npm - @ackplus/nest-auth - Versions diffs - 0.1.51 → 1.1.0 - Mend

@ackplus/nest-auth 0.1.51 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (505) hide show

package/README.md +6 -513
package/eslint.config.mjs +59 -0
package/jest.config.ts +10 -0
package/package.json +14 -44
package/project.json +86 -0
package/src/index.ts +30 -0
package/src/lib/admin-console/admin-console.module.ts +62 -0
package/src/lib/admin-console/controllers/admin-auth.controller.ts +339 -0
package/src/lib/admin-console/controllers/admin-console.controller.ts +82 -0
package/src/lib/admin-console/controllers/admin-permissions.controller.ts +180 -0
package/src/lib/admin-console/controllers/admin-roles.controller.ts +89 -0
package/src/lib/admin-console/controllers/admin-tenants.controller.ts +68 -0
package/src/lib/admin-console/controllers/admin-users.controller.ts +379 -0
package/src/lib/admin-console/decorators/current-admin.decorator.ts +9 -0
package/src/lib/admin-console/dto/admin-permission.dto.ts +106 -0
package/src/lib/admin-console/dto/admin-role.dto.ts +45 -0
package/src/lib/admin-console/dto/admin-tenant.dto.ts +43 -0
package/src/lib/admin-console/dto/admin-user.dto.ts +87 -0
package/src/lib/admin-console/dto/create-dashboard-admin.dto.ts +34 -0
package/src/lib/admin-console/dto/login.dto.ts +10 -0
package/src/lib/admin-console/dto/reset-password.dto.ts +21 -0
package/src/lib/admin-console/dto/setup-admin.dto.ts +23 -0
package/src/lib/admin-console/dto/signup.dto.ts +51 -0
package/src/lib/admin-console/entities/admin-user.entity.ts +74 -0
package/src/lib/admin-console/guards/admin-session.guard.ts +47 -0
package/src/lib/admin-console/services/admin-auth.service.ts +82 -0
package/src/lib/admin-console/services/admin-console-config.service.ts +62 -0
package/src/lib/admin-console/services/admin-session.service.ts +106 -0
package/src/lib/admin-console/services/admin-user.service.ts +96 -0
package/src/lib/admin-console/static/index.html +771 -0
package/src/lib/auth/auth.module.ts +58 -0
package/src/lib/auth/controllers/auth.controller.ts +393 -0
package/src/lib/auth/controllers/mfa.controller.ts +200 -0
package/src/lib/auth/dto/credentials/email-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/phone-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/social-credentials.dto.ts +15 -0
package/src/lib/auth/dto/index.ts +1 -0
package/src/lib/auth/dto/requests/change-password.request.dto.ts +34 -0
package/src/lib/auth/dto/requests/forgot-password.request.dto.ts +30 -0
package/src/lib/auth/dto/requests/initialize-admin.request.dto.ts +51 -0
package/src/lib/auth/dto/requests/login.request.dto.ts +65 -0
package/src/lib/auth/dto/requests/refresh-token.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/reset-password-with-token.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/reset-password.request.dto.ts +50 -0
package/src/lib/auth/dto/requests/send-email-verification.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.ts +19 -0
package/src/lib/auth/dto/requests/signup.request.dto.ts +42 -0
package/src/lib/auth/dto/requests/toggle-mfa.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/verify-2fa.request.dto.ts +24 -0
package/src/lib/auth/dto/requests/verify-email.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.ts +41 -0
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.ts +22 -0
package/src/lib/auth/dto/responses/auth-cookie.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth-success.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth.response.dto.ts +99 -0
package/src/lib/auth/dto/responses/client-config.response.dto.ts +153 -0
package/src/lib/auth/dto/responses/initialize-admin.response.dto.ts +22 -0
package/src/lib/auth/dto/responses/mfa-code-response.dto.ts +27 -0
package/src/lib/auth/dto/responses/mfa-status.response.dto.ts +89 -0
package/src/lib/auth/dto/responses/verify-otp.response.dto.ts +9 -0
package/src/lib/auth/entities/mfa-secret.entity.ts +33 -0
package/src/lib/auth/entities/otp.entity.ts +33 -0
package/src/lib/auth/events/{logged-out-all.event.d.ts → logged-out-all.event.ts} +6 -3
package/src/lib/auth/events/{logged-out.event.d.ts → logged-out.event.ts} +5 -3
package/src/lib/auth/events/{password-reset-requested.event.d.ts → password-reset-requested.event.ts} +6 -3
package/src/lib/auth/events/{password-reset.event.d.ts → password-reset.event.ts} +6 -3
package/src/lib/auth/events/{user-2fa-verified.event.d.ts → user-2fa-verified.event.ts} +6 -3
package/src/lib/auth/events/{user-logged-in.event.d.ts → user-logged-in.event.ts} +7 -3
package/src/lib/auth/events/{user-refresh-token.event.d.ts → user-refresh-token.event.ts} +6 -3
package/src/lib/auth/events/{user-registered.event.d.ts → user-registered.event.ts} +7 -3
package/src/lib/auth/guards/auth.guard.ts +386 -0
package/src/lib/auth/{index.d.ts → index.ts} +28 -1
package/src/lib/auth/interceptors/refresh-token.interceptor.ts +117 -0
package/src/lib/auth/services/auth.service.ts +947 -0
package/src/lib/auth/services/client-config.service.ts +157 -0
package/src/lib/auth/services/cookie.service.ts +43 -0
package/src/lib/auth/services/mfa.service.ts +391 -0
package/src/lib/auth.constants.ts +63 -0
package/src/lib/core/core.module.ts +50 -0
package/src/lib/core/decorators/auth.decorator.ts +38 -0
package/src/lib/core/decorators/permissions.decorator.ts +17 -0
package/src/lib/core/decorators/public.decorator.ts +33 -0
package/src/lib/core/decorators/role.decorator.ts +12 -0
package/src/lib/core/decorators/skip-mfa.decorator.ts +4 -0
package/src/lib/core/dto/message.response.dto.ts +6 -0
package/src/lib/core/{entities.d.ts → entities.ts} +18 -1
package/src/lib/core/{index.d.ts → index.ts} +17 -0
package/src/lib/core/interfaces/auth-module-options.interface.ts +211 -0
