prostgles-server 4.2.160 → 4.2.161

package/lib/Auth/AuthHandler.ts

@@ -0,0 +1,436 @@
+import { AnyObject, AuthGuardLocation, AuthGuardLocationResponse, CHANNELS, AuthSocketSchema } from "prostgles-types";
+import { LocalParams, PRGLIOSocket } from "../DboBuilder/DboBuilder";
+import { DBOFullyTyped } from "../DBSchemaBuilder";
+import { removeExpressRoute } from "../FileManager/FileManager";
+import { DB, DBHandlerServer, Prostgles } from "../Prostgles";
+import { Auth, AuthClientRequest, AuthResult, BasicSession, ExpressReq, ExpressRes, LoginClientInfo, LoginParams } from "./AuthTypes"
+import { getSafeReturnURL } from "./getSafeReturnURL";
+import { setupAuthRoutes } from "./setupAuthRoutes";
+import { getProviders } from "./setAuthProviders";
+
+export const HTTPCODES = { 
+  AUTH_ERROR: 401,
+  NOT_FOUND: 404,
+  BAD_REQUEST: 400,
+  INTERNAL_SERVER_ERROR: 500,
+};
+
+export const getLoginClientInfo = (req: AuthClientRequest): AuthClientRequest & LoginClientInfo => {
+  if("httpReq" in req){
+    const ip_address = req.httpReq.ip;
+    if(!ip_address) throw new Error("ip_address missing from req.httpReq");
+    const user_agent = req.httpReq.headers["user-agent"];
+    return { 
+      ...req, 
+      ip_address,
+      ip_address_remote: req.httpReq.connection.remoteAddress,
+      x_real_ip: req.httpReq.headers['x-real-ip'] as any,
+      user_agent,
+    };
+  } else {
+    return {
+      ...req,
+      ip_address: req.socket.handshake.address,
+      ip_address_remote: req.socket.request.connection.remoteAddress,
+      x_real_ip: req.socket.handshake.headers?.["x-real-ip"],
+      user_agent: req.socket.handshake.headers?.['user-agent'],
+    }
+  }
+}
+
+export const AUTH_ROUTES_AND_PARAMS = {
+  login: "/login",
+  loginWithProvider: "/auth",
+  emailSignup: "/register",
+  returnUrlParamName: "returnURL",
+  sidKeyName: "session_id",
+  logoutGetPath: "/logout",
+  magicLinksRoute: "/magic-link",
+  magicLinksExpressRoute: "/magic-link/:id",
+  confirmEmail: "/confirm-email",
+  confirmEmailExpressRoute: "/confirm-email/:id",
+  catchAll: "*",
+} as const;
+
+export class AuthHandler {
+  protected prostgles: Prostgles;
+  protected opts?: Auth;
+  dbo: DBHandlerServer;
+  db: DB;
+
+  constructor(prostgles: Prostgles) {
+    this.prostgles = prostgles;
+    this.opts = prostgles.opts.auth as any;
+    if(!prostgles.dbo || !prostgles.db) throw "dbo or db missing";
+    this.dbo = prostgles.dbo;
+    this.db = prostgles.db;
+  }
+
+  get sidKeyName() {
+    return this.opts?.sidKeyName ?? AUTH_ROUTES_AND_PARAMS.sidKeyName;
+  }
+
+  validateSid = (sid: string | undefined) => {
+    if (!sid) return undefined;
+    if (typeof sid !== "string") throw "sid missing or not a string";
+    return sid;
+  }
+
+  matchesRoute = (route: string | undefined, clientFullRoute: string) => {
+    return route && clientFullRoute && (
+      route === clientFullRoute ||
+      clientFullRoute.startsWith(route) && ["/", "?", "#"].includes(clientFullRoute[route.length] ?? "")
+    )
+  }
+
+  isUserRoute = (pathname: string) => {
+    const { login, logoutGetPath, magicLinksRoute, loginWithProvider } = AUTH_ROUTES_AND_PARAMS;
+    const pubRoutes = [
+      ...this.opts?.expressConfig?.publicRoutes || [],
+      login, logoutGetPath, magicLinksRoute, loginWithProvider,
+    ].filter(publicRoute => publicRoute);
+
+    return !pubRoutes.some(publicRoute => {
+      return this.matchesRoute(publicRoute, pathname);
+    });
+  }
+
+  setCookieAndGoToReturnURLIFSet = (cookie: { sid: string; expires: number; }, r: { req: ExpressReq; res: ExpressRes }) => {
+    const { sid, expires } = cookie;
+    const { res, req } = r;
+    if (sid) {
+      const maxAgeOneDay = 60 * 60 * 24; // 24 hours;
+      type CD = { maxAge: number } | { expires: Date }
+      let cookieDuration: CD = {
+        maxAge: maxAgeOneDay
+      }
+      if(expires && Number.isFinite(expires) && !isNaN(+ new Date(expires))){
+        // const maxAge = (+new Date(expires)) - Date.now();
+        cookieDuration = { expires: new Date(expires) };
+        const days = (+cookieDuration.expires - Date.now())/(24 * 60 * 60e3);
+        if(days >= 400){
