@plyaz/auth 1.0.0

package/src/flows/sign-in.flow.ts

@@ -0,0 +1,106 @@
+/**
+ * @fileoverview Sign-in authentication flow
+ * @module @plyaz/auth/flows/sign-in
+ */
+
+import { NUMERIX } from "@plyaz/config";
+import type { AuthTokens, AuthUser } from "@plyaz/types";
+
+export interface SignInCredentials {
+  email: string;
+  password: string;
+  rememberMe?: boolean;
+}
+
+export interface SignInResult {
+  user: AuthUser;
+  tokens: AuthTokens;
+  requiresMFA?: boolean;
+  mfaToken?: string;
+}
+
+/** User repository type based on usage */
+export interface UserRepositorySignin {
+  findByEmail(email: string): Promise<AuthUser | null>;
+  findById(userId: string): Promise<AuthUser | null>;
+}
+
+/** JWT manager type based on usage */
+export interface JWTManagerSignin {
+  generateTokens(userId: string): Promise<AuthTokens>;
+  verifyToken(token: string): Promise<{ userId: string }>;
+}
+
+/** Session manager type based on usage */
+export interface SessionManagerSignin {
+  createSession(session: { userId: string; expiresAt: Date; metadata?: Record<string, true> }): Promise<void>;
+}
+
+/** Password service type based on usage */
+export interface PasswordServiceSignin {
+  verify(password: string, passwordHash: string | undefined): Promise<boolean>;
+}
+
+export class SignInFlow {
+  constructor(
+    private userRepository: UserRepositorySignin,
+    private jwtManager: JWTManagerSignin,
+    private sessionManager: SessionManagerSignin,
+    private passwordService: PasswordServiceSignin
+  ) {}
+
+  async execute(credentials: SignInCredentials): Promise<SignInResult> {
+    const isValid = await this.validateCredentials(credentials.email, credentials.password);
+    if (!isValid) {
+      throw new Error('Invalid credentials');
+    }
+
+    const user = await this.userRepository.findByEmail(credentials.email);
+    if (!user) {
+      throw new Error('User not found');
+    }
+
+    const tokens = await this.jwtManager.generateTokens(user.id);
+    
+    if (credentials.rememberMe) {
+      const thirty = 30;
+      await this.sessionManager.createSession({
+        userId: user.id,
+        expiresAt: new Date(Date.now() + thirty * NUMERIX.TWENTY_FOUR * NUMERIX.SIXTY * NUMERIX.SIXTY * NUMERIX.THOUSAND), // 30 days
+        metadata: { rememberMe: true }
+      });
+    }
+
+    return { user, tokens };
+  }
+
+  async validateCredentials(email: string, password: string): Promise<boolean> {
+    const user = await this.userRepository.findByEmail(email);
+    if (!user) return false;
+    
+    return await this.passwordService.verify(password, user.passwordHash);
+  }
+
+  async handleMFA(mfaToken: string, code: string): Promise<SignInResult> {
+    const payload = await this.jwtManager.verifyToken(mfaToken);
+    const user = await this.userRepository.findById(payload.userId);
+    
+    if (!user) {
+      throw new Error('User not found');
+    }
+
+    const isValidCode = await this.verifyMFACode(user.id, code);
+    if (!isValidCode) {
+      throw new Error('Invalid MFA code');
+    }
+
+    const tokens = await this.jwtManager.generateTokens(user.id);
+    return { user, tokens };
+  }
+
+  private async verifyMFACode(userId: string, code: string): Promise<boolean> { 
+    globalThis.console.log(userId,code)
+
+    return true; // Placeholder
+  }
+}

