@ackplus/nest-auth 1.1.19 → 1.1.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/lib/audit/services/audit.service.d.ts +15 -0
- package/src/lib/audit/services/audit.service.d.ts.map +1 -0
- package/src/lib/audit/services/audit.service.js +143 -0
- package/src/lib/auth/controllers/auth.controller.d.ts +1 -1
- package/src/lib/auth/events/index.d.ts +13 -0
- package/src/lib/auth/events/index.d.ts.map +1 -0
- package/src/lib/auth/events/index.js +15 -0
- package/src/lib/auth/events/user-2fa-disabled.event.d.ts +10 -0
- package/src/lib/auth/events/user-2fa-disabled.event.d.ts.map +1 -0
- package/src/lib/auth/events/user-2fa-disabled.event.js +12 -0
- package/src/lib/auth/events/user-2fa-enabled.event.d.ts +13 -0
- package/src/lib/auth/events/user-2fa-enabled.event.d.ts.map +1 -0
- package/src/lib/auth/events/user-2fa-enabled.event.js +15 -0
- package/src/lib/auth/events/user-password-changed.event.d.ts +12 -0
- package/src/lib/auth/events/user-password-changed.event.d.ts.map +1 -0
- package/src/lib/auth/events/user-password-changed.event.js +15 -0
- package/src/lib/auth/guards/auth.guard.d.ts +19 -1
- package/src/lib/auth/guards/auth.guard.d.ts.map +1 -1
- package/src/lib/auth/guards/auth.guard.js +90 -17
- package/src/lib/auth/services/auth.service.d.ts +10 -6
- package/src/lib/auth/services/auth.service.d.ts.map +1 -1
- package/src/lib/auth/services/auth.service.js +148 -95
- package/src/lib/auth/services/mfa.service.d.ts +1 -1
- package/src/lib/auth/services/mfa.service.d.ts.map +1 -1
- package/src/lib/auth/services/mfa.service.js +27 -2
- package/src/lib/auth.constants.d.ts +3 -0
- package/src/lib/auth.constants.d.ts.map +1 -1
- package/src/lib/auth.constants.js +3 -0
- package/src/lib/core/interfaces/auth-module-options.interface.d.ts +2 -2
- package/src/lib/core/interfaces/auth-module-options.interface.d.ts.map +1 -1
- package/src/lib/core/services/auth-config.service.js +1 -1
- package/src/lib/nest-auth.module.d.ts.map +1 -1
- package/src/lib/nest-auth.module.js +5 -2
- package/src/lib/session/services/session-manager.service.d.ts +3 -3
- package/src/lib/session/services/session-manager.service.d.ts.map +1 -1
- package/src/lib/session/services/session-manager.service.js +27 -4
- package/src/lib/user/entities/user.entity.d.ts.map +1 -1
- package/src/lib/user/entities/user.entity.js +19 -0
- package/src/lib/user/services/user.service.d.ts +7 -7
- package/src/lib/user/services/user.service.d.ts.map +1 -1
- package/src/lib/user/services/user.service.js +47 -55
|
@@ -30,8 +30,10 @@ const debug_logger_service_1 = require("../../core/services/debug-logger.service
|
|
|
30
30
|
const moment_1 = tslib_1.__importDefault(require("moment"));
|
|
31
31
|
const auth_config_service_1 = require("../../core/services/auth-config.service");
|
|
32
32
|
const cookie_helper_1 = require("../../utils/cookie.helper");
|
|
33
|
+
const user_password_changed_event_1 = require("../events/user-password-changed.event");
|
|
34
|
+
const user_service_1 = require("../../user/services/user.service");
|
|
33
35
|
let AuthService = class AuthService {
|
|
34
|
-
constructor(userRepository, otpRepository, authProviderRegistry, mfaService, sessionManager, jwtService, eventEmitter, tenantService, debugLogger, authConfigService) {
|
|
36
|
+
constructor(userRepository, otpRepository, authProviderRegistry, mfaService, sessionManager, jwtService, eventEmitter, tenantService, debugLogger, authConfigService, userService) {
|
|
35
37
|
this.userRepository = userRepository;
|
|
36
38
|
this.otpRepository = otpRepository;
|
|
37
39
|
this.authProviderRegistry = authProviderRegistry;
|
|
@@ -42,6 +44,7 @@ let AuthService = class AuthService {
|
|
|
42
44
|
this.tenantService = tenantService;
|
|
43
45
|
this.debugLogger = debugLogger;
|
|
44
46
|
this.authConfigService = authConfigService;
|
|
47
|
+
this.userService = userService;
|
|
45
48
|
}
|
|
46
49
|
getUserWithRolesAndPermissions(userId, relations = []) {
|
|
47
50
|
return this.userRepository.findOne({
|
|
@@ -57,7 +60,13 @@ let AuthService = class AuthService {
|
|
|
57
60
|
if (!user) {
|
|
58
61
|
return null;
|
|
59
62
|
}
|
|
60
|
-
|
|
63
|
+
const fullUser = await this.getUserWithRolesAndPermissions(user.id);
|
|
64
|
+
// Apply user.serialize hook if configured
|
|
65
|
+
const config = this.authConfigService.getConfig();
|
|
66
|
+
if (config.user?.serialize) {
|
|
67
|
+
return await config.user.serialize(fullUser);
|
|
68
|
+
}
|
|
69
|
+
return fullUser;
|
|
61
70
|
}
|
|
62
71
|
async signup(input) {
|
|
63
72
|
this.debugLogger.logFunctionEntry('signup', 'AuthService', { email: input.email, phone: input.phone, hasPassword: !!input.password });
|
|
@@ -115,18 +124,20 @@ let AuthService = class AuthService {
|
|
|
115
124
|
});
|
|
116
125
|
}
|
|
117
126
|
}
|
|
118
|
-
this.debugLogger.debug('Creating new user', 'AuthService', { email: !!email, phone: !!phone, tenantId });
|
|
119
|
-
|
|
127
|
+
this.debugLogger.debug('Creating new user via UserService', 'AuthService', { email: !!email, phone: !!phone, tenantId });
