npm - @ackplus/nest-auth - Versions diffs - 0.1.51 → 1.1.0 - Mend

@ackplus/nest-auth 0.1.51 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (505) hide show

package/README.md +6 -513
package/eslint.config.mjs +59 -0
package/jest.config.ts +10 -0
package/package.json +14 -44
package/project.json +86 -0
package/src/index.ts +30 -0
package/src/lib/admin-console/admin-console.module.ts +62 -0
package/src/lib/admin-console/controllers/admin-auth.controller.ts +339 -0
package/src/lib/admin-console/controllers/admin-console.controller.ts +82 -0
package/src/lib/admin-console/controllers/admin-permissions.controller.ts +180 -0
package/src/lib/admin-console/controllers/admin-roles.controller.ts +89 -0
package/src/lib/admin-console/controllers/admin-tenants.controller.ts +68 -0
package/src/lib/admin-console/controllers/admin-users.controller.ts +379 -0
package/src/lib/admin-console/decorators/current-admin.decorator.ts +9 -0
package/src/lib/admin-console/dto/admin-permission.dto.ts +106 -0
package/src/lib/admin-console/dto/admin-role.dto.ts +45 -0
package/src/lib/admin-console/dto/admin-tenant.dto.ts +43 -0
package/src/lib/admin-console/dto/admin-user.dto.ts +87 -0
package/src/lib/admin-console/dto/create-dashboard-admin.dto.ts +34 -0
package/src/lib/admin-console/dto/login.dto.ts +10 -0
package/src/lib/admin-console/dto/reset-password.dto.ts +21 -0
package/src/lib/admin-console/dto/setup-admin.dto.ts +23 -0
package/src/lib/admin-console/dto/signup.dto.ts +51 -0
package/src/lib/admin-console/entities/admin-user.entity.ts +74 -0
package/src/lib/admin-console/guards/admin-session.guard.ts +47 -0
package/src/lib/admin-console/services/admin-auth.service.ts +82 -0
package/src/lib/admin-console/services/admin-console-config.service.ts +62 -0
package/src/lib/admin-console/services/admin-session.service.ts +106 -0
package/src/lib/admin-console/services/admin-user.service.ts +96 -0
package/src/lib/admin-console/static/index.html +771 -0
package/src/lib/auth/auth.module.ts +58 -0
package/src/lib/auth/controllers/auth.controller.ts +393 -0
package/src/lib/auth/controllers/mfa.controller.ts +200 -0
package/src/lib/auth/dto/credentials/email-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/phone-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/social-credentials.dto.ts +15 -0
package/src/lib/auth/dto/index.ts +1 -0
package/src/lib/auth/dto/requests/change-password.request.dto.ts +34 -0
package/src/lib/auth/dto/requests/forgot-password.request.dto.ts +30 -0
package/src/lib/auth/dto/requests/initialize-admin.request.dto.ts +51 -0
package/src/lib/auth/dto/requests/login.request.dto.ts +65 -0
package/src/lib/auth/dto/requests/refresh-token.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/reset-password-with-token.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/reset-password.request.dto.ts +50 -0
package/src/lib/auth/dto/requests/send-email-verification.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.ts +19 -0
package/src/lib/auth/dto/requests/signup.request.dto.ts +42 -0
package/src/lib/auth/dto/requests/toggle-mfa.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/verify-2fa.request.dto.ts +24 -0
package/src/lib/auth/dto/requests/verify-email.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.ts +41 -0
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.ts +22 -0
package/src/lib/auth/dto/responses/auth-cookie.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth-success.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth.response.dto.ts +99 -0
package/src/lib/auth/dto/responses/client-config.response.dto.ts +153 -0
package/src/lib/auth/dto/responses/initialize-admin.response.dto.ts +22 -0
package/src/lib/auth/dto/responses/mfa-code-response.dto.ts +27 -0
package/src/lib/auth/dto/responses/mfa-status.response.dto.ts +89 -0
package/src/lib/auth/dto/responses/verify-otp.response.dto.ts +9 -0
package/src/lib/auth/entities/mfa-secret.entity.ts +33 -0
package/src/lib/auth/entities/otp.entity.ts +33 -0
package/src/lib/auth/events/{logged-out-all.event.d.ts → logged-out-all.event.ts} +6 -3
package/src/lib/auth/events/{logged-out.event.d.ts → logged-out.event.ts} +5 -3
package/src/lib/auth/events/{password-reset-requested.event.d.ts → password-reset-requested.event.ts} +6 -3
package/src/lib/auth/events/{password-reset.event.d.ts → password-reset.event.ts} +6 -3
package/src/lib/auth/events/{user-2fa-verified.event.d.ts → user-2fa-verified.event.ts} +6 -3
package/src/lib/auth/events/{user-logged-in.event.d.ts → user-logged-in.event.ts} +7 -3
package/src/lib/auth/events/{user-refresh-token.event.d.ts → user-refresh-token.event.ts} +6 -3
package/src/lib/auth/events/{user-registered.event.d.ts → user-registered.event.ts} +7 -3
package/src/lib/auth/guards/auth.guard.ts +386 -0
package/src/lib/auth/{index.d.ts → index.ts} +28 -1
package/src/lib/auth/interceptors/refresh-token.interceptor.ts +117 -0
package/src/lib/auth/services/auth.service.ts +947 -0
package/src/lib/auth/services/client-config.service.ts +157 -0
package/src/lib/auth/services/cookie.service.ts +43 -0
package/src/lib/auth/services/mfa.service.ts +391 -0
package/src/lib/auth.constants.ts +63 -0
package/src/lib/core/core.module.ts +50 -0
package/src/lib/core/decorators/auth.decorator.ts +38 -0
package/src/lib/core/decorators/permissions.decorator.ts +17 -0
package/src/lib/core/decorators/public.decorator.ts +33 -0
package/src/lib/core/decorators/role.decorator.ts +12 -0
package/src/lib/core/decorators/skip-mfa.decorator.ts +4 -0
package/src/lib/core/dto/message.response.dto.ts +6 -0
package/src/lib/core/{entities.d.ts → entities.ts} +18 -1
package/src/lib/core/{index.d.ts → index.ts} +17 -0
package/src/lib/core/interfaces/auth-module-options.interface.ts +211 -0
package/src/lib/core/interfaces/mfa-options.interface.ts +46 -0
package/src/lib/core/interfaces/otp.interface.ts +6 -0
package/src/lib/core/interfaces/session-options.interface.ts +19 -0
package/src/lib/core/interfaces/{token-payload.interface.d.ts → token-payload.interface.ts} +4 -1
package/src/lib/core/providers/apple-auth.provider.ts +61 -0
package/src/lib/core/providers/base-auth.provider.ts +74 -0
package/src/lib/core/providers/email-auth.provider.ts +71 -0
package/src/lib/core/providers/facebook-auth.provider.ts +55 -0
package/src/lib/core/providers/github-auth.provider.ts +79 -0
package/src/lib/core/providers/google-auth.provider.ts +61 -0
package/src/lib/core/providers/jwt-auth.provider.ts +50 -0
