@startsimpli/auth 0.1.0 → 0.1.2

package/src/types/index.ts

@@ -140,3 +140,103 @@ export function hasRolePermission(
 ): boolean {
   return ROLE_HIERARCHY[userRole] >= ROLE_HIERARCHY[requiredRole];
 }
+
+/**
+ * Password reset request payload
+ * Initiates password reset flow by sending reset email
+ */
+export interface PasswordResetRequest {
+  email: string;
+  clientMetadata?: Record<string, any>;
+}
+
+/**
+ * Password reset confirmation payload
+ * Completes password reset with token and new password
+ */
+export interface PasswordResetConfirm {
+  token: string;
+  password: string;
+  passwordConfirm: string;
+}
+
+/**
+ * Email verification request payload
+ * Verifies user email with token from verification email
+ */
+export interface EmailVerificationRequest {
+  token: string;
+}
+
+/**
+ * Email verification response
+ * Returns updated user data after successful verification
+ */
+export interface EmailVerificationResponse {
+  detail: string;
+  user: {
+    id: string;
+    email: string;
+    isEmailVerified: boolean;
+  };
+}
+
+/**
+ * API error response from Django backend
+ * Standard error format for all API errors
+ */
+export interface ApiErrorResponse {
+  detail?: string;
+  message?: string;
+  errors?: Record<string, string[]>;
+  code?: string;
+  status?: number;
+}
+
+/**
+ * Validation error detail
+ * Individual field validation error
+ */
+export interface ValidationError {
+  field: string;
+  message: string;
+  code?: string;
+}
+
+/**
+ * Validation errors map
+ * Maps field names to error messages
+ */
+export type ValidationErrorsMap = Record<string, string[]>;
+
+/**
+ * Password validation error codes
+ */
+export enum PasswordErrorCode {
+  TOO_SHORT = 'password_too_short',
+  TOO_COMMON = 'password_too_common',
+  ENTIRELY_NUMERIC = 'password_entirely_numeric',
+  TOO_SIMILAR = 'password_too_similar',
+  MISMATCH = 'password_mismatch',
+  REQUIRED = 'password_required',
+}
+
+/**
+ * Email validation error codes
+ */
+export enum EmailErrorCode {
+  INVALID_FORMAT = 'email_invalid_format',
+  REQUIRED = 'email_required',
+  NOT_FOUND = 'email_not_found',
+  ALREADY_EXISTS = 'email_already_exists',
+}
+
+/**
+ * General validation error codes
+ */
+export enum ValidationErrorCode {
+  REQUIRED = 'required',
+  INVALID = 'invalid',
+  TOO_SHORT = 'too_short',
+  TOO_LONG = 'too_long',
+}