|
|
128
|
+
// Use UserService to create user, which handles hooks and password hashing
|
|
129
|
+
// We pass the plain password, UserService will hash it if provided
|
|
130
|
+
let user = await this.userService.createUser({
|
|
120
131
|
email,
|
|
121
132
|
phone,
|
|
122
133
|
tenantId,
|
|
123
134
|
isVerified: false,
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
await this.userRepository.save(user);
|
|
135
|
+
password
|
|
136
|
+
}, input);
|
|
127
137
|
this.debugLogger.info('User created successfully', 'AuthService', { userId: user.id, tenantId });
|
|
128
138
|
user = await this.getUserWithRolesAndPermissions(user.id);
|
|
129
139
|
this.debugLogger.debug('Linking user to provider', 'AuthService', { userId: user.id, providerName: provider.providerName });
|
|
140
|
+
// Note: UserService might have already created the identity, but we ensure it's linked here
|
|
130
141
|
await provider.linkToUser(user.id, providerUserId);
|
|
131
142
|
this.debugLogger.debug('Creating session for new user', 'AuthService', { userId: user.id });
|
|
132
143
|
const session = await this.sessionManager.createSessionFromUser(user);
|
|
@@ -159,6 +170,7 @@ let AuthService = class AuthService {
|
|
|
159
170
|
}
|
|
160
171
|
catch (error) {
|
|
161
172
|
this.debugLogger.logError(error, 'signup', { email: input.email, phone: input.phone });
|
|
173
|
+
this.handleError(error, 'signup');
|
|
162
174
|
throw error;
|
|
163
175
|
}
|
|
164
176
|
}
|
|
@@ -166,89 +178,100 @@ let AuthService = class AuthService {
|
|
|
166
178
|
const { credentials, providerName, createUserIfNotExists = false } = input;
|
|
167
179
|
this.debugLogger.logFunctionEntry('login', 'AuthService', { providerName, createUserIfNotExists });
|
|
168
180
|
let { tenantId = null } = input;
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
message: 'Invalid authentication providerName or provider is not enabled',
|
|
176
|
-
code: auth_constants_1.ERROR_CODES.INVALID_PROVIDER,
|
|
177
|
-
});
|
|
178
|
-
}
|
|
179
|
-
const requiredFields = provider.getRequiredFields();
|
|
180
|
-
if (!requiredFields.every(field => credentials[field])) {
|
|
181
|
-
throw new common_1.BadRequestException({
|
|
182
|
-
message: `Missing ${requiredFields.join(', ')} required fields`,
|
|
183
|
-
code: auth_constants_1.ERROR_CODES.MISSING_REQUIRED_FIELDS,
|
|
184
|
-
});
|
|
185
|
-
}
|
|
186
|
-
const authProviderUser = await provider.validate(credentials);
|
|
187
|
-
const identity = await provider.findIdentity(authProviderUser.userId);
|
|
188
|
-
let user = identity?.user || null;
|
|
189
|
-
if (!user) {
|
|
190
|
-
if (!createUserIfNotExists) {
|
|
181
|
+
try {
|
|
182
|
+
// Resolve tenant ID - use provided or default
|
|
183
|
+
tenantId = await this.tenantService.resolveTenantId(tenantId);
|
|
184
|
+
this.debugLogger.logAuthOperation('login', providerName, undefined, { resolvedTenantId: tenantId, createUserIfNotExists });
|
|
185
|
+
const provider = this.authProviderRegistry.getProvider(providerName);
|
|
186
|
+
if (!provider) {
|
|
191
187
|
throw new common_1.UnauthorizedException({
|
|
192
|
-
message: 'Invalid
|
|
193
|
-
code: auth_constants_1.ERROR_CODES.
|
|
188
|
+
message: 'Invalid authentication providerName or provider is not enabled',
|
|
189
|
+
code: auth_constants_1.ERROR_CODES.INVALID_PROVIDER,
|
|
194
190
|
});
|
|
195
191
|
}
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
const trustCookieName = auth_config_service_1.AuthConfigService.getOptions().mfa?.trustDeviceStorageName || auth_constants_1.NEST_AUTH_TRUST_DEVICE_KEY;
|
|
212
|
-
const req = request_context_1.RequestContext.currentRequest();
|
|
213
|
-
let trustToken = cookie_helper_1.CookieHelper.get(req, trustCookieName);
|
|
214
|
-
// If not in cookie, check header
|
|
215
|
-
if (!trustToken) {
|
|
216
|
-
trustToken = req.headers[trustCookieName];
|
|
217
|
-
}
|
|
218
|
-
if (trustToken) {
|
|
219
|
-
const isTrusted = await this.mfaService.validateTrustedDevice(user.id, trustToken);
|
|
220
|
-
if (isTrusted) {
|
|
221
|
-
isRequiresMfa = false;
|
|
222
|
-
// Update session to indicate MFA is verified by trust
|
|
223
|
-
session = await this.sessionManager.updateSession(session.id, {
|
|
224
|
-
data: { ...session.data, isMfaVerified: true }
|
|
192
|
+
const requiredFields = provider.getRequiredFields();
|
|
193
|
+
if (!requiredFields.every(field => credentials[field])) {
|
|
194
|
+
throw new common_1.BadRequestException({
|
|
195
|
+
message: `Missing ${requiredFields.join(', ')} required fields`,
|
|
196
|
+
code: auth_constants_1.ERROR_CODES.MISSING_REQUIRED_FIELDS,
|
|
197
|
+
});
|
|
198
|
+
}
|
|
199
|
+
const authProviderUser = await provider.validate(credentials);
|
|
200
|
+
const identity = await provider.findIdentity(authProviderUser.userId);
|
|
201
|
+
let user = identity?.user || null;
|
|
202
|
+
if (!user) {
|
|
203
|
+
if (!createUserIfNotExists) {
|
|
204
|
+
throw new common_1.UnauthorizedException({
|
|
205
|
+
message: 'Invalid credentials',
|
