@twin.org/api-auth-entity-storage-models 0.0.3-next.21 → 0.0.3-next.23

package/dist/es/index.js

@@ -1,19 +1,27 @@
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
 export * from "./models/api/IAdminUserCreateRequest.js";
-export * from "./models/api/IAdminUserGetRequest.js";
 export * from "./models/api/IAdminUserGetByIdentityRequest.js";
+export * from "./models/api/IAdminUserGetRequest.js";
 export * from "./models/api/IAdminUserGetResponse.js";
 export * from "./models/api/IAdminUserRemoveRequest.js";
 export * from "./models/api/IAdminUserUpdatePasswordRequest.js";
 export * from "./models/api/IAdminUserUpdateRequest.js";
+export * from "./models/api/IAuditCreateRequest.js";
+export * from "./models/api/IAuditQueryRequest.js";
+export * from "./models/api/IAuditQueryResponse.js";
 export * from "./models/api/ILoginRequest.js";
 export * from "./models/api/ILoginResponse.js";
 export * from "./models/api/ILogoutRequest.js";
 export * from "./models/api/IRefreshTokenRequest.js";
 export * from "./models/api/IRefreshTokenResponse.js";
 export * from "./models/api/IUpdatePasswordRequest.js";
+export * from "./models/authAuditEvent.js";
 export * from "./models/IAuthenticationAdminComponent.js";
+export * from "./models/IAuthenticationAuditComponent.js";
+export * from "./models/IAuthenticationAuditEntry.js";
 export * from "./models/IAuthenticationComponent.js";
+export * from "./models/IAuthenticationRateActionConfig.js";
+export * from "./models/IAuthenticationRateComponent.js";
 export * from "./models/IAuthenticationUser.js";
 //# sourceMappingURL=index.js.map

package/dist/es/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,cAAc,yCAAyC,CAAC;AACxD,cAAc,sCAAsC,CAAC;AACrD,cAAc,gDAAgD,CAAC;AAC/D,cAAc,uCAAuC,CAAC;AACtD,cAAc,yCAAyC,CAAC;AACxD,cAAc,iDAAiD,CAAC;AAChE,cAAc,yCAAyC,CAAC;AACxD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,sCAAsC,CAAC;AACrD,cAAc,uCAAuC,CAAC;AACtD,cAAc,wCAAwC,CAAC;AACvD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,sCAAsC,CAAC;AACrD,cAAc,iCAAiC,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nexport * from \"./models/api/IAdminUserCreateRequest.js\";\nexport * from \"./models/api/IAdminUserGetRequest.js\";\nexport * from \"./models/api/IAdminUserGetByIdentityRequest.js\";\nexport * from \"./models/api/IAdminUserGetResponse.js\";\nexport * from \"./models/api/IAdminUserRemoveRequest.js\";\nexport * from \"./models/api/IAdminUserUpdatePasswordRequest.js\";\nexport * from \"./models/api/IAdminUserUpdateRequest.js\";\nexport * from \"./models/api/ILoginRequest.js\";\nexport * from \"./models/api/ILoginResponse.js\";\nexport * from \"./models/api/ILogoutRequest.js\";\nexport * from \"./models/api/IRefreshTokenRequest.js\";\nexport * from \"./models/api/IRefreshTokenResponse.js\";\nexport * from \"./models/api/IUpdatePasswordRequest.js\";\nexport * from \"./models/IAuthenticationAdminComponent.js\";\nexport * from \"./models/IAuthenticationComponent.js\";\nexport * from \"./models/IAuthenticationUser.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,cAAc,yCAAyC,CAAC;AACxD,cAAc,gDAAgD,CAAC;AAC/D,cAAc,sCAAsC,CAAC;AACrD,cAAc,uCAAuC,CAAC;AACtD,cAAc,yCAAyC,CAAC;AACxD,cAAc,iDAAiD,CAAC;AAChE,cAAc,yCAAyC,CAAC;AACxD,cAAc,qCAAqC,CAAC;AACpD,cAAc,oCAAoC,CAAC;AACnD,cAAc,qCAAqC,CAAC;AACpD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,sCAAsC,CAAC;AACrD,cAAc,uCAAuC,CAAC;AACtD,cAAc,wCAAwC,CAAC;AACvD,cAAc,4BAA4B,CAAC;AAC3C,cAAc,2CAA2C,CAAC;AAC1D,cAAc,2CAA2C,CAAC;AAC1D,cAAc,uCAAuC,CAAC;AACtD,cAAc,sCAAsC,CAAC;AACrD,cAAc,6CAA6C,CAAC;AAC5D,cAAc,0CAA0C,CAAC;AACzD,cAAc,iCAAiC,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nexport * from \"./models/api/IAdminUserCreateRequest.js\";\nexport * from \"./models/api/IAdminUserGetByIdentityRequest.js\";\nexport * from \"./models/api/IAdminUserGetRequest.js\";\nexport * from \"./models/api/IAdminUserGetResponse.js\";\nexport * from \"./models/api/IAdminUserRemoveRequest.js\";\nexport * from \"./models/api/IAdminUserUpdatePasswordRequest.js\";\nexport * from \"./models/api/IAdminUserUpdateRequest.js\";\nexport * from \"./models/api/IAuditCreateRequest.js\";\nexport * from \"./models/api/IAuditQueryRequest.js\";\nexport * from \"./models/api/IAuditQueryResponse.js\";\nexport * from \"./models/api/ILoginRequest.js\";\nexport * from \"./models/api/ILoginResponse.js\";\nexport * from \"./models/api/ILogoutRequest.js\";\nexport * from \"./models/api/IRefreshTokenRequest.js\";\nexport * from \"./models/api/IRefreshTokenResponse.js\";\nexport * from \"./models/api/IUpdatePasswordRequest.js\";\nexport * from \"./models/authAuditEvent.js\";\nexport * from \"./models/IAuthenticationAdminComponent.js\";\nexport * from \"./models/IAuthenticationAuditComponent.js\";\nexport * from \"./models/IAuthenticationAuditEntry.js\";\nexport * from \"./models/IAuthenticationComponent.js\";\nexport * from \"./models/IAuthenticationRateActionConfig.js\";\nexport * from \"./models/IAuthenticationRateComponent.js\";\nexport * from \"./models/IAuthenticationUser.js\";\n"]}

