npm - ofauth-shared-core - Versions diffs - 0.1.0-alpha.0 - Mend

ofauth-shared-core 0.1.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/README.md +20 -0
package/dist/OfauthCore.d.ts +48 -0
package/dist/OfauthCore.js +200 -0
package/dist/contracts/AuthAuditContract.d.ts +25 -0
package/dist/contracts/AuthAuditContract.js +16 -0
package/dist/contracts/AuthErrorContract.d.ts +5 -0
package/dist/contracts/AuthErrorContract.js +2 -0
package/dist/contracts/AuthPolicyContract.d.ts +25 -0
package/dist/contracts/AuthPolicyContract.js +2 -0
package/dist/contracts/ContextContract.d.ts +27 -0
package/dist/contracts/ContextContract.js +8 -0
package/dist/contracts/IdentityContract.d.ts +36 -0
package/dist/contracts/IdentityContract.js +2 -0
package/dist/contracts/SessionContract.d.ts +25 -0
package/dist/contracts/SessionContract.js +10 -0
package/dist/data/applyPendingMigrations.d.ts +2 -0
package/dist/data/applyPendingMigrations.js +30 -0
package/dist/data/migrations.d.ts +2 -0
package/dist/data/migrations.js +47 -0
package/dist/data/schemas.d.ts +11 -0
package/dist/data/schemas.js +109 -0
package/dist/index.d.ts +20 -0
package/dist/index.js +36 -0
package/dist/runtime/ContractStage.d.ts +2 -0
package/dist/runtime/ContractStage.js +4 -0
package/dist/services/AuthAuditService.d.ts +7 -0
package/dist/services/AuthAuditService.js +2 -0
package/dist/services/AuthHostComposition.d.ts +40 -0
package/dist/services/AuthHostComposition.js +100 -0
package/dist/services/AuthPolicyService.d.ts +9 -0
package/dist/services/AuthPolicyService.js +2 -0
package/dist/services/ContextService.d.ts +6 -0
package/dist/services/ContextService.js +2 -0
package/dist/services/IdentityService.d.ts +15 -0
package/dist/services/IdentityService.js +2 -0
package/dist/services/SessionService.d.ts +7 -0
package/dist/services/SessionService.js +2 -0
package/dist/services/createContractOnlyOfauthServices.d.ts +13 -0
package/dist/services/createContractOnlyOfauthServices.js +82 -0
package/dist/services/createDbAdapterOfauthServices.d.ts +20 -0
package/dist/services/createDbAdapterOfauthServices.js +22 -0
package/dist/services/errors.d.ts +8 -0
package/dist/services/errors.js +20 -0
package/dist/services/impl/DbAdapterAuthAuditService.d.ts +14 -0
package/dist/services/impl/DbAdapterAuthAuditService.js +107 -0
package/dist/services/impl/DbAdapterAuthPolicyService.d.ts +17 -0
package/dist/services/impl/DbAdapterAuthPolicyService.js +114 -0
package/dist/services/impl/DbAdapterContextService.d.ts +13 -0
package/dist/services/impl/DbAdapterContextService.js +79 -0
package/dist/services/impl/DbAdapterIdentityService.d.ts +23 -0
package/dist/services/impl/DbAdapterIdentityService.js +146 -0
package/dist/services/impl/DbAdapterSessionService.d.ts +14 -0
package/dist/services/impl/DbAdapterSessionService.js +63 -0
package/dist/services/impl/runtimeSupport.d.ts +95 -0
package/dist/services/impl/runtimeSupport.js +112 -0
package/package.json +37 -0