|
206
|
+
code: auth_constants_1.ERROR_CODES.INVALID_CREDENTIALS,
|
|
225
207
|
});
|
|
226
208
|
}
|
|
209
|
+
// Create new user if not exists and link to provider
|
|
210
|
+
user = await this.handleSocialLogin(provider, authProviderUser, tenantId);
|
|
211
|
+
}
|
|
212
|
+
if (user.isActive === false) {
|
|
213
|
+
throw new common_1.UnauthorizedException({
|
|
214
|
+
message: 'Your account is suspended, please contact support',
|
|
215
|
+
code: auth_constants_1.ERROR_CODES.ACCOUNT_INACTIVE,
|
|
216
|
+
});
|
|
227
217
|
}
|
|
218
|
+
user = await this.getUserWithRolesAndPermissions(user.id);
|
|
219
|
+
let isRequiresMfa = await this.mfaService.isRequiresMfa(user.id);
|
|
220
|
+
user.isMfaEnabled = isRequiresMfa;
|
|
221
|
+
let session = await this.sessionManager.createSessionFromUser(user);
|
|
222
|
+
// Check for trusted device cookie or header if MFA is required
|
|
223
|
+
if (isRequiresMfa) {
|
|
224
|
+
// Set Mfa enbale if requred for all user, set in properly in session
|
|
225
|
+
await this.sessionManager.updateSession(session.id, {
|
|
226
|
+
data: { ...session.data, isMfaEnabled: true }
|
|
227
|
+
});
|
|
228
|
+
const trustCookieName = auth_config_service_1.AuthConfigService.getOptions().mfa?.trustDeviceStorageName || auth_constants_1.NEST_AUTH_TRUST_DEVICE_KEY;
|
|
229
|
+
const req = request_context_1.RequestContext.currentRequest();
|
|
230
|
+
let trustToken = cookie_helper_1.CookieHelper.get(req, trustCookieName);
|
|
231
|
+
// If not in cookie, check header
|
|
232
|
+
if (!trustToken) {
|
|
233
|
+
trustToken = req.headers[trustCookieName];
|
|
234
|
+
}
|
|
235
|
+
if (trustToken) {
|
|
236
|
+
const isTrusted = await this.mfaService.validateTrustedDevice(user.id, trustToken);
|
|
237
|
+
if (isTrusted) {
|
|
238
|
+
isRequiresMfa = false;
|
|
239
|
+
// Update session to indicate MFA is verified by trust
|
|
240
|
+
session = await this.sessionManager.updateSession(session.id, {
|
|
241
|
+
data: { ...session.data, isMfaVerified: true }
|
|
242
|
+
});
|
|
243
|
+
}
|
|
244
|
+
}
|
|
245
|
+
}
|
|
246
|
+
const tokens = await this.generateTokensFromSession(session);
|
|
247
|
+
// Emit login event
|
|
248
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.LOGGED_IN, new user_logged_in_event_1.UserLoggedInEvent({
|
|
249
|
+
user,
|
|
250
|
+
tenantId: user.tenantId,
|
|
251
|
+
input,
|
|
252
|
+
provider,
|
|
253
|
+
session,
|
|
254
|
+
tokens,
|
|
255
|
+
isRequiresMfa
|
|
256
|
+
}));
|
|
257
|
+
// Build default response
|
|
258
|
+
let response = {
|
|
259
|
+
accessToken: tokens.accessToken,
|
|
260
|
+
refreshToken: tokens.refreshToken,
|
|
261
|
+
isRequiresMfa: isRequiresMfa,
|
|
262
|
+
};
|
|
263
|
+
// Apply auth.transformResponse hook if configured
|
|
264
|
+
const config = this.authConfigService.getConfig();
|
|
265
|
+
if (config.auth?.transformResponse) {
|
|
266
|
+
response = await config.auth.transformResponse(response, user, session);
|
|
267
|
+
}
|
|
268
|
+
return response;
|
|
228
269
|
}
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
tenantId: user.tenantId,
|
|
234
|
-
input,
|
|
235
|
-
provider,
|
|
236
|
-
session,
|
|
237
|
-
tokens,
|
|
238
|
-
isRequiresMfa
|
|
239
|
-
}));
|
|
240
|
-
// Build default response
|
|
241
|
-
let response = {
|
|
242
|
-
accessToken: tokens.accessToken,
|
|
243
|
-
refreshToken: tokens.refreshToken,
|
|
244
|
-
isRequiresMfa: isRequiresMfa,
|
|
245
|
-
};
|
|
246
|
-
// Apply auth.transformResponse hook if configured
|
|
247
|
-
const config = this.authConfigService.getConfig();
|
|
248
|
-
if (config.auth?.transformResponse) {
|
|
249
|
-
response = await config.auth.transformResponse(response, user, session);
|
|
270
|
+
catch (error) {
|
|
271
|
+
this.debugLogger.logError(error, 'login', { providerName, createUserIfNotExists });
|
|
272
|
+
this.handleError(error, 'login');
|
|
273
|
+
throw error;
|
|
250
274
|
}
|
|
251
|
-
return response;
|
|
252
275
|
}
|
|
253
276
|
async verify2fa(input) {
|
|
254
277
|
this.debugLogger.logFunctionEntry('verify2fa', 'AuthService', { method: input.method });
|
|
@@ -289,7 +312,7 @@ let AuthService = class AuthService {
|
|
|
289
312
|
// Emit 2FA verified event
|
|
290
313
|
this.debugLogger.debug('Emitting 2FA verified event', 'AuthService', { userId: user.id });
|
|
291
314
|
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.TWO_FACTOR_VERIFIED, new user_2fa_verified_event_1.User2faVerifiedEvent({
|
|
292
|
-
user,
|
|
315
|
+
user: user,
|
|
293
316
|
tenantId: user.tenantId,
|
|
294
317
|
input,
|
|
295
318
|
session,
|
|
@@ -304,6 +327,7 @@ let AuthService = class AuthService {
|
|
|
304
327
|
}
|
|
305
328
|
catch (error) {
|
|
306
329
|
this.debugLogger.logError(error, 'verify2fa', { method: input.method });
|
|
330
|
+
this.handleError(error, 'mfa');
|
|
307
331
|
throw error;
|
|
308
332
|
}
|
|
309
333
|
}
|
|
@@ -385,6 +409,7 @@ let AuthService = class AuthService {
|
|
|
385
409
|
}
|
|
386
410
|
catch (error) {
|
|
387
411
|
