npm - @ackplus/nest-auth - Versions diffs - 1.1.28 → 1.1.30 - Mend

@ackplus/nest-auth 1.1.28 → 1.1.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (982) hide show

package/dist/lib/core/providers/facebook-auth.provider.js ADDED Viewed

@@ -0,0 +1,70 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FacebookAuthProvider = void 0;
+const fb_1 = __importDefault(require("fb"));
+const base_auth_provider_1 = require("./base-auth.provider");
+const common_1 = require("@nestjs/common");
+const typeorm_1 = require("typeorm");
+const auth_constants_1 = require("../../auth.constants");
+const user_entity_1 = require("../../user/entities/user.entity");
+const identity_entity_1 = require("../../user/entities/identity.entity");
+let FacebookAuthProvider = class FacebookAuthProvider extends base_auth_provider_1.BaseAuthProvider {
+    dataSource;
+    providerName = auth_constants_1.FACEBOOK_AUTH_PROVIDER;
+    skipMfa = true;
+    facebookConfig;
+    constructor(dataSource) {
+        const userRepository = dataSource.getRepository(user_entity_1.NestAuthUser);
+        const authIdentityRepository = dataSource.getRepository(identity_entity_1.NestAuthIdentity);
+        super(userRepository, authIdentityRepository);
+        this.dataSource = dataSource;
+        this.facebookConfig = this.options.facebook;
+        this.enabled = Boolean(this.facebookConfig);
+        if (this.enabled) {
+            fb_1.default.options({
+                appId: this.facebookConfig.appId,
+                appSecret: this.facebookConfig.appSecret,
+            });
+        }
+    }
+    async validate(credentials) {
+        try {
+            const response = await fb_1.default.api('me', {
+                fields: ['id', 'email', 'name', 'picture'],
+                access_token: credentials.token,
+            });
+            return {
+                userId: response.id,
+                email: response.email || '',
+                metadata: {
+                    name: response.name,
+                    picture: response.picture?.data?.url,
+                },
+            };
+        }
+        catch (error) {
+            throw new common_1.UnauthorizedException('Invalid Facebook token');
+        }
+    }
+    getRequiredFields() {
+        return ['token'];
+    }
+};
+exports.FacebookAuthProvider = FacebookAuthProvider;
+exports.FacebookAuthProvider = FacebookAuthProvider = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [typeorm_1.DataSource])
+], FacebookAuthProvider);
+//# sourceMappingURL=facebook-auth.provider.js.map

package/dist/lib/core/providers/facebook-auth.provider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"facebook-auth.provider.js","sourceRoot":"","sources":["../../../../src/lib/core/providers/facebook-auth.provider.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,4CAA0B;AAC1B,6DAAwD;AACxD,2CAAmE;AACnE,qCAAqC;AACrC,yDAA8D;AAC9D,iEAA+D;AAC/D,yEAAuE;AAIhE,IAAM,oBAAoB,GAA1B,MAAM,oBAAqB,SAAQ,qCAAgB;IAMzC;IALb,YAAY,GAAG,uCAAsB,CAAC;IACtC,OAAO,GAAG,IAAI,CAAC;IACP,cAAc,CAAgC;IAEtD,YACa,UAAsB;QAE/B,MAAM,cAAc,GAAG,UAAU,CAAC,aAAa,CAAC,0BAAY,CAAC,CAAC;QAC9D,MAAM,sBAAsB,GAAG,UAAU,CAAC,aAAa,CAAC,kCAAgB,CAAC,CAAC;QAE1E,KAAK,CAAC,cAAc,EAAE,sBAAsB,CAAC,CAAC;QALrC,eAAU,GAAV,UAAU,CAAY;QAO/B,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QAC5C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAE5C,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACf,YAAQ,CAAC,OAAO,CAAC;gBACb,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,KAAK;gBAChC,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS;aAC3C,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,WAA8B;QACzC,IAAI,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,YAAQ,CAAC,GAAG,CAAC,IAAI,EAAE;gBACtC,MAAM,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC;gBAC1C,YAAY,EAAE,WAAW,CAAC,KAAK;aAClC,CAAC,CAAC;YAEH,OAAO;gBACH,MAAM,EAAE,QAAQ,CAAC,EAAE;gBACnB,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,EAAE;gBAC3B,QAAQ,EAAE;oBACN,IAAI,EAAE,QAAQ,CAAC,IAAI;oBACnB,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG;iBACvC;aACJ,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,8BAAqB,CAAC,wBAAwB,CAAC,CAAC;QAC9D,CAAC;IACL,CAAC;IAED,iBAAiB;QACb,OAAO,CAAC,OAAO,CAAC,CAAC;IACrB,CAAC;CACJ,CAAA;AA/CY,oDAAoB;+BAApB,oBAAoB;IADhC,IAAA,mBAAU,GAAE;qCAOgB,oBAAU;GAN1B,oBAAoB,CA+ChC"}

package/dist/lib/core/providers/github-auth.provider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"github-auth.provider.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/providers/github-auth.provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAExD,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAMrC,qBACa,kBAAmB,SAAQ,gBAAgB;IAKhD,QAAQ,CAAC,UAAU,EAAE,UAAU;IAJnC,YAAY,SAAwB;IACpC,OAAO,CAAC,YAAY,CAA8B;gBAGrC,UAAU,EAAE,UAAU;IAW7B,QAAQ,CAAC,WAAW,EAAE;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE;;;;;;;;;;;;IAkDnD,iBAAiB,IAAI,MAAM,EAAE;CAGhC"}

