npm - @ambushsoftworks/nestjs-auth-graphql - Versions diffs - 0.4.0 → 0.6.7 - Mend

@ambushsoftworks/nestjs-auth-graphql 0.4.0 → 0.6.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

package/dist/guards/csrf.guard.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import type { AuthModuleOptions } from '../auth.module';
+export declare class CsrfGuard implements CanActivate {
+    private readonly reflector;
+    private readonly logger;
+    private readonly headerName;
+    private readonly requireInProduction;
+    private readonly exemptOperations;
+    private readonly cookieAuthEnabled;
+    private readonly nodeEnv;
+    constructor(reflector: Reflector, options?: AuthModuleOptions);
+    canActivate(context: ExecutionContext): boolean;
+    private getOperationName;
+}
+//# sourceMappingURL=csrf.guard.d.ts.map

package/dist/guards/csrf.guard.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"csrf.guard.d.ts","sourceRoot":"","sources":["../../src/guards/csrf.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,WAAW,EACX,gBAAgB,EAKjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAKzC,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AA+BxD,qBACa,SAAU,YAAW,WAAW;IASzC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAR5B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA8B;IACrD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAU;IAC9C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAc;IAC/C,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAU;IAC5C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAGd,SAAS,EAAE,SAAS,EAGrC,OAAO,CAAC,EAAE,iBAAiB;IAS7B,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO;IAmD/C,OAAO,CAAC,gBAAgB;CAyBzB"}

package/dist/guards/csrf.guard.js ADDED Viewed

@@ -0,0 +1,90 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var CsrfGuard_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CsrfGuard = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const graphql_1 = require("@nestjs/graphql");
+const public_decorator_1 = require("../decorators/public.decorator");
+const constants_1 = require("../constants");
+const execution_context_1 = require("../utils/execution-context");
+let CsrfGuard = CsrfGuard_1 = class CsrfGuard {
+    constructor(reflector, options) {
+        this.reflector = reflector;
+        this.logger = new common_1.Logger(CsrfGuard_1.name);
+        this.cookieAuthEnabled = options?.features?.cookieAuth === true;
+        this.headerName = (options?.csrf?.headerName || 'X-Requested-With').toLowerCase();
+        this.requireInProduction = options?.csrf?.requireInProduction !== false;
+        this.exemptOperations = new Set(options?.csrf?.exemptOperations || []);
+        this.nodeEnv = options?.nodeEnv || process.env.NODE_ENV || 'production';
+    }
+    canActivate(context) {
+        if (!this.cookieAuthEnabled) {
+            return true;
+        }
+        const isPublic = this.reflector.getAllAndOverride(public_decorator_1.IS_PUBLIC_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        if (isPublic) {
+            return true;
+        }
+        const request = (0, execution_context_1.getRequestFromContext)(context);
+        const authHeader = request.headers?.authorization ?? request.headers?.Authorization;
+        if (authHeader) {
+            return true;
+        }
+        if (!this.requireInProduction && this.nodeEnv !== 'production') {
+            return true;
+        }
+        const operationName = this.getOperationName(request, context);
+        if (operationName && this.exemptOperations.has(operationName)) {
+            return true;
+        }
+        const csrfHeader = request.headers?.[this.headerName];
+        if (!csrfHeader) {
+            this.logger.warn(`CSRF validation failed: missing ${this.headerName} header` +
+                (operationName ? ` for operation: ${operationName}` : ''));
+            throw new common_1.ForbiddenException('CSRF validation failed');
+        }
+        return true;
+    }
+    getOperationName(request, context) {
+        if (request.body?.operationName) {
+            return request.body.operationName;
+        }
+        const contextType = context.getType();
+        if (contextType === 'graphql') {
+            try {
+                const gqlContext = graphql_1.GqlExecutionContext.create(context);
+                const info = gqlContext.getInfo?.();
+                if (info?.operation?.name?.value) {
+                    return info.operation.name.value;
+                }
+            }
+            catch {
+            }
+        }
+        return undefined;
+    }
+};
+exports.CsrfGuard = CsrfGuard;
+exports.CsrfGuard = CsrfGuard = CsrfGuard_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __param(1, (0, common_1.Optional)()),
+    __param(1, (0, common_1.Inject)(constants_1.AUTH_MODULE_OPTIONS)),
+    __metadata("design:paramtypes", [core_1.Reflector, Object])
+], CsrfGuard);
+//# sourceMappingURL=csrf.guard.js.map

package/dist/guards/csrf.guard.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"csrf.guard.js","sourceRoot":"","sources":["../../src/guards/csrf.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAQwB;AACxB,uCAAyC;AACzC,6CAAsD;AACtD,qEAA+D;AAC/D,4CAAmD;AACnD,kEAAmE;AAiC5D,IAAM,SAAS,iBAAf,MAAM,SAAS;IAQpB,YACmB,SAAoB,EAGrC,OAA2B;QAHV,cAAS,GAAT,SAAS,CAAW;QARtB,WAAM,GAAG,IAAI,eAAM,CAAC,WAAS,CAAC,IAAI,CAAC,CAAC;QAanD,IAAI,CAAC,iBAAiB,GAAG,OAAO,EAAE,QAAQ,EAAE,UAAU,KAAK,IAAI,CAAC;QAChE,IAAI,CAAC,UAAU,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,UAAU,IAAI,kBAAkB,CAAC,CAAC,WAAW,EAAE,CAAC;QAClF,IAAI,CAAC,mBAAmB,GAAG,OAAO,EAAE,IAAI,EAAE,mBAAmB,KAAK,KAAK,CAAC;QACxE,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,gBAAgB,IAAI,EAAE,CAAC,CAAC;QACvE,IAAI,CAAC,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,YAAY,CAAC;IAC1E,CAAC;IAED,WAAW,CAAC,OAAyB;QAEnC,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAU,gCAAa,EAAE;YACxE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QACH,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,IAAA,yCAAqB,EAAC,OAAO,CAAC,CAAC;QAG/C,MAAM,UAAU,GACd,OAAO,CAAC,OAAO,EAAE,aAAa,IAAI,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC;QACnE,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,IAAI,CAAC,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,OAAO,KAAK,YAAY,EAAE,CAAC;YAC/D,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC9D,IAAI,aAAa,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;YAC9D,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACtD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,mCAAmC,IAAI,CAAC,UAAU,SAAS;gBAC3D,CAAC,aAAa,CAAC,CAAC,CAAC,mBAAmB,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAC1D,CAAC;YACF,MAAM,IAAI,2BAAkB,CAAC,wBAAwB,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAKO,gBAAgB,CACtB,OAA4B,EAC5B,OAAyB;QAGzB,IAAI,OAAO,CAAC,IAAI,EAAE,aAAa,EAAE,CAAC;YAChC,OAAO,OAAO,CAAC,IAAI,CAAC,aAAuB,CAAC;QAC9C,CAAC;QAGD,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,EAAU,CAAC;QAC9C,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,6BAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACvD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC;gBACpC,IAAI,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;oBACjC,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAe,CAAC;gBAC7C,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;YAET,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;CACF,CAAA;AAjGY,8BAAS;oBAAT,SAAS;IADrB,IAAA,mBAAU,GAAE;IAWR,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,eAAM,EAAC,+BAAmB,CAAC,CAAA;qCAFA,gBAAS;GAT5B,SAAS,CAiGrB"}

