Implement Authentication System Based on ThothOS

[goobz22]

Description

Implement the authentication system from ThothOS into Network-Proxy. The authentication system uses token-based authentication with multiple verification methods (MFA, SMS, Email) and supports multiple user types.

GraphQL Integration Details

User Verification Endpoints

Network-Proxy will query these GraphQL endpoints from Unlimited-Application-Skeleton:

// Query user details by email
const getAdministratorByEmail = async (email: string): Promise<UserAuthData | null> => {
  const response = await fetch('https://technologiesunlimited.net/api/graphql/user/administrator', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      query: `
        query getAdministratorByEmail($email: String!) {
          getAdministratorByEmail(email: $email) {
            _id
            authId
            email
            phoneNumber
          }
        }
      `,
      variables: { email },
    }),
    credentials: 'include',
  });
  
  // Process response
}

// Similar endpoints for employee and customer users
// - /api/graphql/user/employee
// - /api/graphql/user/customer

Verification Status Endpoint

// Get verification status (which methods are enabled)
const getVerificationStatus = async (userId: string): Promise<VerificationStatus | null> => {
  const response = await fetch('https://technologiesunlimited.net/api/graphql/verification', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      query: `
        query getVerificationByUserId($userId: String!) {
          getVerificationByUserId(userId: $userId) {
            _id
            emailVerified
            phoneVerified
            mfaVerified
            userId
          }
        }
      `,
      variables: { userId },
    }),
    credentials: 'include',
  });
  
  // Process response
}

MFA Token Verification Endpoint

// Check if MFA is set up for a user
const checkUserMfaSetup = async (userId: string): Promise<{ hasMfaSecret: boolean; mfaSecret?: string }> => {
  const response = await fetch('https://technologiesunlimited.net/api/graphql/user/auth', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      query: `
        query getUserMfaSecret($userId: String!, $tokenType: TokenType!) {
          getUserMfaSecret(userId: $userId, tokenType: $tokenType) {
            secret
          }
        }
      `,
      variables: {
        userId,
        tokenType: TOKEN_TYPES.LOGGING_IN_MFA,
      },
    }),
    credentials: 'include',
  });
  
  // Process response
}

Token Management API

Network-Proxy will use Unlimited-Application-Skeleton's token API for all token operations:

// Create a token
const createToken = async (tokenType: TokenType, userId: string, mfaSecret?: string): Promise<TokenData> => {
  const response = await fetch('https://technologiesunlimited.net/api/token', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      tokenName: tokenType,
      userId,
      mfaSecret, // Optional, only for MFA tokens
    }),
    credentials: 'include',
  });
  
  // Process response
}

Token System Implementation

Network-Proxy will implement identical token types to match Unlimited-Application-Skeleton:

const TOKEN_TYPES = {
  // Main authentication states
  LOGGED_IN: 'logged_in',

  // Login flow tokens
  LOGGING_IN_MAIN: 'logging_in_main',
  LOGGING_IN_EMAIL: 'logging_in_email',
  LOGGING_IN_SMS: 'logging_in_sms',
  LOGGING_IN_MFA: 'logging_in_mfa',

  // Signup flow tokens
  SIGNING_UP_MAIN: 'signing_up_main', 
  SIGNED_UP_EMAIL: 'signed_up_email',
  SIGNED_UP_SMS: 'signed_up_sms',
  SIGNED_UP_MFA: 'signed_up_mfa',
} as const;

Authentication Flow Implementation

1. Login Flow:

   • User enters email and phone number
   • Network-Proxy calls Unlimited-Application-Skeleton GraphQL to verify user exists
   • Based on verification methods, redirects to appropriate verification page (MFA, SMS, Email)

2. MFA Verification:

   • Requests user's MFA secret from Unlimited-Application-Skeleton
   • Verifies MFA token locally using same verification function
   • Creates LOGGING_IN_MFA and LOGGED_IN tokens via API

3. SMS Verification:

   • Uses Unlimited-Application-Skeleton's Twilio integration for verification
   • Creates LOGGING_IN_SMS and SIGNED_UP_SMS tokens

4. Email Verification:

   • Uses Unlimited-Application-Skeleton's email verification API
   • Creates LOGGING_IN_EMAIL and SIGNED_UP_EMAIL tokens

File Structure

The implementation will mirror Unlimited-Application-Skeleton's structure:

/src
  /app
    /auth
      /login
        index.tsx       # Main login page
        page.tsx        # Login route
        /mfa-verification
          index.tsx     # MFA verification component
          page.tsx      # MFA verification route
        /text-verification
          index.tsx     # SMS verification component
          page.tsx      # SMS verification route
        /email-verification
          index.tsx     # Email verification component
          page.tsx      # Email verification route
      /hooks
        useEmailVerification.ts  # Hook for email verification
        useSmsVerification.ts    # Hook for SMS verification

Configuration Requirements

Network-Proxy will need these environment variables:

# Unlimited-Application-Skeleton base URL
NEXT_PUBLIC_AUTH_API_URL=https://technologiesunlimited.net

# Local or production mode flag (affects cookie settings)
NODE_ENV=development

CORS Considerations

• Ensure Unlimited-Application-Skeleton's CORS is configured to allow Network-Proxy origin
• Update cookie settings to work across domains if needed
• Implement secure cookie handling for production