@ackplus/nest-auth 2.0.0-beta.9 → 2.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +83 -130
- package/dist/index.d.ts +2 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -2
- package/dist/index.js.map +1 -1
- package/dist/lib/admin-console/admin-console.module.js +1 -1
- package/dist/lib/admin-console/admin-console.module.js.map +1 -1
- package/dist/lib/admin-console/controllers/admin-auth.controller.d.ts +3 -3
- package/dist/lib/admin-console/controllers/admin-auth.controller.d.ts.map +1 -1
- package/dist/lib/admin-console/controllers/admin-auth.controller.js +30 -12
- package/dist/lib/admin-console/controllers/admin-auth.controller.js.map +1 -1
- package/dist/lib/admin-console/controllers/admin-console.controller.d.ts +1 -1
- package/dist/lib/admin-console/controllers/admin-console.controller.d.ts.map +1 -1
- package/dist/lib/admin-console/controllers/admin-console.controller.js +19 -9
- package/dist/lib/admin-console/controllers/admin-console.controller.js.map +1 -1
- package/dist/lib/admin-console/controllers/admin-permissions.controller.d.ts.map +1 -1
- package/dist/lib/admin-console/controllers/admin-permissions.controller.js +19 -1
- package/dist/lib/admin-console/controllers/admin-permissions.controller.js.map +1 -1
- package/dist/lib/admin-console/controllers/admin-roles.controller.d.ts.map +1 -1
- package/dist/lib/admin-console/controllers/admin-roles.controller.js +15 -1
- package/dist/lib/admin-console/controllers/admin-roles.controller.js.map +1 -1
- package/dist/lib/admin-console/controllers/admin-tenants.controller.d.ts.map +1 -1
- package/dist/lib/admin-console/controllers/admin-tenants.controller.js +15 -1
- package/dist/lib/admin-console/controllers/admin-tenants.controller.js.map +1 -1
- package/dist/lib/admin-console/controllers/admin-users.controller.d.ts +13 -17
- package/dist/lib/admin-console/controllers/admin-users.controller.d.ts.map +1 -1
- package/dist/lib/admin-console/controllers/admin-users.controller.js +35 -13
- package/dist/lib/admin-console/controllers/admin-users.controller.js.map +1 -1
- package/dist/lib/admin-console/dto/admin-user.dto.d.ts +4 -2
- package/dist/lib/admin-console/dto/admin-user.dto.d.ts.map +1 -1
- package/dist/lib/admin-console/dto/admin-user.dto.js +16 -8
- package/dist/lib/admin-console/dto/admin-user.dto.js.map +1 -1
- package/dist/lib/admin-console/services/admin-console-config.service.d.ts.map +1 -1
- package/dist/lib/admin-console/services/admin-console-config.service.js +10 -4
- package/dist/lib/admin-console/services/admin-console-config.service.js.map +1 -1
- package/dist/lib/admin-console/services/admin-user-management.service.d.ts +1 -1
- package/dist/lib/admin-console/services/admin-user-management.service.d.ts.map +1 -1
- package/dist/lib/admin-console/services/admin-user-management.service.js +1 -1
- package/dist/lib/admin-console/services/admin-user-management.service.js.map +1 -1
- package/dist/lib/admin-console/static/index.html +632 -567
- package/dist/lib/admin-console/static/nest-auth.json +3502 -157
- package/dist/lib/audit/services/audit.service.d.ts +2 -0
- package/dist/lib/audit/services/audit.service.d.ts.map +1 -1
- package/dist/lib/audit/services/audit.service.js +23 -0
- package/dist/lib/audit/services/audit.service.js.map +1 -1
- package/dist/lib/auth/auth.module.d.ts.map +1 -1
- package/dist/lib/auth/auth.module.js +6 -0
- package/dist/lib/auth/auth.module.js.map +1 -1
- package/dist/lib/auth/controllers/auth.controller.d.ts +3 -2
- package/dist/lib/auth/controllers/auth.controller.d.ts.map +1 -1
- package/dist/lib/auth/controllers/auth.controller.js +48 -24
- package/dist/lib/auth/controllers/auth.controller.js.map +1 -1
- package/dist/lib/auth/controllers/mfa.controller.d.ts.map +1 -1
- package/dist/lib/auth/controllers/mfa.controller.js +6 -1
- package/dist/lib/auth/controllers/mfa.controller.js.map +1 -1
- package/dist/lib/auth/dto/credentials/social-credentials.dto.d.ts +2 -0
- package/dist/lib/auth/dto/credentials/social-credentials.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/credentials/social-credentials.dto.js +28 -0
- package/dist/lib/auth/dto/credentials/social-credentials.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/verify-2fa.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/verify-2fa.request.dto.js +2 -0
- package/dist/lib/auth/dto/requests/verify-2fa.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/responses/auth.response.dto.d.ts +3 -5
- package/dist/lib/auth/dto/responses/auth.response.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/responses/auth.response.dto.js +11 -27
- package/dist/lib/auth/dto/responses/auth.response.dto.js.map +1 -1
- package/dist/lib/auth/entities/otp.entity.d.ts +1 -1
- package/dist/lib/auth/entities/otp.entity.d.ts.map +1 -1
- package/dist/lib/auth/entities/otp.entity.js.map +1 -1
- package/dist/lib/auth/entities/trusted-device.entity.d.ts.map +1 -1
- package/dist/lib/auth/entities/trusted-device.entity.js +1 -1
- package/dist/lib/auth/entities/trusted-device.entity.js.map +1 -1
- package/dist/lib/auth/events/login-failed.event.d.ts +15 -0
- package/dist/lib/auth/events/login-failed.event.d.ts.map +1 -0
- package/dist/lib/auth/events/login-failed.event.js +11 -0
- package/dist/lib/auth/events/login-failed.event.js.map +1 -0
- package/dist/lib/auth/events/user-logged-in.event.d.ts +3 -1
- package/dist/lib/auth/events/user-logged-in.event.d.ts.map +1 -1
- package/dist/lib/auth/events/user-logged-in.event.js.map +1 -1
- package/dist/lib/auth/events/user-registered.event.d.ts +2 -1
- package/dist/lib/auth/events/user-registered.event.d.ts.map +1 -1
- package/dist/lib/auth/events/user-registered.event.js.map +1 -1
- package/dist/lib/auth/guards/auth.guard.d.ts.map +1 -1
- package/dist/lib/auth/guards/auth.guard.js +1 -1
- package/dist/lib/auth/guards/auth.guard.js.map +1 -1
- package/dist/lib/auth/index.d.ts +1 -0
- package/dist/lib/auth/index.d.ts.map +1 -1
- package/dist/lib/auth/index.js +1 -0
- package/dist/lib/auth/index.js.map +1 -1
- package/dist/lib/auth/interceptors/token-response.interceptor.d.ts.map +1 -1
- package/dist/lib/auth/interceptors/token-response.interceptor.js +4 -3
- package/dist/lib/auth/interceptors/token-response.interceptor.js.map +1 -1
- package/dist/lib/auth/services/auth.service.d.ts +17 -6
- package/dist/lib/auth/services/auth.service.d.ts.map +1 -1
- package/dist/lib/auth/services/auth.service.js +271 -287
- package/dist/lib/auth/services/auth.service.js.map +1 -1
- package/dist/lib/auth/services/logout.service.d.ts +14 -0
- package/dist/lib/auth/services/logout.service.d.ts.map +1 -0
- package/dist/lib/auth/services/logout.service.js +74 -0
- package/dist/lib/auth/services/logout.service.js.map +1 -0
- package/dist/lib/auth/services/mfa.service.d.ts +2 -0
- package/dist/lib/auth/services/mfa.service.d.ts.map +1 -1
- package/dist/lib/auth/services/mfa.service.js +29 -6
- package/dist/lib/auth/services/mfa.service.js.map +1 -1
- package/dist/lib/auth/services/otp-flow.service.d.ts.map +1 -1
- package/dist/lib/auth/services/otp-flow.service.js +1 -2
- package/dist/lib/auth/services/otp-flow.service.js.map +1 -1
- package/dist/lib/auth/services/password.service.d.ts +2 -1
- package/dist/lib/auth/services/password.service.d.ts.map +1 -1
- package/dist/lib/auth/services/password.service.js +19 -6
- package/dist/lib/auth/services/password.service.js.map +1 -1
- package/dist/lib/auth/services/session-token.service.d.ts +37 -0
- package/dist/lib/auth/services/session-token.service.d.ts.map +1 -0
- package/dist/lib/auth/services/session-token.service.js +151 -0
- package/dist/lib/auth/services/session-token.service.js.map +1 -0
- package/dist/lib/auth/services/verification.service.d.ts.map +1 -1
- package/dist/lib/auth/services/verification.service.js +0 -5
- package/dist/lib/auth/services/verification.service.js.map +1 -1
- package/dist/lib/auth.constants.d.ts +15 -0
- package/dist/lib/auth.constants.d.ts.map +1 -1
- package/dist/lib/auth.constants.js +11 -0
- package/dist/lib/auth.constants.js.map +1 -1
- package/dist/lib/core/decorators/current-user.decorator.d.ts +3 -0
- package/dist/lib/core/decorators/current-user.decorator.d.ts.map +1 -0
- package/dist/lib/core/decorators/current-user.decorator.js +13 -0
- package/dist/lib/core/decorators/current-user.decorator.js.map +1 -0
- package/dist/lib/core/entities.d.ts +5 -3
- package/dist/lib/core/entities.d.ts.map +1 -1
- package/dist/lib/core/entities.js +5 -2
- package/dist/lib/core/entities.js.map +1 -1
- package/dist/lib/core/index.d.ts +3 -0
- package/dist/lib/core/index.d.ts.map +1 -1
- package/dist/lib/core/index.js +3 -0
- package/dist/lib/core/index.js.map +1 -1
