npm - @nauth-toolkit/core - Versions diffs - 0.1.0 → 0.1.3 - Mend

@nauth-toolkit/core 0.1.0 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (184) hide show

package/LICENSE +90 -0
package/README.md +30 -0
package/package.json +7 -2
package/jest.config.js +0 -15
package/jest.setup.ts +0 -6
package/src/adapters/database-columns.ts +0 -165
package/src/adapters/express.adapter.ts +0 -385
package/src/adapters/fastify.adapter.ts +0 -416
package/src/adapters/index.ts +0 -16
package/src/adapters/storage.factory.ts +0 -143
package/src/bootstrap.ts +0 -374
package/src/dto/auth-challenge.dto.ts +0 -231
package/src/dto/auth-response.dto.ts +0 -253
package/src/dto/challenge-response.dto.ts +0 -234
package/src/dto/change-password-request.dto.ts +0 -50
package/src/dto/change-password-response.dto.ts +0 -29
package/src/dto/change-password.dto.ts +0 -57
package/src/dto/error-response.dto.ts +0 -136
package/src/dto/get-available-methods.dto.ts +0 -55
package/src/dto/get-challenge-data-response.dto.ts +0 -28
package/src/dto/get-challenge-data.dto.ts +0 -69
package/src/dto/get-client-info.dto.ts +0 -104
package/src/dto/get-device-token-response.dto.ts +0 -25
package/src/dto/get-events-by-type.dto.ts +0 -76
package/src/dto/get-ip-address-response.dto.ts +0 -24
package/src/dto/get-mfa-status.dto.ts +0 -94
package/src/dto/get-risk-assessment-history.dto.ts +0 -39
package/src/dto/get-session-id-response.dto.ts +0 -25
package/src/dto/get-setup-data-response.dto.ts +0 -31
package/src/dto/get-setup-data.dto.ts +0 -75
package/src/dto/get-suspicious-activity.dto.ts +0 -42
package/src/dto/get-user-agent-response.dto.ts +0 -23
package/src/dto/get-user-auth-history.dto.ts +0 -95
package/src/dto/get-user-by-email.dto.ts +0 -61
package/src/dto/get-user-by-id.dto.ts +0 -46
package/src/dto/get-user-devices.dto.ts +0 -53
package/src/dto/get-user-response.dto.ts +0 -17
package/src/dto/has-provider.dto.ts +0 -56
package/src/dto/index.ts +0 -57
package/src/dto/is-trusted-device-response.dto.ts +0 -34
package/src/dto/list-providers-response.dto.ts +0 -23
package/src/dto/login.dto.ts +0 -95
package/src/dto/logout-all-response.dto.ts +0 -24
package/src/dto/logout-all.dto.ts +0 -65
package/src/dto/logout-response.dto.ts +0 -25
package/src/dto/logout.dto.ts +0 -64
package/src/dto/refresh-token.dto.ts +0 -36
package/src/dto/remove-devices.dto.ts +0 -85
package/src/dto/resend-code-response.dto.ts +0 -32
package/src/dto/resend-code.dto.ts +0 -51
package/src/dto/reset-password.dto.ts +0 -115
package/src/dto/respond-challenge.dto.ts +0 -272
package/src/dto/set-mfa-exemption.dto.ts +0 -112
package/src/dto/set-must-change-password-response.dto.ts +0 -27
package/src/dto/set-must-change-password.dto.ts +0 -46
package/src/dto/set-preferred-method.dto.ts +0 -80
package/src/dto/setup-mfa.dto.ts +0 -98
package/src/dto/signup.dto.ts +0 -174
package/src/dto/social-auth.dto.ts +0 -422
package/src/dto/trust-device-response.dto.ts +0 -30
package/src/dto/trust-device.dto.ts +0 -9
package/src/dto/update-user-attributes-request.dto.ts +0 -51
package/src/dto/user-response.dto.ts +0 -138
package/src/dto/user-update.dto.ts +0 -222
package/src/dto/verify-email.dto.ts +0 -313
package/src/dto/verify-mfa-code.dto.ts +0 -103
package/src/dto/verify-phone-by-sub.dto.ts +0 -78
package/src/dto/verify-phone.dto.ts +0 -245
package/src/entities/auth-audit.entity.ts +0 -232
package/src/entities/challenge-session.entity.ts +0 -116
package/src/entities/index.ts +0 -29
package/src/entities/login-attempt.entity.ts +0 -64
package/src/entities/mfa-device.entity.ts +0 -151
package/src/entities/rate-limit.entity.ts +0 -44
package/src/entities/session.entity.ts +0 -180
package/src/entities/social-account.entity.ts +0 -96
package/src/entities/storage-lock.entity.ts +0 -39
package/src/entities/trusted-device.entity.ts +0 -112
package/src/entities/user.entity.ts +0 -243
package/src/entities/verification-token.entity.ts +0 -141
package/src/enums/auth-audit-event-type.enum.ts +0 -360
package/src/enums/error-codes.enum.ts +0 -420
package/src/enums/mfa-method.enum.ts +0 -97
package/src/enums/risk-factor.enum.ts +0 -111