package/src/lib/core/interfaces/mfa-options.interface.ts +46 -0
package/src/lib/core/interfaces/otp.interface.ts +6 -0
package/src/lib/core/interfaces/session-options.interface.ts +19 -0
package/src/lib/core/interfaces/{token-payload.interface.d.ts → token-payload.interface.ts} +4 -1
package/src/lib/core/providers/apple-auth.provider.ts +61 -0
package/src/lib/core/providers/base-auth.provider.ts +74 -0
package/src/lib/core/providers/email-auth.provider.ts +71 -0
package/src/lib/core/providers/facebook-auth.provider.ts +55 -0
package/src/lib/core/providers/github-auth.provider.ts +79 -0
package/src/lib/core/providers/google-auth.provider.ts +61 -0
package/src/lib/core/providers/jwt-auth.provider.ts +50 -0
package/src/lib/core/providers/phone-auth.provider.ts +45 -0
package/src/lib/core/services/auth-config.service.ts +184 -0
package/src/lib/core/services/auth-provider-registry.service.ts +93 -0
package/src/lib/core/services/{debug-logger.service.js → debug-logger.service.ts} +92 -59
package/src/lib/core/services/initialization.service.ts +29 -0
package/src/lib/core/services/jwt.service.ts +137 -0
package/src/lib/nest-auth.module.ts +152 -0
package/src/lib/permission/entities/permission.entity.ts +56 -0
package/src/lib/permission/index.ts +4 -0
package/src/lib/permission/permission.module.ts +14 -0
package/src/lib/permission/services/permission.service.ts +233 -0
package/src/lib/request-context/index.ts +2 -0
package/src/lib/request-context/request-context.middleware.ts +13 -0
package/src/lib/request-context/{request-context.js → request-context.ts} +51 -27
package/src/lib/role/entities/role.entity.ts +103 -0
package/src/lib/role/{index.d.ts → index.ts} +2 -0
package/src/lib/role/role.module.ts +15 -0
package/src/lib/role/services/{role.service.js → role.service.ts} +117 -52
package/src/lib/session/entities/session.entity.ts +54 -0
package/src/lib/session/index.ts +20 -0
package/src/lib/session/interfaces/session-repository.interface.ts +58 -0
package/src/lib/session/repositories/base-session.repository.ts +74 -0
package/src/lib/session/repositories/memory-session.repository.ts +153 -0
package/src/lib/session/repositories/redis-session.repository.ts +171 -0
package/src/lib/session/repositories/typeorm-session.repository.ts +86 -0
package/src/lib/session/services/session-manager.service.ts +261 -0
package/src/lib/session/session.module.ts +102 -0
package/src/lib/session/utils/session.util.ts +166 -0
package/src/lib/tenant/entities/tenant.entity.ts +40 -0
package/src/lib/tenant/events/tenant-created.event.ts +9 -0
package/src/lib/tenant/events/tenant-deleted.event.ts +11 -0
package/src/lib/tenant/events/{tenant-updated.event.d.ts → tenant-updated.event.ts} +6 -3
package/src/lib/tenant/index.ts +9 -0
package/src/lib/tenant/services/tenant.service.ts +336 -0
package/src/lib/tenant/tenant.module.ts +19 -0
package/src/lib/types/express.d.ts +14 -0
package/src/lib/user/dto/requests/update-user.dto.ts +15 -0
package/src/lib/user/entities/access-key.entity.ts +53 -0
package/src/lib/user/entities/identity.entity.ts +31 -0
package/src/lib/user/entities/user.entity.ts +212 -0
package/src/lib/user/events/{user-created.event.d.ts → user-created.event.ts} +4 -3
package/src/lib/user/events/{user-deleted.event.d.ts → user-deleted.event.ts} +6 -3
package/src/lib/user/events/{user-updated.event.d.ts → user-updated.event.ts} +6 -3
package/src/lib/user/index.ts +11 -0
package/src/lib/user/services/access-key.service.ts +145 -0
package/src/lib/user/services/{user.service.js → user.service.ts} +199 -95
package/src/lib/user/user.module.ts +26 -0
package/src/lib/utils/database.utils.ts +6 -0
package/src/lib/utils/date.util.ts +106 -0
package/src/lib/utils/device.util.ts +111 -0
package/src/lib/utils/index.ts +6 -0
package/src/lib/utils/otp.ts +3 -0
package/src/lib/utils/security.util.ts +27 -0
package/src/lib/utils/slug.util.ts +58 -0
package/src/types/ms.d.ts +1 -0
package/test/access-key.service.spec.ts +204 -0
package/test/auth.service.spec.ts +541 -0
package/test/mfa.service.spec.ts +359 -0
package/test/role.service.spec.ts +418 -0
package/test/tenant.service.spec.ts +218 -0
package/test/test.setup.ts +66 -0
package/test/user.service.spec.ts +374 -0
package/tsconfig.json +17 -0
package/tsconfig.lib.json +15 -0
package/tsconfig.spec.json +15 -0
package/tsconfig.tsbuildinfo +1 -1
package/ui/.env +1 -0
package/ui/.env.example +1 -0
package/ui/.eslintignore +7 -0
package/ui/README.md +288 -0
package/ui/index.html +17 -0
package/ui/package.json +34 -0
package/ui/postcss.config.js +6 -0
package/ui/src/App.tsx +245 -0
package/ui/src/components/AuthGuard.tsx +59 -0
package/ui/src/components/AuthProvider.tsx +76 -0
package/ui/src/components/Button.tsx +37 -0
package/ui/src/components/Card.tsx +37 -0
package/ui/src/components/ErrorMessage.tsx +15 -0
package/ui/src/components/FormDialog.tsx +61 -0
package/ui/src/components/FormFooter.tsx +37 -0
package/ui/src/components/Layout.tsx +112 -0
package/ui/src/components/LoadingMessage.tsx +11 -0
package/ui/src/components/Modal.tsx +97 -0
package/ui/src/components/MultiSelect.tsx +145 -0
package/ui/src/components/PageHeader.tsx +42 -0
package/ui/src/components/PanelHeader.tsx +28 -0
package/ui/src/components/PermissionInput.tsx +473 -0
package/ui/src/components/SearchInput.tsx +69 -0
package/ui/src/components/Select.tsx +51 -0
package/ui/src/components/SwaggerUIWrapper.tsx +316 -0
package/ui/src/components/Table.tsx +207 -0
package/ui/src/components/Tag.tsx +9 -0
package/ui/src/components/TagsInput.tsx +96 -0
package/ui/src/components/admin/AdminForm.tsx +170 -0
package/ui/src/components/admin/CreateAdminDialog.tsx +38 -0
package/ui/src/components/auth/LoginFooter.tsx +17 -0