- package/dist/lib/core/interfaces/auth-module-options.interface.d.ts +28 -5
- package/dist/lib/core/interfaces/auth-module-options.interface.d.ts.map +1 -1
- package/dist/lib/core/interfaces/session-options.interface.d.ts +5 -1
- package/dist/lib/core/interfaces/session-options.interface.d.ts.map +1 -1
- package/dist/lib/core/interfaces/session-options.interface.js +1 -0
- package/dist/lib/core/interfaces/session-options.interface.js.map +1 -1
- package/dist/lib/core/interfaces/token-payload.interface.d.ts +3 -1
- package/dist/lib/core/interfaces/token-payload.interface.d.ts.map +1 -1
- package/dist/lib/core/providers/apple-auth.provider.d.ts +13 -7
- package/dist/lib/core/providers/apple-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/apple-auth.provider.js +166 -7
- package/dist/lib/core/providers/apple-auth.provider.js.map +1 -1
- package/dist/lib/core/providers/base-auth.provider.d.ts +2 -0
- package/dist/lib/core/providers/base-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/base-auth.provider.js.map +1 -1
- package/dist/lib/core/providers/email-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/email-auth.provider.js +13 -2
- package/dist/lib/core/providers/email-auth.provider.js.map +1 -1
- package/dist/lib/core/providers/github-auth.provider.d.ts +3 -0
- package/dist/lib/core/providers/github-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/github-auth.provider.js +73 -24
- package/dist/lib/core/providers/github-auth.provider.js.map +1 -1
- package/dist/lib/core/providers/google-auth.provider.d.ts +1 -0
- package/dist/lib/core/providers/google-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/google-auth.provider.js +7 -1
- package/dist/lib/core/providers/google-auth.provider.js.map +1 -1
- package/dist/lib/core/providers/jwt-auth.provider.d.ts +2 -1
- package/dist/lib/core/providers/jwt-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/passwordless-auth.provider.d.ts +3 -1
- package/dist/lib/core/providers/passwordless-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/passwordless-auth.provider.js +11 -1
- package/dist/lib/core/providers/passwordless-auth.provider.js.map +1 -1
- package/dist/lib/core/providers/phone-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/phone-auth.provider.js +13 -2
- package/dist/lib/core/providers/phone-auth.provider.js.map +1 -1
- package/dist/lib/core/services/auth-config.service.d.ts.map +1 -1
- package/dist/lib/core/services/auth-config.service.js +6 -0
- package/dist/lib/core/services/auth-config.service.js.map +1 -1
- package/dist/lib/core/services/jwt.service.d.ts.map +1 -1
- package/dist/lib/core/services/jwt.service.js +10 -5
- package/dist/lib/core/services/jwt.service.js.map +1 -1
- package/dist/lib/core/swagger/api-responses.decorator.d.ts +15 -0
- package/dist/lib/core/swagger/api-responses.decorator.d.ts.map +1 -0
- package/dist/lib/core/swagger/api-responses.decorator.js +57 -0
- package/dist/lib/core/swagger/api-responses.decorator.js.map +1 -0
- package/dist/lib/nest-auth.module.d.ts.map +1 -1
- package/dist/lib/nest-auth.module.js +18 -2
- package/dist/lib/nest-auth.module.js.map +1 -1
- package/dist/lib/permission/events/permission-created.event.d.ts +9 -0
- package/dist/lib/permission/events/permission-created.event.d.ts.map +1 -0
- package/dist/lib/permission/events/permission-created.event.js +11 -0
- package/dist/lib/permission/events/permission-created.event.js.map +1 -0
- package/dist/lib/permission/events/permission-deleted.event.d.ts +9 -0
- package/dist/lib/permission/events/permission-deleted.event.d.ts.map +1 -0
- package/dist/lib/permission/events/permission-deleted.event.js +11 -0
- package/dist/lib/permission/events/permission-deleted.event.js.map +1 -0
- package/dist/lib/permission/events/permission-updated.event.d.ts +10 -0
- package/dist/lib/permission/events/permission-updated.event.d.ts.map +1 -0
- package/dist/lib/permission/events/permission-updated.event.js +11 -0
- package/dist/lib/permission/events/permission-updated.event.js.map +1 -0
- package/dist/lib/permission/index.d.ts +3 -0
- package/dist/lib/permission/index.d.ts.map +1 -1
- package/dist/lib/permission/index.js +3 -0
- package/dist/lib/permission/index.js.map +1 -1
- package/dist/lib/permission/services/permission.service.d.ts +3 -1
- package/dist/lib/permission/services/permission.service.d.ts.map +1 -1
- package/dist/lib/permission/services/permission.service.js +16 -4
- package/dist/lib/permission/services/permission.service.js.map +1 -1
- package/dist/lib/request-context/request-context.d.ts +1 -1
- package/dist/lib/request-context/request-context.d.ts.map +1 -1
- package/dist/lib/request-context/request-context.js +3 -3
- package/dist/lib/request-context/request-context.js.map +1 -1
- package/dist/lib/role/entities/role.entity.d.ts +3 -1
- package/dist/lib/role/entities/role.entity.d.ts.map +1 -1
- package/dist/lib/role/entities/role.entity.js +7 -1
- package/dist/lib/role/entities/role.entity.js.map +1 -1
- package/dist/lib/role/events/role-created.event.d.ts +9 -0
- package/dist/lib/role/events/role-created.event.d.ts.map +1 -0
- package/dist/lib/role/events/role-created.event.js +11 -0
- package/dist/lib/role/events/role-created.event.js.map +1 -0
- package/dist/lib/role/events/role-deleted.event.d.ts +9 -0
- package/dist/lib/role/events/role-deleted.event.d.ts.map +1 -0
- package/dist/lib/role/events/role-deleted.event.js +11 -0
- package/dist/lib/role/events/role-deleted.event.js.map +1 -0
- package/dist/lib/role/events/role-updated.event.d.ts +10 -0
- package/dist/lib/role/events/role-updated.event.d.ts.map +1 -0
- package/dist/lib/role/events/role-updated.event.js +11 -0
- package/dist/lib/role/events/role-updated.event.js.map +1 -0
- package/dist/lib/role/index.d.ts +3 -0
- package/dist/lib/role/index.d.ts.map +1 -1
- package/dist/lib/role/index.js +3 -0
- package/dist/lib/role/index.js.map +1 -1
- package/dist/lib/role/services/role.service.d.ts +3 -1
- package/dist/lib/role/services/role.service.d.ts.map +1 -1
- package/dist/lib/role/services/role.service.js +29 -41
- package/dist/lib/role/services/role.service.js.map +1 -1
- package/dist/lib/role/utils/access-role-resolver.util.d.ts +20 -0
- package/dist/lib/role/utils/access-role-resolver.util.d.ts.map +1 -0
- package/dist/lib/role/utils/access-role-resolver.util.js +63 -0
- package/dist/lib/role/utils/access-role-resolver.util.js.map +1 -0
- package/dist/lib/session/services/session-manager.service.d.ts +8 -3
- package/dist/lib/session/services/session-manager.service.d.ts.map +1 -1
- package/dist/lib/session/services/session-manager.service.js +30 -11
- package/dist/lib/session/services/session-manager.service.js.map +1 -1
- package/dist/lib/session/session.module.d.ts.map +1 -1
- package/dist/lib/session/session.module.js +5 -1
- package/dist/lib/session/session.module.js.map +1 -1
- package/dist/lib/tenant/decorators/current-tenant.decorator.d.ts.map +1 -1
- package/dist/lib/tenant/decorators/current-tenant.decorator.js.map +1 -1
- package/dist/lib/tenant/entities/tenant.entity.d.ts +1 -1
- package/dist/lib/tenant/entities/tenant.entity.d.ts.map +1 -1
- package/dist/lib/tenant/entities/tenant.entity.js +1 -1
- package/dist/lib/tenant/entities/tenant.entity.js.map +1 -1
- package/dist/lib/tenant/index.d.ts +1 -1
- package/dist/lib/tenant/index.d.ts.map +1 -1
- package/dist/lib/tenant/index.js +1 -1
- package/dist/lib/tenant/index.js.map +1 -1
- package/dist/lib/tenant/tenant-context/services/base-tenant-context.service.d.ts +1 -1
- package/dist/lib/tenant/tenant-context/services/base-tenant-context.service.d.ts.map +1 -1
- package/dist/lib/tenant/tenant-context/services/disabled-tenant-context.service.d.ts +1 -1
- package/dist/lib/tenant/tenant-context/services/disabled-tenant-context.service.d.ts.map +1 -1
- package/dist/lib/tenant/tenant-context/tenant-context.interface.d.ts +1 -1
- package/dist/lib/tenant/tenant-context/tenant-context.interface.d.ts.map +1 -1
- package/dist/lib/user/entities/platform-access.entity.d.ts +16 -0
- package/dist/lib/user/entities/platform-access.entity.d.ts.map +1 -0
- package/dist/lib/user/entities/platform-access.entity.js +95 -0
- package/dist/lib/user/entities/platform-access.entity.js.map +1 -0
- package/dist/lib/user/entities/user-access.entity.d.ts +22 -0
- package/dist/lib/user/entities/user-access.entity.d.ts.map +1 -0
- package/dist/lib/{tenant → user}/entities/user-access.entity.js +35 -4
- package/dist/lib/user/entities/user-access.entity.js.map +1 -0
- package/dist/lib/user/entities/user.entity.d.ts +10 -12
- package/dist/lib/user/entities/user.entity.d.ts.map +1 -1
- package/dist/lib/user/entities/user.entity.js +91 -73
- package/dist/lib/user/entities/user.entity.js.map +1 -1
