npm - @ackplus/nest-auth - Versions diffs - 1.1.27 → 1.1.29 - Mend

@ackplus/nest-auth 1.1.27 → 1.1.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (980) hide show

package/dist/lib/auth/events/user-2fa-enabled.event.js ADDED Viewed

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.User2faEnabledEvent = void 0;
+class User2faEnabledEvent {
+    payload;
+    constructor(payload) {
+        this.payload = payload;
+    }
+    get user() {
+        return this.payload.user;
+    }
+    get method() {
+        return this.payload.method;
+    }
+}
+exports.User2faEnabledEvent = User2faEnabledEvent;
+//# sourceMappingURL=user-2fa-enabled.event.js.map

package/dist/lib/auth/events/user-2fa-enabled.event.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"user-2fa-enabled.event.js","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-2fa-enabled.event.ts"],"names":[],"mappings":";;;AAQA,MAAa,mBAAmB;IAER;IADpB,YACoB,OAAmC;QAAnC,YAAO,GAAP,OAAO,CAA4B;IACnD,CAAC;IAEL,IAAI,IAAI;QACJ,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC7B,CAAC;IAED,IAAI,MAAM;QACN,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;IAC/B,CAAC;CACJ;AAZD,kDAYC"}

package/dist/lib/auth/events/user-2fa-verified.event.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user-2fa-verified.event.d.ts","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-2fa-verified.event.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAC;AAC7E,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAE3E,MAAM,WAAW,2BAA2B;IACxC,IAAI,EAAE,YAAY,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,mBAAmB,CAAC;IAC3B,OAAO,EAAE,cAAc,CAAC;IACxB,MAAM,EAAE,qBAAqB,CAAC;CACjC;AAED,qBAAa,oBAAoB;aAET,OAAO,EAAE,2BAA2B;gBAApC,OAAO,EAAE,2BAA2B;CAE3D"}

package/dist/lib/auth/events/user-2fa-verified.event.js ADDED Viewed

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.User2faVerifiedEvent = void 0;
+class User2faVerifiedEvent {
+    payload;
+    constructor(payload) {
+        this.payload = payload;
+    }
+}
+exports.User2faVerifiedEvent = User2faVerifiedEvent;
+//# sourceMappingURL=user-2fa-verified.event.js.map

package/dist/lib/auth/events/user-2fa-verified.event.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"user-2fa-verified.event.js","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-2fa-verified.event.ts"],"names":[],"mappings":";;;AAaA,MAAa,oBAAoB;IAET;IADpB,YACoB,OAAoC;QAApC,YAAO,GAAP,OAAO,CAA6B;IACpD,CAAC;CACR;AAJD,oDAIC"}

package/dist/lib/auth/events/user-logged-in.event.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user-logged-in.event.d.ts","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-logged-in.event.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AACpE,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAE3E,MAAM,WAAW,wBAAwB;IACrC,IAAI,EAAE,YAAY,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,eAAe,CAAC;IACvB,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,OAAO,EAAE,cAAc,CAAC;IACxB,MAAM,EAAE,qBAAqB,CAAC;IAC9B,aAAa,EAAE,OAAO,CAAC;CAC1B;AAGD,qBAAa,iBAAiB;aAEN,OAAO,EAAE,wBAAwB;gBAAjC,OAAO,EAAE,wBAAwB;CAExD"}

package/dist/lib/auth/events/user-logged-in.event.js ADDED Viewed

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserLoggedInEvent = void 0;
+class UserLoggedInEvent {
+    payload;
+    constructor(payload) {
+        this.payload = payload;
+    }
+}
+exports.UserLoggedInEvent = UserLoggedInEvent;
+//# sourceMappingURL=user-logged-in.event.js.map

package/dist/lib/auth/events/user-logged-in.event.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"user-logged-in.event.js","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-logged-in.event.ts"],"names":[],"mappings":";;;AAiBA,MAAa,iBAAiB;IAEN;IADpB,YACoB,OAAiC;QAAjC,YAAO,GAAP,OAAO,CAA0B;IACjD,CAAC;CACR;AAJD,8CAIC"}

package/dist/lib/auth/events/user-password-changed.event.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user-password-changed.event.d.ts","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-password-changed.event.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAE/D,MAAM,WAAW,+BAA+B;IAC5C,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;CACjC;AAED,qBAAa,wBAAwB;aAEb,OAAO,EAAE,+BAA+B;gBAAxC,OAAO,EAAE,+BAA+B;IAG5D,IAAI,IAAI,IAAI,YAAY,CAEvB;IAED,IAAI,WAAW,IAAI,MAAM,GAAG,OAAO,CAElC;CACJ"}

package/dist/lib/auth/events/user-password-changed.event.js ADDED Viewed

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserPasswordChangedEvent = void 0;
+class UserPasswordChangedEvent {
+    payload;
+    constructor(payload) {
+        this.payload = payload;
+    }
+    get user() {
+        return this.payload.user;
+    }
+    get initiatedBy() {
+        return this.payload.initiatedBy;
+    }
+}
+exports.UserPasswordChangedEvent = UserPasswordChangedEvent;
+//# sourceMappingURL=user-password-changed.event.js.map

package/dist/lib/auth/events/user-password-changed.event.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user-password-changed.event.js","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-password-changed.event.ts"],"names":[],"mappings":";;;AAOA,MAAa,wBAAwB;IAEb;IADpB,YACoB,OAAwC;QAAxC,YAAO,GAAP,OAAO,CAAiC;IACxD,CAAC;IAEL,IAAI,IAAI;QACJ,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC7B,CAAC;IAED,IAAI,WAAW;QACX,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;IACpC,CAAC;CACJ;AAZD,4DAYC"}

