@longzai-intelligence-auth/core 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/errors/auth.errors.d.ts +37 -0
- package/dist/errors/auth.errors.js +61 -0
- package/dist/index.d.ts +21 -0
- package/dist/index.js +6 -0
- package/dist/ports/auth-backend.port.d.ts +73 -0
- package/dist/ports/auth-backend.port.js +1 -0
- package/dist/ports/index.d.ts +3 -0
- package/dist/ports/index.js +1 -0
- package/dist/ports/password-hash.port.d.ts +4 -0
- package/dist/ports/password-hash.port.js +1 -0
- package/dist/ports/strategy.port.d.ts +26 -0
- package/dist/ports/strategy.port.js +1 -0
- package/dist/schemas/auth-config.schema.d.ts +36 -0
- package/dist/schemas/auth-config.schema.js +24 -0
- package/dist/schemas/permission.schema.d.ts +6 -0
- package/dist/schemas/permission.schema.js +6 -0
- package/dist/schemas/session.schema.d.ts +8 -0
- package/dist/schemas/session.schema.js +8 -0
- package/dist/schemas/token.schema.d.ts +24 -0
- package/dist/schemas/token.schema.js +24 -0
- package/dist/schemas/user.schema.d.ts +15 -0
- package/dist/schemas/user.schema.js +15 -0
- package/dist/types/audit.types.d.ts +1 -0
- package/dist/types/audit.types.js +1 -0
- package/dist/types/auth-api.types.d.ts +42 -0
- package/dist/types/auth-api.types.js +1 -0
- package/dist/types/auth-context.types.d.ts +8 -0
- package/dist/types/auth-context.types.js +1 -0
- package/dist/types/config.types.d.ts +19 -0
- package/dist/types/config.types.js +1 -0
- package/dist/types/index.d.ts +12 -0
- package/dist/types/index.js +12 -0
- package/dist/types/logger.types.d.ts +6 -0
- package/dist/types/logger.types.js +1 -0
- package/dist/types/password.types.d.ts +4 -0
- package/dist/types/password.types.js +1 -0
- package/dist/types/permission.types.d.ts +6 -0
- package/dist/types/permission.types.js +1 -0
- package/dist/types/rate-limit.types.d.ts +4 -0
- package/dist/types/rate-limit.types.js +1 -0
- package/dist/types/session.types.d.ts +21 -0
- package/dist/types/session.types.js +1 -0
- package/dist/types/tenant-member.types.d.ts +13 -0
- package/dist/types/tenant-member.types.js +1 -0
- package/dist/types/tenant.types.d.ts +22 -0
- package/dist/types/tenant.types.js +1 -0
- package/dist/types/token.types.d.ts +24 -0
- package/dist/types/token.types.js +1 -0
- package/dist/types/user.types.d.ts +29 -0
- package/dist/types/user.types.js +1 -0
- package/package.json +45 -0
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import { DomainError } from "@longzai-intelligence/error";
|
|
2
|
+
export declare class TokenExpiredError extends DomainError {
|
|
3
|
+
constructor(message?: string);
|
|
4
|
+
}
|
|
5
|
+
export declare class TokenInvalidError extends DomainError {
|
|
6
|
+
constructor(message?: string);
|
|
7
|
+
}
|
|
8
|
+
export declare class TokenMissingError extends DomainError {
|
|
9
|
+
constructor(message?: string);
|
|
10
|
+
}
|
|
11
|
+
export declare class MfaRequiredError extends DomainError {
|
|
12
|
+
constructor(message?: string);
|
|
13
|
+
}
|
|
14
|
+
export declare class InvalidCredentialsError extends DomainError {
|
|
15
|
+
constructor(message?: string);
|
|
16
|
+
}
|
|
17
|
+
export declare class AccountDisabledError extends DomainError {
|
|
18
|
+
constructor(message?: string);
|
|
19
|
+
}
|
|
20
|
+
export declare class UserNotFoundError extends DomainError {
|
|
21
|
+
constructor(message?: string);
|
|
22
|
+
}
|
|
23
|
+
export declare class UserAlreadyExistsError extends DomainError {
|
|
24
|
+
constructor(message?: string);
|
|
25
|
+
}
|
|
26
|
+
export declare class PasswordPolicyViolationError extends DomainError {
|
|
27
|
+
constructor(message?: string);
|
|
28
|
+
}
|
|
29
|
+
export declare class SessionNotFoundError extends DomainError {
|
|
30
|
+
constructor(message?: string);
|
|
31
|
+
}
|
|
32
|
+
export declare class SessionExpiredError extends DomainError {
|
|
33
|
+
constructor(message?: string);
