npm - @jmlq/auth - Versions diffs - 0.0.1-alpha.8 → 0.0.1-beta.1 - Mend

@jmlq/auth 0.0.1-alpha.8 → 0.0.1-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (162) hide show

package/dist/domain/entities/user.entity.js CHANGED Viewed

@@ -16,6 +16,7 @@ class User {
         this._roles = props.roles;
         this._password = props.password;
         this._isActive = props.isActive;
+        this._isEmailVerified = props.isEmailVerified;
         this._createdAt = props.createdAt;
         this._updatedAt = props.updatedAt;
     }
@@ -50,6 +51,12 @@ class User {
     get isActive() {
         return this._isActive;
     }
+    /**
+     * Indica si el correo fue verificado.
+     */
+    get isEmailVerified() {
+        return this._isEmailVerified;
+    }
     /**
      * Obtiene la fecha de creación del usuario
      */
@@ -79,10 +86,28 @@ class User {
     }
     /**
      * Evalúa si el usuario puede iniciar sesión
+     * Política de login:
+     * - activo
+     * - email verificado
      * @returns Verdadero si el usuario puede iniciar sesión, falso en caso contrario
      */
     canLogin() {
-        return this._isActive;
+        return this._isActive && this._isEmailVerified;
+    }
+    verifyEmail() {
+        if (this._isEmailVerified)
+            return;
+        this._isEmailVerified = true;
+        this._updatedAt = new Date();
+    }
+    /**
+     * Cambia la contraseña del usuario.
+     * Responsabilidad: el agregado actualiza su estado de forma consistente.
+     * Reglas de policy/validaciones pertenecen al caso de uso (application).
+     */
+    changePassword(newHashedPassword) {
+        this._password = newHashedPassword;
+        this._updatedAt = new Date();
     }
     /**
      * Factory method to create a new User
@@ -98,6 +123,7 @@ class User {
             roles: roles,
             password: new object_values_1.HashedPassword(hashedPassword),
             isActive: true,
+            isEmailVerified: false,
             createdAt: new Date(),
             updatedAt: new Date(),
         });
@@ -112,5 +138,32 @@ class User {
     static reconstitute(props) {
         return new User(props);
     }
+    /**
+     * Deriva roles y permissions efectivas desde la entidad.
+     *
+     * Fuente de datos:
+     * - this.roles (Role[])
+     * - role.getValue() => { role: string; permissions: string[] }
+     *
+     * Nota:
+     * - Esto NO consulta BDD.
+     * - La BDD se consulta en el host (middleware) para autorización “fresca”.
+     */
+    getAccessSnapshot() {
+        const roles = [];
+        const permissions = [];
+        for (const role of this.roles) {
+            const value = role.getValue(); // canónico (incluye permissions)
+            roles.push(value.role);
+            permissions.push(...value.permissions);
+        }
+        // Unique + orden determinista (útil para test/debug)
+        const uniqSorted = (items) => Array.from(new Set(items)).sort((a, b) => a.localeCompare(b));
+        return {
+            userId: this.id.getValue(),
+            roles: uniqSorted(roles),
+            permissions: uniqSorted(permissions),
+        };
+    }
 }
 exports.User = User;

package/dist/domain/errors/auth-error-code.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Códigos canónicos de error del dominio de Auth.
+ *
+ * Objetivo:
+ * - Host / plugins NO deben depender de `error.name` o `message`.
+ * - Solo deben mapear por `code`.
+ *
+ * Nota:
+ * - Mantén este catálogo pequeño y estable.
+ * - Si agregas un error nuevo, agrega aquí su código.
+ */
+/**
+ * ÚNICA fuente de verdad de los códigos.
+ */
+export declare const AUTH_ERROR_CODES: readonly ["TOKEN_INVALID", "TOKEN_EXPIRED", "TOKEN_MALFORMED", "SIGNATURE_INVALID", "AUTHENTICATION_FAILED", "JWT_ERROR", "KEY_MISMATCH", "KEY_NOT_FOUND", "KEY_MISMATCH", "CLAIMS_VALIDATION_ERROR", "JWT_PAYLOAD_INVALID", "TOKEN_NOT_YET_VALID", "JWT_EMPTY", "JWT_MALFORMED", "ALGORITHM_UNSUPPORTED", "KEY_MISMATCH", "KEY_NOT_FOUND", "INVALID_EMAIL", "INVALID_HASHED_PASSWORD", "PASSWORD_POLICY_VIOLATION", "PASSWORD_MISMATCH", "USER_NOT_FOUND", "USER_DISABLED", "EMAIL_ALREADY_IN_USE", "INVALID_PERMISSION", "INVALID_ROLE", "INVALID_ID", "LOGOUT_FAILED", "EMAIL_NOT_VERIFIED", "PASSWORD_RESET_TOKEN_INVALID", "PASSWORD_RESET_TOKEN_EXPIRED", "PASSWORD_RESET_TOKEN_ALREADY_USED", "EMAIL_VERIFICATION_TOKEN_INVALID", "EMAIL_VERIFICATION_TOKEN_EXPIRED", "EMAIL_VERIFICATION_TOKEN_ALREADY_USED", "INVALID_INPUT"];
+export type AuthErrorCode = (typeof AUTH_ERROR_CODES)[number];

