@ackplus/nest-auth 0.0.23

package/src/lib/services/cookie.service.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CookieService = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const auth_constants_1 = require("../auth.constants");
+const ms_1 = tslib_1.__importDefault(require("ms"));
+let CookieService = class CookieService {
+    constructor(options) {
+        this.options = options;
+    }
+    setAccessTokenCookie(response, token) {
+        response.cookie(auth_constants_1.ACCESS_TOKEN_COOKIE_NAME, token, {
+            httpOnly: true,
+            secure: this.options.cookieOptions.secure,
+            sameSite: this.options.cookieOptions.sameSite,
+            maxAge: (0, ms_1.default)(this.options.session.sessionExpiry),
+        });
+    }
+    setRefreshTokenCookie(response, token) {
+        response.cookie(auth_constants_1.REFRESH_TOKEN_COOKIE_NAME, token, {
+            httpOnly: true,
+            secure: this.options.cookieOptions.secure,
+            sameSite: this.options.cookieOptions.sameSite,
+            maxAge: (0, ms_1.default)(this.options.session.refreshTokenExpiry),
+        });
+    }
+    clearCookies(response) {
+        response.clearCookie(auth_constants_1.ACCESS_TOKEN_COOKIE_NAME);
+        response.clearCookie(auth_constants_1.REFRESH_TOKEN_COOKIE_NAME);
+    }
+    setTokens(response, accessToken, refreshToken) {
+        this.setAccessTokenCookie(response, accessToken);
+        this.setRefreshTokenCookie(response, refreshToken);
+    }
+};
+exports.CookieService = CookieService;
+exports.CookieService = CookieService = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__param(0, (0, common_1.Inject)(auth_constants_1.AUTH_MODULE_OPTIONS)),
+    tslib_1.__metadata("design:paramtypes", [Object])
+], CookieService);
+//# sourceMappingURL=cookie.service.js.map

package/src/lib/services/cookie.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookie.service.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/services/cookie.service.ts"],"names":[],"mappings":";;;;AAAA,2CAAoD;AAEpD,sDAA6G;AAE7G,oDAAoB;AAGb,IAAM,aAAa,GAAnB,MAAM,aAAa;IACtB,YAEY,OAA0B;QAA1B,YAAO,GAAP,OAAO,CAAmB;IAClC,CAAC;IAEL,oBAAoB,CAAC,QAAkB,EAAE,KAAa;QAClD,QAAQ,CAAC,MAAM,CAAC,yCAAwB,EAAE,KAAK,EAAE;YAC7C,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM;YACzC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ;YAC7C,MAAM,EAAE,IAAA,YAAE,EAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;SACjD,CAAC,CAAC;IACP,CAAC;IAED,qBAAqB,CAAC,QAAkB,EAAE,KAAa;QACnD,QAAQ,CAAC,MAAM,CAAC,0CAAyB,EAAE,KAAK,EAAE;YAC9C,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM;YACzC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ;YAC7C,MAAM,EAAE,IAAA,YAAE,EAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC;SACtD,CAAC,CAAC;IACP,CAAC;IAED,YAAY,CAAC,QAAkB;QAC3B,QAAQ,CAAC,WAAW,CAAC,yCAAwB,CAAC,CAAC;QAC/C,QAAQ,CAAC,WAAW,CAAC,0CAAyB,CAAC,CAAC;IACpD,CAAC;IAED,SAAS,CAAC,QAAkB,EAAE,WAAmB,EAAE,YAAoB;QACnE,IAAI,CAAC,oBAAoB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACjD,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IACvD,CAAC;CACJ,CAAA;AAjCY,sCAAa;wBAAb,aAAa;IADzB,IAAA,mBAAU,GAAE;IAGJ,mBAAA,IAAA,eAAM,EAAC,oCAAmB,CAAC,CAAA;;GAFvB,aAAa,CAiCzB"}

package/src/lib/services/jwt.service.d.ts

@@ -0,0 +1,15 @@
+import { AuthModuleOptions } from '../interfaces/auth-module-options.interface';
+import { JWTTokenPayload } from '../interfaces/token-payload.interface';
+export declare class JwtService {
+    private options;
+    constructor(options: AuthModuleOptions);
+    generateAccessToken(payload: Partial<JWTTokenPayload>): Promise<string>;
+    generateRefreshToken(payload: Partial<JWTTokenPayload>): Promise<string>;
+    verifyToken(token: string): Promise<JWTTokenPayload>;
+    generateTokens(payload: Partial<JWTTokenPayload>): Promise<{
+        accessToken: string;
+        refreshToken: string;
+    }>;
+    updateToken(token: string, payload: Partial<JWTTokenPayload>): Promise<string>;
+    decodeToken(token: string): JWTTokenPayload | null;
+}