this.debugLogger.logError(error, 'refreshToken', { hasRefreshToken: !!refreshToken });
|
|
412
|
+
this.handleError(error, 'refresh');
|
|
388
413
|
throw error;
|
|
389
414
|
}
|
|
390
415
|
}
|
|
@@ -427,6 +452,10 @@ let AuthService = class AuthService {
|
|
|
427
452
|
const session = await this.sessionManager.createSessionFromUser(hydratedUser);
|
|
428
453
|
const tokens = await this.generateTokensFromSession(session);
|
|
429
454
|
const isRequiresMfa = await this.mfaService.isRequiresMfa(user.id);
|
|
455
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.PASSWORD_CHANGED, new user_password_changed_event_1.UserPasswordChangedEvent({
|
|
456
|
+
user,
|
|
457
|
+
initiatedBy: 'user'
|
|
458
|
+
}));
|
|
430
459
|
this.debugLogger.logFunctionExit('changePassword', 'AuthService', { userId: user.id });
|
|
431
460
|
return {
|
|
432
461
|
accessToken: tokens.accessToken,
|
|
@@ -436,6 +465,7 @@ let AuthService = class AuthService {
|
|
|
436
465
|
}
|
|
437
466
|
catch (error) {
|
|
438
467
|
this.debugLogger.logError(error, 'changePassword');
|
|
468
|
+
this.handleError(error, 'password_change');
|
|
439
469
|
throw error;
|
|
440
470
|
}
|
|
441
471
|
}
|
|
@@ -508,6 +538,7 @@ let AuthService = class AuthService {
|
|
|
508
538
|
}
|
|
509
539
|
catch (error) {
|
|
510
540
|
this.debugLogger.logError(error, 'forgotPassword', { email: input.email, phone: input.phone });
|
|
541
|
+
this.handleError(error, 'password_reset');
|
|
511
542
|
throw error;
|
|
512
543
|
}
|
|
513
544
|
}
|
|
@@ -584,6 +615,7 @@ let AuthService = class AuthService {
|
|
|
584
615
|
}
|
|
585
616
|
catch (error) {
|
|
586
617
|
this.debugLogger.logError(error, 'verifyForgotPasswordOtp', { email: input.email, phone: input.phone });
|
|
618
|
+
this.handleError(error, 'password_reset');
|
|
587
619
|
throw error;
|
|
588
620
|
}
|
|
589
621
|
}
|
|
@@ -646,6 +678,7 @@ let AuthService = class AuthService {
|
|
|
646
678
|
}
|
|
647
679
|
catch (error) {
|
|
648
680
|
this.debugLogger.logError(error, 'resetPassword', { email: input.email, phone: input.phone });
|
|
681
|
+
this.handleError(error, 'password_reset');
|
|
649
682
|
throw error;
|
|
650
683
|
}
|
|
651
684
|
}
|
|
@@ -703,6 +736,7 @@ let AuthService = class AuthService {
|
|
|
703
736
|
}
|
|
704
737
|
catch (error) {
|
|
705
738
|
this.debugLogger.logError(error, 'resetPasswordWithToken');
|
|
739
|
+
this.handleError(error, 'password_reset');
|
|
706
740
|
throw error;
|
|
707
741
|
}
|
|
708
742
|
}
|
|
@@ -711,7 +745,7 @@ let AuthService = class AuthService {
|
|
|
711
745
|
const user = await this.getUser();
|
|
712
746
|
// Emit logout event
|
|
713
747
|
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.LOGGED_OUT, new logged_out_event_1.LoggedOutEvent({
|
|
714
|
-
user,
|
|
748
|
+
user: user,
|
|
715
749
|
tenantId: user?.tenantId,
|
|
716
750
|
session,
|
|
717
751
|
logoutType,
|
|
@@ -732,16 +766,18 @@ let AuthService = class AuthService {
|
|
|
732
766
|
}
|
|
733
767
|
const sessions = await this.sessionManager.getUserSessions(userId);
|
|
734
768
|
await this.sessionManager.revokeAllUserSessions(userId);
|
|
735
|
-
const user = await this.
|
|
736
|
-
|
|
737
|
-
|
|
738
|
-
|
|
739
|
-
|
|
740
|
-
|
|
741
|
-
|
|
742
|
-
|
|
743
|
-
|
|
744
|
-
|
|
769
|
+
const user = await this.userRepository.findOne({ where: { id: userId } });
|
|
770
|
+
if (user) {
|
|
771
|
+
// Emit logout event
|
|
772
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.LOGGED_OUT_ALL, new logged_out_all_event_1.LoggedOutAllEvent({
|
|
773
|
+
user,
|
|
774
|
+
tenantId: user.tenantId,
|
|
775
|
+
logoutType,
|
|
776
|
+
reason,
|
|
777
|
+
currentSessionId: session.id,
|
|
778
|
+
sessions,
|
|
779
|
+
}));
|
|
780
|
+
}
|
|
745
781
|
return true;
|
|
746
782
|
}
|
|
747
783
|
async sendEmailVerification(input) {
|
|
@@ -789,6 +825,7 @@ let AuthService = class AuthService {
|
|
|
789
825
|
}
|
|
790
826
|
catch (error) {
|
|
791
827
|
this.debugLogger.logError(error, 'sendEmailVerification');
|
|
828
|
+
this.handleError(error, 'signup'); // Assuming email verification is part of signup flow or user profile management
|
|
792
829
|
throw error;
|
|
793
830
|
}
|
|
794
831
|
}
|
|
@@ -853,6 +890,7 @@ let AuthService = class AuthService {
|
|
|
853
890
|
}
|
|
854
891
|
catch (error) {
|
|
855
892
|
this.debugLogger.logError(error, 'verifyEmail');
|
|
893
|
+
this.handleError(error, 'signup'); // Assuming email verification is part of signup flow or user profile management
|
|
856
894
|
throw error;
|
|
857
895
|
}
|
|
858
896
|
}
|
|
@@ -877,6 +915,20 @@ let AuthService = class AuthService {
|
|
|
877
915
|
}
|
|
878
916
|
return payload;
|
|
879
917
|
}
|
|
918
|
+
/**
|
|
919
|
+
* Handle errors using the errorHandler hook if configured
|
|
920
|
+
*/
|
|
921
|
+
handleError(error, context) {
|
|
922
|
+
const config = this.authConfigService.getConfig();
|
|
923
|
+
if (config.errorHandler) {
|
|
924
|
+
// The hook can throw a new error or return a modified one
|
|
925
|
+
// If it returns, we throw that. If it throws, it propagates.