package/dist/domain/errors/auth-error-code.js ADDED Viewed

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AUTH_ERROR_CODES = void 0;
+/**
+ * Códigos canónicos de error del dominio de Auth.
+ *
+ * Objetivo:
+ * - Host / plugins NO deben depender de `error.name` o `message`.
+ * - Solo deben mapear por `code`.
+ *
+ * Nota:
+ * - Mantén este catálogo pequeño y estable.
+ * - Si agregas un error nuevo, agrega aquí su código.
+ */
+/**
+ * ÚNICA fuente de verdad de los códigos.
+ */
+exports.AUTH_ERROR_CODES = [
+    // JWT / sesión
+    "TOKEN_INVALID",
+    "TOKEN_EXPIRED",
+    "TOKEN_MALFORMED", // formato invalido (no header.payload.signature),
+    "SIGNATURE_INVALID",
+    "AUTHENTICATION_FAILED", // catch-all de autenticación,
+    "JWT_ERROR",
+    "KEY_MISMATCH",
+    "KEY_NOT_FOUND",
+    "KEY_MISMATCH",
+    "CLAIMS_VALIDATION_ERROR",
+    "JWT_PAYLOAD_INVALID",
+    "TOKEN_NOT_YET_VALID",
+    "JWT_EMPTY",
+    "JWT_MALFORMED",
+    // Refresh Token
+    "ALGORITHM_UNSUPPORTED",
+    "KEY_MISMATCH",
+    "KEY_NOT_FOUND",
+    // Identidad / login
+    "INVALID_EMAIL",
+    "INVALID_HASHED_PASSWORD",
+    "PASSWORD_POLICY_VIOLATION",
+    "PASSWORD_MISMATCH",
+    "USER_NOT_FOUND",
+    "USER_DISABLED",
+    "EMAIL_ALREADY_IN_USE",
+    "INVALID_PERMISSION",
+    "INVALID_ROLE",
+    "INVALID_ID",
+    "LOGOUT_FAILED",
+    "EMAIL_NOT_VERIFIED",
+    // Password reset
+    "PASSWORD_RESET_TOKEN_INVALID",
+    "PASSWORD_RESET_TOKEN_EXPIRED",
+    "PASSWORD_RESET_TOKEN_ALREADY_USED",
+    "EMAIL_VERIFICATION_TOKEN_INVALID",
+    "EMAIL_VERIFICATION_TOKEN_EXPIRED",
+    "EMAIL_VERIFICATION_TOKEN_ALREADY_USED",
+    //General
+    "INVALID_INPUT",
+];

