kroxt 1.1.4 → 1.2.0

package/README.md

@@ -1,210 +1,177 @@
-# kroxt
+# kroxt 🔐
 
-A framework-agnostic, modular authentication engine for modern TypeScript applications. Built for security, extensibility, and ease of use.
+A framework-agnostic, modular authentication engine for modern TypeScript applications. Built for security, extensibility, and pure developer joy.
 
-## Features
+[![npm version](https://img.shields.io/npm/v/kroxt.svg)](https://www.npmjs.com/package/kroxt)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
-- 🔐 **Secure Hashing**: Powered by `argon2` for industry-standard password security.
-- 🎟️ **Dual-Token Sessions**: Native support for Access and Refresh tokens via `jose`.
-- 🧩 **JWT Customization**: Fully extensible payload with support for custom user fields and `sub` override.
-- 🌍 **OAuth Ready**: Built-in support for GitHub and Google OAuth via `arctic`.
-- 🧩 **Database Agnostic**: Use Mongoose, Prisma, Drizzle, or any store via the `AuthAdapter` pattern.
-- 🌶️ **Password Peppering**: Server-side pepper support for enhanced hash protection.
-- 🛡️ **Timing Attack Protection**: Built-in safeguards against side-channel analysis during login.
-- ✅ **Zod Schema Support**: Perfectly preserves and types your user metadata.
-- 🌍 **Dual ESM/CJS Support**: Native support for both modern ESM (`import`) and CommonJS (`require`).
+## 🚀 Why Kroxt?
 
-## Installation
+Authentication is often either too complex (Passport, Auth.js) or too restrictive. Kroxt is the **"Headless" Auth Engine** that gives you the best of both worlds:
 
-```bash
-npm install kroxt
+- 🏗️ **Database Agnostic**: Native adapters for **Prisma**, **Drizzle**, and **Mongoose**.
+- 🛠️ **Modular**: Use only what you need. No forced session managers or UI components.
+- 🔐 **Security First**: Argon2 hashing, dual-token rotation, and timing-attack protection built-in.
+- 🧩 **TypeScript Native**: Perfectly preserves your user schemas and metadata.
+
+---
+
+## 🗺️ How it Works
+
+Kroxt sits between your database and your controller logic. It handles the "heavy lifting" (hashing, JWT signing, token rotation) while you maintain full control over your API.
+
+```mermaid
+graph LR
+    A[Client] -- "Credentials" --> B[Express/Fastify]
+    B -- "auth.signup()" --> C[Kroxt Engine]
+    C -- "Save User" --> D[(Database Adapter)]
+    D -- "Success" --> C
+    C -- "Tokens + User" --> B
+    B -- "Set Cookies/JSON" --> A
+    
+    subgraph Adapters
+    D
+    E[Mongoose]
+    F[Drizzle]
+    G[Prisma]
+    end
 ```
 
 ---
 
-## Guide: Full Authentication Flow
+## 🏁 Quick Start (5 Minutes)
+
+### 1. Installation
 
-This guide walks you through setting up Kroxt from scratch in your application.
+```bash
+npm install kroxt
+```
 
-### Step 1: Define your User
+### 2. Choose Your Adapter
 
-First, define what a User looks like in your system. Kroxt allows any additional fields (like `role`, `schoolId`, etc.) which you can later sign into your JWTs.
+Kroxt provides official adapters for the most popular ORMs.
 
+#### **Option A: Drizzle (SQLite/PG/MySQL)**
 ```typescript
-export interface MyUser {
-  id: string;
-  email: string;
-  passwordHash: string;
-  role: 'admin' | 'user';
-  schoolId: string;    // Custom field for enterprise/multi-tenant apps
-  oauthProvider?: string; // Support for OAuth (e.g., 'github')
-  oauthId?: string;       // Unique ID from the provider
-  name: string;
-}
+import { createDrizzleAdapter } from "kroxt/adapters/drizzle";
+import { db } from "./db";
+import { users } from "./schema";
+import { eq } from "drizzle-orm";
+
+export const adapter = createDrizzleAdapter(db, users, eq);
 ```
 
-### Step 2: The Adapter Pattern
+#### **Option B: Prisma**
+```typescript
+import { createPrismaAdapter } from "kroxt/adapters/prisma";
+import { prisma } from "./db";
 
-Kroxt doesn't care which database you use. You just need to implement the `AuthAdapter` interface using your model. Here is a complete example using Mongoose:
+export const adapter = createPrismaAdapter(prisma.user);
+```
 
+#### **Option C: Mongoose**
 ```typescript
-import type { AuthAdapter } from "kroxt/adapter";
-import { User } from "./models/user.model.js"; // Your Mongoose model
-import type { MyUser } from "./types.js";
-
-export const myAdapter: AuthAdapter<MyUser> = {
-  createUser: async (data) => {
-    const user = await User.create(data);
-    const obj = user.toObject();
-    return { ...obj, id: obj._id.toString() };
-  },
-  findUserByEmail: async (email) => {
-    const user = await User.findOne({ email });
-    if (!user) return null;
-    const obj = user.toObject();
-    return { ...obj, id: obj._id.toString() };
-  },
-  findUserById: async (id) => {
-    const user = await User.findById(id);
-    if (!user) return null;
-    const obj = user.toObject();
-    return { ...obj, id: obj._id.toString() };
-  },
-  linkOAuthAccount: async (userId, provider, providerId) => {
-    await User.findByIdAndUpdate(userId, {
-      oauthProvider: provider,
-      oauthId: providerId
-    });
-  }
-};
-```
+import { createMongoAdapter } from "kroxt/adapters/mongoose";
+import { User } from "./models/user.model";
 
