@nauth-toolkit/core 0.1.13 → 0.1.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/database-columns.d.ts +70 -0
- package/dist/adapters/database-columns.d.ts.map +1 -1
- package/dist/adapters/database-columns.js +76 -2
- package/dist/adapters/database-columns.js.map +1 -1
- package/dist/adapters/express.adapter.d.ts +66 -0
- package/dist/adapters/express.adapter.d.ts.map +1 -1
- package/dist/adapters/express.adapter.js +80 -0
- package/dist/adapters/express.adapter.js.map +1 -1
- package/dist/adapters/fastify.adapter.d.ts +42 -0
- package/dist/adapters/fastify.adapter.d.ts.map +1 -1
- package/dist/adapters/fastify.adapter.js +86 -0
- package/dist/adapters/fastify.adapter.js.map +1 -1
- package/dist/adapters/index.d.ts +5 -0
- package/dist/adapters/index.d.ts.map +1 -1
- package/dist/adapters/index.js +9 -0
- package/dist/adapters/index.js.map +1 -1
- package/dist/adapters/storage.factory.d.ts +107 -0
- package/dist/adapters/storage.factory.d.ts.map +1 -1
- package/dist/adapters/storage.factory.js +114 -0
- package/dist/adapters/storage.factory.js.map +1 -1
- package/dist/adapters.d.ts +8 -0
- package/dist/adapters.d.ts.map +1 -1
- package/dist/adapters.js +8 -0
- package/dist/adapters.js.map +1 -1
- package/dist/bootstrap.d.ts +82 -0
- package/dist/bootstrap.d.ts.map +1 -1
- package/dist/bootstrap.js +106 -0
- package/dist/bootstrap.js.map +1 -1
- package/dist/dto/admin-set-password.dto.d.ts +90 -0
- package/dist/dto/admin-set-password.dto.d.ts.map +1 -1
- package/dist/dto/admin-set-password.dto.js +91 -0
- package/dist/dto/admin-set-password.dto.js.map +1 -1
- package/dist/dto/auth-challenge.dto.d.ts +170 -0
- package/dist/dto/auth-challenge.dto.d.ts.map +1 -1
- package/dist/dto/auth-challenge.dto.js +170 -0
- package/dist/dto/auth-challenge.dto.js.map +1 -1
- package/dist/dto/auth-response.dto.d.ts +196 -0
- package/dist/dto/auth-response.dto.d.ts.map +1 -1
- package/dist/dto/auth-response.dto.js +149 -0
- package/dist/dto/auth-response.dto.js.map +1 -1
- package/dist/dto/challenge-response.dto.d.ts +155 -0
- package/dist/dto/challenge-response.dto.d.ts.map +1 -1
- package/dist/dto/challenge-response.dto.js +8 -0
- package/dist/dto/challenge-response.dto.js.map +1 -1
- package/dist/dto/change-password-request.dto.d.ts +35 -0
- package/dist/dto/change-password-request.dto.d.ts.map +1 -1
- package/dist/dto/change-password-request.dto.js +35 -0
- package/dist/dto/change-password-request.dto.js.map +1 -1
- package/dist/dto/change-password-response.dto.d.ts +25 -0
- package/dist/dto/change-password-response.dto.d.ts.map +1 -1
- package/dist/dto/change-password-response.dto.js +25 -0
- package/dist/dto/change-password-response.dto.js.map +1 -1
- package/dist/dto/change-password.dto.d.ts +45 -0
- package/dist/dto/change-password.dto.d.ts.map +1 -1
- package/dist/dto/change-password.dto.js +45 -0
- package/dist/dto/change-password.dto.js.map +1 -1
- package/dist/dto/confirm-forgot-password.dto.d.ts +59 -0
- package/dist/dto/confirm-forgot-password.dto.d.ts.map +1 -1
- package/dist/dto/confirm-forgot-password.dto.js +59 -0
- package/dist/dto/confirm-forgot-password.dto.js.map +1 -1
- package/dist/dto/error-response.dto.d.ts +103 -0
- package/dist/dto/error-response.dto.d.ts.map +1 -1
- package/dist/dto/error-response.dto.js +103 -0
- package/dist/dto/error-response.dto.js.map +1 -1
- package/dist/dto/forgot-password.dto.d.ts +58 -0
- package/dist/dto/forgot-password.dto.d.ts.map +1 -1
- package/dist/dto/forgot-password.dto.js +58 -0
- package/dist/dto/forgot-password.dto.js.map +1 -1
- package/dist/dto/get-available-methods.dto.d.ts +37 -0
- package/dist/dto/get-available-methods.dto.d.ts.map +1 -1
- package/dist/dto/get-available-methods.dto.js +37 -0
- package/dist/dto/get-available-methods.dto.js.map +1 -1
- package/dist/dto/get-challenge-data-response.dto.d.ts +24 -0
- package/dist/dto/get-challenge-data-response.dto.d.ts.map +1 -1
- package/dist/dto/get-challenge-data-response.dto.js +24 -0
- package/dist/dto/get-challenge-data-response.dto.js.map +1 -1
- package/dist/dto/get-challenge-data.dto.d.ts +46 -0
- package/dist/dto/get-challenge-data.dto.d.ts.map +1 -1
- package/dist/dto/get-challenge-data.dto.js +46 -0
- package/dist/dto/get-challenge-data.dto.js.map +1 -1
- package/dist/dto/get-client-info.dto.d.ts +74 -0
- package/dist/dto/get-client-info.dto.d.ts.map +1 -1
- package/dist/dto/get-client-info.dto.js +74 -0
- package/dist/dto/get-client-info.dto.js.map +1 -1
- package/dist/dto/get-device-token-response.dto.d.ts +21 -0
- package/dist/dto/get-device-token-response.dto.d.ts.map +1 -1
- package/dist/dto/get-device-token-response.dto.js +21 -0
- package/dist/dto/get-device-token-response.dto.js.map +1 -1
- package/dist/dto/get-events-by-type.dto.d.ts +50 -0
- package/dist/dto/get-events-by-type.dto.d.ts.map +1 -1
- package/dist/dto/get-events-by-type.dto.js +50 -0
- package/dist/dto/get-events-by-type.dto.js.map +1 -1
- package/dist/dto/get-ip-address-response.dto.d.ts +20 -0
- package/dist/dto/get-ip-address-response.dto.d.ts.map +1 -1
- package/dist/dto/get-ip-address-response.dto.js +20 -0
- package/dist/dto/get-ip-address-response.dto.js.map +1 -1
- package/dist/dto/get-mfa-status.dto.d.ts +59 -0
- package/dist/dto/get-mfa-status.dto.d.ts.map +1 -1
- package/dist/dto/get-mfa-status.dto.js +59 -0
- package/dist/dto/get-mfa-status.dto.js.map +1 -1
- package/dist/dto/get-risk-assessment-history.dto.d.ts +28 -0
- package/dist/dto/get-risk-assessment-history.dto.d.ts.map +1 -1
- package/dist/dto/get-risk-assessment-history.dto.js +28 -0
- package/dist/dto/get-risk-assessment-history.dto.js.map +1 -1
- package/dist/dto/get-session-id-response.dto.d.ts +21 -0
- package/dist/dto/get-session-id-response.dto.d.ts.map +1 -1
- package/dist/dto/get-session-id-response.dto.js +21 -0
- package/dist/dto/get-session-id-response.dto.js.map +1 -1
- package/dist/dto/get-setup-data-response.dto.d.ts +27 -0
- package/dist/dto/get-setup-data-response.dto.d.ts.map +1 -1
- package/dist/dto/get-setup-data-response.dto.js +27 -0
- package/dist/dto/get-setup-data-response.dto.js.map +1 -1
- package/dist/dto/get-setup-data.dto.d.ts +51 -0
- package/dist/dto/get-setup-data.dto.d.ts.map +1 -1
- package/dist/dto/get-setup-data.dto.js +51 -0
- package/dist/dto/get-setup-data.dto.js.map +1 -1
- package/dist/dto/get-suspicious-activity.dto.d.ts +31 -0
- package/dist/dto/get-suspicious-activity.dto.d.ts.map +1 -1
- package/dist/dto/get-suspicious-activity.dto.js +31 -0
- package/dist/dto/get-suspicious-activity.dto.js.map +1 -1
- package/dist/dto/get-user-agent-response.dto.d.ts +19 -0
- package/dist/dto/get-user-agent-response.dto.d.ts.map +1 -1
- package/dist/dto/get-user-agent-response.dto.js +19 -0
- package/dist/dto/get-user-agent-response.dto.js.map +1 -1
- package/dist/dto/get-user-auth-history.dto.d.ts +64 -0
- package/dist/dto/get-user-auth-history.dto.d.ts.map +1 -1
- package/dist/dto/get-user-auth-history.dto.js +64 -0
- package/dist/dto/get-user-auth-history.dto.js.map +1 -1
- package/dist/dto/get-user-by-email.dto.d.ts +42 -0
- package/dist/dto/get-user-by-email.dto.d.ts.map +1 -1
- package/dist/dto/get-user-by-email.dto.js +42 -0
- package/dist/dto/get-user-by-email.dto.js.map +1 -1
- package/dist/dto/get-user-by-id.dto.d.ts +32 -0
- package/dist/dto/get-user-by-id.dto.d.ts.map +1 -1
- package/dist/dto/get-user-by-id.dto.js +32 -0
- package/dist/dto/get-user-by-id.dto.js.map +1 -1
- package/dist/dto/get-user-devices.dto.d.ts +34 -0
- package/dist/dto/get-user-devices.dto.d.ts.map +1 -1
- package/dist/dto/get-user-devices.dto.js +34 -0
- package/dist/dto/get-user-devices.dto.js.map +1 -1
- package/dist/dto/get-user-response.dto.d.ts +14 -0
- package/dist/dto/get-user-response.dto.d.ts.map +1 -1
- package/dist/dto/get-user-response.dto.js +15 -0
- package/dist/dto/get-user-response.dto.js.map +1 -1
- package/dist/dto/has-provider.dto.d.ts +33 -0
- package/dist/dto/has-provider.dto.d.ts.map +1 -1
- package/dist/dto/has-provider.dto.js +33 -0
- package/dist/dto/has-provider.dto.js.map +1 -1
- package/dist/dto/index.js +5 -0
- package/dist/dto/index.js.map +1 -1
- package/dist/dto/is-trusted-device-response.dto.d.ts +28 -0
- package/dist/dto/is-trusted-device-response.dto.d.ts.map +1 -1
- package/dist/dto/is-trusted-device-response.dto.js +28 -0
- package/dist/dto/is-trusted-device-response.dto.js.map +1 -1
- package/dist/dto/list-providers-response.dto.d.ts +19 -0
- package/dist/dto/list-providers-response.dto.d.ts.map +1 -1
- package/dist/dto/list-providers-response.dto.js +19 -0
- package/dist/dto/list-providers-response.dto.js.map +1 -1
- package/dist/dto/login.dto.d.ts +48 -0
- package/dist/dto/login.dto.d.ts.map +1 -1
- package/dist/dto/login.dto.js +50 -1
- package/dist/dto/login.dto.js.map +1 -1
- package/dist/dto/logout-all-response.dto.d.ts +20 -0
