@plyaz/auth 1.0.0

package/src/db/repositories/session.repository.ts

@@ -0,0 +1,308 @@
+import type {
+  CreateSessionData,
+  Session,
+  SessionRepository as ISessionRepository,
+} from "@plyaz/types";
+import { createClient } from "@supabase/supabase-js";
+
+/**
+ * Repository for managing user sessions
+ *
+ * @description
+ * Handles session lifecycle for both B2C (public) and B2B (backoffice) users.
+ * Tracks session expiration, activity, and device information.
+ * Schema-aware repository that works with public.sessions or backoffice.sessions.
+ *
+ * @example
+ * ```typescript
+ * const repo = new SessionRepository(url, key, 'public');
+ * const session = await repo.create({
+ *   userId: 'uuid',
+ *   provider: 'clerk',
+ *   expiresAt: new Date(Date.now() + 24 * 60 * 60 * 1000)
+ * });
+ * ```
+ */
+export class SessionRepository implements ISessionRepository {
+  private supabase;
+
+  /**
+   * STEP 1: Initialize repository with Supabase client
+   * @param supabaseUrl - Supabase project URL
+   * @param supabaseKey - Supabase service role key
+   * @param schema - Database schema ('public' for B2C, 'backoffice' for B2B)
+   */
+  constructor(
+    supabaseUrl: string,
+    supabaseKey: string,
+    private schema: "public" | "backoffice" = "public"
+  ) {
+    this.supabase = createClient(supabaseUrl, supabaseKey);
+  }
+
+  /**
+   * STEP 2: Create new session
+   * Automatically sets last_activity_at to current time
+   *
+   * @param data - Session creation data
+   * @returns Promise resolving to created Session
+   * @throws Error if creation fails
+   */
+  async create(data: CreateSessionData): Promise<Session> {
+    const insertData = this.transformToDbFormat(data);
+
+    const { data: sessionData, error } = await this.supabase
+      .from("sessions")
+      .insert(insertData)
+      .select()
+      .single();
+
+    if (error || !sessionData)
+      throw new Error(`Failed to create session: ${error?.message}`);
+    return this.mapToSession(sessionData);
+  }
+
+  /**
+   * STEP 3: Find session by ID
+   *
+   * @param id - Session UUID
+   * @returns Promise resolving to Session or null if not found
+   */
+  async findById(id: string): Promise<Session | null> {
+    const { data, error } = await this.supabase
+      .from("sessions")
+      .select("*")
+      .eq("id", id)
+      .single();
+
+    if (error || !data) return null;
+    return this.mapToSession(data);
+  }
+
+  /**
+   * STEP 4: Find all sessions for a user
+   * Returns sessions ordered by creation date (newest first)
+   *
+   * @param userId - User UUID
+   * @returns Promise resolving to array of Session
+   */
+  async findByUserId(userId: string): Promise<Session[]> {
+
+      this.schema === "backoffice" ? "backoffice_user_id" : "user_id";
+    const { data, error } = await this.supabase
+      .from("sessions")
+      .select("*")
+      .eq("user_id", userId)
+      .order("created_at", { ascending: false });
+
+    if (error || !data) return [];
+    return data.map(this.mapToSession);
+  }
+
+  /**
+   * STEP 5: Validate session
+   * Checks if session exists and hasn't expired
+   * Updates last_activity_at if valid
+   *
+   * @param sessionId - Session UUID
+   * @returns Promise resolving to Session or null if invalid/expired
+   */
+  async validate(sessionId: string): Promise<Session | null> {
+    const { data, error } = await this.supabase
+      .from("sessions")
+      .select("*")
+      .eq("id", sessionId)
+      .gt("expires_at", new Date().toISOString())
+      .single();
+
+    if (error || !data) return null;
+
+    await this.updateActivity(sessionId);
+    return this.mapToSession(data);
+  }
+
+  /**
+   * STEP 6: Invalidate single session (logout)
+   *
+   * @param sessionId - Session UUID
+   * @throws Error if invalidation fails
+   */
+  async invalidate(sessionId: string): Promise<void> {
+    const { error } = await this.supabase
