@ackplus/nest-auth 0.1.50 → 1.1.0

package/src/lib/auth/dto/responses/auth.response.dto.ts

@@ -0,0 +1,99 @@
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+
+/**
+ * Authentication tokens response
+ */
+export class AuthTokensResponseDto {
+    @ApiProperty({
+        description: 'JWT access token (short-lived)',
+        example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJpYXQiOjE2OTk5OTk5OTksImV4cCI6MTY5OTk5OTk5OX0.xyz',
+    })
+    accessToken: string;
+
+    @ApiProperty({
+        description: 'JWT refresh token (long-lived)',
+        example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVzaCIsImlhdCI6MTY5OTk5OTk5OX0.abc',
+    })
+    refreshToken: string;
+}
+
+/**
+ * User information response
+ */
+export class UserResponseDto {
+    @ApiProperty({
+        description: 'User unique identifier',
+        example: '123e4567-e89b-12d3-a456-426614174000',
+    })
+    id: string;
+
+    @ApiPropertyOptional({
+        description: 'User email address',
+        example: 'user@example.com',
+    })
+    email?: string;
+
+    @ApiPropertyOptional({
+        description: 'User phone number',
+        example: '+1234567890',
+    })
+    phone?: string;
+
+    @ApiProperty({
+        description: 'Email verification status',
+        example: true,
+    })
+    isVerified: boolean;
+
+    @ApiPropertyOptional({
+        description: 'Additional user metadata',
+        example: { firstName: 'John', lastName: 'Doe' },
+    })
+    metadata?: Record<string, any>;
+}
+
+/**
+ * Authentication Response with Tokens DTO
+ *
+ * Used in header mode (accessTokenType: 'header')
+ * Returns tokens in the response body along with message and status.
+ */
+export class AuthWithTokensResponseDto extends AuthTokensResponseDto {
+    @ApiPropertyOptional({
+        description: 'Success message (added by controller based on configuration)',
+        example: 'Login successful',
+    })
+    message?: string;
+
+    @ApiProperty({
+        description: 'Whether multi-factor authentication is required',
+        example: false,
+    })
+    isRequiresMfa: boolean;
+
+    @ApiPropertyOptional({
+        description: 'User information',
+        type: UserResponseDto,
+    })
+    user?: UserResponseDto;
+}
+
+// Alias for backward compatibility
+export type AuthResponseDto = AuthWithTokensResponseDto;
+
+/**
+ * Two-factor Authentication Response with Tokens DTO
+ *
+ * Used in header mode (accessTokenType: 'header')
+ * Returns tokens in the response body after successful 2FA verification.
+ */
+export class Verify2faWithTokensResponseDto extends AuthTokensResponseDto {
+    @ApiPropertyOptional({
+        description: 'Verification success message (added by controller)',
+        example: '2FA verification successful',
+    })
+    message?: string;
+}
+
+// Alias for backward compatibility
+export type Verify2faResponseDto = Verify2faWithTokensResponseDto;

