sentri 5.0.0 → 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/dist/adapters/elysia/index.cjs +1 -1
  2. package/dist/adapters/elysia/index.d.cts +15 -0
  3. package/dist/adapters/elysia/index.d.ts +15 -0
  4. package/dist/adapters/elysia/index.js +1 -1
  5. package/dist/adapters/express/index.cjs +1 -1
  6. package/dist/adapters/express/index.d.cts +12 -0
  7. package/dist/adapters/express/index.d.ts +12 -0
  8. package/dist/adapters/express/index.js +1 -1
  9. package/dist/adapters/fastify/index.cjs +1 -1
  10. package/dist/adapters/fastify/index.d.cts +15 -0
  11. package/dist/adapters/fastify/index.d.ts +15 -0
  12. package/dist/adapters/fastify/index.js +1 -1
  13. package/dist/adapters/hono/index.cjs +1 -1
  14. package/dist/adapters/hono/index.d.cts +15 -0
  15. package/dist/adapters/hono/index.d.ts +15 -0
  16. package/dist/adapters/hono/index.js +1 -1
  17. package/dist/adapters/koa/index.cjs +1 -1
  18. package/dist/adapters/koa/index.d.cts +15 -0
  19. package/dist/adapters/koa/index.d.ts +15 -0
  20. package/dist/adapters/koa/index.js +1 -1
  21. package/dist/cli.cjs +16 -1
  22. package/dist/cli.js +16 -1
  23. package/dist/core/index.d.cts +35 -0
  24. package/dist/core/index.d.ts +35 -0
  25. package/package.json +1 -1
package/dist/cli.js CHANGED
@@ -13,6 +13,9 @@ export const sentriAuth = createAuthExpress<Role>({
13
13
  // -- Roles ------------------------------------------------------------------
14
14
  validRoles: ['admin', 'user'],
15
15
 
16
+ // -- Identifiers ------------------------------------------------------------
17
+ validIdentifiers: ['email', 'username'],
18
+
16
19
  // -- Database ---------------------------------------------------------------
17
20
  dialect: new PostgresDialect({
18
21
  pool: new Pool({ connectionString: process.env.DATABASE_URL! })
@@ -61,6 +64,9 @@ export const sentriAuth = createAuthFastify<Role>({
61
64
  // -- Roles ------------------------------------------------------------------
62
65
  validRoles: ['admin', 'user'],
63
66
 
67
+ // -- Identifiers ------------------------------------------------------------
68
+ validIdentifiers: ['email', 'username'],
69
+
64
70
  // -- Database ---------------------------------------------------------------
65
71
  dialect: new PostgresDialect({
66
72
  pool: new Pool({ connectionString: process.env.DATABASE_URL! })
@@ -109,6 +115,9 @@ export const sentriAuth = createAuthHono<Role>({
109
115
  // -- Roles ------------------------------------------------------------------
110
116
  validRoles: ['admin', 'user'],
111
117
 
118
+ // -- Identifiers ------------------------------------------------------------
119
+ validIdentifiers: ['email', 'username'],
120
+
112
121
  // -- Database ---------------------------------------------------------------
113
122
  dialect: new PostgresDialect({
114
123
  pool: new Pool({ connectionString: process.env.DATABASE_URL! })
@@ -157,6 +166,9 @@ export const sentriAuth = createAuthElysia<Role>({
157
166
  // -- Roles ------------------------------------------------------------------
158
167
  validRoles: ['admin', 'user'],
159
168
 
169
+ // -- Identifiers ------------------------------------------------------------
170
+ validIdentifiers: ['email', 'username'],
171
+
160
172
  // -- Database ---------------------------------------------------------------
161
173
  dialect: new PostgresDialect({
162
174
  pool: new Pool({ connectionString: process.env.DATABASE_URL! })