+      .from("sessions")
+      .delete()
+      .eq("id", sessionId);
+
+    if (error)
+      throw new Error(`Failed to invalidate session: ${error.message}`);
+  }
+
+  /**
+   * STEP 7: Invalidate all sessions for a user (logout all devices)
+   *
+   * @param userId - User UUID
+   * @throws Error if invalidation fails
+   */
+  async invalidateAllForUser(userId: string): Promise<void> {
+    
+      this.schema === "backoffice" ? "backoffice_user_id" : "user_id";
+    const { error } = await this.supabase
+      .from("sessions")
+      .delete()
+      .eq("user_id", userId);
+
+    if (error)
+      throw new Error(`Failed to invalidate user sessions: ${error.message}`);
+  }
+
+  /**
+   * STEP 8: Update session activity timestamp
+   * Called on each authenticated request to track user activity
+   *
+   * @param sessionId - Session UUID
+   */
+  async updateActivity(sessionId: string): Promise<void> {
+    await this.supabase
+      .from("sessions")
+      .update({ last_active_at: new Date() })
+      .eq("id", sessionId);
+  }
+
+  /**
+   * Update last active timestamp
+   */
+  async updateLastActive(sessionId: string): Promise<void> {
+    await this.updateActivity(sessionId);
+  }
+
+  /**
+   * Delete session by ID
+   */
+  async delete(sessionId: string): Promise<void> {
+    await this.invalidate(sessionId);
+  }
+
+  /**
+   * Delete all sessions for user
+   */
+  async deleteByUserId(userId: string): Promise<void> {
+    await this.invalidateAllForUser(userId);
+  }
+
+  /**
+   * Find active sessions by user
+   * Query WHERE user_id AND expires_at > NOW()
+   * @param userId - User identifier
+   * @returns Array of active sessions
+   */
+  async findActiveByUser(userId: string): Promise<Session[]> {
+
+      this.schema === "backoffice" ? "backoffice_user_id" : "user_id";
+    const { data, error } = await this.supabase
+      .from("sessions")
+      .select("*")
+      .eq("user_id", userId)
+      .gt("expires_at", new Date().toISOString())
+      .order("created_at", { ascending: false });
+
+    if (error || !data) return [];
+    return data.map(this.mapToSession);
+  }
+
+  /**
+   * Invalidate session (set is_valid = false)
+   * UPDATE is_valid = false and emit session.invalidated event
+   * @param sessionId - Session identifier
+   * @returns Invalidation result
+   */
+  async invalidateSession(sessionId: string): Promise<void> {
+    // For this implementation, we'll delete the session
+    // In a real implementation with is_valid column, this would update the flag
+    await this.invalidate(sessionId);
+
+    // Emit session invalidated event
+    this.emitSessionInvalidatedEvent(sessionId);
+  }
+
+  /**
+   * Invalidate all user sessions with count
+   * UPDATE all user sessions is_valid = false for "logout all devices" feature
+   * @param userId - User identifier
+   * @returns Object with invalidated count
+   */
+  async invalidateAllUserSessions(
+    userId: string
+  ): Promise<{ invalidatedCount: number }> {
+    const userSessions = await this.findByUserId(userId);
+    const invalidatedCount = userSessions.length;
+
+    await this.invalidateAllForUser(userId);
+
+    return { invalidatedCount };
+  }
+
+  /**
+   * Clean up expired sessions
+   * DELETE WHERE expires_at < NOW() - Background job: Daily at 03:00 UTC
+   * @returns Object with deleted count
+   */
+  async cleanupExpired(): Promise<{ deletedCount: number }> {
+    const { data, error } = await this.supabase
+      .from("sessions")
+      .delete()
+      .lt("expires_at", new Date().toISOString())
+      .select("id");
+
+    if (error) {
+      throw new Error(`Failed to cleanup expired sessions: ${error.message}`);
+    }
+
+    return { deletedCount: data?.length || 0 };
+  }
+
+  /**
+   * Emit session invalidated event
+   * @param sessionId - Session identifier
+   * @private
+   */
