@classic-homes/theme-svelte 0.1.0

package/dist/lib/schemas/auth.d.ts

@@ -0,0 +1,410 @@
+/**
+ * Authentication Validation Schemas
+ *
+ * Zod schemas for authentication-related forms and data validation.
+ * These schemas provide consistent validation rules across the application.
+ */
+import { z } from 'zod';
+/**
+ * Email field validation
+ * - Required
+ * - Valid email format
+ */
+export declare const emailSchema: z.ZodString;
+/**
+ * Password field validation
+ * - Minimum 8 characters
+ * - At least one uppercase letter
+ * - At least one lowercase letter
+ * - At least one number
+ */
+export declare const passwordSchema: z.ZodString;
+/**
+ * Simple password (for login - less strict validation)
+ * - Just requires minimum length
+ */
+export declare const loginPasswordSchema: z.ZodString;
+/**
+ * Username field validation
+ * - 3-50 characters
+ * - Alphanumeric, underscores, hyphens
+ */
+export declare const usernameSchema: z.ZodString;
+/**
+ * Full name field validation
+ * - 2-100 characters
+ */
+export declare const fullNameSchema: z.ZodString;
+/**
+ * Phone number field validation
+ * - Optional
+ * - Valid phone format when provided
+ */
+export declare const phoneSchema: z.ZodUnion<[z.ZodOptional<z.ZodString>, z.ZodLiteral<"">]>;
+/**
+ * MFA/OTP code validation
+ * - 6 digits
+ */
+export declare const mfaCodeSchema: z.ZodString;
+/**
+ * TOTP secret validation
+ * - Base32 encoded string
+ */
+export declare const totpSecretSchema: z.ZodString;
+/**
+ * Login form schema
+ */
+export declare const loginSchema: z.ZodObject<{
+    email: z.ZodString;
+    password: z.ZodString;
+    rememberMe: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+    password: string;
+    rememberMe: boolean;
+}, {
+    email: string;
+    password: string;
+    rememberMe?: boolean | undefined;
+}>;
+export type LoginFormData = z.infer<typeof loginSchema>;
+/**
+ * Registration form schema
+ */
+export declare const registerSchema: z.ZodEffects<z.ZodObject<{
+    email: z.ZodString;
+    username: z.ZodOptional<z.ZodString>;
+    fullName: z.ZodString;
+    password: z.ZodString;
+    confirmPassword: z.ZodString;
+    acceptTerms: z.ZodLiteral<true>;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+    password: string;
+    fullName: string;
+    confirmPassword: string;
+    acceptTerms: true;
+    username?: string | undefined;
+}, {
+    email: string;
+    password: string;
+    fullName: string;
+    confirmPassword: string;
+    acceptTerms: true;
+    username?: string | undefined;
+}>, {
+    email: string;
+    password: string;
+    fullName: string;
+    confirmPassword: string;
+    acceptTerms: true;
+    username?: string | undefined;
+}, {
+    email: string;
+    password: string;
+    fullName: string;
+    confirmPassword: string;
+    acceptTerms: true;
+    username?: string | undefined;
+}>;
+export type RegisterFormData = z.infer<typeof registerSchema>;
+/**
+ * Forgot password form schema
+ */
+export declare const forgotPasswordSchema: z.ZodObject<{
+    email: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+}, {
+    email: string;
+}>;
+export type ForgotPasswordFormData = z.infer<typeof forgotPasswordSchema>;
+/**
+ * Reset password form schema
+ */
+export declare const resetPasswordSchema: z.ZodEffects<z.ZodObject<{
+    password: z.ZodString;
+    confirmPassword: z.ZodString;
+    token: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    password: string;
+    confirmPassword: string;
+    token?: string | undefined;
+}, {
+    password: string;
+    confirmPassword: string;
+    token?: string | undefined;
+}>, {
+    password: string;
+    confirmPassword: string;
+    token?: string | undefined;
+}, {
+    password: string;
+    confirmPassword: string;
+    token?: string | undefined;
+}>;
+export type ResetPasswordFormData = z.infer<typeof resetPasswordSchema>;
+/**
+ * Change password form schema
+ */
+export declare const changePasswordSchema: z.ZodEffects<z.ZodEffects<z.ZodObject<{
+    currentPassword: z.ZodString;
+    newPassword: z.ZodString;
+    confirmPassword: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    confirmPassword: string;
+    currentPassword: string;