- package/dist/lib/user/services/access-key.service.d.ts +1 -0
- package/dist/lib/user/services/access-key.service.d.ts.map +1 -1
- package/dist/lib/user/services/access-key.service.js +19 -3
- package/dist/lib/user/services/access-key.service.js.map +1 -1
- package/dist/lib/user/services/user.service.d.ts +27 -22
- package/dist/lib/user/services/user.service.d.ts.map +1 -1
- package/dist/lib/user/services/user.service.js +135 -84
- package/dist/lib/user/services/user.service.js.map +1 -1
- package/dist/lib/user/user.module.d.ts.map +1 -1
- package/dist/lib/user/user.module.js +3 -2
- package/dist/lib/user/user.module.js.map +1 -1
- package/package.json +35 -20
- package/dist/lib/tenant/entities/user-access.entity.d.ts +0 -19
- package/dist/lib/tenant/entities/user-access.entity.d.ts.map +0 -1
- package/dist/lib/tenant/entities/user-access.entity.js.map +0 -1
|
@@ -7,6 +7,9 @@ import { NestAuthUser } from '../../user/entities/user.entity';
|
|
|
7
7
|
import { SessionPayload, JWTTokenPayload } from './token-payload.interface';
|
|
8
8
|
import { NestAuthSignupRequestDto } from '../../auth/dto/requests/signup.request.dto';
|
|
9
9
|
import { INestAuthTenantOptions } from '@ackplus/nest-auth-contracts';
|
|
10
|
+
import { Request } from 'express';
|
|
11
|
+
import { EntityManager } from 'typeorm';
|
|
12
|
+
import { NestAuthPlatformAccess, NestAuthUserAccess } from '../entities';
|
|
10
13
|
export interface IDefaultTenantOptions {
|
|
11
14
|
name: string;
|
|
12
15
|
slug: string;
|
|
@@ -26,8 +29,12 @@ export interface IRegistrationCollectProfileField {
|
|
|
26
29
|
}
|
|
27
30
|
export interface IUserHooks {
|
|
28
31
|
beforeCreate?: (userData: Partial<NestAuthUser>, input: any) => Promise<Partial<NestAuthUser>> | Partial<NestAuthUser>;
|
|
29
|
-
afterCreate?: (user: NestAuthUser, input: any) => Promise<void> | void;
|
|
30
|
-
|
|
32
|
+
afterCreate?: (user: NestAuthUser, input: any, manager?: EntityManager) => Promise<void> | void;
|
|
33
|
+
beforeUpdate?: (user: NestAuthUser, changes: Partial<NestAuthUser>, manager?: EntityManager) => Promise<Partial<NestAuthUser> | void> | Partial<NestAuthUser> | void;
|
|
34
|
+
afterUpdate?: (user: NestAuthUser, changes: Partial<NestAuthUser>, manager?: EntityManager) => Promise<void> | void;
|
|
35
|
+
beforeDelete?: (user: NestAuthUser, manager?: EntityManager) => Promise<void> | void;
|
|
36
|
+
afterDelete?: (user: NestAuthUser, manager?: EntityManager) => Promise<void> | void;
|
|
37
|
+
getSessionUserData?: (user: NestAuthUser) => Promise<any> | any;
|
|
31
38
|
sensitiveFields?: string[];
|
|
32
39
|
}
|
|
33
40
|
export interface IAuthHooks {
|
|
@@ -39,13 +46,17 @@ export interface IRegistrationHooks {
|
|
|
39
46
|
}) => Promise<NestAuthSignupRequestDto> | NestAuthSignupRequestDto;
|
|
40
47
|
onSignup?: (user: NestAuthUser, input: any, context?: {
|
|
41
48
|
request?: any;
|
|
42
|
-
|
|
49
|
+
manager?: EntityManager;
|
|
50
|
+
}) => Promise<void> | void;
|
|
43
51
|
}
|
|
44
52
|
export interface ILoginHooks {
|
|
45
53
|
onLogin?: (user: NestAuthUser, input: any, context?: {
|
|
54
|
+
userAccess?: NestAuthUserAccess;
|
|
55
|
+
platformAccess?: NestAuthPlatformAccess;
|
|
46
56
|
request?: any;
|
|
47
57
|
provider?: any;
|
|
48
|
-
|
|
58
|
+
manager?: EntityManager;
|
|
59
|
+
}) => Promise<void> | void;
|
|
49
60
|
}
|
|
50
61
|
export interface IPasswordlessOptions {
|
|
51
62
|
enabled?: boolean;
|
|
@@ -70,7 +81,7 @@ export interface IAuthorizationHooks {
|
|
|
70
81
|
resolvePermissions?: (user: NestAuthUser, roles: string[]) => Promise<string[]>;
|
|
71
82
|
}
|
|
72
83
|
export interface IAuthAuditEvent {
|
|
73
|
-
type: 'login' | 'logout' | 'signup' | 'password_change' | 'mfa_enable' | 'session_revoke';
|
|
84
|
+
type: 'login' | 'login_failed' | 'logout' | 'signup' | 'password_change' | 'mfa_enable' | 'mfa_disable' | 'session_revoke';
|
|
74
85
|
userId?: string;
|
|
75
86
|
ip?: string;
|
|
76
87
|
userAgent?: string;
|
|
@@ -85,11 +96,14 @@ export interface IAuditOptions {
|
|
|
85
96
|
export interface IAuthModuleOptions {
|
|
86
97
|
isGlobal?: boolean;
|
|
87
98
|
appName: string;
|
|
99
|
+
routePrefix?: string;
|
|
88
100
|
enableAutoRefresh?: boolean;
|
|
89
101
|
google?: {
|
|
90
102
|
clientId: string;
|
|
91
103
|
clientSecret: string;
|
|
92
104
|
redirectUri: string;
|
|
105
|
+
requireVerifiedEmail?: boolean;
|
|
106
|
+
audiences?: string[];
|
|
93
107
|
};
|
|
94
108
|
facebook?: {
|
|
95
109
|
appId: string;
|
|
@@ -103,11 +117,15 @@ export interface IAuthModuleOptions {
|
|
|
103
117
|
privateKey: string;
|
|
104
118
|
privateKeyMethod?: string;
|
|
105
119
|
redirectUri: string;
|
|
120
|
+
audiences?: string[];
|
|
121
|
+
jwksUrl?: string;
|
|
106
122
|
};
|
|
107
123
|
github?: {
|
|
108
124
|
clientId: string;
|
|
109
125
|
clientSecret: string;
|
|
110
126
|
redirectUri: string;
|
|
127
|
+
userApiUrl?: string;
|
|
128
|
+
emailsApiUrl?: string;
|
|
111
129
|
};
|
|
112
130
|
phoneAuth?: {
|
|
113
131
|
enabled: boolean;
|
|
@@ -150,6 +168,10 @@ export interface IAuthModuleOptions {
|
|
|
150
168
|
parallelism?: number;
|
|
151
169
|
};
|
|
152
170
|
};
|
|
171
|
+
platformAccess?: {
|
|
172
|
+
enabled?: boolean;
|
|
173
|
+
validate?: (request: Request) => Promise<boolean> | boolean;
|
|
174
|
+
};
|
|
153
175
|
otp?: IOtpOptions;
|
|
154
176
|
authorization?: IAuthorizationHooks;
|
|
155
177
|
audit?: IAuditOptions;
|
|
@@ -158,6 +180,7 @@ export interface IAuthModuleOptions {
|
|
|
158
180
|
}
|
|
159
181
|
export interface IAdminConsoleOptions {
|
|
160
182
|
enabled?: boolean;
|
|
183
|
+
path?: string;
|
|
161
184
|
basePath?: string;
|
|
162
185
|
secretKey?: string;
|
|
163
186
|
sessionCookieName?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-module-options.interface.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/interfaces/auth-module-options.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5E,OAAO,EAAE,wBAAwB,EAAE,MAAM,4CAA4C,CAAC;AACtF,OAAO,EAAE,sBAAsB,EAAkB,MAAM,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"auth-module-options.interface.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/interfaces/auth-module-options.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5E,OAAO,EAAE,wBAAwB,EAAE,MAAM,4CAA4C,CAAC;AACtF,OAAO,EAAE,sBAAsB,EAAkB,MAAM,8BAA8B,CAAC;AACtF,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAUzE,MAAM,WAAW,qBAAqB;IAElC,IAAI,EAAE,MAAM,CAAC;IAOb,IAAI,EAAE,MAAM,CAAC;IAGb,WAAW,CAAC,EAAE,MAAM,CAAC;IAGrB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,gCAAgC;IAC7C,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,QAAQ,GAAG,UAAU,GAAG,UAAU,CAAC;IACtE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACrD;AAKD,MAAM,WAAW,UAAU;IAavB,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,GAAG,KAAK,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAUvH,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAWhG,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC,EAAE,aAAa,KAAK,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC;IASrK,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAOpH,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,OAAO,CAAC,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAMrF,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,OAAO,CAAC,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAcpF,kBAAkB,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAGhE,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAKD,MAAM,WAAW,UAAU;IAcvB,iBAAiB,CAAC,EAAE,CAChB,QAAQ,EAAE,GAAG,EACb,IAAI,EAAE,YAAY,EAClB,OAAO,EAAE,cAAc,KACtB,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;CAC3B;AAMD,MAAM,WAAW,kBAAkB;IAuB/B,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,wBAAwB,EAAE,OAAO,EAAE;QAAE,OAAO,EAAE,GAAG,CAAA;KAAE,KAAK,OAAO,CAAC,wBAAwB,CAAC,GAAG,wBAAwB,CAAC;IAsB5I,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,GAAG,CAAC;QAAC,OAAO,CAAC,EAAE,aAAa,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC7H;AAMD,MAAM,WAAW,WAAW;IAsBxB,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,kBAAkB,CAAC;QAAC,cAAc,CAAC,EAAE,sBAAsB,CAAC;QAAC,OAAO,CAAC,EAAE,GAAG,CAAC;QAAC,QAAQ,CAAC,EAAE,GAAG,CAAC;QAAC,OAAO,CAAC,EAAE,aAAa,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CACtN;AAOD,MAAM,WAAW,oBAAoB;IAEjC,OAAO,CAAC,EAAE,OAAO,CAAC;IAKlB,WAAW,CAAC,EAAE,OAAO,CAAC;CACzB;AAMD,MAAM,WAAW,WAAW;IAOxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,QAAQ,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,SAAS,GAAG,cAAc,KAAK,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE9F,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,MAAM,CAAC,EAAE,SAAS,GAAG,cAAc,CAAC;IAKpC,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CACnC;AAKD,MAAM,WAAW,WAAW;IAKxB,UAAU,CAAC,