@ackplus/nest-auth 1.1.18 → 1.1.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/lib/admin-console/static/index.html +697 -177
- package/src/lib/audit/services/audit.service.d.ts +15 -0
- package/src/lib/audit/services/audit.service.d.ts.map +1 -0
- package/src/lib/audit/services/audit.service.js +143 -0
- package/src/lib/auth/controllers/auth.controller.d.ts +1 -1
- package/src/lib/auth/controllers/mfa.controller.js +5 -5
- package/src/lib/auth/dto/responses/mfa-status.response.dto.d.ts +2 -2
- package/src/lib/auth/dto/responses/mfa-status.response.dto.d.ts.map +1 -1
- package/src/lib/auth/dto/responses/mfa-status.response.dto.js +5 -5
- package/src/lib/auth/events/index.d.ts +13 -0
- package/src/lib/auth/events/index.d.ts.map +1 -0
- package/src/lib/auth/events/index.js +15 -0
- package/src/lib/auth/events/user-2fa-disabled.event.d.ts +10 -0
- package/src/lib/auth/events/user-2fa-disabled.event.d.ts.map +1 -0
- package/src/lib/auth/events/user-2fa-disabled.event.js +12 -0
- package/src/lib/auth/events/user-2fa-enabled.event.d.ts +13 -0
- package/src/lib/auth/events/user-2fa-enabled.event.d.ts.map +1 -0
- package/src/lib/auth/events/user-2fa-enabled.event.js +15 -0
- package/src/lib/auth/events/user-password-changed.event.d.ts +12 -0
- package/src/lib/auth/events/user-password-changed.event.d.ts.map +1 -0
- package/src/lib/auth/events/user-password-changed.event.js +15 -0
- package/src/lib/auth/guards/auth.guard.d.ts +19 -1
- package/src/lib/auth/guards/auth.guard.d.ts.map +1 -1
- package/src/lib/auth/guards/auth.guard.js +113 -25
- package/src/lib/auth/services/auth.service.d.ts +10 -6
- package/src/lib/auth/services/auth.service.d.ts.map +1 -1
- package/src/lib/auth/services/auth.service.js +313 -133
- package/src/lib/auth/services/mfa.service.d.ts +1 -1
- package/src/lib/auth/services/mfa.service.d.ts.map +1 -1
- package/src/lib/auth/services/mfa.service.js +46 -10
- package/src/lib/auth.constants.d.ts +181 -8
- package/src/lib/auth.constants.d.ts.map +1 -1
- package/src/lib/auth.constants.js +142 -10
- package/src/lib/core/interfaces/auth-module-options.interface.d.ts +170 -0
- package/src/lib/core/interfaces/auth-module-options.interface.d.ts.map +1 -1
- package/src/lib/core/interfaces/session-options.interface.d.ts +52 -0
- package/src/lib/core/interfaces/session-options.interface.d.ts.map +1 -1
- package/src/lib/core/interfaces/token-payload.interface.d.ts +14 -6
- package/src/lib/core/interfaces/token-payload.interface.d.ts.map +1 -1
- package/src/lib/core/services/auth-config.service.js +1 -1
- package/src/lib/nest-auth.module.d.ts.map +1 -1
- package/src/lib/nest-auth.module.js +5 -2
- package/src/lib/session/services/session-manager.service.d.ts +6 -6
- package/src/lib/session/services/session-manager.service.d.ts.map +1 -1
- package/src/lib/session/services/session-manager.service.js +54 -21
- package/src/lib/user/entities/user.entity.d.ts.map +1 -1
- package/src/lib/user/entities/user.entity.js +19 -0
- package/src/lib/user/services/user.service.d.ts +8 -6
- package/src/lib/user/services/user.service.d.ts.map +1 -1
