@spfn/auth 0.2.0-beta.10 → 0.2.0-beta.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +459 -172
- package/dist/{dto-CRlgoCP5.d.ts → authenticate-xfEpwIjH.d.ts} +284 -182
- package/dist/config.d.ts +104 -0
- package/dist/config.js +61 -0
- package/dist/config.js.map +1 -1
- package/dist/index.d.ts +187 -130
- package/dist/index.js +24 -1
- package/dist/index.js.map +1 -1
- package/dist/nextjs/api.js +186 -0
- package/dist/nextjs/api.js.map +1 -1
- package/dist/nextjs/client.js +80 -0
- package/dist/nextjs/client.js.map +1 -0
- package/dist/nextjs/server.d.ts +68 -2
- package/dist/nextjs/server.js +125 -3
- package/dist/nextjs/server.js.map +1 -1
- package/dist/server.d.ts +243 -366
- package/dist/server.js +596 -476
- package/dist/server.js.map +1 -1
- package/package.json +11 -11
|
@@ -1,8 +1,85 @@
|
|
|
1
|
+
import * as _spfn_core_route from '@spfn/core/route';
|
|
1
2
|
import * as _sinclair_typebox from '@sinclair/typebox';
|
|
2
3
|
import { Static } from '@sinclair/typebox';
|
|
3
|
-
import * as _spfn_core_route from '@spfn/core/route';
|
|
4
4
|
import { User } from '@spfn/auth/server';
|
|
5
5
|
|
|
6
|
+
/**
|
|
7
|
+
* Role information for client/API responses
|
|
8
|
+
*/
|
|
9
|
+
interface Role {
|
|
10
|
+
id: number;
|
|
11
|
+
name: string;
|
|
12
|
+
displayName: string;
|
|
13
|
+
description: string | null;
|
|
14
|
+
isBuiltin: boolean;
|
|
15
|
+
isSystem: boolean;
|
|
16
|
+
isActive: boolean;
|
|
17
|
+
priority: number;
|
|
18
|
+
createdAt: Date;
|
|
19
|
+
updatedAt: Date;
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Permission information for client/API responses
|
|
23
|
+
*/
|
|
24
|
+
interface Permission {
|
|
25
|
+
id: number;
|
|
26
|
+
name: string;
|
|
27
|
+
displayName: string;
|
|
28
|
+
description: string | null;
|
|
29
|
+
category: string | null;
|
|
30
|
+
isBuiltin: boolean;
|
|
31
|
+
isSystem: boolean;
|
|
32
|
+
isActive: boolean;
|
|
33
|
+
metadata: Record<string, any> | null;
|
|
34
|
+
createdAt: Date;
|
|
35
|
+
updatedAt: Date;
|
|
36
|
+
}
|
|
37
|
+
interface AuthSession {
|
|
38
|
+
userId: number;
|
|
39
|
+
email: string | null;
|
|
40
|
+
emailVerified: boolean;
|
|
41
|
+
phoneVerified: boolean;
|
|
42
|
+
role: Role;
|
|
43
|
+
permissions: Permission[];
|
|
44
|
+
}
|
|
45
|
+
interface ProfileInfo {
|
|
46
|
+
profileId: number;
|
|
47
|
+
displayName: string;
|
|
48
|
+
firstName: string | null;
|
|
49
|
+
lastName: string | null;
|
|
50
|
+
avatarUrl: string | null;
|
|
51
|
+
bio: string | null;
|
|
52
|
+
locale: string;
|
|
53
|
+
timezone: string;
|
|
54
|
+
website: string | null;
|
|
55
|
+
location: string | null;
|
|
56
|
+
company: string | null;
|
|
57
|
+
jobTitle: string | null;
|
|
58
|
+
metadata: Record<string, any> | null;
|
|
59
|
+
createdAt: Date;
|
|
60
|
+
updatedAt: Date;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* User Profile Response
|
|
64
|
+
*
|
|
65
|
+
* Complete user data including:
|
|
66
|
+
* - User fields at top level (userId, email, etc.)