package/src/lib/auth/dto/responses/client-config.response.dto.ts

@@ -0,0 +1,153 @@
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+import { RegistrationCollectProfileField } from '../../../core/interfaces/auth-module-options.interface';
+
+export class EmailAuthConfigDto {
+    @ApiProperty({ example: true })
+    enabled: boolean;
+}
+
+export class PhoneAuthConfigDto {
+    @ApiProperty({ example: false })
+    enabled: boolean;
+}
+
+export class RegistrationConfigDto {
+    @ApiProperty({ example: true, description: 'Whether user registration is enabled' })
+    enabled: boolean;
+
+    @ApiPropertyOptional({ example: false, description: 'Whether registration requires an invitation' })
+    requireInvitation?: boolean;
+
+    @ApiPropertyOptional({
+        description: 'Additional profile fields to collect during registration',
+        type: 'array',
+        items: {
+            type: 'object',
+            properties: {
+                id: { type: 'string' },
+                label: { type: 'string' },
+                required: { type: 'boolean' },
+                type: { type: 'string', enum: ['text', 'email', 'phone', 'select', 'checkbox', 'password'] },
+                placeholder: { type: 'string' },
+                options: {
+                    type: 'array',
+                    items: {
+                        type: 'object',
+                        properties: {
+                            label: { type: 'string' },
+                            value: { type: 'string' },
+                        },
+                    },
+                },
+            },
+        },
+    })
+    collectProfileFields?: Array<RegistrationCollectProfileField>;
+}
+
+export class MfaConfigDto {
+    @ApiProperty({ example: true })
+    enabled: boolean;
+
+    @ApiPropertyOptional({ example: ['email', 'totp'], isArray: true })
+    methods?: string[];
+
+    @ApiPropertyOptional({ example: true })
+    allowUserToggle?: boolean;
+
+    @ApiPropertyOptional({ example: true })
+    allowMethodSelection?: boolean;
+}
+
+export class TenantOptionDto {
+    @ApiProperty()
+    id: string;
+
+    @ApiProperty()
+    name: string;
+
+    @ApiProperty()
+    slug: string;
+
+    @ApiProperty()
+    isActive: boolean;
+
+    @ApiPropertyOptional()
+    metadata?: Record<string, any>;
+}
+
+export class TenantsConfigDto {
+    @ApiProperty({ example: 'single', enum: ['single', 'multi'] })
+    mode: 'single' | 'multi';
+
+    @ApiPropertyOptional({ nullable: true })
+    defaultTenantId: string | null;
+
+    @ApiPropertyOptional({ type: [TenantOptionDto] })
+    options?: TenantOptionDto[];
+}
+
+export class SsoProviderConfigDto {
+    @ApiProperty()
+    id: string;
+
+    @ApiProperty()
+    name: string;
+
+    @ApiPropertyOptional()
+    logoUrl?: string;
+
+    @ApiPropertyOptional()
+    authorizationUrl?: string;
+
+    @ApiPropertyOptional()
+    clientId?: string;
+
+    @ApiPropertyOptional()
+    hint?: string;
+}
+
+export class SsoConfigDto {
+    @ApiProperty({ example: false })
+    enabled: boolean;
+
+    @ApiPropertyOptional({ type: [SsoProviderConfigDto] })
+    providers?: SsoProviderConfigDto[];
+}
+
+export class UiConfigDto {
+    @ApiPropertyOptional()
+    brandName?: string;
+
+    @ApiPropertyOptional()
+    brandColor?: string;
+
+    @ApiPropertyOptional()
+    logoUrl?: string;
+
+    @ApiPropertyOptional()
+    backgroundImageUrl?: string;
+}
+
+export class ClientConfigResponseDto {
+    @ApiProperty({ type: EmailAuthConfigDto })
+    emailAuth: EmailAuthConfigDto;
+
+    @ApiProperty({ type: PhoneAuthConfigDto })
+    phoneAuth: PhoneAuthConfigDto;
+
+    @ApiProperty({ type: RegistrationConfigDto })
+    registration: RegistrationConfigDto;
+
+    @ApiProperty({ type: MfaConfigDto })
+    mfa: MfaConfigDto;
+
+    @ApiProperty({ type: TenantsConfigDto })
+    tenants: TenantsConfigDto;
+
+    @ApiProperty({ type: SsoConfigDto })
+    sso: SsoConfigDto;
+
+    @ApiPropertyOptional({ type: UiConfigDto })
+    ui?: UiConfigDto;
+}

package/src/lib/auth/dto/responses/initialize-admin.response.dto.ts

@@ -0,0 +1,22 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { UserResponseDto } from './auth.response.dto';
+
+export class InitializeAdminResponseDto {
+    @ApiProperty({
+        description: 'Success message',
+        example: 'Super admin created successfully'
+    })
+    message: string;
+
+    @ApiProperty({
+        description: 'Created admin user details',
+        type: UserResponseDto
+    })
+    user: UserResponseDto;
+
+    @ApiProperty({
+        description: 'Assigned role name',
+        example: 'super-admin'
+    })
+    role: string;
+}

package/src/lib/auth/dto/responses/mfa-code-response.dto.ts

@@ -0,0 +1,27 @@
+import { ApiProperty } from '@nestjs/swagger';
+
+export class MfaCodeResponseDto {
+    @ApiProperty({
+        description: 'Current MFA code for testing purposes (development only)',
+        example: '123456',
+    })
+    code: string;
+
+    @ApiProperty({
+        description: 'Code expiration timestamp',
+        example: '2024-01-01T12:00:00.000Z',
+    })
+    expiresAt: Date;
+
+    @ApiProperty({
+        description: 'Whether the code has been used',
+        example: false,
+    })
+    used: boolean;
+
+    @ApiProperty({
+        description: 'Warning message about development-only usage',
+        example: 'This endpoint is only available in development/test environments',
+    })
+    warning?: string;
+}

