codalware-auth/src/adapters/types.ts

Complete authentication system with enterprise security, attack protection, team workspaces, waitlist, billing, UI components, 2FA, and account recovery - production-ready in 5 minutes. Enhanced CLI with verification, rollback, and App Router scaffolding.

export type ID = string;

export type User = {
  id: ID;
  email: string;
  emailVerified?: Date | null;
  name?: string | null;
  createdAt: Date;
  updatedAt: Date;
  metadata?: Record<string, any> | null;
};

export type Session = {
  id: ID;
  userId: ID;
  createdAt: Date;
  expiresAt: Date;
  handle?: string | null;
  metadata?: Record<string, any> | null;
};

export type MagicToken = {
  id: ID;
  tokenHash: string;
  userId: ID | null;
  createdAt: Date;
  expiresAt: Date;
  consumedAt?: Date | null;
  ip?: string | null;
  userAgent?: string | null;
};

export type SecuritySettings = {
  id: ID;
  tenantId: ID;
  signUpMode: string;
  enableEmailVerification: boolean;
  enableLockoutPolicy: boolean;
  maxLoginAttempts: number;
  lockoutDuration: number;
  resetAfter: number;
  enableUserEnumerationProtection: boolean;
  enableBotProtection: boolean;
  blockDisposableEmails: boolean;
  blockEmailSubaddresses: boolean;
  applyToSignIn: boolean;
  passwordMinLength: number;
  passwordRequireUppercase: boolean;
  passwordRequireLowercase: boolean;
  passwordRequireNumbers: boolean;
  passwordRequireSpecialChars: boolean;
  passwordExpiryDays: number | null;
  sessionTimeoutMinutes: number;
  maxConcurrentSessions: number;
  enableRemoteLogout: boolean;
  enableIPWhitelist: boolean;
  enableIPBlacklist: boolean;
  requireMFAForAdmins: boolean;
  createdAt: Date;
  updatedAt: Date;
};

export type EmailRule = {
  id: ID;
  tenantId: ID;
  emailOrDomain: string;
  description?: string | null;
  createdAt: Date;
};

export type LoginAttempt = {
  id: ID;
  tenantId: ID;
  email: string;
  ipAddress: string;
  userAgent: string;
  success: boolean;
  failureReason?: string | null;
  attemptedAt: Date;
};

export type AccountLockout = {
  id: ID;
  userId: ID;
  tenantId: ID;
  lockedAt: Date;
  lockedUntil: Date;
  reason: string;
};

export interface Adapter {
  // Users
  createUser(user: { email: string; name?: string; metadata?: any }): Promise<User>;
  getUserById(id: ID): Promise<User | null>;
  getUserByEmail(email: string): Promise<User | null>;
  updateUser(id: ID, patch: Partial<User>): Promise<User>;

  // Sessions
  createSession(session: Partial<Session> & { userId: ID; expiresAt: Date }): Promise<Session>;
  getSessionById(id: ID): Promise<Session | null>;
  deleteSession(id: ID): Promise<void>;
  deleteSessionsByUserId(userId: ID): Promise<void>;

  // Magic link tokens
  storeMagicToken(token: {
    tokenHash: string;
    userId?: ID | null;
    expiresAt: Date;
    ip?: string | null;
    userAgent?: string | null;
  }): Promise<MagicToken>;
  findValidMagicToken(tokenHash: string): Promise<MagicToken | null>;
  consumeMagicToken(id: ID): Promise<void>;

  // Security Settings (optional - for security features)
  getSecuritySettings?(tenantId: ID): Promise<SecuritySettings | null>;
  createSecuritySettings?(data: Omit<SecuritySettings, 'id' | 'createdAt' | 'updatedAt'>): Promise<SecuritySettings>;
  updateSecuritySettings?(tenantId: ID, updates: Partial<SecuritySettings>): Promise<SecuritySettings>;

  // Email Allow/Block Lists (optional)
  getEmailAllowlist?(tenantId: ID): Promise<EmailRule[]>;
  addEmailToAllowlist?(data: { tenantId: ID; emailOrDomain: string; description?: string }): Promise<EmailRule>;
  removeEmailFromAllowlist?(id: ID): Promise<void>;
  
  getEmailBlocklist?(tenantId: ID): Promise<EmailRule[]>;
  addEmailToBlocklist?(data: { tenantId: ID; emailOrDomain: string; description?: string }): Promise<EmailRule>;
  removeEmailFromBlocklist?(id: ID): Promise<void>;

  // Login Attempts (optional)
  recordLoginAttempt?(data: Omit<LoginAttempt, 'id' | 'attemptedAt'>): Promise<LoginAttempt>;
  getLoginAttempts?(tenantId: ID, options?: { limit?: number; offset?: number }): Promise<LoginAttempt[]>;

  // Account Lockouts (optional)
  getLockedAccounts?(tenantId: ID): Promise<(AccountLockout & { user?: any })[]>;
  lockAccount?(data: { userId: ID; tenantId: ID; lockedUntil: Date; reason: string }): Promise<AccountLockout>;
  unlockAccount?(id: ID): Promise<void>;
  getAccountLockout?(userId: ID): Promise<AccountLockout | null>;

  // Optional existing
  linkAccount?(data: any): Promise<void>;
  getAccount?(query: any): Promise<any>;
}