@ackplus/nest-auth 2.0.0-beta.10 → 2.0.0-beta.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/dist/lib/admin-console/controllers/admin-users.controller.d.ts.map +1 -1
  2. package/dist/lib/admin-console/controllers/admin-users.controller.js +2 -1
  3. package/dist/lib/admin-console/controllers/admin-users.controller.js.map +1 -1
  4. package/dist/lib/admin-console/static/index.html +1 -1
  5. package/dist/lib/admin-console/static/nest-auth.json +1 -1
  6. package/dist/lib/auth/controllers/auth.controller.d.ts +1 -1
  7. package/dist/lib/auth/controllers/auth.controller.d.ts.map +1 -1
  8. package/dist/lib/auth/controllers/auth.controller.js +5 -1
  9. package/dist/lib/auth/controllers/auth.controller.js.map +1 -1
  10. package/dist/lib/auth/events/user-logged-in.event.d.ts +3 -1
  11. package/dist/lib/auth/events/user-logged-in.event.d.ts.map +1 -1
  12. package/dist/lib/auth/events/user-logged-in.event.js.map +1 -1
  13. package/dist/lib/auth/events/user-registered.event.d.ts +2 -1
  14. package/dist/lib/auth/events/user-registered.event.d.ts.map +1 -1
  15. package/dist/lib/auth/events/user-registered.event.js.map +1 -1
  16. package/dist/lib/auth/services/auth.service.d.ts +7 -2
  17. package/dist/lib/auth/services/auth.service.d.ts.map +1 -1
  18. package/dist/lib/auth/services/auth.service.js +98 -116
  19. package/dist/lib/auth/services/auth.service.js.map +1 -1
  20. package/dist/lib/session/services/session-manager.service.d.ts +4 -1
  21. package/dist/lib/session/services/session-manager.service.d.ts.map +1 -1
  22. package/dist/lib/session/services/session-manager.service.js +9 -11
  23. package/dist/lib/session/services/session-manager.service.js.map +1 -1
  24. package/dist/lib/user/entities/platform-access.entity.d.ts +0 -1
  25. package/dist/lib/user/entities/platform-access.entity.d.ts.map +1 -1
  26. package/dist/lib/user/entities/platform-access.entity.js +2 -15
  27. package/dist/lib/user/entities/platform-access.entity.js.map +1 -1
  28. package/dist/lib/user/entities/user-access.entity.d.ts +1 -2
  29. package/dist/lib/user/entities/user-access.entity.d.ts.map +1 -1
  30. package/dist/lib/user/entities/user-access.entity.js +3 -16
  31. package/dist/lib/user/entities/user-access.entity.js.map +1 -1
  32. package/dist/lib/user/entities/user.entity.d.ts +2 -2
  33. package/dist/lib/user/entities/user.entity.d.ts.map +1 -1
  34. package/dist/lib/user/entities/user.entity.js +24 -8
  35. package/dist/lib/user/entities/user.entity.js.map +1 -1
  36. package/dist/lib/user/services/user.service.d.ts.map +1 -1
  37. package/dist/lib/user/services/user.service.js +1 -2
  38. package/dist/lib/user/services/user.service.js.map +1 -1
  39. package/package.json +2 -2
package/dist/lib/auth/events/user-logged-in.event.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user-logged-in.event.js","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-logged-in.event.ts"],"names":[],"mappings":";;;AAiBA,MAAa,iBAAiB;IAEN;IADpB,YACoB,OAAiC;QAAjC,YAAO,GAAP,OAAO,CAA0B;IACjD,CAAC;CACR;AAJD,8CAIC"}
1
+ {"version":3,"file":"user-logged-in.event.js","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-logged-in.event.ts"],"names":[],"mappings":";;;AAmBA,MAAa,iBAAiB;IAEN;IADpB,YACoB,OAAiC;QAAjC,YAAO,GAAP,OAAO,CAA0B;IACjD,CAAC;CACR;AAJD,8CAIC"}
package/dist/lib/auth/events/user-registered.event.d.ts CHANGED
@@ -1,10 +1,11 @@
1
1
  import { NestAuthUser } from "../../user/entities/user.entity";
2
2
  import { AuthTokensResponseDto } from "../dto/responses/auth.response.dto";
3
3
  import { NestAuthSignupRequestDto } from '../dto/requests/signup.request.dto';
4
- import { SessionPayload } from "../../core";
4
+ import { NestAuthUserAccess, SessionPayload } from "../../core";
5
5
  import { BaseAuthProvider } from "../../core/providers/base-auth.provider";
6
6
  export interface UserRegisteredEventPayload {
7
7
  user: NestAuthUser;
8
+ userAccess: NestAuthUserAccess;
8
9
  tenantId?: string;
9
10
  input: NestAuthSignupRequestDto;
10
11
  provider: BaseAuthProvider;
