npm - mates-auth - Versions diffs - 1.0.0-beta.1 - Mend

mates-auth 1.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/use-jwt.js ADDED Viewed

@@ -0,0 +1,274 @@
+import { AuthError } from "mates-fullstack";
+import { jwt } from "mates-fullstack";
+import { onRequest } from "mates-fullstack";
+const ACCESS_TOKEN_TYPE = "access";
+const REFRESH_TOKEN_TYPE = "refresh";
+let activeConfig = null;
+/**
+ * Register the JWT auth middleware. Call once at module level in
+ * server/main.ts. It verifies httpOnly access/refresh tokens, updates
+ * `ctx.auth`, and clears cookies on logout.
+ */
+export function useJWT(options = {}) {
+    const config = resolveConfig(options, false);
+    activeConfig = config;
+    onRequest(async (c) => {
+        await processAuthRequest(c, config);
+    });
+}
+export const auth = {
+    /**
+     * Create access/refresh token pair, set httpOnly cookies, and update
+     * `ctx.auth` for this request.
+     */
+    async login(ctx, payload, options = {}) {
+        const config = resolveConfig(options);
+        const authPayload = normalizeAuthPayload(payload, config);
+        const userId = requireUserId(authPayload, config);
+        const tokenPair = await signTokenPair(authPayload, userId, config);
+        clearAuthCookies(ctx, config);
+        setTokenCookies(ctx, tokenPair, config);
+        ctx.auth = { ...authPayload, userId, sub: userId, isAuthenticated: true };
+        return { ...tokenPair, auth: ctx.auth };
+    },
+    /** Clear access and refresh cookies. */
+    logout(ctx, options = {}) {
+        const config = resolveConfig(options);
+        clearAuthCookies(ctx, config);
+        ctx.auth = null;
+    },
+};
+// ─── Refresh token JTI store ──────────────────────────────────────────────────
+// Tracks consumed refresh token JTIs to prevent replay attacks.
+// Single-process only — for multi-instance deployments, use onRefresh to
+// check a shared store (Redis, DB) and return null to force re-login.
+const _consumedJtis = new Map(); // jti → exp (unix seconds)
+function _isJtiConsumed(jti) {
+    const now = Math.floor(Date.now() / 1000);
+    // Opportunistic cleanup of expired entries
+    for (const [k, exp] of _consumedJtis) {
+        if (exp < now)
+            _consumedJtis.delete(k);
+    }
+    return _consumedJtis.has(jti);
+}
+function _consumeJti(jti, exp) {
+    _consumedJtis.set(jti, exp);
+}
+async function processAuthRequest(ctx, config) {
+    ctx.auth = null;
+    ctx.httpCookie = ctx.cookie;
+    const accessRaw = ctx.cookie.get(config.accessCookieName);
+    const refreshRaw = ctx.cookie.get(config.refreshCookieName);
+    const tokensWerePresent = Boolean(accessRaw || refreshRaw);
+    if (!tokensWerePresent) {
+        // Clear any stale legacy cookies so they don't linger in the browser
+        if (config.legacyCookieNames.length > 0) {
+            const deleteOpts = cookieDeleteOptions(config);
+            for (const name of config.legacyCookieNames) {
+                if (ctx.cookie.get(name)) {
+                    ctx.cookie.delete(name, deleteOpts);
+                }
+            }
+        }
+        return;
+    }
+    const accessPayload = accessRaw
+        ? await verifyTypedToken(accessRaw, ACCESS_TOKEN_TYPE, config)
+        : null;
+    if (accessPayload) {
+        const verified = await validateVerifiedAuth(accessPayload, ctx, config);
+        if (!verified)
+            return logoutOrThrow(ctx, config, "Unauthorized");
+        return;
+    }
+    const refreshPayload = refreshRaw
+        ? await verifyTypedToken(refreshRaw, REFRESH_TOKEN_TYPE, config)
+        : null;
+    if (!refreshPayload) {
+        return logoutOrThrow(ctx, config, "Authentication expired");
+    }
+    // Reject replayed refresh tokens
+    const refreshJti = typeof refreshPayload.jti === "string" ? refreshPayload.jti : null;
+    if (!refreshJti || _isJtiConsumed(refreshJti)) {
+        return logoutOrThrow(ctx, config, "Authentication expired");
+    }
+    const userId = config.getUserId(refreshPayload);
+    if (!userId) {
+        return logoutOrThrow(ctx, config, "Authentication expired");
+    }
+    const freshClaims = config.onRefresh
+        ? await config.onRefresh(userId, refreshPayload, ctx)