|
|
926
|
+
const result = config.errorHandler(error, context);
|
|
927
|
+
if (result) {
|
|
928
|
+
throw result;
|
|
929
|
+
}
|
|
930
|
+
}
|
|
931
|
+
}
|
|
880
932
|
async generateTokensFromSession(session) {
|
|
881
933
|
const payload = await this.generateTokensPayload(session);
|
|
882
934
|
const tokens = await this.jwtService.generateTokens(payload);
|
|
@@ -897,5 +949,6 @@ exports.AuthService = AuthService = tslib_1.__decorate([
|
|
|
897
949
|
event_emitter_1.EventEmitter2,
|
|
898
950
|
tenant_service_1.TenantService,
|
|
899
951
|
debug_logger_service_1.DebugLoggerService,
|
|
900
|
-
auth_config_service_1.AuthConfigService
|
|
952
|
+
auth_config_service_1.AuthConfigService,
|
|
953
|
+
user_service_1.UserService])
|
|
901
954
|
], AuthService);
|
|
@@ -11,8 +11,8 @@ export declare class MfaService {
|
|
|
11
11
|
private otpRepository;
|
|
12
12
|
private trustedDeviceRepository;
|
|
13
13
|
private eventEmitter;
|
|
14
|
-
mfaConfig: MFAOptions;
|
|
15
14
|
constructor(mfaSecretRepository: Repository<NestAuthMFASecret>, userRepository: Repository<NestAuthUser>, otpRepository: Repository<NestAuthOTP>, trustedDeviceRepository: Repository<NestAuthTrustedDevice>, eventEmitter: EventEmitter2);
|
|
15
|
+
get mfaConfig(): MFAOptions;
|
|
16
16
|
requireMfaEnabledForApp(throwError?: boolean): boolean;
|
|
17
17
|
private checkIsMfaEnabledForApp;
|
|
18
18
|
getVerifiedMethods(userId: string): Promise<MFAMethodEnum[]>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mfa.service.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/services/mfa.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAY,UAAU,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAG1E,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,6CAA6C,CAAC;AAKxF,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAK7D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;
|
|
1
|
+
{"version":3,"file":"mfa.service.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/services/mfa.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAY,UAAU,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAG1E,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,6CAA6C,CAAC;AAKxF,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAK7D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAM1E,qBACa,UAAU;IAIf,OAAO,CAAC,mBAAmB;IAG3B,OAAO,CAAC,cAAc;IAGtB,OAAO,CAAC,aAAa;IAGrB,OAAO,CAAC,uBAAuB;IAE/B,OAAO,CAAC,YAAY;gBAXZ,mBAAmB,EAAE,UAAU,CAAC,iBAAiB,CAAC,EAGlD,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC,EAGxC,aAAa,EAAE,UAAU,CAAC,WAAW,CAAC,EAGtC,uBAAuB,EAAE,UAAU,CAAC,qBAAqB,CAAC,EAE1D,YAAY,EAAE,aAAa;IAGvC,IAAI,SAAS,IAAI,UAAU,CAE1B;IAED,uBAAuB,CAAC,UAAU,GAAE,OAAc;IAalD,OAAO,CAAC,uBAAuB;IAIzB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAiC5D,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAmC3D,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAyDpE,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAwDpF,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAqBjG,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA6BnF,cAAc,CAAC,MAAM,EAAE,MAAM;;;;;;;;IAmB7B,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAM7C,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAgB/C,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAW9C,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ/D,SAAS,CAAC,MAAM,EAAE,MAAM;IAgCxB,UAAU,CAAC,MAAM,EAAE,MAAM;IAsBzB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMjD,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAUrD,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IA6B1E,mBAAmB,IAAI,aAAa,EAAE;IAOhC,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAajD,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAkB1F,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAiB/E"}
|
|
@@ -20,6 +20,8 @@ const event_emitter_1 = require("@nestjs/event-emitter");
|
|
|
20
20
|
const two_factor_code_sent_event_1 = require("../events/two-factor-code-sent.event");
|
|
21
21
|
const trusted_device_entity_1 = require("../entities/trusted-device.entity");
|
|
22
22
|
const crypto_1 = require("crypto");
|
|
23
|
+
const user_2fa_enabled_event_1 = require("../events/user-2fa-enabled.event");
|
|
24
|
+
const user_2fa_disabled_event_1 = require("../events/user-2fa-disabled.event");
|
|
23
25
|
let MfaService = class MfaService {
|
|
24
26
|
constructor(mfaSecretRepository, userRepository, otpRepository, trustedDeviceRepository, eventEmitter) {
|
|
25
27
|
this.mfaSecretRepository = mfaSecretRepository;
|
|
@@ -27,7 +29,9 @@ let MfaService = class MfaService {
|
|
|
27
29
|
this.otpRepository = otpRepository;
|
|
28
30
|
this.trustedDeviceRepository = trustedDeviceRepository;
|
|
29
31
|
this.eventEmitter = eventEmitter;
|
|
30
|
-
|
|
32
|
+
}
|
|
33
|
+
get mfaConfig() {
|
|
34
|
+
return auth_config_service_1.AuthConfigService.getOptions().mfa || {};
|
|
31
35
|
}
|
|
32
36
|
requireMfaEnabledForApp(throwError = true) {
|
|
33
37
|
if (!this.mfaConfig.enabled) {
|
|
@@ -98,7 +102,15 @@ let MfaService = class MfaService {
|
|
|
98
102
|
}
|
|
99
103
|
async sendMfaCode(userId, method) {
|
|
100
104
|
this.requireMfaEnabledForApp(true);
|
|
101
|
-
const
|
|
105
|
+
const options = auth_config_service_1.AuthConfigService.getOptions();
|
|
106
|
+
let code;
|
|
107
|
+
// Apply otp.generate hook if configured
|
|
108
|
+
if (options.otp?.generate) {
|
|
109
|
+
code = await options.otp.generate(this.mfaConfig.otpLength);
|
|
110
|
+
}
|
|
111
|
+
else {
|
|
112
|
+
code = (0, otp_1.generateOtp)(this.mfaConfig.otpLength);
|
|
113
|
+
}
|
|
102
114
|
let expiresAtMs;
|
|
103
115
|
if (typeof this.mfaConfig.otpExpiresIn === 'string') {
|
|
104
116
|
expiresAtMs = (0, ms_1.default)(this.mfaConfig.otpExpiresIn); // example: '15m', '1h', '1d'
|
|
@@ -278,6 +290,13 @@ let MfaService = class MfaService {
|
|
|
278
290
|
});
|
|
279
291
|
}
|
|
280
292
|
await this.userRepository.update(userId, { isMfaEnabled: true });
|
|
293
|
+
