@ackplus/nest-auth 0.1.51 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -513
- package/eslint.config.mjs +59 -0
- package/jest.config.ts +10 -0
- package/package.json +14 -44
- package/project.json +86 -0
- package/src/index.ts +30 -0
- package/src/lib/admin-console/admin-console.module.ts +62 -0
- package/src/lib/admin-console/controllers/admin-auth.controller.ts +339 -0
- package/src/lib/admin-console/controllers/admin-console.controller.ts +82 -0
- package/src/lib/admin-console/controllers/admin-permissions.controller.ts +180 -0
- package/src/lib/admin-console/controllers/admin-roles.controller.ts +89 -0
- package/src/lib/admin-console/controllers/admin-tenants.controller.ts +68 -0
- package/src/lib/admin-console/controllers/admin-users.controller.ts +379 -0
- package/src/lib/admin-console/decorators/current-admin.decorator.ts +9 -0
- package/src/lib/admin-console/dto/admin-permission.dto.ts +106 -0
- package/src/lib/admin-console/dto/admin-role.dto.ts +45 -0
- package/src/lib/admin-console/dto/admin-tenant.dto.ts +43 -0
- package/src/lib/admin-console/dto/admin-user.dto.ts +87 -0
- package/src/lib/admin-console/dto/create-dashboard-admin.dto.ts +34 -0
- package/src/lib/admin-console/dto/login.dto.ts +10 -0
- package/src/lib/admin-console/dto/reset-password.dto.ts +21 -0
- package/src/lib/admin-console/dto/setup-admin.dto.ts +23 -0
- package/src/lib/admin-console/dto/signup.dto.ts +51 -0
- package/src/lib/admin-console/entities/admin-user.entity.ts +74 -0
- package/src/lib/admin-console/guards/admin-session.guard.ts +47 -0
- package/src/lib/admin-console/services/admin-auth.service.ts +82 -0
- package/src/lib/admin-console/services/admin-console-config.service.ts +62 -0
- package/src/lib/admin-console/services/admin-session.service.ts +106 -0
- package/src/lib/admin-console/services/admin-user.service.ts +96 -0
- package/src/lib/admin-console/static/index.html +771 -0
- package/src/lib/auth/auth.module.ts +58 -0
- package/src/lib/auth/controllers/auth.controller.ts +393 -0
- package/src/lib/auth/controllers/mfa.controller.ts +200 -0
- package/src/lib/auth/dto/credentials/email-credentials.dto.ts +24 -0
- package/src/lib/auth/dto/credentials/phone-credentials.dto.ts +24 -0
- package/src/lib/auth/dto/credentials/social-credentials.dto.ts +15 -0
- package/src/lib/auth/dto/index.ts +1 -0
- package/src/lib/auth/dto/requests/change-password.request.dto.ts +34 -0
- package/src/lib/auth/dto/requests/forgot-password.request.dto.ts +30 -0
- package/src/lib/auth/dto/requests/initialize-admin.request.dto.ts +51 -0
- package/src/lib/auth/dto/requests/login.request.dto.ts +65 -0
- package/src/lib/auth/dto/requests/refresh-token.request.dto.ts +12 -0
- package/src/lib/auth/dto/requests/reset-password-with-token.request.dto.ts +22 -0
- package/src/lib/auth/dto/requests/reset-password.request.dto.ts +50 -0
- package/src/lib/auth/dto/requests/send-email-verification.request.dto.ts +12 -0
- package/src/lib/auth/dto/requests/send-mfa-code.request.dto.ts +19 -0
- package/src/lib/auth/dto/requests/signup.request.dto.ts +42 -0
- package/src/lib/auth/dto/requests/toggle-mfa.request.dto.ts +12 -0
- package/src/lib/auth/dto/requests/verify-2fa.request.dto.ts +24 -0
- package/src/lib/auth/dto/requests/verify-email.request.dto.ts +22 -0
- package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.ts +41 -0
- package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.ts +22 -0
- package/src/lib/auth/dto/responses/auth-cookie.response.dto.ts +58 -0
- package/src/lib/auth/dto/responses/auth-success.response.dto.ts +58 -0
- package/src/lib/auth/dto/responses/auth.response.dto.ts +99 -0
- package/src/lib/auth/dto/responses/client-config.response.dto.ts +153 -0
- package/src/lib/auth/dto/responses/initialize-admin.response.dto.ts +22 -0
- package/src/lib/auth/dto/responses/mfa-code-response.dto.ts +27 -0
- package/src/lib/auth/dto/responses/mfa-status.response.dto.ts +89 -0
- package/src/lib/auth/dto/responses/verify-otp.response.dto.ts +9 -0
- package/src/lib/auth/entities/mfa-secret.entity.ts +33 -0
- package/src/lib/auth/entities/otp.entity.ts +33 -0
- package/src/lib/auth/events/{logged-out-all.event.d.ts → logged-out-all.event.ts} +6 -3
- package/src/lib/auth/events/{logged-out.event.d.ts → logged-out.event.ts} +5 -3
- package/src/lib/auth/events/{password-reset-requested.event.d.ts → password-reset-requested.event.ts} +6 -3
- package/src/lib/auth/events/{password-reset.event.d.ts → password-reset.event.ts} +6 -3
- package/src/lib/auth/events/{user-2fa-verified.event.d.ts → user-2fa-verified.event.ts} +6 -3
- package/src/lib/auth/events/{user-logged-in.event.d.ts → user-logged-in.event.ts} +7 -3
- package/src/lib/auth/events/{user-refresh-token.event.d.ts → user-refresh-token.event.ts} +6 -3
- package/src/lib/auth/events/{user-registered.event.d.ts → user-registered.event.ts} +7 -3
- package/src/lib/auth/guards/auth.guard.ts +386 -0
- package/src/lib/auth/{index.d.ts → index.ts} +28 -1
- package/src/lib/auth/interceptors/refresh-token.interceptor.ts +117 -0
- package/src/lib/auth/services/auth.service.ts +947 -0
- package/src/lib/auth/services/client-config.service.ts +157 -0
- package/src/lib/auth/services/cookie.service.ts +43 -0
- package/src/lib/auth/services/mfa.service.ts +391 -0
- package/src/lib/auth.constants.ts +63 -0
- package/src/lib/core/core.module.ts +50 -0
- package/src/lib/core/decorators/auth.decorator.ts +38 -0
- package/src/lib/core/decorators/permissions.decorator.ts +17 -0
- package/src/lib/core/decorators/public.decorator.ts +33 -0
- package/src/lib/core/decorators/role.decorator.ts +12 -0
- package/src/lib/core/decorators/skip-mfa.decorator.ts +4 -0
- package/src/lib/core/dto/message.response.dto.ts +6 -0
- package/src/lib/core/{entities.d.ts → entities.ts} +18 -1
- package/src/lib/core/{index.d.ts → index.ts} +17 -0
- package/src/lib/core/interfaces/auth-module-options.interface.ts +211 -0
- package/src/lib/core/interfaces/mfa-options.interface.ts +46 -0
- package/src/lib/core/interfaces/otp.interface.ts +6 -0
- package/src/lib/core/interfaces/session-options.interface.ts +19 -0
- package/src/lib/core/interfaces/{token-payload.interface.d.ts → token-payload.interface.ts} +4 -1
- package/src/lib/core/providers/apple-auth.provider.ts +61 -0
- package/src/lib/core/providers/base-auth.provider.ts +74 -0
- package/src/lib/core/providers/email-auth.provider.ts +71 -0
- package/src/lib/core/providers/facebook-auth.provider.ts +55 -0
- package/src/lib/core/providers/github-auth.provider.ts +79 -0
- package/src/lib/core/providers/google-auth.provider.ts +61 -0
- package/src/lib/core/providers/jwt-auth.provider.ts +50 -0
- package/src/lib/core/providers/phone-auth.provider.ts +45 -0
- package/src/lib/core/services/auth-config.service.ts +184 -0
- package/src/lib/core/services/auth-provider-registry.service.ts +93 -0
