@acorex/platform 21.0.0-next.0 → 21.0.0-next.2

package/auth/index.d.ts

@@ -1,20 +1,15 @@
 import * as i0 from '@angular/core';
-import { InjectionToken, TemplateRef, ViewContainerRef, ModuleWithProviders, Injector } from '@angular/core';
-import { AXPLogoConfig, AXPOptionsData, AXPExpressionEvaluatorScopeProvider, AXPExpressionEvaluatorScopeProviderContext } from '@acorex/platform/core';
-import { CanActivateFn } from '@angular/router';
+import { InjectionToken, TemplateRef, ViewContainerRef, ModuleWithProviders, Injector, Type } from '@angular/core';
 import { Observable } from 'rxjs';
+import { AXPLogoConfig, AXPExpressionEvaluatorScopeProvider, AXPExpressionEvaluatorScopeProviderContext } from '@acorex/platform/core';
+import { CanActivateFn } from '@angular/router';
 
-interface AXPEdition {
-    id: string;
-    title: string;
-    description?: string;
-}
 interface AXPApplication {
     id: string;
     name: string;
     title?: string;
     version?: string;
-    edition?: AXPEdition;
+    editionName?: string;
     description?: string;
     logo?: AXPLogoConfig;
 }
@@ -57,12 +52,12 @@ declare enum AXPSessionStatus {
 }
 
 interface AXPApplicationLoader {
-    getList(context: AXPSessionContext): Promise<AXPApplication[]>;
+    getList(context: AXPSessionContext): Observable<AXPApplication[]>;
 }
 declare const AXP_APPLICATION_LOADER: InjectionToken<AXPApplicationLoader>;
 
 interface AXPTenantLoader {
-    getList(context: AXPSessionContext): Promise<AXPTenant[]>;
+    getList(context: AXPSessionContext): Observable<AXPTenant[]>;
 }
 declare const AXP_TENANT_LOADER: InjectionToken<AXPTenantLoader>;
 
@@ -94,16 +89,10 @@ type AXPPermissionDefinition = {
     title: string;
     description?: string;
     children: AXPPermissionDefinition[];
-    /**
-     * Required features for this permission to be available.
-     * Format: Array of feature names (e.g., ['PlatformManagement.menu-customization'])
-     * If any required feature is not enabled, this permission will be filtered out.
-     */
-    requiredFeatures?: string[];
 };
 
 interface AXPPermissionLoader {
-    getList(context: AXPSessionContext): Promise<AXPPermission[]>;
+    getList(context: AXPSessionContext): Observable<AXPPermission[]>;
 }
 declare const AXP_PERMISSION_LOADER: InjectionToken<AXPPermissionLoader>;
 
@@ -119,7 +108,7 @@ declare class AXPPermissionDefinitionGroupBuilder {
     private _group;
     get group(): AXPPermissionGroupDefinition;
     constructor(context: AXPPermissionDefinitionProviderContext, group: AXPPermissionGroupDefinition);
-    addPermission(name: string, title: string, description?: string, requiredFeatures?: string[]): AXPPermissionDefinitionBuilder;
+    addPermission(name: string, title: string, description?: string): AXPPermissionDefinitionBuilder;
     endGroup(): AXPPermissionDefinitionProviderContext;
     findPermission(path: string): AXPPermissionDefinition | undefined;
     findGroup(name: string): AXPPermissionDefinitionGroupBuilder | undefined;
@@ -128,12 +117,7 @@ declare class AXPPermissionDefinitionBuilder {
     private groupBuilder;
     private permission;
     constructor(groupBuilder: AXPPermissionDefinitionGroupBuilder, permission: AXPPermissionDefinition);
-    addChild(name: string, title: string, description?: string, requiredFeatures?: string[]): AXPPermissionDefinitionBuilder;
-    /**
-     * Set required features for this permission.
-     * @param features - Array of feature names (e.g., ['PlatformManagement.menu-customization'])
-     */
-    requireFeatures(...features: string[]): AXPPermissionDefinitionBuilder;
+    addChild(name: string, title: string, description?: string): AXPPermissionDefinitionBuilder;
     endPermission(): AXPPermissionDefinitionGroupBuilder;
 }
 
