@ackplus/nest-auth 1.1.17 → 1.1.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/lib/admin-console/static/index.html +697 -177
- package/src/lib/auth/controllers/mfa.controller.js +5 -5
- package/src/lib/auth/dto/responses/mfa-status.response.dto.d.ts +2 -2
- package/src/lib/auth/dto/responses/mfa-status.response.dto.d.ts.map +1 -1
- package/src/lib/auth/dto/responses/mfa-status.response.dto.js +5 -5
- package/src/lib/auth/guards/auth.guard.d.ts.map +1 -1
- package/src/lib/auth/guards/auth.guard.js +28 -13
- package/src/lib/auth/services/auth.service.d.ts.map +1 -1
- package/src/lib/auth/services/auth.service.js +188 -57
- package/src/lib/auth/services/mfa.service.d.ts.map +1 -1
- package/src/lib/auth/services/mfa.service.js +19 -8
- package/src/lib/auth.constants.d.ts +178 -8
- package/src/lib/auth.constants.d.ts.map +1 -1
- package/src/lib/auth.constants.js +139 -10
- package/src/lib/core/interfaces/auth-module-options.interface.d.ts +170 -0
- package/src/lib/core/interfaces/auth-module-options.interface.d.ts.map +1 -1
- package/src/lib/core/interfaces/session-options.interface.d.ts +52 -0
- package/src/lib/core/interfaces/session-options.interface.d.ts.map +1 -1
- package/src/lib/core/interfaces/token-payload.interface.d.ts +14 -6
- package/src/lib/core/interfaces/token-payload.interface.d.ts.map +1 -1
- package/src/lib/session/services/session-manager.service.d.ts +3 -3
- package/src/lib/session/services/session-manager.service.d.ts.map +1 -1
- package/src/lib/session/services/session-manager.service.js +27 -17
- package/src/lib/user/services/user.service.d.ts +3 -1
- package/src/lib/user/services/user.service.d.ts.map +1 -1
- package/src/lib/user/services/user.service.js +17 -4
|
@@ -7,14 +7,184 @@ export declare const APPLE_AUTH_PROVIDER = "apple";
|
|
|
7
7
|
export declare const GITHUB_AUTH_PROVIDER = "github";
|
|
8
8
|
export declare const EMAIL_AUTH_PROVIDER = "email";
|
|
9
9
|
export declare const PHONE_AUTH_PROVIDER = "phone";
|
|
10
|
-
export declare const
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
10
|
+
export declare const AUTH_ERROR_CODES: {
|
|
11
|
+
readonly REGISTRATION_DISABLED: "REGISTRATION_DISABLED";
|
|
12
|
+
readonly EMAIL_ALREADY_EXISTS: "EMAIL_ALREADY_EXISTS";
|
|
13
|
+
readonly PHONE_ALREADY_EXISTS: "PHONE_ALREADY_EXISTS";
|
|
14
|
+
readonly PROVIDER_NOT_FOUND: "PROVIDER_NOT_FOUND";
|
|
15
|
+
readonly INVALID_CREDENTIALS: "INVALID_CREDENTIALS";
|
|
16
|
+
readonly INVALID_PROVIDER: "INVALID_PROVIDER";
|
|
17
|
+
readonly MISSING_REQUIRED_FIELDS: "MISSING_REQUIRED_FIELDS";
|
|
18
|
+
readonly USER_NOT_FOUND: "USER_NOT_FOUND";
|
|
19
|
+
readonly ACCOUNT_SUSPENDED: "ACCOUNT_SUSPENDED";
|
|
20
|
+
readonly ACCOUNT_INACTIVE: "ACCOUNT_INACTIVE";
|
|
21
|
+
readonly EMAIL_NOT_VERIFIED: "EMAIL_NOT_VERIFIED";
|
|
22
|
+
readonly CURRENT_PASSWORD_INCORRECT: "CURRENT_PASSWORD_INCORRECT";
|
|
23
|
+
readonly NEW_PASSWORD_SAME_AS_CURRENT: "NEW_PASSWORD_SAME_AS_CURRENT";
|
|
24
|
+
readonly PASSWORD_RESET_INVALID_REQUEST: "PASSWORD_RESET_INVALID_REQUEST";
|
|
25
|
+
readonly PASSWORD_RESET_TOKEN_INVALID: "PASSWORD_RESET_TOKEN_INVALID";
|
|
26
|
+
readonly PASSWORD_RESET_TOKEN_EXPIRED: "PASSWORD_RESET_TOKEN_EXPIRED";
|
|
27
|
+
readonly REFRESH_TOKEN_INVALID: "REFRESH_TOKEN_INVALID";
|
|
28
|
+
readonly REFRESH_TOKEN_EXPIRED: "REFRESH_TOKEN_EXPIRED";
|
|
29
|
+
readonly INVALID_TOKEN: "INVALID_TOKEN";
|
|
30
|
+
readonly TOKEN_EXPIRED: "TOKEN_EXPIRED";
|
|
31
|
+
readonly EMAIL_ALREADY_VERIFIED: "EMAIL_ALREADY_VERIFIED";
|
|
32
|
+
readonly VERIFICATION_CODE_INVALID: "VERIFICATION_CODE_INVALID";
|
|
33
|
+
readonly VERIFICATION_CODE_EXPIRED: "VERIFICATION_CODE_EXPIRED";
|
|
34
|
+
readonly NO_EMAIL_ADDRESS: "NO_EMAIL_ADDRESS";
|
|
35
|
+
readonly NO_PHONE_NUMBER: "NO_PHONE_NUMBER";
|
|
36
|
+
};
|
|
37
|
+
export declare const MFA_ERROR_CODES: {
|
|
38
|
+
readonly MFA_NOT_ENABLED: "MFA_NOT_ENABLED";
|
|
39
|
+
readonly MFA_REQUIRED: "MFA_REQUIRED";
|
|
40
|
+
readonly MFA_CODE_INVALID: "MFA_CODE_INVALID";
|
|
41
|
+
readonly MFA_CODE_EXPIRED: "MFA_CODE_EXPIRED";
|
|
42
|
+
readonly MFA_METHOD_NOT_AVAILABLE: "MFA_METHOD_NOT_AVAILABLE";
|
|
43
|
+
readonly MFA_TOGGLING_NOT_ALLOWED: "MFA_TOGGLING_NOT_ALLOWED";
|
|
44
|
+
readonly MFA_CANNOT_ENABLE_WITHOUT_METHOD: "MFA_CANNOT_ENABLE_WITHOUT_METHOD";
|
|
45
|
+
readonly MFA_RECOVERY_CODE_INVALID: "MFA_RECOVERY_CODE_INVALID";
|
|
46
|
+
readonly TOTP_SETUP_FAILED: "TOTP_SETUP_FAILED";
|
|
47
|
+
readonly TOTP_VERIFICATION_FAILED: "TOTP_VERIFICATION_FAILED";
|
|
48
|
+
};
|
|
49
|
+
export declare const SESSION_ERROR_CODES: {
|
|
50
|
+
readonly SESSION_NOT_FOUND: "SESSION_NOT_FOUND";
|
|
51
|
+
readonly SESSION_EXPIRED: "SESSION_EXPIRED";
|
|
52
|
+
readonly SESSION_INVALID: "SESSION_INVALID";
|
|
53
|
+
readonly MAX_SESSIONS_REACHED: "MAX_SESSIONS_REACHED";