|
|
34
|
+
}
|
|
35
|
+
export declare class RateLimitExceededError extends DomainError {
|
|
36
|
+
constructor(message?: string);
|
|
37
|
+
}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
import { DomainError } from "@longzai-intelligence/error";
|
|
2
|
+
export class TokenExpiredError extends DomainError {
|
|
3
|
+
constructor(message = "认证令牌已过期") {
|
|
4
|
+
super(message, "TOKEN_EXPIRED");
|
|
5
|
+
}
|
|
6
|
+
}
|
|
7
|
+
export class TokenInvalidError extends DomainError {
|
|
8
|
+
constructor(message = "无效的认证令牌") {
|
|
9
|
+
super(message, "TOKEN_INVALID");
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
export class TokenMissingError extends DomainError {
|
|
13
|
+
constructor(message = "未认证,请先登录") {
|
|
14
|
+
super(message, "TOKEN_MISSING");
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
export class MfaRequiredError extends DomainError {
|
|
18
|
+
constructor(message = "需要多因素认证验证") {
|
|
19
|
+
super(message, "MFA_REQUIRED");
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
export class InvalidCredentialsError extends DomainError {
|
|
23
|
+
constructor(message = "用户名或密码错误") {
|
|
24
|
+
super(message, "INVALID_CREDENTIALS");
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
export class AccountDisabledError extends DomainError {
|
|
28
|
+
constructor(message = "账户已被禁用") {
|
|
29
|
+
super(message, "ACCOUNT_DISABLED");
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
export class UserNotFoundError extends DomainError {
|
|
33
|
+
constructor(message = "用户不存在") {
|
|
34
|
+
super(message, "USER_NOT_FOUND");
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
export class UserAlreadyExistsError extends DomainError {
|
|
38
|
+
constructor(message = "用户已存在") {
|
|
39
|
+
super(message, "USER_ALREADY_EXISTS");
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
export class PasswordPolicyViolationError extends DomainError {
|
|
43
|
+
constructor(message = "密码不符合策略要求") {
|
|
44
|
+
super(message, "PASSWORD_POLICY_VIOLATION");
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
export class SessionNotFoundError extends DomainError {
|
|
48
|
+
constructor(message = "会话不存在") {
|
|
49
|
+
super(message, "SESSION_NOT_FOUND");
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
export class SessionExpiredError extends DomainError {
|
|
53
|
+
constructor(message = "会话已过期") {
|
|
54
|
+
super(message, "SESSION_EXPIRED");
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
export class RateLimitExceededError extends DomainError {
|
|
58
|
+
constructor(message = "请求过于频繁,请稍后再试") {
|
|
59
|
+
super(message, "RATE_LIMIT_EXCEEDED");
|
|
60
|
+
}
|
|
61
|
+
}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
export type { AccessTokenPayload, RefreshTokenPayload, PasswordResetTokenPayload, MfaPendingTokenPayload, TokenPayload, } from "./types/token.types";
|
|
2
|
+
export type { AuthContext, UserInfo } from "./types/auth-context.types";
|
|
3
|
+
export type { ResourceAction, PermissionCheckFn, TenantPermissionCheckFn, } from "./types/permission.types";
|
|
4
|
+
export type { JwtConfig, PasswordPolicyConfig, AuthConfig, } from "./types/config.types";
|
|
5
|
+
export type { PasswordValidationResult } from "./types/password.types";
|
|
6
|
+
export type { RateLimitConfig } from "./types/rate-limit.types";
|
|
7
|
+
export type { LoggerService } from "./types/logger.types";
|
|
8
|
+
export type { LoginRequest, LoginResponse, RegisterRequest, RegisterResponse, RefreshTokenRequest, RefreshTokenResponse, PasswordResetRequest, PasswordResetConfirmRequest, ChangePasswordRequest, MessageResponse, MeResponse, } from "./types/auth-api.types";
|
|
9
|
+
export type { User, UserStatus, CreateUserInput, UpdateUserInput, } from "./types/user.types";
|
|
10
|
+
export type { Session, CreateSessionInput, SessionInfo, } from "./types/session.types";
|
|
11
|
+
