npm - @ackplus/nest-auth - Versions diffs - 1.1.0 → 1.1.2 - Mend

@ackplus/nest-auth 1.1.0 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (645) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ackplus/nest-auth",
-  "version": "1.1.0",
+  "version": "1.1.2",
   "type": "commonjs",
   "main": "./src/index.js",
   "types": "./src/index.d.ts",
@@ -23,4 +23,4 @@
     "typeorm": "^0.3.21",
     "uuid": "^11.0.5"
   }
-}
+}

package/src/{index.ts → index.d.ts} RENAMED Viewed

@@ -1,8 +1,5 @@
 export * from './lib/nest-auth.module';
 export * from './lib/auth.constants';
-// Modules
 export * from './lib/auth';
 export * from './lib/session';
 export * from './lib/user';
@@ -10,21 +7,8 @@ export * from './lib/role';
 export * from './lib/tenant';
 export * from './lib/core';
 export * from './lib/request-context';
-// Types and interfaces for configuration
-export {
-  AuthModuleOptions,
-  AuthModuleAsyncOptions,
-  AuthModuleOptionsFactory,
-  DefaultTenantOptions,
-  AdminConsoleOptions,
-} from './lib/core/interfaces/auth-module-options.interface';
-// Static configuration service
+export { AuthModuleOptions, AuthModuleAsyncOptions, AuthModuleOptionsFactory, DefaultTenantOptions, AdminConsoleOptions, } from './lib/core/interfaces/auth-module-options.interface';
 export { AuthConfigService } from './lib/core/services/auth-config.service';
-// Debug logging
 export { DebugLoggerService, DebugLogLevel, DebugLogOptions } from './lib/core/services/debug-logger.service';
-// Admin console exports
 export { AdminUser as NestAuthAdminUser } from './lib/admin-console/entities/admin-user.entity';
+//# sourceMappingURL=index.d.ts.map

package/src/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../packages/nest-auth/src/index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AAEvC,cAAc,sBAAsB,CAAC;AAGrC,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,cAAc,YAAY,CAAC;AAC3B,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,uBAAuB,CAAC;AAGtC,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EACtB,wBAAwB,EACxB,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,qDAAqD,CAAC;AAG7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AAG5E,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,0CAA0C,CAAC;AAG9G,OAAO,EAAE,SAAS,IAAI,iBAAiB,EAAE,MAAM,gDAAgD,CAAC"}

package/src/index.js ADDED Viewed

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NestAuthAdminUser = exports.DebugLogLevel = exports.DebugLoggerService = exports.AuthConfigService = void 0;
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./lib/nest-auth.module"), exports);
+tslib_1.__exportStar(require("./lib/auth.constants"), exports);
+// Modules
+tslib_1.__exportStar(require("./lib/auth"), exports);
+tslib_1.__exportStar(require("./lib/session"), exports);
+tslib_1.__exportStar(require("./lib/user"), exports);
+tslib_1.__exportStar(require("./lib/role"), exports);
+tslib_1.__exportStar(require("./lib/tenant"), exports);
+tslib_1.__exportStar(require("./lib/core"), exports);
+tslib_1.__exportStar(require("./lib/request-context"), exports);
+// Static configuration service
+var auth_config_service_1 = require("./lib/core/services/auth-config.service");
+Object.defineProperty(exports, "AuthConfigService", { enumerable: true, get: function () { return auth_config_service_1.AuthConfigService; } });
+// Debug logging
+var debug_logger_service_1 = require("./lib/core/services/debug-logger.service");
+Object.defineProperty(exports, "DebugLoggerService", { enumerable: true, get: function () { return debug_logger_service_1.DebugLoggerService; } });
+Object.defineProperty(exports, "DebugLogLevel", { enumerable: true, get: function () { return debug_logger_service_1.DebugLogLevel; } });
+// Admin console exports
+var admin_user_entity_1 = require("./lib/admin-console/entities/admin-user.entity");
+Object.defineProperty(exports, "NestAuthAdminUser", { enumerable: true, get: function () { return admin_user_entity_1.AdminUser; } });

package/src/lib/admin-console/admin-console.module.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export declare class AdminConsoleModule {
+}
+//# sourceMappingURL=admin-console.module.d.ts.map

