my-crud-lib 2.0.0 → 2.1.0

package/CHANGELOG.md

@@ -0,0 +1,45 @@
+# Changelog
+
+All notable changes to `my-crud-lib` are documented here.
+
+This project follows semantic versioning. Breaking changes are called out explicitly and should be reviewed before upgrading.
+
+## 2.1.0 - Unreleased
+
+### Added
+
+- Added a repeatable changelog and release-note workflow.
+- Added a v2 migration guide for applications upgrading from the pre-v2 API shape.
+- Added `prisma.config.ts` so Prisma CLI configuration no longer relies on the deprecated `package.json#prisma` field.
+- Added self-hosted GitHub Actions runner documentation and configured CI to target the `local-ci` runner label.
+- Added optional persistent refresh token rotation/revocation ports and Prisma adapter.
+- Added optional password reset request/confirm service methods, routes, hooks, token repository port, and Prisma adapter.
+- Added optional email verification request/confirm service methods, routes, hooks, token repository port, and Prisma adapter.
+- Added provider-agnostic OAuth account linking service methods, port, and Prisma adapter.
+
+### Changed
+
+- Bumped the package version to `2.1.0`.
+- Expanded the starter Prisma schema with optional auth extension storage models.
+
+## 2.0.0 - 2026-05-14
+
+### Breaking Changes
+
+- Auth routes are now dependency-injected. `createAuthRouter()` requires a `userRepo` dependency instead of constructing Prisma access internally.
+- `createLibrary()` now receives application dependencies separately from route configuration.
+- Self-registration creates `USER` accounts by default. Applications must create `ADMIN` users intentionally through their own seed or admin workflow.
+- Public imports were consolidated around documented package entry points: `my-crud-lib`, `my-crud-lib/auth`, `my-crud-lib/user`, `my-crud-lib/schemas`, `my-crud-lib/middleware`, `my-crud-lib/adapter-prisma`, and `my-crud-lib/adapters/prisma`.
+
+### Added
+
+- Added public Express router factories for auth and user/profile CRUD.
+- Added `UserRepo` as the core persistence port.
+- Added Prisma adapter exports.
+- Added smoke tests for public package exports, auth safety defaults, and adapter-driven auth service behavior.
+
+### Changed
+
+- Prisma is optional for consumers that provide a custom repository adapter.
+- Auth behavior now strips `passwordHash` from service responses.
+- JWT configuration validates `JWT_SECRET` before signing or verifying tokens.

package/README.md

@@ -9,10 +9,15 @@ The package currently provides:
 
 - Express routers for auth and user CRUD.
 - JWT access and refresh token helpers.
+- Optional persistent refresh token rotation and revocation.
+- Optional password reset and email verification hooks.
+- Provider-agnostic OAuth account linking extension points.
 - Zod schemas for request validation.
 - A `UserRepo` port plus a Prisma adapter.
 - Convenience setup helpers for small Express APIs.
 
+For advanced auth flows, see [docs/auth-extensions.md](docs/auth-extensions.md). For v1 to v2 upgrades, see [docs/migration-v2.md](docs/migration-v2.md). Release history and breaking changes are tracked in [CHANGELOG.md](CHANGELOG.md).
+
 ## Installation
 
 ```bash
@@ -72,6 +77,11 @@ With the `/api` prefix, the mounted routes include:
 - `POST /api/auth/register`
 - `POST /api/auth/login`
 - `POST /api/auth/refresh`
+- `POST /api/auth/logout`
+- `POST /api/auth/password-reset/request`
+- `POST /api/auth/password-reset/confirm`
+- `POST /api/auth/email-verification/request`
+- `POST /api/auth/email-verification/confirm`
 - `GET /api/auth/me`
 - `GET /api/users`
 - `GET /api/users/me`
@@ -206,7 +216,13 @@ export interface UserRepo {
 The Prisma adapter is available from both import paths:
 
 ```ts
-import { makePrismaUserRepo } from "my-crud-lib/adapter-prisma";
+import {
+  makePrismaEmailVerificationTokenRepo,
+  makePrismaOAuthAccountRepo,
+  makePrismaPasswordResetTokenRepo,
+  makePrismaRefreshTokenRepo,
+  makePrismaUserRepo,
+} from "my-crud-lib/adapter-prisma";
 // or
 import { makePrismaUserRepo } from "my-crud-lib/adapters/prisma";
 ```
@@ -219,10 +235,34 @@ import { createAuthRouter } from "my-crud-lib/auth";
 app.use("/auth", createAuthRouter({ userRepo }));
 ```
 
+Optional auth extensions use additional ports:
+
+```ts
+app.use(
+  "/auth",
+  createAuthRouter({
+    userRepo,
+    refreshTokenRepo,
+    passwordResetTokenRepo,
+    emailVerificationTokenRepo,
+    oauthAccountRepo,
+    async sendPasswordReset({ user, token }) {
+      await emailProvider.sendPasswordReset(user.email, token);
+    },
+    async sendEmailVerification({ user, token }) {
+      await emailProvider.sendVerification(user.email, token);
+    },
+  })
+);
+```
+
+These dependencies are optional. Without them, the existing stateless refresh-token flow remains available and password reset, email verification, and OAuth methods report that they are not configured.