package/dist/data/schemas.js ADDED Viewed

@@ -0,0 +1,109 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ofauthSchema = exports.OFAUTH_TABLES = void 0;
+exports.getOfauthTableSchemas = getOfauthTableSchemas;
+exports.OFAUTH_TABLES = {
+    identities: 'ofauth_identities',
+    assignments: 'ofauth_assignments',
+    sessions: 'ofauth_sessions',
+    policyProfiles: 'ofauth_policy_profiles',
+    policyStepups: 'ofauth_policy_stepups',
+    auditEvents: 'ofauth_audit_events',
+};
+const tableSchemas = [
+    {
+        name: exports.OFAUTH_TABLES.identities,
+        columns: [
+            { name: 'id', type: 'string' },
+            { name: 'principal', type: 'string', isIndexed: true },
+            { name: 'secretHash', type: 'string' },
+            { name: 'verifyMethod', type: 'string', enum: ['pin', 'password', 'custom'] },
+            { name: 'status', type: 'string', enum: ['active', 'disabled', 'locked'], isIndexed: true },
+            { name: 'failedAttempts', type: 'number' },
+            { name: 'lockoutUntil', type: 'string', isOptional: true },
+            { name: 'version', type: 'number' },
+            { name: 'lastModified', type: 'string' },
+            { name: 'deleted', type: 'boolean', isIndexed: true },
+        ],
+    },
+    {
+        name: exports.OFAUTH_TABLES.assignments,
+        columns: [
+            { name: 'id', type: 'string' },
+            { name: 'identityId', type: 'string', isIndexed: true },
+            { name: 'roleRef', type: 'string', isIndexed: true },
+            { name: 'tenantId', type: 'string', isOptional: true, isIndexed: true },
+            { name: 'branchId', type: 'string', isOptional: true, isIndexed: true },
+            { name: 'scopeAttributes', type: 'json', isOptional: true },
+            { name: 'version', type: 'number' },
+            { name: 'lastModified', type: 'string' },
+            { name: 'deleted', type: 'boolean', isIndexed: true },
+        ],
+    },
+    {
+        name: exports.OFAUTH_TABLES.sessions,
+        columns: [
+            { name: 'id', type: 'string' },
+            { name: 'identityId', type: 'string', isIndexed: true },
+            { name: 'activeAssignmentId', type: 'string', isOptional: true, isIndexed: true },
+            { name: 'assuranceLevel', type: 'string', enum: ['basic', 'elevated'], isIndexed: true },
+            { name: 'issuedAt', type: 'string' },
+            { name: 'expiresAt', type: 'string', isIndexed: true },
+            { name: 'revokedAt', type: 'string', isOptional: true },
+            { name: 'version', type: 'number' },
+            { name: 'lastModified', type: 'string' },
+            { name: 'deleted', type: 'boolean', isIndexed: true },
+        ],
+    },
+    {
+        name: exports.OFAUTH_TABLES.policyProfiles,
+        columns: [
+            { name: 'id', type: 'string' },
+            { name: 'profileId', type: 'string', isIndexed: true },
+            { name: 'defaultAssuranceLevel', type: 'string', enum: ['basic', 'elevated'] },
+            { name: 'lockoutPolicyRef', type: 'string' },
+            { name: 'version', type: 'number' },
+            { name: 'lastModified', type: 'string' },
+            { name: 'deleted', type: 'boolean', isIndexed: true },
+        ],
+    },
+    {
+        name: exports.OFAUTH_TABLES.policyStepups,
+        columns: [
+            { name: 'id', type: 'string' },
+            { name: 'actionRef', type: 'string', isIndexed: true },
+            { name: 'requiredAssuranceLevel', type: 'string', enum: ['basic', 'elevated'] },
+            { name: 'reauthWindowSeconds', type: 'number', isOptional: true },
+            { name: 'version', type: 'number' },
+            { name: 'lastModified', type: 'string' },
+            { name: 'deleted', type: 'boolean', isIndexed: true },
+        ],
+    },
+    {
+        name: exports.OFAUTH_TABLES.auditEvents,
+        columns: [
+            { name: 'id', type: 'string' },
+            { name: 'eventType', type: 'string', isIndexed: true },
+            { name: 'identityId', type: 'string', isOptional: true, isIndexed: true },
+            { name: 'sessionId', type: 'string', isOptional: true, isIndexed: true },
+            { name: 'tenantId', type: 'string', isOptional: true, isIndexed: true },
+            { name: 'branchId', type: 'string', isOptional: true, isIndexed: true },
+            { name: 'scopeAttributes', type: 'json', isOptional: true },
+            { name: 'result', type: 'string', enum: ['success', 'failed'], isIndexed: true },
+            { name: 'reasonCode', type: 'string', isOptional: true },
+            { name: 'timestamp', type: 'string', isIndexed: true },
+            { name: 'syncStatus', type: 'string', enum: ['pending', 'replayed'], isIndexed: true },
+            { name: 'replayedAt', type: 'string', isOptional: true, isIndexed: true },
+            { name: 'version', type: 'number' },
+            { name: 'lastModified', type: 'string' },
+            { name: 'deleted', type: 'boolean', isIndexed: true },
+        ],
+    },
+];
+exports.ofauthSchema = {
+    version: 2,
+    tables: tableSchemas,
+};
+function getOfauthTableSchemas() {
+    return exports.ofauthSchema.tables;
+}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+export * from './contracts/ContextContract';
+export * from './contracts/IdentityContract';
+export * from './contracts/SessionContract';
+export * from './contracts/AuthPolicyContract';
+export * from './contracts/AuthAuditContract';
+export * from './contracts/AuthErrorContract';
+export * from './services/IdentityService';
+export * from './services/SessionService';
+export * from './services/ContextService';
+export * from './services/AuthHostComposition';
+export * from './services/AuthPolicyService';
+export * from './services/AuthAuditService';
+export * from './services/createContractOnlyOfauthServices';
+export * from './services/createDbAdapterOfauthServices';
+export * from './services/errors';
+export * from './runtime/ContractStage';
+export * from './OfauthCore';
+export * from './data/schemas';
+export * from './data/migrations';
+export * from './data/applyPendingMigrations';

