@bagelink/auth 1.4.169 → 1.4.171

package/src/api.ts

@@ -1,25 +1,34 @@
 import type { AxiosInstance, InternalAxiosRequestConfig } from 'axios'
 import type {
-	User,
-	NewUser,
-	UpdatePasswordForm,
-	Token,
-	NewPassword,
-	UserCreate,
-	SanitizedUserOut,
-	SanitizedUserList,
+	RegisterRequest,
+	UpdateAccountRequest,
+	ChangePasswordRequest,
+	ResetPasswordRequest,
+	SendVerificationRequest,
+	AuthenticationAccount,
 	LoginResponse,
-	PasswordRecoveryResponse,
-	ResetPasswordResponse,
-	GetUserResponse,
-	UpdateUserResponse,
-	DeleteUserResponse,
-	GetUsersResponse,
-	CreateUserResponse,
+	RegisterResponse,
+	LogoutResponse,
 	GetMeResponse,
 	UpdateMeResponse,
-	UpdatePasswordResponse,
-	SignupResponse,
+	DeleteMeResponse,
+	GetAccountResponse,
+	UpdateAccountResponse,
+	DeleteAccountResponse,
+	ActivateAccountResponse,
+	DeactivateAccountResponse,
+	ChangePasswordResponse,
+	ForgotPasswordResponse,
+	ResetPasswordResponse,
+	VerifyResetTokenResponse,
+	SendVerificationResponse,
+	VerifyEmailResponse,
+	RefreshSessionResponse,
+	GetSessionsResponse,
+	DeleteSessionResponse,
+	DeleteAllSessionsResponse,
+	CleanupSessionsResponse,
+	GetMethodsResponse,
 } from './types'
 import { createAxiosInstance } from './utils'
 
@@ -33,98 +42,247 @@ export class AuthApi {
 
 	private setupInterceptors() {
 		this.api.interceptors.request.use((config: InternalAxiosRequestConfig) => {
-			const token = localStorage.getItem('access_token')
-			if (token !== null && config.headers) {
-				config.headers.Authorization = `Bearer ${token}`
+			const sessionToken = localStorage.getItem('session_token')
+			if (sessionToken !== null && config.headers) {
+				config.headers.Authorization = `Bearer ${sessionToken}`
 			}
 
+			// Handle password reset token from URL
 			const urlParams = new URLSearchParams(window.location.search)
 			const resetToken = urlParams.get('token')
-
 			if (resetToken !== null && config.headers) {
-				config.headers.Authorization = `Bearer ${resetToken}`
+				config.headers['X-Reset-Token'] = resetToken
 			}
+
 			return config
 		})
 	}
 
-	async login(username: string, password: string): Promise<LoginResponse> {
-		const { data } = await this.api.post<Token>('/auth/login', {
-			username: username.toLowerCase(),
-			password,
+	// ============================================
+	// Authentication Methods
+	// ============================================
+
+	/**
+	 * Get available authentication methods
+	 */
+	async getAuthMethods(): Promise<GetMethodsResponse> {
+		return this.api.get('/authentication/methods')
+	}
+
+	/**
+	 * Register a new account
+	 */
+	async register(data: RegisterRequest): Promise<RegisterResponse> {
+		const response = await this.api.post('/authentication/register', {
+			...data,
+			email: data.email.toLowerCase(),
 		})
-		localStorage.setItem('access_token', data.access_token)
-		return { data } as LoginResponse
+
+		// Store session token if provided
+		if (response.data.session_token) {
+			localStorage.setItem('session_token', response.data.session_token)
+		}
+
+		return response
 	}
 
-	logout() {
-		localStorage.removeItem('access_token')
-		window.location.reload()
+	/**
+	 * Login with password
+	 */
+	async login(email: string, password: string): Promise<LoginResponse> {
+		const response = await this.api.post('/authentication/login/password', {
+			email: email.toLowerCase(),
+			password,
+		})
+
+		// Store session token if provided
+		if (response.data.session_token) {
+			localStorage.setItem('session_token', response.data.session_token)
+		}
+
+		return response
 	}
 
