@vaiftech/auth 1.0.0

package/dist/client-28ISGmu6.d.ts

@@ -0,0 +1,611 @@
+/**
+ * @vaiftech/auth - Type definitions
+ */
+/**
+ * User object returned from authentication endpoints
+ */
+interface User {
+    id: string;
+    email: string;
+    name?: string;
+    avatarUrl?: string;
+    phone?: string;
+    timezone?: string;
+    emailVerified: boolean;
+    phoneVerified: boolean;
+    mfaEnabled: boolean;
+    providers: OAuthProviderType[];
+    metadata?: Record<string, unknown>;
+    lastSignInAt?: string;
+    createdAt: string;
+    updatedAt?: string;
+}
+/**
+ * Minimal user info for session
+ */
+interface UserInfo {
+    id: string;
+    email: string;
+    name?: string;
+    avatarUrl?: string;
+}
+/**
+ * Authentication session
+ */
+interface Session {
+    accessToken: string;
+    refreshToken?: string;
+    expiresAt: number;
+    expiresIn: number;
+    tokenType: 'bearer';
+    user: User;
+}
+/**
+ * Session info (for listing active sessions)
+ */
+interface SessionInfo {
+    id: string;
+    userId: string;
+    userAgent?: string;
+    ipAddress?: string;
+    location?: string;
+    lastActiveAt: string;
+    createdAt: string;
+    current: boolean;
+}
+/**
+ * Standard auth response
+ */
+interface AuthResponse {
+    session: Session;
+    user: User;
+}
+/**
+ * Token refresh response
+ */
+interface TokenRefreshResponse {
+    accessToken: string;
+    refreshToken?: string;
+    expiresAt: number;
+    expiresIn: number;
+}
+/**
+ * MFA challenge response when MFA is required
+ */
+interface MFAChallenge {
+    mfaRequired: true;
+    mfaToken: string;
+    mfaMethods: MFAMethod[];
+}
+/**
+ * Type guard for MFA challenge
+ */
+declare function isMFAChallenge(response: AuthResponse | MFAChallenge): response is MFAChallenge;
+/**
+ * Sign up options
+ */
+interface SignUpOptions {
+    email: string;
+    password: string;
+    name?: string;
+    phone?: string;
+    metadata?: Record<string, unknown>;
+    redirectUrl?: string;
+    emailRedirectTo?: string;
+}
+/**
+ * Sign in options (email/password)
+ */
+interface SignInWithPasswordOptions {
+    email: string;
+    password: string;
+    mfaCode?: string;
+    rememberMe?: boolean;
+}
+/**
+ * Sign in with OAuth options
+ */
+interface SignInWithOAuthOptions {
+    provider: OAuthProviderType;
+    redirectTo?: string;
+    scopes?: string[];
+    queryParams?: Record<string, string>;
+}
+/**
+ * Sign in with magic link options
+ */
+interface SignInWithMagicLinkOptions {
+    email: string;
+    redirectTo?: string;
+    shouldCreateUser?: boolean;
+}
+/**
+ * Sign in with OTP (one-time password) options
+ */
+interface SignInWithOTPOptions {
+    email?: string;
+    phone?: string;
+    channel?: 'sms' | 'whatsapp' | 'email';
+    shouldCreateUser?: boolean;
+}
+/**
+ * Verify OTP options
+ */
+interface VerifyOTPOptions {
+    email?: string;
+    phone?: string;
+    token: string;
+    type: 'signup' | 'recovery' | 'email_change' | 'phone_change' | 'magiclink';
+}
+/**
+ * Sign in with SSO options
+ */
+interface SignInWithSSOOptions {
+    domain?: string;
+    providerId?: string;
+    redirectTo?: string;
+}
+/**
+ * Anonymous sign in options
+ */
+interface SignInAnonymouslyOptions {
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Password reset request options
+ */
+interface ResetPasswordOptions {
+    email: string;
+    redirectTo?: string;
+}
+/**
+ * Update password options
+ */
+interface UpdatePasswordOptions {
+    currentPassword?: string;
