@ackplus/nest-auth 1.1.1 → 1.1.5

package/src/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.ts

@@ -1,41 +0,0 @@
-import { IsEmail, IsEnum, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUUID, ValidateIf } from "class-validator";
-import { MFAMethodEnum } from "../../../core";
-import { ApiProperty, ApiPropertyOptional } from "@nestjs/swagger";
-
-export class VerifyForgotPasswordOtpRequestDto {
-    @ApiPropertyOptional({
-        description: 'User email address (required if phone not provided)',
-        example: 'user@example.com',
-    })
-    @ValidateIf(o => !o.phone)
-    @IsEmail()
-    @IsNotEmpty()
-    email?: string;
-
-    @ApiPropertyOptional({
-        description: 'User phone number (required if email not provided)',
-        example: '+1234567890',
-    })
-    @ValidateIf(o => !o.email)
-    @IsString()
-    @IsNotEmpty()
-    phone?: string;
-
-    @ApiProperty({
-        description: 'One-time password code received via email or SMS',
-        example: '123456',
-        minLength: 6,
-        maxLength: 8,
-    })
-    @IsString()
-    @IsNotEmpty()
-    otp: string;
-
-    @ApiPropertyOptional({
-        description: 'Tenant ID for multi-tenant applications',
-        example: '123e4567-e89b-12d3-a456-426614174000',
-    })
-    @IsUUID()
-    @IsOptional()
-    tenantId?: string;
-}

package/src/lib/auth/dto/requests/verify-totp-setup.request.dto.ts

@@ -1,22 +0,0 @@
-import { ApiProperty } from "@nestjs/swagger";
-import { IsString, IsNotEmpty } from "class-validator";
-
-export class VerifyTotpSetupRequestDto {
-    @ApiProperty({
-        description: 'The TOTP code from authenticator app',
-        example: '123456',
-        minLength: 6,
-        maxLength: 6,
-    })
-    @IsString()
-    @IsNotEmpty()
-    otp: string;
-
-    @ApiProperty({
-        description: 'Secret key from TOTP setup',
-        example: 'JBSWY3DPEHPK3PXP',
-    })
-    @IsString()
-    @IsNotEmpty()
-    secret: string;
-}

package/src/lib/auth/dto/responses/auth.response.dto.ts

@@ -1,99 +0,0 @@
-import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
-
-/**
- * Authentication tokens response
- */
-export class AuthTokensResponseDto {
-    @ApiProperty({
-        description: 'JWT access token (short-lived)',
-        example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJpYXQiOjE2OTk5OTk5OTksImV4cCI6MTY5OTk5OTk5OX0.xyz',
-    })
-    accessToken: string;
-
-    @ApiProperty({
-        description: 'JWT refresh token (long-lived)',
-        example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVzaCIsImlhdCI6MTY5OTk5OTk5OX0.abc',
-    })
-    refreshToken: string;
-}
-
-/**
- * User information response
- */
-export class UserResponseDto {
-    @ApiProperty({
-        description: 'User unique identifier',
-        example: '123e4567-e89b-12d3-a456-426614174000',
-    })
-    id: string;
-
-    @ApiPropertyOptional({
-        description: 'User email address',
-        example: 'user@example.com',
-    })
-    email?: string;
-
-    @ApiPropertyOptional({
-        description: 'User phone number',
-        example: '+1234567890',
-    })
-    phone?: string;
-
-    @ApiProperty({
-        description: 'Email verification status',
-        example: true,
-    })
-    isVerified: boolean;
-
-    @ApiPropertyOptional({
-        description: 'Additional user metadata',
-        example: { firstName: 'John', lastName: 'Doe' },
-    })
-    metadata?: Record<string, any>;
-}
-
-/**
- * Authentication Response with Tokens DTO
- *
- * Used in header mode (accessTokenType: 'header')
- * Returns tokens in the response body along with message and status.
- */
-export class AuthWithTokensResponseDto extends AuthTokensResponseDto {
-    @ApiPropertyOptional({
-        description: 'Success message (added by controller based on configuration)',
-        example: 'Login successful',
-    })
-    message?: string;
-
-    @ApiProperty({
-        description: 'Whether multi-factor authentication is required',
-        example: false,
-    })
-    isRequiresMfa: boolean;
-
-    @ApiPropertyOptional({
-        description: 'User information',
-        type: UserResponseDto,
-    })
-    user?: UserResponseDto;
-}
-
-// Alias for backward compatibility
-export type AuthResponseDto = AuthWithTokensResponseDto;
-
-/**
- * Two-factor Authentication Response with Tokens DTO
- *
- * Used in header mode (accessTokenType: 'header')
- * Returns tokens in the response body after successful 2FA verification.
- */
-export class Verify2faWithTokensResponseDto extends AuthTokensResponseDto {
-    @ApiPropertyOptional({
-        description: 'Verification success message (added by controller)',
-        example: '2FA verification successful',
-    })
-    message?: string;
-}
-
-// Alias for backward compatibility
-export type Verify2faResponseDto = Verify2faWithTokensResponseDto;

