UNPKG

@kitiumai/auth-mongo

Version:

Enterprise-grade MongoDB storage adapter for @kitiumai/auth with full support for users, sessions, OAuth links, API keys, 2FA, RBAC, and SSO

github.com/kitium-ai/auth-mongo

kitium-ai/auth-mongo

130 lines (126 loc) 6.73 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
import { Document, MongoClientOptions } from 'mongodb'; import { StorageAdapter, ApiKeyRecord, SessionRecord, OrganizationRecord, CreateUserInput, UserRecord, UpdateUserInput, OAuthLink, EmailVerificationToken, AuthEvent, RoleRecord, SSOLink, SSOSession, TwoFactorDevice, BackupCode, TwoFactorSession } from '@kitiumai/auth'; type ApiKeyHashAlgorithm = 'sha256' | 'scrypt'; interface MongoDocument extends Document { _id?: string; [key: string]: unknown; } type MongoAdapterOptions = MongoClientOptions & { operationTimeoutMS?: number; maxRetries?: number; databaseName?: string; apiKeyHashAlgorithm?: ApiKeyHashAlgorithm; apiKeySalt?: Buffer; }; declare class MongoStorageAdapter implements StorageAdapter { private client; private db; private readonly logger; private readonly defaultRetries; private readonly databaseName; private readonly operationTimeoutMS; private readonly apiKeyHashAlgorithm; private readonly apiKeySalt?; constructor(connectionString: string, options?: MongoAdapterOptions); connect(): Promise<void>; disconnect(): Promise<void>; private getDatabase; private getCollection; private withRetry; healthCheck(): Promise<{ status: 'ok' | 'error'; latencyMs: number; }>; private runMigrations; private createCollections; private createIndexes; /** * Create an API key with plaintext secret (convenience method) */ createApiKeyWithSecret(principalId: string, scopes: string[], prefix?: string): Promise<{ record: ApiKeyRecord; key: string; }>; private hashApiKeySecret; verifyApiKeySecret(rawKey: string): Promise<ApiKeyRecord | null>; rotateApiKey(id: string, options?: { scopes?: string[]; expiresOldKeysAt?: Date; }): Promise<{ record: ApiKeyRecord; key: string; }>; createApiKey(data: Omit<ApiKeyRecord, 'id' | 'createdAt' | 'updatedAt'>): Promise<ApiKeyRecord>; getApiKey(id: string): Promise<ApiKeyRecord | null>; getApiKeyByHash(hash: string): Promise<ApiKeyRecord | null>; getApiKeysByPrefixAndLastFour(prefix: string, lastFour: string): Promise<ApiKeyRecord[]>; updateApiKey(id: string, data: Partial<ApiKeyRecord>): Promise<ApiKeyRecord>; deleteApiKey(id: string): Promise<void>; listApiKeys(principalId: string): Promise<ApiKeyRecord[]>; createSession(data: Omit<SessionRecord, 'id' | 'createdAt'>): Promise<SessionRecord>; getSession(id: string): Promise<SessionRecord | null>; updateSession(id: string, data: Partial<SessionRecord>): Promise<SessionRecord>; deleteSession(id: string): Promise<void>; createOrganization(data: Omit<OrganizationRecord, 'id' | 'createdAt' | 'updatedAt'>): Promise<OrganizationRecord>; getOrganization(id: string): Promise<OrganizationRecord | null>; updateOrganization(id: string, data: Partial<OrganizationRecord>): Promise<OrganizationRecord>; deleteOrganization(id: string): Promise<void>; createUser(data: CreateUserInput): Promise<UserRecord>; getUser(id: string): Promise<UserRecord | null>; getUserByEmail(email: string): Promise<UserRecord | null>; getUserByOAuth(provider: string, sub: string): Promise<UserRecord | null>; updateUser(id: string, data: UpdateUserInput): Promise<UserRecord>; deleteUser(id: string): Promise<void>; linkOAuthAccount(userId: string, provider: string, oauthLink: OAuthLink): Promise<UserRecord>; createEmailVerificationToken(data: Omit<EmailVerificationToken, 'id'>): Promise<EmailVerificationToken>; getEmailVerificationTokens(email: string, type?: string): Promise<EmailVerificationToken[]>; getEmailVerificationTokenById(id: string): Promise<EmailVerificationToken | null>; markEmailVerificationTokenAsUsed(id: string): Promise<EmailVerificationToken>; deleteExpiredEmailVerificationTokens(): Promise<number>; getEmailVerificationTokenAttempts(tokenId: string): Promise<number>; incrementEmailVerificationTokenAttempts(tokenId: string): Promise<number>; emitEvent(event: AuthEvent): Promise<void>; createRole(data: Omit<RoleRecord, 'id' | 'createdAt' | 'updatedAt'>): Promise<RoleRecord>; getRole(roleId: string): Promise<RoleRecord | null>; updateRole(roleId: string, data: Partial<RoleRecord>): Promise<RoleRecord>; deleteRole(roleId: string): Promise<void>; listRoles(orgId: string): Promise<RoleRecord[]>; assignRoleToUser(userId: string, roleId: string, orgId: string): Promise<RoleRecord>; revokeRoleFromUser(userId: string, roleId: string, orgId: string): Promise<void>; getUserRoles(userId: string, orgId: string): Promise<RoleRecord[]>; createSSOProvider(data: MongoDocument): Promise<unknown>; getSSOProvider(providerId: string): Promise<unknown | null>; updateSSOProvider(providerId: string, data: Partial<unknown>): Promise<unknown>; deleteSSOProvider(providerId: string): Promise<void>; listSSOProviders(orgId?: string): Promise<unknown[]>; createSSOLink(data: Omit<SSOLink, 'id' | 'linkedAt'>): Promise<SSOLink>; getSSOLink(linkId: string): Promise<SSOLink | null>; getUserSSOLinks(userId: string): Promise<SSOLink[]>; deleteSSOLink(linkId: string): Promise<void>; createSSOSession(data: Omit<SSOSession, 'id' | 'linkedAt'>): Promise<SSOSession>; getSSOSession(sessionId: string): Promise<SSOSession | null>; createTwoFactorDevice(data: Omit<TwoFactorDevice, 'id' | 'createdAt'>): Promise<TwoFactorDevice>; getTwoFactorDevice(deviceId: string): Promise<TwoFactorDevice | null>; listTwoFactorDevices(userId: string): Promise<TwoFactorDevice[]>; updateTwoFactorDevice(deviceId: string, data: Partial<TwoFactorDevice>): Promise<TwoFactorDevice>; deleteTwoFactorDevice(deviceId: string): Promise<void>; createBackupCodes(userId: string, codes: BackupCode[]): Promise<BackupCode[]>; getBackupCodes(userId: string): Promise<BackupCode[]>; markBackupCodeUsed(codeId: string): Promise<void>; createTwoFactorSession(data: TwoFactorSession): Promise<TwoFactorSession>; getTwoFactorSession(sessionId: string): Promise<TwoFactorSession | null>; completeTwoFactorSession(sessionId: string): Promise<void>; private mapApiKeyRecord; private mapSessionRecord; private mapOrganizationRecord; private mapUserRecord; private mapEmailVerificationToken; private mapRoleRecord; private mapSSOProviderRecord; private mapSSOLinkRecord; private mapSSOSessionRecord; private mapTwoFactorDeviceRecord; private mapBackupCodeRecord; private mapTwoFactorSessionRecord; } export { MongoStorageAdapter as MongoAdapter, MongoStorageAdapter };