- package/dist/dto/logout-all-response.dto.d.ts.map +1 -1
- package/dist/dto/logout-all-response.dto.js +20 -0
- package/dist/dto/logout-all-response.dto.js.map +1 -1
- package/dist/dto/logout-all.dto.d.ts +42 -0
- package/dist/dto/logout-all.dto.d.ts.map +1 -1
- package/dist/dto/logout-all.dto.js +42 -0
- package/dist/dto/logout-all.dto.js.map +1 -1
- package/dist/dto/logout-response.dto.d.ts +21 -0
- package/dist/dto/logout-response.dto.d.ts.map +1 -1
- package/dist/dto/logout-response.dto.js +21 -0
- package/dist/dto/logout-response.dto.js.map +1 -1
- package/dist/dto/logout.dto.d.ts +45 -0
- package/dist/dto/logout.dto.d.ts.map +1 -1
- package/dist/dto/logout.dto.js +45 -0
- package/dist/dto/logout.dto.js.map +1 -1
- package/dist/dto/refresh-token.dto.d.ts +28 -0
- package/dist/dto/refresh-token.dto.d.ts.map +1 -1
- package/dist/dto/refresh-token.dto.js +28 -0
- package/dist/dto/refresh-token.dto.js.map +1 -1
- package/dist/dto/remove-devices.dto.d.ts +51 -0
- package/dist/dto/remove-devices.dto.d.ts.map +1 -1
- package/dist/dto/remove-devices.dto.js +51 -0
- package/dist/dto/remove-devices.dto.js.map +1 -1
- package/dist/dto/resend-code-response.dto.d.ts +28 -0
- package/dist/dto/resend-code-response.dto.d.ts.map +1 -1
- package/dist/dto/resend-code-response.dto.js +28 -0
- package/dist/dto/resend-code-response.dto.js.map +1 -1
- package/dist/dto/resend-code.dto.d.ts +37 -0
- package/dist/dto/resend-code.dto.d.ts.map +1 -1
- package/dist/dto/resend-code.dto.js +37 -0
- package/dist/dto/resend-code.dto.js.map +1 -1
- package/dist/dto/reset-password.dto.d.ts +74 -0
- package/dist/dto/reset-password.dto.d.ts.map +1 -1
- package/dist/dto/reset-password.dto.js +76 -1
- package/dist/dto/reset-password.dto.js.map +1 -1
- package/dist/dto/respond-challenge.dto.d.ts +147 -0
- package/dist/dto/respond-challenge.dto.d.ts.map +1 -1
- package/dist/dto/respond-challenge.dto.js +162 -0
- package/dist/dto/respond-challenge.dto.js.map +1 -1
- package/dist/dto/set-mfa-exemption.dto.d.ts +65 -0
- package/dist/dto/set-mfa-exemption.dto.d.ts.map +1 -1
- package/dist/dto/set-mfa-exemption.dto.js +65 -0
- package/dist/dto/set-mfa-exemption.dto.js.map +1 -1
- package/dist/dto/set-must-change-password-response.dto.d.ts +23 -0
- package/dist/dto/set-must-change-password-response.dto.d.ts.map +1 -1
- package/dist/dto/set-must-change-password-response.dto.js +23 -0
- package/dist/dto/set-must-change-password-response.dto.js.map +1 -1
- package/dist/dto/set-must-change-password.dto.d.ts +32 -0
- package/dist/dto/set-must-change-password.dto.d.ts.map +1 -1
- package/dist/dto/set-must-change-password.dto.js +32 -0
- package/dist/dto/set-must-change-password.dto.js.map +1 -1
- package/dist/dto/set-preferred-method.dto.d.ts +48 -0
- package/dist/dto/set-preferred-method.dto.d.ts.map +1 -1
- package/dist/dto/set-preferred-method.dto.js +48 -0
- package/dist/dto/set-preferred-method.dto.js.map +1 -1
- package/dist/dto/setup-mfa.dto.d.ts +62 -0
- package/dist/dto/setup-mfa.dto.d.ts.map +1 -1
- package/dist/dto/setup-mfa.dto.js +62 -0
- package/dist/dto/setup-mfa.dto.js.map +1 -1
- package/dist/dto/signup.dto.d.ts +92 -0
- package/dist/dto/signup.dto.d.ts.map +1 -1
- package/dist/dto/signup.dto.js +93 -0
- package/dist/dto/signup.dto.js.map +1 -1
- package/dist/dto/social-auth.dto.d.ts +234 -0
- package/dist/dto/social-auth.dto.d.ts.map +1 -1
- package/dist/dto/social-auth.dto.js +234 -0
- package/dist/dto/social-auth.dto.js.map +1 -1
- package/dist/dto/trust-device-response.dto.d.ts +26 -0
- package/dist/dto/trust-device-response.dto.d.ts.map +1 -1
- package/dist/dto/trust-device-response.dto.js +26 -0
- package/dist/dto/trust-device-response.dto.js.map +1 -1
- package/dist/dto/trust-device.dto.d.ts +9 -0
- package/dist/dto/trust-device.dto.d.ts.map +1 -1
- package/dist/dto/trust-device.dto.js +9 -0
- package/dist/dto/trust-device.dto.js.map +1 -1
- package/dist/dto/update-user-attributes-request.dto.d.ts +36 -0
- package/dist/dto/update-user-attributes-request.dto.d.ts.map +1 -1
- package/dist/dto/update-user-attributes-request.dto.js +36 -0
- package/dist/dto/update-user-attributes-request.dto.js.map +1 -1
- package/dist/dto/user-response.dto.d.ts +81 -0
- package/dist/dto/user-response.dto.d.ts.map +1 -1
- package/dist/dto/user-response.dto.js +84 -2
- package/dist/dto/user-response.dto.js.map +1 -1
- package/dist/dto/user-update.dto.d.ts +132 -0
- package/dist/dto/user-update.dto.d.ts.map +1 -1
- package/dist/dto/user-update.dto.js +133 -0
- package/dist/dto/user-update.dto.js.map +1 -1
- package/dist/dto/verify-email.dto.d.ts +171 -0
- package/dist/dto/verify-email.dto.d.ts.map +1 -1
- package/dist/dto/verify-email.dto.js +173 -1
- package/dist/dto/verify-email.dto.js.map +1 -1
- package/dist/dto/verify-mfa-code.dto.d.ts +65 -0
- package/dist/dto/verify-mfa-code.dto.d.ts.map +1 -1
- package/dist/dto/verify-mfa-code.dto.js +65 -0
- package/dist/dto/verify-mfa-code.dto.js.map +1 -1
- package/dist/dto/verify-phone-by-sub.dto.d.ts +49 -0
- package/dist/dto/verify-phone-by-sub.dto.d.ts.map +1 -1
- package/dist/dto/verify-phone-by-sub.dto.js +49 -0
- package/dist/dto/verify-phone-by-sub.dto.js.map +1 -1
- package/dist/dto/verify-phone.dto.d.ts +139 -0
- package/dist/dto/verify-phone.dto.d.ts.map +1 -1
- package/dist/dto/verify-phone.dto.js +142 -1
- package/dist/dto/verify-phone.dto.js.map +1 -1
- package/dist/dto.d.ts +10 -0
- package/dist/dto.d.ts.map +1 -1
- package/dist/dto.js +10 -0
- package/dist/dto.js.map +1 -1
- package/dist/entities/auth-audit.entity.d.ts +159 -0
- package/dist/entities/auth-audit.entity.d.ts.map +1 -1
- package/dist/entities/auth-audit.entity.js +166 -0
- package/dist/entities/auth-audit.entity.js.map +1 -1
- package/dist/entities/challenge-session.entity.d.ts +87 -0
- package/dist/entities/challenge-session.entity.d.ts.map +1 -1
- package/dist/entities/challenge-session.entity.js +87 -0
- package/dist/entities/challenge-session.entity.js.map +1 -1
- package/dist/entities/index.d.ts +18 -0
- package/dist/entities/index.d.ts.map +1 -1
- package/dist/entities/index.js +18 -0
- package/dist/entities/index.js.map +1 -1
- package/dist/entities/login-attempt.entity.d.ts +43 -0
- package/dist/entities/login-attempt.entity.d.ts.map +1 -1
- package/dist/entities/login-attempt.entity.js +43 -0
- package/dist/entities/login-attempt.entity.js.map +1 -1
- package/dist/entities/mfa-device.entity.d.ts +112 -0
- package/dist/entities/mfa-device.entity.d.ts.map +1 -1
- package/dist/entities/mfa-device.entity.js +112 -0
- package/dist/entities/mfa-device.entity.js.map +1 -1
- package/dist/entities/rate-limit.entity.d.ts +31 -0
- package/dist/entities/rate-limit.entity.d.ts.map +1 -1
- package/dist/entities/rate-limit.entity.js +31 -0
- package/dist/entities/rate-limit.entity.js.map +1 -1
- package/dist/entities/session.entity.d.ts +121 -0
- package/dist/entities/session.entity.d.ts.map +1 -1
- package/dist/entities/session.entity.js +121 -0
- package/dist/entities/session.entity.js.map +1 -1
- package/dist/entities/social-account.entity.d.ts +75 -0
- package/dist/entities/social-account.entity.d.ts.map +1 -1
- package/dist/entities/social-account.entity.js +75 -0
- package/dist/entities/social-account.entity.js.map +1 -1
- package/dist/entities/storage-lock.entity.d.ts +28 -0
- package/dist/entities/storage-lock.entity.d.ts.map +1 -1
- package/dist/entities/storage-lock.entity.js +28 -0
- package/dist/entities/storage-lock.entity.js.map +1 -1
- package/dist/entities/trusted-device.entity.d.ts +83 -0
- package/dist/entities/trusted-device.entity.d.ts.map +1 -1
- package/dist/entities/trusted-device.entity.js +83 -0
- package/dist/entities/trusted-device.entity.js.map +1 -1
- package/dist/entities/user.entity.d.ts +166 -0
- package/dist/entities/user.entity.d.ts.map +1 -1
- package/dist/entities/user.entity.js +166 -0
- package/dist/entities/user.entity.js.map +1 -1
- package/dist/entities/verification-token.entity.d.ts +102 -0
- package/dist/entities/verification-token.entity.d.ts.map +1 -1
- package/dist/entities/verification-token.entity.js +102 -0
- package/dist/entities/verification-token.entity.js.map +1 -1
- package/dist/entities.d.ts +8 -0
- package/dist/entities.d.ts.map +1 -1
- package/dist/entities.js +8 -0
- package/dist/entities.js.map +1 -1
- package/dist/enums/auth-audit-event-type.enum.d.ts +211 -0
- package/dist/enums/auth-audit-event-type.enum.d.ts.map +1 -1
- package/dist/enums/auth-audit-event-type.enum.js +244 -0
- package/dist/enums/auth-audit-event-type.enum.js.map +1 -1
- package/dist/enums/error-codes.enum.d.ts +296 -0
- package/dist/enums/error-codes.enum.d.ts.map +1 -1
- package/dist/enums/error-codes.enum.js +332 -0
- package/dist/enums/error-codes.enum.js.map +1 -1
- package/dist/enums/mfa-method.enum.d.ts +74 -0