package/src/lib/admin-console/admin-console.module.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"admin-console.module.d.ts","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/admin-console/admin-console.module.ts"],"names":[],"mappings":"AAwBA,qBAqCa,kBAAkB;CAAI"}

package/src/lib/admin-console/admin-console.module.js ADDED Viewed

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AdminConsoleModule = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const typeorm_1 = require("@nestjs/typeorm");
+const admin_user_entity_1 = require("./entities/admin-user.entity");
+const admin_user_service_1 = require("./services/admin-user.service");
+const admin_auth_service_1 = require("./services/admin-auth.service");
+const admin_session_service_1 = require("./services/admin-session.service");
+const admin_console_controller_1 = require("./controllers/admin-console.controller");
+const admin_auth_controller_1 = require("./controllers/admin-auth.controller");
+const admin_session_guard_1 = require("./guards/admin-session.guard");
+const user_module_1 = require("../user/user.module");
+const role_module_1 = require("../role/role.module");
+const tenant_module_1 = require("../tenant/tenant.module");
+const admin_users_controller_1 = require("./controllers/admin-users.controller");
+const admin_roles_controller_1 = require("./controllers/admin-roles.controller");
+const admin_tenants_controller_1 = require("./controllers/admin-tenants.controller");
+const admin_permissions_controller_1 = require("./controllers/admin-permissions.controller");
+const admin_console_config_service_1 = require("./services/admin-console-config.service");
+const auth_module_1 = require("../auth/auth.module");
+const mfa_secret_entity_1 = require("../auth/entities/mfa-secret.entity");
+const user_entity_1 = require("../user/entities/user.entity");
+const permission_module_1 = require("../permission/permission.module");
+const session_module_1 = require("../session/session.module");
+const role_entity_1 = require("../role/entities/role.entity");
+let AdminConsoleModule = class AdminConsoleModule {
+};
+exports.AdminConsoleModule = AdminConsoleModule;
+exports.AdminConsoleModule = AdminConsoleModule = tslib_1.__decorate([
+    (0, common_1.Module)({
+        imports: [
+            typeorm_1.TypeOrmModule.forFeature([admin_user_entity_1.AdminUser, mfa_secret_entity_1.NestAuthMFASecret, user_entity_1.NestAuthUser, role_entity_1.NestAuthRole]),
+            (0, common_1.forwardRef)(() => auth_module_1.AuthModule),
+            (0, common_1.forwardRef)(() => user_module_1.UserModule),
+            (0, common_1.forwardRef)(() => role_module_1.RoleModule),
+            (0, common_1.forwardRef)(() => tenant_module_1.TenantModule),
+            (0, common_1.forwardRef)(() => session_module_1.SessionModule),
+            permission_module_1.PermissionModule,
+        ],
+        providers: [
+            admin_user_service_1.AdminUserService,
+            admin_auth_service_1.AdminAuthService,
+            admin_session_service_1.AdminSessionService,
+            admin_console_config_service_1.AdminConsoleConfigService,
+            admin_session_guard_1.AdminSessionGuard,
+        ],
+        controllers: [
+            // Register API controllers FIRST so they match before the UI catch-all route
+            // More specific routes must be registered before less specific ones
+            admin_auth_controller_1.AdminAuthController,
+            admin_users_controller_1.AdminUsersController,
+            admin_roles_controller_1.AdminRolesController,
+            admin_tenants_controller_1.AdminTenantsController,
+            admin_permissions_controller_1.AdminPermissionsController,
+            // UI controller LAST - it has catch-all routes that should only match non-API paths
+            admin_console_controller_1.AdminConsoleController,
+        ],
+        exports: [
+            admin_user_service_1.AdminUserService,
+            admin_auth_service_1.AdminAuthService,
+            admin_session_service_1.AdminSessionService,
+            admin_console_config_service_1.AdminConsoleConfigService,
+            admin_session_guard_1.AdminSessionGuard,
+            typeorm_1.TypeOrmModule,
+        ],
+    })
+], AdminConsoleModule);

package/src/lib/admin-console/controllers/admin-auth.controller.d.ts ADDED Viewed

