Refactor security functions

src/types/auth.ts

@@ -72,3 +72,51 @@ export interface AuthServiceResponse<T = void> {
   data?: T;
   error?: string;
 }
+
+/**
+ * Authentication session from Supabase with hashed IP
+ */
+export interface AuthSession {
+  id: string;
+  created_at: string;
+  updated_at: string;
+  refreshed_at: string | null;
+  user_agent: string | null;
+  ip: string | null; // Pre-hashed by database function
+  not_after: string | null;
+  aal: AALLevel | null;
+}
+
+/**
+ * Security-sensitive operations that may require additional verification
+ */
+export type SecurityOperation =
+  | 'password_change'
+  | 'identity_disconnect'
+  | 'identity_connect'
+  | 'session_revoke'
+  | 'mfa_enroll'
+  | 'mfa_unenroll';
+
+/**
+ * Rate limit information for security operations
+ */
+export interface RateLimitInfo {
+  operation: SecurityOperation;
+  allowed: boolean;
+  attemptsRemaining: number;
+  resetAt: Date;
+  currentAttempts: number;
+  maxAttempts: number;
+}
+
+/**
+ * Security operation context for logging
+ */
+export interface SecurityContext {
+  operation: SecurityOperation;
+  userId?: string;
+  targetUserId?: string;
+  requiresMFA?: boolean;
+  metadata?: Record<string, any>;
+}