package/dist/lib/core/providers/github-auth.provider.js ADDED Viewed

@@ -0,0 +1,83 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GitHubAuthProvider = void 0;
+const base_auth_provider_1 = require("./base-auth.provider");
+const common_1 = require("@nestjs/common");
+const typeorm_1 = require("typeorm");
+const auth_constants_1 = require("../../auth.constants");
+const user_entity_1 = require("../../user/entities/user.entity");
+const identity_entity_1 = require("../../user/entities/identity.entity");
+let GitHubAuthProvider = class GitHubAuthProvider extends base_auth_provider_1.BaseAuthProvider {
+    dataSource;
+    providerName = auth_constants_1.GITHUB_AUTH_PROVIDER;
+    githubConfig;
+    constructor(dataSource) {
+        const userRepository = dataSource.getRepository(user_entity_1.NestAuthUser);
+        const authIdentityRepository = dataSource.getRepository(identity_entity_1.NestAuthIdentity);
+        super(userRepository, authIdentityRepository);
+        this.dataSource = dataSource;
+        this.githubConfig = this.options.github;
+        this.enabled = Boolean(this.githubConfig);
+    }
+    async validate(credentials) {
+        try {
+            const userResponse = await fetch('https://api.github.com/user', {
+                headers: {
+                    Authorization: `Bearer ${credentials.accessToken}`,
+                    Accept: 'application/vnd.github.v3+json',
+                },
+            });
+            if (!userResponse.ok) {
+                throw new common_1.UnauthorizedException('Invalid GitHub token');
+            }
+            const userData = await userResponse.json();
+            let email = userData.email;
+            if (!email) {
+                const emailsResponse = await fetch('https://api.github.com/user/emails', {
+                    headers: {
+                        Authorization: `Bearer ${credentials.accessToken}`,
+                        Accept: 'application/vnd.github.v3+json',
+                    },
+                });
+                if (emailsResponse.ok) {
+                    const emails = await emailsResponse.json();
+                    const primaryEmail = emails.find((e) => e.primary) || emails[0];
+                    email = primaryEmail?.email || '';
+                }
+            }
+            return {
+                userId: userData.id.toString(),
+                email: email || '',
+                metadata: {
+                    name: userData.name || userData.login,
+                    login: userData.login,
+                    avatar: userData.avatar_url,
+                    bio: userData.bio,
+                    company: userData.company,
+                    location: userData.location,
+                },
+            };
+        }
+        catch (error) {
+            throw new common_1.UnauthorizedException('Invalid GitHub token');
+        }
+    }
+    getRequiredFields() {
+        return ['accessToken'];
+    }
+};
+exports.GitHubAuthProvider = GitHubAuthProvider;
+exports.GitHubAuthProvider = GitHubAuthProvider = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [typeorm_1.DataSource])
+], GitHubAuthProvider);
+//# sourceMappingURL=github-auth.provider.js.map

package/dist/lib/core/providers/github-auth.provider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"github-auth.provider.js","sourceRoot":"","sources":["../../../../src/lib/core/providers/github-auth.provider.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAAwD;AACxD,2CAAmE;AACnE,qCAAqC;AACrC,yDAA4D;AAC5D,iEAA+D;AAC/D,yEAAuE;AAIhE,IAAM,kBAAkB,GAAxB,MAAM,kBAAmB,SAAQ,qCAAgB;IAKvC;IAJb,YAAY,GAAG,qCAAoB,CAAC;IAC5B,YAAY,CAA8B;IAElD,YACa,UAAsB;QAE/B,MAAM,cAAc,GAAG,UAAU,CAAC,aAAa,CAAC,0BAAY,CAAC,CAAC;QAC9D,MAAM,sBAAsB,GAAG,UAAU,CAAC,aAAa,CAAC,kCAAgB,CAAC,CAAC;QAE1E,KAAK,CAAC,cAAc,EAAE,sBAAsB,CAAC,CAAC;QALrC,eAAU,GAAV,UAAU,CAAY;QAO/B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QACxC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC9C,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,WAAoC;QAC/C,IAAI,CAAC;YAED,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,6BAA6B,EAAE;gBAC5D,OAAO,EAAE;oBACL,aAAa,EAAE,UAAU,WAAW,CAAC,WAAW,EAAE;oBAClD,MAAM,EAAE,gCAAgC;iBAC3C;aACJ,CAAC,CAAC;YAEH,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;gBACnB,MAAM,IAAI,8BAAqB,CAAC,sBAAsB,CAAC,CAAC;YAC5D,CAAC;YAED,MAAM,QAAQ,GAAQ,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;YAGhD,IAAI,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC;YAC3B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACT,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,oCAAoC,EAAE;oBACrE,OAAO,EAAE;wBACL,aAAa,EAAE,UAAU,WAAW,CAAC,WAAW,EAAE;wBAClD,MAAM,EAAE,gCAAgC;qBAC3C;iBACJ,CAAC,CAAC;gBAEH,IAAI,cAAc,CAAC,EAAE,EAAE,CAAC;oBACpB,MAAM,MAAM,GAAQ,MAAM,cAAc,CAAC,IAAI,EAAE,CAAC;oBAChD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC;oBACrE,KAAK,GAAG,YAAY,EAAE,KAAK,IAAI,EAAE,CAAC;gBACtC,CAAC;YACL,CAAC;YAED,OAAO;gBACH,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,QAAQ,EAAE;gBAC9B,KAAK,EAAE,KAAK,IAAI,EAAE;gBAClB,QAAQ,EAAE;oBACN,IAAI,EAAE,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,KAAK;oBACrC,KAAK,EAAE,QAAQ,CAAC,KAAK;oBACrB,MAAM,EAAE,QAAQ,CAAC,UAAU;oBAC3B,GAAG,EAAE,QAAQ,CAAC,GAAG;oBACjB,OAAO,EAAE,QAAQ,CAAC,OAAO;oBACzB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;iBAC9B;aACJ,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,8BAAqB,CAAC,sBAAsB,CAAC,CAAC;QAC5D,CAAC;IACL,CAAC;IAED,iBAAiB;QACb,OAAO,CAAC,aAAa,CAAC,CAAC;IAC3B,CAAC;CACJ,CAAA;AArEY,gDAAkB;6BAAlB,kBAAkB;IAD9B,IAAA,mBAAU,GAAE;qCAMgB,oBAAU;GAL1B,kBAAkB,CAqE9B"}

