bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
866 Commits 2 Branches 3 Tags 60 MiB
880338b79c
Commit Graph

30 Commits

Author SHA1 Message Date
saravanakumardb1
2b3130821c fix(auth): register magic_link event type + use admin productId for enterprise IdP 
- Register 'auth.magic_link_requested' in @bytelyst/events PlatformEventSchemas
- Remove any-cast from magic-link/routes.ts — now properly typed
- Enterprise IdP creation uses admin's JWT productId instead of hardcoded 'smartauth'
- All 53 auth tests passing
 2026-03-12 15:55:09 -07:00
saravanakumardb1
b0e1a54481 fix(auth): enterprise SSO bcrypt hash + upgrade cost 10→12 
- Enterprise SAML/OIDC callbacks used raw 'sso_xxx' string as passwordHash
  which would crash bcrypt.compare(). Now uses userRepo.hashPassword(randomUUID())
- Added updateLastLogin() for existing enterprise SSO users
- Upgraded bcrypt cost factor from 10 to 12 per PRD spec
- All 53 auth tests passing
 2026-03-12 15:35:00 -07:00
saravanakumardb1
0c4e53a0ed feat(auth): Phase 6 — enterprise SAML/OIDC, magic link, HIBP, E2E specs 
6A: Enterprise IdP CRUD, SAML callback, OIDC callback, email domain lookup
6B: Magic link send/verify (15min TTL, anti-enumeration), HIBP breach check
6D: 3 new E2E specs (account-linking, step-up, enterprise) — total 8 SmartAuth specs
- All 53 auth tests passing
 2026-03-12 15:25:28 -07:00
saravanakumardb1
f4b9124065 feat(auth): add Phase 5C-5E endpoints + SDK methods — TOTP secret, push approvals, QR auth 
- GET /auth/mfa/totp/secret — retrieve decrypted TOTP secret for auth app
- POST /auth/mfa/push/create, GET /pending, POST /:id/respond, GET /:id/status
- POST /auth/qr/create, POST /auth/qr/confirm, GET /auth/qr/:id/status
- Kotlin SDK: getTotpSecret, getPendingApprovals, respondToApproval, confirmQrLogin
- Swift SDK: getTotpSecret, getPendingApprovals, respondToApproval, confirmQrLogin
- All 53 auth tests passing
 2026-03-12 15:01:51 -07:00
saravanakumardb1
ae13abfab2 fix(auth): address SmartAuth agent review gaps — Swift mock wiring, passkey SDK consistency, device list parity, JSDoc, SSR docs 2026-03-12 12:27:08 -07:00
saravanakumardb1
a613cf1bf9 test(auth): add SmartAuth integration tests + fix auth.routes.test mocks 
- Add 5 new tests: MFA challenge integration, risk scorer edge cases, login events wiring, device trust pure function
- Fix auth.routes.test.ts: add vi.mock stubs for login-events, risk-scorer, mfa, devices, config, event-bus
- Change afterEach from restoreAllMocks to clearAllMocks (preserves mock implementations between tests)
- Total: 42 smartauth tests, 951 platform-service tests all passing
 2026-03-12 11:27:50 -07:00
saravanakumardb1
0f4be0c325 feat(auth): wire login events into OAuth login helper 
- Record success login event with risk scoring after OAuth token issuance
- Import login-events repo + risk-scorer into oauth/routes
- Best-effort recording — never blocks OAuth login flow
 2026-03-12 11:19:11 -07:00
saravanakumardb1
82d7f157d9 feat(auth): wire login events + MFA challenge into login handler 
- Add recordLoginEvent() helper with risk scoring via scoreLoginRisk()
- On failed login: record 'failed' event with risk assessment
- On MFA-required: issue challenge token, record 'mfa_required' event
- On success: record 'success' event with risk assessment
- Import login-events repo, risk-scorer, mfa repo, challenge store, device repo
 2026-03-12 11:17:23 -07:00
saravanakumardb1
bdb3e95e00 fix(auth): clean up MFA routes — remove redundant imports, use userRepo.update() 
- Remove redundant dynamic import('node:crypto'), use top-level nodeCrypto
- Remove getCollection import, use userRepo.update() for mfaEnabled/mfaMethods
- Expand update() Pick type to include mfaEnabled, mfaMethods, emailVerified
- Remove unused _reply param from MFA policy PUT handler
 2026-03-12 11:12:33 -07:00
saravanakumardb1
362b915ea9 feat(auth): SmartAuth backend core — OAuth, MFA, passkeys, device trust, login events 
Phase 0A: OneAuth schema extension — UserDoc evolution + auth_providers container
Phase 0B: Progressive lockout + IP rate limiting on login
Phase 1A-1B: Google/Microsoft/Apple OAuth + account linking
Phase 1D: Enhanced /auth/me — products, providers, MFA status
Phase 2A-2C: TOTP MFA + challenge flow + admin policies
Phase 3A-3B: WebAuthn passkeys + device trust
Phase 4A: Login events + rule-based risk scoring