- package/dist/enums/mfa-method.enum.d.ts.map +1 -1
- package/dist/enums/mfa-method.enum.js +64 -0
- package/dist/enums/mfa-method.enum.js.map +1 -1
- package/dist/enums/risk-factor.enum.d.ts +91 -0
- package/dist/enums/risk-factor.enum.d.ts.map +1 -1
- package/dist/enums/risk-factor.enum.js +97 -0
- package/dist/enums/risk-factor.enum.js.map +1 -1
- package/dist/exceptions/nauth.exception.d.ts +149 -0
- package/dist/exceptions/nauth.exception.d.ts.map +1 -1
- package/dist/exceptions/nauth.exception.js +159 -0
- package/dist/exceptions/nauth.exception.js.map +1 -1
- package/dist/handlers/auth.handler.d.ts +32 -0
- package/dist/handlers/auth.handler.d.ts.map +1 -1
- package/dist/handlers/auth.handler.js +47 -1
- package/dist/handlers/auth.handler.js.map +1 -1
- package/dist/handlers/client-info.handler.d.ts +25 -0
- package/dist/handlers/client-info.handler.d.ts.map +1 -1
- package/dist/handlers/client-info.handler.js +36 -2
- package/dist/handlers/client-info.handler.js.map +1 -1
- package/dist/handlers/csrf.handler.d.ts +32 -0
- package/dist/handlers/csrf.handler.d.ts.map +1 -1
- package/dist/handlers/csrf.handler.js +49 -1
- package/dist/handlers/csrf.handler.js.map +1 -1
- package/dist/handlers/token-delivery.handler.d.ts +16 -0
- package/dist/handlers/token-delivery.handler.d.ts.map +1 -1
- package/dist/handlers/token-delivery.handler.js +22 -1
- package/dist/handlers/token-delivery.handler.js.map +1 -1
- package/dist/index.d.ts +34 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +67 -0
- package/dist/index.js.map +1 -1
- package/dist/interfaces/client-info.interface.d.ts +58 -0
- package/dist/interfaces/client-info.interface.d.ts.map +1 -1
- package/dist/interfaces/config.interface.d.ts +1774 -0
- package/dist/interfaces/config.interface.d.ts.map +1 -1
- package/dist/interfaces/config.interface.js +16 -0
- package/dist/interfaces/config.interface.js.map +1 -1
- package/dist/interfaces/entities.interface.d.ts +48 -0
- package/dist/interfaces/entities.interface.d.ts.map +1 -1
- package/dist/interfaces/entities.interface.js +8 -0
- package/dist/interfaces/entities.interface.js.map +1 -1
- package/dist/interfaces/index.js +5 -0
- package/dist/interfaces/index.js.map +1 -1
- package/dist/interfaces/logger.interface.d.ts +213 -0
- package/dist/interfaces/logger.interface.d.ts.map +1 -1
- package/dist/interfaces/logger.interface.js +35 -0
- package/dist/interfaces/logger.interface.js.map +1 -1
- package/dist/interfaces/mfa-provider.interface.d.ts +134 -0
- package/dist/interfaces/mfa-provider.interface.d.ts.map +1 -1
- package/dist/interfaces/oauth.interface.d.ts +110 -0
- package/dist/interfaces/oauth.interface.d.ts.map +1 -1
- package/dist/interfaces/provider.interface.d.ts +83 -0
- package/dist/interfaces/provider.interface.d.ts.map +1 -1
- package/dist/interfaces/sms-template.interface.d.ts +246 -0
- package/dist/interfaces/sms-template.interface.d.ts.map +1 -1
- package/dist/interfaces/sms-template.interface.js +26 -0
- package/dist/interfaces/sms-template.interface.js.map +1 -1
- package/dist/interfaces/social-auth-provider.interface.d.ts +115 -0
- package/dist/interfaces/social-auth-provider.interface.d.ts.map +1 -1
- package/dist/interfaces/storage-adapter.interface.d.ts +37 -0
- package/dist/interfaces/storage-adapter.interface.d.ts.map +1 -1
- package/dist/interfaces/template.interface.d.ts +351 -0
- package/dist/interfaces/template.interface.d.ts.map +1 -1
- package/dist/interfaces/template.interface.js +13 -0
- package/dist/interfaces/template.interface.js.map +1 -1
- package/dist/interfaces/token-verifier.interface.d.ts +101 -0
- package/dist/interfaces/token-verifier.interface.d.ts.map +1 -1
- package/dist/interfaces.d.ts +8 -0
- package/dist/interfaces.d.ts.map +1 -1
- package/dist/interfaces.js +8 -0
- package/dist/interfaces.js.map +1 -1
- package/dist/internal.d.ts +120 -0
- package/dist/internal.d.ts.map +1 -1
- package/dist/internal.js +138 -0
- package/dist/internal.js.map +1 -1
- package/dist/platform/interfaces.d.ts +187 -0
- package/dist/platform/interfaces.d.ts.map +1 -1
- package/dist/platform/interfaces.js +11 -0
- package/dist/platform/interfaces.js.map +1 -1
- package/dist/schemas/auth-config.schema.d.ts +48 -0
- package/dist/schemas/auth-config.schema.d.ts.map +1 -1
- package/dist/schemas/auth-config.schema.js +188 -9
- package/dist/schemas/auth-config.schema.js.map +1 -1
- package/dist/services/adaptive-mfa-decision.service.d.ts +144 -0
- package/dist/services/adaptive-mfa-decision.service.d.ts.map +1 -1
- package/dist/services/adaptive-mfa-decision.service.js +151 -5
- package/dist/services/adaptive-mfa-decision.service.js.map +1 -1
- package/dist/services/auth-audit.service.d.ts +195 -0
- package/dist/services/auth-audit.service.d.ts.map +1 -1
- package/dist/services/auth-audit.service.js +228 -1
- package/dist/services/auth-audit.service.js.map +1 -1
- package/dist/services/auth-challenge-helper.service.d.ts +144 -1
- package/dist/services/auth-challenge-helper.service.d.ts.map +1 -1
- package/dist/services/auth-challenge-helper.service.js +295 -16
- package/dist/services/auth-challenge-helper.service.js.map +1 -1
- package/dist/services/auth-flow-context-builder.service.d.ts +120 -1
- package/dist/services/auth-flow-context-builder.service.d.ts.map +1 -1
- package/dist/services/auth-flow-context-builder.service.js +184 -5
- package/dist/services/auth-flow-context-builder.service.js.map +1 -1
- package/dist/services/auth-flow-rules.d.ts +136 -0
- package/dist/services/auth-flow-rules.d.ts.map +1 -1
- package/dist/services/auth-flow-rules.js +137 -0
- package/dist/services/auth-flow-rules.js.map +1 -1
- package/dist/services/auth-flow-state-definitions.d.ts +40 -0
- package/dist/services/auth-flow-state-definitions.d.ts.map +1 -1
- package/dist/services/auth-flow-state-definitions.js +98 -0
- package/dist/services/auth-flow-state-definitions.js.map +1 -1
- package/dist/services/auth-flow-state-machine.service.d.ts +91 -0
- package/dist/services/auth-flow-state-machine.service.d.ts.map +1 -1
- package/dist/services/auth-flow-state-machine.service.js +102 -0
- package/dist/services/auth-flow-state-machine.service.js.map +1 -1
- package/dist/services/auth-flow-state-machine.types.d.ts +221 -0
- package/dist/services/auth-flow-state-machine.types.d.ts.map +1 -1
- package/dist/services/auth-flow-state-machine.types.js +47 -0
- package/dist/services/auth-flow-state-machine.types.js.map +1 -1
- package/dist/services/auth.service.d.ts +397 -1
- package/dist/services/auth.service.d.ts.map +1 -1
- package/dist/services/auth.service.js +943 -27
- package/dist/services/auth.service.js.map +1 -1
- package/dist/services/challenge.service.d.ts +255 -1
- package/dist/services/challenge.service.d.ts.map +1 -1
- package/dist/services/challenge.service.js +327 -3
- package/dist/services/challenge.service.js.map +1 -1
- package/dist/services/client-info.service.d.ts +143 -0
- package/dist/services/client-info.service.d.ts.map +1 -1
- package/dist/services/client-info.service.js +161 -0
- package/dist/services/client-info.service.js.map +1 -1
- package/dist/services/csrf.service.d.ts +15 -0
- package/dist/services/csrf.service.d.ts.map +1 -1
- package/dist/services/csrf.service.js +16 -0
- package/dist/services/csrf.service.js.map +1 -1
- package/dist/services/email-verification.service.d.ts +52 -0
- package/dist/services/email-verification.service.d.ts.map +1 -1
- package/dist/services/email-verification.service.js +149 -10
- package/dist/services/email-verification.service.js.map +1 -1
- package/dist/services/geo-location.service.d.ts +105 -0
- package/dist/services/geo-location.service.d.ts.map +1 -1
- package/dist/services/geo-location.service.js +188 -2
- package/dist/services/geo-location.service.js.map +1 -1
- package/dist/services/jwt.service.d.ts +257 -0
- package/dist/services/jwt.service.d.ts.map +1 -1
- package/dist/services/jwt.service.js +284 -1
- package/dist/services/jwt.service.js.map +1 -1
- package/dist/services/mfa-base.service.d.ts +179 -1
- package/dist/services/mfa-base.service.d.ts.map +1 -1
- package/dist/services/mfa-base.service.js +256 -2
- package/dist/services/mfa-base.service.js.map +1 -1
- package/dist/services/mfa.service.d.ts +304 -0
- package/dist/services/mfa.service.d.ts.map +1 -1
- package/dist/services/mfa.service.js +380 -0
- package/dist/services/mfa.service.js.map +1 -1
- package/dist/services/password-reset.service.d.ts +46 -0
- package/dist/services/password-reset.service.d.ts.map +1 -1
- package/dist/services/password-reset.service.js +79 -0
- package/dist/services/password-reset.service.js.map +1 -1
- package/dist/services/password.service.d.ts +139 -0
- package/dist/services/password.service.d.ts.map +1 -1
- package/dist/services/password.service.js +167 -9
- package/dist/services/password.service.js.map +1 -1