package/dist/lib/auth/events/user-registered.event.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user-registered.event.d.ts","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-registered.event.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAE3E,MAAM,WAAW,0BAA0B;IACvC,IAAI,EAAE,YAAY,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,wBAAwB,CAAC;IAChC,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,OAAO,EAAE,cAAc,CAAC;IACxB,MAAM,EAAE,qBAAqB,CAAC;IAC9B,aAAa,EAAE,OAAO,CAAC;CAC1B;AAGD,qBAAa,mBAAmB;aAER,OAAO,EAAE,0BAA0B;gBAAnC,OAAO,EAAE,0BAA0B;CAE1D"}
1
+ {"version":3,"file":"user-registered.event.d.ts","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-registered.event.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAE3E,MAAM,WAAW,0BAA0B;IACvC,IAAI,EAAE,YAAY,CAAC;IACnB,UAAU,EAAE,kBAAkB,CAAC;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,wBAAwB,CAAC;IAChC,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,OAAO,EAAE,cAAc,CAAC;IACxB,MAAM,EAAE,qBAAqB,CAAC;IAC9B,aAAa,EAAE,OAAO,CAAC;CAC1B;AAGD,qBAAa,mBAAmB;aAER,OAAO,EAAE,0BAA0B;gBAAnC,OAAO,EAAE,0BAA0B;CAE1D"}
package/dist/lib/auth/events/user-registered.event.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user-registered.event.js","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-registered.event.ts"],"names":[],"mappings":";;;AAkBA,MAAa,mBAAmB;IAER;IADpB,YACoB,OAAmC;QAAnC,YAAO,GAAP,OAAO,CAA4B;IACnD,CAAC;CACR;AAJD,kDAIC"}
1
+ {"version":3,"file":"user-registered.event.js","sourceRoot":"","sources":["../../../../src/lib/auth/events/user-registered.event.ts"],"names":[],"mappings":";;;AAmBA,MAAa,mBAAmB;IAER;IADpB,YACoB,OAAmC;QAAnC,YAAO,GAAP,OAAO,CAA4B;IACnD,CAAC;CACR;AAJD,kDAIC"}
package/dist/lib/auth/services/auth.service.d.ts CHANGED
@@ -18,6 +18,8 @@ import { AuthTokensResponseDto } from '../dto/responses/auth.response.dto';
18
18
  import { UserService } from '../../user/services/user.service';
19
19
  import { ITenantContextService } from '../../tenant/tenant-context/tenant-context.interface';
20
20
  import { OtpFlowService } from './otp-flow.service';
21
+ import { NestAuthUserAccess } from '../../user/entities/user-access.entity';
22
+ import { NestAuthPlatformAccess } from '../../user/entities/platform-access.entity';
21
23
  export declare class AuthService {
22
24
  private readonly userRepository;
23
25
  private readonly authProviderRegistry;
@@ -34,7 +36,11 @@ export declare class AuthService {
34
36
  private readonly authConfig;
35
37
  constructor(userRepository: Repository<NestAuthUser>, authProviderRegistry: AuthProviderRegistryService, mfaService: MfaService, sessionManager: SessionManagerService, jwtService: JwtService, eventEmitter: EventEmitter2, tenantService: TenantService, debugLogger: DebugLoggerService, authConfigService: AuthConfigService, userService: UserService, otpFlow: OtpFlowService, tenantContext: ITenantContextService);
36
38
  getUserWithRoles(userId: string, relations?: string[]): Promise<NestAuthUser>;
37
- getUser(): Promise<any>;
39
+ getUserWithAccess(userId: string, tenantId: string, isPlatformAccess?: boolean): Promise<{
40
+ user: NestAuthUser;
41
+ userAccess?: NestAuthUserAccess;
42
+ platformAccess?: NestAuthPlatformAccess;
43
+ }>;
38
44
  signup(input: NestAuthSignupRequestDto): Promise<AuthResponseDto>;
39
45
  login(input: NestAuthLoginRequestDto): Promise<AuthResponseDto>;
40
46
  private resolveOrCreateUserForSend;
@@ -53,7 +59,6 @@ export declare class AuthService {
53
59
  refreshToken(refreshToken: string): Promise<import("../dto/responses/auth.response.dto").AuthWithTokensResponseDto>;
54
60
  logout(logoutType?: 'user' | 'admin' | 'system', reason?: string): Promise<boolean>;
55
61
  logoutAll(userId: string, logoutType?: 'user' | 'admin' | 'system', reason?: string): Promise<boolean>;
56
- private getTenantMode;
57
62
  private ensureTenantAccess;
58
63
  private generateTokensPayload;
59
64
  private handleError;
