own-auth 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. package/dist/auth-engine.d.ts +227 -0
  2. package/dist/auth-engine.d.ts.map +1 -0
  3. package/dist/auth-engine.js +989 -0
  4. package/dist/auth-engine.js.map +1 -0
  5. package/dist/crypto.d.ts +8 -0
  6. package/dist/crypto.d.ts.map +1 -0
  7. package/dist/crypto.js +69 -0
  8. package/dist/crypto.js.map +1 -0
  9. package/dist/errors.d.ts +9 -0
  10. package/dist/errors.d.ts.map +1 -0
  11. package/dist/errors.js +19 -0
  12. package/dist/errors.js.map +1 -0
  13. package/dist/index.d.ts +14 -0
  14. package/dist/index.d.ts.map +1 -0
  15. package/dist/index.js +7 -0
  16. package/dist/index.js.map +1 -0
  17. package/dist/memory-storage.d.ts +54 -0
  18. package/dist/memory-storage.d.ts.map +1 -0
  19. package/dist/memory-storage.js +244 -0
  20. package/dist/memory-storage.js.map +1 -0
  21. package/dist/normalise.d.ts +5 -0
  22. package/dist/normalise.d.ts.map +1 -0
  23. package/dist/normalise.js +18 -0
  24. package/dist/normalise.js.map +1 -0
  25. package/dist/permissions.d.ts +5 -0
  26. package/dist/permissions.d.ts.map +1 -0
  27. package/dist/permissions.js +31 -0
  28. package/dist/permissions.js.map +1 -0
  29. package/dist/providers.d.ts +35 -0
  30. package/dist/providers.d.ts.map +1 -0
  31. package/dist/providers.js +31 -0
  32. package/dist/providers.js.map +1 -0
  33. package/dist/rate-limit.d.ts +20 -0
  34. package/dist/rate-limit.d.ts.map +1 -0
  35. package/dist/rate-limit.js +33 -0
  36. package/dist/rate-limit.js.map +1 -0
  37. package/dist/storage.d.ts +43 -0
  38. package/dist/storage.d.ts.map +1 -0
  39. package/dist/storage.js +2 -0
  40. package/dist/storage.js.map +1 -0
  41. package/dist/types.d.ts +148 -0
  42. package/dist/types.d.ts.map +1 -0
  43. package/dist/types.js +2 -0
  44. package/dist/types.js.map +1 -0
  45. package/package.json +25 -0
@@ -0,0 +1,31 @@
1
+ const rolePermissions = {
2
+ owner: [
3
+ "manage_organisation",
4
+ "invite_members",
5
+ "remove_members",
6
+ "change_member_roles",
7
+ "view_members",
8
+ "view_audit_events",
9
+ "manage_sessions",
10
+ "manage_api_keys",
11
+ "manage_basic_settings"
12
+ ],
13
+ admin: [
14
+ "invite_members",
15
+ "remove_members",
16
+ "change_member_roles",
17
+ "view_members",
18
+ "view_audit_events",
19
+ "manage_sessions",
20
+ "manage_api_keys",
21
+ "manage_basic_settings"
22
+ ],
23
+ member: ["view_members"]
24
+ };
25
+ export function permissionsForRole(role) {
26
+ return [...rolePermissions[role]];
27
+ }
28
+ export function roleHasPermission(role, permission) {
29
+ return rolePermissions[role].includes(permission);
30
+ }
31
+ //# sourceMappingURL=permissions.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"permissions.js","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAaA,MAAM,eAAe,GAA2C;IAC9D,KAAK,EAAE;QACL,qBAAqB;QACrB,gBAAgB;QAChB,gBAAgB;QAChB,qBAAqB;QACrB,cAAc;QACd,mBAAmB;QACnB,iBAAiB;QACjB,iBAAiB;QACjB,uBAAuB;KACxB;IACD,KAAK,EAAE;QACL,gBAAgB;QAChB,gBAAgB;QAChB,qBAAqB;QACrB,cAAc;QACd,mBAAmB;QACnB,iBAAiB;QACjB,iBAAiB;QACjB,uBAAuB;KACxB;IACD,MAAM,EAAE,CAAC,cAAc,CAAC;CACzB,CAAC;AAEF,MAAM,UAAU,kBAAkB,CAAC,IAAsB;IACvD,OAAO,CAAC,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAsB,EAAE,UAAsB;IAC9E,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AACpD,CAAC"}
@@ -0,0 +1,35 @@
1
+ import type { TokenType } from "./types.js";
2
+ export interface EmailMessage {
3
+ to: string;
4
+ type: Exclude<TokenType, "phone_verification">;
5
+ token: string;
6
+ url: string;
7
+ expiresAt: Date;
8
+ }
9
+ export interface EmailProvider {
10
+ send(message: EmailMessage): Promise<void>;
11
+ }
12
+ export interface SmsMessage {
13
+ to: string;
14
+ purpose: string;
15
+ code: string;
16
+ expiresAt: Date;
17
+ }
18
+ export interface SmsProvider {
19
+ send(message: SmsMessage): Promise<void>;
20
+ }
21
+ export declare class MemoryEmailProvider implements EmailProvider {
22
+ readonly messages: EmailMessage[];
23
+ send(message: EmailMessage): Promise<void>;
24
+ }
25
+ export declare class MemorySmsProvider implements SmsProvider {
26
