limen-auth 0.0.0

package/dist/plugins/magic-link/index.d.mts

@@ -0,0 +1,2 @@
+import { n as RequestMagicLinkInput, r as VerifyMagicLinkInput, t as magicLinkPlugin } from "../../index-dEksIImj.mjs";
+export { type RequestMagicLinkInput, type VerifyMagicLinkInput, magicLinkPlugin };

package/dist/plugins/magic-link/index.mjs

@@ -0,0 +1,21 @@
+import { n as defineRoutes, t as defineClientPlugin } from "../../define-plugin-C7WOGU4b.mjs";
+import { t as route } from "../../route-DGxvFqWl.mjs";
+//#region src/plugins/magic-link/index.ts
+function magicLinkPlugin() {
+	return defineClientPlugin({
+		id: "magic-link",
+		basePath: "/magic-link",
+		routes: defineRoutes(route()({
+			method: "POST",
+			path: "/signin"
+		}), route()({
+			method: "GET",
+			path: "/verify",
+			parseSession: true
+		}))
+	});
+}
+//#endregion
+export { magicLinkPlugin };
+
+//# sourceMappingURL=index.mjs.map

package/dist/plugins/magic-link/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":[],"sources":["../../../src/plugins/magic-link/index.ts"],"sourcesContent":["import { defineClientPlugin, defineRoutes } from \"../../define-plugin\";\nimport { route } from \"../../route\";\nimport type { Session } from \"../../types\";\nimport type { RequestMagicLinkInput, VerifyMagicLinkInput } from \"./types\";\n\nexport function magicLinkPlugin<TFields = unknown>() {\n  const routes = defineRoutes(\n    route<RequestMagicLinkInput, { message: string }>()({\n      method: \"POST\",\n      path: \"/signin\",\n    }),\n    route<VerifyMagicLinkInput, Session<TFields>>()({\n      method: \"GET\",\n      path: \"/verify\",\n      parseSession: true,\n    }),\n  );\n\n  return defineClientPlugin({\n    id: \"magic-link\",\n    basePath: \"/magic-link\",\n    routes,\n  });\n}\n\nexport type { RequestMagicLinkInput, VerifyMagicLinkInput } from \"./types\";\n"],"mappings":";;;AAKA,SAAgB,kBAAqC;CAanD,OAAO,mBAAmB;EACxB,IAAI;EACJ,UAAU;EACV,QAfa,aACb,MAAkD,CAAC,CAAC;GAClD,QAAQ;GACR,MAAM;EACR,CAAC,GACD,MAA8C,CAAC,CAAC;GAC9C,QAAQ;GACR,MAAM;GACN,cAAc;EAChB,CAAC,CAMI;CACP,CAAC;AACH"}

package/dist/plugins/oauth/index.d.mts

@@ -0,0 +1,2 @@
+import { a as OAuthAuthorizeResult, i as OAuthAuthorizeQuery, n as LinkOAuthInput, o as OAuthTokens, r as OAuthAccount, s as SignInOAuthInput, t as oauthClientPlugin } from "../../index-DV6YcNSu.mjs";
+export { type LinkOAuthInput, type OAuthAccount, type OAuthAuthorizeQuery, type OAuthAuthorizeResult, type OAuthTokens, type SignInOAuthInput, oauthClientPlugin };

package/dist/plugins/oauth/index.mjs

@@ -0,0 +1,56 @@
+import { r as camelizeKeys } from "../../helpers-Cs3VtXdv.mjs";
+import { n as defineRoutes, t as defineClientPlugin } from "../../define-plugin-C7WOGU4b.mjs";
+import { t as route } from "../../route-DGxvFqWl.mjs";
+//#region src/plugins/oauth/index.ts
+const fetchThenRedirect = async (ctx, input, http) => {
+	const { disableRedirect, ...rest } = input;
+	const { url } = await http(rest);
+	return {
+		url,
+		redirect: disableRedirect === true ? false : ctx.redirect(url)
+	};
+};
+function oauthClientPlugin() {
+	return defineClientPlugin({
+		id: "oauth",
+		basePath: "/oauth",
+		routes: defineRoutes(route()({
+			method: "GET",
+			path: "/:provider/authorize",
+			as: "signIn.social",
+			params: ["provider"],
+			handler: fetchThenRedirect
+		}), route()({
+			method: "GET",
+			path: "/:provider/link",
+			as: "social.link",
+			params: ["provider"],
+			handler: fetchThenRedirect
+		}), route()({
+			method: "DELETE",
+			path: "/:provider/unlink",
+			as: "social.unlink",
+			params: ["provider"]
+		}), route()({
+			method: "GET",
+			path: "/accounts",
+			as: "social.accounts"
+		}), route()({
+			method: "GET",
+			path: "/:provider/tokens",
+			as: "social.tokens",
+			params: ["provider"],
+			parse: camelizeKeys
+		}), route()({
+			method: "POST",
+			path: "/:provider/tokens/refresh",
+			as: "social.refreshTokens",
+			params: ["provider"],
+			parse: camelizeKeys
+		}))
+	});
+}
+//#endregion
+export { oauthClientPlugin };
+
+//# sourceMappingURL=index.mjs.map

package/dist/plugins/oauth/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":[],"sources":["../../../src/plugins/oauth/index.ts"],"sourcesContent":["import { defineClientPlugin, defineRoutes } from \"../../define-plugin\";\nimport { camelizeKeys } from \"../../helpers\";\nimport { route, type RouteHandler } from \"../../route\";\nimport type { LinkOAuthInput, OAuthAccount, OAuthAuthorizeResult, OAuthTokens, SignInOAuthInput } from \"./types\";\n\nconst fetchThenRedirect: RouteHandler<SignInOAuthInput, OAuthAuthorizeResult> = async (ctx, input, http) => {\n  const { disableRedirect, ...rest } = input;\n  const { url } = await http<{ url: string }>(rest);\n  return { url, redirect: disableRedirect === true ? false : ctx.redirect(url) };\n};\n\nexport function oauthClientPlugin() {\n  const routes = defineRoutes(\n    route<SignInOAuthInput, OAuthAuthorizeResult>()({\n      method: \"GET\",\n      path: \"/:provider/authorize\",\n      as: \"signIn.social\",\n      params: [\"provider\"],\n      handler: fetchThenRedirect,\n    }),\n    route<LinkOAuthInput, OAuthAuthorizeResult>()({\n      method: \"GET\",\n      path: \"/:provider/link\",\n      as: \"social.link\",\n      params: [\"provider\"],\n      handler: fetchThenRedirect,\n    }),\n    route<{ provider: string }, void>()({\n      method: \"DELETE\",\n      path: \"/:provider/unlink\",\n      as: \"social.unlink\",\n      params: [\"provider\"],\n    }),\n    route<void, OAuthAccount[]>()({\n      method: \"GET\",\n      path: \"/accounts\",\n      as: \"social.accounts\",\n    }),\n    route<{ provider: string }, OAuthTokens>()({\n      method: \"GET\",\n      path: \"/:provider/tokens\",\n      as: \"social.tokens\",\n      params: [\"provider\"],\n      parse: camelizeKeys,\n    }),\n    route<{ provider: string }, OAuthTokens>()({\n      method: \"POST\",\n      path: \"/:provider/tokens/refresh\",\n      as: \"social.refreshTokens\",\n      params: [\"provider\"],\n      parse: camelizeKeys,\n    }),\n  );\n\n  return defineClientPlugin({\n    id: \"oauth\",\n    basePath: \"/oauth\",\n    routes,\n  });\n}\n\nexport type {\n  LinkOAuthInput,\n  OAuthAccount,\n  OAuthAuthorizeQuery,\n  OAuthAuthorizeResult,\n  OAuthTokens,\n  SignInOAuthInput,\n} from \"./types\";\n"],"mappings":";;;;AAKA,MAAM,oBAA0E,OAAO,KAAK,OAAO,SAAS;CAC1G,MAAM,EAAE,iBAAiB,GAAG,SAAS;CACrC,MAAM,EAAE,QAAQ,MAAM,KAAsB,IAAI;CAChD,OAAO;EAAE;EAAK,UAAU,oBAAoB,OAAO,QAAQ,IAAI,SAAS,GAAG;CAAE;AAC/E;AAEA,SAAgB,oBAAoB;CA2ClC,OAAO,mBAAmB;EACxB,IAAI;EACJ,UAAU;EACV,QA7Ca,aACb,MAA8C,CAAC,CAAC;GAC9C,QAAQ;GACR,MAAM;GACN,IAAI;GACJ,QAAQ,CAAC,UAAU;GACnB,SAAS;EACX,CAAC,GACD,MAA4C,CAAC,CAAC;GAC5C,QAAQ;GACR,MAAM;GACN,IAAI;GACJ,QAAQ,CAAC,UAAU;GACnB,SAAS;EACX,CAAC,GACD,MAAkC,CAAC,CAAC;GAClC,QAAQ;GACR,MAAM;GACN,IAAI;GACJ,QAAQ,CAAC,UAAU;EACrB,CAAC,GACD,MAA4B,CAAC,CAAC;GAC5B,QAAQ;GACR,MAAM;GACN,IAAI;EACN,CAAC,GACD,MAAyC,CAAC,CAAC;GACzC,QAAQ;GACR,MAAM;GACN,IAAI;GACJ,QAAQ,CAAC,UAAU;GACnB,OAAO;EACT,CAAC,GACD,MAAyC,CAAC,CAAC;GACzC,QAAQ;GACR,MAAM;GACN,IAAI;GACJ,QAAQ,CAAC,UAAU;GACnB,OAAO;EACT,CAAC,CAMI;CACP,CAAC;AACH"}

