npm - najm-auth - Versions diffs - 1.1.26 → 1.1.27 - Mend

najm-auth 1.1.26 → 1.1.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -684,7 +684,11 @@ declare class TokenRepository {
         token: string;
         tokenFamily: string;
         expiresAt: string;
+        previousHash?: string | null;
+        previousValidUntil?: string | null;
+        previousUsedAt?: string | null;
     }): Promise<any>;
+    markPreviousUsed(userId: string): Promise<any>;
     getRefreshTokenWithFamily(userId: string): Promise<any>;
     revokeToken(userId: string): Promise<any>;
     revokeByFamily(tokenFamily: string): Promise<any>;
@@ -718,14 +722,13 @@ declare class TokenService {
      */
     verifyAccessToken(token: string): Promise<JwtPayload>;
     verifyRefreshToken(token: string): string;
+    private static readonly PREVIOUS_GRACE_SECONDS;
     /**
      * Validate a refresh token as an active session:
      * 1. Verify JWT signature and type claim
-     * 2. Compare hash against stored token in DB
-     * 3. Reject revoked, rotated, or expired tokens
-     *
-     * Use this instead of bare verifyRefreshToken() when authenticating
-     * cookie-based sessions (SSR, /auth/me, middleware).
+     * 2. Compare hash against current stored token
+     * 3. If mismatch, check previous hash within short grace window
+     * 4. Reject anything older or outside the grace window
      */
     validateRefreshSession(refreshToken: string): Promise<{
         userId: string;
@@ -736,10 +739,8 @@ declare class TokenService {
     }>;
     /**
      * Read the refresh cookie and return the userId it belongs to.
-     * Lightweight check: verifies JWT signature and ensures the user
-     * has an active session in the DB. Does NOT compare token hashes,
-     * so it is safe to call concurrently with token rotation.
-     * Throws if the cookie is missing, invalid, or the session was revoked.
+     * Validates against current/previous token state with bounded recovery.
+     * Throws if the cookie is missing, invalid, or outside the grace window.
      */
     resolveUserFromCookie(): Promise<string>;
     getUser(auth: string): Promise<any>;

