Refactor: Implement full authentication overhaul

src/types/auth.ts

@@ -0,0 +1,74 @@
+import type { Session, User } from '@supabase/supabase-js';
+
+/**
+ * Authenticator Assurance Levels (AAL)
+ * - aal1: Basic authentication (password/OAuth/magic link)
+ * - aal2: Multi-factor authentication completed
+ */
+export type AALLevel = 'aal1' | 'aal2';
+
+/**
+ * MFA Factor types supported by Supabase
+ */
+export type MFAFactorType = 'totp';
+
+/**
+ * MFA Factor status
+ */
+export type MFAFactorStatus = 'verified' | 'unverified';
+
+/**
+ * MFA Factor structure from Supabase
+ */
+export interface MFAFactor {
+  id: string;
+  factor_type: MFAFactorType;
+  status: MFAFactorStatus;
+  friendly_name?: string;
+  created_at: string;
+  updated_at: string;
+}
+
+/**
+ * Result of AAL step-up check
+ */
+export interface CheckAalResult {
+  needsStepUp: boolean;
+  hasMfaEnrolled: boolean;
+  currentLevel: AALLevel | null;
+  hasEnrolledFactors?: boolean;
+  factorId?: string;
+}
+
+/**
+ * Authentication method types
+ */
+export type AuthMethod = 'password' | 'oauth' | 'magiclink';
+
+/**
+ * Authentication session with AAL information
+ */
+export interface AuthSessionInfo {
+  session: Session | null;
+  user: User | null;
+  aal: AALLevel;
+  authMethod?: AuthMethod;
+}
+
+/**
+ * MFA Challenge result
+ */
+export interface MFAChallengeResult {
+  success: boolean;
+  error?: string;
+  newAal?: AALLevel;
+}
+
+/**
+ * Auth service response
+ */
+export interface AuthServiceResponse<T = void> {
+  success: boolean;
+  data?: T;
+  error?: string;
+}