package/dist/lib/core/providers/google-auth.provider.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import { BaseAuthProvider } from './base-auth.provider';
+import { DataSource } from 'typeorm';
+export declare class GoogleAuthProvider extends BaseAuthProvider {
+    readonly dataSource: DataSource;
+    providerName: string;
+    skipMfa: boolean;
+    private client;
+    private googleConfig;
+    constructor(dataSource: DataSource);
+    validate(credentials: {
+        token: string;
+        type: 'id' | 'access';
+    }): Promise<{
+        userId: string;
+        email: string;
+        metadata: {
+            name: string;
+            picture: string;
+            locale: string;
+        };
+    }>;
+    getRequiredFields(): string[];
+}
+//# sourceMappingURL=google-auth.provider.d.ts.map

package/dist/lib/core/providers/google-auth.provider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"google-auth.provider.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/providers/google-auth.provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAGxD,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAIrC,qBACa,kBAAmB,SAAQ,gBAAgB;IAOhD,QAAQ,CAAC,UAAU,EAAE,UAAU;IANnC,YAAY,SAAwB;IACpC,OAAO,UAAQ;IACf,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,YAAY,CAA8B;gBAGrC,UAAU,EAAE,UAAU;IAsB7B,QAAQ,CAAC,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,IAAI,GAAG,QAAQ,CAAA;KAAE;;;;;;;;;IA6EpE,iBAAiB,IAAI,MAAM,EAAE;CAGhC"}

package/dist/lib/core/providers/google-auth.provider.js ADDED Viewed

@@ -0,0 +1,105 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GoogleAuthProvider = void 0;
+const google_auth_library_1 = require("google-auth-library");
+const common_1 = require("@nestjs/common");
+const base_auth_provider_1 = require("./base-auth.provider");
+const auth_constants_1 = require("../../auth.constants");
+const typeorm_1 = require("typeorm");
+const user_entity_1 = require("../../user/entities/user.entity");
+const identity_entity_1 = require("../../user/entities/identity.entity");
+let GoogleAuthProvider = class GoogleAuthProvider extends base_auth_provider_1.BaseAuthProvider {
+    dataSource;
+    providerName = auth_constants_1.GOOGLE_AUTH_PROVIDER;
+    skipMfa = true;
+    client;
+    googleConfig;
+    constructor(dataSource) {
+        const userRepository = dataSource.getRepository(user_entity_1.NestAuthUser);
+        const authIdentityRepository = dataSource.getRepository(identity_entity_1.NestAuthIdentity);
+        super(userRepository, authIdentityRepository);
+        this.dataSource = dataSource;
+        this.googleConfig = this.options.google;
+        this.enabled = Boolean(this.googleConfig);
+        if (this.enabled) {
+            this.client = new google_auth_library_1.OAuth2Client(this.googleConfig.clientId, this.googleConfig.clientSecret);
+        }
+    }
+    async validate(credentials) {
+        const { token, type = 'id' } = credentials;
+        let payload;
+        if (type === 'id') {
+            try {
+                const ticket = await this.client.verifyIdToken({
+                    idToken: token,
+                    audience: this.googleConfig.clientId,
+                });
+                payload = ticket.getPayload();
+            }
+            catch (error) {
+                console.error('Google ID Token validation failed:', error);
+                throw new common_1.UnauthorizedException('Invalid Google ID token');
+            }
+        }
+        else if (type === 'access') {
+            try {
+                const tokenInfo = await this.client.getTokenInfo(token);
+                const res = await fetch('https://www.googleapis.com/oauth2/v3/userinfo', {
+                    headers: {
+                        Authorization: `Bearer ${token}`,
+                    },
+                });
+                if (!res.ok) {
+                    console.error('userinfo error status:', res.status, await res.text());
+                    throw new common_1.UnauthorizedException('Failed to fetch Google user info');
+                }
+                const userInfo = (await res.json());
+                payload = {
+                    ...userInfo,
+                    sub: tokenInfo.sub ?? userInfo.sub,
+                    email: userInfo.email ?? tokenInfo.email,
+                    name: userInfo.name,
+                    picture: userInfo.picture,
+                    locale: userInfo.locale,
+                };
+            }
+            catch (error) {
+                console.error('Google Access Token validation failed:', error);
+                throw new common_1.UnauthorizedException('Invalid Google Access token');
+            }
+        }
+        else {
+            throw new common_1.UnauthorizedException('Missing or invalid Google token type (id | access) in credentials');
+        }
+        if (!payload || !payload.sub) {
+            throw new common_1.UnauthorizedException(`Invalid Google ${type} token`);
+        }
+        return {
+            userId: payload.sub,
+            email: payload.email || '',
+            metadata: {
+                name: payload.name,
+                picture: payload.picture,
+                locale: payload.locale,
+            },
+        };
+    }
+    getRequiredFields() {
+        return ['token'];
+    }
+};
+exports.GoogleAuthProvider = GoogleAuthProvider;
+exports.GoogleAuthProvider = GoogleAuthProvider = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [typeorm_1.DataSource])
+], GoogleAuthProvider);
+//# sourceMappingURL=google-auth.provider.js.map

