@plyaz/auth 1.0.0

package/src/session/redis-store.ts

@@ -0,0 +1,443 @@
+/**
+ * @fileoverview Redis-based session store for @plyaz/auth
+ * @module @plyaz/auth/session/redis-store
+ * 
+ * @description
+ * Implements session storage using Redis. Provides persistent, scalable
+ * session management with automatic expiration and clustering support.
+ * Suitable for production applications requiring session persistence
+ * across server restarts and horizontal scaling.
+ * 
+ * @example
+ * ```typescript
+ * import { RedisStore } from '@plyaz/auth';
+ * 
+ * const store = new RedisStore({
+ *   host: 'localhost',
+ *   port: 6379,
+ *   keyPrefix: 'auth:session:'
+ * });
+ * 
+ * await store.set('session_123', sessionData, 3600);
+ * ```
+ */
+
+import { NUMERIX } from "@plyaz/config";
+import type { SessionData, SessionStore, SessionStoreConfig } from "@plyaz/types";
+
+
+/**
+ * Redis connection configuration
+ */
+export interface RedisConfig {
+  /** Redis host */
+  host: string;
+  /** Redis port */
+  port: number;
+  /** Redis password */
+  password?: string;
+  /** Redis database number */
+  db?: number;
+  /** Connection timeout in milliseconds */
+  connectTimeout?: number;
+  /** Command timeout in milliseconds */
+  commandTimeout?: number;
+  /** Enable TLS */
+  tls?: boolean;
+}
+
+/**
+ * Redis store configuration
+ */
+export interface RedisStoreConfig extends Partial<SessionStoreConfig> {
+  /** Redis connection configuration */
+  redis: RedisConfig;
+  /** Enable compression for large sessions */
+  compression?: boolean;
+  /** Serialization format */
+  serialization?: 'json' | 'msgpack';
+}
+
+/**
+ * Mock Redis client interface for development
+ * In production, this would be replaced with actual Redis client (ioredis, node-redis, etc.)
+ */
+interface MockRedisClient {
+  set(key: string, value: string, ex: number): Promise<string>;
+  get(key: string): Promise<string | null>;
+  del(key: string): Promise<number>;
+  keys(pattern: string): Promise<string[]>;
+  expire(key: string, seconds: number): Promise<number>;
+  exists(key: string): Promise<number>;
+  scan(cursor: string, match?: string, count?: number): Promise<[string, string[]]>;
+}
+
+/**
+ * Redis-based session store implementation
+ * Stores session data in Redis with automatic expiration
+ */
+export class RedisStore implements SessionStore {
+  private readonly config: Required<RedisStoreConfig>;
+  private readonly client: MockRedisClient;
+  private readonly userSessionsKey = 'user_sessions:';
+
+  constructor(config: RedisStoreConfig) {
+    this.config = {
+      defaultTTL: 3600,
+      maxSessionsPerUser: 5,
+      cleanupInterval: 300,
+      keyPrefix: 'session:',
+      compression: false,
+      serialization: 'json',
+      ...config
+    };
+
+    // Initialize mock Redis client
+    // In production, this would be: new Redis(config.redis)
+    this.client = this.createMockRedisClient();
+  }
+
+  /**
+   * Store session data in Redis
+   * @param sessionId - Session identifier
+   * @param data - Session data to store
+   * @param ttlSeconds - Time to live in seconds
+   */
+  async set(sessionId: string, data: SessionData, ttlSeconds: number): Promise<void> {
+    const key = this.getSessionKey(sessionId);
+    const userSessionsKey = this.getUserSessionsKey(data.userId);
+    
+    // Enforce session limits per user
+    await this.enforceSessionLimits(data.userId);
+
+    // Serialize session data
+    const serializedData = this.serialize(data);
+    
+    // Store session with expiration
+    await this.client.set(key, serializedData, ttlSeconds);
+    
+    // Track user sessions (with longer TTL for cleanup)
+    const userSessionsTTL = Math.max(ttlSeconds, this.config.defaultTTL);
+    await this.client.set(`${userSessionsKey}${sessionId}`, '1', userSessionsTTL);
+  }
+
+  /**
+   * Retrieve session data from Redis
+   * @param sessionId - Session identifier
+   * @returns Session data or null if not found/expired
+   */
+  async get(sessionId: string): Promise<SessionData | null> {
+    const key = this.getSessionKey(sessionId);
+    const serializedData = await this.client.get(key);
+    
+    if (!serializedData) {
+      return null;