package/dist/guards/permission.guard.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { IResourcePermissionRepository } from '../interfaces/resource-permission-repository.interface';
+export declare class PermissionGuard implements CanActivate {
+    private readonly reflector;
+    private readonly resourcePermissionRepository?;
+    private readonly logger;
+    constructor(reflector: Reflector, resourcePermissionRepository?: IResourcePermissionRepository | undefined);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+    private getResourceId;
+}
+//# sourceMappingURL=permission.guard.d.ts.map

package/dist/guards/permission.guard.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permission.guard.d.ts","sourceRoot":"","sources":["../../src/guards/permission.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,WAAW,EACX,gBAAgB,EAMjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAQzC,OAAO,EAAE,6BAA6B,EAAE,MAAM,wDAAwD,CAAC;AAqBvG,qBACa,eAAgB,YAAW,WAAW;IAI/C,OAAO,CAAC,QAAQ,CAAC,SAAS;IAG1B,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAC;IANhD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAoC;gBAGxC,SAAS,EAAE,SAAS,EAGpB,4BAA4B,CAAC,EAAE,6BAA6B,YAAA;IAGzE,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;IAwF9D,OAAO,CAAC,aAAa;CAWtB"}

package/dist/guards/permission.guard.js ADDED Viewed

@@ -0,0 +1,90 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var PermissionGuard_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionGuard = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const graphql_1 = require("@nestjs/graphql");
+const constants_1 = require("../constants");
+const execution_context_1 = require("../utils/execution-context");
+let PermissionGuard = PermissionGuard_1 = class PermissionGuard {
+    constructor(reflector, resourcePermissionRepository) {
+        this.reflector = reflector;
+        this.resourcePermissionRepository = resourcePermissionRepository;
+        this.logger = new common_1.Logger(PermissionGuard_1.name);
+    }
+    async canActivate(context) {
+        const requiredPermissions = this.reflector.getAllAndOverride(constants_1.PERMISSIONS_KEY, [context.getHandler(), context.getClass()]);
+        if (!requiredPermissions || requiredPermissions.length === 0) {
+            return true;
+        }
+        const request = (0, execution_context_1.getRequestFromContext)(context);
+        const tenantContext = request._tenantContext;
+        if (!tenantContext) {
+            throw new common_1.ForbiddenException('Tenant context required for permission check — ensure TenantGuard runs before PermissionGuard');
+        }
+        const userPermissions = tenantContext.permissions;
+        const missingPermissions = requiredPermissions.filter((perm) => !userPermissions.includes(perm));
+        if (missingPermissions.length === 0) {
+            return true;
+        }
+        const resourceScope = this.reflector.getAllAndOverride(constants_1.RESOURCE_SCOPE_KEY, [context.getHandler(), context.getClass()]);
+        if (!resourceScope || !this.resourcePermissionRepository) {
+            throw new common_1.ForbiddenException('Insufficient permissions');
+        }
+        const resourceId = this.getResourceId(context, resourceScope.argName);
+        if (!resourceId) {
+            throw new common_1.ForbiddenException('Insufficient permissions');
+        }
+        try {
+            const userId = request.user?.id;
+            if (!userId) {
+                throw new common_1.ForbiddenException('Insufficient permissions');
+            }
+            for (const permission of missingPermissions) {
+                const hasPermission = await this.resourcePermissionRepository.hasPermission(userId, tenantContext.tenantId, permission, resourceScope.resourceType, resourceId);
+                if (!hasPermission) {
+                    throw new common_1.ForbiddenException('Insufficient permissions');
+                }
+            }
+            return true;
+        }
+        catch (error) {
+            if (error instanceof common_1.ForbiddenException) {
+                throw error;
+            }
+            this.logger.error(`Failed resource permission check: ${error instanceof Error ? error.message : String(error)}`, error instanceof Error ? error.stack : undefined);
+            throw new common_1.ServiceUnavailableException('Unable to verify permissions');
+        }
+    }
+    getResourceId(context, argName) {
+        const contextType = context.getType();
+        if (contextType === 'graphql') {
+            const gqlContext = graphql_1.GqlExecutionContext.create(context);
+            const args = gqlContext.getArgs();
+            return args[argName];
+        }
+        const request = context.switchToHttp().getRequest();
+        return request.params?.[argName] ?? request.query?.[argName];
+    }
+};
+exports.PermissionGuard = PermissionGuard;
+exports.PermissionGuard = PermissionGuard = PermissionGuard_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __param(1, (0, common_1.Optional)()),
+    __param(1, (0, common_1.Inject)(constants_1.RESOURCE_PERMISSION_REPOSITORY)),
+    __metadata("design:paramtypes", [core_1.Reflector, Object])
+], PermissionGuard);
+//# sourceMappingURL=permission.guard.js.map