package/src/exceptions/nauth.exception.ts +0 -231
package/src/handlers/auth.handler.ts +0 -260
package/src/handlers/client-info.handler.ts +0 -101
package/src/handlers/csrf.handler.ts +0 -156
package/src/handlers/token-delivery.handler.ts +0 -118
package/src/index.ts +0 -118
package/src/interfaces/client-info.interface.ts +0 -85
package/src/interfaces/config.interface.ts +0 -2135
package/src/interfaces/entities.interface.ts +0 -226
package/src/interfaces/index.ts +0 -15
package/src/interfaces/logger.interface.ts +0 -283
package/src/interfaces/mfa-provider.interface.ts +0 -154
package/src/interfaces/oauth.interface.ts +0 -148
package/src/interfaces/provider.interface.ts +0 -47
package/src/interfaces/social-auth-provider.interface.ts +0 -131
package/src/interfaces/storage-adapter.interface.ts +0 -82
package/src/interfaces/template.interface.ts +0 -510
package/src/interfaces/token-verifier.interface.ts +0 -110
package/src/internal.ts +0 -178
package/src/platform/interfaces.ts +0 -299
package/src/schemas/auth-config.schema.ts +0 -646
package/src/services/adaptive-mfa-decision.service.spec.ts +0 -1058
package/src/services/adaptive-mfa-decision.service.ts +0 -457
package/src/services/auth-audit.service.spec.ts +0 -675
package/src/services/auth-audit.service.ts +0 -558
package/src/services/auth-challenge-helper.service.spec.ts +0 -3227
package/src/services/auth-challenge-helper.service.ts +0 -825
package/src/services/auth-flow-context-builder.service.ts +0 -520
package/src/services/auth-flow-rules.ts +0 -202
package/src/services/auth-flow-state-definitions.ts +0 -190
package/src/services/auth-flow-state-machine.service.ts +0 -207
package/src/services/auth-flow-state-machine.types.ts +0 -316
package/src/services/auth.service.spec.ts +0 -4195
package/src/services/auth.service.ts +0 -3727
package/src/services/challenge.service.spec.ts +0 -1363
package/src/services/challenge.service.ts +0 -696
package/src/services/client-info.service.spec.ts +0 -572
package/src/services/client-info.service.ts +0 -374
package/src/services/csrf.service.ts +0 -54
package/src/services/email-verification.service.spec.ts +0 -1229
package/src/services/email-verification.service.ts +0 -578
package/src/services/geo-location.service.spec.ts +0 -603
package/src/services/geo-location.service.ts +0 -599
package/src/services/index.ts +0 -13
package/src/services/jwt.service.spec.ts +0 -882
package/src/services/jwt.service.ts +0 -621
package/src/services/mfa-base.service.spec.ts +0 -246
package/src/services/mfa-base.service.ts +0 -611
package/src/services/mfa.service.spec.ts +0 -693
package/src/services/mfa.service.ts +0 -960
package/src/services/password.service.spec.ts +0 -166
package/src/services/password.service.ts +0 -309
package/src/services/phone-verification.service.spec.ts +0 -1120
package/src/services/phone-verification.service.ts +0 -751
package/src/services/risk-detection.service.spec.ts +0 -1292
package/src/services/risk-detection.service.ts +0 -1012
package/src/services/risk-scoring.service.spec.ts +0 -204
package/src/services/risk-scoring.service.ts +0 -131
package/src/services/session.service.spec.ts +0 -1293
package/src/services/session.service.ts +0 -803
package/src/services/social-account.service.spec.ts +0 -725
package/src/services/social-auth-base.service.spec.ts +0 -418
package/src/services/social-auth-base.service.ts +0 -581
package/src/services/social-auth.service.spec.ts +0 -238
package/src/services/social-auth.service.ts +0 -436
package/src/services/social-provider-registry.service.spec.ts +0 -238
package/src/services/social-provider-registry.service.ts +0 -122
package/src/services/trusted-device.service.spec.ts +0 -505
package/src/services/trusted-device.service.ts +0 -339
package/src/storage/account-lockout-storage.service.spec.ts +0 -310
package/src/storage/account-lockout-storage.service.ts +0 -89
package/src/storage/index.ts +0 -3
package/src/storage/memory-storage.adapter.ts +0 -443
package/src/storage/rate-limit-storage.service.spec.ts +0 -247
package/src/storage/rate-limit-storage.service.ts +0 -38
