npm - @tstdl/base - Versions diffs - 0.93.178 → 0.93.180 - Mend

@tstdl/base 0.93.178 → 0.93.180

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (207) hide show

package/authentication/authentication.api.d.ts CHANGED Viewed

@@ -2,23 +2,23 @@ import { type ApiDefinition, type ApiEndpointsDefinition } from '../api/types.js
 import { type ObjectSchema, type ObjectSchemaOrType } from '../schema/index.js';
 import type { SchemaTestable } from '../schema/schema.js';
 import type { Record } from '../types/index.js';
-import type { TokenPayload } from './index.js';
-import { SecretCheckResult } from './models/secret-check-result.model.js';
+import { type TokenPayload } from './models/index.js';
+import { PasswordCheckResult } from './models/password-check-result.model.js';
 /**
  * Can be provided in {@link ApiEndpointDefinition} data property to signal that the request does not need a valid token.
  * Useful for login, refresh, etc. endpoints.
  */
 export declare const dontWaitForValidToken: unique symbol;
-type GetAuthenticationApiEndpointsDefinition<AdditionalTokenPayload extends Record = Record<never>, AuthenticationData = void, AdditionalInitSecretResetData = void> = typeof getAuthenticationApiEndpointsDefinition<AdditionalTokenPayload, AuthenticationData, AdditionalInitSecretResetData>;
-type AuthenticationApiEndpointsDefinition<AdditionalTokenPayload extends Record = Record<never>, AuthenticationData = void, AdditionalInitSecretResetData = void> = ReturnType<GetAuthenticationApiEndpointsDefinition<AdditionalTokenPayload, AuthenticationData, AdditionalInitSecretResetData>>;
+type GetAuthenticationApiEndpointsDefinition<AdditionalTokenPayload extends Record = Record<never>, AuthenticationData = void, AdditionalInitPasswordResetData = void> = typeof getAuthenticationApiEndpointsDefinition<AdditionalTokenPayload, AuthenticationData, AdditionalInitPasswordResetData>;
+type AuthenticationApiEndpointsDefinition<AdditionalTokenPayload extends Record = Record<never>, AuthenticationData = void, AdditionalInitPasswordResetData = void> = ReturnType<GetAuthenticationApiEndpointsDefinition<AdditionalTokenPayload, AuthenticationData, AdditionalInitPasswordResetData>>;
 /**
  * Authentication REST API definition
  *
  * @template AdditionalTokenPayload Type of additional token payload
  * @template AuthenticationData Type of additional authentication data
- * @template AdditionalInitSecretResetData Type of additional secret reset data
+ * @template AdditionalInitPasswordResetData Type of additional password reset data
  */
-export type AuthenticationApiDefinition<AdditionalTokenPayload extends Record = Record<never>, AuthenticationData = void, AdditionalInitSecretResetData = void> = ApiDefinition<string, AuthenticationApiEndpointsDefinition<AdditionalTokenPayload, AuthenticationData, AdditionalInitSecretResetData>>;
+export type AuthenticationApiDefinition<AdditionalTokenPayload extends Record = Record<never>, AuthenticationData = void, AdditionalInitPasswordResetData = void> = ApiDefinition<string, AuthenticationApiEndpointsDefinition<AdditionalTokenPayload, AuthenticationData, AdditionalInitPasswordResetData>>;
 /** Default authentication API definition */
 export declare const authenticationApiDefinition: {
     resource: string;
@@ -29,16 +29,115 @@ export declare const authenticationApiDefinition: {
             parameters: ObjectSchema<{
                 readonly tenantId: string | undefined;
                 readonly subject: string;
-                readonly secret: string;
+                readonly password: string;
                 readonly remember: boolean;
                 readonly data: undefined;
             }>;
-            result: ObjectSchema<TokenPayload<import("type-fest").EmptyObject>>;
+            result: import("../schema/index.js").UnionSchema<[ObjectSchema<{
+                type: "success";
+                result: TokenPayload<import("type-fest").EmptyObject>;
+                lowRecoveryCodesWarning?: boolean | undefined;
+            }>, ObjectSchema<{
+                type: "totp";
+                challengeToken: string;
+            }>]>;
+            credentials: true;
+            data: {
+                [dontWaitForValidToken]: boolean;
+            };
+        };
+        loginVerifyTotp: {
+            resource: string;
+            method: "POST";
+            parameters: ObjectSchema<{
+                readonly challengeToken: string;