@@ -143,19 +127,8 @@ interface AXPPermissionDefinitionProvider {
 declare const AXP_PERMISSION_DEFINITION_PROVIDER: InjectionToken<AXPPermissionDefinitionProvider[]>;
 declare class AXPPermissionDefinitionService {
     private providers;
-    private providerRegistry;
-    private sessionService;
     private cache;
     private load;
-    /**
-     * Filter permissions based on required features.
-     * Removes permissions that have required features that are not enabled.
-     */
-    private filterByFeatures;
-    /**
-     * Recursively filter permissions and their children based on required features.
-     */
-    private filterPermissions;
     reload(): Promise<void>;
     getGroups(): Promise<AXPPermissionGroupDefinition[]>;
     getPermissions(): Promise<AXPPermissionDefinition[]>;
@@ -214,14 +187,10 @@ interface AXPFeature {
     title: string;
     description?: string;
     value?: any;
-    interface?: {
-        type: string;
-        options?: AXPOptionsData;
-    };
 }
 
 interface AXPFeatureLoader {
-    getList(context: AXPSessionContext): Promise<AXPFeature[]>;
+    getList(context: AXPSessionContext): Observable<AXPFeature[]>;
 }
 declare const AXP_FEATURE_LOADER: InjectionToken<AXPFeatureLoader>;
 
@@ -241,29 +210,6 @@ declare class AXPFeatureDirective {
 
 declare const AXPFeatureGuard: CanActivateFn;
 
-/**
- * Interface for feature checkers that can override feature enablement results.
- * Checkers receive the feature keys, current context, and base result,
- * and can return a modified result based on custom logic.
- */
-interface AXPFeatureChecker {
-    /**
-     * Checks and potentially overrides the feature enablement result.
-     * @param keys - The feature keys being checked
-     * @param context - Current session context (user, tenant, application)
-     * @param baseResult - The result from the base feature check logic
-     * @returns The final feature enablement result (true or false)
-     */
-    check(keys: string[], context: AXPSessionContext, baseResult: boolean): boolean;
-}
-
-/**
- * Optional injection token for feature checker.
- * If provided, the checker will be called to potentially override
- * feature enablement results based on custom logic.
- */
-declare const AXP_FEATURE_CHECKER: InjectionToken<AXPFeatureChecker>;
-
 declare class AXPSessionService {
     private eventService;
     private authStrategyRegistry;
@@ -272,9 +218,6 @@ declare class AXPSessionService {
     private readonly featureLoader;
     private readonly tenantLoader;
     private readonly applicationLoader;
-    private readonly moduleProviderLoader;
-    private readonly permissionChecker;
-    private readonly featureChecker;
     private status;
     readonly status$: Observable<AXPSessionStatus>;
     private isLoading;
@@ -316,6 +259,7 @@ declare class AXPSessionService {
     authorize(...keys: string[]): boolean;
     isFeatureEnabled(...keys: string[]): boolean;
     getToken(): string | undefined;
+    private checkTokenValidation;
     getContext(): AXPSessionContext;
     static ɵfac: i0.ɵɵFactoryDeclaration<AXPSessionService, never>;
     static ɵprov: i0.ɵɵInjectableDeclaration<AXPSessionService>;
@@ -326,29 +270,6 @@ declare class AXPPermissionEvaluatorScopeProvider implements AXPExpressionEvalua
     provide(context: AXPExpressionEvaluatorScopeProviderContext): Promise<void>;
 }
 
