npm - @ackplus/nest-auth - Versions diffs - 0.1.51 → 1.1.0 - Mend

@ackplus/nest-auth 0.1.51 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (505) hide show

package/README.md +6 -513
package/eslint.config.mjs +59 -0
package/jest.config.ts +10 -0
package/package.json +14 -44
package/project.json +86 -0
package/src/index.ts +30 -0
package/src/lib/admin-console/admin-console.module.ts +62 -0
package/src/lib/admin-console/controllers/admin-auth.controller.ts +339 -0
package/src/lib/admin-console/controllers/admin-console.controller.ts +82 -0
package/src/lib/admin-console/controllers/admin-permissions.controller.ts +180 -0
package/src/lib/admin-console/controllers/admin-roles.controller.ts +89 -0
package/src/lib/admin-console/controllers/admin-tenants.controller.ts +68 -0
package/src/lib/admin-console/controllers/admin-users.controller.ts +379 -0
package/src/lib/admin-console/decorators/current-admin.decorator.ts +9 -0
package/src/lib/admin-console/dto/admin-permission.dto.ts +106 -0
package/src/lib/admin-console/dto/admin-role.dto.ts +45 -0
package/src/lib/admin-console/dto/admin-tenant.dto.ts +43 -0
package/src/lib/admin-console/dto/admin-user.dto.ts +87 -0
package/src/lib/admin-console/dto/create-dashboard-admin.dto.ts +34 -0
package/src/lib/admin-console/dto/login.dto.ts +10 -0
package/src/lib/admin-console/dto/reset-password.dto.ts +21 -0
package/src/lib/admin-console/dto/setup-admin.dto.ts +23 -0
package/src/lib/admin-console/dto/signup.dto.ts +51 -0
package/src/lib/admin-console/entities/admin-user.entity.ts +74 -0
package/src/lib/admin-console/guards/admin-session.guard.ts +47 -0
package/src/lib/admin-console/services/admin-auth.service.ts +82 -0
package/src/lib/admin-console/services/admin-console-config.service.ts +62 -0
package/src/lib/admin-console/services/admin-session.service.ts +106 -0
package/src/lib/admin-console/services/admin-user.service.ts +96 -0
package/src/lib/admin-console/static/index.html +771 -0
package/src/lib/auth/auth.module.ts +58 -0
package/src/lib/auth/controllers/auth.controller.ts +393 -0
package/src/lib/auth/controllers/mfa.controller.ts +200 -0
package/src/lib/auth/dto/credentials/email-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/phone-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/social-credentials.dto.ts +15 -0
package/src/lib/auth/dto/index.ts +1 -0
package/src/lib/auth/dto/requests/change-password.request.dto.ts +34 -0
package/src/lib/auth/dto/requests/forgot-password.request.dto.ts +30 -0
package/src/lib/auth/dto/requests/initialize-admin.request.dto.ts +51 -0
package/src/lib/auth/dto/requests/login.request.dto.ts +65 -0
package/src/lib/auth/dto/requests/refresh-token.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/reset-password-with-token.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/reset-password.request.dto.ts +50 -0
package/src/lib/auth/dto/requests/send-email-verification.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.ts +19 -0
package/src/lib/auth/dto/requests/signup.request.dto.ts +42 -0
package/src/lib/auth/dto/requests/toggle-mfa.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/verify-2fa.request.dto.ts +24 -0
package/src/lib/auth/dto/requests/verify-email.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.ts +41 -0
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.ts +22 -0
package/src/lib/auth/dto/responses/auth-cookie.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth-success.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth.response.dto.ts +99 -0
package/src/lib/auth/dto/responses/client-config.response.dto.ts +153 -0
package/src/lib/auth/dto/responses/initialize-admin.response.dto.ts +22 -0
package/src/lib/auth/dto/responses/mfa-code-response.dto.ts +27 -0
package/src/lib/auth/dto/responses/mfa-status.response.dto.ts +89 -0
package/src/lib/auth/dto/responses/verify-otp.response.dto.ts +9 -0
package/src/lib/auth/entities/mfa-secret.entity.ts +33 -0
package/src/lib/auth/entities/otp.entity.ts +33 -0
package/src/lib/auth/events/{logged-out-all.event.d.ts → logged-out-all.event.ts} +6 -3
package/src/lib/auth/events/{logged-out.event.d.ts → logged-out.event.ts} +5 -3
package/src/lib/auth/events/{password-reset-requested.event.d.ts → password-reset-requested.event.ts} +6 -3
package/src/lib/auth/events/{password-reset.event.d.ts → password-reset.event.ts} +6 -3
package/src/lib/auth/events/{user-2fa-verified.event.d.ts → user-2fa-verified.event.ts} +6 -3
package/src/lib/auth/events/{user-logged-in.event.d.ts → user-logged-in.event.ts} +7 -3
package/src/lib/auth/events/{user-refresh-token.event.d.ts → user-refresh-token.event.ts} +6 -3
package/src/lib/auth/events/{user-registered.event.d.ts → user-registered.event.ts} +7 -3
package/src/lib/auth/guards/auth.guard.ts +386 -0
package/src/lib/auth/{index.d.ts → index.ts} +28 -1
package/src/lib/auth/interceptors/refresh-token.interceptor.ts +117 -0
package/src/lib/auth/services/auth.service.ts +947 -0
package/src/lib/auth/services/client-config.service.ts +157 -0
package/src/lib/auth/services/cookie.service.ts +43 -0
package/src/lib/auth/services/mfa.service.ts +391 -0
package/src/lib/auth.constants.ts +63 -0
package/src/lib/core/core.module.ts +50 -0
package/src/lib/core/decorators/auth.decorator.ts +38 -0
package/src/lib/core/decorators/permissions.decorator.ts +17 -0
package/src/lib/core/decorators/public.decorator.ts +33 -0
package/src/lib/core/decorators/role.decorator.ts +12 -0
package/src/lib/core/decorators/skip-mfa.decorator.ts +4 -0
package/src/lib/core/dto/message.response.dto.ts +6 -0
package/src/lib/core/{entities.d.ts → entities.ts} +18 -1
package/src/lib/core/{index.d.ts → index.ts} +17 -0
package/src/lib/core/interfaces/auth-module-options.interface.ts +211 -0
package/src/lib/core/interfaces/mfa-options.interface.ts +46 -0
package/src/lib/core/interfaces/otp.interface.ts +6 -0
package/src/lib/core/interfaces/session-options.interface.ts +19 -0
package/src/lib/core/interfaces/{token-payload.interface.d.ts → token-payload.interface.ts} +4 -1
package/src/lib/core/providers/apple-auth.provider.ts +61 -0
package/src/lib/core/providers/base-auth.provider.ts +74 -0
package/src/lib/core/providers/email-auth.provider.ts +71 -0
package/src/lib/core/providers/facebook-auth.provider.ts +55 -0
package/src/lib/core/providers/github-auth.provider.ts +79 -0
package/src/lib/core/providers/google-auth.provider.ts +61 -0
package/src/lib/core/providers/jwt-auth.provider.ts +50 -0
package/src/lib/core/providers/phone-auth.provider.ts +45 -0
package/src/lib/core/services/auth-config.service.ts +184 -0
package/src/lib/core/services/auth-provider-registry.service.ts +93 -0
package/src/lib/core/services/{debug-logger.service.js → debug-logger.service.ts} +92 -59
package/src/lib/core/services/initialization.service.ts +29 -0
package/src/lib/core/services/jwt.service.ts +137 -0
package/src/lib/nest-auth.module.ts +152 -0
package/src/lib/permission/entities/permission.entity.ts +56 -0
package/src/lib/permission/index.ts +4 -0
package/src/lib/permission/permission.module.ts +14 -0
package/src/lib/permission/services/permission.service.ts +233 -0
