| 31 | |
| 32 | /** Auth adapter — pluggable authentication strategy. */ |
| 33 | export interface AuthAdapter { |
| 34 | /** |
| 35 | * Authenticate an IncomingMessage (HTTP or WebSocket upgrade). |
| 36 | * Returns null when the request is unauthenticated. |
| 37 | */ |
| 38 | authenticate(req: IncomingMessage): AuthUser | null; |
| 39 | |
| 40 | /** |
| 41 | * Register login/callback/logout routes on the Express app. |
| 42 | * Called once during server startup before any requests arrive. |
| 43 | */ |
| 44 | setupRoutes(app: Application): void; |
| 45 | |
| 46 | /** |
| 47 | * Express middleware that rejects unauthenticated requests. |
| 48 | * For browser clients it redirects to /auth/login; for API clients it |
| 49 | * returns 401 JSON. |
| 50 | */ |
| 51 | requireAuth(req: Request, res: Response, next: NextFunction): void; |
| 52 | } |
| 53 | |
| 54 | // ── Cookie helpers ────────────────────────────────────────────────────────── |
| 55 |
no outgoing calls
no test coverage detected