package/dist/index.js ADDED Viewed

@@ -0,0 +1,36 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./contracts/ContextContract"), exports);
+__exportStar(require("./contracts/IdentityContract"), exports);
+__exportStar(require("./contracts/SessionContract"), exports);
+__exportStar(require("./contracts/AuthPolicyContract"), exports);
+__exportStar(require("./contracts/AuthAuditContract"), exports);
+__exportStar(require("./contracts/AuthErrorContract"), exports);
+__exportStar(require("./services/IdentityService"), exports);
+__exportStar(require("./services/SessionService"), exports);
+__exportStar(require("./services/ContextService"), exports);
+__exportStar(require("./services/AuthHostComposition"), exports);
+__exportStar(require("./services/AuthPolicyService"), exports);
+__exportStar(require("./services/AuthAuditService"), exports);
+__exportStar(require("./services/createContractOnlyOfauthServices"), exports);
+__exportStar(require("./services/createDbAdapterOfauthServices"), exports);
+__exportStar(require("./services/errors"), exports);
+__exportStar(require("./runtime/ContractStage"), exports);
+__exportStar(require("./OfauthCore"), exports);
+__exportStar(require("./data/schemas"), exports);
+__exportStar(require("./data/migrations"), exports);
+__exportStar(require("./data/applyPendingMigrations"), exports);

package/dist/runtime/ContractStage.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export type OfauthContractStage = 'phase1-contract-only' \| 'phase2-runtime-logic';
2	+ export declare const OFAUTH_CONTRACT_STAGE: OfauthContractStage;

package/dist/runtime/ContractStage.js ADDED Viewed

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OFAUTH_CONTRACT_STAGE = void 0;
+exports.OFAUTH_CONTRACT_STAGE = 'phase1-contract-only';

package/dist/services/AuthAuditService.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { AuthAuditEvent, AuthAuditQuery, AuthAuditReplayQuery } from '../contracts/AuthAuditContract';
+export interface AuthAuditService {
+    appendEvent(event: AuthAuditEvent): Promise<void>;
+    queryEvents(query: AuthAuditQuery): Promise<AuthAuditEvent[]>;
+    listPendingReplay(query?: AuthAuditReplayQuery): Promise<AuthAuditEvent[]>;
+    markReplayed(eventIds: string[], replayedAt?: string): Promise<number>;
+}

