npm - @ackplus/nest-auth - Versions diffs - 0.1.51 → 1.1.0 - Mend

@ackplus/nest-auth 0.1.51 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (505) hide show

package/README.md +6 -513
package/eslint.config.mjs +59 -0
package/jest.config.ts +10 -0
package/package.json +14 -44
package/project.json +86 -0
package/src/index.ts +30 -0
package/src/lib/admin-console/admin-console.module.ts +62 -0
package/src/lib/admin-console/controllers/admin-auth.controller.ts +339 -0
package/src/lib/admin-console/controllers/admin-console.controller.ts +82 -0
package/src/lib/admin-console/controllers/admin-permissions.controller.ts +180 -0
package/src/lib/admin-console/controllers/admin-roles.controller.ts +89 -0
package/src/lib/admin-console/controllers/admin-tenants.controller.ts +68 -0
package/src/lib/admin-console/controllers/admin-users.controller.ts +379 -0
package/src/lib/admin-console/decorators/current-admin.decorator.ts +9 -0
package/src/lib/admin-console/dto/admin-permission.dto.ts +106 -0
package/src/lib/admin-console/dto/admin-role.dto.ts +45 -0
package/src/lib/admin-console/dto/admin-tenant.dto.ts +43 -0
package/src/lib/admin-console/dto/admin-user.dto.ts +87 -0
package/src/lib/admin-console/dto/create-dashboard-admin.dto.ts +34 -0
package/src/lib/admin-console/dto/login.dto.ts +10 -0
package/src/lib/admin-console/dto/reset-password.dto.ts +21 -0
package/src/lib/admin-console/dto/setup-admin.dto.ts +23 -0
package/src/lib/admin-console/dto/signup.dto.ts +51 -0
package/src/lib/admin-console/entities/admin-user.entity.ts +74 -0
package/src/lib/admin-console/guards/admin-session.guard.ts +47 -0
package/src/lib/admin-console/services/admin-auth.service.ts +82 -0
package/src/lib/admin-console/services/admin-console-config.service.ts +62 -0
package/src/lib/admin-console/services/admin-session.service.ts +106 -0
package/src/lib/admin-console/services/admin-user.service.ts +96 -0
package/src/lib/admin-console/static/index.html +771 -0
package/src/lib/auth/auth.module.ts +58 -0
package/src/lib/auth/controllers/auth.controller.ts +393 -0
package/src/lib/auth/controllers/mfa.controller.ts +200 -0
package/src/lib/auth/dto/credentials/email-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/phone-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/social-credentials.dto.ts +15 -0
package/src/lib/auth/dto/index.ts +1 -0
package/src/lib/auth/dto/requests/change-password.request.dto.ts +34 -0
package/src/lib/auth/dto/requests/forgot-password.request.dto.ts +30 -0
package/src/lib/auth/dto/requests/initialize-admin.request.dto.ts +51 -0
package/src/lib/auth/dto/requests/login.request.dto.ts +65 -0
package/src/lib/auth/dto/requests/refresh-token.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/reset-password-with-token.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/reset-password.request.dto.ts +50 -0
package/src/lib/auth/dto/requests/send-email-verification.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.ts +19 -0
package/src/lib/auth/dto/requests/signup.request.dto.ts +42 -0
package/src/lib/auth/dto/requests/toggle-mfa.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/verify-2fa.request.dto.ts +24 -0
package/src/lib/auth/dto/requests/verify-email.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.ts +41 -0
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.ts +22 -0
package/src/lib/auth/dto/responses/auth-cookie.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth-success.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth.response.dto.ts +99 -0
package/src/lib/auth/dto/responses/client-config.response.dto.ts +153 -0
package/src/lib/auth/dto/responses/initialize-admin.response.dto.ts +22 -0
package/src/lib/auth/dto/responses/mfa-code-response.dto.ts +27 -0
package/src/lib/auth/dto/responses/mfa-status.response.dto.ts +89 -0
package/src/lib/auth/dto/responses/verify-otp.response.dto.ts +9 -0
package/src/lib/auth/entities/mfa-secret.entity.ts +33 -0
package/src/lib/auth/entities/otp.entity.ts +33 -0
package/src/lib/auth/events/{logged-out-all.event.d.ts → logged-out-all.event.ts} +6 -3
package/src/lib/auth/events/{logged-out.event.d.ts → logged-out.event.ts} +5 -3
package/src/lib/auth/events/{password-reset-requested.event.d.ts → password-reset-requested.event.ts} +6 -3
package/src/lib/auth/events/{password-reset.event.d.ts → password-reset.event.ts} +6 -3
package/src/lib/auth/events/{user-2fa-verified.event.d.ts → user-2fa-verified.event.ts} +6 -3
package/src/lib/auth/events/{user-logged-in.event.d.ts → user-logged-in.event.ts} +7 -3
package/src/lib/auth/events/{user-refresh-token.event.d.ts → user-refresh-token.event.ts} +6 -3
package/src/lib/auth/events/{user-registered.event.d.ts → user-registered.event.ts} +7 -3
package/src/lib/auth/guards/auth.guard.ts +386 -0
package/src/lib/auth/{index.d.ts → index.ts} +28 -1
package/src/lib/auth/interceptors/refresh-token.interceptor.ts +117 -0
package/src/lib/auth/services/auth.service.ts +947 -0
package/src/lib/auth/services/client-config.service.ts +157 -0
package/src/lib/auth/services/cookie.service.ts +43 -0
package/src/lib/auth/services/mfa.service.ts +391 -0
package/src/lib/auth.constants.ts +63 -0
package/src/lib/core/core.module.ts +50 -0
package/src/lib/core/decorators/auth.decorator.ts +38 -0
package/src/lib/core/decorators/permissions.decorator.ts +17 -0
package/src/lib/core/decorators/public.decorator.ts +33 -0
package/src/lib/core/decorators/role.decorator.ts +12 -0
package/src/lib/core/decorators/skip-mfa.decorator.ts +4 -0
package/src/lib/core/dto/message.response.dto.ts +6 -0
package/src/lib/core/{entities.d.ts → entities.ts} +18 -1
package/src/lib/core/{index.d.ts → index.ts} +17 -0
package/src/lib/core/interfaces/auth-module-options.interface.ts +211 -0
package/src/lib/core/interfaces/mfa-options.interface.ts +46 -0
package/src/lib/core/interfaces/otp.interface.ts +6 -0
package/src/lib/core/interfaces/session-options.interface.ts +19 -0
package/src/lib/core/interfaces/{token-payload.interface.d.ts → token-payload.interface.ts} +4 -1
package/src/lib/core/providers/apple-auth.provider.ts +61 -0
package/src/lib/core/providers/base-auth.provider.ts +74 -0
package/src/lib/core/providers/email-auth.provider.ts +71 -0
package/src/lib/core/providers/facebook-auth.provider.ts +55 -0
package/src/lib/core/providers/github-auth.provider.ts +79 -0
package/src/lib/core/providers/google-auth.provider.ts +61 -0
package/src/lib/core/providers/jwt-auth.provider.ts +50 -0
package/src/lib/core/providers/phone-auth.provider.ts +45 -0
package/src/lib/core/services/auth-config.service.ts +184 -0
package/src/lib/core/services/auth-provider-registry.service.ts +93 -0
package/src/lib/core/services/{debug-logger.service.js → debug-logger.service.ts} +92 -59