- package/src/lib/core/services/{debug-logger.service.js → debug-logger.service.ts} +92 -59
- package/src/lib/core/services/initialization.service.ts +29 -0
- package/src/lib/core/services/jwt.service.ts +137 -0
- package/src/lib/nest-auth.module.ts +152 -0
- package/src/lib/permission/entities/permission.entity.ts +56 -0
- package/src/lib/permission/index.ts +4 -0
- package/src/lib/permission/permission.module.ts +14 -0
- package/src/lib/permission/services/permission.service.ts +233 -0
- package/src/lib/request-context/index.ts +2 -0
- package/src/lib/request-context/request-context.middleware.ts +13 -0
- package/src/lib/request-context/{request-context.js → request-context.ts} +51 -27
- package/src/lib/role/entities/role.entity.ts +103 -0
- package/src/lib/role/{index.d.ts → index.ts} +2 -0
- package/src/lib/role/role.module.ts +15 -0
- package/src/lib/role/services/{role.service.js → role.service.ts} +117 -52
- package/src/lib/session/entities/session.entity.ts +54 -0
- package/src/lib/session/index.ts +20 -0
- package/src/lib/session/interfaces/session-repository.interface.ts +58 -0
- package/src/lib/session/repositories/base-session.repository.ts +74 -0
- package/src/lib/session/repositories/memory-session.repository.ts +153 -0
- package/src/lib/session/repositories/redis-session.repository.ts +171 -0
- package/src/lib/session/repositories/typeorm-session.repository.ts +86 -0
- package/src/lib/session/services/session-manager.service.ts +261 -0
- package/src/lib/session/session.module.ts +102 -0
- package/src/lib/session/utils/session.util.ts +166 -0
- package/src/lib/tenant/entities/tenant.entity.ts +40 -0
- package/src/lib/tenant/events/tenant-created.event.ts +9 -0
- package/src/lib/tenant/events/tenant-deleted.event.ts +11 -0
- package/src/lib/tenant/events/{tenant-updated.event.d.ts → tenant-updated.event.ts} +6 -3
- package/src/lib/tenant/index.ts +9 -0
- package/src/lib/tenant/services/tenant.service.ts +336 -0
- package/src/lib/tenant/tenant.module.ts +19 -0
- package/src/lib/types/express.d.ts +14 -0
- package/src/lib/user/dto/requests/update-user.dto.ts +15 -0
- package/src/lib/user/entities/access-key.entity.ts +53 -0
- package/src/lib/user/entities/identity.entity.ts +31 -0
- package/src/lib/user/entities/user.entity.ts +212 -0
- package/src/lib/user/events/{user-created.event.d.ts → user-created.event.ts} +4 -3
- package/src/lib/user/events/{user-deleted.event.d.ts → user-deleted.event.ts} +6 -3
- package/src/lib/user/events/{user-updated.event.d.ts → user-updated.event.ts} +6 -3
- package/src/lib/user/index.ts +11 -0
- package/src/lib/user/services/access-key.service.ts +145 -0
- package/src/lib/user/services/{user.service.js → user.service.ts} +199 -95
- package/src/lib/user/user.module.ts +26 -0
- package/src/lib/utils/database.utils.ts +6 -0
- package/src/lib/utils/date.util.ts +106 -0
- package/src/lib/utils/device.util.ts +111 -0
- package/src/lib/utils/index.ts +6 -0
- package/src/lib/utils/otp.ts +3 -0
- package/src/lib/utils/security.util.ts +27 -0
- package/src/lib/utils/slug.util.ts +58 -0
- package/src/types/ms.d.ts +1 -0
- package/test/access-key.service.spec.ts +204 -0
- package/test/auth.service.spec.ts +541 -0
- package/test/mfa.service.spec.ts +359 -0
- package/test/role.service.spec.ts +418 -0
- package/test/tenant.service.spec.ts +218 -0
- package/test/test.setup.ts +66 -0
- package/test/user.service.spec.ts +374 -0
- package/tsconfig.json +17 -0
- package/tsconfig.lib.json +15 -0
- package/tsconfig.spec.json +15 -0
- package/tsconfig.tsbuildinfo +1 -1
- package/ui/.env +1 -0
- package/ui/.env.example +1 -0
- package/ui/.eslintignore +7 -0
- package/ui/README.md +288 -0
- package/ui/index.html +17 -0
- package/ui/package.json +34 -0
- package/ui/postcss.config.js +6 -0
- package/ui/src/App.tsx +245 -0
- package/ui/src/components/AuthGuard.tsx +59 -0
- package/ui/src/components/AuthProvider.tsx +76 -0
- package/ui/src/components/Button.tsx +37 -0
- package/ui/src/components/Card.tsx +37 -0
- package/ui/src/components/ErrorMessage.tsx +15 -0
- package/ui/src/components/FormDialog.tsx +61 -0
- package/ui/src/components/FormFooter.tsx +37 -0
- package/ui/src/components/Layout.tsx +112 -0
- package/ui/src/components/LoadingMessage.tsx +11 -0
- package/ui/src/components/Modal.tsx +97 -0
- package/ui/src/components/MultiSelect.tsx +145 -0
- package/ui/src/components/PageHeader.tsx +42 -0
- package/ui/src/components/PanelHeader.tsx +28 -0
- package/ui/src/components/PermissionInput.tsx +473 -0
- package/ui/src/components/SearchInput.tsx +69 -0
- package/ui/src/components/Select.tsx +51 -0
- package/ui/src/components/SwaggerUIWrapper.tsx +316 -0
- package/ui/src/components/Table.tsx +207 -0
- package/ui/src/components/Tag.tsx +9 -0
- package/ui/src/components/TagsInput.tsx +96 -0
- package/ui/src/components/admin/AdminForm.tsx +170 -0
- package/ui/src/components/admin/CreateAdminDialog.tsx +38 -0
- package/ui/src/components/auth/LoginFooter.tsx +17 -0
- package/ui/src/components/auth/LoginHeader.tsx +14 -0
- package/ui/src/components/auth/components/CodeBlock.tsx +43 -0
- package/ui/src/components/auth/components/CreateAccountCodeExamples.tsx +60 -0
- package/ui/src/components/auth/components/PasswordRequirements.tsx +16 -0
- package/ui/src/components/auth/components/PasswordStrengthIndicator.tsx +48 -0
- package/ui/src/components/auth/components/ResetPasswordCodeExamples.tsx +76 -0
- package/ui/src/components/auth/components/Tabs.tsx +32 -0
- package/ui/src/components/auth/dialogs/CreateAccountDialog.tsx +79 -0
- package/ui/src/components/auth/dialogs/ForgotPasswordDialog.tsx +79 -0
- package/ui/src/components/auth/forms/CreateAccountForm.tsx +226 -0
- package/ui/src/components/auth/forms/LoginForm.tsx +149 -0
- package/ui/src/components/auth/forms/ResetPasswordForm.tsx +202 -0
- package/ui/src/components/auth/types.ts +17 -0
- package/ui/src/components/auth/utils/security.ts +82 -0
- package/ui/src/components/auth/utils/utils.ts +25 -0
- package/ui/src/components/form/EmailField.tsx +25 -0
- package/ui/src/components/form/FormField.tsx +102 -0
- package/ui/src/components/form/FormMultiSelect.tsx +46 -0
- package/ui/src/components/form/FormSelect.tsx +60 -0
- package/ui/src/components/form/FormTagsInput.tsx +42 -0
- package/ui/src/components/form/FormTextarea.tsx +42 -0
- package/ui/src/components/form/PasswordField.tsx +93 -0
- package/ui/src/components/form/SecretKeyField.tsx +49 -0
- package/ui/src/components/permission/CreatePermissionDialog.tsx +44 -0
- package/ui/src/components/permission/EditPermissionDialog.tsx +55 -0
- package/ui/src/components/permission/PermissionForm.tsx +251 -0
- package/ui/src/components/role/CreateRoleDialog.tsx +45 -0
- package/ui/src/components/role/EditRoleDialog.tsx +55 -0
- package/ui/src/components/role/RoleDialog.tsx +252 -0
- package/ui/src/components/role/RoleForm.tsx +246 -0
