@open-core/identity 1.2.0 → 1.2.2

package/README.md

@@ -23,9 +23,7 @@ The recommended way to use the identity system is through **Constructor Injectio
 ```ts
 import { Server } from "@open-core/framework";
 import { AccountService } from "@open-core/identity";
-import { injectable } from "tsyringe";
 
-@injectable()
 @Server.Controller()
 export class MyController {
   // AccountService is automatically injected

package/dist/contracts.d.ts

@@ -0,0 +1,93 @@
+import type { IdentityAccount, IdentityRole } from "./types";
+/**
+ * Persistence contract for identity accounts.
+ *
+ * Implement this interface to provide a storage backend (SQL, NoSQL, or API)
+ * for account-related operations. The identity system depends on this contract
+ * to lookup and manage persistent player state.
+ *
+ * @public
+ */
+export declare abstract class IdentityStore {
+    /**
+     * Retrieves an account by its primary connection identifier.
+     *
+     * @param identifier - The unique identifier (e.g., 'license:123...').
+     * @returns A promise resolving to the account or null if not found.
+     */
+    abstract findByIdentifier(identifier: string): Promise<IdentityAccount | null>;
+    /**
+     * Retrieves an account by its linked stable ID.
+     *
+     * @param linkedId - The stable ID (e.g., a UUID).
+     * @returns A promise resolving to the account or null if not found.
+     */
+    abstract findByLinkedId(linkedId: string): Promise<IdentityAccount | null>;
+    /**
+     * Retrieves an account by its unique username.
+     *
+     * @param username - The technical username.
+     * @returns A promise resolving to the account or null if not found.
+     */
+    abstract findByUsername(username: string): Promise<IdentityAccount | null>;
+    /**
+     * Persists a new identity account.
+     *
+     * @param data - Initial account properties.
+     * @returns A promise resolving to the fully created account object.
+     */
+    abstract create(data: Partial<IdentityAccount> & {
+        passwordHash?: string;
+    }): Promise<IdentityAccount>;
+    /**
+     * Updates an existing account's metadata or status.
+     *
+     * @param id - The internal account ID.
+     * @param data - Partial object containing fields to update.
+     */
+    abstract update(id: string, data: Partial<IdentityAccount>): Promise<void>;
+    /**
+     * Prohibits or allows an account from connecting.
+     *
+     * @param id - The internal account ID.
+     * @param banned - Connection status (true to block).
+     * @param reason - Optional explanation for the ban.
+     * @param expiresAt - Optional expiration timestamp.
+     */
+    abstract setBan(id: string, banned: boolean, reason?: string, expiresAt?: Date | null): Promise<void>;
+}
+/**
+ * Persistence contract for security roles.
+ *
+ * Implement this interface if your system requires dynamic role management
+ * from a database. If using code-first roles, this contract is optional.
+ *
+ * @public
+ */
+export declare abstract class RoleStore {
+    /**
+     * Retrieves a role definition by its technical name.
+     *
+     * @param name - Technical name (e.g., 'admin').
+     * @returns A promise resolving to the role or null if not found.
+     */
+    abstract findByName(name: string): Promise<IdentityRole | null>;
+    /**
+     * Resolves the default role for newly connected accounts.
+     *
+     * @returns A promise resolving to the default role definition.
+     */
+    abstract getDefaultRole(): Promise<IdentityRole>;
+    /**
+     * Creates or updates a role definition.
+     *
+     * @param role - The complete role object.
+     */
+    abstract save(role: IdentityRole): Promise<void>;
+    /**
+     * Removes a role from the system.
+     *
+     * @param name - Technical name of the role to delete.
+     */
+    abstract delete(name: string): Promise<void>;
+}

package/dist/contracts.js

@@ -0,0 +1,21 @@
+/**
+ * Persistence contract for identity accounts.
+ *
+ * Implement this interface to provide a storage backend (SQL, NoSQL, or API)
+ * for account-related operations. The identity system depends on this contract
+ * to lookup and manage persistent player state.
+ *
+ * @public
+ */
+export class IdentityStore {
+}
+/**
+ * Persistence contract for security roles.
+ *
+ * Implement this interface if your system requires dynamic role management
+ * from a database. If using code-first roles, this contract is optional.