package/src/lib/core/services/initialization.service.ts +29 -0
package/src/lib/core/services/jwt.service.ts +137 -0
package/src/lib/nest-auth.module.ts +152 -0
package/src/lib/permission/entities/permission.entity.ts +56 -0
package/src/lib/permission/index.ts +4 -0
package/src/lib/permission/permission.module.ts +14 -0
package/src/lib/permission/services/permission.service.ts +233 -0
package/src/lib/request-context/index.ts +2 -0
package/src/lib/request-context/request-context.middleware.ts +13 -0
package/src/lib/request-context/{request-context.js → request-context.ts} +51 -27
package/src/lib/role/entities/role.entity.ts +103 -0
package/src/lib/role/{index.d.ts → index.ts} +2 -0
package/src/lib/role/role.module.ts +15 -0
package/src/lib/role/services/{role.service.js → role.service.ts} +117 -52
package/src/lib/session/entities/session.entity.ts +54 -0
package/src/lib/session/index.ts +20 -0
package/src/lib/session/interfaces/session-repository.interface.ts +58 -0
package/src/lib/session/repositories/base-session.repository.ts +74 -0
package/src/lib/session/repositories/memory-session.repository.ts +153 -0
package/src/lib/session/repositories/redis-session.repository.ts +171 -0
package/src/lib/session/repositories/typeorm-session.repository.ts +86 -0
package/src/lib/session/services/session-manager.service.ts +261 -0
package/src/lib/session/session.module.ts +102 -0
package/src/lib/session/utils/session.util.ts +166 -0
package/src/lib/tenant/entities/tenant.entity.ts +40 -0
package/src/lib/tenant/events/tenant-created.event.ts +9 -0
package/src/lib/tenant/events/tenant-deleted.event.ts +11 -0
package/src/lib/tenant/events/{tenant-updated.event.d.ts → tenant-updated.event.ts} +6 -3
package/src/lib/tenant/index.ts +9 -0
package/src/lib/tenant/services/tenant.service.ts +336 -0
package/src/lib/tenant/tenant.module.ts +19 -0
package/src/lib/types/express.d.ts +14 -0
package/src/lib/user/dto/requests/update-user.dto.ts +15 -0
package/src/lib/user/entities/access-key.entity.ts +53 -0
package/src/lib/user/entities/identity.entity.ts +31 -0
package/src/lib/user/entities/user.entity.ts +212 -0
package/src/lib/user/events/{user-created.event.d.ts → user-created.event.ts} +4 -3
package/src/lib/user/events/{user-deleted.event.d.ts → user-deleted.event.ts} +6 -3
package/src/lib/user/events/{user-updated.event.d.ts → user-updated.event.ts} +6 -3
package/src/lib/user/index.ts +11 -0
package/src/lib/user/services/access-key.service.ts +145 -0
package/src/lib/user/services/{user.service.js → user.service.ts} +199 -95
package/src/lib/user/user.module.ts +26 -0
package/src/lib/utils/database.utils.ts +6 -0
package/src/lib/utils/date.util.ts +106 -0
package/src/lib/utils/device.util.ts +111 -0
package/src/lib/utils/index.ts +6 -0
package/src/lib/utils/otp.ts +3 -0
package/src/lib/utils/security.util.ts +27 -0
package/src/lib/utils/slug.util.ts +58 -0
package/src/types/ms.d.ts +1 -0
package/test/access-key.service.spec.ts +204 -0
package/test/auth.service.spec.ts +541 -0
package/test/mfa.service.spec.ts +359 -0
package/test/role.service.spec.ts +418 -0
package/test/tenant.service.spec.ts +218 -0
package/test/test.setup.ts +66 -0
package/test/user.service.spec.ts +374 -0
package/tsconfig.json +17 -0
package/tsconfig.lib.json +15 -0
package/tsconfig.spec.json +15 -0
package/tsconfig.tsbuildinfo +1 -1
package/ui/.env +1 -0
package/ui/.env.example +1 -0
package/ui/.eslintignore +7 -0
package/ui/README.md +288 -0
package/ui/index.html +17 -0
package/ui/package.json +34 -0
package/ui/postcss.config.js +6 -0
package/ui/src/App.tsx +245 -0
package/ui/src/components/AuthGuard.tsx +59 -0
package/ui/src/components/AuthProvider.tsx +76 -0
package/ui/src/components/Button.tsx +37 -0
package/ui/src/components/Card.tsx +37 -0
package/ui/src/components/ErrorMessage.tsx +15 -0
package/ui/src/components/FormDialog.tsx +61 -0
package/ui/src/components/FormFooter.tsx +37 -0
package/ui/src/components/Layout.tsx +112 -0
package/ui/src/components/LoadingMessage.tsx +11 -0
package/ui/src/components/Modal.tsx +97 -0
package/ui/src/components/MultiSelect.tsx +145 -0
package/ui/src/components/PageHeader.tsx +42 -0
package/ui/src/components/PanelHeader.tsx +28 -0
package/ui/src/components/PermissionInput.tsx +473 -0
package/ui/src/components/SearchInput.tsx +69 -0
package/ui/src/components/Select.tsx +51 -0
package/ui/src/components/SwaggerUIWrapper.tsx +316 -0
package/ui/src/components/Table.tsx +207 -0
package/ui/src/components/Tag.tsx +9 -0
package/ui/src/components/TagsInput.tsx +96 -0
package/ui/src/components/admin/AdminForm.tsx +170 -0
package/ui/src/components/admin/CreateAdminDialog.tsx +38 -0
package/ui/src/components/auth/LoginFooter.tsx +17 -0
package/ui/src/components/auth/LoginHeader.tsx +14 -0
package/ui/src/components/auth/components/CodeBlock.tsx +43 -0
package/ui/src/components/auth/components/CreateAccountCodeExamples.tsx +60 -0
package/ui/src/components/auth/components/PasswordRequirements.tsx +16 -0
package/ui/src/components/auth/components/PasswordStrengthIndicator.tsx +48 -0
package/ui/src/components/auth/components/ResetPasswordCodeExamples.tsx +76 -0
package/ui/src/components/auth/components/Tabs.tsx +32 -0
package/ui/src/components/auth/dialogs/CreateAccountDialog.tsx +79 -0
package/ui/src/components/auth/dialogs/ForgotPasswordDialog.tsx +79 -0
package/ui/src/components/auth/forms/CreateAccountForm.tsx +226 -0
package/ui/src/components/auth/forms/LoginForm.tsx +149 -0
package/ui/src/components/auth/forms/ResetPasswordForm.tsx +202 -0
package/ui/src/components/auth/types.ts +17 -0
package/ui/src/components/auth/utils/security.ts +82 -0
package/ui/src/components/auth/utils/utils.ts +25 -0
package/ui/src/components/form/EmailField.tsx +25 -0
package/ui/src/components/form/FormField.tsx +102 -0
package/ui/src/components/form/FormMultiSelect.tsx +46 -0
package/ui/src/components/form/FormSelect.tsx +60 -0
package/ui/src/components/form/FormTagsInput.tsx +42 -0
package/ui/src/components/form/FormTextarea.tsx +42 -0
package/ui/src/components/form/PasswordField.tsx +93 -0
package/ui/src/components/form/SecretKeyField.tsx +49 -0
package/ui/src/components/permission/CreatePermissionDialog.tsx +44 -0
package/ui/src/components/permission/EditPermissionDialog.tsx +55 -0
package/ui/src/components/permission/PermissionForm.tsx +251 -0
package/ui/src/components/role/CreateRoleDialog.tsx +45 -0
package/ui/src/components/role/EditRoleDialog.tsx +55 -0
package/ui/src/components/role/RoleDialog.tsx +252 -0
package/ui/src/components/role/RoleForm.tsx +246 -0
package/ui/src/components/tenant/CreateTenantDialog.tsx +41 -0
package/ui/src/components/tenant/EditTenantDialog.tsx +52 -0
package/ui/src/components/tenant/TenantForm.tsx +160 -0