+    }
+
+    try {
+      const data = this.deserialize(serializedData);
+      
+      // Double-check expiration (Redis should handle this, but be safe)
+      if (data.expiresAt < new Date()) {
+        await this.delete(sessionId);
+        return null;
+      }
+      
+      return data;
+    } catch (error) {
+      // If deserialization fails, delete the corrupted session
+      globalThis.console.log("error",error)
+    await this.delete(sessionId);
+      return null ;
+    }
+  }
+
+  /**
+   * Delete session from Redis
+   * @param sessionId - Session identifier
+   */
+  async delete(sessionId: string): Promise<void> {
+    const key = this.getSessionKey(sessionId);
+    
+    // Get session data to find user ID
+    const data = await this.get(sessionId);
+    
+    // Delete session
+    await this.client.del(key);
+    
+    // Remove from user sessions tracking
+    if (data) {
+      const userSessionKey = `${this.getUserSessionsKey(data.userId)}${sessionId}`;
+      await this.client.del(userSessionKey);
+    }
+  }
+
+  /**
+   * Delete all sessions for a user
+   * @param userId - User identifier
+   * @returns Number of deleted sessions
+   */
+  async deleteByUserId(userId: string): Promise<number> {
+    const userSessionsPattern = `${this.getUserSessionsKey(userId)}*`;
+    const userSessionKeys = await this.client.keys(userSessionsPattern);
+    
+    let deletedCount = 0;
+    
+    for (const userSessionKey of userSessionKeys) {
+      // Extract session ID from key
+      const sessionId = userSessionKey.replace(this.getUserSessionsKey(userId), '');
+      const sessionKey = this.getSessionKey(sessionId);
+      
+      // Delete both session and user session tracking
+      const sessionDeleted = await this.client.del(sessionKey);
+      await this.client.del(userSessionKey);
+      
+      if (sessionDeleted > 0) {
+        deletedCount++;
+      }
+    }
+    
+    return deletedCount;
+  }
+
+  /**
+   * Update session activity timestamp
+   * @param sessionId - Session identifier
+   */
+  async updateActivity(sessionId: string): Promise<void> {
+    const data = await this.get(sessionId);
+    
+    if (data) {
+      data.lastActivityAt = new Date();
+      
+      // Calculate remaining TTL
+      const remainingTTL = Math.max(0, Math.floor((data.expiresAt.getTime() - Date.now()) / NUMERIX.THOUSAND));
+      
+      if (remainingTTL > 0) {
+        await this.set(sessionId, data, remainingTTL);
+      }
+    }
+  }
+
+  /**
+   * Check if session exists in Redis
+   * @param sessionId - Session identifier
+   * @returns True if session exists
+   */
+  async exists(sessionId: string): Promise<boolean> {
+    const key = this.getSessionKey(sessionId);
+    const exists = await this.client.exists(key);
+    return exists > 0;
+  }
+
+  /**
+   * Get all active sessions for a user
+   * @param userId - User identifier
+   * @returns Array of session data
+   */
+  async getByUserId(userId: string): Promise<SessionData[]> {
+    const userSessionsPattern = `${this.getUserSessionsKey(userId)}*`;
+    const userSessionKeys = await this.client.keys(userSessionsPattern);
+    
+    const sessions: SessionData[] = [];
+    
+    for (const userSessionKey of userSessionKeys) {
+      // Extract session ID from key
+      const sessionId = userSessionKey.replace(this.getUserSessionsKey(userId), '');
+      const sessionData = await this.get(sessionId);
+      
+      if (sessionData) {
+        sessions.push(sessionData);
+      }
+    }
+    
+    return sessions;
+  }
+
+  /**
+   * Clean up expired sessions (Redis handles this automatically, but useful for stats)
+   * @returns Number of cleaned sessions (always 0 for Redis due to auto-expiration)
+   */
+  async cleanup(): Promise<number> {
+    // Redis automatically expires keys, so this is mainly for compatibility
+    // Could be used to clean up orphaned user session tracking keys
+    return 0;
+  }
+
+  /**
+   * Get session count for a user
+   * @param userId - User identifier
+   * @returns Session count
+   */
+  async getSessionCount(userId: string): Promise<number> {
+    const sessions = await this.getByUserId(userId);
+    return sessions.length;