|
|
54
|
+
};
|
|
55
|
+
export declare const GUARD_ERROR_CODES: {
|
|
56
|
+
readonly NO_AUTH_PROVIDED: "NO_AUTH_PROVIDED";
|
|
57
|
+
readonly INVALID_AUTH_FORMAT: "INVALID_AUTH_FORMAT";
|
|
58
|
+
readonly INVALID_AUTH_TYPE: "INVALID_AUTH_TYPE";
|
|
59
|
+
readonly UNAUTHORIZED: "UNAUTHORIZED";
|
|
60
|
+
readonly ACCESS_DENIED: "ACCESS_DENIED";
|
|
61
|
+
readonly FORBIDDEN: "FORBIDDEN";
|
|
62
|
+
readonly NO_ROLES_ASSIGNED: "NO_ROLES_ASSIGNED";
|
|
63
|
+
readonly MISSING_REQUIRED_ROLES: "MISSING_REQUIRED_ROLES";
|
|
64
|
+
readonly MISSING_REQUIRED_PERMISSIONS: "MISSING_REQUIRED_PERMISSIONS";
|
|
65
|
+
};
|
|
66
|
+
export declare const API_KEY_ERROR_CODES: {
|
|
67
|
+
readonly INVALID_API_KEY_FORMAT: "INVALID_API_KEY_FORMAT";
|
|
68
|
+
readonly INVALID_API_KEY: "INVALID_API_KEY";
|
|
69
|
+
readonly API_KEY_EXPIRED: "API_KEY_EXPIRED";
|
|
70
|
+
readonly API_KEY_DEACTIVATED: "API_KEY_DEACTIVATED";
|
|
71
|
+
readonly API_KEY_NOT_FOUND: "API_KEY_NOT_FOUND";
|
|
72
|
+
};
|
|
73
|
+
export declare const VALIDATION_ERROR_CODES: {
|
|
74
|
+
readonly EMAIL_OR_PHONE_REQUIRED: "EMAIL_OR_PHONE_REQUIRED";
|
|
75
|
+
readonly TENANT_ID_REQUIRED: "TENANT_ID_REQUIRED";
|
|
76
|
+
readonly INVALID_INPUT: "INVALID_INPUT";
|
|
77
|
+
readonly MISSING_REQUIRED_FIELD: "MISSING_REQUIRED_FIELD";
|
|
78
|
+
readonly INVALID_EMAIL_FORMAT: "INVALID_EMAIL_FORMAT";
|
|
79
|
+
readonly INVALID_PHONE_FORMAT: "INVALID_PHONE_FORMAT";
|
|
80
|
+
};
|
|
81
|
+
export declare const OTP_ERROR_CODES: {
|
|
82
|
+
readonly OTP_INVALID: "OTP_INVALID";
|
|
83
|
+
readonly OTP_EXPIRED: "OTP_EXPIRED";
|
|
84
|
+
readonly OTP_ALREADY_USED: "OTP_ALREADY_USED";
|
|
85
|
+
readonly OTP_NOT_FOUND: "OTP_NOT_FOUND";
|
|
86
|
+
};
|
|
87
|
+
export declare const USER_ERROR_CODES: {
|
|
88
|
+
readonly USER_NOT_FOUND: "USER_NOT_FOUND";
|
|
89
|
+
readonly USER_ALREADY_EXISTS: "USER_ALREADY_EXISTS";
|
|
90
|
+
readonly USER_CREATION_FAILED: "USER_CREATION_FAILED";
|
|
91
|
+
readonly USER_UPDATE_FAILED: "USER_UPDATE_FAILED";
|
|
92
|
+
readonly USER_DELETION_FAILED: "USER_DELETION_FAILED";
|
|
93
|
+
};
|
|
94
|
+
export declare const TENANT_ERROR_CODES: {
|
|
95
|
+
readonly TENANT_NOT_FOUND: "TENANT_NOT_FOUND";
|
|
96
|
+
readonly TENANT_ALREADY_EXISTS: "TENANT_ALREADY_EXISTS";
|
|
97
|
+
readonly INVALID_TENANT: "INVALID_TENANT";
|
|
98
|
+
};
|
|
99
|
+
export declare const ERROR_CODES: {
|
|
100
|
+
readonly TENANT_NOT_FOUND: "TENANT_NOT_FOUND";
|
|
101
|
+
readonly TENANT_ALREADY_EXISTS: "TENANT_ALREADY_EXISTS";
|
|
102
|
+
readonly INVALID_TENANT: "INVALID_TENANT";
|
|
103
|
+
readonly USER_NOT_FOUND: "USER_NOT_FOUND";
|
|
104
|
+
readonly USER_ALREADY_EXISTS: "USER_ALREADY_EXISTS";
|
|
105
|
+
readonly USER_CREATION_FAILED: "USER_CREATION_FAILED";
|
|
106
|
+
readonly USER_UPDATE_FAILED: "USER_UPDATE_FAILED";
|
|
107
|
+
readonly USER_DELETION_FAILED: "USER_DELETION_FAILED";
|
|
108
|
+
readonly OTP_INVALID: "OTP_INVALID";
|
|
109
|
+
readonly OTP_EXPIRED: "OTP_EXPIRED";
|
|
110
|
+
readonly OTP_ALREADY_USED: "OTP_ALREADY_USED";
|
|
111
|
+
readonly OTP_NOT_FOUND: "OTP_NOT_FOUND";
|
|
112
|
+
readonly EMAIL_OR_PHONE_REQUIRED: "EMAIL_OR_PHONE_REQUIRED";
|
|
113
|
+
readonly TENANT_ID_REQUIRED: "TENANT_ID_REQUIRED";
|
|
114
|
+
readonly INVALID_INPUT: "INVALID_INPUT";
|
|
115
|
+
readonly MISSING_REQUIRED_FIELD: "MISSING_REQUIRED_FIELD";
|
|
116
|
+
readonly INVALID_EMAIL_FORMAT: "INVALID_EMAIL_FORMAT";
|
|
117
|
+
readonly INVALID_PHONE_FORMAT: "INVALID_PHONE_FORMAT";
|
|
118
|
+
readonly INVALID_API_KEY_FORMAT: "INVALID_API_KEY_FORMAT";
|
|
119
|
+
readonly INVALID_API_KEY: "INVALID_API_KEY";
|
|
120
|
+
readonly API_KEY_EXPIRED: "API_KEY_EXPIRED";
|
|
121
|
+
readonly API_KEY_DEACTIVATED: "API_KEY_DEACTIVATED";
|
|
122
|
+
readonly API_KEY_NOT_FOUND: "API_KEY_NOT_FOUND";
|
|
123
|
+
readonly NO_AUTH_PROVIDED: "NO_AUTH_PROVIDED";
|
|
124
|
+
readonly INVALID_AUTH_FORMAT: "INVALID_AUTH_FORMAT";
|
|
125
|
+
readonly INVALID_AUTH_TYPE: "INVALID_AUTH_TYPE";
|
|
126
|
+
readonly UNAUTHORIZED: "UNAUTHORIZED";
|
|
127
|
+
readonly ACCESS_DENIED: "ACCESS_DENIED";
|
|
128
|
+
readonly FORBIDDEN: "FORBIDDEN";
|
|
129
|
+
readonly NO_ROLES_ASSIGNED: "NO_ROLES_ASSIGNED";
|
|
130
|
+
readonly MISSING_REQUIRED_ROLES: "MISSING_REQUIRED_ROLES";
|
|
131
|
+
readonly MISSING_REQUIRED_PERMISSIONS: "MISSING_REQUIRED_PERMISSIONS";
|
|
132
|
+
readonly SESSION_NOT_FOUND: "SESSION_NOT_FOUND";
|
|
133
|
+
readonly SESSION_EXPIRED: "SESSION_EXPIRED";
|
|
134
|
+
readonly SESSION_INVALID: "SESSION_INVALID";
|
|
135
|
+
readonly MAX_SESSIONS_REACHED: "MAX_SESSIONS_REACHED";
|
|
136
|
+
readonly MFA_NOT_ENABLED: "MFA_NOT_ENABLED";
|
|
137
|
+
readonly MFA_REQUIRED: "MFA_REQUIRED";
|
|
138
|
+
readonly MFA_CODE_INVALID: "MFA_CODE_INVALID";
|
|
139
|
+
readonly MFA_CODE_EXPIRED: "MFA_CODE_EXPIRED";
|