package/dist/guards/permission.guard.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permission.guard.js","sourceRoot":"","sources":["../../src/guards/permission.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CASwB;AACxB,uCAAyC;AACzC,6CAAsD;AACtD,4CAIsB;AACtB,kEAAmE;AAuB5D,IAAM,eAAe,uBAArB,MAAM,eAAe;IAG1B,YACmB,SAAoB,EAGrC,4BAA6E;QAH5D,cAAS,GAAT,SAAS,CAAW;QAGpB,iCAA4B,GAA5B,4BAA4B,CAAgC;QAN9D,WAAM,GAAG,IAAI,eAAM,CAAC,iBAAe,CAAC,IAAI,CAAC,CAAC;IAOxD,CAAC;IAEJ,KAAK,CAAC,WAAW,CAAC,OAAyB;QAEzC,MAAM,mBAAmB,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAC1D,2BAAe,EACf,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAC3C,CAAC;QAGF,IAAI,CAAC,mBAAmB,IAAI,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,IAAA,yCAAqB,EAAC,OAAO,CAAC,CAAC;QAG/C,MAAM,aAAa,GAA+B,OAAO,CAAC,cAAc,CAAC;QACzE,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAAkB,CAC1B,+FAA+F,CAChG,CAAC;QACJ,CAAC;QAED,MAAM,eAAe,GAAG,aAAa,CAAC,WAAW,CAAC;QAGlD,MAAM,kBAAkB,GAAG,mBAAmB,CAAC,MAAM,CACnD,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAC1C,CAAC;QAGF,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CACpD,8BAAkB,EAClB,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAC3C,CAAC;QAEF,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,4BAA4B,EAAE,CAAC;YACzD,MAAM,IAAI,2BAAkB,CAAC,0BAA0B,CAAC,CAAC;QAC3D,CAAC;QAGD,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,CAAC;QACtE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,2BAAkB,CAAC,0BAA0B,CAAC,CAAC;QAC3D,CAAC;QAGD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;YAChC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,2BAAkB,CAAC,0BAA0B,CAAC,CAAC;YAC3D,CAAC;YAED,KAAK,MAAM,UAAU,IAAI,kBAAkB,EAAE,CAAC;gBAC5C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,4BAA4B,CAAC,aAAa,CACzE,MAAM,EACN,aAAa,CAAC,QAAQ,EACtB,UAAU,EACV,aAAa,CAAC,YAAY,EAC1B,UAAU,CACX,CAAC;gBAEF,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,MAAM,IAAI,2BAAkB,CAAC,0BAA0B,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IAAI,KAAK,YAAY,2BAAkB,EAAE,CAAC;gBACxC,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,qCAAqC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAC7F,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CACjD,CAAC;YACF,MAAM,IAAI,oCAA2B,CAAC,8BAA8B,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IAKO,aAAa,CAAC,OAAyB,EAAE,OAAe;QAC9D,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,EAAU,CAAC;QAC9C,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,UAAU,GAAG,6BAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC;CACF,CAAA;AA7GY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;IAMR,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,eAAM,EAAC,0CAA8B,CAAC,CAAA;qCAFX,gBAAS;GAJ5B,eAAe,CA6G3B"}

package/dist/guards/tenant.guard.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { ITenantExtractor } from '../interfaces/tenant-extractor.interface';
+import { ITenantRepository } from '../interfaces/tenant-repository.interface';
+export declare class TenantGuard implements CanActivate {
+    private readonly reflector;
+    private readonly tenantExtractor?;
+    private readonly tenantRepository?;
+    private readonly logger;
+    constructor(reflector: Reflector, tenantExtractor?: ITenantExtractor | undefined, tenantRepository?: ITenantRepository | undefined);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+}
+//# sourceMappingURL=tenant.guard.d.ts.map

package/dist/guards/tenant.guard.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tenant.guard.d.ts","sourceRoot":"","sources":["../../src/guards/tenant.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,WAAW,EACX,gBAAgB,EAQjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAIzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,0CAA0C,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,2CAA2C,CAAC;AAc9E,qBACa,WAAY,YAAW,WAAW;IAI3C,OAAO,CAAC,QAAQ,CAAC,SAAS;IACY,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC;IAChC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;IAL3E,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgC;gBAGpC,SAAS,EAAE,SAAS,EACkB,eAAe,CAAC,EAAE,gBAAgB,YAAA,EACjC,gBAAgB,CAAC,EAAE,iBAAiB,YAAA;IAGxF,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAiE/D"}

package/dist/guards/tenant.guard.js ADDED Viewed

@@ -0,0 +1,85 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var TenantGuard_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TenantGuard = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const public_decorator_1 = require("../decorators/public.decorator");
+const constants_1 = require("../constants");
+const execution_context_1 = require("../utils/execution-context");
+let TenantGuard = TenantGuard_1 = class TenantGuard {
+    constructor(reflector, tenantExtractor, tenantRepository) {
+        this.reflector = reflector;
+        this.tenantExtractor = tenantExtractor;
+        this.tenantRepository = tenantRepository;
+        this.logger = new common_1.Logger(TenantGuard_1.name);
+    }
+    async canActivate(context) {
+        const isPublic = this.reflector.getAllAndOverride(public_decorator_1.IS_PUBLIC_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        if (isPublic)
+            return true;
+        const skipTenant = this.reflector.getAllAndOverride(constants_1.SKIP_TENANT_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        if (skipTenant)
+            return true;
+        if (!this.tenantRepository)
+            return true;
+        const request = (0, execution_context_1.getRequestFromContext)(context);
+        if (!this.tenantExtractor) {
+            throw new common_1.BadRequestException('Tenant ID required');
+        }
+        const tenantId = this.tenantExtractor.extractTenantId(request);
+        if (!tenantId) {
+            throw new common_1.BadRequestException('Tenant ID required');
+        }
+        const user = request.user;
+        if (!user) {
+            throw new common_1.UnauthorizedException('Authentication required');
+        }
+        try {
+            const tenantContext = await this.tenantRepository.resolveTenant(user.id, tenantId);
+            if (!tenantContext) {
+                throw new common_1.ForbiddenException('Access denied to this tenant');
+            }
+            request._tenantContext = tenantContext;
+            return true;
+        }
+        catch (error) {
+            if (error instanceof common_1.ForbiddenException ||
+                error instanceof common_1.BadRequestException ||
+                error instanceof common_1.UnauthorizedException ||
+                error instanceof common_1.ServiceUnavailableException) {
+                throw error;
+            }
+            this.logger.error(`Failed to resolve tenant context: ${error instanceof Error ? error.message : String(error)}`, error instanceof Error ? error.stack : undefined);
+            throw new common_1.ServiceUnavailableException('Unable to resolve tenant context');
+        }
+    }
+};
+exports.TenantGuard = TenantGuard;
+exports.TenantGuard = TenantGuard = TenantGuard_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __param(1, (0, common_1.Optional)()),
+    __param(1, (0, common_1.Inject)(constants_1.TENANT_EXTRACTOR)),
+    __param(2, (0, common_1.Optional)()),
+    __param(2, (0, common_1.Inject)(constants_1.TENANT_REPOSITORY)),
+    __metadata("design:paramtypes", [core_1.Reflector, Object, Object])
+], TenantGuard);
+//# sourceMappingURL=tenant.guard.js.map