|
|
67
|
+
* - Profile data as nested field (optional)
|
|
68
|
+
*
|
|
69
|
+
* Excludes:
|
|
70
|
+
* - Role and permissions (use auth session API)
|
|
71
|
+
*/
|
|
72
|
+
interface UserProfile {
|
|
73
|
+
userId: number;
|
|
74
|
+
email: string | null;
|
|
75
|
+
emailVerified: boolean;
|
|
76
|
+
phoneVerified: boolean;
|
|
77
|
+
lastLoginAt: Date | null;
|
|
78
|
+
createdAt: Date;
|
|
79
|
+
updatedAt: Date;
|
|
80
|
+
profile: ProfileInfo | null;
|
|
81
|
+
}
|
|
82
|
+
|
|
6
83
|
/**
|
|
7
84
|
* @spfn/auth - Shared Types
|
|
8
85
|
*
|
|
@@ -299,6 +376,63 @@ interface AuthInitOptions {
|
|
|
299
376
|
sessionTtl?: string | number;
|
|
300
377
|
}
|
|
301
378
|
|
|
379
|
+
/**
|
|
380
|
+
* @spfn/auth - OAuth Service
|
|
381
|
+
*
|
|
382
|
+
* OAuth 인증 비즈니스 로직
|
|
383
|
+
* - Google OAuth Authorization Code Flow
|
|
384
|
+
* - 소셜 계정 연결/생성
|
|
385
|
+
* - publicKey는 state에서 추출하여 등록
|
|
386
|
+
*/
|
|
387
|
+
|
|
388
|
+
interface OAuthStartParams {
|
|
389
|
+
provider: SocialProvider;
|
|
390
|
+
returnUrl: string;
|
|
391
|
+
publicKey: string;
|
|
392
|
+
keyId: string;
|
|
393
|
+
fingerprint: string;
|
|
394
|
+
algorithm: KeyAlgorithmType;
|
|
395
|
+
}
|
|
396
|
+
interface OAuthStartResult {
|
|
397
|
+
authUrl: string;
|
|
398
|
+
}
|
|
399
|
+
interface OAuthCallbackParams {
|
|
400
|
+
provider: SocialProvider;
|
|
401
|
+
code: string;
|
|
402
|
+
state: string;
|
|
403
|
+
}
|
|
404
|
+
interface OAuthCallbackResult {
|
|
405
|
+
redirectUrl: string;
|
|
406
|
+
userId: string;
|
|
407
|
+
keyId: string;
|
|
408
|
+
isNewUser: boolean;
|
|
409
|
+
}
|
|
410
|
+
/**
|
|
411
|
+
* OAuth 로그인 시작 - Provider 로그인 페이지로 리다이렉트할 URL 생성
|
|
412
|
+
*
|
|
413
|
+
* Next.js에서 키쌍을 생성한 후, publicKey를 state에 포함하여 호출
|
|
414
|
+
*/
|
|
415
|
+
declare function oauthStartService(params: OAuthStartParams): Promise<OAuthStartResult>;
|
|
416
|
+
/**
|
|
417
|
+
* OAuth 콜백 처리 - Code를 Token으로 교환하고 사용자 생성/연결
|
|
418
|
+
*
|
|
419
|
+
* state에서 publicKey를 추출하여 서버에 등록
|
|
420
|
+
* Next.js는 반환된 userId, keyId로 세션을 구성
|
|
421
|
+
*/
|
|
422
|
+
declare function oauthCallbackService(params: OAuthCallbackParams): Promise<OAuthCallbackResult>;
|
|
423
|
+
/**
|
|
424
|
+
* OAuth 에러 리다이렉트 URL 생성
|
|
425
|
+
*/
|
|
426
|
+
declare function buildOAuthErrorUrl(error: string): string;
|
|
427
|
+
/**
|
|
428
|
+
* OAuth provider가 활성화되어 있는지 확인
|
|
429
|
+
*/
|
|
430
|
+
declare function isOAuthProviderEnabled(provider: SocialProvider): boolean;
|
|
431
|
+
/**
|
|
432
|
+
* 활성화된 모든 OAuth provider 목록
|
|
433
|
+
*/
|
|
434
|
+
declare function getEnabledOAuthProviders(): SocialProvider[];
|
|
435
|
+
|
|
302
436
|
/**
|
|
303
437
|
* @spfn/auth - Main Router
|
|
304
438
|
*
|
|
@@ -310,29 +444,143 @@ interface AuthInitOptions {
|
|
|
310
444
|
*
|
|
311
445
|
* Routes:
|
|
312
446
|
* - Auth: /_auth/exists, /_auth/codes, /_auth/login, /_auth/logout, etc.
|
|
447
|
+
* - OAuth: /_auth/oauth/google, /_auth/oauth/google/callback, etc.
