npm - @ackplus/nest-auth - Versions diffs - 0.1.51 → 1.1.0 - Mend

@ackplus/nest-auth 0.1.51 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (505) hide show

package/README.md +6 -513
package/eslint.config.mjs +59 -0
package/jest.config.ts +10 -0
package/package.json +14 -44
package/project.json +86 -0
package/src/index.ts +30 -0
package/src/lib/admin-console/admin-console.module.ts +62 -0
package/src/lib/admin-console/controllers/admin-auth.controller.ts +339 -0
package/src/lib/admin-console/controllers/admin-console.controller.ts +82 -0
package/src/lib/admin-console/controllers/admin-permissions.controller.ts +180 -0
package/src/lib/admin-console/controllers/admin-roles.controller.ts +89 -0
package/src/lib/admin-console/controllers/admin-tenants.controller.ts +68 -0
package/src/lib/admin-console/controllers/admin-users.controller.ts +379 -0
package/src/lib/admin-console/decorators/current-admin.decorator.ts +9 -0
package/src/lib/admin-console/dto/admin-permission.dto.ts +106 -0
package/src/lib/admin-console/dto/admin-role.dto.ts +45 -0
package/src/lib/admin-console/dto/admin-tenant.dto.ts +43 -0
package/src/lib/admin-console/dto/admin-user.dto.ts +87 -0
package/src/lib/admin-console/dto/create-dashboard-admin.dto.ts +34 -0
package/src/lib/admin-console/dto/login.dto.ts +10 -0
package/src/lib/admin-console/dto/reset-password.dto.ts +21 -0
package/src/lib/admin-console/dto/setup-admin.dto.ts +23 -0
package/src/lib/admin-console/dto/signup.dto.ts +51 -0
package/src/lib/admin-console/entities/admin-user.entity.ts +74 -0
package/src/lib/admin-console/guards/admin-session.guard.ts +47 -0
package/src/lib/admin-console/services/admin-auth.service.ts +82 -0
package/src/lib/admin-console/services/admin-console-config.service.ts +62 -0
package/src/lib/admin-console/services/admin-session.service.ts +106 -0
package/src/lib/admin-console/services/admin-user.service.ts +96 -0
package/src/lib/admin-console/static/index.html +771 -0
package/src/lib/auth/auth.module.ts +58 -0
package/src/lib/auth/controllers/auth.controller.ts +393 -0
package/src/lib/auth/controllers/mfa.controller.ts +200 -0
package/src/lib/auth/dto/credentials/email-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/phone-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/social-credentials.dto.ts +15 -0
package/src/lib/auth/dto/index.ts +1 -0
package/src/lib/auth/dto/requests/change-password.request.dto.ts +34 -0
package/src/lib/auth/dto/requests/forgot-password.request.dto.ts +30 -0
package/src/lib/auth/dto/requests/initialize-admin.request.dto.ts +51 -0
package/src/lib/auth/dto/requests/login.request.dto.ts +65 -0
package/src/lib/auth/dto/requests/refresh-token.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/reset-password-with-token.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/reset-password.request.dto.ts +50 -0
package/src/lib/auth/dto/requests/send-email-verification.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.ts +19 -0
package/src/lib/auth/dto/requests/signup.request.dto.ts +42 -0
package/src/lib/auth/dto/requests/toggle-mfa.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/verify-2fa.request.dto.ts +24 -0
package/src/lib/auth/dto/requests/verify-email.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.ts +41 -0
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.ts +22 -0
package/src/lib/auth/dto/responses/auth-cookie.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth-success.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth.response.dto.ts +99 -0
package/src/lib/auth/dto/responses/client-config.response.dto.ts +153 -0
package/src/lib/auth/dto/responses/initialize-admin.response.dto.ts +22 -0
package/src/lib/auth/dto/responses/mfa-code-response.dto.ts +27 -0
package/src/lib/auth/dto/responses/mfa-status.response.dto.ts +89 -0
package/src/lib/auth/dto/responses/verify-otp.response.dto.ts +9 -0
package/src/lib/auth/entities/mfa-secret.entity.ts +33 -0
package/src/lib/auth/entities/otp.entity.ts +33 -0
package/src/lib/auth/events/{logged-out-all.event.d.ts → logged-out-all.event.ts} +6 -3
package/src/lib/auth/events/{logged-out.event.d.ts → logged-out.event.ts} +5 -3
package/src/lib/auth/events/{password-reset-requested.event.d.ts → password-reset-requested.event.ts} +6 -3
package/src/lib/auth/events/{password-reset.event.d.ts → password-reset.event.ts} +6 -3
package/src/lib/auth/events/{user-2fa-verified.event.d.ts → user-2fa-verified.event.ts} +6 -3
package/src/lib/auth/events/{user-logged-in.event.d.ts → user-logged-in.event.ts} +7 -3
package/src/lib/auth/events/{user-refresh-token.event.d.ts → user-refresh-token.event.ts} +6 -3
package/src/lib/auth/events/{user-registered.event.d.ts → user-registered.event.ts} +7 -3
package/src/lib/auth/guards/auth.guard.ts +386 -0
package/src/lib/auth/{index.d.ts → index.ts} +28 -1
package/src/lib/auth/interceptors/refresh-token.interceptor.ts +117 -0
package/src/lib/auth/services/auth.service.ts +947 -0
package/src/lib/auth/services/client-config.service.ts +157 -0
package/src/lib/auth/services/cookie.service.ts +43 -0
package/src/lib/auth/services/mfa.service.ts +391 -0
package/src/lib/auth.constants.ts +63 -0
package/src/lib/core/core.module.ts +50 -0
package/src/lib/core/decorators/auth.decorator.ts +38 -0
package/src/lib/core/decorators/permissions.decorator.ts +17 -0
package/src/lib/core/decorators/public.decorator.ts +33 -0
package/src/lib/core/decorators/role.decorator.ts +12 -0
package/src/lib/core/decorators/skip-mfa.decorator.ts +4 -0
package/src/lib/core/dto/message.response.dto.ts +6 -0
package/src/lib/core/{entities.d.ts → entities.ts} +18 -1
package/src/lib/core/{index.d.ts → index.ts} +17 -0
package/src/lib/core/interfaces/auth-module-options.interface.ts +211 -0
package/src/lib/core/interfaces/mfa-options.interface.ts +46 -0
package/src/lib/core/interfaces/otp.interface.ts +6 -0
package/src/lib/core/interfaces/session-options.interface.ts +19 -0
package/src/lib/core/interfaces/{token-payload.interface.d.ts → token-payload.interface.ts} +4 -1
