// Enhanced Authentication Types for CODAI Ecosystem // Enhanced Auth User Type for centralized authentication export interface AuthUser { id: string; email: string; name: string; role: string; permissions?: string[]; preferences?: { theme: string; language: string; emailNotifications?: boolean; pushNotifications?: boolean; }; updatedAt?: Date; emailVerified?: boolean; } // Centralized Auth Configuration export interface AuthConfig { authUrl: string; // URL of the authentication service (e.g., https://id.codai.ro) tokenKey: string; // Key for storing auth token in localStorage refreshKey: string; // Key for storing refresh token in localStorage redirectAfterLogin?: string; // Where to redirect after successful login redirectAfterLogout?: string; // Where to redirect after logout } // Login/Register Credentials export interface LoginCredentials { email: string; password: string; } export interface RegisterCredentials { name: string; email: string; password: string; } // Core User Types export interface User { id: string; email: string; firstName: string; lastName: string; displayName: string; avatar?: string; role: UserRole; permissions: Permission[]; preferences: UserPreferences; profile: UserProfile; metadata: Record; createdAt: Date; updatedAt: Date; lastLoginAt?: Date; emailVerified: boolean; isActive: boolean; } export interface UserProfile { bio?: string; timezone?: string; language?: string; country?: string; organization?: string; title?: string; linkedAccounts: SocialAccount[]; } export interface UserPreferences { theme: 'light' | 'dark' | 'system'; language: 'en' | 'ro'; notifications: NotificationPreferences; privacy: PrivacySettings; } export interface NotificationPreferences { email: boolean; push: boolean; inApp: boolean; marketing: boolean; security: boolean; } export interface PrivacySettings { profileVisibility: 'public' | 'private'; showActivity: boolean; allowAnalytics: boolean; } export interface SocialAccount { provider: 'google' | 'github' | 'microsoft' | 'linkedin'; providerId: string; email: string; isVerified: boolean; connectedAt: Date; } // Role and Permission System export type UserRole = | 'admin' // Full system access | 'user' // Standard user | 'premium' // Premium features | 'enterprise' // Enterprise features | 'developer' // API access | 'moderator' // Content moderation | 'analyst' // Analytics access | 'support' // Support access export interface Permission { id: string; name: string; resource: string; action: 'create' | 'read' | 'update' | 'delete' | 'execute'; conditions?: Record; } // Session Management export interface Session { id: string; userId: string; deviceId: string; deviceInfo: DeviceInfo; ipAddress: string; userAgent: string; location?: SessionLocation; createdAt: Date; expiresAt: Date; lastActiveAt: Date; isActive: boolean; metadata: Record; } export interface DeviceInfo { type: 'desktop' | 'mobile' | 'tablet'; os: string; browser: string; isKnownDevice: boolean; } export interface SessionLocation { country?: string; region?: string; city?: string; timezone?: string; } // Authentication State export interface AuthState { user: User | null; session: Session | null; isAuthenticated: boolean; isLoading: boolean; isInitialized: boolean; error: AuthError | null; permissions: Set; apps: ConnectedApp[]; } export interface ConnectedApp { id: string; name: string; lastUsed: Date; permissions: string[]; isActive: boolean; } // Authentication Credentials export interface LoginCredentials { email: string; password: string; rememberMe?: boolean; deviceId?: string; captchaToken?: string; } export interface RegisterCredentials { email: string; password: string; confirmPassword: string; firstName: string; lastName: string; agreeToTerms: boolean; marketingConsent?: boolean; inviteCode?: string; } export interface SocialLoginCredentials { provider: 'google' | 'github' | 'microsoft' | 'linkedin'; code: string; state?: string; redirectUri: string; } export interface ResetPasswordCredentials { email: string; captchaToken?: string; } export interface ChangePasswordCredentials { currentPassword: string; newPassword: string; confirmPassword: string; } // Token Management export interface TokenPair { accessToken: string; refreshToken: string; expiresIn: number; tokenType: 'Bearer'; } export interface TokenPayload { sub: string; // User ID email: string; role: UserRole; permissions: string[]; sessionId: string; iat: number; // Issued at exp: number; // Expires at aud: string; // Audience (app) iss: string; // Issuer } export interface RefreshTokenPayload { sub: string; sessionId: string; deviceId: string; iat: number; exp: number; } // Configuration export