@objectstack/spec 0.1.2 → 0.3.0

package/dist/system/auth-protocol.d.ts

@@ -0,0 +1,175 @@
+/**
+ * Authentication Wire Protocol & Constants
+ *
+ * Defines the API contract and constants for authentication communication.
+ * These constants ensure consistent behavior across all ObjectStack implementations.
+ */
+/**
+ * Authentication Constants
+ * Standard headers, prefixes, and identifiers for auth communication
+ */
+export declare const AUTH_CONSTANTS: {
+    /**
+     * HTTP header key for authentication tokens
+     */
+    readonly HEADER_KEY: "Authorization";
+    /**
+     * Token prefix for Bearer authentication
+     */
+    readonly TOKEN_PREFIX: "Bearer ";
+    /**
+     * Cookie prefix for ObjectStack auth cookies
+     */
+    readonly COOKIE_PREFIX: "os_";
+    /**
+     * CSRF token header name
+     */
+    readonly CSRF_HEADER: "x-os-csrf-token";
+    /**
+     * Default session cookie name
+     */
+    readonly SESSION_COOKIE: "os_session_token";
+    /**
+     * Default CSRF cookie name
+     */
+    readonly CSRF_COOKIE: "os_csrf_token";
+    /**
+     * Refresh token cookie name
+     */
+    readonly REFRESH_TOKEN_COOKIE: "os_refresh_token";
+};
+/**
+ * Authentication Headers Interface
+ * Standard headers used in authenticated requests
+ */
+export interface AuthHeaders {
+    /**
+     * Authorization header with Bearer token
+     * @example "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
+     */
+    Authorization?: string;
+    /**
+     * CSRF token header
+     * @example "x-os-csrf-token: abc123def456..."
+     */
+    'x-os-csrf-token'?: string;
+    /**
+     * Session ID header (alternative to cookie)
+     * @example "x-os-session-id: session_abc123..."
+     */
+    'x-os-session-id'?: string;
+    /**
+     * API key header (for service-to-service auth)
+     * @example "x-os-api-key: sk_live_abc123..."
+     */
+    'x-os-api-key'?: string;
+}
+/**
+ * Authentication Response Interface
+ * Standard response format for authentication operations
+ */
+export interface AuthResponse {
+    /**
+     * Access token (JWT or opaque token)
+     */
+    accessToken: string;
+    /**
+     * Refresh token (for token renewal)
+     */
+    refreshToken?: string;
+    /**
+     * Token type (usually "Bearer")
+     */
+    tokenType: string;
+    /**
+     * Token expiry in seconds
+     */
+    expiresIn: number;
+    /**
+     * User information
+     */
+    user: {
+        id: string;
+        email: string;
+        name?: string;
+        image?: string;
+    };
+    /**
+     * Session ID
+     */
+    sessionId?: string;
+}
+/**
+ * Authentication Error Codes
+ * Standard error codes for authentication failures
+ */
+export declare const AUTH_ERROR_CODES: {
+    readonly INVALID_CREDENTIALS: "invalid_credentials";
+    readonly INVALID_TOKEN: "invalid_token";
+    readonly TOKEN_EXPIRED: "token_expired";
+    readonly INSUFFICIENT_PERMISSIONS: "insufficient_permissions";
+    readonly ACCOUNT_LOCKED: "account_locked";
+    readonly ACCOUNT_NOT_VERIFIED: "account_not_verified";
+    readonly TOO_MANY_REQUESTS: "too_many_requests";
+    readonly INVALID_CSRF_TOKEN: "invalid_csrf_token";
+    readonly SESSION_EXPIRED: "session_expired";
+    readonly OAUTH_ERROR: "oauth_error";
+    readonly PROVIDER_ERROR: "provider_error";
+};
+/**
+ * Authentication Error Interface
+ * Standard error response format
+ */
+export interface AuthError {
+    /**
+     * Error code from AUTH_ERROR_CODES
+     */
+    code: typeof AUTH_ERROR_CODES[keyof typeof AUTH_ERROR_CODES];
+    /**
+     * Human-readable error message
+     */
+    message: string;
+    /**
+     * Additional error details
+     */
+    details?: Record<string, any>;
+}
+/**
+ * Token Payload Interface
+ * Standard JWT payload structure
+ */
+export interface TokenPayload {
+    /**
+     * Subject (user ID)
+     */
+    sub: string;
+    /**
+     * Issued at timestamp
+     */
+    iat: number;
+    /**
+     * Expiration timestamp
+     */
+    exp: number;
+    /**
+     * Session ID
+     */
+    sid?: string;
+    /**
+     * User email
+     */
+    email?: string;
+    /**
+     * User roles
+     */
+    roles?: string[];
+    /**
+     * User permissions
+     */
+    permissions?: string[];
+    /**
+     * Additional custom claims
+     */
+    [key: string]: any;
+}
+//# sourceMappingURL=auth-protocol.d.ts.map

package/dist/system/auth-protocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-protocol.d.ts","sourceRoot":"","sources":["../../src/system/auth-protocol.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AACH,eAAO,MAAM,cAAc;IACzB;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;CAEK,CAAC;AAEX;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;IAEF;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;CAYnB,CAAC;AAEX;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,IAAI,EAAE,OAAO,gBAAgB,CAAC,MAAM,OAAO,gBAAgB,CAAC,CAAC;IAE7D;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IAEjB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;OAEG;IACH,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB"}

package/dist/system/auth-protocol.js

@@ -0,0 +1,60 @@
+"use strict";
+/**
+ * Authentication Wire Protocol & Constants
+ *
+ * Defines the API contract and constants for authentication communication.
+ * These constants ensure consistent behavior across all ObjectStack implementations.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AUTH_ERROR_CODES = exports.AUTH_CONSTANTS = void 0;
+/**
+ * Authentication Constants
+ * Standard headers, prefixes, and identifiers for auth communication
+ */
+exports.AUTH_CONSTANTS = {
+    /**
+     * HTTP header key for authentication tokens
+     */
+    HEADER_KEY: 'Authorization',
+    /**
+     * Token prefix for Bearer authentication
+     */
+    TOKEN_PREFIX: 'Bearer ',
+    /**
+     * Cookie prefix for ObjectStack auth cookies
+     */
+    COOKIE_PREFIX: 'os_',
+    /**
+     * CSRF token header name
+     */
+    CSRF_HEADER: 'x-os-csrf-token',
+    /**
+     * Default session cookie name
+     */
+    SESSION_COOKIE: 'os_session_token',
+    /**
+     * Default CSRF cookie name
+     */
+    CSRF_COOKIE: 'os_csrf_token',
+    /**
+     * Refresh token cookie name
+     */
+    REFRESH_TOKEN_COOKIE: 'os_refresh_token',
+};
+/**
+ * Authentication Error Codes
+ * Standard error codes for authentication failures
+ */
+exports.AUTH_ERROR_CODES = {
+    INVALID_CREDENTIALS: 'invalid_credentials',
+    INVALID_TOKEN: 'invalid_token',
+    TOKEN_EXPIRED: 'token_expired',
+    INSUFFICIENT_PERMISSIONS: 'insufficient_permissions',
+    ACCOUNT_LOCKED: 'account_locked',
+    ACCOUNT_NOT_VERIFIED: 'account_not_verified',
+    TOO_MANY_REQUESTS: 'too_many_requests',
+    INVALID_CSRF_TOKEN: 'invalid_csrf_token',
+    SESSION_EXPIRED: 'session_expired',
+    OAUTH_ERROR: 'oauth_error',
+    PROVIDER_ERROR: 'provider_error',
+};