@ackplus/nest-auth 1.1.1 → 1.1.2

package/src/lib/auth/controllers/auth.controller.d.ts

@@ -0,0 +1,67 @@
+import { AuthService } from '../services/auth.service';
+import { Verify2faRequestDto } from '../dto/requests/verify-2fa.request.dto';
+import { RefreshTokenRequestDto } from '../dto/requests/refresh-token.request.dto';
+import { Response } from 'express';
+import { CookieService } from '../services/cookie.service';
+import { AuthConfigService } from '../../core/services/auth-config.service';
+import { SignupRequestDto } from '../dto/requests/signup.request.dto';
+import { LoginRequestDto } from '../dto/requests/login.request.dto';
+import { MessageResponseDto, MFAMethodEnum } from '../../core';
+import { ForgotPasswordRequestDto } from '../dto/requests/forgot-password.request.dto';
+import { ResetPasswordRequestDto } from '../dto/requests/reset-password.request.dto';
+import { VerifyForgotPasswordOtpRequestDto } from '../dto/requests/verify-forgot-password-otp-request-dto';
+import { ResetPasswordWithTokenRequestDto } from '../dto/requests/reset-password-with-token.request.dto';
+import { VerifyOtpResponseDto } from '../dto/responses/verify-otp.response.dto';
+import { ChangePasswordRequestDto } from '../dto/requests/change-password.request.dto';
+import { SendEmailVerificationRequestDto } from '../dto/requests/send-email-verification.request.dto';
+import { VerifyEmailRequestDto } from '../dto/requests/verify-email.request.dto';
+import { ClientConfigService } from '../services/client-config.service';
+import { ClientConfigResponseDto } from '../dto/responses/client-config.response.dto';
+export declare class AuthController {
+    private readonly authService;
+    private readonly cookieService;
+    private readonly authConfig;
+    private readonly clientConfigService;
+    constructor(authService: AuthService, cookieService: CookieService, authConfig: AuthConfigService, clientConfigService: ClientConfigService);
+    /**
+     * Check if using cookie-based authentication
+     */
+    protected isUsingCookies(): boolean;
+    /**
+     * Handle auth response based on configuration
+     * - If cookie mode: Sets tokens in cookies, returns success message
+     * - If header mode: Returns tokens in response body
+     */
+    protected handleAuthResponse(res: Response, authResult: {
+        accessToken: string;
+        refreshToken: string;
+        isRequiresMfa: boolean;
+    }, successMessage?: string): void;
+    /**
+     * Handle 2FA verification response based on configuration
+     */
+    protected handle2faResponse(res: Response, authResult: {
+        accessToken: string;
+        refreshToken: string;
+    }): void;
+    signup(input: SignupRequestDto, res: Response): Promise<void>;
+    login(input: LoginRequestDto, res: Response): Promise<void>;
+    refreshToken(input: RefreshTokenRequestDto, res: Response): Promise<void>;
+    send2faCode(method: MFAMethodEnum): Promise<{
+        message: string;
+    }>;
+    verify2fa(input: Verify2faRequestDto, res: Response): Promise<void>;
+    logout(res: Response): Promise<void>;
+    logoutAll(): Promise<MessageResponseDto>;
+    changePassword(input: ChangePasswordRequestDto, res: Response): Promise<void>;
+    forgotPassword(input: ForgotPasswordRequestDto): Promise<MessageResponseDto>;
+    verifyForgotPasswordOtp(input: VerifyForgotPasswordOtpRequestDto): Promise<VerifyOtpResponseDto>;
+    resetPassword(input: ResetPasswordRequestDto): Promise<MessageResponseDto>;
+    resetPasswordWithToken(input: ResetPasswordWithTokenRequestDto): Promise<MessageResponseDto>;
+    getUser(): Promise<import("../../core").NestAuthUser>;
+    sendEmailVerification(input: SendEmailVerificationRequestDto): Promise<MessageResponseDto>;
+    verifyEmail(input: VerifyEmailRequestDto): Promise<MessageResponseDto>;
+    getClientConfig(): Promise<ClientConfigResponseDto>;
+    ssoCallback(provider: string, data: any, res: Response): Promise<void>;
+}
+//# sourceMappingURL=auth.controller.d.ts.map