+
 ## Build Checks
 
 ```bash
 npm run build
+npm test
 npm run smoke:exports
 npm run smoke:auth-hardening
 npm run smoke:auth-service

package/RELEASE.md

@@ -5,7 +5,10 @@ Use this checklist before publishing `my-crud-lib` to npm.
 ## Preflight
 
 - Confirm `package.json` version is the intended release version.
+- Add an entry to `CHANGELOG.md` under the target version.
+- Move `CHANGELOG.md` entries from `Unreleased` to the release date before publishing.
 - Confirm `README.md` examples match tested public imports.
+- Confirm migration notes are linked when the release contains breaking changes.
 - Confirm `LICENSE`, `README.md`, `examples`, `dist`, and `prisma/schema.prisma` are included in the package.
 - Review open issues for release blockers.
 
@@ -28,5 +31,6 @@ npm publish --access public
 ## After Publish
 
 - Create a GitHub release or tag for the published version.
+- Use `CHANGELOG.md` as the release body, and include migration links for breaking releases.
 - Confirm the npm page shows repository, license, README, examples, and keywords.
 - Smoke test installation in a fresh temporary project.

package/dist/adapter-prisma.d.ts

@@ -1 +1 @@
-export { makePrismaUserRepo } from './adapters/prisma.js';
+export { makePrismaEmailVerificationTokenRepo, makePrismaOAuthAccountRepo, makePrismaPasswordResetTokenRepo, makePrismaRefreshTokenRepo, makePrismaUserRepo, } from './adapters/prisma.js';

package/dist/adapter-prisma.js

@@ -1 +1 @@
-export { makePrismaUserRepo } from './adapters/prisma.js';
+export { makePrismaEmailVerificationTokenRepo, makePrismaOAuthAccountRepo, makePrismaPasswordResetTokenRepo, makePrismaRefreshTokenRepo, makePrismaUserRepo, } from './adapters/prisma.js';

package/dist/adapters/prisma.d.ts

@@ -1,3 +1,8 @@
 import type { PrismaClient } from '@prisma/client';
 import type { UserRepo } from '../core/ports/user.repo.js';
+import type { EmailVerificationTokenRepo, OAuthAccountRepo, PasswordResetTokenRepo, RefreshTokenRepo } from '../modules/auth/auth.types.js';
 export declare function makePrismaUserRepo(prisma: PrismaClient): UserRepo;
+export declare function makePrismaRefreshTokenRepo(prisma: PrismaClient): RefreshTokenRepo;
+export declare function makePrismaPasswordResetTokenRepo(prisma: PrismaClient): PasswordResetTokenRepo;
+export declare function makePrismaEmailVerificationTokenRepo(prisma: PrismaClient): EmailVerificationTokenRepo;
+export declare function makePrismaOAuthAccountRepo(prisma: PrismaClient): OAuthAccountRepo;

package/dist/adapters/prisma.js

@@ -1,3 +1,4 @@
+const dateOrNow = (value) => value ?? new Date();
 export function makePrismaUserRepo(prisma) {
     return {
         async count({ role, search }) {
@@ -128,5 +129,129 @@ export function makePrismaUserRepo(prisma) {
                 },
             });
         },
+        async updatePassword(id, passwordHash) {
+            return prisma.user.update({
+                where: { id: id },
+                data: { passwordHash },
+                select: {
+                    id: true,
+                    email: true,
+                    name: true,
+                    role: true,
+                    createdAt: true,
+                    updatedAt: true,
+                    profile: { select: { bio: true, avatarUrl: true } },
+                },
+            });
+        },
+        async markEmailVerified(id, verifiedAt = new Date()) {
+            return prisma.user.update({
+                where: { id: id },
+                data: { emailVerifiedAt: verifiedAt },
+                select: {
+                    id: true,
+                    email: true,
+                    name: true,
+                    role: true,
+                    emailVerifiedAt: true,
+                    createdAt: true,
+                    updatedAt: true,
+                    profile: { select: { bio: true, avatarUrl: true } },
+                },
+            });
+        },
+    };
+}
+export function makePrismaRefreshTokenRepo(prisma) {
+    return {
+        create(input) {
+            return prisma.refreshToken.create({ data: input });
+        },
