@ackplus/nest-auth 0.0.38 → 0.0.40

package/src/lib/auth/services/mfa.service.js

@@ -0,0 +1,255 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MfaService = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const typeorm_1 = require("@nestjs/typeorm");
+const typeorm_2 = require("typeorm");
+const mfa_secret_entity_1 = require("../../auth/entities/mfa-secret.entity");
+const speakeasy_1 = tslib_1.__importDefault(require("speakeasy"));
+const qrcode_1 = tslib_1.__importDefault(require("qrcode"));
+const mfa_options_interface_1 = require("../../core/interfaces/mfa-options.interface");
+const auth_constants_1 = require("../../auth.constants");
+const user_entity_1 = require("../../user/entities/user.entity");
+const otp_entity_1 = require("../../auth/entities/otp.entity");
+const otp_interface_1 = require("../../core/interfaces/otp.interface");
+const otp_1 = require("../../utils/otp");
+const ms_1 = tslib_1.__importDefault(require("ms"));
+let MfaService = class MfaService {
+    constructor(mfaSecretRepository, userRepository, otpRepository, options) {
+        this.mfaSecretRepository = mfaSecretRepository;
+        this.userRepository = userRepository;
+        this.otpRepository = otpRepository;
+        this.options = options;
+        this.mfaConfig = this.options.mfa;
+    }
+    checkIsMfaEnabledForApp(throwError = true) {
+        if (!this.mfaConfig.enabled) {
+            if (throwError) {
+                throw new common_1.ForbiddenException('MFA is not enabled for the application');
+            }
+            return false;
+        }
+        return true;
+    }
+    async getEnabledMethods(userId) {
+        this.checkIsMfaEnabledForApp(true);
+        const isEnabled = await this.isMfaEnabled(userId);
+        if (!isEnabled) {
+            return [];
+        }
+        const enableMethod = [];
+        if (this.mfaConfig.methods?.includes(mfa_options_interface_1.MFAMethodEnum.EMAIL)) {
+            enableMethod.push(mfa_options_interface_1.MFAMethodEnum.EMAIL);
+        }
+        if (this.mfaConfig.methods?.includes(mfa_options_interface_1.MFAMethodEnum.SMS)) {
+            enableMethod.push(mfa_options_interface_1.MFAMethodEnum.SMS);
+        }
+        const totpDevice = await this.mfaSecretRepository.findOne({
+            where: {
+                userId,
+            },
+        });
+        if (totpDevice) {
+            enableMethod.push(mfa_options_interface_1.MFAMethodEnum.TOTP);
+        }
+        return enableMethod;
+    }
+    async sendMfaCode(userId, method) {
+        this.checkIsMfaEnabledForApp(true);
+        const code = (0, otp_1.generateOtp)(this.mfaConfig.otpLength);
+        const expiresAt = (0, ms_1.default)(this.mfaConfig.otpExpiresIn);
+        const otp = await this.otpRepository.create({
+            userId,
+            type: otp_interface_1.OTPTypeEnum.MFA,
+            expiresAt: new Date(Date.now() + expiresAt),
+            code,
+        });
+        await this.otpRepository.save(otp);
+        if (method === mfa_options_interface_1.MFAMethodEnum.EMAIL) {
+        }
+        else if (method === mfa_options_interface_1.MFAMethodEnum.SMS) {
+        }
+        return true;
+    }
+    async verifyMfa(userId, inputOtp, method) {
+        this.checkIsMfaEnabledForApp(true);
+        if (method === mfa_options_interface_1.MFAMethodEnum.TOTP) {
+            const devices = await this.mfaSecretRepository.find({
+                where: { userId, verified: true }
+            });
+            for (const device of devices) {
+                const isValid = speakeasy_1.default.totp.verify({
+                    secret: device.secret,
+                    encoding: 'base32',
+                    token: inputOtp,
+                    window: 1
+                });
+                if (isValid) {
+                    await this.mfaSecretRepository.update({ id: device.id }, { lastUsedAt: new Date() });
+                    return true;
+                }
+            }
+            return false;
+        }
+        if (method === mfa_options_interface_1.MFAMethodEnum.EMAIL || method === mfa_options_interface_1.MFAMethodEnum.SMS) {
+            const otp = await this.otpRepository.findOne({
+                where: {
+                    userId,
+                    type: otp_interface_1.OTPTypeEnum.MFA,
+                    used: false,
+                    expiresAt: (0, typeorm_2.MoreThan)(new Date()),
+                    code: inputOtp
+                }
+            });
+            if (!otp) {
+                return false;
+            }
+            await this.otpRepository.delete(otp.id);
+            return true;
+        }
+        return false;
+    }
+    async setupTotpDevice(userId, deviceName) {
+        this.checkIsMfaEnabledForApp(true);
+        const user = await this.userRepository.findOne({ where: { id: userId } });
+        if (!user) {
+            throw new Error('User not found');
+        }
+        const secret = speakeasy_1.default.generateSecret();
+        await this.mfaSecretRepository.save({
+            userId,
+            secret: secret.base32,
+            deviceName: deviceName || 'Authenticator',
+            verified: false
+        });
+        const qrCode = await qrcode_1.default.toDataURL(secret.otpauth_url);
+        return { secret: secret.base32, qrCode };
+    }
+    async verifyTotpSetup(userId, secret, inputOtp) {
+        this.checkIsMfaEnabledForApp(true);
+        const device = await this.mfaSecretRepository.findOne({
+            where: { userId, secret }
+        });
+        if (device) {
+            if (device.verified) {
+                return true;
+            }
+            const isValid = speakeasy_1.default.totp.verify({
+                secret: device.secret,
+                encoding: 'base32',
+                token: inputOtp,
+                window: 1
+            });
+            if (isValid) {
+                await this.mfaSecretRepository.update({ id: device.id }, { verified: true });
+                return true;
+            }
+        }
+        return false;
+    }
+    async getTotpDevices(userId) {
+        this.checkIsMfaEnabledForApp(true);
+        const devices = await this.mfaSecretRepository.find({
+            select: ['id', 'deviceName', 'lastUsedAt', 'verified'],
+            where: { userId },
+            order: { lastUsedAt: 'DESC' }
+        });
+        return devices.map(device => ({
+            id: device.id,
+            deviceName: device.deviceName,
+            lastUsedAt: device.lastUsedAt,
+            verified: device.verified,
+        }));
+    }
+    async removeDevice(deviceId) {
+        this.checkIsMfaEnabledForApp(true);
+        await this.mfaSecretRepository.delete({ id: deviceId });
+    }
+    async isRequiresMfa(userId) {
+        if (!this.mfaConfig.enabled) {
+            return false;
+        }
+        if (this.mfaConfig.required) {
+            return true;
+        }
+        const user = await this.userRepository.findOne({
+            select: ['id', 'isMfaEnabled'],
+            where: { id: userId },
+        });
+        return !!user?.isMfaEnabled;
+    }
+    async isMfaEnabled(userId) {
+        if (this.mfaConfig.enabled) {
+            const user = await this.userRepository.findOne({
+                select: ['id', 'isMfaEnabled'],
+                where: { id: userId },
+            });
+            return !!user?.isMfaEnabled;
+        }
+        return false;
+    }
+    async markAsVerified(userId, deviceId) {
+        this.checkIsMfaEnabledForApp(true);
+        await this.mfaSecretRepository.update({ id: deviceId, userId }, { verified: true });
+    }
+    async enableMFA(userId) {
+        this.checkIsMfaEnabledForApp(true);
+        if (!this.mfaConfig.allowUserToggle) {
+            throw new Error('MFA toggling is not allowed');
+        }
+        await this.userRepository.update(userId, { isMfaEnabled: true });
+    }
+    async disableMFA(userId) {
+        this.checkIsMfaEnabledForApp(true);
+        if (!this.mfaConfig.allowUserToggle) {
+            throw new Error('MFA toggling is not allowed');
+        }
+        await this.userRepository.update(userId, { isMfaEnabled: false });
+    }
+    async removeTotpDevice(deviceId) {
+        this.checkIsMfaEnabledForApp(true);
+        await this.mfaSecretRepository.delete({ id: deviceId });
+    }
+    async generateRecoveryCode(userId) {
+        this.checkIsMfaEnabledForApp(true);
+        const secret = speakeasy_1.default.generateSecret({
+            name: `NestAuth:${userId}`,
+        });
+        await this.userRepository.update(userId, { mfaRecoveryCode: secret.base32 });
+        return secret.base32;
+    }
+    async resetMfa(userId, code) {
+        this.checkIsMfaEnabledForApp(true);
+        const user = await this.userRepository.findOne({ where: { id: userId } });
+        if (!user) {
+            throw new common_1.UnauthorizedException({
+                message: 'User not found',
+                code: auth_constants_1.USER_NOT_FOUND_EXCEPTION_CODE
+            });
+        }
+        if (user.mfaRecoveryCode === code) {
+            await this.userRepository.update(userId, { mfaRecoveryCode: null });
+            await this.mfaSecretRepository.delete({ userId });
+            return {
+                message: 'Recovery code verified',
+            };
+        }
+        throw new common_1.UnauthorizedException({
+            message: 'Invalid recovery code',
+            code: auth_constants_1.INVALID_MFA_EXCEPTION_CODE
+        });
+    }
+};
+exports.MfaService = MfaService;
+exports.MfaService = MfaService = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__param(0, (0, typeorm_1.InjectRepository)(mfa_secret_entity_1.MFASecret)),
+    tslib_1.__param(1, (0, typeorm_1.InjectRepository)(user_entity_1.User)),
+    tslib_1.__param(2, (0, typeorm_1.InjectRepository)(otp_entity_1.OTP)),
+    tslib_1.__param(3, (0, common_1.Inject)(auth_constants_1.AUTH_MODULE_OPTIONS)),
+    tslib_1.__metadata("design:paramtypes", [typeorm_2.Repository,
+        typeorm_2.Repository,
+        typeorm_2.Repository, Object])
+], MfaService);
+//# sourceMappingURL=mfa.service.js.map

