npm - or3-provider-basic-auth - Versions diffs - 0.0.1 - Mend

or3-provider-basic-auth 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (73) hide show

package/dist/runtime/components/BasicAuthUserMenu.client.vue ADDED Viewed

@@ -0,0 +1,106 @@
+<template>
+  <UPopover
+    v-model:open="isOpen"
+    portal
+    :content="{ side: 'right', align: 'end', sideOffset: 10 }"
+    :ui="{ content: 'z-[260] max-w-[240px] p-0 border-none bg-transparent shadow-none' }"
+  >
+    <UButton
+      v-bind="triggerButtonProps"
+      type="button"
+      aria-label="Account menu"
+    >
+      <template #default>
+        <span class="flex flex-col items-center gap-1 w-full">
+          <UIcon name="i-lucide-user-check" class="h-[18px] w-[18px]" />
+          <span class="text-[7px] uppercase tracking-wider whitespace-nowrap">
+            Account
+          </span>
+        </span>
+      </template>
+    </UButton>
+    <template #content>
+      <div
+        class="w-[220px] rounded-[var(--md-border-radius)] border-[length:var(--md-border-width)] border-[color:var(--md-border-color)] bg-[var(--md-surface)] overflow-hidden theme-shadow"
+      >
+        <!-- User identity section -->
+        <div class="px-4 pt-4 pb-3">
+          <div class="flex items-center gap-3">
+            <div class="flex items-center justify-center w-8 h-8 rounded-full bg-[var(--md-success)]/15 text-[var(--md-success)] shrink-0">
+              <UIcon name="i-lucide-user" class="w-4 h-4" />
+            </div>
+            <div class="min-w-0">
+              <p class="text-[10px] uppercase tracking-wider text-[var(--md-on-surface)]/50 mb-0.5">
+                Signed in as
+              </p>
+              <p class="text-xs font-medium text-[var(--md-on-surface)] break-all leading-tight">
+                {{ email }}
+              </p>
+            </div>
+          </div>
+        </div>
+        <div class="h-[var(--md-border-width)] bg-[var(--md-border-color)] mx-3" />
+        <!-- Actions -->
+        <div class="p-2 space-y-1">
+          <button
+            type="button"
+            class="w-full flex items-center gap-2.5 px-3 py-2 text-sm text-[var(--md-on-surface)] rounded-[var(--md-border-radius)] hover:bg-[var(--md-surface-hover)] active:bg-[var(--md-surface-active)] transition-colors text-left"
+            @click="onChangePassword"
+          >
+            <UIcon name="i-lucide-key-round" class="w-4 h-4 text-[var(--md-on-surface)]/60 shrink-0" />
+            Change Password
+          </button>
+          <button
+            type="button"
+            :disabled="pending"
+            class="w-full flex items-center gap-2.5 px-3 py-2 text-sm rounded-[var(--md-border-radius)] text-[var(--md-error)] hover:bg-[var(--md-error)]/10 active:bg-[var(--md-error)]/18 transition-colors text-left disabled:opacity-50"
+            @click="onSignOut"
+          >
+            <UIcon name="i-lucide-log-out" class="w-4 h-4 shrink-0" />
+            {{ pending ? "Signing out\u2026" : "Sign Out" }}
+          </button>
+        </div>
+      </div>
+    </template>
+  </UPopover>
+</template>
+<script setup>
+import { ref } from "vue";
+defineProps({
+  email: { type: String, required: false },
+  displayName: { type: String, required: false }
+});
+const emit = defineEmits(["signed-out", "change-password"]);
+const isOpen = ref(false);
+const pending = ref(false);
+const triggerButtonProps = {
+  block: true,
+  variant: "ghost",
+  color: "neutral",
+  class: "theme-btn h-[48px] w-[48px] p-0! flex flex-col items-center justify-center gap-1 py-1.5 bg-transparent border-[length:var(--md-border-width)] border-[color:var(--md-success)]/40 rounded-[var(--md-border-radius)] text-[var(--md-on-surface)] hover:bg-[var(--md-success)]/18 active:bg-[var(--md-success)]/28 transition-colors duration-150 shadow-none",
+  ui: {
+    base: "justify-center shadow-none"
+  }
+};
+function onChangePassword() {
+  isOpen.value = false;
+  emit("change-password");
+}
+async function onSignOut() {
+  pending.value = true;
+  try {
+    await $fetch("/api/basic-auth/sign-out", {
+      method: "POST"
+    });
+    emit("signed-out");
+  } finally {
+    pending.value = false;
+    isOpen.value = false;
+  }
+}
+</script>