package/dist/domain/errors/auth.errors.d.ts CHANGED Viewed

@@ -1,8 +1,9 @@
-export type AuthErrorCode = "TOKEN_EXPIRED" | "TOKEN_MALFORMED" | "SIGNATURE_INVALID" | "AUTHENTICATION_FAILED";
+import { AuthErrorCode } from "./auth-error-code";
 export interface ClaimsIssue {
     path: string;
     message: string;
 }
+export declare function isAuthErrorCode(value: unknown): value is AuthErrorCode;
 export declare abstract class AuthDomainError extends Error {
     readonly code: AuthErrorCode;
     readonly details?: unknown;
@@ -10,9 +11,21 @@ export declare abstract class AuthDomainError extends Error {
     toJSON(): {
         name: string;
         message: string;
-        code: AuthErrorCode;
+        code: "TOKEN_INVALID" | "TOKEN_EXPIRED" | "TOKEN_MALFORMED" | "SIGNATURE_INVALID" | "AUTHENTICATION_FAILED" | "JWT_ERROR" | "KEY_MISMATCH" | "KEY_NOT_FOUND" | "CLAIMS_VALIDATION_ERROR" | "JWT_PAYLOAD_INVALID" | "TOKEN_NOT_YET_VALID" | "JWT_EMPTY" | "JWT_MALFORMED" | "ALGORITHM_UNSUPPORTED" | "INVALID_EMAIL" | "INVALID_HASHED_PASSWORD" | "PASSWORD_POLICY_VIOLATION" | "PASSWORD_MISMATCH" | "USER_NOT_FOUND" | "USER_DISABLED" | "EMAIL_ALREADY_IN_USE" | "INVALID_PERMISSION" | "INVALID_ROLE" | "INVALID_ID" | "LOGOUT_FAILED" | "EMAIL_NOT_VERIFIED" | "PASSWORD_RESET_TOKEN_INVALID" | "PASSWORD_RESET_TOKEN_EXPIRED" | "PASSWORD_RESET_TOKEN_ALREADY_USED" | "EMAIL_VERIFICATION_TOKEN_INVALID" | "EMAIL_VERIFICATION_TOKEN_EXPIRED" | "EMAIL_VERIFICATION_TOKEN_ALREADY_USED" | "INVALID_INPUT";
         details: unknown;
     };
+    /**
+     * Guard estable para errores del core.
+     *
+     * - `instanceof` es el camino ideal, pero puede fallar si hay:
+     *   - múltiples copias del paquete en runtime (resolución/hoisting),
+     *   - bundles,
+     *   - errores creados por hosts que replican forma (code/message).
+     *
+     * Regla:
+     * - Si tiene forma mínima { code: string, message: string }, lo tratamos como AuthDomainError.
+     * - El core sigue siendo el “owner” de los códigos y su significado.
+     */
     static isAuthError(e: unknown): e is AuthDomainError;
 }
 /** El token ya no es válido por exp (exp < now) */
@@ -34,10 +47,18 @@ export declare class InvalidSignatureError extends AuthDomainError {
 export declare class AuthenticationError extends AuthDomainError {
     constructor(message?: string, details?: unknown);
 }
-/** Alias histórico si lo usabas antes */
-export declare class InvalidOrExpiredRefreshTokenError extends AuthDomainError {
-    constructor(details?: {
-        exp?: number;
-        now?: number;
-    });
+export declare class SessionAuthError extends AuthDomainError {
+    constructor(message?: string, details?: unknown);
+}
+export declare class EmailNotVerifiedError extends AuthDomainError {
+    constructor(message?: string, details?: unknown);
+}
+export declare class EmailVerificationTokenAlreadyUsedError extends AuthDomainError {
+    constructor(message?: string, details?: unknown);
+}
+export declare class EmailVerificationTokenInvalidError extends AuthDomainError {
+    constructor(message?: string, details?: unknown);
+}
+export declare class EmailVerificationTokenExpiredError extends AuthDomainError {
+    constructor(message?: string, details?: unknown);
 }