|
140
|
+
readonly MFA_METHOD_NOT_AVAILABLE: "MFA_METHOD_NOT_AVAILABLE";
|
|
141
|
+
readonly MFA_TOGGLING_NOT_ALLOWED: "MFA_TOGGLING_NOT_ALLOWED";
|
|
142
|
+
readonly MFA_CANNOT_ENABLE_WITHOUT_METHOD: "MFA_CANNOT_ENABLE_WITHOUT_METHOD";
|
|
143
|
+
readonly MFA_RECOVERY_CODE_INVALID: "MFA_RECOVERY_CODE_INVALID";
|
|
144
|
+
readonly TOTP_SETUP_FAILED: "TOTP_SETUP_FAILED";
|
|
145
|
+
readonly TOTP_VERIFICATION_FAILED: "TOTP_VERIFICATION_FAILED";
|
|
146
|
+
readonly REGISTRATION_DISABLED: "REGISTRATION_DISABLED";
|
|
147
|
+
readonly EMAIL_ALREADY_EXISTS: "EMAIL_ALREADY_EXISTS";
|
|
148
|
+
readonly PHONE_ALREADY_EXISTS: "PHONE_ALREADY_EXISTS";
|
|
149
|
+
readonly PROVIDER_NOT_FOUND: "PROVIDER_NOT_FOUND";
|
|
150
|
+
readonly INVALID_CREDENTIALS: "INVALID_CREDENTIALS";
|
|
151
|
+
readonly INVALID_PROVIDER: "INVALID_PROVIDER";
|
|
152
|
+
readonly MISSING_REQUIRED_FIELDS: "MISSING_REQUIRED_FIELDS";
|
|
153
|
+
readonly ACCOUNT_SUSPENDED: "ACCOUNT_SUSPENDED";
|
|
154
|
+
readonly ACCOUNT_INACTIVE: "ACCOUNT_INACTIVE";
|
|
155
|
+
readonly EMAIL_NOT_VERIFIED: "EMAIL_NOT_VERIFIED";
|
|
156
|
+
readonly CURRENT_PASSWORD_INCORRECT: "CURRENT_PASSWORD_INCORRECT";
|
|
157
|
+
readonly NEW_PASSWORD_SAME_AS_CURRENT: "NEW_PASSWORD_SAME_AS_CURRENT";
|
|
158
|
+
readonly PASSWORD_RESET_INVALID_REQUEST: "PASSWORD_RESET_INVALID_REQUEST";
|
|
159
|
+
readonly PASSWORD_RESET_TOKEN_INVALID: "PASSWORD_RESET_TOKEN_INVALID";
|
|
160
|
+
readonly PASSWORD_RESET_TOKEN_EXPIRED: "PASSWORD_RESET_TOKEN_EXPIRED";
|
|
161
|
+
readonly REFRESH_TOKEN_INVALID: "REFRESH_TOKEN_INVALID";
|
|
162
|
+
readonly REFRESH_TOKEN_EXPIRED: "REFRESH_TOKEN_EXPIRED";
|
|
163
|
+
readonly INVALID_TOKEN: "INVALID_TOKEN";
|
|
164
|
+
readonly TOKEN_EXPIRED: "TOKEN_EXPIRED";
|
|
165
|
+
readonly EMAIL_ALREADY_VERIFIED: "EMAIL_ALREADY_VERIFIED";
|
|
166
|
+
readonly VERIFICATION_CODE_INVALID: "VERIFICATION_CODE_INVALID";
|
|
167
|
+
readonly VERIFICATION_CODE_EXPIRED: "VERIFICATION_CODE_EXPIRED";
|
|
168
|
+
readonly NO_EMAIL_ADDRESS: "NO_EMAIL_ADDRESS";
|
|
169
|
+
readonly NO_PHONE_NUMBER: "NO_PHONE_NUMBER";
|
|
170
|
+
};
|
|
171
|
+
export type ErrorCode = typeof ERROR_CODES[keyof typeof ERROR_CODES];
|
|
172
|
+
/** @deprecated Use ERROR_CODES.USER_NOT_FOUND instead */
|
|
173
|
+
export declare const USER_NOT_FOUND_EXCEPTION_CODE: "USER_NOT_FOUND";
|
|
174
|
+
/** @deprecated Use ERROR_CODES.UNAUTHORIZED instead */
|
|
175
|
+
export declare const UNAUTHORIZED_EXCEPTION_CODE: "UNAUTHORIZED";
|
|
176
|
+
/** @deprecated Use ERROR_CODES.MFA_CODE_INVALID instead */
|
|
177
|
+
export declare const INVALID_MFA_EXCEPTION_CODE: "MFA_CODE_INVALID";
|
|
178
|
+
/** @deprecated Use ERROR_CODES.REFRESH_TOKEN_INVALID instead */
|
|
179
|
+
export declare const INVALID_REFRESH_TOKEN_EXCEPTION_CODE: "REFRESH_TOKEN_INVALID";
|
|
180
|
+
/** @deprecated Use ERROR_CODES.SESSION_NOT_FOUND instead */
|
|
181
|
+
export declare const SESSION_NOT_FOUND_ERROR: "SESSION_NOT_FOUND";
|
|
182
|
+
/** @deprecated Use ERROR_CODES.ACCOUNT_INACTIVE instead */
|
|
183
|
+
export declare const USER_NOT_ACTIVE_ERROR: "ACCOUNT_INACTIVE";
|
|
184
|
+
/** @deprecated Use ERROR_CODES.REFRESH_TOKEN_INVALID instead */
|
|
185
|
+
export declare const REFRESH_TOKEN_INVALID: "REFRESH_TOKEN_INVALID";
|
|
186
|
+
/** @deprecated Use ERROR_CODES.REFRESH_TOKEN_EXPIRED instead */
|
|
187
|
+
export declare const REFRESH_TOKEN_EXPIRED: "REFRESH_TOKEN_EXPIRED";
|
|
18
188
|
export declare const ACCESS_TOKEN_COOKIE_NAME = "accessToken";
|
|
19
189
|
export declare const REFRESH_TOKEN_COOKIE_NAME = "refreshToken";
|
|
20
190
|
export declare const NEST_AUTH_TRUST_DEVICE_KEY = "nest_auth_device_trust";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.constants.d.ts","sourceRoot":"","sources":["../../../../../packages/nest-auth/src/lib/auth.constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,mBAAmB,kCAAkC,CAAC;AACnE,eAAO,MAAM,gCAAgC,qCAAqC,CAAC;AAInF,eAAO,MAAM,iBAAiB,QAAQ,CAAC;AACvC,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C,eAAO,MAAM,sBAAsB,aAAa,CAAC;AACjD,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,mBAAmB,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"auth.constants.d.ts","sourceRoot":"","sources":["../../../../../packages/nest-auth/src/lib/auth.constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,mBAAmB,kCAAkC,CAAC;AACnE,eAAO,MAAM,gCAAgC,qCAAqC,CAAC;AAInF,eAAO,MAAM,iBAAiB,QAAQ,CAAC;AACvC,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C,eAAO,MAAM,sBAAsB,aAAa,CAAC;AACjD,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAQ3C,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;CAqCnB,CAAC;AAGX,eAAO,MAAM,eAAe;;;;;;;;;;;CAWlB,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;;CAKtB,CAAC;AAGX,eAAO,MAAM,iBAAiB;;;;;;;;;;CAUpB,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;;;CAMtB,CAAC;AAGX,eAAO,MAAM,sBAAsB;;;;;;;CAOzB,CAAC;AAGX,eAAO,MAAM,eAAe;;;;;CAKlB,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;;CAMnB,CAAC;AAGX,eAAO,MAAM,kBAAkB;;;;CAIrB,CAAC;AAGX,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUd,CAAC;AAGX,MAAM,MAAM,SAAS,GAAG,OAAO,WAAW,CAAC,MAAM,OAAO,WAAW,CAAC,CAAC;AAKrE,yDAAyD;AACzD,eAAO,MAAM,6BAA6B,kBAAkC,CAAC;AAC7E,uDAAuD;AACvD,eAAO,MAAM,2BAA2B,gBAAiC,CAAC;AAC1E,2DAA2D;AAC3D,eAAO,MAAM,0BAA0B,oBAAmC,CAAC;AAC3E,gEAAgE;AAChE,eAAO,MAAM,oCAAoC,yBAAyC,CAAC;AAC3F,4DAA4D;AAC5D,eAAO,MAAM,uBAAuB,qBAAwC,CAAC;AAC7E,2DAA2D;AAC3D,eAAO,MAAM,qBAAqB,oBAAoC,CAAC;AACvE,gEAAgE;AAChE,eAAO,MAAM,qBAAqB,yBAAyC,CAAC;AAC5E,gEAAgE;AAChE,eAAO,MAAM,qBAAqB,yBAAyC,CAAC;AAI5E,eAAO,MAAM,wBAAwB,gBAAgB,CAAC;AACtD,eAAO,MAAM,yBAAyB,iBAAiB,CAAC;AAExD,eAAO,MAAM,0BAA0B,2BAA2B,CAAC;AAGnE,eAAO,MAAM,kBAAkB,QAAQ,CAAC;AAGxC,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;CA6BjB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.NestAuthEvents = exports.DEFAULT_GUARD_NAME = exports.NEST_AUTH_TRUST_DEVICE_KEY = exports.REFRESH_TOKEN_COOKIE_NAME = exports.ACCESS_TOKEN_COOKIE_NAME = exports.REFRESH_TOKEN_EXPIRED = exports.REFRESH_TOKEN_INVALID = exports.USER_NOT_ACTIVE_ERROR = exports.SESSION_NOT_FOUND_ERROR = exports.INVALID_REFRESH_TOKEN_EXCEPTION_CODE = exports.INVALID_MFA_EXCEPTION_CODE = exports.UNAUTHORIZED_EXCEPTION_CODE = exports.USER_NOT_FOUND_EXCEPTION_CODE = exports.PHONE_AUTH_PROVIDER = exports.EMAIL_AUTH_PROVIDER = exports.GITHUB_AUTH_PROVIDER = exports.APPLE_AUTH_PROVIDER = exports.FACEBOOK_AUTH_PROVIDER = exports.GOOGLE_AUTH_PROVIDER = exports.JWT_AUTH_PROVIDER = exports.NEST_AUTH_ASYNC_OPTIONS_PROVIDER = exports.AUTH_MODULE_OPTIONS = void 0;
|
|
3
|
+
exports.NestAuthEvents = exports.DEFAULT_GUARD_NAME = exports.NEST_AUTH_TRUST_DEVICE_KEY = exports.REFRESH_TOKEN_COOKIE_NAME = exports.ACCESS_TOKEN_COOKIE_NAME = exports.REFRESH_TOKEN_EXPIRED = exports.REFRESH_TOKEN_INVALID = exports.USER_NOT_ACTIVE_ERROR = exports.SESSION_NOT_FOUND_ERROR = exports.INVALID_REFRESH_TOKEN_EXCEPTION_CODE = exports.INVALID_MFA_EXCEPTION_CODE = exports.UNAUTHORIZED_EXCEPTION_CODE = exports.USER_NOT_FOUND_EXCEPTION_CODE = exports.ERROR_CODES = exports.TENANT_ERROR_CODES = exports.USER_ERROR_CODES = exports.OTP_ERROR_CODES = exports.VALIDATION_ERROR_CODES = exports.API_KEY_ERROR_CODES = exports.GUARD_ERROR_CODES = exports.SESSION_ERROR_CODES = exports.MFA_ERROR_CODES = exports.AUTH_ERROR_CODES = exports.PHONE_AUTH_PROVIDER = exports.EMAIL_AUTH_PROVIDER = exports.GITHUB_AUTH_PROVIDER = exports.APPLE_AUTH_PROVIDER = exports.FACEBOOK_AUTH_PROVIDER = exports.GOOGLE_AUTH_PROVIDER = exports.JWT_AUTH_PROVIDER = exports.NEST_AUTH_ASYNC_OPTIONS_PROVIDER = exports.AUTH_MODULE_OPTIONS = void 0;
|
|
4
4
|
exports.AUTH_MODULE_OPTIONS = 'NEST_AUTH_AUTH_MODULE_OPTIONS';
|
|
5
5
|
exports.NEST_AUTH_ASYNC_OPTIONS_PROVIDER = 'NEST_AUTH_ASYNC_OPTIONS_PROVIDER';
|
|
6
6
|
// Provider tokens
|
|
@@ -11,15 +11,144 @@ exports.APPLE_AUTH_PROVIDER = 'apple';
|
|
|
11
11
|
exports.GITHUB_AUTH_PROVIDER = 'github';
|
|
12
12
|
exports.EMAIL_AUTH_PROVIDER = 'email';
|
|
13
13
|
exports.PHONE_AUTH_PROVIDER = 'phone';
|
|
14
|
-
//
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
exports.
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
14
|
+
// ==========================================
|
|
15
|
+
// ERROR CODES - Categorized for better organization
|
|
16
|
+
// ==========================================
|
|
17
|
+
// Authentication Error Codes
|
|
18
|
+
exports.AUTH_ERROR_CODES = {
|
|
19
|
+
// Signup/Registration
|
|
20
|
+
REGISTRATION_DISABLED: 'REGISTRATION_DISABLED',
|
|
21
|
+
EMAIL_ALREADY_EXISTS: 'EMAIL_ALREADY_EXISTS',
|
|
22
|
+
PHONE_ALREADY_EXISTS: 'PHONE_ALREADY_EXISTS',
|
|
23
|
+
PROVIDER_NOT_FOUND: 'PROVIDER_NOT_FOUND',
|
|
24
|
+
// Login
|
|
25
|
+
INVALID_CREDENTIALS: 'INVALID_CREDENTIALS',
|
|
26
|
+
INVALID_PROVIDER: 'INVALID_PROVIDER',
|
|
27
|
+
MISSING_REQUIRED_FIELDS: 'MISSING_REQUIRED_FIELDS',
|
|
28
|
+
// Account Status
|
|
29
|
+
USER_NOT_FOUND: 'USER_NOT_FOUND',
|
|
30
|
+
ACCOUNT_SUSPENDED: 'ACCOUNT_SUSPENDED',
|
|
31
|
+
ACCOUNT_INACTIVE: 'ACCOUNT_INACTIVE',
|
|
32
|
+
EMAIL_NOT_VERIFIED: 'EMAIL_NOT_VERIFIED',
|
|
33
|
+
// Password
|
|
34
|
+
CURRENT_PASSWORD_INCORRECT: 'CURRENT_PASSWORD_INCORRECT',
|
|
35
|
+
NEW_PASSWORD_SAME_AS_CURRENT: 'NEW_PASSWORD_SAME_AS_CURRENT',
|
|
36
|
+
PASSWORD_RESET_INVALID_REQUEST: 'PASSWORD_RESET_INVALID_REQUEST',
|
|
37
|
+
PASSWORD_RESET_TOKEN_INVALID: 'PASSWORD_RESET_TOKEN_INVALID',
|
|
38
|
+
PASSWORD_RESET_TOKEN_EXPIRED: 'PASSWORD_RESET_TOKEN_EXPIRED',
|
|
39
|
+
// Tokens
|
|
40
|
+
REFRESH_TOKEN_INVALID: 'REFRESH_TOKEN_INVALID',
|
|
41
|
+
REFRESH_TOKEN_EXPIRED: 'REFRESH_TOKEN_EXPIRED',
|
|
42
|
+
INVALID_TOKEN: 'INVALID_TOKEN',
|
|
43
|
+
TOKEN_EXPIRED: 'TOKEN_EXPIRED',
|
|
44
|
+
