jcc-express-mvc 1.8.7 → 1.8.21

package/index.d.ts

@@ -1,4 +1,5 @@
 /// <reference path="./global.d.ts" />
+
 export { Authentication as Auth } from "./lib/Auth";
 export { config } from "./lib/Config/Config";
 export type {
@@ -12,25 +13,49 @@ export {
   verifyHash,
   jwtSign,
   jwtVerify,
+  jwtTokenType,
+  assertProductionJwtSecret,
+  authSessionCookieOptions,
+  checkJwtAccessTokenPayload,
   saveImage,
   asyncHandler,
   cloudinaryUpload,
   rootPath,
 } from "./lib/util";
+export type { JwtAccessTokenPayloadResult } from "./lib/util";
+export { loginRateLimit, registerRateLimit } from "./lib/Auth/loginRateLimit";
+export {
+  Socialite,
+  AbstractProvider,
+  SocialiteProvider,
+  resolveSocialiteConfig,
+  GoogleProvider,
+  GitHubProvider,
+  FacebookProvider,
+  GitLabProvider,
+  TwitterProvider,
+  SlackProvider,
+} from "./lib/Socialite";
+export type {
+  OAuthAuthorizeContext,
+  OAuthProviderConfig,
+} from "./lib/Socialite/types";
+/** Laravel Socialite-style OAuth user profile (class with getters + `toPlainObject()`). */
+export { SocialUser as SocialiteOAuthUser } from "./lib/Socialite/SocialUser";
 export declare const guest: (
   req: import("./lib/Interface").AppRequest,
   res: import("./lib/Interface").AppResponse,
-  next: import("./lib/Interface").AppNext
+  next: import("./lib/Interface").AppNext,
 ) => any;
 export declare const apiAuth: (
   req: import("./lib/Interface").AppRequest,
   res: import("./lib/Interface").AppResponse,
-  next: import("./lib/Interface").AppNext
+  next: import("./lib/Interface").AppNext,
 ) => Promise<import("./lib/Interface").AppResponse | undefined>;
 export declare const auth: (
   req: import("./lib/Interface").AppRequest,
   res: import("./lib/Interface").AppResponse,
-  next: import("./lib/Interface").AppNext
+  next: import("./lib/Interface").AppNext,
 ) => Promise<void>;
 export declare const httpContext: AppHttpContext;
 //# sourceMappingURL=index.d.ts.map

package/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../jcc-express-mvc/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,IAAI,IAAI,EAAE,MAAM,YAAY,CAAC;AAEpD,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,YAAY,EACV,UAAU,IAAI,OAAO,EACrB,WAAW,IAAI,QAAQ,EACvB,OAAO,IAAI,IAAI,GAChB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,WAAW,IAAI,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEhE,OAAO,EACL,MAAM,EACN,UAAU,EACV,OAAO,EACP,SAAS,EACT,SAAS,EACT,YAAY,EACZ,gBAAgB,EAChB,QAAQ,GACT,MAAM,YAAY,CAAC;AAEpB,eAAO,MAAM,KAAK,yIAAuB,CAAC;AAC1C,eAAO,MAAM,OAAO,gMAAyB,CAAC;AAC9C,eAAO,MAAM,IAAI,mJAAsB,CAAC;AACxC,eAAO,MAAM,WAAW,EAAS,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../jcc-express-mvc/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,IAAI,IAAI,EAAE,MAAM,YAAY,CAAC;AAEpD,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,YAAY,EACV,UAAU,IAAI,OAAO,EACrB,WAAW,IAAI,QAAQ,EACvB,OAAO,IAAI,IAAI,GAChB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,WAAW,IAAI,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEhE,OAAO,EACL,MAAM,EACN,UAAU,EACV,OAAO,EACP,SAAS,EACT,YAAY,EACZ,yBAAyB,EACzB,wBAAwB,EACxB,0BAA0B,EAC1B,SAAS,EACT,YAAY,EACZ,gBAAgB,EAChB,QAAQ,GACT,MAAM,YAAY,CAAC;AAEpB,YAAY,EAAE,2BAA2B,EAAE,MAAM,YAAY,CAAC;AAE9D,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9E,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,sBAAsB,EACtB,cAAc,EACd,cAAc,EACd,gBAAgB,EAChB,cAAc,EACd,eAAe,EACf,aAAa,GACd,MAAM,iBAAiB,CAAC;AACzB,YAAY,EACV,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,uBAAuB,CAAC;AAC/B,2FAA2F;AAC3F,OAAO,EAAE,UAAU,IAAI,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAE9E,eAAO,MAAM,KAAK,yIAAuB,CAAC;AAC1C,eAAO,MAAM,OAAO,gMAAyB,CAAC;AAC9C,eAAO,MAAM,IAAI,mJAAsB,CAAC;AACxC,eAAO,MAAM,WAAW,EAAS,cAAc,CAAC"}