- package/ui/src/components/tenant/CreateTenantDialog.tsx +41 -0
- package/ui/src/components/tenant/EditTenantDialog.tsx +52 -0
- package/ui/src/components/tenant/TenantForm.tsx +160 -0
- package/ui/src/components/user/CreateUserDialog.tsx +45 -0
- package/ui/src/components/user/UserDetailModal.tsx +815 -0
- package/ui/src/components/user/UserForm.tsx +191 -0
- package/ui/src/data/nest-auth.json +1687 -0
- package/ui/src/hooks/useApi.ts +69 -0
- package/ui/src/hooks/useAuth.ts +100 -0
- package/ui/src/hooks/useConfirm.tsx +105 -0
- package/ui/src/hooks/useFormFooter.tsx +42 -0
- package/ui/src/hooks/usePagination.ts +69 -0
- package/ui/src/index.css +59 -0
- package/ui/src/main.tsx +13 -0
- package/ui/src/pages/AdminsPage.tsx +178 -0
- package/ui/src/pages/ApiPage.tsx +89 -0
- package/ui/src/pages/DashboardPage.tsx +281 -0
- package/ui/src/pages/LoginPage.tsx +39 -0
- package/ui/src/pages/PermissionsPage.tsx +376 -0
- package/ui/src/pages/RolesPage.tsx +274 -0
- package/ui/src/pages/TenantsPage.tsx +221 -0
- package/ui/src/pages/UsersPage.tsx +387 -0
- package/ui/src/services/api.ts +115 -0
- package/ui/src/types/index.ts +136 -0
- package/ui/src/vite-env.d.ts +9 -0
- package/ui/tailwind.config.js +45 -0
- package/ui/tsconfig.json +24 -0
- package/ui/tsconfig.node.json +10 -0
- package/ui/vite.config.ts +37 -0
- package/ui/yarn.lock +3137 -0
- package/src/index.d.ts +0 -11
- package/src/index.js +0 -18
- package/src/index.js.map +0 -1
- package/src/lib/auth/auth.module.d.ts +0 -2
- package/src/lib/auth/auth.module.js +0 -54
- package/src/lib/auth/auth.module.js.map +0 -1
- package/src/lib/auth/controllers/auth.controller.d.ts +0 -29
- package/src/lib/auth/controllers/auth.controller.js +0 -206
- package/src/lib/auth/controllers/auth.controller.js.map +0 -1
- package/src/lib/auth/controllers/mfa.controller.d.ts +0 -23
- package/src/lib/auth/controllers/mfa.controller.js +0 -131
- package/src/lib/auth/controllers/mfa.controller.js.map +0 -1
- package/src/lib/auth/dto/index.d.ts +0 -0
- package/src/lib/auth/dto/index.js +0 -1
- package/src/lib/auth/dto/index.js.map +0 -1
- package/src/lib/auth/dto/requests/forgot-password.request.dto.d.ts +0 -5
- package/src/lib/auth/dto/requests/forgot-password.request.dto.js +0 -30
- package/src/lib/auth/dto/requests/forgot-password.request.dto.js.map +0 -1
- package/src/lib/auth/dto/requests/login.request.dto.d.ts +0 -6
- package/src/lib/auth/dto/requests/login.request.dto.js +0 -38
- package/src/lib/auth/dto/requests/login.request.dto.js.map +0 -1
- package/src/lib/auth/dto/requests/refresh-token.request.dto.d.ts +0 -3
- package/src/lib/auth/dto/requests/refresh-token.request.dto.js +0 -15
- package/src/lib/auth/dto/requests/refresh-token.request.dto.js.map +0 -1
- package/src/lib/auth/dto/requests/reset-password.request.dto.d.ts +0 -7
- package/src/lib/auth/dto/requests/reset-password.request.dto.js +0 -42
- package/src/lib/auth/dto/requests/reset-password.request.dto.js.map +0 -1
- package/src/lib/auth/dto/requests/send-mfa-code.request.dto.d.ts +0 -4
- package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js +0 -16
- package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js.map +0 -1
- package/src/lib/auth/dto/requests/signup.request.dto.d.ts +0 -7
- package/src/lib/auth/dto/requests/signup.request.dto.js +0 -37
- package/src/lib/auth/dto/requests/signup.request.dto.js.map +0 -1
- package/src/lib/auth/dto/requests/social-login.request.dto.d.ts +0 -3
- package/src/lib/auth/dto/requests/social-login.request.dto.js +0 -16
- package/src/lib/auth/dto/requests/social-login.request.dto.js.map +0 -1
- package/src/lib/auth/dto/requests/verify-2fa.request.dto.d.ts +0 -5
- package/src/lib/auth/dto/requests/verify-2fa.request.dto.js +0 -21
- package/src/lib/auth/dto/requests/verify-2fa.request.dto.js.map +0 -1
- package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.d.ts +0 -6
- package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js +0 -35
- package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js.map +0 -1
- package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.d.ts +0 -4
- package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js +0 -20
- package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js.map +0 -1
- package/src/lib/auth/dto/responses/auth.response.dto.d.ts +0 -16
- package/src/lib/auth/dto/responses/auth.response.dto.js +0 -50
- package/src/lib/auth/dto/responses/auth.response.dto.js.map +0 -1
- package/src/lib/auth/entities/mfa-secret.entity.d.ts +0 -12
- package/src/lib/auth/entities/mfa-secret.entity.js +0 -50
- package/src/lib/auth/entities/mfa-secret.entity.js.map +0 -1
- package/src/lib/auth/entities/otp.entity.d.ts +0 -13
- package/src/lib/auth/entities/otp.entity.js +0 -50
- package/src/lib/auth/entities/otp.entity.js.map +0 -1
- package/src/lib/auth/events/logged-out-all.event.js +0 -10
- package/src/lib/auth/events/logged-out-all.event.js.map +0 -1
- package/src/lib/auth/events/logged-out.event.js +0 -10
- package/src/lib/auth/events/logged-out.event.js.map +0 -1
- package/src/lib/auth/events/password-reset-requested.event.js +0 -10
- package/src/lib/auth/events/password-reset-requested.event.js.map +0 -1
- package/src/lib/auth/events/password-reset.event.js +0 -10
- package/src/lib/auth/events/password-reset.event.js.map +0 -1
- package/src/lib/auth/events/user-2fa-verified.event.js +0 -10
- package/src/lib/auth/events/user-2fa-verified.event.js.map +0 -1
- package/src/lib/auth/events/user-logged-in.event.js +0 -10
- package/src/lib/auth/events/user-logged-in.event.js.map +0 -1
- package/src/lib/auth/events/user-refresh-token.event.js +0 -10
- package/src/lib/auth/events/user-refresh-token.event.js.map +0 -1
- package/src/lib/auth/events/user-registered.event.js +0 -10
- package/src/lib/auth/events/user-registered.event.js.map +0 -1
- package/src/lib/auth/guards/auth.guard.d.ts +0 -28
- package/src/lib/auth/guards/auth.guard.js +0 -304
- package/src/lib/auth/guards/auth.guard.js.map +0 -1
- package/src/lib/auth/index.js +0 -31
- package/src/lib/auth/index.js.map +0 -1
- package/src/lib/auth/services/auth.service.d.ts +0 -53
- package/src/lib/auth/services/auth.service.js +0 -522
- package/src/lib/auth/services/auth.service.js.map +0 -1
- package/src/lib/auth/services/cookie.service.d.ts +0 -9
- package/src/lib/auth/services/cookie.service.js +0 -43
- package/src/lib/auth/services/cookie.service.js.map +0 -1
- package/src/lib/auth/services/mfa.service.d.ts +0 -38
- package/src/lib/auth/services/mfa.service.js +0 -254
- package/src/lib/auth/services/mfa.service.js.map +0 -1
- package/src/lib/auth.constants.d.ts +0 -39
- package/src/lib/auth.constants.js +0 -43
- package/src/lib/auth.constants.js.map +0 -1
- package/src/lib/core/core.module.d.ts +0 -2
- package/src/lib/core/core.module.js +0 -53
- package/src/lib/core/core.module.js.map +0 -1
