@acorex/platform 21.0.0-next.2 → 21.0.0-next.3

package/auth/index.d.ts

@@ -1,15 +1,20 @@
 import * as i0 from '@angular/core';
-import { InjectionToken, TemplateRef, ViewContainerRef, ModuleWithProviders, Injector, Type } from '@angular/core';
-import { Observable } from 'rxjs';
-import { AXPLogoConfig, AXPExpressionEvaluatorScopeProvider, AXPExpressionEvaluatorScopeProviderContext } from '@acorex/platform/core';
+import { InjectionToken, TemplateRef, ViewContainerRef, ModuleWithProviders, Injector } from '@angular/core';
+import { AXPLogoConfig, AXPOptionsData, AXPExpressionEvaluatorScopeProvider, AXPExpressionEvaluatorScopeProviderContext } from '@acorex/platform/core';
 import { CanActivateFn } from '@angular/router';
+import { Observable } from 'rxjs';
 
+interface AXPEdition {
+    id: string;
+    title: string;
+    description?: string;
+}
 interface AXPApplication {
     id: string;
     name: string;
     title?: string;
     version?: string;
-    editionName?: string;
+    edition?: AXPEdition;
     description?: string;
     logo?: AXPLogoConfig;
 }
@@ -52,12 +57,12 @@ declare enum AXPSessionStatus {
 }
 
 interface AXPApplicationLoader {
-    getList(context: AXPSessionContext): Observable<AXPApplication[]>;
+    getList(context: AXPSessionContext): Promise<AXPApplication[]>;
 }
 declare const AXP_APPLICATION_LOADER: InjectionToken<AXPApplicationLoader>;
 
 interface AXPTenantLoader {
-    getList(context: AXPSessionContext): Observable<AXPTenant[]>;
+    getList(context: AXPSessionContext): Promise<AXPTenant[]>;
 }
 declare const AXP_TENANT_LOADER: InjectionToken<AXPTenantLoader>;
 
@@ -89,10 +94,16 @@ type AXPPermissionDefinition = {
     title: string;
     description?: string;
     children: AXPPermissionDefinition[];
+    /**
+     * Required features for this permission to be available.
+     * Format: Array of feature names (e.g., ['PlatformManagement.menu-customization'])
+     * If any required feature is not enabled, this permission will be filtered out.
+     */
+    requiredFeatures?: string[];
 };
 
 interface AXPPermissionLoader {
-    getList(context: AXPSessionContext): Observable<AXPPermission[]>;
+    getList(context: AXPSessionContext): Promise<AXPPermission[]>;
 }
 declare const AXP_PERMISSION_LOADER: InjectionToken<AXPPermissionLoader>;
 
@@ -108,7 +119,7 @@ declare class AXPPermissionDefinitionGroupBuilder {
     private _group;
     get group(): AXPPermissionGroupDefinition;
     constructor(context: AXPPermissionDefinitionProviderContext, group: AXPPermissionGroupDefinition);
-    addPermission(name: string, title: string, description?: string): AXPPermissionDefinitionBuilder;
+    addPermission(name: string, title: string, description?: string, requiredFeatures?: string[]): AXPPermissionDefinitionBuilder;
     endGroup(): AXPPermissionDefinitionProviderContext;
     findPermission(path: string): AXPPermissionDefinition | undefined;
     findGroup(name: string): AXPPermissionDefinitionGroupBuilder | undefined;
@@ -117,7 +128,12 @@ declare class AXPPermissionDefinitionBuilder {
     private groupBuilder;
     private permission;
     constructor(groupBuilder: AXPPermissionDefinitionGroupBuilder, permission: AXPPermissionDefinition);
-    addChild(name: string, title: string, description?: string): AXPPermissionDefinitionBuilder;
+    addChild(name: string, title: string, description?: string, requiredFeatures?: string[]): AXPPermissionDefinitionBuilder;
+    /**
+     * Set required features for this permission.
+     * @param features - Array of feature names (e.g., ['PlatformManagement.menu-customization'])
+     */
+    requireFeatures(...features: string[]): AXPPermissionDefinitionBuilder;
     endPermission(): AXPPermissionDefinitionGroupBuilder;
 }
 