+          console.warn(`Cookie expiration is higher than the Chrome 400 day limit: ${days}days`)
+        }
+      }
+      
+      const cookieOpts = { 
+        ...cookieDuration, 
+        httpOnly: true, // The cookie only accessible by the web server
+        //signed: true // Indicates if the cookie should be signed
+        secure: true, 
+        sameSite: "strict" as const, 
+        ...(this.opts?.expressConfig?.cookieOptions || {}) 
+      };
+      const cookieData = sid;
+      res.cookie(this.sidKeyName, cookieData, cookieOpts);
+      const successURL = this.getReturnUrl(req) || "/";
+      res.redirect(successURL);
+
+    } else {
+      throw ("no user or session")
+    }
+  }
+
+  getUser = async (clientReq: { httpReq: ExpressReq; }): Promise<AuthResult> => {
+    if(!this.opts?.getUser) {
+      throw "this.opts.getUser missing";
+    }
+    const sid = clientReq.httpReq?.cookies?.[this.sidKeyName];
+    if (!sid) return undefined;
+
+    try {
+      return this.throttledFunc(async () => {
+        return this.opts!.getUser(this.validateSid(sid), this.dbo as any, this.db, getLoginClientInfo(clientReq));
+      }, 50)
+    } catch (err) {
+      console.error(err);
+    }
+    return undefined;
+  }
+
+  init = setupAuthRoutes.bind(this);
+
+  getReturnUrl = (req: ExpressReq) => {
+    const { returnUrlParamName } = AUTH_ROUTES_AND_PARAMS;
+    if (returnUrlParamName && req?.query?.[returnUrlParamName]) {
+      const returnURL = decodeURIComponent(req?.query?.[returnUrlParamName] as string);
+      
+      return getSafeReturnURL(returnURL, returnUrlParamName);
+    }
+    return null;
+  }
+
+  destroy = () => {
+    const app = this.opts?.expressConfig?.app;
+    const { login, logoutGetPath, magicLinksExpressRoute, catchAll, loginWithProvider, emailSignup, magicLinksRoute, confirmEmail, confirmEmailExpressRoute } = AUTH_ROUTES_AND_PARAMS;
+    removeExpressRoute(app, [login, logoutGetPath, magicLinksExpressRoute, catchAll, loginWithProvider, emailSignup, magicLinksRoute, confirmEmail, confirmEmailExpressRoute]);
+  }
+
+  throttledFunc = <T>(func: () => Promise<T>, throttle = 500): Promise<T> => {
+
+    return new Promise(async (resolve, reject) => {
+
+      let result: any, error: any, finished = false;
+
+      /**
+       * Throttle reject response times to prevent timing attacks
+       */
+      const interval = setInterval(() => {
+        if (finished) {
+          clearInterval(interval);
+          if (error) {
+            reject(error);
+          } else {
+            resolve(result)
+          }
+        }
+      }, throttle);
+
+
+      try {
+        result = await func();
+        resolve(result);
+        clearInterval(interval);
+      } catch (err) {
+        console.log(err)
+        error = err;
+      }
+
+      finished = true;
+    })
+  }
+
+  loginThrottled = async (params: LoginParams, client: LoginClientInfo): Promise<BasicSession> => {
+    if (!this.opts?.login) throw "Auth login config missing";
+    const { responseThrottle = 500 } = this.opts;
+
+    return this.throttledFunc(async () => {
+      const result = await this.opts?.login?.(params, this.dbo as DBOFullyTyped, this.db, client);
+      const err = {
+        msg: "Bad login result type. \nExpecting: undefined | null | { sid: string; expires: number } but got: " + JSON.stringify(result) 
+      }
+      
+      if(!result) throw err;
+      if(result && (typeof result.sid !== "string" || typeof result.expires !== "number") || !result && ![undefined, null].includes(result)) {
+        throw err
+      }
+      if(result && result.expires < Date.now()){
+        throw { msg: "auth.login() is returning an expired session. Can only login with a session.expires greater than Date.now()" }
+      }
+
+      return result;
+    }, responseThrottle);
+
+  };
+
+  loginThrottledAndSetCookie = async (req: ExpressReq, res: ExpressRes, loginParams: LoginParams) => {
+    const start = Date.now();
+    const { sid, expires } = await this.loginThrottled(loginParams, getLoginClientInfo({ httpReq: req })) || {};
+    await this.prostgles.opts.onLog?.({
+      type: "auth",
+      command: "login",