package/ui/src/components/auth/LoginHeader.tsx +14 -0
package/ui/src/components/auth/components/CodeBlock.tsx +43 -0
package/ui/src/components/auth/components/CreateAccountCodeExamples.tsx +60 -0
package/ui/src/components/auth/components/PasswordRequirements.tsx +16 -0
package/ui/src/components/auth/components/PasswordStrengthIndicator.tsx +48 -0
package/ui/src/components/auth/components/ResetPasswordCodeExamples.tsx +76 -0
package/ui/src/components/auth/components/Tabs.tsx +32 -0
package/ui/src/components/auth/dialogs/CreateAccountDialog.tsx +79 -0
package/ui/src/components/auth/dialogs/ForgotPasswordDialog.tsx +79 -0
package/ui/src/components/auth/forms/CreateAccountForm.tsx +226 -0
package/ui/src/components/auth/forms/LoginForm.tsx +149 -0
package/ui/src/components/auth/forms/ResetPasswordForm.tsx +202 -0
package/ui/src/components/auth/types.ts +17 -0
package/ui/src/components/auth/utils/security.ts +82 -0
package/ui/src/components/auth/utils/utils.ts +25 -0
package/ui/src/components/form/EmailField.tsx +25 -0
package/ui/src/components/form/FormField.tsx +102 -0
package/ui/src/components/form/FormMultiSelect.tsx +46 -0
package/ui/src/components/form/FormSelect.tsx +60 -0
package/ui/src/components/form/FormTagsInput.tsx +42 -0
package/ui/src/components/form/FormTextarea.tsx +42 -0
package/ui/src/components/form/PasswordField.tsx +93 -0
package/ui/src/components/form/SecretKeyField.tsx +49 -0
package/ui/src/components/permission/CreatePermissionDialog.tsx +44 -0
package/ui/src/components/permission/EditPermissionDialog.tsx +55 -0
package/ui/src/components/permission/PermissionForm.tsx +251 -0
package/ui/src/components/role/CreateRoleDialog.tsx +45 -0
package/ui/src/components/role/EditRoleDialog.tsx +55 -0
package/ui/src/components/role/RoleDialog.tsx +252 -0
package/ui/src/components/role/RoleForm.tsx +246 -0
package/ui/src/components/tenant/CreateTenantDialog.tsx +41 -0
package/ui/src/components/tenant/EditTenantDialog.tsx +52 -0
package/ui/src/components/tenant/TenantForm.tsx +160 -0
package/ui/src/components/user/CreateUserDialog.tsx +45 -0
package/ui/src/components/user/UserDetailModal.tsx +815 -0
package/ui/src/components/user/UserForm.tsx +191 -0
package/ui/src/data/nest-auth.json +1687 -0
package/ui/src/hooks/useApi.ts +69 -0
package/ui/src/hooks/useAuth.ts +100 -0
package/ui/src/hooks/useConfirm.tsx +105 -0
package/ui/src/hooks/useFormFooter.tsx +42 -0
package/ui/src/hooks/usePagination.ts +69 -0
package/ui/src/index.css +59 -0
package/ui/src/main.tsx +13 -0
package/ui/src/pages/AdminsPage.tsx +178 -0
package/ui/src/pages/ApiPage.tsx +89 -0
package/ui/src/pages/DashboardPage.tsx +281 -0
package/ui/src/pages/LoginPage.tsx +39 -0
package/ui/src/pages/PermissionsPage.tsx +376 -0
package/ui/src/pages/RolesPage.tsx +274 -0
package/ui/src/pages/TenantsPage.tsx +221 -0
package/ui/src/pages/UsersPage.tsx +387 -0
package/ui/src/services/api.ts +115 -0
package/ui/src/types/index.ts +136 -0
package/ui/src/vite-env.d.ts +9 -0
package/ui/tailwind.config.js +45 -0
package/ui/tsconfig.json +24 -0
package/ui/tsconfig.node.json +10 -0
package/ui/vite.config.ts +37 -0
package/ui/yarn.lock +3137 -0
package/src/index.d.ts +0 -11
package/src/index.js +0 -18
package/src/index.js.map +0 -1
package/src/lib/auth/auth.module.d.ts +0 -2
package/src/lib/auth/auth.module.js +0 -54
package/src/lib/auth/auth.module.js.map +0 -1
package/src/lib/auth/controllers/auth.controller.d.ts +0 -29
package/src/lib/auth/controllers/auth.controller.js +0 -206
package/src/lib/auth/controllers/auth.controller.js.map +0 -1
package/src/lib/auth/controllers/mfa.controller.d.ts +0 -23
package/src/lib/auth/controllers/mfa.controller.js +0 -131
package/src/lib/auth/controllers/mfa.controller.js.map +0 -1
package/src/lib/auth/dto/index.d.ts +0 -0
package/src/lib/auth/dto/index.js +0 -1
package/src/lib/auth/dto/index.js.map +0 -1
package/src/lib/auth/dto/requests/forgot-password.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/forgot-password.request.dto.js +0 -30
package/src/lib/auth/dto/requests/forgot-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/login.request.dto.d.ts +0 -6
package/src/lib/auth/dto/requests/login.request.dto.js +0 -38
package/src/lib/auth/dto/requests/login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/refresh-token.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/refresh-token.request.dto.js +0 -15
package/src/lib/auth/dto/requests/refresh-token.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/reset-password.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/reset-password.request.dto.js +0 -42
package/src/lib/auth/dto/requests/reset-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js +0 -16
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/signup.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/signup.request.dto.js +0 -37
package/src/lib/auth/dto/requests/signup.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/social-login.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/social-login.request.dto.js +0 -16
package/src/lib/auth/dto/requests/social-login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-2fa.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js +0 -21
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.d.ts +0 -6
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js +0 -35
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js +0 -20
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js.map +0 -1
package/src/lib/auth/dto/responses/auth.response.dto.d.ts +0 -16
package/src/lib/auth/dto/responses/auth.response.dto.js +0 -50
package/src/lib/auth/dto/responses/auth.response.dto.js.map +0 -1
package/src/lib/auth/entities/mfa-secret.entity.d.ts +0 -12
