import { ModelTypes } from '../../cache/dbs/index.generated.js'; import { GDmanagedLoginEmailTypes } from './constants.js'; import { setConnexionTokens } from './userAuthenticationTokenService.js'; export type GDmanagedLoginLoginConfig = { emailLogin?: boolean; phoneLogin?: boolean; loginAutomaticallyAfterValidatingEmail?: boolean; /** Returning false will throw an accessDenied error with no other infos. If you want more control over error thrown, extraInfos, alerts..etc, use onLogin */ additionalLoginPermissionsChecks?(ctx: Ctx, user: ModelTypes['user']): any; /** This will be triggered before all other checks */ onBeforeLogin?(ctx: Ctx, requestedRole: GD['role'], user: ModelTypes['user']): any; /** This will be triggered once login is successful */ onAfterLogin?(ctx: Ctx, requestedRole: GD['role'], user: ModelTypes['user'], loginTokens: Awaited>): any; }; export type GDmanagedLoginSendEmailUpdatedMailConfirmationFunction = (ctx: Ctx, props: { user: ModelTypes['user']; newEmail: string; oldEmail: string; }) => any; export type GDmanagedLoginSendEmailFunction = (ctx: Ctx, emailType: GDmanagedLoginEmailTypes, encodedToken: string, user: ModelTypes['user'], /** Thoses can be optionnaly passed in frontend in the SDK and will be forwarded to the function */ additionalParams: Record, /** In case emailType is updateEmail, this is the updatedEmail */ updatedEmail?: string) => any; export type PluginUserConfig = { enable: boolean; sendEmail: GDmanagedLoginSendEmailFunction; sendPasswordUpdatedMailConfirmation: (ctx: Ctx, user: ModelTypes['user']) => any; loginConfigPerRole: Partial>; /** Cookie may be set for user authentication and session. Typically a value like: '.myDomain.com' */ cookieProductionDomain: string; /** This email is sent when user update their email and when update has succeeded */ sendEmailUpdatedMailConfirmation?: GDmanagedLoginSendEmailUpdatedMailConfirmationFunction; /** Default 30 minutes */ emailTokenTimeValidMinutes?: number; /** Default: true when connecting with email method*/ loginErrorIfEmailIsNotValidated?: boolean; /** Default: true when connection with phone method */ loginErrorIfPhoneIsNotValidated?: boolean; /** Add types here if you want to add a type to validation tokens (like forgotPassord) */ validationTokenTypes?: readonly string[] | string[]; /** Configure the time before the refresh token gets expired. Default: 15 minutes */ refreshTokenExpirationMinutes?: number; /** How much connexion token is allowed per roles, in other words how much simultaneous devices a user is allowed to be connected on. Default: 2 */ maxRefreshTokenPerRole?: Record; /** Define which regexp should be applied when validating passwords. Default: at least 1 uppercase letter, 1 lowercase and 1 number */ passwordRegexp?: RegExp; /** Default 8 */ passwordMinLength?: number; /** Default 35 */ passwordMaxLength?: number; /** Secret for your JWT/ This should be passed via ENV variables and should NOT be exposed in your repository * @link https://jwt.io/introduction */ jwtSecret: string; /** Token expiration time (default 15 minutes) * @link https://jwt.io/introduction */ jwtExpirationMs?: number; /** Token expiration time for web (default 48h) Web is less secure than mobile so you can set a different value here * @link https://jwt.io/introduction */ jwtRefreshExpirationMsWeb?: number | 'never'; /** Token expiration time for web (default 48h) In mobile, everything should be stored in secureStore. You may want the token to never expire if you use 2FA or biometric auth * @link https://jwt.io/introduction */ jwtRefreshExpirationMsMobile?: number | 'never'; }; export declare const defaultConfig: { enable: true; refreshTokenExpirationMinutes: number; emailTokenTimeValidMinutes: number; validationTokenTypes: any[]; passwordRegexp: RegExp; passwordMinLength: number; passwordMaxLength: number; loginErrorIfEmailIsNotValidated: true; loginErrorIfPhoneIsNotValidated: true; };