@@ -0,0 +1,134 @@
+import { Response } from 'express';
+import { AdminAuthService } from '../services/admin-auth.service';
+import { AdminSessionService } from '../services/admin-session.service';
+import { AdminConsoleConfigService } from '../services/admin-console-config.service';
+import { AdminLoginDto } from '../dto/login.dto';
+import { AdminResetPasswordDto } from '../dto/reset-password.dto';
+import { AdminSignupDto } from '../dto/signup.dto';
+import { AdminUser } from '../entities/admin-user.entity';
+import { CreateDashboardAdminDto, UpdateDashboardAdminDto } from '../dto/create-dashboard-admin.dto';
+import { AdminUserService } from '../services/admin-user.service';
+import { UserService } from '../../user/services/user.service';
+import { RoleService } from '../../role/services/role.service';
+import { TenantService } from '../../tenant/services/tenant.service';
+import { Repository } from 'typeorm';
+import { NestAuthUser } from '../../user/entities/user.entity';
+export declare class AdminAuthController {
+    private readonly adminAuth;
+    private readonly sessions;
+    private readonly config;
+    private readonly adminUsers;
+    private readonly userService;
+    private readonly roleService;
+    private readonly tenantService;
+    private readonly userRepository;
+    constructor(adminAuth: AdminAuthService, sessions: AdminSessionService, config: AdminConsoleConfigService, adminUsers: AdminUserService, userService: UserService, roleService: RoleService, tenantService: TenantService, userRepository: Repository<NestAuthUser>);
+    private getCookieOptions;
+    signup(dto: AdminSignupDto): Promise<{
+        message: string;
+        admin: {
+            id: string;
+            email: string;
+            name: string;
+            metadata: Record<string, any>;
+            lastLoginAt: Date;
+            createdAt: Date;
+            updatedAt: Date;
+        };
+    }>;
+    login(dto: AdminLoginDto, res: Response): Promise<{
+        message: string;
+        admin: {
+            id: string;
+            email: string;
+            name: string;
+            metadata: Record<string, any>;
+            lastLoginAt: Date;
+            createdAt: Date;
+            updatedAt: Date;
+        };
+    }>;
+    logout(admin: AdminUser, res: Response): Promise<{
+        message: string;
+    }>;
+    me(admin: AdminUser): Promise<{
+        id: string;
+        email: string;
+        name: string;
+        metadata: Record<string, any>;
+        lastLoginAt: Date;
+        createdAt: Date;
+        updatedAt: Date;
+    }>;
+    publicConfig(): Promise<{
+        allowAdminManagement: boolean;
+    }>;
+    getDashboardStats(): Promise<{
+        stats: {
+            totalUsers: number;
+            activeUsers: number;
+            verifiedUsers: number;
+            totalRoles: number;
+            totalTenants: number;
+            recentSignups: number;
+        };
+        activityData: {
+            name: string;
+            users: number;
+        }[];
+    }>;
+    getSetupStatus(): Promise<{
+        needsSetup: boolean;
+        stats: {
+            usersCount: number;
+            rolesCount: number;
+        };
+        setupSteps: {
+            id: string;
+            title: string;
+            description: string;
+            completed: boolean;
+        }[];
+    }>;
+    listAdmins(): Promise<{
+        data: {
+            id: string;
+            email: string;
+            name: string;
+            metadata: Record<string, any>;
+            lastLoginAt: Date;
+            createdAt: Date;
+            updatedAt: Date;
+        }[];
+    }>;
+    createAdmin(dto: CreateDashboardAdminDto): Promise<{
+        admin: {
+            id: string;
+            email: string;
+            name: string;
+            metadata: Record<string, any>;
+            lastLoginAt: Date;
+            createdAt: Date;
+            updatedAt: Date;
+        };
+    }>;
+    updateAdmin(id: string, dto: UpdateDashboardAdminDto): Promise<{
+        admin: {
+            id: string;
+            email: string;
+            name: string;
+            metadata: Record<string, any>;
+            lastLoginAt: Date;
+            createdAt: Date;
+            updatedAt: Date;
+        };
+    }>;
+    deleteAdmin(id: string): Promise<{
+        message: string;
+    }>;
+    resetPassword(dto: AdminResetPasswordDto): Promise<{
+        message: string;
+    }>;
+    private toSafeAdmin;
+}
+//# sourceMappingURL=admin-auth.controller.d.ts.map

