import type { DeepRequired } from 'ts-essentials'; import type { CollectionSlug, GlobalSlug, Payload, TypedUser } from '../index.js'; import type { PayloadRequest, Where } from '../types/index.js'; /** * A permission object that can be used to determine if a user has access to a specific operation. */ export type Permission = { permission: boolean; where?: Where; }; export type FieldsPermissions = { [fieldName: string]: FieldPermissions; }; export type BlockPermissions = { create: Permission; fields: FieldsPermissions; read: Permission; update: Permission; }; export type SanitizedBlockPermissions = { fields: SanitizedFieldsPermissions; } | true; export type BlocksPermissions = { [blockSlug: string]: BlockPermissions; }; export type SanitizedBlocksPermissions = { [blockSlug: string]: SanitizedBlockPermissions; } | true; export type FieldPermissions = { blocks?: BlocksPermissions; create?: Permission; fields?: FieldsPermissions; read?: Permission; update?: Permission; }; export type SanitizedFieldPermissions = { blocks?: SanitizedBlocksPermissions; create: true; fields?: SanitizedFieldsPermissions; read: true; update: true; } | true; export type SanitizedFieldsPermissions = { [fieldName: string]: SanitizedFieldPermissions; } | true; export type CollectionPermission = { create?: Permission; delete?: Permission; fields: FieldsPermissions; read?: Permission; readVersions?: Permission; unlock?: Permission; update?: Permission; }; export type SanitizedCollectionPermission = { create?: true; delete?: true; fields: SanitizedFieldsPermissions; read?: true; readVersions?: true; unlock?: true; update?: true; }; export type GlobalPermission = { fields: FieldsPermissions; read?: Permission; readVersions?: Permission; update?: Permission; }; export type SanitizedGlobalPermission = { fields: SanitizedFieldsPermissions; read?: true; readVersions?: true; update?: true; }; export type DocumentPermissions = CollectionPermission | GlobalPermission; export type SanitizedDocumentPermissions = SanitizedCollectionPermission | SanitizedGlobalPermission; export type Permissions = { canAccessAdmin: boolean; collections?: Record; globals?: Record; }; export type SanitizedPermissions = { canAccessAdmin?: boolean; collections?: { [collectionSlug: string]: SanitizedCollectionPermission; }; globals?: { [globalSlug: string]: SanitizedGlobalPermission; }; }; type BaseUser = { collection: string; email?: string; id: number | string; sessions?: Array; username?: string; }; /** * @deprecated Use `TypedUser` instead. This will be removed in 4.0. */ export type UntypedUser = { [key: string]: any; } & BaseUser; /** * `collection` is not available one the client. It's only available on the server (req.user) * On the client, you can access the collection via config.admin.user. Config can be accessed using the useConfig() hook */ export type ClientUser = { [key: string]: any; } & BaseUser; export type UserSession = { createdAt: Date | string; expiresAt: Date | string; id: string; }; type GenerateVerifyEmailHTML = (args: { req: PayloadRequest; token: string; user: TUser; }) => Promise | string; type GenerateVerifyEmailSubject = (args: { req: PayloadRequest; token: string; user: TUser; }) => Promise | string; type GenerateForgotPasswordEmailHTML = (args?: { req?: PayloadRequest; token?: string; user?: TUser; }) => Promise | string; type GenerateForgotPasswordEmailSubject = (args?: { req?: PayloadRequest; token?: string; user?: TUser; }) => Promise | string; export type AuthStrategyFunctionArgs = { /** * Specifies whether or not response headers can be set from this strategy. */ canSetHeaders?: boolean; headers: Request['headers']; isGraphQL?: boolean; payload: Payload; /** * The AuthStrategy name property from the payload config. */ strategyName?: string; }; export type AuthStrategyResult = { responseHeaders?: Headers; user: ({ _strategy?: string; collection?: string; } & TypedUser) | null; }; export type AuthStrategyFunction = (args: AuthStrategyFunctionArgs) => AuthStrategyResult | Promise; export type AuthStrategy = { authenticate: AuthStrategyFunction; name: string; }; export type LoginWithUsernameOptions = { allowEmailLogin?: false; requireEmail?: boolean; requireUsername?: true; } | { allowEmailLogin?: true; requireEmail?: boolean; requireUsername?: boolean; }; export interface IncomingAuthType { /** * Set cookie options, including secure, sameSite, and domain. For advanced users. */ cookies?: { domain?: string; sameSite?: 'Lax' | 'None' | 'Strict' | boolean; secure?: boolean; }; /** * How many levels deep a user document should be populated when creating the JWT and binding the user to the req. Defaults to 0 and should only be modified if absolutely necessary, as this will affect performance. * @default 0 */ depth?: number; /** * Advanced - disable Payload's built-in local auth strategy. Only use this property if you have replaced Payload's auth mechanisms with your own. */ disableLocalStrategy?: { /** * Include auth fields on the collection even though the local strategy is disabled. * Useful when you do not want the database or types to vary depending on the auth configuration. */ enableFields?: true; optionalPassword?: true; } | true; /** * Customize the way that the forgotPassword operation functions. * @link https://payloadcms.com/docs/authentication/email#forgot-password */ forgotPassword?: { /** * The number of milliseconds that the forgot password token should be valid for. * @default 3600000 // 1 hour */ expiration?: number; generateEmailHTML?: GenerateForgotPasswordEmailHTML; generateEmailSubject?: GenerateForgotPasswordEmailSubject; }; /** * Set the time (in milliseconds) that a user should be locked out if they fail authentication more times than maxLoginAttempts allows for. */ lockTime?: number; /** * Ability to allow users to login with username/password. * * @link https://payloadcms.com/docs/authentication/overview#login-with-username */ loginWithUsername?: boolean | LoginWithUsernameOptions; /** * Only allow a user to attempt logging in X amount of times. Automatically locks out a user from authenticating if this limit is passed. Set to 0 to disable. */ maxLoginAttempts?: number; /*** * Set to true if you want to remove the token from the returned authentication API responses such as login or refresh. */ removeTokenFromResponses?: true; /** * Advanced - an array of custom authentification strategies to extend this collection's authentication with. * @link https://payloadcms.com/docs/authentication/custom-strategies */ strategies?: AuthStrategy[]; /** * Controls how many seconds the token will be valid for. Default is 2 hours. * @default 7200 * @link https://payloadcms.com/docs/authentication/overview#config-options */ tokenExpiration?: number; /** * Payload Authentication provides for API keys to be set on each user within an Authentication-enabled Collection. * @default false * @link https://payloadcms.com/docs/authentication/api-keys */ useAPIKey?: boolean; /** * Use sessions for authentication. Enabled by default. * @default true */ useSessions?: boolean; /** * Set to true or pass an object with verification options to require users to verify by email before they are allowed to log into your app. * @link https://payloadcms.com/docs/authentication/email#email-verification */ verify?: { generateEmailHTML?: GenerateVerifyEmailHTML; generateEmailSubject?: GenerateVerifyEmailSubject; } | boolean; } export type VerifyConfig = { generateEmailHTML?: GenerateVerifyEmailHTML; generateEmailSubject?: GenerateVerifyEmailSubject; }; export interface Auth extends Omit, 'forgotPassword' | 'loginWithUsername' | 'verify'> { forgotPassword?: { expiration?: number; generateEmailHTML?: GenerateForgotPasswordEmailHTML; generateEmailSubject?: GenerateForgotPasswordEmailSubject; }; loginWithUsername: false | LoginWithUsernameOptions; verify?: boolean | VerifyConfig; } export declare function hasWhereAccessResult(result: boolean | Where): result is Where; export {}; //# sourceMappingURL=types.d.ts.map