- package/dist/services/phone-verification.service.d.ts +75 -0
- package/dist/services/phone-verification.service.d.ts.map +1 -1
- package/dist/services/phone-verification.service.js +188 -6
- package/dist/services/phone-verification.service.js.map +1 -1
- package/dist/services/risk-detection.service.d.ts +198 -0
- package/dist/services/risk-detection.service.d.ts.map +1 -1
- package/dist/services/risk-detection.service.js +358 -11
- package/dist/services/risk-detection.service.js.map +1 -1
- package/dist/services/risk-scoring.service.d.ts +84 -0
- package/dist/services/risk-scoring.service.d.ts.map +1 -1
- package/dist/services/risk-scoring.service.js +87 -0
- package/dist/services/risk-scoring.service.js.map +1 -1
- package/dist/services/session.service.d.ts +204 -0
- package/dist/services/session.service.d.ts.map +1 -1
- package/dist/services/session.service.js +289 -4
- package/dist/services/session.service.js.map +1 -1
- package/dist/services/social-auth-base.service.d.ts +123 -1
- package/dist/services/social-auth-base.service.d.ts.map +1 -1
- package/dist/services/social-auth-base.service.js +155 -2
- package/dist/services/social-auth-base.service.js.map +1 -1
- package/dist/services/social-auth.service.d.ts +191 -0
- package/dist/services/social-auth.service.d.ts.map +1 -1
- package/dist/services/social-auth.service.js +215 -2
- package/dist/services/social-auth.service.js.map +1 -1
- package/dist/services/social-provider-registry.service.d.ts +86 -0
- package/dist/services/social-provider-registry.service.d.ts.map +1 -1
- package/dist/services/social-provider-registry.service.js +86 -0
- package/dist/services/social-provider-registry.service.js.map +1 -1
- package/dist/services/trusted-device.service.d.ts +105 -0
- package/dist/services/trusted-device.service.d.ts.map +1 -1
- package/dist/services/trusted-device.service.js +133 -4
- package/dist/services/trusted-device.service.js.map +1 -1
- package/dist/storage/account-lockout-storage.service.d.ts +35 -0
- package/dist/storage/account-lockout-storage.service.d.ts.map +1 -1
- package/dist/storage/account-lockout-storage.service.js +35 -0
- package/dist/storage/account-lockout-storage.service.js.map +1 -1
- package/dist/storage/memory-storage.adapter.d.ts +148 -0
- package/dist/storage/memory-storage.adapter.d.ts.map +1 -1
- package/dist/storage/memory-storage.adapter.js +201 -6
- package/dist/storage/memory-storage.adapter.js.map +1 -1
- package/dist/storage/rate-limit-storage.service.d.ts +3 -0
- package/dist/storage/rate-limit-storage.service.d.ts.map +1 -1
- package/dist/storage/rate-limit-storage.service.js +4 -0
- package/dist/storage/rate-limit-storage.service.js.map +1 -1
- package/dist/storage.d.ts +8 -0
- package/dist/storage.d.ts.map +1 -1
- package/dist/storage.js +8 -0
- package/dist/storage.js.map +1 -1
- package/dist/templates/html-template.engine.d.ts +110 -0
- package/dist/templates/html-template.engine.d.ts.map +1 -1
- package/dist/templates/html-template.engine.js +147 -0
- package/dist/templates/html-template.engine.js.map +1 -1
- package/dist/templates/index.d.ts +5 -0
- package/dist/templates/index.d.ts.map +1 -1
- package/dist/templates/index.js +5 -0
- package/dist/templates/index.js.map +1 -1
- package/dist/templates/sms-template.engine.d.ts +151 -0
- package/dist/templates/sms-template.engine.d.ts.map +1 -1
- package/dist/templates/sms-template.engine.js +171 -0
- package/dist/templates/sms-template.engine.js.map +1 -1
- package/dist/templates.d.ts +8 -0
- package/dist/templates.d.ts.map +1 -1
- package/dist/templates.js +8 -0
- package/dist/templates.js.map +1 -1
- package/dist/utils/common-passwords.d.ts +42 -0
- package/dist/utils/common-passwords.d.ts.map +1 -1
- package/dist/utils/common-passwords.js +88 -0
- package/dist/utils/common-passwords.js.map +1 -1
- package/dist/utils/context-storage.d.ts +129 -0
- package/dist/utils/context-storage.d.ts.map +1 -1
- package/dist/utils/context-storage.js +129 -0
- package/dist/utils/context-storage.js.map +1 -1
- package/dist/utils/cookie-names.util.d.ts +35 -0
- package/dist/utils/cookie-names.util.d.ts.map +1 -1
- package/dist/utils/cookie-names.util.js +37 -0
- package/dist/utils/cookie-names.util.js.map +1 -1
- package/dist/utils/cookies.util.d.ts +19 -0
- package/dist/utils/cookies.util.d.ts.map +1 -1
- package/dist/utils/cookies.util.js +30 -3
- package/dist/utils/cookies.util.js.map +1 -1
- package/dist/utils/index.d.ts +3 -0
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +4 -0
- package/dist/utils/index.js.map +1 -1
- package/dist/utils/ip-extractor.d.ts +88 -0
- package/dist/utils/ip-extractor.d.ts.map +1 -1
- package/dist/utils/ip-extractor.js +109 -16
- package/dist/utils/ip-extractor.js.map +1 -1
- package/dist/utils/nauth-logger.d.ts +70 -0
- package/dist/utils/nauth-logger.d.ts.map +1 -1
- package/dist/utils/nauth-logger.js +82 -4
- package/dist/utils/nauth-logger.js.map +1 -1
- package/dist/utils/pii-redactor.d.ts +70 -0
- package/dist/utils/pii-redactor.d.ts.map +1 -1
- package/dist/utils/pii-redactor.js +102 -0
- package/dist/utils/pii-redactor.js.map +1 -1
- package/dist/utils/setup/get-repositories.d.ts +16 -0
- package/dist/utils/setup/get-repositories.d.ts.map +1 -1
- package/dist/utils/setup/get-repositories.js +21 -0
- package/dist/utils/setup/get-repositories.js.map +1 -1
- package/dist/utils/setup/init-services.d.ts +40 -1
- package/dist/utils/setup/init-services.d.ts.map +1 -1
- package/dist/utils/setup/init-services.js +98 -0
- package/dist/utils/setup/init-services.js.map +1 -1
- package/dist/utils/setup/init-social.d.ts +27 -0
- package/dist/utils/setup/init-social.d.ts.map +1 -1
- package/dist/utils/setup/init-social.js +49 -0
- package/dist/utils/setup/init-social.js.map +1 -1
- package/dist/utils/setup/init-storage.d.ts +22 -0
- package/dist/utils/setup/init-storage.d.ts.map +1 -1
- package/dist/utils/setup/init-storage.js +36 -0
- package/dist/utils/setup/init-storage.js.map +1 -1
- package/dist/utils/setup/register-mfa.d.ts +22 -0
- package/dist/utils/setup/register-mfa.d.ts.map +1 -1
- package/dist/utils/setup/register-mfa.js +41 -0
- package/dist/utils/setup/register-mfa.js.map +1 -1
- package/dist/utils/setup/run-nauth-migrations.d.ts +7 -0
- package/dist/utils/setup/run-nauth-migrations.d.ts.map +1 -1
- package/dist/utils/setup/run-nauth-migrations.js +8 -0
- package/dist/utils/setup/run-nauth-migrations.js.map +1 -1
- package/dist/utils/token-delivery-policy.d.ts +17 -0
- package/dist/utils/token-delivery-policy.d.ts.map +1 -1
- package/dist/utils/token-delivery-policy.js +17 -0
- package/dist/utils/token-delivery-policy.js.map +1 -1
- package/dist/utils.d.ts +8 -0
- package/dist/utils.d.ts.map +1 -1
- package/dist/utils.js +8 -0
- package/dist/utils.js.map +1 -1
- package/dist/validators/template.validator.d.ts +80 -0
- package/dist/validators/template.validator.d.ts.map +1 -1
- package/dist/validators/template.validator.js +94 -0
- package/dist/validators/template.validator.js.map +1 -1
- package/package.json +7 -2
|
@@ -1,61 +1,393 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.AuthErrorCode = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Authentication Error Codes
|
|
6
|
+
*
|
|
7
|
+
* Standardized error codes for all nauth-toolkit errors.
|
|
8
|
+
* Organized by category for easy navigation and maintenance.
|
|
9
|
+
*
|
|
10
|
+
* **Benefits:**
|
|
11
|
+
* - Programmatic error handling (no string parsing)
|
|
12
|
+
* - Internationalization support
|
|
13
|
+
* - Better analytics and monitoring
|
|
14
|
+
* - Type-safe error checking
|
|
15
|
+
*
|
|
16
|
+
* @example
|
|
17
|
+
* ```typescript
|
|
18
|
+
* // Backend
|
|
19
|
+
* throw new NAuthException(
|
|
20
|
+
* AuthErrorCode.RATE_LIMIT_SMS,
|
|
21
|
+
* 'Too many SMS sent',
|
|
22
|
+
* HttpStatus.TOO_MANY_REQUESTS,
|
|
23
|
+
* { retryAfter: 3600 }
|
|
24
|
+
* );
|
|
25
|
+
*
|
|
26
|
+
* // Frontend
|
|
27
|
+
* if (error.code === AuthErrorCode.RATE_LIMIT_SMS) {
|
|
28
|
+
* showRetryTimer(error.details.retryAfter);
|
|
29
|
+
* }
|
|
30
|
+
* ```
|
|
31
|
+
*/
|
|
4
32
|
var AuthErrorCode;
|
|
5
33
|
(function (AuthErrorCode) {
|
|
34
|
+
// ============================================================================
|
|
35
|
+
// Authentication Errors (AUTH_*)
|
|
36
|
+
// ============================================================================
|
|
37
|
+
/**
|
|
38
|
+
* Invalid username/email or password
|
|
39
|
+
*
|
|
40
|
+
* Used when credentials don't match any user or password is incorrect.
|
|
41
|
+
*/
|
|
6
42
|
AuthErrorCode["INVALID_CREDENTIALS"] = "AUTH_INVALID_CREDENTIALS";
|
|
43
|
+
/**
|
|
44
|
+
* Account has been locked due to too many failed attempts
|
|
45
|
+
*
|
|
46
|
+
* Temporary lockout for security. Includes lockout duration in details.