package/src/utils/validation.ts

@@ -0,0 +1,190 @@
+import { z } from 'zod';
+import {
+  PasswordErrorCode,
+  EmailErrorCode,
+  ValidationErrorsMap,
+} from '../types';
+
+/**
+ * Email validation schema
+ * Matches Django email validation rules
+ */
+export const emailSchema = z
+  .string({
+    message: EmailErrorCode.REQUIRED,
+  })
+  .email({
+    message: EmailErrorCode.INVALID_FORMAT,
+  })
+  .min(1, { message: EmailErrorCode.REQUIRED })
+  .max(254, { message: 'Email must be less than 254 characters' })
+  .toLowerCase()
+  .trim();
+
+/**
+ * Password validation schema
+ * Matches Django password validation rules:
+ * - Minimum 8 characters
+ * - Cannot be entirely numeric
+ * - Cannot be too common (basic check)
+ */
+export const passwordSchema = z
+  .string({
+    message: PasswordErrorCode.REQUIRED,
+  })
+  .min(8, { message: PasswordErrorCode.TOO_SHORT })
+  .refine((val) => !/^\d+$/.test(val), {
+    message: PasswordErrorCode.ENTIRELY_NUMERIC,
+  })
+  .refine(
+    (val) => {
+      // Common password check (basic list)
+      const commonPasswords = [
+        'password',
+        '12345678',
+        'password1',
+        'qwerty123',
+        'abc123456',
+      ];
+      return !commonPasswords.includes(val.toLowerCase());
+    },
+    {
+      message: PasswordErrorCode.TOO_COMMON,
+    }
+  );
+
+/**
+ * Password confirmation schema
+ * Validates password and confirmation match
+ */
+export const passwordConfirmSchema = z
+  .object({
+    password: passwordSchema,
+    passwordConfirm: z.string(),
+  })
+  .refine((data) => data.password === data.passwordConfirm, {
+    message: PasswordErrorCode.MISMATCH,
+    path: ['passwordConfirm'],
+  });
+
+/**
+ * Password reset request schema
+ */
+export const passwordResetRequestSchema = z.object({
+  email: emailSchema,
+  clientMetadata: z.record(z.string(), z.any()).optional(),
+});
+
+/**
+ * Password reset confirm schema
+ */
+export const passwordResetConfirmSchema = z
+  .object({
+    token: z.string().min(1, { message: 'Token is required' }),
+    password: passwordSchema,
+    passwordConfirm: z.string(),
+  })
+  .refine((data) => data.password === data.passwordConfirm, {
+    message: PasswordErrorCode.MISMATCH,
+    path: ['passwordConfirm'] as const,
+  });
+
+/**
+ * Email verification request schema
+ */
+export const emailVerificationRequestSchema = z.object({
+  token: z.string().min(1, { message: 'Token is required' }),
+});
+
+/**
+ * Convert Zod error to validation errors map
+ * Matches Django error response format
+ */
+export function zodErrorToValidationMap(
+  error: z.ZodError<any>
+): ValidationErrorsMap {
+  const errors: ValidationErrorsMap = {};
+
+  error.issues.forEach((err) => {
+    const field = err.path.join('.');
+    if (!errors[field]) {
+      errors[field] = [];
+    }
+    errors[field].push(err.message);
+  });
+
+  return errors;
+}
+
+/**
+ * Validate email and return errors
+ */
+export function validateEmail(email: string): string[] {
+  const result = emailSchema.safeParse(email);
+  if (!result.success) {
+    return result.error.issues.map((err) => err.message);
+  }
+  return [];
+}
+
+/**
+ * Validate password and return errors
+ */
+export function validatePassword(password: string): string[] {
+  const result = passwordSchema.safeParse(password);
+  if (!result.success) {
+    return result.error.issues.map((err) => err.message);
+  }
+  return [];
+}
+
+/**
+ * Validate password reset request and return errors
+ */
+export function validatePasswordResetRequest(data: unknown): {
+  success: boolean;
+  errors?: ValidationErrorsMap;
+} {
+  const result = passwordResetRequestSchema.safeParse(data);
+  if (!result.success) {
+    return {
+      success: false,
+      errors: zodErrorToValidationMap(result.error),
+    };
+  }
+  return { success: true };
+}
+
+/**
+ * Validate password reset confirmation and return errors
+ */
+export function validatePasswordResetConfirm(data: unknown): {
+  success: boolean;
+  errors?: ValidationErrorsMap;
+} {
+  const result = passwordResetConfirmSchema.safeParse(data);
+  if (!result.success) {
+    return {
+      success: false,
+      errors: zodErrorToValidationMap(result.error),
+    };
+  }
+  return { success: true };
+}
+
+/**
+ * Validate email verification request and return errors
+ */
+export function validateEmailVerificationRequest(data: unknown): {
+  success: boolean;
+  errors?: ValidationErrorsMap;
+} {
+  const result = emailVerificationRequestSchema.safeParse(data);
+  if (!result.success) {
+    return {
+      success: false,
+      errors: zodErrorToValidationMap(result.error),
+    };
+  }
+  return { success: true };
+}