package/src/lib/auth/controllers/auth.controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.controller.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/controllers/auth.controller.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAC;AAC7E,OAAO,EAAE,sBAAsB,EAAE,MAAM,2CAA2C,CAAC;AACnF,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAGnC,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AAG5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAEpE,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAW,MAAM,YAAY,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,6CAA6C,CAAC;AACvF,OAAO,EAAE,uBAAuB,EAAE,MAAM,4CAA4C,CAAC;AAErF,OAAO,EAAE,iCAAiC,EAAE,MAAM,wDAAwD,CAAC;AAC3G,OAAO,EAAE,gCAAgC,EAAE,MAAM,uDAAuD,CAAC;AACzG,OAAO,EAAE,oBAAoB,EAAE,MAAM,0CAA0C,CAAC;AAChF,OAAO,EAAE,wBAAwB,EAAE,MAAM,6CAA6C,CAAC;AACvF,OAAO,EAAE,+BAA+B,EAAE,MAAM,qDAAqD,CAAC;AACtG,OAAO,EAAE,qBAAqB,EAAE,MAAM,0CAA0C,CAAC;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EAAE,uBAAuB,EAAE,MAAM,6CAA6C,CAAC;AAGtF,qBACa,cAAc;IAEnB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,mBAAmB;gBAHnB,WAAW,EAAE,WAAW,EACxB,aAAa,EAAE,aAAa,EAC5B,UAAU,EAAE,iBAAiB,EAC7B,mBAAmB,EAAE,mBAAmB;IAG7D;;OAEG;IACH,SAAS,CAAC,cAAc,IAAI,OAAO;IAKnC;;;;OAIG;IACH,SAAS,CAAC,kBAAkB,CACxB,GAAG,EAAE,QAAQ,EACb,UAAU,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,OAAO,CAAA;KAAE,EACjF,cAAc,GAAE,MAAoC,GACrD,IAAI;IAmBP;;OAEG;IACH,SAAS,CAAC,iBAAiB,CACvB,GAAG,EAAE,QAAQ,EACb,UAAU,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,GAC1D,IAAI;IA4BD,MAAM,CAAS,KAAK,EAAE,gBAAgB,EAAS,GAAG,EAAE,QAAQ;IAe5D,KAAK,CAAS,KAAK,EAAE,eAAe,EAAS,GAAG,EAAE,QAAQ;IAe1D,YAAY,CAAS,KAAK,EAAE,sBAAsB,EAAS,GAAG,EAAE,QAAQ;IAaxE,WAAW,CAAiB,MAAM,EAAE,aAAa;;;IAkBjD,SAAS,CAAS,KAAK,EAAE,mBAAmB,EAAS,GAAG,EAAE,QAAQ;IAWlE,MAAM,CAAQ,GAAG,EAAE,QAAQ;IAiB3B,SAAS,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAYxC,cAAc,CAAS,KAAK,EAAE,wBAAwB,EAAS,GAAG,EAAE,QAAQ;IAU5E,cAAc,CAAS,KAAK,EAAE,wBAAwB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAUpF,uBAAuB,CAAS,KAAK,EAAE,iCAAiC,GAAG,OAAO,CAAC,oBAAoB,CAAC;IASxG,aAAa,CAAS,KAAK,EAAE,uBAAuB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAUlF,sBAAsB,CAAS,KAAK,EAAE,gCAAgC,GAAG,OAAO,CAAC,kBAAkB,CAAC;IASpG,OAAO;IAUP,qBAAqB,CAAS,KAAK,EAAE,+BAA+B,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAUlG,WAAW,CAAS,KAAK,EAAE,qBAAqB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAW9E,eAAe,IAAI,OAAO,CAAC,uBAAuB,CAAC;IASnD,WAAW,CACM,QAAQ,EAAE,MAAM,EAC1B,IAAI,EAAE,GAAG,EACX,GAAG,EAAE,QAAQ;CA6F3B"}

package/src/lib/auth/controllers/auth.controller.js

@@ -0,0 +1,471 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthController = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const auth_service_1 = require("../services/auth.service");
+const verify_2fa_request_dto_1 = require("../dto/requests/verify-2fa.request.dto");
+const refresh_token_request_dto_1 = require("../dto/requests/refresh-token.request.dto");
+const swagger_1 = require("@nestjs/swagger");
+const swagger_2 = require("@nestjs/swagger");
+const cookie_service_1 = require("../services/cookie.service");
+const auth_config_service_1 = require("../../core/services/auth-config.service");
+const auth_response_dto_1 = require("../dto/responses/auth.response.dto");
+const auth_cookie_response_dto_1 = require("../dto/responses/auth-cookie.response.dto");
+const signup_request_dto_1 = require("../dto/requests/signup.request.dto");
+const login_request_dto_1 = require("../dto/requests/login.request.dto");
+const request_context_1 = require("../../request-context/request-context");
+const core_1 = require("../../core");
+const forgot_password_request_dto_1 = require("../dto/requests/forgot-password.request.dto");
+const reset_password_request_dto_1 = require("../dto/requests/reset-password.request.dto");
+const auth_guard_1 = require("../guards/auth.guard");
+const verify_forgot_password_otp_request_dto_1 = require("../dto/requests/verify-forgot-password-otp-request-dto");
+const reset_password_with_token_request_dto_1 = require("../dto/requests/reset-password-with-token.request.dto");
+const verify_otp_response_dto_1 = require("../dto/responses/verify-otp.response.dto");
