@ackplus/nest-auth 2.5.2 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -5455,7 +5455,7 @@ export class OnboardingService {
5455
5455
  - Header mode (default): Returns new tokens in response body
5456
5456
  - Cookie mode: Sets new tokens in HTTP-only cookies and returns success message`,operationId:"AuthController_refreshToken",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthRefreshTokenRequestDto"}}}},responses:{200:{description:"Header mode: Returns message + tokens in body",content:{"application/json":{schema:{$ref:"#/components/schemas/AuthWithTokensResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Refresh Token",tags:["Authentication"]}},"/auth/mfa/challenge":{post:{operationId:"MfaController_challenge",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthSendMfaCodeRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthMfaCodeSentResponseDto"}}}},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Send MFA code for setup/verification",tags:["MFA"]}},"/auth/mfa/verify":{post:{description:`Verify multi-factor authentication. Response format depends on accessTokenType configuration:
5457
5457
  - Header mode (default): Returns tokens in response body
5458
- - Cookie mode: Sets tokens in HTTP-only cookies and returns success message`,operationId:"AuthController_verify2fa",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthVerify2faRequestDto"}}}},responses:{200:{description:"Header mode: Returns message + tokens in body",content:{"application/json":{schema:{$ref:"#/components/schemas/Verify2faWithTokensResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Verify MFA",tags:["Authentication"]}},"/auth/logout":{post:{operationId:"AuthController_logout",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthLogoutResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Logout",tags:["Authentication"]}},"/auth/logout-all":{post:{operationId:"AuthController_logoutAll",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthLogoutAllResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Logout All",tags:["Authentication"]}},"/auth/switch-tenant":{post:{operationId:"AuthController_switchTenant",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthSwitchTenantRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/AuthWithTokensResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Switch Active Tenant",tags:["Authentication"]}},"/auth/me":{get:{operationId:"AuthController_sessionUserData",parameters:[],responses:{200:{description:"Current user data"},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Get Session User Data and menage extra user data from config",tags:["Authentication"]}},"/auth/change-password":{post:{operationId:"AuthController_changePassword",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthChangePasswordRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/MessageResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Change Password",tags:["Authentication"]}},"/auth/forgot-password":{post:{operationId:"AuthController_forgotPassword",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthForgotPasswordRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthPasswordResetLinkSentResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Forgot password",tags:["Authentication"]}},"/auth/verify-forgot-password-otp":{post:{operationId:"AuthController_verifyForgotPasswordOtp",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthVerifyForgotPasswordOtpRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/VerifyOtpResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Verify Forgot Password OTP and get reset token",tags:["Authentication"]}},"/auth/reset-password":{post:{operationId:"AuthController_resetPassword",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthResetPasswordWithTokenRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthPasswordResetResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Reset password",tags:["Authentication"]}},"/auth/client-config":{get:{description:"Public configuration for clients (tenant mode, auth methods, registration, MFA, etc.). No auth required.",operationId:"AuthController_getClientConfig",parameters:[],responses:{200:{description:"Client configuration"},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Client config",tags:["Authentication"]}},"/auth/accounts":{get:{description:"Cookie-mode account switcher: lists the accounts this browser is logged into, derived from the per-account token cookies it holds (httpOnly tokens are never returned — only id/email/tenant + which is active). Empty unless session.allowMultipleAccounts is enabled.",operationId:"AuthController_listAccounts",parameters:[],responses:{200:{description:"Logged-in accounts for this browser"},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"List logged-in accounts (cookie multi-account)",tags:["Authentication"]}},"/auth/tenants/lookup":{get:{description:"ISOLATED-mode login helper: resolve a tenant slug to its id so the login form can supply the right tenantId (the same email is a distinct account per tenant). Returns minimal public fields; 404 if not found. Broader name search/autocomplete is intentionally left to your app to avoid tenant enumeration.",operationId:"AuthController_lookupTenant",parameters:[{name:"slug",required:!0,in:"query",schema:{type:"string"}}],responses:{200:{description:"The resolved tenant: { id, slug, name }"},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Resolve a tenant by slug (public)",tags:["Authentication"]}},"/auth/user":{get:{operationId:"AuthController_getUser",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/UserResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Get Logged In User",tags:["Authentication"]}},"/auth/verify-session":{get:{description:"Lightweight endpoint to verify if the current session is valid. Returns minimal information without fetching full user data.",operationId:"AuthController_verifySession",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{properties:{valid:{type:"boolean",example:!0},userId:{type:"string",example:"123e4567-e89b-12d3-a456-426614174000"},expiresAt:{type:"string",example:"2024-01-01T12:00:00.000Z"}}}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Verify Session",tags:["Authentication"]}},"/auth/send-email-verification":{post:{operationId:"AuthController_sendEmailVerification",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthSendEmailVerificationRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthEmailVerificationSentResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Send email verification",tags:["Authentication"]}},"/auth/verify-email":{post:{operationId:"AuthController_verifyEmail",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthVerifyEmailRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthEmailVerifiedResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Verify Email",tags:["Authentication"]}},"/auth/send-phone-verification":{post:{operationId:"AuthController_sendPhoneVerification",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthSendPhoneVerificationRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthPhoneVerificationSentResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Send phone verification (SMS OTP)",tags:["Authentication"]}},"/auth/verify-phone":{post:{operationId:"AuthController_verifyPhone",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthVerifyPhoneRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthPhoneVerifiedResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Verify phone number with OTP",tags:["Authentication"]}},"/auth/callback/{provider}":{get:{description:"OAuth callback endpoint for SSO providers. Exchanges authorization code for access token and returns raw SSO user info. Returns HTML page that posts SSO data to parent window and auto-closes.",operationId:"AuthController_ssoCallback",parameters:[{name:"provider",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"SSO Callback",tags:["Authentication"]}},"/auth/mfa/status":{get:{operationId:"MfaController_getStatus",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/MfaStatusResponseDto"}}}},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Get MFA status for the current user",tags:["MFA"]}},"/auth/mfa/toggle":{post:{operationId:"MfaController_toggleMfa",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthToggleMfaRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthMfaToggleResponseDto"}}}},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Enable or disable MFA for the current user",tags:["MFA"]}},"/auth/mfa/devices":{get:{operationId:"MfaController_listDevices",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{type:"array",items:{$ref:"#/components/schemas/MfaDeviceDto"}}}}},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"List registered MFA devices",tags:["MFA"]}},"/auth/mfa/devices/{deviceId}":{delete:{operationId:"MfaController_removeDevice",parameters:[{name:"deviceId",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthMfaDeviceRemovedResponseDto"}}}},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Remove a registered MFA device",tags:["MFA"]}},"/auth/mfa/setup-totp":{post:{operationId:"MfaController_setupTotp",parameters:[],responses:{200:{description:""},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Setup TOTP Device",tags:["MFA"]}},"/auth/mfa/verify-totp-setup":{post:{operationId:"MfaController_verifyTotpSetup",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthVerifyTotpSetupRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthMfaDeviceVerifiedResponseDto"}}}},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Verify TOTP Setup",tags:["MFA"]}},"/auth/mfa/generate-recovery-code":{post:{operationId:"MfaController_generateRecoveryCodes",parameters:[],responses:{200:{description:""},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Generate Recovery Codes",tags:["MFA"]}},"/auth/mfa/reset-totp":{post:{operationId:"MfaController_resetTotp",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthMfaResetResponseDto"}}}},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Reset TOTP Device",tags:["MFA"]}},"/auth/admin/signup":{post:{operationId:"AdminAuthController_signup",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminSignupDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Create an admin (secret-key gated)",tags:["Admin · Console"]}},"/auth/admin/login":{post:{operationId:"AdminAuthController_login",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminLoginDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Admin login (sets the session cookie)",tags:["Admin · Console"]}},"/auth/admin/me":{get:{operationId:"AdminAuthController_me",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Current admin",tags:["Admin · Console"]}},"/auth/admin/logout":{post:{operationId:"AdminAuthController_logout",parameters:[],responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Admin logout",tags:["Admin · Console"]}},"/auth/admin/config":{get:{operationId:"AdminAuthController_publicConfig",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Public admin-console config",tags:["Admin · Console"]}},"/auth/admin/api/stats":{get:{operationId:"AdminAuthController_getDashboardStats",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Dashboard stats",tags:["Admin · Console"]}},"/auth/admin/admins":{get:{operationId:"AdminAuthController_listAdmins",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"List admins",tags:["Admin · Console"]},post:{operationId:"AdminAuthController_createAdmin",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/CreateDashboardAdminDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Create an admin",tags:["Admin · Console"]}},"/auth/admin/admins/{id}":{patch:{operationId:"AdminAuthController_updateAdmin",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/UpdateDashboardAdminDto"}}}},responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Update an admin",tags:["Admin · Console"]},delete:{operationId:"AdminAuthController_deleteAdmin",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Delete an admin",tags:["Admin · Console"]}},"/auth/admin/reset-password":{post:{operationId:"AdminAuthController_resetPassword",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminResetPasswordDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Reset an admin's password",tags:["Admin · Console"]}},"/auth/admin/api/users":{get:{operationId:"AdminUsersController_listUsers",parameters:[{name:"page",required:!0,in:"query",schema:{type:"string"}},{name:"limit",required:!0,in:"query",schema:{type:"string"}},{name:"search",required:!0,in:"query",schema:{type:"string"}},{name:"status",required:!0,in:"query",schema:{type:"string"}},{name:"tenantId",required:!0,in:"query",schema:{type:"string"}},{name:"roleName",required:!0,in:"query",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List users (paginated, cross-tenant; filter by status/tenant/role/search)",tags:["Admin · Users"]},post:{operationId:"AdminUsersController_createUser",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminCreateUserDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Create a user",tags:["Admin · Users"]}},"/auth/admin/api/users/{id}":{get:{operationId:"AdminUsersController_getUser",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Get a user (with roles, sessions, identities)",tags:["Admin · Users"]},patch:{operationId:"AdminUsersController_updateUser",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminUpdateUserDto"}}}},responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Update a user",tags:["Admin · Users"]},delete:{operationId:"AdminUsersController_deleteUser",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Delete a user",tags:["Admin · Users"]}},"/auth/admin/api/users/{id}/totp-devices/{deviceId}":{delete:{operationId:"AdminUsersController_deleteTotpDevice",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}},{name:"deviceId",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Remove a user's TOTP device",tags:["Admin · Users"]}},"/auth/admin/api/users/{id}/sessions":{get:{operationId:"AdminUsersController_listSessions",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List a user's active sessions",tags:["Admin · Users"]},delete:{operationId:"AdminUsersController_revokeAllSessions",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Revoke all of a user's sessions",tags:["Admin · Users"]}},"/auth/admin/api/users/{id}/sessions/{sessionId}":{delete:{operationId:"AdminUsersController_revokeSession",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}},{name:"sessionId",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Revoke a single user session",tags:["Admin · Users"]}},"/auth/admin/api/roles":{get:{operationId:"AdminRolesController_listRoles",parameters:[{name:"tenantId",required:!0,in:"query",schema:{type:"string"}},{name:"guard",required:!0,in:"query",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Role not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List roles",tags:["Admin · Roles"]},post:{operationId:"AdminRolesController_createRole",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminCreateRoleDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Role not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Create a role",tags:["Admin · Roles"]}},"/auth/admin/api/roles/{id}":{patch:{operationId:"AdminRolesController_updateRole",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminUpdateRoleDto"}}}},responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Role not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Update a role",tags:["Admin · Roles"]},delete:{operationId:"AdminRolesController_deleteRole",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Role not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Delete a role",tags:["Admin · Roles"]}},"/auth/admin/api/tenants":{get:{operationId:"AdminTenantsController_listTenants",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Tenant not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List tenants",tags:["Admin · Tenants"]},post:{operationId:"AdminTenantsController_createTenant",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminCreateTenantDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Tenant not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Create a tenant",tags:["Admin · Tenants"]}},"/auth/admin/api/tenants/{id}":{patch:{operationId:"AdminTenantsController_updateTenant",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminUpdateTenantDto"}}}},responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Tenant not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Update a tenant",tags:["Admin · Tenants"]},delete:{operationId:"AdminTenantsController_deleteTenant",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Tenant not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Delete a tenant",tags:["Admin · Tenants"]}},"/auth/admin/api/permissions":{get:{operationId:"AdminPermissionsController_listPermissions",parameters:[{name:"search",required:!0,in:"query",schema:{type:"string"}},{name:"category",required:!0,in:"query",schema:{type:"string"}},{name:"guard",required:!0,in:"query",schema:{type:"string"}},{name:"limit",required:!0,in:"query",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List permissions",tags:["Admin · Permissions"]},post:{operationId:"AdminPermissionsController_createPermission",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminCreatePermissionDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Create a permission",tags:["Admin · Permissions"]}},"/auth/admin/api/permissions/guards":{get:{operationId:"AdminPermissionsController_getGuards",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List guard namespaces",tags:["Admin · Permissions"]}},"/auth/admin/api/permissions/search":{get:{operationId:"AdminPermissionsController_searchPermissions",parameters:[{name:"q",required:!0,in:"query",schema:{type:"string"}},{name:"guard",required:!0,in:"query",schema:{type:"string"}},{name:"limit",required:!0,in:"query",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Search permissions",tags:["Admin · Permissions"]}},"/auth/admin/api/permissions/categories":{get:{operationId:"AdminPermissionsController_getCategories",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List permission categories",tags:["Admin · Permissions"]}},"/auth/admin/api/permissions/{id}":{get:{operationId:"AdminPermissionsController_getPermission",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Get a permission",tags:["Admin · Permissions"]},patch:{operationId:"AdminPermissionsController_updatePermission",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminUpdatePermissionDto"}}}},responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Update a permission",tags:["Admin · Permissions"]},delete:{operationId:"AdminPermissionsController_deletePermission",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Delete a permission",tags:["Admin · Permissions"]}}},gtn={title:"@ackplus/nest-auth API",description:"Authentication & authorization API for **@ackplus/nest-auth**.