+ *
+ * @public
+ */
+export class RoleStore {
+}

package/dist/index.d.ts

@@ -1,70 +1,89 @@
-import * as Setup from "./setup";
-import type * as Entities from "./entities/account.entity";
-import type * as RoleEntities from "./entities/role.entity";
-import * as AccountRepo from "./repositories/account.repository";
-import * as RoleRepo from "./repositories/role.repository";
-import * as AcctService from "./services/account.service";
-import * as RService from "./services/role.service";
-import * as CacheService from "./services/cache/memory-cache.service";
-import * as LocalAuth from "./services/auth/local-auth.provider";
-import * as CredentialsAuth from "./services/auth/credentials-auth.provider";
-import * as ApiAuth from "./services/auth/api-auth.provider";
-import * as LocalPrincipal from "./services/principal/local-principal.provider";
-import * as ApiPrincipal from "./services/principal/api-principal.provider";
-import * as AuthProvider from "./services/identity-auth.provider";
-import * as PrincipalProvider from "./services/identity-principal.provider";
-import type * as Types from "./types";
-import type * as AuthTypes from "./types/auth.types";
-import type * as Events from "./events/identity.events";
+import { LocalAuthProvider as LocalAuthImpl } from "./providers/auth/local-auth.provider";
+import { CredentialsAuthProvider as CredentialsAuthImpl } from "./providers/auth/credentials-auth.provider";
+import { ApiAuthProvider as ApiAuthImpl } from "./providers/auth/api-auth.provider";
+import { IdentityPrincipalProvider as PrincipalProviderImpl } from "./providers/principal/local-principal.provider";
+import { ApiPrincipalProvider as ApiPrincipalImpl } from "./providers/principal/api-principal.provider";
+import { AccountService as AccountServiceImpl } from "./services/account.service";
+import { RoleService as RoleServiceImpl } from "./services/role.service";
+import { IdentityStore as IdentityStoreContract, RoleStore as RoleStoreContract } from "./contracts";
+import type { IdentityOptions as OptionsType, IdentityRole as RoleType, IdentityAccount as AccountType, AuthMode as AuthModeType, PrincipalMode as PrincipalModeType } from "./types";
+/**
+ * OpenCore Identity Namespace
+ *
+ * Provides a centralized identity, authentication, and authorization system
+ * designed to integrate seamlessly with the OpenCore Framework SPI.
+ *
+ * @public
+ */
 export declare namespace Identity {
-    const setup: typeof Setup.setupIdentity;
-    type SetupOptions = Setup.IdentitySetupOptions;
-    type Account = Entities.Account;
-    type Role = RoleEntities.Role;
-    export import AccountRepository = AccountRepo.AccountRepository;
-    export import RoleRepository = RoleRepo.RoleRepository;
-    export import AccountService = AcctService.AccountService;
-    export import RoleService = RService.RoleService;
-    export import MemoryCacheService = CacheService.MemoryCacheService;
-    export import LocalAuthProvider = LocalAuth.LocalAuthProvider;
-    export import CredentialsAuthProvider = CredentialsAuth.CredentialsAuthProvider;
-    export import ApiAuthProvider = ApiAuth.ApiAuthProvider;
-    export import LocalPrincipalProvider = LocalPrincipal.LocalPrincipalProvider;
-    export import ApiPrincipalProvider = ApiPrincipal.ApiPrincipalProvider;
-    export import IdentityAuthProvider = AuthProvider.IdentityAuthProvider;
-    export import IdentityPrincipalProvider = PrincipalProvider.IdentityPrincipalProvider;
-    type IdentifierType = Types.IdentifierType;
-    type AccountIdentifiers = Types.AccountIdentifiers;
-    type CreateAccountInput = Types.CreateAccountInput;
-    type BanOptions = Types.BanOptions;
-    type AuthSession = Types.AuthSession;
-    type CreateRoleInput = Types.CreateRoleInput;
-    type UpdateRoleInput = Types.UpdateRoleInput;
-    type ApiAuthConfig = AuthTypes.ApiAuthConfig;
-    type ApiAuthResponse = AuthTypes.ApiAuthResponse;
-    type ApiPrincipalResponse = AuthTypes.ApiPrincipalResponse;
-    type CacheOptions = AuthTypes.CacheOptions;
-    type AccountCreatedEvent = Events.AccountCreatedEvent;
-    type AccountBannedEvent = Events.AccountBannedEvent;
-    type AccountUnbannedEvent = Events.AccountUnbannedEvent;
-    type AccountLoggedInEvent = Events.AccountLoggedInEvent;
-    type IdentityEventMap = Events.IdentityEventMap;
+    /**
+     * Registers a custom identity store implementation.