package/dist/domain/errors/auth.errors.js CHANGED Viewed

@@ -1,6 +1,17 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.InvalidOrExpiredRefreshTokenError = exports.AuthenticationError = exports.InvalidSignatureError = exports.InvalidTokenFormatError = exports.TokenExpiredError = exports.AuthDomainError = void 0;
+exports.EmailVerificationTokenExpiredError = exports.EmailVerificationTokenInvalidError = exports.EmailVerificationTokenAlreadyUsedError = exports.EmailNotVerifiedError = exports.SessionAuthError = exports.AuthenticationError = exports.InvalidSignatureError = exports.InvalidTokenFormatError = exports.TokenExpiredError = exports.AuthDomainError = void 0;
+exports.isAuthErrorCode = isAuthErrorCode;
+const auth_error_code_1 = require("./auth-error-code");
+function asAuthErrorLike(value) {
+    if (value && typeof value === "object")
+        return value;
+    return {};
+}
+const AUTH_ERROR_CODE_SET = new Set(auth_error_code_1.AUTH_ERROR_CODES);
+function isAuthErrorCode(value) {
+    return typeof value === "string" && AUTH_ERROR_CODE_SET.has(value);
+}
 class AuthDomainError extends Error {
     constructor(message, code, details) {
         super(message);
@@ -8,7 +19,8 @@ class AuthDomainError extends Error {
         this.details = details;
         this.name = new.target.name;
         // Compatible con V8; ignora silenciosamente en otros engines
-        if (typeof Error.captureStackTrace === "function") {
+        if (typeof Error
+            .captureStackTrace === "function") {
             Error.captureStackTrace(this, new.target);
         }
     }
@@ -20,8 +32,24 @@ class AuthDomainError extends Error {
             details: this.details,
         };
     }
+    /**
+     * Guard estable para errores del core.
+     *
+     * - `instanceof` es el camino ideal, pero puede fallar si hay:
+     *   - múltiples copias del paquete en runtime (resolución/hoisting),
+     *   - bundles,
+     *   - errores creados por hosts que replican forma (code/message).
+     *
+     * Regla:
+     * - Si tiene forma mínima { code: string, message: string }, lo tratamos como AuthDomainError.
+     * - El core sigue siendo el “owner” de los códigos y su significado.
+     */
     static isAuthError(e) {
-        return e instanceof AuthDomainError;
+        if (e instanceof AuthDomainError)
+            return true;
+        const like = asAuthErrorLike(e);
+        // Exigir que code sea uno de los canónicos del core
+        return isAuthErrorCode(like.code);
     }
 }
 exports.AuthDomainError = AuthDomainError;
@@ -53,10 +81,33 @@ class AuthenticationError extends AuthDomainError {
     }
 }
 exports.AuthenticationError = AuthenticationError;
-/** Alias histórico si lo usabas antes */
-class InvalidOrExpiredRefreshTokenError extends AuthDomainError {
-    constructor(details) {
-        super("Invalid or expired refresh token", "TOKEN_EXPIRED", details);
+class SessionAuthError extends AuthDomainError {
+    constructor(message = "Session Authentication failed", details) {
+        super(message, "AUTHENTICATION_FAILED", details);
+    }
+}
+exports.SessionAuthError = SessionAuthError;
+class EmailNotVerifiedError extends AuthDomainError {
+    constructor(message = "Email is not verified", details) {
+        super(message, "EMAIL_NOT_VERIFIED", details);
+    }
+}
+exports.EmailNotVerifiedError = EmailNotVerifiedError;
+class EmailVerificationTokenAlreadyUsedError extends AuthDomainError {
+    constructor(message = "Email verification token already used", details) {
+        super(message, "EMAIL_VERIFICATION_TOKEN_ALREADY_USED", details);
+    }
+}
+exports.EmailVerificationTokenAlreadyUsedError = EmailVerificationTokenAlreadyUsedError;
+class EmailVerificationTokenInvalidError extends AuthDomainError {
+    constructor(message = "Email verification token is invalid", details) {
+        super(message, "EMAIL_VERIFICATION_TOKEN_INVALID", details);
+    }
+}
+exports.EmailVerificationTokenInvalidError = EmailVerificationTokenInvalidError;
+class EmailVerificationTokenExpiredError extends AuthDomainError {
+    constructor(message = "Email verification token has expired", details) {
+        super(message, "EMAIL_VERIFICATION_TOKEN_EXPIRED", details);
     }
 }
-exports.InvalidOrExpiredRefreshTokenError = InvalidOrExpiredRefreshTokenError;
+exports.EmailVerificationTokenExpiredError = EmailVerificationTokenExpiredError;

package/dist/domain/errors/general.errors.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { AuthDomainError } from "./auth.errors";
+export declare class InvalidInputError extends AuthDomainError {
+    constructor(message?: string, details?: unknown);
+}

package/dist/domain/errors/general.errors.js ADDED Viewed

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InvalidInputError = void 0;
+const auth_errors_1 = require("./auth.errors");
+class InvalidInputError extends auth_errors_1.AuthDomainError {
+    constructor(message = "Email verification token is required", details) {
+        super(message, "INVALID_INPUT", details);
+    }
+}
+exports.InvalidInputError = InvalidInputError;

