@aranzatech/aranza-auth 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +17 -2
- package/README.md +16 -8
- package/dist/{chunk-DKYNHXY2.js → chunk-JLRBMDLH.js} +5 -5
- package/dist/chunk-JLRBMDLH.js.map +1 -0
- package/dist/index.cjs +127 -118
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +5 -3
- package/dist/index.d.ts +5 -3
- package/dist/index.js +127 -118
- package/dist/index.js.map +1 -1
- package/dist/mongo/index.cjs +10 -10
- package/dist/mongo/index.cjs.map +1 -1
- package/dist/mongo/index.js +9 -9
- package/dist/mongo/index.js.map +1 -1
- package/package.json +4 -4
- package/dist/chunk-DKYNHXY2.js.map +0 -1
package/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,20 @@ Format based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## [0.1.1] - 2026-07-03
|
|
10
|
+
|
|
11
|
+
### Fixed
|
|
12
|
+
|
|
13
|
+
- **DI en bundle tsup**: tokens de inyección como strings (estables entre entry points `index` y `mongo`).
|
|
14
|
+
- **`@Inject()` explícito** en `TokenService`, `AuthService` y `AuthController` (metadata de decorators en dist).
|
|
15
|
+
- **Schema Mongo**: `@Prop({ type: String | Date | Boolean })` explícito — evita `CannotDetermineTypeError` en runtime.
|
|
16
|
+
- **`JwtAuthGuard`**: devuelve `401 Unauthorized` cuando no hay token (antes `500`).
|
|
17
|
+
- Índices duplicados en email/username del schema base.
|
|
18
|
+
|
|
19
|
+
### Changed
|
|
20
|
+
|
|
21
|
+
- Documentación: `MongoAuthModule.forFeature()` debe importarse **dentro** de `AuthModule.forRootAsync({ imports })`.
|
|
22
|
+
|
|
9
23
|
## [0.1.0] - 2026-07-03
|
|
10
24
|
|
|
11
25
|
First public release.
|
|
@@ -36,5 +50,6 @@ First public release.
|
|
|
36
50
|
- Tokens de verificación/reset hasheados (SHA-256) con TTL configurable.
|
|
37
51
|
- Build dual ESM/CJS con types (`tsup`), tests (`vitest`), CI GitHub Actions.
|
|
38
52
|
|
|
39
|
-
[Unreleased]: https://github.com/
|
|
40
|
-
[0.1.
|
|
53
|
+
[Unreleased]: https://github.com/aranzatech/aranza-auth/compare/v0.1.1...HEAD
|
|
54
|
+
[0.1.1]: https://github.com/aranzatech/aranza-auth/compare/v0.1.0...v0.1.1
|
|
55
|
+
[0.1.0]: https://github.com/aranzatech/aranza-auth/releases/tag/v0.1.0
|
package/README.md
CHANGED
|
@@ -68,9 +68,8 @@ import { MongoAuthModule } from "@aranzatech/aranza-auth/mongo";
|
|
|
68
68
|
imports: [
|
|
69
69
|
ConfigModule.forRoot({ isGlobal: true }),
|
|
70
70
|
MongooseModule.forRoot(process.env.MONGODB_URI!),
|
|
71
|
-
MongoAuthModule.forFeature(),
|
|
72
71
|
AuthModule.forRootAsync({
|
|
73
|
-
imports: [ConfigModule],
|
|
72
|
+
imports: [ConfigModule, MongoAuthModule.forFeature()],
|
|
74
73
|
inject: [ConfigService],
|
|
75
74
|
useFactory: (config: ConfigService) => ({
|
|
76
75
|
secret: config.getOrThrow("JWT_SECRET"),
|
|
@@ -167,13 +166,22 @@ AuthModule.forRootAsync({
|
|
|
167
166
|
|
|
168
167
|
### Orden de imports
|
|
169
168
|
|
|
170
|
-
`MongoAuthModule.forFeature()` debe importarse **
|
|
169
|
+
`MongoAuthModule.forFeature()` debe importarse **dentro** de `AuthModule.forRootAsync`:
|
|
170
|
+
|
|
171
|
+
```typescript
|
|
172
|
+
AuthModule.forRootAsync({
|
|
173
|
+
imports: [ConfigModule, MongoAuthModule.forFeature()],
|
|
174
|
+
// ...
|
|
175
|
+
}),
|
|
176
|
+
```
|
|
171
177
|
|
|
172
178
|
```typescript
|
|
173
179
|
imports: [
|
|
174
180
|
MongooseModule.forRoot(...),
|
|
175
|
-
|
|
176
|
-
|
|
181
|
+
AuthModule.forRootAsync({
|
|
182
|
+
imports: [MongoAuthModule.forFeature(), ConfigModule],
|
|
183
|
+
// ...
|
|
184
|
+
}),
|
|
177
185
|
]
|
|
178
186
|
```
|
|
179
187
|
|
|
@@ -436,8 +444,8 @@ import { AUTH_MODULE_OPTIONS, AUTH_HOOKS, AUTH_REPOSITORY } from "@aranzatech/ar
|
|
|
436
444
|
- [ ] NestJS 11+
|
|
437
445
|
- [ ] `ValidationPipe` global activo
|
|
438
446
|
- [ ] `reflect-metadata` importado al inicio de `main.ts`
|
|
439
|
-
- [ ] MongoDB conectado via `@nestjs/mongoose`
|
|
440
|
-
- [ ] `MongoAuthModule.forFeature()` importado
|
|
447
|
+
- [ ] MongoDB conectado via `@nestjs/mongoose` (**mongoose@8** recomendado)
|
|
448
|
+
- [ ] `MongoAuthModule.forFeature()` importado **dentro** de `AuthModule.forRootAsync({ imports })`
|
|
441
449
|
- [ ] Secrets JWT distintos para access y refresh
|
|
442
450
|
- [ ] Si usas features de email: implementar `AuthHooks.sendEmail`
|
|
443
451
|
|
|
@@ -465,4 +473,4 @@ import { AUTH_MODULE_OPTIONS, AUTH_HOOKS, AUTH_REPOSITORY } from "@aranzatech/ar
|
|
|
465
473
|
|
|
466
474
|
## Licencia
|
|
467
475
|
|
|
468
|
-
MIT © [AranzaTech](https://github.com/
|
|
476
|
+
MIT © [AranzaTech](https://github.com/aranzatech)
|
|
@@ -11,9 +11,9 @@ var __decorateClass = (decorators, target, key, kind) => {
|
|
|
11
11
|
var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
|
|
12
12
|
|
|
13
13
|
// src/constants/tokens.ts
|
|
14
|
-
var AUTH_MODULE_OPTIONS =
|
|
15
|
-
var AUTH_HOOKS =
|
|
16
|
-
var AUTH_REPOSITORY =
|
|
14
|
+
var AUTH_MODULE_OPTIONS = "AUTH_MODULE_OPTIONS";
|
|
15
|
+
var AUTH_HOOKS = "AUTH_HOOKS";
|
|
16
|
+
var AUTH_REPOSITORY = "AUTH_REPOSITORY";
|
|
17
17
|
|
|
18
18
|
// src/utils/identifier.util.ts
|
|
19
19
|
function normalizeIdentifier(value) {
|
|
@@ -32,5 +32,5 @@ function readAccountIdentifier(account, field) {
|
|
|
32
32
|
}
|
|
33
33
|
|
|
34
34
|
export { AUTH_HOOKS, AUTH_MODULE_OPTIONS, AUTH_REPOSITORY, __decorateClass, __decorateParam, normalizeIdentifier, readAccountIdentifier, resolveRegisterIdentifier };
|
|
35
|
-
//# sourceMappingURL=chunk-
|
|
36
|
-
//# sourceMappingURL=chunk-
|
|
35
|
+
//# sourceMappingURL=chunk-JLRBMDLH.js.map
|
|
36
|
+
//# sourceMappingURL=chunk-JLRBMDLH.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/constants/tokens.ts","../src/utils/identifier.util.ts"],"names":[],"mappings":";;;;;;;;;;;;;AACO,IAAM,mBAAA,GAAsB;AAC5B,IAAM,UAAA,GAAa;AACnB,IAAM,eAAA,GAAkB;;;ACAxB,SAAS,oBAAoB,KAAA,EAAuB;AACzD,EAAA,OAAO,KAAA,CAAM,IAAA,EAAK,CAAE,WAAA,EAAY;AAClC;AAEO,SAAS,yBAAA,CACd,OACA,KAAA,EACQ;AACR,EAAA,MAAM,KAAA,GAAQ,KAAA,KAAU,OAAA,GAAU,KAAA,CAAM,QAAQ,KAAA,CAAM,QAAA;AACtD,EAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,wBAAA,EAA2B,KAAK,CAAA,CAAE,CAAA;AAAA,EACpD;AACA,EAAA,OAAO,oBAAoB,KAAK,CAAA;AAClC;AAEO,SAAS,qBAAA,CACd,SACA,KAAA,EACoB;AACpB,EAAA,MAAM,KAAA,GAAQ,KAAA,KAAU,OAAA,GAAU,OAAA,CAAQ,QAAQ,OAAA,CAAQ,QAAA;AAC1D,EAAA,OAAO,KAAA,IAAS,IAAA,GAAO,mBAAA,CAAoB,KAAK,CAAA,GAAI,MAAA;AACtD","file":"chunk-JLRBMDLH.js","sourcesContent":["/** String tokens — stable across tsup entry points (index + mongo). */\nexport const AUTH_MODULE_OPTIONS = \"AUTH_MODULE_OPTIONS\";\nexport const AUTH_HOOKS = \"AUTH_HOOKS\";\nexport const AUTH_REPOSITORY = \"AUTH_REPOSITORY\";\n","import type { AuthIdentifierField } from \"../interfaces/auth-config.interface\";\nimport type { BaseAuthAccount, RegisterInput } from \"../interfaces/auth-hooks.interface\";\n\nexport function normalizeIdentifier(value: string): string {\n return value.trim().toLowerCase();\n}\n\nexport function resolveRegisterIdentifier(\n input: RegisterInput,\n field: AuthIdentifierField,\n): string {\n const value = field === \"email\" ? input.email : input.username;\n if (value == null || value.trim() === \"\") {\n throw new Error(`Register input requires ${field}`);\n }\n return normalizeIdentifier(value);\n}\n\nexport function readAccountIdentifier(\n account: BaseAuthAccount,\n field: AuthIdentifierField,\n): string | undefined {\n const value = field === \"email\" ? account.email : account.username;\n return value != null ? normalizeIdentifier(value) : undefined;\n}\n"]}
|
package/dist/index.cjs
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
var common = require('@nestjs/common');
|
|
4
4
|
var jwt = require('@nestjs/jwt');
|
|
5
5
|
var passport = require('@nestjs/passport');
|
|
6
|
-
var
|
|
6
|
+
var bcrypt2 = require('bcryptjs');
|
|
7
7
|
var crypto = require('crypto');
|
|
8
8
|
var passportJwt = require('passport-jwt');
|
|
9
9
|
var classValidator = require('class-validator');
|
|
@@ -26,7 +26,7 @@ function _interopNamespace(e) {
|
|
|
26
26
|
return Object.freeze(n);
|
|
27
27
|
}
|
|
28
28
|
|
|
29
|
-
var
|
|
29
|
+
var bcrypt2__namespace = /*#__PURE__*/_interopNamespace(bcrypt2);
|
|
30
30
|
|
|
31
31
|
var __defProp = Object.defineProperty;
|
|
32
32
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
@@ -46,88 +46,21 @@ var CurrentUser = common.createParamDecorator(
|
|
|
46
46
|
}
|
|
47
47
|
);
|
|
48
48
|
exports.JwtAuthGuard = class JwtAuthGuard extends passport.AuthGuard("jwt") {
|
|
49
|
+
handleRequest(err, user, _info) {
|
|
50
|
+
if (err != null || user == null) {
|
|
51
|
+
throw err ?? new common.UnauthorizedException();
|
|
52
|
+
}
|
|
53
|
+
return user;
|
|
54
|
+
}
|
|
49
55
|
};
|
|
50
56
|
exports.JwtAuthGuard = __decorateClass([
|
|
51
57
|
common.Injectable()
|
|
52
58
|
], exports.JwtAuthGuard);
|
|
53
59
|
|
|
54
|
-
// src/controllers/auth.controller.ts
|
|
55
|
-
var AuthController = class {
|
|
56
|
-
constructor(authService) {
|
|
57
|
-
this.authService = authService;
|
|
58
|
-
}
|
|
59
|
-
register(dto) {
|
|
60
|
-
return this.authService.register(dto);
|
|
61
|
-
}
|
|
62
|
-
login(dto) {
|
|
63
|
-
return this.authService.login(dto);
|
|
64
|
-
}
|
|
65
|
-
refresh(dto) {
|
|
66
|
-
return this.authService.refresh(dto.refreshToken);
|
|
67
|
-
}
|
|
68
|
-
logout(user) {
|
|
69
|
-
return this.authService.logout(user.sub);
|
|
70
|
-
}
|
|
71
|
-
me(user) {
|
|
72
|
-
return this.authService.me(user.sub);
|
|
73
|
-
}
|
|
74
|
-
verifyEmail(dto) {
|
|
75
|
-
return this.authService.verifyEmail(dto.token);
|
|
76
|
-
}
|
|
77
|
-
forgotPassword(dto) {
|
|
78
|
-
return this.authService.forgotPassword(dto.email);
|
|
79
|
-
}
|
|
80
|
-
resetPassword(dto) {
|
|
81
|
-
return this.authService.resetPassword(dto.token, dto.newPassword);
|
|
82
|
-
}
|
|
83
|
-
};
|
|
84
|
-
__decorateClass([
|
|
85
|
-
common.Post("register"),
|
|
86
|
-
__decorateParam(0, common.Body())
|
|
87
|
-
], AuthController.prototype, "register", 1);
|
|
88
|
-
__decorateClass([
|
|
89
|
-
common.Post("login"),
|
|
90
|
-
__decorateParam(0, common.Body())
|
|
91
|
-
], AuthController.prototype, "login", 1);
|
|
92
|
-
__decorateClass([
|
|
93
|
-
common.Post("refresh"),
|
|
94
|
-
common.HttpCode(common.HttpStatus.OK),
|
|
95
|
-
__decorateParam(0, common.Body())
|
|
96
|
-
], AuthController.prototype, "refresh", 1);
|
|
97
|
-
__decorateClass([
|
|
98
|
-
common.Post("logout"),
|
|
99
|
-
common.UseGuards(exports.JwtAuthGuard),
|
|
100
|
-
common.HttpCode(common.HttpStatus.OK),
|
|
101
|
-
__decorateParam(0, CurrentUser())
|
|
102
|
-
], AuthController.prototype, "logout", 1);
|
|
103
|
-
__decorateClass([
|
|
104
|
-
common.Get("me"),
|
|
105
|
-
common.UseGuards(exports.JwtAuthGuard),
|
|
106
|
-
__decorateParam(0, CurrentUser())
|
|
107
|
-
], AuthController.prototype, "me", 1);
|
|
108
|
-
__decorateClass([
|
|
109
|
-
common.Post("verify-email"),
|
|
110
|
-
common.HttpCode(common.HttpStatus.OK),
|
|
111
|
-
__decorateParam(0, common.Body())
|
|
112
|
-
], AuthController.prototype, "verifyEmail", 1);
|
|
113
|
-
__decorateClass([
|
|
114
|
-
common.Post("forgot-password"),
|
|
115
|
-
common.HttpCode(common.HttpStatus.OK),
|
|
116
|
-
__decorateParam(0, common.Body())
|
|
117
|
-
], AuthController.prototype, "forgotPassword", 1);
|
|
118
|
-
__decorateClass([
|
|
119
|
-
common.Post("reset-password"),
|
|
120
|
-
common.HttpCode(common.HttpStatus.OK),
|
|
121
|
-
__decorateParam(0, common.Body())
|
|
122
|
-
], AuthController.prototype, "resetPassword", 1);
|
|
123
|
-
AuthController = __decorateClass([
|
|
124
|
-
common.Controller("auth")
|
|
125
|
-
], AuthController);
|
|
126
|
-
|
|
127
60
|
// src/constants/tokens.ts
|
|
128
|
-
var AUTH_MODULE_OPTIONS =
|
|
129
|
-
var AUTH_HOOKS =
|
|
130
|
-
var AUTH_REPOSITORY =
|
|
61
|
+
var AUTH_MODULE_OPTIONS = "AUTH_MODULE_OPTIONS";
|
|
62
|
+
var AUTH_HOOKS = "AUTH_HOOKS";
|
|
63
|
+
var AUTH_REPOSITORY = "AUTH_REPOSITORY";
|
|
131
64
|
exports.DefaultAuthHooks = class DefaultAuthHooks {
|
|
132
65
|
async buildJwtPayload(account) {
|
|
133
66
|
return {
|
|
@@ -190,6 +123,49 @@ function expiresAtFromTtlMs(ttlMs) {
|
|
|
190
123
|
}
|
|
191
124
|
var DEFAULT_EMAIL_VERIFICATION_TTL_MS = 24 * 60 * 60 * 1e3;
|
|
192
125
|
var DEFAULT_PASSWORD_RESET_TTL_MS = 15 * 60 * 1e3;
|
|
126
|
+
exports.TokenService = class TokenService {
|
|
127
|
+
constructor(jwtService, options) {
|
|
128
|
+
this.jwtService = jwtService;
|
|
129
|
+
this.options = options;
|
|
130
|
+
}
|
|
131
|
+
async signTokens(payload) {
|
|
132
|
+
const accessExpiresIn = this.options.expiresIn ?? "1h";
|
|
133
|
+