package/src/lib/auth/services/mfa.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mfa.service.js","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/services/mfa.service.ts"],"names":[],"mappings":";;;;AAAA,2CAA+F;AAC/F,6CAAmD;AACnD,qCAA+C;AAC/C,6EAAkE;AAClE,kEAAkC;AAClC,4DAA4B;AAC5B,uFAAwF;AACxF,yDAAsH;AAEtH,iEAAuD;AACvD,+DAAqD;AACrD,uEAAkE;AAClE,yCAA8C;AAC9C,oDAAoB;AAIb,IAAM,UAAU,GAAhB,MAAM,UAAU;IAInB,YAEY,mBAA0C,EAG1C,cAAgC,EAGhC,aAA8B,EAGrB,OAA0B;QATnC,wBAAmB,GAAnB,mBAAmB,CAAuB;QAG1C,mBAAc,GAAd,cAAc,CAAkB;QAGhC,kBAAa,GAAb,aAAa,CAAiB;QAGrB,YAAO,GAAP,OAAO,CAAmB;QAI3C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IACtC,CAAC;IAED,uBAAuB,CAAC,aAAsB,IAAI;QAC9C,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YAC1B,IAAI,UAAU,EAAE,CAAC;gBACb,MAAM,IAAI,2BAAkB,CAAC,wCAAwC,CAAC,CAAC;YAC3E,CAAC;YACD,OAAO,KAAK,CAAC;QACjB,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,MAAc;QAElC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QACjD,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,OAAO,EAAE,CAAC;QACd,CAAC;QAED,MAAM,YAAY,GAAG,EAAE,CAAA;QAEvB,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,QAAQ,CAAC,qCAAa,CAAC,KAAK,CAAC,EAAE,CAAC;YACxD,YAAY,CAAC,IAAI,CAAC,qCAAa,CAAC,KAAK,CAAC,CAAA;QAC1C,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,QAAQ,CAAC,qCAAa,CAAC,GAAG,CAAC,EAAE,CAAC;YACtD,YAAY,CAAC,IAAI,CAAC,qCAAa,CAAC,GAAG,CAAC,CAAA;QACxC,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC;YACtD,KAAK,EAAE;gBACH,MAAM;aACT;SACJ,CAAC,CAAC;QAEH,IAAI,UAAU,EAAE,CAAC;YACb,YAAY,CAAC,IAAI,CAAC,qCAAa,CAAC,IAAI,CAAC,CAAA;QACzC,CAAC;QAED,OAAO,YAAY,CAAC;IACxB,CAAC;IAGD,KAAK,CAAC,WAAW,CAAC,MAAc,EAAE,MAAqB;QAEnD,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,IAAI,GAAG,IAAA,iBAAW,EAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAEnD,MAAM,SAAS,GAAG,IAAA,YAAE,EAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;QAEjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC;YACxC,MAAM;YACN,IAAI,EAAE,2BAAW,CAAC,GAAG;YACrB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAC3C,IAAI;SACP,CAAC,CAAA;QACF,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEnC,IAAI,MAAM,KAAK,qCAAa,CAAC,KAAK,EAAE,CAAC;QAErC,CAAC;aAAM,IAAI,MAAM,KAAK,qCAAa,CAAC,GAAG,EAAE,CAAC;QAE1C,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAAc,EAAE,QAAgB,EAAE,MAAqB;QAEnE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,IAAI,MAAM,KAAK,qCAAa,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;gBAChD,KAAK,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;aACpC,CAAC,CAAC;YAEH,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC3B,MAAM,OAAO,GAAG,mBAAS,CAAC,IAAI,CAAC,MAAM,CAAC;oBAClC,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,QAAQ,EAAE,QAAQ;oBAClB,KAAK,EAAE,QAAQ;oBACf,MAAM,EAAE,CAAC;iBACZ,CAAC,CAAC;gBAEH,IAAI,OAAO,EAAE,CAAC;oBAEV,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CACjC,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,EACjB,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,CAC7B,CAAC;oBACF,OAAO,IAAI,CAAC;gBAChB,CAAC;YACL,CAAC;YACD,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,MAAM,KAAK,qCAAa,CAAC,KAAK,IAAI,MAAM,KAAK,qCAAa,CAAC,GAAG,EAAE,CAAC;YACjE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;gBACzC,KAAK,EAAE;oBACH,MAAM;oBACN,IAAI,EAAE,2BAAW,CAAC,GAAG;oBACrB,IAAI,EAAE,KAAK;oBACX,SAAS,EAAE,IAAA,kBAAQ,EAAC,IAAI,IAAI,EAAE,CAAC;oBAC/B,IAAI,EAAE,QAAQ;iBACjB;aACJ,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,EAAE,CAAC;gBACP,OAAO,KAAK,CAAC;YACjB,CAAC;YACD,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACxC,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;IAGD,KAAK,CAAC,eAAe,CAAC,MAAc,EAAE,UAAmB;QACrD,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAC1E,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACtC,CAAC;QAED,MAAM,MAAM,GAAG,mBAAS,CAAC,cAAc,EAAE,CAAC;QAE1C,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YAChC,MAAM;YACN,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,UAAU,EAAE,UAAU,IAAI,eAAe;YACzC,QAAQ,EAAE,KAAK;SAClB,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,gBAAM,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC1D,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,MAAc,EAAE,MAAc,EAAE,QAAgB;QAElE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC;YAClD,KAAK,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;SAC5B,CAAC,CAAC;QAEH,IAAI,MAAM,EAAE,CAAC;YACT,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAClB,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,MAAM,OAAO,GAAG,mBAAS,CAAC,IAAI,CAAC,MAAM,CAAC;gBAClC,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,QAAQ;gBACf,MAAM,EAAE,CAAC;aACZ,CAAC,CAAC;YAEH,IAAI,OAAO,EAAE,CAAC;gBACV,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC7E,OAAO,IAAI,CAAC;YAChB,CAAC;QACL,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc;QAC/B,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YAChD,MAAM,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,CAAC;YACtD,KAAK,EAAE,EAAE,MAAM,EAAE;YACjB,KAAK,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE;SAChC,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC1B,EAAE,EAAE,MAAM,CAAC,EAAE;YACb,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC5B,CAAC,CAAC,CAAC;IACR,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB;QAC/B,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,MAAc;QAC9B,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YAC1B,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC3C,MAAM,EAAE,CAAC,IAAI,EAAE,cAAc,CAAC;YAC9B,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;SACxB,CAAC,CAAC;QACH,OAAO,CAAC,CAAC,IAAI,EAAE,YAAY,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAAc;QAC7B,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;gBAC3C,MAAM,EAAE,CAAC,IAAI,EAAE,cAAc,CAAC;gBAC9B,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;aACxB,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,IAAI,EAAE,YAAY,CAAC;QAChC,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,QAAgB;QACjD,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAClC,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CACjC,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,EACxB,EAAE,QAAQ,EAAE,IAAI,EAAE,CACrB,CAAC;IACN,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAAc;QAC1B,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAc;QAC3B,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAEnC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,QAAgB;QACnC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,MAAc;QACrC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,MAAM,GAAG,mBAAS,CAAC,cAAc,CAAC;YACpC,IAAI,EAAE,YAAY,MAAM,EAAE;SAC7B,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7E,OAAO,MAAM,CAAC,MAAM,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAc,EAAE,IAAY;QAEvC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QAElC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAC1E,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,gBAAgB;gBACzB,IAAI,EAAE,8CAA6B;aACtC,CAAC,CAAC;QACP,CAAC;QACD,IAAI,IAAI,CAAC,eAAe,KAAK,IAAI,EAAE,CAAC;YAEhC,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;YAGpE,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YAElD,OAAO;gBACH,OAAO,EAAE,wBAAwB;aACpC,CAAC;QACN,CAAC;QAED,MAAM,IAAI,8BAAqB,CAAC;YAC5B,OAAO,EAAE,uBAAuB;YAChC,IAAI,EAAE,2CAA0B;SACnC,CAAC,CAAC;IACP,CAAC;CACJ,CAAA;AAvTY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;IAMJ,mBAAA,IAAA,0BAAgB,EAAC,6BAAS,CAAC,CAAA;IAG3B,mBAAA,IAAA,0BAAgB,EAAC,kBAAI,CAAC,CAAA;IAGtB,mBAAA,IAAA,0BAAgB,EAAC,gBAAG,CAAC,CAAA;IAGrB,mBAAA,IAAA,eAAM,EAAC,oCAAmB,CAAC,CAAA;6CARC,oBAAU;QAGf,oBAAU;QAGX,oBAAU;GAZ5B,UAAU,CAuTtB"}

