36 lines
1.4 KiB
TypeScript
36 lines
1.4 KiB
TypeScript
/**
|
|
* EncryptID Space Auth Guard
|
|
*
|
|
* Framework-agnostic space-aware authentication.
|
|
* Evaluates whether a request should be allowed based on:
|
|
* 1. Space visibility configuration
|
|
* 2. Request method (GET/HEAD/OPTIONS = read, others = write)
|
|
* 3. EncryptID session (if present)
|
|
*/
|
|
import { type VerifyOptions } from './jwt-verify.js';
|
|
import { SpaceVisibility } from '../types/index.js';
|
|
import type { SpaceAuthConfig, SpaceAuthResult } from '../types/index.js';
|
|
export { SpaceVisibility };
|
|
export type { SpaceAuthConfig, SpaceAuthResult };
|
|
export interface SpaceAuthOptions extends VerifyOptions {
|
|
/** Resolve a space slug to its auth config. You provide the DB/store query. */
|
|
getSpaceConfig: (spaceSlug: string) => Promise<SpaceAuthConfig | null>;
|
|
}
|
|
/**
|
|
* Core space auth evaluation — framework-agnostic.
|
|
*
|
|
* Apps call this with the space slug, the extracted token (or null),
|
|
* the HTTP method, and a callback to look up the space's config.
|
|
*/
|
|
export declare function evaluateSpaceAccess(spaceSlug: string, token: string | null, method: string, options: SpaceAuthOptions): Promise<SpaceAuthResult>;
|
|
/**
|
|
* Extract EncryptID token from request headers or cookies.
|
|
* Works with both the standard Headers API (fetch/Hono/Next.js) and
|
|
* Express-style header objects.
|
|
*/
|
|
export declare function extractToken(headers: {
|
|
get?: (name: string) => string | null | undefined;
|
|
authorization?: string;
|
|
cookie?: string;
|
|
}): string | null;
|