package/src/lib/admin-console/controllers/admin-auth.controller.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"admin-auth.controller.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/admin-console/controllers/admin-auth.controller.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EAAE,yBAAyB,EAAE,MAAM,0CAA0C,CAAC;AACrF,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAGnD,OAAO,EAAE,SAAS,EAAE,MAAM,+BAA+B,CAAC;AAC1D,OAAO,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,mCAAmC,CAAC;AACrG,OAAO,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAGlE,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAG/D,qBACa,mBAAmB;IAE5B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAE9B,OAAO,CAAC,QAAQ,CAAC,cAAc;gBARd,SAAS,EAAE,gBAAgB,EAC3B,QAAQ,EAAE,mBAAmB,EAC7B,MAAM,EAAE,yBAAyB,EACjC,UAAU,EAAE,gBAAgB,EAC5B,WAAW,EAAE,WAAW,EACxB,WAAW,EAAE,WAAW,EACxB,aAAa,EAAE,aAAa,EAE5B,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC;IAG3D,OAAO,CAAC,gBAAgB;IAUlB,MAAM,CAAS,GAAG,EAAE,cAAc;;;;;;;;;;;;IAoClC,KAAK,CAAS,GAAG,EAAE,aAAa,EAA8B,GAAG,EAAE,QAAQ;;;;;;;;;;;;IAa3E,MAAM,CAAiB,KAAK,EAAE,SAAS,EAA8B,GAAG,EAAE,QAAQ;;;IAkBlF,EAAE,CAAiB,KAAK,EAAE,SAAS;;;;;;;;;IAKnC,YAAY;;;IASZ,iBAAiB;;;;;;;;;;kBAuBa,MAAM;mBAAS,MAAM;;;IAmDnD,cAAc;;;;;;;;;;;;;IAkCd,UAAU;;;;;;;;;;;IAYV,WAAW,CAAS,GAAG,EAAE,uBAAuB;;;;;;;;;;;IAUhD,WAAW,CAAc,EAAE,EAAE,MAAM,EAAU,GAAG,EAAE,uBAAuB;;;;;;;;;;;IAUzE,WAAW,CAAc,EAAE,EAAE,MAAM;;;IASnC,aAAa,CAAS,GAAG,EAAE,qBAAqB;;;IAqCtD,OAAO,CAAC,WAAW;CAWpB"}

