@blezgo/api-sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (175) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/README.md +27 -0
  3. package/dist/account/client.d.ts +3 -0
  4. package/dist/account/client.d.ts.map +1 -0
  5. package/dist/account/client.js +3 -0
  6. package/dist/account/client.js.map +1 -0
  7. package/dist/account/generated.d.ts +2648 -0
  8. package/dist/account/generated.d.ts.map +1 -0
  9. package/dist/account/generated.js +6 -0
  10. package/dist/account/generated.js.map +1 -0
  11. package/dist/account/index.d.ts +2 -0
  12. package/dist/account/index.d.ts.map +1 -0
  13. package/dist/account/index.js +2 -0
  14. package/dist/account/index.js.map +1 -0
  15. package/dist/admin/client.d.ts +3 -0
  16. package/dist/admin/client.d.ts.map +1 -0
  17. package/dist/admin/client.js +3 -0
  18. package/dist/admin/client.js.map +1 -0
  19. package/dist/admin/generated.d.ts +956 -0
  20. package/dist/admin/generated.d.ts.map +1 -0
  21. package/dist/admin/generated.js +6 -0
  22. package/dist/admin/generated.js.map +1 -0
  23. package/dist/admin/index.d.ts +2 -0
  24. package/dist/admin/index.d.ts.map +1 -0
  25. package/dist/admin/index.js +2 -0
  26. package/dist/admin/index.js.map +1 -0
  27. package/dist/authentication/client.d.ts +3 -0
  28. package/dist/authentication/client.d.ts.map +1 -0
  29. package/dist/authentication/client.js +3 -0
  30. package/dist/authentication/client.js.map +1 -0
  31. package/dist/authentication/generated.d.ts +746 -0
  32. package/dist/authentication/generated.d.ts.map +1 -0
  33. package/dist/authentication/generated.js +6 -0
  34. package/dist/authentication/generated.js.map +1 -0
  35. package/dist/authentication/index.d.ts +2 -0
  36. package/dist/authentication/index.d.ts.map +1 -0
  37. package/dist/authentication/index.js +2 -0
  38. package/dist/authentication/index.js.map +1 -0
  39. package/dist/cache/client.d.ts +3 -0
  40. package/dist/cache/client.d.ts.map +1 -0
  41. package/dist/cache/client.js +3 -0
  42. package/dist/cache/client.js.map +1 -0
  43. package/dist/cache/generated.d.ts +3355 -0
  44. package/dist/cache/generated.d.ts.map +1 -0
  45. package/dist/cache/generated.js +6 -0
  46. package/dist/cache/generated.js.map +1 -0
  47. package/dist/cache/index.d.ts +2 -0
  48. package/dist/cache/index.d.ts.map +1 -0
  49. package/dist/cache/index.js +2 -0
  50. package/dist/cache/index.js.map +1 -0
  51. package/dist/config/client.d.ts +3 -0
  52. package/dist/config/client.d.ts.map +1 -0
  53. package/dist/config/client.js +3 -0
  54. package/dist/config/client.js.map +1 -0
  55. package/dist/config/generated.d.ts +1150 -0
  56. package/dist/config/generated.d.ts.map +1 -0
  57. package/dist/config/generated.js +6 -0
  58. package/dist/config/generated.js.map +1 -0
  59. package/dist/config/index.d.ts +2 -0
  60. package/dist/config/index.d.ts.map +1 -0
  61. package/dist/config/index.js +2 -0
  62. package/dist/config/index.js.map +1 -0
  63. package/dist/dashboard/client.d.ts +3 -0
  64. package/dist/dashboard/client.d.ts.map +1 -0
  65. package/dist/dashboard/client.js +3 -0
  66. package/dist/dashboard/client.js.map +1 -0
  67. package/dist/dashboard/generated.d.ts +4831 -0
  68. package/dist/dashboard/generated.d.ts.map +1 -0
  69. package/dist/dashboard/generated.js +6 -0
  70. package/dist/dashboard/generated.js.map +1 -0
  71. package/dist/dashboard/index.d.ts +2 -0
  72. package/dist/dashboard/index.d.ts.map +1 -0
  73. package/dist/dashboard/index.js +2 -0
  74. package/dist/dashboard/index.js.map +1 -0
  75. package/dist/errors/client.d.ts +3 -0
  76. package/dist/errors/client.d.ts.map +1 -0
  77. package/dist/errors/client.js +3 -0
  78. package/dist/errors/client.js.map +1 -0
  79. package/dist/errors/generated.d.ts +340 -0
  80. package/dist/errors/generated.d.ts.map +1 -0
  81. package/dist/errors/generated.js +6 -0
  82. package/dist/errors/generated.js.map +1 -0
  83. package/dist/errors/index.d.ts +2 -0
  84. package/dist/errors/index.d.ts.map +1 -0
  85. package/dist/errors/index.js +2 -0
  86. package/dist/errors/index.js.map +1 -0
  87. package/dist/index.d.ts +15 -0
  88. package/dist/index.d.ts.map +1 -0
  89. package/dist/index.js +19 -0
  90. package/dist/index.js.map +1 -0
  91. package/dist/internationalization/client.d.ts +3 -0
