@ackplus/nest-auth-contracts 2.0.0-beta.9 → 2.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +107 -11
- package/dist/index.cjs +6 -6
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +7 -27
- package/dist/index.d.ts +7 -27
- package/dist/index.js +6 -6
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1,25 +1,121 @@
|
|
|
1
1
|
# @ackplus/nest-auth-contracts
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
[](https://www.npmjs.com/package/@ackplus/nest-auth-contracts)
|
|
4
|
+
[](https://www.npmjs.com/package/@ackplus/nest-auth-contracts)
|
|
5
|
+
[](https://www.npmjs.com/package/@ackplus/nest-auth-contracts)
|
|
4
6
|
|
|
5
|
-
|
|
7
|
+
Shared TypeScript types and enums for the `@ackplus/nest-auth` ecosystem. **Types-only — zero runtime code, zero bundle cost.**
|
|
6
8
|
|
|
7
|
-
|
|
9
|
+
> 📚 **Browse every type at [ack-solutions.github.io/nest-auth/docs/api-reference/types](https://ack-solutions.github.io/nest-auth/docs/api-reference/types/)**
|
|
8
10
|
|
|
9
|
-
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
## Why this package exists
|
|
14
|
+
|
|
15
|
+
Backend, JS client, and React layer all need the same types — DTOs, enums, domain interfaces. This package is the single source of truth so a change to a request/response shape on the server breaks the client at compile time, not at runtime.
|
|
16
|
+
|
|
17
|
+
It is consumed by:
|
|
18
|
+
|
|
19
|
+
- [`@ackplus/nest-auth`](https://www.npmjs.com/package/@ackplus/nest-auth) — NestJS backend module
|
|
20
|
+
- [`@ackplus/nest-auth-client`](https://www.npmjs.com/package/@ackplus/nest-auth-client) — framework-agnostic JS/TS client
|
|
21
|
+
- [`@ackplus/nest-auth-react`](https://www.npmjs.com/package/@ackplus/nest-auth-react) — React provider, hooks, guards
|
|
22
|
+
|
|
23
|
+
You usually don't install it directly — it's a transitive dependency of all three. Install it explicitly when you want to type-check code that consumes the auth API without pulling in the full backend or client package.
|
|
24
|
+
|
|
25
|
+
## Install
|
|
10
26
|
|
|
11
27
|
```bash
|
|
12
|
-
npm install @ackplus/nest-auth-contracts
|
|
13
|
-
# or
|
|
14
28
|
pnpm add @ackplus/nest-auth-contracts
|
|
15
29
|
```
|
|
16
30
|
|
|
17
|
-
|
|
31
|
+
Both ESM and CommonJS builds ship in the package. No peer dependencies.
|
|
32
|
+
|
|
33
|
+
## What's exported
|
|
34
|
+
|
|
35
|
+
### Enums
|
|
36
|
+
|
|
37
|
+
```ts
|
|
38
|
+
import {
|
|
39
|
+
NestAuthMFAMethodEnum, // 'email' | 'sms' | 'totp'
|
|
40
|
+
NestAuthOTPTypeEnum, // 'passwordless_login' | 'magic_link_login' | 'password_reset' | 'email_verification' | 'phone_verification' | 'mfa'
|
|
41
|
+
TenantModeEnum, // 'isolated' | 'shared'
|
|
42
|
+
} from '@ackplus/nest-auth-contracts';
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
### Request DTOs
|
|
46
|
+
|
|
47
|
+
`ILoginRequest`, `ISignupRequest`, `IRefreshRequest`, `ISwitchTenantRequest`, `IVerify2faRequest`, `IToggleMfaRequest`, `IVerifyTotpSetupRequest`, `IForgotPasswordRequest`, `IResetPasswordWithTokenRequest`, `IChangePasswordRequest`, `IVerifyForgotPasswordOtpRequest`, `IVerifyEmailRequest`, `IVerifyPhoneRequest`, `IPasswordlessSendRequest`, `IInitializeAdminRequest`, `ICreateRoleInput`, `IUpdateRoleInput`, `IUpdatePermissionInput` …
|
|
48
|
+
|
|
49
|
+
### Response DTOs
|
|
50
|
+
|
|
51
|
+
`IAuthResponse`, `ITokenPair`, `IUserResponse`, `ISessionUserData`, `IMessageResponse`, `IVerify2faResponse`, `IMfaStatusResponse`, `IMfaDevice`, `ITotpSetupResponse`, `IVerifyOtpResponse`, `ISessionVerifyResponse` …
|
|
52
|
+
|
|
53
|
+
### Credential type unions
|
|
54
|
+
|
|
55
|
+
`ILoginCredentials = IEmailCredentials | IPhoneCredentials | ISocialCredentials | IPasswordlessOtpLoginCredentials`
|
|
56
|
+
|
|
57
|
+
### Domain interfaces
|
|
18
58
|
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
59
|
+
`INestAuthUser`, `INestAuthIdentity`, `INestAuthSession`, `INestAuthAccessKey`, `INestAuthOTP`, `INestAuthMFASecret`, `INestAuthTrustedDevice`, `INestAuthRole`, `INestAuthPermission`, `INestAuthTenant`, `INestAuthUserAccess`
|
|
60
|
+
|
|
61
|
+
### Configuration interfaces
|
|
62
|
+
|
|
63
|
+
`IEmailAuthConfig`, `IPhoneAuthConfig`, `IMfaConfig`, `IRegistrationConfig`, `INestAuthTenantOptions`, `ITenantsConfig`, `ISsoConfig`, `IUiConfig` …
|
|
64
|
+
|
|
65
|
+
[Full type reference →](https://ack-solutions.github.io/nest-auth/docs/api-reference/types/)
|
|
66
|
+
|
|
67
|
+
## Common imports
|
|
68
|
+
|
|
69
|
+
```ts
|
|
70
|
+
import {
|
|
71
|
+
// Enums
|
|
72
|
+
NestAuthMFAMethodEnum,
|
|
73
|
+
NestAuthOTPTypeEnum,
|
|
74
|
+
TenantModeEnum,
|
|
75
|
+
|
|
76
|
+
// Request/response DTOs
|
|
77
|
+
ILoginRequest,
|
|
78
|
+
ISignupRequest,
|
|
79
|
+
IAuthResponse,
|
|
80
|
+
IMfaStatusResponse,
|
|
81
|
+
ISessionUserData,
|
|
82
|
+
|
|
83
|
+
// Domain interfaces
|
|
22
84
|
INestAuthUser,
|
|
23
|
-
|
|
85
|
+
INestAuthSession,
|
|
86
|
+
INestAuthRole,
|
|
87
|
+
INestAuthTenant,
|
|
24
88
|
} from '@ackplus/nest-auth-contracts';
|
|
89
|
+
|
|
90
|
+
async function login(req: ILoginRequest): Promise<IAuthResponse> {
|
|
91
|
+
return fetch('/auth/login', { method: 'POST', body: JSON.stringify(req) }).then((r) => r.json());
|
|
92
|
+
}
|
|
25
93
|
```
|
|
94
|
+
|
|
95
|
+
## Naming conventions
|
|
96
|
+
|
|
97
|
+
- **Domain entities** → `INestAuth{Entity}` (e.g. `INestAuthUser`, `INestAuthRole`)
|
|
98
|
+
- **Enums** → `NestAuth{Name}Enum` (e.g. `NestAuthMFAMethodEnum`)
|
|
99
|
+
- **Request DTOs** → `I{Feature}Request`
|
|
100
|
+
- **Response DTOs** → `I{Feature}Response`
|
|
101
|
+
- **Configuration** → `I{Feature}Config` or `I{Feature}Options`
|
|
102
|
+
|
|
103
|
+
## Companion packages
|
|
104
|
+
|
|
105
|
+
| Package | Purpose |
|
|
106
|
+
| --- | --- |
|
|
107
|
+
| [`@ackplus/nest-auth`](https://www.npmjs.com/package/@ackplus/nest-auth) | NestJS backend module |
|
|
108
|
+
| [`@ackplus/nest-auth-client`](https://www.npmjs.com/package/@ackplus/nest-auth-client) | Framework-agnostic JS/TS client |
|
|
109
|
+
| [`@ackplus/nest-auth-react`](https://www.npmjs.com/package/@ackplus/nest-auth-react) | React provider, hooks, guards |
|
|
110
|
+
|
|
111
|
+
All four packages release together with the same version number. Pin them all to the same version.
