feat(auth): add abuse protection for login and OIDC flows with consent-based authorization handling

ts_interfaces/data/abusewindow.ts

@@ -0,0 +1,13 @@
+export interface IAbuseWindow {
+  id: string;
+  data: {
+    action: string;
+    identifierHash: string;
+    attemptCount: number;
+    windowStartedAt: number;
+    blockedUntil: number;
+    validUntil: number;
+    createdAt: number;
+    updatedAt: number;
+  };
+}

ts_interfaces/data/appconnection.ts

@@ -1,4 +1,4 @@
-import type { TAppType } from './loint-reception.app.js';
+import type { TAppType } from './app.js';
 
 export type TAppConnectionStatus = 'active' | 'disconnected';
 

ts_interfaces/data/billingplan.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 export type TSupportedCurrency = 'EUR';
 

ts_interfaces/data/device.ts

@@ -1,3 +1,3 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 export interface IDevice extends plugins.tsclass.network.IDevice {}

ts_interfaces/data/index.ts

@@ -1,15 +1,16 @@
-export * from './loint-reception.activity.js';
-export * from './loint-reception.app.js';
-export * from './loint-reception.emailactiontoken.js';
-export * from './loint-reception.oidc.js';
-export * from './loint-reception.appconnection.js';
-export * from './loint-reception.billingplan.js';
-export * from './loint-reception.device.js';
-export * from './loint-reception.jwt.js';
-export * from './loint-reception.loginsession.js';
-export * from './loint-reception.organization.js';
-export * from './loint-reception.paddlecheckoutdata.js';
-export * from './loint-reception.registrationsession.js';
-export * from './loint-reception.role.js';
-export * from './loint-reception.user.js';
-export * from './loint-reception.userinvitation.js';
+export * from './abusewindow.js';
+export * from './activity.js';
+export * from './app.js';
+export * from './emailactiontoken.js';
+export * from './oidc.js';
+export * from './appconnection.js';
+export * from './billingplan.js';
+export * from './device.js';
+export * from './jwt.js';
+export * from './loginsession.js';
+export * from './organization.js';
+export * from './paddlecheckoutdata.js';
+export * from './registrationsession.js';
+export * from './role.js';
+export * from './user.js';
+export * from './userinvitation.js';

ts_interfaces/data/organization.ts

@@ -1,6 +1,6 @@
-import * as plugins from '../loint-reception.plugins.js';
-import { type IBillingPlan } from './loint-reception.billingplan.js';
-import { type IRole } from './loint-reception.role.js';
+import * as plugins from '../plugins.js';
+import { type IBillingPlan } from './billingplan.js';
+import { type IRole } from './role.js';
 
 export interface IOrganization {
   id: string;

ts_interfaces/data/property.ts

@@ -1,5 +1,5 @@
-import * as plugins from '../loint-reception.plugins.js';
-import { type IRole } from './loint-reception.role.js';
+import * as plugins from '../plugins.js';
+import { type IRole } from './role.js';
 
 export interface ISubOrgProperty {
   name: string;

ts_interfaces/data/role.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 /** Standard role types available in all organizations */
 export type TStandardRole = 'owner' | 'admin' | 'editor' | 'guest' | 'viewer' | 'outlaw';

ts_interfaces/data/user.ts

@@ -1,5 +1,5 @@
-import * as plugins from '../loint-reception.plugins.js';
-import { type IRole } from './loint-reception.role.js';
+import * as plugins from '../plugins.js';
+import { type IRole } from './role.js';
 
 export interface IUser {
   id: string;

ts_interfaces/data/userinvitation.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 /**
  * A UserInvitation represents an invitation to join an organization.

ts_interfaces/request/admin.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 import * as data from '../data/index.js';
 