+const change_password_request_dto_1 = require("../dto/requests/change-password.request.dto");
+const send_email_verification_request_dto_1 = require("../dto/requests/send-email-verification.request.dto");
+const verify_email_request_dto_1 = require("../dto/requests/verify-email.request.dto");
+const client_config_service_1 = require("../services/client-config.service");
+const client_config_response_dto_1 = require("../dto/responses/client-config.response.dto");
+let AuthController = class AuthController {
+    constructor(authService, cookieService, authConfig, clientConfigService) {
+        this.authService = authService;
+        this.cookieService = cookieService;
+        this.authConfig = authConfig;
+        this.clientConfigService = clientConfigService;
+    }
+    /**
+     * Check if using cookie-based authentication
+     */
+    isUsingCookies() {
+        const config = this.authConfig.getConfig();
+        return config.accessTokenType === 'cookie';
+    }
+    /**
+     * Handle auth response based on configuration
+     * - If cookie mode: Sets tokens in cookies, returns success message
+     * - If header mode: Returns tokens in response body
+     */
+    handleAuthResponse(res, authResult, successMessage = 'Authentication successful') {
+        if (this.isUsingCookies()) {
+            // Cookie mode: Set tokens in cookies, return success message
+            this.cookieService.setTokens(res, authResult.accessToken, authResult.refreshToken);
+            res.status(200).json({
+                message: successMessage,
+                isRequiresMfa: authResult.isRequiresMfa
+            });
+        }
+        else {
+            // Header mode: Return tokens in response body
+            res.status(200).json({
+                message: successMessage,
+                accessToken: authResult.accessToken,
+                refreshToken: authResult.refreshToken,
+                isRequiresMfa: authResult.isRequiresMfa
+            });
+        }
+    }
+    /**
+     * Handle 2FA verification response based on configuration
+     */
+    handle2faResponse(res, authResult) {
+        if (this.isUsingCookies()) {
+            // Cookie mode: Set tokens in cookies, return success message
+            this.cookieService.setTokens(res, authResult.accessToken, authResult.refreshToken);
+            res.status(200).json({
+                message: '2FA verification successful'
+                // Note: No isRequiresMfa for 2FA verification (it's already verified)
+            });
+        }
+        else {
+            // Header mode: Return message AND tokens in response body
+            res.status(200).json({
+                message: '2FA verification successful',
+                accessToken: authResult.accessToken,
+                refreshToken: authResult.refreshToken
+            });
+        }
+    }
+    async signup(input, res) {
+        const response = await this.authService.signup(input);
+        this.handleAuthResponse(res, response, 'Signup successful');
+    }
+    async login(input, res) {
+        const response = await this.authService.login(input);
+        this.handleAuthResponse(res, response, 'Login successful');
+    }
+    async refreshToken(input, res) {
+        const response = await this.authService.refreshToken(input.refreshToken);
+        // Note: Refresh response doesn't have isRequiresMfa, so we create a compatible object
+        this.handleAuthResponse(res, { ...response, isRequiresMfa: false }, 'Token refreshed successfully');
+    }
+    async send2faCode(method) {
+        const user = request_context_1.RequestContext.currentUser();
+        await this.authService.send2faCode(user.id, method);
+        return { message: '2FA code sent successfully' };
+    }
+    async verify2fa(input, res) {
+        const response = await this.authService.verify2fa(input);
+        this.handle2faResponse(res, response);
+    }
+    async logout(res) {
+        await this.authService.logout();
+        // Only clear cookies if using cookie-based auth