+  private emitSessionInvalidatedEvent(sessionId: string): void {
+    // Mock event emission - in real implementation would use event system
+   globalThis.console.log("Event: auth.session.invalidated", {
+      sessionId,
+      timestamp: new Date(),
+    });
+  }
+
+  /**
+   * Transform camelCase DTO to snake_case database format
+   * @private
+   */
+  private transformToDbFormat(data: CreateSessionData): Record<string, Record<string, unknown> | string | Date > {
+    return {
+      user_id: data.userId,
+      token_hash: "temp-token-hash", // Required field
+      device_info: data.metadata ?? {},
+      expires_at: data.expiresAt,
+      last_active_at: new Date(),
+    };
+  }
+
+  /**
+   * Map database row to Session interface
+   * @private
+   */
+  private mapToSession(data: Session): Session {
+    return {
+      id: data.id,
+      userId: data.userId,
+      provider: "test", // Default since not in schema
+      providerSessionId: undefined,
+      expiresAt: new Date(data.expiresAt),
+      createdAt: new Date(data.createdAt),
+      lastActivityAt: new Date(data.lastActivityAt),
+      ipAddress: undefined,
+      userAgent: undefined,
+      metadata: data.metadata,
+    };
+  }
+}

package/src/db/repositories/user.repository.ts

@@ -0,0 +1,320 @@
+import { createClient } from '@supabase/supabase-js';
+import type { User, UserRepository as IUserRepository, CreateUserData, UpdateUserData } from '@/common/types/auth.types';
+import type { AUTHPROVIDER, AuthUser } from '@plyaz/types';
+/**
+* Repository for managing user accounts
+*
+* @description
+* Handles CRUD operations for both B2C (public) and B2B (backoffice) users.
+* Schema-aware repository that works with public.users or backoffice.users.
+*
+* @example
+* ```typescript
+* // B2C users
+* const publicRepo = new UserRepository(url, key, 'public');
+* const user = await publicRepo.findByEmail('user@example.com');
+*
+* // B2B users
+* const backofficeRepo = new UserRepository(url, key, 'backoffice');
+* const admin = await backofficeRepo.findById('uuid');
+* ```
+*/
+export class UserRepository implements IUserRepository {
+  private supabase;
+  /**
+   * STEP 1: Initialize repository with Supabase client
+   * @param supabaseUrl - Supabase project URL
+   * @param supabaseKey - Supabase service role key
+   * @param schema - Database schema ('public' for B2C, 'backoffice' for B2B)
+   */
+  constructor(supabaseUrl: string, supabaseKey: string, private schema: 'public' | 'backoffice' = 'public') {
+    this.supabase = createClient(supabaseUrl, supabaseKey);
+  }
+  /**
+   * STEP 2: Find user by ID
+   *
+   * @param id - User UUID
+   * @returns Promise resolving to User or null if not found
+   */
+  async findById(id: string): Promise<User | null> {
+    const { data, error } = await this.supabase
+      .from('users')
+      .select('*')
+      .eq('id', id)
+      .single();
+    if (error || !data) return null;
+    return this.mapToUser(data);
+  }
+  /**
+   * STEP 3: Find user by email
+   *
+   * @param email - User email address
+   * @returns Promise resolving to User or null if not found
+   */
+  async findByEmail(email: string): Promise<User | null> {
+    const { data, error } = await this.supabase
+      .from('users')
+      .select('*')
+      .eq('email', email)
+      .single();
+    if (error || !data) return null;
+    return this.mapToUser(data);
+  }
+  /**
+   * STEP 4: Find user by provider account
+   * Looks up user via connected_accounts table
+   *
+   * @param provider - Provider name (e.g., 'clerk', 'google')
+   * @param providerAccountId - Provider's user ID
+   * @returns Promise resolving to User or null if not found
+   */
+  async findByProviderAccount(provider: string, providerAccountId: string): Promise<User | null> {
+    const { data: accountData, error: accountError } = await this.supabase
+      .from('connected_accounts')
+      .select('user_id')
