@cloudbase/auth 2.23.4-alpha.0 → 2.24.0

package/src/sbaseApi.ts

@@ -0,0 +1,1495 @@
+import type { ICloudbaseAuthConfig } from '@cloudbase/types/auth'
+import type { authModels, CloudbaseOAuth, Credentials } from '@cloudbase/oauth'
+import type { ICloudbaseCache } from '@cloudbase/types/cache'
+import {
+  weappJwtDecodeAll,
+  EVENTS,
+  AUTH_STATE_CHANGED_TYPE,
+  AuthError,
+  OAUTH_TYPE,
+  LOGIN_STATE_CHANGED_TYPE,
+} from '@cloudbase/oauth'
+import {
+  CommonRes,
+  DeleteMeReq,
+  GetClaimsRes,
+  GetUserIdentitiesRes,
+  GetUserRes,
+  LinkIdentityReq,
+  LinkIdentityRes,
+  OnAuthStateChangeCallback,
+  ReauthenticateRes,
+  ResendReq,
+  ResendRes,
+  ResetPasswordForEmailRes,
+  ResetPasswordForOldReq,
+  SetSessionReq,
+  SignInAnonymouslyReq,
+  SignInOAuthRes,
+  SignInRes,
+  SignInWithIdTokenReq,
+  SignInWithOAuthReq,
+  SignInWithOtpReq,
+  SignInWithOtpRes,
+  SignInWithPasswordReq,
+  SignUpRes,
+  UnlinkIdentityReq,
+  UpdateUserAttributes,
+  UpdateUserReq,
+  UpdateUserWithVerificationRes,
+  VerifyOAuthReq,
+  VerifyOtpReq,
+} from './type'
+import { eventBus, LoginState, User } from '.'
+import { saveToBrowserSession, getBrowserSession, removeBrowserSession, addUrlSearch } from './utils'
+import { utils } from '@cloudbase/utilities'
+import { adapterForWxMp } from './utilities'
+export const isBrowser = () => typeof window !== 'undefined' && typeof document !== 'undefined'
+
+declare const wx: any
+
+export class SbaseApi {
+  readonly config: ICloudbaseAuthConfig
+  oauthInstance: CloudbaseOAuth
+  readonly cache: ICloudbaseCache
+  private listeners: Map<string, Set<OnAuthStateChangeCallback>> = new Map()
+  private hasListenerSetUp = false
+
+  constructor(config: ICloudbaseAuthConfig & { cache: ICloudbaseCache }) {
+    this.config = config
+    this.oauthInstance = config.oauthInstance
+    this.cache = config.cache
+    this.init()
+  }
+
+  /**
+   * 获取当前登录的用户信息-同步
+   */
+  get currentUser() {
+    const loginState = this.hasLoginState()
+
+    if (loginState) {
+      return loginState.user || null
+    }
+    return null
+  }
+
+  hasLoginState(): LoginState | null {
+    throw new Error('Auth.hasLoginState() is not implemented')
+  }
+
+  async setAccessKey() {
+    throw new Error('Auth.setAccessKey() is not implemented')
+  }
+
+  async signIn(_params: authModels.SignInRequest): Promise<LoginState> {
+    throw new Error('Auth.signIn() is not implemented')
+  }
+
+  async signInWithProvider(_params: authModels.SignInWithProviderRequest): Promise<LoginState> {
+    throw new Error('Auth.signInWithProvider() is not implemented')
+  }
+
+  async genProviderRedirectUri(_params: authModels.GenProviderRedirectUriRequest,): Promise<authModels.GenProviderRedirectUriResponse> {
+    throw new Error('Auth.genProviderRedirectUri() is not implemented')
+  }
+
+  async getAccessToken(): Promise<{
+    accessToken: any
+    env: string
+  }> {
+    throw new Error('Auth.getAccessToken() is not implemented')
+  }
+
+  async getUserInfo(): Promise<(authModels.UserInfo & Partial<User>) | null> {
+    throw new Error('Auth.getUserInfo() is not implemented')
+  }
+
+  async updateUserBasicInfo(_params: authModels.ModifyUserBasicInfoRequest) {
+    throw new Error('Auth.updateUserBasicInfo() is not implemented')
+  }
+
+  setCustomSignFunc(_getTickFn: authModels.GetCustomSignTicketFn): void {
+    throw new Error('Auth.setCustomSignFunc() is not implemented')
+  }
+
+  async grantProviderToken(_params: authModels.GrantProviderTokenRequest,): Promise<authModels.GrantProviderTokenResponse> {
+    throw new Error('Auth.grantProviderToken() is not implemented')
+  }
+
+  async bindWithProvider(_params: authModels.BindWithProviderRequest): Promise<void> {
+    throw new Error('Auth.bindWithProvider() is not implemented')
+  }
+
+  async signInWithUsername(_params: {
+    verificationInfo?: { verification_id: string; is_user: boolean }
+    verificationCode?: string
+    username?: string // 用户名称，长度 5-24 位，支持字符中英文、数字、特殊字符（仅支持_-），不支持中文
+    bindInfo?: any
+    loginType?: string
+    autoSignUp?: boolean
+  }): Promise<LoginState> {
+    throw new Error('Auth.signInWithUsername() is not implemented')
+  }
+
+  async getVerification(
+    _params: authModels.GetVerificationRequest,
+    _options?: { withCaptcha: boolean },
+  ): Promise<authModels.GetVerificationResponse> {
+    throw new Error('Auth.getVerification() is not implemented')
+  }
+
+  async createLoginState(
+    _params?: { version?: string; query?: any },
+    _options?: { asyncRefreshUser?: boolean },
+  ): Promise<LoginState> {
+    throw new Error('Auth.createLoginState() is not implemented')
+  }
+
+  async verify(_params: authModels.VerifyRequest): Promise<authModels.VerifyResponse> {
+    throw new Error('Auth.verify() is not implemented')
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinanonymously
+   * Sign in a user anonymously.
