authrix/dist/chunk-IACBPVYD.mjs

Lightweight, flexible authentication library for Node.js and TypeScript.

import {f}from'./chunk-KPKS7MLL.mjs';import {a}from'./chunk-BHP666OX.mjs';import {a as a$1}from'./chunk-A4X5QZSX.mjs';import {c,d}from'./chunk-5VQXQYKM.mjs';import {b}from'./chunk-GACMQPPZ.mjs';async function v(r,h,l,x={}){let{requireEmailVerification:p=false,requiredRoles:a$2=[],requiredPermissions:u=[],allowApiKey:A=false,customErrorMessage:c$1}=x;try{let e=r.cookies?.[b.cookieName];if(!e&&r.headers.authorization){let t=r.headers.authorization;t.startsWith("Bearer ")&&(e=t.substring(7));}if(!e&&A&&r.headers["x-api-key"],!e)throw new c(c$1||"Authentication required");try{a(e);}catch{throw new c(c$1||"Invalid or expired authentication")}let{user:q,refreshedToken:f$1}=await f(e,{requireEmailVerification:p,updateLastSeen:!0,includeUserProfile:!0}),o=q;if(!o)throw h.clearCookie(b.cookieName,{httpOnly:!0,secure:process.env.NODE_ENV==="production",sameSite:"lax",path:"/"}),new c(c$1||"Invalid or expired authentication");if(p&&!o.emailVerified)throw new d("Email verification required");if(a$2.length>0){let t=o.roles||[];if(!a$2.some(d=>t.includes(d)))throw new d(`Required role: ${a$2.join(" or ")}`)}if(u.length>0){let t=o.permissions||[];if(!u.every(d=>t.includes(d)))throw new d(`Required permissions: ${u.join(", ")}`)}r.user=o,f$1&&h.cookie(b.cookieName,f$1,{httpOnly:!0,secure:b.forceSecureCookies||process.env.NODE_ENV==="production",sameSite:"lax",path:"/",maxAge:b.sessionMaxAgeMs}),l();}catch(e){a$1.debug("Authentication failed",{error:e instanceof Error?e.message:"Unknown error",path:r.path,method:r.method,userAgent:r.get("User-Agent"),ip:r.ip}),l(e);}}export{v as a};