npm - @ackplus/nest-auth - Versions diffs - 0.1.50 → 1.1.0 - Mend

@ackplus/nest-auth 0.1.50 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (505) hide show

package/README.md +6 -513
package/eslint.config.mjs +59 -0
package/jest.config.ts +10 -0
package/package.json +14 -44
package/project.json +86 -0
package/src/index.ts +30 -0
package/src/lib/admin-console/admin-console.module.ts +62 -0
package/src/lib/admin-console/controllers/admin-auth.controller.ts +339 -0
package/src/lib/admin-console/controllers/admin-console.controller.ts +82 -0
package/src/lib/admin-console/controllers/admin-permissions.controller.ts +180 -0
package/src/lib/admin-console/controllers/admin-roles.controller.ts +89 -0
package/src/lib/admin-console/controllers/admin-tenants.controller.ts +68 -0
package/src/lib/admin-console/controllers/admin-users.controller.ts +379 -0
package/src/lib/admin-console/decorators/current-admin.decorator.ts +9 -0
package/src/lib/admin-console/dto/admin-permission.dto.ts +106 -0
package/src/lib/admin-console/dto/admin-role.dto.ts +45 -0
package/src/lib/admin-console/dto/admin-tenant.dto.ts +43 -0
package/src/lib/admin-console/dto/admin-user.dto.ts +87 -0
package/src/lib/admin-console/dto/create-dashboard-admin.dto.ts +34 -0
package/src/lib/admin-console/dto/login.dto.ts +10 -0
package/src/lib/admin-console/dto/reset-password.dto.ts +21 -0
package/src/lib/admin-console/dto/setup-admin.dto.ts +23 -0
package/src/lib/admin-console/dto/signup.dto.ts +51 -0
package/src/lib/admin-console/entities/admin-user.entity.ts +74 -0
package/src/lib/admin-console/guards/admin-session.guard.ts +47 -0
package/src/lib/admin-console/services/admin-auth.service.ts +82 -0
package/src/lib/admin-console/services/admin-console-config.service.ts +62 -0
package/src/lib/admin-console/services/admin-session.service.ts +106 -0
package/src/lib/admin-console/services/admin-user.service.ts +96 -0
package/src/lib/admin-console/static/index.html +771 -0
package/src/lib/auth/auth.module.ts +58 -0
package/src/lib/auth/controllers/auth.controller.ts +393 -0
package/src/lib/auth/controllers/mfa.controller.ts +200 -0
package/src/lib/auth/dto/credentials/email-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/phone-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/social-credentials.dto.ts +15 -0
package/src/lib/auth/dto/index.ts +1 -0
package/src/lib/auth/dto/requests/change-password.request.dto.ts +34 -0
package/src/lib/auth/dto/requests/forgot-password.request.dto.ts +30 -0
package/src/lib/auth/dto/requests/initialize-admin.request.dto.ts +51 -0
package/src/lib/auth/dto/requests/login.request.dto.ts +65 -0
package/src/lib/auth/dto/requests/refresh-token.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/reset-password-with-token.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/reset-password.request.dto.ts +50 -0
package/src/lib/auth/dto/requests/send-email-verification.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.ts +19 -0
package/src/lib/auth/dto/requests/signup.request.dto.ts +42 -0
package/src/lib/auth/dto/requests/toggle-mfa.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/verify-2fa.request.dto.ts +24 -0
package/src/lib/auth/dto/requests/verify-email.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.ts +41 -0
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.ts +22 -0
package/src/lib/auth/dto/responses/auth-cookie.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth-success.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth.response.dto.ts +99 -0
package/src/lib/auth/dto/responses/client-config.response.dto.ts +153 -0
package/src/lib/auth/dto/responses/initialize-admin.response.dto.ts +22 -0
package/src/lib/auth/dto/responses/mfa-code-response.dto.ts +27 -0
package/src/lib/auth/dto/responses/mfa-status.response.dto.ts +89 -0
package/src/lib/auth/dto/responses/verify-otp.response.dto.ts +9 -0
package/src/lib/auth/entities/mfa-secret.entity.ts +33 -0
package/src/lib/auth/entities/otp.entity.ts +33 -0
package/src/lib/auth/events/{logged-out-all.event.d.ts → logged-out-all.event.ts} +6 -3
package/src/lib/auth/events/{logged-out.event.d.ts → logged-out.event.ts} +5 -3
package/src/lib/auth/events/{password-reset-requested.event.d.ts → password-reset-requested.event.ts} +6 -3
package/src/lib/auth/events/{password-reset.event.d.ts → password-reset.event.ts} +6 -3
package/src/lib/auth/events/{user-2fa-verified.event.d.ts → user-2fa-verified.event.ts} +6 -3
package/src/lib/auth/events/{user-logged-in.event.d.ts → user-logged-in.event.ts} +7 -3
package/src/lib/auth/events/{user-refresh-token.event.d.ts → user-refresh-token.event.ts} +6 -3
package/src/lib/auth/events/{user-registered.event.d.ts → user-registered.event.ts} +7 -3
package/src/lib/auth/guards/auth.guard.ts +386 -0
package/src/lib/auth/{index.d.ts → index.ts} +28 -1
package/src/lib/auth/interceptors/refresh-token.interceptor.ts +117 -0
package/src/lib/auth/services/auth.service.ts +947 -0
package/src/lib/auth/services/client-config.service.ts +157 -0
package/src/lib/auth/services/cookie.service.ts +43 -0
package/src/lib/auth/services/mfa.service.ts +391 -0
package/src/lib/auth.constants.ts +63 -0
package/src/lib/core/core.module.ts +50 -0
package/src/lib/core/decorators/auth.decorator.ts +38 -0
package/src/lib/core/decorators/permissions.decorator.ts +17 -0
package/src/lib/core/decorators/public.decorator.ts +33 -0
package/src/lib/core/decorators/role.decorator.ts +12 -0
package/src/lib/core/decorators/skip-mfa.decorator.ts +4 -0
package/src/lib/core/dto/message.response.dto.ts +6 -0
package/src/lib/core/{entities.d.ts → entities.ts} +18 -1
package/src/lib/core/{index.d.ts → index.ts} +17 -0
package/src/lib/core/interfaces/auth-module-options.interface.ts +211 -0
package/src/lib/core/interfaces/mfa-options.interface.ts +46 -0
package/src/lib/core/interfaces/otp.interface.ts +6 -0
package/src/lib/core/interfaces/session-options.interface.ts +19 -0
package/src/lib/core/interfaces/{token-payload.interface.d.ts → token-payload.interface.ts} +4 -1
package/src/lib/core/providers/apple-auth.provider.ts +61 -0
package/src/lib/core/providers/base-auth.provider.ts +74 -0
package/src/lib/core/providers/email-auth.provider.ts +71 -0