package/dist/lib/core/providers/google-auth.provider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"google-auth.provider.js","sourceRoot":"","sources":["../../../../src/lib/core/providers/google-auth.provider.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6DAAiE;AACjE,2CAAmE;AACnE,6DAAwD;AAExD,yDAA4D;AAC5D,qCAAqC;AACrC,iEAA+D;AAC/D,yEAAuE;AAGhE,IAAM,kBAAkB,GAAxB,MAAM,kBAAmB,SAAQ,qCAAgB;IAOvC;IANb,YAAY,GAAG,qCAAoB,CAAC;IACpC,OAAO,GAAG,IAAI,CAAC;IACP,MAAM,CAAe;IACrB,YAAY,CAA8B;IAElD,YACa,UAAsB;QAE/B,MAAM,cAAc,GAAG,UAAU,CAAC,aAAa,CAAC,0BAAY,CAAC,CAAC;QAC9D,MAAM,sBAAsB,GAAG,UAAU,CAAC,aAAa,CAAC,kCAAgB,CAAC,CAAC;QAE1E,KAAK,CAAC,cAAc,EAAE,sBAAsB,CAAC,CAAC;QALrC,eAAU,GAAV,UAAU,CAAY;QAO/B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QACxC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC1C,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,GAAG,IAAI,kCAAY,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC/F,CAAC;IACL,CAAC;IAUD,KAAK,CAAC,QAAQ,CAAC,WAAqD;QAChE,MAAM,EAAE,KAAK,EAAE,IAAI,GAAG,IAAI,EAAE,GAAG,WAAW,CAAC;QAC3C,IAAI,OAAqB,CAAA;QACzB,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAGhB,IAAI,CAAC;gBACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;oBAC3C,OAAO,EAAE,KAAK;oBACd,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,QAAQ;iBACvC,CAAC,CAAC;gBAEH,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;YAClC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;gBAC3D,MAAM,IAAI,8BAAqB,CAAC,yBAAyB,CAAC,CAAC;YAC/D,CAAC;QAEL,CAAC;aAAM,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC3B,IAAI,CAAC;gBAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;gBAQxD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,+CAA+C,EAAE;oBACrE,OAAO,EAAE;wBACL,aAAa,EAAE,UAAU,KAAK,EAAE;qBACnC;iBACJ,CAAC,CAAC;gBAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;oBACV,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;oBACtE,MAAM,IAAI,8BAAqB,CAAC,kCAAkC,CAAC,CAAC;gBACxE,CAAC;gBAED,MAAM,QAAQ,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAQ,CAAC;gBAE3C,OAAO,GAAG;oBACN,GAAG,QAAQ;oBACX,GAAG,EAAE,SAAS,CAAC,GAAG,IAAI,QAAQ,CAAC,GAAG;oBAClC,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,SAAS,CAAC,KAAK;oBACxC,IAAI,EAAE,QAAQ,CAAC,IAAI;oBACnB,OAAO,EAAE,QAAQ,CAAC,OAAO;oBACzB,MAAM,EAAE,QAAQ,CAAC,MAAM;iBACH,CAAC;YAC7B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,KAAK,CAAC,CAAC;gBAC/D,MAAM,IAAI,8BAAqB,CAAC,6BAA6B,CAAC,CAAC;YACnE,CAAC;QAGL,CAAC;aAAM,CAAC;YACJ,MAAM,IAAI,8BAAqB,CAC3B,mEAAmE,CACtE,CAAC;QACN,CAAC;QAED,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAC3B,MAAM,IAAI,8BAAqB,CAAC,kBAAkB,IAAI,QAAQ,CAAC,CAAC;QACpE,CAAC;QAED,OAAO;YACH,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;YAC1B,QAAQ,EAAE;gBACN,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,MAAM,EAAE,OAAO,CAAC,MAAM;aACzB;SACJ,CAAC;IACN,CAAC;IAED,iBAAiB;QACb,OAAO,CAAC,OAAO,CAAC,CAAC;IACrB,CAAC;CACJ,CAAA;AA7GY,gDAAkB;6BAAlB,kBAAkB;IAD9B,IAAA,mBAAU,GAAE;qCAQgB,oBAAU;GAP1B,kBAAkB,CA6G9B"}