-### Step 3: Initialize the Auth Engine
+export const adapter = createMongoAdapter(User);
+```
 
-Configure Kroxt with your adapter and security settings.
+### 3. Initialize the Engine
 
 ```typescript
-import { createAuth } from "kroxt";
-import { myAdapter } from "./myAdapter.js";
+import { createAuth } from "kroxt/core";
+import { adapter } from "./auth-adapter";
 
 export const auth = createAuth({
-  adapter: myAdapter,
-  secret: process.env.AUTH_SECRET, // High-entropy secret for JWT signing
-  pepper: process.env.AUTH_PEPPER, // Optional: Server-side pepper for password hashing
+  adapter,
+  secret: process.env.JWT_SECRET,
   session: {
-    expires: "15m",        // Access token duration
-    refreshExpires: "7d"   // Refresh token duration
-  },
-  jwt: {
-    /**
-     * Optional: Fully customize the JWT payload or add extra fields.
-     */
-    payload: (user, type) => {
-      // Only add extra details to 'access' tokens to keep 'refresh' tokens light.
-      if (type === "access") {
-        return {
-          schoolId: user.schoolId, // Add custom user detail
-          role: user.role,         // Explicitly include role
-        };
-      }
-      return {}; // Refresh tokens stay minimal
-    }
+    expires: "15m",
+    refreshExpires: "7d"
   }
 });
 ```
 
-### Step 4: Implement Controllers & Routes
+---
 
-Use the engine in your application logic. Examples below use an Express-like structure.
+## 🛡️ Core Authentication Flows
 
-#### Registration
+### **Registration**
 ```typescript
-app.post("/register", async (req, res) => {
-  const { name, email, password, ...extraFields } = req.body;
-  
-  // Kroxt handles argon2 hashing (with pepper) and token generation
-  const { user, accessToken, refreshToken } = await auth.signup({
-    name,
-    email,
-    ...extraFields
-  }, password);
-
-  res.json({ user, accessToken, refreshToken });
-});
+const { user, accessToken, refreshToken } = await auth.signup({ 
+  email, 
+  name, 
+  role: 'user' 
+}, password);
 ```
 
-#### Login
+### **Login**
 ```typescript
-app.post("/login", async (req, res) => {
-  const { email, password } = req.body;
-  
-  // Kroxt verifies password (timing-attack safe) and returns tokens
-  const { user, accessToken, refreshToken } = await auth.loginWithPassword(email, password);
-
-  res.json({ user, accessToken, refreshToken });
-});
+const { user, accessToken, refreshToken } = await auth.loginWithPassword(email, password);
 ```
 
-#### Token Refresh
-Keep users logged in by rotating access tokens using a valid refresh token.
+### **Token Refresh**
 ```typescript
-app.post("/refresh", async (req, res) => {
-  const { refreshToken } = req.body;
-  
-  // Returns a fresh access token
-  const { accessToken } = await auth.refresh(refreshToken);
-  
-  res.json({ accessToken });
-});
+const { accessToken } = await auth.refresh(refreshToken);
 ```
 