package/dist/es/models/IAuthenticationAuditComponent.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAuthenticationAuditComponent.js.map

package/dist/es/models/IAuthenticationAuditComponent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuthenticationAuditComponent.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationAuditComponent.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IComponent } from \"@twin.org/core\";\nimport type { AuthAuditEvent } from \"./authAuditEvent.js\";\nimport type { IAuthenticationAuditEntry } from \"./IAuthenticationAuditEntry.js\";\n\n/**\n * Contract definition for authentication audit component.\n */\nexport interface IAuthenticationAuditComponent extends IComponent {\n\t/**\n\t * Create a new audit entry.\n\t * @param entry The audit entry to be logged.\n\t * @returns The unique identifier of the created audit entry.\n\t */\n\tcreate(entry: Omit<IAuthenticationAuditEntry, \"id\" | \"dateCreated\">): Promise<string>;\n\n\t/**\n\t * Query the audit entries.\n\t * @param options The query options.\n\t * @param options.actorId The actor identifier to filter the audit entries, optional.\n\t * @param options.organizationId The organization identifier to filter the audit entries, optional.\n\t * @param options.tenantId The tenant identifier to filter the audit entries, optional.\n\t * @param options.nodeId The node identifier to filter the audit entries, optional.\n\t * @param options.event The audit event to filter the audit entries, optional.\n\t * @param options.startDate The start date to filter the audit entries, optional.\n\t * @param options.endDate The end date to filter the audit entries, optional.\n\t * @param cursor The cursor for pagination.\n\t * @param limit The maximum number of entries to return.\n\t * @returns The audit entries.\n\t */\n\tquery(\n\t\toptions?: {\n\t\t\tactorId?: string;\n\t\t\torganizationId?: string;\n\t\t\ttenantId?: string;\n\t\t\tnodeId?: string;\n\t\t\tevent?: AuthAuditEvent | string;\n\t\t\tstartDate?: string;\n\t\t\tendDate?: string;\n\t\t},\n\t\tcursor?: string,\n\t\tlimit?: number\n\t): Promise<{\n\t\tentries: IAuthenticationAuditEntry[];\n\t\tcursor?: string;\n\t}>;\n}\n"]}

package/dist/es/models/IAuthenticationAuditEntry.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAuthenticationAuditEntry.js.map