package/src/lib/services/jwt.service.js

@@ -0,0 +1,93 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtService = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const jsonwebtoken_1 = tslib_1.__importDefault(require("jsonwebtoken"));
+const auth_constants_1 = require("../auth.constants");
+const ms_1 = tslib_1.__importDefault(require("ms"));
+let JwtService = class JwtService {
+    constructor(options) {
+        this.options = options;
+    }
+    async generateAccessToken(payload) {
+        return new Promise((resolve, reject) => {
+            jsonwebtoken_1.default.sign({
+                ...payload,
+                type: 'access',
+                exp: Math.floor(Date.now() / 1000) + (0, ms_1.default)(this.options.session.sessionExpiry),
+                iat: Math.floor(Date.now() / 1000),
+            }, this.options.jwt.secret, (err, token) => {
+                if (err)
+                    reject(err);
+                else
+                    resolve(token);
+            });
+        });
+    }
+    async generateRefreshToken(payload) {
+        return new Promise((resolve, reject) => {
+            jsonwebtoken_1.default.sign({
+                ...payload,
+                type: 'refresh',
+                exp: Math.floor(Date.now() / 1000) + (0, ms_1.default)(this.options.session.refreshTokenExpiry),
+                iat: Math.floor(Date.now() / 1000),
+            }, this.options.jwt.secret, (err, token) => {
+                if (err)
+                    reject(err);
+                else
+                    resolve(token);
+            });
+        });
+    }
+    async verifyToken(token) {
+        return new Promise((resolve, reject) => {
+            jsonwebtoken_1.default.verify(token, this.options.jwt.secret, (err, decoded) => {
+                if (err)
+                    reject(err);
+                else
+                    resolve(decoded);
+            });
+        });
+    }
+    async generateTokens(payload) {
+        const [accessToken, refreshToken] = await Promise.all([
+            this.generateAccessToken(payload),
+            this.generateRefreshToken(payload),
+        ]);
+        return {
+            accessToken,
+            refreshToken,
+        };
+    }
+    updateToken(token, payload) {
+        return new Promise((resolve, reject) => {
+            const decoded = this.decodeToken(token);
+            if (!decoded)
+                reject(new Error('Invalid token'));
+            else {
+                jsonwebtoken_1.default.sign({ ...decoded, ...payload }, this.options.jwt.secret, { expiresIn: this.options.session.sessionExpiry }, (err, token) => {
+                    if (err)
+                        reject(err);
+                    else
+                        resolve(token);
+                });
+            }
+        });
+    }
+    decodeToken(token) {
+        try {
+            return jsonwebtoken_1.default.decode(token);
+        }
+        catch (error) {
+            return null;
+        }
+    }
+};
+exports.JwtService = JwtService;
+exports.JwtService = JwtService = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__param(0, (0, common_1.Inject)(auth_constants_1.AUTH_MODULE_OPTIONS)),
+    tslib_1.__metadata("design:paramtypes", [Object])
+], JwtService);
+//# sourceMappingURL=jwt.service.js.map

package/src/lib/services/jwt.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.service.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/services/jwt.service.ts"],"names":[],"mappings":";;;;AAAA,2CAAoD;AACpD,wEAA+B;AAE/B,sDAAwD;AAExD,oDAAoB;AAIb,IAAM,UAAU,GAAhB,MAAM,UAAU;IACnB,YAEY,OAA0B;QAA1B,YAAO,GAAP,OAAO,CAAmB;IAClC,CAAC;IAEL,KAAK,CAAC,mBAAmB,CAAC,OAAiC;QACvD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACnC,sBAAG,CAAC,IAAI,CACJ;gBACI,GAAG,OAAO;gBACV,IAAI,EAAE,QAAQ;gBACd,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAA,YAAE,EAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;gBAC3E,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;aACrC,EACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EACvB,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;gBACX,IAAI,GAAG;oBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;oBAChB,OAAO,CAAC,KAAK,CAAC,CAAC;YACxB,CAAC,CACJ,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,OAAiC;QACxD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACnC,sBAAG,CAAC,IAAI,CACJ;gBACI,GAAG,OAAO;gBACV,IAAI,EAAE,SAAS;gBACf,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAA,YAAE,EAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC;gBAChF,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;aACrC,EACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EACvB,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;gBACX,IAAI,GAAG;oBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;oBAChB,OAAO,CAAC,KAAK,CAAC,CAAC;YACxB,CAAC,CACJ,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAa;QAC3B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACnC,sBAAG,CAAC,MAAM,CACN,KAAK,EACL,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EACvB,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;gBACb,IAAI,GAAG;oBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;oBAChB,OAAO,CAAC,OAA0B,CAAC,CAAC;YAC7C,CAAC,CACJ,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAiC;QAIlD,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAClD,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC;YACjC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC;SACrC,CAAC,CAAC;QAEH,OAAO;YACH,WAAW;YACX,YAAY;SACf,CAAC;IACN,CAAC;IAED,WAAW,CAAC,KAAa,EAAE,OAAiC;QACxD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACnC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YACxC,IAAI,CAAC,OAAO;gBAAE,MAAM,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;iBAC5C,CAAC;gBACF,sBAAG,CAAC,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,OAAO,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;oBAC5H,IAAI,GAAG;wBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;wBAChB,OAAO,CAAC,KAAK,CAAC,CAAC;gBACxB,CAAC,CAAC,CAAC;YACP,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC;IAED,WAAW,CAAC,KAAa;QACrB,IAAI,CAAC;YACD,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,CAAoB,CAAC;QAChD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;CACJ,CAAA;AA1FY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;IAGJ,mBAAA,IAAA,eAAM,EAAC,oCAAmB,CAAC,CAAA;;GAFvB,UAAU,CA0FtB"}