-#### Protecting Routes (Middleware)
+---
+
+## 🐣 Beginner Corner: What is "Headless"?
+
+If you're new to backend development, "Headless" means Kroxt **doesn't provide a UI** (no login buttons or pre-made forms). Instead, it provides the **engine** (the logic). 
+
+**Why is this good?**
+It means you can build your own login screen in React, Vue, or even a Mobile App, and Kroxt will handle the security part on the server exactly the same way every time.
+
+---
+
+## 🛠️ Advanced: Custom JWT Payloads
+
+Want to share a user's `role` or `plan` with the frontend via the JWT? Use the `payload` hook:
+
 ```typescript
-app.get("/me", async (req, res) => {
-  const token = req.headers.authorization?.split(" ")[1];
-  
-  // Verify the JWT and get the payload { sub: string, role: string, ... }
-  const payload = await auth.verifyToken(token, "access");
-  
-  if (!payload) return res.status(401).send("Unauthorized");
-  
-  const user = await myAdapter.findUserById(payload.sub);
-  res.json(user);
+export const auth = createAuth({
+  adapter,
+  jwt: {
+    payload: (user, type) => {
+      if (type === "access") {
+        return { 
+          role: user.role, 
+          tier: user.subscriptionTier 
+        };
+      }
+      return {}; // Keep refresh tokens small
+    }
+  }
 });
 ```
 
 ---
 
-## Security Best Practices
-
-### 1. Password Peppering
-Always use a `pepper` in production. It's a server-side secret added to passwords before hashing. If your database is leaked, the hashes cannot be cracked without this pepper.
+## 🛑 Common v1.2.0 Troubleshooting
 
-### 2. CSRF Protection
-Kroxt provides helpers for the double-submit cookie pattern. Use these if you are storing tokens in cookies.
+### "Cannot find module '.prisma/client/default.js'" (ESM on Windows)
+If you're using Prisma with ESM (`"type": "module"`) on Windows, you may need a robust import in your `src/db/index.ts`:
 
 ```typescript
-import { generateCsrfToken, verifyCsrf } from "kroxt/security";
-
-const token = generateCsrfToken();
-const isValid = verifyCsrf(tokenInRequest, tokenInCookie);
+import { createRequire } from "module";
+const require = createRequire(import.meta.url);
+const { PrismaClient } = require("@prisma/client");
 ```
 
-### 3. Secure Cookies
-If using cookies, always set these flags:
-- `httpOnly: true` (Prevents XSS)
-- `secure: true` (Requires HTTPS)
-- `sameSite: 'strict'` (Prevents CSRF)
-
-### 4. Rate Limiting
-Implement rate limiting (e.g., `express-rate-limit`) on `/login` and `/register` to block brute-force attempts.
+### Prisma "Unknown argument `name`"
+Prisma is strict about schemas. If you're sending extra fields in `auth.signup()`, ensure your `schema.prisma` includes them (marked as `?` optional if needed).
 
 ---
 
-## Reference Project
+## 🔗 Reference Project
 
-Check out the `kroxt-example` folder or the [GitHub repository](https://github.com/adepoju-oluwatobi/kroxt-example) for a complete **Express + MongoDB** implementation using this library.
+Complete working implementations:
+- [Express + Drizzle + SQLite](https://github.com/adepoju-oluwatobi/kroxt-example)
+- [Express + Mongoose](https://github.com/adepoju-oluwatobi/kroxt-example-cjs)
 
-## License
+## 📄 License
 
-MIT
+MIT © [Adepoju Oluwatobi](https://github.com/adepoju-oluwatobi)

package/dist/adapters/drizzle.cjs

@@ -0,0 +1,51 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var drizzle_exports = {};
+__export(drizzle_exports, {
+  createDrizzleAdapter: () => createDrizzleAdapter
+});
+module.exports = __toCommonJS(drizzle_exports);
+function createDrizzleAdapter(db, table, eq) {
+  return {
+    async createUser(data) {
+      const dataToSave = { id: data.id || globalThis.crypto.randomUUID(), ...data };
+      const results = await db.insert(table).values(dataToSave).returning();
+      return results[0];
+    },
+    async findUserByEmail(email) {
+      const results = await db.select().from(table).where(eq(table.email, email)).limit(1);
+      return results[0] || null;
+    },
+    async findUserById(id) {
+      const results = await db.select().from(table).where(eq(table.id, id)).limit(1);
+      return results[0] || null;
+    },
+    async linkOAuthAccount(userId, provider, providerId) {
+      await db.update(table).set({
+        oauthProvider: provider,
+        oauthId: providerId
+      }).where(eq(table.id, userId));
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createDrizzleAdapter
+});
+//# sourceMappingURL=drizzle.cjs.map