package/dist/es/models/IAuthenticationAuditEntry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuthenticationAuditEntry.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationAuditEntry.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { AuthAuditEvent } from \"./authAuditEvent.js\";\n\n/**\n * Contract definition for authentication audit entry.\n */\nexport interface IAuthenticationAuditEntry {\n\t/**\n\t * The unique identifier for the audit entry.\n\t */\n\tid: string;\n\n\t/**\n\t * The audit event that occurred.\n\t */\n\tevent: AuthAuditEvent | string;\n\n\t/**\n\t * The timestamp of the audit entry in ISO 8601 format.\n\t */\n\tdateCreated: string;\n\n\t/**\n\t * The actor identifier, could be e-mail, username, or other unique identifier.\n\t */\n\tactorId?: string;\n\n\t/**\n\t * The node identifier associated with the audit entry, if applicable.\n\t */\n\tnodeId?: string;\n\n\t/**\n\t * The organization identifier associated with the audit entry, if applicable.\n\t */\n\torganizationId?: string;\n\n\t/**\n\t * The tenant identifier associated with the audit entry, if applicable.\n\t */\n\ttenantId?: string;\n\n\t/**\n\t * The hashed IP addresses of the client.\n\t */\n\tipAddressHashes?: string[];\n\n\t/**\n\t * The user agent string of the client.\n\t */\n\tuserAgent?: string;\n\n\t/**\n\t * The correlation ID for request tracing.\n\t */\n\tcorrelationId?: string;\n\n\t/**\n\t * Additional data related to the audit entry, such as IP address, user agent, etc.\n\t */\n\tdata?: unknown;\n}\n"]}

package/dist/es/models/IAuthenticationRateActionConfig.js

@@ -0,0 +1,4 @@
+// Copyright 2026 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+export {};
+//# sourceMappingURL=IAuthenticationRateActionConfig.js.map

package/dist/es/models/IAuthenticationRateActionConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuthenticationRateActionConfig.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationRateActionConfig.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Configuration for an authentication rate limited action.\n */\nexport interface IAuthenticationRateActionConfig {\n\t/**\n\t * Maximum number of failed attempts allowed per window.\n\t */\n\tmaxAttempts: number;\n\n\t/**\n\t * Rate limit window duration in minutes.\n\t */\n\twindowMinutes: number;\n}\n"]}

package/dist/es/models/IAuthenticationRateComponent.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAuthenticationRateComponent.js.map

package/dist/es/models/IAuthenticationRateComponent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuthenticationRateComponent.js","sourceRoot":"","sources":["../../../src/models/IAuthenticationRateComponent.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IComponent } from \"@twin.org/core\";\nimport type { IAuthenticationRateActionConfig } from \"./IAuthenticationRateActionConfig.js\";\n\n/**\n * Contract definition for authentication rate component.\n */\nexport interface IAuthenticationRateComponent extends IComponent {\n\t/**\n\t * The service needs to be started when the application is initialized.\n\t * @param nodeLoggingComponentType The node logging component type.\n\t * @returns Nothing.\n\t */\n\tstart(nodeLoggingComponentType?: string): Promise<void>;\n\n\t/**\n\t * The component needs to be stopped when the node is closed.\n\t * @param nodeLoggingComponentType The node logging component type.\n\t * @returns Nothing.\n\t */\n\tstop(nodeLoggingComponentType?: string): Promise<void>;\n\n\t/**\n\t * Register or update rate-limit configuration for an action.\n\t * @param action The action name.\n\t * @param config The action configuration.\n\t * @returns Nothing.\n\t */\n\tregisterAction(action: string, config: IAuthenticationRateActionConfig): Promise<void>;\n\n\t/**\n\t * Unregister rate-limit configuration for an action.\n\t * @param action The action name.\n\t * @returns Nothing.\n\t */\n\tunregisterAction(action: string): Promise<void>;\n\n\t/**\n\t * Check the authentication rate for a given action and identifier.\n\t * @param action The action to be checked.\n\t * @param identifier The identifier to be checked.\n\t * @returns The result of the rate check.\n\t */\n\tcheck(action: string, identifier: string): Promise<string>;\n\n\t/**\n\t * Clear the authentication rate entry for the given action and identifier.\n\t * @param action The action to clear.\n\t * @param identifier The identifier to clear.\n\t * @returns Nothing.\n\t */\n\tclear(action: string, identifier: string): Promise<void>;\n}\n"]}

package/dist/es/models/api/IAuditCreateRequest.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAuditCreateRequest.js.map

package/dist/es/models/api/IAuditCreateRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuditCreateRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAuditCreateRequest.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IAuthenticationAuditEntry } from \"../IAuthenticationAuditEntry.js\";\n\n/**\n * Create an authentication audit entry.\n */\nexport interface IAuditCreateRequest {\n\t/**\n\t * The body of the request.\n\t */\n\tbody: Omit<IAuthenticationAuditEntry, \"id\" | \"dateCreated\">;\n}\n"]}

package/dist/es/models/api/IAuditQueryRequest.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAuditQueryRequest.js.map