-	async passwordRecovery(email?: string): Promise<PasswordRecoveryResponse> {
-		return this.api.post('/auth/password-recovery', { email })
+	/**
+	 * Logout and clear session
+	 */
+	async logout(): Promise<LogoutResponse> {
+		const response = await this.api.post('/authentication/logout', {})
+		localStorage.removeItem('session_token')
+		return response
 	}
 
-	async resetPassword(
-		newPassword: NewPassword['new_password']
-	): Promise<ResetPasswordResponse> {
-		return this.api.post('/auth/reset-password', { new_password: newPassword })
+	/**
+	 * Refresh current session
+	 */
+	async refreshSession(): Promise<RefreshSessionResponse> {
+		const response = await this.api.post('/authentication/refresh', {})
+
+		// Update session token if provided
+		if (response.data.session_token) {
+			localStorage.setItem('session_token', response.data.session_token)
+		}
+
+		return response
 	}
 
+	// ============================================
+	// Current User (Me) Methods
+	// ============================================
+
+	/**
+	 * Get current user account info
+	 */
 	async getCurrentUser(): Promise<GetMeResponse> {
-		return this.api.get<SanitizedUserOut>('/users/me')
+		return this.api.get('/authentication/me')
 	}
 
-	async signup(user: NewUser): Promise<SignupResponse> {
-		return this.api.post<SanitizedUserOut>('/users/signup', {
-			email: user.email.toLowerCase(),
-			password: user.password,
-			first_name: user.first_name,
-			last_name: user.last_name,
-		})
+	/**
+	 * Update current user profile
+	 */
+	async updateCurrentUser(data: UpdateAccountRequest): Promise<UpdateMeResponse> {
+		return this.api.patch('/authentication/me', data)
 	}
 
-	async updatePassword(
-		form: UpdatePasswordForm
-	): Promise<UpdatePasswordResponse> {
-		return this.api.patch('/users/me/password', {
-			current_password: form.current_password,
-			new_password: form.new_password,
-		})
+	/**
+	 * Delete current user account
+	 */
+	async deleteCurrentUser(): Promise<DeleteMeResponse> {
+		const response = await this.api.delete('/authentication/me')
+		localStorage.removeItem('session_token')
+		return response
 	}
 
-	async updateUserProfile(user: Partial<User>): Promise<UpdateMeResponse> {
-		return this.api.patch<SanitizedUserOut>('/users/me', user)
+	// ============================================
+	// Account Management (Admin)
+	// ============================================
+
+	/**
+	 * Get account information by ID
+	 */
+	async getAccount(accountId: string): Promise<GetAccountResponse> {
+		return this.api.get(`/authentication/account/${accountId}`)
 	}
 
-	async setUserStatus(
-		userId: string,
-		isActive: boolean
-	): Promise<UpdateUserResponse> {
-		return this.api.patch<SanitizedUserOut>(`/users/${userId}`, {
-			is_active: isActive,
+	/**
+	 * Update account by ID
+	 */
+	async updateAccount(
+		accountId: string,
+		data: UpdateAccountRequest
+	): Promise<UpdateAccountResponse> {
+		return this.api.patch(`/authentication/account/${accountId}`, data)
+	}
+
+	/**
+	 * Delete account by ID
+	 */
+	async deleteAccount(accountId: string): Promise<DeleteAccountResponse> {
+		return this.api.delete(`/authentication/account/${accountId}`)
+	}
+
+	/**
+	 * Activate account by ID
+	 */
+	async activateAccount(accountId: string): Promise<ActivateAccountResponse> {
+		return this.api.post(`/authentication/account/${accountId}/activate`, {})
+	}
+
+	/**
+	 * Deactivate account by ID
+	 */
+	async deactivateAccount(
+		accountId: string
+	): Promise<DeactivateAccountResponse> {
+		return this.api.post(`/authentication/account/${accountId}/deactivate`, {})
+	}
+
+	// ============================================
+	// Password Management
+	// ============================================
+
+	/**
+	 * Change password (requires current password)
+	 */
+	async changePassword(data: ChangePasswordRequest): Promise<ChangePasswordResponse> {
+		return this.api.post('/authentication/password/change', data)
+	}
+
+	/**
+	 * Initiate forgot password flow
+	 */
+	async forgotPassword(email: string): Promise<ForgotPasswordResponse> {
+		return this.api.post('/authentication/password/forgot', {
+			email: email.toLowerCase(),
 		})
 	}
 