EAAE,CACT,OAAO,EAAE,GAAG,EACZ,OAAO,EAAE,eAAe,KACvB,OAAO,CAAC,IAAI,GAAG;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAG1D,SAAS,CAAC,EAAE,CACR,OAAO,EAAE,GAAG,EACZ,IAAI,EAAE,YAAY,EAClB,OAAO,EAAE,cAAc,KACtB,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC7B;AAKD,MAAM,WAAW,mBAAmB;IAEhC,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAEzD,kBAAkB,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;CACnF;AAKD,MAAM,WAAW,eAAe;IAC5B,IAAI,EAAE,OAAO,GAAG,cAAc,GAAG,QAAQ,GAAG,QAAQ,GAAG,iBAAiB,GAAG,YAAY,GAAG,aAAa,GAAG,gBAAgB,CAAC;IAC3H,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC/B,SAAS,EAAE,IAAI,CAAC;CACnB;AAKD,MAAM,WAAW,aAAa;IAC1B,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,eAAe,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC9D;AAED,MAAM,WAAW,kBAAkB;IAC/B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAQhB,WAAW,CAAC,EAAE,MAAM,CAAC;IAOrB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,MAAM,CAAC,EAAE;QACL,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QAepB,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAO/B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;IACF,QAAQ,CAAC,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,KAAK,CAAC,EAAE;QACJ,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,WAAW,EAAE,MAAM,CAAC;QAQpB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;QAMrB,OAAO,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,MAAM,CAAC,EAAE;QACL,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QAMpB,UAAU,CAAC,EAAE,MAAM,CAAC;QAKpB,YAAY,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,SAAS,CAAC,EAAE;QACR,OAAO,EAAE,OAAO,CAAC;KACpB,CAAC;IACF,SAAS,CAAC,EAAE;QACR,OAAO,EAAE,OAAO,CAAC;KACpB,CAAC;IACF,YAAY,CAAC,EAAE,oBAAoB,CAAC;IAMpC,YAAY,CAAC,EAAE;QACX,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,iBAAiB,CAAC,EAAE,OAAO,CAAC;QAM5B,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,oBAAoB,CAAC,EAAE,KAAK,CAAC,gCAAgC,CAAC,CAAC;KAClE,CAAC;IAKF,YAAY,CAAC,EAAE;QAKX,OAAO,CAAC,EAAE,CAAC,aAAa,EAAE,GAAG,EAAE,OAAO,EAAE;YAAE,aAAa,EAAE,GAAG,CAAC;YAAC,aAAa,EAAE,GAAG,CAAA;SAAE,KAAK,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;KAC7G,CAAC;IACF,GAAG,CAAC,EAAE,UAAU,CAAC;IACjB,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,mBAAmB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAiBzC,MAAM,CAAC,EAAE,sBAAsB,CAAC;IAMhC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IAOtB,YAAY,CAAC,EAAE,oBAAoB,CAAC;IACpC,KAAK,CAAC,EAAE,eAAe,CAAC;IAUxB,IAAI,CAAC,EAAE,UAAU,CAAC;IAMlB,IAAI,CAAC,EAAE,UAAU,CAAC;IAOlB,iBAAiB,CAAC,EAAE,kBAAkB,CAAC;IAOvC,UAAU,CAAC,EAAE,WAAW,CAAC;IAMzB,MAAM,CAAC,EAAE,WAAW,CAAC;IAMrB,QAAQ,CAAC,EAAE;QACP,2BAA2B,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAK9C,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;QAK7C,MAAM,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;QAK9D,MAAM,CAAC,EAAE;YACL,UAAU,CAAC,EAAE,MAAM,CAAC;YACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,WAAW,CAAC,EAAE,MAAM,CAAC;SACxB,CAAC;KACL,CAAC;IAMF,cAAc,CAAC,EAAE;QACb,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;KAC/D,CAAC;IAIF,GAAG,CAAC,EAAE,WAAW,CAAC;IAOlB,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAMpC,KAAK,CAAC,EAAE,aAAa,CAAC;IAMtB,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,SAAS,GAAG,KAAK,GAAG,gBAAgB,GAAG,iBAAiB,KAAK,GAAG,CAAC;IAgB7H,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;CACxG;AAED,MAAM,WAAW,oBAAoB;IAEjC,OAAO,CAAC,EAAE,OAAO,CAAC;IAUlB,IAAI,CAAC,EAAE,MAAM,CAAC;IAOd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAYlB,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAOlC,MAAM,CAAC,EAAE,aAAa,CAAC;IAIvB,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,MAAM,WAAW,uBAAuB;IACpC,QAAQ,CAAC,EAAE,OAAO,CAAC;IAOnB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC;IAChB,UAAU,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,kBAAkB,CAAC,GAAG,kBAAkB,CAAC;IAClF,MAAM,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,QAAQ,CAAC,EAAE,IAAI,CAAC,yBAAyB,CAAC,CAAC;IAC3C,WAAW,CAAC,EAAE,IAAI,CAAC,yBAAyB,CAAC,CAAC;CACjD;AAED,MAAM,WAAW,yBAAyB;IACtC,uBAAuB,IAAI,OAAO,CAAC,kBAAkB,CAAC,GAAG,kBAAkB,CAAC;CAC/E"}
|
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
import { CookieOptions as ExpressCookieOptions } from 'express';
|
|
2
2
|
import { NestAuthUser } from '../../user/entities/user.entity';
|
|
3
3
|
import { SessionDataPayload, SessionPayload, JWTTokenPayload } from './token-payload.interface';
|
|
4
|
+
import type { SessionStore } from '../../session/interfaces/session-store.interface';
|
|
4
5
|
export declare enum SessionStorageType {
|
|
5
6
|
REDIS = "redis",
|
|
6
7
|
DATABASE = "database",
|
|
7
|
-
MEMORY = "memory"
|
|
8
|
+
MEMORY = "memory",
|
|
9
|
+
CUSTOM = "custom"
|
|
8
10
|
}
|
|
9
11
|
export interface RedisSessionOptions {
|
|
10
12
|
url?: string;
|
|
@@ -24,6 +26,7 @@ export interface SessionOptions {
|
|
|
24
26
|
storageType?: SessionStorageType;
|
|
25
27
|
redisUrl?: string;
|
|
26
28
|
redis?: RedisSessionOptions;
|
|
29
|
+
store?: SessionStore | (() => SessionStore | Promise<SessionStore>);
|
|
27
30
|
accessTokenValidity?: number | string;
|
|
28
31
|
refreshTokenValidity?: number | string;
|
|
29
32
|
cookieOptions?: CookieOptions;
|
|
@@ -34,6 +37,7 @@ export interface SessionOptions {
|
|
|
34
37
|
};
|
|
35
38
|
maxSessionsPerUser?: number;
|
|
36
39
|
slidingExpiration?: boolean;
|
|
40
|
+
touchInterval?: number | string;
|
|
37
41
|
customizeSessionData?: (defaultData: SessionDataPayload, user: NestAuthUser) => Promise<SessionDataPayload> | SessionDataPayload;
|
|
38
42
|
customizeTokenPayload?: (defaultPayload: JWTTokenPayload, session: SessionPayload) => Promise<JWTTokenPayload> | JWTTokenPayload;
|
|
39
43
|
onCreated?: (session: SessionPayload, user: any) => Promise<void> | void;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-options.interface.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/interfaces/session-options.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,IAAI,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"session-options.interface.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/interfaces/session-options.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,IAAI,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAChG,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kDAAkD,CAAC;AAErF,oBAAY,kBAAkB;IAC1B,KAAK,UAAU;IACf,QAAQ,aAAa;IACrB,MAAM,WAAW;IAEjB,MAAM,WAAW;CACpB;AAED,MAAM,WAAW,mBAAmB;IAChC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IACjD,gBAAgB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,GAAG,MAAM,CAAC;IACtD,oBAAoB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACxC;AAED,MAAM,WAAW,cAAc;IAK3B,WAAW,CAAC,EAAE,kBAAkB,CAAC;IAKjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAKlB,KAAK,CAAC,EAAE,mBAAmB,CAAC;IAmB5B,KAAK,CAAC,EAAE,YAAY,GAAG,CAAC,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;IAEpE,mBAAmB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACtC,oBAAoB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAMvC,aAAa,CAAC,EAAE,aAAa,CAAC;IAQ9B,eAAe,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,IAAI,CAAC;IAM7C,GAAG,CAAC,EAAE;QAEF,MAAM,EAAE,MAAM,CAAC;QAMf,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,cAAc,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KAC3F,CAAC;IAEF,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAS5B,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAoBhC,oBAAoB,CAAC,EAAE,CACnB,WAAW,EAAE,kBAAkB,EAC/B,IAAI,EAAE,YAAY,KACjB,OAAO,CAAC,kBAAkB,CAAC,GAAG,kBAAkB,CAAC;IAoBtD,qBAAqB,CAAC,EAAE,CACpB,cAAc,EAAE,eAAe,EAC/B,OAAO,EAAE,cAAc,KACtB,OAAO,CAAC,eAAe,CAAC,GAAG,eAAe,CAAC;IAShD,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAKzE,WAAW,CAAC,EAAE,CAAC,UAAU,EAAE,cAAc,EAAE,UAAU,EAAE,cAAc,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAK/F,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,GAAG,iBAAiB,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC1I;AAGD,MAAM,MAAM,aAAa,GAAG,IAAI,CAAC,oBAAoB,EAAE,QAAQ,CAAC,CAAA"}
|
|
@@ -6,5 +6,6 @@ var SessionStorageType;
|
|
|
6
6
|
SessionStorageType["REDIS"] = "redis";
|
|
7
7
|
SessionStorageType["DATABASE"] = "database";
|
|
8
8
|
SessionStorageType["MEMORY"] = "memory";
|
|
9
|
+
SessionStorageType["CUSTOM"] = "custom";
|
|
9
10
|
})(SessionStorageType || (exports.SessionStorageType = SessionStorageType = {}));
|
|
10
11
|
//# sourceMappingURL=session-options.interface.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-options.interface.js","sourceRoot":"","sources":["../../../../src/lib/core/interfaces/session-options.interface.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"session-options.interface.js","sourceRoot":"","sources":["../../../../src/lib/core/interfaces/session-options.interface.ts"],"names":[],"mappings":";;;AAKA,IAAY,kBAMX;AAND,WAAY,kBAAkB;IAC1B,qCAAe,CAAA;IACf,2CAAqB,CAAA;IACrB,uCAAiB,CAAA;IAEjB,uCAAiB,CAAA;AACrB,CAAC,EANW,kBAAkB,kCAAlB,kBAAkB,QAM7B"}
