mcpmake 0.1.0 → 0.2.0

package/dist/cloud/web/auth.d.ts

@@ -1,225 +0,0 @@
-/**
- * User accounts and session management.
- *
- * Uses Node.js built-in crypto for password hashing (scrypt) and
- * session token generation. Zero external dependencies.
- */
-import http from 'node:http';
-export interface UserRecord {
-    id: string;
-    email: string;
-    passwordHash: string;
-    plan: 'free' | 'hobbyist' | 'pro' | 'team' | 'enterprise';
-    isAdmin: boolean;
-    createdAt: string;
-    lastLoginAt: string;
-    stripeCustomerId?: string;
-    passwordResetTokenHash?: string;
-    passwordResetExpiresAt?: number;
-    /** Whether the user has confirmed their email address. */
-    emailVerified?: boolean;
-    /** SHA-256 hash of the pending email verification token. */
-    emailVerificationTokenHash?: string;
-    /** Epoch ms of the current Stripe subscription period end (billing anchor). */
-    subscriptionPeriodEnd?: number;
-    /**
-     * Persistent balance of promotional bonus tool-calls. Consumed when the user
-     * is over their plan's monthly call quota, before the 429 hard cap. The
-     * canonical balance lives in the credit store ({@link getCreditStore}); this
-     * mirrors the `credits_calls` column in Pg mode for convenience.
-     */
-    creditsCalls?: number;
-}
-export interface SessionRecord {
-    token: string;
-    userId: string;
-    csrfToken: string;
-    createdAt: number;
-    expiresAt: number;
-    pendingServerTokens?: Record<string, string>;
-}
-/**
- * Hash a password using scrypt.
- * Returns "salt:hash" where salt is 16 random bytes hex, hash is 64-byte scrypt output hex.
- */
-export declare function hashPassword(password: string): Promise<string>;
-/**
- * Verify a password against a stored "salt:hash" string.
- * Uses constant-time comparison to prevent timing attacks.
- */
-export declare function verifyPassword(password: string, stored: string): Promise<boolean>;
-export declare class UserStore {
-    private users;
-    create(record: UserRecord): void;
-    getById(id: string): UserRecord | undefined;
-    getByEmail(email: string): UserRecord | undefined;
-    list(): UserRecord[];
-    update(id: string, updates: Partial<UserRecord>): void;
-    delete(id: string): void;
-    getByResetToken(tokenHash: string): UserRecord | undefined;
-    getByVerificationToken(tokenHash: string): UserRecord | undefined;
-    getByStripeCustomerId(customerId: string): UserRecord | undefined;
-    count(): number;
-}
-export declare class SessionStore {
-    private sessions;
-    create(userId: string): SessionRecord;
-    get(token: string): SessionRecord | undefined;
-    destroy(token: string): void;
-    setPendingServerToken(sessionToken: string, slug: string, token: string): void;
-    consumePendingServerToken(sessionToken: string, slug: string): string | undefined;
-    cleanup(): void;
-}
-export declare const userStore: UserStore;
-export declare const sessionStore: SessionStore;
-/**
- * Look up a user by ID, preferring the Pg store when available.
- */
-export declare function getUserById(id: string): Promise<UserRecord | undefined>;
-/**
- * Look up a user by email, preferring the Pg store when available.
- */
-export declare function getUserByEmail(email: string): Promise<UserRecord | undefined>;
-/**
- * Look up a user by Stripe customer ID, preferring the Pg store when available.
- */
-export declare function getUserByStripeCustomerId(customerId: string): Promise<UserRecord | undefined>;
-/**
- * Look up a user by email verification token hash.
- */
-export declare function getUserByVerificationToken(tokenHash: string): Promise<UserRecord | undefined>;
-/**
- * Create a user, persisting to Pg when available, otherwise in-memory.
- */
-export declare function createUser(record: UserRecord): Promise<void>;
-/**
- * Update a user, persisting to Pg when available, otherwise in-memory.
- */
-export declare function updateUser(id: string, updates: Partial<UserRecord>): Promise<void>;
-/**
- * Delete a user, removing from Pg when available, otherwise in-memory.
- */
-export declare function deleteUser(id: string): Promise<void>;
-/**
- * Count users, preferring Pg when available.
- */
-export declare function countUsers(): Promise<number>;
-/**
- * List all users, preferring Pg when available.
- */
-export declare function listUsers(): Promise<UserRecord[]>;
-/**
- * Get a session by token, preferring Pg when available.