package/dist/index.js CHANGED Viewed

@@ -67,6 +67,9 @@ var tokensTable = pgTable("tokens", {
   userId: text("user_id").references(() => usersTable.id, { onDelete: "cascade" }).unique().notNull(),
   token: text("token").notNull(),
   tokenFamily: text("token_family"),
+  previousHash: text("previous_hash"),
+  previousValidUntil: timestamp("previous_valid_until", { mode: "string" }),
+  previousUsedAt: timestamp("previous_used_at", { mode: "string" }),
   type: tokenTypeEnum("type").default("refresh"),
   status: tokenStatusEnum("status").default("active"),
   expiresAt: timestamp("expires_at", { mode: "string" }).notNull()
@@ -129,6 +132,9 @@ var tokensTable2 = sqliteTable("tokens", {
   userId: text2("user_id").references(() => usersTable2.id, { onDelete: "cascade" }).unique().notNull(),
   token: text2("token").notNull(),
   tokenFamily: text2("token_family"),
+  previousHash: text2("previous_hash"),
+  previousValidUntil: text2("previous_valid_until"),
+  previousUsedAt: text2("previous_used_at"),
   type: text2("type").$type().default("refresh"),
   status: text2("status").$type().default("active"),
   expiresAt: text2("expires_at").notNull()
@@ -191,6 +197,9 @@ var tokensTable3 = mysqlTable("tokens", {
   userId: varchar("user_id", { length: 21 }).references(() => usersTable3.id, { onDelete: "cascade" }).unique().notNull(),
   token: varchar("token", { length: 500 }).notNull(),
   tokenFamily: varchar("token_family", { length: 16 }),
+  previousHash: varchar("previous_hash", { length: 500 }),
+  previousValidUntil: timestamp2("previous_valid_until", { mode: "string" }),
+  previousUsedAt: timestamp2("previous_used_at", { mode: "string" }),
   type: mysqlEnum("type", [...TOKEN_TYPE]).default("refresh"),
   status: mysqlEnum("status", [...TOKEN_STATUS]).default("active"),
   expiresAt: timestamp2("expires_at", { mode: "string" }).notNull()
@@ -1311,10 +1320,16 @@ var TokenRepository = class TokenRepository2 {
       set: {
         token: tokenData.token,
         tokenFamily: tokenData.tokenFamily,
-        expiresAt: tokenData.expiresAt
+        expiresAt: tokenData.expiresAt,
+        previousHash: tokenData.previousHash ?? null,
+        previousValidUntil: tokenData.previousValidUntil ?? null,
+        previousUsedAt: tokenData.previousUsedAt ?? null
       }
     }).returning();
   }
+  async markPreviousUsed(userId) {
+    return await this.db.update(this.tokens).set({ previousUsedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq4(this.tokens.userId, userId)).returning();
+  }
   async getRefreshTokenWithFamily(userId) {
     const [token] = await this.db.select().from(this.tokens).where(eq4(this.tokens.userId, userId));
     return token ?? null;
@@ -1373,6 +1388,7 @@ var __decorate10 = function(decorators, target, key, desc) {
 var __metadata10 = function(k, v) {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
+var TokenService_1;
 var _a6;
 var _b4;
 var _c2;
@@ -1380,6 +1396,9 @@ var TokenService = class TokenService2 {
   static {
     __name(this, "TokenService");
   }
+  static {
+    TokenService_1 = this;
+  }
   tokenRepository;
   cookieManager;
   cache;
@@ -1444,14 +1463,13 @@ var TokenService = class TokenService2 {
       Err5(this.t("errors.tokenVerificationFailed"));
     }
   }
+  static PREVIOUS_GRACE_SECONDS = 120;
   /**
    * Validate a refresh token as an active session:
    * 1. Verify JWT signature and type claim
-   * 2. Compare hash against stored token in DB
-   * 3. Reject revoked, rotated, or expired tokens
-   *
-   * Use this instead of bare verifyRefreshToken() when authenticating
-   * cookie-based sessions (SSR, /auth/me, middleware).
+   * 2. Compare hash against current stored token
+   * 3. If mismatch, check previous hash within short grace window
+   * 4. Reject anything older or outside the grace window
    */
   async validateRefreshSession(refreshToken) {
     const userId = this.verifyRefreshToken(refreshToken);
@@ -1459,22 +1477,25 @@ var TokenService = class TokenService2 {
     if (!stored) {
       Err5(this.t("errors.refreshTokenInvalid"));
     }
-    const isValid = this.hashToken(refreshToken) === stored.token;
-    if (!isValid) {
+    const presentedHash = this.hashToken(refreshToken);
+    if (presentedHash === stored.token) {
+      return { userId };
+    }
+    const canRecover = stored.previousHash && presentedHash === stored.previousHash && stored.previousValidUntil && new Date(stored.previousValidUntil).getTime() > Date.now() && !stored.previousUsedAt;
+    if (canRecover) {
+      await this.tokenRepository.markPreviousUsed(userId);
       const tokens = await this.generateTokens(userId, stored.tokenFamily ?? void 0);
       return {
         userId,
         rotatedTokens: { refreshToken: tokens.refreshToken, tokenFamily: stored.tokenFamily }
       };
     }
-    return { userId };
+    Err5(this.t("errors.refreshTokenInvalid"));
   }
   /**
    * Read the refresh cookie and return the userId it belongs to.
-   * Lightweight check: verifies JWT signature and ensures the user
-   * has an active session in the DB. Does NOT compare token hashes,
-   * so it is safe to call concurrently with token rotation.
-   * Throws if the cookie is missing, invalid, or the session was revoked.
+   * Validates against current/previous token state with bounded recovery.
+   * Throws if the cookie is missing, invalid, or outside the grace window.
    */
   async resolveUserFromCookie() {
     const refreshToken = this.cookieManager.getRefreshToken();
@@ -1486,7 +1507,15 @@ var TokenService = class TokenService2 {
     if (!stored) {
       Err5(this.t("errors.refreshTokenInvalid"));
     }
-    return userId;
+    const presentedHash = this.hashToken(refreshToken);
+    if (presentedHash === stored.token) {
+      return userId;
+    }
+    const canRecover = stored.previousHash && presentedHash === stored.previousHash && stored.previousValidUntil && new Date(stored.previousValidUntil).getTime() > Date.now() && !stored.previousUsedAt;
+    if (canRecover) {
+      return userId;
+    }
+    Err5(this.t("errors.refreshTokenInvalid"));
   }
   // ============ USER RETRIEVAL (MAIN METHOD) ============
   async getUser(auth2) {
@@ -1590,11 +1619,17 @@ var TokenService = class TokenService2 {
   async storeRefreshToken(userId, refreshToken, tokenFamily) {
     const expireInSecond = timestring2(this.config.jwt.refreshExpiresIn, "s");
     const hashedToken = this.hashToken(refreshToken);
+    const existing = await this.tokenRepository.getRefreshTokenWithFamily(userId);
+    const previousHash = existing?.token ?? null;
+    const previousValidUntil = previousHash ? new Date(Date.now() + TokenService_1.PREVIOUS_GRACE_SECONDS * 1e3).toISOString() : null;
     await this.tokenRepository.storeRefreshToken({
       userId,
       token: hashedToken,
       tokenFamily,
-      expiresAt: new Date(Date.now() + expireInSecond * 1e3).toISOString()
+      expiresAt: new Date(Date.now() + expireInSecond * 1e3).toISOString(),
+      previousHash,
+      previousValidUntil,
+      previousUsedAt: null
     });
   }
   /**
@@ -1611,7 +1646,16 @@ var TokenService = class TokenService2 {
     if (!stored) {
       Err5(this.t("errors.refreshTokenInvalid"));
     }
-    return this.generateTokens(userId, stored.tokenFamily ?? void 0);
+    const presentedHash = this.hashToken(refreshToken);
+    if (presentedHash === stored.token) {
+      return this.generateTokens(userId, stored.tokenFamily ?? void 0);
+    }
+    const canRecover = stored.previousHash && presentedHash === stored.previousHash && stored.previousValidUntil && new Date(stored.previousValidUntil).getTime() > Date.now() && !stored.previousUsedAt;
+    if (canRecover) {
+      await this.tokenRepository.markPreviousUsed(userId);
+      return this.generateTokens(userId, stored.tokenFamily ?? void 0);
+    }
+    Err5(this.t("errors.refreshTokenInvalid"));
   }
   async revokeToken(userId) {
     return this.tokenRepository.revokeToken(userId);
@@ -1693,7 +1737,7 @@ __decorate10([
   I18n3("auth"),
   __metadata10("design:type", Object)
 ], TokenService.prototype, "t", void 0);
-TokenService = __decorate10([
+TokenService = TokenService_1 = __decorate10([
   Injectable6(),
   __metadata10("design:paramtypes", [typeof (_a6 = typeof TokenRepository !== "undefined" && TokenRepository) === "function" ? _a6 : Object, typeof (_b4 = typeof CookieManager !== "undefined" && CookieManager) === "function" ? _b4 : Object, typeof (_c2 = typeof CacheService !== "undefined" && CacheService) === "function" ? _c2 : Object])
 ], TokenService);