- package/src/lib/core/decorators/auth.decorator.d.ts +0 -1
- package/src/lib/core/decorators/auth.decorator.js +0 -8
- package/src/lib/core/decorators/auth.decorator.js.map +0 -1
- package/src/lib/core/decorators/permissions.decorator.d.ts +0 -2
- package/src/lib/core/decorators/permissions.decorator.js +0 -14
- package/src/lib/core/decorators/permissions.decorator.js.map +0 -1
- package/src/lib/core/decorators/role.decorator.d.ts +0 -3
- package/src/lib/core/decorators/role.decorator.js +0 -14
- package/src/lib/core/decorators/role.decorator.js.map +0 -1
- package/src/lib/core/decorators/skip-mfa.decorator.d.ts +0 -2
- package/src/lib/core/decorators/skip-mfa.decorator.js +0 -8
- package/src/lib/core/decorators/skip-mfa.decorator.js.map +0 -1
- package/src/lib/core/dto/message.response.dto.d.ts +0 -3
- package/src/lib/core/dto/message.response.dto.js +0 -13
- package/src/lib/core/dto/message.response.dto.js.map +0 -1
- package/src/lib/core/entities.js +0 -31
- package/src/lib/core/entities.js.map +0 -1
- package/src/lib/core/index.js +0 -27
- package/src/lib/core/index.js.map +0 -1
- package/src/lib/core/interfaces/auth-module-options.interface.d.ts +0 -62
- package/src/lib/core/interfaces/auth-module-options.interface.js +0 -3
- package/src/lib/core/interfaces/auth-module-options.interface.js.map +0 -1
- package/src/lib/core/interfaces/mfa-options.interface.d.ts +0 -25
- package/src/lib/core/interfaces/mfa-options.interface.js +0 -10
- package/src/lib/core/interfaces/mfa-options.interface.js.map +0 -1
- package/src/lib/core/interfaces/otp.interface.d.ts +0 -5
- package/src/lib/core/interfaces/otp.interface.js +0 -10
- package/src/lib/core/interfaces/otp.interface.js.map +0 -1
- package/src/lib/core/interfaces/session-options.interface.d.ts +0 -12
- package/src/lib/core/interfaces/session-options.interface.js +0 -9
- package/src/lib/core/interfaces/session-options.interface.js.map +0 -1
- package/src/lib/core/interfaces/token-payload.interface.js +0 -3
- package/src/lib/core/interfaces/token-payload.interface.js.map +0 -1
- package/src/lib/core/providers/apple-auth.provider.d.ts +0 -18
- package/src/lib/core/providers/apple-auth.provider.js +0 -57
- package/src/lib/core/providers/apple-auth.provider.js.map +0 -1
- package/src/lib/core/providers/base-auth.provider.d.ts +0 -26
- package/src/lib/core/providers/base-auth.provider.js +0 -43
- package/src/lib/core/providers/base-auth.provider.js.map +0 -1
- package/src/lib/core/providers/email-auth.provider.d.ts +0 -17
- package/src/lib/core/providers/email-auth.provider.js +0 -40
- package/src/lib/core/providers/email-auth.provider.js.map +0 -1
- package/src/lib/core/providers/facebook-auth.provider.d.ts +0 -18
- package/src/lib/core/providers/facebook-auth.provider.js +0 -56
- package/src/lib/core/providers/facebook-auth.provider.js.map +0 -1
- package/src/lib/core/providers/google-auth.provider.d.ts +0 -21
- package/src/lib/core/providers/google-auth.provider.js +0 -58
- package/src/lib/core/providers/google-auth.provider.js.map +0 -1
- package/src/lib/core/providers/jwt-auth.provider.d.ts +0 -33
- package/src/lib/core/providers/jwt-auth.provider.js +0 -50
- package/src/lib/core/providers/jwt-auth.provider.js.map +0 -1
- package/src/lib/core/providers/phone-auth.provider.d.ts +0 -18
- package/src/lib/core/providers/phone-auth.provider.js +0 -43
- package/src/lib/core/providers/phone-auth.provider.js.map +0 -1
- package/src/lib/core/services/auth-config.service.d.ts +0 -12
- package/src/lib/core/services/auth-config.service.js +0 -79
- package/src/lib/core/services/auth-config.service.js.map +0 -1
- package/src/lib/core/services/auth-provider-registry.service.d.ts +0 -24
- package/src/lib/core/services/auth-provider-registry.service.js +0 -71
- package/src/lib/core/services/auth-provider-registry.service.js.map +0 -1
- package/src/lib/core/services/debug-logger.service.d.ts +0 -38
- package/src/lib/core/services/debug-logger.service.js.map +0 -1
- package/src/lib/core/services/initialization.service.d.ts +0 -10
- package/src/lib/core/services/initialization.service.js +0 -34
- package/src/lib/core/services/initialization.service.js.map +0 -1
- package/src/lib/core/services/jwt.service.d.ts +0 -14
- package/src/lib/core/services/jwt.service.js +0 -92
- package/src/lib/core/services/jwt.service.js.map +0 -1
- package/src/lib/nest-auth.module.d.ts +0 -11
- package/src/lib/nest-auth.module.js +0 -177
- package/src/lib/nest-auth.module.js.map +0 -1
- package/src/lib/request-context/request-context.d.ts +0 -22
- package/src/lib/request-context/request-context.js.map +0 -1
- package/src/lib/request-context/request-context.middleware.d.ts +0 -4
- package/src/lib/request-context/request-context.middleware.js +0 -16
- package/src/lib/request-context/request-context.middleware.js.map +0 -1
- package/src/lib/role/entities/role.entity.d.ts +0 -20
- package/src/lib/role/entities/role.entity.js +0 -110
- package/src/lib/role/entities/role.entity.js.map +0 -1
- package/src/lib/role/index.js +0 -5
- package/src/lib/role/index.js.map +0 -1
- package/src/lib/role/role.module.d.ts +0 -2
- package/src/lib/role/role.module.js +0 -23
- package/src/lib/role/role.module.js.map +0 -1
- package/src/lib/role/services/role.service.d.ts +0 -20
- package/src/lib/role/services/role.service.js.map +0 -1
- package/src/lib/session/entities/session.entity.d.ts +0 -16
- package/src/lib/session/entities/session.entity.js +0 -63
- package/src/lib/session/entities/session.entity.js.map +0 -1
- package/src/lib/session/index.d.ts +0 -3
- package/src/lib/session/index.js +0 -7
- package/src/lib/session/index.js.map +0 -1
- package/src/lib/session/services/base-session.service.d.ts +0 -23
- package/src/lib/session/services/base-session.service.js +0 -64
- package/src/lib/session/services/base-session.service.js.map +0 -1
- package/src/lib/session/services/database-session.service.d.ts +0 -17
- package/src/lib/session/services/database-session.service.js +0 -51
- package/src/lib/session/services/database-session.service.js.map +0 -1
- package/src/lib/session/services/redis-session.service.d.ts +0 -20
- package/src/lib/session/services/redis-session.service.js +0 -117
- package/src/lib/session/services/redis-session.service.js.map +0 -1
- package/src/lib/session/session.module.d.ts +0 -2
- package/src/lib/session/session.module.js +0 -33
- package/src/lib/session/session.module.js.map +0 -1
- package/src/lib/tenant/entities/tenant.entity.d.ts +0 -10
- package/src/lib/tenant/entities/tenant.entity.js +0 -44
- package/src/lib/tenant/entities/tenant.entity.js.map +0 -1
- package/src/lib/tenant/events/tenant-created.event.d.ts +0 -8
- package/src/lib/tenant/events/tenant-created.event.js +0 -10
- package/src/lib/tenant/events/tenant-created.event.js.map +0 -1
- package/src/lib/tenant/events/tenant-deleted.event.d.ts +0 -8