package/dist/lib/auth/events/user-refresh-token.event.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user-refresh-token.event.d.ts","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-refresh-token.event.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAE3E,MAAM,WAAW,4BAA4B;IACzC,OAAO,EAAE,cAAc,CAAC;IACxB,MAAM,EAAE,qBAAqB,CAAC;IAC9B,eAAe,EAAE,MAAM,CAAC;CAC3B;AAED,qBAAa,qBAAqB;aAEV,OAAO,EAAE,4BAA4B;gBAArC,OAAO,EAAE,4BAA4B;CAE5D"}

package/dist/lib/auth/events/user-refresh-token.event.js ADDED Viewed

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserRefreshTokenEvent = void 0;
+class UserRefreshTokenEvent {
+    payload;
+    constructor(payload) {
+        this.payload = payload;
+    }
+}
+exports.UserRefreshTokenEvent = UserRefreshTokenEvent;
+//# sourceMappingURL=user-refresh-token.event.js.map

package/dist/lib/auth/events/user-refresh-token.event.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"user-refresh-token.event.js","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-refresh-token.event.ts"],"names":[],"mappings":";;;AASA,MAAa,qBAAqB;IAEV;IADpB,YACoB,OAAqC;QAArC,YAAO,GAAP,OAAO,CAA8B;IACrD,CAAC;CACR;AAJD,sDAIC"}

package/dist/lib/auth/events/user-registered.event.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user-registered.event.d.ts","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-registered.event.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAE3E,MAAM,WAAW,0BAA0B;IACvC,IAAI,EAAE,YAAY,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,gBAAgB,CAAC;IACxB,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,OAAO,EAAE,cAAc,CAAC;IACxB,MAAM,EAAE,qBAAqB,CAAC;IAC9B,aAAa,EAAE,OAAO,CAAC;CAC1B;AAGD,qBAAa,mBAAmB;aAER,OAAO,EAAE,0BAA0B;gBAAnC,OAAO,EAAE,0BAA0B;CAE1D"}

package/dist/lib/auth/events/user-registered.event.js ADDED Viewed

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserRegisteredEvent = void 0;
+class UserRegisteredEvent {
+    payload;
+    constructor(payload) {
+        this.payload = payload;
+    }
+}
+exports.UserRegisteredEvent = UserRegisteredEvent;
+//# sourceMappingURL=user-registered.event.js.map

package/dist/lib/auth/events/user-registered.event.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"user-registered.event.js","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-registered.event.ts"],"names":[],"mappings":";;;AAiBA,MAAa,mBAAmB;IAER;IADpB,YACoB,OAAmC;QAAnC,YAAO,GAAP,OAAO,CAA4B;IACnD,CAAC;CACR;AAJD,kDAIC"}

package/dist/lib/auth/guards/auth.guard.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { JwtService } from '../../core/services/jwt.service';
+import { SessionManagerService } from '../../session/services/session-manager.service';
+import { AccessKeyService } from '../../user/services/access-key.service';
+import { AuthConfigService } from '../../core/services/auth-config.service';
+export declare const OPTIONAL_AUTH_KEY = "optional_auth";
+export declare class NestAuthAuthGuard implements CanActivate {
+    private reflector;
+    private jwtService;
+    private sessionManager;
+    private accessKeyService;
+    private authConfigService;
+    constructor(reflector: Reflector, jwtService: JwtService, sessionManager: SessionManagerService, accessKeyService: AccessKeyService, authConfigService: AuthConfigService);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+    private handleJwtAuth;
+    private handleApiKeyAuth;
+    private checkMfa;
+    private checkAuthorization;
+    private getRequiredPermissions;
+    private getRequiredRoles;
+    private resolveUserRoles;
+    private checkRoles;
+    private checkPermissions;
+    private getUserPermissions;
+}
+//# sourceMappingURL=auth.guard.d.ts.map

package/dist/lib/auth/guards/auth.guard.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.guard.d.ts","sourceRoot":"","sources":["../../../../src/lib/auth/guards/auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,WAAW,EAAE,gBAAgB,EAA6C,MAAM,gBAAgB,CAAC;AAEtH,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,gDAAgD,CAAC;AACvF,OAAO,EAAE,gBAAgB,EAAE,MAAM,wCAAwC,CAAC;AAK1E,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AAG5E,eAAO,MAAM,iBAAiB,kBAAkB,CAAC;AAgBjD,qBACa,iBAAkB,YAAW,WAAW;IAE7C,OAAO,CAAC,SAAS;IACjB,OAAO,CAAC,UAAU;IAClB,OAAO,CAAC,cAAc;IACtB,OAAO,CAAC,gBAAgB;IACxB,OAAO,CAAC,iBAAiB;gBAJjB,SAAS,EAAE,SAAS,EACpB,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,qBAAqB,EACrC,gBAAgB,EAAE,gBAAgB,EAClC,iBAAiB,EAAE,iBAAiB;IAG1C,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;YAyFhD,aAAa;YAmGb,gBAAgB;YAqDhB,QAAQ;YA6BR,kBAAkB;IAwChC,OAAO,CAAC,sBAAsB;IAiB9B,OAAO,CAAC,gBAAgB;YAuBV,gBAAgB;YAuBhB,UAAU;YA+BV,gBAAgB;IA0C9B,OAAO,CAAC,kBAAkB;CAiB7B"}