+                readonly token: string;
+            }>;
+            result: ObjectSchema<{
+                type: "success";
+                result: TokenPayload<import("type-fest").EmptyObject>;
+                lowRecoveryCodesWarning?: boolean | undefined;
+            }>;
+            credentials: true;
+            data: {
+                [dontWaitForValidToken]: boolean;
+            };
+        };
+        loginRecovery: {
+            resource: string;
+            method: "POST";
+            parameters: ObjectSchema<{
+                challengeToken: string;
+                recoveryCode: string;
+            }>;
+            result: ObjectSchema<{
+                type: "success";
+                result: TokenPayload<import("type-fest").EmptyObject>;
+                lowRecoveryCodesWarning?: boolean | undefined;
+            }>;
             credentials: true;
             data: {
                 [dontWaitForValidToken]: boolean;
             };
         };
+        initEnrollTotp: {
+            resource: string;
+            method: "POST";
+            result: ObjectSchema<{
+                secret: string;
+                uri: string;
+            }>;
+            credentials: true;
+        };
+        completeEnrollTotp: {
+            resource: string;
+            method: "POST";
+            parameters: ObjectSchema<{
+                token: string;
+            }>;
+            result: ObjectSchema<{
+                recoveryCodes: string[];
+            }>;
+            credentials: true;
+        };
+        disableTotp: {
+            resource: string;
+            method: "POST";
+            parameters: ObjectSchema<{
+                token: string;
+            }>;
+            result: import("../schema/index.js").LiteralSchema<"ok">;
+            credentials: true;
+        };
+        disableTotpWithRecoveryCode: {
+            resource: string;
+            method: "POST";
+            parameters: ObjectSchema<{
+                recoveryCode: string;
+            }>;
+            result: import("../schema/index.js").LiteralSchema<"ok">;
+            credentials: true;
+        };
+        regenerateRecoveryCodes: {
+            resource: string;
+            method: "POST";
+            parameters: ObjectSchema<{
+                token: string;
+                invalidateOtherSessions?: boolean | undefined;
+            }>;
+            result: ObjectSchema<{
+                recoveryCodes: string[];
+            }>;
+            credentials: true;
+        };
+        getTotpStatus: {
+            resource: string;
+            method: "GET";
+            result: ObjectSchema<{
+                active: boolean;
+            }>;
+            credentials: true;
+        };
         refresh: {
             resource: string;
             method: "POST";
@@ -85,19 +184,17 @@ export declare const authenticationApiDefinition: {
                 [dontWaitForValidToken]: boolean;
             };
         };
-        changeSecret: {
+        changePassword: {
             resource: string;
             method: "POST";
             parameters: ObjectSchema<{
-                readonly tenantId: string | undefined;
-                readonly subject: string;
-                readonly currentSecret: string;
-                readonly newSecret: string;
+                currentPassword: string;
+                newPassword: string;
             }>;
             result: import("../schema/index.js").LiteralSchema<"ok">;
             credentials: true;
         };
-        initSecretReset: {
+        initPasswordReset: {
             resource: string;
             method: "POST";
             parameters: ObjectSchema<{
@@ -107,22 +204,22 @@ export declare const authenticationApiDefinition: {
             }>;
             result: import("../schema/index.js").LiteralSchema<"ok">;
         };
-        resetSecret: {
+        resetPassword: {
             resource: string;
             method: "POST";
             parameters: ObjectSchema<{
                 token: string;
-                newSecret: string;
+                newPassword: string;
             }>;
             result: import("../schema/index.js").LiteralSchema<"ok">;
         };
-        checkSecret: {
+        checkPassword: {
             resource: string;
             method: "POST";
             parameters: ObjectSchema<{
-                secret: string;