- package/src/lib/tenant/events/tenant-deleted.event.js +0 -10
- package/src/lib/tenant/events/tenant-deleted.event.js.map +0 -1
- package/src/lib/tenant/events/tenant-updated.event.js +0 -10
- package/src/lib/tenant/events/tenant-updated.event.js.map +0 -1
- package/src/lib/tenant/index.d.ts +0 -1
- package/src/lib/tenant/index.js +0 -5
- package/src/lib/tenant/index.js.map +0 -1
- package/src/lib/tenant/services/tenant.service.d.ts +0 -26
- package/src/lib/tenant/services/tenant.service.js +0 -200
- package/src/lib/tenant/services/tenant.service.js.map +0 -1
- package/src/lib/tenant/tenant.module.d.ts +0 -2
- package/src/lib/tenant/tenant.module.js +0 -27
- package/src/lib/tenant/tenant.module.js.map +0 -1
- package/src/lib/user/dto/requests/update-user.dto.d.ts +0 -5
- package/src/lib/user/dto/requests/update-user.dto.js +0 -24
- package/src/lib/user/dto/requests/update-user.dto.js.map +0 -1
- package/src/lib/user/entities/access-key.entity.d.ts +0 -16
- package/src/lib/user/entities/access-key.entity.js +0 -63
- package/src/lib/user/entities/access-key.entity.js.map +0 -1
- package/src/lib/user/entities/identity.entity.d.ts +0 -12
- package/src/lib/user/entities/identity.entity.js +0 -47
- package/src/lib/user/entities/identity.entity.js.map +0 -1
- package/src/lib/user/entities/user.entity.d.ts +0 -39
- package/src/lib/user/entities/user.entity.js +0 -201
- package/src/lib/user/entities/user.entity.js.map +0 -1
- package/src/lib/user/events/user-created.event.js +0 -10
- package/src/lib/user/events/user-created.event.js.map +0 -1
- package/src/lib/user/events/user-deleted.event.js +0 -10
- package/src/lib/user/events/user-deleted.event.js.map +0 -1
- package/src/lib/user/events/user-updated.event.js +0 -10
- package/src/lib/user/events/user-updated.event.js.map +0 -1
- package/src/lib/user/index.d.ts +0 -3
- package/src/lib/user/index.js +0 -7
- package/src/lib/user/index.js.map +0 -1
- package/src/lib/user/services/access-key.service.d.ts +0 -19
- package/src/lib/user/services/access-key.service.js +0 -119
- package/src/lib/user/services/access-key.service.js.map +0 -1
- package/src/lib/user/services/user.service.d.ts +0 -24
- package/src/lib/user/services/user.service.js.map +0 -1
- package/src/lib/user/user.module.d.ts +0 -2
- package/src/lib/user/user.module.js +0 -34
- package/src/lib/user/user.module.js.map +0 -1
- package/src/lib/utils/database.utils.d.ts +0 -2
- package/src/lib/utils/database.utils.js +0 -8
- package/src/lib/utils/database.utils.js.map +0 -1
- package/src/lib/utils/otp.d.ts +0 -1
- package/src/lib/utils/otp.js +0 -7
- package/src/lib/utils/otp.js.map +0 -1
|
@@ -0,0 +1,379 @@
|
|
|
1
|
+
import {
|
|
2
|
+
Body,
|
|
3
|
+
Controller,
|
|
4
|
+
Delete,
|
|
5
|
+
Get,
|
|
6
|
+
Param,
|
|
7
|
+
Patch,
|
|
8
|
+
Post,
|
|
9
|
+
Query,
|
|
10
|
+
UseGuards,
|
|
11
|
+
} from '@nestjs/common';
|
|
12
|
+
import { NotFoundException } from '@nestjs/common';
|
|
13
|
+
import { InjectRepository } from '@nestjs/typeorm';
|
|
14
|
+
import { Repository } from 'typeorm';
|
|
15
|
+
import { AdminSessionGuard } from '../guards/admin-session.guard';
|
|
16
|
+
import { AdminCreateUserDto, AdminUpdateUserDto } from '../dto/admin-user.dto';
|
|
17
|
+
import { UserService } from '../../user/services/user.service';
|
|
18
|
+
import { TenantService } from '../../tenant/services/tenant.service';
|
|
19
|
+
import { NestAuthUser } from '../../user/entities/user.entity';
|
|
20
|
+
import { NestAuthMFASecret } from '../../auth/entities/mfa-secret.entity';
|
|
21
|
+
import { DEFAULT_GUARD_NAME, EMAIL_AUTH_PROVIDER, PHONE_AUTH_PROVIDER } from '../../auth.constants';
|
|
22
|
+
import { FindOptionsWhere, Like } from 'typeorm';
|
|
23
|
+
import { MfaService } from '../../auth/services/mfa.service';
|
|
24
|
+
import { SessionManagerService } from '../../session/services/session-manager.service';
|
|
25
|
+
import { NestAuthSession } from '../../session/entities/session.entity';
|
|
26
|
+
|
|
27
|
+
@Controller('auth/admin/api/users')
|
|
28
|
+
@UseGuards(AdminSessionGuard)
|
|
29
|
+
export class AdminUsersController {
|
|
30
|
+
constructor(
|
|
31
|
+
private readonly users: UserService,
|
|
32
|
+
private readonly tenantService: TenantService,
|
|
33
|
+
private readonly mfaService: MfaService,
|
|
34
|
+
private readonly sessionManager: SessionManagerService,
|
|
35
|
+
@InjectRepository(NestAuthMFASecret)
|
|
36
|
+
private readonly mfaSecretRepository: Repository<NestAuthMFASecret>,
|
|
37
|
+
) { }
|
|
38
|
+
|
|
39
|
+
private async ensureUserExists(id: string): Promise<NestAuthUser> {
|
|
40
|
+
const user = await this.users.getUserById(id);
|
|
41
|
+
if (!user) {
|
|
42
|
+
throw new NotFoundException('User not found');
|
|
43
|
+
}
|
|
44
|
+
return user;
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
private toSessionResponse(session: NestAuthSession) {
|
|
48
|
+
return {
|
|
49
|
+
id: session.id,
|
|
50
|
+
deviceName: session.deviceName || 'Unknown device',
|
|
51
|
+
userAgent: session.userAgent,
|
|
52
|
+
ipAddress: session.ipAddress,
|
|
53
|
+
lastActive: session.lastActive,
|
|
54
|
+
createdAt: session.createdAt,
|
|
55
|
+
expiresAt: session.expiresAt,
|
|
56
|
+
};
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
private buildStatusFilter(status?: string): Partial<FindOptionsWhere<NestAuthUser>> {
|
|
60
|
+
if (!status) return {};
|
|
61
|
+
switch (status) {
|
|
62
|
+
case 'active':
|
|
63
|
+
return { isActive: true };
|
|
64
|
+
case 'inactive':
|
|
65
|
+
return { isActive: false };
|
|
66
|
+
case 'verified':
|
|
67
|
+
return { isVerified: true };
|
|
68
|
+
case 'unverified':
|
|
69
|
+
return { isVerified: false };
|
|
70
|
+
default:
|
|
71
|
+
return {};
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
private escapeLikePattern(value: string): string {
|
|
76
|
+
return value.replace(/[%_\\]/g, '\\$&');
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
@Get()
|
|
80
|
+
async listUsers(
|
|
81
|
+
@Query('page') page?: string,
|
|
82
|
+
@Query('limit') limit?: string,
|
|
83
|
+
@Query('search') search?: string,
|
|
84
|
+
@Query('status') status?: string,
|
|
85
|
+
) {
|
|
86
|
+
// Validate and sanitize pagination parameters
|
|
87
|
+
let pageNum = parseInt(page || '1', 10);
|
|
88
|
+
let limitNum = parseInt(limit || '10', 10);
|
|
89
|
+
|
|
90
|
+
// Ensure page is at least 1
|
|
91
|
+
if (isNaN(pageNum) || pageNum < 1) {
|
|
92
|
+
pageNum = 1;
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
// Ensure limit is positive and capped at 100
|
|
96
|
+
if (isNaN(limitNum) || limitNum <= 0) {
|
|
97
|
+
limitNum = 10;
|
|
98
|
+
}
|
|
99
|
+
if (limitNum > 100) {
|
|
100
|
+
limitNum = 100;
|
|
101
|
+
}
|
|
102
|
+
|
|
103
|
+
const skip = (pageNum - 1) * limitNum;
|
|
104
|
+
|
|
105
|
+
// Build where clause with proper TypeORM typing
|
|
106
|
+