- package/src/lib/user/services/user.service.js +51 -46
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { AuthConfigService } from '../../core/services/auth-config.service';
|
|
2
|
+
import { UserLoggedInEvent, LoggedOutEvent, UserRegisteredEvent, UserPasswordChangedEvent, User2faEnabledEvent, User2faDisabledEvent } from '../../auth/events';
|
|
3
|
+
export declare class AuditService {
|
|
4
|
+
private readonly authConfigService;
|
|
5
|
+
private readonly logger;
|
|
6
|
+
constructor(authConfigService: AuthConfigService);
|
|
7
|
+
private emitAuditEvent;
|
|
8
|
+
handleUserLoggedIn(payload: UserLoggedInEvent): Promise<void>;
|
|
9
|
+
handleUserLoggedOut(payload: LoggedOutEvent): Promise<void>;
|
|
10
|
+
handleUserRegistered(payload: UserRegisteredEvent): Promise<void>;
|
|
11
|
+
handlePasswordChanged(payload: UserPasswordChangedEvent): Promise<void>;
|
|
12
|
+
handle2faEnabled(payload: User2faEnabledEvent): Promise<void>;
|
|
13
|
+
handle2faDisabled(payload: User2faDisabledEvent): Promise<void>;
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=audit.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit.service.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/audit/services/audit.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AAE5E,OAAO,EACH,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,wBAAwB,EACxB,mBAAmB,EACnB,oBAAoB,EACvB,MAAM,mBAAmB,CAAC;AAG3B,qBACa,YAAY;IAIjB,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAHtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiC;gBAGnC,iBAAiB,EAAE,iBAAiB;YAG3C,cAAc;IAiBtB,kBAAkB,CAAC,OAAO,EAAE,iBAAiB;IAgB7C,mBAAmB,CAAC,OAAO,EAAE,cAAc;IAc3C,oBAAoB,CAAC,OAAO,EAAE,mBAAmB;IAcjD,qBAAqB,CAAC,OAAO,EAAE,wBAAwB;IAavD,gBAAgB,CAAC,OAAO,EAAE,mBAAmB;IAc7C,iBAAiB,CAAC,OAAO,EAAE,oBAAoB;CAWxD"}
|
|
@@ -0,0 +1,143 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var AuditService_1;
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
exports.AuditService = void 0;
|
|
5
|
+
const tslib_1 = require("tslib");
|
|
6
|
+
const common_1 = require("@nestjs/common");
|
|
7
|
+
const event_emitter_1 = require("@nestjs/event-emitter");
|
|
8
|
+
const auth_config_service_1 = require("../../core/services/auth-config.service");
|
|
9
|
+
const auth_constants_1 = require("../../auth.constants");
|
|
10
|
+
const events_1 = require("../../auth/events");
|
|
11
|
+
let AuditService = AuditService_1 = class AuditService {
|
|
12
|
+
constructor(authConfigService) {
|
|
13
|
+
this.authConfigService = authConfigService;
|
|
14
|
+
this.logger = new common_1.Logger(AuditService_1.name);
|
|
15
|
+
}
|
|
16
|
+
async emitAuditEvent(event) {
|
|
17
|
+
const config = this.authConfigService.getConfig();
|
|
18
|
+
if (config.audit?.enabled === false) {
|
|
19
|
+
return;
|
|
20
|
+
}
|
|
21
|
+
if (config.audit?.onEvent) {
|
|
22
|
+
try {
|
|
23
|
+
await config.audit.onEvent(event);
|
|
24
|
+
}
|
|
25
|
+
catch (error) {
|
|
26
|
+
this.logger.error(`Error in audit.onEvent hook: ${error.message}`, error.stack);