+      .eq('provider', provider)
+      .eq('provider_account_id', providerAccountId)
+      .single();
+    if (accountError || !accountData) return null;
+    return this.findById(accountData.user_id);
+  }
+  /**
+   * STEP 5: Create new user
+   *
+   * @param data - User creation data
+   * @returns Promise resolving to created User
+   * @throws Error if creation fails
+   */
+  async create(data: CreateUserData): Promise<User> {
+    const insertData = this.transformToDbFormat(data);
+    const { data: userData, error } = await this.supabase
+      .from('users')
+      .insert(insertData)
+      .select()
+      .single();
+    if (error || !userData) throw new Error(`Failed to create user: ${error?.message}`);
+    return this.mapToUser(userData);
+  }
+  /**
+   * STEP 6: Update user
+   * Only updates provided fields, sets updated_at automatically
+   *
+   * @param id - User UUID
+   * @param data - Partial update data
+   * @returns Promise resolving to updated User
+   * @throws Error if update fails
+   */
+  async update(id: string, data: UpdateUserData): Promise<User> {
+    const updateData = this.buildUpdateData(data);
+    const { data: userData, error } = await this.supabase
+      .from('users')
+      .update(updateData)
+      .eq('id', id)
+      .select()
+      .single();
+    if (error || !userData) throw new Error(`Failed to update user: ${error?.message}`);
+    return this.mapToUser(userData);
+  }
+  /**
+   * STEP 7: Delete user
+   * Cascades to related records (sessions, roles, etc.)
+   *
+   * @param id - User UUID
+   * @throws Error if deletion fails
+   */
+  async delete(id: string): Promise<void> {
+    const { error } = await this.supabase
+      .from('users')
+      .delete()
+      .eq('id', id);
+    if (error) throw new Error(`Failed to delete user: ${error.message}`);
+  }
+  /**
+   * Find user by email and password for backoffice authentication
+   */
+  async findByCredentials(email: string, passwordHash: string): Promise<User | null> {
+    const { data, error } = await this.supabase
+      .from('users')
+      .select('*')
+      .eq('email', email)
+      .eq('password_hash', passwordHash)
+      .single();
+    if (error || !data) return null;
+    return this.mapToUser(data);
+  }
+  /**
+   * Assign role to user
+   */
+  async assignRole(userId: string, role: string, assignedBy?: string): Promise<void> {
+    const { error } = await this.supabase
+      .from('user_roles')
+      .insert({
+        user_id: userId,
+        role: role,
+        assigned_by: assignedBy,
+        status: 'ACTIVE'
+      });
+    if (error) throw new Error(`Failed to assign role: ${error.message}`);
+  }
+  /**
+   * Remove role from user
+   */
+  async removeRole(userId: string, role: string): Promise<void> {
+    const { error } = await this.supabase
+      .from('user_roles')
+      .delete()
+      .eq('user_id', userId)
+      .eq('role', role);
+    if (error) throw new Error(`Failed to remove role: ${error.message}`);
+  }
+  /**
+   * Get user roles
+   */
+  async getUserRoles(userId: string): Promise<string[]> {
+    const { data, error } = await this.supabase
+      .from('user_roles')
+      .select('role')
+      .eq('user_id', userId)
+      .eq('status', 'ACTIVE');
+    if (error || !data) return [];
+    return data.map((row: { role: string; }) => row.role);
+  }
+  /**
+   * Check permission for roles
+   */
+  async checkPermission(roles: string[], permission: string): Promise<boolean> {
+    // Implementation would check roles table for permissions
+    // For now, return basic role hierarchy
+    return roles.includes('ADMIN') || roles.includes(permission);
+  }
+  /**
+   * Update last login timestamp
+   */
+  async updateLastLogin(userId: string): Promise<void> {
+    const { error } = await this.supabase
+      .from('users')
+      .update({ last_login_at: new Date() })
