npm - @ackplus/nest-auth - Versions diffs - 1.1.0 → 1.1.2 - Mend

@ackplus/nest-auth 1.1.0 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (645) hide show

package/src/lib/admin-console/controllers/admin-roles.controller.ts DELETED Viewed

@@ -1,89 +0,0 @@
-import {
-  BadRequestException,
-  Body,
-  Controller,
-  Delete,
-  Get,
-  Param,
-  Patch,
-  Post,
-  UseGuards,
-} from '@nestjs/common';
-import { AdminSessionGuard } from '../guards/admin-session.guard';
-import { RoleService } from '../../role/services/role.service';
-import { AdminCreateRoleDto, AdminUpdateRoleDto } from '../dto/admin-role.dto';
-import { NestAuthRole } from '../../role/entities/role.entity';
-import { DEFAULT_GUARD_NAME } from '../../auth.constants';
-@Controller('auth/admin/api/roles')
-@UseGuards(AdminSessionGuard)
-export class AdminRolesController {
-  constructor(private readonly roles: RoleService) { }
-  @Get()
-  async listRoles() {
-    const roles = await this.roles.getRoles({
-      order: { name: 'ASC' },
-    });
-    return {
-      data: roles.map((role) => this.toSafeRole(role)),
-    };
-  }
-  @Post()
-  async createRole(@Body() dto: AdminCreateRoleDto) {
-    const role = await this.roles.createRole(
-      dto.name,
-      dto.guard ?? DEFAULT_GUARD_NAME,
-      dto.tenantId,
-      dto.isSystem ?? false,
-      dto.permissions,
-    );
-    return { role: this.toSafeRole(role) };
-  }
-  @Patch(':id')
-  async updateRole(@Param('id') id: string, @Body() dto: AdminUpdateRoleDto) {
-    // Validate at least one field is provided
-    if (!dto.permissions && !dto.name && !dto.guard) {
-      throw new BadRequestException(
-        'At least one field must be provided for update (permissions, name, or guard)'
-      );
-    }
-    // Apply updates sequentially without overwriting results
-    if (dto.permissions) {
-      await this.roles.updateRolePermissions(id, dto.permissions);
-    }
-    if (dto.name || dto.guard) {
-      await this.roles.updateRole(id, {
-        name: dto.name,
-        guard: dto.guard,
-      } as NestAuthRole);
-    }
-    // Fetch the final updated role once
-    const role = await this.roles.getRoleById(id);
-    return { role: this.toSafeRole(role) };
-  }
-  @Delete(':id')
-  async deleteRole(@Param('id') id: string) {
-    await this.roles.deleteRole(id);
-    return { message: 'Role removed' };
-  }
-  private toSafeRole(role: NestAuthRole) {
-    return {
-      id: role.id,
-      name: role.name,
-      guard: role.guard,
-      isSystem: role.isSystem,
-      tenantId: role.tenantId,
-      permissions: role.permissions ?? [],
-      createdAt: role.createdAt,
-      updatedAt: role.updatedAt,
-    };
-  }
-}

package/src/lib/admin-console/controllers/admin-tenants.controller.ts DELETED Viewed