const user = await this.userRepository.findOne({ where: { id: userId } });
|
|
294
|
+
if (user) {
|
|
295
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.TWO_FACTOR_ENABLED, new user_2fa_enabled_event_1.User2faEnabledEvent({
|
|
296
|
+
user,
|
|
297
|
+
method: verifiedMethods[0] // Default to first verified method
|
|
298
|
+
}));
|
|
299
|
+
}
|
|
281
300
|
}
|
|
282
301
|
async disableMFA(userId) {
|
|
283
302
|
this.checkIsMfaEnabledForApp(true);
|
|
@@ -288,6 +307,12 @@ let MfaService = class MfaService {
|
|
|
288
307
|
});
|
|
289
308
|
}
|
|
290
309
|
await this.userRepository.update(userId, { isMfaEnabled: false });
|
|
310
|
+
const user = await this.userRepository.findOne({ where: { id: userId } });
|
|
311
|
+
if (user) {
|
|
312
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.TWO_FACTOR_DISABLED, new user_2fa_disabled_event_1.User2faDisabledEvent({
|
|
313
|
+
user
|
|
314
|
+
}));
|
|
315
|
+
}
|
|
291
316
|
}
|
|
292
317
|
async removeTotpDevice(deviceId) {
|
|
293
318
|
this.checkIsMfaEnabledForApp(true);
|
|
@@ -201,6 +201,9 @@ export declare const NestAuthEvents: {
|
|
|
201
201
|
readonly PASSWORD_RESET: "nest_auth.password_reset";
|
|
202
202
|
readonly LOGGED_OUT: "nest_auth.logged_out";
|
|
203
203
|
readonly LOGGED_OUT_ALL: "nest_auth.logged_out_all";
|
|
204
|
+
readonly PASSWORD_CHANGED: "nest_auth.password_changed";
|
|
205
|
+
readonly TWO_FACTOR_ENABLED: "nest_auth.two_factor_enabled";
|
|
206
|
+
readonly TWO_FACTOR_DISABLED: "nest_auth.two_factor_disabled";
|
|
204
207
|
readonly USER_CREATED: "nest_auth.user.created";
|
|
205
208
|
readonly USER_UPDATED: "nest_auth.user.updated";
|
|
206
209
|
readonly USER_DELETED: "nest_auth.user.deleted";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.constants.d.ts","sourceRoot":"","sources":["../../../../../packages/nest-auth/src/lib/auth.constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,mBAAmB,kCAAkC,CAAC;AACnE,eAAO,MAAM,gCAAgC,qCAAqC,CAAC;AAInF,eAAO,MAAM,iBAAiB,QAAQ,CAAC;AACvC,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C,eAAO,MAAM,sBAAsB,aAAa,CAAC;AACjD,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAQ3C,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;CAqCnB,CAAC;AAGX,eAAO,MAAM,eAAe;;;;;;;;;;;CAWlB,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;;CAKtB,CAAC;AAGX,eAAO,MAAM,iBAAiB;;;;;;;;;;CAUpB,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;;;CAMtB,CAAC;AAGX,eAAO,MAAM,sBAAsB;;;;;;;CAOzB,CAAC;AAGX,eAAO,MAAM,eAAe;;;;;CAKlB,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;;CAMnB,CAAC;AAGX,eAAO,MAAM,kBAAkB;;;;CAIrB,CAAC;AAGX,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUd,CAAC;AAGX,MAAM,MAAM,SAAS,GAAG,OAAO,WAAW,CAAC,MAAM,OAAO,WAAW,CAAC,CAAC;AAKrE,yDAAyD;AACzD,eAAO,MAAM,6BAA6B,kBAAkC,CAAC;AAC7E,uDAAuD;AACvD,eAAO,MAAM,2BAA2B,gBAAiC,CAAC;AAC1E,2DAA2D;AAC3D,eAAO,MAAM,0BAA0B,oBAAmC,CAAC;AAC3E,gEAAgE;AAChE,eAAO,MAAM,oCAAoC,yBAAyC,CAAC;AAC3F,4DAA4D;AAC5D,eAAO,MAAM,uBAAuB,qBAAwC,CAAC;AAC7E,2DAA2D;AAC3D,eAAO,MAAM,qBAAqB,oBAAoC,CAAC;AACvE,gEAAgE;AAChE,eAAO,MAAM,qBAAqB,yBAAyC,CAAC;AAC5E,gEAAgE;AAChE,eAAO,MAAM,qBAAqB,yBAAyC,CAAC;AAI5E,eAAO,MAAM,wBAAwB,gBAAgB,CAAC;AACtD,eAAO,MAAM,yBAAyB,iBAAiB,CAAC;AAExD,eAAO,MAAM,0BAA0B,2BAA2B,CAAC;AAGnE,eAAO,MAAM,kBAAkB,QAAQ,CAAC;AAGxC,eAAO,MAAM,cAAc
|
|
1
|
+
{"version":3,"file":"auth.constants.d.ts","sourceRoot":"","sources":["../../../../../packages/nest-auth/src/lib/auth.constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,mBAAmB,kCAAkC,CAAC;AACnE,eAAO,MAAM,gCAAgC,qCAAqC,CAAC;AAInF,eAAO,MAAM,iBAAiB,QAAQ,CAAC;AACvC,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C,eAAO,MAAM,sBAAsB,aAAa,CAAC;AACjD,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAQ3C,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;CAqCnB,CAAC;AAGX,eAAO,MAAM,eAAe;;;;;;;;;;;CAWlB,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;;CAKtB,CAAC;AAGX,eAAO,MAAM,iBAAiB;;;;;;;;;;CAUpB,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;;;CAMtB,CAAC;AAGX,eAAO,MAAM,sBAAsB;;;;;;;CAOzB,CAAC;AAGX,eAAO,MAAM,eAAe;;;;;CAKlB,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;;CAMnB,CAAC;AAGX,eAAO,MAAM,kBAAkB;;;;CAIrB,CAAC;AAGX,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUd,CAAC;AAGX,MAAM,MAAM,SAAS,GAAG,OAAO,WAAW,CAAC,MAAM,OAAO,WAAW,CAAC,CAAC;AAKrE,yDAAyD;AACzD,eAAO,MAAM,6BAA6B,kBAAkC,CAAC;AAC7E,uDAAuD;AACvD,eAAO,MAAM,2BAA2B,gBAAiC,CAAC;AAC1E,2DAA2D;AAC3D,eAAO,MAAM,0BAA0B,oBAAmC,CAAC;AAC3E,gEAAgE;AAChE,eAAO,MAAM,oCAAoC,yBAAyC,CAAC;AAC3F,4DAA4D;AAC5D,eAAO,MAAM,uBAAuB,qBAAwC,CAAC;AAC7E,2DAA2D;AAC3D,eAAO,MAAM,qBAAqB,oBAAoC,CAAC;AACvE,gEAAgE;AAChE,eAAO,MAAM,qBAAqB,yBAAyC,CAAC;AAC5E,gEAAgE;AAChE,eAAO,MAAM,qBAAqB,yBAAyC,CAAC;AAI5E,eAAO,MAAM,wBAAwB,gBAAgB,CAAC;AACtD,eAAO,MAAM,yBAAyB,iBAAiB,CAAC;AAExD,eAAO,MAAM,0BAA0B,2BAA2B,CAAC;AAGnE,eAAO,MAAM,kBAAkB,QAAQ,CAAC;AAGxC,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;CAgCjB,CAAC"}
|
|
@@ -169,6 +169,9 @@ exports.NestAuthEvents = {
|
|
|
169
169
|
PASSWORD_RESET: 'nest_auth.password_reset',
|
|
170
170
|
LOGGED_OUT: 'nest_auth.logged_out',
|
|
171
171
|
LOGGED_OUT_ALL: 'nest_auth.logged_out_all',
|
|
172
|
+
PASSWORD_CHANGED: 'nest_auth.password_changed',
|
|
173
|
+
TWO_FACTOR_ENABLED: 'nest_auth.two_factor_enabled',
|
|
174
|
+
TWO_FACTOR_DISABLED: 'nest_auth.two_factor_disabled',
|
|
172
175
|
// User events
|
|
173
176
|
USER_CREATED: 'nest_auth.user.created',
|
|
174
177
|
USER_UPDATED: 'nest_auth.user.updated',
|
|
@@ -119,7 +119,7 @@ export interface PasswordHooks {
|
|
|
119
119
|
*/
|
|
120
120
|
export interface OtpOptions {
|
|
121
121
|
/** Custom OTP generation function */
|
|
122
|
-
generate?: () => string
|
|
122
|
+
generate?: (length?: number) => string | Promise<string>;
|
|
123
123
|
/** OTP length (default: 6) */
|
|
124
124
|
length?: number;
|
|
125
125
|
/** OTP format */
|
|
@@ -314,7 +314,7 @@ export interface AuthModuleOptions {
|
|
|
314
314
|
* Custom error handling
|
|
315
315
|
* Transform errors before sending to client
|
|
316
316
|
*/
|
|
317
|
-
