say-auth 1.0.0

package/dist/index.d.ts

@@ -0,0 +1,312 @@
+import { AxiosInstance } from 'axios';
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import React$1 from 'react';
+
+interface User {
+    id: string;
+    email: string;
+    name: string;
+    role?: string;
+    avatar?: string;
+    mfaEnabled: boolean;
+    mfaSecret?: string;
+    backupCodes?: string[];
+    createdAt?: Date;
+    updatedAt?: Date;
+}
+interface AuthTokens {
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+}
+interface LoginCredentials {
+    email: string;
+    password: string;
+}
+interface RegisterData {
+    email: string;
+    password: string;
+    name: string;
+}
+interface AuthState {
+    user: User | null;
+    tokens: AuthTokens | null;
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    error: string | null;
+}
+interface MFAVerify {
+    userId: string;
+    code: string;
+    trustDevice?: boolean;
+}
+interface TokenBlacklistEntry {
+    token: string;
+    userId: string;
+    expiresAt: Date;
+    reason: 'logout' | 'revoke' | 'security';
+}
+interface AuditEntry$1 {
+    action: string;
+    userId?: string;
+    email?: string;
+    ipAddress: string;
+    userAgent: string;
+    timestamp: Date;
+    details?: Record<string, any>;
+    success: boolean;
+    errorMessage?: string;
+}
+
+declare class AuthService {
+    private static instance;
+    private axiosInstance;
+    private state;
+    private listeners;
+    private baseURL;
+    private constructor();
+    static getInstance(apiUrl?: string): AuthService;
+    private makeRequest;
+    healthCheck(): Promise<boolean>;
+    healthCheckWithRetry(retries?: number): Promise<boolean>;
+    private loadInitialState;
+    private notifyListeners;
+    subscribe(listener: (state: AuthState) => void): () => void;
+    private updateState;
+    login(credentials: LoginCredentials): Promise<{
+        requiresMFA: boolean;
+        user?: User;
+    }>;
+    verifyMFA(code: string, trustDevice?: boolean): Promise<User>;
+    register(data: RegisterData): Promise<User>;
+    logout(reason?: 'logout' | 'revoke' | 'security'): Promise<void>;
+    refreshSession(): Promise<void>;
+    logoutAllDevices(): Promise<void>;
+    changePassword(currentPassword: string, newPassword: string): Promise<void>;
+    hasRole(role: string | string[]): boolean;
+    getAxiosInstance(): AxiosInstance;
+    getUser(): User | null;
+    getState(): AuthState;
+}
+
+declare class SecureTokenStorage {
+    private static instance;
+    private encryptionKey;
+    private memoryCache;
+    private readonly TOKEN_VERSION;
+    private readonly SUPPORTED_VERSIONS;
+    private constructor();
+    static getInstance(): SecureTokenStorage;
+    private getOrCreateEncryptionKey;
+    private generateEncryptionKey;
+    private encrypt;
+    private decrypt;
+    setTokens(tokens: AuthTokens): void;
+    getTokens(): AuthTokens | null;
+    private migrateTokenFormat;
+    shouldRefreshToken(): boolean;
+    getTokenAge(): number | null;
+    setUser(user: User): void;
+    getUser(): User | null;
+    clear(): void;
+    hardClear(): void;
+    getStorageInfo(): {
+        hasTokens: boolean;
+        hasUser: boolean;
+        tokenVersion: string | null;
+    };
+}
+
+declare class TokenManager {
+    private static instance;
+    private refreshPromise;
+    static getInstance(): TokenManager;
+    getAccessToken(): string | null;
+    isTokenExpired(): boolean;
+    refreshToken(refreshFn: () => Promise<AuthTokens>): Promise<string>;
+    private performRefresh;
+}
+
+declare class TokenBlacklist {
+    private static instance;
+    private blacklist;
+    private cleanupInterval;
+    private constructor();
+    static getInstance(): TokenBlacklist;
+    addToBlacklist(token: string, userId: string, reason: TokenBlacklistEntry['reason']): Promise<void>;
+    isBlacklisted(token: string): Promise<boolean>;
+    revokeAllUserTokens(userId: string): Promise<void>;
+    private hashToken;
+    private syncToBackend;
+    private revokeAllOnBackend;
+    private startCleanup;
+    stopCleanup(): void;
+}
+
+declare class MFAService {
+    private static instance;
+    static getInstance(): MFAService;
+    setupMFA(userId: string, email: string): Promise<{
+        secret: string;
+        qrCode: string;
+        backupCodes: string[];
+    }>;
+    verifyAndEnableMFA(userId: string, code: string): Promise<boolean>;
+    verifyMFA(userId: string, code: string): Promise<boolean>;
+    private generateBackupCodes;
+    private saveMFAConfig;
+    private getUserMFASecret;
+}
+
+declare class RateLimiter {
+    private static instance;
+    private attempts;
+    private readonly MAX_ATTEMPTS;
+    private readonly WINDOW_MS;
+    private readonly BLOCK_DURATION_MS;
+    static getInstance(): RateLimiter;
+    checkRateLimit(identifier: string): {
+        allowed: boolean;