package/index.js

@@ -1,84 +1,42 @@
 "use strict";
+/// <reference path="./global.d.ts" />
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.httpContext =
-  exports.auth =
-  exports.apiAuth =
-  exports.guest =
-  exports.rootPath =
-  exports.cloudinaryUpload =
-  exports.asyncHandler =
-  exports.saveImage =
-  exports.jwtVerify =
-  exports.jwtSign =
-  exports.verifyHash =
-  exports.bcrypt =
-  exports.config =
-  exports.Auth =
-    void 0;
+exports.httpContext = exports.auth = exports.apiAuth = exports.guest = exports.SocialiteOAuthUser = exports.SlackProvider = exports.TwitterProvider = exports.GitLabProvider = exports.FacebookProvider = exports.GitHubProvider = exports.GoogleProvider = exports.resolveSocialiteConfig = exports.SocialiteProvider = exports.AbstractProvider = exports.Socialite = exports.registerRateLimit = exports.loginRateLimit = exports.rootPath = exports.cloudinaryUpload = exports.asyncHandler = exports.saveImage = exports.checkJwtAccessTokenPayload = exports.authSessionCookieOptions = exports.assertProductionJwtSecret = exports.jwtTokenType = exports.jwtVerify = exports.jwtSign = exports.verifyHash = exports.bcrypt = exports.config = exports.Auth = void 0;
 const AuthMiddleware_1 = require("./lib/Auth/AuthMiddleware");
 var Auth_1 = require("./lib/Auth");
-Object.defineProperty(exports, "Auth", {
-  enumerable: true,
-  get: function () {
-    return Auth_1.Authentication;
-  },
-});
+Object.defineProperty(exports, "Auth", { enumerable: true, get: function () { return Auth_1.Authentication; } });
 var Config_1 = require("./lib/Config/Config");
-Object.defineProperty(exports, "config", {
-  enumerable: true,
-  get: function () {
-    return Config_1.config;
-  },
-});
+Object.defineProperty(exports, "config", { enumerable: true, get: function () { return Config_1.config; } });
 var util_1 = require("./lib/util");
-Object.defineProperty(exports, "bcrypt", {
-  enumerable: true,
-  get: function () {
-    return util_1.bcrypt;
-  },
-});
-Object.defineProperty(exports, "verifyHash", {
-  enumerable: true,
-  get: function () {
-    return util_1.verifyHash;
-  },
-});
-Object.defineProperty(exports, "jwtSign", {
-  enumerable: true,
-  get: function () {
-    return util_1.jwtSign;
-  },
-});
-Object.defineProperty(exports, "jwtVerify", {
-  enumerable: true,
-  get: function () {
-    return util_1.jwtVerify;
-  },
-});
-Object.defineProperty(exports, "saveImage", {
-  enumerable: true,
-  get: function () {
-    return util_1.saveImage;
-  },
-});
-Object.defineProperty(exports, "asyncHandler", {
-  enumerable: true,
-  get: function () {
-    return util_1.asyncHandler;
-  },
-});
-Object.defineProperty(exports, "cloudinaryUpload", {
-  enumerable: true,
-  get: function () {
-    return util_1.cloudinaryUpload;
-  },
-});
-Object.defineProperty(exports, "rootPath", {
-  enumerable: true,
-  get: function () {
-    return util_1.rootPath;
-  },
-});
+Object.defineProperty(exports, "bcrypt", { enumerable: true, get: function () { return util_1.bcrypt; } });
+Object.defineProperty(exports, "verifyHash", { enumerable: true, get: function () { return util_1.verifyHash; } });
+Object.defineProperty(exports, "jwtSign", { enumerable: true, get: function () { return util_1.jwtSign; } });
+Object.defineProperty(exports, "jwtVerify", { enumerable: true, get: function () { return util_1.jwtVerify; } });
+Object.defineProperty(exports, "jwtTokenType", { enumerable: true, get: function () { return util_1.jwtTokenType; } });
+Object.defineProperty(exports, "assertProductionJwtSecret", { enumerable: true, get: function () { return util_1.assertProductionJwtSecret; } });
+Object.defineProperty(exports, "authSessionCookieOptions", { enumerable: true, get: function () { return util_1.authSessionCookieOptions; } });
+Object.defineProperty(exports, "checkJwtAccessTokenPayload", { enumerable: true, get: function () { return util_1.checkJwtAccessTokenPayload; } });
+Object.defineProperty(exports, "saveImage", { enumerable: true, get: function () { return util_1.saveImage; } });
+Object.defineProperty(exports, "asyncHandler", { enumerable: true, get: function () { return util_1.asyncHandler; } });
+Object.defineProperty(exports, "cloudinaryUpload", { enumerable: true, get: function () { return util_1.cloudinaryUpload; } });
+Object.defineProperty(exports, "rootPath", { enumerable: true, get: function () { return util_1.rootPath; } });
+var loginRateLimit_1 = require("./lib/Auth/loginRateLimit");
+Object.defineProperty(exports, "loginRateLimit", { enumerable: true, get: function () { return loginRateLimit_1.loginRateLimit; } });
+Object.defineProperty(exports, "registerRateLimit", { enumerable: true, get: function () { return loginRateLimit_1.registerRateLimit; } });
+var Socialite_1 = require("./lib/Socialite");
+Object.defineProperty(exports, "Socialite", { enumerable: true, get: function () { return Socialite_1.Socialite; } });
+Object.defineProperty(exports, "AbstractProvider", { enumerable: true, get: function () { return Socialite_1.AbstractProvider; } });
+Object.defineProperty(exports, "SocialiteProvider", { enumerable: true, get: function () { return Socialite_1.SocialiteProvider; } });
+Object.defineProperty(exports, "resolveSocialiteConfig", { enumerable: true, get: function () { return Socialite_1.resolveSocialiteConfig; } });
+Object.defineProperty(exports, "GoogleProvider", { enumerable: true, get: function () { return Socialite_1.GoogleProvider; } });
+Object.defineProperty(exports, "GitHubProvider", { enumerable: true, get: function () { return Socialite_1.GitHubProvider; } });
+Object.defineProperty(exports, "FacebookProvider", { enumerable: true, get: function () { return Socialite_1.FacebookProvider; } });
+Object.defineProperty(exports, "GitLabProvider", { enumerable: true, get: function () { return Socialite_1.GitLabProvider; } });
+Object.defineProperty(exports, "TwitterProvider", { enumerable: true, get: function () { return Socialite_1.TwitterProvider; } });
+Object.defineProperty(exports, "SlackProvider", { enumerable: true, get: function () { return Socialite_1.SlackProvider; } });
+/** Laravel Socialite-style OAuth user profile (class with getters + `toPlainObject()`). */
+var SocialUser_1 = require("./lib/Socialite/SocialUser");
+Object.defineProperty(exports, "SocialiteOAuthUser", { enumerable: true, get: function () { return SocialUser_1.SocialUser; } });
 exports.guest = AuthMiddleware_1.authMiddleware.guest;
 exports.apiAuth = AuthMiddleware_1.authMiddleware.apiAuth;
 exports.auth = AuthMiddleware_1.authMiddleware.auth;

