npm - @ackplus/nest-auth - Versions diffs - 0.1.51 → 1.1.0 - Mend

@ackplus/nest-auth 0.1.51 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (505) hide show

package/README.md +6 -513
package/eslint.config.mjs +59 -0
package/jest.config.ts +10 -0
package/package.json +14 -44
package/project.json +86 -0
package/src/index.ts +30 -0
package/src/lib/admin-console/admin-console.module.ts +62 -0
package/src/lib/admin-console/controllers/admin-auth.controller.ts +339 -0
package/src/lib/admin-console/controllers/admin-console.controller.ts +82 -0
package/src/lib/admin-console/controllers/admin-permissions.controller.ts +180 -0
package/src/lib/admin-console/controllers/admin-roles.controller.ts +89 -0
package/src/lib/admin-console/controllers/admin-tenants.controller.ts +68 -0
package/src/lib/admin-console/controllers/admin-users.controller.ts +379 -0
package/src/lib/admin-console/decorators/current-admin.decorator.ts +9 -0
package/src/lib/admin-console/dto/admin-permission.dto.ts +106 -0
package/src/lib/admin-console/dto/admin-role.dto.ts +45 -0
package/src/lib/admin-console/dto/admin-tenant.dto.ts +43 -0
package/src/lib/admin-console/dto/admin-user.dto.ts +87 -0
package/src/lib/admin-console/dto/create-dashboard-admin.dto.ts +34 -0
package/src/lib/admin-console/dto/login.dto.ts +10 -0
package/src/lib/admin-console/dto/reset-password.dto.ts +21 -0
package/src/lib/admin-console/dto/setup-admin.dto.ts +23 -0
package/src/lib/admin-console/dto/signup.dto.ts +51 -0
package/src/lib/admin-console/entities/admin-user.entity.ts +74 -0
package/src/lib/admin-console/guards/admin-session.guard.ts +47 -0
package/src/lib/admin-console/services/admin-auth.service.ts +82 -0
package/src/lib/admin-console/services/admin-console-config.service.ts +62 -0
package/src/lib/admin-console/services/admin-session.service.ts +106 -0
package/src/lib/admin-console/services/admin-user.service.ts +96 -0
package/src/lib/admin-console/static/index.html +771 -0
package/src/lib/auth/auth.module.ts +58 -0
package/src/lib/auth/controllers/auth.controller.ts +393 -0
package/src/lib/auth/controllers/mfa.controller.ts +200 -0
package/src/lib/auth/dto/credentials/email-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/phone-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/social-credentials.dto.ts +15 -0
package/src/lib/auth/dto/index.ts +1 -0
package/src/lib/auth/dto/requests/change-password.request.dto.ts +34 -0
package/src/lib/auth/dto/requests/forgot-password.request.dto.ts +30 -0
package/src/lib/auth/dto/requests/initialize-admin.request.dto.ts +51 -0
package/src/lib/auth/dto/requests/login.request.dto.ts +65 -0
package/src/lib/auth/dto/requests/refresh-token.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/reset-password-with-token.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/reset-password.request.dto.ts +50 -0
package/src/lib/auth/dto/requests/send-email-verification.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.ts +19 -0
package/src/lib/auth/dto/requests/signup.request.dto.ts +42 -0
package/src/lib/auth/dto/requests/toggle-mfa.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/verify-2fa.request.dto.ts +24 -0
package/src/lib/auth/dto/requests/verify-email.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.ts +41 -0
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.ts +22 -0
package/src/lib/auth/dto/responses/auth-cookie.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth-success.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth.response.dto.ts +99 -0
package/src/lib/auth/dto/responses/client-config.response.dto.ts +153 -0
package/src/lib/auth/dto/responses/initialize-admin.response.dto.ts +22 -0
package/src/lib/auth/dto/responses/mfa-code-response.dto.ts +27 -0
package/src/lib/auth/dto/responses/mfa-status.response.dto.ts +89 -0
package/src/lib/auth/dto/responses/verify-otp.response.dto.ts +9 -0
package/src/lib/auth/entities/mfa-secret.entity.ts +33 -0
package/src/lib/auth/entities/otp.entity.ts +33 -0
package/src/lib/auth/events/{logged-out-all.event.d.ts → logged-out-all.event.ts} +6 -3
package/src/lib/auth/events/{logged-out.event.d.ts → logged-out.event.ts} +5 -3
package/src/lib/auth/events/{password-reset-requested.event.d.ts → password-reset-requested.event.ts} +6 -3
package/src/lib/auth/events/{password-reset.event.d.ts → password-reset.event.ts} +6 -3
package/src/lib/auth/events/{user-2fa-verified.event.d.ts → user-2fa-verified.event.ts} +6 -3
package/src/lib/auth/events/{user-logged-in.event.d.ts → user-logged-in.event.ts} +7 -3
package/src/lib/auth/events/{user-refresh-token.event.d.ts → user-refresh-token.event.ts} +6 -3
package/src/lib/auth/events/{user-registered.event.d.ts → user-registered.event.ts} +7 -3
package/src/lib/auth/guards/auth.guard.ts +386 -0
package/src/lib/auth/{index.d.ts → index.ts} +28 -1
package/src/lib/auth/interceptors/refresh-token.interceptor.ts +117 -0
package/src/lib/auth/services/auth.service.ts +947 -0
package/src/lib/auth/services/client-config.service.ts +157 -0
package/src/lib/auth/services/cookie.service.ts +43 -0
package/src/lib/auth/services/mfa.service.ts +391 -0
package/src/lib/auth.constants.ts +63 -0
package/src/lib/core/core.module.ts +50 -0
package/src/lib/core/decorators/auth.decorator.ts +38 -0
package/src/lib/core/decorators/permissions.decorator.ts +17 -0
package/src/lib/core/decorators/public.decorator.ts +33 -0
package/src/lib/core/decorators/role.decorator.ts +12 -0
package/src/lib/core/decorators/skip-mfa.decorator.ts +4 -0
package/src/lib/core/dto/message.response.dto.ts +6 -0
package/src/lib/core/{entities.d.ts → entities.ts} +18 -1
package/src/lib/core/{index.d.ts → index.ts} +17 -0
package/src/lib/core/interfaces/auth-module-options.interface.ts +211 -0
package/src/lib/core/interfaces/mfa-options.interface.ts +46 -0
package/src/lib/core/interfaces/otp.interface.ts +6 -0
package/src/lib/core/interfaces/session-options.interface.ts +19 -0
