npm - peta-auth - Versions diffs - 0.1.1 → 0.1.3 - Mend

peta-auth 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md CHANGED Viewed

@@ -157,11 +157,21 @@ Without a generic parameter, session data defaults to `Record<string, unknown>`.
 ### `requireSession()` guard
-Returns 401 if the session has no user data. Works per-framework:
+Returns 401 if the session has no user data. Optionally checks a specific session key:
-- **Hono**: `app.use('/protected/*', requireSession())` — middleware, path-patterned
+```ts
+// Guard on any session data
+app.use('/api/*', requireSession())
+// Guard on a specific key (e.g. session.userId must be truthy)
+app.use('/admin/*', requireSession('userId'))
+```
+Works per-framework:
+- **Hono**: `app.use('/protected/*', requireSession())` — path-patterned middleware
 - **Elysia**: `app.use(requireSession())` — guards all routes defined after it
-- **Nuxt**: `requireSession(event, session)` — throws `createError({ statusCode: 401 })`
+- **Nuxt**: `requireSession(event, session)` or `requireSession(event, session, 'userId')` — throws `createError({ statusCode: 401 })`
 ### Session object
@@ -226,6 +236,33 @@ if (!validateCsrf(session, body._csrf)) {
 ---
+## Password Reset
+Helpers for forgot/reset password flows using short-lived JWTs.
+```ts
+import { createPasswordResetToken, verifyPasswordResetToken, resetPassword } from 'peta-auth'
+// Generate a token (e.g., in a "forgot password" endpoint)
+const token = await createPasswordResetToken(user.email, {
+  password: process.env.SECRET!,
+  exp: 3600,  // optional, default 1 hour
+})
+// → email token as a link: https://example.com/reset?token=${token}
+// Verify a token (e.g., in a "reset password" endpoint)
+const payload = await verifyPasswordResetToken(token, process.env.SECRET!)
+if (!payload) throw new Error('Invalid or expired token')
+// payload.userId → the email passed to createPasswordResetToken
+// Combined: verify token + hash new password
+const result = await resetPassword(token, newPassword, process.env.SECRET!)
+if (!result) throw new Error('Invalid or expired token')
+users.set(result.userId, { ...user, hash: result.hash })
+```
+---
 ## Low-level
 ```ts
@@ -300,6 +337,7 @@ bun run examples/hono-guard.ts           # Hono — requireSession guard
 bun run examples/elysia-basic.ts         # Elysia — session CRUD, views counter
 bun run examples/elysia-guard.ts         # Elysia — requireSession guard
 bun run examples/password-auth.ts        # Hono — signup + login with bcrypt
+bun run examples/password-reset.ts       # Hono — forgot/reset password flow
 bun run examples/jwt-basic.ts            # JWT sign + verify + tamper detection
 bun run examples/csrf-basic.ts           # Hono — CSRF token form example
 bun run examples/oauth-github.ts         # Hono — GitHub OAuth
@@ -326,7 +364,7 @@ Session data is serialized, encrypted with AES-256-CBC, integrity-protected with
 ## Scripts
 ```bash
-bun test            # 60 tests across 11 files
+bun test            # 74 tests across 12 files
 bun run build       # tsdown → dist/ (21 files, 30 kB)
 bun run prepublish  # build + publish
 ```

package/dist/elysia.d.mts CHANGED Viewed

@@ -34,35 +34,7 @@ declare function session<T extends Record<string, unknown> = Record<string, unkn
   standaloneSchema: {};
   response: {};
 }>;
-declare function requireSession(): (app: Elysia) => Elysia<"", {
-  decorator: {};
-  store: {};
-  derive: {};
-  resolve: {};
-}, {
-  typebox: {};
-  error: {};
-}, {
-  schema: {};
-  standaloneSchema: {};
-  macro: {};
-  macroFn: {};
-  parser: {};
-  response: {};
-}, {}, {
-  derive: {};
-  resolve: {};
-  schema: {};
-  standaloneSchema: {};
-  response: {};
-}, {
-  derive: {};
-  resolve: {};
-  schema: {};
-  standaloneSchema: {};
-  response: {
-    200: Response;
-  };
-}>;
+declare function requireSession(): (app: Elysia) => Elysia;
+declare function requireSession<K extends string>(key: K): (app: Elysia) => Elysia;
 //#endregion
 export { requireSession, session };

package/dist/elysia.mjs CHANGED Viewed

@@ -13,10 +13,10 @@ function session(options) {
 		}, options) };
 	});
 }
-function requireSession() {
+function requireSession(key) {
 	return (app) => app.onBeforeHandle((context) => {
 		const session = context.session;
-		if (!Object.keys(session).some((k) => k !== "save" && k !== "destroy" && k !== "updateConfig")) return new Response(JSON.stringify({ error: "unauthorized" }), {
+		if (!(key ? !!session[key] : Object.keys(session).some((k) => k !== "save" && k !== "destroy" && k !== "updateConfig"))) return new Response(JSON.stringify({ error: "unauthorized" }), {
 			status: 401,
 			headers: { "Content-Type": "application/json" }
 		});

package/dist/hono.d.mts CHANGED Viewed

