sentri 4.1.1 → 5.0.0

package/dist/cli.cjs

@@ -0,0 +1,514 @@
+#!/usr/bin/env node
+'use strict';var promises=require('fs/promises'),fs=require('fs'),path=require('path');var y=Object.defineProperty;var s=(e,o)=>y(e,"name",{value:o,configurable:true});var g={server:{express:`import { createAuthExpress } from 'sentri/express';
+import { PostgresDialect } from 'kysely';
+import pg from 'pg';
+
+const { Pool } = pg;
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthExpress<Role>({
+  mode: 'server',
+
+  // -- Roles ------------------------------------------------------------------
+  validRoles: ['admin', 'user'],
+
+  // -- Database ---------------------------------------------------------------
+  dialect: new PostgresDialect({
+    pool: new Pool({ connectionString: process.env.DATABASE_URL! })
+  }),
+
+  // -- Token ------------------------------------------------------------------
+  accessExpiresIn: process.env.JWT_ACCESS_EXPIRES_IN ?? '15m',
+  refreshExpiresIn: process.env.JWT_REFRESH_EXPIRES_IN ?? '7d',
+
+  // -- Security ---------------------------------------------------------------
+  saltRounds: parseInt(process.env.SALT_ROUNDS ?? '12', 10),
+  // apiKey: process.env.API_KEY,  // uncomment to restrict POST /register
+
+  // -- Redis (optional) -------------------------------------------------------
+  // redisUrl: process.env.REDIS_URL,
+
+  // -- Cookie (optional) ------------------------------------------------------
+  // cookie: { secure: true, sameSite: 'strict' },
+  // accessCookie: { secure: true, sameSite: 'strict' },
+
+  // -- Hooks (optional) -------------------------------------------------------
+  // hooks: {
+  //   onLogin: (user) => console.log(\`login: \${user.identifier}\`),
+  //   onFailedLogin: (identifier) => console.warn(\`failed login: \${identifier}\`),
+  //   onLogout: (userId) => console.log(\`logout: \${userId}\`),
+  // },
+
+  // -- Token revocation (optional) --------------------------------------------
+  // isTokenRevoked: async (sessionId) => false,
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'sentri',
+});
+`,fastify:`import { createAuthFastify } from 'sentri/fastify';
+import { PostgresDialect } from 'kysely';
+import pg from 'pg';
+
+const { Pool } = pg;
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthFastify<Role>({
+  mode: 'server',
+
+  // -- Roles ------------------------------------------------------------------
+  validRoles: ['admin', 'user'],
+
+  // -- Database ---------------------------------------------------------------
+  dialect: new PostgresDialect({
+    pool: new Pool({ connectionString: process.env.DATABASE_URL! })
+  }),
+
+  // -- Token ------------------------------------------------------------------
+  accessExpiresIn: process.env.JWT_ACCESS_EXPIRES_IN ?? '15m',
+  refreshExpiresIn: process.env.JWT_REFRESH_EXPIRES_IN ?? '7d',
+
+  // -- Security ---------------------------------------------------------------
+  saltRounds: parseInt(process.env.SALT_ROUNDS ?? '12', 10),
+  // apiKey: process.env.API_KEY,
+
+  // -- Redis (optional) -------------------------------------------------------
+  // redisUrl: process.env.REDIS_URL,
+
+  // -- Cookie (optional) ------------------------------------------------------
+  // cookie: { secure: true, sameSite: 'strict' },
+  // accessCookie: { secure: true, sameSite: 'strict' },
+
+  // -- Hooks (optional) -------------------------------------------------------
+  // hooks: {
+  //   onLogin: (user) => console.log(\`login: \${user.identifier}\`),
+  //   onFailedLogin: (identifier) => console.warn(\`failed login: \${identifier}\`),
+  //   onLogout: (userId) => console.log(\`logout: \${userId}\`),
+  // },
+
+  // -- Token revocation (optional) --------------------------------------------
+  // isTokenRevoked: async (sessionId) => false,
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'sentri',
+});
+`,hono:`import { createAuthHono } from 'sentri/hono';
+import { PostgresDialect } from 'kysely';
+import pg from 'pg';
+
+const { Pool } = pg;
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthHono<Role>({
+  mode: 'server',
+
+  // -- Roles ------------------------------------------------------------------
+  validRoles: ['admin', 'user'],
+
+  // -- Database ---------------------------------------------------------------
+  dialect: new PostgresDialect({
+    pool: new Pool({ connectionString: process.env.DATABASE_URL! })
+  }),
+
+  // -- Token ------------------------------------------------------------------
+  accessExpiresIn: process.env.JWT_ACCESS_EXPIRES_IN ?? '15m',
+  refreshExpiresIn: process.env.JWT_REFRESH_EXPIRES_IN ?? '7d',
+
+  // -- Security ---------------------------------------------------------------
