npm - @ackplus/nest-auth - Versions diffs - 1.1.0 → 1.1.2 - Mend

@ackplus/nest-auth 1.1.0 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (645) hide show

package/src/lib/core/services/auth-config.service.ts DELETED Viewed

@@ -1,184 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import { randomBytes } from 'crypto';
-import { AuthModuleOptions } from '../interfaces/auth-module-options.interface';
-import { SessionStorageType } from '../interfaces/session-options.interface';
-import { MFAMethodEnum } from '../interfaces/mfa-options.interface';
-@Injectable()
-export class AuthConfigService {
-    private static instance: AuthConfigService;
-    private static options: AuthModuleOptions;
-    /**
-     * Default configuration options for NestAuth module
-     * This is the single source of truth for default values
-     */
-    private static defaultOptions: AuthModuleOptions = {
-        isGlobal: true,
-        appName: 'Nest Auth',
-        passwordResetOtpExpiresIn: '15m',
-        passwordResetTokenExpiresIn: '1h',
-        session: {
-            storageType: SessionStorageType.DATABASE,
-            sessionExpiry: '1h',
-            refreshTokenExpiry: '30d',
-        },
-        jwt: {
-            secret: 'secret',
-        },
-        accessTokenType: 'header',
-        cookieOptions: {
-            httpOnly: true,
-            secure: false,
-        },
-        emailAuth: {
-            enabled: true,
-        },
-        mfa: {
-            enabled: false,
-            methods: [MFAMethodEnum.EMAIL, MFAMethodEnum.TOTP],
-            allowUserToggle: true,
-            allowMethodSelection: true,
-            otpLength: 6,
-            otpExpiresIn: '15m',
-        },
-        defaultTenant: undefined, // No default tenant by default
-        adminConsole: {
-            enabled: true,
-            basePath: '/api/auth/admin',
-            sessionCookieName: 'nest_auth_admin',
-            sessionDuration: '2h',
-            allowAdminManagement: true,
-            cookie: {
-                httpOnly: true,
-                secure: false,
-                sameSite: 'lax' as const,
-            },
-        },
-        debug: {
-            enabled: false,
-            level: 'verbose' as any,
-            prefix: '[NestAuth]',
-            includeTimestamp: true,
-            includeContext: true
-        }
-    };
-    constructor() {
-        if (!AuthConfigService.instance) {
-            AuthConfigService.instance = this;
-        }
-        return AuthConfigService.instance;
-    }
-    static getInstance(): AuthConfigService {
-        if (!AuthConfigService.instance) {
-            AuthConfigService.instance = new AuthConfigService();
-        }
-        return AuthConfigService.instance;
-    }
-    /**
-     * Generates a secure random key using cryptographically strong random bytes.
-     * Used as fallback when no key is explicitly configured.
-     */
-    private static generateRandomKey(length: number = 32): string {
-        return randomBytes(length).toString('base64');
-    }
-    /**
-     * Resolves the Nest Auth Admin Console Secret Key from configuration.
-     * This key is used for:
-     * - Signing admin dashboard sessions
-     * - Admin console security operations (admin creation, password reset, etc.)
-     *
-     * Priority:
-     * 1. Explicitly configured key (adminConsole.secretKey)
-     * 2. Auto-generated random key (for development only, with warning)
-     * 3. undefined (if generation is disabled)
-     */
-    private static resolveSecretKey(options: AuthModuleOptions): string | undefined {
-        // Check explicit configuration first
-        const adminConsoleKey = options.adminConsole?.secretKey;
-        if (adminConsoleKey) {
-            return adminConsoleKey;
-        }
-        // Auto-generate for development (only if NODE_ENV is not production)
-        if (process.env.NODE_ENV !== 'production') {
-            const generatedKey = this.generateRandomKey(32);
-            console.warn(
-                '[NestAuth] Warning: adminConsole.secretKey not configured. ' +
-                `Auto-generated key for development: ${generatedKey.slice(0, 20)}...\n` +
-                '⚠️  This key will change on each restart. Configure adminConsole.secretKey in your AuthModuleOptions!'
-            );
-            return generatedKey;
-        }
-        return undefined;
-    }
-    static setOptions(options: AuthModuleOptions): void {
-        const deepmerge = require('deepmerge');
-        const mergedOptions = deepmerge(this.defaultOptions, options);
-        // Ensure adminConsole exists
-        if (!mergedOptions.adminConsole) {
-            mergedOptions.adminConsole = {};
-        }
-        // Resolve and set secret key from configuration
-        // This key is used for both session signing and security operations
-        // After this, all code should use the config object
-        if (!mergedOptions.adminConsole.secretKey) {
-            const secretKey = this.resolveSecretKey(mergedOptions);
-            if (secretKey) {
-                mergedOptions.adminConsole.secretKey = secretKey;
-            }
-        }
-        this.options = mergedOptions;
-        // Validate admin console configuration
-        this.validateAdminConsoleOptions(this.options);
-    }
-    /**
-     * Validates admin console configuration options
-     */
-    private static validateAdminConsoleOptions(options: AuthModuleOptions): void {
-        if (options.adminConsole?.enabled !== false && options.adminConsole?.secretKey) {
-            const secretKey = options.adminConsole.secretKey;
-            const weakSecrets = ['change-me-admin-secret', 'default', 'secret', ''];
-            // Only validate if it's not auto-generated (auto-generated keys are base64, typically 44 chars)
-            if (weakSecrets.includes(secretKey)) {
-                throw new Error(
-                    'Admin console requires a secure secretKey. ' +
-                    'Please set adminConsole.secretKey in your AuthModuleOptions (e.g., secretKey: process.env.ADMIN_CONSOLE_SESSION_SECRET) ' +
-                    'with a 32+ byte random value. Store it securely in environment variables or a secrets manager. ' +
-                    'Weak or default values are not allowed for security reasons. Rotate keys regularly.'
-                );
-            }
-        }
-    }
-    static getOptions(): AuthModuleOptions {
-        if (!this.options) {
-            this.options = { ...this.defaultOptions };
-        }
-        return this.options;
-    }
-    static getDefaultOptions(): AuthModuleOptions {
-        return { ...this.defaultOptions };
-    }
-    getConfig(): AuthModuleOptions {
-        return AuthConfigService.getOptions();
-    }
-    setConfig(options: AuthModuleOptions): void {
-        AuthConfigService.setOptions(options);
-    }
-}

