npm - @ackplus/nest-auth - Versions diffs - 0.1.51 → 1.1.1 - Mend

@ackplus/nest-auth 0.1.51 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (505) hide show

package/README.md +6 -513
package/eslint.config.mjs +59 -0
package/jest.config.ts +10 -0
package/package.json +14 -44
package/project.json +86 -0
package/src/index.ts +30 -0
package/src/lib/admin-console/admin-console.module.ts +62 -0
package/src/lib/admin-console/controllers/admin-auth.controller.ts +339 -0
package/src/lib/admin-console/controllers/admin-console.controller.ts +82 -0
package/src/lib/admin-console/controllers/admin-permissions.controller.ts +180 -0
package/src/lib/admin-console/controllers/admin-roles.controller.ts +89 -0
package/src/lib/admin-console/controllers/admin-tenants.controller.ts +68 -0
package/src/lib/admin-console/controllers/admin-users.controller.ts +379 -0
package/src/lib/admin-console/decorators/current-admin.decorator.ts +9 -0
package/src/lib/admin-console/dto/admin-permission.dto.ts +106 -0
package/src/lib/admin-console/dto/admin-role.dto.ts +45 -0
package/src/lib/admin-console/dto/admin-tenant.dto.ts +43 -0
package/src/lib/admin-console/dto/admin-user.dto.ts +87 -0
package/src/lib/admin-console/dto/create-dashboard-admin.dto.ts +34 -0
package/src/lib/admin-console/dto/login.dto.ts +10 -0
package/src/lib/admin-console/dto/reset-password.dto.ts +21 -0
package/src/lib/admin-console/dto/setup-admin.dto.ts +23 -0
package/src/lib/admin-console/dto/signup.dto.ts +51 -0
package/src/lib/admin-console/entities/admin-user.entity.ts +74 -0
package/src/lib/admin-console/guards/admin-session.guard.ts +47 -0
package/src/lib/admin-console/services/admin-auth.service.ts +82 -0
package/src/lib/admin-console/services/admin-console-config.service.ts +62 -0
package/src/lib/admin-console/services/admin-session.service.ts +106 -0
package/src/lib/admin-console/services/admin-user.service.ts +96 -0
package/src/lib/admin-console/static/index.html +771 -0
package/src/lib/auth/auth.module.ts +58 -0
package/src/lib/auth/controllers/auth.controller.ts +393 -0
package/src/lib/auth/controllers/mfa.controller.ts +200 -0
package/src/lib/auth/dto/credentials/email-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/phone-credentials.dto.ts +24 -0
package/src/lib/auth/dto/credentials/social-credentials.dto.ts +15 -0
package/src/lib/auth/dto/index.ts +1 -0
package/src/lib/auth/dto/requests/change-password.request.dto.ts +34 -0
package/src/lib/auth/dto/requests/forgot-password.request.dto.ts +30 -0
package/src/lib/auth/dto/requests/initialize-admin.request.dto.ts +51 -0
package/src/lib/auth/dto/requests/login.request.dto.ts +65 -0
package/src/lib/auth/dto/requests/refresh-token.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/reset-password-with-token.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/reset-password.request.dto.ts +50 -0
package/src/lib/auth/dto/requests/send-email-verification.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.ts +19 -0
package/src/lib/auth/dto/requests/signup.request.dto.ts +42 -0
package/src/lib/auth/dto/requests/toggle-mfa.request.dto.ts +12 -0
package/src/lib/auth/dto/requests/verify-2fa.request.dto.ts +24 -0
package/src/lib/auth/dto/requests/verify-email.request.dto.ts +22 -0
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.ts +41 -0
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.ts +22 -0
package/src/lib/auth/dto/responses/auth-cookie.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth-success.response.dto.ts +58 -0
package/src/lib/auth/dto/responses/auth.response.dto.ts +99 -0
package/src/lib/auth/dto/responses/client-config.response.dto.ts +153 -0
package/src/lib/auth/dto/responses/initialize-admin.response.dto.ts +22 -0
package/src/lib/auth/dto/responses/mfa-code-response.dto.ts +27 -0
package/src/lib/auth/dto/responses/mfa-status.response.dto.ts +89 -0
package/src/lib/auth/dto/responses/verify-otp.response.dto.ts +9 -0
package/src/lib/auth/entities/mfa-secret.entity.ts +33 -0
package/src/lib/auth/entities/otp.entity.ts +33 -0
package/src/lib/auth/events/{logged-out-all.event.d.ts → logged-out-all.event.ts} +6 -3
package/src/lib/auth/events/{logged-out.event.d.ts → logged-out.event.ts} +5 -3
package/src/lib/auth/events/{password-reset-requested.event.d.ts → password-reset-requested.event.ts} +6 -3
package/src/lib/auth/events/{password-reset.event.d.ts → password-reset.event.ts} +6 -3
package/src/lib/auth/events/{user-2fa-verified.event.d.ts → user-2fa-verified.event.ts} +6 -3
package/src/lib/auth/events/{user-logged-in.event.d.ts → user-logged-in.event.ts} +7 -3
package/src/lib/auth/events/{user-refresh-token.event.d.ts → user-refresh-token.event.ts} +6 -3
package/src/lib/auth/events/{user-registered.event.d.ts → user-registered.event.ts} +7 -3
package/src/lib/auth/guards/auth.guard.ts +386 -0
package/src/lib/auth/{index.d.ts → index.ts} +28 -1
package/src/lib/auth/interceptors/refresh-token.interceptor.ts +117 -0
package/src/lib/auth/services/auth.service.ts +947 -0
package/src/lib/auth/services/client-config.service.ts +157 -0
package/src/lib/auth/services/cookie.service.ts +43 -0
package/src/lib/auth/services/mfa.service.ts +391 -0
package/src/lib/auth.constants.ts +63 -0
package/src/lib/core/core.module.ts +50 -0
package/src/lib/core/decorators/auth.decorator.ts +38 -0
package/src/lib/core/decorators/permissions.decorator.ts +17 -0
package/src/lib/core/decorators/public.decorator.ts +33 -0
package/src/lib/core/decorators/role.decorator.ts +12 -0
package/src/lib/core/decorators/skip-mfa.decorator.ts +4 -0
package/src/lib/core/dto/message.response.dto.ts +6 -0
package/src/lib/core/{entities.d.ts → entities.ts} +18 -1
package/src/lib/core/{index.d.ts → index.ts} +17 -0
package/src/lib/core/interfaces/auth-module-options.interface.ts +211 -0
package/src/lib/core/interfaces/mfa-options.interface.ts +46 -0
package/src/lib/core/interfaces/otp.interface.ts +6 -0
package/src/lib/core/interfaces/session-options.interface.ts +19 -0
package/src/lib/core/interfaces/{token-payload.interface.d.ts → token-payload.interface.ts} +4 -1
package/src/lib/core/providers/apple-auth.provider.ts +61 -0
package/src/lib/core/providers/base-auth.provider.ts +74 -0
package/src/lib/core/providers/email-auth.provider.ts +71 -0
package/src/lib/core/providers/facebook-auth.provider.ts +55 -0
package/src/lib/core/providers/github-auth.provider.ts +79 -0
package/src/lib/core/providers/google-auth.provider.ts +61 -0
package/src/lib/core/providers/jwt-auth.provider.ts +50 -0
package/src/lib/core/providers/phone-auth.provider.ts +45 -0
package/src/lib/core/services/auth-config.service.ts +184 -0
package/src/lib/core/services/auth-provider-registry.service.ts +93 -0
package/src/lib/core/services/{debug-logger.service.js → debug-logger.service.ts} +92 -59
package/src/lib/core/services/initialization.service.ts +29 -0
package/src/lib/core/services/jwt.service.ts +137 -0
package/src/lib/nest-auth.module.ts +152 -0
package/src/lib/permission/entities/permission.entity.ts +56 -0
package/src/lib/permission/index.ts +4 -0
package/src/lib/permission/permission.module.ts +14 -0
package/src/lib/permission/services/permission.service.ts +233 -0
package/src/lib/request-context/index.ts +2 -0