package/lib/Application/Application.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Application.d.ts","sourceRoot":"","sources":["../../../jcc-express-mvc/lib/Application/Application.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAE/D,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAQnE,qBAAa,WAAY,SAAQ,kBAAkB;IACjD,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,SAAS,CAAyB;IACnC,QAAQ,EAAE,MAAM,CAAY;IAC5B,YAAY,EAAE,WAAW,EAAE,CAAM;IACxC,OAAO,CAAC,OAAO,CAAW;IACnB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAM;;IAYxC,iBAAiB,CAAC,QAAQ,EAAE,KAAK,GAAG,EAAE,WAAW,KAAK,eAAe,GAAG,IAAI;IAqB5E,IAAI,IAAI,IAAI;IAUZ,OAAO,CAAC,YAAY;IAIpB,OAAO,CAAC,eAAe;IAIvB,OAAO,CAAC,aAAa;IAId,OAAO;IAKR,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;IAiB1B,MAAM,CAAC,aAAa;IAIpB,MAAM,CAAC,WAAW;CAGnB"}
+{"version":3,"file":"Application.d.ts","sourceRoot":"","sources":["../../../jcc-express-mvc/lib/Application/Application.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAE/D,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAQnE,qBAAa,WAAY,SAAQ,kBAAkB;IACjD,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,SAAS,CAAyB;IACnC,QAAQ,EAAE,MAAM,CAAY;IAC5B,YAAY,EAAE,WAAW,EAAE,CAAM;IACxC,OAAO,CAAC,OAAO,CAAW;IACnB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAM;;IAYxC,iBAAiB,CAAC,QAAQ,EAAE,KAAK,GAAG,EAAE,WAAW,KAAK,eAAe,GAAG,IAAI;IAoB5E,IAAI,IAAI,IAAI;YAUE,YAAY;IAI1B,OAAO,CAAC,eAAe;IAIvB,OAAO,CAAC,aAAa;IAId,OAAO;IAKR,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;IAiB1B,MAAM,CAAC,aAAa;IAIpB,MAAM,CAAC,WAAW;CAGnB"}