\n\n### Conventions\n- **Base URL** — routes are shown relative to your app’s global prefix. The reference example app uses `/api`, so a route like `POST /auth/login` is called at `POST /api/auth/login`.\n- **Auth** — most endpoints require a Bearer access token: `Authorization: Bearer <accessToken>`. The **Admin** endpoints use an httpOnly session cookie set by `POST /auth/admin/login`.\n- **Token modes** — in *header* mode (default) tokens are returned in the response body; in *cookie* mode they are set as httpOnly cookies. Controlled by `accessTokenType`.\n- **Errors** — failures return `{ statusCode, error, message, code }`; the machine-readable `code` is the value to branch on.\n\nBrowse by section in the sidebar: **Authentication**, **Password**, **Verification**, **Passwordless**, **MFA**, and the **Admin** groups.",version:"2.5.2",contact:{}},btn=[{name:"Authentication",description:"Sign up, log in/out, refresh, sessions, password, verification, passwordless, account introspection, tenant switching."},{name:"MFA",description:"Multi-factor: TOTP, email/SMS OTP, recovery codes, trusted devices."},{name:"Admin · Console",description:"Admin sign-in (cookie session), profile, dashboard stats, and managing admins."},{name:"Admin · Users",description:"Cross-tenant user management: list, create, update, delete, sessions, MFA reset."},{name:"Admin · Roles",description:"Create and manage roles + their permissions."},{name:"Admin · Permissions",description:"Create and manage permissions."},{name:"Admin · Tenants",description:"Create and manage tenants."}],ytn=[{url:"/api",description:"Default — your app’s global prefix (the example app uses `api`)"},{url:"/",description:"No global prefix"}],vtn={securitySchemes:{"access-token":{scheme:"bearer",bearerFormat:"JWT",type:"http",description:"Paste an access token from /auth/login"},"admin-session":{type:"apiKey",in:"cookie",name:"nest_auth_admin"}},schemas:{ApiErrorResponseDto:{type:"object",properties:{statusCode:{type:"number",example:401,description:"HTTP status code"},error:{type:"string",example:"Unauthorized",description:"HTTP status text / exception name"},message:{type:"string",example:"Invalid credentials",description:"Human-readable message"},code:{type:"string",example:"INVALID_CREDENTIALS",description:"Stable, machine-readable error code — branch on this, not the message"}},required:["statusCode","error","message","code"]},NestAuthSignupRequestDto:{type:"object",properties:{email:{type:"string",description:"User email address (required if phone not provided)",example:"user@example.com"},phone:{type:"string",description:"User phone number (required if email not provided)",example:"+1234567890"},password:{type:"string",description:"User password",example:"SecurePass123!",minLength:8},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"},guard:{type:"string",description:"Guard context (e.g. admin, web, vendor) for isolation. Deprecated: use client",example:"admin",deprecated:!0}},required:["password"]},AuthWithTokensResponseDto:{type:"object",properties:{accessToken:{type:"string",description:"JWT access token (short-lived)",example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJpYXQiOjE2OTk5OTk5OTksImV4cCI6MTY5OTk5OTk5OX0.xyz"},refreshToken:{type:"string",description:"JWT refresh token (long-lived)",example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVzaCIsImlhdCI6MTY5OTk5OTk5OX0.abc"},message:{type:"string",description:"Success message (added by controller based on configuration)",example:"Login successful"},isRequiresMfa:{type:"boolean",description:"Whether multi-factor authentication is required",example:!1},mustChangePassword:{type:"boolean",description:"True when the user must set a new password before using the app (e.g. an admin-set temporary password). Route them to the change-password screen.",example:!1},mfaMethods:{type:"array",description:"Available MFA methods when isRequiresMfa is true",example:["email","totp"],items:{type:"string",enum:["email","sms","totp"]}},defaultMfaMethod:{type:"string",description:"Default/recommended MFA method",example:"email",enum:["email","sms","totp"]},trustToken:{type:"string",description:"Trust token for trusted device verification",example:"1234567890"}},required:["accessToken","refreshToken","isRequiresMfa"]},NestAuthInviteRequestDto:{type:"object",properties:{email:{type:"string",description:"Email address to invite",example:"member@acme.test"},phone:{type:"string",description:"Phone number to invite",example:"+15551234567"},tenantId:{type:"string",description:"Tenant to invite the member into (ISOLATED: the same email is a distinct account per tenant).",example:"123e4567-e89b-12d3-a456-426614174000"},metadata:{type:"object",description:"Optional metadata stored on a new user and echoed on the invite event for your email template."}}},EmailCredentialsDto:{type:"object",properties:{email:{type:"string",description:"User email address",example:"user@example.com"},password:{type:"string",description:"User password",example:"SecurePass123!",minLength:8}},required:["email","password"]},PhoneCredentialsDto:{type:"object",properties:{phone:{type:"string",description:"User phone number",example:"+1234567890"},password:{type:"string",description:"User password",example:"SecurePass123!",minLength:8}},required:["phone","password"]},SocialCredentialsDto:{type:"object",properties:{token:{type:"string",description:"OAuth token or ID token from social provider",example:"ya29.a0AfH6SMBx1234567890abcdefghijklmnop"},type:{type:"string",description:"How to interpret the supplied token. Required only for Google: `idToken` (default) verifies a Google-signed ID token client-side; `accessToken` calls Google's userinfo endpoint with a Bearer access token. Other providers (Facebook, Apple, GitHub) ignore this field.",example:"idToken",enum:["idToken","accessToken"],default:"idToken"},name:{type:"string",description:"Display name from the provider. Apple only returns the user's name on the FIRST native sign-in, so pass it here to persist it (ignored by other providers).",example:"Ada Lovelace"},nonce:{type:"string",description:"Nonce used for native sign-in replay protection. When provided, it must match the `nonce` claim in the verified Apple identityToken."}},required:["token"]},PasswordlessOtpCredentialsDto:{type:"object",properties:{identifier:{type:"string",description:"Email or phone (same value as in send request)",example:"user@example.com"},channels:{type:"array",description:"Channel(s) to try in order. Use both when the client is unsure whether `identifier` is email or phone.",example:["email","sms"],items:{type:"string",enum:["email","sms"]}},code:{type:"string",description:"One-time code from email or SMS",example:"123456"}},required:["identifier","channels","code"]},NestAuthLoginRequestDto:{type:"object",properties:{providerName:{type:"string",description:"Authentication provider name",example:"email",enum:["email","phone","passwordless","google","facebook","apple","github"],default:"email"},credentials:{description:"Login credentials - type varies by provider",examples:{emailLogin:{summary:"Email + password",value:{email:"user@example.com",password:"SecurePass123!"}},phoneLogin:{summary:"Phone + password",value:{phone:"+1234567890",password:"SecurePass123!"}},passwordlessOtp:{summary:"Passwordless OTP — set providerName to passwordless (after POST /auth/passwordless/send)",value:{providerName:"passwordless",credentials:{identifier:"user@example.com",channels:["email","sms"],code:"123456"}}},socialLogin:{summary:"Social Login (Google/Facebook/etc)",value:{token:"ya29.a0AfH6SMBx...",type:"idToken"}}},oneOf:[{$ref:"#/components/schemas/EmailCredentialsDto"},{$ref:"#/components/schemas/PhoneCredentialsDto"},{$ref:"#/components/schemas/SocialCredentialsDto"},{$ref:"#/components/schemas/PasswordlessOtpCredentialsDto"}]},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"},guard:{type:"string",description:"Guard context (e.g. admin, web, vendor) for isolation. Deprecated: use client",example:"admin",deprecated:!0},createUserIfNotExists:{type:"boolean",description:"Auto-create user if not exists (for social auth)",default:!1},rememberMe:{type:"boolean",description:'"Remember me". In cookie mode, `false` issues SESSION cookies that clear when the browser closes (good for shared devices); `true`/omitted keeps the persistent cookies. The choice is sticky across token refresh. In header mode the client decides persistence by its storage adapter.',default:!0}},required:["credentials"]},NestAuthPasswordlessSendRequestDto:{type:"object",properties:{identifier:{type:"string",description:"Email or phone (per `channel`)",example:"user@example.com"},channel:{type:"string",enum:["email","sms"]},tenantId:{type:"string"}},required:["identifier","channel"]},MessageResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message"}},required:["message"]},NestAuthRefreshTokenRequestDto:{type:"object",properties:{refreshToken:{type:"string",description:"Refresh token to obtain new access token",example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVzaCJ9.abc123"}}},NestAuthMfaCodeSentResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"MFA code sent successfully"}},required:["message"]},NestAuthMFAMethodEnum:{type:"string",enum:["email","sms","totp"]},NestAuthVerify2faRequestDto:{type:"object",properties:{method:{description:"MFA method used",example:"totp",allOf:[{$ref:"#/components/schemas/NestAuthMFAMethodEnum"}]},otp:{type:"string",description:"One-time password code",example:"123456",minLength:6,maxLength:8},trustDevice:{type:"boolean",description:"Whether to trust this device for future logins",example:!0}},required:["method","otp"]},UserResponseDto:{type:"object",properties:{id:{type:"string",description:"User unique identifier",example:"123e4567-e89b-12d3-a456-426614174000"},email:{type:"string",description:"User email address",example:"user@example.com"},phone:{type:"string",description:"User phone number",example:"+1234567890"},emailVerifiedAt:{format:"date-time",type:"string",description:"Email verification status",example:!0},phoneVerifiedAt:{format:"date-time",type:"string",description:"Phone verification status",example:!0},isMfaEnabled:{type:"boolean",description:"Whether MFA is enabled for this user",example:!1},roles:{description:"User roles (role names)",example:["admin","user"],type:"array",items:{type:"string"}},permissions:{description:"User permissions (flattened from roles)",example:["read:users","write:users"],type:"array",items:{type:"string"}},metadata:{type:"object",description:"Additional user metadata",example:{firstName:"John",lastName:"Doe"}},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"tenant-123"}},required:["id","emailVerifiedAt","phoneVerifiedAt"]},Verify2faWithTokensResponseDto:{type:"object",properties:{accessToken:{type:"string",description:"JWT access token (short-lived)",example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJpYXQiOjE2OTk5OTk5OTksImV4cCI6MTY5OTk5OTk5OX0.xyz"},refreshToken:{type:"string",description:"JWT refresh token (long-lived)",example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVzaCIsImlhdCI6MTY5OTk5OTk5OX0.abc"},message:{type:"string",description:"Verification success message (added by controller)",example:"2FA verification successful"},user:{description:"User information with roles and permissions",allOf:[{$ref:"#/components/schemas/UserResponseDto"}]}},required:["accessToken","refreshToken"]},NestAuthLogoutResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Logged out successfully"}},required:["message"]},NestAuthLogoutAllResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Logged out from all devices"}},required:["message"]},NestAuthSwitchTenantRequestDto:{type:"object",properties:{tenantId:{type:"string",description:"Tenant ID to switch into",example:"123e4567-e89b-12d3-a456-426614174000"}},required:["tenantId"]},NestAuthChangePasswordRequestDto:{type:"object",properties:{currentPassword:{type:"string",description:"Current password",example:"DemoOwner1!",minLength:8},newPassword:{type:"string",description:"New password",example:"DemoOwner1!New",minLength:8}},required:["currentPassword","newPassword"]},NestAuthForgotPasswordRequestDto:{type:"object",properties:{email:{type:"string",description:"User email address (required if phone not provided)",example:"user@example.com"},phone:{type:"string",description:"User phone number (required if email not provided)",example:"+1234567890"},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"}}},NestAuthPasswordResetLinkSentResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"If your email is registered, you will receive a password reset link"}},required:["message"]},NestAuthVerifyForgotPasswordOtpRequestDto:{type:"object",properties:{email:{type:"string",description:"User email address (required if phone not provided)",example:"user@example.com"},phone:{type:"string",description:"User phone number (required if email not provided)",example:"+1234567890"},code:{type:"string",description:"Verification or magic-link code (matches OTP entity `code`)",example:"123456",minLength:6,maxLength:8},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"}},required:["code"]},VerifyOtpResponseDto:{type:"object",properties:{message:{type:"string",description:"Success message"},resetToken:{type:"string",description:"Password reset token - use this to reset password"}},required:["message"]},NestAuthResetPasswordWithTokenRequestDto:{type:"object",properties:{token:{type:"string",description:"Password reset token (JWT) received after OTP verification",example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0eXBlIjoicGFzc3dvcmQtcmVzZXQifQ.xyz"},newPassword:{type:"string",description:"New password",example:"NewSecurePass123!",minLength:8}},required:["token","newPassword"]},NestAuthPasswordResetResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Password has been reset successfully"}},required:["message"]},NestAuthSendEmailVerificationRequestDto:{type:"object",properties:{tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"}}},NestAuthEmailVerificationSentResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Verification email sent"}},required:["message"]},NestAuthVerifyEmailRequestDto:{type:"object",properties:{code:{type:"string",description:"Verification code received via email",example:"123456",minLength:6,maxLength:8},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"}},required:["code"]},NestAuthEmailVerifiedResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Email verified successfully"}},required:["message"]},NestAuthSendPhoneVerificationRequestDto:{type:"object",properties:{tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"}}},NestAuthPhoneVerificationSentResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Verification SMS sent"}},required:["message"]},NestAuthVerifyPhoneRequestDto:{type:"object",properties:{code:{type:"string",description:"Verification code received via SMS (matches OTP entity `code`)",example:"123456",minLength:6,maxLength:8},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"}},required:["code"]},NestAuthPhoneVerifiedResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Phone verified successfully"}},required:["message"]},MfaDeviceDto:{type:"object",properties:{id:{type:"string",description:"Unique identifier of the MFA device",example:"4b3c9c9c-9a9d-4d1e-8d9f-123456789abc"},deviceName:{type:"string",description:"Friendly name of the registered device",example:"Work laptop"},method:{type:"string",description:"MFA method this device supports",enum:["email","sms","totp"],example:"totp"},lastUsedAt:{format:"date-time",type:"string",description:"Timestamp of when the device was last used",example:"2024-05-20T12:34:56.000Z"},verified:{type:"boolean",description:"Whether the device setup has been verified",example:!0},createdAt:{format:"date-time",type:"string",description:"Timestamp of when the device was registered",example:"2024-05-18T10:15:00.000Z"}},required:["id","deviceName","method","verified"]},MfaStatusResponseDto:{type:"object",properties:{isEnabled:{type:"boolean",description:"Whether MFA is currently enabled for the user",example:!0},verifiedMethods:{type:"array",description:"MFA methods the user has verified and can currently use (includes EMAIL/SMS if configured, and TOTP if user has verified device)",example:["email","totp"],items:{type:"string",enum:["email","sms","totp"]}},configuredMethods:{type:"array",description:"All MFA methods configured and available in the application (methods user can potentially set up)",example:["email","totp","sms"],items:{type:"string",enum:["email","sms","totp"]}},allowUserToggle:{type:"boolean",description:"Indicates if MFA toggling is allowed for the user",example:!0},allowMethodSelection:{type:"boolean",description:"Indicates if users can choose their preferred MFA method",example:!0},totpDevices:{description:"Registered TOTP devices for the user",type:"array",items:{$ref:"#/components/schemas/MfaDeviceDto"}},hasRecoveryCode:{type:"boolean",description:"Whether a recovery code has been generated for the