errorHandler?: (error: Error, context: 'login' | 'signup' | 'refresh' | 'mfa' | 'password_reset') => any;
|
|
317
|
+
errorHandler?: (error: Error, context: 'login' | 'signup' | 'refresh' | 'mfa' | 'password_reset' | 'password_change') => any;
|
|
318
318
|
}
|
|
319
319
|
export interface AdminConsoleOptions {
|
|
320
320
|
/** Enable or disable the embedded admin console (default: true) */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-module-options.interface.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/core/interfaces/auth-module-options.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAG5E;;;;;;;GAOG;AACH,MAAM,WAAW,oBAAoB;IACjC,iCAAiC;IACjC,IAAI,EAAE,MAAM,CAAC;IAEb;;;;OAIG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,2BAA2B;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,wBAAwB;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,+BAA+B;IAC5C,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,QAAQ,GAAG,UAAU,GAAG,UAAU,CAAC;IACtE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACrD;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACtB;;;;;;;;;;;OAWG;IACH,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,GAAG,KAAK,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAEvH;;;OAGG;IACH,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAE3D;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC;IAE1D,8CAA8C;IAC9C,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACtB;;;;;;;;;;;;OAYG;IACH,iBAAiB,CAAC,EAAE,CAChB,QAAQ,EAAE,GAAG,EACb,IAAI,EAAE,YAAY,EAClB,OAAO,EAAE,cAAc,KACtB,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC1B,kDAAkD;IAClD,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7C,mCAAmC;IACnC,MAAM,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9D,iCAAiC;IACjC,QAAQ,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CAC1E;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACvB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"auth-module-options.interface.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/core/interfaces/auth-module-options.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAG5E;;;;;;;GAOG;AACH,MAAM,WAAW,oBAAoB;IACjC,iCAAiC;IACjC,IAAI,EAAE,MAAM,CAAC;IAEb;;;;OAIG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,2BAA2B;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,wBAAwB;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,+BAA+B;IAC5C,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,QAAQ,GAAG,UAAU,GAAG,UAAU,CAAC;IACtE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACrD;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACtB;;;;;;;;;;;OAWG;IACH,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,GAAG,KAAK,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAEvH;;;OAGG;IACH,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAE3D;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC;IAE1D,8CAA8C;IAC9C,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACtB;;;;;;;;;;;;OAYG;IACH,iBAAiB,CAAC,EAAE,CAChB,QAAQ,EAAE,GAAG,EACb,IAAI,EAAE,YAAY,EAClB,OAAO,EAAE,cAAc,KACtB,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC1B,kDAAkD;IAClD,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7C,mCAAmC;IACnC,MAAM,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9D,iCAAiC;IACjC,QAAQ,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CAC1E;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACvB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,KAAK,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,8BAA8B;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iBAAiB;IACjB,MAAM,CAAC,EAAE,SAAS,GAAG,cAAc,CAAC;CACvC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACvB;;;OAGG;IACH,UAAU,CAAC,EAAE,CACT,OAAO,EAAE,GAAG,EACZ,OAAO,EAAE,eAAe,KACvB,OAAO,CAAC,IAAI,GAAG;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAE1D,yBAAyB;IACzB,SAAS,CAAC,EAAE,CACR,OAAO,EAAE,GAAG,EACZ,IAAI,EAAE,YAAY,EAClB,OAAO,EAAE,cAAc,KACtB,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAC/B,6BAA6B;IAC7B,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACzD,mCAAmC;IACnC,kBAAkB,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;CACnF;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC3B,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,iBAAiB,GAAG,YAAY,GAAG,gBAAgB,CAAC;IAC1F,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC/B,SAAS,EAAE,IAAI,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IACzB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,gCAAgC;IAChC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC7D;AAED,MAAM,WAAW,iBAAiB;IAC9B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB;;;;;OAKG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,eAAe,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IACtC,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,GAAG,EAAE;QACD,MAAM,EAAE,MAAM,CAAC;QACf,oBAAoB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QACvC,qBAAqB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QACxC,iEAAiE;QACjE,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,cAAc,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KAC3F,CAAC;IACF,MAAM,CAAC,EAAE;QACL,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,QAAQ,CAAC,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,KAAK,CAAC,EAAE;QACJ,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,WAAW,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,MAAM,CAAC,EAAE;QACL,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,SAAS,CAAC,EAAE;QACR,OAAO,EAAE,OAAO,CAAC;KACpB,CAAC;IACF,SAAS,CAAC,EAAE;QACR,OAAO,EAAE,OAAO,CAAC;KACpB,CAAC;IACF;;;OAGG;IACH,YAAY,CAAC,EAAE;QACX,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,iBAAiB,CAAC,EAAE,OAAO,CAAC;QAC5B,oBAAoB,CAAC,EAAE,KAAK,CAAC,+BAA+B,CAAC,CAAC;KACjE,CAAC;IACF;;;OAGG;IACH,YAAY,CAAC,EAAE;QACX;;;WAGG;QACH,OAAO,CAAC,EAAE,CAAC,aAAa,EAAE,GAAG,EAAE,OAAO,EAAE;YAAE,aAAa,EAAE,GAAG,CAAC;YAAC,aAAa,EAAE,GAAG,CAAA;SAAE,KAAK,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;KAC7G,CAAC;IACF,GAAG,CAAC,EAAE,UAAU,CAAC;IACjB,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