package/dist/adapters/drizzle.cjs.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/auth/adapters/drizzle.ts"],
+  "sourcesContent": ["import type { AuthAdapter, User } from \"./index.js\";\n\n/**\n * Creates a Drizzle ORM adapter.\n * \n * Works with any Drizzle-supported database (PostgreSQL, MySQL, SQLite)\n * by using the standard drizzle-orm `db` instance and table definition.\n * \n * @param db - The Drizzle database instance.\n * @param table - The Drizzle table representing users.\n * @param eq - The Drizzle `eq` operator (imported from `drizzle-orm`).\n * @returns An AuthAdapter compliant object.\n */\nexport function createDrizzleAdapter<TUser extends User = User>(\n  db: any,\n  table: any,\n  eq: any\n): AuthAdapter<TUser> {\n  return {\n    async createUser(data: any) {\n      const dataToSave = { id: data.id || globalThis.crypto.randomUUID(), ...data };\n      const results = await db.insert(table).values(dataToSave).returning();\n      return results[0] as TUser;\n    },\n\n    async findUserByEmail(email: string) {\n      const results = await db.select().from(table).where(eq(table.email, email)).limit(1);\n      return (results[0] || null) as TUser | null;\n    },\n\n    async findUserById(id: string) {\n      const results = await db.select().from(table).where(eq(table.id, id)).limit(1);\n      return (results[0] || null) as TUser | null;\n    },\n\n    async linkOAuthAccount(userId: string, provider: string, providerId: string) {\n      await db.update(table)\n        .set({\n          oauthProvider: provider,\n          oauthId: providerId,\n        })\n        .where(eq(table.id, userId));\n    },\n  };\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAaO,SAAS,qBACd,IACA,OACA,IACoB;AACpB,SAAO;AAAA,IACL,MAAM,WAAW,MAAW;AAC1B,YAAM,aAAa,EAAE,IAAI,KAAK,MAAM,WAAW,OAAO,WAAW,GAAG,GAAG,KAAK;AAC5E,YAAM,UAAU,MAAM,GAAG,OAAO,KAAK,EAAE,OAAO,UAAU,EAAE,UAAU;AACpE,aAAO,QAAQ,CAAC;AAAA,IAClB;AAAA,IAEA,MAAM,gBAAgB,OAAe;AACnC,YAAM,UAAU,MAAM,GAAG,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,GAAG,MAAM,OAAO,KAAK,CAAC,EAAE,MAAM,CAAC;AACnF,aAAQ,QAAQ,CAAC,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,aAAa,IAAY;AAC7B,YAAM,UAAU,MAAM,GAAG,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC,EAAE,MAAM,CAAC;AAC7E,aAAQ,QAAQ,CAAC,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,iBAAiB,QAAgB,UAAkB,YAAoB;AAC3E,YAAM,GAAG,OAAO,KAAK,EAClB,IAAI;AAAA,QACH,eAAe;AAAA,QACf,SAAS;AAAA,MACX,CAAC,EACA,MAAM,GAAG,MAAM,IAAI,MAAM,CAAC;AAAA,IAC/B;AAAA,EACF;AACF;",
+  "names": []
+}

package/dist/adapters/drizzle.d.ts

@@ -0,0 +1,14 @@
+import type { AuthAdapter, User } from "./index.js";
+/**
+ * Creates a Drizzle ORM adapter.
+ *
+ * Works with any Drizzle-supported database (PostgreSQL, MySQL, SQLite)
+ * by using the standard drizzle-orm `db` instance and table definition.
+ *
+ * @param db - The Drizzle database instance.
+ * @param table - The Drizzle table representing users.
+ * @param eq - The Drizzle `eq` operator (imported from `drizzle-orm`).
+ * @returns An AuthAdapter compliant object.
+ */
+export declare function createDrizzleAdapter<TUser extends User = User>(db: any, table: any, eq: any): AuthAdapter<TUser>;
+//# sourceMappingURL=drizzle.d.ts.map

package/dist/adapters/drizzle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"drizzle.d.ts","sourceRoot":"","sources":["../../src/auth/adapters/drizzle.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAEpD;;;;;;;;;;GAUG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,SAAS,IAAI,GAAG,IAAI,EAC5D,EAAE,EAAE,GAAG,EACP,KAAK,EAAE,GAAG,EACV,EAAE,EAAE,GAAG,GACN,WAAW,CAAC,KAAK,CAAC,CA2BpB"}

package/dist/adapters/drizzle.js

@@ -0,0 +1,27 @@
+function createDrizzleAdapter(db, table, eq) {
+  return {
+    async createUser(data) {
+      const dataToSave = { id: data.id || globalThis.crypto.randomUUID(), ...data };
+      const results = await db.insert(table).values(dataToSave).returning();
+      return results[0];
+    },
+    async findUserByEmail(email) {
+      const results = await db.select().from(table).where(eq(table.email, email)).limit(1);
+      return results[0] || null;
+    },
+    async findUserById(id) {
+      const results = await db.select().from(table).where(eq(table.id, id)).limit(1);
+      return results[0] || null;
+    },
+    async linkOAuthAccount(userId, provider, providerId) {
+      await db.update(table).set({
+        oauthProvider: provider,
+        oauthId: providerId
+      }).where(eq(table.id, userId));
+    }
+  };
+}
+export {
+  createDrizzleAdapter
+};
+//# sourceMappingURL=drizzle.js.map