package/src/lib/core/providers/phone-auth.provider.ts +45 -0
package/src/lib/core/services/auth-config.service.ts +184 -0
package/src/lib/core/services/auth-provider-registry.service.ts +93 -0
package/src/lib/core/services/{debug-logger.service.js → debug-logger.service.ts} +92 -59
package/src/lib/core/services/initialization.service.ts +29 -0
package/src/lib/core/services/jwt.service.ts +137 -0
package/src/lib/nest-auth.module.ts +152 -0
package/src/lib/permission/entities/permission.entity.ts +56 -0
package/src/lib/permission/index.ts +4 -0
package/src/lib/permission/permission.module.ts +14 -0
package/src/lib/permission/services/permission.service.ts +233 -0
package/src/lib/request-context/index.ts +2 -0
package/src/lib/request-context/request-context.middleware.ts +13 -0
package/src/lib/request-context/{request-context.js → request-context.ts} +51 -27
package/src/lib/role/entities/role.entity.ts +103 -0
package/src/lib/role/{index.d.ts → index.ts} +2 -0
package/src/lib/role/role.module.ts +15 -0
package/src/lib/role/services/{role.service.js → role.service.ts} +117 -52
package/src/lib/session/entities/session.entity.ts +54 -0
package/src/lib/session/index.ts +20 -0
package/src/lib/session/interfaces/session-repository.interface.ts +58 -0
package/src/lib/session/repositories/base-session.repository.ts +74 -0
package/src/lib/session/repositories/memory-session.repository.ts +153 -0
package/src/lib/session/repositories/redis-session.repository.ts +171 -0
package/src/lib/session/repositories/typeorm-session.repository.ts +86 -0
package/src/lib/session/services/session-manager.service.ts +261 -0
package/src/lib/session/session.module.ts +102 -0
package/src/lib/session/utils/session.util.ts +166 -0
package/src/lib/tenant/entities/tenant.entity.ts +40 -0
package/src/lib/tenant/events/tenant-created.event.ts +9 -0
package/src/lib/tenant/events/tenant-deleted.event.ts +11 -0
package/src/lib/tenant/events/{tenant-updated.event.d.ts → tenant-updated.event.ts} +6 -3
package/src/lib/tenant/index.ts +9 -0
package/src/lib/tenant/services/tenant.service.ts +336 -0
package/src/lib/tenant/tenant.module.ts +19 -0
package/src/lib/types/express.d.ts +14 -0
package/src/lib/user/dto/requests/update-user.dto.ts +15 -0
package/src/lib/user/entities/access-key.entity.ts +53 -0
package/src/lib/user/entities/identity.entity.ts +31 -0
package/src/lib/user/entities/user.entity.ts +212 -0
package/src/lib/user/events/{user-created.event.d.ts → user-created.event.ts} +4 -3
package/src/lib/user/events/{user-deleted.event.d.ts → user-deleted.event.ts} +6 -3
package/src/lib/user/events/{user-updated.event.d.ts → user-updated.event.ts} +6 -3
package/src/lib/user/index.ts +11 -0
package/src/lib/user/services/access-key.service.ts +145 -0
package/src/lib/user/services/{user.service.js → user.service.ts} +199 -95
package/src/lib/user/user.module.ts +26 -0
package/src/lib/utils/database.utils.ts +6 -0
package/src/lib/utils/date.util.ts +106 -0
package/src/lib/utils/device.util.ts +111 -0
package/src/lib/utils/index.ts +6 -0
package/src/lib/utils/otp.ts +3 -0
package/src/lib/utils/security.util.ts +27 -0
package/src/lib/utils/slug.util.ts +58 -0
package/src/types/ms.d.ts +1 -0
package/test/access-key.service.spec.ts +204 -0
package/test/auth.service.spec.ts +541 -0
package/test/mfa.service.spec.ts +359 -0
package/test/role.service.spec.ts +418 -0
package/test/tenant.service.spec.ts +218 -0
package/test/test.setup.ts +66 -0
package/test/user.service.spec.ts +374 -0
package/tsconfig.json +17 -0
package/tsconfig.lib.json +15 -0
package/tsconfig.spec.json +15 -0
package/tsconfig.tsbuildinfo +1 -1
package/ui/.env +1 -0
package/ui/.env.example +1 -0
package/ui/.eslintignore +7 -0
package/ui/README.md +288 -0
package/ui/index.html +17 -0
package/ui/package.json +34 -0
package/ui/postcss.config.js +6 -0
package/ui/src/App.tsx +245 -0
package/ui/src/components/AuthGuard.tsx +59 -0
package/ui/src/components/AuthProvider.tsx +76 -0
package/ui/src/components/Button.tsx +37 -0
package/ui/src/components/Card.tsx +37 -0
package/ui/src/components/ErrorMessage.tsx +15 -0
package/ui/src/components/FormDialog.tsx +61 -0
package/ui/src/components/FormFooter.tsx +37 -0
package/ui/src/components/Layout.tsx +112 -0
package/ui/src/components/LoadingMessage.tsx +11 -0
package/ui/src/components/Modal.tsx +97 -0
package/ui/src/components/MultiSelect.tsx +145 -0
package/ui/src/components/PageHeader.tsx +42 -0
package/ui/src/components/PanelHeader.tsx +28 -0
package/ui/src/components/PermissionInput.tsx +473 -0
package/ui/src/components/SearchInput.tsx +69 -0
package/ui/src/components/Select.tsx +51 -0
package/ui/src/components/SwaggerUIWrapper.tsx +316 -0
package/ui/src/components/Table.tsx +207 -0
package/ui/src/components/Tag.tsx +9 -0
package/ui/src/components/TagsInput.tsx +96 -0
package/ui/src/components/admin/AdminForm.tsx +170 -0
package/ui/src/components/admin/CreateAdminDialog.tsx +38 -0
package/ui/src/components/auth/LoginFooter.tsx +17 -0
package/ui/src/components/auth/LoginHeader.tsx +14 -0
package/ui/src/components/auth/components/CodeBlock.tsx +43 -0
package/ui/src/components/auth/components/CreateAccountCodeExamples.tsx +60 -0
package/ui/src/components/auth/components/PasswordRequirements.tsx +16 -0
package/ui/src/components/auth/components/PasswordStrengthIndicator.tsx +48 -0
package/ui/src/components/auth/components/ResetPasswordCodeExamples.tsx +76 -0
package/ui/src/components/auth/components/Tabs.tsx +32 -0
package/ui/src/components/auth/dialogs/CreateAccountDialog.tsx +79 -0
package/ui/src/components/auth/dialogs/ForgotPasswordDialog.tsx +79 -0
package/ui/src/components/auth/forms/CreateAccountForm.tsx +226 -0
package/ui/src/components/auth/forms/LoginForm.tsx +149 -0
package/ui/src/components/auth/forms/ResetPasswordForm.tsx +202 -0
package/ui/src/components/auth/types.ts +17 -0
package/ui/src/components/auth/utils/security.ts +82 -0
package/ui/src/components/auth/utils/utils.ts +25 -0
package/ui/src/components/form/EmailField.tsx +25 -0
package/ui/src/components/form/FormField.tsx +102 -0
package/ui/src/components/form/FormMultiSelect.tsx +46 -0
package/ui/src/components/form/FormSelect.tsx +60 -0
package/ui/src/components/form/FormTagsInput.tsx +42 -0
package/ui/src/components/form/FormTextarea.tsx +42 -0
package/ui/src/components/form/PasswordField.tsx +93 -0
package/ui/src/components/form/SecretKeyField.tsx +49 -0
package/ui/src/components/permission/CreatePermissionDialog.tsx +44 -0