package/dist/es/models/api/IAuditQueryRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuditQueryRequest.js","sourceRoot":"","sources":["../../../../src/models/api/IAuditQueryRequest.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { AuthAuditEvent } from \"../authAuditEvent.js\";\n\n/**\n * Query authentication audit entries.\n */\nexport interface IAuditQueryRequest {\n\t/**\n\t * The query parameters for the request.\n\t */\n\tquery?: {\n\t\t/**\n\t\t * The actor identifier to filter by.\n\t\t */\n\t\tactorId?: string;\n\n\t\t/**\n\t\t * The organization identifier to filter by.\n\t\t */\n\t\torganizationId?: string;\n\n\t\t/**\n\t\t * The tenant identifier to filter by.\n\t\t */\n\t\ttenantId?: string;\n\n\t\t/**\n\t\t * The node identifier to filter by.\n\t\t */\n\t\tnodeId?: string;\n\n\t\t/**\n\t\t * The event to filter by.\n\t\t */\n\t\tevent?: AuthAuditEvent | string;\n\n\t\t/**\n\t\t * The inclusive start date for filtering, in ISO 8601 format.\n\t\t */\n\t\tstartDate?: string;\n\n\t\t/**\n\t\t * The inclusive end date for filtering, in ISO 8601 format.\n\t\t */\n\t\tendDate?: string;\n\n\t\t/**\n\t\t * The pagination cursor.\n\t\t */\n\t\tcursor?: string;\n\n\t\t/**\n\t\t * The maximum number of results to return.\n\t\t */\n\t\tlimit?: string;\n\t};\n}\n"]}

package/dist/es/models/api/IAuditQueryResponse.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=IAuditQueryResponse.js.map

package/dist/es/models/api/IAuditQueryResponse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IAuditQueryResponse.js","sourceRoot":"","sources":["../../../../src/models/api/IAuditQueryResponse.ts"],"names":[],"mappings":"","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport type { IAuthenticationAuditEntry } from \"../IAuthenticationAuditEntry.js\";\n\n/**\n * Response from querying authentication audit entries.\n */\nexport interface IAuditQueryResponse {\n\t/**\n\t * The response body.\n\t */\n\tbody: {\n\t\t/**\n\t\t * The returned audit entries.\n\t\t */\n\t\tentries: IAuthenticationAuditEntry[];\n\n\t\t/**\n\t\t * The cursor to retrieve the next page, if any.\n\t\t */\n\t\tcursor?: string;\n\t};\n}\n"]}

package/dist/es/models/authAuditEvent.js

@@ -0,0 +1,49 @@
+// Copyright 2026 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+/**
+ * Supported authentication audit events.
+ */
+// eslint-disable-next-line @typescript-eslint/naming-convention
+export const AuthAuditEvent = {
+    /**
+     * Login success.
+     */
+    LoginSuccess: "login-success",
+    /**
+     * Login failure.
+     */
+    LoginFailure: "login-failure",
+    /**
+     * Logout.
+     */
+    Logout: "logout",
+    /**
+     * Token refreshed.
+     */
+    TokenRefreshed: "token-refreshed",
+    /**
+     * Account created.
+     */
+    AccountCreated: "account-created",
+    /**
+     * Account deleted.
+     */
+    AccountDeleted: "account-deleted",
+    /**
+     * Account updated.
+     */
+    AccountUpdated: "account-updated",
+    /**
+     * Account locked.
+     */
+    AccountLocked: "account-locked",
+    /**
+     * Account unlocked.
+     */
+    AccountUnlocked: "account-unlocked",
+    /**
+     * Password changed.
+     */
+    PasswordChanged: "password-changed"
+};
+//# sourceMappingURL=authAuditEvent.js.map