package/src/lib/core/providers/apple-auth.provider.ts +61 -0
package/src/lib/core/providers/base-auth.provider.ts +74 -0
package/src/lib/core/providers/email-auth.provider.ts +71 -0
package/src/lib/core/providers/facebook-auth.provider.ts +55 -0
package/src/lib/core/providers/github-auth.provider.ts +79 -0
package/src/lib/core/providers/google-auth.provider.ts +61 -0
package/src/lib/core/providers/jwt-auth.provider.ts +50 -0
package/src/lib/core/providers/phone-auth.provider.ts +45 -0
package/src/lib/core/services/auth-config.service.ts +184 -0
package/src/lib/core/services/auth-provider-registry.service.ts +93 -0
package/src/lib/core/services/{debug-logger.service.js → debug-logger.service.ts} +92 -59
package/src/lib/core/services/initialization.service.ts +29 -0
package/src/lib/core/services/jwt.service.ts +137 -0
package/src/lib/nest-auth.module.ts +152 -0
package/src/lib/permission/entities/permission.entity.ts +56 -0
package/src/lib/permission/index.ts +4 -0
package/src/lib/permission/permission.module.ts +14 -0
package/src/lib/permission/services/permission.service.ts +233 -0
package/src/lib/request-context/index.ts +2 -0
package/src/lib/request-context/request-context.middleware.ts +13 -0
package/src/lib/request-context/{request-context.js → request-context.ts} +51 -27
package/src/lib/role/entities/role.entity.ts +103 -0
package/src/lib/role/{index.d.ts → index.ts} +2 -0
package/src/lib/role/role.module.ts +15 -0
package/src/lib/role/services/{role.service.js → role.service.ts} +117 -52
package/src/lib/session/entities/session.entity.ts +54 -0
package/src/lib/session/index.ts +20 -0
package/src/lib/session/interfaces/session-repository.interface.ts +58 -0
package/src/lib/session/repositories/base-session.repository.ts +74 -0
package/src/lib/session/repositories/memory-session.repository.ts +153 -0
package/src/lib/session/repositories/redis-session.repository.ts +171 -0
package/src/lib/session/repositories/typeorm-session.repository.ts +86 -0
package/src/lib/session/services/session-manager.service.ts +261 -0
package/src/lib/session/session.module.ts +102 -0
package/src/lib/session/utils/session.util.ts +166 -0
package/src/lib/tenant/entities/tenant.entity.ts +40 -0
package/src/lib/tenant/events/tenant-created.event.ts +9 -0
package/src/lib/tenant/events/tenant-deleted.event.ts +11 -0
package/src/lib/tenant/events/{tenant-updated.event.d.ts → tenant-updated.event.ts} +6 -3
package/src/lib/tenant/index.ts +9 -0
package/src/lib/tenant/services/tenant.service.ts +336 -0
package/src/lib/tenant/tenant.module.ts +19 -0
package/src/lib/types/express.d.ts +14 -0
package/src/lib/user/dto/requests/update-user.dto.ts +15 -0
package/src/lib/user/entities/access-key.entity.ts +53 -0
package/src/lib/user/entities/identity.entity.ts +31 -0
package/src/lib/user/entities/user.entity.ts +212 -0
package/src/lib/user/events/{user-created.event.d.ts → user-created.event.ts} +4 -3
package/src/lib/user/events/{user-deleted.event.d.ts → user-deleted.event.ts} +6 -3
package/src/lib/user/events/{user-updated.event.d.ts → user-updated.event.ts} +6 -3
package/src/lib/user/index.ts +11 -0
package/src/lib/user/services/access-key.service.ts +145 -0
package/src/lib/user/services/{user.service.js → user.service.ts} +199 -95
package/src/lib/user/user.module.ts +26 -0
package/src/lib/utils/database.utils.ts +6 -0
package/src/lib/utils/date.util.ts +106 -0
package/src/lib/utils/device.util.ts +111 -0
package/src/lib/utils/index.ts +6 -0
package/src/lib/utils/otp.ts +3 -0
package/src/lib/utils/security.util.ts +27 -0
package/src/lib/utils/slug.util.ts +58 -0
package/src/types/ms.d.ts +1 -0
package/test/access-key.service.spec.ts +204 -0
package/test/auth.service.spec.ts +541 -0
package/test/mfa.service.spec.ts +359 -0
package/test/role.service.spec.ts +418 -0
package/test/tenant.service.spec.ts +218 -0
package/test/test.setup.ts +66 -0
package/test/user.service.spec.ts +374 -0
package/tsconfig.json +17 -0
package/tsconfig.lib.json +15 -0
package/tsconfig.spec.json +15 -0
package/tsconfig.tsbuildinfo +1 -1
package/ui/.env +1 -0
package/ui/.env.example +1 -0
package/ui/.eslintignore +7 -0
package/ui/README.md +288 -0
package/ui/index.html +17 -0
package/ui/package.json +34 -0
package/ui/postcss.config.js +6 -0
package/ui/src/App.tsx +245 -0
package/ui/src/components/AuthGuard.tsx +59 -0
package/ui/src/components/AuthProvider.tsx +76 -0
package/ui/src/components/Button.tsx +37 -0
package/ui/src/components/Card.tsx +37 -0
package/ui/src/components/ErrorMessage.tsx +15 -0
package/ui/src/components/FormDialog.tsx +61 -0
package/ui/src/components/FormFooter.tsx +37 -0
package/ui/src/components/Layout.tsx +112 -0
package/ui/src/components/LoadingMessage.tsx +11 -0
package/ui/src/components/Modal.tsx +97 -0
package/ui/src/components/MultiSelect.tsx +145 -0
package/ui/src/components/PageHeader.tsx +42 -0
package/ui/src/components/PanelHeader.tsx +28 -0
package/ui/src/components/PermissionInput.tsx +473 -0
package/ui/src/components/SearchInput.tsx +69 -0
package/ui/src/components/Select.tsx +51 -0
package/ui/src/components/SwaggerUIWrapper.tsx +316 -0
package/ui/src/components/Table.tsx +207 -0
package/ui/src/components/Tag.tsx +9 -0
package/ui/src/components/TagsInput.tsx +96 -0
package/ui/src/components/admin/AdminForm.tsx +170 -0
package/ui/src/components/admin/CreateAdminDialog.tsx +38 -0
package/ui/src/components/auth/LoginFooter.tsx +17 -0
package/ui/src/components/auth/LoginHeader.tsx +14 -0
package/ui/src/components/auth/components/CodeBlock.tsx +43 -0
package/ui/src/components/auth/components/CreateAccountCodeExamples.tsx +60 -0
package/ui/src/components/auth/components/PasswordRequirements.tsx +16 -0
package/ui/src/components/auth/components/PasswordStrengthIndicator.tsx +48 -0
package/ui/src/components/auth/components/ResetPasswordCodeExamples.tsx +76 -0
package/ui/src/components/auth/components/Tabs.tsx +32 -0
package/ui/src/components/auth/dialogs/CreateAccountDialog.tsx +79 -0
package/ui/src/components/auth/dialogs/ForgotPasswordDialog.tsx +79 -0
package/ui/src/components/auth/forms/CreateAccountForm.tsx +226 -0