package/dist/services/AuthAuditService.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/services/AuthHostComposition.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import type { AuthScopeRef, ContextAssignment } from '../contracts/ContextContract';
+import { type AssuranceLevel } from '../contracts/SessionContract';
+import type { OfauthDomainServices } from './createContractOnlyOfauthServices';
+import type { LoginRequest } from './IdentityService';
+export interface ResolvedAuthContext {
+    sessionId: string;
+    identityId: string;
+    principal: string;
+    assignments: ContextAssignment[];
+    activeContextAssignmentId?: string;
+    activeAssignment?: ContextAssignment;
+    scopeRef: AuthScopeRef;
+    roleRef?: string;
+    assuranceLevel: AssuranceLevel;
+}
+export interface ProtectedRoutePolicy {
+    minimumAssuranceLevel?: AssuranceLevel;
+    requiredRoleRefs?: string[];
+    requiredTenantId?: string;
+    requiredBranchId?: string;
+    requiredScopeAttributes?: Record<string, string>;
+}
+export interface ProtectedRouteGateResult {
+    allowed: boolean;
+    reasonCode?: 'NO_SESSION' | 'ASSURANCE_TOO_LOW' | 'ROLE_FORBIDDEN' | 'SCOPE_FORBIDDEN';
+}
+export declare function loginWithResolvedContext(services: Pick<OfauthDomainServices, 'identityService' | 'sessionService' | 'contextService'>, input: LoginRequest): Promise<ResolvedAuthContext>;
+export declare function refreshResolvedContext(services: Pick<OfauthDomainServices, 'sessionService' | 'contextService'>, input: {
+    sessionId: string;
+    identityId: string;
+    principal: string;
+}): Promise<ResolvedAuthContext | null>;
+export declare function switchContextWithResolvedState(services: Pick<OfauthDomainServices, 'sessionService' | 'contextService'>, input: {
+    sessionId: string;
+    identityId: string;
+    principal: string;
+    targetAssignmentId: string;
+    reasonCode?: string;
+}): Promise<ResolvedAuthContext>;
+export declare function evaluateProtectedRouteGate(resolved: ResolvedAuthContext | null, policy?: ProtectedRoutePolicy): ProtectedRouteGateResult;

package/dist/services/AuthHostComposition.js ADDED Viewed

@@ -0,0 +1,100 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loginWithResolvedContext = loginWithResolvedContext;
+exports.refreshResolvedContext = refreshResolvedContext;
+exports.switchContextWithResolvedState = switchContextWithResolvedState;
+exports.evaluateProtectedRouteGate = evaluateProtectedRouteGate;
+const SessionContract_1 = require("../contracts/SessionContract");
+function findAssignment(assignments, assignmentId) {
+    if (!assignmentId)
+        return undefined;
+    return assignments.find((row) => row.assignmentId === assignmentId);
+}
+function isScopeAllowed(scope, policy) {
+    if (policy.requiredTenantId && scope.tenantId !== policy.requiredTenantId)
+        return false;
+    if (policy.requiredBranchId && scope.branchId !== policy.requiredBranchId)
+        return false;
+    if (policy.requiredScopeAttributes) {
+        const attrs = scope.attributes ?? {};
+        for (const [key, value] of Object.entries(policy.requiredScopeAttributes)) {
+            if (attrs[key] !== value)
+                return false;
+        }
+    }
+    return true;
+}
+async function buildResolvedContext(services, input) {
+    const session = await services.sessionService.getActiveSession(input.sessionId);
+    if (!session)
+        return null;
+    const assignments = await services.contextService.listAssignments(input.identityId);
+    let activeContext = await services.contextService.getActiveContext(input.sessionId);
+    if (!activeContext && assignments[0]) {
+        const switched = await services.contextService.switchContext({
+            sessionId: input.sessionId,
+            targetAssignmentId: assignments[0].assignmentId,
+            ...(input.assignmentFallbackReason ? { reasonCode: input.assignmentFallbackReason } : {}),
+        });
+        activeContext = switched.activeContext;
+    }
+    const activeAssignment = findAssignment(assignments, activeContext?.assignmentId);
+    return {
+        sessionId: input.sessionId,
+        identityId: input.identityId,
+        principal: input.principal,
+        assignments,
+        activeContextAssignmentId: activeContext?.assignmentId,
+        activeAssignment,
+        scopeRef: activeContext?.scopeRef ?? activeAssignment?.scopeRef ?? session.activeScopeRef ?? {},
+        roleRef: activeAssignment?.roleRef,
+        assuranceLevel: session.assuranceLevel,
+    };
+}
+async function loginWithResolvedContext(services, input) {
+    const login = await services.identityService.login(input);
+    const resolved = await buildResolvedContext(services, {
+        sessionId: login.sessionId,
+        identityId: login.identity.identityId,
+        principal: login.identity.principal,
+        assignmentFallbackReason: 'AUTO_CONTEXT_AFTER_LOGIN',
+    });
+    if (!resolved) {
+        throw new Error('session is not active after login');
+    }
+    return resolved;
+}
+async function refreshResolvedContext(services, input) {
+    return buildResolvedContext(services, input);
+}
+async function switchContextWithResolvedState(services, input) {
+    await services.contextService.switchContext({
+        sessionId: input.sessionId,
+        targetAssignmentId: input.targetAssignmentId,
+        ...(input.reasonCode ? { reasonCode: input.reasonCode } : {}),
+    });
+    const resolved = await buildResolvedContext(services, input);
+    if (!resolved) {
+        throw new Error('session is not active while switching context');
+    }
+    return resolved;
+}
+function evaluateProtectedRouteGate(resolved, policy = {}) {
+    if (!resolved) {
+        return { allowed: false, reasonCode: 'NO_SESSION' };
+    }
+    const minimumAssurance = policy.minimumAssuranceLevel ?? 'basic';
+    if (!(0, SessionContract_1.isAssuranceLevelAtLeast)(resolved.assuranceLevel, minimumAssurance)) {
+        return { allowed: false, reasonCode: 'ASSURANCE_TOO_LOW' };
+    }
+    if (policy.requiredRoleRefs?.length) {
+        const hasRole = !!resolved.roleRef && policy.requiredRoleRefs.includes(resolved.roleRef);
+        if (!hasRole) {
+            return { allowed: false, reasonCode: 'ROLE_FORBIDDEN' };
+        }
+    }
+    if (!isScopeAllowed(resolved.scopeRef, policy)) {
+        return { allowed: false, reasonCode: 'SCOPE_FORBIDDEN' };
+    }
+    return { allowed: true };
+}

