npm - @spfn/auth - Versions diffs - 0.2.0-beta.1 → 0.2.0-beta.11 - Mend

@spfn/auth 0.2.0-beta.1 → 0.2.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md +169 -168
package/dist/{dto-81uR9gzF.d.ts → authenticate-CU6_zQaa.d.ts} +184 -169
package/dist/config.d.ts +4 -0
package/dist/config.js +4 -0
package/dist/config.js.map +1 -1
package/dist/index.d.ts +146 -119
package/dist/index.js +24 -1
package/dist/index.js.map +1 -1
package/dist/nextjs/api.js +1 -1
package/dist/nextjs/api.js.map +1 -1
package/dist/nextjs/server.js +0 -2
package/dist/nextjs/server.js.map +1 -1
package/dist/server.d.ts +171 -403
package/dist/server.js +217 -461
package/dist/server.js.map +1 -1
package/migrations/0000_premium_famine.sql +292 -0
package/migrations/meta/0000_snapshot.json +1 -1
package/migrations/meta/_journal.json +2 -2
package/package.json +8 -11
package/migrations/0000_mysterious_colossus.sql +0 -197

package/dist/server.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
-import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, q as AuthContext } from './dto-81uR9gzF.js';
-export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, X as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, Z as PasswordSchema, Y as PhoneSchema, x as RegisterParams, O as RegisterPublicKeyParams, a as RegisterResult, T as RevokeKeyParams, Q as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, p as SocialProvider, _ as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, $ as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, W as authenticate, v as changePasswordService, r as checkAccountExistsService, t as loginService, u as logoutService, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './dto-81uR9gzF.js';
+import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, q as AuthContext } from './authenticate-CU6_zQaa.js';
+export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, X as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, Z as PasswordSchema, Y as PhoneSchema, x as RegisterParams, O as RegisterPublicKeyParams, a as RegisterResult, T as RevokeKeyParams, Q as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, p as SocialProvider, _ as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, $ as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, W as authenticate, v as changePasswordService, r as checkAccountExistsService, t as loginService, u as logoutService, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './authenticate-CU6_zQaa.js';
 import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
-import { UserProfile as UserProfile$1 } from '@spfn/auth';
+import { UserProfile as UserProfile$1, ProfileInfo } from '@spfn/auth';
 import { BaseRepository } from '@spfn/core/db';
 import { Context } from 'hono';
 import * as _spfn_core_route from '@spfn/core/route';
@@ -406,6 +406,19 @@ declare function hasAnyPermission(userId: string | number | bigint, permissionNa
  * ```
  */
 declare function hasAllPermissions(userId: string | number | bigint, permissionNames: string[]): Promise<boolean>;
+/**
+ * Get user's role name
+ *
+ * @param userId - User ID
+ * @returns Role name or null if user has no role
+ *
+ * @example
+ * ```typescript
+ * const role = await getUserRole('123');
+ * // 'admin' or null
+ * ```
+ */
+declare function getUserRole(userId: string | number | bigint): Promise<string | null>;
 /**
  * Check if user has a specific role
  *
@@ -1242,7 +1255,7 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
         id: number;
         name: string;
         displayName: string;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
     }[];
     userId: number;
     email: string | null;
@@ -1253,10 +1266,30 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
 /**
  * @spfn/auth - User Profile Service
  *
- * Service for retrieving user profile information
+ * Service for retrieving and updating user profile information
  * Returns full user info with profile data
  */
+/**
+ * Profile update parameters
+ * All fields are optional, empty string will be converted to null
+ */
+interface UpdateProfileParams {
+    displayName?: string;
+    firstName?: string;
+    lastName?: string;
+    avatarUrl?: string;
+    bio?: string;
+    locale?: string;
+    timezone?: string;
+    dateOfBirth?: string;
+    gender?: string;
+    website?: string;
+    location?: string;
+    company?: string;
+    jobTitle?: string;
+    metadata?: Record<string, any>;
+}
 /**
  * Get user profile information
  *
@@ -1272,369 +1305,26 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
  * ```
  */
 declare function getUserProfileService(userId: string | number | bigint): Promise<UserProfile$1>;
 /**