package/src/lib/auth/dto/responses/client-config.response.dto.ts

@@ -1,153 +0,0 @@
-import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
-import { RegistrationCollectProfileField } from '../../../core/interfaces/auth-module-options.interface';
-
-export class EmailAuthConfigDto {
-    @ApiProperty({ example: true })
-    enabled: boolean;
-}
-
-export class PhoneAuthConfigDto {
-    @ApiProperty({ example: false })
-    enabled: boolean;
-}
-
-export class RegistrationConfigDto {
-    @ApiProperty({ example: true, description: 'Whether user registration is enabled' })
-    enabled: boolean;
-
-    @ApiPropertyOptional({ example: false, description: 'Whether registration requires an invitation' })
-    requireInvitation?: boolean;
-
-    @ApiPropertyOptional({
-        description: 'Additional profile fields to collect during registration',
-        type: 'array',
-        items: {
-            type: 'object',
-            properties: {
-                id: { type: 'string' },
-                label: { type: 'string' },
-                required: { type: 'boolean' },
-                type: { type: 'string', enum: ['text', 'email', 'phone', 'select', 'checkbox', 'password'] },
-                placeholder: { type: 'string' },
-                options: {
-                    type: 'array',
-                    items: {
-                        type: 'object',
-                        properties: {
-                            label: { type: 'string' },
-                            value: { type: 'string' },
-                        },
-                    },
-                },
-            },
-        },
-    })
-    collectProfileFields?: Array<RegistrationCollectProfileField>;
-}
-
-export class MfaConfigDto {
-    @ApiProperty({ example: true })
-    enabled: boolean;
-
-    @ApiPropertyOptional({ example: ['email', 'totp'], isArray: true })
-    methods?: string[];
-
-    @ApiPropertyOptional({ example: true })
-    allowUserToggle?: boolean;
-
-    @ApiPropertyOptional({ example: true })
-    allowMethodSelection?: boolean;
-}
-
-export class TenantOptionDto {
-    @ApiProperty()
-    id: string;
-
-    @ApiProperty()
-    name: string;
-
-    @ApiProperty()
-    slug: string;
-
-    @ApiProperty()
-    isActive: boolean;
-
-    @ApiPropertyOptional()
-    metadata?: Record<string, any>;
-}
-
-export class TenantsConfigDto {
-    @ApiProperty({ example: 'single', enum: ['single', 'multi'] })
-    mode: 'single' | 'multi';
-
-    @ApiPropertyOptional({ nullable: true })
-    defaultTenantId: string | null;
-
-    @ApiPropertyOptional({ type: [TenantOptionDto] })
-    options?: TenantOptionDto[];
-}
-
-export class SsoProviderConfigDto {
-    @ApiProperty()
-    id: string;
-
-    @ApiProperty()
-    name: string;
-
-    @ApiPropertyOptional()
-    logoUrl?: string;
-
-    @ApiPropertyOptional()
-    authorizationUrl?: string;
-
-    @ApiPropertyOptional()
-    clientId?: string;
-
-    @ApiPropertyOptional()
-    hint?: string;
-}
-
-export class SsoConfigDto {
-    @ApiProperty({ example: false })
-    enabled: boolean;
-
-    @ApiPropertyOptional({ type: [SsoProviderConfigDto] })
-    providers?: SsoProviderConfigDto[];
-}
-
-export class UiConfigDto {
-    @ApiPropertyOptional()
-    brandName?: string;
-
-    @ApiPropertyOptional()
-    brandColor?: string;
-
-    @ApiPropertyOptional()
-    logoUrl?: string;
-
-    @ApiPropertyOptional()
-    backgroundImageUrl?: string;
-}
-
-export class ClientConfigResponseDto {
-    @ApiProperty({ type: EmailAuthConfigDto })
-    emailAuth: EmailAuthConfigDto;
-
-    @ApiProperty({ type: PhoneAuthConfigDto })
-    phoneAuth: PhoneAuthConfigDto;
-
-    @ApiProperty({ type: RegistrationConfigDto })
-    registration: RegistrationConfigDto;
-
-    @ApiProperty({ type: MfaConfigDto })
-    mfa: MfaConfigDto;
-
-    @ApiProperty({ type: TenantsConfigDto })
-    tenants: TenantsConfigDto;
-
-    @ApiProperty({ type: SsoConfigDto })
-    sso: SsoConfigDto;
-
-    @ApiPropertyOptional({ type: UiConfigDto })
-    ui?: UiConfigDto;
-}

