/** * Minimal authentication helpers for the server module. * * These are deliberately small primitives — credential-verification hooks, not a * turnkey identity provider. Each parses an `Authorization` header, delegates the * actual credential check to a user-supplied `verify` callback, and stores the * resolved user on `ctx.state` for downstream handlers and {@link guard}s. * * @module bquery/server */ import type { ServerContext, ServerMiddleware } from './types'; /** Username/password pair parsed from a Basic `Authorization` header. */ export interface BasicAuthCredentials { username: string; password: string; } /** Options for {@link basicAuth}. */ export interface BasicAuthOptions { /** * Verify the supplied credentials. Return a truthy user object to authenticate * (stored on `ctx.state[stateKey]`), or a falsy value to reject with `401`. */ verify: (credentials: BasicAuthCredentials, ctx: ServerContext) => unknown | Promise; /** Realm advertised in the `WWW-Authenticate` challenge. Default `'Restricted'`. */ realm?: string; /** `ctx.state` key the resolved user is written to. Default `'user'`. */ stateKey?: string; } /** Options for {@link bearerAuth}. */ export interface BearerAuthOptions { /** * Verify the bearer token. Return a truthy user/principal to authenticate, or * a falsy value to reject with `401`. */ verify: (token: string, ctx: ServerContext) => unknown | Promise; /** `ctx.state` key the resolved principal is written to. Default `'user'`. */ stateKey?: string; /** Authentication scheme name. Default `'Bearer'`. */ scheme?: string; } /** * HTTP Basic authentication middleware. * * @example * ```ts * app.use(basicAuth({ verify: ({ username, password }) => username === 'admin' && password === secret })); * ``` */ export declare const basicAuth: (options: BasicAuthOptions) => ServerMiddleware; /** * HTTP Bearer-token authentication middleware. * * @example * ```ts * app.use(bearerAuth({ verify: (token) => verifyJwt(token) })); * ``` */ export declare const bearerAuth: (options: BearerAuthOptions) => ServerMiddleware; //# sourceMappingURL=auth.d.ts.map