sentri 1.1.2 → 2.1.0

package/dist/cli.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACtF,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AAEpC,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D,MAAM,QAAQ,GAAG,CAAC,UAAU,CAAU,CAAC;AAGvC,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAU,CAAC;AAG5C,SAAS,IAAI;IACX,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;CAUb,CAAC,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CACzB,YAAoB,EACpB,WAAmB,EACnB,eAAuB,EACvB,KAAa;IAEb,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO;IACtC,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACrD,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7B,YAAY,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,EAAE,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,MAAM,eAAe,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC5D,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;QAC9E,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YAC1D,MAAM,QAAQ,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;YACpD,aAAa,CAAC,WAAW,EAAE,QAAQ,CAAC,OAAO,EAAE,GAAG,MAAM,GAAG,KAAK,GAAG,IAAI,CAAC,CAAC;YACvE,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,oBAAoB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,GAAuB;IACvC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAU,CAAC,EAAE,CAAC;QACvC,OAAO,CAAC,KAAK,CAAC,mDAAmD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,iBAAiB,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC;IAClE,MAAM,oBAAoB,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;IACzE,MAAM,kBAAkB,GAAG,IAAI,CAAC,oBAAoB,EAAE,YAAY,CAAC,CAAC;IACpE,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC;IAC9D,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAExE,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,yBAAyB,GAAG,uCAAuC,CAAC,CAAC;QACnF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,UAAU,CAAC,kBAAkB,CAAC,IAAI,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QAClE,OAAO,CAAC,KAAK,CAAC,6FAA6F,CAAC,CAAC;QAC7G,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,SAAS,CAAC,oBAAoB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACrD,YAAY,CAAC,IAAI,CAAC,iBAAiB,EAAE,YAAY,CAAC,EAAE,kBAAkB,CAAC,CAAC;IACxE,YAAY,CAAC,IAAI,CAAC,iBAAiB,EAAE,SAAS,CAAC,EAAE,eAAe,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAE9C,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;QACrB,kBAAkB,CAChB,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,eAAe,CAAC,EAC7D,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,eAAe,CAAC,EAC9C,QAAQ,EACR,sBAAsB,CACvB,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,kBAAkB,CAChB,IAAI,CAAC,iBAAiB,EAAE,WAAW,CAAC,EACpC,IAAI,CAAC,oBAAoB,EAAE,WAAW,CAAC,EACvC,SAAS,EACT,0BAA0B,CAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACnC,SAAS,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3D,aAAa,CACX,iBAAiB,EACjB,kGAAkG,CACnG,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAC1C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC3B,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,iFAAiF,CAAC,CAAC;QAC/F,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC;IACxF,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,uFAAuF,CAAC,CAAC;QACrG,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC;QACtF,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;IACvD,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;IACvD,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,EAAE,AAAD,EAAG,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;AAE5C,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;IACzD,IAAI,EAAE,CAAC;IACP,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAkB,CAAC,EAAE,CAAC;IAC3C,OAAO,CAAC,KAAK,CAAC,oBAAoB,OAAO,EAAE,CAAC,CAAC;IAC7C,IAAI,EAAE,CAAC;IACP,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;IACnD,IAAI,EAAE,CAAC;IACP,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,IAAI,OAAO,KAAK,UAAU;IAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC"}