- * @spfn/auth - Email Template Types
+ * Update user profile (upsert)
  *
- * Type definitions for customizable email templates
- */
-/**
- * Common template result
- */
-interface EmailTemplateResult {
-    subject: string;
-    text: string;
-    html: string;
-}
-/**
- * Verification code template parameters
- */
-interface VerificationCodeParams {
-    code: string;
-    purpose: 'registration' | 'login' | 'password_reset' | string;
-    expiresInMinutes?: number;
-    appName?: string;
-}
-/**
- * Email template provider interface
- *
- * Implement this interface to create custom email templates
+ * Creates profile if not exists, updates if exists
+ * Empty strings are converted to null
  *
- * @example
- * ```typescript
- * import { registerEmailTemplates } from '@spfn/auth/server';
- *
- * registerEmailTemplates({
- *     verificationCode: (params) => ({
- *         subject: 'Your Code',
- *         text: `Code: ${params.code}`,
- *         html: `<h1>Code: ${params.code}</h1>`,
- *     }),
- * });
- * ```
- */
-interface EmailTemplateProvider {
-    /**
-     * Verification code email template
-     */
-    verificationCode?(params: VerificationCodeParams): EmailTemplateResult;
-    /**
-     * Welcome email template (after registration)
-     */
-    welcome?(params: {
-        email: string;
-        appName?: string;
-    }): EmailTemplateResult;
-    /**
-     * Password reset email template
-     */
-    passwordReset?(params: {
-        resetLink: string;
-        expiresInMinutes?: number;
-        appName?: string;
-    }): EmailTemplateResult;
-    /**
-     * Invitation email template
-     */
-    invitation?(params: {
-        inviteLink: string;
-        inviterName?: string;
-        roleName?: string;
-        appName?: string;
-    }): EmailTemplateResult;
-}
-/**
- * @spfn/auth - Email Template Registry
- *
- * Manages custom email template registration and fallback to defaults
- */
-/**
- * Register custom email templates
- *
- * Templates not provided will fall back to defaults
- *
- * @param templates - Custom template implementations
+ * @param userId - User ID
+ * @param params - Profile fields to update
+ * @returns Updated profile info
  *
  * @example
  * ```typescript
- * import { registerEmailTemplates } from '@spfn/auth/server';
- *
- * // Override verification code template with custom design
- * registerEmailTemplates({
- *     verificationCode: ({ code, purpose, expiresInMinutes }) => ({
- *         subject: `[MyApp] Your verification code`,
- *         text: `Your code is: ${code}`,
- *         html: `
- *             <div style="font-family: Arial;">
- *                 <h1>Welcome to MyApp!</h1>
- *                 <p>Your code: <strong>${code}</strong></p>
- *             </div>
- *         `,
- *     }),
+ * const profile = await updateUserProfileService(123, {
+ *     displayName: 'John Doe',
+ *     bio: 'Software Engineer',
+ *     location: '', // will be saved as null
  * });
  * ```
  */
-declare function registerEmailTemplates(templates: Partial<EmailTemplateProvider>): void;
-/**
- * Get verification code template
- *
- * Uses custom template if registered, otherwise falls back to default
- */
-declare function getVerificationCodeTemplate(params: VerificationCodeParams): EmailTemplateResult;
-/**
- * Get welcome template
- */
-declare function getWelcomeTemplate(params: {
-    email: string;
-    appName?: string;
-}): EmailTemplateResult;
-/**
- * Get password reset template
- */
-declare function getPasswordResetTemplate(params: {
-    resetLink: string;
-    expiresInMinutes?: number;
-    appName?: string;
-}): EmailTemplateResult;
-/**
- * Get invitation template
- */
-declare function getInvitationTemplate(params: {
-    inviteLink: string;
-    inviterName?: string;
-    roleName?: string;
-    appName?: string;
-}): EmailTemplateResult;
-/**
- * @spfn/auth - Email Service Types
- *
- * Type definitions for email sending service
- */
-/**
- * Parameters for sending email
- */
-interface SendEmailParams {
-    /**
-     * Recipient email address
-     */
-    to: string;
-    /**
-     * Email subject
-     */
-    subject: string;
-    /**
-     * Plain text content
-     */
-    text?: string;
-    /**
-     * HTML content
-     */
-    html?: string;
-    /**
-     * Purpose of the email (for logging)
-     */
-    purpose?: string;
-}
-/**
- * Result of sending email
- */
-interface SendEmailResult {
-    /**
-     * Whether email was sent successfully
-     */
-    success: boolean;
-    /**
-     * Message ID from email provider (if successful)
-     */
-    messageId?: string;
-    /**
-     * Error message (if failed)
-     */
-    error?: string;
-}
-/**