  92. package/dist/internationalization/client.d.ts.map +1 -0
  93. package/dist/internationalization/client.js +3 -0
  94. package/dist/internationalization/client.js.map +1 -0
  95. package/dist/internationalization/generated.d.ts +587 -0
  96. package/dist/internationalization/generated.d.ts.map +1 -0
  97. package/dist/internationalization/generated.js +6 -0
  98. package/dist/internationalization/generated.js.map +1 -0
  99. package/dist/internationalization/index.d.ts +2 -0
  100. package/dist/internationalization/index.d.ts.map +1 -0
  101. package/dist/internationalization/index.js +2 -0
  102. package/dist/internationalization/index.js.map +1 -0
  103. package/dist/invitations/client.d.ts +3 -0
  104. package/dist/invitations/client.d.ts.map +1 -0
  105. package/dist/invitations/client.js +3 -0
  106. package/dist/invitations/client.js.map +1 -0
  107. package/dist/invitations/generated.d.ts +4019 -0
  108. package/dist/invitations/generated.d.ts.map +1 -0
  109. package/dist/invitations/generated.js +6 -0
  110. package/dist/invitations/generated.js.map +1 -0
  111. package/dist/invitations/index.d.ts +2 -0
  112. package/dist/invitations/index.d.ts.map +1 -0
  113. package/dist/invitations/index.js +2 -0
  114. package/dist/invitations/index.js.map +1 -0
  115. package/dist/registration/client.d.ts +3 -0
  116. package/dist/registration/client.d.ts.map +1 -0
  117. package/dist/registration/client.js +3 -0
  118. package/dist/registration/client.js.map +1 -0
  119. package/dist/registration/generated.d.ts +1010 -0
  120. package/dist/registration/generated.d.ts.map +1 -0
  121. package/dist/registration/generated.js +6 -0
  122. package/dist/registration/generated.js.map +1 -0
  123. package/dist/registration/index.d.ts +2 -0
  124. package/dist/registration/index.d.ts.map +1 -0
  125. package/dist/registration/index.js +2 -0
  126. package/dist/registration/index.js.map +1 -0
  127. package/dist/role/client.d.ts +3 -0
  128. package/dist/role/client.d.ts.map +1 -0
  129. package/dist/role/client.js +3 -0
  130. package/dist/role/client.js.map +1 -0
  131. package/dist/role/generated.d.ts +6324 -0
  132. package/dist/role/generated.d.ts.map +1 -0
  133. package/dist/role/generated.js +6 -0
  134. package/dist/role/generated.js.map +1 -0
  135. package/dist/role/index.d.ts +2 -0
  136. package/dist/role/index.d.ts.map +1 -0
  137. package/dist/role/index.js +2 -0
  138. package/dist/role/index.js.map +1 -0
  139. package/dist/tenant/client.d.ts +3 -0
  140. package/dist/tenant/client.d.ts.map +1 -0
  141. package/dist/tenant/client.js +3 -0
  142. package/dist/tenant/client.js.map +1 -0
  143. package/dist/tenant/generated.d.ts +8273 -0
  144. package/dist/tenant/generated.d.ts.map +1 -0
  145. package/dist/tenant/generated.js +6 -0
  146. package/dist/tenant/generated.js.map +1 -0
  147. package/dist/tenant/index.d.ts +2 -0
  148. package/dist/tenant/index.d.ts.map +1 -0
  149. package/dist/tenant/index.js +2 -0
  150. package/dist/tenant/index.js.map +1 -0
  151. package/dist/tokens/client.d.ts +3 -0
  152. package/dist/tokens/client.d.ts.map +1 -0
  153. package/dist/tokens/client.js +3 -0
  154. package/dist/tokens/client.js.map +1 -0
  155. package/dist/tokens/generated.d.ts +528 -0
  156. package/dist/tokens/generated.d.ts.map +1 -0
  157. package/dist/tokens/generated.js +6 -0
  158. package/dist/tokens/generated.js.map +1 -0
  159. package/dist/tokens/index.d.ts +2 -0
  160. package/dist/tokens/index.d.ts.map +1 -0
  161. package/dist/tokens/index.js +2 -0
  162. package/dist/tokens/index.js.map +1 -0
  163. package/dist/user/client.d.ts +3 -0
  164. package/dist/user/client.d.ts.map +1 -0
  165. package/dist/user/client.js +3 -0
  166. package/dist/user/client.js.map +1 -0
  167. package/dist/user/generated.d.ts +4350 -0
  168. package/dist/user/generated.d.ts.map +1 -0
  169. package/dist/user/generated.js +6 -0
  170. package/dist/user/generated.js.map +1 -0
  171. package/dist/user/index.d.ts +2 -0
  172. package/dist/user/index.d.ts.map +1 -0
  173. package/dist/user/index.js +2 -0
  174. package/dist/user/index.js.map +1 -0
  175. package/package.json +39 -0
package/dist/admin/generated.d.ts ADDED
@@ -0,0 +1,956 @@
1
+ /**
2
+ * This file was auto-generated by openapi-typescript.
3
+ * Do not make direct changes to the file.