New sub-modules: oauth/, mfa/, passkeys/, devices/, login-events/
New containers: auth_providers, auth_mfa, auth_mfa_policies, auth_passkeys, auth_devices, auth_login_events
Tests: 37 new (946 total, all passing), typecheck clean
 2026-03-12 10:55:41 -07:00
saravanakumardb1
b69abf44c7 refactor(platform-service): migrate remaining 14 repositories to @bytelyst/datastore 
Migrated modules: audit, auth, invitations, items, jobs, licenses,
maintenance, notifications, subscriptions, telemetry, tokens, usage,
waitlist, webhooks.

Updated 4 test files (notifications, subscriptions, tokens, usage) from
Cosmos SDK mocks to MemoryDatastoreProvider.

Zero cosmos.js imports remain in modules/. All 66 test files pass (746 tests).
 2026-03-02 01:06:24 -08:00
saravanakumardb1
2f199cb67a fix(auth): replace hardcoded product ID lists with dynamic getAllProducts() in reset-password and verify-email 2026-03-01 17:43:32 -08:00
saravanakumardb1
4e94ecd721 feat(auth): add forgot-password/change-password API routes to admin dashboard + wire email delivery 
Admin dashboard:
- platform-client.ts: Added forgotPasswordViaService, changePasswordViaService, deleteAccountViaService
- app/api/auth/forgot-password/route.ts: New API route proxying to platform-service
- app/api/auth/change-password/route.ts: New API route for authenticated password change

Platform-service (from prior session):
- auth/routes.ts: Added /auth/change-password and DELETE /auth/account endpoints, wired email verification on register
- auth/types.ts: Added ChangePasswordSchema and DeleteAccountSchema
- delivery/subscribers.ts: Updated password reset subscriber, added email verification subscriber
- delivery/channels/email.ts: Added ByteLyst email API provider (sendViaBytelyst)
- delivery/types.ts: Added 'bytelyst' provider
- events/types.ts: Added resetToken/displayName to user.password_reset, added user.email_verification_requested event
 2026-02-28 04:17:04 -08:00
saravanakumardb1
662d417267 feat(platform): add email delivery module, wire event bus into auth, update roadmap 
- modules/delivery: 8 email templates, renderer, SendGrid/Postmark/console adapters, dispatcher, delivery log, 21 tests
- modules/delivery/subscribers: event bus listeners for user.created, password_reset, email_verified
- auth/routes: emit bus events on register, forgot-password, verify-email (fire-and-forget)
- cosmos-init: delivery_log container (pk /pk, 90d TTL)
- roadmap: updated inventory (30 modules, 14 packages, 988 tests), marked P0 items complete
- 988 platform-service + 14 events = 1002 total tests passing
 2026-02-28 02:36:58 -08:00
saravanakumardb1
772f428967 feat(platform): add P0 foundational modules — event bus, scheduled jobs, password reset, email verification, status page 2026-02-28 02:29:08 -08:00
saravanakumardb1
b977e85bc2 feat(platform-service): add profile updates, tokens, and themes modules 
Auth:
- PUT /auth/profile — self-service profile update (displayName, phone, bio, avatarUrl)
- ProfileUpdateSchema added to types.ts
- Repository update() expanded to accept profile fields