package/dist/adapters/drizzle.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/auth/adapters/drizzle.ts"],
+  "sourcesContent": ["import type { AuthAdapter, User } from \"./index.js\";\n\n/**\n * Creates a Drizzle ORM adapter.\n * \n * Works with any Drizzle-supported database (PostgreSQL, MySQL, SQLite)\n * by using the standard drizzle-orm `db` instance and table definition.\n * \n * @param db - The Drizzle database instance.\n * @param table - The Drizzle table representing users.\n * @param eq - The Drizzle `eq` operator (imported from `drizzle-orm`).\n * @returns An AuthAdapter compliant object.\n */\nexport function createDrizzleAdapter<TUser extends User = User>(\n  db: any,\n  table: any,\n  eq: any\n): AuthAdapter<TUser> {\n  return {\n    async createUser(data: any) {\n      const dataToSave = { id: data.id || globalThis.crypto.randomUUID(), ...data };\n      const results = await db.insert(table).values(dataToSave).returning();\n      return results[0] as TUser;\n    },\n\n    async findUserByEmail(email: string) {\n      const results = await db.select().from(table).where(eq(table.email, email)).limit(1);\n      return (results[0] || null) as TUser | null;\n    },\n\n    async findUserById(id: string) {\n      const results = await db.select().from(table).where(eq(table.id, id)).limit(1);\n      return (results[0] || null) as TUser | null;\n    },\n\n    async linkOAuthAccount(userId: string, provider: string, providerId: string) {\n      await db.update(table)\n        .set({\n          oauthProvider: provider,\n          oauthId: providerId,\n        })\n        .where(eq(table.id, userId));\n    },\n  };\n}\n"],
+  "mappings": "AAaO,SAAS,qBACd,IACA,OACA,IACoB;AACpB,SAAO;AAAA,IACL,MAAM,WAAW,MAAW;AAC1B,YAAM,aAAa,EAAE,IAAI,KAAK,MAAM,WAAW,OAAO,WAAW,GAAG,GAAG,KAAK;AAC5E,YAAM,UAAU,MAAM,GAAG,OAAO,KAAK,EAAE,OAAO,UAAU,EAAE,UAAU;AACpE,aAAO,QAAQ,CAAC;AAAA,IAClB;AAAA,IAEA,MAAM,gBAAgB,OAAe;AACnC,YAAM,UAAU,MAAM,GAAG,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,GAAG,MAAM,OAAO,KAAK,CAAC,EAAE,MAAM,CAAC;AACnF,aAAQ,QAAQ,CAAC,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,aAAa,IAAY;AAC7B,YAAM,UAAU,MAAM,GAAG,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC,EAAE,MAAM,CAAC;AAC7E,aAAQ,QAAQ,CAAC,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,iBAAiB,QAAgB,UAAkB,YAAoB;AAC3E,YAAM,GAAG,OAAO,KAAK,EAClB,IAAI;AAAA,QACH,eAAe;AAAA,QACf,SAAS;AAAA,MACX,CAAC,EACA,MAAM,GAAG,MAAM,IAAI,MAAM,CAAC;AAAA,IAC/B;AAAA,EACF;AACF;",
+  "names": []
+}

package/dist/{adapter.cjs → adapters/index.cjs}

@@ -12,6 +12,6 @@ var __copyProps = (to, from, except, desc) => {
   return to;
 };
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var adapter_exports = {};
-module.exports = __toCommonJS(adapter_exports);
-//# sourceMappingURL=adapter.cjs.map
+var adapters_exports = {};
+module.exports = __toCommonJS(adapters_exports);
+//# sourceMappingURL=index.cjs.map

package/dist/adapters/index.cjs.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/auth/adapters/index.ts"],
+  "sourcesContent": ["export interface BaseUser {\n  id: string;\n  email: string;\n  passwordHash?: string;\n  role?: string;\n}\n\n// Allows any extended fields natively (like nin, bvn, maritalStatus, etc.)\nexport type User<TExtended = Record<string, any>> = BaseUser & TExtended;\n\nexport interface AuthAdapter<TUser = User> {\n  createUser: (data: any) => Promise<TUser>;\n  findUserByEmail: (email: string) => Promise<TUser | null>;\n  findUserById: (id: string) => Promise<TUser | null>;\n  linkOAuthAccount: (userId: string, provider: string, providerId: string) => Promise<void>;\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;AAAA;AAAA;",
+  "names": []
+}