package/src/lib/auth.constants.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NestAuthEvents = exports.DEFAULT_GUARD_NAME = exports.REFRESH_TOKEN_COOKIE_NAME = exports.ACCESS_TOKEN_COOKIE_NAME = exports.REFRESH_TOKEN_EXPIRED = exports.REFRESH_TOKEN_INVALID = exports.USER_NOT_ACTIVE_ERROR = exports.SESSION_NOT_FOUND_ERROR = exports.INVALID_REFRESH_TOKEN_EXCEPTION_CODE = exports.INVALID_MFA_EXCEPTION_CODE = exports.UNAUTHORIZED_EXCEPTION_CODE = exports.USER_NOT_FOUND_EXCEPTION_CODE = exports.ENABLED_AUTH_PROVIDERS = exports.PHONE_AUTH_PROVIDER = exports.EMAIL_AUTH_PROVIDER = exports.APPLE_AUTH_PROVIDER = exports.FACEBOOK_AUTH_PROVIDER = exports.GOOGLE_AUTH_PROVIDER = exports.JWT_AUTH_PROVIDER = exports.AUTH_MODULE_OPTIONS = void 0;
+exports.AUTH_MODULE_OPTIONS = 'NEST_AUTH_AUTH_MODULE_OPTIONS';
+exports.JWT_AUTH_PROVIDER = 'jwt';
+exports.GOOGLE_AUTH_PROVIDER = 'google';
+exports.FACEBOOK_AUTH_PROVIDER = 'facebook';
+exports.APPLE_AUTH_PROVIDER = 'apple';
+exports.EMAIL_AUTH_PROVIDER = 'email';
+exports.PHONE_AUTH_PROVIDER = 'phone';
+exports.ENABLED_AUTH_PROVIDERS = 'NEST_AUTH_ENABLED_AUTH_PROVIDERS';
+exports.USER_NOT_FOUND_EXCEPTION_CODE = 'USER_NOT_FOUND';
+exports.UNAUTHORIZED_EXCEPTION_CODE = 'UNAUTHORIZED';
+exports.INVALID_MFA_EXCEPTION_CODE = 'INVALID_MFA';
+exports.INVALID_REFRESH_TOKEN_EXCEPTION_CODE = 'INVALID_REFRESH_TOKEN';
+exports.SESSION_NOT_FOUND_ERROR = 'SESSION_NOT_FOUND';
+exports.USER_NOT_ACTIVE_ERROR = 'USER_NOT_ACTIVE';
+exports.REFRESH_TOKEN_INVALID = 'REFRESH_TOKEN_INVALID';
+exports.REFRESH_TOKEN_EXPIRED = 'REFRESH_TOKEN_EXPIRED';
+exports.ACCESS_TOKEN_COOKIE_NAME = 'accessToken';
+exports.REFRESH_TOKEN_COOKIE_NAME = 'refreshToken';
+exports.DEFAULT_GUARD_NAME = 'web';
+exports.NestAuthEvents = {
+    LOGGED_IN: 'nest_auth.logged_in',
+    REGISTERED: 'nest_auth.registered',
+    TWO_FACTOR_VERIFIED: 'nest_auth.two_factor_verified',
+    REFRESH_TOKEN: 'nest_auth.refresh_token',
+    PASSWORD_RESET_REQUESTED: 'nest_auth.password_reset_requested',
+    PASSWORD_RESET: 'nest_auth.password_reset',
+    LOGGED_OUT: 'nest_auth.logged_out',
+    LOGGED_OUT_ALL: 'nest_auth.logged_out_all',
+    USER_CREATED: 'nest_auth.user.created',
+    USER_UPDATED: 'nest_auth.user.updated',
+    USER_DELETED: 'nest_auth.user.deleted',
+    TENANT_CREATED: 'nest_auth.tenant.created',
+    TENANT_UPDATED: 'nest_auth.tenant.updated',
+    TENANT_DELETED: 'nest_auth.tenant.deleted',
+    ACCESS_KEY_CREATED: 'nest_auth.access_key.created',
+    ACCESS_KEY_DELETED: 'nest_auth.access_key.deleted',
+    ACCESS_KEY_UPDATED: 'nest_auth.access_key.updated',
+    ACCESS_KEY_DEACTIVATED: 'nest_auth.access_key.deactivated',
+};
+//# sourceMappingURL=auth.constants.js.map