package/src/lib/request-context/index.ts +2 -0
package/src/lib/request-context/request-context.middleware.ts +13 -0
package/src/lib/request-context/{request-context.js → request-context.ts} +51 -27
package/src/lib/role/entities/role.entity.ts +103 -0
package/src/lib/role/{index.d.ts → index.ts} +2 -0
package/src/lib/role/role.module.ts +15 -0
package/src/lib/role/services/{role.service.js → role.service.ts} +117 -52
package/src/lib/session/entities/session.entity.ts +54 -0
package/src/lib/session/index.ts +20 -0
package/src/lib/session/interfaces/session-repository.interface.ts +58 -0
package/src/lib/session/repositories/base-session.repository.ts +74 -0
package/src/lib/session/repositories/memory-session.repository.ts +153 -0
package/src/lib/session/repositories/redis-session.repository.ts +171 -0
package/src/lib/session/repositories/typeorm-session.repository.ts +86 -0
package/src/lib/session/services/session-manager.service.ts +261 -0
package/src/lib/session/session.module.ts +102 -0
package/src/lib/session/utils/session.util.ts +166 -0
package/src/lib/tenant/entities/tenant.entity.ts +40 -0
package/src/lib/tenant/events/tenant-created.event.ts +9 -0
package/src/lib/tenant/events/tenant-deleted.event.ts +11 -0
package/src/lib/tenant/events/{tenant-updated.event.d.ts → tenant-updated.event.ts} +6 -3
package/src/lib/tenant/index.ts +9 -0
package/src/lib/tenant/services/tenant.service.ts +336 -0
package/src/lib/tenant/tenant.module.ts +19 -0
package/src/lib/types/express.d.ts +14 -0
package/src/lib/user/dto/requests/update-user.dto.ts +15 -0
package/src/lib/user/entities/access-key.entity.ts +53 -0
package/src/lib/user/entities/identity.entity.ts +31 -0
package/src/lib/user/entities/user.entity.ts +212 -0
package/src/lib/user/events/{user-created.event.d.ts → user-created.event.ts} +4 -3
package/src/lib/user/events/{user-deleted.event.d.ts → user-deleted.event.ts} +6 -3
package/src/lib/user/events/{user-updated.event.d.ts → user-updated.event.ts} +6 -3
package/src/lib/user/index.ts +11 -0
package/src/lib/user/services/access-key.service.ts +145 -0
package/src/lib/user/services/{user.service.js → user.service.ts} +199 -95
package/src/lib/user/user.module.ts +26 -0
package/src/lib/utils/database.utils.ts +6 -0
package/src/lib/utils/date.util.ts +106 -0
package/src/lib/utils/device.util.ts +111 -0
package/src/lib/utils/index.ts +6 -0
package/src/lib/utils/otp.ts +3 -0
package/src/lib/utils/security.util.ts +27 -0
package/src/lib/utils/slug.util.ts +58 -0
package/src/types/ms.d.ts +1 -0
package/test/access-key.service.spec.ts +204 -0
package/test/auth.service.spec.ts +541 -0
package/test/mfa.service.spec.ts +359 -0
package/test/role.service.spec.ts +418 -0
package/test/tenant.service.spec.ts +218 -0
package/test/test.setup.ts +66 -0
package/test/user.service.spec.ts +374 -0
package/tsconfig.json +17 -0
package/tsconfig.lib.json +15 -0
package/tsconfig.spec.json +15 -0
package/tsconfig.tsbuildinfo +1 -1
package/ui/.env +1 -0
package/ui/.env.example +1 -0
package/ui/.eslintignore +7 -0
package/ui/README.md +288 -0
package/ui/index.html +17 -0
package/ui/package.json +34 -0
package/ui/postcss.config.js +6 -0
package/ui/src/App.tsx +245 -0
package/ui/src/components/AuthGuard.tsx +59 -0
package/ui/src/components/AuthProvider.tsx +76 -0
package/ui/src/components/Button.tsx +37 -0
package/ui/src/components/Card.tsx +37 -0
package/ui/src/components/ErrorMessage.tsx +15 -0
package/ui/src/components/FormDialog.tsx +61 -0
package/ui/src/components/FormFooter.tsx +37 -0
package/ui/src/components/Layout.tsx +112 -0
package/ui/src/components/LoadingMessage.tsx +11 -0
package/ui/src/components/Modal.tsx +97 -0
package/ui/src/components/MultiSelect.tsx +145 -0
package/ui/src/components/PageHeader.tsx +42 -0
package/ui/src/components/PanelHeader.tsx +28 -0
package/ui/src/components/PermissionInput.tsx +473 -0
package/ui/src/components/SearchInput.tsx +69 -0
package/ui/src/components/Select.tsx +51 -0
package/ui/src/components/SwaggerUIWrapper.tsx +316 -0
package/ui/src/components/Table.tsx +207 -0
package/ui/src/components/Tag.tsx +9 -0
package/ui/src/components/TagsInput.tsx +96 -0
package/ui/src/components/admin/AdminForm.tsx +170 -0
package/ui/src/components/admin/CreateAdminDialog.tsx +38 -0
package/ui/src/components/auth/LoginFooter.tsx +17 -0
package/ui/src/components/auth/LoginHeader.tsx +14 -0
package/ui/src/components/auth/components/CodeBlock.tsx +43 -0
package/ui/src/components/auth/components/CreateAccountCodeExamples.tsx +60 -0
package/ui/src/components/auth/components/PasswordRequirements.tsx +16 -0
package/ui/src/components/auth/components/PasswordStrengthIndicator.tsx +48 -0
package/ui/src/components/auth/components/ResetPasswordCodeExamples.tsx +76 -0
package/ui/src/components/auth/components/Tabs.tsx +32 -0
package/ui/src/components/auth/dialogs/CreateAccountDialog.tsx +79 -0
package/ui/src/components/auth/dialogs/ForgotPasswordDialog.tsx +79 -0
package/ui/src/components/auth/forms/CreateAccountForm.tsx +226 -0
package/ui/src/components/auth/forms/LoginForm.tsx +149 -0
package/ui/src/components/auth/forms/ResetPasswordForm.tsx +202 -0
package/ui/src/components/auth/types.ts +17 -0
package/ui/src/components/auth/utils/security.ts +82 -0
package/ui/src/components/auth/utils/utils.ts +25 -0
package/ui/src/components/form/EmailField.tsx +25 -0
package/ui/src/components/form/FormField.tsx +102 -0
package/ui/src/components/form/FormMultiSelect.tsx +46 -0
package/ui/src/components/form/FormSelect.tsx +60 -0
package/ui/src/components/form/FormTagsInput.tsx +42 -0
package/ui/src/components/form/FormTextarea.tsx +42 -0
package/ui/src/components/form/PasswordField.tsx +93 -0
package/ui/src/components/form/SecretKeyField.tsx +49 -0
package/ui/src/components/permission/CreatePermissionDialog.tsx +44 -0
package/ui/src/components/permission/EditPermissionDialog.tsx +55 -0
package/ui/src/components/permission/PermissionForm.tsx +251 -0
package/ui/src/components/role/CreateRoleDialog.tsx +45 -0
package/ui/src/components/role/EditRoleDialog.tsx +55 -0
package/ui/src/components/role/RoleDialog.tsx +252 -0
package/ui/src/components/role/RoleForm.tsx +246 -0
package/ui/src/components/tenant/CreateTenantDialog.tsx +41 -0
package/ui/src/components/tenant/EditTenantDialog.tsx +52 -0
package/ui/src/components/tenant/TenantForm.tsx +160 -0
package/ui/src/components/user/CreateUserDialog.tsx +45 -0
package/ui/src/components/user/UserDetailModal.tsx +815 -0
package/ui/src/components/user/UserForm.tsx +191 -0
package/ui/src/data/nest-auth.json +1687 -0
package/ui/src/hooks/useApi.ts +69 -0
package/ui/src/hooks/useAuth.ts +100 -0
package/ui/src/hooks/useConfirm.tsx +105 -0
package/ui/src/hooks/useFormFooter.tsx +42 -0
package/ui/src/hooks/usePagination.ts +69 -0
package/ui/src/index.css +59 -0
package/ui/src/main.tsx +13 -0
package/ui/src/pages/AdminsPage.tsx +178 -0
package/ui/src/pages/ApiPage.tsx +89 -0
package/ui/src/pages/DashboardPage.tsx +281 -0
package/ui/src/pages/LoginPage.tsx +39 -0
package/ui/src/pages/PermissionsPage.tsx +376 -0
package/ui/src/pages/RolesPage.tsx +274 -0
package/ui/src/pages/TenantsPage.tsx +221 -0
package/ui/src/pages/UsersPage.tsx +387 -0