+    newPassword: string;
+}, {
+    confirmPassword: string;
+    currentPassword: string;
+    newPassword: string;
+}>, {
+    confirmPassword: string;
+    currentPassword: string;
+    newPassword: string;
+}, {
+    confirmPassword: string;
+    currentPassword: string;
+    newPassword: string;
+}>, {
+    confirmPassword: string;
+    currentPassword: string;
+    newPassword: string;
+}, {
+    confirmPassword: string;
+    currentPassword: string;
+    newPassword: string;
+}>;
+export type ChangePasswordFormData = z.infer<typeof changePasswordSchema>;
+/**
+ * MFA verification form schema
+ */
+export declare const mfaVerifySchema: z.ZodObject<{
+    code: z.ZodString;
+    trustDevice: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+}, "strip", z.ZodTypeAny, {
+    code: string;
+    trustDevice: boolean;
+}, {
+    code: string;
+    trustDevice?: boolean | undefined;
+}>;
+export type MfaVerifyFormData = z.infer<typeof mfaVerifySchema>;
+/**
+ * MFA setup form schema
+ */
+export declare const mfaSetupSchema: z.ZodObject<{
+    code: z.ZodString;
+    secret: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    code: string;
+    secret: string;
+}, {
+    code: string;
+    secret: string;
+}>;
+export type MfaSetupFormData = z.infer<typeof mfaSetupSchema>;
+/**
+ * Profile update form schema
+ */
+export declare const profileUpdateSchema: z.ZodObject<{
+    fullName: z.ZodString;
+    email: z.ZodString;
+    phone: z.ZodUnion<[z.ZodOptional<z.ZodString>, z.ZodLiteral<"">]>;
+    bio: z.ZodOptional<z.ZodString>;
+    avatarUrl: z.ZodUnion<[z.ZodOptional<z.ZodString>, z.ZodLiteral<"">]>;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+    fullName: string;
+    phone?: string | undefined;
+    bio?: string | undefined;
+    avatarUrl?: string | undefined;
+}, {
+    email: string;
+    fullName: string;
+    phone?: string | undefined;
+    bio?: string | undefined;
+    avatarUrl?: string | undefined;
+}>;
+export type ProfileUpdateFormData = z.infer<typeof profileUpdateSchema>;
+/**
+ * Email change form schema (requires password confirmation)
+ */
+export declare const emailChangeSchema: z.ZodObject<{
+    newEmail: z.ZodString;
+    password: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    password: string;
+    newEmail: string;
+}, {
+    password: string;
+    newEmail: string;
+}>;
+export type EmailChangeFormData = z.infer<typeof emailChangeSchema>;
+/**
+ * User schema
+ */
+export declare const userSchema: z.ZodObject<{
+    id: z.ZodString;
+    email: z.ZodString;
+    username: z.ZodOptional<z.ZodString>;
+    fullName: z.ZodOptional<z.ZodString>;
+    avatarUrl: z.ZodNullable<z.ZodOptional<z.ZodString>>;
+    roles: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    permissions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    mfaEnabled: z.ZodOptional<z.ZodBoolean>;
+    emailVerified: z.ZodOptional<z.ZodBoolean>;
+    createdAt: z.ZodOptional<z.ZodString>;
+    updatedAt: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    id: string;
+    email: string;
+    username?: string | undefined;
+    fullName?: string | undefined;
+    avatarUrl?: string | null | undefined;
+    roles?: string[] | undefined;
+    permissions?: string[] | undefined;
+    mfaEnabled?: boolean | undefined;
+    emailVerified?: boolean | undefined;
+    createdAt?: string | undefined;
+    updatedAt?: string | undefined;
+}, {
+    id: string;
+    email: string;
+    username?: string | undefined;
+    fullName?: string | undefined;
+    avatarUrl?: string | null | undefined;
+    roles?: string[] | undefined;
+    permissions?: string[] | undefined;
+    mfaEnabled?: boolean | undefined;
+    emailVerified?: boolean | undefined;
+    createdAt?: string | undefined;
+    updatedAt?: string | undefined;
+}>;
+export type User = z.infer<typeof userSchema>;
+/**
+ * Auth tokens schema
+ */
+export declare const authTokensSchema: z.ZodObject<{
+    accessToken: z.ZodString;
+    refreshToken: z.ZodOptional<z.ZodString>;
+    expiresIn: z.ZodOptional<z.ZodNumber>;
+    tokenType: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    accessToken: string;
+    refreshToken?: string | undefined;
+    expiresIn?: number | undefined;
