@plyaz/auth 1.0.2 → 1.0.4

package/src/rbac/dynamic-roles.ts

@@ -24,58 +24,12 @@
  */
 
 import { NUMERIX } from "@plyaz/config";
-import { AUTH_EVENTS } from "@plyaz/types";
-
-/**
- * Dynamic role assignment
- */
-export interface DynamicRoleAssignment {
-  /** Assignment ID */
-  id: string;
-  /** User ID */
-  userId: string;
-  /** Role ID or name */
-  roleId: string;
-  /** Assignment conditions */
-  conditions?: Record<string, string>;
-  /** Assignment expiration */
-  expiresAt?: Date;
-  /** Assignment reason */
-  reason?: string;
-  /** Assigned by user ID */
-  assignedBy?: string;
-  /** Assignment metadata */
-  metadata?: Record<string, string>;
-  /** Created at */
-  createdAt: Date;
-  /** Is active */
-  isActive: boolean;
-}
-
-/**
- * Role condition evaluator function
- */
-export type RoleConditionEvaluator = (
-  userId: string,
-  conditions: Record<string, string>,
-  context?: Record<string, string>,
-) => Promise<boolean>;
-
-/**
- * Dynamic roles configuration
- */
-export interface DynamicRolesConfig {
-  /** Enable role expiration */
-  enableExpiration: boolean;
-  /** Default role TTL in seconds */
-  defaultTTL: number;
-  /** Enable condition evaluation */
-  enableConditions: boolean;
-  /** Maximum assignments per user */
-  maxAssignmentsPerUser: number;
-  /** Enable audit logging */
-  enableAuditLog: boolean;
-}
+import {
+  AUTH_EVENTS,
+  type DynamicRolesConfig,
+  type DynamicRoleAssignment,
+  type RoleConditionEvaluator,
+} from "@plyaz/types";
 
 /**
  * Dynamic roles manager implementation
@@ -124,7 +78,7 @@ export class DynamicRoles {
     conditions?: Record<string, string>,
     expiresAt?: Date,
     assignedBy?: string,
-    reason?: string,
+    reason?: string
   ): Promise<string> {
     // Check assignment limits
     await this.enforceAssignmentLimits(userId);
@@ -183,7 +137,7 @@ export class DynamicRoles {
     conditions?: Record<string, string>,
     duration: number = this.config.defaultTTL,
     assignedBy?: string,
-    reason?: string,
+    reason?: string
   ): Promise<string> {
     const expiresAt = new Date(Date.now() + duration * NUMERIX.THOUSAND);
 
@@ -193,7 +147,7 @@ export class DynamicRoles {
       conditions,
       expiresAt,
       assignedBy,
-      reason ?? "Temporary assignment",
+      reason ?? "Temporary assignment"
     );
   }
 
@@ -206,7 +160,7 @@ export class DynamicRoles {
   async revokeAssignment(
     assignmentId: string,
     revokedBy?: string,
-    reason?: string,
+    reason?: string
   ): Promise<void> {
     const assignment = this.assignments.get(assignmentId);
 
@@ -244,7 +198,7 @@ export class DynamicRoles {
   async revokeAllUserAssignments(
     userId: string,
     revokedBy?: string,
-    reason?: string,
+    reason?: string
   ): Promise<void> {
     const userAssignmentSet = this.userAssignments.get(userId);
 
@@ -267,7 +221,7 @@ export class DynamicRoles {
    */
   async getUserRoles(
     userId: string,
-    context?: Record<string, string>,
+    context?: Record<string, string>
   ): Promise<string[]> {
     const userAssignmentSet = this.userAssignments.get(userId);
 
@@ -296,7 +250,7 @@ export class DynamicRoles {
         const conditionsMet = await this.evaluateConditions(
           userId,
           assignment.conditions,
-          context,
+          context
         );
 
         if (!conditionsMet) {
@@ -320,7 +274,7 @@ export class DynamicRoles {
   async hasRole(
     userId: string,
     roleId: string,
-    context?: Record<string, string>,
+    context?: Record<string, string>
   ): Promise<boolean> {
     const userRoles = await this.getUserRoles(userId, context);
     return userRoles.includes(roleId);
@@ -343,7 +297,7 @@ export class DynamicRoles {
    */
   getUserAssignments(
     userId: string,
-    includeInactive = false,
+    includeInactive = false
   ): DynamicRoleAssignment[] {
     const userAssignmentSet = this.userAssignments.get(userId);
 