package/src/flows/sign-up.flow.ts

@@ -0,0 +1,121 @@
+/**
+ * @fileoverview Sign-up authentication flow
+ * @module @plyaz/auth/flows/sign-up
+ */
+
+import type { AuthTokens, AuthUser } from '@plyaz/types';
+
+export interface SignUpData {
+  email: string;
+  password: string;
+  firstName?: string;
+  lastName?: string;
+  metadata?: Record<string, string>;
+}
+
+export interface SignUpResult {
+  user: AuthUser;
+  tokens: AuthTokens;
+  requiresVerification?: boolean;
+}
+
+/** User repository type based on usage */
+export interface UserRepositorySignUp {
+  findByEmail(email: string): Promise<AuthUser | null>;
+  create(data: {
+    email: string;
+    passwordHash: string;
+    firstName?: string;
+    lastName?: string;
+    metadata?: Record<string, string  >;
+    emailVerified: boolean;
+  }): Promise<AuthUser>;
+  findById(userId: string): Promise<AuthUser>;
+  updateEmailVerification(userId: string, verified: boolean): Promise<AuthUser | null>;
+}
+
+/** JWT manager type based on usage */
+export interface JWTManagerSignUp {
+  generateTokens(userId: string): Promise<AuthTokens>;
+  generateVerificationToken(userId: string): Promise<string>;
+  verifyToken(token: string): Promise<{ userId: string }>;
+}
+
+/** Password service type based on usage */
+export interface PasswordServiceSignUp {
+  hash(password: string): Promise<string>;
+}
+
+/** Email service type based on usage */
+export interface EmailService {
+  sendVerificationEmail(args: { to: string; token: string; userId: string }): Promise<void>;
+}
+
+export class SignUpFlow {
+  constructor(
+    private userRepository: UserRepositorySignUp,
+    private jwtManager: JWTManagerSignUp,
+    private passwordService: PasswordServiceSignUp,
+    private emailService: EmailService
+  ) {}
+
+  async execute(data: SignUpData): Promise<SignUpResult> {
+    const emailExists = await this.userRepository.findByEmail(data.email);
+    if (emailExists) {
+      throw new Error('Email already exists');
+    }
+
+    const isValidEmail = await this.validateEmail(data.email);
+    if (!isValidEmail) {
+      throw new Error('Invalid email format');
+    }
+
+    const passwordHash = await this.passwordService.hash(data.password);
+    
+    const user = await this.userRepository.create({
+      email: data.email,
+      passwordHash,
+      firstName: data.firstName,
+      lastName: data.lastName,
+      metadata: data.metadata,
+      emailVerified: false
+    });
+
+    const tokens = await this.jwtManager.generateTokens(user.id);
+    
+    await this.sendVerificationEmail(user.id);
+
+    return { 
+      user, 
+      tokens, 
+      requiresVerification: true 
+    };
+  }
+
+  async validateEmail(email: string): Promise<boolean> {
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    return emailRegex.test(email);
+  }
+
+  async sendVerificationEmail(userId: string): Promise<void> {
+    const verificationToken = await this.jwtManager.generateVerificationToken(userId);
+    const user = await this.userRepository.findById(userId);
+    
+    await this.emailService.sendVerificationEmail({
+      to: user.email,
+      token: verificationToken,
+      userId
+    });
+  }
+
+  async verifyEmail(token: string): Promise<AuthUser> {
+    const payload = await this.jwtManager.verifyToken(token);
+    const user = await this.userRepository.updateEmailVerification(payload.userId, true);
+    
+    if (!user) {
+      throw new Error('User not found');
+    }
+
+    return user;
+  }
+}