+    newPassword: string;
+}
+/**
+ * Set password options (for password recovery)
+ */
+interface SetPasswordOptions {
+    token: string;
+    password: string;
+}
+/**
+ * Update user options
+ */
+interface UpdateUserOptions {
+    email?: string;
+    phone?: string;
+    password?: string;
+    name?: string;
+    avatarUrl?: string;
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Email change confirmation
+ */
+interface ConfirmEmailChangeOptions {
+    token: string;
+}
+/**
+ * Supported OAuth providers
+ */
+type OAuthProviderType = 'google' | 'github' | 'microsoft' | 'apple' | 'discord' | 'slack' | 'twitter' | 'facebook' | 'linkedin' | 'spotify' | 'twitch' | 'notion' | 'figma' | 'zoom';
+/**
+ * OAuth response with redirect URL
+ */
+interface OAuthResponse {
+    url: string;
+    provider: OAuthProviderType;
+}
+/**
+ * OAuth identity linked to user
+ */
+interface OAuthIdentity {
+    id: string;
+    provider: OAuthProviderType;
+    providerId: string;
+    email?: string;
+    name?: string;
+    avatarUrl?: string;
+    createdAt: string;
+    lastSignInAt?: string;
+}
+/**
+ * MFA method types
+ */
+type MFAMethod = 'totp' | 'sms' | 'email';
+/**
+ * MFA factor
+ */
+interface MFAFactor {
+    id: string;
+    type: MFAMethod;
+    friendlyName?: string;
+    status: 'unverified' | 'verified';
+    createdAt: string;
+    updatedAt: string;
+}
+/**
+ * MFA setup response (TOTP)
+ */
+interface MFASetupResponse {
+    id: string;
+    type: MFAMethod;
+    totpUri?: string;
+    qrCode?: string;
+    secret?: string;
+    backupCodes?: string[];
+}
+/**
+ * MFA verify options
+ */
+interface MFAVerifyOptions {
+    factorId: string;
+    code: string;
+}
+/**
+ * MFA challenge options
+ */
+interface MFAChallengeOptions {
+    factorId: string;
+}
+/**
+ * MFA challenge response
+ */
+interface MFAChallengeResponse {
+    id: string;
+    expiresAt: number;
+}
+/**
+ * Auth event types
+ */
+type AuthEventType = 'SIGNED_IN' | 'SIGNED_OUT' | 'TOKEN_REFRESHED' | 'USER_UPDATED' | 'PASSWORD_RECOVERY' | 'MFA_CHALLENGE_VERIFIED' | 'INITIAL_SESSION';
+/**
+ * Auth state change event
+ */
+interface AuthChangeEvent {
+    event: AuthEventType;
+    session: Session | null;
+}
+/**
+ * Auth state change callback
+ */
+type AuthStateChangeCallback = (event: AuthChangeEvent) => void;
+/**
+ * Subscription to auth state changes
+ */
+interface AuthSubscription {
+    unsubscribe: () => void;
+}
+/**
+ * Storage adapter interface
+ */
+interface StorageAdapter {
+    getItem(key: string): string | null | Promise<string | null>;
+    setItem(key: string, value: string): void | Promise<void>;
+    removeItem(key: string): void | Promise<void>;
+}
+/**
+ * Async storage adapter interface
+ */
+interface AsyncStorageAdapter {
+    getItem(key: string): Promise<string | null>;
+    setItem(key: string, value: string): Promise<void>;
+    removeItem(key: string): Promise<void>;
+}
+/**
+ * Auth client configuration
+ */
+interface AuthClientConfig {
+    /**
+     * VAIF API URL
+     */
+    url: string;
+    /**
+     * Project API key (publishable key)
+     */
+    apiKey?: string;
+    /**
+     * Custom headers to include with every request
+     */
+    headers?: Record<string, string>;
+    /**
+     * Storage adapter for session persistence
+     * @default localStorage (browser) or in-memory (Node.js)
+     */
+    storage?: StorageAdapter | AsyncStorageAdapter;
+    /**
+     * Storage key prefix
+     * @default 'vaif.auth.'