package/dist/lib/auth/services/auth.service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../../../src/lib/auth/services/auth.service.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAS/D,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,gDAAgD,CAAC;AAEvF,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,uBAAuB,EAAE,MAAM,mCAAmC,CAAC;AAC5E,OAAO,EAAE,2BAA2B,EAAE,MAAM,wCAAwC,CAAC;AACrF,OAAO,EAAE,qBAAqB,EAAuC,MAAM,8BAA8B,CAAC;AAS1G,OAAO,EAAE,2BAA2B,EAAE,MAAM,oDAAoD,CAAC;AACjG,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0CAA0C,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AAE5E,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAE/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sDAAsD,CAAC;AAI7F,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAMpD,qBACa,WAAW;IAMhB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAE/B,OAAO,CAAC,QAAQ,CAAC,oBAAoB;IAErC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAE3B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAE/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAE3B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAE7B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAE9B,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAElC,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,OAAO;IAGxB,OAAO,CAAC,QAAQ,CAAC,aAAa;IA3BlC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAqB;gBAI3B,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC,EAExC,oBAAoB,EAAE,2BAA2B,EAEjD,UAAU,EAAE,UAAU,EAEtB,cAAc,EAAE,qBAAqB,EAErC,UAAU,EAAE,UAAU,EAEtB,YAAY,EAAE,aAAa,EAE3B,aAAa,EAAE,aAAa,EAE5B,WAAW,EAAE,kBAAkB,EAE/B,iBAAiB,EAAE,iBAAiB,EAEpC,WAAW,EAAE,WAAW,EAExB,OAAO,EAAE,cAAc,EAGvB,aAAa,EAAE,qBAAqB;IAOzD,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,GAAE,MAAM,EAAO,GAAG,OAAO,CAAC,YAAY,CAAC;IAW3E,OAAO;IAgBP,MAAM,CAAC,KAAK,EAAE,wBAAwB,GAAG,OAAO,CAAC,eAAe,CAAC;IAiLjE,KAAK,CAAC,KAAK,EAAE,uBAAuB,GAAG,OAAO,CAAC,eAAe,CAAC;YA2JvD,0BAA0B;IA0FlC,gBAAgB,CAAC,KAAK,EAAE;QAC1B,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,OAAO,GAAG,KAAK,CAAC;QACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACrB,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IA2C1B,SAAS,CAAC,KAAK,EAAE,2BAA2B;IAwE5C,YAAY,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,eAAe,CAAC;IAwDhE,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB;YAejD,iBAAiB;YAwDjB,wBAAwB;IA4BhC,YAAY,CAAC,YAAY,EAAE,MAAM;IA4HjC,MAAM,CAAC,UAAU,GAAE,MAAM,GAAG,OAAO,GAAG,QAAiB,EAAE,MAAM,CAAC,EAAE,MAAM;IAwBxE,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,GAAE,MAAM,GAAG,OAAO,GAAG,QAAiB,EAAE,MAAM,CAAC,EAAE,MAAM;IA0BjG,OAAO,CAAC,aAAa;YAMP,kBAAkB;YAqBlB,qBAAqB;IA4BnC,OAAO,CAAC,WAAW;IAYb,yBAAyB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAMnF,oBAAoB,CACtB,IAAI,EAAE,YAAY,EAClB,OAAO,EAAE,GAAG,EACZ,MAAM,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,EACrD,aAAa,EAAE,OAAO,EACtB,UAAU,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,eAAe,CAAC;YAqFb,kBAAkB;CAgBnC"}
1
+ {"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../../../src/lib/auth/services/auth.service.ts"],"names":[],"mappings":"AAOA,OAAO,EAAiB,UAAU,EAAE,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAS/D,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,gDAAgD,CAAC;AAEvF,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,uBAAuB,EAAE,MAAM,mCAAmC,CAAC;AAC5E,OAAO,EAAE,2BAA2B,EAAE,MAAM,wCAAwC,CAAC;AACrF,OAAO,EAAE,qBAAqB,EAAuC,MAAM,8BAA8B,CAAC;AAS1G,OAAO,EAAE,2BAA2B,EAAE,MAAM,oDAAoD,CAAC;AACjG,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0CAA0C,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AAE5E,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAE/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sDAAsD,CAAC;AAI7F,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAIpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAC;AAC5E,OAAO,EAAE,sBAAsB,EAAE,MAAM,4CAA4C,CAAC;AAGpF,qBACa,WAAW;IAMhB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAE/B,OAAO,CAAC,QAAQ,CAAC,oBAAoB;IAErC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAE3B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAE/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAE3B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAE7B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAE9B,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAElC,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,OAAO;IAGxB,OAAO,CAAC,QAAQ,CAAC,aAAa;IA3BlC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAqB;gBAI3B,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC,EAExC,oBAAoB,EAAE,2BAA2B,EAEjD,UAAU,EAAE,UAAU,EAEtB,cAAc,EAAE,qBAAqB,EAErC,UAAU,EAAE,UAAU,EAEtB,