- * Email Provider Interface
- *
- * Implement this interface to create custom email providers
- *
- * @example
- * ```typescript
- * import { EmailProvider, registerEmailProvider } from '@spfn/auth/server/services/email';
- *
- * const sendgridProvider: EmailProvider = {
- *     name: 'sendgrid',
- *     sendEmail: async (params) => {
- *         // Your SendGrid implementation
- *         return { success: true, messageId: '...' };
- *     }
- * };
- *
- * registerEmailProvider(sendgridProvider);
- * ```
- */
-interface EmailProvider {
-    /**
-     * Provider name (e.g., 'aws-ses', 'sendgrid', 'custom')
-     */
-    name: string;
-    /**
-     * Send email via this provider
-     *
-     * @param params - Email parameters
-     * @returns Send result
-     */
-    sendEmail(params: SendEmailParams): Promise<SendEmailResult>;
-}
-/**
- * @spfn/auth - Email Provider Management
- *
- * Manages email provider registration and fallback behavior
- */
-/**
- * Register a custom email provider
- *
- * @param provider - Custom email provider implementation
- *
- * @example
- * ```typescript
- * import { registerEmailProvider } from '@spfn/auth/server/services/email';
- *
- * const sendgridProvider = {
- *     name: 'sendgrid',
- *     sendEmail: async (params) => {
- *         // SendGrid implementation
- *         return { success: true, messageId: '...' };
- *     }
- * };
- *
- * registerEmailProvider(sendgridProvider);
- * ```
- */
-declare function registerEmailProvider(provider: EmailProvider): void;
-/**
- * Send email using the registered provider
- *
- * Falls back to development mode (console only) if no provider is registered
- *
- * @param params - Email parameters
- * @returns Send result
- */
-declare function sendEmail(params: SendEmailParams): Promise<SendEmailResult>;
-/**
- * @spfn/auth - SMS Service Types
- *
- * Type definitions for SMS sending service
- */
-/**
- * Parameters for sending SMS
- */
-interface SendSMSParams {
-    /**
-     * Phone number in E.164 format (e.g., +821012345678)
-     */
-    phone: string;
-    /**
-     * SMS message content
-     */
-    message: string;
-    /**
-     * Purpose of the SMS (for logging)
-     */
-    purpose?: string;
-}
-/**
- * Result of sending SMS
- */
-interface SendSMSResult {
-    /**
-     * Whether SMS was sent successfully
-     */
-    success: boolean;
-    /**
-     * Message ID from SMS provider (if successful)
-     */
-    messageId?: string;
-    /**
-     * Error message (if failed)
-     */
-    error?: string;
-}
-/**
- * SMS Provider Interface
- *
- * Implement this interface to create custom SMS providers
- *
- * @example
- * ```typescript
- * import { SMSProvider, registerSMSProvider } from '@spfn/auth/server/services/sms';
- *
- * const twilioProvider: SMSProvider = {
- *     name: 'twilio',
- *     sendSMS: async (params) => {
- *         // Your Twilio implementation
- *         return { success: true, messageId: '...' };
- *     }
- * };
- *
- * registerSMSProvider(twilioProvider);
- * ```
- */
-interface SMSProvider {
-    /**
-     * Provider name (e.g., 'aws-sns', 'twilio', 'custom')
-     */
-    name: string;
-    /**
-     * Send SMS via this provider
-     *
-     * @param params - SMS parameters
-     * @returns Send result
-     */
-    sendSMS(params: SendSMSParams): Promise<SendSMSResult>;
-}
-/**
- * @spfn/auth - SMS Provider Management
- *
- * Manages SMS provider registration and fallback behavior
- */
-/**
- * Register a custom SMS provider
- *
- * @param provider - Custom SMS provider implementation
- *
- * @example
- * ```typescript
- * import { registerSMSProvider } from '@spfn/auth/server/services/sms';
- *
- * const twilioProvider = {
- *     name: 'twilio',
- *     sendSMS: async (params) => {
- *         // Twilio implementation
- *         return { success: true, messageId: '...' };
- *     }
- * };
- *
- * registerSMSProvider(twilioProvider);
- * ```
- */
-declare function registerSMSProvider(provider: SMSProvider): void;
-/**
- * Send SMS using the registered provider
- *
- * Falls back to development mode (console only) if no provider is registered
- *
- * @param params - SMS parameters
- * @returns Send result
- */
-declare function sendSMS(params: SendSMSParams): Promise<SendSMSResult>;
+declare function updateUserProfileService(userId: string | number | bigint, params: UpdateProfileParams): Promise<ProfileInfo>;
 /**
  * @spfn/auth - Database Schema Definition
@@ -2694,7 +2384,7 @@ declare const permissions: drizzle_orm_pg_core.PgTableWithColumns<{
             tableName: "permissions";
             dataType: "string";
             columnType: "PgText";
-            data: "custom" | "user" | "auth" | "rbac" | "system";
