@ackplus/nest-auth 0.0.23

package/src/lib/entities/tenant.entity.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Tenant = void 0;
+const tslib_1 = require("tslib");
+const typeorm_1 = require("typeorm");
+const user_entity_1 = require("./user.entity");
+let Tenant = class Tenant {
+};
+exports.Tenant = Tenant;
+tslib_1.__decorate([
+    (0, typeorm_1.PrimaryGeneratedColumn)('uuid'),
+    tslib_1.__metadata("design:type", String)
+], Tenant.prototype, "id", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)(),
+    tslib_1.__metadata("design:type", String)
+], Tenant.prototype, "name", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ unique: true, nullable: true }),
+    tslib_1.__metadata("design:type", String)
+], Tenant.prototype, "domain", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ nullable: true }),
+    tslib_1.__metadata("design:type", String)
+], Tenant.prototype, "createdByUserId", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.CreateDateColumn)(),
+    tslib_1.__metadata("design:type", Date)
+], Tenant.prototype, "createdAt", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.UpdateDateColumn)(),
+    tslib_1.__metadata("design:type", Date)
+], Tenant.prototype, "updatedAt", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.OneToMany)(() => user_entity_1.User, user => user.tenant),
+    tslib_1.__metadata("design:type", Array)
+], Tenant.prototype, "users", void 0);
+exports.Tenant = Tenant = tslib_1.__decorate([
+    (0, typeorm_1.Entity)('nest_auth_tenants')
+], Tenant);
+//# sourceMappingURL=tenant.entity.js.map

package/src/lib/entities/tenant.entity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tenant.entity.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/entities/tenant.entity.ts"],"names":[],"mappings":";;;;AAAA,qCAAgH;AAChH,+CAAqC;AAG9B,IAAM,MAAM,GAAZ,MAAM,MAAM;CAqBlB,CAAA;AArBY,wBAAM;AAEf;IADC,IAAA,gCAAsB,EAAC,MAAM,CAAC;;kCACpB;AAGX;IADC,IAAA,gBAAM,GAAE;;oCACI;AAGb;IADC,IAAA,gBAAM,EAAC,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;sCAC1B;AAGf;IADC,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;+CACH;AAGxB;IADC,IAAA,0BAAgB,GAAE;sCACR,IAAI;yCAAC;AAGhB;IADC,IAAA,0BAAgB,GAAE;sCACR,IAAI;yCAAC;AAGhB;IADC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,kBAAI,EAAE,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;;qCAC7B;iBApBL,MAAM;IADlB,IAAA,gBAAM,EAAC,mBAAmB,CAAC;GACf,MAAM,CAqBlB"}

package/src/lib/entities/user-role.entity.d.ts

@@ -0,0 +1,13 @@
+import { User } from "./user.entity";
+import { Role } from "./role.entity";
+import { Tenant } from "./tenant.entity";
+export declare class UserRole {
+    userId: string;
+    roleId: string;
+    tenantId: string;
+    user: User;
+    role: Role;
+    tenant: Tenant;
+    createdAt: Date;
+    updatedAt: Date;
+}

package/src/lib/entities/user-role.entity.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserRole = void 0;
+const tslib_1 = require("tslib");
+const typeorm_1 = require("typeorm");
+const user_entity_1 = require("./user.entity");
+const role_entity_1 = require("./role.entity");
+const tenant_entity_1 = require("./tenant.entity");
+let UserRole = class UserRole {
+};
+exports.UserRole = UserRole;
+tslib_1.__decorate([
+    (0, typeorm_1.PrimaryColumn)('uuid'),
+    tslib_1.__metadata("design:type", String)
+], UserRole.prototype, "userId", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.PrimaryColumn)('uuid'),
+    tslib_1.__metadata("design:type", String)
+], UserRole.prototype, "roleId", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.PrimaryColumn)('uuid'),
+    tslib_1.__metadata("design:type", String)
+], UserRole.prototype, "tenantId", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.ManyToOne)(() => user_entity_1.User, user => user.userRoles, { onDelete: 'CASCADE' }),
+    tslib_1.__metadata("design:type", user_entity_1.User)
+], UserRole.prototype, "user", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.ManyToOne)(() => role_entity_1.Role, role => role.userRoles, { onDelete: 'CASCADE' }),
+    tslib_1.__metadata("design:type", role_entity_1.Role)
+], UserRole.prototype, "role", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.ManyToOne)(() => tenant_entity_1.Tenant),
+    tslib_1.__metadata("design:type", tenant_entity_1.Tenant)
+], UserRole.prototype, "tenant", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.CreateDateColumn)(),
+    tslib_1.__metadata("design:type", Date)
+], UserRole.prototype, "createdAt", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.UpdateDateColumn)(),
+    tslib_1.__metadata("design:type", Date)
+], UserRole.prototype, "updatedAt", void 0);
+exports.UserRole = UserRole = tslib_1.__decorate([
+    (0, typeorm_1.Entity)('nest_auth_user_roles')
+], UserRole);
+//# sourceMappingURL=user-role.entity.js.map

