apps/api/src/features/auth/auth.service.ts

Auto-generated by scripts/generate-file-docs.ts. Do not edit — overwritten on every run.

Purpose

AuthService — auth orchestration with no transport coupling. Responsibilities: - exchangeClerkSession: upsert the Users row matching a Clerk subject, write an AUTH_LOGIN audit row, and return whether the row is new. - authenticateChild: verify a parent-managed child credential with Argon2id. NO parent session is required — the child authenticates stand-alone via username + PIN (api-contracts.md §3, auth-rbac-design §Child authentication). Writes AUTH_CHILD_LOGIN (success) or AUTH_CHILD_LOGIN_FAILED (failure) audit rows. - signChildToken / signPlatformSession: issue platform-signed session JWTs. CHILD_JWT_SECRET is REQUIRED; we fail closed rather than fall back to a hardcoded value (security-high-items-design §1.2). Child session TTL: 4 hours per security-high-items-design §1.4. /

Exports

• export class AuthService

Imports

• ../../adapters/db
• ../../config
• ../../lib/errors
• ../../lib/logger
• @prisma/client
• argon2
• jsonwebtoken

Imported by

• apps/api/src/features/auth/auth.controller.ts
• apps/api/src/features/auth/auth.service.test.ts