package/src/lib/auth.constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.constants.js","sourceRoot":"","sources":["../../../../../packages/nest-auth/src/lib/auth.constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,mBAAmB,GAAG,+BAA+B,CAAC;AAItD,QAAA,iBAAiB,GAAG,KAAK,CAAC;AAC1B,QAAA,oBAAoB,GAAG,QAAQ,CAAC;AAChC,QAAA,sBAAsB,GAAG,UAAU,CAAC;AACpC,QAAA,mBAAmB,GAAG,OAAO,CAAC;AAC9B,QAAA,mBAAmB,GAAG,OAAO,CAAC;AAC9B,QAAA,mBAAmB,GAAG,OAAO,CAAC;AAG9B,QAAA,sBAAsB,GAAG,kCAAkC,CAAC;AAI5D,QAAA,6BAA6B,GAAG,gBAAgB,CAAC;AACjD,QAAA,2BAA2B,GAAG,cAAc,CAAC;AAC7C,QAAA,0BAA0B,GAAG,aAAa,CAAC;AAC3C,QAAA,oCAAoC,GAAG,uBAAuB,CAAC;AAC/D,QAAA,uBAAuB,GAAG,mBAAmB,CAAC;AAC9C,QAAA,qBAAqB,GAAG,iBAAiB,CAAC;AAE1C,QAAA,qBAAqB,GAAG,uBAAuB,CAAC;AAChD,QAAA,qBAAqB,GAAG,uBAAuB,CAAC;AAIhD,QAAA,wBAAwB,GAAG,aAAa,CAAC;AACzC,QAAA,yBAAyB,GAAG,cAAc,CAAC;AAG3C,QAAA,kBAAkB,GAAG,KAAK,CAAC;AAG3B,QAAA,cAAc,GAAG;IAE1B,SAAS,EAAE,qBAAqB;IAChC,UAAU,EAAE,sBAAsB;IAClC,mBAAmB,EAAE,+BAA+B;IACpD,aAAa,EAAE,yBAAyB;IACxC,wBAAwB,EAAE,oCAAoC;IAC9D,cAAc,EAAE,0BAA0B;IAC1C,UAAU,EAAE,sBAAsB;IAClC,cAAc,EAAE,0BAA0B;IAG1C,YAAY,EAAE,wBAAwB;IACtC,YAAY,EAAE,wBAAwB;IACtC,YAAY,EAAE,wBAAwB;IAGtC,cAAc,EAAE,0BAA0B;IAC1C,cAAc,EAAE,0BAA0B;IAC1C,cAAc,EAAE,0BAA0B;IAG1C,kBAAkB,EAAE,8BAA8B;IAClD,kBAAkB,EAAE,8BAA8B;IAClD,kBAAkB,EAAE,8BAA8B;IAClD,sBAAsB,EAAE,kCAAkC;CACpD,CAAC"}

