@ackplus/nest-auth 1.1.1 → 1.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/src/{index.ts → index.d.ts} +2 -18
- package/src/index.d.ts.map +1 -0
- package/src/index.js +24 -0
- package/src/lib/admin-console/admin-console.module.d.ts +3 -0
- package/src/lib/admin-console/admin-console.module.d.ts.map +1 -0
- package/src/lib/admin-console/admin-console.module.js +69 -0
- package/src/lib/admin-console/controllers/admin-auth.controller.d.ts +134 -0
- package/src/lib/admin-console/controllers/admin-auth.controller.d.ts.map +1 -0
- package/src/lib/admin-console/controllers/admin-auth.controller.js +374 -0
- package/src/lib/admin-console/controllers/admin-console.controller.d.ts +14 -0
- package/src/lib/admin-console/controllers/admin-console.controller.d.ts.map +1 -0
- package/src/lib/admin-console/controllers/admin-console.controller.js +87 -0
- package/src/lib/admin-console/controllers/admin-permissions.controller.d.ts +86 -0
- package/src/lib/admin-console/controllers/admin-permissions.controller.d.ts.map +1 -0
- package/src/lib/admin-console/controllers/admin-permissions.controller.js +195 -0
- package/src/lib/admin-console/controllers/admin-roles.controller.d.ts +47 -0
- package/src/lib/admin-console/controllers/admin-roles.controller.d.ts.map +1 -0
- package/src/lib/admin-console/controllers/admin-roles.controller.js +95 -0
- package/src/lib/admin-console/controllers/admin-tenants.controller.d.ts +44 -0
- package/src/lib/admin-console/controllers/admin-tenants.controller.d.ts.map +1 -0
- package/src/lib/admin-console/controllers/admin-tenants.controller.js +86 -0
- package/src/lib/admin-console/controllers/admin-users.controller.d.ts +146 -0
- package/src/lib/admin-console/controllers/admin-users.controller.d.ts.map +1 -0
- package/src/lib/admin-console/controllers/admin-users.controller.js +400 -0
- package/src/lib/admin-console/decorators/current-admin.decorator.d.ts +2 -0
- package/src/lib/admin-console/decorators/current-admin.decorator.d.ts.map +1 -0
- package/src/lib/admin-console/decorators/current-admin.decorator.js +8 -0
- package/src/lib/admin-console/dto/admin-permission.dto.d.ts +16 -0
- package/src/lib/admin-console/dto/admin-permission.dto.d.ts.map +1 -0
- package/src/lib/admin-console/dto/admin-permission.dto.js +123 -0
- package/src/lib/admin-console/dto/admin-role.dto.d.ts +13 -0
- package/src/lib/admin-console/dto/admin-role.dto.d.ts.map +1 -0
- package/src/lib/admin-console/dto/admin-role.dto.js +53 -0
- package/src/lib/admin-console/dto/admin-tenant.dto.d.ts +13 -0
- package/src/lib/admin-console/dto/admin-tenant.dto.d.ts.map +1 -0
- package/src/lib/admin-console/dto/admin-tenant.dto.js +57 -0
- package/src/lib/admin-console/dto/admin-user.dto.d.ts +21 -0
- package/src/lib/admin-console/dto/admin-user.dto.d.ts.map +1 -0
- package/src/lib/admin-console/dto/admin-user.dto.js +94 -0
- package/src/lib/admin-console/dto/create-dashboard-admin.dto.d.ts +10 -0
- package/src/lib/admin-console/dto/create-dashboard-admin.dto.d.ts.map +1 -0
- package/src/lib/admin-console/dto/create-dashboard-admin.dto.js +39 -0
- package/src/lib/admin-console/dto/login.dto.d.ts +5 -0
- package/src/lib/admin-console/dto/login.dto.d.ts.map +1 -0
- package/src/lib/admin-console/dto/login.dto.js +17 -0
- package/src/lib/admin-console/dto/reset-password.dto.d.ts +6 -0
- package/src/lib/admin-console/dto/reset-password.dto.d.ts.map +1 -0
- package/src/lib/admin-console/dto/reset-password.dto.js +26 -0
- package/src/lib/admin-console/dto/setup-admin.dto.d.ts +7 -0
- package/src/lib/admin-console/dto/setup-admin.dto.d.ts.map +1 -0
- package/src/lib/admin-console/dto/setup-admin.dto.js +29 -0
- package/src/lib/admin-console/dto/signup.dto.d.ts +8 -0
- package/src/lib/admin-console/dto/signup.dto.d.ts.map +1 -0
- package/src/lib/admin-console/dto/signup.dto.js +58 -0
- package/src/lib/admin-console/entities/admin-user.entity.d.ts +16 -0
- package/src/lib/admin-console/entities/admin-user.entity.d.ts.map +1 -0
- package/src/lib/admin-console/entities/admin-user.entity.js +86 -0
- package/src/lib/admin-console/guards/admin-session.guard.d.ts +17 -0
- package/src/lib/admin-console/guards/admin-session.guard.d.ts.map +1 -0
- package/src/lib/admin-console/guards/admin-session.guard.js +40 -0
- package/src/lib/admin-console/services/admin-auth.service.d.ts +22 -0
- package/src/lib/admin-console/services/admin-auth.service.d.ts.map +1 -0
- package/src/lib/admin-console/services/admin-auth.service.js +77 -0
- package/src/lib/admin-console/services/admin-console-config.service.d.ts +17 -0
- package/src/lib/admin-console/services/admin-console-config.service.d.ts.map +1 -0
- package/src/lib/admin-console/services/admin-console-config.service.js +58 -0
- package/src/lib/admin-console/services/admin-session.service.d.ts +27 -0
- package/src/lib/admin-console/services/admin-session.service.d.ts.map +1 -0
- package/src/lib/admin-console/services/admin-session.service.js +94 -0
- package/src/lib/admin-console/services/admin-user.service.d.ts +24 -0
- package/src/lib/admin-console/services/admin-user.service.d.ts.map +1 -0
- package/src/lib/admin-console/services/admin-user.service.js +87 -0
- package/src/lib/auth/auth.module.d.ts +3 -0
- package/src/lib/auth/auth.module.d.ts.map +1 -0
- package/src/lib/auth/auth.module.js +64 -0
- package/src/lib/auth/controllers/auth.controller.d.ts +67 -0
- package/src/lib/auth/controllers/auth.controller.d.ts.map +1 -0
- package/src/lib/auth/controllers/auth.controller.js +471 -0
- package/src/lib/auth/controllers/mfa.controller.d.ts +34 -0
- package/src/lib/auth/controllers/mfa.controller.d.ts.map +1 -0
- package/src/lib/auth/controllers/mfa.controller.js +230 -0
- package/src/lib/auth/dto/credentials/email-credentials.dto.d.ts +8 -0
- package/src/lib/auth/dto/credentials/email-credentials.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/credentials/email-credentials.dto.js +31 -0
- package/src/lib/auth/dto/credentials/phone-credentials.dto.d.ts +8 -0
- package/src/lib/auth/dto/credentials/phone-credentials.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/credentials/phone-credentials.dto.js +31 -0
- package/src/lib/auth/dto/credentials/social-credentials.dto.d.ts +7 -0
- package/src/lib/auth/dto/credentials/social-credentials.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/credentials/social-credentials.dto.js +21 -0
- package/src/lib/auth/dto/index.d.ts +1 -0
- package/src/lib/auth/dto/index.d.ts.map +1 -0
- package/src/lib/auth/dto/index.js +0 -0
- package/src/lib/auth/dto/requests/change-password.request.dto.d.ts +5 -0
- package/src/lib/auth/dto/requests/change-password.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/change-password.request.dto.js +42 -0
- package/src/lib/auth/dto/requests/forgot-password.request.dto.d.ts +6 -0
- package/src/lib/auth/dto/requests/forgot-password.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/forgot-password.request.dto.js +38 -0
- package/src/lib/auth/dto/requests/initialize-admin.request.dto.d.ts +8 -0
- package/src/lib/auth/dto/requests/initialize-admin.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/initialize-admin.request.dto.js +58 -0
- package/src/lib/auth/dto/requests/login.request.dto.d.ts +13 -0
- package/src/lib/auth/dto/requests/login.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/login.request.dto.js +75 -0
- package/src/lib/auth/dto/requests/refresh-token.request.dto.d.ts +4 -0
- package/src/lib/auth/dto/requests/refresh-token.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/refresh-token.request.dto.js +18 -0
- package/src/lib/auth/dto/requests/reset-password-with-token.request.dto.d.ts +5 -0
- package/src/lib/auth/dto/requests/reset-password-with-token.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/reset-password-with-token.request.dto.js +29 -0
- package/src/lib/auth/dto/requests/reset-password.request.dto.d.ts +8 -0
- package/src/lib/auth/dto/requests/reset-password.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/reset-password.request.dto.js +60 -0
- package/src/lib/auth/dto/requests/send-email-verification.request.dto.d.ts +4 -0
- package/src/lib/auth/dto/requests/send-email-verification.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/send-email-verification.request.dto.js +18 -0
- package/src/lib/auth/dto/requests/send-mfa-code.request.dto.d.ts +5 -0
- package/src/lib/auth/dto/requests/send-mfa-code.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/send-mfa-code.request.dto.js +25 -0
- package/src/lib/auth/dto/requests/signup.request.dto.d.ts +8 -0
- package/src/lib/auth/dto/requests/signup.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/signup.request.dto.js +49 -0
- package/src/lib/auth/dto/requests/toggle-mfa.request.dto.d.ts +4 -0
- package/src/lib/auth/dto/requests/toggle-mfa.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/toggle-mfa.request.dto.js +18 -0
- package/src/lib/auth/dto/requests/verify-2fa.request.dto.d.ts +6 -0
- package/src/lib/auth/dto/requests/verify-2fa.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/verify-2fa.request.dto.js +31 -0
- package/src/lib/auth/dto/requests/verify-email.request.dto.d.ts +5 -0
- package/src/lib/auth/dto/requests/verify-email.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/verify-email.request.dto.js +29 -0
- package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.d.ts +7 -0
- package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js +49 -0
- package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.d.ts +5 -0
- package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.js +29 -0
- package/src/lib/auth/dto/responses/auth-cookie.response.dto.d.ts +41 -0
- package/src/lib/auth/dto/responses/auth-cookie.response.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/responses/{auth-cookie.response.dto.ts → auth-cookie.response.dto.js} +18 -11
- package/src/lib/auth/dto/responses/auth-success.response.dto.d.ts +41 -0
- package/src/lib/auth/dto/responses/auth-success.response.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/responses/{auth-success.response.dto.ts → auth-success.response.dto.js} +18 -11
- package/src/lib/auth/dto/responses/auth.response.dto.d.ts +40 -0
- package/src/lib/auth/dto/responses/auth.response.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/responses/auth.response.dto.js +112 -0
- package/src/lib/auth/dto/responses/client-config.response.dto.d.ts +58 -0
- package/src/lib/auth/dto/responses/client-config.response.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/responses/client-config.response.dto.js +202 -0
- package/src/lib/auth/dto/responses/initialize-admin.response.dto.d.ts +7 -0
- package/src/lib/auth/dto/responses/initialize-admin.response.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/responses/initialize-admin.response.dto.js +30 -0
- package/src/lib/auth/dto/responses/mfa-code-response.dto.d.ts +7 -0
- package/src/lib/auth/dto/responses/mfa-code-response.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/responses/mfa-code-response.dto.js +36 -0
