@rovela-ai/sdk 0.1.2 → 0.1.3

package/dist/auth/server/password-reset-service.js

@@ -0,0 +1,236 @@
+"use strict";
+/**
+ * @rovela/sdk/auth/server/password-reset-service
+ *
+ * Password reset token management.
+ * Handles creating, validating, and using reset tokens.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requestPasswordReset = requestPasswordReset;
+exports.validateResetToken = validateResetToken;
+exports.resetPassword = resetPassword;
+exports.deletePasswordResetTokens = deletePasswordResetTokens;
+exports.cleanupExpiredResetTokens = cleanupExpiredResetTokens;
+const drizzle_orm_1 = require("drizzle-orm");
+const nanoid_1 = require("nanoid");
+const client_1 = require("../../core/db/client");
+const schema = __importStar(require("../../core/db/schema"));
+const customer_service_1 = require("./customer-service");
+const email_sender_1 = require("./email-sender");
+// =============================================================================
+// Constants
+// =============================================================================
+/**
+ * Password reset token expiry time in milliseconds (1 hour).
+ * Shorter than verification tokens for security.
+ */
+const TOKEN_EXPIRY_MS = 60 * 60 * 1000;
+/**
+ * Token length (URL-safe).
+ */
+const TOKEN_LENGTH = 32;
+// =============================================================================
+// Token Management
+// =============================================================================
+/**
+ * Request a password reset for a customer.
+ * Creates a token and sends reset email.
+ *
+ * Note: Always returns success to prevent email enumeration attacks.
+ *
+ * @param email - Customer email address
+ * @returns Always returns success (security best practice)
+ *
+ * @example
+ * ```typescript
+ * const result = await requestPasswordReset('customer@example.com')
+ * // Always show "If an account exists, we've sent a reset email"
+ * ```
+ */
+async function requestPasswordReset(email) {
+    // Find customer by email
+    const customer = await (0, customer_service_1.findCustomerByEmail)(email);
+    if (!customer) {
+        // Don't reveal if email exists - return success anyway
+        return { success: true };
+    }
+    // Delete any existing reset tokens for this customer
+    await deletePasswordResetTokens(customer.id);
+    // Generate new token
+    const db = (0, client_1.getDb)();
+    const tenantId = (0, client_1.getTenantId)();
+    const token = (0, nanoid_1.nanoid)(TOKEN_LENGTH);
+    const expires = new Date(Date.now() + TOKEN_EXPIRY_MS);
+    await db.insert(schema.customerPasswordResetTokens).values({
+        tenantId,
+        customerId: customer.id,
+        token,
+        expires,
+    });
+    // Send reset email (don't wait, but log errors)
+    const storeName = (0, email_sender_1.getStoreName)();
+    (0, email_sender_1.sendPasswordResetEmail)(email, token, storeName).catch((error) => {
+        console.error('[Auth Reset] Failed to send password reset email:', error);
+    });
+    return { success: true };
+}
+/**
+ * Validate a password reset token.
+ * Does NOT consume the token - use resetPassword() for that.
+ *
+ * @param token - Reset token from email link
+ * @returns Validation result
+ *
+ * @example
+ * ```typescript
+ * const result = await validateResetToken(token)
+ * if (result.valid) {
+ *   // Show password reset form
+ * } else {
+ *   // Show error message
+ * }
+ * ```
+ */
+async function validateResetToken(token) {
+    const db = (0, client_1.getDb)();
+    // Find the token (not tenant-scoped since we only have the token)
+    const [tokenRecord] = await db
+        .select()
+        .from(schema.customerPasswordResetTokens)