YAAY,EAAE,aAAa,EAE3B,aAAa,EAAE,aAAa,EAE5B,WAAW,EAAE,kBAAkB,EAE/B,iBAAiB,EAAE,iBAAiB,EAEpC,WAAW,EAAE,WAAW,EAExB,OAAO,EAAE,cAAc,EAGvB,aAAa,EAAE,qBAAqB;IAOzD,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,GAAE,MAAM,EAAO,GAAG,OAAO,CAAC,YAAY,CAAC;IAU3E,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,gBAAgB,UAAQ,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,UAAU,CAAC,EAAE,kBAAkB,CAAC;QAAC,cAAc,CAAC,EAAE,sBAAsB,CAAA;KAAE,CAAC;IA0BxL,MAAM,CAAC,KAAK,EAAE,wBAAwB,GAAG,OAAO,CAAC,eAAe,CAAC;IA6KjE,KAAK,CAAC,KAAK,EAAE,uBAAuB,GAAG,OAAO,CAAC,eAAe,CAAC;YAuJvD,0BAA0B;IA0FlC,gBAAgB,CAAC,KAAK,EAAE;QAC1B,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,OAAO,GAAG,KAAK,CAAC;QACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACrB,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IA2C1B,SAAS,CAAC,KAAK,EAAE,2BAA2B;IAsE5C,YAAY,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,eAAe,CAAC;IA2ChE,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB;YAejD,iBAAiB;YAwDjB,wBAAwB;IA4BhC,YAAY,CAAC,YAAY,EAAE,MAAM;IAqJjC,MAAM,CAAC,UAAU,GAAE,MAAM,GAAG,OAAO,GAAG,QAAiB,EAAE,MAAM,CAAC,EAAE,MAAM;IAwBxE,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,GAAE,MAAM,GAAG,OAAO,GAAG,QAAiB,EAAE,MAAM,CAAC,EAAE,MAAM;YAyBnF,kBAAkB;YAqBlB,qBAAqB;IA4BnC,OAAO,CAAC,WAAW;IAYb,yBAAyB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAMnF,oBAAoB,CACtB,IAAI,EAAE,YAAY,EAClB,OAAO,EAAE,GAAG,EACZ,MAAM,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,EACrD,aAAa,EAAE,OAAO,EACtB,UAAU,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,eAAe,CAAC;YA2Db,kBAAkB;CAgBnC"}
package/dist/lib/auth/services/auth.service.js CHANGED
@@ -44,6 +44,8 @@ const utils_1 = require("../../utils");
44
44
  const otp_flow_service_1 = require("./otp-flow.service");
45
45
  const passwordless_code_requested_event_1 = require("../events/passwordless-code-requested.event");
46
46
  const lodash_1 = require("lodash");
47
+ const user_access_entity_1 = require("../../user/entities/user-access.entity");
48
+ const platform_access_entity_1 = require("../../user/entities/platform-access.entity");
47
49
  let AuthService = class AuthService {
48
50
  userRepository;
49
51
  authProviderRegistry;
@@ -83,17 +85,29 @@ let AuthService = class AuthService {
83
85
  ],
84
86
  });
85
87
  }
86
- async getUser() {
87
- const user = await request_context_1.RequestContext.currentUser();
88
- if (!user) {
89
- return null;
90
- }
91
- const fullUser = await this.getUserWithRoles(user.id);
92
- let serializedUser = fullUser;
93
- if (this.authConfig.user?.serialize) {
94
- serializedUser = await this.authConfig.user.serialize(fullUser);
88
+ async getUserWithAccess(userId, tenantId, isPlatformAccess = false) {
89
+ const user = await this.userRepository.findOne({
90
+ where: {
91
+ id: userId,
92
+ ...(tenantId ? { userAccesses: { tenantId } } : {}),
93
+ }
94
+ });
95
+ if (isPlatformAccess) {
96
+ const platformAccess = await platform_access_entity_1.NestAuthPlatformAccess.findOne({
97
+ where: { userId, isActive: true },
98
+ relations: ['roles', 'roles.rolePermissions', 'roles.rolePermissions.permission'],
99
+ });
100
+ return { user, platformAccess };
95
101
  }
96
- return serializedUser;
102
+ const userAccess = await user_access_entity_1.NestAuthUserAccess.findOne({
103
+ where: {
104
+ userId,
105
+ isActive: true,
106
+ tenantId: tenantId ? (0, typeorm_2.Equal)(tenantId) : (0, typeorm_2.IsNull)(),
107
+ },
108
+ relations: ['roles', 'roles.rolePermissions', 'roles.rolePermissions.permission'],
109
+ });
110
+ return { user, userAccess };
97
111
  }
98
112
  async signup(input) {
99
113
  this.debugLogger.logFunctionEntry('signup', 'AuthService', { email: input.email, phone: input.phone, hasPassword: !!input.password });
@@ -141,11 +155,9 @@ let AuthService = class AuthService {
141
155
  code: auth_constants_1.ERROR_CODES.PROVIDER_NOT_FOUND,
142
156
  });
143
157
  }
144
- console.log('providersToLink', providersToLink);
145
158
  for (const item of providersToLink) {
146
- this.debugLogger.debug('Checking for existing identity', 'AuthService', { providerId: item.providerId, type: item.type });
147