- package/src/lib/auth/dto/responses/mfa-status.response.dto.d.ts +19 -0
- package/src/lib/auth/dto/responses/mfa-status.response.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/responses/mfa-status.response.dto.js +108 -0
- package/src/lib/auth/dto/responses/verify-otp.response.dto.d.ts +5 -0
- package/src/lib/auth/dto/responses/verify-otp.response.dto.d.ts.map +1 -0
- package/src/lib/auth/dto/responses/verify-otp.response.dto.js +16 -0
- package/src/lib/auth/entities/mfa-secret.entity.d.ts +13 -0
- package/src/lib/auth/entities/mfa-secret.entity.d.ts.map +1 -0
- package/src/lib/auth/entities/mfa-secret.entity.js +49 -0
- package/src/lib/auth/entities/otp.entity.d.ts +14 -0
- package/src/lib/auth/entities/otp.entity.d.ts.map +1 -0
- package/src/lib/auth/entities/otp.entity.js +49 -0
- package/src/lib/auth/events/{logged-out-all.event.ts → logged-out-all.event.d.ts} +4 -6
- package/src/lib/auth/events/logged-out-all.event.d.ts.map +1 -0
- package/src/lib/auth/events/logged-out-all.event.js +9 -0
- package/src/lib/auth/events/{logged-out.event.ts → logged-out.event.d.ts} +4 -5
- package/src/lib/auth/events/logged-out.event.d.ts.map +1 -0
- package/src/lib/auth/events/logged-out.event.js +9 -0
- package/src/lib/auth/events/{password-reset-requested.event.ts → password-reset-requested.event.d.ts} +4 -6
- package/src/lib/auth/events/password-reset-requested.event.d.ts.map +1 -0
- package/src/lib/auth/events/password-reset-requested.event.js +9 -0
- package/src/lib/auth/events/{password-reset.event.ts → password-reset.event.d.ts} +4 -6
- package/src/lib/auth/events/password-reset.event.d.ts.map +1 -0
- package/src/lib/auth/events/password-reset.event.js +9 -0
- package/src/lib/auth/events/{user-2fa-verified.event.ts → user-2fa-verified.event.d.ts} +4 -6
- package/src/lib/auth/events/user-2fa-verified.event.d.ts.map +1 -0
- package/src/lib/auth/events/user-2fa-verified.event.js +9 -0
- package/src/lib/auth/events/{user-logged-in.event.ts → user-logged-in.event.d.ts} +4 -7
- package/src/lib/auth/events/user-logged-in.event.d.ts.map +1 -0
- package/src/lib/auth/events/user-logged-in.event.js +10 -0
- package/src/lib/auth/events/{user-refresh-token.event.ts → user-refresh-token.event.d.ts} +4 -6
- package/src/lib/auth/events/user-refresh-token.event.d.ts.map +1 -0
- package/src/lib/auth/events/user-refresh-token.event.js +9 -0
- package/src/lib/auth/events/{user-registered.event.ts → user-registered.event.d.ts} +4 -7
- package/src/lib/auth/events/user-registered.event.d.ts.map +1 -0
- package/src/lib/auth/events/user-registered.event.js +10 -0
- package/src/lib/auth/guards/auth.guard.d.ts +56 -0
- package/src/lib/auth/guards/auth.guard.d.ts.map +1 -0
- package/src/lib/auth/guards/{auth.guard.ts → auth.guard.js} +92 -135
- package/src/lib/auth/{index.ts → index.d.ts} +1 -13
- package/src/lib/auth/index.d.ts.map +1 -0
- package/src/lib/auth/index.js +51 -0
- package/src/lib/auth/interceptors/refresh-token.interceptor.d.ts +43 -0
- package/src/lib/auth/interceptors/refresh-token.interceptor.d.ts.map +1 -0
- package/src/lib/auth/interceptors/{refresh-token.interceptor.ts → refresh-token.interceptor.js} +38 -40
- package/src/lib/auth/services/auth.service.d.ts +67 -0
- package/src/lib/auth/services/auth.service.d.ts.map +1 -0
- package/src/lib/auth/services/{auth.service.ts → auth.service.js} +262 -475
- package/src/lib/auth/services/client-config.service.d.ts +12 -0
- package/src/lib/auth/services/client-config.service.d.ts.map +1 -0
- package/src/lib/auth/services/{client-config.service.ts → client-config.service.js} +28 -33
- package/src/lib/auth/services/cookie.service.d.ts +10 -0
- package/src/lib/auth/services/cookie.service.d.ts.map +1 -0
- package/src/lib/auth/services/cookie.service.js +42 -0
- package/src/lib/auth/services/mfa.service.d.ts +45 -0
- package/src/lib/auth/services/mfa.service.d.ts.map +1 -0
- package/src/lib/auth/services/{mfa.service.ts → mfa.service.js} +105 -184
- package/src/lib/auth.constants.d.ts +43 -0
- package/src/lib/auth.constants.d.ts.map +1 -0
- package/src/lib/auth.constants.js +54 -0
- package/src/lib/core/core.module.d.ts +7 -0
- package/src/lib/core/core.module.d.ts.map +1 -0
- package/src/lib/core/core.module.js +57 -0
- package/src/lib/core/decorators/{auth.decorator.ts → auth.decorator.d.ts} +2 -7
- package/src/lib/core/decorators/auth.decorator.d.ts.map +1 -0
- package/src/lib/core/decorators/auth.decorator.js +38 -0
- package/src/lib/core/decorators/permissions.decorator.d.ts +8 -0
- package/src/lib/core/decorators/permissions.decorator.d.ts.map +1 -0
- package/src/lib/core/decorators/permissions.decorator.js +18 -0
- package/src/lib/core/decorators/{public.decorator.ts → public.decorator.d.ts} +3 -5
- package/src/lib/core/decorators/public.decorator.d.ts.map +1 -0
- package/src/lib/core/decorators/public.decorator.js +35 -0
- package/src/lib/core/decorators/role.decorator.d.ts +4 -0
- package/src/lib/core/decorators/role.decorator.d.ts.map +1 -0
- package/src/lib/core/decorators/role.decorator.js +13 -0
- package/src/lib/core/decorators/skip-mfa.decorator.d.ts +3 -0
- package/src/lib/core/decorators/skip-mfa.decorator.d.ts.map +1 -0
- package/src/lib/core/decorators/skip-mfa.decorator.js +7 -0
- package/src/lib/core/dto/message.response.dto.d.ts +4 -0
- package/src/lib/core/dto/message.response.dto.d.ts.map +1 -0
- package/src/lib/core/dto/message.response.dto.js +12 -0
- package/src/lib/core/{entities.ts → entities.d.ts} +2 -14
- package/src/lib/core/entities.d.ts.map +1 -0
- package/src/lib/core/entities.js +37 -0
- package/src/lib/core/{index.ts → index.d.ts} +1 -15
- package/src/lib/core/index.d.ts.map +1 -0
- package/src/lib/core/index.js +35 -0
- package/src/lib/core/interfaces/{auth-module-options.interface.ts → auth-module-options.interface.d.ts} +13 -16
- package/src/lib/core/interfaces/auth-module-options.interface.d.ts.map +1 -0
- package/src/lib/core/interfaces/auth-module-options.interface.js +2 -0
- package/src/lib/core/interfaces/mfa-options.interface.d.ts +26 -0
- package/src/lib/core/interfaces/mfa-options.interface.d.ts.map +1 -0
- package/src/lib/core/interfaces/mfa-options.interface.js +9 -0
- package/src/lib/core/interfaces/otp.interface.d.ts +6 -0
- package/src/lib/core/interfaces/otp.interface.d.ts.map +1 -0
- package/src/lib/core/interfaces/otp.interface.js +9 -0
- package/src/lib/core/interfaces/session-options.interface.d.ts +16 -0
- package/src/lib/core/interfaces/session-options.interface.d.ts.map +1 -0
- package/src/lib/core/interfaces/session-options.interface.js +9 -0
- package/src/lib/core/interfaces/{token-payload.interface.ts → token-payload.interface.d.ts} +2 -4
- package/src/lib/core/interfaces/token-payload.interface.d.ts.map +1 -0
- package/src/lib/core/interfaces/token-payload.interface.js +2 -0
- package/src/lib/core/providers/apple-auth.provider.d.ts +19 -0
- package/src/lib/core/providers/apple-auth.provider.d.ts.map +1 -0
- package/src/lib/core/providers/apple-auth.provider.js +56 -0
- package/src/lib/core/providers/base-auth.provider.d.ts +33 -0
- package/src/lib/core/providers/base-auth.provider.d.ts.map +1 -0
- package/src/lib/core/providers/base-auth.provider.js +48 -0
- package/src/lib/core/providers/email-auth.provider.d.ts +31 -0
- package/src/lib/core/providers/email-auth.provider.d.ts.map +1 -0
- package/src/lib/core/providers/email-auth.provider.js +66 -0
- package/src/lib/core/providers/facebook-auth.provider.d.ts +19 -0
- package/src/lib/core/providers/facebook-auth.provider.d.ts.map +1 -0
- package/src/lib/core/providers/facebook-auth.provider.js +55 -0
- package/src/lib/core/providers/github-auth.provider.d.ts +24 -0
- package/src/lib/core/providers/github-auth.provider.d.ts.map +1 -0
- package/src/lib/core/providers/{github-auth.provider.ts → github-auth.provider.js} +31 -36
- package/src/lib/core/providers/google-auth.provider.d.ts +22 -0
- package/src/lib/core/providers/google-auth.provider.d.ts.map +1 -0
- package/src/lib/core/providers/google-auth.provider.js +57 -0
- package/src/lib/core/providers/jwt-auth.provider.d.ts +34 -0
- package/src/lib/core/providers/jwt-auth.provider.d.ts.map +1 -0
- package/src/lib/core/providers/jwt-auth.provider.js +49 -0
- package/src/lib/core/providers/phone-auth.provider.d.ts +19 -0
- package/src/lib/core/providers/phone-auth.provider.d.ts.map +1 -0
- package/src/lib/core/providers/phone-auth.provider.js +42 -0
- package/src/lib/core/services/auth-config.service.d.ts +39 -0
- package/src/lib/core/services/auth-config.service.d.ts.map +1 -0
- package/src/lib/core/services/auth-config.service.js +167 -0
- package/src/lib/core/services/auth-provider-registry.service.d.ts +42 -0
- package/src/lib/core/services/auth-provider-registry.service.d.ts.map +1 -0
- package/src/lib/core/services/auth-provider-registry.service.js +91 -0
- package/src/lib/core/services/debug-logger.service.d.ts +39 -0
- package/src/lib/core/services/debug-logger.service.d.ts.map +1 -0
- package/src/lib/core/services/{debug-logger.service.ts → debug-logger.service.js} +57 -88
- package/src/lib/core/services/initialization.service.d.ts +11 -0
- package/src/lib/core/services/initialization.service.d.ts.map +1 -0
- package/src/lib/core/services/initialization.service.js +35 -0
- package/src/lib/core/services/jwt.service.d.ts +23 -0
- package/src/lib/core/services/jwt.service.d.ts.map +1 -0
- package/src/lib/core/services/jwt.service.js +119 -0
- package/src/lib/nest-auth.module.d.ts +11 -0
- package/src/lib/nest-auth.module.d.ts.map +1 -0
- package/src/lib/nest-auth.module.js +144 -0
- package/src/lib/permission/entities/permission.entity.d.ts +27 -0
- package/src/lib/permission/entities/permission.entity.d.ts.map +1 -0
- package/src/lib/permission/entities/permission.entity.js +62 -0
- package/src/lib/permission/{index.ts → index.d.ts} +1 -1
- package/src/lib/permission/index.d.ts.map +1 -0
- package/src/lib/permission/index.js +6 -0
- package/src/lib/permission/permission.module.d.ts +3 -0
- package/src/lib/permission/permission.module.d.ts.map +1 -0
- package/src/lib/permission/permission.module.js +20 -0
- package/src/lib/permission/services/permission.service.d.ts +44 -0
- package/src/lib/permission/services/permission.service.d.ts.map +1 -0
- package/src/lib/permission/services/{permission.service.ts → permission.service.js} +48 -108
- package/src/lib/request-context/{index.ts → index.d.ts} +1 -0
- package/src/lib/request-context/index.d.ts.map +1 -0
- package/src/lib/request-context/index.js +5 -0
- package/src/lib/request-context/request-context.d.ts +23 -0
- package/src/lib/request-context/request-context.d.ts.map +1 -0
- package/src/lib/request-context/{request-context.ts → request-context.js} +26 -44
- package/src/lib/request-context/request-context.middleware.d.ts +5 -0
- package/src/lib/request-context/request-context.middleware.d.ts.map +1 -0
- package/src/lib/request-context/request-context.middleware.js +15 -0
- package/src/lib/role/entities/role.entity.d.ts +21 -0
- package/src/lib/role/entities/role.entity.d.ts.map +1 -0
- package/src/lib/role/entities/role.entity.js +110 -0