@@ -8,5 +8,6 @@ declare function session<T extends Record<string, unknown> = Record<string, unkn
   };
 }>;
 declare function requireSession(): MiddlewareHandler;
+declare function requireSession<K extends string>(key: K): MiddlewareHandler;
 //#endregion
 export { requireSession, session };

package/dist/hono.mjs CHANGED Viewed

@@ -11,10 +11,10 @@ function session(options) {
 		await next();
 	});
 }
-function requireSession() {
+function requireSession(key) {
 	return createMiddleware(async (c, next) => {
 		const s = c.var.session;
-		if (!Object.keys(s).some((k) => k !== "save" && k !== "destroy" && k !== "updateConfig")) return c.json({ error: "unauthorized" }, 401);
+		if (!(key ? !!s[key] : Object.keys(s).some((k) => k !== "save" && k !== "destroy" && k !== "updateConfig"))) return c.json({ error: "unauthorized" }, 401);
 		await next();
 	});
 }

package/dist/index.d.mts CHANGED Viewed

@@ -10,4 +10,18 @@ interface HashOptions {
 declare function hashPassword(password: string, options?: HashOptions): Promise<string>;
 declare function verifyPassword(hash: string, password: string): Promise<boolean>;
 //#endregion
-export { type CSRFOptions, type IronSession, type JWTOptions, type Password, type SessionAdapter, type SessionOptions, createSessionFromAdapter, generateCsrf, hashPassword, sealData, signJWT, unsealData, validateCsrf, verifyJWT, verifyPassword };
+//#region src/reset-password.d.ts
+interface PasswordResetOptions {
+  password: Password;
+  exp?: number;
+}
+declare function createPasswordResetToken(userId: string, options: PasswordResetOptions): Promise<string>;
+declare function verifyPasswordResetToken(token: string, password: Password): Promise<{
+  userId: string;
+} | null>;
+declare function resetPassword(token: string, newPassword: string, password: Password): Promise<{
+  userId: string;
+  hash: string;
+} | null>;
+//#endregion
+export { type CSRFOptions, type IronSession, type JWTOptions, type Password, type PasswordResetOptions, type SessionAdapter, type SessionOptions, createPasswordResetToken, createSessionFromAdapter, generateCsrf, hashPassword, resetPassword, sealData, signJWT, unsealData, validateCsrf, verifyJWT, verifyPassword, verifyPasswordResetToken };

package/dist/index.mjs CHANGED Viewed

@@ -10,4 +10,29 @@ async function verifyPassword(hash, password) {
 	return compareSync(password, hash);
 }
 //#endregion
-export { createSessionFromAdapter, generateCsrf, hashPassword, sealData, signJWT, unsealData, validateCsrf, verifyJWT, verifyPassword };
+//#region src/reset-password.ts
+const DEFAULT_EXPIRY = 3600;
+async function createPasswordResetToken(userId, options) {
+	return signJWT({
+		userId,
+		purpose: "password-reset"
+	}, {
+		password: options.password,
+		exp: options.exp ?? DEFAULT_EXPIRY
+	});
+}
+async function verifyPasswordResetToken(token, password) {
+	const payload = await verifyJWT(token, { password });
+	if (!payload || payload.purpose !== "password-reset") return null;
+	return { userId: payload.userId };
+}
+async function resetPassword(token, newPassword, password) {
+	const payload = await verifyPasswordResetToken(token, password);
+	if (!payload) return null;
+	return {
+		userId: payload.userId,
+		hash: await hashPassword(newPassword)
+	};
+}
+//#endregion
+export { createPasswordResetToken, createSessionFromAdapter, generateCsrf, hashPassword, resetPassword, sealData, signJWT, unsealData, validateCsrf, verifyJWT, verifyPassword, verifyPasswordResetToken };

package/dist/nuxt.d.mts CHANGED Viewed

@@ -4,5 +4,6 @@ import { H3Event } from "h3";
 //#region src/nuxt.d.ts
 declare function useSession<T extends Record<string, unknown> = Record<string, unknown>>(event: H3Event, options: SessionOptions): Promise<T & IronSession>;
 declare function requireSession(_event: H3Event, session: IronSession): void;
+declare function requireSession<K extends string>(_event: H3Event, session: IronSession, key: K): void;
 //#endregion
 export { requireSession, useSession };

package/dist/nuxt.mjs CHANGED Viewed

@@ -14,8 +14,8 @@ function useSession(event, options) {
 		cookieOptions: options?.cookieOptions
 	});
 }
-function requireSession(_event, session) {
-	if (!Object.keys(session).some((k) => k !== "save" && k !== "destroy" && k !== "updateConfig")) throw createError({
+function requireSession(_event, session, key) {
+	if (!(key ? !!session[key] : Object.keys(session).some((k) => k !== "save" && k !== "destroy" && k !== "updateConfig"))) throw createError({
 		statusCode: 401,
 		statusMessage: "unauthorized"
 	});

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "peta-auth",
-  "version": "0.1.1",
+  "version": "0.1.3",
   "description": "Encrypted cookie sessions for Bun — Hono, ElysiaJS & Nuxt adapters",
   "type": "module",
   "module": "./dist/index.mjs",