@@ -371,7 +325,7 @@ export class DynamicRoles {
    */
   registerConditionEvaluator(
     conditionType: string,
-    evaluator: RoleConditionEvaluator,
+    evaluator: RoleConditionEvaluator
   ): void {
     this.conditionEvaluators.set(conditionType, evaluator);
   }
@@ -383,7 +337,7 @@ export class DynamicRoles {
    */
   async extendAssignment(
     assignmentId: string,
-    newExpiresAt: Date,
+    newExpiresAt: Date
   ): Promise<void> {
     const assignment = this.assignments.get(assignmentId);
 
@@ -482,7 +436,7 @@ export class DynamicRoles {
   private async evaluateConditions(
     userId: string,
     conditions: Record<string, string>,
-    context?: Record<string, string>,
+    context?: Record<string, string>
   ): Promise<boolean> {
     for (const [conditionType, conditionValue] of Object.entries(conditions)) {
       const evaluator = this.conditionEvaluators.get(conditionType);
@@ -491,7 +445,7 @@ export class DynamicRoles {
         const result = await evaluator(
           userId,
           { [conditionType]: conditionValue },
-          context,
+          context
         );
         if (!result) {
           return false;
@@ -517,7 +471,7 @@ export class DynamicRoles {
 
     if (userAssignments.length >= this.config.maxAssignmentsPerUser) {
       throw new Error(
-        `Maximum assignments per user exceeded: ${this.config.maxAssignmentsPerUser}`,
+        `Maximum assignments per user exceeded: ${this.config.maxAssignmentsPerUser}`
       );
     }
   }
@@ -541,7 +495,7 @@ export class DynamicRoles {
       async () => {
         await this.cleanupExpiredAssignments();
       },
-      NUMERIX.FIVE * NUMERIX.SIXTY * NUMERIX.THOUSAND,
+      NUMERIX.FIVE * NUMERIX.SIXTY * NUMERIX.THOUSAND
     );
   }
 
@@ -571,7 +525,7 @@ export class DynamicRoles {
   private emitRoleRevokedEvent(
     assignment: DynamicRoleAssignment,
     revokedBy?: string,
-    reason?: string,
+    reason?: string
   ): void {
     // Mock event emission - in real implementation would use event system
     globalThis.console.log(`Event: ${AUTH_EVENTS.ROLE_REVOKED}`, {

package/src/rbac/permission-checker.ts

@@ -24,44 +24,15 @@
 
 import { NUMERIX } from "@plyaz/config";
 import type {
+  GetUserRoleRepository,
   Permission,
   PermissionCheckerConfig,
   PermissionCheckResult,
   PermissionContext,
   Role,
+  RoleRepository,
 } from "@plyaz/types";
 
-/**
- * Permission checker implementation
- * Validates user permissions with context and conditions
- */
-// RoleRepository interface based on PermissionChecker usage
-export interface RoleRepository {
-  /**
-   * Get all roles assigned to a user
-   * @param userId - User identifier
-   * @returns Array of Role objects
-   */
-  getUserRoles(userId: string): Promise<Role[]>;
-
-  /**
-   * Get all permissions assigned to a role
-   * @param roleId - Role identifier
-   * @returns Array of Permission objects
-   */
-  getRolePermissions(roleId: string): Promise<Permission[]>;
-}
-
-// UserRepository interface based on PermissionChecker usage
-export interface UserRepository {
-  /**
-   * Get all roles assigned to a user
-   * @param userId - User identifier
-   * @returns Array of Role objects
-   */
-  getUserRoles(userId: string): Promise<Role[]>;
-}
-
 export class PermissionChecker {
   private readonly config: PermissionCheckerConfig;
   private readonly permissionCache = new Map<
@@ -71,7 +42,7 @@ export class PermissionChecker {
 
   constructor(
     config: Partial<PermissionCheckerConfig> = {},
-    private userRepository?: UserRepository,
+    private userRepository?: GetUserRoleRepository,
     private roleRepository?: RoleRepository,
   ) {
     this.config = {

package/src/rbac/role-hierarchy.ts

@@ -24,36 +24,6 @@
 
 import type { Role, RoleHierarchyConfig, RoleNode } from "@plyaz/types";
 
