@ackplus/nest-auth-contracts 2.3.0 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts","../src/auth.ts","../src/passwordless.ts","../src/config.ts"],"sourcesContent":["/**\n * @ackplus/nest-auth-contracts — shared types + a few runtime enums.\n *\n * Note: `export {}` is used for RUNTIME values (enums + token constants).\n * `export type {}` is used for INTERFACES + TYPE ALIASES.\n * Mixing them causes \"No matching export\" errors under newer esbuild (≥0.27).\n */\n\n// Runtime values from auth.ts (enums only)\nexport { NestAuthMFAMethodEnum, NestAuthOTPTypeEnum } from './auth';\n\n// Type-only re-exports from auth.ts\nexport type {\n IEmailCredentials,\n IPhoneCredentials,\n ISocialCredentials,\n IPasswordlessOtpLoginCredentials,\n ILoginCredentials,\n ILoginRequest,\n ISignupRequest,\n IRefreshRequest,\n ISwitchTenantRequest,\n ITokenPair,\n IAuthResponse,\n ISessionUserData,\n IAuthSession,\n IMessageResponse,\n IAuthCookieResponse,\n IAuthSuccessResponse,\n IUserResponse,\n ITokensResponse,\n INestAuthIdentity,\n INestAuthSession,\n INestAuthAccessKey,\n INestAuthOTP,\n} from './auth';\n\n// MFA (from mfa.ts) — all types\nexport type {\n IVerify2faRequest,\n IVerify2faResponse,\n ISendMfaCodeRequest,\n IToggleMfaRequest,\n IVerifyTotpSetupRequest,\n IMfaDevice,\n IMfaStatusResponse,\n IMfaCodeResponse,\n ITotpSetupResponse,\n INestAuthMFASecret,\n INestAuthTrustedDevice,\n} from './mfa';\n\n// Password — all types\nexport type {\n IForgotPasswordRequest,\n IResetPasswordWithTokenRequest,\n IChangePasswordRequest,\n IVerifyForgotPasswordOtpRequest,\n IVerifyOtpResponse,\n} from './password';\n\n// Verification — all types\nexport type {\n IVerifyEmailRequest,\n IVerifyPhoneRequest,\n IResendVerificationRequest,\n ISendEmailVerificationRequest,\n ISendPhoneVerificationRequest,\n ISessionVerifyResponse,\n} from './verification';\n\n// Passwordless — runtime constant + types\nexport { NEST_AUTH_PASSWORDLESS_PROVIDER } from './passwordless';\nexport type { PasswordlessChannel, IPasswordlessSendRequest } from './passwordless';\n\n// Admin — all types\nexport type {\n IAdminUser,\n} from './admin';\n\n// Config — runtime enum + types\nexport { TenantModeEnum } from './config';\nexport type {\n IEmailAuthConfig,\n IPhoneAuthConfig,\n IProfileFieldOption,\n IProfileField,\n IRegistrationConfig,\n IMfaConfig,\n ITenantOption,\n ITenantsConfig,\n ISsoProviderConfig,\n ISsoConfig,\n IUiConfig,\n INestAuthTenantOptions,\n} from './config';\n\n// User (from user.ts) — type\nexport type { INestAuthUser } from './user';\n\n// Role & Permission (from role.ts) — all types\nexport type {\n INestAuthRoleTenant,\n INestAuthRole,\n INestAuthPermission,\n ICreateRoleInput,\n IUpdateRoleInput,\n IUpdatePermissionInput,\n IRoleResponse,\n} from './role';\n\n// Tenant (from tenant.ts) — all types\nexport type {\n INestAuthTenant,\n INestAuthUserAccess,\n} from './tenant';\n","/**\n * Auth Types\n * Contains: Login/Signup/Token types + Auth Entities (Session, Identity, AccessKey, OTP)\n */\n\nimport { INestAuthRole } from './role';\nimport type { INestAuthTenant, INestAuthUserAccess } from './tenant';\nimport { INestAuthUser } from './user';\n\n// OTP Type Enum\nexport enum NestAuthOTPTypeEnum {\n PASSWORDLESS_LOGIN = 'passwordless_login',\n MAGIC_LINK_LOGIN = 'magic_link_login',\n PASSWORD_RESET = 'password_reset',\n EMAIL_VERIFICATION = 'email_verification',\n PHONE_VERIFICATION = 'phone_verification',\n MFA = 'mfa',\n}\n\n// MFA Method Enum (Needed for AuthResponse and others)\nexport enum NestAuthMFAMethodEnum {\n EMAIL = 'email',\n SMS = 'sms',\n TOTP = 'totp',\n}\n\n// --- Entity Interfaces ---\n\nexport interface INestAuthIdentity {\n id: string;\n provider: string;\n providerId: string;\n metadata?: Record<string, any>;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthSession {\n id: string;\n userId: string;\n data?: any;\n refreshToken?: string;\n expiresAt?: Date;\n userAgent?: string;\n deviceName?: string;\n ipAddress?: string;\n lastActive?: Date;\n createdAt?: Date;\n updatedAt?: Date;\n}\n\nexport interface INestAuthAccessKey {\n id: string;\n name: string;\n publicKey: string;\n privateKey: string;\n description?: string;\n isActive: boolean;\n expiresAt?: Date;\n lastUsedAt?: Date;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthOTP {\n id: string;\n userId: string;\n code: string;\n type: NestAuthOTPTypeEnum;\n expiresAt: Date;\n createdAt: Date;\n updatedAt: Date;\n}\n\n// --- Request/Response Interfaces ---\n\nexport interface IEmailCredentials {\n email: string;\n password: string;\n}\n\nexport interface IPhoneCredentials {\n phone: string;\n password: string;\n}\n\nexport interface ISocialCredentials {\n token: string;\n}\n\nexport interface IPasswordlessOtpLoginCredentials {\n identifier: string;\n channels?: Array<'email' | 'sms'>;\n code: string;\n}\n\nexport type ILoginCredentials =\n | IEmailCredentials\n | IPhoneCredentials\n | ISocialCredentials\n | IPasswordlessOtpLoginCredentials\n | Record<string, any>;\n\nexport interface ILoginRequest {\n providerName?: 'email' | 'phone' | 'passwordless' | 'google' | 'facebook' | 'apple' | 'github' | string;\n credentials: ILoginCredentials;\n tenantId?: string;\n createUserIfNotExists?: boolean;\n guard?: string;\n}\n\nexport interface ISignupRequest {\n email?: string;\n phone?: string;\n password: string;\n tenantId?: string;\n [key: string]: any;\n}\n\nexport interface IRefreshRequest {\n refreshToken?: string;\n}\n\nexport interface ISwitchTenantRequest {\n tenantId: string;\n}\n\nexport interface ITokenPair {\n accessToken: string;\n refreshToken: string;\n}\n\nexport type ISessionUserData<\n SerializedUser extends Record<string, any> = Record<string, any>\n> = SerializedUser & Pick<INestAuthUser, 'id' | 'email' | 'phone' | 'emailVerifiedAt' | 'phoneVerifiedAt' | 'isMfaEnabled' | 'metadata'> & {\n roles?: Pick<INestAuthRole, 'id' | 'name' | 'guard'>[];\n permissions: string[];\n};\n\n// export interface ISessionUserData<SerializedUser = any> {\n// [key in SerializedUser]: SerializedUser[key];\n// roles ?: INestAuthRole[];\n// permissions: string[];\n// }\n\nexport interface IAuthResponse extends ITokenPair {\n message?: string;\n isRequiresMfa?: boolean;\n mfaMethods?: NestAuthMFAMethodEnum[];\n defaultMfaMethod?: NestAuthMFAMethodEnum;\n}\n\nexport interface IAuthSession {\n id: string;\n userId: string;\n expiresAt: string;\n createdAt: string;\n}\n\nexport interface IMessageResponse {\n message: string;\n}\n\nexport interface IAuthCookieResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IAuthSuccessResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IUserResponse {\n id: string;\n email?: string;\n phone?: string;\n emailVerifiedAt?: Date;\n phoneVerifiedAt?: Date;\n isMfaEnabled?: boolean;\n roles?: string[];\n permissions?: string[];\n metadata?: Record<string, any>;\n tenantId?: string;\n tenants?: INestAuthTenant[];\n}\n\nexport interface ITokensResponse {\n accessToken: string;\n refreshToken: string;\n}\n","/**\n * Passwordless login — OTP (email/SMS) and magic link.\n * Uses `code` in verify requests (same as other verification flows; MFA still uses `otp`).\n */\n\n/**\n * `ILoginRequest.providerName` value for passwordless login (OTP / magic link).\n * Matches the server constant `PASSWORDLESS_AUTH_PROVIDER` in `@ackplus/nest-auth`.\n */\nexport const NEST_AUTH_PASSWORDLESS_PROVIDER = 'passwordless' as const;\n\nexport type PasswordlessChannel = 'email' | 'sms';\n\n/** Request a one-time code for passwordless login (email or SMS). */\nexport interface IPasswordlessSendRequest {\n /** Email address or phone number, depending on `channel`. */\n identifier: string;\n channel: PasswordlessChannel;\n tenantId?: string;\n}\n","/**\n * Config Types\n * Client configuration response types\n */\n\nimport { NestAuthMFAMethodEnum } from './auth';\n\nexport interface IEmailAuthConfig {\n enabled: boolean;\n}\n\nexport interface IPhoneAuthConfig {\n enabled: boolean;\n}\n\nexport interface IProfileFieldOption {\n label: string;\n value: string;\n}\n\nexport interface IProfileField {\n id: string;\n label: string;\n required?: boolean;\n type?: 'text' | 'email' | 'phone' | 'select' | 'checkbox' | 'password';\n placeholder?: string;\n options?: IProfileFieldOption[];\n}\n\nexport interface IRegistrationConfig {\n enabled: boolean;\n requireInvitation?: boolean;\n collectProfileFields?: IProfileField[];\n}\n\nexport interface IMfaConfig {\n enabled: boolean;\n methods?: NestAuthMFAMethodEnum[];\n allowUserToggle?: boolean;\n allowMethodSelection?: boolean;\n}\n\nexport interface ITenantOption {\n id: string;\n name: string;\n slug: string;\n isActive: boolean;\n metadata?: Record<string, any>;\n}\n\n/**\n * Tenant support configuration.\n * - enabled: false → no tenant checks; auth works without tenant (future-safe: entities remain).\n * - enabled: true → multi-tenant is on; tenant is required; mode controls behavior:\n * - ISOLATED: one tenant per user (user belongs to one tenant).\n * - SHARED: user can belong to multiple tenants; active tenant from header/subdomain/JWT/custom.