+  }
+
+  /**
+   * Get Redis connection statistics
+   * @returns Connection and usage statistics
+   */
+  async getStats(): Promise<{
+    connected: boolean;
+    totalSessions: number;
+    memoryUsage: string;
+  }> {
+    // Mock implementation - in production would use Redis INFO command
+    return {
+      connected: true,
+      totalSessions: 0, // Would use DBSIZE or scan
+      memoryUsage: '0MB'
+    };
+  }
+
+  /**
+   * Close Redis connection
+   */
+  async disconnect(): Promise<void> {
+    // Mock implementation - in production would close Redis connection
+    globalThis.console.log('Redis connection closed');
+  }
+
+  /**
+   * Get session key with prefix
+   * @param sessionId - Session identifier
+   * @returns Prefixed session key
+   * @private
+   */
+  private getSessionKey(sessionId: string): string {
+    return `${this.config.keyPrefix}${sessionId}`;
+  }
+
+  /**
+   * Get user sessions tracking key
+   * @param userId - User identifier
+   * @returns User sessions key prefix
+   * @private
+   */
+  private getUserSessionsKey(userId: string): string {
+    return `${this.config.keyPrefix}${this.userSessionsKey}${userId}:`;
+  }
+
+  /**
+   * Serialize session data
+   * @param data - Session data to serialize
+   * @returns Serialized string
+   * @private
+   */
+  private serialize(data: SessionData): string {
+    if (this.config.serialization === 'json') {
+      return JSON.stringify(data);
+    }
+    
+    // In production, could use msgpack for better compression
+    return JSON.stringify(data);
+  }
+
+  /**
+   * Deserialize session data
+   * @param serializedData - Serialized session data
+   * @returns Parsed session data
+   * @private
+   */
+  private deserialize(serializedData: string): SessionData {
+    const data = JSON.parse(serializedData);
+    
+    // Convert date strings back to Date objects
+    return {
+      ...data,
+      expiresAt: new Date(data.expiresAt),
+      createdAt: new Date(data.createdAt),
+      lastActivityAt: new Date(data.lastActivityAt)
+    };
+  }
+
+  /**
+   * Enforce session limits per user
+   * @param userId - User identifier
+   * @private
+   */
+  private async enforceSessionLimits(userId: string): Promise<void> {
+    const userSessions = await this.getByUserId(userId);
+    
+    if (userSessions.length >= this.config.maxSessionsPerUser) {
+      // Sort by last activity (oldest first)
+      userSessions.sort((a, b) => a.lastActivityAt.getTime() - b.lastActivityAt.getTime());
+      
+      // Remove oldest sessions to make room
+      const sessionsToRemove = userSessions.length - this.config.maxSessionsPerUser + 1;
+      for (let i = 0; i < sessionsToRemove; i++) {
+        await this.delete(userSessions[i].id);
+      }
+    }
+  }
+
+  /**
+   * Create mock Redis client for development
+   * @returns Mock Redis client
+   * @private
+   */
+  private createMockRedisClient(): MockRedisClient {
+    const storage = new Map<string, { value: string; expires: number }>();
+    
+    return {
+      async set(key: string, value: string, ex: number): Promise<string> {
+        storage.set(key, {
+          value,
+          expires: Date.now() + ex * NUMERIX.THOUSAND
+        });
+        return 'OK';
+      },
+      
+      async get(key: string): Promise<string | null> {
+        const item = storage.get(key);
+        if (!item) return null;
+        
+        if (item.expires < Date.now()) {
+          storage.delete(key);
+          return null;
+        }
+        
+        return item.value;
+      },
+      
+      async del(key: string): Promise<number> {
+        const existed = storage.has(key);
+        storage.delete(key);
+        return existed ? 1 : 0;
+      },
+      
+      async keys(pattern: string): Promise<string[]> {
+        const regex = new RegExp(pattern.replace('*', '.*'));
+        return Array.from(storage.keys()).filter(key => regex.test(key));
+      },
+      
+      async expire(key: string, seconds: number): Promise<number> {
+        const item = storage.get(key);
+        if (!item) return 0;
+        
+        item.expires = Date.now() + seconds * NUMERIX.THOUSAND;
+        storage.set(key, item);
+        return 1;