package/src/index.ts

@@ -0,0 +1,54 @@
+// Common (Enums, Interfaces, Types, Constants, Errors, Regex)
+export * from './common';
+
+
+
+// Core Authentication
+export * from './core';
+export * from './rbac';
+export * from './security';
+export * from './audit/audit.logger';
+
+// Session Management
+export * from './session';
+
+
+
+// Adapters
+export * from './adapters';
+
+// Strategies
+export * from './strategies/traditional-auth.strategy';
+export * from './strategies/oauth.strategy';
+
+
+
+// Providers
+export * from './providers';
+
+// Flows
+export * from './flows';
+
+// Backend (NestJS)
+export * from './server/services';
+export * from './server/guards/auth.guard';
+export * from './server/guards/roles.guard';
+export * from './server/guards/permissions.guard';
+export { Auth, Public } from './server/decorators/auth.decorator';
+export { Roles, Permissions, CurrentSession } from './server/decorators/auth.decorators';
+export { CurrentUser } from './server/decorators/current-user.decorator';
+export { Permission as PermissionDecorator, Permissions as PermissionsDecorator, AnyPermission } from './server/decorators/permission.decorator';
+export * from './server/middleware';
+
+
+
+// Frontend (React)
+export { AuthProvider } from './client/providers/AuthProvider';
+export { useAuth } from './client/hooks/useAuth';
+export { useSession } from './client/hooks/useSession';
+export { useRBAC } from './client/hooks/useRBAC';
+export { useConnectedAccounts } from './client/hooks/useConnectedAccounts';
+export { usePermissions } from './client/hooks/usePermissions';
+export { useAuthStore } from './client/store/auth.store';
+export { ProtectedRoute } from './client/components/ProtectedRoute';
+

package/src/libs/clerk.helper.ts

@@ -0,0 +1,36 @@
+import "dotenv/config";
+import { createClerkClient } from "@clerk/backend";
+import { BaseError, DatabasePackageError } from "@plyaz/errors";
+
+//  Validate env early (VERY important)
+if (!globalThis.process.env.CLERK_SECRET_KEY) {
+  throw new BaseError('CLIENT_MISSING_BASE_URL');
+}
+
+//  Create Clerk client
+const clerkClient = createClerkClient({
+  secretKey: globalThis.process.env.CLERK_SECRET_KEY,
+});
+
+globalThis.console.log("CLERK_SECRET_KEY loaded");
+
+//  Create OAuth Application
+export const createClerkUser
+ = async ():Promise<void> =>{
+  try {
+    globalThis.console.log("Creating OAuth application...");
+
+    const response = await clerkClient.users.createUser({
+      firstName: "Test",
+      lastName: "User",
+      emailAddress: ["testclerk123@gmail.com"],
+      password: "!Testing233sw@qsdfefaf123!",
+    });
+    globalThis.console.dir("Full Response:", response);
+  } catch (error: unknown) {
+  if (error instanceof Error) {
+    throw new DatabasePackageError(error.message);
+  }
+  throw new DatabasePackageError('An unknown error occurred');
+}
+};