package/dist/guards/tenant.guard.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tenant.guard.js","sourceRoot":"","sources":["../../src/guards/tenant.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAWwB;AACxB,uCAAyC;AACzC,qEAA+D;AAC/D,4CAAoF;AACpF,kEAAmE;AAiB5D,IAAM,WAAW,mBAAjB,MAAM,WAAW;IAGtB,YACmB,SAAoB,EACC,eAAmD,EAClD,gBAAqD;QAF3E,cAAS,GAAT,SAAS,CAAW;QACkB,oBAAe,GAAf,eAAe,CAAmB;QACjC,qBAAgB,GAAhB,gBAAgB,CAAoB;QAL7E,WAAM,GAAG,IAAI,eAAM,CAAC,aAAW,CAAC,IAAI,CAAC,CAAC;IAMpD,CAAC;IAEJ,KAAK,CAAC,WAAW,CAAC,OAAyB;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAU,gCAAa,EAAE;YACxE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QACH,IAAI,QAAQ;YAAE,OAAO,IAAI,CAAC;QAG1B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAU,2BAAe,EAAE;YAC5E,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QACH,IAAI,UAAU;YAAE,OAAO,IAAI,CAAC;QAG5B,IAAI,CAAC,IAAI,CAAC,gBAAgB;YAAE,OAAO,IAAI,CAAC;QAExC,MAAM,OAAO,GAAG,IAAA,yCAAqB,EAAC,OAAO,CAAC,CAAC;QAG/C,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YAC1B,MAAM,IAAI,4BAAmB,CAAC,oBAAoB,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QAC/D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,4BAAmB,CAAC,oBAAoB,CAAC,CAAC;QACtD,CAAC;QAGD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAC1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,8BAAqB,CAAC,yBAAyB,CAAC,CAAC;QAC7D,CAAC;QAGD,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;YAEnF,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,MAAM,IAAI,2BAAkB,CAAC,8BAA8B,CAAC,CAAC;YAC/D,CAAC;YAED,OAAO,CAAC,cAAc,GAAG,aAAa,CAAC;YACvC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YAExB,IACE,KAAK,YAAY,2BAAkB;gBACnC,KAAK,YAAY,4BAAmB;gBACpC,KAAK,YAAY,8BAAqB;gBACtC,KAAK,YAAY,oCAA2B,EAC5C,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;YAGD,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,qCAAqC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAC7F,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CACjD,CAAC;YACF,MAAM,IAAI,oCAA2B,CAAC,kCAAkC,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;CACF,CAAA;AA1EY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;IAMR,WAAA,IAAA,iBAAQ,GAAE,CAAA;IAAE,WAAA,IAAA,eAAM,EAAC,4BAAgB,CAAC,CAAA;IACpC,WAAA,IAAA,iBAAQ,GAAE,CAAA;IAAE,WAAA,IAAA,eAAM,EAAC,6BAAiB,CAAC,CAAA;qCAFV,gBAAS;GAJ5B,WAAW,CA0EvB"}

