL,MAAM,EACN,UAAU,EACV,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC"}

package/dist/middleware/index.js

@@ -0,0 +1,2 @@
+export { handshakeMiddleware, login, logout, isLoggedIn, getSessionAccountId, } from './express.js';
+//# sourceMappingURL=index.js.map

package/dist/middleware/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,KAAK,EACL,MAAM,EACN,UAAU,EACV,mBAAmB,GACpB,MAAM,cAAc,CAAC"}

package/dist/strategies/index.d.ts

@@ -0,0 +1,2 @@
+export { PasswordStrategy } from './password.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/strategies/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/strategies/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC"}

package/dist/strategies/index.js

@@ -0,0 +1,2 @@
+export { PasswordStrategy } from './password.js';
+//# sourceMappingURL=index.js.map

package/dist/strategies/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/strategies/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC"}

package/dist/strategies/password.d.ts

@@ -0,0 +1,20 @@
+import type { AuthResult, Strategy, HandshakeCallbacks } from '../types.js';
+/**
+ * Password authentication strategy.
+ *
+ * Authenticates users with an identifier (e.g., email) and password.
+ * Uses the findAccount and verifyPassword callbacks from Handshake.
+ */
+export declare class PasswordStrategy<TAccount> implements Strategy<TAccount> {
+    readonly name = "password";
+    /**
+     * Authenticate with identifier and password.
+     *
+     * @param callbacks - Handshake callbacks (findAccount, verifyPassword)
+     * @param identifier - The account identifier (e.g., email)
+     * @param password - The password to verify
+     * @returns Authentication result with account or error
+     */
+    authenticate(callbacks: HandshakeCallbacks<TAccount>, ...args: unknown[]): Promise<AuthResult<TAccount>>;
+}
+//# sourceMappingURL=password.d.ts.map

package/dist/strategies/password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../src/strategies/password.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAE5E;;;;;GAKG;AACH,qBAAa,gBAAgB,CAAC,QAAQ,CAAE,YAAW,QAAQ,CAAC,QAAQ,CAAC;IACnE,QAAQ,CAAC,IAAI,cAAc;IAE3B;;;;;;;OAOG;IACG,YAAY,CAChB,SAAS,EAAE,kBAAkB,CAAC,QAAQ,CAAC,EACvC,GAAG,IAAI,EAAE,OAAO,EAAE,GACjB,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;CAgCjC"}

package/dist/strategies/password.js

@@ -0,0 +1,43 @@
+/**
+ * Password authentication strategy.
+ *
+ * Authenticates users with an identifier (e.g., email) and password.
+ * Uses the findAccount and verifyPassword callbacks from Handshake.
+ */
+export class PasswordStrategy {
+    name = 'password';
+    /**
+     * Authenticate with identifier and password.
+     *
+     * @param callbacks - Handshake callbacks (findAccount, verifyPassword)
+     * @param identifier - The account identifier (e.g., email)
+     * @param password - The password to verify
+     * @returns Authentication result with account or error
+     */
+    async authenticate(callbacks, ...args) {
+        const [identifier, password] = args;
+        if (!identifier || !password) {
+            return { account: null, error: 'Identifier and password are required' };
+        }
+        if (!callbacks.verifyPassword) {
+            return { account: null, error: 'verifyPassword callback is required for password strategy' };
+        }
+        // Find the account
+        const account = await callbacks.findAccount(identifier);
+        // Always call verifyPassword even if account is null to prevent timing attacks.
+        // The verifyPassword callback should handle null accounts appropriately
+        // (e.g., by doing a dummy comparison that takes the same time).
+        // However, since the callback signature requires an account, we'll check first
+        // and rely on the overall operation timing being similar.
+        if (!account) {
+            return { account: null, error: 'Invalid credentials' };
+        }
+        // Verify the password
+        const isValid = await callbacks.verifyPassword(account, password);
+        if (!isValid) {
+            return { account: null, error: 'Invalid credentials' };
+        }
+        return { account, strategy: this.name };
+    }
+}
+//# sourceMappingURL=password.js.map

package/dist/strategies/password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.js","sourceRoot":"","sources":["../../src/strategies/password.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,MAAM,OAAO,gBAAgB;IAClB,IAAI,GAAG,UAAU,CAAC;IAE3B;;;;;;;OAOG;IACH,KAAK,CAAC,YAAY,CAChB,SAAuC,EACvC,GAAG,IAAe;QAElB,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,GAAG,IAAwB,CAAC;QAExD,IAAI,CAAC,UAAU,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC7B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC;QAC1E,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC;YAC9B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,2DAA2D,EAAE,CAAC;QAC/F,CAAC;QAED,mBAAmB;QACnB,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAExD,gFAAgF;QAChF,wEAAwE;QACxE,gEAAgE;QAChE,+EAA+E;QAC/E,0DAA0D;QAC1D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;QACzD,CAAC;QAED,sBAAsB;QACtB,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAElE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;QACzD,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;IAC1C,CAAC;CACF"}

