feat(interfaces): add MFA and passkey contracts

2026-05-19 06:24:06 +00:00
parent 8e2f9a6d12
commit 8746bc083e
7 changed files with 318 additions and 1 deletions
@@ -0,0 +1,208 @@
+import * as plugins from '../plugins.js';
+import * as data from '../data/index.js';
+
+export interface IReq_GetMfaStatus
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_GetMfaStatus
+  > {
+  method: 'getMfaStatus';
+  request: {
+    jwt: string;
+  };
+  response: {
+    totpEnabled: boolean;
+    backupCodesRemaining: number;
+    passkeys: data.IPasskeyCredential[];
+    availableMethods: data.TMfaMethod[];
+  };
+}
+
+export interface IReq_StartTotpEnrollment
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_StartTotpEnrollment
+  > {
+  method: 'startTotpEnrollment';
+  request: {
+    jwt: string;
+  };
+  response: {
+    credentialId: string;
+    secret: string;
+    otpauthUrl: string;
+  };
+}
+
+export interface IReq_FinishTotpEnrollment
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_FinishTotpEnrollment
+  > {
+  method: 'finishTotpEnrollment';
+  request: {
+    jwt: string;
+    credentialId: string;
+    code: string;
+  };
+  response: {
+    success: boolean;
+    backupCodes: string[];
+  };
+}
+
+export interface IReq_DisableTotp
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_DisableTotp
+  > {
+  method: 'disableTotp';
+  request: {
+    jwt: string;
+    code: string;
+  };
+  response: {
+    success: boolean;
+  };
+}
+
+export interface IReq_RegenerateBackupCodes
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_RegenerateBackupCodes
+  > {
+  method: 'regenerateBackupCodes';
+  request: {
+    jwt: string;
+    code: string;
+  };
+  response: {
+    backupCodes: string[];
+  };
+}
+
+export interface IReq_VerifyMfaChallenge
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_VerifyMfaChallenge
+  > {
+  method: 'verifyMfaChallenge';
+  request: {
+    mfaChallengeToken: string;
+    method: Extract<data.TMfaMethod, 'totp' | 'backupCode'>;
+    code: string;
+  };
+  response: {
+    refreshToken: string;
+  };
+}
+
+export interface IReq_StartPasskeyRegistration
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_StartPasskeyRegistration
+  > {
+  method: 'startPasskeyRegistration';
+  request: {
+    jwt: string;
+    label?: string;
+  };
+  response: {
+    challengeId: string;
+    options: Record<string, any>;
+  };
+}
+
+export interface IReq_FinishPasskeyRegistration
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_FinishPasskeyRegistration
+  > {
+  method: 'finishPasskeyRegistration';
+  request: {
+    jwt: string;
+    challengeId: string;
+    label?: string;
+    response: Record<string, any>;
+  };
+  response: {
+    success: boolean;
+    passkey: data.IPasskeyCredential;
+  };
+}
+
+export interface IReq_RevokePasskey
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_RevokePasskey
+  > {
+  method: 'revokePasskey';
+  request: {
+    jwt: string;
+    passkeyId: string;
+  };
+  response: {
+    success: boolean;
+  };
+}
+
+export interface IReq_StartPasskeyLogin
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_StartPasskeyLogin
+  > {
+  method: 'startPasskeyLogin';
+  request: {
+    username?: string;
+  };
+  response: {
+    challengeId: string;
+    options: Record<string, any>;
+  };
+}
+
+export interface IReq_FinishPasskeyLogin
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_FinishPasskeyLogin
+  > {
+  method: 'finishPasskeyLogin';
+  request: {
+    challengeId: string;
+    response: Record<string, any>;
+  };
+  response: {
+    refreshToken: string;
+  };
+}
+
+export interface IReq_StartPasskeyMfa
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_StartPasskeyMfa
+  > {
+  method: 'startPasskeyMfa';
+  request: {
+    mfaChallengeToken: string;
+  };
+  response: {
+    challengeId: string;
+    options: Record<string, any>;
+  };
+}
+
+export interface IReq_FinishPasskeyMfa
+  extends plugins.typedRequestInterfaces.implementsTR<
+    plugins.typedRequestInterfaces.ITypedRequest,
+    IReq_FinishPasskeyMfa
+  > {
+  method: 'finishPasskeyMfa';
+  request: {
+    mfaChallengeToken: string;
+    challengeId: string;
+    response: Record<string, any>;
+  };
+  response: {
+    refreshToken: string;
+  };
+}