@plyaz/auth 1.0.0 → 1.0.2

package/src/db/repositories/connected-account.repository.ts

@@ -1,13 +1,18 @@
-import { createClient } from '@supabase/supabase-js';
-import type { ConnectedAccount, ConnectedAccountRepository as IConnectedAccountRepository, CreateConnectedAccountData, UpdateConnectedAccountData } from '@/common/types/auth.types';
+import { createClient } from "@supabase/supabase-js";
+import type {
+  ConnectedAccount,
+  ConnectedAccountRepository as IConnectedAccountRepository,
+  CreateConnectedAccountData,
+  UpdateConnectedAccountData,
+} from "@/common/types/auth.types";
 
 /**
  * Repository for managing connected accounts (provider account linking)
- * 
+ *
  * @description
  * Handles CRUD operations for external provider accounts linked to users.
  * Supports OAuth providers (Clerk, Google, Facebook, etc.) and stores tokens.
- * 
+ *
  * @example
  * ```typescript
  * const repo = new ConnectedAccountRepository(supabaseUrl, supabaseKey);
@@ -26,42 +31,39 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
     this.supabase = createClient(supabaseUrl, supabaseKey);
   }
 
-
-
-
-
   /**
    * STEP 2: Create a new connected account
    * Links an external provider account to a user
-   * 
+   *
    * @param data - Connected account creation data
    * @returns Promise resolving to created ConnectedAccount
    * @throws Error if creation fails
    */
   async create(data: CreateConnectedAccountData): Promise<ConnectedAccount> {
     const insertData = this.transformToDbFormat(data);
-    
+
     const { data: accountData, error } = await this.supabase
-      .from('connected_accounts')
+      .from("connected_accounts")
       .insert(insertData)
       .select()
       .single();
 
-    if (error || !accountData) throw new Error(`Failed to create connected account: ${error?.message}`);
+    if (error || !accountData)
+      throw new Error(`Failed to create connected account: ${error?.message}`);
     return this.mapToConnectedAccount(accountData);
   }
 
   /**
    * STEP 3: Find connected account by ID
-   * 
+   *
    * @param id - Connected account UUID
    * @returns Promise resolving to ConnectedAccount or null if not found
    */
   async findById(id: string): Promise<ConnectedAccount | null> {
     const { data, error } = await this.supabase
-      .from('connected_accounts')
-      .select('*')
-      .eq('id', id)
+      .from("connected_accounts")
+      .select("*")
+      .eq("id", id)
       .single();
 
     if (error || !data) return null;
@@ -71,16 +73,16 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
   /**
    * STEP 4: Find all connected accounts for a user
    * Returns accounts ordered by creation date (newest first)
-   * 
+   *
    * @param userId - User UUID
    * @returns Promise resolving to array of ConnectedAccount
    */
   async findByUserId(userId: string): Promise<ConnectedAccount[]> {
     const { data, error } = await this.supabase
-      .from('connected_accounts')
-      .select('*')
-      .eq('user_id', userId)
-      .order('created_at', { ascending: false });
+      .from("connected_accounts")
+      .select("*")
+      .eq("user_id", userId)
+      .order("created_at", { ascending: false });
 
     if (error || !data) return [];
     return data.map(this.mapToConnectedAccount);
@@ -89,17 +91,20 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
   /**
    * STEP 5: Find connected account by provider credentials
    * Used for authentication - matches (provider, provider_account_id)
-   * 
+   *
    * @param provider - Provider name (e.g., 'clerk', 'google')
    * @param providerAccountId - Provider's user ID
    * @returns Promise resolving to ConnectedAccount or null if not found
    */
-  async findByProvider(provider: string, providerAccountId: string): Promise<ConnectedAccount | null> {
+  async findByProvider(
+    provider: string,
+    providerAccountId: string,
+  ): Promise<ConnectedAccount | null> {
     const { data, error } = await this.supabase
-      .from('connected_accounts')
-      .select('*')
-      .eq('provider', provider)
-      .eq('provider_account_id', providerAccountId)
+      .from("connected_accounts")
+      .select("*")
+      .eq("provider", provider)
+      .eq("provider_account_id", providerAccountId)