4
+ */
5
+ export interface paths {
6
+ "/v1/auth/server-clients/admin": {
7
+ parameters: {
8
+ query?: never;
9
+ header?: never;
10
+ path?: never;
11
+ cookie?: never;
12
+ };
13
+ /**
14
+ * List Server Clients
15
+ * @description **List all server clients.**
16
+ *
17
+ * **Purpose**: View all server clients for monitoring and management.
18
+ *
19
+ * **Query Parameters**:
20
+ * - status: Filter by status (active, revoked)
21
+ * - page: Page number (default: 1)
22
+ * - limit: Items per page (default: 50, max: 100)
23
+ *
24
+ * **Authentication**: Admin JWT (requires server_clients.read.all permission)
25
+ *
26
+ * **Response Codes**:
27
+ * - 200: Success
28
+ * - 401: Unauthorized
29
+ * - 403: Insufficient permissions
30
+ * - 500: Server error
31
+ */
32
+ get: operations["listServerClients"];
33
+ put?: never;
34
+ /**
35
+ * Create Server Client
36
+ * @description **Create a new server client for backend-to-backend authentication.**
37
+ *
38
+ * **Purpose**: Generate server client credentials (client_id + client_secret)
39
+ * for a backend application to authenticate with this API.
40
+ *
41
+ * **Flow**:
42
+ * 1. Validate role_id exists via blezgo_core internal endpoint
43
+ * 2. Generate client_id (human-readable, unique)
44
+ * 3. Generate client_secret (32 chars, cryptographically secure)
45
+ * 4. Hash client_secret with bcrypt (cost factor 12)
46
+ * 5. Store in server_clients_tbl (authdb)
47
+ * 6. Return client_id + client_secret (SHOWN ONCE)
48
+ *
49
+ * **CRITICAL SECURITY NOTICE**:
50
+ * - client_secret is shown ONLY ONCE
51
+ * - Store it securely (AWS Secrets Manager, HashiCorp Vault, etc.)
52
+ * - Cannot be retrieved later; if lost, revoke and create a new client
53
+ *
54
+ * **Authentication**: Admin JWT (requires server_clients.create.all permission)
55
+ * **Rate Limit**: 10 requests per hour per user
56
+ *
57
+ * **Response Codes**:
58
+ * - 201: Server client created successfully
59
+ * - 400: Invalid request (validation errors)
60
+ * - 401: Unauthorized
61
+ * - 403: Insufficient permissions
62
+ * - 500: Server error
63
+ */
64
+ post: operations["createServerClient"];
65
+ delete?: never;
66
+ options?: never;
67
+ head?: never;
68
+ patch?: never;
69
+ trace?: never;
70
+ };
71
+ "/v1/auth/server-clients/admin/{client_id}": {
72
+ parameters: {
73
+ query?: never;
74
+ header?: never;
75
+ path?: never;
76
+ cookie?: never;
77
+ };
78
+ get?: never;
79
+ put?: never;
80
+ post?: never;
81
+ /**
82
+ * Revoke Server Client
83
+ * @description **Revoke a server client (permanent soft delete).**
84
+ *
85
+ * **Purpose**: Permanently disable a server client. Cannot be undone.
86
+ *
87
+ * **Flow**:
88
+ * 1. Locate client by client_id
89
+ * 2. Mark as inactive (is_active = false)
90
+ * 3. Set revoked_at timestamp and store revocation reason
91
+ * 4. All existing tokens for this client become invalid immediately
92
+ * 5. Client cannot generate new tokens
93
+ *
94
+ * **Authentication**: Admin JWT (requires server_clients.delete.all permission)
95
+ *
96
+ * **Response Codes**:
97
+ * - 200: Client revoked successfully
98
+ * - 400: Missing or invalid reason
99
+ * - 401: Unauthorized
100
+ * - 403: Insufficient permissions
101
+ * - 404: Client not found
102
+ * - 500: Server error
103
+ */
104
+ delete: operations["revokeServerClient"];
105
+ options?: never;
106
+ head?: never;
107
+ patch?: never;
108
+ trace?: never;
109
+ };
110
+ "/v1/auth/social/clients/admin": {
111
+ parameters: {
112
+ query?: never;
113
+ header?: never;
114
+ path?: never;
115
+ cookie?: never;
116
+ };
117
+ get?: never;
118
+ /**
119
+ * Register Social Client
120
+ * @description Register OAuth client credentials for a social login provider (Admin Only).
121
+ *
122
+ * **For**: System administrators
123
+ * **Purpose**: Create or fully replace the OAuth config for a provider.
124
+ * One config per provider — sending this again for the same provider
125
+ * completely replaces the stored credentials (full replace, not partial).
126
+ * All credential fields required on every call.