+  saltRounds: parseInt(process.env.SALT_ROUNDS ?? '12', 10),
+  // apiKey: process.env.API_KEY,
+
+  // -- Redis (optional) -------------------------------------------------------
+  // redisUrl: process.env.REDIS_URL,
+
+  // -- Cookie (optional) ------------------------------------------------------
+  // cookie: { secure: true, sameSite: 'strict' },
+  // accessCookie: { secure: true, sameSite: 'strict' },
+
+  // -- Hooks (optional) -------------------------------------------------------
+  // hooks: {
+  //   onLogin: (user) => console.log(\`login: \${user.identifier}\`),
+  //   onFailedLogin: (identifier) => console.warn(\`failed login: \${identifier}\`),
+  //   onLogout: (userId) => console.log(\`logout: \${userId}\`),
+  // },
+
+  // -- Token revocation (optional) --------------------------------------------
+  // isTokenRevoked: async (sessionId) => false,
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'sentri',
+});
+`,elysia:`import { createAuthElysia } from 'sentri/elysia';
+import { PostgresDialect } from 'kysely';
+import pg from 'pg';
+
+const { Pool } = pg;
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthElysia<Role>({
+  mode: 'server',
+
+  // -- Roles ------------------------------------------------------------------
+  validRoles: ['admin', 'user'],
+
+  // -- Database ---------------------------------------------------------------
+  dialect: new PostgresDialect({
+    pool: new Pool({ connectionString: process.env.DATABASE_URL! })
+  }),
+
+  // -- Token ------------------------------------------------------------------
+  accessExpiresIn: process.env.JWT_ACCESS_EXPIRES_IN ?? '15m',
+  refreshExpiresIn: process.env.JWT_REFRESH_EXPIRES_IN ?? '7d',
+
+  // -- Security ---------------------------------------------------------------
+  saltRounds: parseInt(process.env.SALT_ROUNDS ?? '12', 10),
+});
+`,koa:`import { createAuthKoa } from 'sentri/koa';
+import { PostgresDialect } from 'kysely';
+import pg from 'pg';
+
+const { Pool } = pg;
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthKoa<Role>({
+  mode: 'server',
+
+  // -- Roles ------------------------------------------------------------------
+  validRoles: ['admin', 'user'],
+
+  // -- Database ---------------------------------------------------------------
+  dialect: new PostgresDialect({
+    pool: new Pool({ connectionString: process.env.DATABASE_URL! })
+  }),
+
+  // -- Token ------------------------------------------------------------------
+  accessExpiresIn: process.env.JWT_ACCESS_EXPIRES_IN ?? '15m',
+  refreshExpiresIn: process.env.JWT_REFRESH_EXPIRES_IN ?? '7d',
+
+  // -- Security ---------------------------------------------------------------
+  saltRounds: parseInt(process.env.SALT_ROUNDS ?? '12', 10),
+});
+`},client:{express:`import { createAuthExpress } from 'sentri/express';
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthExpress<Role>({
+  mode: 'client',
+
+  // -- Auth server ------------------------------------------------------------
+  // URL of the auth server's GET /auth/keys endpoint (JWKS).
+  // The server must use RS256 to expose this endpoint.
+  keyUri: process.env.AUTH_KEY_URI!,
+
+  // -- Roles (optional) -------------------------------------------------------
+  // Only used for TypeScript type safety on authorize() \u2014 not validated at runtime.
+  validRoles: ['admin', 'user'],
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'auth-service',
+});
+`,fastify:`import { createAuthFastify } from 'sentri/fastify';
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthFastify<Role>({
+  mode: 'client',
+
+  // -- Auth server ------------------------------------------------------------
+  // URL of the auth server's GET /auth/keys endpoint (JWKS).
+  keyUri: process.env.AUTH_KEY_URI!,
+
+  // -- Roles (optional) -------------------------------------------------------
+  validRoles: ['admin', 'user'],
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'auth-service',
+});
+`,hono:`import { createAuthHono } from 'sentri/hono';
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthHono<Role>({
+  mode: 'client',
+
+  // -- Auth server ------------------------------------------------------------
+  // URL of the auth server's GET /auth/keys endpoint (JWKS).
+  keyUri: process.env.AUTH_KEY_URI!,
+
+  // -- Roles (optional) -------------------------------------------------------
+  validRoles: ['admin', 'user'],
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'auth-service',
+});
+`,elysia:`import { createAuthElysia } from 'sentri/elysia';
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthElysia<Role>({
+  mode: 'client',
+
+  // -- Auth server ------------------------------------------------------------
+  // URL of the auth server's GET /auth/keys endpoint (JWKS).