package/ui/src/components/user/CreateUserDialog.tsx +45 -0
package/ui/src/components/user/UserDetailModal.tsx +815 -0
package/ui/src/components/user/UserForm.tsx +191 -0
package/ui/src/data/nest-auth.json +1687 -0
package/ui/src/hooks/useApi.ts +69 -0
package/ui/src/hooks/useAuth.ts +100 -0
package/ui/src/hooks/useConfirm.tsx +105 -0
package/ui/src/hooks/useFormFooter.tsx +42 -0
package/ui/src/hooks/usePagination.ts +69 -0
package/ui/src/index.css +59 -0
package/ui/src/main.tsx +13 -0
package/ui/src/pages/AdminsPage.tsx +178 -0
package/ui/src/pages/ApiPage.tsx +89 -0
package/ui/src/pages/DashboardPage.tsx +281 -0
package/ui/src/pages/LoginPage.tsx +39 -0
package/ui/src/pages/PermissionsPage.tsx +376 -0
package/ui/src/pages/RolesPage.tsx +274 -0
package/ui/src/pages/TenantsPage.tsx +221 -0
package/ui/src/pages/UsersPage.tsx +387 -0
package/ui/src/services/api.ts +115 -0
package/ui/src/types/index.ts +136 -0
package/ui/src/vite-env.d.ts +9 -0
package/ui/tailwind.config.js +45 -0
package/ui/tsconfig.json +24 -0
package/ui/tsconfig.node.json +10 -0
package/ui/vite.config.ts +37 -0
package/ui/yarn.lock +3137 -0
package/src/index.d.ts +0 -11
package/src/index.js +0 -18
package/src/index.js.map +0 -1
package/src/lib/auth/auth.module.d.ts +0 -2
package/src/lib/auth/auth.module.js +0 -54
package/src/lib/auth/auth.module.js.map +0 -1
package/src/lib/auth/controllers/auth.controller.d.ts +0 -29
package/src/lib/auth/controllers/auth.controller.js +0 -206
package/src/lib/auth/controllers/auth.controller.js.map +0 -1
package/src/lib/auth/controllers/mfa.controller.d.ts +0 -23
package/src/lib/auth/controllers/mfa.controller.js +0 -131
package/src/lib/auth/controllers/mfa.controller.js.map +0 -1
package/src/lib/auth/dto/index.d.ts +0 -0
package/src/lib/auth/dto/index.js +0 -1
package/src/lib/auth/dto/index.js.map +0 -1
package/src/lib/auth/dto/requests/forgot-password.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/forgot-password.request.dto.js +0 -30
package/src/lib/auth/dto/requests/forgot-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/login.request.dto.d.ts +0 -6
package/src/lib/auth/dto/requests/login.request.dto.js +0 -38
package/src/lib/auth/dto/requests/login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/refresh-token.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/refresh-token.request.dto.js +0 -15
package/src/lib/auth/dto/requests/refresh-token.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/reset-password.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/reset-password.request.dto.js +0 -42
package/src/lib/auth/dto/requests/reset-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js +0 -16
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/signup.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/signup.request.dto.js +0 -37
package/src/lib/auth/dto/requests/signup.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/social-login.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/social-login.request.dto.js +0 -16
package/src/lib/auth/dto/requests/social-login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-2fa.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js +0 -21
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.d.ts +0 -6
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js +0 -35
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js +0 -20
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js.map +0 -1
package/src/lib/auth/dto/responses/auth.response.dto.d.ts +0 -16
package/src/lib/auth/dto/responses/auth.response.dto.js +0 -50
package/src/lib/auth/dto/responses/auth.response.dto.js.map +0 -1
package/src/lib/auth/entities/mfa-secret.entity.d.ts +0 -12
package/src/lib/auth/entities/mfa-secret.entity.js +0 -50
package/src/lib/auth/entities/mfa-secret.entity.js.map +0 -1
package/src/lib/auth/entities/otp.entity.d.ts +0 -13
package/src/lib/auth/entities/otp.entity.js +0 -50
package/src/lib/auth/entities/otp.entity.js.map +0 -1
package/src/lib/auth/events/logged-out-all.event.js +0 -10
package/src/lib/auth/events/logged-out-all.event.js.map +0 -1
package/src/lib/auth/events/logged-out.event.js +0 -10
package/src/lib/auth/events/logged-out.event.js.map +0 -1
package/src/lib/auth/events/password-reset-requested.event.js +0 -10
package/src/lib/auth/events/password-reset-requested.event.js.map +0 -1
package/src/lib/auth/events/password-reset.event.js +0 -10
package/src/lib/auth/events/password-reset.event.js.map +0 -1
package/src/lib/auth/events/user-2fa-verified.event.js +0 -10
package/src/lib/auth/events/user-2fa-verified.event.js.map +0 -1
package/src/lib/auth/events/user-logged-in.event.js +0 -10
package/src/lib/auth/events/user-logged-in.event.js.map +0 -1
package/src/lib/auth/events/user-refresh-token.event.js +0 -10
package/src/lib/auth/events/user-refresh-token.event.js.map +0 -1
package/src/lib/auth/events/user-registered.event.js +0 -10
package/src/lib/auth/events/user-registered.event.js.map +0 -1
package/src/lib/auth/guards/auth.guard.d.ts +0 -28
package/src/lib/auth/guards/auth.guard.js +0 -304
package/src/lib/auth/guards/auth.guard.js.map +0 -1
package/src/lib/auth/index.js +0 -31
package/src/lib/auth/index.js.map +0 -1
package/src/lib/auth/services/auth.service.d.ts +0 -53
package/src/lib/auth/services/auth.service.js +0 -522
package/src/lib/auth/services/auth.service.js.map +0 -1
package/src/lib/auth/services/cookie.service.d.ts +0 -9
package/src/lib/auth/services/cookie.service.js +0 -43
package/src/lib/auth/services/cookie.service.js.map +0 -1
package/src/lib/auth/services/mfa.service.d.ts +0 -38
package/src/lib/auth/services/mfa.service.js +0 -254
package/src/lib/auth/services/mfa.service.js.map +0 -1
package/src/lib/auth.constants.d.ts +0 -39
package/src/lib/auth.constants.js +0 -43
package/src/lib/auth.constants.js.map +0 -1
package/src/lib/core/core.module.d.ts +0 -2
package/src/lib/core/core.module.js +0 -53
package/src/lib/core/core.module.js.map +0 -1
package/src/lib/core/decorators/auth.decorator.d.ts +0 -1
package/src/lib/core/decorators/auth.decorator.js +0 -8
package/src/lib/core/decorators/auth.decorator.js.map +0 -1
package/src/lib/core/decorators/permissions.decorator.d.ts +0 -2
package/src/lib/core/decorators/permissions.decorator.js +0 -14
package/src/lib/core/decorators/permissions.decorator.js.map +0 -1
package/src/lib/core/decorators/role.decorator.d.ts +0 -3
package/src/lib/core/decorators/role.decorator.js +0 -14
package/src/lib/core/decorators/role.decorator.js.map +0 -1
package/src/lib/core/decorators/skip-mfa.decorator.d.ts +0 -2
package/src/lib/core/decorators/skip-mfa.decorator.js +0 -8
package/src/lib/core/decorators/skip-mfa.decorator.js.map +0 -1