|
|
@@ -5,7 +5,8 @@ export interface JWTTokenPayload {
|
|
|
5
5
|
sub?: string;
|
|
6
6
|
email?: string;
|
|
7
7
|
phone?: string;
|
|
8
|
-
|
|
8
|
+
emailVerifiedAt?: Date;
|
|
9
|
+
phoneVerifiedAt?: Date;
|
|
9
10
|
roles?: Partial<NestAuthRole>[];
|
|
10
11
|
tenantId?: string;
|
|
11
12
|
isMfaEnabled?: boolean;
|
|
@@ -22,6 +23,7 @@ export interface SessionDataPayload {
|
|
|
22
23
|
roles: Partial<NestAuthRole>[];
|
|
23
24
|
permissions: string[];
|
|
24
25
|
tenantId?: string;
|
|
26
|
+
isPlatformAccess?: boolean;
|
|
25
27
|
[key: string]: any;
|
|
26
28
|
}
|
|
27
29
|
export interface SessionPayload {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-payload.interface.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/interfaces/token-payload.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAE/D,MAAM,WAAW,eAAe;IAC5B,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,
|
|
1
|
+
{"version":3,"file":"token-payload.interface.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/interfaces/token-payload.interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAE/D,MAAM,WAAW,eAAe;IAC5B,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,IAAI,CAAC;IACvB,eAAe,CAAC,EAAE,IAAI,CAAC;IACvB,KAAK,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD,MAAM,WAAW,kBAAkB;IAC/B,IAAI,EAAE,YAAY,CAAC;IACnB,aAAa,EAAE,OAAO,CAAC;IACvB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;IAC/B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC3B,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,kBAAkB,CAAC;IAC1B,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,UAAU,EAAE,IAAI,CAAC;IACjB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,SAAS,CAAC,EAAE,IAAI,CAAC;CACpB;AAED,MAAM,WAAW,uBAAuB;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,YAAY,CAAC;CACvB"}
|
|
@@ -3,6 +3,7 @@ import { BaseAuthProvider } from './base-auth.provider';
|
|
|
3
3
|
import { NestAuthUser } from '../../user/entities/user.entity';
|
|
4
4
|
import { NestAuthIdentity } from '../../user/entities/identity.entity';
|
|
5
5
|
import { JwtService } from '../services/jwt.service';
|
|
6
|
+
import { SocialCredentialsDto } from '../../auth/dto/credentials/social-credentials.dto';
|
|
6
7
|
export declare class AppleAuthProvider extends BaseAuthProvider {
|
|
7
8
|
protected readonly userRepository: Repository<NestAuthUser>;
|
|
8
9
|
protected readonly authIdentityRepository: Repository<NestAuthIdentity>;
|
|
@@ -10,15 +11,20 @@ export declare class AppleAuthProvider extends BaseAuthProvider {
|
|
|
10
11
|
providerName: string;
|
|
11
12
|
skipMfa: boolean;
|
|
12
13
|
private appleConfig;
|
|
13
|
-
private appleAuth
|
|
14
|
+
private appleAuth?;
|
|
15
|
+
private jwksCache?;
|
|
14
16
|
constructor(userRepository: Repository<NestAuthUser>, authIdentityRepository: Repository<NestAuthIdentity>, jwtService: JwtService);
|
|
15
|
-
validate(credentials: {
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
email: string;
|
|
20
|
-
metadata: import("../interfaces/token-payload.interface").JWTTokenPayload;
|
|
17
|
+
validate(credentials: SocialCredentialsDto): Promise<{
|
|
18
|
+
userId: any;
|
|
19
|
+
email: any;
|
|
20
|
+
metadata: any;
|
|
21
21
|
}>;
|
|
22
22
|
getRequiredFields(): string[];
|
|
23
|
+
private verifyIdentityToken;
|
|
24
|
+
private getApplePublicKey;
|
|
25
|
+
private findJwk;
|
|
26
|
+
private refreshJwks;
|
|
27
|
+
private exchangeAuthorizationCode;
|
|
28
|
+
private safeDecode;
|
|
23
29
|
}
|
|
24
30
|
//# sourceMappingURL=apple-auth.provider.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"apple-auth.provider.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/providers/apple-auth.provider.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"apple-auth.provider.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/providers/apple-auth.provider.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAGrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAExD,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAErD,OAAO,EAAE,oBAAoB,EAAE,MAAM,mDAAmD,CAAC;AAoBzF,qBACa,iBAAkB,SAAQ,gBAAgB;IAS/C,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC;IAE3D,SAAS,CAAC,QAAQ,CAAC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC;IACvE,OAAO,CAAC,QAAQ,CAAC,UAAU;IAX/B,YAAY,SAAuB;IACnC,OAAO,UAAQ;IACf,OAAO,CAAC,WAAW,CAA8B;IACjD,OAAO,CAAC,SAAS,CAAC,CAAY;IAC9B,OAAO,CAAC,SAAS,CAAC,CAAqC;gBAIhC,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC,EAExC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC,EACtD,UAAU,EAAE,UAAU;IA6BrC,QAAQ,CAAC,WAAW,EAAE,oBAAoB;;;;;IAoBhD,iBAAiB,IAAI,MAAM,EAAE;YAMf,mBAAmB;YAuDnB,iBAAiB;YAWjB,OAAO;YAcP,WAAW;YAuBX,yBAAyB;IA4BvC,OAAO,CAAC,UAAU;CAOrB"}
|
|
@@ -1,10 +1,43 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
2
18
|
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
19
|
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
20
|
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
21
|
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
22
|
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
23
|
};
|
|
24
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
25
|
+
var ownKeys = function(o) {
|
|
26
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
27
|
+
var ar = [];
|
|
28
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
29
|
+
return ar;
|
|
30
|
+
};
|
|
31
|
+
return ownKeys(o);
|
|
32
|
+
};
|
|
33
|
+
return function (mod) {
|
|
34
|
+
if (mod && mod.__esModule) return mod;
|
|
35
|
+
var result = {};
|
|
36
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
37
|
+
__setModuleDefault(result, mod);
|
|
38
|
+
return result;
|
|
39
|
+
};
|
|
40
|
+
})();
|
|
8
41
|
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
42
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
43
|
};
|
|
@@ -20,11 +53,16 @@ const apple_auth_1 = __importDefault(require("apple-auth"));
|
|
|
20
53
|
const common_1 = require("@nestjs/common");
|
|
21
54
|
const typeorm_1 = require("@nestjs/typeorm");
|
|
22
55
|
const typeorm_2 = require("typeorm");
|
|
56
|
+
const crypto_1 = require("crypto");
|
|
57
|
+
const jwt = __importStar(require("jsonwebtoken"));
|
|
23
58
|
const base_auth_provider_1 = require("./base-auth.provider");
|
|
24
59
|
const auth_constants_1 = require("../../auth.constants");
|
|
25
60
|
const user_entity_1 = require("../../user/entities/user.entity");
|
|
26
61
|
const identity_entity_1 = require("../../user/entities/identity.entity");
|
|
27
62
|
const jwt_service_1 = require("../services/jwt.service");
|
|
63
|
+
const APPLE_ISSUER = 'https://appleid.apple.com';
|
|
64
|
+
const DEFAULT_APPLE_JWKS_URL = 'https://appleid.apple.com/auth/keys';
|
|
65
|
+
const JWKS_TTL_MS = 10 * 60 * 1000;
|
|
28
66
|
let AppleAuthProvider = class AppleAuthProvider extends base_auth_provider_1.BaseAuthProvider {
|
|
29
67
|
userRepository;
|
|
30
68
|
authIdentityRepository;
|
|
@@ -33,6 +71,7 @@ let AppleAuthProvider = class AppleAuthProvider extends base_auth_provider_1.Bas
|
|
|
33
71
|
skipMfa = true;
|
|
34
72
|
appleConfig;
|
|
35
73
|
appleAuth;
|
|
74
|
+
jwksCache;
|
|
36
75
|
constructor(userRepository, authIdentityRepository, jwtService) {
|
|
37
76
|
super(userRepository, authIdentityRepository);
|
|
38
77
|
this.userRepository = userRepository;
|
|
@@ -40,7 +79,10 @@ let AppleAuthProvider = class AppleAuthProvider extends base_auth_provider_1.Bas
|
|
|
40
79
|
this.jwtService = jwtService;
|
|
41
80
|
this.appleConfig = this.options.apple;
|
|
42
81
|
this.enabled = Boolean(this.options.apple);
|
|
43
|
-
if (this.enabled
|
|
82
|
+
if (this.enabled &&
|
|
83
|
+
this.appleConfig?.privateKey &&
|
|
84
|
+
this.appleConfig?.teamId &&
|
|
85
|
+
this.appleConfig?.keyId) {
|
|
44
86
|
this.appleAuth = new apple_auth_1.default({
|
|
45
87
|
scope: 'email name',
|
|
46
88
|
redirect_uri: this.appleConfig.redirectUri,
|
|
@@ -51,21 +93,138 @@ let AppleAuthProvider = class AppleAuthProvider extends base_auth_provider_1.Bas
|
|
|
51
93
|
}
|
|
52
94
|
}
|
|
53
95
|
async validate(credentials) {
|
|
96
|
+
const token = credentials?.token;
|
|
97
|
+
if (!token) {
|
|
98
|
+
throw new common_1.UnauthorizedException({
|
|
99
|
+
message: 'Missing Apple token',
|
|
100
|
+
code: auth_constants_1.ERROR_CODES.INVALID_CREDENTIALS,
|
|
101
|
+
});
|
|
102
|
+
}
|
|
103
|
+
const decoded = this.safeDecode(token);
|
|
104
|
+
const isIdentityToken = decoded?.payload?.iss === APPLE_ISSUER;
|
|
105
|
+
if (isIdentityToken) {
|
|
106
|
+
return this.verifyIdentityToken(token, decoded.header, credentials);