+        if (this.isUsingCookies()) {
+            this.cookieService.clearCookies(res);
+        }
+        res.status(200).json({ message: 'Logged out successfully' });
+    }
+    async logoutAll() {
+        const user = request_context_1.RequestContext.currentUser();
+        await this.authService.logoutAll(user.id);
+        return { message: 'Logged out from all devices successfully' };
+    }
+    async changePassword(input, res) {
+        const response = await this.authService.changePassword(input);
+        this.handleAuthResponse(res, response, 'Password updated successfully');
+    }
+    async forgotPassword(input) {
+        await this.authService.forgotPassword(input);
+        return { message: 'If the account exists, a password reset code has been sent' };
+    }
+    async verifyForgotPasswordOtp(input) {
+        return await this.authService.verifyForgotPasswordOtp(input);
+    }
+    async resetPassword(input) {
+        await this.authService.resetPassword(input);
+        return { message: 'Password reset successfully' };
+    }
+    async resetPasswordWithToken(input) {
+        await this.authService.resetPasswordWithToken(input);
+        return { message: 'Password reset successfully' };
+    }
+    async getUser() {
+        return await this.authService.getUser();
+    }
+    async sendEmailVerification(input) {
+        return await this.authService.sendEmailVerification(input);
+    }
+    async verifyEmail(input) {
+        return await this.authService.verifyEmail(input);
+    }
+    async getClientConfig() {
+        return await this.clientConfigService.getClientConfig();
+    }
+    async ssoCallback(provider, data, res) {
+        const jsonData = JSON.stringify(data);
+        const escapedData = jsonData.replace(/</g, '\\u003c').replace(/>/g, '\\u003e');
+        const html = `<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>SSO Callback</title>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
+            display: flex;
+            justify-content: center;
+            align-items: center;
+            min-height: 100vh;
+            margin: 0;
+            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+        }
+        .container {
+            background: white;
+            padding: 2rem;
+            border-radius: 8px;
+            box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
+            text-align: center;
+            max-width: 400px;
+        }
+        .spinner {
+            border: 3px solid #f3f3f3;
+            border-top: 3px solid #667eea;
+            border-radius: 50%;
+            width: 40px;
+            height: 40px;
+            animation: spin 1s linear infinite;
+            margin: 0 auto 1rem;
+        }
+        @keyframes spin {
+            0% { transform: rotate(0deg); }
+            100% { transform: rotate(360deg); }
+        }
+        .message {
+            color: #333;
+            margin-top: 1rem;
+        }
+        .error {
+            color: #dc3545;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="spinner"></div>
+        <div class="message" id="message">Processing...</div>
+    </div>
+    <script>
+        (function() {
+            const data = ${escapedData};
+
+            // Post message to parent window
+            if (window.opener) {
+                window.opener.postMessage({
+                    type: 'nest-auth-sso-callback',
+                    ...data
+                }, '*');
+
+                // Auto-close immediately
+                window.close();
+            } else if (window.parent && window.parent !== window) {
+                // Iframe context
+                window.parent.postMessage({
+                    type: 'nest-auth-sso-callback',
+                    ...data
+                }, '*');
+                // Note: Can't close iframe from inside
+            } else {
+                // No parent window, show message
+                document.getElementById('message').textContent = data.success
+                    ? 'Success! You can close this window.'