package/src/lib/core/services/auth-provider-registry.service.ts DELETED Viewed

@@ -1,93 +0,0 @@
-import { Injectable, Inject } from '@nestjs/common';
-import { BaseAuthProvider } from '../providers/base-auth.provider';
-import { EmailAuthProvider } from '../providers/email-auth.provider';
-import { PhoneAuthProvider } from '../providers/phone-auth.provider';
-import { AppleAuthProvider } from '../providers/apple-auth.provider';
-import { GoogleAuthProvider } from '../providers/google-auth.provider';
-import { JwtAuthProvider } from '../providers/jwt-auth.provider';
-import { FacebookAuthProvider } from '../providers/facebook-auth.provider';
-import { GitHubAuthProvider } from '../providers/github-auth.provider';
-import { AuthModuleOptions } from '../interfaces/auth-module-options.interface';
-import { AuthConfigService } from './auth-config.service';
-@Injectable()
-export class AuthProviderRegistryService {
-    private providers: Map<string, BaseAuthProvider> = new Map();
-    private options: AuthModuleOptions;
-    constructor(
-        private readonly emailAuthProvider: EmailAuthProvider,
-        private readonly phoneAuthProvider: PhoneAuthProvider,
-        private readonly jwtAuthProvider: JwtAuthProvider,
-        private readonly googleAuthProvider: GoogleAuthProvider,
-        private readonly facebookAuthProvider: FacebookAuthProvider,
-        private readonly appleAuthProvider: AppleAuthProvider,
-        private readonly githubAuthProvider: GitHubAuthProvider,
-    ) {
-        this.options = AuthConfigService.getOptions();
-        this.registerDefaultProviders();
-    }
-    registerDefaultProviders() {
-        if (this.options.emailAuth?.enabled) {
-            this.registerProvider(this.emailAuthProvider);
-        }
-        if (this.options.phoneAuth?.enabled) {
-            this.registerProvider(this.phoneAuthProvider);
-        }
-        if (this.options.jwt) {
-            this.registerProvider(this.jwtAuthProvider);
-        }
-        if (this.options.google) {
-            this.registerProvider(this.googleAuthProvider);
-        }
-        if (this.options.facebook) {
-            this.registerProvider(this.facebookAuthProvider);
-        }
-        if (this.options.apple) {
-            this.registerProvider(this.appleAuthProvider);
-        }
-        if (this.options.github) {
-            this.registerProvider(this.githubAuthProvider);
-        }
-    }
-    /**
-     * Register a provider
-     */
-    registerProvider(provider: BaseAuthProvider): void {
-        this.providers.set(provider.providerName, provider);
-    }
-    /**
-     * Get a provider by ID
-     */
-    getProvider(providerName: string): BaseAuthProvider | undefined {
-        return this.providers.get(providerName);
-    }
-    /**
-     * Get all registered providers
-     */
-    getAllProviders(): BaseAuthProvider[] {
-        return Array.from(this.providers.values());
-    }
-    /**
-     * Get all enabled providers
-     */
-    getEnabledProviders(): BaseAuthProvider[] {
-        return this.getAllProviders().filter(provider =>
-            'enabled' in provider ? provider.enabled : true
-        );
-    }
-    /**
-     * Check if a provider is registered
-     */
-    hasProvider(providerName: string): boolean {
-        return this.providers.has(providerName);
-    }
-}