interface AuthConfig { apiUrl: string; appId: string; tokenStorageKey: string; refreshTokenKey: string; sessionStorageKey: string; accessTokenExpiry: number; // 15 minutes refreshTokenExpiry: number; // 7 days rememberMeExpiry: number; // 30 days maxSessions: number; // 5 active sessions enableSocialAuth: boolean; enableBiometric: boolean; requireEmailVerification: boolean; enableTwoFactor: boolean; passwordPolicy: PasswordPolicy; rateLimiting: RateLimitConfig; } export interface PasswordPolicy { minLength: number; requireUppercase: boolean; requireLowercase: boolean; requireNumbers: boolean; requireSpecialChars: boolean; preventCommonPasswords: boolean; preventReuse: number; } export interface RateLimitConfig { loginAttempts: number; loginWindow: number; // in minutes passwordResetAttempts: number; passwordResetWindow: number; } // Error Handling export interface AuthError { code: AuthErrorCode; message: string; details?: Record; timestamp: Date; retry?: boolean; } export type AuthErrorCode = | 'INVALID_CREDENTIALS' | 'USER_NOT_FOUND' | 'USER_DISABLED' | 'EMAIL_NOT_VERIFIED' | 'PASSWORD_EXPIRED' | 'ACCOUNT_LOCKED' | 'SESSION_EXPIRED' | 'TOKEN_INVALID' | 'TOKEN_EXPIRED' | 'REFRESH_TOKEN_INVALID' | 'TWO_FACTOR_REQUIRED' | 'DEVICE_NOT_TRUSTED' | 'RATE_LIMITED' | 'NETWORK_ERROR' | 'SERVER_ERROR' | 'VALIDATION_ERROR' | 'PERMISSION_DENIED' | 'SOCIAL_AUTH_ERROR' | 'BIOMETRIC_ERROR' // API Response Types export interface AuthResponse { success: boolean; data?: T; error?: AuthError; meta?: { requestId: string; timestamp: Date; version: string; }; } export interface LoginResponse { user: User; tokens: TokenPair; session: Session; requiresTwoFactor?: boolean; trustDevice?: boolean; } export interface RegisterResponse { user: User; tokens: TokenPair; session: Session; emailVerificationRequired: boolean; } // Auth Context Interface export interface AuthContextType extends AuthState { // Authentication methods login: (credentials: LoginCredentials) => Promise; register: (credentials: RegisterCredentials) => Promise; loginWithSocial: (credentials: SocialLoginCredentials) => Promise; logout: (everywhere?: boolean) => Promise; // Token management refreshAccessToken: () => Promise; revokeSession: (sessionId: string) => Promise; revokeMeAllSessions: () => Promise; // User management updateUser: (updates: Partial) => Promise; updatePreferences: (preferences: Partial) => Promise; changePassword: (credentials: ChangePasswordCredentials) => Promise; deleteAccount: (password: string) => Promise; // Account verification sendEmailVerification: () => Promise; verifyEmail: (token: string) => Promise; resetPassword: (credentials: ResetPasswordCredentials) => Promise; confirmPasswordReset: (token: string, newPassword: string) => Promise; // Two-factor authentication enableTwoFactor: () => Promise<{ qrCode: string; backupCodes: string[] }>; disableTwoFactor: (code: string) => Promise; verifyTwoFactor: (code: string) => Promise; // Social accounts connectSocialAccount: (provider: string, code: string) => Promise; disconnectSocialAccount: (provider: string) => Promise; // Permission checking hasPermission: (permission: string) => boolean; hasRole: (role: UserRole) => boolean; canAccess: (resource: string, action: string) => boolean; // Session management getSessions: () => Promise; getActiveSession: () => Session | null; // Utility methods isTokenExpired: (token: string) => boolean; getTokenPayload: (token: string) => TokenPayload | null; clearAuth: () => void; } // Enhanced Auth Types for Phase 1.3 export interface RefreshTokenResponse { accessToken: string; refreshToken: string; expiresIn: number; user?: AuthUser; } export interface ApiKeyResponse { id: string; name: string; key: string; permissions: string[]; expiresAt?: Date; createdAt: Date; } export interface TenantData { id: string; name: string; domain?: string; settings: Record; createdAt: Date; isActive: boolean; } export interface UserPermission { id: string; name: string; resource: string; action: string; scope?: string; } // OAuth Provider Configuration export interface OAuthConfig { google?: { clientId: string; clientSecret: string; redirectUri: string; }; github?: { clientId: string; clientSecret: string; redirectUri: string; }; discord?: { clientId: string; clientSecret: string; redirectUri: string; }; } // Multi-tenant Support export interface TenantUser { userId: string; tenantId: string; role: UserRole; permissions: string[]; joinedAt: Date; isActive: boolean; } // 2FA Types export interface TwoFactorSetup { qrCode: string; secret: string; backupCodes: string[]; } export interface TwoFactorVerification { code: string; backupCode?: string; }