+            data: "auth" | "custom" | "user" | "rbac" | "system";
             driverParam: string;
             notNull: false;
             hasDefault: false;
@@ -3143,13 +2833,13 @@ declare class UsersRepository extends BaseRepository {
     create(data: NewUser): Promise<{
         email: string | null;
         phone: string | null;
-        status: "active" | "inactive" | "suspended";
         id: number;
-        createdAt: Date;
-        updatedAt: Date;
         passwordHash: string | null;
         passwordChangeRequired: boolean;
         roleId: number;
+        createdAt: Date;
+        updatedAt: Date;
+        status: "active" | "inactive" | "suspended";
         emailVerifiedAt: Date | null;
         phoneVerifiedAt: Date | null;
         lastLoginAt: Date | null;
@@ -3215,13 +2905,13 @@ declare class UsersRepository extends BaseRepository {
     deleteById(id: number): Promise<{
         email: string | null;
         phone: string | null;
-        status: "active" | "inactive" | "suspended";
         id: number;
-        createdAt: Date;
-        updatedAt: Date;
         passwordHash: string | null;
         passwordChangeRequired: boolean;
         roleId: number;
+        createdAt: Date;
+        updatedAt: Date;
+        status: "active" | "inactive" | "suspended";
         emailVerifiedAt: Date | null;
         phoneVerifiedAt: Date | null;
         lastLoginAt: Date | null;
@@ -3244,7 +2934,7 @@ declare class UsersRepository extends BaseRepository {
             id: number;
             name: string;
             displayName: string;
-            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
+            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
         }[];
     }>;
     /**
@@ -3354,16 +3044,16 @@ declare class KeysRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewUserPublicKey): Promise<{
-        userId: number;
+        publicKey: string;
         keyId: string;
+        fingerprint: string;
+        algorithm: "ES256" | "RS256";
+        userId: number;
         id: number;
         isActive: boolean;
         createdAt: Date;
-        publicKey: string;
-        algorithm: "ES256" | "RS256";
-        fingerprint: string;
-        lastUsedAt: Date | null;
         expiresAt: Date | null;
+        lastUsedAt: Date | null;
         revokedAt: Date | null;
         revokedReason: string | null;
     }>;
@@ -3390,16 +3080,16 @@ declare class KeysRepository extends BaseRepository {
      * Write primary 사용
      */
     deleteByKeyIdAndUserId(keyId: string, userId: number): Promise<{
-        userId: number;
+        publicKey: string;
         keyId: string;
+        fingerprint: string;
+        algorithm: "ES256" | "RS256";
+        userId: number;
         id: number;
         isActive: boolean;
         createdAt: Date;
-        publicKey: string;
-        algorithm: "ES256" | "RS256";
-        fingerprint: string;
-        lastUsedAt: Date | null;
         expiresAt: Date | null;
+        lastUsedAt: Date | null;
         revokedAt: Date | null;
         revokedReason: string | null;
     }>;
@@ -3514,14 +3204,14 @@ declare class VerificationCodesRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewVerificationCode): Promise<{
+        target: string;
+        targetType: "email" | "phone";
+        purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
+        code: string;
         id: number;
         createdAt: Date;
         updatedAt: Date;
         expiresAt: Date;
-        target: string;
-        targetType: "email" | "phone";
-        code: string;
-        purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
         usedAt: Date | null;
         attempts: number;
     }>;
@@ -3710,7 +3400,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3726,7 +3416,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3766,7 +3456,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3785,8 +3475,8 @@ declare class PermissionsRepository extends BaseRepository {
         isActive: boolean;
         createdAt: Date;
         updatedAt: Date;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
         metadata: Record<string, any> | null;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
     }>;
 }
 declare const permissionsRepository: PermissionsRepository;
@@ -3831,9 +3521,9 @@ declare class RolePermissionsRepository extends BaseRepository {
      */
     createMany(data: NewRolePermission[]): Promise<{
         id: number;
+        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        roleId: number;
         permissionId: number;
     }[]>;
     /**
@@ -3849,9 +3539,9 @@ declare class RolePermissionsRepository extends BaseRepository {
