@spfn/auth 0.2.0-beta.2 → 0.2.0-beta.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/README.md +635 -180
  2. package/dist/{dto-CLYtuAom.d.ts → authenticate-BmzJ6hTF.d.ts} +364 -154
  3. package/dist/config.d.ts +58 -40
  4. package/dist/config.js +64 -35
  5. package/dist/config.js.map +1 -1
  6. package/dist/index.d.ts +256 -103
  7. package/dist/index.js +35 -1
  8. package/dist/index.js.map +1 -1
  9. package/dist/nextjs/api.js +187 -1
  10. package/dist/nextjs/api.js.map +1 -1
  11. package/dist/nextjs/client.d.ts +28 -0
  12. package/dist/nextjs/client.js +80 -0
  13. package/dist/nextjs/client.js.map +1 -0
  14. package/dist/nextjs/server.d.ts +68 -2
  15. package/dist/nextjs/server.js +125 -4
  16. package/dist/nextjs/server.js.map +1 -1
  17. package/dist/server.d.ts +427 -360
  18. package/dist/server.js +943 -477
  19. package/dist/server.js.map +1 -1
  20. package/migrations/0000_premium_famine.sql +292 -0
  21. package/migrations/meta/0000_snapshot.json +1 -1
  22. package/migrations/meta/_journal.json +2 -2
  23. package/package.json +15 -11
  24. package/migrations/0000_marvelous_justice.sql +0 -197
package/dist/{dto-CLYtuAom.d.ts → authenticate-BmzJ6hTF.d.ts} RENAMED
@@ -1,8 +1,85 @@
1
+ import * as _spfn_core_route from '@spfn/core/route';
1
2
  import * as _sinclair_typebox from '@sinclair/typebox';
2
3
  import { Static } from '@sinclair/typebox';
3
- import * as _spfn_core_route from '@spfn/core/route';
4
4
  import { User } from '@spfn/auth/server';
5
5
 
6
+ /**
7
+ * Role information for client/API responses
8
+ */
9
+ interface Role {
10
+ id: number;
11
+ name: string;
12
+ displayName: string;
13
+ description: string | null;
14
+ isBuiltin: boolean;
15
+ isSystem: boolean;
16
+ isActive: boolean;
17
+ priority: number;
18
+ createdAt: Date;
19
+ updatedAt: Date;
20
+ }
21
+ /**
22
+ * Permission information for client/API responses
23
+ */
24
+ interface Permission {
25
+ id: number;
26
+ name: string;
27
+ displayName: string;
28
+ description: string | null;
29
+ category: string | null;
30
+ isBuiltin: boolean;
31
+ isSystem: boolean;
32
+ isActive: boolean;
33
+ metadata: Record<string, any> | null;
34
+ createdAt: Date;
35
+ updatedAt: Date;
36
+ }
37
+ interface AuthSession {
38
+ userId: number;
39
+ email: string | null;
40
+ emailVerified: boolean;
41
+ phoneVerified: boolean;
42
+ role: Role;
43
+ permissions: Permission[];
44
+ }
45
+ interface ProfileInfo {
46
+ profileId: number;
47
+ displayName: string;
48
+ firstName: string | null;
49
+ lastName: string | null;
50
+ avatarUrl: string | null;
51
+ bio: string | null;
52
+ locale: string;
53
+ timezone: string;
54
+ website: string | null;
55
+ location: string | null;
56
+ company: string | null;
57
+ jobTitle: string | null;
58
+ metadata: Record<string, any> | null;
59
+ createdAt: Date;
60
+ updatedAt: Date;
61
+ }
62
+ /**
63
+ * User Profile Response
64
+ *
65
+ * Complete user data including:
66
+ * - User fields at top level (userId, email, etc.)