@@ -183,6 +195,9 @@ export const sentriAuth = createAuthKoa<Role>({
183
195
  // -- Roles ------------------------------------------------------------------
184
196
  validRoles: ['admin', 'user'],
185
197
 
198
+ // -- Identifiers ------------------------------------------------------------
199
+ validIdentifiers: ['email', 'username'],
200
+
186
201
  // -- Database ---------------------------------------------------------------
187
202
  dialect: new PostgresDialect({
188
203
  pool: new Pool({ connectionString: process.env.DATABASE_URL! })
@@ -511,4 +526,4 @@ Examples:
511
526
  npx sentri init client hono \u2192 client mode, hono adapter
512
527
  `);}s(c,"help");async function l(e,o,t){if(existsSync(e)){console.log(` skip ${t} (already exists)`);return}await writeFile(e,o,"utf8"),console.log(` create ${t}`);}s(l,"writeIfNotExists");async function S(e,o){let t=["server","client"],i=["express","fastify","hono","elysia","koa"];t.includes(e)||(console.error(`Unknown mode: "${e}". Valid modes: ${t.join(", ")}`),process.exit(1)),i.includes(o)||(console.error(`Unknown adapter: "${o}". Valid adapters: ${i.join(", ")}`),process.exit(1));let a=process.cwd(),p=join(a,"src","lib");await mkdir(p,{recursive:true});let u=g[e][o],d=e==="server"?A:R,m=E[e][o];console.log(`
513
528
  Generating sentri ${e} mode files (${o})...
514
- `),await l(join(p,"sentri.ts"),u,"src/lib/sentri.ts"),await l(join(a,".env.example"),d,".env.example"),console.log(m);}s(S,"init");var x=process.argv.slice(2),[r,k,_]=x;(!r||r==="--help"||r==="-h")&&(c(),process.exit(0));r==="init"?S(k??"server",_??"express").catch(t=>{console.error(t),process.exit(1);}):(console.error(`Unknown command: ${r}`),c(),process.exit(1));
529
+ `),await l(join(p,"sentri.ts"),u,"src/lib/sentri.ts"),await l(join(a,".env.example"),d,".env.example"),console.log(m);}s(S,"init");var x=process.argv.slice(2),[r,I,k]=x;(!r||r==="--help"||r==="-h")&&(c(),process.exit(0));r==="init"?S(I??"server",k??"express").catch(t=>{console.error(t),process.exit(1);}):(console.error(`Unknown command: ${r}`),c(),process.exit(1));
package/dist/core/index.d.cts CHANGED
@@ -125,6 +125,10 @@ interface SentriLogger {
125
125
  error(data: Record<string, unknown>): void;
126
126
  }
127
127
 
128
+ /**
129
+ * Standardized API response format returned by Sentri endpoints.
130
+ * @template T - The type of the data payload.
131
+ */
128
132
  interface ApiResponse<T = null> {
129
133
  error: boolean;
130
134
  statusCode: number;
@@ -151,6 +155,7 @@ interface IdentifierInput {
151
155
  /** The globally unique identifier value. */
152
156
  value: string;
153
157
  }
158
+ /** Result returned after a successful or failed registration attempt. */
154
159
  type RegisterResult<TRole extends string = string> = {
155
160
  success: true;
156
161
  user: AuthUser<TRole>;
@@ -158,6 +163,7 @@ type RegisterResult<TRole extends string = string> = {
158
163
  success: false;
159
164
  error: SentriError;
160
165
  };
166
+ /** Result returned after a successful or failed login attempt. */
161
167
  type AuthResult<TRole extends string = string> = {
162
168
  success: true;
163
169
  accessToken: string;
@@ -167,6 +173,7 @@ type AuthResult<TRole extends string = string> = {
167
173
  success: false;
168
174
  error: SentriError;
169
175
  };
176
+ /** Result returned after assigning new roles to a user. */
170
177
  type AssignRolesResult<TRole extends string = string> = {