let where: FindOptionsWhere<NestAuthUser>[] | FindOptionsWhere<NestAuthUser> = {};
|
|
107
|
+
|
|
108
|
+
// Apply search filter with proper OR conditions using array syntax
|
|
109
|
+
if (search && search.trim()) {
|
|
110
|
+
const escapedSearch = this.escapeLikePattern(search.trim());
|
|
111
|
+
const searchPattern = `%${escapedSearch}%`;
|
|
112
|
+
|
|
113
|
+
// Base status filter if present
|
|
114
|
+
const baseFilter: FindOptionsWhere<NestAuthUser> = {
|
|
115
|
+
...this.buildStatusFilter(status),
|
|
116
|
+
};
|
|
117
|
+
|
|
118
|
+
// Create OR conditions for search
|
|
119
|
+
where = [
|
|
120
|
+
{ ...baseFilter, email: Like(searchPattern) },
|
|
121
|
+
{ ...baseFilter, phone: Like(searchPattern) },
|
|
122
|
+
{ ...baseFilter, tenantId: Like(searchPattern) },
|
|
123
|
+
];
|
|
124
|
+
} else {
|
|
125
|
+
// Apply status filter without search
|
|
126
|
+
Object.assign(where as FindOptionsWhere<NestAuthUser>, this.buildStatusFilter(status));
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
// Get users and total count in a single query
|
|
130
|
+
const [users, total] = await this.users.getUsersAndCount({
|
|
131
|
+
where,
|
|
132
|
+
relations: ['roles'],
|
|
133
|
+
order: { createdAt: 'DESC' },
|
|
134
|
+
skip,
|
|
135
|
+
take: limitNum,
|
|
136
|
+
});
|
|
137
|
+
|
|
138
|
+
return {
|
|
139
|
+
data: users.map((user) => this.toSafeUser(user)),
|
|
140
|
+
meta: {
|
|
141
|
+
page: pageNum,
|
|
142
|
+
limit: limitNum,
|
|
143
|
+
total,
|
|
144
|
+
totalPages: Math.ceil(total / limitNum),
|
|
145
|
+
},
|
|
146
|
+
};
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
@Post()
|
|
150
|
+
async createUser(@Body() dto: AdminCreateUserDto) {
|
|
151
|
+
const tenantId = await this.tenantService.resolveTenantId(dto.tenantId);
|
|
152
|
+
const user = await this.users.createUser({
|
|
153
|
+
email: dto.email,
|
|
154
|
+
phone: dto.phone,
|
|
155
|
+
tenantId,
|
|
156
|
+
metadata: dto.metadata ?? {},
|
|
157
|
+
isActive: dto.isActive ?? true,
|
|
158
|
+
isVerified: dto.isVerified ?? false,
|
|
159
|
+
});
|
|
160
|
+
|
|
161
|
+
if (dto.password) {
|
|
162
|
+
await user.setPassword(dto.password);
|
|
163
|
+
await user.save();
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
if (dto.roles?.length) {
|
|
167
|
+
await user.assignRoles(dto.roles, DEFAULT_GUARD_NAME);
|
|
168
|
+
await user.save();
|
|
169
|
+
}
|
|
170
|
+
|
|
171
|
+
return { user: this.toSafeUser(user) };
|
|
172
|
+
}
|
|
173
|
+
|
|
174
|
+
@Get(':id')
|
|
175
|
+
async getUser(@Param('id') id: string) {
|
|
176
|
+
const user = await this.users.getUserById(id, {
|
|
177
|
+
relations: ['roles', 'mfaSecrets', 'identities']
|
|
178
|
+
});
|
|
179
|
+
if (!user) {
|
|
180
|
+
throw new NotFoundException('User not found');
|
|
181
|
+
}
|
|
182
|
+
|
|
183
|
+
const availableMethods = this.mfaService.getAvailableMethods();
|
|
184
|
+
const [enabledMethods, sessions] = await Promise.all([
|
|
185
|
+
this.mfaService.getEnabledMethods(user.id),
|
|
186
|
+
this.sessionManager.getUserSessions(user.id),
|
|
187
|
+
]);
|
|
188
|
+
|
|
189
|
+
const sortedSessions = sessions
|
|
190
|
+
.sort((a, b) => {
|
|
191
|
+
const aTime = a.lastActive?.getTime() ?? a.updatedAt?.getTime() ?? 0;
|
|
192
|
+
const bTime = b.lastActive?.getTime() ?? b.updatedAt?.getTime() ?? 0;
|
|
193
|
+
return bTime - aTime;
|
|
194
|
+
})
|
|
195
|
+
.map((session) => this.toSessionResponse(session));
|
|
196
|
+
|
|
197
|
+
return {
|
|
198
|
+
user: this.toSafeUser(user),
|
|
199
|
+
loginMethods: {
|
|
200
|
+
emailEnabled: !!user.email && !!user.emailVerifiedAt,
|
|
201
|
+
phoneEnabled: !!user.phone && !!user.phoneVerifiedAt,
|
|
202
|
+
hasPassword: !!user.passwordHash,
|
|
203
|
+
},
|
|
204
|
+
mfa: {
|
|
205
|
+
isEnabled: user.isMfaEnabled,
|
|
206
|
+
allowUserToggle: this.mfaService.mfaConfig?.allowUserToggle ?? false,
|
|
207
|
+
availableMethods,
|
|
208
|
+
enabledMethods,
|
|
209
|
+
hasRecoveryCode: !!user.mfaRecoveryCode,
|
|
210
|
+
totpDevices: user.mfaSecrets?.map((device) => ({
|
|
211
|
+
id: device.id,
|
|
212
|
+
deviceName: device.deviceName || 'Authenticator',
|
|
213
|
+
verified: device.verified,
|
|
214
|
+
lastUsedAt: device.lastUsedAt,
|
|
215
|
+
createdAt: device.createdAt,
|
|
216
|
+
})) || [],
|
|
217
|
+
},
|
|
218
|
+
sessions: sortedSessions,
|
|
219
|
+
};
|
|
220
|
+
}
|
|
221
|
+
|
|
222
|
+
@Patch(':id')
|
|
223
|
+
async updateUser(@Param('id') id: string, @Body() dto: AdminUpdateUserDto) {
|
|
224
|
+
let user = await this.users.getUserById(id, { relations: ['roles', 'identities'] });
|
|
225
|
+
if (!user) {
|
|
226
|
+
throw new NotFoundException('User not found');
|
|
227
|
+
}
|
|
228
|
+
|
|
229
|
+
// Apply basic field updates if provided
|
|
230
|
+
if (dto.isActive !== undefined || dto.isVerified !== undefined || dto.metadata !== undefined ||
|
|
231
|
+
dto.isMfaEnabled !== undefined) {
|
|
232
|
+
const updates: Partial<NestAuthUser> = {};
|
|
233
|
+
if (dto.isActive !== undefined) updates.isActive = dto.isActive;
|
|
234
|
+
if (dto.isVerified !== undefined) updates.isVerified = dto.isVerified;
|
|
235
|
+
if (dto.metadata !== undefined) updates.metadata = dto.metadata;
|
|
236
|
+
if (dto.isMfaEnabled !== undefined) updates.isMfaEnabled = dto.isMfaEnabled;
|
|
237
|
+
|
|
238
|
+
user = await this.users.updateUser(id, updates);
|
|
239
|
+
}
|
|
240
|
+
|
|
241
|
+
// Enable/disable email login
|
|
242
|
+
if (dto.emailLoginEnabled !== undefined) {
|
|
243
|
+
if (dto.emailLoginEnabled) {
|
|
244
|
+
if (!user.email) {
|
|
245
|
+
throw new NotFoundException('User has no email address');
|
|
246
|
+
}
|
|
247
|
+
user.emailVerifiedAt = user.emailVerifiedAt || new Date();
|
|
248
|
+
// Ensure identity exists
|
|
249
|
+
await user.findOrCreateIdentity(EMAIL_AUTH_PROVIDER, user.email);
|
|
250
|
+
} else {
|
|
251
|
+
user.emailVerifiedAt = null;
|
|
252
|
+
// Remove email identity if exists
|
|
253
|
+
const emailIdentity = user.identities?.find(i => i.provider === EMAIL_AUTH_PROVIDER);
|
|
254
|
+
if (emailIdentity) {
|
|
255
|
+
await emailIdentity.remove();
|
|
256
|
+
}
|
|
257
|
+
}
|
|
258
|
+
}
|
|
259
|
+
|
|
260
|
+
// Enable/disable phone login
|
|
261
|
+
if (dto.phoneLoginEnabled !== undefined) {
|
|
262
|
+
if (dto.phoneLoginEnabled) {
|
|
263
|
+
if (!user.phone) {
|
|
264
|
+
throw new NotFoundException('User has no phone number');
|
|
265
|
+
}
|
|
266
|
+
user.phoneVerifiedAt = user.phoneVerifiedAt || new Date();
|
|
267
|
+
// Ensure identity exists
|
|
268
|
+
await user.findOrCreateIdentity(PHONE_AUTH_PROVIDER, user.phone);
|
|
269
|
+
} else {
|
|
270
|
+
user.phoneVerifiedAt = null;
|
|
271
|
+
// Remove phone identity if exists
|
|
272
|
+
const phoneIdentity = user.identities?.find(i => i.provider === PHONE_AUTH_PROVIDER);
|
|
273
|
+
if (phoneIdentity) {
|
|
274
|
+