package/lib/Application/Application.js

@@ -53,8 +53,8 @@ class Application extends ExpressApplication_1.ExpressApplication {
         return this;
     }
     // Boot a specific provider
-    bootProvider(provider) {
-        provider.boot();
+    async bootProvider(provider) {
+        await provider.boot();
     }
     bootSubscribers(provider) {
         provider.subscribers();

package/lib/Application/ApplicationBuilder.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ApplicationBuilder.d.ts","sourceRoot":"","sources":["../../../jcc-express-mvc/lib/Application/ApplicationBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAQ3C,qBAAa,kBAAkB;IACtB,GAAG,EAAE,WAAW,CAAC;gBAEZ,GAAG,EAAE,WAAW;IAIrB,UAAU,CAAC,MAAM,EAAE,GAAG;IAKtB,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IActC,WAAW,CAAC,WAAW,EAAE,WAAW,EAAE;IAOtC,aAAa,CAClB,SAAS,EAAE,KAAK,CAAC,KAAK,GAAG,EAAE,WAAW,KAAK,eAAe,CAAC;IAgB7D,OAAO,CAAC,UAAU;IAMlB,OAAO,CAAC,gBAAgB;IAIjB,WAAW;IAKX,cAAc;IAWd,MAAM;CAKd"}
+{"version":3,"file":"ApplicationBuilder.d.ts","sourceRoot":"","sources":["../../../jcc-express-mvc/lib/Application/ApplicationBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAG/D,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAU3C,qBAAa,kBAAkB;IACtB,GAAG,EAAE,WAAW,CAAC;gBAEZ,GAAG,EAAE,WAAW;IAIrB,UAAU,CAAC,MAAM,EAAE,GAAG;IAKtB,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IActC,WAAW,CAAC,WAAW,EAAE,WAAW,EAAE;IAOtC,aAAa,CAClB,SAAS,EAAE,KAAK,CAAC,KAAK,GAAG,EAAE,WAAW,KAAK,eAAe,CAAC;IAyB7D,OAAO,CAAC,UAAU;IAMlB,OAAO,CAAC,gBAAgB;IAIjB,WAAW;IAKX,cAAc;IAWd,MAAM;CAKd"}

package/lib/Application/ApplicationBuilder.js

@@ -1,11 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ApplicationBuilder = void 0;
+const DatabaseServiceProvider_1 = require("../Database/DatabaseServiceProvider");
 const Middleware_1 = require("../Middleware");
 const NodeArtisanCommand_1 = require("../Command-Line/NodeArtisanCommand");
 const helpers_1 = require("../Global/helpers");
-const Queue_1 = require("../Queue");
 const AuthServiceProvider_1 = require("../Providers/AuthServiceProvider");
+const SessionServiceProvider_1 = require("../Providers/SessionServiceProvider");
+const QueueServiceProvider_1 = require("../Queue/QueueServiceProvider");
 class ApplicationBuilder {
     constructor(app) {
         this.app = app;
@@ -16,13 +18,13 @@ class ApplicationBuilder {
     }
     withConfig(config) {
         this.app.config = { ...this.app.config, ...config };
-        if (config.queue?.default && config.queue?.connections) {
-            this.app.singleton("Queue", () => {
-                const defaultConnection = config.queue.default;
-                const queueConfig = config.queue.connections[defaultConnection];
-                return new Queue_1.Queue(queueConfig ?? config.queue.connections.memory ?? { driver: "memory", queue: "default" });
-            });
-        }
+        // if (config.queue?.default && config.queue?.connections) {
+        //   this.app.singleton("Queue", () => {
+        //     const defaultConnection = config.queue.default;
+        //     const queueConfig = (config.queue.connections as any)[defaultConnection];
+        //     return new Queue(queueConfig ?? config.queue.connections.memory ?? { driver: "memory", queue: "default" });
+        //   });
+        // }
         return this;
     }
     withRouting(routeConfig) {
@@ -35,11 +37,20 @@ class ApplicationBuilder {
         // Register AuthServiceProvider first when present (so auth events are set up before other providers)
         const ordered = providers.includes(AuthServiceProvider_1.AuthServiceProvider) &&
             providers[0] !== AuthServiceProvider_1.AuthServiceProvider
-            ? [AuthServiceProvider_1.AuthServiceProvider, ...providers.filter((P) => P !== AuthServiceProvider_1.AuthServiceProvider)]
+            ? [
+                AuthServiceProvider_1.AuthServiceProvider,
+                ...providers.filter((P) => P !== AuthServiceProvider_1.AuthServiceProvider),
+            ]
             : providers;
-        ordered.forEach((Provider) => {
+        const chain = [
+            DatabaseServiceProvider_1.DatabaseServiceProvider,
+            SessionServiceProvider_1.SessionServiceProvider,
+            ...ordered,
+            QueueServiceProvider_1.QueueServiceProvider,
+        ];
+        for (const Provider of chain) {
             this.app.registerProviders(Provider);
-        });
+        }
         return this;
     }
     withEvents() {