package/src/lib/entities/user-role.entity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-role.entity.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/entities/user-role.entity.ts"],"names":[],"mappings":";;;;AAAA,qCAAuG;AACvG,+CAAqC;AACrC,+CAAqC;AACrC,mDAAyC;AAGlC,IAAM,QAAQ,GAAd,MAAM,QAAQ;CAwBpB,CAAA;AAxBY,4BAAQ;AAEjB;IADC,IAAA,uBAAa,EAAC,MAAM,CAAC;;wCACP;AAGf;IADC,IAAA,uBAAa,EAAC,MAAM,CAAC;;wCACP;AAGf;IADC,IAAA,uBAAa,EAAC,MAAM,CAAC;;0CACL;AAGjB;IADC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,kBAAI,EAAE,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;sCACjE,kBAAI;sCAAC;AAGX;IADC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,kBAAI,EAAE,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;sCACjE,kBAAI;sCAAC;AAGX;IADC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,sBAAM,CAAC;sCAChB,sBAAM;wCAAC;AAGf;IADC,IAAA,0BAAgB,GAAE;sCACR,IAAI;2CAAC;AAGhB;IADC,IAAA,0BAAgB,GAAE;sCACR,IAAI;2CAAC;mBAvBP,QAAQ;IADpB,IAAA,gBAAM,EAAC,sBAAsB,CAAC;GAClB,QAAQ,CAwBpB"}

package/src/lib/entities/user.entity.d.ts

@@ -0,0 +1,38 @@
+import { BaseEntity } from "typeorm";
+import { Tenant } from "./tenant.entity";
+import { UserRole } from "./user-role.entity";
+import { AuthIdentity } from "./auth-identity.entity";
+import { MFASecret } from "./mfa-secret.entity";
+import { Session } from "./session.entity";
+import { OTP } from "./otp.entity";
+export declare class User extends BaseEntity {
+    id: string;
+    firstName?: string;
+    lastName?: string;
+    email: string;
+    emailVerifiedAt: Date;
+    phone: string;
+    phoneVerifiedAt: Date;
+    passwordHash: string;
+    isVerified: boolean;
+    isActive: boolean;
+    metadata?: Record<string, any>;
+    tenantId?: string;
+    isMfaEnabled: boolean;
+    mfaRecoveryCode?: string;
+    tenant: Tenant;
+    createdAt: Date;
+    updatedAt: Date;
+    identities: AuthIdentity[];
+    mfaSecrets: MFASecret[];
+    sessions: Session[];
+    otps: OTP[];
+    userRoles: UserRole[];
+    emailTenant: string;
+    phoneTenant: string;
+    updateTenantFields(): void;
+    getPermissions(): string[];
+    getRoles(): string[];
+    validatePassword(password: string): Promise<boolean>;
+    setPassword(password: string): Promise<void>;
+}