package/dist/services/AuthPolicyService.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { AuthPolicySnapshot, StepUpEvaluation, StepUpRequirement } from '../contracts/AuthPolicyContract';
+import type { SessionRef } from '../contracts/SessionContract';
+export interface AuthPolicyService {
+    getPolicySnapshot(): Promise<AuthPolicySnapshot>;
+    getStepUpRequirement(actionRef: string): Promise<StepUpRequirement | null>;
+    evaluateStepUp(sessionId: string, actionRef: string): Promise<StepUpEvaluation>;
+    enforceStepUp(sessionId: string, actionRef: string): Promise<void>;
+    markStepUpPassed(sessionId: string, actionRef: string): Promise<SessionRef>;
+}

package/dist/services/AuthPolicyService.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/services/ContextService.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import type { ActiveContext, ContextAssignment, ContextSwitchRequest, ContextSwitchResult } from '../contracts/ContextContract';
+export interface ContextService {
+    listAssignments(identityId: string): Promise<ContextAssignment[]>;
+    getActiveContext(sessionId: string): Promise<ActiveContext | null>;
+    switchContext(input: ContextSwitchRequest): Promise<ContextSwitchResult>;
+}

package/dist/services/ContextService.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/services/IdentityService.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { CredentialVerifyRequest, CredentialVerifyResult, IdentityRef } from '../contracts/IdentityContract';
+export interface LoginRequest {
+    principal: string;
+    secret: string;
+    verifyMethod: 'pin' | 'password' | 'custom';
+}
+export interface LoginResult {
+    identity: IdentityRef;
+    sessionId: string;
+}
+export interface IdentityService {
+    verifyCredential(input: CredentialVerifyRequest): Promise<CredentialVerifyResult>;
+    login(input: LoginRequest): Promise<LoginResult>;
+    logout(sessionId: string): Promise<void>;
+}

