@plyaz/types 1.27.7 → 1.27.9

package/dist/auth/types.d.ts

@@ -344,6 +344,7 @@ export interface Permission {
     metadata?: Record<string, unknown>;
     createdAt: Date;
     updatedAt: Date;
+    conditions?: Record<string, unknown>;
 }
 /**
  * Role-Permission mapping (backoffice only).
@@ -765,7 +766,7 @@ export type AuthErrorDefinition = (typeof AUTH_ERROR_DEFINITIONS)[AuthErrorCodeV
 /**
  * Type for authentication error codes
  */
-export type AuthErrorCode = typeof AUTH_ERROR_CODES[keyof typeof AUTH_ERROR_CODES];
+export type AuthErrorCode = (typeof AUTH_ERROR_CODES)[keyof typeof AUTH_ERROR_CODES];
 /**
  * Error code to HTTP status mapping
  * Maps error codes to appropriate HTTP status codes
@@ -775,3 +776,267 @@ export declare const ERROR_CODE_TO_HTTP_STATUS: Record<AuthErrorCode, number>;
  * Error code descriptions for logging and debugging
  */
 export declare const ERROR_CODE_DESCRIPTIONS: Record<AuthErrorCode, string>;
+/**
+ * @fileoverview Interfaces and types for @plyaz/auth
+ * @module @plyaz/auth/interfaces
+ */
+export interface AuthUser {
+    id: string;
+    email: string;
+    clerkUserId?: string;
+    authProvider: string;
+    firstName?: string;
+    lastName?: string;
+    displayName: string;
+    avatarUrl?: string;
+    phoneNumber?: string;
+    isActive: boolean;
+    isVerified: boolean;
+    createdAt: Date;
+    updatedAt: Date;
+    lastLoginAt?: Date;
+    roles?: string[];
+    passwordHash?: string;
+    isSuspended?: boolean;
+}
+export interface UserRepository {
+    findById(id: string): Promise<AuthUser | null>;
+    findByEmail(email: string): Promise<AuthUser | null>;
+    create(data: CreateUserData): Promise<AuthUser>;
+    update(id: string, data: UpdateUserData): Promise<AuthUser>;
+    delete(id: string): Promise<void>;
+}
+export interface SessionRepository {
+    create(data: CreateSessionData): Promise<Session>;
+    findById(id: string): Promise<Session | null>;
+    findByUserId(userId: string): Promise<Session[]>;
+    invalidate(sessionId: string): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    deleteByUserId(userId: string): Promise<void>;
+    updateLastActive(sessionId: string): Promise<void>;
+}
+export interface ConnectedAccountRepository {
+    create(data: CreateConnectedAccountData): Promise<ConnectedAccount>;
+    findById(id: string): Promise<ConnectedAccount | null>;
+    findByUserId(userId: string): Promise<ConnectedAccount[]>;
+    findByProvider(provider: string, providerAccountId: string): Promise<ConnectedAccount | null>;
+    update(id: string, data: UpdateConnectedAccountData): Promise<ConnectedAccount>;
+    delete(id: string): Promise<void>;
+}
+export interface JWTConfig {
+    privateKey: string;
+    publicKey: string;
+    issuer: string;
+    audience: string;
+    accessTokenTTL: string;
+    refreshTokenTTL: string;
+    algorithm?: string;
+}
+export interface SessionConfig {
+    maxConcurrentSessions: number;
+    sessionTTL: number;
+    cleanupInterval: number;
+}
+/**
+ * @fileoverview OAuth provider constants for @plyaz/auth
+ * @module @plyaz/auth/constants/oauth-providers
+ *
+ * @description
+ * Defines supported OAuth providers and their configurations.
+ * Used by adapters, strategies, and frontend components to handle
+ * OAuth authentication flows. Provides standardized provider names
+ * and metadata for consistent provider handling.