package/src/lib/entities/user.entity.js

@@ -0,0 +1,155 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.User = void 0;
+const tslib_1 = require("tslib");
+const typeorm_1 = require("typeorm");
+const tenant_entity_1 = require("./tenant.entity");
+const user_role_entity_1 = require("./user-role.entity");
+const auth_identity_entity_1 = require("./auth-identity.entity");
+const mfa_secret_entity_1 = require("./mfa-secret.entity");
+const session_entity_1 = require("./session.entity");
+const otp_entity_1 = require("./otp.entity");
+const bcrypt_1 = tslib_1.__importDefault(require("bcrypt"));
+const lodash_1 = require("lodash");
+let User = class User extends typeorm_1.BaseEntity {
+    updateTenantFields() {
+        this.emailTenant = this.email ? `${this.email}:${this.tenantId || 'global'}` : null;
+        this.phoneTenant = this.phone ? `${this.phone}:${this.tenantId || 'global'}` : null;
+    }
+    getPermissions() {
+        return (0, lodash_1.chain)(this.userRoles)
+            .map(role => (0, lodash_1.map)(role.role.rolePermissions, 'permission.name'))
+            .flatten()
+            .uniq()
+            .value();
+    }
+    getRoles() {
+        return (0, lodash_1.chain)(this.userRoles)
+            .map(role => role.role.name)
+            .uniq()
+            .value();
+    }
+    async validatePassword(password) {
+        if (!this.passwordHash)
+            return false;
+        return bcrypt_1.default.compare(password, this.passwordHash);
+    }
+    async setPassword(password) {
+        const salt = await bcrypt_1.default.genSalt();
+        this.passwordHash = await bcrypt_1.default.hash(password, salt);
+    }
+};
+exports.User = User;
+tslib_1.__decorate([
+    (0, typeorm_1.PrimaryGeneratedColumn)('uuid'),
+    tslib_1.__metadata("design:type", String)
+], User.prototype, "id", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ nullable: true }),
+    tslib_1.__metadata("design:type", String)
+], User.prototype, "firstName", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ nullable: true }),
+    tslib_1.__metadata("design:type", String)
+], User.prototype, "lastName", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ nullable: true }),
+    (0, typeorm_1.Index)(),
+    tslib_1.__metadata("design:type", String)
+], User.prototype, "email", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ nullable: true }),
+    (0, typeorm_1.Index)(),
+    tslib_1.__metadata("design:type", Date)
+], User.prototype, "emailVerifiedAt", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ nullable: true }),
+    (0, typeorm_1.Index)(),
+    tslib_1.__metadata("design:type", String)
+], User.prototype, "phone", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ nullable: true }),
+    (0, typeorm_1.Index)(),
+    tslib_1.__metadata("design:type", Date)
+], User.prototype, "phoneVerifiedAt", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ nullable: true }),
+    tslib_1.__metadata("design:type", String)
+], User.prototype, "passwordHash", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ default: false }),
+    tslib_1.__metadata("design:type", Boolean)
+], User.prototype, "isVerified", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ default: true }),
+    tslib_1.__metadata("design:type", Boolean)
+], User.prototype, "isActive", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ type: 'simple-json', nullable: true, default: '{}' }),
+    tslib_1.__metadata("design:type", Object)
+], User.prototype, "metadata", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ nullable: true }),
+    tslib_1.__metadata("design:type", String)
+], User.prototype, "tenantId", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ default: false }),
+    tslib_1.__metadata("design:type", Boolean)
+], User.prototype, "isMfaEnabled", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Column)({ nullable: true }),
+    tslib_1.__metadata("design:type", String)
+], User.prototype, "mfaRecoveryCode", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.ManyToOne)(() => tenant_entity_1.Tenant, tenant => tenant.users),
+    tslib_1.__metadata("design:type", tenant_entity_1.Tenant)
+], User.prototype, "tenant", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.CreateDateColumn)(),
+    tslib_1.__metadata("design:type", Date)
+], User.prototype, "createdAt", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.UpdateDateColumn)(),
+    tslib_1.__metadata("design:type", Date)
+], User.prototype, "updatedAt", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.OneToMany)(() => auth_identity_entity_1.AuthIdentity, identity => identity.user),
+    tslib_1.__metadata("design:type", Array)
+], User.prototype, "identities", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.OneToMany)(() => mfa_secret_entity_1.MFASecret, mfaSecret => mfaSecret.user),
+    tslib_1.__metadata("design:type", Array)
+], User.prototype, "mfaSecrets", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.OneToMany)(() => session_entity_1.Session, session => session.user),
+    tslib_1.__metadata("design:type", Array)
+], User.prototype, "sessions", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.OneToMany)(() => otp_entity_1.OTP, otp => otp.user),
+    tslib_1.__metadata("design:type", Array)
+], User.prototype, "otps", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.OneToMany)(() => user_role_entity_1.UserRole, userRole => userRole.user),
+    tslib_1.__metadata("design:type", Array)
+], User.prototype, "userRoles", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Index)('IDX_USER_EMAIL_TENANT', { unique: true }),
+    (0, typeorm_1.Column)({ nullable: true }),
+    tslib_1.__metadata("design:type", String)
+], User.prototype, "emailTenant", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.Index)('IDX_USER_PHONE_TENANT', { unique: true }),
+    (0, typeorm_1.Column)({ nullable: true }),
+    tslib_1.__metadata("design:type", String)
+], User.prototype, "phoneTenant", void 0);
+tslib_1.__decorate([
+    (0, typeorm_1.BeforeInsert)(),
+    (0, typeorm_1.BeforeUpdate)(),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", void 0)
+], User.prototype, "updateTenantFields", null);
+exports.User = User = tslib_1.__decorate([
+    (0, typeorm_1.Entity)('nest_auth_users')
+], User);
+//# sourceMappingURL=user.entity.js.map