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
async handleUserLoggedIn(payload) {
|
|
31
|
+
await this.emitAuditEvent({
|
|
32
|
+
type: 'login',
|
|
33
|
+
userId: payload.payload.user.id,
|
|
34
|
+
ip: payload.payload.session.ipAddress,
|
|
35
|
+
userAgent: payload.payload.session.userAgent,
|
|
36
|
+
success: true,
|
|
37
|
+
metadata: {
|
|
38
|
+
provider: payload.payload.provider,
|
|
39
|
+
tenantId: payload.payload.tenantId,
|
|
40
|
+
},
|
|
41
|
+
timestamp: new Date(),
|
|
42
|
+
});
|
|
43
|
+
}
|
|
44
|
+
async handleUserLoggedOut(payload) {
|
|
45
|
+
await this.emitAuditEvent({
|
|
46
|
+
type: 'logout',
|
|
47
|
+
userId: payload.payload.user?.id,
|
|
48
|
+
success: true,
|
|
49
|
+
metadata: {
|
|
50
|
+
reason: payload.payload.reason,
|
|
51
|
+
sessionId: payload.payload.session.id,
|
|
52
|
+
},
|
|
53
|
+
timestamp: new Date(),
|
|
54
|
+
});
|
|
55
|
+
}
|
|
56
|
+
async handleUserRegistered(payload) {
|
|
57
|
+
await this.emitAuditEvent({
|
|
58
|
+
type: 'signup',
|
|
59
|
+
userId: payload.payload.user.id,
|
|
60
|
+
success: true,
|
|
61
|
+
metadata: {
|
|
62
|
+
tenantId: payload.payload.tenantId,
|
|
63
|
+
provider: payload.payload.provider,
|
|
64
|
+
},
|
|
65
|
+
timestamp: new Date(),
|
|
66
|
+
});
|
|
67
|
+
}
|
|
68
|
+
async handlePasswordChanged(payload) {
|
|
69
|
+
await this.emitAuditEvent({
|
|
70
|
+
type: 'password_change',
|
|
71
|
+
userId: payload.payload.user.id,
|
|
72
|
+
success: true,
|
|
73
|
+
metadata: {
|
|
74
|
+
initiatedBy: payload.payload.initiatedBy,
|
|
75
|
+
},
|
|
76
|
+
timestamp: new Date(),
|
|
77
|
+
});
|
|
78
|
+
}
|
|
79
|
+
async handle2faEnabled(payload) {
|
|
80
|
+
await this.emitAuditEvent({
|
|
81
|
+
type: 'mfa_enable',
|
|
82
|
+
userId: payload.payload.user.id,
|
|
83
|
+
success: true,
|
|
84
|
+
metadata: {
|
|
85
|
+
method: payload.payload.method,
|
|
86
|
+
action: 'enabled'
|
|
87
|
+
},
|
|
88
|
+
timestamp: new Date(),
|
|
89
|
+
});
|
|
90
|
+
}
|
|
91
|
+
async handle2faDisabled(payload) {
|
|
92
|
+
await this.emitAuditEvent({
|
|
93
|
+
type: 'mfa_enable', // reusing type or should add mfa_disable?
|
|
94
|
+
userId: payload.payload.user.id,
|
|
95
|
+
success: true,
|
|
96
|
+
metadata: {
|
|
97
|
+
action: 'disabled'
|
|
98
|
+
},
|
|
99
|
+
timestamp: new Date(),
|
|
100
|
+
});
|
|
101
|
+
}
|
|
102
|
+
};
|
|
103
|
+
exports.AuditService = AuditService;
|
|
104
|
+
tslib_1.__decorate([
|
|
105
|
+
(0, event_emitter_1.OnEvent)(auth_constants_1.NestAuthEvents.LOGGED_IN),
|
|
106
|
+
tslib_1.__metadata("design:type", Function),
|
|
107
|
+
tslib_1.__metadata("design:paramtypes", [events_1.UserLoggedInEvent]),
|
|
108
|
+
tslib_1.__metadata("design:returntype", Promise)
|
|
109
|
+
], AuditService.prototype, "handleUserLoggedIn", null);
|
|
110
|
+
tslib_1.__decorate([
|
|
111
|
+
(0, event_emitter_1.OnEvent)(auth_constants_1.NestAuthEvents.LOGGED_OUT),
|
|
112
|
+
tslib_1.__metadata("design:type", Function),
|
|
113
|
+
tslib_1.__metadata("design:paramtypes", [events_1.LoggedOutEvent]),
|
|
114
|
+
tslib_1.__metadata("design:returntype", Promise)