await phoneIdentity.remove();
|
|
275
|
+
}
|
|
276
|
+
}
|
|
277
|
+
}
|
|
278
|
+
|
|
279
|
+
// Apply password change in-memory
|
|
280
|
+
if (dto.password) {
|
|
281
|
+
await user.setPassword(dto.password);
|
|
282
|
+
}
|
|
283
|
+
|
|
284
|
+
// Apply role changes in-memory
|
|
285
|
+
if (dto.roles) {
|
|
286
|
+
await user.assignRoles(dto.roles, DEFAULT_GUARD_NAME);
|
|
287
|
+
}
|
|
288
|
+
|
|
289
|
+
// Save all changes
|
|
290
|
+
await user.save();
|
|
291
|
+
|
|
292
|
+
return { user: this.toSafeUser(user) };
|
|
293
|
+
}
|
|
294
|
+
|
|
295
|
+
@Delete(':id/totp-devices/:deviceId')
|
|
296
|
+
async deleteTotpDevice(@Param('id') id: string, @Param('deviceId') deviceId: string) {
|
|
297
|
+
const user = await this.users.getUserById(id);
|
|
298
|
+
if (!user) {
|
|
299
|
+
throw new NotFoundException('User not found');
|
|
300
|
+
}
|
|
301
|
+
|
|
302
|
+
const device = await this.mfaSecretRepository.findOne({
|
|
303
|
+
where: { id: deviceId, userId: user.id },
|
|
304
|
+
});
|
|
305
|
+
|
|
306
|
+
if (!device) {
|
|
307
|
+
throw new NotFoundException('TOTP device not found');
|
|
308
|
+
}
|
|
309
|
+
|
|
310
|
+
await this.mfaSecretRepository.remove(device);
|
|
311
|
+
return { message: 'TOTP device deleted successfully' };
|
|
312
|
+
}
|
|
313
|
+
|
|
314
|
+
@Get(':id/sessions')
|
|
315
|
+
async listSessions(@Param('id') id: string) {
|
|
316
|
+
const user = await this.ensureUserExists(id);
|
|
317
|
+
const sessions = await this.sessionManager.getUserSessions(user.id);
|
|
318
|
+
return {
|
|
319
|
+
data: sessions
|
|
320
|
+
.sort((a, b) => {
|
|
321
|
+
const aTime = a.lastActive?.getTime() ?? a.updatedAt?.getTime() ?? 0;
|
|
322
|
+
const bTime = b.lastActive?.getTime() ?? b.updatedAt?.getTime() ?? 0;
|
|
323
|
+
return bTime - aTime;
|
|
324
|
+
})
|
|
325
|
+
.map((session) => this.toSessionResponse(session)),
|
|
326
|
+
};
|
|
327
|
+
}
|
|
328
|
+
|
|
329
|
+
@Delete(':id/sessions/:sessionId')
|
|
330
|
+
async revokeSession(@Param('id') id: string, @Param('sessionId') sessionId: string) {
|
|
331
|
+
const user = await this.ensureUserExists(id);
|
|
332
|
+
|
|
333
|
+
try {
|
|
334
|
+
const session = await this.sessionManager.getSession(sessionId, false);
|
|
335
|
+
if (session.userId !== user.id) {
|
|
336
|
+
throw new NotFoundException('Session not found for this user');
|
|
337
|
+
}
|
|
338
|
+
} catch {
|
|
339
|
+
throw new NotFoundException('Session not found for this user');
|
|
340
|
+
}
|
|
341
|
+
|
|
342
|
+
await this.sessionManager.revokeSession(sessionId);
|
|
343
|
+
return { message: 'Session revoked successfully' };
|
|
344
|
+
}
|
|
345
|
+
|
|
346
|
+
@Delete(':id/sessions')
|
|
347
|
+
async revokeAllSessions(@Param('id') id: string) {
|
|
348
|
+
const user = await this.ensureUserExists(id);
|
|
349
|
+
await this.sessionManager.revokeAllUserSessions(user.id);
|
|
350
|
+
return { message: 'All sessions revoked successfully' };
|
|
351
|
+
}
|
|
352
|
+
|
|
353
|
+
@Delete(':id')
|
|
354
|
+
async deleteUser(@Param('id') id: string) {
|
|
355
|
+
await this.users.deleteUser(id);
|
|
356
|
+
return { message: 'User removed' };
|
|
357
|
+
}
|
|
358
|
+
|
|
359
|
+
private toSafeUser(user: NestAuthUser | null) {
|
|
360
|
+
if (!user) {
|
|
361
|
+
return null;
|
|
362
|
+
}
|
|
363
|
+
return {
|
|
364
|
+
id: user.id,
|
|
365
|
+
email: user.email,
|
|
366
|
+
phone: user.phone,
|
|
367
|
+
tenantId: user.tenantId,
|
|
368
|
+
isActive: user.isActive,
|
|
369
|
+
isVerified: user.isVerified,
|
|
370
|
+
metadata: user.metadata ?? {},
|
|
371
|
+
roles: user.roles?.map((role) => role.name) ?? [],
|
|
372
|
+
createdAt: user.createdAt,
|
|
373
|
+
updatedAt: user.updatedAt,
|
|
374
|
+
emailVerifiedAt: user.emailVerifiedAt,
|
|
375
|
+
phoneVerifiedAt: user.phoneVerifiedAt,
|
|
376
|
+
isMfaEnabled: user.isMfaEnabled,
|
|
377
|
+
};
|
|
378
|
+
}
|
|
379
|
+
}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { createParamDecorator, ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import { AdminUser } from '../entities/admin-user.entity';
|
|
3
|
+
|
|
4
|
+
export const CurrentAdmin = createParamDecorator(
|
|
5
|
+
(data: unknown, context: ExecutionContext): AdminUser | undefined => {
|
|
6
|
+
const request = context.switchToHttp().getRequest();
|
|
7
|
+
return request.adminUser as AdminUser | undefined;
|
|
8
|
+
},
|
|
9
|
+
);
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
import { IsString, IsNotEmpty, IsOptional, IsObject, MaxLength, MinLength } from 'class-validator';
|
|
2
|
+
import { ApiProperty } from '@nestjs/swagger';
|
|
3
|
+
|
|
4
|
+
export class AdminCreatePermissionDto {
|
|
5
|
+
@ApiProperty({
|
|
6
|
+
description: 'Permission name (must be unique per guard)',
|
|
7
|
+
example: 'users.create',
|
|
8
|
+
minLength: 1,
|
|
9
|
+
maxLength: 255,
|
|
10
|
+
})
|
|
11
|
+
@IsString()
|
|
12
|
+
@IsNotEmpty()
|
|
13
|
+
@MinLength(1)
|
|
14
|
+
@MaxLength(255)
|
|
15
|
+
name: string;
|
|
16
|
+
|
|
17
|
+
@ApiProperty({
|
|
18
|
+
description: 'Guard name (defaults to "web" if not provided)',
|
|
19
|
+
required: false,
|
|
20
|
+
example: 'web',
|
|
21
|
+
})
|
|
22
|
+
@IsOptional()
|
|
23
|
+
@IsString()
|
|
24
|
+
guard?: string;
|
|
25
|
+
|
|
26
|
+
@ApiProperty({
|
|
27
|
+
description: 'Optional description of what this permission allows',
|
|
28
|
+
required: false,
|
|
29
|
+
example: 'Allows creating new user accounts',
|
|
30
|
+
})
|
|
31
|
+
@IsOptional()
|
|
32
|
+
@IsString()
|
|
33
|
+
description?: string;
|
|
34
|
+
|
|
35
|
+
@ApiProperty({
|
|
36
|
+
description: 'Optional category to group permissions (e.g., "users", "posts", "admin")',
|
|
37
|
+
required: false,
|
|
38
|
+
example: 'users',
|
|
39
|
+
})
|
|
40
|
+
@IsOptional()
|
|
41
|
+
@IsString()
|
|
42
|
+
category?: string;
|
|
43
|
+
|
|
44
|
+
@ApiProperty({
|
|
45
|
+
description: 'Optional metadata for additional permission information',
|
|
46
|
+
required: false,
|
|
47
|
+
example: { level: 'write', resource: 'users' },
|
|
48
|
+
})
|
|
49
|
+
@IsOptional()
|
|
50
|
+
@IsObject()
|
|
51
|
+
metadata?: Record<string, any>;
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
export class AdminUpdatePermissionDto {
|
|
55
|
+
@ApiProperty({
|
|
56
|
+
description: 'Permission name (must be unique per guard if changed). If changed, can optionally update in all roles.',
|
|
57
|
+
required: false,
|
|
58
|
+
example: 'users.create',
|
|
59
|
+
})
|
|
60
|
+
@IsOptional()
|
|
61
|
+
@IsString()
|
|
62
|
+
@MinLength(1)
|
|
63
|
+
@MaxLength(255)
|
|
64
|
+
name?: string;
|
|
65
|
+
|
|
66
|
+
@ApiProperty({
|
|
67
|
+
description: 'Guard name',
|
|
68
|
+
required: false,
|
|
69
|
+
example: 'web',
|
|
70
|
+
})
|
|
71
|
+
@IsOptional()
|
|
72
|
+
@IsString()
|
|
73
|
+
guard?: string;
|
|
74
|
+
|
|
75
|
+
@ApiProperty({
|
|
76
|
+