package/src/lib/entities/user.entity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.entity.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/entities/user.entity.ts"],"names":[],"mappings":";;;;AAAA,qCAA0K;AAC1K,mDAAyC;AACzC,yDAA8C;AAC9C,iEAAsD;AACtD,2DAAgD;AAChD,qDAA2C;AAC3C,6CAAmC;AACnC,4DAA4B;AAC5B,mCAAoC;AAG7B,IAAM,IAAI,GAAV,MAAM,IAAK,SAAQ,oBAAU;IAkFhC,kBAAkB;QACd,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACpF,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACxF,CAAC;IAGD,cAAc;QACV,OAAO,IAAA,cAAK,EAAC,IAAI,CAAC,SAAS,CAAC;aACvB,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAA,YAAG,EAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;aAC9D,OAAO,EAAE;aACT,IAAI,EAAE;aACN,KAAK,EAAE,CAAC;IACjB,CAAC;IAED,QAAQ;QACJ,OAAO,IAAA,cAAK,EAAC,IAAI,CAAC,SAAS,CAAC;aACvB,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;aAC3B,IAAI,EAAE;aACN,KAAK,EAAE,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,QAAgB;QACnC,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,OAAO,KAAK,CAAC;QACrC,OAAO,gBAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,QAAgB;QAC9B,MAAM,IAAI,GAAG,MAAM,gBAAM,CAAC,OAAO,EAAE,CAAC;QACpC,IAAI,CAAC,YAAY,GAAG,MAAM,gBAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC1D,CAAC;CACJ,CAAA;AAhHY,oBAAI;AAEb;IADC,IAAA,gCAAsB,EAAC,MAAM,CAAC;;gCACpB;AAGX;IADC,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;uCACR;AAGnB;IADC,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;sCACT;AAIlB;IAFC,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC1B,IAAA,eAAK,GAAE;;mCACM;AAId;IAFC,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC1B,IAAA,eAAK,GAAE;sCACS,IAAI;6CAAC;AAItB;IAFC,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC1B,IAAA,eAAK,GAAE;;mCACM;AAId;IAFC,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC1B,IAAA,eAAK,GAAE;sCACS,IAAI;6CAAC;AAGtB;IADC,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;0CACN;AAGrB;IADC,IAAA,gBAAM,EAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;;wCACP;AAGpB;IADC,IAAA,gBAAM,EAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;;sCACR;AAGlB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;;sCAChC;AAG/B;IADC,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;sCACT;AAGlB;IADC,IAAA,gBAAM,EAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;;0CACL;AAGtB;IADC,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;6CACF;AAIzB;IADC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,sBAAM,EAAE,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC;sCACxC,sBAAM;oCAAC;AAGf;IADC,IAAA,0BAAgB,GAAE;sCACR,IAAI;uCAAC;AAGhB;IADC,IAAA,0BAAgB,GAAE;sCACR,IAAI;uCAAC;AAGhB;IADC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,mCAAY,EAAE,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC;;wCAC9B;AAG3B;IADC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,6BAAS,EAAE,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC;;wCAChC;AAGxB;IADC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,wBAAO,EAAE,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;;sCAC9B;AAGpB;IADC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,gBAAG,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;;kCAC1B;AAGZ;IADC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,2BAAQ,EAAE,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC;;uCAC/B;AAItB;IAFC,IAAA,eAAK,EAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IAChD,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;yCACP;AAIpB;IAFC,IAAA,eAAK,EAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IAChD,IAAA,gBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;yCACP;AAIpB;IAFC,IAAA,sBAAY,GAAE;IACd,IAAA,sBAAY,GAAE;;;;8CAId;eArFQ,IAAI;IADhB,IAAA,gBAAM,EAAC,iBAAiB,CAAC;GACb,IAAI,CAgHhB"}