package/dist/runtime/components/BasicAuthUserMenu.client.vue.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+type __VLS_Props = {
+    email?: string;
+    displayName?: string;
+};
+declare const _default: import("vue").DefineComponent<__VLS_Props, {}, {}, {}, {}, import("vue").ComponentOptionsMixin, import("vue").ComponentOptionsMixin, {} & {
+    "signed-out": () => any;
+    "change-password": () => any;
+}, string, import("vue").PublicProps, Readonly<__VLS_Props> & Readonly<{
+    "onSigned-out"?: (() => any) | undefined;
+    "onChange-password"?: (() => any) | undefined;
+}>, {}, {}, {}, {}, string, import("vue").ComponentProvideOptions, false, {}, any>;
+export default _default;

package/dist/runtime/components/SidebarAuthButtonBasic.client.d.vue.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ declare const _default: import("vue").DefineComponent<{}, {}, {}, {}, {}, import("vue").ComponentOptionsMixin, import("vue").ComponentOptionsMixin, {}, string, import("vue").PublicProps, Readonly<{}> & Readonly<{}>, {}, {}, {}, {}, string, import("vue").ComponentProvideOptions, true, {}, any>;
2	+ export default _default;

package/dist/runtime/components/SidebarAuthButtonBasic.client.vue ADDED Viewed

@@ -0,0 +1,154 @@
+<template>
+  <template v-if="isBasicAuthProvider">
+    <BasicAuthUserMenu
+      v-if="isSignedIn"
+      :email="sessionUser?.email"
+      :display-name="sessionUser?.displayName"
+      @signed-out="onSignedOut"
+      @change-password="changePasswordModalOpen = true"
+    />
+    <UButton
+      v-else
+      v-bind="loginButtonProps"
+      type="button"
+      aria-label="Login"
+      @click="signInModalOpen = true"
+    >
+      <template #default>
+        <span class="flex flex-col items-center gap-1 w-full">
+          <UIcon name="i-lucide-log-in" class="h-[18px] w-[18px]" />
+          <span class="text-[7px] uppercase tracking-wider whitespace-nowrap">
+            Login
+          </span>
+        </span>
+      </template>
+    </UButton>
+    <BasicAuthSignInModal
+      v-model="signInModalOpen"
+      @signed-in="onSignedIn"
+      @open-register="openRegisterFromSignIn"
+    />
+    <BasicAuthRegisterModal
+      v-model="registerModalOpen"
+      @registered="onRegistered"
+    />
+    <BasicAuthChangePasswordModal
+      v-model="changePasswordModalOpen"
+      :username="sessionUser?.email"
+      @updated="onPasswordUpdated"
+    />
+  </template>
+</template>
+<script setup>
+import { computed, nextTick, onMounted, ref } from "vue";
+import { BASIC_AUTH_PROVIDER_ID } from "../lib/constants";
+import BasicAuthSignInModal from "./BasicAuthSignInModal.client.vue";
+import BasicAuthRegisterModal from "./BasicAuthRegisterModal.client.vue";
+import BasicAuthUserMenu from "./BasicAuthUserMenu.client.vue";
+import BasicAuthChangePasswordModal from "./BasicAuthChangePasswordModal.client.vue";
+const runtimeConfig = useRuntimeConfig();
+const signInModalOpen = ref(false);
+const registerModalOpen = ref(false);
+const changePasswordModalOpen = ref(false);
+let refreshRequest = null;
+const session = ref(null);
+async function fetchSessionPayload() {
+  return await $fetch("/api/auth/session", {
+    cache: "no-store"
+  });
+}
+async function tryRefreshTokens() {
+  if (refreshRequest) {
+    return refreshRequest;
+  }
+  refreshRequest = (async () => {
+    try {
+      const response = await $fetch("/api/basic-auth/refresh?silent=1", {
+        method: "POST"
+      });
+      return response?.ok === true;
+    } catch {
+      return false;
+    }
+  })().finally(() => {
+    refreshRequest = null;
+  });
+  return refreshRequest;
+}
+async function refreshSession(options = {}) {
+  const allowSilentRefresh = options.allowSilentRefresh ?? true;
+  try {
+    const payload = await fetchSessionPayload();
+    session.value = payload.session ?? null;
+  } catch {
+    session.value = null;
+    return;
+  }
+  if (session.value || !allowSilentRefresh) {
+    return;
+  }
+  const didRefresh = await tryRefreshTokens();
+  if (!didRefresh) {
+    return;
+  }
+  try {
+    const payload = await fetchSessionPayload();
+    session.value = payload.session ?? null;
+  } catch {
+    session.value = null;
+  }
+}
+const isBasicAuthProvider = computed(() => {
+  const publicProvider = runtimeConfig.public?.authProvider;
+  if (!publicProvider) return true;
+  return publicProvider === BASIC_AUTH_PROVIDER_ID;
+});
+const isSignedIn = computed(
+  () => session.value?.authenticated === true && session.value.provider === BASIC_AUTH_PROVIDER_ID
+);
+const sessionUser = computed(() => session.value?.user);
+const loginButtonProps = {
+  block: true,
+  variant: "ghost",
+  color: "neutral",
+  class: "theme-btn h-[48px] w-[48px] p-0! flex flex-col items-center justify-center gap-1 py-1.5 bg-transparent border-[length:var(--md-border-width)] border-[color:var(--md-primary)]/30 rounded-[var(--md-border-radius)] text-[var(--md-primary)] hover:bg-[var(--md-primary)]/15 active:bg-[var(--md-primary)]/25 transition-colors duration-150 shadow-none",
+  ui: {
+    base: "justify-center shadow-none"
+  }
+};
+function notifyAuthSessionChanged() {
+  if (typeof window === "undefined") return;
+  window.dispatchEvent(new CustomEvent("or3:auth-session-changed"));
+}
+async function onSignedIn() {
+  await refreshSession({ allowSilentRefresh: false });
+  notifyAuthSessionChanged();
+}
+async function onSignedOut() {
+  await refreshSession({ allowSilentRefresh: false });
+  notifyAuthSessionChanged();
+}
+async function onPasswordUpdated() {
+  await refreshSession({ allowSilentRefresh: false });
+  notifyAuthSessionChanged();
+}
+async function openRegisterFromSignIn() {
+  signInModalOpen.value = false;
+  await nextTick();
+  setTimeout(() => {
+    registerModalOpen.value = true;
+  }, 0);
+}
+async function onRegistered() {
+  await refreshSession({ allowSilentRefresh: false });
+  notifyAuthSessionChanged();
+}
+onMounted(() => {
+  void refreshSession();
+});
+</script>