+        .where((0, drizzle_orm_1.eq)(schema.customerPasswordResetTokens.token, token))
+        .limit(1);
+    if (!tokenRecord) {
+        return {
+            valid: false,
+            error: 'Invalid or expired reset link. Please request a new one.',
+        };
+    }
+    // Check if token has expired
+    if (new Date() > tokenRecord.expires) {
+        // Clean up expired token
+        await db
+            .delete(schema.customerPasswordResetTokens)
+            .where((0, drizzle_orm_1.eq)(schema.customerPasswordResetTokens.id, tokenRecord.id));
+        return {
+            valid: false,
+            error: 'Reset link has expired. Please request a new one.',
+        };
+    }
+    return { valid: true };
+}
+/**
+ * Reset password using a token.
+ * Validates the token, updates the password, and deletes the token.
+ *
+ * @param token - Reset token from email link
+ * @param newPassword - New password (plain text, will be hashed)
+ * @returns Reset result
+ *
+ * @example
+ * ```typescript
+ * const result = await resetPassword(token, 'newSecurePassword123')
+ * if (result.success) {
+ *   // Redirect to login
+ * } else {
+ *   // Show error
+ * }
+ * ```
+ */
+async function resetPassword(token, newPassword) {
+    const db = (0, client_1.getDb)();
+    // Find the token
+    const [tokenRecord] = await db
+        .select()
+        .from(schema.customerPasswordResetTokens)
+        .where((0, drizzle_orm_1.eq)(schema.customerPasswordResetTokens.token, token))
+        .limit(1);
+    if (!tokenRecord) {
+        return {
+            success: false,
+            error: 'Invalid or expired reset link. Please request a new one.',
+        };
+    }
+    // Check if token has expired
+    if (new Date() > tokenRecord.expires) {
+        // Clean up expired token
+        await db
+            .delete(schema.customerPasswordResetTokens)
+            .where((0, drizzle_orm_1.eq)(schema.customerPasswordResetTokens.id, tokenRecord.id));
+        return {
+            success: false,
+            error: 'Reset link has expired. Please request a new one.',
+        };
+    }
+    // Update the customer's password
+    await (0, customer_service_1.updateCustomerPassword)(tokenRecord.customerId, newPassword);
+    // Delete all reset tokens for this customer
+    await db
+        .delete(schema.customerPasswordResetTokens)
+        .where((0, drizzle_orm_1.eq)(schema.customerPasswordResetTokens.customerId, tokenRecord.customerId));
+    return { success: true };
+}
+/**
+ * Delete all password reset tokens for a customer.
+ *
+ * @param customerId - Customer UUID
+ *
+ * @example
+ * ```typescript
+ * await deletePasswordResetTokens(customerId)
+ * ```
+ */
+async function deletePasswordResetTokens(customerId) {
+    const db = (0, client_1.getDb)();
+    const tenantId = (0, client_1.getTenantId)();
+    await db
+        .delete(schema.customerPasswordResetTokens)
+        .where((0, drizzle_orm_1.and)((0, drizzle_orm_1.eq)(schema.customerPasswordResetTokens.tenantId, tenantId), (0, drizzle_orm_1.eq)(schema.customerPasswordResetTokens.customerId, customerId)));
+}
+/**
+ * Clean up expired password reset tokens.
+ * Should be called periodically (e.g., via cron job).
+ *
+ * @returns Number of tokens deleted
+ */
+async function cleanupExpiredResetTokens() {
+    const db = (0, client_1.getDb)();
+    const result = await db
+        .delete(schema.customerPasswordResetTokens)
+        .where((0, drizzle_orm_1.lt)(schema.customerPasswordResetTokens.expires, new Date()))
+        .returning({ id: schema.customerPasswordResetTokens.id });
+    return result.length;
+}
+//# sourceMappingURL=password-reset-service.js.map