- const identity = await item.provider.findIdentity(item.providerId, (tenantMode === nest_auth_contracts_1.TenantModeEnum.ISOLATED && tenetEnabled) ? tenantId : undefined);
148
- console.log('identity', identity);
159
+ const requiredTenantId = this.tenantService.checkRequiredTenant(tenantId);
160
+ const identity = await item.provider.findIdentity(item.providerId, requiredTenantId ? tenantId : undefined);
149
161
  if (identity) {
150
162
  this.debugLogger.warn('Identity already exists', 'AuthService', { email: !!email, phone: !!phone, tenantId });
151
163
  if (item.type === 'email') {
@@ -163,7 +175,7 @@ let AuthService = class AuthService {
163
175
  }
164
176
  }
165
177
  this.debugLogger.debug('Creating new user via UserService', 'AuthService', { email: !!email, phone: !!phone, tenantId });
166
- let user = await this.userService.createUser({
178
+ const user = await this.userService.createUser({
167
179
  email,
168
180
  phone,
169
181
  isVerified: false,
@@ -177,15 +189,11 @@ let AuthService = class AuthService {
177
189
  if (this.authConfig.registrationHooks?.onSignup) {
178
190
  this.debugLogger.debug('Applying registrationHooks.onSignup hook', 'AuthService', { userId: user.id });
179
191
  const request = request_context_1.RequestContext.currentRequest();
180
- const modifiedUser = await this.authConfig.registrationHooks.onSignup(user, input, { request });
181
- if (modifiedUser) {
182
- user = modifiedUser;
183
- }
192
+ await this.authConfig.registrationHooks.onSignup(user, input, { request });
184
193
  }
185
- user = await this.getUserWithRoles(user.id, ['userAccesses', 'userAccesses.roles', 'userAccesses.tenant']);
186
- const userRoles = user.userAccesses?.map(access => access.roles).flat();
194
+ const { user: authUser, userAccess } = await this.getUserWithAccess(user.id, tenantId);
187
195
  if (input?.guard) {
188
- const isExistsGuard = userRoles?.some(r => r.guard === input.guard);
196
+ const isExistsGuard = userAccess?.roles?.some(r => r?.guard === input.guard);
189
197
  if (!isExistsGuard) {
190
198
  await this.userService.deleteUser(user.id);
191
199
  throw new common_1.UnauthorizedException({
@@ -194,15 +202,16 @@ let AuthService = class AuthService {
194
202
  });
195
203
  }
196
204
  }
197
- this.debugLogger.debug('Creating session for new user', 'AuthService', { userId: user.id });
198
- const session = await this.sessionManager.createSessionFromUser(user, { tenantId });
205
+ this.debugLogger.debug('Creating session for new user', 'AuthService', { userId: authUser.id });
206
+ const session = await this.sessionManager.createSessionFromUser(authUser, userAccess, { tenantId });
199
207
  const tokens = await this.generateTokensFromSession(session);
200
- const isRequiresMfa = await this.mfaService.isRequiresMfa(user.id);
201
- this.debugLogger.debug('Signup tokens generated', 'AuthService', { userId: user.id, isRequiresMfa });
202
- this.debugLogger.debug('Emitting user registration event', 'AuthService', { userId: user.id });
208
+ const isRequiresMfa = await this.mfaService.isRequiresMfa(authUser.id);
209
+ this.debugLogger.debug('Signup tokens generated', 'AuthService', { userId: authUser.id, isRequiresMfa });
210
+ this.debugLogger.debug('Emitting user registration event', 'AuthService', { userId: authUser.id });
203
211
  const provider = providersToLink[0]?.provider;
204
212
  await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.REGISTERED, new user_registered_event_1.UserRegisteredEvent({
205
- user,
213
+ user: authUser,
214
+ userAccess,
206
215
  tenantId,
207
216
  input,
208
217
  provider,
@@ -220,7 +229,7 @@ let AuthService = class AuthService {
220
229
  isRequiresMfa: false,
221
230
  };
222
231
  }
223
- return this.generateAuthResponse(user, session, tokens, isRequiresMfa, undefined);
232
+ return this.generateAuthResponse(authUser, session, tokens, isRequiresMfa, undefined);
224
233
  }
225
234
  catch (error) {
226
235
  this.debugLogger.logError(error, 'signup', { email: input.email, phone: input.phone });
@@ -274,15 +283,14 @@ let AuthService = class AuthService {
274
283
  code: auth_constants_1.ERROR_CODES.ACCOUNT_INACTIVE,
275
284
  });
276
285
  }
277
- user = await this.getUserWithRoles(user.id, ['userAccesses.tenant']);
286