|
|
313
448
|
* - Invitations: /_auth/invitations/*
|
|
314
449
|
* - Users: /_auth/users/*
|
|
315
450
|
*/
|
|
316
451
|
declare const mainAuthRouter: _spfn_core_route.Router<{
|
|
317
|
-
|
|
318
|
-
|
|
452
|
+
checkAccountExists: _spfn_core_route.RouteDef<{
|
|
453
|
+
body: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
|
|
454
|
+
email: _sinclair_typebox.TString;
|
|
455
|
+
}>, _sinclair_typebox.TObject<{
|
|
456
|
+
phone: _sinclair_typebox.TString;
|
|
457
|
+
}>]>;
|
|
458
|
+
}, {}, CheckAccountExistsResult>;
|
|
459
|
+
sendVerificationCode: _spfn_core_route.RouteDef<{
|
|
319
460
|
body: _sinclair_typebox.TObject<{
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
avatarUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
324
|
-
bio: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
325
|
-
locale: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
326
|
-
timezone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
327
|
-
dateOfBirth: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
328
|
-
gender: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
329
|
-
website: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
330
|
-
location: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
331
|
-
company: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
332
|
-
jobTitle: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
333
|
-
metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TAny>>;
|
|
461
|
+
target: _sinclair_typebox.TString;
|
|
462
|
+
targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
|
|
463
|
+
purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
|
|
334
464
|
}>;
|
|
335
|
-
}, {},
|
|
465
|
+
}, {}, SendVerificationCodeResult>;
|
|
466
|
+
verifyCode: _spfn_core_route.RouteDef<{
|
|
467
|
+
body: _sinclair_typebox.TObject<{
|
|
468
|
+
target: _sinclair_typebox.TString;
|
|
469
|
+
targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
|
|
470
|
+
code: _sinclair_typebox.TString;
|
|
471
|
+
purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
|
|
472
|
+
}>;
|
|
473
|
+
}, {}, {
|
|
474
|
+
valid: boolean;
|
|
475
|
+
verificationToken: string;
|
|
476
|
+
}>;
|
|
477
|
+
register: _spfn_core_route.RouteDef<{
|
|
478
|
+
body: _sinclair_typebox.TObject<{
|
|
479
|
+
email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
480
|
+
phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
481
|
+
verificationToken: _sinclair_typebox.TString;
|
|
482
|
+
password: _sinclair_typebox.TString;
|
|
483
|
+
}>;
|
|
484
|
+
}, {
|
|
485
|
+
body: _sinclair_typebox.TObject<{
|
|
486
|
+
publicKey: _sinclair_typebox.TString;
|
|
487
|
+
keyId: _sinclair_typebox.TString;
|
|
488
|
+
fingerprint: _sinclair_typebox.TString;
|
|
489
|
+
algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
|
|
490
|
+
}>;
|
|
491
|
+
}, RegisterResult>;
|
|
492
|
+
login: _spfn_core_route.RouteDef<{
|
|
493
|
+
body: _sinclair_typebox.TObject<{
|
|
494
|
+
email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
495
|
+
phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
496
|
+
password: _sinclair_typebox.TString;
|
|
497
|
+
}>;
|
|
498
|
+
}, {
|
|
499
|
+
body: _sinclair_typebox.TObject<{
|
|
500
|
+
publicKey: _sinclair_typebox.TString;
|
|
501
|
+
keyId: _sinclair_typebox.TString;
|
|
502
|
+
fingerprint: _sinclair_typebox.TString;
|
|
503
|
+
algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
|
|
504
|
+
oldKeyId: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
505
|
+
}>;
|
|
506
|
+
}, LoginResult>;
|
|
507
|
+
logout: _spfn_core_route.RouteDef<{}, {}, void>;
|
|
508
|
+
rotateKey: _spfn_core_route.RouteDef<{}, {
|
|
509
|
+
body: _sinclair_typebox.TObject<{
|
|
510
|
+
publicKey: _sinclair_typebox.TString;
|
|
511
|
+
keyId: _sinclair_typebox.TString;
|
|
512
|
+
fingerprint: _sinclair_typebox.TString;
|
|
513
|
+
algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
|
|
514
|
+
}>;
|
|
515
|
+
}, RotateKeyResult>;
|
|
516
|
+
changePassword: _spfn_core_route.RouteDef<{
|
|
517
|
+
body: _sinclair_typebox.TObject<{
|
|
518
|
+
currentPassword: _sinclair_typebox.TString;
|
|
519
|
+
newPassword: _sinclair_typebox.TString;
|
|
520
|
+
}>;
|
|
521
|
+
}, {}, void>;
|
|
522
|
+
getAuthSession: _spfn_core_route.RouteDef<{}, {}, {
|
|
523
|
+
role: {
|
|
524
|
+
id: number;
|
|
525
|
+
name: string;
|
|
526
|
+
displayName: string;
|
|
527
|
+
priority: number;
|
|
528
|
+
};
|
|
529
|
+
permissions: {
|
|
530
|
+
id: number;
|
|
531
|
+
name: string;
|
|
532
|
+
displayName: string;
|
|
533
|
+
category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
|
|
534
|
+
}[];
|
|
535
|
+
userId: number;
|
|
536
|