package/src/lib/core/interfaces/{token-payload.interface.d.ts → token-payload.interface.ts} +4 -1
package/src/lib/core/providers/apple-auth.provider.ts +61 -0
package/src/lib/core/providers/base-auth.provider.ts +74 -0
package/src/lib/core/providers/email-auth.provider.ts +71 -0
package/src/lib/core/providers/facebook-auth.provider.ts +55 -0
package/src/lib/core/providers/github-auth.provider.ts +79 -0
package/src/lib/core/providers/google-auth.provider.ts +61 -0
package/src/lib/core/providers/jwt-auth.provider.ts +50 -0
package/src/lib/core/providers/phone-auth.provider.ts +45 -0
package/src/lib/core/services/auth-config.service.ts +184 -0
package/src/lib/core/services/auth-provider-registry.service.ts +93 -0
package/src/lib/core/services/{debug-logger.service.js → debug-logger.service.ts} +92 -59
package/src/lib/core/services/initialization.service.ts +29 -0
package/src/lib/core/services/jwt.service.ts +137 -0
package/src/lib/nest-auth.module.ts +152 -0
package/src/lib/permission/entities/permission.entity.ts +56 -0
package/src/lib/permission/index.ts +4 -0
package/src/lib/permission/permission.module.ts +14 -0
package/src/lib/permission/services/permission.service.ts +233 -0
package/src/lib/request-context/index.ts +2 -0
package/src/lib/request-context/request-context.middleware.ts +13 -0
package/src/lib/request-context/{request-context.js → request-context.ts} +51 -27
package/src/lib/role/entities/role.entity.ts +103 -0
package/src/lib/role/{index.d.ts → index.ts} +2 -0
package/src/lib/role/role.module.ts +15 -0
package/src/lib/role/services/{role.service.js → role.service.ts} +117 -52
package/src/lib/session/entities/session.entity.ts +54 -0
package/src/lib/session/index.ts +20 -0
package/src/lib/session/interfaces/session-repository.interface.ts +58 -0
package/src/lib/session/repositories/base-session.repository.ts +74 -0
package/src/lib/session/repositories/memory-session.repository.ts +153 -0
package/src/lib/session/repositories/redis-session.repository.ts +171 -0
package/src/lib/session/repositories/typeorm-session.repository.ts +86 -0
package/src/lib/session/services/session-manager.service.ts +261 -0
package/src/lib/session/session.module.ts +102 -0
package/src/lib/session/utils/session.util.ts +166 -0
package/src/lib/tenant/entities/tenant.entity.ts +40 -0
package/src/lib/tenant/events/tenant-created.event.ts +9 -0
package/src/lib/tenant/events/tenant-deleted.event.ts +11 -0
package/src/lib/tenant/events/{tenant-updated.event.d.ts → tenant-updated.event.ts} +6 -3
package/src/lib/tenant/index.ts +9 -0
package/src/lib/tenant/services/tenant.service.ts +336 -0
package/src/lib/tenant/tenant.module.ts +19 -0
package/src/lib/types/express.d.ts +14 -0
package/src/lib/user/dto/requests/update-user.dto.ts +15 -0
package/src/lib/user/entities/access-key.entity.ts +53 -0
package/src/lib/user/entities/identity.entity.ts +31 -0
package/src/lib/user/entities/user.entity.ts +212 -0
package/src/lib/user/events/{user-created.event.d.ts → user-created.event.ts} +4 -3
package/src/lib/user/events/{user-deleted.event.d.ts → user-deleted.event.ts} +6 -3
package/src/lib/user/events/{user-updated.event.d.ts → user-updated.event.ts} +6 -3
package/src/lib/user/index.ts +11 -0
package/src/lib/user/services/access-key.service.ts +145 -0
package/src/lib/user/services/{user.service.js → user.service.ts} +199 -95
package/src/lib/user/user.module.ts +26 -0
package/src/lib/utils/database.utils.ts +6 -0
package/src/lib/utils/date.util.ts +106 -0
package/src/lib/utils/device.util.ts +111 -0
package/src/lib/utils/index.ts +6 -0
package/src/lib/utils/otp.ts +3 -0
package/src/lib/utils/security.util.ts +27 -0
package/src/lib/utils/slug.util.ts +58 -0
package/src/types/ms.d.ts +1 -0
package/test/access-key.service.spec.ts +204 -0
package/test/auth.service.spec.ts +541 -0
package/test/mfa.service.spec.ts +359 -0
package/test/role.service.spec.ts +418 -0
package/test/tenant.service.spec.ts +218 -0
package/test/test.setup.ts +66 -0
package/test/user.service.spec.ts +374 -0
package/tsconfig.json +17 -0
package/tsconfig.lib.json +15 -0
package/tsconfig.spec.json +15 -0
package/tsconfig.tsbuildinfo +1 -1
package/ui/.env +1 -0
package/ui/.env.example +1 -0
package/ui/.eslintignore +7 -0
package/ui/README.md +288 -0
package/ui/index.html +17 -0
package/ui/package.json +34 -0
package/ui/postcss.config.js +6 -0
package/ui/src/App.tsx +245 -0
package/ui/src/components/AuthGuard.tsx +59 -0
package/ui/src/components/AuthProvider.tsx +76 -0
package/ui/src/components/Button.tsx +37 -0
package/ui/src/components/Card.tsx +37 -0
package/ui/src/components/ErrorMessage.tsx +15 -0
package/ui/src/components/FormDialog.tsx +61 -0
package/ui/src/components/FormFooter.tsx +37 -0
package/ui/src/components/Layout.tsx +112 -0
package/ui/src/components/LoadingMessage.tsx +11 -0
package/ui/src/components/Modal.tsx +97 -0
package/ui/src/components/MultiSelect.tsx +145 -0
package/ui/src/components/PageHeader.tsx +42 -0
package/ui/src/components/PanelHeader.tsx +28 -0
package/ui/src/components/PermissionInput.tsx +473 -0
package/ui/src/components/SearchInput.tsx +69 -0
package/ui/src/components/Select.tsx +51 -0
package/ui/src/components/SwaggerUIWrapper.tsx +316 -0
package/ui/src/components/Table.tsx +207 -0
package/ui/src/components/Tag.tsx +9 -0
package/ui/src/components/TagsInput.tsx +96 -0
package/ui/src/components/admin/AdminForm.tsx +170 -0
package/ui/src/components/admin/CreateAdminDialog.tsx +38 -0
package/ui/src/components/auth/LoginFooter.tsx +17 -0
package/ui/src/components/auth/LoginHeader.tsx +14 -0
package/ui/src/components/auth/components/CodeBlock.tsx +43 -0
package/ui/src/components/auth/components/CreateAccountCodeExamples.tsx +60 -0
package/ui/src/components/auth/components/PasswordRequirements.tsx +16 -0
package/ui/src/components/auth/components/PasswordStrengthIndicator.tsx +48 -0
package/ui/src/components/auth/components/ResetPasswordCodeExamples.tsx +76 -0