+     * Must be called before `Identity.install()`.
+     *
+     * @param store - The class implementation of the IdentityStore contract.
+     */
+    function setIdentityStore(store: {
+        new (...args: any[]): IdentityStoreContract;
+    }): void;
+    /**
+     * Registers a custom role store implementation.
+     * Required for 'db' principal mode. Must be called before `Identity.install()`.
+     *
+     * @param store - The class implementation of the RoleStore contract.
+     */
+    function setRoleStore(store: {
+        new (...args: any[]): RoleStoreContract;
+    }): void;
+    /**
+     * Installs the Identity plugin into the OpenCore Framework.
+     *
+     * This function registers the necessary Authentication and Principal providers
+     * into the framework's SPI via `Server.setAuthProvider` and `Server.setPrincipalProvider`.
+     *
+     * @param options - Configuration options for the identity system.
+     *
+     * @example
+     * ```ts
+     * Identity.install({
+     *   auth: { mode: 'local', autoCreate: true },
+     *   principal: {
+     *     mode: 'roles',
+     *     roles: {
+     *       admin: { name: 'admin', rank: 100, permissions: ['*'] },
+     *       user: { name: 'user', rank: 0, permissions: ['chat.use'] }
+     *     }
+     *   }
+     * });
+     * ```
+     */
+    function install(options: OptionsType): void;
+    type IdentityOptions = OptionsType;
+    type IdentityRole = RoleType;
+    type IdentityAccount = AccountType;
+    type AuthMode = AuthModeType;
+    type PrincipalMode = PrincipalModeType;
+    /** Identity account persistence contract */
+    type IdentityStore = IdentityStoreContract;
+    /** Role definition persistence contract */
+    type RoleStore = RoleStoreContract;
+    /** Service for managing identity accounts */
+    type AccountService = AccountServiceImpl;
+    /** Service for managing security roles */
+    type RoleService = RoleServiceImpl;
+    /** Local (identifier-based) authentication provider */
+    type LocalAuthProvider = LocalAuthImpl;
+    /** Credentials (username/password) authentication provider */
+    type CredentialsAuthProvider = CredentialsAuthImpl;
+    /** API-based authentication provider */
+    type ApiAuthProvider = ApiAuthImpl;
+    /** Framework-integrated authorization provider */
+    type IdentityPrincipalProvider = PrincipalProviderImpl;
+    /** API-based authorization provider */
+    type ApiPrincipalProvider = ApiPrincipalImpl;
 }
-export { setupIdentity, type IdentitySetupOptions } from "./setup";
-export * from "./entities/account.entity";
-export * from "./entities/role.entity";
-export * from "./repositories/account.repository";
-export * from "./repositories/role.repository";
-export * from "./services/account.service";
-export * from "./services/role.service";
-export * from "./services/cache/memory-cache.service";
-export * from "./services/auth/local-auth.provider";
-export * from "./services/auth/credentials-auth.provider";
-export * from "./services/auth/api-auth.provider";
-export * from "./services/principal/local-principal.provider";
-export * from "./services/principal/api-principal.provider";
-export * from "./services/identity-auth.provider";
-export * from "./services/identity-principal.provider";
-export * from "./events/identity.events";
+export { AccountServiceImpl as AccountService };
+export { RoleServiceImpl as RoleService };
+export { IdentityStoreContract as IdentityStore, RoleStoreContract as RoleStore };
 export * from "./types";
-export * from "./types/auth.types";
+export * from "./tokens";
+export default Identity;

package/dist/index.js

@@ -1,60 +1,111 @@
-// Imports for namespace
-import * as Setup from "./setup";
-import * as AccountRepo from "./repositories/account.repository";
-import * as RoleRepo from "./repositories/role.repository";
-import * as AcctService from "./services/account.service";
-import * as RService from "./services/role.service";
-import * as CacheService from "./services/cache/memory-cache.service";
-import * as LocalAuth from "./services/auth/local-auth.provider";
-import * as CredentialsAuth from "./services/auth/credentials-auth.provider";
-import * as ApiAuth from "./services/auth/api-auth.provider";
-import * as LocalPrincipal from "./services/principal/local-principal.provider";
-import * as ApiPrincipal from "./services/principal/api-principal.provider";
-import * as AuthProvider from "./services/identity-auth.provider";
-import * as PrincipalProvider from "./services/identity-principal.provider";
-// Namespace for organized exports
-// eslint-disable-next-line @typescript-eslint/no-namespace
+import { Server } from "@open-core/framework";
+import { IDENTITY_OPTIONS } from "./tokens";
+import { LocalAuthProvider as LocalAuthImpl } from "./providers/auth/local-auth.provider";
+import { CredentialsAuthProvider as CredentialsAuthImpl } from "./providers/auth/credentials-auth.provider";
+import { ApiAuthProvider as ApiAuthImpl } from "./providers/auth/api-auth.provider";
+import { IdentityPrincipalProvider as PrincipalProviderImpl } from "./providers/principal/local-principal.provider";
+import { ApiPrincipalProvider as ApiPrincipalImpl } from "./providers/principal/api-principal.provider";
+import { AccountService as AccountServiceImpl } from "./services/account.service";
+import { RoleService as RoleServiceImpl } from "./services/role.service";
+import { IdentityStore as IdentityStoreContract, RoleStore as RoleStoreContract } from "./contracts";
+/**
+ * OpenCore Identity Namespace
+ *
+ * Provides a centralized identity, authentication, and authorization system
+ * designed to integrate seamlessly with the OpenCore Framework SPI.