      */
     setPermissionsForRole(roleId: number, permissionIds: number[]): Promise<{
         id: number;
+        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        roleId: number;
         permissionId: number;
     }[]>;
 }
@@ -3916,10 +3606,10 @@ declare class UserPermissionsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        expiresAt: Date | null;
         permissionId: number;
-        granted: boolean;
+        expiresAt: Date | null;
         reason: string | null;
+        granted: boolean;
     }>;
     /**
      * 사용자 권한 오버라이드 업데이트
@@ -3942,10 +3632,10 @@ declare class UserPermissionsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        expiresAt: Date | null;
         permissionId: number;
-        granted: boolean;
+        expiresAt: Date | null;
         reason: string | null;
+        granted: boolean;
     }>;
     /**
      * 사용자의 모든 권한 오버라이드 삭제
@@ -4024,6 +3714,7 @@ declare class UserProfilesRepository extends BaseRepository {
         displayName: string;
         createdAt: Date;
         updatedAt: Date;
+        metadata: Record<string, any> | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -4036,7 +3727,6 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
-        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 업데이트 (by ID)
@@ -4093,6 +3783,7 @@ declare class UserProfilesRepository extends BaseRepository {
         displayName: string;
         createdAt: Date;
         updatedAt: Date;
+        metadata: Record<string, any> | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -4105,7 +3796,6 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
-        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 삭제 (by User ID)
@@ -4116,6 +3806,7 @@ declare class UserProfilesRepository extends BaseRepository {
         displayName: string;
         createdAt: Date;
         updatedAt: Date;
+        metadata: Record<string, any> | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -4128,7 +3819,32 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+    }>;
+    /**
+     * 프로필 Upsert (by User ID)
+     *
+     * 프로필이 없으면 생성, 있으면 업데이트
+     * 새로 생성 시 displayName은 필수 (없으면 'User'로 설정)
+     */
+    upsertByUserId(userId: number, data: Partial<Omit<NewUserProfile, 'userId'>>): Promise<{
+        userId: number;
+        id: number;
+        displayName: string;
+        createdAt: Date;
+        updatedAt: Date;
         metadata: Record<string, any> | null;
+        firstName: string | null;
+        lastName: string | null;
+        avatarUrl: string | null;
+        bio: string | null;
+        locale: string | null;
+        timezone: string | null;
+        dateOfBirth: string | null;
+        gender: string | null;
+        website: string | null;
+        location: string | null;
+        company: string | null;
+        jobTitle: string | null;
     }>;
     /**
      * User ID로 프로필 데이터 조회 (formatted)
@@ -4148,6 +3864,7 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+        metadata: Record<string, any> | null;
         createdAt: Date;
         updatedAt: Date;
     } | null>;
@@ -4255,15 +3972,15 @@ declare class InvitationsRepository extends BaseRepository {
      */
     create(data: NewInvitation): Promise<{
         email: string;
-        status: "pending" | "accepted" | "expired" | "cancelled";
         id: number;
+        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        roleId: number;
+        status: "pending" | "accepted" | "expired" | "cancelled";
         metadata: Record<string, any> | null;
-        expiresAt: Date;
         token: string;
         invitedBy: number;
+        expiresAt: Date;
         acceptedAt: Date | null;
         cancelledAt: Date | null;
     }>;
@@ -4289,15 +4006,15 @@ declare class InvitationsRepository extends BaseRepository {
      */
     deleteById(id: number): Promise<{
         email: string;
-        status: "pending" | "accepted" | "expired" | "cancelled";
         id: number;
+        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        roleId: number;
+        status: "pending" | "accepted" | "expired" | "cancelled";
         metadata: Record<string, any> | null;
-        expiresAt: Date;
         token: string;
         invitedBy: number;
+        expiresAt: Date;
         acceptedAt: Date | null;
         cancelledAt: Date | null;
     }>;
@@ -4715,6 +4432,57 @@ declare const requireAnyPermission: _spfn_core_route.NamedMiddlewareFactory<"any
  */
 declare const requireRole: _spfn_core_route.NamedMiddlewareFactory<"role", string[]>;
+/**
+ * @spfn/auth - Role Guard Middleware
+ *
+ * Middleware for role-based access control with allow/deny options
+ */