+    tokenType?: string | undefined;
+}, {
+    accessToken: string;
+    refreshToken?: string | undefined;
+    expiresIn?: number | undefined;
+    tokenType?: string | undefined;
+}>;
+export type AuthTokens = z.infer<typeof authTokensSchema>;
+/**
+ * Login response schema
+ */
+export declare const loginResponseSchema: z.ZodObject<{
+    user: z.ZodOptional<z.ZodObject<{
+        id: z.ZodString;
+        email: z.ZodString;
+        username: z.ZodOptional<z.ZodString>;
+        fullName: z.ZodOptional<z.ZodString>;
+        avatarUrl: z.ZodNullable<z.ZodOptional<z.ZodString>>;
+        roles: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        permissions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        mfaEnabled: z.ZodOptional<z.ZodBoolean>;
+        emailVerified: z.ZodOptional<z.ZodBoolean>;
+        createdAt: z.ZodOptional<z.ZodString>;
+        updatedAt: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        id: string;
+        email: string;
+        username?: string | undefined;
+        fullName?: string | undefined;
+        avatarUrl?: string | null | undefined;
+        roles?: string[] | undefined;
+        permissions?: string[] | undefined;
+        mfaEnabled?: boolean | undefined;
+        emailVerified?: boolean | undefined;
+        createdAt?: string | undefined;
+        updatedAt?: string | undefined;
+    }, {
+        id: string;
+        email: string;
+        username?: string | undefined;
+        fullName?: string | undefined;
+        avatarUrl?: string | null | undefined;
+        roles?: string[] | undefined;
+        permissions?: string[] | undefined;
+        mfaEnabled?: boolean | undefined;
+        emailVerified?: boolean | undefined;
+        createdAt?: string | undefined;
+        updatedAt?: string | undefined;
+    }>>;
+    tokens: z.ZodOptional<z.ZodObject<{
+        accessToken: z.ZodString;
+        refreshToken: z.ZodOptional<z.ZodString>;
+        expiresIn: z.ZodOptional<z.ZodNumber>;
+        tokenType: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        accessToken: string;
+        refreshToken?: string | undefined;
+        expiresIn?: number | undefined;
+        tokenType?: string | undefined;
+    }, {
+        accessToken: string;
+        refreshToken?: string | undefined;
+        expiresIn?: number | undefined;
+        tokenType?: string | undefined;
+    }>>;
+    mfaRequired: z.ZodOptional<z.ZodBoolean>;
+    mfaToken: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    user?: {
+        id: string;
+        email: string;
+        username?: string | undefined;
+        fullName?: string | undefined;
+        avatarUrl?: string | null | undefined;
+        roles?: string[] | undefined;
+        permissions?: string[] | undefined;
+        mfaEnabled?: boolean | undefined;
+        emailVerified?: boolean | undefined;
+        createdAt?: string | undefined;
+        updatedAt?: string | undefined;
+    } | undefined;
+    tokens?: {
+        accessToken: string;
+        refreshToken?: string | undefined;
+        expiresIn?: number | undefined;
+        tokenType?: string | undefined;
+    } | undefined;
+    mfaRequired?: boolean | undefined;
+    mfaToken?: string | undefined;
+}, {
+    user?: {
+        id: string;
+        email: string;
+        username?: string | undefined;
+        fullName?: string | undefined;
+        avatarUrl?: string | null | undefined;
+        roles?: string[] | undefined;
+        permissions?: string[] | undefined;
+        mfaEnabled?: boolean | undefined;
+        emailVerified?: boolean | undefined;
+        createdAt?: string | undefined;
+        updatedAt?: string | undefined;
+    } | undefined;
+    tokens?: {
+        accessToken: string;
+        refreshToken?: string | undefined;
+        expiresIn?: number | undefined;
+        tokenType?: string | undefined;
+    } | undefined;
+    mfaRequired?: boolean | undefined;
+    mfaToken?: string | undefined;
+}>;
+export type LoginResponse = z.infer<typeof loginResponseSchema>;

package/dist/lib/schemas/auth.js

@@ -0,0 +1,216 @@
+/**
+ * Authentication Validation Schemas
+ *
+ * Zod schemas for authentication-related forms and data validation.