package/dist/es/models/authAuditEvent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authAuditEvent.js","sourceRoot":"","sources":["../../../src/models/authAuditEvent.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AAEvC;;GAEG;AACH,gEAAgE;AAChE,MAAM,CAAC,MAAM,cAAc,GAAG;IAC7B;;OAEG;IACH,YAAY,EAAE,eAAe;IAE7B;;OAEG;IACH,YAAY,EAAE,eAAe;IAE7B;;OAEG;IACH,MAAM,EAAE,QAAQ;IAEhB;;OAEG;IACH,cAAc,EAAE,iBAAiB;IAEjC;;OAEG;IACH,cAAc,EAAE,iBAAiB;IAEjC;;OAEG;IACH,cAAc,EAAE,iBAAiB;IAEjC;;OAEG;IACH,cAAc,EAAE,iBAAiB;IAEjC;;OAEG;IACH,aAAa,EAAE,gBAAgB;IAE/B;;OAEG;IACH,eAAe,EAAE,kBAAkB;IAEnC;;OAEG;IACH,eAAe,EAAE,kBAAkB;CAC1B,CAAC","sourcesContent":["// Copyright 2026 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\n\n/**\n * Supported authentication audit events.\n */\n// eslint-disable-next-line @typescript-eslint/naming-convention\nexport const AuthAuditEvent = {\n\t/**\n\t * Login success.\n\t */\n\tLoginSuccess: \"login-success\",\n\n\t/**\n\t * Login failure.\n\t */\n\tLoginFailure: \"login-failure\",\n\n\t/**\n\t * Logout.\n\t */\n\tLogout: \"logout\",\n\n\t/**\n\t * Token refreshed.\n\t */\n\tTokenRefreshed: \"token-refreshed\",\n\n\t/**\n\t * Account created.\n\t */\n\tAccountCreated: \"account-created\",\n\n\t/**\n\t * Account deleted.\n\t */\n\tAccountDeleted: \"account-deleted\",\n\n\t/**\n\t * Account updated.\n\t */\n\tAccountUpdated: \"account-updated\",\n\n\t/**\n\t * Account locked.\n\t */\n\tAccountLocked: \"account-locked\",\n\n\t/**\n\t * Account unlocked.\n\t */\n\tAccountUnlocked: \"account-unlocked\",\n\n\t/**\n\t * Password changed.\n\t */\n\tPasswordChanged: \"password-changed\"\n} as const;\n\n/**\n * Supported authentication audit event values.\n */\nexport type AuthAuditEvent = (typeof AuthAuditEvent)[keyof typeof AuthAuditEvent];\n"]}

package/dist/types/index.d.ts

@@ -1,16 +1,24 @@
 export * from "./models/api/IAdminUserCreateRequest.js";
-export * from "./models/api/IAdminUserGetRequest.js";
 export * from "./models/api/IAdminUserGetByIdentityRequest.js";
+export * from "./models/api/IAdminUserGetRequest.js";
 export * from "./models/api/IAdminUserGetResponse.js";
 export * from "./models/api/IAdminUserRemoveRequest.js";
 export * from "./models/api/IAdminUserUpdatePasswordRequest.js";
 export * from "./models/api/IAdminUserUpdateRequest.js";
+export * from "./models/api/IAuditCreateRequest.js";
+export * from "./models/api/IAuditQueryRequest.js";
+export * from "./models/api/IAuditQueryResponse.js";
 export * from "./models/api/ILoginRequest.js";
 export * from "./models/api/ILoginResponse.js";
 export * from "./models/api/ILogoutRequest.js";
 export * from "./models/api/IRefreshTokenRequest.js";
 export * from "./models/api/IRefreshTokenResponse.js";
 export * from "./models/api/IUpdatePasswordRequest.js";
+export * from "./models/authAuditEvent.js";
 export * from "./models/IAuthenticationAdminComponent.js";
+export * from "./models/IAuthenticationAuditComponent.js";
+export * from "./models/IAuthenticationAuditEntry.js";
 export * from "./models/IAuthenticationComponent.js";
+export * from "./models/IAuthenticationRateActionConfig.js";
+export * from "./models/IAuthenticationRateComponent.js";
 export * from "./models/IAuthenticationUser.js";

package/dist/types/models/IAuthenticationAuditComponent.d.ts

@@ -0,0 +1,40 @@
+import type { IComponent } from "@twin.org/core";
+import type { AuthAuditEvent } from "./authAuditEvent.js";
+import type { IAuthenticationAuditEntry } from "./IAuthenticationAuditEntry.js";
+/**
+ * Contract definition for authentication audit component.
+ */
+export interface IAuthenticationAuditComponent extends IComponent {
+    /**
+     * Create a new audit entry.
+     * @param entry The audit entry to be logged.
+     * @returns The unique identifier of the created audit entry.
+     */
+    create(entry: Omit<IAuthenticationAuditEntry, "id" | "dateCreated">): Promise<string>;
+    /**
+     * Query the audit entries.
+     * @param options The query options.
+     * @param options.actorId The actor identifier to filter the audit entries, optional.
+     * @param options.organizationId The organization identifier to filter the audit entries, optional.
+     * @param options.tenantId The tenant identifier to filter the audit entries, optional.
+     * @param options.nodeId The node identifier to filter the audit entries, optional.
+     * @param options.event The audit event to filter the audit entries, optional.
+     * @param options.startDate The start date to filter the audit entries, optional.
+     * @param options.endDate The end date to filter the audit entries, optional.
+     * @param cursor The cursor for pagination.
+     * @param limit The maximum number of entries to return.
+     * @returns The audit entries.
+     */
+    query(options?: {
+        actorId?: string;
+        organizationId?: string;
+        tenantId?: string;
+        nodeId?: string;
+        event?: AuthAuditEvent | string;
+        startDate?: string;
+        endDate?: string;
+    }, cursor?: string, limit?: number): Promise<{
+        entries: IAuthenticationAuditEntry[];
+        cursor?: string;
+    }>;
+}