package/dist/lib/auth/guards/auth.guard.js ADDED Viewed

@@ -0,0 +1,355 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NestAuthAuthGuard = exports.OPTIONAL_AUTH_KEY = void 0;
+const common_1 = require("@nestjs/common");
+const auth_constants_1 = require("../../auth.constants");
+const core_1 = require("@nestjs/core");
+const jwt_service_1 = require("../../core/services/jwt.service");
+const session_manager_service_1 = require("../../session/services/session-manager.service");
+const access_key_service_1 = require("../../user/services/access-key.service");
+const skip_mfa_decorator_1 = require("../../core/decorators/skip-mfa.decorator");
+const permissions_decorator_1 = require("../../core/decorators/permissions.decorator");
+const role_decorator_1 = require("../../core/decorators/role.decorator");
+const auth_config_service_1 = require("../../core/services/auth-config.service");
+exports.OPTIONAL_AUTH_KEY = 'optional_auth';
+let NestAuthAuthGuard = class NestAuthAuthGuard {
+    reflector;
+    jwtService;
+    sessionManager;
+    accessKeyService;
+    authConfigService;
+    constructor(reflector, jwtService, sessionManager, accessKeyService, authConfigService) {
+        this.reflector = reflector;
+        this.jwtService = jwtService;
+        this.sessionManager = sessionManager;
+        this.accessKeyService = accessKeyService;
+        this.authConfigService = authConfigService;
+    }
+    async canActivate(context) {
+        const request = context.switchToHttp().getRequest();
+        const response = context.switchToHttp().getResponse();
+        const isOptional = this.reflector.getAllAndOverride(exports.OPTIONAL_AUTH_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        request.user = null;
+        request.session = null;
+        request.accessKey = null;
+        request.authType = null;
+        const authHeader = request.headers.authorization;
+        if (!authHeader) {
+            if (isOptional) {
+                return true;
+            }
+            else {
+                throw new common_1.UnauthorizedException({
+                    message: 'No authentication provided',
+                    code: auth_constants_1.ERROR_CODES.NO_AUTH_PROVIDED
+                });
+            }
+        }
+        const [type, token] = authHeader.split(' ');
+        if (!type || !token) {
+            if (isOptional) {
+                return true;
+            }
+            else {
+                throw new common_1.UnauthorizedException({
+                    message: 'Invalid authentication format',
+                    code: auth_constants_1.ERROR_CODES.INVALID_AUTH_FORMAT
+                });
+            }
+        }
+        let isAuthenticated = false;
+        try {
+            switch (type.toLowerCase()) {
+                case 'bearer':
+                    isAuthenticated = await this.handleJwtAuth(context, request, response, token, isOptional);
+                    break;
+                case 'apikey':
+                    isAuthenticated = await this.handleApiKeyAuth(request, token, isOptional);
+                    break;
+                default:
+                    if (isOptional) {
+                        return true;
+                    }
+                    else {
+                        throw new common_1.UnauthorizedException({
+                            message: 'Invalid authentication type',
+                            code: auth_constants_1.ERROR_CODES.INVALID_AUTH_TYPE
+                        });
+                    }
+            }
+        }
+        catch (error) {
+            if (isOptional) {
+                return true;
+            }
+            else {
+                throw error;
+            }
+        }
+        if (!isAuthenticated && !isOptional) {
+            return false;
+        }
+        if (isAuthenticated && request.user) {
+            await this.checkAuthorization(context, request);
+        }
+        return true;
+    }
+    async handleJwtAuth(context, request, response, token, isOptional = false) {
+        try {
+            const payload = await this.jwtService.verifyToken(token);
+            const config = this.authConfigService.getConfig();
+            if (config.guards?.beforeAuth) {
+                const result = await config.guards.beforeAuth(request, payload);
+                if (result && result.reject) {
+                    throw new common_1.UnauthorizedException({
+                        message: result.reason || 'Authentication rejected by custom guard',
+                        code: auth_constants_1.ERROR_CODES.ACCESS_DENIED
+                    });
+                }
+            }
+            request.user = payload;
+            request.authType = 'jwt';
+            const session = await this.sessionManager.getSession(payload.sessionId);
+            if (!session) {
+                if (isOptional) {
+                    request.user = null;
+                    request.authType = null;
+                    return false;
+                }
+                else {
+                    throw new common_1.UnauthorizedException({
+                        message: 'Session not found',
+                        code: auth_constants_1.ERROR_CODES.SESSION_NOT_FOUND
+                    });
+                }
+            }
+            if (config.jwt?.validateToken) {
+                const isValid = await config.jwt.validateToken(payload, session);
+                if (!isValid) {
+                    throw new common_1.UnauthorizedException({
+                        message: 'Token validation failed',
+                        code: auth_constants_1.ERROR_CODES.INVALID_TOKEN
+                    });
+                }
+            }
+            request.session = session;
+            if (session.user && session.user.isActive === false) {
+                if (isOptional) {
+                    request.user = null;
+                    request.authType = null;
+                    return false;
+                }
+                else {
+                    throw new common_1.UnauthorizedException({
+                        message: 'User is not active',
+                        code: auth_constants_1.ERROR_CODES.ACCOUNT_INACTIVE
+                    });
+                }
+            }
+            await this.checkMfa(context, payload, isOptional);
+            if (config.guards?.afterAuth) {
+                if (session.data?.user) {
+                    await config.guards.afterAuth(request, session.data.user, session);
+                }
+            }
+            return true;
+        }
+        catch (error) {
+            if (isOptional) {
+                return false;
+            }
+            else {
+                if (error instanceof common_1.UnauthorizedException || error.status) {
+                    throw error;
+                }
+                throw new common_1.UnauthorizedException({
+                    message: 'Invalid or expired token',
+                    code: auth_constants_1.ERROR_CODES.INVALID_TOKEN
+                });
+            }
+        }
+    }
+    async handleApiKeyAuth(request, token, isOptional = false) {