67
+ * - Profile data as nested field (optional)
68
+ *
69
+ * Excludes:
70
+ * - Role and permissions (use auth session API)
71
+ */
72
+ interface UserProfile {
73
+ userId: number;
74
+ email: string | null;
75
+ emailVerified: boolean;
76
+ phoneVerified: boolean;
77
+ lastLoginAt: Date | null;
78
+ createdAt: Date;
79
+ updatedAt: Date;
80
+ profile: ProfileInfo | null;
81
+ }
82
+
6
83
  /**
7
84
  * @spfn/auth - Shared Types
8
85
  *
@@ -299,6 +376,73 @@ interface AuthInitOptions {
299
376
  sessionTtl?: string | number;
300
377
  }
301
378
 
379
+ /**
380
+ * @spfn/auth - OAuth Service
381
+ *
382
+ * OAuth 인증 비즈니스 로직
383
+ * - Google OAuth Authorization Code Flow
384
+ * - 소셜 계정 연결/생성
385
+ * - publicKey는 state에서 추출하여 등록
386
+ */
387
+
388
+ interface OAuthStartParams {
389
+ provider: SocialProvider;
390
+ returnUrl: string;
391
+ publicKey: string;
392
+ keyId: string;
393
+ fingerprint: string;
394
+ algorithm: KeyAlgorithmType;
395
+ }
396
+ interface OAuthStartResult {
397
+ authUrl: string;
398
+ }
399
+ interface OAuthCallbackParams {
400
+ provider: SocialProvider;
401
+ code: string;
402
+ state: string;
403
+ }
404
+ interface OAuthCallbackResult {
405
+ redirectUrl: string;
406
+ userId: string;
407
+ keyId: string;
408
+ isNewUser: boolean;
409
+ }
410
+ /**
411
+ * OAuth 로그인 시작 - Provider 로그인 페이지로 리다이렉트할 URL 생성
412
+ *
413
+ * Next.js에서 키쌍을 생성한 후, publicKey를 state에 포함하여 호출
414
+ */
415
+ declare function oauthStartService(params: OAuthStartParams): Promise<OAuthStartResult>;
416
+ /**
417
+ * OAuth 콜백 처리 - Code를 Token으로 교환하고 사용자 생성/연결
418
+ *
419
+ * state에서 publicKey를 추출하여 서버에 등록
420
+ * Next.js는 반환된 userId, keyId로 세션을 구성
421
+ */
422
+ declare function oauthCallbackService(params: OAuthCallbackParams): Promise<OAuthCallbackResult>;
423
+ /**
424
+ * OAuth 에러 리다이렉트 URL 생성
425
+ */
426
+ declare function buildOAuthErrorUrl(error: string): string;
427
+ /**
428
+ * OAuth provider가 활성화되어 있는지 확인
429
+ */
430
+ declare function isOAuthProviderEnabled(provider: SocialProvider): boolean;
431
+ /**
432
+ * 활성화된 모든 OAuth provider 목록
433
+ */
434
+ declare function getEnabledOAuthProviders(): SocialProvider[];
435
+ /**
436
+ * Google access token 조회 (만료 시 자동 리프레시)
437
+ *
438
+ * 저장된 토큰이 만료 임박(5분 이내) 또는 만료 상태이면
439
+ * refresh token으로 자동 갱신 후 DB 업데이트하여 유효한 토큰 반환.
440
+ *
441
+ * @param userId - 사용자 ID
442
+ * @returns 유효한 Google access token
443
+ */
444
+ declare function getGoogleAccessToken(userId: number): Promise<string>;
445
+
302
446
  /**
303
447
  * @spfn/auth - Main Router
304
448
  *
@@ -310,11 +454,146 @@ interface AuthInitOptions {
310
454
  *
311
455
  * Routes:
312
456
  * - Auth: /_auth/exists, /_auth/codes, /_auth/login, /_auth/logout, etc.
457
+ * - OAuth: /_auth/oauth/google, /_auth/oauth/google/callback, etc.