-	async deleteUser(userId: string): Promise<DeleteUserResponse> {
-		return this.api.delete(`/users/${userId}`)
+	/**
+	 * Verify password reset token
+	 */
+	async verifyResetToken(token: string): Promise<VerifyResetTokenResponse> {
+		return this.api.get(`/authentication/password/verify-reset-token/${token}`)
 	}
 
-	async getUsers(
-		limit: number = 100,
-		skip?: number
-	): Promise<GetUsersResponse> {
-		return this.api.get<SanitizedUserList>('/users/', {
-			params: { skip, limit },
+	/**
+	 * Reset password with token
+	 */
+	async resetPassword(data: ResetPasswordRequest): Promise<ResetPasswordResponse> {
+		return this.api.post('/authentication/password/reset', data)
+	}
+
+	// ============================================
+	// Email Verification
+	// ============================================
+
+	/**
+	 * Send email verification
+	 */
+	async sendVerification(
+		data: SendVerificationRequest = {},
+		user?: AuthenticationAccount
+	): Promise<SendVerificationResponse> {
+		return this.api.post('/authentication/verify/send', data, {
+			params: user ? { user } : undefined,
 		})
 	}
 
-	async createUser(user: UserCreate): Promise<CreateUserResponse> {
-		return this.api.post<SanitizedUserOut>('/users/', user)
+	/**
+	 * Verify email with token
+	 */
+	async verifyEmail(token: string): Promise<VerifyEmailResponse> {
+		return this.api.post('/authentication/verify/email', { token })
+	}
+
+	// ============================================
+	// Session Management
+	// ============================================
+
+	/**
+	 * Get sessions for an account
+	 */
+	async getSessions(accountId: string): Promise<GetSessionsResponse> {
+		return this.api.get(`/authentication/sessions/${accountId}`)
+	}
+
+	/**
+	 * Revoke a specific session
+	 */
+	async revokeSession(sessionToken: string): Promise<DeleteSessionResponse> {
+		return this.api.delete(`/authentication/sessions/${sessionToken}`)
+	}
+
+	/**
+	 * Revoke all sessions for an account
+	 */
+	async revokeAllSessions(accountId: string): Promise<DeleteAllSessionsResponse> {
+		return this.api.delete(`/authentication/sessions/account/${accountId}`)
 	}
 
-	async getUser(userId: string): Promise<GetUserResponse> {
-		return this.api.get<SanitizedUserOut>(`/users/${userId}`)
+	/**
+	 * Cleanup expired sessions (admin)
+	 */
+	async cleanupSessions(): Promise<CleanupSessionsResponse> {
+		return this.api.post('/authentication/cleanup-sessions', {})
 	}
 }

package/src/types.ts

@@ -1,39 +1,20 @@
 /* eslint-disable no-unused-vars */
 import type { AxiosResponse } from 'axios'
 
-export interface User {
-	id: string
-	email: string
-	first_name?: string
-	last_name?: string
-	is_superuser?: boolean
-	is_active?: boolean
-}
-
-export interface UserRegister {
-	email: string
-	password: string
-	first_name: string
-	last_name: string
-}
-
-export interface NewUser extends UserRegister {
-	confirmPassword: string
-}
-
-export interface UpdatePasswordForm {
-	current_password: string
-	new_password: string
-	confirmNewPassword: string
-}
+// ============================================
+// Auth State & Events
+// ============================================
 
 export enum AuthState {
 	LOGIN = 'login',
 	LOGOUT = 'logout',
 	SIGNUP = 'signup',
 	PASSWORD_RESET = 'password_reset',
+	PASSWORD_CHANGE = 'password_change',
 	PROFILE_UPDATE = 'profile_update',
 	AUTH_CHECK = 'auth_check',
+	EMAIL_VERIFIED = 'email_verified',
+	SESSION_REFRESH = 'session_refresh',
 }
 