+        const [publicKey, privateKey] = token.split('.');
+        if (!publicKey || !privateKey) {
+            if (isOptional) {
+                return false;
+            }
+            else {
+                throw new common_1.UnauthorizedException({
+                    message: 'Invalid API key format',
+                    code: auth_constants_1.ERROR_CODES.INVALID_API_KEY_FORMAT
+                });
+            }
+        }
+        try {
+            const isValid = await this.accessKeyService.validateAccessKey(publicKey, privateKey);
+            if (!isValid) {
+                if (isOptional) {
+                    return false;
+                }
+                else {
+                    throw new common_1.UnauthorizedException({
+                        message: 'Invalid API key',
+                        code: auth_constants_1.ERROR_CODES.INVALID_API_KEY
+                    });
+                }
+            }
+            const accessKey = await this.accessKeyService.getAccessKey(publicKey);
+            await this.accessKeyService.updateAccessKeyLastUsed(publicKey);
+            request.user = accessKey.user;
+            request.accessKey = accessKey;
+            request.authType = 'api-key';
+            return true;
+        }
+        catch (error) {
+            if (isOptional) {
+                return false;
+            }
+            else {
+                throw error;
+            }
+        }
+    }
+    async checkMfa(context, payload, isOptional = false) {
+        const skipMfa = this.reflector.getAllAndOverride(skip_mfa_decorator_1.SKIP_MFA_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        const isMfaEnabled = payload.isMfaEnabled;
+        const isMfaVerified = payload.isMfaVerified;
+        if (isMfaEnabled && !isMfaVerified && !skipMfa) {
+            if (isOptional) {
+                throw new Error('MFA verification required - cannot proceed with optional auth');
+            }
+            else {
+                throw new common_1.UnauthorizedException({
+                    message: 'Multi-factor authentication is required',
+                    code: auth_constants_1.ERROR_CODES.MFA_REQUIRED
+                });
+            }
+        }
+    }
+    async checkAuthorization(context, request) {
+        const requiredPermissions = this.getRequiredPermissions(context);
+        const requiredRoles = this.getRequiredRoles(context);
+        if (!requiredPermissions.length && !requiredRoles.length) {
+            return;
+        }
+        const user = request.user;
+        if (!user) {
+            throw new common_1.ForbiddenException({
+                message: 'Access denied: User not authenticated',
+                code: auth_constants_1.ERROR_CODES.UNAUTHORIZED,
+            });
+        }
+        if (requiredRoles.length > 0) {
+            await this.checkRoles(user, requiredRoles);
+        }
+        if (requiredPermissions.length > 0) {
+            await this.checkPermissions(user, requiredPermissions);
+        }
+    }
+    getRequiredPermissions(context) {
+        let permissions = this.reflector.getAllAndOverride(permissions_decorator_1.PERMISSIONS_KEY, [context.getHandler(), context.getClass()]);
+        if (!permissions) {
+            return [];
+        }
+        return typeof permissions === 'string' ? [permissions] : permissions;
+    }
+    getRequiredRoles(context) {
+        let roles = this.reflector.getAllAndOverride(role_decorator_1.ROLES_KEY, [context.getHandler(), context.getClass()]);
+        if (!roles) {
+            return [];
+        }
+        return typeof roles === 'string' ? [roles] : roles;
+    }
+    async resolveUserRoles(user) {
+        const config = this.authConfigService.getConfig();
+        if (config.authorization?.resolveRoles) {
+            return await config.authorization.resolveRoles(user);
+        }
+        if (!user.roles || !Array.isArray(user.roles)) {
+            return [];
+        }
+        return user.roles
+            .filter((role) => role.isActive)
+            .map((role) => role.name);
+    }
+    async checkRoles(user, requiredRoles) {
+        const userRoleNames = await this.resolveUserRoles(user);
+        if (userRoleNames.length === 0 && (!user.roles || !Array.isArray(user.roles))) {
+            throw new common_1.ForbiddenException({
+                message: 'Access denied: No roles assigned',
+                code: auth_constants_1.ERROR_CODES.NO_ROLES_ASSIGNED,
+            });
+        }
+        const hasAllRoles = requiredRoles.every(role => userRoleNames.includes(role));
+        if (!hasAllRoles) {
+            const missingRoles = requiredRoles.filter(role => !userRoleNames.includes(role));
+            throw new common_1.ForbiddenException({
+                message: `Access denied: Missing required roles: ${missingRoles.join(', ')}`,
+                code: auth_constants_1.ERROR_CODES.MISSING_REQUIRED_ROLES,
+            });
+        }
+    }
+    async checkPermissions(user, requiredPermissions) {
+        const config = this.authConfigService.getConfig();
+        let userPermissions = [];
+        if (config.authorization?.resolvePermissions) {
+            const roles = await this.resolveUserRoles(user);
+            userPermissions = await config.authorization.resolvePermissions(user, roles);
+        }
+        else {
+            if (!user.roles || !Array.isArray(user.roles)) {
+                throw new common_1.ForbiddenException({
+                    message: 'Access denied: No roles assigned for permission check',
+                    code: auth_constants_1.ERROR_CODES.NO_ROLES_ASSIGNED,
+                });
+            }
+            userPermissions = this.getUserPermissions(user.roles);
+        }
+        const hasAllPermissions = requiredPermissions.every(permission => userPermissions.includes(permission));
+        if (!hasAllPermissions) {
+            const missingPermissions = requiredPermissions.filter(permission => !userPermissions.includes(permission));
+            throw new common_1.ForbiddenException({
+                message: `Access denied: Missing required permissions: ${missingPermissions.join(', ')}`,
+                code: auth_constants_1.ERROR_CODES.MISSING_REQUIRED_PERMISSIONS,
+            });
+        }
+    }
+    getUserPermissions(roles) {
+        const permissions = new Set();
+        roles.forEach(role => {
+            if (!role.isActive) {
+                return;
+            }
+            if (role.permissions && Array.isArray(role.permissions)) {
+                role.permissions.forEach(permission => permissions.add(permission));
+            }
+        });
+        return Array.from(permissions);
+    }
+};
+exports.NestAuthAuthGuard = NestAuthAuthGuard;
+exports.NestAuthAuthGuard = NestAuthAuthGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [core_1.Reflector,
+        jwt_service_1.JwtService,
+        session_manager_service_1.SessionManagerService,
+        access_key_service_1.AccessKeyService,
+        auth_config_service_1.AuthConfigService])
+], NestAuthAuthGuard);
+//# sourceMappingURL=auth.guard.js.map