|
|
115
|
+
], AuditService.prototype, "handleUserLoggedOut", null);
|
|
116
|
+
tslib_1.__decorate([
|
|
117
|
+
(0, event_emitter_1.OnEvent)(auth_constants_1.NestAuthEvents.REGISTERED),
|
|
118
|
+
tslib_1.__metadata("design:type", Function),
|
|
119
|
+
tslib_1.__metadata("design:paramtypes", [events_1.UserRegisteredEvent]),
|
|
120
|
+
tslib_1.__metadata("design:returntype", Promise)
|
|
121
|
+
], AuditService.prototype, "handleUserRegistered", null);
|
|
122
|
+
tslib_1.__decorate([
|
|
123
|
+
(0, event_emitter_1.OnEvent)(auth_constants_1.NestAuthEvents.PASSWORD_CHANGED),
|
|
124
|
+
tslib_1.__metadata("design:type", Function),
|
|
125
|
+
tslib_1.__metadata("design:paramtypes", [events_1.UserPasswordChangedEvent]),
|
|
126
|
+
tslib_1.__metadata("design:returntype", Promise)
|
|
127
|
+
], AuditService.prototype, "handlePasswordChanged", null);
|
|
128
|
+
tslib_1.__decorate([
|
|
129
|
+
(0, event_emitter_1.OnEvent)(auth_constants_1.NestAuthEvents.TWO_FACTOR_ENABLED),
|
|
130
|
+
tslib_1.__metadata("design:type", Function),
|
|
131
|
+
tslib_1.__metadata("design:paramtypes", [events_1.User2faEnabledEvent]),
|
|
132
|
+
tslib_1.__metadata("design:returntype", Promise)
|
|
133
|
+
], AuditService.prototype, "handle2faEnabled", null);
|
|
134
|
+
tslib_1.__decorate([
|
|
135
|
+
(0, event_emitter_1.OnEvent)(auth_constants_1.NestAuthEvents.TWO_FACTOR_DISABLED),
|
|
136
|
+
tslib_1.__metadata("design:type", Function),
|
|
137
|
+
tslib_1.__metadata("design:paramtypes", [events_1.User2faDisabledEvent]),
|
|
138
|
+
tslib_1.__metadata("design:returntype", Promise)
|
|
139
|
+
], AuditService.prototype, "handle2faDisabled", null);
|
|
140
|
+
exports.AuditService = AuditService = AuditService_1 = tslib_1.__decorate([
|
|
141
|
+
(0, common_1.Injectable)(),
|
|
142
|
+
tslib_1.__metadata("design:paramtypes", [auth_config_service_1.AuthConfigService])
|
|
143
|
+
], AuditService);
|
|
@@ -65,7 +65,7 @@ export declare class AuthController {
|
|
|
65
65
|
*/
|
|
66
66
|
resetPassword(input: ResetPasswordRequestDto): Promise<MessageResponseDto>;
|
|
67
67
|
resetPasswordWithToken(input: ResetPasswordWithTokenRequestDto): Promise<MessageResponseDto>;
|
|
68
|
-
getUser(): Promise<import("../../core").NestAuthUser
|
|
68
|
+
getUser(): Promise<Partial<import("../../core").NestAuthUser>>;
|
|
69
69
|
sendEmailVerification(input: SendEmailVerificationRequestDto): Promise<MessageResponseDto>;
|
|
70
70
|
verifyEmail(input: VerifyEmailRequestDto): Promise<MessageResponseDto>;
|
|
71
71
|
getClientConfig(): Promise<ClientConfigResponseDto>;
|
|
@@ -30,13 +30,13 @@ let MfaController = class MfaController {
|
|
|
30
30
|
const user = this.getCurrentUserOrThrow();
|
|
31
31
|
const config = this.mfaService.mfaConfig;
|
|
32
32
|
const globallyEnabled = config?.enabled ?? false;
|
|
33
|
-
let
|
|
33
|
+
let verifiedMethods = [];
|
|
34
34
|
let totpDevices = [];
|
|
35
35
|
let hasRecoveryCode = false;
|
|
36
36
|
let isEnabled = false;
|
|
37
37
|
if (globallyEnabled) {
|
|
38
|
-
[
|
|
39
|
-
this.mfaService.