+        : refreshClaimsToAuth(refreshPayload, userId);
+    if (!freshClaims) {
+        return logoutOrThrow(ctx, config, "Authentication expired");
+    }
+    const authPayload = normalizeAuthPayload(freshClaims, config);
+    const freshUserId = requireUserId(authPayload, config);
+    if (freshUserId !== userId) {
+        return logoutOrThrow(ctx, config, "Authentication expired");
+    }
+    const verified = await validateVerifiedAuth(authPayload, ctx, config);
+    if (!verified)
+        return logoutOrThrow(ctx, config, "Unauthorized");
+    const tokens = await signTokenPair(authPayload, freshUserId, config);
+    setTokenCookies(ctx, tokens, config);
+    // Consume the used refresh JTI — prevents replay of the same token
+    _consumeJti(refreshJti, typeof refreshPayload.exp === "number" ? refreshPayload.exp : 0);
+}
+async function validateVerifiedAuth(payload, ctx, config) {
+    const authPayload = normalizeAuthPayload(payload, config);
+    const userId = config.getUserId(authPayload);
+    if (!userId)
+        return false;
+    if (config.onVerify) {
+        const valid = await config.onVerify(authPayload, ctx);
+        if (!valid)
+            return false;
+    }
+    ctx.auth = { ...authPayload, userId, sub: userId, isAuthenticated: true };
+    return true;
+}
+async function signTokenPair(payload, userId, config) {
+    const tokens = jwt(config.secret);
+    const accessToken = await tokens.sign({
+        ...stripJwtTiming(payload),
+        sub: userId,
+        userId,
+        tokenType: ACCESS_TOKEN_TYPE,
+    }, { expiresIn: config.accessExpiresIn });
+    const refreshToken = await tokens.sign({ sub: userId, userId, tokenType: REFRESH_TOKEN_TYPE }, { expiresIn: config.refreshExpiresIn, includeJti: true });
+    return { accessToken, refreshToken };
+}
+function setTokenCookies(ctx, tokens, config) {
+    ctx.cookie.set(config.accessCookieName, tokens.accessToken, {
+        ...baseCookieOptions(config),
+        httpOnly: true,
+        maxAge: parseDuration(config.accessExpiresIn),
+    });
+    ctx.cookie.set(config.refreshCookieName, tokens.refreshToken, {
+        ...baseCookieOptions(config),
+        httpOnly: true,
+        maxAge: parseDuration(config.refreshExpiresIn),
+    });
+}
+async function verifyTypedToken(token, tokenType, config) {
+    const payload = await jwt(config.secret).verify(token);
+    if (!payload || payload.tokenType !== tokenType)
+        return null;
+    return payload;
+}
+function logoutOrThrow(ctx, config, message) {
+    clearAuthCookies(ctx, config);
+    ctx.auth = null;
+    if (config.throwErrorIfTokensExpired) {
+        throw new AuthError(message);
+    }
+}
+function clearAuthCookies(ctx, config) {
+    const options = cookieDeleteOptions(config);
+    ctx.cookie.delete(config.accessCookieName, options);
+    ctx.cookie.delete(config.refreshCookieName, options);
+    for (const name of config.legacyCookieNames) {
+        ctx.cookie.delete(name, options);
+    }
+}
+function normalizeAuthPayload(payload, config) {
+    const userId = config.getUserId(payload);
+    const clean = stripJwtTiming(payload);
+    delete clean.tokenType;
+    if (userId) {
+        clean.userId = userId;
+        clean.sub = userId;
+    }
+    return clean;
+}
+function requireUserId(payload, config) {
+    const userId = config.getUserId(payload);
+    if (!userId) {
+        throw new AuthError("Auth payload must include userId, id, or sub");
+    }
+    return userId;
+}
+function refreshClaimsToAuth(refreshPayload, userId) {
+    const clean = stripJwtTiming(refreshPayload);
+    delete clean.tokenType;
+    delete clean.jti;
+    return { ...clean, userId, sub: userId };
+}
+function stripJwtTiming(payload) {
+    const { iat: _iat, exp: _exp, nbf: _nbf, iss: _iss, aud: _aud, ...rest } = payload;
+    return { ...rest };
+}
+function defaultGetUserId(claims) {
+    const value = claims.userId ?? claims.id ?? claims.sub;
+    return typeof value === "string" && value.length > 0 ? value : undefined;
+}
+function resolveConfig(options = {}, inheritPrevious = true) {
+    const previous = inheritPrevious ? activeConfig : null;
+    const secret = options.secret ??
+        previous?.secret ??