+                password: string;
             }>;
-            result: typeof SecretCheckResult;
+            result: typeof PasswordCheckResult;
         };
         timestamp: {
             resource: string;
@@ -131,22 +228,38 @@ export declare const authenticationApiDefinition: {
                 [dontWaitForValidToken]: boolean;
             };
         };
+        listSessions: {
+            resource: string;
+            method: "GET";
+            result: import("../schema/index.js").ArraySchema<{
+                id: import("../orm/types.js").IsPrimaryKey<import("../orm/types.js").HasDefault<import("../orm/types.js").Uuid>>;
+                begin: import("../orm/types.js").Timestamp;
+                end: import("../orm/types.js").Timestamp;
+            }>;
+            credentials: true;
+        };
+        invalidateAllOtherSessions: {
+            resource: string;
+            method: "POST";
+            result: import("../schema/index.js").LiteralSchema<"ok">;
+            credentials: true;
+        };
     };
 };
 /**
  * Get authentication REST API definition
  * @param additionalTokenPayloadSchema Schema for additional token payload
  * @param authenticationDataSchema Schema for additional authentication data
- * @param initSecretResetDataSchema Schema for additional secret reset data
+ * @param initPasswordResetDataSchema Schema for additional password reset data
  * @param resource Resource name (default: 'auth')
  * @param additionalEndpoints Additional endpoints to add to the API definition
  * @returns Authentication REST API definition
  * @template AdditionalTokenPayload Type of additional token payload
  * @template AuthenticationData Type of additional authentication data
- * @template AdditionalInitSecretResetData Type of additional secret reset data
+ * @template AdditionalInitPasswordResetData Type of additional password reset data
  * @template AdditionalEndpoints Type of additional endpoints
  */
-export declare function getAuthenticationApiDefinition<AdditionalTokenPayload extends Record, AuthenticationData, AdditionalInitSecretResetData, AdditionalEndpoints extends ApiEndpointsDefinition>(additionalTokenPayloadSchema: ObjectSchemaOrType<AdditionalTokenPayload>, authenticationDataSchema: SchemaTestable<AuthenticationData>, initSecretResetDataSchema: SchemaTestable<AdditionalInitSecretResetData>, resource?: string, additionalEndpoints?: AdditionalEndpoints): {
+export declare function getAuthenticationApiDefinition<AdditionalTokenPayload extends Record, AuthenticationData, AdditionalInitPasswordResetData, AdditionalEndpoints extends ApiEndpointsDefinition>(additionalTokenPayloadSchema: ObjectSchemaOrType<AdditionalTokenPayload>, authenticationDataSchema: SchemaTestable<AuthenticationData>, initPasswordResetDataSchema: SchemaTestable<AdditionalInitPasswordResetData>, resource?: string, additionalEndpoints?: AdditionalEndpoints): {
     resource: string;
     endpoints: {
         login: {
@@ -155,16 +268,115 @@ export declare function getAuthenticationApiDefinition<AdditionalTokenPayload ex
             parameters: ObjectSchema<{
                 readonly tenantId: string | undefined;
                 readonly subject: string;
-                readonly secret: string;
+                readonly password: string;
                 readonly remember: boolean;
                 readonly data: AuthenticationData;
             }>;
-            result: ObjectSchema<TokenPayload<AdditionalTokenPayload>>;
+            result: import("../schema/index.js").UnionSchema<[ObjectSchema<{
+                type: "success";
+                result: import("../schema/schema.js").SchemaOutput<ObjectSchema<TokenPayload<AdditionalTokenPayload>>>;
+                lowRecoveryCodesWarning?: boolean | undefined;
+            }>, ObjectSchema<{
+                type: "totp";
+                challengeToken: string;
+            }>]>;
             credentials: true;
             data: {
                 [dontWaitForValidToken]: boolean;
             };
         };
+        loginVerifyTotp: {
+            resource: string;
+            method: "POST";
+            parameters: ObjectSchema<{
+                readonly challengeToken: string;
+                readonly token: string;
+            }>;
+            result: ObjectSchema<{
+                type: "success";
+                result: import("../schema/schema.js").SchemaOutput<ObjectSchema<TokenPayload<AdditionalTokenPayload>>>;