+                    : 'Error: ' + (data.errorDescription || data.error);
+                document.getElementById('message').className = data.success ? 'message' : 'message error';
+            }
+        })();
+    </script>
+</body>
+</html>`;
+        res.setHeader('Content-Type', 'text/html');
+        res.status(200).send(html);
+    }
+};
+exports.AuthController = AuthController;
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({
+        summary: 'Signup',
+        description: 'Register a new user. Response format depends on accessTokenType configuration:\n' +
+            '- Header mode (default): Returns tokens in response body\n' +
+            '- Cookie mode: Sets tokens in HTTP-only cookies and returns success message'
+    }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: auth_response_dto_1.AuthWithTokensResponseDto, description: 'Header mode: Returns message + tokens in body' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: auth_cookie_response_dto_1.AuthCookieResponseDto, description: 'Cookie mode: Returns message only, tokens in cookies' }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('signup'),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [signup_request_dto_1.SignupRequestDto, Object]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "signup", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({
+        summary: 'Login',
+        description: 'Authenticate user. Response format depends on accessTokenType configuration:\n' +
+            '- Header mode (default): Returns tokens in response body\n' +
+            '- Cookie mode: Sets tokens in HTTP-only cookies and returns success message'
+    }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: auth_response_dto_1.AuthWithTokensResponseDto, description: 'Header mode: Returns message + tokens in body' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: auth_cookie_response_dto_1.AuthCookieResponseDto, description: 'Cookie mode: Returns message only, tokens in cookies' }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('login'),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [login_request_dto_1.LoginRequestDto, Object]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "login", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({
+        summary: 'Refresh Token',
+        description: 'Refresh access token. Response format depends on accessTokenType configuration:\n' +
+            '- Header mode (default): Returns new tokens in response body\n' +
+            '- Cookie mode: Sets new tokens in HTTP-only cookies and returns success message'
+    }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: auth_response_dto_1.AuthWithTokensResponseDto, description: 'Header mode: Returns message + tokens in body' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: auth_cookie_response_dto_1.AuthCookieResponseDto, description: 'Cookie mode: Returns message only, tokens in cookies' }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('refresh-token'),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [refresh_token_request_dto_1.RefreshTokenRequestDto, Object]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "refreshToken", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({ summary: 'Send 2FA Code' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: core_1.MessageResponseDto }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('send-2fa-code'),
+    (0, core_1.SkipMfa)(),
+    (0, common_1.UseGuards)(auth_guard_1.NestAuthAuthGuard),
+    tslib_1.__param(0, (0, common_1.Body)('method')),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [String]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "send2faCode", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({
+        summary: 'Verify 2FA',
+        description: 'Verify two-factor authentication. Response format depends on accessTokenType configuration:\n' +
+            '- Header mode (default): Returns tokens in response body\n' +
+            '- Cookie mode: Sets tokens in HTTP-only cookies and returns success message'
+    }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: auth_response_dto_1.Verify2faWithTokensResponseDto, description: 'Header mode: Returns message + tokens in body' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: auth_cookie_response_dto_1.AuthCookieResponseDto, description: 'Cookie mode: Returns message only, tokens in cookies' }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('verify-2fa'),
+    (0, core_1.SkipMfa)(),