user",example:!1},required:{type:"boolean",description:"Whether MFA is required for all users. If true, users cannot disable MFA even if allowUserToggle is true",example:!1},canToggle:{type:"boolean",description:"Whether the user can toggle MFA. This is false if MFA is required (required=true) even if allowUserToggle is true",example:!0}},required:["isEnabled","verifiedMethods","configuredMethods","allowUserToggle","allowMethodSelection","totpDevices","hasRecoveryCode","required","canToggle"]},NestAuthToggleMfaRequestDto:{type:"object",properties:{enabled:{type:"boolean",description:"Whether MFA should be enabled for the current user",example:!0}},required:["enabled"]},NestAuthMfaToggleResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"MFA enabled successfully"}},required:["message"]},NestAuthMfaDeviceRemovedResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Device removed successfully"}},required:["message"]},NestAuthSendMfaCodeRequestDto:{type:"object",properties:{method:{description:"MFA delivery method",example:"email",examples:{email:{value:"email",description:"Send OTP via email"},sms:{value:"sms",description:"Send OTP via SMS"},totp:{value:"totp",description:"Use authenticator app (TOTP)"}},allOf:[{$ref:"#/components/schemas/NestAuthMFAMethodEnum"}]}},required:["method"]},NestAuthVerifyTotpSetupRequestDto:{type:"object",properties:{otp:{type:"string",description:"The TOTP code from authenticator app",example:"123456",minLength:6,maxLength:6},secret:{type:"string",description:"Secret key from TOTP setup",example:"JBSWY3DPEHPK3PXP"}},required:["otp","secret"]},NestAuthMfaDeviceVerifiedResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Device setup successfully"}},required:["message"]},NestAuthMfaResetResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"MFA reset successfully"}},required:["message"]},AdminSignupDto:{type:"object",properties:{email:{type:"string",description:"Admin email address",example:"admin@example.com"},password:{type:"string",description:"Admin password (minimum 8 characters, must contain uppercase, lowercase, number, and special character)",example:"SecurePassword123!",minLength:8},secretKey:{type:"string",description:"Secret key for authorization (provided in module configuration)",example:"your-secret-key"},name:{type:"string",description:"Admin name (optional)",example:"Admin User"},metadata:{type:"object",description:"Additional metadata for the admin user (optional)",example:{department:"IT",role:"super-admin"}}},required:["email","password","secretKey"]},AdminLoginDto:{type:"object",properties:{}},CreateDashboardAdminDto:{type:"object",properties:{}},UpdateDashboardAdminDto:{type:"object",properties:{}},AdminResetPasswordDto:{type:"object",properties:{}},AdminCreateUserDto:{type:"object",properties:{}},AdminUpdateUserDto:{type:"object",properties:{}},AdminCreateRoleDto:{type:"object",properties:{}},AdminUpdateRoleDto:{type:"object",properties:{}},AdminCreateTenantDto:{type:"object",properties:{}},AdminUpdateTenantDto:{type:"object",properties:{}},AdminCreatePermissionDto:{type:"object",properties:{name:{type:"string",description:"Permission name (must be unique per guard)",example:"users.create",minLength:1,maxLength:255},guard:{type:"string",description:'Guard name (defaults to "web" if not provided)',example:"web"},description:{type:"string",description:"Optional description of what this permission allows",example:"Allows creating new user accounts"},category:{type:"string",description:'Optional category to group permissions (e.g., "users", "posts", "admin")',example:"users"}},required:["name"]},AdminUpdatePermissionDto:{type:"object",properties:{name:{type:"string",description:"Permission name (must be unique per guard if changed)",example:"users.create"},category:{type:"string",description:"Optional category to group permissions"},description:{type:"string",description:"Optional description of what this permission allows"}}}}},Otn={openapi:htn,paths:mtn,info:gtn,tags:btn,servers:ytn,components:vtn},v6=({content:e})=>E.jsx(DYt,{remarkPlugins:[FM],components:{code({node:t,inline:n,className:r,children:a,...i}){const o=/language-(\w+)/.exec(r||"");return!n&&o?E.jsx(s7e,{...i,style:ltn,language:o[1],PreTag:"div",customStyle:{margin:0,borderRadius:"0.5rem",fontSize:"0.875rem"},children:String(a).replace(/\n$/,"")}):E.jsx("code",{...i,style:{backgroundColor:"var(--mui-palette-grey-200)",color:"var(--mui-palette-grey-800)",borderRadius:4,padding:"2px 4px",fontSize:"0.875rem",fontFamily:"monospace"},children:a})},table({children:t}){return E.jsx(Qe,{sx:{overflowX:"auto",my:2,border:"1px solid",borderColor:"divider",borderRadius:1},children:E.jsx(Qe,{component:"table",sx:{minWidth:"100%",borderCollapse:"collapse","& tr":{borderBottom:"1px solid",borderColor:"divider"}},children:t})})},thead({children:t}){return E.jsx(Qe,{component:"thead",sx:{bgcolor:"grey.50"},children:t})},th({children:t}){return E.jsx(Qe,{component:"th",scope:"col",sx:{px:1.5,py:1.5,textAlign:"left",fontSize:"0.75rem",fontWeight:500,color:"text.secondary",textTransform:"uppercase",letterSpacing:"0.05em"},children:t})},td({children:t}){return E.jsx(Qe,{component:"td",sx:{px:1.5,py:1.5,whiteSpace:"nowrap",fontSize:"0.875rem",color:"text.secondary",borderTop:"1px solid",borderColor:"divider"},children:t})},a({href:t,children:n}){return E.jsx("a",{href:t,style:{color:"var(--mui-palette-primary-main)",textDecoration:"none"},className:"MuiTypography-root MuiLink-root",onMouseOver:r=>{r.currentTarget.style.textDecoration="underline"},onMouseOut:r=>{r.currentTarget.style.textDecoration="none"},target:"_blank",rel:"noopener noreferrer",children:n})},h2({children:t}){return E.jsx(Be,{component:"h2",variant:"h5",sx:{fontWeight:700,mt:3,mb:1.5,pb:1,borderBottom:"1px solid",borderColor:"divider"},children:t})},h3({children:t}){return E.jsx(Be,{component:"h3",variant:"h6",sx:{fontWeight:600,mt:2,mb:1},children:t})},p({children:t}){return E.jsx(Be,{component:"p",sx:{color:"text.primary",lineHeight:1.6,mb:1.5},children:t})},ul({children:t}){return E.jsx(Qe,{component:"ul",sx:{listStyle:"disc",pl:2,mb:1.5,color:"text.primary","& li":{mb:.5}},children:t})},li({children:t}){return E.jsx(Qe,{component:"li",sx:{ml:1},children:t})},blockquote({children:t}){return E.jsx(Qe,{component:"blockquote",sx:{borderLeft:"4px solid",borderColor:"primary.main",pl:1.5,py:.5,my:1.5,bgcolor:"primary.50",color:"text.primary",fontStyle:"italic",borderRadius:"0 4px 4px 0"},children:t})}},children:e}),xtn=()=>{const[e,t]=L.useState(!1),[n,r]=L.useState(null),[a,i]=L.useState("api");L.useEffect(()=>{const l=Otn||{};!l||!l.paths||Object.keys(l.paths||{}).length===0?t(!0):r(l)},[]);const o=()=>{if(!n)return;const l=JSON.stringify(n,null,2),c=new Blob([l],{type:"application/json"}),u=URL.createObjectURL(c),d=document.createElement("a");d.href=u,d.download="nest-auth-api.json",document.body.appendChild(d),d.click(),document.body.removeChild(d),URL.revokeObjectURL(u)},s=[{id:"api",label:"API Explorer",icon:jW},{id:"config",label:"Configuration",icon:dwt},{id:"examples",label:"Examples",icon:Zge},{id:"events",label:"Events",icon:ywt},{id:"api-reference",label:"API Reference",icon:JSt},{id:"services",label:"Services",icon:Zge}];return E.jsxs(St,{spacing:3,children:[E.jsx(z1,{title:"API Documentation",description:"Comprehensive guide and interactive API documentation.",action:a==="api"&&E.jsx(Sn,{variant:"outlined",color:"inherit",onClick:o,disabled:e,startIcon:E.jsx(mt,{component:iwt}),children:"Download JSON"})}),E.jsx(r5e,{value:a,onChange:(l,c)=>i(c),variant:"scrollable",scrollButtons:"auto",sx:{borderBottom:1,borderColor:"divider"},children:s.map(l=>E.jsx(e5e,{value:l.id,label:l.label,icon:E.jsx(mt,{component:l.icon,sx:{fontSize:16}}),iconPosition:"start"},l.id))}),a==="api"&&(e?E.jsx(Ra,{variant:"outlined",sx:{p:3,textAlign:"center"},children:E.jsxs(fs,{severity:"warning",icon:E.jsx(mt,{component:v2,sx:{fontSize:20}}),sx:{textAlign:"left"},children:[E.jsx(Be,{variant:"subtitle2",gutterBottom:!0,children:"API Documentation Not Available"}),E.jsx(Be,{variant:"body2",children:"The OpenAPI specification file could not be loaded. Make sure the OpenAPI spec has been generated by running the build process."})]})}):E.jsxs(E.Fragment,{children:[E.jsxs(fs,{severity:"info",icon:E.jsx(mt,{component:jW,sx:{fontSize:20}}),children:[E.jsx(Be,{variant:"subtitle2",gutterBottom:!0,children:"Interactive API Documentation"}),E.jsx(Be,{variant:"body2",children:'This documentation is auto-generated from the OpenAPI specification. You can test endpoints directly from this page. Click "Download JSON" to get the raw OpenAPI specification file for importing into Postman or other API tools.'})]}),n&&E.jsx(hZt,{spec:n})]})),a==="config"&&E.jsx(Ra,{variant:"outlined",sx:{p:3},children:E.jsx(v6,{content:ctn})}),a==="examples"&&E.jsx(Ra,{variant:"outlined",sx:{p:3},children:E.jsx(v6,{content:utn})}),a==="events"&&E.jsx(Ra,{variant:"outlined",sx:{p:3},children:E.jsx(v6,{content:dtn})}),a==="api-reference"&&E.jsx(Ra,{variant:"outlined",sx:{p:3},children:E.jsx(v6,{content:ptn})}),a==="services"&&E.jsx(Ra,{variant:"outlined",sx:{p:3},children:E.jsx(v6,{content:ftn})})]})},$g=({children:e,authenticated:t})=>t===null?E.jsx(Qe,{sx:{minHeight:"100vh",bgcolor:"grey.50",display:"flex",alignItems:"center",justifyContent:"center"},children:E.jsxs(Qe,{sx:{textAlign:"center"},children:[E.jsx(e0,{size:64,sx:{mb:2}}),E.jsx(Be,{color:"text.secondary",fontWeight:"medium",children:"Verifying authentication..."})]})}):t?E.jsx(E.Fragment,{children:e}):E.jsx(ix,{to:"/login",replace:!0}),Stn=()=>{const[e,t]=L.useState(null),[n,r]=L.useState(null),[a,i]=L.useState(!1),[o,s]=L.useState(null);L.useEffect(()=>{l()},[]);const l=async()=>{try{await wr.get("/me"),t(!0);const d=await wr.get("/config");r(d)}catch(d){const p=d instanceof b_e?d.status:void 0;p===401||p===403||console.error("Auth check failed:",d),t(!1);try{const h=await wr.get("/config");r(h)}catch(h){console.error("Failed to load config:",h),r({allowAdminManagement:!1})}}finally{i(!0)}},c=async d=>{s(null);try{await wr.post("/login",d),t(!0),await l()}catch(p){throw t(!1),s((p==null?void 0:p.message)||"Login failed"),p}},u=async()=>{try{await wr.post("/logout",{})}catch(d){console.error("Logout failed:",d)}t(!1)};return!a||n===null?E.jsx(Qe,{sx:{minHeight:"100vh",background:"linear-gradient(135deg, #f0f9ff 0%, #e0f2fe 50%, #e9d5ff 100%)",display:"flex",alignItems:"center",justifyContent:"center"},children:E.jsxs(Qe,{sx:{textAlign:"center"},children:[E.jsx(e0,{size:64,sx:{color:"primary.main",mb:2}}),E.jsx(Be,{color:"text.primary",fontWeight:"medium",variant:"h6",children:"Loading Nest Auth Dashboard..."}),E.jsx(Be,{color:"text.secondary",variant:"body2",sx:{mt:1},children:"Verifying authentication"})]})}):E.jsx(QSt,{children:E.jsx(XSt,{children:E.jsx(g1t,{children:E.jsxs(l1t,{children:[E.jsx(Md,{path:"/login",element:e?E.jsx(ix,{to:"/dashboard",replace:!0}):E.jsx(Y4t,{onLogin:c,error:o})}),E.jsx(Md,{path:"/dashboard",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(mWt,{})})})}),E.jsx(Md,{path:"/users",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(xWt,{})})})}),E.jsx(Md,{path:"/users/:id",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(UWt,{})})})}),E.jsx(Md,{path:"/roles",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(GWt,{})})})}),E.jsx(Md,{path:"/tenants",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(KWt,{})})})}),E.jsx(Md,{path:"/permissions",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(cZt,{})})})}),E.jsx(Md,{path:"/api",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(xtn,{})})})}),n.allowAdminManagement&&E.jsx(Md,{path:"/admins",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(nZt,{})})})}),E.jsx(Md,{path:"/",element:e?E.jsx(ix,{to:"/dashboard",replace:!0}):E.jsx(ix,{to:"/login",replace:!0})}),E.jsx(Md,{path:"*",element:e?E.jsx(ix,{to:"/dashboard",replace:!0}):E.jsx(ix,{to:"/login",replace:!0})})]})})})})},wtn={defaultProps:{color:"transparent"},styleOverrides:{root:{boxShadow:"none"}}},Etn={MuiAppBar:wtn},ktn={styleOverrides:{paper:({theme:e})=>({boxShadow:e.customShadows.dropdown})}},Ttn={MuiAutocomplete:ktn},Atn=["primary","secondary","info","success","warning","error"],_tn=e=>{const t=e.charAt(0).toLowerCase();return["a","c","f"].includes(t)?"primary":["e","d","h"].includes(t)?"secondary":["i","k","l"].includes(t)?"info":["m","n","p"].includes(t)?"success":["q","s","t"].includes(t)?"warning":["v","x","y"].includes(t)?"error":"default"},SOe={colors:Atn.map(e=>({props:({ownerState:t})=>t.color===e,style:({theme:t})=>({color:t.palette[e].contrastText,backgroundColor:t.palette[e].main})})),defaultColor:[{props:({ownerState:e})=>e.color==="default",style:({theme:e})=>({color:e.palette.text.secondary,backgroundColor:ir(e.palette.grey[500],.5)})}]},Ctn={variants:[...SOe.defaultColor,...SOe.colors],styleOverrides:{rounded:({theme:e})=>({borderRadius:(Number(e.shape.borderRadius)||1)*1.5}),colorDefault:({ownerState:e,theme:t})=>{const n=_tn(`${e.alt}`);return{...!!e.alt&&{...n!=="default"?{color:t.palette[n].contrastText,backgroundColor:t.palette[n].main}:{color:t.palette.text.secondary,backgroundColor:ir(t.palette.grey[500],.1)}}}}}},$tn={defaultProps:{max:4},styleOverrides:{root:({ownerState:e})=>({justifyContent:"flex-end",...e.variant==="compact"&&{width:40,height:40,position:"relative",[`& .${Evt.avatar}`]:{margin:0,width:28,height:28,position:"absolute","&:first-of-type":{left:0,bottom:0,zIndex:9},"&:last-of-type":{top:0,right:0}}}}),avatar:({theme:e})=>({fontSize:16,fontWeight:e.typography.fontWeightSemiBold,"&:first-of-type":{fontSize:12,color:e.palette.primary.dark,backgroundColor:e.palette.primary.lighter}})}},Itn={MuiAvatar:Ctn,MuiAvatarGroup:$tn},Rtn={styleOverrides:{root:{},sizeSmall:{[`& .${Wme.root}`]:{height:12,width:12}},sizeLarge:{[`& .${Wme.root}`]:{height:18,width:18}}}},Ptn={MuiButton:Rtn},Ntn={styleOverrides:{root:({theme:e})=>({position:"relative",boxShadow:e.customShadows.card,zIndex:0})}},Dtn={defaultProps:{titleTypographyProps:{variant:"h6"},subheaderTypographyProps:{variant:"body2",marginTop:"4px"}},styleOverrides:{root:({theme:e})=>({padding:e.spacing(1.5,2,1.5),[e.breakpoints.down("md")]:{padding:e.spacing(2,2,.5)}}),action:{alignSelf:"center"}}},Mtn={styleOverrides:{root:({theme:e})=>({padding:e.spacing(2),[e.breakpoints.down("md")]:{padding:e.spacing(2)}})}},Ltn={styleOverrides:{root:({theme:e})=>({padding:e.spacing(2),[e.breakpoints.down("md")]:{padding:e.spacing(2)}})}},jtn={MuiCard:Ntn,MuiCardHeader:Dtn,MuiCardContent:Mtn,MuiCardActions:Ltn};function Btn(e){return E.jsx(FS,{...e,children:E.jsx("path",{d:"M17.9 2.318A5 5 0 0 1 22.895 7.1l.005.217v10a5 5 0 0 1-4.783 4.995l-.217.005h-10a5 5 0 0 1-4.995-4.783l-.005-.217v-10a5 5 0 0 1 4.783-4.996l.217-.004h10Zm-.5 1.5h-9a4 4 0 0 0-4 4v9a4 4 0 0 0 4 4h9a4 4 0 0 0 4-4v-9a4 4 0 0 0-4-4Z"})})}function Ftn(e){return E.jsx(FS,{...e,children:E.jsx("path",{d:"M17 2a5 5 0 0 1 5 5v10a5 5 0 0 1-5 5H7a5 5 0 0 1-5-5V7a5 5 0 0 1 5-5Zm-1.625 7.255-4.13 4.13-1.75-1.75a.881.881 0 0 0-1.24 0c-.34.34-.34.89 0 1.24l2.38 2.37c.17.17.39.25.61.25.23 0 .45-.08.62-.25l4.75-4.75c.34-.34.34-.89 0-1.24a.881.881 0 0 0-1.24 0Z"})})}function Utn(e){return E.jsx(FS,{...e,children:E.jsx("path",{d:"M17,2 C19.7614,2 22,4.23858 22,7 L22,7 L22,17 C22,19.7614 19.7614,22 17,22 L17,22 L7,22 C4.23858,22 2,19.7614 2,17 L2,17 L2,7 C2,4.23858 4.23858,2 7,2 L7,2 Z M15,11 L9,11 C8.44772,11 8,11.4477 8,12 C8,12.5523 8.44772,13 9,13 L15,13 C15.5523,13 16,12.5523 16,12 C16,11.4477 15.5523,11 15,11 Z"})})}const ztn={defaultProps:{size:"small",icon:E.jsx(Btn,{}),checkedIcon:E.jsx(Ftn,{}),indeterminateIcon:E.jsx(Utn,{})},styleOverrides:{root:({ownerState:e,theme:t})=>({padding:t.spacing(1),...e.color==="default"&&{[`&.${nS.checked}`]:{color:t.palette.text.primary}},[`&.${nS.disabled}`]:{color:t.palette.action.disabled}})}},Htn={MuiCheckbox:ztn},Vtn={defaultProps:{onClick:()=>{}},variants:[{props:{size:"x-small"},style:{height:18,fontSize:"0.6875rem",px:.2}}]},qtn={MuiChip:Vtn},poe=["primary","secondary","info","success","warning","error"],l7e=["default","inherit"],Wtn=["extended","outlinedExtended","softExtended"],wOe=["circular","extended"],EOe=["outlined","outlinedExtended"],kOe=["soft","softExtended"],FO={colors:poe.map(e=>({props:({ownerState:t})=>!(t!=null&&t.disabled)&&wOe.includes(t==null?void 0:t.variant)&&t.color===e,style:({theme:t})=>({boxShadow:t.customShadows[e],"&:hover":{boxShadow:"none"}})})),base:[{props:({ownerState:e})=>wOe.includes(e==null?void 0:e.variant)&&l7e.includes(e==null?void 0:e.color),style:({theme:e})=>({boxShadow:e.customShadows.z8,color:e.palette.grey[800],backgroundColor:e.palette.grey[300],"&:hover":{boxShadow:"none",backgroundColor:e.palette.grey[400]},[`&.${ZS.colorInherit}`]:{color:e.palette.common.white,backgroundColor:e.palette.text.primary,"&:hover":{backgroundColor:e.palette.grey[700]},...e.palette.mode==="dark"&&{color:e.palette.grey[800],"&:hover":{backgroundColor:e.palette.grey[400]}}}})}]},UO={colors:poe.map(e=>({props:({ownerState:t})=>!(t!=null&&t.disabled)&&EOe.includes(t==null?void 0:t.variant)&&t.color===e,style:({theme:t})=>({color:t.palette[e].main,border:`solid 1px ${ir(t.palette[e].main,.48)}`,"&:hover":{backgroundColor:ir(t.palette[e].main,.08)}})})),base:[{props:({ownerState:e})=>EOe.includes(e==null?void 0:e.variant),style:({theme:e})=>({boxShadow:"none",backgroundColor:"transparent",color:e.palette.text.secondary,border:`solid 1px ${ir(e.palette.grey[500],.32)}`,"&:hover":{borderColor:"currentColor",boxShadow:"0 0 0 0.75px currentColor",backgroundColor:e.palette.action.hover},[`&.${ZS.colorInherit}`]:{color:e.palette.text.primary},[`&.${ZS.disabled}`]:{backgroundColor:"transparent",border:`1px solid ${e.palette.action.disabledBackground}`}})}]},zO={colors:poe.map(e=>({props:({ownerState:t})=>!(t!=null&&t.disabled)&&kOe.includes(t==null?void 0:t.variant)&&t.color===e,style:({theme:t})=>({boxShadow:"none",color:t.palette[e].dark,backgroundColor:ir(t.palette[e].main,.16),"&:hover":{boxShadow:"none",backgroundColor:ir(t.palette[e].main,.32)},...t.palette.mode==="dark"&&{color:t.palette[e].light}})})),base:[{props:({ownerState:e})=>kOe.includes(e==null?void 0:e.variant)&&l7e.includes(e==null?void 0:e.color),style:({theme:e})=>({boxShadow:"none",color:e.palette.grey[800],backgroundColor:e.palette.grey[300],"&:hover":{boxShadow:"none",backgroundColor:e.palette.grey[400]},[`&.