package/dist/client.d.ts

@@ -1,160 +0,0 @@
-import type { PermitCheck, PermitOptions } from './middleware/permit.js';
-import type { ErrorHandlerOptions } from './middleware/errorHandler.js';
-import type { AuthConfig, AuthUser } from './types/auth.js';
-import type { ErrorRequestHandler, RequestHandler, Router } from 'express';
-/**
- * The bound auth client returned by {@link createAuth}.
- *
- * All methods are pre-configured with the options passed to `createAuth` —
- * you never need to pass config around yourself.
- *
- * `TRole` is inferred from `validRoles` and narrows role strings to your
- * application's exact union type everywhere (authorize, req.user, etc.).
- */
-export interface AuthClient<TRole extends string = string> {
-    /**
-     * Express middleware factory that enforces authentication.
-     *
-     * Reads the `Authorization: Bearer <token>` header, verifies the access token,
-     * confirms the session is still active in the database, and injects the decoded
-     * payload as `request.user`. Calls `next(SentriError)` on any failure.
-     *
-     * @example
-     * router.get('/me', auth.protect(), (request, response) => {
-     *   response.json(request.user);
-     * });
-     */
-    protect(): RequestHandler;
-    /**
-     * Express middleware factory that enforces role-based access.
-     *
-     * Must be used **after** `protect()`. Passes if the authenticated user has
-     * at least one of the specified roles; otherwise calls `next(SentriError)` with
-     * code `FORBIDDEN`.
-     *
-     * @example
-     * router.delete('/posts/:id', auth.protect(), auth.authorize('admin'), handler);
-     */
-    authorize(...roles: TRole[]): RequestHandler;
-    /**
-     * Express middleware factory for resource-level permission checks.
-     *
-     * Must be used **after** `protect()`. Evaluates a check function against the
-     * current request and calls `next(SentriError)` with `FORBIDDEN` if it returns `false`.
-     *
-     * Accepts either a bare check function or an options object with an optional
-     * `roles` list whose members bypass the check entirely.
-     *
-     * @example
-     * // User can only update their own profile
-     * router.put('/users/:id',
-     *   auth.protect(),
-     *   auth.permit((request) => request.user!.id === request.params['id']),
-     *   handler,
-     * );
-     *
-     * @example
-     * // Admins bypass the check; others must own the resource
-     * router.delete('/posts/:id',
-     *   auth.protect(),
-     *   auth.permit({
-     *     roles: ['admin'],
-     *     check: async (request) => {
-     *       const post = await db.post.findUnique({ where: { id: request.params['id'] } });
-     *       return post?.authorId === request.user!.id;
-     *     },
-     *   }),
-     *   handler,
-     * );
-     */
-    permit(check: PermitCheck): RequestHandler;
-    permit(options: PermitOptions<TRole>): RequestHandler;
-    /** Hash a plain-text password using the configured `saltRounds`. */
-    hashPassword(plain: string): Promise<string>;
-    /** Compare a plain-text password against a stored bcrypt hash. */
-    verifyPassword(plain: string, hash: string): Promise<boolean>;
-    /** Sign an access token for the given user payload. */
-    signAccessToken(payload: AuthUser<TRole>): string;
-    /** Sign a refresh token bound to a session ID. */
-    signRefreshToken(sessionId: string): string;
-    /** Verify and decode an access token. Throws `SentriError` if invalid or expired. */
-    verifyAccessToken(token: string): AuthUser<TRole>;
-    /** Verify and decode a refresh token. Throws `SentriError` if invalid or expired. */
-    verifyRefreshToken(token: string): {
-        sessionId: string;
-    };
-    /**
-     * Returns a pre-built Express Router with all standard auth endpoints mounted.
-     *
-     * Endpoints:
-     * - `POST /register` — register a new user. Requires `X-Api-Key` header when `config.apiKey` is set.
-     * - `POST /login` — authenticate, sets refresh token cookie, returns `{ accessToken, user }`
-     * - `POST /refresh` — rotate refresh token, returns new `{ accessToken }`
-     * - `POST /logout` — delete the current session; the bound access token is immediately rejected by `protect()`
-     * - `POST /logout-all` — delete all sessions for the user (requires valid access token)
-     * - `GET  /me` — return the authenticated user
-     * - `POST /users/:userId/roles` — assign roles (requires admin)
-     *
-     * Requires `express.json()` before the router.
-     *
-     * @example
-     * app.use(express.json());
-     * app.use('/auth', auth.router());
-     */
-    router(): Router;
-    /**
-     * Returns an Express error-handling middleware that formats every `SentriError`
-     * (and any subclass) into the standard sentri response envelope:
-     *
-     * ```json
-     * { "error": true, "statusCode": 401, "code": "UNAUTHORIZED", "message": "...", "data": null }
-     * ```
-     *
-     * Mount it **after all your routes** so it acts as the global catch-all for
-     * both sentri errors and your own `SentriError` subclasses.
-     *
-     * @example
-     * import { SentriError } from 'sentri';
-     *
-     * // Define app-specific errors by extending SentriError
-     * class NotFoundError extends SentriError {
-     *   constructor(resource: string) {
-     *     super('NOT_FOUND', `${resource} not found`, 404);
-     *   }
-     * }
-     *
-     * app.use('/auth', auth.router());
-     * app.use('/api', apiRouter);
-     *
-     * // Catches errors from sentri AND your own subclasses
-     * app.use(auth.errorHandler());
-     *
-     * @example
-     * // With optional unhandled-error logger
-     * app.use(auth.errorHandler({
-     *   onUnhandled: (err) => logger.error('Unexpected error', { err }),
-     * }));
-     */
-    errorHandler(options?: ErrorHandlerOptions): ErrorRequestHandler;
-}
-/**
- * Create a fully configured auth client for your application.
- *
- * Pass your config once here and use the returned client everywhere — it
- * binds all library functions to your settings so you never need to pass
- * config manually.
- *
- * The generic parameter `TRole` is inferred automatically from `validRoles`
- * when you use `as const`:
- *
- * @example
- * export const auth = createAuth({
- *   secret: process.env.JWT_SECRET!,
- *   validRoles: ['user', 'admin', 'moderator'] as const,
- *   adapter: myAdapter,
- * });
- *
- * // auth.authorize('admin') is type-safe — 'superuser' would be a compile error.
- */
-export declare function createAuth<TRole extends string = string>(config: AuthConfig<TRole>): AuthClient<TRole>;
-//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC5D,OAAO,KAAK,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAE3E;;;;;;;;GAQG;AACH,MAAM,WAAW,UAAU,CAAC,KAAK,SAAS,MAAM,GAAG,MAAM;IACvD;;;;;;;;;;;OAWG;IACH,OAAO,IAAI,cAAc,CAAC;IAE1B;;;;;;;;;OASG;IACH,SAAS,CAAC,GAAG,KAAK,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC;IAE7C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACH,MAAM,CAAC,KAAK,EAAE,WAAW,GAAG,cAAc,CAAC;IAC3C,MAAM,CAAC,OAAO,EAAE,aAAa,CAAC,KAAK,CAAC,GAAG,cAAc,CAAC;IAEtD,oEAAoE;IACpE,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE7C,kEAAkE;IAClE,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE9D,uDAAuD;IACvD,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC;IAElD,kDAAkD;IAClD,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAE5C,qFAAqF;IACrF,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAElD,qFAAqF;IACrF,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG;QAAE,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAEzD;;;;;;;;;;;;;;;;;OAiBG;IACH,MAAM,IAAI,MAAM,CAAC;IAEjB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACH,YAAY,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG,mBAAmB,CAAC;CAClE;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,UAAU,CAAC,KAAK,SAAS,MAAM,GAAG,MAAM,EACtD,MAAM,EAAE,UAAU,CAAC,KAAK,CAAC,GACxB,UAAU,CAAC,KAAK,CAAC,CAiBnB"}