package/src/lib/core/dto/message.response.dto.d.ts +0 -3
package/src/lib/core/dto/message.response.dto.js +0 -13
package/src/lib/core/dto/message.response.dto.js.map +0 -1
package/src/lib/core/entities.js +0 -31
package/src/lib/core/entities.js.map +0 -1
package/src/lib/core/index.js +0 -27
package/src/lib/core/index.js.map +0 -1
package/src/lib/core/interfaces/auth-module-options.interface.d.ts +0 -62
package/src/lib/core/interfaces/auth-module-options.interface.js +0 -3
package/src/lib/core/interfaces/auth-module-options.interface.js.map +0 -1
package/src/lib/core/interfaces/mfa-options.interface.d.ts +0 -25
package/src/lib/core/interfaces/mfa-options.interface.js +0 -10
package/src/lib/core/interfaces/mfa-options.interface.js.map +0 -1
package/src/lib/core/interfaces/otp.interface.d.ts +0 -5
package/src/lib/core/interfaces/otp.interface.js +0 -10
package/src/lib/core/interfaces/otp.interface.js.map +0 -1
package/src/lib/core/interfaces/session-options.interface.d.ts +0 -12
package/src/lib/core/interfaces/session-options.interface.js +0 -9
package/src/lib/core/interfaces/session-options.interface.js.map +0 -1
package/src/lib/core/interfaces/token-payload.interface.js +0 -3
package/src/lib/core/interfaces/token-payload.interface.js.map +0 -1
package/src/lib/core/providers/apple-auth.provider.d.ts +0 -18
package/src/lib/core/providers/apple-auth.provider.js +0 -57
package/src/lib/core/providers/apple-auth.provider.js.map +0 -1
package/src/lib/core/providers/base-auth.provider.d.ts +0 -26
package/src/lib/core/providers/base-auth.provider.js +0 -43
package/src/lib/core/providers/base-auth.provider.js.map +0 -1
package/src/lib/core/providers/email-auth.provider.d.ts +0 -17
package/src/lib/core/providers/email-auth.provider.js +0 -40
package/src/lib/core/providers/email-auth.provider.js.map +0 -1
package/src/lib/core/providers/facebook-auth.provider.d.ts +0 -18
package/src/lib/core/providers/facebook-auth.provider.js +0 -56
package/src/lib/core/providers/facebook-auth.provider.js.map +0 -1
package/src/lib/core/providers/google-auth.provider.d.ts +0 -21
package/src/lib/core/providers/google-auth.provider.js +0 -58
package/src/lib/core/providers/google-auth.provider.js.map +0 -1
package/src/lib/core/providers/jwt-auth.provider.d.ts +0 -33
package/src/lib/core/providers/jwt-auth.provider.js +0 -50
package/src/lib/core/providers/jwt-auth.provider.js.map +0 -1
package/src/lib/core/providers/phone-auth.provider.d.ts +0 -18
package/src/lib/core/providers/phone-auth.provider.js +0 -43
package/src/lib/core/providers/phone-auth.provider.js.map +0 -1
package/src/lib/core/services/auth-config.service.d.ts +0 -12
package/src/lib/core/services/auth-config.service.js +0 -79
package/src/lib/core/services/auth-config.service.js.map +0 -1
package/src/lib/core/services/auth-provider-registry.service.d.ts +0 -24
package/src/lib/core/services/auth-provider-registry.service.js +0 -71
package/src/lib/core/services/auth-provider-registry.service.js.map +0 -1
package/src/lib/core/services/debug-logger.service.d.ts +0 -38
package/src/lib/core/services/debug-logger.service.js.map +0 -1
package/src/lib/core/services/initialization.service.d.ts +0 -10
package/src/lib/core/services/initialization.service.js +0 -34
package/src/lib/core/services/initialization.service.js.map +0 -1
package/src/lib/core/services/jwt.service.d.ts +0 -14
package/src/lib/core/services/jwt.service.js +0 -92
package/src/lib/core/services/jwt.service.js.map +0 -1
package/src/lib/nest-auth.module.d.ts +0 -11
package/src/lib/nest-auth.module.js +0 -177
package/src/lib/nest-auth.module.js.map +0 -1
package/src/lib/request-context/request-context.d.ts +0 -22
package/src/lib/request-context/request-context.js.map +0 -1
package/src/lib/request-context/request-context.middleware.d.ts +0 -4
package/src/lib/request-context/request-context.middleware.js +0 -16
package/src/lib/request-context/request-context.middleware.js.map +0 -1
package/src/lib/role/entities/role.entity.d.ts +0 -20
package/src/lib/role/entities/role.entity.js +0 -110
package/src/lib/role/entities/role.entity.js.map +0 -1
package/src/lib/role/index.js +0 -5
package/src/lib/role/index.js.map +0 -1
package/src/lib/role/role.module.d.ts +0 -2
package/src/lib/role/role.module.js +0 -23
package/src/lib/role/role.module.js.map +0 -1
package/src/lib/role/services/role.service.d.ts +0 -20
package/src/lib/role/services/role.service.js.map +0 -1
package/src/lib/session/entities/session.entity.d.ts +0 -16
package/src/lib/session/entities/session.entity.js +0 -63
package/src/lib/session/entities/session.entity.js.map +0 -1
package/src/lib/session/index.d.ts +0 -3
package/src/lib/session/index.js +0 -7
package/src/lib/session/index.js.map +0 -1
package/src/lib/session/services/base-session.service.d.ts +0 -23
package/src/lib/session/services/base-session.service.js +0 -64
package/src/lib/session/services/base-session.service.js.map +0 -1
package/src/lib/session/services/database-session.service.d.ts +0 -17
package/src/lib/session/services/database-session.service.js +0 -51
package/src/lib/session/services/database-session.service.js.map +0 -1
package/src/lib/session/services/redis-session.service.d.ts +0 -20
package/src/lib/session/services/redis-session.service.js +0 -117
package/src/lib/session/services/redis-session.service.js.map +0 -1
package/src/lib/session/session.module.d.ts +0 -2
package/src/lib/session/session.module.js +0 -33
package/src/lib/session/session.module.js.map +0 -1
package/src/lib/tenant/entities/tenant.entity.d.ts +0 -10
package/src/lib/tenant/entities/tenant.entity.js +0 -44
package/src/lib/tenant/entities/tenant.entity.js.map +0 -1
package/src/lib/tenant/events/tenant-created.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-created.event.js +0 -10
package/src/lib/tenant/events/tenant-created.event.js.map +0 -1
package/src/lib/tenant/events/tenant-deleted.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-deleted.event.js +0 -10
package/src/lib/tenant/events/tenant-deleted.event.js.map +0 -1
package/src/lib/tenant/events/tenant-updated.event.js +0 -10
package/src/lib/tenant/events/tenant-updated.event.js.map +0 -1
package/src/lib/tenant/index.d.ts +0 -1
package/src/lib/tenant/index.js +0 -5
package/src/lib/tenant/index.js.map +0 -1
package/src/lib/tenant/services/tenant.service.d.ts +0 -26
package/src/lib/tenant/services/tenant.service.js +0 -200
package/src/lib/tenant/services/tenant.service.js.map +0 -1
package/src/lib/tenant/tenant.module.d.ts +0 -2
package/src/lib/tenant/tenant.module.js +0 -27
package/src/lib/tenant/tenant.module.js.map +0 -1
package/src/lib/user/dto/requests/update-user.dto.d.ts +0 -5
package/src/lib/user/dto/requests/update-user.dto.js +0 -24
package/src/lib/user/dto/requests/update-user.dto.js.map +0 -1