+
email: string | null;
|
|
537
|
+
emailVerified: boolean;
|
|
538
|
+
phoneVerified: boolean;
|
|
539
|
+
}>;
|
|
540
|
+
oauthGoogleStart: _spfn_core_route.RouteDef<{
|
|
541
|
+
query: _sinclair_typebox.TObject<{
|
|
542
|
+
state: _sinclair_typebox.TString;
|
|
543
|
+
}>;
|
|
544
|
+
}, {}, Response>;
|
|
545
|
+
oauthGoogleCallback: _spfn_core_route.RouteDef<{
|
|
546
|
+
query: _sinclair_typebox.TObject<{
|
|
547
|
+
code: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
548
|
+
state: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
549
|
+
error: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
550
|
+
error_description: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
551
|
+
}>;
|
|
552
|
+
}, {}, Response>;
|
|
553
|
+
oauthStart: _spfn_core_route.RouteDef<{
|
|
554
|
+
body: _sinclair_typebox.TObject<{
|
|
555
|
+
provider: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"google" | "github" | "kakao" | "naver">[]>;
|
|
556
|
+
returnUrl: _sinclair_typebox.TString;
|
|
557
|
+
publicKey: _sinclair_typebox.TString;
|
|
558
|
+
keyId: _sinclair_typebox.TString;
|
|
559
|
+
fingerprint: _sinclair_typebox.TString;
|
|
560
|
+
algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
|
|
561
|
+
}>;
|
|
562
|
+
}, {}, OAuthStartResult>;
|
|
563
|
+
oauthProviders: _spfn_core_route.RouteDef<{}, {}, {
|
|
564
|
+
providers: ("google" | "github" | "kakao" | "naver")[];
|
|
565
|
+
}>;
|
|
566
|
+
getGoogleOAuthUrl: _spfn_core_route.RouteDef<{
|
|
567
|
+
body: _sinclair_typebox.TObject<{
|
|
568
|
+
returnUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
569
|
+
state: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
570
|
+
}>;
|
|
571
|
+
}, {}, {
|
|
572
|
+
authUrl: string;
|
|
573
|
+
}>;
|
|
574
|
+
oauthFinalize: _spfn_core_route.RouteDef<{
|
|
575
|
+
body: _sinclair_typebox.TObject<{
|
|
576
|
+
userId: _sinclair_typebox.TString;
|
|
577
|
+
keyId: _sinclair_typebox.TString;
|
|
578
|
+
returnUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
579
|
+
}>;
|
|
580
|
+
}, {}, {
|
|
581
|
+
success: boolean;
|
|
582
|
+
returnUrl: string;
|
|
583
|
+
}>;
|
|
336
584
|
getInvitation: _spfn_core_route.RouteDef<{
|
|
337
585
|
params: _sinclair_typebox.TObject<{
|
|
338
586
|
token: _sinclair_typebox.TString;
|
|
@@ -433,94 +681,25 @@ declare const mainAuthRouter: _spfn_core_route.Router<{
|
|
|
433
681
|
id: _sinclair_typebox.TNumber;
|
|
434
682
|
}>;
|
|
435
683
|
}, {}, void>;
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
email: _sinclair_typebox.TString;
|
|
439
|
-
}>, _sinclair_typebox.TObject<{
|
|
440
|
-
phone: _sinclair_typebox.TString;
|
|
441
|
-
}>]>;
|
|
442
|
-
}, {}, CheckAccountExistsResult>;
|
|
443
|
-
sendVerificationCode: _spfn_core_route.RouteDef<{
|
|
444
|
-
body: _sinclair_typebox.TObject<{
|
|
445
|
-
target: _sinclair_typebox.TString;
|
|
446
|
-
targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
|
|
447
|
-
purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
|
|
448
|
-
}>;
|
|
449
|
-
}, {}, SendVerificationCodeResult>;
|
|
450
|
-
verifyCode: _spfn_core_route.RouteDef<{
|
|
451
|
-
body: _sinclair_typebox.TObject<{
|
|
452
|
-
target: _sinclair_typebox.TString;
|
|
453
|
-
targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
|
|
454
|
-
code: _sinclair_typebox.TString;
|
|
455
|
-
purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
|
|
456
|
-
}>;
|
|
457
|
-
}, {}, {
|
|
458
|
-
valid: boolean;
|
|
459
|
-
verificationToken: string;
|
|
460
|
-
}>;
|
|
461
|
-
register: _spfn_core_route.RouteDef<{
|
|
462
|
-
body: _sinclair_typebox.TObject<{
|
|
463
|
-
email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
464
|
-
phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
465
|
-
verificationToken: _sinclair_typebox.TString;
|
|
466
|
-
password: _sinclair_typebox.TString;
|
|
467
|
-
}>;
|
|
468
|
-
}, {
|
|
469
|
-
body: _sinclair_typebox.TObject<{
|
|
470
|
-
publicKey: _sinclair_typebox.TString;
|
|
471
|
-
keyId: _sinclair_typebox.TString;
|
|
472
|
-
fingerprint: _sinclair_typebox.TString;
|
|
473
|
-
algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
|
|
474
|
-
}>;
|
|
475
|
-
}, RegisterResult>;
|
|
476
|
-
login: _spfn_core_route.RouteDef<{
|
|
477
|
-
body: _sinclair_typebox.TObject<{
|
|
478
|
-
email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
479
|
-
phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
480
|
-
password: _sinclair_typebox.TString;
|
|
481
|
-
}>;
|
|
482
|
-
}, {
|
|
483
|
-
body: _sinclair_typebox.TObject<{
|
|
484
|
-
publicKey: _sinclair_typebox.TString;
|
|
485
|
-
keyId: _sinclair_typebox.TString;
|
|
486
|
-
fingerprint: _sinclair_typebox.TString;