@@ -1,68 +0,0 @@
-import {
-  Body,
-  Controller,
-  Delete,
-  Get,
-  Param,
-  Patch,
-  Post,
-  UseGuards,
-} from '@nestjs/common';
-import { AdminSessionGuard } from '../guards/admin-session.guard';
-import { TenantService } from '../../tenant/services/tenant.service';
-import { AdminCreateTenantDto, AdminUpdateTenantDto } from '../dto/admin-tenant.dto';
-import { NestAuthTenant } from '../../tenant/entities/tenant.entity';
-@Controller('auth/admin/api/tenants')
-@UseGuards(AdminSessionGuard)
-export class AdminTenantsController {
-  constructor(private readonly tenants: TenantService) { }
-  @Get()
-  async listTenants() {
-    const tenants = await this.tenants.getTenants({ order: { createdAt: 'DESC' } });
-    return {
-      data: tenants.map((tenant) => this.toSafeTenant(tenant)),
-    };
-  }
-  @Post()
-  async createTenant(@Body() dto: AdminCreateTenantDto) {
-    const tenant = await this.tenants.createTenant({
-      name: dto.name,
-      slug: dto.slug,
-      description: dto.description,
-      metadata: dto.metadata ?? {},
-    });
-    return { tenant: this.toSafeTenant(tenant) };
-  }
-  @Patch(':id')
-  async updateTenant(@Param('id') id: string, @Body() dto: AdminUpdateTenantDto) {
-    const tenant = await this.tenants.updateTenant(id, {
-      name: dto.name,
-      slug: dto.slug,
-      description: dto.description,
-      metadata: dto.metadata ?? {},
-    });
-    return { tenant: this.toSafeTenant(tenant) };
-  }
-  @Delete(':id')
-  async deleteTenant(@Param('id') id: string) {
-    await this.tenants.deleteTenant(id);
-    return { message: 'Tenant removed' };
-  }
-  private toSafeTenant(tenant: NestAuthTenant) {
-    return {
-      id: tenant.id,
-      name: tenant.name,
-      slug: tenant.slug,
-      description: tenant.description,
-      metadata: tenant.metadata ?? {},
-      createdAt: tenant.createdAt,
-      updatedAt: tenant.updatedAt,
-    };
-  }
-}

package/src/lib/admin-console/controllers/admin-users.controller.ts DELETED Viewed