package/dist/domain/errors/identity.errors.d.ts CHANGED Viewed

@@ -1,34 +1,39 @@
-export declare class InvalidEmailError extends Error {
+/**
+ * Errores del dominio relacionados a identidad/credenciales.
+ * Ahora incluyen `code` canónico para que host/plugins mapeen por `code`.
+ */
+import { AuthDomainError } from "./auth.errors";
+export declare class InvalidEmailError extends AuthDomainError {
     constructor(value: string);
 }
-export declare class InvalidHashedPasswordError extends Error {
+export declare class InvalidHashedPasswordError extends AuthDomainError {
     constructor(msg?: string);
 }
-export declare class PasswordPolicyViolationError extends Error {
+export declare class PasswordPolicyViolationError extends AuthDomainError {
     readonly issues: string[];
     constructor(issues: string[], msg?: string);
 }
-export declare class PasswordMismatchError extends Error {
+export declare class PasswordMismatchError extends AuthDomainError {
     constructor(msg?: string);
 }
-export declare class UserNotFoundError extends Error {
+export declare class UserNotFoundError extends AuthDomainError {
     constructor(msg?: string);
 }
-export declare class UserDisabledError extends Error {
+export declare class UserDisabledError extends AuthDomainError {
     constructor(msg?: string);
 }
-export declare class EmailAlreadyInUseError extends Error {
+export declare class EmailAlreadyInUseError extends AuthDomainError {
     constructor(msg?: string);
 }
-export declare class InvalidPermissionError extends Error {
+export declare class InvalidPermissionError extends AuthDomainError {
     constructor(message: string);
 }
-export declare class InvalidRoleError extends Error {
+export declare class InvalidRoleError extends AuthDomainError {
     constructor(message: string);
 }
-export declare class InvalidIdError extends Error {
+export declare class InvalidIdError extends AuthDomainError {
     constructor(message: string);
 }
-export declare class LogoutError extends Error {
-    constructor(message: string);
+export declare class LogoutError extends AuthDomainError {
+    constructor(message: string, details?: unknown);
 }

package/dist/domain/errors/identity.errors.js CHANGED Viewed

@@ -1,81 +1,85 @@
 "use strict";
+/**
+ * Errores del dominio relacionados a identidad/credenciales.
+ * Ahora incluyen `code` canónico para que host/plugins mapeen por `code`.
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.LogoutError = exports.InvalidIdError = exports.InvalidRoleError = exports.InvalidPermissionError = exports.EmailAlreadyInUseError = exports.UserDisabledError = exports.UserNotFoundError = exports.PasswordMismatchError = exports.PasswordPolicyViolationError = exports.InvalidHashedPasswordError = exports.InvalidEmailError = void 0;
-// Object Types
-class InvalidEmailError extends Error {
+const auth_errors_1 = require("./auth.errors");
+class InvalidEmailError extends auth_errors_1.AuthDomainError {
     constructor(value) {
-        super(`Invalid email format: "${value}"`);
+        super(`Invalid email format: "${value}"`, "INVALID_EMAIL");
         this.name = "InvalidEmailError";
     }
 }
 exports.InvalidEmailError = InvalidEmailError;
-class InvalidHashedPasswordError extends Error {
+class InvalidHashedPasswordError extends auth_errors_1.AuthDomainError {
     constructor(msg = "Invalid bcrypt hash format") {
-        super(msg);
+        super(msg, "INVALID_HASHED_PASSWORD");
         this.name = "InvalidHashedPasswordError";
     }
 }
 exports.InvalidHashedPasswordError = InvalidHashedPasswordError;
-class PasswordPolicyViolationError extends Error {
+class PasswordPolicyViolationError extends auth_errors_1.AuthDomainError {
     constructor(issues, msg = "Password policy violation") {
-        super(msg);
-        this.issues = issues;
+        super(msg, "PASSWORD_POLICY_VIOLATION", { issues: issues.join(",") });
         this.name = "PasswordPolicyViolationError";
+        this.issues = issues;
     }
 }
 exports.PasswordPolicyViolationError = PasswordPolicyViolationError;
-class PasswordMismatchError extends Error {
+class PasswordMismatchError extends auth_errors_1.AuthDomainError {
     constructor(msg = "Password does not match") {
-        super(msg);
+        super(msg, "PASSWORD_MISMATCH");
         this.name = "PasswordMismatchError";
     }
 }
 exports.PasswordMismatchError = PasswordMismatchError;
-class UserNotFoundError extends Error {
+class UserNotFoundError extends auth_errors_1.AuthDomainError {
     constructor(msg = "User not found") {
-        super(msg);
+        super(msg, "USER_NOT_FOUND");
         this.name = "UserNotFoundError";
     }
 }
 exports.UserNotFoundError = UserNotFoundError;
-class UserDisabledError extends Error {
+class UserDisabledError extends auth_errors_1.AuthDomainError {
     constructor(msg = "User is disabled") {
-        super(msg);
+        super(msg, "USER_DISABLED");
         this.name = "UserDisabledError";
     }
 }
 exports.UserDisabledError = UserDisabledError;
-class EmailAlreadyInUseError extends Error {
+class EmailAlreadyInUseError extends auth_errors_1.AuthDomainError {
     constructor(msg = "Email already in use") {
-        super(msg);
+        super(msg, "EMAIL_ALREADY_IN_USE");
         this.name = "EmailAlreadyInUseError";
     }
 }
 exports.EmailAlreadyInUseError = EmailAlreadyInUseError;
-class InvalidPermissionError extends Error {
+class InvalidPermissionError extends auth_errors_1.AuthDomainError {
     constructor(message) {
-        super(message);
+        super(message, "INVALID_PERMISSION");
         this.name = "InvalidPermissionError";
     }
 }
 exports.InvalidPermissionError = InvalidPermissionError;
-class InvalidRoleError extends Error {
+class InvalidRoleError extends auth_errors_1.AuthDomainError {
     constructor(message) {
-        super(message);
+        super(message, "INVALID_ROLE");
         this.name = "InvalidRoleError";
     }
 }
 exports.InvalidRoleError = InvalidRoleError;
-class InvalidIdError extends Error {
+class InvalidIdError extends auth_errors_1.AuthDomainError {
     constructor(message) {
-        super(message);
+        super(message, "INVALID_ID");
         this.name = "InvalidIdError";
     }
 }
 exports.InvalidIdError = InvalidIdError;
-class LogoutError extends Error {
-    constructor(message) {
-        super(message);
+class LogoutError extends auth_errors_1.AuthDomainError {
+    constructor(message, details) {
+        super(message, "LOGOUT_FAILED", details);
         this.name = "LogoutError";
     }
 }