package/src/lib/guards/auth.guard.d.ts

@@ -0,0 +1,18 @@
+import { ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { JwtService } from '../services/jwt.service';
+import { AuthService } from '../services/auth.service';
+import { BaseSessionService } from '../services/session/base-session.service';
+import { CookieService } from '../services/cookie.service';
+export declare class AuthGuard {
+    private jwtService;
+    private authService;
+    private sessionService;
+    private cookieService;
+    private reflector;
+    constructor(jwtService: JwtService, authService: AuthService, sessionService: BaseSessionService, cookieService: CookieService, reflector: Reflector);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+    private extractTokenFromRequest;
+    private extractRefreshToken;
+    private checkMfa;
+}

package/src/lib/guards/auth.guard.js

@@ -0,0 +1,106 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthGuard = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const auth_constants_1 = require("../auth.constants");
+const skip_mfa_decorator_1 = require("../decorators/skip-mfa.decorator");
+const core_1 = require("@nestjs/core");
+const jwt_service_1 = require("../services/jwt.service");
+const auth_service_1 = require("../services/auth.service");
+const base_session_service_1 = require("../services/session/base-session.service");
+const cookie_service_1 = require("../services/cookie.service");
+let AuthGuard = class AuthGuard {
+    constructor(jwtService, authService, sessionService, cookieService, reflector) {
+        this.jwtService = jwtService;
+        this.authService = authService;
+        this.sessionService = sessionService;
+        this.cookieService = cookieService;
+        this.reflector = reflector;
+    }
+    async canActivate(context) {
+        const request = context.switchToHttp().getRequest();
+        const response = context.switchToHttp().getResponse();
+        const accessToken = this.extractTokenFromRequest(request);
+        if (!accessToken) {
+            throw new common_1.UnauthorizedException({
+                message: 'No token provided',
+                code: auth_constants_1.UNAUTHORIZED_EXCEPTION_CODE
+            });
+        }
+        try {
+            const payload = await this.jwtService.verifyToken(accessToken);
+            if (payload.type === 'access') {
+                const session = await this.sessionService.getSession(payload.sessionId);
+                if (!session) {
+                    throw new common_1.UnauthorizedException({
+                        message: 'Session not found',
+                        code: auth_constants_1.UNAUTHORIZED_EXCEPTION_CODE
+                    });
+                }
+                request.user = payload;
+                request.session = session;
+                await this.checkMfa(context, payload);
+                return true;
+            }
+            else {
+                throw new common_1.UnauthorizedException({
+                    message: 'Invalid token',
+                    code: auth_constants_1.UNAUTHORIZED_EXCEPTION_CODE
+                });
+            }
+        }
+        catch (error) {
+            const refreshToken = this.extractRefreshToken(request);
+            const newSession = await this.authService.refreshToken(refreshToken);
+            this.cookieService.setTokens(response, newSession.accessToken, newSession.refreshToken);
+            return true;
+        }
+    }
+    extractTokenFromRequest(request) {
+        const tokenFromCookie = request.cookies?.[auth_constants_1.ACCESS_TOKEN_COOKIE_NAME];
+        if (tokenFromCookie) {
+            return tokenFromCookie;
+        }
+        const authHeader = request.headers.authorization;
+        if (authHeader && authHeader.startsWith('Bearer ')) {
+            return authHeader.substring(7);
+        }
+        return null;
+    }
+    extractRefreshToken(request) {
+        const tokenFromCookie = request.cookies?.[auth_constants_1.REFRESH_TOKEN_COOKIE_NAME];
+        if (tokenFromCookie) {
+            return tokenFromCookie;
+        }
+        const authHeader = request.headers['x-refresh-token'];
+        if (authHeader) {
+            return authHeader;
+        }
+        return null;
+    }
+    async checkMfa(context, payload) {
+        const skipMfa = this.reflector.getAllAndOverride(skip_mfa_decorator_1.SKIP_MFA_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        const isMfaEnabled = payload.isMfaEnabled;
+        const isMfaVerified = payload.isMfaVerified;
+        if (isMfaEnabled && !isMfaVerified && !skipMfa) {
+            throw new common_1.UnauthorizedException({
+                message: 'Multi-factor authentication is required',
+                code: auth_constants_1.UNAUTHORIZED_EXCEPTION_CODE
+            });
+        }
+    }
+};
+exports.AuthGuard = AuthGuard;
+exports.AuthGuard = AuthGuard = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__metadata("design:paramtypes", [jwt_service_1.JwtService,
+        auth_service_1.AuthService,
+        base_session_service_1.BaseSessionService,
+        cookie_service_1.CookieService,
+        core_1.Reflector])
+], AuthGuard);
+//# sourceMappingURL=auth.guard.js.map