       .single();
 
     if (error || !data) return null;
@@ -109,28 +114,35 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
   /**
    * Find connected account by provider and ID (alias for compatibility)
    */
-  async findByProviderAndId(provider: string, providerAccountId: string): Promise<ConnectedAccount | null> {
+  async findByProviderAndId(
+    provider: string,
+    providerAccountId: string,
+  ): Promise<ConnectedAccount | null> {
     return this.findByProvider(provider, providerAccountId);
   }
 
   /**
    * Update tokens for connected account
    */
-  async updateTokens(accountId: string, accessToken: string, refreshToken?: string): Promise<void> {
+  async updateTokens(
+    accountId: string,
+    accessToken: string,
+    refreshToken?: string,
+  ): Promise<void> {
     const updateData = {
       access_token_encrypted: accessToken,
       updated_at: new Date(),
-      refresh_token_encrypted:refreshToken
+      refresh_token_encrypted: refreshToken,
     };
-    
+
     if (refreshToken) {
       updateData.refresh_token_encrypted = refreshToken;
     }
 
     const { error } = await this.supabase
-      .from('connected_accounts')
+      .from("connected_accounts")
       .update(updateData)
-      .eq('id', accountId);
+      .eq("id", accountId);
 
     if (error) throw new Error(`Failed to update tokens: ${error.message}`);
   }
@@ -138,39 +150,44 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
   /**
    * STEP 6: Update connected account
    * Updates tokens, profile info, or metadata
-   * 
+   *
    * @param id - Connected account UUID
    * @param data - Partial update data
    * @returns Promise resolving to updated ConnectedAccount
    * @throws Error if update fails
    */
-  async update(id: string, data: UpdateConnectedAccountData): Promise<ConnectedAccount> {
+  async update(
+    id: string,
+    data: UpdateConnectedAccountData,
+  ): Promise<ConnectedAccount> {
     const updateData = this.buildUpdateData(data);
 
     const { data: accountData, error } = await this.supabase
-      .from('connected_accounts')
+      .from("connected_accounts")
       .update(updateData)
-      .eq('id', id)
+      .eq("id", id)
       .select()
       .single();
 
-    if (error || !accountData) throw new Error(`Failed to update connected account: ${error?.message}`);
+    if (error || !accountData)
+      throw new Error(`Failed to update connected account: ${error?.message}`);
     return this.mapToConnectedAccount(accountData);
   }
 
   /**
    * STEP 7: Delete connected account (unlink provider)
-   * 
+   *
    * @param id - Connected account UUID
    * @throws Error if deletion fails
    */
   async delete(id: string): Promise<void> {
     const { error } = await this.supabase
-      .from('connected_accounts')
+      .from("connected_accounts")
       .delete()
-      .eq('id', id);
+      .eq("id", id);
 
-    if (error) throw new Error(`Failed to delete connected account: ${error.message}`);
+    if (error)
+      throw new Error(`Failed to delete connected account: ${error.message}`);
   }
 
   /**
@@ -181,11 +198,11 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
    */
   async findPrimary(userId: string): Promise<ConnectedAccount | null> {
     const { data, error } = await this.supabase
-      .from('connected_accounts')
-      .select('*')
-      .eq('user_id', userId)
-      .eq('is_primary', true)
-      .eq('is_active', true)
+      .from("connected_accounts")
+      .select("*")
+      .eq("user_id", userId)
+      .eq("is_primary", true)
+      .eq("is_active", true)
       .single();
 
     if (error || !data) return null;
@@ -201,18 +218,19 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
   async setPrimary(userId: string, accountId: string): Promise<void> {
     // First, unset all primary accounts for user
     await this.supabase
-      .from('connected_accounts')
+      .from("connected_accounts")
       .update({ is_primary: false, updated_at: new Date() })
-      .eq('user_id', userId);
+      .eq("user_id", userId);
 
     // Then set the specified account as primary
     const { error } = await this.supabase
-      .from('connected_accounts')
+      .from("connected_accounts")