 export type AuthEventHandler = () => void
@@ -42,75 +23,215 @@ export interface AuthEventMap {
 	[AuthState.LOGOUT]: AuthEventHandler
 	[AuthState.SIGNUP]: AuthEventHandler
 	[AuthState.PASSWORD_RESET]: AuthEventHandler
+	[AuthState.PASSWORD_CHANGE]: AuthEventHandler
 	[AuthState.PROFILE_UPDATE]: AuthEventHandler
 	[AuthState.AUTH_CHECK]: AuthEventHandler
+	[AuthState.EMAIL_VERIFIED]: AuthEventHandler
+	[AuthState.SESSION_REFRESH]: AuthEventHandler
 }
 
-// API Response Types
-export interface Token {
-	access_token: string
+// ============================================
+// Core Types
+// ============================================
+
+export type AuthenticationAccountType = 'person' | 'entity' | 'service'
+
+export type AuthenticationMethodType =
+	| 'password'
+	| 'email_token'
+	| 'sso'
+	| 'otp'
+
+export interface AuthenticationAccount {
+	created_at?: string
+	updated_at?: string
+	account_type?: AuthenticationAccountType
+	person_id?: string
+	entity_id?: string
+	display_name?: string
+	is_active?: boolean
+	is_verified?: boolean
+	account_metadata?: string
+	last_login_at?: string
+	failed_login_attempts?: number
+	locked_until?: string
+	id: string
 }
 
-export interface PasswordRecovery {
-	email: string
+export interface PersonInfo {
+	id: string
+	name: string
+	email?: string
+	roles: string[]
 }
 
-export interface NewPassword {
-	new_password: string
+export interface AuthMethodInfo {
+	id: string
+	type: string
+	identifier?: string
+	is_verified: boolean
+	last_used?: string
+	use_count: number
 }
 
-export interface UserUpdate {
-	email?: string
-	is_active?: boolean
-	is_superuser?: boolean
-	first_name?: string
-	last_name?: string
+export interface AccountInfo {
+	id: string
+	account_type: string
+	display_name: string
+	is_active: boolean
+	is_verified: boolean
+	last_login?: string
+	authentication_methods: AuthMethodInfo[]
+	person?: PersonInfo
 }
 
-export interface UserUpdateMe {
-	email?: string
+export interface SessionInfo {
+	id: string
+	created_at: string
+	expires_at: string
+	ip_address?: string
+	user_agent?: string
+	is_current?: boolean
+}
+
+// ============================================
+// Request Types
+// ============================================
+
+export interface RegisterRequest {
+	email: string
+	first_name: string
+	last_name: string
+	phone_number?: string
+	password?: string
+}
+
+export interface UpdateAccountRequest {
 	first_name?: string
 	last_name?: string
+	email?: string
+	phone_number?: string
 }
 
-export interface UpdatePassword {
+export interface PasswordLoginRequest {
+	email: string
+	password: string
+}
+
+export interface ChangePasswordRequest {
 	current_password: string
 	new_password: string
 }
 
-export interface UserCreate {
+export interface ForgotPasswordRequest {
 	email: string
-	password: string
-	first_name?: string
-	last_name?: string
-	is_active?: boolean
-	is_superuser?: boolean
 }
 