package/ui/src/components/permission/EditPermissionDialog.tsx +55 -0
package/ui/src/components/permission/PermissionForm.tsx +251 -0
package/ui/src/components/role/CreateRoleDialog.tsx +45 -0
package/ui/src/components/role/EditRoleDialog.tsx +55 -0
package/ui/src/components/role/RoleDialog.tsx +252 -0
package/ui/src/components/role/RoleForm.tsx +246 -0
package/ui/src/components/tenant/CreateTenantDialog.tsx +41 -0
package/ui/src/components/tenant/EditTenantDialog.tsx +52 -0
package/ui/src/components/tenant/TenantForm.tsx +160 -0
package/ui/src/components/user/CreateUserDialog.tsx +45 -0
package/ui/src/components/user/UserDetailModal.tsx +815 -0
package/ui/src/components/user/UserForm.tsx +191 -0
package/ui/src/data/nest-auth.json +1687 -0
package/ui/src/hooks/useApi.ts +69 -0
package/ui/src/hooks/useAuth.ts +100 -0
package/ui/src/hooks/useConfirm.tsx +105 -0
package/ui/src/hooks/useFormFooter.tsx +42 -0
package/ui/src/hooks/usePagination.ts +69 -0
package/ui/src/index.css +59 -0
package/ui/src/main.tsx +13 -0
package/ui/src/pages/AdminsPage.tsx +178 -0
package/ui/src/pages/ApiPage.tsx +89 -0
package/ui/src/pages/DashboardPage.tsx +281 -0
package/ui/src/pages/LoginPage.tsx +39 -0
package/ui/src/pages/PermissionsPage.tsx +376 -0
package/ui/src/pages/RolesPage.tsx +274 -0
package/ui/src/pages/TenantsPage.tsx +221 -0
package/ui/src/pages/UsersPage.tsx +387 -0
package/ui/src/services/api.ts +115 -0
package/ui/src/types/index.ts +136 -0
package/ui/src/vite-env.d.ts +9 -0
package/ui/tailwind.config.js +45 -0
package/ui/tsconfig.json +24 -0
package/ui/tsconfig.node.json +10 -0
package/ui/vite.config.ts +37 -0
package/ui/yarn.lock +3137 -0
package/src/index.d.ts +0 -11
package/src/index.js +0 -18
package/src/index.js.map +0 -1
package/src/lib/auth/auth.module.d.ts +0 -2
package/src/lib/auth/auth.module.js +0 -54
package/src/lib/auth/auth.module.js.map +0 -1
package/src/lib/auth/controllers/auth.controller.d.ts +0 -29
package/src/lib/auth/controllers/auth.controller.js +0 -206
package/src/lib/auth/controllers/auth.controller.js.map +0 -1
package/src/lib/auth/controllers/mfa.controller.d.ts +0 -23
package/src/lib/auth/controllers/mfa.controller.js +0 -131
package/src/lib/auth/controllers/mfa.controller.js.map +0 -1
package/src/lib/auth/dto/index.d.ts +0 -0
package/src/lib/auth/dto/index.js +0 -1
package/src/lib/auth/dto/index.js.map +0 -1
package/src/lib/auth/dto/requests/forgot-password.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/forgot-password.request.dto.js +0 -30
package/src/lib/auth/dto/requests/forgot-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/login.request.dto.d.ts +0 -6
package/src/lib/auth/dto/requests/login.request.dto.js +0 -38
package/src/lib/auth/dto/requests/login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/refresh-token.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/refresh-token.request.dto.js +0 -15
package/src/lib/auth/dto/requests/refresh-token.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/reset-password.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/reset-password.request.dto.js +0 -42
package/src/lib/auth/dto/requests/reset-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js +0 -16
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/signup.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/signup.request.dto.js +0 -37
package/src/lib/auth/dto/requests/signup.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/social-login.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/social-login.request.dto.js +0 -16
package/src/lib/auth/dto/requests/social-login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-2fa.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js +0 -21
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.d.ts +0 -6
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js +0 -35
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js +0 -20
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js.map +0 -1
package/src/lib/auth/dto/responses/auth.response.dto.d.ts +0 -16
package/src/lib/auth/dto/responses/auth.response.dto.js +0 -50
package/src/lib/auth/dto/responses/auth.response.dto.js.map +0 -1
package/src/lib/auth/entities/mfa-secret.entity.d.ts +0 -12
package/src/lib/auth/entities/mfa-secret.entity.js +0 -50
package/src/lib/auth/entities/mfa-secret.entity.js.map +0 -1
package/src/lib/auth/entities/otp.entity.d.ts +0 -13
package/src/lib/auth/entities/otp.entity.js +0 -50
package/src/lib/auth/entities/otp.entity.js.map +0 -1
package/src/lib/auth/events/logged-out-all.event.js +0 -10
package/src/lib/auth/events/logged-out-all.event.js.map +0 -1
package/src/lib/auth/events/logged-out.event.js +0 -10
package/src/lib/auth/events/logged-out.event.js.map +0 -1
package/src/lib/auth/events/password-reset-requested.event.js +0 -10
package/src/lib/auth/events/password-reset-requested.event.js.map +0 -1
package/src/lib/auth/events/password-reset.event.js +0 -10
package/src/lib/auth/events/password-reset.event.js.map +0 -1
package/src/lib/auth/events/user-2fa-verified.event.js +0 -10
package/src/lib/auth/events/user-2fa-verified.event.js.map +0 -1
package/src/lib/auth/events/user-logged-in.event.js +0 -10
package/src/lib/auth/events/user-logged-in.event.js.map +0 -1
package/src/lib/auth/events/user-refresh-token.event.js +0 -10
package/src/lib/auth/events/user-refresh-token.event.js.map +0 -1
package/src/lib/auth/events/user-registered.event.js +0 -10
package/src/lib/auth/events/user-registered.event.js.map +0 -1
package/src/lib/auth/guards/auth.guard.d.ts +0 -28
package/src/lib/auth/guards/auth.guard.js +0 -304
package/src/lib/auth/guards/auth.guard.js.map +0 -1
package/src/lib/auth/index.js +0 -31
package/src/lib/auth/index.js.map +0 -1
package/src/lib/auth/services/auth.service.d.ts +0 -53
package/src/lib/auth/services/auth.service.js +0 -522
package/src/lib/auth/services/auth.service.js.map +0 -1
package/src/lib/auth/services/cookie.service.d.ts +0 -9
package/src/lib/auth/services/cookie.service.js +0 -43
package/src/lib/auth/services/cookie.service.js.map +0 -1
package/src/lib/auth/services/mfa.service.d.ts +0 -38
package/src/lib/auth/services/mfa.service.js +0 -254
package/src/lib/auth/services/mfa.service.js.map +0 -1
package/src/lib/auth.constants.d.ts +0 -39
package/src/lib/auth.constants.js +0 -43
package/src/lib/auth.constants.js.map +0 -1
package/src/lib/core/core.module.d.ts +0 -2
package/src/lib/core/core.module.js +0 -53
package/src/lib/core/core.module.js.map +0 -1