- package/src/lib/role/{index.ts → index.d.ts} +1 -2
- package/src/lib/role/index.d.ts.map +1 -0
- package/src/lib/role/index.js +5 -0
- package/src/lib/role/role.module.d.ts +3 -0
- package/src/lib/role/role.module.d.ts.map +1 -0
- package/src/lib/role/role.module.js +22 -0
- package/src/lib/role/services/role.service.d.ts +21 -0
- package/src/lib/role/services/role.service.d.ts.map +1 -0
- package/src/lib/role/services/{role.service.ts → role.service.js} +51 -107
- package/src/lib/session/entities/session.entity.d.ts +17 -0
- package/src/lib/session/entities/session.entity.d.ts.map +1 -0
- package/src/lib/session/entities/session.entity.js +62 -0
- package/src/lib/session/{index.ts → index.d.ts} +1 -11
- package/src/lib/session/index.d.ts.map +1 -0
- package/src/lib/session/index.js +18 -0
- package/src/lib/session/interfaces/{session-repository.interface.ts → session-repository.interface.d.ts} +1 -10
- package/src/lib/session/interfaces/session-repository.interface.d.ts.map +1 -0
- package/src/lib/session/interfaces/session-repository.interface.js +2 -0
- package/src/lib/session/repositories/{base-session.repository.ts → base-session.repository.d.ts} +7 -41
- package/src/lib/session/repositories/base-session.repository.d.ts.map +1 -0
- package/src/lib/session/repositories/base-session.repository.js +59 -0
- package/src/lib/session/repositories/memory-session.repository.d.ts +27 -0
- package/src/lib/session/repositories/memory-session.repository.d.ts.map +1 -0
- package/src/lib/session/repositories/{memory-session.repository.ts → memory-session.repository.js} +41 -61
- package/src/lib/session/repositories/redis-session.repository.d.ts +30 -0
- package/src/lib/session/repositories/redis-session.repository.d.ts.map +1 -0
- package/src/lib/session/repositories/{redis-session.repository.ts → redis-session.repository.js} +45 -75
- package/src/lib/session/repositories/typeorm-session.repository.d.ts +23 -0
- package/src/lib/session/repositories/typeorm-session.repository.d.ts.map +1 -0
- package/src/lib/session/repositories/typeorm-session.repository.js +79 -0
- package/src/lib/session/services/session-manager.service.d.ts +100 -0
- package/src/lib/session/services/session-manager.service.d.ts.map +1 -0
- package/src/lib/session/services/{session-manager.service.ts → session-manager.service.js} +54 -94
- package/src/lib/session/session.module.d.ts +14 -0
- package/src/lib/session/session.module.d.ts.map +1 -0
- package/src/lib/session/session.module.js +96 -0
- package/src/lib/session/utils/session.util.d.ts +73 -0
- package/src/lib/session/utils/session.util.d.ts.map +1 -0
- package/src/lib/session/utils/{session.util.ts → session.util.js} +24 -63
- package/src/lib/tenant/entities/{tenant.entity.ts → tenant.entity.d.ts} +2 -21
- package/src/lib/tenant/entities/tenant.entity.d.ts.map +1 -0
- package/src/lib/tenant/entities/tenant.entity.js +47 -0
- package/src/lib/tenant/events/tenant-created.event.d.ts +9 -0
- package/src/lib/tenant/events/tenant-created.event.d.ts.map +1 -0
- package/src/lib/tenant/events/tenant-created.event.js +9 -0
- package/src/lib/tenant/events/tenant-deleted.event.d.ts +9 -0
- package/src/lib/tenant/events/tenant-deleted.event.d.ts.map +1 -0
- package/src/lib/tenant/events/tenant-deleted.event.js +9 -0
- package/src/lib/tenant/events/tenant-updated.event.d.ts +10 -0
- package/src/lib/tenant/events/tenant-updated.event.d.ts.map +1 -0
- package/src/lib/tenant/events/tenant-updated.event.js +9 -0
- package/src/lib/tenant/{index.ts → index.d.ts} +1 -2
- package/src/lib/tenant/index.d.ts.map +1 -0
- package/src/lib/tenant/index.js +14 -0
- package/src/lib/tenant/services/tenant.service.d.ts +35 -0
- package/src/lib/tenant/services/tenant.service.d.ts.map +1 -0
- package/src/lib/tenant/services/{tenant.service.ts → tenant.service.js} +83 -137
- package/src/lib/tenant/tenant.module.d.ts +3 -0
- package/src/lib/tenant/tenant.module.d.ts.map +1 -0
- package/src/lib/tenant/tenant.module.js +26 -0
- package/src/lib/user/dto/requests/update-user.dto.d.ts +6 -0
- package/src/lib/user/dto/requests/update-user.dto.d.ts.map +1 -0
- package/src/lib/user/dto/requests/update-user.dto.js +23 -0
- package/src/lib/user/entities/access-key.entity.d.ts +17 -0
- package/src/lib/user/entities/access-key.entity.d.ts.map +1 -0
- package/src/lib/user/entities/access-key.entity.js +62 -0
- package/src/lib/user/entities/identity.entity.d.ts +13 -0
- package/src/lib/user/entities/identity.entity.d.ts.map +1 -0
- package/src/lib/user/entities/identity.entity.js +46 -0
- package/src/lib/user/entities/user.entity.d.ts +40 -0
- package/src/lib/user/entities/user.entity.d.ts.map +1 -0
- package/src/lib/user/entities/user.entity.js +218 -0
- package/src/lib/user/events/user-created.event.d.ts +10 -0
- package/src/lib/user/events/user-created.event.d.ts.map +1 -0
- package/src/lib/user/events/user-created.event.js +9 -0
- package/src/lib/user/events/user-deleted.event.d.ts +10 -0
- package/src/lib/user/events/user-deleted.event.d.ts.map +1 -0
- package/src/lib/user/events/user-deleted.event.js +9 -0
- package/src/lib/user/events/user-updated.event.d.ts +11 -0
- package/src/lib/user/events/user-updated.event.d.ts.map +1 -0
- package/src/lib/user/events/user-updated.event.js +9 -0
- package/src/lib/user/{index.ts → index.d.ts} +1 -5
- package/src/lib/user/index.d.ts.map +1 -0
- package/src/lib/user/index.js +12 -0
- package/src/lib/user/services/access-key.service.d.ts +20 -0
- package/src/lib/user/services/access-key.service.d.ts.map +1 -0
- package/src/lib/user/services/access-key.service.js +121 -0
- package/src/lib/user/services/user.service.d.ts +28 -0
- package/src/lib/user/services/user.service.d.ts.map +1 -0
- package/src/lib/user/services/{user.service.ts → user.service.js} +92 -164
- package/src/lib/user/user.module.d.ts +3 -0
- package/src/lib/user/user.module.d.ts.map +1 -0
- package/src/lib/user/user.module.js +33 -0
- package/src/lib/utils/database.utils.d.ts +3 -0
- package/src/lib/utils/database.utils.d.ts.map +1 -0
- package/src/lib/utils/database.utils.js +7 -0
- package/src/lib/utils/date.util.d.ts +41 -0
- package/src/lib/utils/date.util.d.ts.map +1 -0
- package/src/lib/utils/{date.util.ts → date.util.js} +28 -35
- package/src/lib/utils/device.util.d.ts +50 -0
- package/src/lib/utils/device.util.d.ts.map +1 -0
- package/src/lib/utils/device.util.js +114 -0
- package/src/lib/utils/{index.ts → index.d.ts} +1 -0
- package/src/lib/utils/index.d.ts.map +1 -0
- package/src/lib/utils/index.js +9 -0
- package/src/lib/utils/otp.d.ts +2 -0
- package/src/lib/utils/otp.d.ts.map +1 -0
- package/src/lib/utils/otp.js +6 -0
- package/src/lib/utils/security.util.d.ts +11 -0
- package/src/lib/utils/security.util.d.ts.map +1 -0
- package/src/lib/utils/{security.util.ts → security.util.js} +10 -9
- package/src/lib/utils/slug.util.d.ts +38 -0
- package/src/lib/utils/slug.util.d.ts.map +1 -0
- package/src/lib/utils/{slug.util.ts → slug.util.js} +10 -9
- package/eslint.config.mjs +0 -59
- package/jest.config.ts +0 -10
- package/project.json +0 -86
- package/src/lib/admin-console/admin-console.module.ts +0 -62
- package/src/lib/admin-console/controllers/admin-auth.controller.ts +0 -339
- package/src/lib/admin-console/controllers/admin-console.controller.ts +0 -82
- package/src/lib/admin-console/controllers/admin-permissions.controller.ts +0 -180
- package/src/lib/admin-console/controllers/admin-roles.controller.ts +0 -89
- package/src/lib/admin-console/controllers/admin-tenants.controller.ts +0 -68
- package/src/lib/admin-console/controllers/admin-users.controller.ts +0 -379
- package/src/lib/admin-console/decorators/current-admin.decorator.ts +0 -9
- package/src/lib/admin-console/dto/admin-permission.dto.ts +0 -106
- package/src/lib/admin-console/dto/admin-role.dto.ts +0 -45
- package/src/lib/admin-console/dto/admin-tenant.dto.ts +0 -43
- package/src/lib/admin-console/dto/admin-user.dto.ts +0 -87
- package/src/lib/admin-console/dto/create-dashboard-admin.dto.ts +0 -34
- package/src/lib/admin-console/dto/login.dto.ts +0 -10
- package/src/lib/admin-console/dto/reset-password.dto.ts +0 -21
- package/src/lib/admin-console/dto/setup-admin.dto.ts +0 -23
- package/src/lib/admin-console/dto/signup.dto.ts +0 -51
- package/src/lib/admin-console/entities/admin-user.entity.ts +0 -74
- package/src/lib/admin-console/guards/admin-session.guard.ts +0 -47
- package/src/lib/admin-console/services/admin-auth.service.ts +0 -82
- package/src/lib/admin-console/services/admin-console-config.service.ts +0 -62
- package/src/lib/admin-console/services/admin-session.service.ts +0 -106
- package/src/lib/admin-console/services/admin-user.service.ts +0 -96
- package/src/lib/auth/auth.module.ts +0 -58
- package/src/lib/auth/controllers/auth.controller.ts +0 -393
- package/src/lib/auth/controllers/mfa.controller.ts +0 -200
- package/src/lib/auth/dto/credentials/email-credentials.dto.ts +0 -24
- package/src/lib/auth/dto/credentials/phone-credentials.dto.ts +0 -24
- package/src/lib/auth/dto/credentials/social-credentials.dto.ts +0 -15
- package/src/lib/auth/dto/index.ts +0 -1
- package/src/lib/auth/dto/requests/change-password.request.dto.ts +0 -34
- package/src/lib/auth/dto/requests/forgot-password.request.dto.ts +0 -30
- package/src/lib/auth/dto/requests/initialize-admin.request.dto.ts +0 -51
- package/src/lib/auth/dto/requests/login.request.dto.ts +0 -65
- package/src/lib/auth/dto/requests/refresh-token.request.dto.ts +0 -12
- package/src/lib/auth/dto/requests/reset-password-with-token.request.dto.ts +0 -22
- package/src/lib/auth/dto/requests/reset-password.request.dto.ts +0 -50
- package/src/lib/auth/dto/requests/send-email-verification.request.dto.ts +0 -12
- package/src/lib/auth/dto/requests/send-mfa-code.request.dto.ts +0 -19
- package/src/lib/auth/dto/requests/signup.request.dto.ts +0 -42
- package/src/lib/auth/dto/requests/toggle-mfa.request.dto.ts +0 -12
- package/src/lib/auth/dto/requests/verify-2fa.request.dto.ts +0 -24
- package/src/lib/auth/dto/requests/verify-email.request.dto.ts +0 -22
- package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.ts +0 -41
- package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.ts +0 -22
- package/src/lib/auth/dto/responses/auth.response.dto.ts +0 -99
- package/src/lib/auth/dto/responses/client-config.response.dto.ts +0 -153
- package/src/lib/auth/dto/responses/initialize-admin.response.dto.ts +0 -22
- package/src/lib/auth/dto/responses/mfa-code-response.dto.ts +0 -27
- package/src/lib/auth/dto/responses/mfa-status.response.dto.ts +0 -89
- package/src/lib/auth/dto/responses/verify-otp.response.dto.ts +0 -9
- package/src/lib/auth/entities/mfa-secret.entity.ts +0 -33
- package/src/lib/auth/entities/otp.entity.ts +0 -33
- package/src/lib/auth/services/cookie.service.ts +0 -43
- package/src/lib/auth.constants.ts +0 -63
- package/src/lib/core/core.module.ts +0 -50
- package/src/lib/core/decorators/permissions.decorator.ts +0 -17
- package/src/lib/core/decorators/role.decorator.ts +0 -12
- package/src/lib/core/decorators/skip-mfa.decorator.ts +0 -4
