Phase 1 - Add AWS Amplify Authentication and User Models

- Integrate AWS Amplify authentication dependencies
- Extend auth and user models to support Cognito user attributes
- Add types for social authentication, auth state, and Cognito user details
- Update package dependencies to include Amplify authentication modules

Author: jkestering-modus

frontend/package-lock.json

@@ -29,6 +29,9 @@
     ]
   },
   "dependencies": {
+    "@aws-amplify/auth": "^6.0.15",
+    "@aws-amplify/core": "^6.0.15",
+    "@aws-amplify/ui-react": "^6.1.1",
     "@capacitor/android": "6.2.0",
     "@capacitor/app": "6.0.2",
     "@capacitor/assets": "3.0.5",

frontend/package.json

@@ -0,0 +1,58 @@
+/**
+ * AWS Configuration for the application
+ * 
+ * This file contains configuration settings for AWS services including Cognito User Pool.
+ * In a production environment, these values should come from environment variables.
+ */
+
+export const REGION = 'us-east-1'; // Replace with your AWS region
+
+/**
+ * Cognito Configuration
+ */
+export const COGNITO_CONFIG = {
+  // User Pool
+  USER_POOL_ID: import.meta.env.VITE_COGNITO_USER_POOL_ID || 'us-east-1_xxxxxxxx', // Replace with your User Pool ID
+  USER_POOL_WEB_CLIENT_ID: import.meta.env.VITE_COGNITO_APP_CLIENT_ID || 'xxxxxxxxxxxxxxxxxxxxxxxxxx', // Replace with your App Client ID
+  
+  // OAuth Configuration (for Social Login)
+  OAUTH: {
+    domain: import.meta.env.VITE_COGNITO_DOMAIN || 'your-domain.auth.us-east-1.amazoncognito.com', // Replace with your Cognito domain
+    scope: ['email', 'profile', 'openid'],
+    redirectSignIn: import.meta.env.VITE_REDIRECT_SIGN_IN || 'http://localhost:3000/',
+    redirectSignOut: import.meta.env.VITE_REDIRECT_SIGN_OUT || 'http://localhost:3000/',
+    responseType: 'code' as const
+  },
+  
+  // Auth mechanisms
+  AUTH_MECHANISMS: ['EMAIL'],
+  
+  // Social providers
+  SOCIAL_PROVIDERS: ['Google', 'SignInWithApple'],
+};
+
+/**
+ * Amplify Configuration object for initializing Amplify (V6 format)
+ */
+export const amplifyConfig = {
+  Auth: {
+    Cognito: {
+      userPoolId: COGNITO_CONFIG.USER_POOL_ID,
+      userPoolClientId: COGNITO_CONFIG.USER_POOL_WEB_CLIENT_ID,
+      loginWith: {
+        email: true,
+        phone: false,
+        username: false,
+        oauth: {
+          domain: COGNITO_CONFIG.OAUTH.domain,
+          scopes: COGNITO_CONFIG.OAUTH.scope,
+          redirectSignIn: [COGNITO_CONFIG.OAUTH.redirectSignIn],
+          redirectSignOut: [COGNITO_CONFIG.OAUTH.redirectSignOut],
+          responseType: 'code' as const
+        }
+      }
+    }
+  },
+  // Configure only the region you need to use
+  region: REGION
+}; 

frontend/src/common/config/aws-config.ts

@@ -16,3 +16,54 @@ export type UserTokens = {
 export type RememberMe = {
   username: string;
 };
+
+/**
+ * The `CognitoUserAttributes` type. Cognito user attributes.
+ */
+export type CognitoUserAttributes = {
+  email: string;
+  email_verified?: boolean;
+  given_name?: string;
+  family_name?: string;
+  phone_number?: string;
+  phone_number_verified?: boolean;
+  sub?: string;
+};
+
+/**
+ * The `AuthError` type. Authentication error details.
+ */
+export type AuthError = {
+  code: string;
+  message: string;
+  name: string;
+};
+
+/**
+ * The `SignUpParams` type. Parameters for user registration.
+ */
+export type SignUpParams = {
+  username: string;
+  password: string;
+  attributes: {
+    email: string;
+    given_name: string;
+    family_name: string;
+  };
+};
+
+/**
+ * Social authentication providers
+ */
+export enum SocialAuthProvider {
+  GOOGLE = 'Google',
+  APPLE = 'SignInWithApple',
+}
+
+/**
+ * The `AuthState` type. Current auth state.
+ */
+export enum AuthState {
+  SIGNED_IN = 'signedIn',
+  SIGNED_OUT = 'signedOut',
+}

frontend/src/common/models/auth.ts

@@ -34,3 +34,33 @@ export type User = {
   address: Address;
   company: Company;
 };
+
+/**
+ * Cognito User type aligned with AWS Cognito attributes
+ */
+export type CognitoUser = {
+  // Unique identifier (sub from Cognito)
+  id: string;
+  // Username (usually email in our case)
+  username: string;
+  // Email address
+  email: string;
+  // Full name composed of given_name and family_name
+  name?: string;
+  // First name from Cognito given_name attribute
+  firstName?: string;
+  // Last name from Cognito family_name attribute
+  lastName?: string;
+  // Phone number
+  phone?: string;
+  // Whether email is verified
+  emailVerified?: boolean;
+  // Whether phone is verified
+  phoneVerified?: boolean;
+  // User groups/roles
+  groups?: string[];
+  // Created date
+  createdAt?: string;
+  // Updated date
+  updatedAt?: string;
+};