package/ui/src/components/auth/forms/LoginForm.tsx +149 -0
package/ui/src/components/auth/forms/ResetPasswordForm.tsx +202 -0
package/ui/src/components/auth/types.ts +17 -0
package/ui/src/components/auth/utils/security.ts +82 -0
package/ui/src/components/auth/utils/utils.ts +25 -0
package/ui/src/components/form/EmailField.tsx +25 -0
package/ui/src/components/form/FormField.tsx +102 -0
package/ui/src/components/form/FormMultiSelect.tsx +46 -0
package/ui/src/components/form/FormSelect.tsx +60 -0
package/ui/src/components/form/FormTagsInput.tsx +42 -0
package/ui/src/components/form/FormTextarea.tsx +42 -0
package/ui/src/components/form/PasswordField.tsx +93 -0
package/ui/src/components/form/SecretKeyField.tsx +49 -0
package/ui/src/components/permission/CreatePermissionDialog.tsx +44 -0
package/ui/src/components/permission/EditPermissionDialog.tsx +55 -0
package/ui/src/components/permission/PermissionForm.tsx +251 -0
package/ui/src/components/role/CreateRoleDialog.tsx +45 -0
package/ui/src/components/role/EditRoleDialog.tsx +55 -0
package/ui/src/components/role/RoleDialog.tsx +252 -0
package/ui/src/components/role/RoleForm.tsx +246 -0
package/ui/src/components/tenant/CreateTenantDialog.tsx +41 -0
package/ui/src/components/tenant/EditTenantDialog.tsx +52 -0
package/ui/src/components/tenant/TenantForm.tsx +160 -0
package/ui/src/components/user/CreateUserDialog.tsx +45 -0
package/ui/src/components/user/UserDetailModal.tsx +815 -0
package/ui/src/components/user/UserForm.tsx +191 -0
package/ui/src/data/nest-auth.json +1687 -0
package/ui/src/hooks/useApi.ts +69 -0
package/ui/src/hooks/useAuth.ts +100 -0
package/ui/src/hooks/useConfirm.tsx +105 -0
package/ui/src/hooks/useFormFooter.tsx +42 -0
package/ui/src/hooks/usePagination.ts +69 -0
package/ui/src/index.css +59 -0
package/ui/src/main.tsx +13 -0
package/ui/src/pages/AdminsPage.tsx +178 -0
package/ui/src/pages/ApiPage.tsx +89 -0
package/ui/src/pages/DashboardPage.tsx +281 -0
package/ui/src/pages/LoginPage.tsx +39 -0
package/ui/src/pages/PermissionsPage.tsx +376 -0
package/ui/src/pages/RolesPage.tsx +274 -0
package/ui/src/pages/TenantsPage.tsx +221 -0
package/ui/src/pages/UsersPage.tsx +387 -0
package/ui/src/services/api.ts +115 -0
package/ui/src/types/index.ts +136 -0
package/ui/src/vite-env.d.ts +9 -0
package/ui/tailwind.config.js +45 -0
package/ui/tsconfig.json +24 -0
package/ui/tsconfig.node.json +10 -0
package/ui/vite.config.ts +37 -0
package/ui/yarn.lock +3137 -0
package/src/index.d.ts +0 -11
package/src/index.js +0 -18
package/src/index.js.map +0 -1
package/src/lib/auth/auth.module.d.ts +0 -2
package/src/lib/auth/auth.module.js +0 -54
package/src/lib/auth/auth.module.js.map +0 -1
package/src/lib/auth/controllers/auth.controller.d.ts +0 -29
package/src/lib/auth/controllers/auth.controller.js +0 -206
package/src/lib/auth/controllers/auth.controller.js.map +0 -1
package/src/lib/auth/controllers/mfa.controller.d.ts +0 -23
package/src/lib/auth/controllers/mfa.controller.js +0 -131
package/src/lib/auth/controllers/mfa.controller.js.map +0 -1
package/src/lib/auth/dto/index.d.ts +0 -0
package/src/lib/auth/dto/index.js +0 -1
package/src/lib/auth/dto/index.js.map +0 -1
package/src/lib/auth/dto/requests/forgot-password.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/forgot-password.request.dto.js +0 -30
package/src/lib/auth/dto/requests/forgot-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/login.request.dto.d.ts +0 -6
package/src/lib/auth/dto/requests/login.request.dto.js +0 -38
package/src/lib/auth/dto/requests/login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/refresh-token.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/refresh-token.request.dto.js +0 -15
package/src/lib/auth/dto/requests/refresh-token.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/reset-password.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/reset-password.request.dto.js +0 -42
package/src/lib/auth/dto/requests/reset-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js +0 -16
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/signup.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/signup.request.dto.js +0 -37
package/src/lib/auth/dto/requests/signup.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/social-login.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/social-login.request.dto.js +0 -16
package/src/lib/auth/dto/requests/social-login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-2fa.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js +0 -21
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.d.ts +0 -6
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js +0 -35
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js +0 -20
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js.map +0 -1
package/src/lib/auth/dto/responses/auth.response.dto.d.ts +0 -16
package/src/lib/auth/dto/responses/auth.response.dto.js +0 -50
package/src/lib/auth/dto/responses/auth.response.dto.js.map +0 -1
package/src/lib/auth/entities/mfa-secret.entity.d.ts +0 -12
package/src/lib/auth/entities/mfa-secret.entity.js +0 -50
package/src/lib/auth/entities/mfa-secret.entity.js.map +0 -1
package/src/lib/auth/entities/otp.entity.d.ts +0 -13
package/src/lib/auth/entities/otp.entity.js +0 -50
package/src/lib/auth/entities/otp.entity.js.map +0 -1
package/src/lib/auth/events/logged-out-all.event.js +0 -10
package/src/lib/auth/events/logged-out-all.event.js.map +0 -1
package/src/lib/auth/events/logged-out.event.js +0 -10
package/src/lib/auth/events/logged-out.event.js.map +0 -1
package/src/lib/auth/events/password-reset-requested.event.js +0 -10
package/src/lib/auth/events/password-reset-requested.event.js.map +0 -1
package/src/lib/auth/events/password-reset.event.js +0 -10
package/src/lib/auth/events/password-reset.event.js.map +0 -1
package/src/lib/auth/events/user-2fa-verified.event.js +0 -10
package/src/lib/auth/events/user-2fa-verified.event.js.map +0 -1
package/src/lib/auth/events/user-logged-in.event.js +0 -10
package/src/lib/auth/events/user-logged-in.event.js.map +0 -1