package/dist/plugins/session-jwt/index.d.mts

@@ -0,0 +1,2 @@
+import { n as SessionJwtPluginConfig, r as SessionJwtTokens, t as sessionJwtPlugin } from "../../index-C9EuA9UZ.mjs";
+export { type SessionJwtPluginConfig, type SessionJwtTokens, sessionJwtPlugin };

package/dist/plugins/session-jwt/index.mjs

@@ -0,0 +1,2 @@
+import { t as sessionJwtPlugin } from "../../session-jwt-DgLdMQxP.mjs";
+export { sessionJwtPlugin };

package/dist/plugins/two-factor/index.d.mts

@@ -0,0 +1,2 @@
+import { a as SendOTPInput, c as TwoFactorSetupURI, i as InitiateSetupInput, l as VerifyInput, n as DisableTwoFactorInput, o as TwoFactorConfig, r as FinalizeSetupInput, s as TwoFactorMethod, t as twoFactorPlugin } from "../../index-C6atwjEq.mjs";
+export { type DisableTwoFactorInput, type FinalizeSetupInput, type InitiateSetupInput, type SendOTPInput, type TwoFactorConfig, type TwoFactorMethod, type TwoFactorSetupURI, type VerifyInput, twoFactorPlugin };

package/dist/plugins/two-factor/index.mjs

@@ -0,0 +1,52 @@
+import { n as defineRoutes, t as defineClientPlugin } from "../../define-plugin-C7WOGU4b.mjs";
+import { t as route } from "../../route-DGxvFqWl.mjs";
+//#region src/plugins/two-factor/index.ts
+function twoFactorPlugin(config) {
+	return defineClientPlugin({
+		id: "two-factor",
+		basePath: "/two-factor",
+		routes: defineRoutes(route()({
+			method: "POST",
+			path: "/initiate-setup"
+		}), route()({
+			method: "POST",
+			path: "/finalize-setup",
+			parseSession: true
+		}), route()({
+			method: "POST",
+			path: "/disable",
+			parseSession: true
+		}), route()({
+			method: "POST",
+			path: "/verify",
+			parseSession: true
+		}), route()({
+			method: "GET",
+			path: "/totp/uri",
+			as: "twoFactor.getTotpUri"
+		}), route()({
+			method: "GET",
+			path: "/backup-codes",
+			as: "twoFactor.getBackupCodes"
+		}), route()({
+			method: "PUT",
+			path: "/backup-codes",
+			as: "twoFactor.regenerateBackupCodes"
+		}), route()({
+			method: "POST",
+			path: "/otp/send",
+			as: "twoFactor.sendOTP"
+		})),
+		hooks: { afterResponse: [{
+			match: "/signin/credential",
+			run: (ctx) => {
+				if (ctx.body["two_factor_required"] === true) config.onTwoFactorRedirect();
+				return ctx;
+			}
+		}] }
+	});
+}
+//#endregion
+export { twoFactorPlugin };
+
+//# sourceMappingURL=index.mjs.map

package/dist/plugins/two-factor/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":[],"sources":["../../../src/plugins/two-factor/index.ts"],"sourcesContent":["import { defineClientPlugin, defineRoutes } from \"../../define-plugin\";\nimport { route } from \"../../route\";\nimport type { Session } from \"../../types\";\nimport type {\n  DisableTwoFactorInput,\n  FinalizeSetupInput,\n  InitiateSetupInput,\n  SendOTPInput,\n  TwoFactorConfig,\n  TwoFactorSetupURI,\n  VerifyInput,\n} from \"./types\";\n\nexport function twoFactorPlugin<TFields = unknown>(config: TwoFactorConfig) {\n  const routes = defineRoutes(\n    route<InitiateSetupInput, TwoFactorSetupURI>()({\n      method: \"POST\",\n      path: \"/initiate-setup\",\n    }),\n    route<FinalizeSetupInput, Session<TFields>>()({\n      method: \"POST\",\n      path: \"/finalize-setup\",\n      parseSession: true,\n    }),\n    route<DisableTwoFactorInput, Session<TFields>>()({\n      method: \"POST\",\n      path: \"/disable\",\n      parseSession: true,\n    }),\n    route<VerifyInput, Session<TFields>>()({\n      method: \"POST\",\n      path: \"/verify\",\n      parseSession: true,\n    }),\n    route<void, TwoFactorSetupURI>()({\n      method: \"GET\",\n      path: \"/totp/uri\",\n      as: \"twoFactor.getTotpUri\",\n    }),\n    route<void, string[]>()({\n      method: \"GET\",\n      path: \"/backup-codes\",\n      as: \"twoFactor.getBackupCodes\",\n    }),\n    route<void, string[]>()({\n      method: \"PUT\",\n      path: \"/backup-codes\",\n      as: \"twoFactor.regenerateBackupCodes\",\n    }),\n    route<SendOTPInput, { message: string }>()({\n      method: \"POST\",\n      path: \"/otp/send\",\n      as: \"twoFactor.sendOTP\",\n    }),\n  );\n\n  return defineClientPlugin({\n    id: \"two-factor\",\n    basePath: \"/two-factor\",\n    routes,\n    hooks: {\n      afterResponse: [\n        {\n          match: \"/signin/credential\",\n          run: (ctx) => {\n            const body = ctx.body as Record<string, unknown>;\n            if (body[\"two_factor_required\"] === true) {\n              config.onTwoFactorRedirect();\n            }\n            return ctx;\n          },\n        },\n      ],\n    },\n  });\n}\n\nexport type {\n  DisableTwoFactorInput,\n  FinalizeSetupInput,\n  InitiateSetupInput,\n  SendOTPInput,\n  TwoFactorConfig,\n  TwoFactorMethod,\n  TwoFactorSetupURI,\n  VerifyInput,\n} from \"./types\";\n"],"mappings":";;;AAaA,SAAgB,gBAAmC,QAAyB;CA2C1E,OAAO,mBAAmB;EACxB,IAAI;EACJ,UAAU;EACV,QA7Ca,aACb,MAA6C,CAAC,CAAC;GAC7C,QAAQ;GACR,MAAM;EACR,CAAC,GACD,MAA4C,CAAC,CAAC;GAC5C,QAAQ;GACR,MAAM;GACN,cAAc;EAChB,CAAC,GACD,MAA+C,CAAC,CAAC;GAC/C,QAAQ;GACR,MAAM;GACN,cAAc;EAChB,CAAC,GACD,MAAqC,CAAC,CAAC;GACrC,QAAQ;GACR,MAAM;GACN,cAAc;EAChB,CAAC,GACD,MAA+B,CAAC,CAAC;GAC/B,QAAQ;GACR,MAAM;GACN,IAAI;EACN,CAAC,GACD,MAAsB,CAAC,CAAC;GACtB,QAAQ;GACR,MAAM;GACN,IAAI;EACN,CAAC,GACD,MAAsB,CAAC,CAAC;GACtB,QAAQ;GACR,MAAM;GACN,IAAI;EACN,CAAC,GACD,MAAyC,CAAC,CAAC;GACzC,QAAQ;GACR,MAAM;GACN,IAAI;EACN,CAAC,CAMI;EACL,OAAO,EACL,eAAe,CACb;GACE,OAAO;GACP,MAAM,QAAQ;IAEZ,IADa,IAAI,KACR,2BAA2B,MAClC,OAAO,oBAAoB;IAE7B,OAAO;GACT;EACF,CACF,EACF;CACF,CAAC;AACH"}