+      },
+      
+      async exists(key: string): Promise<number> {
+        const item = storage.get(key);
+        if (!item) return 0;
+        
+        if (item.expires < Date.now()) {
+          storage.delete(key);
+          return 0;
+        }
+        
+        return 1;
+      },
+      
+      async scan(cursor: string, match?: string, count?: number): Promise<[string, string[]]> {
+        // Simplified scan implementation
+        const keys = match ? await this.keys(match) : Array.from(storage.keys());
+        return ['0', keys.slice(0, count ?? NUMERIX.TEN)];
+      }
+    };
+  }
+}

package/src/strategies/oauth.strategy.ts

@@ -0,0 +1,128 @@
+import type { UserRepository } from "../db/repositories/user.repository";
+import type { ConnectedAccountRepository } from "../db/repositories/connected-account.repository";
+import type { AuthUser, ConnectedAccount } from "@plyaz/types";
+
+
+export interface OAuthProfile {
+  id: string;
+  email: string;
+  name: string;
+  avatar?: string;
+  provider: string;
+}
+
+export class OAuthStrategy {
+  constructor(
+    private userRepo: UserRepository,
+    private connectedAccountRepo: ConnectedAccountRepository
+  ) {}
+
+  async authenticate(
+    profile: OAuthProfile,
+    accessToken: string,
+    refreshToken?: string
+  ): Promise<AuthUser> {
+    let connectedAccount = await this.connectedAccountRepo.findByProviderAndId(
+      profile.provider,
+      profile.id
+    );
+
+    if (connectedAccount) {
+      await this.updateTokens(connectedAccount.id, accessToken, refreshToken);
+      const user = await this.userRepo.findById(connectedAccount.userId);
+      if (!user) throw new Error("User not found");
+      return user;
+    }
+
+    let user = await this.userRepo.findByEmail(profile.email);
+    user ??= await this.createUserFromProfile(profile);
+    if (!user) throw new Error("Failed to create user");
+
+    connectedAccount = await this.createConnectedAccount(
+      user.id,
+      profile,
+      accessToken,
+      refreshToken
+    );
+
+    return user;
+  }
+
+  private async createUserFromProfile(profile: OAuthProfile): Promise<AuthUser> {
+    return this.userRepo.create({
+      email: profile.email,
+      displayName: profile.name,
+      authProvider: "GOOGLE",
+      isActive: true,
+      isVerified: true,
+    });
+  }
+
+  private async createConnectedAccount(
+    userId: string,
+    profile: OAuthProfile,
+    accessToken: string,
+    refreshToken?: string
+  ): Promise<ConnectedAccount> {
+    return this.connectedAccountRepo.create({
+      userId,
+      providerType: "OAUTH",
+      provider: profile.provider,
+      providerAccountId: profile.id,
+      providerEmail: profile.email,
+      providerDisplayName: profile.name,
+      providerAvatarUrl: profile.avatar,
+      accessTokenEncrypted: accessToken,
+      refreshTokenEncrypted: refreshToken,
+      isVerified: true,
+    });
+  }
+
+  private async updateTokens(
+    accountId: string,
+    accessToken: string,
+    refreshToken?: string
+  ): Promise<void> {
+    await this.connectedAccountRepo.update(accountId, {
+      accessTokenEncrypted: accessToken,
+      refreshTokenEncrypted: refreshToken,
+    });
+  }
+
+  // getAuthorizationUrl(provider: string, redirectUri: string, state?: string): string {
+  //   const baseUrls = {
+  //     google: 'https://accounts.google.com/o/oauth2/v2/auth',
+  //     facebook: 'https://www.facebook.com/v18.0/dialog/oauth',
+  //     github: 'https://github.com/login/oauth/authorize'
+  //   };
+
+  //   const baseUrl = baseUrls[provider as keyof typeof baseUrls] || `https://oauth.${provider}.com/authorize`;
+  //   const params = new URLSearchParams({
+  //     response_type: 'code',
+  //     client_id: 'your_client_id',
+  //     redirect_uri: redirectUri,
+  //     scope: 'email profile',
+  //     ...(state && { state })
+  //   });
+
+  //   return `${baseUrl}?${params.toString()}`;
+  // }
+
+  async linkAccount(
+    userId: string,
+    provider: string,
+    profileData: {id:string,email:string,avatar:string,name:string}
+  ): Promise<ConnectedAccount> {
+    return this.connectedAccountRepo.create({
+      userId,
+      providerType: "OAUTH",