package/ui/src/components/auth/components/Tabs.tsx +32 -0
package/ui/src/components/auth/dialogs/CreateAccountDialog.tsx +79 -0
package/ui/src/components/auth/dialogs/ForgotPasswordDialog.tsx +79 -0
package/ui/src/components/auth/forms/CreateAccountForm.tsx +226 -0
package/ui/src/components/auth/forms/LoginForm.tsx +149 -0
package/ui/src/components/auth/forms/ResetPasswordForm.tsx +202 -0
package/ui/src/components/auth/types.ts +17 -0
package/ui/src/components/auth/utils/security.ts +82 -0
package/ui/src/components/auth/utils/utils.ts +25 -0
package/ui/src/components/form/EmailField.tsx +25 -0
package/ui/src/components/form/FormField.tsx +102 -0
package/ui/src/components/form/FormMultiSelect.tsx +46 -0
package/ui/src/components/form/FormSelect.tsx +60 -0
package/ui/src/components/form/FormTagsInput.tsx +42 -0
package/ui/src/components/form/FormTextarea.tsx +42 -0
package/ui/src/components/form/PasswordField.tsx +93 -0
package/ui/src/components/form/SecretKeyField.tsx +49 -0
package/ui/src/components/permission/CreatePermissionDialog.tsx +44 -0
package/ui/src/components/permission/EditPermissionDialog.tsx +55 -0
package/ui/src/components/permission/PermissionForm.tsx +251 -0
package/ui/src/components/role/CreateRoleDialog.tsx +45 -0
package/ui/src/components/role/EditRoleDialog.tsx +55 -0
package/ui/src/components/role/RoleDialog.tsx +252 -0
package/ui/src/components/role/RoleForm.tsx +246 -0
package/ui/src/components/tenant/CreateTenantDialog.tsx +41 -0
package/ui/src/components/tenant/EditTenantDialog.tsx +52 -0
package/ui/src/components/tenant/TenantForm.tsx +160 -0
package/ui/src/components/user/CreateUserDialog.tsx +45 -0
package/ui/src/components/user/UserDetailModal.tsx +815 -0
package/ui/src/components/user/UserForm.tsx +191 -0
package/ui/src/data/nest-auth.json +1687 -0
package/ui/src/hooks/useApi.ts +69 -0
package/ui/src/hooks/useAuth.ts +100 -0
package/ui/src/hooks/useConfirm.tsx +105 -0
package/ui/src/hooks/useFormFooter.tsx +42 -0
package/ui/src/hooks/usePagination.ts +69 -0
package/ui/src/index.css +59 -0
package/ui/src/main.tsx +13 -0
package/ui/src/pages/AdminsPage.tsx +178 -0
package/ui/src/pages/ApiPage.tsx +89 -0
package/ui/src/pages/DashboardPage.tsx +281 -0
package/ui/src/pages/LoginPage.tsx +39 -0
package/ui/src/pages/PermissionsPage.tsx +376 -0
package/ui/src/pages/RolesPage.tsx +274 -0
package/ui/src/pages/TenantsPage.tsx +221 -0
package/ui/src/pages/UsersPage.tsx +387 -0
package/ui/src/services/api.ts +115 -0
package/ui/src/types/index.ts +136 -0
package/ui/src/vite-env.d.ts +9 -0
package/ui/tailwind.config.js +45 -0
package/ui/tsconfig.json +24 -0
package/ui/tsconfig.node.json +10 -0
package/ui/vite.config.ts +37 -0
package/ui/yarn.lock +3137 -0
package/src/index.d.ts +0 -11
package/src/index.js +0 -18
package/src/index.js.map +0 -1
package/src/lib/auth/auth.module.d.ts +0 -2
package/src/lib/auth/auth.module.js +0 -54
package/src/lib/auth/auth.module.js.map +0 -1
package/src/lib/auth/controllers/auth.controller.d.ts +0 -29
package/src/lib/auth/controllers/auth.controller.js +0 -206
package/src/lib/auth/controllers/auth.controller.js.map +0 -1
package/src/lib/auth/controllers/mfa.controller.d.ts +0 -23
package/src/lib/auth/controllers/mfa.controller.js +0 -131
package/src/lib/auth/controllers/mfa.controller.js.map +0 -1
package/src/lib/auth/dto/index.d.ts +0 -0
package/src/lib/auth/dto/index.js +0 -1
package/src/lib/auth/dto/index.js.map +0 -1
package/src/lib/auth/dto/requests/forgot-password.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/forgot-password.request.dto.js +0 -30
package/src/lib/auth/dto/requests/forgot-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/login.request.dto.d.ts +0 -6
package/src/lib/auth/dto/requests/login.request.dto.js +0 -38
package/src/lib/auth/dto/requests/login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/refresh-token.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/refresh-token.request.dto.js +0 -15
package/src/lib/auth/dto/requests/refresh-token.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/reset-password.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/reset-password.request.dto.js +0 -42
package/src/lib/auth/dto/requests/reset-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js +0 -16
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/signup.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/signup.request.dto.js +0 -37
package/src/lib/auth/dto/requests/signup.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/social-login.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/social-login.request.dto.js +0 -16
package/src/lib/auth/dto/requests/social-login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-2fa.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js +0 -21
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.d.ts +0 -6
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js +0 -35
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js +0 -20
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js.map +0 -1
package/src/lib/auth/dto/responses/auth.response.dto.d.ts +0 -16
package/src/lib/auth/dto/responses/auth.response.dto.js +0 -50
package/src/lib/auth/dto/responses/auth.response.dto.js.map +0 -1
package/src/lib/auth/entities/mfa-secret.entity.d.ts +0 -12
package/src/lib/auth/entities/mfa-secret.entity.js +0 -50
package/src/lib/auth/entities/mfa-secret.entity.js.map +0 -1
package/src/lib/auth/entities/otp.entity.d.ts +0 -13
package/src/lib/auth/entities/otp.entity.js +0 -50
package/src/lib/auth/entities/otp.entity.js.map +0 -1
package/src/lib/auth/events/logged-out-all.event.js +0 -10
package/src/lib/auth/events/logged-out-all.event.js.map +0 -1
package/src/lib/auth/events/logged-out.event.js +0 -10
package/src/lib/auth/events/logged-out.event.js.map +0 -1
package/src/lib/auth/events/password-reset-requested.event.js +0 -10
package/src/lib/auth/events/password-reset-requested.event.js.map +0 -1
