@open-core/identity 1.0.0

package/dist/types/auth.types.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Configuration for API-based authentication
+ */
+export interface ApiAuthConfig {
+    /** Base URL for auth API */
+    authUrl: string;
+    /** Base URL for principal/permissions API */
+    principalUrl?: string;
+    /** Custom headers to include in all requests */
+    headers?: Record<string, string>;
+    /** Request timeout in milliseconds (default: 5000) */
+    timeoutMs?: number;
+}
+/**
+ * Response from API authentication endpoint
+ */
+export interface ApiAuthResponse {
+    /** Whether authentication was successful */
+    success: boolean;
+    /** Linked ID from external system */
+    linkedId?: string;
+    /** Error message if authentication failed */
+    error?: string;
+    /** Whether this is a new account */
+    isNewAccount?: boolean;
+}
+/**
+ * Response from API principal/permissions endpoint
+ */
+export interface ApiPrincipalResponse {
+    /** Display name of the role/principal */
+    name?: string;
+    /** Rank/weight for hierarchical checks */
+    rank?: number;
+    /** Array of permission strings */
+    permissions: string[];
+    /** Additional metadata */
+    meta?: Record<string, unknown>;
+}
+/**
+ * Cache configuration options
+ */
+export interface CacheOptions {
+    /** TTL in milliseconds (default: 300000 = 5 min) */
+    ttl?: number;
+    /** Maximum number of entries to cache */
+    maxEntries?: number;
+}

package/dist/types/auth.types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/types/index.d.ts

@@ -0,0 +1,36 @@
+export type IdentifierType = "license" | "discord" | "steam";
+export interface AccountIdentifiers {
+    license?: string | null;
+    discord?: string | null;
+    steam?: string | null;
+}
+export interface CreateAccountInput extends AccountIdentifiers {
+    linkedId?: string | null;
+    externalSource?: string;
+    username?: string | null;
+    roleId?: number | null;
+}
+export interface BanOptions {
+    /**
+     * Ban duration in milliseconds. When omitted, the ban is permanent.
+     */
+    durationMs?: number;
+    reason?: string;
+}
+export interface AuthSession {
+    accountId: string;
+    isNew: boolean;
+}
+export interface CreateRoleInput {
+    name: string;
+    displayName: string;
+    rank: number;
+    permissions?: string[];
+    isDefault?: boolean;
+}
+export interface UpdateRoleInput {
+    displayName?: string;
+    rank?: number;
+    permissions?: string[];
+    isDefault?: boolean;
+}

package/dist/types/index.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/migrations/001_accounts_table.sql

@@ -0,0 +1,16 @@
+CREATE TABLE IF NOT EXISTS accounts (
+  id INT AUTO_INCREMENT PRIMARY KEY,
+  linked_id VARCHAR(255) UNIQUE NULL,
+  external_source VARCHAR(32) NULL,
+  license VARCHAR(64) UNIQUE,
+  discord VARCHAR(32) UNIQUE,
+  steam VARCHAR(32) UNIQUE,
+  username VARCHAR(64),
+  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  last_login_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  banned BOOLEAN DEFAULT FALSE,
+  ban_reason TEXT,
+  ban_expires TIMESTAMP NULL,
+  permissions JSON DEFAULT '[]'
+);
+

package/migrations/002_roles_table.sql

@@ -0,0 +1,21 @@
+-- Migration 002: Create roles table
+-- This table stores security roles/ranks with hierarchical permissions.
+
+CREATE TABLE IF NOT EXISTS roles (
+  id INT AUTO_INCREMENT PRIMARY KEY,
+  name VARCHAR(64) NOT NULL UNIQUE,
+  display_name VARCHAR(128) NOT NULL,
+  rank INT NOT NULL DEFAULT 0,
+  permissions JSON DEFAULT '[]',
+  is_default BOOLEAN DEFAULT FALSE,
+  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  
+  INDEX idx_name (name),
+  INDEX idx_is_default (is_default)
+);
+
+-- Insert default role for new accounts
+INSERT INTO roles (name, display_name, rank, permissions, is_default) 
+VALUES ('user', 'Player', 0, '[]', TRUE)
+ON DUPLICATE KEY UPDATE name=name;
+