package/dist/react/index.d.mts

@@ -0,0 +1,24 @@
+import { D as User, E as Session, O as SessionState, V as Prettify, _ as AuthClient, k as SessionStore, t as AnyClientPlugin, y as CreateAuthClientOptions } from "../define-plugin-Dv0xXIaH.mjs";
+import { Store, StoreValue } from "nanostores";
+
+//#region src/react/react-store.d.ts
+declare function useStore<SomeStore extends Store>(store: SomeStore): StoreValue<SomeStore>;
+//#endregion
+//#region src/react/index.d.ts
+/**
+ * An {@link AuthClient} augmented with React hooks.
+ */
+type ReactAuthClient<Plugins extends readonly AnyClientPlugin[], TFields = unknown> = Prettify<AuthClient<Plugins, TFields> & {
+  /**
+   * Reactively read the session store. Re-renders the component whenever
+   * `{ data, isPending, error }` changes.
+   */
+  useSession: () => SessionState<TFields>;
+}>;
+/**
+ * Create a Limen auth client with React hooks attached.
+ */
+declare function createAuthClient<const Plugins extends readonly AnyClientPlugin[] = readonly [], TFields = unknown>(opts: CreateAuthClientOptions<Plugins, TFields>): ReactAuthClient<Plugins, TFields>;
+//#endregion
+export { type AuthClient, type CreateAuthClientOptions, ReactAuthClient, type Session, type SessionState, type SessionStore, type User, createAuthClient, useStore };
+//# sourceMappingURL=index.d.mts.map

package/dist/react/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/react/react-store.ts","../../src/react/index.ts"],"mappings":";;;;iBAGgB,QAAA,mBAA2B,KAAA,EAAO,KAAA,EAAO,SAAA,GAAY,UAAA,CAAW,SAAA;;;AAAhF;;;AAAA,KCOY,eAAA,0BAAyC,eAAA,yBAAwC,QAAA,CAC3F,UAAA,CAAW,OAAA,EAAS,OAAA;EDRmC;;;;ECarD,UAAA,QAAkB,YAAA,CAAa,OAAA;AAAA;;;;iBAOnB,gBAAA,gCAAgD,eAAA,qCAC9D,IAAA,EAAM,uBAAA,CAAwB,OAAA,EAAS,OAAA,IACtC,eAAA,CAAgB,OAAA,EAAS,OAAA"}

package/dist/react/index.mjs

@@ -0,0 +1,31 @@
+import { t as createAuthClient$1 } from "../client-Er91De-z.mjs";
+import { useCallback, useRef, useSyncExternalStore } from "react";
+//#region src/react/react-store.ts
+function useStore(store) {
+	const snapshotRef = useRef(store.get());
+	const subscribe = useCallback((onChange) => {
+		const emitValue = (value) => {
+			if (snapshotRef.current === value) return;
+			snapshotRef.current = value;
+			onChange();
+		};
+		emitValue(store.value);
+		return store.listen(emitValue);
+	}, [store]);
+	const get = () => snapshotRef.current;
+	return useSyncExternalStore(subscribe, get, get);
+}
+//#endregion
+//#region src/react/index.ts
+/**
+* Create a Limen auth client with React hooks attached.
+*/
+function createAuthClient(opts) {
+	const client = createAuthClient$1(opts);
+	const useSession = () => useStore(client.$session);
+	return Object.assign(client, { useSession });
+}
+//#endregion
+export { createAuthClient, useStore };
+
+//# sourceMappingURL=index.mjs.map

package/dist/react/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":["createCoreClient"],"sources":["../../src/react/react-store.ts","../../src/react/index.ts"],"sourcesContent":["import type { Store, StoreValue } from \"nanostores\";\nimport { useCallback, useRef, useSyncExternalStore } from \"react\";\n\nexport function useStore<SomeStore extends Store>(store: SomeStore): StoreValue<SomeStore> {\n  type Value = StoreValue<SomeStore>;\n\n  const snapshotRef = useRef<Value | undefined>(store.get());\n\n  const subscribe = useCallback(\n    (onChange: () => void) => {\n      const emitValue = (value: Value): void => {\n        if (snapshotRef.current === value) {\n          return;\n        }\n        snapshotRef.current = value;\n        onChange();\n      };\n      // Resync before listening: the value may have changed between render and\n      // this effect, and `listen` does not fire for the current value.\n      emitValue(store.value);\n      return store.listen(emitValue);\n    },\n    [store],\n  );\n\n  const get = (): Value => snapshotRef.current as Value;\n\n  return useSyncExternalStore(subscribe, get, get);\n}\n","import { createAuthClient as createCoreClient } from \"../client\";\nimport type { AnyClientPlugin } from \"../define-plugin\";\nimport type { SessionState } from \"../session-store\";\nimport type { Prettify } from \"../type-utils\";\nimport type { AuthClient, CreateAuthClientOptions } from \"../types\";\nimport { useStore } from \"./react-store\";\n\n/**\n * An {@link AuthClient} augmented with React hooks.\n */\nexport type ReactAuthClient<Plugins extends readonly AnyClientPlugin[], TFields = unknown> = Prettify<\n  AuthClient<Plugins, TFields> & {\n    /**\n     * Reactively read the session store. Re-renders the component whenever\n     * `{ data, isPending, error }` changes.\n     */\n    useSession: () => SessionState<TFields>;\n  }\n>;\n\n/**\n * Create a Limen auth client with React hooks attached.\n */\nexport function createAuthClient<const Plugins extends readonly AnyClientPlugin[] = readonly [], TFields = unknown>(\n  opts: CreateAuthClientOptions<Plugins, TFields>,\n): ReactAuthClient<Plugins, TFields> {\n  const client = createCoreClient<Plugins, TFields>(opts);\n  const useSession = (): SessionState<TFields> => useStore(client.$session);\n\n  return Object.assign(client, { useSession }) as ReactAuthClient<Plugins, TFields>;\n}\n\nexport type { SessionState, SessionStore } from \"../session-store\";\nexport type { AuthClient, CreateAuthClientOptions, Session, User } from \"../types\";\nexport { useStore } from \"./react-store\";\n"],"mappings":";;;AAGA,SAAgB,SAAkC,OAAyC;CAGzF,MAAM,cAAc,OAA0B,MAAM,IAAI,CAAC;CAEzD,MAAM,YAAY,aACf,aAAyB;EACxB,MAAM,aAAa,UAAuB;GACxC,IAAI,YAAY,YAAY,OAC1B;GAEF,YAAY,UAAU;GACtB,SAAS;EACX;EAGA,UAAU,MAAM,KAAK;EACrB,OAAO,MAAM,OAAO,SAAS;CAC/B,GACA,CAAC,KAAK,CACR;CAEA,MAAM,YAAmB,YAAY;CAErC,OAAO,qBAAqB,WAAW,KAAK,GAAG;AACjD;;;;;;ACLA,SAAgB,iBACd,MACmC;CACnC,MAAM,SAASA,mBAAmC,IAAI;CACtD,MAAM,mBAA0C,SAAS,OAAO,QAAQ;CAExE,OAAO,OAAO,OAAO,QAAQ,EAAE,WAAW,CAAC;AAC7C"}

