npm - @xcelsior/auth - Versions diffs - 1.0.0 → 1.1.0 - Mend

@xcelsior/auth 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/.turbo/turbo-build.log CHANGED Viewed

@@ -1,22 +1,22 @@
-> @xcelsior/auth@0.1.1 build /Users/tuannguyen/Work/excelsior-packages/packages/services/auth
-> tsup
+> @xcelsior/auth@1.0.0 build /Users/tuannguyen/Work/xcelsior-packages/packages/services/auth
+> tsup && tsc --noEmit
 [34mCLI[39m Building entry: src/index.ts
 [34mCLI[39m Using tsconfig: tsconfig.json
-[34mCLI[39m tsup v8.5.0
-[34mCLI[39m Using tsup config: /Users/tuannguyen/Work/excelsior-packages/packages/services/auth/tsup.config.ts
+[34mCLI[39m tsup v8.5.1
+[34mCLI[39m Using tsup config: /Users/tuannguyen/Work/xcelsior-packages/packages/services/auth/tsup.config.ts
 [34mCLI[39m Target: es2020
 [34mCLI[39m Cleaning output folder
 [34mCJS[39m Build start
 [34mESM[39m Build start
-[32mCJS[39m [1mdist/index.js     [22m[32m16.47 KB[39m
-[32mCJS[39m [1mdist/index.js.map [22m[32m30.61 KB[39m
-[32mCJS[39m ⚡️ Build success in 330ms
-[32mESM[39m [1mdist/index.mjs     [22m[32m14.28 KB[39m
-[32mESM[39m [1mdist/index.mjs.map [22m[32m30.43 KB[39m
-[32mESM[39m ⚡️ Build success in 332ms
+[32mCJS[39m [1mdist/index.js     [22m[32m19.89 KB[39m
+[32mCJS[39m [1mdist/index.js.map [22m[32m37.50 KB[39m
+[32mCJS[39m ⚡️ Build success in 150ms
+[32mESM[39m [1mdist/index.mjs     [22m[32m17.56 KB[39m
+[32mESM[39m [1mdist/index.mjs.map [22m[32m37.19 KB[39m
+[32mESM[39m ⚡️ Build success in 152ms
 DTS Build start
-DTS ⚡️ Build success in 4927ms
-DTS dist/index.d.ts  3.71 KB
-DTS dist/index.d.mts 3.71 KB
+DTS ⚡️ Build success in 2697ms
+DTS dist/index.d.ts  8.86 KB
+DTS dist/index.d.mts 8.86 KB

package/.turbo/turbo-lint.log CHANGED Viewed

@@ -1,5 +1,5 @@
-> @xcelsior/auth@0.1.1 lint /Users/tuannguyen/Work/excelsior-packages/packages/services/auth
+> @xcelsior/auth@1.0.0 lint /Users/tuannguyen/Work/xcelsior-packages/packages/services/auth
 > biome check .
 [0m[34mChecked [0m[0m[34m17[0m[0m[34m [0m[0m[34mfiles[0m[0m[34m in [0m[0m[34m15[0m[0m[2m[34mms[0m[0m[34m.[0m[0m[34m No fixes applied.[0m

package/.turbo/turbo-test.log CHANGED Viewed

@@ -1,5 +1,5 @@
-> @xcelsior/auth@0.1.1 test /Users/tuannguyen/Work/excelsior-packages/packages/services/auth
+> @xcelsior/auth@1.0.0 test /Users/tuannguyen/Work/xcelsior-packages/packages/services/auth
 > jest --passWithNoTests
 [1m[2mDetermining test suites to run...[22m[22m[999D[K[1mNo tests found, exiting with code 0[22m