package/dist/lib/auth/guards/auth.guard.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.guard.js","sourceRoot":"","sources":["../../../../src/lib/auth/guards/auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAsH;AACtH,yDAAmD;AACnD,uCAAyC;AAEzC,iEAA6D;AAC7D,4FAAuF;AACvF,+EAA0E;AAE1E,iFAAwE;AACxE,uFAA8E;AAC9E,yEAAiE;AACjE,iFAA4E;AAG/D,QAAA,iBAAiB,GAAG,eAAe,CAAC;AAiB1C,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAEd;IACA;IACA;IACA;IACA;IALZ,YACY,SAAoB,EACpB,UAAsB,EACtB,cAAqC,EACrC,gBAAkC,EAClC,iBAAoC;QAJpC,cAAS,GAAT,SAAS,CAAW;QACpB,eAAU,GAAV,UAAU,CAAY;QACtB,mBAAc,GAAd,cAAc,CAAuB;QACrC,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,sBAAiB,GAAjB,iBAAiB,CAAmB;IAC5C,CAAC;IAEL,KAAK,CAAC,WAAW,CAAC,OAAyB;QACvC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAkB,CAAC;QACpE,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,WAAW,EAAY,CAAC;QAGhE,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAU,yBAAiB,EAAE;YAC5E,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACrB,CAAC,CAAC;QAGH,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;QACpB,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;QACvB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;QACzB,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;QAExB,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QAGjD,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,IAAI,UAAU,EAAE,CAAC;gBAEb,OAAO,IAAI,CAAC;YAChB,CAAC;iBAAM,CAAC;gBAEJ,MAAM,IAAI,8BAAqB,CAAC;oBAC5B,OAAO,EAAE,4BAA4B;oBACrC,IAAI,EAAE,4BAAW,CAAC,gBAAgB;iBACrC,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAClB,IAAI,UAAU,EAAE,CAAC;gBACb,OAAO,IAAI,CAAC;YAChB,CAAC;iBAAM,CAAC;gBACJ,MAAM,IAAI,8BAAqB,CAAC;oBAC5B,OAAO,EAAE,+BAA+B;oBACxC,IAAI,EAAE,4BAAW,CAAC,mBAAmB;iBACxC,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAGD,IAAI,eAAe,GAAG,KAAK,CAAC;QAC5B,IAAI,CAAC;YACD,QAAQ,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;gBACzB,KAAK,QAAQ;oBACT,eAAe,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;oBAC1F,MAAM;gBACV,KAAK,QAAQ;oBACT,eAAe,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;oBAC1E,MAAM;gBACV;oBACI,IAAI,UAAU,EAAE,CAAC;wBAEb,OAAO,IAAI,CAAC;oBAChB,CAAC;yBAAM,CAAC;wBACJ,MAAM,IAAI,8BAAqB,CAAC;4BAC5B,OAAO,EAAE,6BAA6B;4BACtC,IAAI,EAAE,4BAAW,CAAC,iBAAiB;yBACtC,CAAC,CAAC;oBACP,CAAC;YACT,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,UAAU,EAAE,CAAC;gBAEb,OAAO,IAAI,CAAC;YAChB,CAAC;iBAAM,CAAC;gBAEJ,MAAM,KAAK,CAAC;YAChB,CAAC;QACL,CAAC;QAGD,IAAI,CAAC,eAAe,IAAI,CAAC,UAAU,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACjB,CAAC;QAID,IAAI,eAAe,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,OAAyB,EAAE,OAAY,EAAE,QAAkB,EAAE,KAAa,EAAE,aAAsB,KAAK;QAC/H,IAAI,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAEzD,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,CAAC;YAGlD,IAAI,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC;gBAC5B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBAChE,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;oBAC1B,MAAM,IAAI,8BAAqB,CAAC;wBAC5B,OAAO,EAAE,MAAM,CAAC,MAAM,IAAI,yCAAyC;wBACnE,IAAI,EAAE,4BAAW,CAAC,aAAa;qBAClC,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;YAED,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC;YACvB,OAAO,CAAC,QAAQ,GAAG,KAAK,CAAC;YAGzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,SAAmB,CAAC,CAAC;YAClF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,IAAI,UAAU,EAAE,CAAC;oBAEb,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;oBACpB,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;oBACxB,OAAO,KAAK,CAAC;gBACjB,CAAC;qBAAM,CAAC;oBACJ,MAAM,IAAI,8BAAqB,CAAC;wBAC5B,OAAO,EAAE,mBAAmB;wBAC5B,IAAI,EAAE,4BAAW,CAAC,iBAAiB;qBACtC,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;YAGD,IAAI,MAAM,CAAC,GAAG,EAAE,aAAa,EAAE,CAAC;gBAC5B,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACjE,IAAI,CAAC,OAAO,EAAE,CAAC;oBACX,MAAM,IAAI,8BAAqB,CAAC;wBAC5B,OAAO,EAAE,yBAAyB;wBAClC,IAAI,EAAE,4BAAW,CAAC,aAAa;qBAClC,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;YAED,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;YAG1B,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;gBAClD,IAAI,UAAU,EAAE,CAAC;oBACb,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;oBACpB,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;oBACxB,OAAO,KAAK,CAAC;gBACjB,CAAC;qBAAM,CAAC;oBACJ,MAAM,IAAI,8BAAqB,CAAC;wBAC5B,OAAO,EAAE,oBAAoB;wBAC7B,IAAI,EAAE,4BAAW,CAAC,gBAAgB;qBACrC,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;YAGD,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;YAGlD,IAAI,MAAM,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC;gBAK3B,IAAI,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;oBACrB,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBACvE,CAAC;YACL,CAAC;YAED,OAAO,IAAI,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAGb,IAAI,UAAU,EAAE,CAAC;gBAEb,OAAO,KAAK,CAAC;YACjB,CAAC;iBAAM,CAAC;gBAEJ,IAAI,KAAK,YAAY,8BAAqB,IAAK,KAAa,CAAC,MAAM,EAAE,CAAC;oBAClE,MAAM,KAAK,CAAC;gBAChB,CAAC;gBAED,MAAM,IAAI,8BAAqB,CAAC;oBAC5B,OAAO,EAAE,0BAA0B;oBACnC,IAAI,EAAE,4BAAW,CAAC,aAAa;iBAClC,CAAC,CAAC;YACP,CAAC;QACL,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,OAAY,EAAE,KAAa,EAAE,aAAsB,KAAK;QAEnF,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjD,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,EAAE,CAAC;YAC5B,IAAI,UAAU,EAAE,CAAC;gBAEb,OAAO,KAAK,CAAC;YACjB,CAAC;iBAAM,CAAC;gBACJ,MAAM,IAAI,8BAAqB,CAAC;oBAC5B,OAAO,EAAE,wBAAwB;oBACjC,IAAI,EAAE,4BAAW,CAAC,sBAAsB;iBAC3C,