|
|
487
|
-
algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
|
|
488
|
-
oldKeyId: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
489
|
-
}>;
|
|
490
|
-
}, LoginResult>;
|
|
491
|
-
logout: _spfn_core_route.RouteDef<{}, {}, void>;
|
|
492
|
-
rotateKey: _spfn_core_route.RouteDef<{}, {
|
|
493
|
-
body: _sinclair_typebox.TObject<{
|
|
494
|
-
publicKey: _sinclair_typebox.TString;
|
|
495
|
-
keyId: _sinclair_typebox.TString;
|
|
496
|
-
fingerprint: _sinclair_typebox.TString;
|
|
497
|
-
algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
|
|
498
|
-
}>;
|
|
499
|
-
}, RotateKeyResult>;
|
|
500
|
-
changePassword: _spfn_core_route.RouteDef<{
|
|
684
|
+
getUserProfile: _spfn_core_route.RouteDef<{}, {}, UserProfile>;
|
|
685
|
+
updateUserProfile: _spfn_core_route.RouteDef<{
|
|
501
686
|
body: _sinclair_typebox.TObject<{
|
|
502
|
-
|
|
503
|
-
|
|
687
|
+
displayName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
688
|
+
firstName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
689
|
+
lastName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
690
|
+
avatarUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
691
|
+
bio: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
692
|
+
locale: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
693
|
+
timezone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
694
|
+
dateOfBirth: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
695
|
+
gender: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
696
|
+
website: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
697
|
+
location: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
698
|
+
company: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
699
|
+
jobTitle: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
700
|
+
metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TAny>>;
|
|
504
701
|
}>;
|
|
505
|
-
}, {},
|
|
506
|
-
getAuthSession: _spfn_core_route.RouteDef<{}, {}, {
|
|
507
|
-
role: {
|
|
508
|
-
id: number;
|
|
509
|
-
name: string;
|
|
510
|
-
displayName: string;
|
|
511
|
-
priority: number;
|
|
512
|
-
};
|
|
513
|
-
permissions: {
|
|
514
|
-
id: number;
|
|
515
|
-
name: string;
|
|
516
|
-
displayName: string;
|
|
517
|
-
category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
|
|
518
|
-
}[];
|
|
519
|
-
userId: number;
|
|
520
|
-
email: string | null;
|
|
521
|
-
emailVerified: boolean;
|
|
522
|
-
phoneVerified: boolean;
|
|
523
|
-
}>;
|
|
702
|
+
}, {}, ProfileInfo>;
|
|
524
703
|
}>;
|
|
525
704
|
|
|
526
705
|
interface AuthContext {
|
|
@@ -565,81 +744,4 @@ declare module 'hono' {
|
|
|
565
744
|
*/
|
|
566
745
|
declare const authenticate: _spfn_core_route.NamedMiddleware<"auth">;
|
|
567
746
|
|
|
568
|
-
|
|
569
|
-
* Role information for client/API responses
|
|
570
|
-
*/
|
|
571
|
-
interface Role {
|
|
572
|
-
id: number;
|
|
573
|
-
name: string;
|
|
574
|
-
displayName: string;
|
|
575
|
-
description: string | null;
|
|
576
|
-
isBuiltin: boolean;
|
|
577
|
-
isSystem: boolean;
|
|
578
|
-
isActive: boolean;
|
|
579
|
-
priority: number;
|
|
580
|
-
createdAt: Date;
|
|
581
|
-
updatedAt: Date;
|
|
582
|
-
}
|
|
583
|
-
/**
|
|
584
|
-
* Permission information for client/API responses
|
|
585
|
-
*/
|
|
586
|
-
interface Permission {
|
|
587
|
-
id: number;
|
|
588
|
-
name: string;
|
|
589
|
-
displayName: string;
|
|
590
|
-
description: string | null;
|
|
591
|
-
category: string | null;
|
|
592
|
-
isBuiltin: boolean;
|
|
593
|
-
isSystem: boolean;
|
|
594
|
-
isActive: boolean;
|
|
595
|
-
metadata: Record<string, any> | null;
|
|
596
|
-
createdAt: Date;
|
|
597
|
-
updatedAt: Date;
|
|
598
|
-
}
|
|
599
|
-
interface AuthSession {
|
|
600
|
-
userId: number;
|
|
601
|
-
email: string | null;
|
|
602
|
-
emailVerified: boolean;
|
|
603
|
-
phoneVerified: boolean;
|
|
604
|
-
role: Role;
|
|
605
|
-
permissions: Permission[];
|
|
606
|
-
}
|
|
607
|
-
interface ProfileInfo {
|
|
608
|
-
profileId: number;
|
|
609
|
-
displayName: string;
|
|
610
|
-
firstName: string | null;
|
|
611
|
-
lastName: string | null;
|
|
612
|
-
avatarUrl: string | null;
|
|
613
|
-
bio: string | null;
|
|
614
|
-
locale: string;
|
|
615
|
-
timezone: string;
|
|
616
|
-
website: string | null;
|
|
617
|
-
location: string | null;
|
|
618
|
-
company: string | null;
|
|
619
|
-
jobTitle: string | null;
|
|
620
|
-
metadata: Record<string, any> | null;
|
|
621
|
-
createdAt: Date;
|
|
622
|
-
updatedAt: Date;
|
|
623
|
-
}
|
|
624
|
-
/**
|
|
625
|
-
* User Profile Response
|
|
626
|
-
*
|
|
627
|
-
* Complete user data including:
|
|
628
|
-
* - User fields at top level (userId, email, etc.)
