@plyaz/auth 1.0.0 → 1.0.2

package/src/client/utils/storage.ts

@@ -6,7 +6,7 @@
 
 class StorageManager {
   private get storage() {
-    return typeof globalThis !== 'undefined' ? (globalThis ).localStorage : null;
+    return typeof globalThis !== "undefined" ? globalThis.localStorage : null;
   }
 
   getItem(key: string): string | null {
@@ -14,12 +14,21 @@ class StorageManager {
     try {
       return this.storage.getItem(key);
     } catch (error) {
-      if (error instanceof DOMException && error.name === 'QuotaExceededError') {
-        globalThis.console.warn('localStorage quota exceeded:', error);
-      } else if (error instanceof DOMException && error.name === 'SecurityError') {
-         globalThis.console.warn('localStorage access denied (private browsing):', error);
+      if (
+        error instanceof DOMException &&
+        error.name === "QuotaExceededError"
+      ) {
+        globalThis.console.warn("localStorage quota exceeded:", error);
+      } else if (
+        error instanceof DOMException &&
+        error.name === "SecurityError"
+      ) {
+        globalThis.console.warn(
+          "localStorage access denied (private browsing):",
+          error,
+        );
       } else {
-         globalThis.console.warn('localStorage.getItem failed:', error);
+        globalThis.console.warn("localStorage.getItem failed:", error);
       }
       return null;
     }
@@ -30,12 +39,24 @@ class StorageManager {
     try {
       this.storage.setItem(key, value);
     } catch (error) {
-      if (error instanceof DOMException && error.name === 'QuotaExceededError') {
-         globalThis.console.warn('localStorage quota exceeded, cannot save:', error);
-      } else if (error instanceof DOMException && error.name === 'SecurityError') {
-         globalThis.console.warn('localStorage access denied (private browsing):', error);
+      if (
+        error instanceof DOMException &&
+        error.name === "QuotaExceededError"
+      ) {
+        globalThis.console.warn(
+          "localStorage quota exceeded, cannot save:",
+          error,
+        );
+      } else if (
+        error instanceof DOMException &&
+        error.name === "SecurityError"
+      ) {
+        globalThis.console.warn(
+          "localStorage access denied (private browsing):",
+          error,
+        );
       } else {
-         globalThis.console.warn('localStorage.setItem failed:', error);
+        globalThis.console.warn("localStorage.setItem failed:", error);
       }
     }
   }
@@ -45,10 +66,13 @@ class StorageManager {
     try {
       this.storage.removeItem(key);
     } catch (error) {
-      if (error instanceof DOMException && error.name === 'SecurityError') {
-         globalThis.console.warn('localStorage access denied (private browsing):', error);
+      if (error instanceof DOMException && error.name === "SecurityError") {
+        globalThis.console.warn(
+          "localStorage access denied (private browsing):",
+          error,
+        );
       } else {
-         globalThis.console.warn('localStorage.removeItem failed:', error);
+        globalThis.console.warn("localStorage.removeItem failed:", error);
       }
     }
   }
@@ -58,13 +82,16 @@ class StorageManager {
     try {
       this.storage.clear();
     } catch (error) {
-      if (error instanceof DOMException && error.name === 'SecurityError') {
-        globalThis. console.warn('localStorage access denied (private browsing):', error);
+      if (error instanceof DOMException && error.name === "SecurityError") {
+        globalThis.console.warn(
+          "localStorage access denied (private browsing):",
+          error,
+        );
       } else {
-         globalThis.console.warn('localStorage.clear failed:', error);
+        globalThis.console.warn("localStorage.clear failed:", error);
       }
     }
   }
 }
 
-export const storage = new StorageManager();
+export const storage = new StorageManager();

package/src/common/constants/oauth-providers.ts

@@ -1,17 +1,17 @@
 // /**
 //  * @fileoverview OAuth provider constants for @plyaz/auth
 //  * @module @plyaz/auth/constants/oauth-providers
-//  * 
+//  *
 //  * @description
 //  * Defines supported OAuth providers and their configurations.
 //  * Used by adapters, strategies, and frontend components to handle
 //  * OAuth authentication flows. Provides standardized provider names
 //  * and metadata for consistent provider handling.
-//  * 
+//  *
 //  * @example
 //  * ```typescript
 //  * import { OAUTH_PROVIDERS, OAuthProviderConfig } from '@plyaz/auth';
-//  * 
+//  *
 //  * const googleConfig = OAUTH_PROVIDER_CONFIGS[OAUTH_PROVIDERS.GOOGLE];
 //  * const authUrl = `${googleConfig.authUrl}?client_id=${clientId}`;
 //  * ```
@@ -21,13 +21,14 @@ import { OAUTH_PROVIDER_CONFIGS } from "@plyaz/config";
 import type { OAuthProvider, OAuthProviderConfig } from "@plyaz/types";
 import { OAUTH_PROVIDERS } from "@plyaz/types";
 