package/dist/domain/errors/index.d.ts CHANGED Viewed

@@ -1,2 +1,7 @@
 export * from "./auth.errors";
 export * from "./identity.errors";
+export * from "./password-reset.errors";
+export * from "./jwt-payload.error";
+export * from "./auth-error-code";
+export * from "./jwt.errors";
+export * from "./general.errors";

package/dist/domain/errors/index.js CHANGED Viewed

@@ -16,3 +16,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./auth.errors"), exports);
 __exportStar(require("./identity.errors"), exports);
+__exportStar(require("./password-reset.errors"), exports);
+__exportStar(require("./jwt-payload.error"), exports);
+__exportStar(require("./auth-error-code"), exports);
+__exportStar(require("./jwt.errors"), exports);
+__exportStar(require("./general.errors"), exports);

package/dist/domain/errors/jwt-payload.error.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { AuthDomainError } from "./auth.errors";
+export declare class InvalidJwtPayloadError extends AuthDomainError {
+    constructor(message?: string, details?: unknown);
+}

package/dist/domain/errors/jwt-payload.error.js ADDED Viewed

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InvalidJwtPayloadError = void 0;
+const auth_errors_1 = require("./auth.errors");
+class InvalidJwtPayloadError extends auth_errors_1.AuthDomainError {
+    constructor(message = "Invalid JWT payload", details) {
+        super(message, "JWT_PAYLOAD_INVALID", details);
+    }
+}
+exports.InvalidJwtPayloadError = InvalidJwtPayloadError;

package/dist/domain/errors/jwt.errors.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { AuthDomainError } from "./auth.errors";
+export declare class InvalidJwtEmptyError extends AuthDomainError {
+    constructor(message?: string, details?: unknown);
+}
+export declare class InvalidJwtMalformedError extends AuthDomainError {
+    constructor(message?: string, details?: unknown);
+}