package/src/lib/user/entities/access-key.entity.d.ts +0 -16
package/src/lib/user/entities/access-key.entity.js +0 -63
package/src/lib/user/entities/access-key.entity.js.map +0 -1
package/src/lib/user/entities/identity.entity.d.ts +0 -12
package/src/lib/user/entities/identity.entity.js +0 -47
package/src/lib/user/entities/identity.entity.js.map +0 -1
package/src/lib/user/entities/user.entity.d.ts +0 -39
package/src/lib/user/entities/user.entity.js +0 -201
package/src/lib/user/entities/user.entity.js.map +0 -1
package/src/lib/user/events/user-created.event.js +0 -10
package/src/lib/user/events/user-created.event.js.map +0 -1
package/src/lib/user/events/user-deleted.event.js +0 -10
package/src/lib/user/events/user-deleted.event.js.map +0 -1
package/src/lib/user/events/user-updated.event.js +0 -10
package/src/lib/user/events/user-updated.event.js.map +0 -1
package/src/lib/user/index.d.ts +0 -3
package/src/lib/user/index.js +0 -7
package/src/lib/user/index.js.map +0 -1
package/src/lib/user/services/access-key.service.d.ts +0 -19
package/src/lib/user/services/access-key.service.js +0 -119
package/src/lib/user/services/access-key.service.js.map +0 -1
package/src/lib/user/services/user.service.d.ts +0 -24
package/src/lib/user/services/user.service.js.map +0 -1
package/src/lib/user/user.module.d.ts +0 -2
package/src/lib/user/user.module.js +0 -34
package/src/lib/user/user.module.js.map +0 -1
package/src/lib/utils/database.utils.d.ts +0 -2
package/src/lib/utils/database.utils.js +0 -8
package/src/lib/utils/database.utils.js.map +0 -1
package/src/lib/utils/otp.d.ts +0 -1
package/src/lib/utils/otp.js +0 -7
package/src/lib/utils/otp.js.map +0 -1

package/src/lib/auth/auth.module.ts ADDED Viewed

@@ -0,0 +1,58 @@
+import { Module, forwardRef } from '@nestjs/common';
+import { AuthService } from './services/auth.service';
+import { CookieService } from './services/cookie.service';
+import { MfaService } from './services/mfa.service';
+import { ClientConfigService } from './services/client-config.service';
+import { NestAuthAuthGuard } from './guards/auth.guard';
+import { RefreshTokenInterceptor } from './interceptors/refresh-token.interceptor';
+import { AuthController } from './controllers/auth.controller';
+import { MfaController } from './controllers/mfa.controller';
+import { NestAuthIdentity } from '../user/entities/identity.entity';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { NestAuthUser } from '../user/entities/user.entity';
+import { NestAuthOTP } from './entities/otp.entity';
+import { NestAuthMFASecret } from './entities/mfa-secret.entity';
+import { NestAuthAccessKey } from '../user/entities/access-key.entity';
+import { EventEmitterModule } from '@nestjs/event-emitter';
+import { UserModule } from '../user/user.module';
+import { CoreModule } from '../core/core.module';
+import { SessionModule } from '../session/session.module';
+import { TenantModule } from '../tenant/tenant.module';
+import { RoleModule } from '../role/role.module';
+@Module({
+    imports: [
+        EventEmitterModule,
+        TypeOrmModule.forFeature([
+            NestAuthUser,
+            NestAuthOTP,
+            NestAuthMFASecret,
+            NestAuthAccessKey,
+            NestAuthIdentity,
+        ]),
+        forwardRef(() => CoreModule),
+        forwardRef(() => UserModule),
+        forwardRef(() => SessionModule),
+        forwardRef(() => TenantModule),
+        forwardRef(() => RoleModule),
+    ],
+    providers: [
+        AuthService,
+        CookieService,
+        MfaService,
+        ClientConfigService,
+        NestAuthAuthGuard,
+        RefreshTokenInterceptor,
+    ],
+    controllers: [AuthController, MfaController],
+    exports: [
+        AuthService,
+        CookieService,
+        MfaService,
+        ClientConfigService,
+        NestAuthAuthGuard,
+        RefreshTokenInterceptor,
+    ],
+})
+export class AuthModule {
+}

package/src/lib/auth/controllers/auth.controller.ts ADDED Viewed

@@ -0,0 +1,393 @@
+import { Controller, Post, Body, Get, UseGuards, Res, HttpCode, Query, Param } from '@nestjs/common';
+import { AuthService } from '../services/auth.service';
+import { Verify2faRequestDto } from '../dto/requests/verify-2fa.request.dto';
+import { RefreshTokenRequestDto } from '../dto/requests/refresh-token.request.dto';
+import { Response } from 'express';
+import { ApiResponse } from '@nestjs/swagger';
+import { ApiOperation } from '@nestjs/swagger';
+import { CookieService } from '../services/cookie.service';
+import { AuthConfigService } from '../../core/services/auth-config.service';
+import { AuthWithTokensResponseDto, UserResponseDto, Verify2faWithTokensResponseDto } from '../dto/responses/auth.response.dto';
+import { AuthCookieResponseDto } from '../dto/responses/auth-cookie.response.dto';
+import { SignupRequestDto } from '../dto/requests/signup.request.dto';
+import { LoginRequestDto } from '../dto/requests/login.request.dto';
+import { RequestContext } from '../../request-context/request-context';
+import { MessageResponseDto, MFAMethodEnum, SkipMfa } from '../../core';
+import { ForgotPasswordRequestDto } from '../dto/requests/forgot-password.request.dto';
+import { ResetPasswordRequestDto } from '../dto/requests/reset-password.request.dto';
+import { NestAuthAuthGuard } from '../guards/auth.guard';
+import { VerifyForgotPasswordOtpRequestDto } from '../dto/requests/verify-forgot-password-otp-request-dto';
+import { ResetPasswordWithTokenRequestDto } from '../dto/requests/reset-password-with-token.request.dto';
+import { VerifyOtpResponseDto } from '../dto/responses/verify-otp.response.dto';
+import { ChangePasswordRequestDto } from '../dto/requests/change-password.request.dto';
+import { SendEmailVerificationRequestDto } from '../dto/requests/send-email-verification.request.dto';
+import { VerifyEmailRequestDto } from '../dto/requests/verify-email.request.dto';
+import { ClientConfigService } from '../services/client-config.service';
+import { ClientConfigResponseDto } from '../dto/responses/client-config.response.dto';
+@Controller('auth')
+export class AuthController {
+    constructor(
+        private readonly authService: AuthService,
+        private readonly cookieService: CookieService,
+        private readonly authConfig: AuthConfigService,
+        private readonly clientConfigService: ClientConfigService,
+    ) { }
+    /**
+     * Check if using cookie-based authentication
+     */
+    protected isUsingCookies(): boolean {
+        const config = this.authConfig.getConfig();
+        return config.accessTokenType === 'cookie';
+    }
+    /**
+     * Handle auth response based on configuration