package/dist/lib/core/providers/jwt-auth.provider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"jwt-auth.provider.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/providers/jwt-auth.provider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAIrC,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAIrD,qBACa,eAAgB,SAAQ,gBAAgB;IAM7C,QAAQ,CAAC,UAAU,EAAE,UAAU;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAN/B,YAAY,SAAqB;IACjC,OAAO,CAAC,SAAS,CAA2B;gBAI/B,UAAU,EAAE,UAAU,EACd,UAAU,EAAE,UAAU;IAWrC,QAAQ,CAAC,WAAW,EAAE;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE;;;;;;;;;;;;;;;;;;;;IAiBnD,iBAAiB,IAAI,MAAM,EAAE;CAGhC"}

package/dist/lib/core/providers/jwt-auth.provider.js ADDED Viewed

@@ -0,0 +1,61 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtAuthProvider = void 0;
+const common_1 = require("@nestjs/common");
+const base_auth_provider_1 = require("./base-auth.provider");
+const typeorm_1 = require("typeorm");
+const common_2 = require("@nestjs/common");
+const auth_constants_1 = require("../../auth.constants");
+const jwt_service_1 = require("../services/jwt.service");
+const user_entity_1 = require("../../user/entities/user.entity");
+const identity_entity_1 = require("../../user/entities/identity.entity");
+let JwtAuthProvider = class JwtAuthProvider extends base_auth_provider_1.BaseAuthProvider {
+    dataSource;
+    jwtService;
+    providerName = auth_constants_1.JWT_AUTH_PROVIDER;
+    jwtConfig;
+    constructor(dataSource, jwtService) {
+        const userRepository = dataSource.getRepository(user_entity_1.NestAuthUser);
+        const authIdentityRepository = dataSource.getRepository(identity_entity_1.NestAuthIdentity);
+        super(userRepository, authIdentityRepository);
+        this.dataSource = dataSource;
+        this.jwtService = jwtService;
+        this.jwtConfig = this.options.jwt;
+        this.enabled = Boolean(this.jwtConfig);
+    }
+    async validate(credentials) {
+        try {
+            const payload = await this.jwtService.verifyToken(credentials.accessToken);
+            return {
+                userId: payload.sub,
+                email: payload.email,
+                phone: payload.phone,
+                metadata: {
+                    ...payload,
+                },
+            };
+        }
+        catch (error) {
+            throw new common_1.BadRequestException('Invalid JWT token');
+        }
+    }
+    getRequiredFields() {
+        return ['accessToken'];
+    }
+};
+exports.JwtAuthProvider = JwtAuthProvider;
+exports.JwtAuthProvider = JwtAuthProvider = __decorate([
+    (0, common_2.Injectable)(),
+    __metadata("design:paramtypes", [typeorm_1.DataSource,
+        jwt_service_1.JwtService])
+], JwtAuthProvider);
+//# sourceMappingURL=jwt-auth.provider.js.map

package/dist/lib/core/providers/jwt-auth.provider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"jwt-auth.provider.js","sourceRoot":"","sources":["../../../../src/lib/core/providers/jwt-auth.provider.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAqD;AACrD,6DAAwD;AACxD,qCAAqC;AACrC,2CAA4C;AAE5C,yDAAyD;AACzD,yDAAqD;AACrD,iEAA+D;AAC/D,yEAAuE;AAGhE,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,qCAAgB;IAMpC;IACQ;IANrB,YAAY,GAAG,kCAAiB,CAAC;IACzB,SAAS,CAA2B;IAG5C,YACa,UAAsB,EACd,UAAsB;QAEvC,MAAM,cAAc,GAAG,UAAU,CAAC,aAAa,CAAC,0BAAY,CAAC,CAAC;QAC9D,MAAM,sBAAsB,GAAG,UAAU,CAAC,aAAa,CAAC,kCAAgB,CAAC,CAAC;QAE1E,KAAK,CAAC,cAAc,EAAE,sBAAsB,CAAC,CAAC;QANrC,eAAU,GAAV,UAAU,CAAY;QACd,eAAU,GAAV,UAAU,CAAY;QAOvC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;QAClC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,WAAoC;QAC/C,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAE3E,OAAO;gBACH,MAAM,EAAE,OAAO,CAAC,GAAG;gBACnB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,QAAQ,EAAE;oBACN,GAAG,OAAO;iBACb;aACJ,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,4BAAmB,CAAC,mBAAmB,CAAC,CAAC;QACvD,CAAC;IACL,CAAC;IAED,iBAAiB;QACb,OAAO,CAAC,aAAa,CAAC,CAAC;IAC3B,CAAC;CACJ,CAAA;AAtCY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;qCAOgB,oBAAU;QACF,wBAAU;GAPlC,eAAe,CAsC3B"}

package/dist/lib/core/providers/phone-auth.provider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"phone-auth.provider.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/providers/phone-auth.provider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAE/D,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAGtE,qBACa,iBAAkB,SAAQ,gBAAgB;IAI/C,QAAQ,CAAC,UAAU,EAAE,UAAU;IAHnC,YAAY,SAAuB;gBAGtB,UAAU,EAAE,UAAU;IAU7B,QAAQ,CAAC,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE;;;;;IAe/D,iBAAiB,IAAI,MAAM,EAAE;IAIpB,YAAY,IAAI,YAAY;CAGxC"}