+ readonly messages: SmsMessage[];
27
+ send(message: SmsMessage): Promise<void>;
28
+ }
29
+ export declare class ConsoleEmailProvider implements EmailProvider {
30
+ send(message: EmailMessage): Promise<void>;
31
+ }
32
+ export declare class ConsoleSmsProvider implements SmsProvider {
33
+ send(message: SmsMessage): Promise<void>;
34
+ }
35
+ //# sourceMappingURL=providers.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"providers.d.ts","sourceRoot":"","sources":["../src/providers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5C,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,OAAO,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5C;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1C;AAED,qBAAa,mBAAoB,YAAW,aAAa;IACvD,QAAQ,CAAC,QAAQ,EAAE,YAAY,EAAE,CAAM;IAEjC,IAAI,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;CAGjD;AAED,qBAAa,iBAAkB,YAAW,WAAW;IACnD,QAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,CAAM;IAE/B,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;CAG/C;AAED,qBAAa,oBAAqB,YAAW,aAAa;IAClD,IAAI,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;CAOjD;AAED,qBAAa,kBAAmB,YAAW,WAAW;IAC9C,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;CAO/C"}
@@ -0,0 +1,31 @@
1
+ export class MemoryEmailProvider {
2
+ messages = [];
3
+ async send(message) {
4
+ this.messages.push(structuredClone(message));
5
+ }
6
+ }
7
+ export class MemorySmsProvider {
8
+ messages = [];
9
+ async send(message) {
10
+ this.messages.push(structuredClone(message));
11
+ }
12
+ }
13
+ export class ConsoleEmailProvider {
14
+ async send(message) {
15
+ console.info("[own-auth email]", {
16
+ to: message.to,
17
+ type: message.type,
18
+ expiresAt: message.expiresAt.toISOString()
19
+ });
20
+ }
21
+ }
22
+ export class ConsoleSmsProvider {
23
+ async send(message) {
24
+ console.info("[own-auth sms]", {
25
+ to: message.to,
26
+ purpose: message.purpose,
27
+ expiresAt: message.expiresAt.toISOString()
28
+ });
29
+ }
30
+ }
31
+ //# sourceMappingURL=providers.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"providers.js","sourceRoot":"","sources":["../src/providers.ts"],"names":[],"mappings":"AAyBA,MAAM,OAAO,mBAAmB;IACrB,QAAQ,GAAmB,EAAE,CAAC;IAEvC,KAAK,CAAC,IAAI,CAAC,OAAqB;QAC9B,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/C,CAAC;CACF;AAED,MAAM,OAAO,iBAAiB;IACnB,QAAQ,GAAiB,EAAE,CAAC;IAErC,KAAK,CAAC,IAAI,CAAC,OAAmB;QAC5B,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/C,CAAC;CACF;AAED,MAAM,OAAO,oBAAoB;IAC/B,KAAK,CAAC,IAAI,CAAC,OAAqB;QAC9B,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAC/B,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;SAC3C,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,kBAAkB;IAC7B,KAAK,CAAC,IAAI,CAAC,OAAmB;QAC5B,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE;YAC7B,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;SAC3C,CAAC,CAAC;IACL,CAAC;CACF"}
@@ -0,0 +1,20 @@
1
+ export interface RateLimitResult {
2
+ count: number;
3
+ resetAt: Date;
4
+ allowed: boolean;
5
+ }
6
+ export interface RateLimitStore {
7
+ hit(key: string, windowMs: number, limit: number): Promise<RateLimitResult>;
8
+ reset(key: string): Promise<void>;
9
+ }
10
+ export declare class InMemoryRateLimitStore implements RateLimitStore {
11
+ private readonly buckets;
12
+ hit(key: string, windowMs: number, limit: number): Promise<RateLimitResult>;
13
+ reset(key: string): Promise<void>;
14
+ }
15
+ export declare function enforceRateLimit(store: RateLimitStore, options: {
16
+ key: string;
17
+ limit: number;
18
+ windowMs: number;
19
+ }): Promise<void>;
20
+ //# sourceMappingURL=rate-limit.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../src/rate-limit.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,IAAI,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAC5E,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnC;AAOD,qBAAa,sBAAuB,YAAW,cAAc;IAC3D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA6B;IAE/C,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAuB3E,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGxC;AAED,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,cAAc,EACrB,OAAO,EAAE;IACP,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CAClB,GACA,OAAO,CAAC,IAAI,CAAC,CAMf"}