\n */\nexport interface INestAuthTenantOptions {\n /** When false, tenant resolution and validation are disabled. When true, multi-tenant is enabled and tenant is required. Default: false. */\n enabled?: boolean;\n /** When enabled, use ISOLATED (one tenant per user) or SHARED (multiple tenants per user). Default: ISOLATED. */\n mode?: TenantModeEnum;\n}\n\nexport enum TenantModeEnum {\n ISOLATED = 'isolated',\n SHARED = 'shared',\n}\n\nexport interface ITenantsConfig {\n mode: TenantModeEnum;\n options?: ITenantOption[];\n}\n\nexport interface ISsoProviderConfig {\n id: string;\n name: string;\n logoUrl?: string;\n authorizationUrl?: string;\n clientId?: string;\n hint?: string;\n}\n\nexport interface ISsoConfig {\n enabled: boolean;\n providers?: ISsoProviderConfig[];\n}\n\nexport interface IUiConfig {\n brandName?: string;\n brandColor?: string;\n logoUrl?: string;\n backgroundImageUrl?: string;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;ACUO,IAAKA,sBAAAA,0BAAAA,sBAAAA;;;;;;;SAAAA;;AAUL,IAAKC,wBAAAA,0BAAAA,wBAAAA;;;;SAAAA;;;;ACXL,IAAMC,kCAAkC;;;ACuDxC,IAAKC,iBAAAA,0BAAAA,iBAAAA;;;SAAAA;;","names":["NestAuthOTPTypeEnum","NestAuthMFAMethodEnum","NEST_AUTH_PASSWORDLESS_PROVIDER","TenantModeEnum"]}
|
|
1
|
+
{"version":3,"sources":["../src/index.ts","../src/auth.ts","../src/passwordless.ts","../src/config.ts"],"sourcesContent":["/**\n * @ackplus/nest-auth-contracts — shared types + a few runtime enums.\n *\n * Note: `export {}` is used for RUNTIME values (enums + token constants).\n * `export type {}` is used for INTERFACES + TYPE ALIASES.\n * Mixing them causes \"No matching export\" errors under newer esbuild (≥0.27).\n */\n\n// Runtime values from auth.ts (enums only)\nexport { NestAuthMFAMethodEnum, NestAuthOTPTypeEnum } from './auth';\n\n// Type-only re-exports from auth.ts\nexport type {\n IEmailCredentials,\n IPhoneCredentials,\n ISocialCredentials,\n IPasswordlessOtpLoginCredentials,\n ILoginCredentials,\n ILoginRequest,\n ISignupRequest,\n IRefreshRequest,\n ISwitchTenantRequest,\n ITokenPair,\n IAuthResponse,\n ISessionUserData,\n IAuthSession,\n IMessageResponse,\n IAuthCookieResponse,\n IAuthSuccessResponse,\n IUserResponse,\n ITokensResponse,\n INestAuthIdentity,\n INestAuthSession,\n INestAuthAccessKey,\n INestAuthOTP,\n} from './auth';\n\n// MFA (from mfa.ts) — all types\nexport type {\n IVerify2faRequest,\n IVerify2faResponse,\n ISendMfaCodeRequest,\n IToggleMfaRequest,\n IVerifyTotpSetupRequest,\n IMfaDevice,\n IMfaStatusResponse,\n IMfaCodeResponse,\n ITotpSetupResponse,\n INestAuthMFASecret,\n INestAuthTrustedDevice,\n} from './mfa';\n\n// Password — all types\nexport type {\n IForgotPasswordRequest,\n IResetPasswordWithTokenRequest,\n IChangePasswordRequest,\n IVerifyForgotPasswordOtpRequest,\n IVerifyOtpResponse,\n} from './password';\n\n// Verification — all types\nexport type {\n IVerifyEmailRequest,\n IVerifyPhoneRequest,\n IResendVerificationRequest,\n ISendEmailVerificationRequest,\n ISendPhoneVerificationRequest,\n ISessionVerifyResponse,\n} from './verification';\n\n// Passwordless — runtime constant + types\nexport { NEST_AUTH_PASSWORDLESS_PROVIDER } from './passwordless';\nexport type { PasswordlessChannel, IPasswordlessSendRequest } from './passwordless';\n\n// Admin — all types\nexport type {\n IAdminUser,\n} from './admin';\n\n// Config — runtime enum + types\nexport { TenantModeEnum } from './config';\nexport type {\n IEmailAuthConfig,\n IPhoneAuthConfig,\n IProfileFieldOption,\n IProfileField,\n IRegistrationConfig,\n IMfaConfig,\n ITenantOption,\n ITenantsConfig,\n ISsoProviderConfig,\n ISsoConfig,\n IUiConfig,\n INestAuthTenantOptions,\n} from './config';\n\n// User (from user.ts) — type\nexport type { INestAuthUser } from './user';\n\n// Role & Permission (from role.ts) — all types\nexport type {\n INestAuthRoleTenant,\n INestAuthRole,\n INestAuthPermission,\n ICreateRoleInput,\n IUpdateRoleInput,\n IUpdatePermissionInput,\n IRoleResponse,\n} from './role';\n\n// Tenant (from tenant.ts) — all types\nexport type {\n INestAuthTenant,\n INestAuthUserAccess,\n} from './tenant';\n","/**\n * Auth Types\n * Contains: Login/Signup/Token types + Auth Entities (Session, Identity, AccessKey, OTP)\n */\n\nimport { INestAuthRole } from './role';\nimport type { INestAuthTenant, INestAuthUserAccess } from './tenant';\nimport { INestAuthUser } from './user';\n\n// OTP Type Enum\nexport enum NestAuthOTPTypeEnum {\n PASSWORDLESS_LOGIN = 'passwordless_login',\n MAGIC_LINK_LOGIN = 