package/src/templates/html-template.engine.spec.ts +0 -161
package/src/templates/html-template.engine.ts +0 -688
package/src/templates/index.ts +0 -7
package/src/utils/common-passwords.spec.ts +0 -230
package/src/utils/common-passwords.ts +0 -170
package/src/utils/context-storage.ts +0 -188
package/src/utils/cookie-names.util.ts +0 -67
package/src/utils/cookies.util.ts +0 -94
package/src/utils/index.ts +0 -12
package/src/utils/ip-extractor.spec.ts +0 -330
package/src/utils/ip-extractor.ts +0 -220
package/src/utils/nauth-logger.spec.ts +0 -388
package/src/utils/nauth-logger.ts +0 -215
package/src/utils/pii-redactor.spec.ts +0 -130
package/src/utils/pii-redactor.ts +0 -288
package/src/utils/setup/get-repositories.ts +0 -140
package/src/utils/setup/init-services.ts +0 -422
package/src/utils/setup/init-social.ts +0 -189
package/src/utils/setup/init-storage.ts +0 -94
package/src/utils/setup/register-mfa.ts +0 -165
package/src/utils/setup/run-nauth-migrations.ts +0 -61
package/src/utils/token-delivery-policy.ts +0 -38
package/src/validators/template.validator.ts +0 -219
package/tsconfig.json +0 -37
package/tsconfig.lint.json +0 -6

package/src/services/auth-flow-state-machine.types.ts DELETED Viewed

@@ -1,316 +0,0 @@
-import { IUser } from '../interfaces/entities.interface';
-import { NAuthConfig } from '../interfaces/config.interface';
-import { AuthChallenge } from '../dto/auth-challenge.dto';
-/**
- * Authentication flow states
- *
- * Represents the current state of the authentication flow.
- * States are evaluated in priority order (1-9).
- *
- * @example
- * ```typescript
- * const state = AuthFlowState.PENDING_EMAIL_VERIFICATION;
- * ```
- */
-export enum AuthFlowState {
-  /**
-   * User must change password before continuing
-   * Priority: 1 (highest)
-   */
-  PENDING_PASSWORD_CHANGE = 'PENDING_PASSWORD_CHANGE',
-  /**
-   * User must verify email address
-   * Priority: 2
-   */
-  PENDING_EMAIL_VERIFICATION = 'PENDING_EMAIL_VERIFICATION',
-  /**
-   * User must provide phone number
-   * Priority: 3
-   */
-  PENDING_PHONE_COLLECTION = 'PENDING_PHONE_COLLECTION',
-  /**
-   * User must verify phone number
-   * Priority: 4
-   */
-  PENDING_PHONE_VERIFICATION = 'PENDING_PHONE_VERIFICATION',
-  /**
-   * User must set up MFA
-   * Priority: 5
-   */
-  PENDING_MFA_SETUP = 'PENDING_MFA_SETUP',
-  /**
-   * User must verify MFA
-   * Priority: 6
-   */
-  PENDING_MFA_VERIFICATION = 'PENDING_MFA_VERIFICATION',
-  /**
-   * Grace period is active (MFA setup optional)
-   * Priority: 7
-   */
-  GRACE_PERIOD_ACTIVE = 'GRACE_PERIOD_ACTIVE',
-  /**
-   * User is blocked from signing in
-   * Priority: 8
-   */
-  BLOCKED = 'BLOCKED',
-  /**
-   * Authentication complete - user is fully authenticated
-   * Priority: 9 (lowest - default state)
-   */
-  AUTHENTICATED = 'AUTHENTICATED',
-}
-/**
- * Authentication flow context
- *
- * Contains all data needed to evaluate authentication flow state.
- * Pre-computed values are stored in the `computed` property to optimize rule evaluation.
- *
- * @example
- * ```typescript
- * const context: AuthFlowContext = {
- *   user,
- *   config,
- *   authMethod: 'password',
- *   computed: {
- *     isEmailVerificationRequired: true,
- *     isPhoneVerificationRequired: false,
- *     isMFAExempt: false,
- *     // ... other computed values
- *   }
- * };
- * ```
- */
-export interface AuthFlowContext {
-  /**
-   * User attempting authentication
-   */
-  user: IUser;
-  /**
-   * Authentication configuration
-   */
-  config: NAuthConfig;
-  /**
-   * Authentication method ('password' or 'social')
-   */
-  authMethod?: 'password' | 'social';
-  /**
-   * Social auth provider name (e.g., 'google', 'apple', 'facebook')
-   */
-  authProvider?: string;
-  /**
-   * Device token for trusted device check
-   */
-  deviceToken?: string;
-  /**
-   * Skip MFA verification flag (used for special cases like phone auto-complete)
-   */
-  skipMFAVerification?: boolean;
-  /**
-   * Pre-computed values for rule evaluation
-   * These are calculated once at the beginning of the flow to optimize performance.