package/src/lib/auth/entities/mfa-secret.entity.js +0 -50
package/src/lib/auth/entities/mfa-secret.entity.js.map +0 -1
package/src/lib/auth/entities/otp.entity.d.ts +0 -13
package/src/lib/auth/entities/otp.entity.js +0 -50
package/src/lib/auth/entities/otp.entity.js.map +0 -1
package/src/lib/auth/events/logged-out-all.event.js +0 -10
package/src/lib/auth/events/logged-out-all.event.js.map +0 -1
package/src/lib/auth/events/logged-out.event.js +0 -10
package/src/lib/auth/events/logged-out.event.js.map +0 -1
package/src/lib/auth/events/password-reset-requested.event.js +0 -10
package/src/lib/auth/events/password-reset-requested.event.js.map +0 -1
package/src/lib/auth/events/password-reset.event.js +0 -10
package/src/lib/auth/events/password-reset.event.js.map +0 -1
package/src/lib/auth/events/user-2fa-verified.event.js +0 -10
package/src/lib/auth/events/user-2fa-verified.event.js.map +0 -1
package/src/lib/auth/events/user-logged-in.event.js +0 -10
package/src/lib/auth/events/user-logged-in.event.js.map +0 -1
package/src/lib/auth/events/user-refresh-token.event.js +0 -10
package/src/lib/auth/events/user-refresh-token.event.js.map +0 -1
package/src/lib/auth/events/user-registered.event.js +0 -10
package/src/lib/auth/events/user-registered.event.js.map +0 -1
package/src/lib/auth/guards/auth.guard.d.ts +0 -28
package/src/lib/auth/guards/auth.guard.js +0 -304
package/src/lib/auth/guards/auth.guard.js.map +0 -1
package/src/lib/auth/index.js +0 -31
package/src/lib/auth/index.js.map +0 -1
package/src/lib/auth/services/auth.service.d.ts +0 -53
package/src/lib/auth/services/auth.service.js +0 -522
package/src/lib/auth/services/auth.service.js.map +0 -1
package/src/lib/auth/services/cookie.service.d.ts +0 -9
package/src/lib/auth/services/cookie.service.js +0 -43
package/src/lib/auth/services/cookie.service.js.map +0 -1
package/src/lib/auth/services/mfa.service.d.ts +0 -38
package/src/lib/auth/services/mfa.service.js +0 -254
package/src/lib/auth/services/mfa.service.js.map +0 -1
package/src/lib/auth.constants.d.ts +0 -39
package/src/lib/auth.constants.js +0 -43
package/src/lib/auth.constants.js.map +0 -1
package/src/lib/core/core.module.d.ts +0 -2
package/src/lib/core/core.module.js +0 -53
package/src/lib/core/core.module.js.map +0 -1
package/src/lib/core/decorators/auth.decorator.d.ts +0 -1
package/src/lib/core/decorators/auth.decorator.js +0 -8
package/src/lib/core/decorators/auth.decorator.js.map +0 -1
package/src/lib/core/decorators/permissions.decorator.d.ts +0 -2
package/src/lib/core/decorators/permissions.decorator.js +0 -14
package/src/lib/core/decorators/permissions.decorator.js.map +0 -1
package/src/lib/core/decorators/role.decorator.d.ts +0 -3
package/src/lib/core/decorators/role.decorator.js +0 -14
package/src/lib/core/decorators/role.decorator.js.map +0 -1
package/src/lib/core/decorators/skip-mfa.decorator.d.ts +0 -2
package/src/lib/core/decorators/skip-mfa.decorator.js +0 -8
package/src/lib/core/decorators/skip-mfa.decorator.js.map +0 -1
package/src/lib/core/dto/message.response.dto.d.ts +0 -3
package/src/lib/core/dto/message.response.dto.js +0 -13
package/src/lib/core/dto/message.response.dto.js.map +0 -1
package/src/lib/core/entities.js +0 -31
package/src/lib/core/entities.js.map +0 -1
package/src/lib/core/index.js +0 -27
package/src/lib/core/index.js.map +0 -1
package/src/lib/core/interfaces/auth-module-options.interface.d.ts +0 -62
package/src/lib/core/interfaces/auth-module-options.interface.js +0 -3
package/src/lib/core/interfaces/auth-module-options.interface.js.map +0 -1
package/src/lib/core/interfaces/mfa-options.interface.d.ts +0 -25
package/src/lib/core/interfaces/mfa-options.interface.js +0 -10
package/src/lib/core/interfaces/mfa-options.interface.js.map +0 -1
package/src/lib/core/interfaces/otp.interface.d.ts +0 -5
package/src/lib/core/interfaces/otp.interface.js +0 -10
package/src/lib/core/interfaces/otp.interface.js.map +0 -1
package/src/lib/core/interfaces/session-options.interface.d.ts +0 -12
package/src/lib/core/interfaces/session-options.interface.js +0 -9
package/src/lib/core/interfaces/session-options.interface.js.map +0 -1
package/src/lib/core/interfaces/token-payload.interface.js +0 -3
package/src/lib/core/interfaces/token-payload.interface.js.map +0 -1
package/src/lib/core/providers/apple-auth.provider.d.ts +0 -18
package/src/lib/core/providers/apple-auth.provider.js +0 -57
package/src/lib/core/providers/apple-auth.provider.js.map +0 -1
package/src/lib/core/providers/base-auth.provider.d.ts +0 -26
package/src/lib/core/providers/base-auth.provider.js +0 -43
package/src/lib/core/providers/base-auth.provider.js.map +0 -1
package/src/lib/core/providers/email-auth.provider.d.ts +0 -17
package/src/lib/core/providers/email-auth.provider.js +0 -40
package/src/lib/core/providers/email-auth.provider.js.map +0 -1
package/src/lib/core/providers/facebook-auth.provider.d.ts +0 -18
package/src/lib/core/providers/facebook-auth.provider.js +0 -56
package/src/lib/core/providers/facebook-auth.provider.js.map +0 -1
package/src/lib/core/providers/google-auth.provider.d.ts +0 -21
package/src/lib/core/providers/google-auth.provider.js +0 -58
package/src/lib/core/providers/google-auth.provider.js.map +0 -1
package/src/lib/core/providers/jwt-auth.provider.d.ts +0 -33
package/src/lib/core/providers/jwt-auth.provider.js +0 -50
package/src/lib/core/providers/jwt-auth.provider.js.map +0 -1
package/src/lib/core/providers/phone-auth.provider.d.ts +0 -18
package/src/lib/core/providers/phone-auth.provider.js +0 -43
package/src/lib/core/providers/phone-auth.provider.js.map +0 -1
package/src/lib/core/services/auth-config.service.d.ts +0 -12
package/src/lib/core/services/auth-config.service.js +0 -79