+        process.env.AUTH_JWT_SECRET ??
+        process.env.JWT_SECRET;
+    if (!secret || secret.length < 8) {
+        throw new Error("[mates-fullstack-auth] useJWT: secret must be configured via " +
+            "useJWT({ secret }), AUTH_JWT_SECRET, or JWT_SECRET.");
+    }
+    const refreshExpiresIn = options.refreshExpiresIn ?? previous?.refreshExpiresIn ?? "30d";
+    return {
+        secret,
+        throwErrorIfTokensExpired: options.throwErrorIfTokensExpired ??
+            previous?.throwErrorIfTokensExpired ??
+            true,
+        accessCookieName: options.accessCookieName ?? previous?.accessCookieName ?? "mates_access",
+        refreshCookieName: options.refreshCookieName ??
+            previous?.refreshCookieName ??
+            "mates_refresh",
+        accessExpiresIn: options.accessExpiresIn ?? previous?.accessExpiresIn ?? "15m",
+        refreshExpiresIn,
+        path: options.path ?? previous?.path ?? "/",
+        domain: options.domain ?? previous?.domain,
+        sameSite: options.sameSite ?? previous?.sameSite ?? "lax",
+        secure: options.secure ??
+            previous?.secure ??
+            process.env.NODE_ENV === "production",
+        onRefresh: options.onRefresh ?? previous?.onRefresh,
+        onVerify: options.onVerify ?? previous?.onVerify,
+        getUserId: options.getUserId ?? previous?.getUserId ?? defaultGetUserId,
+        legacyCookieNames: options.legacyCookieNames ?? previous?.legacyCookieNames ?? [],
+    };
+}
+function baseCookieOptions(config) {
+    return {
+        path: config.path,
+        domain: config.domain,
+        sameSite: config.sameSite,
+        secure: config.secure,
+    };
+}
+function cookieDeleteOptions(config) {
+    return { path: config.path, domain: config.domain };
+}
+function parseDuration(value) {
+    if (typeof value === "number")
+        return Math.floor(value);
+    const str = value.trim();
+    if (/^\d+$/.test(str))
+        return Number(str);
+    const match = str.match(/^(\d+(?:\.\d+)?)\s*(s|m|h|d|w)$/i);
+    if (!match) {
+        throw new Error(`[mates-fullstack-auth] useJWT: invalid duration "${value}". ` +
+            "Use seconds or strings like 15m, 1h, 30d.");
+    }
+    const amount = Number(match[1]);
+    const unit = match[2].toLowerCase();
+    const multipliers = {
+        s: 1,
+        m: 60,
+        h: 3600,
+        d: 86400,
+        w: 604800,
+    };
+    return Math.floor(amount * multipliers[unit]);
+}
+//# sourceMappingURL=use-jwt.js.map

package/dist/use-jwt.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"use-jwt.js","sourceRoot":"","sources":["../src/use-jwt.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,GAAG,EAAwC,MAAM,iBAAiB,CAAC;AAC5E,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AA2E5C,MAAM,iBAAiB,GAAG,QAAQ,CAAC;AACnC,MAAM,kBAAkB,GAAG,SAAS,CAAC;AAErC,IAAI,YAAY,GAA8B,IAAI,CAAC;AAEnD;;;;GAIG;AACH,MAAM,UAAU,MAAM,CAAC,UAAsB,EAAE;IAC7C,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC7C,YAAY,GAAG,MAAM,CAAC;IAEtB,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;QACpB,MAAM,kBAAkB,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,MAAM,IAAI,GAAG;IAClB;;;OAGG;IACH,KAAK,CAAC,KAAK,CACT,GAAY,EACZ,OAAmB,EACnB,UAA4B,EAAE;QAM9B,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QACtC,MAAM,WAAW,GAAG,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAG,aAAa,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACnE,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC9B,eAAe,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QACxC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;QAC1E,OAAO,EAAE,GAAG,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC,IAAmB,EAAE,CAAC;IACzD,CAAC;IAED,wCAAwC;IACxC,MAAM,CAAC,GAAY,EAAE,UAA+B,EAAE;QACpD,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QACtC,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC9B,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;IAClB,CAAC;CACF,CAAC;AAEF,iFAAiF;AACjF,gEAAgE;AAChE,yEAAyE;AACzE,sEAAsE;AAEtE,MAAM,aAAa,GAAG,IAAI,GAAG,EAAkB,CAAC,CAAC,2BAA2B;AAE5E,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,2CAA2C;IAC3C,KAAK,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,aAAa,EAAE,CAAC;QACrC,IAAI,GAAG,GAAG,GAAG;YAAE,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IACD,OAAO,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,WAAW,CAAC,GAAW,EAAE,GAAW;IAC3C,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAC9B,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,GAAY,EACZ,MAA0B;IAE1B,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;IAChB,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC;IAE5B,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAC5D,MAAM,iBAAiB,GAAG,OAAO,CAAC,SAAS,IAAI,UAAU,CAAC,CAAC;IAE3D,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,qEAAqE;QACrE,IAAI,MAAM,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxC,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC/C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;gBAC5C,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBACzB,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,aAAa,GAAG,SAAS;QAC7B,CAAC,CAAC,MAAM,gBAAgB,CAAC,SAAS,EAAE,iBAAiB,EAAE,MAAM,CAAC;QAC9D,CAAC,CAAC,IAAI,CAAC;IAET,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC,aAAa,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;QACxE,IAAI,CAAC,QAAQ;YAAE,OAAO,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAED,MAAM,cAAc,GAAG,UAAU;QAC/B,CAAC,CAAC,MAAM,gBAAgB,CAAC,UAAU,EAAE,kBAAkB,EAAE,MAAM,CAAC;QAChE,CAAC,CAAC,IAAI,CAAC;IAET,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,wBAAwB,CAAC,CAAC;IAC9D,CAAC;IAED,iCAAiC;IACjC,MAAM,UAAU,GACd,OAAO,cAAc,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IACrE,IAAI,CAAC,UAAU,IAAI,cAAc,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9C,OAAO,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,wBAAwB,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IAChD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,wBAAwB,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS;QAClC,CAAC,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,cAAc,EAAE,GAAG,CAAC;QACrD,CAAC,CAAC,mBAAmB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IAEhD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,wBAAwB,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,WAAW,GAAG,oBAAoB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,WAAW,GAAG,aAAa,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IACvD,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QAC3B,OAAO,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,wBAAwB,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;IACtE,IAAI,CAAC,QAAQ;QAAE,OAAO,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;IAEjE,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;IACrE,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAErC,mEAAmE;IACnE,WAAW,CACT,UAAU,EACV,OAAO,cAAc,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAChE,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,OAAmB,EACnB,GAAY,EACZ,MAA0B;IAE1B,MAAM,WAAW,GAAG,oBAAoB,CAAC,OAAqB,EAAE,MAAM,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAE1B,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;IAC3B,CAAC;IAED,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;IAC1E,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAmB,EACnB,MAAc,EACd,MAA0B;IAE1B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAClC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,IAAI,CACnC;QACE,GAAG,cAAc,CAAC,OAAO,CAAC;QAC1B,GAAG,EAAE,MAAM;QACX,MAAM;QACN,SAAS,EAAE,iBAAiB;KAC7B,EACD,EAAE,SAAS,EAAE,MAAM,CAAC,eAAe,EAAE,CACtC,CAAC;IACF,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,IAAI,CACpC,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,EACtD,EAAE,SAAS,EAAE,MAAM,CAAC,gBAAgB,EAAE,UAAU,EAAE,IAAI,EAAE,CACzD,CAAC;IACF,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;AACvC,CAAC;AAED,SAAS,eAAe,CACtB,GAAY,EACZ,MAAqD,EACrD,MAA0B;IAE1B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,WAAW,EAAE;QAC1D,GAAG,iBAAiB,CAAC,MAAM,CAAC;QAC5B,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,eAAe,CAAC;KAC9C,CAAC,CAAC;IACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,YAAY,EAAE;QAC5D,GAAG,iBAAiB,CAAC,MAAM,CAAC;QAC5B,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,gBAAgB,CAAC;KAC/C,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,KAAa,EACb,SAAiB,EACjB,MAA0B;IAE1B,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,aAAa,CACpB,GAAY,EACZ,MAA0B,EAC1B,OAAe;IAEf,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC9B,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