-/**
- * Interface for permission checkers that can override authorization results.
- * Checkers receive the permission keys, current context, and base result,
- * and can return a modified result based on custom logic.
- */
-interface AXPPermissionChecker {
-    /**
-     * Checks and potentially overrides the authorization result.
-     * @param keys - The permission keys being checked
-     * @param context - Current session context (user, tenant, application)
-     * @param baseResult - The result from the base authorization logic
-     * @returns The final authorization result (true or false)
-     */
-    check(keys: string[], context: AXPSessionContext, baseResult: boolean): boolean;
-}
-
-/**
- * Optional injection token for permission checker.
- * If provided, the checker will be called to potentially override
- * authorization results based on custom logic.
- */
-declare const AXP_PERMISSION_CHECKER: InjectionToken<AXPPermissionChecker>;
-
 declare const AXPAuthGuard: CanActivateFn;
 
 interface AXPAuthModuleConfigs {
@@ -434,5 +355,230 @@ declare class AXPUnauthenticatedError extends Error {
     } | undefined);
 }
 
-export { AXPAuthGuard, AXPAuthModule, AXPAuthStrategy, AXPAuthStrategyRegistryService, AXPFeatureDirective, AXPFeatureGuard, AXPPermissionDefinitionBuilder, AXPPermissionDefinitionGroupBuilder, AXPPermissionDefinitionProviderContext, AXPPermissionDefinitionService, AXPPermissionDirective, AXPPermissionEvaluatorScopeProvider, AXPPermissionGuard, AXPSessionContext, AXPSessionService, AXPSessionStatus, AXPUnauthenticatedError, AXPUnauthorizedError, AXP_APPLICATION_LOADER, AXP_FEATURE_CHECKER, AXP_FEATURE_LOADER, AXP_PERMISSION_CHECKER, AXP_PERMISSION_DEFINITION_PROVIDER, AXP_PERMISSION_LOADER, AXP_TENANT_LOADER, JwtUtil, PkceUtil, TimeUtil, initializeAppState };
-export type { AXPApplication, AXPApplicationLoader, AXPAuthModuleConfigs, AXPBaseCredentials, AXPEdition, AXPFeature, AXPFeatureChecker, AXPFeatureLoader, AXPPermission, AXPPermissionChecker, AXPPermissionDefinition, AXPPermissionDefinitionProvider, AXPPermissionGroupDefinition, AXPPermissionLoader, AXPSessionData, AXPSignInResult, AXPTenant, AXPTenantLoader, AXPTokenResult, AXPUser };
+/**
+ * Supported content types for challenge display
+ */
+type AXPChallengeContentType = 'image-url' | 'image-base64' | 'text' | 'audio-url';
+/**
+ * Challenge data returned from the server
+ * Contains all information needed to display and submit a challenge
+ */
+interface AXPLoginChallengeData {
+    /**
+     * Unique identifier for this challenge
+     * Must be sent back with credentials when submitting login
+     */
+    id: string;
+    /**
+     * The challenge content to display
+     * Could be an image URL, base64 encoded image, text, or audio URL
+     */
+    content: string;
+    /**
+     * Type of content for proper rendering
+     */
+    contentType: AXPChallengeContentType;
+    /**
+     * When this challenge expires (optional)
+     * After expiration, a new challenge should be fetched
+     */
+    expiresAt?: Date;
+    /**
+     * Additional metadata from server (optional)
+     */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Result of checking a login error response
+ * Determines if a challenge should be displayed
+ */
+interface AXPChallengeCheckResult {
+    /**
+     * Whether a challenge is required
+     */
+    required: boolean;
+    /**
+     * Optional message to display to the user
+     */
+    message?: string;
+    /**
+     * Additional data from server that may be needed for getChallenge()
+     * For example: sessionId, attemptId, etc.
+     */