package/src/lib/guards/auth.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.guard.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/guards/auth.guard.ts"],"names":[],"mappings":";;;;AAAA,2CAAqF;AACrF,sDAAqH;AACrH,yEAAgE;AAChE,uCAAyC;AAEzC,yDAAqD;AAErD,2DAAuD;AACvD,mFAA8E;AAC9E,+DAA2D;AAGpD,IAAM,SAAS,GAAf,MAAM,SAAS;IAClB,YACY,UAAsB,EACtB,WAAwB,EACxB,cAAkC,EAClC,aAA4B,EAC5B,SAAoB;QAJpB,eAAU,GAAV,UAAU,CAAY;QACtB,gBAAW,GAAX,WAAW,CAAa;QACxB,mBAAc,GAAd,cAAc,CAAoB;QAClC,kBAAa,GAAb,aAAa,CAAe;QAC5B,cAAS,GAAT,SAAS,CAAW;IAC5B,CAAC;IAEL,KAAK,CAAC,WAAW,CAAC,OAAyB;QACvC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAW,CAAC;QAC7D,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,WAAW,EAAY,CAAC;QAGhE,MAAM,WAAW,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;QAE1D,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,mBAAmB;gBAC5B,IAAI,EAAE,4CAA2B;aACpC,CAAC,CAAC;QACP,CAAC;QAED,IAAI,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAE/D,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAE5B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBACxE,IAAI,CAAC,OAAO,EAAE,CAAC;oBACX,MAAM,IAAI,8BAAqB,CAAC;wBAC5B,OAAO,EAAE,mBAAmB;wBAC5B,IAAI,EAAE,4CAA2B;qBACpC,CAAC,CAAC;gBACP,CAAC;gBAGD,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC;gBACvB,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;gBAG1B,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBAGtC,OAAO,IAAI,CAAC;YAChB,CAAC;iBAAM,CAAC;gBACJ,MAAM,IAAI,8BAAqB,CAAC;oBAC5B,OAAO,EAAE,eAAe;oBACxB,IAAI,EAAE,4CAA2B;iBACpC,CAAC,CAAC;YACP,CAAC;QAEL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAEb,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAGvD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;YAGrE,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,WAAW,EAAE,UAAU,CAAC,YAAY,CAAC,CAAC;YAExF,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAEO,uBAAuB,CAAC,OAAgB;QAE5C,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,yCAAwB,CAAC,CAAC;QACpE,IAAI,eAAe,EAAE,CAAC;YAClB,OAAO,eAAe,CAAC;QAC3B,CAAC;QAGD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QACjD,IAAI,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACjD,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,mBAAmB,CAAC,OAAgB;QAExC,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,0CAAyB,CAAC,CAAC;QACrE,IAAI,eAAe,EAAE,CAAC;YAClB,OAAO,eAAe,CAAC;QAC3B,CAAC;QAGD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QACtD,IAAI,UAAU,EAAE,CAAC;YACb,OAAO,UAAoB,CAAC;QAChC,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAC,OAAyB,EAAE,OAAwB;QAEtE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAU,iCAAY,EAAE;YACpE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACrB,CAAC,CAAC;QAGH,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QAC1C,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAG5C,IAAI,YAAY,IAAI,CAAC,aAAa,IAAI,CAAC,OAAO,EAAE,CAAC;YAC7C,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,yCAAyC;gBAClD,IAAI,EAAE,4CAA2B;aACpC,CAAC,CAAC;QACP,CAAC;IACL,CAAC;CACJ,CAAA;AAtHY,8BAAS;oBAAT,SAAS;IADrB,IAAA,mBAAU,GAAE;6CAGe,wBAAU;QACT,0BAAW;QACR,yCAAkB;QACnB,8BAAa;QACjB,gBAAS;GANvB,SAAS,CAsHrB"}