+        findById(id) {
+            return prisma.refreshToken.findUnique({ where: { id } });
+        },
+        async revoke(id, input = {}) {
+            await prisma.refreshToken.update({
+                where: { id },
+                data: {
+                    revokedAt: dateOrNow(input.revokedAt),
+                    replacedByTokenId: input.replacedByTokenId ?? undefined,
+                },
+            });
+        },
+        async revokeFamily(familyId, input = {}) {
+            await prisma.refreshToken.updateMany({
+                where: { familyId, revokedAt: null },
+                data: { revokedAt: dateOrNow(input.revokedAt) },
+            });
+        },
+    };
+}
+export function makePrismaPasswordResetTokenRepo(prisma) {
+    return {
+        create(input) {
+            return prisma.passwordResetToken.create({ data: input });
+        },
+        findById(id) {
+            return prisma.passwordResetToken.findUnique({ where: { id } });
+        },
+        async markUsed(id, input = {}) {
+            await prisma.passwordResetToken.update({
+                where: { id },
+                data: { usedAt: dateOrNow(input.usedAt) },
+            });
+        },
+        async revoke(id, input = {}) {
+            await prisma.passwordResetToken.update({
+                where: { id },
+                data: { revokedAt: dateOrNow(input.revokedAt) },
+            });
+        },
+    };
+}
+export function makePrismaEmailVerificationTokenRepo(prisma) {
+    return {
+        create(input) {
+            return prisma.emailVerificationToken.create({ data: input });
+        },
+        findById(id) {
+            return prisma.emailVerificationToken.findUnique({ where: { id } });
+        },
+        async markUsed(id, input = {}) {
+            await prisma.emailVerificationToken.update({
+                where: { id },
+                data: { usedAt: dateOrNow(input.usedAt) },
+            });
+        },
+        async revoke(id, input = {}) {
+            await prisma.emailVerificationToken.update({
+                where: { id },
+                data: { revokedAt: dateOrNow(input.revokedAt) },
+            });
+        },
+    };
+}
+export function makePrismaOAuthAccountRepo(prisma) {
+    return {
+        findByProviderAccount(provider, providerAccountId) {
+            return prisma.oauthAccount.findUnique({
+                where: { provider_providerAccountId: { provider, providerAccountId } },
+            });
+        },
+        findByUserAndProvider(userId, provider) {
+            return prisma.oauthAccount.findFirst({
+                where: { userId: userId, provider },
+            });
+        },
+        create(input) {
+            return prisma.oauthAccount.create({
+                data: {
+                    provider: input.provider,
+                    providerAccountId: input.providerAccountId,
+                    userId: input.userId,
+                    email: input.email ?? null,
+                },
+            });
+        },
     };
 }

package/dist/auth.d.ts

@@ -1,6 +1,6 @@
 export { createAuthRouter } from './modules/auth/auth.controller.js';
 export { DEFAULT_REGISTER_ROLE, resolveRegisterRole } from './modules/auth/auth.defaults.js';
 export { makeAuthService } from './modules/auth/auth.service.js';
-export { loginSchema, registerSchema } from './modules/auth/auth.schemas.js';
-export type { AuthResult, AuthServiceDeps, AuthTokens, AuthUser, AuthUserRepo } from './modules/auth/auth.types.js';
-export type { LoginInput, RegisterInput } from './modules/auth/auth.schemas.js';
+export { emailVerificationConfirmSchema, emailVerificationRequestSchema, loginSchema, passwordResetConfirmSchema, passwordResetRequestSchema, registerSchema, } from './modules/auth/auth.schemas.js';
+export type { AuthResult, AuthServiceDeps, AuthTokens, AuthUser, AuthUserRepo, EmailVerificationConfirmInput, EmailVerificationRequestInput, EmailVerificationTokenRecord, EmailVerificationTokenRepo, OAuthAccount, OAuthAccountRepo, OAuthProviderProfile, PasswordResetConfirmInput, PasswordResetRequestInput, PasswordResetTokenRecord, PasswordResetTokenRepo, RefreshTokenRecord, RefreshTokenRepo, } from './modules/auth/auth.types.js';