171
178
  success: true;
172
179
  user: AuthUser<TRole>;
@@ -174,6 +181,7 @@ type AssignRolesResult<TRole extends string = string> = {
174
181
  success: false;
175
182
  error: SentriError;
176
183
  };
184
+ /** Result returned when fetching a specific user's details. */
177
185
  type GetUserResult<TRole extends string = string> = {
178
186
  success: true;
179
187
  user: AuthUser<TRole>;
@@ -181,6 +189,7 @@ type GetUserResult<TRole extends string = string> = {
181
189
  success: false;
182
190
  error: SentriError;
183
191
  };
192
+ /** Result returned after bulk identifier operations (create/update/delete). */
184
193
  type BulkIdentifiersResult = {
185
194
  success: true;
186
195
  identifiers: IdentifierRecord[];
@@ -188,12 +197,14 @@ type BulkIdentifiersResult = {
188
197
  success: false;
189
198
  error: SentriError;
190
199
  };
200
+ /** Result returned after changing a user's password. */
191
201
  type ChangePasswordResult = {
192
202
  success: true;
193
203
  } | {
194
204
  success: false;
195
205
  error: SentriError;
196
206
  };
207
+ /** Result returned after a successful or failed session refresh. */
197
208
  type RefreshResult<TRole extends string = string> = {
198
209
  success: true;
199
210
  accessToken: string;
@@ -203,17 +214,22 @@ type RefreshResult<TRole extends string = string> = {
203
214
  success: false;
204
215
  error: SentriError;
205
216
  };
217
+ /** Input payload required for user registration. */
206
218
  interface RegisterInput<TRole extends string = string> {
207
219
  /** One or more identifiers for the new user. All values must be globally unique. */
208
220
  identifiers: IdentifierInput[];
209
221
  password: string;
210
222
  roles?: TRole[];
211
223
  }
224
+ /** Input payload required for user login. */
212
225
  interface LoginInput {
213
226
  /** Any of the user's identifier values — Sentri searches all types. */
214
227
  identifier: string;
215
228
  password: string;
216
229
  }
230
+ /**
231
+ * Configuration options for the HTTP-only Refresh Token cookie.
232
+ */
217
233
  interface CookieConfig {
218
234
  name?: string;
219
235
  httpOnly?: boolean;
@@ -221,12 +237,19 @@ interface CookieConfig {
221
237
  sameSite?: 'strict' | 'lax' | 'none';
222
238
  path?: string;
223
239
  }
240
+ /**
241
+ * Configuration options for the Access Token cookie (if used).
242
+ */
224
243
  interface AccessCookieConfig {
225
244
  name?: string;
226
245
  secure?: boolean;
227
246
  sameSite?: 'strict' | 'lax' | 'none';
228
247
  path?: string;
229
248
  }
249
+ /**
250
+ * Lifecycle hooks for injecting custom logic during authentication flows.
251
+ * Helpful for sending welcome emails, tracking analytics, or logging.
252
+ */
230
253
  interface AuthHooks {
231
254
  onRegister?: (user: AuthUser) => void | Promise<void>;
232
255
  onLoginSuccess?: (user: AuthUser, meta: {
@@ -239,10 +262,15 @@ interface AuthHooks {
239
262
  onPasswordChanged?: (userId: string) => void | Promise<void>;
240
263
  onLogout?: (userId: string) => void | Promise<void>;
241
264
  }
265
+ /** Configuration for rate limiting login and registration endpoints. */
242
266
  interface RateLimitOptions {
243
267
  maxLoginAttempts?: number;
244
268
  maxRegisterAttempts?: number;
245
269
  }
270
+ /**
271
+ * Optional overrides for the core router logic.
272
+ * Provide custom handler functions to completely replace default endpoints behaviors.