package/dist/client.js

@@ -1,45 +0,0 @@
-import { hashPassword, verifyPassword } from './libs/hash.js';
-import { signAccessToken, signRefreshToken, verifyAccessToken, verifyRefreshToken } from './libs/token.js';
-import { resolveConfig, validateConfig } from './libs/config.js';
-import { protect } from './middleware/protect.js';
-import { authorize } from './middleware/authorize.js';
-import { permit } from './middleware/permit.js';
-import { createAuthRouter } from './middleware/router.js';
-import { createErrorHandler } from './middleware/errorHandler.js';
-/**
- * Create a fully configured auth client for your application.
- *
- * Pass your config once here and use the returned client everywhere — it
- * binds all library functions to your settings so you never need to pass
- * config manually.
- *
- * The generic parameter `TRole` is inferred automatically from `validRoles`
- * when you use `as const`:
- *
- * @example
- * export const auth = createAuth({
- *   secret: process.env.JWT_SECRET!,
- *   validRoles: ['user', 'admin', 'moderator'] as const,
- *   adapter: myAdapter,
- * });
- *
- * // auth.authorize('admin') is type-safe — 'superuser' would be a compile error.
- */
-export function createAuth(config) {
-    validateConfig(config);
-    const resolved = resolveConfig(config);
-    return {
-        protect: () => protect(config),
-        authorize: (...roles) => authorize(...roles),
-        permit: (optionsOrCheck) => permit(optionsOrCheck),
-        hashPassword: (plain) => hashPassword(plain, resolved.saltRounds),
-        verifyPassword: (plain, hash) => verifyPassword(plain, hash),
-        signAccessToken: (payload) => signAccessToken(payload, config),
-        signRefreshToken: (sessionId) => signRefreshToken(sessionId, config),
-        verifyAccessToken: (token) => verifyAccessToken(token, config),
-        verifyRefreshToken: (token) => verifyRefreshToken(token, config),
-        router: () => createAuthRouter(config),
-        errorHandler: (options) => createErrorHandler(options),
-    };
-}
-//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAC3G,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACjE,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAsJlE;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,UAAU,CACxB,MAAyB;IAEzB,cAAc,CAAC,MAAoB,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAoB,CAAC,CAAC;IAErD,OAAO;QACL,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAoB,CAAC;QAC5C,SAAS,EAAE,CAAC,GAAG,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC;QAC5C,MAAM,EAAE,CAAC,cAAkD,EAAE,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC;QACtF,YAAY,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC;QACjE,cAAc,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC;QAC5D,eAAe,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,eAAe,CAAC,OAAmB,EAAE,MAAoB,CAAC;QACxF,gBAAgB,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,gBAAgB,CAAC,SAAS,EAAE,MAAoB,CAAC;QAClF,iBAAiB,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAoB,CAAoB;QAC/F,kBAAkB,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,kBAAkB,CAAC,KAAK,EAAE,MAAoB,CAAC;QAC9E,MAAM,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC;QACtC,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,kBAAkB,CAAC,OAAO,CAAC;KACvD,CAAC;AACJ,CAAC"}

