npm - @pubflow/core - Versions diffs - 0.4.1 → 0.4.2 - Mend

@pubflow/core 0.4.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/auth/two-factor.d.ts +55 -0
package/dist/auth/two-factor.js +108 -0
package/dist/auth/types.d.ts +75 -1
package/dist/index.d.ts +2 -1
package/dist/index.js +3 -1
package/dist/payments/types.d.ts +3 -1
package/package.json +1 -1

package/dist/auth/two-factor.d.ts ADDED Viewed

@@ -0,0 +1,55 @@
+/**
+ * Two-Factor Authentication Service
+ *
+ * Thin client over the multi-flowless /auth/two_factor/* endpoints.
+ * All network calls delegate to ApiClient so session cookies are
+ * forwarded automatically.
+ */
+import { ApiClient } from '../api/client';
+import { PubflowInstanceConfig } from '../types';
+import type { TwoFactorMethod, TwoFactorSystemInfo, TwoFactorStartResult, TwoFactorVerifyResult, TwoFactorSetupResult, TwoFactorToggleResult } from './types';
+export declare class TwoFactorService {
+    private apiClient;
+    private basePath;
+    constructor(apiClient: ApiClient, config: PubflowInstanceConfig);
+    /**
+     * GET /auth/two_factor/system
+     * Returns system-level 2FA availability (no auth needed).
+     */
+    getSystem(): Promise<TwoFactorSystemInfo>;
+    /**
+     * GET /auth/two_factor/methods
+     * Returns the authenticated user's configured 2FA methods.
+     */
+    getMethods(): Promise<TwoFactorMethod[]>;
+    /**
+     * POST /auth/two_factor/:method/setup
+     * Begin setup for a 2FA method (email or sms).
+     */
+    setup(method: string, identifier: string): Promise<TwoFactorSetupResult>;
+    /**
+     * POST /auth/two_factor/:method/start
+     * (Re-)send a verification code for an existing method.
+     * Accepts BOTH active and pending sessions (used during login flow).
+     */
+    start(methodId: string, method: string, action?: string): Promise<TwoFactorStartResult>;
+    /**
+     * POST /auth/two_factor/verify
+     * Verify a 2FA code. For action='login' the pending session becomes active.
+     */
+    verify(methodId: string, code: string, action?: string): Promise<TwoFactorVerifyResult>;
+    /**
+     * POST /auth/two_factor/toggle
+     * Enable or disable 2FA for the current user.
+     */
+    toggle(enabled: boolean, verificationCode?: string, verificationMethodId?: string): Promise<TwoFactorToggleResult>;
+    /**
+     * DELETE /auth/two_factor/:id
+     * Remove a 2FA method. Requires verification via another active method.
+     */
+    removeMethod(methodId: string, verificationCode: string, verificationMethodId: string): Promise<{
+        success: boolean;
+        message?: string;
+        error?: string;
+    }>;
+}