package/src/lib/core/services/auth-config.service.js.map +0 -1
package/src/lib/core/services/auth-provider-registry.service.d.ts +0 -24
package/src/lib/core/services/auth-provider-registry.service.js +0 -71
package/src/lib/core/services/auth-provider-registry.service.js.map +0 -1
package/src/lib/core/services/debug-logger.service.d.ts +0 -38
package/src/lib/core/services/debug-logger.service.js.map +0 -1
package/src/lib/core/services/initialization.service.d.ts +0 -10
package/src/lib/core/services/initialization.service.js +0 -34
package/src/lib/core/services/initialization.service.js.map +0 -1
package/src/lib/core/services/jwt.service.d.ts +0 -14
package/src/lib/core/services/jwt.service.js +0 -92
package/src/lib/core/services/jwt.service.js.map +0 -1
package/src/lib/nest-auth.module.d.ts +0 -11
package/src/lib/nest-auth.module.js +0 -177
package/src/lib/nest-auth.module.js.map +0 -1
package/src/lib/request-context/request-context.d.ts +0 -22
package/src/lib/request-context/request-context.js.map +0 -1
package/src/lib/request-context/request-context.middleware.d.ts +0 -4
package/src/lib/request-context/request-context.middleware.js +0 -16
package/src/lib/request-context/request-context.middleware.js.map +0 -1
package/src/lib/role/entities/role.entity.d.ts +0 -20
package/src/lib/role/entities/role.entity.js +0 -110
package/src/lib/role/entities/role.entity.js.map +0 -1
package/src/lib/role/index.js +0 -5
package/src/lib/role/index.js.map +0 -1
package/src/lib/role/role.module.d.ts +0 -2
package/src/lib/role/role.module.js +0 -23
package/src/lib/role/role.module.js.map +0 -1
package/src/lib/role/services/role.service.d.ts +0 -20
package/src/lib/role/services/role.service.js.map +0 -1
package/src/lib/session/entities/session.entity.d.ts +0 -16
package/src/lib/session/entities/session.entity.js +0 -63
package/src/lib/session/entities/session.entity.js.map +0 -1
package/src/lib/session/index.d.ts +0 -3
package/src/lib/session/index.js +0 -7
package/src/lib/session/index.js.map +0 -1
package/src/lib/session/services/base-session.service.d.ts +0 -23
package/src/lib/session/services/base-session.service.js +0 -64
package/src/lib/session/services/base-session.service.js.map +0 -1
package/src/lib/session/services/database-session.service.d.ts +0 -17
package/src/lib/session/services/database-session.service.js +0 -51
package/src/lib/session/services/database-session.service.js.map +0 -1
package/src/lib/session/services/redis-session.service.d.ts +0 -20
package/src/lib/session/services/redis-session.service.js +0 -117
package/src/lib/session/services/redis-session.service.js.map +0 -1
package/src/lib/session/session.module.d.ts +0 -2
package/src/lib/session/session.module.js +0 -33
package/src/lib/session/session.module.js.map +0 -1
package/src/lib/tenant/entities/tenant.entity.d.ts +0 -10
package/src/lib/tenant/entities/tenant.entity.js +0 -44
package/src/lib/tenant/entities/tenant.entity.js.map +0 -1
package/src/lib/tenant/events/tenant-created.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-created.event.js +0 -10
package/src/lib/tenant/events/tenant-created.event.js.map +0 -1
package/src/lib/tenant/events/tenant-deleted.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-deleted.event.js +0 -10
package/src/lib/tenant/events/tenant-deleted.event.js.map +0 -1
package/src/lib/tenant/events/tenant-updated.event.js +0 -10
package/src/lib/tenant/events/tenant-updated.event.js.map +0 -1
package/src/lib/tenant/index.d.ts +0 -1
package/src/lib/tenant/index.js +0 -5
package/src/lib/tenant/index.js.map +0 -1
package/src/lib/tenant/services/tenant.service.d.ts +0 -26
package/src/lib/tenant/services/tenant.service.js +0 -200
package/src/lib/tenant/services/tenant.service.js.map +0 -1
package/src/lib/tenant/tenant.module.d.ts +0 -2
package/src/lib/tenant/tenant.module.js +0 -27
package/src/lib/tenant/tenant.module.js.map +0 -1
package/src/lib/user/dto/requests/update-user.dto.d.ts +0 -5
package/src/lib/user/dto/requests/update-user.dto.js +0 -24
package/src/lib/user/dto/requests/update-user.dto.js.map +0 -1
package/src/lib/user/entities/access-key.entity.d.ts +0 -16
package/src/lib/user/entities/access-key.entity.js +0 -63
package/src/lib/user/entities/access-key.entity.js.map +0 -1
package/src/lib/user/entities/identity.entity.d.ts +0 -12
package/src/lib/user/entities/identity.entity.js +0 -47
package/src/lib/user/entities/identity.entity.js.map +0 -1
package/src/lib/user/entities/user.entity.d.ts +0 -39
package/src/lib/user/entities/user.entity.js +0 -201
package/src/lib/user/entities/user.entity.js.map +0 -1
package/src/lib/user/events/user-created.event.js +0 -10
package/src/lib/user/events/user-created.event.js.map +0 -1
package/src/lib/user/events/user-deleted.event.js +0 -10
package/src/lib/user/events/user-deleted.event.js.map +0 -1
package/src/lib/user/events/user-updated.event.js +0 -10
package/src/lib/user/events/user-updated.event.js.map +0 -1
package/src/lib/user/index.d.ts +0 -3
package/src/lib/user/index.js +0 -7
package/src/lib/user/index.js.map +0 -1
package/src/lib/user/services/access-key.service.d.ts +0 -19
package/src/lib/user/services/access-key.service.js +0 -119
package/src/lib/user/services/access-key.service.js.map +0 -1
package/src/lib/user/services/user.service.d.ts +0 -24
package/src/lib/user/services/user.service.js.map +0 -1
package/src/lib/user/user.module.d.ts +0 -2
package/src/lib/user/user.module.js +0 -34
package/src/lib/user/user.module.js.map +0 -1
package/src/lib/utils/database.utils.d.ts +0 -2
package/src/lib/utils/database.utils.js +0 -8
package/src/lib/utils/database.utils.js.map +0 -1
package/src/lib/utils/otp.d.ts +0 -1
package/src/lib/utils/otp.js +0 -7
package/src/lib/utils/otp.js.map +0 -1