+ * These schemas provide consistent validation rules across the application.
+ */
+import { z } from 'zod';
+// ============================================================================
+// Field Schemas (reusable field-level validators)
+// ============================================================================
+/**
+ * Email field validation
+ * - Required
+ * - Valid email format
+ */
+export const emailSchema = z
+    .string({ required_error: 'Email is required' })
+    .min(1, 'Email is required')
+    .email('Please enter a valid email address');
+/**
+ * Password field validation
+ * - Minimum 8 characters
+ * - At least one uppercase letter
+ * - At least one lowercase letter
+ * - At least one number
+ */
+export const passwordSchema = z
+    .string({ required_error: 'Password is required' })
+    .min(8, 'Password must be at least 8 characters')
+    .regex(/[A-Z]/, 'Password must contain at least one uppercase letter')
+    .regex(/[a-z]/, 'Password must contain at least one lowercase letter')
+    .regex(/[0-9]/, 'Password must contain at least one number');
+/**
+ * Simple password (for login - less strict validation)
+ * - Just requires minimum length
+ */
+export const loginPasswordSchema = z
+    .string({ required_error: 'Password is required' })
+    .min(1, 'Password is required');
+/**
+ * Username field validation
+ * - 3-50 characters
+ * - Alphanumeric, underscores, hyphens
+ */
+export const usernameSchema = z
+    .string({ required_error: 'Username is required' })
+    .min(3, 'Username must be at least 3 characters')
+    .max(50, 'Username must be at most 50 characters')
+    .regex(/^[a-zA-Z0-9_-]+$/, 'Username can only contain letters, numbers, underscores, and hyphens');
+/**
+ * Full name field validation
+ * - 2-100 characters
+ */
+export const fullNameSchema = z
+    .string({ required_error: 'Full name is required' })
+    .min(2, 'Full name must be at least 2 characters')
+    .max(100, 'Full name must be at most 100 characters');
+/**
+ * Phone number field validation
+ * - Optional
+ * - Valid phone format when provided
+ */
+export const phoneSchema = z
+    .string()
+    .regex(/^[+]?[(]?[0-9]{1,4}[)]?[-\s./0-9]*$/, 'Please enter a valid phone number')
+    .optional()
+    .or(z.literal(''));
+/**
+ * MFA/OTP code validation
+ * - 6 digits
+ */
+export const mfaCodeSchema = z
+    .string({ required_error: 'Verification code is required' })
+    .length(6, 'Verification code must be 6 digits')
+    .regex(/^[0-9]+$/, 'Verification code must contain only numbers');
+/**
+ * TOTP secret validation
+ * - Base32 encoded string
+ */
+export const totpSecretSchema = z
+    .string({ required_error: 'TOTP secret is required' })
+    .min(16, 'Invalid TOTP secret')
+    .regex(/^[A-Z2-7]+=*$/i, 'Invalid TOTP secret format');
+// ============================================================================
+// Form Schemas (complete form validation)
+// ============================================================================
+/**
+ * Login form schema
+ */
+export const loginSchema = z.object({
+    email: emailSchema,
+    password: loginPasswordSchema,
+    rememberMe: z.boolean().optional().default(false),
+});
+/**
+ * Registration form schema
+ */
+export const registerSchema = z
+    .object({
+    email: emailSchema,
+    username: usernameSchema.optional(),
+    fullName: fullNameSchema,
+    password: passwordSchema,