package/src/libs/supabase.helper.ts

@@ -0,0 +1,255 @@
+import type { AUTHPROVIDER, AuthUser, ConnectedAccount, Session } from '@plyaz/types';
+
+
+import bcrypt from 'bcryptjs';
+import { randomBytes } from 'crypto';
+import { supabase } from './supabaseClient';
+import { NUMERIX } from '@plyaz/config';
+
+export interface DeviceInfo {
+  ip: string;
+  browser: string;
+  os: string;
+  userAgent: string;
+}
+
+/**
+ * Create a new user
+ */
+export async function createUser(
+  email: string,
+  authProvider: string,
+  data?: Partial<AuthUser>,
+  password?: string
+): Promise<AuthUser> {
+  const passwordHash = password ? await bcrypt.hash(password, NUMERIX.TEN) : undefined;
+
+  const { data: user, error } = await supabase
+    .from('users')
+    .insert({
+      email,
+      auth_provider: authProvider,
+      first_name: data?.firstName,
+      last_name: data?.lastName,
+      display_name: data?.displayName ?? email,
+      avatar_url: data?.avatarUrl,
+      phone_number: data?.phoneNumber,
+      is_active: true,
+      is_verified: authProvider !== 'email', // email signups need verification
+      roles: data?.roles ?? [],
+      password_hash: passwordHash,
+    })
+    .select('*')
+    .single();
+
+  if (error || !user) throw new Error(error?.message ?? 'Failed to create user');
+  return user;
+}
+
+/**
+ * Find user by email + provider
+ */
+export async function findUserByEmailProvider(
+  email: string,
+  provider: string
+): Promise<AuthUser | null> {
+  const { data, error } = await supabase
+    .from('users')
+    .select('*')
+    .eq('email', email)
+    .eq('auth_provider', provider)
+    .single();
+
+  if (error || !data) return null;
+  return data;
+}
+
+/**
+ * Update last login timestamp
+ */
+export async function updateLastLogin(userId: string):Promise<void>{
+  await supabase
+    .from('users')
+    .update({ last_login_at: new Date() })
+    .eq('id', userId);
+}
+
+/**
+ * Create a new session
+ */
+export async function createUserSession(
+  userId: string,
+  deviceInfo: DeviceInfo
+): Promise<Session & { accessToken: string }> {
+  const thirtyTwo = 32;
+  const accessToken = randomBytes(thirtyTwo).toString('hex');
+  const tokenHash = await bcrypt.hash(accessToken, NUMERIX.TEN);
+  const expiresAt = new Date(Date.now() + NUMERIX.THOUSAND * NUMERIX.SIXTY * NUMERIX.SIXTY * NUMERIX.TWENTY_FOUR); // 24h
+
+  const { data, error } = await supabase
+    .from('sessions')
+    .insert({
+      user_id: userId,
+      token_hash: tokenHash,
+      device_info: deviceInfo,
+      expires_at: expiresAt,
+      last_active_at: new Date(),
+    })
+    .select('*')
+    .single();
+
+  if (error || !data) throw new Error(error?.message ?? 'Failed to create session');
+
+  return {
+    id: data.id,
+    userId: data.user_id,
+    expiresAt: data.expires_at,
+    provider: data.provider,
+    createdAt: data.created_at,
+    lastActivityAt: data.last_active_at,
+    accessToken
+  };
+}
+
+/**
+ * Get a session by ID
+ */
+export async function getSession(sessionId: string): Promise<Session | null> {
+  const { data, error } = await supabase
+    .from('sessions')
+    .select('*')
+    .eq('id', sessionId)
+    .single();
+
+  if (error || !data) return null;
+
+  return {
+    id: data.id,
+    userId: data.user_id,
+    expiresAt: data.expires_at,
+    provider: data.provider,
+    createdAt: data.created_at,
+    lastActivityAt: data.last_active_at
+  };
+}
+
+/**
+ * Validate session (exists + not expired)
+ */
+export async function validateSessionDB(sessionId: string): Promise<boolean> {
+  const { data } = await supabase
+    .from('sessions')
+    .select('id')
+    .eq('id', sessionId)
+    .gte('expires_at', new Date())
+    .single();
+
+  return !!data;
+}
+
+/**
+ * Delete session
+ */
+export async function deleteSession(sessionId: string):Promise<void> {
+  await supabase.from('sessions').delete().eq('id', sessionId);
+}
+
+/**
+ * Refresh session
+ */
+export async function refreshSessionDB(sessionId: string): Promise<Session & { accessToken: string }> {
+  const thirtyTwo = 32;
+  const accessToken = randomBytes(thirtyTwo).toString('hex');
+  const tokenHash = await bcrypt.hash(accessToken, NUMERIX.TEN);
+  const expiresAt = new Date(Date.now() + NUMERIX.THOUSAND * NUMERIX.SIXTY * NUMERIX.SIXTY * NUMERIX.TWENTY_FOUR); // 24h
+
+  const { data, error } = await supabase
+    .from('sessions')
+    .update({
+      token_hash: tokenHash,
+      expires_at: expiresAt,
+      last_active_at: new Date(),
+    })
+    .eq('id', sessionId)
+    .select('*')
+    .single();
+
+  if (error || !data) throw new Error(error?.message ?? 'Failed to refresh session');
+
+  return {
+    id: data.id,
+    userId: data.user_id,
+    expiresAt: data.expires_at,
+    provider: data.provider,
+    createdAt: data.created_at,
+    lastActivityAt: data.last_active_at,
+    accessToken
+  };
+}
+
+
+export async function linkConnectedAccount(
+  userId: string,
+  provider:AUTHPROVIDER,
+  data: ConnectedAccount
+) :Promise<ConnectedAccount>{
+  const { data: account, error } = await supabase
+    .from('connected_accounts')
+    .insert({
+      user_id: userId,
+      provider_type: data.providerType,
+      provider: provider,
+      provider_account_id: data.providerAccountId,
+      provider_email: data.providerEmail,
+      provider_username: data.providerUsername,
+      provider_display_name: data.providerDisplayName,
+      provider_avatar_url: data.providerAvatarUrl,
+      provider_profile_url: data.providerProfileUrl,
+      provider_metadata: data.providerMetadata ?? {},
+      wallet_address: data.walletAddress,
+      chain_id: data.chainId,
+      access_token_encrypted: data.accessTokenEncrypted,
+      refresh_token_encrypted: data.refreshTokenEncrypted,
+      token_expires_at: data.tokenExpiresAt,
+      token_scope: data.tokenScope,
+      is_primary: data.isPrimary ?? false,
+      is_verified: data.isVerified ?? true,
+      is_active: data.isActive ?? true,
+      linked_ip_address: data.linkedIpAddress,
+      linked_user_agent: data.linkedUserAgent,
+    })
+    .select('*')
+    .single();
+
+  if (error) throw new Error(error.message);
+  return account;
+}
+
+/**
+ * Unlink a provider account from a user
+ */
+export async function unlinkConnectedAccount(
+  userId: string,
+  accountId: string
+):Promise<void>{
+  const { error } = await supabase
+    .from('connected_accounts')
+    .delete()
+    .eq('user_id', userId)
+    .eq('id', accountId);
+
+  if (error) throw new Error(error.message);
+}
+
+/**
+ * Get all linked accounts for a user
+ */
+export async function getLinkedAccounts(userId: string):Promise<ConnectedAccount[] >{
+  const { data, error } = await supabase
+    .from('connected_accounts')
+    .select('*')
+    .eq('user_id', userId);
+
+  if (error) throw new Error(error.message);
+  return data || [];
+}

