orange-auth 1.2.0 → 1.3.1

package/dist/client.d.ts

@@ -0,0 +1,470 @@
+/*
+    Orange Auth, a simple modular auth library
+    Copyright (C) 2026  Mathieu Dery
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+//#region node_modules/type-fest/source/primitive.d.ts
+/**
+Matches any [primitive value](https://developer.mozilla.org/en-US/docs/Glossary/Primitive).
+
+@category Type
+*/
+type Primitive = null | undefined | string | number | boolean | symbol | bigint;
+//#endregion
+//#region node_modules/type-fest/source/is-never.d.ts
+/**
+Returns a boolean for whether the given type is `never`.
+
+@link https://github.com/microsoft/TypeScript/issues/31751#issuecomment-498526919
+@link https://stackoverflow.com/a/53984913/10292952
+@link https://www.zhenghao.io/posts/ts-never
+
+Useful in type utilities, such as checking if something does not occur.
+
+@example
+```
+import type {IsNever, And} from 'type-fest';
+
+type A = IsNever<never>;
+//=> true
+
+type B = IsNever<any>;
+//=> false
+
+type C = IsNever<unknown>;
+//=> false
+
+type D = IsNever<never[]>;
+//=> false
+
+type E = IsNever<object>;
+//=> false
+
+type F = IsNever<string>;
+//=> false
+```
+
+@example
+```
+import type {IsNever} from 'type-fest';
+
+type IsTrue<T> = T extends true ? true : false;
+
+// When a distributive conditional is instantiated with `never`, the entire conditional results in `never`.
+type A = IsTrue<never>;
+//=> never
+
+// If you don't want that behaviour, you can explicitly add an `IsNever` check before the distributive conditional.
+type IsTrueFixed<T> =
+	IsNever<T> extends true ? false : T extends true ? true : false;
+
+type B = IsTrueFixed<never>;
+//=> false
+```
+
+@category Type Guard
+@category Utilities
+*/
+type IsNever<T> = [T] extends [never] ? true : false;
+//#endregion
+//#region node_modules/type-fest/source/internal/type.d.ts
+/**
+Matches any primitive, `void`, `Date`, or `RegExp` value.
+*/
+type BuiltIns = Primitive | void | Date | RegExp;
+/**
+Test if the given function has multiple call signatures.
+
+Needed to handle the case of a single call signature with properties.
+
+Multiple call signatures cannot currently be supported due to a TypeScript limitation.
+@see https://github.com/microsoft/TypeScript/issues/29732
+*/
+type HasMultipleCallSignatures<T extends (...arguments_: any[]) => unknown> = T extends {
+  (...arguments_: infer A): unknown;
+  (...arguments_: infer B): unknown;
+} ? B extends A ? A extends B ? false : true : true : false;
+//#endregion
+//#region node_modules/type-fest/source/simplify.d.ts
+/**
+Useful to flatten the type output to improve type hints shown in editors. And also to transform an interface into a type to aide with assignability.
+
+@example
+```
+import type {Simplify} from 'type-fest';
+
+type PositionProps = {
+	top: number;
+	left: number;
+};
+
+type SizeProps = {
+	width: number;
+	height: number;
+};
+
+// In your editor, hovering over `Props` will show a flattened object with all the properties.
+type Props = Simplify<PositionProps & SizeProps>;
+```
+
+Sometimes it is desired to pass a value as a function argument that has a different type. At first inspection it may seem assignable, and then you discover it is not because the `value`'s type definition was defined as an interface. In the following example, `fn` requires an argument of type `Record<string, unknown>`. If the value is defined as a literal, then it is assignable. And if the `value` is defined as type using the `Simplify` utility the value is assignable.  But if the `value` is defined as an interface, it is not assignable because the interface is not sealed and elsewhere a non-string property could be added to the interface.
+
+If the type definition must be an interface (perhaps it was defined in a third-party npm package), then the `value` can be defined as `const value: Simplify<SomeInterface> = ...`. Then `value` will be assignable to the `fn` argument.  Or the `value` can be cast as `Simplify<SomeInterface>` if you can't re-declare the `value`.