-
 /**
  * Get OAuth provider configuration by provider name
  * @param provider - OAuth provider name
  * @returns Provider configuration or null if not found
  */
-export function getOAuthProviderConfig(provider: string): OAuthProviderConfig | null {
+export function getOAuthProviderConfig(
+  provider: string,
+): OAuthProviderConfig | null {
   return OAUTH_PROVIDER_CONFIGS[provider as OAuthProvider] || null;
 }
 
@@ -36,7 +37,9 @@ export function getOAuthProviderConfig(provider: string): OAuthProviderConfig |
  * @param provider - Provider name to check
  * @returns True if provider is supported
  */
-export function isOAuthProviderSupported(provider: string): provider is OAuthProvider {
+export function isOAuthProviderSupported(
+  provider: string,
+): provider is OAuthProvider {
   return Object.values(OAUTH_PROVIDERS).includes(provider as OAuthProvider);
 }
 
@@ -46,4 +49,4 @@ export function isOAuthProviderSupported(provider: string): provider is OAuthPro
  */
 export function getSupportedOAuthProviders(): OAuthProvider[] {
   return Object.values(OAUTH_PROVIDERS);
-}
+}

package/src/common/errors/auth.errors.ts

@@ -1,17 +1,17 @@
 // /**
 //  * @fileoverview Authentication error classes for @plyaz/auth
 //  * @module @plyaz/auth/errors
-//  * 
+//  *
 //  * @description
 //  * Defines custom error classes for authentication and authorization failures.
 //  * These errors provide structured error information for proper error handling
 //  * throughout the authentication system. Includes both specific error classes
 //  * and legacy compatibility classes.
-//  * 
+//  *
 //  * @example
 //  * ```typescript
 //  * import { InvalidCredentialsError, TokenExpiredError } from '@plyaz/auth';
-//  * 
+//  *
 //  * throw new InvalidCredentialsError('Invalid email or password');
 //  * throw new TokenExpiredError('Access token has expired');
 //  * ```
@@ -61,4 +61,4 @@
 //   constructor(message = 'User not found') {
 //     super(message, 'USER_NOT_FOUND');
 //   }
-// }
+// }

package/src/common/errors/specific-auth-errors.ts

@@ -1,20 +1,20 @@
 // /**
 //  * @fileoverview Specific authentication error classes for @plyaz/auth
 //  * @module @plyaz/auth/errors/specific-auth-errors
-//  * 
+//  *
 //  * @description
 //  * Defines specific error classes for different authentication failure scenarios.
 //  * Each error class provides structured error information including error codes,
 //  * HTTP status codes, and localized messages. Used throughout the auth system
 //  * for consistent error handling and user feedback.
-//  * 
+//  *
 //  * @example
 //  * ```typescript
 //  * import { InvalidCredentialsError, TokenExpiredError } from '@plyaz/auth';
-//  * 
+//  *
 //  * // Throw specific error
 //  * throw new InvalidCredentialsError('Invalid email or password');
-//  * 
+//  *
 //  * // Handle specific error
 //  * if (error instanceof TokenExpiredError) {
 //  *   // Refresh token logic
@@ -24,8 +24,6 @@
 
 // import { AUTH_ERROR_CODES, ERROR_CODE_TO_HTTP_STATUS } from "@plyaz/types";
 
-
-
 // /**
 //  * Base authentication error class
 //  * Provides common error structure for all auth-related errors
@@ -49,7 +47,7 @@
 //     this.code = code;
 //     this.statusCode = statusCode;
 //     this.context = context;
-    
+
 //     // Maintain proper stack trace
 //     if (Error.captureStackTrace) {
 //       Error.captureStackTrace(this, this.constructor);
@@ -197,5 +195,3 @@
 //     );
 //   }
 // }
-
-

package/src/common/regex/index.ts

@@ -11,17 +11,19 @@ export const PASSWORD_REGEX = {
   HAS_LOWERCASE: /[a-z]/,
   HAS_NUMBER: /\d/,
   HAS_SPECIAL: /[!@#$%^&*(),.?":{}|<>]/,
-  STRONG: /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*(),.?":{}|<>]).{8,}$/
+  STRONG: /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*(),.?":{}|<>]).{8,}$/,
 };
 
 export const PHONE_REGEX = /^\+?[1-9]\d{1,14}$/;
 
 export const USERNAME_REGEX = /^[a-zA-Z0-9_]{3,20}$/;
 