@@ -0,0 +1,33 @@
1
+ import { AuthError } from "./errors.js";
2
+ export class InMemoryRateLimitStore {
3
+ buckets = new Map();
4
+ async hit(key, windowMs, limit) {
5
+ const now = Date.now();
6
+ const existing = this.buckets.get(key);
7
+ if (!existing || existing.resetAt.getTime() <= now) {
8
+ const bucket = {
9
+ count: 1,
10
+ resetAt: new Date(now + windowMs)
11
+ };
12
+ this.buckets.set(key, bucket);
13
+ return { ...bucket, allowed: true };
14
+ }
15
+ existing.count += 1;
16
+ this.buckets.set(key, existing);
17
+ return {
18
+ count: existing.count,
19
+ resetAt: existing.resetAt,
20
+ allowed: existing.count <= limit
21
+ };
22
+ }
23
+ async reset(key) {
24
+ this.buckets.delete(key);
25
+ }
26
+ }
27
+ export async function enforceRateLimit(store, options) {
28
+ const result = await store.hit(options.key, options.windowMs, options.limit);
29
+ if (!result.allowed) {
30
+ throw new AuthError("rate_limited", "Too many attempts. Try again later.", 429);
31
+ }
32
+ }
33
+ //# sourceMappingURL=rate-limit.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"rate-limit.js","sourceRoot":"","sources":["../src/rate-limit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAkBxC,MAAM,OAAO,sBAAsB;IAChB,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAErD,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,QAAgB,EAAE,KAAa;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEvC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,GAAG,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG;gBACb,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,GAAG,QAAQ,CAAC;aAClC,CAAC;YACF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC9B,OAAO,EAAE,GAAG,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACtC,CAAC;QAED,QAAQ,CAAC,KAAK,IAAI,CAAC,CAAC;QACpB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAEhC,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,OAAO,EAAE,QAAQ,CAAC,KAAK,IAAI,KAAK;SACjC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAW;QACrB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;CACF;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAqB,EACrB,OAIC;IAED,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAE7E,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,SAAS,CAAC,cAAc,EAAE,qCAAqC,EAAE,GAAG,CAAC,CAAC;IAClF,CAAC;AACH,CAAC"}
@@ -0,0 +1,43 @@
1
+ import type { Account, ApiKey, AuditEvent, AuthToken, Invitation, Organisation, OrganisationMember, Session, SmsOtp, TokenType, User } from "./types.js";
2
+ export interface AuthStorage {
3
+ createUser(user: User): Promise<User>;
4
+ updateUser(id: string, patch: Partial<User>): Promise<User | null>;
5
+ getUserById(id: string): Promise<User | null>;
6
+ getUserByEmail(email: string): Promise<User | null>;
7
+ getUserByPhone(phone: string): Promise<User | null>;
8
+ createAccount(account: Account): Promise<Account>;
9
+ getAccountByProvider(provider: string, providerAccountId: string): Promise<Account | null>;
10
+ createSession(session: Session): Promise<Session>;
11
+ getSessionByTokenHash(tokenHash: string): Promise<Session | null>;
12
+ updateSession(id: string, patch: Partial<Session>): Promise<Session | null>;
13
+ listSessionsByUserId(userId: string): Promise<Session[]>;
14
+ createToken(token: AuthToken): Promise<AuthToken>;
15
+ getTokenByHash(tokenHash: string, type?: TokenType): Promise<AuthToken | null>;
16
+ updateToken(id: string, patch: Partial<AuthToken>): Promise<AuthToken | null>;
17
+ createSmsOtp(otp: SmsOtp): Promise<SmsOtp>;
18
+ getLatestSmsOtp(phone: string, purpose: string): Promise<SmsOtp | null>;
19
+ updateSmsOtp(id: string, patch: Partial<SmsOtp>): Promise<SmsOtp | null>;
20
+ createApiKey(apiKey: ApiKey): Promise<ApiKey>;
21
+ getApiKeyByPrefix(keyPrefix: string): Promise<ApiKey | null>;
22
+ updateApiKey(id: string, patch: Partial<ApiKey>): Promise<ApiKey | null>;
23
+ createOrganisation(organisation: Organisation): Promise<Organisation>;