|
|
107
|
+
}
|
|
108
|
+
return this.exchangeAuthorizationCode(token, credentials);
|
|
109
|
+
}
|
|
110
|
+
getRequiredFields() {
|
|
111
|
+
return ['token'];
|
|
112
|
+
}
|
|
113
|
+
async verifyIdentityToken(token, header, credentials) {
|
|
114
|
+
const audiences = this.appleConfig?.audiences?.length
|
|
115
|
+
? this.appleConfig.audiences
|
|
116
|
+
: [this.appleConfig?.clientId].filter(Boolean);
|
|
117
|
+
if (audiences.length === 0) {
|
|
118
|
+
throw new common_1.UnauthorizedException({
|
|
119
|
+
message: 'Apple audiences are not configured',
|
|
120
|
+
code: auth_constants_1.ERROR_CODES.INVALID_CREDENTIALS,
|
|
121
|
+
});
|
|
122
|
+
}
|
|
123
|
+
const publicKey = await this.getApplePublicKey(header?.kid);
|
|
124
|
+
let payload;
|
|
54
125
|
try {
|
|
55
|
-
|
|
126
|
+
payload = jwt.verify(token, publicKey, {
|
|
127
|
+
algorithms: ['RS256'],
|
|
128
|
+
audience: audiences,
|
|
129
|
+
issuer: APPLE_ISSUER,
|
|
130
|
+
});
|
|
131
|
+
}
|
|
132
|
+
catch (error) {
|
|
133
|
+
throw new common_1.UnauthorizedException({
|
|
134
|
+
message: 'Invalid Apple identity token',
|
|
135
|
+
code: auth_constants_1.ERROR_CODES.INVALID_CREDENTIALS,
|
|
136
|
+
});
|
|
137
|
+
}
|
|
138
|
+
if (credentials.nonce && payload.nonce !== credentials.nonce) {
|
|
139
|
+
throw new common_1.UnauthorizedException({
|
|
140
|
+
message: 'Apple nonce mismatch',
|
|
141
|
+
code: auth_constants_1.ERROR_CODES.INVALID_CREDENTIALS,
|
|
142
|
+
});
|
|
143
|
+
}
|
|
144
|
+
const emailVerified = payload.email_verified === true || payload.email_verified === 'true';
|
|
145
|
+
return {
|
|
146
|
+
userId: payload.sub,
|
|
147
|
+
email: payload.email || '',
|
|
148
|
+
metadata: {
|
|
149
|
+
...payload,
|
|
150
|
+
name: credentials.name,
|
|
151
|
+
emailVerified,
|
|
152
|
+
},
|
|
153
|
+
};
|
|
154
|
+
}
|
|
155
|
+
async getApplePublicKey(kid) {
|
|
156
|
+
const jwk = await this.findJwk(kid);
|
|
157
|
+
if (!jwk) {
|
|
158
|
+
throw new common_1.UnauthorizedException({
|
|
159
|
+
message: 'Apple signing key not found',
|
|
160
|
+
code: auth_constants_1.ERROR_CODES.INVALID_CREDENTIALS,
|
|
161
|
+
});
|
|
162
|
+
}
|
|
163
|
+
return (0, crypto_1.createPublicKey)({ key: jwk, format: 'jwk' });
|
|
164
|
+
}
|
|
165
|
+
async findJwk(kid) {
|
|
166
|
+
const fresh = this.jwksCache && Date.now() - this.jwksCache.fetchedAt < JWKS_TTL_MS;
|
|
167
|
+
if (!fresh) {
|
|
168
|
+
await this.refreshJwks();
|
|
169
|
+
}
|
|
170
|
+
let jwk = this.jwksCache?.keys.find((k) => k.kid === kid);
|
|
171
|
+
if (!jwk && fresh) {
|
|
172
|
+
await this.refreshJwks();
|
|
173
|
+
jwk = this.jwksCache?.keys.find((k) => k.kid === kid);
|
|
174
|
+
}
|
|
175
|
+
return jwk;
|
|
176
|
+
}
|
|
177
|
+
async refreshJwks() {
|
|
178
|
+
const url = this.appleConfig?.jwksUrl || DEFAULT_APPLE_JWKS_URL;
|
|
179
|
+
let res;
|
|
180
|
+
try {
|
|
181
|
+
res = await fetch(url);
|
|
182
|
+
}
|
|
183
|
+
catch (error) {
|
|
184
|
+
throw new common_1.UnauthorizedException({
|
|
185
|
+
message: 'Could not reach Apple to verify the token',
|
|
186
|
+
code: 'OAUTH_PROVIDER_ERROR',
|
|
187
|
+
});
|
|
188
|
+
}
|
|
189
|
+
if (!res.ok) {
|
|
190
|
+
throw new common_1.UnauthorizedException({
|
|
191
|
+
message: 'Apple key endpoint returned an error',
|
|
192
|
+
code: 'OAUTH_PROVIDER_ERROR',
|
|
193
|
+
});
|
|
194
|
+
}
|
|
195
|
+
const json = await res.json();
|
|
196
|
+
this.jwksCache = { keys: json.keys ?? [], fetchedAt: Date.now() };
|
|
197
|
+
}
|
|
198
|
+
async exchangeAuthorizationCode(code, credentials) {
|
|
199
|
+
if (!this.appleAuth) {
|
|
200
|
+
throw new common_1.UnauthorizedException({
|
|
201
|
+
message: 'Apple authorization-code exchange is not configured (set apple.teamId/keyId/privateKey), or pass a native identityToken instead.',
|
|
202
|
+
code: auth_constants_1.ERROR_CODES.INVALID_CREDENTIALS,
|
|
203
|
+
});
|
|
204
|
+
}
|
|
205
|
+
try {
|
|
206
|
+
const response = await this.appleAuth.accessToken(code);
|
|
56
207
|
const user = this.jwtService.decodeToken(response.id_token);
|
|
57
208
|
return {
|
|
58
|
-
userId: user.
|
|
209
|
+
userId: user.sub,
|
|
59
210
|
email: user.email || '',
|
|
60
|
-
metadata: user,
|
|
211
|
+
metadata: { ...user, name: credentials.name },
|
|
61
212
|
};
|
|
62
213
|
}
|
|
63
214
|
catch (error) {
|
|
64
|
-
throw new common_1.UnauthorizedException(
|
|
215
|
+
throw new common_1.UnauthorizedException({
|
|
216
|
+
message: 'Invalid Apple token',
|
|
217
|
+
code: auth_constants_1.ERROR_CODES.INVALID_CREDENTIALS,
|
|
218
|
+
});
|
|
65
219
|
}
|
|
66
220
|
}
|
|
67
|
-
|
|
68
|
-
|
|
221
|
+
safeDecode(token) {
|
|
222
|
+
try {
|
|
223
|
+
return jwt.decode(token, { complete: true });
|
|
224
|
+
}
|
|
225
|
+
catch {
|
|
226
|
+
return null;
|
|
227
|
+
}
|
|
69
228
|
}
|
|
70
229
|
};
|
|
71
230
|
exports.AppleAuthProvider = AppleAuthProvider;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"apple-auth.provider.js","sourceRoot":"","sources":["../../../../src/lib/core/providers/apple-auth.provider.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"apple-auth.provider.js","sourceRoot":"","sources":["../../../../src/lib/core/providers/apple-auth.provider.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,4DAAmC;AACnC,2CAAmE;AACnE,6CAAmD;AACnD,qCAAqC;AACrC,mCAAyD;AACzD,kDAAoC;AACpC,6DAAwD;AACxD,yDAAwE;AACxE,iEAA+D;AAC/D,yEAAuE;AACvE,yDAAqD;AAIrD,MAAM,YAAY,GAAG,2BAA2B,CAAC;AACjD,MAAM,sBAAsB,GAAG,qCAAqC,CAAC;AACrE,MAAM,WAAW,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAiB5B,IAAM,iBAAiB,GAAvB,MAAM,iBAAkB,SAAQ,qCAAgB;IAS5B;IAEA;IACF;IAXrB,YAAY,GAAG,oCAAmB,CAAC;IACnC,OAAO,GAAG,IAAI,CAAC;IACP,WAAW,CAA8B;IACzC,SAAS,CAAa;IACtB,SAAS,CAAsC;IAEvD,YAEuB,cAAwC,EAExC,sBAAoD,EACtD,UAAsB;QAEvC,KAAK,CAAC,cAAc,EAAE,sBAAsB,CAAC,CAAC;QAL3B,mBAAc,GAAd,cAAc,CAA0B;QAExC,2BAAsB,GAAtB,sBAAsB,CAA8B;QACtD,eAAU,GAAV,UAAU,CAAY;QAIvC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC;QACtC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAI3C,IACI,IAAI,CAAC,OAAO;YACZ,IAAI,CAAC,WAAW,EAAE,UAAU;YAC5B,IAAI,CAAC,WAAW,EAAE,MAAM;YACxB,IAAI,CAAC,WAAW,EAAE,KAAK,EACzB,CAAC;YACC,IAAI,CAAC,SAAS,GAAG,IAAI,oBAAS,CAC1B;gBACI,KAAK,EAAE,YAAY;gBACnB,YAAY,EAAE,IAAI,CAAC,WAAW,CAAC,WAAW;gBAC1C,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM;gBAChC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK;gBAC9B,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ;aACvC,EACD,IAAI,CAAC,WAAW,CAAC,UAAU,EAC3B,IAAI,CAAC,WAAW,CAAC,gBAAgB,IAAI,MAAM,CAC9C,CAAC;QACN,CAAC;IACL,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,WAAiC;QAC5C,MAAM,KAAK,GAAG,WAAW,EAAE,KAAK,CAAC;QACjC,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,qBAAqB;gBAC9B,IAAI,EAAE,4BAAW,CAAC,mBAAmB;aACxC,CAAC,CAAC;QACP,CAAC;QAID,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QACvC,MAAM,eAAe,GAAG,OAAO,EAAE,OAAO,EAAE,GAAG,KAAK,YAAY,CAAC;QAE/D,IAAI,eAAe,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,OAAQ,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC,yBAAyB,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IAC9D,CAAC;IAED,iBAAiB;QACb,OAAO,CAAC,OAAO,CAAC,CAAC;IACrB,CAAC;IAIO,KAAK,CAAC,mBAAmB,CAC7B,KAAa,EACb,MAAsC,EACtC,WAAiC;QAEjC,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,SAAS,EAAE,MAAM;YACjD,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS;YAC5B,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAa,CAAC;QAE/D,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,oCAAoC;gBAC7C,IAAI,EAAE,4BAAW,CAAC,mBAAmB;aACxC,CAAC,CAAC;QACP,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAE5D,IAAI,OAAY,CAAC;QACjB,IAAI,CAAC;YACD,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE;gBACnC,UAAU,EAAE,CAAC,OAAO,CAAC;gBAErB,QAAQ,EAAE,SAAkC;gBAC5C,MAAM,EAAE,YAAY;aACvB,CAAC,CAAC;QACP,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,8BAA8B;gBACvC,IAAI,EAAE,4BAAW,CAAC,mBAAmB;aACxC,CAAC,CAAC;QACP,CAAC;QAGD,IAAI,WAAW,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,KAAK,WAAW,CAAC,KAAK,EAAE,CAAC;YAC3D,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,sBAAsB;gBAC/B,IAAI,EAAE,4BAAW,CAAC,mBAAmB;aACxC,CAAC,CAAC;QACP,CAAC;QAED,MAAM,aAAa,GACf,OAAO,CAAC,cAAc,KAAK,IAAI,IAAI,OAAO,CAAC,cAAc,KAAK,MAAM,CAAC;QAEzE,OAAO;YACH,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;YAC1B,QAAQ,EAAE;gBACN,GAAG,OAAO;gBACV,IAAI,EAAE,WAAW,CAAC,IAAI;gBACtB,aAAa;aAChB;SACJ,CAAC;IACN,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,GAAY;QACxC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,GAAG,EAAE,CAAC;YACP,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,6BAA6B;gBACtC,IAAI,EAAE,4BAAW,CAAC,mBAAmB;aACxC,CAAC,CAAC;QACP,CAAC;QACD,OAAO,IAAA,wBAAe,EAAC,EAAE,GAAG,EAAE,GAAU,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/D,