package/dist/{adapter.d.ts → adapters/index.d.ts}

@@ -11,4 +11,4 @@ export interface AuthAdapter<TUser = User> {
     findUserById: (id: string) => Promise<TUser | null>;
     linkOAuthAccount: (userId: string, provider: string, providerId: string) => Promise<void>;
 }
-//# sourceMappingURL=adapter.d.ts.map
+//# sourceMappingURL=index.d.ts.map

package/dist/adapters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/adapters/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAGD,MAAM,MAAM,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,QAAQ,GAAG,SAAS,CAAC;AAEzE,MAAM,WAAW,WAAW,CAAC,KAAK,GAAG,IAAI;IACvC,UAAU,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,KAAK,CAAC,CAAC;IAC1C,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;IAC1D,YAAY,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;IACpD,gBAAgB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3F"}

package/dist/adapters/index.js

@@ -0,0 +1 @@
+//# sourceMappingURL=index.js.map

package/dist/{memoryAdapter.cjs → adapters/memory.cjs}

@@ -16,11 +16,11 @@ var __copyProps = (to, from, except, desc) => {
   return to;
 };
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var memoryAdapter_exports = {};
-__export(memoryAdapter_exports, {
+var memory_exports = {};
+__export(memory_exports, {
   createMemoryAdapter: () => createMemoryAdapter
 });
-module.exports = __toCommonJS(memoryAdapter_exports);
+module.exports = __toCommonJS(memory_exports);
 function createMemoryAdapter() {
   const users = /* @__PURE__ */ new Map();
   const accounts = /* @__PURE__ */ new Map();
@@ -52,4 +52,4 @@ function createMemoryAdapter() {
 0 && (module.exports = {
   createMemoryAdapter
 });
-//# sourceMappingURL=memoryAdapter.cjs.map
+//# sourceMappingURL=memory.cjs.map

package/dist/adapters/memory.cjs.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/auth/adapters/memory.ts"],
+  "sourcesContent": ["import type { AuthAdapter, User } from \"./index.js\";\n\n/**\n * Creates an in-memory database adapter for the auth engine.\n * This is useful for testing, prototyping, or when you don't need persistent storage.\n * All data is kept in memory and is lost when the server restarts.\n */\nexport function createMemoryAdapter<TUser extends User = User>(): AuthAdapter<TUser> {\n    const users = new Map<string, TUser>();\n    const accounts = new Map<string, { userId: string; provider: string; providerId: string }>();\n\n    return {\n        createUser: async (data: any) => {\n            // Auto-generate ID if not provided\n            const id = data.id || Date.now().toString();\n            const newUser = { ...data, id } as TUser;\n\n            // Store using email as the primary lookup key\n            users.set(newUser.email, newUser);\n            return newUser;\n        },\n\n        findUserByEmail: async (email: string) => {\n            return users.get(email) || null;\n        },\n\n        findUserById: async (id: string) => {\n            for (const user of users.values()) {\n                if (user.id === id) {\n                    return user;\n                }\n            }\n            return null;\n        },\n\n        linkOAuthAccount: async (userId: string, provider: string, providerId: string) => {\n            const accountId = `${provider}_${providerId}`;\n            accounts.set(accountId, { userId, provider, providerId });\n        }\n    };\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAOO,SAAS,sBAAqE;AACjF,QAAM,QAAQ,oBAAI,IAAmB;AACrC,QAAM,WAAW,oBAAI,IAAsE;AAE3F,SAAO;AAAA,IACH,YAAY,OAAO,SAAc;AAE7B,YAAM,KAAK,KAAK,MAAM,KAAK,IAAI,EAAE,SAAS;AAC1C,YAAM,UAAU,EAAE,GAAG,MAAM,GAAG;AAG9B,YAAM,IAAI,QAAQ,OAAO,OAAO;AAChC,aAAO;AAAA,IACX;AAAA,IAEA,iBAAiB,OAAO,UAAkB;AACtC,aAAO,MAAM,IAAI,KAAK,KAAK;AAAA,IAC/B;AAAA,IAEA,cAAc,OAAO,OAAe;AAChC,iBAAW,QAAQ,MAAM,OAAO,GAAG;AAC/B,YAAI,KAAK,OAAO,IAAI;AAChB,iBAAO;AAAA,QACX;AAAA,MACJ;AACA,aAAO;AAAA,IACX;AAAA,IAEA,kBAAkB,OAAO,QAAgB,UAAkB,eAAuB;AAC9E,YAAM,YAAY,GAAG,QAAQ,IAAI,UAAU;AAC3C,eAAS,IAAI,WAAW,EAAE,QAAQ,UAAU,WAAW,CAAC;AAAA,IAC5D;AAAA,EACJ;AACJ;",
+  "names": []
+}