package/ui/src/services/api.ts +115 -0
package/ui/src/types/index.ts +136 -0
package/ui/src/vite-env.d.ts +9 -0
package/ui/tailwind.config.js +45 -0
package/ui/tsconfig.json +24 -0
package/ui/tsconfig.node.json +10 -0
package/ui/vite.config.ts +37 -0
package/ui/yarn.lock +3137 -0
package/src/index.d.ts +0 -11
package/src/index.js +0 -18
package/src/index.js.map +0 -1
package/src/lib/auth/auth.module.d.ts +0 -2
package/src/lib/auth/auth.module.js +0 -54
package/src/lib/auth/auth.module.js.map +0 -1
package/src/lib/auth/controllers/auth.controller.d.ts +0 -29
package/src/lib/auth/controllers/auth.controller.js +0 -206
package/src/lib/auth/controllers/auth.controller.js.map +0 -1
package/src/lib/auth/controllers/mfa.controller.d.ts +0 -23
package/src/lib/auth/controllers/mfa.controller.js +0 -131
package/src/lib/auth/controllers/mfa.controller.js.map +0 -1
package/src/lib/auth/dto/index.d.ts +0 -0
package/src/lib/auth/dto/index.js +0 -1
package/src/lib/auth/dto/index.js.map +0 -1
package/src/lib/auth/dto/requests/forgot-password.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/forgot-password.request.dto.js +0 -30
package/src/lib/auth/dto/requests/forgot-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/login.request.dto.d.ts +0 -6
package/src/lib/auth/dto/requests/login.request.dto.js +0 -38
package/src/lib/auth/dto/requests/login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/refresh-token.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/refresh-token.request.dto.js +0 -15
package/src/lib/auth/dto/requests/refresh-token.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/reset-password.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/reset-password.request.dto.js +0 -42
package/src/lib/auth/dto/requests/reset-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js +0 -16
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/signup.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/signup.request.dto.js +0 -37
package/src/lib/auth/dto/requests/signup.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/social-login.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/social-login.request.dto.js +0 -16
package/src/lib/auth/dto/requests/social-login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-2fa.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js +0 -21
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.d.ts +0 -6
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js +0 -35
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js +0 -20
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js.map +0 -1
package/src/lib/auth/dto/responses/auth.response.dto.d.ts +0 -16
package/src/lib/auth/dto/responses/auth.response.dto.js +0 -50
package/src/lib/auth/dto/responses/auth.response.dto.js.map +0 -1
package/src/lib/auth/entities/mfa-secret.entity.d.ts +0 -12
package/src/lib/auth/entities/mfa-secret.entity.js +0 -50
package/src/lib/auth/entities/mfa-secret.entity.js.map +0 -1
package/src/lib/auth/entities/otp.entity.d.ts +0 -13
package/src/lib/auth/entities/otp.entity.js +0 -50
package/src/lib/auth/entities/otp.entity.js.map +0 -1
package/src/lib/auth/events/logged-out-all.event.js +0 -10
package/src/lib/auth/events/logged-out-all.event.js.map +0 -1
package/src/lib/auth/events/logged-out.event.js +0 -10
package/src/lib/auth/events/logged-out.event.js.map +0 -1
package/src/lib/auth/events/password-reset-requested.event.js +0 -10
package/src/lib/auth/events/password-reset-requested.event.js.map +0 -1
package/src/lib/auth/events/password-reset.event.js +0 -10
package/src/lib/auth/events/password-reset.event.js.map +0 -1
package/src/lib/auth/events/user-2fa-verified.event.js +0 -10
package/src/lib/auth/events/user-2fa-verified.event.js.map +0 -1
package/src/lib/auth/events/user-logged-in.event.js +0 -10
package/src/lib/auth/events/user-logged-in.event.js.map +0 -1
package/src/lib/auth/events/user-refresh-token.event.js +0 -10
package/src/lib/auth/events/user-refresh-token.event.js.map +0 -1
package/src/lib/auth/events/user-registered.event.js +0 -10
package/src/lib/auth/events/user-registered.event.js.map +0 -1
package/src/lib/auth/guards/auth.guard.d.ts +0 -28
package/src/lib/auth/guards/auth.guard.js +0 -304
package/src/lib/auth/guards/auth.guard.js.map +0 -1
package/src/lib/auth/index.js +0 -31
package/src/lib/auth/index.js.map +0 -1
package/src/lib/auth/services/auth.service.d.ts +0 -53
package/src/lib/auth/services/auth.service.js +0 -522
package/src/lib/auth/services/auth.service.js.map +0 -1
package/src/lib/auth/services/cookie.service.d.ts +0 -9
package/src/lib/auth/services/cookie.service.js +0 -43
package/src/lib/auth/services/cookie.service.js.map +0 -1
package/src/lib/auth/services/mfa.service.d.ts +0 -38
package/src/lib/auth/services/mfa.service.js +0 -254
package/src/lib/auth/services/mfa.service.js.map +0 -1
package/src/lib/auth.constants.d.ts +0 -39
package/src/lib/auth.constants.js +0 -43
package/src/lib/auth.constants.js.map +0 -1
package/src/lib/core/core.module.d.ts +0 -2
package/src/lib/core/core.module.js +0 -53
package/src/lib/core/core.module.js.map +0 -1
package/src/lib/core/decorators/auth.decorator.d.ts +0 -1
package/src/lib/core/decorators/auth.decorator.js +0 -8
package/src/lib/core/decorators/auth.decorator.js.map +0 -1
package/src/lib/core/decorators/permissions.decorator.d.ts +0 -2
package/src/lib/core/decorators/permissions.decorator.js +0 -14
package/src/lib/core/decorators/permissions.decorator.js.map +0 -1
package/src/lib/core/decorators/role.decorator.d.ts +0 -3
package/src/lib/core/decorators/role.decorator.js +0 -14
package/src/lib/core/decorators/role.decorator.js.map +0 -1
package/src/lib/core/decorators/skip-mfa.decorator.d.ts +0 -2
package/src/lib/core/decorators/skip-mfa.decorator.js +0 -8
package/src/lib/core/decorators/skip-mfa.decorator.js.map +0 -1
package/src/lib/core/dto/message.response.dto.d.ts +0 -3
package/src/lib/core/dto/message.response.dto.js +0 -13
package/src/lib/core/dto/message.response.dto.js.map +0 -1
package/src/lib/core/entities.js +0 -31
package/src/lib/core/entities.js.map +0 -1
package/src/lib/core/index.js +0 -27
package/src/lib/core/index.js.map +0 -1
package/src/lib/core/interfaces/auth-module-options.interface.d.ts +0 -62
package/src/lib/core/interfaces/auth-module-options.interface.js +0 -3
package/src/lib/core/interfaces/auth-module-options.interface.js.map +0 -1
package/src/lib/core/interfaces/mfa-options.interface.d.ts +0 -25
package/src/lib/core/interfaces/mfa-options.interface.js +0 -10
package/src/lib/core/interfaces/mfa-options.interface.js.map +0 -1
package/src/lib/core/interfaces/otp.interface.d.ts +0 -5
package/src/lib/core/interfaces/otp.interface.js +0 -10
package/src/lib/core/interfaces/otp.interface.js.map +0 -1
package/src/lib/core/interfaces/session-options.interface.d.ts +0 -12
package/src/lib/core/interfaces/session-options.interface.js +0 -9
package/src/lib/core/interfaces/session-options.interface.js.map +0 -1
package/src/lib/core/interfaces/token-payload.interface.js +0 -3
package/src/lib/core/interfaces/token-payload.interface.js.map +0 -1