package/src/lib/core/providers/base-auth.provider.ts ADDED Viewed

@@ -0,0 +1,74 @@
+import { Repository } from 'typeorm';
+import { NestAuthUser } from '../../user/entities/user.entity';
+import { NestAuthIdentity } from '../../user/entities/identity.entity';
+import { AuthConfigService } from '../services/auth-config.service';
+import { AuthModuleOptions } from '../interfaces/auth-module-options.interface';
+export interface AuthProviderUser {
+    userId: string;
+    email?: string;
+    phone?: string;
+    username?: string;
+    metadata?: Record<string, any>;
+}
+export type LinkUserWith = 'email' | 'phone';
+export abstract class BaseAuthProvider {
+    abstract providerName: string;
+    enabled: boolean;
+    options: AuthModuleOptions;
+    constructor(
+        protected readonly userRepository: Repository<NestAuthUser>,
+        protected readonly authIdentityRepository: Repository<NestAuthIdentity>,
+    ) {
+        this.options = AuthConfigService.getOptions();
+    }
+    /**
+     * Link a provider identity to a user
+     */
+    async linkToUser(userId: string, providerUserId: string, metadata?: Record<string, any>): Promise<void> {
+        const identity = this.authIdentityRepository.create({
+            userId,
+            provider: this.providerName,
+            providerId: providerUserId,
+            metadata: metadata || {},
+        });
+        await this.authIdentityRepository.save(identity);
+    }
+    async findIdentityByUserId(userId: string): Promise<NestAuthIdentity | null> {
+        return this.authIdentityRepository.findOne({
+            where: {
+                userId,
+                provider: this.providerName,
+            },
+            relations: ['user'],
+        });
+    }
+    /**
+     * Find an existing identity for a provider
+     */
+    async findIdentity(providerUserId: string): Promise<NestAuthIdentity | null> {
+        return this.authIdentityRepository.findOne({
+            where: {
+                provider: this.providerName,
+                providerId: providerUserId,
+            },
+            relations: ['user'],
+        });
+    }
+    abstract validate(credentials: any): Promise<AuthProviderUser | null>;
+    abstract getRequiredFields(): string[];
+    linkUserWith(): LinkUserWith {
+        return 'email';
+    }
+}

package/src/lib/core/providers/email-auth.provider.ts ADDED Viewed

@@ -0,0 +1,71 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { DataSource } from 'typeorm';
+import { BaseAuthProvider } from './base-auth.provider';
+import { EMAIL_AUTH_PROVIDER } from '../../auth.constants';
+import { NestAuthUser } from '../../user/entities/user.entity';
+import { NestAuthIdentity } from '../../user/entities/identity.entity';
+@Injectable()
+export class EmailAuthProvider extends BaseAuthProvider {
+    providerName = EMAIL_AUTH_PROVIDER;
+    constructor(
+        readonly dataSource: DataSource,
+    ) {
+        const userRepository = dataSource.getRepository(NestAuthUser);
+        const authIdentityRepository = dataSource.getRepository(NestAuthIdentity);
+        super(userRepository, authIdentityRepository);
+        this.enabled = this.options.emailAuth?.enabled;
+    }
+    /**
+     * Normalize email to lowercase for case-insensitive matching
+     */
+    private normalizeEmail(email: string | null | undefined): string | null {
+        if (!email) return null;
+        return email.toLowerCase().trim();
+    }
+    /**
+     * Override findIdentity to normalize email before searching
+     */
+    async findIdentity(providerUserId: string): Promise<NestAuthIdentity | null> {
+        const normalizedEmail = this.normalizeEmail(providerUserId);
+        return super.findIdentity(normalizedEmail || providerUserId);
+    }
+    /**
+     * Override linkToUser to normalize email before linking
+     */
+    async linkToUser(userId: string, providerUserId: string, metadata?: Record<string, any>): Promise<void> {
+        const normalizedEmail = this.normalizeEmail(providerUserId);
+        return super.linkToUser(userId, normalizedEmail || providerUserId, metadata);
+    }
+    async validate(credentials: { email?: string; password?: string }) {
+        // Normalize email to lowercase for case-insensitive matching
+        const normalizedEmail = this.normalizeEmail(credentials.email);
+        if (!normalizedEmail) {
+            throw new UnauthorizedException('Email is required');
+        }
+        const identity = await this.findIdentity(normalizedEmail);
+        if (!identity?.user || !(await identity.user.validatePassword(credentials.password))) {
+            throw new UnauthorizedException('Invalid credentials');
+        }
+        return {
+            userId: identity.user?.email,
+            email: identity.user?.email || '',
+            metadata: identity.user,
+        };
+    }
+    getRequiredFields(): string[] {
+        return ['email', 'password'];
+    }
+}

package/src/lib/core/providers/facebook-auth.provider.ts ADDED Viewed

@@ -0,0 +1,55 @@
+import Facebook from 'fb';
+import { BaseAuthProvider } from './base-auth.provider';
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { DataSource } from 'typeorm';
+import { FACEBOOK_AUTH_PROVIDER } from '../../auth.constants';
+import { NestAuthUser } from '../../user/entities/user.entity';
+import { NestAuthIdentity } from '../../user/entities/identity.entity';
+@Injectable()
+export class FacebookAuthProvider extends BaseAuthProvider {
+    providerName = FACEBOOK_AUTH_PROVIDER;
+    constructor(
+        readonly dataSource: DataSource,
+    ) {
+        const userRepository = dataSource.getRepository(NestAuthUser);
+        const authIdentityRepository = dataSource.getRepository(NestAuthIdentity);
+        super(userRepository, authIdentityRepository);
+        const facebookConfig = this.options.facebook;
+        this.enabled = Boolean(facebookConfig);
+        if (this.enabled) {
+            Facebook.options({
+                appId: facebookConfig.appId,
+                appSecret: facebookConfig.appSecret,
+            });
+        }
+    }
+    async validate(credentials: { accessToken: string }) {
+        try {
+            const response = await Facebook.api('me', {
+                fields: ['id', 'email', 'name', 'picture'],
+                access_token: credentials.accessToken,
+            });
+            return {
+                userId: response.id,
+                email: response.email || '',
+                metadata: {
+                    name: response.name,
+                    picture: response.picture?.data?.url,
+                },
+            };
+        } catch (error) {
+            throw new UnauthorizedException('Invalid Facebook token');
+        }
+    }
+    getRequiredFields(): string[] {
+        return ['accessToken'];
+    }
+}