package/src/lib/services/mfa.service.d.ts

@@ -0,0 +1,40 @@
+import { Repository } from 'typeorm';
+import { MFASecret } from '../entities/mfa-secret.entity';
+import { MFAMethodEnum, MFAOptions } from '../interfaces/mfa-options.interface';
+import { AuthModuleOptions } from '../interfaces/auth-module-options.interface';
+import { User } from '../entities/user.entity';
+import { OTP } from '../entities/otp.entity';
+export declare class MfaService {
+    private mfaSecretRepository;
+    private userRepository;
+    private otpRepository;
+    private readonly options;
+    mfaConfig: MFAOptions;
+    constructor(mfaSecretRepository: Repository<MFASecret>, userRepository: Repository<User>, otpRepository: Repository<OTP>, options: AuthModuleOptions);
+    checkIsMfaEnabledForApp(throwError?: boolean): boolean;
+    getEnabledMethods(userId: string): Promise<MFAMethodEnum[]>;
+    sendMfaCode(userId: string, method: MFAMethodEnum): Promise<boolean>;
+    verifyMfa(userId: string, inputOtp: string, method: MFAMethodEnum): Promise<boolean>;
+    setupTotpDevice(userId: string, deviceName?: string): Promise<{
+        secret: string;
+        qrCode: string;
+    }>;
+    verifyTotpSetup(userId: string, secret: string, inputOtp: string): Promise<boolean>;
+    getTotpDevices(userId: string): Promise<{
+        id: string;
+        deviceName: string;
+        lastUsedAt: Date;
+        verified: boolean;
+    }[]>;
+    removeDevice(deviceId: string): Promise<void>;
+    isRequiresMfa(userId: string): Promise<boolean>;
+    isMfaEnabled(userId: string): Promise<boolean>;
+    markAsVerified(userId: string, deviceId: string): Promise<void>;
+    enableMFA(userId: string): Promise<void>;
+    disableMFA(userId: string): Promise<void>;
+    removeTotpDevice(deviceId: string): Promise<void>;
+    generateRecoveryCode(userId: string): Promise<string>;
+    resetMfa(userId: string, code: string): Promise<{
+        message: string;
+    }>;
+}