export type { Tenant, TenantStatus, CreateTenantInput, UpdateTenantInput, } from "./types/tenant.types";
|
|
12
|
+
export type { TenantMember, TenantMemberRole, CreateTenantMemberInput, } from "./types/tenant-member.types";
|
|
13
|
+
export { jwtConfigSchema, passwordPolicyConfigSchema, rateLimitConfigSchema, authConfigSchema, } from "./schemas/auth-config.schema";
|
|
14
|
+
export { accessTokenPayloadSchema, refreshTokenPayloadSchema, passwordResetTokenPayloadSchema, mfaPendingTokenPayloadSchema, } from "./schemas/token.schema";
|
|
15
|
+
export { permissionStringSchema, resourceActionSchema, } from "./schemas/permission.schema";
|
|
16
|
+
export { createUserSchema, updateUserSchema, changePasswordSchema, } from "./schemas/user.schema";
|
|
17
|
+
export { loginSchema, refreshTokenSchema, } from "./schemas/session.schema";
|
|
18
|
+
export type { AuthBackendPort, LocalAuthBackend, IdentityAuthBackend, UserPort, SessionPort, TokenPort, TenantPort, TenantMemberPort, UserAuthInfo, VerifyPasswordResult, TenantValidateResult, UserRolePort, UserAuthPort, TenantValidateFn, } from "./ports/auth-backend.port";
|
|
19
|
+
export type { PasswordHasher } from "./ports/password-hash.port";
|
|
20
|
+
export type { AuthStrategy, TokenSigner, TokenVerifier, TokenVerifyResult, RateLimiter, } from "./ports/strategy.port";
|
|
21
|
+
export { TokenExpiredError, TokenInvalidError, TokenMissingError, MfaRequiredError, InvalidCredentialsError, AccountDisabledError, UserNotFoundError, UserAlreadyExistsError, PasswordPolicyViolationError, SessionNotFoundError, SessionExpiredError, RateLimitExceededError, } from "./errors/auth.errors";
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export { jwtConfigSchema, passwordPolicyConfigSchema, rateLimitConfigSchema, authConfigSchema, } from "./schemas/auth-config.schema";
|
|
2
|
+
export { accessTokenPayloadSchema, refreshTokenPayloadSchema, passwordResetTokenPayloadSchema, mfaPendingTokenPayloadSchema, } from "./schemas/token.schema";
|
|
3
|
+
export { permissionStringSchema, resourceActionSchema, } from "./schemas/permission.schema";
|
|
4
|
+
export { createUserSchema, updateUserSchema, changePasswordSchema, } from "./schemas/user.schema";
|
|
5
|
+
export { loginSchema, refreshTokenSchema, } from "./schemas/session.schema";
|
|
6
|
+
export { TokenExpiredError, TokenInvalidError, TokenMissingError, MfaRequiredError, InvalidCredentialsError, AccountDisabledError, UserNotFoundError, UserAlreadyExistsError, PasswordPolicyViolationError, SessionNotFoundError, SessionExpiredError, RateLimitExceededError, } from "./errors/auth.errors";
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
import type { User, CreateUserInput, UpdateUserInput, UserStatus, Session, CreateSessionInput, Tenant, CreateTenantInput, TenantMember, AccessTokenPayload, RefreshTokenPayload, ResourceAction } from "../types";
|
|
2
|
+
export type UserAuthInfo = {
|
|
3
|
+
userId: string;
|
|
4
|
+
email: string;
|
|
5
|
+
tenantId: string;
|
|
6
|
+
status: UserStatus;
|
|
7
|
+
passwordHash: string;
|
|
8
|
+
mfaEnabled: boolean;
|
|
9
|
+
mfaSecret: string | null;
|
|
10
|
+
failedLoginAttempts: number;
|
|
11
|
+
lockedUntil: string | null;
|
|
12
|
+
};
|
|
13
|
+
export type VerifyPasswordResult = {
|
|
14
|
+
success: boolean;
|
|
15
|
+
user?: User;
|
|
16
|
+
error?: string;
|
|
17
|
+
};
|
|
18
|
+
export type TenantValidateResult = {
|
|
19
|
+
valid: boolean;
|
|
20
|
+
tenant?: Tenant;
|
|
21
|
+
error?: string;
|
|
22
|
+
};
|
|
23
|
+
export type UserPort = {
|
|
24
|
+
findById(userId: string): Promise<User | null>;
|
|
25
|
+
findByEmail(email: string): Promise<User | null>;
|
|
26
|
+
findByUsername(username: string): Promise<User | null>;
|
|
27
|
+
findAuthInfo(userId: string): Promise<UserAuthInfo | null>;
|
|
28
|
+
findAuthInfoByEmail(email: string): Promise<UserAuthInfo | null>;
|
|
29
|
+
