@xcelsior/auth 0.1.1 → 1.1.0

package/.turbo/turbo-build.log

@@ -1,22 +1,22 @@
 
-> @xcelsior/auth@0.1.1 build /Users/tuannguyen/Work/excelsior-packages/packages/services/auth
-> tsup
+> @xcelsior/auth@1.0.0 build /Users/tuannguyen/Work/xcelsior-packages/packages/services/auth
+> tsup && tsc --noEmit
 
 CLI Building entry: src/index.ts
 CLI Using tsconfig: tsconfig.json
-CLI tsup v8.5.0
-CLI Using tsup config: /Users/tuannguyen/Work/excelsior-packages/packages/services/auth/tsup.config.ts
+CLI tsup v8.5.1
+CLI Using tsup config: /Users/tuannguyen/Work/xcelsior-packages/packages/services/auth/tsup.config.ts
 CLI Target: es2020
 CLI Cleaning output folder
 CJS Build start
 ESM Build start
-CJS dist/index.js     16.47 KB
-CJS dist/index.js.map 30.61 KB
-CJS ⚡️ Build success in 146ms
-ESM dist/index.mjs     14.28 KB
-ESM dist/index.mjs.map 30.43 KB
-ESM ⚡️ Build success in 146ms
+CJS dist/index.js     19.89 KB
+CJS dist/index.js.map 37.50 KB
+CJS ⚡️ Build success in 150ms
+ESM dist/index.mjs     17.56 KB
+ESM dist/index.mjs.map 37.19 KB
+ESM ⚡️ Build success in 152ms
 DTS Build start
-DTS ⚡️ Build success in 3500ms
-DTS dist/index.d.ts  3.71 KB
-DTS dist/index.d.mts 3.71 KB
+DTS ⚡️ Build success in 2697ms
+DTS dist/index.d.ts  8.86 KB
+DTS dist/index.d.mts 8.86 KB

package/.turbo/turbo-lint.log

@@ -1,5 +1,5 @@
 
-> @xcelsior/auth@0.1.0 lint /Users/tuannguyen/Work/excelsior-packages/packages/services/auth
+> @xcelsior/auth@1.0.0 lint /Users/tuannguyen/Work/xcelsior-packages/packages/services/auth
 > biome check .
 
-Checked 21 files in 28ms. No fixes applied.
+Checked 17 files in 15ms. No fixes applied.

package/.turbo/turbo-test.log

@@ -1,12 +1,8 @@
 
-> @xcelsior/auth@0.1.0 test /Users/tuannguyen/Work/excelsior-packages/packages/services/auth
+> @xcelsior/auth@1.0.0 test /Users/tuannguyen/Work/xcelsior-packages/packages/services/auth
 > jest --passWithNoTests
 
 Determining test suites to run...No tests found, exiting with code 0
 
-
-
-
-
-
-
+
+

package/dist/index.d.mts

@@ -1,22 +1,47 @@
 import { z } from 'zod';
 
-interface StorageConfig {
-    type: 'dynamodb' | 'mongodb' | 'postgres';
-    options: DynamoDBConfig | MongoDBConfig | PostgresConfig;
+/** Filters for finding users */
+interface UserFilter {
+    /** Exact email match (uses index - performant) */
+    email?: string;
+    /** Partial email match - contains (uses scan - less performant) */
+    emailContains?: string;
+    /** User must have ALL of these roles */
+    roles?: string[];
+    /** User must have at least ONE of these roles */
+    hasAnyRole?: string[];
+    /** Filter by email verification status */
+    isEmailVerified?: boolean;
 }
-interface DynamoDBConfig {
-    tableName: string;
-    region: string;
+/** Options for paginated user queries */
+interface FindUsersOptions {
+    /** Maximum number of users to return (default: 50) */
+    limit?: number;
+    /** Pagination cursor from previous response */
+    cursor?: string;
 }
-interface MongoDBConfig {
-    uri: string;
-    dbName: string;
-    collectionName: string;
+/** Result of paginated user queries */
+interface FindUsersResult {
+    users: User[];
+    /** Cursor for next page, undefined if no more results */
+    nextCursor?: string;
 }
-interface PostgresConfig {
-    connectionString: string;
-    schema?: string;
-    tableName: string;
+interface IStorageProvider {
+    createUser(user: CreateUserInput): Promise<User>;
+    getUserById(id: UserId): Promise<User | null>;
+    getUserByEmail(email: string): Promise<User | null>;
+    getUserByResetPasswordToken(resetPasswordToken: string): Promise<User | null>;
+    getUserByVerifyEmailToken(verifyEmailToken: string): Promise<User | null>;
+    updateUser(id: UserId, updates: Partial<User> & Record<string, unknown>): Promise<void>;
+    deleteUser(id: UserId): Promise<void>;
+    findUsers(filter: UserFilter, options?: FindUsersOptions): Promise<FindUsersResult>;
+    createSession(session: CreateSessionInput): Promise<Session>;
+    getSessionById(id: SessionId): Promise<Session | null>;
+    getSessionsByUserId(userId: UserId): Promise<Session[]>;
+    updateSession(id: SessionId, updates: Partial<Session>): Promise<void>;
+    deleteSession(id: SessionId): Promise<void>;
+    deleteAllUserSessions(userId: UserId): Promise<void>;
+    deleteExpiredSessions(): Promise<void>;
 }
 