package/dist/auth/server/password-reset-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password-reset-service.js","sourceRoot":"","sources":["../../../src/auth/server/password-reset-service.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2CH,oDAkCC;AAmBD,gDAkCC;AAoBD,sCA+CC;AAYD,8DAcC;AAQD,8DASC;AA9OD,6CAAyC;AACzC,mCAA+B;AAC/B,iDAAyD;AACzD,6DAA8C;AAC9C,yDAAgF;AAChF,iDAAqE;AAErE,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;AAEtC;;GAEG;AACH,MAAM,YAAY,GAAG,EAAE,CAAA;AAEvB,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;;;;;;;;;;;;;GAcG;AACI,KAAK,UAAU,oBAAoB,CAAC,KAAa;IAGtD,yBAAyB;IACzB,MAAM,QAAQ,GAAG,MAAM,IAAA,sCAAmB,EAAC,KAAK,CAAC,CAAA;IAEjD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,uDAAuD;QACvD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;IAC1B,CAAC;IAED,qDAAqD;IACrD,MAAM,yBAAyB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;IAE5C,qBAAqB;IACrB,MAAM,EAAE,GAAG,IAAA,cAAK,GAAE,CAAA;IAClB,MAAM,QAAQ,GAAG,IAAA,oBAAW,GAAE,CAAA;IAC9B,MAAM,KAAK,GAAG,IAAA,eAAM,EAAC,YAAY,CAAC,CAAA;IAClC,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC,CAAA;IAEtD,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,2BAA2B,CAAC,CAAC,MAAM,CAAC;QACzD,QAAQ;QACR,UAAU,EAAE,QAAQ,CAAC,EAAE;QACvB,KAAK;QACL,OAAO;KACR,CAAC,CAAA;IAEF,gDAAgD;IAChD,MAAM,SAAS,GAAG,IAAA,2BAAY,GAAE,CAAA;IAChC,IAAA,qCAAsB,EAAC,KAAK,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;QAC9D,OAAO,CAAC,KAAK,CAAC,mDAAmD,EAAE,KAAK,CAAC,CAAA;IAC3E,CAAC,CAAC,CAAA;IAEF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;AAC1B,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACI,KAAK,UAAU,kBAAkB,CAAC,KAAa;IAIpD,MAAM,EAAE,GAAG,IAAA,cAAK,GAAE,CAAA;IAElB,kEAAkE;IAClE,MAAM,CAAC,WAAW,CAAC,GAAG,MAAM,EAAE;SAC3B,MAAM,EAAE;SACR,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC;SACxC,KAAK,CAAC,IAAA,gBAAE,EAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;SAC1D,KAAK,CAAC,CAAC,CAAC,CAAA;IAEX,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,0DAA0D;SAClE,CAAA;IACH,CAAC;IAED,6BAA6B;IAC7B,IAAI,IAAI,IAAI,EAAE,GAAG,WAAW,CAAC,OAAO,EAAE,CAAC;QACrC,yBAAyB;QACzB,MAAM,EAAE;aACL,MAAM,CAAC,MAAM,CAAC,2BAA2B,CAAC;aAC1C,KAAK,CAAC,IAAA,gBAAE,EAAC,MAAM,CAAC,2BAA2B,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;QAEnE,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,mDAAmD;SAC3D,CAAA;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;AACxB,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACI,KAAK,UAAU,aAAa,CACjC,KAAa,EACb,WAAmB;IAKnB,MAAM,EAAE,GAAG,IAAA,cAAK,GAAE,CAAA;IAElB,iBAAiB;IACjB,MAAM,CAAC,WAAW,CAAC,GAAG,MAAM,EAAE;SAC3B,MAAM,EAAE;SACR,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC;SACxC,KAAK,CAAC,IAAA,gBAAE,EAAC,MAAM,CAAC,2BAA2B,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;SAC1D,KAAK,CAAC,CAAC,CAAC,CAAA;IAEX,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,0DAA0D;SAClE,CAAA;IACH,CAAC;IAED,6BAA6B;IAC7B,IAAI,IAAI,IAAI,EAAE,GAAG,WAAW,CAAC,OAAO,EAAE,CAAC;QACrC,yBAAyB;QACzB,MAAM,EAAE;aACL,MAAM,CAAC,MAAM,CAAC,2BAA2B,CAAC;aAC1C,KAAK,CAAC,IAAA,gBAAE,EAAC,MAAM,CAAC,2BAA2B,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;QAEnE,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,mDAAmD;SAC3D,CAAA;IACH,CAAC;IAED,iCAAiC;IACjC,MAAM,IAAA,yCAAsB,EAAC,WAAW,CAAC,UAAU,EAAE,WAAW,CAAC,CAAA;IAEjE,4CAA4C;IAC5C,MAAM,EAAE;SACL,MAAM,CAAC,MAAM,CAAC,2BAA2B,CAAC;SAC1C,KAAK,CACJ,IAAA,gBAAE,EAAC,MAAM,CAAC,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,UAAU,CAAC,CAC1E,CAAA;IAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;AAC1B,CAAC;AAED;;;;;;;;;GASG;AACI,KAAK,UAAU,yBAAyB,CAC7C,UAAkB;IAElB,MAAM,EAAE,GAAG,IAAA,cAAK,GAAE,CAAA;IAClB,MAAM,QAAQ,GAAG,IAAA,oBAAW,GAAE,CAAA;IAE9B,MAAM,EAAE;SACL,MAAM,CAAC,MAAM,CAAC,2BAA2B,CAAC;SAC1C,KAAK,CACJ,IAAA,iBAAG,EACD,IAAA,gBAAE,EAAC,MAAM,CAAC,2BAA2B,CAAC,QAAQ,EAAE,QAAQ,CAAC,EACzD,IAAA,gBAAE,EAAC,MAAM,CAAC,2BAA2B,CAAC,UAAU,EAAE,UAAU,CAAC,CAC9D,CACF,CAAA;AACL,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,yBAAyB;IAC7C,MAAM,EAAE,GAAG,IAAA,cAAK,GAAE,CAAA;IAElB,MAAM,MAAM,GAAG,MAAM,EAAE;SACpB,MAAM,CAAC,MAAM,CAAC,2BAA2B,CAAC;SAC1C,KAAK,CAAC,IAAA,gBAAE,EAAC,MAAM,CAAC,2BAA2B,CAAC,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;SACjE,SAAS,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,2BAA2B,CAAC,EAAE,EAAE,CAAC,CAAA;IAE3D,OAAO,MAAM,CAAC,MAAM,CAAA;AACtB,CAAC"}