+     * - If cookie mode: Sets tokens in cookies, returns success message
+     * - If header mode: Returns tokens in response body
+     */
+    protected handleAuthResponse(
+        res: Response,
+        authResult: { accessToken: string; refreshToken: string; isRequiresMfa: boolean },
+        successMessage: string = 'Authentication successful'
+    ): void {
+        if (this.isUsingCookies()) {
+            // Cookie mode: Set tokens in cookies, return success message
+            this.cookieService.setTokens(res, authResult.accessToken, authResult.refreshToken);
+            res.status(200).json({
+                message: successMessage,
+                isRequiresMfa: authResult.isRequiresMfa
+            } as AuthCookieResponseDto);
+        } else {
+            // Header mode: Return tokens in response body
+            res.status(200).json({
+                message: successMessage,
+                accessToken: authResult.accessToken,
+                refreshToken: authResult.refreshToken,
+                isRequiresMfa: authResult.isRequiresMfa
+            } as AuthWithTokensResponseDto);
+        }
+    }
+    /**
+     * Handle 2FA verification response based on configuration
+     */
+    protected handle2faResponse(
+        res: Response,
+        authResult: { accessToken: string; refreshToken: string }
+    ): void {
+        if (this.isUsingCookies()) {
+            // Cookie mode: Set tokens in cookies, return success message
+            this.cookieService.setTokens(res, authResult.accessToken, authResult.refreshToken);
+            res.status(200).json({
+                message: '2FA verification successful'
+                // Note: No isRequiresMfa for 2FA verification (it's already verified)
+            } as AuthCookieResponseDto);
+        } else {
+            // Header mode: Return message AND tokens in response body
+            res.status(200).json({
+                message: '2FA verification successful',
+                accessToken: authResult.accessToken,
+                refreshToken: authResult.refreshToken
+            } as Verify2faWithTokensResponseDto);
+        }
+    }
+    @ApiOperation({
+        summary: 'Signup',
+        description: 'Register a new user. Response format depends on accessTokenType configuration:\n' +
+            '- Header mode (default): Returns tokens in response body\n' +
+            '- Cookie mode: Sets tokens in HTTP-only cookies and returns success message'
+    })
+    @ApiResponse({ status: 200, type: AuthWithTokensResponseDto, description: 'Header mode: Returns message + tokens in body' })
+    @ApiResponse({ status: 200, type: AuthCookieResponseDto, description: 'Cookie mode: Returns message only, tokens in cookies' })
+    @HttpCode(200)
+    @Post('signup')
+    async signup(@Body() input: SignupRequestDto, @Res() res: Response) {
+        const response = await this.authService.signup(input);
+        this.handleAuthResponse(res, response, 'Signup successful');
+    }
+    @ApiOperation({
+        summary: 'Login',
+        description: 'Authenticate user. Response format depends on accessTokenType configuration:\n' +
+            '- Header mode (default): Returns tokens in response body\n' +
+            '- Cookie mode: Sets tokens in HTTP-only cookies and returns success message'
+    })
+    @ApiResponse({ status: 200, type: AuthWithTokensResponseDto, description: 'Header mode: Returns message + tokens in body' })
+    @ApiResponse({ status: 200, type: AuthCookieResponseDto, description: 'Cookie mode: Returns message only, tokens in cookies' })
+    @HttpCode(200)
+    @Post('login')
+    async login(@Body() input: LoginRequestDto, @Res() res: Response) {
+        const response = await this.authService.login(input);
+        this.handleAuthResponse(res, response, 'Login successful');
+    }
+    @ApiOperation({
+        summary: 'Refresh Token',
+        description: 'Refresh access token. Response format depends on accessTokenType configuration:\n' +
+            '- Header mode (default): Returns new tokens in response body\n' +
+            '- Cookie mode: Sets new tokens in HTTP-only cookies and returns success message'
+    })
+    @ApiResponse({ status: 200, type: AuthWithTokensResponseDto, description: 'Header mode: Returns message + tokens in body' })
+    @ApiResponse({ status: 200, type: AuthCookieResponseDto, description: 'Cookie mode: Returns message only, tokens in cookies' })
+    @HttpCode(200)
+    @Post('refresh-token')
+    async refreshToken(@Body() input: RefreshTokenRequestDto, @Res() res: Response) {
+        const response = await this.authService.refreshToken(input.refreshToken);
+        // Note: Refresh response doesn't have isRequiresMfa, so we create a compatible object
+        this.handleAuthResponse(res, { ...response, isRequiresMfa: false }, 'Token refreshed successfully');
+    }
+    @ApiOperation({ summary: 'Send 2FA Code' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('send-2fa-code')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async send2faCode(@Body('method') method: MFAMethodEnum) {
+        const user = RequestContext.currentUser();
+        await this.authService.send2faCode(user.id, method);
+        return { message: '2FA code sent successfully' }
+    }
+    @ApiOperation({
+        summary: 'Verify 2FA',
+        description: 'Verify two-factor authentication. Response format depends on accessTokenType configuration:\n' +
+            '- Header mode (default): Returns tokens in response body\n' +
+            '- Cookie mode: Sets tokens in HTTP-only cookies and returns success message'
+    })
+    @ApiResponse({ status: 200, type: Verify2faWithTokensResponseDto, description: 'Header mode: Returns message + tokens in body' })
+    @ApiResponse({ status: 200, type: AuthCookieResponseDto, description: 'Cookie mode: Returns message only, tokens in cookies' })
+    @HttpCode(200)
+    @Post('verify-2fa')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async verify2fa(@Body() input: Verify2faRequestDto, @Res() res: Response) {
+        const response = await this.authService.verify2fa(input);
+        this.handle2faResponse(res, response);
+    }
+    @ApiOperation({ summary: 'Logout' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('logout')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async logout(@Res() res: Response) {
+        await this.authService.logout();
+        // Only clear cookies if using cookie-based auth
+        if (this.isUsingCookies()) {
+            this.cookieService.clearCookies(res);
+        }
+        res.status(200).json({ message: 'Logged out successfully' });
+    }