+  // The server must use RS256 to expose this endpoint.
+  keyUri: process.env.AUTH_KEY_URI!,
+
+  // -- Roles (optional) -------------------------------------------------------
+  // Only used for TypeScript type safety on authorize() \u2014 not validated at runtime.
+  validRoles: ['admin', 'user'],
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'auth-service',
+});
+`,koa:`import { createAuthKoa } from 'sentri/koa';
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthKoa<Role>({
+  mode: 'client',
+
+  // -- Auth server ------------------------------------------------------------
+  // URL of the auth server's GET /auth/keys endpoint (JWKS).
+  // The server must use RS256 to expose this endpoint.
+  keyUri: process.env.AUTH_KEY_URI!,
+
+  // -- Roles (optional) -------------------------------------------------------
+  // Only used for TypeScript type safety on authorize() \u2014 not validated at runtime.
+  validRoles: ['admin', 'user'],
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'auth-service',
+});
+`}},A=`# -- Server -------------------------------------------------------------------
+PORT=3000
+
+# -- Database -----------------------------------------------------------------
+DATABASE_URL=postgresql://user:password@localhost:5432/mydb
+
+# -- Token --------------------------------------------------------------------
+JWT_ACCESS_EXPIRES_IN=15m
+JWT_REFRESH_EXPIRES_IN=7d
+
+# -- Security -----------------------------------------------------------------
+SALT_ROUNDS=12
+# API_KEY=your-register-api-key
+
+# -- Redis (optional) ---------------------------------------------------------
+# REDIS_URL=redis://localhost:6379
+`,R=`# -- Server -------------------------------------------------------------------
+PORT=3000
+
+# -- Auth Server --------------------------------------------------------------
+# URL of the auth server's GET /auth/keys endpoint (JWKS).
+AUTH_KEY_URI=http://localhost:3000/auth/keys
+`,E={server:{express:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and fill in your values
+  2. Add to your app entry point:
+
+       import express from 'express';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = express();
+       app.use(express.json());
+       await sentriAuth.migrate();
+       app.use('/auth', sentriAuth.router());
+       app.use(sentriAuth.errorHandler());
+
+  3. Protect routes:
+
+       app.get('/me', sentriAuth.protect(), (req, res) => res.json(req.user));
+`,fastify:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and fill in your values
+  2. Install peer deps: npm install fastify @fastify/cookie
+  3. Add to your app entry point:
+
+       import Fastify from 'fastify';
+       import cookie from '@fastify/cookie';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = Fastify();
+       await app.register(cookie);
+       await sentriAuth.migrate();
+       await app.register(sentriAuth.plugin(), { prefix: '/auth' });
+       app.setErrorHandler(sentriAuth.errorHandler());
+
+  4. Protect routes:
+
+       app.get('/me', { preHandler: sentriAuth.protect() }, async (req) => req.user);
+`,hono:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and fill in your values
+  2. Install peer deps: npm install hono
+  3. Add to your app entry point:
+
+       import { Hono } from 'hono';
+       import { sentriAuth } from './lib/sentri.js';
+       import type { SentriHonoEnv } from 'sentri/hono';
+
+       const app = new Hono<SentriHonoEnv>();
+       await sentriAuth.migrate();
+       app.route('/auth', sentriAuth.router());
+       app.onError(sentriAuth.errorHandler());
+
+  4. Protect routes:
+
+       app.get('/me', sentriAuth.protect(), (c) => c.json(c.get('user')));
+`,elysia:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and fill in your values
+  2. Install peer deps: npm install elysia
+  3. Add to your app entry point:
+
+       import { Elysia } from 'elysia';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = new Elysia()
+         .onError(sentriAuth.errorHandler())
+         .group('/auth', app => app.use(sentriAuth.router()))
+         .use(sentriAuth.protect())
+         .get('/me', ({ user }) => user);
+
+  4. Protect routes:
+
+       app.use(sentriAuth.protect())
+          .get('/me', ({ user }) => user);
+`,koa:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and fill in your values
+  2. Install peer deps: npm install koa @koa/router koa-bodyparser
+  3. Add to your app entry point:
+
+       import Koa from 'koa';
+       import Router from '@koa/router';
+       import bodyParser from 'koa-bodyparser';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = new Koa();
+       app.use(bodyParser());
+       app.use(sentriAuth.errorHandler());
+       await sentriAuth.migrate();
+