package/dist/runtime/components/SidebarAuthButtonBasic.client.vue.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ declare const _default: import("vue").DefineComponent<{}, {}, {}, {}, {}, import("vue").ComponentOptionsMixin, import("vue").ComponentOptionsMixin, {}, string, import("vue").PublicProps, Readonly<{}> & Readonly<{}>, {}, {}, {}, {}, string, import("vue").ComponentProvideOptions, true, {}, any>;
2	+ export default _default;

package/dist/runtime/lib/constants.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+export declare const BASIC_AUTH_PROVIDER_ID = "basic-auth";
+export declare const ACCESS_COOKIE_NAME = "or3_access";
+export declare const REFRESH_COOKIE_NAME = "or3_refresh";
+export declare const DEFAULT_ACCESS_TTL_SECONDS = 900;
+export declare const DEFAULT_REFRESH_TTL_SECONDS: number;
+export declare const ACCESS_COOKIE_PATH = "/";
+export declare const REFRESH_COOKIE_PATH = "/api/basic-auth";

package/dist/runtime/lib/constants.js ADDED Viewed

@@ -0,0 +1,7 @@
+export const BASIC_AUTH_PROVIDER_ID = "basic-auth";
+export const ACCESS_COOKIE_NAME = "or3_access";
+export const REFRESH_COOKIE_NAME = "or3_refresh";
+export const DEFAULT_ACCESS_TTL_SECONDS = 900;
+export const DEFAULT_REFRESH_TTL_SECONDS = 60 * 60 * 24 * 30;
+export const ACCESS_COOKIE_PATH = "/";
+export const REFRESH_COOKIE_PATH = "/api/basic-auth";

package/dist/runtime/plugins/auth-status.client.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ declare const _default: any;
2	+ export default _default;