+     */
+    storageKey?: string;
+    /**
+     * Enable automatic token refresh
+     * @default true
+     */
+    autoRefreshToken?: boolean;
+    /**
+     * Persist session to storage
+     * @default true
+     */
+    persistSession?: boolean;
+    /**
+     * Detect session from URL (for OAuth callbacks)
+     * @default true
+     */
+    detectSessionInUrl?: boolean;
+    /**
+     * Flow type for OAuth
+     * @default 'implicit'
+     */
+    flowType?: 'implicit' | 'pkce';
+    /**
+     * Debug mode - logs auth events
+     * @default false
+     */
+    debug?: boolean;
+}
+/**
+ * Auth error codes
+ */
+type AuthErrorCode = 'invalid_credentials' | 'user_not_found' | 'user_already_exists' | 'email_not_verified' | 'phone_not_verified' | 'invalid_token' | 'token_expired' | 'session_expired' | 'mfa_required' | 'mfa_invalid' | 'oauth_error' | 'rate_limited' | 'weak_password' | 'invalid_email' | 'invalid_phone' | 'network_error' | 'unknown_error';
+/**
+ * Auth error
+ */
+declare class AuthError extends Error {
+    code: AuthErrorCode;
+    status?: number;
+    details?: Record<string, unknown>;
+    constructor(message: string, code: AuthErrorCode, status?: number, details?: Record<string, unknown>);
+    static isAuthError(error: unknown): error is AuthError;
+}
+/**
+ * Session expired error
+ */
+declare class SessionExpiredError extends AuthError {
+    constructor(message?: string);
+}
+/**
+ * Invalid credentials error
+ */
+declare class InvalidCredentialsError extends AuthError {
+    constructor(message?: string);
+}
+
+/**
+ * @vaiftech/auth - Main Auth Client
+ *
+ * Comprehensive authentication client with session management,
+ * automatic token refresh, and event-driven state updates.
+ */
+
+/**
+ * VAIF Auth Client
+ *
+ * @example
+ * ```typescript
+ * import { createAuthClient } from '@vaiftech/auth';
+ *
+ * const auth = createAuthClient({
+ *   url: 'https://api.vaif.studio',
+ *   apiKey: 'your-project-key',
+ * });
+ *
+ * // Sign up
+ * const { session, user } = await auth.signUp({
+ *   email: 'user@example.com',
+ *   password: 'secure-password',
+ * });
+ *
+ * // Sign in
+ * const { session, user } = await auth.signInWithPassword({
+ *   email: 'user@example.com',
+ *   password: 'secure-password',
+ * });
+ *
+ * // Listen to auth state changes
+ * auth.onAuthStateChange((event) => {
+ *   console.log('Auth state changed:', event.event);
+ *   if (event.session) {
+ *     console.log('User:', event.session.user);
+ *   }
+ * });
+ * ```
+ */
+declare class VaifAuthClient {
+    private config;
+    private storage;
+    private refreshTimer;
+    private listeners;
+    private initialized;
+    private initPromise;
+    private currentSession;
+    constructor(config: AuthClientConfig);
+    /**
+     * Initialize the auth client
+     * Loads session from storage and sets up auto-refresh
+     */
+    initialize(): Promise<Session | null>;
+    private _initialize;
+    /**
+     * Get the current session
+     */
+    getSession(): Promise<Session | null>;
+    /**
+     * Get the current user
+     */
+    getUser(): Promise<User | null>;
+    /**
+     * Set session manually (useful for SSR)
+     */
+    setSession(accessToken: string, refreshToken?: string): Promise<AuthResponse>;
+    /**
+     * Refresh the current session
+     */
+    refreshSession(): Promise<Session | null>;
+    /**
+     * Sign up a new user with email and password
+     */
+    signUp(options: SignUpOptions): Promise<AuthResponse | MFAChallenge>;
+    /**
+     * Sign in with email and password
+     */
+    signInWithPassword(options: SignInWithPasswordOptions): Promise<AuthResponse | MFAChallenge>;
+    /**
+     * Sign in with OAuth provider
+     */
+    signInWithOAuth(options: SignInWithOAuthOptions): Promise<OAuthResponse>;
+    /**
+     * Sign in with magic link (passwordless email)
+     */
+    signInWithMagicLink(options: SignInWithMagicLinkOptions): Promise<{
+        ok: boolean;
+    }>;
+    /**
+     * Sign in with OTP (one-time password)
+     */
+    signInWithOTP(options: SignInWithOTPOptions): Promise<{
+        ok: boolean;
+    }>;
+    /**
+     * Verify OTP code
+     */