|
|
38
|
+
[verifiedMethods, totpDevices, hasRecoveryCode, isEnabled] = await Promise.all([
|
|
39
|
+
this.mfaService.getVerifiedMethods(user.id),
|
|
40
40
|
this.mfaService.getTotpDevices(user.id),
|
|
41
41
|
this.mfaService.hasRecoveryCode(user.id),
|
|
42
42
|
this.mfaService.isMfaEnabled(user.id),
|
|
@@ -44,8 +44,8 @@ let MfaController = class MfaController {
|
|
|
44
44
|
}
|
|
45
45
|
return {
|
|
46
46
|
isEnabled,
|
|
47
|
-
|
|
48
|
-
|
|
47
|
+
verifiedMethods, // Methods user has verified/can use
|
|
48
|
+
configuredMethods: this.mfaService.getAvailableMethods(), // Methods configured in app
|
|
49
49
|
allowUserToggle: config?.allowUserToggle ?? false,
|
|
50
50
|
allowMethodSelection: config?.allowMethodSelection ?? false,
|
|
51
51
|
totpDevices,
|
|
@@ -9,8 +9,8 @@ export declare class MfaDeviceDto {
|
|
|
9
9
|
}
|
|
10
10
|
export declare class MfaStatusResponseDto {
|
|
11
11
|
isEnabled: boolean;
|
|
12
|
-
|
|
13
|
-
|
|
12
|
+
verifiedMethods: MFAMethodEnum[];
|
|
13
|
+
configuredMethods: MFAMethodEnum[];
|
|
14
14
|
allowUserToggle: boolean;
|
|
15
15
|
allowMethodSelection: boolean;
|
|
16
16
|
totpDevices: MfaDeviceDto[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mfa-status.response.dto.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/nest-auth/src/lib/auth/dto/responses/mfa-status.response.dto.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAE9C,qBAAa,YAAY;IAKrB,EAAE,EAAE,MAAM,CAAC;IAMX,UAAU,EAAE,MAAM,CAAC;IAOnB,MAAM,EAAE,aAAa,CAAC;IAMtB,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAMzB,QAAQ,EAAE,OAAO,CAAC;IAMlB,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CAC3B;AAED,qBAAa,oBAAoB;IAK7B,SAAS,EAAE,OAAO,CAAC;IAQnB,
|
|
1
|
+
{"version":3,"file":"mfa-status.response.dto.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/nest-auth/src/lib/auth/dto/responses/mfa-status.response.dto.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAE9C,qBAAa,YAAY;IAKrB,EAAE,EAAE,MAAM,CAAC;IAMX,UAAU,EAAE,MAAM,CAAC;IAOnB,MAAM,EAAE,aAAa,CAAC;IAMtB,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAMzB,QAAQ,EAAE,OAAO,CAAC;IAMlB,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CAC3B;AAED,qBAAa,oBAAoB;IAK7B,SAAS,EAAE,OAAO,CAAC;IAQnB,eAAe,EAAE,aAAa,EAAE,CAAC;IAQjC,iBAAiB,EAAE,aAAa,EAAE,CAAC;IAMnC,eAAe,EAAE,OAAO,CAAC;IAMzB,oBAAoB,EAAE,OAAO,CAAC;IAM9B,WAAW,EAAE,YAAY,EAAE,CAAC;IAM5B,eAAe,EAAE,OAAO,CAAC;CAC5B"}
|
|
@@ -62,22 +62,22 @@ tslib_1.__decorate([
|
|
|
62
62
|
], MfaStatusResponseDto.prototype, "isEnabled", void 0);
|
|
63
63
|
tslib_1.__decorate([
|
|
64
64
|
(0, swagger_1.ApiProperty)({
|
|
65
|
-
description: 'MFA methods currently
|
|
65
|
+
description: 'MFA methods the user has verified and can currently use (includes EMAIL/SMS if configured, and TOTP if user has verified device)',
|
|
66
66
|
enum: core_1.MFAMethodEnum,
|
|
67
67
|
isArray: true,
|
|
68
68
|
example: [core_1.MFAMethodEnum.EMAIL, core_1.MFAMethodEnum.TOTP],
|
|
69
69
|
}),
|
|
70
70
|
tslib_1.__metadata("design:type", Array)
|
|
71
|
-
], MfaStatusResponseDto.prototype, "
|
|
71
|
+
], MfaStatusResponseDto.prototype, "verifiedMethods", void 0);
|
|
72
72
|
tslib_1.__decorate([
|
|
73
73
|
(0, swagger_1.ApiProperty)({
|
|
74
|
-
description: 'All MFA methods available
|
|
74
|
+
description: 'All MFA methods configured and available in the application (methods user can potentially set up)',
|
|
75
75
|
enum: core_1.MFAMethodEnum,
|
|