findPermissions(userId: string, tenantId: string): Promise<ResourceAction[]>;
|
|
30
|
+
isSuperAdmin(userId: string, tenantId: string): Promise<boolean>;
|
|
31
|
+
create(input: CreateUserInput): Promise<User>;
|
|
32
|
+
update(userId: string, input: UpdateUserInput): Promise<User>;
|
|
33
|
+
verifyPassword(email: string, password: string): Promise<VerifyPasswordResult>;
|
|
34
|
+
updatePassword(userId: string, newPasswordHash: string): Promise<void>;
|
|
35
|
+
};
|
|
36
|
+
export type SessionPort = {
|
|
37
|
+
create(input: CreateSessionInput): Promise<Session>;
|
|
38
|
+
findById(sessionId: string): Promise<Session | null>;
|
|
39
|
+
findByRefreshTokenHash(hash: string): Promise<Session | null>;
|
|
40
|
+
revoke(sessionId: string): Promise<void>;
|
|
41
|
+
revokeAllByUser(userId: string): Promise<void>;
|
|
42
|
+
};
|
|
43
|
+
export type TokenPort = {
|
|
44
|
+
signAccessToken(payload: AccessTokenPayload): Promise<string>;
|
|
45
|
+
signRefreshToken(payload: RefreshTokenPayload): Promise<string>;
|
|
46
|
+
verifyAccessToken(token: string): Promise<AccessTokenPayload>;
|
|
47
|
+
verifyRefreshToken(token: string): Promise<RefreshTokenPayload>;
|
|
48
|
+
};
|
|
49
|
+
export type TenantPort = {
|
|
50
|
+
findById(tenantId: string): Promise<Tenant | null>;
|
|
51
|
+
findBySlug(slug: string): Promise<Tenant | null>;
|
|
52
|
+
create(input: CreateTenantInput): Promise<Tenant>;
|
|
53
|
+
validateStatus(tenantId: string): Promise<TenantValidateResult>;
|
|
54
|
+
};
|
|
55
|
+
export type TenantMemberPort = {
|
|
56
|
+
getMember(tenantId: string, userId: string): Promise<TenantMember | null>;
|
|
57
|
+
addMember(tenantId: string, userId: string, role: string): Promise<TenantMember>;
|
|
58
|
+
removeMember(tenantId: string, userId: string): Promise<void>;
|
|
59
|
+
isMember(tenantId: string, userId: string): Promise<boolean>;
|
|
60
|
+
};
|
|
61
|
+
export type LocalAuthBackend = {
|
|
62
|
+
user: UserPort;
|
|
63
|
+
session: SessionPort;
|
|
64
|
+
token: TokenPort;
|
|
65
|
+
};
|
|
66
|
+
export type IdentityAuthBackend = LocalAuthBackend & {
|
|
67
|
+
tenant: TenantPort;
|
|
68
|
+
tenantMember: TenantMemberPort;
|
|
69
|
+
};
|
|
70
|
+
export type AuthBackendPort = IdentityAuthBackend;
|
|
71
|
+
export type UserRolePort = UserPort;
|
|
72
|
+
export type UserAuthPort = UserPort;
|
|
73
|
+
export type TenantValidateFn = (tenantId: string) => Promise<TenantValidateResult>;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
export type { AuthBackendPort, LocalAuthBackend, IdentityAuthBackend, UserPort, SessionPort, TokenPort, TenantPort, TenantMemberPort, UserAuthInfo, VerifyPasswordResult, TenantValidateResult, } from "./auth-backend.port";
|
|
2
|
+
export type { PasswordHasher } from "./password-hash.port";
|
|
3
|
+
export type { AuthStrategy, TokenSigner, TokenVerifier, TokenVerifyResult, RateLimiter, } from "./strategy.port";
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import type { AccessTokenPayload, RefreshTokenPayload } from "../types/token.types";
|
|
2
|
+
export type TokenVerifyResult<T> = {
|
|
3
|
+
success: boolean;
|
|
4
|
+
payload?: T;
|
|
5
|
+
error?: string;
|
|
6
|
+
};
|
|
7
|
+
export type TokenSigner = {
|
|
8
|
+
signAccessToken(payload: AccessTokenPayload): Promise<string>;
|
|
9
|
+
signRefreshToken(payload: RefreshTokenPayload): Promise<string>;
|
|
10
|
+
};
|
|
11
|
+
export type TokenVerifier = {
|
|
12
|
+
verifyAccessToken(token: string): Promise<TokenVerifyResult<AccessTokenPayload>>;
|
|
13
|
+
verifyRefreshToken(token: string): Promise<TokenVerifyResult<RefreshTokenPayload>>;
|
|
14
|
+
};
|
|
15
|
+
export type AuthStrategy = {
|
|
16
|
+
name: string;
|
|
17
|
+
verify(credentials: unknown): Promise<AccessTokenPayload>;
|
|
18
|
+
};
|
|
19
|
+
export type RateLimiter = {
|
|
20
|
+
check(key: string): Promise<{
|
|
21
|
+
allowed: boolean;
|
|
22