+    verifyOTP(options: VerifyOTPOptions): Promise<AuthResponse>;
+    /**
+     * Sign in anonymously
+     */
+    signInAnonymously(options?: SignInAnonymouslyOptions): Promise<AuthResponse>;
+    /**
+     * Sign out the current user
+     */
+    signOut(): Promise<void>;
+    /**
+     * Sign out from all devices
+     */
+    signOutAll(): Promise<void>;
+    /**
+     * Request password reset email
+     */
+    resetPasswordForEmail(options: ResetPasswordOptions): Promise<{
+        ok: boolean;
+    }>;
+    /**
+     * Update password (requires current session)
+     */
+    updatePassword(options: UpdatePasswordOptions): Promise<{
+        ok: boolean;
+    }>;
+    /**
+     * Set new password with recovery token
+     */
+    setPassword(options: SetPasswordOptions): Promise<AuthResponse>;
+    /**
+     * Update current user
+     */
+    updateUser(options: UpdateUserOptions): Promise<User>;
+    /**
+     * Get user identities (linked OAuth providers)
+     */
+    getUserIdentities(): Promise<OAuthIdentity[]>;
+    /**
+     * Link OAuth provider to current user
+     */
+    linkIdentity(provider: OAuthProviderType, options?: {
+        redirectTo?: string;
+    }): Promise<OAuthResponse>;
+    /**
+     * Unlink OAuth provider from current user
+     */
+    unlinkIdentity(provider: OAuthProviderType): Promise<{
+        ok: boolean;
+    }>;
+    /**
+     * List enrolled MFA factors
+     */
+    listMFAFactors(): Promise<MFAFactor[]>;
+    /**
+     * Enroll a new MFA factor
+     */
+    enrollMFA(options: {
+        type: 'totp' | 'sms' | 'email';
+        friendlyName?: string;
+    }): Promise<MFASetupResponse>;
+    /**
+     * Verify and enable MFA factor
+     */
+    verifyMFA(options: MFAVerifyOptions): Promise<{
+        ok: boolean;
+        backupCodes?: string[];
+    }>;
+    /**
+     * Create MFA challenge for verification
+     */
+    challengeMFA(options: MFAChallengeOptions): Promise<MFAChallengeResponse>;
+    /**
+     * Verify MFA during login
+     */
+    verifyMFAChallenge(mfaToken: string, code: string): Promise<AuthResponse>;
+    /**
+     * Unenroll MFA factor
+     */
+    unenrollMFA(factorId: string, code: string): Promise<{
+        ok: boolean;
+    }>;
+    /**
+     * Regenerate MFA backup codes
+     */
+    regenerateBackupCodes(): Promise<{
+        backupCodes: string[];
+    }>;
+    /**
+     * List all active sessions
+     */
+    listSessions(): Promise<SessionInfo[]>;
+    /**
+     * Revoke a specific session
+     */
+    revokeSession(sessionId: string): Promise<{
+        ok: boolean;
+    }>;
+    /**
+     * Revoke all sessions except current
+     */
+    revokeOtherSessions(): Promise<{
+        ok: boolean;
+    }>;
+    /**
+     * Resend email verification
+     */
+    resendEmailVerification(options?: {
+        redirectTo?: string;
+    }): Promise<{
+        ok: boolean;
+    }>;
+    /**
+     * Verify email with token
+     */
+    verifyEmail(token: string): Promise<AuthResponse>;
+    /**
+     * Subscribe to auth state changes
+     */
+    onAuthStateChange(callback: AuthStateChangeCallback): AuthSubscription;
+    private _fetch;
+    private _fetchUser;
+    private _refreshToken;
+    private _handleUrlSession;
+    private _persistSession;
+    private _setupAutoRefresh;
+    private _clearRefreshTimer;
+    private _notifyListeners;
+    private _mapErrorCode;
+    private _log;
+}
+/**
+ * Create a new VAIF Auth client
+ */
+declare function createAuthClient(config: AuthClientConfig): VaifAuthClient;
+
+export { type AsyncStorageAdapter as A, type AuthStateChangeCallback as B, type ConfirmEmailChangeOptions as C, type AuthSubscription as D, type AuthClientConfig as E, type AuthErrorCode as F, AuthError as G, SessionExpiredError as H, InvalidCredentialsError as I, isMFAChallenge as J, type MFAChallenge as M, type OAuthProviderType as O, type ResetPasswordOptions as R, type StorageAdapter as S, type TokenRefreshResponse as T, type User as U, VaifAuthClient as V, type Session as a, type UserInfo as b, createAuthClient as c, type SessionInfo as d, type AuthResponse as e, type SignUpOptions as f, type SignInWithPasswordOptions as g, type SignInWithOAuthOptions as h, type SignInWithMagicLinkOptions as i, type SignInWithOTPOptions as j, type VerifyOTPOptions as k, type SignInWithSSOOptions as l, type SignInAnonymouslyOptions as m, type UpdatePasswordOptions as n, type SetPasswordOptions as o, type UpdateUserOptions as p, type OAuthResponse as q, type OAuthIdentity as r, type MFAMethod as s, type MFAFactor as t, type MFASetupResponse as u, type MFAVerifyOptions as v, type MFAChallengeOptions as w, type MFAChallengeResponse as x, type AuthEventType as y, type AuthChangeEvent as z };