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,GAAY;QAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,GAAG,WAAW,CAAC;QACpF,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAC7B,CAAC;QACD,IAAI,GAAG,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;QAC1D,IAAI,CAAC,GAAG,IAAI,KAAK,EAAE,CAAC;YAEhB,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;YACzB,GAAG,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO,GAAG,CAAC;IACf,CAAC;IAEO,KAAK,CAAC,WAAW;QACrB,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,EAAE,OAAO,IAAI,sBAAsB,CAAC;QAChE,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACD,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,2CAA2C;gBACpD,IAAI,EAAE,sBAAsB;aAC/B,CAAC,CAAC;QACP,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACV,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,sCAAsC;gBAC/C,IAAI,EAAE,sBAAsB;aAC/B,CAAC,CAAC;QACP,CAAC;QACD,MAAM,IAAI,GAAQ,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IACtE,CAAC;IAIO,KAAK,CAAC,yBAAyB,CACnC,IAAY,EACZ,WAAiC;QAEjC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAClB,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EACH,kIAAkI;gBACtI,IAAI,EAAE,4BAAW,CAAC,mBAAmB;aACxC,CAAC,CAAC;QACP,CAAC;QACD,IAAI,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;YACxD,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAQ,CAAC;YACnE,OAAO;gBAEH,MAAM,EAAE,IAAI,CAAC,GAAG;gBAChB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,EAAE;gBACvB,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE;aAChD,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,8BAAqB,CAAC;gBAC5B,OAAO,EAAE,qBAAqB;gBAC9B,IAAI,EAAE,4BAAW,CAAC,mBAAmB;aACxC,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAEO,UAAU,CAAC,KAAa;QAC5B,IAAI,CAAC;YACD,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAyC,CAAC;QACzF,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;CACJ,CAAA;AA7MY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;IASJ,WAAA,IAAA,0BAAgB,EAAC,0BAAY,CAAC,CAAA;IAE9B,WAAA,IAAA,0BAAgB,EAAC,kCAAgB,CAAC,CAAA;qCADA,oBAAU;QAEF,oBAAU;QACxB,wBAAU;GAZlC,iBAAiB,CA6M7B"}
|
|
@@ -9,6 +9,8 @@ export interface AuthProviderUser {
|
|
|
9
9
|
phone?: string;
|
|
10
10
|
username?: string;
|
|
11
11
|
metadata?: Record<string, any>;
|
|
12
|
+
emailVerified?: boolean;
|
|
13
|
+
phoneVerified?: boolean;
|
|
12
14
|
}
|
|
13
15
|
export type LinkUserWith = 'email' | 'phone';
|
|
14
16
|
export declare abstract class BaseAuthProvider {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-auth.provider.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/providers/base-auth.provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAS,UAAU,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAC;AAEvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AACjF,OAAO,EAAE,uBAAuB,EAAE,MAAM,2CAA2C,CAAC;AAEpF,MAAM,WAAW,gBAAgB;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"base-auth.provider.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/providers/base-auth.provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAS,UAAU,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAC;AAEvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AACjF,OAAO,EAAE,uBAAuB,EAAE,MAAM,2CAA2C,CAAC;AAEpF,MAAM,WAAW,gBAAgB;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAO/B,aAAa,CAAC,EAAE,OAAO,CAAC;IAKxB,aAAa,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,OAAO,CAAC;AAG7C,8BAAsB,gBAAgB;IAO9B,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC;IAC3D,SAAS,CAAC,QAAQ,CAAC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC;IAP3E,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,kBAAkB,CAAC;IAC5B,OAAO,UAAS;gBAGO,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC,EACxC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC;IASrE,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IA6B7F,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAatE,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAW3F,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,uBAAuB,CAAC,aAAa,CAAC,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAE3H,QAAQ,CAAC,iBAAiB,IAAI,MAAM,EAAE;IAGtC,YAAY,IAAI,YAAY;CAG/B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-auth.provider.js","sourceRoot":"","sources":["../../../../src/lib/core/providers/base-auth.provider.ts"],"names":[],"mappings":";;;AAAA,qCAA4C;AAG5C,yEAAoE;
|
|
1
|
+
{"version":3,"file":"base-auth.provider.js","sourceRoot":"","sources":["../../../../src/lib/core/providers/base-auth.provider.ts"],"names":[],"mappings":";;;AAAA,qCAA4C;AAG5C,yEAAoE;AA2BpE,MAAsB,gBAAgB;IAOX;IACA;IANvB,OAAO,CAAU;IACjB,OAAO,CAAqB;IAC5B,OAAO,GAAG,KAAK,CAAC;IAEhB,YACuB,cAAwC,EACxC,sBAAoD;QADpD,mBAAc,GAAd,cAAc,CAA0B;QACxC,2BAAsB,GAAtB,sBAAsB,CAA8B;QAEvE,IAAI,CAAC,OAAO,GAAG,uCAAiB,CAAC,UAAU,EAAE,CAAC;IAClD,CAAC;IAMD,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,UAAkB,EAAE,QAA8B;QAE/E,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC;YAC/D,KAAK,EAAE;gBACH,MAAM;gBACN,QAAQ,EAAE,IAAI,CAAC,YAAY;gBAC3B,UAAU,EAAE,UAAU;aACzB;SACJ,CAAC,CAAC;QAEH,IAAI,gBAAgB,EAAE,CAAC;YAEnB,IAAI,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/C,gBAAgB,CAAC,QAAQ,GAAG,EAAE,GAAG,gBAAgB,CAAC,QAAQ,EAAE,GAAG,QAAQ,EAAE,CAAC;gBAC1E,MAAM,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC7D,CAAC;YACD,OAAO;QACX,CAAC;QAGD,MAAM,QAAQ,GAAG,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC;YAChD,MAAM;YACN,QAAQ,EAAE,IAAI,CAAC,YAAY;YAC3B,UAAU,EAAE,UAAU;YACtB,QAAQ,EAAE,QAAQ,IAAI,EAAE;SAC3B,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,MAAc;QACrC,OAAO,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC;YACvC,KAAK,EAAE;gBACH,MAAM;gBACN,QAAQ,EAAE,IAAI,CAAC,YAAY;aAC9B;YACD,SAAS,EAAE,CAAC,MAAM,CAAC;SACtB,CAAC,CAAC;IACP,CAAC;IAKD,KAAK,CAAC,YAAY,CAAC,UAAkB,EAAE,QAAiB;QACpD,OAAO,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC;YACvC,KAAK,EAAE;gBACH,QAAQ,EAAE,IAAI,CAAC,YAAY;gBAC3B,UAAU,EAAE,UAAU;gBACtB,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,EAAE,QAAQ,EAAE,IAAA,eAAK,EAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACjF;YACD,SAAS,EAAE,CAAC,MAAM,CAAC;SACtB,CAAC,CAAC;IACP,CAAC;IAOD,YAAY;QACR,OAAO,OAAO,CAAC;IACnB,CAAC;CACJ;AA9ED,4CA8EC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"email-auth.provider.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/providers/email-auth.provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAExD,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kDAAkD,CAAC;AAGvF,qBACa,iBAAkB,SAAQ,gBAAgB;IAK/C,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC;IAE3D,SAAS,CAAC,QAAQ,CAAC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC;IAN3E,YAAY,SAAuB;gBAIZ,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC,EAExC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC;IAUrE,YAAY,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAYzF,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAKjG,QAAQ,CAAC,WAAW,EAAE,mBAAmB,EAAE,QAAQ,CAAC,EAAE,MAAM;;;;;
|
|
1
|
+
{"version":3,"file":"email-auth.provider.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/providers/email-auth.provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAExD,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kDAAkD,CAAC;AAGvF,qBACa,iBAAkB,SAAQ,gBAAgB;IAK/C,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC;IAE3D,SAAS,CAAC,QAAQ,CAAC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC;IAN3E,YAAY,SAAuB;gBAIZ,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC,EAExC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC;IAUrE,YAAY,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAYzF,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAKjG,QAAQ,CAAC,WAAW,EAAE,mBAAmB,EAAE,QAAQ,CAAC,EAAE,MAAM;;;;;IAsClE,iBAAiB,IAAI,MAAM,EAAE;CAGhC"}
|
|
@@ -50,11 +50,22 @@ let EmailAuthProvider = class EmailAuthProvider extends base_auth_provider_1.Bas
|
|
|
50
50
|
throw new common_1.BadRequestException('Email is required');
|
|
51
51
|
}
|
|
52
52
|
const identity = await this.findIdentity(emailNorm, tenantId);
|
|
53
|
-
if (!identity?.user
|
|
53
|
+
if (!identity?.user) {
|
|
54
|
+
throw new common_1.UnauthorizedException('Invalid credentials');
|
|
55
|
+
}
|
|
56
|
+
const userWithHash = await this.userRepository.findOne({
|
|
57
|
+
where: { id: identity.user.id },
|
|
58
|
+
select: { id: true, passwordHash: true },
|
|
59
|
+
});
|
|
60
|
+
if (!userWithHash?.passwordHash) {
|
|
61
|
+
throw new common_1.UnauthorizedException('Invalid credentials');
|
|
62
|
+
}
|
|
63
|
+
identity.user.passwordHash = userWithHash.passwordHash;
|
|
64
|
+
if (!(await identity.user.validatePassword(credentials.password))) {
|
|
54
65
|
throw new common_1.UnauthorizedException('Invalid credentials');
|
|
55
66
|
}
|
|
56
67
|
return {
|
|
57
|
-
userId: identity.user?.