package/dist/errors/AuthError.d.ts

@@ -1,99 +0,0 @@
-/**
- * Discriminant codes for built-in {@link SentriError} instances.
- *
- * - `INVALID_CREDENTIALS` — identifier or password did not match (intentionally vague to prevent user enumeration)
- * - `USER_NOT_FOUND` — an operation required a user that does not exist
- * - `USER_ALREADY_EXISTS` — registration was attempted with an identifier already in the database
- * - `TOKEN_EXPIRED` — the JWT was valid but its `exp` claim is in the past
- * - `TOKEN_INVALID` — the JWT could not be verified (bad signature, malformed, wrong type)
- * - `FORBIDDEN` — the user is authenticated but lacks the required role
- * - `UNAUTHORIZED` — no valid access token was present on the request, or the session was revoked
- * - `INVALID_ROLE` — a role name was used that is not in `validRoles`
- * - `VALIDATION_ERROR` — a required field was missing or had an invalid value
- * - `CONFIGURATION_ERROR` — `createAuth` was called with an invalid configuration
- *
- * When you extend {@link SentriError} for your own error types you can use any
- * string as `code` — it does not need to be one of these built-in values.
- */
-export type SentriErrorCode = 'INVALID_CREDENTIALS' | 'USER_NOT_FOUND' | 'USER_ALREADY_EXISTS' | 'TOKEN_EXPIRED' | 'TOKEN_INVALID' | 'FORBIDDEN' | 'UNAUTHORIZED' | 'INVALID_ROLE' | 'VALIDATION_ERROR' | 'CONFIGURATION_ERROR';
-/**
- * Default HTTP status codes for built-in error codes.
- * Custom codes that are not in this map default to 500.
- *
- * @internal
- */
-export declare const AUTH_ERROR_STATUS: Record<string, number>;
-/**
- * Base error class for all authentication and authorization failures in sentri.
- *
- * Every error thrown by sentri is an instance of `SentriError`. The `code`
- * property is a machine-readable string that lets you distinguish error
- * types without string-matching on the message. Built-in codes are listed
- * in {@link SentriErrorCode}; custom subclasses may use any string.
- *
- * The `statusCode` property holds the HTTP status that the built-in router
- * and `auth.errorHandler()` will use in the response. For built-in codes
- * it is derived automatically. Pass it explicitly when subclassing with a
- * custom code.
- *
- * ---
- *
- * **Extending SentriError**
- *
- * You can create application-specific error classes by extending `SentriError`.
- * Any subclass will be caught automatically by `auth.errorHandler()` because
- * `instanceof SentriError` is `true` for all subclasses.
- *
- * ```typescript
- * import { SentriError } from 'sentri';
- *
- * // Domain error with a custom code and explicit HTTP status
- * export class PaymentError extends SentriError {
- *   constructor(message: string) {
- *     super('PAYMENT_FAILED', message, 402);
- *   }
- * }
- *
- * // Throw it anywhere in your routes — auth.errorHandler() catches it
- * router.post('/checkout', auth.protect(), async (req, res) => {
- *   const ok = await chargeCard(req.body.cardToken);
- *   if (!ok) throw new PaymentError('Card declined');
- *   res.json({ success: true });
- * });
- * ```
- *
- * ---
- *
- * **Error handling in custom routes**
- *
- * ```typescript
- * app.use('/auth', auth.router());
- * app.use('/api', apiRouter);
- *
- * // Mount after all routes — catches SentriError from sentri AND your subclasses
- * app.use(auth.errorHandler());
- * ```
- */
-export declare class SentriError extends Error {
-    /**
-     * Machine-readable error code.
-     * Built-in codes are defined by {@link SentriErrorCode}.
-     * Custom subclasses may use any string.
-     */
-    readonly code: string;
-    /**
-     * HTTP status code associated with this error.
-     * Derived automatically for built-in codes; pass it explicitly when
-     * subclassing with a custom `code`.
-     */
-    readonly statusCode: number;
-    /**
-     * @param code - Machine-readable error code. Use a built-in {@link SentriErrorCode}
-     *   or any string for custom subclasses.
-     * @param message - Human-readable description of the error.
-     * @param statusCode - HTTP status to use in the response. For built-in codes
-     *   this is derived automatically; for custom codes it defaults to `500`.
-     */
-    constructor(code: SentriErrorCode | (string & {}), message: string, statusCode?: number);
-}
-//# sourceMappingURL=AuthError.d.ts.map