package/dist/route-DGxvFqWl.mjs

@@ -0,0 +1,19 @@
+//#region src/route.ts
+/**
+* Define an HTTP-backed client method for a plugin. The input/output types
+* become the generated method's argument and resolved value.
+*
+* @example
+*   route<VerifyInput, Session<TFields>>()({
+*     method: "POST",
+*     path: "/verify",
+*     parseSession: true,
+*   })
+*/
+function route() {
+	return (def) => def;
+}
+//#endregion
+export { route as t };
+
+//# sourceMappingURL=route-DGxvFqWl.mjs.map

package/dist/route-DGxvFqWl.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"route-DGxvFqWl.mjs","names":[],"sources":["../src/route.ts"],"sourcesContent":["import type { RouteContext } from \"./context\";\nimport type { LimenError } from \"./errors\";\nimport type { HTTPMethod } from \"./types\";\n\ndeclare const INPUT: unique symbol;\ndeclare const OUTPUT: unique symbol;\n\n/**\n * Runs the route's default HTTP request and parser without session effects.\n * Pass an input override when a handler needs to omit client-only fields.\n */\nexport type HttpRunner<I> = <R = unknown>(input?: I) => Promise<R>;\n\n/**\n * Custom route behavior for flows that need more than the default request\n * pipeline.\n */\nexport type RouteHandler<I, O, TFields = unknown> = (\n  ctx: RouteContext<TFields>,\n  input: I,\n  http: HttpRunner<I>,\n) => Promise<O>;\n\n/**\n * Per-call options accepted as the final argument of every generated route\n * method.\n */\nexport type RouteCallOptions<O = unknown> = {\n  /** Invoked with the resolved value after the call succeeds. */\n  onSuccess?: (data: O) => void;\n  /** Invoked with the error just before it is re-thrown. */\n  onError?: (error: LimenError) => void;\n};\n\n/**\n * Declarative client route definition. The public client chain is derived from\n * `path` unless `as` is provided.\n */\nexport type RouteDef<I, O> = {\n  method: HTTPMethod;\n  path: `/${string}`;\n\n  /** Dotted client chain override, e.g. `\"twoFactor.getTotpUri\"`. */\n  as?: string;\n\n  /** Merged under the caller's input before serialization. */\n  defaults?: Partial<I>;\n  /** SDK input → wire body/query. Defaults to shallow camelCase → snake_case. */\n  serialize?: (input: I) => unknown;\n  /** Raw response → typed output. Ignored when `parseSession` is set. */\n  parse?: (raw: unknown) => O;\n  /**\n   * Parse the response as a session and store it when it contains a `user`.\n   * Set `skipStore` to return the parsed session without writing it.\n   */\n  parseSession?: boolean;\n  /** Resolve `path` from the client base path instead of the plugin base path. */\n  absolute?: boolean;\n\n  /** Input keys used as `:param` path values. */\n  params?: readonly (keyof I & string)[];\n\n  /** For `parseSession` routes, skip the session-store write. */\n  skipStore?: boolean;\n  /** Clear the session store on success. */\n  clearSession?: boolean;\n  /** Revalidate the session after success. */\n  refetchSession?: boolean;\n\n  /** Set `false` to keep the route out of the public client API. */\n  expose?: boolean;\n\n  /** Override the default route call behavior. */\n  handler?: RouteHandler<I, O>;\n};\n\n/**\n * A route definition carrying its input and output types for inference.\n */\nexport type RouteDescriptor<I, O, D extends RouteDef<I, O> = RouteDef<I, O>> = D & {\n  readonly [INPUT]: I;\n  readonly [OUTPUT]: O;\n};\n\n/**\n * Loose route-descriptor constraint for route tuples and plugin definitions.\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any -- accepts any route descriptor\nexport type AnyRouteDescriptor = RouteDescriptor<any, any, any>;\n\n/**\n * Route definition with erased input/output types but typed fields.\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any -- erases route I/O only\nexport type AnyRoute = RouteDef<any, any>;\n\nexport type InputOf<R> = R extends { readonly [INPUT]: infer I } ? I : never;\nexport type OutputOf<R> = R extends { readonly [OUTPUT]: infer O } ? O : never;\n\n/**\n * Define an HTTP-backed client method for a plugin. The input/output types\n * become the generated method's argument and resolved value.\n *\n * @example\n *   route<VerifyInput, Session<TFields>>()({\n *     method: \"POST\",\n *     path: \"/verify\",\n *     parseSession: true,\n *   })\n */\nexport function route<I = void, O = unknown>() {\n  return <const D extends RouteDef<I, O>>(def: D): RouteDescriptor<I, O, D> => def as RouteDescriptor<I, O, D>;\n}\n"],"mappings":";;;;;;;;;;;;AA8GA,SAAgB,QAA+B;CAC7C,QAAwC,QAAqC;AAC/E"}