24
+ updateOrganisation(id: string, patch: Partial<Organisation>): Promise<Organisation | null>;
25
+ getOrganisationById(id: string): Promise<Organisation | null>;
26
+ getOrganisationBySlug(slug: string): Promise<Organisation | null>;
27
+ createOrganisationMember(member: OrganisationMember): Promise<OrganisationMember>;
28
+ updateOrganisationMember(id: string, patch: Partial<OrganisationMember>): Promise<OrganisationMember | null>;
29
+ getOrganisationMember(organisationId: string, userId: string): Promise<OrganisationMember | null>;
30
+ getOrganisationMemberById(id: string): Promise<OrganisationMember | null>;
31
+ listOrganisationMembers(organisationId: string): Promise<OrganisationMember[]>;
32
+ createInvitation(invitation: Invitation): Promise<Invitation>;
33
+ updateInvitation(id: string, patch: Partial<Invitation>): Promise<Invitation | null>;
34
+ getInvitationById(id: string): Promise<Invitation | null>;
35
+ getPendingInvitationByOrganisationAndEmail(organisationId: string, email: string): Promise<Invitation | null>;
36
+ createAuditEvent(event: AuditEvent): Promise<AuditEvent>;
37
+ listAuditEvents(filter?: {
38
+ userId?: string;
39
+ organisationId?: string;
40
+ apiKeyId?: string;
41
+ }): Promise<AuditEvent[]>;
42
+ }
43
+ //# sourceMappingURL=storage.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../src/storage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,OAAO,EACP,MAAM,EACN,UAAU,EACV,SAAS,EACT,UAAU,EACV,YAAY,EACZ,kBAAkB,EAClB,OAAO,EACP,MAAM,EACN,SAAS,EACT,IAAI,EACL,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACtC,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACnE,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IAC9C,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACpD,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IAEpD,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAClD,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IAE3F,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAClD,qBAAqB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IAClE,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IAC5E,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAEzD,WAAW,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAClD,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAC/E,WAAW,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAE9E,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC3C,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACxE,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEzE,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9C,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC7D,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEzE,kBAAkB,CAAC,YAAY,EAAE,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACtE,kBAAkB,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;IAC3F,mBAAmB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;IAC9D,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;IAElE,wBAAwB,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAClF,wBAAwB,CACtB,EAAE,EAAE,MAAM,EACV,KAAK,EAAE,OAAO,CAAC,kBAAkB,CAAC,GACjC,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IACtC,qBAAqB,CACnB,cAAc,EAAE,MAAM,EACtB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IACtC,yBAAyB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IAC1E,uBAAuB,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAE/E,gBAAgB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAC9D,gBAAgB,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACrF,iBAAiB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAC1D,0CAA0C,CACxC,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE9B,gBAAgB,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IACzD,eAAe,CAAC,MAAM,CAAC,EAAE;QACvB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;CAC3B"}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=storage.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"storage.js","sourceRoot":"","sources":["../src/storage.ts"],"names":[],"mappings":""}
@@ -0,0 +1,148 @@
1
+ export type JsonRecord = Record<string, unknown>;
2