76
76
|
isArray: true,
|
|
77
|
-
example: [core_1.MFAMethodEnum.EMAIL, core_1.MFAMethodEnum.TOTP],
|
|
77
|
+
example: [core_1.MFAMethodEnum.EMAIL, core_1.MFAMethodEnum.TOTP, core_1.MFAMethodEnum.SMS],
|
|
78
78
|
}),
|
|
79
79
|
tslib_1.__metadata("design:type", Array)
|
|
80
|
-
], MfaStatusResponseDto.prototype, "
|
|
80
|
+
], MfaStatusResponseDto.prototype, "configuredMethods", void 0);
|
|
81
81
|
tslib_1.__decorate([
|
|
82
82
|
(0, swagger_1.ApiProperty)({
|
|
83
83
|
description: 'Indicates if MFA toggling is allowed for the user',
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
export * from './user-logged-in.event';
|
|
2
|
+
export * from './logged-out.event';
|
|
3
|
+
export * from './logged-out-all.event';
|
|
4
|
+
export * from './user-registered.event';
|
|
5
|
+
export * from './password-reset-requested.event';
|
|
6
|
+
export * from './password-reset.event';
|
|
7
|
+
export * from './two-factor-code-sent.event';
|
|
8
|
+
export * from './user-2fa-verified.event';
|
|
9
|
+
export * from './user-refresh-token.event';
|
|
10
|
+
export * from './user-password-changed.event';
|
|
11
|
+
export * from './user-2fa-enabled.event';
|
|
12
|
+
export * from './user-2fa-disabled.event';
|
|
13
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/events/index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AACvC,cAAc,oBAAoB,CAAC;AACnC,cAAc,wBAAwB,CAAC;AACvC,cAAc,yBAAyB,CAAC;AACxC,cAAc,kCAAkC,CAAC;AACjD,cAAc,wBAAwB,CAAC;AACvC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AACzC,cAAc,2BAA2B,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const tslib_1 = require("tslib");
|
|
4
|
+
tslib_1.__exportStar(require("./user-logged-in.event"), exports);
|
|
5
|
+
tslib_1.__exportStar(require("./logged-out.event"), exports);
|
|
6
|
+
tslib_1.__exportStar(require("./logged-out-all.event"), exports);
|
|
7
|
+
tslib_1.__exportStar(require("./user-registered.event"), exports);
|
|
8
|
+
tslib_1.__exportStar(require("./password-reset-requested.event"), exports);
|
|
9
|
+
tslib_1.__exportStar(require("./password-reset.event"), exports);
|
|
10
|
+
tslib_1.__exportStar(require("./two-factor-code-sent.event"), exports);
|
|
11
|
+
tslib_1.__exportStar(require("./user-2fa-verified.event"), exports);
|
|
12
|
+
tslib_1.__exportStar(require("./user-refresh-token.event"), exports);
|
|
13
|
+
tslib_1.__exportStar(require("./user-password-changed.event"), exports);
|
|
14
|
+
tslib_1.__exportStar(require("./user-2fa-enabled.event"), exports);
|
|
15
|
+
tslib_1.__exportStar(require("./user-2fa-disabled.event"), exports);
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { NestAuthUser } from "../../user/entities/user.entity";
|
|
2
|
+
export interface User2faDisabledEventPayload {
|
|
3
|
+
user: NestAuthUser;
|
|
4
|
+
}
|
|
5
|
+
export declare class User2faDisabledEvent {
|
|
6
|
+
readonly payload: User2faDisabledEventPayload;
|
|
7
|
+
constructor(payload: User2faDisabledEventPayload);
|
|
8
|
+
get user(): NestAuthUser;
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=user-2fa-disabled.event.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user-2fa-disabled.event.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/events/user-2fa-disabled.event.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAE/D,MAAM,WAAW,2BAA2B;IACxC,IAAI,EAAE,YAAY,CAAC;CACtB;AAED,qBAAa,oBAAoB;aAET,OAAO,EAAE,2BAA2B;gBAApC,OAAO,EAAE,2BAA2B;IAGxD,IAAI,IAAI,IAAI,YAAY,CAEvB;CACJ"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.User2faDisabledEvent = void 0;