package/dist/auth/two-factor.js ADDED Viewed

@@ -0,0 +1,108 @@
+"use strict";
+/**
+ * Two-Factor Authentication Service
+ *
+ * Thin client over the multi-flowless /auth/two_factor/* endpoints.
+ * All network calls delegate to ApiClient so session cookies are
+ * forwarded automatically.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TwoFactorService = void 0;
+class TwoFactorService {
+    constructor(apiClient, config) {
+        this.apiClient = apiClient;
+        this.basePath = `${config.authBasePath || '/auth'}/two_factor`;
+    }
+    // ─── Public (no auth) ──────────────────────────────────────────────────────
+    /**
+     * GET /auth/two_factor/system
+     * Returns system-level 2FA availability (no auth needed).
+     */
+    async getSystem() {
+        const res = await this.apiClient.get(`${this.basePath}/system`, { includeSession: false });
+        if (res.success && res.data)
+            return res.data;
+        return { global_two_factor_enabled: false, available_methods: [] };
+    }
+    // ─── User methods ──────────────────────────────────────────────────────────
+    /**
+     * GET /auth/two_factor/methods
+     * Returns the authenticated user's configured 2FA methods.
+     */
+    async getMethods() {
+        var _a;
+        const res = await this.apiClient.get(`${this.basePath}/methods`);
+        if (res.success && res.data)
+            return (_a = res.data.methods) !== null && _a !== void 0 ? _a : [];
+        return [];
+    }
+    // ─── Setup ────────────────────────────────────────────────────────────────
+    /**
+     * POST /auth/two_factor/:method/setup
+     * Begin setup for a 2FA method (email or sms).
+     */
+    async setup(method, identifier) {
+        const res = await this.apiClient.post(`${this.basePath}/${method}/setup`, { identifier });
+        if (res.success && res.data)
+            return res.data;
+        return { success: false, error: res.error || 'Setup failed' };
+    }
+    // ─── Start / Re-send ───────────────────────────────────────────────────────
+    /**
+     * POST /auth/two_factor/:method/start
+     * (Re-)send a verification code for an existing method.
+     * Accepts BOTH active and pending sessions (used during login flow).
+     */
+    async start(methodId, method, action = 'login') {
+        const res = await this.apiClient.post(`${this.basePath}/${method}/start`, { method_id: methodId, action });
+        if (res.success && res.data)
+            return res.data;
+        return { success: false, error: res.error || 'Failed to send code' };
+    }
+    // ─── Verify ───────────────────────────────────────────────────────────────
+    /**
+     * POST /auth/two_factor/verify
+     * Verify a 2FA code. For action='login' the pending session becomes active.
+     */
+    async verify(methodId, code, action = 'login') {
+        const res = await this.apiClient.post(`${this.basePath}/verify`, { method_id: methodId, code, action });
+        if (res.success && res.data)
+            return res.data;
+        // The server may return 400 with body even on wrong code — surface it
+        return {
+            success: false,
+            verified: false,
+            error: res.error || 'Verification failed',
+        };
+    }
+    // ─── Toggle ───────────────────────────────────────────────────────────────
+    /**
+     * POST /auth/two_factor/toggle
+     * Enable or disable 2FA for the current user.
+     */
+    async toggle(enabled, verificationCode, verificationMethodId) {
+        const res = await this.apiClient.post(`${this.basePath}/toggle`, {
+            two_factor_enabled: enabled,
+            ...(verificationCode && { verification_code: verificationCode }),
+            ...(verificationMethodId && { verification_method_id: verificationMethodId }),
+        });
+        if (res.success && res.data)
+            return res.data;
+        return { success: false, error: res.error || 'Toggle failed' };
+    }
+    // ─── Remove ───────────────────────────────────────────────────────────────
+    /**
+     * DELETE /auth/two_factor/:id
+     * Remove a 2FA method. Requires verification via another active method.
+     */
+    async removeMethod(methodId, verificationCode, verificationMethodId) {
+        const res = await this.apiClient.request(`${this.basePath}/${methodId}`, 'DELETE', {
+            verification_code: verificationCode,
+            verification_method_id: verificationMethodId,
+        });
+        if (res.success && res.data)
+            return res.data;
+        return { success: false, error: res.error || 'Remove failed' };
+    }
+}
+exports.TwoFactorService = TwoFactorService;

package/dist/auth/types.d.ts CHANGED Viewed

@@ -30,7 +30,7 @@ export interface LoginResult {
      */
     success: boolean;
     /**
-     * User data (only present if success is true)
+     * User data (only present if success is true and 2FA is not required)
      */
     user?: User;
     /**
@@ -41,6 +41,16 @@ export interface LoginResult {
      * Error message (only present if success is false)
      */
     error?: string;
+    /**
+     * Whether 2FA verification is required to complete login.
+     * When true, the session is in "pending" status and must be
+     * activated via POST /auth/two_factor/verify.
+     */
+    requires2fa?: boolean;
+    /**
+     * Available 2FA methods the user has configured (present when requires2fa is true)
+     */
+    availableMethods?: TwoFactorMethod[];
 }
 /**
  * Result of a session validation
@@ -248,3 +258,67 @@ export interface RefreshResponse {
      */
     error?: string;
 }
+/**
+ * A 2FA method configured by the user
+ */
+export interface TwoFactorMethod {
+    id: string;
+    method: 'email' | 'sms' | 'totp' | string;
+    status: 'pending_setup' | 'active' | string;
+    identifier?: string | null;
+    last_used_at?: string | null;
+    created_at?: string;
+}
+/**
+ * System-level 2FA information (public endpoint)
+ */
+export interface TwoFactorSystemInfo {
+    global_two_factor_enabled: boolean;
+    available_methods: string[];
+}
+/**
+ * Result of starting a 2FA verification (sending a code)
+ */
+export interface TwoFactorStartResult {
+    success: boolean;
+    method?: string;
+    verification_sent?: boolean;
+    expires_in?: number;
+    message?: string;
+    error?: string;
+}
+/**
+ * Result of verifying a 2FA code
+ */
+export interface TwoFactorVerifyResult {
+    success: boolean;
+    verified?: boolean;
+    session_activated?: boolean;
+    expires_at?: string | null;
+    attempts_remaining?: number;
+    message?: string;
+    error?: string;
+}
+/**
+ * Result of setting up a new 2FA method
+ */
+export interface TwoFactorSetupResult {
+    success: boolean;
+    method_id?: string;
+    method?: string;
+    status?: string;
+    verification_sent?: boolean;
+    expires_in?: number;
+    message?: string;
+    error?: string;
+}
+/**
+ * Result of toggling 2FA for the user
+ */
+export interface TwoFactorToggleResult {
+    success: boolean;
+    two_factor_enabled?: boolean;
+    active_methods?: string[];
+    message?: string;
+    error?: string;
+}