+      duration: Date.now() - start,
+      sid,
+      socketId: undefined,
+    });
+    
+    if (sid) {
+
+      this.setCookieAndGoToReturnURLIFSet({ sid, expires }, { req, res });
+
+    } else {
+      throw ("Internal error: no user or session")
+    }
+  }
+
+
+  /**
+   * Will return first sid value found in:
+   *  Bearer header 
+   *  http cookie 
+   *  query params
+   * Based on sid names in auth
+   */
+  getSID(localParams: LocalParams): string | undefined {
+    if (!this.opts) return undefined;
+
+    if (!localParams) return undefined;
+    const { sidKeyName } = this;
+    if (localParams.socket) {
+      const { handshake } = localParams.socket;
+      const querySid = handshake?.auth?.[sidKeyName] || handshake?.query?.[sidKeyName];
+      let rawSid = querySid;
+      if (!rawSid) {
+        const cookie_str = localParams.socket?.handshake?.headers?.cookie;
+        const cookie = parseCookieStr(cookie_str);
+        rawSid = cookie[sidKeyName];
+      }
+      return this.validateSid(rawSid);
+
+    } else if (localParams.httpReq) {
+      const [tokenType, base64Token] = localParams.httpReq.headers.authorization?.split(' ') ?? [];
+      let bearerSid: string | undefined;
+      if(tokenType && base64Token){
+        if(tokenType.trim() !== "Bearer"){
+          throw "Only Bearer Authorization header allowed";
+        }
+        bearerSid = Buffer.from(base64Token, 'base64').toString();
+      }
+      return this.validateSid(bearerSid ?? localParams.httpReq?.cookies?.[sidKeyName]);
+
+    } else throw "socket OR httpReq missing from localParams";
+
+    function parseCookieStr(cookie_str: string | undefined): any {
+      if (!cookie_str || typeof cookie_str !== "string") {
+        return {}
+      }
+
+      return cookie_str.replace(/\s/g, '')
+        .split(";")
+        .reduce<AnyObject>((prev, current) => {
+          const [name, value] = current.split('=');
+          prev[name!] = value;
+          return prev;
+        }, {});
+    }
+  }
+
+  /**
+   * Used for logging
+   */
+  getSIDNoError = (localParams: LocalParams | undefined): string | undefined => {
+    if(!localParams) return undefined;
+    try {
+      return this.getSID(localParams);
+    } catch {
+      return undefined;
+    }
+  }
+
+  async getClientInfo(localParams: Pick<LocalParams, "socket" | "httpReq">): Promise<AuthResult> {
+    if (!this.opts) return {};
+
+    const getSession = this.opts.cacheSession?.getSession;
+    const isSocket = "socket" in localParams;
+    if(isSocket){
+      if(getSession && localParams.socket?.__prglCache){
+        const { session, user, clientUser } = localParams.socket.__prglCache;
+        const isValid = this.isValidSocketSession(localParams.socket, session)
+        if(isValid){
+  
+          return {
+            sid: session.sid,
+            user, 
+            clientUser,
+          }
+        } else return {
+          sid: session.sid
+        };
+      } 
+    }
+
+    const authStart = Date.now();
+    const res = await this.throttledFunc(async () => {
+
+      const { getUser } = this.opts ?? {};
+
+      if (getUser && localParams && (localParams.httpReq || localParams.socket)) {
+        const sid = this.getSID(localParams);
+        const clientReq = localParams.httpReq? { httpReq: localParams.httpReq } : { socket: localParams.socket! };
+        let user, clientUser;
+        if(sid){
+          const res = await getUser(sid, this.dbo as any, this.db, getLoginClientInfo(clientReq)) as any;
+          user = res?.user;
+          clientUser = res?.clientUser;
+        }
+        if(getSession && isSocket){
+          const session = await getSession(sid, this.dbo as any, this.db)
+          if(session?.expires && user && clientUser && localParams.socket){
+            localParams.socket.__prglCache = { 
+              session,
+              user, 
+              clientUser,
+            }
+          }
+        }
+        if(sid) {
+          return { sid, user, clientUser }
+        }
+      }
+  
+      return {};
+    }, 5);
+
+    await this.prostgles.opts.onLog?.({ 
+      type: "auth", 
+      command: "getClientInfo", 