+
+@example
+```
+import type {Simplify} from 'type-fest';
+
+interface SomeInterface {
+	foo: number;
+	bar?: string;
+	baz: number | undefined;
+}
+
+type SomeType = {
+	foo: number;
+	bar?: string;
+	baz: number | undefined;
+};
+
+const literal = {foo: 123, bar: 'hello', baz: 456};
+const someType: SomeType = literal;
+const someInterface: SomeInterface = literal;
+
+declare function fn(object: Record<string, unknown>): void;
+
+fn(literal); // Good: literal object type is sealed
+fn(someType); // Good: type is sealed
+// @ts-expect-error
+fn(someInterface); // Error: Index signature for type 'string' is missing in type 'someInterface'. Because `interface` can be re-opened
+fn(someInterface as Simplify<SomeInterface>); // Good: transform an `interface` into a `type`
+```
+
+@link https://github.com/microsoft/TypeScript/issues/15300
+@see {@link SimplifyDeep}
+@category Object
+*/
+type Simplify<T> = { [KeyType in keyof T]: T[KeyType] } & {};
+//#endregion
+//#region node_modules/type-fest/source/required-deep.d.ts
+/**
+Create a type from another type with all keys and nested keys set to required.
+
+Use-cases:
+- Creating optional configuration interfaces where the underlying implementation still requires all options to be fully specified.
+- Modeling the resulting type after a deep merge with a set of defaults.
+
+@example
+```
+import type {RequiredDeep} from 'type-fest';
+
+type Settings = {
+	textEditor?: {
+		fontSize?: number;
+		fontColor?: string;
+		fontWeight?: number | undefined;
+	};
+	autocomplete?: boolean;
+	autosave?: boolean | undefined;
+};
+
+type RequiredSettings = RequiredDeep<Settings>;
+//=> {
+// 	textEditor: {
+// 		fontSize: number;
+// 		fontColor: string;
+// 		fontWeight: number | undefined;
+// 	};
+// 	autocomplete: boolean;
+// 	autosave: boolean | undefined;
+// }
+```
+
+Note that types containing overloaded functions are not made deeply required due to a [TypeScript limitation](https://github.com/microsoft/TypeScript/issues/29732).
+
+@category Utilities
+@category Object
+@category Array
+@category Set
+@category Map
+*/
+type RequiredDeep<T> = T extends BuiltIns ? T : T extends Map<infer KeyType, infer ValueType> ? Map<RequiredDeep<KeyType>, RequiredDeep<ValueType>> : T extends Set<infer ItemType> ? Set<RequiredDeep<ItemType>> : T extends ReadonlyMap<infer KeyType, infer ValueType> ? ReadonlyMap<RequiredDeep<KeyType>, RequiredDeep<ValueType>> : T extends ReadonlySet<infer ItemType> ? ReadonlySet<RequiredDeep<ItemType>> : T extends WeakMap<infer KeyType, infer ValueType> ? WeakMap<RequiredDeep<KeyType>, RequiredDeep<ValueType>> : T extends WeakSet<infer ItemType> ? WeakSet<RequiredDeep<ItemType>> : T extends Promise<infer ValueType> ? Promise<RequiredDeep<ValueType>> : T extends ((...arguments_: any[]) => unknown) ? IsNever<keyof T> extends true ? T : HasMultipleCallSignatures<T> extends true ? T : ((...arguments_: Parameters<T>) => ReturnType<T>) & RequiredObjectDeep<T> : T extends object ? Simplify<RequiredObjectDeep<T>> // `Simplify` to prevent `RequiredObjectDeep` from appearing in the resulting type
+: unknown;
+type RequiredObjectDeep<ObjectType extends object> = { [KeyType in keyof ObjectType]-?: RequiredDeep<ObjectType[KeyType]> };
+//#endregion
+//#region packages/orange-auth/@types/internals.d.ts
+type ConfigOptsRequired = RequiredDeep<Omit<ConfigOptionsProps, "basePath" | "callbacks" | "cookieSettings">>;
+/**
+ * Internally used version of the options
+ */
+type ConfigOptions = ConfigOptsRequired & {
+  cookieSettings: NonNullable<ConfigOptionsProps["cookieSettings"]>;
+  callbacks?: ConfigOptionsProps["callbacks"];
+};
+//#endregion
+//#region packages/orange-auth/providers/IProvider.d.ts
+/**
+ * Providers are used to implement certain services (E.g. facebook, github, credentials) as login methods.
+ * Every provider should inherit from this.
+ */
+declare abstract class IProvider {
+  /**
+   * This is used to map a callback to a provider.
+   */
+  private readonly __ID;
+  constructor(ID: string);
+  /**
+   * The provider ID.
+   */
+  get ID(): string;
+  /**
+   * Login function. This is used to call all the login flows of each provider.
+   * For now, the request's body **MUST** be JSON.
+   * @param req The request object.
+   * @param globalCfg The global auth config.