|
|
629
|
-
* - Profile data as nested field (optional)
|
|
630
|
-
*
|
|
631
|
-
* Excludes:
|
|
632
|
-
* - Role and permissions (use auth session API)
|
|
633
|
-
*/
|
|
634
|
-
interface UserProfile {
|
|
635
|
-
userId: number;
|
|
636
|
-
email: string | null;
|
|
637
|
-
emailVerified: boolean;
|
|
638
|
-
phoneVerified: boolean;
|
|
639
|
-
lastLoginAt: Date | null;
|
|
640
|
-
createdAt: Date;
|
|
641
|
-
updatedAt: Date;
|
|
642
|
-
profile: ProfileInfo | null;
|
|
643
|
-
}
|
|
644
|
-
|
|
645
|
-
export { VerificationPurposeSchema as $, type AuthSession as A, type ChangePasswordParams as B, type CheckAccountExistsResult as C, sendVerificationCodeService as D, verifyCodeService as E, type SendVerificationCodeParams as F, type VerifyCodeParams as G, type VerifyCodeResult as H, INVITATION_STATUSES as I, registerPublicKeyService as J, KEY_ALGORITHM as K, type LoginResult as L, rotateKeyService as M, revokeKeyService as N, type RegisterPublicKeyParams as O, type PermissionConfig as P, type RotateKeyParams as Q, type RoleConfig as R, type SendVerificationCodeResult as S, type RevokeKeyParams as T, type UserProfile as U, type VerificationTargetType as V, authenticate as W, EmailSchema as X, PhoneSchema as Y, PasswordSchema as Z, TargetTypeSchema as _, type ProfileInfo as a, type RegisterResult as b, type RotateKeyResult as c, USER_STATUSES as d, SOCIAL_PROVIDERS as e, type VerificationPurpose as f, VERIFICATION_TARGET_TYPES as g, VERIFICATION_PURPOSES as h, PERMISSION_CATEGORIES as i, type PermissionCategory as j, type AuthInitOptions as k, type KeyAlgorithmType as l, mainAuthRouter as m, type InvitationStatus as n, type UserStatus as o, type SocialProvider as p, type AuthContext as q, checkAccountExistsService as r, registerService as s, loginService as t, logoutService as u, changePasswordService as v, type CheckAccountExistsParams as w, type RegisterParams as x, type LoginParams as y, type LogoutParams as z };
|
|
747
|
+
export { getEnabledOAuthProviders as $, type AuthSession as A, type ChangePasswordParams as B, type CheckAccountExistsResult as C, sendVerificationCodeService as D, verifyCodeService as E, type SendVerificationCodeParams as F, type VerifyCodeParams as G, type VerifyCodeResult as H, INVITATION_STATUSES as I, registerPublicKeyService as J, KEY_ALGORITHM as K, type LoginResult as L, rotateKeyService as M, revokeKeyService as N, type OAuthStartResult as O, type PermissionConfig as P, type RegisterPublicKeyParams as Q, type RoleConfig as R, type SendVerificationCodeResult as S, type RotateKeyParams as T, type UserProfile as U, type VerificationTargetType as V, type RevokeKeyParams as W, oauthStartService as X, oauthCallbackService as Y, buildOAuthErrorUrl as Z, isOAuthProviderEnabled as _, type RegisterResult as a, type OAuthStartParams as a0, type OAuthCallbackParams as a1, type OAuthCallbackResult as a2, authenticate as a3, EmailSchema as a4, PhoneSchema as a5, PasswordSchema as a6, TargetTypeSchema as a7, VerificationPurposeSchema as a8, type RotateKeyResult as b, type ProfileInfo as c, USER_STATUSES as d, SOCIAL_PROVIDERS as e, type VerificationPurpose as f, VERIFICATION_TARGET_TYPES as g, VERIFICATION_PURPOSES as h, PERMISSION_CATEGORIES as i, type PermissionCategory as j, type AuthInitOptions as k, type KeyAlgorithmType as l, mainAuthRouter as m, type InvitationStatus as n, type UserStatus as o, type SocialProvider as p, type AuthContext as q, checkAccountExistsService as r, registerService as s, loginService as t, logoutService as u, changePasswordService as v, type CheckAccountExistsParams as w, type RegisterParams as x, type LoginParams as y, type LogoutParams as z };