+      duration: Date.now() - authStart,
+      sid: res.sid,
+      socketId: localParams.socket?.id,
+    });
+    return res;
+  }
+
+  isValidSocketSession = (socket: PRGLIOSocket, session: BasicSession): boolean => {
+    const hasExpired = Boolean(session && session.expires <= Date.now())
+    if(this.opts?.expressConfig?.publicRoutes && !this.opts.expressConfig?.disableSocketAuthGuard){
+      const error = "Session has expired";
+      if(hasExpired){
+        if(session.onExpiration === "redirect")
+        socket.emit(CHANNELS.AUTHGUARD, { 
+          shouldReload: session.onExpiration === "redirect",
+          error
+        });
+        throw error;
+      }
+    }
+    return Boolean(session && !hasExpired);
+  }
+
+  getClientAuth = async (clientReq: Pick<LocalParams, "socket" | "httpReq">): Promise<{ auth: AuthSocketSchema; userData: AuthResult; }> => {
+
+    let pathGuard = false;
+    if (this.opts?.expressConfig?.publicRoutes && !this.opts.expressConfig?.disableSocketAuthGuard) {
+
+      pathGuard = true;
+
+      if("socket" in clientReq && clientReq.socket){
+        const { socket } = clientReq;
+        socket.removeAllListeners(CHANNELS.AUTHGUARD)
+        socket.on(CHANNELS.AUTHGUARD, async (params: AuthGuardLocation, cb = (_err: any, _res?: AuthGuardLocationResponse) => { /** EMPTY */ }) => {
+  
+          try {
+  
+            const { pathname, origin } = typeof params === "string" ? JSON.parse(params) : (params || {});
+            if (pathname && typeof pathname !== "string") {
+              console.warn("Invalid pathname provided for AuthGuardLocation: ", pathname);
+            }
+            
+            /** These origins  */
+            const IGNORED_API_ORIGINS = ["file://"]
+            if (!IGNORED_API_ORIGINS.includes(origin) && pathname && typeof pathname === "string" && this.isUserRoute(pathname) && !(await this.getClientInfo({ socket }))?.user) {
+              cb(null, { shouldReload: true });
+            } else {
+              cb(null, { shouldReload: false });
+            }
+  
+          } catch (err) {
+            console.error("AUTHGUARD err: ", err);
+            cb(err)
+          }
+        });
+
+      }
+    }
+
+    const userData = await this.getClientInfo(clientReq);
+    const auth: AuthSocketSchema = {
+      providers: getProviders.bind(this)(),
+      register: this.opts?.expressConfig?.registrations?.email && { type: this.opts?.expressConfig?.registrations?.email.signupType, url: AUTH_ROUTES_AND_PARAMS.emailSignup },
+      user: userData?.clientUser,
+      loginType: this.opts?.expressConfig?.registrations?.email?.signupType,
+      pathGuard,
+    };
+    return { auth, userData };
+  }
+}

package/lib/Auth/AuthTypes.ts

@@ -0,0 +1,280 @@
+import { Express, NextFunction, Request, Response } from "express";
+import { AnyObject, FieldFilter, IdentityProvider, UserLike } from "prostgles-types";
+import { DB } from "../Prostgles";
+import { DBOFullyTyped } from "../DBSchemaBuilder";
+import { PRGLIOSocket } from "../DboBuilder/DboBuilderTypes";
+import type { AuthenticateOptions } from "passport";
+import type { StrategyOptions as GoogleStrategy, Profile as GoogleProfile } from "passport-google-oauth20";
+import type { StrategyOptions as GitHubStrategy, Profile as GitHubProfile } from "passport-github2";
+import type { MicrosoftStrategyOptions } from "passport-microsoft";
+import type { StrategyOptions as FacebookStrategy, Profile as FacebookProfile } from "passport-facebook";
+import Mail from "nodemailer/lib/mailer";
+
+type Awaitable<T> = T | Promise<T>;
+
+export type ExpressReq = Request;
+export type ExpressRes = Response;
+
+export type LoginClientInfo = {
+  ip_address: string;
+  ip_address_remote: string | undefined;
+  x_real_ip: string | undefined;
+  user_agent: string | undefined;
+};
+
+export type BasicSession = {
+
+  /** Must be hard to bruteforce */
+  sid: string;
+
+  /** UNIX millisecond timestamp */
+  expires: number;
+
+  /** On expired */
+  onExpiration: "redirect" | "show_error";
+};
+export type AuthClientRequest = { socket: PRGLIOSocket } | { httpReq: ExpressReq };
+
+type ThirdPartyProviders = {