+   */
+  abstract logIn(req: Request, globalCfg: ConfigOptions): Promise<{
+    session: Session;
+    token: string;
+  } | null>;
+}
+//#endregion
+//#region packages/orange-auth/strategies/IStrategy.d.ts
+/**
+ * Strategies callbacks
+ */
+type Callbacks = Partial<{
+  /**
+   * Pre-serialization callback. This can be used to add some steps to this process.
+   * @param session The session to be serialized.
+   * @returns A boolean representing if the serialization should occur.
+   */
+  serialize: (session: Session) => MaybePromise<boolean>;
+  /**
+   * Post-deserialization callback. This can be used to add some validation to this process.
+   * @param session The token that was deserialized.
+   * @returns A boolean representing if the deserialization is valid.
+   */
+  deserialize: (token: string, session: Session) => MaybePromise<boolean>;
+}>;
+/**
+ * A strategy is used to handle the creation, validation and accessing a user's session.
+ */
+declare abstract class IStrategy {
+  protected callbacks: Callbacks;
+  constructor(callbacks: Callbacks);
+  /**
+   * Handles how a session token is generated.
+   * @param session The validated session object.
+   * @param globalCfg The global auth config.
+   * @returns A newly generated token that will be sent as a cookie.
+   */
+  abstract serialize(session: Session, globalCfg: ConfigOptions): Promise<string>;
+  /**
+   * Handles how a token is validated and deserialized into a session object.
+   * @param token A user's token.
+   * @param globalCfg The global auth config.
+   * @returns A user's session if validated and found, else `null`.
+   */
+  abstract deserialize(token: string, globalCfg: ConfigOptions): Promise<Session | null>;
+  /**
+   * Handles how a session is destroyed when a user is logging out.
+   * @param req The request object.
+   * @param globalCfg The global auth config.
+   */
+  abstract logOut(req: Request, globalCfg: ConfigOptions): Promise<void>;
+}
+//#endregion
+//#region packages/orange-auth/@types/cookies.d.ts
+interface CookieOptions {
+  /**
+   * Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.2).
+   *
+   * The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and
+   * `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
+   * so if both are set, they should point to the same date and time.
+   */
+  maxAge?: number;
+  /**
+   * Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.1).
+   * When no expiration is set, clients consider this a "non-persistent cookie" and delete it when the current session is over.
+   *
+   * The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and
+   * `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
+   * so if both are set, they should point to the same date and time.
+   */
+  expires?: Date;
+  /**
+   * Specifies the value for the [`Domain` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.3).
+   * When no domain is set, clients consider the cookie to apply to the current domain only.
+   */
+  domain?: string;
+  /**
+   * Specifies the value for the [`Path` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4).
+   * When no path is set, the path is considered the ["default path"](https://tools.ietf.org/html/rfc6265#section-5.1.4).
+   */
+  path?: string;
+  /**
+   * Enables the [`HttpOnly` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.6).
+   * When enabled, clients will not allow client-side JavaScript to see the cookie in `document.cookie`.
+   */
+  httpOnly?: boolean;
+  /**
+   * Enables the [`Secure` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.5).
+   * When enabled, clients will only send the cookie back if the browser has an HTTPS connection.
+   */
+  secure?: boolean;
+  /**
+   * Enables the [`Partitioned` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/).
+   * When enabled, clients will only send the cookie back when the current domain _and_ top-level domain matches.
+   *
+   * This is an attribute that has not yet been fully standardized, and may change in the future.
+   * This also means clients may ignore this attribute until they understand it. More information
+   * about can be found in [the proposal](https://github.com/privacycg/CHIPS).
+   */
+  partitioned?: boolean;
+  /**
+   * Specifies the value for the [`Priority` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1).
+   *
+   * - `'low'` will set the `Priority` attribute to `Low`.
+   * - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
+   * - `'high'` will set the `Priority` attribute to `High`.
+   *
+   * More information about priority levels can be found in [the specification](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1).
+   */
+  priority?: "low" | "medium" | "high";
+  /**
+   * Specifies the value for the [`SameSite` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7).
+   *
+   * - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
+   * - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement.
+   * - `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie.
+   * - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
+   *
+   * More information about enforcement levels can be found in [the specification](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7).
+   */
+  sameSite?: "lax" | "strict" | "none";
+}
+//#endregion
+//#region packages/orange-auth/@types/globals.d.ts
+/**
+ * This is a Promise, or not...
+ */
+type MaybePromise<T> = T | Promise<T>;
+/**
+ * General session type. This should be augmented to include your session's fields.
