/** * CODAI Authentication Utilities * * Comprehensive authentication utilities including token management, * password validation, session handling, and security functions. */ import { z } from 'zod'; import type { TokenPayload, RefreshTokenPayload, TokenPair, AuthConfig, PasswordPolicy, AuthError, AuthErrorCode, DeviceInfo } from './types'; export declare const DEFAULT_AUTH_CONFIG: AuthConfig; export declare const emailSchema: z.ZodString; export declare const passwordSchema: z.ZodString; export declare const loginCredentialsSchema: z.ZodObject<{ email: z.ZodString; password: z.ZodString; rememberMe: z.ZodOptional; deviceId: z.ZodOptional; captchaToken: z.ZodOptional; }, "strip", z.ZodTypeAny, { email: string; password: string; rememberMe?: boolean | undefined; deviceId?: string | undefined; captchaToken?: string | undefined; }, { email: string; password: string; rememberMe?: boolean | undefined; deviceId?: string | undefined; captchaToken?: string | undefined; }>; export declare const registerCredentialsSchema: z.ZodEffects; marketingConsent: z.ZodOptional; inviteCode: z.ZodOptional; }, "strip", z.ZodTypeAny, { email: string; password: string; confirmPassword: string; firstName: string; lastName: string; agreeToTerms: boolean; marketingConsent?: boolean | undefined; inviteCode?: string | undefined; }, { email: string; password: string; confirmPassword: string; firstName: string; lastName: string; agreeToTerms: boolean; marketingConsent?: boolean | undefined; inviteCode?: string | undefined; }>, { email: string; password: string; confirmPassword: string; firstName: string; lastName: string; agreeToTerms: boolean; marketingConsent?: boolean | undefined; inviteCode?: string | undefined; }, { email: string; password: string; confirmPassword: string; firstName: string; lastName: string; agreeToTerms: boolean; marketingConsent?: boolean | undefined; inviteCode?: string | undefined; }>; /** * Creates a new JWT access token */ export declare function createAccessToken(payload: Omit): Promise; /** * Creates a new JWT refresh token */ export declare function createRefreshToken(payload: Omit): Promise; /** * Verifies and decodes a JWT token */ export declare function verifyToken(token: string): Promise; /** * Checks if a token is expired */ export declare function isTokenExpired(token: string): boolean; /** * Extracts payload from token without verification (client-side only) */ export declare function getTokenPayload(token: string): T | null; /** * Creates a token pair (access + refresh) */ export declare function createTokenPair(userId: string, email: string, role: string, permissions: string[], sessionId: string, deviceId: string): Promise; /** * Stores tokens securely */ export declare function storeTokens(tokens: TokenPair, rememberMe?: boolean): void; /** * Retrieves stored access token */ export declare function getStoredAccessToken(): string | null; /** * Retrieves stored refresh token */ export declare function getStoredRefreshToken(): string | null; /** * Clears all stored tokens */ export declare function clearStoredTokens(): void; /** * Hashes a password using bcrypt */ export declare function hashPassword(password: string): Promise; /** * Compares a password with its hash */ export declare function comparePassword(password: string, hash: string): Promise; /** * Validates password against policy */ export declare function validatePassword(password: string, policy?: PasswordPolicy): { isValid: boolean; errors: string[]; }; /** * Generates a secure random password */ export declare function generateSecurePassword(length?: number): string; /** * Creates a standardized auth error */ export declare function createAuthError(code: AuthErrorCode, message: string, details?: Record): AuthError; /** * Formats API errors for display */ export declare function formatAuthError(error: AuthError): string; /** * Generates a device fingerprint */ export declare function generateDeviceFingerprint(): string; /** * Gets device information */ export declare function getDeviceInfo(): DeviceInfo; /** * Validates email format */ export declare function isValidEmail(email: string): boolean; /** * Validates password strength */ export declare function isValidPassword(password: string): boolean; /** * Generates a random string for tokens */ export declare function generateRandomToken(length?: number): string; /** * Formats user display name */ export declare function formatDisplayName(firstName: string, lastName: string): string; /** * Gets user initials for avatar */ export declare function getUserInitials(firstName: string, lastName: string): string; /** * Checks if action is rate limited */ export declare function isRateLimited(key: string, maxAttempts: number, windowMs: number): boolean; /** * Clears rate limit for a key */ export declare function clearRateLimit(key: string): void; /** * Creates authentication URLs */ export declare function createAuthUrls(baseUrl: string): { login: string; register: string; logout: string; refresh: string; verify: string; resetPassword: string; changePassword: string; profile: string; sessions: string; twoFactor: string; social: (provider: string) => string; }; export declare class AuthUtils { private static TOKEN_KEY; private static REFRESH_TOKEN_KEY; static setToken(token: string): void; static getToken(): string | null; static removeToken(): void; static setRefreshToken(token: string): void; static getRefreshToken(): string | null; static decodeToken(token: string): TokenPayload | null; static isTokenExpired(token: string): boolean; static hashPassword(password: string): Promise; static verifyPassword(password: string, hash: string): Promise; static validateEmail(email: string): boolean; static validatePassword(password: string): { isValid: boolean; errors: string[]; }; } //# sourceMappingURL=utils.d.ts.map