+ const { user: authUser, userAccess, platformAccess } = await this.getUserWithAccess(user.id, resolvedTenantId, isPlatformAccess);
278
287
  if (this.authConfig.loginHooks?.onLogin) {
279
- this.debugLogger.debug('Applying loginHooks.onLogin hook', 'AuthService', { userId: user.id });
288
+ this.debugLogger.debug('Applying loginHooks.onLogin hook', 'AuthService', { userId: authUser.id });
280
289
  const request = request_context_1.RequestContext.currentRequest();
281
- await this.authConfig.loginHooks.onLogin(user, input, { request, provider });
290
+ await this.authConfig.loginHooks.onLogin(authUser, input, { request, provider });
282
291
  }
283
292
  if (isPlatformAccess) {
284
- const isPlatformAdmin = await access_role_resolver_util_1.AccessRoleResolver.isPlatformAdminUser(user.id);
285
- if (!isPlatformAdmin) {
293
+ if (authUser && !platformAccess) {
286
294
  throw new common_1.ForbiddenException({
287
295
  message: 'Only platform admins can login',
288
296
  code: auth_constants_1.ERROR_CODES.ACCESS_DENIED,
@@ -290,26 +298,21 @@ let AuthService = class AuthService {
290
298
  }
291
299
  }
292
300
  else {
293
- await this.ensureTenantAccess(user, resolvedTenantId, createUserIfNotExists);
301
+ await this.ensureTenantAccess(authUser, resolvedTenantId, createUserIfNotExists);
294
302
  }
295
303
  let isRequiresMfa = false;
296
304
  let isTrusted = false;
297
305
  if (!provider.skipMfa) {
298
- isRequiresMfa = await this.mfaService.isRequiresMfa(user.id);
306
+ isRequiresMfa = await this.mfaService.isRequiresMfa(authUser.id);
299
307
  }
300
308
  user.isMfaEnabled = isRequiresMfa;
301
309
  if (guard) {
302
310
  let guardRoles = [];
303
311
  if (isPlatformAccess) {
304
- const { roles } = await access_role_resolver_util_1.AccessRoleResolver.resolvePlatformAccessRolesAndPermissions(user.id);
305
- guardRoles = roles;
312
+ guardRoles = platformAccess?.roles ?? [];
306
313
  }
307
314
  else {
308
- const { roles } = await access_role_resolver_util_1.AccessRoleResolver.resolveRolesAndPermissionsForTenantContext({
309
- userId: user.id,
310
- tenantId: resolvedTenantId ?? null,
311
- });
312
- guardRoles = roles;
315
+ guardRoles = userAccess?.roles ?? [];
313
316
  }
314
317
  const isExistsGuard = guardRoles.some(r => r.guard === guard);
315
318
  if (!isExistsGuard) {
@@ -319,8 +322,9 @@ let AuthService = class AuthService {
319
322
  });
320
323
  }
321
324
  }
322
- let session = await this.sessionManager.createSessionFromUser(user, {
325
+ let session = await this.sessionManager.createSessionFromUser(authUser, userAccess, {
323
326
  tenantId: resolvedTenantId,
327
+ platformAccess: platformAccess,
324
328
  isPlatformAccess: isPlatformAccess ?? false
325
329
  });
326
330
  if (isRequiresMfa) {
@@ -334,7 +338,9 @@ let AuthService = class AuthService {
334
338
  }
335
339
  const tokens = await this.generateTokensFromSession(session);
336
340
  await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.LOGGED_IN, new user_logged_in_event_1.UserLoggedInEvent({
337
- user,
341
+ user: authUser,
342
+ userAccess,
343
+ platformAccess,
338
344
  tenantId,
339
345
  input,
340
346
  provider,
@@ -342,7 +348,7 @@ let AuthService = class AuthService {
342
348
  tokens,
343
349
  isRequiresMfa
344
350
  }));
345
- return this.generateAuthResponse(user, session, tokens, isRequiresMfa);
351
+ return this.generateAuthResponse(authUser, session, tokens, isRequiresMfa);
346
352
  }
347
353
  catch (error) {
348
354
  this.debugLogger.logError(error, 'login', { providerName, createUserIfNotExists });
@@ -461,9 +467,9 @@ let AuthService = class AuthService {
461
467
  async verify2fa(input) {
462
468
  this.debugLogger.logFunctionEntry('verify2fa', 'AuthService', { method: input.method });
463
469
  try {
470
+ let user = await request_context_1.RequestContext.currentUser();
464
471
  const session = request_context_1.RequestContext.currentSession();
465
472
  if (!session) {
466
- this.debugLogger.error('Session not found for 2FA verification', 'AuthService');
467
473
  throw new common_1.UnauthorizedException({
468
474
  message: 'Session not found',
469
475
  code: auth_constants_1.ERROR_CODES.SESSION_NOT_FOUND,
@@ -472,13 +478,11 @@ let AuthService = class AuthService {