package/dist/session-jwt-DgLdMQxP.mjs

@@ -0,0 +1,129 @@
+import { a as SET_REFRESH_TOKEN_HEADER, i as SET_AUTH_TOKEN_HEADER } from "./constants-CsR2pQ_9.mjs";
+import { t as LimenError } from "./errors-4YJYt6f0.mjs";
+import { n as defineRoutes, t as defineClientPlugin } from "./define-plugin-C7WOGU4b.mjs";
+import { t as route } from "./route-DGxvFqWl.mjs";
+import { i as resolveDefaultStorage } from "./bearer-Cqmrmjjf.mjs";
+//#region src/plugins/session-jwt/jwt.ts
+/**
+* Read the `exp` (seconds since epoch) from a JWT without verifying its
+* signature — the server is the source of truth; the client only needs expiry
+* to decide when to refresh. Returns `null` for anything malformed.
+*/
+function decodeJwtExp(token) {
+	const payload = token.split(".")[1];
+	if (!payload) return null;
+	try {
+		const b64 = payload.replace(/-/g, "+").replace(/_/g, "/");
+		const padded = b64 + "=".repeat((4 - b64.length % 4) % 4);
+		const claims = JSON.parse(atob(padded));
+		return typeof claims.exp === "number" ? claims.exp : null;
+	} catch {
+		return null;
+	}
+}
+function isExpiring(token, skewMs) {
+	const exp = decodeJwtExp(token);
+	if (exp === null) return true;
+	return exp * 1e3 - skewMs <= Date.now();
+}
+function tokensFromHeaders(headers) {
+	const accessToken = headers.get(SET_AUTH_TOKEN_HEADER);
+	if (!accessToken) return null;
+	const tokens = { accessToken };
+	const refreshToken = headers.get(SET_REFRESH_TOKEN_HEADER);
+	if (refreshToken) tokens.refreshToken = refreshToken;
+	return tokens;
+}
+//#endregion
+//#region src/plugins/session-jwt/index.ts
+function sessionJwtPlugin(config = {}) {
+	const store = config.storage ?? resolveDefaultStorage(config.storageKey ?? "limen.tokens");
+	const skewMs = (config.expirySkewSeconds ?? 30) * 1e3;
+	const refreshRoute = route()({
+		method: "POST",
+		path: "/refresh",
+		parseSession: true,
+		expose: false
+	});
+	let ctx;
+	let run;
+	let inFlight = null;
+	const runRefresh = async () => {
+		const current = store.get();
+		if (!current?.refreshToken) throw new LimenError("No refresh token found", 401, "unauthorized");
+		try {
+			await run(refreshRoute, { refreshToken: current.refreshToken });
+			const tokens = store.get();
+			if (!tokens?.accessToken) throw new LimenError("Refresh did not return a valid access token", 500, "unknown");
+			return tokens;
+		} catch (err) {
+			store.clear();
+			ctx.setSession(null);
+			throw err;
+		}
+	};
+	const refresh = () => {
+		if (!inFlight) inFlight = runRefresh().finally(() => {
+			inFlight = null;
+		});
+		return inFlight;
+	};
+	const getAccessToken = async () => {
+		const current = store.get();
+		if (!current?.accessToken) return null;
+		if (!isExpiring(current.accessToken, skewMs)) return current.accessToken;
+		if (!current.refreshToken) return null;
+		return (await refresh()).accessToken;
+	};
+	const applyAuthHeader = async (req) => {
+		if (req.headers.has("Authorization")) return;
+		const token = await getAccessToken().catch(() => null);
+		if (token) req.headers.set("Authorization", `Bearer ${token}`);
+	};
+	return defineClientPlugin({
+		id: "session-jwt",
+		routes: defineRoutes(refreshRoute),
+		actions: (pluginCtx, pluginRun) => {
+			ctx = pluginCtx;
+			run = pluginRun;
+			return { sessionJwt: {
+				/**
+				* Get the current access token. If the token is expiring, refresh it.
+				* @returns The current access token or null if no token is found.
+				*/
+				getAccessToken,
+				refresh,
+				getTokens: () => store.get(),
+				clear: () => store.clear()
+			} };
+		},
+		hooks: {
+			beforeRequest: [{
+				match: (route) => route.path !== "/refresh",
+				run: async (req) => {
+					await applyAuthHeader(req);
+					return req;
+				}
+			}],
+			afterResponse: [{
+				allowOnFailure: true,
+				run: (res) => {
+					const tokens = tokensFromHeaders(res.headers);
+					if (tokens) store.set(tokens);
+					return res;
+				}
+			}, {
+				match: ["/signout", "/revoke-sessions"],
+				allowOnFailure: true,
+				run: (res) => {
+					store.clear();
+					return res;
+				}
+			}]
+		}
+	});
+}
+//#endregion
+export { sessionJwtPlugin as t };
+
+//# sourceMappingURL=session-jwt-DgLdMQxP.mjs.map