package/dist/schema/mysql.d.ts CHANGED Viewed

@@ -519,6 +519,57 @@ declare const tokensTable: drizzle_orm_mysql_core.MySqlTableWithColumns<{
             identity: undefined;
             generated: undefined;
         }, {}, {}>;
+        previousHash: drizzle_orm_mysql_core.MySqlColumn<{
+            name: "previous_hash";
+            tableName: "tokens";
+            dataType: "string";
+            columnType: "MySqlVarChar";
+            data: string;
+            driverParam: string | number;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        previousValidUntil: drizzle_orm_mysql_core.MySqlColumn<{
+            name: "previous_valid_until";
+            tableName: "tokens";
+            dataType: "string";
+            columnType: "MySqlTimestampString";
+            data: string;
+            driverParam: string | number;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        previousUsedAt: drizzle_orm_mysql_core.MySqlColumn<{
+            name: "previous_used_at";
+            tableName: "tokens";
+            dataType: "string";
+            columnType: "MySqlTimestampString";
+            data: string;
+            driverParam: string | number;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
         type: drizzle_orm_mysql_core.MySqlColumn<{
             name: "type";
             tableName: "tokens";
@@ -969,6 +1020,57 @@ declare const authSchema: {
                 identity: undefined;
                 generated: undefined;
             }, {}, {}>;
+            previousHash: drizzle_orm_mysql_core.MySqlColumn<{
+                name: "previous_hash";
+                tableName: "tokens";
+                dataType: "string";
+                columnType: "MySqlVarChar";
+                data: string;
+                driverParam: string | number;
+                notNull: false;
+                hasDefault: false;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: [string, ...string[]];
+                baseColumn: never;
+                identity: undefined;
+                generated: undefined;
+            }, {}, {}>;
+            previousValidUntil: drizzle_orm_mysql_core.MySqlColumn<{
+                name: "previous_valid_until";
+                tableName: "tokens";
+                dataType: "string";
+                columnType: "MySqlTimestampString";
+                data: string;
+                driverParam: string | number;
+                notNull: false;
+                hasDefault: false;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: undefined;
+                baseColumn: never;
+                identity: undefined;
+                generated: undefined;
+            }, {}, {}>;
+            previousUsedAt: drizzle_orm_mysql_core.MySqlColumn<{
+                name: "previous_used_at";
+                tableName: "tokens";
+                dataType: "string";
+                columnType: "MySqlTimestampString";
+                data: string;
+                driverParam: string | number;
+                notNull: false;
+                hasDefault: false;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: undefined;
+                baseColumn: never;
+                identity: undefined;
+                generated: undefined;
+            }, {}, {}>;
             type: drizzle_orm_mysql_core.MySqlColumn<{
                 name: "type";
                 tableName: "tokens";