|
package/dist/config.d.ts
CHANGED
|
@@ -214,6 +214,58 @@ declare const authEnvSchema: {
|
|
|
214
214
|
} & {
|
|
215
215
|
key: "SPFN_AUTH_AWS_SES_FROM_NAME";
|
|
216
216
|
};
|
|
217
|
+
SPFN_APP_URL: {
|
|
218
|
+
description: string;
|
|
219
|
+
default: string;
|
|
220
|
+
required: boolean;
|
|
221
|
+
examples: string[];
|
|
222
|
+
type: "string";
|
|
223
|
+
} & {
|
|
224
|
+
key: "SPFN_APP_URL";
|
|
225
|
+
};
|
|
226
|
+
SPFN_AUTH_GOOGLE_CLIENT_ID: {
|
|
227
|
+
description: string;
|
|
228
|
+
required: boolean;
|
|
229
|
+
examples: string[];
|
|
230
|
+
type: "string";
|
|
231
|
+
} & {
|
|
232
|
+
key: "SPFN_AUTH_GOOGLE_CLIENT_ID";
|
|
233
|
+
};
|
|
234
|
+
SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
|
|
235
|
+
description: string;
|
|
236
|
+
required: boolean;
|
|
237
|
+
sensitive: boolean;
|
|
238
|
+
examples: string[];
|
|
239
|
+
type: "string";
|
|
240
|
+
} & {
|
|
241
|
+
key: "SPFN_AUTH_GOOGLE_CLIENT_SECRET";
|
|
242
|
+
};
|
|
243
|
+
SPFN_AUTH_GOOGLE_REDIRECT_URI: {
|
|
244
|
+
description: string;
|
|
245
|
+
required: boolean;
|
|
246
|
+
examples: string[];
|
|
247
|
+
type: "string";
|
|
248
|
+
} & {
|
|
249
|
+
key: "SPFN_AUTH_GOOGLE_REDIRECT_URI";
|
|
250
|
+
};
|
|
251
|
+
SPFN_AUTH_OAUTH_SUCCESS_URL: {
|
|
252
|
+
description: string;
|
|
253
|
+
required: boolean;
|
|
254
|
+
default: string;
|
|
255
|
+
examples: string[];
|
|
256
|
+
type: "string";
|
|
257
|
+
} & {
|
|
258
|
+
key: "SPFN_AUTH_OAUTH_SUCCESS_URL";
|
|
259
|
+
};
|
|
260
|
+
SPFN_AUTH_OAUTH_ERROR_URL: {
|
|
261
|
+
description: string;
|
|
262
|
+
required: boolean;
|
|
263
|
+
default: string;
|
|
264
|
+
examples: string[];
|
|
265
|
+
type: "string";
|
|
266
|
+
} & {
|
|
267
|
+
key: "SPFN_AUTH_OAUTH_ERROR_URL";
|
|
268
|
+
};
|
|
217
269
|
};
|
|
218
270
|
|
|
219
271
|
declare const env: _spfn_core_env.InferEnvType<{
|
|
@@ -404,6 +456,58 @@ declare const env: _spfn_core_env.InferEnvType<{
|
|
|
404
456
|
} & {
|
|
405
457
|
key: "SPFN_AUTH_AWS_SES_FROM_NAME";
|
|
406
458
|
};
|
|
459
|
+
SPFN_APP_URL: {
|
|
460
|
+
description: string;
|
|
461
|
+
default: string;
|
|
462
|
+
required: boolean;
|
|
463
|
+
examples: string[];
|
|
464
|
+
type: "string";
|
|
465
|
+
} & {
|
|
466
|
+
key: "SPFN_APP_URL";
|
|
467
|
+
};
|
|
468
|
+
SPFN_AUTH_GOOGLE_CLIENT_ID: {
|
|
469
|
+
description: string;
|
|
470
|
+
required: boolean;
|
|
471
|
+
examples: string[];
|
|
472
|
+
type: "string";
|
|
473
|
+
} & {
|
|
474
|
+
key: "SPFN_AUTH_GOOGLE_CLIENT_ID";
|
|
475
|
+
};
|
|
476
|
+
SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
|
|
477
|
+
description: string;
|
|
478
|
+
required: boolean;
|
|
479
|
+
sensitive: boolean;
|
|
480
|
+
examples: string[];
|
|
481
|
+
type: "string";
|
|
482
|
+
} & {
|
|
483
|
+
key: "SPFN_AUTH_GOOGLE_CLIENT_SECRET";
|
|
484
|
+
};
|
|
485
|
+
SPFN_AUTH_GOOGLE_REDIRECT_URI: {
|
|
486
|
+
description: string;
|
|
487
|
+
required: boolean;
|
|
488
|
+
examples: string[];
|
|
489
|
+
type: "string";
|
|
490
|
+
} & {
|
|
491
|
+
key: "SPFN_AUTH_GOOGLE_REDIRECT_URI";
|