package/dist/session-jwt-DgLdMQxP.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-jwt-DgLdMQxP.mjs","names":[],"sources":["../src/plugins/session-jwt/jwt.ts","../src/plugins/session-jwt/index.ts"],"sourcesContent":["import { SET_AUTH_TOKEN_HEADER, SET_REFRESH_TOKEN_HEADER } from \"../../constants\";\nimport type { SessionJwtTokens } from \"./types\";\n\n/**\n * Read the `exp` (seconds since epoch) from a JWT without verifying its\n * signature — the server is the source of truth; the client only needs expiry\n * to decide when to refresh. Returns `null` for anything malformed.\n */\nexport function decodeJwtExp(token: string): number | null {\n  const payload = token.split(\".\")[1];\n  if (!payload) {\n    return null;\n  }\n  try {\n    const b64 = payload.replace(/-/g, \"+\").replace(/_/g, \"/\");\n    const padded = b64 + \"=\".repeat((4 - (b64.length % 4)) % 4);\n    const claims = JSON.parse(atob(padded)) as { exp?: unknown };\n    return typeof claims.exp === \"number\" ? claims.exp : null;\n  } catch {\n    return null;\n  }\n}\n\nexport function isExpiring(token: string, skewMs: number): boolean {\n  const exp = decodeJwtExp(token);\n  if (exp === null) {\n    return true;\n  }\n  return exp * 1000 - skewMs <= Date.now();\n}\n\nexport function tokensFromHeaders(headers: Headers): SessionJwtTokens | null {\n  const accessToken = headers.get(SET_AUTH_TOKEN_HEADER);\n  if (!accessToken) {\n    return null;\n  }\n\n  const tokens: SessionJwtTokens = { accessToken };\n  const refreshToken = headers.get(SET_REFRESH_TOKEN_HEADER);\n  if (refreshToken) {\n    tokens.refreshToken = refreshToken;\n  }\n  return tokens;\n}\n","import { DEFAULT_TOKEN_STORAGE_KEY } from \"../../constants\";\nimport type { AnyRouteContext } from \"../../context\";\nimport { defineClientPlugin, defineRoutes, type RunRoute } from \"../../define-plugin\";\nimport { LimenError } from \"../../errors\";\nimport { route } from \"../../route\";\nimport type { Session } from \"../../types\";\nimport { resolveDefaultStorage } from \"../bearer\";\nimport { DEFAULT_EXPIRY_SKEW_SECONDS } from \"./constants\";\nimport { isExpiring, tokensFromHeaders } from \"./jwt\";\nimport type { RefreshInput, SessionJwtPluginConfig, SessionJwtTokens } from \"./types\";\n\nexport function sessionJwtPlugin<TFields = unknown>(config: SessionJwtPluginConfig = {}) {\n  const store = config.storage ?? resolveDefaultStorage(config.storageKey ?? DEFAULT_TOKEN_STORAGE_KEY);\n  const skewMs = (config.expirySkewSeconds ?? DEFAULT_EXPIRY_SKEW_SECONDS) * 1000;\n\n  const refreshRoute = route<RefreshInput, Session<TFields>>()({\n    method: \"POST\",\n    path: \"/refresh\",\n    parseSession: true,\n    expose: false,\n  });\n\n  let ctx!: AnyRouteContext;\n  let run!: RunRoute;\n  let inFlight: Promise<SessionJwtTokens> | null = null;\n\n  const runRefresh = async (): Promise<SessionJwtTokens> => {\n    const current = store.get();\n    if (!current?.refreshToken) {\n      throw new LimenError(\"No refresh token found\", 401, \"unauthorized\");\n    }\n    try {\n      await run(refreshRoute, { refreshToken: current.refreshToken });\n      const tokens = store.get();\n      if (!tokens?.accessToken) {\n        throw new LimenError(\"Refresh did not return a valid access token\", 500, \"unknown\");\n      }\n      return tokens;\n    } catch (err) {\n      store.clear();\n      ctx.setSession(null);\n      throw err;\n    }\n  };\n\n  const refresh = (): Promise<SessionJwtTokens> => {\n    if (!inFlight) {\n      inFlight = runRefresh().finally(() => {\n        inFlight = null;\n      });\n    }\n    return inFlight;\n  };\n\n  const getAccessToken = async (): Promise<string | null> => {\n    const current = store.get();\n    if (!current?.accessToken) {\n      return null;\n    }\n\n    if (!isExpiring(current.accessToken, skewMs)) {\n      return current.accessToken;\n    }\n\n    if (!current.refreshToken) {\n      return null;\n    }\n    return (await refresh()).accessToken;\n  };\n\n  const applyAuthHeader = async (req: { headers: Headers }): Promise<void> => {\n    if (req.headers.has(\"Authorization\")) {\n      return;\n    }\n    const token = await getAccessToken().catch(() => null);\n    if (token) {\n      req.headers.set(\"Authorization\", `Bearer ${token}`);\n    }\n  };\n\n  return defineClientPlugin({\n    id: \"session-jwt\",\n    routes: defineRoutes(refreshRoute),\n    actions: (pluginCtx, pluginRun) => {\n      ctx = pluginCtx;\n      run = pluginRun;\n      return {\n        sessionJwt: {\n          /**\n           * Get the current access token. If the token is expiring, refresh it.\n           * @returns The current access token or null if no token is found.\n           */\n          getAccessToken,\n          refresh,\n          getTokens: () => store.get(),\n          clear: () => store.clear(),\n        },\n      };\n    },\n    hooks: {\n      beforeRequest: [\n        {\n          match: (route) => route.path !== \"/refresh\",\n          run: async (req) => {\n            await applyAuthHeader(req);\n            return req;\n          },\n        },\n      ],\n      afterResponse: [\n        {\n          allowOnFailure: true,\n          run: (res) => {\n            const tokens = tokensFromHeaders(res.headers);\n            if (tokens) {\n              store.set(tokens);\n            }\n            return res;\n          },\n        },\n        {\n          match: [\"/signout\", \"/revoke-sessions\"],\n          allowOnFailure: true,\n          run: (res) => {\n            store.clear();\n            return res;\n          },\n        },\n      ],\n    },\n  });\n}\n\nexport type { SessionJwtPluginConfig, SessionJwtTokens } from \"./types\";\n"],"mappings":";;;;;;;;;;;AAQA,SAAgB,aAAa,OAA8B;CACzD,MAAM,UAAU,MAAM,MAAM,GAAG,CAAC,CAAC;CACjC,IAAI,CAAC,SACH,OAAO;CAET,IAAI;EACF,MAAM,MAAM,QAAQ,QAAQ,MAAM,GAAG,CAAC,CAAC,QAAQ,MAAM,GAAG;EACxD,MAAM,SAAS,MAAM,IAAI,QAAQ,IAAK,IAAI,SAAS,KAAM,CAAC;EAC1D,MAAM,SAAS,KAAK,MAAM,KAAK,MAAM,CAAC;EACtC,OAAO,OAAO,OAAO,QAAQ,WAAW,OAAO,MAAM;CACvD,QAAQ;EACN,OAAO;CACT;AACF;AAEA,SAAgB,WAAW,OAAe,QAAyB;CACjE,MAAM,MAAM,aAAa,KAAK;CAC9B,IAAI,QAAQ,MACV,OAAO;CAET,OAAO,MAAM,MAAO,UAAU,KAAK,IAAI;AACzC;AAEA,SAAgB,kBAAkB,SAA2C;CAC3E,MAAM,cAAc,QAAQ,IAAI,qBAAqB;CACrD,IAAI,CAAC,aACH,OAAO;CAGT,MAAM,SAA2B,EAAE,YAAY;CAC/C,MAAM,eAAe,QAAQ,IAAI,wBAAwB;CACzD,IAAI,cACF,OAAO,eAAe;CAExB,OAAO;AACT;;;AChCA,SAAgB,iBAAoC,SAAiC,CAAC,GAAG;CACvF,MAAM,QAAQ,OAAO,WAAW,sBAAsB,OAAO,cAAA,cAAuC;CACpG,MAAM,UAAU,OAAO,qBAAA,MAAoD;CAE3E,MAAM,eAAe,MAAsC,CAAC,CAAC;EAC3D,QAAQ;EACR,MAAM;EACN,cAAc;EACd,QAAQ;CACV,CAAC;CAED,IAAI;CACJ,IAAI;CACJ,IAAI,WAA6C;CAEjD,MAAM,aAAa,YAAuC;EACxD,MAAM,UAAU,MAAM,IAAI;EAC1B,IAAI,CAAC,SAAS,cACZ,MAAM,IAAI,WAAW,0BAA0B,KAAK,cAAc;EAEpE,IAAI;GACF,MAAM,IAAI,cAAc,EAAE,cAAc,QAAQ,aAAa,CAAC;GAC9D,MAAM,SAAS,MAAM,IAAI;GACzB,IAAI,CAAC,QAAQ,aACX,MAAM,IAAI,WAAW,+CAA+C,KAAK,SAAS;GAEpF,OAAO;EACT,SAAS,KAAK;GACZ,MAAM,MAAM;GACZ,IAAI,WAAW,IAAI;GACnB,MAAM;EACR;CACF;CAEA,MAAM,gBAA2C;EAC/C,IAAI,CAAC,UACH,WAAW,WAAW,CAAC,CAAC,cAAc;GACpC,WAAW;EACb,CAAC;EAEH,OAAO;CACT;CAEA,MAAM,iBAAiB,YAAoC;EACzD,MAAM,UAAU,MAAM,IAAI;EAC1B,IAAI,CAAC,SAAS,aACZ,OAAO;EAGT,IAAI,CAAC,WAAW,QAAQ,aAAa,MAAM,GACzC,OAAO,QAAQ;EAGjB,IAAI,CAAC,QAAQ,cACX,OAAO;EAET,QAAQ,MAAM,QAAQ,EAAA,CAAG;CAC3B;CAEA,MAAM,kBAAkB,OAAO,QAA6C;EAC1E,IAAI,IAAI,QAAQ,IAAI,eAAe,GACjC;EAEF,MAAM,QAAQ,MAAM,eAAe,CAAC,CAAC,YAAY,IAAI;EACrD,IAAI,OACF,IAAI,QAAQ,IAAI,iBAAiB,UAAU,OAAO;CAEtD;CAEA,OAAO,mBAAmB;EACxB,IAAI;EACJ,QAAQ,aAAa,YAAY;EACjC,UAAU,WAAW,cAAc;GACjC,MAAM;GACN,MAAM;GACN,OAAO,EACL,YAAY;;;;;IAKV;IACA;IACA,iBAAiB,MAAM,IAAI;IAC3B,aAAa,MAAM,MAAM;GAC3B,EACF;EACF;EACA,OAAO;GACL,eAAe,CACb;IACE,QAAQ,UAAU,MAAM,SAAS;IACjC,KAAK,OAAO,QAAQ;KAClB,MAAM,gBAAgB,GAAG;KACzB,OAAO;IACT;GACF,CACF;GACA,eAAe,CACb;IACE,gBAAgB;IAChB,MAAM,QAAQ;KACZ,MAAM,SAAS,kBAAkB,IAAI,OAAO;KAC5C,IAAI,QACF,MAAM,IAAI,MAAM;KAElB,OAAO;IACT;GACF,GACA;IACE,OAAO,CAAC,YAAY,kBAAkB;IACtC,gBAAgB;IAChB,MAAM,QAAQ;KACZ,MAAM,MAAM;KACZ,OAAO;IACT;GACF,CACF;EACF;CACF,CAAC;AACH"}

package/dist/solid/index.d.mts

@@ -0,0 +1,25 @@
+import { D as User, E as Session, O as SessionState, V as Prettify, _ as AuthClient, k as SessionStore, t as AnyClientPlugin, y as CreateAuthClientOptions } from "../define-plugin-Dv0xXIaH.mjs";
+import { Store, StoreValue } from "nanostores";
+import { Accessor } from "solid-js";
+
+//#region src/solid/solid-store.d.ts
+declare function useStore<SomeStore extends Store, Value extends StoreValue<SomeStore>>(store: SomeStore): Accessor<Value>;
+//#endregion
+//#region src/solid/index.d.ts
+/**
+ * An {@link AuthClient} augmented with Solid primitives.
+ */
+type SolidAuthClient<Plugins extends readonly AnyClientPlugin[], TFields = unknown> = Prettify<AuthClient<Plugins, TFields> & {
+  /**
+   * Reactively read the session store as a Solid accessor. Updates whenever
+   * `{ data, isPending, error }` changes.
+   */
+  useSession: () => Accessor<SessionState<TFields>>;
+}>;
+/**
+ * Create a Limen auth client with Solid primitives attached.
+ */
+declare function createAuthClient<const Plugins extends readonly AnyClientPlugin[] = readonly [], TFields = unknown>(opts: CreateAuthClientOptions<Plugins, TFields>): SolidAuthClient<Plugins, TFields>;
+//#endregion
+export { type AuthClient, type CreateAuthClientOptions, type Session, type SessionState, type SessionStore, SolidAuthClient, type User, createAuthClient, useStore };
+//# sourceMappingURL=index.d.mts.map