package/src/lib/core/decorators/auth.decorator.d.ts +0 -1
package/src/lib/core/decorators/auth.decorator.js +0 -8
package/src/lib/core/decorators/auth.decorator.js.map +0 -1
package/src/lib/core/decorators/permissions.decorator.d.ts +0 -2
package/src/lib/core/decorators/permissions.decorator.js +0 -14
package/src/lib/core/decorators/permissions.decorator.js.map +0 -1
package/src/lib/core/decorators/role.decorator.d.ts +0 -3
package/src/lib/core/decorators/role.decorator.js +0 -14
package/src/lib/core/decorators/role.decorator.js.map +0 -1
package/src/lib/core/decorators/skip-mfa.decorator.d.ts +0 -2
package/src/lib/core/decorators/skip-mfa.decorator.js +0 -8
package/src/lib/core/decorators/skip-mfa.decorator.js.map +0 -1
package/src/lib/core/dto/message.response.dto.d.ts +0 -3
package/src/lib/core/dto/message.response.dto.js +0 -13
package/src/lib/core/dto/message.response.dto.js.map +0 -1
package/src/lib/core/entities.js +0 -31
package/src/lib/core/entities.js.map +0 -1
package/src/lib/core/index.js +0 -27
package/src/lib/core/index.js.map +0 -1
package/src/lib/core/interfaces/auth-module-options.interface.d.ts +0 -62
package/src/lib/core/interfaces/auth-module-options.interface.js +0 -3
package/src/lib/core/interfaces/auth-module-options.interface.js.map +0 -1
package/src/lib/core/interfaces/mfa-options.interface.d.ts +0 -25
package/src/lib/core/interfaces/mfa-options.interface.js +0 -10
package/src/lib/core/interfaces/mfa-options.interface.js.map +0 -1
package/src/lib/core/interfaces/otp.interface.d.ts +0 -5
package/src/lib/core/interfaces/otp.interface.js +0 -10
package/src/lib/core/interfaces/otp.interface.js.map +0 -1
package/src/lib/core/interfaces/session-options.interface.d.ts +0 -12
package/src/lib/core/interfaces/session-options.interface.js +0 -9
package/src/lib/core/interfaces/session-options.interface.js.map +0 -1
package/src/lib/core/interfaces/token-payload.interface.js +0 -3
package/src/lib/core/interfaces/token-payload.interface.js.map +0 -1
package/src/lib/core/providers/apple-auth.provider.d.ts +0 -18
package/src/lib/core/providers/apple-auth.provider.js +0 -57
package/src/lib/core/providers/apple-auth.provider.js.map +0 -1
package/src/lib/core/providers/base-auth.provider.d.ts +0 -26
package/src/lib/core/providers/base-auth.provider.js +0 -43
package/src/lib/core/providers/base-auth.provider.js.map +0 -1
package/src/lib/core/providers/email-auth.provider.d.ts +0 -17
package/src/lib/core/providers/email-auth.provider.js +0 -40
package/src/lib/core/providers/email-auth.provider.js.map +0 -1
package/src/lib/core/providers/facebook-auth.provider.d.ts +0 -18
package/src/lib/core/providers/facebook-auth.provider.js +0 -56
package/src/lib/core/providers/facebook-auth.provider.js.map +0 -1
package/src/lib/core/providers/google-auth.provider.d.ts +0 -21
package/src/lib/core/providers/google-auth.provider.js +0 -58
package/src/lib/core/providers/google-auth.provider.js.map +0 -1
package/src/lib/core/providers/jwt-auth.provider.d.ts +0 -33
package/src/lib/core/providers/jwt-auth.provider.js +0 -50
package/src/lib/core/providers/jwt-auth.provider.js.map +0 -1
package/src/lib/core/providers/phone-auth.provider.d.ts +0 -18
package/src/lib/core/providers/phone-auth.provider.js +0 -43
package/src/lib/core/providers/phone-auth.provider.js.map +0 -1
package/src/lib/core/services/auth-config.service.d.ts +0 -12
package/src/lib/core/services/auth-config.service.js +0 -79
package/src/lib/core/services/auth-config.service.js.map +0 -1
package/src/lib/core/services/auth-provider-registry.service.d.ts +0 -24
package/src/lib/core/services/auth-provider-registry.service.js +0 -71
package/src/lib/core/services/auth-provider-registry.service.js.map +0 -1
package/src/lib/core/services/debug-logger.service.d.ts +0 -38
package/src/lib/core/services/debug-logger.service.js.map +0 -1
package/src/lib/core/services/initialization.service.d.ts +0 -10
package/src/lib/core/services/initialization.service.js +0 -34
package/src/lib/core/services/initialization.service.js.map +0 -1
package/src/lib/core/services/jwt.service.d.ts +0 -14
package/src/lib/core/services/jwt.service.js +0 -92
package/src/lib/core/services/jwt.service.js.map +0 -1
package/src/lib/nest-auth.module.d.ts +0 -11
package/src/lib/nest-auth.module.js +0 -177
package/src/lib/nest-auth.module.js.map +0 -1
package/src/lib/request-context/request-context.d.ts +0 -22
package/src/lib/request-context/request-context.js.map +0 -1
package/src/lib/request-context/request-context.middleware.d.ts +0 -4
package/src/lib/request-context/request-context.middleware.js +0 -16
package/src/lib/request-context/request-context.middleware.js.map +0 -1
package/src/lib/role/entities/role.entity.d.ts +0 -20
package/src/lib/role/entities/role.entity.js +0 -110
package/src/lib/role/entities/role.entity.js.map +0 -1
package/src/lib/role/index.js +0 -5
package/src/lib/role/index.js.map +0 -1
package/src/lib/role/role.module.d.ts +0 -2
package/src/lib/role/role.module.js +0 -23
package/src/lib/role/role.module.js.map +0 -1
package/src/lib/role/services/role.service.d.ts +0 -20
package/src/lib/role/services/role.service.js.map +0 -1
package/src/lib/session/entities/session.entity.d.ts +0 -16
package/src/lib/session/entities/session.entity.js +0 -63
package/src/lib/session/entities/session.entity.js.map +0 -1
package/src/lib/session/index.d.ts +0 -3
package/src/lib/session/index.js +0 -7
package/src/lib/session/index.js.map +0 -1
package/src/lib/session/services/base-session.service.d.ts +0 -23
package/src/lib/session/services/base-session.service.js +0 -64
package/src/lib/session/services/base-session.service.js.map +0 -1
package/src/lib/session/services/database-session.service.d.ts +0 -17
package/src/lib/session/services/database-session.service.js +0 -51
package/src/lib/session/services/database-session.service.js.map +0 -1
package/src/lib/session/services/redis-session.service.d.ts +0 -20
package/src/lib/session/services/redis-session.service.js +0 -117
package/src/lib/session/services/redis-session.service.js.map +0 -1
package/src/lib/session/session.module.d.ts +0 -2
package/src/lib/session/session.module.js +0 -33
package/src/lib/session/session.module.js.map +0 -1
package/src/lib/tenant/entities/tenant.entity.d.ts +0 -10
package/src/lib/tenant/entities/tenant.entity.js +0 -44
package/src/lib/tenant/entities/tenant.entity.js.map +0 -1
package/src/lib/tenant/events/tenant-created.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-created.event.js +0 -10