+ *
+ * @example
+ * ```typescript
+ * import { OAUTH_PROVIDERS, OAuthProviderConfig } from '@plyaz/auth';
+ *
+ * const googleConfig = OAUTH_PROVIDER_CONFIGS[OAUTH_PROVIDERS.GOOGLE];
+ * const authUrl = `${googleConfig.authUrl}?client_id=${clientId}`;
+ * ```
+ */
+/**
+ * Supported OAuth providers
+ * Standardized provider identifiers used throughout the system
+ */
+export declare const OAUTH_PROVIDERS: {
+    /** Google OAuth 2.0 */
+    readonly GOOGLE: "GOOGLE";
+    /** Facebook OAuth 2.0 */
+    readonly FACEBOOK: "FACEBOOK";
+    /** Apple Sign In */
+    readonly APPLE: "APPLE";
+    /** GitHub OAuth 2.0 */
+    readonly GITHUB: "GITHUB";
+    /** Twitter OAuth 2.0 */
+    readonly TWITTER: "TWITTER";
+    /** LinkedIn OAuth 2.0 */
+    readonly LINKEDIN: "LINKEDIN";
+    /** Discord OAuth 2.0 */
+    readonly DISCORD: "DISCORD";
+    /** Microsoft OAuth 2.0 */
+    readonly MICROSOFT: "MICROSOFT";
+};
+/**
+ * Type for OAuth provider names
+ */
+export type OAuthProvider = typeof OAUTH_PROVIDERS[keyof typeof OAUTH_PROVIDERS];
+/**
+ * OAuth provider configuration interface
+ */
+export interface OAuthProviderConfig {
+    /** Provider display name */
+    name: string;
+    /** OAuth authorization URL */
+    authUrl: string;
+    /** OAuth token exchange URL */
+    tokenUrl: string;
+    /** OAuth user info URL */
+    userInfoUrl: string;
+    /** Required OAuth scopes */
+    scopes: string[];
+    /** Provider brand color (for UI) */
+    brandColor: string;
+    /** Provider icon name (for UI) */
+    iconName: string;
+}
+/**
+ * Role assignment data
+ */
+export interface RoleAssignmentData {
+    /** User ID */
+    userId: string;
+    /** Role ID */
+    roleId: string;
+    /** Role name/code */
+    role: string;
+    /** Is primary role */
+    isPrimary?: boolean;
+    /** Assignment status */
+    status?: 'ACTIVE' | 'INACTIVE' | 'SUSPENDED';
+    /** Assigned by user ID */
+    assignedBy?: string;
+    /** Assignment reason */
+    assignedReason?: string;
+    /** Assignment expiration */
+    expiresAt?: Date;
+}
+/**
+ * Role repository interface
+ */
+export interface RoleRepositoryInterface {
+    findByScope(scope: 'B2C' | 'B2B'): Promise<Role[]>;
+    findUserRoles(userId: string): Promise<Role[]>;
+    assignRole(userId: string, roleId: string, assignedBy?: string, reason?: string): Promise<void>;
+    revokeRole(userId: string, roleId: string, revokedBy?: string, reason?: string): Promise<void>;
+    getRolePermissions(roleId: string): Promise<Permission[]>;
+}
+/**
+ * Dynamic role assignment
+ */
+export interface DynamicRoleAssignment {
+    /** Assignment ID */
+    id: string;
+    /** User ID */