 interface EmailTemplates {
@@ -33,7 +58,7 @@ interface SMTPConfig {
     host: string;
     port: number;
     secure: boolean;
-    auth: {
+    auth?: {
         user: string;
         pass: string;
     };
@@ -53,13 +78,16 @@ interface EmailConfig {
     templates?: EmailTemplates;
 }
 
-declare const UserRoleSchema: z.ZodEnum<["ADMIN", "USER", "GUEST"]>;
-type UserRole = z.infer<typeof UserRoleSchema>;
+/** ID can be either auto-incremented number or UUID string */
+type UserId = string | number;
+type SessionId = string | number;
 declare const UserSchema: z.ZodObject<{
-    id: z.ZodString;
+    id: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
     email: z.ZodString;
+    firstName: z.ZodOptional<z.ZodString>;
+    lastName: z.ZodOptional<z.ZodString>;
     passwordHash: z.ZodString;
-    roles: z.ZodArray<z.ZodEnum<["ADMIN", "USER", "GUEST"]>, "many">;
+    roles: z.ZodArray<z.ZodString, "many">;
     isEmailVerified: z.ZodBoolean;
     verificationToken: z.ZodOptional<z.ZodString>;
     resetPasswordToken: z.ZodOptional<z.ZodString>;
@@ -67,73 +95,274 @@ declare const UserSchema: z.ZodObject<{
     createdAt: z.ZodNumber;
     updatedAt: z.ZodNumber;
 }, "strip", z.ZodTypeAny, {
-    id: string;
+    id: string | number;
     email: string;
     passwordHash: string;
-    roles: ("ADMIN" | "USER" | "GUEST")[];
+    roles: string[];
     isEmailVerified: boolean;
     createdAt: number;
     updatedAt: number;
+    firstName?: string | undefined;
+    lastName?: string | undefined;
     verificationToken?: string | undefined;
     resetPasswordToken?: string | undefined;
     resetPasswordExpires?: number | undefined;
 }, {
-    id: string;
+    id: string | number;
     email: string;
     passwordHash: string;
-    roles: ("ADMIN" | "USER" | "GUEST")[];
+    roles: string[];
     isEmailVerified: boolean;
     createdAt: number;
     updatedAt: number;
+    firstName?: string | undefined;
+    lastName?: string | undefined;
     verificationToken?: string | undefined;
     resetPasswordToken?: string | undefined;
     resetPasswordExpires?: number | undefined;
 }>;
+declare const CreateUserSchema: z.ZodObject<Omit<{
+    id: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
+    email: z.ZodString;
+    firstName: z.ZodOptional<z.ZodString>;
+    lastName: z.ZodOptional<z.ZodString>;
+    passwordHash: z.ZodString;
+    roles: z.ZodArray<z.ZodString, "many">;
+    isEmailVerified: z.ZodBoolean;
+    verificationToken: z.ZodOptional<z.ZodString>;
+    resetPasswordToken: z.ZodOptional<z.ZodString>;
+    resetPasswordExpires: z.ZodOptional<z.ZodNumber>;
+    createdAt: z.ZodNumber;
+    updatedAt: z.ZodNumber;
+}, "id" | "createdAt" | "updatedAt"> & {
+    createdAt: z.ZodOptional<z.ZodNumber>;
+    updatedAt: z.ZodOptional<z.ZodNumber>;
+    id: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber]>>;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+    passwordHash: string;
+    roles: string[];
+    isEmailVerified: boolean;
+    id?: string | number | undefined;
+    firstName?: string | undefined;
+    lastName?: string | undefined;
+    verificationToken?: string | undefined;
+    resetPasswordToken?: string | undefined;
+    resetPasswordExpires?: number | undefined;
+    createdAt?: number | undefined;
+    updatedAt?: number | undefined;
+}, {
+    email: string;
+    passwordHash: string;
+    roles: string[];
+    isEmailVerified: boolean;