|
|
47
|
+
*/
|
|
7
48
|
AuthErrorCode["ACCOUNT_LOCKED"] = "AUTH_ACCOUNT_LOCKED";
|
|
49
|
+
/**
|
|
50
|
+
* Account is inactive or disabled
|
|
51
|
+
*
|
|
52
|
+
* Account exists but has been deactivated by admin or user.
|
|
53
|
+
*/
|
|
8
54
|
AuthErrorCode["ACCOUNT_INACTIVE"] = "AUTH_ACCOUNT_INACTIVE";
|
|
55
|
+
/**
|
|
56
|
+
* Access token has expired
|
|
57
|
+
*
|
|
58
|
+
* Client should attempt token refresh.
|
|
59
|
+
*/
|
|
9
60
|
AuthErrorCode["TOKEN_EXPIRED"] = "AUTH_TOKEN_EXPIRED";
|
|
61
|
+
/**
|
|
62
|
+
* Token is invalid or malformed
|
|
63
|
+
*
|
|
64
|
+
* Token signature verification failed or token format is invalid.
|
|
65
|
+
*/
|
|
10
66
|
AuthErrorCode["TOKEN_INVALID"] = "AUTH_TOKEN_INVALID";
|
|
67
|
+
/**
|
|
68
|
+
* Bearer tokens are not allowed in the current delivery mode
|
|
69
|
+
*
|
|
70
|
+
* Used when tokenDelivery.method is 'cookies' and an Authorization header
|
|
71
|
+
* (Bearer token) is provided, which would bypass httpOnly protections.
|
|
72
|
+
*/
|
|
11
73
|
AuthErrorCode["BEARER_NOT_ALLOWED"] = "AUTH_BEARER_NOT_ALLOWED";
|
|
74
|
+
/**
|
|
75
|
+
* Cookie-based tokens are not allowed in the current delivery mode
|
|
76
|
+
*
|
|
77
|
+
* Used when tokenDelivery.method is 'json' and cookie tokens are present.
|
|
78
|
+
*/
|
|
12
79
|
AuthErrorCode["COOKIES_NOT_ALLOWED"] = "AUTH_COOKIES_NOT_ALLOWED";
|
|
80
|
+
/**
|
|
81
|
+
* CSRF token is invalid or missing
|
|
82
|
+
*
|
|
83
|
+
* Used when CSRF protection is enabled and token validation fails.
|
|
84
|
+
*/
|
|
13
85
|
AuthErrorCode["CSRF_TOKEN_INVALID"] = "AUTH_CSRF_TOKEN_INVALID";
|
|
86
|
+
/**
|
|
87
|
+
* CSRF token is missing from request
|
|
88
|
+
*
|
|
89
|
+
* Used when CSRF protection is enabled but no token is provided.
|
|
90
|
+
*/
|
|
14
91
|
AuthErrorCode["CSRF_TOKEN_MISSING"] = "AUTH_CSRF_TOKEN_MISSING";
|
|
92
|
+
/**
|
|
93
|
+
* Refresh token reuse detected - security violation
|
|
94
|
+
*
|
|
95
|
+
* All sessions have been revoked. User must login again.
|
|
96
|
+
*/
|
|
15
97
|
AuthErrorCode["TOKEN_REUSE_DETECTED"] = "AUTH_TOKEN_REUSE_DETECTED";
|
|
98
|
+
/**
|
|
99
|
+
* Session not found or has been revoked
|
|
100
|
+
*/
|
|
16
101
|
AuthErrorCode["SESSION_NOT_FOUND"] = "AUTH_SESSION_NOT_FOUND";
|
|
102
|
+
/**
|
|
103
|
+
* Session has expired
|
|
104
|
+
*/
|
|
17
105
|
AuthErrorCode["SESSION_EXPIRED"] = "AUTH_SESSION_EXPIRED";
|
|
106
|
+
// ============================================================================
|
|
107
|
+
// Signup Errors (SIGNUP_*)
|
|
108
|
+
// ============================================================================
|
|
109
|
+
/**
|
|
110
|
+
* User signup is currently disabled
|
|
111
|
+
*
|
|
112
|
+
* Signups are administratively disabled.
|
|
113
|
+
*/
|
|
18
114
|
AuthErrorCode["SIGNUP_DISABLED"] = "SIGNUP_DISABLED";
|
|
115
|
+
/**
|
|
116
|
+
* Email address is already registered
|
|
117
|
+
*
|
|
118
|
+
* Another user account exists with this email.
|
|
119
|
+
*/
|
|
19
120
|
AuthErrorCode["EMAIL_EXISTS"] = "SIGNUP_EMAIL_EXISTS";
|
|
121
|
+
/**
|
|
122
|
+
* Username is already taken
|
|
123
|
+
*
|
|
124
|
+
* Another user has registered this username.
|
|
125
|
+
*/
|
|
20
126
|
AuthErrorCode["USERNAME_EXISTS"] = "SIGNUP_USERNAME_EXISTS";
|
|
127
|
+
/**
|
|
128
|
+
* Phone number is already registered
|
|
129
|
+
*
|
|
130
|
+
* Another user account exists with this phone number.
|
|
131
|
+
*/
|
|
21
132
|
AuthErrorCode["PHONE_EXISTS"] = "SIGNUP_PHONE_EXISTS";
|
|
133
|
+
/**
|
|
134
|
+
* Password doesn't meet security requirements
|
|
135
|
+
*
|
|
136
|
+
* Details include which requirements failed (length, complexity, etc.)
|
|
137
|
+
*/
|
|
22
138
|
AuthErrorCode["WEAK_PASSWORD"] = "SIGNUP_WEAK_PASSWORD";
|
|
139
|
+
/**
|
|
140
|
+
* Phone number is required for signup
|
|
141
|
+
*
|
|
142
|
+
* Configuration requires phone verification.
|
|
143
|
+
*/
|
|
23
144
|
AuthErrorCode["PHONE_REQUIRED"] = "SIGNUP_PHONE_REQUIRED";
|
|
145
|
+
/**
|
|
146
|
+
* Signup not allowed by hook or policy
|
|
147
|
+
*/
|
|
24
148
|
AuthErrorCode["SIGNUP_NOT_ALLOWED"] = "SIGNUP_NOT_ALLOWED";
|
|
149
|
+
// ============================================================================
|
|
150
|
+
// Verification Errors (VERIFY_*)
|
|
151
|
+
// ============================================================================
|
|
152
|
+
/**
|
|
153
|
+
* Verification code is invalid
|
|
154
|
+
*
|
|
155
|
+
* Code doesn't match or has incorrect format.
|
|
156
|
+
*/
|
|
25
157
|
AuthErrorCode["VERIFICATION_CODE_INVALID"] = "VERIFY_CODE_INVALID";
|
|
158
|
+
/**
|
|
159
|
+
* Verification code has expired
|
|
160
|
+
*
|
|
161
|
+
* User needs to request a new code.
|
|
162
|
+
*/
|
|
26
163
|
AuthErrorCode["VERIFICATION_CODE_EXPIRED"] = "VERIFY_CODE_EXPIRED";
|
|
164
|
+
/**
|
|
165
|
+
* Too many failed verification attempts
|
|
166
|
+
*
|
|
167
|
+
* User exceeded max attempts. Must request new code.
|
|
168
|
+
*/
|
|
27
169
|
AuthErrorCode["VERIFICATION_TOO_MANY_ATTEMPTS"] = "VERIFY_TOO_MANY_ATTEMPTS";
|
|
170
|
+
/**
|
|
171
|
+
* Email or phone is already verified
|
|
172
|
+
*
|
|
173
|
+
* No action needed.
|
|
174
|
+
*/
|
|
28
175
|
AuthErrorCode["ALREADY_VERIFIED"] = "VERIFY_ALREADY_VERIFIED";
|
|
176
|
+
// ============================================================================
|
|
177
|
+
// MFA Errors (MFA_*)
|
|
178
|
+
// ============================================================================
|
|
179
|
+
/**
|
|
180
|
+
* MFA setup is required before login
|
|
181
|
+
*
|
|
182
|
+
* User must set up multi-factor authentication before being allowed to login.
|
|
183
|
+
* This occurs when enforcement is 'REQUIRED' and grace period has expired (or is disabled).
|
|
184
|
+
* Details include allowedMethods array.
|
|
185
|
+
*/
|
|
29
186
|
AuthErrorCode["MFA_SETUP_REQUIRED"] = "MFA_SETUP_REQUIRED";
|
|
187
|
+
// ============================================================================
|
|
188
|
+
// Rate Limit Errors (RATE_LIMIT_*)
|
|
189
|
+
// ============================================================================
|
|
190
|
+
/**
|
|
191
|
+
* Too many SMS verification requests
|
|
192
|
+
*
|
|
193
|
+
* Details include retryAfter (seconds) and resetAt (timestamp).
|
|
194
|
+
*/
|
|
30
195
|
AuthErrorCode["RATE_LIMIT_SMS"] = "RATE_LIMIT_SMS";
|
|
196
|
+
/**
|
|
197
|
+
* Too many email verification requests
|
|
198
|
+
*
|
|
199
|
+
* Details include retryAfter (seconds) and resetAt (timestamp).
|
|
200
|
+
*/
|
|
31
201
|
AuthErrorCode["RATE_LIMIT_EMAIL"] = "RATE_LIMIT_EMAIL";
|
|
202
|
+
/**
|
|
203
|
+
* Too many login attempts
|
|
204
|
+
*
|
|
205
|
+
* Account may be locked. Details include retryAfter.
|
|
206
|
+
*/
|
|
32
207
|
AuthErrorCode["RATE_LIMIT_LOGIN"] = "RATE_LIMIT_LOGIN";
|
|
208
|
+
/**
|
|
209
|
+
* Too many resend code requests
|
|
210
|
+
*
|
|
211
|
+
* User must wait before requesting another code.
|
|
212
|
+
*/
|
|
33
213
|
AuthErrorCode["RATE_LIMIT_RESEND"] = "RATE_LIMIT_RESEND";
|
|
214
|
+
/**
|
|
215
|
+
* Too many password reset requests
|
|
216
|
+
*
|
|
217
|
+
* Used for forgot-password flows to prevent abuse.
|
|
218
|
+
* Details should include retryAfter (seconds).
|
|
219
|
+
*/
|
|
34
220
|
AuthErrorCode["RATE_LIMIT_PASSWORD_RESET"] = "RATE_LIMIT_PASSWORD_RESET";
|
|
221
|
+
// ============================================================================
|
|
222
|
+
// Social Auth Errors (SOCIAL_*)
|
|
223
|
+
// ============================================================================
|
|
224
|
+
/**
|
|
225
|
+
* Social provider token is invalid or expired
|
|
226
|
+
*
|
|
227
|
+
* Token verification failed with provider.