|
+
remaining: number;
|
|
23
|
+
resetAt: Date;
|
|
24
|
+
}>;
|
|
25
|
+
reset(key: string): Promise<void>;
|
|
26
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export declare const jwtConfigSchema: z.ZodObject<{
|
|
3
|
+
secret: z.ZodString;
|
|
4
|
+
accessExpiresIn: z.ZodDefault<z.ZodString>;
|
|
5
|
+
refreshExpiresIn: z.ZodDefault<z.ZodString>;
|
|
6
|
+
}, z.core.$strip>;
|
|
7
|
+
export declare const passwordPolicyConfigSchema: z.ZodObject<{
|
|
8
|
+
minLength: z.ZodDefault<z.ZodNumber>;
|
|
9
|
+
requireUppercase: z.ZodDefault<z.ZodBoolean>;
|
|
10
|
+
requireLowercase: z.ZodDefault<z.ZodBoolean>;
|
|
11
|
+
requireNumber: z.ZodDefault<z.ZodBoolean>;
|
|
12
|
+
requireSpecial: z.ZodDefault<z.ZodBoolean>;
|
|
13
|
+
historyCount: z.ZodDefault<z.ZodNumber>;
|
|
14
|
+
expireDays: z.ZodDefault<z.ZodNumber>;
|
|
15
|
+
}, z.core.$strip>;
|
|
16
|
+
export declare const rateLimitConfigSchema: z.ZodObject<{
|
|
17
|
+
windowSeconds: z.ZodDefault<z.ZodNumber>;
|
|
18
|
+
maxRequests: z.ZodDefault<z.ZodNumber>;
|
|
19
|
+
}, z.core.$strip>;
|
|
20
|
+
export declare const authConfigSchema: z.ZodObject<{
|
|
21
|
+
jwt: z.ZodObject<{
|
|
22
|
+
secret: z.ZodString;
|
|
23
|
+
accessExpiresIn: z.ZodDefault<z.ZodString>;
|
|
24
|
+
refreshExpiresIn: z.ZodDefault<z.ZodString>;
|
|
25
|
+
}, z.core.$strip>;
|
|
26
|
+
passwordPolicy: z.ZodObject<{
|
|
27
|
+
minLength: z.ZodDefault<z.ZodNumber>;
|
|
28
|
+
requireUppercase: z.ZodDefault<z.ZodBoolean>;
|
|
29
|
+
requireLowercase: z.ZodDefault<z.ZodBoolean>;
|
|
30
|
+
requireNumber: z.ZodDefault<z.ZodBoolean>;
|
|
31
|
+
requireSpecial: z.ZodDefault<z.ZodBoolean>;
|
|
32
|
+
historyCount: z.ZodDefault<z.ZodNumber>;
|
|
33
|
+
expireDays: z.ZodDefault<z.ZodNumber>;
|
|
34
|
+
}, z.core.$strip>;
|
|
35
|
+
defaultTenantId: z.ZodDefault<z.ZodString>;
|
|
36
|
+
}, z.core.$strip>;
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export const jwtConfigSchema = z.object({
|
|
3
|
+
secret: z.string().min(1, "JWT 密钥不能为空"),
|
|
4
|
+
accessExpiresIn: z.string().default("15m"),
|
|
5
|
+
refreshExpiresIn: z.string().default("7d"),
|
|
6
|
+
});
|
|
7
|
+
export const passwordPolicyConfigSchema = z.object({
|
|
8
|
+
minLength: z.number().int().positive().default(8),
|
|
9
|
+
requireUppercase: z.boolean().default(true),
|
|
10
|
+
requireLowercase: z.boolean().default(true),
|
|
11
|
+
requireNumber: z.boolean().default(true),
|
|
12
|
+
requireSpecial: z.boolean().default(false),
|
|
13
|
+
historyCount: z.number().int().nonnegative().default(5),
|
|
14
|
+
expireDays: z.number().int().nonnegative().default(0),
|
|
15
|
+
});
|
|
16
|
+
export const rateLimitConfigSchema = z.object({
|
|
17
|
+
windowSeconds: z.number().int().positive().default(60),
|
|
18
|
+
maxRequests: z.number().int().positive().default(100),
|
|
19
|
+
});
|
|
20
|
+
export const authConfigSchema = z.object({
|
|
21
|
+
jwt: jwtConfigSchema,
|
|
22
|
+
passwordPolicy: passwordPolicyConfigSchema,
|
|
23
|
+
defaultTenantId: z.string().min(1).default("default"),
|
|
24
|
+
});
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export declare const accessTokenPayloadSchema: z.ZodObject<{
|
|
3
|
+
sub: z.ZodString;
|
|
4
|
+
type: z.ZodLiteral<"access">;
|
|
5
|
+
tenantId: z.ZodOptional<z.ZodString>;
|
|
6
|
+
iss: z.ZodOptional<z.ZodString>;
|
|
7
|
+
aud: z.ZodOptional<z.ZodString>;
|
|
8
|
+
jti: z.ZodOptional<z.ZodString>;
|
|
9
|
+
roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
10
|
+
permissions: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
11
|
+
}, z.core.$strip>;
|
|
12
|
+
export declare const refreshTokenPayloadSchema: z.ZodObject<{
|
|
13
|
+
sub: z.ZodString;
|
|
14
|
+
sessionId: z.ZodString;
|
|
15
|
+
type: z.ZodLiteral<"refresh">;
|
|
16
|
+
}, z.core.$strip>;
|
|
17
|
+
export declare const passwordResetTokenPayloadSchema: z.ZodObject<{
|
|
18
|
+