package/src/lib/admin-console/controllers/admin-auth.controller.js ADDED Viewed

@@ -0,0 +1,374 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AdminAuthController = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const admin_auth_service_1 = require("../services/admin-auth.service");
+const admin_session_service_1 = require("../services/admin-session.service");
+const admin_console_config_service_1 = require("../services/admin-console-config.service");
+const login_dto_1 = require("../dto/login.dto");
+const reset_password_dto_1 = require("../dto/reset-password.dto");
+const signup_dto_1 = require("../dto/signup.dto");
+const admin_session_guard_1 = require("../guards/admin-session.guard");
+const current_admin_decorator_1 = require("../decorators/current-admin.decorator");
+const admin_user_entity_1 = require("../entities/admin-user.entity");
+const create_dashboard_admin_dto_1 = require("../dto/create-dashboard-admin.dto");
+const admin_user_service_1 = require("../services/admin-user.service");
+const security_util_1 = require("../../utils/security.util");
+const user_service_1 = require("../../user/services/user.service");
+const role_service_1 = require("../../role/services/role.service");
+const tenant_service_1 = require("../../tenant/services/tenant.service");
+const typeorm_1 = require("@nestjs/typeorm");
+const typeorm_2 = require("typeorm");
+const user_entity_1 = require("../../user/entities/user.entity");
+const typeorm_3 = require("typeorm");
+let AdminAuthController = class AdminAuthController {
+    constructor(adminAuth, sessions, config, adminUsers, userService, roleService, tenantService, userRepository) {
+        this.adminAuth = adminAuth;
+        this.sessions = sessions;
+        this.config = config;
+        this.adminUsers = adminUsers;
+        this.userService = userService;
+        this.roleService = roleService;
+        this.tenantService = tenantService;
+        this.userRepository = userRepository;
+    }
+    getCookieOptions() {
+        const opts = this.config.getCookieOptions();
+        const maxAge = this.sessions.getMaxAge();
+        if (maxAge) {
+            opts.maxAge = maxAge;
+        }
+        return opts;
+    }
+    async signup(dto) {
+        this.config.ensureEnabled();
+        // Validate secret key using constant-time comparison to prevent timing attacks
+        const secretKey = this.config.getSecretKey();
+        console.log('secretKey', secretKey);
+        console.log('dto.secretKey', dto.secretKey);
+        if (!secretKey) {
+            throw new common_1.BadRequestException({
+                message: 'Admin console secret key is not configured. Please configure adminConsole.secretKey in AuthModuleOptions.',
+                code: 'ADMIN_CONSOLE_SECRET_NOT_CONFIGURED',
+            });
+        }
+        if (!(0, security_util_1.compareKeys)(dto.secretKey, secretKey)) {
+            throw new common_1.UnauthorizedException({
+                message: 'Invalid secret key',
+                code: 'INVALID_SECRET_KEY',
+            });
+        }
+        // Create admin user - allows multiple admins (no restriction like initialize)
+        const admin = await this.adminUsers.createAdmin({
+            email: dto.email,
+            password: dto.password,
+            name: dto.name,
+            metadata: dto.metadata || {},
+        });
+        return {
+            message: 'Admin user created successfully',
+            admin: this.toSafeAdmin(admin),
+        };
+    }
+    async login(dto, res) {
+        this.config.ensureEnabled();
+        const admin = await this.adminAuth.validateCredentials(dto.email, dto.password);
+        const token = this.sessions.createSession(admin);
+        res.cookie(this.sessions.getCookieName(), token, this.getCookieOptions());
+        return {
+            message: 'Signed in successfully',
+            admin: this.toSafeAdmin(admin),
+        };
+    }
+    async logout(admin, res) {
+        // Invalidate server-side session if session ID is available
+        try {
+            await this.sessions.invalidateSessionForAdmin(admin.id);
+        }
+        catch (error) {
+            // Log error but continue with logout to ensure client cookie is cleared
+            console.error('Failed to invalidate admin session:', error);
+        }
+        res.cookie(this.sessions.getCookieName(), '', {
+            ...this.getCookieOptions(),
+            maxAge: 0,
+        });
+        return { message: 'Signed out' };
+    }
+    async me(admin) {
+        return this.toSafeAdmin(admin);
+    }
+    async publicConfig() {
+        // Only return properties that are actually used by the UI
+        return {
+            allowAdminManagement: this.config.allowAdminManagement(),
+        };
+    }
+    async getDashboardStats() {
+        // Get total counts efficiently
+        const [totalUsers, activeUsers, verifiedUsers] = await Promise.all([
+            this.userService.countUsers(),
+            this.userService.countUsers({ where: { isActive: true } }),
+            this.userService.countUsers({ where: { isVerified: true } }),
+        ]);
+        // Get roles and tenants counts
+        const roles = await this.roleService.getRoles();
+        const tenants = await this.tenantService.getTenants({ order: { createdAt: 'DESC' } });