package/src/lib/tenant/events/tenant-created.event.js.map +0 -1
package/src/lib/tenant/events/tenant-deleted.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-deleted.event.js +0 -10
package/src/lib/tenant/events/tenant-deleted.event.js.map +0 -1
package/src/lib/tenant/events/tenant-updated.event.js +0 -10
package/src/lib/tenant/events/tenant-updated.event.js.map +0 -1
package/src/lib/tenant/index.d.ts +0 -1
package/src/lib/tenant/index.js +0 -5
package/src/lib/tenant/index.js.map +0 -1
package/src/lib/tenant/services/tenant.service.d.ts +0 -26
package/src/lib/tenant/services/tenant.service.js +0 -200
package/src/lib/tenant/services/tenant.service.js.map +0 -1
package/src/lib/tenant/tenant.module.d.ts +0 -2
package/src/lib/tenant/tenant.module.js +0 -27
package/src/lib/tenant/tenant.module.js.map +0 -1
package/src/lib/user/dto/requests/update-user.dto.d.ts +0 -5
package/src/lib/user/dto/requests/update-user.dto.js +0 -24
package/src/lib/user/dto/requests/update-user.dto.js.map +0 -1
package/src/lib/user/entities/access-key.entity.d.ts +0 -16
package/src/lib/user/entities/access-key.entity.js +0 -63
package/src/lib/user/entities/access-key.entity.js.map +0 -1
package/src/lib/user/entities/identity.entity.d.ts +0 -12
package/src/lib/user/entities/identity.entity.js +0 -47
package/src/lib/user/entities/identity.entity.js.map +0 -1
package/src/lib/user/entities/user.entity.d.ts +0 -39
package/src/lib/user/entities/user.entity.js +0 -201
package/src/lib/user/entities/user.entity.js.map +0 -1
package/src/lib/user/events/user-created.event.js +0 -10
package/src/lib/user/events/user-created.event.js.map +0 -1
package/src/lib/user/events/user-deleted.event.js +0 -10
package/src/lib/user/events/user-deleted.event.js.map +0 -1
package/src/lib/user/events/user-updated.event.js +0 -10
package/src/lib/user/events/user-updated.event.js.map +0 -1
package/src/lib/user/index.d.ts +0 -3
package/src/lib/user/index.js +0 -7
package/src/lib/user/index.js.map +0 -1
package/src/lib/user/services/access-key.service.d.ts +0 -19
package/src/lib/user/services/access-key.service.js +0 -119
package/src/lib/user/services/access-key.service.js.map +0 -1
package/src/lib/user/services/user.service.d.ts +0 -24
package/src/lib/user/services/user.service.js.map +0 -1
package/src/lib/user/user.module.d.ts +0 -2
package/src/lib/user/user.module.js +0 -34
package/src/lib/user/user.module.js.map +0 -1
package/src/lib/utils/database.utils.d.ts +0 -2
package/src/lib/utils/database.utils.js +0 -8
package/src/lib/utils/database.utils.js.map +0 -1
package/src/lib/utils/otp.d.ts +0 -1
package/src/lib/utils/otp.js +0 -7
package/src/lib/utils/otp.js.map +0 -1

package/src/lib/auth/services/client-config.service.ts ADDED Viewed

@@ -0,0 +1,157 @@
+import { Injectable } from '@nestjs/common';
+import { AuthConfigService } from '../../core/services/auth-config.service';
+import { TenantService } from '../../tenant/services/tenant.service';
+import { ClientConfigResponseDto } from '../dto/responses/client-config.response.dto';
+@Injectable()
+export class ClientConfigService {
+    constructor(
+        private readonly authConfig: AuthConfigService,
+        private readonly tenantService: TenantService,
+    ) { }
+    async getClientConfig(): Promise<ClientConfigResponseDto> {
+        const config = this.authConfig.getConfig();
+        const tenants = await this.fetchTenants();
+        const defaultTenantId = await this.resolveDefaultTenantId(config.defaultTenant);
+        // Build SSO providers
+        const ssoProviders = [];
+        if (config.google) {
+            const googleAuthUrl = new URL('https://accounts.google.com/o/oauth2/v2/auth');
+            googleAuthUrl.searchParams.set('client_id', config.google.clientId);
+            googleAuthUrl.searchParams.set('redirect_uri', config.google.redirectUri);
+            googleAuthUrl.searchParams.set('response_type', 'code');
+            googleAuthUrl.searchParams.set('scope', 'openid email profile');
+            googleAuthUrl.searchParams.set('access_type', 'offline');
+            googleAuthUrl.searchParams.set('prompt', 'consent');
+            ssoProviders.push({
+                id: 'google',
+                name: 'Google',
+                logoUrl: 'https://www.gstatic.com/firebasejs/ui/2.0.0/images/auth/google.svg',
+                hint: 'Sign in with Google',
+                clientId: config.google.clientId,
+                authorizationUrl: googleAuthUrl.toString(),
+            });
+        }
+        if (config.facebook) {
+            const facebookAuthUrl = new URL('https://www.facebook.com/v18.0/dialog/oauth');
+            facebookAuthUrl.searchParams.set('client_id', config.facebook.appId);
+            facebookAuthUrl.searchParams.set('redirect_uri', config.facebook.redirectUri);
+            facebookAuthUrl.searchParams.set('scope', 'email');
+            facebookAuthUrl.searchParams.set('response_type', 'code');
+            ssoProviders.push({
+                id: 'facebook',
+                name: 'Facebook',
+                logoUrl: 'https://www.gstatic.com/firebasejs/ui/2.0.0/images/auth/facebook.svg',
+                hint: 'Sign in with Facebook',
+                clientId: config.facebook.appId,
+                authorizationUrl: facebookAuthUrl.toString(),
+            });
+        }
+        if (config.apple) {
+            ssoProviders.push({
+                id: 'apple',
+                name: 'Apple',
+                logoUrl: undefined,
+                hint: 'Sign in with Apple',
+            });
+        }
+        if (config.github) {
+            const githubAuthUrl = new URL('https://github.com/login/oauth/authorize');
+            githubAuthUrl.searchParams.set('client_id', config.github.clientId);
+            githubAuthUrl.searchParams.set('redirect_uri', config.github.redirectUri);
+            githubAuthUrl.searchParams.set('scope', 'user:email');
+            githubAuthUrl.searchParams.set('response_type', 'code');
+            ssoProviders.push({
+                id: 'github',
+                name: 'GitHub',
+                logoUrl: 'https://github.githubassets.com/images/modules/logos_page/GitHub-Mark.png',
+                hint: 'Sign in with GitHub',
+                clientId: config.github.clientId,
+                authorizationUrl: githubAuthUrl.toString(),
+            });
+        }
+        // Build default config