package/src/lib/auth/dto/responses/initialize-admin.response.dto.ts

@@ -1,22 +0,0 @@
-import { ApiProperty } from '@nestjs/swagger';
-import { UserResponseDto } from './auth.response.dto';
-
-export class InitializeAdminResponseDto {
-    @ApiProperty({
-        description: 'Success message',
-        example: 'Super admin created successfully'
-    })
-    message: string;
-
-    @ApiProperty({
-        description: 'Created admin user details',
-        type: UserResponseDto
-    })
-    user: UserResponseDto;
-
-    @ApiProperty({
-        description: 'Assigned role name',
-        example: 'super-admin'
-    })
-    role: string;
-}

package/src/lib/auth/dto/responses/mfa-code-response.dto.ts

@@ -1,27 +0,0 @@
-import { ApiProperty } from '@nestjs/swagger';
-
-export class MfaCodeResponseDto {
-    @ApiProperty({
-        description: 'Current MFA code for testing purposes (development only)',
-        example: '123456',
-    })
-    code: string;
-
-    @ApiProperty({
-        description: 'Code expiration timestamp',
-        example: '2024-01-01T12:00:00.000Z',
-    })
-    expiresAt: Date;
-
-    @ApiProperty({
-        description: 'Whether the code has been used',
-        example: false,
-    })
-    used: boolean;
-
-    @ApiProperty({
-        description: 'Warning message about development-only usage',
-        example: 'This endpoint is only available in development/test environments',
-    })
-    warning?: string;
-}