package/src/lib/core/providers/facebook-auth.provider.ts +55 -0
package/src/lib/core/providers/github-auth.provider.ts +79 -0
package/src/lib/core/providers/google-auth.provider.ts +61 -0
package/src/lib/core/providers/jwt-auth.provider.ts +50 -0
package/src/lib/core/providers/phone-auth.provider.ts +45 -0
package/src/lib/core/services/auth-config.service.ts +184 -0
package/src/lib/core/services/auth-provider-registry.service.ts +93 -0
package/src/lib/core/services/{debug-logger.service.js → debug-logger.service.ts} +92 -59
package/src/lib/core/services/initialization.service.ts +29 -0
package/src/lib/core/services/jwt.service.ts +137 -0
package/src/lib/nest-auth.module.ts +152 -0
package/src/lib/permission/entities/permission.entity.ts +56 -0
package/src/lib/permission/index.ts +4 -0
package/src/lib/permission/permission.module.ts +14 -0
package/src/lib/permission/services/permission.service.ts +233 -0
package/src/lib/request-context/index.ts +2 -0
package/src/lib/request-context/request-context.middleware.ts +13 -0
package/src/lib/request-context/{request-context.js → request-context.ts} +51 -27
package/src/lib/role/entities/role.entity.ts +103 -0
package/src/lib/role/{index.d.ts → index.ts} +2 -0
package/src/lib/role/role.module.ts +15 -0
package/src/lib/role/services/{role.service.js → role.service.ts} +117 -52
package/src/lib/session/entities/session.entity.ts +54 -0
package/src/lib/session/index.ts +20 -0
package/src/lib/session/interfaces/session-repository.interface.ts +58 -0
package/src/lib/session/repositories/base-session.repository.ts +74 -0
package/src/lib/session/repositories/memory-session.repository.ts +153 -0
package/src/lib/session/repositories/redis-session.repository.ts +171 -0
package/src/lib/session/repositories/typeorm-session.repository.ts +86 -0
package/src/lib/session/services/session-manager.service.ts +261 -0
package/src/lib/session/session.module.ts +102 -0
package/src/lib/session/utils/session.util.ts +166 -0
package/src/lib/tenant/entities/tenant.entity.ts +40 -0
package/src/lib/tenant/events/tenant-created.event.ts +9 -0
package/src/lib/tenant/events/tenant-deleted.event.ts +11 -0
package/src/lib/tenant/events/{tenant-updated.event.d.ts → tenant-updated.event.ts} +6 -3
package/src/lib/tenant/index.ts +9 -0
package/src/lib/tenant/services/tenant.service.ts +336 -0
package/src/lib/tenant/tenant.module.ts +19 -0
package/src/lib/types/express.d.ts +14 -0
package/src/lib/user/dto/requests/update-user.dto.ts +15 -0
package/src/lib/user/entities/access-key.entity.ts +53 -0
package/src/lib/user/entities/identity.entity.ts +31 -0
package/src/lib/user/entities/user.entity.ts +212 -0
package/src/lib/user/events/{user-created.event.d.ts → user-created.event.ts} +4 -3
package/src/lib/user/events/{user-deleted.event.d.ts → user-deleted.event.ts} +6 -3
package/src/lib/user/events/{user-updated.event.d.ts → user-updated.event.ts} +6 -3
package/src/lib/user/index.ts +11 -0
package/src/lib/user/services/access-key.service.ts +145 -0
package/src/lib/user/services/{user.service.js → user.service.ts} +199 -95
package/src/lib/user/user.module.ts +26 -0
package/src/lib/utils/database.utils.ts +6 -0
package/src/lib/utils/date.util.ts +106 -0
package/src/lib/utils/device.util.ts +111 -0
package/src/lib/utils/index.ts +6 -0
package/src/lib/utils/otp.ts +3 -0
package/src/lib/utils/security.util.ts +27 -0
package/src/lib/utils/slug.util.ts +58 -0
package/src/types/ms.d.ts +1 -0
package/test/access-key.service.spec.ts +204 -0
package/test/auth.service.spec.ts +541 -0
package/test/mfa.service.spec.ts +359 -0
package/test/role.service.spec.ts +418 -0
package/test/tenant.service.spec.ts +218 -0
package/test/test.setup.ts +66 -0
package/test/user.service.spec.ts +374 -0
package/tsconfig.json +17 -0
package/tsconfig.lib.json +15 -0
package/tsconfig.spec.json +15 -0
package/tsconfig.tsbuildinfo +1 -1
package/ui/.env +1 -0
package/ui/.env.example +1 -0
package/ui/.eslintignore +7 -0
package/ui/README.md +288 -0
package/ui/index.html +17 -0
package/ui/package.json +34 -0
package/ui/postcss.config.js +6 -0
package/ui/src/App.tsx +245 -0
package/ui/src/components/AuthGuard.tsx +59 -0
package/ui/src/components/AuthProvider.tsx +76 -0
package/ui/src/components/Button.tsx +37 -0
package/ui/src/components/Card.tsx +37 -0
package/ui/src/components/ErrorMessage.tsx +15 -0
package/ui/src/components/FormDialog.tsx +61 -0
package/ui/src/components/FormFooter.tsx +37 -0
package/ui/src/components/Layout.tsx +112 -0
package/ui/src/components/LoadingMessage.tsx +11 -0
package/ui/src/components/Modal.tsx +97 -0
package/ui/src/components/MultiSelect.tsx +145 -0
package/ui/src/components/PageHeader.tsx +42 -0
package/ui/src/components/PanelHeader.tsx +28 -0
package/ui/src/components/PermissionInput.tsx +473 -0
package/ui/src/components/SearchInput.tsx +69 -0
package/ui/src/components/Select.tsx +51 -0
package/ui/src/components/SwaggerUIWrapper.tsx +316 -0
package/ui/src/components/Table.tsx +207 -0
package/ui/src/components/Tag.tsx +9 -0
package/ui/src/components/TagsInput.tsx +96 -0
package/ui/src/components/admin/AdminForm.tsx +170 -0
package/ui/src/components/admin/CreateAdminDialog.tsx +38 -0
package/ui/src/components/auth/LoginFooter.tsx +17 -0
package/ui/src/components/auth/LoginHeader.tsx +14 -0
package/ui/src/components/auth/components/CodeBlock.tsx +43 -0
package/ui/src/components/auth/components/CreateAccountCodeExamples.tsx +60 -0
package/ui/src/components/auth/components/PasswordRequirements.tsx +16 -0
package/ui/src/components/auth/components/PasswordStrengthIndicator.tsx +48 -0
package/ui/src/components/auth/components/ResetPasswordCodeExamples.tsx +76 -0
package/ui/src/components/auth/components/Tabs.tsx +32 -0
package/ui/src/components/auth/dialogs/CreateAccountDialog.tsx +79 -0
package/ui/src/components/auth/dialogs/ForgotPasswordDialog.tsx +79 -0
package/ui/src/components/auth/forms/CreateAccountForm.tsx +226 -0
package/ui/src/components/auth/forms/LoginForm.tsx +149 -0
package/ui/src/components/auth/forms/ResetPasswordForm.tsx +202 -0
package/ui/src/components/auth/types.ts +17 -0
package/ui/src/components/auth/utils/security.ts +82 -0