273
+ */
246
274
  interface RouterHandlers {
247
275
  register?: (input: RegisterInput, meta: {
248
276
  ip: string;
@@ -272,6 +300,7 @@ interface RouterHandlers {
272
300
  revokeSession?: (userId: string, sessionId: string) => Promise<void>;
273
301
  }
274
302
  interface ServerAuthConfig<TRole extends string = string> {
303
+ /** Indicates this configuration is for a Sentri Server instance. */
275
304
  mode: 'server';
276
305
  /** Kysely Dialect (e.g. PostgresDialect, MysqlDialect, SqliteDialect). */
277
306
  dialect: Dialect;
@@ -287,13 +316,19 @@ interface ServerAuthConfig<TRole extends string = string> {
287
316
  * @default 'HS256'
288
317
  */
289
318
  algorithm?: 'HS256' | 'HS384' | 'HS512' | 'RS256' | 'RS384' | 'RS512';
319
+ /** List of valid roles accepted by the system during registration or role assignment. */
290
320
  validRoles: readonly TRole[];
321
+ /** @default ['email', 'username'] */
322
+ validIdentifiers?: readonly string[];
291
323
  /** @default '15m' */
292
324
  accessExpiresIn?: string | number;
293
325
  /** @default '7d' */
294
326
  refreshExpiresIn?: string | number;
295
327
  /** @default 12 */
296
328
  saltRounds?: number;
329
+ /**
330
+ * Optional API Key required for protected endpoints (like bulk identifier operations).
331
+ */
297
332
  apiKey?: string;
298
333
  cookie?: CookieConfig;
299
334
  accessCookie?: AccessCookieConfig;
package/dist/core/index.d.ts CHANGED
@@ -125,6 +125,10 @@ interface SentriLogger {
125
125
  error(data: Record<string, unknown>): void;
126
126
  }
127
127
 
128
+ /**
129
+ * Standardized API response format returned by Sentri endpoints.
130
+ * @template T - The type of the data payload.
131
+ */
128
132
  interface ApiResponse<T = null> {
129
133
  error: boolean;
130
134
  statusCode: number;
@@ -151,6 +155,7 @@ interface IdentifierInput {
151
155
  /** The globally unique identifier value. */
152
156
  value: string;
153
157
  }
158
+ /** Result returned after a successful or failed registration attempt. */
154
159
  type RegisterResult<TRole extends string = string> = {
155
160
  success: true;
156
161
  user: AuthUser<TRole>;
@@ -158,6 +163,7 @@ type RegisterResult<TRole extends string = string> = {
158
163
  success: false;
159
164
  error: SentriError;
160
165
  };
166
+ /** Result returned after a successful or failed login attempt. */
161
167
  type AuthResult<TRole extends string = string> = {
162
168
  success: true;
163
169
  accessToken: string;
@@ -167,6 +173,7 @@ type AuthResult<TRole extends string = string> = {
167
173
  success: false;
168
174
  error: SentriError;
169
175
  };
176
+ /** Result returned after assigning new roles to a user. */
170
177
  type AssignRolesResult<TRole extends string = string> = {
171
178
  success: true;
172
179
  user: AuthUser<TRole>;
@@ -174,6 +181,7 @@ type AssignRolesResult<TRole extends string = string> = {
174
181
  success: false;
175
182
  error: SentriError;
176
183
  };
184
+ /** Result returned when fetching a specific user's details. */
177
185
  type GetUserResult<TRole extends string = string> = {
178
186
  success: true;
179
187
  user: AuthUser<TRole>;
@@ -181,6 +189,7 @@ type GetUserResult<TRole extends string = string> = {
181
189
  success: false;
182
190
  error: SentriError;
183
191
  };
192
+ /** Result returned after bulk identifier operations (create/update/delete). */
184
193
  type BulkIdentifiersResult = {
185
194
  success: true;
186
195
  identifiers: IdentifierRecord[];
@@ -188,12 +197,14 @@ type BulkIdentifiersResult = {
188
197
  success: false;
189
198
  error: SentriError;
190
199
  };
200
+ /** Result returned after changing a user's password. */
191
201
  type ChangePasswordResult = {
192
202
  success: true;
193
203
  } | {
194
204
  success: false;
195
205
  error: SentriError;
196
206
  };
207
+ /** Result returned after a successful or failed session refresh. */
197
208
  type RefreshResult<TRole extends string = string> = {
198
209
  success: true;
199
210
  accessToken: string;
@@ -203,17 +214,22 @@ type RefreshResult<TRole extends string = string> = {
203
214
  success: false;
204
215
  error: SentriError;
205
216
  };
217
+ /** Input payload required for user registration. */
206
218
  interface RegisterInput<TRole extends string = string> {
207
219
  /** One or more identifiers for the new user. All values must be globally unique. */
208
220
  identifiers: IdentifierInput[];
209
221
  password: string;
210
222
  roles?: TRole[];
211
223
  }
224
+ /** Input payload required for user login. */
212
225
  interface LoginInput {
213
226
  /** Any of the user's identifier values — Sentri searches all types. */
214
227
  identifier: string;
215
228
  password: string;
216
229
  }
230
+ /**
231
+ * Configuration options for the HTTP-only Refresh Token cookie.