@@ -127,8 +143,19 @@ interface AXPPermissionDefinitionProvider {
 declare const AXP_PERMISSION_DEFINITION_PROVIDER: InjectionToken<AXPPermissionDefinitionProvider[]>;
 declare class AXPPermissionDefinitionService {
     private providers;
+    private providerRegistry;
+    private sessionService;
     private cache;
     private load;
+    /**
+     * Filter permissions based on required features.
+     * Removes permissions that have required features that are not enabled.
+     */
+    private filterByFeatures;
+    /**
+     * Recursively filter permissions and their children based on required features.
+     */
+    private filterPermissions;
     reload(): Promise<void>;
     getGroups(): Promise<AXPPermissionGroupDefinition[]>;
     getPermissions(): Promise<AXPPermissionDefinition[]>;
@@ -187,10 +214,14 @@ interface AXPFeature {
     title: string;
     description?: string;
     value?: any;
+    interface?: {
+        type: string;
+        options?: AXPOptionsData;
+    };
 }
 
 interface AXPFeatureLoader {
-    getList(context: AXPSessionContext): Observable<AXPFeature[]>;
+    getList(context: AXPSessionContext): Promise<AXPFeature[]>;
 }
 declare const AXP_FEATURE_LOADER: InjectionToken<AXPFeatureLoader>;
 
@@ -210,14 +241,45 @@ declare class AXPFeatureDirective {
 
 declare const AXPFeatureGuard: CanActivateFn;
 
+/**
+ * Interface for feature checkers that can override feature enablement results.
+ * Checkers receive the feature keys, current context, and base result,
+ * and can return a modified result based on custom logic.
+ */
+interface AXPFeatureChecker {
+    /**
+     * Checks and potentially overrides the feature enablement result.
+     * @param keys - The feature keys being checked
+     * @param context - Current session context (user, tenant, application)
+     * @param baseResult - The result from the base feature check logic
+     * @returns The final feature enablement result (true or false)
+     */
+    check(keys: string[], context: AXPSessionContext, baseResult: boolean): boolean;
+}
+
+/**
+ * Optional injection token for feature checker.
+ * If provided, the checker will be called to potentially override
+ * feature enablement results based on custom logic.
+ */
+declare const AXP_FEATURE_CHECKER: InjectionToken<AXPFeatureChecker>;
+
 declare class AXPSessionService {
     private eventService;
     private authStrategyRegistry;
+    private readonly injector;
     static readonly SESSION_KEY = "AXP_SESSION";
     private readonly permissionLoader;
     private readonly featureLoader;
     private readonly tenantLoader;
     private readonly applicationLoader;
+    private readonly permissionChecker;
+    private readonly featureChecker;
+    /**
+     * Get module provider loader lazily to avoid circular dependency.
+     * ModuleProviderLoader depends on AXPSessionService, which is this service.
+     */
+    private getModuleProviderLoader;
     private status;
     readonly status$: Observable<AXPSessionStatus>;
     private isLoading;
@@ -259,7 +321,6 @@ declare class AXPSessionService {
     authorize(...keys: string[]): boolean;
     isFeatureEnabled(...keys: string[]): boolean;
     getToken(): string | undefined;
-    private checkTokenValidation;
     getContext(): AXPSessionContext;
     static ɵfac: i0.ɵɵFactoryDeclaration<AXPSessionService, never>;
     static ɵprov: i0.ɵɵInjectableDeclaration<AXPSessionService>;
@@ -270,6 +331,29 @@ declare class AXPPermissionEvaluatorScopeProvider implements AXPExpressionEvalua
     provide(context: AXPExpressionEvaluatorScopeProviderContext): Promise<void>;
 }
 