package/dist/types/models/IAuthenticationAuditEntry.d.ts

@@ -0,0 +1,50 @@
+import type { AuthAuditEvent } from "./authAuditEvent.js";
+/**
+ * Contract definition for authentication audit entry.
+ */
+export interface IAuthenticationAuditEntry {
+    /**
+     * The unique identifier for the audit entry.
+     */
+    id: string;
+    /**
+     * The audit event that occurred.
+     */
+    event: AuthAuditEvent | string;
+    /**
+     * The timestamp of the audit entry in ISO 8601 format.
+     */
+    dateCreated: string;
+    /**
+     * The actor identifier, could be e-mail, username, or other unique identifier.
+     */
+    actorId?: string;
+    /**
+     * The node identifier associated with the audit entry, if applicable.
+     */
+    nodeId?: string;
+    /**
+     * The organization identifier associated with the audit entry, if applicable.
+     */
+    organizationId?: string;
+    /**
+     * The tenant identifier associated with the audit entry, if applicable.
+     */
+    tenantId?: string;
+    /**
+     * The hashed IP addresses of the client.
+     */
+    ipAddressHashes?: string[];
+    /**
+     * The user agent string of the client.
+     */
+    userAgent?: string;
+    /**
+     * The correlation ID for request tracing.
+     */
+    correlationId?: string;
+    /**
+     * Additional data related to the audit entry, such as IP address, user agent, etc.
+     */
+    data?: unknown;
+}

package/dist/types/models/IAuthenticationRateActionConfig.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Configuration for an authentication rate limited action.
+ */
+export interface IAuthenticationRateActionConfig {
+    /**
+     * Maximum number of failed attempts allowed per window.
+     */
+    maxAttempts: number;
+    /**
+     * Rate limit window duration in minutes.
+     */
+    windowMinutes: number;
+}

package/dist/types/models/IAuthenticationRateComponent.d.ts

@@ -0,0 +1,46 @@
+import type { IComponent } from "@twin.org/core";
+import type { IAuthenticationRateActionConfig } from "./IAuthenticationRateActionConfig.js";
+/**
+ * Contract definition for authentication rate component.
+ */
+export interface IAuthenticationRateComponent extends IComponent {
+    /**
+     * The service needs to be started when the application is initialized.
+     * @param nodeLoggingComponentType The node logging component type.
+     * @returns Nothing.
+     */
+    start(nodeLoggingComponentType?: string): Promise<void>;
+    /**
+     * The component needs to be stopped when the node is closed.
+     * @param nodeLoggingComponentType The node logging component type.
+     * @returns Nothing.
+     */
+    stop(nodeLoggingComponentType?: string): Promise<void>;
+    /**
+     * Register or update rate-limit configuration for an action.
+     * @param action The action name.
+     * @param config The action configuration.
+     * @returns Nothing.
+     */
+    registerAction(action: string, config: IAuthenticationRateActionConfig): Promise<void>;
+    /**
+     * Unregister rate-limit configuration for an action.
+     * @param action The action name.
+     * @returns Nothing.
+     */
+    unregisterAction(action: string): Promise<void>;
+    /**
+     * Check the authentication rate for a given action and identifier.
+     * @param action The action to be checked.
+     * @param identifier The identifier to be checked.
+     * @returns The result of the rate check.
+     */
+    check(action: string, identifier: string): Promise<string>;
+    /**
+     * Clear the authentication rate entry for the given action and identifier.
+     * @param action The action to clear.
+     * @param identifier The identifier to clear.
+     * @returns Nothing.
+     */
+    clear(action: string, identifier: string): Promise<void>;
+}

package/dist/types/models/api/IAuditCreateRequest.d.ts

@@ -0,0 +1,10 @@
+import type { IAuthenticationAuditEntry } from "../IAuthenticationAuditEntry.js";
+/**
+ * Create an authentication audit entry.
+ */
+export interface IAuditCreateRequest {
+    /**
+     * The body of the request.
+     */
+    body: Omit<IAuthenticationAuditEntry, "id" | "dateCreated">;
+}

