bknd
Version:
Lightweight Firebase/Supabase alternative built to run anywhere — incl. Next.js, React Router, Astro, Cloudflare, Bun, Node, AWS Lambda & more.
889 lines (888 loc) • 44 kB
TypeScript
import { jwtConfig } from "../auth/authenticate/Authenticator";
import { CustomOAuthStrategy, OAuthStrategy, PasswordStrategy } from "../auth/authenticate/strategies";
import { s } from "bknd/utils";
export declare const Strategies: {
readonly password: {
readonly cls: typeof PasswordStrategy;
readonly schema: s.ObjectSchema<{
readonly hashing: s.StringSchema<{
readonly enum: readonly ["plain", "sha256", "bcrypt"];
readonly default: "sha256";
}> & {
readonly enum: readonly ["plain", "sha256", "bcrypt"];
readonly default: "sha256";
};
readonly rounds: {
readonly maximum: 10;
readonly minimum: 1;
} & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
readonly minLength: {
readonly default: 8;
readonly minimum: 1;
} & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
};
readonly oauth: {
readonly cls: typeof OAuthStrategy;
readonly schema: s.ObjectSchema<{
readonly name: s.StringSchema<{
readonly enum: ("google" | "github")[];
}> & {
readonly enum: ("google" | "github")[];
};
readonly type: s.StringSchema<{
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oauth2";
}> & {
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oauth2";
};
readonly client: s.ObjectSchema<{
readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
}, {
readonly title: "OAuth";
}> & {
readonly title: "OAuth";
};
};
readonly custom_oauth: {
readonly cls: typeof CustomOAuthStrategy;
readonly schema: s.ObjectSchema<{
readonly type: s.StringSchema<{
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oidc";
}> & {
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oidc";
};
readonly name: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly client: s.ObjectSchema<{
readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly token_endpoint_auth_method: s.StringSchema<{
readonly enum: readonly ["client_secret_basic"];
}> & {
readonly enum: readonly ["client_secret_basic"];
};
}, s.IObjectOptions> & s.IObjectOptions;
readonly as: s.ObjectSchema<{
readonly issuer: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly code_challenge_methods_supported: {
readonly enum: ["S256"];
} & s.Schema<s.ISchemaOptions, "S256" | undefined, "S256" | undefined>;
readonly scopes_supported: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
$defs?: Record<string, s.Schema> | undefined;
contains?: s.Schema | undefined;
minContains?: number | undefined;
maxContains?: number | undefined;
prefixItems?: s.Schema[] | undefined;
uniqueItems?: boolean | undefined;
maxItems?: number | undefined;
minItems?: number | undefined;
readonly items?: (s.StringSchema<s.IStringOptions> & s.IStringOptions) | undefined;
} & s.Schema<s.ISchemaOptions, string[] | undefined, string[] | undefined>;
readonly scope_separator: {
readonly default: " ";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly authorization_endpoint: {
readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly token_endpoint: {
readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly userinfo_endpoint: {
readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
}, s.Merge<{
readonly title: "Custom OAuth";
} & {
additionalProperties: false;
}>>;
};
};
export declare const STRATEGIES: {
readonly password: {
readonly cls: typeof PasswordStrategy;
readonly schema: s.ObjectSchema<{
readonly hashing: s.StringSchema<{
readonly enum: readonly ["plain", "sha256", "bcrypt"];
readonly default: "sha256";
}> & {
readonly enum: readonly ["plain", "sha256", "bcrypt"];
readonly default: "sha256";
};
readonly rounds: {
readonly maximum: 10;
readonly minimum: 1;
} & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
readonly minLength: {
readonly default: 8;
readonly minimum: 1;
} & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
};
readonly oauth: {
readonly cls: typeof OAuthStrategy;
readonly schema: s.ObjectSchema<{
readonly name: s.StringSchema<{
readonly enum: ("google" | "github")[];
}> & {
readonly enum: ("google" | "github")[];
};
readonly type: s.StringSchema<{
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oauth2";
}> & {
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oauth2";
};
readonly client: s.ObjectSchema<{
readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
}, {
readonly title: "OAuth";
}> & {
readonly title: "OAuth";
};
};
readonly custom_oauth: {
readonly cls: typeof CustomOAuthStrategy;
