import type { Logger } from '@iota-big3/sdk-types'; import { EventEmitter } from 'events'; import { Knex } from 'knex'; import { JWTService, TokenPair } from './jwt-service'; import { MFAMethod, MFAService } from './mfa-service'; import { DeviceInfo, SessionStore } from './session-store'; export interface AuthServiceConfig { db: Knex; jwtService: JWTService; sessionStore: SessionStore; mfaService: MFAService; passwordPolicy?: PasswordPolicy; lockoutPolicy?: LockoutPolicy; oauth2Providers?: Map; } export interface PasswordPolicy { minLength?: number; requireUppercase?: boolean; requireLowercase?: boolean; requireNumbers?: boolean; requireSpecialChars?: boolean; preventReuse?: number; maxAge?: number; } export interface LockoutPolicy { maxAttempts?: number; lockoutDuration?: number; resetAfter?: number; } export interface OAuth2Provider { clientId: string; clientSecret: string; authorizationURL: string; tokenURL: string; userInfoURL: string; scope: string[]; } export interface User { id: string; email: string; username?: string; passwordHash?: string; roles: string[]; permissions: string[]; mfaEnabled: boolean; mfaMethods: MFAMethod[]; emailVerified: boolean; active: boolean; lockedUntil?: Date; passwordChangedAt?: Date; createdAt: Date; updatedAt: Date; } export interface LoginCredentials { email?: string; username?: string; password: string; deviceInfo?: DeviceInfo; trustDevice?: boolean; } export interface AuthResult { success: boolean; tokens?: TokenPair; sessionId?: string; user?: User; requiresMFA?: boolean; mfaChallengeId?: string; error?: string; } export interface PasswordResetRequest { email: string; token: string; expiresAt: Date; } export declare class AuthenticationError extends Error { code: string; statusCode: number; constructor(message: string, code: string, statusCode?: number); } export declare class AuthService extends EventEmitter { private config; private logger?; private loginAttempts; constructor(config: AuthServiceConfig, logger?: Logger); loginAsync(credentials: LoginCredentials): Promise; completeMFAAsync(userId: string, challengeId: string, code: string, deviceInfo?: DeviceInfo, _trustDevice?: boolean): Promise; registerAsync(email: string, password: string, _credentials?: RegisterCredentials): Promise; logoutAsync(id: string): Promise; refreshTokensAsync(refreshToken: string): Promise; requestPasswordResetAsync(email: string): Promise; private createAuthSessionAsync; private findUserByCredentialsAsync; private findUserByEmailAsync; private getUserByIdAsync; private verifyPasswordAsync; private hashPasswordAsync; private validatePassword; private isPasswordExpired; private isAccountLockedAsync; private recordFailedAttemptAsync; private clearFailedAttempts; private generateResetToken; } //# sourceMappingURL=auth-service.d.ts.map