package/dist/solid/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/solid/solid-store.ts","../../src/solid/index.ts"],"mappings":";;;;;iBAKgB,QAAA,mBAA2B,KAAA,gBAAqB,UAAA,CAAW,SAAA,GACzE,KAAA,EAAO,SAAA,GACN,QAAA,CAAS,KAAA;;;AAFZ;;;AAAA,KCMY,eAAA,0BAAyC,eAAA,yBAAwC,QAAA,CAC3F,UAAA,CAAW,OAAA,EAAS,OAAA;EDPqD;;;;ECYvE,UAAA,QAAkB,QAAA,CAAS,YAAA,CAAa,OAAA;AAAA;;;;iBAO5B,gBAAA,gCAAgD,eAAA,qCAC9D,IAAA,EAAM,uBAAA,CAAwB,OAAA,EAAS,OAAA,IACtC,eAAA,CAAgB,OAAA,EAAS,OAAA"}

package/dist/solid/index.mjs

@@ -0,0 +1,28 @@
+import { t as createAuthClient$1 } from "../client-Er91De-z.mjs";
+import { onCleanup } from "solid-js";
+import { createStore, reconcile } from "solid-js/store";
+//#region src/solid/solid-store.ts
+function useStore(store) {
+	const unbindActivation = store.listen(() => {});
+	const [state, setState] = createStore({ value: store.get() });
+	const unsubscribe = store.subscribe((value) => {
+		setState("value", reconcile(value));
+	});
+	onCleanup(() => unsubscribe());
+	unbindActivation();
+	return () => state.value;
+}
+//#endregion
+//#region src/solid/index.ts
+/**
+* Create a Limen auth client with Solid primitives attached.
+*/
+function createAuthClient(opts) {
+	const client = createAuthClient$1(opts);
+	const useSession = () => useStore(client.$session);
+	return Object.assign(client, { useSession });
+}
+//#endregion
+export { createAuthClient, useStore };
+
+//# sourceMappingURL=index.mjs.map

package/dist/solid/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":["createCoreClient"],"sources":["../../src/solid/solid-store.ts","../../src/solid/index.ts"],"sourcesContent":["import type { Store, StoreValue } from \"nanostores\";\nimport type { Accessor } from \"solid-js\";\nimport { onCleanup } from \"solid-js\";\nimport { createStore, reconcile } from \"solid-js/store\";\n\nexport function useStore<SomeStore extends Store, Value extends StoreValue<SomeStore>>(\n  store: SomeStore,\n): Accessor<Value> {\n  // Activate the store so `get()` is populated, then hand off to the real\n  // subscriber and unbind — avoids a dangling activation (https://github.com/nanostores/solid/issues/19).\n  const unbindActivation = store.listen(() => {});\n\n  const [state, setState] = createStore({ value: store.get() as Value });\n\n  // `reconcile` diffs each update so only changed paths re-trigger (fine-grained).\n  const unsubscribe = store.subscribe((value) => {\n    setState(\"value\", reconcile(value as Value));\n  });\n\n  onCleanup(() => unsubscribe());\n  unbindActivation();\n\n  return () => state.value;\n}\n","import type { Accessor } from \"solid-js\";\nimport { createAuthClient as createCoreClient } from \"../client\";\nimport type { AnyClientPlugin } from \"../define-plugin\";\nimport type { SessionState } from \"../session-store\";\nimport type { Prettify } from \"../type-utils\";\nimport type { AuthClient, CreateAuthClientOptions } from \"../types\";\nimport { useStore } from \"./solid-store\";\n\n/**\n * An {@link AuthClient} augmented with Solid primitives.\n */\nexport type SolidAuthClient<Plugins extends readonly AnyClientPlugin[], TFields = unknown> = Prettify<\n  AuthClient<Plugins, TFields> & {\n    /**\n     * Reactively read the session store as a Solid accessor. Updates whenever\n     * `{ data, isPending, error }` changes.\n     */\n    useSession: () => Accessor<SessionState<TFields>>;\n  }\n>;\n\n/**\n * Create a Limen auth client with Solid primitives attached.\n */\nexport function createAuthClient<const Plugins extends readonly AnyClientPlugin[] = readonly [], TFields = unknown>(\n  opts: CreateAuthClientOptions<Plugins, TFields>,\n): SolidAuthClient<Plugins, TFields> {\n  const client = createCoreClient<Plugins, TFields>(opts);\n  const useSession = (): Accessor<SessionState<TFields>> => useStore(client.$session);\n\n  return Object.assign(client, { useSession }) as SolidAuthClient<Plugins, TFields>;\n}\n\nexport type { SessionState, SessionStore } from \"../session-store\";\nexport type { AuthClient, CreateAuthClientOptions, Session, User } from \"../types\";\nexport { useStore } from \"./solid-store\";\n"],"mappings":";;;;AAKA,SAAgB,SACd,OACiB;CAGjB,MAAM,mBAAmB,MAAM,aAAa,CAAC,CAAC;CAE9C,MAAM,CAAC,OAAO,YAAY,YAAY,EAAE,OAAO,MAAM,IAAI,EAAW,CAAC;CAGrE,MAAM,cAAc,MAAM,WAAW,UAAU;EAC7C,SAAS,SAAS,UAAU,KAAc,CAAC;CAC7C,CAAC;CAED,gBAAgB,YAAY,CAAC;CAC7B,iBAAiB;CAEjB,aAAa,MAAM;AACrB;;;;;;ACCA,SAAgB,iBACd,MACmC;CACnC,MAAM,SAASA,mBAAmC,IAAI;CACtD,MAAM,mBAAoD,SAAS,OAAO,QAAQ;CAElF,OAAO,OAAO,OAAO,QAAQ,EAAE,WAAW,CAAC;AAC7C"}

package/dist/svelte/index.d.mts

@@ -0,0 +1,25 @@
+import { D as User, E as Session, O as SessionState, V as Prettify, _ as AuthClient, k as SessionStore, t as AnyClientPlugin, y as CreateAuthClientOptions } from "../define-plugin-Dv0xXIaH.mjs";
+import { Readable } from "svelte/store";
+
+//#region src/svelte/index.d.ts
+/**
+ * An {@link AuthClient} augmented with Svelte stores.
+ */
+type SvelteAuthClient<Plugins extends readonly AnyClientPlugin[], TFields = unknown> = Prettify<AuthClient<Plugins, TFields> & {
+  /**
+   * The reactive session as a Svelte readable store. Use it with `$`:
+   * `$session.data`, `$session.isPending`, `$session.error`.
+   */
+  useSession: () => Readable<SessionState<TFields>>;
+}>;
+/**
+ * Create a Limen auth client with Svelte stores attached.
+ *
+ * nanostores stores already satisfy Svelte's store contract (`subscribe(run)`
+ * fires immediately and returns an unsubscribe), so `useSession` returns the
+ * reactive `$session` store directly — no wrapper.
+ */
+declare function createAuthClient<const Plugins extends readonly AnyClientPlugin[] = readonly [], TFields = unknown>(opts: CreateAuthClientOptions<Plugins, TFields>): SvelteAuthClient<Plugins, TFields>;
+//#endregion
+export { type AuthClient, type CreateAuthClientOptions, type Session, type SessionState, type SessionStore, SvelteAuthClient, type User, createAuthClient };
+//# sourceMappingURL=index.d.mts.map

package/dist/svelte/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/svelte/index.ts"],"mappings":";;;;;;;KAUY,gBAAA,0BAA0C,eAAA,yBAAwC,QAAA,CAC5F,UAAA,CAAW,OAAA,EAAS,OAAA;EAAA;;;;EAKlB,UAAA,QAAkB,QAAA,CAAS,YAAA,CAAa,OAAA;AAAA;;;;;;;;iBAW5B,gBAAA,gCAAgD,eAAA,qCAC9D,IAAA,EAAM,uBAAA,CAAwB,OAAA,EAAS,OAAA,IACtC,gBAAA,CAAiB,OAAA,EAAS,OAAA"}