+export type { EmailVerificationConfirmInput as EmailVerificationConfirmSchemaInput, EmailVerificationRequestInput as EmailVerificationRequestSchemaInput, LoginInput, PasswordResetConfirmInput as PasswordResetConfirmSchemaInput, PasswordResetRequestInput as PasswordResetRequestSchemaInput, RegisterInput, } from './modules/auth/auth.schemas.js';

package/dist/auth.js

@@ -1,4 +1,4 @@
 export { createAuthRouter } from './modules/auth/auth.controller.js';
 export { DEFAULT_REGISTER_ROLE, resolveRegisterRole } from './modules/auth/auth.defaults.js';
 export { makeAuthService } from './modules/auth/auth.service.js';
-export { loginSchema, registerSchema } from './modules/auth/auth.schemas.js';
+export { emailVerificationConfirmSchema, emailVerificationRequestSchema, loginSchema, passwordResetConfirmSchema, passwordResetRequestSchema, registerSchema, } from './modules/auth/auth.schemas.js';

package/dist/core/ports/user.repo.d.ts

@@ -31,4 +31,6 @@ export interface UserRepo {
         bio?: string | null;
         avatarUrl?: string | null;
     }): Promise<UserListItem>;
+    updatePassword?(id: number | string, passwordHash: string): Promise<UserListItem | void>;
+    markEmailVerified?(id: number | string, verifiedAt?: Date): Promise<UserListItem | void>;
 }

package/dist/index.d.ts

@@ -5,12 +5,12 @@ export { createUserRouter } from './modules/user/user.controller.js';
 export { createAuthRouter } from './modules/auth/auth.controller.js';
 export { DEFAULT_REGISTER_ROLE, resolveRegisterRole } from './modules/auth/auth.defaults.js';
 export { makeAuthService } from './modules/auth/auth.service.js';
-export { registerSchema, loginSchema } from './modules/auth/auth.schemas.js';
-export type { AuthResult, AuthServiceDeps, AuthTokens, AuthUser, AuthUserRepo } from './modules/auth/auth.types.js';
+export { emailVerificationConfirmSchema, emailVerificationRequestSchema, loginSchema, passwordResetConfirmSchema, passwordResetRequestSchema, registerSchema, } from './modules/auth/auth.schemas.js';
+export type { AuthResult, AuthServiceDeps, AuthTokens, AuthUser, AuthUserRepo, EmailVerificationConfirmInput, EmailVerificationRequestInput, EmailVerificationTokenRecord, EmailVerificationTokenRepo, OAuthAccount, OAuthAccountRepo, OAuthProviderProfile, PasswordResetConfirmInput, PasswordResetRequestInput, PasswordResetTokenRecord, PasswordResetTokenRepo, RefreshTokenRecord, RefreshTokenRepo, } from './modules/auth/auth.types.js';
 export { SortEnum, adminCreateUserSchema, adminUpdateUserSchema, listUsersQuerySchema, updateMeSchema, } from './modules/user/user.schemas.js';
 export { isAuth, type AuthRequest } from './middleware/isAuth.js';
 export { hasRole, isSelfOrAdmin } from './middleware/hasRole.js';
-export { makePrismaUserRepo } from './adapters/prisma.js';
+export { makePrismaEmailVerificationTokenRepo, makePrismaOAuthAccountRepo, makePrismaPasswordResetTokenRepo, makePrismaRefreshTokenRepo, makePrismaUserRepo, } from './adapters/prisma.js';
 import type { UserRepo } from './core/ports/user.repo.js';
 import type { AuthServiceDeps } from './modules/auth/auth.types.js';
 export type LibraryConfig = {

package/dist/index.js

@@ -5,11 +5,11 @@ export { createUserRouter } from './modules/user/user.controller.js';
 export { createAuthRouter } from './modules/auth/auth.controller.js';
 export { DEFAULT_REGISTER_ROLE, resolveRegisterRole } from './modules/auth/auth.defaults.js';
 export { makeAuthService } from './modules/auth/auth.service.js';
-export { registerSchema, loginSchema } from './modules/auth/auth.schemas.js';
+export { emailVerificationConfirmSchema, emailVerificationRequestSchema, loginSchema, passwordResetConfirmSchema, passwordResetRequestSchema, registerSchema, } from './modules/auth/auth.schemas.js';
 export { SortEnum, adminCreateUserSchema, adminUpdateUserSchema, listUsersQuerySchema, updateMeSchema, } from './modules/user/user.schemas.js';
 export { isAuth } from './middleware/isAuth.js';
 export { hasRole, isSelfOrAdmin } from './middleware/hasRole.js';