+    @ApiOperation({ summary: 'Logout All' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('logout-all')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async logoutAll(): Promise<MessageResponseDto> {
+        const user = RequestContext.currentUser();
+        await this.authService.logoutAll(user.id);
+        return { message: 'Logged out from all devices successfully' };
+    }
+    @ApiOperation({ summary: 'Change Password' })
+    @ApiResponse({ status: 200, type: AuthWithTokensResponseDto })
+    @HttpCode(200)
+    @Post('change-password')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async changePassword(@Body() input: ChangePasswordRequestDto, @Res() res: Response) {
+        const response = await this.authService.changePassword(input);
+        this.handleAuthResponse(res, response, 'Password updated successfully');
+    }
+    @ApiOperation({ summary: 'Forgot Password' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('forgot-password')
+    @SkipMfa()
+    async forgotPassword(@Body() input: ForgotPasswordRequestDto): Promise<MessageResponseDto> {
+        await this.authService.forgotPassword(input);
+        return { message: 'If the account exists, a password reset code has been sent' }
+    }
+    @ApiOperation({ summary: 'Verify Forgot Password OTP and get reset token' })
+    @ApiResponse({ status: 200, type: VerifyOtpResponseDto })
+    @HttpCode(200)
+    @Post('verify-forgot-password-otp')
+    @SkipMfa()
+    async verifyForgotPasswordOtp(@Body() input: VerifyForgotPasswordOtpRequestDto): Promise<VerifyOtpResponseDto> {
+        return await this.authService.verifyForgotPasswordOtp(input);
+    }
+    @ApiOperation({ summary: 'Reset Password (Legacy - using OTP)' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('reset-password')
+    @SkipMfa()
+    async resetPassword(@Body() input: ResetPasswordRequestDto): Promise<MessageResponseDto> {
+        await this.authService.resetPassword(input);
+        return { message: 'Password reset successfully' }
+    }
+    @ApiOperation({ summary: 'Reset Password with Token' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('reset-password-with-token')
+    @SkipMfa()
+    async resetPasswordWithToken(@Body() input: ResetPasswordWithTokenRequestDto): Promise<MessageResponseDto> {
+        await this.authService.resetPasswordWithToken(input);
+        return { message: 'Password reset successfully' }
+    }
+    @ApiOperation({ summary: 'Get Logged In User' })
+    @ApiResponse({ status: 200, type: UserResponseDto })
+    @UseGuards(NestAuthAuthGuard)
+    @Get('user')
+    async getUser() {
+        return await this.authService.getUser();
+    }
+    @ApiOperation({ summary: 'Send Email Verification' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('send-email-verification')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async sendEmailVerification(@Body() input: SendEmailVerificationRequestDto): Promise<MessageResponseDto> {
+        return await this.authService.sendEmailVerification(input);
+    }
+    @ApiOperation({ summary: 'Verify Email' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('verify-email')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async verifyEmail(@Body() input: VerifyEmailRequestDto): Promise<MessageResponseDto> {
+        return await this.authService.verifyEmail(input);
+    }
+    @ApiOperation({
+        summary: 'Get Client Configuration',
+        description: 'Returns backend configuration for frontend clients. Includes enabled auth methods, registration settings, MFA options, tenant configuration, and SSO providers. Can be customized via clientConfig.factory in AuthModuleOptions.',
+    })
+    @ApiResponse({ status: 200, type: ClientConfigResponseDto })
+    @HttpCode(200)
+    @Get('client-config')
+    async getClientConfig(): Promise<ClientConfigResponseDto> {
+        return await this.clientConfigService.getClientConfig();
+    }
+    @ApiOperation({
+        summary: 'SSO Callback',
+        description: 'OAuth callback endpoint for SSO providers. Exchanges authorization code for access token and returns raw SSO user info. Returns HTML page that posts SSO data to parent window and auto-closes.',
+    })
+    @Get('callback/:provider')
+    async ssoCallback(
+        @Param('provider') provider: string,
+        @Query() data: any,
+        @Res() res: Response,
+    ) {
+        const jsonData = JSON.stringify(data);
+        const escapedData = jsonData.replace(/</g, '\\u003c').replace(/>/g, '\\u003e');
+        const html = `<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>SSO Callback</title>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
+            display: flex;
+            justify-content: center;
+            align-items: center;
+            min-height: 100vh;
+            margin: 0;
+            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+        }
+        .container {
+            background: white;
+            padding: 2rem;
+            border-radius: 8px;
+            box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
+            text-align: center;
+            max-width: 400px;
+        }
+        .spinner {
+            border: 3px solid #f3f3f3;
+            border-top: 3px solid #667eea;
+            border-radius: 50%;
+            width: 40px;
+            height: 40px;
+            animation: spin 1s linear infinite;
+            margin: 0 auto 1rem;
+        }
+        @keyframes spin {
+            0% { transform: rotate(0deg); }
+            100% { transform: rotate(360deg); }
+        }
+        .message {
+            color: #333;
+            margin-top: 1rem;
+        }
+        .error {
+            color: #dc3545;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="spinner"></div>
+        <div class="message" id="message">Processing...</div>
+    </div>
+    <script>
+        (function() {
+            const data = ${escapedData};
+            // Post message to parent window
+            if (window.opener) {
+                window.opener.postMessage({
+                    type: 'nest-auth-sso-callback',
+                    ...data
+                }, '*');
+                // Auto-close immediately
+                window.close();
+            } else if (window.parent && window.parent !== window) {
+                // Iframe context
+                window.parent.postMessage({
+                    type: 'nest-auth-sso-callback',
+                    ...data
+                }, '*');
+                // Note: Can't close iframe from inside
+            } else {
+                // No parent window, show message
+                document.getElementById('message').textContent = data.success
+                    ? 'Success! You can close this window.'