readonly schema: s.ObjectSchema<{
readonly type: s.StringSchema<{
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oidc";
}> & {
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oidc";
};
readonly name: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly client: s.ObjectSchema<{
readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly token_endpoint_auth_method: s.StringSchema<{
readonly enum: readonly ["client_secret_basic"];
}> & {
readonly enum: readonly ["client_secret_basic"];
};
}, s.IObjectOptions> & s.IObjectOptions;
readonly as: s.ObjectSchema<{
readonly issuer: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly code_challenge_methods_supported: {
readonly enum: ["S256"];
} & s.Schema<s.ISchemaOptions, "S256" | undefined, "S256" | undefined>;
readonly scopes_supported: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
$defs?: Record<string, s.Schema> | undefined;
contains?: s.Schema | undefined;
minContains?: number | undefined;
maxContains?: number | undefined;
prefixItems?: s.Schema[] | undefined;
uniqueItems?: boolean | undefined;
maxItems?: number | undefined;
minItems?: number | undefined;
readonly items?: (s.StringSchema<s.IStringOptions> & s.IStringOptions) | undefined;
} & s.Schema<s.ISchemaOptions, string[] | undefined, string[] | undefined>;
readonly scope_separator: {
readonly default: " ";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly authorization_endpoint: {
readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly token_endpoint: {
readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly userinfo_endpoint: {
readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
}, s.Merge<{
readonly title: "Custom OAuth";
} & {
additionalProperties: false;
}>>;
};
};
declare const strategiesSchema: s.Schema<s.IUnionOptions, {
enabled?: boolean | undefined;
type: "password" | "oauth" | "custom_oauth";
config: {
minLength?: number | undefined;
rounds?: number | undefined;
hashing: "plain" | "sha256" | "bcrypt";
} | {
[x: string]: unknown;
name: "google" | "github";
type: "oidc" | "oauth2";
client: {
client_id: string;
client_secret: string;
};
} | {
name: string;
type: "oidc" | "oauth2";
client: {
[x: string]: unknown;
client_id: string;
client_secret: string;
token_endpoint_auth_method: "client_secret_basic";
};
as: {
code_challenge_methods_supported?: "S256" | undefined;
scopes_supported?: string[] | undefined;
scope_separator?: string | undefined;
authorization_endpoint?: string | undefined;
token_endpoint?: string | undefined;
userinfo_endpoint?: string | undefined;
issuer: string;
};
};
}, never> & s.Merge<s.IUnionOptions & {
anyOf: s.ObjectSchema<{
readonly enabled: {
readonly default: true;
} & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
readonly type: s.Schema<s.ILiteralOptions, "password" | "oauth" | "custom_oauth", "password" | "oauth" | "custom_oauth"> & s.Merge<s.ILiteralOptions & {
const: "password" | "oauth" | "custom_oauth";
}>;
readonly config: s.ObjectSchema<{
readonly hashing: s.StringSchema<{
readonly enum: readonly ["plain", "sha256", "bcrypt"];
readonly default: "sha256";
}> & {
readonly enum: readonly ["plain", "sha256", "bcrypt"];
readonly default: "sha256";
};
readonly rounds: {
readonly maximum: 10;
readonly minimum: 1;
} & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
readonly minLength: {
readonly default: 8;
readonly minimum: 1;
} & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>> | (s.ObjectSchema<{
readonly name: s.StringSchema<{
readonly enum: ("google" | "github")[];
}> & {
readonly enum: ("google" | "github")[];
};
readonly type: s.StringSchema<{
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oauth2";
}> & {
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oauth2";
};
readonly client: s.ObjectSchema<{
readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
}, {
readonly title: "OAuth";
}> & {
readonly title: "OAuth";
}) | s.ObjectSchema<{
readonly type: s.StringSchema<{
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oidc";
}> & {
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oidc";
};
readonly name: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly client: s.ObjectSchema<{
readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly token_endpoint_auth_method: s.StringSchema<{
readonly enum: readonly ["client_secret_basic"];
}> & {
readonly enum: readonly ["client_secret_basic"];
};
}, s.IObjectOptions> & s.IObjectOptions;
readonly as: s.ObjectSchema<{