       .update({ is_primary: true, updated_at: new Date() })
-      .eq('id', accountId)
-      .eq('user_id', userId);
+      .eq("id", accountId)
+      .eq("user_id", userId);
 
-    if (error) throw new Error(`Failed to set primary account: ${error.message}`);
+    if (error)
+      throw new Error(`Failed to set primary account: ${error.message}`);
   }
 
   /**
@@ -223,10 +241,14 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
    * @param providerData - Provider account data
    * @returns Created connected account
    */
-  async linkAccount(userId: string, provider: string, providerData: ConnectedAccount): Promise<ConnectedAccount> {
+  async linkAccount(
+    userId: string,
+    provider: string,
+    providerData: ConnectedAccount,
+  ): Promise<ConnectedAccount> {
     const accountData = {
       user_id: userId,
-      provider_type: providerData.providerType ?? 'OAUTH',
+      provider_type: providerData.providerType ?? "OAUTH",
       provider,
       provider_account_id: providerData.providerAccountId,
       provider_email: providerData.providerEmail,
@@ -239,22 +261,23 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
       is_active: true,
       linked_at: new Date(),
       created_at: new Date(),
-      updated_at: new Date()
+      updated_at: new Date(),
     };
 
     const { data, error } = await this.supabase
-      .from('connected_accounts')
+      .from("connected_accounts")
       .insert(accountData)
       .select()
       .single();
 
-    if (error || !data) throw new Error(`Failed to link account: ${error?.message}`);
-    
+    if (error || !data)
+      throw new Error(`Failed to link account: ${error?.message}`);
+
     const connectedAccount = this.mapToConnectedAccount(data);
-    
+
     // Emit account linked event
     this.emitAccountLinkedEvent(userId, provider, connectedAccount.id);
-    
+
     return connectedAccount;
   }
 
@@ -267,18 +290,18 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
     // Get account details
     const account = await this.findById(accountId);
     if (!account) {
-      throw new Error('Connected account not found');
+      throw new Error("Connected account not found");
     }
 
     // Check if this is the last authentication method
     const userAccounts = await this.findByUserId(account.userId);
     if (userAccounts.length <= 1) {
-      throw new Error('Cannot unlink the last authentication method');
+      throw new Error("Cannot unlink the last authentication method");
     }
 
     // Delete the account
     await this.delete(accountId);
-    
+
     // Emit account unlinked event
     this.emitAccountUnlinkedEvent(account.userId, account.provider, accountId);
   }
@@ -290,13 +313,17 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
    * @param accountId - Account identifier
    * @private
    */
-  private emitAccountLinkedEvent(userId: string, provider: string, accountId: string): void {
+  private emitAccountLinkedEvent(
+    userId: string,
+    provider: string,
+    accountId: string,
+  ): void {
     // Mock event emission - in real implementation would use event system
-    globalThis.console.log('Event: auth.account.linked', {
+    globalThis.console.log("Event: auth.account.linked", {
       userId,
       provider,
       accountId,
-      timestamp: new Date()
+      timestamp: new Date(),
     });
   }
 
@@ -307,13 +334,17 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
    * @param accountId - Account identifier
    * @private
    */
-  private emitAccountUnlinkedEvent(userId: string, provider: string, accountId: string): void {
+  private emitAccountUnlinkedEvent(
+    userId: string,
+    provider: string,
+    accountId: string,
+  ): void {
     // Mock event emission - in real implementation would use event system
-    globalThis.console.log('Event: auth.account.unlinked', {
+    globalThis.console.log("Event: auth.account.unlinked", {
       userId,
       provider,
       accountId,
-      timestamp: new Date()
+      timestamp: new Date(),
     });
   }
 
@@ -321,7 +352,12 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
    * Transform camelCase DTO to snake_case database format
    * @private
    */
-  private transformToDbFormat(data: CreateConnectedAccountData): Record<string, string| undefined | Record<string, unknown> |Date | boolean > {