package/src/lib/core/core.module.js

@@ -0,0 +1,67 @@
+"use strict";
+var CoreModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CoreModule = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const auth_constants_1 = require("../auth.constants");
+const auth_provider_registry_service_1 = require("./services/auth-provider-registry.service");
+const apple_auth_provider_1 = require("./providers/apple-auth.provider");
+const jwt_auth_provider_1 = require("./providers/jwt-auth.provider");
+const email_auth_provider_1 = require("./providers/email-auth.provider");
+const facebook_auth_provider_1 = require("./providers/facebook-auth.provider");
+const google_auth_provider_1 = require("./providers/google-auth.provider");
+const phone_auth_provider_1 = require("./providers/phone-auth.provider");
+const typeorm_1 = require("@nestjs/typeorm");
+const auth_identity_entity_1 = require("../user/entities/auth-identity.entity");
+const user_entity_1 = require("../user/entities/user.entity");
+const jwt_service_1 = require("./services/jwt.service");
+let CoreModule = CoreModule_1 = class CoreModule {
+    static forRoot(options) {
+        return {
+            imports: [],
+            module: CoreModule_1,
+            providers: [
+                {
+                    provide: auth_constants_1.AUTH_MODULE_OPTIONS,
+                    useValue: options,
+                },
+                {
+                    provide: auth_constants_1.ENABLED_AUTH_PROVIDERS,
+                    useFactory: (registry) => {
+                        return registry.getAllProviders();
+                    },
+                    inject: [auth_provider_registry_service_1.AuthProviderRegistryService],
+                },
+            ],
+            exports: [
+                auth_constants_1.AUTH_MODULE_OPTIONS,
+                auth_constants_1.ENABLED_AUTH_PROVIDERS,
+            ],
+        };
+    }
+};
+exports.CoreModule = CoreModule;
+exports.CoreModule = CoreModule = CoreModule_1 = tslib_1.__decorate([
+    (0, common_1.Global)(),
+    (0, common_1.Module)({
+        imports: [
+            typeorm_1.TypeOrmModule.forFeature([user_entity_1.User, auth_identity_entity_1.AuthIdentity])
+        ],
+        providers: [
+            jwt_service_1.JwtService,
+            auth_provider_registry_service_1.AuthProviderRegistryService,
+            email_auth_provider_1.EmailAuthProvider,
+            phone_auth_provider_1.PhoneAuthProvider,
+            jwt_auth_provider_1.JwtAuthProvider,
+            google_auth_provider_1.GoogleAuthProvider,
+            facebook_auth_provider_1.FacebookAuthProvider,
+            apple_auth_provider_1.AppleAuthProvider,
+        ],
+        exports: [
+            jwt_service_1.JwtService,
+            auth_provider_registry_service_1.AuthProviderRegistryService,
+        ],
+    })
+], CoreModule);
+//# sourceMappingURL=core.module.js.map

package/src/lib/core/core.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"core.module.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/core/core.module.ts"],"names":[],"mappings":";;;;;AAAA,2CAA+D;AAE/D,sDAAgF;AAChF,8FAAwF;AACxF,yEAAoE;AACpE,qEAAgE;AAChE,yEAAoE;AACpE,+EAA0E;AAC1E,2EAAsE;AACtE,yEAAoE;AACpE,6CAAgD;AAChD,gFAAqE;AACrE,8DAAoD;AACpD,wDAAoD;AAsB7C,IAAM,UAAU,kBAAhB,MAAM,UAAU;IACnB,MAAM,CAAC,OAAO,CAAC,OAA0B;QAErC,OAAO;YACH,OAAO,EAAE,EAER;YACD,MAAM,EAAE,YAAU;YAClB,SAAS,EAAE;gBACP;oBACI,OAAO,EAAE,oCAAmB;oBAC5B,QAAQ,EAAE,OAAO;iBACpB;gBACD;oBACI,OAAO,EAAE,uCAAsB;oBAC/B,UAAU,EAAE,CAAC,QAAqC,EAAE,EAAE;wBAClD,OAAO,QAAQ,CAAC,eAAe,EAAE,CAAC;oBACtC,CAAC;oBACD,MAAM,EAAE,CAAC,4DAA2B,CAAC;iBACxC;aACJ;YACD,OAAO,EAAE;gBACL,oCAAmB;gBACnB,uCAAsB;aACzB;SACJ,CAAC;IACN,CAAC;CACJ,CAAA;AA3BY,gCAAU;qBAAV,UAAU;IApBtB,IAAA,eAAM,GAAE;IACR,IAAA,eAAM,EAAC;QACJ,OAAO,EAAE;YACL,uBAAa,CAAC,UAAU,CAAC,CAAC,kBAAI,EAAE,mCAAY,CAAC,CAAC;SACjD;QACD,SAAS,EAAE;YACP,wBAAU;YACV,4DAA2B;YAC3B,uCAAiB;YACjB,uCAAiB;YACjB,mCAAe;YACf,yCAAkB;YAClB,6CAAoB;YACpB,uCAAiB;SACpB;QACD,OAAO,EAAE;YACL,wBAAU;YACV,4DAA2B;SAC9B;KACJ,CAAC;GACW,UAAU,CA2BtB"}