package/dist/index.d.mts

@@ -0,0 +1,83 @@
+import { S as StorageAdapter, A as AsyncStorageAdapter, a as Session } from './client-28ISGmu6.mjs';
+export { z as AuthChangeEvent, E as AuthClientConfig, G as AuthError, F as AuthErrorCode, y as AuthEventType, e as AuthResponse, B as AuthStateChangeCallback, D as AuthSubscription, C as ConfirmEmailChangeOptions, I as InvalidCredentialsError, M as MFAChallenge, w as MFAChallengeOptions, x as MFAChallengeResponse, t as MFAFactor, s as MFAMethod, u as MFASetupResponse, v as MFAVerifyOptions, r as OAuthIdentity, O as OAuthProviderType, q as OAuthResponse, R as ResetPasswordOptions, H as SessionExpiredError, d as SessionInfo, o as SetPasswordOptions, m as SignInAnonymouslyOptions, i as SignInWithMagicLinkOptions, h as SignInWithOAuthOptions, j as SignInWithOTPOptions, g as SignInWithPasswordOptions, l as SignInWithSSOOptions, f as SignUpOptions, T as TokenRefreshResponse, n as UpdatePasswordOptions, p as UpdateUserOptions, U as User, b as UserInfo, V as VaifAuthClient, k as VerifyOTPOptions, c as createAuthClient, J as isMFAChallenge } from './client-28ISGmu6.mjs';
+
+/**
+ * @vaiftech/auth - Storage utilities
+ */
+
+/**
+ * Check if running in browser environment
+ */
+declare function isBrowser(): boolean;
+/**
+ * In-memory storage fallback
+ */
+declare class MemoryStorage implements StorageAdapter {
+    private storage;
+    getItem(key: string): string | null;
+    setItem(key: string, value: string): void;
+    removeItem(key: string): void;
+    clear(): void;
+}
+/**
+ * Local storage adapter
+ */
+declare class LocalStorageAdapter implements StorageAdapter {
+    getItem(key: string): string | null;
+    setItem(key: string, value: string): void;
+    removeItem(key: string): void;
+}
+/**
+ * Session storage adapter
+ */
+declare class SessionStorageAdapter implements StorageAdapter {
+    getItem(key: string): string | null;
+    setItem(key: string, value: string): void;
+    removeItem(key: string): void;
+}
+/**
+ * Cookie storage options
+ */
+interface CookieStorageOptions {
+    secure?: boolean;
+    sameSite?: 'strict' | 'lax' | 'none';
+    path?: string;
+    domain?: string;
+    maxAge?: number;
+}
+/**
+ * Cookie storage adapter with secure defaults
+ */
+declare class CookieStorageAdapter implements StorageAdapter {
+    private options;
+    constructor(options?: CookieStorageOptions);
+    getItem(key: string): string | null;
+    setItem(key: string, value: string): void;
+    removeItem(key: string): void;
+}
+/**
+ * Get default storage adapter
+ */
+declare function getDefaultStorage(): StorageAdapter;
+/**
+ * Storage helper with session serialization
+ */
+declare class SessionStorage {
+    private adapter;
+    private keyPrefix;
+    constructor(adapter: StorageAdapter | AsyncStorageAdapter, keyPrefix?: string);
+    private key;
+    getSession(): Promise<Session | null>;
+    setSession(session: Session): Promise<void>;
+    removeSession(): Promise<void>;
+    getRefreshToken(): Promise<string | null>;
+    setRefreshToken(token: string): Promise<void>;
+    removeRefreshToken(): Promise<void>;
+    clear(): Promise<void>;
+}
+declare const memoryStorage: MemoryStorage;
+declare const localStorage: MemoryStorage | LocalStorageAdapter;
+declare const sessionStorage: MemoryStorage | SessionStorageAdapter;
+declare const cookieStorage: (options?: CookieStorageOptions) => CookieStorageAdapter;
+
+export { AsyncStorageAdapter, type CookieStorageOptions, Session, SessionStorage, StorageAdapter, cookieStorage, getDefaultStorage, isBrowser, localStorage, memoryStorage, sessionStorage };