package/src/lib/auth/events/user-refresh-token.event.js +0 -10
package/src/lib/auth/events/user-refresh-token.event.js.map +0 -1
package/src/lib/auth/events/user-registered.event.js +0 -10
package/src/lib/auth/events/user-registered.event.js.map +0 -1
package/src/lib/auth/guards/auth.guard.d.ts +0 -28
package/src/lib/auth/guards/auth.guard.js +0 -304
package/src/lib/auth/guards/auth.guard.js.map +0 -1
package/src/lib/auth/index.js +0 -31
package/src/lib/auth/index.js.map +0 -1
package/src/lib/auth/services/auth.service.d.ts +0 -53
package/src/lib/auth/services/auth.service.js +0 -522
package/src/lib/auth/services/auth.service.js.map +0 -1
package/src/lib/auth/services/cookie.service.d.ts +0 -9
package/src/lib/auth/services/cookie.service.js +0 -43
package/src/lib/auth/services/cookie.service.js.map +0 -1
package/src/lib/auth/services/mfa.service.d.ts +0 -38
package/src/lib/auth/services/mfa.service.js +0 -254
package/src/lib/auth/services/mfa.service.js.map +0 -1
package/src/lib/auth.constants.d.ts +0 -39
package/src/lib/auth.constants.js +0 -43
package/src/lib/auth.constants.js.map +0 -1
package/src/lib/core/core.module.d.ts +0 -2
package/src/lib/core/core.module.js +0 -53
package/src/lib/core/core.module.js.map +0 -1
package/src/lib/core/decorators/auth.decorator.d.ts +0 -1
package/src/lib/core/decorators/auth.decorator.js +0 -8
package/src/lib/core/decorators/auth.decorator.js.map +0 -1
package/src/lib/core/decorators/permissions.decorator.d.ts +0 -2
package/src/lib/core/decorators/permissions.decorator.js +0 -14
package/src/lib/core/decorators/permissions.decorator.js.map +0 -1
package/src/lib/core/decorators/role.decorator.d.ts +0 -3
package/src/lib/core/decorators/role.decorator.js +0 -14
package/src/lib/core/decorators/role.decorator.js.map +0 -1
package/src/lib/core/decorators/skip-mfa.decorator.d.ts +0 -2
package/src/lib/core/decorators/skip-mfa.decorator.js +0 -8
package/src/lib/core/decorators/skip-mfa.decorator.js.map +0 -1
package/src/lib/core/dto/message.response.dto.d.ts +0 -3
package/src/lib/core/dto/message.response.dto.js +0 -13
package/src/lib/core/dto/message.response.dto.js.map +0 -1
package/src/lib/core/entities.js +0 -31
package/src/lib/core/entities.js.map +0 -1
package/src/lib/core/index.js +0 -27
package/src/lib/core/index.js.map +0 -1
package/src/lib/core/interfaces/auth-module-options.interface.d.ts +0 -62
package/src/lib/core/interfaces/auth-module-options.interface.js +0 -3
package/src/lib/core/interfaces/auth-module-options.interface.js.map +0 -1
package/src/lib/core/interfaces/mfa-options.interface.d.ts +0 -25
package/src/lib/core/interfaces/mfa-options.interface.js +0 -10
package/src/lib/core/interfaces/mfa-options.interface.js.map +0 -1
package/src/lib/core/interfaces/otp.interface.d.ts +0 -5
package/src/lib/core/interfaces/otp.interface.js +0 -10
package/src/lib/core/interfaces/otp.interface.js.map +0 -1
package/src/lib/core/interfaces/session-options.interface.d.ts +0 -12
package/src/lib/core/interfaces/session-options.interface.js +0 -9
package/src/lib/core/interfaces/session-options.interface.js.map +0 -1
package/src/lib/core/interfaces/token-payload.interface.js +0 -3
package/src/lib/core/interfaces/token-payload.interface.js.map +0 -1
package/src/lib/core/providers/apple-auth.provider.d.ts +0 -18
package/src/lib/core/providers/apple-auth.provider.js +0 -57
package/src/lib/core/providers/apple-auth.provider.js.map +0 -1
package/src/lib/core/providers/base-auth.provider.d.ts +0 -26
package/src/lib/core/providers/base-auth.provider.js +0 -43
package/src/lib/core/providers/base-auth.provider.js.map +0 -1
package/src/lib/core/providers/email-auth.provider.d.ts +0 -17
package/src/lib/core/providers/email-auth.provider.js +0 -40
package/src/lib/core/providers/email-auth.provider.js.map +0 -1
package/src/lib/core/providers/facebook-auth.provider.d.ts +0 -18
package/src/lib/core/providers/facebook-auth.provider.js +0 -56
package/src/lib/core/providers/facebook-auth.provider.js.map +0 -1
package/src/lib/core/providers/google-auth.provider.d.ts +0 -21
package/src/lib/core/providers/google-auth.provider.js +0 -58
package/src/lib/core/providers/google-auth.provider.js.map +0 -1
package/src/lib/core/providers/jwt-auth.provider.d.ts +0 -33
package/src/lib/core/providers/jwt-auth.provider.js +0 -50
package/src/lib/core/providers/jwt-auth.provider.js.map +0 -1
package/src/lib/core/providers/phone-auth.provider.d.ts +0 -18
package/src/lib/core/providers/phone-auth.provider.js +0 -43
package/src/lib/core/providers/phone-auth.provider.js.map +0 -1
package/src/lib/core/services/auth-config.service.d.ts +0 -12
package/src/lib/core/services/auth-config.service.js +0 -79
package/src/lib/core/services/auth-config.service.js.map +0 -1
package/src/lib/core/services/auth-provider-registry.service.d.ts +0 -24
package/src/lib/core/services/auth-provider-registry.service.js +0 -71
package/src/lib/core/services/auth-provider-registry.service.js.map +0 -1
package/src/lib/core/services/debug-logger.service.d.ts +0 -38
package/src/lib/core/services/debug-logger.service.js.map +0 -1
package/src/lib/core/services/initialization.service.d.ts +0 -10
package/src/lib/core/services/initialization.service.js +0 -34
package/src/lib/core/services/initialization.service.js.map +0 -1
package/src/lib/core/services/jwt.service.d.ts +0 -14
package/src/lib/core/services/jwt.service.js +0 -92
package/src/lib/core/services/jwt.service.js.map +0 -1
package/src/lib/nest-auth.module.d.ts +0 -11
package/src/lib/nest-auth.module.js +0 -177
package/src/lib/nest-auth.module.js.map +0 -1
package/src/lib/request-context/request-context.d.ts +0 -22
package/src/lib/request-context/request-context.js.map +0 -1
package/src/lib/request-context/request-context.middleware.d.ts +0 -4
package/src/lib/request-context/request-context.middleware.js +0 -16
package/src/lib/request-context/request-context.middleware.js.map +0 -1
package/src/lib/role/entities/role.entity.d.ts +0 -20
package/src/lib/role/entities/role.entity.js +0 -110
package/src/lib/role/entities/role.entity.js.map +0 -1