,mBAAmB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACzC,yBAAyB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5C,2BAA2B,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC9C;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC;;;;;OAKG;IACH,YAAY,CAAC,EAAE,mBAAmB,CAAC;IACnC,KAAK,CAAC,EAAE,eAAe,CAAC;IAMxB;;;OAGG;IACH,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB;;;OAGG;IACH,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB;;;OAGG;IACH,MAAM,CAAC,EAAE,UAAU,CAAC;IAEpB;;;OAGG;IACH,QAAQ,CAAC,EAAE,aAAa,CAAC;IAEzB;;;OAGG;IACH,GAAG,CAAC,EAAE,UAAU,CAAC;IAEjB;;;OAGG;IACH,aAAa,CAAC,EAAE,kBAAkB,CAAC;IAEnC;;;OAGG;IACH,KAAK,CAAC,EAAE,YAAY,CAAC;IAErB;;;OAGG;IACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,SAAS,GAAG,KAAK,GAAG,gBAAgB,GAAG,iBAAiB,KAAK,GAAG,CAAC;CAChI;AAED,MAAM,WAAW,mBAAmB;IAChC,mEAAmE;IACnE,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,mEAAmE;IACnE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0EAA0E;IAC1E,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,uEAAuE;IACvE,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAClC;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B;;;OAGG;IACH,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB;;OAEG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,MAAM,WAAW,sBAAsB;IACnC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB;;;;;OAKG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC;IAChB,UAAU,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,iBAAiB,CAAC,GAAG,iBAAiB,CAAC;IAChF,MAAM,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,QAAQ,CAAC,EAAE,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAC1C,WAAW,CAAC,EAAE,IAAI,CAAC,wBAAwB,CAAC,CAAC;CAChD;AAED,MAAM,WAAW,wBAAwB;IACrC,uBAAuB,IAAI,OAAO,CAAC,iBAAiB,CAAC,GAAG,iBAAiB,CAAC;CAC7E"}
|
|
@@ -56,7 +56,7 @@ let AuthConfigService = AuthConfigService_1 = class AuthConfigService {
|
|
|
56
56
|
}
|
|
57
57
|
static setOptions(options) {
|
|
58
58
|
const deepmerge = require('deepmerge');
|
|
59
|
-
const mergedOptions = deepmerge(this.defaultOptions, options);
|
|
59
|
+
const mergedOptions = deepmerge(this.defaultOptions, options, { clone: false });
|
|
60
60
|
// Ensure adminConsole exists
|
|
61
61
|
if (!mergedOptions.adminConsole) {
|
|
62
62
|
mergedOptions.adminConsole = {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nest-auth.module.d.ts","sourceRoot":"","sources":["../../../../../packages/nest-auth/src/lib/nest-auth.module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,aAAa,EAAE,kBAAkB,EAAY,MAAM,gBAAgB,CAAC;AAErF,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAA4B,MAAM,iDAAiD,CAAC;
|
|
1
|
+
{"version":3,"file":"nest-auth.module.d.ts","sourceRoot":"","sources":["../../../../../packages/nest-auth/src/lib/nest-auth.module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,aAAa,EAAE,kBAAkB,EAAY,MAAM,gBAAgB,CAAC;AAErF,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAA4B,MAAM,iDAAiD,CAAC;AAgBtI,qBACa,cAAc;IACzB,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,iBAAiB,GAAG,aAAa;IA0CzD,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,sBAAsB,GAAG,aAAa;IAwCnE,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAkBnC,OAAO,CAAC,MAAM,CAAC,0BAA0B;IA0BzC,OAAO,CAAC,MAAM,CAAC,UAAU;IAOzB,SAAS,CAAC,QAAQ,EAAE,kBAAkB;CAGvC"}
|
|
@@ -17,13 +17,14 @@ const auth_config_service_1 = require("./core/services/auth-config.service");
|
|
|
17
17
|
const refresh_token_interceptor_1 = require("./auth/interceptors/refresh-token.interceptor");
|
|
18
18
|
const auth_constants_1 = require("./auth.constants");
|
|
19
19
|
const admin_console_module_1 = require("./admin-console/admin-console.module");
|
|
20
|
+
const audit_service_1 = require("./audit/services/audit.service");
|
|
20
21
|
let NestAuthModule = NestAuthModule_1 = class NestAuthModule {
|
|
21
22
|
static forRoot(options) {
|
|
22
23
|
const mergedOptions = this.getOptions(options);
|
|
23
24
|
// Set options in static service
|
|
24
25
|
auth_config_service_1.AuthConfigService.setOptions(mergedOptions);
|
|
25
26
|
// Conditionally add refresh token interceptor (enabled by default)
|
|
26
|
-
const providers = [];
|
|
27
|
+
const providers = [audit_service_1.AuditService];
|
|
27
28
|
if (mergedOptions.enableAutoRefresh !== false) {
|
|
28
29
|
providers.push({
|
|
29
30
|
provide: core_1.APP_INTERCEPTOR,
|
|
@@ -52,13 +53,14 @@ let NestAuthModule = NestAuthModule_1 = class NestAuthModule {
|
|
|
52
53
|
role_module_1.RoleModule,
|
|
53
54
|
session_module_1.SessionModule,
|
|
54
55
|
admin_console_module_1.AdminConsoleModule,
|
|
56
|
+
audit_service_1.AuditService,
|
|
55
57
|
],
|
|
56
58
|
};
|
|
57
59
|
}
|
|
58
60
|
static forRootAsync(options) {
|
|
59
61
|
const asyncProviders = this.createAsyncProviders(options);
|
|
60
62
|
// Add refresh token interceptor provider (enabled by default)
|
|
61
|
-
const providers = [...asyncProviders];
|
|
63
|
+
const providers = [...asyncProviders, audit_service_1.AuditService];
|
|
62
64
|
if (options.enableAutoRefresh !== false) {
|
|
63
65
|
providers.push({
|
|
64
66
|
provide: core_1.APP_INTERCEPTOR,
|
|
@@ -88,6 +90,7 @@ let NestAuthModule = NestAuthModule_1 = class NestAuthModule {
|
|
|
88
90
|
role_module_1.RoleModule,
|
|
89
91
|
session_module_1.SessionModule,
|
|
90
92
|
admin_console_module_1.AdminConsoleModule,
|
|
93
|
+
audit_service_1.AuditService,
|
|
91
94
|
],
|
|
92
95
|
};
|
|
93
96
|
}
|
|
@@ -8,10 +8,10 @@ export declare const SESSION_REPOSITORY = "SESSION_REPOSITORY";
|
|
|
8
8
|
*/
|
|
9
9
|
export declare class SessionManagerService {
|
|
10
10
|
private readonly repository;
|
|
11
|
-
private options;
|
|
12
|
-
private readonly maxSessionsPerUser;
|
|
13
|
-
private readonly slidingExpiration;
|
|
14
11
|
constructor(repository: ISessionRepository);
|
|
12
|
+
private get options();
|
|
13
|
+
private get maxSessionsPerUser();
|
|
14
|
+
private get slidingExpiration();
|
|
15
15
|
/**
|
|
16
16
|
* Create a new session
|
|
17
17
|
*/
|