+  private transformToDbFormat(
+    data: CreateConnectedAccountData,
+  ): Record<
+    string,
+    string | undefined | Record<string, unknown> | Date | boolean
+  > {
     return {
       user_id: data.userId,
       provider_type: data.providerType,
@@ -351,9 +387,13 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
    * Build update data with only defined fields
    * @private
    */
-  private buildUpdateData(data: UpdateConnectedAccountData): Record<string, string> {
-    const result: Record<string, string> = { updated_at: new Date().toString() };
-    
+  private buildUpdateData(
+    data: UpdateConnectedAccountData,
+  ): Record<string, string> {
+    const result: Record<string, string> = {
+      updated_at: new Date().toString(),
+    };
+
     // Only include defined fields
     Object.entries(data).forEach(([key, value]) => {
       if (value !== undefined) {
@@ -361,7 +401,7 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
         result[dbKey] = value;
       }
     });
-    
+
     return result;
   }
 
@@ -370,13 +410,13 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
    * @private
    */
   private camelToSnake(str: string): string {
-    return str.replace(/[A-Z]/g, letter => `_${letter.toLowerCase()}`);
+    return str.replace(/[A-Z]/g, (letter) => `_${letter.toLowerCase()}`);
   }
 
   /**
    * STEP 8: Map database row to ConnectedAccount interface
    * Converts snake_case to camelCase
-   * 
+   *
    * @param data - Raw database row
    * @returns Mapped ConnectedAccount object
    * @private
@@ -398,7 +438,9 @@ export class ConnectedAccountRepository implements IConnectedAccountRepository {
       chainId: data.chainId,
       accessTokenEncrypted: data.accessTokenEncrypted,
       refreshTokenEncrypted: data.refreshTokenEncrypted,
-      tokenExpiresAt: data.tokenExpiresAt ? new Date(data.tokenExpiresAt) : undefined,
+      tokenExpiresAt: data.tokenExpiresAt
+        ? new Date(data.tokenExpiresAt)
+        : undefined,
       tokenScope: data.tokenScope,
       isPrimary: data.isPrimary,
       isVerified: data.isVerified,

package/src/db/repositories/role.repository.ts

@@ -1,22 +1,22 @@
 /**
  * @fileoverview Role hierarchy manager for @plyaz/auth
  * @module @plyaz/auth/rbac/role-hierarchy
- * 
+ *
  * @description
  * Manages role hierarchy and inheritance for role-based access control.
  * Handles role precedence, permission inheritance, and hierarchical
  * role validation. Enables complex organizational structures with
  * inherited permissions and role-based delegation.
- * 
+ *
  * @example
  * ```typescript
  * import { RoleHierarchy } from '@plyaz/auth';
- * 
+ *
  * const hierarchy = new RoleHierarchy();
  * hierarchy.addRole({ id: 'admin', name: 'Admin', permissions: ['*'] });
  * hierarchy.addRole({ id: 'moderator', name: 'Moderator', permissions: ['read', 'write'] });
  * hierarchy.addRoleRelationship('moderator', 'admin');
- * 
+ *
  * const hasAdminAccess = hierarchy.hasPermission('moderator', 'delete');
  * console.log(hierarchy.getHierarchyTree());
  * ```
@@ -29,9 +29,9 @@ import type { Role, RoleHierarchyConfig, RoleNode } from "@plyaz/types";
  * Manages role relationships and permission inheritance
  */
 
-  interface AddRole extends Role {
-    permissions?:[]
-  }
+interface AddRole extends Role {
+  permissions?: [];
+}
 
 export class RoleHierarchy {
   private readonly config: RoleHierarchyConfig;
@@ -44,7 +44,7 @@ export class RoleHierarchy {
       maxDepth: 10,
       detectCircular: true,
       cacheInheritance: true,
-      ...config
+      ...config,
     };
   }
 
@@ -57,11 +57,11 @@ export class RoleHierarchy {
       role,
       parents: new Set(),
       children: new Set(),
-      permissions: new Set(role.permissions ?? [])
+      permissions: new Set(role.permissions ?? []),
     };
 
     this.roles.set(role.id, roleNode);
-    
+
     // Clear cache when hierarchy changes
     if (this.config.cacheInheritance) {
       this.hierarchyCache.clear();
@@ -73,7 +73,7 @@ export class RoleHierarchy {
    */
   removeRole(roleId: string): void {
     const roleNode = this.roles.get(roleId);
-    
+
     if (!roleNode) {
       return;
     }