|
|
112
|
+
|
|
113
|
+
## Links
|
|
114
|
+
|
|
115
|
+
- 📚 [Documentation](https://ack-solutions.github.io/nest-auth/)
|
|
116
|
+
- 💬 [Issue Tracker](https://github.com/ack-solutions/nest-auth/issues)
|
|
117
|
+
- 📦 [GitHub Repository](https://github.com/ack-solutions/nest-auth)
|
|
118
|
+
|
|
119
|
+
## License
|
|
120
|
+
|
|
121
|
+
[MIT](https://github.com/ack-solutions/nest-auth/blob/main/LICENSE)
|
package/dist/index.cjs
CHANGED
|
@@ -27,7 +27,7 @@ __export(index_exports, {
|
|
|
27
27
|
module.exports = __toCommonJS(index_exports);
|
|
28
28
|
|
|
29
29
|
// src/auth.ts
|
|
30
|
-
var NestAuthOTPTypeEnum = /* @__PURE__ */ ((NestAuthOTPTypeEnum2)
|
|
30
|
+
var NestAuthOTPTypeEnum = /* @__PURE__ */ (function(NestAuthOTPTypeEnum2) {
|
|
31
31
|
NestAuthOTPTypeEnum2["PASSWORDLESS_LOGIN"] = "passwordless_login";
|
|
32
32
|
NestAuthOTPTypeEnum2["MAGIC_LINK_LOGIN"] = "magic_link_login";
|
|
33
33
|
NestAuthOTPTypeEnum2["PASSWORD_RESET"] = "password_reset";
|
|
@@ -35,23 +35,23 @@ var NestAuthOTPTypeEnum = /* @__PURE__ */ ((NestAuthOTPTypeEnum2) => {
|
|
|
35
35
|
NestAuthOTPTypeEnum2["PHONE_VERIFICATION"] = "phone_verification";
|
|
36
36
|
NestAuthOTPTypeEnum2["MFA"] = "mfa";
|
|
37
37
|
return NestAuthOTPTypeEnum2;
|
|
38
|
-
})(
|
|
39
|
-
var NestAuthMFAMethodEnum = /* @__PURE__ */ ((NestAuthMFAMethodEnum2)
|
|
38
|
+
})({});
|
|
39
|
+
var NestAuthMFAMethodEnum = /* @__PURE__ */ (function(NestAuthMFAMethodEnum2) {
|
|
40
40
|
NestAuthMFAMethodEnum2["EMAIL"] = "email";
|
|
41
41
|
NestAuthMFAMethodEnum2["SMS"] = "sms";
|
|
42
42
|
NestAuthMFAMethodEnum2["TOTP"] = "totp";
|
|
43
43
|
return NestAuthMFAMethodEnum2;
|
|
44
|
-
})(
|
|
44
|
+
})({});
|
|
45
45
|
|
|
46
46
|
// src/passwordless.ts
|
|
47
47
|
var NEST_AUTH_PASSWORDLESS_PROVIDER = "passwordless";
|
|
48
48
|
|
|
49
49
|
// src/config.ts
|
|
50
|
-
var TenantModeEnum = /* @__PURE__ */ ((TenantModeEnum2)
|
|
50
|
+
var TenantModeEnum = /* @__PURE__ */ (function(TenantModeEnum2) {
|
|
51
51
|
TenantModeEnum2["ISOLATED"] = "isolated";
|
|
52
52
|
TenantModeEnum2["SHARED"] = "shared";
|
|
53
53
|
return TenantModeEnum2;
|
|
54
|
-
})(
|
|
54
|
+
})({});
|
|
55
55
|
// Annotate the CommonJS export names for ESM import in node:
|
|
56
56
|
0 && (module.exports = {
|
|
57
57
|
NEST_AUTH_PASSWORDLESS_PROVIDER,
|
package/dist/index.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts","../src/auth.ts","../src/passwordless.ts","../src/config.ts"],"sourcesContent":["/**\n * @libs/auth-s - Shared authentication s\n */\n\n// Auth s (from auth.ts)\nexport {\n NestAuthMFAMethodEnum,\n NestAuthOTPTypeEnum,\n IEmailCredentials,\n IPhoneCredentials,\n ISocialCredentials,\n IPasswordlessOtpLoginCredentials,\n ILoginCredentials,\n ILoginRequest,\n ISignupRequest,\n IRefreshRequest,\n ISwitchTenantRequest,\n ITokenPair,\n IAuthResponse,\n IAuthUser,\n IAuthSession,\n IMessageResponse,\n IAuthCookieResponse,\n IAuthSuccessResponse,\n IUserResponse,\n ITokensResponse,\n // Entities\n INestAuthIdentity,\n INestAuthSession,\n INestAuthAccessKey,\n INestAuthOTP,\n} from './auth';\n\n// MFA (from mfa.ts)\nexport {\n IVerify2faRequest,\n IVerify2faResponse,\n ISendMfaCodeRequest,\n IToggleMfaRequest,\n IVerifyTotpSetupRequest,\n IMfaDevice,\n IMfaStatusResponse,\n IMfaCodeResponse,\n ITotpSetupResponse,\n // Entities\n INestAuthMFASecret,\n INestAuthTrustedDevice,\n} from './mfa';\n\n// Password\nexport {\n IForgotPasswordRequest,\n IResetPasswordWithTokenRequest,\n IChangePasswordRequest,\n IVerifyForgotPasswordOtpRequest,\n IVerifyOtpResponse,\n} from './password';\n\n// Verification\nexport {\n IVerifyEmailRequest,\n IVerifyPhoneRequest,\n IResendVerificationRequest,\n ISendEmailVerificationRequest,\n ISendPhoneVerificationRequest,\n ISessionVerifyResponse,\n} from './verification';\n// Passwordless login\nexport {\n NEST_AUTH_PASSWORDLESS_PROVIDER,\n} from './passwordless';\nexport type {\n PasswordlessChannel,\n IPasswordlessSendRequest,\n} from './passwordless';\n\n// Admin\nexport {\n IInitializeAdminRequest,\n IInitializeAdminResponse,\n IAdminUser,\n} from './admin';\n\n// Config\nexport {\n IEmailAuthConfig,\n IPhoneAuthConfig,\n IProfileFieldOption,\n IProfileField,\n IRegistrationConfig,\n IMfaConfig,\n ITenantOption,\n ITenantsConfig,\n ISsoProviderConfig,\n ISsoConfig,\n IUiConfig,\n TenantModeEnum,\n INestAuthTenantOptions,\n} from './config';\n\n// User & Role (from user.ts)\nexport {\n INestAuthUser,\n} from './user';\n\n// Role & Permission (from role.ts)\nexport {\n INestAuthRoleTenant,\n INestAuthRole,\n INestAuthPermission,\n ICreateRoleInput,\n IUpdateRoleInput,\n IUpdatePermissionInput,\n IRoleResponse,\n} from './role';\n\n// Tenant (from tenant.ts)\nexport {\n INestAuthTenant,\n INestAuthUserAccess,\n} from './tenant';\n","/**\n * Auth Types\n * Contains: Login/Signup/Token types + Auth Entities (Session, Identity, AccessKey, OTP)\n */\n\nimport type { INestAuthTenant, INestAuthUserAccess } from './tenant';\n\n// OTP Type Enum\nexport enum NestAuthOTPTypeEnum {\n PASSWORDLESS_LOGIN = 'passwordless_login',\n MAGIC_LINK_LOGIN = 'magic_link_login',\n PASSWORD_RESET = 'password_reset',\n EMAIL_VERIFICATION = 'email_verification',\n PHONE_VERIFICATION = 'phone_verification',\n MFA = 'mfa',\n}\n\n// MFA Method Enum (Needed for AuthResponse and others)\nexport enum NestAuthMFAMethodEnum {\n EMAIL = 'email',\n SMS = 'sms',\n TOTP = 'totp',\n}\n\n// --- Entity Interfaces ---\n\nexport interface INestAuthIdentity {\n id: string;\n provider: string;\n providerId: string;\n metadata?: Record<string, any>;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthSession {\n id: string;\n userId: string;\n data?: any;\n refreshToken?: string;\n expiresAt?: Date;\n userAgent?: string;\n deviceName?: string;\n ipAddress?: string;\n lastActive?: Date;\n createdAt?: Date;\n updatedAt?: Date;\n}\n\nexport interface INestAuthAccessKey {\n id: string;\n name: string;\n publicKey: string;\n privateKey: string;\n description?: string;\n isActive: boolean;\n