-   */
-  computed: {
-    /**
-     * Whether email verification is required
-     */
-    isEmailVerificationRequired: boolean;
-    /**
-     * Whether phone verification is required
-     */
-    isPhoneVerificationRequired: boolean;
-    /**
-     * Whether phone collection is needed (user has no phone)
-     */
-    isPhoneCollectionNeeded: boolean;
-    /**
-     * Whether user is exempt from MFA
-     */
-    isMFAExempt: boolean;
-    /**
-     * Whether MFA setup is required
-     */
-    isMFASetupRequired: boolean;
-    /**
-     * Whether MFA verification is required
-     */
-    isMFAVerificationRequired: boolean;
-    /**
-     * Whether device is trusted
-     */
-    isDeviceTrusted: boolean;
-    /**
-     * Whether grace period is active
-     */
-    isGracePeriodActive: boolean;
-    /**
-     * Grace period end timestamp (if active)
-     */
-    gracePeriodEndsAt?: Date;
-    /**
-     * Whether user is blocked
-     */
-    isBlocked: boolean;
-    /**
-     * Block expiration timestamp (if blocked)
-     */
-    blockedUntil?: Date;
-    /**
-     * Block reason (if blocked)
-     */
-    blockReason?: string;
-    /**
-     * Risk score (0-100) for adaptive MFA
-     */
-    riskScore?: number;
-    /**
-     * Risk level ('low' | 'medium' | 'high')
-     */
-    riskLevel?: 'low' | 'medium' | 'high';
-  };
-}
-/**
- * Rule function type
- *
- * A rule is a function that evaluates to true or false based on the context.
- * Rules can be combined using RuleBuilder combinators (all, any, not).
- *
- * @param context - Authentication flow context
- * @returns True if rule condition is met, false otherwise
- *
- * @example
- * ```typescript
- * const mustChangePassword: Rule = (context) => {
- *   return context.user.mustChangePassword === true;
- * };
- * ```
- */
-export type Rule = (context: AuthFlowContext) => boolean;
-/**
- * Response metadata
- *
- * Additional information to include in the authentication response.
- * Used for special states like grace period and blocked state.
- *
- * @example
- * ```typescript
- * const metadata: ResponseMetadata = {
- *   gracePeriodEndsAt: new Date('2024-01-15'),
- *   riskScore: 45,
- *   riskLevel: 'medium'
- * };
- * ```
- */
-export interface ResponseMetadata {
-  /**
-   * Grace period end timestamp
-   */
-  gracePeriodEndsAt?: Date;
-  /**
-   * Risk score (0-100)
-   */
-  riskScore?: number;
-  /**
-   * Risk level
-   */
-  riskLevel?: 'low' | 'medium' | 'high';
-  /**
-   * Block expiration timestamp
-   */
-  blockedUntil?: Date;
-  /**
-   * Block reason
-   */
-  reason?: string;
-}
-/**
- * State definition
- *
- * Defines a state in the authentication flow, including:
- * - Priority (evaluation order)
- * - Condition rule (when this state applies)
- * - Challenge mapping (which AuthChallenge this state maps to)
- * - Metadata builder (optional additional response data)
- * - OnEnter hook (optional action when state is entered)
- *
- * @example
- * ```typescript
- * const stateDef: StateDefinition = {
- *   state: AuthFlowState.PENDING_EMAIL_VERIFICATION,
- *   priority: 2,
- *   condition: Rules.emailVerificationPending,
- *   challenge: AuthChallenge.VERIFY_EMAIL,
- * };
- * ```
- */
-export interface StateDefinition {
-  /**
-   * State identifier
-   */
-  state: AuthFlowState;
-  /**
-   * Priority (1-9, lower = higher priority)
-   * States are evaluated in priority order
-   */
-  priority: number;
-  /**
-   * Condition rule that determines if this state applies
-   */
-  condition: Rule;
-  /**
-   * Challenge type this state maps to (if applicable)
-   * Undefined for AUTHENTICATED and GRACE_PERIOD_ACTIVE states
-   */
-  challenge?: AuthChallenge;
-  /**
-   * Build metadata for response (optional)
-   * Used for states that need to include additional information
-   */
-  buildMetadata?: (context: AuthFlowContext) => ResponseMetadata | undefined;
-  /**
-   * OnEnter hook (optional)
-   * Executed when this state is entered
-   * Can modify context (e.g., set skipMFAVerification flag)
-   */
-  onEnter?: (context: AuthFlowContext) => Promise<void> | void;
-}