472
478
  this.debugLogger.debug('Verifying MFA code', 'AuthService', { userId: session.userId, method: input.method });
473
479
  const isValid = await this.mfaService.verifyMfa(session.userId, input.otp, input.method);
474
480
  if (!isValid) {
475
- this.debugLogger.warn('Invalid MFA code provided', 'AuthService', { userId: session.userId, method: input.method });
476
481
  throw new common_1.UnauthorizedException({
477
482
  message: 'Invalid MFA code',
478
483
  code: auth_constants_1.ERROR_CODES.MFA_CODE_INVALID,
479
484
  });
480
485
  }
481
- this.debugLogger.debug('Updating session with MFA verification', 'AuthService', { sessionId: session.id });
482
486
  const payload = await this.sessionManager.updateSession(session.id, {
483
487
  data: {
484
488
  ...session.data,
@@ -495,10 +499,12 @@ let AuthService = class AuthService {
495
499
  trustToken = await this.mfaService.createTrustedDevice(session.userId, userAgent, ip);
496
500
  }
497
501
  }
498
- const user = await this.getUser();
502
+ if (!user) {
503
+ return null;
504
+ }
499
505
  this.debugLogger.debug('Emitting 2FA verified event', 'AuthService', { userId: user.id });
500
506
  await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.TWO_FACTOR_VERIFIED, new user_2fa_verified_event_1.User2faVerifiedEvent({
501
- user: user,
507
+ user,
502
508
  tenantId: payload.data?.tenantId ?? user?.tenantId,
503
509
  input,
504
510
  session: payload,
@@ -522,16 +528,7 @@ let AuthService = class AuthService {
522
528
  });
523
529
  }
524
530
  const resolvedTenantId = await this.tenantService.resolveTenantId(tenantId || null);
525
- const user = await this.userRepository.findOne({
526
- where: { id: session.userId },
527
- relations: [
528
- 'userAccesses',
529
- 'userAccesses.tenant',
530
- 'userAccesses.roles',
531
- 'userAccesses.roles.rolePermissions',
532
- 'userAccesses.roles.rolePermissions.permission',
533
- ],
534
- });
531
+ const { user, userAccess } = await this.getUserWithAccess(session.userId, resolvedTenantId);
535
532
  if (!user) {
536
533
  throw new common_1.UnauthorizedException({
537
534
  message: 'User not found',
@@ -539,11 +536,7 @@ let AuthService = class AuthService {
539
536
  });
540
537
  }
541
538
  await this.ensureTenantAccess(user, resolvedTenantId, false);
542
- const accessForTenant = (user.userAccesses ?? []).find((a) => {
543
- const aTenantId = a?.tenantId ?? null;
544
- return aTenantId === (resolvedTenantId ?? null);
545
- });
546
- const rolesWithPermissions = accessForTenant?.roles ?? [];
539
+ const rolesWithPermissions = userAccess?.roles ?? [];
547
540
  const permissions = (0, lodash_1.chain)(rolesWithPermissions)
548
541
  .map((role) => (0, role_mapper_util_1.getRolePermissionNames)(role))
549
542
  .flatten()
@@ -640,6 +633,7 @@ let AuthService = class AuthService {
640
633
  code: auth_constants_1.ERROR_CODES.REFRESH_TOKEN_INVALID,
641
634
  });
642
635
  }
636
+ const isPlatformAccess = await access_role_resolver_util_1.AccessRoleResolver.isPlatformAccess();
643
637
  this.debugLogger.debug('Verifying refresh token', 'AuthService');
644
638
  let payload;
645
639
  try {
@@ -665,16 +659,7 @@ let AuthService = class AuthService {
665
659
  code: auth_constants_1.ERROR_CODES.REFRESH_TOKEN_INVALID,
666
660
  });
667
661
  }
668
- const user = await this.userRepository.findOne({
669
- where: { id: session.userId },
670
- relations: [
671
- 'userAccesses',
672
- 'userAccesses.roles',
673
- 'userAccesses.roles.rolePermissions',
674
- 'userAccesses.roles.rolePermissions.permission',
675
- 'userAccesses.tenant'
676
- ]
677
- });
662
+ const { user, userAccess, platformAccess } = await this.getUserWithAccess(session.userId, session.data?.tenantId ?? null, isPlatformAccess);
678
663
  if (!user) {
679
664
  await this.sessionManager.revokeSession(session.id);
680
665
  throw new common_1.UnauthorizedException({
@@ -690,19 +675,47 @@ let AuthService = class AuthService {
690
675
  });
691
676
  }
692
677
  const tenantId = session.data?.tenantId ?? null;
693
- try {
694
- await this.ensureTenantAccess(user, tenantId, false);
678
+ if (!isPlatformAccess && !userAccess) {
679
+ try {
680