- package/src/lib/core/dto/message.response.dto.ts +0 -6
- package/src/lib/core/interfaces/mfa-options.interface.ts +0 -46
- package/src/lib/core/interfaces/otp.interface.ts +0 -6
- package/src/lib/core/interfaces/session-options.interface.ts +0 -19
- package/src/lib/core/providers/apple-auth.provider.ts +0 -61
- package/src/lib/core/providers/base-auth.provider.ts +0 -74
- package/src/lib/core/providers/email-auth.provider.ts +0 -71
- package/src/lib/core/providers/facebook-auth.provider.ts +0 -55
- package/src/lib/core/providers/google-auth.provider.ts +0 -61
- package/src/lib/core/providers/jwt-auth.provider.ts +0 -50
- package/src/lib/core/providers/phone-auth.provider.ts +0 -45
- package/src/lib/core/services/auth-config.service.ts +0 -184
- package/src/lib/core/services/auth-provider-registry.service.ts +0 -93
- package/src/lib/core/services/initialization.service.ts +0 -29
- package/src/lib/core/services/jwt.service.ts +0 -137
- package/src/lib/nest-auth.module.ts +0 -152
- package/src/lib/permission/entities/permission.entity.ts +0 -56
- package/src/lib/permission/permission.module.ts +0 -14
- package/src/lib/request-context/request-context.middleware.ts +0 -13
- package/src/lib/role/entities/role.entity.ts +0 -103
- package/src/lib/role/role.module.ts +0 -15
- package/src/lib/session/entities/session.entity.ts +0 -54
- package/src/lib/session/repositories/typeorm-session.repository.ts +0 -86
- package/src/lib/session/session.module.ts +0 -102
- package/src/lib/tenant/events/tenant-created.event.ts +0 -9
- package/src/lib/tenant/events/tenant-deleted.event.ts +0 -11
- package/src/lib/tenant/events/tenant-updated.event.ts +0 -12
- package/src/lib/tenant/tenant.module.ts +0 -19
- package/src/lib/types/express.d.ts +0 -14
- package/src/lib/user/dto/requests/update-user.dto.ts +0 -15
- package/src/lib/user/entities/access-key.entity.ts +0 -53
- package/src/lib/user/entities/identity.entity.ts +0 -31
- package/src/lib/user/entities/user.entity.ts +0 -212
- package/src/lib/user/events/user-created.event.ts +0 -10
- package/src/lib/user/events/user-deleted.event.ts +0 -12
- package/src/lib/user/events/user-updated.event.ts +0 -13
- package/src/lib/user/services/access-key.service.ts +0 -145
- package/src/lib/user/user.module.ts +0 -26
- package/src/lib/utils/database.utils.ts +0 -6
- package/src/lib/utils/device.util.ts +0 -111
- package/src/lib/utils/otp.ts +0 -3
- package/src/types/ms.d.ts +0 -1
- package/test/access-key.service.spec.ts +0 -204
- package/test/auth.service.spec.ts +0 -541
- package/test/mfa.service.spec.ts +0 -359
- package/test/role.service.spec.ts +0 -418
- package/test/tenant.service.spec.ts +0 -218
- package/test/test.setup.ts +0 -66
- package/test/user.service.spec.ts +0 -374
- package/tsconfig.json +0 -17
- package/tsconfig.lib.json +0 -15
- package/tsconfig.spec.json +0 -15
- package/tsconfig.tsbuildinfo +0 -1
- package/ui/.env +0 -1
- package/ui/.env.example +0 -1
- package/ui/.eslintignore +0 -7
- package/ui/README.md +0 -288
- package/ui/index.html +0 -17
- package/ui/package.json +0 -34
- package/ui/postcss.config.js +0 -6
- package/ui/src/App.tsx +0 -245
- package/ui/src/components/AuthGuard.tsx +0 -59
- package/ui/src/components/AuthProvider.tsx +0 -76
- package/ui/src/components/Button.tsx +0 -37
- package/ui/src/components/Card.tsx +0 -37
- package/ui/src/components/ErrorMessage.tsx +0 -15
- package/ui/src/components/FormDialog.tsx +0 -61
- package/ui/src/components/FormFooter.tsx +0 -37
- package/ui/src/components/Layout.tsx +0 -112
- package/ui/src/components/LoadingMessage.tsx +0 -11
- package/ui/src/components/Modal.tsx +0 -97
- package/ui/src/components/MultiSelect.tsx +0 -145
- package/ui/src/components/PageHeader.tsx +0 -42
- package/ui/src/components/PanelHeader.tsx +0 -28
- package/ui/src/components/PermissionInput.tsx +0 -473
- package/ui/src/components/SearchInput.tsx +0 -69
- package/ui/src/components/Select.tsx +0 -51
- package/ui/src/components/SwaggerUIWrapper.tsx +0 -316
- package/ui/src/components/Table.tsx +0 -207
- package/ui/src/components/Tag.tsx +0 -9
- package/ui/src/components/TagsInput.tsx +0 -96
- package/ui/src/components/admin/AdminForm.tsx +0 -170
- package/ui/src/components/admin/CreateAdminDialog.tsx +0 -38
- package/ui/src/components/auth/LoginFooter.tsx +0 -17
- package/ui/src/components/auth/LoginHeader.tsx +0 -14
- package/ui/src/components/auth/components/CodeBlock.tsx +0 -43
- package/ui/src/components/auth/components/CreateAccountCodeExamples.tsx +0 -60
- package/ui/src/components/auth/components/PasswordRequirements.tsx +0 -16
- package/ui/src/components/auth/components/PasswordStrengthIndicator.tsx +0 -48
- package/ui/src/components/auth/components/ResetPasswordCodeExamples.tsx +0 -76
- package/ui/src/components/auth/components/Tabs.tsx +0 -32
- package/ui/src/components/auth/dialogs/CreateAccountDialog.tsx +0 -79
- package/ui/src/components/auth/dialogs/ForgotPasswordDialog.tsx +0 -79
- package/ui/src/components/auth/forms/CreateAccountForm.tsx +0 -226
- package/ui/src/components/auth/forms/LoginForm.tsx +0 -149
- package/ui/src/components/auth/forms/ResetPasswordForm.tsx +0 -202
- package/ui/src/components/auth/types.ts +0 -17
- package/ui/src/components/auth/utils/security.ts +0 -82
- package/ui/src/components/auth/utils/utils.ts +0 -25
- package/ui/src/components/form/EmailField.tsx +0 -25
- package/ui/src/components/form/FormField.tsx +0 -102
- package/ui/src/components/form/FormMultiSelect.tsx +0 -46
- package/ui/src/components/form/FormSelect.tsx +0 -60
- package/ui/src/components/form/FormTagsInput.tsx +0 -42
- package/ui/src/components/form/FormTextarea.tsx +0 -42
- package/ui/src/components/form/PasswordField.tsx +0 -93
- package/ui/src/components/form/SecretKeyField.tsx +0 -49
- package/ui/src/components/permission/CreatePermissionDialog.tsx +0 -44
- package/ui/src/components/permission/EditPermissionDialog.tsx +0 -55
- package/ui/src/components/permission/PermissionForm.tsx +0 -251
- package/ui/src/components/role/CreateRoleDialog.tsx +0 -45
- package/ui/src/components/role/EditRoleDialog.tsx +0 -55
- package/ui/src/components/role/RoleDialog.tsx +0 -252
- package/ui/src/components/role/RoleForm.tsx +0 -246
- package/ui/src/components/tenant/CreateTenantDialog.tsx +0 -41
- package/ui/src/components/tenant/EditTenantDialog.tsx +0 -52
- package/ui/src/components/tenant/TenantForm.tsx +0 -160
- package/ui/src/components/user/CreateUserDialog.tsx +0 -45
- package/ui/src/components/user/UserDetailModal.tsx +0 -815
- package/ui/src/components/user/UserForm.tsx +0 -191
- package/ui/src/data/nest-auth.json +0 -1687
- package/ui/src/hooks/useApi.ts +0 -69
- package/ui/src/hooks/useAuth.ts +0 -100
- package/ui/src/hooks/useConfirm.tsx +0 -105
- package/ui/src/hooks/useFormFooter.tsx +0 -42
- package/ui/src/hooks/usePagination.ts +0 -69
- package/ui/src/index.css +0 -59
- package/ui/src/main.tsx +0 -13
- package/ui/src/pages/AdminsPage.tsx +0 -178
- package/ui/src/pages/ApiPage.tsx +0 -89
- package/ui/src/pages/DashboardPage.tsx +0 -281
- package/ui/src/pages/LoginPage.tsx +0 -39
- package/ui/src/pages/PermissionsPage.tsx +0 -376
- package/ui/src/pages/RolesPage.tsx +0 -274
- package/ui/src/pages/TenantsPage.tsx +0 -221
- package/ui/src/pages/UsersPage.tsx +0 -387
- package/ui/src/services/api.ts +0 -115
- package/ui/src/types/index.ts +0 -136
- package/ui/src/vite-env.d.ts +0 -9
- package/ui/tailwind.config.js +0 -45
- package/ui/tsconfig.json +0 -24
- package/ui/tsconfig.node.json +0 -10
- package/ui/vite.config.ts +0 -37
- package/ui/yarn.lock +0 -3137
|
@@ -1,82 +1,46 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
import { TenantService } from '../../tenant/services/tenant.service';
|
|
43
|
-
import { DebugLoggerService } from '../../core/services/debug-logger.service';
|
|
44
|
-
import moment from 'moment';
|
|
45
|
-
import { VerifyForgotPasswordOtpRequestDto } from '../dto/requests/verify-forgot-password-otp-request-dto';
|
|
46
|
-
import { ResetPasswordWithTokenRequestDto } from '../dto/requests/reset-password-with-token.request.dto';
|
|
47
|
-
import { ChangePasswordRequestDto } from '../dto/requests/change-password.request.dto';
|
|
48
|
-
import { VerifyOtpResponseDto } from '../dto/responses/verify-otp.response.dto';
|
|
49
|
-
import { SendEmailVerificationRequestDto } from '../dto/requests/send-email-verification.request.dto';
|
|
50
|
-
import { VerifyEmailRequestDto } from '../dto/requests/verify-email.request.dto';
|
|
51
|
-
|
|
52
|
-
@Injectable()
|
|
53
|
-
export class AuthService {
|
|
54
|
-
|
|
55
|
-
constructor(
|
|
56
|
-
@InjectRepository(NestAuthUser)
|
|
57
|
-
private readonly userRepository: Repository<NestAuthUser>,
|
|
58
|
-
|
|
59
|
-
@InjectRepository(NestAuthOTP)
|
|
60
|
-
private otpRepository: Repository<NestAuthOTP>,
|
|
61
|
-
|
|
62
|
-
private readonly authProviderRegistry: AuthProviderRegistryService,
|
|
63
|
-
|
|
64
|
-
private readonly mfaService: MfaService,
|
|
65
|
-
|
|
66
|
-
private readonly sessionManager: SessionManagerService,
|
|
67
|
-
|
|
68
|
-
private readonly jwtService: JwtService,
|
|
69
|
-
|
|
70
|
-
private readonly eventEmitter: EventEmitter2,
|
|
71
|
-
|
|
72
|
-
private readonly tenantService: TenantService,
|
|
73
|
-
|
|
74
|
-
private readonly debugLogger: DebugLoggerService,
|
|
75
|
-
) {
|
|
76
|
-
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AuthService = void 0;
|
|
4
|
+
const tslib_1 = require("tslib");
|
|
5
|
+
const common_1 = require("@nestjs/common");
|
|
6
|
+
const typeorm_1 = require("@nestjs/typeorm");
|
|
7
|
+
const typeorm_2 = require("typeorm");
|
|
8
|
+
const user_entity_1 = require("../../user/entities/user.entity");
|
|
9
|
+
const otp_entity_1 = require("../../auth/entities/otp.entity");
|
|
10
|
+
const otp_interface_1 = require("../../core/interfaces/otp.interface");
|
|
11
|
+
const auth_constants_1 = require("../../auth.constants");
|
|
12
|
+
const typeorm_3 = require("typeorm");
|
|
13
|
+
const mfa_service_1 = require("./mfa.service");
|
|
14
|
+
const jwt_service_1 = require("../../core/services/jwt.service");
|
|
15
|
+
const event_emitter_1 = require("@nestjs/event-emitter");
|
|
16
|
+
const session_manager_service_1 = require("../../session/services/session-manager.service");
|
|
17
|
+
const request_context_1 = require("../../request-context/request-context");
|
|
18
|
+
const otp_1 = require("../../utils/otp");
|
|
19
|
+
const user_registered_event_1 = require("../events/user-registered.event");
|
|
20
|
+
const user_logged_in_event_1 = require("../events/user-logged-in.event");
|
|
21
|
+
const user_2fa_verified_event_1 = require("../events/user-2fa-verified.event");
|
|
22
|
+
const user_refresh_token_event_1 = require("../events/user-refresh-token.event");
|
|
23
|
+
const logged_out_event_1 = require("../events/logged-out.event");
|
|
24
|
+
const logged_out_all_event_1 = require("../events/logged-out-all.event");
|
|
25
|
+
const password_reset_requested_event_1 = require("../events/password-reset-requested.event");
|
|
26
|
+