package/src/lib/services/mfa.service.js

@@ -0,0 +1,254 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MfaService = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const typeorm_1 = require("@nestjs/typeorm");
+const typeorm_2 = require("typeorm");
+const mfa_secret_entity_1 = require("../entities/mfa-secret.entity");
+const speakeasy = tslib_1.__importStar(require("speakeasy"));
+const qrcode = tslib_1.__importStar(require("qrcode"));
+const mfa_options_interface_1 = require("../interfaces/mfa-options.interface");
+const auth_constants_1 = require("../auth.constants");
+const user_entity_1 = require("../entities/user.entity");
+const otp_entity_1 = require("../entities/otp.entity");
+const otp_1 = require("../utils/otp");
+const ms_1 = tslib_1.__importDefault(require("ms"));
+let MfaService = class MfaService {
+    constructor(mfaSecretRepository, userRepository, otpRepository, options) {
+        this.mfaSecretRepository = mfaSecretRepository;
+        this.userRepository = userRepository;
+        this.otpRepository = otpRepository;
+        this.options = options;
+        this.mfaConfig = this.options.mfa;
+    }
+    checkIsMfaEnabledForApp(throwError = true) {
+        if (!this.mfaConfig.enabled) {
+            if (throwError) {
+                throw new common_1.ForbiddenException('MFA is not enabled for the application');
+            }
+            return false;
+        }
+        return true;
+    }
+    async getEnabledMethods(userId) {
+        this.checkIsMfaEnabledForApp(true);
+        const isEnabled = await this.isMfaEnabled(userId);
+        if (!isEnabled) {
+            return [];
+        }
+        const enableMethod = [];
+        if (this.mfaConfig.methods?.includes(mfa_options_interface_1.MFAMethodEnum.EMAIL)) {
+            enableMethod.push(mfa_options_interface_1.MFAMethodEnum.EMAIL);
+        }
+        if (this.mfaConfig.methods?.includes(mfa_options_interface_1.MFAMethodEnum.SMS)) {
+            enableMethod.push(mfa_options_interface_1.MFAMethodEnum.SMS);
+        }
+        const totpDevice = await this.mfaSecretRepository.findOne({
+            where: {
+                userId,
+            },
+        });
+        if (totpDevice) {
+            enableMethod.push(mfa_options_interface_1.MFAMethodEnum.TOTP);
+        }
+        return enableMethod;
+    }
+    async sendMfaCode(userId, method) {
+        this.checkIsMfaEnabledForApp(true);
+        const code = (0, otp_1.generateOtp)(this.mfaConfig.otpLength);
+        const expiresAt = (0, ms_1.default)(this.mfaConfig.otpExpiresIn);
+        const otp = await this.otpRepository.create({
+            userId,
+            type: otp_entity_1.OTPTypeEnum.MFA,
+            expiresAt: new Date(Date.now() + expiresAt),
+            code,
+        });
+        await this.otpRepository.save(otp);
+        if (method === mfa_options_interface_1.MFAMethodEnum.EMAIL) {
+        }
+        else if (method === mfa_options_interface_1.MFAMethodEnum.SMS) {
+        }
+        return true;
+    }
+    async verifyMfa(userId, inputOtp, method) {
+        this.checkIsMfaEnabledForApp(true);
+        if (method === mfa_options_interface_1.MFAMethodEnum.TOTP) {
+            const devices = await this.mfaSecretRepository.find({
+                where: { userId, verified: true }
+            });
+            for (const device of devices) {
+                const isValid = speakeasy.totp.verify({
+                    secret: device.secret,
+                    encoding: 'base32',
+                    token: inputOtp,
+                    window: 1
+                });
+                if (isValid) {
+                    await this.mfaSecretRepository.update({ id: device.id }, { lastUsedAt: new Date() });
+                    return true;
+                }
+            }
+            return false;
+        }
+        if (method === mfa_options_interface_1.MFAMethodEnum.EMAIL || method === mfa_options_interface_1.MFAMethodEnum.SMS) {
+            const otp = await this.otpRepository.findOne({
+                where: {
+                    userId,
+                    type: otp_entity_1.OTPTypeEnum.MFA,
+                    used: false,
+                    expiresAt: (0, typeorm_2.MoreThan)(new Date()),
+                    code: inputOtp
+                }
+            });
+            if (!otp) {
+                return false;
+            }
+            await this.otpRepository.delete(otp.id);
+            return true;
+        }
+        return false;
+    }
+    async setupTotpDevice(userId, deviceName) {
+        this.checkIsMfaEnabledForApp(true);
+        const user = await this.userRepository.findOne({ where: { id: userId } });
+        if (!user) {
+            throw new Error('User not found');
+        }
+        const secret = speakeasy.generateSecret();
+        await this.mfaSecretRepository.save({
+            userId,
+            secret: secret.base32,
+            deviceName: deviceName || 'Authenticator',
+            verified: false
+        });
+        const qrCode = await qrcode.toDataURL(secret.otpauth_url);
+        return { secret: secret.base32, qrCode };
+    }
+    async verifyTotpSetup(userId, secret, inputOtp) {
+        this.checkIsMfaEnabledForApp(true);
+        const device = await this.mfaSecretRepository.findOne({
+            where: { userId, secret }
+        });
+        if (device) {
+            if (device.verified) {
+                return true;
+            }
+            const isValid = speakeasy.totp.verify({
+                secret: device.secret,
+                encoding: 'base32',
+                token: inputOtp,
+                window: 1
+            });
+            if (isValid) {
+                await this.mfaSecretRepository.update({ id: device.id }, { verified: true });
+                return true;
+            }
+        }
+        return false;
+    }
+    async getTotpDevices(userId) {
+        this.checkIsMfaEnabledForApp(true);
+        const devices = await this.mfaSecretRepository.find({
+            select: ['id', 'deviceName', 'lastUsedAt', 'verified'],
+            where: { userId },
+            order: { lastUsedAt: 'DESC' }
+        });
+        return devices.map(device => ({
+            id: device.id,
+            deviceName: device.deviceName,
+            lastUsedAt: device.lastUsedAt,
+            verified: device.verified,
+        }));
+    }
+    async removeDevice(deviceId) {
+        this.checkIsMfaEnabledForApp(true);
+        await this.mfaSecretRepository.delete({ id: deviceId });
+    }
+    async isRequiresMfa(userId) {
+        if (!this.mfaConfig.enabled) {
+            return false;
+        }
+        if (this.mfaConfig.required) {
+            return true;
+        }
+        const user = await this.userRepository.findOne({
+            select: ['id', 'isMfaEnabled'],
+            where: { id: userId },
+        });
+        return !!user?.isMfaEnabled;
+    }
+    async isMfaEnabled(userId) {
+        if (this.mfaConfig.enabled) {
+            const user = await this.userRepository.findOne({
+                select: ['id', 'isMfaEnabled'],
+                where: { id: userId },
+            });
+            return !!user?.isMfaEnabled;
+        }
+        return false;
+    }
+    async markAsVerified(userId, deviceId) {
+        this.checkIsMfaEnabledForApp(true);
+        await this.mfaSecretRepository.update({ id: deviceId, userId }, { verified: true });
+    }
+    async enableMFA(userId) {
+        this.checkIsMfaEnabledForApp(true);
+        if (!this.mfaConfig.allowUserToggle) {
+            throw new Error('MFA toggling is not allowed');
+        }
+        await this.userRepository.update(userId, { isMfaEnabled: true });
+    }
+    async disableMFA(userId) {
+        this.checkIsMfaEnabledForApp(true);
+        if (!this.mfaConfig.allowUserToggle) {
+            throw new Error('MFA toggling is not allowed');
+        }
+        await this.userRepository.update(userId, { isMfaEnabled: false });
+    }
+    async removeTotpDevice(deviceId) {
+        this.checkIsMfaEnabledForApp(true);
+        await this.mfaSecretRepository.delete({ id: deviceId });
+    }
+    async generateRecoveryCode(userId) {
+        this.checkIsMfaEnabledForApp(true);
+        const secret = speakeasy.generateSecret({
+            name: `NestAuth:${userId}`,
+        });
+        await this.userRepository.update(userId, { mfaRecoveryCode: secret.base32 });
+        return secret.base32;
+    }
+    async resetMfa(userId, code) {
+        this.checkIsMfaEnabledForApp(true);
+        const user = await this.userRepository.findOne({ where: { id: userId } });
+        if (!user) {
+            throw new common_1.UnauthorizedException({
+                message: 'User not found',
+                code: auth_constants_1.USER_NOT_FOUND_EXCEPTION_CODE
+            });
+        }
+        if (user.mfaRecoveryCode === code) {
+            await this.userRepository.update(userId, { mfaRecoveryCode: null });
+            await this.mfaSecretRepository.delete({ userId });
+            return {
+                message: 'Recovery code verified',
+            };
+        }
+        throw new common_1.UnauthorizedException({
+            message: 'Invalid recovery code',
+            code: auth_constants_1.INVALID_MFA_EXCEPTION_CODE
+        });
+    }
+};
+exports.MfaService = MfaService;
+exports.MfaService = MfaService = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__param(0, (0, typeorm_1.InjectRepository)(mfa_secret_entity_1.MFASecret)),
+    tslib_1.__param(1, (0, typeorm_1.InjectRepository)(user_entity_1.User)),
+    tslib_1.__param(2, (0, typeorm_1.InjectRepository)(otp_entity_1.OTP)),
+    tslib_1.__param(3, (0, common_1.Inject)(auth_constants_1.AUTH_MODULE_OPTIONS)),
+    tslib_1.__metadata("design:paramtypes", [typeorm_2.Repository,
+        typeorm_2.Repository,
+        typeorm_2.Repository, Object])
+], MfaService);
+//# sourceMappingURL=mfa.service.js.map