package/dist/services/IdentityService.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/services/SessionService.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { CreateSessionRequest, RefreshSessionRequest, RevokeSessionRequest, SessionRef } from '../contracts/SessionContract';
+export interface SessionService {
+    createSession(input: CreateSessionRequest): Promise<SessionRef>;
+    refreshSession(input: RefreshSessionRequest): Promise<SessionRef>;
+    revokeSession(input: RevokeSessionRequest): Promise<void>;
+    getActiveSession(sessionId: string): Promise<SessionRef | null>;
+}

package/dist/services/SessionService.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/services/createContractOnlyOfauthServices.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { AuthAuditService } from './AuthAuditService';
+import type { AuthPolicyService } from './AuthPolicyService';
+import type { ContextService } from './ContextService';
+import type { IdentityService } from './IdentityService';
+import type { SessionService } from './SessionService';
+export interface OfauthDomainServices {
+    identityService: IdentityService;
+    sessionService: SessionService;
+    contextService: ContextService;
+    authPolicyService: AuthPolicyService;
+    authAuditService: AuthAuditService;
+}
+export declare function createContractOnlyOfauthServices(): OfauthDomainServices;

package/dist/services/createContractOnlyOfauthServices.js ADDED Viewed

@@ -0,0 +1,82 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createContractOnlyOfauthServices = createContractOnlyOfauthServices;
+function notImplemented(message) {
+    const error = {
+        code: 'AUTH_NOT_IMPLEMENTED',
+        message,
+        retryable: false,
+    };
+    throw error;
+}
+function createContractOnlyOfauthServices() {
+    return {
+        identityService: {
+            async verifyCredential() {
+                return notImplemented('identityService.verifyCredential not implemented yet');
+            },
+            async login() {
+                return notImplemented('identityService.login not implemented yet');
+            },
+            async logout() {
+                return notImplemented('identityService.logout not implemented yet');
+            },
+        },
+        sessionService: {
+            async createSession() {
+                return notImplemented('sessionService.createSession not implemented yet');
+            },
+            async refreshSession() {
+                return notImplemented('sessionService.refreshSession not implemented yet');
+            },
+            async revokeSession() {
+                return notImplemented('sessionService.revokeSession not implemented yet');
+            },
+            async getActiveSession() {
+                return notImplemented('sessionService.getActiveSession not implemented yet');
+            },
+        },
+        contextService: {
+            async listAssignments() {
+                return notImplemented('contextService.listAssignments not implemented yet');
+            },
+            async getActiveContext() {
+                return notImplemented('contextService.getActiveContext not implemented yet');
+            },
+            async switchContext() {
+                return notImplemented('contextService.switchContext not implemented yet');
+            },
+        },
+        authPolicyService: {
+            async getPolicySnapshot() {
+                return notImplemented('authPolicyService.getPolicySnapshot not implemented yet');
+            },
+            async getStepUpRequirement() {
+                return notImplemented('authPolicyService.getStepUpRequirement not implemented yet');
+            },
+            async evaluateStepUp() {
+                return notImplemented('authPolicyService.evaluateStepUp not implemented yet');
+            },
+            async enforceStepUp() {
+                return notImplemented('authPolicyService.enforceStepUp not implemented yet');
+            },
+            async markStepUpPassed() {
+                return notImplemented('authPolicyService.markStepUpPassed not implemented yet');
+            },
+        },
+        authAuditService: {
+            async appendEvent() {
+                return notImplemented('authAuditService.appendEvent not implemented yet');
+            },
+            async queryEvents() {
+                return notImplemented('authAuditService.queryEvents not implemented yet');
+            },
+            async listPendingReplay() {
+                return notImplemented('authAuditService.listPendingReplay not implemented yet');
+            },
+            async markReplayed() {
+                return notImplemented('authAuditService.markReplayed not implemented yet');
+            },
+        },
+    };
+}