|
|
4
|
+
class User2faDisabledEvent {
|
|
5
|
+
constructor(payload) {
|
|
6
|
+
this.payload = payload;
|
|
7
|
+
}
|
|
8
|
+
get user() {
|
|
9
|
+
return this.payload.user;
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
exports.User2faDisabledEvent = User2faDisabledEvent;
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { NestAuthUser } from "../../user/entities/user.entity";
|
|
2
|
+
import { MFAMethodEnum } from "../../core/interfaces/mfa-options.interface";
|
|
3
|
+
export interface User2faEnabledEventPayload {
|
|
4
|
+
user: NestAuthUser;
|
|
5
|
+
method?: MFAMethodEnum;
|
|
6
|
+
}
|
|
7
|
+
export declare class User2faEnabledEvent {
|
|
8
|
+
readonly payload: User2faEnabledEventPayload;
|
|
9
|
+
constructor(payload: User2faEnabledEventPayload);
|
|
10
|
+
get user(): NestAuthUser;
|
|
11
|
+
get method(): MFAMethodEnum | undefined;
|
|
12
|
+
}
|
|
13
|
+
//# sourceMappingURL=user-2fa-enabled.event.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user-2fa-enabled.event.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/events/user-2fa-enabled.event.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,6CAA6C,CAAC;AAE5E,MAAM,WAAW,0BAA0B;IACvC,IAAI,EAAE,YAAY,CAAC;IACnB,MAAM,CAAC,EAAE,aAAa,CAAC;CAC1B;AAED,qBAAa,mBAAmB;aAER,OAAO,EAAE,0BAA0B;gBAAnC,OAAO,EAAE,0BAA0B;IAGvD,IAAI,IAAI,IAAI,YAAY,CAEvB;IAED,IAAI,MAAM,IAAI,aAAa,GAAG,SAAS,CAEtC;CACJ"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.User2faEnabledEvent = void 0;
|
|
4
|
+
class User2faEnabledEvent {
|
|
5
|
+
constructor(payload) {
|
|
6
|
+
this.payload = payload;
|
|
7
|
+
}
|
|
8
|
+
get user() {
|
|
9
|
+
return this.payload.user;
|
|
10
|
+
}
|
|
11
|
+
get method() {
|
|
12
|
+
return this.payload.method;
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
exports.User2faEnabledEvent = User2faEnabledEvent;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { NestAuthUser } from "../../user/entities/user.entity";
|
|
2
|
+
export interface UserPasswordChangedEventPayload {
|
|
3
|
+
user: NestAuthUser;
|
|
4
|
+
initiatedBy: 'user' | 'admin';
|
|
5
|
+
}
|
|
6
|
+
export declare class UserPasswordChangedEvent {
|
|
7
|
+
readonly payload: UserPasswordChangedEventPayload;
|
|
8
|
+
constructor(payload: UserPasswordChangedEventPayload);
|
|
9
|
+
get user(): NestAuthUser;
|
|
10
|
+
get initiatedBy(): 'user' | 'admin';
|
|
11
|
+
}
|
|
12
|
+
//# sourceMappingURL=user-password-changed.event.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user-password-changed.event.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/events/user-password-changed.event.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAE/D,MAAM,WAAW,+BAA+B;IAC5C,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;CACjC;AAED,qBAAa,wBAAwB;aAEb,OAAO,EAAE,+BAA+B;gBAAxC,OAAO,EAAE,+BAA+B;IAG5D,IAAI,IAAI,IAAI,YAAY,CAEvB;IAED,IAAI,WAAW,IAAI,MAAM,GAAG,OAAO,CAElC;CACJ"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.UserPasswordChangedEvent = void 0;
|
|
4
|
+
class UserPasswordChangedEvent {
|
|
5
|
+
constructor(payload) {
|
|
6
|
+
this.payload = payload;
|
|
7
|
+
}
|
|
8
|
+
get user() {
|
|
9
|
+
return this.payload.user;
|
|
10
|
+
}
|
|
11
|
+
get initiatedBy() {
|
|
12
|
+
return this.payload.initiatedBy;
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
