Skip to content

Commit 65a2eb1

Browse files
SOIVSOIV
committed
feat: Auth 핵심 계약 인터페이스 확장
1 parent b2b836b commit 65a2eb1

2 files changed

Lines changed: 57 additions & 4 deletions

File tree

TODO.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,10 @@ Source: `docs/v2_FINANCIAL-LEDGER/roadmap/01-development-plan.md`
55
## 1.2 Core Layer
66

77
- [x] Auth: email/password login contract
8-
- [ ] Auth: JWT session manager contract
9-
- [ ] Auth: whitelist flow
10-
- [ ] Auth: admin PIN flow
11-
- [ ] Auth: password recovery flow (self-service + admin-assisted)
8+
- [x] Auth: JWT session manager contract
9+
- [x] Auth: whitelist flow
10+
- [x] Auth: admin PIN flow
11+
- [x] Auth: password recovery flow (self-service + admin-assisted)
1212
- [x] DB: provider interface
1313
- [ ] DB: postgres provider scaffold
1414
- [ ] DB: sqlite provider scaffold

packages/core/src/auth/index.ts

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,59 @@ export interface SessionToken {
88
refreshToken: string;
99
}
1010

11+
export interface JwtSessionPayload {
12+
userId: string;
13+
sessionId: string;
14+
}
15+
16+
export interface JwtSessionManager {
17+
issueTokens(payload: JwtSessionPayload): Promise<SessionToken>;
18+
verifyAccessToken(token: string): Promise<JwtSessionPayload>;
19+
rotateRefreshToken(refreshToken: string): Promise<SessionToken>;
20+
revokeSession(sessionId: string): Promise<void>;
21+
}
22+
23+
export interface WhitelistRule {
24+
id: string;
25+
type: "email" | "domain";
26+
value: string;
27+
enabled: boolean;
28+
}
29+
30+
export interface WhitelistService {
31+
listRules(): Promise<WhitelistRule[]>;
32+
addRule(rule: Omit<WhitelistRule, "id">): Promise<WhitelistRule>;
33+
removeRule(ruleId: string): Promise<void>;
34+
isAllowed(email: string): Promise<boolean>;
35+
}
36+
37+
export interface AdminPinService {
38+
setPin(rawPin: string): Promise<void>;
39+
verifyPin(rawPin: string): Promise<boolean>;
40+
rotatePin(currentPin: string, nextPin: string): Promise<void>;
41+
}
42+
43+
export interface PasswordRecoveryRequest {
44+
email: string;
45+
}
46+
47+
export interface PasswordResetConfirm {
48+
token: string;
49+
newPassword: string;
50+
}
51+
52+
export interface AdminAssistedResetRequest {
53+
adminPin: string;
54+
userId: string;
55+
temporaryPassword: string;
56+
}
57+
58+
export interface PasswordRecoveryService {
59+
requestSelfServiceReset(payload: PasswordRecoveryRequest): Promise<void>;
60+
confirmSelfServiceReset(payload: PasswordResetConfirm): Promise<void>;
61+
adminAssistedReset(payload: AdminAssistedResetRequest): Promise<void>;
62+
}
63+
1164
export interface AuthService {
1265
login(payload: LoginRequest): Promise<SessionToken>;
1366
}

0 commit comments

Comments
 (0)