// Email Verification
|
|
45
|
+
EMAIL_ALREADY_VERIFIED: 'EMAIL_ALREADY_VERIFIED',
|
|
46
|
+
VERIFICATION_CODE_INVALID: 'VERIFICATION_CODE_INVALID',
|
|
47
|
+
VERIFICATION_CODE_EXPIRED: 'VERIFICATION_CODE_EXPIRED',
|
|
48
|
+
NO_EMAIL_ADDRESS: 'NO_EMAIL_ADDRESS',
|
|
49
|
+
NO_PHONE_NUMBER: 'NO_PHONE_NUMBER',
|
|
50
|
+
};
|
|
51
|
+
// MFA Error Codes
|
|
52
|
+
exports.MFA_ERROR_CODES = {
|
|
53
|
+
MFA_NOT_ENABLED: 'MFA_NOT_ENABLED',
|
|
54
|
+
MFA_REQUIRED: 'MFA_REQUIRED',
|
|
55
|
+
MFA_CODE_INVALID: 'MFA_CODE_INVALID',
|
|
56
|
+
MFA_CODE_EXPIRED: 'MFA_CODE_EXPIRED',
|
|
57
|
+
MFA_METHOD_NOT_AVAILABLE: 'MFA_METHOD_NOT_AVAILABLE',
|
|
58
|
+
MFA_TOGGLING_NOT_ALLOWED: 'MFA_TOGGLING_NOT_ALLOWED',
|
|
59
|
+
MFA_CANNOT_ENABLE_WITHOUT_METHOD: 'MFA_CANNOT_ENABLE_WITHOUT_METHOD',
|
|
60
|
+
MFA_RECOVERY_CODE_INVALID: 'MFA_RECOVERY_CODE_INVALID',
|
|
61
|
+
TOTP_SETUP_FAILED: 'TOTP_SETUP_FAILED',
|
|
62
|
+
TOTP_VERIFICATION_FAILED: 'TOTP_VERIFICATION_FAILED',
|
|
63
|
+
};
|
|
64
|
+
// Session Error Codes
|
|
65
|
+
exports.SESSION_ERROR_CODES = {
|
|
66
|
+
SESSION_NOT_FOUND: 'SESSION_NOT_FOUND',
|
|
67
|
+
SESSION_EXPIRED: 'SESSION_EXPIRED',
|
|
68
|
+
SESSION_INVALID: 'SESSION_INVALID',
|
|
69
|
+
MAX_SESSIONS_REACHED: 'MAX_SESSIONS_REACHED',
|
|
70
|
+
};
|
|
71
|
+
// Guard Error Codes
|
|
72
|
+
exports.GUARD_ERROR_CODES = {
|
|
73
|
+
NO_AUTH_PROVIDED: 'NO_AUTH_PROVIDED',
|
|
74
|
+
INVALID_AUTH_FORMAT: 'INVALID_AUTH_FORMAT',
|
|
75
|
+
INVALID_AUTH_TYPE: 'INVALID_AUTH_TYPE',
|
|
76
|
+
UNAUTHORIZED: 'UNAUTHORIZED',
|
|
77
|
+
ACCESS_DENIED: 'ACCESS_DENIED',
|
|
78
|
+
FORBIDDEN: 'FORBIDDEN',
|
|
79
|
+
NO_ROLES_ASSIGNED: 'NO_ROLES_ASSIGNED',
|
|
80
|
+
MISSING_REQUIRED_ROLES: 'MISSING_REQUIRED_ROLES',
|
|
81
|
+
MISSING_REQUIRED_PERMISSIONS: 'MISSING_REQUIRED_PERMISSIONS',
|
|
82
|
+
};
|
|
83
|
+
// API Key Error Codes
|
|
84
|
+
exports.API_KEY_ERROR_CODES = {
|
|
85
|
+
INVALID_API_KEY_FORMAT: 'INVALID_API_KEY_FORMAT',
|
|
86
|
+
INVALID_API_KEY: 'INVALID_API_KEY',
|
|
87
|
+
API_KEY_EXPIRED: 'API_KEY_EXPIRED',
|
|
88
|
+
API_KEY_DEACTIVATED: 'API_KEY_DEACTIVATED',
|
|
89
|
+
API_KEY_NOT_FOUND: 'API_KEY_NOT_FOUND',
|
|
90
|
+
};
|
|
91
|
+
// Validation Error Codes
|
|
92
|
+
exports.VALIDATION_ERROR_CODES = {
|
|
93
|
+
EMAIL_OR_PHONE_REQUIRED: 'EMAIL_OR_PHONE_REQUIRED',
|
|
94
|
+
TENANT_ID_REQUIRED: 'TENANT_ID_REQUIRED',
|
|
95
|
+
INVALID_INPUT: 'INVALID_INPUT',
|
|
96
|
+
MISSING_REQUIRED_FIELD: 'MISSING_REQUIRED_FIELD',
|
|
97
|
+
INVALID_EMAIL_FORMAT: 'INVALID_EMAIL_FORMAT',
|
|
98
|
+
INVALID_PHONE_FORMAT: 'INVALID_PHONE_FORMAT',
|
|
99
|
+
};
|
|
100
|
+
// OTP Error Codes
|
|
101
|
+
exports.OTP_ERROR_CODES = {
|
|
102
|
+
OTP_INVALID: 'OTP_INVALID',
|
|
103
|
+
OTP_EXPIRED: 'OTP_EXPIRED',
|
|
104
|
+
OTP_ALREADY_USED: 'OTP_ALREADY_USED',
|
|
105
|
+
OTP_NOT_FOUND: 'OTP_NOT_FOUND',
|
|
106
|
+
};
|
|
107
|
+
// User Management Error Codes
|
|
108
|
+
exports.USER_ERROR_CODES = {
|
|
109
|
+
USER_NOT_FOUND: 'USER_NOT_FOUND',
|
|
110
|
+
USER_ALREADY_EXISTS: 'USER_ALREADY_EXISTS',
|
|
111
|
+
USER_CREATION_FAILED: 'USER_CREATION_FAILED',
|
|
112
|
+
USER_UPDATE_FAILED: 'USER_UPDATE_FAILED',
|
|
113
|
+
USER_DELETION_FAILED: 'USER_DELETION_FAILED',
|
|
114
|
+
};
|
|
115
|
+
// Tenant Error Codes
|
|
116
|
+
exports.TENANT_ERROR_CODES = {
|
|
117
|
+
TENANT_NOT_FOUND: 'TENANT_NOT_FOUND',
|
|
118
|
+
TENANT_ALREADY_EXISTS: 'TENANT_ALREADY_EXISTS',
|
|
119
|
+
INVALID_TENANT: 'INVALID_TENANT',
|
|
120
|
+
};
|
|
121
|
+
// Consolidated Error Codes (for easy access)
|
|
122
|
+
exports.ERROR_CODES = {
|
|
123
|
+
...exports.AUTH_ERROR_CODES,
|
|
124
|
+
...exports.MFA_ERROR_CODES,
|
|
125
|
+
...exports.SESSION_ERROR_CODES,
|
|
126
|
+
...exports.GUARD_ERROR_CODES,
|
|
127
|
+
...exports.API_KEY_ERROR_CODES,
|
|
128
|
+
...exports.VALIDATION_ERROR_CODES,
|
|
129
|
+
...exports.OTP_ERROR_CODES,
|
|
130
|
+
...exports.USER_ERROR_CODES,
|
|
131
|
+
...exports.TENANT_ERROR_CODES,
|
|
132
|
+
};
|
|
133
|
+
// ==========================================
|
|
134
|
+
// LEGACY ERROR CODES (For backward compatibility)
|
|
135
|
+
// ==========================================
|
|
136
|
+
/** @deprecated Use ERROR_CODES.USER_NOT_FOUND instead */
|
|
137
|
+
exports.USER_NOT_FOUND_EXCEPTION_CODE = exports.AUTH_ERROR_CODES.USER_NOT_FOUND;
|
|
138
|
+
/** @deprecated Use ERROR_CODES.UNAUTHORIZED instead */
|
|
139
|
+
exports.UNAUTHORIZED_EXCEPTION_CODE = exports.GUARD_ERROR_CODES.UNAUTHORIZED;
|
|
140
|
+
/** @deprecated Use ERROR_CODES.MFA_CODE_INVALID instead */
|
|
141
|
+
exports.INVALID_MFA_EXCEPTION_CODE = exports.MFA_ERROR_CODES.MFA_CODE_INVALID;
|
|
142
|
+
/** @deprecated Use ERROR_CODES.REFRESH_TOKEN_INVALID instead */
|
|
143
|
+
exports.INVALID_REFRESH_TOKEN_EXCEPTION_CODE = exports.AUTH_ERROR_CODES.REFRESH_TOKEN_INVALID;
|
|
144
|