-export const URL_REGEX = /^https?:\/\/(www\.)?[-a-zA-Z0-9@:%._+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_+.~#?&//=]*)$/;
+export const URL_REGEX =
+  /^https?:\/\/(www\.)?[-a-zA-Z0-9@:%._+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_+.~#?&//=]*)$/;
 
 export const JWT_REGEX = /^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$/;
 
-export const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+export const UUID_REGEX =
+  /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
 
-export const WALLET_ADDRESS_REGEX = /^0x[a-fA-F0-9]{40}$/;
+export const WALLET_ADDRESS_REGEX = /^0x[a-fA-F0-9]{40}$/;

package/src/common/types/auth.types.ts

@@ -1,7 +1,7 @@
 /**
  * @fileoverview Core authentication types and interfaces for @plyaz/auth
  * @module @plyaz/auth/types
- * 
+ *
  * @description
  * Defines all TypeScript interfaces, enums, and types for the authentication system.
  * Includes B2C (public) and B2B (backoffice) user types, sessions, RBAC, and provider adapters.
@@ -18,11 +18,11 @@
  */
 export enum USER_ROLE_STATUS {
   /** Role is active and grants permissions */
-  ACTIVE = 'ACTIVE',
+  ACTIVE = "ACTIVE",
   /** Role is inactive (temporarily disabled) */
-  INACTIVE = 'INACTIVE',
+  INACTIVE = "INACTIVE",
   /** Role is suspended (user violation) */
-  SUSPENDED = 'SUSPENDED'
+  SUSPENDED = "SUSPENDED",
 }
 
 /**
@@ -31,17 +31,17 @@ export enum USER_ROLE_STATUS {
  */
 export enum AUTHPROVIDER {
   /** Email/password authentication */
-  EMAIL = 'EMAIL',
+  EMAIL = "EMAIL",
   /** Clerk authentication */
-  CLERK = 'CLERK',
+  CLERK = "CLERK",
   /** Google OAuth */
-  GOOGLE = 'GOOGLE',
+  GOOGLE = "GOOGLE",
   /** Facebook OAuth */
-  FACEBOOK = 'FACEBOOK',
+  FACEBOOK = "FACEBOOK",
   /** Apple Sign In */
-  APPLE = 'APPLE',
+  APPLE = "APPLE",
   /** Web3 wallet authentication */
-  WEB3 = 'WEB3'
+  WEB3 = "WEB3",
 }
 
 /**
@@ -50,9 +50,9 @@ export enum AUTHPROVIDER {
  */
 export enum TOKENTYPE {
   /** Bearer token */
-  BEARER = 'Bearer',
+  BEARER = "Bearer",
   /** JSON Web Token */
-  JWT = 'JWT'
+  JWT = "JWT",
 }
 
 // ============================================
@@ -62,7 +62,7 @@ export enum TOKENTYPE {
 /**
  * B2C User (public schema)
  * Represents platform users: fans, athletes, clubs, scouts, agents
- * 
+ *
  * @interface User
  * @property {string} id - Unique user identifier (UUID)
  * @property {string} email - User email address (unique)
@@ -102,7 +102,7 @@ export interface User {
 /**
  * B2B User (backoffice schema)
  * Represents internal staff: admins, moderators, support, finance, compliance
- * 
+ *
  * @interface BackofficeUser
  * @property {string} id - Unique user identifier (UUID)
  * @property {string} email - User email address (unique)
@@ -151,7 +151,7 @@ export interface BackofficeUser {
 /**
  * B2C Session (public schema)
  * Tracks authenticated user sessions with device and activity info
- * 
+ *
  * @interface Session
  */
 export interface Session {
@@ -170,7 +170,7 @@ export interface Session {
 /**
  * B2B Session (backoffice schema)
  * Tracks authenticated backoffice user sessions
- * 
+ *
  * @interface BackofficeSession
  */
 export interface BackofficeSession {
@@ -194,7 +194,7 @@ export interface BackofficeSession {
  * Connected Account (provider linking)
  * Links external OAuth/Web3 provider accounts to users
  * Supports OAuth providers (Clerk, Google, etc.) and Web3 wallets
- * 
+ *
  * @interface ConnectedAccount
  */
 export interface ConnectedAccount {
@@ -233,7 +233,7 @@ export interface ConnectedAccount {
 