+                    : 'Error: ' + (data.errorDescription || data.error);
+                document.getElementById('message').className = data.success ? 'message' : 'message error';
+            }
+        })();
+    </script>
+</body>
+</html>`;
+        res.setHeader('Content-Type', 'text/html');
+        res.status(200).send(html);
+    }
+}

package/src/lib/auth/controllers/mfa.controller.ts ADDED Viewed

@@ -0,0 +1,200 @@
+import { Controller, Post, Body, UnauthorizedException, UseGuards, HttpCode, Get, Delete, Param } from '@nestjs/common';
+import { SkipMfa, MessageResponseDto, MFAMethodEnum, NestAuthUser } from '../../core';
+import { MfaService } from '../services/mfa.service';
+import { RequestContext } from '../../request-context/request-context';
+import { SendMfaCodeRequestDto } from '../dto/requests/send-mfa-code.request.dto';
+import { VerifyTotpSetupRequestDto } from '../dto/requests/verify-totp-setup.request.dto';
+import { ApiOperation, ApiResponse } from '@nestjs/swagger';
+import { INVALID_MFA_EXCEPTION_CODE, USER_NOT_FOUND_EXCEPTION_CODE } from '../../auth.constants';
+import { NestAuthAuthGuard } from '../guards/auth.guard';
+import { ToggleMfaRequestDto } from '../dto/requests/toggle-mfa.request.dto';
+import { MfaStatusResponseDto, MfaDeviceDto } from '../dto/responses/mfa-status.response.dto';
+import { AuthConfigService } from '../../core/services/auth-config.service';
+@Controller('auth/mfa')
+export class MfaController {
+    constructor(
+        private readonly mfaService: MfaService,
+        private readonly authConfig: AuthConfigService,
+    ) { }
+    private getCurrentUserOrThrow() {
+        const user = RequestContext.currentUser();
+        if (!user) {
+            throw new UnauthorizedException('User not found');
+        }
+        return user;
+    }
+    @ApiOperation({ summary: 'Get MFA status for the current user' })
+    @ApiResponse({ status: 200, type: MfaStatusResponseDto })
+    @HttpCode(200)
+    @Get('status')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async getStatus(): Promise<MfaStatusResponseDto> {
+        const user = this.getCurrentUserOrThrow();
+        const config = this.mfaService.mfaConfig;
+        const globallyEnabled = config?.enabled ?? false;
+        let enabledMethods: MFAMethodEnum[] = [];
+        let totpDevices: MfaDeviceDto[] = [];
+        let hasRecoveryCode = false;
+        let isEnabled = false;
+        if (globallyEnabled) {
+            [enabledMethods, totpDevices, hasRecoveryCode, isEnabled] = await Promise.all([
+                this.mfaService.getEnabledMethods(user.id),
+                this.mfaService.getTotpDevices(user.id),
+                this.mfaService.hasRecoveryCode(user.id),
+                this.mfaService.isMfaEnabled(user.id),
+            ]);
+        }
+        return {
+            isEnabled,
+            enabledMethods,
+            availableMethods: this.mfaService.getAvailableMethods(),
+            allowUserToggle: config?.allowUserToggle ?? false,
+            allowMethodSelection: config?.allowMethodSelection ?? false,
+            totpDevices,
+            hasRecoveryCode,
+        };
+    }
+    @ApiOperation({ summary: 'Enable or disable MFA for the current user' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('toggle')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async toggleMfa(@Body() input: ToggleMfaRequestDto): Promise<MessageResponseDto> {
+        const user = this.getCurrentUserOrThrow();
+        this.mfaService.requireMfaEnabledForApp(true);
+        if (input.enabled) {
+            await this.mfaService.enableMFA(user.id);
+            return { message: 'MFA enabled successfully' };
+        }
+        await this.mfaService.disableMFA(user.id);
+        return { message: 'MFA disabled successfully' };
+    }
+    @ApiOperation({ summary: 'List registered MFA devices' })
+    @ApiResponse({ status: 200, type: [MfaDeviceDto] })
+    @HttpCode(200)
+    @Get('devices')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async listDevices(): Promise<MfaDeviceDto[]> {
+        const user = this.getCurrentUserOrThrow();
+        this.mfaService.requireMfaEnabledForApp(true);
+        return await this.mfaService.getTotpDevices(user.id);
+    }
+    @ApiOperation({ summary: 'Remove a registered MFA device' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Delete('devices/:deviceId')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async removeDevice(@Param('deviceId') deviceId: string): Promise<MessageResponseDto> {
+        const user = this.getCurrentUserOrThrow();
+        this.mfaService.requireMfaEnabledForApp(true);
+        await this.mfaService.removeTotpDevice(deviceId);
+        return { message: 'MFA device removed successfully' };
+    }
+    @ApiOperation({ summary: 'Send MFA Code' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('send-mfa-code')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async sendMfaCode(@Body() input: SendMfaCodeRequestDto) {
+        const user = this.getCurrentUserOrThrow();
+        await this.mfaService.sendMfaCode(user.id, input.method);
+        return { message: 'MFA code sent' };
+    }
+    // These routes skip MFA verification
+    @ApiOperation({ summary: 'Setup TOTP Device' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('setup-totp')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async setupTotp() {
+        const user = this.getCurrentUserOrThrow();
+        const config = this.authConfig.getConfig();
+        // Get app name from config, fallback to default
+        const appName = config.appName;
+        // Get user email - try from JWT token first, then from database
+        let userEmail = user.email;
+        if (!userEmail) {
+            const fullUser = await NestAuthUser.findOne({ where: { id: user.id } });
+            userEmail = fullUser?.email || 'User';
+        }
+        // Generate meaningful device name: {APP_NAME} : {email}
+        const deviceName = `${appName} : ${userEmail}`;
+        const { secret, qrCode } = await this.mfaService.setupTotpDevice(user.id, deviceName);
+        return { secret, qrCode };
+    }
+    @ApiOperation({ summary: 'Verify TOTP Setup' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('verify-totp-setup')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async verifyTotpSetup(@Body() input: VerifyTotpSetupRequestDto) {
+        const user = this.getCurrentUserOrThrow();
+        const isVerified = await this.mfaService.verifyTotpSetup(user.id, input.secret, input.otp);
+        if (!isVerified) {
+            throw new UnauthorizedException({
+                message: 'Invalid OTP',
+                code: INVALID_MFA_EXCEPTION_CODE
+            });
+        }
+        return { message: 'Device setup successfully' };
+    }
+    @ApiOperation({ summary: 'Generate Recovery Codes' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('generate-recovery-code')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async generateRecoveryCodes() {
+        const user = this.getCurrentUserOrThrow();
+        // Generate recovery codes
+        const code = await this.mfaService.generateRecoveryCode(user.id);
+        return { code };
+    }
+    @ApiOperation({ summary: 'Reset TOTP Device' })
+    @ApiResponse({ status: 200, type: MessageResponseDto })
+    @HttpCode(200)
+    @Post('reset-totp')
+    @SkipMfa()
+    @UseGuards(NestAuthAuthGuard)
+    async resetTotp(@Body('code') code: string) {
+        const user = this.getCurrentUserOrThrow();
+        await this.mfaService.resetMfa(user.id, code);
+        return { message: 'MFA reset successfully' };
+    }
+}

package/src/lib/auth/dto/credentials/email-credentials.dto.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsEmail, IsString, IsNotEmpty } from 'class-validator';
+/**
+ * Email-based login credentials
+ */
+export class EmailCredentialsDto {
+    @ApiProperty({
+        description: 'User email address',
+        example: 'user@example.com',
+    })
+    @IsEmail()
+    @IsNotEmpty()
+    email: string;
+    @ApiProperty({
+        description: 'User password',
+        example: 'SecurePass123!',
+        minLength: 8,
+    })
+    @IsString()
+    @IsNotEmpty()
+    password: string;
+}