package/dist/{memoryAdapter.d.ts → adapters/memory.d.ts}

@@ -1,8 +1,8 @@
-import type { AuthAdapter, User } from "./adapter.js";
+import type { AuthAdapter, User } from "./index.js";
 /**
  * Creates an in-memory database adapter for the auth engine.
  * This is useful for testing, prototyping, or when you don't need persistent storage.
  * All data is kept in memory and is lost when the server restarts.
  */
 export declare function createMemoryAdapter<TUser extends User = User>(): AuthAdapter<TUser>;
-//# sourceMappingURL=memoryAdapter.d.ts.map
+//# sourceMappingURL=memory.d.ts.map

package/dist/adapters/memory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../src/auth/adapters/memory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAEpD;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,SAAS,IAAI,GAAG,IAAI,KAAK,WAAW,CAAC,KAAK,CAAC,CAiCnF"}

package/dist/{memoryAdapter.js → adapters/memory.js}

@@ -28,4 +28,4 @@ function createMemoryAdapter() {
 export {
   createMemoryAdapter
 };
-//# sourceMappingURL=memoryAdapter.js.map
+//# sourceMappingURL=memory.js.map

package/dist/adapters/memory.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/auth/adapters/memory.ts"],
+  "sourcesContent": ["import type { AuthAdapter, User } from \"./index.js\";\n\n/**\n * Creates an in-memory database adapter for the auth engine.\n * This is useful for testing, prototyping, or when you don't need persistent storage.\n * All data is kept in memory and is lost when the server restarts.\n */\nexport function createMemoryAdapter<TUser extends User = User>(): AuthAdapter<TUser> {\n    const users = new Map<string, TUser>();\n    const accounts = new Map<string, { userId: string; provider: string; providerId: string }>();\n\n    return {\n        createUser: async (data: any) => {\n            // Auto-generate ID if not provided\n            const id = data.id || Date.now().toString();\n            const newUser = { ...data, id } as TUser;\n\n            // Store using email as the primary lookup key\n            users.set(newUser.email, newUser);\n            return newUser;\n        },\n\n        findUserByEmail: async (email: string) => {\n            return users.get(email) || null;\n        },\n\n        findUserById: async (id: string) => {\n            for (const user of users.values()) {\n                if (user.id === id) {\n                    return user;\n                }\n            }\n            return null;\n        },\n\n        linkOAuthAccount: async (userId: string, provider: string, providerId: string) => {\n            const accountId = `${provider}_${providerId}`;\n            accounts.set(accountId, { userId, provider, providerId });\n        }\n    };\n}\n"],
+  "mappings": "AAOO,SAAS,sBAAqE;AACjF,QAAM,QAAQ,oBAAI,IAAmB;AACrC,QAAM,WAAW,oBAAI,IAAsE;AAE3F,SAAO;AAAA,IACH,YAAY,OAAO,SAAc;AAE7B,YAAM,KAAK,KAAK,MAAM,KAAK,IAAI,EAAE,SAAS;AAC1C,YAAM,UAAU,EAAE,GAAG,MAAM,GAAG;AAG9B,YAAM,IAAI,QAAQ,OAAO,OAAO;AAChC,aAAO;AAAA,IACX;AAAA,IAEA,iBAAiB,OAAO,UAAkB;AACtC,aAAO,MAAM,IAAI,KAAK,KAAK;AAAA,IAC/B;AAAA,IAEA,cAAc,OAAO,OAAe;AAChC,iBAAW,QAAQ,MAAM,OAAO,GAAG;AAC/B,YAAI,KAAK,OAAO,IAAI;AAChB,iBAAO;AAAA,QACX;AAAA,MACJ;AACA,aAAO;AAAA,IACX;AAAA,IAEA,kBAAkB,OAAO,QAAgB,UAAkB,eAAuB;AAC9E,YAAM,YAAY,GAAG,QAAQ,IAAI,UAAU;AAC3C,eAAS,IAAI,WAAW,EAAE,QAAQ,UAAU,WAAW,CAAC;AAAA,IAC5D;AAAA,EACJ;AACJ;",
+  "names": []
+}