+ *
+ * @public
+ */
 export var Identity;
 (function (Identity) {
-    // Setup
-    Identity.setup = Setup.setupIdentity;
-    // Repositories
-    Identity.AccountRepository = AccountRepo.AccountRepository;
-    Identity.RoleRepository = RoleRepo.RoleRepository;
-    // Services
-    Identity.AccountService = AcctService.AccountService;
-    Identity.RoleService = RService.RoleService;
-    Identity.MemoryCacheService = CacheService.MemoryCacheService;
-    // Auth Providers
-    Identity.LocalAuthProvider = LocalAuth.LocalAuthProvider;
-    Identity.CredentialsAuthProvider = CredentialsAuth.CredentialsAuthProvider;
-    Identity.ApiAuthProvider = ApiAuth.ApiAuthProvider;
-    // Principal Providers
-    Identity.LocalPrincipalProvider = LocalPrincipal.LocalPrincipalProvider;
-    Identity.ApiPrincipalProvider = ApiPrincipal.ApiPrincipalProvider;
-    // Legacy providers (for backward compatibility)
-    Identity.IdentityAuthProvider = AuthProvider.IdentityAuthProvider;
-    Identity.IdentityPrincipalProvider = PrincipalProvider.IdentityPrincipalProvider;
+    /**
+     * Registers a custom identity store implementation.
+     * Must be called before `Identity.install()`.
+     *
+     * @param store - The class implementation of the IdentityStore contract.
+     */
+    function setIdentityStore(store) {
+        const container = globalThis.oc_container;
+        if (!container)
+            throwContainerError();
+        container.registerSingleton(IdentityStoreContract, store);
+    }
+    Identity.setIdentityStore = setIdentityStore;
+    /**
+     * Registers a custom role store implementation.
+     * Required for 'db' principal mode. Must be called before `Identity.install()`.
+     *
+     * @param store - The class implementation of the RoleStore contract.
+     */
+    function setRoleStore(store) {
+        const container = globalThis.oc_container;
+        if (!container)
+            throwContainerError();
+        container.registerSingleton(RoleStoreContract, store);
+    }
+    Identity.setRoleStore = setRoleStore;
+    function throwContainerError() {
+        throw new Error("[OpenCore-Identity] Global container (globalThis.oc_container) not found. " +
+            "Ensure the framework is initialized before installing plugins.");
+    }
+    /**
+     * Installs the Identity plugin into the OpenCore Framework.
+     *
+     * This function registers the necessary Authentication and Principal providers
+     * into the framework's SPI via `Server.setAuthProvider` and `Server.setPrincipalProvider`.
+     *
+     * @param options - Configuration options for the identity system.