package/dist/svelte/index.mjs

@@ -0,0 +1,18 @@
+import { t as createAuthClient$1 } from "../client-Er91De-z.mjs";
+//#region src/svelte/index.ts
+/**
+* Create a Limen auth client with Svelte stores attached.
+*
+* nanostores stores already satisfy Svelte's store contract (`subscribe(run)`
+* fires immediately and returns an unsubscribe), so `useSession` returns the
+* reactive `$session` store directly — no wrapper.
+*/
+function createAuthClient(opts) {
+	const client = createAuthClient$1(opts);
+	const useSession = () => client.$session;
+	return Object.assign(client, { useSession });
+}
+//#endregion
+export { createAuthClient };
+
+//# sourceMappingURL=index.mjs.map

package/dist/svelte/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":["createCoreClient"],"sources":["../../src/svelte/index.ts"],"sourcesContent":["import type { Readable } from \"svelte/store\";\nimport { createAuthClient as createCoreClient } from \"../client\";\nimport type { AnyClientPlugin } from \"../define-plugin\";\nimport type { SessionState } from \"../session-store\";\nimport type { Prettify } from \"../type-utils\";\nimport type { AuthClient, CreateAuthClientOptions } from \"../types\";\n\n/**\n * An {@link AuthClient} augmented with Svelte stores.\n */\nexport type SvelteAuthClient<Plugins extends readonly AnyClientPlugin[], TFields = unknown> = Prettify<\n  AuthClient<Plugins, TFields> & {\n    /**\n     * The reactive session as a Svelte readable store. Use it with `$`:\n     * `$session.data`, `$session.isPending`, `$session.error`.\n     */\n    useSession: () => Readable<SessionState<TFields>>;\n  }\n>;\n\n/**\n * Create a Limen auth client with Svelte stores attached.\n *\n * nanostores stores already satisfy Svelte's store contract (`subscribe(run)`\n * fires immediately and returns an unsubscribe), so `useSession` returns the\n * reactive `$session` store directly — no wrapper.\n */\nexport function createAuthClient<const Plugins extends readonly AnyClientPlugin[] = readonly [], TFields = unknown>(\n  opts: CreateAuthClientOptions<Plugins, TFields>,\n): SvelteAuthClient<Plugins, TFields> {\n  const client = createCoreClient<Plugins, TFields>(opts);\n  const useSession = (): Readable<SessionState<TFields>> =>\n    client.$session as unknown as Readable<SessionState<TFields>>;\n\n  return Object.assign(client, { useSession }) as SvelteAuthClient<Plugins, TFields>;\n}\n\nexport type { SessionState, SessionStore } from \"../session-store\";\nexport type { AuthClient, CreateAuthClientOptions, Session, User } from \"../types\";\n"],"mappings":";;;;;;;;;AA2BA,SAAgB,iBACd,MACoC;CACpC,MAAM,SAASA,mBAAmC,IAAI;CACtD,MAAM,mBACJ,OAAO;CAET,OAAO,OAAO,OAAO,QAAQ,EAAE,WAAW,CAAC;AAC7C"}

package/dist/vue/index.d.mts

@@ -0,0 +1,36 @@
+import { D as User, E as Session, O as SessionState, V as Prettify, _ as AuthClient, k as SessionStore, t as AnyClientPlugin, y as CreateAuthClientOptions } from "../define-plugin-Dv0xXIaH.mjs";
+import { Store, StoreValue } from "nanostores";
+import { DeepReadonly, ShallowRef, UnwrapNestedRefs } from "vue";
+
+//#region src/vue/vue-store.d.ts
+/** What {@link useStore} returns: a readonly reactive ref of the store value. */
+type ReactiveValue<Value> = DeepReadonly<UnwrapNestedRefs<ShallowRef<Value>>>;
+/**
+ * Subscribe a Vue component to a nanostores store.
+ *
+ * Modeled on `@nanostores/vue`'s `useStore`: a `shallowRef` mirrors the store
+ * value, `subscribe` keeps it in sync (firing once immediately), and the
+ * listener is torn down on scope dispose. On the server (no `window`) it reads
+ * once without subscribing, so a store seeded with `initialSession` renders
+ * without leaving a subscription behind.
+ */
+declare function useStore<SomeStore extends Store>(store: SomeStore): ReactiveValue<StoreValue<SomeStore>>;
+//#endregion
+//#region src/vue/index.d.ts
+/**
+ * An {@link AuthClient} augmented with Vue composables.
+ */
+type VueAuthClient<Plugins extends readonly AnyClientPlugin[], TFields = unknown> = Prettify<AuthClient<Plugins, TFields> & {
+  /**
+   * Reactively read the session store as a readonly ref. Updates whenever
+   * `{ data, isPending, error }` changes.
+   */
+  useSession: () => ReactiveValue<SessionState<TFields>>;
+}>;
+/**
+ * Create a Limen auth client with Vue composables attached.
+ */
+declare function createAuthClient<const Plugins extends readonly AnyClientPlugin[] = readonly [], TFields = unknown>(opts: CreateAuthClientOptions<Plugins, TFields>): VueAuthClient<Plugins, TFields>;
+//#endregion
+export { type AuthClient, type CreateAuthClientOptions, type ReactiveValue, type Session, type SessionState, type SessionStore, type User, VueAuthClient, createAuthClient, useStore };
+//# sourceMappingURL=index.d.mts.map

package/dist/vue/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/vue/vue-store.ts","../../src/vue/index.ts"],"mappings":";;;;;;KAKY,aAAA,UAAuB,YAAA,CAAa,gBAAA,CAAiB,UAAA,CAAW,KAAA;;AAA5E;;;;;;;;iBAWgB,QAAA,mBAA2B,KAAA,EAAO,KAAA,EAAO,SAAA,GAAY,aAAA,CAAc,UAAA,CAAW,SAAA;;;AAX9F;;;AAAA,KCMY,aAAA,0BAAuC,eAAA,yBAAwC,QAAA,CACzF,UAAA,CAAW,OAAA,EAAS,OAAA;EDP2C;;;;ECY7D,UAAA,QAAkB,aAAA,CAAc,YAAA,CAAa,OAAA;AAAA;;;;iBAOjC,gBAAA,gCAAgD,eAAA,qCAC9D,IAAA,EAAM,uBAAA,CAAwB,OAAA,EAAS,OAAA,IACtC,aAAA,CAAc,OAAA,EAAS,OAAA"}

package/dist/vue/index.mjs

@@ -0,0 +1,36 @@
+import { t as createAuthClient$1 } from "../client-Er91De-z.mjs";
+import { getCurrentScope, onScopeDispose, readonly, shallowRef } from "vue";
+//#region src/vue/vue-store.ts
+/**
+* Subscribe a Vue component to a nanostores store.
+*
+* Modeled on `@nanostores/vue`'s `useStore`: a `shallowRef` mirrors the store
+* value, `subscribe` keeps it in sync (firing once immediately), and the
+* listener is torn down on scope dispose. On the server (no `window`) it reads
+* once without subscribing, so a store seeded with `initialSession` renders
+* without leaving a subscription behind.
+*/
+function useStore(store) {
+	const state = shallowRef(store.get());
+	if (typeof window !== "undefined") {
+		const unsubscribe = store.subscribe((value) => {
+			state.value = value;
+		});
+		if (getCurrentScope()) onScopeDispose(unsubscribe);
+	}
+	return readonly(state);
+}
+//#endregion
+//#region src/vue/index.ts
+/**
+* Create a Limen auth client with Vue composables attached.
+*/
+function createAuthClient(opts) {
+	const client = createAuthClient$1(opts);
+	const useSession = () => useStore(client.$session);
+	return Object.assign(client, { useSession });
+}
+//#endregion
+export { createAuthClient, useStore };
+
+//# sourceMappingURL=index.mjs.map