Tokens module (new):
- GET /tokens — list tokens (admin: all, user: own)
- POST /tokens — create API token (admin only)
- GET /tokens/count — count active tokens
- PATCH /tokens/:id — revoke token (admin only)
- DELETE /tokens/:id — delete token (super_admin only)

Themes module (new):
- GET /themes — list all themes (admin only)
- POST /themes — create theme (admin only)
- GET /themes/active — get active theme (public, no auth)
- GET /themes/:id — get theme by id (admin only)
- PUT /themes/:id — update theme (admin only)
- DELETE /themes/:id — delete theme (admin only)
- POST /themes/:id/activate — set theme as active (admin only)
 2026-02-15 17:29:43 -08:00
saravanakumardb1
be3f5459bd feat(platform-service): add SSO login endpoint (/auth/sso) 
- POST /auth/sso — accepts verified email + provider + productId
- Creates user if not exists (with subscription + license provisioning)
- Issues platform JWT tokens for existing SSO users
- Supports Microsoft and Google OAuth providers
- Added SsoLoginSchema to types.ts
 2026-02-15 16:38:10 -08:00
saravanakumardb1
c7fb2eb357 feat(platform-service): add admin user management routes 
- GET /auth/users — list users (paginated, admin-only)
- GET /auth/users/count — total + by-plan counts
- GET /auth/users/:id — get user by id
- PUT /auth/users/:id — update user (displayName, role, plan, status)
- DELETE /auth/users/:id — delete user
- repository: added list, count, countByPlan, update, remove functions
- types: added UpdateUserSchema
 2026-02-15 16:21:26 -08:00
saravanakumardb1
8a7a0495b0 test(platform-service): add route-level tests for Phase 1 migration behaviors 
- Added auth register route tests for default provisioning and best-effort fallback
- Added license activate route tests for token issuance, product device limits, and lockout
- Added Stripe webhook route tests for any-product fallback and plan normalization
- Verified: tsc --noEmit clean, 23 test files / 189 tests passing
 2026-02-15 15:09:23 -08:00
saravanakumardb1
a699dd9073 fix(platform-service): harden register/stripe flows for multi-product correctness 
- Make auth register provisioning truly best-effort (warn on failure, do not fail signup)
- Process Stripe webhook events for all products (remove non-default skip)
- Derive updated subscription plan from Stripe price IDs on subscription.updated
- Sync derived plan to auth users and backend plan sync endpoint
- Verified: tsc --noEmit clean, 20 test files / 183 tests passing
 2026-02-15 14:59:27 -08:00
saravanakumardb1
84681cbf75 feat(platform-service): add user plan update to auth module for Stripe webhooks 
- Added auth repository updatePlan(userId, productId, plan) helper
- Stripe webhook handlers now sync plan changes into auth users container
- Handles checkout completion and cancellation downgrade paths
- Keeps existing backend sync behavior intact
- Verified: tsc --noEmit clean, 19 test files / 178 tests passing
 2026-02-15 14:47:26 -08:00
saravanakumardb1
a264538c5e feat(platform-service): register hook provisions subscription + license from product config 
- /auth/register now validates product from products cache
- Automatically provisions initial subscription using product defaultPlan + trialDays
- Automatically provisions initial license using product licensePrefix + deviceLimits
- Keeps auth user creation as primary flow while adding provisioning side-effects
- Verified: tsc --noEmit clean, 19 test files / 178 tests passing
 2026-02-15 14:44:31 -08:00
saravanakumardb1