|
|
228
|
+
*/
|
|
35
229
|
AuthErrorCode["SOCIAL_TOKEN_INVALID"] = "SOCIAL_TOKEN_INVALID";
|
|
230
|
+
/**
|
|
231
|
+
* Social account is already linked to another user
|
|
232
|
+
*
|
|
233
|
+
* This social account cannot be linked because it's in use.
|
|
234
|
+
*/
|
|
36
235
|
AuthErrorCode["SOCIAL_ACCOUNT_LINKED"] = "SOCIAL_ACCOUNT_LINKED";
|
|
236
|
+
/**
|
|
237
|
+
* Social provider is not configured
|
|
238
|
+
*
|
|
239
|
+
* Provider credentials or settings are missing.
|
|
240
|
+
*/
|
|
37
241
|
AuthErrorCode["SOCIAL_CONFIG_MISSING"] = "SOCIAL_CONFIG_MISSING";
|
|
242
|
+
/**
|
|
243
|
+
* Email is required from social provider
|
|
244
|
+
*
|
|
245
|
+
* Social provider didn't return email or email is not verified.
|
|
246
|
+
*/
|
|
38
247
|
AuthErrorCode["SOCIAL_EMAIL_REQUIRED"] = "SOCIAL_EMAIL_REQUIRED";
|
|
248
|
+
/**
|
|
249
|
+
* Social account not found for this user
|
|
250
|
+
*
|
|
251
|
+
* User doesn't have this social provider linked.
|
|
252
|
+
*/
|
|
39
253
|
AuthErrorCode["SOCIAL_ACCOUNT_NOT_FOUND"] = "SOCIAL_ACCOUNT_NOT_FOUND";
|
|
254
|
+
// ============================================================================
|
|
255
|
+
// Challenge Errors (CHALLENGE_*)
|
|
256
|
+
// ============================================================================
|
|
257
|
+
/**
|
|
258
|
+
* Challenge session has expired
|
|
259
|
+
*
|
|
260
|
+
* User must restart authentication flow.
|
|
261
|
+
*/
|
|
40
262
|
AuthErrorCode["CHALLENGE_EXPIRED"] = "CHALLENGE_EXPIRED";
|
|
263
|
+
/**
|
|
264
|
+
* Challenge session is invalid
|
|
265
|
+
*
|
|
266
|
+
* Session token is malformed or not found.
|
|
267
|
+
*/
|
|
41
268
|
AuthErrorCode["CHALLENGE_INVALID"] = "CHALLENGE_INVALID";
|
|
269
|
+
/**
|
|
270
|
+
* Challenge type mismatch
|
|
271
|
+
*
|
|
272
|
+
* Client sent wrong challenge type for this session.
|
|
273
|
+
*/
|
|
42
274
|
AuthErrorCode["CHALLENGE_TYPE_MISMATCH"] = "CHALLENGE_TYPE_MISMATCH";
|
|
275
|
+
/**
|
|
276
|
+
* Max challenge attempts exceeded
|
|
277
|
+
*
|
|
278
|
+
* User must request new challenge session.
|
|
279
|
+
*/
|
|
43
280
|
AuthErrorCode["CHALLENGE_MAX_ATTEMPTS"] = "CHALLENGE_MAX_ATTEMPTS";
|
|
281
|
+
/**
|
|
282
|
+
* Challenge has already been completed
|
|
283
|
+
*/
|
|
44
284
|
AuthErrorCode["CHALLENGE_ALREADY_COMPLETED"] = "CHALLENGE_ALREADY_COMPLETED";
|
|
285
|
+
// ============================================================================
|
|
286
|
+
// Validation Errors (VALIDATION_*)
|
|
287
|
+
// ============================================================================
|
|
288
|
+
/**
|
|
289
|
+
* Request validation failed
|
|
290
|
+
*
|
|
291
|
+
* Details include field-specific validation errors.
|
|
292
|
+
*/
|
|
45
293
|
AuthErrorCode["VALIDATION_FAILED"] = "VALIDATION_FAILED";
|
|
294
|
+
/**
|
|
295
|
+
* Phone number format is invalid
|
|
296
|
+
*
|
|
297
|
+
* Must be in E.164 format (e.g., +1234567890).
|
|
298
|
+
*/
|
|
46
299
|
AuthErrorCode["INVALID_PHONE_FORMAT"] = "VALIDATION_INVALID_PHONE";
|
|
300
|
+
/**
|
|
301
|
+
* Email format is invalid
|
|
302
|
+
*/
|
|
47
303
|
AuthErrorCode["INVALID_EMAIL_FORMAT"] = "VALIDATION_INVALID_EMAIL";
|
|
304
|
+
/**
|
|
305
|
+
* Password format is invalid
|
|
306
|
+
*
|
|
307
|
+
* Details include specific requirements that failed.
|
|
308
|
+
*/
|
|
48
309
|
AuthErrorCode["INVALID_PASSWORD_FORMAT"] = "VALIDATION_INVALID_PASSWORD";
|
|
310
|
+
// ============================================================================
|
|
311
|
+
// Password Errors (PASSWORD_*)
|
|
312
|
+
// ============================================================================
|
|
313
|
+
/**
|
|
314
|
+
* Current password is incorrect
|
|
315
|
+
*
|
|
316
|
+
* Used when changing password.
|
|
317
|
+
*/
|
|
49
318
|
AuthErrorCode["PASSWORD_INCORRECT"] = "PASSWORD_INCORRECT";
|
|
319
|
+
/**
|
|
320
|
+
* Cannot reuse recent passwords
|
|
321
|
+
*
|
|
322
|
+
* New password matches one of the recent passwords.
|
|
323
|
+
*/
|
|
50
324
|
AuthErrorCode["PASSWORD_REUSED"] = "PASSWORD_REUSED";
|
|
325
|
+
/**
|
|
326
|
+
* Password change is not allowed
|
|
327
|
+
*
|
|
328
|
+
* Social-only users cannot change password.
|
|
329
|
+
*/
|
|
51
330
|
AuthErrorCode["PASSWORD_CHANGE_NOT_ALLOWED"] = "PASSWORD_CHANGE_NOT_ALLOWED";
|
|
331
|
+
// ============================================================================
|
|
332
|
+
// Password Reset Errors (PASSWORD_RESET_*)
|
|
333
|
+
// ============================================================================
|
|
334
|
+
/**
|
|
335
|
+
* Password reset verification code is invalid
|
|
336
|
+
*
|
|
337
|
+
* Used when confirming a forgot-password code.
|
|
338
|
+
*/
|
|
52
339
|
AuthErrorCode["PASSWORD_RESET_CODE_INVALID"] = "PASSWORD_RESET_CODE_INVALID";
|
|
340
|
+
/**
|
|
341
|
+
* Password reset verification code has expired
|
|
342
|
+
*
|
|
343
|
+
* Used when confirming a forgot-password code after TTL.
|
|
344
|
+
*/
|
|
53
345
|
AuthErrorCode["PASSWORD_RESET_CODE_EXPIRED"] = "PASSWORD_RESET_CODE_EXPIRED";
|
|
346
|
+
/**
|
|
347
|
+
* Too many failed password reset code attempts
|
|
348
|
+
*
|
|
349
|
+
* Used when confirming a forgot-password code exceeds max attempts.
|
|
350
|
+
*/
|
|
54
351
|
AuthErrorCode["PASSWORD_RESET_MAX_ATTEMPTS"] = "PASSWORD_RESET_MAX_ATTEMPTS";
|
|
352
|
+
// ============================================================================
|
|
353
|
+
// General Errors (*)
|
|
354
|
+
// ============================================================================
|
|
355
|
+
/**
|
|
356
|
+
* Requested resource not found
|
|
357
|
+
*/
|
|
55
358
|
AuthErrorCode["NOT_FOUND"] = "RESOURCE_NOT_FOUND";
|
|
359
|
+
/**
|
|
360
|
+
* Internal server error
|
|
361
|
+
*
|
|
362
|
+
* Unexpected error occurred. Details may include correlation ID.
|
|
363
|
+
*/
|
|
56
364
|
AuthErrorCode["INTERNAL_ERROR"] = "INTERNAL_ERROR";
|
|
365
|
+
/**
|
|
366
|
+
* Access forbidden
|
|
367
|
+
*
|
|
368
|
+
* User doesn't have permission for this action.
|
|
369
|
+
*/
|
|
57
370
|
AuthErrorCode["FORBIDDEN"] = "FORBIDDEN";
|
|
371
|
+
/**
|
|
372
|
+
* Service temporarily unavailable
|
|
373
|
+
*
|
|
374
|
+
* May include retryAfter in details.
|
|
375
|
+
*/
|
|
58
376
|
AuthErrorCode["SERVICE_UNAVAILABLE"] = "SERVICE_UNAVAILABLE";
|
|
377
|
+
// ============================================================================
|
|
378
|
+
// Adaptive MFA Errors (ADAPTIVE_*)
|
|
379
|
+
// ============================================================================
|
|
380
|
+
/**
|
|
381
|
+
* Sign-in blocked due to high risk score
|
|
382
|
+
*
|
|
383
|
+
* Adaptive MFA evaluated the login attempt and determined it exceeds
|
|
384
|
+
* the high-risk threshold. Sign-in is blocked for security.