package/dist/errors/AuthError.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"AuthError.d.ts","sourceRoot":"","sources":["../../src/errors/AuthError.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,MAAM,eAAe,GACvB,qBAAqB,GACrB,gBAAgB,GAChB,qBAAqB,GACrB,eAAe,GACf,eAAe,GACf,WAAW,GACX,cAAc,GACd,cAAc,GACd,kBAAkB,GAClB,qBAAqB,CAAC;AAE1B;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAWpD,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AACH,qBAAa,WAAY,SAAQ,KAAK;IACpC;;;;OAIG;IACH,SAAgB,IAAI,EAAE,MAAM,CAAC;IAE7B;;;;OAIG;IACH,SAAgB,UAAU,EAAE,MAAM,CAAC;IAEnC;;;;;;OAMG;gBAED,IAAI,EAAE,eAAe,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,EACrC,OAAO,EAAE,MAAM,EACf,UAAU,CAAC,EAAE,MAAM;CAOtB"}

package/dist/errors/AuthError.js

@@ -1,97 +0,0 @@
-/**
- * Default HTTP status codes for built-in error codes.
- * Custom codes that are not in this map default to 500.
- *
- * @internal
- */
-export const AUTH_ERROR_STATUS = {
-    UNAUTHORIZED: 401,
-    TOKEN_EXPIRED: 401,
-    TOKEN_INVALID: 401,
-    INVALID_CREDENTIALS: 401,
-    FORBIDDEN: 403,
-    USER_NOT_FOUND: 404,
-    USER_ALREADY_EXISTS: 409,
-    INVALID_ROLE: 400,
-    VALIDATION_ERROR: 400,
-    CONFIGURATION_ERROR: 500,
-};
-/**
- * Base error class for all authentication and authorization failures in sentri.
- *
- * Every error thrown by sentri is an instance of `SentriError`. The `code`
- * property is a machine-readable string that lets you distinguish error
- * types without string-matching on the message. Built-in codes are listed
- * in {@link SentriErrorCode}; custom subclasses may use any string.
- *
- * The `statusCode` property holds the HTTP status that the built-in router
- * and `auth.errorHandler()` will use in the response. For built-in codes
- * it is derived automatically. Pass it explicitly when subclassing with a
- * custom code.
- *
- * ---
- *
- * **Extending SentriError**
- *
- * You can create application-specific error classes by extending `SentriError`.
- * Any subclass will be caught automatically by `auth.errorHandler()` because
- * `instanceof SentriError` is `true` for all subclasses.
- *
- * ```typescript
- * import { SentriError } from 'sentri';
- *
- * // Domain error with a custom code and explicit HTTP status
- * export class PaymentError extends SentriError {
- *   constructor(message: string) {
- *     super('PAYMENT_FAILED', message, 402);
- *   }
- * }
- *
- * // Throw it anywhere in your routes — auth.errorHandler() catches it
- * router.post('/checkout', auth.protect(), async (req, res) => {
- *   const ok = await chargeCard(req.body.cardToken);
- *   if (!ok) throw new PaymentError('Card declined');
- *   res.json({ success: true });
- * });
- * ```
- *
- * ---
- *
- * **Error handling in custom routes**
- *
- * ```typescript
- * app.use('/auth', auth.router());
- * app.use('/api', apiRouter);
- *
- * // Mount after all routes — catches SentriError from sentri AND your subclasses
- * app.use(auth.errorHandler());
- * ```
- */
-export class SentriError extends Error {
-    /**
-     * Machine-readable error code.
-     * Built-in codes are defined by {@link SentriErrorCode}.
-     * Custom subclasses may use any string.
-     */
-    code;
-    /**
-     * HTTP status code associated with this error.
-     * Derived automatically for built-in codes; pass it explicitly when
-     * subclassing with a custom `code`.
-     */
-    statusCode;
-    /**
-     * @param code - Machine-readable error code. Use a built-in {@link SentriErrorCode}
-     *   or any string for custom subclasses.
-     * @param message - Human-readable description of the error.
-     * @param statusCode - HTTP status to use in the response. For built-in codes
-     *   this is derived automatically; for custom codes it defaults to `500`.
-     */
-    constructor(code, message, statusCode) {
-        super(message);
-        this.name = 'SentriError';
-        this.code = code;
-        this.statusCode = statusCode ?? AUTH_ERROR_STATUS[code] ?? 500;
-    }
-}
-//# sourceMappingURL=AuthError.js.map