+/**
+ * Interface for permission checkers that can override authorization results.
+ * Checkers receive the permission keys, current context, and base result,
+ * and can return a modified result based on custom logic.
+ */
+interface AXPPermissionChecker {
+    /**
+     * Checks and potentially overrides the authorization result.
+     * @param keys - The permission keys being checked
+     * @param context - Current session context (user, tenant, application)
+     * @param baseResult - The result from the base authorization logic
+     * @returns The final authorization result (true or false)
+     */
+    check(keys: string[], context: AXPSessionContext, baseResult: boolean): boolean;
+}
+
+/**
+ * Optional injection token for permission checker.
+ * If provided, the checker will be called to potentially override
+ * authorization results based on custom logic.
+ */
+declare const AXP_PERMISSION_CHECKER: InjectionToken<AXPPermissionChecker>;
+
 declare const AXPAuthGuard: CanActivateFn;
 
 interface AXPAuthModuleConfigs {
@@ -355,230 +439,5 @@ declare class AXPUnauthenticatedError extends Error {
     } | undefined);
 }
 
-/**
- * Supported content types for challenge display
- */
-type AXPChallengeContentType = 'image-url' | 'image-base64' | 'text' | 'audio-url';
-/**
- * Challenge data returned from the server
- * Contains all information needed to display and submit a challenge
- */
-interface AXPLoginChallengeData {
-    /**
-     * Unique identifier for this challenge
-     * Must be sent back with credentials when submitting login
-     */
-    id: string;
-    /**
-     * The challenge content to display
-     * Could be an image URL, base64 encoded image, text, or audio URL
-     */
-    content: string;
-    /**
-     * Type of content for proper rendering
-     */
-    contentType: AXPChallengeContentType;
-    /**
-     * When this challenge expires (optional)
-     * After expiration, a new challenge should be fetched
-     */
-    expiresAt?: Date;
-    /**
-     * Additional metadata from server (optional)
-     */
-    metadata?: Record<string, unknown>;
-}
-/**
- * Result of checking a login error response
- * Determines if a challenge should be displayed
- */
-interface AXPChallengeCheckResult {
-    /**
-     * Whether a challenge is required
-     */
-    required: boolean;
-    /**
-     * Optional message to display to the user
-     */
-    message?: string;
-    /**
-     * Additional data from server that may be needed for getChallenge()
-     * For example: sessionId, attemptId, etc.
-     */
-    serverData?: Record<string, unknown>;
-}
-
-/**
- * Base class for login challenge UI components
- *
- * Providers can extend this class to create custom challenge UIs.
- * The login component will render this component and listen to its outputs.
- *
- * @example
- * ```typescript
- * @Component({
- *   selector: 'my-captcha-challenge',
- *   template: `
- *     <div class="captcha-container">
- *       <img [src]="'data:image/png;base64,' + challengeData().content" />
- *       <input
- *         type="text"
- *         [value]="response()"
- *         (input)="onResponseChange($event)"
- *       />
- *       <button (click)="onRefreshClick()">Refresh</button>
- *     </div>
- *   `
- * })
- * export class MyCaptchaChallengeComponent extends AXPLoginChallengeComponentBase {
- *   response = signal('');
- *
- *   onResponseChange(event: Event) {
- *     const value = (event.target as HTMLInputElement).value;
- *     this.response.set(value);
- *     this.responseChange.emit(value);
- *   }
- *
- *   onRefreshClick() {
- *     this.refreshRequest.emit();