 /**
  * Authentication tokens returned after successful login
- * 
+ *
  * @interface AuthTokens
  */
 export interface AuthTokens {
@@ -248,7 +248,7 @@ export interface AuthTokens {
 /**
  * B2C Role (public schema)
  * Defines user roles: FAN, ATHLETE, SCOUT, AGENT, CLUB, DEVELOPER, ADMIN
- * 
+ *
  * @interface Role
  */
 export interface Role {
@@ -270,7 +270,7 @@ export interface Role {
 /**
  * B2B Role (backoffice schema)
  * Defines staff roles: SUPER_ADMIN, ADMIN, MODERATOR, FINANCE, COMPLIANCE, SUPPORT
- * 
+ *
  * @interface BackofficeRole
  */
 export interface BackofficeRole {
@@ -295,7 +295,7 @@ export interface BackofficeRole {
 /**
  * Permission (backoffice only)
  * Fine-grained permissions for backoffice users
- * 
+ *
  * @interface Permission
  */
 export interface Permission {
@@ -315,7 +315,7 @@ export interface Permission {
 /**
  * Role-Permission mapping (backoffice only)
  * Links permissions to roles
- * 
+ *
  * @interface RolePermission
  */
 export interface RolePermission {
@@ -330,7 +330,7 @@ export interface RolePermission {
 /**
  * User-Permission mapping (backoffice only)
  * Grants/revokes specific permissions to users
- * 
+ *
  * @interface UserPermission
  */
 export interface UserPermission {
@@ -347,7 +347,7 @@ export interface UserPermission {
 /**
  * B2C User-Role assignment
  * Links users to roles with status tracking
- * 
+ *
  * @interface UserRole
  */
 export interface UserRole {
@@ -367,7 +367,7 @@ export interface UserRole {
 /**
  * B2B User-Role assignment
  * Links backoffice users to roles
- * 
+ *
  * @interface BackofficeUserRole
  */
 export interface BackofficeUserRole {
@@ -391,7 +391,7 @@ export interface BackofficeUserRole {
 /**
  * Authentication provider adapter interface
  * Defines contract for provider-agnostic authentication
- * 
+ *
  * @interface AuthProviderAdapter
  * @example
  * ```typescript
@@ -404,20 +404,20 @@ export interface BackofficeUserRole {
  */
 export interface AuthProviderAdapter {
   name: string;
-  
+
   verifyToken(token: string): Promise<VerifiedToken>;
-  
+
   getUserInfo(token: string): Promise<ProviderUserInfo>;
-  
+
   refreshToken?(refreshToken: string): Promise<AuthTokens>;
-  
+
   revokeToken?(token: string): Promise<void>;
 }
 
 /**
  * Verified token result
  * Returned after successful token verification
- * 
+ *
  * @interface VerifiedToken
  */
 export interface VerifiedToken {
@@ -432,7 +432,7 @@ export interface VerifiedToken {
 /**
  * Provider user information
  * User profile data from external provider
- * 
+ *
  * @interface ProviderUserInfo
  */
 export interface ProviderUserInfo {
@@ -453,13 +453,16 @@ export interface ProviderUserInfo {
 /**
  * User repository interface
  * Defines data access methods for user management
- * 
+ *
  * @interface UserRepository
  */
 export interface UserRepository {
   findById(id: string): Promise<User | null>;
   findByEmail(email: string): Promise<User | null>;
-  findByProviderAccount(provider: string, providerAccountId: string): Promise<User | null>;
+  findByProviderAccount(
+    provider: string,
+    providerAccountId: string,
+  ): Promise<User | null>;
   findByCredentials(email: string, passwordHash: string): Promise<User | null>;
   create(data: CreateUserData): Promise<User>;
   update(id: string, data: UpdateUserData): Promise<User>;
@@ -469,7 +472,7 @@ export interface UserRepository {
 /**
  * Session repository interface
  * Defines data access methods for session management
- * 
+ *
  * @interface SessionRepository
  */
 export interface SessionRepository {
@@ -485,15 +488,21 @@ export interface SessionRepository {
 /**
  * Connected account repository interface
  * Defines data access methods for provider account linking
- * 
+ *
  * @interface ConnectedAccountRepository
  */
 export interface ConnectedAccountRepository {
   create(data: CreateConnectedAccountData): Promise<ConnectedAccount>;
   findById(id: string): Promise<ConnectedAccount | null>;