package/src/lib/core/providers/apple-auth.provider.d.ts +0 -18
package/src/lib/core/providers/apple-auth.provider.js +0 -57
package/src/lib/core/providers/apple-auth.provider.js.map +0 -1
package/src/lib/core/providers/base-auth.provider.d.ts +0 -26
package/src/lib/core/providers/base-auth.provider.js +0 -43
package/src/lib/core/providers/base-auth.provider.js.map +0 -1
package/src/lib/core/providers/email-auth.provider.d.ts +0 -17
package/src/lib/core/providers/email-auth.provider.js +0 -40
package/src/lib/core/providers/email-auth.provider.js.map +0 -1
package/src/lib/core/providers/facebook-auth.provider.d.ts +0 -18
package/src/lib/core/providers/facebook-auth.provider.js +0 -56
package/src/lib/core/providers/facebook-auth.provider.js.map +0 -1
package/src/lib/core/providers/google-auth.provider.d.ts +0 -21
package/src/lib/core/providers/google-auth.provider.js +0 -58
package/src/lib/core/providers/google-auth.provider.js.map +0 -1
package/src/lib/core/providers/jwt-auth.provider.d.ts +0 -33
package/src/lib/core/providers/jwt-auth.provider.js +0 -50
package/src/lib/core/providers/jwt-auth.provider.js.map +0 -1
package/src/lib/core/providers/phone-auth.provider.d.ts +0 -18
package/src/lib/core/providers/phone-auth.provider.js +0 -43
package/src/lib/core/providers/phone-auth.provider.js.map +0 -1
package/src/lib/core/services/auth-config.service.d.ts +0 -12
package/src/lib/core/services/auth-config.service.js +0 -79
package/src/lib/core/services/auth-config.service.js.map +0 -1
package/src/lib/core/services/auth-provider-registry.service.d.ts +0 -24
package/src/lib/core/services/auth-provider-registry.service.js +0 -71
package/src/lib/core/services/auth-provider-registry.service.js.map +0 -1
package/src/lib/core/services/debug-logger.service.d.ts +0 -38
package/src/lib/core/services/debug-logger.service.js.map +0 -1
package/src/lib/core/services/initialization.service.d.ts +0 -10
package/src/lib/core/services/initialization.service.js +0 -34
package/src/lib/core/services/initialization.service.js.map +0 -1
package/src/lib/core/services/jwt.service.d.ts +0 -14
package/src/lib/core/services/jwt.service.js +0 -92
package/src/lib/core/services/jwt.service.js.map +0 -1
package/src/lib/nest-auth.module.d.ts +0 -11
package/src/lib/nest-auth.module.js +0 -177
package/src/lib/nest-auth.module.js.map +0 -1
package/src/lib/request-context/request-context.d.ts +0 -22
package/src/lib/request-context/request-context.js.map +0 -1
package/src/lib/request-context/request-context.middleware.d.ts +0 -4
package/src/lib/request-context/request-context.middleware.js +0 -16
package/src/lib/request-context/request-context.middleware.js.map +0 -1
package/src/lib/role/entities/role.entity.d.ts +0 -20
package/src/lib/role/entities/role.entity.js +0 -110
package/src/lib/role/entities/role.entity.js.map +0 -1
package/src/lib/role/index.js +0 -5
package/src/lib/role/index.js.map +0 -1
package/src/lib/role/role.module.d.ts +0 -2
package/src/lib/role/role.module.js +0 -23
package/src/lib/role/role.module.js.map +0 -1
package/src/lib/role/services/role.service.d.ts +0 -20
package/src/lib/role/services/role.service.js.map +0 -1
package/src/lib/session/entities/session.entity.d.ts +0 -16
package/src/lib/session/entities/session.entity.js +0 -63
package/src/lib/session/entities/session.entity.js.map +0 -1
package/src/lib/session/index.d.ts +0 -3
package/src/lib/session/index.js +0 -7
package/src/lib/session/index.js.map +0 -1
package/src/lib/session/services/base-session.service.d.ts +0 -23
package/src/lib/session/services/base-session.service.js +0 -64
package/src/lib/session/services/base-session.service.js.map +0 -1
package/src/lib/session/services/database-session.service.d.ts +0 -17
package/src/lib/session/services/database-session.service.js +0 -51
package/src/lib/session/services/database-session.service.js.map +0 -1
package/src/lib/session/services/redis-session.service.d.ts +0 -20
package/src/lib/session/services/redis-session.service.js +0 -117
package/src/lib/session/services/redis-session.service.js.map +0 -1
package/src/lib/session/session.module.d.ts +0 -2
package/src/lib/session/session.module.js +0 -33
package/src/lib/session/session.module.js.map +0 -1
package/src/lib/tenant/entities/tenant.entity.d.ts +0 -10
package/src/lib/tenant/entities/tenant.entity.js +0 -44
package/src/lib/tenant/entities/tenant.entity.js.map +0 -1
package/src/lib/tenant/events/tenant-created.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-created.event.js +0 -10
package/src/lib/tenant/events/tenant-created.event.js.map +0 -1
package/src/lib/tenant/events/tenant-deleted.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-deleted.event.js +0 -10
package/src/lib/tenant/events/tenant-deleted.event.js.map +0 -1
package/src/lib/tenant/events/tenant-updated.event.js +0 -10
package/src/lib/tenant/events/tenant-updated.event.js.map +0 -1
package/src/lib/tenant/index.d.ts +0 -1
package/src/lib/tenant/index.js +0 -5
package/src/lib/tenant/index.js.map +0 -1
package/src/lib/tenant/services/tenant.service.d.ts +0 -26
package/src/lib/tenant/services/tenant.service.js +0 -200
package/src/lib/tenant/services/tenant.service.js.map +0 -1
package/src/lib/tenant/tenant.module.d.ts +0 -2
package/src/lib/tenant/tenant.module.js +0 -27
package/src/lib/tenant/tenant.module.js.map +0 -1
package/src/lib/user/dto/requests/update-user.dto.d.ts +0 -5
package/src/lib/user/dto/requests/update-user.dto.js +0 -24
package/src/lib/user/dto/requests/update-user.dto.js.map +0 -1
package/src/lib/user/entities/access-key.entity.d.ts +0 -16
package/src/lib/user/entities/access-key.entity.js +0 -63
package/src/lib/user/entities/access-key.entity.js.map +0 -1
package/src/lib/user/entities/identity.entity.d.ts +0 -12
package/src/lib/user/entities/identity.entity.js +0 -47
package/src/lib/user/entities/identity.entity.js.map +0 -1
package/src/lib/user/entities/user.entity.d.ts +0 -39
package/src/lib/user/entities/user.entity.js +0 -201
package/src/lib/user/entities/user.entity.js.map +0 -1
package/src/lib/user/events/user-created.event.js +0 -10
package/src/lib/user/events/user-created.event.js.map +0 -1
package/src/lib/user/events/user-deleted.event.js +0 -10
package/src/lib/user/events/user-deleted.event.js.map +0 -1
package/src/lib/user/events/user-updated.event.js +0 -10
package/src/lib/user/events/user-updated.event.js.map +0 -1
package/src/lib/user/index.d.ts +0 -3
package/src/lib/user/index.js +0 -7
package/src/lib/user/index.js.map +0 -1
package/src/lib/user/services/access-key.service.d.ts +0 -19
package/src/lib/user/services/access-key.service.js +0 -119
package/src/lib/user/services/access-key.service.js.map +0 -1
package/src/lib/user/services/user.service.d.ts +0 -24
package/src/lib/user/services/user.service.js.map +0 -1
package/src/lib/user/user.module.d.ts +0 -2
package/src/lib/user/user.module.js +0 -34
package/src/lib/user/user.module.js.map +0 -1
package/src/lib/utils/database.utils.d.ts +0 -2
package/src/lib/utils/database.utils.js +0 -8
package/src/lib/utils/database.utils.js.map +0 -1
package/src/lib/utils/otp.d.ts +0 -1
package/src/lib/utils/otp.js +0 -7
package/src/lib/utils/otp.js.map +0 -1