package/ui/src/components/auth/utils/utils.ts +25 -0
package/ui/src/components/form/EmailField.tsx +25 -0
package/ui/src/components/form/FormField.tsx +102 -0
package/ui/src/components/form/FormMultiSelect.tsx +46 -0
package/ui/src/components/form/FormSelect.tsx +60 -0
package/ui/src/components/form/FormTagsInput.tsx +42 -0
package/ui/src/components/form/FormTextarea.tsx +42 -0
package/ui/src/components/form/PasswordField.tsx +93 -0
package/ui/src/components/form/SecretKeyField.tsx +49 -0
package/ui/src/components/permission/CreatePermissionDialog.tsx +44 -0
package/ui/src/components/permission/EditPermissionDialog.tsx +55 -0
package/ui/src/components/permission/PermissionForm.tsx +251 -0
package/ui/src/components/role/CreateRoleDialog.tsx +45 -0
package/ui/src/components/role/EditRoleDialog.tsx +55 -0
package/ui/src/components/role/RoleDialog.tsx +252 -0
package/ui/src/components/role/RoleForm.tsx +246 -0
package/ui/src/components/tenant/CreateTenantDialog.tsx +41 -0
package/ui/src/components/tenant/EditTenantDialog.tsx +52 -0
package/ui/src/components/tenant/TenantForm.tsx +160 -0
package/ui/src/components/user/CreateUserDialog.tsx +45 -0
package/ui/src/components/user/UserDetailModal.tsx +815 -0
package/ui/src/components/user/UserForm.tsx +191 -0
package/ui/src/data/nest-auth.json +1687 -0
package/ui/src/hooks/useApi.ts +69 -0
package/ui/src/hooks/useAuth.ts +100 -0
package/ui/src/hooks/useConfirm.tsx +105 -0
package/ui/src/hooks/useFormFooter.tsx +42 -0
package/ui/src/hooks/usePagination.ts +69 -0
package/ui/src/index.css +59 -0
package/ui/src/main.tsx +13 -0
package/ui/src/pages/AdminsPage.tsx +178 -0
package/ui/src/pages/ApiPage.tsx +89 -0
package/ui/src/pages/DashboardPage.tsx +281 -0
package/ui/src/pages/LoginPage.tsx +39 -0
package/ui/src/pages/PermissionsPage.tsx +376 -0
package/ui/src/pages/RolesPage.tsx +274 -0
package/ui/src/pages/TenantsPage.tsx +221 -0
package/ui/src/pages/UsersPage.tsx +387 -0
package/ui/src/services/api.ts +115 -0
package/ui/src/types/index.ts +136 -0
package/ui/src/vite-env.d.ts +9 -0
package/ui/tailwind.config.js +45 -0
package/ui/tsconfig.json +24 -0
package/ui/tsconfig.node.json +10 -0
package/ui/vite.config.ts +37 -0
package/ui/yarn.lock +3137 -0
package/src/index.d.ts +0 -11
package/src/index.js +0 -18
package/src/index.js.map +0 -1
package/src/lib/auth/auth.module.d.ts +0 -2
package/src/lib/auth/auth.module.js +0 -54
package/src/lib/auth/auth.module.js.map +0 -1
package/src/lib/auth/controllers/auth.controller.d.ts +0 -29
package/src/lib/auth/controllers/auth.controller.js +0 -206
package/src/lib/auth/controllers/auth.controller.js.map +0 -1
package/src/lib/auth/controllers/mfa.controller.d.ts +0 -23
package/src/lib/auth/controllers/mfa.controller.js +0 -131
package/src/lib/auth/controllers/mfa.controller.js.map +0 -1
package/src/lib/auth/dto/index.d.ts +0 -0
package/src/lib/auth/dto/index.js +0 -1
package/src/lib/auth/dto/index.js.map +0 -1
package/src/lib/auth/dto/requests/forgot-password.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/forgot-password.request.dto.js +0 -30
package/src/lib/auth/dto/requests/forgot-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/login.request.dto.d.ts +0 -6
package/src/lib/auth/dto/requests/login.request.dto.js +0 -38
package/src/lib/auth/dto/requests/login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/refresh-token.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/refresh-token.request.dto.js +0 -15
package/src/lib/auth/dto/requests/refresh-token.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/reset-password.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/reset-password.request.dto.js +0 -42
package/src/lib/auth/dto/requests/reset-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js +0 -16
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/signup.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/signup.request.dto.js +0 -37
package/src/lib/auth/dto/requests/signup.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/social-login.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/social-login.request.dto.js +0 -16
package/src/lib/auth/dto/requests/social-login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-2fa.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js +0 -21
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.d.ts +0 -6
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js +0 -35
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js +0 -20
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js.map +0 -1
package/src/lib/auth/dto/responses/auth.response.dto.d.ts +0 -16
package/src/lib/auth/dto/responses/auth.response.dto.js +0 -50
package/src/lib/auth/dto/responses/auth.response.dto.js.map +0 -1
package/src/lib/auth/entities/mfa-secret.entity.d.ts +0 -12
package/src/lib/auth/entities/mfa-secret.entity.js +0 -50
package/src/lib/auth/entities/mfa-secret.entity.js.map +0 -1
package/src/lib/auth/entities/otp.entity.d.ts +0 -13
package/src/lib/auth/entities/otp.entity.js +0 -50
package/src/lib/auth/entities/otp.entity.js.map +0 -1
package/src/lib/auth/events/logged-out-all.event.js +0 -10
package/src/lib/auth/events/logged-out-all.event.js.map +0 -1
package/src/lib/auth/events/logged-out.event.js +0 -10
package/src/lib/auth/events/logged-out.event.js.map +0 -1
package/src/lib/auth/events/password-reset-requested.event.js +0 -10
package/src/lib/auth/events/password-reset-requested.event.js.map +0 -1
package/src/lib/auth/events/password-reset.event.js +0 -10
package/src/lib/auth/events/password-reset.event.js.map +0 -1
package/src/lib/auth/events/user-2fa-verified.event.js +0 -10
package/src/lib/auth/events/user-2fa-verified.event.js.map +0 -1
package/src/lib/auth/events/user-logged-in.event.js +0 -10
package/src/lib/auth/events/user-logged-in.event.js.map +0 -1
package/src/lib/auth/events/user-refresh-token.event.js +0 -10
package/src/lib/auth/events/user-refresh-token.event.js.map +0 -1
package/src/lib/auth/events/user-registered.event.js +0 -10
package/src/lib/auth/events/user-registered.event.js.map +0 -1
package/src/lib/auth/guards/auth.guard.d.ts +0 -28
package/src/lib/auth/guards/auth.guard.js +0 -304