${ZS.colorInherit}`]:{color:e.palette.text.primary,backgroundColor:ir(e.palette.grey[500],.08),"&:hover":{backgroundColor:ir(e.palette.grey[500],.24)}}})}]},Ztn=[{props:({ownerState:e})=>Wtn.includes(e==null?void 0:e.variant),style:({theme:e})=>({height:48,width:"auto",minHeight:48,borderRadius:48/2,gap:e.spacing(1),padding:e.spacing(0,2),[`&.${ZS.sizeSmall}`]:{height:36,minHeight:36,borderRadius:36/2,gap:e.spacing(.5),padding:e.spacing(0,1)},[`&.${ZS.sizeMedium}`]:{height:40,minHeight:40,borderRadius:40/2}})},{props:({ownerState:e})=>e.size==="x-small",style:({theme:e})=>({height:30,width:30,minHeight:30,borderRadius:30/2,gap:e.spacing(.5),padding:e.spacing(0,1)})}],Qtn={defaultProps:{color:"primary"},variants:[...(FO==null?void 0:FO.base)??[],...(FO==null?void 0:FO.colors)??[],...(UO==null?void 0:UO.base)??[],...(UO==null?void 0:UO.colors)??[],...(zO==null?void 0:zO.base)??[],...(zO==null?void 0:zO.colors)??[],...Ztn],styleOverrides:{}},Gtn={MuiFab:Qtn},Xtn={styleOverrides:{root:{boxShadow:"none"}}},Ytn={MuiIconButton:Xtn},Ktn={styleOverrides:{root:({theme:e})=>({color:"inherit",minWidth:"auto",marginRight:e.spacing(2)})}},Jtn={styleOverrides:{root:({theme:e})=>({minWidth:"auto",marginRight:e.spacing(2)})}},enn={styleOverrides:{root:({theme:e})=>({color:e.palette.text.primary})}},tnn={defaultProps:{primaryTypographyProps:{typography:"subtitle2",color:"text.primary"},secondaryTypographyProps:{typography:"caption",color:"text.secondary"}},styleOverrides:{root:{margin:0},multiline:{margin:0}}},nnn={MuiListItemIcon:Ktn,MuiListItemAvatar:Jtn,MuiListItemButton:enn,MuiListItemText:tnn},rnn={styleOverrides:{root:({theme:e})=>({...e.typography.body2,padding:e.spacing(.75,1),borderRadius:(Number(e.shape.borderRadius)||1)*.75,"&:not(:last-of-type)":{marginBottom:4},[`&.${sx.selected}`]:{fontWeight:e.typography.fontWeightSemiBold,backgroundColor:e.palette.action.selected,"&:hover":{backgroundColor:e.palette.action.hover}},[`& .${nS.root}`]:{padding:e.spacing(.5),marginLeft:e.spacing(-.5),marginRight:e.spacing(.5)},[`&.${mr.option}[aria-selected="true"]`]:{backgroundColor:e.palette.action.selected,"&:hover":{backgroundColor:e.palette.action.hover}},[`&+.${CW.root}`]:{margin:e.spacing(.5,0)}})}},ann={MuiMenuItem:rnn},inn={defaultProps:{elevation:0},styleOverrides:{root:{backgroundImage:"none"},outlined:({theme:e})=>({borderColor:ir(e.palette.grey[500],.16)})}},onn={MuiPaper:inn},snn={defaultProps:{MenuProps:{PaperProps:{sx:e=>({maxHeight:250,transform:"translateY(4px)",boxShadow:e.customShadows.card})}}}},lnn={MuiSelect:snn},cnn={styleOverrides:{}},unn={MuiSvgIcon:cnn},TOe={dark:'[data-mui-color-scheme="dark"] &'},dnn={styleOverrides:{root:{alignItems:"center"},switchBase:({ownerState:e,theme:t})=>({top:"unset",transform:"translateX(6px)",[`&.${Ai.checked}`]:{[`& .${Ai.thumb}`]:{...e.color==="default"&&{[TOe.dark]:{color:t.palette.grey[800]}}},[`&+.${Ai.track}`]:{opacity:1,...e.color==="default"&&{backgroundColor:t.palette.text.primary}}},[`&.${Ai.disabled}`]:{[`& .${Ai.thumb}`]:{opacity:1,[TOe.dark]:{opacity:.48}},[`&+.${Ai.track}`]:{opacity:.48}}}),track:({theme:e})=>({opacity:1,borderRadius:10,backgroundColor:ir(e.palette.grey[500],.48)}),thumb:({theme:e})=>({color:e.palette.common.white}),sizeMedium:{[`& .${Ai.track}`]:{height:20},[`& .${Ai.thumb}`]:{width:14,height:14}},sizeSmall:{[`& .${Ai.track}`]:{height:16},[`& .${Ai.thumb}`]:{width:10,height:10}}}},pnn={MuiSwitch:dnn},fnn={styleOverrides:{root:({theme:e})=>({position:"relative",scrollbarWidth:"thin",scrollbarColor:`${ir(e.palette.text.disabled,.4)} ${ir(e.palette.text.disabled,.08)}`})}},hnn={styleOverrides:{root:({theme:e})=>({"--palette-TableCell-border":e.palette.divider})}},mnn={styleOverrides:{root:({theme:e})=>({[`&.${LW.selected}`]:{backgroundColor:ir(e.palette.primary.dark,.04),"&:hover":{backgroundColor:ir(e.palette.primary.dark,.08)}},"&:last-of-type":{[`& .${n5e.root}`]:{borderColor:"transparent"}}})}},gnn={styleOverrides:{root:{borderBottomStyle:"dashed"},head:({theme:e})=>({fontSize:14,color:e.palette.text.secondary,fontWeight:e.typography.fontWeightSemiBold,backgroundColor:e.palette.background.neutral}),stickyHeader:({theme:e})=>({backgroundColor:e.palette.background.paper,backgroundImage:`linear-gradient(to bottom, ${e.palette.background.neutral} 0%, ${e.palette.background.neutral} 100%)`}),paddingCheckbox:({theme:e})=>({paddingLeft:e.spacing(1)})}},bnn={defaultProps:{backIconButtonProps:{size:"small"},nextIconButtonProps:{size:"small"}},styleOverrides:{root:({theme:e})=>({width:"100%",[e.breakpoints.down("sm")]:{"& .MuiTablePagination-input":{marginRight:8}}}),toolbar:{height:64},actions:({theme:e})=>({marginRight:8,[e.breakpoints.down("md")]:{marginLeft:16}}),select:({theme:e})=>({paddingLeft:8,"&:focus":{borderRadius:e.shape.borderRadius}}),selectIcon:{right:4,width:16,height:16,top:"calc(50% - 8px)"}}},ynn={MuiTable:hnn,MuiTableRow:mnn,MuiTableCell:gnn,MuiTableContainer:fnn,MuiTablePagination:bnn},vnn={defaultProps:{textColor:"inherit",variant:"scrollable",allowScrollButtonsMobile:!0},styleOverrides:{root:({theme:e})=>({borderBottom:`1px solid ${e.palette.divider}`}),flexContainer:({ownerState:e,theme:t})=>({...e.variant!=="fullWidth"&&{gap:"24px",[t.breakpoints.up("sm")]:{gap:"40px"}}}),indicator:{backgroundColor:"currentColor"}}},Onn={defaultProps:{disableRipple:!0,iconPosition:"start"},styleOverrides:{root:({theme:e})=>({opacity:1,minWidth:48,minHeight:48,padding:e.spacing(1,0),color:e.palette.text.secondary,fontWeight:e.typography.fontWeightMedium,lineHeight:e.typography.body2.lineHeight,[`&.${ku.selected}`]:{color:e.palette.text.primary,fontWeight:e.typography.fontWeightSemiBold}})}},xnn={MuiTabs:vnn,MuiTab:Onn},Snn={...Etn,...Itn,...ynn,...xnn,...nnn,...ann,...Ptn,...onn,...jtn,...Htn,...pnn,...unn,...Ytn,...lnn,...Ttn,...Gtn,...qtn},ls={50:"#FCFDFD",100:"#F9FAFB",200:"#F4F6F8",300:"#DFE3E8",400:"#C4CDD5",500:"#919EAB",600:"#637381",700:"#454F5B",800:"#1C252E",900:"#141A21",lighter:"#F9FAFB",light:"#DFE3E8",main:"#919EAB",dark:"#454F5B",darker:"#161C24",contrastText:"#FFFFFF"},c7e={lighter:"#e0f2fe",light:"#38bdf8",main:"#0284c7",dark:"#0369a1",darker:"#0c4a6e",contrastText:"#FFFFFF"},u7e={lighter:"#f3e8ff",light:"#94a3b8",main:"#64748b",dark:"#475569",darker:"#334155",contrastText:"#FFFFFF"},d7e={lighter:"#dbeafe",light:"#93c5fd",main:"#2563eb",dark:"#1d4ed8",darker:"#1e40af",contrastText:"#FFFFFF"},p7e={lighter:"#dcfce7",light:"#bbf7d0",main:"#16a34a",dark:"#15803d",darker:"#166534",contrastText:"#ffffff"},f7e={lighter:"#fef3c7",light:"#fde68a",main:"#ca8a04",dark:"#a16207",darker:"#854d0e",contrastText:"#1C252E"},h7e={lighter:"#fee2e2",light:"#fecaca",main:"#dc2626",dark:"#b91c1c",darker:"#991b1b",contrastText:"#FFFFFF"},vw={common:{black:"#000000",white:"#FFFFFF"},primary:c7e,secondary:u7e,info:d7e,success:p7e,warning:f7e,error:h7e,grey:ls,divider:ir(ls[500],.2),action:{hover:ir(ls[500],.08),selected:ir(ls[500],.16),disabled:ir(ls[500],.8),disabledBackground:ir(ls[500],.24),focus:ir(ls[500],.24),hoverOpacity:.08,disabledOpacity:.48}},m7e={...vw,text:{primary:ls[800],secondary:ls[600],disabled:ls[500]},background:{paper:"#FFFFFF",default:ir(ls[500],.2),neutral:"#F5F7FA"},action:{...vw.action,active:ls[600]}},g7e={...vw,text:{primary:"#FFFFFF",secondary:ls[500],disabled:ls[600]},background:{paper:ls[800],default:ls[900],neutral:ir(ls[500],.12)},action:{...vw.action,active:ls[500]}};function foe(e){return e==="light"?m7e:g7e}const Pc={light:{palette:m7e},dark:{palette:g7e}};function HO(e){return`0 8px 16px 0 ${ir(e,.24)}`}function MQ(e){const t=e==="light"?ls[500]:vw.common.black;return{z1:`0 1px 2px 0 ${ir(t,.16)}`,z4:`0 4px 8px 0 ${ir(t,.16)}`,z8:`0 8px 16px 0 ${ir(t,.16)}`,z12:`0 12px 24px -4px ${ir(t,.16)}`,z16:`0 16px 32px -4px ${ir(t,.16)}`,z20:`0 20px 40px -4px ${ir(t,.16)}`,z24:`0 24px 48px 0 ${ir(t,.16)}`,dialog:`-40px 40px 80px -8px ${ir(vw.common.black,.24)}`,card:`0 0 2px 0 ${ir(t,.2)}, 0 12px 24px -4px ${ir(t,.12)}`,dropdown:`0 0 2px 0 ${ir(t,.24)}, -20px 20px 40px -4px ${ir(t,.24)}`,primary:HO(c7e.main),secondary:HO(u7e.main),info:HO(d7e.main),success:HO(p7e.main),warning:HO(f7e.main),error:HO(h7e.main)}}function Gz(e){const t=Enn.find(r=>r.name===e);return{palette:{primary:uo.omit(t,["name"])},customShadows:{primary:`0 8px 16px 0 ${ir(`${t==null?void 0:t.main}`,.24)}`}}}const wnn=foe("light"),Enn=[{name:"default",lighter:"#e0f2fe",light:"#38bdf8",main:"#0284c7",dark:"#0369a1",darker:"#0c4a6e",contrastText:"#FFFFFF"},{name:"cyan",lighter:"#CCF4FE",light:"#68CDF9",main:"#078DEE",dark:"#0351AB",darker:"#012972",contrastText:"#FFFFFF"},{name:"purple",lighter:"#EBD6FD",light:"#B985F4",main:"#7635dc",dark:"#431A9E",darker:"#200A69",contrastText:"#FFFFFF"},{name:"blue",lighter:"#D1E9FC",light:"#76B0F1",main:"#2065D1",dark:"#103996",darker:"#061B64",contrastText:"#FFFFFF"},{name:"orange",lighter:"#FEF4D4",light:"#FED680",main:"#fda92d",dark:"#B66816",darker:"#793908",contrastText:wnn.grey[800]},{name:"red",lighter:"#FFE3D5",light:"#FFC1AC",main:"#FF3030",dark:"#B71833",darker:"#7A0930",contrastText:"#FFFFFF"},{name:"green",lighter:"#D8F5E3",light:"#73D13D",main:"#52C41A",dark:"#389E0D",darker:"#237804",contrastText:"#FFFFFF"},{name:"pink",lighter:"#FFE7F1",light:"#FF85C0",main:"#FF1744",dark:"#C2185B",darker:"#880E4F",contrastText:"#FFFFFF"},{name:"indigo",lighter:"#E8EAF6",light:"#7986CB",main:"#3F51B5",dark:"#303F9F",darker:"#1A237E",contrastText:"#FFFFFF"},{name:"teal",lighter:"#E0F2F1",light:"#4DB6AC",main:"#009688",dark:"#00695C",darker:"#004D40",contrastText:"#FFFFFF"}];function knn(e,t){const n={...e&&t==="light"&&{palette:{background:{default:foe(t).grey[100]}}}},r={...e&&{MuiCard:{styleOverrides:{root:{boxShadow:MQ(t).z4}}}}};return{theme:n,components:r}}const b7e=foe("light"),Tnn=b7e.grey[500],Ann=b7e.common.black;function AOe(e){const t=ir(e,.2),n=ir(e,.14),r=ir(e,.12);return["none",`0px 2px 1px -1px ${t},0px 1px 1px 0px ${n},0px 1px 3px 0px ${r}`,`0px 3px 1px -2px ${t},0px 2px 2px 0px ${n},0px 1px 5px 0px ${r}`,`0px 3px 3px -2px ${t},0px 3px 4px 0px ${n},0px 1px 8px 0px ${r}`,`0px 2px 4px -1px ${t},0px 4px 5px 0px ${n},0px 1px 10px 0px ${r}`,`0px 3px 5px -1px ${t},0px 5px 8px 0px ${n},0px 1px 14px 0px ${r}`,`0px 3px 5px -1px ${t},0px 6px 10px 0px ${n},0px 1px 18px 0px ${r}`,`0px 4px 5px -2px ${t},0px 7px 10px 1px ${n},0px 2px 16px 1px ${r}`,`0px 5px 5px -3px ${t},0px 8px 10px 1px ${n},0px 3px 14px 2px ${r}`,`0px 5px 6px -3px ${t},0px 9px 12px 1px ${n},0px 3px 16px 2px ${r}`,`0px 6px 6px -3px ${t},0px 10px 14px 1px ${n},0px 4px 18px 3px ${r}`,`0px 6px 7px -4px ${t},0px 11px 15px 1px ${n},0px 4px 20px 3px ${r}`,`0px 7px 8px -4px ${t},0px 12px 17px 2px ${n},0px 5px 22px 4px ${r}`,`0px 7px 8px -4px ${t},0px 13px 19px 2px ${n},0px 5px 24px 4px ${r}`,`0px 7px 9px -4px ${t},0px 14px 21px 2px ${n},0px 5px 26px 4px ${r}`,`0px 8px 9px -5px ${t},0px 15px 22px 2px ${n},0px 6px 28px 5px ${r}`,`0px 8px 10px -5px ${t},0px 16px 24px 2px ${n},0px 6px 30px 5px ${r}`,`0px 8px 11px -5px ${t},0px 17px 26px 2px ${n},0px 6px 32px 5px ${r}`,`0px 9px 11px -5px ${t},0px 18px 28px 2px ${n},0px 7px 34px 6px ${r}`,`0px 9px 12px -6px ${t},0px 19px 29px 2px ${n},0px 7px 36px 6px ${r}`,`0px 10px 13px -6px ${t},0px 20px 31px 3px ${n},0px 8px 38px 7px ${r}`,`0px 10px 13px -6px ${t},0px 21px 33px 3px ${n},0px 8px 40px 7px ${r}`,`0px 10px 14px -6px ${t},0px 22px 35px 3px ${n},0px 8px 42px 7px ${r}`,`0px 11px 14px -7px ${t},0px 23px 36px 3px ${n},0px 9px 44px 8px ${r}`,`0px 11px 15px -7px ${t},0px 24px 38px 3px ${n},0px 9px 46px 8px ${r}`]}function _nn(e){return AOe(e==="light"?Tnn:Ann)}function kl(e){return`${e/16}rem`}function VO({sm:e,md:t,lg:n}){return{...e?{"@media (min-width:600px)":{fontSize:kl(e)}}:{},...t?{"@media (min-width:900px)":{fontSize:kl(t)}}:{},...n?{"@media (min-width:1200px)":{fontSize:kl(n)}}:{}}}const sy={fontFamily:'"Inter", "Public Sans", "Roboto", "Helvetica", "Arial", sans-serif',fontSecondaryFamily:"Public Sans",fontWeightRegular:400,fontWeightMedium:500,fontWeightSemiBold:600,fontWeightBold:700,h1:{fontWeight:800,lineHeight:80/64,fontSize:kl(40),...VO({sm:36,md:42,lg:48})},h2:{fontWeight:800,lineHeight:64/48,fontSize:kl(32),...VO({sm:32,md:36,lg:40})},h3:{fontWeight:700,lineHeight:1.5,fontSize:kl(24),...VO({sm:26,md:30,lg:32})},h4:{fontWeight:700,lineHeight:1.5,fontSize:kl(20),...VO({sm:20,md:24,lg:24})},h5:{fontWeight:700,lineHeight:1.5,fontSize:kl(18),...VO({sm:19,md:20,lg:20})},h6:{fontWeight:600,lineHeight:28/18,fontSize:kl(17),...VO({sm:18,md:18,lg:18})},subtitle1:{fontWeight:600,lineHeight:1.5,fontSize:kl(16)},subtitle2:{fontWeight:600,lineHeight:22/14,fontSize:kl(14)},body1:{lineHeight:1.5,fontSize:kl(16)},body2:{lineHeight:22/14,fontSize:kl(14)},caption:{lineHeight:1.5,fontSize:kl(12)},overline:{fontWeight:700,lineHeight:1.5,fontSize:kl(12),textTransform:"uppercase"},button:{fontWeight:600,lineHeight:24/14,fontSize:kl(14),textTransform:"none"}};function Cnn(e,t){const[n,r]=L.useState(t);L.useEffect(()=>{const s=$nn(e);s&&r(l=>({...l,...s}))},[e]);const a=L.useCallback(s=>{r(l=>(Inn(e,{...l,...s}),{...l,...s}))},[e]),i=L.useCallback((s,l)=>{a({[s]:l})},[a]),o=L.useCallback(()=>{Rnn(e),r(t)},[t,e]);return{state:n,update:i,reset:o}}const $nn=e=>{let t=null;try{const n=window.localStorage.getItem(e);n&&(t=JSON.parse(n))}catch(n){console.error(n)}return t},Inn=(e,t)=>{try{window.localStorage.setItem(e,JSON.stringify(t))}catch(n){console.error(n)}},Rnn=e=>{try{window.localStorage.removeItem(e)}catch(t){console.error(t)}},Pnn="settings",LQ={colorScheme:"light",contrast:"default",navLayout:"vertical",primaryColor:"default",navColor:"integrate",compactLayout:!1},y7e=L.createContext({});function Nnn({children:e,defaultSettings:t}){const{state:n,update:r,reset:a}=Cnn(Pnn,{...LQ,...t}),[i,o]=L.useState(!1),s=L.useCallback(()=>{o(p=>!p)},[]),l=L.useCallback(()=>{o(!1)},[]),c=L.useCallback(p=>{console.info("Direction change by language:",p)},[]),u=!yA(n,{...LQ,...t}),d=L.useMemo(()=>({...n,onUpdate:r,onChangeDirectionByLang:c,canReset:u,onReset:a,open:i,onToggle:s,onClose:l}),[a,r,n,u,i,l,s,c]);return E.jsx(y7e.Provider,{value:d,children:e})}const Dnn=()=>{const e=L.useContext(y7e);if(!e)throw new Error("useSettingsContext must be use inside SettingsProvider");return e};function Mnn({children:e}){const t=Dnn(),n=knn(t.contrast==="bold",t.colorScheme),r=L.useMemo(()=>({colorSchemes:Pc,shadows:_nn(t.colorScheme),customShadows:MQ(t.colorScheme),shape:{borderRadius:t.compactLayout?4:8},components:{...Snn,...n.components},typography:{...sy,...t.compactLayout&&{h1:{...sy.h1,fontSize:"2rem"},h2:{...sy.h2,fontSize:"1.75rem"},h3:{...sy.h3,fontSize:"1.5rem"},h4:{...sy.h4,fontSize:"1.25rem"},h5:{...sy.h5,fontSize:"1.125rem"},h6:{...sy.h6,fontSize:"1rem"}}},cssVarPrefix:""}),[t.colorScheme,t.contrast,t.compactLayout,n]),a=L.useMemo(()=>{var s,l,c,u,d,p,f,h,m;return{...r,colorSchemes:{...Pc,light:{palette:{...(s=Pc==null?void 0:Pc.light)==null?void 0:s.palette,...Gz(t.primaryColor).palette,...(l=n.theme)==null?void 0:l.palette,background:{...(u=(c=Pc==null?void 0:Pc.light)==null?void 0:c.palette)==null?void 0:u.background,...(p=(d=n.theme)==null?void 0:d.palette)==null?void 0:p.background}}},dark:{palette:{...(f=Pc==null?void 0:Pc.dark)==null?void 0:f.palette,...Gz(t.primaryColor).palette,...t.contrast==="bold"&&{background:{...(m=(h=Pc==null?void 0:Pc.dark)==null?void 0:h.palette)==null?void 0:m.background,default:"#0a0a0a",paper:"#1a1a1a"}}}}},customShadows:{...MQ(t.colorScheme),...Gz(t.primaryColor).customShadows},components:{...r.components,...t.compactLayout&&{MuiCard:{styleOverrides:{root:{padding:"12px"}}},MuiButton:{styleOverrides:{root:{minHeight:"32px",padding:"6px 12px"}}},MuiTextField:{styleOverrides:{root:{"& .MuiInputBase-root":{minHeight:"36px"}}}}}}}},[t,r,n]),i=uD(a),o={modeStorageKey:"theme-mode",defaultMode:LQ.colorScheme};return E.jsxs(Jmt,{theme:i,defaultMode:o.defaultMode,modeStorageKey:o.modeStorageKey,children:[E.jsx(l2t,{}),E.jsx(o_e,{styles:{"*":{"::-webkit-scrollbar":{width:5,height:4}," ::-webkit-scrollbar-track":{background:i.palette.grey[50]},"::-webkit-scrollbar-thumb":{background:i.palette.grey[300],borderRadius:12},"::-webkit-scrollbar-thumb:hover":{background:i.palette.grey[400]}},input:{"&[type=number]":{MozAppearance:"textfield","&::-webkit-outer-spin-button":{margin:0,WebkitAppearance:"none"},"&::-webkit-inner-spin-button":{margin:0,WebkitAppearance:"none"}}},body:{a:{textDecoration:"none",color:"inherit"},...t.compactLayout&&{"& .MuiContainer-root":{paddingTop:"8px !important",paddingBottom:"8px !important"},"& .MuiStack-root":{gap:"8px !important"},"& .MuiBox-root":{padding:"8px"}}}}}),e]})}const _Oe=document.getElementById("root");_Oe&&sq.createRoot(_Oe).render(E.jsx(xe.StrictMode,{children:E.jsx(Nnn,{children:E.jsx(Mnn,{children:E.jsx(Stn,{})})})}));/**
5458