127
+ *
128
+ * **Flow**:
129
+ * 1. Validate credentials format per provider (client_id format, required fields)
130
+ * 2. Upsert row in social_auth_configs_tbl (org_id + provider = unique key)
131
+ * 3. Return config_id
132
+ *
133
+ * ---
134
+ *
135
+ * **Google**
136
+ * ```json
137
+ * {
138
+ * "provider": "google",
139
+ * "client_id": "556692537239-abc123.apps.googleusercontent.com",
140
+ * "client_secret": "GOCSPX-xxxxxxxxxxxxxxxxxxxx",
141
+ * "redirect_uri": "https://yourdomain.com/auth/callback/google",
142
+ * "allowed_domains": ["yourdomain.com"]
143
+ * }
144
+ * ```
145
+ *
146
+ * **Facebook**
147
+ * ```json
148
+ * {
149
+ * "provider": "facebook",
150
+ * "client_id": "1234567890123456",
151
+ * "client_secret": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4",
152
+ * "redirect_uri": "https://yourdomain.com/auth/callback/facebook"
153
+ * }
154
+ * ```
155
+ *
156
+ * **LinkedIn**
157
+ * ```json
158
+ * {
159
+ * "provider": "linkedin",
160
+ * "client_id": "86abcdefgh1234",
161
+ * "client_secret": "xxxxxxxxxxxxxxxx",
162
+ * "redirect_uri": "https://yourdomain.com/auth/callback/linkedin"
163
+ * }
164
+ * ```
165
+ *
166
+ * **X (Twitter)**
167
+ * ```json
168
+ * {
169
+ * "provider": "x",
170
+ * "client_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxx",
171
+ * "client_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
172
+ * "redirect_uri": "https://yourdomain.com/auth/callback/x"
173
+ * }
174
+ * ```
175
+ *
176
+ * **Apple**
177
+ * ```json
178
+ * {
179
+ * "provider": "apple",
180
+ * "client_id": "com.yourdomain.app",
181
+ * "redirect_uri": "https://yourdomain.com/auth/callback/apple",
182
+ * "apple_team_id": "ABCDE12345",
183
+ * "apple_key_id": "FGHIJ67890",
184
+ * "apple_private_key": "-----BEGIN PRIVATE KEY-----\nMIGTAgEAMB...\n-----END PRIVATE KEY-----"
185
+ * }
186
+ * ```
187
+ *
188
+ * **Authentication**: Admin JWT
189
+ * **Rate Limit**: 5 requests per minute
190
+ *
191
+ * **Response Codes**:
192
+ * - 201: Config saved (created or updated)
193
+ * - 400: Validation error (wrong format, missing required fields for provider)
194
+ * - 401: Unauthorized
195
+ * - 403: Insufficient permissions
196
+ */
197
+ put: operations["registerSocialClient"];
198
+ post?: never;
199
+ delete?: never;
200
+ options?: never;
201
+ head?: never;
202
+ patch?: never;
203
+ trace?: never;
204
+ };
205
+ "/v1/auth/sessions/admin": {
206
+ parameters: {
207
+ query?: never;
208
+ header?: never;
209
+ path?: never;
210
+ cookie?: never;
211
+ };
212
+ /**
213
+ * Get All Admin Sessions
214
+ * @description View all active sessions across the system (Admin Only).
215
+ *
216
+ * **For**: System administrators
217
+ * **Purpose**: System-wide session monitoring, analytics dashboards
218
+ *
219
+ * **Query Parameters**:
220
+ * - page (int, default: 1): Page number
221
+ * - limit (int, default: 50, max: 100): Items per page
222
+ * - user_id (int, optional): Filter by specific user
223
+ * - device (string, optional): Filter by device/browser/OS
224
+ * - ip (string, optional): Filter by IP address
225
+ *
226
+ * **Example Response**:
227
+ * ```json
228
+ * {
229
+ * "sessions": [...],
230
+ * "total_sessions": 1523,
231
+ * "pagination": {
232
+ * "page": 1,
233
+ * "limit": 50,
234
+ * "total_pages": 31
235
+ * }
236
+ * }
237
+ * ```
238
+ *
239
+ * **Authentication**: JWT token with api_access permission
240
+ * **Headers**: Authorization: Bearer <admin_token>
241
+ * **Rate Limit**: 50 requests per minute
242
+ *
243
+ * **Use Cases**:
244
+ * - "How many users are logged in right now?"
245
+ * - "Show all Chrome sessions from New York"
246
+ * - "Find all sessions from this suspicious IP"
247
+ * - "Generate session analytics dashboard"
248
+ */
249
+ get: operations["getAllAdminSessions"];
250
+ put?: never;
251
+ post?: never;
252
+ delete?: never;
253
+ options?: never;
254
+ head?: never;
255
+ patch?: never;
256
+ trace?: never;
257
+ };
258
+ "/v1/users/{user_id}/sessions": {
259
+ parameters: {
260
+ query?: never;
261
+ header?: never;
262
+ path?: never;
263
+ cookie?: never;
264
+ };
265
+ /**
266
+ * Get Admin User Sessions
267
+ * @description View all active sessions of a specific user (Admin Only).
268
+ *
269
+ * **For**: System administrators
270
+ * **Purpose**: Monitor user sessions, investigate suspicious activity
271
+ *
272
+ * **Path Parameters**:
273
+ * - user_id: The user ID to view sessions for
274
+ *
275
+ * **Example Response**: Same format as user endpoint
276
+ *
277
+ * **Authentication**: JWT token with api_access permission
278
+ * **Headers**: Authorization: Bearer <admin_token>
279
+ * **Rate Limit**: 50 requests per minute
280
+ *
281
+ * **Use Cases**:
282
+ * - "Check if John is logged in from 2 locations"
283
+ * - "User reports unauthorized access, view their sessions"
284
+ * - "Monitor active users for security audit"
285
+ */
286
+ get: operations["getAdminUserSessions"];
287
+ put?: never;
288
+ post?: never;
289
+ /**
290
+ * Delete All Admin User Sessions
291
+ * @description Logout user from all devices (Admin Only).