package/dist/runtime/plugins/auth-status.client.js ADDED Viewed

@@ -0,0 +1,38 @@
+import { registerClientAuthStatusResolver } from "~/composables/auth/useClientAuthStatus.client";
+async function fetchSession() {
+  try {
+    return await $fetch("/api/auth/session", {
+      cache: "no-store"
+    });
+  } catch {
+    return null;
+  }
+}
+async function trySilentRefresh() {
+  try {
+    const res = await $fetch("/api/basic-auth/refresh?silent=1", {
+      method: "POST"
+    });
+    return res?.ok === true;
+  } catch {
+    return false;
+  }
+}
+export default defineNuxtPlugin(() => {
+  if (import.meta.server) return;
+  registerClientAuthStatusResolver(async () => {
+    const first = await fetchSession();
+    const firstSession = first?.session;
+    if (firstSession?.authenticated === true && firstSession.provider === "basic-auth") {
+      return { ready: true, authenticated: true };
+    }
+    const refreshed = await trySilentRefresh();
+    if (!refreshed) {
+      return { ready: true, authenticated: false };
+    }
+    const second = await fetchSession();
+    const secondSession = second?.session;
+    const authenticated = secondSession?.authenticated === true && secondSession.provider === "basic-auth";
+    return { ready: true, authenticated };
+  });
+});

package/dist/runtime/plugins/basic-auth-ui.client.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ declare const _default: import("nuxt/app").Plugin<Record<string, unknown>> & import("nuxt/app").ObjectPlugin<Record<string, unknown>>;
2	+ export default _default;

package/dist/runtime/plugins/basic-auth-ui.client.js ADDED Viewed

@@ -0,0 +1,46 @@
+import { defineNuxtPlugin, useNuxtApp, useRuntimeConfig } from "#imports";
+import { BASIC_AUTH_PROVIDER_ID } from "../lib/constants.js";
+function tryRegisterAuthUiAdapter(component) {
+  const nuxtApp = useNuxtApp();
+  if (typeof nuxtApp.$registerAuthUiAdapter !== "function") {
+    return false;
+  }
+  nuxtApp.$registerAuthUiAdapter({
+    id: BASIC_AUTH_PROVIDER_ID,
+    component
+  });
+  return true;
+}
+function enqueueAuthUiAdapter(component) {
+  const payload = {
+    id: BASIC_AUTH_PROVIDER_ID,
+    component
+  };
+  const globalState = globalThis;
+  if (!Array.isArray(globalState.__or3AuthUiAdapterQueue__)) {
+    globalState.__or3AuthUiAdapterQueue__ = [];
+  }
+  globalState.__or3AuthUiAdapterQueue__.push(payload);
+  if (typeof window !== "undefined") {
+    window.dispatchEvent(
+      new CustomEvent("or3:auth-ui-adapter-register", {
+        detail: payload
+      })
+    );
+  }
+}
+export default defineNuxtPlugin(async () => {
+  if (import.meta.server) return;
+  const runtimeConfig = useRuntimeConfig();
+  if (!runtimeConfig.public?.ssrAuthEnabled) return;
+  const publicProviderId = runtimeConfig.public?.authProvider;
+  if (publicProviderId && publicProviderId !== BASIC_AUTH_PROVIDER_ID) {
+    return;
+  }
+  const componentModule = await import("../components/SidebarAuthButtonBasic.client.vue");
+  if (componentModule.default) {
+    if (!tryRegisterAuthUiAdapter(componentModule.default)) {
+      enqueueAuthUiAdapter(componentModule.default);
+    }
+  }
+});

package/dist/runtime/server/admin/adapters/auth-basic-auth.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { ProviderAdminAdapter } from '~~/server/admin/providers/types';
2	+ export declare const basicAuthAdminAdapter: ProviderAdminAdapter;