'magic_link_login',\n PASSWORD_RESET = 'password_reset',\n EMAIL_VERIFICATION = 'email_verification',\n PHONE_VERIFICATION = 'phone_verification',\n MFA = 'mfa',\n}\n\n// MFA Method Enum (Needed for AuthResponse and others)\nexport enum NestAuthMFAMethodEnum {\n EMAIL = 'email',\n SMS = 'sms',\n TOTP = 'totp',\n}\n\n// --- Entity Interfaces ---\n\nexport interface INestAuthIdentity {\n id: string;\n provider: string;\n providerId: string;\n metadata?: Record<string, any>;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthSession {\n id: string;\n userId: string;\n data?: any;\n refreshToken?: string;\n expiresAt?: Date;\n userAgent?: string;\n deviceName?: string;\n ipAddress?: string;\n lastActive?: Date;\n createdAt?: Date;\n updatedAt?: Date;\n}\n\nexport interface INestAuthAccessKey {\n id: string;\n name: string;\n publicKey: string;\n privateKey: string;\n description?: string;\n isActive: boolean;\n expiresAt?: Date;\n lastUsedAt?: Date;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthOTP {\n id: string;\n userId: string;\n code: string;\n type: NestAuthOTPTypeEnum;\n expiresAt: Date;\n createdAt: Date;\n updatedAt: Date;\n}\n\n// --- Request/Response Interfaces ---\n\nexport interface IEmailCredentials {\n email: string;\n password: string;\n}\n\nexport interface IPhoneCredentials {\n phone: string;\n password: string;\n}\n\nexport interface ISocialCredentials {\n token: string;\n}\n\nexport interface IPasswordlessOtpLoginCredentials {\n identifier: string;\n channels?: Array<'email' | 'sms'>;\n code: string;\n}\n\nexport type ILoginCredentials =\n | IEmailCredentials\n | IPhoneCredentials\n | ISocialCredentials\n | IPasswordlessOtpLoginCredentials\n | Record<string, any>;\n\nexport interface ILoginRequest {\n providerName?: 'email' | 'phone' | 'passwordless' | 'google' | 'facebook' | 'apple' | 'github' | string;\n credentials: ILoginCredentials;\n tenantId?: string;\n createUserIfNotExists?: boolean;\n guard?: string;\n /**\n * \"Remember me\". In cookie mode, `false` issues session cookies that clear\n * when the browser closes (good for shared devices); default keeps the\n * persistent cookies. Sticky across token refresh.\n */\n rememberMe?: boolean;\n}\n\nexport interface ISignupRequest {\n email?: string;\n phone?: string;\n password: string;\n tenantId?: string;\n [key: string]: any;\n}\n\nexport interface IRefreshRequest {\n refreshToken?: string;\n}\n\nexport interface ISwitchTenantRequest {\n tenantId: string;\n}\n\nexport interface ITokenPair {\n accessToken: string;\n refreshToken: string;\n}\n\nexport type ISessionUserData<\n SerializedUser extends Record<string, any> = Record<string, any>\n> = SerializedUser & Pick<INestAuthUser, 'id' | 'email' | 'phone' | 'emailVerifiedAt' | 'phoneVerifiedAt' | 'isMfaEnabled' | 'metadata'> & {\n roles?: Pick<INestAuthRole, 'id' | 'name' | 'guard'>[];\n permissions: string[];\n};\n\n// export interface ISessionUserData<SerializedUser = any> {\n// [key in SerializedUser]: SerializedUser[key];\n// roles ?: INestAuthRole[];\n// permissions: string[];\n// }\n\nexport interface IAuthResponse extends ITokenPair {\n message?: string;\n isRequiresMfa?: boolean;\n mfaMethods?: NestAuthMFAMethodEnum[];\n defaultMfaMethod?: NestAuthMFAMethodEnum;\n}\n\nexport interface IAuthSession {\n id: string;\n userId: string;\n expiresAt: string;\n createdAt: string;\n}\n\nexport interface IMessageResponse {\n message: string;\n}\n\nexport interface IAuthCookieResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IAuthSuccessResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IUserResponse {\n id: string;\n email?: string;\n phone?: string;\n emailVerifiedAt?: Date;\n phoneVerifiedAt?: Date;\n isMfaEnabled?: boolean;\n roles?: string[];\n permissions?: string[];\n metadata?: Record<string, any>;\n tenantId?: string;\n tenants?: INestAuthTenant[];\n}\n\nexport interface ITokensResponse {\n accessToken: string;\n refreshToken: string;\n}\n","/**\n * Passwordless login — OTP (email/SMS) and magic link.\n * Uses `code` in verify requests (same as other verification flows; MFA still uses `otp`).\n */\n\n/**\n * `ILoginRequest.providerName` value for passwordless login (OTP / magic link).\n * Matches the server constant `PASSWORDLESS_AUTH_PROVIDER` in `@ackplus/nest-auth`.