package/src/lib/auth/dto/responses/mfa-status.response.dto.ts

@@ -0,0 +1,89 @@
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+import { MFAMethodEnum } from '../../../core';
+
+export class MfaDeviceDto {
+    @ApiProperty({
+        description: 'Unique identifier of the MFA device',
+        example: '4b3c9c9c-9a9d-4d1e-8d9f-123456789abc',
+    })
+    id: string;
+
+    @ApiProperty({
+        description: 'Friendly name of the registered device',
+        example: 'Work laptop',
+    })
+    deviceName: string;
+
+    @ApiProperty({
+        description: 'MFA method this device supports',
+        enum: MFAMethodEnum,
+        example: MFAMethodEnum.TOTP,
+    })
+    method: MFAMethodEnum;
+
+    @ApiPropertyOptional({
+        description: 'Timestamp of when the device was last used',
+        example: '2024-05-20T12:34:56.000Z',
+    })
+    lastUsedAt?: Date | null;
+
+    @ApiProperty({
+        description: 'Whether the device setup has been verified',
+        example: true,
+    })
+    verified: boolean;
+
+    @ApiPropertyOptional({
+        description: 'Timestamp of when the device was registered',
+        example: '2024-05-18T10:15:00.000Z',
+    })
+    createdAt?: Date | null;
+}
+
+export class MfaStatusResponseDto {
+    @ApiProperty({
+        description: 'Whether MFA is currently enabled for the user',
+        example: true,
+    })
+    isEnabled: boolean;
+
+    @ApiProperty({
+        description: 'MFA methods currently active for the user',
+        enum: MFAMethodEnum,
+        isArray: true,
+        example: [MFAMethodEnum.EMAIL, MFAMethodEnum.TOTP],
+    })
+    enabledMethods: MFAMethodEnum[];
+
+    @ApiProperty({
+        description: 'All MFA methods available to the user based on backend configuration',
+        enum: MFAMethodEnum,
+        isArray: true,
+        example: [MFAMethodEnum.EMAIL, MFAMethodEnum.TOTP],
+    })
+    availableMethods: MFAMethodEnum[];
+
+    @ApiProperty({
+        description: 'Indicates if MFA toggling is allowed for the user',
+        example: true,
+    })
+    allowUserToggle: boolean;
+
+    @ApiProperty({
+        description: 'Indicates if users can choose their preferred MFA method',
+        example: true,
+    })
+    allowMethodSelection: boolean;
+
+    @ApiProperty({
+        description: 'Registered TOTP devices for the user',
+        type: [MfaDeviceDto],
+    })
+    totpDevices: MfaDeviceDto[];
+
+    @ApiProperty({
+        description: 'Whether a recovery code has been generated for the user',
+        example: false,
+    })
+    hasRecoveryCode: boolean;
+}

package/src/lib/auth/dto/responses/verify-otp.response.dto.ts

@@ -0,0 +1,9 @@
+import { ApiProperty } from '@nestjs/swagger';
+
+export class VerifyOtpResponseDto {
+    @ApiProperty({ description: 'Success message' })
+    message: string;
+
+    @ApiProperty({ description: 'Password reset token - use this to reset password', required: false })
+    resetToken?: string;
+}

package/src/lib/auth/entities/mfa-secret.entity.ts

@@ -0,0 +1,33 @@
+import { Entity, PrimaryGeneratedColumn, Column, CreateDateColumn, UpdateDateColumn, ManyToOne, JoinColumn } from 'typeorm';
+import { NestAuthUser } from '../../user/entities/user.entity';
+
+@Entity('nest_auth_mfa_secrets')
+export class NestAuthMFASecret {
+    @PrimaryGeneratedColumn('uuid')
+    id: string;
+
+    @Column()
+    userId: string;
+
+    @ManyToOne(() => NestAuthUser, user => user.mfaSecrets, { onDelete: 'CASCADE' })
+    @JoinColumn({ name: 'userId' })
+    user: NestAuthUser;
+
+    @Column()
+    secret: string;
+
+    @Column({ default: false })
+    verified: boolean;
+
+    @Column({ nullable: true })
+    deviceName: string;
+
+    @Column({ nullable: true })
+    lastUsedAt: Date;
+
+    @CreateDateColumn()
+    createdAt: Date;
+
+    @UpdateDateColumn()
+    updatedAt: Date;
+}