- *   }
- * }
- * ```
- */
-declare abstract class AXPLoginChallengeComponentBase {
-    /**
-     * Challenge data to display
-     * Contains the image/content and metadata from the server
-     */
-    challengeData: i0.InputSignal<AXPLoginChallengeData>;
-    /**
-     * Whether the challenge is currently loading (e.g., refreshing)
-     */
-    isLoading: i0.InputSignal<boolean>;
-    /**
-     * Emits when the user enters or changes their response
-     * The login component will capture this value and include it in credentials
-     */
-    responseChange: i0.OutputEmitterRef<string>;
-    /**
-     * Emits when the user requests a new challenge (e.g., clicks refresh button)
-     * The login component will call provider.refreshChallenge()
-     */
-    refreshRequest: i0.OutputEmitterRef<void>;
-    static ɵfac: i0.ɵɵFactoryDeclaration<AXPLoginChallengeComponentBase, never>;
-    static ɵcmp: i0.ɵɵComponentDeclaration<AXPLoginChallengeComponentBase, "ng-component", never, { "challengeData": { "alias": "challengeData"; "required": true; "isSignal": true; }; "isLoading": { "alias": "isLoading"; "required": false; "isSignal": true; }; }, { "responseChange": "responseChange"; "refreshRequest": "refreshRequest"; }, never, never, true, never>;
-}
-
-/**
- * Abstract base class for login challenge providers
- *
- * Implement this class to create custom challenge mechanisms like:
- * - Image CAPTCHA
- * - reCAPTCHA
- * - SMS verification
- * - Email verification
- *
- * @example
- * ```typescript
- * @Injectable()
- * export class MyImageCaptchaProvider extends AXPLoginChallengeProvider {
- *   readonly name = 'image-captcha';
- *
- *   checkResponse(error: unknown): AXPChallengeCheckResult | null {
- *     if (error instanceof HttpErrorResponse) {
- *       if (error.error?.requiresCaptcha) {
- *         return { required: true };
- *       }
- *     }
- *     return null;
- *   }
- *
- *   async getChallenge(): Promise<AXPLoginChallengeData> {
- *     const response = await this.http.get('/api/captcha').toPromise();
- *     return {
- *       id: response.id,
- *       content: response.image,
- *       contentType: 'image-base64'
- *     };
- *   }
- *
- *   async refreshChallenge(): Promise<AXPLoginChallengeData> {
- *     return this.getChallenge();
- *   }
- *
- *   getChallengeComponent(): Type<AXPLoginChallengeComponentBase> {
- *     return MyCaptchaChallengeComponent;
- *   }
- * }
- * ```
- */
-declare abstract class AXPLoginChallengeProvider {
-    /**
-     * Unique name identifier for this provider
-     */
-    abstract readonly name: string;
-    /**
-     * Checks the login error response to determine if a challenge is required
-     *
-     * This method is called after a failed login attempt. The implementation
-     * should inspect the error and return a result indicating whether a
-     * challenge should be displayed.
-     *
-     * @param error - The error from the failed login attempt (type varies by implementation)
-     * @returns Challenge check result, or null if this provider doesn't handle this error
-     */
-    abstract checkResponse(error: unknown): AXPChallengeCheckResult | null;
-    /**
-     * Fetches a new challenge from the server
-     *
-     * Called when checkResponse indicates a challenge is required.
-     * Should make an API call to get challenge data (e.g., CAPTCHA image).
-     *
-     * @param serverData - Optional data from checkResponse result that may be needed
-     * @returns Promise resolving to challenge data for display
-     */
-    abstract getChallenge(serverData?: Record<string, unknown>): Promise<AXPLoginChallengeData>;