+      .eq('id', userId);
+    if (error) throw new Error(`Failed to update last login: ${error.message}`);
+  }
+  /**
+   * Find user by Clerk ID
+   * Query users WHERE clerk_user_id = clerkId
+   * @param clerkId - Clerk user identifier
+   * @returns User or null if not found
+   */
+  async findByClerkId(clerkId: string): Promise<User | null> {
+    const { data, error } = await this.supabase
+      .from('users')
+      .select('*')
+      .eq('clerk_user_id', clerkId)
+      .single();
+    if (error || !data) return null;
+    return this.mapToUser(data);
+  }
+  /**
+   * Find user by wallet address
+   * Query via connected_accounts WHERE provider = 'web3'
+   * @param address - Wallet address
+   * @returns User or null if not found
+   */
+  async findByWalletAddress(address: string): Promise<User | null> {
+    const { data: accountData, error: accountError } = await this.supabase
+      .from('connected_accounts')
+      .select('user_id')
+      .eq('provider_type', 'WEB3')
+      .eq('wallet_address', address)
+      .eq('is_active', true)
+      .single();
+    if (accountError || !accountData) return null;
+    return this.findById(accountData.user_id);
+  }
+  /**
+   * Update onboarding status
+   * UPDATE onboarding_completed_at (if complete)
+   * @param userId - User identifier
+   * @param status - Onboarding status ('completed' | 'pending' | 'skipped')
+   * @returns Updated user
+   */
+  async updateOnboardingStatus(userId: string, status: string): Promise<User> {
+    const updateData: Partial<AuthUser> = {
+      updatedAt: new Date()
+    };
+    if (status === 'completed') {
+      updateData.updatedAt = new Date();
+    }
+    const { data: userData, error } = await this.supabase
+      .from('users')
+      .update(updateData)
+      .eq('id', userId)
+      .select()
+      .single();
+    if (error || !userData) throw new Error(`Failed to update onboarding status: ${error?.message}`);
+    return this.mapToUser(userData);
+  }
+  /**
+   * Transform camelCase DTO to snake_case database format
+   * @private
+   */
+  private transformToDbFormat(data: CreateUserData): Record<string, string | AUTHPROVIDER | undefined> {
+    return {
+      email: data.email,
+      clerk_user_id: data.clerkUserId,
+      auth_provider: data.authProvider ?? 'EMAIL',
+      first_name: data.firstName,
+      last_name: data.lastName,
+      display_name: data.displayName,
+      phone_number: data.phoneNumber,
+    };
+  }
+  /**
+   * Build update data with only defined fields
+   * @private
+   */
+  private buildUpdateData(data: UpdateUserData): Record<string, string> {
+    const result: Record<string, string> = { updated_at: new Date().toString() };
+    Object.entries(data).forEach(([key, value]) => {
+      if (value !== undefined) {
+        const dbKey = this.camelToSnake(key);
+        result[dbKey] = value;
+      }
+    });
+    return result;
+  }
+  /**
+   * Convert camelCase to snake_case
+   * @private
+   */
+  private camelToSnake(str: string): string {
+    return str.replace(/[A-Z]/g, letter => `_${letter.toLowerCase()}`);
+  }
+  /**
+   * Map database row to User interface
+   * @private
+   */
+  private mapToUser(data:User): User {
+    return {
+      id: data.id,
+      email: data.email,
+      clerkUserId: data.clerkUserId,
+      authProvider: data.authProvider,
+      firstName: data.firstName,
+      lastName: data.lastName,
+      displayName: data.displayName,
+      avatarUrl: undefined,
+      phoneNumber: data.phoneNumber,
+      isActive: data.isActive ?? true,
+      isVerified: data.isVerified ?? false,
+      createdAt: new Date(data.createdAt),
+      updatedAt: new Date(data.updatedAt),
+      lastLoginAt: data.lastLoginAt ? new Date(data.lastLoginAt) : undefined,
+    };
+  }
+}
+
+
+
+
+
+
+

package/src/flows/index.ts

@@ -0,0 +1,2 @@
+export * from './sign-in.flow';
+export * from "./sign-up.flow"