package/src/lib/core/core.module.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { AuthProviderRegistryService } from './services/auth-provider-registry.service';
+import { AppleAuthProvider } from './providers/apple-auth.provider';
+import { JwtAuthProvider } from './providers/jwt-auth.provider';
+import { EmailAuthProvider } from './providers/email-auth.provider';
+import { FacebookAuthProvider } from './providers/facebook-auth.provider';
+import { GoogleAuthProvider } from './providers/google-auth.provider';
+import { GitHubAuthProvider } from './providers/github-auth.provider';
+import { PhoneAuthProvider } from './providers/phone-auth.provider';
+import { JwtService } from './services/jwt.service';
+import { AuthConfigService } from './services/auth-config.service';
+import { InitializationService } from './services/initialization.service';
+import { DebugLoggerService } from './services/debug-logger.service';
+import { TenantModule } from '../tenant/tenant.module';
+import { NestAuthUser } from '../user/entities/user.entity';
+import { NestAuthIdentity } from '../user/entities/identity.entity';
+/**
+ * CoreModule provides core authentication services and providers.
+ * Imports TypeOrmModule.forFeature to provide DataSource for auth providers.
+ */
+@Module({
+    imports: [
+        TypeOrmModule.forFeature([NestAuthUser, NestAuthIdentity]),
+        TenantModule
+    ],
+    providers: [
+        AuthConfigService,
+        DebugLoggerService,
+        JwtService,
+        AuthProviderRegistryService,
+        EmailAuthProvider,
+        PhoneAuthProvider,
+        JwtAuthProvider,
+        GoogleAuthProvider,
+        FacebookAuthProvider,
+        AppleAuthProvider,
+        GitHubAuthProvider,
+        InitializationService,
+    ],
+    exports: [
+        JwtService,
+        AuthProviderRegistryService,
+        AuthConfigService,
+        DebugLoggerService,
+        InitializationService,
+    ],
+})
+export class CoreModule { }