292
+ *
293
+ * **For**: System administrators
294
+ * **Purpose**: Force logout compromised accounts, employee termination
295
+ *
296
+ * **Path Parameters**:
297
+ * - user_id: The user ID to logout everywhere
298
+ *
299
+ * **Example Response**:
300
+ * ```json
301
+ * {
302
+ * "revoked_count": 5,
303
+ * "revoked_at": "2025-01-27T15:30:00Z"
304
+ * }
305
+ * ```
306
+ *
307
+ * **Authentication**: JWT token with api_access permission
308
+ * **Headers**: Authorization: Bearer <admin_token>
309
+ * **Rate Limit**: 10 requests per minute
310
+ *
311
+ * **Use Cases**:
312
+ * - "Account was hacked, lock everything immediately"
313
+ * - "Employee quit, revoke all access now"
314
+ * - "Security incident, logout this user from all devices"
315
+ */
316
+ delete: operations["deleteAllAdminUserSessions"];
317
+ options?: never;
318
+ head?: never;
319
+ patch?: never;
320
+ trace?: never;
321
+ };
322
+ "/v1/users/{user_id}/sessions/{session_id}": {
323
+ parameters: {
324
+ query?: never;
325
+ header?: never;
326
+ path?: never;
327
+ cookie?: never;
328
+ };
329
+ get?: never;
330
+ put?: never;
331
+ post?: never;
332
+ /**
333
+ * Delete Admin User Session
334
+ * @description Terminate a specific session of any user (Admin Only).
335
+ *
336
+ * **For**: System administrators
337
+ * **Purpose**: Force logout suspicious sessions, security incident response
338
+ *
339
+ * **Path Parameters**:
340
+ * - user_id: The user ID
341
+ * - session_id: The session ID to terminate
342
+ *
343
+ * **Example Response**:
344
+ * ```json
345
+ * {
346
+ * "session_id": 12340,
347
+ * "device_name": "Safari on macOS",
348
+ * "revoked_at": "2025-01-27T15:30:00Z"
349
+ * }
350
+ * ```
351
+ *
352
+ * **Note**: `session_id` is a temporary integer — will change to sess_xxx once
353
+ * the session table gains an external_id column.
354
+ *
355
+ * **Authentication**: JWT token with api_access permission
356
+ * **Headers**: Authorization: Bearer <admin_token>
357
+ * **Rate Limit**: 20 requests per minute
358
+ *
359
+ * **Use Cases**:
360
+ * - "User reports unauthorized iPhone login, terminate it"
361
+ * - "Suspicious activity from Russia IP, force logout"
362
+ * - "Employee left company, remove their phone session"
363
+ */
364
+ delete: operations["deleteAdminUserSession"];
365
+ options?: never;
366
+ head?: never;
367
+ patch?: never;
368
+ trace?: never;
369
+ };
370
+ "/v1/auth/audit-logs/admin": {
371
+ parameters: {
372
+ query?: never;
373
+ header?: never;
374
+ path?: never;
375
+ cookie?: never;
376
+ };
377
+ /**
378
+ * List Audit Logs
379
+ * @description Paginated auth audit log query.
380
+ *
381
+ * Returns all auth events for an org ordered by created_at DESC.
382
+ * Protected by service token — not callable from end users.
383
+ */
384
+ get: operations["listAuthAuditLogs"];
385
+ put?: never;
386
+ post?: never;
387
+ delete?: never;
388
+ options?: never;
389
+ head?: never;
390
+ patch?: never;
391
+ trace?: never;
392
+ };
393
+ }
394
+ export type webhooks = Record<string, never>;
395
+ export interface components {
396
+ schemas: {
397
+ Extensions: {
398
+ /** @example GENERIC_ERROR */
399
+ message_code?: string;
400
+ /** @example [] */
401
+ invalid_params?: components["schemas"]["InvalidParam"][];
402
+ extra_data?: Record<string, never> | null;
403
+ /** @example Detailed debug information */
404
+ debug?: string | null;
405
+ };
406
+ /** ValidationError */
407
+ ValidationError: {
408
+ /** Location */
409
+ loc: (string | number)[];
410
+ /** Message */
411
+ msg: string;
412
+ /** Error Type */
413
+ type: string;
414
+ };
415
+ /**
416
+ * ServerClientRevokeRequest
417
+ * @description Request schema for revoking a server client.