\n */\nexport const NEST_AUTH_PASSWORDLESS_PROVIDER = 'passwordless' as const;\n\nexport type PasswordlessChannel = 'email' | 'sms';\n\n/** Request a one-time code for passwordless login (email or SMS). */\nexport interface IPasswordlessSendRequest {\n /** Email address or phone number, depending on `channel`. */\n identifier: string;\n channel: PasswordlessChannel;\n tenantId?: string;\n}\n","/**\n * Config Types\n * Client configuration response types\n */\n\nimport { NestAuthMFAMethodEnum } from './auth';\n\nexport interface IEmailAuthConfig {\n enabled: boolean;\n}\n\nexport interface IPhoneAuthConfig {\n enabled: boolean;\n}\n\nexport interface IProfileFieldOption {\n label: string;\n value: string;\n}\n\nexport interface IProfileField {\n id: string;\n label: string;\n required?: boolean;\n type?: 'text' | 'email' | 'phone' | 'select' | 'checkbox' | 'password';\n placeholder?: string;\n options?: IProfileFieldOption[];\n}\n\nexport interface IRegistrationConfig {\n enabled: boolean;\n requireInvitation?: boolean;\n collectProfileFields?: IProfileField[];\n}\n\nexport interface IMfaConfig {\n enabled: boolean;\n methods?: NestAuthMFAMethodEnum[];\n allowUserToggle?: boolean;\n allowMethodSelection?: boolean;\n}\n\nexport interface ITenantOption {\n id: string;\n name: string;\n slug: string;\n isActive: boolean;\n metadata?: Record<string, any>;\n}\n\n/**\n * Tenant support configuration.\n * - enabled: false → no tenant checks; auth works without tenant (future-safe: entities remain).\n * - enabled: true → multi-tenant is on; tenant is required; mode controls behavior:\n * - ISOLATED: one tenant per user (user belongs to one tenant).\n * - SHARED: user can belong to multiple tenants; active tenant from header/subdomain/JWT/custom.\n */\nexport interface INestAuthTenantOptions {\n /** When false, tenant resolution and validation are disabled. When true, multi-tenant is enabled and tenant is required. Default: false. */\n enabled?: boolean;\n /** When enabled, use ISOLATED (one tenant per user) or SHARED (multiple tenants per user). Default: ISOLATED. */\n mode?: TenantModeEnum;\n}\n\nexport enum TenantModeEnum {\n ISOLATED = 'isolated',\n SHARED = 'shared',\n}\n\nexport interface ITenantsConfig {\n mode: TenantModeEnum;\n options?: ITenantOption[];\n}\n\nexport interface ISsoProviderConfig {\n id: string;\n name: string;\n logoUrl?: string;\n authorizationUrl?: string;\n clientId?: string;\n hint?: string;\n}\n\nexport interface ISsoConfig {\n enabled: boolean;\n providers?: ISsoProviderConfig[];\n}\n\nexport interface IUiConfig {\n brandName?: string;\n brandColor?: string;\n logoUrl?: string;\n backgroundImageUrl?: string;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;ACUO,IAAKA,sBAAAA,0BAAAA,sBAAAA;;;;;;;SAAAA;;AAUL,IAAKC,wBAAAA,0BAAAA,wBAAAA;;;;SAAAA;;;;ACXL,IAAMC,kCAAkC;;;ACuDxC,IAAKC,iBAAAA,0BAAAA,iBAAAA;;;SAAAA;;","names":["NestAuthOTPTypeEnum","NestAuthMFAMethodEnum","NEST_AUTH_PASSWORDLESS_PROVIDER","TenantModeEnum"]}
|
package/dist/index.d.cts
CHANGED
package/dist/index.d.ts
CHANGED
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/auth.ts","../src/passwordless.ts","../src/config.ts"],"sourcesContent":["/**\n * Auth Types\n * Contains: Login/Signup/Token types + Auth Entities (Session, Identity, AccessKey, OTP)\n */\n\nimport { INestAuthRole } from './role';\nimport type { INestAuthTenant, INestAuthUserAccess } from './tenant';\nimport { INestAuthUser } from './user';\n\n// OTP Type Enum\nexport enum NestAuthOTPTypeEnum {\n PASSWORDLESS_LOGIN = 'passwordless_login',\n MAGIC_LINK_LOGIN = 'magic_link_login',\n PASSWORD_RESET = 'password_reset',\n EMAIL_VERIFICATION = 'email_verification',\n PHONE_VERIFICATION = 'phone_verification',\n MFA = 'mfa',\n}\n\n// MFA Method Enum (Needed for AuthResponse and others)\nexport enum NestAuthMFAMethodEnum {\n EMAIL = 'email',\n SMS = 'sms',\n TOTP = 'totp',\n}\n\n// --- Entity Interfaces ---\n\nexport interface INestAuthIdentity {\n id: string;\n provider: string;\n providerId: string;\n metadata?: Record<string, any>;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthSession {\n id: string;\n userId: string;\n data?: any;\n refreshToken?: string;\n expiresAt?: Date;\n userAgent?: string;\n deviceName?: string;\n ipAddress?: string;\n lastActive?: Date;\n createdAt?: Date;\n updatedAt?: Date;\n}\n\nexport interface INestAuthAccessKey {\n id: string;\n name: string;\n publicKey: string;\n privateKey: string;\n description?: string;\n isActive: boolean;\n expiresAt?: Date;\n lastUsedAt?: Date;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthOTP {\n id: string;\n userId: string;\n code: string;\n type: NestAuthOTPTypeEnum;\n expiresAt: Date;\n createdAt: Date;\n updatedAt: Date;\n}\n\n// --- Request/Response Interfaces ---\n\nexport