package/src/lib/core/decorators/auth.decorator.ts ADDED Viewed

@@ -0,0 +1,38 @@
+import { UseGuards, applyDecorators, SetMetadata } from '@nestjs/common';
+import { NestAuthAuthGuard, OPTIONAL_AUTH_KEY } from '../../auth/guards/auth.guard';
+/**
+ * Flexible Authentication Decorator
+ *
+ * This decorator applies the NestAuthAuthGuard with configurable authentication mode:
+ *
+ * @param optional - If true, authentication becomes optional (no errors thrown for missing/invalid tokens)
+ *
+ * @example Required Authentication (default behavior):
+ * ```typescript
+ * @Get('protected')
+ * @Auth() // or @Auth(false)
+ * async getProtectedData(@Request() req) {
+ *   const user = req.user; // Will always exist or request fails
+ *   return this.getProtectedData(user.id);
+ * }
+ * ```
+ *
+ * @example Optional Authentication:
+ * ```typescript
+ * @Get('posts')
+ * @Auth(true) // Optional authentication
+ * async getPosts(@Request() req) {
+ *   const user = req.user; // Will be null if not authenticated
+ *   if (user) {
+ *     return this.getPersonalizedPosts(user.id);
+ *   } else {
+ *     return this.getPublicPosts();
+ *   }
+ * }
+ * ```
+ */
+export const Auth = (optional: boolean = false) => applyDecorators(
+    SetMetadata(OPTIONAL_AUTH_KEY, optional),
+    UseGuards(NestAuthAuthGuard)
+);

package/src/lib/core/decorators/permissions.decorator.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { SetMetadata } from '@nestjs/common';
+export const PERMISSIONS_KEY = 'nest_auth_permissions';
+/**
+ * Decorator to specify required permissions for a route
+ * @param permissions - Array of permission strings or single permission string
+ * @returns Decorator function
+ */
+export function NestAuthPermissions(permissions: string[] | string) {
+    return (target: any, key?: string, descriptor?: PropertyDescriptor) => {
+        if (descriptor) {
+            Reflect.defineMetadata(PERMISSIONS_KEY, permissions, descriptor.value);
+        }
+        return descriptor;
+    };
+}

package/src/lib/core/decorators/public.decorator.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import { SetMetadata } from '@nestjs/common';
+/**
+ * Key for public route metadata
+ * Used to mark routes that should skip authentication when global guard is enabled
+ */
+export const IS_PUBLIC_KEY = 'isPublic';
+/**
+ * @Public decorator
+ *
+ * Use this decorator to skip authentication on specific routes when enableGlobalGuard is true.
+ *
+ * @example
+ * ```typescript
+ * @Controller('users')
+ * export class UsersController {
+ *   // This route is public - no authentication required
+ *   @Public()
+ *   @Get('info')
+ *   getPublicInfo() {
+ *     return { info: 'public data' };
+ *   }
+ *
+ *   // This route requires authentication (protected by global guard)
+ *   @Get('profile')
+ *   getProfile(@Request() req) {
+ *     return req.user;
+ *   }
+ * }
+ * ```
+ */
+export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);

package/src/lib/core/decorators/role.decorator.ts ADDED Viewed

@@ -0,0 +1,12 @@
+export const ROLES_KEY = 'nest_auth_roles';
+export const GUARD_KEY = 'nest_auth_guard';
+export function NestAuthRoles(roles: string[] | string, guard?: string) {
+    return (target: any, key: string, descriptor: PropertyDescriptor) => {
+        Reflect.defineMetadata(ROLES_KEY, roles, descriptor.value);
+        Reflect.defineMetadata(GUARD_KEY, guard, descriptor.value);
+        return descriptor;
+    };
+}

package/src/lib/core/decorators/skip-mfa.decorator.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+export const SKIP_MFA_KEY = 'skipMfa';
+export const SkipMfa = () => SetMetadata(SKIP_MFA_KEY, true);

package/src/lib/core/dto/message.response.dto.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { ApiProperty } from '@nestjs/swagger';
+export class MessageResponseDto {
+    @ApiProperty({ description: 'Response message' })
+    message: string;
+}

package/src/lib/core/{entities.d.ts → entities.ts} RENAMED Viewed

@@ -6,6 +6,9 @@ import { NestAuthRole } from '../role/entities/role.entity';
 import { NestAuthMFASecret } from '../auth/entities/mfa-secret.entity';
 import { NestAuthOTP } from '../auth/entities/otp.entity';
 import { NestAuthSession } from '../session/entities/session.entity';
+import { NestAuthPermission } from '../permission/entities/permission.entity';
+import { AdminUser as NestAuthAdminUser } from '../admin-console/entities/admin-user.entity';
 export * from '../user/entities/user.entity';
 export * from '../user/entities/identity.entity';
 export * from '../user/entities/access-key.entity';
@@ -14,4 +17,18 @@ export * from '../role/entities/role.entity';
 export * from '../auth/entities/mfa-secret.entity';
 export * from '../auth/entities/otp.entity';
 export * from '../session/entities/session.entity';
-export declare const NestAuthEntities: (typeof NestAuthTenant | typeof NestAuthIdentity | typeof NestAuthUser | typeof NestAuthSession | typeof NestAuthOTP | typeof NestAuthMFASecret | typeof NestAuthRole | typeof NestAuthAccessKey)[];
+export * from '../permission/entities/permission.entity';
+export { AdminUser as NestAuthAdminUser } from '../admin-console/entities/admin-user.entity';
+export const NestAuthEntities = [
+    NestAuthUser,
+    NestAuthIdentity,
+    NestAuthRole,
+    NestAuthTenant,
+    NestAuthMFASecret,
+    NestAuthSession,
+    NestAuthOTP,
+    NestAuthAccessKey,
+    NestAuthPermission,
+    NestAuthAdminUser,
+];