package/lib/Auth/AuthMiddleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthMiddleware.d.ts","sourceRoot":"","sources":["../../../jcc-express-mvc/lib/Auth/AuthMiddleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAIhE,cAAM,cAAc;IAClB,qCAAqC;IACxB,OAAO,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO;IAuBxD,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO;IAuB3D,KAAK,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO;CAgB9D;AAED,eAAO,MAAM,cAAc,gBAAuB,CAAC"}
+{"version":3,"file":"AuthMiddleware.d.ts","sourceRoot":"","sources":["../../../jcc-express-mvc/lib/Auth/AuthMiddleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAUhE,cAAM,cAAc;IAClB,qCAAqC;IACxB,OAAO,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO;IA6BxD,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO;IAmC3D,KAAK,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO;CAgB9D;AAED,eAAO,MAAM,cAAc,gBAAuB,CAAC"}

package/lib/Auth/AuthMiddleware.js

@@ -3,22 +3,27 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.authMiddleware = void 0;
 const Config_1 = require("../Config/Config");
 const util_1 = require("../util");
-const { User } = (0, util_1.getModel)("User");
 class AuthMiddleware {
     /** Middleware: API authentication */
     async apiAuth(req, res, next) {
+        const { User } = (0, util_1.getModel)("User");
         const token = req.headers.authorization?.split(" ")[1] || req.cookies.auth_token;
         if (!token)
             return res.status(401).json({ message: "Not authorized" });
         try {
-            const id = (0, util_1.jwtVerify)(token);
-            const user = Config_1.config.get("DB_ORM") === "mongodb"
+            const payload = (0, util_1.jwtVerify)(token);
+            if (!(0, util_1.checkJwtAccessTokenPayload)(payload).ok) {
+                return res.status(401).json({ message: "Not authorized" });
+            }
+            const id = (0, util_1.jwtSubjectId)(payload);
+            const user = Config_1.config.get("DB_ORM") === "mongodb" ||
+                Config_1.config.get("DB_ORM") === "mongoose"
                 ? await User.findById(id)
                 : await User.where("id", id).first();
             if (!user)
                 return res.status(401).json({ message: "Not authorized" });
             req.user = user;
-            req.id = id;
+            req.id = String(id);
             next();
         }
         catch (err) {
@@ -26,15 +31,26 @@ class AuthMiddleware {
         }
     }
     async auth(req, res, next) {
+        const { User } = (0, util_1.getModel)("User");
         const token = req.cookies.auth_token;
-        if (!token)
+        if (!token) {
+            req.jccSession?.put("redirect", req.url || "/");
             return res.redirect(`/login?redirect=${req.url || "/"}`);
+        }
         try {
             const payload = (0, util_1.jwtVerify)(token);
-            const user = await (0, util_1.findUserById)(User, payload.id);
+            if (!(0, util_1.checkJwtAccessTokenPayload)(payload).ok) {
+                res.clearCookie("auth_token", (0, util_1.authSessionCookieOptions)());
+                res.clearCookie("refresh_token", (0, util_1.authSessionCookieOptions)());
+                req.jccSession?.put("redirect", req.url || "/");
+                return res.redirect(`/login?redirect=${req.url || "/"}`);
+            }
+            const id = (0, util_1.jwtSubjectId)(payload);
+            const user = await (0, util_1.findUserById)(User, id);
             if (!user) {
-                res.clearCookie("auth_token");
-                res.clearCookie("refresh_token");
+                res.clearCookie("auth_token", (0, util_1.authSessionCookieOptions)());
+                res.clearCookie("refresh_token", (0, util_1.authSessionCookieOptions)());
+                req.jccSession?.put("redirect", req.url || "/");
                 return res.redirect(`/login?redirect=${req.url || "/"}`);
             }
             req.user = user;
@@ -42,8 +58,9 @@ class AuthMiddleware {
             next();
         }
         catch (err) {
-            res.clearCookie("auth_token");
-            res.clearCookie("refresh_token");
+            res.clearCookie("auth_token", (0, util_1.authSessionCookieOptions)());
+            res.clearCookie("refresh_token", (0, util_1.authSessionCookieOptions)());
+            req.jccSession?.put("redirect", req.url || "/");
             return res.redirect(`/login?redirect=${req.url || "/"}`);
         }
     }
@@ -55,8 +72,8 @@ class AuthMiddleware {
                     return res.redirect(303, req.previousUrls[1]);
                 }
                 else {
-                    res.clearCookie("auth_token");
-                    res.clearCookie("refresh_token");
+                    res.clearCookie("auth_token", (0, util_1.authSessionCookieOptions)());
+                    res.clearCookie("refresh_token", (0, util_1.authSessionCookieOptions)());
                     return res.redirect(303, req.url);
                 }
             }