+ */
+interface Session extends Record<string, unknown> {
+  id: string;
+}
+/**
+ * Parameters for the custom callbacks
+ */
+type CallbackParams = {
+  /**
+   * The current token
+   */
+  token: string;
+  /**
+   * The current deserialized token
+   */
+  session: Session;
+  /**
+   * TThe request's headers
+   */
+  headers: Headers;
+};
+/**
+ * Auth Configuration props.
+ */
+type ConfigOptionsProps = Readonly<{
+  /**
+   * All the available providers.
+   * If multiple instance of a single provider are used, the order does matter.
+   */
+  providers: IProvider[];
+  /**
+   * Your secret key.
+   */
+  secret: string;
+  /**
+   * A custom name for the cookie.
+   * Otherwise, the default name will be `orange.auth`
+   */
+  cookieName?: string;
+  /**
+   * The strategy to be used.
+   */
+  strategy: IStrategy;
+  /**
+   * This should be the url path that your auth is set up on.
+   * @example
+   * ```js
+   * const app = express();
+   *
+   * const { handler } = CreateAuth({
+   *   basePath: "/api/auth",
+   *   ...
+   * });
+   *
+   * app.all("/api/auth/*", createHandler(handler)());
+   * ```
+   */
+  basePath: string;
+  /**
+   * Cookie serialization options. see [MDN Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies)
+   */
+  cookieSettings?: CookieOptions;
+  /**
+   * Custom callbacks
+   */
+  callbacks?: {
+    /**
+     * Custom login callback. This is ran after logging in with the provider.
+     * This can accept 2 return types: a boolean that indicates if the login is valid,
+     * or a url which will redirect the user.
+     * @param params An object containing the token, session and headers of a request.
+     * @returns a boolean that indicates if the login is valid,
+     * or a url which will redirect the user.
+     */
+    login?: (params: CallbackParams) => MaybePromise<boolean | string>;
+    /**
+     * Custom logout callback. This is ran before logging out with the strategy.
+     * @param params An object containing the token, session and headers of a request.
+     * @returns Nothing, or an empty promise.
+     */
+    logout?: (params: CallbackParams) => MaybePromise<void>;
+  };
+}>;
+//#endregion
+//#region packages/client/@types/globals.d.ts
+type ClientConfigOptions = Pick<ConfigOptionsProps, "basePath" | "cookieName"> & {
+  providers: IProvider["ID"][];
+};
+//#endregion
+//#region packages/client/index.d.ts
+type LogInProps = {
+  credentials: Record<"email" | "password", string>;
+};
+type Opts = Partial<{
+  callbackUrl: string;
+}>;
+declare function createAuthClient(options: ClientConfigOptions): {
+  logIn: <T extends keyof LogInProps>(provider: T, credentials: LogInProps[T], opts?: Opts) => Promise<void>;
+  logOut: (opts?: Opts) => Promise<void>;
+};
+//#endregion
+export { type ClientConfigOptions, createAuthClient };