readonly issuer: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly code_challenge_methods_supported: {
readonly enum: ["S256"];
} & s.Schema<s.ISchemaOptions, "S256" | undefined, "S256" | undefined>;
readonly scopes_supported: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
$defs?: Record<string, s.Schema> | undefined;
contains?: s.Schema | undefined;
minContains?: number | undefined;
maxContains?: number | undefined;
prefixItems?: s.Schema[] | undefined;
uniqueItems?: boolean | undefined;
maxItems?: number | undefined;
minItems?: number | undefined;
readonly items?: (s.StringSchema<s.IStringOptions> & s.IStringOptions) | undefined;
} & s.Schema<s.ISchemaOptions, string[] | undefined, string[] | undefined>;
readonly scope_separator: {
readonly default: " ";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly authorization_endpoint: {
readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly token_endpoint: {
readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly userinfo_endpoint: {
readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
}, s.Merge<{
readonly title: "Custom OAuth";
} & {
additionalProperties: false;
}>>;
}, s.Merge<{
readonly title: "password" | "oauth" | "custom_oauth";
} & {
additionalProperties: false;
}>>[];
}>;
export type AppAuthStrategies = s.Static<typeof strategiesSchema>;
export type AppAuthOAuthStrategy = s.Static<typeof STRATEGIES.oauth.schema>;
export type AppAuthCustomOAuthStrategy = s.Static<typeof STRATEGIES.custom_oauth.schema>;
export declare const guardRoleSchema: s.ObjectSchema<{
readonly permissions: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
anyOf: [s.ArraySchema<s.StringSchema<s.IStringOptions> & s.IStringOptions, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>, s.ArraySchema<s.ObjectSchema<{
readonly permission: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly effect: {
readonly default: "allow";
readonly enum: ["allow", "deny"];
} & s.Schema<s.ISchemaOptions, "allow" | "deny" | undefined, "allow" | "deny" | undefined>;
readonly policies: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
$defs?: Record<string, s.Schema> | undefined;
contains?: s.Schema | undefined;
minContains?: number | undefined;
maxContains?: number | undefined;
prefixItems?: s.Schema[] | undefined;
uniqueItems?: boolean | undefined;
maxItems?: number | undefined;
minItems?: number | undefined;
readonly items?: s.ObjectSchema<{
readonly description: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly condition: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>;
readonly effect: s.Schema<s.ISchemaOptions, "filter" | "allow" | "deny" | undefined, "filter" | "allow" | "deny" | undefined>;
readonly filter: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>> | undefined;
} & s.Schema<s.ISchemaOptions, {
description?: string | undefined;
filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
effect?: "filter" | "allow" | "deny" | undefined;
condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
}[] | undefined, {
description?: string | undefined;
filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
effect?: "filter" | "allow" | "deny" | undefined;
condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
}[] | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>];
} & s.Schema<s.ISchemaOptions, string[] | {
effect?: "allow" | "deny" | undefined;
policies?: {
description?: string | undefined;
filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
effect?: "filter" | "allow" | "deny" | undefined;
condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
}[] | undefined;
permission: string;
}[] | undefined, any>;
readonly is_default: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
} & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
readonly implicit_allow: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
} & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
export declare const authConfigSchema: import("../modules/mcp").ObjectToolSchema<{
readonly enabled: s.Schema<{
readonly default: false;
}, boolean, boolean> & {
readonly default: false;
};
readonly basepath: s.StringSchema<{
readonly default: "/api/auth";
}> & {
readonly default: "/api/auth";
};
readonly entity_name: s.StringSchema<{
readonly default: "users";
}> & {
readonly default: "users";
};
readonly allow_register: {
readonly default: true;
} & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
readonly default_role_register: {
default?: any;
maxLength?: number | undefined;
minLength?: number | undefined;
pattern?: (string | RegExp) | undefined;