package/src/lib/auth/dto/responses/mfa-status.response.dto.ts

@@ -1,89 +0,0 @@
-import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
-import { MFAMethodEnum } from '../../../core';
-
-export class MfaDeviceDto {
-    @ApiProperty({
-        description: 'Unique identifier of the MFA device',
-        example: '4b3c9c9c-9a9d-4d1e-8d9f-123456789abc',
-    })
-    id: string;
-
-    @ApiProperty({
-        description: 'Friendly name of the registered device',
-        example: 'Work laptop',
-    })
-    deviceName: string;
-
-    @ApiProperty({
-        description: 'MFA method this device supports',
-        enum: MFAMethodEnum,
-        example: MFAMethodEnum.TOTP,
-    })
-    method: MFAMethodEnum;
-
-    @ApiPropertyOptional({
-        description: 'Timestamp of when the device was last used',
-        example: '2024-05-20T12:34:56.000Z',
-    })
-    lastUsedAt?: Date | null;
-
-    @ApiProperty({
-        description: 'Whether the device setup has been verified',
-        example: true,
-    })
-    verified: boolean;
-
-    @ApiPropertyOptional({
-        description: 'Timestamp of when the device was registered',
-        example: '2024-05-18T10:15:00.000Z',
-    })
-    createdAt?: Date | null;
-}
-
-export class MfaStatusResponseDto {
-    @ApiProperty({
-        description: 'Whether MFA is currently enabled for the user',
-        example: true,
-    })
-    isEnabled: boolean;
-
-    @ApiProperty({
-        description: 'MFA methods currently active for the user',
-        enum: MFAMethodEnum,
-        isArray: true,
-        example: [MFAMethodEnum.EMAIL, MFAMethodEnum.TOTP],
-    })
-    enabledMethods: MFAMethodEnum[];
-
-    @ApiProperty({
-        description: 'All MFA methods available to the user based on backend configuration',
-        enum: MFAMethodEnum,
-        isArray: true,
-        example: [MFAMethodEnum.EMAIL, MFAMethodEnum.TOTP],
-    })
-    availableMethods: MFAMethodEnum[];
-
-    @ApiProperty({
-        description: 'Indicates if MFA toggling is allowed for the user',
-        example: true,
-    })
-    allowUserToggle: boolean;
-
-    @ApiProperty({
-        description: 'Indicates if users can choose their preferred MFA method',
-        example: true,
-    })
-    allowMethodSelection: boolean;
-
-    @ApiProperty({
-        description: 'Registered TOTP devices for the user',
-        type: [MfaDeviceDto],
-    })
-    totpDevices: MfaDeviceDto[];
-
-    @ApiProperty({
-        description: 'Whether a recovery code has been generated for the user',
-        example: false,
-    })
-    hasRecoveryCode: boolean;
-}

package/src/lib/auth/dto/responses/verify-otp.response.dto.ts

@@ -1,9 +0,0 @@
-import { ApiProperty } from '@nestjs/swagger';
-
-export class VerifyOtpResponseDto {
-    @ApiProperty({ description: 'Success message' })
-    message: string;
-
-    @ApiProperty({ description: 'Password reset token - use this to reset password', required: false })
-    resetToken?: string;
-}

package/src/lib/auth/entities/mfa-secret.entity.ts

@@ -1,33 +0,0 @@
-import { Entity, PrimaryGeneratedColumn, Column, CreateDateColumn, UpdateDateColumn, ManyToOne, JoinColumn } from 'typeorm';
-import { NestAuthUser } from '../../user/entities/user.entity';
-
-@Entity('nest_auth_mfa_secrets')
-export class NestAuthMFASecret {
-    @PrimaryGeneratedColumn('uuid')
-    id: string;
-
-    @Column()
-    userId: string;
-
-    @ManyToOne(() => NestAuthUser, user => user.mfaSecrets, { onDelete: 'CASCADE' })
-    @JoinColumn({ name: 'userId' })
-    user: NestAuthUser;
-
-    @Column()
-    secret: string;
-
-    @Column({ default: false })
-    verified: boolean;
-
-    @Column({ nullable: true })
-    deviceName: string;
-
-    @Column({ nullable: true })
-    lastUsedAt: Date;
-
-    @CreateDateColumn()
-    createdAt: Date;
-
-    @UpdateDateColumn()
-    updatedAt: Date;
-}

package/src/lib/auth/entities/otp.entity.ts

@@ -1,33 +0,0 @@
-import { Entity, PrimaryGeneratedColumn, Column, CreateDateColumn, ManyToOne, UpdateDateColumn } from 'typeorm';
-import { NestAuthUser } from '../../user/entities/user.entity';
-import { OTPTypeEnum } from '../../core/interfaces/otp.interface';
-
-@Entity('nest_auth_otps')
-export class NestAuthOTP {
-    @PrimaryGeneratedColumn('uuid')
-    id: string;
-
-    @Column()
-    userId: string;
-
-    @Column()
-    code: string;
-
-    @Column({ type: 'text' })
-    type: OTPTypeEnum;
-
-    @Column()
-    expiresAt: Date;
-
-    @Column({ default: false })
-    used: boolean;
-
-    @CreateDateColumn()
-    createdAt: Date;
-
-    @UpdateDateColumn()
-    updatedAt: Date;
-
-    @ManyToOne(() => NestAuthUser, user => user.otps, { onDelete: 'CASCADE' })
-    user: NestAuthUser;
-}