@@ -1,379 +0,0 @@
-import {
-  Body,
-  Controller,
-  Delete,
-  Get,
-  Param,
-  Patch,
-  Post,
-  Query,
-  UseGuards,
-} from '@nestjs/common';
-import { NotFoundException } from '@nestjs/common';
-import { InjectRepository } from '@nestjs/typeorm';
-import { Repository } from 'typeorm';
-import { AdminSessionGuard } from '../guards/admin-session.guard';
-import { AdminCreateUserDto, AdminUpdateUserDto } from '../dto/admin-user.dto';
-import { UserService } from '../../user/services/user.service';
-import { TenantService } from '../../tenant/services/tenant.service';
-import { NestAuthUser } from '../../user/entities/user.entity';
-import { NestAuthMFASecret } from '../../auth/entities/mfa-secret.entity';
-import { DEFAULT_GUARD_NAME, EMAIL_AUTH_PROVIDER, PHONE_AUTH_PROVIDER } from '../../auth.constants';
-import { FindOptionsWhere, Like } from 'typeorm';
-import { MfaService } from '../../auth/services/mfa.service';
-import { SessionManagerService } from '../../session/services/session-manager.service';
-import { NestAuthSession } from '../../session/entities/session.entity';
-@Controller('auth/admin/api/users')
-@UseGuards(AdminSessionGuard)
-export class AdminUsersController {
-  constructor(
-    private readonly users: UserService,
-    private readonly tenantService: TenantService,
-    private readonly mfaService: MfaService,
-    private readonly sessionManager: SessionManagerService,
-    @InjectRepository(NestAuthMFASecret)
-    private readonly mfaSecretRepository: Repository<NestAuthMFASecret>,
-  ) { }
-  private async ensureUserExists(id: string): Promise<NestAuthUser> {
-    const user = await this.users.getUserById(id);
-    if (!user) {
-      throw new NotFoundException('User not found');
-    }
-    return user;
-  }
-  private toSessionResponse(session: NestAuthSession) {
-    return {
-      id: session.id,
-      deviceName: session.deviceName || 'Unknown device',
-      userAgent: session.userAgent,
-      ipAddress: session.ipAddress,
-      lastActive: session.lastActive,
-      createdAt: session.createdAt,
-      expiresAt: session.expiresAt,
-    };
-  }
-  private buildStatusFilter(status?: string): Partial<FindOptionsWhere<NestAuthUser>> {
-    if (!status) return {};
-    switch (status) {
-      case 'active':
-        return { isActive: true };
-      case 'inactive':
-        return { isActive: false };
-      case 'verified':
-        return { isVerified: true };
-      case 'unverified':
-        return { isVerified: false };
-      default:
-        return {};
-    }
-  }
-  private escapeLikePattern(value: string): string {
-    return value.replace(/[%_\\]/g, '\\$&');
-  }
-  @Get()
-  async listUsers(
-    @Query('page') page?: string,
-    @Query('limit') limit?: string,
-    @Query('search') search?: string,
-    @Query('status') status?: string,
-  ) {
-    // Validate and sanitize pagination parameters
-    let pageNum = parseInt(page || '1', 10);
-    let limitNum = parseInt(limit || '10', 10);
-    // Ensure page is at least 1
-    if (isNaN(pageNum) || pageNum < 1) {
-      pageNum = 1;
-    }
-    // Ensure limit is positive and capped at 100
-    if (isNaN(limitNum) || limitNum <= 0) {
-      limitNum = 10;
-    }
-    if (limitNum > 100) {
-      limitNum = 100;
-    }
-    const skip = (pageNum - 1) * limitNum;
-    // Build where clause with proper TypeORM typing
-    let where: FindOptionsWhere<NestAuthUser>[] | FindOptionsWhere<NestAuthUser> = {};
-    // Apply search filter with proper OR conditions using array syntax
-    if (search && search.trim()) {
-      const escapedSearch = this.escapeLikePattern(search.trim());
-      const searchPattern = `%${escapedSearch}%`;
-      // Base status filter if present
-      const baseFilter: FindOptionsWhere<NestAuthUser> = {
-        ...this.buildStatusFilter(status),
-      };
-      // Create OR conditions for search
-      where = [
-        { ...baseFilter, email: Like(searchPattern) },
-        { ...baseFilter, phone: Like(searchPattern) },
-        { ...baseFilter, tenantId: Like(searchPattern) },
-      ];
-    } else {