package/lib/Auth/index.d.ts

@@ -1,16 +1,30 @@
 import { AppRequest, AppResponse, AppNext } from "../Interface";
+import { type IRefreshTokenStore } from "./refreshTokenStore";
 export declare class Authentication {
+    private static refreshStore;
+    /** Use a shared store (e.g. Redis) when running multiple app instances. */
+    static setRefreshTokenStore(store: IRefreshTokenStore): void;
     /** Get user lookup field (email, phone, username) */
     private static getCredentials;
     /** Fetch user from DB (MongoDB, Sequelize, or JCC ORM) */
     private static getUser;
-    /** Generate and attach tokens to cookies */
+    /** Generate and attach tokens to cookies (refresh is rotated server-side via `jti`). */
     private static setTokens;
     /** Handle user login attempt */
-    static attempt: (req: AppRequest, res: AppResponse, next: AppNext, redirect?: string) => Promise<void | AppResponse>;
+    static attempt: (next: AppNext, redirect?: string) => Promise<void>;
+    /**
+     * After the user is resolved (e.g. OAuth via Socialite), issue JWT cookies
+     * and redirect or JSON response like {@link Authentication.attempt}.
+     */
+    static completeLogin(req: AppRequest, res: AppResponse, userId: string | number, redirect?: string): Promise<void>;
     /** Refresh token middleware */
     static refreshToken(req: AppRequest, res: AppResponse, next: AppNext): Promise<AppResponse | undefined>;
     /** Logout handler */
-    static logout(req: AppRequest, res: AppResponse): void;
+    static logout(): void;
+    /** True when the access cookie is a valid, usable JWT (not refresh / disallowed legacy). */
+    static check(): boolean;
+    static user(): Record<string, any>;
+    static id(): any;
+    static socialLogin(userId: string | number): Promise<void>;
 }
 //# sourceMappingURL=index.d.ts.map

package/lib/Auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../jcc-express-mvc/lib/Auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAehE,qBAAa,cAAc;IACzB,qDAAqD;IACrD,OAAO,CAAC,MAAM,CAAC,cAAc;IAc7B,0DAA0D;mBACrC,OAAO;IAoB5B,4CAA4C;IAC5C,OAAO,CAAC,MAAM,CAAC,SAAS;IAuBxB,gCAAgC;IAChC,MAAM,CAAC,OAAO,GACZ,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,MAAM,OAAO,EACb,WAAU,MAAgB,iCAuB1B;IAEF,+BAA+B;WAClB,YAAY,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO;IAmB1E,qBAAqB;IACrB,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW;CAKhD"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../jcc-express-mvc/lib/Auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAgBhE,OAAO,EAEL,KAAK,kBAAkB,EACxB,MAAM,qBAAqB,CAAC;AAsB7B,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAC,YAAY,CAAgD;IAE3E,2EAA2E;IAC3E,MAAM,CAAC,oBAAoB,CAAC,KAAK,EAAE,kBAAkB,GAAG,IAAI;IAI5D,qDAAqD;IACrD,OAAO,CAAC,MAAM,CAAC,cAAc;IAc7B,0DAA0D;mBACrC,OAAO;IAqB5B,wFAAwF;IACxF,OAAO,CAAC,MAAM,CAAC,SAAS;IA0BxB,gCAAgC;IAChC,MAAM,CAAC,OAAO,GAAU,MAAM,OAAO,EAAE,WAAU,MAAgB,mBAqB/D;IAEF;;;OAGG;WACU,aAAa,CACxB,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,MAAM,GAAG,MAAM,EACvB,QAAQ,GAAE,MAAgB,GACzB,OAAO,CAAC,IAAI,CAAC;IA4BhB,+BAA+B;WAClB,YAAY,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO;IAsC1E,qBAAqB;IACrB,MAAM,CAAC,MAAM;IAsBb,4FAA4F;IAC5F,MAAM,CAAC,KAAK,IAAI,OAAO;IAWvB,MAAM,CAAC,IAAI;IAIX,MAAM,CAAC,EAAE;WAII,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;CAGjD"}