+
/** @deprecated Use ERROR_CODES.SESSION_NOT_FOUND instead */
|
|
145
|
+
exports.SESSION_NOT_FOUND_ERROR = exports.SESSION_ERROR_CODES.SESSION_NOT_FOUND;
|
|
146
|
+
/** @deprecated Use ERROR_CODES.ACCOUNT_INACTIVE instead */
|
|
147
|
+
exports.USER_NOT_ACTIVE_ERROR = exports.AUTH_ERROR_CODES.ACCOUNT_INACTIVE;
|
|
148
|
+
/** @deprecated Use ERROR_CODES.REFRESH_TOKEN_INVALID instead */
|
|
149
|
+
exports.REFRESH_TOKEN_INVALID = exports.AUTH_ERROR_CODES.REFRESH_TOKEN_INVALID;
|
|
150
|
+
/** @deprecated Use ERROR_CODES.REFRESH_TOKEN_EXPIRED instead */
|
|
151
|
+
exports.REFRESH_TOKEN_EXPIRED = exports.AUTH_ERROR_CODES.REFRESH_TOKEN_EXPIRED;
|
|
23
152
|
// Auth Cookie Names
|
|
24
153
|
exports.ACCESS_TOKEN_COOKIE_NAME = 'accessToken';
|
|
25
154
|
exports.REFRESH_TOKEN_COOKIE_NAME = 'refreshToken';
|
|
@@ -3,6 +3,8 @@ import { MFAOptions } from './mfa-options.interface';
|
|
|
3
3
|
import { CookieOptions, SessionOptions } from './session-options.interface';
|
|
4
4
|
import { BaseAuthProvider } from '../providers/base-auth.provider';
|
|
5
5
|
import { DebugLogOptions } from '../services/debug-logger.service';
|
|
6
|
+
import { NestAuthUser } from '../../user/entities/user.entity';
|
|
7
|
+
import { SessionPayload, JWTTokenPayload } from './token-payload.interface';
|
|
6
8
|
/**
|
|
7
9
|
* Default Tenant Options
|
|
8
10
|
*
|
|
@@ -41,6 +43,132 @@ export interface RegistrationCollectProfileField {
|
|
|
41
43
|
value: string;
|
|
42
44
|
}>;
|
|
43
45
|
}
|
|
46
|
+
/**
|
|
47
|
+
* User lifecycle hooks for customizing user creation and serialization
|
|
48
|
+
*/
|
|
49
|
+
export interface UserHooks {
|
|
50
|
+
/**
|
|
51
|
+
* Transform user data before creation.
|
|
52
|
+
* Use this to set default roles, validate fields, or enrich data.
|
|
53
|
+
*
|
|
54
|
+
* @example
|
|
55
|
+
* ```typescript
|
|
56
|
+
* beforeCreate: async (userData, input) => ({
|
|
57
|
+
* ...userData,
|
|
58
|
+
* metadata: { ...userData.metadata, source: 'web' }
|
|
59
|
+
* })
|
|
60
|
+
* ```
|
|
61
|
+
*/
|
|
62
|
+
beforeCreate?: (userData: Partial<NestAuthUser>, input: any) => Promise<Partial<NestAuthUser>> | Partial<NestAuthUser>;
|
|
63
|
+
/**
|
|
64
|
+
* Callback after user creation.
|
|
65
|
+
* Use for side effects like creating related records, sending notifications.
|
|
66
|
+
*/
|
|
67
|
+
afterCreate?: (user: NestAuthUser) => Promise<void> | void;
|
|
68
|
+
/**
|
|
69
|
+
* Control which user fields appear in API responses.
|
|
70
|
+
*
|
|
71
|
+
* @example
|
|
72
|
+
* ```typescript
|
|
73
|
+
* serialize: (user) => ({
|
|
74
|
+
* id: user.id,
|
|
75
|
+
* email: user.email,
|
|
76
|
+
* roles: user.roles
|
|
77
|
+
* })
|
|
78
|
+
* ```
|
|
79
|
+
*/
|
|
80
|
+
serialize?: (user: NestAuthUser) => Partial<NestAuthUser>;
|
|
81
|
+
/** Fields to always exclude from responses */
|
|
82
|
+
sensitiveFields?: string[];
|
|
83
|
+
}
|
|
84
|
+
/**
|
|
85
|
+
* Authentication response hooks
|
|
86
|
+
*/
|
|
87
|
+
export interface AuthHooks {
|
|
88
|
+
/**
|
|
89
|
+
* Transform authentication response (login/signup).
|
|
90
|
+
* Use to add custom data like user profile, organization info, feature flags.
|
|
91
|
+
*
|
|
92
|
+
* @example
|
|
93
|
+
* ```typescript
|
|
94
|
+
* transformResponse: async (response, user, session) => ({
|
|
95
|
+
* ...response,
|
|
96
|
+
* user: { id: user.id, email: user.email },
|
|
97
|
+
* organization: await getOrg(user.id)
|
|
98
|
+
* })
|
|
99
|
+
* ```
|
|
100
|
+
*/
|
|
101
|
+
transformResponse?: (response: any, user: NestAuthUser, session: SessionPayload) => Promise<any> | any;
|
|
102
|
+
}
|
|
103
|
+
/**
|
|
104
|
+
* Password customization hooks
|
|
105
|
+
*/
|
|
106
|
+
export interface PasswordHooks {
|
|
107
|
+
/** Custom password hashing (default: Argon2id) */
|
|
108
|
+
hash?: (password: string) => Promise<string>;
|
|
109
|
+
/** Custom password verification */
|
|
110
|
+
verify?: (password: string, hash: string) => Promise<boolean>;
|
|
111
|
+
/** Password policy validation */
|
|
112
|
+
validate?: (password: string) => {
|
|
113
|
+
valid: boolean;
|
|
114
|
+
errors?: string[];
|
|
115
|
+
};
|
|
116
|
+
}
|
|
117
|
+
/**
|
|
118
|
+
* OTP customization options
|
|
119
|
+
*/
|
|
120
|
+
export interface OtpOptions {
|
|
121
|
+
/** Custom OTP generation function */
|
|
122
|
+
generate?: () => string;
|
|
123
|
+
/** OTP length (default: 6) */
|
|
124
|
+
length?: number;
|
|
125
|
+
/** OTP format */
|
|
126
|
+
format?: 'numeric' | 'alphanumeric';
|
|
127
|
+
}
|
|
128
|
+
/**
|
|
129
|
+
* Guard customization hooks for pre/post auth validation
|
|
130
|
+
*/
|
|
131
|
+
export interface GuardHooks {
|
|
132
|
+
/**
|
|
133
|
+
* Pre-auth validation (IP whitelist, device fingerprint, etc.)
|
|
134
|
+
* Return { reject: true, reason: '...' } to block authentication.