const refreshExpiresIn = this.options.refreshExpiresIn ?? "7d";
|
|
134
|
+
const [accessToken, refreshToken] = await Promise.all([
|
|
135
|
+
this.jwtService.signAsync(
|
|
136
|
+
payload,
|
|
137
|
+
{
|
|
138
|
+
secret: this.options.secret,
|
|
139
|
+
expiresIn: accessExpiresIn
|
|
140
|
+
}
|
|
141
|
+
),
|
|
142
|
+
this.jwtService.signAsync(
|
|
143
|
+
payload,
|
|
144
|
+
{
|
|
145
|
+
secret: this.options.refreshSecret,
|
|
146
|
+
expiresIn: refreshExpiresIn
|
|
147
|
+
}
|
|
148
|
+
)
|
|
149
|
+
]);
|
|
150
|
+
return { accessToken, refreshToken };
|
|
151
|
+
}
|
|
152
|
+
async verifyRefreshToken(refreshToken) {
|
|
153
|
+
return this.jwtService.verifyAsync(refreshToken, {
|
|
154
|
+
secret: this.options.refreshSecret
|
|
155
|
+
});
|
|
156
|
+
}
|
|
157
|
+
async hashRefreshToken(refreshToken) {
|
|
158
|
+
return bcrypt2__namespace.hash(refreshToken, 10);
|
|
159
|
+
}
|
|
160
|
+
async compareRefreshToken(refreshToken, hash3) {
|
|
161
|
+
return bcrypt2__namespace.compare(refreshToken, hash3);
|
|
162
|
+
}
|
|
163
|
+
};
|
|
164
|
+
exports.TokenService = __decorateClass([
|
|
165
|
+
common.Injectable(),
|
|
166
|
+
__decorateParam(0, common.Inject(jwt.JwtService)),
|
|
167
|
+
__decorateParam(1, common.Inject(AUTH_MODULE_OPTIONS))
|
|
168
|
+
], exports.TokenService);
|
|
193
169
|
|
|
194
170
|
// src/services/auth.service.ts
|
|
195
171
|
exports.AuthService = class AuthService {
|
|
@@ -228,7 +204,7 @@ exports.AuthService = class AuthService {
|
|
|
228
204
|
await this.hooks.onBeforeRegister?.(input);
|
|
229
205
|
resolveRegisterIdentifier(input, this.identifierField);
|
|
230
206
|
this.assertRegisterEmailWhenVerificationEnabled(input);
|
|
231
|
-
const passwordHash = await
|
|
207
|
+
const passwordHash = await bcrypt2__namespace.hash(dto.password, 10);
|
|
232
208
|
try {
|
|
233
209
|
const account = await this.authRepository.create({
|
|
234
210
|
...input,
|
|
@@ -256,7 +232,7 @@ exports.AuthService = class AuthService {
|
|
|
256
232
|
throw new common.UnauthorizedException("Invalid credentials");
|
|
257
233
|
}
|
|
258
234
|
this.assertAccountActive(account);
|
|
259
|
-
const passwordMatches = await
|
|
235
|
+
const passwordMatches = await bcrypt2__namespace.compare(
|
|
260
236
|
dto.password,
|
|
261
237
|
account.passwordHash
|
|
262
238
|
);
|
|
@@ -333,7 +309,7 @@ exports.AuthService = class AuthService {
|
|
|
333
309
|
if (account == null) {
|
|
334
310
|
throw new common.BadRequestException("TOKEN_INVALID_OR_EXPIRED");
|
|
335
311
|
}
|
|
336
|
-
const passwordHash = await
|
|
312
|
+
const passwordHash = await bcrypt2__namespace.hash(newPassword, 10);
|
|
337
313
|
await this.authRepository.updatePasswordHash(account.id, passwordHash);
|
|
338
314
|
await this.authRepository.clearResetToken(account.id);
|
|
339
315
|
await this.authRepository.updateRefreshTokenHash(account.id, null);
|
|
@@ -427,50 +403,83 @@ exports.AuthService = __decorateClass([
|
|
|
427
403
|
common.Injectable(),
|
|
428
404
|
__decorateParam(0, common.Inject(AUTH_REPOSITORY)),
|
|
429
405
|
__decorateParam(1, common.Inject(AUTH_MODULE_OPTIONS)),
|
|
430
|
-
__decorateParam(2, common.Inject(AUTH_HOOKS))
|
|
406
|
+
__decorateParam(2, common.Inject(AUTH_HOOKS)),
|
|
407
|
+
__decorateParam(3, common.Inject(exports.TokenService))
|
|
431
408
|
], exports.AuthService);
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
409
|
+
|
|
410
|
+
// src/controllers/auth.controller.ts
|
|
411
|
+
var AuthController = class {
|
|
412
|
+
constructor(authService) {
|
|
413
|
+
this.authService = authService;
|
|
436
414
|
}
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
const refreshExpiresIn = this.options.refreshExpiresIn ?? "7d";
|
|
440
|
-
const [accessToken, refreshToken] = await Promise.all([
|
|
441
|
-
this.jwtService.signAsync(
|
|
442
|
-
payload,
|
|
443
|
-
{
|
|
444
|
-
secret: this.options.secret,
|
|
445
|
-
expiresIn: accessExpiresIn
|
|
446
|
-
}
|
|
447
|
-
),
|
|
448
|
-
this.jwtService.signAsync(
|
|
449
|
-
payload,
|
|
450
|
-
{
|
|
451
|
-
secret: this.options.refreshSecret,
|
|
452
|
-
expiresIn: refreshExpiresIn
|
|
453
|
-
}
|
|
454
|
-
)
|
|
455
|
-
]);
|
|
456
|
-
return { accessToken, refreshToken };
|
|
415
|
+
register(dto) {
|
|
416
|
+
return this.authService.register(dto);
|
|
457
417
|
}
|
|
458
|
-
|
|
459
|
-
return this.
|
|
460
|
-
secret: this.options.refreshSecret
|
|
461
|
-
});
|
|
418
|
+
login(dto) {
|
|
419
|
+
return this.authService.login(dto);
|
|
462
420
|
}
|
|
463
|
-
|
|
464
|
-
return
|
|
421
|
+
refresh(dto) {
|
|
422
|
+
return this.authService.refresh(dto.refreshToken);
|
|
465
423
|
}
|
|
466
|
-
|
|
467
|
-
return
|
|
424
|
+
logout(user) {
|
|
425
|
+
return this.authService.logout(user.sub);
|
|
426
|
+
}
|
|
427
|
+
me(user) {
|
|
428
|
+
return this.authService.me(user.sub);
|
|
429
|
+
}
|
|
430
|
+
verifyEmail(dto) {
|
|
431
|
+
return this.authService.verifyEmail(dto.token);
|
|
432
|
+
}
|
|
433
|
+
forgotPassword(dto) {
|
|
434
|
+
return this.authService.forgotPassword(dto.email);
|
|
435
|
+
}
|
|
436
|
+
resetPassword(dto) {
|
|
437
|
+
return this.authService.resetPassword(dto.token, dto.newPassword);
|
|
468
438
|
}
|
|
469
439
|
};
|
|
470
|
-
|
|
471
|
-
common.
|
|
472
|
-
__decorateParam(
|
|
473
|
-
],
|
|
440
|
+
__decorateClass([
|
|
441
|
+
common.Post("register"),
|
|
442
|
+
__decorateParam(0, common.Body())
|
|
443
|
+
], AuthController.prototype, "register", 1);
|
|
444
|
+
__decorateClass([
|
|
445
|
+
common.Post("login"),
|
|
446
|
+
__decorateParam(0, common.Body())
|
|
447
|
+
], AuthController.prototype, "login", 1);
|
|
448
|
+
__decorateClass([
|
|
449
|
+
common.Post("refresh"),
|
|
450
|
+
common.HttpCode(common.HttpStatus.OK),
|
|
451
|
+
__decorateParam(0, common.Body())
|
|
452
|
+
], AuthController.prototype, "refresh", 1);
|
|
453
|
+
__decorateClass([
|
|
454
|
+
common.Post("logout"),
|
|
455
|
+
common.UseGuards(exports.JwtAuthGuard),
|
|
456
|
+
common.HttpCode(common.HttpStatus.OK),
|
|
457
|
+
__decorateParam(0, CurrentUser())
|
|
458
|
+
], AuthController.prototype, "logout", 1);
|
|
459
|
+
__decorateClass([
|
|
460
|
+
common.Get("me"),
|
|
461
|
+
common.UseGuards(exports.JwtAuthGuard),
|
|
462
|
+
__decorateParam(0, CurrentUser())
|
|
463
|
+
], AuthController.prototype, "me", 1);
|
|
464
|
+
__decorateClass([
|
|
465
|
+
common.Post("verify-email"),
|
|
466
|
+
common.HttpCode(common.HttpStatus.OK),
|
|
467
|
+
__decorateParam(0, common.Body())
|
|
468
|
+
], AuthController.prototype, "verifyEmail", 1);
|
|
469
|
+
__decorateClass([
|
|
470
|
+
common.Post("forgot-password"),
|
|
471
|
+
common.HttpCode(common.HttpStatus.OK),
|
|
472
|
+
__decorateParam(0, common.Body())
|
|
473
|
+
], AuthController.prototype, "forgotPassword", 1);
|
|
474
|
+
__decorateClass([
|
|
475
|
+
common.Post("reset-password"),
|
|
476
|
+
common.HttpCode(common.HttpStatus.OK),
|
|
477
|
+
__decorateParam(0, common.Body())
|
|
478
|
+
], AuthController.prototype, "resetPassword", 1);
|
|
479
|
+
AuthController = __decorateClass([
|
|
480
|
+
common.Controller("auth"),
|
|
481
|
+
__decorateParam(0, common.Inject(exports.AuthService))
|
|
482
|
+
], AuthController);
|
|
474
483
|
var JwtStrategy = class extends passport.PassportStrategy(passportJwt.Strategy) {
|
|
475
484
|
constructor(options, authRepository) {
|
|
476
485
|
super({
|
package/dist/index.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/decorators/current-user.decorator.ts","../src/guards/jwt-auth.guard.ts","../src/controllers/auth.controller.ts","../src/constants/tokens.ts","../src/hooks/default-auth.hooks.ts","../src/utils/duplicate-key.util.ts","../src/utils/identifier.util.ts","../src/utils/token.util.ts","../src/services/auth.service.ts","../src/services/token.service.ts","../src/strategies/jwt.strategy.ts","../src/auth.module.ts","../src/dto/auth-tokens.dto.ts","../src/dto/forgot-password.dto.ts","../src/dto/login.dto.ts","../src/dto/refresh-token.dto.ts","../src/dto/register-ack.dto.ts","../src/dto/register.dto.ts","../src/dto/reset-password.dto.ts","../src/dto/verify-email.dto.ts"],"names":["createParamDecorator","JwtAuthGuard","AuthGuard","Injectable","Post","Body","HttpCode","HttpStatus","UseGuards","Get","Controller","DefaultAuthHooks","randomBytes","createHash","AuthService","BadRequestException","bcrypt","UnauthorizedException","NotFoundException","TokenService","bcrypt2","hash","Inject","PassportStrategy","Strategy","ExtractJwt","PassportModule","JwtModule","AuthModule","Module","IsEmail","IsOptional","IsString","Length","IsNotEmpty","Matches"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIO,IAAM,WAAA,GAAcA,2BAAA;AAAA,EACzB,CAAC,OAAgB,GAAA,KAA0C;AACzD,IAAA,MAAM,OAAA,GAAU,GAAA,CAAI,YAAA,EAAa,CAAE,UAAA,EAAqC;AACxE,IAAA,OAAO,OAAA,CAAQ,IAAA;AAAA,EACjB;AACF;ACLaC,oBAAA,GAAN,kBAAA,SAA2BC,kBAAA,CAAU,KAAK,CAAA,CAAE;AAAC;AAAvCD,oBAAA,GAAN,eAAA,CAAA;AAAA,EADNE,iBAAA;AAAW,CAAA,EACCF,oBAAA,CAAA;;;ACoBN,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAA6B,WAAA,EAA0B;AAA1B,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AAAA,EAA2B;AAAA,EAGxD,SAAiB,GAAA,EAA2C;AAC1D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,QAAA,CAAS,GAAG,CAAA;AAAA,EACtC;AAAA,EAGA,MAAc,GAAA,EAAuC;AACnD,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,KAAA,CAAM,GAAG,CAAA;AAAA,EACnC;AAAA,EAIA,QAAgB,GAAA,EAA8C;AAC5D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AAAA,EAClD;AAAA,EAKA,OAAsB,IAAA,EAAoD;AACxE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAAA,EACzC;AAAA,EAIA,GAAkB,IAAA,EAAwD;AACxE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,EAAA,CAAG,IAAA,CAAK,GAAG,CAAA;AAAA,EACrC;AAAA,EAKA,YAAoB,GAAA,EAAkD;AACpE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,WAAA,CAAY,GAAA,CAAI,KAAK,CAAA;AAAA,EAC/C;AAAA,EAKA,eAAuB,GAAA,EAAiD;AACtE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,cAAA,CAAe,GAAA,CAAI,KAAK,CAAA;AAAA,EAClD;AAAA,EAKA,cAAsB,GAAA,EAAiD;AACrE,IAAA,OAAO,KAAK,WAAA,CAAY,aAAA,CAAc,GAAA,CAAI,KAAA,EAAO,IAAI,WAAW,CAAA;AAAA,EAClE;AACF,CAAA;AAhDE,eAAA,CAAA;AAAA,EADCG,YAAK,UAAU,CAAA;AAAA,EACN,eAAA,CAAA,CAAA,EAAAC,WAAA,EAAK;AAAA,CAAA,EAJJ,cAAA,CAIX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EADCD,YAAK,OAAO,CAAA;AAAA,EACN,eAAA,CAAA,CAAA,EAAAC,WAAA,EAAK;AAAA,CAAA,EATD,cAAA,CASX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAFCD,YAAK,SAAS,CAAA;AAAA,EACdE,eAAA,CAASC,kBAAW,EAAE,CAAA;AAAA,EACd,eAAA,CAAA,CAAA,EAAAF,WAAA,EAAK;AAAA,CAAA,EAfH,cAAA,CAeX,SAAA,EAAA,SAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAHCD,YAAK,QAAQ,CAAA;AAAA,EACbI,iBAAUP,oBAAY,CAAA;AAAA,EACtBK,eAAA,CAASC,kBAAW,EAAE,CAAA;AAAA,EACf,eAAA,CAAA,CAAA,EAAA,WAAA,EAAY;AAAA,CAAA,EAtBT,cAAA,CAsBX,SAAA,EAAA,QAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAFCE,WAAI,IAAI,CAAA;AAAA,EACRD,iBAAUP,oBAAY,CAAA;AAAA,EACnB,eAAA,CAAA,CAAA,EAAA,WAAA,EAAY;AAAA,CAAA,EA5BL,cAAA,CA4BX,SAAA,EAAA,IAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFCG,YAAK,cAAc,CAAA;AAAA,EACnBE,eAAA,CAASC,kBAAW,EAAE,CAAA;AAAA,EACV,eAAA,CAAA,CAAA,EAAAF,WAAA,EAAK;AAAA,CAAA,EAnCP,cAAA,CAmCX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFCD,YAAK,iBAAiB,CAAA;AAAA,EACtBE,eAAA,CAASC,kBAAW,EAAE,CAAA;AAAA,EACP,eAAA,CAAA,CAAA,EAAAF,WAAA,EAAK;AAAA,CAAA,EA1CV,cAAA,CA0CX,SAAA,EAAA,gBAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFCD,YAAK,gBAAgB,CAAA;AAAA,EACrBE,eAAA,CAASC,kBAAW,EAAE,CAAA;AAAA,EACR,eAAA,CAAA,CAAA,EAAAF,WAAA,EAAK;AAAA,CAAA,EAjDT,cAAA,CAiDX,SAAA,EAAA,eAAA,EAAA,CAAA,CAAA;AAjDW,cAAA,GAAN,eAAA,CAAA;AAAA,EADNK,kBAAW,MAAM;AAAA,CAAA,EACL,cAAA,CAAA;;;ACxBN,IAAM,mBAAA,0BAA6B,qBAAqB;AACxD,IAAM,UAAA,0BAAoB,YAAY;AACtC,IAAM,eAAA,0BAAyB,iBAAiB;ACO1CC,2BAAN,sBAAA,CAA4C;AAAA,EACjD,MAAM,gBACJ,OAAA,EACkC;AAClC,IAAA,OAAO;AAAA,MACL,KAAK,OAAA,CAAQ,EAAA;AAAA,MACb,GAAI,QAAQ,KAAA,IAAS,IAAA,GAAO,EAAE,KAAA,EAAO,OAAA,CAAQ,KAAA,EAAM,GAAI,EAAC;AAAA,MACxD,GAAI,QAAQ,QAAA,IAAY,IAAA,GAAO,EAAE,QAAA,EAAU,OAAA,CAAQ,QAAA,EAAS,GAAI;AAAC,KACnE;AAAA,EACF;AAAA,EAEA,MAAM,SAAS,OAAA,EAA4D;AACzE,IAAA,OAAO;AAAA,MACL,IAAI,OAAA,CAAQ,EAAA;AAAA,MACZ,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,UAAU,OAAA,CAAQ,QAAA;AAAA,MAClB,eAAe,OAAA,CAAQ,aAAA;AAAA,MACvB,UAAU,OAAA,CAAQ;AAAA,KACpB;AAAA,EACF;AAAA,EAEA,MAAM,iBAAiB,MAAA,EAAsC;AAC3D,IAAA;AAAA,EACF;AAAA,EAEA,MAAM,gBAAgB,QAAA,EAA0C;AAC9D,IAAA;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,QAAA,EAA0C;AAC3D,IAAA;AAAA,EACF;AACF;AAhCaA,wBAAA,GAAN,eAAA,CAAA;AAAA,EADNR,iBAAAA;AAAW,CAAA,EACCQ,wBAAA,CAAA;;;ACTN,SAAS,oBAAoB,KAAA,EAAyB;AAC3D,EAAA,OACE,CAAC,CAAC,KAAA,IACF,OAAO,UAAU,QAAA,IACjB,MAAA,IAAU,KAAA,IACT,KAAA,CAA2B,IAAA,KAAS,IAAA;AAEzC;;;ACJO,SAAS,oBAAoB,KAAA,EAAuB;AACzD,EAAA,OAAO,KAAA,CAAM,IAAA,EAAK,CAAE,WAAA,EAAY;