format?: string | undefined;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly jwt: s.ObjectSchema<{
readonly secret: import("bknd/utils").SecretSchema<{
default: string;
}> & {
default: string;
};
readonly alg: {
readonly default: "HS256";
readonly enum: ["HS256", "HS384", "HS512"];
} & s.Schema<s.ISchemaOptions, "HS256" | "HS384" | "HS512" | undefined, "HS256" | "HS384" | "HS512" | undefined>;
readonly expires: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
multipleOf?: number | undefined;
maximum?: number | undefined;
exclusiveMaximum?: number | undefined;
minimum?: number | undefined;
exclusiveMinimum?: number | undefined;
} & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
readonly issuer: {
default?: any;
maxLength?: number | undefined;
minLength?: number | undefined;
pattern?: (string | RegExp) | undefined;
format?: string | undefined;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly fields: s.ArraySchema<s.StringSchema<s.IStringOptions> & s.IStringOptions, {
readonly default: readonly ["id", "email", "role"];
}> & {
readonly default: readonly ["id", "email", "role"];
};
}, s.Merge<{
readonly default: {};
} & {
additionalProperties: false;
}>>;
readonly cookie: s.ObjectSchema<{
readonly domain: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly path: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly sameSite: s.Schema<s.ISchemaOptions, "strict" | "lax" | "none" | undefined, "strict" | "lax" | "none" | undefined>;
readonly secure: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
readonly httpOnly: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
readonly expires: s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
readonly partitioned: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
readonly renew: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
readonly pathSuccess: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly pathLoggedOut: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
readonly strategies: import("../modules/mcp").RecordToolSchema<s.Schema<s.IUnionOptions, {
enabled?: boolean | undefined;
type: "password" | "oauth" | "custom_oauth";
config: {
minLength?: number | undefined;
rounds?: number | undefined;
hashing: "plain" | "sha256" | "bcrypt";
} | {
[x: string]: unknown;
name: "google" | "github";
type: "oidc" | "oauth2";
client: {
client_id: string;
client_secret: string;
};
} | {
name: string;
type: "oidc" | "oauth2";
client: {
[x: string]: unknown;
client_id: string;
client_secret: string;
token_endpoint_auth_method: "client_secret_basic";
};
as: {
code_challenge_methods_supported?: "S256" | undefined;
scopes_supported?: string[] | undefined;
scope_separator?: string | undefined;
authorization_endpoint?: string | undefined;
token_endpoint?: string | undefined;
userinfo_endpoint?: string | undefined;
issuer: string;
};
};
}, never> & s.Merge<s.IUnionOptions & {
anyOf: s.ObjectSchema<{
readonly enabled: {
readonly default: true;
} & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
readonly type: s.Schema<s.ILiteralOptions, "password" | "oauth" | "custom_oauth", "password" | "oauth" | "custom_oauth"> & s.Merge<s.ILiteralOptions & {
const: "password" | "oauth" | "custom_oauth";
}>;
readonly config: s.ObjectSchema<{
readonly hashing: s.StringSchema<{
readonly enum: readonly ["plain", "sha256", "bcrypt"];
readonly default: "sha256";
}> & {
readonly enum: readonly ["plain", "sha256", "bcrypt"];
readonly default: "sha256";
};
readonly rounds: {
readonly maximum: 10;
readonly minimum: 1;
} & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
readonly minLength: {
readonly default: 8;
readonly minimum: 1;
} & s.Schema<s.ISchemaOptions, number | undefined, number | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>> | (s.ObjectSchema<{
readonly name: s.StringSchema<{
readonly enum: ("google" | "github")[];
}> & {
readonly enum: ("google" | "github")[];
};
readonly type: s.StringSchema<{
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oauth2";
}> & {
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oauth2";
};
readonly client: s.ObjectSchema<{
readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
}, {
readonly title: "OAuth";
}> & {
readonly title: "OAuth";
}) | s.ObjectSchema<{
readonly type: s.StringSchema<{
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oidc";
}> & {
readonly enum: readonly ["oidc", "oauth2"];
readonly default: "oidc";
};
readonly name: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly client: s.ObjectSchema<{