|
|
68
|
+
userId: identity.user?.id,
|
|
58
69
|
email: identity.user?.email || '',
|
|
59
70
|
metadata: identity.user,
|
|
60
71
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"email-auth.provider.js","sourceRoot":"","sources":["../../../../src/lib/core/providers/email-auth.provider.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAwF;AACxF,6CAAmD;AACnD,qCAAqC;AACrC,6DAAwD;AACxD,yDAA2D;AAC3D,iEAA+D;AAC/D,yEAAuE;AAEvE,uCAA8C;AAGvC,IAAM,iBAAiB,GAAvB,MAAM,iBAAkB,SAAQ,qCAAgB;IAK5B;IAEA;IANvB,YAAY,GAAG,oCAAmB,CAAC;IAEnC,YAEuB,cAAwC,EAExC,sBAAoD;QAEvE,KAAK,CAAC,cAAc,EAAE,sBAAsB,CAAC,CAAC;QAJ3B,mBAAc,GAAd,cAAc,CAA0B;QAExC,2BAAsB,GAAtB,sBAAsB,CAA8B;QAIvE,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC;IACnD,CAAC;IAKD,KAAK,CAAC,YAAY,CAAC,cAAsB,EAAE,QAAiB;QACxD,MAAM,SAAS,GAAG,IAAA,uBAAe,EAAC,cAAc,CAAC,CAAC;QAClD,IAAI,SAAS,EAAE,CAAC;YACZ,MAAM,kBAAkB,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YACzE,IAAI,kBAAkB;gBAAE,OAAO,kBAAkB,CAAC;QACtD,CAAC;QACD,OAAO,KAAK,CAAC,YAAY,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACxD,CAAC;IAKD,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,cAAsB,EAAE,QAA8B;QACnF,MAAM,SAAS,GAAG,IAAA,uBAAe,EAAC,cAAc,CAAC,CAAC;QAClD,OAAO,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,SAAS,IAAI,cAAc,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,WAAgC,EAAE,QAAiB;QAC9D,MAAM,SAAS,GAAG,IAAA,uBAAe,EAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAErD,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,MAAM,IAAI,4BAAmB,CAAC,mBAAmB,CAAC,CAAC;QACvD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAE9D,IAAI,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"email-auth.provider.js","sourceRoot":"","sources":["../../../../src/lib/core/providers/email-auth.provider.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAwF;AACxF,6CAAmD;AACnD,qCAAqC;AACrC,6DAAwD;AACxD,yDAA2D;AAC3D,iEAA+D;AAC/D,yEAAuE;AAEvE,uCAA8C;AAGvC,IAAM,iBAAiB,GAAvB,MAAM,iBAAkB,SAAQ,qCAAgB;IAK5B;IAEA;IANvB,YAAY,GAAG,oCAAmB,CAAC;IAEnC,YAEuB,cAAwC,EAExC,sBAAoD;QAEvE,KAAK,CAAC,cAAc,EAAE,sBAAsB,CAAC,CAAC;QAJ3B,mBAAc,GAAd,cAAc,CAA0B;QAExC,2BAAsB,GAAtB,sBAAsB,CAA8B;QAIvE,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC;IACnD,CAAC;IAKD,KAAK,CAAC,YAAY,CAAC,cAAsB,EAAE,QAAiB;QACxD,MAAM,SAAS,GAAG,IAAA,uBAAe,EAAC,cAAc,CAAC,CAAC;QAClD,IAAI,SAAS,EAAE,CAAC;YACZ,MAAM,kBAAkB,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YACzE,IAAI,kBAAkB;gBAAE,OAAO,kBAAkB,CAAC;QACtD,CAAC;QACD,OAAO,KAAK,CAAC,YAAY,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACxD,CAAC;IAKD,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,cAAsB,EAAE,QAA8B;QACnF,MAAM,SAAS,GAAG,IAAA,uBAAe,EAAC,cAAc,CAAC,CAAC;QAClD,OAAO,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,SAAS,IAAI,cAAc,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,WAAgC,EAAE,QAAiB;QAC9D,MAAM,SAAS,GAAG,IAAA,uBAAe,EAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAErD,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,MAAM,IAAI,4BAAmB,CAAC,mBAAmB,CAAC,CAAC;QACvD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAE9D,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;YAClB,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QAC3D,CAAC;QAMD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YACnD,KAAK,EAAE,EAAE,EAAE,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE;YAC/B,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE;SAC3C,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,EAAE,YAAY,EAAE,CAAC;YAC9B,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QAC3D,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC,YAAY,CAAC;QAEvD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAChE,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO;YACH,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE;YACzB,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE;YACjC,QAAQ,EAAE,QAAQ,CAAC,IAAI;SAC1B,CAAC;IACN,CAAC;IAED,iBAAiB;QACb,OAAO,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IACjC,CAAC;CACJ,CAAA;AA3EY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;IAKJ,WAAA,IAAA,0BAAgB,EAAC,0BAAY,CAAC,CAAA;IAE9B,WAAA,IAAA,0BAAgB,EAAC,kCAAgB,CAAC,CAAA;qCADA,oBAAU;QAEF,oBAAU;GAPhD,iBAAiB,CA2E7B"}
|
|
@@ -9,9 +9,12 @@ export declare class GitHubAuthProvider extends BaseAuthProvider {
|
|
|
9
9
|
providerName: string;
|
|
10
10
|
private githubConfig;
|
|
11
11
|
constructor(userRepository: Repository<NestAuthUser>, authIdentityRepository: Repository<NestAuthIdentity>);
|
|
12
|
+
private get userApiUrl();
|
|
13
|
+
private get emailsApiUrl();
|
|
12
14
|
validate(credentials: SocialCredentialsDto, _tenantId?: string): Promise<{
|
|
13
15
|
userId: any;
|
|
14
16
|
email: any;
|
|
17
|
+
emailVerified: boolean;
|
|
15
18
|
metadata: {
|
|
16
19
|
name: any;
|
|
17
20
|
login: any;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"github-auth.provider.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/providers/github-auth.provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAC;AAEvE,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,mDAAmD,CAAC;AAEzF,qBACa,kBAAmB,SAAQ,gBAAgB;IAMhD,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC;IAE3D,SAAS,CAAC,QAAQ,CAAC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC;IAP3E,YAAY,SAAwB;IACpC,OAAO,CAAC,YAAY,CAA+B;gBAI5B,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC,EAExC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"github-auth.provider.d.ts","sourceRoot":"","sources":["../../../../src/lib/core/providers/github-auth.provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAC;AAEvE,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,mDAAmD,CAAC;AAEzF,qBACa,kBAAmB,SAAQ,gBAAgB;IAMhD,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC;IAE3D,SAAS,CAAC,QAAQ,CAAC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC;IAP3E,YAAY,SAAwB;IACpC,OAAO,CAAC,YAAY,CAA+B;gBAI5B,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC,EAExC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC;IAQ3E,OAAO,KAAK,UAAU,GAErB;IAED,OAAO,KAAK,YAAY,GAEvB;IAEK,QAAQ,CAAC,WAAW,EAAE,oBAAoB,EAAE,SAAS,CAAC,EAAE,MAAM;;;;;;;;;;;;;IAyGpE,iBAAiB,IAAI,MAAM,EAAE;CAGhC"}
|