package/dist/index.d.ts CHANGED Viewed

@@ -15,6 +15,14 @@ export * from './interfaces/password-policy-config.interface';
 export * from './interfaces/rate-limiter.interface';
 export * from './interfaces/password-reset-strategy.interface';
 export * from './interfaces/magic-link-repository.interface';
+export * from './interfaces/tenant-repository.interface';
+export * from './interfaces/tenant-extractor.interface';
+export * from './interfaces/resource-permission-repository.interface';
+export * from './interfaces/jwt-payload-factory.interface';
+export * from './interfaces/api-key-repository.interface';
+export * from './interfaces/email-template-renderer.interface';
+export * from './interfaces/email-sender.interface';
+export * from './interfaces/email-branding-config.interface';
 export * from './services/auth.service';
 export * from './services/refresh-token.service';
 export * from './services/verification.service';
@@ -26,21 +34,31 @@ export * from './services/biometric-verification.service';
 export * from './services/oauth-linking-token.service';
 export * from './services/password-validation.service';
 export * from './services/in-memory-rate-limiter.service';
+export * from './services/default-jwt-payload-factory';
+export * from './services/header-tenant-extractor';
+export * from './services/default-email-template-renderer';
+export * from './services/configurable-email.service';
 export * from './services/sendgrid-email.service';
 export * from './services/twilio-sms.service';
 export * from './services/noop-email.service';
 export * from './services/noop-sms.service';
 export * from './services/console-logger.service';
+export * from './services/sendgrid-email-sender';
+export * from './services/resend-email-sender';
+export * from './services/noop-email-sender';
 export * from './repositories/noop-verification.repository';
 export * from './repositories/noop-brute-force.repository';
 export * from './repositories/noop-biometric.repository';
 export * from './repositories/noop-rate-limiter';
 export * from './repositories/noop-magic-link.repository';
+export * from './repositories/noop-tenant.repository';
+export * from './repositories/noop-tenant-extractor';
 export * from './strategies/jwt.strategy';
 export * from './strategies/google.strategy';
 export * from './strategies/facebook.strategy';
 export * from './strategies/noop-google.strategy';
 export * from './strategies/noop-facebook.strategy';
+export * from './strategies/api-key.strategy';
 export * from './strategies/verification-code.strategy';
 export * from './strategies/magic-link.strategy';
 export * from './resolvers/base-auth.resolver';
@@ -75,7 +93,17 @@ export * from './dto/request-password-reset.input';
 export * from './dto/reset-password.input';
 export * from './dto/password-reset-response.dto';
 export * from './decorators/current-user.decorator';
+export * from './decorators/public.decorator';
+export * from './decorators/public-endpoint.decorator';
+export * from './decorators/skip-tenant.decorator';
+export * from './decorators/require-permissions.decorator';
+export * from './decorators/current-tenant.decorator';
+export * from './decorators/resource-scope.decorator';
 export * from './guards/jwt-auth.guard';
+export * from './guards/tenant.guard';
+export * from './guards/permission.guard';
+export * from './guards/create-auth-guard';
+export * from './guards/csrf.guard';
 export { AuthUser } from './entities/auth-user.entity';
 export * from './exceptions/account-locked.exception';
 export * from './exceptions/verification.exceptions';
@@ -84,4 +112,8 @@ export * from './exceptions/password-reset.exceptions';
 export * from './enums/verification-type.enum';
 export * from './types/oauth.types';
 export * from './utils/provider-helpers';
+export * from './utils/cookie-options';
+export * from './utils/escape-html';
+export * from './utils/execution-context';
+export * from './utils/request-helpers';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAYA,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC;AAK5B,cAAc,kCAAkC,CAAC;AACjD,cAAc,wCAAwC,CAAC;AACvD,cAAc,sCAAsC,CAAC;AACrD,cAAc,oCAAoC,CAAC;AACnD,cAAc,6CAA6C,CAAC;AAC5D,cAAc,wCAAwC,CAAC;AACvD,cAAc,iDAAiD,CAAC;AAChE,cAAc,oCAAoC,CAAC;AACnD,cAAc,gDAAgD,CAAC;AAC/D,cAAc,+CAA+C,CAAC;AAC9D,cAAc,6CAA6C,CAAC;AAC5D,cAAc,+CAA+C,CAAC;AAC9D,cAAc,qCAAqC,CAAC;AACpD,cAAc,gDAAgD,CAAC;AAC/D,cAAc,8CAA8C,CAAC;AAK7D,cAAc,yBAAyB,CAAC;AACxC,cAAc,kCAAkC,CAAC;AACjD,cAAc,iCAAiC,CAAC;AAChD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,2CAA2C,CAAC;AAE1D,cAAc,mCAAmC,CAAC;AAElD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,wCAAwC,CAAC;AACvD,cAAc,wCAAwC,CAAC;AACvD,cAAc,2CAA2C,CAAC;~~AAK1D~~,cAAc,mCAAmC,CAAC;AAClD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,mCAAmC,CAAC;~~AAKlD~~,cAAc,6CAA6C,CAAC;AAC5D,cAAc,4CAA4C,CAAC;AAC3D,cAAc,0CAA0C,CAAC;AACzD,cAAc,kCAAkC,CAAC;AACjD,cAAc,2CAA2C,CAAC;~~AAK1D~~,cAAc,2BAA2B,CAAC;AAC1C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,mCAAmC,CAAC;AAClD,cAAc,qCAAqC,CAAC;AACpD,cAAc,yCAAyC,CAAC;AACxD,cAAc,kCAAkC,CAAC;AAKjD,cAAc,gCAAgC,CAAC;AAG/C,cAAc,8BAA8B,CAAC;AAK7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,0BAA0B,CAAC;AACzC,cAAc,iCAAiC,CAAC;AAChD,cAAc,qCAAqC,CAAC;AACpD,cAAc,0BAA0B,CAAC;AACzC,cAAc,uCAAuC,CAAC;AACtD,cAAc,qCAAqC,CAAC;AACpD,cAAc,iCAAiC,CAAC;AAChD,cAAc,sCAAsC,CAAC;AACrD,cAAc,mCAAmC,CAAC;AAClD,cAAc,0CAA0C,CAAC;AACzD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,wCAAwC,CAAC;AACvD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,4CAA4C,CAAC;AAC3D,cAAc,6BAA6B,CAAC;AAC5C,cAAc,oCAAoC,CAAC;AACnD,cAAc,4BAA4B,CAAC;AAC3C,cAAc,mCAAmC,CAAC;AAKlD,cAAc,qCAAqC,CAAC;~~AAKpD~~,cAAc,yBAAyB,CAAC;~~AAKxC~~,OAAO,EAAE,QAAQ,EAAE,MAAM,6BAA6B,CAAC;AAKvD,cAAc,uCAAuC,CAAC;AACtD,cAAc,sCAAsC,CAAC;AACrD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,wCAAwC,CAAC;AAKvD,cAAc,gCAAgC,CAAC;AAK/C,cAAc,qBAAqB,CAAC;AAKpC,cAAc,0BAA0B,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAYA,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC;AAK5B,cAAc,kCAAkC,CAAC;AACjD,cAAc,wCAAwC,CAAC;AACvD,cAAc,sCAAsC,CAAC;AACrD,cAAc,oCAAoC,CAAC;AACnD,cAAc,6CAA6C,CAAC;AAC5D,cAAc,wCAAwC,CAAC;AACvD,cAAc,iDAAiD,CAAC;AAChE,cAAc,oCAAoC,CAAC;AACnD,cAAc,gDAAgD,CAAC;AAC/D,cAAc,+CAA+C,CAAC;AAC9D,cAAc,6CAA6C,CAAC;AAC5D,cAAc,+CAA+C,CAAC;AAC9D,cAAc,qCAAqC,CAAC;AACpD,cAAc,gDAAgD,CAAC;AAC/D,cAAc,8CAA8C,CAAC;AAC7D,cAAc,0CAA0C,CAAC;AACzD,cAAc,yCAAyC,CAAC;AACxD,cAAc,uDAAuD,CAAC;AACtE,cAAc,4CAA4C,CAAC;AAC3D,cAAc,2CAA2C,CAAC;AAC1D,cAAc,gDAAgD,CAAC;AAC/D,cAAc,qCAAqC,CAAC;AACpD,cAAc,8CAA8C,CAAC;AAK7D,cAAc,yBAAyB,CAAC;AACxC,cAAc,kCAAkC,CAAC;AACjD,cAAc,iCAAiC,CAAC;AAChD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,2CAA2C,CAAC;AAE1D,cAAc,mCAAmC,CAAC;AAElD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,wCAAwC,CAAC;AACvD,cAAc,wCAAwC,CAAC;AACvD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,wCAAwC,CAAC;AACvD,cAAc,oCAAoC,CAAC;AACnD,cAAc,4CAA4C,CAAC;AAC3D,cAAc,uCAAuC,CAAC;AAKtD,cAAc,mCAAmC,CAAC;AAClD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,mCAAmC,CAAC;AAClD,cAAc,kCAAkC,CAAC;AACjD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,8BAA8B,CAAC;AAK7C,cAAc,6CAA6C,CAAC;AAC5D,cAAc,4CAA4C,CAAC;AAC3D,cAAc,0CAA0C,CAAC;AACzD,cAAc,kCAAkC,CAAC;AACjD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,uCAAuC,CAAC;AACtD,cAAc,sCAAsC,CAAC;AAKrD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,mCAAmC,CAAC;AAClD,cAAc,qCAAqC,CAAC;AACpD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,yCAAyC,CAAC;AACxD,cAAc,kCAAkC,CAAC;AAKjD,cAAc,gCAAgC,CAAC;AAG/C,cAAc,8BAA8B,CAAC;AAK7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,0BAA0B,CAAC;AACzC,cAAc,iCAAiC,CAAC;AAChD,cAAc,qCAAqC,CAAC;AACpD,cAAc,0BAA0B,CAAC;AACzC,cAAc,uCAAuC,CAAC;AACtD,cAAc,qCAAqC,CAAC;AACpD,cAAc,iCAAiC,CAAC;AAChD,cAAc,sCAAsC,CAAC;AACrD,cAAc,mCAAmC,CAAC;AAClD,cAAc,0CAA0C,CAAC;AACzD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,wCAAwC,CAAC;AACvD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,4CAA4C,CAAC;AAC3D,cAAc,6BAA6B,CAAC;AAC5C,cAAc,oCAAoC,CAAC;AACnD,cAAc,4BAA4B,CAAC;AAC3C,cAAc,mCAAmC,CAAC;AAKlD,cAAc,qCAAqC,CAAC;AACpD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,wCAAwC,CAAC;AACvD,cAAc,oCAAoC,CAAC;AACnD,cAAc,4CAA4C,CAAC;AAC3D,cAAc,uCAAuC,CAAC;AACtD,cAAc,uCAAuC,CAAC;AAKtD,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qBAAqB,CAAC;AAKpC,OAAO,EAAE,QAAQ,EAAE,MAAM,6BAA6B,CAAC;AAKvD,cAAc,uCAAuC,CAAC;AACtD,cAAc,sCAAsC,CAAC;AACrD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,wCAAwC,CAAC;AAKvD,cAAc,gCAAgC,CAAC;AAK/C,cAAc,qBAAqB,CAAC;AAKpC,cAAc,0BAA0B,CAAC;AACzC,cAAc,wBAAwB,CAAC;AACvC,cAAc,qBAAqB,CAAC;AACpC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC"}