package/src/lib/core/decorators/role.decorator.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GUARD_KEY = exports.ROLES_KEY = void 0;
+exports.NestAuthRoles = NestAuthRoles;
+exports.ROLES_KEY = 'nest_auth_roles';
+exports.GUARD_KEY = 'nest_auth_guard';
+function NestAuthRoles(roles, guard) {
+    return (target, key, descriptor) => {
+        Reflect.defineMetadata(exports.ROLES_KEY, roles, descriptor.value);
+        Reflect.defineMetadata(exports.GUARD_KEY, guard, descriptor.value);
+        return descriptor;
+    };
+}
+//# sourceMappingURL=role.decorator.js.map

package/src/lib/core/decorators/role.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"role.decorator.js","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/core/decorators/role.decorator.ts"],"names":[],"mappings":";;;AAKA,sCAMC;AAVY,QAAA,SAAS,GAAG,iBAAiB,CAAC;AAC9B,QAAA,SAAS,GAAG,iBAAiB,CAAC;AAG3C,SAAgB,aAAa,CAAC,KAAwB,EAAE,KAAc;IAClE,OAAO,CAAC,MAAW,EAAE,GAAW,EAAE,UAA8B,EAAE,EAAE;QAChE,OAAO,CAAC,cAAc,CAAC,iBAAS,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;QAC3D,OAAO,CAAC,cAAc,CAAC,iBAAS,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;QAC3D,OAAO,UAAU,CAAC;IACtB,CAAC,CAAC;AACN,CAAC"}

package/src/lib/core/decorators/skip-mfa.decorator.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SkipMfa = exports.SKIP_MFA_KEY = void 0;
+const common_1 = require("@nestjs/common");
+exports.SKIP_MFA_KEY = 'skipMfa';
+const SkipMfa = () => (0, common_1.SetMetadata)(exports.SKIP_MFA_KEY, true);
+exports.SkipMfa = SkipMfa;
+//# sourceMappingURL=skip-mfa.decorator.js.map

package/src/lib/core/decorators/skip-mfa.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skip-mfa.decorator.js","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/core/decorators/skip-mfa.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAA6C;AAEhC,QAAA,YAAY,GAAG,SAAS,CAAC;AAC/B,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,IAAA,oBAAW,EAAC,oBAAY,EAAE,IAAI,CAAC,CAAC;AAAhD,QAAA,OAAO,WAAyC"}

package/src/lib/core/dto/message.response.dto.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MessageResponseDto = void 0;
+const tslib_1 = require("tslib");
+const swagger_1 = require("@nestjs/swagger");
+class MessageResponseDto {
+}
+exports.MessageResponseDto = MessageResponseDto;
+tslib_1.__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Response message' }),
+    tslib_1.__metadata("design:type", String)
+], MessageResponseDto.prototype, "message", void 0);
+//# sourceMappingURL=message.response.dto.js.map

package/src/lib/core/dto/message.response.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"message.response.dto.js","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/core/dto/message.response.dto.ts"],"names":[],"mappings":";;;;AAAA,6CAA8C;AAE9C,MAAa,kBAAkB;CAG9B;AAHD,gDAGC;AADG;IADC,IAAA,qBAAW,EAAC,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;;mDACjC"}

package/src/lib/core/entities.d.ts

@@ -16,4 +16,4 @@ export * from '../role/entities/permission.entity';
 export * from '../auth/entities/mfa-secret.entity';
 export * from '../auth/entities/otp.entity';
 export * from '../session/entities/session.entity';
-export declare const NestAuthEntities: (typeof User | typeof AuthIdentity | typeof Role | typeof Permission | typeof Tenant | typeof MFASecret | typeof Session | typeof OTP | typeof AccessKey)[];
+export declare const NestAuthEntities: (typeof Tenant | typeof AuthIdentity | typeof User | typeof Session | typeof OTP | typeof MFASecret | typeof Permission | typeof Role | typeof AccessKey)[];