+    serverData?: Record<string, unknown>;
+}
+
+/**
+ * Base class for login challenge UI components
+ *
+ * Providers can extend this class to create custom challenge UIs.
+ * The login component will render this component and listen to its outputs.
+ *
+ * @example
+ * ```typescript
+ * @Component({
+ *   selector: 'my-captcha-challenge',
+ *   template: `
+ *     <div class="captcha-container">
+ *       <img [src]="'data:image/png;base64,' + challengeData().content" />
+ *       <input
+ *         type="text"
+ *         [value]="response()"
+ *         (input)="onResponseChange($event)"
+ *       />
+ *       <button (click)="onRefreshClick()">Refresh</button>
+ *     </div>
+ *   `
+ * })
+ * export class MyCaptchaChallengeComponent extends AXPLoginChallengeComponentBase {
+ *   response = signal('');
+ *
+ *   onResponseChange(event: Event) {
+ *     const value = (event.target as HTMLInputElement).value;
+ *     this.response.set(value);
+ *     this.responseChange.emit(value);
+ *   }
+ *
+ *   onRefreshClick() {
+ *     this.refreshRequest.emit();
+ *   }
+ * }
+ * ```
+ */
+declare abstract class AXPLoginChallengeComponentBase {
+    /**
+     * Challenge data to display
+     * Contains the image/content and metadata from the server
+     */
+    challengeData: i0.InputSignal<AXPLoginChallengeData>;
+    /**
+     * Whether the challenge is currently loading (e.g., refreshing)
+     */
+    isLoading: i0.InputSignal<boolean>;
+    /**
+     * Emits when the user enters or changes their response
+     * The login component will capture this value and include it in credentials
+     */
+    responseChange: i0.OutputEmitterRef<string>;
+    /**
+     * Emits when the user requests a new challenge (e.g., clicks refresh button)
+     * The login component will call provider.refreshChallenge()
+     */
+    refreshRequest: i0.OutputEmitterRef<void>;
+    static ɵfac: i0.ɵɵFactoryDeclaration<AXPLoginChallengeComponentBase, never>;
+    static ɵcmp: i0.ɵɵComponentDeclaration<AXPLoginChallengeComponentBase, "ng-component", never, { "challengeData": { "alias": "challengeData"; "required": true; "isSignal": true; }; "isLoading": { "alias": "isLoading"; "required": false; "isSignal": true; }; }, { "responseChange": "responseChange"; "refreshRequest": "refreshRequest"; }, never, never, true, never>;
+}
+
+/**
+ * Abstract base class for login challenge providers
+ *
+ * Implement this class to create custom challenge mechanisms like:
+ * - Image CAPTCHA
+ * - reCAPTCHA
+ * - SMS verification
+ * - Email verification
+ *
+ * @example
+ * ```typescript
+ * @Injectable()
+ * export class MyImageCaptchaProvider extends AXPLoginChallengeProvider {
+ *   readonly name = 'image-captcha';
+ *
+ *   checkResponse(error: unknown): AXPChallengeCheckResult | null {
+ *     if (error instanceof HttpErrorResponse) {
+ *       if (error.error?.requiresCaptcha) {
+ *         return { required: true };
+ *       }
+ *     }
+ *     return null;
+ *   }
+ *
+ *   async getChallenge(): Promise<AXPLoginChallengeData> {
+ *     const response = await this.http.get('/api/captcha').toPromise();
+ *     return {
+ *       id: response.id,
+ *       content: response.image,
+ *       contentType: 'image-base64'
+ *     };
+ *   }
+ *
+ *   async refreshChallenge(): Promise<AXPLoginChallengeData> {
+ *     return this.getChallenge();
+ *   }
+ *
+ *   getChallengeComponent(): Type<AXPLoginChallengeComponentBase> {
+ *     return MyCaptchaChallengeComponent;
+ *   }
+ * }
+ * ```
+ */
+declare abstract class AXPLoginChallengeProvider {
+    /**
+     * Unique name identifier for this provider