313
458
  * - Invitations: /_auth/invitations/*
314
459
  * - Users: /_auth/users/*
460
+ * - Admin: /_auth/admin/* (superadmin only)
315
461
  */
316
462
  declare const mainAuthRouter: _spfn_core_route.Router<{
317
- getUserProfile: _spfn_core_route.RouteDef<{}, {}, UserProfile>;
463
+ checkAccountExists: _spfn_core_route.RouteDef<{
464
+ body: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
465
+ email: _sinclair_typebox.TString;
466
+ }>, _sinclair_typebox.TObject<{
467
+ phone: _sinclair_typebox.TString;
468
+ }>]>;
469
+ }, {}, CheckAccountExistsResult>;
470
+ sendVerificationCode: _spfn_core_route.RouteDef<{
471
+ body: _sinclair_typebox.TObject<{
472
+ target: _sinclair_typebox.TString;
473
+ targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
474
+ purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
475
+ }>;
476
+ }, {}, SendVerificationCodeResult>;
477
+ verifyCode: _spfn_core_route.RouteDef<{
478
+ body: _sinclair_typebox.TObject<{
479
+ target: _sinclair_typebox.TString;
480
+ targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
481
+ code: _sinclair_typebox.TString;
482
+ purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
483
+ }>;
484
+ }, {}, {
485
+ valid: boolean;
486
+ verificationToken: string;
487
+ }>;
488
+ register: _spfn_core_route.RouteDef<{
489
+ body: _sinclair_typebox.TObject<{
490
+ email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
491
+ phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
492
+ verificationToken: _sinclair_typebox.TString;
493
+ password: _sinclair_typebox.TString;
494
+ }>;
495
+ }, {
496
+ body: _sinclair_typebox.TObject<{
497
+ publicKey: _sinclair_typebox.TString;
498
+ keyId: _sinclair_typebox.TString;
499
+ fingerprint: _sinclair_typebox.TString;
500
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
501
+ }>;
502
+ }, RegisterResult>;
503
+ login: _spfn_core_route.RouteDef<{
504
+ body: _sinclair_typebox.TObject<{
505
+ email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
506
+ phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
507
+ password: _sinclair_typebox.TString;
508
+ }>;
509
+ }, {
510
+ body: _sinclair_typebox.TObject<{
511
+ publicKey: _sinclair_typebox.TString;
512
+ keyId: _sinclair_typebox.TString;
513
+ fingerprint: _sinclair_typebox.TString;
514
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
515
+ oldKeyId: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
516
+ }>;
517
+ }, LoginResult>;
518
+ logout: _spfn_core_route.RouteDef<{}, {}, void>;
519
+ rotateKey: _spfn_core_route.RouteDef<{}, {
520
+ body: _sinclair_typebox.TObject<{
521
+ publicKey: _sinclair_typebox.TString;
522
+ keyId: _sinclair_typebox.TString;
523
+ fingerprint: _sinclair_typebox.TString;
524
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
525
+ }>;
526
+ }, RotateKeyResult>;
527
+ changePassword: _spfn_core_route.RouteDef<{
528
+ body: _sinclair_typebox.TObject<{
529
+ currentPassword: _sinclair_typebox.TString;
530
+ newPassword: _sinclair_typebox.TString;
531
+ }>;
532
+ }, {}, void>;
533
+ getAuthSession: _spfn_core_route.RouteDef<{}, {}, {
534
+ role: {
535
+ id: number;
536
+ name: string;
537
+ displayName: string;
538
+ priority: number;
539
+ };
540
+ permissions: {
541
+ id: number;
542
+ name: string;
543
+ displayName: string;
544
+ category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
545
+ }[];
546
+ userId: number;
547
+ email: string | null;
548
+ emailVerified: boolean;
549
+ phoneVerified: boolean;
550
+ }>;
551
+ oauthGoogleStart: _spfn_core_route.RouteDef<{
552
+ query: _sinclair_typebox.TObject<{
553
+ state: _sinclair_typebox.TString;
554
+ }>;
555
+ }, {}, Response>;
556
+ oauthGoogleCallback: _spfn_core_route.RouteDef<{
557
+ query: _sinclair_typebox.TObject<{
558
+ code: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
559
+ state: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
560
+ error: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
561
+ error_description: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
562
+ }>;
563
+ }, {}, Response>;
564
+ oauthStart: _spfn_core_route.RouteDef<{
565
+ body: _sinclair_typebox.TObject<{
566
+ provider: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"google" | "github" | "kakao" | "naver">[]>;
567
+ returnUrl: _sinclair_typebox.TString;
568
+ publicKey: _sinclair_typebox.TString;
569
+ keyId: _sinclair_typebox.TString;
570
+ fingerprint: _sinclair_typebox.TString;
571
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
572
+ }>;
573
+ }, {}, OAuthStartResult>;
574
+ oauthProviders: _spfn_core_route.RouteDef<{}, {}, {
575
+ providers: ("google" | "github" | "kakao" | "naver")[];
576