package/src/lib/auth/services/cookie.service.ts

@@ -1,43 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import { Response } from 'express';
-import { ACCESS_TOKEN_COOKIE_NAME, REFRESH_TOKEN_COOKIE_NAME } from '../../auth.constants';
-import { AuthModuleOptions } from '../../core/interfaces/auth-module-options.interface';
-import ms from 'ms';
-import { AuthConfigService } from '../../core/services/auth-config.service';
-
-@Injectable()
-export class CookieService {
-    private options: AuthModuleOptions;
-
-    constructor() {
-        this.options = AuthConfigService.getOptions();
-    }
-
-    setAccessTokenCookie(response: Response, token: string): void {
-        response.cookie(ACCESS_TOKEN_COOKIE_NAME, token, {
-            httpOnly: true,
-            secure: this.options.cookieOptions.secure,
-            sameSite: this.options.cookieOptions.sameSite,
-            maxAge: ms(this.options.session.sessionExpiry),
-        });
-    }
-
-    setRefreshTokenCookie(response: Response, token: string): void {
-        response.cookie(REFRESH_TOKEN_COOKIE_NAME, token, {
-            httpOnly: true,
-            secure: this.options.cookieOptions.secure,
-            sameSite: this.options.cookieOptions.sameSite,
-            maxAge: ms(this.options.session.refreshTokenExpiry),
-        });
-    }
-
-    clearCookies(response: Response): void {
-        response.clearCookie(ACCESS_TOKEN_COOKIE_NAME);
-        response.clearCookie(REFRESH_TOKEN_COOKIE_NAME);
-    }
-
-    setTokens(response: Response, accessToken: string, refreshToken: string): void {
-        this.setAccessTokenCookie(response, accessToken);
-        this.setRefreshTokenCookie(response, refreshToken);
-    }
-}