interface IEmailCredentials {\n email: string;\n password: string;\n}\n\nexport interface IPhoneCredentials {\n phone: string;\n password: string;\n}\n\nexport interface ISocialCredentials {\n token: string;\n}\n\nexport interface IPasswordlessOtpLoginCredentials {\n identifier: string;\n channels?: Array<'email' | 'sms'>;\n code: string;\n}\n\nexport type ILoginCredentials =\n | IEmailCredentials\n | IPhoneCredentials\n | ISocialCredentials\n | IPasswordlessOtpLoginCredentials\n | Record<string, any>;\n\nexport interface ILoginRequest {\n providerName?: 'email' | 'phone' | 'passwordless' | 'google' | 'facebook' | 'apple' | 'github' | string;\n credentials: ILoginCredentials;\n tenantId?: string;\n createUserIfNotExists?: boolean;\n guard?: string;\n}\n\nexport interface ISignupRequest {\n email?: string;\n phone?: string;\n password: string;\n tenantId?: string;\n [key: string]: any;\n}\n\nexport interface IRefreshRequest {\n refreshToken?: string;\n}\n\nexport interface ISwitchTenantRequest {\n tenantId: string;\n}\n\nexport interface ITokenPair {\n accessToken: string;\n refreshToken: string;\n}\n\nexport type ISessionUserData<\n SerializedUser extends Record<string, any> = Record<string, any>\n> = SerializedUser & Pick<INestAuthUser, 'id' | 'email' | 'phone' | 'emailVerifiedAt' | 'phoneVerifiedAt' | 'isMfaEnabled' | 'metadata'> & {\n roles?: Pick<INestAuthRole, 'id' | 'name' | 'guard'>[];\n permissions: string[];\n};\n\n// export interface ISessionUserData<SerializedUser = any> {\n// [key in SerializedUser]: SerializedUser[key];\n// roles ?: INestAuthRole[];\n// permissions: string[];\n// }\n\nexport interface IAuthResponse extends ITokenPair {\n message?: string;\n isRequiresMfa?: boolean;\n mfaMethods?: NestAuthMFAMethodEnum[];\n defaultMfaMethod?: NestAuthMFAMethodEnum;\n}\n\nexport interface IAuthSession {\n id: string;\n userId: string;\n expiresAt: string;\n createdAt: string;\n}\n\nexport interface IMessageResponse {\n message: string;\n}\n\nexport interface IAuthCookieResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IAuthSuccessResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IUserResponse {\n id: string;\n email?: string;\n phone?: string;\n emailVerifiedAt?: Date;\n phoneVerifiedAt?: Date;\n isMfaEnabled?: boolean;\n roles?: string[];\n permissions?: string[];\n metadata?: Record<string, any>;\n tenantId?: string;\n tenants?: INestAuthTenant[];\n}\n\nexport interface ITokensResponse {\n accessToken: string;\n refreshToken: string;\n}\n","/**\n * Passwordless login — OTP (email/SMS) and magic link.\n * Uses `code` in verify requests (same as other verification flows; MFA still uses `otp`).\n */\n\n/**\n * `ILoginRequest.providerName` value for passwordless login (OTP / magic link).\n * Matches the server constant `PASSWORDLESS_AUTH_PROVIDER` in `@ackplus/nest-auth`.\n */\nexport const NEST_AUTH_PASSWORDLESS_PROVIDER = 'passwordless' as const;\n\nexport type PasswordlessChannel = 'email' | 'sms';\n\n/** Request a one-time code for passwordless login (email or SMS). */\nexport interface IPasswordlessSendRequest {\n /** Email address or phone number, depending on `channel`. */\n identifier: string;\n channel: PasswordlessChannel;\n tenantId?: string;\n}\n","/**\n * Config Types\n * Client configuration response types\n */\n\nimport { NestAuthMFAMethodEnum } from './auth';\n\nexport interface IEmailAuthConfig {\n enabled: boolean;\n}\n\nexport interface IPhoneAuthConfig {\n enabled: boolean;\n}\n\nexport interface IProfileFieldOption {\n label: string;\n value: string;\n}\n\nexport interface IProfileField {\n id: string;\n label: string;\n required?: boolean;\n type?: 'text' | 'email' | 'phone' | 'select' | 'checkbox' | 'password';\n placeholder?: string;\n options?: IProfileFieldOption[];\n}\n\nexport interface IRegistrationConfig {\n enabled: boolean;\n requireInvitation?: boolean;\n collectProfileFields?: IProfileField[];\n}\n\nexport interface IMfaConfig {\n enabled: boolean;\n methods?: NestAuthMFAMethodEnum[];\n allowUserToggle?: boolean;\n allowMethodSelection?: boolean;\n}\n\nexport interface ITenantOption {\n id: string;\n name: string;\n slug: string;\n isActive: boolean;\n metadata?: Record<string, any>;\n}\n\n/**\n * Tenant support configuration.\n * - enabled: false → no tenant checks; auth works without tenant (future-safe: entities remain).\n * - enabled: true → multi-tenant is on; tenant is required; mode controls behavior:\n * - ISOLATED: one tenant per user (user belongs to one tenant).