package/dist/lib/core/providers/phone-auth.provider.js ADDED Viewed

@@ -0,0 +1,52 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PhoneAuthProvider = void 0;
+const common_1 = require("@nestjs/common");
+const typeorm_1 = require("typeorm");
+const user_entity_1 = require("../../user/entities/user.entity");
+const identity_entity_1 = require("../../user/entities/identity.entity");
+const base_auth_provider_1 = require("./base-auth.provider");
+const auth_constants_1 = require("../../auth.constants");
+let PhoneAuthProvider = class PhoneAuthProvider extends base_auth_provider_1.BaseAuthProvider {
+    dataSource;
+    providerName = auth_constants_1.PHONE_AUTH_PROVIDER;
+    constructor(dataSource) {
+        const userRepository = dataSource.getRepository(user_entity_1.NestAuthUser);
+        const authIdentityRepository = dataSource.getRepository(identity_entity_1.NestAuthIdentity);
+        super(userRepository, authIdentityRepository);
+        this.dataSource = dataSource;
+        this.enabled = this.options.phoneAuth?.enabled;
+    }
+    async validate(credentials) {
+        const identity = await this.findIdentity(credentials.phone);
+        if (!identity?.user || !(await identity.user.validatePassword(credentials.password))) {
+            throw new common_1.UnauthorizedException('Invalid credentials');
+        }
+        return {
+            userId: identity.user?.phone,
+            phone: identity.user?.phone || '',
+            metadata: identity.user,
+        };
+    }
+    getRequiredFields() {
+        return ['phone', 'password'];
+    }
+    linkUserWith() {
+        return 'phone';
+    }
+};
+exports.PhoneAuthProvider = PhoneAuthProvider;
+exports.PhoneAuthProvider = PhoneAuthProvider = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [typeorm_1.DataSource])
+], PhoneAuthProvider);
+//# sourceMappingURL=phone-auth.provider.js.map

package/dist/lib/core/providers/phone-auth.provider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"phone-auth.provider.js","sourceRoot":"","sources":["../../../../src/lib/core/providers/phone-auth.provider.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAmE;AACnE,qCAAqC;AACrC,iEAA+D;AAC/D,yEAAuE;AACvE,6DAAsE;AACtE,yDAA2D;AAGpD,IAAM,iBAAiB,GAAvB,MAAM,iBAAkB,SAAQ,qCAAgB;IAItC;IAHb,YAAY,GAAG,oCAAmB,CAAC;IAEnC,YACa,UAAsB;QAE/B,MAAM,cAAc,GAAG,UAAU,CAAC,aAAa,CAAC,0BAAY,CAAC,CAAC;QAC9D,MAAM,sBAAsB,GAAG,UAAU,CAAC,aAAa,CAAC,kCAAgB,CAAC,CAAC;QAE1E,KAAK,CAAC,cAAc,EAAE,sBAAsB,CAAC,CAAC;QALrC,eAAU,GAAV,UAAU,CAAY;QAO/B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,WAAgD;QAE3D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAE5D,IAAI,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YACnF,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO;YACH,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK;YAC5B,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE;YACjC,QAAQ,EAAE,QAAQ,CAAC,IAAI;SAC1B,CAAC;IACN,CAAC;IAED,iBAAiB;QACb,OAAO,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IACjC,CAAC;IAEQ,YAAY;QACjB,OAAO,OAAO,CAAC;IACnB,CAAC;CACJ,CAAA;AApCY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;qCAKgB,oBAAU;GAJ1B,iBAAiB,CAoC7B"}

package/dist/lib/core/services/auth-config.service.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { AuthModuleOptions } from '../interfaces/auth-module-options.interface';
+export declare class AuthConfigService {
+    private static instance;
+    private static options;
+    private static defaultOptions;
+    constructor();
+    static getInstance(): AuthConfigService;
+    private static generateRandomKey;
+    private static resolveSecretKey;
+    static setOptions(options: AuthModuleOptions): void;
+    private static validateAdminConsoleOptions;
+    static getOptions(): AuthModuleOptions;
+    static getDefaultOptions(): AuthModuleOptions;
+    getConfig(): AuthModuleOptions;
+    setConfig(options: AuthModuleOptions): void;
+}
+//# sourceMappingURL=auth-config.service.d.ts.map

package/dist/lib/core/services/auth-config.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth-config.service.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/services/auth-config.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,6CAA6C,CAAC;AAIhF,qBACa,iBAAiB;IAC1B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAoB;IAC3C,OAAO,CAAC,MAAM,CAAC,OAAO,CAAoB;IAM1C,OAAO,CAAC,MAAM,CAAC,cAAc,CAoD3B;;IASF,MAAM,CAAC,WAAW,IAAI,iBAAiB;IAWvC,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAehC,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAqB/B,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,IAAI;IA4BnD,OAAO,CAAC,MAAM,CAAC,2BAA2B;IAiB1C,MAAM,CAAC,UAAU,IAAI,iBAAiB;IAOtC,MAAM,CAAC,iBAAiB,IAAI,iBAAiB;IAI7C,SAAS,IAAI,iBAAiB;IAI9B,SAAS,CAAC,OAAO,EAAE,iBAAiB,GAAG,IAAI;CAG9C"}