;IAChB,IAAI,MAAM,CAAC,yBAAyB,EAAE,CAAC;QACrC,MAAM,IAAI,SAAS,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAY,EAAE,MAA0B;IAChE,MAAM,OAAO,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC5C,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IACpD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;IACrD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAC5C,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAC3B,OAAmB,EACnB,MAA0B;IAE1B,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAe,CAAC;IACpD,OAAO,KAAK,CAAC,SAAS,CAAC;IACvB,IAAI,MAAM,EAAE,CAAC;QACX,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC;QACtB,KAAK,CAAC,GAAG,GAAG,MAAM,CAAC;IACrB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CACpB,OAAmB,EACnB,MAA0B;IAE1B,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,SAAS,CAAC,8CAA8C,CAAC,CAAC;IACtE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,mBAAmB,CAC1B,cAA0B,EAC1B,MAAc;IAEd,MAAM,KAAK,GAAG,cAAc,CAAC,cAAc,CAAe,CAAC;IAC3D,OAAO,KAAK,CAAC,SAAS,CAAC;IACvB,OAAO,KAAK,CAAC,GAAG,CAAC;IACjB,OAAO,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;AAC3C,CAAC;AAED,SAAS,cAAc,CAAoC,OAAU;IACnE,MAAM,EACJ,GAAG,EAAE,IAAI,EACT,GAAG,EAAE,IAAI,EACT,GAAG,EAAE,IAAI,EACT,GAAG,EAAE,IAAI,EACT,GAAG,EAAE,IAAI,EACT,GAAG,IAAI,EACR,GAAG,OAAO,CAAC;IACZ,OAAO,EAAE,GAAG,IAAI,EAAO,CAAC;AAC1B,CAAC;AAED,SAAS,gBAAgB,CAAC,MAA+B;IACvD,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,GAAG,CAAC;IACvD,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAC3E,CAAC;AAED,SAAS,aAAa,CACpB,UAA+B,EAAE,EACjC,eAAe,GAAG,IAAI;IAEtB,MAAM,QAAQ,GAAG,eAAe,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC;IACvD,MAAM,MAAM,GACV,OAAO,CAAC,MAAM;QACd,QAAQ,EAAE,MAAM;QAChB,OAAO,CAAC,GAAG,CAAC,eAAe;QAC3B,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IAEzB,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,+DAA+D;YAC7D,qDAAqD,CACxD,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GACpB,OAAO,CAAC,gBAAgB,IAAI,QAAQ,EAAE,gBAAgB,IAAI,KAAK,CAAC;IAElE,OAAO;QACL,MAAM;QACN,yBAAyB,EACvB,OAAO,CAAC,yBAAyB;YACjC,QAAQ,EAAE,yBAAyB;YACnC,IAAI;QACN,gBAAgB,EACd,OAAO,CAAC,gBAAgB,IAAI,QAAQ,EAAE,gBAAgB,IAAI,cAAc;QAC1E,iBAAiB,EACf,OAAO,CAAC,iBAAiB;YACzB,QAAQ,EAAE,iBAAiB;YAC3B,eAAe;QACjB,eAAe,EACb,OAAO,CAAC,eAAe,IAAI,QAAQ,EAAE,eAAe,IAAI,KAAK;QAC/D,gBAAgB;QAChB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,QAAQ,EAAE,IAAI,IAAI,GAAG;QAC3C,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,QAAQ,EAAE,MAAM;QAC1C,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,QAAQ,EAAE,QAAQ,IAAI,KAAK;QACzD,MAAM,EACJ,OAAO,CAAC,MAAM;YACd,QAAQ,EAAE,MAAM;YAChB,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;QACvC,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,QAAQ,EAAE,SAAS;QACnD,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,QAAQ,EAAE,QAAQ;QAChD,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,QAAQ,EAAE,SAAS,IAAI,gBAAgB;QACvE,iBAAiB,EACf,OAAO,CAAC,iBAAiB,IAAI,QAAQ,EAAE,iBAAiB,IAAI,EAAE;KACjE,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,MAA0B;IACnD,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAC1B,MAA0B;IAE1B,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;AACtD,CAAC;AAED,SAAS,aAAa,CAAC,KAAmB;IACxC,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACxD,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IACzB,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAC5D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,oDAAoD,KAAK,KAAK;YAC5D,2CAA2C,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAChC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACpC,MAAM,WAAW,GAA2B;QAC1C,CAAC,EAAE,CAAC;QACJ,CAAC,EAAE,EAAE;QACL,CAAC,EAAE,IAAI;QACP,CAAC,EAAE,KAAK;QACR,CAAC,EAAE,MAAM;KACV,CAAC;IACF,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;AAChD,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,31 @@
+{
+  "name": "mates-auth",
+  "version": "1.0.0-beta.1",
+  "type": "module",
+  "description": "Authentication middleware for mates-fullstack — JWT, social login, SSO.",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "dependencies": {
+    "mates-fullstack": "file:../mates-fullstack"
+  },
+  "optionalDependencies": {
+    "arctic": "^3.7.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "typescript": "^5.3.2"
+  },
+  "scripts": {
+    "build": "tsc",
+    "type-check": "tsc --noEmit"
+  }
+}