package/dist/index.d.mts CHANGED Viewed

@@ -1,22 +1,47 @@
 import { z } from 'zod';
-interface StorageConfig {
-    type: 'dynamodb' | 'mongodb' | 'postgres';
-    options: DynamoDBConfig | MongoDBConfig | PostgresConfig;
+/** Filters for finding users */
+interface UserFilter {
+    /** Exact email match (uses index - performant) */
+    email?: string;
+    /** Partial email match - contains (uses scan - less performant) */
+    emailContains?: string;
+    /** User must have ALL of these roles */
+    roles?: string[];
+    /** User must have at least ONE of these roles */
+    hasAnyRole?: string[];
+    /** Filter by email verification status */
+    isEmailVerified?: boolean;
 }
-interface DynamoDBConfig {
-    tableName: string;
-    region: string;
+/** Options for paginated user queries */
+interface FindUsersOptions {
+    /** Maximum number of users to return (default: 50) */
+    limit?: number;
+    /** Pagination cursor from previous response */
+    cursor?: string;
 }
-interface MongoDBConfig {
-    uri: string;
-    dbName: string;
-    collectionName: string;
+/** Result of paginated user queries */
+interface FindUsersResult {
+    users: User[];
+    /** Cursor for next page, undefined if no more results */
+    nextCursor?: string;
 }
-interface PostgresConfig {
-    connectionString: string;
-    schema?: string;
-    tableName: string;
+interface IStorageProvider {
+    createUser(user: CreateUserInput): Promise<User>;
+    getUserById(id: UserId): Promise<User | null>;
+    getUserByEmail(email: string): Promise<User | null>;
+    getUserByResetPasswordToken(resetPasswordToken: string): Promise<User | null>;
+    getUserByVerifyEmailToken(verifyEmailToken: string): Promise<User | null>;
+    updateUser(id: UserId, updates: Partial<User> & Record<string, unknown>): Promise<void>;
+    deleteUser(id: UserId): Promise<void>;
+    findUsers(filter: UserFilter, options?: FindUsersOptions): Promise<FindUsersResult>;
+    createSession(session: CreateSessionInput): Promise<Session>;
+    getSessionById(id: SessionId): Promise<Session | null>;
+    getSessionsByUserId(userId: UserId): Promise<Session[]>;
+    updateSession(id: SessionId, updates: Partial<Session>): Promise<void>;
+    deleteSession(id: SessionId): Promise<void>;
+    deleteAllUserSessions(userId: UserId): Promise<void>;
+    deleteExpiredSessions(): Promise<void>;
 }
 interface EmailTemplates {
@@ -33,7 +58,7 @@ interface SMTPConfig {
     host: string;
     port: number;
     secure: boolean;
-    auth: {
+    auth?: {
         user: string;
         pass: string;
     };
@@ -53,13 +78,16 @@ interface EmailConfig {
     templates?: EmailTemplates;
 }
-declare const UserRoleSchema: z.ZodEnum<["ADMIN", "USER", "GUEST"]>;
-type UserRole = z.infer<typeof UserRoleSchema>;
+/** ID can be either auto-incremented number or UUID string */
+type UserId = string | number;
+type SessionId = string | number;
 declare const UserSchema: z.ZodObject<{
-    id: z.ZodString;
+    id: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
     email: z.ZodString;
+    firstName: z.ZodOptional<z.ZodString>;
+    lastName: z.ZodOptional<z.ZodString>;
     passwordHash: z.ZodString;
-    roles: z.ZodArray<z.ZodEnum<["ADMIN", "USER", "GUEST"]>, "many">;
+    roles: z.ZodArray<z.ZodString, "many">;
     isEmailVerified: z.ZodBoolean;
     verificationToken: z.ZodOptional<z.ZodString>;
     resetPasswordToken: z.ZodOptional<z.ZodString>;
@@ -67,73 +95,274 @@ declare const UserSchema: z.ZodObject<{
     createdAt: z.ZodNumber;
     updatedAt: z.ZodNumber;
 }, "strip", z.ZodTypeAny, {
-    id: string;
+    id: string | number;
     email: string;
     passwordHash: string;
-    roles: ("ADMIN" | "USER" | "GUEST")[];
+    roles: string[];
     isEmailVerified: boolean;
     createdAt: number;
     updatedAt: number;
+    firstName?: string | undefined;
+    lastName?: string | undefined;
     verificationToken?: string | undefined;
     resetPasswordToken?: string | undefined;
     resetPasswordExpires?: number | undefined;
 }, {
-    id: string;
+    id: string | number;
     email: string;
     passwordHash: string;
-    roles: ("ADMIN" | "USER" | "GUEST")[];
+    roles: string[];
     isEmailVerified: boolean;
     createdAt: number;
     updatedAt: number;
+    firstName?: string | undefined;
+    lastName?: string | undefined;
     verificationToken?: string | undefined;
     resetPasswordToken?: string | undefined;
     resetPasswordExpires?: number | undefined;
 }>;
+declare const CreateUserSchema: z.ZodObject<Omit<{