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAED,IAAI,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YACrF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,IAAI,UAAU,EAAE,CAAC;oBAEb,OAAO,KAAK,CAAC;gBACjB,CAAC;qBAAM,CAAC;oBACJ,MAAM,IAAI,8BAAqB,CAAC;wBAC5B,OAAO,EAAE,iBAAiB;wBAC1B,IAAI,EAAE,4BAAW,CAAC,eAAe;qBACpC,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;YAGD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAGtE,MAAM,IAAI,CAAC,gBAAgB,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC;YAG/D,OAAO,CAAC,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC;YAC9B,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC;YAC9B,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC;YAE7B,OAAO,IAAI,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,UAAU,EAAE,CAAC;gBAEb,OAAO,KAAK,CAAC;YACjB,CAAC;iBAAM,CAAC;gBACJ,MAAM,KAAK,CAAC;YAChB,CAAC;QACL,CAAC;IACL,CAAC;IAGO,KAAK,CAAC,QAAQ,CAAC,OAAyB,EAAE,OAAwB,EAAE,aAAsB,KAAK;QAEnG,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAU,iCAAY,EAAE;YACpE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACrB,CAAC,CAAC;QAGH,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QAC1C,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAG5C,IAAI,YAAY,IAAI,CAAC,aAAa,IAAI,CAAC,OAAO,EAAE,CAAC;YAC7C,IAAI,UAAU,EAAE,CAAC;gBAGb,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;YACrF,CAAC;iBAAM,CAAC;gBACJ,MAAM,IAAI,8BAAqB,CAAC;oBAC5B,OAAO,EAAE,yCAAyC;oBAClD,IAAI,EAAE,4BAAW,CAAC,YAAY;iBACjC,CAAC,CAAC;YACP,CAAC;QACL,CAAC;IACL,CAAC;IAKO,KAAK,CAAC,kBAAkB,CAAC,OAAyB,EAAE,OAAgB;QAExE,MAAM,mBAAmB,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;QACjE,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAGrD,IAAI,CAAC,mBAAmB,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;YACvD,OAAO;QACX,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAG1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,2BAAkB,CAAC;gBACzB,OAAO,EAAE,uCAAuC;gBAChD,IAAI,EAAE,4BAAW,CAAC,YAAY;aACjC,CAAC,CAAC;QACP,CAAC;QASD,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QAC/C,CAAC;QAGD,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;QAC3D,CAAC;IACL,CAAC;IAKO,sBAAsB,CAAC,OAAyB;QACpD,IAAI,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAC9C,uCAAe,EACf,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAC7C,CAAC;QAEF,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,OAAO,EAAE,CAAC;QACd,CAAC;QAGD,OAAO,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;IACzE,CAAC;IAKO,gBAAgB,CAAC,OAAyB;QAC9C,IAAI,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CACxC,0BAAS,EACT,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAC7C,CAAC;QAEF,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,OAAO,EAAE,CAAC;QACd,CAAC;QAGD,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACvD,CAAC;IAWO,KAAK,CAAC,gBAAgB,CAAC,IAAS;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,CAAC;QAGlD,IAAI,MAAM,CAAC,aAAa,EAAE,YAAY,EAAE,CAAC;YACrC,OAAO,MAAM,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC;QAGD,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAE5C,OAAO,EAAE,CAAC;QACd,CAAC;QAGD,OAAO,IAAI,CAAC,KAAK;aACZ,MAAM,CAAC,CAAC,IAAS,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;aACpC,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAKO,KAAK,CAAC,UAAU,CAAC,IAAS,EAAE,aAAuB;QACvD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAExD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC5E,MAAM,IAAI,2BAAkB,CAAC;gBACzB,OAAO,EAAE,kCAAkC;gBAC3C,IAAI,EAAE,4BAAW,CAAC,iBAAiB;aACtC,CAAC,CAAC;QACP,CAAC;QAGD,MAAM,WAAW,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAE9E,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YACjF,MAAM,IAAI,2BAAkB,CAAC;gBACzB,OAAO,EAAE,0CAA0C,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC5E,IAAI,EAAE,4BAAW,CAAC,sBAAsB;aAC3C,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAWO,KAAK,CAAC,gBAAgB,CAAC,IAAS,EAAE,mBAA6B;QACnE,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,CAAC;QAClD,IAAI,eAAe,GAAa,EAAE,CAAC;QAGnC,IAAI,MAAM,CAAC,aAAa,EAAE,kBAAkB,EAAE,CAAC;YAE3C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;YAChD,eAAe,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACjF,CAAC;aAAM,CAAC;YAEJ,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,MAAM,IAAI,2BAAkB,CAAC;oBACzB,OAAO,EAAE,uDAAuD;oBAChE,IAAI,EAAE,4BAAW,CAAC,iBAAiB;iBACtC,CAAC,CAAC;YACP,CAAC;YAGD,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1D,CAAC;QAGD,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAC7D,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC,CACvC,CAAC;QAEF,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACrB,MAAM,kBAAkB,GAAG,mBAAmB,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAC/D,CAAC,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC,CACxC,CAAC;YAEF,MAAM,IAAI,2BAAkB,CAAC;gBACzB,OAAO,EAAE,gDAAgD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBACxF,IAAI,EAAE,4BAAW,CAAC,4BAA4B;aACjD,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAKO,kBAAkB,CAAC,KAAY;QACnC,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QAEtC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YAEjB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACjB,OAAO;YACX,CAAC;YAGD,IAAI,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACtD,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;YACxE,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACnC,CAAC;CACJ,CAAA;AAxdY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;qCAGc,gBAAS;QACR,wBAAU;QACN,+CAAqB;QACnB,qCAAgB;QACf,uCAAiB;GANvC,iBAAiB,CAwd7B"}