package/src/lib/core/{index.d.ts → index.ts} RENAMED Viewed

@@ -1,23 +1,40 @@
+// Decorators
 export * from './decorators/role.decorator';
 export * from './decorators/permissions.decorator';
 export * from './decorators/skip-mfa.decorator';
 export * from './decorators/auth.decorator';
+// Interfaces
 export * from './interfaces/auth-module-options.interface';
 export * from './interfaces/mfa-options.interface';
 export * from './interfaces/session-options.interface';
 export * from './interfaces/token-payload.interface';
+// Entities
 export * from './entities';
+// DTOs
 export * from './dto/message.response.dto';
+// Interface
 export * from './interfaces/auth-module-options.interface';
 export * from './interfaces/mfa-options.interface';
 export * from './interfaces/session-options.interface';
 export * from './interfaces/token-payload.interface';
 export * from './interfaces/otp.interface';
+// Providers
+export * from './providers/base-auth.provider';
 export * from './providers/email-auth.provider';
 export * from './providers/phone-auth.provider';
 export * from './providers/jwt-auth.provider';
 export * from './providers/google-auth.provider';
 export * from './providers/facebook-auth.provider';
 export * from './providers/apple-auth.provider';
+export * from './providers/github-auth.provider';
+// Services
 export * from './services/auth-provider-registry.service';
 export * from './services/jwt.service';

package/src/lib/core/interfaces/auth-module-options.interface.ts ADDED Viewed

@@ -0,0 +1,211 @@
+import { Type } from '@nestjs/common';
+import { MFAOptions } from './mfa-options.interface';
+import { CookieOptions, SessionOptions } from './session-options.interface';
+import { BaseAuthProvider } from '../providers/base-auth.provider';
+import { DebugLogOptions } from '../services/debug-logger.service';
+/**
+ * Default Tenant Options
+ *
+ * When configured, a default tenant will be automatically created on module initialization
+ * and used for all authentication operations when no tenantId is explicitly provided.
+ *
+ * This enables single-tenant mode where users don't need to pass tenantId in signup/login requests.
+ */
+export interface DefaultTenantOptions {
+    /** Name of the default tenant */
+    name: string;
+    /**
+     * Unique identifier/slug for the tenant
+     * Must be lowercase, no spaces, only letters, numbers, hyphens (-) and underscores (_)
+     * Examples: 'my-app', 'acme_corp', 'tenant123'
+     */
+    slug: string;
+    /**
+     * @deprecated Use 'slug' instead. Will be removed in v2.0.0
+     * Unique domain identifier for the tenant (legacy field)
+     */
+    domain?: string;
+    /** Optional description */
+    description?: string;
+    /** Optional metadata */
+    metadata?: Record<string, any>;
+}
+export interface RegistrationCollectProfileField {
+    id: string;
+    label: string;
+    required: boolean;
+    type: 'text' | 'email' | 'phone' | 'select' | 'checkbox' | 'password';
+    placeholder?: string;
+    options?: Array<{ label: string; value: string }>;
+}
+export interface AuthModuleOptions {
+    isGlobal?: boolean;
+    appName: string;
+    /**
+     * Enable automatic token refresh via global interceptor.
+     * When enabled, expired access tokens are automatically refreshed using refresh tokens.
+     *
+     * Default: true (automatic refresh enabled)
+     */
+    enableAutoRefresh?: boolean;
+    accessTokenType?: 'header' | 'cookie';
+    cookieOptions?: CookieOptions;
+    jwt: {
+        secret: string;
+        accessTokenExpiresIn?: number | string; // expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d"
+        refreshTokenExpiresIn?: number | string; // expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d"
+    };
+    google?: {
+        clientId: string;
+        clientSecret: string;
+        redirectUri: string;
+    };
+    facebook?: {
+        appId: string;
+        appSecret: string;
+        redirectUri: string;
+    };
+    apple?: {
+        clientId: string;
+        teamId: string;
+        keyId: string;
+        privateKey: string;
+        privateKeyMethod?: string;
+        redirectUri: string;
+    };
+    github?: {
+        clientId: string;
+        clientSecret: string;
+        redirectUri: string;
+    };
+    phoneAuth?: {
+        enabled: boolean;
+    };
+    emailAuth?: {
+        enabled: boolean;
+    };
+    /**
+     * Registration configuration
+     * Controls user registration/signup behavior and profile fields
+     */
+    registration?: {
+        enabled?: boolean;
+        requireInvitation?: boolean;
+        collectProfileFields?: Array<RegistrationCollectProfileField>;
+    };
+    /**
+     * Client configuration customization
+     * Allows extending/modifying the client-config endpoint response
+     */
+    clientConfig?: {
+        /**
+         * Factory function to customize the client config response
+         * Receives the default config and can modify/return it
+         */
+        factory?: (defaultConfig: any, context: { configService: any; tenantService: any }) => Promise<any> | any;
+    };
+    mfa?: MFAOptions;
+    session?: SessionOptions;
+    customAuthProviders?: BaseAuthProvider[];
+    passwordResetOtpExpiresIn?: number | string; // expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d"
+    passwordResetTokenExpiresIn?: number | string; // expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d"
+    /**
+     * Configure a default tenant for single-tenant applications.
+     * When set, tenantId becomes optional in all authentication requests.
+     * The default tenant is automatically created on module initialization.
+     *
+     * Example:
+     * ```typescript
+     * defaultTenant: {
+     *   name: 'My App',
+     *   slug: 'my-app'  // lowercase, no spaces, only a-z0-9_-
+     * }
+     * ```
+     *
+     * Legacy (deprecated):
+     * ```typescript
+     * defaultTenant: {
+     *   name: 'My App',
+     *   domain: 'myapp'  // Still supported but use 'slug' instead
+     * }
+     * ```
+     */
+    defaultTenant?: DefaultTenantOptions;
+    /**
+     * Embedded admin console configuration.
+     * Provides a password-protected dashboard for managing users, roles, tenants, and system settings.
+     *
+     * The admin console secretKey is also used for admin signup via the /signup endpoint.
+     */
+    adminConsole?: AdminConsoleOptions;
+    debug?: DebugLogOptions;
+}
+export interface AdminConsoleOptions {
+    /** Enable or disable the embedded admin console (default: true) */
+    enabled?: boolean;
+    /** Base path where the console is served (default: /auth/admin) */
+    basePath?: string;
+    /**
+     * Nest Auth Admin Console Secret Key used for security operations.
+     * This key is used for:
+     * - Signing admin dashboard sessions
+     * - Admin signup via /signup endpoint
+     * - Password reset operations
+     *
+     * You can set this to any value you prefer:
+     * - Hardcode: secretKey: 'your-secret-key-here'
+     * - Environment variable: secretKey: process.env.MY_SECRET_KEY (use any variable name)
+     */
+    secretKey?: string;
+    /** Cookie name for admin dashboard sessions (default: nest_auth_admin) */
+    sessionCookieName?: string;
+    /** Session duration expressed in seconds or ms string (default: 2h) */
+    sessionDuration?: string | number;
+    /**
+     * @deprecated This option is no longer used. Admin users are created directly without role assignment.
+     * Role name for super admin created via /initialize endpoint (default: 'super-admin')
+     */
+    superAdminRole?: string;
+    /**
+     * @deprecated This option is no longer used. The /signup endpoint is always available when secretKey is configured.
+     * Whether the /initialize endpoint is enabled for super admin creation (default: true if secretKey is available)
+     */
+    initializeEnabled?: boolean;
+    /**
+     * Cookie options applied to the admin session cookie.
+     * httpOnly and sameSite default to true/'lax' respectively.
+     */
+    cookie?: CookieOptions;
+    /**
+     * Allow managing other dashboard admins through the console UI (default: true).
+     */
+    allowAdminManagement?: boolean;
+}
+export interface AuthModuleAsyncOptions {
+    isGlobal?: boolean;
+    /**
+     * Enable automatic token refresh via global interceptor.
+     * When enabled, expired access tokens are automatically refreshed using refresh tokens.
+     *
+     * Default: true (automatic refresh enabled)
+     */
+    enableAutoRefresh?: boolean;
+    imports?: any[];
+    useFactory?: (...args: any[]) => Promise<AuthModuleOptions> | AuthModuleOptions;
+    inject?: any[];
+    useClass?: Type<AuthModuleOptionsFactory>;
+    useExisting?: Type<AuthModuleOptionsFactory>;
+}
+export interface AuthModuleOptionsFactory {
+    createAuthModuleOptions(): Promise<AuthModuleOptions> | AuthModuleOptions;
+}