+   * const { data, error } = await auth.signInAnonymously();
+   * @param params
+   * @returns  Promise<SignInRes>
+   */
+  async signInAnonymously(params: SignInAnonymouslyReq): Promise<SignInRes> {
+    try {
+      await this.oauthInstance.authApi.signInAnonymously(params)
+      const loginState = await this.createLoginState()
+
+      const { data: { session } = {} } = await this.getSession()
+
+      // loginState返回是为了兼容v2版本
+      return { ...(loginState as any), data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signup
+   * Sign up a new user with email or phone using a one-time password (OTP). If the account not exist, a new account will be created.
+   * let signUpResolve = null;
+    const res = await app.auth.signUp({
+      phone: "xxxxxx",
+    });
+
+    signUpResolve = res.data.verify
+
+    const res = await signUpResolve(code);
+
+    // res.data.callback支持 messageId 参数用于重新发送验证码进行验证，messageId 可以从 resend() 方法中获取
+    const { data } = await app.auth.resend({
+      type: "signup",
+      phone: "xxxxxx",
+    })
+    const res = await signUpResolve(code, data.messageId);
+   * @param params
+   * @returns Promise<SignUpRes>
+   */
+  async signUp(params: authModels.SignUpRequest): Promise<SignUpRes> {
+    try {
+      // 参数校验：email或phone必填其一
+      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) },)
+
+      return {
+        data: {
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          verifyOtp: async ({ token, messageId = verificationInfo.verification_id }): Promise<SignInRes> => {
+            try {
+              // 第三步：待用户输入完验证码之后，验证短信验证码
+              const verificationTokenRes = await this.verify({
+                verification_id: messageId || verificationInfo.verification_id,
+                verification_code: token,
+              })
+
+              // 第四步：注册并登录或直接登录
+              // 如果用户已经存在，直接登录
+              if (verificationInfo.is_user) {
+                await this.signIn({
+                  username: params.email || this.formatPhone(params.phone),
+                  verification_token: verificationTokenRes.verification_token,
+                })
+              } else {
+                // 如果用户不存在，注册用户
+                const data = JSON.parse(JSON.stringify(params))
+                delete data.email
+                delete data.phone
+
+                await this.oauthInstance.authApi.signUp({
+                  ...data,
+                  ...(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) }),
+                  verification_token: verificationTokenRes.verification_token,
+                  verification_code: token,
+                })
+                await this.createLoginState()
+              }
+
+              const { data: { session } = {} } = await this.getSession()
+
+              return { data: { user: session.user, session }, error: null }
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signout
+   * const result = await auth.signOut();
+   *
+   * @param params
+   */
+  async signOut(params?: authModels.SignoutRequest): Promise<void | authModels.SignoutReponse> {
+    try {
+      const { userInfoKey } = this.cache.keys
+      const res = await this.oauthInstance.authApi.signOut(params)
+      await this.cache.removeStoreAsync(userInfoKey)
+      this.setAccessKey()
+
+      eventBus.fire(EVENTS.LOGIN_STATE_CHANGED, { eventType: LOGIN_STATE_CHANGED_TYPE.SIGN_OUT })
+
+      eventBus.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.SIGNED_OUT })
+
+      // res返回是为了兼容v2版本
+      return { ...res, data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-onauthstatechange
+   * Receive a notification every time an auth event happens. Safe to use without an async function as callback.
+   * const { data } = app.auth.onAuthStateChange((event, session) => {
+      console.log(event, session);
+      if (event === "INITIAL_SESSION") {
+        // handle initial session
+      } else if (event === "SIGNED_IN") {
+        // handle sign in event
+      } else if (event === "SIGNED_OUT") {
+        // handle sign out event
+      } else if (event === "PASSWORD_RECOVERY") {
+        // handle password recovery event
+      } else if (event === "TOKEN_REFRESHED") {
+        // handle token refreshed event
+      } else if (event === "USER_UPDATED") {
+        // handle user updated event
+      }
+    });
+    // call unsubscribe to remove the callback
+    data.subscription.unsubscribe();
+   * @param callback
+   * @returns Promise<{ data: { subscription: Subscription }, error: Error | null }>
+   */
+  onAuthStateChange(callback: OnAuthStateChangeCallback) {
+    if (!this.hasListenerSetUp) {
+      this.setupListeners()
+      this.hasListenerSetUp = true
+    }
+
+    const id = Math.random().toString(36)
+
+    if (!this.listeners.has(id)) {
+      this.listeners.set(id, new Set())
+    }
+
+    this.listeners.get(id)!.add(callback)
+
+    // 返回 Subscription 对象
+    const subscription = {
+      id,
+      callback,
+      unsubscribe: () => {
+        const callbacks = this.listeners.get(id)
+        if (callbacks) {
+          callbacks.delete(callback)
+          if (callbacks.size === 0) {
+            this.listeners.delete(id)
+          }
+        }
+      },
+    }
+
+    return {
+      data: { subscription },
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinwithpassword
+   * Log in an existing user with an email and password or phone and password or username and password.