+  facebook?: Pick<FacebookStrategy, "clientID" | "clientSecret"> & {
+    authOpts?: AuthenticateOptions;
+  };
+  google?: Pick<GoogleStrategy, "clientID" | "clientSecret"> & {
+    authOpts?: AuthenticateOptions;
+  };
+  github?: Pick<GitHubStrategy, "clientID" | "clientSecret"> & {
+    authOpts?: AuthenticateOptions;
+  };
+  microsoft?: Pick<MicrosoftStrategyOptions, "clientID" | "clientSecret"> & {
+    authOpts?: AuthenticateOptions;
+  };
+};
+
+export type SMTPConfig = {
+  type: "smtp";
+  host: string;
+  port: number;
+  secure: boolean;
+  user: string;
+  pass: string;
+} | {
+  type: "aws-ses";
+  region: string;
+  accessKeyId: string;
+  secretAccessKey: string;
+  /**
+   * Sending rate per second
+   * Defaults to 1
+   */
+  sendingRate?: number;
+}
+
+export type Email = {
+  from: string;
+  to: string;
+  subject: string;
+  html: string;
+  text?: string;
+  attachments?: { filename: string; content: string; }[] | Mail.Attachment[];
+}
+
+type EmailWithoutTo = Omit<Email, "to">;
+
+type EmailProvider = 
+| {
+  signupType: "withMagicLink";
+  onRegistered: (data: { username: string; }) => void | Promise<void>;
+  emailMagicLink:  {
+    onSend: (data: { email: string; magicLinkPath: string; }) => EmailWithoutTo | Promise<EmailWithoutTo>;
+    smtp: SMTPConfig;
+  };
+} 
+| {
+  signupType: "withPassword";
+  onRegistered: (data: { username: string; password: string; }) => void | Promise<void>;
+  /**
+   * Defaults to 8
+   */
+  minPasswordLength?: number;
+  /**
+   * If provided, the user will be required to confirm their email address
+   */
+  emailConfirmation?: {
+    onSend: (data: { email: string; confirmationUrlPath: string; }) => EmailWithoutTo | Promise<EmailWithoutTo>;
+    smtp: SMTPConfig;
+    onConfirmed: (data: { confirmationCode: string; }) => void | Promise<void>;
+  };
+};
+
+export type AuthProviderUserData = 
+| {
+  provider: "google";
+  profile: GoogleProfile;
+  accessToken: string; 
+  refreshToken: string;
+}
+| {
+  provider: "github";
+  profile: GitHubProfile;
+  accessToken: string; 
+  refreshToken: string;
+}
+| {
+  provider: "facebook";
+  profile: FacebookProfile;
+  accessToken: string; 
+  refreshToken: string;
+}
+| {
+  provider: "microsoft";
+  profile: any;
+  accessToken: string; 
+  refreshToken: string;
+}
+
+export type RegistrationData = 
+| {
+  provider: "email";
+  profile: {
+    username: string;
+    password: string;
+  }
+} 
+| AuthProviderUserData;
+
+export type AuthRegistrationConfig<S> = {
+  email?: EmailProvider;
+
+  OAuthProviders?: ThirdPartyProviders;
+
+  /**
+   * Required for social login callback
+   */
+  websiteUrl: string;
+
+  /**
+   * Used to stop abuse
+   */
+  onProviderLoginStart?: (data: { provider: IdentityProvider; dbo: DBOFullyTyped<S>, db: DB; req: ExpressReq, res: ExpressRes; clientInfo: LoginClientInfo }) => Promise<{ error: string; } | { ok: true; }>;
+
+  /**
+   * Used to identify abuse
+   */
+  onProviderLoginFail?: (data: { provider: IdentityProvider; error: any; dbo: DBOFullyTyped<S>, db: DB; req: ExpressReq, res: ExpressRes; clientInfo: LoginClientInfo }) => void | Promise<void>;
+};
+
+export type SessionUser<ServerUser extends UserLike = UserLike, ClientUser extends UserLike = UserLike> = {
+  /** 
+   * This user will be available in all serverside prostgles options
+   * id and type values will be available in the prostgles.user session variable in postgres
+   * */
+  user: ServerUser;
+  /**
+   * Controls which fields from user are available in postgres session variable
+   */
+  sessionFields?: FieldFilter<ServerUser>;
+  /**
+   * User data sent to the authenticated client
+   */
+  clientUser: ClientUser;
+}
+
+export type AuthResult<SU = SessionUser> = SU & { sid: string; } | {
+  user?: undefined; 
+  clientUser?: undefined; 
+  sid?: string;
+} | undefined;
+
+export type AuthRequestParams<S, SUser extends SessionUser> = { db: DB, dbo: DBOFullyTyped<S>; getUser: () => Promise<AuthResult<SUser>> }
+
+export type Auth<S = void, SUser extends SessionUser = SessionUser> = {
+  /**
+   * Name of the cookie or socket hadnshake query param that represents the session id. 