-// /**
-//  * Role hierarchy node
-//  */
-// export interface RoleNode {
-//   /** Role information */
-//   role: Role;
-//   /** Parent roles (higher hierarchy) */
-//   parents: Set<string>;
-//   /** Child roles (lower hierarchy) */
-//   children: Set<string>;
-//   /** Direct permissions */
-//   permissions: Set<string>;
-//   /** Inherited permissions (computed) */
-//   inheritedPermissions?: Set<string>;
-// }
-
-// /**
-//  * Role hierarchy configuration
-//  */
-// export interface RoleHierarchyConfig {
-//   /** Enable permission inheritance */
-//   enableInheritance: boolean;
-//   /** Maximum hierarchy depth */
-//   maxDepth: number;
-//   /** Enable circular dependency detection */
-//   detectCircular: boolean;
-//   /** Cache inherited permissions */
-//   cacheInheritance: boolean;
-// }
-
 /**
  * Role hierarchy manager implementation
  * Manages role relationships and permission inheritance

package/src/server/decorators/current-user.decorator.ts

@@ -5,7 +5,8 @@
 
 import type { ExecutionContext } from "@nestjs/common";
 import { createParamDecorator } from "@nestjs/common";
-import type { User } from "@/common/types/auth.types";
+import type { UserInfo } from "@plyaz/types";
+
 