package/dist/services/createDbAdapterOfauthServices.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import type { ActivityRecord, DbAdapter, LoggerAdapter, PlatformAdapter } from 'ofcore';
+import type { AuthAuditService } from './AuthAuditService';
+import type { AuthPolicyService } from './AuthPolicyService';
+import type { ContextService } from './ContextService';
+import type { IdentityService } from './IdentityService';
+import type { SessionService } from './SessionService';
+import type { OfauthDomainServices } from './createContractOnlyOfauthServices';
+export interface ServiceRuntimeOptions {
+    logger?: LoggerAdapter;
+    platformAdapter?: PlatformAdapter;
+    emitActivity?: (record: ActivityRecord) => Promise<void>;
+}
+export interface OfauthDbAdapterServices extends OfauthDomainServices {
+    identityService: IdentityService;
+    sessionService: SessionService;
+    contextService: ContextService;
+    authPolicyService: AuthPolicyService;
+    authAuditService: AuthAuditService;
+}
+export declare function createDbAdapterOfauthServices(db: DbAdapter, options?: ServiceRuntimeOptions): Promise<OfauthDbAdapterServices>;

package/dist/services/createDbAdapterOfauthServices.js ADDED Viewed

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createDbAdapterOfauthServices = createDbAdapterOfauthServices;
+const DbAdapterAuthAuditService_1 = require("./impl/DbAdapterAuthAuditService");
+const DbAdapterAuthPolicyService_1 = require("./impl/DbAdapterAuthPolicyService");
+const DbAdapterContextService_1 = require("./impl/DbAdapterContextService");
+const DbAdapterIdentityService_1 = require("./impl/DbAdapterIdentityService");
+const DbAdapterSessionService_1 = require("./impl/DbAdapterSessionService");
+async function createDbAdapterOfauthServices(db, options = {}) {
+    const authAuditService = new DbAdapterAuthAuditService_1.DbAdapterAuthAuditService(db, options);
+    const sessionService = new DbAdapterSessionService_1.DbAdapterSessionService(db, options);
+    const contextService = new DbAdapterContextService_1.DbAdapterContextService(db, authAuditService);
+    const authPolicyService = new DbAdapterAuthPolicyService_1.DbAdapterAuthPolicyService(db, authAuditService);
+    const identityService = new DbAdapterIdentityService_1.DbAdapterIdentityService(db, options, sessionService, contextService, authAuditService);
+    return {
+        identityService,
+        sessionService,
+        contextService,
+        authPolicyService,
+        authAuditService,
+    };
+}

package/dist/services/errors.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { AuthErrorCode } from '../contracts/AuthErrorContract';
+export declare class OfauthDomainError extends Error {
+    readonly code: AuthErrorCode;
+    readonly retryable: boolean;
+    constructor(code: AuthErrorCode, message: string, retryable?: boolean);
+}
+export declare function unauthorized(code: AuthErrorCode, message: string): OfauthDomainError;
+export declare function invalidState(message: string): OfauthDomainError;

package/dist/services/errors.js ADDED Viewed

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OfauthDomainError = void 0;
+exports.unauthorized = unauthorized;
+exports.invalidState = invalidState;
+class OfauthDomainError extends Error {
+    constructor(code, message, retryable = false) {
+        super(message);
+        this.code = code;
+        this.retryable = retryable;
+        this.name = 'OfauthDomainError';
+    }
+}
+exports.OfauthDomainError = OfauthDomainError;
+function unauthorized(code, message) {
+    return new OfauthDomainError(code, message, false);
+}
+function invalidState(message) {
+    return new OfauthDomainError('AUTH_NOT_IMPLEMENTED', message, false);
+}

package/dist/services/impl/DbAdapterAuthAuditService.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import type { DbAdapter } from 'ofcore';
+import type { AuthAuditEvent, AuthAuditQuery, AuthAuditReplayQuery } from '../../contracts/AuthAuditContract';
+import type { AuthAuditService } from '../AuthAuditService';
+import type { ServiceRuntimeOptions } from './runtimeSupport';
+export declare class DbAdapterAuthAuditService implements AuthAuditService {
+    private readonly db;
+    private readonly options;
+    private readonly newId;
+    constructor(db: DbAdapter, options: ServiceRuntimeOptions);
+    appendEvent(event: AuthAuditEvent): Promise<void>;
+    queryEvents(query: AuthAuditQuery): Promise<AuthAuditEvent[]>;
+    listPendingReplay(query?: AuthAuditReplayQuery): Promise<AuthAuditEvent[]>;
+    markReplayed(eventIds: string[], replayedAt?: string): Promise<number>;
+}