+   * const { data } = await app.auth.signInWithPassword({
+      username: "xxx",
+      password: "xxx",
+    })
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async signInWithPassword(params: SignInWithPasswordReq): Promise<SignInRes> {
+    try {
+      // 参数校验：username/email/phone三选一，password必填
+      this.validateAtLeastOne(
+        params,
+        [['username'], ['email'], ['phone']],
+        'You must provide either username, email, or phone',
+      )
+      this.validateParams(params, {
+        password: { required: true, message: 'Password is required' },
+      })
+
+      await this.signIn({
+        username: params.username || params.email || this.formatPhone(params.phone),
+        password: params.password,
+      })
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinwithidtoken
+   * 第三方平台登录。如果用户不存在，会根据云开发平台-登录方式中对应身份源的登录模式配置，判断是否自动注册
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async signInWithIdToken(params: SignInWithIdTokenReq): Promise<SignInRes> {
+    try {
+      // 参数校验：token必填
+      this.validateParams(params, {
+        token: { required: true, message: 'Token is required' },
+      })
+
+      await this.signInWithProvider({
+        provider_token: params.token,
+      })
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinwithotp
+   * Log in a user using a one-time password (OTP).
+   * let signResolve = null;
+    const res = await app.auth.signInWithOtp({
+      phone: "xxxxxx",
+    });
+
+    signResolve = res.data.verify
+
+    const res = await signResolve(code);
+
+    // res.data.callback支持 messageId 参数用于重新发送验证码进行验证，messageId 可以从 resend() 方法中获取
+    const { data } = await app.auth.resend({
+      type: "signup",
+      phone: "xxxxxx",
+    })
+    const res = await signUpResolve(code, data.messageId);
+   * @param params
+   * @returns Promise<SignInWithOtpRes>
+   */
+  async signInWithOtp(params: SignInWithOtpReq): Promise<SignInWithOtpRes> {
+    try {
+      // 参数校验：email或phone必填其一
+      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) },)
+
+      return {
+        data: {
+          user: null,
+          session: null,
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          verifyOtp: async ({ token, messageId = verificationInfo.verification_id }): Promise<SignInRes> => this.verifyOtp({
+            email: params.email,
+            phone: params.phone,
+            token,
+            messageId,
+          }),
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 校验第三方平台授权登录回调，需先调用 signInWithOAuth 生成第三方平台授权 Uri，访问该 Uri 后，会跳转到第三方平台授权页面，授权完成后回调回来再调用该方法，不传参数则从 url query 和 sessionStorage 中获取
+   * // 1. 获取第三方平台授权页地址
+    const { data } = app.auth.signInWithOAuth({
+      provider: 'string'
+      options: {
+        redirectTo: 'https://example.com/callback'
+        state: 'string'
+      }
+    })
+
+    // 2. 访问uri （如 location.href = uri）
+
+    // 3. 校验第三方平台授权回调
+    const { data } = await app.auth.verifyOAuth()
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async verifyOAuth(params?: VerifyOAuthReq): Promise<SignInRes | LinkIdentityRes> {
+    const data: any = {}
+    try {
+      // 回调至 provider_redirect_uri 地址（url query中携带 授权code，state等参数），此时检查 state 是否符合预期（如 自己设置的 wx_open)
+      const code = params?.code || utils.getQuery('code')
+      const state = params?.state || utils.getQuery('state')
+
+      // 参数校验：code和state必填
+      if (!code) {
+        return { data: {}, error: new AuthError({ message: 'Code is required' }) }
+      }
+
+      if (!state) {
+        return { data: {}, error: new AuthError({ message: 'State is required' }) }
+      }
+
+      const cacheData = getBrowserSession(state)
+      data.type = cacheData?.type
+
+      const provider = params?.provider || cacheData?.provider || utils.getQuery('provider')
+
+      if (!provider) {
+        return { data, error: new AuthError({ message: 'Provider is required' }) }
+      }
+
+      // state符合预期，则获取该三方平台token
+      const { provider_token: token } = await this.grantProviderToken({
+        provider_id: provider,
+        provider_redirect_uri: location.origin + location.pathname, // 指定三方平台跳回的 url 地址
+        provider_code: code, // 第三方平台跳转回页面时，url param 中携带的 code 参数
+      })
+
+      let res: SignInRes | LinkIdentityRes
+
+      if (cacheData.type === OAUTH_TYPE.BIND_IDENTITY) {
+        res = await this.oauthInstance.authApi.toBindIdentity({ provider_token: token, provider, fireEvent: true })
+      } else {
+        // 通过 provider_token 仅登录或登录并注册（与云开发平台-登录方式-身份源登录模式配置有关）
+        res = await this.signInWithIdToken({
+          token,
+        })
+        res.data = { ...data, ...res.data }
+      }
+
+      const localSearch = new URLSearchParams(location?.search)
+      localSearch.delete('code')
+      localSearch.delete('state')
+      addUrlSearch(
+        cacheData?.search === undefined ? `?${localSearch.toString()}` : cacheData?.search,
+        cacheData?.hash || location.hash,
+      )
+      removeBrowserSession(state)
+
+      return res
+    } catch (error) {
+      return { data, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinwithoauth
+   * 生成第三方平台授权 Uri （如微信二维码扫码授权网页）
+   * @param params
+   * @returns Promise<SignInOAuthRes>
+   */
+  async signInWithOAuth(params: SignInWithOAuthReq): Promise<SignInOAuthRes> {
+    try {
+      // 参数校验：provider必填
+      this.validateParams(params, {
+        provider: { required: true, message: 'Provider is required' },
+      })
+
+      const href = params.options?.redirectTo || location.href
+
+      const urlObject = new URL(href)
+
+      const provider_redirect_uri = urlObject.origin + urlObject.pathname
+
+      const state = params.options?.state || `prd-${params.provider}-${Math.random().toString(36)
+        .slice(2)}`
+
+      const { uri } = await this.genProviderRedirectUri({
+        provider_id: params.provider,
+        provider_redirect_uri,
+        state,