|
|
135
|
+
*/
|
|
136
|
+
beforeAuth?: (request: any, payload: JWTTokenPayload) => Promise<void | {
|
|
137
|
+
reject: boolean;
|
|
138
|
+
reason?: string;
|
|
139
|
+
}>;
|
|
140
|
+
/** Post-auth callback */
|
|
141
|
+
afterAuth?: (request: any, user: NestAuthUser, session: SessionPayload) => Promise<void> | void;
|
|
142
|
+
}
|
|
143
|
+
/**
|
|
144
|
+
* Authorization customization hooks
|
|
145
|
+
*/
|
|
146
|
+
export interface AuthorizationHooks {
|
|
147
|
+
/** Custom role resolution */
|
|
148
|
+
resolveRoles?: (user: NestAuthUser) => Promise<string[]>;
|
|
149
|
+
/** Custom permission resolution */
|
|
150
|
+
resolvePermissions?: (user: NestAuthUser, roles: string[]) => Promise<string[]>;
|
|
151
|
+
}
|
|
152
|
+
/**
|
|
153
|
+
* Audit event structure
|
|
154
|
+
*/
|
|
155
|
+
export interface AuthAuditEvent {
|
|
156
|
+
type: 'login' | 'logout' | 'signup' | 'password_change' | 'mfa_enable' | 'session_revoke';
|
|
157
|
+
userId?: string;
|
|
158
|
+
ip?: string;
|
|
159
|
+
userAgent?: string;
|
|
160
|
+
success: boolean;
|
|
161
|
+
metadata?: Record<string, any>;
|
|
162
|
+
timestamp: Date;
|
|
163
|
+
}
|
|
164
|
+
/**
|
|
165
|
+
* Audit logging options
|
|
166
|
+
*/
|
|
167
|
+
export interface AuditOptions {
|
|
168
|
+
enabled?: boolean;
|
|
169
|
+
/** Callback for audit events */
|
|
170
|
+
onEvent?: (event: AuthAuditEvent) => Promise<void> | void;
|
|
171
|
+
}
|
|
44
172
|
export interface AuthModuleOptions {
|
|
45
173
|
isGlobal?: boolean;
|
|
46
174
|
appName: string;
|
|
@@ -57,6 +185,8 @@ export interface AuthModuleOptions {
|
|
|
57
185
|
secret: string;
|
|
58
186
|
accessTokenExpiresIn?: number | string;
|
|
59
187
|
refreshTokenExpiresIn?: number | string;
|
|
188
|
+
/** Custom token validation - return false to reject the token */
|
|
189
|
+
validateToken?: (payload: JWTTokenPayload, session: SessionPayload) => Promise<boolean>;
|
|
60
190
|
};
|
|
61
191
|
google?: {
|
|
62
192
|
clientId: string;
|
|
@@ -145,6 +275,46 @@ export interface AuthModuleOptions {
|
|
|
145
275
|
*/
|
|
146
276
|
adminConsole?: AdminConsoleOptions;
|
|
147
277
|
debug?: DebugLogOptions;
|
|
278
|
+
/**
|
|
279
|
+
* User lifecycle hooks
|
|
280
|
+
* Customize user creation, validation, and serialization
|
|
281
|
+
*/
|
|
282
|
+
user?: UserHooks;
|
|
283
|
+
/**
|
|
284
|
+
* Authentication hooks
|
|
285
|
+
* Customize auth responses (login/signup)
|
|
286
|
+
*/
|
|
287
|
+
auth?: AuthHooks;
|
|
288
|
+
/**
|
|
289
|
+
* Guard hooks
|
|
290
|
+
* Add custom pre/post authentication validation
|
|
291
|
+
*/
|
|
292
|
+
guards?: GuardHooks;
|
|
293
|
+
/**
|
|
294
|
+
* Password customization
|
|
295
|
+
* Custom hashing, verification, and validation
|
|
296
|
+
*/
|
|
297
|
+
password?: PasswordHooks;
|
|
298
|
+
/**
|
|
299
|
+
* OTP customization
|
|
300
|
+
* Custom generation, format, and length
|
|
301
|
+
*/
|
|
302
|
+
otp?: OtpOptions;
|
|
303
|
+
/**
|
|
304
|
+
* Authorization hooks
|
|
305
|
+
* Custom role and permission resolution
|
|
306
|
+
*/
|
|
307
|
+
authorization?: AuthorizationHooks;
|
|
308
|
+
/**
|
|
309
|
+
* Audit logging
|
|
310
|
+
* Track auth events for compliance
|
|
311
|
+
*/
|
|
312
|
+
audit?: AuditOptions;
|
|
313
|
+
/**
|
|
314
|
+
* Custom error handling
|
|
315
|
+
* Transform errors before sending to client
|
|
316
|
+
*/
|
|
317
|
+
errorHandler?: (error: Error, context: 'login' | 'signup' | 'refresh' | 'mfa' | 'password_reset') => any;
|
|
148
318
|
}
|
|
149
319
|
export interface AdminConsoleOptions {
|
|
150
320
|
/** Enable or disable the embedded admin console (default: true) */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-module-options.interface.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/core/interfaces/auth-module-options.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;
|
|
1
|
+
{"version":3,"file":"auth-module-options.interface.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/core/interfaces/auth-module-options.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAG5E;;;;;;;GAOG;AACH,MAAM,WAAW,oBAAoB;IACjC,iCAAiC;IACjC,IAAI,EAAE,MAAM,CAAC;IAEb;;;;OAIG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,2BAA2B;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,wBAAwB;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,+BAA+B;IAC5C,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,QAAQ,GAAG,UAAU,GAAG,UAAU,CAAC;IACtE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACrD;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACtB;;;;;;;;;;;OAWG;IACH,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,GAAG,KAAK,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAEvH;;;OAGG;IACH,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAE3D;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC;IAE1D,8CAA8C;IAC9C,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACtB;;;;;;;;;;;;OAYG;IACH,iBAAiB,CAAC,EAAE,CAChB,QAAQ,EAAE,GAAG,EACb,IAAI,EAAE,YAAY,EAClB,OAAO,EAAE,cAAc,KACtB,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC1B,kDAAkD;IAClD,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7C,mCAAmC;IACnC,MAAM,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9D,iCAAiC;IACjC,QAAQ,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CAC1E;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACvB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,MAAM,MAAM,CAAC;IACxB,8BAA8B;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iBAAiB;IACjB,MAAM,CAAC,EAAE,SAAS,GAAG,cAAc,CAAC;CACvC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACvB;;;OAGG;IACH,UAAU,CAAC,EAAE,CACT,OAAO,EAAE,GAAG,EACZ,OAAO,EAAE,eAAe,KACvB,OAAO,CAAC,IAAI,GAAG;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAE1D,yBAAyB;IACzB,SAAS,CAAC,EAAE,CACR,OAAO,EAAE,GAAG,EACZ,IAAI,EAAE,YAAY,EAClB,OAAO,EAAE,cAAc,KACtB,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAC/B,6BAA6B;IAC7B,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACzD,mCAAmC;IACnC,kBAAkB,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;CACnF;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC3B,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,iBAAiB,GAAG,YAAY,GAAG,gBAAgB,CAAC;IAC1F,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC/B,SAAS,EAAE,IAAI,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IACzB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,gCAAgC;IAChC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC7D;AAED,MAAM,WAAW,iBAAiB;IAC9B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB;;;;;OAKG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,eAAe,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IACtC,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,GAAG,EAAE;QACD,MAAM,EAAE,MAAM,CAAC;QACf,oBAAoB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QACvC,qBAAqB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QACxC,iEAAiE;QACjE,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,cAAc,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KAC3F,CAAC;IACF,MAAM,CAAC,EAAE;QACL,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,QAAQ,CAAC,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,KAAK,CAAC,EAAE;QACJ,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