AAClC;AAEO,SAAS,yBAAA,CACd,OACA,KAAA,EACQ;AACR,EAAA,MAAM,KAAA,GAAQ,KAAA,KAAU,OAAA,GAAU,KAAA,CAAM,QAAQ,KAAA,CAAM,QAAA;AACtD,EAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,wBAAA,EAA2B,KAAK,CAAA,CAAE,CAAA;AAAA,EACpD;AACA,EAAA,OAAO,oBAAoB,KAAK,CAAA;AAClC;AAEO,SAAS,qBAAA,CACd,SACA,KAAA,EACoB;AACpB,EAAA,MAAM,KAAA,GAAQ,KAAA,KAAU,OAAA,GAAU,OAAA,CAAQ,QAAQ,OAAA,CAAQ,QAAA;AAC1D,EAAA,OAAO,KAAA,IAAS,IAAA,GAAO,mBAAA,CAAoB,KAAK,CAAA,GAAI,MAAA;AACtD;ACtBO,SAAS,gBAAA,CAAiB,aAAa,EAAA,EAAY;AACxD,EAAA,OAAOC,kBAAA,CAAY,UAAU,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AAC/C;AAEO,SAAS,UAAU,KAAA,EAAuB;AAC/C,EAAA,OAAOC,kBAAW,QAAQ,CAAA,CAAE,OAAO,KAAK,CAAA,CAAE,OAAO,KAAK,CAAA;AACxD;AAEO,SAAS,mBAAmB,KAAA,EAAqB;AACtD,EAAA,OAAO,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,KAAK,CAAA;AACpC;AAGO,IAAM,iCAAA,GAAoC,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAGzD,IAAM,6BAAA,GAAgC,KAAK,EAAA,GAAK,GAAA;;;ACuB1CC,sBAAN,iBAAA,CAAkB;AAAA,EACvB,WAAA,CAEmB,cAAA,EAEA,OAAA,EAEA,KAAA,EACA,YAAA,EACjB;AANiB,IAAA,IAAA,CAAA,cAAA,GAAA,cAAA;AAEA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AACA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AAAA,EAChB;AAAA,EAEH,IAAY,eAAA,GAAkB;AAC5B,IAAA,OAAO,IAAA,CAAK,QAAQ,eAAA,IAAmB,OAAA;AAAA,EACzC;AAAA,EAEA,IAAY,wBAAA,GAA2B;AACrC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,iBAAA,KAAsB,IAAA;AAAA,EACtD;AAAA,EAEA,IAAY,oBAAA,GAAuB;AACjC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,aAAA,KAAkB,IAAA;AAAA,EAClD;AAAA,EAEA,IAAY,kBAAA,GAAqB;AAC/B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,oBAAA,KAAyB,KAAA;AAAA,EACzD;AAAA,EAEQ,uBAAuB,GAAA,EAAuB;AACpD,IAAA,MAAM,QACJ,IAAA,CAAK,eAAA,KAAoB,OAAA,GAAU,GAAA,CAAI,QAAQ,GAAA,CAAI,QAAA;AACrD,IAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,MAAA,MAAM,IAAIC,0BAAA;AAAA,QACR,CAAA,EAAG,KAAK,eAAe,CAAA,sBAAA;AAAA,OACzB;AAAA,IACF;AACA,IAAA,OAAO,oBAAoB,KAAK,CAAA;AAAA,EAClC;AAAA,EAEA,MAAM,SAAS,GAAA,EAAiD;AAC9D,IAAA,IAAA,CAAK,sCAAA,EAAuC;AAE5C,IAAA,MAAM,KAAA,GAAuB,EAAE,QAAA,EAAU,GAAA,CAAI,QAAA,EAAS;AACtD,IAAA,IAAI,GAAA,CAAI,KAAA,IAAS,IAAA,EAAM,KAAA,CAAM,QAAQ,GAAA,CAAI,KAAA;AACzC,IAAA,IAAI,GAAA,CAAI,QAAA,IAAY,IAAA,EAAM,KAAA,CAAM,WAAW,GAAA,CAAI,QAAA;AAE/C,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,gBAAA,GAAmB,KAAK,CAAA;AAEzC,IAAA,yBAAA,CAA0B,KAAA,EAAO,KAAK,eAAe,CAAA;AACrD,IAAA,IAAA,CAAK,2CAA2C,KAAK,CAAA;AAErD,IAAA,MAAM,YAAA,GAAe,MAAaC,iBAAA,CAAA,IAAA,CAAK,GAAA,CAAI,UAAU,EAAE,CAAA;AAEvD,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAA,CAAO;AAAA,QAC/C,GAAG,KAAA;AAAA,QACH,YAAA;AAAA,QACA,aAAA,EAAe,CAAC,IAAA,CAAK;AAAA,OACtB,CAAA;AAED,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,eAAA,GAAkB,OAAO,CAAA;AAE1C,MAAA,IAAI,KAAK,wBAAA,EAA0B;AACjC,QAAA,MAAM,IAAA,CAAK,sBAAsB,OAAO,CAAA;AAAA,MAC1C;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC9B,QAAA,MAAM,IAAIC,4BAAA,CAAsB,CAAA,EAAG,IAAA,CAAK,eAAe,CAAA,eAAA,CAAiB,CAAA;AAAA,MAC1E;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AAEA,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,MAAM,GAAA,EAAoC;AAC9C,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,sBAAA,CAAuB,GAAG,CAAA;AAClD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,2BAAA;AAAA,MACxC;AAAA,KACF;AAEA,IAAA,IAAI,OAAA,EAAS,gBAAgB,IAAA,EAAM;AACjC,MAAA,MAAM,IAAIA,6BAAsB,qBAAqB,CAAA;AAAA,IACvD;AAEA,IAAA,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAEhC,IAAA,MAAM,kBAAkB,MAAaD,iBAAA,CAAA,OAAA;AAAA,MACnC,GAAA,CAAI,QAAA;AAAA,MACJ,OAAA,CAAQ;AAAA,KACV;AACA,IAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,MAAA,MAAM,IAAIC,6BAAsB,qBAAqB,CAAA;AAAA,IACvD;AAEA,IAAA,OAAO,IAAA,CAAK,YAAY,OAAO,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,QAAQ,YAAA,EAA2C;AACvD,IAAA,IAAI,OAAA;AACJ,IAAA,IAAI;AACF,MAAA,OAAA,GAAU,MAAM,IAAA,CAAK,YAAA,CAAa,kBAAA,CAAmB,YAAY,CAAA;AAAA,IACnE,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAIA,6BAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,cAAA,CAAe,mBAAA,CAAoB,QAAQ,GAAG,CAAA;AACzE,IAAA,IAAI,OAAA,EAAS,oBAAoB,IAAA,EAAM;AACrC,MAAA,MAAM,IAAIA,6BAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAEhC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,YAAA,CAAa,mBAAA;AAAA,MAC3C,YAAA;AAAA,MACA,OAAA,CAAQ;AAAA,KACV;AACA,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,MAAM,IAAIA,6BAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,OAAO,IAAA,CAAK,YAAY,OAAO,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,OAAO,MAAA,EAA8C;AACzD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,MAAA,EAAQ,IAAI,CAAA;AAC7D,IAAA,OAAO,EAAE,WAAW,IAAA,EAAK;AAAA,EAC3B;AAAA,EAEA,MAAM,GAAG,MAAA,EAAkD;AACzD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,MAAM,CAAA;AACzD,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAIA,6BAAsB,mBAAmB,CAAA;AAAA,IACrD;AAEA,IAAA,IAAI,IAAA,CAAK,KAAA,CAAM,QAAA,IAAY,IAAA,EAAM;AAC/B,MAAA,OAAO,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,OAAO,CAAA;AAAA,IACpC;AAEA,IAAA,OAAO,IAAIN,wBAAA,EAAiB,CAAE,QAAA,CAAS,OAAO,CAAA;AAAA,EAChD;AAAA,EAEA,MAAM,YAAY,KAAA,EAA4C;AAC5D,IAAA,IAAA,CAAK,8BAAA,EAA+B;AAEpC,IAAA,MAAM,SAAA,GAAY,UAAU,KAAK,CAAA;AACjC,IAAA,MAAM,OAAA,GACJ,MAAM,IAAA,CAAK,cAAA,CAAe,iCAAiC,SAAS,CAAA;AACtE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAII,2BAAoB,0BAA0B,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,iBAAA,CAAkB,OAAA,CAAQ,EAAE,CAAA;AACtD,IAAA,OAAO,EAAE,UAAU,IAAA,EAAK;AAAA,EAC1B;AAAA,EAEA,MAAM,eAAe,KAAA,EAAwC;AAC3D,IAAA,IAAA,CAAK,0BAAA,EAA2B;AAChC,IAAA,IAAA,CAAK,uCAAA,EAAwC;AAE7C,IAAA,MAAM,eAAA,GAAkB,oBAAoB,KAAK,CAAA;AACjD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,YAAY,eAAe,CAAA;AAErE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,WAAW,gBAAA,EAAiB;AAClC,MAAA,MAAM,SAAA,GAAY,UAAU,QAAQ,CAAA;AACpC,MAAA,MAAM,SAAA,GAAY,kBAAA;AAAA,QAChB,IAAA,CAAK,QAAQ,uBAAA,IAA2B;AAAA,OAC1C;AAEA,MAAA,MAAM,KAAK,cAAA,CAAe,aAAA,CAAc,OAAA,CAAQ,EAAA,EAAI,WAAW,SAAS,CAAA;AACxE,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,SAAA,CAAW,OAAA,EAAS,iBAAiB,QAAQ,CAAA;AAAA,IAChE;AAEA,IAAA,OAAO,EAAE,MAAM,IAAA,EAAK;AAAA,EACtB;AAAA,EAEA,MAAM,aAAA,CACJ,KAAA,EACA,WAAA,EAC0B;AAC1B,IAAA,IAAA,CAAK,0BAAA,EAA2B;AAEhC,IAAA,MAAM,SAAA,GAAY,UAAU,KAAK,CAAA;AACjC,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,qBAAqB,SAAS,CAAA;AACxE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAIA,2BAAoB,0BAA0B,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,YAAA,GAAe,MAAaC,iBAAA,CAAA,IAAA,CAAK,WAAA,EAAa,EAAE,CAAA;AACtD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,kBAAA,CAAmB,OAAA,CAAQ,IAAI,YAAY,CAAA;AACrE,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,eAAA,CAAgB,OAAA,CAAQ,EAAE,CAAA;AACpD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,OAAA,CAAQ,IAAI,IAAI,CAAA;AAEjE,IAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AAAA,EACvB;AAAA,EAEQ,oBAAoB,OAAA,EAAgC;AAC1D,IAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,MAAA,MAAM,IAAIC,6BAAsB,kBAAkB,CAAA;AAAA,IACpD;AAEA,IAAA,IAAI,IAAA,CAAK,wBAAA,IAA4B,CAAC,OAAA,CAAQ,aAAA,EAAe;AAC3D,MAAA,MAAM,IAAIA,6BAAsB,oBAAoB,CAAA;AAAA,IACtD;AAAA,EACF;AAAA,EAEA,MAAc,YAAY,OAAA,EAA+C;AACvE,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,KAAA,CAAM,gBAAgB,OAAO,CAAA;AACxD,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,UAAA,CAAW;AAAA,MAChD,GAAG,OAAA;AAAA,MACH,KAAK,OAAA,CAAQ;AAAA,KACd,CAAA;AAED,IAAA,IAAI,KAAK,kBAAA,EAAoB;AAC3B,MAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,YAAA,CAAa,gBAAA;AAAA,QAC/C,MAAA,CAAO;AAAA,OACT;AACA,MAAA,MAAM,KAAK,cAAA,CAAe,sBAAA;AAAA,QACxB,OAAA,CAAQ,EAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,YAAA,GAAe,OAAO,CAAA;AACvC,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,MAAc,sBAAsB,OAAA,EAAyC;AAC3E,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,mBAAA,CAAoB,OAAO,CAAA;AAC9C,IAAA,IAAI,SAAS,IAAA,EAAM;AAEnB,IAAA,MAAM,WAAW,gBAAA,EAAiB;AAClC,IAAA,MAAM,SAAA,GAAY,UAAU,QAAQ,CAAA;AACpC,IAAA,MAAM,SAAA,GAAY,kBAAA;AAAA,MAChB,IAAA,CAAK,QAAQ,2BAAA,IACX;AAAA,KACJ;AAEA,IAAA,MAAM,KAAK,cAAA,CAAe,yBAAA;AAAA,MACxB,OAAA,CAAQ,EAAA;AAAA,MACR,SAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,SAAA,CAAW,QAAA,EAAU,OAAO,QAAQ,CAAA;AAAA,EACvD;AAAA,EAEQ,oBAAoB,OAAA,EAAyC;AACnE,IAAA,IAAI,QAAQ,KAAA,IAAS,IAAA,IAAQ,QAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxD,MAAA,OAAO,mBAAA,CAAoB,QAAQ,KAAK,CAAA;AAAA,IAC1C;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEQ,2CAA2C,KAAA,EAA4B;AAC7E,IAAA,IAAI,CAAC,KAAK,wBAAA,EAA0B;AAEpC,IAAA,MAAM,KAAA,GACJ,IAAA,CAAK,eAAA,KAAoB,OAAA,GACrB,0BAA0B,KAAA,EAAO,OAAO,CAAA,GACxC,KAAA,CAAM,KAAA,IAAS,IAAA,GACb,mBAAA,CAAoB,KAAA,CAAM,KAAK,CAAA,GAC/B,IAAA;AAER,IAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,MAAA,MAAM,IAAIF,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,sCAAA,GAA+C;AACrD,IAAA,IAAI,IAAA,CAAK,wBAAA,IAA4B,IAAA,CAAK,KAAA,CAAM,aAAa,IAAA,EAAM;AACjE,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,uCAAA,GAAgD;AACtD,IAAA,IAAI,IAAA,CAAK,oBAAA,IAAwB,IAAA,CAAK,KAAA,CAAM,aAAa,IAAA,EAAM;AAC7D,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,8BAAA,GAAuC;AAC7C,IAAA,IAAI,CAAC,KAAK,wBAAA,EAA0B;AAClC,MAAA,MAAM,IAAIG,wBAAA,EAAkB;AAAA,IAC9B;AAAA,EACF;AAAA,EAEQ,0BAAA,GAAmC;AACzC,IAAA,IAAI,CAAC,KAAK,oBAAA,EAAsB;AAC9B,MAAA,MAAM,IAAIA,wBAAA,EAAkB;AAAA,IAC9B;AAAA,EACF;AAAA,EAEA,wBAAwB,OAAA,EAA8C;AACpE,IAAA,OAAO,qBAAA,CAAsB,OAAA,EAAS,IAAA,CAAK,eAAe,CAAA;AAAA,EAC5D;AACF;AA7SaJ,mBAAA,GAAN,eAAA,CAAA;AAAA,EADNX,iBAAAA,EAAW;AAAA,EAGP,iCAAO,eAAe,CAAA,CAAA;AAAA,EAEtB,iCAAO,mBAAmB,CAAA,CAAA;AAAA,EAE1B,iCAAO,UAAU,CAAA;AAAA,CAAA,EANTW,mBAAA,CAAA;AC/BAK,uBAAN,kBAAA,CAAmB;AAAA,EACxB,WAAA,CACmB,YAEA,OAAA,EACjB;AAHiB,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAEA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAChB;AAAA,EAEH,MAAM,WAAW,OAAA,EAA8C;AAC7D,IAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,OAAA,CAAQ,SAAA,IAAa,IAAA;AAClD,IAAA,MAAM,gBAAA,GAAmB,IAAA,CAAK,OAAA,CAAQ,gBAAA,IAAoB,IAAA;AAE1D,IAAA,MAAM,CAAC,WAAA,EAAa,YAAY,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,MACpD,KAAK,UAAA,CAAW,SAAA;AAAA,QACd,OAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,KAAK,OAAA,CAAQ,MAAA;AAAA,UACrB,SAAA,EAAW;AAAA;AACb,OACF;AAAA,MACA,KAAK,UAAA,CAAW,SAAA;AAAA,QACd,OAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,KAAK,OAAA,CAAQ,aAAA;AAAA,UACrB,SAAA,EAAW;AAAA;AACb;AACF,KACD,CAAA;AAED,IAAA,OAAO,EAAE,aAAa,YAAA,EAAa;AAAA,EACrC;AAAA,EAEA,MAAM,mBAAmB,YAAA,EAA+C;AACtE,IAAA,OAAO,IAAA,CAAK,UAAA,CAAW,WAAA,CAA4B,YAAA,EAAc;AAAA,MAC/D,MAAA,EAAQ,KAAK,OAAA,CAAQ;AAAA,KACtB,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,iBAAiB,YAAA,EAAuC;AAC5D,IAAA,OAAcC,iBAAA,CAAA,IAAA,CAAK,cAAc,EAAE,CAAA;AAAA,EACrC;AAAA,EAEA,MAAM,mBAAA,CACJ,YAAA,EACAC,KAAAA,EACkB;AAClB,IAAA,OAAcD,iBAAA,CAAA,OAAA,CAAQ,cAAcC,KAAI,CAAA;AAAA,EAC1C;AACF;AA/CaF,oBAAA,GAAN,eAAA,CAAA;AAAA,EADNhB,iBAAAA,EAAW;AAAA,EAIP,eAAA,CAAA,CAAA,EAAAmB,cAAO,mBAAmB,CAAA;AAAA,CAAA,EAHlBH,oBAAA,CAAA;ACAN,IAAM,WAAA,GAAN,cAA0BI,yBAAA,CAAiBC,oBAAQ,CAAA,CAAE;AAAA,EAC1D,WAAA,CAEE,SAEiB,cAAA,EACjB;AACA,IAAA,KAAA,CAAM;AAAA,MACJ,cAAA,EAAgBC,uBAAW,2BAAA,EAA4B;AAAA,MACvD,gBAAA,EAAkB,KAAA;AAAA,MAClB,aAAa,OAAA,CAAQ;AAAA,KACtB,CAAA;AANgB,IAAA,IAAA,CAAA,cAAA,GAAA,cAAA;AAAA,EAOnB;AAAA,EAEA,MAAM,SAAS,OAAA,EAAkD;AAC/D,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,cAAA,CAAe,QAAA,CAAS,QAAQ,GAAG,CAAA;AAC9D,IAAA,IAAI,OAAA,IAAW,IAAA,IAAQ,OAAA,CAAQ,QAAA,EAAU;AACvC,MAAA,MAAM,IAAIR,6BAAsB,+BAA+B,CAAA;AAAA,IACjE;AACA,IAAA,OAAO,OAAA;AAAA,EACT;AACF,CAAA;AArBa,WAAA,GAAN,eAAA,CAAA;AAAA,EADNd,iBAAAA,EAAW;AAAA,EAGP,eAAA,CAAA,CAAA,EAAAmB,cAAO,mBAAmB,CAAA,CAAA;AAAA,EAE1B,eAAA,CAAA,CAAA,EAAAA,cAAO,eAAe,CAAA;AAAA,CAAA,EAJd,WAAA,CAAA;;;ACQb,SAAS,oBAAoB,OAAA,EAAwC;AACnE,EAAA,OAAO;AAAA,IACL;AAAA,MACE,OAAA,EAAS,mBAAA;AAAA,MACT,QAAA,EAAU;AAAA,KACZ;AAAA,IACA;AAAA,MACE,OAAA,EAAS,UAAA;AAAA,MACT,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,MAC5B,UAAA,EAAY,CAAC,IAAA,KAA4B;AACvC,QAAA,MAAM,UAAA,GAAa,KAAK,KAAA,IAASX,wBAAA;AACjC,QAAA,OAAO,IAAI,UAAA,EAAW;AAAA,MACxB;AAAA,KACF;AAAA,IACAG,mBAAA;AAAA,IACAK,oBAAA;AAAA,IACA,WAAA;AAAA,IACAlB;AAAA,GACF;AACF;AAEA,SAAS,iBAAA,GAAmC;AAC1C,EAAA,OAAO;AAAA,IACLyB,uBAAA,CAAe,QAAA,CAAS,EAAE,eAAA,EAAiB,OAAO,CAAA;AAAA,IAClDC,cAAU,aAAA,CAAc;AAAA,MACtB,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,MAC5B,UAAA,EAAY,CAAC,IAAA,MACV;AAAA,QACC,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,WAAA,EAAa,EAAE,SAAA,EAAW,IAAA,CAAK,aAAa,IAAA;AAAK,OACnD;AAAA,KACH;AAAA,GACH;AACF;AAEA,SAAS,aAAa,WAAA,EAAsC;AAC1D,EAAA,MAAM,MAAA,GAAwB,CAAC,GAAG,iBAAA,EAAmB,CAAA;AACrD,EAAA,IAAI,eAAe,IAAA,EAAM;AACvB,IAAA,MAAA,CAAO,OAAA,CAAQ,GAAI,WAA6B,CAAA;AAAA,EAClD;AACA,EAAA,OAAO,MAAA;AACT;AAGaC,qBAAN,gBAAA,CAAiB;AAAA,EACtB,OAAO,QAAQ,OAAA,EAA2C;AACxD,IAAA,OAAO;AAAA,MACL,MAAA,EAAQA,kBAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,SAAS,iBAAA,EAAkB;AAAA,MAC3B,WAAA,EAAa,CAAC,cAAc,CAAA;AAAA,MAC5B,SAAA,EAAW,oBAAoB,OAAO,CAAA;AAAA,MACtC,OAAA,EAAS;AAAA,QACP,mBAAA;AAAA,QACA,UAAA;AAAA,QACAd,mBAAA;AAAA,QACAK,oBAAA;AAAA,QACAlB,oBAAA;AAAA,QACA0B,aAAA;AAAA,QACAD;AAAA;AACF,KACF;AAAA,EACF;AAAA,EAEA,OAAO,aAAa,OAAA,EAAgD;AAClE,IAAA,OAAO;AAAA,MACL,MAAA,EAAQE,kBAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,YAAA,CAAa,OAAA,CAAQ,OAAO,CAAA;AAAA,MACrC,WAAA,EAAa,CAAC,cAAc,CAAA;AAAA,MAC5B,SAAA,EAAW;AAAA,QACT;AAAA,UACE,OAAA,EAAS,mBAAA;AAAA,UACT,MAAA,EAAS,OAAA,CAAQ,MAAA,IAAU,EAAC;AAAA,UAC5B,YAAY,OAAA,CAAQ;AAAA,SACtB;AAAA,QACA;AAAA,UACE,OAAA,EAAS,UAAA;AAAA,UACT,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,UAC5B,UAAA,EAAY,CAAC,IAAA,KAA4B;AACvC,YAAA,MAAM,UAAA,GAAa,KAAK,KAAA,IAASjB,wBAAA;AACjC,YAAA,OAAO,IAAI,UAAA,EAAW;AAAA,UACxB;AAAA,SACF;AAAA,QACAG,mBAAA;AAAA,QACAK,oBAAA;AAAA,QACA,WAAA;AAAA,QACAlB;AAAA,OACF;AAAA,MACA,OAAA,EAAS;AAAA,QACP,mBAAA;AAAA,QACA,UAAA;AAAA,QACAa,mBAAA;AAAA,QACAK,oBAAA;AAAA,QACAlB,oBAAA;AAAA,QACA0B,aAAA;AAAA,QACAD;AAAA;AACF,KACF;AAAA,EACF;AACF;AAxDaE,kBAAA,GAAN,eAAA,CAAA;AAAA,EADNC,aAAA,CAAO,EAAE;AAAA,CAAA,EACGD,kBAAA,CAAA;;;AC9DN,IAAM,gBAAN,MAAoB;AAG3B;ACDO,IAAM,oBAAN,MAAwB;AAG/B;AADE,eAAA,CAAA;AAAA,EADCE,sBAAA;AAAQ,CAAA,EADE,iBAAA,CAEX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;ACFK,IAAM,WAAN,MAAe;AAetB;AAXE,eAAA,CAAA;AAAA,EAHCC,yBAAA,EAAW;AAAA,EACXC,uBAAA,EAAS;AAAA,EACTC,qBAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAHH,QAAA,CAIX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCF,yBAAA,EAAW;AAAA,EACXC,uBAAA,EAAS;AAAA,EACTC,qBAAA,CAAO,GAAG,EAAE;AAAA,CAAA,EARF,QAAA,CASX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCD,uBAAA,EAAS;AAAA,EACTE,yBAAA,EAAW;AAAA,EACXD,qBAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAbH,QAAA,CAcX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;ACdK,IAAM,kBAAN,MAAsB;AAI7B;AADE,eAAA,CAAA;AAAA,EAFCD,uBAAAA,EAAS;AAAA,EACTE,yBAAAA;AAAW,CAAA,EAFD,eAAA,CAGX,SAAA,EAAA,cAAA,EAAA,CAAA,CAAA;;;ACLK,IAAM,iBAAN,MAAqB;AAE5B;ACAO,IAAM,cAAN,MAAkB;AAgBzB;AAZE,eAAA,CAAA;AAAA,EAHCH,yBAAAA,EAAW;AAAA,EACXC,uBAAAA,EAAS;AAAA,EACTC,qBAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAHH,WAAA,CAIX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAJCF,yBAAAA,EAAW;AAAA,EACXC,uBAAAA,EAAS;AAAA,EACTC,qBAAAA,CAAO,GAAG,EAAE,CAAA;AAAA,EACZE,uBAAQ,mBAAmB;AAAA,CAAA,EATjB,WAAA,CAUX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCH,uBAAAA,EAAS;AAAA,EACTE,yBAAAA,EAAW;AAAA,EACXD,qBAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAdH,WAAA,CAeX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;ACfK,IAAM,mBAAN,MAAuB;AAS9B;AANE,eAAA,CAAA;AAAA,EAFCD,uBAAAA,EAAS;AAAA,EACTE,yBAAAA;AAAW,CAAA,EAFD,gBAAA,CAGX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCF,uBAAAA,EAAS;AAAA,EACTE,yBAAAA,EAAW;AAAA,EACXD,qBAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAPH,gBAAA,CAQX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;ACRK,IAAM,iBAAN,MAAqB;AAI5B;AADE,eAAA,CAAA;AAAA,EAFCD,uBAAAA,EAAS;AAAA,EACTE,yBAAAA;AAAW,CAAA,EAFD,cAAA,CAGX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA","file":"index.cjs","sourcesContent":["import { createParamDecorator, type ExecutionContext } from \"@nestjs/common\";\n\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\nexport const CurrentUser = createParamDecorator(\n (_data: unknown, ctx: ExecutionContext): AuthJwtPayload => {\n const request = ctx.switchToHttp().getRequest<{ user: AuthJwtPayload }>();\n return request.user;\n },\n);\n","import { Injectable } from \"@nestjs/common\";\nimport { AuthGuard } from \"@nestjs/passport\";\n\n@Injectable()\nexport class JwtAuthGuard extends AuthGuard(\"jwt\") {}\n","import {\n Body,\n Controller,\n Get,\n HttpCode,\n HttpStatus,\n Post,\n UseGuards,\n} from \"@nestjs/common\";\n\nimport { AuthTokensDto } from \"../dto/auth-tokens.dto\";\nimport { ForgotPasswordDto } from \"../dto/forgot-password.dto\";\nimport { LoginDto } from \"../dto/login.dto\";\nimport { RefreshTokenDto } from \"../dto/refresh-token.dto\";\nimport { RegisterAckDto } from \"../dto/register-ack.dto\";\nimport { RegisterDto } from \"../dto/register.dto\";\nimport { ResetPasswordDto } from \"../dto/reset-password.dto\";\nimport { VerifyEmailDto } from \"../dto/verify-email.dto\";\nimport { CurrentUser } from \"../decorators/current-user.decorator\";\nimport { JwtAuthGuard } from \"../guards/jwt-auth.guard\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\nimport { AuthService } from \"../services/auth.service\";\n\n@Controller(\"auth\")\nexport class AuthController {\n constructor(private readonly authService: AuthService) {}\n\n @Post(\"register\")\n register(@Body() dto: RegisterDto): Promise<RegisterAckDto> {\n return this.authService.register(dto);\n }\n\n @Post(\"login\")\n login(@Body() dto: LoginDto): Promise<AuthTokensDto> {\n return this.authService.login(dto);\n }\n\n @Post(\"refresh\")\n @HttpCode(HttpStatus.OK)\n refresh(@Body() dto: RefreshTokenDto): Promise<AuthTokensDto> {\n return this.authService.refresh(dto.refreshToken);\n }\n\n @Post(\"logout\")\n @UseGuards(JwtAuthGuard)\n @HttpCode(HttpStatus.OK)\n logout(@CurrentUser() user: AuthJwtPayload): Promise<{ loggedOut: true }> {\n return this.authService.logout(user.sub);\n }\n\n @Get(\"me\")\n @UseGuards(JwtAuthGuard)\n me(@CurrentUser() user: AuthJwtPayload): Promise<Record<string, unknown>> {\n return this.authService.me(user.sub);\n }\n\n /** Available only when `features.emailVerification` is enabled. */\n @Post(\"verify-email\")\n @HttpCode(HttpStatus.OK)\n verifyEmail(@Body() dto: VerifyEmailDto): Promise<{ verified: true }> {\n return this.authService.verifyEmail(dto.token);\n }\n\n /** Available only when `features.passwordReset` is enabled. */\n @Post(\"forgot-password\")\n @HttpCode(HttpStatus.OK)\n forgotPassword(@Body() dto: ForgotPasswordDto): Promise<{ sent: true }> {\n return this.authService.forgotPassword(dto.email);\n }\n\n /** Available only when `features.passwordReset` is enabled. */\n @Post(\"reset-password\")\n @HttpCode(HttpStatus.OK)\n resetPassword(@Body() dto: ResetPasswordDto): Promise<{ reset: true }> {\n return this.authService.resetPassword(dto.token, dto.newPassword);\n }\n}\n","export const AUTH_MODULE_OPTIONS = Symbol(\"AUTH_MODULE_OPTIONS\");\nexport const AUTH_HOOKS = Symbol(\"AUTH_HOOKS\");\nexport const AUTH_REPOSITORY = Symbol(\"AUTH_REPOSITORY\");\n","import { Injectable } from \"@nestjs/common\";\n\nimport type {\n AuthHooks,\n BaseAuthAccount,\n RegisterInput,\n} from \"../interfaces/auth-hooks.interface\";\n\n@Injectable()\nexport class DefaultAuthHooks implements AuthHooks {\n async buildJwtPayload(\n account: BaseAuthAccount,\n ): Promise<Record<string, unknown>> {\n return {\n sub: account.id,\n ...(account.email != null ? { email: account.email } : {}),\n ...(account.username != null ? { username: account.username } : {}),\n };\n }\n\n async enrichMe(account: BaseAuthAccount): Promise<Record<string, unknown>> {\n return {\n id: account.id,\n email: account.email,\n username: account.username,\n emailVerified: account.emailVerified,\n disabled: account.disabled,\n };\n }\n\n async onBeforeRegister(_input: RegisterInput): Promise<void> {\n return;\n }\n\n async onAfterRegister(_account: BaseAuthAccount): Promise<void> {\n return;\n }\n\n async onAfterLogin(_account: BaseAuthAccount): Promise<void> {\n return;\n }\n}\n","export function isDuplicateKeyError(error: unknown): boolean {\n return (\n !!error &&\n typeof error === \"object\" &&\n \"code\" in error &&\n (error as { code: number }).code === 11000\n );\n}\n","import type { AuthIdentifierField } from \"../interfaces/auth-config.interface\";\nimport type { BaseAuthAccount, RegisterInput } from \"../interfaces/auth-hooks.interface\";\n\nexport function normalizeIdentifier(value: string): string {\n return value.trim().toLowerCase();\n}\n\nexport function resolveRegisterIdentifier(\n input: RegisterInput,\n field: AuthIdentifierField,\n): string {\n const value = field === \"email\" ? input.email : input.username;\n if (value == null || value.trim() === \"\") {\n throw new Error(`Register input requires ${field}`);\n }\n return normalizeIdentifier(value);\n}\n\nexport function readAccountIdentifier(\n account: BaseAuthAccount,\n field: AuthIdentifierField,\n): string | undefined {\n const value = field === \"email\" ? account.email : account.username;\n return value != null ? normalizeIdentifier(value) : undefined;\n}\n","import { createHash, randomBytes } from \"crypto\";\n\nexport function generateRawToken(byteLength = 32): string {\n return randomBytes(byteLength).toString(\"hex\");\n}\n\nexport function hashToken(token: string): string {\n return createHash(\"sha256\").update(token).digest(\"hex\");\n}\n\nexport function expiresAtFromTtlMs(ttlMs: number): Date {\n return new Date(Date.now() + ttlMs);\n}\n\n/** Default: 24 hours */\nexport const DEFAULT_EMAIL_VERIFICATION_TTL_MS = 24 * 60 * 60 * 1000;\n\n/** Default: 15 minutes */\nexport const DEFAULT_PASSWORD_RESET_TTL_MS = 15 * 60 * 1000;\n","import {\n BadRequestException,\n Inject,\n Injectable,\n NotFoundException,\n UnauthorizedException,\n} from \"@nestjs/common\";\nimport * as bcrypt from \"bcryptjs\";\n\nimport {\n AUTH_HOOKS,\n AUTH_MODULE_OPTIONS,\n AUTH_REPOSITORY,\n} from \"../constants/tokens\";\nimport type { LoginDto } from \"../dto/login.dto\";\nimport type { RegisterDto } from \"../dto/register.dto\";\nimport { DefaultAuthHooks } from \"../hooks/default-auth.hooks\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type {\n AuthHooks,\n AuthTokens,\n BaseAuthAccount,\n RegisterInput,\n} from \"../interfaces/auth-hooks.interface\";\nimport type { IAuthRepository } from \"../interfaces/auth-repository.interface\";\nimport { isDuplicateKeyError } from \"../utils/duplicate-key.util\";\nimport {\n normalizeIdentifier,\n readAccountIdentifier,\n resolveRegisterIdentifier,\n} from \"../utils/identifier.util\";\nimport {\n DEFAULT_EMAIL_VERIFICATION_TTL_MS,\n DEFAULT_PASSWORD_RESET_TTL_MS,\n expiresAtFromTtlMs,\n generateRawToken,\n hashToken,\n} from \"../utils/token.util\";\nimport { TokenService } from \"./token.service\";\n\n@Injectable()\nexport class AuthService {\n constructor(\n @Inject(AUTH_REPOSITORY)\n private readonly authRepository: IAuthRepository,\n @Inject(AUTH_MODULE_OPTIONS)\n private readonly options: AuthModuleOptions,\n @Inject(AUTH_HOOKS)\n private readonly hooks: AuthHooks,\n private readonly tokenService: TokenService,\n ) {}\n\n private get identifierField() {\n return this.options.identifierField ?? \"email\";\n }\n\n private get emailVerificationEnabled() {\n return this.options.features?.emailVerification === true;\n }\n\n private get passwordResetEnabled() {\n return this.options.features?.passwordReset === true;\n }\n\n private get rotateRefreshToken() {\n return this.options.features?.refreshTokenRotation !== false;\n }\n\n private resolveLoginIdentifier(dto: LoginDto): string {\n const value =\n this.identifierField === \"email\" ? dto.email : dto.username;\n if (value == null || value.trim() === \"\") {\n throw new BadRequestException(\n `${this.identifierField} is required for login`,\n );\n }\n return normalizeIdentifier(value);\n }\n\n async register(dto: RegisterDto): Promise<{ registered: true }> {\n this.assertEmailHookWhenVerificationEnabled();\n\n const input: RegisterInput = { password: dto.password };\n if (dto.email != null) input.email = dto.email;\n if (dto.username != null) input.username = dto.username;\n\n await this.hooks.onBeforeRegister?.(input);\n\n resolveRegisterIdentifier(input, this.identifierField);\n this.assertRegisterEmailWhenVerificationEnabled(input);\n\n const passwordHash = await bcrypt.hash(dto.password, 10);\n\n try {\n const account = await this.authRepository.create({\n ...input,\n passwordHash,\n emailVerified: !this.emailVerificationEnabled,\n });\n\n await this.hooks.onAfterRegister?.