@jmlq/auth 0.0.1-alpha.32 → 0.0.1-alpha.34

package/dist/domain/errors/auth-error-code.d.ts

@@ -9,4 +9,8 @@
  * - Mantén este catálogo pequeño y estable.
  * - Si agregas un error nuevo, agrega aquí su código.
  */
-export type AuthErrorCode = "TOKEN_INVALID" | "TOKEN_EXPIRED" | "TOKEN_MALFORMED" | "SIGNATURE_INVALID" | "AUTHENTICATION_FAILED" | "JWT_ERROR" | "KEY_MISMATCH" | "KEY_NOT_FOUND" | "KEY_MISMATCH" | "CLAIMS_VALIDATION_ERROR" | "JWT_PAYLOAD_INVALID" | "TOKEN_NOT_YET_VALID" | "JWT_EMPTY" | "JWT_MALFORMED" | "ALGORITHM_UNSUPPORTED" | "KEY_MISMATCH" | "KEY_NOT_FOUND" | "INVALID_EMAIL" | "INVALID_HASHED_PASSWORD" | "PASSWORD_POLICY_VIOLATION" | "PASSWORD_MISMATCH" | "USER_NOT_FOUND" | "USER_DISABLED" | "EMAIL_ALREADY_IN_USE" | "INVALID_PERMISSION" | "INVALID_ROLE" | "INVALID_ID" | "LOGOUT_FAILED" | "EMAIL_NOT_VERIFIED" | "PASSWORD_RESET_TOKEN_INVALID" | "PASSWORD_RESET_TOKEN_EXPIRED" | "PASSWORD_RESET_TOKEN_ALREADY_USED";
+/**
+ * ÚNICA fuente de verdad de los códigos.
+ */
+export declare const AUTH_ERROR_CODES: readonly ["TOKEN_INVALID", "TOKEN_EXPIRED", "TOKEN_MALFORMED", "SIGNATURE_INVALID", "AUTHENTICATION_FAILED", "JWT_ERROR", "KEY_MISMATCH", "KEY_NOT_FOUND", "KEY_MISMATCH", "CLAIMS_VALIDATION_ERROR", "JWT_PAYLOAD_INVALID", "TOKEN_NOT_YET_VALID", "JWT_EMPTY", "JWT_MALFORMED", "ALGORITHM_UNSUPPORTED", "KEY_MISMATCH", "KEY_NOT_FOUND", "INVALID_EMAIL", "INVALID_HASHED_PASSWORD", "PASSWORD_POLICY_VIOLATION", "PASSWORD_MISMATCH", "USER_NOT_FOUND", "USER_DISABLED", "EMAIL_ALREADY_IN_USE", "INVALID_PERMISSION", "INVALID_ROLE", "INVALID_ID", "LOGOUT_FAILED", "EMAIL_NOT_VERIFIED", "PASSWORD_RESET_TOKEN_INVALID", "PASSWORD_RESET_TOKEN_EXPIRED", "PASSWORD_RESET_TOKEN_ALREADY_USED"];
+export type AuthErrorCode = (typeof AUTH_ERROR_CODES)[number];

package/dist/domain/errors/auth-error-code.js

@@ -1,2 +1,55 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.AUTH_ERROR_CODES = void 0;
+/**
+ * Códigos canónicos de error del dominio de Auth.
+ *
+ * Objetivo:
+ * - Host / plugins NO deben depender de `error.name` o `message`.
+ * - Solo deben mapear por `code`.
+ *
+ * Nota:
+ * - Mantén este catálogo pequeño y estable.
+ * - Si agregas un error nuevo, agrega aquí su código.
+ */
+/**
+ * ÚNICA fuente de verdad de los códigos.
+ */
+exports.AUTH_ERROR_CODES = [
+    // JWT / sesión
+    "TOKEN_INVALID",
+    "TOKEN_EXPIRED",
+    "TOKEN_MALFORMED", // formato invalido (no header.payload.signature),
+    "SIGNATURE_INVALID",
+    "AUTHENTICATION_FAILED", // catch-all de autenticación,
+    "JWT_ERROR",
+    "KEY_MISMATCH",
+    "KEY_NOT_FOUND",
+    "KEY_MISMATCH",
+    "CLAIMS_VALIDATION_ERROR",
+    "JWT_PAYLOAD_INVALID",
+    "TOKEN_NOT_YET_VALID",
+    "JWT_EMPTY",
+    "JWT_MALFORMED",
+    // Refresh Token
+    "ALGORITHM_UNSUPPORTED",
+    "KEY_MISMATCH",
+    "KEY_NOT_FOUND",
+    // Identidad / login
+    "INVALID_EMAIL",
+    "INVALID_HASHED_PASSWORD",
+    "PASSWORD_POLICY_VIOLATION",
+    "PASSWORD_MISMATCH",
+    "USER_NOT_FOUND",
+    "USER_DISABLED",
+    "EMAIL_ALREADY_IN_USE",
+    "INVALID_PERMISSION",
+    "INVALID_ROLE",
+    "INVALID_ID",
+    "LOGOUT_FAILED",
+    "EMAIL_NOT_VERIFIED",
+    // Password reset
+    "PASSWORD_RESET_TOKEN_INVALID",
+    "PASSWORD_RESET_TOKEN_EXPIRED",
+    "PASSWORD_RESET_TOKEN_ALREADY_USED",
+];