sub: z.ZodString;
|
|
19
|
+
type: z.ZodLiteral<"password_reset">;
|
|
20
|
+
}, z.core.$strip>;
|
|
21
|
+
export declare const mfaPendingTokenPayloadSchema: z.ZodObject<{
|
|
22
|
+
sub: z.ZodString;
|
|
23
|
+
type: z.ZodLiteral<"mfa_pending">;
|
|
24
|
+
}, z.core.$strip>;
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export const accessTokenPayloadSchema = z.object({
|
|
3
|
+
sub: z.string(),
|
|
4
|
+
type: z.literal("access"),
|
|
5
|
+
tenantId: z.string().optional(),
|
|
6
|
+
iss: z.string().optional(),
|
|
7
|
+
aud: z.string().optional(),
|
|
8
|
+
jti: z.string().optional(),
|
|
9
|
+
roles: z.array(z.string()).optional(),
|
|
10
|
+
permissions: z.array(z.string()).optional(),
|
|
11
|
+
});
|
|
12
|
+
export const refreshTokenPayloadSchema = z.object({
|
|
13
|
+
sub: z.string(),
|
|
14
|
+
sessionId: z.string(),
|
|
15
|
+
type: z.literal("refresh"),
|
|
16
|
+
});
|
|
17
|
+
export const passwordResetTokenPayloadSchema = z.object({
|
|
18
|
+
sub: z.string(),
|
|
19
|
+
type: z.literal("password_reset"),
|
|
20
|
+
});
|
|
21
|
+
export const mfaPendingTokenPayloadSchema = z.object({
|
|
22
|
+
sub: z.string(),
|
|
23
|
+
type: z.literal("mfa_pending"),
|
|
24
|
+
});
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export declare const createUserSchema: z.ZodObject<{
|
|
3
|
+
email: z.ZodString;
|
|
4
|
+
username: z.ZodString;
|
|
5
|
+
password: z.ZodString;
|
|
6
|
+
displayName: z.ZodOptional<z.ZodString>;
|
|
7
|
+
}, z.core.$strip>;
|
|
8
|
+
export declare const updateUserSchema: z.ZodObject<{
|
|
9
|
+
displayName: z.ZodOptional<z.ZodString>;
|
|
10
|
+
avatarUrl: z.ZodOptional<z.ZodString>;
|
|
11
|
+
}, z.core.$strip>;
|
|
12
|
+
export declare const changePasswordSchema: z.ZodObject<{
|
|
13
|
+
currentPassword: z.ZodString;
|
|
14
|
+
newPassword: z.ZodString;
|
|
15
|
+
}, z.core.$strip>;
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export const createUserSchema = z.object({
|
|
3
|
+
email: z.string().email("邮箱格式无效"),
|
|
4
|
+
username: z.string().min(3, "用户名至少 3 个字符").max(50, "用户名最多 50 个字符"),
|
|
5
|
+
password: z.string().min(8, "密码至少 8 个字符").max(128, "密码最多 128 个字符"),
|
|
6
|
+
displayName: z.string().optional(),
|
|
7
|
+
});
|
|
8
|
+
export const updateUserSchema = z.object({
|
|
9
|
+
displayName: z.string().optional(),
|
|
10
|
+
avatarUrl: z.string().url("头像 URL 格式无效").optional(),
|
|
11
|
+
});
|
|
12
|
+
export const changePasswordSchema = z.object({
|
|
13
|
+
currentPassword: z.string("请输入当前密码"),
|
|
14
|
+
newPassword: z.string().min(8, "新密码至少 8 个字符").max(128, "新密码最多 128 个字符"),
|
|
15
|
+
});
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export type { AuditLogEntry } from "@longzai-intelligence-audit/audit-log-contract";
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
export type LoginRequest = {
|
|
2
|
+
email: string;
|
|
3
|
+
password: string;
|
|
4
|
+
};
|
|
5
|
+
export type LoginResponse = {
|
|
6
|
+
accessToken: string;
|
|
7
|
+
refreshToken: string;
|
|
8
|
+
};
|
|
9
|
+
export type RegisterRequest = {
|
|
10
|
+
email: string;
|
|
11
|
+
password: string;
|
|
12
|
+
name: string;
|
|
13
|
+
};
|
|
14
|
+
export type RegisterResponse = {
|
|
15
|
+
userId: string;
|
|
16
|
+
message: string;
|
|
17
|
+
};
|
|
18
|
+
export type RefreshTokenRequest = {
|
|
19
|
+
refreshToken: string;
|
|
20
|
+
};
|
|
21
|
+
export type RefreshTokenResponse = {
|
|
22
|
+
accessToken: string;
|
|
23
|
+
refreshToken: string;
|
|
24
|
+
};
|
|
25
|
+
export type PasswordResetRequest = {
|
|
26
|
+
email: string;
|
|
27
|
+
};
|
|
28
|
+
export type PasswordResetConfirmRequest = {
|
|
29
|
+
token: string;
|
|
30
|
+
password: string;
|
|
31
|
+
};
|
|
32
|
+
export type ChangePasswordRequest = {
|
|
33
|
+
oldPassword: string;
|
|
34
|
+
newPassword: string;
|
|
35
|
+
};
|
|
36
|
+
export type MessageResponse = {
|
|
37
|
+
message: string;
|
|
38