+    id?: string | number | undefined;
+    firstName?: string | undefined;
+    lastName?: string | undefined;
+    verificationToken?: string | undefined;
+    resetPasswordToken?: string | undefined;
+    resetPasswordExpires?: number | undefined;
+    createdAt?: number | undefined;
+    updatedAt?: number | undefined;
+}>;
 type User = z.infer<typeof UserSchema>;
+type CreateUserInput = z.infer<typeof CreateUserSchema>;
+declare const SessionSchema: z.ZodObject<{
+    id: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
+    userId: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
+    refreshTokenHash: z.ZodString;
+    userAgent: z.ZodOptional<z.ZodString>;
+    ipAddress: z.ZodOptional<z.ZodString>;
+    deviceName: z.ZodOptional<z.ZodString>;
+    createdAt: z.ZodNumber;
+    lastUsedAt: z.ZodNumber;
+    expiresAt: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    id: string | number;
+    createdAt: number;
+    userId: string | number;
+    refreshTokenHash: string;
+    lastUsedAt: number;
+    expiresAt: number;
+    userAgent?: string | undefined;
+    ipAddress?: string | undefined;
+    deviceName?: string | undefined;
+}, {
+    id: string | number;
+    createdAt: number;
+    userId: string | number;
+    refreshTokenHash: string;
+    lastUsedAt: number;
+    expiresAt: number;
+    userAgent?: string | undefined;
+    ipAddress?: string | undefined;
+    deviceName?: string | undefined;
+}>;
+declare const CreateSessionSchema: z.ZodObject<Omit<{
+    id: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
+    userId: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
+    refreshTokenHash: z.ZodString;
+    userAgent: z.ZodOptional<z.ZodString>;
+    ipAddress: z.ZodOptional<z.ZodString>;
+    deviceName: z.ZodOptional<z.ZodString>;
+    createdAt: z.ZodNumber;
+    lastUsedAt: z.ZodNumber;
+    expiresAt: z.ZodNumber;
+}, "id" | "createdAt" | "lastUsedAt"> & {
+    createdAt: z.ZodOptional<z.ZodNumber>;
+    lastUsedAt: z.ZodOptional<z.ZodNumber>;
+    id: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber]>>;
+}, "strip", z.ZodTypeAny, {
+    userId: string | number;
+    refreshTokenHash: string;
+    expiresAt: number;
+    id?: string | number | undefined;
+    createdAt?: number | undefined;
+    userAgent?: string | undefined;
+    ipAddress?: string | undefined;
+    deviceName?: string | undefined;
+    lastUsedAt?: number | undefined;
+}, {
+    userId: string | number;
+    refreshTokenHash: string;
+    expiresAt: number;
+    id?: string | number | undefined;
+    createdAt?: number | undefined;
+    userAgent?: string | undefined;
+    ipAddress?: string | undefined;
+    deviceName?: string | undefined;
+    lastUsedAt?: number | undefined;
+}>;
+type Session = z.infer<typeof SessionSchema>;
+type CreateSessionInput = z.infer<typeof CreateSessionSchema>;
+/** Session info returned to clients (without sensitive data) */
+interface SessionInfo {
+    id: SessionId;
+    deviceName?: string;
+    userAgent?: string;
+    ipAddress?: string;
+    createdAt: number;
+    lastUsedAt: number;
+    isCurrent: boolean;
+}
 interface AuthConfig {
     jwt: {
         privateKey: string;
         publicKey: string;
         keyId: string;
         expiresIn: string;
+        refreshTokenExpiresIn?: string;
     };
-    storage: StorageConfig;
+    storage: IStorageProvider;
+    idGeneration: 'uuid' | 'increment';
     email: EmailConfig;
 }
 