package/src/lib/core/entities.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NestAuthEntities = void 0;
+const tslib_1 = require("tslib");
+const user_entity_1 = require("../user/entities/user.entity");
+const auth_identity_entity_1 = require("../user/entities/auth-identity.entity");
+const access_key_entity_1 = require("../user/entities/access-key.entity");
+const tenant_entity_1 = require("../tenant/entities/tenant.entity");
+const role_entity_1 = require("../role/entities/role.entity");
+const permission_entity_1 = require("../role/entities/permission.entity");
+const mfa_secret_entity_1 = require("../auth/entities/mfa-secret.entity");
+const otp_entity_1 = require("../auth/entities/otp.entity");
+const session_entity_1 = require("../session/entities/session.entity");
+tslib_1.__exportStar(require("../user/entities/user.entity"), exports);
+tslib_1.__exportStar(require("../user/entities/auth-identity.entity"), exports);
+tslib_1.__exportStar(require("../user/entities/access-key.entity"), exports);
+tslib_1.__exportStar(require("../tenant/entities/tenant.entity"), exports);
+tslib_1.__exportStar(require("../role/entities/role.entity"), exports);
+tslib_1.__exportStar(require("../role/entities/permission.entity"), exports);
+tslib_1.__exportStar(require("../auth/entities/mfa-secret.entity"), exports);
+tslib_1.__exportStar(require("../auth/entities/otp.entity"), exports);
+tslib_1.__exportStar(require("../session/entities/session.entity"), exports);
+exports.NestAuthEntities = [
+    user_entity_1.User,
+    auth_identity_entity_1.AuthIdentity,
+    role_entity_1.Role,
+    permission_entity_1.Permission,
+    tenant_entity_1.Tenant,
+    mfa_secret_entity_1.MFASecret,
+    session_entity_1.Session,
+    otp_entity_1.OTP,
+    access_key_entity_1.AccessKey,
+];
+//# sourceMappingURL=entities.js.map

package/src/lib/core/entities.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entities.js","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/core/entities.ts"],"names":[],"mappings":";;;;AAAA,8DAAoD;AACpD,gFAAqE;AACrE,0EAA+D;AAC/D,oEAA0D;AAC1D,8DAAoD;AACpD,0EAAgE;AAChE,0EAA+D;AAC/D,4DAAkD;AAClD,uEAA6D;AAE7D,uEAA6C;AAC7C,gFAAsD;AACtD,6EAAmD;AACnD,2EAAiD;AACjD,uEAA6C;AAC7C,6EAAmD;AACnD,6EAAmD;AACnD,sEAA4C;AAC5C,6EAAmD;AAEtC,QAAA,gBAAgB,GAAG;IAC5B,kBAAI;IACJ,mCAAY;IACZ,kBAAI;IACJ,8BAAU;IACV,sBAAM;IACN,6BAAS;IACT,wBAAO;IACP,gBAAG;IACH,6BAAS;CACZ,CAAC"}

package/src/lib/core/guards/auth.guard.js

@@ -0,0 +1,135 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NestAuthAuthGuard = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const auth_constants_1 = require("../../auth.constants");
+const core_1 = require("@nestjs/core");
+const jwt_service_1 = require("../../core/services/jwt.service");
+const auth_service_1 = require("../../auth/services/auth.service");
+const base_session_service_1 = require("../../session/services/base-session.service");
+const cookie_service_1 = require("../../auth/services/cookie.service");
+const access_key_service_1 = require("../../user/services/access-key.service");
+const skip_mfa_decorator_1 = require("../decorators/skip-mfa.decorator");
+let NestAuthAuthGuard = class NestAuthAuthGuard {
+    constructor(reflector, jwtService, authService, sessionService, cookieService, accessKeyService) {
+        this.reflector = reflector;
+        this.jwtService = jwtService;
+        this.authService = authService;
+        this.sessionService = sessionService;
+        this.cookieService = cookieService;
+        this.accessKeyService = accessKeyService;
+    }
+    async canActivate(context) {
+        const request = context.switchToHttp().getRequest();
+        const response = context.switchToHttp().getResponse();
+        const authHeader = request.headers.authorization;
+        if (!authHeader) {
+            throw new common_1.UnauthorizedException({
+                message: 'No authentication provided',
+                code: 'NO_AUTH'
+            });
+        }
+        const [type, token] = authHeader.split(' ');
+        switch (type.toLowerCase()) {
+            case 'bearer':
+                return await this.handleJwtAuth(context, request, response, token);
+            case 'apikey':
+                return await this.handleApiKeyAuth(request, token);
+            default:
+                throw new common_1.UnauthorizedException({
+                    message: 'Invalid authentication type',
+                    code: 'INVALID_AUTH_TYPE'
+                });
+        }
+    }
+    async handleJwtAuth(context, request, response, token) {
+        try {
+            const payload = await this.jwtService.verifyToken(token);
+            request['user'] = payload;
+            request['authType'] = 'jwt';
+            const session = await this.sessionService.getSession(payload.sessionId);
+            if (!session) {
+                throw new common_1.UnauthorizedException({
+                    message: 'Session not found',
+                    code: auth_constants_1.UNAUTHORIZED_EXCEPTION_CODE
+                });
+            }
+            request['session'] = session;
+            await this.checkMfa(context, payload);
+            return true;
+        }
+        catch (error) {
+            const refreshToken = this.extractRefreshToken(request);
+            if (!refreshToken) {
+                throw new common_1.UnauthorizedException({
+                    message: 'Invalid token',
+                    code: auth_constants_1.UNAUTHORIZED_EXCEPTION_CODE
+                });
+            }
+            const newSession = await this.authService.refreshToken(refreshToken);
+            this.cookieService.setTokens(response, newSession.accessToken, newSession.refreshToken);
+            const payload = await this.jwtService.verifyToken(newSession.accessToken);
+            await this.checkMfa(context, payload);
+            return true;
+        }
+    }
+    async handleApiKeyAuth(request, token) {
+        const [publicKey, privateKey] = token.split('.');
+        if (!publicKey || !privateKey) {
+            throw new common_1.UnauthorizedException({
+                message: 'Invalid API key format',
+                code: 'INVALID_API_KEY_FORMAT'
+            });
+        }
+        const isValid = await this.accessKeyService.validateAccessKey(publicKey, privateKey);
+        if (!isValid) {
+            throw new common_1.UnauthorizedException({
+                message: 'Invalid API key',
+                code: 'INVALID_API_KEY'
+            });
+        }
+        const accessKey = await this.accessKeyService.getAccessKey(publicKey);
+        await this.accessKeyService.updateAccessKeyLastUsed(publicKey);
+        request['user'] = accessKey.user;
+        request['accessKey'] = accessKey;
+        request['authType'] = 'api-key';
+        return true;
+    }
+    extractRefreshToken(request) {
+        const tokenFromCookie = request.cookies?.[auth_constants_1.REFRESH_TOKEN_COOKIE_NAME];
+        if (tokenFromCookie) {
+            return tokenFromCookie;
+        }
+        const authHeader = request.headers['x-refresh-token'];
+        if (authHeader) {
+            return authHeader;
+        }
+        return null;
+    }
+    async checkMfa(context, payload) {
+        const skipMfa = this.reflector.getAllAndOverride(skip_mfa_decorator_1.SKIP_MFA_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        const isMfaEnabled = payload.isMfaEnabled;
+        const isMfaVerified = payload.isMfaVerified;
+        if (isMfaEnabled && !isMfaVerified && !skipMfa) {
+            throw new common_1.UnauthorizedException({
+                message: 'Multi-factor authentication is required',
+                code: auth_constants_1.UNAUTHORIZED_EXCEPTION_CODE
+            });
+        }
+    }
+};
+exports.NestAuthAuthGuard = NestAuthAuthGuard;
+exports.NestAuthAuthGuard = NestAuthAuthGuard = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__metadata("design:paramtypes", [core_1.Reflector,
+        jwt_service_1.JwtService,
+        auth_service_1.AuthService,
+        base_session_service_1.BaseSessionService,
+        cookie_service_1.CookieService,
+        access_key_service_1.AccessKeyService])
+], NestAuthAuthGuard);
+//# sourceMappingURL=auth.guard.js.map