+ export type AccountProvider = "password" | "magic_link" | "phone";
3
+ export type TokenType = "email_verification" | "password_reset" | "magic_link" | "organisation_invite" | "phone_verification";
4
+ export type SmsOtpPurpose = "phone_login" | "phone_verification" | "account_recovery";
5
+ export type ApiKeyStatus = "active" | "revoked";
6
+ export type OrganisationRole = "owner" | "admin" | "member";
7
+ export type MemberStatus = "active" | "suspended" | "removed";
8
+ export type InvitationStatus = "pending" | "accepted" | "expired" | "revoked";
9
+ export type AuditEventType = "user.signed_up" | "user.signed_in" | "user.signed_out" | "user.disabled" | "user.re_enabled" | "session.created" | "session.revoked" | "session.revoked_all" | "magic_link.requested" | "magic_link.used" | "email_verification.requested" | "email.verified" | "sms_otp.sent" | "sms_otp.verified" | "phone.verified" | "password_reset.requested" | "password.changed" | "api_key.created" | "api_key.revoked" | "api_key.used" | "organisation.created" | "organisation.updated" | "member.invited" | "invite.accepted" | "invite.revoked" | "member.removed" | "member.role_changed";
10
+ export interface RequestContext {
11
+ ipAddress?: string;
12
+ userAgent?: string;
13
+ }
14
+ export interface User {
15
+ id: string;
16
+ email: string | null;
17
+ emailVerifiedAt: Date | null;
18
+ phone: string | null;
19
+ phoneVerifiedAt: Date | null;
20
+ passwordHash: string | null;
21
+ name: string | null;
22
+ imageUrl: string | null;
23
+ disabledAt: Date | null;
24
+ metadata: JsonRecord;
25
+ createdAt: Date;
26
+ updatedAt: Date;
27
+ lastLoginAt: Date | null;
28
+ }
29
+ export interface Account {
30
+ id: string;
31
+ userId: string;
32
+ provider: AccountProvider;
33
+ providerAccountId: string;
34
+ providerEmail: string | null;
35
+ providerPhone: string | null;
36
+ createdAt: Date;
37
+ updatedAt: Date;
38
+ }
39
+ export interface Session {
40
+ id: string;
41
+ userId: string;
42
+ tokenHash: string;
43
+ createdAt: Date;
44
+ lastActiveAt: Date;
45
+ expiresAt: Date;
46
+ idleExpiresAt: Date;
47
+ ipAddress: string | null;
48
+ userAgent: string | null;
49
+ revokedAt: Date | null;
50
+ revokeReason: string | null;
51
+ }
52
+ export interface AuthToken {
53
+ id: string;
54
+ tokenHash: string;
55
+ type: TokenType;
56
+ userId: string | null;
57
+ email: string | null;
58
+ phone: string | null;
59
+ organisationId: string | null;
60
+ expiresAt: Date;
61
+ usedAt: Date | null;
62
+ createdAt: Date;
63
+ }
64
+ export interface SmsOtp {
65
+ id: string;
66
+ phone: string;
67
+ userId: string | null;
68
+ codeHash: string;
69
+ purpose: SmsOtpPurpose;
70
+ expiresAt: Date;
71
+ attempts: number;
72
+ maxAttempts: number;
73
+ consumedAt: Date | null;
74
+ createdAt: Date;
75
+ lastSentAt: Date;
76
+ }
77
+ export interface ApiKey {
78
+ id: string;
79
+ keyPrefix: string;
80
+ keyHash: string;
81
+ name: string;
82
+ userId: string | null;
83
+ organisationId: string | null;
84
+ scopes: string[];
85
+ status: ApiKeyStatus;
86
+ expiresAt: Date | null;
87
+ lastUsedAt: Date | null;
88
+ createdAt: Date;
89
+ revokedAt: Date | null;
90
+ revokedBy: string | null;
91
+ metadata: JsonRecord;
92
+ }
93
+ export interface Organisation {
94
+ id: string;
95
+ name: string;
96
+ slug: string;
97
+ ownerUserId: string;
98
+ metadata: JsonRecord;
99
+ createdAt: Date;
100
+ updatedAt: Date;
101
+ disabledAt: Date | null;
102
+ }
103
+ export interface OrganisationMember {
104
+ id: string;
105
+ organisationId: string;
106
+ userId: string;
107
+ role: OrganisationRole;
108
+ status: MemberStatus;
109
+ joinedAt: Date | null;
110
+ removedAt: Date | null;
111
+ createdAt: Date;
112
+ updatedAt: Date;
113
+ }
114
+ export interface Invitation {
115
+ id: string;
116
+ organisationId: string;
117
+ email: string | null;
118
+ phone: string | null;
119
+ role: OrganisationRole;
120
+ invitedByUserId: string;
121
+ status: InvitationStatus;
122
+ expiresAt: Date;
123
+ acceptedAt: Date | null;
124
+ revokedAt: Date | null;
125
+ createdAt: Date;
126
+ }