+                lowRecoveryCodesWarning?: boolean | undefined;
+            }>;
+            credentials: true;
+            data: {
+                [dontWaitForValidToken]: boolean;
+            };
+        };
+        loginRecovery: {
+            resource: string;
+            method: "POST";
+            parameters: ObjectSchema<{
+                challengeToken: string;
+                recoveryCode: string;
+            }>;
+            result: ObjectSchema<{
+                type: "success";
+                result: import("../schema/schema.js").SchemaOutput<ObjectSchema<TokenPayload<AdditionalTokenPayload>>>;
+                lowRecoveryCodesWarning?: boolean | undefined;
+            }>;
+            credentials: true;
+            data: {
+                [dontWaitForValidToken]: boolean;
+            };
+        };
+        initEnrollTotp: {
+            resource: string;
+            method: "POST";
+            result: ObjectSchema<{
+                secret: string;
+                uri: string;
+            }>;
+            credentials: true;
+        };
+        completeEnrollTotp: {
+            resource: string;
+            method: "POST";
+            parameters: ObjectSchema<{
+                token: string;
+            }>;
+            result: ObjectSchema<{
+                recoveryCodes: string[];
+            }>;
+            credentials: true;
+        };
+        disableTotp: {
+            resource: string;
+            method: "POST";
+            parameters: ObjectSchema<{
+                token: string;
+            }>;
+            result: import("../schema/index.js").LiteralSchema<"ok">;
+            credentials: true;
+        };
+        disableTotpWithRecoveryCode: {
+            resource: string;
+            method: "POST";
+            parameters: ObjectSchema<{
+                recoveryCode: string;
+            }>;
+            result: import("../schema/index.js").LiteralSchema<"ok">;
+            credentials: true;
+        };
+        regenerateRecoveryCodes: {
+            resource: string;
+            method: "POST";
+            parameters: ObjectSchema<{
+                token: string;
+                invalidateOtherSessions?: boolean | undefined;
+            }>;
+            result: ObjectSchema<{
+                recoveryCodes: string[];
+            }>;
+            credentials: true;
+        };
+        getTotpStatus: {
+            resource: string;
+            method: "GET";
+            result: ObjectSchema<{
+                active: boolean;
+            }>;
+            credentials: true;
+        };
         refresh: {
             resource: string;
             method: "POST";
@@ -211,44 +423,42 @@ export declare function getAuthenticationApiDefinition<AdditionalTokenPayload ex
                 [dontWaitForValidToken]: boolean;
             };
         };
-        changeSecret: {
+        changePassword: {
             resource: string;
             method: "POST";
             parameters: ObjectSchema<{
-                readonly tenantId: string | undefined;
-                readonly subject: string;
-                readonly currentSecret: string;
-                readonly newSecret: string;
+                currentPassword: string;
+                newPassword: string;
             }>;
             result: import("../schema/index.js").LiteralSchema<"ok">;
             credentials: true;
         };
-        initSecretReset: {
+        initPasswordReset: {
             resource: string;
             method: "POST";
             parameters: ObjectSchema<{
                 readonly tenantId: string | undefined;
                 readonly subject: string;
-                readonly data: AdditionalInitSecretResetData;
+                readonly data: AdditionalInitPasswordResetData;
             }>;
             result: import("../schema/index.js").LiteralSchema<"ok">;
         };
-        resetSecret: {
+        resetPassword: {
             resource: string;
             method: "POST";
             parameters: ObjectSchema<{
                 token: string;
-                newSecret: string;
+                newPassword: string;
             }>;
             result: import("../schema/index.js").LiteralSchema<"ok">;
         };
-        checkSecret: {
+        checkPassword: {
             resource: string;
             method: "POST";
             parameters: ObjectSchema<{