package/dist/types/models/api/IAuditQueryRequest.d.ts

@@ -0,0 +1,47 @@
+import type { AuthAuditEvent } from "../authAuditEvent.js";
+/**
+ * Query authentication audit entries.
+ */
+export interface IAuditQueryRequest {
+    /**
+     * The query parameters for the request.
+     */
+    query?: {
+        /**
+         * The actor identifier to filter by.
+         */
+        actorId?: string;
+        /**
+         * The organization identifier to filter by.
+         */
+        organizationId?: string;
+        /**
+         * The tenant identifier to filter by.
+         */
+        tenantId?: string;
+        /**
+         * The node identifier to filter by.
+         */
+        nodeId?: string;
+        /**
+         * The event to filter by.
+         */
+        event?: AuthAuditEvent | string;
+        /**
+         * The inclusive start date for filtering, in ISO 8601 format.
+         */
+        startDate?: string;
+        /**
+         * The inclusive end date for filtering, in ISO 8601 format.
+         */
+        endDate?: string;
+        /**
+         * The pagination cursor.
+         */
+        cursor?: string;
+        /**
+         * The maximum number of results to return.
+         */
+        limit?: string;
+    };
+}

package/dist/types/models/api/IAuditQueryResponse.d.ts

@@ -0,0 +1,19 @@
+import type { IAuthenticationAuditEntry } from "../IAuthenticationAuditEntry.js";
+/**
+ * Response from querying authentication audit entries.
+ */
+export interface IAuditQueryResponse {
+    /**
+     * The response body.
+     */
+    body: {
+        /**
+         * The returned audit entries.
+         */
+        entries: IAuthenticationAuditEntry[];
+        /**
+         * The cursor to retrieve the next page, if any.
+         */
+        cursor?: string;
+    };
+}

package/dist/types/models/authAuditEvent.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Supported authentication audit events.
+ */
+export declare const AuthAuditEvent: {
+    /**
+     * Login success.
+     */
+    readonly LoginSuccess: "login-success";
+    /**
+     * Login failure.
+     */
+    readonly LoginFailure: "login-failure";
+    /**
+     * Logout.
+     */
+    readonly Logout: "logout";
+    /**
+     * Token refreshed.
+     */
+    readonly TokenRefreshed: "token-refreshed";
+    /**
+     * Account created.
+     */
+    readonly AccountCreated: "account-created";
+    /**
+     * Account deleted.
+     */
+    readonly AccountDeleted: "account-deleted";
+    /**
+     * Account updated.
+     */
+    readonly AccountUpdated: "account-updated";
+    /**
+     * Account locked.
+     */
+    readonly AccountLocked: "account-locked";
+    /**
+     * Account unlocked.
+     */
+    readonly AccountUnlocked: "account-unlocked";
+    /**
+     * Password changed.
+     */
+    readonly PasswordChanged: "password-changed";
+};
+/**
+ * Supported authentication audit event values.
+ */
+export type AuthAuditEvent = (typeof AuthAuditEvent)[keyof typeof AuthAuditEvent];

package/docs/changelog.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## [0.0.3-next.23](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.22...api-auth-entity-storage-models-v0.0.3-next.23) (2026-04-14)
+
+
+### Features
+
+* auth enhancements ([#93](https://github.com/twinfoundation/api/issues/93)) ([921a50c](https://github.com/twinfoundation/api/commit/921a50cd89d26e530a6be6174a5a803060fa0eb6))
+
+## [0.0.3-next.22](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.21...api-auth-entity-storage-models-v0.0.3-next.22) (2026-03-27)
+
+
+### Miscellaneous Chores
+
+* **api-auth-entity-storage-models:** Synchronize repo versions
+
 ## [0.0.3-next.21](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-models-v0.0.3-next.20...api-auth-entity-storage-models-v0.0.3-next.21) (2026-03-11)
 
 