package/dist/domain/errors/auth.errors.d.ts

@@ -3,6 +3,7 @@ export interface ClaimsIssue {
     path: string;
     message: string;
 }
+export declare function isAuthErrorCode(value: unknown): value is AuthErrorCode;
 export declare abstract class AuthDomainError extends Error {
     readonly code: AuthErrorCode;
     readonly details?: unknown;
@@ -10,9 +11,21 @@ export declare abstract class AuthDomainError extends Error {
     toJSON(): {
         name: string;
         message: string;
-        code: AuthErrorCode;
+        code: "TOKEN_INVALID" | "TOKEN_EXPIRED" | "TOKEN_MALFORMED" | "SIGNATURE_INVALID" | "AUTHENTICATION_FAILED" | "JWT_ERROR" | "KEY_MISMATCH" | "KEY_NOT_FOUND" | "CLAIMS_VALIDATION_ERROR" | "JWT_PAYLOAD_INVALID" | "TOKEN_NOT_YET_VALID" | "JWT_EMPTY" | "JWT_MALFORMED" | "ALGORITHM_UNSUPPORTED" | "INVALID_EMAIL" | "INVALID_HASHED_PASSWORD" | "PASSWORD_POLICY_VIOLATION" | "PASSWORD_MISMATCH" | "USER_NOT_FOUND" | "USER_DISABLED" | "EMAIL_ALREADY_IN_USE" | "INVALID_PERMISSION" | "INVALID_ROLE" | "INVALID_ID" | "LOGOUT_FAILED" | "EMAIL_NOT_VERIFIED" | "PASSWORD_RESET_TOKEN_INVALID" | "PASSWORD_RESET_TOKEN_EXPIRED" | "PASSWORD_RESET_TOKEN_ALREADY_USED";
         details: unknown;
     };
+    /**
+     * Guard estable para errores del core.
+     *
+     * - `instanceof` es el camino ideal, pero puede fallar si hay:
+     *   - múltiples copias del paquete en runtime (resolución/hoisting),
+     *   - bundles,
+     *   - errores creados por hosts que replican forma (code/message).
+     *
+     * Regla:
+     * - Si tiene forma mínima { code: string, message: string }, lo tratamos como AuthDomainError.
+     * - El core sigue siendo el “owner” de los códigos y su significado.
+     */
     static isAuthError(e: unknown): e is AuthDomainError;
 }
 /** El token ya no es válido por exp (exp < now) */

package/dist/domain/errors/auth.errors.js

@@ -1,6 +1,17 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.EmailNotVerifiedError = exports.SessionAuthError = exports.AuthenticationError = exports.InvalidSignatureError = exports.InvalidTokenFormatError = exports.TokenExpiredError = exports.AuthDomainError = void 0;
+exports.isAuthErrorCode = isAuthErrorCode;
+const auth_error_code_1 = require("./auth-error-code");
+function asAuthErrorLike(value) {
+    if (value && typeof value === "object")
+        return value;
+    return {};
+}
+const AUTH_ERROR_CODE_SET = new Set(auth_error_code_1.AUTH_ERROR_CODES);
+function isAuthErrorCode(value) {
+    return typeof value === "string" && AUTH_ERROR_CODE_SET.has(value);
+}
 class AuthDomainError extends Error {
     constructor(message, code, details) {
         super(message);
@@ -8,7 +19,8 @@ class AuthDomainError extends Error {
         this.details = details;
         this.name = new.target.name;
         // Compatible con V8; ignora silenciosamente en otros engines
-        if (typeof Error.captureStackTrace === "function") {
+        if (typeof Error
+            .captureStackTrace === "function") {
             Error.captureStackTrace(this, new.target);
         }
     }
@@ -20,8 +32,24 @@ class AuthDomainError extends Error {
             details: this.details,
         };
     }
+    /**
+     * Guard estable para errores del core.
+     *
+     * - `instanceof` es el camino ideal, pero puede fallar si hay:
+     *   - múltiples copias del paquete en runtime (resolución/hoisting),
+     *   - bundles,
+     *   - errores creados por hosts que replican forma (code/message).
+     *
+     * Regla:
+     * - Si tiene forma mínima { code: string, message: string }, lo tratamos como AuthDomainError.
+     * - El core sigue siendo el “owner” de los códigos y su significado.
+     */
     static isAuthError(e) {
-        return e instanceof AuthDomainError;
+        if (e instanceof AuthDomainError)
+            return true;
+        const like = asAuthErrorLike(e);
+        // Exigir que code sea uno de los canónicos del core
+        return isAuthErrorCode(like.code);
     }
 }
 exports.AuthDomainError = AuthDomainError;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@jmlq/auth",
   "description": "JWT authentication package with clean architecture",
-  "version": "0.0.1-alpha.32",
+  "version": "0.0.1-alpha.34",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "scripts": {