package/src/lib/auth.constants.ts

@@ -1,63 +0,0 @@
-export const AUTH_MODULE_OPTIONS = 'NEST_AUTH_AUTH_MODULE_OPTIONS';
-export const NEST_AUTH_ASYNC_OPTIONS_PROVIDER = 'NEST_AUTH_ASYNC_OPTIONS_PROVIDER';
-
-
-// Provider tokens
-export const JWT_AUTH_PROVIDER = 'jwt';
-export const GOOGLE_AUTH_PROVIDER = 'google';
-export const FACEBOOK_AUTH_PROVIDER = 'facebook';
-export const APPLE_AUTH_PROVIDER = 'apple';
-export const GITHUB_AUTH_PROVIDER = 'github';
-export const EMAIL_AUTH_PROVIDER = 'email';
-export const PHONE_AUTH_PROVIDER = 'phone';
-
-
-// Exception codes
-export const USER_NOT_FOUND_EXCEPTION_CODE = 'USER_NOT_FOUND';
-export const UNAUTHORIZED_EXCEPTION_CODE = 'UNAUTHORIZED';
-export const INVALID_MFA_EXCEPTION_CODE = 'INVALID_MFA';
-export const INVALID_REFRESH_TOKEN_EXCEPTION_CODE = 'INVALID_REFRESH_TOKEN';
-export const SESSION_NOT_FOUND_ERROR = 'SESSION_NOT_FOUND';
-export const USER_NOT_ACTIVE_ERROR = 'USER_NOT_ACTIVE';
-
-export const REFRESH_TOKEN_INVALID = 'REFRESH_TOKEN_INVALID';
-export const REFRESH_TOKEN_EXPIRED = 'REFRESH_TOKEN_EXPIRED';
-
-
-// Auth Cookie Names
-export const ACCESS_TOKEN_COOKIE_NAME = 'accessToken';
-export const REFRESH_TOKEN_COOKIE_NAME = 'refreshToken';
-
-// Default values
-export const DEFAULT_GUARD_NAME = 'web';
-
-// Events Const
-export const NestAuthEvents = {
-    EMAIL_VERIFICATION_REQUESTED: 'email.verification.requested',
-    EMAIL_VERIFIED: 'email.verified',
-    // Auth events
-    LOGGED_IN: 'nest_auth.logged_in',
-    REGISTERED: 'nest_auth.registered',
-    TWO_FACTOR_VERIFIED: 'nest_auth.two_factor_verified',
-    REFRESH_TOKEN: 'nest_auth.refresh_token',
-    PASSWORD_RESET_REQUESTED: 'nest_auth.password_reset_requested',
-    PASSWORD_RESET: 'nest_auth.password_reset',
-    LOGGED_OUT: 'nest_auth.logged_out',
-    LOGGED_OUT_ALL: 'nest_auth.logged_out_all',
-
-    // User events
-    USER_CREATED: 'nest_auth.user.created',
-    USER_UPDATED: 'nest_auth.user.updated',
-    USER_DELETED: 'nest_auth.user.deleted',
-
-    // Tenant events
-    TENANT_CREATED: 'nest_auth.tenant.created',
-    TENANT_UPDATED: 'nest_auth.tenant.updated',
-    TENANT_DELETED: 'nest_auth.tenant.deleted',
-
-    // Access key events
-    ACCESS_KEY_CREATED: 'nest_auth.access_key.created',
-    ACCESS_KEY_DELETED: 'nest_auth.access_key.deleted',
-    ACCESS_KEY_UPDATED: 'nest_auth.access_key.updated',
-    ACCESS_KEY_DEACTIVATED: 'nest_auth.access_key.deactivated',
-} as const;

package/src/lib/core/core.module.ts

@@ -1,50 +0,0 @@
-import { Module } from '@nestjs/common';
-import { TypeOrmModule } from '@nestjs/typeorm';
-import { AuthProviderRegistryService } from './services/auth-provider-registry.service';
-import { AppleAuthProvider } from './providers/apple-auth.provider';
-import { JwtAuthProvider } from './providers/jwt-auth.provider';
-import { EmailAuthProvider } from './providers/email-auth.provider';
-import { FacebookAuthProvider } from './providers/facebook-auth.provider';
-import { GoogleAuthProvider } from './providers/google-auth.provider';
-import { GitHubAuthProvider } from './providers/github-auth.provider';
-import { PhoneAuthProvider } from './providers/phone-auth.provider';
-import { JwtService } from './services/jwt.service';
-import { AuthConfigService } from './services/auth-config.service';
-import { InitializationService } from './services/initialization.service';
-import { DebugLoggerService } from './services/debug-logger.service';
-import { TenantModule } from '../tenant/tenant.module';
-import { NestAuthUser } from '../user/entities/user.entity';
-import { NestAuthIdentity } from '../user/entities/identity.entity';
-
-/**
- * CoreModule provides core authentication services and providers.
- * Imports TypeOrmModule.forFeature to provide DataSource for auth providers.
- */
-@Module({
-    imports: [
-        TypeOrmModule.forFeature([NestAuthUser, NestAuthIdentity]),
-        TenantModule
-    ],
-    providers: [
-        AuthConfigService,
-        DebugLoggerService,
-        JwtService,
-        AuthProviderRegistryService,
-        EmailAuthProvider,
-        PhoneAuthProvider,
-        JwtAuthProvider,
-        GoogleAuthProvider,
-        FacebookAuthProvider,
-        AppleAuthProvider,
-        GitHubAuthProvider,
-        InitializationService,
-    ],
-    exports: [
-        JwtService,
-        AuthProviderRegistryService,
-        AuthConfigService,
-        DebugLoggerService,
-        InitializationService,
-    ],
-})
-export class CoreModule { }