package/src/lib/core/services/initialization.service.ts DELETED Viewed

@@ -1,29 +0,0 @@
-import { Injectable, OnModuleInit } from '@nestjs/common';
-import { TenantService } from '../../tenant/services/tenant.service';
-import { AuthConfigService } from './auth-config.service';
-@Injectable()
-export class InitializationService implements OnModuleInit {
-    constructor(
-        private readonly tenantService: TenantService,
-        private readonly authConfig: AuthConfigService,
-    ) { }
-    async onModuleInit() {
-        // Initialize default tenant if configured
-        await this.initializeDefaultTenant();
-    }
-    private async initializeDefaultTenant(): Promise<void> {
-        try {
-            const config = this.authConfig.getConfig();
-            if (config.defaultTenant) {
-                await this.tenantService.initializeDefaultTenant();
-            }
-        } catch (error) {
-            // Log the error but don't fail module initialization
-            console.error('Failed to initialize default tenant:', error);
-        }
-    }
-}

package/src/lib/core/services/jwt.service.ts DELETED Viewed

@@ -1,137 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import jwt from 'jsonwebtoken';
-import { AuthModuleOptions } from '../../core/interfaces/auth-module-options.interface';
-import { JWTTokenPayload } from '../../core/interfaces/token-payload.interface';
-import ms from 'ms';
-import { AuthConfigService } from './auth-config.service';
-@Injectable()
-export class JwtService {
-    private options: AuthModuleOptions;
-    constructor() {
-        this.options = AuthConfigService.getOptions();
-    }
-    async generateAccessToken(payload: Partial<JWTTokenPayload>): Promise<string> {
-        return new Promise((resolve, reject) => {
-            jwt.sign(
-                {
-                    ...payload,
-                    type: 'access',
-                    exp: Math.floor(Date.now() / 1000) + ms(this.options.session.sessionExpiry),
-                    iat: Math.floor(Date.now() / 1000),
-                },
-                this.options.jwt.secret,
-                (err, token) => {
-                    if (err) reject(err);
-                    else resolve(token);
-                },
-            );
-        });
-    }
-    async generateRefreshToken(payload: Partial<JWTTokenPayload>): Promise<string> {
-        return new Promise((resolve, reject) => {
-            jwt.sign(
-                {
-                    ...payload,
-                    type: 'refresh',
-                    exp: Math.floor(Date.now() / 1000) + ms(this.options.session.refreshTokenExpiry),
-                    iat: Math.floor(Date.now() / 1000),
-                },
-                this.options.jwt.secret,
-                (err, token) => {
-                    if (err) reject(err);
-                    else resolve(token);
-                },
-            );
-        });
-    }
-    async verifyToken(token: string): Promise<JWTTokenPayload> {
-        return new Promise((resolve, reject) => {
-            jwt.verify(
-                token,
-                this.options.jwt.secret,
-                (err, decoded) => {
-                    if (err) reject(err);
-                    else resolve(decoded as JWTTokenPayload);
-                },
-            );
-        });
-    }
-    async generateTokens(payload: Partial<JWTTokenPayload>): Promise<{
-        accessToken: string;
-        refreshToken: string;
-    }> {
-        const [accessToken, refreshToken] = await Promise.all([
-            this.generateAccessToken(payload),
-            this.generateRefreshToken(payload),
-        ]);
-        return {
-            accessToken,
-            refreshToken,
-        };
-    }
-    updateToken(token: string, payload: Partial<JWTTokenPayload>): Promise<string> {
-        return new Promise((resolve, reject) => {
-            const decoded = this.decodeToken(token);
-            if (!decoded) reject(new Error('Invalid token'));
-            else {
-                jwt.sign({ ...decoded, ...payload }, this.options.jwt.secret, { expiresIn: this.options.session.sessionExpiry }, (err, token) => {
-                    if (err) reject(err);
-                    else resolve(token);
-                });
-            }
-        });
-    }
-    decodeToken(token: string): JWTTokenPayload | null {
-        try {
-            return jwt.decode(token) as JWTTokenPayload;
-        } catch (error) {
-            return null;
-        }
-    }
-    getConfig(): AuthModuleOptions {
-        return this.options;
-    }
-    async generatePasswordResetToken(payload: { userId: string; passwordHashPrefix: string; type: string }): Promise<string> {
-        return new Promise((resolve, reject) => {
-            const expiresIn = this.options.passwordResetTokenExpiresIn || '1h';
-            jwt.sign(
-                {
-                    ...payload,
-                    exp: Math.floor(Date.now() / 1000) + ms(expiresIn),
-                    iat: Math.floor(Date.now() / 1000),
-                },
-                this.options.jwt.secret,
-                (err, token) => {
-                    if (err) reject(err);
-                    else resolve(token);
-                },
-            );
-        });
-    }
-    async verifyPasswordResetToken(token: string): Promise<any> {
-        return new Promise((resolve, reject) => {
-            jwt.verify(
-                token,
-                this.options.jwt.secret,
-                (err, decoded) => {
-                    if (err) reject(err);
-                    else resolve(decoded);
-                },
-            );
-        });
-    }
-}