package/src/lib/role/index.js +0 -5
package/src/lib/role/index.js.map +0 -1
package/src/lib/role/role.module.d.ts +0 -2
package/src/lib/role/role.module.js +0 -23
package/src/lib/role/role.module.js.map +0 -1
package/src/lib/role/services/role.service.d.ts +0 -20
package/src/lib/role/services/role.service.js.map +0 -1
package/src/lib/session/entities/session.entity.d.ts +0 -16
package/src/lib/session/entities/session.entity.js +0 -63
package/src/lib/session/entities/session.entity.js.map +0 -1
package/src/lib/session/index.d.ts +0 -3
package/src/lib/session/index.js +0 -7
package/src/lib/session/index.js.map +0 -1
package/src/lib/session/services/base-session.service.d.ts +0 -23
package/src/lib/session/services/base-session.service.js +0 -64
package/src/lib/session/services/base-session.service.js.map +0 -1
package/src/lib/session/services/database-session.service.d.ts +0 -17
package/src/lib/session/services/database-session.service.js +0 -51
package/src/lib/session/services/database-session.service.js.map +0 -1
package/src/lib/session/services/redis-session.service.d.ts +0 -20
package/src/lib/session/services/redis-session.service.js +0 -117
package/src/lib/session/services/redis-session.service.js.map +0 -1
package/src/lib/session/session.module.d.ts +0 -2
package/src/lib/session/session.module.js +0 -33
package/src/lib/session/session.module.js.map +0 -1
package/src/lib/tenant/entities/tenant.entity.d.ts +0 -10
package/src/lib/tenant/entities/tenant.entity.js +0 -44
package/src/lib/tenant/entities/tenant.entity.js.map +0 -1
package/src/lib/tenant/events/tenant-created.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-created.event.js +0 -10
package/src/lib/tenant/events/tenant-created.event.js.map +0 -1
package/src/lib/tenant/events/tenant-deleted.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-deleted.event.js +0 -10
package/src/lib/tenant/events/tenant-deleted.event.js.map +0 -1
package/src/lib/tenant/events/tenant-updated.event.js +0 -10
package/src/lib/tenant/events/tenant-updated.event.js.map +0 -1
package/src/lib/tenant/index.d.ts +0 -1
package/src/lib/tenant/index.js +0 -5
package/src/lib/tenant/index.js.map +0 -1
package/src/lib/tenant/services/tenant.service.d.ts +0 -26
package/src/lib/tenant/services/tenant.service.js +0 -200
package/src/lib/tenant/services/tenant.service.js.map +0 -1
package/src/lib/tenant/tenant.module.d.ts +0 -2
package/src/lib/tenant/tenant.module.js +0 -27
package/src/lib/tenant/tenant.module.js.map +0 -1
package/src/lib/user/dto/requests/update-user.dto.d.ts +0 -5
package/src/lib/user/dto/requests/update-user.dto.js +0 -24
package/src/lib/user/dto/requests/update-user.dto.js.map +0 -1
package/src/lib/user/entities/access-key.entity.d.ts +0 -16
package/src/lib/user/entities/access-key.entity.js +0 -63
package/src/lib/user/entities/access-key.entity.js.map +0 -1
package/src/lib/user/entities/identity.entity.d.ts +0 -12
package/src/lib/user/entities/identity.entity.js +0 -47
package/src/lib/user/entities/identity.entity.js.map +0 -1
package/src/lib/user/entities/user.entity.d.ts +0 -39
package/src/lib/user/entities/user.entity.js +0 -201
package/src/lib/user/entities/user.entity.js.map +0 -1
package/src/lib/user/events/user-created.event.js +0 -10
package/src/lib/user/events/user-created.event.js.map +0 -1
package/src/lib/user/events/user-deleted.event.js +0 -10
package/src/lib/user/events/user-deleted.event.js.map +0 -1
package/src/lib/user/events/user-updated.event.js +0 -10
package/src/lib/user/events/user-updated.event.js.map +0 -1
package/src/lib/user/index.d.ts +0 -3
package/src/lib/user/index.js +0 -7
package/src/lib/user/index.js.map +0 -1
package/src/lib/user/services/access-key.service.d.ts +0 -19
package/src/lib/user/services/access-key.service.js +0 -119
package/src/lib/user/services/access-key.service.js.map +0 -1
package/src/lib/user/services/user.service.d.ts +0 -24
package/src/lib/user/services/user.service.js.map +0 -1
package/src/lib/user/user.module.d.ts +0 -2
package/src/lib/user/user.module.js +0 -34
package/src/lib/user/user.module.js.map +0 -1
package/src/lib/utils/database.utils.d.ts +0 -2
package/src/lib/utils/database.utils.js +0 -8
package/src/lib/utils/database.utils.js.map +0 -1
package/src/lib/utils/otp.d.ts +0 -1
package/src/lib/utils/otp.js +0 -7
package/src/lib/utils/otp.js.map +0 -1

package/ui/src/components/permission/PermissionForm.tsx ADDED Viewed

@@ -0,0 +1,251 @@
+import React from 'react';
+import { useForm, Controller } from 'react-hook-form';
+import { yupResolver } from '@hookform/resolvers/yup';
+import * as yup from 'yup';
+import { FormField } from '../form/FormField';
+import { FormFooterAction } from '../FormFooter';
+import { Plus, Edit2 } from 'lucide-react';
+export interface PermissionFormData {
+    name: string;
+    guard: string;
+    description?: string;
+    category?: string;
+    updateInRoles?: boolean;
+}
+const permissionSchema = yup.object({
+    name: yup.string().required('Permission name is required').min(1, 'Permission name cannot be empty'),
+    guard: yup.string().required('Guard is required').min(1, 'Guard cannot be empty'),
+    description: yup.string().optional(),
+    category: yup.string().optional(),
+    updateInRoles: yup.boolean().optional(),
+});
+export interface PermissionFormProps {
+    initialData?: Partial<PermissionFormData>;
+    categories: string[];
+    onSubmit: (data: PermissionFormData) => Promise<void>;
+    onCancel: () => void;
+    error?: string;
+    submitLabel?: string;
+    isEdit?: boolean;
+    originalName?: string;
+    onActionsReady?: (actions: FormFooterAction[]) => void;
+}
+export const PermissionForm: React.FC<PermissionFormProps> = ({
+    initialData,
+    categories,
+    onSubmit,
+    onCancel,
+    error,
+    submitLabel,
+    isEdit = false,
+    originalName,
+    onActionsReady,
+}) => {
+    const {
+        control,
+        handleSubmit,
+        formState: { errors, isSubmitting },
+        reset,
+        watch,
+    } = useForm<PermissionFormData>({