package/src/lib/auth/guards/auth.guard.js.map +0 -1
package/src/lib/auth/index.js +0 -31
package/src/lib/auth/index.js.map +0 -1
package/src/lib/auth/services/auth.service.d.ts +0 -53
package/src/lib/auth/services/auth.service.js +0 -522
package/src/lib/auth/services/auth.service.js.map +0 -1
package/src/lib/auth/services/cookie.service.d.ts +0 -9
package/src/lib/auth/services/cookie.service.js +0 -43
package/src/lib/auth/services/cookie.service.js.map +0 -1
package/src/lib/auth/services/mfa.service.d.ts +0 -38
package/src/lib/auth/services/mfa.service.js +0 -254
package/src/lib/auth/services/mfa.service.js.map +0 -1
package/src/lib/auth.constants.d.ts +0 -39
package/src/lib/auth.constants.js +0 -43
package/src/lib/auth.constants.js.map +0 -1
package/src/lib/core/core.module.d.ts +0 -2
package/src/lib/core/core.module.js +0 -53
package/src/lib/core/core.module.js.map +0 -1
package/src/lib/core/decorators/auth.decorator.d.ts +0 -1
package/src/lib/core/decorators/auth.decorator.js +0 -8
package/src/lib/core/decorators/auth.decorator.js.map +0 -1
package/src/lib/core/decorators/permissions.decorator.d.ts +0 -2
package/src/lib/core/decorators/permissions.decorator.js +0 -14
package/src/lib/core/decorators/permissions.decorator.js.map +0 -1
package/src/lib/core/decorators/role.decorator.d.ts +0 -3
package/src/lib/core/decorators/role.decorator.js +0 -14
package/src/lib/core/decorators/role.decorator.js.map +0 -1
package/src/lib/core/decorators/skip-mfa.decorator.d.ts +0 -2
package/src/lib/core/decorators/skip-mfa.decorator.js +0 -8
package/src/lib/core/decorators/skip-mfa.decorator.js.map +0 -1
package/src/lib/core/dto/message.response.dto.d.ts +0 -3
package/src/lib/core/dto/message.response.dto.js +0 -13
package/src/lib/core/dto/message.response.dto.js.map +0 -1
package/src/lib/core/entities.js +0 -31
package/src/lib/core/entities.js.map +0 -1
package/src/lib/core/index.js +0 -27
package/src/lib/core/index.js.map +0 -1
package/src/lib/core/interfaces/auth-module-options.interface.d.ts +0 -62
package/src/lib/core/interfaces/auth-module-options.interface.js +0 -3
package/src/lib/core/interfaces/auth-module-options.interface.js.map +0 -1
package/src/lib/core/interfaces/mfa-options.interface.d.ts +0 -25
package/src/lib/core/interfaces/mfa-options.interface.js +0 -10
package/src/lib/core/interfaces/mfa-options.interface.js.map +0 -1
package/src/lib/core/interfaces/otp.interface.d.ts +0 -5
package/src/lib/core/interfaces/otp.interface.js +0 -10
package/src/lib/core/interfaces/otp.interface.js.map +0 -1
package/src/lib/core/interfaces/session-options.interface.d.ts +0 -12
package/src/lib/core/interfaces/session-options.interface.js +0 -9
package/src/lib/core/interfaces/session-options.interface.js.map +0 -1
package/src/lib/core/interfaces/token-payload.interface.js +0 -3
package/src/lib/core/interfaces/token-payload.interface.js.map +0 -1
package/src/lib/core/providers/apple-auth.provider.d.ts +0 -18
package/src/lib/core/providers/apple-auth.provider.js +0 -57
package/src/lib/core/providers/apple-auth.provider.js.map +0 -1
package/src/lib/core/providers/base-auth.provider.d.ts +0 -26
package/src/lib/core/providers/base-auth.provider.js +0 -43
package/src/lib/core/providers/base-auth.provider.js.map +0 -1
package/src/lib/core/providers/email-auth.provider.d.ts +0 -17
package/src/lib/core/providers/email-auth.provider.js +0 -40
package/src/lib/core/providers/email-auth.provider.js.map +0 -1
package/src/lib/core/providers/facebook-auth.provider.d.ts +0 -18
package/src/lib/core/providers/facebook-auth.provider.js +0 -56
package/src/lib/core/providers/facebook-auth.provider.js.map +0 -1
package/src/lib/core/providers/google-auth.provider.d.ts +0 -21
package/src/lib/core/providers/google-auth.provider.js +0 -58
package/src/lib/core/providers/google-auth.provider.js.map +0 -1
package/src/lib/core/providers/jwt-auth.provider.d.ts +0 -33
package/src/lib/core/providers/jwt-auth.provider.js +0 -50
package/src/lib/core/providers/jwt-auth.provider.js.map +0 -1
package/src/lib/core/providers/phone-auth.provider.d.ts +0 -18
package/src/lib/core/providers/phone-auth.provider.js +0 -43
package/src/lib/core/providers/phone-auth.provider.js.map +0 -1
package/src/lib/core/services/auth-config.service.d.ts +0 -12
package/src/lib/core/services/auth-config.service.js +0 -79
package/src/lib/core/services/auth-config.service.js.map +0 -1
package/src/lib/core/services/auth-provider-registry.service.d.ts +0 -24
package/src/lib/core/services/auth-provider-registry.service.js +0 -71
package/src/lib/core/services/auth-provider-registry.service.js.map +0 -1
package/src/lib/core/services/debug-logger.service.d.ts +0 -38
package/src/lib/core/services/debug-logger.service.js.map +0 -1
package/src/lib/core/services/initialization.service.d.ts +0 -10
package/src/lib/core/services/initialization.service.js +0 -34
package/src/lib/core/services/initialization.service.js.map +0 -1
package/src/lib/core/services/jwt.service.d.ts +0 -14
package/src/lib/core/services/jwt.service.js +0 -92
package/src/lib/core/services/jwt.service.js.map +0 -1
package/src/lib/nest-auth.module.d.ts +0 -11
package/src/lib/nest-auth.module.js +0 -177
package/src/lib/nest-auth.module.js.map +0 -1
package/src/lib/request-context/request-context.d.ts +0 -22
package/src/lib/request-context/request-context.js.map +0 -1
package/src/lib/request-context/request-context.middleware.d.ts +0 -4
package/src/lib/request-context/request-context.middleware.js +0 -16
package/src/lib/request-context/request-context.middleware.js.map +0 -1
package/src/lib/role/entities/role.entity.d.ts +0 -20
package/src/lib/role/entities/role.entity.js +0 -110
package/src/lib/role/entities/role.entity.js.map +0 -1
package/src/lib/role/index.js +0 -5
package/src/lib/role/index.js.map +0 -1
package/src/lib/role/role.module.d.ts +0 -2
package/src/lib/role/role.module.js +0 -23
package/src/lib/role/role.module.js.map +0 -1
package/src/lib/role/services/role.service.d.ts +0 -20
package/src/lib/role/services/role.service.js.map +0 -1
package/src/lib/session/entities/session.entity.d.ts +0 -16
package/src/lib/session/entities/session.entity.js +0 -63
package/src/lib/session/entities/session.entity.js.map +0 -1