package/dist/lib/core/services/auth-config.service.js ADDED Viewed

@@ -0,0 +1,152 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var AuthConfigService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthConfigService = void 0;
+const common_1 = require("@nestjs/common");
+const crypto_1 = require("crypto");
+const session_options_interface_1 = require("../interfaces/session-options.interface");
+const mfa_options_interface_1 = require("../interfaces/mfa-options.interface");
+let AuthConfigService = class AuthConfigService {
+    static { AuthConfigService_1 = this; }
+    static instance;
+    static options;
+    static defaultOptions = {
+        isGlobal: true,
+        appName: 'Nest Auth',
+        passwordResetOtpExpiresIn: '15m',
+        passwordResetTokenExpiresIn: '1h',
+        session: {
+            storageType: session_options_interface_1.SessionStorageType.DATABASE,
+            sessionExpiry: '1h',
+            refreshTokenExpiry: '30d',
+        },
+        jwt: {
+            secret: 'secret',
+        },
+        accessTokenType: 'header',
+        cookieOptions: {
+            httpOnly: true,
+            secure: false,
+        },
+        emailAuth: {
+            enabled: true,
+        },
+        phoneAuth: {
+            enabled: false,
+        },
+        mfa: {
+            enabled: false,
+            methods: [mfa_options_interface_1.MFAMethodEnum.EMAIL, mfa_options_interface_1.MFAMethodEnum.TOTP],
+            allowUserToggle: true,
+            allowMethodSelection: true,
+            otpLength: 6,
+            otpExpiresIn: '15m',
+        },
+        defaultTenant: undefined,
+        adminConsole: {
+            enabled: true,
+            basePath: '/api/auth/admin',
+            sessionCookieName: 'nest_auth_admin',
+            sessionDuration: '2h',
+            allowAdminManagement: true,
+            cookie: {
+                httpOnly: true,
+                secure: false,
+                sameSite: 'lax',
+            },
+        },
+        debug: {
+            enabled: false,
+            level: 'verbose',
+            prefix: '[NestAuth]',
+            includeTimestamp: true,
+            includeContext: true
+        }
+    };
+    constructor() {
+        if (!AuthConfigService_1.instance) {
+            AuthConfigService_1.instance = this;
+        }
+        return AuthConfigService_1.instance;
+    }
+    static getInstance() {
+        if (!AuthConfigService_1.instance) {
+            AuthConfigService_1.instance = new AuthConfigService_1();
+        }
+        return AuthConfigService_1.instance;
+    }
+    static generateRandomKey(length = 32) {
+        return (0, crypto_1.randomBytes)(length).toString('base64');
+    }
+    static resolveSecretKey(options) {
+        const adminConsoleKey = options.adminConsole?.secretKey;
+        if (adminConsoleKey) {
+            return adminConsoleKey;
+        }
+        if (process.env.NODE_ENV !== 'production') {
+            const generatedKey = this.generateRandomKey(32);
+            console.warn('[NestAuth] Warning: adminConsole.secretKey not configured. ' +
+                `Auto-generated key for development: ${generatedKey.slice(0, 20)}...\n` +
+                '⚠️  This key will change on each restart. Configure adminConsole.secretKey in your AuthModuleOptions!');
+            return generatedKey;
+        }
+        return undefined;
+    }
+    static setOptions(options) {
+        const deepmerge = require('deepmerge');
+        const mergedOptions = deepmerge(this.defaultOptions, options, { clone: false });
+        if (!mergedOptions.adminConsole) {
+            mergedOptions.adminConsole = {};
+        }
+        if (!mergedOptions.adminConsole.secretKey) {
+            const secretKey = this.resolveSecretKey(mergedOptions);
+            if (secretKey) {
+                mergedOptions.adminConsole.secretKey = secretKey;
+            }
+        }
+        this.options = mergedOptions;
+        this.validateAdminConsoleOptions(this.options);
+    }
+    static validateAdminConsoleOptions(options) {
+        if (options.adminConsole?.enabled !== false && options.adminConsole?.secretKey) {
+            const secretKey = options.adminConsole.secretKey;
+            const weakSecrets = ['change-me-admin-secret', 'default', 'secret', ''];
+            if (weakSecrets.includes(secretKey)) {
+                throw new Error('Admin console requires a secure secretKey. ' +
+                    'Please set adminConsole.secretKey in your AuthModuleOptions (e.g., secretKey: process.env.ADMIN_CONSOLE_SESSION_SECRET) ' +
+                    'with a 32+ byte random value. Store it securely in environment variables or a secrets manager. ' +
+                    'Weak or default values are not allowed for security reasons. Rotate keys regularly.');
+            }
+        }
+    }
+    static getOptions() {
+        if (!this.options) {
+            this.options = { ...this.defaultOptions };
+        }
+        return this.options;
+    }
+    static getDefaultOptions() {
+        return { ...this.defaultOptions };
+    }
+    getConfig() {
+        return AuthConfigService_1.getOptions();
+    }
+    setConfig(options) {
+        AuthConfigService_1.setOptions(options);
+    }
+};
+exports.AuthConfigService = AuthConfigService;
+exports.AuthConfigService = AuthConfigService = AuthConfigService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [])
+], AuthConfigService);
+//# sourceMappingURL=auth-config.service.js.map