+        resolver: yupResolver(permissionSchema) as any,
+        defaultValues: initialData || {
+            name: '',
+            guard: 'web',
+            description: '',
+            category: '',
+            updateInRoles: false,
+        },
+    });
+    const name = watch('name');
+    const nameChanged = isEdit && name.trim() !== (originalName || '');
+    // Reset form when initialData changes (for edit mode)
+    React.useEffect(() => {
+        if (initialData) {
+            reset(initialData);
+        }
+    }, [initialData, reset]);
+    const handleFormSubmit = async (data: PermissionFormData) => {
+        try {
+            await onSubmit(data);
+            if (!isEdit) {
+                reset();
+            }
+        } catch (err) {
+            // Error handled by parent
+        }
+    };
+    const handleCancel = () => {
+        if (!isEdit) {
+            reset();
+        }
+        onCancel();
+    };
+    // Prepare footer actions
+    const footerActions: FormFooterAction[] = React.useMemo(() => [
+        {
+            label: 'Cancel',
+            onClick: handleCancel,
+            variant: 'secondary' as const,
+            disabled: isSubmitting,
+        },
+        {
+            label: submitLabel || (isEdit ? 'Update Permission' : 'Create Permission'),
+            onClick: () => {
+                const form = document.getElementById('permission-form') as HTMLFormElement;
+                if (form) {
+                    form.requestSubmit();
+                }
+            },
+            variant: 'primary' as const,
+            disabled: isSubmitting,
+            icon: isEdit ? <Edit2 className="w-4 h-4" /> : <Plus className="w-4 h-4" />,
+        },
+    ], [handleCancel, isSubmitting, isEdit, submitLabel]);
+    // Notify parent of actions
+    React.useEffect(() => {
+        if (onActionsReady) {
+            onActionsReady(footerActions);
+        }
+    }, [onActionsReady, footerActions]);
+    return (
+        <form id="permission-form" onSubmit={handleSubmit(handleFormSubmit)} className="p-4 space-y-3">
+            {error && (
+                <div className="p-2 bg-red-50 border border-red-200 rounded-lg">
+                    <p className="text-xs text-red-600">{error}</p>
+                </div>
+            )}
+            <Controller
+                name="name"
+                control={control}
+                render={({ field }) => (
+                    <div>
+                        <FormField
+                            id="perm-name"
+                            label="Permission Name"
+                            value={field.value}
+                            onChange={field.onChange}
+                            disabled={isSubmitting}
+                            error={errors.name?.message}
+                            placeholder="users.create, posts.edit, admin.access..."
+                            startIcon={null}
+                            helpText="Use dot notation for clarity (e.g., resource.action)"
+                        />
+                        {nameChanged && (
+                            <div className="mt-1.5 p-2 bg-yellow-50 border border-yellow-200 rounded-lg">
+                                <Controller
+                                    name="updateInRoles"
+                                    control={control}
+                                    render={({ field: checkboxField }) => (
+                                        <label className="flex items-center gap-2 cursor-pointer">
+                                            <input
+                                                type="checkbox"
+                                                checked={checkboxField.value || false}
+                                                onChange={(e) => checkboxField.onChange(e.target.checked)}
+                                                className="rounded"
+                                                disabled={isSubmitting}
+                                            />
+                                            <span className="text-xs text-yellow-900">
+                                                Update this permission name in all roles that use it ({originalName} → {name.trim()})
+                                            </span>
+                                        </label>
+                                    )}
+                                />
+                            </div>
+                        )}
+                    </div>
+                )}
+            />
+            <Controller
+                name="guard"
+                control={control}
+                render={({ field }) => (
+                    <FormField
+                        id="perm-guard"
+                        label="Guard"
+                        value={field.value}
+                        onChange={field.onChange}
+                        disabled={isSubmitting}
+                        error={errors.guard?.message}
+                        placeholder="web, api, admin..."
+                        startIcon={null}
+                        helpText="Guard determines which authentication context this permission applies to"
+                    />
+                )}
+            />
+            <Controller
+                name="description"
+                control={control}
+                render={({ field }) => (
+                    <div>
+                        <label htmlFor="perm-description" className="block text-sm font-medium text-gray-700 mb-1.5">
+                            Description (Optional)
+                        </label>
+                        <textarea
+                            id="perm-description"
+                            value={field.value || ''}
+                            onChange={field.onChange}
+                            onBlur={field.onBlur}
+                            className="input-field"
+                            placeholder="What does this permission allow?"