package/dist/index.js CHANGED Viewed

@@ -32,6 +32,14 @@ __exportStar(require("./interfaces/password-policy-config.interface"), exports);
 __exportStar(require("./interfaces/rate-limiter.interface"), exports);
 __exportStar(require("./interfaces/password-reset-strategy.interface"), exports);
 __exportStar(require("./interfaces/magic-link-repository.interface"), exports);
+__exportStar(require("./interfaces/tenant-repository.interface"), exports);
+__exportStar(require("./interfaces/tenant-extractor.interface"), exports);
+__exportStar(require("./interfaces/resource-permission-repository.interface"), exports);
+__exportStar(require("./interfaces/jwt-payload-factory.interface"), exports);
+__exportStar(require("./interfaces/api-key-repository.interface"), exports);
+__exportStar(require("./interfaces/email-template-renderer.interface"), exports);
+__exportStar(require("./interfaces/email-sender.interface"), exports);
+__exportStar(require("./interfaces/email-branding-config.interface"), exports);
 __exportStar(require("./services/auth.service"), exports);
 __exportStar(require("./services/refresh-token.service"), exports);
 __exportStar(require("./services/verification.service"), exports);
@@ -43,21 +51,31 @@ __exportStar(require("./services/biometric-verification.service"), exports);
 __exportStar(require("./services/oauth-linking-token.service"), exports);
 __exportStar(require("./services/password-validation.service"), exports);
 __exportStar(require("./services/in-memory-rate-limiter.service"), exports);
+__exportStar(require("./services/default-jwt-payload-factory"), exports);
+__exportStar(require("./services/header-tenant-extractor"), exports);
+__exportStar(require("./services/default-email-template-renderer"), exports);
+__exportStar(require("./services/configurable-email.service"), exports);
 __exportStar(require("./services/sendgrid-email.service"), exports);
 __exportStar(require("./services/twilio-sms.service"), exports);
 __exportStar(require("./services/noop-email.service"), exports);
 __exportStar(require("./services/noop-sms.service"), exports);
 __exportStar(require("./services/console-logger.service"), exports);
+__exportStar(require("./services/sendgrid-email-sender"), exports);
+__exportStar(require("./services/resend-email-sender"), exports);
+__exportStar(require("./services/noop-email-sender"), exports);
 __exportStar(require("./repositories/noop-verification.repository"), exports);
 __exportStar(require("./repositories/noop-brute-force.repository"), exports);
 __exportStar(require("./repositories/noop-biometric.repository"), exports);
 __exportStar(require("./repositories/noop-rate-limiter"), exports);
 __exportStar(require("./repositories/noop-magic-link.repository"), exports);
+__exportStar(require("./repositories/noop-tenant.repository"), exports);
+__exportStar(require("./repositories/noop-tenant-extractor"), exports);
 __exportStar(require("./strategies/jwt.strategy"), exports);
 __exportStar(require("./strategies/google.strategy"), exports);
 __exportStar(require("./strategies/facebook.strategy"), exports);
 __exportStar(require("./strategies/noop-google.strategy"), exports);
 __exportStar(require("./strategies/noop-facebook.strategy"), exports);
+__exportStar(require("./strategies/api-key.strategy"), exports);
 __exportStar(require("./strategies/verification-code.strategy"), exports);
 __exportStar(require("./strategies/magic-link.strategy"), exports);
 __exportStar(require("./resolvers/base-auth.resolver"), exports);
@@ -91,7 +109,17 @@ __exportStar(require("./dto/request-password-reset.input"), exports);
 __exportStar(require("./dto/reset-password.input"), exports);
 __exportStar(require("./dto/password-reset-response.dto"), exports);
 __exportStar(require("./decorators/current-user.decorator"), exports);
+__exportStar(require("./decorators/public.decorator"), exports);
+__exportStar(require("./decorators/public-endpoint.decorator"), exports);
+__exportStar(require("./decorators/skip-tenant.decorator"), exports);
+__exportStar(require("./decorators/require-permissions.decorator"), exports);
+__exportStar(require("./decorators/current-tenant.decorator"), exports);
+__exportStar(require("./decorators/resource-scope.decorator"), exports);
 __exportStar(require("./guards/jwt-auth.guard"), exports);
+__exportStar(require("./guards/tenant.guard"), exports);
+__exportStar(require("./guards/permission.guard"), exports);
+__exportStar(require("./guards/create-auth-guard"), exports);
+__exportStar(require("./guards/csrf.guard"), exports);
 var auth_user_entity_1 = require("./entities/auth-user.entity");
 Object.defineProperty(exports, "AuthUser", { enumerable: true, get: function () { return auth_user_entity_1.AuthUser; } });
 __exportStar(require("./exceptions/account-locked.exception"), exports);
@@ -101,4 +129,8 @@ __exportStar(require("./exceptions/password-reset.exceptions"), exports);
 __exportStar(require("./enums/verification-type.enum"), exports);
 __exportStar(require("./types/oauth.types"), exports);
 __exportStar(require("./utils/provider-helpers"), exports);
+__exportStar(require("./utils/cookie-options"), exports);
+__exportStar(require("./utils/escape-html"), exports);
+__exportStar(require("./utils/execution-context"), exports);
+__exportStar(require("./utils/request-helpers"), exports);
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAYA,gDAA8B;AAC9B,8CAA4B;AAK5B,mEAAiD;AACjD,yEAAuD;AACvD,uEAAqD;AACrD,qEAAmD;AACnD,8EAA4D;AAC5D,yEAAuD;AACvD,kFAAgE;AAChE,qEAAmD;AACnD,iFAA+D;AAC/D,gFAA8D;AAC9D,8EAA4D;AAC5D,gFAA8D;AAC9D,sEAAoD;AACpD,iFAA+D;AAC/D,+EAA6D;AAK7D,0DAAwC;AACxC,mEAAiD;AACjD,kEAAgD;AAChD,gEAA8C;AAC9C,iEAA+C;AAC/C,4EAA0D;AAE1D,oEAAkD;AAElD,4EAA0D;AAC1D,yEAAuD;AACvD,yEAAuD;AACvD,4EAA0D;~~AAK1D~~,oEAAkD;AAClD,gEAA8C;AAC9C,gEAA8C;AAC9C,8DAA4C;AAC5C,oEAAkD;~~AAKlD~~,8EAA4D;AAC5D,6EAA2D;AAC3D,2EAAyD;AACzD,mEAAiD;AACjD,4EAA0D;~~AAK1D~~,4DAA0C;AAC1C,+DAA6C;AAC7C,iEAA+C;AAC/C,oEAAkD;AAClD,sEAAoD;AACpD,0EAAwD;AACxD,mEAAiD;AAKjD,iEAA+C;AAG/C,+DAA6C;AAM7C,oDAAkC;AAClC,qDAAmC;AACnC,4DAA0C;AAC1C,qDAAmC;AACnC,4DAA0C;AAC1C,2DAAyC;AACzC,kEAAgD;AAChD,sEAAoD;AACpD,2DAAyC;AACzC,wEAAsD;AACtD,sEAAoD;AACpD,kEAAgD;AAChD,uEAAqD;AACrD,oEAAkD;AAClD,2EAAyD;AACzD,gEAA8C;AAC9C,8DAA4C;AAC5C,6DAA2C;AAC3C,+DAA6C;AAC7C,+DAA6C;AAC7C,yEAAuD;AACvD,iEAA+C;AAC/C,gEAA8C;AAC9C,6EAA2D;AAC3D,8DAA4C;AAC5C,qEAAmD;AACnD,6DAA2C;AAC3C,oEAAkD;AAKlD,sEAAoD;~~AAKpD~~,0DAAwC;~~AAKxC~~,gEAAuD;AAA9C,4GAAA,QAAQ,OAAA;AAKjB,wEAAsD;AACtD,uEAAqD;AACrD,gEAA8C;AAC9C,yEAAuD;AAKvD,iEAA+C;AAK/C,sDAAoC;AAKpC,2DAAyC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAYA,gDAA8B;AAC9B,8CAA4B;AAK5B,mEAAiD;AACjD,yEAAuD;AACvD,uEAAqD;AACrD,qEAAmD;AACnD,8EAA4D;AAC5D,yEAAuD;AACvD,kFAAgE;AAChE,qEAAmD;AACnD,iFAA+D;AAC/D,gFAA8D;AAC9D,8EAA4D;AAC5D,gFAA8D;AAC9D,sEAAoD;AACpD,iFAA+D;AAC/D,+EAA6D;AAC7D,2EAAyD;AACzD,0EAAwD;AACxD,wFAAsE;AACtE,6EAA2D;AAC3D,4EAA0D;AAC1D,iFAA+D;AAC/D,sEAAoD;AACpD,+EAA6D;AAK7D,0DAAwC;AACxC,mEAAiD;AACjD,kEAAgD;AAChD,gEAA8C;AAC9C,iEAA+C;AAC/C,4EAA0D;AAE1D,oEAAkD;AAElD,4EAA0D;AAC1D,yEAAuD;AACvD,yEAAuD;AACvD,4EAA0D;AAC1D,yEAAuD;AACvD,qEAAmD;AACnD,6EAA2D;AAC3D,wEAAsD;AAKtD,oEAAkD;AAClD,gEAA8C;AAC9C,gEAA8C;AAC9C,8DAA4C;AAC5C,oEAAkD;AAClD,mEAAiD;AACjD,iEAA+C;AAC/C,+DAA6C;AAK7C,8EAA4D;AAC5D,6EAA2D;AAC3D,2EAAyD;AACzD,mEAAiD;AACjD,4EAA0D;AAC1D,wEAAsD;AACtD,uEAAqD;AAKrD,4DAA0C;AAC1C,+DAA6C;AAC7C,iEAA+C;AAC/C,oEAAkD;AAClD,sEAAoD;AACpD,gEAA8C;AAC9C,0EAAwD;AACxD,mEAAiD;AAKjD,iEAA+C;AAG/C,+DAA6C;AAM7C,oDAAkC;AAClC,qDAAmC;AACnC,4DAA0C;AAC1C,qDAAmC;AACnC,4DAA0C;AAC1C,2DAAyC;AACzC,kEAAgD;AAChD,sEAAoD;AACpD,2DAAyC;AACzC,wEAAsD;AACtD,sEAAoD;AACpD,kEAAgD;AAChD,uEAAqD;AACrD,oEAAkD;AAClD,2EAAyD;AACzD,gEAA8C;AAC9C,8DAA4C;AAC5C,6DAA2C;AAC3C,+DAA6C;AAC7C,+DAA6C;AAC7C,yEAAuD;AACvD,iEAA+C;AAC/C,gEAA8C;AAC9C,6EAA2D;AAC3D,8DAA4C;AAC5C,qEAAmD;AACnD,6DAA2C;AAC3C,oEAAkD;AAKlD,sEAAoD;AACpD,gEAA8C;AAC9C,yEAAuD;AACvD,qEAAmD;AACnD,6EAA2D;AAC3D,wEAAsD;AACtD,wEAAsD;AAKtD,0DAAwC;AACxC,wDAAsC;AACtC,4DAA0C;AAC1C,6DAA2C;AAC3C,sDAAoC;AAKpC,gEAAuD;AAA9C,4GAAA,QAAQ,OAAA;AAKjB,wEAAsD;AACtD,uEAAqD;AACrD,gEAA8C;AAC9C,yEAAuD;AAKvD,iEAA+C;AAK/C,sDAAoC;AAKpC,2DAAyC;AACzC,yDAAuC;AACvC,sDAAoC;AACpC,4DAA0C;AAC1C,0DAAwC"}