@@ -94,7 +94,7 @@ export class RoleHierarchy {
     }
 
     this.roles.delete(roleId);
-    
+
     // Clear cache when hierarchy changes
     if (this.config.cacheInheritance) {
       this.hierarchyCache.clear();
@@ -109,18 +109,23 @@ export class RoleHierarchy {
     const parentRole = this.roles.get(parentRoleId);
 
     if (!childRole || !parentRole) {
-      throw new Error('Role not found');
+      throw new Error("Role not found");
     }
 
     // Check for circular dependencies
-    if (this.config.detectCircular && this.inheritsFrom(parentRoleId, childRoleId)) {
-      throw new Error('Adding relationship would create circular dependency');
+    if (
+      this.config.detectCircular &&
+      this.inheritsFrom(parentRoleId, childRoleId)
+    ) {
+      throw new Error("Adding relationship would create circular dependency");
     }
 
     // Check hierarchy depth
     const depth = this.calculateDepth(parentRoleId);
     if (depth >= this.config.maxDepth) {
-      throw new Error(`Maximum hierarchy depth exceeded: ${depth}/${this.config.maxDepth}`);
+      throw new Error(
+        `Maximum hierarchy depth exceeded: ${depth}/${this.config.maxDepth}`,
+      );
     }
 
     // Add relationship
@@ -290,7 +295,6 @@ export class RoleHierarchy {
     return effectivePermissions;
   }
 
-
   /**
    * Validate hierarchy integrity
    */
@@ -313,7 +317,9 @@ export class RoleHierarchy {
     for (const roleId of this.roles.keys()) {
       const depth = this.calculateDepth(roleId);
       if (depth > this.config.maxDepth) {
-        issues.push(`Role ${roleId} exceeds maximum hierarchy depth: ${depth}/${this.config.maxDepth}`);
+        issues.push(
+          `Role ${roleId} exceeds maximum hierarchy depth: ${depth}/${this.config.maxDepth}`,
+        );
       }
     }
 
@@ -321,20 +327,24 @@ export class RoleHierarchy {
     for (const [roleId, roleNode] of this.roles.entries()) {
       for (const parentId of roleNode.parents) {
         if (!this.roles.has(parentId)) {
-          issues.push(`Role ${roleId} references non-existent parent: ${parentId}`);
+          issues.push(
+            `Role ${roleId} references non-existent parent: ${parentId}`,
+          );
         }
       }
 
       for (const childId of roleNode.children) {
         if (!this.roles.has(childId)) {
-          issues.push(`Role ${roleId} references non-existent child: ${childId}`);
+          issues.push(
+            `Role ${roleId} references non-existent child: ${childId}`,
+          );
         }
       }
     }
 
     return {
       valid: issues.length === 0,
-      issues
+      issues,
     };
   }
 
@@ -363,7 +373,7 @@ export class RoleHierarchy {
     for (const [roleId, roleNode] of this.roles.entries()) {
       if (roleNode.parents.size === 0) rootRoles++;
       if (roleNode.children.size === 0) leafRoles++;
-      
+
       const depth = this.calculateDepth(roleId);
       maxDepth = Math.max(maxDepth, depth);
       totalPermissions += roleNode.permissions.size;
@@ -374,7 +384,10 @@ export class RoleHierarchy {
       maxDepth,
       rootRoles,
       leafRoles,
-      avgPermissions: this.roles.size > 0 ? Math.round(totalPermissions / this.roles.size) : 0
+      avgPermissions:
+        this.roles.size > 0
+          ? Math.round(totalPermissions / this.roles.size)
+          : 0,
     };
   }
 
@@ -461,7 +474,7 @@ export class RoleHierarchy {
   private detectCircularRecursive(
     roleId: string,
     visited: Set<string>,
-    recursionStack: Set<string>
+    recursionStack: Set<string>,
   ): boolean {
     visited.add(roleId);
     recursionStack.add(roleId);
@@ -496,7 +509,9 @@ export class RoleHierarchy {
   /**
    * Build role tree recursively
    */
-  private buildRoleTree(roleId: string): { role: Role; children: Record<string, unknown> } | null {
+  private buildRoleTree(
+    roleId: string,
+  ): { role: Role; children: Record<string, unknown> } | null {
     const roleNode = this.roles.get(roleId);
     if (!roleNode) {
       return null;
@@ -504,7 +519,7 @@ export class RoleHierarchy {
 
     const tree: { role: Role; children: Record<string, unknown> } = {
       role: roleNode.role,
-      children: {}
+      children: {},
     };
 
     for (const childId of roleNode.children) {