package/src/lib/services/mfa.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mfa.service.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/services/mfa.service.ts"],"names":[],"mappings":";;;;AAAA,2CAA+F;AAC/F,6CAAmD;AACnD,qCAA6D;AAC7D,qEAA0D;AAC1D,6DAAuC;AACvC,uDAAiC;AACjC,+EAAgF;AAChF,sDAAmH;AAEnH,yDAA+C;AAC/C,uDAA0D;AAC1D,sCAA2C;AAC3C,oDAAoB;AAIb,IAAM,UAAU,GAAhB,MAAM,UAAU;IAInB,YAEY,mBAA0C,EAG1C,cAAgC,EAGhC,aAA8B,EAGrB,OAA0B;QATnC,wBAAmB,GAAnB,mBAAmB,CAAuB;QAG1C,mBAAc,GAAd,cAAc,CAAkB;QAGhC,kBAAa,GAAb,aAAa,CAAiB;QAGrB,YAAO,GAAP,OAAO,CAAmB;QAI3C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IACtC,CAAC;IAED,uBAAuB,CAAC,aAAsB,IAAI;QAC9C,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YAC1B,IAAI,UAAU,EAAE,CAAC;gBACb,MAAM,IAAI,2BAAkB,CAAC,wCAAwC,CAAC,CAAC;YAC3E,CAAC;YACD,OAAO,KAAK,CAAC;QACjB,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,MAAc;QAElC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QACjD,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,OAAO,EAAE,CAAC;QACd,CAAC;QAED,MAAM,YAAY,GAAG,EAAE,CAAA;QAEvB,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,QAAQ,CAAC,qCAAa,CAAC,KAAK,CAAC,EAAE,CAAC;YACxD,YAAY,CAAC,IAAI,CAAC,qCAAa,CAAC,KAAK,CAAC,CAAA;QAC1C,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,QAAQ,CAAC,qCAAa,CAAC,GAAG,CAAC,EAAE,CAAC;YACtD,YAAY,CAAC,IAAI,CAAC,qCAAa,CAAC,GAAG,CAAC,CAAA;QACxC,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC;YACtD,KAAK,EAAE;gBACH,MAAM;aACT;SACJ,CAAC,CAAC;QAEH,IAAI,UAAU,EAAE,CAAC;YACb,YAAY,CAAC,IAAI,CAAC,qCAAa,CAAC,IAAI,CAAC,CAAA;QACzC,CAAC;QAED,OAAO,YAAY,CAAC;IACxB,CAAC;IAGD,KAAK,CAAC,WAAW,CAAC,MAAc,EAAE,MAAqB;QAEnD,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,IAAI,GAAG,IAAA,iBAAW,EAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAEnD,MAAM,SAAS,GAAG,IAAA,YAAE,EAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;QAEjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC;YACxC,MAAM;YACN,IAAI,EAAE,wBAAW,CAAC,GAAG;YACrB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAC3C,IAAI;SACP,CAAC,CAAA;QACF,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEnC,IAAI,MAAM,KAAK,qCAAa,CAAC,KAAK,EAAE,CAAC;QAErC,CAAC;aAAM,IAAI,MAAM,KAAK,qCAAa,CAAC,GAAG,EAAE,CAAC;QAE1C,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAAc,EAAE,QAAgB,EAAE,MAAqB;QAEnE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,IAAI,MAAM,KAAK,qCAAa,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;gBAChD,KAAK,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;aACpC,CAAC,CAAC;YAEH,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC3B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;oBAClC,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,QAAQ,EAAE,QAAQ;oBAClB,KAAK,EAAE,QAAQ;oBACf,MAAM,EAAE,CAAC;iBACZ,CAAC,CAAC;gBAEH,IAAI,OAAO,EAAE,CAAC;oBAEV,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CACjC,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,EACjB,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,CAC7B,CAAC;oBACF,OAAO,IAAI,CAAC;gBAChB,CAAC;YACL,CAAC;YACD,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,MAAM,KAAK,qCAAa,CAAC,KAAK,IAAI,MAAM,KAAK,qCAAa,CAAC,GAAG,EAAE,CAAC;YACjE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;gBACzC,KAAK,EAAE;oBACH,MAAM;oBACN,IAAI,EAAE,wBAAW,CAAC,GAAG;oBACrB,IAAI,EAAE,KAAK;oBACX,SAAS,EAAE,IAAA,kBAAQ,EAAC,IAAI,IAAI,EAAE,CAAC;oBAC/B,IAAI,EAAE,QAAQ;iBACjB;aACJ,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,EAAE,CAAC;gBACP,OAAO,KAAK,CAAC;YACjB,CAAC;YACD,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACxC,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;IAGD,KAAK,CAAC,eAAe,CAAC,MAAc,EAAE,UAAmB;QACrD,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAC1E,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACtC,CAAC;QAED,MAAM,MAAM,GAAG,SAAS,CAAC,cAAc,EAAE,CAAC;QAE1C,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YAChC,MAAM;YACN,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,UAAU,EAAE,UAAU,IAAI,eAAe;YACzC,QAAQ,EAAE,KAAK;SAClB,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC1D,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,MAAc,EAAE,MAAc,EAAE,QAAgB;QAElE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC;YAClD,KAAK,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;SAC5B,CAAC,CAAC;QAEH,IAAI,MAAM,EAAE,CAAC;YACT,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAClB,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;gBAClC,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,QAAQ;gBACf,MAAM,EAAE,CAAC;aACZ,CAAC,CAAC;YAEH,IAAI,OAAO,EAAE,CAAC;gBACV,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC7E,OAAO,IAAI,CAAC;YAChB,CAAC;QACL,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc;QAC/B,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YAChD,MAAM,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,CAAC;YACtD,KAAK,EAAE,EAAE,MAAM,EAAE;YACjB,KAAK,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE;SAChC,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC1B,EAAE,EAAE,MAAM,CAAC,EAAE;YACb,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC5B,CAAC,CAAC,CAAC;IACR,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB;QAC/B,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,MAAc;QAC9B,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YAC1B,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC3C,MAAM,EAAE,CAAC,IAAI,EAAE,cAAc,CAAC;YAC9B,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;SACxB,CAAC,CAAC;QACH,OAAO,CAAC,CAAC,IAAI,EAAE,YAAY,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAAc;QAC7B,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;gBAC3C,MAAM,EAAE,CAAC,IAAI,EAAE,cAAc,CAAC;gBAC9B,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;aACxB,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,IAAI,EAAE,YAAY,CAAC;QAChC,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,QAAgB;QACjD,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAClC,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CACjC,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,EACxB,EAAE,QAAQ,EAAE,IAAI,EAAE,CACrB,CAAC;IACN,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAAc;QAC1B,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAc;QAC3B,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAEnC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,QAAgB;QACnC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,MAAc;QACrC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,MAAM,GAAG,SAAS,CAAC,cAAc,CAAC;YACpC,IAAI,EAAE,YAAY,MAAM,EAAE;SAC7B,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7E,OAAO,MAAM,CAAC,MAAM,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAc,EAAE,IAAY;QAEvC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAC1E,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,gBAAgB;gBACzB,IAAI,EAAE,8CAA6B;aACtC,CAAC,CAAC;QACP,CAAC;QACD,IAAI,IAAI,CAAC,eAAe,KAAK,IAAI,EAAE,CAAC;YAEhC,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;YAGpE,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YAElD,OAAO;gBACH,OAAO,EAAE,wBAAwB;aACpC,CAAC;QACN,CAAC;QAED,MAAM,IAAI,8BAAqB,CAAC;YAC5B,OAAO,EAAE,uBAAuB;YAChC,IAAI,EAAE,2CAA0B;SACnC,CAAC,CAAC;IACP,CAAC;CACJ,CAAA;AAvTY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;IAMJ,mBAAA,IAAA,0BAAgB,EAAC,6BAAS,CAAC,CAAA;IAG3B,mBAAA,IAAA,0BAAgB,EAAC,kBAAI,CAAC,CAAA;IAGtB,mBAAA,IAAA,0BAAgB,EAAC,gBAAG,CAAC,CAAA;IAGrB,mBAAA,IAAA,eAAM,EAAC,oCAAmB,CAAC,CAAA;6CARC,oBAAU;QAGf,oBAAU;QAGX,oBAAU;GAZ5B,UAAU,CAuTtB"}