package/dist/errors/AuthError.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"AuthError.js","sourceRoot":"","sources":["../../src/errors/AuthError.ts"],"names":[],"mappings":"AA6BA;;;;;GAKG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA2B;IACvD,YAAY,EAAE,GAAG;IACjB,aAAa,EAAE,GAAG;IAClB,aAAa,EAAE,GAAG;IAClB,mBAAmB,EAAE,GAAG;IACxB,SAAS,EAAE,GAAG;IACd,cAAc,EAAE,GAAG;IACnB,mBAAmB,EAAE,GAAG;IACxB,YAAY,EAAE,GAAG;IACjB,gBAAgB,EAAE,GAAG;IACrB,mBAAmB,EAAE,GAAG;CACzB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AACH,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC;;;;OAIG;IACa,IAAI,CAAS;IAE7B;;;;OAIG;IACa,UAAU,CAAS;IAEnC;;;;;;OAMG;IACH,YACE,IAAqC,EACrC,OAAe,EACf,UAAmB;QAEnB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC;IACjE,CAAC;CACF"}

package/dist/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAGhD,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,OAAO;YACf,IAAI,CAAC,EAAE,QAAQ,CAAC;SACjB;KACF;CACF;AAED,YAAY,EACV,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,WAAW,EACX,WAAW,EACX,UAAU,EACV,aAAa,EACb,cAAc,EACd,cAAc,EACd,aAAa,EACb,UAAU,EACV,cAAc,EACd,UAAU,EACV,aAAa,EACb,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AACzB,YAAY,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,YAAY,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC9C,YAAY,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAExE,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAgCA,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/libs/config.d.ts

@@ -1,62 +0,0 @@
-import type { AuthAdapter, AuthConfig } from '../types/auth.js';
-/**
- * Fully-resolved configuration with all optional fields filled in by
- * their defaults. Produced by {@link resolveConfig} and used internally
- * wherever the library needs guaranteed values.
- */
-export interface ResolvedConfig {
-    secret: string;
-    accessExpiresIn: string | number;
-    refreshExpiresIn: string | number;
-    algorithm: 'HS256' | 'HS384' | 'HS512';
-    saltRounds: number;
-    validRoles: readonly string[];
-    adapter: AuthAdapter;
-}
-/**
- * Validate configuration at startup so misconfiguration is caught immediately,
- * not at the first login attempt.
- *
- * Throws {@link SentriError} with code `CONFIGURATION_ERROR` for any of:
- * - `secret` missing or shorter than 32 characters
- * - `saltRounds` outside the range 10–31
- * - `validRoles` is empty or missing
- * - `adapter` is missing
- *
- * @param config - The raw config passed to {@link createAuth}.
- * @throws {SentriError} With code `CONFIGURATION_ERROR` on any invalid field.
- */
-export declare function validateConfig(config: AuthConfig): void;
-/**
- * Merge a partial {@link AuthConfig} with library defaults and return a
- * fully-resolved configuration object.
- *
- * Does **not** validate the config — call {@link validateConfig} first.
- *
- * Defaults applied:
- * - `accessExpiresIn` → `'15m'`
- * - `refreshExpiresIn` → `'7d'`
- * - `algorithm` → `'HS256'`
- * - `saltRounds` → `12`
- *
- * @param partial - The raw config passed to {@link createAuth}.
- * @returns A {@link ResolvedConfig} with every field guaranteed to be present.
- */
-export declare function resolveConfig(partial: AuthConfig): ResolvedConfig;
-/**
- * Convert a duration string or a number of seconds into milliseconds.
- *
- * Supported unit suffixes: `s` (seconds), `m` (minutes), `h` (hours),
- * `d` (days), `w` (weeks). Numeric inputs are treated as seconds.
- *
- * @example
- * parseExpiry('15m')  // 900_000
- * parseExpiry('7d')   // 604_800_000
- * parseExpiry(60)     // 60_000
- *
- * @param expiresIn - A duration string (e.g. `'15m'`, `'7d'`) or a number of seconds.
- * @returns The equivalent duration in milliseconds.
- * @throws {Error} If the string format is unrecognised.
- */
-export declare function parseExpiry(expiresIn: string | number): number;
-//# sourceMappingURL=config.d.ts.map