-export { makePrismaUserRepo } from './adapters/prisma.js';
+export { makePrismaEmailVerificationTokenRepo, makePrismaOAuthAccountRepo, makePrismaPasswordResetTokenRepo, makePrismaRefreshTokenRepo, makePrismaUserRepo, } from './adapters/prisma.js';
 import { createAuthRouter } from './modules/auth/auth.controller.js';
 import { createUserRouter } from './modules/user/user.controller.js';
 function normalizePrefix(prefix) {

package/dist/modules/auth/auth.controller.js

@@ -1,6 +1,6 @@
 import { Router } from 'express';
 import { isAuth } from '../../middleware/isAuth.js';
-import { loginSchema, registerSchema } from './auth.schemas.js';
+import { emailVerificationConfirmSchema, emailVerificationRequestSchema, loginSchema, passwordResetConfirmSchema, passwordResetRequestSchema, registerSchema, } from './auth.schemas.js';
 import { makeAuthService } from './auth.service.js';
 export function createAuthRouter(deps) {
     const router = Router();
@@ -45,6 +45,78 @@ export function createAuthRouter(deps) {
             return res.status(401).json({ error: 'Invalid or expired refresh token' });
         }
     });
+    router.post('/logout', async (req, res) => {
+        try {
+            const { refreshToken } = req.body;
+            if (!refreshToken)
+                return res.status(400).json({ error: 'Missing refreshToken' });
+            await service.revokeRefreshToken(refreshToken);
+            return res.status(204).send();
+        }
+        catch {
+            return res.status(401).json({ error: 'Invalid or expired refresh token' });
+        }
+    });
+    router.post('/password-reset/request', async (req, res) => {
+        try {
+            const data = passwordResetRequestSchema.parse(req.body);
+            await service.requestPasswordReset(data);
+            return res.status(202).json({ ok: true });
+        }
+        catch (err) {
+            if (err?.message === 'PASSWORD_RESET_UNSUPPORTED')
+                return res.status(501).json({ error: 'Password reset is not configured' });
+            if (err?.issues)
+                return res.status(400).json({ error: 'ValidationError', details: err.issues });
+            return res.status(500).json({ error: 'InternalError' });
+        }
+    });
+    router.post('/password-reset/confirm', async (req, res) => {
+        try {
+            const data = passwordResetConfirmSchema.parse(req.body);
+            await service.confirmPasswordReset(data);
+            return res.json({ ok: true });
+        }
+        catch (err) {
+            if (err?.message === 'PASSWORD_RESET_UNSUPPORTED')
+                return res.status(501).json({ error: 'Password reset is not configured' });
+            if (err?.message === 'INVALID_PASSWORD_RESET_TOKEN')
+                return res.status(400).json({ error: 'Invalid or expired password reset token' });
+            if (err?.issues)
+                return res.status(400).json({ error: 'ValidationError', details: err.issues });
+            return res.status(500).json({ error: 'InternalError' });
+        }
+    });
+    router.post('/email-verification/request', async (req, res) => {
+        try {
+            const data = emailVerificationRequestSchema.parse(req.body);
+            await service.requestEmailVerification(data);
+            return res.status(202).json({ ok: true });
+        }
+        catch (err) {
+            if (err?.message === 'EMAIL_VERIFICATION_UNSUPPORTED')
+                return res.status(501).json({ error: 'Email verification is not configured' });
+            if (err?.issues)
+                return res.status(400).json({ error: 'ValidationError', details: err.issues });
+            return res.status(500).json({ error: 'InternalError' });
+        }
+    });
+    router.post('/email-verification/confirm', async (req, res) => {
+        try {
+            const data = emailVerificationConfirmSchema.parse(req.body);
+            const result = await service.confirmEmailVerification(data);
+            return res.json(result);
+        }
+        catch (err) {