\n * - SHARED: user can belong to multiple tenants; active tenant from header/subdomain/JWT/custom.\n */\nexport interface INestAuthTenantOptions {\n /** When false, tenant resolution and validation are disabled. When true, multi-tenant is enabled and tenant is required. Default: false. */\n enabled?: boolean;\n /** When enabled, use ISOLATED (one tenant per user) or SHARED (multiple tenants per user). Default: ISOLATED. */\n mode?: TenantModeEnum;\n}\n\nexport enum TenantModeEnum {\n ISOLATED = 'isolated',\n SHARED = 'shared',\n}\n\nexport interface ITenantsConfig {\n mode: TenantModeEnum;\n options?: ITenantOption[];\n}\n\nexport interface ISsoProviderConfig {\n id: string;\n name: string;\n logoUrl?: string;\n authorizationUrl?: string;\n clientId?: string;\n hint?: string;\n}\n\nexport interface ISsoConfig {\n enabled: boolean;\n providers?: ISsoProviderConfig[];\n}\n\nexport interface IUiConfig {\n brandName?: string;\n brandColor?: string;\n logoUrl?: string;\n backgroundImageUrl?: string;\n}\n"],"mappings":";AAUO,IAAKA,sBAAAA,0BAAAA,sBAAAA;;;;;;;SAAAA;;AAUL,IAAKC,wBAAAA,0BAAAA,wBAAAA;;;;SAAAA;;;;ACXL,IAAMC,kCAAkC;;;ACuDxC,IAAKC,iBAAAA,0BAAAA,iBAAAA;;;SAAAA;;","names":["NestAuthOTPTypeEnum","NestAuthMFAMethodEnum","NEST_AUTH_PASSWORDLESS_PROVIDER","TenantModeEnum"]}
|
|
1
|
+
{"version":3,"sources":["../src/auth.ts","../src/passwordless.ts","../src/config.ts"],"sourcesContent":["/**\n * Auth Types\n * Contains: Login/Signup/Token types + Auth Entities (Session, Identity, AccessKey, OTP)\n */\n\nimport { INestAuthRole } from './role';\nimport type { INestAuthTenant, INestAuthUserAccess } from './tenant';\nimport { INestAuthUser } from './user';\n\n// OTP Type Enum\nexport enum NestAuthOTPTypeEnum {\n PASSWORDLESS_LOGIN = 'passwordless_login',\n MAGIC_LINK_LOGIN = 'magic_link_login',\n PASSWORD_RESET = 'password_reset',\n EMAIL_VERIFICATION = 'email_verification',\n PHONE_VERIFICATION = 'phone_verification',\n MFA = 'mfa',\n}\n\n// MFA Method Enum (Needed for AuthResponse and others)\nexport enum NestAuthMFAMethodEnum {\n EMAIL = 'email',\n SMS = 'sms',\n TOTP = 'totp',\n}\n\n// --- Entity Interfaces ---\n\nexport interface INestAuthIdentity {\n id: string;\n provider: string;\n providerId: string;\n metadata?: Record<string, any>;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthSession {\n id: string;\n userId: string;\n data?: any;\n refreshToken?: string;\n expiresAt?: Date;\n userAgent?: string;\n deviceName?: string;\n ipAddress?: string;\n lastActive?: Date;\n createdAt?: Date;\n updatedAt?: Date;\n}\n\nexport interface INestAuthAccessKey {\n id: string;\n name: string;\n publicKey: string;\n privateKey: string;\n description?: string;\n isActive: boolean;\n expiresAt?: Date;\n lastUsedAt?: Date;\n userId: string;\n createdAt: Date;\n updatedAt: Date;\n}\n\nexport interface INestAuthOTP {\n id: string;\n userId: string;\n code: string;\n type: NestAuthOTPTypeEnum;\n expiresAt: Date;\n createdAt: Date;\n updatedAt: Date;\n}\n\n// --- Request/Response Interfaces ---\n\nexport interface IEmailCredentials {\n email: string;\n password: string;\n}\n\nexport interface IPhoneCredentials {\n phone: string;\n password: string;\n}\n\nexport interface ISocialCredentials {\n token: string;\n}\n\nexport interface IPasswordlessOtpLoginCredentials {\n identifier: string;\n channels?: Array<'email' | 'sms'>;\n code: string;\n}\n\nexport type ILoginCredentials =\n | IEmailCredentials\n | IPhoneCredentials\n | ISocialCredentials\n | IPasswordlessOtpLoginCredentials\n | Record<string, any>;\n\nexport interface ILoginRequest {\n providerName?: 'email' | 'phone' | 'passwordless' | 'google' | 'facebook' | 'apple' | 'github' | string;\n credentials: ILoginCredentials;\n tenantId?: string;\n createUserIfNotExists?: boolean;\n guard?: string;\n /**\n * \"Remember me\". In cookie mode, `false` issues session cookies that clear\n * when the browser closes (good for shared devices); default keeps the\n * persistent cookies. Sticky across token refresh.