-                secret: string;
+                password: string;
             }>;
-            result: typeof SecretCheckResult;
+            result: typeof PasswordCheckResult;
         };
         timestamp: {
             resource: string;
@@ -257,35 +467,150 @@ export declare function getAuthenticationApiDefinition<AdditionalTokenPayload ex
                 [dontWaitForValidToken]: boolean;
             };
         };
+        listSessions: {
+            resource: string;
+            method: "GET";
+            result: import("../schema/index.js").ArraySchema<{
+                id: import("../orm/types.js").IsPrimaryKey<import("../orm/types.js").HasDefault<import("../orm/types.js").Uuid>>;
+                begin: import("../orm/types.js").Timestamp;
+                end: import("../orm/types.js").Timestamp;
+            }>;
+            credentials: true;
+        };
+        invalidateAllOtherSessions: {
+            resource: string;
+            method: "POST";
+            result: import("../schema/index.js").LiteralSchema<"ok">;
+            credentials: true;
+        };
     };
 };
 /**
  * Get authentication REST API endpoints definition
  * @param additionalTokenPayloadSchema Schema for additional token payload
  * @param authenticationDataSchema Schema for additional authentication data
- * @param additionalInitSecretResetDataSchema Schema for additional secret reset data
+ * @param additionalInitPasswordResetDataSchema Schema for additional password reset data
  * @returns Authentication REST API endpoints definition
  * @template AdditionalTokenPayload Type of additional token payload
  * @template AuthenticationData Type of additional authentication data
- * @template AdditionalInitSecretResetData Type of additional secret reset data
+ * @template AdditionalInitPasswordResetData Type of additional password reset data
  */
-export declare function getAuthenticationApiEndpointsDefinition<AdditionalTokenPayload extends Record, AuthenticationData, AdditionalInitSecretResetData>(additionalTokenPayloadSchema: ObjectSchemaOrType<AdditionalTokenPayload>, authenticationDataSchema: SchemaTestable<AuthenticationData>, additionalInitSecretResetDataSchema: SchemaTestable<AdditionalInitSecretResetData>): {
+export declare function getAuthenticationApiEndpointsDefinition<AdditionalTokenPayload extends Record, AuthenticationData, AdditionalInitPasswordResetData>(additionalTokenPayloadSchema: ObjectSchemaOrType<AdditionalTokenPayload>, authenticationDataSchema: SchemaTestable<AuthenticationData>, additionalInitPasswordResetDataSchema: SchemaTestable<AdditionalInitPasswordResetData>): {
     login: {
         resource: string;
         method: "POST";
         parameters: ObjectSchema<{
             readonly tenantId: string | undefined;
             readonly subject: string;
-            readonly secret: string;
+            readonly password: string;
             readonly remember: boolean;
             readonly data: AuthenticationData;
         }>;
-        result: ObjectSchema<TokenPayload<AdditionalTokenPayload>>;
+        result: import("../schema/index.js").UnionSchema<[ObjectSchema<{
+            type: "success";
+            result: import("../schema/schema.js").SchemaOutput<ObjectSchema<TokenPayload<AdditionalTokenPayload>>>;
+            lowRecoveryCodesWarning?: boolean | undefined;
+        }>, ObjectSchema<{
+            type: "totp";
+            challengeToken: string;
+        }>]>;
+        credentials: true;
+        data: {
+            [dontWaitForValidToken]: boolean;
+        };
+    };
+    loginVerifyTotp: {
+        resource: string;
+        method: "POST";
+        parameters: ObjectSchema<{
+            readonly challengeToken: string;
+            readonly token: string;
+        }>;
+        result: ObjectSchema<{
+            type: "success";
+            result: import("../schema/schema.js").SchemaOutput<ObjectSchema<TokenPayload<AdditionalTokenPayload>>>;
+            lowRecoveryCodesWarning?: boolean | undefined;
+        }>;
         credentials: true;
         data: {
             [dontWaitForValidToken]: boolean;
         };
     };
+    loginRecovery: {
+        resource: string;
+        method: "POST";
+        parameters: ObjectSchema<{
+            challengeToken: string;
+            recoveryCode: string;
+        }>;
+        result: ObjectSchema<{
+            type: "success";