expiresAt?: Date;\n lastUsedAt?: Date;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthOTP {\n id: string;\n userId: string;\n code: string;\n type: NestAuthOTPTypeEnum;\n expiresAt: Date;\n used: boolean;\n createdAt: Date;\n updatedAt: Date;\n}\n\n// --- Request/Response Interfaces ---\n\nexport interface IEmailCredentials {\n email: string;\n password: string;\n}\n\nexport interface IPhoneCredentials {\n phone: string;\n password: string;\n}\n\nexport interface ISocialCredentials {\n token: string;\n}\n\nexport interface IPasswordlessOtpLoginCredentials {\n identifier: string;\n channels?: Array<'email' | 'sms'>;\n code: string;\n}\n\nexport type ILoginCredentials =\n | IEmailCredentials\n | IPhoneCredentials\n | ISocialCredentials\n | IPasswordlessOtpLoginCredentials\n | Record<string, any>;\n\nexport interface ILoginRequest {\n providerName?: 'email' | 'phone' | 'passwordless' | 'google' | 'facebook' | 'apple' | 'github' | string;\n credentials: ILoginCredentials;\n tenantId?: string;\n createUserIfNotExists?: boolean;\n guard?: string;\n}\n\nexport interface ISignupRequest {\n email?: string;\n phone?: string;\n password: string;\n tenantId?: string;\n [key: string]: any;\n}\n\nexport interface IRefreshRequest {\n refreshToken?: string;\n}\n\nexport interface ISwitchTenantRequest {\n tenantId: string;\n}\n\nexport interface ITokenPair {\n accessToken: string;\n refreshToken: string;\n}\n\nexport interface IAuthUser {\n id: string;\n email?: string;\n phone?: string;\n isVerified?: boolean;\n isMfaEnabled?: boolean;\n roles?: string[];\n permissions?: string[];\n metadata?: Record<string, any>;\n userAccesses?: INestAuthUserAccess[];\n}\n\nexport interface IAuthResponse extends ITokenPair {\n message?: string;\n isRequiresMfa?: boolean;\n mfaMethods?: NestAuthMFAMethodEnum[];\n defaultMfaMethod?: NestAuthMFAMethodEnum;\n user?: IAuthUser;\n}\n\nexport interface IAuthSession {\n id: string;\n userId: string;\n expiresAt: string;\n createdAt: string;\n}\n\nexport interface IMessageResponse {\n message: string;\n}\n\nexport interface IAuthCookieResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IAuthSuccessResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IUserResponse {\n id: string;\n email?: string;\n phone?: string;\n isVerified?: boolean;\n isMfaEnabled?: boolean;\n roles?: string[];\n permissions?: string[];\n metadata?: Record<string, any>;\n tenantId?: string;\n tenants?: INestAuthTenant[];\n}\n\nexport interface ITokensResponse {\n accessToken: string;\n refreshToken: string;\n}\n","/**\n * Passwordless login — OTP (email/SMS) and magic link.\n * Uses `code` in verify requests (same as other verification flows; MFA still uses `otp`).\n */\n\n/**\n * `ILoginRequest.providerName` value for passwordless login (OTP / magic link).\n * Matches the server constant `PASSWORDLESS_AUTH_PROVIDER` in `@ackplus/nest-auth`.\n */\nexport const NEST_AUTH_PASSWORDLESS_PROVIDER = 'passwordless' as const;\n\nexport type PasswordlessChannel = 'email' | 'sms';\n\n/** Request a one-time code for passwordless login (email or SMS). */\nexport interface IPasswordlessSendRequest {\n /** Email address or phone number, depending on `channel`. */\n identifier: string;\n channel: PasswordlessChannel;\n tenantId?: string;\n}\n","/**\n * Config Types\n * Client configuration response types\n */\n\nimport { NestAuthMFAMethodEnum } from './auth';\n\nexport interface IEmailAuthConfig {\n enabled: boolean;\n}\n\nexport interface IPhoneAuthConfig {\n enabled: boolean;\n}\n\nexport interface IProfileFieldOption {\n label: string;\n value: string;\n}\n\nexport interface IProfileField {\n id: string;\n label: string;\n required?: boolean;\n type?: 'text' | 'email' | 'phone' | 'select' | 'checkbox' | 'password';\n placeholder?: string;\n options?: IProfileFieldOption[];\n}\n\nexport interface IRegistrationConfig {\n enabled: boolean;\n requireInvitation?: boolean;\n collectProfileFields?: IProfileField[];\n}\n\nexport interface IMfaConfig {\n enabled: boolean;\n methods?: NestAuthMFAMethodEnum[];\n allowUserToggle?: boolean;\n allowMethodSelection?: boolean;\n}\n\nexport interface ITenantOption {\n id: string;\n name: string;\n slug: string;\n isActive: boolean;\n metadata?: Record<string, any>;\n}\n\n/**\n * Tenant support configuration.\n * - enabled: false → no tenant checks; auth works without tenant (future-safe: entities remain).\n * - enabled: true → multi-tenant is on; tenant is required; mode controls behavior:\n * - ISOLATED: one tenant per user (user belongs to one tenant).\n * - SHARED: user can belong to multiple tenants; active tenant from header/subdomain/JWT/custom.\n */\nexport interface INestAuthTenantOptions {\n /** When false, tenant resolution and validation are disabled. When true, multi-tenant is enabled and tenant is required. Default: false. */\n enabled?: boolean;\n /** When enabled, use ISOLATED (one tenant per user) or SHARED (multiple tenants per user). Default: ISOLATED. */\n mode?: TenantModeEnum;\n}\n\nexport enum TenantModeEnum {\n ISOLATED = 'isolated',\n SHARED = 'shared',\n}\n\nexport interface ITenantsConfig {\n mode: TenantModeEnum;\n options?: ITenantOption[];\n}\n\nexport interface ISsoProviderConfig {\n id: string;\n name: string;\n logoUrl?: string;\n authorizationUrl?: string;\n clientId?: string;\n hint?: string;\n}\n\nexport interface ISsoConfig {\n enabled: boolean;\n providers?: ISsoProviderConfig[];\n}\n\nexport interface IUiConfig {\n brandName?: string;\n brandColor?: string;\n logoUrl?: string;\n backgroundImageUrl?: string;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACQO,IAAK,sBAAL,kBAAKA,yBAAL;AACH,EAAAA,qBAAA,wBAAqB;AACrB,EAAAA,qBAAA,sBAAmB;AACnB,EAAAA,qBAAA,oBAAiB;AACjB,EAAAA,qBAAA,wBAAqB;AACrB,EAAAA,qBAAA,wBAAqB;AACrB,EAAAA,qBAAA,SAAM;AANE,SAAAA;AAAA,GAAA;AAUL,IAAK,wBAAL,kBAAKC,2BAAL;AACH,EAAAA,uBAAA,WAAQ;AACR,EAAAA,uBAAA,SAAM;AACN,EAAAA,uBAAA,UAAQ;AAHA,SAAAA;AAAA,GAAA;;;ACTL,IAAM,kCAAkC;;;ACuDxC,IAAK,iBAAL,kBAAKC,oBAAL;AACH,EAAAA,gBAAA,cAAW;AACX,EAAAA,gBAAA,YAAS;AAFD,SAAAA;AAAA,GAAA;","names":["NestAuthOTPTypeEnum","NestAuthMFAMethodEnum","TenantModeEnum"]}