package/src/lib/request-context/request-context.middleware.ts +13 -0
package/src/lib/request-context/{request-context.js → request-context.ts} +51 -27
package/src/lib/role/entities/role.entity.ts +103 -0
package/src/lib/role/{index.d.ts → index.ts} +2 -0
package/src/lib/role/role.module.ts +15 -0
package/src/lib/role/services/{role.service.js → role.service.ts} +117 -52
package/src/lib/session/entities/session.entity.ts +54 -0
package/src/lib/session/index.ts +20 -0
package/src/lib/session/interfaces/session-repository.interface.ts +58 -0
package/src/lib/session/repositories/base-session.repository.ts +74 -0
package/src/lib/session/repositories/memory-session.repository.ts +153 -0
package/src/lib/session/repositories/redis-session.repository.ts +171 -0
package/src/lib/session/repositories/typeorm-session.repository.ts +86 -0
package/src/lib/session/services/session-manager.service.ts +261 -0
package/src/lib/session/session.module.ts +102 -0
package/src/lib/session/utils/session.util.ts +166 -0
package/src/lib/tenant/entities/tenant.entity.ts +40 -0
package/src/lib/tenant/events/tenant-created.event.ts +9 -0
package/src/lib/tenant/events/tenant-deleted.event.ts +11 -0
package/src/lib/tenant/events/{tenant-updated.event.d.ts → tenant-updated.event.ts} +6 -3
package/src/lib/tenant/index.ts +9 -0
package/src/lib/tenant/services/tenant.service.ts +336 -0
package/src/lib/tenant/tenant.module.ts +19 -0
package/src/lib/types/express.d.ts +14 -0
package/src/lib/user/dto/requests/update-user.dto.ts +15 -0
package/src/lib/user/entities/access-key.entity.ts +53 -0
package/src/lib/user/entities/identity.entity.ts +31 -0
package/src/lib/user/entities/user.entity.ts +212 -0
package/src/lib/user/events/{user-created.event.d.ts → user-created.event.ts} +4 -3
package/src/lib/user/events/{user-deleted.event.d.ts → user-deleted.event.ts} +6 -3
package/src/lib/user/events/{user-updated.event.d.ts → user-updated.event.ts} +6 -3
package/src/lib/user/index.ts +11 -0
package/src/lib/user/services/access-key.service.ts +145 -0
package/src/lib/user/services/{user.service.js → user.service.ts} +199 -95
package/src/lib/user/user.module.ts +26 -0
package/src/lib/utils/database.utils.ts +6 -0
package/src/lib/utils/date.util.ts +106 -0
package/src/lib/utils/device.util.ts +111 -0
package/src/lib/utils/index.ts +6 -0
package/src/lib/utils/otp.ts +3 -0
package/src/lib/utils/security.util.ts +27 -0
package/src/lib/utils/slug.util.ts +58 -0
package/src/types/ms.d.ts +1 -0
package/test/access-key.service.spec.ts +204 -0
package/test/auth.service.spec.ts +541 -0
package/test/mfa.service.spec.ts +359 -0
package/test/role.service.spec.ts +418 -0
package/test/tenant.service.spec.ts +218 -0
package/test/test.setup.ts +66 -0
package/test/user.service.spec.ts +374 -0
package/tsconfig.json +17 -0
package/tsconfig.lib.json +15 -0
package/tsconfig.spec.json +15 -0
package/tsconfig.tsbuildinfo +1 -1
package/ui/.env +1 -0
package/ui/.env.example +1 -0
package/ui/.eslintignore +7 -0
package/ui/README.md +288 -0
package/ui/index.html +17 -0
package/ui/package.json +34 -0
package/ui/postcss.config.js +6 -0
package/ui/src/App.tsx +245 -0
package/ui/src/components/AuthGuard.tsx +59 -0
package/ui/src/components/AuthProvider.tsx +76 -0
package/ui/src/components/Button.tsx +37 -0
package/ui/src/components/Card.tsx +37 -0
package/ui/src/components/ErrorMessage.tsx +15 -0
package/ui/src/components/FormDialog.tsx +61 -0
package/ui/src/components/FormFooter.tsx +37 -0
package/ui/src/components/Layout.tsx +112 -0
package/ui/src/components/LoadingMessage.tsx +11 -0
package/ui/src/components/Modal.tsx +97 -0
package/ui/src/components/MultiSelect.tsx +145 -0
package/ui/src/components/PageHeader.tsx +42 -0
package/ui/src/components/PanelHeader.tsx +28 -0
package/ui/src/components/PermissionInput.tsx +473 -0
package/ui/src/components/SearchInput.tsx +69 -0
package/ui/src/components/Select.tsx +51 -0
package/ui/src/components/SwaggerUIWrapper.tsx +316 -0
package/ui/src/components/Table.tsx +207 -0
package/ui/src/components/Tag.tsx +9 -0
package/ui/src/components/TagsInput.tsx +96 -0
package/ui/src/components/admin/AdminForm.tsx +170 -0
package/ui/src/components/admin/CreateAdminDialog.tsx +38 -0
package/ui/src/components/auth/LoginFooter.tsx +17 -0
package/ui/src/components/auth/LoginHeader.tsx +14 -0
package/ui/src/components/auth/components/CodeBlock.tsx +43 -0
package/ui/src/components/auth/components/CreateAccountCodeExamples.tsx +60 -0
package/ui/src/components/auth/components/PasswordRequirements.tsx +16 -0
package/ui/src/components/auth/components/PasswordStrengthIndicator.tsx +48 -0
package/ui/src/components/auth/components/ResetPasswordCodeExamples.tsx +76 -0
package/ui/src/components/auth/components/Tabs.tsx +32 -0
package/ui/src/components/auth/dialogs/CreateAccountDialog.tsx +79 -0
package/ui/src/components/auth/dialogs/ForgotPasswordDialog.tsx +79 -0
package/ui/src/components/auth/forms/CreateAccountForm.tsx +226 -0
package/ui/src/components/auth/forms/LoginForm.tsx +149 -0
package/ui/src/components/auth/forms/ResetPasswordForm.tsx +202 -0
package/ui/src/components/auth/types.ts +17 -0
package/ui/src/components/auth/utils/security.ts +82 -0
package/ui/src/components/auth/utils/utils.ts +25 -0
package/ui/src/components/form/EmailField.tsx +25 -0
package/ui/src/components/form/FormField.tsx +102 -0
package/ui/src/components/form/FormMultiSelect.tsx +46 -0
package/ui/src/components/form/FormSelect.tsx +60 -0
package/ui/src/components/form/FormTagsInput.tsx +42 -0
package/ui/src/components/form/FormTextarea.tsx +42 -0
package/ui/src/components/form/PasswordField.tsx +93 -0
package/ui/src/components/form/SecretKeyField.tsx +49 -0
package/ui/src/components/permission/CreatePermissionDialog.tsx +44 -0
package/ui/src/components/permission/EditPermissionDialog.tsx +55 -0
package/ui/src/components/permission/PermissionForm.tsx +251 -0
package/ui/src/components/role/CreateRoleDialog.tsx +45 -0
package/ui/src/components/role/EditRoleDialog.tsx +55 -0
package/ui/src/components/role/RoleDialog.tsx +252 -0
package/ui/src/components/role/RoleForm.tsx +246 -0
package/ui/src/components/tenant/CreateTenantDialog.tsx +41 -0
package/ui/src/components/tenant/EditTenantDialog.tsx +52 -0
package/ui/src/components/tenant/TenantForm.tsx +160 -0
package/ui/src/components/user/CreateUserDialog.tsx +45 -0
package/ui/src/components/user/UserDetailModal.tsx +815 -0
package/ui/src/components/user/UserForm.tsx +191 -0
package/ui/src/data/nest-auth.json +1687 -0
package/ui/src/hooks/useApi.ts +69 -0
package/ui/src/hooks/useAuth.ts +100 -0
package/ui/src/hooks/useConfirm.tsx +105 -0
package/ui/src/hooks/useFormFooter.tsx +42 -0
package/ui/src/hooks/usePagination.ts +69 -0
package/ui/src/index.css +59 -0
package/ui/src/main.tsx +13 -0
package/ui/src/pages/AdminsPage.tsx +178 -0
package/ui/src/pages/ApiPage.tsx +89 -0
package/ui/src/pages/DashboardPage.tsx +281 -0
package/ui/src/pages/LoginPage.tsx +39 -0
package/ui/src/pages/PermissionsPage.tsx +376 -0
package/ui/src/pages/RolesPage.tsx +274 -0
package/ui/src/pages/TenantsPage.tsx +221 -0
package/ui/src/pages/UsersPage.tsx +387 -0
package/ui/src/services/api.ts +115 -0
package/ui/src/types/index.ts +136 -0