package/dist/interfaces/api-key-repository.interface.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+export interface IApiKeyAccount {
+    id: string;
+    email: string;
+    isActive: boolean;
+    isServiceAccount: boolean;
+    metadata: Record<string, unknown>;
+}
+export interface IApiKeyRepository {
+    findByKeyHash(keyHash: string): Promise<IApiKeyAccount | null>;
+}
+//# sourceMappingURL=api-key-repository.interface.d.ts.map

package/dist/interfaces/api-key-repository.interface.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"api-key-repository.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/api-key-repository.interface.ts"],"names":[],"mappings":"AAkDA,MAAM,WAAW,cAAc;IAE7B,EAAE,EAAE,MAAM,CAAC;IAGX,KAAK,EAAE,MAAM,CAAC;IAGd,QAAQ,EAAE,OAAO,CAAC;IAGlB,gBAAgB,EAAE,OAAO,CAAC;IAG1B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAQD,MAAM,WAAW,iBAAiB;IAOhC,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;CAChE"}

package/dist/interfaces/api-key-repository.interface.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=api-key-repository.interface.js.map

package/dist/interfaces/api-key-repository.interface.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"api-key-repository.interface.js","sourceRoot":"","sources":["../../src/interfaces/api-key-repository.interface.ts"],"names":[],"mappings":""}

package/dist/interfaces/auth-lifecycle-hooks.interface.d.ts CHANGED Viewed

@@ -6,6 +6,8 @@ export interface IAuthLifecycleHooks<T extends import('./auth-user.interface').I
     onPhoneVerified?(user: T): Promise<void>;
     onOAuthAccountLinked?(user: T, provider: string): Promise<void>;
     onPasswordReset?(user: T): Promise<void>;
+    onPasswordChanged?(user: T): Promise<void>;
+    onAuthFailure?(email: string, ipAddress: string | undefined, reason: string): void;
     onAccountDelete?(user: T): Promise<void>;
 }
 //# sourceMappingURL=auth-lifecycle-hooks.interface.d.ts.map