package/src/lib/core/providers/github-auth.provider.ts ADDED Viewed

@@ -0,0 +1,79 @@
+import { BaseAuthProvider } from './base-auth.provider';
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { DataSource } from 'typeorm';
+import { GITHUB_AUTH_PROVIDER } from '../../auth.constants';
+import { NestAuthUser } from '../../user/entities/user.entity';
+import { NestAuthIdentity } from '../../user/entities/identity.entity';
+import { AuthModuleOptions } from '../interfaces/auth-module-options.interface';
+@Injectable()
+export class GitHubAuthProvider extends BaseAuthProvider {
+    providerName = GITHUB_AUTH_PROVIDER;
+    private githubConfig: AuthModuleOptions['github'];
+    constructor(
+        readonly dataSource: DataSource,
+    ) {
+        const userRepository = dataSource.getRepository(NestAuthUser);
+        const authIdentityRepository = dataSource.getRepository(NestAuthIdentity);
+        super(userRepository, authIdentityRepository);
+        this.githubConfig = this.options.github;
+        this.enabled = Boolean(this.githubConfig);
+    }
+    async validate(credentials: { accessToken: string }) {
+        try {
+            // Fetch user info from GitHub API
+            const userResponse = await fetch('https://api.github.com/user', {
+                headers: {
+                    Authorization: `Bearer ${credentials.accessToken}`,
+                    Accept: 'application/vnd.github.v3+json',
+                },
+            });
+            if (!userResponse.ok) {
+                throw new UnauthorizedException('Invalid GitHub token');
+            }
+            const userData: any = await userResponse.json();
+            // Fetch user emails (in case email is private in profile)
+            let email = userData.email;
+            if (!email) {
+                const emailsResponse = await fetch('https://api.github.com/user/emails', {
+                    headers: {
+                        Authorization: `Bearer ${credentials.accessToken}`,
+                        Accept: 'application/vnd.github.v3+json',
+                    },
+                });
+                if (emailsResponse.ok) {
+                    const emails: any = await emailsResponse.json();
+                    const primaryEmail = emails.find((e: any) => e.primary) || emails[0];
+                    email = primaryEmail?.email || '';
+                }
+            }
+            return {
+                userId: userData.id.toString(),
+                email: email || '',
+                metadata: {
+                    name: userData.name || userData.login,
+                    login: userData.login,
+                    avatar: userData.avatar_url,
+                    bio: userData.bio,
+                    company: userData.company,
+                    location: userData.location,
+                },
+            };
+        } catch (error) {
+            throw new UnauthorizedException('Invalid GitHub token');
+        }
+    }
+    getRequiredFields(): string[] {
+        return ['accessToken'];
+    }
+}

package/src/lib/core/providers/google-auth.provider.ts ADDED Viewed

@@ -0,0 +1,61 @@
+import { OAuth2Client } from 'google-auth-library';
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { BaseAuthProvider } from './base-auth.provider';
+import { AuthModuleOptions } from '../../core';
+import { GOOGLE_AUTH_PROVIDER } from '../../auth.constants';
+import { DataSource } from 'typeorm';
+import { NestAuthUser } from '../../user/entities/user.entity';
+import { NestAuthIdentity } from '../../user/entities/identity.entity';
+@Injectable()
+export class GoogleAuthProvider extends BaseAuthProvider {
+    providerName = GOOGLE_AUTH_PROVIDER;
+    private client: OAuth2Client;
+    private googleConfig: AuthModuleOptions['google'];
+    constructor(
+        readonly dataSource: DataSource,
+    ) {
+        const userRepository = dataSource.getRepository(NestAuthUser);
+        const authIdentityRepository = dataSource.getRepository(NestAuthIdentity);
+        super(userRepository, authIdentityRepository);
+        this.googleConfig = this.options.google;
+        this.enabled = Boolean(this.googleConfig);
+        if (this.enabled) {
+            this.client = new OAuth2Client(this.googleConfig.clientId, this.googleConfig.clientSecret);
+        }
+    }
+    async validate(credentials: { accessToken: string }) {
+        try {
+            const ticket = await this.client.verifyIdToken({
+                idToken: credentials.accessToken,
+                audience: this.googleConfig.clientId,
+            });
+            const payload = ticket.getPayload();
+            if (!payload) {
+                throw new UnauthorizedException('Invalid Google token');
+            }
+            return {
+                userId: payload.sub,
+                email: payload.email || '',
+                metadata: {
+                    name: payload.name,
+                    picture: payload.picture,
+                    locale: payload.locale,
+                },
+            };
+        } catch (error) {
+            throw new UnauthorizedException('Invalid Google token');
+        }
+    }
+    getRequiredFields(): string[] {
+        return ['accessToken'];
+    }
+}

package/src/lib/core/providers/jwt-auth.provider.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import { BadRequestException } from '@nestjs/common';
+import { BaseAuthProvider } from './base-auth.provider';
+import { DataSource } from 'typeorm';
+import { Injectable } from '@nestjs/common';
+import { AuthModuleOptions } from '../../core';
+import { JWT_AUTH_PROVIDER } from '../../auth.constants';
+import { JwtService } from '../services/jwt.service';
+import { NestAuthUser } from '../../user/entities/user.entity';
+import { NestAuthIdentity } from '../../user/entities/identity.entity';
+@Injectable()
+export class JwtAuthProvider extends BaseAuthProvider {
+    providerName = JWT_AUTH_PROVIDER;
+    private jwtConfig: AuthModuleOptions['jwt'];
+    constructor(
+        readonly dataSource: DataSource,
+        private readonly jwtService: JwtService,
+    ) {
+        const userRepository = dataSource.getRepository(NestAuthUser);
+        const authIdentityRepository = dataSource.getRepository(NestAuthIdentity);
+        super(userRepository, authIdentityRepository);
+        this.jwtConfig = this.options.jwt;
+        this.enabled = Boolean(this.jwtConfig);
+    }
+    async validate(credentials: { accessToken: string }) {
+        try {
+            const payload = await this.jwtService.verifyToken(credentials.accessToken);
+            return {
+                userId: payload.sub,
+                email: payload.email,
+                phone: payload.phone,
+                metadata: {
+                    ...payload,
+                },
+            };
+        } catch (error) {
+            throw new BadRequestException('Invalid JWT token');
+        }
+    }
+    getRequiredFields(): string[] {
+        return ['accessToken'];
+    }
+}

package/src/lib/core/providers/phone-auth.provider.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { DataSource } from 'typeorm';
+import { NestAuthUser } from '../../user/entities/user.entity';
+import { NestAuthIdentity } from '../../user/entities/identity.entity';
+import { BaseAuthProvider, LinkUserWith } from './base-auth.provider';
+import { PHONE_AUTH_PROVIDER } from '../../auth.constants';
+@Injectable()
+export class PhoneAuthProvider extends BaseAuthProvider {
+    providerName = PHONE_AUTH_PROVIDER;
+    constructor(
+        readonly dataSource: DataSource,
+    ) {
+        const userRepository = dataSource.getRepository(NestAuthUser);
+        const authIdentityRepository = dataSource.getRepository(NestAuthIdentity);
+        super(userRepository, authIdentityRepository);
+        this.enabled = this.options.phoneAuth?.enabled;
+    }
+    async validate(credentials: { phone: string; password: string }) {
+        const identity = await this.findIdentity(credentials.phone);
+        if (!identity?.user || !(await identity.user.validatePassword(credentials.password))) {
+            throw new UnauthorizedException('Invalid credentials');
+        }
+        return {
+            userId: identity.user?.phone,
+            phone: identity.user?.phone || '',
+            metadata: identity.user,
+        };
+    }
+    getRequiredFields(): string[] {
+        return ['phone', 'password'];
+    }
+    override linkUserWith(): LinkUserWith {
+        return 'phone';
+    }
+}