package/ui/src/vite-env.d.ts +9 -0
package/ui/tailwind.config.js +45 -0
package/ui/tsconfig.json +24 -0
package/ui/tsconfig.node.json +10 -0
package/ui/vite.config.ts +37 -0
package/ui/yarn.lock +3137 -0
package/src/index.d.ts +0 -11
package/src/index.js +0 -18
package/src/index.js.map +0 -1
package/src/lib/auth/auth.module.d.ts +0 -2
package/src/lib/auth/auth.module.js +0 -54
package/src/lib/auth/auth.module.js.map +0 -1
package/src/lib/auth/controllers/auth.controller.d.ts +0 -29
package/src/lib/auth/controllers/auth.controller.js +0 -206
package/src/lib/auth/controllers/auth.controller.js.map +0 -1
package/src/lib/auth/controllers/mfa.controller.d.ts +0 -23
package/src/lib/auth/controllers/mfa.controller.js +0 -131
package/src/lib/auth/controllers/mfa.controller.js.map +0 -1
package/src/lib/auth/dto/index.d.ts +0 -0
package/src/lib/auth/dto/index.js +0 -1
package/src/lib/auth/dto/index.js.map +0 -1
package/src/lib/auth/dto/requests/forgot-password.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/forgot-password.request.dto.js +0 -30
package/src/lib/auth/dto/requests/forgot-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/login.request.dto.d.ts +0 -6
package/src/lib/auth/dto/requests/login.request.dto.js +0 -38
package/src/lib/auth/dto/requests/login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/refresh-token.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/refresh-token.request.dto.js +0 -15
package/src/lib/auth/dto/requests/refresh-token.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/reset-password.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/reset-password.request.dto.js +0 -42
package/src/lib/auth/dto/requests/reset-password.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js +0 -16
package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/signup.request.dto.d.ts +0 -7
package/src/lib/auth/dto/requests/signup.request.dto.js +0 -37
package/src/lib/auth/dto/requests/signup.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/social-login.request.dto.d.ts +0 -3
package/src/lib/auth/dto/requests/social-login.request.dto.js +0 -16
package/src/lib/auth/dto/requests/social-login.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-2fa.request.dto.d.ts +0 -5
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js +0 -21
package/src/lib/auth/dto/requests/verify-2fa.request.dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.d.ts +0 -6
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js +0 -35
package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js.map +0 -1
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.d.ts +0 -4
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js +0 -20
package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js.map +0 -1
package/src/lib/auth/dto/responses/auth.response.dto.d.ts +0 -16
package/src/lib/auth/dto/responses/auth.response.dto.js +0 -50
package/src/lib/auth/dto/responses/auth.response.dto.js.map +0 -1
package/src/lib/auth/entities/mfa-secret.entity.d.ts +0 -12
package/src/lib/auth/entities/mfa-secret.entity.js +0 -50
package/src/lib/auth/entities/mfa-secret.entity.js.map +0 -1
package/src/lib/auth/entities/otp.entity.d.ts +0 -13
package/src/lib/auth/entities/otp.entity.js +0 -50
package/src/lib/auth/entities/otp.entity.js.map +0 -1
package/src/lib/auth/events/logged-out-all.event.js +0 -10
package/src/lib/auth/events/logged-out-all.event.js.map +0 -1
package/src/lib/auth/events/logged-out.event.js +0 -10
package/src/lib/auth/events/logged-out.event.js.map +0 -1
package/src/lib/auth/events/password-reset-requested.event.js +0 -10
package/src/lib/auth/events/password-reset-requested.event.js.map +0 -1
package/src/lib/auth/events/password-reset.event.js +0 -10
package/src/lib/auth/events/password-reset.event.js.map +0 -1
package/src/lib/auth/events/user-2fa-verified.event.js +0 -10
package/src/lib/auth/events/user-2fa-verified.event.js.map +0 -1
package/src/lib/auth/events/user-logged-in.event.js +0 -10
package/src/lib/auth/events/user-logged-in.event.js.map +0 -1
package/src/lib/auth/events/user-refresh-token.event.js +0 -10
package/src/lib/auth/events/user-refresh-token.event.js.map +0 -1
package/src/lib/auth/events/user-registered.event.js +0 -10
package/src/lib/auth/events/user-registered.event.js.map +0 -1
package/src/lib/auth/guards/auth.guard.d.ts +0 -28
package/src/lib/auth/guards/auth.guard.js +0 -304
package/src/lib/auth/guards/auth.guard.js.map +0 -1
package/src/lib/auth/index.js +0 -31
package/src/lib/auth/index.js.map +0 -1
package/src/lib/auth/services/auth.service.d.ts +0 -53
package/src/lib/auth/services/auth.service.js +0 -522
package/src/lib/auth/services/auth.service.js.map +0 -1
package/src/lib/auth/services/cookie.service.d.ts +0 -9
package/src/lib/auth/services/cookie.service.js +0 -43
package/src/lib/auth/services/cookie.service.js.map +0 -1
package/src/lib/auth/services/mfa.service.d.ts +0 -38
package/src/lib/auth/services/mfa.service.js +0 -254
package/src/lib/auth/services/mfa.service.js.map +0 -1
package/src/lib/auth.constants.d.ts +0 -39
package/src/lib/auth.constants.js +0 -43
package/src/lib/auth.constants.js.map +0 -1
package/src/lib/core/core.module.d.ts +0 -2
package/src/lib/core/core.module.js +0 -53
package/src/lib/core/core.module.js.map +0 -1
package/src/lib/core/decorators/auth.decorator.d.ts +0 -1
package/src/lib/core/decorators/auth.decorator.js +0 -8
package/src/lib/core/decorators/auth.decorator.js.map +0 -1
package/src/lib/core/decorators/permissions.decorator.d.ts +0 -2
package/src/lib/core/decorators/permissions.decorator.js +0 -14
package/src/lib/core/decorators/permissions.decorator.js.map +0 -1
package/src/lib/core/decorators/role.decorator.d.ts +0 -3
package/src/lib/core/decorators/role.decorator.js +0 -14
package/src/lib/core/decorators/role.decorator.js.map +0 -1
package/src/lib/core/decorators/skip-mfa.decorator.d.ts +0 -2
package/src/lib/core/decorators/skip-mfa.decorator.js +0 -8
package/src/lib/core/decorators/skip-mfa.decorator.js.map +0 -1
package/src/lib/core/dto/message.response.dto.d.ts +0 -3
package/src/lib/core/dto/message.response.dto.js +0 -13
package/src/lib/core/dto/message.response.dto.js.map +0 -1
package/src/lib/core/entities.js +0 -31
package/src/lib/core/entities.js.map +0 -1
package/src/lib/core/index.js +0 -27
package/src/lib/core/index.js.map +0 -1
package/src/lib/core/interfaces/auth-module-options.interface.d.ts +0 -62
package/src/lib/core/interfaces/auth-module-options.interface.js +0 -3
package/src/lib/core/interfaces/auth-module-options.interface.js.map +0 -1
package/src/lib/core/interfaces/mfa-options.interface.d.ts +0 -25
package/src/lib/core/interfaces/mfa-options.interface.js +0 -10
package/src/lib/core/interfaces/mfa-options.interface.js.map +0 -1
package/src/lib/core/interfaces/otp.interface.d.ts +0 -5
package/src/lib/core/interfaces/otp.interface.js +0 -10
package/src/lib/core/interfaces/otp.interface.js.map +0 -1
package/src/lib/core/interfaces/session-options.interface.d.ts +0 -12
package/src/lib/core/interfaces/session-options.interface.js +0 -9
package/src/lib/core/interfaces/session-options.interface.js.map +0 -1
package/src/lib/core/interfaces/token-payload.interface.js +0 -3