-    /**
-     * Fetches a fresh challenge, replacing the current one
-     *
-     * Called when user requests a new challenge (e.g., clicks "new image" button).
-     * Typically delegates to getChallenge() but may have different behavior.
-     *
-     * @returns Promise resolving to new challenge data
-     */
-    abstract refreshChallenge(): Promise<AXPLoginChallengeData>;
-    /**
-     * Returns the component type for rendering the challenge UI
-     *
-     * Override this method to provide a custom challenge UI component.
-     * If not overridden (returns null), the login component will use
-     * a default built-in UI.
-     *
-     * @returns Component type extending AXPLoginChallengeComponentBase, or null for default UI
-     */
-    getChallengeComponent(): Type<AXPLoginChallengeComponentBase> | null;
-}
-
-/**
- * Injection token for the login challenge provider
- *
- * This token is optional - if not provided, no challenge mechanism will be used.
- *
- * @example
- * ```typescript
- * // In your app module or provider configuration:
- * providers: [
- *   {
- *     provide: AXP_LOGIN_CHALLENGE_PROVIDER,
- *     useClass: MyImageCaptchaProvider
- *   }
- * ]
- *
- * // In a component:
- * private challengeProvider = inject(AXP_LOGIN_CHALLENGE_PROVIDER, { optional: true });
- * ```
- */
-declare const AXP_LOGIN_CHALLENGE_PROVIDER: InjectionToken<AXPLoginChallengeProvider>;
-
-export { AXPAuthGuard, AXPAuthModule, AXPAuthStrategy, AXPAuthStrategyRegistryService, AXPFeatureDirective, AXPFeatureGuard, AXPLoginChallengeComponentBase, AXPLoginChallengeProvider, AXPPermissionDefinitionBuilder, AXPPermissionDefinitionGroupBuilder, AXPPermissionDefinitionProviderContext, AXPPermissionDefinitionService, AXPPermissionDirective, AXPPermissionEvaluatorScopeProvider, AXPPermissionGuard, AXPSessionContext, AXPSessionService, AXPSessionStatus, AXPUnauthenticatedError, AXPUnauthorizedError, AXP_APPLICATION_LOADER, AXP_FEATURE_LOADER, AXP_LOGIN_CHALLENGE_PROVIDER, AXP_PERMISSION_DEFINITION_PROVIDER, AXP_PERMISSION_LOADER, AXP_TENANT_LOADER, JwtUtil, PkceUtil, TimeUtil, initializeAppState };
-export type { AXPApplication, AXPApplicationLoader, AXPAuthModuleConfigs, AXPBaseCredentials, AXPChallengeCheckResult, AXPChallengeContentType, AXPFeature, AXPFeatureLoader, AXPLoginChallengeData, AXPPermission, AXPPermissionDefinition, AXPPermissionDefinitionProvider, AXPPermissionGroupDefinition, AXPPermissionLoader, AXPSessionData, AXPSignInResult, AXPTenant, AXPTenantLoader, AXPTokenResult, AXPUser };
+export { AXPAuthGuard, AXPAuthModule, AXPAuthStrategy, AXPAuthStrategyRegistryService, AXPFeatureDirective, AXPFeatureGuard, AXPPermissionDefinitionBuilder, AXPPermissionDefinitionGroupBuilder, AXPPermissionDefinitionProviderContext, AXPPermissionDefinitionService, AXPPermissionDirective, AXPPermissionEvaluatorScopeProvider, AXPPermissionGuard, AXPSessionContext, AXPSessionService, AXPSessionStatus, AXPUnauthenticatedError, AXPUnauthorizedError, AXP_APPLICATION_LOADER, AXP_FEATURE_CHECKER, AXP_FEATURE_LOADER, AXP_PERMISSION_CHECKER, AXP_PERMISSION_DEFINITION_PROVIDER, AXP_PERMISSION_LOADER, AXP_TENANT_LOADER, JwtUtil, PkceUtil, TimeUtil, initializeAppState };
+export type { AXPApplication, AXPApplicationLoader, AXPAuthModuleConfigs, AXPBaseCredentials, AXPEdition, AXPFeature, AXPFeatureChecker, AXPFeatureLoader, AXPPermission, AXPPermissionChecker, AXPPermissionDefinition, AXPPermissionDefinitionProvider, AXPPermissionGroupDefinition, AXPPermissionLoader, AXPSessionData, AXPSignInResult, AXPTenant, AXPTenantLoader, AXPTokenResult, AXPUser };