+    confirmPassword: z.string({ required_error: 'Please confirm your password' }),
+    acceptTerms: z.literal(true, {
+        errorMap: () => ({ message: 'You must accept the terms and conditions' }),
+    }),
+})
+    .refine((data) => data.password === data.confirmPassword, {
+    message: 'Passwords do not match',
+    path: ['confirmPassword'],
+});
+/**
+ * Forgot password form schema
+ */
+export const forgotPasswordSchema = z.object({
+    email: emailSchema,
+});
+/**
+ * Reset password form schema
+ */
+export const resetPasswordSchema = z
+    .object({
+    password: passwordSchema,
+    confirmPassword: z.string({ required_error: 'Please confirm your password' }),
+    token: z.string().optional(),
+})
+    .refine((data) => data.password === data.confirmPassword, {
+    message: 'Passwords do not match',
+    path: ['confirmPassword'],
+});
+/**
+ * Change password form schema
+ */
+export const changePasswordSchema = z
+    .object({
+    currentPassword: loginPasswordSchema,
+    newPassword: passwordSchema,
+    confirmPassword: z.string({ required_error: 'Please confirm your new password' }),
+})
+    .refine((data) => data.newPassword === data.confirmPassword, {
+    message: 'Passwords do not match',
+    path: ['confirmPassword'],
+})
+    .refine((data) => data.currentPassword !== data.newPassword, {
+    message: 'New password must be different from current password',
+    path: ['newPassword'],
+});
+/**
+ * MFA verification form schema
+ */
+export const mfaVerifySchema = z.object({
+    code: mfaCodeSchema,
+    trustDevice: z.boolean().optional().default(false),
+});
+/**
+ * MFA setup form schema
+ */
+export const mfaSetupSchema = z.object({
+    code: mfaCodeSchema,
+    secret: totpSecretSchema,
+});
+/**
+ * Profile update form schema
+ */
+export const profileUpdateSchema = z.object({
+    fullName: fullNameSchema,
+    email: emailSchema,
+    phone: phoneSchema,
+    bio: z.string().max(500, 'Bio must be at most 500 characters').optional(),
+    avatarUrl: z.string().url('Please enter a valid URL').optional().or(z.literal('')),
+});
+/**
+ * Email change form schema (requires password confirmation)
+ */
+export const emailChangeSchema = z.object({
+    newEmail: emailSchema,
+    password: loginPasswordSchema,
+});
+// ============================================================================
+// API Response Schemas (for validating API responses)
+// ============================================================================
+/**
+ * User schema
+ */
+export const userSchema = z.object({
+    id: z.string(),
+    email: z.string().email(),
+    username: z.string().optional(),
+    fullName: z.string().optional(),
+    avatarUrl: z.string().url().optional().nullable(),
+    roles: z.array(z.string()).optional(),
+    permissions: z.array(z.string()).optional(),
+    mfaEnabled: z.boolean().optional(),
+    emailVerified: z.boolean().optional(),
+    createdAt: z.string().datetime().optional(),
+    updatedAt: z.string().datetime().optional(),
+});
+/**
+ * Auth tokens schema
+ */
+export const authTokensSchema = z.object({
+    accessToken: z.string(),
+    refreshToken: z.string().optional(),
+    expiresIn: z.number().optional(),
+    tokenType: z.string().optional(),
+});
+/**
+ * Login response schema
+ */
+export const loginResponseSchema = z.object({
+    user: userSchema.optional(),
+    tokens: authTokensSchema.optional(),
+    mfaRequired: z.boolean().optional(),
+    mfaToken: z.string().optional(),
+});