\n */\n rememberMe?: boolean;\n}\n\nexport interface ISignupRequest {\n email?: string;\n phone?: string;\n password: string;\n tenantId?: string;\n [key: string]: any;\n}\n\nexport interface IRefreshRequest {\n refreshToken?: string;\n}\n\nexport interface ISwitchTenantRequest {\n tenantId: string;\n}\n\nexport interface ITokenPair {\n accessToken: string;\n refreshToken: string;\n}\n\nexport type ISessionUserData<\n SerializedUser extends Record<string, any> = Record<string, any>\n> = SerializedUser & Pick<INestAuthUser, 'id' | 'email' | 'phone' | 'emailVerifiedAt' | 'phoneVerifiedAt' | 'isMfaEnabled' | 'metadata'> & {\n roles?: Pick<INestAuthRole, 'id' | 'name' | 'guard'>[];\n permissions: string[];\n};\n\n// export interface ISessionUserData<SerializedUser = any> {\n// [key in SerializedUser]: SerializedUser[key];\n// roles ?: INestAuthRole[];\n// permissions: string[];\n// }\n\nexport interface IAuthResponse extends ITokenPair {\n message?: string;\n isRequiresMfa?: boolean;\n mfaMethods?: NestAuthMFAMethodEnum[];\n defaultMfaMethod?: NestAuthMFAMethodEnum;\n}\n\nexport interface IAuthSession {\n id: string;\n userId: string;\n expiresAt: string;\n createdAt: string;\n}\n\nexport interface IMessageResponse {\n message: string;\n}\n\nexport interface IAuthCookieResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IAuthSuccessResponse {\n message: string;\n isRequiresMfa?: boolean;\n}\n\nexport interface IUserResponse {\n id: string;\n email?: string;\n phone?: string;\n emailVerifiedAt?: Date;\n phoneVerifiedAt?: Date;\n isMfaEnabled?: boolean;\n roles?: string[];\n permissions?: string[];\n metadata?: Record<string, any>;\n tenantId?: string;\n tenants?: INestAuthTenant[];\n}\n\nexport interface ITokensResponse {\n accessToken: string;\n refreshToken: string;\n}\n","/**\n * Passwordless login — OTP (email/SMS) and magic link.\n * Uses `code` in verify requests (same as other verification flows; MFA still uses `otp`).\n */\n\n/**\n * `ILoginRequest.providerName` value for passwordless login (OTP / magic link).\n * Matches the server constant `PASSWORDLESS_AUTH_PROVIDER` in `@ackplus/nest-auth`.\n */\nexport const NEST_AUTH_PASSWORDLESS_PROVIDER = 'passwordless' as const;\n\nexport type PasswordlessChannel = 'email' | 'sms';\n\n/** Request a one-time code for passwordless login (email or SMS). */\nexport interface IPasswordlessSendRequest {\n /** Email address or phone number, depending on `channel`. */\n identifier: string;\n channel: PasswordlessChannel;\n tenantId?: string;\n}\n","/**\n * Config Types\n * Client configuration response types\n */\n\nimport { NestAuthMFAMethodEnum } from './auth';\n\nexport interface IEmailAuthConfig {\n enabled: boolean;\n}\n\nexport interface IPhoneAuthConfig {\n enabled: boolean;\n}\n\nexport interface IProfileFieldOption {\n label: string;\n value: string;\n}\n\nexport interface IProfileField {\n id: string;\n label: string;\n required?: boolean;\n type?: 'text' | 'email' | 'phone' | 'select' | 'checkbox' | 'password';\n placeholder?: string;\n options?: IProfileFieldOption[];\n}\n\nexport interface IRegistrationConfig {\n enabled: boolean;\n requireInvitation?: boolean;\n collectProfileFields?: IProfileField[];\n}\n\nexport interface IMfaConfig {\n enabled: boolean;\n methods?: NestAuthMFAMethodEnum[];\n allowUserToggle?: boolean;\n allowMethodSelection?: boolean;\n}\n\nexport interface ITenantOption {\n id: string;\n name: string;\n slug: string;\n isActive: boolean;\n metadata?: Record<string, any>;\n}\n\n/**\n * Tenant support configuration.\n * - enabled: false → no tenant checks; auth works without tenant (future-safe: entities remain).\n * - enabled: true → multi-tenant is on; tenant is required; mode controls behavior:\n * - ISOLATED: one tenant per user (user belongs to one tenant).\n * - SHARED: user can belong to multiple tenants; active tenant from header/subdomain/JWT/custom.\n */\nexport interface INestAuthTenantOptions {\n /** When false, tenant resolution and validation are disabled. When true, multi-tenant is enabled and tenant is required. Default: false. */\n enabled?: boolean;\n /** When enabled, use ISOLATED (one tenant per user) or SHARED (multiple tenants per user). Default: ISOLATED. */\n mode?: TenantModeEnum;\n}\n\nexport enum TenantModeEnum {\n ISOLATED = 'isolated',\n SHARED = 'shared',\n}\n\nexport interface ITenantsConfig {\n mode: TenantModeEnum;\n options?: ITenantOption[];\n}\n\nexport interface ISsoProviderConfig {\n id: string;\n name: string;\n logoUrl?: string;\n authorizationUrl?: string;\n clientId?: string;\n hint?: string;\n}\n\nexport interface ISsoConfig {\n enabled: boolean;\n providers?: ISsoProviderConfig[];\n}\n\nexport interface IUiConfig {\n brandName?: string;\n brandColor?: string;\n logoUrl?: string;\n backgroundImageUrl?: string;\n}\n"],"mappings":";AAUO,IAAKA,sBAAAA,0BAAAA,sBAAAA;;;;;;;SAAAA;;AAUL,IAAKC,wBAAAA,0BAAAA,wBAAAA;;;;SAAAA;;;;ACXL,IAAMC,kCAAkC;;;ACuDxC,IAAKC,iBAAAA,0BAAAA,iBAAAA;;;SAAAA;;","names":["NestAuthOTPTypeEnum","NestAuthMFAMethodEnum","NEST_AUTH_PASSWORDLESS_PROVIDER","TenantModeEnum"]}
|