+    userId: string;
+    /** Role ID or name */
+    roleId: string;
+    /** Assignment conditions */
+    conditions?: Record<string, unknown>;
+    /** Assignment expiration */
+    expiresAt?: Date;
+    /** Assignment reason */
+    reason?: string;
+    /** Assigned by user ID */
+    assignedBy?: string;
+    /** Assignment metadata */
+    metadata?: Record<string, unknown>;
+    /** Created at */
+    createdAt: Date;
+    /** Is active */
+    isActive: boolean;
+}
+/**
+ * Role condition evaluator function
+ */
+export type RoleConditionEvaluator = (userId: string, conditions: Record<string, unknown>, context?: Record<string, unknown>) => Promise<boolean>;
+/**
+ * Dynamic roles configuration
+ */
+export interface DynamicRolesConfig {
+    /** Enable role expiration */
+    enableExpiration: boolean;
+    /** Default role TTL in seconds */
+    defaultTTL: number;
+    /** Enable condition evaluation */
+    enableConditions: boolean;
+    /** Maximum assignments per user */
+    maxAssignmentsPerUser: number;
+    /** Enable audit logging */
+    enableAuditLog: boolean;
+}
+/**
+ * Role hierarchy node
+ */
+export interface RoleNode {
+    /** Role information */
+    role: Role;
+    /** Parent roles (higher hierarchy) */
+    parents: Set<string>;
+    /** Child roles (lower hierarchy) */
+    children: Set<string>;
+    /** Direct permissions */
+    permissions: Set<string>;
+    /** Inherited permissions (computed) */
+    inheritedPermissions?: Set<string>;
+}
+/**
+ * Role hierarchy configuration
+ */
+export interface RoleHierarchyConfig {
+    /** Enable permission inheritance */
+    enableInheritance: boolean;
+    /** Maximum hierarchy depth */
+    maxDepth: number;
+    /** Enable circular dependency detection */
+    detectCircular: boolean;
+    /** Cache inherited permissions */
+    cacheInheritance: boolean;
+}
+export interface RoleConfig {
+    hierarchyEnabled: boolean;
+    cacheEnabled: boolean;
+    cacheTTL: number;
+}
+export interface PermissionContext {
+    /** Resource owner ID */
+    ownerId?: string;
+    /** Organization ID */
+    organizationId?: string;
+    /** Additional context data */
+    [key: string]: unknown;
+}
+/**
+ * Permission check result
+ */
+export interface PermissionCheckResult {
+    /** Permission granted */
+    granted: boolean;
+    /** Reason for decision */
+    reason: string;
+    /** Matched permission (if any) */
+    matchedPermission?: Permission;
+    /** Applied conditions */
+    conditions?: Record<string, unknown>;
+}
+/**
+ * Permission checker configuration
+ */
+export interface PermissionCheckerConfig {
+    /** Enable permission caching */