|
|
385
|
+
*
|
|
386
|
+
* Details may include:
|
|
387
|
+
* - riskScore: The calculated risk score (0-100)
|
|
388
|
+
* - riskFactors: Array of detected risk factors
|
|
389
|
+
* - expiresAt: When the block expires (if temporary)
|
|
390
|
+
*/
|
|
59
391
|
AuthErrorCode["SIGNIN_BLOCKED_HIGH_RISK"] = "SIGNIN_BLOCKED_HIGH_RISK";
|
|
60
392
|
})(AuthErrorCode || (exports.AuthErrorCode = AuthErrorCode = {}));
|
|
61
393
|
//# sourceMappingURL=error-codes.enum.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"error-codes.enum.js","sourceRoot":"","sources":["../../src/enums/error-codes.enum.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"error-codes.enum.js","sourceRoot":"","sources":["../../src/enums/error-codes.enum.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,IAAY,aAwaX;AAxaD,WAAY,aAAa;IACvB,+EAA+E;IAC/E,iCAAiC;IACjC,+EAA+E;IAE/E;;;;OAIG;IACH,iEAAgD,CAAA;IAEhD;;;;OAIG;IACH,uDAAsC,CAAA;IAEtC;;;;OAIG;IACH,2DAA0C,CAAA;IAE1C;;;;OAIG;IACH,qDAAoC,CAAA;IAEpC;;;;OAIG;IACH,qDAAoC,CAAA;IAEpC;;;;;OAKG;IACH,+DAA8C,CAAA;IAE9C;;;;OAIG;IACH,iEAAgD,CAAA;IAEhD;;;;OAIG;IACH,+DAA8C,CAAA;IAE9C;;;;OAIG;IACH,+DAA8C,CAAA;IAE9C;;;;OAIG;IACH,mEAAkD,CAAA;IAElD;;OAEG;IACH,6DAA4C,CAAA;IAE5C;;OAEG;IACH,yDAAwC,CAAA;IAExC,+EAA+E;IAC/E,2BAA2B;IAC3B,+EAA+E;IAE/E;;;;OAIG;IACH,oDAAmC,CAAA;IAEnC;;;;OAIG;IACH,qDAAoC,CAAA;IAEpC;;;;OAIG;IACH,2DAA0C,CAAA;IAE1C;;;;OAIG;IACH,qDAAoC,CAAA;IAEpC;;;;OAIG;IACH,uDAAsC,CAAA;IAEtC;;;;OAIG;IACH,yDAAwC,CAAA;IAExC;;OAEG;IACH,0DAAyC,CAAA;IAEzC,+EAA+E;IAC/E,iCAAiC;IACjC,+EAA+E;IAE/E;;;;OAIG;IACH,kEAAiD,CAAA;IAEjD;;;;OAIG;IACH,kEAAiD,CAAA;IAEjD;;;;OAIG;IACH,4EAA2D,CAAA;IAE3D;;;;OAIG;IACH,6DAA4C,CAAA;IAE5C,+EAA+E;IAC/E,qBAAqB;IACrB,+EAA+E;IAE/E;;;;;;OAMG;IACH,0DAAyC,CAAA;IAEzC,+EAA+E;IAC/E,mCAAmC;IACnC,+EAA+E;IAE/E;;;;OAIG;IACH,kDAAiC,CAAA;IAEjC;;;;OAIG;IACH,sDAAqC,CAAA;IAErC;;;;OAIG;IACH,sDAAqC,CAAA;IAErC;;;;OAIG;IACH,wDAAuC,CAAA;IAEvC;;;;;OAKG;IACH,wEAAuD,CAAA;IAEvD,+EAA+E;IAC/E,gCAAgC;IAChC,+EAA+E;IAE/E;;;;OAIG;IACH,8DAA6C,CAAA;IAE7C;;;;OAIG;IACH,gEAA+C,CAAA;IAE/C;;;;OAIG;IACH,gEAA+C,CAAA;IAE/C;;;;OAIG;IACH,gEAA+C,CAAA;IAE/C;;;;OAIG;IACH,sEAAqD,CAAA;IAErD,+EAA+E;IAC/E,iCAAiC;IACjC,+EAA+E;IAE/E;;;;OAIG;IACH,wDAAuC,CAAA;IAEvC;;;;OAIG;IACH,wDAAuC,CAAA;IAEvC;;;;OAIG;IACH,oEAAmD,CAAA;IAEnD;;;;OAIG;IACH,kEAAiD,CAAA;IAEjD;;OAEG;IACH,4EAA2D,CAAA;IAE3D,+EAA+E;IAC/E,mCAAmC;IACnC,+EAA+E;IAE/E;;;;OAIG;IACH,wDAAuC,CAAA;IAEvC;;;;OAIG;IACH,kEAAiD,CAAA;IAEjD;;OAEG;IACH,kEAAiD,CAAA;IAEjD;;;;OAIG;IACH,wEAAuD,CAAA;IAEvD,+EAA+E;IAC/E,+BAA+B;IAC/B,+EAA+E;IAE/E;;;;OAIG;IACH,0DAAyC,CAAA;IAEzC;;;;OAIG;IACH,oDAAmC,CAAA;IAEnC;;;;OAIG;IACH,4EAA2D,CAAA;IAE3D,+EAA+E;IAC/E,2CAA2C;IAC3C,+EAA+E;IAE/E;;;;OAIG;IACH,4EAA2D,CAAA;IAE3D;;;;OAIG;IACH,4EAA2D,CAAA;IAE3D;;;;OAIG;IACH,4EAA2D,CAAA;IAE3D,+EAA+E;IAC/E,qBAAqB;IACrB,+EAA+E;IAE/E;;OAEG;IACH,iDAAgC,CAAA;IAEhC;;;;OAIG;IACH,kDAAiC,CAAA;IAEjC;;;;OAIG;IACH,wCAAuB,CAAA;IAEvB;;;;OAIG;IACH,4DAA2C,CAAA;IAE3C,+EAA+E;IAC/E,mCAAmC;IACnC,+EAA+E;IAE/E;;;;;;;;;;OAUG;IACH,sEAAqD,CAAA;AACvD,CAAC,EAxaW,aAAa,6BAAb,aAAa,QAwaxB"}
|
|
@@ -1,11 +1,85 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* MFA Method Enum
|
|
3
|
+
*
|
|
4
|
+
* Defines all supported Multi-Factor Authentication methods.
|
|
5
|
+
* Used throughout the codebase to ensure type safety and consistency.
|
|
6
|
+
*
|
|
7
|
+
* **Device Methods** (require device setup):
|
|
8
|
+
* - TOTP: Time-based One-Time Password (authenticator apps)
|
|
9
|
+
* - SMS: SMS verification codes
|
|
10
|
+
* - EMAIL: Email verification codes
|
|
11
|
+
* - PASSKEY: WebAuthn/FIDO2 passkeys (biometric, security keys)
|
|
12
|
+
*
|
|
13
|
+
* **Verification Methods** (available for verification):
|
|
14
|
+
* - Includes all device methods
|
|
15
|
+
* - BACKUP: Backup recovery codes (single-use codes, not a device)
|
|
16
|
+
*
|
|
17
|
+
* @example
|
|
18
|
+
* ```typescript
|
|
19
|
+
* import { MFAMethod, MFADeviceMethod, MFAVerificationMethod } from '@nauth-toolkit/core';
|
|
20
|
+
*
|
|
21
|
+
* // Device methods only
|
|
22
|
+
* const deviceMethod: MFADeviceMethod = MFAMethod.TOTP;
|
|
23
|
+
*
|
|
24
|
+
* // Verification methods (includes backup)
|
|
25
|
+
* const verificationMethod: MFAVerificationMethod = MFAMethod.BACKUP;
|
|
26
|
+
*
|
|
27
|
+
* // Check if method is a device method
|
|
28
|
+
* if (method !== MFAMethod.BACKUP) {
|
|
29
|
+
* // This is a device method
|
|
30
|
+
* }
|
|
31
|
+
* ```
|
|
32
|
+
*/
|
|
33
|
+
/**
|
|
34
|
+
* All supported MFA methods
|
|
35
|
+
*
|
|
36
|
+
* Use this enum instead of string literals throughout the codebase.
|
|
37
|
+
*/
|
|
1
38
|
export declare enum MFAMethod {
|
|
39
|
+
/**
|
|
40
|
+
* Time-based One-Time Password
|
|
41
|
+
* Authenticator apps (Google Authenticator, Authy, Microsoft Authenticator, etc.)
|
|
42
|
+
*/
|
|
2
43
|
TOTP = "totp",
|
|
44
|
+
/**
|
|
45
|
+
* SMS verification codes
|
|
46
|
+
* Sends one-time codes via text message
|
|
47
|
+
*/
|
|
3
48
|
SMS = "sms",
|
|
49
|
+
/**
|
|
50
|
+
* Email verification codes
|
|
51
|
+
* Sends one-time codes via email
|
|
52
|
+
*/
|
|
4
53
|
EMAIL = "email",
|
|
54
|
+
/**
|
|
55
|
+
* WebAuthn/FIDO2 passkeys
|
|
56
|
+
* Biometric authentication (Face ID, Touch ID, Windows Hello)
|
|
57
|
+
* Hardware security keys (YubiKey, etc.)
|
|
58
|
+
*/
|
|
5
59
|
PASSKEY = "passkey",
|
|
60
|
+
/**
|
|
61
|
+
* Backup recovery codes
|
|
62
|
+
* Single-use recovery codes when MFA devices are unavailable
|
|
63
|
+
* Not a device method - only available for verification
|
|
64
|
+
*/
|
|
6
65
|
BACKUP = "backup"
|
|
7
66
|
}
|
|
67
|
+
/**
|
|
68
|
+
* Device MFA methods (methods that require device setup)
|
|
69
|
+
*
|
|
70
|
+
* Excludes BACKUP as it's not a device method.
|
|
71
|
+
*/
|
|
8
72
|
export type MFADeviceMethod = MFAMethod.TOTP | MFAMethod.SMS | MFAMethod.EMAIL | MFAMethod.PASSKEY;
|
|
73
|
+
/**
|
|
74
|
+
* Verification MFA methods (all methods available for verification)
|
|
75
|
+
*
|
|
76
|
+
* Includes all device methods plus BACKUP codes.
|
|
77
|
+
*/
|
|
9
78
|
export type MFAVerificationMethod = MFADeviceMethod | MFAMethod.BACKUP;
|
|
79
|
+
/**
|
|
80
|
+
* Array of all device methods
|
|
81
|
+
*
|
|
82
|
+
* Useful for defaults and iteration.
|
|
83
|
+
*/
|
|
10
84
|
export declare const MFADeviceMethods: readonly MFADeviceMethod[];
|
|
11
85
|
//# sourceMappingURL=mfa-method.enum.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mfa-method.enum.d.ts","sourceRoot":"","sources":["../../src/enums/mfa-method.enum.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"mfa-method.enum.d.ts","sourceRoot":"","sources":["../../src/enums/mfa-method.enum.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH;;;;GAIG;AACH,oBAAY,SAAS;IACnB;;;OAGG;IACH,IAAI,SAAS;IAEb;;;OAGG;IACH,GAAG,QAAQ;IAEX;;;OAGG;IACH,KAAK,UAAU;IAEf;;;;OAIG;IACH,OAAO,YAAY;IAEnB;;;;OAIG;IACH,MAAM,WAAW;CAClB;AAED;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG,SAAS,CAAC,IAAI,GAAG,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC;AAEnG;;;;GAIG;AACH,MAAM,MAAM,qBAAqB,GAAG,eAAe,GAAG,SAAS,CAAC,MAAM,CAAC;AAEvE;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,EAAE,SAAS,eAAe,EAK7C,CAAC"}
|
|
@@ -1,14 +1,78 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* MFA Method Enum
|
|
4
|
+
*
|
|
5
|
+
* Defines all supported Multi-Factor Authentication methods.
|
|
6
|
+
* Used throughout the codebase to ensure type safety and consistency.