package/dist/libs/config.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/libs/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAEhE;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,GAAG,MAAM,CAAC;IACjC,gBAAgB,EAAE,MAAM,GAAG,MAAM,CAAC;IAClC,SAAS,EAAE,OAAO,GAAG,OAAO,GAAG,OAAO,CAAC;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,SAAS,MAAM,EAAE,CAAC;IAC9B,OAAO,EAAE,WAAW,CAAC;CACtB;AAMD;;;;;;;;;;;;GAYG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI,CA0BvD;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,UAAU,GAAG,cAAc,CAUjE;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAkB9D"}

package/dist/libs/config.js

@@ -1,97 +0,0 @@
-import { SentriError } from '../errors/AuthError.js';
-const MIN_SECRET_LENGTH = 32;
-const MIN_SALT_ROUNDS = 10;
-const MAX_SALT_ROUNDS = 31;
-/**
- * Validate configuration at startup so misconfiguration is caught immediately,
- * not at the first login attempt.
- *
- * Throws {@link SentriError} with code `CONFIGURATION_ERROR` for any of:
- * - `secret` missing or shorter than 32 characters
- * - `saltRounds` outside the range 10–31
- * - `validRoles` is empty or missing
- * - `adapter` is missing
- *
- * @param config - The raw config passed to {@link createAuth}.
- * @throws {SentriError} With code `CONFIGURATION_ERROR` on any invalid field.
- */
-export function validateConfig(config) {
-    if (!config.secret || config.secret.trim().length === 0) {
-        throw new SentriError('CONFIGURATION_ERROR', 'secret must not be empty');
-    }
-    if (config.secret.length < MIN_SECRET_LENGTH) {
-        throw new SentriError('CONFIGURATION_ERROR', `secret must be at least ${MIN_SECRET_LENGTH} characters to be cryptographically safe`);
-    }
-    const saltRounds = config.saltRounds ?? 12;
-    if (!Number.isInteger(saltRounds) || saltRounds < MIN_SALT_ROUNDS || saltRounds > MAX_SALT_ROUNDS) {
-        throw new SentriError('CONFIGURATION_ERROR', `saltRounds must be an integer between ${MIN_SALT_ROUNDS} and ${MAX_SALT_ROUNDS}`);
-    }
-    if (!config.validRoles || config.validRoles.length === 0) {
-        throw new SentriError('CONFIGURATION_ERROR', 'validRoles must contain at least one role');
-    }
-    if (!config.adapter) {
-        throw new SentriError('CONFIGURATION_ERROR', 'adapter is required');
-    }
-}
-/**
- * Merge a partial {@link AuthConfig} with library defaults and return a
- * fully-resolved configuration object.
- *
- * Does **not** validate the config — call {@link validateConfig} first.
- *
- * Defaults applied:
- * - `accessExpiresIn` → `'15m'`
- * - `refreshExpiresIn` → `'7d'`
- * - `algorithm` → `'HS256'`
- * - `saltRounds` → `12`
- *
- * @param partial - The raw config passed to {@link createAuth}.
- * @returns A {@link ResolvedConfig} with every field guaranteed to be present.
- */
-export function resolveConfig(partial) {
-    return {
-        secret: partial.secret,
-        accessExpiresIn: partial.accessExpiresIn ?? '15m',
-        refreshExpiresIn: partial.refreshExpiresIn ?? '7d',
-        algorithm: partial.algorithm ?? 'HS256',
-        saltRounds: partial.saltRounds ?? 12,
-        validRoles: partial.validRoles,
-        adapter: partial.adapter,
-    };
-}
-/**
- * Convert a duration string or a number of seconds into milliseconds.
- *
- * Supported unit suffixes: `s` (seconds), `m` (minutes), `h` (hours),
- * `d` (days), `w` (weeks). Numeric inputs are treated as seconds.
- *
- * @example
- * parseExpiry('15m')  // 900_000
- * parseExpiry('7d')   // 604_800_000
- * parseExpiry(60)     // 60_000
- *
- * @param expiresIn - A duration string (e.g. `'15m'`, `'7d'`) or a number of seconds.
- * @returns The equivalent duration in milliseconds.
- * @throws {Error} If the string format is unrecognised.
- */
-export function parseExpiry(expiresIn) {
-    if (typeof expiresIn === 'number')
-        return expiresIn * 1000;
-    const multipliers = {
-        s: 1_000,
-        m: 60_000,
-        h: 3_600_000,
-        d: 86_400_000,
-        w: 604_800_000,
-    };
-    const match = /^(\d+)([smhdw])$/.exec(expiresIn);
-    if (!match?.[1] || !match?.[2]) {
-        throw new Error(`Invalid expiresIn: "${expiresIn}". Use e.g. "15m", "7d", "1h".`);
-    }
-    const unit = multipliers[match[2]];
-    if (unit === undefined) {
-        throw new Error(`Invalid expiresIn: "${expiresIn}". Use e.g. "15m", "7d", "1h".`);
-    }
-    return parseInt(match[1], 10) * unit;
-}
-//# sourceMappingURL=config.js.map