const password_reset_event_1 = require("../events/password-reset.event");
|
|
27
|
+
const auth_provider_registry_service_1 = require("../../core/services/auth-provider-registry.service");
|
|
28
|
+
const tenant_service_1 = require("../../tenant/services/tenant.service");
|
|
29
|
+
const debug_logger_service_1 = require("../../core/services/debug-logger.service");
|
|
30
|
+
const moment_1 = tslib_1.__importDefault(require("moment"));
|
|
31
|
+
let AuthService = class AuthService {
|
|
32
|
+
constructor(userRepository, otpRepository, authProviderRegistry, mfaService, sessionManager, jwtService, eventEmitter, tenantService, debugLogger) {
|
|
33
|
+
this.userRepository = userRepository;
|
|
34
|
+
this.otpRepository = otpRepository;
|
|
35
|
+
this.authProviderRegistry = authProviderRegistry;
|
|
36
|
+
this.mfaService = mfaService;
|
|
37
|
+
this.sessionManager = sessionManager;
|
|
38
|
+
this.jwtService = jwtService;
|
|
39
|
+
this.eventEmitter = eventEmitter;
|
|
40
|
+
this.tenantService = tenantService;
|
|
41
|
+
this.debugLogger = debugLogger;
|
|
77
42
|
}
|
|
78
|
-
|
|
79
|
-
getUserWithRolesAndPermissions(userId: string, relations: string[] = []): Promise<NestAuthUser> {
|
|
43
|
+
getUserWithRolesAndPermissions(userId, relations = []) {
|
|
80
44
|
return this.userRepository.findOne({
|
|
81
45
|
where: { id: userId },
|
|
82
46
|
relations: [
|
|
@@ -85,62 +49,50 @@ export class AuthService {
|
|
|
85
49
|
],
|
|
86
50
|
});
|
|
87
51
|
}
|
|
88
|
-
|
|
89
52
|
async getUser() {
|
|
90
|
-
const user = RequestContext.currentUser();
|
|
53
|
+
const user = request_context_1.RequestContext.currentUser();
|
|
91
54
|
if (!user) {
|
|
92
|
-
return null
|
|
55
|
+
return null;
|
|
93
56
|
}
|
|
94
57
|
return this.getUserWithRolesAndPermissions(user.id);
|
|
95
58
|
}
|
|
96
|
-
|
|
97
|
-
async signup(input: SignupRequestDto): Promise<AuthResponseDto> {
|
|
59
|
+
async signup(input) {
|
|
98
60
|
this.debugLogger.logFunctionEntry('signup', 'AuthService', { email: input.email, phone: input.phone, hasPassword: !!input.password });
|
|
99
|
-
|
|
100
61
|
try {
|
|
101
|
-
|
|
102
62
|
const { email, phone, password } = input;
|
|
103
|
-
|
|
104
63
|
let { tenantId = null } = input;
|
|
105
|
-
|
|
106
64
|
// Resolve tenant ID - use provided or default
|
|
107
65
|
tenantId = await this.tenantService.resolveTenantId(tenantId);
|
|
108
66
|
this.debugLogger.logAuthOperation('signup', 'email|phone', undefined, { email, phone, resolvedTenantId: tenantId });
|
|
109
|
-
|
|
110
67
|
if (!email && !phone) {
|
|
111
68
|
this.debugLogger.error('Signup failed: Neither email nor phone provided', 'AuthService');
|
|
112
|
-
throw new BadRequestException('Either email or phone must be provided');
|
|
69
|
+
throw new common_1.BadRequestException('Either email or phone must be provided');
|
|
113
70
|
}
|
|
114
|
-
|
|
115
|
-
let
|
|
116
|
-
let providerUserId: string | null = null;
|
|
117
|
-
|
|
71
|
+
let provider = null;
|
|
72
|
+
let providerUserId = null;
|
|
118
73
|
if (email) {
|
|
119
|
-
provider = this.authProviderRegistry.getProvider(EMAIL_AUTH_PROVIDER);
|
|
74
|
+
provider = this.authProviderRegistry.getProvider(auth_constants_1.EMAIL_AUTH_PROVIDER);
|
|
120
75
|
providerUserId = email;
|
|
121
|
-
}
|
|
122
|
-
|
|
76
|
+
}
|
|
77
|
+
else if (phone) {
|
|
78
|
+
provider = this.authProviderRegistry.getProvider(auth_constants_1.PHONE_AUTH_PROVIDER);
|
|
123
79
|
providerUserId = phone;
|
|
124
80
|
}
|
|
125
|
-
|
|
126
81
|
if (!provider) {
|
|
127
82
|
this.debugLogger.error('Provider not found for signup', 'AuthService', { email: !!email, phone: !!phone });
|
|
128
|
-
throw new InternalServerErrorException('Phone or email authentication is not enabled');
|
|
83
|
+
throw new common_1.InternalServerErrorException('Phone or email authentication is not enabled');
|
|
129
84
|
}
|
|
130
|
-
|
|
131
85
|
this.debugLogger.debug('Checking for existing identity', 'AuthService', { providerUserId });
|
|
132
86
|
const identity = await provider.findIdentity(providerUserId);
|
|
133
|
-
|
|
134
87
|
if (identity) {
|
|
135
88
|
this.debugLogger.warn('Identity already exists', 'AuthService', { email: !!email, phone: !!phone, tenantId });
|
|
136
89
|
if (email) {
|
|
137
|
-
throw new BadRequestException('Email already exists in this tenant');
|
|
90
|
+
throw new common_1.BadRequestException('Email already exists in this tenant');
|
|
138
91
|
}
|
|
139
92
|
if (phone) {
|
|
140
|
-
throw new BadRequestException('Phone number already exists in this tenant');
|
|
93
|
+
throw new common_1.BadRequestException('Phone number already exists in this tenant');
|
|
141
94
|
}
|
|
142
95
|
}
|
|
143
|
-
|
|
144
96
|
this.debugLogger.debug('Creating new user', 'AuthService', { email: !!email, phone: !!phone, tenantId });
|
|
145
97
|
let user = this.userRepository.create({
|
|
146
98
|
email,
|
|
@@ -151,140 +103,108 @@ export class AuthService {
|
|
|
151
103
|
await user.setPassword(password);
|
|
152
104
|
await this.userRepository.save(user);
|
|
153
105
|
this.debugLogger.info('User created successfully', 'AuthService', { userId: user.id, tenantId });
|
|
154
|
-
|
|
155
106
|
user = await this.getUserWithRolesAndPermissions(user.id);
|
|
156
|
-
|
|
157
107
|
this.debugLogger.debug('Linking user to provider', 'AuthService', { userId: user.id, providerName: provider.providerName });
|
|
158
108
|
await provider.linkToUser(user.id, providerUserId);
|
|
159
|
-
|
|
160
109
|
this.debugLogger.debug('Creating session for new user', 'AuthService', { userId: user.id });
|
|
161
110
|
const session = await this.sessionManager.createSessionFromUser(user);
|
|
162
111
|
const tokens = await this.generateTokensFromSession(session);
|
|
163
112
|
const isRequiresMfa = await this.mfaService.isRequiresMfa(user.id);
|
|
164
113
|
this.debugLogger.debug('Signup tokens generated', 'AuthService', { userId: user.id, isRequiresMfa });
|
|
165
|
-
|
|
166
114
|
// Emit registration event
|
|
167
115
|
this.debugLogger.debug('Emitting user registration event', 'AuthService', { userId: user.id });
|
|
168
|
-
await this.eventEmitter.emitAsync(
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
isRequiresMfa
|
|
178
|
-
})
|
|
179
|
-
);
|
|
180
|
-
|
|
116
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.REGISTERED, new user_registered_event_1.UserRegisteredEvent({
|
|
117
|
+
user,
|
|
118
|
+
tenantId: user.tenantId,
|
|
119
|
+
input,
|
|
120
|
+
provider,
|
|
121
|
+
session,
|
|
122
|
+
tokens,
|
|
123
|
+
isRequiresMfa
|
|
124
|
+
}));
|
|
181
125
|
this.debugLogger.logFunctionExit('signup', 'AuthService', { userId: user.id, isRequiresMfa });
|
|
182
126
|
return {
|
|
183
127
|
accessToken: tokens.accessToken,
|
|
184
128
|
refreshToken: tokens.refreshToken,
|
|
185
129
|
isRequiresMfa: isRequiresMfa,
|
|
186
130
|
};
|
|
187
|
-
|
|
188
|
-
|
|
131
|
+
}
|
|
132
|
+
catch (error) {
|
|
189
133
|
this.debugLogger.logError(error, 'signup', { email: input.email, phone: input.phone });
|
|
190
134
|
throw error;
|
|
191
135
|
}
|
|
192
136
|
}
|
|
193
|
-
|
|
194
|
-
async login(input: LoginRequestDto): Promise<AuthResponseDto> {
|
|
137
|
+
async login(input) {
|
|
195
138
|
const { credentials, providerName, createUserIfNotExists = false } = input;
|
|
196
139
|
this.debugLogger.logFunctionEntry('login', 'AuthService', { providerName, createUserIfNotExists });
|
|
197
140
|
let { tenantId = null } = input;
|
|
198
|
-
|
|
199
141
|
// Resolve tenant ID - use provided or default
|
|
200
142
|
tenantId = await this.tenantService.resolveTenantId(tenantId);
|
|
201
143
|
this.debugLogger.logAuthOperation('login', providerName, undefined, { resolvedTenantId: tenantId, createUserIfNotExists });
|
|
202
|
-
|
|
203
144
|
const provider = this.authProviderRegistry.getProvider(providerName);
|
|
204
|
-
|
|
205
145
|
if (!provider) {
|
|
206
|
-
throw new UnauthorizedException('Invalid authentication providerName or provider is not enabled');
|
|
146
|
+
throw new common_1.UnauthorizedException('Invalid authentication providerName or provider is not enabled');
|
|
207
147
|
}
|
|
208
|
-
|
|
209
148
|
const requiredFields = provider.getRequiredFields();
|
|
210
|
-
|
|
211
149
|
if (!requiredFields.every(field => credentials[field])) {
|
|
212
|
-
throw new BadRequestException(`Missing ${requiredFields.join(', ')} required fields`);
|
|
150
|
+
throw new common_1.BadRequestException(`Missing ${requiredFields.join(', ')} required fields`);
|
|
213
151
|
}
|
|
214
|
-
|
|
215
152
|
const authProviderUser = await provider.validate(credentials);
|
|
216
|
-
|
|
217
153
|
const identity = await provider.findIdentity(authProviderUser.userId);
|
|
218
|
-
|
|
219
|
-
let user: NestAuthUser | null = identity?.user || null;
|
|
220
|
-
|
|
154
|
+
let user = identity?.user || null;
|
|
221
155
|
if (!user) {
|
|
222
156
|
if (!createUserIfNotExists) {
|
|
223
|
-
throw new UnauthorizedException('Invalid credentials');
|
|
157
|
+
throw new common_1.UnauthorizedException('Invalid credentials');
|
|
224
158
|
}
|
|
225
159
|
// Create new user if not exists and link to provider
|
|
226
160
|
user = await this.handleSocialLogin(provider, authProviderUser, tenantId);
|
|
227
161
|
}
|
|
228
|
-
|
|
229
162
|
if (user.isActive === false) {
|
|
230
|
-
throw new UnauthorizedException({
|
|
163
|
+
throw new common_1.UnauthorizedException({
|
|
231
164
|
message: 'Your account is suspended, please contact support',
|
|
232
|
-
code: USER_NOT_ACTIVE_ERROR,
|
|
165
|
+
code: auth_constants_1.USER_NOT_ACTIVE_ERROR,
|
|
233
166
|
});
|
|
234
167
|
}
|
|
235
|
-
|
|
236
168
|
user = await this.getUserWithRolesAndPermissions(user.id);
|
|
237
|
-
|
|
238
169
|
const session = await this.sessionManager.createSessionFromUser(user);
|
|
239
170
|
const tokens = await this.generateTokensFromSession(session);
|
|
240
|
-
|
|
241
171
|
const isRequiresMfa = await this.mfaService.isRequiresMfa(user.id);
|
|
242
|
-
|
|
243
172
|
// Emit login event
|
|
244
|
-
await this.eventEmitter.emitAsync(
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
isRequiresMfa
|
|
254
|
-
})
|
|
255
|
-
);
|
|
256
|
-
|
|
173
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.LOGGED_IN, new user_logged_in_event_1.UserLoggedInEvent({
|
|
174
|
+
user,
|
|
175
|
+
tenantId: user.tenantId,
|
|
176
|
+
input,
|
|
177
|
+
provider,
|
|
178
|
+
session,
|
|
179
|
+
tokens,
|
|
180
|
+
isRequiresMfa
|
|
181
|
+
}));
|
|
257
182
|
return {
|
|
258
183
|
accessToken: tokens.accessToken,
|
|
259
184
|
refreshToken: tokens.refreshToken,
|
|
260
185
|
isRequiresMfa: isRequiresMfa,
|
|
261
186
|
};
|
|
262
187
|
}
|
|
263
|
-
|
|
264
|
-
async verify2fa(input: Verify2faRequestDto) {
|
|
188
|
+
async verify2fa(input) {
|
|
265
189
|
this.debugLogger.logFunctionEntry('verify2fa', 'AuthService', { method: input.method });
|
|
266
|
-
|
|
267
190
|
try {
|
|
268
|
-
const session = RequestContext.currentSession();
|
|
269
|
-
|
|
191
|
+
const session = request_context_1.RequestContext.currentSession();
|
|
270
192
|
if (!session) {
|
|
271