+ }>;
577
+ getGoogleOAuthUrl: _spfn_core_route.RouteDef<{
578
+ body: _sinclair_typebox.TObject<{
579
+ returnUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
580
+ state: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
581
+ }>;
582
+ }, {}, {
583
+ authUrl: string;
584
+ }>;
585
+ oauthFinalize: _spfn_core_route.RouteDef<{
586
+ body: _sinclair_typebox.TObject<{
587
+ userId: _sinclair_typebox.TString;
588
+ keyId: _sinclair_typebox.TString;
589
+ returnUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
590
+ }>;
591
+ }, {}, {
592
+ success: boolean;
593
+ userId: string;
594
+ keyId: string;
595
+ returnUrl: string;
596
+ }>;
318
597
  getInvitation: _spfn_core_route.RouteDef<{
319
598
  params: _sinclair_typebox.TObject<{
320
599
  token: _sinclair_typebox.TString;
@@ -414,98 +693,105 @@ declare const mainAuthRouter: _spfn_core_route.Router<{
414
693
  body: _sinclair_typebox.TObject<{
415
694
  id: _sinclair_typebox.TNumber;
416
695
  }>;
417
- }, {}, Response>;
418
- checkAccountExists: _spfn_core_route.RouteDef<{
419
- body: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
420
- email: _sinclair_typebox.TString;
421
- }>, _sinclair_typebox.TObject<{
422
- phone: _sinclair_typebox.TString;
423
- }>]>;
424
- }, {}, CheckAccountExistsResult>;
425
- sendVerificationCode: _spfn_core_route.RouteDef<{
696
+ }, {}, void>;
697
+ getUserProfile: _spfn_core_route.RouteDef<{}, {}, UserProfile>;
698
+ updateUserProfile: _spfn_core_route.RouteDef<{
426
699
  body: _sinclair_typebox.TObject<{
427
- target: _sinclair_typebox.TString;
428
- targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
429
- purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
700
+ displayName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
701
+ firstName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
702
+ lastName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
703
+ avatarUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
704
+ bio: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
705
+ locale: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
706
+ timezone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
707
+ dateOfBirth: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
708
+ gender: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
709
+ website: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
710
+ location: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
711
+ company: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
712
+ jobTitle: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
713
+ metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TAny>>;
430
714
  }>;
431
- }, {}, SendVerificationCodeResult>;
432
- verifyCode: _spfn_core_route.RouteDef<{
433
- body: _sinclair_typebox.TObject<{
434
- target: _sinclair_typebox.TString;
435
- targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
436
- code: _sinclair_typebox.TString;
437
- purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
715
+ }, {}, ProfileInfo>;
716
+ listRoles: _spfn_core_route.RouteDef<{
717
+ query: _sinclair_typebox.TObject<{
718
+ includeInactive: _sinclair_typebox.TOptional<_sinclair_typebox.TBoolean>;
438
719
  }>;
439
720
  }, {}, {
440
- valid: boolean;
441
- verificationToken: string;
721
+ roles: {
722
+ description: string | null;
723
+ id: number;
724
+ name: string;
725
+ displayName: string;
726
+ isBuiltin: boolean;
727
+ isSystem: boolean;
728
+ isActive: boolean;
729
+ priority: number;
730
+ createdAt: Date;
731
+ updatedAt: Date;
732
+ }[];
442
733
  }>;
443
- register: _spfn_core_route.RouteDef<{
444
- body: _sinclair_typebox.TObject<{
445
- email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
446
- phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
447
- verificationToken: _sinclair_typebox.TString;
448
- password: _sinclair_typebox.TString;
449
- }>;
450
- }, {
451
- body: _sinclair_typebox.TObject<{
452
- publicKey: _sinclair_typebox.TString;
453
- keyId: _sinclair_typebox.TString;
454
- fingerprint: _sinclair_typebox.TString;
455
- algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
456
- }>;
457
- }, RegisterResult>;
458
- login: _spfn_core_route.RouteDef<{
459
- body: _sinclair_typebox.TObject<{
460
- email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
461
- phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
462
- password: _sinclair_typebox.TString;
463
- }>;
464
- }, {
465
- body: _sinclair_typebox.TObject<{
466
- publicKey: _sinclair_typebox.TString;
467
- keyId: _sinclair_typebox.TString;
468
- fingerprint: _sinclair_typebox.TString;
469
- algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
