feat(interfaces): add MFA and passkey contracts

2026-05-19 06:24:06 +00:00
parent 8e2f9a6d12
commit 8746bc083e
7 changed files with 318 additions and 1 deletions
@@ -16,6 +16,13 @@ export type TActivityAction =
  | 'role_changed'
  | 'org_app_role_mappings_updated'
  | 'profile_updated'
+  | 'totp_enabled'
+  | 'totp_disabled'
+  | 'backup_codes_regenerated'
+  | 'mfa_completed'
+  | 'passkey_registered'
+  | 'passkey_revoked'
+  | 'passkey_login'
  | 'app_connected'
  | 'app_disconnected';

@@ -10,8 +10,10 @@ export * from './billingplan.js';
 export * from './device.js';
 export * from './jwt.js';
 export * from './loginsession.js';
+export * from './mfa.js';
 export * from './organization.js';
 export * from './paddlecheckoutdata.js';
+export * from './passkey.js';
 export * from './passportchallenge.js';
 export * from './passportdevice.js';
 export * from './passportnonce.js';
@@ -0,0 +1,45 @@
+export type TMfaMethod = 'totp' | 'backupCode' | 'passkey';
+
+export type TMfaChallengeStatus = 'pending' | 'completed' | 'expired';
+
+export type TTotpCredentialStatus = 'pending' | 'active' | 'disabled';
+
+export interface ITotpBackupCode {
+  id: string;
+  codeHash: string;
+  usedAt?: number | null;
+  createdAt: number;
+}
+
+export interface ITotpCredential {
+  id: string;
+  data: {
+    userId: string;
+    status: TTotpCredentialStatus;
+    secretCiphertext: string;
+    secretIv: string;
+    secretAuthTag: string;
+    algorithm: 'sha1' | 'sha256' | 'sha512';
+    digits: 6 | 7 | 8;
+    period: number;
+    backupCodes: ITotpBackupCode[];
+    createdAt: number;
+    verifiedAt?: number | null;
+    disabledAt?: number | null;
+    lastUsedAt?: number | null;
+  };
+}
+
+export interface IMfaChallenge {
+  id: string;
+  data: {
+    userId: string;
+    tokenHash: string;
+    status: TMfaChallengeStatus;
+    availableMethods: TMfaMethod[];
+    primaryAuthMethod: 'password' | 'email';
+    createdAt: number;
+    expiresAt: number;
+    completedAt?: number | null;
+  };
+}
@@ -0,0 +1,49 @@
+export type TPasskeyCredentialStatus = 'active' | 'revoked';
+
+export type TPasskeyChallengeType = 'registration' | 'login' | 'mfa';
+
+export type TPasskeyChallengeStatus = 'pending' | 'completed' | 'expired';
+
+export type TPasskeyTransport =
+  | 'ble'
+  | 'cable'
+  | 'hybrid'
+  | 'internal'
+  | 'nfc'
+  | 'smart-card'
+  | 'usb';
+
+export type TPasskeyDeviceType = 'singleDevice' | 'multiDevice';
+
+export interface IPasskeyCredential {
+  id: string;
+  data: {
+    userId: string;
+    label: string;
+    credentialId: string;
+    publicKeyBase64: string;
+    counter: number;
+    deviceType: TPasskeyDeviceType;
+    backedUp: boolean;
+    transports?: TPasskeyTransport[];
+    status: TPasskeyCredentialStatus;
+    createdAt: number;
+    lastUsedAt?: number | null;
+    revokedAt?: number | null;
+  };
+}
+
+export interface IWebAuthnChallenge {
+  id: string;
+  data: {
+    userId?: string | null;
+    username?: string | null;
+    mfaChallengeId?: string | null;
+    type: TPasskeyChallengeType;
+    challenge: string;
+    status: TPasskeyChallengeStatus;
+    createdAt: number;
+    expiresAt: number;
+    completedAt?: number | null;
+  };
+}