|
|
7
|
+
*
|
|
8
|
+
* **Device Methods** (require device setup):
|
|
9
|
+
* - TOTP: Time-based One-Time Password (authenticator apps)
|
|
10
|
+
* - SMS: SMS verification codes
|
|
11
|
+
* - EMAIL: Email verification codes
|
|
12
|
+
* - PASSKEY: WebAuthn/FIDO2 passkeys (biometric, security keys)
|
|
13
|
+
*
|
|
14
|
+
* **Verification Methods** (available for verification):
|
|
15
|
+
* - Includes all device methods
|
|
16
|
+
* - BACKUP: Backup recovery codes (single-use codes, not a device)
|
|
17
|
+
*
|
|
18
|
+
* @example
|
|
19
|
+
* ```typescript
|
|
20
|
+
* import { MFAMethod, MFADeviceMethod, MFAVerificationMethod } from '@nauth-toolkit/core';
|
|
21
|
+
*
|
|
22
|
+
* // Device methods only
|
|
23
|
+
* const deviceMethod: MFADeviceMethod = MFAMethod.TOTP;
|
|
24
|
+
*
|
|
25
|
+
* // Verification methods (includes backup)
|
|
26
|
+
* const verificationMethod: MFAVerificationMethod = MFAMethod.BACKUP;
|
|
27
|
+
*
|
|
28
|
+
* // Check if method is a device method
|
|
29
|
+
* if (method !== MFAMethod.BACKUP) {
|
|
30
|
+
* // This is a device method
|
|
31
|
+
* }
|
|
32
|
+
* ```
|
|
33
|
+
*/
|
|
2
34
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
35
|
exports.MFADeviceMethods = exports.MFAMethod = void 0;
|
|
36
|
+
/**
|
|
37
|
+
* All supported MFA methods
|
|
38
|
+
*
|
|
39
|
+
* Use this enum instead of string literals throughout the codebase.
|
|
40
|
+
*/
|
|
4
41
|
var MFAMethod;
|
|
5
42
|
(function (MFAMethod) {
|
|
43
|
+
/**
|
|
44
|
+
* Time-based One-Time Password
|
|
45
|
+
* Authenticator apps (Google Authenticator, Authy, Microsoft Authenticator, etc.)
|
|
46
|
+
*/
|
|
6
47
|
MFAMethod["TOTP"] = "totp";
|
|
48
|
+
/**
|
|
49
|
+
* SMS verification codes
|
|
50
|
+
* Sends one-time codes via text message
|
|
51
|
+
*/
|
|
7
52
|
MFAMethod["SMS"] = "sms";
|
|
53
|
+
/**
|
|
54
|
+
* Email verification codes
|
|
55
|
+
* Sends one-time codes via email
|
|
56
|
+
*/
|
|
8
57
|
MFAMethod["EMAIL"] = "email";
|
|
58
|
+
/**
|
|
59
|
+
* WebAuthn/FIDO2 passkeys
|
|
60
|
+
* Biometric authentication (Face ID, Touch ID, Windows Hello)
|
|
61
|
+
* Hardware security keys (YubiKey, etc.)
|
|
62
|
+
*/
|
|
9
63
|
MFAMethod["PASSKEY"] = "passkey";
|
|
64
|
+
/**
|
|
65
|
+
* Backup recovery codes
|
|
66
|
+
* Single-use recovery codes when MFA devices are unavailable
|
|
67
|
+
* Not a device method - only available for verification
|
|
68
|
+
*/
|
|
10
69
|
MFAMethod["BACKUP"] = "backup";
|
|
11
70
|
})(MFAMethod || (exports.MFAMethod = MFAMethod = {}));
|
|
71
|
+
/**
|
|
72
|
+
* Array of all device methods
|
|
73
|
+
*
|
|
74
|
+
* Useful for defaults and iteration.
|
|
75
|
+
*/
|
|
12
76
|
exports.MFADeviceMethods = [
|
|
13
77
|
MFAMethod.TOTP,
|
|
14
78
|
MFAMethod.SMS,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mfa-method.enum.js","sourceRoot":"","sources":["../../src/enums/mfa-method.enum.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"mfa-method.enum.js","sourceRoot":"","sources":["../../src/enums/mfa-method.enum.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;;;AAEH;;;;GAIG;AACH,IAAY,SAgCX;AAhCD,WAAY,SAAS;IACnB;;;OAGG;IACH,0BAAa,CAAA;IAEb;;;OAGG;IACH,wBAAW,CAAA;IAEX;;;OAGG;IACH,4BAAe,CAAA;IAEf;;;;OAIG;IACH,gCAAmB,CAAA;IAEnB;;;;OAIG;IACH,8BAAiB,CAAA;AACnB,CAAC,EAhCW,SAAS,yBAAT,SAAS,QAgCpB;AAgBD;;;;GAIG;AACU,QAAA,gBAAgB,GAA+B;IAC1D,SAAS,CAAC,IAAI;IACd,SAAS,CAAC,GAAG;IACb,SAAS,CAAC,KAAK;IACf,SAAS,CAAC,OAAO;CACT,CAAC"}
|
|
@@ -1,15 +1,106 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Risk Factor Enum
|
|
3
|
+
*
|
|
4
|
+
* Defines all possible risk factors that can be detected during authentication
|
|
5
|
+
* and security events. Used for type safety in risk scoring and audit logging.
|
|
6
|
+
*
|
|
7
|
+
* **Standard Risk Factors (from RiskDetectionService):**
|
|
8
|
+
* - `new_device`: First login from unknown device
|
|
9
|
+
* - `new_ip`: Login from new IP address
|
|
10
|
+
* - `new_country`: Login from different country
|
|
11
|
+
* - `impossible_travel`: Geographic distance/time anomaly
|
|
12
|
+
* - `suspicious_activity`: Unusual behavior patterns
|
|
13
|
+
*
|
|
14
|
+
* **Security Event Risk Factors:**
|
|
15
|
+
* - `token_theft_attempt`: Token theft detected
|
|
16
|
+
* - `refresh_token_reuse_different_session`: Refresh token reused from different session
|
|
17
|
+
* - `token_reuse_attempt`: Token reuse attempt detected
|
|
18
|
+
* - `tampered_device_token`: Device token tampering detected
|
|
19
|
+
* - `mfa_bypass_attempt`: MFA bypass attempt detected
|
|
20
|
+
*
|
|
21
|
+
* @example
|
|
22
|
+
* ```typescript
|
|
23
|
+
* // Type-safe risk factors
|
|
24
|
+
* const riskFactors: RiskFactor[] = [
|
|
25
|
+
* RiskFactor.NEW_DEVICE,
|
|
26
|
+
* RiskFactor.NEW_COUNTRY
|
|
27
|
+
* ];
|
|
28
|
+
*
|
|
29
|
+
* // Pass to audit service
|
|
30
|
+
* await auditService.recordEvent({
|
|
31
|
+
* riskFactors: [RiskFactor.NEW_DEVICE, RiskFactor.TOKEN_REUSE_ATTEMPT],
|
|
32
|
+
* });
|
|
33
|
+
* ```
|
|
34
|
+
*/
|
|
1
35
|
export declare enum RiskFactor {
|
|
36
|
+
/**
|
|
37
|
+
* First login from unknown device
|
|
38
|
+
* Weight: 25 points (default)
|
|
39
|
+
*/
|
|
2
40
|
NEW_DEVICE = "new_device",
|
|
41
|
+
/**
|
|
42
|
+
* Login from new IP address
|
|
43
|
+
* Weight: 15 points (default)
|
|
44
|
+
* Note: Automatically excluded if new_country or impossible_travel is detected
|
|
45
|
+
*/
|
|
3
46
|
NEW_IP = "new_ip",
|
|
47
|
+
/**
|
|
48
|
+
* Login from different country
|
|
49
|
+
* Weight: 25 points (default)
|
|
50
|
+
*/
|
|
4
51
|
NEW_COUNTRY = "new_country",
|
|
52
|
+
/**
|
|
53
|
+
* Geographic distance/time anomaly (impossible travel)
|
|
54
|
+
* Weight: 40 points (default)
|
|
55
|
+
*/
|
|
5
56
|
IMPOSSIBLE_TRAVEL = "impossible_travel",
|
|
57
|
+
/**
|
|
58
|
+
* Unusual behavior patterns (suspicious activity)
|
|
59
|
+
* Weight: 30 points (default)
|
|
60
|
+
*/
|
|
6
61
|
SUSPICIOUS_ACTIVITY = "suspicious_activity",
|
|
62
|
+
/**
|
|
63
|
+
* Incomplete location data (missing city/coordinates)
|
|
64
|
+
* Weight: 20 points (default)
|
|
65
|
+
* Added when location detection is impaired, reducing confidence in risk assessment
|
|
66
|
+
*/
|
|
7
67
|
INCOMPLETE_LOCATION_DATA = "incomplete_location_data",
|
|
68
|
+
/**
|
|
69
|
+
* Password was reset/changed after the user's last successful login
|
|
70
|
+
* Weight: 40 points (default)
|
|
71
|
+
*
|
|
72
|
+
* This is a strong signal of account recovery activity. Industry-leading providers
|
|
73
|
+
* typically treat \"post-reset sign-in\" as higher risk and require step-up auth
|
|
74
|
+
* when adaptive MFA is enabled.
|
|
75
|
+
*
|
|
76
|
+
* Detection strategy (implementation detail):
|
|
77
|
+
* - If passwordChangedAt > lastLoginAt, user has not logged in since the reset.
|
|
78
|
+
*/
|
|
8
79
|
RECENT_PASSWORD_RESET = "recent_password_reset",
|
|
80
|
+
/**
|
|
81
|
+
* Token theft detected
|
|
82
|
+
* Used when refresh token reuse is detected from different session
|
|
83
|
+
*/
|
|
9
84
|
TOKEN_THEFT_ATTEMPT = "token_theft_attempt",
|
|
85
|
+
/**
|
|
86
|
+
* Refresh token reused from different session
|
|
87
|
+
* Indicates potential token theft or session hijacking
|
|
88
|
+
*/
|
|
10
89
|
REFRESH_TOKEN_REUSE_DIFFERENT_SESSION = "refresh_token_reuse_different_session",
|
|
90
|
+
/**
|
|
91
|
+
* Token reuse attempt detected
|
|
92
|
+
* Used when token reuse is blocked via atomic operations
|
|
93
|
+
*/
|
|
11
94
|
TOKEN_REUSE_ATTEMPT = "token_reuse_attempt",
|
|
95
|
+
/**
|
|
96
|
+
* Device token tampering detected
|
|
97
|
+
* Used when device token is provided but not found in trusted devices
|
|
98
|
+
*/
|
|
12
99
|
TAMPERED_DEVICE_TOKEN = "tampered_device_token",
|
|
100
|
+
/**
|
|
101
|
+
* MFA bypass attempt detected
|
|
102
|
+
* Used when invalid/tampered device token is provided during MFA verification
|
|
103
|
+
*/
|
|
13
104
|
MFA_BYPASS_ATTEMPT = "mfa_bypass_attempt"
|
|
14
105
|
}
|
|
15
106
|
//# sourceMappingURL=risk-factor.enum.d.ts.map
|