@ordojs/core/dist/security/auth-manager.d.ts

Core compiler and runtime for OrdoJS framework

/**
 * @fileoverview OrdoJS Authentication and Authorization Manager
 */
/**
 * Authentication configuration
 */
export interface AuthConfig {
    /** JWT secret key */
    jwtSecret: string;
    /** JWT expiration time in seconds */
    jwtExpiration: number;
    /** Session expiration time in seconds */
    sessionExpiration: number;
    /** Whether to enable refresh tokens */
    enableRefreshTokens: boolean;
    /** Refresh token expiration time in seconds */
    refreshTokenExpiration: number;
    /** Password hashing rounds */
    passwordHashRounds: number;
    /** Maximum login attempts */
    maxLoginAttempts: number;
    /** Lockout duration in seconds */
    lockoutDuration: number;
    /** Whether to enable OAuth */
    enableOAuth: boolean;
    /** OAuth providers */
    oauthProviders: OAuthProvider[];
    /** Whether to enable MFA */
    enableMFA: boolean;
    /** MFA provider */
    mfaProvider: 'totp' | 'sms' | 'email';
}
/**
 * OAuth provider configuration
 */
export interface OAuthProvider {
    /** Provider name */
    name: string;
    /** Client ID */
    clientId: string;
    /** Client secret */
    clientSecret: string;
    /** Authorization URL */
    authUrl: string;
    /** Token URL */
    tokenUrl: string;
    /** User info URL */
    userInfoUrl: string;
    /** Scopes */
    scopes: string[];
}
/**
 * User information
 */
export interface User {
    /** User ID */
    id: string;
    /** Username */
    username: string;
    /** Email */
    email: string;
    /** Display name */
    displayName?: string;
    /** Avatar URL */
    avatarUrl?: string;
    /** Roles */
    roles: string[];
    /** Permissions */
    permissions: string[];
    /** Account status */
    status: 'active' | 'inactive' | 'suspended';
    /** Created date */
    createdAt: Date;
    /** Last login date */
    lastLoginAt?: Date;
    /** MFA enabled */
    mfaEnabled: boolean;
    /** OAuth provider */
    oauthProvider?: string;
    /** OAuth provider ID */
    oauthProviderId?: string;
}
/**
 * Session information
 */
export interface Session {
    /** Session ID */
    id: string;
    /** User ID */
    userId: string;
    /** JWT token */
    token: string;
    /** Refresh token */
    refreshToken?: string;
    /** Expiration time */
    expiresAt: Date;
    /** IP address */
    ipAddress: string;
    /** User agent */
    userAgent: string;
    /** Created date */
    createdAt: Date;
    /** Last activity */
    lastActivity: Date;
}
/**
 * Authentication result
 */
export interface AuthResult {
    /** Whether authentication was successful */
    success: boolean;
    /** User information */
    user?: User;
    /** Session information */
    session?: Session;
    /** Error message */
    error?: string;
    /** Requires MFA */
    requiresMFA?: boolean;
    /** MFA token */
    mfaToken?: string;
}
/**
 * Authorization result
 */
export interface AuthorizationResult {
    /** Whether authorization was successful */
    allowed: boolean;
    /** Required permissions */
    requiredPermissions: string[];
    /** User permissions */
    userPermissions: string[];
    /** Missing permissions */
    missingPermissions: string[];
    /** Error message */
    error?: string;
}
/**
 * Role definition
 */
export interface Role {
    /** Role name */
    name: string;
    /** Role description */
    description: string;
    /** Permissions */
    permissions: string[];
    /** Parent roles */
    parentRoles: string[];
    /** Is system role */
    isSystemRole: boolean;
}
/**
 * Permission definition
 */
export interface Permission {
    /** Permission name */
    name: string;
    /** Permission description */
    description: string;
    /** Resource */
    resource: string;
    /** Action */
    action: string;
    /** Conditions */
    conditions?: Record<string, any>;
}
/**
 * Comprehensive authentication and authorization manager
 */
export declare class AuthManager {
    private config;
    private sessions;
    private users;
    private roles;
    private permissions;
    private loginAttempts;
    private refreshTokens;
    constructor(config?: Partial<AuthConfig>);
    /**
     * Register a new user
     */
    registerUser(userData: {
        username: string;
        email: string;
        password: string;
        displayName?: string;
        roles?: string[];
    }): Promise<AuthResult>;
    /**
     * Authenticate user
     */
    authenticateUser(credentials: {
        username: string;
        password: string;
        ipAddress: string;
        userAgent: string;
    }): Promise<AuthResult>;
    /**
     * Verify MFA token
     */
    verifyMFAToken(userId: string, mfaToken: string, mfaCode: string): Promise<AuthResult>;
    /**
     * Validate session
     */
    validateSession(sessionId: string): AuthResult;
    /**
     * Refresh session
     */
    refreshSession(refreshToken: string): Promise<AuthResult>;
    /**
     * Logout user
     */
    logoutUser(sessionId: string): boolean;
    /**
     * Authorize user for action
     */
    authorizeUser(userId: string, resource: string, action: string, context?: Record<string, any>): AuthorizationResult;
    /**
     * Check if user has role
     */
    hasRole(userId: string, roleName: string): boolean;
    /**
     * Check if user has permission
     */
    hasPermission(userId: string, permission: string): boolean;
    /**
     * Add role to user
     */
    addRoleToUser(userId: string, roleName: string): boolean;
    /**
     * Remove role from user
     */
    removeRoleFromUser(userId: string, roleName: string): boolean;
    /**
     * Create role
     */
    createRole(roleData: {
        name: string;
        description: string;
        permissions: string[];
        parentRoles?: string[];
    }): boolean;
    /**
     * Create permission
     */
    createPermission(permissionData: {
        name: string;
        description: string;
        resource: string;
        action: string;
        conditions?: Record<string, any>;
    }): boolean;
    /**
     * Get all users
     */
    getUsers(): User[];
    /**
     * Get all roles
     */
    getRoles(): Role[];
    /**
     * Get all permissions
     */
    getPermissions(): Permission[];
    /**
     * Get active sessions
     */
    getActiveSessions(): Session[];
    /**
     * Initialize default roles
     */
    private initializeDefaultRoles;
    /**
     * Hash password
     */
    private hashPassword;
    /**
     * Verify password
     */
    private verifyPassword;
    /**
     * Create session
     */
    private createSession;
    /**
     * Generate user ID
     */
    private generateUserId;
    /**
     * Generate session ID
     */
    private generateSessionId;
    /**
     * Generate JWT token
     */
    private generateJWT;
    /**
     * Generate signature
     */
    private generateSignature;
    /**
     * Generate refresh token
     */
    private generateRefreshToken;
    /**
     * Generate MFA token
     */
    private generateMFAToken;
    /**
     * Verify MFA code
     */
    private verifyMFACode;
    /**
     * Record failed login attempt
     */
    private recordFailedLogin;
    /**
     * Get user permissions
     */
    private getUserPermissions;
    /**
     * Get permissions for roles
     */
    private getPermissionsForRoles;
}
//# sourceMappingURL=auth-manager.d.ts.map