package/src/lib/services/session/base-session.service.d.ts

@@ -0,0 +1,23 @@
+import { AuthModuleOptions } from '../../interfaces/auth-module-options.interface';
+import { SessionOptions } from '../../interfaces/session-options.interface';
+import { SessionPayload } from '../../interfaces/token-payload.interface';
+import { User } from '../../entities/user.entity';
+export declare abstract class BaseSessionService {
+    protected readonly authModuleOptions: AuthModuleOptions;
+    protected readonly sessionOptions: SessionOptions;
+    constructor(authModuleOptions: AuthModuleOptions);
+    getSessionOptions(): SessionOptions;
+    createSessionFromUser(user: User, extraData?: {
+        isMfaVerified?: boolean;
+    }): Promise<SessionPayload>;
+    createSessionFromSession(session: SessionPayload): Promise<SessionPayload>;
+    abstract createSession(session: SessionPayload): Promise<SessionPayload>;
+    abstract getSession(sessionId: string): Promise<SessionPayload | null>;
+    abstract getUserSessions(userId: string): Promise<SessionPayload[]>;
+    abstract getCurrentSessions(userId: string): Promise<SessionPayload[]>;
+    abstract updateSession(sessionId: string, updates: Partial<SessionPayload>): Promise<SessionPayload>;
+    abstract deleteSession(sessionId: string): Promise<void>;
+    abstract deleteUserSessions(userId: string): Promise<void>;
+    abstract revokeSession(sessionId: string): Promise<void>;
+    abstract revokeUserSessions(userId: string): Promise<void>;
+}