package/src/lib/auth/events/password-reset.event.js +0 -10
package/src/lib/auth/events/password-reset.event.js.map +0 -1
package/src/lib/auth/events/user-2fa-verified.event.js +0 -10
package/src/lib/auth/events/user-2fa-verified.event.js.map +0 -1
package/src/lib/auth/events/user-logged-in.event.js +0 -10
package/src/lib/auth/events/user-logged-in.event.js.map +0 -1
package/src/lib/auth/events/user-refresh-token.event.js +0 -10
package/src/lib/auth/events/user-refresh-token.event.js.map +0 -1
package/src/lib/auth/events/user-registered.event.js +0 -10
package/src/lib/auth/events/user-registered.event.js.map +0 -1
package/src/lib/auth/guards/auth.guard.d.ts +0 -28
package/src/lib/auth/guards/auth.guard.js +0 -304
package/src/lib/auth/guards/auth.guard.js.map +0 -1
package/src/lib/auth/index.js +0 -31
package/src/lib/auth/index.js.map +0 -1
package/src/lib/auth/services/auth.service.d.ts +0 -53
package/src/lib/auth/services/auth.service.js +0 -522
package/src/lib/auth/services/auth.service.js.map +0 -1
package/src/lib/auth/services/cookie.service.d.ts +0 -9
package/src/lib/auth/services/cookie.service.js +0 -43
package/src/lib/auth/services/cookie.service.js.map +0 -1
package/src/lib/auth/services/mfa.service.d.ts +0 -38
package/src/lib/auth/services/mfa.service.js +0 -254
package/src/lib/auth/services/mfa.service.js.map +0 -1
package/src/lib/auth.constants.d.ts +0 -39
package/src/lib/auth.constants.js +0 -43
package/src/lib/auth.constants.js.map +0 -1
package/src/lib/core/core.module.d.ts +0 -2
package/src/lib/core/core.module.js +0 -53
package/src/lib/core/core.module.js.map +0 -1
package/src/lib/core/decorators/auth.decorator.d.ts +0 -1
package/src/lib/core/decorators/auth.decorator.js +0 -8
package/src/lib/core/decorators/auth.decorator.js.map +0 -1
package/src/lib/core/decorators/permissions.decorator.d.ts +0 -2
package/src/lib/core/decorators/permissions.decorator.js +0 -14
package/src/lib/core/decorators/permissions.decorator.js.map +0 -1
package/src/lib/core/decorators/role.decorator.d.ts +0 -3
package/src/lib/core/decorators/role.decorator.js +0 -14
package/src/lib/core/decorators/role.decorator.js.map +0 -1
package/src/lib/core/decorators/skip-mfa.decorator.d.ts +0 -2
package/src/lib/core/decorators/skip-mfa.decorator.js +0 -8
package/src/lib/core/decorators/skip-mfa.decorator.js.map +0 -1
package/src/lib/core/dto/message.response.dto.d.ts +0 -3
package/src/lib/core/dto/message.response.dto.js +0 -13
package/src/lib/core/dto/message.response.dto.js.map +0 -1
package/src/lib/core/entities.js +0 -31
package/src/lib/core/entities.js.map +0 -1
package/src/lib/core/index.js +0 -27
package/src/lib/core/index.js.map +0 -1
package/src/lib/core/interfaces/auth-module-options.interface.d.ts +0 -62
package/src/lib/core/interfaces/auth-module-options.interface.js +0 -3
package/src/lib/core/interfaces/auth-module-options.interface.js.map +0 -1
package/src/lib/core/interfaces/mfa-options.interface.d.ts +0 -25
package/src/lib/core/interfaces/mfa-options.interface.js +0 -10
package/src/lib/core/interfaces/mfa-options.interface.js.map +0 -1
package/src/lib/core/interfaces/otp.interface.d.ts +0 -5
package/src/lib/core/interfaces/otp.interface.js +0 -10
package/src/lib/core/interfaces/otp.interface.js.map +0 -1
package/src/lib/core/interfaces/session-options.interface.d.ts +0 -12
package/src/lib/core/interfaces/session-options.interface.js +0 -9
package/src/lib/core/interfaces/session-options.interface.js.map +0 -1
package/src/lib/core/interfaces/token-payload.interface.js +0 -3
package/src/lib/core/interfaces/token-payload.interface.js.map +0 -1
package/src/lib/core/providers/apple-auth.provider.d.ts +0 -18
package/src/lib/core/providers/apple-auth.provider.js +0 -57
package/src/lib/core/providers/apple-auth.provider.js.map +0 -1
package/src/lib/core/providers/base-auth.provider.d.ts +0 -26
package/src/lib/core/providers/base-auth.provider.js +0 -43
package/src/lib/core/providers/base-auth.provider.js.map +0 -1
package/src/lib/core/providers/email-auth.provider.d.ts +0 -17
package/src/lib/core/providers/email-auth.provider.js +0 -40
package/src/lib/core/providers/email-auth.provider.js.map +0 -1
package/src/lib/core/providers/facebook-auth.provider.d.ts +0 -18
package/src/lib/core/providers/facebook-auth.provider.js +0 -56
package/src/lib/core/providers/facebook-auth.provider.js.map +0 -1
package/src/lib/core/providers/google-auth.provider.d.ts +0 -21
package/src/lib/core/providers/google-auth.provider.js +0 -58
package/src/lib/core/providers/google-auth.provider.js.map +0 -1
package/src/lib/core/providers/jwt-auth.provider.d.ts +0 -33
package/src/lib/core/providers/jwt-auth.provider.js +0 -50
package/src/lib/core/providers/jwt-auth.provider.js.map +0 -1
package/src/lib/core/providers/phone-auth.provider.d.ts +0 -18
package/src/lib/core/providers/phone-auth.provider.js +0 -43
package/src/lib/core/providers/phone-auth.provider.js.map +0 -1
package/src/lib/core/services/auth-config.service.d.ts +0 -12
package/src/lib/core/services/auth-config.service.js +0 -79
package/src/lib/core/services/auth-config.service.js.map +0 -1
package/src/lib/core/services/auth-provider-registry.service.d.ts +0 -24
package/src/lib/core/services/auth-provider-registry.service.js +0 -71
package/src/lib/core/services/auth-provider-registry.service.js.map +0 -1
package/src/lib/core/services/debug-logger.service.d.ts +0 -38
package/src/lib/core/services/debug-logger.service.js.map +0 -1
package/src/lib/core/services/initialization.service.d.ts +0 -10
package/src/lib/core/services/initialization.service.js +0 -34
package/src/lib/core/services/initialization.service.js.map +0 -1
package/src/lib/core/services/jwt.service.d.ts +0 -14
package/src/lib/core/services/jwt.service.js +0 -92
package/src/lib/core/services/jwt.service.js.map +0 -1
package/src/lib/nest-auth.module.d.ts +0 -11
package/src/lib/nest-auth.module.js +0 -177