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","names":["Primitive","IsNever","T","If","IsAny","IsNever","Primitive","UnknownArray","BuiltIns","Date","RegExp","NonRecursiveType","Function","Promise","arguments_","MapsSetsOrArrays","ReadonlyMap","WeakKey","WeakMap","ReadonlySet","WeakSet","IsBothExtends","BaseType","FirstType","SecondType","HasMultipleCallSignatures","T","A","B","IsNotFalse","IsPrimitive","Not","IfNotAnyOrNever","IfAny","IfNever","IsAnyOrNever","IsExactOptionalPropertyTypesEnabled","Simplify","T","KeyType","BuiltIns","HasMultipleCallSignatures","IsNever","Simplify","RequiredDeep","T","Map","KeyType","ValueType","Set","ItemType","ReadonlyMap","ReadonlySet","WeakMap","WeakSet","Promise","Parameters","ReturnType","RequiredObjectDeep","arguments_","ObjectType"],"sources":["../node_modules/type-fest/source/primitive.d.ts","../node_modules/type-fest/source/is-never.d.ts","../node_modules/type-fest/source/internal/type.d.ts","../node_modules/type-fest/source/simplify.d.ts","../node_modules/type-fest/source/required-deep.d.ts","../packages/orange-auth/@types/internals.ts","../packages/orange-auth/providers/IProvider.ts","../packages/orange-auth/strategies/IStrategy.ts","../packages/orange-auth/@types/cookies.ts","../packages/orange-auth/@types/globals.ts","../packages/client/@types/globals.ts","../packages/client/index.ts"],"x_google_ignoreList":[0,1,2,3,4],"mappings":";;;;;;;;;;;;;;;;;;;AAKA;;;;KAAYA,SAAAA;;;;AAAZ;;;;;;;;ACgDA;;;;;;;;AC5CA;;;;;;;;;;;;;AA6BA;;;;;;;;;;;;;;;;;;;;ACoBA;;;KFLYC,OAAAA,OAAcC,CAAAA;;;;;;KC5CdM,QAAAA,GAAWF,SAAAA,UAAmBG,IAAAA,GAAOC,MAAAA;AA6BjD;;;;;;;;AAAA,KAAYe,yBAAAA,eAAwCX,UAAAA,uBACnDY,CAAAA;EAAAA,IAAeZ,UAAAA;EAAAA,IAAmCA,UAAAA;AAAAA,IAC/Cc,CAAAA,SAAUD,CAAAA,GACTA,CAAAA,SAAUC,CAAAA;;;;AFpCf;;;;;;;;ACgDA;;;;;;;;AC5CA;;;;;;;;;;;;;AA6BA;;;;;;;;;;;;;;;;;;;;ACoBA;;;;;;;;KAAYS,QAAAA,0BAAiCC,CAAAA,GAAIA,CAAAA,CAAEC,OAAAA;;;;;;;;AFLnD;;;;;;;;AC5CA;;;;;;;;;;;;;AA6BA;;;;;;;;;;;;;;;KEOYK,YAAAA,MAAkBC,CAAAA,SAAUL,QAAAA,GACrCK,CAAAA,GACAA,CAAAA,SAAUC,GAAAA,mCACTA,GAAAA,CAAIF,YAAAA,CAAaG,OAAAA,GAAUH,YAAAA,CAAaI,SAAAA,KACxCH,CAAAA,SAAUI,GAAAA,mBACTA,GAAAA,CAAIL,YAAAA,CAAaM,QAAAA,KACjBL,CAAAA,SAAUM,WAAAA,mCACTA,WAAAA,CAAYP,YAAAA,CAAaG,OAAAA,GAAUH,YAAAA,CAAaI,SAAAA,KAChDH,CAAAA,SAAUO,WAAAA,mBACTA,WAAAA,CAAYR,YAAAA,CAAaM,QAAAA,KACzBL,CAAAA,SAAUQ,OAAAA,mCACTA,OAAAA,CAAQT,YAAAA,CAAaG,OAAAA,GAAUH,YAAAA,CAAaI,SAAAA,KAC5CH,CAAAA,SAAUS,OAAAA,mBACTA,OAAAA,CAAQV,YAAAA,CAAaM,QAAAA,KACrBL,CAAAA,SAAUU,OAAAA,oBACTA,OAAAA,CAAQX,YAAAA,CAAaI,SAAAA,KACrBH,CAAAA,cAAcc,UAAAA,uBACbjB,OAAAA,OAAcG,CAAAA,iBACbA,CAAAA,GACAJ,yBAAAA,CAA0BI,CAAAA,iBACzBA,CAAAA,QACKc,UAAAA,EAAYH,UAAAA,CAAWX,CAAAA,MAAOY,UAAAA,CAAWZ,CAAAA,KAAMa,kBAAAA,CAAmBb,CAAAA,IACzEA,CAAAA,kBACCF,QAAAA,CAASe,kBAAAA,CAAmBb,CAAAA;AAAAA;AAAAA,KAGnCa,kBAAAA,kDACcE,UAAAA,KAAehB,YAAAA,CAAagB,UAAAA,CAAWb,OAAAA;;;KCpErD,kBAAA,GAAqB,YAAA,CAAa,IAAA,CAAK,kBAAA;;;;KAKhC,aAAA,GAAgB,kBAAA;EAExB,cAAA,EAAgB,WAAA,CAAY,kBAAA;EAC5B,SAAA,GAAY,kBAAA;AAAA;;;;;;AJyChB;uBKzCe,SAAA;ELyCI7C;;;EAAAA,iBKrCE,IAAA;cAEL,EAAA;;AJThB;;MIgBe,EAAA,CAAA;EJhBQI;;;;;;EAAAA,SI0BH,KAAA,CAAM,GAAA,EAAK,OAAA,EAAS,SAAA,EAAW,aAAA,GAAgB,OAAA;IAAU,OAAA,EAAS,OAAA;IAAS,KAAA;EAAA;AAAA;;;;;;KC7BnF,SAAA,GAAY,OAAA;;;;AN+CxB;;EMzCI,SAAA,GAAY,OAAA,EAAS,OAAA,KAAY,YAAA;ENyCjBJ;;;;;EMnChB,WAAA,GAAc,KAAA,UAAe,OAAA,EAAS,OAAA,KAAY,YAAA;AAAA;;;;uBAMvC,SAAA;EAAA,UACD,SAAA,EAAW,SAAA;cAET,SAAA,EAAW,SAAA;ELlBJI;;;;;AA6BvB;EA7BuBA,SK4BH,SAAA,CAAU,OAAA,EAAS,OAAA,EAAS,SAAA,EAAW,aAAA,GAAgB,OAAA;ELCtCoB;;;;;;EAAAA,SKOjB,WAAA,CAAY,KAAA,UAAe,SAAA,EAAW,aAAA,GAAgB,OAAA,CAAQ,OAAA;ELN/BZ;;;;;EAAAA,SKa/B,MAAA,CAAO,GAAA,EAAK,OAAA,EAAS,SAAA,EAAW,aAAA,GAAgB,OAAA;AAAA;;;UCpDnD,aAAA;ERKLd;;;;;;;EQGR,MAAA;EP6CQC;;;;;;;;EOpCR,OAAA,GAAU,IAAA;ENRM;;;;EMahB,MAAA;ENbmD;;;;EMkBnD,IAAA;ENlBmD;;AA6BvD;;EMNI,QAAA;ENOF;;;;EMFE,MAAA;ENE8B0B;;;;;;;;EMO9B,WAAA;;;;ALYJ;;;;;;EKFI,QAAA;ELEsD;;;;;;;;;;EKStD,QAAA;AAAA;;;;;;KC5DQ,YAAA,MAAkB,CAAA,GAAI,OAAA,CAAQ,CAAA;;;AR8C1C;UQzCiB,OAAA,SAAgB,MAAA;EAC7B,EAAA;AAAA;;;;KAMC,cAAA;EPVOnB;;;EOcR,KAAA;EPdsCC;;;EOkBtC,OAAA,EAAS,OAAA;EPlBUH;;;EOsBnB,OAAA,EAAS,OAAA;AAAA;APOb;;;AAAA,KODY,kBAAA,GAAqB,QAAA;EPCKoB;;;;EOIlC,SAAA,EAAW,SAAA;EPHoCZ;;;EOQ/C,MAAA;EPNCa;;;;EOYD,UAAA;;;ANKJ;EMAI,QAAA,EAAU,SAAA;ENAMW;;;;;;;;;;;;;;EMgBhB,QAAA;;AL7BJ;;EKkCI,cAAA,GAAiB,aAAA;ELlCSO;;;EKuC1B,SAAA;ILrCSC;;;;;;;;IK8CL,KAAA,IAAS,MAAA,EAAQ,cAAA,KAAmB,YAAA;IL3CnCF;;;;;IKkDD,MAAA,IAAU,MAAA,EAAQ,cAAA,KAAmB,YAAA;EAAA;AAAA;;;KCjGjC,mBAAA,GAAsB,IAAA,CAAK,kBAAA;EACnC,SAAA,EAAW,SAAA;AAAA;;;KCFV,UAAA;EACD,WAAA,EAAa,MAAA;AAAA;AAAA,KAGZ,IAAA,GAAO,OAAA;EAAU,WAAA;AAAA;AAAA,iBAEb,gBAAA,CAAiB,OAAA,EAAS,mBAAA;0BACM,UAAA,EAAU,QAAA,EAAY,CAAA,EAAC,WAAA,EAAe,UAAA,CAAW,CAAA,GAAE,IAAA,GAAS,IAAA,KAAI,OAAA;kBAgBxE,IAAA,KAAI,OAAA;AAAA"}

package/dist/client.js

@@ -0,0 +1,19 @@
+/*
+    Orange Auth, a simple modular auth library
+    Copyright (C) 2026  Mathieu Dery
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+function e(e){async function t(t,n,r){if(!(await fetch(`${e.basePath}/login/${t}`,{method:`POST`,headers:{"content-type":`application/json`},body:JSON.stringify(n)})).ok)throw Error(`INVALID_CREDENTIALS`);r?.callbackUrl&&window.location.replace(r.callbackUrl)}async function n(t){if(!(await fetch(`${e.basePath}/logout/credentials`,{method:`POST`})).ok)throw Error(`SERVER_ERROR`);t?.callbackUrl&&window.location.replace(t.callbackUrl)}return{logIn:t,logOut:n}}export{e as createAuthClient};