+    enableCaching: boolean;
+    /** Cache TTL in seconds */
+    cacheTTL: number;
+    /** Enable audit logging */
+    enableAuditLog: boolean;
+}

package/dist/index.cjs

@@ -5988,6 +5988,46 @@ var AUTH_ERROR_DEFINITIONS = {
     retryable: false
   }
 };
+var USERROLESTATUS = /* @__PURE__ */ ((USERROLESTATUS2) => {
+  USERROLESTATUS2["ACTIVE"] = "ACTIVE";
+  USERROLESTATUS2["INACTIVE"] = "INACTIVE";
+  USERROLESTATUS2["SUSPENDED"] = "SUSPENDED";
+  return USERROLESTATUS2;
+})(USERROLESTATUS || {});
+var AUTHPROVIDER = /* @__PURE__ */ ((AUTHPROVIDER2) => {
+  AUTHPROVIDER2["EMAIL"] = "EMAIL";
+  AUTHPROVIDER2["CLERK"] = "CLERK";
+  AUTHPROVIDER2["GOOGLE"] = "GOOGLE";
+  AUTHPROVIDER2["FACEBOOK"] = "FACEBOOK";
+  AUTHPROVIDER2["APPLE"] = "APPLE";
+  AUTHPROVIDER2["WEB3"] = "WEB3";
+  AUTHPROVIDER2["NEXTAUTH"] = "NEXTAUTH";
+  return AUTHPROVIDER2;
+})(AUTHPROVIDER || {});
+var TOKENTYPE = /* @__PURE__ */ ((TOKENTYPE2) => {
+  TOKENTYPE2["BEARER"] = "Bearer";
+  TOKENTYPE2["JWT"] = "JWT";
+  return TOKENTYPE2;
+})(TOKENTYPE || {});
+var PROVIDERTYPE = /* @__PURE__ */ ((PROVIDERTYPE2) => {
+  PROVIDERTYPE2["OAUTH"] = "OAUTH";
+  PROVIDERTYPE2["WEB3"] = "WEB3";
+  PROVIDERTYPE2["EMAIL"] = "EMAIL";
+  return PROVIDERTYPE2;
+})(PROVIDERTYPE || {});
+var SESSIONSTATUS = /* @__PURE__ */ ((SESSIONSTATUS2) => {
+  SESSIONSTATUS2["ACTIVE"] = "ACTIVE";
+  SESSIONSTATUS2["EXPIRED"] = "EXPIRED";
+  SESSIONSTATUS2["REVOKED"] = "REVOKED";
+  return SESSIONSTATUS2;
+})(SESSIONSTATUS || {});
+var MFATYPE = /* @__PURE__ */ ((MFATYPE2) => {
+  MFATYPE2["TOTP"] = "TOTP";
+  MFATYPE2["SMS"] = "SMS";
+  MFATYPE2["EMAIL"] = "EMAIL";
+  MFATYPE2["BackupCodes"] = "BACKUP_CODES";
+  return MFATYPE2;
+})(MFATYPE || {});
 var DEFAULT_PASSWORD = 8;
 var ContactUsFormSchema = zod.z.object({
   name: zod.z.string({ error: "errors.form.missingField" }).min(1, "errors.form.nameMissing"),
@@ -6048,6 +6088,24 @@ var ERROR_CODE_DESCRIPTIONS = {
   [AUTH_ERROR_CODES.ACCOUNT_LOCKED]: "errors.auth.account_locked",
   [AUTH_ERROR_CODES.ACCOUNT_SUSPENDED]: "errors.auth.account_suspended"
 };
+var OAUTH_PROVIDERS = {
+  /** Google OAuth 2.0 */
+  GOOGLE: "GOOGLE",
+  /** Facebook OAuth 2.0 */
+  FACEBOOK: "FACEBOOK",
+  /** Apple Sign In */
+  APPLE: "APPLE",
+  /** GitHub OAuth 2.0 */
+  GITHUB: "GITHUB",
+  /** Twitter OAuth 2.0 */
+  TWITTER: "TWITTER",
+  /** LinkedIn OAuth 2.0 */
+  LINKEDIN: "LINKEDIN",
+  /** Discord OAuth 2.0 */
+  DISCORD: "DISCORD",
+  /** Microsoft OAuth 2.0 */
+  MICROSOFT: "MICROSOFT"
+};
 
 // src/auth/auth-events.ts
 var AUTH_EVENTS = {
@@ -9114,6 +9172,7 @@ exports.API_ERROR_CODES = API_ERROR_CODES;
 exports.APP_CONTEXTS = APP_CONTEXTS;