package/src/lib/core/interfaces/token-payload.interface.js.map +0 -1
package/src/lib/core/providers/apple-auth.provider.d.ts +0 -18
package/src/lib/core/providers/apple-auth.provider.js +0 -57
package/src/lib/core/providers/apple-auth.provider.js.map +0 -1
package/src/lib/core/providers/base-auth.provider.d.ts +0 -26
package/src/lib/core/providers/base-auth.provider.js +0 -43
package/src/lib/core/providers/base-auth.provider.js.map +0 -1
package/src/lib/core/providers/email-auth.provider.d.ts +0 -17
package/src/lib/core/providers/email-auth.provider.js +0 -40
package/src/lib/core/providers/email-auth.provider.js.map +0 -1
package/src/lib/core/providers/facebook-auth.provider.d.ts +0 -18
package/src/lib/core/providers/facebook-auth.provider.js +0 -56
package/src/lib/core/providers/facebook-auth.provider.js.map +0 -1
package/src/lib/core/providers/google-auth.provider.d.ts +0 -21
package/src/lib/core/providers/google-auth.provider.js +0 -58
package/src/lib/core/providers/google-auth.provider.js.map +0 -1
package/src/lib/core/providers/jwt-auth.provider.d.ts +0 -33
package/src/lib/core/providers/jwt-auth.provider.js +0 -50
package/src/lib/core/providers/jwt-auth.provider.js.map +0 -1
package/src/lib/core/providers/phone-auth.provider.d.ts +0 -18
package/src/lib/core/providers/phone-auth.provider.js +0 -43
package/src/lib/core/providers/phone-auth.provider.js.map +0 -1
package/src/lib/core/services/auth-config.service.d.ts +0 -12
package/src/lib/core/services/auth-config.service.js +0 -79
package/src/lib/core/services/auth-config.service.js.map +0 -1
package/src/lib/core/services/auth-provider-registry.service.d.ts +0 -24
package/src/lib/core/services/auth-provider-registry.service.js +0 -71
package/src/lib/core/services/auth-provider-registry.service.js.map +0 -1
package/src/lib/core/services/debug-logger.service.d.ts +0 -38
package/src/lib/core/services/debug-logger.service.js.map +0 -1
package/src/lib/core/services/initialization.service.d.ts +0 -10
package/src/lib/core/services/initialization.service.js +0 -34
package/src/lib/core/services/initialization.service.js.map +0 -1
package/src/lib/core/services/jwt.service.d.ts +0 -14
package/src/lib/core/services/jwt.service.js +0 -92
package/src/lib/core/services/jwt.service.js.map +0 -1
package/src/lib/nest-auth.module.d.ts +0 -11
package/src/lib/nest-auth.module.js +0 -177
package/src/lib/nest-auth.module.js.map +0 -1
package/src/lib/request-context/request-context.d.ts +0 -22
package/src/lib/request-context/request-context.js.map +0 -1
package/src/lib/request-context/request-context.middleware.d.ts +0 -4
package/src/lib/request-context/request-context.middleware.js +0 -16
package/src/lib/request-context/request-context.middleware.js.map +0 -1
package/src/lib/role/entities/role.entity.d.ts +0 -20
package/src/lib/role/entities/role.entity.js +0 -110
package/src/lib/role/entities/role.entity.js.map +0 -1
package/src/lib/role/index.js +0 -5
package/src/lib/role/index.js.map +0 -1
package/src/lib/role/role.module.d.ts +0 -2
package/src/lib/role/role.module.js +0 -23
package/src/lib/role/role.module.js.map +0 -1
package/src/lib/role/services/role.service.d.ts +0 -20
package/src/lib/role/services/role.service.js.map +0 -1
package/src/lib/session/entities/session.entity.d.ts +0 -16
package/src/lib/session/entities/session.entity.js +0 -63
package/src/lib/session/entities/session.entity.js.map +0 -1
package/src/lib/session/index.d.ts +0 -3
package/src/lib/session/index.js +0 -7
package/src/lib/session/index.js.map +0 -1
package/src/lib/session/services/base-session.service.d.ts +0 -23
package/src/lib/session/services/base-session.service.js +0 -64
package/src/lib/session/services/base-session.service.js.map +0 -1
package/src/lib/session/services/database-session.service.d.ts +0 -17
package/src/lib/session/services/database-session.service.js +0 -51
package/src/lib/session/services/database-session.service.js.map +0 -1
package/src/lib/session/services/redis-session.service.d.ts +0 -20
package/src/lib/session/services/redis-session.service.js +0 -117
package/src/lib/session/services/redis-session.service.js.map +0 -1
package/src/lib/session/session.module.d.ts +0 -2
package/src/lib/session/session.module.js +0 -33
package/src/lib/session/session.module.js.map +0 -1
package/src/lib/tenant/entities/tenant.entity.d.ts +0 -10
package/src/lib/tenant/entities/tenant.entity.js +0 -44
package/src/lib/tenant/entities/tenant.entity.js.map +0 -1
package/src/lib/tenant/events/tenant-created.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-created.event.js +0 -10
package/src/lib/tenant/events/tenant-created.event.js.map +0 -1
package/src/lib/tenant/events/tenant-deleted.event.d.ts +0 -8
package/src/lib/tenant/events/tenant-deleted.event.js +0 -10
package/src/lib/tenant/events/tenant-deleted.event.js.map +0 -1
package/src/lib/tenant/events/tenant-updated.event.js +0 -10
package/src/lib/tenant/events/tenant-updated.event.js.map +0 -1
package/src/lib/tenant/index.d.ts +0 -1
package/src/lib/tenant/index.js +0 -5
package/src/lib/tenant/index.js.map +0 -1
package/src/lib/tenant/services/tenant.service.d.ts +0 -26
package/src/lib/tenant/services/tenant.service.js +0 -200
package/src/lib/tenant/services/tenant.service.js.map +0 -1
package/src/lib/tenant/tenant.module.d.ts +0 -2
package/src/lib/tenant/tenant.module.js +0 -27
package/src/lib/tenant/tenant.module.js.map +0 -1
package/src/lib/user/dto/requests/update-user.dto.d.ts +0 -5
package/src/lib/user/dto/requests/update-user.dto.js +0 -24
package/src/lib/user/dto/requests/update-user.dto.js.map +0 -1
package/src/lib/user/entities/access-key.entity.d.ts +0 -16
package/src/lib/user/entities/access-key.entity.js +0 -63
package/src/lib/user/entities/access-key.entity.js.map +0 -1
package/src/lib/user/entities/identity.entity.d.ts +0 -12
package/src/lib/user/entities/identity.entity.js +0 -47
package/src/lib/user/entities/identity.entity.js.map +0 -1
package/src/lib/user/entities/user.entity.d.ts +0 -39
package/src/lib/user/entities/user.entity.js +0 -201
package/src/lib/user/entities/user.entity.js.map +0 -1
package/src/lib/user/events/user-created.event.js +0 -10
package/src/lib/user/events/user-created.event.js.map +0 -1
package/src/lib/user/events/user-deleted.event.js +0 -10
package/src/lib/user/events/user-deleted.event.js.map +0 -1
package/src/lib/user/events/user-updated.event.js +0 -10
package/src/lib/user/events/user-updated.event.js.map +0 -1
package/src/lib/user/index.d.ts +0 -3
package/src/lib/user/index.js +0 -7
package/src/lib/user/index.js.map +0 -1
package/src/lib/user/services/access-key.service.d.ts +0 -19
package/src/lib/user/services/access-key.service.js +0 -119
package/src/lib/user/services/access-key.service.js.map +0 -1
package/src/lib/user/services/user.service.d.ts +0 -24
package/src/lib/user/services/user.service.js.map +0 -1
package/src/lib/user/user.module.d.ts +0 -2
package/src/lib/user/user.module.js +0 -34
package/src/lib/user/user.module.js.map +0 -1
package/src/lib/utils/database.utils.d.ts +0 -2
package/src/lib/utils/database.utils.js +0 -8
package/src/lib/utils/database.utils.js.map +0 -1
package/src/lib/utils/otp.d.ts +0 -1
package/src/lib/utils/otp.js +0 -7
package/src/lib/utils/otp.js.map +0 -1