   findByUserId(userId: string): Promise<ConnectedAccount[]>;
-  findByProvider(provider: string, providerAccountId: string): Promise<ConnectedAccount | null>;
-  update(id: string, data: UpdateConnectedAccountData): Promise<ConnectedAccount>;
+  findByProvider(
+    provider: string,
+    providerAccountId: string,
+  ): Promise<ConnectedAccount | null>;
+  update(
+    id: string,
+    data: UpdateConnectedAccountData,
+  ): Promise<ConnectedAccount>;
   delete(id: string): Promise<void>;
 }
 

package/src/common/types/index.ts

@@ -28,12 +28,18 @@ export type DeepPartial<T> = {
 /**
  * User account status enumeration
  */
-export type UserStatus = 'active' | 'inactive' | 'suspended' | 'pending';
+export type UserStatus = "active" | "inactive" | "suspended" | "pending";
 
 /**
  * Available permission actions for RBAC
  */
-export type PermissionAction = 'create' | 'read' | 'update' | 'delete' | 'manage' | '*';
+export type PermissionAction =
+  | "create"
+  | "read"
+  | "update"
+  | "delete"
+  | "manage"
+  | "*";
 
 /**
  * Resource type identifier (e.g., 'users', 'posts', 'campaigns')
@@ -76,7 +82,7 @@ export interface AuthEvent {
  * Generic callback function for authentication events
  * @template T - The data type passed to the callback
  */
-export type AuthCallback<T > = (data: T) => void | Promise<void>;
+export type AuthCallback<T> = (data: T) => void | Promise<void>;
 
 /**
  * Error callback function type
@@ -155,7 +161,7 @@ export interface SortParams {
   /** Field to sort by */
   field: string;
   /** Sort order */
-  order: 'asc' | 'desc';
+  order: "asc" | "desc";
 }
 
 /**
@@ -222,7 +228,7 @@ export interface ValidationRule {
   /** Whether the field is required */
   required?: boolean;
   /** Expected data type */
-  type?: 'string' | 'number' | 'boolean' | 'email' | 'url';
+  type?: "string" | "number" | "boolean" | "email" | "url";
   /** Minimum length for strings */
   minLength?: number;
   /** Maximum length for strings */
@@ -294,4 +300,4 @@ export interface PerformanceMetrics {
   cpu: number;
   /** Measurement timestamp */
   timestamp: Date;
-}
+}

package/src/common/utils/index.ts

@@ -15,8 +15,9 @@ import { NUMERIX } from "@plyaz/config";
  * ```
  */
 export function generateRandomString(length: number = 32): string {
-  const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
-  let result = '';
+  const chars =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+  let result = "";
   for (let i = 0; i < length; i++) {
     result += chars.charAt(Math.floor(Math.random() * chars.length));
   }
@@ -45,7 +46,7 @@ export function generateSecureId(): string {
  * ```
  */
 export function sleep(ms: number): Promise<void> {
-  return new Promise(resolve => globalThis.setTimeout(resolve, ms));
+  return new Promise((resolve) => globalThis.setTimeout(resolve, ms));
 }
 
 /**
@@ -61,24 +62,27 @@ export function sleep(ms: number): Promise<void> {
  */
 export function maskSensitiveData(
   data: unknown,
-  sensitiveFields: string[] = ['password', 'token', 'secret']
+  sensitiveFields: string[] = ["password", "token", "secret"],
 ): unknown {
-  if (typeof data !== 'object' || data === null) {
+  if (typeof data !== "object" || data === null) {
     return data;
   }
 
   // Type assertion to allow indexing by string
-  const masked: Record<string, string> = { ...(data as Record<string, string>) };
-  const four  = 4;
+  const masked: Record<string, string> = {
+    ...(data as Record<string, string>),
+  };
+  const four = 4;
   for (const field of sensitiveFields) {
     if (field in masked) {
       const value = masked[field];
-      if (typeof value === 'string' && value.length > 0) {
-        masked[field] = value.substring(0, four) + '*'.repeat(Math.max(0, value.length - four));
+      if (typeof value === "string" && value.length > 0) {
+        masked[field] =
+          value.substring(0, four) +
+          "*".repeat(Math.max(0, value.length - four));
       }
     }
   }
-  
+
   return masked;
 }
-