package/src/lib/session/index.d.ts +0 -3
package/src/lib/session/index.js +0 -7
package/src/lib/session/index.js.map +0 -1
package/src/lib/session/services/base-session.service.d.ts +0 -23
package/src/lib/session/services/base-session.service.js +0 -64
package/src/lib/session/services/base-session.service.js.map +0 -1
package/src/lib/session/services/database-session.service.d.ts +0 -17
package/src/lib/session/services/database-session.service.js +0 -51
package/src/lib/session/services/database-session.service.js.map +0 -1
package/src/lib/session/services/redis-session.service.d.ts +0 -20
package/src/lib/session/services/redis-session.service.js +0 -117
package/src/lib/session/services/redis-session.service.js.map +0 -1
package/src/lib/session/session.module.d.ts +0 -2
package/src/lib/session/session.module.js +0 -33
package/src/lib/session/session.module.js.map +0 -1
package/src/lib/tenant/entities/tenant.entity.d.ts +0 -10
package/src/lib/tenant/entities/tenant.entity.js +0 -44
package/src/lib/tenant/entities/tenant.entity.js.map +0 -1
package/src/lib/tenant/events/tenant-created.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-created.event.js +0 -10
package/src/lib/tenant/events/tenant-created.event.js.map +0 -1
package/src/lib/tenant/events/tenant-deleted.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-deleted.event.js +0 -10
package/src/lib/tenant/events/tenant-deleted.event.js.map +0 -1
package/src/lib/tenant/events/tenant-updated.event.js +0 -10
package/src/lib/tenant/events/tenant-updated.event.js.map +0 -1
package/src/lib/tenant/index.d.ts +0 -1
package/src/lib/tenant/index.js +0 -5
package/src/lib/tenant/index.js.map +0 -1
package/src/lib/tenant/services/tenant.service.d.ts +0 -26
package/src/lib/tenant/services/tenant.service.js +0 -200
package/src/lib/tenant/services/tenant.service.js.map +0 -1
package/src/lib/tenant/tenant.module.d.ts +0 -2
package/src/lib/tenant/tenant.module.js +0 -27
package/src/lib/tenant/tenant.module.js.map +0 -1
package/src/lib/user/dto/requests/update-user.dto.d.ts +0 -5
package/src/lib/user/dto/requests/update-user.dto.js +0 -24
package/src/lib/user/dto/requests/update-user.dto.js.map +0 -1
package/src/lib/user/entities/access-key.entity.d.ts +0 -16
package/src/lib/user/entities/access-key.entity.js +0 -63
package/src/lib/user/entities/access-key.entity.js.map +0 -1
package/src/lib/user/entities/identity.entity.d.ts +0 -12
package/src/lib/user/entities/identity.entity.js +0 -47
package/src/lib/user/entities/identity.entity.js.map +0 -1
package/src/lib/user/entities/user.entity.d.ts +0 -39
package/src/lib/user/entities/user.entity.js +0 -201
package/src/lib/user/entities/user.entity.js.map +0 -1
package/src/lib/user/events/user-created.event.js +0 -10
package/src/lib/user/events/user-created.event.js.map +0 -1
package/src/lib/user/events/user-deleted.event.js +0 -10
package/src/lib/user/events/user-deleted.event.js.map +0 -1
package/src/lib/user/events/user-updated.event.js +0 -10
package/src/lib/user/events/user-updated.event.js.map +0 -1
package/src/lib/user/index.d.ts +0 -3
package/src/lib/user/index.js +0 -7
package/src/lib/user/index.js.map +0 -1
package/src/lib/user/services/access-key.service.d.ts +0 -19
package/src/lib/user/services/access-key.service.js +0 -119
package/src/lib/user/services/access-key.service.js.map +0 -1
package/src/lib/user/services/user.service.d.ts +0 -24
package/src/lib/user/services/user.service.js.map +0 -1
package/src/lib/user/user.module.d.ts +0 -2
package/src/lib/user/user.module.js +0 -34
package/src/lib/user/user.module.js.map +0 -1
package/src/lib/utils/database.utils.d.ts +0 -2
package/src/lib/utils/database.utils.js +0 -8
package/src/lib/utils/database.utils.js.map +0 -1
package/src/lib/utils/otp.d.ts +0 -1
package/src/lib/utils/otp.js +0 -7
package/src/lib/utils/otp.js.map +0 -1

package/project.json ADDED Viewed

@@ -0,0 +1,86 @@
+{
+  "name": "nest-auth",
+  "$schema": "../../node_modules/nx/schemas/project-schema.json",
+  "sourceRoot": "packages/nest-auth/src",
+  "projectType": "library",
+  "release": {
+    "version": {
+      "manifestRootsToUpdate": [
+        "dist/{projectRoot}"
+      ],
+      "currentVersionResolver": "git-tag",
+      "fallbackCurrentVersionResolver": "disk"
+    }
+  },
+  "tags": [],
+  "targets": {
+    "build": {
+      "executor": "@nx/js:tsc",
+      "outputs": [
+        "{options.outputPath}"
+      ],
+      "inputs": [
+        "production",
+        "^production",
+        "!{projectRoot}/src/lib/admin-console/static/**"
+      ],
+      "options": {
+        "outputPath": "dist/packages/nest-auth",
+        "tsConfig": "packages/nest-auth/tsconfig.lib.json",
+        "packageJson": "packages/nest-auth/package.json",
+        "main": "packages/nest-auth/src/index.ts",
+        "assets": [
+          "packages/nest-auth/*.md",
+          "packages/nest-auth/src/lib/admin-console/static/**"
+        ]
+      }
+    },
+    "swagger": {
+      "executor": "nx:run-commands",
+      "outputs": [
+        "{workspaceRoot}/apps/docs/public/api/nest-auth.json",
+        "{workspaceRoot}/apps/docs/src/data/openapi/nest-auth.json",
+        "{workspaceRoot}/packages/nest-auth/ui/src/data/nest-auth.json"
+      ],
+      "dependsOn": [
+        "build"
+      ],
+      "inputs": [
+        "production",
+        "^production",
+        "!{workspaceRoot}/apps/docs/public/api/nest-auth.json",
+        "!{workspaceRoot}/apps/docs/src/data/openapi/nest-auth.json",
+        "!{workspaceRoot}/packages/nest-auth/ui/src/data/nest-auth.json"
+      ],
+      "cache": true,
+      "options": {
+        "command": "node tools/scripts/generate-nest-auth-swagger.mjs"
+      }
+    },
+    "nx-release-publish": {
+      "options": {
+        "packageRoot": "dist/{projectRoot}"
+      }
+    },
+    "build-admin-console": {
+      "executor": "nx:run-commands",
+      "outputs": [
+        "{projectRoot}/src/lib/admin-console/static"
+      ],
+      "dependsOn": [
+        "swagger"
+      ],
+      "inputs": [
+        "production",
+        "^production",
+        "!{projectRoot}/src/lib/admin-console/static/**",
+        "{projectRoot}/ui/**"
+      ],