17772ed42a feat(platform-service): auth/refresh returns both accessToken + refreshToken 
- Refresh endpoint now rotates refresh token and returns both tokens
- Keeps existing refresh token validation semantics
- Verified: tsc --noEmit clean, 19 test files / 178 tests passing
 2026-02-15 14:40:34 -08:00
saravanakumardb1
a9ac953ed1 feat(platform-service): add plan field to auth UserDoc + auth responses 
- Added plan to auth UserDoc model and token payload typing
- Register flow initializes user.plan from product default plan
- Login/Register/Me responses now include user.plan
- Access tokens now include optional plan claim
- Verified: tsc --noEmit clean, 19 test files / 178 tests passing
 2026-02-15 14:39:42 -08:00
saravanakumardb1
60617ab050 refactor(platform-service): replace PRODUCT_ID with getRequestProductId(req) in all modules 
- 26 files updated: all repositories accept productId parameter instead of env var
- All route handlers extract productId via getRequestProductId(req) (JWT → header → env fallback)
- Repositories: auth, flags, audit, notifications, licenses, plans, referrals, usage, subscriptions, invitations
- Routes: all above + promos, items, memory, public, ratelimit, stripe
- lib/webhooks.ts: dispatchWebhook accepts optional productId parameter
- Stripe webhook handler uses metadata-based productId (no client JWT available)
- Ratelimit default config uses DEFAULT_PRODUCT_ID at startup
- 166 tests pass, tsc --noEmit clean
 2026-02-15 14:29:11 -08:00
saravanakumardb1
8e5c6dc2d6 refactor(platform-service): auth routes + types — add productId to login/register schemas 
- LoginSchema and RegisterSchema now require productId field
- Login/Register routes use productId from request body (not env var)
- PRODUCT_ID import removed from auth/routes.ts
- Test fixtures updated with productId: 'lysnrai'
 2026-02-15 14:18:59 -08:00
saravanakumardb1
8cc70db676 refactor(platform-service): auth/jwt.ts — productId from caller, issuer → 'bytelyst-platform' 
- createAccessToken() and createRefreshToken() now require productId parameter
- Issuer changed from PRODUCT_ID env var to generic 'bytelyst-platform'
- verifyToken() validates against 'bytelyst-platform' issuer
- auth/routes.ts callers updated to pass productId (still from PRODUCT_ID env var for now)
- Refresh endpoint reads productId from user doc
 2026-02-15 14:16:49 -08:00
saravanakumardb1
90b9cf93d8 fix(common): configure ESLint 9 and fix lint issues 
- Added @eslint/js dependency
- Updated eslint.config.js for ESLint 9 compatibility
- Added required globals (crypto, localStorage, React, etc.)
- Fixed unused imports and variables
- Disabled sort-imports temporarily
- Formatted all files with Prettier
 2026-02-12 16:37:30 -08:00
saravanakumardb1
86a56339ab fix: replace Math.random() IDs with crypto.randomUUID() across all services 
- billing-service: licenses, subscriptions (pay_, lic_)
- growth-service: invitations, referrals (inv_, ref_)
- platform-service: auth, audit (usr_, aud_)
- tracker-service: items, comments, votes, public (trk_, cmt_, vote_)
- Add votes.test.ts — closes the only missing module test
 2026-02-12 13:03:09 -08:00
saravanakumardb1
e1ab956ac3 feat(services): add platform-service (auth, audit, flags, notifications, blob) 
- Copied as-is from learning_voice_ai_agent/services/platform-service
- 55 tests passing (vitest)
- Fastify 5 + Cosmos DB + jose + bcryptjs + Zod
- Modules: auth, audit, flags, notifications, blob, ratelimit
- Port 4003
 2026-02-12 11:39:00 -08:00