,WAAW,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,MAAM,CAAC,EAAE;QACL,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,SAAS,CAAC,EAAE;QACR,OAAO,EAAE,OAAO,CAAC;KACpB,CAAC;IACF,SAAS,CAAC,EAAE;QACR,OAAO,EAAE,OAAO,CAAC;KACpB,CAAC;IACF;;;OAGG;IACH,YAAY,CAAC,EAAE;QACX,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,iBAAiB,CAAC,EAAE,OAAO,CAAC;QAC5B,oBAAoB,CAAC,EAAE,KAAK,CAAC,+BAA+B,CAAC,CAAC;KACjE,CAAC;IACF;;;OAGG;IACH,YAAY,CAAC,EAAE;QACX;;;WAGG;QACH,OAAO,CAAC,EAAE,CAAC,aAAa,EAAE,GAAG,EAAE,OAAO,EAAE;YAAE,aAAa,EAAE,GAAG,CAAC;YAAC,aAAa,EAAE,GAAG,CAAA;SAAE,KAAK,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;KAC7G,CAAC;IACF,GAAG,CAAC,EAAE,UAAU,CAAC;IACjB,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,mBAAmB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACzC,yBAAyB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5C,2BAA2B,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC9C;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC;;;;;OAKG;IACH,YAAY,CAAC,EAAE,mBAAmB,CAAC;IACnC,KAAK,CAAC,EAAE,eAAe,CAAC;IAMxB;;;OAGG;IACH,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB;;;OAGG;IACH,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB;;;OAGG;IACH,MAAM,CAAC,EAAE,UAAU,CAAC;IAEpB;;;OAGG;IACH,QAAQ,CAAC,EAAE,aAAa,CAAC;IAEzB;;;OAGG;IACH,GAAG,CAAC,EAAE,UAAU,CAAC;IAEjB;;;OAGG;IACH,aAAa,CAAC,EAAE,kBAAkB,CAAC;IAEnC;;;OAGG;IACH,KAAK,CAAC,EAAE,YAAY,CAAC;IAErB;;;OAGG;IACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,SAAS,GAAG,KAAK,GAAG,gBAAgB,KAAK,GAAG,CAAC;CAC5G;AAED,MAAM,WAAW,mBAAmB;IAChC,mEAAmE;IACnE,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,mEAAmE;IACnE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0EAA0E;IAC1E,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,uEAAuE;IACvE,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAClC;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B;;;OAGG;IACH,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB;;OAEG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,MAAM,WAAW,sBAAsB;IACnC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB;;;;;OAKG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC;IAChB,UAAU,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,iBAAiB,CAAC,GAAG,iBAAiB,CAAC;IAChF,MAAM,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,QAAQ,CAAC,EAAE,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAC1C,WAAW,CAAC,EAAE,IAAI,CAAC,wBAAwB,CAAC,CAAC;CAChD;AAED,MAAM,WAAW,wBAAwB;IACrC,uBAAuB,IAAI,OAAO,CAAC,iBAAiB,CAAC,GAAG,iBAAiB,CAAC;CAC7E"}
|
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
import { CookieOptions as ExpressCookieOptions } from 'express';
|
|
2
|
+
import { NestAuthUser } from '../../user/entities/user.entity';
|
|
3
|
+
import { SessionDataPayload, SessionPayload, JWTTokenPayload } from './token-payload.interface';
|
|
2
4
|
export declare enum SessionStorageType {
|
|
3
5
|
REDIS = "redis",
|
|
4
6
|
DATABASE = "database",
|
|
@@ -11,6 +13,56 @@ export interface SessionOptions {
|
|
|
11
13
|
refreshTokenExpiry?: number | string;
|
|
12
14
|
maxSessionsPerUser?: number;
|
|
13
15
|
slidingExpiration?: boolean;
|
|
16
|
+
/**
|
|
17
|
+
* Customize the data stored in the session (database).
|
|
18
|
+
* This data is NOT sent to the client and can include sensitive information.
|
|
19
|
+
* Supports async operations for database lookups.
|
|
20
|
+
*
|
|
21
|
+
* @param defaultData - The default session data (user, roles, permissions, isMfaVerified)
|
|
22
|
+
* @param user - The authenticated user entity
|
|
23
|
+
* @returns Custom session data to store (can be a Promise)
|
|
24
|
+
*
|
|
25
|
+
* @example
|
|
26
|
+
* ```typescript
|
|
27
|
+
* customizeSessionData: async (defaultData, user) => ({
|
|
28
|
+
* ...defaultData,
|
|
29
|
+
* organizationId: user.metadata?.organizationId,
|
|
30
|
+
* internalApiKey: await fetchApiKey(user.id), // Async DB lookup
|
|
31
|
+
* })
|
|
32
|
+
* ```
|
|
33
|
+
*/
|
|
34
|
+
customizeSessionData?: (defaultData: SessionDataPayload, user: NestAuthUser) => Promise<SessionDataPayload> | SessionDataPayload;
|
|
35
|
+
/**
|
|
36
|
+
* Customize the JWT token payload sent to the client.
|
|
37
|
+
* Keep this minimal for security - sensitive data should stay in session.
|
|
38
|
+
* Supports async operations for database lookups.
|
|
39
|
+
*
|
|
40
|
+
* @param defaultPayload - The default token payload
|
|
41
|
+
* @param session - The created session (with data from customizeSessionData if configured)
|
|
42
|
+
* @returns Custom token payload (can be a Promise)
|
|
43
|
+
*
|
|
44
|
+
* @example
|
|
45
|
+
* ```typescript
|
|
46
|
+
* customizeTokenPayload: async (defaultPayload, session) => ({
|
|
47
|
+
* ...defaultPayload,
|
|
48
|
+
* roles: undefined, // Remove sensitive data from token
|
|
49
|
+
* orgId: session.data?.organizationId, // Add minimal identifier
|
|
50
|
+
* })
|
|
51
|
+
* ```
|
|
52
|
+
*/
|
|
53
|
+
customizeTokenPayload?: (defaultPayload: JWTTokenPayload, session: SessionPayload) => Promise<JWTTokenPayload> | JWTTokenPayload;
|
|
54
|
+
/**
|
|
55
|
+
* Called when a new session is created (login/signup)
|
|
56
|
+
*/
|
|
57
|
+
onCreated?: (session: SessionPayload, user: any) => Promise<void> | void;
|
|
58
|
+
/**
|
|
59
|
+
* Called when a session is refreshed (token refresh)
|
|
60
|
+
*/
|
|
61
|
+
onRefreshed?: (oldSession: SessionPayload, newSession: SessionPayload) => Promise<void> | void;
|
|
62
|
+
/**
|
|
63
|
+
* Called when a session is revoked (logout, admin action, security)
|
|
64
|
+
*/
|
|
65
|
+
onRevoked?: (session: SessionPayload, reason: 'logout' | 'expired' | 'admin' | 'security' | 'password_change') => Promise<void> | void;
|
|
14
66
|
}
|
|
15
67
|
export type CookieOptions = Omit<ExpressCookieOptions, 'maxAge'>;
|
|
16
68
|
//# sourceMappingURL=session-options.interface.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-options.interface.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/core/interfaces/session-options.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,IAAI,oBAAoB,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"session-options.interface.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/core/interfaces/session-options.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,IAAI,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAEhG,oBAAY,kBAAkB;IAC1B,KAAK,UAAU;IACf,QAAQ,aAAa;IACrB,MAAM,WAAW;CACpB;AAED,MAAM,WAAW,cAAc;IAC3B,WAAW,EAAE,kBAAkB,CAAC;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,kBAAkB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAE5B;;;;;;;;;;;;;;;;;OAiBG;IACH,oBAAoB,CAAC,EAAE,CACnB,WAAW,EAAE,kBAAkB,EAC/B,IAAI,EAAE,YAAY,KACjB,OAAO,CAAC,kBAAkB,CAAC,GAAG,kBAAkB,CAAC;IAEtD;;;;;;;;;;;;;;;;;OAiBG;IACH,qBAAqB,CAAC,EAAE,CACpB,cAAc,EAAE,eAAe,EAC/B,OAAO,EAAE,cAAc,KACtB,OAAO,CAAC,eAAe,CAAC,GAAG,eAAe,CAAC;IAMhD;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAEzE;;OAEG;IACH,WAAW,CAAC,EAAE,CAAC,UAAU,EAAE,cAAc,EAAE,UAAU,EAAE,cAAc,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAE/F;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,GAAG,iBAAiB,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC1I;AAGD,MAAM,MAAM,aAAa,GAAG,IAAI,CAAC,oBAAoB,EAAE,QAAQ,CAAC,CAAA"}
|