- */
-export declare function getSession(token: string): Promise<SessionRecord | undefined>;
-/**
- * Create a session, persisting to Pg when available, otherwise in-memory.
- * Note: anonymous sessions (userId === '__anon__') always use in-memory
- * because the Pg sessions table has a FK constraint on users(id).
- */
-export declare function createSession(userId: string): Promise<SessionRecord>;
-/**
- * Destroy a session, removing from Pg when available, otherwise in-memory.
- * Destroys from both stores to handle sessions that may have been created
- * in-memory (anon sessions) even when Pg is available.
- */
-export declare function destroySession(token: string): Promise<void>;
-/**
- * Set a pending server token on a session.
- */
-export declare function setPendingToken(sessionToken: string, slug: string, serverBearerToken: string): Promise<void>;
-/**
- * Consume a pending server token from a session.
- */
-export declare function consumePendingToken(sessionToken: string, slug: string): Promise<string | undefined>;
-/**
- * Clean up expired sessions from both stores.
- */
-export declare function cleanupSessions(): Promise<void>;
-/**
- * Generate a password reset token.
- * Returns the raw token (for the email link) and its SHA-256 hash (for storage).
- */
-export declare function generateResetToken(): {
-    token: string;
-    hash: string;
-};
-/**
- * Hash a reset token for lookup.
- */
-export declare function hashResetToken(token: string): string;
-/**
- * Store a password reset token for a user.
- */
-export declare function setPasswordResetToken(userId: string, tokenHash: string): Promise<void>;
-/**
- * Look up a user by their password reset token hash.
- * Returns undefined if token is invalid or expired.
- */
-export declare function getUserByResetToken(tokenHash: string): Promise<UserRecord | undefined>;
-/**
- * Whether email verification is enforced for this deployment. Enforced when a
- * mailer is configured (production) or explicitly requested. In pure dev (no
- * SMTP) the flow still works — the link is logged to the console — but server
- * creation is not blocked, so local testing isn't impeded.
- */
-export declare function isEmailVerificationRequired(): boolean;
-/**
- * Generate an email verification token. Returns the raw token (for the link)
- * and its SHA-256 hash (for storage).
- */
-export declare function generateVerificationToken(): {
-    token: string;
-    hash: string;
-};
-/** Hash a verification token for lookup. */
-export declare function hashVerificationToken(token: string): string;
-/** Store a pending email verification token hash for a user. */
-export declare function setEmailVerificationToken(userId: string, tokenHash: string): Promise<void>;
-/** Mark a user's email as verified and clear the pending token. */
-export declare function markEmailVerified(userId: string): Promise<void>;
-/** Clear a user's email verification token. */
-export declare function clearEmailVerificationToken(userId: string): Promise<void>;
-/**
- * Clear a user's password reset token after successful reset.
- */
-export declare function clearPasswordResetToken(userId: string): Promise<void>;
-/**
- * Parse the mf_session cookie from request headers.
- */
-export declare function getSessionToken(req: http.IncomingMessage): string | undefined;
-/**
- * Set session cookie on response.
- * Cookie: mf_session={token}; HttpOnly; SameSite=Strict; Path=/; Max-Age=604800
- * Adds Secure when the request is HTTPS or forwarded as HTTPS.
- */
-export declare function setSessionCookie(res: http.ServerResponse, req: http.IncomingMessage, token: string): void;
-/**
- * Clear session cookie on response.
- */
-export declare function clearSessionCookie(res: http.ServerResponse, req: http.IncomingMessage): void;
-/**
- * Get authenticated user from request, or null.
- * Reads the mf_session cookie, looks up the session, then the user.
- * Tries Pg stores first when available, falls back to in-memory.
- */
-export declare function getAuthenticatedUser(req: http.IncomingMessage): Promise<{
-    user: UserRecord;
-    session: SessionRecord;
-} | null>;
-/**
- * Require authentication. Returns user+session or sends 302 redirect to /login.
- * Returns null if the redirect was sent (caller should stop processing).
- */
-export declare function requireAuth(req: http.IncomingMessage, res: http.ServerResponse): Promise<{
-    user: UserRecord;
-    session: SessionRecord;
-} | null>;
-/**
- * Require admin. Returns user+session or sends 403.
- * Returns null if the error response was sent (caller should stop processing).
- */
-export declare function requireAdmin(req: http.IncomingMessage, res: http.ServerResponse): Promise<{
-    user: UserRecord;
-    session: SessionRecord;
-} | null>;