+                            rows={2}
+                            disabled={isSubmitting}
+                        />
+                        {errors.description && (
+                            <p className="text-xs text-red-600 mt-0.5">{errors.description.message}</p>
+                        )}
+                    </div>
+                )}
+            />
+            <Controller
+                name="category"
+                control={control}
+                render={({ field }) => (
+                    <div>
+                        <FormField
+                            id="perm-category"
+                            label="Category (Optional)"
+                            value={field.value || ''}
+                            onChange={field.onChange}
+                            disabled={isSubmitting}
+                            error={errors.category?.message}
+                            placeholder="users, posts, admin, etc."
+                            startIcon={null}
+                        />
+                        <datalist id="category-suggestions">
+                            {categories.map((cat) => (
+                                <option key={cat} value={cat} />
+                            ))}
+                        </datalist>
+                    </div>
+                )}
+            />
+            {isEdit && (
+                <div className="p-2 bg-blue-50 border border-blue-200 rounded-lg">
+                    <p className="text-xs font-medium text-blue-900 mb-0.5">Note</p>
+                    <p className="text-xs text-blue-800">
+                        {nameChanged
+                            ? 'If you check "Update in roles", this permission name will be updated in all roles that currently use it. Otherwise, roles will continue to use the old permission name.'
+                            : 'Roles store permission names as JSON strings, so they remain independent of this registry. If you change the permission name, you can optionally update it in all roles.'}
+                    </p>
+                </div>
+            )}
+        </form>
+    );
+};

package/ui/src/components/role/CreateRoleDialog.tsx ADDED Viewed

@@ -0,0 +1,45 @@
+import React, { useState } from 'react';
+import { Shield } from 'lucide-react';
+import { FormDialog } from '../FormDialog';
+import { RoleForm, RoleFormData } from './RoleForm';
+import type { FormFooterAction } from '../FormFooter';
+import type { Tenant } from '../../types';
+export interface CreateRoleDialogProps {
+    isOpen: boolean;
+    onClose: () => void;
+    onSubmit: (data: RoleFormData) => Promise<void>;
+    tenants: Tenant[];
+    error?: string;
+}
+export const CreateRoleDialog: React.FC<CreateRoleDialogProps> = ({
+    isOpen,
+    onClose,
+    onSubmit,
+    tenants,
+    error,
+}) => {
+    const [actions, setActions] = useState<FormFooterAction[]>([]);
+    return (
+        <FormDialog
+            isOpen={isOpen}
+            onClose={onClose}
+            title="Create New Role"
+            description="Define a new role with specific permissions"
+            icon={<Shield className="w-5 h-5 text-primary-600" />}
+            maxWidth="2xl"
+            actions={actions}
+        >
+            <RoleForm
+                tenants={tenants}
+                onSubmit={onSubmit}
+                onCancel={onClose}
+                error={error}
+                submitLabel="Create Role"
+                onActionsReady={setActions}
+            />
+        </FormDialog>
+    );
+};

package/ui/src/components/role/EditRoleDialog.tsx ADDED Viewed

@@ -0,0 +1,55 @@
+import React, { useState } from 'react';
+import { Shield } from 'lucide-react';
+import { FormDialog } from '../FormDialog';
+import { RoleForm, RoleFormData } from './RoleForm';
+import type { FormFooterAction } from '../FormFooter';
+import type { Tenant, Role } from '../../types';
+export interface EditRoleDialogProps {
+    isOpen: boolean;
+    onClose: () => void;
+    onSubmit: (data: RoleFormData) => Promise<void>;
+    role: Role;
+    tenants: Tenant[];
+    error?: string;
+}
+export const EditRoleDialog: React.FC<EditRoleDialogProps> = ({
+    isOpen,
+    onClose,
+    onSubmit,
+    role,
+    tenants,
+    error,
+}) => {
+    const [actions, setActions] = useState<FormFooterAction[]>([]);
+    return (
+        <FormDialog
+            isOpen={isOpen}
+            onClose={onClose}
+            title="Edit Role"
+            description="Update role name, guard, and permissions"
+            icon={<Shield className="w-5 h-5 text-primary-600" />}
+            maxWidth="2xl"
+            actions={actions}
+        >
+            <RoleForm
+                initialData={{
+                    name: role.name,
+                    guard: role.guard,
+                    tenantId: role.tenantId || '',
+                    permissions: role.permissions || [],
+                }}
+                tenants={tenants}
+                onSubmit={onSubmit}
+                onCancel={onClose}
+                error={error}
+                submitLabel="Update Role"
+                isEdit={true}
+                isSystemRole={role.isSystem}
+                onActionsReady={setActions}
+            />
+        </FormDialog>
+    );
+};

package/ui/src/components/role/RoleDialog.tsx ADDED Viewed

@@ -0,0 +1,252 @@
+import React, { useState, useMemo } from 'react';
+import { Shield, Plus, Edit2 } from 'lucide-react';
+import { FormDialog } from '../FormDialog';
+import { FormFooterAction } from '../FormFooter';
+import { useForm, Controller } from 'react-hook-form';
+import { yupResolver } from '@hookform/resolvers/yup';
+import * as yup from 'yup';
+import { FormField } from '../form/FormField';
+import { Select } from '../Select';
+import { PermissionInput } from '../PermissionInput';
+import type { Tenant, Role } from '../../types';
+export interface RoleFormData {
+    name: string;
+    guard: string;
+    tenantId: string;
+    permissions: string[];
+}
+const roleSchema = yup.object({
+    name: yup.string().required('Role name is required').min(1, 'Role name cannot be empty'),
+    guard: yup.string().required('Guard is required').min(1, 'Guard cannot be empty'),
+    tenantId: yup.string().optional(),
+    permissions: yup.array().of(yup.string()).default([]),
+});
+export interface RoleDialogProps {
+    isOpen: boolean;
+    onClose: () => void;
+    onSubmit: (data: RoleFormData) => Promise<void>;
+    tenants: Tenant[];
+    role?: Role; // If provided, it's edit mode
+    error?: string;
+}
+export const RoleDialog: React.FC<RoleDialogProps> = ({
+    isOpen,
+    onClose,
+    onSubmit,
+    tenants,
+    role,
+    error,
+}) => {
+    const isEdit = !!role;
+    const isSystemRole = role?.isSystem || false;
+    const {
+        control,
+        handleSubmit,
+        formState: { errors, isSubmitting },
+        reset,
+        watch,
+        setValue,
+    } = useForm<RoleFormData>({
+        resolver: yupResolver(roleSchema) as any,
+        defaultValues: role ? {
+            name: role.name,
+            guard: role.guard,
+            tenantId: role.tenantId || '',
+            permissions: role.permissions || [],
+        } : {
+            name: '',
+            guard: 'web',
+            tenantId: '',
+            permissions: [],
+        },
+    });