+      })
+
+      // 对 URL 进行解码
+      const decodedUri = decodeURIComponent(uri)
+
+      // 合并额外的查询参数
+      let finalUri = decodedUri
+
+      if (params.options?.queryParams) {
+        const url = new URL(decodedUri)
+        Object.entries(params.options.queryParams).forEach(([key, value]) => {
+          url.searchParams.set(key, value)
+        })
+        finalUri = url.toString()
+      }
+
+      saveToBrowserSession(state, {
+        provider: params.provider,
+        search: urlObject.search,
+        hash: urlObject.hash,
+        type: params.options?.type || OAUTH_TYPE.SIGN_IN,
+      })
+
+      if (isBrowser() && !params.options?.skipBrowserRedirect) {
+        window.location.assign(finalUri)
+      }
+
+      return { data: { url: finalUri, provider: params.provider }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  // https://supabase.com/docs/reference/javascript/auth-signinwithsso
+  async signInWithSSO() {
+    //
+  }
+
+  // https://supabase.com/docs/reference/javascript/auth-signinwithweb3
+  async signInWithWeb3() {
+    //
+  }
+
+  // https://supabase.com/docs/reference/javascript/auth-getclaims
+  async getClaims(): Promise<GetClaimsRes> {
+    try {
+      const { accessToken } = await this.getAccessToken()
+      const parsedToken = weappJwtDecodeAll(accessToken)
+      return { data: parsedToken, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-resetpasswordforemail
+   * 通过 email 或手机号重置密码
+   * const { data } = await app.auth.resetPasswordForEmail("xxx@xx.com");
+   * const { data } = await app.auth.resetPasswordForEmail("13800138000");
+
+     await data.updateUser(code, newPassWord);
+   *
+   * @param emailOrPhone 邮箱或手机号
+   * @returns Promise<ResetPasswordForEmailRes>
+   */
+  async resetPasswordForEmail(
+    emailOrPhone: string,
+    options?: { redirectTo?: string },
+  ): Promise<ResetPasswordForEmailRes> {
+    try {
+      // 参数校验：emailOrPhone必填
+      this.validateParams(
+        { emailOrPhone },
+        {
+          emailOrPhone: { required: true, message: 'Email or phone is required' },
+        },
+      )
+
+      const { redirectTo } = options || {}
+
+      // 判断是邮箱还是手机号
+      const isEmail = emailOrPhone.includes('@')
+      let verificationParams: { email?: string; phone_number?: string }
+
+      if (isEmail) {
+        verificationParams = { email: emailOrPhone }
+      } else {
+        // 正规化手机号
+        const formattedPhone = this.formatPhone(emailOrPhone)
+        verificationParams = { phone_number: formattedPhone }
+      }
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(verificationParams)
+
+      return {
+        data: {
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          updateUser: async (attributes: UpdateUserAttributes): Promise<SignInRes> => {
+            this.validateParams(attributes, {
+              nonce: { required: true, message: 'Nonce is required' },
+              password: { required: true, message: 'Password is required' },
+            })
+            try {
+              // 第三步：待用户输入完验证码之后，验证验证码
+              const verificationTokenRes = await this.verify({
+                verification_id: verificationInfo.verification_id,
+                verification_code: attributes.nonce,
+              })
+
+              await this.oauthInstance.authApi.resetPassword({
+                email: isEmail ? emailOrPhone : undefined,
+                phone: !isEmail ? emailOrPhone : undefined,
+                new_password: attributes.password,
+                verification_token: verificationTokenRes.verification_token,
+              })
+
+              eventBus.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.PASSWORD_RECOVERY })
+
+              const res = await this.signInWithPassword({
+                email: isEmail ? emailOrPhone : undefined,
+                phone: !isEmail ? emailOrPhone : undefined,
+                password: attributes.password,
+              })
+
+              if (redirectTo && isBrowser()) {
+                window.location.assign(redirectTo)
+              }
+
+              return res
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 通过旧密码重置密码
+   * @param new_password
+   * @param old_password
+   * @returns
+   */
+  async resetPasswordForOld(params: ResetPasswordForOldReq) {
+    try {
+      await this.oauthInstance.authApi.updatePasswordByOld({
+        old_password: params.old_password,
+        new_password: params.new_password,
+      })
+
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-verifyotp
+   * Log in a user given a User supplied OTP and verificationId received through mobile or email.
+   * const verificationInfo = await app.auth.getVerification({
+      phone: "xxxxxx",
+    });
+
+    const data = await app.auth.verifyOtp({
+      type: "sms",
+      phone: "xxxxxx",
+      token: "xxxxxx",
+      verificationInfo,
+    })
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async verifyOtp(params: VerifyOtpReq): Promise<SignInRes> {
+    try {
+      const { type } = params
+      // 参数校验：token和verificationInfo必填
+      this.validateParams(params, {
+        token: { required: true, message: 'Token is required' },
+        messageId: { required: true, message: 'messageId is required' },
+      })
+
+      if (['phone_change', 'email_change'].includes(type)) {
+        await this.verify({
+          verification_id: params.messageId,
+          verification_code: params.token,
+        })
+      } else {
+        await this.signInWithUsername({
+          verificationInfo: { verification_id: params.messageId, is_user: true },
+          verificationCode: params.token,
+          username: params.email || this.formatPhone(params.phone) || '',
+          loginType: params.email ? 'email' : 'phone',
+        })
+      }
+
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-getSession
+   * Returns the session, refreshing it if necessary.