(account);\n\n if (this.emailVerificationEnabled) {\n await this.sendVerificationEmail(account);\n }\n } catch (error) {\n if (isDuplicateKeyError(error)) {\n throw new UnauthorizedException(`${this.identifierField} already exists`);\n }\n throw error;\n }\n\n return { registered: true };\n }\n\n async login(dto: LoginDto): Promise<AuthTokens> {\n const identifier = this.resolveLoginIdentifier(dto);\n const account = await this.authRepository.findByIdentifierWithSecrets(\n identifier,\n );\n\n if (account?.passwordHash == null) {\n throw new UnauthorizedException(\"Invalid credentials\");\n }\n\n this.assertAccountActive(account);\n\n const passwordMatches = await bcrypt.compare(\n dto.password,\n account.passwordHash,\n );\n if (!passwordMatches) {\n throw new UnauthorizedException(\"Invalid credentials\");\n }\n\n return this.issueTokens(account);\n }\n\n async refresh(refreshToken: string): Promise<AuthTokens> {\n let payload;\n try {\n payload = await this.tokenService.verifyRefreshToken(refreshToken);\n } catch {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n const account = await this.authRepository.findByIdWithSecrets(payload.sub);\n if (account?.refreshTokenHash == null) {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n this.assertAccountActive(account);\n\n const tokenMatches = await this.tokenService.compareRefreshToken(\n refreshToken,\n account.refreshTokenHash,\n );\n if (!tokenMatches) {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n return this.issueTokens(account);\n }\n\n async logout(authId: string): Promise<{ loggedOut: true }> {\n await this.authRepository.updateRefreshTokenHash(authId, null);\n return { loggedOut: true };\n }\n\n async me(authId: string): Promise<Record<string, unknown>> {\n const account = await this.authRepository.findById(authId);\n if (account == null) {\n throw new UnauthorizedException(\"Account not found\");\n }\n\n if (this.hooks.enrichMe != null) {\n return this.hooks.enrichMe(account);\n }\n\n return new DefaultAuthHooks().enrichMe(account);\n }\n\n async verifyEmail(token: string): Promise<{ verified: true }> {\n this.assertEmailVerificationEnabled();\n\n const tokenHash = hashToken(token);\n const account =\n await this.authRepository.findByEmailVerificationTokenHash(tokenHash);\n if (account == null) {\n throw new BadRequestException(\"TOKEN_INVALID_OR_EXPIRED\");\n }\n\n await this.authRepository.markEmailVerified(account.id);\n return { verified: true };\n }\n\n async forgotPassword(email: string): Promise<{ sent: true }> {\n this.assertPasswordResetEnabled();\n this.assertEmailHookWhenPasswordResetEnabled();\n\n const normalizedEmail = normalizeIdentifier(email);\n const account = await this.authRepository.findByEmail(normalizedEmail);\n\n if (account != null) {\n const rawToken = generateRawToken();\n const tokenHash = hashToken(rawToken);\n const expiresAt = expiresAtFromTtlMs(\n this.options.passwordResetTokenTtlMs ?? DEFAULT_PASSWORD_RESET_TTL_MS,\n );\n\n await this.authRepository.setResetToken(account.id, tokenHash, expiresAt);\n await this.hooks.sendEmail!(\"reset\", normalizedEmail, rawToken);\n }\n\n return { sent: true };\n }\n\n async resetPassword(\n token: string,\n newPassword: string,\n ): Promise<{ reset: true }> {\n this.assertPasswordResetEnabled();\n\n const tokenHash = hashToken(token);\n const account = await this.authRepository.findByResetTokenHash(tokenHash);\n if (account == null) {\n throw new BadRequestException(\"TOKEN_INVALID_OR_EXPIRED\");\n }\n\n const passwordHash = await bcrypt.hash(newPassword, 10);\n await this.authRepository.updatePasswordHash(account.id, passwordHash);\n await this.authRepository.clearResetToken(account.id);\n await this.authRepository.updateRefreshTokenHash(account.id, null);\n\n return { reset: true };\n }\n\n private assertAccountActive(account: BaseAuthAccount): void {\n if (account.disabled) {\n throw new UnauthorizedException(\"ACCOUNT_DISABLED\");\n }\n\n if (this.emailVerificationEnabled && !account.emailVerified) {\n throw new UnauthorizedException(\"EMAIL_NOT_VERIFIED\");\n }\n }\n\n private async issueTokens(account: BaseAuthAccount): Promise<AuthTokens> {\n const payload = await this.hooks.buildJwtPayload(account);\n const tokens = await this.tokenService.signTokens({\n ...payload,\n sub: account.id,\n });\n\n if (this.rotateRefreshToken) {\n const refreshTokenHash = await this.tokenService.hashRefreshToken(\n tokens.refreshToken,\n );\n await this.authRepository.updateRefreshTokenHash(\n account.id,\n refreshTokenHash,\n );\n }\n\n await this.hooks.onAfterLogin?.(account);\n return tokens;\n }\n\n private async sendVerificationEmail(account: BaseAuthAccount): Promise<void> {\n const email = this.resolveAccountEmail(account);\n if (email == null) return;\n\n const rawToken = generateRawToken();\n const tokenHash = hashToken(rawToken);\n const expiresAt = expiresAtFromTtlMs(\n this.options.emailVerificationTokenTtlMs ??\n DEFAULT_EMAIL_VERIFICATION_TTL_MS,\n );\n\n await this.authRepository.setEmailVerificationToken(\n account.id,\n tokenHash,\n expiresAt,\n );\n await this.hooks.sendEmail!(\"verify\", email, rawToken);\n }\n\n private resolveAccountEmail(account: BaseAuthAccount): string | null {\n if (account.email != null && account.email.trim() !== \"\") {\n return normalizeIdentifier(account.email);\n }\n return null;\n }\n\n private assertRegisterEmailWhenVerificationEnabled(input: RegisterInput): void {\n if (!this.emailVerificationEnabled) return;\n\n const email =\n this.identifierField === \"email\"\n ? resolveRegisterIdentifier(input, \"email\")\n : input.email != null\n ? normalizeIdentifier(input.email)\n : null;\n\n if (email == null || email.trim() === \"\") {\n throw new BadRequestException(\n \"email is required when emailVerification feature is enabled\",\n );\n }\n }\n\n private assertEmailHookWhenVerificationEnabled(): void {\n if (this.emailVerificationEnabled && this.hooks.sendEmail == null) {\n throw new BadRequestException(\n \"emailVerification is enabled but AuthHooks.sendEmail is not implemented\",\n );\n }\n }\n\n private assertEmailHookWhenPasswordResetEnabled(): void {\n if (this.passwordResetEnabled && this.hooks.sendEmail == null) {\n throw new BadRequestException(\n \"passwordReset is enabled but AuthHooks.sendEmail is not implemented\",\n );\n }\n }\n\n private assertEmailVerificationEnabled(): void {\n if (!this.emailVerificationEnabled) {\n throw new NotFoundException();\n }\n }\n\n private assertPasswordResetEnabled(): void {\n if (!this.passwordResetEnabled) {\n throw new NotFoundException();\n }\n }\n\n getIdentifierForAccount(account: BaseAuthAccount): string | undefined {\n return readAccountIdentifier(account, this.identifierField);\n }\n}\n","import { Inject, Injectable } from \"@nestjs/common\";\nimport { JwtService, type JwtSignOptions } from \"@nestjs/jwt\";\nimport * as bcrypt from \"bcryptjs\";\n\nimport { AUTH_MODULE_OPTIONS } from \"../constants/tokens\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type { AuthTokens } from \"../interfaces/auth-hooks.interface\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\n@Injectable()\nexport class TokenService {\n constructor(\n private readonly jwtService: JwtService,\n @Inject(AUTH_MODULE_OPTIONS)\n private readonly options: AuthModuleOptions,\n ) {}\n\n async signTokens(payload: AuthJwtPayload): Promise<AuthTokens> {\n const accessExpiresIn = this.options.expiresIn ?? \"1h\";\n const refreshExpiresIn = this.options.refreshExpiresIn ?? \"7d\";\n\n const [accessToken, refreshToken] = await Promise.all([\n this.jwtService.signAsync(\n payload as Record<string, unknown>,\n {\n secret: this.options.secret,\n expiresIn: accessExpiresIn,\n } as JwtSignOptions,\n ),\n this.jwtService.signAsync(\n payload as Record<string, unknown>,\n {\n secret: this.options.refreshSecret,\n expiresIn: refreshExpiresIn,\n } as JwtSignOptions,\n ),\n ]);\n\n return { accessToken, refreshToken };\n }\n\n async verifyRefreshToken(refreshToken: string): Promise<AuthJwtPayload> {\n return this.jwtService.verifyAsync<AuthJwtPayload>(refreshToken, {\n secret: this.options.refreshSecret,\n });\n }\n\n async hashRefreshToken(refreshToken: string): Promise<string> {\n return bcrypt.hash(refreshToken, 10);\n }\n\n async compareRefreshToken(\n refreshToken: string,\n hash: string,\n ): Promise<boolean> {\n return bcrypt.compare(refreshToken, hash);\n }\n}\n","import { Inject, Injectable, UnauthorizedException } from \"@nestjs/common\";\nimport { PassportStrategy } from \"@nestjs/passport\";\nimport { ExtractJwt, Strategy } from \"passport-jwt\";\n\nimport { AUTH_MODULE_OPTIONS, AUTH_REPOSITORY } from \"../constants/tokens\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type { IAuthRepository } from \"../interfaces/auth-repository.interface\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\n@Injectable()\nexport class JwtStrategy extends PassportStrategy(Strategy) {\n constructor(\n @Inject(AUTH_MODULE_OPTIONS)\n options: AuthModuleOptions,\n @Inject(AUTH_REPOSITORY)\n private readonly authRepository: IAuthRepository,\n ) {\n super({\n jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),\n ignoreExpiration: false,\n secretOrKey: options.secret,\n });\n }\n\n async validate(payload: AuthJwtPayload): Promise<AuthJwtPayload> {\n const account = await this.authRepository.findById(payload.sub);\n if (account == null || account.disabled) {\n throw new UnauthorizedException(\"Account not found or inactive\");\n }\n return payload;\n }\n}\n","import { DynamicModule, Module, Provider } from \"@nestjs/common\";\nimport { JwtModule, type JwtModuleOptions } from \"@nestjs/jwt\";\nimport { PassportModule } from \"@nestjs/passport\";\n\nimport { AuthController } from \"./controllers/auth.controller\";\nimport { AUTH_HOOKS, AUTH_MODULE_OPTIONS } from \"./constants/tokens\";\nimport { DefaultAuthHooks } from \"./hooks/default-auth.hooks\";\nimport type {\n AuthModuleAsyncOptions,\n AuthModuleOptions,\n} from \"./interfaces/auth-config.interface\";\nimport { AuthService } from \"./services/auth.service\";\nimport { TokenService } from \"./services/token.service\";\nimport { JwtAuthGuard } from \"./guards/jwt-auth.guard\";\nimport { JwtStrategy } from \"./strategies/jwt.strategy\";\n\ntype ModuleImports = NonNullable<DynamicModule[\"imports\"]>;\n\nfunction createAuthProviders(options: AuthModuleOptions): Provider[] {\n return [\n {\n provide: AUTH_MODULE_OPTIONS,\n useValue: options,\n },\n {\n provide: AUTH_HOOKS,\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) => {\n const HooksClass = opts.hooks ?? DefaultAuthHooks;\n return new HooksClass();\n },\n },\n AuthService,\n TokenService,\n JwtStrategy,\n JwtAuthGuard,\n ];\n}\n\nfunction createAuthImports(): ModuleImports {\n return [\n PassportModule.register({ defaultStrategy: \"jwt\" }),\n JwtModule.registerAsync({\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) =>\n ({\n secret: opts.secret,\n signOptions: { expiresIn: opts.expiresIn ?? \"1h\" },\n }) as JwtModuleOptions,\n }),\n ];\n}\n\nfunction mergeImports(userImports?: unknown): ModuleImports {\n const merged: ModuleImports = [...createAuthImports()];\n if (userImports != null) {\n merged.unshift(...(userImports as ModuleImports));\n }\n return merged;\n}\n\n@Module({})\nexport class AuthModule {\n static forRoot(options: AuthModuleOptions): DynamicModule {\n return {\n module: AuthModule,\n global: true,\n imports: createAuthImports(),\n controllers: [AuthController],\n providers: createAuthProviders(options),\n exports: [\n AUTH_MODULE_OPTIONS,\n AUTH_HOOKS,\n AuthService,\n TokenService,\n JwtAuthGuard,\n JwtModule,\n PassportModule,\n ],\n };\n }\n\n static forRootAsync(options: AuthModuleAsyncOptions): DynamicModule {\n return {\n module: AuthModule,\n global: true,\n imports: mergeImports(options.imports),\n controllers: [AuthController],\n providers: [\n {\n provide: AUTH_MODULE_OPTIONS,\n inject: (options.inject ?? []) as never[],\n useFactory: options.useFactory,\n },\n {\n provide: AUTH_HOOKS,\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) => {\n const HooksClass = opts.hooks ?? DefaultAuthHooks;\n return new HooksClass();\n },\n },\n AuthService,\n TokenService,\n JwtStrategy,\n JwtAuthGuard,\n ],\n exports: [\n AUTH_MODULE_OPTIONS,\n AUTH_HOOKS,\n AuthService,\n TokenService,\n JwtAuthGuard,\n JwtModule,\n PassportModule,\n ],\n };\n }\n}\n","export class AuthTokensDto {\n accessToken!: string;\n refreshToken!: string;\n}\n","import { IsEmail } from \"class-validator\";\n\nexport class ForgotPasswordDto {\n @IsEmail()\n email!: string;\n}\n","import { IsNotEmpty, IsOptional, IsString, Length } from \"class-validator\";\n\nexport class LoginDto {\n @IsOptional()\n @IsString()\n @Length(3, 255)\n email?: string;\n\n @IsOptional()\n @IsString()\n @Length(3, 50)\n username?: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n password!: string;\n}\n","import { IsNotEmpty, IsString } from \"class-validator\";\n\nexport class RefreshTokenDto {\n @IsString()\n @IsNotEmpty()\n refreshToken!: string;\n}\n","export class RegisterAckDto {\n registered!: true;\n}\n","import { IsNotEmpty, IsOptional, IsString, Length, Matches } from \"class-validator\";\n\nexport class RegisterDto {\n @IsOptional()\n @IsString()\n @Length(3, 255)\n email?: string;\n\n @IsOptional()\n @IsString()\n @Length(3, 50)\n @Matches(/^[a-zA-Z0-9._-]+$/)\n