package/dist/runtime/server/admin/adapters/auth-basic-auth.js ADDED Viewed

@@ -0,0 +1,34 @@
+import { BASIC_AUTH_PROVIDER_ID } from "../../../lib/constants.js";
+import { validateBasicAuthConfig } from "../../lib/config.js";
+export const basicAuthAdminAdapter = {
+  id: BASIC_AUTH_PROVIDER_ID,
+  kind: "auth",
+  async getStatus(_event, ctx) {
+    const diagnostics = validateBasicAuthConfig(useRuntimeConfig());
+    const warnings = [];
+    for (const message of diagnostics.warnings) {
+      warnings.push({ level: "warning", message });
+    }
+    for (const message of diagnostics.errors) {
+      warnings.push({ level: "error", message });
+    }
+    if (ctx.enabled && !diagnostics.isValid) {
+      warnings.push({
+        level: "error",
+        message: "Basic-auth configuration is invalid. Authentication may fail."
+      });
+    }
+    return {
+      details: {
+        dbPath: diagnostics.config.dbPath,
+        jwtSecretConfigured: Boolean(diagnostics.config.jwtSecret),
+        refreshSecretConfigured: Boolean(diagnostics.config.refreshSecret),
+        bootstrapConfigured: Boolean(diagnostics.config.bootstrapEmail) && Boolean(diagnostics.config.bootstrapPassword),
+        accessTtlSeconds: diagnostics.config.accessTtlSeconds,
+        refreshTtlSeconds: diagnostics.config.refreshTtlSeconds
+      },
+      warnings,
+      actions: []
+    };
+  }
+};

package/dist/runtime/server/api/basic-auth/_helpers.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { createError, type H3Event } from 'h3';
+import type { z } from 'zod';
+export declare function assertBasicAuthReady(event: H3Event): void;
+export declare function parseBodyWithSchema<T extends z.ZodTypeAny>(event: H3Event, schema: T): Promise<z.infer<T>>;
+export declare function noStore(event: H3Event): void;
+export declare function createForbiddenError(): ReturnType<typeof createError>;

package/dist/runtime/server/api/basic-auth/_helpers.js ADDED Viewed

@@ -0,0 +1,26 @@
+import { createError, readBody, setResponseHeader } from "h3";
+import { validateBasicAuthConfig } from "../../lib/config.js";
+import { createAuthNotConfiguredError, createInvalidRequestError } from "../../lib/errors.js";
+export function assertBasicAuthReady(event) {
+  const diagnostics = validateBasicAuthConfig(useRuntimeConfig(event));
+  if (!diagnostics.config.enabled || diagnostics.config.providerId !== "basic-auth") {
+    throw createAuthNotConfiguredError();
+  }
+  if (!diagnostics.isValid) {
+    throw createAuthNotConfiguredError();
+  }
+}
+export async function parseBodyWithSchema(event, schema) {
+  const body = await readBody(event);
+  const result = schema.safeParse(body);
+  if (!result.success) {
+    throw createInvalidRequestError();
+  }
+  return result.data;
+}
+export function noStore(event) {
+  setResponseHeader(event, "Cache-Control", "no-store");
+}
+export function createForbiddenError() {
+  return createError({ statusCode: 403, statusMessage: "Forbidden" });
+}

package/dist/runtime/server/api/basic-auth/change-password.post.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { type H3Event } from 'h3';
+export declare function handleChangePassword(event: H3Event): Promise<{
+    ok: boolean;
+}>;
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    ok: boolean;
+}>>;
+export default _default;

package/dist/runtime/server/api/basic-auth/change-password.post.js ADDED Viewed

@@ -0,0 +1,49 @@
+import { defineEventHandler } from "h3";
+import { z } from "zod";
+import { clearAuthCookies } from "../../lib/cookies.js";
+import { createInvalidCredentialsError, createSessionExpiredError } from "../../lib/errors.js";
+import { hashPassword, verifyPassword } from "../../lib/password.js";
+import { enforceBasicAuthRateLimit } from "../../lib/rate-limit.js";
+import {
+  findAccountById,
+  updatePasswordAndRevokeSessions
+} from "../../lib/session-store.js";
+import { enforceMutationOriginPolicy } from "../../lib/request-security.js";
+import { basicAuthProvider } from "../../auth/basic-auth-provider.js";
+import { assertBasicAuthReady, noStore, parseBodyWithSchema } from "./_helpers.js";
+const changePasswordSchema = z.object({
+  // Existing accounts may have legacy short passwords; only new password is length-enforced.
+  currentPassword: z.string().min(1).max(512),
+  newPassword: z.string().min(8).max(512),
+  confirmNewPassword: z.string().min(8).max(512)
+}).refine((input) => input.newPassword === input.confirmNewPassword, {
+  message: "Passwords must match"
+});
+export async function handleChangePassword(event) {
+  assertBasicAuthReady(event);
+  noStore(event);
+  enforceMutationOriginPolicy(event);
+  enforceBasicAuthRateLimit(event, "basic-auth:change-password");
+  const session = await basicAuthProvider.getSession(event);
+  if (!session) {
+    clearAuthCookies(event);
+    throw createSessionExpiredError();
+  }
+  const body = await parseBodyWithSchema(event, changePasswordSchema);
+  const account = findAccountById(session.user.id);
+  if (!account) {
+    clearAuthCookies(event);
+    throw createSessionExpiredError();
+  }
+  const validCurrentPassword = await verifyPassword(body.currentPassword, account.password_hash);
+  if (!validCurrentPassword) {
+    throw createInvalidCredentialsError();
+  }
+  const newPasswordHash = await hashPassword(body.newPassword);
+  updatePasswordAndRevokeSessions(account.id, newPasswordHash);
+  clearAuthCookies(event);
+  return { ok: true };
+}
+export default defineEventHandler(async (event) => {
+  return await handleChangePassword(event);
+});