470
- oldKeyId: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
471
- }>;
472
- }, LoginResult>;
473
- logout: _spfn_core_route.RouteDef<{
474
- body: _sinclair_typebox.TObject<{}>;
475
- }, {}, Response>;
476
- rotateKey: _spfn_core_route.RouteDef<{
477
- body: _sinclair_typebox.TObject<{}>;
478
- }, {
734
+ createAdminRole: _spfn_core_route.RouteDef<{
479
735
  body: _sinclair_typebox.TObject<{
480
- publicKey: _sinclair_typebox.TString;
481
- keyId: _sinclair_typebox.TString;
482
- fingerprint: _sinclair_typebox.TString;
483
- algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
736
+ name: _sinclair_typebox.TString;
737
+ displayName: _sinclair_typebox.TString;
738
+ description: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
739
+ priority: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
740
+ permissionIds: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TNumber>>;
484
741
  }>;
485
- }, RotateKeyResult>;
486
- changePassword: _spfn_core_route.RouteDef<{
487
- body: _sinclair_typebox.TObject<{
488
- currentPassword: _sinclair_typebox.TString;
489
- newPassword: _sinclair_typebox.TString;
490
- }>;
491
- }, {}, Response>;
492
- getAuthSession: _spfn_core_route.RouteDef<{}, {}, {
742
+ }, {}, {
493
743
  role: {
744
+ description: string | null;
494
745
  id: number;
495
746
  name: string;
496
747
  displayName: string;
748
+ isBuiltin: boolean;
749
+ isSystem: boolean;
750
+ isActive: boolean;
497
751
  priority: number;
752
+ createdAt: Date;
753
+ updatedAt: Date;
498
754
  };
499
- permissions: {
755
+ }>;
756
+ updateAdminRole: _spfn_core_route.RouteDef<{
757
+ params: _sinclair_typebox.TObject<{
758
+ id: _sinclair_typebox.TNumber;
759
+ }>;
760
+ body: _sinclair_typebox.TObject<{
761
+ displayName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
762
+ description: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
763
+ priority: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
764
+ isActive: _sinclair_typebox.TOptional<_sinclair_typebox.TBoolean>;
765
+ }>;
766
+ }, {}, {
767
+ role: {
768
+ description: string | null;
500
769
  id: number;
501
770
  name: string;
502
771
  displayName: string;
503
- category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
504
- }[];
772
+ isBuiltin: boolean;
773
+ isSystem: boolean;
774
+ isActive: boolean;
775
+ priority: number;
776
+ createdAt: Date;
777
+ updatedAt: Date;
778
+ };
779
+ }>;
780
+ deleteAdminRole: _spfn_core_route.RouteDef<{
781
+ params: _sinclair_typebox.TObject<{
782
+ id: _sinclair_typebox.TNumber;
783
+ }>;
784
+ }, {}, void>;
785
+ updateUserRole: _spfn_core_route.RouteDef<{
786
+ params: _sinclair_typebox.TObject<{
787
+ userId: _sinclair_typebox.TNumber;
788
+ }>;
789
+ body: _sinclair_typebox.TObject<{
790
+ roleId: _sinclair_typebox.TNumber;
791
+ }>;
792
+ }, {}, {
505
793
  userId: number;
506
- email: string | null;
507
- emailVerified: boolean;
508
- phoneVerified: boolean;
794
+ roleId: number;
509
795
  }>;
510
796
  }>;
511
797
 
@@ -551,80 +837,4 @@ declare module 'hono' {
551
837
  */
552
838
  declare const authenticate: _spfn_core_route.NamedMiddleware<"auth">;
553
839
 
554
- /**
555
- * Role information for client/API responses
556
- */
557
- interface Role {
558
- id: number;
559
- name: string;
560
- displayName: string;
561
- description: string | null;
562
- isBuiltin: boolean;
563
- isSystem: boolean;
564
- isActive: boolean;
565
- priority: number;
566
- createdAt: Date;
567
- updatedAt: Date;
568
- }
569
- /**
570
- * Permission information for client/API responses
571
- */
572
- interface Permission {
573
- id: number;
574
- name: string;
575
- displayName: string;
576
- description: string | null;
577
- category: string | null;
578
- isBuiltin: boolean;
579
- isSystem: boolean;
580
- isActive: boolean;
581
- metadata: Record<string, any> | null;
582
- createdAt: Date;
583
- updatedAt: Date;
584
- }
585
- interface AuthSession {
586
- userId: number;
587
- email: string | null;
588
- emailVerified: boolean;
589
- phoneVerified: boolean;
590
- role: Role;
591
- permissions: Permission[];
592
- }
593
- interface ProfileInfo {
594
- profileId: number;
595
- displayName: string;
596
- firstName: string | null;
597
- lastName: string | null;
598
- avatarUrl: string | null;
599
- bio: string | null;
600
- locale: string;
601
- timezone: string;
602
- website: string | null;
603
- location: string | null;
604
- company: string | null;
605
- jobTitle: string | null;
606
- createdAt: Date;
607
- updatedAt: Date;
608
- }
609
- /**
610
- * User Profile Response
611
- *
612
- * Complete user data including:
613
- * - User fields at top level (userId, email, etc.)