+ await this.ensureTenantAccess(user, tenantId, false);
681
+ }
682
+ catch (error) {
683
+ await this.sessionManager.revokeSession(session.id);
684
+ throw error;
685
+ }
695
686
  }
696
- catch (e) {
687
+ if (isPlatformAccess && !platformAccess) {
697
688
  await this.sessionManager.revokeSession(session.id);
698
- throw e;
689
+ throw new common_1.UnauthorizedException({
690
+ message: 'You are not authorized to platform access',
691
+ code: auth_constants_1.ERROR_CODES.ACCESS_DENIED,
692
+ });
699
693
  }
700
694
  const isMfaVerified = !!session.data?.isMfaVerified;
701
- const freshSessionData = await this.buildSessionDataFromUser({
695
+ let roles = [];
696
+ if (isPlatformAccess) {
697
+ roles = platformAccess?.roles ?? [];
698
+ }
699
+ else {
700
+ roles = userAccess?.roles ?? [];
701
+ }
702
+ const permissions = (0, lodash_1.chain)(roles)
703
+ .map((role) => (0, role_mapper_util_1.getRolePermissionNames)(role))
704
+ .flatten()
705
+ .uniq()
706
+ .value();
707
+ let freshSessionData = {
702
708
  user,
703
- tenantId,
704
709
  isMfaVerified,
705
- });
710
+ roles: roles.map((role) => (0, role_mapper_util_1.mapRoleToSessionSnapshot)(role)),
711
+ permissions,
712
+ tenantId,
713
+ isPlatformAccess: isPlatformAccess ?? false,
714
+ };
715
+ const customize = auth_config_service_1.AuthConfigService.getOptions().session?.customizeSessionData;
716
+ if (customize) {
717
+ freshSessionData = await customize(freshSessionData, user);
718
+ }
706
719
  const refreshedSession = await this.sessionManager.refreshSession(session);
707
720
  const updatedSession = await this.sessionManager.updateSession(refreshedSession.id, {
708
721
  data: {
@@ -729,10 +742,10 @@ let AuthService = class AuthService {
729
742
  }
730
743
  async logout(logoutType = 'user', reason) {
731
744
  const session = request_context_1.RequestContext.currentSession();
732
- const user = await this.getUser();
745
+ const user = await request_context_1.RequestContext.currentUser();
733
746
  if (session) {
734
747
  await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.LOGGED_OUT, new logged_out_event_1.LoggedOutEvent({
735
- user: user,
748
+ user,
736
749
  tenantId: session?.data?.tenantId ?? user?.tenantId,
737
750
  session,
738
751
  logoutType,
@@ -757,11 +770,6 @@ let AuthService = class AuthService {
757
770
  }
758
771
  return true;
759
772
  }
760
- getTenantMode() {
761
- const config = this.authConfigService.getConfig();
762
- const mode = config.tenant?.mode;
763
- return mode === nest_auth_contracts_1.TenantModeEnum.SHARED ? nest_auth_contracts_1.TenantModeEnum.SHARED : nest_auth_contracts_1.TenantModeEnum.ISOLATED;
764
- }
765
773
  async ensureTenantAccess(user, tenantId, allowAutoJoin = false) {
766
774
  if (!tenantId || !this.tenantContext.isEnabled()) {
767
775
  return;
@@ -826,31 +834,6 @@ let AuthService = class AuthService {
826
834
  tenants = [fallbackTenant];
827
835
  }
828
836
  }
829
- let userWithAccesses = user;
830
- if (!user?.userAccesses?.length) {
831
- userWithAccesses = await this.getUserWithRoles(user.id, [
832
- 'userAccesses.tenant',
833
- ]);
834
- }
835
- const userAccesses = (userWithAccesses.userAccesses ?? []).map((access) => ({
836
- id: access.id,
837
- userId: access.userId,
838
- tenantId: access.tenantId,
839
- tenant: access.tenant ? {
840
- id: access.tenant.id,
841
- name: access.tenant.name,
842
- slug: access.tenant.slug,
843
- description: access.tenant.description,
844
- metadata: access.tenant.metadata,
845
- isActive: access.tenant.isActive,
846
- } : undefined,
847
- isActive: access.isActive,
848
- isDefault: access.isDefault,
849
- status: access.status,
850
- metadata: access.metadata ?? {},
851
- createdAt: access.createdAt,
852
- updatedAt: access.updatedAt,
853
- }));
854
837
  const rolesForResponse = session?.data?.roles || [];
855
838
  const roleNames = rolesForResponse?.map(r => r.name) || [];
856
839
  const permissions = session?.data?.permissions || [];
@@ -868,7 +851,6 @@ let AuthService = class AuthService {
868
851
  permissions,
869
852
  metadata: serializedUser.metadata,
870
853
  tenantId: activeTenantId,
871
- userAccesses,
872
854
  },
873
855
  };
874
856
  if (isRequiresMfa) {