package/dist/lib/core/services/auth-config.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth-config.service.js","sourceRoot":"","sources":["../../../../src/lib/core/services/auth-config.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAA4C;AAC5C,mCAAqC;AAErC,uFAA6E;AAC7E,+EAAoE;AAG7D,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;;IAClB,MAAM,CAAC,QAAQ,CAAoB;IACnC,MAAM,CAAC,OAAO,CAAoB;IAMlC,MAAM,CAAC,cAAc,GAAsB;QAC/C,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,WAAW;QACpB,yBAAyB,EAAE,KAAK;QAChC,2BAA2B,EAAE,IAAI;QACjC,OAAO,EAAE;YACL,WAAW,EAAE,8CAAkB,CAAC,QAAQ;YACxC,aAAa,EAAE,IAAI;YACnB,kBAAkB,EAAE,KAAK;SAC5B;QACD,GAAG,EAAE;YACD,MAAM,EAAE,QAAQ;SACnB;QACD,eAAe,EAAE,QAAQ;QACzB,aAAa,EAAE;YACX,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,KAAK;SAChB;QACD,SAAS,EAAE;YACP,OAAO,EAAE,IAAI;SAChB;QACD,SAAS,EAAE;YACP,OAAO,EAAE,KAAK;SACjB;QACD,GAAG,EAAE;YACD,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,CAAC,qCAAa,CAAC,KAAK,EAAE,qCAAa,CAAC,IAAI,CAAC;YAClD,eAAe,EAAE,IAAI;YACrB,oBAAoB,EAAE,IAAI;YAC1B,SAAS,EAAE,CAAC;YACZ,YAAY,EAAE,KAAK;SACtB;QACD,aAAa,EAAE,SAAS;QACxB,YAAY,EAAE;YACV,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,iBAAiB;YAC3B,iBAAiB,EAAE,iBAAiB;YACpC,eAAe,EAAE,IAAI;YACrB,oBAAoB,EAAE,IAAI;YAC1B,MAAM,EAAE;gBACJ,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,KAAK;gBACb,QAAQ,EAAE,KAAc;aAC3B;SACJ;QACD,KAAK,EAAE;YACH,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,SAAgB;YACvB,MAAM,EAAE,YAAY;YACpB,gBAAgB,EAAE,IAAI;YACtB,cAAc,EAAE,IAAI;SACvB;KACJ,CAAC;IAEF;QACI,IAAI,CAAC,mBAAiB,CAAC,QAAQ,EAAE,CAAC;YAC9B,mBAAiB,CAAC,QAAQ,GAAG,IAAI,CAAC;QACtC,CAAC;QACD,OAAO,mBAAiB,CAAC,QAAQ,CAAC;IACtC,CAAC;IAED,MAAM,CAAC,WAAW;QACd,IAAI,CAAC,mBAAiB,CAAC,QAAQ,EAAE,CAAC;YAC9B,mBAAiB,CAAC,QAAQ,GAAG,IAAI,mBAAiB,EAAE,CAAC;QACzD,CAAC;QACD,OAAO,mBAAiB,CAAC,QAAQ,CAAC;IACtC,CAAC;IAMO,MAAM,CAAC,iBAAiB,CAAC,SAAiB,EAAE;QAChD,OAAO,IAAA,oBAAW,EAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC;IAaO,MAAM,CAAC,gBAAgB,CAAC,OAA0B;QAEtD,MAAM,eAAe,GAAG,OAAO,CAAC,YAAY,EAAE,SAAS,CAAC;QACxD,IAAI,eAAe,EAAE,CAAC;YAClB,OAAO,eAAe,CAAC;QAC3B,CAAC;QAGD,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;YACxC,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;YAChD,OAAO,CAAC,IAAI,CACR,6DAA6D;gBAC7D,uCAAuC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO;gBACvE,uGAAuG,CAC1G,CAAC;YACF,OAAO,YAAY,CAAC;QACxB,CAAC;QAED,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,OAA0B;QACxC,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;QACvC,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QAGhF,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;YAC9B,aAAa,CAAC,YAAY,GAAG,EAAE,CAAC;QACpC,CAAC;QAKD,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YACxC,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;YACvD,IAAI,SAAS,EAAE,CAAC;gBACZ,aAAa,CAAC,YAAY,CAAC,SAAS,GAAG,SAAS,CAAC;YACrD,CAAC;QACL,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,aAAa,CAAC;QAG7B,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC;IAKO,MAAM,CAAC,2BAA2B,CAAC,OAA0B;QACjE,IAAI,OAAO,CAAC,YAAY,EAAE,OAAO,KAAK,KAAK,IAAI,OAAO,CAAC,YAAY,EAAE,SAAS,EAAE,CAAC;YAC7E,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC;YACjD,MAAM,WAAW,GAAG,CAAC,wBAAwB,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;YAGxE,IAAI,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,KAAK,CACX,6CAA6C;oBAC7C,0HAA0H;oBAC1H,iGAAiG;oBACjG,qFAAqF,CACxF,CAAC;YACN,CAAC;QACL,CAAC;IACL,CAAC;IAED,MAAM,CAAC,UAAU;QACb,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAChB,IAAI,CAAC,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QAC9C,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC;IACxB,CAAC;IAED,MAAM,CAAC,iBAAiB;QACpB,OAAO,EAAE,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;IACtC,CAAC;IAED,SAAS;QACL,OAAO,mBAAiB,CAAC,UAAU,EAAE,CAAC;IAC1C,CAAC;IAED,SAAS,CAAC,OAA0B;QAChC,mBAAiB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC;;AAlLQ,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;;GACA,iBAAiB,CAmL7B"}