username?: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n password!: string;\n}\n","import { IsNotEmpty, IsString, Length } from \"class-validator\";\n\nexport class ResetPasswordDto {\n @IsString()\n @IsNotEmpty()\n token!: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n newPassword!: string;\n}\n","import { IsNotEmpty, IsString } from \"class-validator\";\n\nexport class VerifyEmailDto {\n @IsString()\n @IsNotEmpty()\n token!: string;\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/decorators/current-user.decorator.ts","../src/guards/jwt-auth.guard.ts","../src/constants/tokens.ts","../src/hooks/default-auth.hooks.ts","../src/utils/duplicate-key.util.ts","../src/utils/identifier.util.ts","../src/utils/token.util.ts","../src/services/token.service.ts","../src/services/auth.service.ts","../src/controllers/auth.controller.ts","../src/strategies/jwt.strategy.ts","../src/auth.module.ts","../src/dto/auth-tokens.dto.ts","../src/dto/forgot-password.dto.ts","../src/dto/login.dto.ts","../src/dto/refresh-token.dto.ts","../src/dto/register-ack.dto.ts","../src/dto/register.dto.ts","../src/dto/reset-password.dto.ts","../src/dto/verify-email.dto.ts"],"names":["createParamDecorator","JwtAuthGuard","AuthGuard","UnauthorizedException","Injectable","DefaultAuthHooks","randomBytes","createHash","TokenService","bcrypt","hash","JwtService","AuthService","BadRequestException","bcrypt2","NotFoundException","Inject","Post","Body","HttpCode","HttpStatus","UseGuards","Get","Controller","PassportStrategy","Strategy","ExtractJwt","PassportModule","JwtModule","AuthModule","Module","IsEmail","IsOptional","IsString","Length","IsNotEmpty","Matches"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIO,IAAM,WAAA,GAAcA,2BAAA;AAAA,EACzB,CAAC,OAAgB,GAAA,KAA0C;AACzD,IAAA,MAAM,OAAA,GAAU,GAAA,CAAI,YAAA,EAAa,CAAE,UAAA,EAAqC;AACxE,IAAA,OAAO,OAAA,CAAQ,IAAA;AAAA,EACjB;AACF;ACLaC,oBAAA,GAAN,kBAAA,SAA2BC,kBAAA,CAAU,KAAK,CAAA,CAAE;AAAA,EACjD,aAAA,CACE,GAAA,EACA,IAAA,EACA,KAAA,EACO;AACP,IAAA,IAAI,GAAA,IAAO,IAAA,IAAQ,IAAA,IAAQ,IAAA,EAAM;AAC/B,MAAA,MAAM,GAAA,IAAO,IAAIC,4BAAA,EAAsB;AAAA,IACzC;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAXaF,oBAAA,GAAN,eAAA,CAAA;AAAA,EADNG,iBAAA;AAAW,CAAA,EACCH,oBAAA,CAAA;;;ACHN,IAAM,mBAAA,GAAsB;AAC5B,IAAM,UAAA,GAAa;AACnB,IAAM,eAAA,GAAkB;ACMlBI,2BAAN,sBAAA,CAA4C;AAAA,EACjD,MAAM,gBACJ,OAAA,EACkC;AAClC,IAAA,OAAO;AAAA,MACL,KAAK,OAAA,CAAQ,EAAA;AAAA,MACb,GAAI,QAAQ,KAAA,IAAS,IAAA,GAAO,EAAE,KAAA,EAAO,OAAA,CAAQ,KAAA,EAAM,GAAI,EAAC;AAAA,MACxD,GAAI,QAAQ,QAAA,IAAY,IAAA,GAAO,EAAE,QAAA,EAAU,OAAA,CAAQ,QAAA,EAAS,GAAI;AAAC,KACnE;AAAA,EACF;AAAA,EAEA,MAAM,SAAS,OAAA,EAA4D;AACzE,IAAA,OAAO;AAAA,MACL,IAAI,OAAA,CAAQ,EAAA;AAAA,MACZ,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,UAAU,OAAA,CAAQ,QAAA;AAAA,MAClB,eAAe,OAAA,CAAQ,aAAA;AAAA,MACvB,UAAU,OAAA,CAAQ;AAAA,KACpB;AAAA,EACF;AAAA,EAEA,MAAM,iBAAiB,MAAA,EAAsC;AAC3D,IAAA;AAAA,EACF;AAAA,EAEA,MAAM,gBAAgB,QAAA,EAA0C;AAC9D,IAAA;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,QAAA,EAA0C;AAC3D,IAAA;AAAA,EACF;AACF;AAhCaA,wBAAA,GAAN,eAAA,CAAA;AAAA,EADND,iBAAAA;AAAW,CAAA,EACCC,wBAAA,CAAA;;;ACTN,SAAS,oBAAoB,KAAA,EAAyB;AAC3D,EAAA,OACE,CAAC,CAAC,KAAA,IACF,OAAO,UAAU,QAAA,IACjB,MAAA,IAAU,KAAA,IACT,KAAA,CAA2B,IAAA,KAAS,IAAA;AAEzC;;;ACJO,SAAS,oBAAoB,KAAA,EAAuB;AACzD,EAAA,OAAO,KAAA,CAAM,IAAA,EAAK,CAAE,WAAA,EAAY;AAClC;AAEO,SAAS,yBAAA,CACd,OACA,KAAA,EACQ;AACR,EAAA,MAAM,KAAA,GAAQ,KAAA,KAAU,OAAA,GAAU,KAAA,CAAM,QAAQ,KAAA,CAAM,QAAA;AACtD,EAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,wBAAA,EAA2B,KAAK,CAAA,CAAE,CAAA;AAAA,EACpD;AACA,EAAA,OAAO,oBAAoB,KAAK,CAAA;AAClC;AAEO,SAAS,qBAAA,CACd,SACA,KAAA,EACoB;AACpB,EAAA,MAAM,KAAA,GAAQ,KAAA,KAAU,OAAA,GAAU,OAAA,CAAQ,QAAQ,OAAA,CAAQ,QAAA;AAC1D,EAAA,OAAO,KAAA,IAAS,IAAA,GAAO,mBAAA,CAAoB,KAAK,CAAA,GAAI,MAAA;AACtD;ACtBO,SAAS,gBAAA,CAAiB,aAAa,EAAA,EAAY;AACxD,EAAA,OAAOC,kBAAA,CAAY,UAAU,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AAC/C;AAEO,SAAS,UAAU,KAAA,EAAuB;AAC/C,EAAA,OAAOC,kBAAW,QAAQ,CAAA,CAAE,OAAO,KAAK,CAAA,CAAE,OAAO,KAAK,CAAA;AACxD;AAEO,SAAS,mBAAmB,KAAA,EAAqB;AACtD,EAAA,OAAO,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,KAAK,CAAA;AACpC;AAGO,IAAM,iCAAA,GAAoC,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAGzD,IAAM,6BAAA,GAAgC,KAAK,EAAA,GAAK,GAAA;ACR1CC,uBAAN,kBAAA,CAAmB;AAAA,EACxB,WAAA,CAEmB,YAEA,OAAA,EACjB;AAHiB,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAEA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAChB;AAAA,EAEH,MAAM,WAAW,OAAA,EAA8C;AAC7D,IAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,OAAA,CAAQ,SAAA,IAAa,IAAA;AAClD,IAAA,MAAM,gBAAA,GAAmB,IAAA,CAAK,OAAA,CAAQ,gBAAA,IAAoB,IAAA;AAE1D,IAAA,MAAM,CAAC,WAAA,EAAa,YAAY,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,MACpD,KAAK,UAAA,CAAW,SAAA;AAAA,QACd,OAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,KAAK,OAAA,CAAQ,MAAA;AAAA,UACrB,SAAA,EAAW;AAAA;AACb,OACF;AAAA,MACA,KAAK,UAAA,CAAW,SAAA;AAAA,QACd,OAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,KAAK,OAAA,CAAQ,aAAA;AAAA,UACrB,SAAA,EAAW;AAAA;AACb;AACF,KACD,CAAA;AAED,IAAA,OAAO,EAAE,aAAa,YAAA,EAAa;AAAA,EACrC;AAAA,EAEA,MAAM,mBAAmB,YAAA,EAA+C;AACtE,IAAA,OAAO,IAAA,CAAK,UAAA,CAAW,WAAA,CAA4B,YAAA,EAAc;AAAA,MAC/D,MAAA,EAAQ,KAAK,OAAA,CAAQ;AAAA,KACtB,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,iBAAiB,YAAA,EAAuC;AAC5D,IAAA,OAAcC,kBAAA,CAAA,IAAA,CAAK,cAAc,EAAE,CAAA;AAAA,EACrC;AAAA,EAEA,MAAM,mBAAA,CACJ,YAAA,EACAC,KAAAA,EACkB;AAClB,IAAA,OAAcD,kBAAA,CAAA,OAAA,CAAQ,cAAcC,KAAI,CAAA;AAAA,EAC1C;AACF;AAhDaF,oBAAA,GAAN,eAAA,CAAA;AAAA,EADNJ,iBAAAA,EAAW;AAAA,EAGP,iCAAOO,cAAU,CAAA,CAAA;AAAA,EAEjB,iCAAO,mBAAmB,CAAA;AAAA,CAAA,EAJlBH,oBAAA,CAAA;;;AC+BAI,sBAAN,iBAAA,CAAkB;AAAA,EACvB,WAAA,CAEmB,cAAA,EAEA,OAAA,EAEA,KAAA,EAEA,YAAA,EACjB;AAPiB,IAAA,IAAA,CAAA,cAAA,GAAA,cAAA;AAEA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAEA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AAAA,EAChB;AAAA,EAEH,IAAY,eAAA,GAAkB;AAC5B,IAAA,OAAO,IAAA,CAAK,QAAQ,eAAA,IAAmB,OAAA;AAAA,EACzC;AAAA,EAEA,IAAY,wBAAA,GAA2B;AACrC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,iBAAA,KAAsB,IAAA;AAAA,EACtD;AAAA,EAEA,IAAY,oBAAA,GAAuB;AACjC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,aAAA,KAAkB,IAAA;AAAA,EAClD;AAAA,EAEA,IAAY,kBAAA,GAAqB;AAC/B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,oBAAA,KAAyB,KAAA;AAAA,EACzD;AAAA,EAEQ,uBAAuB,GAAA,EAAuB;AACpD,IAAA,MAAM,QACJ,IAAA,CAAK,eAAA,KAAoB,OAAA,GAAU,GAAA,CAAI,QAAQ,GAAA,CAAI,QAAA;AACrD,IAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,MAAA,MAAM,IAAIC,0BAAA;AAAA,QACR,CAAA,EAAG,KAAK,eAAe,CAAA,sBAAA;AAAA,OACzB;AAAA,IACF;AACA,IAAA,OAAO,oBAAoB,KAAK,CAAA;AAAA,EAClC;AAAA,EAEA,MAAM,SAAS,GAAA,EAAiD;AAC9D,IAAA,IAAA,CAAK,sCAAA,EAAuC;AAE5C,IAAA,MAAM,KAAA,GAAuB,EAAE,QAAA,EAAU,GAAA,CAAI,QAAA,EAAS;AACtD,IAAA,IAAI,GAAA,CAAI,KAAA,IAAS,IAAA,EAAM,KAAA,CAAM,QAAQ,GAAA,CAAI,KAAA;AACzC,IAAA,IAAI,GAAA,CAAI,QAAA,IAAY,IAAA,EAAM,KAAA,CAAM,WAAW,GAAA,CAAI,QAAA;AAE/C,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,gBAAA,GAAmB,KAAK,CAAA;AAEzC,IAAA,yBAAA,CAA0B,KAAA,EAAO,KAAK,eAAe,CAAA;AACrD,IAAA,IAAA,CAAK,2CAA2C,KAAK,CAAA;AAErD,IAAA,MAAM,YAAA,GAAe,MAAaC,kBAAA,CAAA,IAAA,CAAK,GAAA,CAAI,UAAU,EAAE,CAAA;AAEvD,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAA,CAAO;AAAA,QAC/C,GAAG,KAAA;AAAA,QACH,YAAA;AAAA,QACA,aAAA,EAAe,CAAC,IAAA,CAAK;AAAA,OACtB,CAAA;AAED,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,eAAA,GAAkB,OAAO,CAAA;AAE1C,MAAA,IAAI,KAAK,wBAAA,EAA0B;AACjC,QAAA,MAAM,IAAA,CAAK,sBAAsB,OAAO,CAAA;AAAA,MAC1C;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC9B,QAAA,MAAM,IAAIX,4BAAAA,CAAsB,CAAA,EAAG,IAAA,CAAK,eAAe,CAAA,eAAA,CAAiB,CAAA;AAAA,MAC1E;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AAEA,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,MAAM,GAAA,EAAoC;AAC9C,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,sBAAA,CAAuB,GAAG,CAAA;AAClD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,2BAAA;AAAA,MACxC;AAAA,KACF;AAEA,IAAA,IAAI,OAAA,EAAS,gBAAgB,IAAA,EAAM;AACjC,MAAA,MAAM,IAAIA,6BAAsB,qBAAqB,CAAA;AAAA,IACvD;AAEA,IAAA,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAEhC,IAAA,MAAM,kBAAkB,MAAaW,kBAAA,CAAA,OAAA;AAAA,MACnC,GAAA,CAAI,QAAA;AAAA,MACJ,OAAA,CAAQ;AAAA,KACV;AACA,IAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,MAAA,MAAM,IAAIX,6BAAsB,qBAAqB,CAAA;AAAA,IACvD;AAEA,IAAA,OAAO,IAAA,CAAK,YAAY,OAAO,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,QAAQ,YAAA,EAA2C;AACvD,IAAA,IAAI,OAAA;AACJ,IAAA,IAAI;AACF,MAAA,OAAA,GAAU,MAAM,IAAA,CAAK,YAAA,CAAa,kBAAA,CAAmB,YAAY,CAAA;AAAA,IACnE,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAIA,6BAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,cAAA,CAAe,mBAAA,CAAoB,QAAQ,GAAG,CAAA;AACzE,IAAA,IAAI,OAAA,EAAS,oBAAoB,IAAA,EAAM;AACrC,MAAA,MAAM,IAAIA,6BAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAEhC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,YAAA,CAAa,mBAAA;AAAA,MAC3C,YAAA;AAAA,MACA,OAAA,CAAQ;AAAA,KACV;AACA,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,MAAM,IAAIA,6BAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,OAAO,IAAA,CAAK,YAAY,OAAO,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,OAAO,MAAA,EAA8C;AACzD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,MAAA,EAAQ,IAAI,CAAA;AAC7D,IAAA,OAAO,EAAE,WAAW,IAAA,EAAK;AAAA,EAC3B;AAAA,EAEA,MAAM,GAAG,MAAA,EAAkD;AACzD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,MAAM,CAAA;AACzD,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAIA,6BAAsB,mBAAmB,CAAA;AAAA,IACrD;AAEA,IAAA,IAAI,IAAA,CAAK,KAAA,CAAM,QAAA,IAAY,IAAA,EAAM;AAC/B,MAAA,OAAO,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,OAAO,CAAA;AAAA,IACpC;AAEA,IAAA,OAAO,IAAIE,wBAAA,EAAiB,CAAE,QAAA,CAAS,OAAO,CAAA;AAAA,EAChD;AAAA,EAEA,MAAM,YAAY,KAAA,EAA4C;AAC5D,IAAA,IAAA,CAAK,8BAAA,EAA+B;AAEpC,IAAA,MAAM,SAAA,GAAY,UAAU,KAAK,CAAA;AACjC,IAAA,MAAM,OAAA,GACJ,MAAM,IAAA,CAAK,cAAA,CAAe,iCAAiC,SAAS,CAAA;AACtE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAIQ,2BAAoB,0BAA0B,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,iBAAA,CAAkB,OAAA,CAAQ,EAAE,CAAA;AACtD,IAAA,OAAO,EAAE,UAAU,IAAA,EAAK;AAAA,EAC1B;AAAA,EAEA,MAAM,eAAe,KAAA,EAAwC;AAC3D,IAAA,IAAA,CAAK,0BAAA,EAA2B;AAChC,IAAA,IAAA,CAAK,uCAAA,EAAwC;AAE7C,IAAA,MAAM,eAAA,GAAkB,oBAAoB,KAAK,CAAA;AACjD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,YAAY,eAAe,CAAA;AAErE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,WAAW,gBAAA,EAAiB;AAClC,MAAA,MAAM,SAAA,GAAY,UAAU,QAAQ,CAAA;AACpC,MAAA,MAAM,SAAA,GAAY,kBAAA;AAAA,QAChB,IAAA,CAAK,QAAQ,uBAAA,IAA2B;AAAA,OAC1C;AAEA,MAAA,MAAM,KAAK,cAAA,CAAe,aAAA,CAAc,OAAA,CAAQ,EAAA,EAAI,WAAW,SAAS,CAAA;AACxE,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,SAAA,CAAW,OAAA,EAAS,iBAAiB,QAAQ,CAAA;AAAA,IAChE;AAEA,IAAA,OAAO,EAAE,MAAM,IAAA,EAAK;AAAA,EACtB;AAAA,EAEA,MAAM,aAAA,CACJ,KAAA,EACA,WAAA,EAC0B;AAC1B,IAAA,IAAA,CAAK,0BAAA,EAA2B;AAEhC,IAAA,MAAM,SAAA,GAAY,UAAU,KAAK,CAAA;AACjC,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,qBAAqB,SAAS,CAAA;AACxE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAIA,2BAAoB,0BAA0B,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,YAAA,GAAe,MAAaC,kBAAA,CAAA,IAAA,CAAK,WAAA,EAAa,EAAE,CAAA;AACtD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,kBAAA,CAAmB,OAAA,CAAQ,IAAI,YAAY,CAAA;AACrE,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,eAAA,CAAgB,OAAA,CAAQ,EAAE,CAAA;AACpD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,OAAA,CAAQ,IAAI,IAAI,CAAA;AAEjE,IAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AAAA,EACvB;AAAA,EAEQ,oBAAoB,OAAA,EAAgC;AAC1D,IAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,MAAA,MAAM,IAAIX,6BAAsB,kBAAkB,CAAA;AAAA,IACpD;AAEA,IAAA,IAAI,IAAA,CAAK,wBAAA,IAA4B,CAAC,OAAA,CAAQ,aAAA,EAAe;AAC3D,MAAA,MAAM,IAAIA,6BAAsB,oBAAoB,CAAA;AAAA,IACtD;AAAA,EACF;AAAA,EAEA,MAAc,YAAY,OAAA,EAA+C;AACvE,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,KAAA,CAAM,gBAAgB,OAAO,CAAA;AACxD,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,UAAA,CAAW;AAAA,MAChD,GAAG,OAAA;AAAA,MACH,KAAK,OAAA,CAAQ;AAAA,KACd,CAAA;AAED,IAAA,IAAI,KAAK,kBAAA,EAAoB;AAC3B,MAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,YAAA,CAAa,gBAAA;AAAA,QAC/C,MAAA,CAAO;AAAA,OACT;AACA,MAAA,MAAM,KAAK,cAAA,CAAe,sBAAA;AAAA,QACxB,OAAA,CAAQ,EAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,YAAA,GAAe,OAAO,CAAA;AACvC,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,MAAc,sBAAsB,OAAA,EAAyC;AAC3E,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,mBAAA,CAAoB,OAAO,CAAA;AAC9C,IAAA,IAAI,SAAS,IAAA,EAAM;AAEnB,IAAA,MAAM,WAAW,gBAAA,EAAiB;AAClC,IAAA,MAAM,SAAA,GAAY,UAAU,QAAQ,CAAA;AACpC,IAAA,MAAM,SAAA,GAAY,kBAAA;AAAA,MAChB,IAAA,CAAK,QAAQ,2BAAA,IACX;AAAA,KACJ;AAEA,IAAA,MAAM,KAAK,cAAA,CAAe,yBAAA;AAAA,MACxB,OAAA,CAAQ,EAAA;AAAA,MACR,SAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,SAAA,CAAW,QAAA,EAAU,OAAO,QAAQ,CAAA;AAAA,EACvD;AAAA,EAEQ,oBAAoB,OAAA,EAAyC;AACnE,IAAA,IAAI,QAAQ,KAAA,IAAS,IAAA,IAAQ,QAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxD,MAAA,OAAO,mBAAA,CAAoB,QAAQ,KAAK,CAAA;AAAA,IAC1C;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEQ,2CAA2C,KAAA,EAA4B;AAC7E,IAAA,IAAI,CAAC,KAAK,wBAAA,EAA0B;AAEpC,IAAA,MAAM,KAAA,GACJ,IAAA,CAAK,eAAA,KAAoB,OAAA,GACrB,0BAA0B,KAAA,EAAO,OAAO,CAAA,GACxC,KAAA,CAAM,KAAA,IAAS,IAAA,GACb,mBAAA,CAAoB,KAAA,CAAM,KAAK,CAAA,GAC/B,IAAA;AAER,IAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,MAAA,MAAM,IAAIU,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,sCAAA,GAA+C;AACrD,IAAA,IAAI,IAAA,CAAK,wBAAA,IAA4B,IAAA,CAAK,KAAA,CAAM,aAAa,IAAA,EAAM;AACjE,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,uCAAA,GAAgD;AACtD,IAAA,IAAI,IAAA,CAAK,oBAAA,IAAwB,IAAA,CAAK,KAAA,CAAM,aAAa,IAAA,EAAM;AAC7D,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,8BAAA,GAAuC;AAC7C,IAAA,IAAI,CAAC,KAAK,wBAAA,EAA0B;AAClC,MAAA,MAAM,IAAIE,wBAAA,EAAkB;AAAA,IAC9B;AAAA,EACF;AAAA,EAEQ,0BAAA,GAAmC;AACzC,IAAA,IAAI,CAAC,KAAK,oBAAA,EAAsB;AAC9B,MAAA,MAAM,IAAIA,wBAAA,EAAkB;AAAA,IAC9B;AAAA,EACF;AAAA,EAEA,wBAAwB,OAAA,EAA8C;AACpE,IAAA,OAAO,qBAAA,CAAsB,OAAA,EAAS,IAAA,CAAK,eAAe,CAAA;AAAA,EAC5D;AACF;AA9SaH,mBAAA,GAAN,eAAA,CAAA;AAAA,EADNR,iBAAAA,EAAW;AAAA,EAGP,eAAA,CAAA,CAAA,EAAAY,cAAO,eAAe,CAAA,CAAA;AAAA,EAEtB,eAAA,CAAA,CAAA,EAAAA,cAAO,mBAAmB,CAAA,CAAA;AAAA,EAE1B,eAAA,CAAA,CAAA,EAAAA,cAAO,UAAU,CAAA,CAAA;AAAA,EAEjB,eAAA,CAAA,CAAA,EAAAA,cAAOR,oBAAY,CAAA;AAAA,CAAA,EARXI,mBAAA,CAAA;;;AChBN,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAAkD,WAAA,EAA0B;AAA1B,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AAAA,EAA2B;AAAA,EAG7E,SAAiB,GAAA,EAA2C;AAC1D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,QAAA,CAAS,GAAG,CAAA;AAAA,EACtC;AAAA,EAGA,MAAc,GAAA,EAAuC;AACnD,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,KAAA,CAAM,GAAG,CAAA;AAAA,EACnC;AAAA,EAIA,QAAgB,GAAA,EAA8C;AAC5D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AAAA,EAClD;AAAA,EAKA,OAAsB,IAAA,EAAoD;AACxE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAAA,EACzC;AAAA,EAIA,GAAkB,IAAA,EAAwD;AACxE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,EAAA,CAAG,IAAA,CAAK,GAAG,CAAA;AAAA,EACrC;AAAA,EAKA,YAAoB,GAAA,EAAkD;AACpE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,WAAA,CAAY,GAAA,CAAI,KAAK,CAAA;AAAA,EAC/C;AAAA,EAKA,eAAuB,GAAA,EAAiD;AACtE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,cAAA,CAAe,GAAA,CAAI,KAAK,CAAA;AAAA,EAClD;AAAA,EAKA,cAAsB,GAAA,EAAiD;AACrE,IAAA,OAAO,KAAK,WAAA,CAAY,aAAA,CAAc,GAAA,CAAI,KAAA,EAAO,IAAI,WAAW,CAAA;AAAA,EAClE;AACF,CAAA;AAhDE,eAAA,CAAA;AAAA,EADCK,YAAK,UAAU,CAAA;AAAA,EACN,eAAA,CAAA,CAAA,EAAAC,WAAA,EAAK;AAAA,CAAA,EAJJ,cAAA,CAIX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EADCD,YAAK,OAAO,CAAA;AAAA,EACN,eAAA,CAAA,CAAA,EAAAC,WAAA,EAAK;AAAA,CAAA,EATD,cAAA,CASX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAFCD,YAAK,SAAS,CAAA;AAAA,EACdE,eAAA,CAASC,kBAAW,EAAE,CAAA;AAAA,EACd,eAAA,CAAA,CAAA,EAAAF,WAAA,EAAK;AAAA,CAAA,EAfH,cAAA,CAeX,SAAA,EAAA,SAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAHCD,YAAK,QAAQ,CAAA;AAAA,EACbI,iBAAUpB,oBAAY,CAAA;AAAA,EACtBkB,eAAA,CAASC,kBAAW,EAAE,CAAA;AAAA,EACf,eAAA,CAAA,CAAA,EAAA,WAAA,EAAY;AAAA,CAAA,EAtBT,cAAA,CAsBX,SAAA,EAAA,QAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAFCE,WAAI,IAAI,CAAA;AAAA,EACRD,iBAAUpB,oBAAY,CAAA;AAAA,EACnB,eAAA,CAAA,CAAA,EAAA,WAAA,EAAY;AAAA,CAAA,EA5BL,cAAA,CA4BX,SAAA,EAAA,IAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFCgB,YAAK,cAAc,CAAA;AAAA,EACnBE,eAAA,CAASC,kBAAW,EAAE,CAAA;AAAA,EACV,eAAA,CAAA,CAAA,EAAAF,WAAA,EAAK;AAAA,CAAA,EAnCP,cAAA,CAmCX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFCD,YAAK,iBAAiB,CAAA;AAAA,EACtBE,eAAA,CAASC,kBAAW,EAAE,CAAA;AAAA,EACP,eAAA,CAAA,CAAA,EAAAF,WAAA,EAAK;AAAA,CAAA,EA1CV,cAAA,CA0CX,SAAA,EAAA,gBAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFCD,YAAK,gBAAgB,CAAA;AAAA,EACrBE,eAAA,CAASC,kBAAW,EAAE,CAAA;AAAA,EACR,eAAA,CAAA,CAAA,EAAAF,WAAA,EAAK;AAAA,CAAA,EAjDT,cAAA,CAiDX,SAAA,EAAA,eAAA,EAAA,CAAA,CAAA;AAjDW,cAAA,GAAN,eAAA,CAAA;AAAA,EADNK,kBAAW,MAAM,CAAA;AAAA,EAEH,eAAA,CAAA,CAAA,EAAAP,cAAOJ,mBAAW,CAAA;AAAA,CAAA,EADpB,cAAA,CAAA;ACfN,IAAM,WAAA,GAAN,cAA0BY,yBAAA,CAAiBC,oBAAQ,CAAA,CAAE;AAAA,EAC1D,WAAA,CAEE,SAEiB,cAAA,EACjB;AACA,IAAA,KAAA,CAAM;AAAA,MACJ,cAAA,EAAgBC,uBAAW,2BAAA,EAA4B;AAAA,MACvD,gBAAA,EAAkB,KAAA;AAAA,MAClB,aAAa,OAAA,CAAQ;AAAA,KACtB,CAAA;AANgB,IAAA,IAAA,CAAA,cAAA,GAAA,cAAA;AAAA,EAOnB;AAAA,EAEA,MAAM,SAAS,OAAA,EAAkD;AAC/D,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,cAAA,CAAe,QAAA,CAAS,QAAQ,GAAG,CAAA;AAC9D,IAAA,IAAI,OAAA,IAAW,IAAA,IAAQ,OAAA,CAAQ,QAAA,EAAU;AACvC,MAAA,MAAM,IAAIvB,6BAAsB,+BAA+B,CAAA;AAAA,IACjE;AACA,IAAA,OAAO,OAAA;AAAA,EACT;AACF,CAAA;AArBa,WAAA,GAAN,eAAA,CAAA;AAAA,EADNC,iBAAAA,EAAW;AAAA,EAGP,eAAA,CAAA,CAAA,EAAAY,cAAO,mBAAmB,CAAA,CAAA;AAAA,EAE1B,eAAA,CAAA,CAAA,EAAAA,cAAO,eAAe,CAAA;AAAA,CAAA,EAJd,WAAA,CAAA;;;ACQb,SAAS,oBAAoB,OAAA,EAAwC;AACnE,EAAA,OAAO;AAAA,IACL;AAAA,MACE,OAAA,EAAS,mBAAA;AAAA,MACT,QAAA,EAAU;AAAA,KACZ;AAAA,IACA;AAAA,MACE,OAAA,EAAS,UAAA;AAAA,MACT,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,MAC5B,UAAA,EAAY,CAAC,IAAA,KAA4B;AACvC,QAAA,MAAM,UAAA,GAAa,KAAK,KAAA,IAASX,wBAAA;AACjC,QAAA,OAAO,IAAI,UAAA,EAAW;AAAA,MACxB;AAAA,KACF;AAAA,IACAO,mBAAA;AAAA,IACAJ,oBAAA;AAAA,IACA,WAAA;AAAA,IACAP;AAAA,GACF;AACF;AAEA,SAAS,iBAAA,GAAmC;AAC1C,EAAA,OAAO;AAAA,IACL0B,uBAAA,CAAe,QAAA,CAAS,EAAE,eAAA,EAAiB,OAAO,CAAA;AAAA,IAClDC,cAAU,aAAA,CAAc;AAAA,MACtB,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,MAC5B,UAAA,EAAY,CAAC,IAAA,MACV;AAAA,QACC,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,WAAA,EAAa,EAAE,SAAA,EAAW,IAAA,CAAK,aAAa,IAAA;AAAK,OACnD;AAAA,KACH;AAAA,GACH;AACF;AAEA,SAAS,aAAa,WAAA,EAAsC;AAC1D,EAAA,MAAM,MAAA,GAAwB,CAAC,GAAG,iBAAA,EAAmB,CAAA;AACrD,EAAA,IAAI,eAAe,IAAA,EAAM;AACvB,IAAA,MAAA,CAAO,OAAA,CAAQ,GAAI,WAA6B,CAAA;AAAA,EAClD;AACA,EAAA,OAAO,MAAA;AACT;AAGaC,qBAAN,gBAAA,CAAiB;AAAA,EACtB,OAAO,QAAQ,OAAA,EAA2C;AACxD,IAAA,OAAO;AAAA,MACL,MAAA,EAAQA,kBAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,SAAS,iBAAA,EAAkB;AAAA,MAC3B,WAAA,EAAa,CAAC,cAAc,CAAA;AAAA,MAC5B,SAAA,EAAW,oBAAoB,OAAO,CAAA;AAAA,MACtC,OAAA,EAAS;AAAA,QACP,mBAAA;AAAA,QACA,UAAA;AAAA,QACAjB,mBAAA;AAAA,QACAJ,oBAAA;AAAA,QACAP,oBAAA;AAAA,QACA2B,aAAA;AAAA,QACAD;AAAA;AACF,KACF;AAAA,EACF;AAAA,EAEA,OAAO,aAAa,OAAA,EAAgD;AAClE,IAAA,OAAO;AAAA,MACL,MAAA,EAAQE,kBAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,YAAA,CAAa,OAAA,CAAQ,OAAO,CAAA;AAAA,MACrC,WAAA,EAAa,CAAC,cAAc,CAAA;AAAA,MAC5B,SAAA,EAAW;AAAA,QACT;AAAA,UACE,OAAA,EAAS,mBAAA;AAAA,UACT,MAAA,EAAS,OAAA,CAAQ,MAAA,IAAU,EAAC;AAAA,UAC5B,YAAY,OAAA,CAAQ;AAAA,SACtB;AAAA,QACA;AAAA,UACE,OAAA,EAAS,UAAA;AAAA,UACT,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,UAC5B,UAAA,EAAY,CAAC,IAAA,KAA4B;AACvC,YAAA,MAAM,UAAA,GAAa,KAAK,KAAA,IAASxB,wBAAA;AACjC,YAAA,OAAO,IAAI,UAAA,EAAW;AAAA,UACxB;AAAA,SACF;AAAA,QACAO,mBAAA;AAAA,QACAJ,oBAAA;AAAA,QACA,WAAA;AAAA,QACAP;AAAA,OACF;AAAA,MACA,OAAA,EAAS;AAAA,QACP,mBAAA;AAAA,QACA,UAAA;AAAA,QACAW,mBAAA;AAAA,QACAJ,oBAAA;AAAA,QACAP,oBAAA;AAAA,QACA2B,aAAA;AAAA,QACAD;AAAA;AACF,KACF;AAAA,EACF;AACF;AAxDaE,kBAAA,GAAN,eAAA,CAAA;AAAA,EADNC,aAAA,CAAO,EAAE;AAAA,CAAA,EACGD,kBAAA,CAAA;;;AC9DN,IAAM,gBAAN,MAAoB;AAG3B;ACDO,IAAM,oBAAN,MAAwB;AAG/B;AADE,eAAA,CAAA;AAAA,EADCE,sBAAA;AAAQ,CAAA,EADE,iBAAA,CAEX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;ACFK,IAAM,WAAN,MAAe;AAetB;AAXE,eAAA,CAAA;AAAA,EAHCC,yBAAA,EAAW;AAAA,EACXC,uBAAA,EAAS;AAAA,EACTC,qBAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAHH,QAAA,CAIX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCF,yBAAA,EAAW;AAAA,EACXC,uBAAA,EAAS;AAAA,EACTC,qBAAA,CAAO,GAAG,EAAE;AAAA,CAAA,EARF,QAAA,CASX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCD,uBAAA,EAAS;AAAA,EACTE,yBAAA,EAAW;AAAA,EACXD,qBAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAbH,QAAA,CAcX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;ACdK,IAAM,kBAAN,MAAsB;AAI7B;AADE,eAAA,CAAA;AAAA,EAFCD,uBAAAA,EAAS;AAAA,EACTE,yBAAAA;AAAW,CAAA,EAFD,eAAA,CAGX,SAAA,EAAA,cAAA,EAAA,CAAA,CAAA;;;ACLK,IAAM,iBAAN,MAAqB;AAE5B;ACAO,IAAM,cAAN,MAAkB;AAgBzB;AAZE,eAAA,CAAA;AAAA,EAHCH,yBAAAA,EAAW;AAAA,EACXC,uBAAAA,EAAS;AAAA,EACTC,qBAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAHH,WAAA,CAIX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAJCF,yBAAAA,EAAW;AAAA,EACXC,uBAAAA,EAAS;AAAA,EACTC,qBAAAA,CAAO,GAAG,EAAE,CAAA;AAAA,EACZE,uBAAQ,mBAAmB;AAAA,CAAA,EATjB,WAAA,CAUX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCH,uBAAAA,EAAS;AAAA,EACTE,yBAAAA,EAAW;AAAA,EACXD,qBAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAdH,WAAA,CAeX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;ACfK,IAAM,mBAAN,MAAuB;AAS9B;AANE,eAAA,CAAA;AAAA,EAFCD,uBAAAA,EAAS;AAAA,EACTE,yBAAAA;AAAW,CAAA,EAFD,gBAAA,CAGX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCF,uBAAAA,EAAS;AAAA,EACTE,yBAAAA,EAAW;AAAA,EACXD,qBAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAPH,gBAAA,CAQX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;ACRK,IAAM,iBAAN,MAAqB;AAI5B;AADE,eAAA,CAAA;AAAA,EAFCD,uBAAAA,EAAS;AAAA,EACTE,yBAAAA;AAAW,CAAA,EAFD,cAAA,CAGX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA","file":"index.cjs","sourcesContent":["import { createParamDecorator, type ExecutionContext } from \"@nestjs/common\";\n\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\nexport const CurrentUser = createParamDecorator(\n (_data: unknown, ctx: ExecutionContext): AuthJwtPayload => {\n const request = ctx.switchToHttp().getRequest<{ user: AuthJwtPayload }>();\n return request.user;\n },\n);\n","import { Injectable, UnauthorizedException } from \"@nestjs/common\";\nimport { AuthGuard } from \"@nestjs/passport\";\n\n@Injectable()\nexport class JwtAuthGuard extends AuthGuard(\"jwt\") {\n handleRequest<TUser>(\n err: Error | null,\n user: TUser,\n _info: unknown,\n ): TUser {\n if (err != null || user == null) {\n throw err ?? new UnauthorizedException();\n }\n return user;\n }\n}\n","/** String tokens — stable across tsup entry points (index + mongo). */\nexport const AUTH_MODULE_OPTIONS = \"AUTH_MODULE_OPTIONS\";\nexport const AUTH_HOOKS = \"AUTH_HOOKS\";\nexport const AUTH_REPOSITORY = \"AUTH_REPOSITORY\";\n","import { Injectable } from \"@nestjs/common\";\n\nimport type {\n AuthHooks,\n BaseAuthAccount,\n RegisterInput,\n} from \"../interfaces/auth-hooks.interface\";\n\n@Injectable()\nexport class DefaultAuthHooks implements AuthHooks {\n async buildJwtPayload(\n account: BaseAuthAccount,\n ): Promise<Record<string, unknown>> {\n return {\n sub: account.id,\n ...(account.email != null ? { email: account.email } : {}),\n ...(account.username != null ? { username: account.username } : {}),\n };\n }\n\n async enrichMe(account: BaseAuthAccount): Promise<Record<string, unknown>> {\n return {\n id: account.id,\n email: account.email,\n username: account.username,\n emailVerified: account.emailVerified,\n disabled: account.disabled,\n };\n }\n\n async onBeforeRegister(_input: RegisterInput): Promise<void> {\n return;\n }\n\n async onAfterRegister(_account: BaseAuthAccount): Promise<void> {\n return;\n }\n\n async onAfterLogin(_account: BaseAuthAccount): Promise<void> {\n return;\n }\n}\n","export function isDuplicateKeyError(error: unknown): boolean {\n return (\n !!error &&\n typeof error === \"object\" &&\n \"code\" in error &&\n (error as { code: number }).code === 11000\n );\n}\n","import type { AuthIdentifierField } from \"../interfaces/auth-config.interface\";\nimport type { BaseAuthAccount, RegisterInput } from \"../interfaces/auth-hooks.interface\";\n\nexport function normalizeIdentifier(value: string): string {\n return value.trim().toLowerCase();\n}\n\nexport function resolveRegisterIdentifier(\n input: RegisterInput,\n field: AuthIdentifierField,\n): string {\n const value = field === \"email\" ? input.email : input.username;\n if (value == null || value.trim() === \"\") {\n throw new Error(`Register input requires ${field}`);\n }\n return normalizeIdentifier(value);\n}\n\nexport function readAccountIdentifier(\n account: BaseAuthAccount,\n field: AuthIdentifierField,\n): string | undefined {\n const value = field === \"email\" ? account.email : account.username;\n return value != null ? normalizeIdentifier(value) : undefined;\n}\n","import { createHash, randomBytes } from \"crypto\";\n\nexport function generateRawToken(byteLength = 32): string {\n return randomBytes(byteLength).toString(\"hex\");\n}\n\nexport function hashToken(token: string): string {\n return createHash(\"sha256\").update(token).digest(\"hex\");\n}\n\nexport function expiresAtFromTtlMs(ttlMs: number): Date {\n return new Date(Date.now() + ttlMs);\n}\n\n/** Default: 24 hours */\nexport const DEFAULT_EMAIL_VERIFICATION_TTL_MS = 24 * 60 * 