+      "cache": true,
+      "options": {
+        "command": "npm run build",
+        "cwd": "packages/nest-auth/ui"
+      }
+    }
+  }
+}

package/src/index.ts ADDED Viewed

@@ -0,0 +1,30 @@
+export * from './lib/nest-auth.module';
+export * from './lib/auth.constants';
+// Modules
+export * from './lib/auth';
+export * from './lib/session';
+export * from './lib/user';
+export * from './lib/role';
+export * from './lib/tenant';
+export * from './lib/core';
+export * from './lib/request-context';
+// Types and interfaces for configuration
+export {
+  AuthModuleOptions,
+  AuthModuleAsyncOptions,
+  AuthModuleOptionsFactory,
+  DefaultTenantOptions,
+  AdminConsoleOptions,
+} from './lib/core/interfaces/auth-module-options.interface';
+// Static configuration service
+export { AuthConfigService } from './lib/core/services/auth-config.service';
+// Debug logging
+export { DebugLoggerService, DebugLogLevel, DebugLogOptions } from './lib/core/services/debug-logger.service';
+// Admin console exports
+export { AdminUser as NestAuthAdminUser } from './lib/admin-console/entities/admin-user.entity';

package/src/lib/admin-console/admin-console.module.ts ADDED Viewed

@@ -0,0 +1,62 @@
+import { Module, forwardRef } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { AdminUser } from './entities/admin-user.entity';
+import { AdminUserService } from './services/admin-user.service';
+import { AdminAuthService } from './services/admin-auth.service';
+import { AdminSessionService } from './services/admin-session.service';
+import { AdminConsoleController } from './controllers/admin-console.controller';
+import { AdminAuthController } from './controllers/admin-auth.controller';
+import { AdminSessionGuard } from './guards/admin-session.guard';
+import { UserModule } from '../user/user.module';
+import { RoleModule } from '../role/role.module';
+import { TenantModule } from '../tenant/tenant.module';
+import { AdminUsersController } from './controllers/admin-users.controller';
+import { AdminRolesController } from './controllers/admin-roles.controller';
+import { AdminTenantsController } from './controllers/admin-tenants.controller';
+import { AdminPermissionsController } from './controllers/admin-permissions.controller';
+import { AdminConsoleConfigService } from './services/admin-console-config.service';
+import { AuthModule } from '../auth/auth.module';
+import { NestAuthMFASecret } from '../auth/entities/mfa-secret.entity';
+import { NestAuthUser } from '../user/entities/user.entity';
+import { PermissionModule } from '../permission/permission.module';
+import { SessionModule } from '../session/session.module';
+import { NestAuthRole } from '../role/entities/role.entity';
+@Module({
+  imports: [
+    TypeOrmModule.forFeature([AdminUser, NestAuthMFASecret, NestAuthUser, NestAuthRole]),
+    forwardRef(() => AuthModule),
+    forwardRef(() => UserModule),
+    forwardRef(() => RoleModule),
+    forwardRef(() => TenantModule),
+    forwardRef(() => SessionModule),
+    PermissionModule,
+  ],
+  providers: [
+    AdminUserService,
+    AdminAuthService,
+    AdminSessionService,
+    AdminConsoleConfigService,
+    AdminSessionGuard,
+  ],
+  controllers: [
+    // Register API controllers FIRST so they match before the UI catch-all route
+    // More specific routes must be registered before less specific ones
+    AdminAuthController,
+    AdminUsersController,
+    AdminRolesController,
+    AdminTenantsController,
+    AdminPermissionsController,
+    // UI controller LAST - it has catch-all routes that should only match non-API paths
+    AdminConsoleController,
+  ],
+  exports: [
+    AdminUserService,
+    AdminAuthService,
+    AdminSessionService,
+    AdminConsoleConfigService,
+    AdminSessionGuard,
+    TypeOrmModule,
+  ],
+})
+export class AdminConsoleModule { }

package/src/lib/admin-console/controllers/admin-auth.controller.ts ADDED Viewed

@@ -0,0 +1,339 @@
+import {
+  BadRequestException,
+  Body,
+  Controller,
+  Delete,
+  ForbiddenException,
+  Get,
+  Param,
+  Patch,
+  Post,
+  Res,
+  UnauthorizedException,
+  UseGuards,
+} from '@nestjs/common';
+import { Response } from 'express';
+import { AdminAuthService } from '../services/admin-auth.service';
+import { AdminSessionService } from '../services/admin-session.service';
+import { AdminConsoleConfigService } from '../services/admin-console-config.service';
+import { AdminLoginDto } from '../dto/login.dto';
+import { AdminResetPasswordDto } from '../dto/reset-password.dto';
+import { AdminSignupDto } from '../dto/signup.dto';
+import { AdminSessionGuard } from '../guards/admin-session.guard';
+import { CurrentAdmin } from '../decorators/current-admin.decorator';
+import { AdminUser } from '../entities/admin-user.entity';
+import { CreateDashboardAdminDto, UpdateDashboardAdminDto } from '../dto/create-dashboard-admin.dto';
+import { AdminUserService } from '../services/admin-user.service';
+import type { AdminConsoleOptions } from '../../core/interfaces/auth-module-options.interface';
+import { compareKeys } from '../../utils/security.util';
+import { UserService } from '../../user/services/user.service';
+import { RoleService } from '../../role/services/role.service';
+import { TenantService } from '../../tenant/services/tenant.service';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { NestAuthUser } from '../../user/entities/user.entity';
+import { MoreThanOrEqual } from 'typeorm';
+@Controller('auth/admin')
+export class AdminAuthController {
+  constructor(
+    private readonly adminAuth: AdminAuthService,
+    private readonly sessions: AdminSessionService,
+    private readonly config: AdminConsoleConfigService,
+    private readonly adminUsers: AdminUserService,
+    private readonly userService: UserService,
+    private readonly roleService: RoleService,
+    private readonly tenantService: TenantService,
+    @InjectRepository(NestAuthUser)
+    private readonly userRepository: Repository<NestAuthUser>,
+  ) { }
+  private getCookieOptions() {
+    const opts = this.config.getCookieOptions();
+    const maxAge = this.sessions.getMaxAge();
+    if (maxAge) {
+      opts.maxAge = maxAge;