package/dist/interfaces/auth-lifecycle-hooks.interface.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth-lifecycle-hooks.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/auth-lifecycle-hooks.interface.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,mBAAmB,CAAC,CAAC,SAAS,OAAO,uBAAuB,EAAE,SAAS,GAAG,OAAO,uBAAuB,EAAE,SAAS;IAOlI,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMlC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMjC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMlC,eAAe,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMzC,eAAe,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMzC,oBAAoB,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMhE,eAAe,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMzC,eAAe,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1C"}
1	+ {"version":3,"file":"auth-lifecycle-hooks.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/auth-lifecycle-hooks.interface.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,mBAAmB,CAAC,CAAC,SAAS,OAAO,uBAAuB,EAAE,SAAS,GAAG,OAAO,uBAAuB,EAAE,SAAS;IAOlI,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMlC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMjC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMlC,eAAe,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMzC,eAAe,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMzC,oBAAoB,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMhE,eAAe,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMzC,iBAAiB,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAa3C,aAAa,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAMnF,eAAe,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1C"}

package/dist/interfaces/auth-user.interface.d.ts CHANGED Viewed

@@ -9,25 +9,43 @@ export declare enum UserStatus {
     SUSPENDED = "SUSPENDED",
     DELETED = "DELETED"
 }
-export interface IAuthUser {
+export interface IAuthUserCore {
     id: string;
     email: string;
     passwordHash: string | null;
     emailVerified: boolean;
-    emailVerifiedAt?: Date | null;
-    emailVerificationSentAt?: Date | null;
+    provider?: string;
+    createdAt: Date;
+    updatedAt: Date;
+    deletedAt?: Date | null;
+}
+export interface IAuthUserOAuth {
+    providerId?: string | null;
+    googleId?: string | null;
+    facebookId?: string | null;
+    appleId?: string | null;
+}
+export interface IAuthUserPhone {
     phoneNumber?: string | null;
     phoneVerified?: boolean;
     phoneVerifiedAt?: Date | null;
     phoneVerificationSentAt?: Date | null;
+}
+export interface IAuthUserSecurity {
+    failedLoginAttempts?: number;
+    lockedUntil?: Date | null;
+    lastLoginAt?: Date | null;
+    status: string;
+}
+export interface IAuthUserVerification {
+    emailVerifiedAt?: Date | null;
+    emailVerificationSentAt?: Date | null;
     passwordResetSentAt?: Date | null;
+}
+export interface IAuthUserProfile {
     name?: string | null;
-    provider: AuthProvider;
-    providerId?: string | null;
-    status: UserStatus;
-    lastLoginAt?: Date | null;
-    createdAt: Date;
-    updatedAt: Date;
-    deletedAt?: Date | null;
+}
+export interface IAuthUser extends IAuthUserCore, IAuthUserSecurity, IAuthUserVerification, IAuthUserProfile, Partial<IAuthUserOAuth>, Partial<IAuthUserPhone> {
+    provider: AuthProvider | string;
 }
 //# sourceMappingURL=auth-user.interface.d.ts.map

package/dist/interfaces/auth-user.interface.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth-user.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/auth-user.interface.ts"],"names":[],"mappings":"~~AAGA~~,oBAAY,YAAY;IACtB,KAAK,UAAU;IACf,MAAM,WAAW;IACjB,QAAQ,aAAa;IACrB,KAAK,UAAU;CAChB;~~AAKD~~,oBAAY,UAAU;IACpB,MAAM,WAAW;IACjB,SAAS,cAAc;IACvB,OAAO,YAAY;CACpB;~~AAmBD~~,MAAM,WAAW,~~SAAS~~;~~IAOxB~~,EAAE,EAAE,MAAM,CAAC;~~IAUX~~,KAAK,EAAE,MAAM,CAAC;~~IAmBd~~,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;~~IAY5B~~,aAAa,EAAE,OAAO,CAAC;~~IAUvB~~,~~eAAe~~,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;~~IAkB9B~~,~~uBAAuB~~,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;~~IAkBtC~~,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;~~IAW5B~~,aAAa,CAAC,EAAE,OAAO,CAAC;~~IASxB~~,eAAe,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;~~IAU9B~~,uBAAuB,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;~~IA2BtC~~,mBAAmB,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;~~IASlC~~,~~IAAI~~,CAAC,EAAE,~~MAAM~~,GAAG,IAAI,CAAC;~~IAsBrB~~,~~QAAQ~~,EAAE,~~YAAY~~,CAAC;~~IAgCvB~~,~~UAAU~~,CAAC,EAAE,~~MAAM~~,GAAG,IAAI,CAAC;~~IAsB3B~~,~~MAAM~~,EAAE,~~UAAU~~,CAAC;~~IAkBnB~~,~~WAAW~~,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;~~IAS1B~~,~~SAAS~~,~~EAAE~~,IAAI,CAAC~~;IAShB~~,~~SAAS,~~EAAE,IAAI,CAAC;~~IAsBhB~~,~~SAAS~~,CAAC,EAAE,~~IAAI~~,GAAG,~~IAAI~~,CAAC;~~CACzB~~"}
1	+ {"version":3,"file":"auth-user.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/auth-user.interface.ts"],"names":[],"mappings":"AAOA,oBAAY,YAAY;IACtB,KAAK,UAAU;IACf,MAAM,WAAW;IACjB,QAAQ,aAAa;IACrB,KAAK,UAAU;CAChB;AAUD,oBAAY,UAAU;IACpB,MAAM,WAAW;IACjB,SAAS,cAAc;IACvB,OAAO,YAAY;CACpB;AAaD,MAAM,WAAW,aAAa;IAE5B,EAAE,EAAE,MAAM,CAAC;IAGX,KAAK,EAAE,MAAM,CAAC;IAGd,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAG5B,aAAa,EAAE,OAAO,CAAC;IAQvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAGlB,SAAS,EAAE,IAAI,CAAC;IAGhB,SAAS,EAAE,IAAI,CAAC;IAGhB,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CACzB;AAQD,MAAM,WAAW,cAAc;IAE7B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAG3B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAGzB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAG3B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAOD,MAAM,WAAW,cAAc;IAE7B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAG5B,aAAa,CAAC,EAAE,OAAO,CAAC;IAGxB,eAAe,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAG9B,uBAAuB,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CACvC;AAOD,MAAM,WAAW,iBAAiB;IAEhC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAG7B,WAAW,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAG1B,WAAW,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAQ1B,MAAM,EAAE,MAAM,CAAC;CAChB;AAOD,MAAM,WAAW,qBAAqB;IAEpC,eAAe,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAG9B,uBAAuB,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAGtC,mBAAmB,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CACnC;AAKD,MAAM,WAAW,gBAAgB;IAE/B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAgCD,MAAM,WAAW,SACf,SAAQ,aAAa,EACnB,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,OAAO,CAAC,cAAc,CAAC,EACvB,OAAO,CAAC,cAAc,CAAC;IAKzB,QAAQ,EAAE,YAAY,GAAG,MAAM,CAAC;CACjC"}