418
+ * @example {
419
+ * "reason": "Security incident - potential key exposure"
420
+ * }
421
+ */
422
+ ServerClientRevokeRequest: {
423
+ /**
424
+ * Reason
425
+ * @description Reason for revocation (required for audit)
426
+ * @example Security incident - potential key exposure
427
+ * @example Client no longer needed
428
+ */
429
+ reason: string;
430
+ };
431
+ /**
432
+ * @example {
433
+ * "status": "success",
434
+ * "message": "Operation successful",
435
+ * "message_code": "api_suc_20001",
436
+ * "data": {},
437
+ * "metadata": {
438
+ * "timestamp": "2026-03-26T10:00:00.000Z",
439
+ * "requestId": "07e22004-cb60-4dfc-bc9c-b6f99664dca1",
440
+ * "traceId": "a9f1204c-bb82-41de-b234-7c3a9e120000",
441
+ * "version": "v1",
442
+ * "executionTime": 42,
443
+ * "language": "en-US"
444
+ * }
445
+ * }
446
+ */
447
+ StandardResponse: {
448
+ /** @example success */
449
+ status?: string;
450
+ data?: Record<string, never> | null;
451
+ /** @example Operation successful */
452
+ message?: string | null;
453
+ /** @example api_suc_20001 */
454
+ message_code?: string | null;
455
+ metadata?: Record<string, never> | null;
456
+ error?: components["schemas"]["ErrorResponse"];
457
+ };
458
+ InvalidParam: {
459
+ /** @example items[0].quantity */
460
+ field?: string;
461
+ /** @example Input should be greater than or equal to 1 */
462
+ error?: string;
463
+ };
464
+ ErrorResponse: {
465
+ /** @example about:blank */
466
+ type?: string;
467
+ /** @example GENERIC_ERROR */
468
+ code?: string;
469
+ /** @example Client Error */
470
+ title?: string;
471
+ /** @example 400 */
472
+ status?: number;
473
+ /** @example An error occurred */
474
+ detail?: string;
475
+ /** @example /v1/cart/items */
476
+ instance?: string;
477
+ extensions?: components["schemas"]["Extensions"];
478
+ };
479
+ /** HTTPValidationError */
480
+ HTTPValidationError: {
481
+ /** Detail */
482
+ detail?: components["schemas"]["ValidationError"][];
483
+ };
484
+ /**
485
+ * SocialClientRegisterRequest
486
+ * @description Request model for registering OAuth client credentials (admin only).
487
+ *
488
+ * Fields vary by provider — see field descriptions and examples below.
489
+ *
490
+ * Google / LinkedIn / X:
491
+ * client_id, client_secret, redirect_uri, allowed_domains (optional)
492
+ *
493
+ * Facebook:
494
+ * client_id (numeric App ID), client_secret (32-char hex), redirect_uri
495
+ *
496
+ * Apple:
497
+ * client_id (Services ID, e.g. com.example.app),
498
+ * redirect_uri,
499
+ * apple_team_id (10-char alphanumeric),
500
+ * apple_key_id (10-char alphanumeric),
501
+ * apple_private_key (contents of the .p8 private key file)
502
+ */
503
+ SocialClientRegisterRequest: {
504
+ /**
505
+ * Provider
506
+ * @enum {string}
507
+ */
508
+ provider: "google" | "facebook" | "linkedin" | "x" | "apple";
509
+ /**
510
+ * Client Id
511
+ * @description Google/LinkedIn/X: OAuth2 client ID. Facebook: numeric App ID. Apple: Services ID (e.g. com.example.app).
512
+ */
513
+ client_id: string;
514
+ /**
515
+ * Client Secret
516
+ * @description OAuth2 client secret. Not required for Apple (uses private key instead).
517
+ */
518
+ client_secret?: string | null;
519
+ /**
520
+ * Redirect Uri
521
+ * @description Callback URL registered in the provider's developer console.
522
+ */
523
+ redirect_uri: string;
524
+ /**
525
+ * Allowed Domains
526
+ * @description Restrict logins to users with email addresses from these domains. Leave empty to allow all.
527
+ * @example [
528
+ * "yourdomain.com",
529
+ * "subsidiary.yourdomain.com"
530
+ * ]
531
+ */
532
+ allowed_domains?: string[];
533
+ /**
534
+ * Apple Team Id
535
+ * @description Apple Developer Team ID (10 uppercase alphanumeric chars). Required for Apple.
536
+ */
537
+ apple_team_id?: string | null;
538
+ /**
539
+ * Apple Key Id
540
+ * @description Apple private key ID from developer console (10 uppercase alphanumeric chars). Required for Apple.
541
+ */
542
+ apple_key_id?: string | null;
543
+ /**
544
+ * Apple Private Key
545
+ * @description Contents of the Apple .p8 private key file (including BEGIN/END headers). Required for Apple.
546
+ */
547
+ apple_private_key?: string | null;
548
+ };
549
+ /**
550
+ * ServerClientCreateRequest
551
+ * @description Request schema for creating a server client.
552
+ *
553
+ * Example:
554
+ * {
555
+ * "name": "SaaS Backend Production",
556
+ * "description": "Production SaaS application backend",
557
+ * "role_id": 123,
558
+ * "rate_limit_per_minute": 1000,
559
+ * "ip_whitelist": ["54.123.45.67/32", "54.123.45.68/32"]
560
+ * }
561
+ * @example {
562
+ * "description": "Production SaaS application backend",
563
+ * "ip_whitelist": [
564
+ * "54.123.45.67/32"
565
+ * ],
566
+ * "name": "SaaS Backend Production",
567
+ * "rate_limit_per_minute": 1000,
568
+ * "role_id": 123
569
+ * }
570
+ */
571
+ ServerClientCreateRequest: {
572
+ /**
573
+ * Name
574
+ * @description Human-readable name for the server client
575
+ * @example SaaS Backend Production
576
+ * @example Mobile App Backend
577
+ */
578
+ name: string;
579
+ /**
580
+ * Description
581
+ * @description Optional description of client purpose
582
+ * @example Production SaaS application backend for tenant bootstrapping
583
+ */
584
+ description?: string | null;
585
+ /**
586
+ * Role Id
587
+ * @description Role ID from roles_tbl (RBAC). Determines permissions.