 /**

ts_interfaces/request/app.ts

@@ -1,5 +1,5 @@
 import * as data from '../data/index.js';
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 // Get all global apps
 export interface IReq_GetGlobalApps

ts_interfaces/request/authorization.ts

@@ -1,5 +1,6 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 import { type IUser, type IRole } from '../data/index.js';
+import { type TOidcScope } from '../data/index.js';
 
 export interface IReq_InternalAuthorization
   extends plugins.typedRequestInterfaces.implementsTR<
@@ -17,3 +18,55 @@ export interface IReq_InternalAuthorization
     relevantRoles: IRole[];
   };
 }
+
+export interface IReq_CompleteOidcAuthorization
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_CompleteOidcAuthorization
+  > {
+  method: 'completeOidcAuthorization';
+  request: {
+    jwt: string;
+    clientId: string;
+    redirectUri: string;
+    scope: string;
+    state: string;
+    prompt?: 'none' | 'login' | 'consent';
+    codeChallenge?: string;
+    codeChallengeMethod?: 'S256';
+    nonce?: string;
+    consentApproved?: boolean;
+  };
+  response: {
+    code: string;
+    redirectUrl: string;
+  };
+}
+
+export interface IReq_PrepareOidcAuthorization
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_PrepareOidcAuthorization
+  > {
+  method: 'prepareOidcAuthorization';
+  request: {
+    jwt: string;
+    clientId: string;
+    redirectUri: string;
+    scope: string;
+    state: string;
+    prompt?: 'none' | 'login' | 'consent';
+    codeChallenge?: string;
+    codeChallengeMethod?: 'S256';
+    nonce?: string;
+  };
+  response: {
+    status: 'ready' | 'consent_required';
+    clientId: string;
+    appName: string;
+    appUrl: string;
+    logoUrl?: string;
+    requestedScopes: TOidcScope[];
+    grantedScopes: TOidcScope[];
+  };
+}

ts_interfaces/request/billingplan.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 import * as data from '../data/index.js';
 
 export interface IReq_UpdatePaymentMethod

ts_interfaces/request/index.ts

@@ -1,12 +1,12 @@
-export * from './loint-reception.admin.js';
-export * from './loint-reception.apitoken.js';
-export * from './loint-reception.app.js';
-export * from './loint-reception.authorization.js';
-export * from './loint-reception.billingplan.js';
-export * from './loint-reception.jwt.js';
-export * from './loint-reception.login.js';
-export * from './loint-reception.organization.js';
-export * from './loint-reception.plan.js';
-export * from './loint-reception.registration.js';
-export * from './loint-reception.user.js';
-export * from './loint-reception.userinvitation.js';
+export * from './admin.js';
+export * from './apitoken.js';
+export * from './app.js';
+export * from './authorization.js';
+export * from './billingplan.js';
+export * from './jwt.js';
+export * from './login.js';
+export * from './organization.js';
+export * from './plan.js';
+export * from './registration.js';
+export * from './user.js';
+export * from './userinvitation.js';

ts_interfaces/request/jwt.ts

@@ -1,5 +1,5 @@
 import * as data from '../data/index.js';
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 /**
  * Request to get the public key for JWT validation.

ts_interfaces/request/login.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 import * as data from '../data/index.js';
 
 export interface IReq_LoginWithEmailOrUsernameAndPassword

ts_interfaces/request/organization.ts

@@ -1,5 +1,5 @@
 import * as data from '../data/index.js';
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 export interface IReq_GetOrganizationById
   extends plugins.typedRequestInterfaces.implementsTR<

ts_interfaces/request/plan.ts

@@ -1,5 +1,5 @@
 import * as data from '../data/index.js';
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 export interface IReq_GetPlansForOrganizationId
   extends plugins.typedRequestInterfaces.implementsTR<

ts_interfaces/request/registration.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 import { type IUser } from '../data/index.js';
 
 export interface IReq_FirstRegistration

ts_interfaces/request/user.ts

@@ -1,5 +1,5 @@
 import * as data from '../data/index.js';
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 export interface IReq_GetUserData
   extends plugins.typedRequestInterfaces.implementsTR<

ts_interfaces/request/userinvitation.ts

@@ -1,5 +1,5 @@
 import * as data from '../data/index.js';
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 /**
  * Create an invitation to join an organization

ts_interfaces/tags/index.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 export interface ITag_LolePubapi
   extends plugins.typedRequestInterfaces.implementsTag<