|
+
};
|
|
39
|
+
export type MeResponse = {
|
|
40
|
+
userId: string;
|
|
41
|
+
tenantId?: string;
|
|
42
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
export type JwtConfig = {
|
|
2
|
+
secret: string;
|
|
3
|
+
accessExpiresIn: string;
|
|
4
|
+
refreshExpiresIn: string;
|
|
5
|
+
};
|
|
6
|
+
export type PasswordPolicyConfig = {
|
|
7
|
+
minLength: number;
|
|
8
|
+
requireUppercase: boolean;
|
|
9
|
+
requireLowercase: boolean;
|
|
10
|
+
requireNumber: boolean;
|
|
11
|
+
requireSpecial: boolean;
|
|
12
|
+
historyCount: number;
|
|
13
|
+
expireDays: number;
|
|
14
|
+
};
|
|
15
|
+
export type AuthConfig = {
|
|
16
|
+
jwt: JwtConfig;
|
|
17
|
+
passwordPolicy: PasswordPolicyConfig;
|
|
18
|
+
defaultTenantId: string;
|
|
19
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export * from "./auth-api.types";
|
|
2
|
+
export * from "./auth-context.types";
|
|
3
|
+
export * from "./config.types";
|
|
4
|
+
export * from "./logger.types";
|
|
5
|
+
export * from "./password.types";
|
|
6
|
+
export * from "./permission.types";
|
|
7
|
+
export * from "./rate-limit.types";
|
|
8
|
+
export * from "./session.types";
|
|
9
|
+
export * from "./tenant-member.types";
|
|
10
|
+
export * from "./tenant.types";
|
|
11
|
+
export * from "./token.types";
|
|
12
|
+
export * from "./user.types";
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export * from "./auth-api.types";
|
|
2
|
+
export * from "./auth-context.types";
|
|
3
|
+
export * from "./config.types";
|
|
4
|
+
export * from "./logger.types";
|
|
5
|
+
export * from "./password.types";
|
|
6
|
+
export * from "./permission.types";
|
|
7
|
+
export * from "./rate-limit.types";
|
|
8
|
+
export * from "./session.types";
|
|
9
|
+
export * from "./tenant-member.types";
|
|
10
|
+
export * from "./tenant.types";
|
|
11
|
+
export * from "./token.types";
|
|
12
|
+
export * from "./user.types";
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export type LoggerService = {
|
|
2
|
+
debug(message: string, context?: Record<string, unknown>): void;
|
|
3
|
+
info(message: string, context?: Record<string, unknown>): void;
|
|
4
|
+
warn(message: string, context?: Record<string, unknown>): void;
|
|
5
|
+
error(message: string, context?: Record<string, unknown>): void;
|
|
6
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export type ResourceAction = {
|
|
2
|
+
resource: string;
|
|
3
|
+
action: string;
|
|
4
|
+
};
|
|
5
|
+
export type PermissionCheckFn = (userId: string, resource: string, action: string) => Promise<void>;
|
|
6
|
+
export type TenantPermissionCheckFn = (userId: string, tenantId: string, resource: string, action: string) => Promise<void>;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
export type Session = {
|
|
2
|
+
id: string;
|
|
3
|
+
userId: string;
|
|
4
|
+
tenantId: string;
|
|
5
|
+
refreshTokenHash: string;
|
|
6
|
+
deviceInfo: string | null;
|
|
7
|
+
ipAddress: string | null;
|
|
8
|
+
userAgent: string | null;
|
|
9
|
+
expiresAt: string;
|
|
10
|
+
createdAt: string;
|
|
11
|
+
};
|
|
12
|
+
export type CreateSessionInput = {
|
|
13
|
+
userId: string;
|
|
14
|
+
tenantId: string;
|
|
15
|
+
refreshTokenHash: string;
|
|
16
|
+
deviceInfo?: string;
|
|
17
|
+
ipAddress?: string;
|
|
18
|
+
userAgent?: string;
|
|
19
|
+
expiresAt: string;
|
|
20
|
+
};
|
|
21
|
+
export type SessionInfo = Session;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
export type TenantMemberRole = "owner" | "admin" | "member";
|
|
2
|
+
export type TenantMember = {
|
|
3
|
+
id: string;
|
|
4
|
+
tenantId: string;
|
|
5
|
+
userId: string;
|
|
6
|
+
role: TenantMemberRole;
|
|
7
|
+
joinedAt: string;
|
|
8
|
+
};
|
|
9
|
+
export type CreateTenantMemberInput = {
|
|
10
|
+
tenantId: string;
|
|
11
|
+
userId: string;
|
|
12
|
+
role?: TenantMemberRole;
|
|
13
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