package/dist/lib/auth/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/index.ts"],"names":[],"mappings":"AACA,cAAc,qBAAqB,CAAC;AACpC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAGxD,cAAc,0CAA0C,CAAC;AAGzD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yCAAyC,CAAC;AACxD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,kCAAkC,CAAC;AACjD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,mCAAmC,CAAC;AAClD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,qCAAqC,CAAC;AAGpD,cAAc,yBAAyB,CAAC;AACxC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,wBAAwB,CAAC;AACvC,cAAc,kCAAkC,CAAC;AAGjD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,8BAA8B,CAAC;AAG7C,cAAc,kCAAkC,CAAC;AACjD,cAAc,mCAAmC,CAAC;AAClD,cAAc,0CAA0C,CAAC;AACzD,cAAc,yCAAyC,CAAC;AACxD,cAAc,yCAAyC,CAAC;AACxD,cAAc,4CAA4C,CAAC;AAC3D,cAAc,2CAA2C,CAAC;AAC1D,cAAc,sDAAsD,CAAC;AACrE,cAAc,uDAAuD,CAAC;AACtE,cAAc,0CAA0C,CAAC;AACzD,cAAc,4CAA4C,CAAC;AAC3D,cAAc,uCAAuC,CAAC;AACtD,cAAc,0CAA0C,CAAC;AACzD,cAAc,uCAAuC,CAAC;AACtD,cAAc,8CAA8C,CAAC;AAC7D,cAAc,mCAAmC,CAAC;AAClD,cAAc,0CAA0C,CAAC;AACzD,cAAc,yCAAyC,CAAC;AACxD,cAAc,yCAAyC,CAAC;AACxD,cAAc,4CAA4C,CAAC;AAG3D,cAAc,uBAAuB,CAAC;AACtC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,kCAAkC,CAAC"}