193
|
this.debugLogger.error('Session not found for 2FA verification', 'AuthService');
|
|
272
|
-
throw new UnauthorizedException({
|
|
194
|
+
throw new common_1.UnauthorizedException({
|
|
273
195
|
message: 'Session not found',
|
|
274
|
-
code: SESSION_NOT_FOUND_ERROR,
|
|
196
|
+
code: auth_constants_1.SESSION_NOT_FOUND_ERROR,
|
|
275
197
|
});
|
|
276
198
|
}
|
|
277
|
-
|
|
278
199
|
this.debugLogger.debug('Verifying MFA code', 'AuthService', { userId: session.userId, method: input.method });
|
|
279
200
|
const isValid = await this.mfaService.verifyMfa(session.userId, input.otp, input.method);
|
|
280
201
|
if (!isValid) {
|
|
281
202
|
this.debugLogger.warn('Invalid MFA code provided', 'AuthService', { userId: session.userId, method: input.method });
|
|
282
|
-
throw new UnauthorizedException({
|
|
203
|
+
throw new common_1.UnauthorizedException({
|
|
283
204
|
message: 'Invalid MFA code',
|
|
284
|
-
code: INVALID_MFA_EXCEPTION_CODE,
|
|
205
|
+
code: auth_constants_1.INVALID_MFA_EXCEPTION_CODE,
|
|
285
206
|
});
|
|
286
207
|
}
|
|
287
|
-
|
|
288
208
|
this.debugLogger.debug('Updating session with MFA verification', 'AuthService', { sessionId: session.id });
|
|
289
209
|
const payload = await this.sessionManager.updateSession(session.id, {
|
|
290
210
|
data: {
|
|
@@ -293,63 +213,43 @@ export class AuthService {
|
|
|
293
213
|
}
|
|
294
214
|
});
|
|
295
215
|
const tokens = await this.generateTokensFromSession(payload);
|
|
296
|
-
|
|
297
216
|
const user = await this.getUser();
|
|
298
|
-
|
|
299
217
|
// Emit 2FA verified event
|
|
300
218
|
this.debugLogger.debug('Emitting 2FA verified event', 'AuthService', { userId: user.id });
|
|
301
|
-
await this.eventEmitter.emitAsync(
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
tokens
|
|
309
|
-
})
|
|
310
|
-
);
|
|
311
|
-
|
|
219
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.TWO_FACTOR_VERIFIED, new user_2fa_verified_event_1.User2faVerifiedEvent({
|
|
220
|
+
user,
|
|
221
|
+
tenantId: user.tenantId,
|
|
222
|
+
input,
|
|
223
|
+
session,
|
|
224
|
+
tokens
|
|
225
|
+
}));
|
|
312
226
|
this.debugLogger.logFunctionExit('verify2fa', 'AuthService', { userId: user.id });
|
|
313
227
|
return {
|
|
314
228
|
accessToken: tokens.accessToken,
|
|
315
229
|
refreshToken: tokens.refreshToken,
|
|
316
230
|
};
|
|
317
|
-
|
|
318
|
-
|
|
231
|
+
}
|
|
232
|
+
catch (error) {
|
|
319
233
|
this.debugLogger.logError(error, 'verify2fa', { method: input.method });
|
|
320
234
|
throw error;
|
|
321
235
|
}
|
|
322
236
|
}
|
|
323
|
-
|
|
324
|
-
async send2faCode(userId: string, method: MFAMethodEnum) {
|
|
237
|
+
async send2faCode(userId, method) {
|
|
325
238
|
const user = await this.userRepository.findOne({ where: { id: userId } });
|
|
326
|
-
|
|
327
239
|
if (!user) {
|
|
328
|
-
throw new UnauthorizedException('User not found');
|
|
240
|
+
throw new common_1.UnauthorizedException('User not found');
|
|
329
241
|
}
|
|
330
|
-
|
|
331
242
|
await this.mfaService.sendMfaCode(user.id, method);
|
|
332
|
-
|
|
333
243
|
return true;
|
|
334
244
|
}
|
|
335
|
-
|
|
336
|
-
private async handleSocialLogin(
|
|
337
|
-
provider: BaseAuthProvider,
|
|
338
|
-
providerUser: AuthProviderUser,
|
|
339
|
-
tenantId?: string | null,
|
|
340
|
-
): Promise<NestAuthUser> {
|
|
341
|
-
|
|
245
|
+
async handleSocialLogin(provider, providerUser, tenantId) {
|
|
342
246
|
// Check if identity exists
|
|
343
247
|
let identity = await provider.findIdentity(providerUser.userId);
|
|
344
|
-
|
|
345
248
|
if (identity) {
|
|
346
249
|
return identity.user;
|
|
347
250
|
}
|
|
348
|
-
|
|
349
251
|
const linkUserWith = provider.linkUserWith();
|
|
350
|
-
|
|
351
252
|
let user = await this.userRepository.findOne({ where: { [linkUserWith]: providerUser.userId } });
|
|
352
|
-
|
|
353
253
|
if (!user) {
|
|
354
254
|
// Create new user
|
|
355
255
|
user = this.userRepository.create({
|
|
@@ -360,248 +260,199 @@ export class AuthService {
|
|
|
360
260
|
});
|
|
361
261
|
await this.userRepository.save(user);
|
|
362
262
|
}
|
|
363
|
-
|
|
364
263
|
await provider.linkToUser(user.id, providerUser.userId, providerUser.metadata || {});
|
|
365
|
-
|
|
366
264
|
return user;
|
|
367
265
|
}
|
|
368
|
-
|
|
369
|
-
async refreshToken(refreshToken: string) {
|
|
266
|
+
async refreshToken(refreshToken) {
|
|
370
267
|
this.debugLogger.logFunctionEntry('refreshToken', 'AuthService', { hasRefreshToken: !!refreshToken });
|
|
371
|
-
|
|
372
268
|
try {
|
|
373
269
|
if (!refreshToken) {
|
|
374
270
|
this.debugLogger.error('No refresh token provided', 'AuthService');
|
|
375
|
-
throw new UnauthorizedException({
|
|
271
|
+
throw new common_1.UnauthorizedException({
|
|
376
272
|
message: 'No refresh token provided',
|
|
377
|
-
code: REFRESH_TOKEN_INVALID,
|
|
273
|
+
code: auth_constants_1.REFRESH_TOKEN_INVALID,
|
|
378
274
|
});
|
|
379
275
|
}
|
|
380
|
-
|
|
381
276
|
this.debugLogger.debug('Verifying refresh token', 'AuthService');
|
|
382
|
-
let payload
|
|
277
|
+
let payload;
|
|
383
278
|
try {
|
|
384
279
|
payload = await this.jwtService.verifyToken(refreshToken);
|
|
385
|
-
}
|
|
280
|
+
}
|
|
281
|
+
catch (error) {
|
|
386
282
|
this.debugLogger.warn('Invalid or expired refresh token', 'AuthService');
|
|
387
|
-
throw new UnauthorizedException({
|
|
283
|
+
throw new common_1.UnauthorizedException({
|
|
388
284
|
message: 'Invalid or expired refresh token',
|
|
389
|
-
code: REFRESH_TOKEN_EXPIRED,
|
|
285
|
+
code: auth_constants_1.REFRESH_TOKEN_EXPIRED,
|
|
390
286
|
});
|
|
391
287
|
}
|
|
392
|
-
|
|
393
288
|
const session = await this.sessionManager.getSession(payload.sessionId);
|
|
394
|
-
|
|
395
289
|
if (!session) {
|
|
396
|
-
throw new UnauthorizedException({
|
|
290
|
+
throw new common_1.UnauthorizedException({
|
|
397
291
|
message: 'Invalid refresh token',
|
|
398
|
-
code: REFRESH_TOKEN_INVALID,
|
|
292
|
+
code: auth_constants_1.REFRESH_TOKEN_INVALID,
|
|
399
293
|
});
|
|
400
294
|
}
|
|
401
|
-
|
|
402
295
|
// Generate new session
|
|
403
296
|
const newSession = await this.sessionManager.createSessionFromSession(session);
|
|
404
|
-
|
|
405
297
|
// Revoke old session
|
|
406
298
|
await this.sessionManager.revokeSession(session.id);
|
|
407
|
-
|
|
408
299
|
// Generate new tokens
|
|
409
300
|
this.debugLogger.debug('Generating new tokens from refreshed session', 'AuthService', { sessionId: newSession.id });
|
|
410
301
|
const tokens = await this.generateTokensFromSession(newSession);
|
|
411
|
-
|
|
412
302
|
// Emit refresh token event
|
|
413
303
|
this.debugLogger.debug('Emitting refresh token event', 'AuthService', { sessionId: newSession.id });
|
|
414
|
-
await this.eventEmitter.emitAsync(
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
tokens,
|
|
420
|
-
})
|
|
421
|
-
);
|
|
422
|
-
|
|
304
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.REFRESH_TOKEN, new user_refresh_token_event_1.UserRefreshTokenEvent({
|
|
305
|
+
oldRefreshToken: refreshToken,
|
|
306
|
+
session: newSession,
|
|
307
|
+
tokens,
|
|
308
|
+
}));
|
|
423
309
|
this.debugLogger.logFunctionExit('refreshToken', 'AuthService', { sessionId: newSession.id });
|
|
424
310
|
return tokens;
|
|
425
|
-
|
|
426
|
-
|
|
311
|
+
}
|
|
312
|
+
catch (error) {
|
|
427
313
|
this.debugLogger.logError(error, 'refreshToken', { hasRefreshToken: !!refreshToken });
|
|
428
314
|
throw error;
|
|
429
315
|
}
|
|
430
316
|
}
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
async changePassword(input: ChangePasswordRequestDto): Promise<AuthResponseDto> {
|
|
317
|
+
async changePassword(input) {
|
|
434
318
|
this.debugLogger.logFunctionEntry('changePassword', 'AuthService');
|
|
435
|
-
|
|
436
319
|
try {
|
|
437
|
-
const currentUser = RequestContext.currentUser();
|
|
438
|
-
|
|
320
|
+
const currentUser = request_context_1.RequestContext.currentUser();
|
|
439
321
|
if (!currentUser?.id) {
|
|
440
|
-
throw new UnauthorizedException('User not found');
|
|
322
|
+
throw new common_1.UnauthorizedException('User not found');
|
|
441
323
|
}
|
|
442
|
-
|
|
443
324
|
const user = await this.userRepository.findOne({
|
|
444
325
|
where: { id: currentUser.id },
|
|
445
326
|
});
|
|
446
|
-
|
|
447
327
|
if (!user) {
|
|
448
|
-
throw new UnauthorizedException('User not found');
|
|
328
|
+
throw new common_1.UnauthorizedException('User not found');
|
|
449
329
|
}
|
|
450
|
-
|
|
451
330
|
const isValid = await user.validatePassword(input.currentPassword);
|
|
452
331
|
if (!isValid) {
|
|
453
|
-
throw new BadRequestException('Current password is incorrect');
|
|
332
|
+
throw new common_1.BadRequestException('Current password is incorrect');
|
|
454
333
|
}
|
|
455
|
-
|
|
456
334
|
if (input.currentPassword === input.newPassword) {
|
|
457
|
-
throw new BadRequestException('New password must be different from the current password');
|
|
335
|
+
throw new common_1.BadRequestException('New password must be different from the current password');
|
|
458
336
|
}
|
|
459
|
-
|
|
460
337
|
await user.setPassword(input.newPassword);
|
|
461
338
|
await this.userRepository.save(user);
|
|
462
|
-
|
|
463
339
|
await this.sessionManager.revokeAllUserSessions(user.id);
|
|
464
|
-
|
|
465
340
|
const hydratedUser = await this.getUserWithRolesAndPermissions(user.id);
|
|
466
341
|
const session = await this.sessionManager.createSessionFromUser(hydratedUser);
|
|
467
342
|
const tokens = await this.generateTokensFromSession(session);
|
|
468
343
|
const isRequiresMfa = await this.mfaService.isRequiresMfa(user.id);
|
|
469
|
-
|
|
470
344
|
this.debugLogger.logFunctionExit('changePassword', 'AuthService', { userId: user.id });
|
|
471
345
|
return {
|
|
472
346
|
accessToken: tokens.accessToken,
|
|
473
347
|
refreshToken: tokens.refreshToken,
|
|
474
348
|
isRequiresMfa,
|
|
475
349
|
};
|
|
476
|
-
}
|
|
350
|
+
}
|
|
351
|
+
catch (error) {
|
|
477
352
|
this.debugLogger.logError(error, 'changePassword');
|
|
478
353
|
throw error;
|
|
479
354
|
}
|
|
480
355
|
}
|
|
481
|
-
|
|
482
|
-
async forgotPassword(input: ForgotPasswordRequestDto) {
|
|
356
|
+
async forgotPassword(input) {
|
|
483
357
|
this.debugLogger.logFunctionEntry('forgotPassword', 'AuthService', { email: input.email, phone: input.phone });
|
|
484
|
-
|
|
485
358
|
try {
|
|
486
359
|
const { email, phone } = input;
|
|
487
360
|
let { tenantId = null } = input;
|
|
488
|
-
|
|
489
361
|
// Resolve tenant ID - use provided or default
|
|
490
362
|
tenantId = await this.tenantService.resolveTenantId(tenantId);
|
|
491
|
-
let provider
|
|
492
|
-
|
|
363
|
+
let provider = null;
|
|
493
364
|
if (phone) {
|
|
494
|
-
provider = this.authProviderRegistry.getProvider(PHONE_AUTH_PROVIDER);
|
|
495
|
-
}
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
365
|
+
provider = this.authProviderRegistry.getProvider(auth_constants_1.PHONE_AUTH_PROVIDER);
|
|
366
|
+
}
|
|
367
|
+
else if (email) {
|
|
368
|
+
provider = this.authProviderRegistry.getProvider(auth_constants_1.EMAIL_AUTH_PROVIDER);
|
|
369
|
+
}
|
|
370
|
+
else {