+            if (err?.message === 'EMAIL_VERIFICATION_UNSUPPORTED')
+                return res.status(501).json({ error: 'Email verification is not configured' });
+            if (err?.message === 'INVALID_EMAIL_VERIFICATION_TOKEN')
+                return res.status(400).json({ error: 'Invalid or expired email verification token' });
+            if (err?.issues)
+                return res.status(400).json({ error: 'ValidationError', details: err.issues });
+            return res.status(500).json({ error: 'InternalError' });
+        }
+    });
     router.get('/me', isAuth, async (req, res) => {
         const userId = req.user.id;
         const me = await service.getMe(userId);

package/dist/modules/auth/auth.schemas.d.ts

@@ -22,5 +22,40 @@ export declare const loginSchema: z.ZodObject<{
     email: string;
     password: string;
 }>;
+export declare const passwordResetRequestSchema: z.ZodObject<{
+    email: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+}, {
+    email: string;
+}>;
+export declare const passwordResetConfirmSchema: z.ZodObject<{
+    token: z.ZodString;
+    password: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    password: string;
+    token: string;
+}, {
+    password: string;
+    token: string;
+}>;
+export declare const emailVerificationRequestSchema: z.ZodObject<{
+    email: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+}, {
+    email: string;
+}>;
+export declare const emailVerificationConfirmSchema: z.ZodObject<{
+    token: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    token: string;
+}, {
+    token: string;
+}>;
 export type RegisterInput = z.infer<typeof registerSchema>;
 export type LoginInput = z.infer<typeof loginSchema>;
+export type PasswordResetRequestInput = z.infer<typeof passwordResetRequestSchema>;
+export type PasswordResetConfirmInput = z.infer<typeof passwordResetConfirmSchema>;
+export type EmailVerificationRequestInput = z.infer<typeof emailVerificationRequestSchema>;
+export type EmailVerificationConfirmInput = z.infer<typeof emailVerificationConfirmSchema>;

package/dist/modules/auth/auth.schemas.js

@@ -8,3 +8,16 @@ export const loginSchema = z.object({
     email: z.string().email(),
     password: z.string().min(8),
 });
+export const passwordResetRequestSchema = z.object({
+    email: z.string().email(),
+});
+export const passwordResetConfirmSchema = z.object({
+    token: z.string().min(16),
+    password: z.string().min(8),
+});
+export const emailVerificationRequestSchema = z.object({
+    email: z.string().email(),
+});
+export const emailVerificationConfirmSchema = z.object({
+    token: z.string().min(16),
+});

package/dist/modules/auth/auth.service.d.ts

@@ -1,8 +1,26 @@
 import type { LoginInput, RegisterInput } from './auth.schemas.js';
-import type { AuthResult, AuthServiceDeps, AuthTokens, AuthUser } from './auth.types.js';
+import type { AuthResult, AuthServiceDeps, AuthTokens, AuthUser, EmailVerificationConfirmInput, EmailVerificationRequestInput, OAuthProviderProfile, PasswordResetConfirmInput, PasswordResetRequestInput } from './auth.types.js';
 export declare function makeAuthService(deps: AuthServiceDeps): {
     registerUser(params: RegisterInput): Promise<AuthResult>;
     loginUser(params: LoginInput): Promise<AuthResult>;
     refreshSession(refreshToken: string): Promise<AuthTokens>;
+    revokeRefreshToken(refreshToken: string): Promise<{
+        ok: true;
+    }>;
     getMe(userId: number | string): Promise<AuthUser | null>;
+    requestPasswordReset: (params: PasswordResetRequestInput) => Promise<{
+        ok: true;
+    }>;
+    confirmPasswordReset: (params: PasswordResetConfirmInput) => Promise<{
+        ok: true;
+    }>;
+    requestEmailVerification: (params: EmailVerificationRequestInput) => Promise<{
+        ok: true;
+    }>;
+    confirmEmailVerification: (params: EmailVerificationConfirmInput) => Promise<{
+        ok: true;
+        user: AuthUser;
+    }>;
+    signInWithOAuthProfile: (profile: OAuthProviderProfile) => Promise<AuthResult>;
+    loginWithOAuthProfile: (profile: OAuthProviderProfile) => Promise<AuthResult>;
 };