package/dist/runtime/server/api/basic-auth/refresh.post.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { type H3Event } from 'h3';
+export declare function handleRefresh(event: H3Event): Promise<{
+    ok: boolean;
+}>;
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    ok: boolean;
+}>>;
+export default _default;

package/dist/runtime/server/api/basic-auth/refresh.post.js ADDED Viewed

@@ -0,0 +1,78 @@
+import { randomUUID } from "node:crypto";
+import { defineEventHandler, getQuery } from "h3";
+import { clearAuthCookies, setAccessCookie, setRefreshCookie } from "../../lib/cookies.js";
+import { getBasicAuthConfig } from "../../lib/config.js";
+import { createSessionExpiredError } from "../../lib/errors.js";
+import {
+  getRefreshTokenFromEvent,
+  hashRefreshToken,
+  signAccessToken,
+  signRefreshToken,
+  verifyRefreshToken
+} from "../../lib/jwt.js";
+import { enforceBasicAuthRateLimit } from "../../lib/rate-limit.js";
+import {
+  findAccountById,
+  rotateSession,
+  getSessionMetadataFromEvent
+} from "../../lib/session-store.js";
+import { enforceMutationOriginPolicy } from "../../lib/request-security.js";
+import { assertBasicAuthReady, noStore } from "./_helpers.js";
+export async function handleRefresh(event) {
+  assertBasicAuthReady(event);
+  noStore(event);
+  enforceMutationOriginPolicy(event);
+  enforceBasicAuthRateLimit(event, "basic-auth:refresh");
+  const query = getQuery(event);
+  const silent = query.silent === "1" || query.silent === "true";
+  const failExpired = () => {
+    clearAuthCookies(event);
+    if (silent) {
+      return { ok: false };
+    }
+    throw createSessionExpiredError();
+  };
+  const refreshToken = getRefreshTokenFromEvent(event);
+  if (!refreshToken) {
+    return failExpired();
+  }
+  const claims = await verifyRefreshToken(refreshToken);
+  if (!claims) {
+    return failExpired();
+  }
+  const account = findAccountById(claims.sub);
+  if (!account || account.token_version !== claims.ver) {
+    return failExpired();
+  }
+  const config = getBasicAuthConfig();
+  const newSessionId = randomUUID();
+  const newRefreshToken = await signRefreshToken({
+    sub: account.id,
+    sid: newSessionId,
+    ver: account.token_version
+  });
+  const rotation = rotateSession({
+    currentSessionId: claims.sid,
+    currentRefreshHash: hashRefreshToken(refreshToken),
+    newSessionId,
+    newRefreshHash: hashRefreshToken(newRefreshToken),
+    newExpiresAtMs: Date.now() + config.refreshTtlSeconds * 1e3,
+    metadata: getSessionMetadataFromEvent(event)
+  });
+  if (!rotation.ok || rotation.accountId !== account.id) {
+    return failExpired();
+  }
+  const accessToken = await signAccessToken({
+    sub: account.id,
+    sid: newSessionId,
+    ver: account.token_version,
+    email: account.email,
+    display_name: account.display_name
+  });
+  setAccessCookie(event, accessToken, config.accessTtlSeconds);
+  setRefreshCookie(event, newRefreshToken, config.refreshTtlSeconds);
+  return { ok: true };
+}
+export default defineEventHandler(async (event) => {
+  return await handleRefresh(event);
+});

package/dist/runtime/server/api/basic-auth/register.post.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { type H3Event } from 'h3';
+export declare function handleRegister(event: H3Event): Promise<{
+    ok: boolean;
+}>;
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    ok: boolean;
+}>>;
+export default _default;