+    id: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
+    email: z.ZodString;
+    firstName: z.ZodOptional<z.ZodString>;
+    lastName: z.ZodOptional<z.ZodString>;
+    passwordHash: z.ZodString;
+    roles: z.ZodArray<z.ZodString, "many">;
+    isEmailVerified: z.ZodBoolean;
+    verificationToken: z.ZodOptional<z.ZodString>;
+    resetPasswordToken: z.ZodOptional<z.ZodString>;
+    resetPasswordExpires: z.ZodOptional<z.ZodNumber>;
+    createdAt: z.ZodNumber;
+    updatedAt: z.ZodNumber;
+}, "id" | "createdAt" | "updatedAt"> & {
+    createdAt: z.ZodOptional<z.ZodNumber>;
+    updatedAt: z.ZodOptional<z.ZodNumber>;
+    id: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber]>>;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+    passwordHash: string;
+    roles: string[];
+    isEmailVerified: boolean;
+    id?: string | number | undefined;
+    firstName?: string | undefined;
+    lastName?: string | undefined;
+    verificationToken?: string | undefined;
+    resetPasswordToken?: string | undefined;
+    resetPasswordExpires?: number | undefined;
+    createdAt?: number | undefined;
+    updatedAt?: number | undefined;
+}, {
+    email: string;
+    passwordHash: string;
+    roles: string[];
+    isEmailVerified: boolean;
+    id?: string | number | undefined;
+    firstName?: string | undefined;
+    lastName?: string | undefined;
+    verificationToken?: string | undefined;
+    resetPasswordToken?: string | undefined;
+    resetPasswordExpires?: number | undefined;
+    createdAt?: number | undefined;
+    updatedAt?: number | undefined;
+}>;
 type User = z.infer<typeof UserSchema>;
+type CreateUserInput = z.infer<typeof CreateUserSchema>;
+declare const SessionSchema: z.ZodObject<{
+    id: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
+    userId: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
+    refreshTokenHash: z.ZodString;
+    userAgent: z.ZodOptional<z.ZodString>;
+    ipAddress: z.ZodOptional<z.ZodString>;
+    deviceName: z.ZodOptional<z.ZodString>;
+    createdAt: z.ZodNumber;
+    lastUsedAt: z.ZodNumber;
+    expiresAt: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    id: string | number;
+    createdAt: number;
+    userId: string | number;
+    refreshTokenHash: string;
+    lastUsedAt: number;
+    expiresAt: number;
+    userAgent?: string | undefined;
+    ipAddress?: string | undefined;
+    deviceName?: string | undefined;
+}, {
+    id: string | number;
+    createdAt: number;
+    userId: string | number;
+    refreshTokenHash: string;
+    lastUsedAt: number;
+    expiresAt: number;
+    userAgent?: string | undefined;
+    ipAddress?: string | undefined;
+    deviceName?: string | undefined;
+}>;
+declare const CreateSessionSchema: z.ZodObject<Omit<{
+    id: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
+    userId: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
+    refreshTokenHash: z.ZodString;
+    userAgent: z.ZodOptional<z.ZodString>;
+    ipAddress: z.ZodOptional<z.ZodString>;
+    deviceName: z.ZodOptional<z.ZodString>;
+    createdAt: z.ZodNumber;
+    lastUsedAt: z.ZodNumber;
+    expiresAt: z.ZodNumber;
+}, "id" | "createdAt" | "lastUsedAt"> & {
+    createdAt: z.ZodOptional<z.ZodNumber>;
+    lastUsedAt: z.ZodOptional<z.ZodNumber>;
+    id: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber]>>;
+}, "strip", z.ZodTypeAny, {
+    userId: string | number;
+    refreshTokenHash: string;
+    expiresAt: number;
+    id?: string | number | undefined;
+    createdAt?: number | undefined;
+    userAgent?: string | undefined;
+    ipAddress?: string | undefined;
+    deviceName?: string | undefined;
+    lastUsedAt?: number | undefined;
+}, {
+    userId: string | number;
+    refreshTokenHash: string;
+    expiresAt: number;
+    id?: string | number | undefined;
+    createdAt?: number | undefined;
+    userAgent?: string | undefined;
+    ipAddress?: string | undefined;
+    deviceName?: string | undefined;
+    lastUsedAt?: number | undefined;
+}>;
+type Session = z.infer<typeof SessionSchema>;
+type CreateSessionInput = z.infer<typeof CreateSessionSchema>;
+/** Session info returned to clients (without sensitive data) */
+interface SessionInfo {
+    id: SessionId;
+    deviceName?: string;
+    userAgent?: string;
+    ipAddress?: string;
+    createdAt: number;
+    lastUsedAt: number;
+    isCurrent: boolean;
+}
 interface AuthConfig {
     jwt: {
         privateKey: string;
         publicKey: string;
         keyId: string;
         expiresIn: string;
+        refreshTokenExpiresIn?: string;