package/src/lib/services/session/base-session.service.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BaseSessionService = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const auth_constants_1 = require("../../auth.constants");
+const common_2 = require("@nestjs/common");
+const session_options_interface_1 = require("../../interfaces/session-options.interface");
+const request_context_1 = require("../../request-context/request-context");
+const ms_1 = tslib_1.__importDefault(require("ms"));
+const lodash_1 = require("lodash");
+let BaseSessionService = class BaseSessionService {
+    constructor(authModuleOptions) {
+        this.authModuleOptions = authModuleOptions;
+        const defaultSessionOptions = {
+            sessionExpiry: 7 * 24 * 60 * 60 * 1000,
+            refreshTokenExpiry: 15 * 60 * 1000,
+            storageType: session_options_interface_1.SessionStorageType.DATABASE,
+        };
+        this.sessionOptions = Object.assign({}, defaultSessionOptions, this.authModuleOptions.session);
+    }
+    getSessionOptions() {
+        return this.sessionOptions;
+    }
+    createSessionFromUser(user, extraData = {}) {
+        const { deviceName, ipAddress, browser } = request_context_1.RequestContext.getDeviceInfo();
+        const { isMfaVerified = false } = extraData;
+        if (!user) {
+            throw new common_1.UnauthorizedException('User not found');
+        }
+        const expiresAt = new Date(Date.now() + (0, ms_1.default)(this.authModuleOptions.session.sessionExpiry));
+        const session = {
+            userId: user.id,
+            data: {
+                user,
+                isMfaVerified: isMfaVerified,
+                roles: user.getRoles(),
+                permissions: user.getPermissions(),
+            },
+            userAgent: [browser, deviceName].join(' - '),
+            ipAddress,
+            deviceName,
+            expiresAt,
+            lastActive: new Date(),
+            createdAt: new Date(),
+            updatedAt: new Date(),
+        };
+        return this.createSession(session);
+    }
+    createSessionFromSession(session) {
+        const newSession = {
+            ...(0, lodash_1.omit)(session, 'id'),
+            expiresAt: new Date(Date.now() + (0, ms_1.default)(this.authModuleOptions.session.sessionExpiry)),
+        };
+        return this.createSession(newSession);
+    }
+};
+exports.BaseSessionService = BaseSessionService;
+exports.BaseSessionService = BaseSessionService = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__param(0, (0, common_2.Inject)(auth_constants_1.AUTH_MODULE_OPTIONS)),
+    tslib_1.__metadata("design:paramtypes", [Object])
+], BaseSessionService);
+//# sourceMappingURL=base-session.service.js.map

package/src/lib/services/session/base-session.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-session.service.js","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/services/session/base-session.service.ts"],"names":[],"mappings":";;;;AAAA,2CAAmE;AAEnE,yDAA2D;AAC3D,2CAAwC;AACxC,0FAAgG;AAGhG,2EAAuE;AACvE,oDAAoB;AACpB,mCAA8B;AAGvB,IAAe,kBAAkB,GAAjC,MAAe,kBAAkB;IAGpC,YAEuB,iBAAoC;QAApC,sBAAiB,GAAjB,iBAAiB,CAAmB;QAEvD,MAAM,qBAAqB,GAAmB;YAC1C,aAAa,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;YACtC,kBAAkB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;YAClC,WAAW,EAAE,8CAAkB,CAAC,QAAQ;SAC3C,CAAC;QACF,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,qBAAqB,EAAE,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACnG,CAAC;IAED,iBAAiB;QACb,OAAO,IAAI,CAAC,cAAc,CAAC;IAC/B,CAAC;IAED,qBAAqB,CAAC,IAAU,EAAE,YAAyC,EAAE;QACzE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,gCAAc,CAAC,aAAa,EAAE,CAAC;QAC1E,MAAM,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,SAAS,CAAC;QAE5C,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,8BAAqB,CAAC,gBAAgB,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAA,YAAE,EAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC;QAG1F,MAAM,OAAO,GAAmB;YAC5B,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,IAAI,EAAE;gBACF,IAAI;gBACJ,aAAa,EAAE,aAAa;gBAC5B,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;gBACtB,WAAW,EAAE,IAAI,CAAC,cAAc,EAAE;aACrC;YACD,SAAS,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;YAC5C,SAAS;YACT,UAAU;YACV,SAAS;YACT,UAAU,EAAE,IAAI,IAAI,EAAE;YACtB,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,SAAS,EAAE,IAAI,IAAI,EAAE;SACxB,CAAC;QAEF,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,wBAAwB,CAAC,OAAuB;QAC5C,MAAM,UAAU,GAAmB;YAC/B,GAAG,IAAA,aAAI,EAAC,OAAO,EAAE,IAAI,CAAC;YACtB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAA,YAAE,EAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;SACrF,CAAC;QAEF,OAAO,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC;CAWJ,CAAA;AApEqB,gDAAkB;6BAAlB,kBAAkB;IADvC,IAAA,mBAAU,GAAE;IAKJ,mBAAA,IAAA,eAAM,EAAC,oCAAmB,CAAC,CAAA;;GAJd,kBAAkB,CAoEvC"}