package/src/lib/auth/entities/otp.entity.ts

@@ -0,0 +1,33 @@
+import { Entity, PrimaryGeneratedColumn, Column, CreateDateColumn, ManyToOne, UpdateDateColumn } from 'typeorm';
+import { NestAuthUser } from '../../user/entities/user.entity';
+import { OTPTypeEnum } from '../../core/interfaces/otp.interface';
+
+@Entity('nest_auth_otps')
+export class NestAuthOTP {
+    @PrimaryGeneratedColumn('uuid')
+    id: string;
+
+    @Column()
+    userId: string;
+
+    @Column()
+    code: string;
+
+    @Column({ type: 'text' })
+    type: OTPTypeEnum;
+
+    @Column()
+    expiresAt: Date;
+
+    @Column({ default: false })
+    used: boolean;
+
+    @CreateDateColumn()
+    createdAt: Date;
+
+    @UpdateDateColumn()
+    updatedAt: Date;
+
+    @ManyToOne(() => NestAuthUser, user => user.otps, { onDelete: 'CASCADE' })
+    user: NestAuthUser;
+}

package/src/lib/auth/events/{logged-out-all.event.d.ts → logged-out-all.event.ts}

@@ -1,5 +1,6 @@
 import { SessionPayload } from "../../core";
 import { NestAuthUser } from "../../user/entities/user.entity";
+
 export interface LoggedOutAllEventPayload {
     user: NestAuthUser;
     tenantId?: string;
@@ -9,7 +10,9 @@ export interface LoggedOutAllEventPayload {
     reason?: string;
     currentSessionId?: string;
 }
-export declare class LoggedOutAllEvent {
-    readonly payload: LoggedOutAllEventPayload;
-    constructor(payload: LoggedOutAllEventPayload);
+
+export class LoggedOutAllEvent {
+    constructor(
+        public readonly payload: LoggedOutAllEventPayload,
+    ) { }
 }

package/src/lib/auth/events/{logged-out.event.d.ts → logged-out.event.ts}

@@ -7,7 +7,9 @@ export interface LoggedOutEventPayload {
     logoutType: 'user' | 'admin' | 'system';
     reason?: string;
 }
-export declare class LoggedOutEvent {
-    readonly payload: LoggedOutEventPayload;
-    constructor(payload: LoggedOutEventPayload);
+
+export class LoggedOutEvent {
+    constructor(
+        public readonly payload: LoggedOutEventPayload,
+    ) { }
 }

package/src/lib/auth/events/{password-reset-requested.event.d.ts → password-reset-requested.event.ts}

@@ -2,6 +2,7 @@ import { NestAuthUser } from "../../user/entities/user.entity";
 import { ForgotPasswordRequestDto } from "../dto/requests/forgot-password.request.dto";
 import { BaseAuthProvider } from "../../core/providers/base-auth.provider";
 import { NestAuthOTP } from "../entities/otp.entity";
+
 export interface PasswordResetRequestedEventPayload {
     user: NestAuthUser;
     tenantId?: string;
@@ -9,7 +10,9 @@ export interface PasswordResetRequestedEventPayload {
     otp: NestAuthOTP;
     provider: BaseAuthProvider;
 }
-export declare class PasswordResetRequestedEvent {
-    readonly payload: PasswordResetRequestedEventPayload;
-    constructor(payload: PasswordResetRequestedEventPayload);
+
+export class PasswordResetRequestedEvent {
+    constructor(
+        public readonly payload: PasswordResetRequestedEventPayload,
+    ) { }
 }

package/src/lib/auth/events/{password-reset.event.d.ts → password-reset.event.ts}