+/**
+ * Role guard options
+ */
+interface RoleGuardOptions {
+    /**
+     * Roles to allow (OR condition)
+     * User must have at least one of these roles
+     */
+    allow?: string[];
+    /**
+     * Roles to deny
+     * User with any of these roles will be rejected
+     */
+    deny?: string[];
+}
+/**
+ * Role-based access control middleware
+ *
+ * Must be used after authenticate middleware
+ *
+ * @param options - Role guard options (allow/deny)
+ * @returns Middleware function
+ *
+ * @example Allow specific roles
+ * ```typescript
+ * export const adminRoute = route.get('/admin')
+ *   .use([authenticate, roleGuard({ allow: ['admin', 'superadmin'] })])
+ *   .handler(async (c) => { ... });
+ * ```
+ *
+ * @example Deny specific roles
+ * ```typescript
+ * export const publicRoute = route.get('/content')
+ *   .use([authenticate, roleGuard({ deny: ['banned', 'suspended'] })])
+ *   .handler(async (c) => { ... });
+ * ```
+ *
+ * @example Combined allow and deny
+ * ```typescript
+ * export const managerRoute = route.get('/manage')
+ *   .use([authenticate, roleGuard({ allow: ['admin', 'manager'], deny: ['suspended'] })])
+ *   .handler(async (c) => { ... });
+ * ```
+ */
+declare const roleGuard: _spfn_core_route.NamedMiddlewareFactory<"roleGuard", [options: RoleGuardOptions]>;
 /**
  * Auth Context Helpers
  *
@@ -4757,13 +4525,13 @@ declare function getUser(c: Context | {
 }): {
     email: string | null;
     phone: string | null;
-    status: "active" | "inactive" | "suspended";
     id: number;
-    createdAt: Date;
-    updatedAt: Date;
     passwordHash: string | null;
     passwordChangeRequired: boolean;
     roleId: number;
+    createdAt: Date;
+    updatedAt: Date;
+    status: "active" | "inactive" | "suspended";
     emailVerifiedAt: Date | null;
     phoneVerifiedAt: Date | null;
     lastLoginAt: Date | null;
@@ -5068,4 +4836,4 @@ interface AuthLifecycleConfig {
  */
 declare function createAuthLifecycle(options?: AuthInitOptions): AuthLifecycleConfig;
-export { type AuthConfig, AuthContext, COOKIE_NAMES, type EmailProvider, type EmailTemplateProvider, type EmailTemplateResult, type Invitation, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RolePermission, RolePermissionsRepository, RolesRepository, type SMSProvider, type SendEmailParams, type SendEmailResult, type SendSMSParams, type SendSMSResult, type SessionData, type SessionPayload, type TokenPayload, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, type VerificationCodeParams, VerificationCodesRepository, VerificationPurpose, acceptInvitation, addPermissionToRole, authLogger, authSchema, cancelInvitation, configureAuth, createAuthLifecycle, createInvitation, createRole, decodeToken, deleteInvitation, deleteRole, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getInvitationByToken, getInvitationTemplate, getInvitationWithDetails, getKeyId, getKeySize, getPasswordResetTemplate, getRoleByName, getRolePermissions, getSessionInfo, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getVerificationCodeTemplate, getWelcomeTemplate, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initializeAuth, invitationsRepository, keysRepository, listInvitations, parseDuration, permissions, permissionsRepository, registerEmailProvider, registerEmailTemplates, registerSMSProvider, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, rolePermissions, rolePermissionsRepository, roles, rolesRepository, sealSession, sendEmail, sendSMS, setRolePermissions, shouldRefreshSession, shouldRotateKey, unsealSession, updateLastLoginService, updateRole, updateUserService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyKeyFingerprint, verifyPassword, verifyToken };
+export { type AuthConfig, AuthContext, COOKIE_NAMES, type Invitation, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionData, type SessionPayload, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, acceptInvitation, addPermissionToRole, authLogger, authSchema, cancelInvitation, configureAuth, createAuthLifecycle, createInvitation, createRole, decodeToken, deleteInvitation, deleteRole, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getRoleByName, getRolePermissions, getSessionInfo, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initializeAuth, invitationsRepository, keysRepository, listInvitations, parseDuration, permissions, permissionsRepository, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, sealSession, setRolePermissions, shouldRefreshSession, shouldRotateKey, unsealSession, updateLastLoginService, updateRole, updateUserProfileService, updateUserService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyKeyFingerprint, verifyPassword, verifyToken };