package/dist/libs/config.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/libs/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAkBrD,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAC7B,MAAM,eAAe,GAAG,EAAE,CAAC;AAC3B,MAAM,eAAe,GAAG,EAAE,CAAC;AAE3B;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,cAAc,CAAC,MAAkB;IAC/C,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,WAAW,CAAC,qBAAqB,EAAE,0BAA0B,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,iBAAiB,EAAE,CAAC;QAC7C,MAAM,IAAI,WAAW,CACnB,qBAAqB,EACrB,2BAA2B,iBAAiB,0CAA0C,CACvF,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,UAAU,GAAG,eAAe,IAAI,UAAU,GAAG,eAAe,EAAE,CAAC;QAClG,MAAM,IAAI,WAAW,CACnB,qBAAqB,EACrB,yCAAyC,eAAe,QAAQ,eAAe,EAAE,CAClF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,WAAW,CAAC,qBAAqB,EAAE,2CAA2C,CAAC,CAAC;IAC5F,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,WAAW,CAAC,qBAAqB,EAAE,qBAAqB,CAAC,CAAC;IACtE,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,aAAa,CAAC,OAAmB;IAC/C,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI,KAAK;QACjD,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,IAAI,IAAI;QAClD,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,OAAO;QACvC,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,EAAE;QACpC,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,WAAW,CAAC,SAA0B;IACpD,IAAI,OAAO,SAAS,KAAK,QAAQ;QAAE,OAAO,SAAS,GAAG,IAAI,CAAC;IAC3D,MAAM,WAAW,GAA2B;QAC1C,CAAC,EAAE,KAAK;QACR,CAAC,EAAE,MAAM;QACT,CAAC,EAAE,SAAS;QACZ,CAAC,EAAE,UAAU;QACb,CAAC,EAAE,WAAW;KACf,CAAC;IACF,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,uBAAuB,SAAS,gCAAgC,CAAC,CAAC;IACpF,CAAC;IACD,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,uBAAuB,SAAS,gCAAgC,CAAC,CAAC;IACpF,CAAC;IACD,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC;AACvC,CAAC"}

package/dist/libs/hash.d.ts

@@ -1,17 +0,0 @@
-/**
- * Hash a plain-text password using bcrypt.
- *
- * @param plain - The raw password string supplied by the user.
- * @param saltRounds - bcrypt cost factor; higher values increase security at the cost of speed.
- * @returns The bcrypt hash string to persist in the database.
- */
-export declare function hashPassword(plain: string, saltRounds?: number): Promise<string>;
-/**
- * Compare a plain-text password against a stored bcrypt hash.
- *
- * @param plain - The raw password string to verify.
- * @param hash - The stored bcrypt hash from the database.
- * @returns `true` if the password matches the hash, `false` otherwise.
- */
-export declare function verifyPassword(plain: string, hash: string): Promise<boolean>;
-//# sourceMappingURL=hash.d.ts.map

package/dist/libs/hash.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../../src/libs/hash.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;AACH,wBAAsB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,SAAK,GAAG,OAAO,CAAC,MAAM,CAAC,CAElF;AAED;;;;;;GAMG;AACH,wBAAsB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAElF"}

package/dist/libs/hash.js

@@ -1,22 +0,0 @@
-import bcrypt from 'bcrypt';
-/**
- * Hash a plain-text password using bcrypt.
- *
- * @param plain - The raw password string supplied by the user.
- * @param saltRounds - bcrypt cost factor; higher values increase security at the cost of speed.
- * @returns The bcrypt hash string to persist in the database.
- */
-export async function hashPassword(plain, saltRounds = 12) {
-    return bcrypt.hash(plain, saltRounds);
-}
-/**
- * Compare a plain-text password against a stored bcrypt hash.
- *
- * @param plain - The raw password string to verify.
- * @param hash - The stored bcrypt hash from the database.
- * @returns `true` if the password matches the hash, `false` otherwise.
- */
-export async function verifyPassword(plain, hash) {
-    return bcrypt.compare(plain, hash);
-}
-//# sourceMappingURL=hash.js.map

package/dist/libs/hash.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"hash.js","sourceRoot":"","sources":["../../src/libs/hash.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAE5B;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,KAAa,EAAE,UAAU,GAAG,EAAE;IAC/D,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;AACxC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAa,EAAE,IAAY;IAC9D,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC"}