package/src/libs/supabaseClient.ts

@@ -0,0 +1,6 @@
+import { createClient } from '@supabase/supabase-js';
+
+export const supabase = createClient(
+  globalThis.process.env.NEXT_PUBLIC_SUPABASE_URL!,
+  globalThis.process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
+);

package/src/providers/base/auth-provider.interface.ts

@@ -0,0 +1,42 @@
+/**
+ * @fileoverview Base authentication provider interface
+ * @module @plyaz/auth/providers/base/auth-provider
+ */
+
+import type { AuthTokens, AuthUser } from "@plyaz/types";
+
+
+
+export interface AuthProviderConfig {
+  clientId: string;
+  clientSecret: string;
+  redirectUri: string;
+  scopes?: string[];
+}
+
+export interface AuthProvider {
+  readonly name: string;
+  readonly type: 'oauth' | 'traditional' | 'web3';
+  
+  initialize(config: AuthProviderConfig): Promise<void>;
+  authenticate(credentials: {code:string}): Promise<{ user: AuthUser; tokens: AuthTokens }>;
+  refreshToken(refreshToken: string): Promise<AuthTokens>;
+  revokeToken(token: string): Promise<void>;
+  getUserProfile(accessToken: string): Promise<AuthUser>;
+}
+
+export abstract class BaseAuthProvider implements AuthProvider {
+  abstract readonly name: string;
+  abstract readonly type: 'oauth' | 'traditional' | 'web3';
+  
+  protected config?: AuthProviderConfig;
+  
+  async initialize(config: AuthProviderConfig): Promise<void> {
+    this.config = config;
+  }
+  
+  abstract authenticate(credentials: {code:string}): Promise<{ user: AuthUser; tokens: AuthTokens }>;
+  abstract refreshToken(refreshToken: string): Promise<AuthTokens>;
+  abstract revokeToken(token: string): Promise<void>;
+  abstract getUserProfile(accessToken: string): Promise<AuthUser>;
+}

package/src/providers/base/index.ts

@@ -0,0 +1 @@
+export * from "./auth-provider.interface"

package/src/providers/index.ts

@@ -0,0 +1,2 @@
+export * from "./base";
+export * from "./oauth"