+    const guard = watch('guard');
+    const [permissions, setPermissions] = useState<string[]>(role?.permissions || []);
+    const permissionsRef = React.useRef<string[]>(role?.permissions || []);
+    // Sync permissions when role changes
+    React.useEffect(() => {
+        if (role?.permissions) {
+            setPermissions(role.permissions);
+            permissionsRef.current = role.permissions;
+            setValue('permissions', role.permissions);
+        }
+    }, [role?.permissions, setValue]);
+    // Keep ref in sync with state
+    React.useEffect(() => {
+        permissionsRef.current = permissions;
+        setValue('permissions', permissions);
+    }, [permissions, setValue]);
+    const handleFormSubmit = async (data: RoleFormData) => {
+        try {
+            await onSubmit({
+                ...data,
+                permissions: permissionsRef.current,
+            });
+            if (!isEdit) {
+                reset();
+                setPermissions([]);
+                permissionsRef.current = [];
+                setValue('permissions', []);
+            }
+        } catch (err) {
+            // Error handled by parent
+        }
+    };
+    const handleCancel = () => {
+        if (!isEdit) {
+            reset();
+            setPermissions([]);
+            permissionsRef.current = [];
+            setValue('permissions', []);
+        }
+        onClose();
+    };
+    // Wrapper to update both state and ref
+    const handlePermissionsChange = React.useCallback((newPermissions: string[]) => {
+        setPermissions(newPermissions);
+        permissionsRef.current = newPermissions;
+    }, []);
+    // Footer actions - managed internally
+    const actions: FormFooterAction[] = useMemo(() => [
+        {
+            label: 'Cancel',
+            onClick: handleCancel,
+            variant: 'secondary' as const,
+            disabled: isSubmitting,
+        },
+        {
+            label: isEdit ? 'Update Role' : 'Create Role',
+            onClick: () => {
+                const form = document.getElementById('role-form') as HTMLFormElement;
+                if (form) {
+                    form.requestSubmit();
+                }
+            },
+            variant: 'primary' as const,
+            disabled: isSubmitting,
+            icon: isEdit ? <Edit2 className="w-4 h-4" /> : <Plus className="w-4 h-4" />,
+        },
+    ], [handleCancel, isSubmitting, isEdit]);
+    const tenantId = watch('tenantId');
+    return (
+        <FormDialog
+            isOpen={isOpen}
+            onClose={onClose}
+            title={isEdit ? 'Edit Role' : 'Create New Role'}
+            description={isEdit ? 'Update role name, guard, and permissions' : 'Define a new role with specific permissions'}
+            icon={<Shield className="w-5 h-5 text-primary-600" />}
+            maxWidth="2xl"
+            actions={actions}
+        >
+            <form id="role-form" onSubmit={handleSubmit(handleFormSubmit)} className="p-4 space-y-3">
+                {error && (
+                    <div className="p-2 bg-red-50 border border-red-200 rounded-lg">
+                        <p className="text-xs text-red-600">{error}</p>
+                    </div>
+                )}
+                <Controller
+                    name="name"
+                    control={control}
+                    render={({ field }) => (
+                        <FormField
+                            id="role-name"
+                            label="Role Name"
+                            value={field.value}
+                            onChange={field.onChange}
+                            disabled={isSubmitting}
+                            error={errors.name?.message}
+                            placeholder="admin, editor, viewer..."
+                            startIcon={null}
+                        />
+                    )}
+                />
+                <Controller
+                    name="guard"
+                    control={control}
+                    render={({ field }) => (
+                        <FormField
+                            id="guard"
+                            label="Guard"
+                            value={field.value}
+                            onChange={field.onChange}
+                            disabled={isSubmitting}
+                            error={errors.guard?.message}
+                            placeholder="web, api, admin..."
+                            startIcon={null}
+                            helpText="Guard determines which authentication context this role applies to"
+                        />
+                    )}
+                />
+                {isEdit && role?.tenantId ? (
+                    <div className="p-2 bg-gray-50 rounded-lg">
+                        <label className="text-xs font-medium text-gray-600">Tenant</label>
+                        <p className="text-sm text-gray-900 font-medium mt-0.5">
+                            {tenants.find(t => t.id === role.tenantId)?.name || role.tenantId}
+                        </p>
+                        <p className="text-xs text-gray-500 mt-0.5">
+                            Tenant cannot be changed after role creation
+                        </p>
+                    </div>
+                ) : !isEdit ? (
+                    <div>
+                        <Controller
+                            name="tenantId"
+                            control={control}
+                            render={({ field }) => (
+                                <Select
+                                    label="Tenant (Optional)"
+                                    value={field.value}
+                                    onChange={field.onChange}
+                                    options={tenants.map((t) => ({ value: t.id, label: `${t.name} (${t.slug})` }))}
+                                    placeholder="Leave empty for global role"
+                                    allowEmpty={true}
+                                />
+                            )}
+                        />
+                        {errors.tenantId && (
+                            <p className="text-xs text-red-600 mt-0.5">{errors.tenantId.message}</p>
+                        )}
+                    </div>
+                ) : null}
+                {isEdit && isSystemRole && (
+                    <div className="p-2 bg-amber-50 border border-amber-200 rounded-lg">
+                        <p className="text-xs font-medium text-amber-900 mb-0.5">System Role</p>
+                        <p className="text-xs text-amber-700">
+                            This is a system role. Some fields may be restricted.
+                        </p>
+                    </div>
+                )}
+                <div className="relative">
+                    <PermissionInput
+                        label="Permissions"
+                        value={permissions}
+                        onChange={handlePermissionsChange}
+                        placeholder="Type to search permissions..."
+                        helperText="Type to search or press Enter to add. Use arrow keys to navigate suggestions."
+                        guard={guard}
+                    />
+                </div>
+            </form>
+        </FormDialog>
+    );
+};