+ - Cookie mode: Sets tokens in HTTP-only cookies and returns success message`,operationId:"AuthController_verify2fa",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthVerify2faRequestDto"}}}},responses:{200:{description:"Header mode: Returns message + tokens in body",content:{"application/json":{schema:{$ref:"#/components/schemas/Verify2faWithTokensResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Verify MFA",tags:["Authentication"]}},"/auth/logout":{post:{operationId:"AuthController_logout",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthLogoutResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Logout",tags:["Authentication"]}},"/auth/logout-all":{post:{operationId:"AuthController_logoutAll",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthLogoutAllResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Logout All",tags:["Authentication"]}},"/auth/switch-tenant":{post:{operationId:"AuthController_switchTenant",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthSwitchTenantRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/AuthWithTokensResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Switch Active Tenant",tags:["Authentication"]}},"/auth/me":{get:{operationId:"AuthController_sessionUserData",parameters:[],responses:{200:{description:"Current user data"},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Get Session User Data and menage extra user data from config",tags:["Authentication"]}},"/auth/change-password":{post:{operationId:"AuthController_changePassword",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthChangePasswordRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/MessageResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Change Password",tags:["Authentication"]}},"/auth/forgot-password":{post:{operationId:"AuthController_forgotPassword",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthForgotPasswordRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthPasswordResetLinkSentResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Forgot password",tags:["Authentication"]}},"/auth/verify-forgot-password-otp":{post:{operationId:"AuthController_verifyForgotPasswordOtp",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthVerifyForgotPasswordOtpRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/VerifyOtpResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Verify Forgot Password OTP and get reset token",tags:["Authentication"]}},"/auth/reset-password":{post:{operationId:"AuthController_resetPassword",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthResetPasswordWithTokenRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthPasswordResetResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Reset password",tags:["Authentication"]}},"/auth/client-config":{get:{description:"Public configuration for clients (tenant mode, auth methods, registration, MFA, etc.). No auth required.",operationId:"AuthController_getClientConfig",parameters:[],responses:{200:{description:"Client configuration"},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Client config",tags:["Authentication"]}},"/auth/accounts":{get:{description:"Cookie-mode account switcher: lists the accounts this browser is logged into, derived from the per-account token cookies it holds (httpOnly tokens are never returned — only id/email/tenant + which is active). Empty unless session.allowMultipleAccounts is enabled.",operationId:"AuthController_listAccounts",parameters:[],responses:{200:{description:"Logged-in accounts for this browser"},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"List logged-in accounts (cookie multi-account)",tags:["Authentication"]}},"/auth/tenants/lookup":{get:{description:"ISOLATED-mode login helper: resolve a tenant slug to its id so the login form can supply the right tenantId (the same email is a distinct account per tenant). Returns minimal public fields; 404 if not found. Broader name search/autocomplete is intentionally left to your app to avoid tenant enumeration.",operationId:"AuthController_lookupTenant",parameters:[{name:"slug",required:!0,in:"query",schema:{type:"string"}}],responses:{200:{description:"The resolved tenant: { id, slug, name }"},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Resolve a tenant by slug (public)",tags:["Authentication"]}},"/auth/user":{get:{operationId:"AuthController_getUser",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/UserResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Get Logged In User",tags:["Authentication"]}},"/auth/verify-session":{get:{description:"Lightweight endpoint to verify if the current session is valid. Returns minimal information without fetching full user data.",operationId:"AuthController_verifySession",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{properties:{valid:{type:"boolean",example:!0},userId:{type:"string",example:"123e4567-e89b-12d3-a456-426614174000"},expiresAt:{type:"string",example:"2024-01-01T12:00:00.000Z"}}}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Verify Session",tags:["Authentication"]}},"/auth/send-email-verification":{post:{operationId:"AuthController_sendEmailVerification",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthSendEmailVerificationRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthEmailVerificationSentResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Send email verification",tags:["Authentication"]}},"/auth/verify-email":{post:{operationId:"AuthController_verifyEmail",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthVerifyEmailRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthEmailVerifiedResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Verify Email",tags:["Authentication"]}},"/auth/send-phone-verification":{post:{operationId:"AuthController_sendPhoneVerification",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthSendPhoneVerificationRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthPhoneVerificationSentResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Send phone verification (SMS OTP)",tags:["Authentication"]}},"/auth/verify-phone":{post:{operationId:"AuthController_verifyPhone",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthVerifyPhoneRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthPhoneVerifiedResponseDto"}}}},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Verify phone number with OTP",tags:["Authentication"]}},"/auth/callback/{provider}":{get:{description:"OAuth callback endpoint for SSO providers. Exchanges authorization code for access token and returns raw SSO user info. Returns HTML page that posts SSO data to parent window and auto-closes.",operationId:"AuthController_ssoCallback",parameters:[{name:"provider",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"SSO Callback",tags:["Authentication"]}},"/auth/mfa/status":{get:{operationId:"MfaController_getStatus",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/MfaStatusResponseDto"}}}},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Get MFA status for the current user",tags:["MFA"]}},"/auth/mfa/toggle":{post:{operationId:"MfaController_toggleMfa",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthToggleMfaRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthMfaToggleResponseDto"}}}},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Enable or disable MFA for the current user",tags:["MFA"]}},"/auth/mfa/devices":{get:{operationId:"MfaController_listDevices",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{type:"array",items:{$ref:"#/components/schemas/MfaDeviceDto"}}}}},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"List registered MFA devices",tags:["MFA"]}},"/auth/mfa/devices/{deviceId}":{delete:{operationId:"MfaController_removeDevice",parameters:[{name:"deviceId",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthMfaDeviceRemovedResponseDto"}}}},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Remove a registered MFA device",tags:["MFA"]}},"/auth/mfa/setup-totp":{post:{operationId:"MfaController_setupTotp",parameters:[],responses:{200:{description:""},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Setup TOTP Device",tags:["MFA"]}},"/auth/mfa/verify-totp-setup":{post:{operationId:"MfaController_verifyTotpSetup",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthVerifyTotpSetupRequestDto"}}}},responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthMfaDeviceVerifiedResponseDto"}}}},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Verify TOTP Setup",tags:["MFA"]}},"/auth/mfa/generate-recovery-code":{post:{operationId:"MfaController_generateRecoveryCodes",parameters:[],responses:{200:{description:""},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Generate Recovery Codes",tags:["MFA"]}},"/auth/mfa/reset-totp":{post:{operationId:"MfaController_resetTotp",parameters:[],responses:{200:{description:"",content:{"application/json":{schema:{$ref:"#/components/schemas/NestAuthMfaResetResponseDto"}}}},400:{description:"Invalid or expired code.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"access-token":[]}],summary:"Reset TOTP Device",tags:["MFA"]}},"/auth/admin/signup":{post:{operationId:"AdminAuthController_signup",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminSignupDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Create an admin (secret-key gated)",tags:["Admin · Console"]}},"/auth/admin/login":{post:{operationId:"AdminAuthController_login",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminLoginDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Admin login (sets the session cookie)",tags:["Admin · Console"]}},"/auth/admin/me":{get:{operationId:"AdminAuthController_me",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Current admin",tags:["Admin · Console"]}},"/auth/admin/logout":{post:{operationId:"AdminAuthController_logout",parameters:[],responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Admin logout",tags:["Admin · Console"]}},"/auth/admin/config":{get:{operationId:"AdminAuthController_publicConfig",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Public admin-console config",tags:["Admin · Console"]}},"/auth/admin/api/stats":{get:{operationId:"AdminAuthController_getDashboardStats",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Dashboard stats",tags:["Admin · Console"]}},"/auth/admin/admins":{get:{operationId:"AdminAuthController_listAdmins",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"List admins",tags:["Admin · Console"]},post:{operationId:"AdminAuthController_createAdmin",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/CreateDashboardAdminDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Create an admin",tags:["Admin · Console"]}},"/auth/admin/admins/{id}":{patch:{operationId:"AdminAuthController_updateAdmin",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/UpdateDashboardAdminDto"}}}},responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Update an admin",tags:["Admin · Console"]},delete:{operationId:"AdminAuthController_deleteAdmin",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Delete an admin",tags:["Admin · Console"]}},"/auth/admin/reset-password":{post:{operationId:"AdminAuthController_resetPassword",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminResetPasswordDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Missing, invalid, or expired authentication.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},summary:"Reset an admin's password",tags:["Admin · Console"]}},"/auth/admin/api/users":{get:{operationId:"AdminUsersController_listUsers",parameters:[{name:"page",required:!0,in:"query",schema:{type:"string"}},{name:"limit",required:!0,in:"query",schema:{type:"string"}},{name:"search",required:!0,in:"query",schema:{type:"string"}},{name:"status",required:!0,in:"query",schema:{type:"string"}},{name:"tenantId",required:!0,in:"query",schema:{type:"string"}},{name:"roleName",required:!0,in:"query",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List users (paginated, cross-tenant; filter by status/tenant/role/search)",tags:["Admin · Users"]},post:{operationId:"AdminUsersController_createUser",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminCreateUserDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Create a user",tags:["Admin · Users"]}},"/auth/admin/api/users/{id}":{get:{operationId:"AdminUsersController_getUser",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Get a user (with roles, sessions, identities)",tags:["Admin · Users"]},patch:{operationId:"AdminUsersController_updateUser",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminUpdateUserDto"}}}},responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Update a user",tags:["Admin · Users"]},delete:{operationId:"AdminUsersController_deleteUser",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Delete a user",tags:["Admin · Users"]}},"/auth/admin/api/users/{id}/totp-devices/{deviceId}":{delete:{operationId:"AdminUsersController_deleteTotpDevice",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}},{name:"deviceId",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Remove a user's TOTP device",tags:["Admin · Users"]}},"/auth/admin/api/users/{id}/sessions":{get:{operationId:"AdminUsersController_listSessions",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List a user's active sessions",tags:["Admin · Users"]},delete:{operationId:"AdminUsersController_revokeAllSessions",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Revoke all of a user's sessions",tags:["Admin · Users"]}},"/auth/admin/api/users/{id}/sessions/{sessionId}":{delete:{operationId:"AdminUsersController_revokeSession",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}},{name:"sessionId",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"User not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Revoke a single user session",tags:["Admin · Users"]}},"/auth/admin/api/roles":{get:{operationId:"AdminRolesController_listRoles",parameters:[{name:"tenantId",required:!0,in:"query",schema:{type:"string"}},{name:"guard",required:!0,in:"query",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Role not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List roles",tags:["Admin · Roles"]},post:{operationId:"AdminRolesController_createRole",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminCreateRoleDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Role not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Create a role",tags:["Admin · Roles"]}},"/auth/admin/api/roles/{id}":{patch:{operationId:"AdminRolesController_updateRole",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminUpdateRoleDto"}}}},responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Role not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Update a role",tags:["Admin · Roles"]},delete:{operationId:"AdminRolesController_deleteRole",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Role not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Delete a role",tags:["Admin · Roles"]}},"/auth/admin/api/tenants":{get:{operationId:"AdminTenantsController_listTenants",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Tenant not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List tenants",tags:["Admin · Tenants"]},post:{operationId:"AdminTenantsController_createTenant",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminCreateTenantDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Tenant not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Create a tenant",tags:["Admin · Tenants"]}},"/auth/admin/api/tenants/{id}":{patch:{operationId:"AdminTenantsController_updateTenant",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminUpdateTenantDto"}}}},responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Tenant not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Update a tenant",tags:["Admin · Tenants"]},delete:{operationId:"AdminTenantsController_deleteTenant",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Tenant not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Delete a tenant",tags:["Admin · Tenants"]}},"/auth/admin/api/permissions":{get:{operationId:"AdminPermissionsController_listPermissions",parameters:[{name:"search",required:!0,in:"query",schema:{type:"string"}},{name:"category",required:!0,in:"query",schema:{type:"string"}},{name:"guard",required:!0,in:"query",schema:{type:"string"}},{name:"limit",required:!0,in:"query",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List permissions",tags:["Admin · Permissions"]},post:{operationId:"AdminPermissionsController_createPermission",parameters:[],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminCreatePermissionDto"}}}},responses:{201:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Create a permission",tags:["Admin · Permissions"]}},"/auth/admin/api/permissions/guards":{get:{operationId:"AdminPermissionsController_getGuards",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List guard namespaces",tags:["Admin · Permissions"]}},"/auth/admin/api/permissions/search":{get:{operationId:"AdminPermissionsController_searchPermissions",parameters:[{name:"q",required:!0,in:"query",schema:{type:"string"}},{name:"guard",required:!0,in:"query",schema:{type:"string"}},{name:"limit",required:!0,in:"query",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Search permissions",tags:["Admin · Permissions"]}},"/auth/admin/api/permissions/categories":{get:{operationId:"AdminPermissionsController_getCategories",parameters:[],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"List permission categories",tags:["Admin · Permissions"]}},"/auth/admin/api/permissions/{id}":{get:{operationId:"AdminPermissionsController_getPermission",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Get a permission",tags:["Admin · Permissions"]},patch:{operationId:"AdminPermissionsController_updatePermission",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],requestBody:{required:!0,content:{"application/json":{schema:{$ref:"#/components/schemas/AdminUpdatePermissionDto"}}}},responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Update a permission",tags:["Admin · Permissions"]},delete:{operationId:"AdminPermissionsController_deletePermission",parameters:[{name:"id",required:!0,in:"path",schema:{type:"string"}}],responses:{200:{description:""},400:{description:"Validation failed (bad input).",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},401:{description:"Admin session missing or invalid.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},403:{description:"Authenticated but not permitted.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}},404:{description:"Permission not found.",content:{"application/json":{schema:{$ref:"#/components/schemas/ApiErrorResponseDto"}}}}},security:[{"admin-session":[]}],summary:"Delete a permission",tags:["Admin · Permissions"]}}},gtn={title:"@ackplus/nest-auth API",description:"Authentication & authorization API for **@ackplus/nest-auth**.\n\n### Conventions\n- **Base URL** — routes are shown relative to your app’s global prefix. The reference example app uses `/api`, so a route like `POST /auth/login` is called at `POST /api/auth/login`.\n- **Auth** — most endpoints require a Bearer access token: `Authorization: Bearer <accessToken>`. The **Admin** endpoints use an httpOnly session cookie set by `POST /auth/admin/login`.