614
- * - Profile data as nested field (optional)
615
- *
616
- * Excludes:
617
- * - Role and permissions (use auth session API)
618
- */
619
- interface UserProfile {
620
- userId: number;
621
- email: string | null;
622
- emailVerified: boolean;
623
- phoneVerified: boolean;
624
- lastLoginAt: Date | null;
625
- createdAt: Date;
626
- updatedAt: Date;
627
- profile: ProfileInfo | null;
628
- }
629
-
630
- export { VerificationPurposeSchema as $, type AuthSession as A, type ChangePasswordParams as B, type CheckAccountExistsResult as C, sendVerificationCodeService as D, verifyCodeService as E, type SendVerificationCodeParams as F, type VerifyCodeParams as G, type VerifyCodeResult as H, INVITATION_STATUSES as I, registerPublicKeyService as J, KEY_ALGORITHM as K, type LoginResult as L, rotateKeyService as M, revokeKeyService as N, type RegisterPublicKeyParams as O, type PermissionConfig as P, type RotateKeyParams as Q, type RoleConfig as R, type SendVerificationCodeResult as S, type RevokeKeyParams as T, type UserProfile as U, type VerificationTargetType as V, authenticate as W, EmailSchema as X, PhoneSchema as Y, PasswordSchema as Z, TargetTypeSchema as _, type RegisterResult as a, type RotateKeyResult as b, type ProfileInfo as c, USER_STATUSES as d, SOCIAL_PROVIDERS as e, type VerificationPurpose as f, VERIFICATION_TARGET_TYPES as g, VERIFICATION_PURPOSES as h, PERMISSION_CATEGORIES as i, type PermissionCategory as j, type AuthInitOptions as k, type KeyAlgorithmType as l, mainAuthRouter as m, type InvitationStatus as n, type UserStatus as o, type SocialProvider as p, type AuthContext as q, checkAccountExistsService as r, registerService as s, loginService as t, logoutService as u, changePasswordService as v, type CheckAccountExistsParams as w, type RegisterParams as x, type LoginParams as y, type LogoutParams as z };
840
+ export { getEnabledOAuthProviders as $, type AuthSession as A, type ChangePasswordParams as B, type CheckAccountExistsResult as C, sendVerificationCodeService as D, verifyCodeService as E, type SendVerificationCodeParams as F, type VerifyCodeParams as G, type VerifyCodeResult as H, INVITATION_STATUSES as I, registerPublicKeyService as J, KEY_ALGORITHM as K, type LoginResult as L, rotateKeyService as M, revokeKeyService as N, type OAuthStartResult as O, type PermissionConfig as P, type RegisterPublicKeyParams as Q, type RoleConfig as R, type SendVerificationCodeResult as S, type RotateKeyParams as T, type UserProfile as U, type VerificationTargetType as V, type RevokeKeyParams as W, oauthStartService as X, oauthCallbackService as Y, buildOAuthErrorUrl as Z, isOAuthProviderEnabled as _, type RegisterResult as a, getGoogleAccessToken as a0, type OAuthStartParams as a1, type OAuthCallbackParams as a2, type OAuthCallbackResult as a3, authenticate as a4, EmailSchema as a5, PhoneSchema as a6, PasswordSchema as a7, TargetTypeSchema as a8, VerificationPurposeSchema as a9, type RotateKeyResult as b, type ProfileInfo as c, USER_STATUSES as d, SOCIAL_PROVIDERS as e, type VerificationPurpose as f, VERIFICATION_TARGET_TYPES as g, VERIFICATION_PURPOSES as h, PERMISSION_CATEGORIES as i, type PermissionCategory as j, type AuthInitOptions as k, type KeyAlgorithmType as l, mainAuthRouter as m, type InvitationStatus as n, type UserStatus as o, type SocialProvider as p, type AuthContext as q, checkAccountExistsService as r, registerService as s, loginService as t, logoutService as u, changePasswordService as v, type CheckAccountExistsParams as w, type RegisterParams as x, type LoginParams as y, type LogoutParams as z };