package/migrations/003_alter_accounts_add_role.sql

@@ -0,0 +1,24 @@
+-- Migration 003: Alter accounts table to use role-based permissions
+-- IMPORTANT: Run this AFTER creating roles and inserting at least a default role.
+
+-- Add role_id foreign key column
+ALTER TABLE accounts 
+  ADD COLUMN role_id INT NULL AFTER username;
+
+-- Add custom_permissions column for per-account overrides
+ALTER TABLE accounts 
+  ADD COLUMN custom_permissions JSON DEFAULT '[]' AFTER role_id;
+
+-- Drop old flat permissions column
+ALTER TABLE accounts 
+  DROP COLUMN IF EXISTS permissions;
+
+-- Add foreign key constraint to roles
+ALTER TABLE accounts 
+  ADD CONSTRAINT fk_accounts_role
+  FOREIGN KEY (role_id) REFERENCES roles(id) 
+  ON DELETE SET NULL;
+
+-- Add index for faster role lookups
+CREATE INDEX idx_role_id ON accounts(role_id);
+

package/migrations/004_rename_uuid_to_linked_id.sql

@@ -0,0 +1,12 @@
+-- Migration to rename uuid column to linked_id and add external_source
+-- This migration is for existing installations that already have the accounts table
+
+-- Rename uuid column to linked_id and increase length to support various ID formats
+ALTER TABLE accounts CHANGE COLUMN uuid linked_id VARCHAR(255) UNIQUE NULL;
+
+-- Add external_source column to track account origin
+ALTER TABLE accounts ADD COLUMN external_source VARCHAR(32) NULL AFTER linked_id;
+
+-- Update existing records to mark them as 'local' source
+UPDATE accounts SET external_source = 'local' WHERE external_source IS NULL;
+

package/migrations/005_add_password_hash.sql

@@ -0,0 +1,7 @@
+-- Add password_hash column for credentials-based authentication
+-- This is optional and only needed if using CredentialsAuthProvider
+
+ALTER TABLE accounts ADD COLUMN password_hash VARCHAR(255) NULL AFTER username;
+
+-- Note: For existing systems, passwords can be set via AccountService.setPassword()
+

package/package.json

@@ -0,0 +1,59 @@
+{
+  "name": "@open-core/identity",
+  "version": "1.0.0",
+  "description": "Flexible identity and authentication system for OpenCore Framework",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "clean": "rimraf dist",
+    "lint": "eslint . --ext .ts",
+    "lint:fix": "eslint . --ext .ts --fix",
+    "test": "echo \"No tests yet\""
+  },
+  "keywords": [
+    "opencore",
+    "fivem",
+    "framework",
+    "identity",
+    "authentication",
+    "authorization",
+    "permissions",
+    "roles",
+    "rbac"
+  ],
+  "author": "OpenCore Team",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/newcore-network/opencore-identity.git"
+  },
+  "packageManager": "pnpm@10.13.1",
+  "dependencies": {
+    "@open-core/framework": "^1.0.1-beta.1",
+    "bcrypt": "^6.0.0",
+    "reflect-metadata": "^0.2.2",
+    "tsyringe": "^4.10.0",
+    "uuid": "^13.0.0",
+    "zod": "^4.1.13"
+  },
+  "devDependencies": {
+    "@types/bcrypt": "^6.0.0",
+    "@types/node": "^22.7.5",
+    "@typescript-eslint/eslint-plugin": "^8.48.1",
+    "@typescript-eslint/parser": "^8.48.1",
+    "eslint": "^9.39.1",
+    "eslint-config-prettier": "^10.1.8",
+    "eslint-plugin-import": "^2.32.0",
+    "eslint-plugin-prettier": "^5.5.4",
+    "prettier": "3.7.1",
+    "rimraf": "^6.0.1",
+    "typescript": "^5.9.3"
+  },
+  "files": [
+    "dist",
+    "migrations",
+    "LICENSE",
+    "README.md"
+  ]
+}