|
|
1
|
+
{"version":3,"sources":["../src/index.ts","../src/auth.ts","../src/passwordless.ts","../src/config.ts"],"sourcesContent":["/**\n * @ackplus/nest-auth-contracts — shared types + a few runtime enums.\n *\n * Note: `export {}` is used for RUNTIME values (enums + token constants).\n * `export type {}` is used for INTERFACES + TYPE ALIASES.\n * Mixing them causes \"No matching export\" errors under newer esbuild (≥0.27).\n */\n\n// Runtime values from auth.ts (enums only)\nexport { NestAuthMFAMethodEnum, NestAuthOTPTypeEnum } from './auth';\n\n// Type-only re-exports from auth.ts\nexport type {\n IEmailCredentials,\n IPhoneCredentials,\n ISocialCredentials,\n IPasswordlessOtpLoginCredentials,\n ILoginCredentials,\n ILoginRequest,\n ISignupRequest,\n IRefreshRequest,\n ISwitchTenantRequest,\n ITokenPair,\n IAuthResponse,\n ISessionUserData,\n IAuthSession,\n IMessageResponse,\n IAuthCookieResponse,\n IAuthSuccessResponse,\n IUserResponse,\n ITokensResponse,\n INestAuthIdentity,\n INestAuthSession,\n INestAuthAccessKey,\n INestAuthOTP,\n} from './auth';\n\n// MFA (from mfa.ts) — all types\nexport type {\n IVerify2faRequest,\n IVerify2faResponse,\n ISendMfaCodeRequest,\n IToggleMfaRequest,\n IVerifyTotpSetupRequest,\n IMfaDevice,\n IMfaStatusResponse,\n IMfaCodeResponse,\n ITotpSetupResponse,\n INestAuthMFASecret,\n INestAuthTrustedDevice,\n} from './mfa';\n\n// Password — all types\nexport type {\n IForgotPasswordRequest,\n IResetPasswordWithTokenRequest,\n IChangePasswordRequest,\n IVerifyForgotPasswordOtpRequest,\n IVerifyOtpResponse,\n} from './password';\n\n// Verification — all types\nexport type {\n IVerifyEmailRequest,\n IVerifyPhoneRequest,\n IResendVerificationRequest,\n ISendEmailVerificationRequest,\n ISendPhoneVerificationRequest,\n ISessionVerifyResponse,\n} from './verification';\n\n// Passwordless — runtime constant + types\nexport { NEST_AUTH_PASSWORDLESS_PROVIDER } from './passwordless';\nexport type { PasswordlessChannel, IPasswordlessSendRequest } from './passwordless';\n\n// Admin — all types\nexport type {\n IInitializeAdminRequest,\n IInitializeAdminResponse,\n IAdminUser,\n} from './admin';\n\n// Config — runtime enum + types\nexport { TenantModeEnum } from './config';\nexport type {\n IEmailAuthConfig,\n IPhoneAuthConfig,\n IProfileFieldOption,\n IProfileField,\n IRegistrationConfig,\n IMfaConfig,\n ITenantOption,\n ITenantsConfig,\n ISsoProviderConfig,\n ISsoConfig,\n IUiConfig,\n INestAuthTenantOptions,\n} from './config';\n\n// User (from user.ts) — type\nexport type { INestAuthUser } from './user';\n\n// Role & Permission (from role.ts) — all types\nexport type {\n INestAuthRoleTenant,\n INestAuthRole,\n INestAuthPermission,\n ICreateRoleInput,\n IUpdateRoleInput,\n IUpdatePermissionInput,\n IRoleResponse,\n} from './role';\n\n// Tenant (from tenant.ts) — all types\nexport type {\n INestAuthTenant,\n INestAuthUserAccess,\n} from './tenant';\n","/**\n * Auth Types\n * Contains: Login/Signup/Token types + Auth Entities (Session, Identity, AccessKey, OTP)\n */\n\nimport { INestAuthRole } from './role';\nimport type { INestAuthTenant, INestAuthUserAccess } from './tenant';\nimport { INestAuthUser } from './user';\n\n// OTP Type Enum\nexport enum NestAuthOTPTypeEnum {\n PASSWORDLESS_LOGIN = 'passwordless_login',\n MAGIC_LINK_LOGIN = 'magic_link_login',\n PASSWORD_RESET = 'password_reset',\n EMAIL_VERIFICATION = 'email_verification',\n PHONE_VERIFICATION = 'phone_verification',\n MFA = 'mfa',\n}\n\n// MFA Method Enum (Needed for AuthResponse and others)\nexport enum NestAuthMFAMethodEnum {\n EMAIL = 'email',\n SMS = 'sms',\n TOTP = 'totp',\n}\n\n// --- Entity Interfaces ---\n\nexport interface INestAuthIdentity {\n id: string;\n provider: string;\n providerId: string;\n metadata?: Record<string, any>;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthSession {\n id: string;\n userId: string;\n data?: any;\n refreshToken?: string;\n expiresAt?: Date;\n userAgent?: string;\n deviceName?: string;\n ipAddress?: string;\n lastActive?: Date;\n createdAt?: Date;\n updatedAt?: Date;\n}\n\nexport interface INestAuthAccessKey {\n id: string;\n name: string;\n publicKey: string;\n privateKey: string;\n description?: string;\n isActive: boolean;\n expiresAt?: Date;\n lastUsedAt?: Date;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthOTP {\n id: string;\n userId: string;\n code: string;\n type: NestAuthOTPTypeEnum;\n expiresAt: Date;\n createdAt: Date;\n updatedAt: Date;\n}\n\n// --- Request/Response Interfaces ---\n\nexport interface IEmailCredentials {\n email: string;\n password: string;\n}\n\nexport interface IPhoneCredentials {\n phone: string;\n password: string;\n}\n\nexport interface ISocialCredentials {\n token: string;\n}\n\nexport interface IPasswordlessOtpLoginCredentials {\n identifier: string;\n channels?: Array<'email' | 'sms'>;\n code: string;\n}\n\nexport type ILoginCredentials =\n | IEmailCredentials\n | IPhoneCredentials\n | ISocialCredentials\n | IPasswordlessOtpLoginCredentials\n | Record<string, any>;\n\nexport interface ILoginRequest {\n providerName?: 'email' | 'phone' | 'passwordless' | 'google' | 'facebook' | 'apple' | 'github' | string;\n credentials: ILoginCredentials;\n tenantId?: string;\n createUserIfNotExists?: boolean;\n guard?: string;\n}\n\nexport interface ISignupRequest {\n email?: string;\n phone?: string;\n password: string;\n tenantId?: string;\n [key: string]: any;\n}\n\nexport interface IRefreshRequest {\n refreshToken?: string;\n}\n\nexport interface ISwitchTenantRequest {\n tenantId: string;\n}\n\nexport interface ITokenPair {\n accessToken: string;\n refreshToken: string;\n}\n\nexport type ISessionUserData<\n SerializedUser extends Record<string, any> = Record<string, any>\n> = SerializedUser & Pick<INestAuthUser, 'id' | 'email' | 'phone' | 'emailVerifiedAt' | 'phoneVerifiedAt' | 'isMfaEnabled' | 'metadata'> & {\n