package/dist/domain/errors/jwt.errors.js ADDED Viewed

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InvalidJwtMalformedError = exports.InvalidJwtEmptyError = void 0;
+const auth_errors_1 = require("./auth.errors");
+class InvalidJwtEmptyError extends auth_errors_1.AuthDomainError {
+    constructor(message = "Invalid Empty JWT", details) {
+        super(message, "JWT_EMPTY", details);
+    }
+}
+exports.InvalidJwtEmptyError = InvalidJwtEmptyError;
+class InvalidJwtMalformedError extends auth_errors_1.AuthDomainError {
+    constructor(message = "Invalid Malformed JWT", details) {
+        super(message, "JWT_MALFORMED", details);
+    }
+}
+exports.InvalidJwtMalformedError = InvalidJwtMalformedError;

package/dist/domain/errors/password-reset.errors.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Errores específicos del flujo de reseteo de contraseña.
+ * Responsabilidad: representar fallos esperados y mapeables a HTTP.
+ */
+import { AuthDomainError } from "./auth.errors";
+export declare class PasswordResetTokenInvalidError extends AuthDomainError {
+    constructor(msg?: string);
+}
+export declare class PasswordResetTokenExpiredError extends AuthDomainError {
+    constructor(msg?: string);
+}
+export declare class PasswordResetTokenAlreadyUsedError extends AuthDomainError {
+    constructor(msg?: string);
+}

package/dist/domain/errors/password-reset.errors.js ADDED Viewed

@@ -0,0 +1,29 @@
+"use strict";
+/**
+ * Errores específicos del flujo de reseteo de contraseña.
+ * Responsabilidad: representar fallos esperados y mapeables a HTTP.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PasswordResetTokenAlreadyUsedError = exports.PasswordResetTokenExpiredError = exports.PasswordResetTokenInvalidError = void 0;
+const auth_errors_1 = require("./auth.errors");
+class PasswordResetTokenInvalidError extends auth_errors_1.AuthDomainError {
+    constructor(msg = "Password reset token is invalid") {
+        super(msg, "PASSWORD_RESET_TOKEN_INVALID");
+        this.name = "PasswordResetTokenInvalidError";
+    }
+}
+exports.PasswordResetTokenInvalidError = PasswordResetTokenInvalidError;
+class PasswordResetTokenExpiredError extends auth_errors_1.AuthDomainError {
+    constructor(msg = "Password reset token has expired") {
+        super(msg, "PASSWORD_RESET_TOKEN_EXPIRED");
+        this.name = "PasswordResetTokenExpiredError";
+    }
+}
+exports.PasswordResetTokenExpiredError = PasswordResetTokenExpiredError;
+class PasswordResetTokenAlreadyUsedError extends auth_errors_1.AuthDomainError {
+    constructor(msg = "Password reset token has already been used") {
+        super(msg, "PASSWORD_RESET_TOKEN_ALREADY_USED");
+        this.name = "PasswordResetTokenAlreadyUsedError";
+    }
+}
+exports.PasswordResetTokenAlreadyUsedError = PasswordResetTokenAlreadyUsedError;

package/dist/domain/index.d.ts CHANGED Viewed

@@ -3,3 +3,4 @@ export * from "./errors";
 export * from "./object-values";
 export * from "./ports";
 export * from "./props";
+export * from "./types";

package/dist/domain/index.js CHANGED Viewed

@@ -19,3 +19,4 @@ __exportStar(require("./errors"), exports);
 __exportStar(require("./object-values"), exports);
 __exportStar(require("./ports"), exports);
 __exportStar(require("./props"), exports);
+__exportStar(require("./types"), exports);

package/dist/domain/ports/auth/email-verification-token.port.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import type { Id } from "../../object-values";
+/**
+ * Token de verificación de email (single-use, TTL).
+ * Implementación fuera del core (DB/Redis).
+ */
+export interface IEmailVerificationTokenPort {
+    issue(userId: Id, ttlMs: number): Promise<{
+        token: string;
+        expiresAt: Date;
+    }>;
+    verify(token: string): Promise<{
+        userId: Id;
+        expiresAt: Date;
+    }>;
+    consume(token: string): Promise<{
+        userId: Id;
+        expiresAt: Date;
+    }>;
+}

package/dist/domain/ports/auth/email-verification-token.port.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/domain/ports/auth/index.d.ts CHANGED Viewed

@@ -1,2 +1,4 @@
 export * from "./password-hasher.port";
 export * from "./password-policy.port";
+export * from "./password-reset-token.port";
+export * from "./email-verification-token.port";