package/src/lib/admin-console/dto/login.dto.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { IsEmail, IsNotEmpty, IsString } from 'class-validator';
+export class AdminLoginDto {
+  @IsEmail()
+  email: string;
+  @IsString()
+  @IsNotEmpty()
+  password: string;
+}

package/src/lib/admin-console/dto/reset-password.dto.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { IsEmail, IsNotEmpty, IsString, Matches, MinLength } from 'class-validator';
+export class AdminResetPasswordDto {
+    @IsString()
+    @IsEmail()
+    @IsNotEmpty()
+    email: string;
+    @IsString()
+    @IsNotEmpty()
+    secretKey: string;
+    @IsString()
+    @IsNotEmpty()
+    @MinLength(8)
+    @Matches(
+        /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/,
+        { message: 'Password must contain uppercase, lowercase, number, and special character' }
+    )
+    newPassword: string;
+}

package/src/lib/admin-console/dto/setup-admin.dto.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { IsEmail, IsNotEmpty, IsOptional, IsString, Matches, MinLength } from 'class-validator';
+export class AdminSetupDto {
+  @IsString()
+  @IsNotEmpty()
+  setupKey: string;
+  @IsEmail()
+  email: string;
+  @IsString()
+  @IsNotEmpty()
+  @MinLength(8)
+  @Matches(
+    /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/,
+    { message: 'Password must contain uppercase, lowercase, number, and special character' }
+  )
+  password: string;
+  @IsOptional()
+  @IsString()
+  name?: string;
+}