|
492
|
+
};
|
|
493
|
+
SPFN_AUTH_OAUTH_SUCCESS_URL: {
|
|
494
|
+
description: string;
|
|
495
|
+
required: boolean;
|
|
496
|
+
default: string;
|
|
497
|
+
examples: string[];
|
|
498
|
+
type: "string";
|
|
499
|
+
} & {
|
|
500
|
+
key: "SPFN_AUTH_OAUTH_SUCCESS_URL";
|
|
501
|
+
};
|
|
502
|
+
SPFN_AUTH_OAUTH_ERROR_URL: {
|
|
503
|
+
description: string;
|
|
504
|
+
required: boolean;
|
|
505
|
+
default: string;
|
|
506
|
+
examples: string[];
|
|
507
|
+
type: "string";
|
|
508
|
+
} & {
|
|
509
|
+
key: "SPFN_AUTH_OAUTH_ERROR_URL";
|
|
510
|
+
};
|
|
407
511
|
}>;
|
|
408
512
|
|
|
409
513
|
export { env, authEnvSchema as envSchema };
|
package/dist/config.js
CHANGED
|
@@ -231,6 +231,67 @@ var authEnvSchema = defineEnvSchema({
|
|
|
231
231
|
required: false,
|
|
232
232
|
examples: ["MyApp", "Your Company"]
|
|
233
233
|
})
|
|
234
|
+
},
|
|
235
|
+
SPFN_APP_URL: {
|
|
236
|
+
...envString({
|
|
237
|
+
description: "Next.js application URL. Used for OAuth callback redirects.",
|
|
238
|
+
default: "http://localhost:3000",
|
|
239
|
+
required: false,
|
|
240
|
+
examples: [
|
|
241
|
+
"https://app.example.com",
|
|
242
|
+
"http://localhost:3000"
|
|
243
|
+
]
|
|
244
|
+
})
|
|
245
|
+
},
|
|
246
|
+
// ============================================================================
|
|
247
|
+
// OAuth Configuration - Google
|
|
248
|
+
// ============================================================================
|
|
249
|
+
SPFN_AUTH_GOOGLE_CLIENT_ID: {
|
|
250
|
+
...envString({
|
|
251
|
+
description: "Google OAuth 2.0 Client ID. When set, Google OAuth routes are automatically enabled.",
|
|
252
|
+
required: false,
|
|
253
|
+
examples: ["123456789-abc123.apps.googleusercontent.com"]
|
|
254
|
+
})
|
|
255
|
+
},
|
|
256
|
+
SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
|
|
257
|
+
...envString({
|
|
258
|
+
description: "Google OAuth 2.0 Client Secret",
|
|
259
|
+
required: false,
|
|
260
|
+
sensitive: true,
|
|
261
|
+
examples: ["GOCSPX-abcdefghijklmnop"]
|
|
262
|
+
})
|
|
263
|
+
},
|
|
264
|
+
SPFN_AUTH_GOOGLE_REDIRECT_URI: {
|
|
265
|
+
...envString({
|
|
266
|
+
description: "Google OAuth callback URL. Defaults to {SPFN_API_URL}/_auth/oauth/google/callback",
|
|
267
|
+
required: false,
|
|
268
|
+
examples: [
|
|
269
|
+
"https://api.example.com/_auth/oauth/google/callback",
|
|
270
|
+
"http://localhost:8790/_auth/oauth/google/callback"
|
|
271
|
+
]
|
|
272
|
+
})
|
|
273
|
+
},
|
|
274
|
+
SPFN_AUTH_OAUTH_SUCCESS_URL: {
|
|
275
|
+
...envString({
|
|
276
|
+
description: "OAuth callback page URL. This page should use OAuthCallback component to finalize session.",
|
|
277
|
+
required: false,
|
|
278
|
+
default: "/auth/callback",
|
|
279
|
+
examples: [
|
|
280
|
+
"/auth/callback",
|
|
281
|
+
"https://app.example.com/auth/callback"
|
|
282
|
+
]
|
|
283
|
+
})
|
|
284
|
+
},
|
|
285
|
+
SPFN_AUTH_OAUTH_ERROR_URL: {
|
|
286
|
+
...envString({
|
|
287
|
+
description: "URL to redirect after OAuth error. Use {error} placeholder for error message.",
|
|
288
|
+
required: false,
|
|
289
|
+
default: "http://localhost:3000/auth/error?error={error}",
|
|
290
|
+
examples: [
|
|
291
|
+
"https://app.example.com/auth/error?error={error}",
|
|
292
|
+
"http://localhost:3000/auth/error?error={error}"
|
|
293
|
+
]
|
|
294
|
+
})
|
|
234
295
|
}
|
|
235
296
|
});
|
|
236
297
|
|