package/lib/Auth/index.js

@@ -6,8 +6,28 @@ const util_1 = require("../util");
 const Config_1 = require("../Config/Config");
 const ValidationException_v2_1 = require("../Error/ValidationException-v2");
 const Jcc_eloquent_1 = require("../Jcc-eloquent");
-const { User } = (0, util_1.getModel)("User");
+const refreshTokenStore_1 = require("./refreshTokenStore");
+const REFRESH_TTL_MS = 7 * 24 * 60 * 60 * 1000;
+const ACCESS_MAX_AGE_MS = 60 * 60 * 1000;
+function clearAuthCookies(res) {
+    const base = (0, util_1.authSessionCookieOptions)();
+    res.clearCookie("auth_token", base);
+    res.clearCookie("refresh_token", base);
+}
+/** Avoid open redirects: only same-origin relative paths. */
+function safeInternalRedirect(url, fallback) {
+    if (!url || typeof url !== "string")
+        return fallback;
+    const t = url.trim();
+    if (t.startsWith("/") && !t.startsWith("//") && !t.includes("\\"))
+        return t;
+    return fallback;
+}
 class Authentication {
+    /** Use a shared store (e.g. Redis) when running multiple app instances. */
+    static setRefreshTokenStore(store) {
+        _a.refreshStore = store;
+    }
     /** Get user lookup field (email, phone, username) */
     static getCredentials(data) {
         const query = {};
@@ -24,12 +44,13 @@ class Authentication {
     }
     /** Fetch user from DB (MongoDB, Sequelize, or JCC ORM) */
     static async getUser(data) {
+        const { User } = (0, util_1.getModel)("User");
         const field = this.getCredentials(data);
         if (!Object.keys(field).length)
             return { user: null, field: "email" };
         let user = null;
         const orm = Config_1.config.get("DB_ORM");
-        if (orm === "mongodb") {
+        if (orm === "mongodb" || orm === "mongoose") {
             user = await User.findOne(field).select("+password");
         }
         else if (orm === "sequelize") {
@@ -43,54 +64,140 @@ class Authentication {
         }
         return { user, field: Object.keys(field)[0] || "email" };
     }
-    /** Generate and attach tokens to cookies */
+    /** Generate and attach tokens to cookies (refresh is rotated server-side via `jti`). */
     static setTokens(res, userId) {
-        const accessToken = (0, util_1.jwtSign)(userId.toString(), { expiresIn: "1h" });
-        const refreshToken = (0, util_1.jwtSign)(userId.toString(), { expiresIn: "7d" });
-        const cookieOptions = {
-            httpOnly: true,
-            secure: Config_1.config.get("APP_ENV") === "production",
-            sameSite: "lax",
-        };
+        const id = String(userId);
+        const jti = _a.refreshStore.generateJti();
+        _a.refreshStore.register(jti, id, REFRESH_TTL_MS);
+        const accessToken = (0, util_1.jwtSign)(id, { expiresIn: "1h" });
+        const refreshToken = (0, util_1.jwtSign)({ id, typ: "refresh", jti }, { expiresIn: "7d" });
+        const cookieOptions = (0, util_1.authSessionCookieOptions)();
         res.cookie("auth_token", accessToken, {
             ...cookieOptions,
-            maxAge: 1000 * 60 * 60, // 1 hour
+            maxAge: ACCESS_MAX_AGE_MS,
         });
         res.cookie("refresh_token", refreshToken, {
             ...cookieOptions,
-            maxAge: 1000 * 60 * 60 * 24 * 7, // 7 days
+            maxAge: REFRESH_TTL_MS,
         });
         return { accessToken, refreshToken };
     }
+    /**
+     * After the user is resolved (e.g. OAuth via Socialite), issue JWT cookies
+     * and redirect or JSON response like {@link Authentication.attempt}.
+     */
+    static async completeLogin(req, res, userId, redirect = "/home") {
+        const { User } = (0, util_1.getModel)("User");
+        const tokens = this.setTokens(res, userId);
+        const user = await (0, util_1.findUserById)(User, userId);
+        if (!user) {
+            if (req.expectsJson() && !req.isInertia()) {
+                res.status(401).json({ message: "Unauthorized" });
+            }
+            else {
+                req.jccSession?.flash("error", "Could not sign you in.");
+                res.redirect(303, "/login");
+            }
+            return;
+        }
+        if (req.expectsJson() && !req.isInertia()) {
+            const plain = typeof user?.toObject === "function" ? user.toObject() : user;
+            res.status(200).json({
+                tokens: { accessToken: tokens.accessToken },
+                user: plain,
+            });
+            return;
+        }
+        const sessionRedirect = req.jccSession?.get("redirect") || "";
+        req.jccSession?.forget("redirect");
+        const redirectTo = safeInternalRedirect(sessionRedirect, redirect);
+        res.redirect(303, redirectTo);
+    }
     /** Refresh token middleware */
     static async refreshToken(req, res, next) {
+        const { User } = (0, util_1.getModel)("User");