+        const defaultConfig: ClientConfigResponseDto = {
+            emailAuth: {
+                enabled: config.emailAuth?.enabled ?? false,
+            },
+            phoneAuth: {
+                enabled: config.phoneAuth?.enabled ?? false,
+            },
+            registration: {
+                enabled: config.registration?.enabled !== false, // Default to true unless explicitly disabled
+                requireInvitation: config.registration?.requireInvitation ?? false,
+                collectProfileFields: config.registration?.collectProfileFields,
+            },
+            mfa: {
+                enabled: config.mfa?.enabled ?? false,
+                methods: config.mfa?.methods?.map((m) => m.toString()) ?? [],
+                allowUserToggle: config.mfa?.allowUserToggle ?? true,
+                allowMethodSelection: config.mfa?.allowMethodSelection ?? true,
+            },
+            tenants: {
+                mode: config.defaultTenant ? 'single' : 'multi',
+                defaultTenantId,
+                options: tenants,
+            },
+            sso: {
+                enabled: Boolean(config.google || config.facebook || config.apple || config.github),
+                providers: ssoProviders,
+            },
+        };
+        // Allow customization via factory function
+        if (config.clientConfig?.factory) {
+            const customized = await config.clientConfig.factory(defaultConfig, {
+                configService: this.authConfig,
+                tenantService: this.tenantService,
+            });
+            return customized ?? defaultConfig;
+        }
+        return defaultConfig;
+    }
+    private async fetchTenants(): Promise<Array<{ id: string; name: string; slug: string; isActive: boolean; metadata?: Record<string, any> }>> {
+        try {
+            const tenants = await this.tenantService.getTenants({
+                select: ['id', 'name', 'slug', 'metadata', 'isActive'],
+                order: { name: 'ASC' },
+            });
+            return tenants.map((tenant) => ({
+                id: tenant.id,
+                name: tenant.name,
+                slug: tenant.slug,
+                metadata: tenant.metadata ?? {},
+                isActive: tenant.isActive,
+            }));
+        } catch (error) {
+            // Return empty array if tenant service fails (e.g., in single-tenant mode)
+            return [];
+        }
+    }
+    private async resolveDefaultTenantId(
+        options?: { slug?: string; domain?: string },
+    ): Promise<string | null> {
+        if (!options?.slug && !options?.domain) {
+            return null;
+        }
+        try {
+            const tenant = options.slug
+                ? await this.tenantService.getTenantBySlug(options.slug)
+                : await this.tenantService.getTenantByDomain(options.domain!);
+            return tenant?.id ?? null;
+        } catch (error) {
+            return null;
+        }
+    }
+}

package/src/lib/auth/services/cookie.service.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import { Injectable } from '@nestjs/common';
+import { Response } from 'express';
+import { ACCESS_TOKEN_COOKIE_NAME, REFRESH_TOKEN_COOKIE_NAME } from '../../auth.constants';
+import { AuthModuleOptions } from '../../core/interfaces/auth-module-options.interface';
+import ms from 'ms';
+import { AuthConfigService } from '../../core/services/auth-config.service';
+@Injectable()
+export class CookieService {
+    private options: AuthModuleOptions;
+    constructor() {
+        this.options = AuthConfigService.getOptions();
+    }
+    setAccessTokenCookie(response: Response, token: string): void {
+        response.cookie(ACCESS_TOKEN_COOKIE_NAME, token, {
+            httpOnly: true,
+            secure: this.options.cookieOptions.secure,
+            sameSite: this.options.cookieOptions.sameSite,
+            maxAge: ms(this.options.session.sessionExpiry),
+        });
+    }
+    setRefreshTokenCookie(response: Response, token: string): void {
+        response.cookie(REFRESH_TOKEN_COOKIE_NAME, token, {
+            httpOnly: true,
+            secure: this.options.cookieOptions.secure,
+            sameSite: this.options.cookieOptions.sameSite,
+            maxAge: ms(this.options.session.refreshTokenExpiry),
+        });
+    }
+    clearCookies(response: Response): void {
+        response.clearCookie(ACCESS_TOKEN_COOKIE_NAME);
+        response.clearCookie(REFRESH_TOKEN_COOKIE_NAME);
+    }
+    setTokens(response: Response, accessToken: string, refreshToken: string): void {
+        this.setAccessTokenCookie(response, accessToken);
+        this.setRefreshTokenCookie(response, refreshToken);
+    }
+}

package/src/lib/auth/services/mfa.service.ts ADDED Viewed

@@ -0,0 +1,391 @@
+import { ForbiddenException, Injectable, UnauthorizedException } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { MoreThan, Repository } from 'typeorm';
+import { NestAuthMFASecret } from '../../auth/entities/mfa-secret.entity';
+import speakeasy from 'speakeasy';
+import qrcode from 'qrcode';
+import { MFAMethodEnum, MFAOptions } from '../../core/interfaces/mfa-options.interface';
+import { INVALID_MFA_EXCEPTION_CODE, USER_NOT_FOUND_EXCEPTION_CODE } from '../../auth.constants';
+import { NestAuthUser } from '../../user/entities/user.entity';
+import { NestAuthOTP } from '../../auth/entities/otp.entity';
+import { OTPTypeEnum } from '../../core/interfaces/otp.interface';
+import { generateOtp } from '../../utils/otp';
+import ms from 'ms';
+import { AuthConfigService } from '../../core/services/auth-config.service';
+@Injectable()
+export class MfaService {
+    mfaConfig: MFAOptions
+    constructor(
+        @InjectRepository(NestAuthMFASecret)
+        private mfaSecretRepository: Repository<NestAuthMFASecret>,
+        @InjectRepository(NestAuthUser)
+        private userRepository: Repository<NestAuthUser>,
+        @InjectRepository(NestAuthOTP)
+        private otpRepository: Repository<NestAuthOTP>,
+    ) {
+        this.mfaConfig = AuthConfigService.getOptions().mfa;
+    }
+    requireMfaEnabledForApp(throwError: boolean = true) {
+        if (!this.mfaConfig.enabled) {
+            if (throwError) {
+                throw new ForbiddenException('MFA is not enabled for the application');
+            }
+            return false;
+        }
+        return true;
+    }
+    private checkIsMfaEnabledForApp(throwError: boolean = true) {