+   * The session returned can be null if the session is not detected which can happen in the event a user is not signed-in or has logged out.
+   * const { data } = await app.auth.getSession()
+   * @returns Promise<SignInRes>
+   */
+  async getSession(): Promise<SignInRes> {
+    try {
+      const credentials: Credentials = await this.oauthInstance.oauth2client.getCredentials()
+
+      if (!credentials || credentials.scope === 'accessKey') {
+        return { data: { session: null }, error: null }
+      }
+
+      const { data: { user } = {} } = await this.getUser()
+
+      return { data: { session: { ...credentials, user } }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-refreshsession
+   * 无论过期状态如何，都返回一个新的会话。接受一个可选的refresh_token。如果未传入当前会话，则refreshSession()将尝试从getSession()中检索它。如果当前会话的刷新令牌无效，则会抛出一个错误。
+   * const { data } = await app.auth.refreshSession()
+   * @param refresh_token
+   * @returns Promise<SignInRes>
+   */
+  async refreshSession(refresh_token?: string): Promise<SignInRes> {
+    try {
+      const credentials: Credentials = await this.oauthInstance.oauth2client.localCredentials.getCredentials()
+      credentials.refresh_token = refresh_token || credentials.refresh_token
+      const newTokens = await this.oauthInstance.oauth2client.refreshToken(credentials)
+      const { data: { user } = {} } = await this.getUser()
+
+      return { data: { user, session: { ...newTokens, user } }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-getuser
+   * 如果存在现有会话，则获取当前用户详细信息。此方法会向服务器发起网络请求，因此返回的值是真实的，可用于制定授权规则。
+   * const { data } = await app.auth.getUser()
+   * @returns Promise<GetUserRes>
+   */
+  async getUser(): Promise<GetUserRes> {
+    try {
+      const user = this.convertToUser(await this.getUserInfo())
+      return { data: { user }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 刷新用户信息
+   * @returns Promise<CommonRes>
+   */
+  async refreshUser(): Promise<CommonRes> {
+    try {
+      await this.currentUser.refresh()
+
+      const { data: { session } = {} } = await this.getSession()
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-updateuser
+   * 更新用户信息
+   * - 不支持更新密码，更新密码请使用 resetPasswordForEmail 或 reauthenticate
+   * - 如果更新 email 或 phone，需要先发送验证码，然后调用返回的 verifyOtp 回调进行验证
+   *
+   * // 更新不需要验证的字段
+   * const { data } = await app.auth.updateUser({
+      username: "xxx",
+      description: "xxx",
+      avatar_url: "xxx",
+      nickname: "xxx",
+      gender: 'MALE'
+    })
+   *
+   * // 更新 email 或 phone（需要验证）
+   * const { data } = await app.auth.updateUser({
+      email: "new@example.com"
+    })
+   * // 调用 verifyOtp 回调验证
+   * await data.verifyOtp({ email: "new@example.com", token: "123456" })
+   *
+   * @param params
+   * @returns Promise<GetUserRes | UpdateUserWithVerificationRes>
+   */
+  async updateUser(params: UpdateUserReq): Promise<GetUserRes | UpdateUserWithVerificationRes> {
+    try {
+      // 参数校验：至少有一个更新字段被提供
+      const hasValue = Object.keys(params).some(key => params[key] !== undefined && params[key] !== null && params[key] !== '',)
+      if (!hasValue) {
+        throw new AuthError({ message: 'At least one field must be provided for update' })
+      }
+
+      const { email, phone, ...restParams } = params
+
+      // 检查是否需要更新 email 或 phone
+      const needsEmailVerification = email !== undefined
+      const needsPhoneVerification = phone !== undefined
+
+      let extraRes = {}
+
+      if (needsEmailVerification || needsPhoneVerification) {
+        // 需要发送验证码
+        let verificationParams: { email?: string; phone_number?: string }
+        let verificationType: 'email_change' | 'phone_change'
+
+        if (needsEmailVerification) {
+          verificationParams = { email: params.email }
+          verificationType = 'email_change'
+        } else {
+          // 正规化手机号
+          const formattedPhone = this.formatPhone(params.phone)
+          verificationParams = { phone_number: formattedPhone }
+          verificationType = 'phone_change'
+        }
+
+        // 发送验证码
+        const verificationInfo = await this.getVerification(verificationParams)
+
+        await this.updateUserBasicInfo(restParams)
+
+        extraRes = {
+          messageId: verificationInfo.verification_id,
+          verifyOtp: async (verifyParams: { email?: string; phone?: string; token: string }): Promise<GetUserRes> => {
+            try {
+              if (verifyParams.email && params.email === verifyParams.email) {
+                // 验证码验证
+                await this.verifyOtp({
+                  type: 'email_change',
+                  email: params.email,
+                  token: verifyParams.token,
+                  messageId: verificationInfo.verification_id,
+                })
+                await this.updateUserBasicInfo({ email: params.email })
+              } else if (verifyParams.phone && params.phone === verifyParams.phone) {
+                // 验证码验证
+                await this.verifyOtp({
+                  type: 'phone_change',
+                  phone: params.phone,
+                  token: verifyParams.token,
+                  messageId: verificationInfo.verification_id,
+                })
+                await this.updateUserBasicInfo({ phone: params.phone })
+              } else {
+                await this.verifyOtp({
+                  type: verificationType,
+                  email: needsEmailVerification ? params.email : undefined,
+                  phone: !needsEmailVerification ? params.phone : undefined,
+                  token: verifyParams.token,
+                  messageId: verificationInfo.verification_id,
+                })
+                // 验证成功后更新用户信息