+    }
+    return opts;
+  }
+  @Post('signup')
+  async signup(@Body() dto: AdminSignupDto) {
+    this.config.ensureEnabled();
+    // Validate secret key using constant-time comparison to prevent timing attacks
+    const secretKey = this.config.getSecretKey();
+    console.log('secretKey', secretKey);
+    console.log('dto.secretKey', dto.secretKey);
+    if (!secretKey) {
+      throw new BadRequestException({
+        message: 'Admin console secret key is not configured. Please configure adminConsole.secretKey in AuthModuleOptions.',
+        code: 'ADMIN_CONSOLE_SECRET_NOT_CONFIGURED',
+      });
+    }
+    if (!compareKeys(dto.secretKey, secretKey)) {
+      throw new UnauthorizedException({
+        message: 'Invalid secret key',
+        code: 'INVALID_SECRET_KEY',
+      });
+    }
+    // Create admin user - allows multiple admins (no restriction like initialize)
+    const admin = await this.adminUsers.createAdmin({
+      email: dto.email,
+      password: dto.password,
+      name: dto.name,
+      metadata: dto.metadata || {},
+    });
+    return {
+      message: 'Admin user created successfully',
+      admin: this.toSafeAdmin(admin),
+    };
+  }
+  @Post('login')
+  async login(@Body() dto: AdminLoginDto, @Res({ passthrough: true }) res: Response) {
+    this.config.ensureEnabled();
+    const admin = await this.adminAuth.validateCredentials(dto.email, dto.password);
+    const token = this.sessions.createSession(admin);
+    res.cookie(this.sessions.getCookieName(), token, this.getCookieOptions());
+    return {
+      message: 'Signed in successfully',
+      admin: this.toSafeAdmin(admin),
+    };
+  }
+  @Post('logout')
+  @UseGuards(AdminSessionGuard)
+  async logout(@CurrentAdmin() admin: AdminUser, @Res({ passthrough: true }) res: Response) {
+    // Invalidate server-side session if session ID is available
+    try {
+      await this.sessions.invalidateSessionForAdmin(admin.id);
+    } catch (error) {
+      // Log error but continue with logout to ensure client cookie is cleared
+      console.error('Failed to invalidate admin session:', error);
+    }
+    res.cookie(this.sessions.getCookieName(), '', {
+      ...this.getCookieOptions(),
+      maxAge: 0,
+    });
+    return { message: 'Signed out' };
+  }
+  @Get('me')
+  @UseGuards(AdminSessionGuard)
+  async me(@CurrentAdmin() admin: AdminUser) {
+    return this.toSafeAdmin(admin);
+  }
+  @Get('config')
+  async publicConfig() {
+    // Only return properties that are actually used by the UI
+    return {
+      allowAdminManagement: this.config.allowAdminManagement(),
+    };
+  }
+  @Get('api/stats')
+  @UseGuards(AdminSessionGuard)
+  async getDashboardStats() {
+    // Get total counts efficiently
+    const [totalUsers, activeUsers, verifiedUsers] = await Promise.all([
+      this.userService.countUsers(),
+      this.userService.countUsers({ where: { isActive: true } }),
+      this.userService.countUsers({ where: { isVerified: true } }),
+    ]);
+    // Get roles and tenants counts
+    const roles = await this.roleService.getRoles();
+    const tenants = await this.tenantService.getTenants({ order: { createdAt: 'DESC' } });
+    // Calculate recent signups (last 7 days) - server-side
+    const sevenDaysAgo = new Date();
+    sevenDaysAgo.setDate(sevenDaysAgo.getDate() - 7);
+    sevenDaysAgo.setHours(0, 0, 0, 0);
+    const recentSignups = await this.userService.countUsers({
+      where: { createdAt: MoreThanOrEqual(sevenDaysAgo) },
+    });
+    // Calculate signups per day for the last 7 days using SQL aggregation
+    const dayNames = ['Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat'];
+    const activityData: Array<{ name: string; users: number }> = [];
+    // Initialize with 0 for each day
+    for (let i = 6; i >= 0; i--) {
+      const date = new Date();
+      date.setDate(date.getDate() - i);
+      date.setHours(0, 0, 0, 0);
+      const dayName = dayNames[date.getDay()];
+      activityData.push({ name: dayName, users: 0 });
+    }
+    // Query signups per day - fetch all signups from last 7 days and group in memory
+    // This is more database-agnostic than using DATE() which varies by DB type
+    const sevenDaysAgoStart = new Date();
+    sevenDaysAgoStart.setDate(sevenDaysAgoStart.getDate() - 7);
+    sevenDaysAgoStart.setHours(0, 0, 0, 0);
+    const recentUsers = await this.userRepository.find({
+      where: { createdAt: MoreThanOrEqual(sevenDaysAgoStart) },
+      select: ['createdAt'],
+    });
+    // Group signups by day in memory
+    recentUsers.forEach((user) => {
+      const signupDate = new Date(user.createdAt);
+      signupDate.setHours(0, 0, 0, 0);
+      const today = new Date();
+      today.setHours(0, 0, 0, 0);
+      const daysDiff = Math.floor((today.getTime() - signupDate.getTime()) / (1000 * 60 * 60 * 24));
+      if (daysDiff >= 0 && daysDiff <= 6) {
+        const index = 6 - daysDiff;
+        if (index >= 0 && index < activityData.length) {
+          activityData[index].users += 1;
+        }
+      }
+    });
+    return {
+      stats: {
+        totalUsers,
+        activeUsers,
+        verifiedUsers,
+        totalRoles: roles.length,
+        totalTenants: tenants.length,
+        recentSignups,
+      },
+      activityData,
+    };
+  }
+  @Get('setup-status')
+  async getSetupStatus() {
+    this.config.ensureEnabled();
+    // Check if nest-auth requires setup
+    const userCount = await this.userService.countUsers();
+    const rolesCount = await this.roleService.getRoles();
+    const needsSetup = userCount === 0 || rolesCount.length === 0;
+    return {
+      needsSetup,
+      stats: {
+        usersCount: userCount,
+        rolesCount: rolesCount.length,
+      },
+      setupSteps: [
+        {
+          id: 'roles',
+          title: 'Create Roles',
+          description: 'Set up roles and permissions for your users',
+          completed: rolesCount.length > 0,
+        },
+        {
+          id: 'users',
+          title: 'Create Users',
+          description: 'Add users to your system',
+          completed: userCount > 0,
+        },
+      ],
+    };
+  }
+  @Get('admins')