package/src/lib/services/session/database-session.service.d.ts

@@ -0,0 +1,19 @@
+import { Repository } from 'typeorm';
+import { Session } from '../../entities/session.entity';
+import { BaseSessionService } from './base-session.service';
+import { AuthModuleOptions } from '../../interfaces/auth-module-options.interface';
+import { SessionPayload } from '../../interfaces/token-payload.interface';
+export declare class DatabaseSessionService extends BaseSessionService {
+    readonly authModuleOptions: AuthModuleOptions;
+    private readonly sessionRepository;
+    constructor(authModuleOptions: AuthModuleOptions, sessionRepository: Repository<Session>);
+    createSession(session: SessionPayload): Promise<Session>;
+    getSession(sessionId: string): Promise<Session | null>;
+    getUserSessions(userId: string): Promise<Session[]>;
+    getCurrentSessions(userId: string): Promise<Session[]>;
+    updateSession(sessionId: string, updates: Partial<Session>): Promise<Session>;
+    deleteSession(sessionId: string): Promise<void>;
+    deleteUserSessions(userId: string): Promise<void>;
+    revokeSession(sessionId: string): Promise<void>;
+    revokeUserSessions(userId: string): Promise<void>;
+}

package/src/lib/services/session/database-session.service.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DatabaseSessionService = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const typeorm_1 = require("@nestjs/typeorm");
+const typeorm_2 = require("typeorm");
+const session_entity_1 = require("../../entities/session.entity");
+const base_session_service_1 = require("./base-session.service");
+const auth_constants_1 = require("../../auth.constants");
+const common_2 = require("@nestjs/common");
+let DatabaseSessionService = class DatabaseSessionService extends base_session_service_1.BaseSessionService {
+    constructor(authModuleOptions, sessionRepository) {
+        super(authModuleOptions);
+        this.authModuleOptions = authModuleOptions;
+        this.sessionRepository = sessionRepository;
+    }
+    async createSession(session) {
+        const sessionEntity = await this.sessionRepository.save(session);
+        return sessionEntity;
+    }
+    async getSession(sessionId) {
+        return this.sessionRepository.findOne({ where: { id: sessionId } });
+    }
+    async getUserSessions(userId) {
+        return this.sessionRepository.find({ where: { userId } });
+    }
+    async getCurrentSessions(userId) {
+        return this.sessionRepository.find({ where: { userId, expiresAt: (0, typeorm_2.MoreThan)(new Date()) } });
+    }
+    async updateSession(sessionId, updates) {
+        await this.sessionRepository.update(sessionId, updates);
+        return this.getSession(sessionId);
+    }
+    async deleteSession(sessionId) {
+        await this.sessionRepository.delete(sessionId);
+    }
+    async deleteUserSessions(userId) {
+        await this.sessionRepository.delete({ userId });
+    }
+    async revokeSession(sessionId) {
+        await this.sessionRepository.delete(sessionId);
+    }
+    async revokeUserSessions(userId) {
+        await this.sessionRepository.delete({ userId });
+    }
+};
+exports.DatabaseSessionService = DatabaseSessionService;
+exports.DatabaseSessionService = DatabaseSessionService = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__param(0, (0, common_2.Inject)(auth_constants_1.AUTH_MODULE_OPTIONS)),
+    tslib_1.__param(1, (0, typeorm_1.InjectRepository)(session_entity_1.Session)),
+    tslib_1.__metadata("design:paramtypes", [Object, typeorm_2.Repository])
+], DatabaseSessionService);
+//# sourceMappingURL=database-session.service.js.map

package/src/lib/services/session/database-session.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"database-session.service.js","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/services/session/database-session.service.ts"],"names":[],"mappings":";;;;AAAA,2CAA4C;AAC5C,6CAAmD;AACnD,qCAA+C;AAC/C,kEAAwD;AACxD,iEAA4D;AAE5D,yDAA2D;AAC3D,2CAAwC;AAKjC,IAAM,sBAAsB,GAA5B,MAAM,sBAAuB,SAAQ,yCAAkB;IAC1D,YAEsB,iBAAoC,EAGrC,iBAAsC;QAEvD,KAAK,CAAC,iBAAiB,CAAC,CAAC;QALP,sBAAiB,GAAjB,iBAAiB,CAAmB;QAGrC,sBAAiB,GAAjB,iBAAiB,CAAqB;IAG3D,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAuB;QACvC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjE,OAAO,aAAa,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,SAAiB;QAC9B,OAAO,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,MAAc;QAChC,OAAO,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,MAAc;QACnC,OAAO,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,IAAA,kBAAQ,EAAC,IAAI,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/F,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,OAAyB;QAC5D,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,SAAiB;QACjC,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,MAAc;QACnC,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,SAAiB;QACjC,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,MAAc;QACnC,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IACpD,CAAC;CACJ,CAAA;AAhDY,wDAAsB;iCAAtB,sBAAsB;IADlC,IAAA,mBAAU,GAAE;IAGJ,mBAAA,IAAA,eAAM,EAAC,oCAAmB,CAAC,CAAA;IAG3B,mBAAA,IAAA,0BAAgB,EAAC,wBAAO,CAAC,CAAA;qDACU,oBAAU;GANzC,sBAAsB,CAgDlC"}