package/dist/schema/mysql.js CHANGED Viewed

@@ -49,6 +49,9 @@ var tokensTable = mysqlTable("tokens", {
   userId: varchar("user_id", { length: 21 }).references(() => usersTable.id, { onDelete: "cascade" }).unique().notNull(),
   token: varchar("token", { length: 500 }).notNull(),
   tokenFamily: varchar("token_family", { length: 16 }),
+  previousHash: varchar("previous_hash", { length: 500 }),
+  previousValidUntil: timestamp("previous_valid_until", { mode: "string" }),
+  previousUsedAt: timestamp("previous_used_at", { mode: "string" }),
   type: mysqlEnum("type", [...TOKEN_TYPE]).default("refresh"),
   status: mysqlEnum("status", [...TOKEN_STATUS]).default("active"),
   expiresAt: timestamp("expires_at", { mode: "string" }).notNull()

package/dist/schema/pg.d.ts CHANGED Viewed

@@ -522,6 +522,57 @@ declare const tokensTable: drizzle_orm_pg_core.PgTableWithColumns<{
             identity: undefined;
             generated: undefined;
         }, {}, {}>;
+        previousHash: drizzle_orm_pg_core.PgColumn<{
+            name: "previous_hash";
+            tableName: "tokens";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        previousValidUntil: drizzle_orm_pg_core.PgColumn<{
+            name: "previous_valid_until";
+            tableName: "tokens";
+            dataType: "string";
+            columnType: "PgTimestampString";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        previousUsedAt: drizzle_orm_pg_core.PgColumn<{
+            name: "previous_used_at";
+            tableName: "tokens";
+            dataType: "string";
+            columnType: "PgTimestampString";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
         type: drizzle_orm_pg_core.PgColumn<{
             name: "type";
             tableName: "tokens";
@@ -972,6 +1023,57 @@ declare const authSchema: {
                 identity: undefined;
                 generated: undefined;
             }, {}, {}>;
+            previousHash: drizzle_orm_pg_core.PgColumn<{
+                name: "previous_hash";
+                tableName: "tokens";
+                dataType: "string";
+                columnType: "PgText";
+                data: string;
+                driverParam: string;
+                notNull: false;
+                hasDefault: false;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: [string, ...string[]];
+                baseColumn: never;
+                identity: undefined;
+                generated: undefined;
+            }, {}, {}>;
+            previousValidUntil: drizzle_orm_pg_core.PgColumn<{
+                name: "previous_valid_until";
+                tableName: "tokens";
+                dataType: "string";
+                columnType: "PgTimestampString";
+                data: string;
+                driverParam: string;
+                notNull: false;
+                hasDefault: false;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: undefined;
+                baseColumn: never;
+                identity: undefined;
+                generated: undefined;
+            }, {}, {}>;
+            previousUsedAt: drizzle_orm_pg_core.PgColumn<{
+                name: "previous_used_at";
+                tableName: "tokens";
+                dataType: "string";
+                columnType: "PgTimestampString";
+                data: string;
+                driverParam: string;
+                notNull: false;
+                hasDefault: false;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: undefined;
+                baseColumn: never;
+                identity: undefined;
+                generated: undefined;
+            }, {}, {}>;
             type: drizzle_orm_pg_core.PgColumn<{
                 name: "type";
                 tableName: "tokens";