package/dist/lib/auth/index.js ADDED Viewed

@@ -0,0 +1,60 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OPTIONAL_AUTH_KEY = void 0;
+__exportStar(require("./guards/auth.guard"), exports);
+var auth_guard_1 = require("./guards/auth.guard");
+Object.defineProperty(exports, "OPTIONAL_AUTH_KEY", { enumerable: true, get: function () { return auth_guard_1.OPTIONAL_AUTH_KEY; } });
+__exportStar(require("./interceptors/refresh-token.interceptor"), exports);
+__exportStar(require("./events/logged-out-all.event"), exports);
+__exportStar(require("./events/logged-out.event"), exports);
+__exportStar(require("./events/password-reset-requested.event"), exports);
+__exportStar(require("./events/password-reset.event"), exports);
+__exportStar(require("./events/user-2fa-verified.event"), exports);
+__exportStar(require("./events/user-logged-in.event"), exports);
+__exportStar(require("./events/user-refresh-token.event"), exports);
+__exportStar(require("./events/user-registered.event"), exports);
+__exportStar(require("./events/two-factor-code-sent.event"), exports);
+__exportStar(require("./services/auth.service"), exports);
+__exportStar(require("./services/cookie.service"), exports);
+__exportStar(require("./services/mfa.service"), exports);
+__exportStar(require("./services/client-config.service"), exports);
+__exportStar(require("./controllers/auth.controller"), exports);
+__exportStar(require("./controllers/mfa.controller"), exports);
+__exportStar(require("./dto/requests/login.request.dto"), exports);
+__exportStar(require("./dto/requests/signup.request.dto"), exports);
+__exportStar(require("./dto/credentials/social-credentials.dto"), exports);
+__exportStar(require("./dto/credentials/email-credentials.dto"), exports);
+__exportStar(require("./dto/credentials/phone-credentials.dto"), exports);
+__exportStar(require("./dto/requests/forgot-password.request.dto"), exports);
+__exportStar(require("./dto/requests/reset-password.request.dto"), exports);
+__exportStar(require("./dto/requests/reset-password-with-token.request.dto"), exports);
+__exportStar(require("./dto/requests/verify-forgot-password-otp-request-dto"), exports);
+__exportStar(require("./dto/requests/send-mfa-code.request.dto"), exports);
+__exportStar(require("./dto/requests/change-password.request.dto"), exports);
+__exportStar(require("./dto/requests/toggle-mfa.request.dto"), exports);
+__exportStar(require("./dto/requests/refresh-token.request.dto"), exports);
+__exportStar(require("./dto/requests/verify-2fa.request.dto"), exports);
+__exportStar(require("./dto/requests/verify-totp-setup.request.dto"), exports);
+__exportStar(require("./dto/responses/auth.response.dto"), exports);
+__exportStar(require("./dto/responses/auth-cookie.response.dto"), exports);
+__exportStar(require("./dto/responses/verify-otp.response.dto"), exports);
+__exportStar(require("./dto/responses/mfa-status.response.dto"), exports);
+__exportStar(require("./dto/responses/client-config.response.dto"), exports);
+__exportStar(require("./entities/otp.entity"), exports);
+__exportStar(require("./entities/mfa-secret.entity"), exports);
+__exportStar(require("./entities/trusted-device.entity"), exports);
+//# sourceMappingURL=index.js.map

package/dist/lib/auth/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/lib/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AACA,sDAAoC;AACpC,kDAAwD;AAA/C,+GAAA,iBAAiB,OAAA;AAG1B,2EAAyD;AAGzD,gEAA8C;AAC9C,4DAA0C;AAC1C,0EAAwD;AACxD,gEAA8C;AAC9C,mEAAiD;AACjD,gEAA8C;AAC9C,oEAAkD;AAClD,iEAA+C;AAC/C,sEAAoD;AAGpD,0DAAwC;AACxC,4DAA0C;AAC1C,yDAAuC;AACvC,mEAAiD;AAGjD,gEAA8C;AAC9C,+DAA6C;AAG7C,mEAAiD;AACjD,oEAAkD;AAClD,2EAAyD;AACzD,0EAAwD;AACxD,0EAAwD;AACxD,6EAA2D;AAC3D,4EAA0D;AAC1D,uFAAqE;AACrE,wFAAsE;AACtE,2EAAyD;AACzD,6EAA2D;AAC3D,wEAAsD;AACtD,2EAAyD;AACzD,wEAAsD;AACtD,+EAA6D;AAC7D,oEAAkD;AAClD,2EAAyD;AACzD,0EAAwD;AACxD,0EAAwD;AACxD,6EAA2D;AAG3D,wDAAsC;AACtC,+DAA6C;AAC7C,mEAAiD"}

package/dist/lib/auth/interceptors/refresh-token.interceptor.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { NestInterceptor, ExecutionContext, CallHandler } from '@nestjs/common';
+import { Observable } from 'rxjs';
+import { AuthService } from '../services/auth.service';
+import { CookieService } from '../services/cookie.service';
+import { JwtService } from '../../core/services/jwt.service';
+import { AuthConfigService } from '../../core/services/auth-config.service';
+export declare class RefreshTokenInterceptor implements NestInterceptor {
+    private readonly authService;
+    private readonly cookieService;
+    private readonly jwtService;
+    private readonly authConfig;
+    constructor(authService: AuthService, cookieService: CookieService, jwtService: JwtService, authConfig: AuthConfigService);
+    intercept(context: ExecutionContext, next: CallHandler): Promise<Observable<any>>;
+    private extractRefreshToken;
+}
+//# sourceMappingURL=refresh-token.interceptor.d.ts.map

package/dist/lib/auth/interceptors/refresh-token.interceptor.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"refresh-token.interceptor.d.ts","sourceRoot":"","sources":["../../../../src/lib/auth/interceptors/refresh-token.interceptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,eAAe,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC5F,OAAO,EAAE,UAAU,EAAc,MAAM,MAAM,CAAC;AAG9C,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AA2B5E,qBACa,uBAAwB,YAAW,eAAe;IAEvD,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAHV,WAAW,EAAE,WAAW,EACxB,aAAa,EAAE,aAAa,EAC5B,UAAU,EAAE,UAAU,EACtB,UAAU,EAAE,iBAAiB;IAG5C,SAAS,CAAC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IA0DvF,OAAO,CAAC,mBAAmB;CAe9B"}