 exports.ATHLETE_PROFILE_ERRORS = ATHLETE_PROFILE_ERRORS;
 exports.AUDIT_OPERATION = AUDIT_OPERATION;
+exports.AUTHPROVIDER = AUTHPROVIDER;
 exports.AUTH_ERROR_CODES = AUTH_ERROR_CODES;
 exports.AUTH_ERROR_DEFINITIONS = AUTH_ERROR_DEFINITIONS;
 exports.AUTH_EVENTS = AUTH_EVENTS;
@@ -9235,6 +9294,7 @@ exports.MEDIA_ENTITY = MEDIA_ENTITY;
 exports.MEDIA_EXTENSIONS = MEDIA_EXTENSIONS;
 exports.MEDIA_MIME_PREFIXES = MEDIA_MIME_PREFIXES;
 exports.MEDIA_VARIANT_TYPE = MEDIA_VARIANT_TYPE;
+exports.MFATYPE = MFATYPE;
 exports.MIME_TYPES = MIME_TYPES;
 exports.NETWORK_CONFIDENCE_LEVELS = NETWORK_CONFIDENCE_LEVELS;
 exports.NETWORK_EVENTS = NETWORK_EVENTS;
@@ -9247,6 +9307,7 @@ exports.NOTIFICATION_PROVIDERS = NOTIFICATION_PROVIDERS;
 exports.NetworkPresetNames = NetworkPresetNames;
 exports.NotificationCategorySchema = NotificationCategorySchema;
 exports.NotificationEventAction = NotificationEventAction;
+exports.OAUTH_PROVIDERS = OAUTH_PROVIDERS;
 exports.OBSERVABILITY_METRICS = OBSERVABILITY_METRICS;
 exports.OBSERVABILITY_SPANS = OBSERVABILITY_SPANS;
 exports.ONBOARD_LINK_TYPE = ONBOARD_LINK_TYPE;
@@ -9271,6 +9332,7 @@ exports.PERFORMANCE_EVENTS = PERFORMANCE_EVENTS;
 exports.PERFORMANCE_METRIC_TYPE = PERFORMANCE_METRIC_TYPE;
 exports.PRIORITY_LEVEL = PRIORITY_LEVEL;
 exports.PRODUCT_TYPE = PRODUCT_TYPE;
+exports.PROVIDERTYPE = PROVIDERTYPE;
 exports.PROVIDER_PRODUCT_STATUS = PROVIDER_PRODUCT_STATUS;
 exports.PUB_SUB_EVENT = PUB_SUB_EVENT;
 exports.PhoneSchema = PhoneSchema;
@@ -9292,6 +9354,7 @@ exports.ROUTING_STRATEGY = ROUTING_STRATEGY;
 exports.RTT_THRESHOLDS = RTT_THRESHOLDS;
 exports.SECURITY_THREAT_TYPE = SECURITY_THREAT_TYPE;
 exports.SERVICE_KEYS = SERVICE_KEYS;
+exports.SESSIONSTATUS = SESSIONSTATUS;
 exports.SIGNATURE_METHOD = SIGNATURE_METHOD;
 exports.SORT_DIRECTION = SORT_DIRECTION;
 exports.SPEED_THRESHOLDS = SPEED_THRESHOLDS;
@@ -9332,6 +9395,7 @@ exports.TEMPLATE_DOCUMENT_TYPE_SCHEMA = TEMPLATE_DOCUMENT_TYPE_SCHEMA;
 exports.TEMPLATE_OUTPUT_FORMAT = TEMPLATE_OUTPUT_FORMAT;
 exports.TEMPLATE_VARIABLE_TYPE = TEMPLATE_VARIABLE_TYPE;
 exports.TEMPLATE_VARIABLE_TYPE_SCHEMA = TEMPLATE_VARIABLE_TYPE_SCHEMA;
+exports.TOKENTYPE = TOKENTYPE;
 exports.TOKEN_TYPE = TOKEN_TYPE;
 exports.TRACKING_PHASES = TRACKING_PHASES;
 exports.TRANSACTION_TYPE = TRANSACTION_TYPE;
@@ -9348,6 +9412,7 @@ exports.UNIFIED_OPERATIONS = UNIFIED_OPERATIONS;
 exports.UNIVERSAL_RUNTIMES = UNIVERSAL_RUNTIMES;
 exports.UPDATE_STRATEGIES = UPDATE_STRATEGIES;
 exports.UPLOAD_STATUS = UPLOAD_STATUS;
+exports.USERROLESTATUS = USERROLESTATUS;
 exports.USER_ROLE = USER_ROLE;
 exports.USER_ROLE_STATUS = USER_ROLE_STATUS;
 exports.USER_STATUS = USER_STATUS;