+        return this.requireMfaEnabledForApp(throwError);
+    }
+    async getVerifiedMethods(userId: string): Promise<MFAMethodEnum[]> {
+        if (!this.requireMfaEnabledForApp(false)) {
+            return [];
+        }
+        const verifiedMethods: MFAMethodEnum[] = []
+        // Check for verified TOTP devices
+        const verifiedTotpDevice = await this.mfaSecretRepository.findOne({
+            where: {
+                userId,
+                verified: true,
+            },
+        });
+        if (verifiedTotpDevice && this.mfaConfig.methods?.includes(MFAMethodEnum.TOTP)) {
+            verifiedMethods.push(MFAMethodEnum.TOTP)
+        }
+        // Note: EMAIL and SMS methods are always available if configured
+        // They don't require pre-verification like TOTP does
+        // But we only include them if they're in the config
+        if (this.mfaConfig.methods?.includes(MFAMethodEnum.EMAIL)) {
+            verifiedMethods.push(MFAMethodEnum.EMAIL)
+        }
+        if (this.mfaConfig.methods?.includes(MFAMethodEnum.SMS)) {
+            verifiedMethods.push(MFAMethodEnum.SMS)
+        }
+        return verifiedMethods;
+    }
+    async getEnabledMethods(userId: string): Promise<MFAMethodEnum[]> {
+        if (!this.requireMfaEnabledForApp(false)) {
+            return [];
+        }
+        const isEnabled = await this.isMfaEnabled(userId)
+        if (!isEnabled) {
+            return [];
+        }
+        const enableMethod = []
+        if (this.mfaConfig.methods?.includes(MFAMethodEnum.EMAIL)) {
+            enableMethod.push(MFAMethodEnum.EMAIL)
+        }
+        if (this.mfaConfig.methods?.includes(MFAMethodEnum.SMS)) {
+            enableMethod.push(MFAMethodEnum.SMS)
+        }
+        const verifiedTotpDevice = await this.mfaSecretRepository.findOne({
+            where: {
+                userId,
+                verified: true,
+            },
+        });
+        if (verifiedTotpDevice) {
+            enableMethod.push(MFAMethodEnum.TOTP)
+        }
+        return enableMethod;
+    }
+    async sendMfaCode(userId: string, method: MFAMethodEnum): Promise<boolean> {
+        this.requireMfaEnabledForApp(true)
+        const code = generateOtp(this.mfaConfig.otpLength);
+        const expiresAt = ms(this.mfaConfig.otpExpiresIn)
+        const otp = await this.otpRepository.create({
+            userId,
+            type: OTPTypeEnum.MFA,
+            expiresAt: new Date(Date.now() + expiresAt),
+            code,
+        })
+        await this.otpRepository.save(otp);
+        if (method === MFAMethodEnum.EMAIL) {
+            // TODO: Send email
+        } else if (method === MFAMethodEnum.SMS) {
+            // TODO: Send SMS
+        }
+        return true;
+    }
+    async verifyMfa(userId: string, inputOtp: string, method: MFAMethodEnum): Promise<boolean> {
+        this.requireMfaEnabledForApp(true)
+        if (method === MFAMethodEnum.TOTP) {
+            const devices = await this.mfaSecretRepository.find({
+                where: { userId, verified: true }
+            });
+            for (const device of devices) {
+                const isValid = speakeasy.totp.verify({
+                    secret: device.secret,
+                    encoding: 'base32',
+                    token: inputOtp,
+                    window: 1
+                });
+                if (isValid) {
+                    // Update last used timestamp
+                    await this.mfaSecretRepository.update(
+                        { id: device.id },
+                        { lastUsedAt: new Date() }
+                    );
+                    return true;
+                }
+            }
+            return false;
+        }
+        if (method === MFAMethodEnum.EMAIL || method === MFAMethodEnum.SMS) {
+            const otp = await this.otpRepository.findOne({
+                where: {
+                    userId,
+                    type: OTPTypeEnum.MFA,
+                    used: false,
+                    expiresAt: MoreThan(new Date()),
+                    code: inputOtp
+                }
+            });
+            if (!otp) {
+                return false;
+            }
+            await this.otpRepository.delete(otp.id);
+            return true;
+        }
+        return false;
+    }
+    async setupTotpDevice(userId: string, deviceName?: string): Promise<{ secret: string; qrCode: string }> {
+        this.requireMfaEnabledForApp(true)
+        const user = await this.userRepository.findOne({ where: { id: userId } });
+        if (!user) {
+            throw new Error('User not found');
+        }
+        const secret = speakeasy.generateSecret();
+        await this.mfaSecretRepository.save({
+            userId,
+            secret: secret.base32,
+            deviceName: deviceName || 'Authenticator',
+            verified: false
+        });
+        const qrCode = await qrcode.toDataURL(secret.otpauth_url);
+        return { secret: secret.base32, qrCode };
+    }
+    async verifyTotpSetup(userId: string, secret: string, inputOtp: string): Promise<boolean> {
+        this.requireMfaEnabledForApp(true)
+        const device = await this.mfaSecretRepository.findOne({
+            where: { userId, secret }
+        });
+        if (device) {
+            if (device.verified) {
+                return true;
+            }
+            const isValid = speakeasy.totp.verify({
+                secret: device.secret,
+                encoding: 'base32',
+                token: inputOtp,
+                window: 1
+            });
+            if (isValid) {
+                await this.mfaSecretRepository.update({ id: device.id }, { verified: true });
+                return true;
+            }
+        }
+        return false;
+    }
+    async getTotpDevices(userId: string) {
+        this.requireMfaEnabledForApp(true)
+        const devices = await this.mfaSecretRepository.find({
+            select: ['id', 'deviceName', 'lastUsedAt', 'verified', 'createdAt'],
+            where: { userId },
+            order: { lastUsedAt: 'DESC', createdAt: 'DESC' }
+        });
+        return devices.map(device => ({
+            id: device.id,
+            deviceName: device.deviceName,
+            method: MFAMethodEnum.TOTP,
+            lastUsedAt: device.lastUsedAt,
+            createdAt: device.createdAt,
+            verified: device.verified,
+        }));