package/src/lib/admin-console/dto/signup.dto.ts ADDED Viewed

@@ -0,0 +1,51 @@
+import { IsEmail, IsNotEmpty, IsOptional, IsString, Matches, MinLength } from 'class-validator';
+import { ApiProperty } from '@nestjs/swagger';
+export class AdminSignupDto {
+    @ApiProperty({
+        description: 'Admin email address',
+        example: 'admin@example.com'
+    })
+    @IsEmail()
+    @IsNotEmpty()
+    email: string;
+    @ApiProperty({
+        description: 'Admin password (minimum 8 characters, must contain uppercase, lowercase, number, and special character)',
+        example: 'SecurePassword123!',
+        minLength: 8
+    })
+    @IsString()
+    @IsNotEmpty()
+    @MinLength(8)
+    @Matches(
+        /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/,
+        { message: 'Password must contain uppercase, lowercase, number, and special character' }
+    )
+    password: string;
+    @ApiProperty({
+        description: 'Secret key for authorization (provided in module configuration)',
+        example: 'your-secret-key'
+    })
+    @IsString()
+    @IsNotEmpty()
+    secretKey: string;
+    @ApiProperty({
+        description: 'Admin name (optional)',
+        required: false,
+        example: 'Admin User'
+    })
+    @IsOptional()
+    @IsString()
+    name?: string;
+    @ApiProperty({
+        description: 'Additional metadata for the admin user (optional)',
+        required: false,
+        example: { department: 'IT', role: 'super-admin' }
+    })
+    @IsOptional()
+    metadata?: Record<string, any>;
+}

package/src/lib/admin-console/entities/admin-user.entity.ts ADDED Viewed

@@ -0,0 +1,74 @@
+import {
+  BaseEntity,
+  BeforeInsert,
+  BeforeUpdate,
+  Column,
+  CreateDateColumn,
+  Entity,
+  Index,
+  PrimaryGeneratedColumn,
+  UpdateDateColumn,
+} from 'typeorm';
+import * as argon2 from 'argon2';
+@Entity('nest_auth_admin_users')
+export class AdminUser extends BaseEntity {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+  @Column({ unique: true })
+  @Index()
+  email: string;
+  @Column({ nullable: true })
+  name?: string;
+  @Column()
+  passwordHash: string;
+  @Column({ type: 'simple-json', nullable: true, default: '{}' })
+  metadata?: Record<string, any>;
+  @Column({ type: 'datetime', nullable: true })
+  lastLoginAt?: Date;
+  @CreateDateColumn()
+  createdAt: Date;
+  @UpdateDateColumn()
+  updatedAt: Date;
+  @BeforeInsert()
+  normalizeEmail() {
+    if (this.email) {
+      this.email = this.email.toLowerCase();
+    }
+  }
+  @BeforeUpdate()
+  normalizeEmailOnUpdate() {
+    if (this.email) {
+      this.email = this.email.toLowerCase();
+    }
+  }
+  async setPassword(password: string): Promise<void> {
+    this.passwordHash = await argon2.hash(password, {
+      type: argon2.argon2id,
+      memoryCost: 65536,
+      timeCost: 3,
+      parallelism: 4,
+    });
+  }
+  async validatePassword(password: string): Promise<boolean> {
+    if (!this.passwordHash) {
+      return false;
+    }
+    try {
+      return await argon2.verify(this.passwordHash, password);
+    } catch {
+      return false;
+    }
+  }
+}