+                await this.updateUserBasicInfo(params)
+              }
+
+              const {
+                data: { user },
+              } = await this.getUser()
+              eventBus.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.USER_UPDATED })
+
+              return { data: { user }, error: null }
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        }
+      } else {
+        // 不需要验证，直接更新
+        await this.updateUserBasicInfo(params)
+      }
+      const {
+        data: { user },
+      } = await this.getUser()
+      eventBus.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.USER_UPDATED })
+
+      return { data: { user, ...extraRes }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-getuseridentities
+   * 获取所有身份源
+   * const { data } = await app.auth.getUserIdentities()
+   * @returns Promise<GetUserIdentitiesRes>
+   */
+  async getUserIdentities(): Promise<GetUserIdentitiesRes> {
+    try {
+      const providers = await this.oauthInstance.authApi.getProviders()
+
+      return { data: { identities: providers?.data?.filter(v => !!v.bind) }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-linkidentity
+   * 绑定身份源到当前用户，如果已有用户绑定该身份源，会抛出错误
+   * const { data } = await app.auth.linkIdentity({
+      provider: 'string'
+    })
+   * @param params
+   * @returns Promise<LinkIdentityRes>
+   */
+  async linkIdentity(params: LinkIdentityReq): Promise<LinkIdentityRes> {
+    try {
+      // 参数校验：provider必填
+      this.validateParams(params, {
+        provider: { required: true, message: 'Provider is required' },
+      })
+
+      await this.signInWithOAuth({
+        provider: params.provider,
+        options: {
+          type: OAUTH_TYPE.BIND_IDENTITY,
+        },
+      })
+
+      return { data: { provider: params.provider }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-unlinkidentity
+   * 解绑身份源
+   * const { data } = await app.auth.unlinkIdentity({
+      provider: "xxx"
+    })
+   * @param params
+   * @returns Promise<CommonRes>
+   */
+  async unlinkIdentity(params: UnlinkIdentityReq): Promise<CommonRes> {
+    try {
+      // 参数校验：provider必填
+      this.validateParams(params, {
+        provider: { required: true, message: 'Provider is required' },
+      })
+
+      await this.oauthInstance.authApi.unbindProvider({ provider_id: params.provider })
+
+      return { data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-reauthentication
+   * 重新认证。通过发送验证码来重新认证用户身份，支持更新密码
+   * const { data } = await app.auth.reauthenticate()
+
+     await data.updateUser(code, newPassWord)
+   *
+   * @returns Promise<ReauthenticateRes>
+   */
+  async reauthenticate(): Promise<ReauthenticateRes> {
+    try {
+      const {
+        data: { user },
+      } = await this.getUser()
+
+      this.validateAtLeastOne(user, [['email', 'phone']], 'You must provide either an email or phone number')
+      const userInfo = user.email ? { email: user.email } : { phone_number: this.formatPhone(user.phone) }
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(userInfo)
+
+      return {
+        data: {
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          updateUser: async (attributes: UpdateUserAttributes): Promise<SignInRes> => {
+            this.validateParams(attributes, {
+              nonce: { required: true, message: 'Nonce is required' },
+            })
+            try {
+              if (attributes.password) {
+                // 第三步：待用户输入完验证码之后，验证验证码
+                const verificationTokenRes = await this.verify({
+                  verification_id: verificationInfo.verification_id,
+                  verification_code: attributes.nonce,
+                })
+
+                // 第四步：获取 sudo_token
+                const sudoRes = await this.oauthInstance.authApi.sudo({
+                  verification_token: verificationTokenRes.verification_token,
+                })
+
+                await this.oauthInstance.authApi.setPassword({
+                  new_password: attributes.password,
+                  sudo_token: sudoRes.sudo_token,
+                })
+              } else {
+                await this.signInWithUsername({
+                  verificationInfo,
+                  verificationCode: attributes.nonce,
+                  ...userInfo,
+                  loginType: userInfo.email ? 'email' : 'phone',
+                })
+              }
+
+              const { data: { session } = {} } = await this.getSession()
+
+              return { data: { user: session.user, session }, error: null }
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-resend
+   * 重新发送验证码
+   * - 向用户重新发送邮箱、手机号注册或登录的验证码。
+   * - 可以通过再次调用 signInWithOtp() 方法来重新发送验证码登录。
+   * - 可以通过再次调用 signUp() 方法来重新发送验证码注册。
+   * - 此方法仅在调用 signInWithOtp() 或 signUp() 后，重新发送验证码，收到验证码后再继续调用 signInWithOtp() 或 signUp() 的callback参数，将messageId传入callback。
+   * const result = await app.auth.signInWithOtp({ phone: "xxx" });
+
+    let signResolve = result.data.verify
+
+    const { data } = await app.auth.resend({
+      type: "signup",
+      phone: "xxx",
+    })
+
+    const res = await signResolve(code, data.messageId);
+   * @param params
+   * @returns Promise<ResendRes>
+   */
+  async resend(params: ResendReq): Promise<ResendRes> {
+    try {
+      // 参数校验：email或phone必填其一
+      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
+
+      const target = params.type === 'signup' ? 'ANY' : 'USER'
+      const data: { email?: string; phone_number?: string; target: 'USER' | 'ANY' } = { target }
+      if ('email' in params) {
+        data.email = params.email
+      }
+
+      if ('phone' in params) {
+        data.phone_number = this.formatPhone(params.phone)