package/docs/reference/index.md

@@ -3,7 +3,11 @@
 ## Interfaces
 
 - [IAuthenticationAdminComponent](interfaces/IAuthenticationAdminComponent.md)
+- [IAuthenticationAuditComponent](interfaces/IAuthenticationAuditComponent.md)
+- [IAuthenticationAuditEntry](interfaces/IAuthenticationAuditEntry.md)
 - [IAuthenticationComponent](interfaces/IAuthenticationComponent.md)
+- [IAuthenticationRateActionConfig](interfaces/IAuthenticationRateActionConfig.md)
+- [IAuthenticationRateComponent](interfaces/IAuthenticationRateComponent.md)
 - [IAuthenticationUser](interfaces/IAuthenticationUser.md)
 - [IAdminUserCreateRequest](interfaces/IAdminUserCreateRequest.md)
 - [IAdminUserGetByIdentityRequest](interfaces/IAdminUserGetByIdentityRequest.md)
@@ -12,9 +16,20 @@
 - [IAdminUserRemoveRequest](interfaces/IAdminUserRemoveRequest.md)
 - [IAdminUserUpdatePasswordRequest](interfaces/IAdminUserUpdatePasswordRequest.md)
 - [IAdminUserUpdateRequest](interfaces/IAdminUserUpdateRequest.md)
+- [IAuditCreateRequest](interfaces/IAuditCreateRequest.md)
+- [IAuditQueryRequest](interfaces/IAuditQueryRequest.md)
+- [IAuditQueryResponse](interfaces/IAuditQueryResponse.md)
 - [ILoginRequest](interfaces/ILoginRequest.md)
 - [ILoginResponse](interfaces/ILoginResponse.md)
 - [ILogoutRequest](interfaces/ILogoutRequest.md)
 - [IRefreshTokenRequest](interfaces/IRefreshTokenRequest.md)
 - [IRefreshTokenResponse](interfaces/IRefreshTokenResponse.md)
 - [IUpdatePasswordRequest](interfaces/IUpdatePasswordRequest.md)
+
+## Type Aliases
+
+- [AuthAuditEvent](type-aliases/AuthAuditEvent.md)
+
+## Variables
+
+- [AuthAuditEvent](variables/AuthAuditEvent.md)

package/docs/reference/interfaces/IAdminUserCreateRequest.md

@@ -4,7 +4,7 @@ Create a new user as an admin.
 
 ## Properties
 
-### body
+### body {#body}
 
 > **body**: `Omit`\<[`IAuthenticationUser`](IAuthenticationUser.md), `"salt"`\>
 

package/docs/reference/interfaces/IAdminUserGetByIdentityRequest.md

@@ -4,7 +4,7 @@ Get a user as an admin.
 
 ## Properties
 
-### pathParams
+### pathParams {#pathparams}
 
 > **pathParams**: `object`
 

package/docs/reference/interfaces/IAdminUserGetRequest.md

@@ -4,7 +4,7 @@ Get a user as an admin.
 
 ## Properties
 
-### pathParams
+### pathParams {#pathparams}
 
 > **pathParams**: `object`
 

package/docs/reference/interfaces/IAdminUserGetResponse.md

@@ -4,7 +4,7 @@ Get a user as an admin.
 
 ## Properties
 
-### body
+### body {#body}
 
 > **body**: `Omit`\<[`IAuthenticationUser`](IAuthenticationUser.md), `"password"` \| `"salt"`\>
 

package/docs/reference/interfaces/IAdminUserRemoveRequest.md

@@ -4,7 +4,7 @@ Remove a user as an admin.
 
 ## Properties
 
-### pathParams
+### pathParams {#pathparams}
 
 > **pathParams**: `object`
 

package/docs/reference/interfaces/IAdminUserUpdatePasswordRequest.md

@@ -4,7 +4,7 @@ Update a users password as an admin.
 
 ## Properties
 
-### pathParams
+### pathParams {#pathparams}
 
 > **pathParams**: `object`
 
@@ -18,7 +18,7 @@ The user email.
 
 ***
 
-### body
+### body {#body}
 
 > **body**: `object`
 
@@ -32,6 +32,6 @@ The new password for the user.
 
 #### currentPassword?
 
-> `optional` **currentPassword**: `string`
+> `optional` **currentPassword?**: `string`
 
 The current password for the user.

package/docs/reference/interfaces/IAdminUserUpdateRequest.md

@@ -4,7 +4,7 @@ Update a user as an admin.
 
 ## Properties
 
-### pathParams
+### pathParams {#pathparams}
 
 > **pathParams**: `object`
 
@@ -18,7 +18,7 @@ The user email.
 
 ***
 
-### body
+### body {#body}
 
 > **body**: `Partial`\<`Omit`\<[`IAuthenticationUser`](IAuthenticationUser.md), `"email"` \| `"password"` \| `"salt"`\>\>
 

package/docs/reference/interfaces/IAuditCreateRequest.md

@@ -0,0 +1,11 @@
+# Interface: IAuditCreateRequest
+
+Create an authentication audit entry.
+
+## Properties
+
+### body {#body}
+
+> **body**: `Omit`\<[`IAuthenticationAuditEntry`](IAuthenticationAuditEntry.md), `"id"` \| `"dateCreated"`\>
+
+The body of the request.