package/src/lib/nest-auth.module.js.map +0 -1
package/src/lib/request-context/request-context.d.ts +0 -22
package/src/lib/request-context/request-context.js.map +0 -1
package/src/lib/request-context/request-context.middleware.d.ts +0 -4
package/src/lib/request-context/request-context.middleware.js +0 -16
package/src/lib/request-context/request-context.middleware.js.map +0 -1
package/src/lib/role/entities/role.entity.d.ts +0 -20
package/src/lib/role/entities/role.entity.js +0 -110
package/src/lib/role/entities/role.entity.js.map +0 -1
package/src/lib/role/index.js +0 -5
package/src/lib/role/index.js.map +0 -1
package/src/lib/role/role.module.d.ts +0 -2
package/src/lib/role/role.module.js +0 -23
package/src/lib/role/role.module.js.map +0 -1
package/src/lib/role/services/role.service.d.ts +0 -20
package/src/lib/role/services/role.service.js.map +0 -1
package/src/lib/session/entities/session.entity.d.ts +0 -16
package/src/lib/session/entities/session.entity.js +0 -63
package/src/lib/session/entities/session.entity.js.map +0 -1
package/src/lib/session/index.d.ts +0 -3
package/src/lib/session/index.js +0 -7
package/src/lib/session/index.js.map +0 -1
package/src/lib/session/services/base-session.service.d.ts +0 -23
package/src/lib/session/services/base-session.service.js +0 -64
package/src/lib/session/services/base-session.service.js.map +0 -1
package/src/lib/session/services/database-session.service.d.ts +0 -17
package/src/lib/session/services/database-session.service.js +0 -51
package/src/lib/session/services/database-session.service.js.map +0 -1
package/src/lib/session/services/redis-session.service.d.ts +0 -20
package/src/lib/session/services/redis-session.service.js +0 -117
package/src/lib/session/services/redis-session.service.js.map +0 -1
package/src/lib/session/session.module.d.ts +0 -2
package/src/lib/session/session.module.js +0 -33
package/src/lib/session/session.module.js.map +0 -1
package/src/lib/tenant/entities/tenant.entity.d.ts +0 -10
package/src/lib/tenant/entities/tenant.entity.js +0 -44
package/src/lib/tenant/entities/tenant.entity.js.map +0 -1
package/src/lib/tenant/events/tenant-created.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-created.event.js +0 -10
package/src/lib/tenant/events/tenant-created.event.js.map +0 -1
package/src/lib/tenant/events/tenant-deleted.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-deleted.event.js +0 -10
package/src/lib/tenant/events/tenant-deleted.event.js.map +0 -1
package/src/lib/tenant/events/tenant-updated.event.js +0 -10
package/src/lib/tenant/events/tenant-updated.event.js.map +0 -1
package/src/lib/tenant/index.d.ts +0 -1
package/src/lib/tenant/index.js +0 -5
package/src/lib/tenant/index.js.map +0 -1
package/src/lib/tenant/services/tenant.service.d.ts +0 -26
package/src/lib/tenant/services/tenant.service.js +0 -200
package/src/lib/tenant/services/tenant.service.js.map +0 -1
package/src/lib/tenant/tenant.module.d.ts +0 -2
package/src/lib/tenant/tenant.module.js +0 -27
package/src/lib/tenant/tenant.module.js.map +0 -1
package/src/lib/user/dto/requests/update-user.dto.d.ts +0 -5
package/src/lib/user/dto/requests/update-user.dto.js +0 -24
package/src/lib/user/dto/requests/update-user.dto.js.map +0 -1
package/src/lib/user/entities/access-key.entity.d.ts +0 -16
package/src/lib/user/entities/access-key.entity.js +0 -63
package/src/lib/user/entities/access-key.entity.js.map +0 -1
package/src/lib/user/entities/identity.entity.d.ts +0 -12
package/src/lib/user/entities/identity.entity.js +0 -47
package/src/lib/user/entities/identity.entity.js.map +0 -1
package/src/lib/user/entities/user.entity.d.ts +0 -39
package/src/lib/user/entities/user.entity.js +0 -201
package/src/lib/user/entities/user.entity.js.map +0 -1
package/src/lib/user/events/user-created.event.js +0 -10
package/src/lib/user/events/user-created.event.js.map +0 -1
package/src/lib/user/events/user-deleted.event.js +0 -10
package/src/lib/user/events/user-deleted.event.js.map +0 -1
package/src/lib/user/events/user-updated.event.js +0 -10
package/src/lib/user/events/user-updated.event.js.map +0 -1
package/src/lib/user/index.d.ts +0 -3
package/src/lib/user/index.js +0 -7
package/src/lib/user/index.js.map +0 -1
package/src/lib/user/services/access-key.service.d.ts +0 -19
package/src/lib/user/services/access-key.service.js +0 -119
package/src/lib/user/services/access-key.service.js.map +0 -1
package/src/lib/user/services/user.service.d.ts +0 -24
package/src/lib/user/services/user.service.js.map +0 -1
package/src/lib/user/user.module.d.ts +0 -2
package/src/lib/user/user.module.js +0 -34
package/src/lib/user/user.module.js.map +0 -1
package/src/lib/utils/database.utils.d.ts +0 -2
package/src/lib/utils/database.utils.js +0 -8
package/src/lib/utils/database.utils.js.map +0 -1
package/src/lib/utils/otp.d.ts +0 -1
package/src/lib/utils/otp.js +0 -7
package/src/lib/utils/otp.js.map +0 -1

package/src/lib/auth/guards/auth.guard.ts ADDED Viewed

@@ -0,0 +1,386 @@
+import { Injectable, CanActivate, ExecutionContext, UnauthorizedException, ForbiddenException } from '@nestjs/common';
+import { UNAUTHORIZED_EXCEPTION_CODE } from '../../auth.constants';
+import { Reflector } from '@nestjs/core';
+import { Request, Response } from 'express';
+import { JwtService } from '../../core/services/jwt.service';
+import { SessionManagerService } from '../../session/services/session-manager.service';
+import { AccessKeyService } from '../../user/services/access-key.service';
+import { JWTTokenPayload } from '../../core/interfaces/token-payload.interface';
+import { SKIP_MFA_KEY } from '../../core/decorators/skip-mfa.decorator';
+import { PERMISSIONS_KEY } from '../../core/decorators/permissions.decorator';
+import { ROLES_KEY } from '../../core/decorators/role.decorator';
+// Key for optional auth metadata
+export const OPTIONAL_AUTH_KEY = 'optional_auth';
+/**
+ * NestAuthAuthGuard
+ *
+ * Handles authentication and authorization for protected routes.
