@ipetsadmin/contracts 1.1.5 → 1.1.6

package/CHANGELOG.md

@@ -19,6 +19,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Security
 
+## [1.1.6] - 2026-04-25
+
+### Added
+
+- **Email verification**:
+  - **`IEmailVerificationTokenRepository`** (with **`EmailVerificationTokenRecord`**: `id`, `userId`, `tokenHash`, `expiresAt`, optional `consumedAt`) — create and consume one-time verify-email tokens.
+  - **`IEmailVerificationConfig`**: `frontendUrl`, `tokenExpiresInSeconds` for link generation and token TTL.
+- **`IAuthService`**: **`verifyEmail(token, options?)`** to complete email verification in the auth service (implemented in `api-main`).
+
+### Changed
+
+- **`IUser`**: add **`role`** (**`UserRole`**), **`isActive`**, and optional **`passwordHash`** (alongside the profile fields from 1.1.4); supports authorization, account state, and persistence round-trips. Auth API responses continue to omit secrets.
+- **`IUserRepository`** file location: **`src/interfaces/repositories/IUserRepository.ts`** (no longer under **`repositories/auth/`**). The package barrel still re-exports the port; update deep imports to the new path if you used `…/repositories/auth/IUserRepository`.
+
+### Fixed
+
+- **Package barrel (`src/index.ts`)**: **`UserRole`** is re-exported with **`export { UserRole } from '@/enums/roles'`** instead of **`export *`**, so the enum is a reliable **named export** in the tsup CJS/ESM and `.d.ts` output (avoids "declared locally, but is not exported" for consumers).
+
 ## [1.1.5] - 2026-04-25
 
 ### Added

package/dist/index.d.mts

@@ -251,6 +251,18 @@ interface IOAuthStateRepository {
     consume(state: string, options?: RepositoryOperationOptions): Promise<OAuthStateRecord | null>;
 }
 
+type EmailVerificationTokenRecord = {
+    id: string;
+    userId: string;
+    tokenHash: string;
+    expiresAt: string;
+    consumedAt?: string;
+};
+interface IEmailVerificationTokenRepository {
+    create(userId: string, tokenHash: string, expiresAt: Date, options?: RepositoryOperationOptions): Promise<EmailVerificationTokenRecord>;
+    consumeByHash(tokenHash: string, options?: RepositoryOperationOptions): Promise<EmailVerificationTokenRecord | null>;
+}
+
 interface IAuthService {
     register(email: string, password: string, options?: RepositoryOperationOptions): Promise<AuthSessionResponse>;
     loginWithUser(user: IUser, options?: RepositoryOperationOptions): Promise<AuthSessionResponse>;
@@ -258,6 +270,7 @@ interface IAuthService {
     completeGoogleOAuth(code: string, state: string, redirectUri: string, options?: RepositoryOperationOptions): Promise<AuthSessionResponse>;
     refreshSession(refreshToken: string, options?: RepositoryOperationOptions): Promise<AuthSessionResponse>;
     logout(refreshToken: string, options?: RepositoryOperationOptions): Promise<void>;
+    verifyEmail(token: string, options?: RepositoryOperationOptions): Promise<void>;
 }
 
 interface IJwtTokensService {
@@ -291,6 +304,11 @@ interface IEmailProviderAdapter {
     send(input: SendEmailInput): Promise<SendEmailResult>;
 }
 
+interface IEmailVerificationConfig {
+    frontendUrl: string;
+    tokenExpiresInSeconds: number;
+}
+
 declare enum Errors {
     NOT_FOUND_ERROR = "NotFoundError",
     BUSINESS_ERROR = "BusinessError",
@@ -341,4 +359,4 @@ declare class UnauthorizedError extends BaseError {
     constructor(message: string, details?: Record<string, unknown>);
 }
 
-export { type Auth0AuthorizationParams, type Auth0UserProfile, AuthMethod, type AuthSessionResponse, type AuthUserResponse, BaseError, BusinessError, type CreateUserInput, type EmailAddress, EmailProvider, Errors, ForbiddenError, type HealthCheck, HealthStatus, type IApiResponse, type IAuth0GoogleOAuthService, type IAuthService, type IConfig, type IEmailConfig, type IEmailProviderAdapter, type IEmailService, type IJwtTokensService, type IOAuthStateRepository, type IPaginatedResponse, type IRefreshTokenRepository, type IServerInit, type IUser, type IUserRepository, type LoginRequest, type LogoutRequest, NotFoundError, type OAuthAccessTokenResult, type OAuthGoogleCallbackRequest, type OAuthGoogleStartQuery, type OAuthGoogleStartResponse, OAuthProvider, type OAuthStateRecord, type RefreshRequest, type RefreshTokenRecord, type RegisterRequest, type RepositoryOperationOptions, type SendEmailInput, type SendEmailResult, ServerError, type TokenPair, UnauthorizedError, UserRole };
+export { type Auth0AuthorizationParams, type Auth0UserProfile, AuthMethod, type AuthSessionResponse, type AuthUserResponse, BaseError, BusinessError, type CreateUserInput, type EmailAddress, EmailProvider, type EmailVerificationTokenRecord, Errors, ForbiddenError, type HealthCheck, HealthStatus, type IApiResponse, type IAuth0GoogleOAuthService, type IAuthService, type IConfig, type IEmailConfig, type IEmailProviderAdapter, type IEmailService, type IEmailVerificationConfig, type IEmailVerificationTokenRepository, type IJwtTokensService, type IOAuthStateRepository, type IPaginatedResponse, type IRefreshTokenRepository, type IServerInit, type IUser, type IUserRepository, type LoginRequest, type LogoutRequest, NotFoundError, type OAuthAccessTokenResult, type OAuthGoogleCallbackRequest, type OAuthGoogleStartQuery, type OAuthGoogleStartResponse, OAuthProvider, type OAuthStateRecord, type RefreshRequest, type RefreshTokenRecord, type RegisterRequest, type RepositoryOperationOptions, type SendEmailInput, type SendEmailResult, ServerError, type TokenPair, UnauthorizedError, UserRole };