package/dist/schema/pg.js CHANGED Viewed

@@ -52,6 +52,9 @@ var tokensTable = pgTable("tokens", {
   userId: text("user_id").references(() => usersTable.id, { onDelete: "cascade" }).unique().notNull(),
   token: text("token").notNull(),
   tokenFamily: text("token_family"),
+  previousHash: text("previous_hash"),
+  previousValidUntil: timestamp("previous_valid_until", { mode: "string" }),
+  previousUsedAt: timestamp("previous_used_at", { mode: "string" }),
   type: tokenTypeEnum("type").default("refresh"),
   status: tokenStatusEnum("status").default("active"),
   expiresAt: timestamp("expires_at", { mode: "string" }).notNull()

package/dist/schema/sqlite.d.ts CHANGED Viewed

@@ -572,6 +572,63 @@ declare const tokensTable: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
         }, {}, {
             length: number;
         }>;
+        previousHash: drizzle_orm_sqlite_core.SQLiteColumn<{
+            name: "previous_hash";
+            tableName: "tokens";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number;
+        }>;
+        previousValidUntil: drizzle_orm_sqlite_core.SQLiteColumn<{
+            name: "previous_valid_until";
+            tableName: "tokens";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number;
+        }>;
+        previousUsedAt: drizzle_orm_sqlite_core.SQLiteColumn<{
+            name: "previous_used_at";
+            tableName: "tokens";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number;
+        }>;
         type: drizzle_orm_sqlite_core.SQLiteColumn<{
             name: "type";
             tableName: "tokens";
@@ -1109,6 +1166,63 @@ declare const authSchema: {
             }, {}, {
                 length: number;
             }>;
+            previousHash: drizzle_orm_sqlite_core.SQLiteColumn<{
+                name: "previous_hash";
+                tableName: "tokens";
+                dataType: "string";
+                columnType: "SQLiteText";
+                data: string;
+                driverParam: string;
+                notNull: false;
+                hasDefault: false;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: [string, ...string[]];
+                baseColumn: never;
+                identity: undefined;
+                generated: undefined;
+            }, {}, {
+                length: number;
+            }>;
+            previousValidUntil: drizzle_orm_sqlite_core.SQLiteColumn<{
+                name: "previous_valid_until";
+                tableName: "tokens";
+                dataType: "string";
+                columnType: "SQLiteText";
+                data: string;
+                driverParam: string;
+                notNull: false;
+                hasDefault: false;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: [string, ...string[]];
+                baseColumn: never;
+                identity: undefined;
+                generated: undefined;
+            }, {}, {
+                length: number;
+            }>;
+            previousUsedAt: drizzle_orm_sqlite_core.SQLiteColumn<{
+                name: "previous_used_at";
+                tableName: "tokens";
+                dataType: "string";
+                columnType: "SQLiteText";
+                data: string;
+                driverParam: string;
+                notNull: false;
+                hasDefault: false;
+                isPrimaryKey: false;
+                isAutoincrement: false;
+                hasRuntimeDefault: false;
+                enumValues: [string, ...string[]];
+                baseColumn: never;
+                identity: undefined;
+                generated: undefined;
+            }, {}, {
+                length: number;
+            }>;
             type: drizzle_orm_sqlite_core.SQLiteColumn<{
                 name: "type";
                 tableName: "tokens";

package/dist/schema/sqlite.js CHANGED Viewed

@@ -42,6 +42,9 @@ var tokensTable = sqliteTable("tokens", {
   userId: text("user_id").references(() => usersTable.id, { onDelete: "cascade" }).unique().notNull(),
   token: text("token").notNull(),
   tokenFamily: text("token_family"),
+  previousHash: text("previous_hash"),
+  previousValidUntil: text("previous_valid_until"),
+  previousUsedAt: text("previous_used_at"),
   type: text("type").$type().default("refresh"),
   status: text("status").$type().default("active"),
   expiresAt: text("expires_at").notNull()

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "najm-auth",
-  "version": "1.1.26",
+  "version": "1.1.27",
   "description": "Authentication and authorization library for najm framework",
   "type": "module",
   "files": [