 /**
  * Parameter decorator to inject authenticated user into controller methods
@@ -20,7 +21,7 @@ import type { User } from "@/common/types/auth.types";
  * ```
  */
 export const CurrentUser = createParamDecorator(
-  (data: keyof User | undefined, ctx: ExecutionContext): User => {
+  (data: keyof UserInfo | undefined, ctx: ExecutionContext): UserInfo => {
     const request = ctx.switchToHttp().getRequest();
     const user = request.user;
 

package/src/server/middleware/session.middleware.ts

@@ -28,21 +28,8 @@ import type { Request, Response, NextFunction } from "express";
 import type { TokenService } from "../services/token.service";
 import type { SessionService } from "../services/session.service";
 import { NUMERIX } from "@plyaz/config";
+import type { SessionMiddlewareConfig } from "@plyaz/types";
 
-/**
- * Session middleware configuration
- */
-interface SessionMiddlewareConfig {
-  /** Refresh threshold in seconds (default: 300 = 5 minutes) */
-  refreshThreshold: number;
-  /** Cookie options for tokens */
-  cookieOptions: {
-    httpOnly: boolean;
-    secure: boolean;
-    sameSite: "strict" | "lax" | "none";
-    path: string;
-  };
-}
 
 /**
  * Session middleware implementation

package/src/server/services/auth.service.ts

@@ -2,13 +2,10 @@ import { Injectable } from "@nestjs/common";
 
 import type { SessionManager } from "../../core/session/session.manager";
 import type { TraditionalAuthStrategy } from "../../strategies/traditional-auth.strategy";
-import type {
-  OAuthStrategy,
-  OAuthProfile,
-} from "../../strategies/oauth.strategy";
+import type { OAuthStrategy } from "../../strategies/oauth.strategy";
 import type { UserRepository } from "../../db/repositories/user.repository";
-import type { User, AuthTokens } from "../../common/types/auth.types";
-import type { Session } from "@plyaz/types";
+
+import type { AuthTokens, OAuthProfile, Session, UserInfo } from "@plyaz/types";
 import type { JwtManager } from "@/core/jwt/jwt.manager";
 
 @Injectable()
@@ -19,18 +16,18 @@ export class AuthService {
     private sessionManager: SessionManager,
     private traditionalAuth: TraditionalAuthStrategy,
     private oauthAuth: OAuthStrategy,
-    private userRepo: UserRepository,
+    private userRepo: UserRepository
   ) {}
 
   async signIn(
     email: string,
     password: string,
-    deviceInfo: Record<string, unknown>,
-  ): Promise<{ user: User; tokens: AuthTokens; session: Session }> {
+    deviceInfo: Record<string, unknown>
+  ): Promise<{ user: UserInfo; tokens: AuthTokens; session: Session }> {
     const user = await this.traditionalAuth.authenticate(email, password);
     const session = await this.sessionManager.createSession(
       user.id,
-      deviceInfo,
+      deviceInfo
     );
     const tokens = this.jwtManager.generateTokens(user);
 
@@ -43,7 +40,10 @@ export class AuthService {
     };
   }
 
-  async signUp(userData: Partial<User>, password: string): Promise<User> {
+  async signUp(
+    userData: Partial<UserInfo>,
+    password: string
+  ): Promise<UserInfo> {
     const passwordHash = await this.traditionalAuth.hashPassword(password);
 
     return this.userRepo.create({
@@ -76,7 +76,7 @@ export class AuthService {
     return { ...tokens, refreshToken: tokens.refreshToken ?? "" };
   }
 
-  async validateUser(userId: string): Promise<User | null> {
+  async validateUser(userId: string): Promise<UserInfo | null> {
     return this.userRepo.findById(userId);
   }
 
@@ -84,16 +84,16 @@ export class AuthService {
     profile: OAuthProfile,
     accessToken: string,
     refreshToken?: string,
-    deviceInfo?: Record<string, unknown>,
-  ): Promise<{ user: User; tokens: AuthTokens; session: Session }> {
+    deviceInfo?: Record<string, unknown>
+  ): Promise<{ user: UserInfo; tokens: AuthTokens; session: Session }> {
     const user = await this.oauthAuth.authenticate(
       profile,
       accessToken,
-      refreshToken,
+      refreshToken
     );
     const session = await this.sessionManager.createSession(
       user.id,
-      deviceInfo ?? {},
+      deviceInfo ?? {}
     );
     const tokens = this.jwtManager.generateTokens(user);
 

package/src/server/services/session.service.ts

@@ -26,11 +26,10 @@
 import { Injectable, Logger } from "@nestjs/common";
 import type {
   EnhancedSessionManager,
-  UserContext,
-  SessionCreationData,
+
 } from "../../session/enhanced-session-manager";
 
-import type { Session, SessionData } from "@plyaz/types";
+import type { Session, SessionCreationData, SessionData, UserSessionContext } from "@plyaz/types";
 import { AUTH_EVENTS } from "@plyaz/types";
 
 /**
@@ -50,7 +49,7 @@ export class SessionService {
    * @returns Created session
    */
   async createSession(
-    userContext: UserContext,
+    userContext: UserSessionContext,
     sessionData: SessionCreationData = {},
   ): Promise<Session> {
     this.logger.debug(`Creating session for user: ${userContext.userId}`);

package/src/server/services/token.service.ts

@@ -25,13 +25,13 @@
 import { Injectable, Logger } from "@nestjs/common";
 import type {
   TokenValidator,
-  ValidatedTokenPayload,
-  TokenValidationResult,
+
 } from "../../tokens/token-validator";
 import type {
   RefreshTokenManager,
-  TokenPair,
+
 } from "../../tokens/refresh-token-manager";
+import type  { TokenPair, TokenValidationResult, ValidatedTokenPayload } from "@plyaz/types";
 
 /**
  * Token service implementation

package/src/session/cookie-store.ts

@@ -24,31 +24,31 @@
 
 import { NUMERIX } from "@plyaz/config";
 import type {
+  CookieStoreConfig,
   SessionData,
   SessionStore,
-  SessionStoreConfig,
 } from "@plyaz/types";
 import { createCipher, createDecipher } from "crypto";
 
 /**
  * Cookie store configuration
- */
-export interface CookieStoreConfig extends Partial<SessionStoreConfig> {
-  /** Secret key for encryption */
-  secretKey: string;
-  /** Cookie name */
-  cookieName: string;
-  /** Cookie domain */
-  domain?: string;
-  /** Cookie path */
-  path?: string;
-  /** Secure flag (HTTPS only) */
-  secure?: boolean;
-  /** HttpOnly flag */
-  httpOnly?: boolean;
-  /** SameSite policy */
-  sameSite?: "strict" | "lax" | "none";
-}
+//  */
+// export interface CookieStoreConfig extends Partial<SessionStoreConfig> {
+//   /** Secret key for encryption */
+//   secretKey: string;
+//   /** Cookie name */
+//   cookieName: string;
+//   /** Cookie domain */
+//   domain?: string;
+//   /** Cookie path */
+//   path?: string;
+//   /** Secure flag (HTTPS only) */
+//   secure?: boolean;
+//   /** HttpOnly flag */
+//   httpOnly?: boolean;
+//   /** SameSite policy */
+//   sameSite?: "strict" | "lax" | "none";
+// }
 
 /**
  * Cookie-based session store implementation

package/src/session/enhanced-session-manager.ts

@@ -22,58 +22,11 @@
  * ```
  */
 