-      // Apply status filter without search
-      Object.assign(where as FindOptionsWhere<NestAuthUser>, this.buildStatusFilter(status));
-    }
-    // Get users and total count in a single query
-    const [users, total] = await this.users.getUsersAndCount({
-      where,
-      relations: ['roles'],
-      order: { createdAt: 'DESC' },
-      skip,
-      take: limitNum,
-    });
-    return {
-      data: users.map((user) => this.toSafeUser(user)),
-      meta: {
-        page: pageNum,
-        limit: limitNum,
-        total,
-        totalPages: Math.ceil(total / limitNum),
-      },
-    };
-  }
-  @Post()
-  async createUser(@Body() dto: AdminCreateUserDto) {
-    const tenantId = await this.tenantService.resolveTenantId(dto.tenantId);
-    const user = await this.users.createUser({
-      email: dto.email,
-      phone: dto.phone,
-      tenantId,
-      metadata: dto.metadata ?? {},
-      isActive: dto.isActive ?? true,
-      isVerified: dto.isVerified ?? false,
-    });
-    if (dto.password) {
-      await user.setPassword(dto.password);
-      await user.save();
-    }
-    if (dto.roles?.length) {
-      await user.assignRoles(dto.roles, DEFAULT_GUARD_NAME);
-      await user.save();
-    }
-    return { user: this.toSafeUser(user) };
-  }
-  @Get(':id')
-  async getUser(@Param('id') id: string) {
-    const user = await this.users.getUserById(id, {
-      relations: ['roles', 'mfaSecrets', 'identities']
-    });
-    if (!user) {
-      throw new NotFoundException('User not found');
-    }
-    const availableMethods = this.mfaService.getAvailableMethods();
-    const [enabledMethods, sessions] = await Promise.all([
-      this.mfaService.getEnabledMethods(user.id),
-      this.sessionManager.getUserSessions(user.id),
-    ]);
-    const sortedSessions = sessions
-      .sort((a, b) => {
-        const aTime = a.lastActive?.getTime() ?? a.updatedAt?.getTime() ?? 0;
-        const bTime = b.lastActive?.getTime() ?? b.updatedAt?.getTime() ?? 0;
-        return bTime - aTime;
-      })
-      .map((session) => this.toSessionResponse(session));
-    return {
-      user: this.toSafeUser(user),
-      loginMethods: {
-        emailEnabled: !!user.email && !!user.emailVerifiedAt,
-        phoneEnabled: !!user.phone && !!user.phoneVerifiedAt,
-        hasPassword: !!user.passwordHash,
-      },
-      mfa: {
-        isEnabled: user.isMfaEnabled,
-        allowUserToggle: this.mfaService.mfaConfig?.allowUserToggle ?? false,
-        availableMethods,
-        enabledMethods,
-        hasRecoveryCode: !!user.mfaRecoveryCode,
-        totpDevices: user.mfaSecrets?.map((device) => ({
-          id: device.id,
-          deviceName: device.deviceName || 'Authenticator',
-          verified: device.verified,
-          lastUsedAt: device.lastUsedAt,
-          createdAt: device.createdAt,
-        })) || [],
-      },
-      sessions: sortedSessions,
-    };
-  }
-  @Patch(':id')
-  async updateUser(@Param('id') id: string, @Body() dto: AdminUpdateUserDto) {
-    let user = await this.users.getUserById(id, { relations: ['roles', 'identities'] });
-    if (!user) {
-      throw new NotFoundException('User not found');
-    }
-    // Apply basic field updates if provided
-    if (dto.isActive !== undefined || dto.isVerified !== undefined || dto.metadata !== undefined ||
-      dto.isMfaEnabled !== undefined) {
-      const updates: Partial<NestAuthUser> = {};
-      if (dto.isActive !== undefined) updates.isActive = dto.isActive;
-      if (dto.isVerified !== undefined) updates.isVerified = dto.isVerified;
-      if (dto.metadata !== undefined) updates.metadata = dto.metadata;
-      if (dto.isMfaEnabled !== undefined) updates.isMfaEnabled = dto.isMfaEnabled;
-      user = await this.users.updateUser(id, updates);
-    }
-    // Enable/disable email login
-    if (dto.emailLoginEnabled !== undefined) {
-      if (dto.emailLoginEnabled) {
-        if (!user.email) {
-          throw new NotFoundException('User has no email address');
-        }
-        user.emailVerifiedAt = user.emailVerifiedAt || new Date();
-        // Ensure identity exists