package/src/lib/interceptors/token.interceptor.d.ts

@@ -0,0 +1,10 @@
+import { NestInterceptor, ExecutionContext, CallHandler } from '@nestjs/common';
+import { Observable } from 'rxjs';
+import { CookieService } from '../services/cookie.service';
+import { BaseSessionService } from '../services/session/base-session.service';
+export declare class TokenInterceptor implements NestInterceptor {
+    private readonly sessionService;
+    private readonly cookieService;
+    constructor(sessionService: BaseSessionService, cookieService: CookieService);
+    intercept(context: ExecutionContext, next: CallHandler): Promise<Observable<any>>;
+}

package/src/lib/interceptors/token.interceptor.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenInterceptor = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const operators_1 = require("rxjs/operators");
+const cookie_service_1 = require("../services/cookie.service");
+const base_session_service_1 = require("../services/session/base-session.service");
+let TokenInterceptor = class TokenInterceptor {
+    constructor(sessionService, cookieService) {
+        this.sessionService = sessionService;
+        this.cookieService = cookieService;
+    }
+    async intercept(context, next) {
+        const request = context.switchToHttp().getRequest();
+        const response = context.switchToHttp().getResponse();
+        return next.handle().pipe((0, operators_1.tap)(async () => {
+            if (request.newTokens) {
+                const { accessToken, refreshToken } = request.newTokens;
+                this.cookieService.setTokens(response, accessToken, refreshToken);
+                if (request.user) {
+                    const session = await this.sessionService.getSession(request.user.id);
+                    if (session) {
+                        await this.sessionService.updateSession(request.user.id, {
+                            ...session,
+                            refreshToken,
+                            lastActive: new Date(),
+                        });
+                    }
+                }
+            }
+        }));
+    }
+};
+exports.TokenInterceptor = TokenInterceptor;
+exports.TokenInterceptor = TokenInterceptor = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__metadata("design:paramtypes", [base_session_service_1.BaseSessionService,
+        cookie_service_1.CookieService])
+], TokenInterceptor);
+//# sourceMappingURL=token.interceptor.js.map

package/src/lib/interceptors/token.interceptor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.interceptor.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/interceptors/token.interceptor.ts"],"names":[],"mappings":";;;;AAAA,2CAA4F;AAE5F,8CAAqC;AAGrC,+DAA2D;AAC3D,mFAA8E;AAGvE,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;IACzB,YACqB,cAAkC,EAClC,aAA4B;QAD5B,mBAAc,GAAd,cAAc,CAAoB;QAClC,kBAAa,GAAb,aAAa,CAAe;IAC7C,CAAC;IAEL,KAAK,CAAC,SAAS,CAAC,OAAyB,EAAE,IAAiB;QACxD,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,WAAW,EAAY,CAAC;QAEhE,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CACrB,IAAA,eAAG,EAAC,KAAK,IAAI,EAAE;YAEX,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;gBACpB,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC;gBAGxD,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;gBAGlE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBACtE,IAAI,OAAO,EAAE,CAAC;wBACV,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE;4BACrD,GAAG,OAAO;4BACV,YAAY;4BACZ,UAAU,EAAE,IAAI,IAAI,EAAE;yBACzB,CAAC,CAAC;oBACP,CAAC;gBACL,CAAC;YACL,CAAC;QACL,CAAC,CAAC,CACL,CAAC;IACN,CAAC;CACJ,CAAA;AAlCY,4CAAgB;2BAAhB,gBAAgB;IAD5B,IAAA,mBAAU,GAAE;6CAG4B,yCAAkB;QACnB,8BAAa;GAHxC,gBAAgB,CAkC5B"}