export type TenantStatus = "active" | "suspended";
|
|
2
|
+
export type Tenant = {
|
|
3
|
+
id: string;
|
|
4
|
+
name: string;
|
|
5
|
+
slug: string;
|
|
6
|
+
status: TenantStatus;
|
|
7
|
+
maxUsers: number;
|
|
8
|
+
settings: string | null;
|
|
9
|
+
createdAt: string;
|
|
10
|
+
updatedAt: string;
|
|
11
|
+
};
|
|
12
|
+
export type CreateTenantInput = {
|
|
13
|
+
name: string;
|
|
14
|
+
slug: string;
|
|
15
|
+
maxUsers?: number;
|
|
16
|
+
settings?: string;
|
|
17
|
+
};
|
|
18
|
+
export type UpdateTenantInput = {
|
|
19
|
+
name?: string;
|
|
20
|
+
maxUsers?: number;
|
|
21
|
+
settings?: string;
|
|
22
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
export type AccessTokenPayload = {
|
|
2
|
+
sub: string;
|
|
3
|
+
type: "access";
|
|
4
|
+
tenantId?: string;
|
|
5
|
+
iss?: string;
|
|
6
|
+
aud?: string;
|
|
7
|
+
jti?: string;
|
|
8
|
+
roles?: string[];
|
|
9
|
+
permissions?: string[];
|
|
10
|
+
};
|
|
11
|
+
export type RefreshTokenPayload = {
|
|
12
|
+
sub: string;
|
|
13
|
+
sessionId: string;
|
|
14
|
+
type: "refresh";
|
|
15
|
+
};
|
|
16
|
+
export type PasswordResetTokenPayload = {
|
|
17
|
+
sub: string;
|
|
18
|
+
type: "password_reset";
|
|
19
|
+
};
|
|
20
|
+
export type MfaPendingTokenPayload = {
|
|
21
|
+
sub: string;
|
|
22
|
+
type: "mfa_pending";
|
|
23
|
+
};
|
|
24
|
+
export type TokenPayload = AccessTokenPayload | RefreshTokenPayload | PasswordResetTokenPayload | MfaPendingTokenPayload;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
export type UserStatus = "active" | "disabled" | "locked";
|
|
2
|
+
export type User = {
|
|
3
|
+
id: string;
|
|
4
|
+
email: string;
|
|
5
|
+
username: string;
|
|
6
|
+
passwordHash: string;
|
|
7
|
+
displayName: string | null;
|
|
8
|
+
avatarUrl: string | null;
|
|
9
|
+
status: UserStatus;
|
|
10
|
+
mfaEnabled: boolean;
|
|
11
|
+
mfaSecret: string | null;
|
|
12
|
+
failedLoginAttempts: number;
|
|
13
|
+
lockedUntil: string | null;
|
|
14
|
+
passwordChangedAt: string | null;
|
|
15
|
+
lastLoginAt: string | null;
|
|
16
|
+
createdAt: string;
|
|
17
|
+
updatedAt: string;
|
|
18
|
+
};
|
|
19
|
+
export type CreateUserInput = {
|
|
20
|
+
email: string;
|
|
21
|
+
username: string;
|
|
22
|
+
passwordHash: string;
|
|
23
|
+
displayName?: string;
|
|
24
|
+
avatarUrl?: string;
|
|
25
|
+
};
|
|
26
|
+
export type UpdateUserInput = {
|
|
27
|
+
displayName?: string;
|
|
28
|
+
avatarUrl?: string;
|
|
29
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
package/package.json
ADDED
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@longzai-intelligence-auth/core",
|
|
3
|
+
"version": "0.0.1",
|
|
4
|
+
"license": "MIT",
|
|
5
|
+
"type": "module",
|
|
6
|
+
"sideEffects": false,
|
|
7
|
+
"main": "./dist/index.cjs",
|
|
8
|
+
"module": "./dist/index.js",
|
|
9
|
+
"types": "./dist/index.d.ts",
|
|
10
|
+
"exports": {
|
|
11
|
+
".": {
|
|
12
|
+
"import": {
|
|
13
|
+
"types": "./dist/index.d.ts",
|
|
14
|
+
"default": "./dist/index.js"
|
|
15
|
+
},
|
|
16
|
+
"require": {
|
|
17
|
+
"types": "./dist/index.d.cts",
|
|
18
|
+
"default": "./dist/index.cjs"
|
|
19
|
+
}
|
|
20
|
+
}
|
|
21
|
+
},
|
|
22
|
+
"files": [
|
|
23
|
+
"dist"
|
|
24
|
+
],
|
|
25
|
+
"publishConfig": {
|
|
26
|
+
"access": "public"
|
|
27
|
+
},
|
|
28
|
+
"repository": {
|
|
29
|
+
"type": "git",
|
|
30
|
+
"url": "https://github.com/longzai/longzai-intelligence-auth",
|
|
31
|
+
"directory": "packages/core"
|
|
32
|
+
},
|
|
33
|
+
"dependencies": {
|
|
34
|
+
"@longzai-intelligence/error": "^0.0.5",
|
|
35
|
+
"zod": "^4.4.3"
|
|
36
|
+
},
|
|
37
|
+
"scripts": {
|
|
38
|
+
"build": "tsgo --build",
|
|
39
|
+
"typecheck": "tsgo --noEmit",
|
|
40
|
+
"lint": "oxlint && oxfmt --check",
|
|
41
|
+
"lint:fix": "oxlint --fix && oxfmt",
|
|
42
|
+
"test": "bun test",
|
|
43
|
+
"clean": "rm -rf dist out .cache"
|
|
44
|
+
}
|
|
45
|
+
}
|