package/src/lib/core/services/auth-config.service.ts ADDED Viewed

@@ -0,0 +1,184 @@
+import { Injectable } from '@nestjs/common';
+import { randomBytes } from 'crypto';
+import { AuthModuleOptions } from '../interfaces/auth-module-options.interface';
+import { SessionStorageType } from '../interfaces/session-options.interface';
+import { MFAMethodEnum } from '../interfaces/mfa-options.interface';
+@Injectable()
+export class AuthConfigService {
+    private static instance: AuthConfigService;
+    private static options: AuthModuleOptions;
+    /**
+     * Default configuration options for NestAuth module
+     * This is the single source of truth for default values
+     */
+    private static defaultOptions: AuthModuleOptions = {
+        isGlobal: true,
+        appName: 'Nest Auth',
+        passwordResetOtpExpiresIn: '15m',
+        passwordResetTokenExpiresIn: '1h',
+        session: {
+            storageType: SessionStorageType.DATABASE,
+            sessionExpiry: '1h',
+            refreshTokenExpiry: '30d',
+        },
+        jwt: {
+            secret: 'secret',
+        },
+        accessTokenType: 'header',
+        cookieOptions: {
+            httpOnly: true,
+            secure: false,
+        },
+        emailAuth: {
+            enabled: true,
+        },
+        mfa: {
+            enabled: false,
+            methods: [MFAMethodEnum.EMAIL, MFAMethodEnum.TOTP],
+            allowUserToggle: true,
+            allowMethodSelection: true,
+            otpLength: 6,
+            otpExpiresIn: '15m',
+        },
+        defaultTenant: undefined, // No default tenant by default
+        adminConsole: {
+            enabled: true,
+            basePath: '/api/auth/admin',
+            sessionCookieName: 'nest_auth_admin',
+            sessionDuration: '2h',
+            allowAdminManagement: true,
+            cookie: {
+                httpOnly: true,
+                secure: false,
+                sameSite: 'lax' as const,
+            },
+        },
+        debug: {
+            enabled: false,
+            level: 'verbose' as any,
+            prefix: '[NestAuth]',
+            includeTimestamp: true,
+            includeContext: true
+        }
+    };
+    constructor() {
+        if (!AuthConfigService.instance) {
+            AuthConfigService.instance = this;
+        }
+        return AuthConfigService.instance;
+    }
+    static getInstance(): AuthConfigService {
+        if (!AuthConfigService.instance) {
+            AuthConfigService.instance = new AuthConfigService();
+        }
+        return AuthConfigService.instance;
+    }
+    /**
+     * Generates a secure random key using cryptographically strong random bytes.
+     * Used as fallback when no key is explicitly configured.
+     */
+    private static generateRandomKey(length: number = 32): string {
+        return randomBytes(length).toString('base64');
+    }
+    /**
+     * Resolves the Nest Auth Admin Console Secret Key from configuration.
+     * This key is used for:
+     * - Signing admin dashboard sessions
+     * - Admin console security operations (admin creation, password reset, etc.)
+     *
+     * Priority:
+     * 1. Explicitly configured key (adminConsole.secretKey)
+     * 2. Auto-generated random key (for development only, with warning)
+     * 3. undefined (if generation is disabled)
+     */
+    private static resolveSecretKey(options: AuthModuleOptions): string | undefined {
+        // Check explicit configuration first
+        const adminConsoleKey = options.adminConsole?.secretKey;
+        if (adminConsoleKey) {
+            return adminConsoleKey;
+        }
+        // Auto-generate for development (only if NODE_ENV is not production)
+        if (process.env.NODE_ENV !== 'production') {
+            const generatedKey = this.generateRandomKey(32);
+            console.warn(
+                '[NestAuth] Warning: adminConsole.secretKey not configured. ' +
+                `Auto-generated key for development: ${generatedKey.slice(0, 20)}...\n` +
+                '⚠️  This key will change on each restart. Configure adminConsole.secretKey in your AuthModuleOptions!'
+            );
+            return generatedKey;
+        }
+        return undefined;
+    }
+    static setOptions(options: AuthModuleOptions): void {
+        const deepmerge = require('deepmerge');
+        const mergedOptions = deepmerge(this.defaultOptions, options);
+        // Ensure adminConsole exists
+        if (!mergedOptions.adminConsole) {
+            mergedOptions.adminConsole = {};
+        }
+        // Resolve and set secret key from configuration
+        // This key is used for both session signing and security operations
+        // After this, all code should use the config object
+        if (!mergedOptions.adminConsole.secretKey) {
+            const secretKey = this.resolveSecretKey(mergedOptions);
+            if (secretKey) {
+                mergedOptions.adminConsole.secretKey = secretKey;
+            }
+        }
+        this.options = mergedOptions;
+        // Validate admin console configuration
+        this.validateAdminConsoleOptions(this.options);
+    }
+    /**
+     * Validates admin console configuration options
+     */
+    private static validateAdminConsoleOptions(options: AuthModuleOptions): void {
+        if (options.adminConsole?.enabled !== false && options.adminConsole?.secretKey) {
+            const secretKey = options.adminConsole.secretKey;
+            const weakSecrets = ['change-me-admin-secret', 'default', 'secret', ''];
+            // Only validate if it's not auto-generated (auto-generated keys are base64, typically 44 chars)
+            if (weakSecrets.includes(secretKey)) {
+                throw new Error(
+                    'Admin console requires a secure secretKey. ' +
+                    'Please set adminConsole.secretKey in your AuthModuleOptions (e.g., secretKey: process.env.ADMIN_CONSOLE_SESSION_SECRET) ' +
+                    'with a 32+ byte random value. Store it securely in environment variables or a secrets manager. ' +
+                    'Weak or default values are not allowed for security reasons. Rotate keys regularly.'
+                );
+            }
+        }
+    }
+    static getOptions(): AuthModuleOptions {
+        if (!this.options) {
+            this.options = { ...this.defaultOptions };
+        }
+        return this.options;
+    }
+    static getDefaultOptions(): AuthModuleOptions {
+        return { ...this.defaultOptions };
+    }
+    getConfig(): AuthModuleOptions {
+        return AuthConfigService.getOptions();
+    }
+    setConfig(options: AuthModuleOptions): void {
+        AuthConfigService.setOptions(options);
+    }
+}