+     */
+    abstract readonly name: string;
+    /**
+     * Checks the login error response to determine if a challenge is required
+     *
+     * This method is called after a failed login attempt. The implementation
+     * should inspect the error and return a result indicating whether a
+     * challenge should be displayed.
+     *
+     * @param error - The error from the failed login attempt (type varies by implementation)
+     * @returns Challenge check result, or null if this provider doesn't handle this error
+     */
+    abstract checkResponse(error: unknown): AXPChallengeCheckResult | null;
+    /**
+     * Fetches a new challenge from the server
+     *
+     * Called when checkResponse indicates a challenge is required.
+     * Should make an API call to get challenge data (e.g., CAPTCHA image).
+     *
+     * @param serverData - Optional data from checkResponse result that may be needed
+     * @returns Promise resolving to challenge data for display
+     */
+    abstract getChallenge(serverData?: Record<string, unknown>): Promise<AXPLoginChallengeData>;
+    /**
+     * Fetches a fresh challenge, replacing the current one
+     *
+     * Called when user requests a new challenge (e.g., clicks "new image" button).
+     * Typically delegates to getChallenge() but may have different behavior.
+     *
+     * @returns Promise resolving to new challenge data
+     */
+    abstract refreshChallenge(): Promise<AXPLoginChallengeData>;
+    /**
+     * Returns the component type for rendering the challenge UI
+     *
+     * Override this method to provide a custom challenge UI component.
+     * If not overridden (returns null), the login component will use
+     * a default built-in UI.
+     *
+     * @returns Component type extending AXPLoginChallengeComponentBase, or null for default UI
+     */
+    getChallengeComponent(): Type<AXPLoginChallengeComponentBase> | null;
+}
+
+/**
+ * Injection token for the login challenge provider
+ *
+ * This token is optional - if not provided, no challenge mechanism will be used.
+ *
+ * @example
+ * ```typescript
+ * // In your app module or provider configuration:
+ * providers: [
+ *   {
+ *     provide: AXP_LOGIN_CHALLENGE_PROVIDER,
+ *     useClass: MyImageCaptchaProvider
+ *   }
+ * ]
+ *
+ * // In a component:
+ * private challengeProvider = inject(AXP_LOGIN_CHALLENGE_PROVIDER, { optional: true });
+ * ```
+ */
+declare const AXP_LOGIN_CHALLENGE_PROVIDER: InjectionToken<AXPLoginChallengeProvider>;
+
+export { AXPAuthGuard, AXPAuthModule, AXPAuthStrategy, AXPAuthStrategyRegistryService, AXPFeatureDirective, AXPFeatureGuard, AXPLoginChallengeComponentBase, AXPLoginChallengeProvider, AXPPermissionDefinitionBuilder, AXPPermissionDefinitionGroupBuilder, AXPPermissionDefinitionProviderContext, AXPPermissionDefinitionService, AXPPermissionDirective, AXPPermissionEvaluatorScopeProvider, AXPPermissionGuard, AXPSessionContext, AXPSessionService, AXPSessionStatus, AXPUnauthenticatedError, AXPUnauthorizedError, AXP_APPLICATION_LOADER, AXP_FEATURE_LOADER, AXP_LOGIN_CHALLENGE_PROVIDER, AXP_PERMISSION_DEFINITION_PROVIDER, AXP_PERMISSION_LOADER, AXP_TENANT_LOADER, JwtUtil, PkceUtil, TimeUtil, initializeAppState };
+export type { AXPApplication, AXPApplicationLoader, AXPAuthModuleConfigs, AXPBaseCredentials, AXPChallengeCheckResult, AXPChallengeContentType, AXPFeature, AXPFeatureLoader, AXPLoginChallengeData, AXPPermission, AXPPermissionDefinition, AXPPermissionDefinitionProvider, AXPPermissionGroupDefinition, AXPPermissionLoader, AXPSessionData, AXPSignInResult, AXPTenant, AXPTenantLoader, AXPTokenResult, AXPUser };