         try {
             const refreshToken = req.cookies.refresh_token;
             if (!refreshToken)
                 throw new Error("No refresh token");
-            const userId = (0, util_1.jwtVerify)(refreshToken);
+            const payload = (0, util_1.jwtVerify)(refreshToken);
+            const kind = (0, util_1.jwtTokenType)(payload);
+            if (kind === "access") {
+                throw new Error("Invalid refresh token");
+            }
+            const jti = payload != null &&
+                typeof payload === "object" &&
+                typeof payload.jti === "string"
+                ? payload.jti
+                : "";
+            if (!jti) {
+                throw new Error("Invalid refresh token");
+            }
+            const session = _a.refreshStore.consume(jti);
+            const userId = (0, util_1.jwtSubjectId)(payload);
+            if (!session || session.userId !== String(userId)) {
+                throw new Error("Invalid refresh token");
+            }
             this.setTokens(res, userId);
-            // Use universal finder
             req.user = await (0, util_1.findUserById)(User, userId);
             next();
         }
         catch (error) {
-            res.clearCookie("auth_token");
-            res.clearCookie("refresh_token");
+            clearAuthCookies(res);
             return res.status(401).json({ message: "Unauthorized" });
         }
     }
     /** Logout handler */
-    static logout(req, res) {
-        res.clearCookie("auth_token");
-        res.clearCookie("refresh_token");
+    static logout() {
+        const req = request();
+        const res = response();
+        try {
+            const rt = req.cookies?.refresh_token;
+            if (rt) {
+                const payload = (0, util_1.jwtVerify)(rt);
+                if (payload != null &&
+                    typeof payload === "object" &&
+                    typeof payload.jti === "string") {
+                    _a.refreshStore.revoke(payload.jti);
+                }
+            }
+        }
+        catch {
+            /* expired or malformed */
+        }
+        clearAuthCookies(res);
         return res.redirect("/login");
     }
+    /** True when the access cookie is a valid, usable JWT (not refresh / disallowed legacy). */
+    static check() {
+        const token = request().cookies?.auth_token;
+        if (!token)
+            return false;
+        try {
+            const payload = (0, util_1.jwtVerify)(token);
+            return (0, util_1.checkJwtAccessTokenPayload)(payload).ok;
+        }
+        catch {
+            return false;
+        }
+    }
+    static user() {
+        return request().user;
+    }
+    static id() {
+        return request().user?.id || request().user?._id;
+    }
+    static async socialLogin(userId) {
+        return this.completeLogin(request(), response(), userId, "/home");
+    }
 }
 exports.Authentication = Authentication;
 _a = Authentication;
+Authentication.refreshStore = refreshTokenStore_1.defaultRefreshTokenStore;
 /** Handle user login attempt */
-Authentication.attempt = async (req, res, next, redirect = "/home") => {
+Authentication.attempt = async (next, redirect = "/home") => {
+    const req = request();
+    const res = response();
     try {
         const { user, field } = await _a.getUser(req.body);
         if (!user)
@@ -98,12 +205,7 @@ Authentication.attempt = async (req, res, next, redirect = "/home") => {
         if (!(await (0, util_1.verifyHash)(req.body.password, user.password))) {
             throw new ValidationException_v2_1.ValidationException({ [field]: ["Invalid credentials"] });
         }
-        const tokens = _a.setTokens(res, user.id || user._id);
-        if (req.expectsJson() && !req.isInertia()) {
-            return res.status(200).json({ tokens, user });
-        }
-        const redirectTo = req.query.redirect?.toString() || redirect;
-        return res.redirect(303, redirectTo);
+        await _a.completeLogin(req, res, user.id || user._id, redirect);
     }
     catch (error) {
         next(error);

package/lib/Auth/loginRateLimit.d.ts

@@ -0,0 +1,6 @@
+import type { RequestHandler } from "express";
+/** Stricter limit for login attempts (per IP). */
+export declare const loginRateLimit: RequestHandler;
+/** Stricter limit for registration (per IP). */
+export declare const registerRateLimit: RequestHandler;
+//# sourceMappingURL=loginRateLimit.d.ts.map

package/lib/Auth/loginRateLimit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loginRateLimit.d.ts","sourceRoot":"","sources":["../../../jcc-express-mvc/lib/Auth/loginRateLimit.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAE9C,kDAAkD;AAClD,eAAO,MAAM,cAAc,EAAE,cAO3B,CAAC;AAEH,gDAAgD;AAChD,eAAO,MAAM,iBAAiB,EAAE,cAO9B,CAAC"}