-import type { Session, SessionData, SessionStore } from "@plyaz/types";
+import type { EnhancedSessionManagerConfig, Session, SessionCreationData, SessionData, SessionStore, UserSessionContext } from "@plyaz/types";
 import { randomBytes } from "crypto";
 import { CSRFProtection } from "../security";
 import { NUMERIX } from "@plyaz/config";
 
-/**
- * User context for session creation
- */
-export interface UserContext {
-  /** User ID */
-  userId: string;
-  /** User email */
-  email?: string;
-  /** User roles */
-  roles?: string[];
-  /** Additional user metadata */
-  metadata?: Record<string, unknown>;
-}
-
-/**
- * Session creation data
- */
-export interface SessionCreationData {
-  /** IP address */
-  ipAddress?: string;
-  /** User agent string */
-  userAgent?: string;
-  /** Device information */
-  deviceInfo?: Record<string, unknown>;
-  /** Additional session metadata */
-  metadata?: Record<string, unknown>;
-}
-
-/**
- * Enhanced session manager configuration
- */
-export interface EnhancedSessionManagerConfig {
-  /** Session store implementation */
-  store: SessionStore;
-  /** Default session TTL in seconds */
-  sessionTTL: number;
-  /** Maximum concurrent sessions per user */
-  maxConcurrentSessions: number;
-  /** Enable CSRF protection */
-  enableCSRF: boolean;
-  /** CSRF token TTL in seconds */
-  csrfTTL: number;
-  /** Enable session refresh */
-  enableRefresh: boolean;
-  /** Session refresh threshold (seconds before expiry) */
-  refreshThreshold: number;
-}
 
 /**
  * Enhanced session manager implementation
@@ -109,7 +62,7 @@ export class EnhancedSessionManager {
    * @returns Created session
    */
   async createSession(
-    userContext: UserContext,
+    userContext: UserSessionContext,
     sessionData: SessionCreationData = {},
   ): Promise<Session> {
     // Generate unique session ID

package/src/session/redis-store.ts

@@ -24,60 +24,12 @@
 
 import { NUMERIX } from "@plyaz/config";
 import type {
+  MockRedisClient,
+  RedisStoreConfig,
   SessionData,
   SessionStore,
-  SessionStoreConfig,
 } from "@plyaz/types";
 
-/**
- * Redis connection configuration
- */
-export interface RedisConfig {
-  /** Redis host */
-  host: string;
-  /** Redis port */
-  port: number;
-  /** Redis password */
-  password?: string;
-  /** Redis database number */
-  db?: number;
-  /** Connection timeout in milliseconds */
-  connectTimeout?: number;
-  /** Command timeout in milliseconds */
-  commandTimeout?: number;
-  /** Enable TLS */
-  tls?: boolean;
-}
-
-/**
- * Redis store configuration
- */
-export interface RedisStoreConfig extends Partial<SessionStoreConfig> {
-  /** Redis connection configuration */
-  redis: RedisConfig;
-  /** Enable compression for large sessions */
-  compression?: boolean;
-  /** Serialization format */
-  serialization?: "json" | "msgpack";
-}
-
-/**
- * Mock Redis client interface for development
- * In production, this would be replaced with actual Redis client (ioredis, node-redis, etc.)
- */
-interface MockRedisClient {
-  set(key: string, value: string, ex: number): Promise<string>;
-  get(key: string): Promise<string | null>;
-  del(key: string): Promise<number>;
-  keys(pattern: string): Promise<string[]>;
-  expire(key: string, seconds: number): Promise<number>;
-  exists(key: string): Promise<number>;
-  scan(
-    cursor: string,
-    match?: string,
-    count?: number,
-  ): Promise<[string, string[]]>;
-}
 
 /**
  * Redis-based session store implementation

package/src/strategies/oauth.strategy.ts

@@ -1,14 +1,7 @@
 import type { UserRepository } from "../db/repositories/user.repository";
 import type { ConnectedAccountRepository } from "../db/repositories/connected-account.repository";
-import type { AuthUser, ConnectedAccount } from "@plyaz/types";
+import type { AuthUser, ConnectedAccount, OAuthProfile } from "@plyaz/types";
 
-export interface OAuthProfile {
-  id: string;
-  email: string;
-  name: string;
-  avatar?: string;
-  provider: string;
-}
 
 export class OAuthStrategy {
   constructor(