-        await user.findOrCreateIdentity(EMAIL_AUTH_PROVIDER, user.email);
-      } else {
-        user.emailVerifiedAt = null;
-        // Remove email identity if exists
-        const emailIdentity = user.identities?.find(i => i.provider === EMAIL_AUTH_PROVIDER);
-        if (emailIdentity) {
-          await emailIdentity.remove();
-        }
-      }
-    }
-    // Enable/disable phone login
-    if (dto.phoneLoginEnabled !== undefined) {
-      if (dto.phoneLoginEnabled) {
-        if (!user.phone) {
-          throw new NotFoundException('User has no phone number');
-        }
-        user.phoneVerifiedAt = user.phoneVerifiedAt || new Date();
-        // Ensure identity exists
-        await user.findOrCreateIdentity(PHONE_AUTH_PROVIDER, user.phone);
-      } else {
-        user.phoneVerifiedAt = null;
-        // Remove phone identity if exists
-        const phoneIdentity = user.identities?.find(i => i.provider === PHONE_AUTH_PROVIDER);
-        if (phoneIdentity) {
-          await phoneIdentity.remove();
-        }
-      }
-    }
-    // Apply password change in-memory
-    if (dto.password) {
-      await user.setPassword(dto.password);
-    }
-    // Apply role changes in-memory
-    if (dto.roles) {
-      await user.assignRoles(dto.roles, DEFAULT_GUARD_NAME);
-    }
-    // Save all changes
-    await user.save();
-    return { user: this.toSafeUser(user) };
-  }
-  @Delete(':id/totp-devices/:deviceId')
-  async deleteTotpDevice(@Param('id') id: string, @Param('deviceId') deviceId: string) {
-    const user = await this.users.getUserById(id);
-    if (!user) {
-      throw new NotFoundException('User not found');
-    }
-    const device = await this.mfaSecretRepository.findOne({
-      where: { id: deviceId, userId: user.id },
-    });
-    if (!device) {
-      throw new NotFoundException('TOTP device not found');
-    }
-    await this.mfaSecretRepository.remove(device);
-    return { message: 'TOTP device deleted successfully' };
-  }
-  @Get(':id/sessions')
-  async listSessions(@Param('id') id: string) {
-    const user = await this.ensureUserExists(id);
-    const sessions = await this.sessionManager.getUserSessions(user.id);
-    return {
-      data: sessions
-        .sort((a, b) => {
-          const aTime = a.lastActive?.getTime() ?? a.updatedAt?.getTime() ?? 0;
-          const bTime = b.lastActive?.getTime() ?? b.updatedAt?.getTime() ?? 0;
-          return bTime - aTime;
-        })
-        .map((session) => this.toSessionResponse(session)),
-    };
-  }
-  @Delete(':id/sessions/:sessionId')
-  async revokeSession(@Param('id') id: string, @Param('sessionId') sessionId: string) {
-    const user = await this.ensureUserExists(id);
-    try {
-      const session = await this.sessionManager.getSession(sessionId, false);
-      if (session.userId !== user.id) {
-        throw new NotFoundException('Session not found for this user');
-      }
-    } catch {
-      throw new NotFoundException('Session not found for this user');
-    }
-    await this.sessionManager.revokeSession(sessionId);
-    return { message: 'Session revoked successfully' };
-  }
-  @Delete(':id/sessions')
-  async revokeAllSessions(@Param('id') id: string) {
-    const user = await this.ensureUserExists(id);
-    await this.sessionManager.revokeAllUserSessions(user.id);
-    return { message: 'All sessions revoked successfully' };
-  }
-  @Delete(':id')
-  async deleteUser(@Param('id') id: string) {
-    await this.users.deleteUser(id);
-    return { message: 'User removed' };
-  }
-  private toSafeUser(user: NestAuthUser | null) {
-    if (!user) {
-      return null;
-    }
-    return {
-      id: user.id,
-      email: user.email,
-      phone: user.phone,
-      tenantId: user.tenantId,
-      isActive: user.isActive,
-      isVerified: user.isVerified,
-      metadata: user.metadata ?? {},
-      roles: user.roles?.map((role) => role.name) ?? [],
-      createdAt: user.createdAt,
-      updatedAt: user.updatedAt,
-      emailVerifiedAt: user.emailVerifiedAt,
-      phoneVerifiedAt: user.phoneVerifiedAt,
-      isMfaEnabled: user.isMfaEnabled,
-    };
-  }
-}