588
+ * @example 123
589
+ */
590
+ role_id: number;
591
+ /**
592
+ * Rate Limit Per Minute
593
+ * @description Token generation rate limit (requests per minute)
594
+ * @default 1000
595
+ * @example 1000
596
+ */
597
+ rate_limit_per_minute: number;
598
+ /**
599
+ * Ip Whitelist
600
+ * @description Optional IP whitelist in CIDR format
601
+ * @example [
602
+ * "54.123.45.67/32",
603
+ * "192.168.1.0/24"
604
+ * ]
605
+ */
606
+ ip_whitelist?: string[] | null;
607
+ };
608
+ };
609
+ responses: never;
610
+ parameters: never;
611
+ requestBodies: never;
612
+ headers: never;
613
+ pathItems: never;
614
+ }
615
+ export type $defs = Record<string, never>;
616
+ export interface operations {
617
+ listServerClients: {
618
+ parameters: {
619
+ query?: {
620
+ /** @description Filter by status: active, revoked */
621
+ status?: string | null;
622
+ /** @description Page number (1-based) */
623
+ page?: number;
624
+ /** @description Items per page (1–100, default 50) */
625
+ limit?: number;
626
+ };
627
+ header?: {
628
+ authorization?: string | null;
629
+ };
630
+ path?: never;
631
+ cookie?: never;
632
+ };
633
+ requestBody?: never;
634
+ responses: {
635
+ /** @description Successful Response */
636
+ 200: {
637
+ headers: {
638
+ [name: string]: unknown;
639
+ };
640
+ content: {
641
+ "application/json": {
642
+ [key: string]: unknown;
643
+ };
644
+ };
645
+ };
646
+ /** @description Validation Error */
647
+ 422: {
648
+ headers: {
649
+ [name: string]: unknown;
650
+ };
651
+ content: {
652
+ "application/json": components["schemas"]["HTTPValidationError"];
653
+ };
654
+ };
655
+ };
656
+ };
657
+ createServerClient: {
658
+ parameters: {
659
+ query?: never;
660
+ header?: {
661
+ authorization?: string | null;
662
+ };
663
+ path?: never;
664
+ cookie?: never;
665
+ };
666
+ requestBody: {
667
+ content: {
668
+ "application/json": components["schemas"]["ServerClientCreateRequest"];
669
+ };
670
+ };
671
+ responses: {
672
+ /** @description Successful Response */
673
+ 201: {
674
+ headers: {
675
+ [name: string]: unknown;
676
+ };
677
+ content: {
678
+ "application/json": {
679
+ [key: string]: unknown;
680
+ };
681
+ };
682
+ };
683
+ /** @description Validation Error */
684
+ 422: {
685
+ headers: {
686
+ [name: string]: unknown;
687
+ };
688
+ content: {
689
+ "application/json": components["schemas"]["HTTPValidationError"];
690
+ };
691
+ };
692
+ };
693
+ };
694
+ revokeServerClient: {
695
+ parameters: {
696
+ query?: never;
697
+ header?: {
698
+ authorization?: string | null;
699
+ };
700
+ path: {
701
+ /** @description Server client ID to revoke */
702
+ client_id: string;
703
+ };
704
+ cookie?: never;
705
+ };
706
+ requestBody: {
707
+ content: {
708
+ "application/json": components["schemas"]["ServerClientRevokeRequest"];
709
+ };
710
+ };
711
+ responses: {
712
+ /** @description Successful Response */
713
+ 200: {
714
+ headers: {
715
+ [name: string]: unknown;
716
+ };
717
+ content: {
718
+ "application/json": {
719
+ [key: string]: unknown;
720
+ };
721
+ };
722
+ };
723
+ /** @description Validation Error */
724
+ 422: {
725
+ headers: {
726
+ [name: string]: unknown;
727
+ };
728
+ content: {
729
+ "application/json": components["schemas"]["HTTPValidationError"];
730
+ };
731
+ };
732
+ };
733
+ };
734
+ registerSocialClient: {
735
+ parameters: {
736
+ query?: never;
737
+ header?: {
738
+ authorization?: string | null;
739
+ };
740
+ path?: never;
741
+ cookie?: never;
742
+ };
743
+ requestBody: {
744
+ content: {
745
+ "application/json": components["schemas"]["SocialClientRegisterRequest"];
746
+ };
747
+ };
748
+ responses: {
749
+ /** @description Successful Response */
750
+ 200: {
751
+ headers: {
752
+ [name: string]: unknown;
753
+ };
754
+ content: {
755
+ "application/json": components["schemas"]["StandardResponse"];
756
+ };
757
+ };
758
+ /** @description Validation Error */
759
+ 422: {
760
+ headers: {
761
+ [name: string]: unknown;
762
+ };
763
+ content: {
764
+ "application/json": components["schemas"]["HTTPValidationError"];
765
+ };
766
+ };
767
+ };
768
+ };
769
+ getAllAdminSessions: {
770
+ parameters: {
771
+ query?: {
772
+ /** @description Filter by specific user ID */
773
+ user_id?: number | null;
774