readonly client_id: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly client_secret: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly token_endpoint_auth_method: s.StringSchema<{
readonly enum: readonly ["client_secret_basic"];
}> & {
readonly enum: readonly ["client_secret_basic"];
};
}, s.IObjectOptions> & s.IObjectOptions;
readonly as: s.ObjectSchema<{
readonly issuer: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly code_challenge_methods_supported: {
readonly enum: ["S256"];
} & s.Schema<s.ISchemaOptions, "S256" | undefined, "S256" | undefined>;
readonly scopes_supported: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
$defs?: Record<string, s.Schema> | undefined;
contains?: s.Schema | undefined;
minContains?: number | undefined;
maxContains?: number | undefined;
prefixItems?: s.Schema[] | undefined;
uniqueItems?: boolean | undefined;
maxItems?: number | undefined;
minItems?: number | undefined;
readonly items?: (s.StringSchema<s.IStringOptions> & s.IStringOptions) | undefined;
} & s.Schema<s.ISchemaOptions, string[] | undefined, string[] | undefined>;
readonly scope_separator: {
readonly default: " ";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly authorization_endpoint: {
readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly token_endpoint: {
readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly userinfo_endpoint: {
readonly pattern: "^(https?|wss?)://[^\\s/$.?#].[^\\s]*$";
} & s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
}, s.Merge<{
readonly title: "Custom OAuth";
} & {
additionalProperties: false;
}>>;
}, s.Merge<{
readonly title: "password" | "oauth" | "custom_oauth";
} & {
additionalProperties: false;
}>>[];
}>, {
readonly title: "Strategies";
readonly default: {
readonly password: {
readonly type: "password";
readonly enabled: true;
readonly config: {
readonly hashing: "sha256";
};
};
};
}>;
readonly guard: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
$defs?: Record<string, s.Schema> | undefined;
patternProperties?: Record<string, s.Schema> | undefined;
additionalProperties?: (s.Schema | false) | undefined;
minProperties?: number | undefined;
maxProperties?: number | undefined;
propertyNames?: s.Schema | undefined;
properties: {
readonly enabled: {
readonly default: false;
} & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
};
required: string[] | undefined;
strict: () => s.ObjectSchema<{
readonly enabled: {
readonly default: false;
} & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
partial: () => s.ObjectSchema<{
readonly enabled: s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
}, s.IObjectOptions>;
} & s.Schema<s.ISchemaOptions, {
[x: string]: unknown;
enabled?: boolean | undefined;
} | undefined, {
[x: string]: unknown;
enabled?: boolean | undefined;
} | undefined>;
readonly roles: {
additionalProperties: s.ObjectSchema<{
readonly permissions: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
anyOf: [s.ArraySchema<s.StringSchema<s.IStringOptions> & s.IStringOptions, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>, s.ArraySchema<s.ObjectSchema<{
readonly permission: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly effect: {
readonly default: "allow";
readonly enum: ["allow", "deny"];
} & s.Schema<s.ISchemaOptions, "allow" | "deny" | undefined, "allow" | "deny" | undefined>;
readonly policies: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
$defs?: Record<string, s.Schema> | undefined;
contains?: s.Schema | undefined;
minContains?: number | undefined;
maxContains?: number | undefined;
prefixItems?: s.Schema[] | undefined;
uniqueItems?: boolean | undefined;
maxItems?: number | undefined;
minItems?: number | undefined;
readonly items?: s.ObjectSchema<{
readonly description: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly condition: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>;
readonly effect: s.Schema<s.ISchemaOptions, "filter" | "allow" | "deny" | undefined, "filter" | "allow" | "deny" | undefined>;
readonly filter: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>> | undefined;
} & s.Schema<s.ISchemaOptions, {
description?: string | undefined;
filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
effect?: "filter" | "allow" | "deny" | undefined;
condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
}[] | undefined, {
description?: string | undefined;
filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
effect?: "filter" | "allow" | "deny" | undefined;
condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
}[] | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>];
} & s.Schema<s.ISchemaOptions, string[] | {
effect?: "allow" | "deny" | undefined;
policies?: {
description?: string | undefined;
filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
effect?: "filter" | "allow" | "deny" | undefined;
condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
}[] | undefined;
permission: string;
}[] | undefined, any>;
readonly is_default: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
} & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
readonly implicit_allow: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
} & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>;
readonly mcp: import("../modules/mcp").McpSchemaHelper<{
get?: boolean;
add?: boolean;
update?: boolean;
remove?: boolean;
}>;
getTools: (node: s.Node<import("../modules/mcp").RecordToolSchema<s.ObjectSchema<{
readonly permissions: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
anyOf: [s.ArraySchema<s.StringSchema<s.IStringOptions> & s.IStringOptions, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>, s.ArraySchema<s.ObjectSchema<{
readonly permission: s.StringSchema<s.IStringOptions> & s.IStringOptions;
readonly effect: {
readonly default: "allow";
readonly enum: ["allow", "deny"];
} & s.Schema<s.ISchemaOptions, "allow" | "deny" | undefined, "allow" | "deny" | undefined>;
readonly policies: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
$defs?: Record<string, s.Schema> | undefined;
contains?: s.Schema | undefined;
minContains?: number | undefined;
maxContains?: number | undefined;
prefixItems?: s.Schema[] | undefined;
uniqueItems?: boolean | undefined;
maxItems?: number | undefined;
minItems?: number | undefined;
readonly items?: s.ObjectSchema<{
readonly description: s.Schema<s.ISchemaOptions, string | undefined, string | undefined>;
readonly condition: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>;
readonly effect: s.Schema<s.ISchemaOptions, "filter" | "allow" | "deny" | undefined, "filter" | "allow" | "deny" | undefined>;
readonly filter: s.Schema<{}, import("../core/object/query/object-query").ObjectQuery | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>> | undefined;
} & s.Schema<s.ISchemaOptions, {
description?: string | undefined;
filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
effect?: "filter" | "allow" | "deny" | undefined;
condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
}[] | undefined, {
description?: string | undefined;
filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
effect?: "filter" | "allow" | "deny" | undefined;
condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
}[] | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>, s.Schema<s.ISchemaOptions, unknown, unknown>> & s.Schema<s.ISchemaOptions, unknown, unknown>];
} & s.Schema<s.ISchemaOptions, string[] | {
effect?: "allow" | "deny" | undefined;
policies?: {
description?: string | undefined;
filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
effect?: "filter" | "allow" | "deny" | undefined;
condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
}[] | undefined;
permission: string;
}[] | undefined, any>;
readonly is_default: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
} & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
readonly implicit_allow: {
default?: any;
enum?: (readonly any[] | any[]) | undefined;
const?: any;
} & s.Schema<s.ISchemaOptions, boolean | undefined, boolean | undefined>;
}, s.Merge<s.IObjectOptions & {
additionalProperties: false;
}>>, {
readonly default: {};
}>>) => import("jsonv-ts/mcp").Tool<any, any, any>[];
} & s.Schema<s.ISchemaOptions, {
[x: string]: {
permissions?: string[] | {
effect?: "allow" | "deny" | undefined;
policies?: {
description?: string | undefined;
filter?: import("../core/object/query/object-query").ObjectQuery | undefined;
effect?: "filter" | "allow" | "deny" | undefined;
condition?: import("../core/object/query/object-query").ObjectQuery | undefined;
}[] | undefined;
permission: string;
}[] | undefined;
is_default?: boolean | undefined;
implicit_allow?: boolean | undefined;
};
} | undefined, {
[x: string]: {
permissions?: any;
is_default?: boolean | undefined;
implicit_allow?: boolean | undefined;
};
} | undefined>;
}, {
readonly title: "Authentication";
}> & {
readonly title: "Authentication";
};
export type AppAuthJWTConfig = s.Static<typeof jwtConfig>;
export type AppAuthSchema = s.Static<typeof authConfigSchema>;
export {};