+      }
+
+      // 重新发送验证码
+      const { verification_id: verificationId } = await this.oauthInstance.authApi.getVerification(data)
+
+      return {
+        data: { messageId: verificationId },
+        error: null,
+      }
+    } catch (error: any) {
+      return {
+        data: {},
+        error: new AuthError(error),
+      }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-setsession
+   * 使用access_token和refresh_token来设置会话
+   * 如果成功，则会触发一个SIGNED_IN事件
+   * const { data, error } = await app.auth.setSession({
+      access_token,
+      refresh_token
+    })
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async setSession(params: SetSessionReq): Promise<SignInRes> {
+    try {
+      this.validateParams(params, {
+        access_token: { required: true, message: 'Access token is required' },
+        refresh_token: { required: true, message: 'Refresh token is required' },
+      })
+
+      await this.oauthInstance.oauth2client.refreshToken(params, { throwOnError: true })
+
+      const { data: { session } = {} } = await this.getSession()
+
+      eventBus.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.SIGNED_IN })
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  // https://supabase.com/docs/reference/javascript/auth-exchangecodeforsession
+  async exchangeCodeForSession() {
+    //
+  }
+
+  /**
+   * 删除当前用户
+   * @param params
+   * @returns
+   */
+  async deleteUser(params: DeleteMeReq): Promise<CommonRes> {
+    try {
+      this.validateParams(params, {
+        password: { required: true, message: 'Password is required' },
+      })
+
+      const { sudo_token } = await this.oauthInstance.authApi.sudo(params)
+
+      await this.oauthInstance.authApi.deleteMe({ sudo_token })
+
+      return { data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 跳转系统默认登录页
+   * @returns {Promise<authModels.ToDefaultLoginPage>}
+   * @memberof Auth
+   */
+  async toDefaultLoginPage(params: authModels.ToDefaultLoginPage = {}): Promise<CommonRes> {
+    try {
+      const configVersion = params.config_version || 'env'
+      const query = Object.keys(params.query || {})
+        .map(key => `${key}=${params.query[key]}`)
+        .join('&')
+
+      if (adapterForWxMp.isMatch()) {
+        wx.navigateTo({ url: `/packages/$wd_system/pages/login/index${query ? `?${query}` : ''}` })
+      } else {
+        const redirectUri = params.redirect_uri || window.location.href
+        const urlObj = new URL(redirectUri)
+        const loginPage = `${urlObj.origin}/__auth/?app_id=${params.app_id || ''}&env_id=${this.config.env}&client_id=${
+          this.config.clientId || this.config.env
+        }&config_version=${configVersion}&redirect_uri=${encodeURIComponent(redirectUri)}${query ? `&${query}` : ''}`
+        window.location.href = loginPage
+      }
+      return { data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 自定义登录
+   * @param getTickFn () => Promise<string>, 获取自定义登录 ticket 的函数
+   * @returns
+   */
+  async signInWithCustomTicket(getTickFn?: authModels.GetCustomSignTicketFn): Promise<SignInRes> {
+    if (getTickFn) {
+      this.setCustomSignFunc(getTickFn)
+    }
+
+    try {
+      await this.oauthInstance.authApi.signInWithCustomTicket()
+      const loginState = await this.createLoginState()
+
+      const { data: { session } = {} } = await this.getSession()
+
+      // loginState返回是为了兼容v2版本
+      return { ...(loginState as any), data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 小程序openId静默登录
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async signInWithOpenId({ useWxCloud = true } = {}): Promise<SignInRes> {
+    if (!adapterForWxMp.isMatch()) {
+      throw Error('wx api undefined')
+    }
+    const wxInfo = wx.getAccountInfoSync().miniProgram
+
+    const mainFunc = async (code) => {
+      let result: authModels.GrantProviderTokenResponse | undefined = undefined
+      let credentials: Credentials | undefined = undefined
+
+      try {
+        result = await this.oauthInstance.authApi.grantProviderToken(
+          {
+            provider_id: wxInfo?.appId,
+            provider_code: code,
+            provider_params: {
+              provider_code_type: 'open_id',
+              appid: wxInfo?.appId,
+            },
+          },
+          useWxCloud,
+        )
+
+        if ((result as any)?.error_code || !result.provider_token) {
+          throw result
+        }
+
+        credentials = await this.oauthInstance.authApi.signInWithProvider(
+          { provider_token: result.provider_token },
+          useWxCloud,
+        )
+
+        if ((credentials as any)?.error_code) {
+          throw credentials
+        }
+      } catch (error) {
+        throw error
+      }
+      await this.oauthInstance.oauth2client.setCredentials(credentials as Credentials)
+    }
+
+    try {
+      await new Promise((resolve, reject) => {
+        wx.login({
+          success: async (res: { code: string }) => {
+            try {
+              await mainFunc(res.code)
+              resolve(true)
+            } catch (error) {
+              reject(error)
+            }
+          },
+          fail: (res: any) => {
+            const error = new Error(res?.errMsg)
+            ;(error as any).code = res?.errno
+            reject(error)
+          },
+        })
+      })
+
+      const loginState = await this.createLoginState()
+
+      const { data: { session } = {} } = await this.getSession()
+
+      // loginState返回是为了兼容v2版本
+      return { ...(loginState as any), data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 小程序手机号授权登录，目前只支持全托管手机号授权登录