+ /** @description Filter by device/browser/OS name */
775
+ device?: string | null;
776
+ /** @description Filter by IP address */
777
+ ip?: string | null;
778
+ /** @description Page number (1-based) */
779
+ page?: number;
780
+ /** @description Items per page (1–100, default 50) */
781
+ limit?: number;
782
+ };
783
+ header?: {
784
+ authorization?: string | null;
785
+ };
786
+ path?: never;
787
+ cookie?: never;
788
+ };
789
+ requestBody?: never;
790
+ responses: {
791
+ /** @description Successful Response */
792
+ 200: {
793
+ headers: {
794
+ [name: string]: unknown;
795
+ };
796
+ content: {
797
+ "application/json": components["schemas"]["StandardResponse"];
798
+ };
799
+ };
800
+ /** @description Validation Error */
801
+ 422: {
802
+ headers: {
803
+ [name: string]: unknown;
804
+ };
805
+ content: {
806
+ "application/json": components["schemas"]["HTTPValidationError"];
807
+ };
808
+ };
809
+ };
810
+ };
811
+ getAdminUserSessions: {
812
+ parameters: {
813
+ query?: never;
814
+ header?: {
815
+ authorization?: string | null;
816
+ };
817
+ path: {
818
+ user_id: number;
819
+ };
820
+ cookie?: never;
821
+ };
822
+ requestBody?: never;
823
+ responses: {
824
+ /** @description Successful Response */
825
+ 200: {
826
+ headers: {
827
+ [name: string]: unknown;
828
+ };
829
+ content: {
830
+ "application/json": components["schemas"]["StandardResponse"];
831
+ };
832
+ };
833
+ /** @description Validation Error */
834
+ 422: {
835
+ headers: {
836
+ [name: string]: unknown;
837
+ };
838
+ content: {
839
+ "application/json": components["schemas"]["HTTPValidationError"];
840
+ };
841
+ };
842
+ };
843
+ };
844
+ deleteAllAdminUserSessions: {
845
+ parameters: {
846
+ query?: never;
847
+ header?: {
848
+ authorization?: string | null;
849
+ };
850
+ path: {
851
+ user_id: number;
852
+ };
853
+ cookie?: never;
854
+ };
855
+ requestBody?: never;
856
+ responses: {
857
+ /** @description Successful Response */
858
+ 200: {
859
+ headers: {
860
+ [name: string]: unknown;
861
+ };
862
+ content: {
863
+ "application/json": components["schemas"]["StandardResponse"];
864
+ };
865
+ };
866
+ /** @description Validation Error */
867
+ 422: {
868
+ headers: {
869
+ [name: string]: unknown;
870
+ };
871
+ content: {
872
+ "application/json": components["schemas"]["HTTPValidationError"];
873
+ };
874
+ };
875
+ };
876
+ };
877
+ deleteAdminUserSession: {
878
+ parameters: {
879
+ query?: never;
880
+ header?: {
881
+ authorization?: string | null;
882
+ };
883
+ path: {
884
+ user_id: number;
885
+ session_id: number;
886
+ };
887
+ cookie?: never;
888
+ };
889
+ requestBody?: never;
890
+ responses: {
891
+ /** @description Successful Response */
892
+ 200: {
893
+ headers: {
894
+ [name: string]: unknown;
895
+ };
896
+ content: {
897
+ "application/json": components["schemas"]["StandardResponse"];
898
+ };
899
+ };
900
+ /** @description Validation Error */
901
+ 422: {
902
+ headers: {
903
+ [name: string]: unknown;
904
+ };
905
+ content: {
906
+ "application/json": components["schemas"]["HTTPValidationError"];
907
+ };
908
+ };
909
+ };
910
+ };
911
+ listAuthAuditLogs: {
912
+ parameters: {
913
+ query: {
914
+ /** @description Tenant org_id */
915
+ org_id: number;
916
+ /** @description Filter by event_type */
917
+ event_type?: string | null;
918
+ /** @description Filter by user_id */
919
+ user_id?: number | null;
920
+ /** @description ISO date filter start (inclusive) */
921
+ from_date?: string | null;
922
+ /** @description ISO date filter end (inclusive) */
923
+ to_date?: string | null;
924
+ limit?: number;
925
+ offset?: number;
926
+ };
927
+ header?: {
928
+ authorization?: string;
929
+ };
930
+ path?: never;
931
+ cookie?: never;
932
+ };
933
+ requestBody?: never;
934
+ responses: {
935
+ /** @description Successful Response */
936
+ 200: {
937
+ headers: {
938
+ [name: string]: unknown;
939
+ };
940
+ content: {
941
+ "application/json": unknown;
942
+ };
943
+ };
944
+ /** @description Validation Error */
945
+ 422: {
946
+ headers: {
947
+ [name: string]: unknown;
948
+ };
949
+ content: {
950
+ "application/json": components["schemas"]["HTTPValidationError"];
951
+ };
952
+ };
953
+ };
954
+ };
955
+ }
956
+ //# sourceMappingURL=generated.d.ts.map