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","names":[],"sources":["../packages/client/index.ts"],"sourcesContent":["import type { ClientConfigOptions } from \"./@types/globals\";\n\ntype LogInProps = {\n    credentials: Record<\"email\" | \"password\", string>;\n};\n\ntype Opts = Partial<{ callbackUrl: string }>;\n\nfunction createAuthClient(options: ClientConfigOptions) {\n    async function logIn<T extends keyof LogInProps>(provider: T, credentials: LogInProps[T], opts?: Opts) {\n        const res = await fetch(`${options.basePath}/login/${provider}`, {\n            method: \"POST\",\n            headers: { \"content-type\": \"application/json\" },\n            body: JSON.stringify(credentials),\n        });\n\n        if (!res.ok) {\n            throw new Error(\"INVALID_CREDENTIALS\");\n        }\n\n        if (opts?.callbackUrl) {\n            window.location.replace(opts.callbackUrl);\n        }\n    }\n\n    async function logOut(opts?: Opts) {\n        const res = await fetch(`${options.basePath}/logout/credentials`, {\n            method: \"POST\",\n        });\n\n        if (!res.ok) {\n            throw new Error(\"SERVER_ERROR\");\n        }\n\n        if (opts?.callbackUrl) {\n            window.location.replace(opts.callbackUrl);\n        }\n    }\n\n    return {\n        logIn,\n        logOut,\n    };\n}\n\nexport { createAuthClient };\nexport type { ClientConfigOptions };\n"],"mappings":";;;;;;;;;;;;;;;;;AAQA,SAAS,EAAiB,EAA8B,CACpD,eAAe,EAAkC,EAAa,EAA4B,EAAa,CAOnG,GAAI,EANQ,MAAM,MAAM,GAAG,EAAQ,SAAS,SAAS,IAAY,CAC7D,OAAQ,OACR,QAAS,CAAE,eAAgB,mBAAoB,CAC/C,KAAM,KAAK,UAAU,EAAY,CACpC,CAAC,EAEO,GACL,MAAU,MAAM,sBAAsB,CAGtC,GAAM,aACN,OAAO,SAAS,QAAQ,EAAK,YAAY,CAIjD,eAAe,EAAO,EAAa,CAK/B,GAAI,EAJQ,MAAM,MAAM,GAAG,EAAQ,SAAS,qBAAsB,CAC9D,OAAQ,OACX,CAAC,EAEO,GACL,MAAU,MAAM,eAAe,CAG/B,GAAM,aACN,OAAO,SAAS,QAAQ,EAAK,YAAY,CAIjD,MAAO,CACH,QACA,SACH"}

package/dist/index-D-dMFhOD.d.mts

@@ -0,0 +1,55 @@
+/*
+    Orange Auth, a simple modular auth library
+    Copyright (C) 2026  Mathieu Dery
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+import { a as Session, i as MaybePromise, l as ConfigOptions, n as IProvider } from "./IProvider-BH8TjziQ.mjs";
+
+//#region packages/orange-auth/providers/Credentials.d.ts
+/**
+ * Configuration options of the Credentials provider
+ */
+type CredentialsConfig<TCredentials extends string> = Readonly<{
+  /**
+   * The name of this provider, should not be changed unless you are
+   * using multiple instance of the same provider.
+   */
+  name?: "credentials" | (string & {});
+  /**
+   * The available fields coming from the request containing credentials.
+   */
+  credentials: TCredentials[];
+  /**
+   * Function that gets called when a user tries to login.
+   * This is where you should look inside your database for the user.
+   * @param credentials An object containing the credentials from the request's body.
+   * @returns A session object if a user is found, or `null`.
+   */
+  authorize: (credentials: Record<TCredentials, string>) => MaybePromise<Session | null>;
+}>;
+/**
+ * Provider used to login a user using basic credentials.