roles?: Pick<INestAuthRole, 'id' | 'name' | 'guard'>[];\n permissions: string[];\n};\n\n// export interface ISessionUserData<SerializedUser = any> {\n// [key in SerializedUser]: SerializedUser[key];\n// roles ?: INestAuthRole[];\n// permissions: string[];\n// }\n\nexport interface IAuthResponse extends ITokenPair {\n message?: string;\n isRequiresMfa?: boolean;\n mfaMethods?: NestAuthMFAMethodEnum[];\n defaultMfaMethod?: NestAuthMFAMethodEnum;\n}\n\nexport interface IAuthSession {\n id: string;\n userId: string;\n expiresAt: string;\n createdAt: string;\n}\n\nexport interface IMessageResponse {\n message: string;\n}\n\nexport interface IAuthCookieResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IAuthSuccessResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IUserResponse {\n id: string;\n email?: string;\n phone?: string;\n emailVerifiedAt?: Date;\n phoneVerifiedAt?: Date;\n isMfaEnabled?: boolean;\n roles?: string[];\n permissions?: string[];\n metadata?: Record<string, any>;\n tenantId?: string;\n tenants?: INestAuthTenant[];\n}\n\nexport interface ITokensResponse {\n accessToken: string;\n refreshToken: string;\n}\n","/**\n * Passwordless login — OTP (email/SMS) and magic link.\n * Uses `code` in verify requests (same as other verification flows; MFA still uses `otp`).\n */\n\n/**\n * `ILoginRequest.providerName` value for passwordless login (OTP / magic link).\n * Matches the server constant `PASSWORDLESS_AUTH_PROVIDER` in `@ackplus/nest-auth`.\n */\nexport const NEST_AUTH_PASSWORDLESS_PROVIDER = 'passwordless' as const;\n\nexport type PasswordlessChannel = 'email' | 'sms';\n\n/** Request a one-time code for passwordless login (email or SMS). */\nexport interface IPasswordlessSendRequest {\n /** Email address or phone number, depending on `channel`. */\n identifier: string;\n channel: PasswordlessChannel;\n tenantId?: string;\n}\n","/**\n * Config Types\n * Client configuration response types\n */\n\nimport { NestAuthMFAMethodEnum } from './auth';\n\nexport interface IEmailAuthConfig {\n enabled: boolean;\n}\n\nexport interface IPhoneAuthConfig {\n enabled: boolean;\n}\n\nexport interface IProfileFieldOption {\n label: string;\n value: string;\n}\n\nexport interface IProfileField {\n id: string;\n label: string;\n required?: boolean;\n type?: 'text' | 'email' | 'phone' | 'select' | 'checkbox' | 'password';\n placeholder?: string;\n options?: IProfileFieldOption[];\n}\n\nexport interface IRegistrationConfig {\n enabled: boolean;\n requireInvitation?: boolean;\n collectProfileFields?: IProfileField[];\n}\n\nexport interface IMfaConfig {\n enabled: boolean;\n methods?: NestAuthMFAMethodEnum[];\n allowUserToggle?: boolean;\n allowMethodSelection?: boolean;\n}\n\nexport interface ITenantOption {\n id: string;\n name: string;\n slug: string;\n isActive: boolean;\n metadata?: Record<string, any>;\n}\n\n/**\n * Tenant support configuration.\n * - enabled: false → no tenant checks; auth works without tenant (future-safe: entities remain).\n * - enabled: true → multi-tenant is on; tenant is required; mode controls behavior:\n * - ISOLATED: one tenant per user (user belongs to one tenant).\n * - SHARED: user can belong to multiple tenants; active tenant from header/subdomain/JWT/custom.\n */\nexport interface INestAuthTenantOptions {\n /** When false, tenant resolution and validation are disabled. When true, multi-tenant is enabled and tenant is required. Default: false. */\n enabled?: boolean;\n /** When enabled, use ISOLATED (one tenant per user) or SHARED (multiple tenants per user). Default: ISOLATED. */\n mode?: TenantModeEnum;\n}\n\nexport enum TenantModeEnum {\n ISOLATED = 'isolated',\n SHARED = 'shared',\n}\n\nexport interface ITenantsConfig {\n mode: TenantModeEnum;\n options?: ITenantOption[];\n}\n\nexport interface ISsoProviderConfig {\n id: string;\n name: string;\n logoUrl?: string;\n authorizationUrl?: string;\n clientId?: string;\n hint?: string;\n}\n\nexport interface ISsoConfig {\n enabled: boolean;\n providers?: ISsoProviderConfig[];\n}\n\nexport interface IUiConfig {\n brandName?: string;\n brandColor?: string;\n logoUrl?: string;\n backgroundImageUrl?: string;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;ACUO,IAAKA,sBAAAA,0BAAAA,sBAAAA;;;;;;;SAAAA;;AAUL,IAAKC,wBAAAA,0BAAAA,wBAAAA;;;;SAAAA;;;;ACXL,IAAMC,kCAAkC;;;ACuDxC,IAAKC,iBAAAA,0BAAAA,iBAAAA;;;SAAAA;;","names":["NestAuthOTPTypeEnum","NestAuthMFAMethodEnum","NEST_AUTH_PASSWORDLESS_PROVIDER","TenantModeEnum"]}
|
package/dist/index.d.cts
CHANGED
|
@@ -76,17 +76,6 @@ interface IVerify2faResponse {
|
|
|
76
76
|
refreshToken: string;
|
|
77
77
|
message?: string;
|
|
78
78
|
trustToken?: string;
|
|
79
|
-
user?: {
|
|
80
|
-
id: string;
|
|
81
|
-
email?: string;
|
|
82
|
-
phone?: string;
|
|
83
|
-
isVerified?: boolean;
|
|
84
|
-
isMfaEnabled?: boolean;
|
|
85
|
-
roles?: string[];
|
|
86
|
-
permissions?: string[];
|
|
87
|
-
metadata?: Record<string, any>;
|
|
88
|
-
tenantId?: string;
|
|
89
|
-
};
|
|
90
79
|
}
|
|
91
80
|
interface ISendMfaCodeRequest {
|
|
92
81
|
method: NestAuthMFAMethodEnum;
|
|
@@ -136,7 +125,6 @@ interface INestAuthUser {
|
|
|
136
125
|
phone?: string;
|
|
137
126
|
phoneVerifiedAt?: Date;
|
|
138
127
|
passwordHash?: string;
|
|
139
|
-
isVerified: boolean;
|
|
140
128
|
isActive: boolean;
|
|
141
129
|
metadata?: Record<string, any>;
|
|
142
130
|
isMfaEnabled: boolean;
|
|
@@ -230,7 +218,6 @@ interface INestAuthOTP {
|
|
|
230
218
|
code: string;
|
|
231
219
|
type: NestAuthOTPTypeEnum;
|
|
232
220
|
expiresAt: Date;
|
|
233
|
-
used: boolean;
|
|
234
221
|
createdAt: Date;
|
|
235
222
|
updatedAt: Date;
|
|
236
223
|
}
|
|
@@ -275,23 +262,15 @@ interface ITokenPair {
|
|
|
275
262
|
accessToken: string;
|
|
276
263
|
refreshToken: string;
|
|
277
264
|
}
|
|
278
|
-
|
|
279
|
-
id
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
isVerified?: boolean;
|
|
283
|
-
isMfaEnabled?: boolean;
|
|
284
|
-
roles?: string[];
|
|
285
|
-
permissions?: string[];
|
|
286
|
-
metadata?: Record<string, any>;