exports.UserPasswordChangedEvent = UserPasswordChangedEvent;
|
|
@@ -3,6 +3,7 @@ import { Reflector } from '@nestjs/core';
|
|
|
3
3
|
import { JwtService } from '../../core/services/jwt.service';
|
|
4
4
|
import { SessionManagerService } from '../../session/services/session-manager.service';
|
|
5
5
|
import { AccessKeyService } from '../../user/services/access-key.service';
|
|
6
|
+
import { AuthConfigService } from '../../core/services/auth-config.service';
|
|
6
7
|
export declare const OPTIONAL_AUTH_KEY = "optional_auth";
|
|
7
8
|
/**
|
|
8
9
|
* NestAuthAuthGuard
|
|
@@ -23,7 +24,8 @@ export declare class NestAuthAuthGuard implements CanActivate {
|
|
|
23
24
|
private jwtService;
|
|
24
25
|
private sessionManager;
|
|
25
26
|
private accessKeyService;
|
|
26
|
-
|
|
27
|
+
private authConfigService;
|
|
28
|
+
constructor(reflector: Reflector, jwtService: JwtService, sessionManager: SessionManagerService, accessKeyService: AccessKeyService, authConfigService: AuthConfigService);
|
|
27
29
|
canActivate(context: ExecutionContext): Promise<boolean>;
|
|
28
30
|
private handleJwtAuth;
|
|
29
31
|
private handleApiKeyAuth;
|
|
@@ -40,10 +42,26 @@ export declare class NestAuthAuthGuard implements CanActivate {
|
|
|
40
42
|
* Get required roles from decorator
|
|
41
43
|
*/
|
|
42
44
|
private getRequiredRoles;
|
|
45
|
+
/**
|
|
46
|
+
* Check if user has required roles
|
|
47
|
+
*/
|
|
48
|
+
/**
|
|
49
|
+
* Check if user has required roles
|
|
50
|
+
*/
|
|
51
|
+
/**
|
|
52
|
+
* Helper to resolve user roles
|
|
53
|
+
*/
|
|
54
|
+
private resolveUserRoles;
|
|
43
55
|
/**
|
|
44
56
|
* Check if user has required roles
|
|
45
57
|
*/
|
|
46
58
|
private checkRoles;
|
|
59
|
+
/**
|
|
60
|
+
* Check if user has required permissions
|
|
61
|
+
*/
|
|
62
|
+
/**
|
|
63
|
+
* Check if user has required permissions
|
|
64
|
+
*/
|
|
47
65
|
/**
|
|
48
66
|
* Check if user has required permissions
|
|
49
67
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.guard.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/guards/auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,WAAW,EAAE,gBAAgB,EAA6C,MAAM,gBAAgB,CAAC;AAEtH,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,gDAAgD,CAAC;AACvF,OAAO,EAAE,gBAAgB,EAAE,MAAM,wCAAwC,CAAC;
|
|
1
|
+
{"version":3,"file":"auth.guard.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/guards/auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,WAAW,EAAE,gBAAgB,EAA6C,MAAM,gBAAgB,CAAC;AAEtH,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,gDAAgD,CAAC;AACvF,OAAO,EAAE,gBAAgB,EAAE,MAAM,wCAAwC,CAAC;AAK1E,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AAG5E,eAAO,MAAM,iBAAiB,kBAAkB,CAAC;AAEjD;;;;;;;;;;;;;GAaG;AACH,qBACa,iBAAkB,YAAW,WAAW;IAE7C,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,UAAU;IAClB,OAAO,CAAC,cAAc;IACtB,OAAO,CAAC,gBAAgB;IACxB,OAAO,CAAC,iBAAiB;gBAJjB,SAAS,EAAE,SAAS,EACpB,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,qBAAqB,EACrC,gBAAgB,EAAE,gBAAgB,EAClC,iBAAiB,EAAE,iBAAiB;IAG1C,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;YAyFhD,aAAa;YAgFb,gBAAgB;YAqDhB,QAAQ;IA0BtB;;OAEG;YACW,kBAAkB;IA+BhC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAc9B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAcxB;;OAEG;IACH;;OAEG;IACH;;OAEG;YACW,gBAAgB;IAoB9B;;OAEG;YACW,UAAU;IAsBxB;;OAEG;IACH;;OAEG;IACH;;OAEG;YACW,gBAAgB;IAuC9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;CAiB7B"}
|