+     *
+     * @example
+     * ```ts
+     * Identity.install({
+     *   auth: { mode: 'local', autoCreate: true },
+     *   principal: {
+     *     mode: 'roles',
+     *     roles: {
+     *       admin: { name: 'admin', rank: 100, permissions: ['*'] },
+     *       user: { name: 'user', rank: 0, permissions: ['chat.use'] }
+     *     }
+     *   }
+     * });
+     * ```
+     */
+    function install(options) {
+        const container = globalThis.oc_container;
+        if (!container) {
+            throwContainerError();
+        }
+        // Register options (interface requires manual token)
+        container.registerInstance(IDENTITY_OPTIONS, options);
+        // Register Internal Services (concrete classes as tokens)
+        container.registerSingleton(AccountServiceImpl);
+        container.registerSingleton(RoleServiceImpl);
+        // Configure Auth SPI based on mode
+        if (options.auth.mode === "api") {
+            Server.setAuthProvider(ApiAuthImpl);
+        }
+        else if (options.auth.mode === "credentials") {
+            Server.setAuthProvider(CredentialsAuthImpl);
+        }
+        else {
+            Server.setAuthProvider(LocalAuthImpl);
+        }
+        // Configure Principal SPI based on mode
+        if (options.principal.mode === "api") {
+            Server.setPrincipalProvider(ApiPrincipalImpl);
+        }
+        else {
+            Server.setPrincipalProvider(PrincipalProviderImpl);
+        }
+    }
+    Identity.install = install;
 })(Identity || (Identity = {}));
-// Top-level exports for backward compatibility
-export { setupIdentity } from "./setup";
-export * from "./entities/account.entity";
-export * from "./entities/role.entity";
-export * from "./repositories/account.repository";
-export * from "./repositories/role.repository";
-export * from "./services/account.service";
-export * from "./services/role.service";
-export * from "./services/cache/memory-cache.service";
-// Auth providers
-export * from "./services/auth/local-auth.provider";
-export * from "./services/auth/credentials-auth.provider";
-export * from "./services/auth/api-auth.provider";
-// Principal providers
-export * from "./services/principal/local-principal.provider";
-export * from "./services/principal/api-principal.provider";
-// Legacy providers
-export * from "./services/identity-auth.provider";
-export * from "./services/identity-principal.provider";
-export * from "./events/identity.events";
+// Re-export high-level API
+export { AccountServiceImpl as AccountService };
+export { RoleServiceImpl as RoleService };
+export { IdentityStoreContract as IdentityStore, RoleStoreContract as RoleStore };
+// Export types and tokens for consumers
 export * from "./types";
-export * from "./types/auth.types";
+export * from "./tokens";
+// Default export
+export default Identity;

package/dist/providers/auth/api-auth.provider.d.ts

@@ -0,0 +1,52 @@
+import { Server } from "@open-core/framework";
+import type { IdentityOptions } from "../../types";
+/**
+ * Authentication provider that delegates logic to an external HTTP API.
+ *
+ * This provider implements the framework's {@link Server.AuthProviderContract} by
+ * performing network requests to a remote authentication service. It is suitable
+ * for environments with a centralized user database or SSO.
+ *
+ * @injectable
+ * @public
+ */
+export declare class ApiAuthProvider extends Server.AuthProviderContract {
+    private readonly options;
+    private readonly http;
+    /**
+     * Initializes a new instance of the ApiAuthProvider.
+     *
+     * @param options - Identity system configuration options.
+     * @param http - Framework HTTP service for remote communication.
+     */
+    constructor(options: IdentityOptions, http: Server.HttpService);
+    /**
+     * Authenticates a player by sending credentials to the external API.
+     *
+     * @param player - The framework player entity.
+     * @param credentials - Authentication data (e.g., tokens, external IDs).
+     * @returns A promise resolving to the remote authentication result.
+     */
+    authenticate(player: Server.Player, credentials: Record<string, unknown>): Promise<Server.AuthResult>;
+    /**
+     * Registers a player identity via the external API.
+     *
+     * @param player - The player to register.
+     * @param credentials - Registration data.
+     * @returns A promise resolving to the remote registration result.
+     */
+    register(player: Server.Player, credentials: Record<string, unknown>): Promise<Server.AuthResult>;
+    /**
+     * Validates the player's remote session.
+     *
+     * @param player - The framework player entity.
+     * @returns A promise resolving to the remote session validation result.
+     */
+    validateSession(player: Server.Player): Promise<Server.AuthResult>;
+    /**
+     * Notifies the external API that the player has logged out.
+     *
+     * @param player - The framework player entity.
+     */
+    logout(player: Server.Player): Promise<void>;
+}

package/dist/providers/auth/api-auth.provider.js

@@ -0,0 +1,82 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+import { injectable, inject } from "tsyringe";
+import { Server } from "@open-core/framework";
+import { IDENTITY_OPTIONS } from "../../tokens";
+/**
+ * Authentication provider that delegates logic to an external HTTP API.