package/dist/auth/server/password.d.ts

@@ -0,0 +1,58 @@
+/**
+ * @rovela/sdk/auth/server/password
+ *
+ * Password hashing and verification utilities.
+ * Uses bcryptjs with 12 salt rounds for security.
+ */
+/**
+ * Minimum password length required.
+ */
+export declare const MIN_PASSWORD_LENGTH = 8;
+/**
+ * Hash a password using bcrypt.
+ *
+ * @param password - Plain text password to hash
+ * @returns Hashed password string
+ *
+ * @example
+ * ```typescript
+ * const hash = await hashPassword('mySecurePassword123')
+ * // Store hash in database
+ * ```
+ */
+export declare function hashPassword(password: string): Promise<string>;
+/**
+ * Verify a password against a hash.
+ *
+ * @param password - Plain text password to verify
+ * @param hashedPassword - Hashed password from database
+ * @returns True if password matches, false otherwise
+ *
+ * @example
+ * ```typescript
+ * const isValid = await verifyPassword('mySecurePassword123', storedHash)
+ * if (!isValid) {
+ *   throw new Error('Invalid password')
+ * }
+ * ```
+ */
+export declare function verifyPassword(password: string, hashedPassword: string): Promise<boolean>;
+/**
+ * Validate password strength.
+ *
+ * @param password - Password to validate
+ * @returns Object with valid flag and optional error message
+ *
+ * @example
+ * ```typescript
+ * const result = validatePassword('short')
+ * if (!result.valid) {
+ *   console.error(result.error) // "Password must be at least 8 characters"
+ * }
+ * ```
+ */
+export declare function validatePassword(password: string): {
+    valid: boolean;
+    error?: string;
+};
+//# sourceMappingURL=password.d.ts.map

package/dist/auth/server/password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../../src/auth/server/password.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAcH;;GAEG;AACH,eAAO,MAAM,mBAAmB,IAAI,CAAA;AAMpC;;;;;;;;;;;GAWG;AACH,wBAAsB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAEpE;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,OAAO,CAAC,CAElB;AAMD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG;IAClD,KAAK,EAAE,OAAO,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAaA"}

package/dist/auth/server/password.js

@@ -0,0 +1,94 @@
+"use strict";
+/**
+ * @rovela/sdk/auth/server/password
+ *
+ * Password hashing and verification utilities.
+ * Uses bcryptjs with 12 salt rounds for security.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MIN_PASSWORD_LENGTH = void 0;
+exports.hashPassword = hashPassword;
+exports.verifyPassword = verifyPassword;
+exports.validatePassword = validatePassword;
+const bcryptjs_1 = __importDefault(require("bcryptjs"));
+// =============================================================================
+// Constants
+// =============================================================================
+/**
+ * Number of salt rounds for bcrypt.
+ * 12 rounds provides a good balance of security and performance.
+ */
+const SALT_ROUNDS = 12;
+/**
+ * Minimum password length required.
+ */
+exports.MIN_PASSWORD_LENGTH = 8;
+// =============================================================================
+// Password Hashing
+// =============================================================================
+/**
+ * Hash a password using bcrypt.
+ *
+ * @param password - Plain text password to hash
+ * @returns Hashed password string
+ *
+ * @example
+ * ```typescript
+ * const hash = await hashPassword('mySecurePassword123')
+ * // Store hash in database
+ * ```
+ */
+async function hashPassword(password) {
+    return bcryptjs_1.default.hash(password, SALT_ROUNDS);
+}
+/**
+ * Verify a password against a hash.
+ *
+ * @param password - Plain text password to verify
+ * @param hashedPassword - Hashed password from database
+ * @returns True if password matches, false otherwise
+ *
+ * @example
+ * ```typescript
+ * const isValid = await verifyPassword('mySecurePassword123', storedHash)
+ * if (!isValid) {
+ *   throw new Error('Invalid password')
+ * }
+ * ```
+ */
+async function verifyPassword(password, hashedPassword) {
+    return bcryptjs_1.default.compare(password, hashedPassword);
+}
+// =============================================================================
+// Password Validation
+// =============================================================================
+/**
+ * Validate password strength.
+ *
+ * @param password - Password to validate
+ * @returns Object with valid flag and optional error message
+ *
+ * @example
+ * ```typescript
+ * const result = validatePassword('short')
+ * if (!result.valid) {
+ *   console.error(result.error) // "Password must be at least 8 characters"
+ * }
+ * ```
+ */
+function validatePassword(password) {
+    if (!password) {
+        return { valid: false, error: 'Password is required' };
+    }
+    if (password.length < exports.MIN_PASSWORD_LENGTH) {
+        return {
+            valid: false,
+            error: `Password must be at least ${exports.MIN_PASSWORD_LENGTH} characters`,
+        };
+    }
+    return { valid: true };
+}
+//# sourceMappingURL=password.js.map