+   * Defaults to "session_id"
+   */
+  sidKeyName?: string;
+
+  /**
+   * Response time rounding in milliseconds to prevent timing attacks on login. Login response time should always be a multiple of this value. Defaults to 500 milliseconds
+   */
+  responseThrottle?: number;
+
+  /**
+   * Will setup auth routes 
+   *  /login
+   *  /logout
+   *  /magic-link/:id
+   */
+  expressConfig?: {
+
+    /**
+     * Express app instance. If provided Prostgles will attempt to set sidKeyName to user cookie
+     */
+    app: Express;
+
+    /**
+     * Options used in setting the cookie after a successful login
+     */
+    cookieOptions?: AnyObject;
+
+    /**
+     * False by default. If false and userRoutes are provided then the socket will request window.location.reload if the current url is on a user route.
+     */
+    disableSocketAuthGuard?: boolean;
+
+    /**
+     * If provided, any client requests to NOT these routes (or their subroutes) will be redirected to loginRoute (if logged in) and then redirected back to the initial route after logging in
+     * If logged in the user is allowed to access these routes
+     */
+    publicRoutes?: string[];
+
+    /**
+     * Will attach a app.use listener and will expose getUser
+     * Used for blocking access
+     */
+    use?: (args: { req: ExpressReq; res: ExpressRes, next: NextFunction } & AuthRequestParams<S, SUser>) => void | Promise<void>;
+
+    /**
+     * Will be called after a GET request is authorised
+     * This means that 
+     */
+    onGetRequestOK?: (
+      req: ExpressReq, 
+      res: ExpressRes, 
+      params: AuthRequestParams<S, SUser>
+    ) => any;
+
+    /**
+     * If defined, will check the magic link id and log in the user and redirect to the returnUrl if set
+     */
+    magicLinks?: {
+
+      /**
+       * Used in creating a session/logging in using a magic link
+       */
+      check: (magicId: string, dbo: DBOFullyTyped<S>, db: DB, client: LoginClientInfo) => Awaitable<BasicSession | undefined>;
+    }
+
+    registrations?: AuthRegistrationConfig<S>;
+  }
+
+  /**
+   * undefined sid is allowed to enable public users
+   */
+  getUser: (sid: string | undefined, dbo: DBOFullyTyped<S>, db: DB, client: AuthClientRequest & LoginClientInfo) => Awaitable<AuthResult<SUser>>;
+
+  login?: (params: LoginParams, dbo: DBOFullyTyped<S>, db: DB, client: LoginClientInfo) => Awaitable<BasicSession> | BasicSession;
+  logout?: (sid: string | undefined, dbo: DBOFullyTyped<S>, db: DB) => Awaitable<any>;
+
+  /**
+   * If provided then session info will be saved on socket.__prglCache and reused from there
+   */
+  cacheSession?: {
+    getSession: (sid: string | undefined, dbo: DBOFullyTyped<S>, db: DB) => Awaitable<BasicSession>
+  }
+}
+
+
+export type LoginParams = 
+| { type: "username"; username: string; password: string; [key: string]: any }
+| ({ type: "provider"; } & AuthProviderUserData)