description: 'Whether to update permission name in all roles that use it (only if name is being changed)',
|
|
77
|
+
required: false,
|
|
78
|
+
default: false,
|
|
79
|
+
})
|
|
80
|
+
@IsOptional()
|
|
81
|
+
updateInRoles?: boolean;
|
|
82
|
+
|
|
83
|
+
@ApiProperty({
|
|
84
|
+
description: 'Optional description of what this permission allows',
|
|
85
|
+
required: false,
|
|
86
|
+
})
|
|
87
|
+
@IsOptional()
|
|
88
|
+
@IsString()
|
|
89
|
+
description?: string;
|
|
90
|
+
|
|
91
|
+
@ApiProperty({
|
|
92
|
+
description: 'Optional category to group permissions',
|
|
93
|
+
required: false,
|
|
94
|
+
})
|
|
95
|
+
@IsOptional()
|
|
96
|
+
@IsString()
|
|
97
|
+
category?: string;
|
|
98
|
+
|
|
99
|
+
@ApiProperty({
|
|
100
|
+
description: 'Optional metadata',
|
|
101
|
+
required: false,
|
|
102
|
+
})
|
|
103
|
+
@IsOptional()
|
|
104
|
+
@IsObject()
|
|
105
|
+
metadata?: Record<string, any>;
|
|
106
|
+
}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
import {
|
|
2
|
+
IsArray,
|
|
3
|
+
IsBoolean,
|
|
4
|
+
IsNotEmpty,
|
|
5
|
+
IsOptional,
|
|
6
|
+
IsString,
|
|
7
|
+
} from 'class-validator';
|
|
8
|
+
|
|
9
|
+
export class AdminCreateRoleDto {
|
|
10
|
+
@IsString()
|
|
11
|
+
@IsNotEmpty()
|
|
12
|
+
name: string;
|
|
13
|
+
|
|
14
|
+
@IsString()
|
|
15
|
+
@IsNotEmpty()
|
|
16
|
+
guard: string;
|
|
17
|
+
|
|
18
|
+
@IsOptional()
|
|
19
|
+
@IsString()
|
|
20
|
+
tenantId?: string;
|
|
21
|
+
|
|
22
|
+
@IsOptional()
|
|
23
|
+
@IsBoolean()
|
|
24
|
+
isSystem?: boolean;
|
|
25
|
+
|
|
26
|
+
@IsOptional()
|
|
27
|
+
@IsArray()
|
|
28
|
+
@IsString({ each: true })
|
|
29
|
+
permissions?: string[];
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
export class AdminUpdateRoleDto {
|
|
33
|
+
@IsOptional()
|
|
34
|
+
@IsString()
|
|
35
|
+
name?: string;
|
|
36
|
+
|
|
37
|
+
@IsOptional()
|
|
38
|
+
@IsString()
|
|
39
|
+
guard?: string;
|
|
40
|
+
|
|
41
|
+
@IsOptional()
|
|
42
|
+
@IsArray()
|
|
43
|
+
@IsString({ each: true })
|
|
44
|
+
permissions?: string[];
|
|
45
|
+
}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
import { IsNotEmpty, IsObject, IsOptional, IsString, Matches } from 'class-validator';
|
|
2
|
+
|
|
3
|
+
export class AdminCreateTenantDto {
|
|
4
|
+
@IsString()
|
|
5
|
+
@IsNotEmpty()
|
|
6
|
+
name: string;
|
|
7
|
+
|
|
8
|
+
@IsString()
|
|
9
|
+
@IsNotEmpty()
|
|
10
|
+
@Matches(/^[a-z0-9]+(?:-[a-z0-9]+)*$/, {
|
|
11
|
+
message: 'Slug must be lowercase alphanumeric with hyphens, no leading/trailing or consecutive hyphens'
|
|
12
|
+
})
|
|
13
|
+
slug: string;
|
|
14
|
+
|
|
15
|
+
@IsOptional()
|
|
16
|
+
@IsString()
|
|
17
|
+
description?: string;
|
|
18
|
+
|
|
19
|
+
@IsOptional()
|
|
20
|
+
@IsObject()
|
|
21
|
+
metadata?: Record<string, any>;
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
export class AdminUpdateTenantDto {
|
|
25
|
+
@IsOptional()
|
|
26
|
+
@IsString()
|
|
27
|
+
name?: string;
|
|
28
|
+
|
|
29
|
+
@IsOptional()
|
|
30
|
+
@IsString()
|
|
31
|
+
@Matches(/^[a-z0-9]+(?:-[a-z0-9]+)*$/, {
|
|
32
|
+
message: 'Slug must be lowercase alphanumeric with hyphens, no leading/trailing or consecutive hyphens'
|
|
33
|
+
})
|
|
34
|
+
slug?: string;
|
|
35
|
+
|
|
36
|
+
@IsOptional()
|
|
37
|
+
@IsString()
|
|
38
|
+
description?: string;
|
|
39
|
+
|
|
40
|
+
@IsOptional()
|
|
41
|
+
@IsObject()
|
|
42
|
+
metadata?: Record<string, any>;
|
|
43
|
+
}
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
import {
|
|
2
|
+
IsArray,
|
|
3
|
+
IsBoolean,
|
|
4
|
+
IsEmail,
|
|
5
|
+
IsNotEmpty,
|
|
6
|
+
IsOptional,
|
|
7
|
+
IsString,
|
|
8
|
+
Matches,
|
|
9
|
+
MinLength,
|
|
10
|
+
} from 'class-validator';
|
|
11
|
+
|
|
12
|
+
export class AdminCreateUserDto {
|
|
13
|
+
@IsEmail()
|
|
14
|
+
email: string;
|
|
15
|
+
|
|
16
|
+
@IsOptional()
|
|
17
|
+
@IsString()
|
|
18
|
+
phone?: string;
|
|
19
|
+
|
|
20
|
+
@IsOptional()
|
|
21
|
+
@IsString()
|
|
22
|
+
@MinLength(8)
|
|
23
|
+
@Matches(
|
|
24
|
+
/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/,
|
|
25
|
+
{ message: 'Password must contain uppercase, lowercase, number, and special character' }
|
|
26
|
+
)
|
|
27
|
+
password?: string;
|
|
28
|
+
|
|
29
|
+
@IsString()
|
|
30
|
+
@IsNotEmpty()
|
|
31
|
+
tenantId: string;
|
|
32
|
+
|
|
33
|
+
@IsOptional()
|
|
34
|
+
@IsBoolean()
|
|
35
|
+
isActive?: boolean;
|
|
36
|
+
|
|
37
|
+
@IsOptional()
|
|
38
|
+
@IsBoolean()
|
|
39
|
+
isVerified?: boolean;
|
|
40
|
+
|
|
41
|
+
@IsOptional()
|
|
42
|
+
@IsArray()
|
|
43
|
+
@IsString({ each: true })
|
|
44
|
+
roles?: string[];
|
|
45
|
+
|
|
46
|
+
@IsOptional()
|
|
47
|
+
metadata?: Record<string, any>;
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
export class AdminUpdateUserDto {
|
|
51
|
+
@IsOptional()
|
|
52
|
+
@IsBoolean()
|
|
53
|
+
isActive?: boolean;
|
|
54
|
+
|
|
55
|
+
@IsOptional()
|
|
56
|
+
@IsBoolean()
|
|
57
|
+
isVerified?: boolean;
|
|
58
|
+
|
|
59
|
+
@IsOptional()
|
|
60
|
+
@IsString()
|
|
61
|
+
@MinLength(8)
|
|
62
|
+
@Matches(
|
|
63
|
+
/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/,
|
|
64
|
+
{ message: 'Password must contain uppercase, lowercase, number, and special character' }
|
|
65
|
+
)
|
|
66
|
+
password?: string;
|
|
67
|
+
|
|
68
|
+
@IsOptional()
|
|
69
|
+
@IsArray()
|
|
70
|
+
@IsString({ each: true })
|
|
71
|
+
roles?: string[];
|
|
72
|
+
|
|
73
|
+
@IsOptional()
|
|
74
|
+
metadata?: Record<string, any>;
|
|
75
|
+
|
|
76
|
+
@IsOptional()
|
|
77
|
+
@IsBoolean()
|
|
78
|
+
isMfaEnabled?: boolean;
|
|
79
|
+
|
|
80
|
+
@IsOptional()
|
|
81
|
+
@IsBoolean()
|
|
82
|
+
emailLoginEnabled?: boolean;
|
|
83
|
+
|
|
84
|
+
@IsOptional()
|
|
85
|
+
@IsBoolean()
|
|
86
|
+
phoneLoginEnabled?: boolean;
|
|
87
|
+
}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
import { IsEmail, IsNotEmpty, IsOptional, IsString, Matches, MinLength } from 'class-validator';
|
|
2
|
+
|
|
3
|
+
export class CreateDashboardAdminDto {
|
|
4
|
+
@IsEmail()
|
|
5
|
+
email: string;
|
|
6
|
+
|
|
7
|
+
@IsString()
|
|
8
|
+
@IsNotEmpty()
|
|
9
|
+
@MinLength(8)
|
|
10
|
+
@Matches(
|
|
11
|
+
/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/,
|
|
12
|
+
{ message: 'Password must contain uppercase, lowercase, number, and special character' }
|
|
13
|
+
)
|
|
14
|
+
password: string;
|
|
15
|
+
|
|
16
|
+
@IsOptional()
|
|
17
|
+
@IsString()
|
|
18
|
+
name?: string;
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
export class UpdateDashboardAdminDto {
|
|
22
|
+
@IsOptional()
|
|
23
|
+
@IsString()
|
|
24
|
+
name?: string;
|
|
25
|
+
|
|
26
|
+
@IsOptional()
|
|
27
|
+
@IsString()
|
|
28
|
+
@MinLength(8)
|
|
29
|
+
@Matches(
|
|
30
|
+
/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/,
|
|
31
|
+
{ message: 'Password must contain uppercase, lowercase, number, and special character' }
|
|
32
|
+
)
|
|
33
|
+
password?: string;
|
|
34
|
+
}
|