package/dist/auth/server/password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.js","sourceRoot":"","sources":["../../../src/auth/server/password.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;AAmCH,oCAEC;AAiBD,wCAKC;AAoBD,4CAgBC;AA7FD,wDAA6B;AAE7B,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,WAAW,GAAG,EAAE,CAAA;AAEtB;;GAEG;AACU,QAAA,mBAAmB,GAAG,CAAC,CAAA;AAEpC,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,YAAY,CAAC,QAAgB;IACjD,OAAO,kBAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;AAC3C,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACI,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,cAAsB;IAEtB,OAAO,kBAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;AACjD,CAAC;AAED,gFAAgF;AAChF,sBAAsB;AACtB,gFAAgF;AAEhF;;;;;;;;;;;;;GAaG;AACH,SAAgB,gBAAgB,CAAC,QAAgB;IAI/C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAA;IACxD,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,GAAG,2BAAmB,EAAE,CAAC;QAC1C,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,6BAA6B,2BAAmB,aAAa;SACrE,CAAA;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;AACxB,CAAC"}

package/dist/auth/server/verification-service.d.ts

@@ -0,0 +1,87 @@
+/**
+ * @rovela/sdk/auth/server/verification-service
+ *
+ * Email verification token management.
+ * Handles creating, validating, and cleaning up verification tokens.
+ */
+/**
+ * Create a verification token for a customer.
+ * Deletes any existing tokens for the customer first.
+ *
+ * @param customerId - Customer UUID
+ * @returns The verification token
+ *
+ * @example
+ * ```typescript
+ * const token = await createVerificationToken(customerId)
+ * // Use token in verification email link
+ * ```
+ */
+export declare function createVerificationToken(customerId: string): Promise<string>;
+/**
+ * Verify email using a token.
+ * Marks the customer's email as verified if token is valid.
+ *
+ * @param token - Verification token from email link
+ * @returns Verification result
+ *
+ * @example
+ * ```typescript
+ * const result = await verifyEmail(token)
+ * if (result.success) {
+ *   console.log('Email verified for customer:', result.customerId)
+ * } else {
+ *   console.error('Verification failed:', result.error)
+ * }
+ * ```
+ */
+export declare function verifyEmail(token: string): Promise<{
+    success: boolean;
+    customerId?: string;
+    error?: string;
+}>;
+/**
+ * Delete all verification tokens for a customer.
+ *
+ * @param customerId - Customer UUID
+ *
+ * @example
+ * ```typescript
+ * await deleteVerificationTokens(customerId)
+ * ```
+ */
+export declare function deleteVerificationTokens(customerId: string): Promise<void>;
+/**
+ * Resend verification email to a customer.
+ * Creates a new token and sends the email.
+ *
+ * @param email - Customer email address
+ * @returns Result with success status
+ *
+ * @example
+ * ```typescript
+ * const result = await resendVerificationEmail('customer@example.com')
+ * if (result.success) {
+ *   console.log('Verification email sent')
+ * }
+ * ```
+ */
+export declare function resendVerificationEmail(email: string): Promise<{
+    success: boolean;
+    error?: string;
+}>;
+/**
+ * Check if a customer's email is verified.
+ *
+ * @param customerId - Customer UUID
+ * @returns True if email is verified
+ */
+export declare function isEmailVerified(customerId: string): Promise<boolean>;
+/**
+ * Clean up expired verification tokens.
+ * Should be called periodically (e.g., via cron job).
+ *
+ * @returns Number of tokens deleted
+ */
+export declare function cleanupExpiredTokens(): Promise<number>;
+//# sourceMappingURL=verification-service.d.ts.map

package/dist/auth/server/verification-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verification-service.d.ts","sourceRoot":"","sources":["../../../src/auth/server/verification-service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA2BH;;;;;;;;;;;;GAYG;AACH,wBAAsB,uBAAuB,CAC3C,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,CAmBjB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACxD,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAC,CA6CD;AAED;;;;;;;;;GASG;AACH,wBAAsB,wBAAwB,CAC5C,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC,CAYf;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACpE,OAAO,EAAE,OAAO,CAAA;IAChB,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAC,CA+BD;AAED;;;;;GAKG;AACH,wBAAsB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAgB1E;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC,CAS5D"}