frontend/src/common/models/user.ts

@@ -0,0 +1,183 @@
+import { signIn, signUp, confirmSignUp, signOut, 
+  fetchAuthSession, getCurrentUser } from '@aws-amplify/auth';
+import { Amplify } from 'aws-amplify';
+import { amplifyConfig } from '../../config/aws-config';
+import { UserTokens } from '../../models/auth';
+
+/**
+ * Initialize AWS Amplify with the configuration
+ */
+Amplify.configure(amplifyConfig);
+
+/**
+ * Cognito Authentication Service
+ * 
+ * A service to handle interactions with AWS Cognito for authentication and user management
+ */
+export class CognitoAuthService {
+
+  /**
+   * Sign in with email and password
+   * @param username Email address
+   * @param password Password
+   * @returns Promise resolving to the authenticated user
+   */
+  static async signIn(username: string, password: string) {
+    try {
+      const user = await signIn({ username, password });
+      return user;
+    } catch (error) {
+      this.handleAuthError(error);
+      throw error;
+    }
+  }
+
+  /**
+   * Sign up a new user
+   * @param email User's email
+   * @param password User's password
+   * @param attributes User attributes (first name, last name)
+   * @returns Promise resolving to the sign up result
+   */
+  static async signUp(email: string, password: string, attributes: { firstName: string; lastName: string }) {
+    try {
+      const result = await signUp({
+        username: email,
+        password,
+        options: {
+          userAttributes: {
+            email,
+            given_name: attributes.firstName,
+            family_name: attributes.lastName,
+          }
+        }
+      });
+      return result;
+    } catch (error) {
+      this.handleAuthError(error);
+      throw error;
+    }
+  }
+
+  /**
+   * Confirm sign up with verification code
+   * @param username Email address
+   * @param code Verification code
+   * @returns Promise resolving to the confirmation result
+   */
+  static async confirmSignUp(username: string, code: string) {
+    try {
+      return await confirmSignUp({ username, confirmationCode: code });
+    } catch (error) {
+      this.handleAuthError(error);
+      throw error;
+    }
+  }
+
+  /**
+   * Sign out the current user
+   * @returns Promise resolving when sign out is complete
+   */
+  static async signOut() {
+    try {
+      return await signOut();
+    } catch (error) {
+      this.handleAuthError(error);
+      throw error;
+    }
+  }
+
+  /**
+   * Get current authenticated user
+   * @returns Promise resolving to the current authenticated user
+   */
+  static async getCurrentUser() {
+    try {
+      return await getCurrentUser();
+    } catch (_error) {
+      // Not throwing here as this is often used to check if a user is signed in
+      console.error('Error getting current user:', _error);
+      return null;
+    }
+  }
+
+  /**
+   * Get current session
+   * @returns Promise resolving to the current session
+   */
+  static async getCurrentSession() {
+    try {
+      return await fetchAuthSession();
+    } catch (_error) {
+      console.error('Error getting current session:', _error);
+      return null;
+    }
+  }
+
+  /**
+   * Get user tokens from the current session
+   * @returns Promise resolving to UserTokens or null if no session
+   */
+  static async getUserTokens(): Promise<UserTokens | null> {
+    try {
+      const session = await fetchAuthSession();
+      
+      if (!session.tokens || !session.tokens.accessToken || !session.tokens.idToken) {
+        return null;
+      }
+      
+      // Get expiration time from access token
+      const accessToken = session.tokens.accessToken;
+      const expirationTime = accessToken.payload.exp ?? 0;
+      
+      return {
+        access_token: accessToken.toString(),
+        id_token: session.tokens.idToken.toString(),
+        refresh_token: '', // AWS Amplify v6 doesn't expose refresh token directly
+        token_type: 'bearer',
+        expires_in: Math.floor((new Date(expirationTime * 1000).getTime() - Date.now()) / 1000),
+        expires_at: new Date(expirationTime * 1000).toISOString(),
+      };
+    } catch (_error) {
+      this.handleAuthError(_error);
+      return null;
+    }
+  }
+
+  /**
+   * Initiate social sign in (Google or Apple)
+   * @param provider 'Google' or 'SignInWithApple'
+   * @returns Promise
+   */
+  static async federatedSignIn(provider: 'Google' | 'SignInWithApple') {
+    try {
+      // This needs OAuth configuration in the Amplify setup
+      // In AWS Amplify v6, we'd use a different approach for federated sign in
+      // Placeholder for now
+      console.warn('federatedSignIn is not implemented in this version', provider);
+      // In production, federated sign-in would be handled differently
+      // For example, using a hosted UI or custom implementation
+      return null;
+    } catch (error) {
+      this.handleAuthError(error);
+      throw error;
+    }
+  }
+
+  /**
+   * Handle common authentication errors
+   * @param error The error from Cognito
+   */
+  private static handleAuthError(error: unknown) {
+    // Log the error for debugging
+    console.error('Authentication error:', error);
+    
+    // You can add custom error handling logic here
+    // For example, mapping Cognito error codes to user-friendly messages
+  }
+}
+
+/**
+ * Export singleton instance for easy imports
+ */
+export default CognitoAuthService;