@@ -1,11 +1,14 @@
 import { NestAuthUser } from "../../user/entities/user.entity";
 import { ResetPasswordRequestDto } from "../dto/requests/reset-password.request.dto";
+
 export interface PasswordResetEventPayload {
     user: NestAuthUser;
     tenantId?: string;
     input: ResetPasswordRequestDto;
 }
-export declare class PasswordResetEvent {
-    readonly payload: PasswordResetEventPayload;
-    constructor(payload: PasswordResetEventPayload);
+
+export class PasswordResetEvent {
+    constructor(
+        public readonly payload: PasswordResetEventPayload,
+    ) { }
 }

package/src/lib/auth/events/{user-2fa-verified.event.d.ts → user-2fa-verified.event.ts}

@@ -2,6 +2,7 @@ import { NestAuthUser } from "../../user/entities/user.entity";
 import { Verify2faRequestDto } from "../dto/requests/verify-2fa.request.dto";
 import { SessionPayload } from "../../core";
 import { AuthTokensResponseDto } from "../dto/responses/auth.response.dto";
+
 export interface User2faVerifiedEventPayload {
     user: NestAuthUser;
     tenantId?: string;
@@ -9,7 +10,9 @@ export interface User2faVerifiedEventPayload {
     session: SessionPayload;
     tokens: AuthTokensResponseDto;
 }
-export declare class User2faVerifiedEvent {
-    readonly payload: User2faVerifiedEventPayload;
-    constructor(payload: User2faVerifiedEventPayload);
+
+export class User2faVerifiedEvent {
+    constructor(
+        public readonly payload: User2faVerifiedEventPayload,
+    ) { }
 }

package/src/lib/auth/events/{user-logged-in.event.d.ts → user-logged-in.event.ts}

@@ -3,6 +3,7 @@ import { AuthTokensResponseDto } from "../dto/responses/auth.response.dto";
 import { LoginRequestDto } from "../dto/requests/login.request.dto";
 import { SessionPayload } from "../../core";
 import { BaseAuthProvider } from "../../core/providers/base-auth.provider";
+
 export interface UserLoggedInEventPayload {
     user: NestAuthUser;
     tenantId?: string;
@@ -12,7 +13,10 @@ export interface UserLoggedInEventPayload {
     tokens: AuthTokensResponseDto;
     isRequiresMfa: boolean;
 }
-export declare class UserLoggedInEvent {
-    readonly payload: UserLoggedInEventPayload;
-    constructor(payload: UserLoggedInEventPayload);
+
+// User Management Events
+export class UserLoggedInEvent {
+    constructor(
+        public readonly payload: UserLoggedInEventPayload,
+    ) { }
 }

package/src/lib/auth/events/{user-refresh-token.event.d.ts → user-refresh-token.event.ts}

@@ -1,11 +1,14 @@
 import { SessionPayload } from "../../core";
 import { AuthTokensResponseDto } from "../dto/responses/auth.response.dto";
+
 export interface UserRefreshTokenEventPayload {
     session: SessionPayload;
     tokens: AuthTokensResponseDto;
     oldRefreshToken: string;
 }
-export declare class UserRefreshTokenEvent {
-    readonly payload: UserRefreshTokenEventPayload;
-    constructor(payload: UserRefreshTokenEventPayload);
+
+export class UserRefreshTokenEvent {
+    constructor(
+        public readonly payload: UserRefreshTokenEventPayload,
+    ) { }
 }

package/src/lib/auth/events/{user-registered.event.d.ts → user-registered.event.ts}

@@ -3,6 +3,7 @@ import { AuthTokensResponseDto } from "../dto/responses/auth.response.dto";
 import { SignupRequestDto } from "../dto/requests/signup.request.dto";
 import { SessionPayload } from "../../core";
 import { BaseAuthProvider } from "../../core/providers/base-auth.provider";
+
 export interface UserRegisteredEventPayload {
     user: NestAuthUser;
     tenantId?: string;
@@ -12,7 +13,10 @@ export interface UserRegisteredEventPayload {
     tokens: AuthTokensResponseDto;
     isRequiresMfa: boolean;
 }
-export declare class UserRegisteredEvent {
-    readonly payload: UserRegisteredEventPayload;
-    constructor(payload: UserRegisteredEventPayload);
+
+// User Management Events
+export class UserRegisteredEvent {
+    constructor(
+        public readonly payload: UserRegisteredEventPayload,
+    ) { }
 }