ideal-auth 0.7.0 → 1.0.0

package/dist/auth-instance.js

@@ -121,5 +121,22 @@ export function createAuthInstance(deps) {
             const session = await readSession();
             return session?.uid ?? null;
         },
+        async touch() {
+            const session = await readSession();
+            if (!session)
+                return;
+            const maxAge = session.exp - session.iat;
+            const now = Math.floor(Date.now() / 1000);
+            const newPayload = {
+                uid: session.uid,
+                iat: session.iat, // preserve original issued-at for passwordChangedAt checks
+                exp: now + maxAge,
+                ...(session.data !== undefined && { data: session.data }),
+            };
+            const sealed = await seal(newPayload, deps.secret);
+            const opts = buildCookieOptions(maxAge, deps.cookieOptions);
+            await deps.cookie.set(deps.cookieName, sealed, opts);
+            cachedPayload = newPayload;
+        },
     };
 }

package/dist/types.d.ts

@@ -86,6 +86,8 @@ export interface AuthInstance<TUser extends AnyUser = AnyUser> {
     check(): Promise<boolean>;
     user(): Promise<TUser | null>;
     id(): Promise<string | null>;
+    /** Re-seal the session cookie with a fresh expiry. No database call needed. Does nothing if no valid session exists. */
+    touch(): Promise<void>;
 }
 export interface HashInstance {
     make(password: string): Promise<string>;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ideal-auth",
-  "version": "0.7.0",
+  "version": "1.0.0",
   "description": "Auth primitives for the JS ecosystem. Zero framework dependencies.",
   "scripts": {
     "build": "tsc",
@@ -51,5 +51,32 @@
     "type": "git",
     "url": "git+https://github.com/ramonmalcolm10/ideal-auth.git"
   },
-  "license": "MIT"
+  "license": "MIT",
+  "keywords": [
+    "auth",
+    "authentication",
+    "session",
+    "cookie",
+    "login",
+    "password",
+    "bcrypt",
+    "argon2",
+    "hash",
+    "totp",
+    "2fa",
+    "two-factor",
+    "mfa",
+    "rate-limit",
+    "csrf",
+    "encryption",
+    "iron-session",
+    "nextjs",
+    "sveltekit",
+    "express",
+    "hono",
+    "nuxt",
+    "bun",
+    "passkey",
+    "webauthn"
+  ]
 }

package/skills/ideal-auth/SKILL.md

@@ -154,6 +154,7 @@ Key rules:
 | `check()` | `Promise<boolean>` | Is the session valid? (fast, cached) |
 | `user()` | `Promise<TUser \| null>` | Get the authenticated user (from DB with `resolveUser`, or from cookie with `sessionFields`) |
 | `id()` | `Promise<string \| null>` | Get the authenticated user's ID |
+| `touch()` | `Promise<void>` | Re-seal the session cookie with a fresh expiry. No database call needed. |
 
 #### LoginOptions
 
@@ -166,6 +167,20 @@ type LoginOptions = {
 };
 ```
 
+#### Session Extension with `touch()`
+
+Sessions have a fixed expiry. Call `touch()` in middleware to extend the session for active users:
+
+```typescript
+// In middleware — where cookie writes are allowed
+const session = auth();
+if (await session.check()) {
+  await session.touch(); // re-seals cookie with fresh exp
+}
+```
+
+`touch()` re-seals with the same `maxAge` as the original session. No database call needed. `check()`, `user()`, and `id()` are read-only — they never write cookies. Only call `touch()` where cookie writes are allowed (middleware, route handlers, server actions — NOT Server Components).
+
 #### `attempt()` — Two Modes
 
 **Laravel-style (recommended):** Provide `hash` and `resolveUserByCredentials`. The `attempt()` method strips the credential key (default `'password'`) from credentials, looks up the user with remaining fields, and verifies the hash automatically.