+            result: import("../schema/schema.js").SchemaOutput<ObjectSchema<TokenPayload<AdditionalTokenPayload>>>;
+            lowRecoveryCodesWarning?: boolean | undefined;
+        }>;
+        credentials: true;
+        data: {
+            [dontWaitForValidToken]: boolean;
+        };
+    };
+    initEnrollTotp: {
+        resource: string;
+        method: "POST";
+        result: ObjectSchema<{
+            secret: string;
+            uri: string;
+        }>;
+        credentials: true;
+    };
+    completeEnrollTotp: {
+        resource: string;
+        method: "POST";
+        parameters: ObjectSchema<{
+            token: string;
+        }>;
+        result: ObjectSchema<{
+            recoveryCodes: string[];
+        }>;
+        credentials: true;
+    };
+    disableTotp: {
+        resource: string;
+        method: "POST";
+        parameters: ObjectSchema<{
+            token: string;
+        }>;
+        result: import("../schema/index.js").LiteralSchema<"ok">;
+        credentials: true;
+    };
+    disableTotpWithRecoveryCode: {
+        resource: string;
+        method: "POST";
+        parameters: ObjectSchema<{
+            recoveryCode: string;
+        }>;
+        result: import("../schema/index.js").LiteralSchema<"ok">;
+        credentials: true;
+    };
+    regenerateRecoveryCodes: {
+        resource: string;
+        method: "POST";
+        parameters: ObjectSchema<{
+            token: string;
+            invalidateOtherSessions?: boolean | undefined;
+        }>;
+        result: ObjectSchema<{
+            recoveryCodes: string[];
+        }>;
+        credentials: true;
+    };
+    getTotpStatus: {
+        resource: string;
+        method: "GET";
+        result: ObjectSchema<{
+            active: boolean;
+        }>;
+        credentials: true;
+    };
     refresh: {
         resource: string;
         method: "POST";
@@ -332,44 +657,42 @@ export declare function getAuthenticationApiEndpointsDefinition<AdditionalTokenP
             [dontWaitForValidToken]: boolean;
         };
     };
-    changeSecret: {
+    changePassword: {
         resource: string;
         method: "POST";
         parameters: ObjectSchema<{
-            readonly tenantId: string | undefined;
-            readonly subject: string;
-            readonly currentSecret: string;
-            readonly newSecret: string;
+            currentPassword: string;
+            newPassword: string;
         }>;
         result: import("../schema/index.js").LiteralSchema<"ok">;
         credentials: true;
     };
-    initSecretReset: {
+    initPasswordReset: {
         resource: string;
         method: "POST";
         parameters: ObjectSchema<{
             readonly tenantId: string | undefined;
             readonly subject: string;
-            readonly data: AdditionalInitSecretResetData;
+            readonly data: AdditionalInitPasswordResetData;
         }>;
         result: import("../schema/index.js").LiteralSchema<"ok">;
     };
-    resetSecret: {
+    resetPassword: {
         resource: string;
         method: "POST";
         parameters: ObjectSchema<{
             token: string;
-            newSecret: string;
+            newPassword: string;
         }>;
         result: import("../schema/index.js").LiteralSchema<"ok">;
     };
-    checkSecret: {
+    checkPassword: {
         resource: string;
         method: "POST";
         parameters: ObjectSchema<{
-            secret: string;
+            password: string;
         }>;
-        result: typeof SecretCheckResult;
+        result: typeof PasswordCheckResult;
     };
     timestamp: {
         resource: string;
@@ -378,5 +701,21 @@ export declare function getAuthenticationApiEndpointsDefinition<AdditionalTokenP
             [dontWaitForValidToken]: boolean;
         };
     };
+    listSessions: {
+        resource: string;
+        method: "GET";
+        result: import("../schema/index.js").ArraySchema<{
+            id: import("../orm/types.js").IsPrimaryKey<import("../orm/types.js").HasDefault<import("../orm/types.js").Uuid>>;
+            begin: import("../orm/types.js").Timestamp;
+            end: import("../orm/types.js").Timestamp;
+        }>;
+        credentials: true;
+    };
+    invalidateAllOtherSessions: {
+        resource: string;
+        method: "POST";
+        result: import("../schema/index.js").LiteralSchema<"ok">;
+        credentials: true;
+    };
 };
 export {};