package/dist/index.d.ts

@@ -251,6 +251,18 @@ interface IOAuthStateRepository {
     consume(state: string, options?: RepositoryOperationOptions): Promise<OAuthStateRecord | null>;
 }
 
+type EmailVerificationTokenRecord = {
+    id: string;
+    userId: string;
+    tokenHash: string;
+    expiresAt: string;
+    consumedAt?: string;
+};
+interface IEmailVerificationTokenRepository {
+    create(userId: string, tokenHash: string, expiresAt: Date, options?: RepositoryOperationOptions): Promise<EmailVerificationTokenRecord>;
+    consumeByHash(tokenHash: string, options?: RepositoryOperationOptions): Promise<EmailVerificationTokenRecord | null>;
+}
+
 interface IAuthService {
     register(email: string, password: string, options?: RepositoryOperationOptions): Promise<AuthSessionResponse>;
     loginWithUser(user: IUser, options?: RepositoryOperationOptions): Promise<AuthSessionResponse>;
@@ -258,6 +270,7 @@ interface IAuthService {
     completeGoogleOAuth(code: string, state: string, redirectUri: string, options?: RepositoryOperationOptions): Promise<AuthSessionResponse>;
     refreshSession(refreshToken: string, options?: RepositoryOperationOptions): Promise<AuthSessionResponse>;
     logout(refreshToken: string, options?: RepositoryOperationOptions): Promise<void>;
+    verifyEmail(token: string, options?: RepositoryOperationOptions): Promise<void>;
 }
 
 interface IJwtTokensService {
@@ -291,6 +304,11 @@ interface IEmailProviderAdapter {
     send(input: SendEmailInput): Promise<SendEmailResult>;
 }
 
+interface IEmailVerificationConfig {
+    frontendUrl: string;
+    tokenExpiresInSeconds: number;
+}
+
 declare enum Errors {
     NOT_FOUND_ERROR = "NotFoundError",
     BUSINESS_ERROR = "BusinessError",
@@ -341,4 +359,4 @@ declare class UnauthorizedError extends BaseError {
     constructor(message: string, details?: Record<string, unknown>);
 }
 
-export { type Auth0AuthorizationParams, type Auth0UserProfile, AuthMethod, type AuthSessionResponse, type AuthUserResponse, BaseError, BusinessError, type CreateUserInput, type EmailAddress, EmailProvider, Errors, ForbiddenError, type HealthCheck, HealthStatus, type IApiResponse, type IAuth0GoogleOAuthService, type IAuthService, type IConfig, type IEmailConfig, type IEmailProviderAdapter, type IEmailService, type IJwtTokensService, type IOAuthStateRepository, type IPaginatedResponse, type IRefreshTokenRepository, type IServerInit, type IUser, type IUserRepository, type LoginRequest, type LogoutRequest, NotFoundError, type OAuthAccessTokenResult, type OAuthGoogleCallbackRequest, type OAuthGoogleStartQuery, type OAuthGoogleStartResponse, OAuthProvider, type OAuthStateRecord, type RefreshRequest, type RefreshTokenRecord, type RegisterRequest, type RepositoryOperationOptions, type SendEmailInput, type SendEmailResult, ServerError, type TokenPair, UnauthorizedError, UserRole };
+export { type Auth0AuthorizationParams, type Auth0UserProfile, AuthMethod, type AuthSessionResponse, type AuthUserResponse, BaseError, BusinessError, type CreateUserInput, type EmailAddress, EmailProvider, type EmailVerificationTokenRecord, Errors, ForbiddenError, type HealthCheck, HealthStatus, type IApiResponse, type IAuth0GoogleOAuthService, type IAuthService, type IConfig, type IEmailConfig, type IEmailProviderAdapter, type IEmailService, type IEmailVerificationConfig, type IEmailVerificationTokenRepository, type IJwtTokensService, type IOAuthStateRepository, type IPaginatedResponse, type IRefreshTokenRepository, type IServerInit, type IUser, type IUserRepository, type LoginRequest, type LogoutRequest, NotFoundError, type OAuthAccessTokenResult, type OAuthGoogleCallbackRequest, type OAuthGoogleStartQuery, type OAuthGoogleStartResponse, OAuthProvider, type OAuthStateRecord, type RefreshRequest, type RefreshTokenRecord, type RegisterRequest, type RepositoryOperationOptions, type SendEmailInput, type SendEmailResult, ServerError, type TokenPair, UnauthorizedError, UserRole };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ipetsadmin/contracts",
-  "version": "1.1.5",
+  "version": "1.1.6",
   "description": "Shared types, enums, and interfaces for Truffa projects",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",