package/dist/index.d.ts CHANGED Viewed

@@ -6,6 +6,7 @@
 export * from './api/client';
 export * from './api/types';
 export * from './auth/service';
+export { TwoFactorService } from './auth/two-factor';
 export * from './bridge/service';
 export * from './bridge/types';
 export * from './config';
@@ -13,7 +14,7 @@ export * from './schema/validator';
 export * from './storage/adapter';
 export type { User, SessionConfig, StorageConfig, PubflowInstanceConfig, PaginationMeta } from './types';
 export type { PubflowInstanceConfig as PubflowConfig } from './types';
-export type { LoginCredentials, LoginResult, SessionValidationResult, SessionRefreshResult, RegistrationData, RegistrationResult, PasswordResetRequestData, PasswordResetData, AuthResponse, SessionResponse, ValidationResponse, RefreshResponse } from './auth/types';
+export type { LoginCredentials, LoginResult, SessionValidationResult, SessionRefreshResult, RegistrationData, RegistrationResult, PasswordResetRequestData, PasswordResetData, AuthResponse, SessionResponse, ValidationResponse, RefreshResponse, TwoFactorMethod, TwoFactorSystemInfo, TwoFactorStartResult, TwoFactorVerifyResult, TwoFactorSetupResult, TwoFactorToggleResult, } from './auth/types';
 export { ApiClient } from './api/client';
 export { AuthService } from './auth/service';
 export { StorageAdapter } from './storage/adapter';

package/dist/index.js CHANGED Viewed

@@ -19,12 +19,14 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.BridgePaymentClient = exports.AuthService = exports.ApiClient = void 0;
+exports.BridgePaymentClient = exports.AuthService = exports.ApiClient = exports.TwoFactorService = void 0;
 // Export API
 __exportStar(require("./api/client"), exports);
 __exportStar(require("./api/types"), exports);
 // Export Auth
 __exportStar(require("./auth/service"), exports);
+var two_factor_1 = require("./auth/two-factor");
+Object.defineProperty(exports, "TwoFactorService", { enumerable: true, get: function () { return two_factor_1.TwoFactorService; } });
 // Export Bridge
 __exportStar(require("./bridge/service"), exports);
 __exportStar(require("./bridge/types"), exports);

package/dist/payments/types.d.ts CHANGED Viewed

@@ -153,7 +153,7 @@ export interface UpdatePaymentMethodRequest {
 /**
  * Address type
  */
-export type AddressType = 'billing' | 'shipping';
+export type AddressType = 'billing' | 'shipping' | 'both';
 /**
  * Address response
  */
@@ -171,6 +171,7 @@ export interface Address {
     postal_code: string;
     country: string;
     phone?: string;
+    email?: string;
     is_default: boolean;
     created_at: string;
     updated_at: string;
@@ -188,6 +189,7 @@ export interface CreateAddressRequest {
     postal_code: string;
     country: string;
     phone?: string;
+    email?: string;
     is_default?: boolean;
 }
 /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pubflow/core",
-  "version": "0.4.1",
+  "version": "0.4.2",
   "description": "Core functionality for Pubflow framework",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",