+ *
+ * This provider implements the framework's {@link Server.AuthProviderContract} by
+ * performing network requests to a remote authentication service. It is suitable
+ * for environments with a centralized user database or SSO.
+ *
+ * @injectable
+ * @public
+ */
+let ApiAuthProvider = class ApiAuthProvider extends Server.AuthProviderContract {
+    /**
+     * Initializes a new instance of the ApiAuthProvider.
+     *
+     * @param options - Identity system configuration options.
+     * @param http - Framework HTTP service for remote communication.
+     */
+    constructor(options, http) {
+        super();
+        this.options = options;
+        this.http = http;
+    }
+    /**
+     * Authenticates a player by sending credentials to the external API.
+     *
+     * @param player - The framework player entity.
+     * @param credentials - Authentication data (e.g., tokens, external IDs).
+     * @returns A promise resolving to the remote authentication result.
+     */
+    async authenticate(player, credentials) {
+        // Placeholder: Implementation would use this.http.post(...)
+        return { success: false, error: "API Auth implementation pending" };
+    }
+    /**
+     * Registers a player identity via the external API.
+     *
+     * @param player - The player to register.
+     * @param credentials - Registration data.
+     * @returns A promise resolving to the remote registration result.
+     */
+    async register(player, credentials) {
+        return { success: false, error: "API Registration implementation pending" };
+    }
+    /**
+     * Validates the player's remote session.
+     *
+     * @param player - The framework player entity.
+     * @returns A promise resolving to the remote session validation result.
+     */
+    async validateSession(player) {
+        return { success: false, error: "API session validation pending" };
+    }
+    /**
+     * Notifies the external API that the player has logged out.
+     *
+     * @param player - The framework player entity.
+     */
+    async logout(player) {
+        // API logout logic
+    }
+};
+ApiAuthProvider = __decorate([
+    injectable(),
+    __param(0, inject(IDENTITY_OPTIONS)),
+    __metadata("design:paramtypes", [Object, Server.HttpService])
+], ApiAuthProvider);
+export { ApiAuthProvider };

package/dist/providers/auth/credentials-auth.provider.d.ts

@@ -0,0 +1,63 @@
+import { Server } from "@open-core/framework";
+import { IdentityStore } from "../../contracts";
+import type { IdentityOptions } from "../../types";
+/**
+ * Authentication provider for username and password credentials.
+ *
+ * This provider implements the framework's {@link Server.AuthProviderContract} using
+ * bcrypt for password hashing and validation. It requires an implementation
+ * of {@link IdentityStore} that supports username-based lookups.
+ *
+ * @injectable
+ * @public
+ */
+export declare class CredentialsAuthProvider extends Server.AuthProviderContract {
+    private readonly options;
+    private readonly store;
+    /** Cost factor for bcrypt hashing */
+    private readonly saltRounds;
+    /**
+     * Initializes a new instance of the CredentialsAuthProvider.
+     *
+     * @param options - Identity system configuration options.
+     * @param store - Persistence layer for account and credential data.
+     */
+    constructor(options: IdentityOptions, store: IdentityStore);
+    /**
+     * Authenticates a player using a username and password.
+     *
+     * @param player - The framework player entity.
+     * @param credentials - Object containing `username` and `password` strings.
+     * @returns A promise resolving to the authentication result.
+     */
+    authenticate(player: Server.Player, credentials: Record<string, unknown>): Promise<Server.AuthResult>;
+    /**
+     * Registers a new account with a username and password.
+     *
+     * @param player - The framework player entity.
+     * @param credentials - Object containing `username` and `password` strings.
+     * @returns A promise resolving to the registration result.
+     */
+    register(player: Server.Player, credentials: Record<string, unknown>): Promise<Server.AuthResult>;
+    /**
+     * Validates if the player's current linked account session is still active.
+     *
+     * @param player - The framework player entity.
+     * @returns A promise resolving to the validation result.
+     */
+    validateSession(player: Server.Player): Promise<Server.AuthResult>;
+    /**
+     * Performs logout logic for the player.
+     *
+     * @param player - The framework player entity.
+     */
+    logout(player: Server.Player): Promise<void>;
+    /**
+     * Internal helper to determine if an account is currently prohibited.
+     *
+     * @param account - The account to check.
+     * @returns True if the account is banned and the ban hasn't expired.
+     * @internal
+     */
+    private isBanned;
+}