|
|
287
|
-
userAccesses?: INestAuthUserAccess[];
|
|
288
|
-
}
|
|
265
|
+
type ISessionUserData<SerializedUser extends Record<string, any> = Record<string, any>> = SerializedUser & Pick<INestAuthUser, 'id' | 'email' | 'phone' | 'emailVerifiedAt' | 'phoneVerifiedAt' | 'isMfaEnabled' | 'metadata'> & {
|
|
266
|
+
roles?: Pick<INestAuthRole, 'id' | 'name' | 'guard'>[];
|
|
267
|
+
permissions: string[];
|
|
268
|
+
};
|
|
289
269
|
interface IAuthResponse extends ITokenPair {
|
|
290
270
|
message?: string;
|
|
291
271
|
isRequiresMfa?: boolean;
|
|
292
272
|
mfaMethods?: NestAuthMFAMethodEnum[];
|
|
293
273
|
defaultMfaMethod?: NestAuthMFAMethodEnum;
|
|
294
|
-
user?: IAuthUser;
|
|
295
274
|
}
|
|
296
275
|
interface IAuthSession {
|
|
297
276
|
id: string;
|
|
@@ -314,7 +293,8 @@ interface IUserResponse {
|
|
|
314
293
|
id: string;
|
|
315
294
|
email?: string;
|
|
316
295
|
phone?: string;
|
|
317
|
-
|
|
296
|
+
emailVerifiedAt?: Date;
|
|
297
|
+
phoneVerifiedAt?: Date;
|
|
318
298
|
isMfaEnabled?: boolean;
|
|
319
299
|
roles?: string[];
|
|
320
300
|
permissions?: string[];
|
|
@@ -472,4 +452,4 @@ interface IUiConfig {
|
|
|
472
452
|
backgroundImageUrl?: string;
|
|
473
453
|
}
|
|
474
454
|
|
|
475
|
-
export { type IAdminUser, type IAuthCookieResponse, type IAuthResponse, type IAuthSession, type IAuthSuccessResponse, type
|
|
455
|
+
export { type IAdminUser, type IAuthCookieResponse, type IAuthResponse, type IAuthSession, type IAuthSuccessResponse, type IChangePasswordRequest, type ICreateRoleInput, type IEmailAuthConfig, type IEmailCredentials, type IForgotPasswordRequest, type IInitializeAdminRequest, type IInitializeAdminResponse, type ILoginCredentials, type ILoginRequest, type IMessageResponse, type IMfaCodeResponse, type IMfaConfig, type IMfaDevice, type IMfaStatusResponse, type INestAuthAccessKey, type INestAuthIdentity, type INestAuthMFASecret, type INestAuthOTP, type INestAuthPermission, type INestAuthRole, type INestAuthRoleTenant, type INestAuthSession, type INestAuthTenant, type INestAuthTenantOptions, type INestAuthTrustedDevice, type INestAuthUser, type INestAuthUserAccess, type IPasswordlessOtpLoginCredentials, type IPasswordlessSendRequest, type IPhoneAuthConfig, type IPhoneCredentials, type IProfileField, type IProfileFieldOption, type IRefreshRequest, type IRegistrationConfig, type IResendVerificationRequest, type IResetPasswordWithTokenRequest, type IRoleResponse, type ISendEmailVerificationRequest, type ISendMfaCodeRequest, type ISendPhoneVerificationRequest, type ISessionUserData, type ISessionVerifyResponse, type ISignupRequest, type ISocialCredentials, type ISsoConfig, type ISsoProviderConfig, type ISwitchTenantRequest, type ITenantOption, type ITenantsConfig, type IToggleMfaRequest, type ITokenPair, type ITokensResponse, type ITotpSetupResponse, type IUiConfig, type IUpdatePermissionInput, type IUpdateRoleInput, type IUserResponse, type IVerify2faRequest, type IVerify2faResponse, type IVerifyEmailRequest, type IVerifyForgotPasswordOtpRequest, type IVerifyOtpResponse, type IVerifyPhoneRequest, type IVerifyTotpSetupRequest, NEST_AUTH_PASSWORDLESS_PROVIDER, NestAuthMFAMethodEnum, NestAuthOTPTypeEnum, type PasswordlessChannel, TenantModeEnum };
|
package/dist/index.d.ts
CHANGED
|
@@ -76,17 +76,6 @@ interface IVerify2faResponse {
|
|
|
76
76
|
refreshToken: string;
|
|
77
77
|
message?: string;
|
|
78
78
|
trustToken?: string;
|
|
79
|
-
user?: {
|
|
80
|
-
id: string;
|
|
81
|
-
email?: string;
|
|
82
|
-
phone?: string;
|
|
83
|
-
isVerified?: boolean;
|
|
84
|
-
isMfaEnabled?: boolean;
|
|
85
|
-
roles?: string[];
|
|
86
|
-
permissions?: string[];
|
|
87
|
-
metadata?: Record<string, any>;
|
|
88
|
-
tenantId?: string;
|
|
89
|
-
};
|
|
90
79
|
}
|
|
91
80
|
interface ISendMfaCodeRequest {
|
|
92
81
|
method: NestAuthMFAMethodEnum;
|
|
@@ -136,7 +125,6 @@ interface INestAuthUser {
|
|
|
136
125
|
phone?: string;
|
|
137
126
|
phoneVerifiedAt?: Date;
|
|
138
127
|
passwordHash?: string;
|
|
139
|
-
isVerified: boolean;
|
|
140
128
|
isActive: boolean;
|
|
141
129
|
metadata?: Record<string, any>;
|
|
142
130
|
isMfaEnabled: boolean;
|
|
@@ -230,7 +218,6 @@ interface INestAuthOTP {
|
|
|
230
218
|
code: string;
|
|
231
219
|
type: NestAuthOTPTypeEnum;
|
|
232
220
|
expiresAt: Date;
|
|
233
|
-
used: boolean;
|
|
234
221
|
createdAt: Date;
|
|
235
222
|
updatedAt: Date;
|
|
236
223
|
}
|
|
@@ -275,23 +262,15 @@ interface ITokenPair {
|
|
|
275
262
|
accessToken: string;
|
|
276
263
|
refreshToken: string;
|
|
277
264
|
}
|
|
278
|
-
|
|
279
|
-
id
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
isVerified?: boolean;
|
|
283
|
-
isMfaEnabled?: boolean;
|
|
284
|
-
roles?: string[];
|
|
285
|
-
permissions?: string[];
|
|
286
|
-
metadata?: Record<string, any>;
|
|
287
|
-
userAccesses?: INestAuthUserAccess[];
|
|
288
|
-
}
|
|
265
|
+
type ISessionUserData<SerializedUser extends Record<string, any> = Record<string, any>> = SerializedUser & Pick<INestAuthUser, 'id' | 'email' | 'phone' | 'emailVerifiedAt' | 'phoneVerifiedAt' | 'isMfaEnabled' | 'metadata'> & {
|
|
266
|
+
roles?: Pick<INestAuthRole, 'id' | 'name' | 'guard'>[];
|
|
267
|
+
permissions: string[];
|
|
268
|
+
};
|
|
289
269
|
interface IAuthResponse extends ITokenPair {
|
|
290
270
|
message?: string;
|
|
291
271
|
isRequiresMfa?: boolean;
|
|
292
272
|
mfaMethods?: NestAuthMFAMethodEnum[];
|
|
293
273
|
defaultMfaMethod?: NestAuthMFAMethodEnum;
|
|
294
|
-
user?: IAuthUser;
|
|
295
274
|
}
|
|
296
275
|
interface IAuthSession {
|
|
297
276
|
id: string;
|
|
@@ -314,7 +293,8 @@ interface IUserResponse {
|
|
|
314
293
|
id: string;
|
|
315
294
|
email?: string;
|
|
316
295
|
phone?: string;
|
|
317
|
-
|
|
296
|
+
emailVerifiedAt?: Date;
|
|
297
|
+
phoneVerifiedAt?: Date;
|
|
318
298
|
isMfaEnabled?: boolean;
|
|
319
299
|
roles?: string[];
|
|
320
300
|
permissions?: string[];
|
|
@@ -472,4 +452,4 @@ interface IUiConfig {
|
|
|
472
452
|
backgroundImageUrl?: string;
|
|
473
453
|
}
|
|