package/src/lib/admin-console/decorators/current-admin.decorator.ts DELETED Viewed

@@ -1,9 +0,0 @@
-import { createParamDecorator, ExecutionContext } from '@nestjs/common';
-import { AdminUser } from '../entities/admin-user.entity';
-export const CurrentAdmin = createParamDecorator(
-  (data: unknown, context: ExecutionContext): AdminUser | undefined => {
-    const request = context.switchToHttp().getRequest();
-    return request.adminUser as AdminUser | undefined;
-  },
-);

package/src/lib/admin-console/dto/admin-permission.dto.ts DELETED Viewed

@@ -1,106 +0,0 @@
-import { IsString, IsNotEmpty, IsOptional, IsObject, MaxLength, MinLength } from 'class-validator';
-import { ApiProperty } from '@nestjs/swagger';
-export class AdminCreatePermissionDto {
-    @ApiProperty({
-        description: 'Permission name (must be unique per guard)',
-        example: 'users.create',
-        minLength: 1,
-        maxLength: 255,
-    })
-    @IsString()
-    @IsNotEmpty()
-    @MinLength(1)
-    @MaxLength(255)
-    name: string;
-    @ApiProperty({
-        description: 'Guard name (defaults to "web" if not provided)',
-        required: false,
-        example: 'web',
-    })
-    @IsOptional()
-    @IsString()
-    guard?: string;
-    @ApiProperty({
-        description: 'Optional description of what this permission allows',
-        required: false,
-        example: 'Allows creating new user accounts',
-    })
-    @IsOptional()
-    @IsString()
-    description?: string;
-    @ApiProperty({
-        description: 'Optional category to group permissions (e.g., "users", "posts", "admin")',
-        required: false,
-        example: 'users',
-    })
-    @IsOptional()
-    @IsString()
-    category?: string;
-    @ApiProperty({
-        description: 'Optional metadata for additional permission information',
-        required: false,
-        example: { level: 'write', resource: 'users' },
-    })
-    @IsOptional()
-    @IsObject()
-    metadata?: Record<string, any>;
-}
-export class AdminUpdatePermissionDto {
-    @ApiProperty({
-        description: 'Permission name (must be unique per guard if changed). If changed, can optionally update in all roles.',
-        required: false,
-        example: 'users.create',
-    })
-    @IsOptional()
-    @IsString()
-    @MinLength(1)
-    @MaxLength(255)
-    name?: string;
-    @ApiProperty({
-        description: 'Guard name',
-        required: false,
-        example: 'web',
-    })
-    @IsOptional()
-    @IsString()
-    guard?: string;
-    @ApiProperty({
-        description: 'Whether to update permission name in all roles that use it (only if name is being changed)',
-        required: false,
-        default: false,
-    })
-    @IsOptional()
-    updateInRoles?: boolean;
-    @ApiProperty({
-        description: 'Optional description of what this permission allows',
-        required: false,
-    })
-    @IsOptional()
-    @IsString()
-    description?: string;
-    @ApiProperty({
-        description: 'Optional category to group permissions',
-        required: false,
-    })
-    @IsOptional()
-    @IsString()
-    category?: string;
-    @ApiProperty({
-        description: 'Optional metadata',
-        required: false,
-    })
-    @IsOptional()
-    @IsObject()
-    metadata?: Record<string, any>;
-}

package/src/lib/admin-console/dto/admin-role.dto.ts DELETED Viewed

@@ -1,45 +0,0 @@
-import {
-  IsArray,
-  IsBoolean,
-  IsNotEmpty,
-  IsOptional,
-  IsString,
-} from 'class-validator';
-export class AdminCreateRoleDto {
-  @IsString()
-  @IsNotEmpty()
-  name: string;
-  @IsString()
-  @IsNotEmpty()
-  guard: string;
-  @IsOptional()
-  @IsString()
-  tenantId?: string;
-  @IsOptional()
-  @IsBoolean()
-  isSystem?: boolean;
-  @IsOptional()
-  @IsArray()
-  @IsString({ each: true })
-  permissions?: string[];
-}
-export class AdminUpdateRoleDto {
-  @IsOptional()
-  @IsString()
-  name?: string;
-  @IsOptional()
-  @IsString()
-  guard?: string;
-  @IsOptional()
-  @IsArray()
-  @IsString({ each: true })
-  permissions?: string[];
-}