+        // Calculate recent signups (last 7 days) - server-side
+        const sevenDaysAgo = new Date();
+        sevenDaysAgo.setDate(sevenDaysAgo.getDate() - 7);
+        sevenDaysAgo.setHours(0, 0, 0, 0);
+        const recentSignups = await this.userService.countUsers({
+            where: { createdAt: (0, typeorm_3.MoreThanOrEqual)(sevenDaysAgo) },
+        });
+        // Calculate signups per day for the last 7 days using SQL aggregation
+        const dayNames = ['Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat'];
+        const activityData = [];
+        // Initialize with 0 for each day
+        for (let i = 6; i >= 0; i--) {
+            const date = new Date();
+            date.setDate(date.getDate() - i);
+            date.setHours(0, 0, 0, 0);
+            const dayName = dayNames[date.getDay()];
+            activityData.push({ name: dayName, users: 0 });
+        }
+        // Query signups per day - fetch all signups from last 7 days and group in memory
+        // This is more database-agnostic than using DATE() which varies by DB type
+        const sevenDaysAgoStart = new Date();
+        sevenDaysAgoStart.setDate(sevenDaysAgoStart.getDate() - 7);
+        sevenDaysAgoStart.setHours(0, 0, 0, 0);
+        const recentUsers = await this.userRepository.find({
+            where: { createdAt: (0, typeorm_3.MoreThanOrEqual)(sevenDaysAgoStart) },
+            select: ['createdAt'],
+        });
+        // Group signups by day in memory
+        recentUsers.forEach((user) => {
+            const signupDate = new Date(user.createdAt);
+            signupDate.setHours(0, 0, 0, 0);
+            const today = new Date();
+            today.setHours(0, 0, 0, 0);
+            const daysDiff = Math.floor((today.getTime() - signupDate.getTime()) / (1000 * 60 * 60 * 24));
+            if (daysDiff >= 0 && daysDiff <= 6) {
+                const index = 6 - daysDiff;
+                if (index >= 0 && index < activityData.length) {
+                    activityData[index].users += 1;
+                }
+            }
+        });
+        return {
+            stats: {
+                totalUsers,
+                activeUsers,
+                verifiedUsers,
+                totalRoles: roles.length,
+                totalTenants: tenants.length,
+                recentSignups,
+            },
+            activityData,
+        };
+    }
+    async getSetupStatus() {
+        this.config.ensureEnabled();
+        // Check if nest-auth requires setup
+        const userCount = await this.userService.countUsers();
+        const rolesCount = await this.roleService.getRoles();
+        const needsSetup = userCount === 0 || rolesCount.length === 0;
+        return {
+            needsSetup,
+            stats: {
+                usersCount: userCount,
+                rolesCount: rolesCount.length,
+            },
+            setupSteps: [
+                {
+                    id: 'roles',
+                    title: 'Create Roles',
+                    description: 'Set up roles and permissions for your users',
+                    completed: rolesCount.length > 0,
+                },
+                {
+                    id: 'users',
+                    title: 'Create Users',
+                    description: 'Add users to your system',
+                    completed: userCount > 0,
+                },
+            ],
+        };
+    }
+    async listAdmins() {
+        if (!this.config.allowAdminManagement()) {
+            throw new common_1.ForbiddenException('Admin management disabled');
+        }
+        const admins = await this.adminUsers.listAdmins();
+        return {
+            data: admins.map((admin) => this.toSafeAdmin(admin)),
+        };
+    }
+    async createAdmin(dto) {
+        if (!this.config.allowAdminManagement()) {
+            throw new common_1.ForbiddenException('Admin management disabled');
+        }
+        const admin = await this.adminUsers.createAdmin(dto);
+        return { admin: this.toSafeAdmin(admin) };
+    }
+    async updateAdmin(id, dto) {
+        if (!this.config.allowAdminManagement()) {
+            throw new common_1.ForbiddenException('Admin management disabled');
+        }
+        const admin = await this.adminUsers.updateAdmin(id, dto);
+        return { admin: this.toSafeAdmin(admin) };
+    }
+    async deleteAdmin(id) {
+        if (!this.config.allowAdminManagement()) {
+            throw new common_1.ForbiddenException('Admin management disabled');
+        }
+        await this.adminUsers.deleteAdmin(id);
+        return { message: 'Admin deleted successfully' };
+    }
+    async resetPassword(dto) {
+        this.config.ensureEnabled();
+        // Validate secret key using constant-time comparison to prevent timing attacks
+        const secretKey = this.config.getSecretKey();
+        if (!secretKey) {
+            throw new common_1.UnauthorizedException({
+                message: 'Admin console secret key not configured',
+                code: 'SECRET_KEY_NOT_CONFIGURED',
+            });
+        }
+        if (!(0, security_util_1.compareKeys)(dto.secretKey, secretKey)) {
+            throw new common_1.UnauthorizedException({
+                message: 'Invalid secret key',