package/dist/types.d.ts

@@ -0,0 +1,65 @@
+/**
+ * OAuth profile data returned from providers
+ */
+export interface OAuthProfile {
+    id: string;
+    email: string | null;
+    name: string | null;
+    picture: string | null;
+    raw: Record<string, unknown>;
+}
+/**
+ * Result of an authentication attempt.
+ * Either contains an authenticated account or null with an optional error message.
+ */
+export type AuthResult<TAccount> = {
+    account: TAccount;
+    strategy: string;
+} | {
+    account: null;
+    error?: string;
+};
+/**
+ * Base interface for authentication strategies.
+ * Each strategy must have a unique name and an authenticate method.
+ * The authenticate method receives the Handshake's callbacks as the first argument.
+ */
+export interface Strategy<TAccount> {
+    name: string;
+    authenticate(callbacks: HandshakeCallbacks<TAccount>, ...args: unknown[]): Promise<AuthResult<TAccount>>;
+}
+/**
+ * Callbacks provided by the application for account operations.
+ * These implement the Inversion of Control pattern - the library
+ * never touches the database directly.
+ */
+export interface HandshakeCallbacks<TAccount> {
+    /**
+     * Find an account by identifier (email, username, etc.)
+     */
+    findAccount: (identifier: string) => Promise<TAccount | null>;
+    /**
+     * Verify a password against an account (you handle hashing)
+     */
+    verifyPassword?: (account: TAccount, password: string) => Promise<boolean>;
+    /**
+     * Store a magic link token for later verification
+     */
+    storeMagicToken?: (email: string, token: string, expiresAt: Date) => Promise<void>;
+    /**
+     * Verify a magic link token and return the associated email
+     */
+    verifyMagicToken?: (token: string) => Promise<{
+        email: string;
+    } | null>;
+    /**
+     * Find or create an account from OAuth profile data
+     */
+    findOrCreateFromOAuth?: (provider: string, profile: OAuthProfile) => Promise<TAccount>;
+}
+/**
+ * Options for configuring Handshake.
+ * Currently the same as HandshakeCallbacks, but may be extended in the future.
+ */
+export type HandshakeOptions<TAccount> = HandshakeCallbacks<TAccount>;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAED;;;GAGG;AACH,MAAM,MAAM,UAAU,CAAC,QAAQ,IAC3B;IACE,OAAO,EAAE,QAAQ,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB,GACD;IACE,OAAO,EAAE,IAAI,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEN;;;;GAIG;AACH,MAAM,WAAW,QAAQ,CAAC,QAAQ;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CACV,SAAS,EAAE,kBAAkB,CAAC,QAAQ,CAAC,EACvC,GAAG,IAAI,EAAE,OAAO,EAAE,GACjB,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;CAClC;AAED;;;;GAIG;AACH,MAAM,WAAW,kBAAkB,CAAC,QAAQ;IAC1C;;OAEG;IACH,WAAW,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IAE9D;;OAEG;IACH,cAAc,CAAC,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAE3E;;OAEG;IACH,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnF;;OAEG;IACH,gBAAgB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;IAExE;;OAEG;IACH,qBAAqB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;CACxF;AAED;;;GAGG;AACH,MAAM,MAAM,gBAAgB,CAAC,QAAQ,IAAI,kBAAkB,CAAC,QAAQ,CAAC,CAAC"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,63 @@
+{
+  "name": "handshake-auth",
+  "description": "Lightweight, storage-agnostic authentication for Express.js",
+  "version": "0.1.0",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "lint": "eslint src tests",
+    "test": "npm run lint && vitest run",
+    "test:watch": "vitest",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "cookie-session": "^2.1.1"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.39.2",
+    "@types/cookie-session": "^2.0.49",
+    "@types/express": "^5.0.6",
+    "@types/node": "^25.1.0",
+    "eslint": "^9.39.2",
+    "typescript": "^5.9.3",
+    "typescript-eslint": "^8.54.0",
+    "vitest": "^4.0.18"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/chilts/handshake-auth.git"
+  },
+  "author": {
+    "name": "Andrew Chilton",
+    "email": "andychilton@gmail.com",
+    "url": "https://chilts.org/"
+  },
+  "keywords": [
+    "authentication",
+    "auth",
+    "express",
+    "passport",
+    "oauth",
+    "google",
+    "github",
+    "magic-link",
+    "passwordless",
+    "session",
+    "cookie-session"
+  ],
+  "license": "ISC"
+}