232
+ */
217
233
  interface CookieConfig {
218
234
  name?: string;
219
235
  httpOnly?: boolean;
@@ -221,12 +237,19 @@ interface CookieConfig {
221
237
  sameSite?: 'strict' | 'lax' | 'none';
222
238
  path?: string;
223
239
  }
240
+ /**
241
+ * Configuration options for the Access Token cookie (if used).
242
+ */
224
243
  interface AccessCookieConfig {
225
244
  name?: string;
226
245
  secure?: boolean;
227
246
  sameSite?: 'strict' | 'lax' | 'none';
228
247
  path?: string;
229
248
  }
249
+ /**
250
+ * Lifecycle hooks for injecting custom logic during authentication flows.
251
+ * Helpful for sending welcome emails, tracking analytics, or logging.
252
+ */
230
253
  interface AuthHooks {
231
254
  onRegister?: (user: AuthUser) => void | Promise<void>;
232
255
  onLoginSuccess?: (user: AuthUser, meta: {
@@ -239,10 +262,15 @@ interface AuthHooks {
239
262
  onPasswordChanged?: (userId: string) => void | Promise<void>;
240
263
  onLogout?: (userId: string) => void | Promise<void>;
241
264
  }
265
+ /** Configuration for rate limiting login and registration endpoints. */
242
266
  interface RateLimitOptions {
243
267
  maxLoginAttempts?: number;
244
268
  maxRegisterAttempts?: number;
245
269
  }
270
+ /**
271
+ * Optional overrides for the core router logic.
272
+ * Provide custom handler functions to completely replace default endpoints behaviors.
273
+ */
246
274
  interface RouterHandlers {
247
275
  register?: (input: RegisterInput, meta: {
248
276
  ip: string;
@@ -272,6 +300,7 @@ interface RouterHandlers {
272
300
  revokeSession?: (userId: string, sessionId: string) => Promise<void>;
273
301
  }
274
302
  interface ServerAuthConfig<TRole extends string = string> {
303
+ /** Indicates this configuration is for a Sentri Server instance. */
275
304
  mode: 'server';
276
305
  /** Kysely Dialect (e.g. PostgresDialect, MysqlDialect, SqliteDialect). */
277
306
  dialect: Dialect;
@@ -287,13 +316,19 @@ interface ServerAuthConfig<TRole extends string = string> {
287
316
  * @default 'HS256'
288
317
  */
289
318
  algorithm?: 'HS256' | 'HS384' | 'HS512' | 'RS256' | 'RS384' | 'RS512';
319
+ /** List of valid roles accepted by the system during registration or role assignment. */
290
320
  validRoles: readonly TRole[];
321
+ /** @default ['email', 'username'] */
322
+ validIdentifiers?: readonly string[];
291
323
  /** @default '15m' */
292
324
  accessExpiresIn?: string | number;
293
325
  /** @default '7d' */
294
326
  refreshExpiresIn?: string | number;
295
327
  /** @default 12 */
296
328
  saltRounds?: number;
329
+ /**
330
+ * Optional API Key required for protected endpoints (like bulk identifier operations).
331
+ */
297
332
  apiKey?: string;
298
333
  cookie?: CookieConfig;
299
334
  accessCookie?: AccessCookieConfig;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "sentri",
3
- "version": "5.0.0",
3
+ "version": "5.0.1",
4
4
  "description": "Auth/authorization library for Express, Fastify, Hono, and Elysia — PostgreSQL + JWT",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",