feat(auth): add abuse protection for login and OIDC flows with consent-based authorization handling

ts_interfaces/request/admin.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 import * as data from '../data/index.js';
 
 /**

ts_interfaces/request/app.ts

@@ -1,5 +1,5 @@
 import * as data from '../data/index.js';
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 // Get all global apps
 export interface IReq_GetGlobalApps

ts_interfaces/request/authorization.ts

@@ -1,5 +1,6 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 import { type IUser, type IRole } from '../data/index.js';
+import { type TOidcScope } from '../data/index.js';
 
 export interface IReq_InternalAuthorization
   extends plugins.typedRequestInterfaces.implementsTR<
@@ -17,3 +18,55 @@ export interface IReq_InternalAuthorization
     relevantRoles: IRole[];
   };
 }
+
+export interface IReq_CompleteOidcAuthorization
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_CompleteOidcAuthorization
+  > {
+  method: 'completeOidcAuthorization';
+  request: {
+    jwt: string;
+    clientId: string;
+    redirectUri: string;
+    scope: string;
+    state: string;
+    prompt?: 'none' | 'login' | 'consent';
+    codeChallenge?: string;
+    codeChallengeMethod?: 'S256';
+    nonce?: string;
+    consentApproved?: boolean;
+  };
+  response: {
+    code: string;
+    redirectUrl: string;
+  };
+}
+
+export interface IReq_PrepareOidcAuthorization
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_PrepareOidcAuthorization
+  > {
+  method: 'prepareOidcAuthorization';
+  request: {
+    jwt: string;
+    clientId: string;
+    redirectUri: string;
+    scope: string;
+    state: string;
+    prompt?: 'none' | 'login' | 'consent';
+    codeChallenge?: string;
+    codeChallengeMethod?: 'S256';
+    nonce?: string;
+  };
+  response: {
+    status: 'ready' | 'consent_required';
+    clientId: string;
+    appName: string;
+    appUrl: string;
+    logoUrl?: string;
+    requestedScopes: TOidcScope[];
+    grantedScopes: TOidcScope[];
+  };
+}

ts_interfaces/request/billingplan.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 import * as data from '../data/index.js';
 
 export interface IReq_UpdatePaymentMethod

ts_interfaces/request/index.ts

@@ -1,12 +1,12 @@
-export * from './loint-reception.admin.js';
-export * from './loint-reception.apitoken.js';
-export * from './loint-reception.app.js';
-export * from './loint-reception.authorization.js';
-export * from './loint-reception.billingplan.js';
-export * from './loint-reception.jwt.js';
-export * from './loint-reception.login.js';
-export * from './loint-reception.organization.js';
-export * from './loint-reception.plan.js';
-export * from './loint-reception.registration.js';
-export * from './loint-reception.user.js';
-export * from './loint-reception.userinvitation.js';
+export * from './admin.js';
+export * from './apitoken.js';
+export * from './app.js';
+export * from './authorization.js';
+export * from './billingplan.js';
+export * from './jwt.js';
+export * from './login.js';
+export * from './organization.js';
+export * from './plan.js';
+export * from './registration.js';
+export * from './user.js';
+export * from './userinvitation.js';

ts_interfaces/request/jwt.ts

@@ -1,5 +1,5 @@
 import * as data from '../data/index.js';
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 /**
  * Request to get the public key for JWT validation.

ts_interfaces/request/login.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 import * as data from '../data/index.js';
 
 export interface IReq_LoginWithEmailOrUsernameAndPassword

ts_interfaces/request/organization.ts

@@ -1,5 +1,5 @@
 import * as data from '../data/index.js';
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 export interface IReq_GetOrganizationById
   extends plugins.typedRequestInterfaces.implementsTR<

ts_interfaces/request/plan.ts

@@ -1,5 +1,5 @@
 import * as data from '../data/index.js';
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 export interface IReq_GetPlansForOrganizationId
   extends plugins.typedRequestInterfaces.implementsTR<

ts_interfaces/request/registration.ts

@@ -1,4 +1,4 @@
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 import { type IUser } from '../data/index.js';
 
 export interface IReq_FirstRegistration

ts_interfaces/request/user.ts

@@ -1,5 +1,5 @@
 import * as data from '../data/index.js';
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 export interface IReq_GetUserData
   extends plugins.typedRequestInterfaces.implementsTR<

ts_interfaces/request/userinvitation.ts

@@ -1,5 +1,5 @@
 import * as data from '../data/index.js';
-import * as plugins from '../loint-reception.plugins.js';
+import * as plugins from '../plugins.js';
 
 /**
  * Create an invitation to join an organization