474
454
|
|
|
475
|
-
export { type IAdminUser, type IAuthCookieResponse, type IAuthResponse, type IAuthSession, type IAuthSuccessResponse, type
|
|
455
|
+
export { type IAdminUser, type IAuthCookieResponse, type IAuthResponse, type IAuthSession, type IAuthSuccessResponse, type IChangePasswordRequest, type ICreateRoleInput, type IEmailAuthConfig, type IEmailCredentials, type IForgotPasswordRequest, type IInitializeAdminRequest, type IInitializeAdminResponse, type ILoginCredentials, type ILoginRequest, type IMessageResponse, type IMfaCodeResponse, type IMfaConfig, type IMfaDevice, type IMfaStatusResponse, type INestAuthAccessKey, type INestAuthIdentity, type INestAuthMFASecret, type INestAuthOTP, type INestAuthPermission, type INestAuthRole, type INestAuthRoleTenant, type INestAuthSession, type INestAuthTenant, type INestAuthTenantOptions, type INestAuthTrustedDevice, type INestAuthUser, type INestAuthUserAccess, type IPasswordlessOtpLoginCredentials, type IPasswordlessSendRequest, type IPhoneAuthConfig, type IPhoneCredentials, type IProfileField, type IProfileFieldOption, type IRefreshRequest, type IRegistrationConfig, type IResendVerificationRequest, type IResetPasswordWithTokenRequest, type IRoleResponse, type ISendEmailVerificationRequest, type ISendMfaCodeRequest, type ISendPhoneVerificationRequest, type ISessionUserData, type ISessionVerifyResponse, type ISignupRequest, type ISocialCredentials, type ISsoConfig, type ISsoProviderConfig, type ISwitchTenantRequest, type ITenantOption, type ITenantsConfig, type IToggleMfaRequest, type ITokenPair, type ITokensResponse, type ITotpSetupResponse, type IUiConfig, type IUpdatePermissionInput, type IUpdateRoleInput, type IUserResponse, type IVerify2faRequest, type IVerify2faResponse, type IVerifyEmailRequest, type IVerifyForgotPasswordOtpRequest, type IVerifyOtpResponse, type IVerifyPhoneRequest, type IVerifyTotpSetupRequest, NEST_AUTH_PASSWORDLESS_PROVIDER, NestAuthMFAMethodEnum, NestAuthOTPTypeEnum, type PasswordlessChannel, TenantModeEnum };
|
package/dist/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
// src/auth.ts
|
|
2
|
-
var NestAuthOTPTypeEnum = /* @__PURE__ */ ((NestAuthOTPTypeEnum2)
|
|
2
|
+
var NestAuthOTPTypeEnum = /* @__PURE__ */ (function(NestAuthOTPTypeEnum2) {
|
|
3
3
|
NestAuthOTPTypeEnum2["PASSWORDLESS_LOGIN"] = "passwordless_login";
|
|
4
4
|
NestAuthOTPTypeEnum2["MAGIC_LINK_LOGIN"] = "magic_link_login";
|
|
5
5
|
NestAuthOTPTypeEnum2["PASSWORD_RESET"] = "password_reset";
|
|
@@ -7,23 +7,23 @@ var NestAuthOTPTypeEnum = /* @__PURE__ */ ((NestAuthOTPTypeEnum2) => {
|
|
|
7
7
|
NestAuthOTPTypeEnum2["PHONE_VERIFICATION"] = "phone_verification";
|
|
8
8
|
NestAuthOTPTypeEnum2["MFA"] = "mfa";
|
|
9
9
|
return NestAuthOTPTypeEnum2;
|
|
10
|
-
})(
|
|
11
|
-
var NestAuthMFAMethodEnum = /* @__PURE__ */ ((NestAuthMFAMethodEnum2)
|
|
10
|
+
})({});
|
|
11
|
+
var NestAuthMFAMethodEnum = /* @__PURE__ */ (function(NestAuthMFAMethodEnum2) {
|
|
12
12
|
NestAuthMFAMethodEnum2["EMAIL"] = "email";
|
|
13
13
|
NestAuthMFAMethodEnum2["SMS"] = "sms";
|
|
14
14
|
NestAuthMFAMethodEnum2["TOTP"] = "totp";
|
|
15
15
|
return NestAuthMFAMethodEnum2;
|
|
16
|
-
})(
|
|
16
|
+
})({});
|
|
17
17
|
|
|
18
18
|
// src/passwordless.ts
|
|
19
19
|
var NEST_AUTH_PASSWORDLESS_PROVIDER = "passwordless";
|
|
20
20
|
|
|
21
21
|
// src/config.ts
|
|
22
|
-
var TenantModeEnum = /* @__PURE__ */ ((TenantModeEnum2)
|
|
22
|
+
var TenantModeEnum = /* @__PURE__ */ (function(TenantModeEnum2) {
|
|
23
23
|
TenantModeEnum2["ISOLATED"] = "isolated";
|
|
24
24
|
TenantModeEnum2["SHARED"] = "shared";
|
|
25
25
|
return TenantModeEnum2;
|
|
26
|
-
})(
|
|
26
|
+
})({});
|
|
27
27
|
export {
|
|
28
28
|
NEST_AUTH_PASSWORDLESS_PROVIDER,
|
|
29
29
|
NestAuthMFAMethodEnum,
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/auth.ts","../src/passwordless.ts","../src/config.ts"],"sourcesContent":["/**\n * Auth Types\n * Contains: Login/Signup/Token types + Auth Entities (Session, Identity, AccessKey, OTP)\n */\n\nimport type { INestAuthTenant, INestAuthUserAccess } from './tenant';\n\n// OTP Type Enum\nexport enum NestAuthOTPTypeEnum {\n PASSWORDLESS_LOGIN = 'passwordless_login',\n MAGIC_LINK_LOGIN = 'magic_link_login',\n PASSWORD_RESET = 'password_reset',\n EMAIL_VERIFICATION = 'email_verification',\n PHONE_VERIFICATION = 'phone_verification',\n MFA = 'mfa',\n}\n\n// MFA Method Enum (Needed for AuthResponse and others)\nexport enum NestAuthMFAMethodEnum {\n EMAIL = 'email',\n SMS = 'sms',\n TOTP
|
|
1
|
+
{"version":3,"sources":["../src/auth.ts","../src/passwordless.ts","../src/config.ts"],"sourcesContent":["/**\n * Auth Types\n * Contains: Login/Signup/Token types + Auth Entities (Session, Identity, AccessKey, OTP)\n */\n\nimport { INestAuthRole } from './role';\nimport type { INestAuthTenant, INestAuthUserAccess } from './tenant';\nimport { INestAuthUser } from './user';\n\n// OTP Type Enum\nexport enum NestAuthOTPTypeEnum {\n PASSWORDLESS_LOGIN = 'passwordless_login',\n MAGIC_LINK_LOGIN = 'magic_link_login',\n PASSWORD_RESET = 'password_reset',\n EMAIL_VERIFICATION = 'email_verification',\n PHONE_VERIFICATION = 'phone_verification',\n MFA = 'mfa',\n}\n\n// MFA Method Enum (Needed for AuthResponse and others)\nexport enum NestAuthMFAMethodEnum {\n EMAIL = 'email',\n SMS = 'sms',\n TOTP = 'totp',\n}\n\n// --- Entity Interfaces ---\n\nexport interface INestAuthIdentity {\n id: string;\n provider: string;\n providerId: string;\n metadata?: Record<string, any>;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthSession {\n id: string;\n userId: string;\n data?: any;\n refreshToken?: string;\n expiresAt?: Date;\n userAgent?: string;\n deviceName?: string;\n ipAddress?: string;\n lastActive?: Date;\n createdAt?: Date;\n updatedAt?: Date;\n}\n\nexport interface INestAuthAccessKey {\n id: string;\n name: string;\n publicKey: string;\n privateKey: string;\n description?: string;\n isActive: boolean;\n expiresAt?: Date;\n lastUsedAt?: Date;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthOTP {\n id: string;\n userId: string;\n code: string;\n type: NestAuthOTPTypeEnum;\n expiresAt: Date;\n createdAt: Date;\n updatedAt: Date;\n}\n\n// --- Request/Response Interfaces ---\n\nexport interface IEmailCredentials {\n email: string;\n password: string;\n}\n\nexport interface IPhoneCredentials {\n phone: string;\n password: string;\n}\n\nexport interface ISocialCredentials {\n token: string;\n}\n\nexport interface IPasswordlessOtpLoginCredentials {\n identifier: string;\n channels?: Array<'email' | 'sms'>;\n code: string;\n}\n\nexport type ILoginCredentials =\n | IEmailCredentials\n | IPhoneCredentials\n | ISocialCredentials\n | IPasswordlessOtpLoginCredentials\n | Record<string, any>;\n\nexport interface ILoginRequest {\n providerName?: 'email' | 'phone' | 'passwordless' | 'google' | 'facebook' | 'apple' | 'github' | string;\n credentials: ILoginCredentials;\n tenantId?: string;\n createUserIfNotExists?: boolean;\n guard?: string;\n}\n\nexport interface ISignupRequest {\n email?: string;\n phone?: string;\n password: string;\n tenantId?: string;\n [key: string]: any;\n}\n\nexport interface IRefreshRequest {\n refreshToken?: string;\n}\n\nexport interface ISwitchTenantRequest {\n tenantId: string;\n}\n\nexport interface ITokenPair {\n accessToken: string;\n refreshToken: string;\n}\n\nexport type ISessionUserData<\n SerializedUser extends Record<string, any> = Record<string, any>\n> = SerializedUser & Pick<INestAuthUser, 'id' | 'email' | 'phone' | 'emailVerifiedAt' | 'phoneVerifiedAt' | 'isMfaEnabled' | 'metadata'> & {\n roles?: Pick<INestAuthRole, 'id' | 'name' | 'guard'>[];\n permissions: string[];\n};\n\n// export interface ISessionUserData<SerializedUser = any> {\n// [key in SerializedUser]: SerializedUser[key];\n// roles ?: INestAuthRole[];\n// permissions: string[];\n// }\n\nexport interface IAuthResponse extends ITokenPair {\n message?: string;\n isRequiresMfa?: boolean;\n mfaMethods?: NestAuthMFAMethodEnum[];\n defaultMfaMethod?: NestAuthMFAMethodEnum;\n}\n\nexport interface IAuthSession {\n id: string;\n userId: string;\n expiresAt: string;\n createdAt: string;\n}\n\nexport interface IMessageResponse {\n message: string;\n}\n\nexport interface IAuthCookieResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IAuthSuccessResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IUserResponse {\n id: string;\n email?: string;\n phone?: string;\n emailVerifiedAt?: Date;\n phoneVerifiedAt?: Date;\n isMfaEnabled?: boolean;\n roles?: string[];\n permissions?: string[];\n metadata?: Record<string, any>;\n tenantId?: string;\n tenants?: INestAuthTenant[];\n}\n\nexport interface ITokensResponse {\n accessToken: string;\n refreshToken: string;\n}\n","/**\n * Passwordless login — OTP (email/SMS) and magic link.\n * Uses `code` in verify requests (same as other verification flows; MFA still uses `otp`).\n */\n\n/**\n * `ILoginRequest.providerName` value for passwordless login (OTP / magic link).\n * Matches the server constant `PASSWORDLESS_AUTH_PROVIDER` in `@ackplus/nest-auth`.\n */\nexport const NEST_AUTH_PASSWORDLESS_PROVIDER = 'passwordless' as const;\n\nexport type PasswordlessChannel = 'email' | 'sms';\n\n/** Request a one-time code for passwordless login (email or SMS). */\nexport interface IPasswordlessSendRequest {\n /** Email address or phone number, depending on `channel`. */\n identifier: string;\n channel: PasswordlessChannel;\n tenantId?: string;\n}\n","/**\n * Config Types\n * Client configuration response types\n */\n\nimport { NestAuthMFAMethodEnum } from './auth';\n\nexport interface IEmailAuthConfig {\n enabled: boolean;\n}\n\nexport interface IPhoneAuthConfig {\n enabled: boolean;\n}\n\nexport interface IProfileFieldOption {\n label: string;\n value: string;\n}\n\nexport interface IProfileField {\n id: string;\n label: string;\n required?: boolean;\n type?: 'text' | 'email' | 'phone' | 'select' | 'checkbox' | 'password';\n placeholder?: string;\n options?: IProfileFieldOption[];\n}\n\nexport interface IRegistrationConfig {\n enabled: boolean;\n requireInvitation?: boolean;\n collectProfileFields?: IProfileField[];\n}\n\nexport interface IMfaConfig {\n enabled: boolean;\n methods?: NestAuthMFAMethodEnum[];\n allowUserToggle?: boolean;\n allowMethodSelection?: boolean;\n}\n\nexport interface ITenantOption {\n id: string;\n name: string;\n slug: string;\n isActive: boolean;\n metadata?: Record<string, any>;\n}\n\n/**\n * Tenant support configuration.\n * - enabled: false → no tenant checks; auth works without tenant (future-safe: entities remain).\n * - enabled: true → multi-tenant is on; tenant is required; mode controls behavior:\n * - ISOLATED: one tenant per user (user belongs to one tenant).\n * - SHARED: user can belong to multiple tenants; active tenant from header/subdomain/JWT/custom.\n */\nexport interface INestAuthTenantOptions {\n /** When false, tenant resolution and validation are disabled. When true, multi-tenant is enabled and tenant is required. Default: false. */\n enabled?: boolean;\n /** When enabled, use ISOLATED (one tenant per user) or SHARED (multiple tenants per user). Default: ISOLATED. */\n mode?: TenantModeEnum;\n}\n\nexport enum TenantModeEnum {\n ISOLATED = 'isolated',\n SHARED = 'shared',\n}\n\nexport interface ITenantsConfig {\n mode: TenantModeEnum;\n options?: ITenantOption[];\n}\n\nexport interface ISsoProviderConfig {\n id: string;\n name: string;\n logoUrl?: string;\n authorizationUrl?: string;\n clientId?: string;\n hint?: string;\n}\n\nexport interface ISsoConfig {\n enabled: boolean;\n providers?: ISsoProviderConfig[];\n}\n\nexport interface IUiConfig {\n brandName?: string;\n brandColor?: string;\n logoUrl?: string;\n backgroundImageUrl?: string;\n}\n"],"mappings":";AAUO,IAAKA,sBAAAA,0BAAAA,sBAAAA;;;;;;;SAAAA;;AAUL,IAAKC,wBAAAA,0BAAAA,wBAAAA;;;;SAAAA;;;;ACXL,IAAMC,kCAAkC;;;ACuDxC,IAAKC,iBAAAA,0BAAAA,iBAAAA;;;SAAAA;;","names":["NestAuthOTPTypeEnum","NestAuthMFAMethodEnum","NEST_AUTH_PASSWORDLESS_PROVIDER","TenantModeEnum"]}
|