package/src/lib/admin-console/guards/admin-session.guard.ts ADDED Viewed

@@ -0,0 +1,47 @@
+import {
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { Request } from 'express';
+import { AdminSessionService } from '../services/admin-session.service';
+import { AdminUserService } from '../services/admin-user.service';
+import { AdminConsoleConfigService } from '../services/admin-console-config.service';
+import { AdminUser } from '../entities/admin-user.entity';
+export interface AdminRequest extends Request {
+  adminUser?: AdminUser;
+}
+@Injectable()
+export class AdminSessionGuard implements CanActivate {
+  constructor(
+    private readonly sessions: AdminSessionService,
+    private readonly adminUsers: AdminUserService,
+    private readonly config: AdminConsoleConfigService,
+  ) { }
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const req = context.switchToHttp().getRequest<AdminRequest>();
+    this.config.ensureEnabled();
+    const token = this.sessions.extractToken(req);
+    if (!token) {
+      throw new UnauthorizedException('Admin authentication required');
+    }
+    const payload = this.sessions.verifySession(token);
+    if (!payload) {
+      throw new UnauthorizedException('Invalid admin session');
+    }
+    const admin = await this.adminUsers.findById(payload.sub);
+    if (!admin) {
+      throw new UnauthorizedException('Admin account not found');
+    }
+    req.adminUser = admin;
+    return true;
+  }
+}

package/src/lib/admin-console/services/admin-auth.service.ts ADDED Viewed

@@ -0,0 +1,82 @@
+import { Injectable, UnauthorizedException, BadRequestException } from '@nestjs/common';
+import { AdminUserService } from './admin-user.service';
+import { AdminSessionService } from './admin-session.service';
+import { AdminConsoleConfigService } from './admin-console-config.service';
+import { AdminUser } from '../entities/admin-user.entity';
+import { DebugLoggerService } from '../../core/services/debug-logger.service';
+import { compareKeys } from '../../utils/security.util';
+@Injectable()
+export class AdminAuthService {
+  constructor(
+    private readonly adminUsers: AdminUserService,
+    private readonly sessions: AdminSessionService,
+    private readonly config: AdminConsoleConfigService,
+    private readonly debugLogger: DebugLoggerService,
+  ) { }
+  async validateCredentials(email: string, password: string): Promise<AdminUser> {
+    const admin = await this.adminUsers.findByEmail(email);
+    if (!admin) {
+      throw new UnauthorizedException('Invalid credentials');
+    }
+    const valid = await admin.validatePassword(password);
+    if (!valid) {
+      throw new UnauthorizedException('Invalid credentials');
+    }
+    admin.lastLoginAt = new Date();
+    await admin.save();
+    return admin;
+  }
+  async createInitialAdmin(payload: {
+    setupKey: string;
+    email: string;
+    password: string;
+    name?: string;
+    metadata?: Record<string, any>;
+  }): Promise<AdminUser> {
+    this.config.ensureEnabled();
+    const configuredKey = this.config.getSecretKey();
+    if (!configuredKey) {
+      throw new BadRequestException({
+        message: 'Admin console setup key is not configured.',
+        code: 'ADMIN_CONSOLE_SETUP_DISABLED',
+      });
+    }
+    // Use constant-time comparison to prevent timing attacks
+    if (!compareKeys(payload.setupKey, configuredKey)) {
+      throw new UnauthorizedException({
+        message: 'Invalid admin console setup key.',
+        code: 'INVALID_ADMIN_CONSOLE_SETUP_KEY',
+      });
+    }
+    const existingAdmins = await this.adminUsers.listAdmins();
+    if (existingAdmins.length > 0) {
+      throw new BadRequestException({
+        message: 'Admin users already exist. Use the dashboard to manage administrators.',
+        code: 'ADMIN_USERS_ALREADY_INITIALIZED',
+      });
+    }
+    // Mask email to avoid logging PII
+    const maskedEmail = payload.email.replace(/(.{2})(.*)(@.*)/, '$1****$3');
+    this.debugLogger.info('Creating initial admin console user', 'AdminAuthService', {
+      email: maskedEmail,
+    });
+    return this.adminUsers.createAdmin({
+      email: payload.email,
+      password: payload.password,
+      name: payload.name,
+      metadata: payload.metadata,
+    });
+  }
+  createSession(admin: AdminUser): string {
+    return this.sessions.createSession(admin);
+  }
+}

package/src/lib/admin-console/services/admin-console-config.service.ts ADDED Viewed

@@ -0,0 +1,62 @@
+import { Injectable, NotFoundException } from '@nestjs/common';
+import { AuthConfigService } from '../../core/services/auth-config.service';
+import { AdminConsoleOptions } from '../../core/interfaces/auth-module-options.interface';
+import { CookieOptions } from 'express';
+@Injectable()
+export class AdminConsoleConfigService {
+  constructor(private readonly authConfig: AuthConfigService) { }
+  get options(): AdminConsoleOptions {
+    return this.authConfig.getConfig().adminConsole ?? ({} as AdminConsoleOptions);
+  }
+  ensureEnabled(): void {
+    if (this.options?.enabled === false) {
+      throw new NotFoundException('Admin console is disabled');
+    }
+  }
+  getCookieName(): string {
+    return this.options?.sessionCookieName ?? 'nest_auth_admin';
+  }
+  getBasePath(): string {
+    return this.options?.basePath;
+  }
+  getSessionSecret(): string {
+    // Use secretKey for session signing - unified key for all admin console security operations
+    return this.options?.secretKey ?? 'change-me-admin-secret';
+  }
+  getSessionDuration(): string | number {
+    return this.options?.sessionDuration ?? '2h';
+  }
+  getCookieOptions(): CookieOptions {
+    // Determine secure flag based on environment
+    const secureDefault = process.env.NODE_ENV === 'production';
+    const base: CookieOptions = {
+      httpOnly: true,
+      sameSite: 'lax',
+      secure: secureDefault,
+      path: this.getBasePath(),
+    };
+    return {
+      ...base,
+      ...(this.options?.cookie ?? {}),
+      path: this.options?.cookie?.path ?? base.path,
+    };
+  }
+  allowAdminManagement(): boolean {
+    return this.options?.allowAdminManagement !== false;
+  }
+  getSecretKey(): string | undefined {
+    return this.options?.secretKey;
+  }
+}