+    (0, common_1.UseGuards)(auth_guard_1.NestAuthAuthGuard),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [verify_2fa_request_dto_1.Verify2faRequestDto, Object]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "verify2fa", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({ summary: 'Logout' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: core_1.MessageResponseDto }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('logout'),
+    (0, core_1.SkipMfa)(),
+    (0, common_1.UseGuards)(auth_guard_1.NestAuthAuthGuard),
+    tslib_1.__param(0, (0, common_1.Res)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "logout", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({ summary: 'Logout All' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: core_1.MessageResponseDto }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('logout-all'),
+    (0, core_1.SkipMfa)(),
+    (0, common_1.UseGuards)(auth_guard_1.NestAuthAuthGuard),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "logoutAll", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({ summary: 'Change Password' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: auth_response_dto_1.AuthWithTokensResponseDto }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('change-password'),
+    (0, core_1.SkipMfa)(),
+    (0, common_1.UseGuards)(auth_guard_1.NestAuthAuthGuard),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__param(1, (0, common_1.Res)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [change_password_request_dto_1.ChangePasswordRequestDto, Object]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "changePassword", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({ summary: 'Forgot Password' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: core_1.MessageResponseDto }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('forgot-password'),
+    (0, core_1.SkipMfa)(),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [forgot_password_request_dto_1.ForgotPasswordRequestDto]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "forgotPassword", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({ summary: 'Verify Forgot Password OTP and get reset token' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: verify_otp_response_dto_1.VerifyOtpResponseDto }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('verify-forgot-password-otp'),
+    (0, core_1.SkipMfa)(),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [verify_forgot_password_otp_request_dto_1.VerifyForgotPasswordOtpRequestDto]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "verifyForgotPasswordOtp", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({ summary: 'Reset Password (Legacy - using OTP)' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: core_1.MessageResponseDto }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('reset-password'),
+    (0, core_1.SkipMfa)(),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [reset_password_request_dto_1.ResetPasswordRequestDto]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "resetPassword", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({ summary: 'Reset Password with Token' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: core_1.MessageResponseDto }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('reset-password-with-token'),
+    (0, core_1.SkipMfa)(),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [reset_password_with_token_request_dto_1.ResetPasswordWithTokenRequestDto]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "resetPasswordWithToken", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({ summary: 'Get Logged In User' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: auth_response_dto_1.UserResponseDto }),
+    (0, common_1.UseGuards)(auth_guard_1.NestAuthAuthGuard),
+    (0, common_1.Get)('user'),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "getUser", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({ summary: 'Send Email Verification' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: core_1.MessageResponseDto }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('send-email-verification'),
+    (0, core_1.SkipMfa)(),
+    (0, common_1.UseGuards)(auth_guard_1.NestAuthAuthGuard),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [send_email_verification_request_dto_1.SendEmailVerificationRequestDto]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "sendEmailVerification", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({ summary: 'Verify Email' }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: core_1.MessageResponseDto }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Post)('verify-email'),