+                code: 'INVALID_SECRET_KEY',
+            });
+        }
+        // Find the admin by email
+        const admin = await this.adminUsers.findByEmail(dto.email);
+        if (!admin) {
+            // Return generic error to avoid revealing if email exists
+            throw new common_1.UnauthorizedException({
+                message: 'Invalid credentials',
+                code: 'INVALID_CREDENTIALS',
+            });
+        }
+        // Update the password
+        await this.adminUsers.updateAdmin(admin.id, { password: dto.newPassword });
+        return {
+            message: 'Password reset successfully',
+        };
+    }
+    toSafeAdmin(admin) {
+        return {
+            id: admin.id,
+            email: admin.email,
+            name: admin.name,
+            metadata: admin.metadata ?? {},
+            lastLoginAt: admin.lastLoginAt,
+            createdAt: admin.createdAt,
+            updatedAt: admin.updatedAt,
+        };
+    }
+};
+exports.AdminAuthController = AdminAuthController;
+tslib_1.__decorate([
+    (0, common_1.Post)('signup'),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [signup_dto_1.AdminSignupDto]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AdminAuthController.prototype, "signup", null);
+tslib_1.__decorate([
+    (0, common_1.Post)('login'),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__param(1, (0, common_1.Res)({ passthrough: true })),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [login_dto_1.AdminLoginDto, Object]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AdminAuthController.prototype, "login", null);
+tslib_1.__decorate([
+    (0, common_1.Post)('logout'),
+    (0, common_1.UseGuards)(admin_session_guard_1.AdminSessionGuard),
+    tslib_1.__param(0, (0, current_admin_decorator_1.CurrentAdmin)()),
+    tslib_1.__param(1, (0, common_1.Res)({ passthrough: true })),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [admin_user_entity_1.AdminUser, Object]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AdminAuthController.prototype, "logout", null);
+tslib_1.__decorate([
+    (0, common_1.Get)('me'),
+    (0, common_1.UseGuards)(admin_session_guard_1.AdminSessionGuard),
+    tslib_1.__param(0, (0, current_admin_decorator_1.CurrentAdmin)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [admin_user_entity_1.AdminUser]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AdminAuthController.prototype, "me", null);
+tslib_1.__decorate([
+    (0, common_1.Get)('config'),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], AdminAuthController.prototype, "publicConfig", null);
+tslib_1.__decorate([
+    (0, common_1.Get)('api/stats'),
+    (0, common_1.UseGuards)(admin_session_guard_1.AdminSessionGuard),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], AdminAuthController.prototype, "getDashboardStats", null);
+tslib_1.__decorate([
+    (0, common_1.Get)('setup-status'),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], AdminAuthController.prototype, "getSetupStatus", null);
+tslib_1.__decorate([
+    (0, common_1.Get)('admins'),
+    (0, common_1.UseGuards)(admin_session_guard_1.AdminSessionGuard),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], AdminAuthController.prototype, "listAdmins", null);
+tslib_1.__decorate([
+    (0, common_1.Post)('admins'),
+    (0, common_1.UseGuards)(admin_session_guard_1.AdminSessionGuard),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [create_dashboard_admin_dto_1.CreateDashboardAdminDto]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AdminAuthController.prototype, "createAdmin", null);
+tslib_1.__decorate([
+    (0, common_1.Patch)('admins/:id'),
+    (0, common_1.UseGuards)(admin_session_guard_1.AdminSessionGuard),
+    tslib_1.__param(0, (0, common_1.Param)('id')),
+    tslib_1.__param(1, (0, common_1.Body)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [String, create_dashboard_admin_dto_1.UpdateDashboardAdminDto]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AdminAuthController.prototype, "updateAdmin", null);
+tslib_1.__decorate([
+    (0, common_1.Delete)('admins/:id'),
+    (0, common_1.UseGuards)(admin_session_guard_1.AdminSessionGuard),
+    tslib_1.__param(0, (0, common_1.Param)('id')),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [String]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AdminAuthController.prototype, "deleteAdmin", null);
+tslib_1.__decorate([
+    (0, common_1.Post)('reset-password'),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [reset_password_dto_1.AdminResetPasswordDto]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AdminAuthController.prototype, "resetPassword", null);
+exports.AdminAuthController = AdminAuthController = tslib_1.__decorate([
+    (0, common_1.Controller)('auth/admin'),
+    tslib_1.__param(7, (0, typeorm_1.InjectRepository)(user_entity_1.NestAuthUser)),
+    tslib_1.__metadata("design:paramtypes", [admin_auth_service_1.AdminAuthService,
+        admin_session_service_1.AdminSessionService,
+        admin_console_config_service_1.AdminConsoleConfigService,
+        admin_user_service_1.AdminUserService,
+        user_service_1.UserService,
+        role_service_1.RoleService,
+        tenant_service_1.TenantService,
+        typeorm_2.Repository])
+], AdminAuthController);