+       const rootRouter = new Router();
+       rootRouter.use('/auth', sentriAuth.router().routes());
+       app.use(rootRouter.routes());
+
+  4. Protect routes:
+
+       rootRouter.get('/me', sentriAuth.protect(), (ctx) => {
+         ctx.body = ctx.state.user;
+       });
+`},client:{express:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and set AUTH_KEY_URI to your auth server's /auth/keys endpoint
+  2. Add to your app entry point:
+
+       import express from 'express';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = express();
+       app.get('/protected', sentriAuth.protect(), (req, res) => res.json(req.user));
+       app.use(sentriAuth.errorHandler());
+`,fastify:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and set AUTH_KEY_URI to your auth server's /auth/keys endpoint
+  2. Install peer deps: npm install fastify
+  3. Add to your app entry point:
+
+       import Fastify from 'fastify';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = Fastify();
+       app.get('/protected', { preHandler: sentriAuth.protect() }, async (req) => req.user);
+       app.setErrorHandler(sentriAuth.errorHandler());
+`,hono:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and set AUTH_KEY_URI to your auth server's /auth/keys endpoint
+  2. Install peer deps: npm install hono
+  3. Add to your app entry point:
+
+       import { Hono } from 'hono';
+       import { sentriAuth } from './lib/sentri.js';
+       import type { SentriHonoEnv } from 'sentri/hono';
+
+       const app = new Hono<SentriHonoEnv>();
+       app.get('/protected', sentriAuth.protect(), (c) => c.json(c.get('user')));
+       app.onError(sentriAuth.errorHandler());
+`,elysia:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and set AUTH_KEY_URI to your auth server's /auth/keys endpoint
+  2. Install peer deps: npm install elysia
+  3. Add to your app entry point:
+
+       import { Elysia } from 'elysia';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = new Elysia()
+         .onError(sentriAuth.errorHandler())
+         .use(sentriAuth.protect())
+         .get('/protected', ({ user }) => user);
+`,koa:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and set AUTH_KEY_URI to your auth server's /auth/keys endpoint
+  2. Install peer deps: npm install koa @koa/router
+  3. Add to your app entry point:
+
+       import Koa from 'koa';
+       import Router from '@koa/router';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = new Koa();
+       app.use(sentriAuth.errorHandler());
+
+       const rootRouter = new Router();
+       rootRouter.get('/protected', sentriAuth.protect(), (ctx) => {
+         ctx.body = ctx.state.user;
+       });
+       app.use(rootRouter.routes());
+`}};function c(){console.log(`
+sentri \u2014 auth/authorization library for Express, Fastify, Hono, Elysia, and Koa
+
+Usage:
+  npx sentri <command>
+
+Commands:
+  init [mode] [adapter]   Generate src/lib/sentri.ts
+
+  mode:     server (default) | client
+  adapter:  express (default) | fastify | hono | elysia | koa
+
+Examples:
+  npx sentri init                     \u2192 server mode, express adapter
+  npx sentri init server              \u2192 server mode, express adapter
+  npx sentri init server hono         \u2192 server mode, hono adapter
+  npx sentri init server elysia       \u2192 server mode, elysia adapter
+  npx sentri init server koa          \u2192 server mode, koa adapter
+  npx sentri init client              \u2192 client mode, express adapter
+  npx sentri init client fastify      \u2192 client mode, fastify adapter
+  npx sentri init client hono         \u2192 client mode, hono adapter
+`);}s(c,"help");async function l(e,o,t){if(fs.existsSync(e)){console.log(`  skip   ${t} (already exists)`);return}await promises.writeFile(e,o,"utf8"),console.log(`  create ${t}`);}s(l,"writeIfNotExists");async function S(e,o){let t=["server","client"],i=["express","fastify","hono","elysia","koa"];t.includes(e)||(console.error(`Unknown mode: "${e}". Valid modes: ${t.join(", ")}`),process.exit(1)),i.includes(o)||(console.error(`Unknown adapter: "${o}". Valid adapters: ${i.join(", ")}`),process.exit(1));let a=process.cwd(),p=path.join(a,"src","lib");await promises.mkdir(p,{recursive:true});let u=g[e][o],d=e==="server"?A:R,m=E[e][o];console.log(`
+Generating sentri ${e} mode files (${o})...
+`),await l(path.join(p,"sentri.ts"),u,"src/lib/sentri.ts"),await l(path.join(a,".env.example"),d,".env.example"),console.log(m);}s(S,"init");var x=process.argv.slice(2),[r,k,_]=x;(!r||r==="--help"||r==="-h")&&(c(),process.exit(0));r==="init"?S(k??"server",_??"express").catch(t=>{console.error(t),process.exit(1);}):(console.error(`Unknown command: ${r}`),c(),process.exit(1));

package/dist/cli.d.cts

@@ -0,0 +1 @@
+#!/usr/bin/env node