+ * Token refresh is handled by RefreshTokenInterceptor (applied globally).
+ *
+ * This guard verifies:
+ * - JWT tokens (Bearer)
+ * - API keys
+ * - MFA requirements
+ * - Roles and permissions
+ *
+ * Note: For automatic token refresh, enable RefreshTokenInterceptor globally.
+ */
+@Injectable()
+export class NestAuthAuthGuard implements CanActivate {
+    constructor(
+        private reflector: Reflector,
+        private jwtService: JwtService,
+        private sessionManager: SessionManagerService,
+        private accessKeyService: AccessKeyService,
+    ) { }
+    async canActivate(context: ExecutionContext): Promise<boolean> {
+        const request = context.switchToHttp().getRequest<Request>() as any;
+        const response = context.switchToHttp().getResponse<Response>();
+        // Check if authentication is optional
+        const isOptional = this.reflector.getAllAndOverride<boolean>(OPTIONAL_AUTH_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        // Initialize request properties
+        request.user = null;
+        request.session = null;
+        request.accessKey = null;
+        request.authType = null;
+        const authHeader = request.headers.authorization;
+        // If no auth header
+        if (!authHeader) {
+            if (isOptional) {
+                // Optional auth: allow request to proceed without user data
+                return true;
+            } else {
+                // Required auth: throw error
+                throw new UnauthorizedException({
+                    message: 'No authentication provided',
+                    code: 'NO_AUTH'
+                });
+            }
+        }
+        const [type, token] = authHeader.split(' ');
+        if (!type || !token) {
+            if (isOptional) {
+                return true;
+            } else {
+                throw new UnauthorizedException({
+                    message: 'Invalid authentication format',
+                    code: 'INVALID_AUTH_FORMAT'
+                });
+            }
+        }
+        // Handle authentication
+        let isAuthenticated = false;
+        try {
+            switch (type.toLowerCase()) {
+                case 'bearer':
+                    isAuthenticated = await this.handleJwtAuth(context, request, response, token, isOptional);
+                    break;
+                case 'apikey':
+                    isAuthenticated = await this.handleApiKeyAuth(request, token, isOptional);
+                    break;
+                default:
+                    if (isOptional) {
+                        // Invalid auth type, but optional - proceed without user data
+                        return true;
+                    } else {
+                        throw new UnauthorizedException({
+                            message: 'Invalid authentication type',
+                            code: 'INVALID_AUTH_TYPE'
+                        });
+                    }
+            }
+        } catch (error) {
+            if (isOptional) {
+                // If optional auth fails, silently proceed without user data
+                return true;
+            } else {
+                // If required auth fails, re-throw the error
+                throw error;
+            }
+        }
+        // If authentication failed and it's required, stop here
+        if (!isAuthenticated && !isOptional) {
+            return false;
+        }
+        // After successful authentication, check authorization (roles, permissions)
+        // Only check authorization if user is authenticated
+        if (isAuthenticated && request.user) {
+            await this.checkAuthorization(context, request);
+        }
+        return true;
+    }
+    private async handleJwtAuth(context: ExecutionContext, request: any, response: Response, token: string, isOptional: boolean = false): Promise<boolean> {
+        try {
+            // Verify the JWT token
+            const payload = await this.jwtService.verifyToken(token);
+            request.user = payload;
+            request.authType = 'jwt';
+            // Verify session exists
+            const session = await this.sessionManager.getSession(payload.sessionId as string);
+            if (!session) {
+                if (isOptional) {
+                    // Session not found but auth is optional - reset user data and continue
+                    request.user = null;
+                    request.authType = null;
+                    return false;
+                } else {
+                    throw new UnauthorizedException({
+                        message: 'Session not found',
+                        code: UNAUTHORIZED_EXCEPTION_CODE
+                    });
+                }
+            }
+            request.session = session;
+            // Check MFA requirements
+            await this.checkMfa(context, payload, isOptional);
+            return true;
+        } catch (error) {
+            // Token verification failed
+            // Note: Token refresh is handled by RefreshTokenInterceptor
+            if (isOptional) {
+                // Auth is optional - continue without user data
+                return false;
+            } else {
+                throw new UnauthorizedException({
+                    message: 'Invalid or expired token',
+                    code: UNAUTHORIZED_EXCEPTION_CODE
+                });
+            }
+        }
+    }
+    private async handleApiKeyAuth(request: any, token: string, isOptional: boolean = false): Promise<boolean> {
+        // Split the token into public and private parts
+        const [publicKey, privateKey] = token.split('.');
+        if (!publicKey || !privateKey) {
+            if (isOptional) {
+                // Invalid format but auth is optional - continue without user data
+                return false;
+            } else {
+                throw new UnauthorizedException({
+                    message: 'Invalid API key format',
+                    code: 'INVALID_API_KEY_FORMAT'
+                });
+            }
+        }
+        try {
+            // Validate API key pair
+            const isValid = await this.accessKeyService.validateAccessKey(publicKey, privateKey);
+            if (!isValid) {
+                if (isOptional) {
+                    // Invalid API key but auth is optional - continue without user data
+                    return false;
+                } else {
+                    throw new UnauthorizedException({
+                        message: 'Invalid API key',
+                        code: 'INVALID_API_KEY'