\n- **Token modes** — in *header* mode (default) tokens are returned in the response body; in *cookie* mode they are set as httpOnly cookies. Controlled by `accessTokenType`.\n- **Errors** — failures return `{ statusCode, error, message, code }`; the machine-readable `code` is the value to branch on.\n\nBrowse by section in the sidebar: **Authentication**, **Password**, **Verification**, **Passwordless**, **MFA**, and the **Admin** groups.",version:"2.6.0",contact:{}},btn=[{name:"Authentication",description:"Sign up, log in/out, refresh, sessions, password, verification, passwordless, account introspection, tenant switching."},{name:"MFA",description:"Multi-factor: TOTP, email/SMS OTP, recovery codes, trusted devices."},{name:"Admin · Console",description:"Admin sign-in (cookie session), profile, dashboard stats, and managing admins."},{name:"Admin · Users",description:"Cross-tenant user management: list, create, update, delete, sessions, MFA reset."},{name:"Admin · Roles",description:"Create and manage roles + their permissions."},{name:"Admin · Permissions",description:"Create and manage permissions."},{name:"Admin · Tenants",description:"Create and manage tenants."}],ytn=[{url:"/api",description:"Default — your app’s global prefix (the example app uses `api`)"},{url:"/",description:"No global prefix"}],vtn={securitySchemes:{"access-token":{scheme:"bearer",bearerFormat:"JWT",type:"http",description:"Paste an access token from /auth/login"},"admin-session":{type:"apiKey",in:"cookie",name:"nest_auth_admin"}},schemas:{ApiErrorResponseDto:{type:"object",properties:{statusCode:{type:"number",example:401,description:"HTTP status code"},error:{type:"string",example:"Unauthorized",description:"HTTP status text / exception name"},message:{type:"string",example:"Invalid credentials",description:"Human-readable message"},code:{type:"string",example:"INVALID_CREDENTIALS",description:"Stable, machine-readable error code — branch on this, not the message"}},required:["statusCode","error","message","code"]},NestAuthSignupRequestDto:{type:"object",properties:{email:{type:"string",description:"User email address (required if phone not provided)",example:"user@example.com"},phone:{type:"string",description:"User phone number (required if email not provided)",example:"+1234567890"},password:{type:"string",description:"User password",example:"SecurePass123!",minLength:8},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"},guard:{type:"string",description:"Guard context (e.g. admin, web, vendor) for isolation. Deprecated: use client",example:"admin",deprecated:!0}},required:["password"]},AuthWithTokensResponseDto:{type:"object",properties:{accessToken:{type:"string",description:"JWT access token (short-lived)",example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJpYXQiOjE2OTk5OTk5OTksImV4cCI6MTY5OTk5OTk5OX0.xyz"},refreshToken:{type:"string",description:"JWT refresh token (long-lived)",example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVzaCIsImlhdCI6MTY5OTk5OTk5OX0.abc"},message:{type:"string",description:"Success message (added by controller based on configuration)",example:"Login successful"},isRequiresMfa:{type:"boolean",description:"Whether multi-factor authentication is required",example:!1},mustChangePassword:{type:"boolean",description:"True when the user must set a new password before using the app (e.g. an admin-set temporary password). Route them to the change-password screen.",example:!1},mfaMethods:{type:"array",description:"Available MFA methods when isRequiresMfa is true",example:["email","totp"],items:{type:"string",enum:["email","sms","totp"]}},defaultMfaMethod:{type:"string",description:"Default/recommended MFA method",example:"email",enum:["email","sms","totp"]},trustToken:{type:"string",description:"Trust token for trusted device verification",example:"1234567890"}},required:["accessToken","refreshToken","isRequiresMfa"]},NestAuthInviteRequestDto:{type:"object",properties:{email:{type:"string",description:"Email address to invite",example:"member@acme.test"},phone:{type:"string",description:"Phone number to invite",example:"+15551234567"},tenantId:{type:"string",description:"Tenant to invite the member into (ISOLATED: the same email is a distinct account per tenant).",example:"123e4567-e89b-12d3-a456-426614174000"},metadata:{type:"object",description:"Optional metadata stored on a new user and echoed on the invite event for your email template."}}},EmailCredentialsDto:{type:"object",properties:{email:{type:"string",description:"User email address",example:"user@example.com"},password:{type:"string",description:"User password",example:"SecurePass123!",minLength:8}},required:["email","password"]},PhoneCredentialsDto:{type:"object",properties:{phone:{type:"string",description:"User phone number",example:"+1234567890"},password:{type:"string",description:"User password",example:"SecurePass123!",minLength:8}},required:["phone","password"]},SocialCredentialsDto:{type:"object",properties:{token:{type:"string",description:"OAuth token or ID token from social provider",example:"ya29.a0AfH6SMBx1234567890abcdefghijklmnop"},type:{type:"string",description:"How to interpret the supplied token. Required only for Google: `idToken` (default) verifies a Google-signed ID token client-side; `accessToken` calls Google's userinfo endpoint with a Bearer access token. Other providers (Facebook, Apple, GitHub) ignore this field.",example:"idToken",enum:["idToken","accessToken"],default:"idToken"},name:{type:"string",description:"Display name from the provider. Apple only returns the user's name on the FIRST native sign-in, so pass it here to persist it (ignored by other providers).",example:"Ada Lovelace"},nonce:{type:"string",description:"Nonce used for native sign-in replay protection. When provided, it must match the `nonce` claim in the verified Apple identityToken."}},required:["token"]},PasswordlessOtpCredentialsDto:{type:"object",properties:{identifier:{type:"string",description:"Email or phone (same value as in send request)",example:"user@example.com"},channels:{type:"array",description:"Channel(s) to try in order. Use both when the client is unsure whether `identifier` is email or phone.",example:["email","sms"],items:{type:"string",enum:["email","sms"]}},code:{type:"string",description:"One-time code from email or SMS",example:"123456"}},required:["identifier","channels","code"]},NestAuthLoginRequestDto:{type:"object",properties:{providerName:{type:"string",description:"Authentication provider name",example:"email",enum:["email","phone","passwordless","google","facebook","apple","github"],default:"email"},credentials:{description:"Login credentials - type varies by provider",examples:{emailLogin:{summary:"Email + password",value:{email:"user@example.com",password:"SecurePass123!"}},phoneLogin:{summary:"Phone + password",value:{phone:"+1234567890",password:"SecurePass123!"}},passwordlessOtp:{summary:"Passwordless OTP — set providerName to passwordless (after POST /auth/passwordless/send)",value:{providerName:"passwordless",credentials:{identifier:"user@example.com",channels:["email","sms"],code:"123456"}}},socialLogin:{summary:"Social Login (Google/Facebook/etc)",value:{token:"ya29.a0AfH6SMBx...",type:"idToken"}}},oneOf:[{$ref:"#/components/schemas/EmailCredentialsDto"},{$ref:"#/components/schemas/PhoneCredentialsDto"},{$ref:"#/components/schemas/SocialCredentialsDto"},{$ref:"#/components/schemas/PasswordlessOtpCredentialsDto"}]},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"},guard:{type:"string",description:"Guard context (e.g. admin, web, vendor) for isolation. Deprecated: use client",example:"admin",deprecated:!0},createUserIfNotExists:{type:"boolean",description:"Auto-create user if not exists (for social auth)",default:!1},rememberMe:{type:"boolean",description:'"Remember me". In cookie mode, `false` issues SESSION cookies that clear when the browser closes (good for shared devices); `true`/omitted keeps the persistent cookies. The choice is sticky across token refresh. In header mode the client decides persistence by its storage adapter.',default:!0}},required:["credentials"]},NestAuthPasswordlessSendRequestDto:{type:"object",properties:{identifier:{type:"string",description:"Email or phone (per `channel`)",example:"user@example.com"},channel:{type:"string",enum:["email","sms"]},tenantId:{type:"string"}},required:["identifier","channel"]},MessageResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message"}},required:["message"]},NestAuthRefreshTokenRequestDto:{type:"object",properties:{refreshToken:{type:"string",description:"Refresh token to obtain new access token",example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVzaCJ9.abc123"}}},NestAuthMfaCodeSentResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"MFA code sent successfully"}},required:["message"]},NestAuthMFAMethodEnum:{type:"string",enum:["email","sms","totp"]},NestAuthVerify2faRequestDto:{type:"object",properties:{method:{description:"MFA method used",example:"totp",allOf:[{$ref:"#/components/schemas/NestAuthMFAMethodEnum"}]},otp:{type:"string",description:"One-time password code",example:"123456",minLength:6,maxLength:8},trustDevice:{type:"boolean",description:"Whether to trust this device for future logins",example:!0}},required:["method","otp"]},UserResponseDto:{type:"object",properties:{id:{type:"string",description:"User unique identifier",example:"123e4567-e89b-12d3-a456-426614174000"},email:{type:"string",description:"User email address",example:"user@example.com"},phone:{type:"string",description:"User phone number",example:"+1234567890"},emailVerifiedAt:{format:"date-time",type:"string",description:"Email verification status",example:!0},phoneVerifiedAt:{format:"date-time",type:"string",description:"Phone verification status",example:!0},isMfaEnabled:{type:"boolean",description:"Whether MFA is enabled for this user",example:!1},roles:{description:"User roles (role names)",example:["admin","user"],type:"array",items:{type:"string"}},permissions:{description:"User permissions (flattened from roles)",example:["read:users","write:users"],type:"array",items:{type:"string"}},metadata:{type:"object",description:"Additional user metadata",example:{firstName:"John",lastName:"Doe"}},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"tenant-123"}},required:["id","emailVerifiedAt","phoneVerifiedAt"]},Verify2faWithTokensResponseDto:{type:"object",properties:{accessToken:{type:"string",description:"JWT access token (short-lived)",example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJpYXQiOjE2OTk5OTk5OTksImV4cCI6MTY5OTk5OTk5OX0.xyz"},refreshToken:{type:"string",description:"JWT refresh token (long-lived)",example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjMiLCJ0eXBlIjoicmVmcmVzaCIsImlhdCI6MTY5OTk5OTk5OX0.abc"},message:{type:"string",description:"Verification success message (added by controller)",example:"2FA verification successful"},user:{description:"User information with roles and permissions",allOf:[{$ref:"#/components/schemas/UserResponseDto"}]}},required:["accessToken","refreshToken"]},NestAuthLogoutResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Logged out successfully"}},required:["message"]},NestAuthLogoutAllResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Logged out from all devices"}},required:["message"]},NestAuthSwitchTenantRequestDto:{type:"object",properties:{tenantId:{type:"string",description:"Tenant ID to switch into",example:"123e4567-e89b-12d3-a456-426614174000"}},required:["tenantId"]},NestAuthChangePasswordRequestDto:{type:"object",properties:{currentPassword:{type:"string",description:"Current password",example:"DemoOwner1!",minLength:8},newPassword:{type:"string",description:"New password",example:"DemoOwner1!New",minLength:8}},required:["currentPassword","newPassword"]},NestAuthForgotPasswordRequestDto:{type:"object",properties:{email:{type:"string",description:"User email address (required if phone not provided)",example:"user@example.com"},phone:{type:"string",description:"User phone number (required if email not provided)",example:"+1234567890"},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"}}},NestAuthPasswordResetLinkSentResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"If your email is registered, you will receive a password reset link"}},required:["message"]},NestAuthVerifyForgotPasswordOtpRequestDto:{type:"object",properties:{email:{type:"string",description:"User email address (required if phone not provided)",example:"user@example.com"},phone:{type:"string",description:"User phone number (required if email not provided)",example:"+1234567890"},code:{type:"string",description:"Verification or magic-link code (matches OTP entity `code`)",example:"123456",minLength:6,maxLength:8},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"}},required:["code"]},VerifyOtpResponseDto:{type:"object",properties:{message:{type:"string",description:"Success message"},resetToken:{type:"string",description:"Password reset token - use this to reset password"}},required:["message"]},NestAuthResetPasswordWithTokenRequestDto:{type:"object",properties:{token:{type:"string",description:"Password reset token (JWT) received after OTP verification",example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0eXBlIjoicGFzc3dvcmQtcmVzZXQifQ.xyz"},newPassword:{type:"string",description:"New password",example:"NewSecurePass123!",minLength:8}},required:["token","newPassword"]},NestAuthPasswordResetResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Password has been reset successfully"}},required:["message"]},NestAuthSendEmailVerificationRequestDto:{type:"object",properties:{tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"}}},NestAuthEmailVerificationSentResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Verification email sent"}},required:["message"]},NestAuthVerifyEmailRequestDto:{type:"object",properties:{code:{type:"string",description:"Verification code received via email",example:"123456",minLength:6,maxLength:8},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"}},required:["code"]},NestAuthEmailVerifiedResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Email verified successfully"}},required:["message"]},NestAuthSendPhoneVerificationRequestDto:{type:"object",properties:{tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"}}},NestAuthPhoneVerificationSentResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Verification SMS sent"}},required:["message"]},NestAuthVerifyPhoneRequestDto:{type:"object",properties:{code:{type:"string",description:"Verification code received via SMS (matches OTP entity `code`)",example:"123456",minLength:6,maxLength:8},tenantId:{type:"string",description:"Tenant ID for multi-tenant applications",example:"123e4567-e89b-12d3-a456-426614174000"}},required:["code"]},NestAuthPhoneVerifiedResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Phone verified successfully"}},required:["message"]},MfaDeviceDto:{type:"object",properties:{id:{type:"string",description:"Unique identifier of the MFA device",example:"4b3c9c9c-9a9d-4d1e-8d9f-123456789abc"},deviceName:{type:"string",description:"Friendly name of the registered device",example:"Work laptop"},method:{type:"string",description:"MFA method this device supports",enum:["email","sms","totp"],example:"totp"},lastUsedAt:{format:"date-time",type:"string",description:"Timestamp of when the device was last used",example:"2024-05-20T12:34:56.000Z"},verified:{type:"boolean",description:"Whether the device setup has been verified",example:!0},createdAt:{format:"date-time",type:"string",description:"Timestamp of when the device was registered",example:"2024-05-18T10:15:00.000Z"}},required:["id","deviceName","method","verified"]},MfaStatusResponseDto:{type:"object",properties:{isEnabled:{type:"boolean",description:"Whether MFA is currently enabled for the user",example:!0},verifiedMethods:{type:"array",description:"MFA methods the user has verified and can currently use (includes EMAIL/SMS if configured, and TOTP if user has verified device)",example:["email","totp"],items:{type:"string",enum:["email","sms","totp"]}},configuredMethods:{type:"array",description:"All MFA methods configured and available in the application (methods user can potentially set up)",example:["email","totp","sms"],items:{type:"string",enum:["email","sms","totp"]}},allowUserToggle:{type:"boolean",description:"Indicates if MFA toggling is allowed for the user",example:!0},allowMethodSelection:{type:"boolean",description:"Indicates if users can choose their preferred MFA method",example:!0},totpDevices:{description:"Registered TOTP devices for the user",type:"array",items:{$ref:"#/components/schemas/MfaDeviceDto"}},hasRecoveryCode:{type:"boolean",description:"Whether a recovery code has been generated for the user",example:!1},required:{type:"boolean",description:"Whether MFA is required for all users. If true, users cannot disable MFA even if allowUserToggle is true",example:!1},canToggle:{type:"boolean",description:"Whether the user can toggle MFA. This is false if MFA is required (required=true) even if allowUserToggle is true",example:!0}},required:["isEnabled","verifiedMethods","configuredMethods","allowUserToggle","allowMethodSelection","totpDevices","hasRecoveryCode","required","canToggle"]},NestAuthToggleMfaRequestDto:{type:"object",properties:{enabled:{type:"boolean",description:"Whether MFA should be enabled for the current user",example:!0}},required:["enabled"]},NestAuthMfaToggleResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"MFA enabled successfully"}},required:["message"]},NestAuthMfaDeviceRemovedResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Device removed successfully"}},required:["message"]},NestAuthSendMfaCodeRequestDto:{type:"object",properties:{method:{description:"MFA delivery method",example:"email",examples:{email:{value:"email",description:"Send OTP via email"},sms:{value:"sms",description:"Send OTP via SMS"},totp:{value:"totp",description:"Use authenticator app (TOTP)"}},allOf:[{$ref:"#/components/schemas/NestAuthMFAMethodEnum"}]}},required:["method"]},NestAuthVerifyTotpSetupRequestDto:{type:"object",properties:{otp:{type:"string",description:"The TOTP code from authenticator app",example:"123456",minLength:6,maxLength:6},secret:{type:"string",description:"Secret key from TOTP setup",example:"JBSWY3DPEHPK3PXP"}},required:["otp","secret"]},NestAuthMfaDeviceVerifiedResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"Device setup successfully"}},required:["message"]},NestAuthMfaResetResponseDto:{type:"object",properties:{message:{type:"string",description:"Response message",example:"MFA reset successfully"}},required:["message"]},AdminSignupDto:{type:"object",properties:{email:{type:"string",description:"Admin email address",example:"admin@example.com"},password:{type:"string",description:"Admin password (minimum 8 characters, must contain uppercase, lowercase, number, and special character)",example:"SecurePassword123!",minLength:8},secretKey:{type:"string",description:"Secret key for authorization (provided in module configuration)",example:"your-secret-key"},name:{type:"string",description:"Admin name (optional)",example:"Admin User"},metadata:{type:"object",description:"Additional metadata for the admin user (optional)",example:{department:"IT",role:"super-admin"}}},required:["email","password","secretKey"]},AdminLoginDto:{type:"object",properties:{}},CreateDashboardAdminDto:{type:"object",properties:{}},UpdateDashboardAdminDto:{type:"object",properties:{}},AdminResetPasswordDto:{type:"object",properties:{}},AdminCreateUserDto:{type:"object",properties:{}},AdminUpdateUserDto:{type:"object",properties:{}},AdminCreateRoleDto:{type:"object",properties:{}},AdminUpdateRoleDto:{type:"object",properties:{}},AdminCreateTenantDto:{type:"object",properties:{}},AdminUpdateTenantDto:{type:"object",properties:{}},AdminCreatePermissionDto:{type:"object",properties:{name:{type:"string",description:"Permission name (must be unique per guard)",example:"users.create",minLength:1,maxLength:255},guard:{type:"string",description:'Guard name (defaults to "web" if not provided)',example:"web"},description:{type:"string",description:"Optional description of what this permission allows",example:"Allows creating new user accounts"},category:{type:"string",description:'Optional category to group permissions (e.g., "users", "posts", "admin")',example:"users"}},required:["name"]},AdminUpdatePermissionDto:{type:"object",properties:{name:{type:"string",description:"Permission name (must be unique per guard if changed)",example:"users.create"},category:{type:"string",description:"Optional category to group permissions"},description:{type:"string",description:"Optional description of what this permission allows"}}}}},Otn={openapi:htn,paths:mtn,info:gtn,tags:btn,servers:ytn,components:vtn},v6=({content:e})=>E.jsx(DYt,{remarkPlugins:[FM],components:{code({node:t,inline:n,className:r,children:a,...i}){const o=/language-(\w+)/.exec(r||"");return!n&&o?E.jsx(s7e,{...i,style:ltn,language:o[1],PreTag:"div",customStyle:{margin:0,borderRadius:"0.5rem",fontSize:"0.875rem"},children:String(a).replace(/\n$/,"")}):E.jsx("code",{...i,style:{backgroundColor:"var(--mui-palette-grey-200)",color:"var(--mui-palette-grey-800)",borderRadius:4,padding:"2px 4px",fontSize:"0.875rem",fontFamily:"monospace"},children:a})},table({children:t}){return E.jsx(Qe,{sx:{overflowX:"auto",my:2,border:"1px solid",borderColor:"divider",borderRadius:1},children:E.jsx(Qe,{component:"table",sx:{minWidth:"100%",borderCollapse:"collapse","& tr":{borderBottom:"1px solid",borderColor:"divider"}},children:t})})},thead({children:t}){return E.jsx(Qe,{component:"thead",sx:{bgcolor:"grey.50"},children:t})},th({children:t}){return E.jsx(Qe,{component:"th",scope:"col",sx:{px:1.5,py:1.5,textAlign:"left",fontSize:"0.75rem",fontWeight:500,color:"text.secondary",textTransform:"uppercase",letterSpacing:"0.05em"},children:t})},td({children:t}){return E.jsx(Qe,{component:"td",sx:{px:1.5,py:1.5,whiteSpace:"nowrap",fontSize:"0.875rem",color:"text.secondary",borderTop:"1px solid",borderColor:"divider"},children:t})},a({href:t,children:n}){return E.jsx("a",{href:t,style:{color:"var(--mui-palette-primary-main)",textDecoration:"none"},className:"MuiTypography-root MuiLink-root",onMouseOver:r=>{r.currentTarget.style.textDecoration="underline"},onMouseOut:r=>{r.currentTarget.style.textDecoration="none"},target:"_blank",rel:"noopener noreferrer",children:n})},h2({children:t}){return E.jsx(Be,{component:"h2",variant:"h5",sx:{fontWeight:700,mt:3,mb:1.5,pb:1,borderBottom:"1px solid",borderColor:"divider"},children:t})},h3({children:t}){return E.jsx(Be,{component:"h3",variant:"h6",sx:{fontWeight:600,mt:2,mb:1},children:t})},p({children:t}){return E.jsx(Be,{component:"p",sx:{color:"text.primary",lineHeight:1.6,mb:1.5},children:t})},ul({children:t}){return E.jsx(Qe,{component:"ul",sx:{listStyle:"disc",pl:2,mb:1.5,color:"text.primary","& li":{mb:.5}},children:t})},li({children:t}){return E.jsx(Qe,{component:"li",sx:{ml:1},children:t})},blockquote({children:t}){return E.jsx(Qe,{component:"blockquote",sx:{borderLeft:"4px solid",borderColor:"primary.main",pl:1.5,py:.5,my:1.5,bgcolor:"primary.50",color:"text.primary",fontStyle:"italic",borderRadius:"0 4px 4px 0"},children:t})}},children:e}),xtn=()=>{const[e,t]=L.useState(!1),[n,r]=L.useState(null),[a,i]=L.useState("api");L.useEffect(()=>{const l=Otn||{};!l||!l.paths||Object.keys(l.paths||{}).length===0?t(!0):r(l)},[]);const o=()=>{if(!n)return;const l=JSON.stringify(n,null,2),c=new Blob([l],{type:"application/json"}),u=URL.createObjectURL(c),d=document.createElement("a");d.href=u,d.download="nest-auth-api.json",document.body.appendChild(d),d.click(),document.body.removeChild(d),URL.revokeObjectURL(u)},s=[{id:"api",label:"API Explorer",icon:jW},{id:"config",label:"Configuration",icon:dwt},{id:"examples",label:"Examples",icon:Zge},{id:"events",label:"Events",icon:ywt},{id:"api-reference",label:"API Reference",icon:JSt},{id:"services",label:"Services",icon:Zge}];return E.jsxs(St,{spacing:3,children:[E.jsx(z1,{title:"API Documentation",description:"Comprehensive guide and interactive API documentation.",action:a==="api"&&E.jsx(Sn,{variant:"outlined",color:"inherit",onClick:o,disabled:e,startIcon:E.jsx(mt,{component:iwt}),children:"Download JSON"})}),E.jsx(r5e,{value:a,onChange:(l,c)=>i(c),variant:"scrollable",scrollButtons:"auto",sx:{borderBottom:1,borderColor:"divider"},children:s.map(l=>E.jsx(e5e,{value:l.id,label:l.label,icon:E.jsx(mt,{component:l.icon,sx:{fontSize:16}}),iconPosition:"start"},l.id))}),a==="api"&&(e?E.jsx(Ra,{variant:"outlined",sx:{p:3,textAlign:"center"},children:E.jsxs(fs,{severity:"warning",icon:E.jsx(mt,{component:v2,sx:{fontSize:20}}),sx:{textAlign:"left"},children:[E.jsx(Be,{variant:"subtitle2",gutterBottom:!0,children:"API Documentation Not Available"}),E.jsx(Be,{variant:"body2",children:"The OpenAPI specification file could not be loaded. Make sure the OpenAPI spec has been generated by running the build process."})]})}):E.jsxs(E.Fragment,{children:[E.jsxs(fs,{severity:"info",icon:E.jsx(mt,{component:jW,sx:{fontSize:20}}),children:[E.jsx(Be,{variant:"subtitle2",gutterBottom:!0,children:"Interactive API Documentation"}),E.jsx(Be,{variant:"body2",children:'This documentation is auto-generated from the OpenAPI specification. You can test endpoints directly from this page. Click "Download JSON" to get the raw OpenAPI specification file for importing into Postman or other API tools.'})]}),n&&E.jsx(hZt,{spec:n})]})),a==="config"&&E.jsx(Ra,{variant:"outlined",sx:{p:3},children:E.jsx(v6,{content:ctn})}),a==="examples"&&E.jsx(Ra,{variant:"outlined",sx:{p:3},children:E.jsx(v6,{content:utn})}),a==="events"&&E.jsx(Ra,{variant:"outlined",sx:{p:3},children:E.jsx(v6,{content:dtn})}),a==="api-reference"&&E.jsx(Ra,{variant:"outlined",sx:{p:3},children:E.jsx(v6,{content:ptn})}),a==="services"&&E.jsx(Ra,{variant:"outlined",sx:{p:3},children:E.jsx(v6,{content:ftn})})]})},$g=({children:e,authenticated:t})=>t===null?E.jsx(Qe,{sx:{minHeight:"100vh",bgcolor:"grey.50",display:"flex",alignItems:"center",justifyContent:"center"},children:E.jsxs(Qe,{sx:{textAlign:"center"},children:[E.jsx(e0,{size:64,sx:{mb:2}}),E.jsx(Be,{color:"text.secondary",fontWeight:"medium",children:"Verifying authentication..."})]})}):t?E.jsx(E.Fragment,{children:e}):E.jsx(ix,{to:"/login",replace:!0}),Stn=()=>{const[e,t]=L.useState(null),[n,r]=L.useState(null),[a,i]=L.useState(!1),[o,s]=L.useState(null);L.useEffect(()=>{l()},[]);const l=async()=>{try{await wr.get("/me"),t(!0);const d=await wr.get("/config");r(d)}catch(d){const p=d instanceof b_e?d.status:void 0;p===401||p===403||console.error("Auth check failed:",d),t(!1);try{const h=await wr.get("/config");r(h)}catch(h){console.error("Failed to load config:",h),r({allowAdminManagement:!1})}}finally{i(!0)}},c=async d=>{s(null);try{await wr.post("/login",d),t(!0),await l()}catch(p){throw t(!1),s((p==null?void 0:p.message)||"Login failed"),p}},u=async()=>{try{await wr.post("/logout",{})}catch(d){console.error("Logout failed:",d)}t(!1)};return!a||n===null?E.jsx(Qe,{sx:{minHeight:"100vh",background:"linear-gradient(135deg, #f0f9ff 0%, #e0f2fe 50%, #e9d5ff 100%)",display:"flex",alignItems:"center",justifyContent:"center"},children:E.jsxs(Qe,{sx:{textAlign:"center"},children:[E.jsx(e0,{size:64,sx:{color:"primary.main",mb:2}}),E.jsx(Be,{color:"text.primary",fontWeight:"medium",variant:"h6",children:"Loading Nest Auth Dashboard..."}),E.jsx(Be,{color:"text.secondary",variant:"body2",sx:{mt:1},children:"Verifying authentication"})]})}):E.jsx(QSt,{children:E.jsx(XSt,{children:E.jsx(g1t,{children:E.jsxs(l1t,{children:[E.jsx(Md,{path:"/login",element:e?E.jsx(ix,{to:"/dashboard",replace:!0}):E.jsx(Y4t,{onLogin:c,error:o})}),E.jsx(Md,{path:"/dashboard",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(mWt,{})})})}),E.jsx(Md,{path:"/users",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(xWt,{})})})}),E.jsx(Md,{path:"/users/:id",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(UWt,{})})})}),E.jsx(Md,{path:"/roles",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(GWt,{})})})}),E.jsx(Md,{path:"/tenants",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(KWt,{})})})}),E.jsx(Md,{path:"/permissions",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(cZt,{})})})}),E.jsx(Md,{path:"/api",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(xtn,{})})})}),n.allowAdminManagement&&E.jsx(Md,{path:"/admins",element:E.jsx($g,{authenticated:e,children:E.jsx(Ag,{config:n,onLogout:u,children:E.jsx(nZt,{})})})}),E.jsx(Md,{path:"/",element:e?E.jsx(ix,{to:"/dashboard",replace:!0}):E.jsx(ix,{to:"/login",replace:!0})}),E.jsx(Md,{path:"*",element:e?E.jsx(ix,{to:"/dashboard",replace:!0}):E.jsx(ix,{to:"/login",replace:!0})})]})})})})},wtn={defaultProps:{color:"transparent"},styleOverrides:{root:{boxShadow:"none"}}},Etn={MuiAppBar:wtn},ktn={styleOverrides:{paper:({theme:e})=>({boxShadow:e.customShadows.dropdown})}},Ttn={MuiAutocomplete:ktn},Atn=["primary","secondary","info","success","warning","error"],_tn=e=>{const t=e.charAt(0).toLowerCase();return["a","c","f"].includes(t)?"primary":["e","d","h"].includes(t)?"secondary":["i","k","l"].includes(t)?"info":["m","n","p"].includes(t)?"success":["q","s","t"].includes(t)?"warning":["v","x","y"].includes(t)?"error":"default"},SOe={colors:Atn.map(e=>({props:({ownerState:t})=>t.color===e,style:({theme:t})=>({color:t.palette[e].contrastText,backgroundColor:t.palette[e].main})})),defaultColor:[{props:({ownerState:e})=>e.color==="default",style:({theme:e})=>({color:e.palette.text.secondary,backgroundColor:ir(e.palette.grey[500],.5)})}]},Ctn={variants:[...SOe.defaultColor,...SOe.colors],styleOverrides:{rounded:({theme:e})=>({borderRadius:(Number(e.shape.borderRadius)||1)*1.5}),colorDefault:({ownerState:e,theme:t})=>{const n=_tn(`${e.alt}`);return{...!!e.alt&&{...n!=="default"?{color:t.palette[n].contrastText,backgroundColor:t.palette[n].main}:{color:t.palette.text.secondary,backgroundColor:ir(t.palette.grey[500],.1)}}}}}},$tn={defaultProps:{max:4},styleOverrides:{root:({ownerState:e})=>({justifyContent:"flex-end",...e.variant==="compact"&&{width:40,height:40,position:"relative",[`& .${Evt.avatar}`]:{margin:0,width:28,height:28,position:"absolute","&:first-of-type":{left:0,bottom:0,zIndex:9},"&:last-of-type":{top:0,right:0}}}}),avatar:({theme:e})=>({fontSize:16,fontWeight:e.typography.fontWeightSemiBold,"&:first-of-type":{fontSize:12,color:e.palette.primary.dark,backgroundColor:e.palette.primary.lighter}})}},Itn={MuiAvatar:Ctn,MuiAvatarGroup:$tn},Rtn={styleOverrides:{root:{},sizeSmall:{[`& .${Wme.root}`]:{height:12,width:12}},sizeLarge:{[`& .${Wme.root}`]:{height:18,width:18}}}},Ptn={MuiButton:Rtn},Ntn={styleOverrides:{root:({theme:e})=>({position:"relative",boxShadow:e.customShadows.card,zIndex:0})}},Dtn={defaultProps:{titleTypographyProps:{variant:"h6"},subheaderTypographyProps:{variant:"body2",marginTop:"4px"}},styleOverrides:{root:({theme:e})=>({padding:e.spacing(1.5,2,1.5),[e.breakpoints.down("md")]:{padding:e.spacing(2,2,.5)}}),action:{alignSelf:"center"}}},Mtn={styleOverrides:{root:({theme:e})=>({padding:e.spacing(2),[e.breakpoints.down("md")]:{padding:e.spacing(2)}})}},Ltn={styleOverrides:{root:({theme:e})=>({padding:e.spacing(2),[e.breakpoints.down("md")]:{padding:e.spacing(2)}})}},jtn={MuiCard:Ntn,MuiCardHeader:Dtn,MuiCardContent:Mtn,MuiCardActions:Ltn};function Btn(e){return E.jsx(FS,{...e,children:E.jsx("path",{d:"M17.9 2.318A5 5 0 0 1 22.895 7.1l.005.217v10a5 5 0 0 1-4.783 4.995l-.217.005h-10a5 5 0 0 1-4.995-4.783l-.005-.217v-10a5 5 0 0 1 4.783-4.996l.217-.004h10Zm-.5 1.5h-9a4 4 0 0 0-4 4v9a4 4 0 0 0 4 4h9a4 4 0 0 0 4-4v-9a4 4 0 0 0-4-4Z"})})}function Ftn(e){return E.jsx(FS,{...e,children:E.jsx("path",{d:"M17 2a5 5 0 0 1 5 5v10a5 5 0 0 1-5 5H7a5 5 0 0 1-5-5V7a5 5 0 0 1 5-5Zm-1.625 7.255-4.13 4.13-1.75-1.75a.881.881 0 0 0-1.24 0c-.34.34-.34.89 0 1.24l2.38 2.37c.17.17.39.25.61.25.23 0 .45-.08.62-.25l4.75-4.75c.34-.34.34-.89 0-1.24a.881.881 0 0 0-1.24 0Z"})})}function Utn(e){return E.jsx(FS,{...e,children:E.jsx("path",{d:"M17,2 C19.7614,2 22,4.23858 22,7 L22,7 L22,17 C22,19.7614 19.7614,22 17,22 L17,22 L7,22 C4.23858,22 2,19.7614 2,17 L2,17 L2,7 C2,4.23858 4.23858,2 7,2 L7,2 Z M15,11 L9,11 C8.44772,11 8,11.4477 8,12 C8,12.5523 8.44772,13 9,13 L15,13 C15.5523,13 16,12.5523 16,12 C16,11.4477 15.5523,11 15,11 Z"})})}const ztn={defaultProps:{size:"small",icon:E.jsx(Btn,{}),checkedIcon:E.jsx(Ftn,{}),indeterminateIcon:E.jsx(Utn,{})},styleOverrides:{root:({ownerState:e,theme:t})=>({padding:t.spacing(1),...e.color==="default"&&{[`&.${nS.checked}`]:{color:t.palette.text.primary}},[`&.${nS.disabled}`]:{color:t.palette.action.disabled}})}},Htn={MuiCheckbox:ztn},Vtn={defaultProps:{onClick:()=>{}},variants:[{props:{size:"x-small"},style:{height:18,fontSize:"0.6875rem",px:.2}}]},qtn={MuiChip:Vtn},poe=["primary","secondary","info","success","warning","error"],l7e=["default","inherit"],Wtn=["extended","outlinedExtended","softExtended"],wOe=["circular","extended"],EOe=["outlined","outlinedExtended"],kOe=["soft","softExtended"],FO={colors:poe.map(e=>({props:({ownerState:t})=>!(t!=null&&t.disabled)&&wOe.includes(t==null?void 0:t.variant)&&t.color===e,style:({theme:t})=>({boxShadow:t.customShadows[e],"&:hover":{boxShadow:"none"}})})),base:[{props:({ownerState:e})=>wOe.includes(e==null?void 0:e.variant)&&l7e.includes(e==null?void 0:e.color),style:({theme:e})=>({boxShadow:e.customShadows.z8,color:e.palette.grey[800],backgroundColor:e.palette.grey[300],"&:hover":{boxShadow:"none",backgroundColor:e.palette.grey[400]},[`&.${ZS.colorInherit}`]:{color:e.palette.common.white,backgroundColor:e.palette.text.primary,"&:hover":{backgroundColor:e.palette.grey[700]},...e.palette.mode==="dark"&&{color:e.palette.grey[800],"&:hover":{backgroundColor:e.palette.grey[400]}}}})}]},UO={colors:poe.map(e=>({props:({ownerState:t})=>!(t!=null&&t.disabled)&&EOe.includes(t==null?void 0:t.variant)&&t.color===e,style:({theme:t})=>({color:t.palette[e].main,border:`solid 1px ${ir(t.palette[e].main,.48)}`,"&:hover":{backgroundColor:ir(t.palette[e].main,.08)}})})),base:[{props:({ownerState:e})=>EOe.includes(e==null?void 0:e.variant),style:({theme:e})=>({boxShadow:"none",backgroundColor:"transparent",color:e.palette.text.secondary,border:`solid 1px ${ir(e.palette.grey[500],.32)}`,"&:hover":{borderColor:"currentColor",boxShadow:"0 0 0 0.75px currentColor",backgroundColor:e.palette.action.hover},[`&.${ZS.colorInherit}`]:{color:e.palette.text.primary},[`&.${ZS.disabled}`]:{backgroundColor:"transparent",border:`1px solid ${e.palette.action.disabledBackground}`}})}]},zO={colors:poe.map(e=>({props:({ownerState:t})=>!(t!=null&&t.disabled)&&kOe.includes(t==null?void 0:t.variant)&&t.color===e,style:({theme:t})=>({boxShadow:"none",color:t.palette[e].dark,backgroundColor:ir(t.palette[e].main,.16),"&:hover":{boxShadow:"none",backgroundColor:ir(t.palette[e].main,.32)},...t.palette.mode==="dark"&&{color:t.palette[e].light}})})),base:[{props:({ownerState:e})=>kOe.includes(e==null?void 0:e.variant)&&l7e.includes(e==null?void 0:e.color),style:({theme:e})=>({boxShadow:"none",color:e.palette.grey[800],backgroundColor:e.palette.grey[300],"&:hover":{boxShadow:"none",backgroundColor:e.palette.grey[400]},[`&.${ZS.colorInherit}`]:{color:e.palette.text.primary,backgroundColor:ir(e.palette.grey[500],.08),"&:hover":{backgroundColor:ir(e.palette.grey[500],.24)}}})}]},Ztn=[{props:({ownerState:e})=>Wtn.includes(e==null?void 0:e.variant),style:({theme:e})=>({height:48,width:"auto",minHeight:48,borderRadius:48/2,gap:e.spacing(1),padding:e.spacing(0,2),[`&.${ZS.sizeSmall}`]:{height:36,minHeight:36,borderRadius:36/2,gap:e.spacing(.5),padding:e.spacing(0,1)},[`&.${ZS.sizeMedium}`]:{height:40,minHeight:40,borderRadius:40/2}})},{props:({ownerState:e})=>e.size==="x-small",style:({theme:e})=>({height:30,width:30,minHeight:30,borderRadius:30/2,gap:e.spacing(.5),padding:e.spacing(0,1)})}],Qtn={defaultProps:{color:"primary"},variants:[...(FO==null?void 0:FO.base)??[],...(FO==null?void 0:FO.colors)??[],...(UO==null?void 0:UO.base)??[],...(UO==null?void 0:UO.colors)??