|
|
371
|
+
throw new common_1.BadRequestException('Either email or phone must be provided');
|
|
499
372
|
}
|
|
500
|
-
|
|
501
373
|
if (!provider) {
|
|
502
|
-
throw new BadRequestException('Phone or email authentication is not enabled');
|
|
374
|
+
throw new common_1.BadRequestException('Phone or email authentication is not enabled');
|
|
503
375
|
}
|
|
504
|
-
|
|
505
376
|
if (!provider.enabled) {
|
|
506
377
|
if (email) {
|
|
507
|
-
throw new BadRequestException('Email authentication is not enabled');
|
|
508
|
-
}
|
|
509
|
-
|
|
378
|
+
throw new common_1.BadRequestException('Email authentication is not enabled');
|
|
379
|
+
}
|
|
380
|
+
else if (phone) {
|
|
381
|
+
throw new common_1.BadRequestException('Phone authentication is not enabled');
|
|
510
382
|
}
|
|
511
383
|
}
|
|
512
|
-
|
|
513
384
|
const identity = await provider.findIdentity(email || phone);
|
|
514
|
-
|
|
515
385
|
if (!identity) {
|
|
516
386
|
// Return success even if user not found to prevent email/phone enumeration
|
|
517
387
|
return { message: 'If the account exists, a password reset code has been sent' };
|
|
518
388
|
}
|
|
519
|
-
|
|
520
389
|
// Generate OTP
|
|
521
|
-
const otp = generateOtp();
|
|
390
|
+
const otp = (0, otp_1.generateOtp)();
|
|
522
391
|
const expiresAt = new Date();
|
|
523
392
|
expiresAt.setMinutes(expiresAt.getMinutes() + 15); // OTP expires in 15 minutes
|
|
524
|
-
|
|
525
393
|
// Save OTP to database
|
|
526
394
|
const otpEntity = await this.otpRepository.save({
|
|
527
395
|
userId: identity.user?.id,
|
|
528
396
|
code: otp,
|
|
529
397
|
expiresAt,
|
|
530
|
-
type: OTPTypeEnum.PASSWORD_RESET
|
|
398
|
+
type: otp_interface_1.OTPTypeEnum.PASSWORD_RESET
|
|
531
399
|
});
|
|
532
|
-
|
|
533
|
-
|
|
534
400
|
// Emit refresh token event, Send OTP via email or SMS should be handled by the event listener
|
|
535
|
-
await this.eventEmitter.emitAsync(
|
|
536
|
-
|
|
537
|
-
|
|
538
|
-
|
|
539
|
-
|
|
540
|
-
|
|
541
|
-
|
|
542
|
-
provider,
|
|
543
|
-
})
|
|
544
|
-
);
|
|
545
|
-
|
|
401
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.PASSWORD_RESET_REQUESTED, new password_reset_requested_event_1.PasswordResetRequestedEvent({
|
|
402
|
+
user: identity.user,
|
|
403
|
+
tenantId: identity.user?.tenantId,
|
|
404
|
+
input,
|
|
405
|
+
otp: otpEntity,
|
|
406
|
+
provider,
|
|
407
|
+
}));
|
|
546
408
|
this.debugLogger.logFunctionExit('forgotPassword', 'AuthService', { email: !!email, phone: !!phone });
|
|
547
409
|
return true;
|
|
548
|
-
|
|
549
|
-
|
|
410
|
+
}
|
|
411
|
+
catch (error) {
|
|
550
412
|
this.debugLogger.logError(error, 'forgotPassword', { email: input.email, phone: input.phone });
|
|
551
413
|
throw error;
|
|
552
414
|
}
|
|
553
415
|
}
|
|
554
|
-
|
|
555
|
-
async verifyForgotPasswordOtp(input: VerifyForgotPasswordOtpRequestDto): Promise<VerifyOtpResponseDto> {
|
|
416
|
+
async verifyForgotPasswordOtp(input) {
|
|
556
417
|
this.debugLogger.logFunctionEntry('verifyForgotPasswordOtp', 'AuthService', { email: input.email, phone: input.phone });
|
|
557
418
|
try {
|
|
558
419
|
const { email, phone, otp } = input;
|
|
559
420
|
let { tenantId = null } = input;
|
|
560
|
-
|
|
561
421
|
// Resolve tenant ID - use provided or default
|
|
562
422
|
tenantId = await this.tenantService.resolveTenantId(tenantId);
|
|
563
|
-
|
|
564
423
|
if (!email && !phone) {
|
|
565
|
-
throw new BadRequestException('Either email or phone must be provided');
|
|
424
|
+
throw new common_1.BadRequestException('Either email or phone must be provided');
|
|
566
425
|
}
|
|
567
|
-
|
|
568
|
-
let provider: BaseAuthProvider | null = null;
|
|
569
|
-
|
|
426
|
+
let provider = null;
|
|
570
427
|
if (phone) {
|
|
571
|
-
provider = this.authProviderRegistry.getProvider(PHONE_AUTH_PROVIDER);
|
|
572
|
-
}
|
|
573
|
-
|
|
428
|
+
provider = this.authProviderRegistry.getProvider(auth_constants_1.PHONE_AUTH_PROVIDER);
|
|
429
|
+
}
|
|
430
|
+
else if (email) {
|
|
431
|
+
provider = this.authProviderRegistry.getProvider(auth_constants_1.EMAIL_AUTH_PROVIDER);
|
|
574
432
|
}
|
|
575
|
-
|
|
576
433
|
if (!provider) {
|
|
577
|
-
throw new BadRequestException('Phone or email authentication is not enabled');
|
|
434
|
+
throw new common_1.BadRequestException('Phone or email authentication is not enabled');
|
|
578
435
|
}
|
|
579
|
-
|
|
580
436
|
const identity = await provider.findIdentity(email || phone);
|
|
581
|
-
|
|
582
437
|
if (!identity) {
|
|
583
|
-
throw new BadRequestException('Invalid reset request');
|
|
438
|
+
throw new common_1.BadRequestException('Invalid reset request');
|
|
584
439
|
}
|
|
585
|
-
|
|
586
440
|
const validOtp = await this.otpRepository.findOne({
|
|
587
441
|
where: {
|
|
588
442
|
userId: identity.user?.id,
|
|
589
443
|
code: otp,
|
|
590
|
-
type: OTPTypeEnum.PASSWORD_RESET,
|
|
444
|
+
type: otp_interface_1.OTPTypeEnum.PASSWORD_RESET,
|
|
591
445
|
used: false
|
|
592
446
|
},
|
|
593
447
|
relations: ['user']
|
|
594
448
|
});
|
|
595
|
-
|
|
596
449
|
if (!validOtp) {
|
|
597
|
-
throw new BadRequestException('Invalid OTP code');
|
|
450
|
+
throw new common_1.BadRequestException('Invalid OTP code');
|
|
598
451
|
}
|
|
599
|
-
if (
|
|
600
|
-
throw new BadRequestException('OTP code expired');
|
|
452
|
+
if ((0, moment_1.default)(validOtp.expiresAt).isBefore(new Date())) {
|
|
453
|
+
throw new common_1.BadRequestException('OTP code expired');
|
|
601
454
|
}
|
|
602
|
-
|
|
603
455
|
const user = validOtp.user;
|
|
604
|
-
|
|
605
456
|
// Generate JWT-based password reset token
|
|
606
457
|
// Include password hash prefix to invalidate token if password changes
|
|
607
458
|
const passwordHashPrefix = user.passwordHash ? user.passwordHash.substring(0, 10) : '';
|
|
@@ -610,35 +461,29 @@ export class AuthService {
|
|
|
610
461
|
passwordHashPrefix,
|
|
611
462
|
type: 'password-reset'
|
|
612
463
|
});
|
|
613
|
-
|
|
614
464
|
// Delete the OTP since it's been verified
|
|
615
465
|
await this.otpRepository.remove(validOtp);
|
|
616
|
-
|
|
617
466
|
this.debugLogger.logFunctionExit('verifyForgotPasswordOtp', 'AuthService', { email: input.email, phone: input.phone });
|
|
618
467
|
return {
|
|
619
468
|
message: 'OTP verified successfully',
|
|
620
469
|
resetToken
|
|
621
470
|
};
|
|
622
|
-
}
|
|
471
|
+
}
|
|
472
|
+
catch (error) {
|
|
623
473
|
this.debugLogger.logError(error, 'verifyForgotPasswordOtp', { email: input.email, phone: input.phone });
|
|
624
474
|
throw error;
|
|
625
475
|
}
|
|
626
476
|
}
|
|
627
|
-
|
|
628
|
-
async resetPassword(input: ResetPasswordRequestDto) {
|
|
477
|
+
async resetPassword(input) {
|
|
629
478
|
this.debugLogger.logFunctionEntry('resetPassword', 'AuthService', { email: input.email, phone: input.phone });
|
|
630
|
-
|
|
631
479
|
try {
|
|
632
480
|
const { email, phone, otp, newPassword } = input;
|
|
633
481
|
let { tenantId = null } = input;
|
|
634
|
-
|
|
635
482
|
// Resolve tenant ID - use provided or default
|
|
636
483
|
tenantId = await this.tenantService.resolveTenantId(tenantId);
|
|
637
|
-
|
|
638
484
|
if (!email && !phone) {
|
|
639
|
-
throw new BadRequestException('Either email or phone must be provided');
|
|
485
|
+
throw new common_1.BadRequestException('Either email or phone must be provided');
|
|
640
486
|
}
|
|
641
|
-
|
|
642
487
|
// Find user by email or phone
|
|
643
488
|
const user = await this.userRepository.findOne({
|
|
644
489
|
where: [
|
|
@@ -646,283 +491,212 @@ export class AuthService {
|
|
|
646
491
|
...(phone ? [{ phone, tenantId }] : [])
|
|
647
492
|
]
|
|
648
493
|
});
|
|
649
|
-
|
|
650
494
|
if (!user) {
|
|
651
|
-
throw new BadRequestException('Invalid reset request');
|
|
495
|
+
throw new common_1.BadRequestException('Invalid reset request');
|
|
652
496
|
}
|
|
653
|
-
|
|
654
497
|
// Find valid OTP
|
|
655
498
|
const validOtp = await this.otpRepository.findOne({
|
|
656
499
|
where: {
|
|
657
500
|
userId: user.id,
|
|
658
501
|
code: otp,
|
|
659
|
-
type: OTPTypeEnum.PASSWORD_RESET,
|
|
660
|
-
expiresAt: MoreThan(new Date()),
|
|
502
|
+
type: otp_interface_1.OTPTypeEnum.PASSWORD_RESET,
|
|
503
|
+
expiresAt: (0, typeorm_3.MoreThan)(new Date()),
|
|
661
504
|
used: false
|
|
662
505
|
}
|
|
663
506
|
});
|
|
664
|
-
|
|
665
507
|
if (!validOtp) {
|
|
666
|
-
throw new BadRequestException('Invalid or expired OTP');
|
|
508
|
+
throw new common_1.BadRequestException('Invalid or expired OTP');
|
|
667
509
|
}
|
|
668
|
-
|
|
669
510
|
// Update password
|
|
670
511
|
await user.setPassword(newPassword);
|
|
671
512
|
await this.userRepository.save(user);
|
|
672
|
-
|
|
673
513
|
// Mark OTP as used
|
|
674
514
|
validOtp.used = true;
|
|
675
515
|
await this.otpRepository.save(validOtp);
|
|
676
|
-
|
|
677
516
|
// Emit refresh token event, If we want to send email or SMS should be handled by the event listener
|
|
678
|
-
await this.eventEmitter.emitAsync(
|
|
679
|
-
|
|
680
|
-
|
|
681
|
-
|
|
682
|
-
|
|
683
|
-
input,
|
|
684
|
-
})
|
|
685
|
-
);
|
|
686
|
-
|
|
517
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.PASSWORD_RESET, new password_reset_event_1.PasswordResetEvent({
|
|
518
|
+
user,
|
|
519
|
+
tenantId: user.tenantId,
|
|
520
|
+
input,
|
|
521
|
+
}));
|
|
687
522
|
this.debugLogger.logFunctionExit('resetPassword', 'AuthService', { email: !!email, phone: !!phone });
|
|
688
523
|
return true;
|
|
689
|
-
|
|
690
|
-
|
|
524
|
+
}
|
|
525
|
+
catch (error) {
|
|
691
526
|
this.debugLogger.logError(error, 'resetPassword', { email: input.email, phone: input.phone });
|
|
692
527
|
throw error;
|
|
693
528
|
}
|
|
694
529
|
}
|
|
695
|
-
|
|
696
|
-
|
|
697
|
-
async resetPasswordWithToken(input: ResetPasswordWithTokenRequestDto) {
|
|
530
|
+
async resetPasswordWithToken(input) {
|
|
698
531
|
this.debugLogger.logFunctionEntry('resetPasswordWithToken', 'AuthService', { token: '***' });
|
|
699
|
-
|
|
700
532
|
try {
|
|
701
533
|
const { token, newPassword } = input;
|
|
702
|
-
|
|
703
534
|
// Verify JWT token
|
|
704
|
-
let decoded
|
|
535
|
+
let decoded;
|
|
705
536
|
try {
|
|
706
537
|
decoded = await this.jwtService.verifyPasswordResetToken(token);
|
|
707
|
-
} catch (error) {
|
|
708
|
-
throw new BadRequestException('Invalid or expired reset token');
|
|
709
538
|
}
|
|
710
|
-
|
|
539
|
+
catch (error) {
|
|
540
|
+
throw new common_1.BadRequestException('Invalid or expired reset token');
|
|
541
|
+
}
|
|
711
542
|
if (decoded.type !== 'password-reset') {
|
|
712
|
-
throw new BadRequestException('Invalid token type');
|
|
543
|
+
throw new common_1.BadRequestException('Invalid token type');
|
|
713
544
|
}
|
|
714
|
-
|
|
715
545
|
// Get user
|
|
716
546
|
const user = await this.userRepository.findOne({
|
|
717
547
|
where: { id: decoded.userId }
|
|
718
548
|
});
|
|
719
|
-
|
|
720
549
|
if (!user) {
|
|
721
|
-
throw new BadRequestException('User not found');
|
|
550
|
+
throw new common_1.BadRequestException('User not found');
|
|
722
551
|
}
|
|
723
|
-
|
|
724
552
|
// Verify password hasn't changed since token was issued