package/src/lib/core/guards/auth.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.guard.js","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/core/guards/auth.guard.ts"],"names":[],"mappings":";;;;AAAA,2CAAkG;AAClG,yDAA8F;AAC9F,uCAAyC;AAEzC,iEAA6D;AAC7D,mEAA+D;AAC/D,sFAAiF;AACjF,uEAAmE;AACnE,+EAA0E;AAE1E,yEAAgE;AAGzD,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAC1B,YACY,SAAoB,EACpB,UAAsB,EACtB,WAAwB,EACxB,cAAkC,EAClC,aAA4B,EAC5B,gBAAkC;QALlC,cAAS,GAAT,SAAS,CAAW;QACpB,eAAU,GAAV,UAAU,CAAY;QACtB,gBAAW,GAAX,WAAW,CAAa;QACxB,mBAAc,GAAd,cAAc,CAAoB;QAClC,kBAAa,GAAb,aAAa,CAAe;QAC5B,qBAAgB,GAAhB,gBAAgB,CAAkB;IAC1C,CAAC;IAEL,KAAK,CAAC,WAAW,CAAC,OAAyB;QACvC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAW,CAAC;QAC7D,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,WAAW,EAAY,CAAC;QAEhE,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,4BAA4B;gBACrC,IAAI,EAAE,SAAS;aAClB,CAAC,CAAC;QACP,CAAC;QAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAG5C,QAAQ,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;YACzB,KAAK,QAAQ;gBACT,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;YACvE,KAAK,QAAQ;gBACT,OAAO,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACvD;gBACI,MAAM,IAAI,8BAAqB,CAAC;oBAC5B,OAAO,EAAE,6BAA6B;oBACtC,IAAI,EAAE,mBAAmB;iBAC5B,CAAC,CAAC;QACX,CAAC;IAEL,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,OAAyB,EAAE,OAAgB,EAAE,QAAkB,EAAE,KAAa;QACtG,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YACzD,OAAO,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC;YAC1B,OAAO,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC;YAE5B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACxE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,MAAM,IAAI,8BAAqB,CAAC;oBAC5B,OAAO,EAAE,mBAAmB;oBAC5B,IAAI,EAAE,4CAA2B;iBACpC,CAAC,CAAC;YACP,CAAC;YAED,OAAO,CAAC,SAAS,CAAC,GAAG,OAAO,CAAC;YAC7B,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACtC,OAAO,IAAI,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAEb,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YACvD,IAAI,CAAC,YAAY,EAAE,CAAC;gBAChB,MAAM,IAAI,8BAAqB,CAAC;oBAC5B,OAAO,EAAE,eAAe;oBACxB,IAAI,EAAE,4CAA2B;iBACpC,CAAC,CAAC;YACP,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;YACrE,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,WAAW,EAAE,UAAU,CAAC,YAAY,CAAC,CAAC;YAExF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YAC1E,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACtC,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,OAAgB,EAAE,KAAa;QAE1D,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjD,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,EAAE,CAAC;YAC5B,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,wBAAwB;gBACjC,IAAI,EAAE,wBAAwB;aACjC,CAAC,CAAC;QACP,CAAC;QAGD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QACrF,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,iBAAiB;gBAC1B,IAAI,EAAE,iBAAiB;aAC1B,CAAC,CAAC;QACP,CAAC;QAGD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAGtE,MAAM,IAAI,CAAC,gBAAgB,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC;QAG/D,OAAO,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC;QACjC,OAAO,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC;QACjC,OAAO,CAAC,UAAU,CAAC,GAAG,SAAS,CAAC;QAEhC,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,mBAAmB,CAAC,OAAgB;QAExC,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,0CAAyB,CAAC,CAAC;QACrE,IAAI,eAAe,EAAE,CAAC;YAClB,OAAO,eAAe,CAAC;QAC3B,CAAC;QAGD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QACtD,IAAI,UAAU,EAAE,CAAC;YACb,OAAO,UAAoB,CAAC;QAChC,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAC,OAAyB,EAAE,OAAwB;QAEtE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAU,iCAAY,EAAE;YACpE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACrB,CAAC,CAAC;QAGH,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QAC1C,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAG5C,IAAI,YAAY,IAAI,CAAC,aAAa,IAAI,CAAC,OAAO,EAAE,CAAC;YAC7C,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,yCAAyC;gBAClD,IAAI,EAAE,4CAA2B;aACpC,CAAC,CAAC;QACP,CAAC;IACL,CAAC;CACJ,CAAA;AA/IY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;6CAGc,gBAAS;QACR,wBAAU;QACT,0BAAW;QACR,yCAAkB;QACnB,8BAAa;QACV,qCAAgB;GAPrC,iBAAiB,CA+I7B"}