+ */
+declare class Credentials<TCredentials extends string = string> extends IProvider {
+  private config;
+  constructor(config: CredentialsConfig<TCredentials>);
+  logIn(req: Request, globalCfg: ConfigOptions): Promise<{
+    session: Session;
+    token: string;
+  } | null>;
+}
+//#endregion
+export { CredentialsConfig as n, Credentials as t };
+//# sourceMappingURL=index-D-dMFhOD.d.mts.map

package/dist/index-D-dMFhOD.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index-D-dMFhOD.d.mts","names":[],"sources":["../packages/orange-auth/providers/Credentials.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;AAQA;;;AAAA,KAAY,iBAAA,gCAAiD,QAAA;EAgBzB;;;;EAXhC,IAAA;EALiE;;;EASjE,WAAA,EAAa,YAAA;EAJb;;;;;;EAWA,SAAA,GAAY,WAAA,EAAa,MAAA,CAAO,YAAA,cAA0B,YAAA,CAAa,OAAA;AAAA;;;;cAM9D,WAAA,+CAA0D,SAAA;EAAA,QAC3D,MAAA;cAEI,MAAA,EAAQ,iBAAA,CAAkB,YAAA;EAKhB,KAAA,CAClB,GAAA,EAAK,OAAA,EACL,SAAA,EAAW,aAAA,GACZ,OAAA;IAAU,OAAA,EAAS,OAAA;IAAS,KAAA;EAAA;AAAA"}

package/dist/index-DjPz5vTX.d.mts

@@ -0,0 +1,37 @@
+/*
+    Orange Auth, a simple modular auth library
+    Copyright (C) 2026  Mathieu Dery
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+import { a as Session, c as IStrategy, l as ConfigOptions, s as Callbacks } from "./IProvider-BH8TjziQ.mjs";
+import { SignOptions } from "jsonwebtoken";
+
+//#region packages/orange-auth/strategies/jwt.d.ts
+/**
+ * Basic JWT strategy
+ */
+declare class JWT extends IStrategy {
+  /**
+   * Forwarded standard JWT options
+   */
+  private signOptions;
+  constructor(options?: SignOptions, callbacks?: Callbacks);
+  serialize(session: Session, globalCfg: ConfigOptions): Promise<string>;
+  deserialize(token: string, globalCfg: ConfigOptions): Promise<Session | null>;
+  logOut(): Promise<void>;
+}
+//#endregion
+export { JWT as t };
+//# sourceMappingURL=index-DjPz5vTX.d.mts.map

package/dist/index-DjPz5vTX.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index-DjPz5vTX.d.mts","names":[],"sources":["../packages/orange-auth/strategies/jwt.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAKwD;;;AAAA,cAKlD,GAAA,SAAY,SAAA;EAMqD;;;EAAA,QAF3D,WAAA;cAEI,OAAA,GAAS,WAAA,EAAmC,SAAA,GAAW,SAAA;EAM7C,SAAA,CAAU,OAAA,EAAS,OAAA,EAAS,SAAA,EAAW,aAAA,GAAgB,OAAA;EAY7D,WAAA,CAAY,KAAA,UAAe,SAAA,EAAW,aAAA,GAAgB,OAAA,CAAQ,OAAA;EAS9D,MAAA,CAAA,GAAU,OAAA;AAAA"}

package/dist/index.d.mts

@@ -0,0 +1,70 @@
+/*
+    Orange Auth, a simple modular auth library
+    Copyright (C) 2026  Mathieu Dery
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+import { a as Session, c as IStrategy, i as MaybePromise, n as IProvider, o as CookieOptions, r as ConfigOptionsProps, u as Maybe } from "./IProvider-BH8TjziQ.mjs";
+import "./index-DjPz5vTX.mjs";
+import * as _universal_middleware_core0 from "@universal-middleware/core";
+
+//#region packages/orange-auth/lib.d.ts
+/**
+ * Initializes the auth. This should be called once per backend.
+ * @param req Something that has a `headers` field; either a Headers instance, or just a plain object.
+ * @returns A session if found and valid, or `null`.
+ */
+declare const CreateAuth: (config: Readonly<{
+  providers: IProvider[];
+  secret: string;
+  cookieName?: string;
+  strategy: IStrategy;
+  basePath: string;
+  cookieSettings?: CookieOptions;
+  callbacks?: {
+    login?: (params: {
+      token: string;
+      session: Session;
+      headers: Headers;
+    }) => MaybePromise<boolean | string>;
+    logout?: (params: {
+      token: string;
+      session: Session;
+      headers: Headers;
+    }) => MaybePromise<void>;
+  };
+}>) => {
+  /**
+   * Universal handler route. You can use this with the `createHandler()` method
+   * @returns
+   */
+  handler: () => (req: Request, _: Universal.Context, runtime: _universal_middleware_core0.RuntimeAdapter) => Promise<Response>;
+  clientConfig: {
+    basePath: string;
+    providers: string[];
+    cookieName: string;
+  };
+  /**
+   * Deserialize a user's session.
+   * @param globalCfg The global auth config
+   * @param req An object having a headers field
+   * @returns A user's token and session, if found and valid
+   */
+  getSession: (req: {
+    headers: Maybe<Headers | Record<string, string>>;
+  }) => Promise<Session | null>;
+};
+//#endregion
+export { ConfigOptionsProps, CreateAuth, MaybePromise, Session };
+//# sourceMappingURL=index.d.mts.map