First commit

2025-12-16 22:26:18 +05:30
commit 03ed187ebe
122 changed files with 68601 additions and 0 deletions
--- a/packages/feature-auth/domain/src/interfaces.ts
+++ b/packages/feature-auth/domain/src/interfaces.ts
@@ -0,0 +1,76 @@
+import type { User, AuthResult } from './entities';
+
+/**
+ * Repository interface that the data layer must implement
+ * Following clean architecture principles - domain defines the contract
+ */
+export interface IAuthRepository {
+  // F.ID.004: DPoP initialization
+  initializeDPoP(): Promise<string>;
+  
+  // F.ID.001: Login flows
+  exchangeCredentialsForToken(creds: Credentials, pubKey: string): Promise<UserSession>;
+  
+  // F.ID.002: Verification flows
+  sendOTPVerification(phoneNumber: string): Promise<void>;
+  verifyOTP(phoneNumber: string, code: string): Promise<boolean>;
+  sendEmailVerification(email: string): Promise<void>;
+  verifyEmail(email: string, token: string): Promise<boolean>;
+  
+  // Magic Links (F.ID.006 - Enhanced security)
+  generateMagicLink(email: string): Promise<string>;
+  verifyMagicLink(token: string, nonce: string): Promise<UserSession>;
+  
+  // F.ID.007: Federated login
+  authenticateWithProvider(provider: 'google' | 'apple', token: string): Promise<UserSession>;
+  
+  // Session management
+  storeSession(session: UserSession): Promise<void>;
+  getSession(): Promise<UserSession | null>;
+  refreshSession(refreshToken: string): Promise<UserSession>;
+  revokeSession(): Promise<void>;
+  
+  // F.ID.005: Remember me functionality
+  enableRememberMe(duration: number): Promise<void>;
+  disableRememberMe(): Promise<void>;
+}
+
+/**
+ * Trust/Risk assessment interface
+ */
+export interface ITrustRepository {
+  calculateRiskScore(): Promise<{ score: number; signals: Record<string, any> }>;
+  performDeviceAttestation(): Promise<boolean>;
+}
+
+export interface Credentials {
+  identifier: string; // email or phone
+  password?: string;
+  biometricSignature?: string;
+  deviceId: string;
+}
+
+export interface UserSession {
+  userId: string;
+  accessToken: string;
+  refreshToken: string;
+  expiresAt: string;
+  user: User;
+  riskScore?: number;
+  requiresStepUp?: boolean;
+}
+
+export interface BiometricConfig {
+  enabled: boolean;
+  fallbackToPassword: boolean;
+  promptMessage: string;
+}
+
+export interface AuthConfig {
+  requireEmailVerification: boolean;
+  requirePhoneVerification: boolean;
+  biometrics: BiometricConfig;
+  rememberMeDays: number;
+  maxLoginAttempts: number;
+  lockoutDurationMinutes: number;
+}