+interface AuthTokens {
+    accessToken: string;
+    refreshToken: string;
+}
+interface LoginOptions {
+    userAgent?: string;
+    ipAddress?: string;
+    deviceName?: string;
+}
+/** Allowed fields for user updates */
+interface UserUpdateInput {
+    email?: string;
+    firstName?: string;
+    lastName?: string;
+    roles?: string[];
+    isEmailVerified?: boolean;
+    [key: string]: unknown;
+}
 declare class AuthService {
     private storage;
     private email;
     private config;
     constructor(config: AuthConfig);
-    private generateToken;
+    private generateAccessToken;
+    private generateRefreshToken;
+    private verifyRefreshToken;
+    private hashToken;
+    private getRefreshTokenExpiryMs;
     private hashPassword;
-    signup(email: string, password: string, roles?: UserRole[]): Promise<{
+    private createSession;
+    signup(createUserInput: CreateUserInput, password: string, options?: LoginOptions): Promise<{
         user: User;
-        token: string;
+        tokens: AuthTokens;
     }>;
-    signin(email: string, password: string): Promise<{
+    signin(email: string, password: string, options?: LoginOptions): Promise<{
         user: User;
-        token: string;
+        tokens: AuthTokens;
     }>;
+    refreshAccessToken(refreshToken: string): Promise<AuthTokens>;
+    /**
+     * Logout from current session only
+     */
+    logout(refreshToken: string): Promise<void>;
+    /**
+     * Revoke a specific session by ID
+     */
+    revokeSession(userId: UserId, sessionId: SessionId): Promise<void>;
+    /**
+     * Revoke all sessions for a user (logout from all devices)
+     */
+    revokeAllSessions(userId: UserId): Promise<void>;
+    /**
+     * Get all active sessions for a user
+     */
+    getSessions(userId: UserId, currentRefreshToken?: string): Promise<SessionInfo[]>;
     verifyEmail(token: string): Promise<void>;
     initiatePasswordReset(email: string): Promise<void>;
     resetPassword(token: string, newPassword: string): Promise<void>;
     verifyToken(token: string): Promise<{
-        id: string;
+        id: UserId;
         email: string;
-        roles: UserRole[];
+        roles: string[];
         isEmailVerified: boolean;
     }>;
-    hasRole(userId: string, requiredRoles: UserRole[]): Promise<boolean>;
+    hasRole(userId: UserId, requiredRoles: string[]): Promise<boolean>;
+    /**
+     * Get a user by ID
+     */
+    getUserById(id: UserId): Promise<User | null>;
+    /**
+     * Get a user by email
+     */
+    getUserByEmail(email: string): Promise<User | null>;
+    /**
+     * Update a user's profile information.
+     * Supports predefined fields (email, firstName, lastName, roles, isEmailVerified)
+     * as well as any additional custom fields.
+     */
+    updateUser(id: UserId, updates: UserUpdateInput): Promise<User>;
+    /**
+     * Delete a user and all their sessions
+     */
+    deleteUser(id: UserId): Promise<void>;
+    /**
+     * Find users with filtering and pagination
+     *
+     * @example
+     * // Find all admins
+     * const { users } = await authService.findUsers({ hasAnyRole: ['ADMIN'] });
+     *
+     * // Find verified users with email containing '@company.com'
+     * const result = await authService.findUsers({
+     *   emailContains: '@company.com',
+     *   isEmailVerified: true
+     * }, { limit: 20 });
+     */
+    findUsers(filter: UserFilter, options?: FindUsersOptions): Promise<FindUsersResult>;
 }
 
 declare class AuthMiddleware {
     private authService;
     constructor(authService: AuthService);
     verifyToken(): (req: any, res: any, next: any) => Promise<void>;
-    requireRoles(roles: UserRole[]): (req: any, res: any, next: any) => Promise<void>;
+    requireRoles(roles: string[]): (req: any, res: any, next: any) => Promise<void>;
     requireEmailVerified(): (req: any, res: any, next: any) => any;
 }
 
-export { type AuthConfig, AuthMiddleware, AuthService, type User, type UserRole, UserRoleSchema, UserSchema };
+export { type AuthConfig, AuthMiddleware, AuthService, type AuthTokens, type CreateSessionInput, CreateSessionSchema, type CreateUserInput, CreateUserSchema, type FindUsersOptions, type FindUsersResult, type IStorageProvider, type LoginOptions, type Session, type SessionId, type SessionInfo, SessionSchema, type User, type UserFilter, type UserId, UserSchema, type UserUpdateInput };