+    }
+    async removeDevice(deviceId: string): Promise<void> {
+        this.requireMfaEnabledForApp(true)
+        await this.mfaSecretRepository.delete({ id: deviceId });
+    }
+    async isRequiresMfa(userId: string): Promise<boolean> {
+        if (!this.mfaConfig.enabled) {
+            return false;
+        }
+        if (this.mfaConfig.required) {
+            return true;
+        }
+        const user = await this.userRepository.findOne({
+            select: ['id', 'isMfaEnabled'],
+            where: { id: userId },
+        });
+        return !!user?.isMfaEnabled;
+    }
+    async isMfaEnabled(userId: string): Promise<boolean> {
+        if (this.mfaConfig.enabled) {
+            const user = await this.userRepository.findOne({
+                select: ['id', 'isMfaEnabled'],
+                where: { id: userId },
+            });
+            return !!user?.isMfaEnabled;
+        }
+        return false;
+    }
+    async markAsVerified(userId: string, deviceId: string): Promise<void> {
+        this.requireMfaEnabledForApp(true)
+        await this.mfaSecretRepository.update(
+            { id: deviceId, userId },
+            { verified: true }
+        );
+    }
+    async enableMFA(userId: string) {
+        this.requireMfaEnabledForApp(true)
+        if (!this.mfaConfig.allowUserToggle) {
+            throw new Error('MFA toggling is not allowed');
+        }
+        const verifiedMethods = await this.getVerifiedMethods(userId);
+        if (verifiedMethods.length === 0) {
+            throw new ForbiddenException('Cannot enable MFA without at least one verified method');
+        }
+        await this.userRepository.update(userId, { isMfaEnabled: true });
+    }
+    async disableMFA(userId: string) {
+        this.checkIsMfaEnabledForApp(true);
+        if (!this.mfaConfig.allowUserToggle) {
+            throw new Error('MFA toggling is not allowed');
+        }
+        await this.userRepository.update(userId, { isMfaEnabled: false });
+    }
+    async removeTotpDevice(deviceId: string): Promise<void> {
+        this.checkIsMfaEnabledForApp(true)
+        await this.mfaSecretRepository.delete({ id: deviceId });
+    }
+    async generateRecoveryCode(userId: string): Promise<string> {
+        this.checkIsMfaEnabledForApp(true)
+        const secret = speakeasy.generateSecret({
+            name: `NestAuth:${userId}`,
+        });
+        await this.userRepository.update(userId, { mfaRecoveryCode: secret.base32 });
+        return secret.base32;
+    }
+    async resetMfa(userId: string, code: string): Promise<{ message: string }> {
+        this.checkIsMfaEnabledForApp(true)
+        const user = await this.userRepository.findOne({ where: { id: userId } });
+        if (!user) {
+            throw new UnauthorizedException({
+                message: 'User not found',
+                code: USER_NOT_FOUND_EXCEPTION_CODE
+            });
+        }
+        if (user.mfaRecoveryCode === code) {
+            // Delete recovery code
+            await this.userRepository.update(userId, { mfaRecoveryCode: null });
+            // Delete all mfa secrets
+            await this.mfaSecretRepository.delete({ userId });
+            return {
+                message: 'Recovery code verified',
+            };
+        }
+        throw new UnauthorizedException({
+            message: 'Invalid recovery code',
+            code: INVALID_MFA_EXCEPTION_CODE
+        });
+    }
+    getAvailableMethods(): MFAMethodEnum[] {
+        if (!this.requireMfaEnabledForApp(false)) {
+            return [];
+        }
+        return this.mfaConfig.methods ?? [];
+    }
+    async hasRecoveryCode(userId: string): Promise<boolean> {
+        if (!this.checkIsMfaEnabledForApp(false)) {
+            return false;
+        }
+        const user = await this.userRepository.findOne({
+            select: ['id', 'mfaRecoveryCode'],
+            where: { id: userId },
+        });
+        return Boolean(user?.mfaRecoveryCode);
+    }
+}

package/src/lib/auth.constants.ts ADDED Viewed

@@ -0,0 +1,63 @@
+export const AUTH_MODULE_OPTIONS = 'NEST_AUTH_AUTH_MODULE_OPTIONS';
+export const NEST_AUTH_ASYNC_OPTIONS_PROVIDER = 'NEST_AUTH_ASYNC_OPTIONS_PROVIDER';
+// Provider tokens
+export const JWT_AUTH_PROVIDER = 'jwt';
+export const GOOGLE_AUTH_PROVIDER = 'google';
+export const FACEBOOK_AUTH_PROVIDER = 'facebook';
+export const APPLE_AUTH_PROVIDER = 'apple';
+export const GITHUB_AUTH_PROVIDER = 'github';
+export const EMAIL_AUTH_PROVIDER = 'email';
+export const PHONE_AUTH_PROVIDER = 'phone';
+// Exception codes
+export const USER_NOT_FOUND_EXCEPTION_CODE = 'USER_NOT_FOUND';
+export const UNAUTHORIZED_EXCEPTION_CODE = 'UNAUTHORIZED';
+export const INVALID_MFA_EXCEPTION_CODE = 'INVALID_MFA';
+export const INVALID_REFRESH_TOKEN_EXCEPTION_CODE = 'INVALID_REFRESH_TOKEN';
+export const SESSION_NOT_FOUND_ERROR = 'SESSION_NOT_FOUND';
+export const USER_NOT_ACTIVE_ERROR = 'USER_NOT_ACTIVE';
+export const REFRESH_TOKEN_INVALID = 'REFRESH_TOKEN_INVALID';
+export const REFRESH_TOKEN_EXPIRED = 'REFRESH_TOKEN_EXPIRED';
+// Auth Cookie Names
+export const ACCESS_TOKEN_COOKIE_NAME = 'accessToken';
+export const REFRESH_TOKEN_COOKIE_NAME = 'refreshToken';
+// Default values
+export const DEFAULT_GUARD_NAME = 'web';
+// Events Const
+export const NestAuthEvents = {
+    EMAIL_VERIFICATION_REQUESTED: 'email.verification.requested',
+    EMAIL_VERIFIED: 'email.verified',
+    // Auth events
+    LOGGED_IN: 'nest_auth.logged_in',
+    REGISTERED: 'nest_auth.registered',
+    TWO_FACTOR_VERIFIED: 'nest_auth.two_factor_verified',
+    REFRESH_TOKEN: 'nest_auth.refresh_token',
+    PASSWORD_RESET_REQUESTED: 'nest_auth.password_reset_requested',
+    PASSWORD_RESET: 'nest_auth.password_reset',
+    LOGGED_OUT: 'nest_auth.logged_out',
+    LOGGED_OUT_ALL: 'nest_auth.logged_out_all',
+    // User events
+    USER_CREATED: 'nest_auth.user.created',
+    USER_UPDATED: 'nest_auth.user.updated',
+    USER_DELETED: 'nest_auth.user.deleted',
+    // Tenant events
+    TENANT_CREATED: 'nest_auth.tenant.created',
+    TENANT_UPDATED: 'nest_auth.tenant.updated',
+    TENANT_DELETED: 'nest_auth.tenant.deleted',
+    // Access key events
+    ACCESS_KEY_CREATED: 'nest_auth.access_key.created',
+    ACCESS_KEY_DELETED: 'nest_auth.access_key.deleted',
+    ACCESS_KEY_UPDATED: 'nest_auth.access_key.updated',
+    ACCESS_KEY_DEACTIVATED: 'nest_auth.access_key.deactivated',
+} as const;