+    (0, core_1.SkipMfa)(),
+    (0, common_1.UseGuards)(auth_guard_1.NestAuthAuthGuard),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [verify_email_request_dto_1.VerifyEmailRequestDto]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "verifyEmail", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({
+        summary: 'Get Client Configuration',
+        description: 'Returns backend configuration for frontend clients. Includes enabled auth methods, registration settings, MFA options, tenant configuration, and SSO providers. Can be customized via clientConfig.factory in AuthModuleOptions.',
+    }),
+    (0, swagger_1.ApiResponse)({ status: 200, type: client_config_response_dto_1.ClientConfigResponseDto }),
+    (0, common_1.HttpCode)(200),
+    (0, common_1.Get)('client-config'),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "getClientConfig", null);
+tslib_1.__decorate([
+    (0, swagger_2.ApiOperation)({
+        summary: 'SSO Callback',
+        description: 'OAuth callback endpoint for SSO providers. Exchanges authorization code for access token and returns raw SSO user info. Returns HTML page that posts SSO data to parent window and auto-closes.',
+    }),
+    (0, common_1.Get)('callback/:provider'),
+    tslib_1.__param(0, (0, common_1.Param)('provider')),
+    tslib_1.__param(1, (0, common_1.Query)()),
+    tslib_1.__param(2, (0, common_1.Res)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [String, Object, Object]),
+    tslib_1.__metadata("design:returntype", Promise)
+], AuthController.prototype, "ssoCallback", null);
+exports.AuthController = AuthController = tslib_1.__decorate([
+    (0, common_1.Controller)('auth'),
+    tslib_1.__metadata("design:paramtypes", [auth_service_1.AuthService,
+        cookie_service_1.CookieService,
+        auth_config_service_1.AuthConfigService,
+        client_config_service_1.ClientConfigService])
+], AuthController);

package/src/lib/auth/controllers/mfa.controller.d.ts

@@ -0,0 +1,34 @@
+import { MessageResponseDto } from '../../core';
+import { MfaService } from '../services/mfa.service';
+import { SendMfaCodeRequestDto } from '../dto/requests/send-mfa-code.request.dto';
+import { VerifyTotpSetupRequestDto } from '../dto/requests/verify-totp-setup.request.dto';
+import { ToggleMfaRequestDto } from '../dto/requests/toggle-mfa.request.dto';
+import { MfaStatusResponseDto, MfaDeviceDto } from '../dto/responses/mfa-status.response.dto';
+import { AuthConfigService } from '../../core/services/auth-config.service';
+export declare class MfaController {
+    private readonly mfaService;
+    private readonly authConfig;
+    constructor(mfaService: MfaService, authConfig: AuthConfigService);
+    private getCurrentUserOrThrow;
+    getStatus(): Promise<MfaStatusResponseDto>;
+    toggleMfa(input: ToggleMfaRequestDto): Promise<MessageResponseDto>;
+    listDevices(): Promise<MfaDeviceDto[]>;
+    removeDevice(deviceId: string): Promise<MessageResponseDto>;
+    sendMfaCode(input: SendMfaCodeRequestDto): Promise<{
+        message: string;
+    }>;
+    setupTotp(): Promise<{
+        secret: string;
+        qrCode: string;
+    }>;
+    verifyTotpSetup(input: VerifyTotpSetupRequestDto): Promise<{
+        message: string;
+    }>;
+    generateRecoveryCodes(): Promise<{
+        code: string;
+    }>;
+    resetTotp(code: string): Promise<{
+        message: string;
+    }>;
+}
+//# sourceMappingURL=mfa.controller.d.ts.map

package/src/lib/auth/controllers/mfa.controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mfa.controller.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/controllers/mfa.controller.ts"],"names":[],"mappings":"AACA,OAAO,EAAW,kBAAkB,EAA+B,MAAM,YAAY,CAAC;AACtF,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAErD,OAAO,EAAE,qBAAqB,EAAE,MAAM,2CAA2C,CAAC;AAClF,OAAO,EAAE,yBAAyB,EAAE,MAAM,+CAA+C,CAAC;AAI1F,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAC;AAC7E,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,0CAA0C,CAAC;AAC9F,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AAE5E,qBACa,aAAa;IAElB,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,UAAU;gBADV,UAAU,EAAE,UAAU,EACtB,UAAU,EAAE,iBAAiB;IAGlD,OAAO,CAAC,qBAAqB;IAcvB,SAAS,IAAI,OAAO,CAAC,oBAAoB,CAAC;IAqC1C,SAAS,CAAS,KAAK,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAoB1E,WAAW,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;IAatC,YAAY,CAAoB,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAc9E,WAAW,CAAS,KAAK,EAAE,qBAAqB;;;IAehD,SAAS;;;;IA4BT,eAAe,CAAS,KAAK,EAAE,yBAAyB;;;IAmBxD,qBAAqB;;;IAcrB,SAAS,CAAe,IAAI,EAAE,MAAM;;;CAK7C"}