+  @UseGuards(AdminSessionGuard)
+  async listAdmins() {
+    if (!this.config.allowAdminManagement()) {
+      throw new ForbiddenException('Admin management disabled');
+    }
+    const admins = await this.adminUsers.listAdmins();
+    return {
+      data: admins.map((admin) => this.toSafeAdmin(admin)),
+    };
+  }
+  @Post('admins')
+  @UseGuards(AdminSessionGuard)
+  async createAdmin(@Body() dto: CreateDashboardAdminDto) {
+    if (!this.config.allowAdminManagement()) {
+      throw new ForbiddenException('Admin management disabled');
+    }
+    const admin = await this.adminUsers.createAdmin(dto);
+    return { admin: this.toSafeAdmin(admin) };
+  }
+  @Patch('admins/:id')
+  @UseGuards(AdminSessionGuard)
+  async updateAdmin(@Param('id') id: string, @Body() dto: UpdateDashboardAdminDto) {
+    if (!this.config.allowAdminManagement()) {
+      throw new ForbiddenException('Admin management disabled');
+    }
+    const admin = await this.adminUsers.updateAdmin(id, dto);
+    return { admin: this.toSafeAdmin(admin) };
+  }
+  @Delete('admins/:id')
+  @UseGuards(AdminSessionGuard)
+  async deleteAdmin(@Param('id') id: string) {
+    if (!this.config.allowAdminManagement()) {
+      throw new ForbiddenException('Admin management disabled');
+    }
+    await this.adminUsers.deleteAdmin(id);
+    return { message: 'Admin deleted successfully' };
+  }
+  @Post('reset-password')
+  async resetPassword(@Body() dto: AdminResetPasswordDto) {
+    this.config.ensureEnabled();
+    // Validate secret key using constant-time comparison to prevent timing attacks
+    const secretKey = this.config.getSecretKey();
+    if (!secretKey) {
+      throw new UnauthorizedException({
+        message: 'Admin console secret key not configured',
+        code: 'SECRET_KEY_NOT_CONFIGURED',
+      });
+    }
+    if (!compareKeys(dto.secretKey, secretKey)) {
+      throw new UnauthorizedException({
+        message: 'Invalid secret key',
+        code: 'INVALID_SECRET_KEY',
+      });
+    }
+    // Find the admin by email
+    const admin = await this.adminUsers.findByEmail(dto.email);
+    if (!admin) {
+      // Return generic error to avoid revealing if email exists
+      throw new UnauthorizedException({
+        message: 'Invalid credentials',
+        code: 'INVALID_CREDENTIALS',
+      });
+    }
+    // Update the password
+    await this.adminUsers.updateAdmin(admin.id, { password: dto.newPassword });
+    return {
+      message: 'Password reset successfully',
+    };
+  }
+  private toSafeAdmin(admin: AdminUser) {
+    return {
+      id: admin.id,
+      email: admin.email,
+      name: admin.name,
+      metadata: admin.metadata ?? {},
+      lastLoginAt: admin.lastLoginAt,
+      createdAt: admin.createdAt,
+      updatedAt: admin.updatedAt,
+    };
+  }
+}

package/src/lib/admin-console/controllers/admin-console.controller.ts ADDED Viewed

@@ -0,0 +1,82 @@
+import { Controller, Get, Logger, OnModuleInit, Param, Res } from '@nestjs/common';
+import { Response } from 'express';
+import { join } from 'path';
+import { existsSync, readFileSync } from 'fs';
+import { AdminConsoleConfigService } from '../services/admin-console-config.service';
+const candidateStaticRoots = [
+  // When the library itself is built (dist/packages/nest-auth/...)
+  join(__dirname, '..', 'static'),
+  // When the library is consumed via ts-node/tsconfig paths during development
+  join(process.cwd(), 'packages', 'nest-auth', 'src', 'lib', 'admin-console', 'static'),
+  // When the consumer (apps/nest-examples) compiles everything into dist/apps/...
+  join(process.cwd(), 'dist', 'apps', 'nest-examples', 'packages', 'nest-auth', 'src', 'lib', 'admin-console', 'static'),
+  // Generic fallback: dist/packages/... in monorepo root
+  join(process.cwd(), 'dist', 'packages', 'nest-auth', 'src', 'lib', 'admin-console', 'static'),
+];
+function resolveStaticRoot(): string {
+  for (const root of candidateStaticRoots) {
+    if (existsSync(join(root, 'index.html'))) {
+      return root;
+    }
+  }
+  return candidateStaticRoots[1];
+}
+@Controller('auth/admin')
+export class AdminConsoleController implements OnModuleInit {
+  private readonly logger = new Logger(AdminConsoleController.name);
+  private cachedIndexHtml: string | null = null;
+  private staticRoot = resolveStaticRoot();
+  private readonly indexPath = join(this.staticRoot, 'index.html');
+  constructor(private readonly config: AdminConsoleConfigService) { }
+  onModuleInit() {
+    if (!existsSync(this.indexPath)) {
+      this.logger.error('Admin console index.html not found at startup', { path: this.indexPath });
+      throw new Error(`Admin console index.html not found at ${this.indexPath}`);
+    }
+    try {
+      this.cachedIndexHtml = readFileSync(this.indexPath, 'utf8');
+      this.logger.log('Admin console index.html cached successfully');
+    } catch (error) {
+      this.logger.error('Failed to read admin console index.html on startup', { path: this.indexPath, message: error.message }, error.stack);
+    }
+  }
+  @Get()
+  async serveIndex(@Res() res: Response) {
+    this.config.ensureEnabled();
+    if (!this.cachedIndexHtml) {
+      this.logger.error('Cached index.html is not available');
+      res.status(500).send('Internal Server Error');
+      return;
+    }
+    try {
+      let content = this.cachedIndexHtml;
+      const basePath = this.config.getBasePath();
+      const config = { basePath };
+      const js = `window.__NEST_AUTH_CONFIG__ = ${JSON.stringify(config)};`;
+      // Inject external config script tag to satisfy CSP (no inline script)
+      const configScriptTag = `<script>${js}</script>`;
+      // Insert config script before closing </head> tag or at the start of <body>
+      if (content.includes('<head>')) {
+        content = content.replace('<head>', `${configScriptTag}<head>`);
+      }
+      res.setHeader('Content-Type', 'text/html');
+      res.send(content);
+    } catch (error) {
+      this.logger.error('Failed to serve admin console index.html', { path: this.indexPath, message: error.message }, error.stack);
+      res.status(500).send('Internal Server Error');
+    }
+  }
+}