-export interface SanitizedUserOut {
+export interface ResetPasswordRequest {
+	token: string
+	new_password: string
+}
+
+export interface SendVerificationRequest {
+	email?: string
+}
+
+export interface VerifyEmailRequest {
+	token: string
+}
+
+// Client-side helper types
+export interface NewUser extends RegisterRequest {
+	confirmPassword: string
+}
+
+export interface UpdatePasswordForm extends ChangePasswordRequest {
+	confirmNewPassword: string
+}
+
+// ============================================
+// Response Types
+// ============================================
+
+export interface MessageResponse {
+	message: string
+}
+
+export interface AuthStatusResponse {
+	status: string
+	methods: string[]
+}
+
+export interface AvailableMethodsResponse {
+	available_methods: { [key: string]: any }[]
+}
+
+export interface OTPMetadata {
+	nonce: string
+	verification_hash: string
+	timestamp: number
+	expires_in_minutes: number
+	autofill: { [key: string]: any }
+}
+
+export interface SSOMetadata {
+	provider: string
+	sso_user_info: { [key: string]: any }
+	can_create_account?: boolean
+}
+
+export interface AuthenticationResponse {
+	success: boolean
+	account_id?: string
+	session_token?: string
+	requires_verification?: boolean
+	verification_method?: AuthenticationMethodType
+	message?: string
+	metadata?: OTPMetadata | SSOMetadata | { [key: string]: any }
+}
+
+export interface SessionListResponse {
+	account_id: string
+	sessions: SessionInfo[]
+}
+
+// ============================================
+// Axios Response Types
+// ============================================
+
+export type LoginResponse = AxiosResponse<AuthenticationResponse>
+export type RegisterResponse = AxiosResponse<AuthenticationResponse>
+export type LogoutResponse = AxiosResponse<MessageResponse>
+export type GetMeResponse = AxiosResponse<AccountInfo>
+export type UpdateMeResponse = AxiosResponse<AccountInfo>
+export type DeleteMeResponse = AxiosResponse<MessageResponse>
+export type GetAccountResponse = AxiosResponse<AccountInfo>
+export type UpdateAccountResponse = AxiosResponse<AccountInfo>
+export type DeleteAccountResponse = AxiosResponse<MessageResponse>
+export type ActivateAccountResponse = AxiosResponse<AccountInfo>
+export type DeactivateAccountResponse = AxiosResponse<AccountInfo>
+export type ChangePasswordResponse = AxiosResponse<MessageResponse>
+export type ForgotPasswordResponse = AxiosResponse<MessageResponse>
+export type ResetPasswordResponse = AxiosResponse<MessageResponse>
+export type VerifyResetTokenResponse = AxiosResponse<MessageResponse>
+export type SendVerificationResponse = AxiosResponse<MessageResponse>
+export type VerifyEmailResponse = AxiosResponse<MessageResponse>
+export type RefreshSessionResponse = AxiosResponse<AuthenticationResponse>
+export type GetSessionsResponse = AxiosResponse<SessionListResponse>
+export type DeleteSessionResponse = AxiosResponse<MessageResponse>
+export type DeleteAllSessionsResponse = AxiosResponse<MessageResponse>
+export type CleanupSessionsResponse = AxiosResponse<MessageResponse>
+export type GetMethodsResponse = AxiosResponse<AvailableMethodsResponse>
+
+// ============================================
+// Legacy Type Aliases (for backward compatibility)
+// ============================================
+
+/** @deprecated Use AccountInfo instead */
+export type User = AccountInfo & {
 	email: string
-	is_active?: boolean
-	is_superuser?: boolean
 	first_name?: string
 	last_name?: string
-	id: string
+	is_superuser?: boolean
+	is_active?: boolean
 }
-
-export interface SanitizedUserList {
-	data: SanitizedUserOut[]
-	count: number
-}
-
-// API Response Types
-export type LoginResponse = AxiosResponse<Token>
-export type PasswordRecoveryResponse = AxiosResponse
-export type ResetPasswordResponse = AxiosResponse
-export type GetUserResponse = AxiosResponse<SanitizedUserOut>
-export type UpdateUserResponse = AxiosResponse<SanitizedUserOut>
-export type DeleteUserResponse = AxiosResponse
-export type GetUsersResponse = AxiosResponse<SanitizedUserList>
-export type CreateUserResponse = AxiosResponse<SanitizedUserOut>
-export type GetMeResponse = AxiosResponse<SanitizedUserOut>
-export type UpdateMeResponse = AxiosResponse<SanitizedUserOut>
-export type UpdatePasswordResponse = AxiosResponse
-export type SignupResponse = AxiosResponse<SanitizedUserOut>