[],...(zO==null?void 0:zO.base)??[],...(zO==null?void 0:zO.colors)??[],...Ztn],styleOverrides:{}},Gtn={MuiFab:Qtn},Xtn={styleOverrides:{root:{boxShadow:"none"}}},Ytn={MuiIconButton:Xtn},Ktn={styleOverrides:{root:({theme:e})=>({color:"inherit",minWidth:"auto",marginRight:e.spacing(2)})}},Jtn={styleOverrides:{root:({theme:e})=>({minWidth:"auto",marginRight:e.spacing(2)})}},enn={styleOverrides:{root:({theme:e})=>({color:e.palette.text.primary})}},tnn={defaultProps:{primaryTypographyProps:{typography:"subtitle2",color:"text.primary"},secondaryTypographyProps:{typography:"caption",color:"text.secondary"}},styleOverrides:{root:{margin:0},multiline:{margin:0}}},nnn={MuiListItemIcon:Ktn,MuiListItemAvatar:Jtn,MuiListItemButton:enn,MuiListItemText:tnn},rnn={styleOverrides:{root:({theme:e})=>({...e.typography.body2,padding:e.spacing(.75,1),borderRadius:(Number(e.shape.borderRadius)||1)*.75,"&:not(:last-of-type)":{marginBottom:4},[`&.${sx.selected}`]:{fontWeight:e.typography.fontWeightSemiBold,backgroundColor:e.palette.action.selected,"&:hover":{backgroundColor:e.palette.action.hover}},[`& .${nS.root}`]:{padding:e.spacing(.5),marginLeft:e.spacing(-.5),marginRight:e.spacing(.5)},[`&.${mr.option}[aria-selected="true"]`]:{backgroundColor:e.palette.action.selected,"&:hover":{backgroundColor:e.palette.action.hover}},[`&+.${CW.root}`]:{margin:e.spacing(.5,0)}})}},ann={MuiMenuItem:rnn},inn={defaultProps:{elevation:0},styleOverrides:{root:{backgroundImage:"none"},outlined:({theme:e})=>({borderColor:ir(e.palette.grey[500],.16)})}},onn={MuiPaper:inn},snn={defaultProps:{MenuProps:{PaperProps:{sx:e=>({maxHeight:250,transform:"translateY(4px)",boxShadow:e.customShadows.card})}}}},lnn={MuiSelect:snn},cnn={styleOverrides:{}},unn={MuiSvgIcon:cnn},TOe={dark:'[data-mui-color-scheme="dark"] &'},dnn={styleOverrides:{root:{alignItems:"center"},switchBase:({ownerState:e,theme:t})=>({top:"unset",transform:"translateX(6px)",[`&.${Ai.checked}`]:{[`& .${Ai.thumb}`]:{...e.color==="default"&&{[TOe.dark]:{color:t.palette.grey[800]}}},[`&+.${Ai.track}`]:{opacity:1,...e.color==="default"&&{backgroundColor:t.palette.text.primary}}},[`&.${Ai.disabled}`]:{[`& .${Ai.thumb}`]:{opacity:1,[TOe.dark]:{opacity:.48}},[`&+.${Ai.track}`]:{opacity:.48}}}),track:({theme:e})=>({opacity:1,borderRadius:10,backgroundColor:ir(e.palette.grey[500],.48)}),thumb:({theme:e})=>({color:e.palette.common.white}),sizeMedium:{[`& .${Ai.track}`]:{height:20},[`& .${Ai.thumb}`]:{width:14,height:14}},sizeSmall:{[`& .${Ai.track}`]:{height:16},[`& .${Ai.thumb}`]:{width:10,height:10}}}},pnn={MuiSwitch:dnn},fnn={styleOverrides:{root:({theme:e})=>({position:"relative",scrollbarWidth:"thin",scrollbarColor:`${ir(e.palette.text.disabled,.4)} ${ir(e.palette.text.disabled,.08)}`})}},hnn={styleOverrides:{root:({theme:e})=>({"--palette-TableCell-border":e.palette.divider})}},mnn={styleOverrides:{root:({theme:e})=>({[`&.${LW.selected}`]:{backgroundColor:ir(e.palette.primary.dark,.04),"&:hover":{backgroundColor:ir(e.palette.primary.dark,.08)}},"&:last-of-type":{[`& .${n5e.root}`]:{borderColor:"transparent"}}})}},gnn={styleOverrides:{root:{borderBottomStyle:"dashed"},head:({theme:e})=>({fontSize:14,color:e.palette.text.secondary,fontWeight:e.typography.fontWeightSemiBold,backgroundColor:e.palette.background.neutral}),stickyHeader:({theme:e})=>({backgroundColor:e.palette.background.paper,backgroundImage:`linear-gradient(to bottom, ${e.palette.background.neutral} 0%, ${e.palette.background.neutral} 100%)`}),paddingCheckbox:({theme:e})=>({paddingLeft:e.spacing(1)})}},bnn={defaultProps:{backIconButtonProps:{size:"small"},nextIconButtonProps:{size:"small"}},styleOverrides:{root:({theme:e})=>({width:"100%",[e.breakpoints.down("sm")]:{"& .MuiTablePagination-input":{marginRight:8}}}),toolbar:{height:64},actions:({theme:e})=>({marginRight:8,[e.breakpoints.down("md")]:{marginLeft:16}}),select:({theme:e})=>({paddingLeft:8,"&:focus":{borderRadius:e.shape.borderRadius}}),selectIcon:{right:4,width:16,height:16,top:"calc(50% - 8px)"}}},ynn={MuiTable:hnn,MuiTableRow:mnn,MuiTableCell:gnn,MuiTableContainer:fnn,MuiTablePagination:bnn},vnn={defaultProps:{textColor:"inherit",variant:"scrollable",allowScrollButtonsMobile:!0},styleOverrides:{root:({theme:e})=>({borderBottom:`1px solid ${e.palette.divider}`}),flexContainer:({ownerState:e,theme:t})=>({...e.variant!=="fullWidth"&&{gap:"24px",[t.breakpoints.up("sm")]:{gap:"40px"}}}),indicator:{backgroundColor:"currentColor"}}},Onn={defaultProps:{disableRipple:!0,iconPosition:"start"},styleOverrides:{root:({theme:e})=>({opacity:1,minWidth:48,minHeight:48,padding:e.spacing(1,0),color:e.palette.text.secondary,fontWeight:e.typography.fontWeightMedium,lineHeight:e.typography.body2.lineHeight,[`&.${ku.selected}`]:{color:e.palette.text.primary,fontWeight:e.typography.fontWeightSemiBold}})}},xnn={MuiTabs:vnn,MuiTab:Onn},Snn={...Etn,...Itn,...ynn,...xnn,...nnn,...ann,...Ptn,...onn,...jtn,...Htn,...pnn,...unn,...Ytn,...lnn,...Ttn,...Gtn,...qtn},ls={50:"#FCFDFD",100:"#F9FAFB",200:"#F4F6F8",300:"#DFE3E8",400:"#C4CDD5",500:"#919EAB",600:"#637381",700:"#454F5B",800:"#1C252E",900:"#141A21",lighter:"#F9FAFB",light:"#DFE3E8",main:"#919EAB",dark:"#454F5B",darker:"#161C24",contrastText:"#FFFFFF"},c7e={lighter:"#e0f2fe",light:"#38bdf8",main:"#0284c7",dark:"#0369a1",darker:"#0c4a6e",contrastText:"#FFFFFF"},u7e={lighter:"#f3e8ff",light:"#94a3b8",main:"#64748b",dark:"#475569",darker:"#334155",contrastText:"#FFFFFF"},d7e={lighter:"#dbeafe",light:"#93c5fd",main:"#2563eb",dark:"#1d4ed8",darker:"#1e40af",contrastText:"#FFFFFF"},p7e={lighter:"#dcfce7",light:"#bbf7d0",main:"#16a34a",dark:"#15803d",darker:"#166534",contrastText:"#ffffff"},f7e={lighter:"#fef3c7",light:"#fde68a",main:"#ca8a04",dark:"#a16207",darker:"#854d0e",contrastText:"#1C252E"},h7e={lighter:"#fee2e2",light:"#fecaca",main:"#dc2626",dark:"#b91c1c",darker:"#991b1b",contrastText:"#FFFFFF"},vw={common:{black:"#000000",white:"#FFFFFF"},primary:c7e,secondary:u7e,info:d7e,success:p7e,warning:f7e,error:h7e,grey:ls,divider:ir(ls[500],.2),action:{hover:ir(ls[500],.08),selected:ir(ls[500],.16),disabled:ir(ls[500],.8),disabledBackground:ir(ls[500],.24),focus:ir(ls[500],.24),hoverOpacity:.08,disabledOpacity:.48}},m7e={...vw,text:{primary:ls[800],secondary:ls[600],disabled:ls[500]},background:{paper:"#FFFFFF",default:ir(ls[500],.2),neutral:"#F5F7FA"},action:{...vw.action,active:ls[600]}},g7e={...vw,text:{primary:"#FFFFFF",secondary:ls[500],disabled:ls[600]},background:{paper:ls[800],default:ls[900],neutral:ir(ls[500],.12)},action:{...vw.action,active:ls[500]}};function foe(e){return e==="light"?m7e:g7e}const Pc={light:{palette:m7e},dark:{palette:g7e}};function HO(e){return`0 8px 16px 0 ${ir(e,.24)}`}function MQ(e){const t=e==="light"?ls[500]:vw.common.black;return{z1:`0 1px 2px 0 ${ir(t,.16)}`,z4:`0 4px 8px 0 ${ir(t,.16)}`,z8:`0 8px 16px 0 ${ir(t,.16)}`,z12:`0 12px 24px -4px ${ir(t,.16)}`,z16:`0 16px 32px -4px ${ir(t,.16)}`,z20:`0 20px 40px -4px ${ir(t,.16)}`,z24:`0 24px 48px 0 ${ir(t,.16)}`,dialog:`-40px 40px 80px -8px ${ir(vw.common.black,.24)}`,card:`0 0 2px 0 ${ir(t,.2)}, 0 12px 24px -4px ${ir(t,.12)}`,dropdown:`0 0 2px 0 ${ir(t,.24)}, -20px 20px 40px -4px ${ir(t,.24)}`,primary:HO(c7e.main),secondary:HO(u7e.main),info:HO(d7e.main),success:HO(p7e.main),warning:HO(f7e.main),error:HO(h7e.main)}}function Gz(e){const t=Enn.find(r=>r.name===e);return{palette:{primary:uo.omit(t,["name"])},customShadows:{primary:`0 8px 16px 0 ${ir(`${t==null?void 0:t.main}`,.24)}`}}}const wnn=foe("light"),Enn=[{name:"default",lighter:"#e0f2fe",light:"#38bdf8",main:"#0284c7",dark:"#0369a1",darker:"#0c4a6e",contrastText:"#FFFFFF"},{name:"cyan",lighter:"#CCF4FE",light:"#68CDF9",main:"#078DEE",dark:"#0351AB",darker:"#012972",contrastText:"#FFFFFF"},{name:"purple",lighter:"#EBD6FD",light:"#B985F4",main:"#7635dc",dark:"#431A9E",darker:"#200A69",contrastText:"#FFFFFF"},{name:"blue",lighter:"#D1E9FC",light:"#76B0F1",main:"#2065D1",dark:"#103996",darker:"#061B64",contrastText:"#FFFFFF"},{name:"orange",lighter:"#FEF4D4",light:"#FED680",main:"#fda92d",dark:"#B66816",darker:"#793908",contrastText:wnn.grey[800]},{name:"red",lighter:"#FFE3D5",light:"#FFC1AC",main:"#FF3030",dark:"#B71833",darker:"#7A0930",contrastText:"#FFFFFF"},{name:"green",lighter:"#D8F5E3",light:"#73D13D",main:"#52C41A",dark:"#389E0D",darker:"#237804",contrastText:"#FFFFFF"},{name:"pink",lighter:"#FFE7F1",light:"#FF85C0",main:"#FF1744",dark:"#C2185B",darker:"#880E4F",contrastText:"#FFFFFF"},{name:"indigo",lighter:"#E8EAF6",light:"#7986CB",main:"#3F51B5",dark:"#303F9F",darker:"#1A237E",contrastText:"#FFFFFF"},{name:"teal",lighter:"#E0F2F1",light:"#4DB6AC",main:"#009688",dark:"#00695C",darker:"#004D40",contrastText:"#FFFFFF"}];function knn(e,t){const n={...e&&t==="light"&&{palette:{background:{default:foe(t).grey[100]}}}},r={...e&&{MuiCard:{styleOverrides:{root:{boxShadow:MQ(t).z4}}}}};return{theme:n,components:r}}const b7e=foe("light"),Tnn=b7e.grey[500],Ann=b7e.common.black;function AOe(e){const t=ir(e,.2),n=ir(e,.14),r=ir(e,.12);return["none",`0px 2px 1px -1px ${t},0px 1px 1px 0px ${n},0px 1px 3px 0px ${r}`,`0px 3px 1px -2px ${t},0px 2px 2px 0px ${n},0px 1px 5px 0px ${r}`,`0px 3px 3px -2px ${t},0px 3px 4px 0px ${n},0px 1px 8px 0px ${r}`,`0px 2px 4px -1px ${t},0px 4px 5px 0px ${n},0px 1px 10px 0px ${r}`,`0px 3px 5px -1px ${t},0px 5px 8px 0px ${n},0px 1px 14px 0px ${r}`,`0px 3px 5px -1px ${t},0px 6px 10px 0px ${n},0px 1px 18px 0px ${r}`,`0px 4px 5px -2px ${t},0px 7px 10px 1px ${n},0px 2px 16px 1px ${r}`,`0px 5px 5px -3px ${t},0px 8px 10px 1px ${n},0px 3px 14px 2px ${r}`,`0px 5px 6px -3px ${t},0px 9px 12px 1px ${n},0px 3px 16px 2px ${r}`,`0px 6px 6px -3px ${t},0px 10px 14px 1px ${n},0px 4px 18px 3px ${r}`,`0px 6px 7px -4px ${t},0px 11px 15px 1px ${n},0px 4px 20px 3px ${r}`,`0px 7px 8px -4px ${t},0px 12px 17px 2px ${n},0px 5px 22px 4px ${r}`,`0px 7px 8px -4px ${t},0px 13px 19px 2px ${n},0px 5px 24px 4px ${r}`,`0px 7px 9px -4px ${t},0px 14px 21px 2px ${n},0px 5px 26px 4px ${r}`,`0px 8px 9px -5px ${t},0px 15px 22px 2px ${n},0px 6px 28px 5px ${r}`,`0px 8px 10px -5px ${t},0px 16px 24px 2px ${n},0px 6px 30px 5px ${r}`,`0px 8px 11px -5px ${t},0px 17px 26px 2px ${n},0px 6px 32px 5px ${r}`,`0px 9px 11px -5px ${t},0px 18px 28px 2px ${n},0px 7px 34px 6px ${r}`,`0px 9px 12px -6px ${t},0px 19px 29px 2px ${n},0px 7px 36px 6px ${r}`,`0px 10px 13px -6px ${t},0px 20px 31px 3px ${n},0px 8px 38px 7px ${r}`,`0px 10px 13px -6px ${t},0px 21px 33px 3px ${n},0px 8px 40px 7px ${r}`,`0px 10px 14px -6px ${t},0px 22px 35px 3px ${n},0px 8px 42px 7px ${r}`,`0px 11px 14px -7px ${t},0px 23px 36px 3px ${n},0px 9px 44px 8px ${r}`,`0px 11px 15px -7px ${t},0px 24px 38px 3px ${n},0px 9px 46px 8px ${r}`]}function _nn(e){return AOe(e==="light"?Tnn:Ann)}function kl(e){return`${e/16}rem`}function VO({sm:e,md:t,lg:n}){return{...e?{"@media (min-width:600px)":{fontSize:kl(e)}}:{},...t?{"@media (min-width:900px)":{fontSize:kl(t)}}:{},...n?{"@media (min-width:1200px)":{fontSize:kl(n)}}:{}}}const sy={fontFamily:'"Inter", "Public Sans", "Roboto", "Helvetica", "Arial", sans-serif',fontSecondaryFamily:"Public Sans",fontWeightRegular:400,fontWeightMedium:500,fontWeightSemiBold:600,fontWeightBold:700,h1:{fontWeight:800,lineHeight:80/64,fontSize:kl(40),...VO({sm:36,md:42,lg:48})},h2:{fontWeight:800,lineHeight:64/48,fontSize:kl(32),...VO({sm:32,md:36,lg:40})},h3:{fontWeight:700,lineHeight:1.5,fontSize:kl(24),...VO({sm:26,md:30,lg:32})},h4:{fontWeight:700,lineHeight:1.5,fontSize:kl(20),...VO({sm:20,md:24,lg:24})},h5:{fontWeight:700,lineHeight:1.5,fontSize:kl(18),...VO({sm:19,md:20,lg:20})},h6:{fontWeight:600,lineHeight:28/18,fontSize:kl(17),...VO({sm:18,md:18,lg:18})},subtitle1:{fontWeight:600,lineHeight:1.5,fontSize:kl(16)},subtitle2:{fontWeight:600,lineHeight:22/14,fontSize:kl(14)},body1:{lineHeight:1.5,fontSize:kl(16)},body2:{lineHeight:22/14,fontSize:kl(14)},caption:{lineHeight:1.5,fontSize:kl(12)},overline:{fontWeight:700,lineHeight:1.5,fontSize:kl(12),textTransform:"uppercase"},button:{fontWeight:600,lineHeight:24/14,fontSize:kl(14),textTransform:"none"}};function Cnn(e,t){const[n,r]=L.useState(t);L.useEffect(()=>{const s=$nn(e);s&&r(l=>({...l,...s}))},[e]);const a=L.useCallback(s=>{r(l=>(Inn(e,{...l,...s}),{...l,...s}))},[e]),i=L.useCallback((s,l)=>{a({[s]:l})},[a]),o=L.useCallback(()=>{Rnn(e),r(t)},[t,e]);return{state:n,update:i,reset:o}}const $nn=e=>{let t=null;try{const n=window.localStorage.getItem(e);n&&(t=JSON.parse(n))}catch(n){console.error(n)}return t},Inn=(e,t)=>{try{window.localStorage.setItem(e,JSON.stringify(t))}catch(n){console.error(n)}},Rnn=e=>{try{window.localStorage.removeItem(e)}catch(t){console.error(t)}},Pnn="settings",LQ={colorScheme:"light",contrast:"default",navLayout:"vertical",primaryColor:"default",navColor:"integrate",compactLayout:!1},y7e=L.createContext({});function Nnn({children:e,defaultSettings:t}){const{state:n,update:r,reset:a}=Cnn(Pnn,{...LQ,...t}),[i,o]=L.useState(!1),s=L.useCallback(()=>{o(p=>!p)},[]),l=L.useCallback(()=>{o(!1)},[]),c=L.useCallback(p=>{console.info("Direction change by language:",p)},[]),u=!yA(n,{...LQ,...t}),d=L.useMemo(()=>({...n,onUpdate:r,onChangeDirectionByLang:c,canReset:u,onReset:a,open:i,onToggle:s,onClose:l}),[a,r,n,u,i,l,s,c]);return E.jsx(y7e.Provider,{value:d,children:e})}const Dnn=()=>{const e=L.useContext(y7e);if(!e)throw new Error("useSettingsContext must be use inside SettingsProvider");return e};function Mnn({children:e}){const t=Dnn(),n=knn(t.contrast==="bold",t.colorScheme),r=L.useMemo(()=>({colorSchemes:Pc,shadows:_nn(t.colorScheme),customShadows:MQ(t.colorScheme),shape:{borderRadius:t.compactLayout?4:8},components:{...Snn,...n.components},typography:{...sy,...t.compactLayout&&{h1:{...sy.h1,fontSize:"2rem"},h2:{...sy.h2,fontSize:"1.75rem"},h3:{...sy.h3,fontSize:"1.5rem"},h4:{...sy.h4,fontSize:"1.25rem"},h5:{...sy.h5,fontSize:"1.125rem"},h6:{...sy.h6,fontSize:"1rem"}}},cssVarPrefix:""}),[t.colorScheme,t.contrast,t.compactLayout,n]),a=L.useMemo(()=>{var s,l,c,u,d,p,f,h,m;return{...r,colorSchemes:{...Pc,light:{palette:{...(s=Pc==null?void 0:Pc.light)==null?void 0:s.palette,...Gz(t.primaryColor).palette,...(l=n.theme)==null?void 0:l.palette,background:{...(u=(c=Pc==null?void 0:Pc.light)==null?void 0:c.palette)==null?void 0:u.background,...(p=(d=n.theme)==null?void 0:d.palette)==null?void 0:p.background}}},dark:{palette:{...(f=Pc==null?void 0:Pc.dark)==null?void 0:f.palette,...Gz(t.primaryColor).palette,...t.contrast==="bold"&&{background:{...(m=(h=Pc==null?void 0:Pc.dark)==null?void 0:h.palette)==null?void 0:m.background,default:"#0a0a0a",paper:"#1a1a1a"}}}}},customShadows:{...MQ(t.colorScheme),...Gz(t.primaryColor).customShadows},components:{...r.components,...t.compactLayout&&{MuiCard:{styleOverrides:{root:{padding:"12px"}}},MuiButton:{styleOverrides:{root:{minHeight:"32px",padding:"6px 12px"}}},MuiTextField:{styleOverrides:{root:{"& .MuiInputBase-root":{minHeight:"36px"}}}}}}}},[t,r,n]),i=uD(a),o={modeStorageKey:"theme-mode",defaultMode:LQ.colorScheme};return E.jsxs(Jmt,{theme:i,defaultMode:o.defaultMode,modeStorageKey:o.modeStorageKey,children:[E.jsx(l2t,{}),E.jsx(o_e,{styles:{"*":{"::-webkit-scrollbar":{width:5,height:4}," ::-webkit-scrollbar-track":{background:i.palette.grey[50]},"::-webkit-scrollbar-thumb":{background:i.palette.grey[300],borderRadius:12},"::-webkit-scrollbar-thumb:hover":{background:i.palette.grey[400]}},input:{"&[type=number]":{MozAppearance:"textfield","&::-webkit-outer-spin-button":{margin:0,WebkitAppearance:"none"},"&::-webkit-inner-spin-button":{margin:0,WebkitAppearance:"none"}}},body:{a:{textDecoration:"none",color:"inherit"},...t.compactLayout&&{"& .MuiContainer-root":{paddingTop:"8px !important",paddingBottom:"8px !important"},"& .MuiStack-root":{gap:"8px !important"},"& .MuiBox-root":{padding:"8px"}}}}}),e]})}const _Oe=document.getElementById("root");_Oe&&sq.createRoot(_Oe).render(E.jsx(xe.StrictMode,{children:E.jsx(Nnn,{children:E.jsx(Mnn,{children:E.jsx(Stn,{})})})}));/**
5459
5459
  * @vue/shared v3.5.34
5460
5460
  * (c) 2018-present Yuxi (Evan) You and Vue contributors
5461
5461
  * @license MIT
@@ -4106,7 +4106,7 @@
4106
4106
  "info": {
4107
4107
  "title": "@ackplus/nest-auth API",
4108
4108
  "description": "Authentication & authorization API for **@ackplus/nest-auth**.\n\n### Conventions\n- **Base URL** — routes are shown relative to your app’s global prefix. The reference example app uses `/api`, so a route like `POST /auth/login` is called at `POST /api/auth/login`.\n- **Auth** — most endpoints require a Bearer access token: `Authorization: Bearer <accessToken>`. The **Admin** endpoints use an httpOnly session cookie set by `POST /auth/admin/login`.\n- **Token modes** — in *header* mode (default) tokens are returned in the response body; in *cookie* mode they are set as httpOnly cookies. Controlled by `accessTokenType`.\n- **Errors** — failures return `{ statusCode, error, message, code }`; the machine-readable `code` is the value to branch on.\n\nBrowse by section in the sidebar: **Authentication**, **Password**, **Verification**, **Passwordless**, **MFA**, and the **Admin** groups.",
4109
- "version": "2.5.2",
4109
+ "version": "2.6.0",
4110
4110
  "contact": {}
4111
4111
  },
4112
4112
  "tags": [
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ackplus/nest-auth",
3
- "version": "2.5.2",
3
+ "version": "2.6.0",
4
4
  "description": "Authentication & authorization for NestJS — JWT/cookie sessions, refresh-token rotation, RBAC, multi-tenancy, MFA, OAuth/social login, passwordless, API keys, and a built-in admin console.",
5
5
  "type": "commonjs",
6
6
  "main": "./dist/index.js",
@@ -49,7 +49,7 @@
49
49
  "qrcode": "^1.5.0",
50
50
  "qs": "^6.11.2",
51
51
  "speakeasy": "^2.0.0",
52
- "@ackplus/nest-auth-contracts": "2.5.2"
52
+ "@ackplus/nest-auth-contracts": "2.6.0"
53
53
  },
54
54
  "peerDependencies": {
55
55
  "@nestjs/common": "^10 || ^11",
@@ -111,7 +111,7 @@
111
111
  "@types/supertest": "^6.0.2",
112
112
  "unplugin-swc": "^1.5.0",
113
113
  "@swc/core": "^1.7.0",
114
- "@ackplus/vitest-preset": "2.5.2"
114
+ "@ackplus/vitest-preset": "2.6.0"
115
115
  },
116
116
  "scripts": {
117
117
  "clean": "rm -rf dist tsconfig.build.tsbuildinfo",