package/src/lib/nest-auth.module.ts DELETED Viewed

@@ -1,152 +0,0 @@
-import { Module, DynamicModule, MiddlewareConsumer, Provider } from '@nestjs/common';
-import { APP_INTERCEPTOR } from '@nestjs/core';
-import { AuthModuleAsyncOptions, AuthModuleOptions, AuthModuleOptionsFactory } from './core/interfaces/auth-module-options.interface';
-import { EventEmitterModule } from '@nestjs/event-emitter';
-import { RequestContextMiddleware } from './request-context/request-context.middleware';
-import { AuthModule } from './auth/auth.module';
-import { UserModule } from './user/user.module';
-import { RoleModule } from './role/role.module';
-import { SessionModule } from './session/session.module';
-import { TenantModule } from './tenant/tenant.module';
-import { CoreModule } from './core/core.module';
-import { AuthConfigService } from './core/services/auth-config.service';
-import { RefreshTokenInterceptor } from './auth/interceptors/refresh-token.interceptor';
-import { NEST_AUTH_ASYNC_OPTIONS_PROVIDER } from './auth.constants';
-import { AdminConsoleModule } from './admin-console/admin-console.module';
-@Module({})
-export class NestAuthModule {
-  static forRoot(options: AuthModuleOptions): DynamicModule {
-    const mergedOptions = this.getOptions(options);
-    // Set options in static service
-    AuthConfigService.setOptions(mergedOptions);
-    // Conditionally add refresh token interceptor (enabled by default)
-    const providers: Provider[] = [];
-    if (mergedOptions.enableAutoRefresh !== false) {
-      providers.push({
-        provide: APP_INTERCEPTOR,
-        useClass: RefreshTokenInterceptor,
-      });
-    }
-    return {
-      module: NestAuthModule,
-      global: mergedOptions.isGlobal,
-      imports: [
-        EventEmitterModule,
-        CoreModule,
-        AuthModule,
-        TenantModule,
-        UserModule,
-        RoleModule,
-        SessionModule,
-        AdminConsoleModule,
-      ],
-      providers,
-      exports: [
-        CoreModule,
-        AuthModule,
-        TenantModule,
-        UserModule,
-        RoleModule,
-        SessionModule,
-        AdminConsoleModule,
-      ],
-    };
-  }
-  static forRootAsync(options: AuthModuleAsyncOptions): DynamicModule {
-    const asyncProviders = this.createAsyncProviders(options);
-    // Add refresh token interceptor provider (enabled by default)
-    const providers: Provider[] = [...asyncProviders];
-    if (options.enableAutoRefresh !== false) {
-      providers.push({
-        provide: APP_INTERCEPTOR,
-        useClass: RefreshTokenInterceptor,
-      });
-    }
-    return {
-      module: NestAuthModule,
-      global: options.isGlobal,
-      imports: [
-        EventEmitterModule,
-        CoreModule,
-        AuthModule,
-        TenantModule,
-        UserModule,
-        RoleModule,
-        SessionModule,
-        ...(options.imports || []),
-      ],
-      providers,
-      exports: [
-        CoreModule,
-        AuthModule,
-        TenantModule,
-        UserModule,
-        RoleModule,
-        SessionModule,
-      ],
-    };
-  }
-  private static createAsyncProviders(options: AuthModuleAsyncOptions): Provider[] {
-    if (options.useExisting || options.useFactory) {
-      return [this.createAsyncOptionsProvider(options)];
-    }
-    if (options.useClass) {
-      return [
-        this.createAsyncOptionsProvider(options),
-        {
-          provide: options.useClass,
-          useClass: options.useClass,
-        },
-      ];
-    }
-    return [];
-  }
-  private static createAsyncOptionsProvider(options: AuthModuleAsyncOptions): Provider {
-    if (options.useFactory) {
-      return {
-        provide: NEST_AUTH_ASYNC_OPTIONS_PROVIDER,
-        useFactory: async (...args: any[]) => {
-          const userOptions = await options.useFactory(...args);
-          const mergedOptions = this.getOptions(userOptions);
-          AuthConfigService.setOptions(mergedOptions);
-          return mergedOptions;
-        },
-        inject: options.inject || [],
-      };
-    }
-    return {
-      provide: NEST_AUTH_ASYNC_OPTIONS_PROVIDER,
-      useFactory: async (optionsFactory: AuthModuleOptionsFactory) => {
-        const userOptions = await optionsFactory.createAuthModuleOptions();
-        const mergedOptions = this.getOptions(userOptions);
-        AuthConfigService.setOptions(mergedOptions);
-        return mergedOptions;
-      },
-      inject: [options.useExisting || options.useClass!],
-    };
-  }
-  private static getOptions(options: AuthModuleOptions): AuthModuleOptions {
-    const deepmerge = require('deepmerge');
-    // Use default options from AuthConfigService - single source of truth
-    const defaultOptions = AuthConfigService.getDefaultOptions();
-    return deepmerge(defaultOptions, options);
-  }
-  configure(consumer: MiddlewareConsumer) {
-    consumer.apply(RequestContextMiddleware).forRoutes('auth/*');
-  }
-}