     };
-    storage: StorageConfig;
+    storage: IStorageProvider;
+    idGeneration: 'uuid' | 'increment';
     email: EmailConfig;
 }
+interface AuthTokens {
+    accessToken: string;
+    refreshToken: string;
+}
+interface LoginOptions {
+    userAgent?: string;
+    ipAddress?: string;
+    deviceName?: string;
+}
+/** Allowed fields for user updates */
+interface UserUpdateInput {
+    email?: string;
+    firstName?: string;
+    lastName?: string;
+    roles?: string[];
+    isEmailVerified?: boolean;
+    [key: string]: unknown;
+}
 declare class AuthService {
     private storage;
     private email;
     private config;
     constructor(config: AuthConfig);
-    private generateToken;
+    private generateAccessToken;
+    private generateRefreshToken;
+    private verifyRefreshToken;
+    private hashToken;
+    private getRefreshTokenExpiryMs;
     private hashPassword;
-    signup(email: string, password: string, roles?: UserRole[]): Promise<{
+    private createSession;
+    signup(createUserInput: CreateUserInput, password: string, options?: LoginOptions): Promise<{
         user: User;
-        token: string;
+        tokens: AuthTokens;
     }>;
-    signin(email: string, password: string): Promise<{
+    signin(email: string, password: string, options?: LoginOptions): Promise<{
         user: User;
-        token: string;
+        tokens: AuthTokens;
     }>;
+    refreshAccessToken(refreshToken: string): Promise<AuthTokens>;
+    /**
+     * Logout from current session only
+     */
+    logout(refreshToken: string): Promise<void>;
+    /**
+     * Revoke a specific session by ID
+     */
+    revokeSession(userId: UserId, sessionId: SessionId): Promise<void>;
+    /**
+     * Revoke all sessions for a user (logout from all devices)
+     */
+    revokeAllSessions(userId: UserId): Promise<void>;
+    /**
+     * Get all active sessions for a user
+     */
+    getSessions(userId: UserId, currentRefreshToken?: string): Promise<SessionInfo[]>;
     verifyEmail(token: string): Promise<void>;
     initiatePasswordReset(email: string): Promise<void>;
     resetPassword(token: string, newPassword: string): Promise<void>;
     verifyToken(token: string): Promise<{
-        id: string;
+        id: UserId;
         email: string;
-        roles: UserRole[];
+        roles: string[];
         isEmailVerified: boolean;
     }>;
-    hasRole(userId: string, requiredRoles: UserRole[]): Promise<boolean>;
+    hasRole(userId: UserId, requiredRoles: string[]): Promise<boolean>;
+    /**
+     * Get a user by ID
+     */
+    getUserById(id: UserId): Promise<User | null>;
+    /**
+     * Get a user by email
+     */
+    getUserByEmail(email: string): Promise<User | null>;
+    /**
+     * Update a user's profile information.
+     * Supports predefined fields (email, firstName, lastName, roles, isEmailVerified)
+     * as well as any additional custom fields.
+     */
+    updateUser(id: UserId, updates: UserUpdateInput): Promise<User>;
+    /**
+     * Delete a user and all their sessions
+     */
+    deleteUser(id: UserId): Promise<void>;
+    /**
+     * Find users with filtering and pagination
+     *
+     * @example
+     * // Find all admins
+     * const { users } = await authService.findUsers({ hasAnyRole: ['ADMIN'] });
+     *
+     * // Find verified users with email containing '@company.com'
+     * const result = await authService.findUsers({
+     *   emailContains: '@company.com',
+     *   isEmailVerified: true
+     * }, { limit: 20 });
+     */
+    findUsers(filter: UserFilter, options?: FindUsersOptions): Promise<FindUsersResult>;
 }
 declare class AuthMiddleware {
     private authService;
     constructor(authService: AuthService);
     verifyToken(): (req: any, res: any, next: any) => Promise<void>;
-    requireRoles(roles: UserRole[]): (req: any, res: any, next: any) => Promise<void>;
+    requireRoles(roles: string[]): (req: any, res: any, next: any) => Promise<void>;
     requireEmailVerified(): (req: any, res: any, next: any) => any;
 }
-export { type AuthConfig, AuthMiddleware, AuthService, type User, type UserRole, UserRoleSchema, UserSchema };
+export { type AuthConfig, AuthMiddleware, AuthService, type AuthTokens, type CreateSessionInput, CreateSessionSchema, type CreateUserInput, CreateUserSchema, type FindUsersOptions, type FindUsersResult, type IStorageProvider, type LoginOptions, type Session, type SessionId, type SessionInfo, SessionSchema, type User, type UserFilter, type UserId, UserSchema, type UserUpdateInput };