package/dist/adapters/mongoose.cjs

@@ -0,0 +1,55 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var mongoose_exports = {};
+__export(mongoose_exports, {
+  createMongoAdapter: () => createMongoAdapter
+});
+module.exports = __toCommonJS(mongoose_exports);
+function createMongoAdapter(model) {
+  return {
+    async createUser(data) {
+      const user = await model.create(data);
+      const obj = user.toObject();
+      return { ...obj, id: obj._id.toString() };
+    },
+    async findUserByEmail(email) {
+      const user = await model.findOne({ email });
+      if (!user) return null;
+      const obj = user.toObject();
+      return { ...obj, id: obj._id.toString() };
+    },
+    async findUserById(id) {
+      const user = await model.findById(id);
+      if (!user) return null;
+      const obj = user.toObject();
+      return { ...obj, id: obj._id.toString() };
+    },
+    async linkOAuthAccount(userId, provider, providerId) {
+      await model.findByIdAndUpdate(userId, {
+        oauthProvider: provider,
+        oauthId: providerId
+      });
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createMongoAdapter
+});
+//# sourceMappingURL=mongoose.cjs.map

package/dist/adapters/mongoose.cjs.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/auth/adapters/mongoose.ts"],
+  "sourcesContent": ["import type { AuthAdapter, User } from \"./index.js\";\n\n/**\n * Creates a MongoDB adapter using a Mongoose model.\n * \n * @param model - A Mongoose model instance (e.g., User model).\n * @returns An AuthAdapter compliant object.\n */\nexport function createMongoAdapter<TUser extends User = User>(model: any): AuthAdapter<TUser> {\n  return {\n    async createUser(data: any) {\n      const user = await model.create(data);\n      const obj = user.toObject();\n      return { ...obj, id: obj._id.toString() } as TUser;\n    },\n\n    async findUserByEmail(email: string) {\n      const user = await model.findOne({ email });\n      if (!user) return null;\n      const obj = user.toObject();\n      return { ...obj, id: obj._id.toString() } as TUser;\n    },\n\n    async findUserById(id: string) {\n      const user = await model.findById(id);\n      if (!user) return null;\n      const obj = user.toObject();\n      return { ...obj, id: obj._id.toString() } as TUser;\n    },\n\n    async linkOAuthAccount(userId: string, provider: string, providerId: string) {\n      await model.findByIdAndUpdate(userId, {\n        oauthProvider: provider,\n        oauthId: providerId,\n      });\n    },\n  };\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAQO,SAAS,mBAA8C,OAAgC;AAC5F,SAAO;AAAA,IACL,MAAM,WAAW,MAAW;AAC1B,YAAM,OAAO,MAAM,MAAM,OAAO,IAAI;AACpC,YAAM,MAAM,KAAK,SAAS;AAC1B,aAAO,EAAE,GAAG,KAAK,IAAI,IAAI,IAAI,SAAS,EAAE;AAAA,IAC1C;AAAA,IAEA,MAAM,gBAAgB,OAAe;AACnC,YAAM,OAAO,MAAM,MAAM,QAAQ,EAAE,MAAM,CAAC;AAC1C,UAAI,CAAC,KAAM,QAAO;AAClB,YAAM,MAAM,KAAK,SAAS;AAC1B,aAAO,EAAE,GAAG,KAAK,IAAI,IAAI,IAAI,SAAS,EAAE;AAAA,IAC1C;AAAA,IAEA,MAAM,aAAa,IAAY;AAC7B,YAAM,OAAO,MAAM,MAAM,SAAS,EAAE;AACpC,UAAI,CAAC,KAAM,QAAO;AAClB,YAAM,MAAM,KAAK,SAAS;AAC1B,aAAO,EAAE,GAAG,KAAK,IAAI,IAAI,IAAI,SAAS,EAAE;AAAA,IAC1C;AAAA,IAEA,MAAM,iBAAiB,QAAgB,UAAkB,YAAoB;AAC3E,YAAM,MAAM,kBAAkB,QAAQ;AAAA,QACpC,eAAe;AAAA,QACf,SAAS;AAAA,MACX,CAAC;AAAA,IACH;AAAA,EACF;AACF;",
+  "names": []
+}

package/dist/adapters/mongoose.d.ts

@@ -0,0 +1,9 @@
+import type { AuthAdapter, User } from "./index.js";
+/**
+ * Creates a MongoDB adapter using a Mongoose model.
+ *
+ * @param model - A Mongoose model instance (e.g., User model).
+ * @returns An AuthAdapter compliant object.
+ */
+export declare function createMongoAdapter<TUser extends User = User>(model: any): AuthAdapter<TUser>;
+//# sourceMappingURL=mongoose.d.ts.map

package/dist/adapters/mongoose.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mongoose.d.ts","sourceRoot":"","sources":["../../src/auth/adapters/mongoose.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAEpD;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,SAAS,IAAI,GAAG,IAAI,EAAE,KAAK,EAAE,GAAG,GAAG,WAAW,CAAC,KAAK,CAAC,CA6B5F"}