package/src/lib/permission/entities/permission.entity.ts DELETED Viewed

@@ -1,56 +0,0 @@
-import {
-    Entity,
-    PrimaryGeneratedColumn,
-    Column,
-    CreateDateColumn,
-    UpdateDateColumn,
-    BaseEntity,
-    Index,
-    Unique,
-} from 'typeorm';
-import { DEFAULT_GUARD_NAME } from '../../auth.constants';
-/**
- * Permission Registry Entity
- *
- * This table acts as a registry/suggestions list for permissions.
- * Roles store permission names as JSON strings (not foreign keys),
- * so deleting a permission from this table won't break existing roles.
- *
- * Purpose:
- * - Provides autocomplete/suggestions when adding permissions to roles
- * - Prevents typos and ensures consistency
- * - Allows tracking permission descriptions and metadata
- * - Can be used for permission documentation/management
- *
- * Note: Permissions are unique per (name, guard) combination
- */
-@Entity('nest_auth_permissions')
-@Unique(['name', 'guard'])
-export class NestAuthPermission extends BaseEntity {
-    @PrimaryGeneratedColumn('uuid')
-    id: string;
-    @Column()
-    @Index()
-    name: string;
-    @Column({ nullable: true, default: DEFAULT_GUARD_NAME })
-    @Index()
-    guard: string;
-    @Column({ nullable: true, type: 'text' })
-    description?: string;
-    @Column({ nullable: true })
-    category?: string; // e.g., 'users', 'posts', 'admin', etc.
-    @Column({ type: 'simple-json', nullable: true, default: '{}' })
-    metadata?: Record<string, any>;
-    @CreateDateColumn()
-    createdAt: Date;
-    @UpdateDateColumn()
-    updatedAt: Date;
-}

package/src/lib/permission/permission.module.ts DELETED Viewed

@@ -1,14 +0,0 @@
-import { Module } from '@nestjs/common';
-import { TypeOrmModule } from '@nestjs/typeorm';
-import { NestAuthPermission } from './entities/permission.entity';
-import { PermissionService } from './services/permission.service';
-@Module({
-    imports: [
-        TypeOrmModule.forFeature([NestAuthPermission]),
-    ],
-    providers: [PermissionService],
-    exports: [PermissionService, TypeOrmModule],
-})
-export class PermissionModule { }

package/src/lib/request-context/request-context.middleware.ts DELETED Viewed

@@ -1,13 +0,0 @@
-import { Injectable, NestMiddleware } from '@nestjs/common';
-import { RequestContext } from './request-context';
-@Injectable()
-export class RequestContextMiddleware implements NestMiddleware {
-    use(req, res, next) {
-        RequestContext.create(req, res, next);
-    }
-}