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async signInWithPhoneAuth({ phoneCode = '' }): Promise<SignInRes> {
+    if (!adapterForWxMp.isMatch()) {
+      return { data: {}, error: new AuthError({ message: 'wx api undefined' }) }
+    }
+    const wxInfo = wx.getAccountInfoSync().miniProgram
+    const providerInfo = {
+      provider_params: { provider_code_type: 'phone' },
+      provider_id: wxInfo.appId,
+    }
+
+    const { code } = await wx.login()
+    ;(providerInfo as any).provider_code = code
+
+    try {
+      let providerToken = await this.oauthInstance.authApi.grantProviderToken(providerInfo)
+      if (providerToken.error_code) {
+        throw providerToken
+      }
+
+      providerToken = await this.oauthInstance.authApi.patchProviderToken({
+        provider_token: providerToken.provider_token,
+        provider_id: wxInfo.appId,
+        provider_params: {
+          code: phoneCode,
+          provider_code_type: 'phone',
+        },
+      })
+      if (providerToken.error_code) {
+        throw providerToken
+      }
+
+      const signInRes = await this.oauthInstance.authApi.signInWithProvider({
+        provider_token: providerToken.provider_token,
+      })
+
+      if ((signInRes as any)?.error_code) {
+        throw signInRes
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+
+    const loginState = await this.createLoginState()
+
+    const { data: { session } = {} } = await this.getSession()
+
+    // loginState返回是为了兼容v2版本
+    return { ...(loginState as any), data: { user: session.user, session }, error: null }
+  }
+
+  private formatPhone(phone: string) {
+    if (!/\s+/.test(phone) && /^\+\d{1,3}\d+/.test(phone)) {
+      return phone.replace(/^(\+\d{1,2})(\d+)$/, '$1 $2')
+    }
+    return /^\+\d{1,3}\s+/.test(phone) ? phone : `+86 ${phone}`
+  }
+
+  private notifyListeners(event, session, info): OnAuthStateChangeCallback {
+    this.listeners.forEach((callbacks) => {
+      callbacks.forEach((callback) => {
+        try {
+          callback(event, session, info)
+        } catch (error) {
+          console.error('Error in auth state change callback:', error)
+        }
+      })
+    })
+    return
+  }
+
+  private async init(): Promise<{ error: Error | null }> {
+    try {
+      const credentials: Credentials = await this.oauthInstance.oauth2client.localCredentials.getCredentials()
+      if (credentials) {
+        eventBus.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.INITIAL_SESSION })
+      }
+    } catch (error) {
+      // Ignore errors when checking for existing credentials
+    }
+
+    return { error: null }
+  }
+
+  private setupListeners() {
+    eventBus.on(EVENTS.AUTH_STATE_CHANGED, async (params) => {
+      const event = params?.data?.event
+      const info = params?.data?.info
+      const {
+        data: { session },
+      } = await this.getSession()
+
+      this.notifyListeners(event, session, info)
+    })
+  }
+
+  private convertToUser(userInfo: authModels.UserInfo & Partial<User>) {
+    if (!userInfo) return null
+
+    // 优先使用 userInfo 中的数据（V3 API）
+    const email = userInfo?.email || userInfo?.username
+    const phone = userInfo?.phone_number
+    const userId = userInfo?.sub || userInfo?.uid || ''
+
+    return {
+      id: userId,
+      aud: 'authenticated',
+      role: userInfo.groups,
+      email: email || '',
+      email_confirmed_at: userInfo?.email_verified ? userInfo.created_at : userInfo.created_at,
+      phone,
+      phone_confirmed_at: phone ? userInfo.created_at : undefined,
+      confirmed_at: userInfo.created_at,
+      last_sign_in_at: userInfo.last_sign_in_at,
+      app_metadata: {
+        provider: userInfo.loginType?.toLowerCase() || 'cloudbase',
+        providers: [userInfo.loginType?.toLowerCase() || 'cloudbase'],
+      },
+      user_metadata: {
+        // V3 API 用户信息
+        name: userInfo?.name,
+        picture: userInfo?.picture,
+        username: userInfo?.username, // 用户名称，长度 5-24 位，支持字符中英文、数字、特殊字符（仅支持_-），不支持中文
+        gender: userInfo?.gender,
+        locale: userInfo?.locale,
+        // V2 API 兼容（使用 any 避免类型错误）
+        uid: userInfo.uid,
+        nickName: userInfo.nickName,
+        avatarUrl: userInfo.avatarUrl,
+        location: userInfo.location,
+        hasPassword: userInfo.hasPassword,
+      },
+      identities:
+        userInfo?.providers?.map(p => ({
+          id: p.id || '',
+          identity_id: p.id || '',
+          user_id: userId,
+          identity_data: {
+            provider_id: p.id,
+            provider_user_id: p.provider_user_id,
+            name: p.name,
+          },
+          provider: p.id || 'cloudbase',
+          created_at: userInfo.created_at,
+          updated_at: userInfo.updated_at,
+          last_sign_in_at: userInfo.last_sign_in_at,
+        })) || [],
+      created_at: userInfo.created_at,
+      updated_at: userInfo.updated_at,
+      is_anonymous: userInfo.name === 'anonymous',
+    }
+  }
+
+  /**
+   * 参数校验辅助方法
+   */
+  private validateParams(params: any, rules: { [key: string]: { required?: boolean; message: string } }): void {
+    for (const [key, rule] of Object.entries(rules)) {
+      if (rule.required && (params?.[key] === undefined || params?.[key] === null || params?.[key] === '')) {
+        throw new AuthError({ message: rule.message })
+      }
+    }
+  }
+
+  /**
+   * 校验必填参数组（至少有一个参数必须有值）
+   */
+  private validateAtLeastOne(params: any, fieldGroups: string[][], message: string): void {
+    const hasValue = fieldGroups.some(group => group.some(field => params?.[field] !== undefined && params?.[field] !== null && params?.[field] !== ''),)
+
+    if (!hasValue) {
+      throw new AuthError({ message })
+    }
+  }
+}