package/src/lib/core/interfaces/mfa-options.interface.ts ADDED Viewed

@@ -0,0 +1,46 @@
+export interface MFAOptions {
+    // Whether MFA is enabled for the application
+    enabled?: boolean;
+    // Whether MFA is required for all users
+    required?: boolean;
+    // Default enabled MFA methods
+    methods?: MFAMethodEnum[];
+    // OTP length
+    otpLength?: number;
+    // Default TOTP settings
+    totp?: {
+        issuer: string;
+        period: number;
+    };
+    // Default SMS settings
+    sms?: {
+        provider: string;
+        template: string;
+    };
+    // Default Email settings
+    email?: {
+        template: string;
+    };
+    // Whether users can enable/disable MFA
+    allowUserToggle?: boolean;
+    // Whether users can choose their MFA methods
+    allowMethodSelection?: boolean;
+    // OTP expiry time
+    otpExpiresIn?: string | number;
+}
+export enum MFAMethodEnum {
+    TOTP = 'totp',
+    SMS = 'sms',
+    EMAIL = 'email',
+}

package/src/lib/core/interfaces/otp.interface.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export enum OTPTypeEnum {
+    PASSWORD_RESET = 'password_reset',
+    VERIFICATION = 'verification',
+    MFA = 'mfa',
+}

package/src/lib/core/interfaces/session-options.interface.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { CookieOptions as ExpressCookieOptions } from 'express';
+export enum SessionStorageType {
+    REDIS = 'redis',
+    DATABASE = 'database',
+    MEMORY = 'memory'
+}
+export interface SessionOptions {
+    storageType: SessionStorageType;
+    redisUrl?: string;
+    sessionExpiry?: number | string; // expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d"
+    refreshTokenExpiry?: number | string; // expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d"
+    maxSessionsPerUser?: number; // Maximum number of active sessions per user (default: 10)
+    slidingExpiration?: boolean; // Whether to extend session on activity (default: true)
+}
+export type CookieOptions = Omit<ExpressCookieOptions, 'maxAge'>

package/src/lib/core/interfaces/{token-payload.interface.d.ts → token-payload.interface.ts} RENAMED Viewed

@@ -1,8 +1,9 @@
 import { NestAuthRole } from '../../role/entities/role.entity';
 import { NestAuthUser } from '../../user/entities/user.entity';
 export interface JWTTokenPayload {
     id?: string;
-    sub?: string;
+    sub?: string; // user id
     email?: string;
     phone?: string;
     isVerified?: boolean;
@@ -15,6 +16,7 @@ export interface JWTTokenPayload {
     exp?: number;
     iat?: number;
 }
 export interface SessionPayload {
     id?: string;
     userId?: string;
@@ -33,6 +35,7 @@ export interface SessionPayload {
     createdAt?: Date;
     updatedAt?: Date;
 }
 export interface TokenGenerationResponse {
     accessToken: string;
     refreshToken: string;

package/src/lib/core/providers/apple-auth.provider.ts ADDED Viewed

@@ -0,0 +1,61 @@
+import AppleAuth from 'apple-auth';
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { DataSource } from 'typeorm';
+import { BaseAuthProvider } from './base-auth.provider';
+import { APPLE_AUTH_PROVIDER } from '../../auth.constants';
+import { NestAuthUser } from '../../user/entities/user.entity';
+import { NestAuthIdentity } from '../../user/entities/identity.entity';
+import { JwtService } from '../services/jwt.service';
+@Injectable()
+export class AppleAuthProvider extends BaseAuthProvider {
+    providerName = APPLE_AUTH_PROVIDER;
+    private appleAuth: AppleAuth;
+    constructor(
+        readonly dataSource: DataSource,
+        private readonly jwtService: JwtService,
+    ) {
+        const userRepository = dataSource.getRepository(NestAuthUser);
+        const authIdentityRepository = dataSource.getRepository(NestAuthIdentity);
+        super(userRepository, authIdentityRepository);
+        const appleConfig = this.options.apple;
+        this.enabled = Boolean(this.options.apple);
+        if (this.enabled) {
+            this.appleAuth = new AppleAuth(
+                {
+                    scope: 'email name',
+                    redirect_uri: appleConfig.redirectUri,
+                    team_id: appleConfig.teamId,
+                    key_id: appleConfig.keyId,
+                    client_id: appleConfig.clientId,
+                },
+                appleConfig.privateKey,
+                appleConfig.privateKeyMethod || 'text',
+            );
+        }
+    }
+    async validate(credentials: { accessToken: string }) {
+        try {
+            const response = await this.appleAuth.accessToken(credentials.accessToken);
+            const user = this.jwtService.decodeToken(response.id_token);
+            return {
+                userId: user.id,
+                email: user.email || '',
+                metadata: user,
+            };
+        } catch (error) {
+            throw new UnauthorizedException('Invalid Apple token');
+        }
+    }
+    getRequiredFields(): string[] {
+        return ['accessToken'];
+    }
+}