+      provider,
+      providerAccountId: profileData.id,
+      providerEmail: profileData.email,
+      providerDisplayName: profileData.name,
+      providerAvatarUrl: profileData.avatar,
+      isVerified: true,
+      isPrimary: false,
+    });
+  }
+}

package/src/strategies/traditional-auth.strategy.ts

@@ -0,0 +1,116 @@
+import { randomBytes, pbkdf2Sync } from 'crypto';
+import type { UserRepository } from '../db/repositories/user.repository';
+import type { SessionManager } from '../core/session/session.manager';
+import type { AuthTokens, AuthUser, Session } from '@plyaz/types';
+import { AuthenticationError } from '@plyaz/errors';
+import { NUMERIX } from '@plyaz/config';
+import type { JwtManager } from '@/core/jwt/jwt.manager';
+
+export class TraditionalAuthStrategy {
+  constructor(
+    private userRepo: UserRepository,
+    private jwtManager: JwtManager,
+    private sessionManager: SessionManager
+  ) {}
+
+  async authenticate(email: string, password: string): Promise<AuthUser> {
+    const user = await this.userRepo.findByEmail(email);
+    if (!user?.passwordHash) {
+      throw new AuthenticationError('AUTH_INVALID_CREDENTIALS');
+    }
+
+    const isValid = await this.verifyPassword(password, user.passwordHash);
+    if (!isValid) {
+      throw new AuthenticationError('AUTH_INVALID_CREDENTIALS');
+    }
+
+    if (!user.isActive) {
+      throw new AuthenticationError('AUTH_ACCOUNT_LOCKED');
+    }
+
+    if (user.isSuspended) {
+      throw new AuthenticationError('AUTH_ACCOUNT_SUSPENDED');
+    }
+
+    return user;
+  }
+
+  async hashPassword(password: string): Promise<string> {
+    const SALT_LENGTH = 32;
+    const HASH_LENGTH = 64;
+    const salt = randomBytes(SALT_LENGTH).toString('hex');
+    const hash = pbkdf2Sync(password, salt, NUMERIX.THOUSAND, HASH_LENGTH, 'sha512').toString('hex');
+    return `pbkdf2$${salt}$${hash}`;
+  }
+
+  async verifyPassword(password: string, hash: string): Promise<boolean> {
+    const HASH_LENGTH = 64;
+    if (hash.startsWith('pbkdf2$')) {
+      const [, salt, storedHash] = hash.split('$');
+      const computedHash = pbkdf2Sync(password, salt, NUMERIX.THOUSAND, HASH_LENGTH, 'sha512').toString('hex');
+      return computedHash === storedHash;
+    }
+    return false;
+  }
+
+  async signUp(data: {
+    email: string;
+    password: string;
+    displayName: string;
+    firstName?: string;
+    lastName?: string;
+  }): Promise<{ user: AuthUser; session: Session; tokens: AuthTokens }> {
+    // Check if user already exists
+    const existingUser = await this.userRepo.findByEmail(data.email);
+    if (existingUser) {
+      throw new AuthenticationError('AUTH_INVALID_CREDENTIALS');
+    }
+
+    // Hash password
+    const passwordHash = await this.hashPassword(data.password);
+
+    // Create user
+    const user = await this.userRepo.create({
+      email: data.email,
+      displayName: data.displayName,
+      firstName: data.firstName,
+      lastName: data.lastName,
+      passwordHash,
+      authProvider: 'EMAIL',
+      isActive: true,
+      isVerified: false
+    } );
+
+    // Create session
+    const session = await this.sessionManager.createSession(user.id, {
+      provider: 'EMAIL',
+      userAgent: 'test',
+      ipAddress: '127.0.0.1'
+    });
+
+    // Generate tokens
+    const tokens = this.jwtManager.generateTokens(user);
+     
+    return { user, session, tokens };
+  }
+
+  async signIn(data: {
+    email: string;
+    password: string;
+  }): Promise<{ user: AuthUser; session: Session; tokens: AuthTokens }> {
+    // Authenticate user
+    const user = await this.authenticate(data.email, data.password);
+
+    // Create session
+    const session = await this.sessionManager.createSession(user.id, {
+      provider: 'EMAIL',
+      userAgent: 'test',
+      ipAddress: '127.0.0.1'
+    });
+
+    // Generate tokens
+    const tokens = this.jwtManager.generateTokens(user);
+
+    return { user, session, tokens };
+  }
+}

package/src/tokens/index.ts

@@ -0,0 +1,4 @@
+export * from './token-validator';
+export * from './refresh-token-manager';
+export * from '../core/jwt/jwt.manager';
+export * from '../core/blacklist/token.blacklist';