+        waitTime?: number;
+    };
+    reset(identifier: string): void;
+}
+
+declare enum AuditAction {
+    LOGIN_SUCCESS = "LOGIN_SUCCESS",
+    LOGIN_FAILURE = "LOGIN_FAILURE",
+    LOGOUT = "LOGOUT",
+    REGISTER_SUCCESS = "REGISTER_SUCCESS",
+    PASSWORD_CHANGE = "PASSWORD_CHANGE",
+    TOKEN_REFRESH = "TOKEN_REFRESH",
+    SESSION_TERMINATED = "SESSION_TERMINATED",
+    MFA_ENABLED = "MFA_ENABLED",
+    MFA_DISABLED = "MFA_DISABLED",
+    MFA_VERIFIED = "MFA_VERIFIED"
+}
+interface AuditEntry {
+    action: AuditAction;
+    userId?: string;
+    email?: string;
+    ipAddress: string;
+    userAgent: string;
+    timestamp: Date;
+    details?: Record<string, any>;
+    success: boolean;
+    errorMessage?: string;
+}
+declare class AuditLogger {
+    private static instance;
+    private logQueue;
+    private isFlushing;
+    static getInstance(): AuditLogger;
+    log(entry: Omit<AuditEntry, 'timestamp' | 'ipAddress' | 'userAgent'>): Promise<void>;
+    private scheduleFlush;
+    private flush;
+    private getClientIP;
+}
+
+declare class SessionManager {
+    private static instance;
+    private activeSessions;
+    static getInstance(): SessionManager;
+    registerSession(userId: string): Promise<string>;
+    validateSession(userId: string, deviceId: string): Promise<boolean>;
+    terminateSession(userId: string): Promise<void>;
+    terminateAllOtherSessions(userId: string, currentDeviceId: string): Promise<void>;
+    getActiveSessionsCount(userId: string): number;
+}
+
+declare class DeviceFingerprint {
+    static generate(): Promise<string>;
+    private static hashObject;
+}
+
+declare function useAuth(apiUrl?: string): {
+    login: (credentials: LoginCredentials) => Promise<{
+        requiresMFA: boolean;
+        user?: User;
+    }>;
+    verifyMFA: (code: string, trustDevice?: boolean) => Promise<User>;
+    register: (data: RegisterData) => Promise<User>;
+    logout: () => Promise<void>;
+    refreshSession: () => Promise<void>;
+    hasRole: (role: string | string[]) => boolean;
+    user: User | null;
+    tokens: AuthTokens | null;
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    error: string | null;
+};
+
+declare function useProtectedRoute(redirectTo?: string, requiredRole?: string | string[]): {
+    isAuthenticated: boolean;
+    isLoading: boolean;
+};
+
+interface AuthProviderProps {
+    children: React$1.ReactNode;
+    apiUrl?: string;
+}
+declare function AuthProvider({ children, apiUrl }: AuthProviderProps): react_jsx_runtime.JSX.Element;
+
+interface ProtectedRouteProps {
+    children: React.ReactNode;
+    requiredRole?: string | string[];
+    fallback?: React.ReactNode;
+}
+declare function ProtectedRoute({ children, requiredRole, fallback }: ProtectedRouteProps): react_jsx_runtime.JSX.Element | null;
+
+interface MFASetupProps {
+    userId: string;
+    email: string;
+    onComplete: () => void;
+    onCancel: () => void;
+}
+declare function MFASetup({ userId, email, onComplete, onCancel }: MFASetupProps): react_jsx_runtime.JSX.Element;
+
+interface MFAVerificationProps {
+    onSubmit: (code: string, trustDevice: boolean) => Promise<void>;
+    onBack?: () => void;
+}
+declare function MFAVerification({ onSubmit, onBack }: MFAVerificationProps): react_jsx_runtime.JSX.Element;
+
+declare function SessionWarning({ warningMinutes }: {
+    warningMinutes?: number;
+}): react_jsx_runtime.JSX.Element | null;
+
+declare function setupAuthInterceptors(axiosInstance: AxiosInstance, baseURL: string): void;
+
+declare function cn(...classes: (string | undefined | false)[]): string;
+declare function getErrorMessage(error: unknown): string;
+declare function isValidEmail(email: string): boolean;
+
+declare const AUTH_CONFIG: {
+    tokenRefreshThreshold: number;
+    maxLoginAttempts: number;
+    lockoutDuration: number;
+    sessionTimeout: number;
+    mfaCodeLength: number;
+    backupCodesCount: number;
+    trustDeviceDuration: number;
+};
+declare const STORAGE_KEYS: {
+    tokens: string;
+    user: string;
+    encryptionKey: string;
+    deviceId: string;
+    trustedDevices: string;
+};
+declare const API_ENDPOINTS: {
+    login: string;
+    logout: string;
+    register: string;
+    refresh: string;
+    mfaSetup: string;
+    mfaVerify: string;
+    mfaDisable: string;
+    changePassword: string;
+    audit: string;
+};
+
+export { API_ENDPOINTS, AUTH_CONFIG, AuditAction, type AuditEntry$1 as AuditEntry, AuditLogger, AuthProvider, AuthService, type AuthState, type AuthTokens, DeviceFingerprint, type LoginCredentials, MFAService, MFASetup, MFAVerification, type MFAVerify, ProtectedRoute, RateLimiter, type RegisterData, STORAGE_KEYS, SessionManager, SessionWarning, TokenBlacklist, type TokenBlacklistEntry, TokenManager, SecureTokenStorage as TokenStorage, type User, cn, getErrorMessage, isValidEmail, setupAuthInterceptors, useAuth, useProtectedRoute };