+                    });
+                }
+            }
+            // Get access key details
+            const accessKey = await this.accessKeyService.getAccessKey(publicKey);
+            // Update last used timestamp
+            await this.accessKeyService.updateAccessKeyLastUsed(publicKey);
+            // Attach user and access key to request
+            request.user = accessKey.user;
+            request.accessKey = accessKey;
+            request.authType = 'api-key';
+            return true;
+        } catch (error) {
+            if (isOptional) {
+                // API key validation failed but auth is optional - continue without user data
+                return false;
+            } else {
+                throw error;
+            }
+        }
+    }
+    private async checkMfa(context: ExecutionContext, payload: JWTTokenPayload, isOptional: boolean = false): Promise<void> {
+        // Check if MFA should be skipped
+        const skipMfa = this.reflector.getAllAndOverride<boolean>(SKIP_MFA_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        // Get MFA status from token
+        const isMfaEnabled = payload.isMfaEnabled;
+        const isMfaVerified = payload.isMfaVerified;
+        // If MFA is enabled and not verified, and route is not marked to skip MFA, require MFA verification
+        if (isMfaEnabled && !isMfaVerified && !skipMfa) {
+            if (isOptional) {
+                // MFA required but auth is optional - this creates a conflict
+                // In this case, we should not set user data since MFA is not verified
+                throw new Error('MFA verification required - cannot proceed with optional auth');
+            } else {
+                throw new UnauthorizedException({
+                    message: 'Multi-factor authentication is required',
+                    code: UNAUTHORIZED_EXCEPTION_CODE
+                });
+            }
+        }
+    }
+    /**
+     * Check authorization (roles, permissions) after successful authentication
+     */
+    private async checkAuthorization(context: ExecutionContext, request: Request): Promise<void> {
+        // Get required permissions and roles from decorators
+        const requiredPermissions = this.getRequiredPermissions(context);
+        const requiredRoles = this.getRequiredRoles(context);
+        // If no authorization requirements, allow access
+        if (!requiredPermissions.length && !requiredRoles.length) {
+            return;
+        }
+        const user = request.user;
+        // Check if user exists
+        if (!user) {
+            throw new ForbiddenException('Access denied: User not authenticated');
+        }
+        // Check roles if required
+        if (requiredRoles.length > 0) {
+            this.checkRoles(user, requiredRoles);
+        }
+        // Check permissions if required
+        if (requiredPermissions.length > 0) {
+            this.checkPermissions(user, requiredPermissions);
+        }
+    }
+    /**
+     * Get required permissions from decorator
+     */
+    private getRequiredPermissions(context: ExecutionContext): string[] {
+        let permissions = this.reflector.getAllAndOverride<string[] | string>(
+            PERMISSIONS_KEY,
+            [context.getHandler(), context.getClass()],
+        );
+        if (!permissions) {
+            return [];
+        }
+        // Normalize to array
+        return typeof permissions === 'string' ? [permissions] : permissions;
+    }
+    /**
+     * Get required roles from decorator
+     */
+    private getRequiredRoles(context: ExecutionContext): string[] {
+        let roles = this.reflector.getAllAndOverride<string[] | string>(
+            ROLES_KEY,
+            [context.getHandler(), context.getClass()],
+        );
+        if (!roles) {
+            return [];
+        }
+        // Normalize to array
+        return typeof roles === 'string' ? [roles] : roles;
+    }
+    /**
+     * Check if user has required roles
+     */
+    private checkRoles(user: any, requiredRoles: string[]): void {
+        if (!user.roles || !Array.isArray(user.roles)) {
+            throw new ForbiddenException('Access denied: No roles assigned');
+        }
+        // Get active role names
+        const userRoleNames = user.roles
+            .filter(role => role.isActive)
+            .map(role => role.name);
+        // Check if user has all required roles
+        const hasAllRoles = requiredRoles.every(role => userRoleNames.includes(role));
+        if (!hasAllRoles) {
+            const missingRoles = requiredRoles.filter(role => !userRoleNames.includes(role));
+            throw new ForbiddenException(
+                `Access denied: Missing required roles: ${missingRoles.join(', ')}`
+            );
+        }
+    }
+    /**
+     * Check if user has required permissions
+     */
+    private checkPermissions(user: any, requiredPermissions: string[]): void {
+        if (!user.roles || !Array.isArray(user.roles)) {
+            throw new ForbiddenException('Access denied: No roles assigned for permission check');
+        }
+        // Get all permissions from user's roles
+        const userPermissions = this.getUserPermissions(user.roles);
+        // Check if user has all required permissions
+        const hasAllPermissions = requiredPermissions.every(permission =>
+            userPermissions.includes(permission)
+        );
+        if (!hasAllPermissions) {
+            const missingPermissions = requiredPermissions.filter(permission =>
+                !userPermissions.includes(permission)
+            );
+            throw new ForbiddenException(
+                `Access denied: Missing required permissions: ${missingPermissions.join(', ')}`
+            );
+        }
+    }
+    /**
+     * Extract all permissions from user's roles
+     */
+    private getUserPermissions(roles: any[]): string[] {
+        const permissions = new Set<string>();
+        roles.forEach(role => {
+            // Skip inactive roles
+            if (!role.isActive) {
+                return;
+            }
+            // Add permissions from this role
+            if (role.permissions && Array.isArray(role.permissions)) {
+                role.permissions.forEach(permission => permissions.add(permission));
+            }
+        });
+        return Array.from(permissions);
+    }
+}

package/src/lib/auth/{index.d.ts → index.ts} RENAMED Viewed

@@ -1,5 +1,11 @@
+// Guards
 export * from './guards/auth.guard';
 export { OPTIONAL_AUTH_KEY } from './guards/auth.guard';
+// Interceptors
+export * from './interceptors/refresh-token.interceptor';