package/src/lib/interfaces/auth-module-options.interface.d.ts

@@ -0,0 +1,51 @@
+import { Type } from '@nestjs/common';
+import { BaseAuthProvider } from '../providers/base-auth.provider';
+import { MFAOptions } from './mfa-options.interface';
+import { CookieOptions, SessionOptions } from './session-options.interface';
+export interface AuthModuleOptions {
+    accessTokenType?: 'header' | 'cookie';
+    cookieOptions?: CookieOptions;
+    jwt: {
+        secret: string;
+        accessTokenExpiresIn?: number | string;
+        refreshTokenExpiresIn?: number | string;
+    };
+    google?: {
+        clientId: string;
+        clientSecret: string;
+        redirectUri: string;
+    };
+    facebook?: {
+        appId: string;
+        appSecret: string;
+        redirectUri: string;
+    };
+    apple?: {
+        clientId: string;
+        teamId: string;
+        keyId: string;
+        privateKey: string;
+        privateKeyMethod?: string;
+        redirectUri: string;
+    };
+    phoneAuth?: {
+        enabled: boolean;
+    };
+    emailAuth?: {
+        enabled: boolean;
+    };
+    mfa?: MFAOptions;
+    session?: SessionOptions;
+    customAuthProviders?: BaseAuthProvider[];
+    passwordResetOtpExpiresIn?: number | string;
+}
+export interface AuthModuleAsyncOptions {
+    imports?: any[];
+    useFactory: (...args: any[]) => Promise<AuthModuleOptions> | AuthModuleOptions;
+    inject?: any[];
+    useClass?: Type<AuthModuleOptionsFactory>;
+    useExisting?: Type<AuthModuleOptionsFactory>;
+}
+export interface AuthModuleOptionsFactory {
+    createAuthModuleOptions(): Promise<AuthModuleOptions> | AuthModuleOptions;
+}

package/src/lib/interfaces/auth-module-options.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=auth-module-options.interface.js.map

package/src/lib/interfaces/auth-module-options.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-module-options.interface.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/interfaces/auth-module-options.interface.ts"],"names":[],"mappings":""}

package/src/lib/interfaces/mfa-options.interface.d.ts

@@ -0,0 +1,25 @@
+export interface MFAOptions {
+    enabled?: boolean;
+    required?: boolean;
+    methods?: MFAMethodEnum[];
+    otpLength?: number;
+    totp?: {
+        issuer: string;
+        period: number;
+    };
+    sms?: {
+        provider: string;
+        template: string;
+    };
+    email?: {
+        template: string;
+    };
+    allowUserToggle?: boolean;
+    allowMethodSelection?: boolean;
+    otpExpiresIn?: string | number;
+}
+export declare enum MFAMethodEnum {
+    TOTP = "totp",
+    SMS = "sms",
+    EMAIL = "email"
+}

package/src/lib/interfaces/mfa-options.interface.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MFAMethodEnum = void 0;
+var MFAMethodEnum;
+(function (MFAMethodEnum) {
+    MFAMethodEnum["TOTP"] = "totp";
+    MFAMethodEnum["SMS"] = "sms";
+    MFAMethodEnum["EMAIL"] = "email";
+})(MFAMethodEnum || (exports.MFAMethodEnum = MFAMethodEnum = {}));
+//# sourceMappingURL=mfa-options.interface.js.map

package/src/lib/interfaces/mfa-options.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mfa-options.interface.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/interfaces/mfa-options.interface.ts"],"names":[],"mappings":";;;AAyCA,IAAY,aAIX;AAJD,WAAY,aAAa;IACrB,8BAAa,CAAA;IACb,4BAAW,CAAA;IACX,gCAAe,CAAA;AACnB,CAAC,EAJW,aAAa,6BAAb,aAAa,QAIxB"}

package/src/lib/interfaces/session-options.interface.d.ts

@@ -0,0 +1,12 @@
+import { CookieOptions as ExpressCookieOptions } from 'express';
+export declare enum SessionStorageType {
+    REDIS = "redis",
+    DATABASE = "database"
+}
+export interface SessionOptions {
+    storageType: SessionStorageType;
+    redisUrl?: string;
+    sessionExpiry?: number | string;
+    refreshTokenExpiry?: number | string;
+}
+export type CookieOptions = Omit<ExpressCookieOptions, 'maxAge'>;

package/src/lib/interfaces/session-options.interface.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionStorageType = void 0;
+var SessionStorageType;
+(function (SessionStorageType) {
+    SessionStorageType["REDIS"] = "redis";
+    SessionStorageType["DATABASE"] = "database";
+})(SessionStorageType || (exports.SessionStorageType = SessionStorageType = {}));
+//# sourceMappingURL=session-options.interface.js.map

package/src/lib/interfaces/session-options.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-options.interface.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/interfaces/session-options.interface.ts"],"names":[],"mappings":";;;AAEA,IAAY,kBAGX;AAHD,WAAY,kBAAkB;IAC1B,qCAAe,CAAA;IACf,2CAAqB,CAAA;AACzB,CAAC,EAHW,kBAAkB,kCAAlB,kBAAkB,QAG7B"}