127
+ export interface AuditEvent {
128
+ id: string;
129
+ eventType: AuditEventType;
130
+ actorUserId: string | null;
131
+ targetUserId: string | null;
132
+ organisationId: string | null;
133
+ apiKeyId: string | null;
134
+ ipAddress: string | null;
135
+ userAgent: string | null;
136
+ metadata: JsonRecord;
137
+ createdAt: Date;
138
+ }
139
+ export interface CurrentSession {
140
+ session: Session;
141
+ user: User;
142
+ }
143
+ export interface VerifiedApiKey {
144
+ apiKey: ApiKey;
145
+ user: User | null;
146
+ organisation: Organisation | null;
147
+ }
148
+ //# sourceMappingURL=types.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAEjD,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,YAAY,GAAG,OAAO,CAAC;AAElE,MAAM,MAAM,SAAS,GACjB,oBAAoB,GACpB,gBAAgB,GAChB,YAAY,GACZ,qBAAqB,GACrB,oBAAoB,CAAC;AAEzB,MAAM,MAAM,aAAa,GAAG,aAAa,GAAG,oBAAoB,GAAG,kBAAkB,CAAC;AAEtF,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,SAAS,CAAC;AAEhD,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,OAAO,GAAG,QAAQ,CAAC;AAE5D,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,WAAW,GAAG,SAAS,CAAC;AAE9D,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,UAAU,GAAG,SAAS,GAAG,SAAS,CAAC;AAE9E,MAAM,MAAM,cAAc,GACtB,gBAAgB,GAChB,gBAAgB,GAChB,iBAAiB,GACjB,eAAe,GACf,iBAAiB,GACjB,iBAAiB,GACjB,iBAAiB,GACjB,qBAAqB,GACrB,sBAAsB,GACtB,iBAAiB,GACjB,8BAA8B,GAC9B,gBAAgB,GAChB,cAAc,GACd,kBAAkB,GAClB,gBAAgB,GAChB,0BAA0B,GAC1B,kBAAkB,GAClB,iBAAiB,GACjB,iBAAiB,GACjB,cAAc,GACd,sBAAsB,GACtB,sBAAsB,GACtB,gBAAgB,GAChB,iBAAiB,GACjB,gBAAgB,GAChB,gBAAgB,GAChB,qBAAqB,CAAC;AAE1B,MAAM,WAAW,cAAc;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;IAC7B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;IAC7B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,QAAQ,EAAE,UAAU,CAAC;IACrB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW,EAAE,IAAI,GAAG,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,eAAe,CAAC;IAC1B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,YAAY,EAAE,IAAI,CAAC;IACnB,SAAS,EAAE,IAAI,CAAC;IAChB,aAAa,EAAE,IAAI,CAAC;IACpB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,SAAS,CAAC;IAChB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,SAAS,EAAE,IAAI,CAAC;IAChB,MAAM,EAAE,IAAI,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,aAAa,CAAC;IACvB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,IAAI,CAAC;IAChB,UAAU,EAAE,IAAI,CAAC;CAClB;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,MAAM,EAAE,YAAY,CAAC;IACrB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,UAAU,CAAC;CACtB;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,CAAC;IACrB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;CACzB;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,gBAAgB,CAAC;IACvB,MAAM,EAAE,YAAY,CAAC;IACrB,QAAQ,EAAE,IAAI,GAAG,IAAI,CAAC;IACtB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,cAAc,EAAE,MAAM,CAAC;IACvB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,EAAE,gBAAgB,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,gBAAgB,CAAC;IACzB,SAAS,EAAE,IAAI,CAAC;IAChB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,cAAc,CAAC;IAC1B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,UAAU,CAAC;IACrB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,IAAI,CAAC;CACZ;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;IAClB,YAAY,EAAE,YAAY,GAAG,IAAI,CAAC;CACnC"}
package/dist/types.js ADDED
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=types.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}
package/package.json ADDED
@@ -0,0 +1,25 @@
1
+ {
2
+ "name": "own-auth",
3
+ "version": "0.1.0",
4
+ "type": "module",
5
+ "description": "Framework-independent auth engine for Own Auth.",
6
+ "main": "./dist/index.js",
7
+ "types": "./dist/index.d.ts",
8
+ "files": [
9
+ "dist"
10
+ ],
11
+ "publishConfig": {
12
+ "access": "public"
13
+ },
14
+ "exports": {
15
+ ".": {
16
+ "types": "./dist/index.d.ts",
17
+ "default": "./dist/index.js"
18
+ }
19
+ },
20
+ "scripts": {
21
+ "build": "tsc -p tsconfig.json",
22
+ "test": "vitest run",
23
+ "typecheck": "tsc -p tsconfig.json --noEmit"
24
+ }
25
+ }