+// Events
 export * from './events/logged-out-all.event';
 export * from './events/logged-out.event';
 export * from './events/password-reset-requested.event';
@@ -8,18 +14,39 @@ export * from './events/user-2fa-verified.event';
 export * from './events/user-logged-in.event';
 export * from './events/user-refresh-token.event';
 export * from './events/user-registered.event';
+// Services
 export * from './services/auth.service';
 export * from './services/cookie.service';
 export * from './services/mfa.service';
+export * from './services/client-config.service';
+// Controllers
 export * from './controllers/auth.controller';
 export * from './controllers/mfa.controller';
+// DTOs
 export * from './dto/requests/login.request.dto';
 export * from './dto/requests/signup.request.dto';
-export * from './dto/requests/social-login.request.dto';
+export * from './dto/credentials/social-credentials.dto';
+export * from './dto/credentials/email-credentials.dto';
+export * from './dto/credentials/phone-credentials.dto';
 export * from './dto/requests/forgot-password.request.dto';
 export * from './dto/requests/reset-password.request.dto';
+export * from './dto/requests/reset-password-with-token.request.dto';
+export * from './dto/requests/verify-forgot-password-otp-request-dto';
 export * from './dto/requests/send-mfa-code.request.dto';
+export * from './dto/requests/change-password.request.dto';
+export * from './dto/requests/toggle-mfa.request.dto';
 export * from './dto/requests/refresh-token.request.dto';
 export * from './dto/requests/verify-2fa.request.dto';
 export * from './dto/requests/verify-totp-setup.request.dto';
 export * from './dto/responses/auth.response.dto';
+export * from './dto/responses/auth-cookie.response.dto';
+export * from './dto/responses/verify-otp.response.dto';
+export * from './dto/responses/mfa-status.response.dto';
+export * from './dto/responses/client-config.response.dto';
+// Entities
+export * from './entities/otp.entity';
+export * from './entities/mfa-secret.entity';

package/src/lib/auth/interceptors/refresh-token.interceptor.ts ADDED Viewed

@@ -0,0 +1,117 @@
+import { Injectable, NestInterceptor, ExecutionContext, CallHandler } from '@nestjs/common';
+import { Observable, throwError } from 'rxjs';
+import { catchError } from 'rxjs/operators';
+import { Request, Response } from 'express';
+import { AuthService } from '../services/auth.service';
+import { CookieService } from '../services/cookie.service';
+import { JwtService } from '../../core/services/jwt.service';
+import { AuthConfigService } from '../../core/services/auth-config.service';
+import { REFRESH_TOKEN_COOKIE_NAME, UNAUTHORIZED_EXCEPTION_CODE } from '../../auth.constants';
+/**
+ * RefreshTokenInterceptor
+ *
+ * Automatically handles token refresh when access token is expired.
+ * This interceptor runs before guards and catches token expiration errors,
+ * attempting to refresh the token transparently.
+ *
+ * Token delivery method (header vs cookie) respects the `accessTokenType` configuration:
+ * - If `accessTokenType: 'header'` (default): Updates Authorization header only
+ * - If `accessTokenType: 'cookie'`: Sets tokens in cookies
+ *
+ * Apply this globally to handle token refresh across your entire application.
+ *
+ * @example
+ * ```typescript
+ * // In AppModule or NestAuthModule configuration
+ * providers: [
+ *   {
+ *     provide: APP_INTERCEPTOR,
+ *     useClass: RefreshTokenInterceptor,
+ *   },
+ * ]
+ * ```
+ */
+@Injectable()
+export class RefreshTokenInterceptor implements NestInterceptor {
+    constructor(
+        private readonly authService: AuthService,
+        private readonly cookieService: CookieService,
+        private readonly jwtService: JwtService,
+        private readonly authConfig: AuthConfigService,
+    ) { }
+    async intercept(context: ExecutionContext, next: CallHandler): Promise<Observable<any>> {
+        const request = context.switchToHttp().getRequest<Request>();
+        const response = context.switchToHttp().getResponse<Response>();
+        // Extract access token from Authorization header
+        const authHeader = request.headers.authorization;
+        if (!authHeader || !authHeader.startsWith('Bearer ')) {
+            // No bearer token, proceed normally
+            return next.handle();
+        }
+        const accessToken = authHeader.split(' ')[1];
+        if (!accessToken) {
+            return next.handle();
+        }
+        // Try to verify the access token
+        try {
+            await this.jwtService.verifyToken(accessToken);
+            // Token is valid, proceed normally
+            return next.handle();
+        } catch (error) {
+            // Token is invalid or expired, try to refresh
+            const refreshToken = this.extractRefreshToken(request);
+            if (!refreshToken) {
+                // No refresh token available, let the guard handle it
+                return next.handle();
+            }
+            try {
+                // Attempt to refresh the token
+                const newSession = await this.authService.refreshToken(refreshToken);
+                // Get auth configuration
+                const config = this.authConfig.getConfig();
+                const useCookies = config.accessTokenType === 'cookie';
+                if (useCookies) {
+                    // Cookie-based auth: Set tokens in cookies
+                    this.cookieService.setTokens(response, newSession.accessToken, newSession.refreshToken);
+                } else {
+                    // Header-based auth (default): Update Authorization header only
+                    request.headers.authorization = `Bearer ${newSession.accessToken}`;
+                }
+                // Proceed with the new token
+                return next.handle();
+            } catch (refreshError) {
+                // Refresh failed, let the guard handle the authentication failure
+                return next.handle();
+            }
+        }
+    }
+    /**
+     * Extract refresh token from cookies or headers
+     */
+    private extractRefreshToken(request: Request): string | null {
+        // Try to get refresh token from cookies
+        const tokenFromCookie = request.cookies?.[REFRESH_TOKEN_COOKIE_NAME];
+        if (tokenFromCookie) {
+            return tokenFromCookie;
+        }
+        // If not in cookies, try the custom header
+        const authHeader = request.headers['x-refresh-token'];
+        if (authHeader) {
+            return authHeader as string;
+        }
+        return null;
+    }
+}