/** * @fileoverview OrdoJS Authentication and Authorization Manager */ /** * Authentication configuration */ export interface AuthConfig { /** JWT secret key */ jwtSecret: string; /** JWT expiration time in seconds */ jwtExpiration: number; /** Session expiration time in seconds */ sessionExpiration: number; /** Whether to enable refresh tokens */ enableRefreshTokens: boolean; /** Refresh token expiration time in seconds */ refreshTokenExpiration: number; /** Password hashing rounds */ passwordHashRounds: number; /** Maximum login attempts */ maxLoginAttempts: number; /** Lockout duration in seconds */ lockoutDuration: number; /** Whether to enable OAuth */ enableOAuth: boolean; /** OAuth providers */ oauthProviders: OAuthProvider[]; /** Whether to enable MFA */ enableMFA: boolean; /** MFA provider */ mfaProvider: 'totp' | 'sms' | 'email'; } /** * OAuth provider configuration */ export interface OAuthProvider { /** Provider name */ name: string; /** Client ID */ clientId: string; /** Client secret */ clientSecret: string; /** Authorization URL */ authUrl: string; /** Token URL */ tokenUrl: string; /** User info URL */ userInfoUrl: string; /** Scopes */ scopes: string[]; } /** * User information */ export interface User { /** User ID */ id: string; /** Username */ username: string; /** Email */ email: string; /** Display name */ displayName?: string; /** Avatar URL */ avatarUrl?: string; /** Roles */ roles: string[]; /** Permissions */ permissions: string[]; /** Account status */ status: 'active' | 'inactive' | 'suspended'; /** Created date */ createdAt: Date; /** Last login date */ lastLoginAt?: Date; /** MFA enabled */ mfaEnabled: boolean; /** OAuth provider */ oauthProvider?: string; /** OAuth provider ID */ oauthProviderId?: string; } /** * Session information */ export interface Session { /** Session ID */ id: string; /** User ID */ userId: string; /** JWT token */ token: string; /** Refresh token */ refreshToken?: string; /** Expiration time */ expiresAt: Date; /** IP address */ ipAddress: string; /** User agent */ userAgent: string; /** Created date */ createdAt: Date; /** Last activity */ lastActivity: Date; } /** * Authentication result */ export interface AuthResult { /** Whether authentication was successful */ success: boolean; /** User information */ user?: User; /** Session information */ session?: Session; /** Error message */ error?: string; /** Requires MFA */ requiresMFA?: boolean; /** MFA token */ mfaToken?: string; } /** * Authorization result */ export interface AuthorizationResult { /** Whether authorization was successful */ allowed: boolean; /** Required permissions */ requiredPermissions: string[]; /** User permissions */ userPermissions: string[]; /** Missing permissions */ missingPermissions: string[]; /** Error message */ error?: string; } /** * Role definition */ export interface Role { /** Role name */ name: string; /** Role description */ description: string; /** Permissions */ permissions: string[]; /** Parent roles */ parentRoles: string[]; /** Is system role */ isSystemRole: boolean; } /** * Permission definition */ export interface Permission { /** Permission name */ name: string; /** Permission description */ description: string; /** Resource */ resource: string; /** Action */ action: string; /** Conditions */ conditions?: Record; } /** * Comprehensive authentication and authorization manager */ export declare class AuthManager { private config; private sessions; private users; private roles; private permissions; private loginAttempts; private refreshTokens; constructor(config?: Partial); /** * Register a new user */ registerUser(userData: { username: string; email: string; password: string; displayName?: string; roles?: string[]; }): Promise; /** * Authenticate user */ authenticateUser(credentials: { username: string; password: string; ipAddress: string; userAgent: string; }): Promise; /** * Verify MFA token */ verifyMFAToken(userId: string, mfaToken: string, mfaCode: string): Promise; /** * Validate session */ validateSession(sessionId: string): AuthResult; /** * Refresh session */ refreshSession(refreshToken: string): Promise; /** * Logout user */ logoutUser(sessionId: string): boolean; /** * Authorize user for action */ authorizeUser(userId: string, resource: string, action: string, context?: Record): AuthorizationResult; /** * Check if user has role */ hasRole(userId: string, roleName: string): boolean; /** * Check if user has permission */ hasPermission(userId: string, permission: string): boolean; /** * Add role to user */ addRoleToUser(userId: string, roleName: string): boolean; /** * Remove role from user */ removeRoleFromUser(userId: string, roleName: string): boolean; /** * Create role */ createRole(roleData: { name: string; description: string; permissions: string[]; parentRoles?: string[]; }): boolean; /** * Create permission */ createPermission(permissionData: { name: string; description: string; resource: string; action: string; conditions?: Record; }): boolean; /** * Get all users */ getUsers(): User[]; /** * Get all roles */ getRoles(): Role[]; /** * Get all permissions */ getPermissions(): Permission[]; /** * Get active sessions */ getActiveSessions(): Session[]; /** * Initialize default roles */ private initializeDefaultRoles; /** * Hash password */ private hashPassword; /** * Verify password */ private verifyPassword; /** * Create session */ private createSession; /** * Generate user ID */ private generateUserId; /** * Generate session ID */ private generateSessionId; /** * Generate JWT token */ private generateJWT; /** * Generate signature */ private generateSignature; /** * Generate refresh token */ private generateRefreshToken; /** * Generate MFA token */ private generateMFAToken; /** * Verify MFA code */ private verifyMFACode; /** * Record failed login attempt */ private recordFailedLogin; /** * Get user permissions */ private getUserPermissions; /** * Get permissions for roles */ private getPermissionsForRoles; } //# sourceMappingURL=auth-manager.d.ts.map