package/src/lib/admin-console/services/admin-session.service.ts ADDED Viewed

@@ -0,0 +1,106 @@
+import { Injectable } from '@nestjs/common';
+import { Request } from 'express';
+import * as jwt from 'jsonwebtoken';
+import ms from 'ms';
+import { AdminConsoleConfigService } from './admin-console-config.service';
+import { AdminUser } from '../entities/admin-user.entity';
+interface AdminSessionPayload {
+  sub: string;
+  email: string;
+  iat: number;
+  exp: number;
+}
+@Injectable()
+export class AdminSessionService {
+  constructor(private readonly config: AdminConsoleConfigService) { }
+  createSession(admin: AdminUser): string {
+    const secret = this.config.getSessionSecret();
+    const duration = this.config.getSessionDuration();
+    const expiresIn = typeof duration === 'number' ? duration : duration || '2h';
+    return jwt.sign(
+      {
+        sub: admin.id,
+        email: admin.email,
+      },
+      secret,
+      {
+        expiresIn,
+      },
+    );
+  }
+  verifySession(token: string): AdminSessionPayload | null {
+    if (!token) {
+      return null;
+    }
+    try {
+      return jwt.verify(token, this.config.getSessionSecret()) as AdminSessionPayload;
+    } catch (error) {
+      // Log JWT verification failures for security monitoring
+      console.warn('JWT verification failed:', error.message);
+      return null;
+    }
+  }
+  getCookieName(): string {
+    return this.config.getCookieName();
+  }
+  getMaxAge(): number | undefined {
+    const duration = this.config.getSessionDuration();
+    if (typeof duration === 'number') {
+      return duration * 1000;
+    }
+    if (typeof duration === 'string') {
+      return ms(duration);
+    }
+    return ms('2h');
+  }
+  extractToken(request: Request): string | undefined {
+    const cookieName = this.getCookieName();
+    const cookieHeader = request.headers?.cookie;
+    if (request.cookies && request.cookies[cookieName]) {
+      return request.cookies[cookieName];
+    }
+    if (!cookieHeader) {
+      return undefined;
+    }
+    const cookies = this.parseCookieHeader(cookieHeader);
+    return cookies[cookieName];
+  }
+  /**
+   * Invalidate all sessions for a given admin user.
+   * Since we're using stateless JWT tokens, this is a no-op for now,
+   * but provides a hook for future stateful session implementations.
+   */
+  async invalidateSessionForAdmin(adminId: string): Promise<void> {
+    // With JWT-based stateless sessions, we can't revoke tokens server-side
+    // This method exists for future implementations that use database-backed sessions
+    // For now, clearing the client cookie in the logout handler is sufficient
+    return Promise.resolve();
+  }
+  private parseCookieHeader(header: string): Record<string, string> {
+    return header.split(';').reduce<Record<string, string>>((acc, part) => {
+      const [key, ...rest] = part.split('=');
+      if (!key) {
+        return acc;
+      }
+      try {
+        acc[key.trim()] = decodeURIComponent(rest.join('=').trim());
+      } catch (error) {
+        // If decoding fails, use the raw value
+        acc[key.trim()] = rest.join('=').trim();
+      }
+      return acc;
+    }, {});
+  }
+}

package/src/lib/admin-console/services/admin-user.service.ts ADDED Viewed

@@ -0,0 +1,96 @@
+import { ConflictException, Injectable, NotFoundException } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { AdminUser } from '../entities/admin-user.entity';
+import { DebugLoggerService } from '../../core/services/debug-logger.service';
+@Injectable()
+export class AdminUserService {
+  constructor(
+    @InjectRepository(AdminUser)
+    private readonly adminRepo: Repository<AdminUser>,
+    private readonly debugLogger: DebugLoggerService,
+  ) {}
+  async createAdmin(data: {
+    email: string;
+    password: string;
+    name?: string;
+    metadata?: Record<string, any>;
+  }): Promise<AdminUser> {
+    const email = data.email.toLowerCase();
+    const existing = await this.adminRepo.findOne({ where: { email } });
+    if (existing) {
+      throw new ConflictException({
+        message: `Admin user with email ${email} already exists.`,
+        code: 'ADMIN_USER_EXISTS',
+      });
+    }
+    const admin = this.adminRepo.create({
+      email,
+      name: data.name,
+      metadata: data.metadata ?? {},
+    });
+    await admin.setPassword(data.password);
+    this.debugLogger.debug('Creating admin user', 'AdminUserService', { email });
+    await this.adminRepo.save(admin);
+    this.debugLogger.info('Admin user created', 'AdminUserService', { id: admin.id, email });
+    return admin;
+  }
+  async findByEmail(email: string): Promise<AdminUser | null> {
+    if (!email) {
+      return null;
+    }
+    return this.adminRepo.findOne({ where: { email: email.toLowerCase() } });
+  }
+  async findById(id: string): Promise<AdminUser | null> {
+    if (!id) {
+      return null;
+    }
+    return this.adminRepo.findOne({ where: { id } });
+  }
+  async listAdmins(): Promise<AdminUser[]> {
+    return this.adminRepo.find({ order: { createdAt: 'DESC' } });
+  }
+  async updateAdmin(
+    id: string,
+    data: { name?: string; password?: string; metadata?: Record<string, any> },
+  ): Promise<AdminUser> {
+    const admin = await this.findById(id);
+    if (!admin) {
+      throw new NotFoundException({
+        message: `Admin user with ID ${id} not found`,
+        code: 'ADMIN_USER_NOT_FOUND',
+      });
+    }
+    if (data.name !== undefined) {
+      admin.name = data.name;
+    }
+    if (data.metadata !== undefined) {
+      admin.metadata = data.metadata;
+    }
+    if (data.password) {
+      await admin.setPassword(data.password);
+    }
+    await this.adminRepo.save(admin);
+    return admin;
+  }
+  async deleteAdmin(id: string): Promise<void> {
+    const admin = await this.findById(id);
+    if (!admin) {
+      throw new NotFoundException({
+        message: `Admin user with ID ${id} not found`,
+        code: 'ADMIN_USER_NOT_FOUND',
+      });
+    }
+    await this.adminRepo.delete(id);
+  }
+}