|
|
725
553
|
// This makes the token single-use in practice
|
|
726
554
|
const currentPasswordHashPrefix = user.passwordHash ? user.passwordHash.substring(0, 10) : '';
|
|
727
555
|
if (decoded.passwordHashPrefix !== currentPasswordHashPrefix) {
|
|
728
|
-
throw new BadRequestException('Reset token is no longer valid');
|
|
556
|
+
throw new common_1.BadRequestException('Reset token is no longer valid');
|
|
729
557
|
}
|
|
730
|
-
|
|
731
558
|
// Update password
|
|
732
559
|
await user.setPassword(newPassword);
|
|
733
560
|
await this.userRepository.save(user);
|
|
734
|
-
|
|
735
561
|
// Emit password reset event
|
|
736
|
-
await this.eventEmitter.emitAsync(
|
|
737
|
-
|
|
738
|
-
|
|
739
|
-
|
|
740
|
-
|
|
741
|
-
input: { token, newPassword } as any,
|
|
742
|
-
})
|
|
743
|
-
);
|
|
744
|
-
|
|
562
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.PASSWORD_RESET, new password_reset_event_1.PasswordResetEvent({
|
|
563
|
+
user,
|
|
564
|
+
tenantId: user.tenantId,
|
|
565
|
+
input: { token, newPassword },
|
|
566
|
+
}));
|
|
745
567
|
this.debugLogger.logFunctionExit('resetPasswordWithToken', 'AuthService');
|
|
746
568
|
return true;
|
|
747
|
-
|
|
748
|
-
|
|
569
|
+
}
|
|
570
|
+
catch (error) {
|
|
749
571
|
this.debugLogger.logError(error, 'resetPasswordWithToken');
|
|
750
572
|
throw error;
|
|
751
573
|
}
|
|
752
574
|
}
|
|
753
|
-
|
|
754
|
-
|
|
755
|
-
const session = RequestContext.currentSession();
|
|
756
|
-
|
|
575
|
+
async logout(logoutType = 'user', reason) {
|
|
576
|
+
const session = request_context_1.RequestContext.currentSession();
|
|
757
577
|
const user = await this.getUser();
|
|
758
|
-
|
|
759
578
|
// Emit logout event
|
|
760
|
-
await this.eventEmitter.emitAsync(
|
|
761
|
-
|
|
762
|
-
|
|
763
|
-
|
|
764
|
-
|
|
765
|
-
|
|
766
|
-
|
|
767
|
-
reason,
|
|
768
|
-
})
|
|
769
|
-
);
|
|
770
|
-
|
|
579
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.LOGGED_OUT, new logged_out_event_1.LoggedOutEvent({
|
|
580
|
+
user,
|
|
581
|
+
tenantId: user?.tenantId,
|
|
582
|
+
session,
|
|
583
|
+
logoutType,
|
|
584
|
+
reason,
|
|
585
|
+
}));
|
|
771
586
|
if (session) {
|
|
772
587
|
await this.sessionManager.revokeSession(session.id);
|
|
773
588
|
}
|
|
774
|
-
|
|
775
589
|
return true;
|
|
776
590
|
}
|
|
777
|
-
|
|
778
|
-
|
|
779
|
-
const session = RequestContext.currentSession();
|
|
591
|
+
async logoutAll(userId, logoutType = 'user', reason) {
|
|
592
|
+
const session = request_context_1.RequestContext.currentSession();
|
|
780
593
|
if (!session) {
|
|
781
|
-
throw new UnauthorizedException('Session not found');
|
|
594
|
+
throw new common_1.UnauthorizedException('Session not found');
|
|
782
595
|
}
|
|
783
|
-
|
|
784
596
|
const sessions = await this.sessionManager.getUserSessions(userId);
|
|
785
|
-
|
|
786
597
|
await this.sessionManager.revokeAllUserSessions(userId);
|
|
787
|
-
|
|
788
598
|
const user = await this.getUser();
|
|
789
|
-
|
|
790
599
|
// Emit logout event
|
|
791
|
-
await this.eventEmitter.emitAsync(
|
|
792
|
-
|
|
793
|
-
|
|
794
|
-
|
|
795
|
-
|
|
796
|
-
|
|
797
|
-
|
|
798
|
-
|
|
799
|
-
sessions,
|
|
800
|
-
})
|
|
801
|
-
);
|
|
802
|
-
|
|
600
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.LOGGED_OUT_ALL, new logged_out_all_event_1.LoggedOutAllEvent({
|
|
601
|
+
user,
|
|
602
|
+
tenantId: user?.tenantId,
|
|
603
|
+
logoutType,
|
|
604
|
+
reason,
|
|
605
|
+
currentSessionId: session.id,
|
|
606
|
+
sessions,
|
|
607
|
+
}));
|
|
803
608
|
return true;
|
|
804
609
|
}
|
|
805
|
-
|
|
806
|
-
async sendEmailVerification(input: SendEmailVerificationRequestDto) {
|
|
610
|
+
async sendEmailVerification(input) {
|
|
807
611
|
this.debugLogger.logFunctionEntry('sendEmailVerification', 'AuthService');
|
|
808
|
-
|
|
809
612
|
try {
|
|
810
|
-
const user = RequestContext.currentUser();
|
|
613
|
+
const user = request_context_1.RequestContext.currentUser();
|
|
811
614
|
if (!user) {
|
|
812
|
-
throw new UnauthorizedException('User not authenticated');
|
|
615
|
+
throw new common_1.UnauthorizedException('User not authenticated');
|
|
813
616
|
}
|
|
814
|
-
|
|
815
617
|
const fullUser = await this.getUserWithRolesAndPermissions(user.id);
|
|
816
|
-
|
|
817
618
|
if (!fullUser.email) {
|
|
818
|
-
throw new BadRequestException('User does not have an email address');
|
|
619
|
+
throw new common_1.BadRequestException('User does not have an email address');
|
|
819
620
|
}
|
|
820
|
-
|
|
821
621
|
if (fullUser.emailVerifiedAt) {
|
|
822
|
-
throw new BadRequestException('Email is already verified');
|
|
622
|
+
throw new common_1.BadRequestException('Email is already verified');
|
|
823
623
|
}
|
|
824
|
-
|
|
825
624
|
// Generate OTP
|
|
826
|
-
const otp = generateOtp();
|
|
625
|
+
const otp = (0, otp_1.generateOtp)();
|
|
827
626
|
const expiresAt = new Date();
|
|
828
627
|
expiresAt.setMinutes(expiresAt.getMinutes() + 30); // OTP expires in 30 minutes
|
|
829
|
-
|
|
830
628
|
// Save OTP to database
|
|
831
629
|
const otpEntity = await this.otpRepository.save({
|
|
832
630
|
userId: fullUser.id,
|
|
833
631
|
code: otp,
|
|
834
632
|
expiresAt,
|
|
835
|
-
type: OTPTypeEnum.VERIFICATION
|
|
633
|
+
type: otp_interface_1.OTPTypeEnum.VERIFICATION
|
|
836
634
|
});
|
|
837
|
-
|
|
838
635
|
// Emit email verification event - email sending should be handled by event listener
|
|
839
|
-
await this.eventEmitter.emitAsync(
|
|
840
|
-
|
|
841
|
-
|
|
842
|
-
|
|
843
|
-
|
|
844
|
-
otp: otpEntity,
|
|
845
|
-
}
|
|
846
|
-
);
|
|
847
|
-
|
|
636
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.EMAIL_VERIFICATION_REQUESTED, {
|
|
637
|
+
user: fullUser,
|
|
638
|
+
tenantId: fullUser.tenantId,
|
|
639
|
+
otp: otpEntity,
|
|
640
|
+
});
|
|
848
641
|
this.debugLogger.logFunctionExit('sendEmailVerification', 'AuthService');
|
|
849
642
|
return { message: 'Verification email sent successfully' };
|
|
850
|
-
|
|
851
|
-
|
|
643
|
+
}
|
|
644
|
+
catch (error) {
|
|
852
645
|
this.debugLogger.logError(error, 'sendEmailVerification');
|
|
853
646
|
throw error;
|
|
854
647
|
}
|
|
855
648
|
}
|
|
856
|
-
|
|
857
|
-
async verifyEmail(input: VerifyEmailRequestDto) {
|
|
649
|
+
async verifyEmail(input) {
|
|
858
650
|
this.debugLogger.logFunctionEntry('verifyEmail', 'AuthService');
|
|
859
|
-
|
|
860
651
|
try {
|
|
861
|
-
const user = RequestContext.currentUser();
|
|
652
|
+
const user = request_context_1.RequestContext.currentUser();
|
|
862
653
|
if (!user) {
|
|
863
|
-
throw new UnauthorizedException('User not authenticated');
|
|
654
|
+
throw new common_1.UnauthorizedException('User not authenticated');
|
|
864
655
|
}
|
|
865
|
-
|
|
866
656
|
const fullUser = await this.getUserWithRolesAndPermissions(user.id);
|
|
867
|
-
|
|
868
657
|
if (!fullUser.email) {
|
|
869
|
-
throw new BadRequestException('User does not have an email address');
|
|
658
|
+
throw new common_1.BadRequestException('User does not have an email address');
|
|
870
659
|
}
|
|
871
|
-
|
|
872
660
|
if (fullUser.emailVerifiedAt) {
|
|
873
|
-
throw new BadRequestException('Email is already verified');
|
|
661
|
+
throw new common_1.BadRequestException('Email is already verified');
|
|
874
662
|
}
|
|
875
|
-
|
|
876
663
|
// Find valid OTP
|
|
877
664
|
const validOtp = await this.otpRepository.findOne({
|
|
878
665
|
where: {
|
|
879
666
|
userId: fullUser.id,
|
|
880
667
|
code: input.otp,
|
|
881
|
-
type: OTPTypeEnum.VERIFICATION,
|
|
668
|
+
type: otp_interface_1.OTPTypeEnum.VERIFICATION,
|
|
882
669
|
used: false
|
|
883
670
|
}
|
|
884
671
|
});
|
|
885
|
-
|
|
886
672
|
if (!validOtp) {
|
|
887
|
-
throw new BadRequestException('Invalid verification code');
|
|
673
|
+
throw new common_1.BadRequestException('Invalid verification code');
|
|
888
674
|
}
|
|
889
|
-
|
|
890
|
-
|
|
891
|
-
throw new BadRequestException('Verification code has expired');
|
|
675
|
+
if ((0, moment_1.default)(validOtp.expiresAt).isBefore(new Date())) {
|
|
676
|
+
throw new common_1.BadRequestException('Verification code has expired');
|
|
892
677
|
}
|
|
893
|
-
|
|
894
678
|
// Mark OTP as used
|
|
895
679
|
validOtp.used = true;
|
|
896
680
|
await this.otpRepository.save(validOtp);
|
|
897
|
-
|
|
898
681
|
// Verify user email
|
|
899
682
|
fullUser.emailVerifiedAt = new Date();
|
|
900
683
|
fullUser.isVerified = true;
|
|
901
684
|
await this.userRepository.save(fullUser);
|
|
902
|
-
|
|
903
685
|
// Emit email verified event
|
|
904
|
-
await this.eventEmitter.emitAsync(
|
|
905
|
-
|
|
906
|
-
|
|
907
|
-
|
|
908
|
-
tenantId: fullUser.tenantId,
|
|
909
|
-
}
|
|
910
|
-
);
|
|
911
|
-
|
|
686
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.EMAIL_VERIFIED, {
|
|
687
|
+
user: fullUser,
|
|
688
|
+
tenantId: fullUser.tenantId,
|
|
689
|
+
});
|
|
912
690
|
this.debugLogger.logFunctionExit('verifyEmail', 'AuthService');
|
|
913
691
|
return { message: 'Email verified successfully' };
|
|
914
|
-
|
|
915
|
-
|
|
692
|
+
}
|
|
693
|
+
catch (error) {
|
|
916
694
|
this.debugLogger.logError(error, 'verifyEmail');
|
|
917
695
|
throw error;
|
|
918
696
|
}
|
|
919
697
|
}
|
|
920
|
-
|
|
921
|
-
|
|
922
|
-
|
|
923
|
-
private generateTokensPayload(session: SessionPayload, otherPayload: Partial<JWTTokenPayload> = {}): JWTTokenPayload {
|
|
924
|
-
|
|
925
|
-
const payload: JWTTokenPayload = {
|
|
698
|
+
generateTokensPayload(session, otherPayload = {}) {
|
|
699
|
+
const payload = {
|
|
926
700
|
id: session.userId,
|
|
927
701
|
sub: session.userId,
|
|
928
702
|
sessionId: session.id,
|
|
@@ -935,13 +709,26 @@ export class AuthService {
|
|
|
935
709
|
isMfaVerified: session.data?.isMfaVerified,
|
|
936
710
|
...otherPayload,
|
|
937
711
|
};
|
|
938
|
-
|
|
939
712
|
return payload;
|
|
940
713
|
}
|
|
941
|
-
|
|
942
|
-
private async generateTokensFromSession(session: SessionPayload): Promise<{ accessToken: string; refreshToken: string }> {
|
|
714
|
+
async generateTokensFromSession(session) {
|
|
943
715
|
const payload = this.generateTokensPayload(session);
|
|
944
716
|
const tokens = await this.jwtService.generateTokens(payload);
|
|
945
|
-
return tokens
|
|
717
|
+
return tokens;
|
|
946
718
|
}
|
|
947
|
-
}
|
|
719
|
+
};
|
|
720
|
+
exports.AuthService = AuthService;
|
|
721
|
+
exports.AuthService = AuthService = tslib_1.__decorate([
|
|
722
|
+
(0, common_1.Injectable)(),
|
|
723
|
+
tslib_1.__param(0, (0, typeorm_1.InjectRepository)(user_entity_1.NestAuthUser)),
|
|
724
|
+
tslib_1.__param(1, (0, typeorm_1.InjectRepository)(otp_entity_1.NestAuthOTP)),
|
|
725
|
+
tslib_1.__metadata("design:paramtypes", [typeorm_2.Repository,
|
|
726
|
+
typeorm_2.Repository,
|
|
727
|
+
auth_provider_registry_service_1.AuthProviderRegistryService,
|
|
728
|
+
mfa_service_1.MfaService,
|
|
729
|
+
session_manager_service_1.SessionManagerService,
|
|
730
|
+
jwt_service_1.JwtService,
|
|
731
|
+
event_emitter_1.EventEmitter2,
|
|
732
|
+
tenant_service_1.TenantService,
|
|
733
|
+
debug_logger_service_1.DebugLoggerService])
|
|
734
|
+
], AuthService);
|