60 * 1000;\n\n/** Default: 15 minutes */\nexport const DEFAULT_PASSWORD_RESET_TTL_MS = 15 * 60 * 1000;\n","import { Inject, Injectable } from \"@nestjs/common\";\nimport { JwtService, type JwtSignOptions } from \"@nestjs/jwt\";\nimport * as bcrypt from \"bcryptjs\";\n\nimport { AUTH_MODULE_OPTIONS } from \"../constants/tokens\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type { AuthTokens } from \"../interfaces/auth-hooks.interface\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\n@Injectable()\nexport class TokenService {\n constructor(\n @Inject(JwtService)\n private readonly jwtService: JwtService,\n @Inject(AUTH_MODULE_OPTIONS)\n private readonly options: AuthModuleOptions,\n ) {}\n\n async signTokens(payload: AuthJwtPayload): Promise<AuthTokens> {\n const accessExpiresIn = this.options.expiresIn ?? \"1h\";\n const refreshExpiresIn = this.options.refreshExpiresIn ?? \"7d\";\n\n const [accessToken, refreshToken] = await Promise.all([\n this.jwtService.signAsync(\n payload as Record<string, unknown>,\n {\n secret: this.options.secret,\n expiresIn: accessExpiresIn,\n } as JwtSignOptions,\n ),\n this.jwtService.signAsync(\n payload as Record<string, unknown>,\n {\n secret: this.options.refreshSecret,\n expiresIn: refreshExpiresIn,\n } as JwtSignOptions,\n ),\n ]);\n\n return { accessToken, refreshToken };\n }\n\n async verifyRefreshToken(refreshToken: string): Promise<AuthJwtPayload> {\n return this.jwtService.verifyAsync<AuthJwtPayload>(refreshToken, {\n secret: this.options.refreshSecret,\n });\n }\n\n async hashRefreshToken(refreshToken: string): Promise<string> {\n return bcrypt.hash(refreshToken, 10);\n }\n\n async compareRefreshToken(\n refreshToken: string,\n hash: string,\n ): Promise<boolean> {\n return bcrypt.compare(refreshToken, hash);\n }\n}\n","import {\n BadRequestException,\n Inject,\n Injectable,\n NotFoundException,\n UnauthorizedException,\n} from \"@nestjs/common\";\nimport * as bcrypt from \"bcryptjs\";\n\nimport {\n AUTH_HOOKS,\n AUTH_MODULE_OPTIONS,\n AUTH_REPOSITORY,\n} from \"../constants/tokens\";\nimport type { LoginDto } from \"../dto/login.dto\";\nimport type { RegisterDto } from \"../dto/register.dto\";\nimport { DefaultAuthHooks } from \"../hooks/default-auth.hooks\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type {\n AuthHooks,\n AuthTokens,\n BaseAuthAccount,\n RegisterInput,\n} from \"../interfaces/auth-hooks.interface\";\nimport type { IAuthRepository } from \"../interfaces/auth-repository.interface\";\nimport { isDuplicateKeyError } from \"../utils/duplicate-key.util\";\nimport {\n normalizeIdentifier,\n readAccountIdentifier,\n resolveRegisterIdentifier,\n} from \"../utils/identifier.util\";\nimport {\n DEFAULT_EMAIL_VERIFICATION_TTL_MS,\n DEFAULT_PASSWORD_RESET_TTL_MS,\n expiresAtFromTtlMs,\n generateRawToken,\n hashToken,\n} from \"../utils/token.util\";\nimport { TokenService } from \"./token.service\";\n\n@Injectable()\nexport class AuthService {\n constructor(\n @Inject(AUTH_REPOSITORY)\n private readonly authRepository: IAuthRepository,\n @Inject(AUTH_MODULE_OPTIONS)\n private readonly options: AuthModuleOptions,\n @Inject(AUTH_HOOKS)\n private readonly hooks: AuthHooks,\n @Inject(TokenService)\n private readonly tokenService: TokenService,\n ) {}\n\n private get identifierField() {\n return this.options.identifierField ?? \"email\";\n }\n\n private get emailVerificationEnabled() {\n return this.options.features?.emailVerification === true;\n }\n\n private get passwordResetEnabled() {\n return this.options.features?.passwordReset === true;\n }\n\n private get rotateRefreshToken() {\n return this.options.features?.refreshTokenRotation !== false;\n }\n\n private resolveLoginIdentifier(dto: LoginDto): string {\n const value =\n this.identifierField === \"email\" ? dto.email : dto.username;\n if (value == null || value.trim() === \"\") {\n throw new BadRequestException(\n `${this.identifierField} is required for login`,\n );\n }\n return normalizeIdentifier(value);\n }\n\n async register(dto: RegisterDto): Promise<{ registered: true }> {\n this.assertEmailHookWhenVerificationEnabled();\n\n const input: RegisterInput = { password: dto.password };\n if (dto.email != null) input.email = dto.email;\n if (dto.username != null) input.username = dto.username;\n\n await this.hooks.onBeforeRegister?.(input);\n\n resolveRegisterIdentifier(input, this.identifierField);\n this.assertRegisterEmailWhenVerificationEnabled(input);\n\n const passwordHash = await bcrypt.hash(dto.password, 10);\n\n try {\n const account = await this.authRepository.create({\n ...input,\n passwordHash,\n emailVerified: !this.emailVerificationEnabled,\n });\n\n await this.hooks.onAfterRegister?.(account);\n\n if (this.emailVerificationEnabled) {\n await this.sendVerificationEmail(account);\n }\n } catch (error) {\n if (isDuplicateKeyError(error)) {\n throw new UnauthorizedException(`${this.identifierField} already exists`);\n }\n throw error;\n }\n\n return { registered: true };\n }\n\n async login(dto: LoginDto): Promise<AuthTokens> {\n const identifier = this.resolveLoginIdentifier(dto);\n const account = await this.authRepository.findByIdentifierWithSecrets(\n identifier,\n );\n\n if (account?.passwordHash == null) {\n throw new UnauthorizedException(\"Invalid credentials\");\n }\n\n this.assertAccountActive(account);\n\n const passwordMatches = await bcrypt.compare(\n dto.password,\n account.passwordHash,\n );\n if (!passwordMatches) {\n throw new UnauthorizedException(\"Invalid credentials\");\n }\n\n return this.issueTokens(account);\n }\n\n async refresh(refreshToken: string): Promise<AuthTokens> {\n let payload;\n try {\n payload = await this.tokenService.verifyRefreshToken(refreshToken);\n } catch {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n const account = await this.authRepository.findByIdWithSecrets(payload.sub);\n if (account?.refreshTokenHash == null) {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n this.assertAccountActive(account);\n\n const tokenMatches = await this.tokenService.compareRefreshToken(\n refreshToken,\n account.refreshTokenHash,\n );\n if (!tokenMatches) {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n return this.issueTokens(account);\n }\n\n async logout(authId: string): Promise<{ loggedOut: true }> {\n await this.authRepository.updateRefreshTokenHash(authId, null);\n return { loggedOut: true };\n }\n\n async me(authId: string): Promise<Record<string, unknown>> {\n const account = await this.authRepository.findById(authId);\n if (account == null) {\n throw new UnauthorizedException(\"Account not found\");\n }\n\n if (this.hooks.enrichMe != null) {\n return this.hooks.enrichMe(account);\n }\n\n return new DefaultAuthHooks().enrichMe(account);\n }\n\n async verifyEmail(token: string): Promise<{ verified: true }> {\n this.assertEmailVerificationEnabled();\n\n const tokenHash = hashToken(token);\n const account =\n await this.authRepository.findByEmailVerificationTokenHash(tokenHash);\n if (account == null) {\n throw new BadRequestException(\"TOKEN_INVALID_OR_EXPIRED\");\n }\n\n await this.authRepository.markEmailVerified(account.id);\n return { verified: true };\n }\n\n async forgotPassword(email: string): Promise<{ sent: true }> {\n this.assertPasswordResetEnabled();\n this.assertEmailHookWhenPasswordResetEnabled();\n\n const normalizedEmail = normalizeIdentifier(email);\n const account = await this.authRepository.findByEmail(normalizedEmail);\n\n if (account != null) {\n const rawToken = generateRawToken();\n const tokenHash = hashToken(rawToken);\n const expiresAt = expiresAtFromTtlMs(\n this.options.passwordResetTokenTtlMs ?? DEFAULT_PASSWORD_RESET_TTL_MS,\n );\n\n await this.authRepository.setResetToken(account.id, tokenHash, expiresAt);\n await this.hooks.sendEmail!(\"reset\", normalizedEmail, rawToken);\n }\n\n return { sent: true };\n }\n\n async resetPassword(\n token: string,\n newPassword: string,\n ): Promise<{ reset: true }> {\n this.assertPasswordResetEnabled();\n\n const tokenHash = hashToken(token);\n const account = await this.authRepository.findByResetTokenHash(tokenHash);\n if (account == null) {\n throw new BadRequestException(\"TOKEN_INVALID_OR_EXPIRED\");\n }\n\n const passwordHash = await bcrypt.hash(newPassword, 10);\n await this.authRepository.updatePasswordHash(account.id, passwordHash);\n await this.authRepository.clearResetToken(account.id);\n await this.authRepository.updateRefreshTokenHash(account.id, null);\n\n return { reset: true };\n }\n\n private assertAccountActive(account: BaseAuthAccount): void {\n if (account.disabled) {\n throw new UnauthorizedException(\"ACCOUNT_DISABLED\");\n }\n\n if (this.emailVerificationEnabled && !account.emailVerified) {\n throw new UnauthorizedException(\"EMAIL_NOT_VERIFIED\");\n }\n }\n\n private async issueTokens(account: BaseAuthAccount): Promise<AuthTokens> {\n const payload = await this.hooks.buildJwtPayload(account);\n const tokens = await this.tokenService.signTokens({\n ...payload,\n sub: account.id,\n });\n\n if (this.rotateRefreshToken) {\n const refreshTokenHash = await this.tokenService.hashRefreshToken(\n tokens.refreshToken,\n );\n await this.authRepository.updateRefreshTokenHash(\n account.id,\n refreshTokenHash,\n );\n }\n\n await this.hooks.onAfterLogin?.(account);\n return tokens;\n }\n\n private async sendVerificationEmail(account: BaseAuthAccount): Promise<void> {\n const email = this.resolveAccountEmail(account);\n if (email == null) return;\n\n const rawToken = generateRawToken();\n const tokenHash = hashToken(rawToken);\n const expiresAt = expiresAtFromTtlMs(\n this.options.emailVerificationTokenTtlMs ??\n DEFAULT_EMAIL_VERIFICATION_TTL_MS,\n );\n\n await this.authRepository.setEmailVerificationToken(\n account.id,\n tokenHash,\n expiresAt,\n );\n await this.hooks.sendEmail!(\"verify\", email, rawToken);\n }\n\n private resolveAccountEmail(account: BaseAuthAccount): string | null {\n if (account.email != null && account.email.trim() !== \"\") {\n return normalizeIdentifier(account.email);\n }\n return null;\n }\n\n private assertRegisterEmailWhenVerificationEnabled(input: RegisterInput): void {\n if (!this.emailVerificationEnabled) return;\n\n const email =\n this.identifierField === \"email\"\n ? resolveRegisterIdentifier(input, \"email\")\n : input.email != null\n ? normalizeIdentifier(input.email)\n : null;\n\n if (email == null || email.trim() === \"\") {\n throw new BadRequestException(\n \"email is required when emailVerification feature is enabled\",\n );\n }\n }\n\n private assertEmailHookWhenVerificationEnabled(): void {\n if (this.emailVerificationEnabled && this.hooks.sendEmail == null) {\n throw new BadRequestException(\n \"emailVerification is enabled but AuthHooks.sendEmail is not implemented\",\n );\n }\n }\n\n private assertEmailHookWhenPasswordResetEnabled(): void {\n if (this.passwordResetEnabled && this.hooks.sendEmail == null) {\n throw new BadRequestException(\n \"passwordReset is enabled but AuthHooks.sendEmail is not implemented\",\n );\n }\n }\n\n private assertEmailVerificationEnabled(): void {\n if (!this.emailVerificationEnabled) {\n throw new NotFoundException();\n }\n }\n\n private assertPasswordResetEnabled(): void {\n if (!this.passwordResetEnabled) {\n throw new NotFoundException();\n }\n }\n\n getIdentifierForAccount(account: BaseAuthAccount): string | undefined {\n return readAccountIdentifier(account, this.identifierField);\n }\n}\n","import {\n Body,\n Controller,\n Get,\n HttpCode,\n HttpStatus,\n Inject,\n Post,\n UseGuards,\n} from \"@nestjs/common\";\n\nimport { AuthTokensDto } from \"../dto/auth-tokens.dto\";\nimport { ForgotPasswordDto } from \"../dto/forgot-password.dto\";\nimport { LoginDto } from \"../dto/login.dto\";\nimport { RefreshTokenDto } from \"../dto/refresh-token.dto\";\nimport { RegisterAckDto } from \"../dto/register-ack.dto\";\nimport { RegisterDto } from \"../dto/register.dto\";\nimport { ResetPasswordDto } from \"../dto/reset-password.dto\";\nimport { VerifyEmailDto } from \"../dto/verify-email.dto\";\nimport { CurrentUser } from \"../decorators/current-user.decorator\";\nimport { JwtAuthGuard } from \"../guards/jwt-auth.guard\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\nimport { AuthService } from \"../services/auth.service\";\n\n@Controller(\"auth\")\nexport class AuthController {\n constructor(@Inject(AuthService) private readonly authService: AuthService) {}\n\n @Post(\"register\")\n register(@Body() dto: RegisterDto): Promise<RegisterAckDto> {\n return this.authService.register(dto);\n }\n\n @Post(\"login\")\n login(@Body() dto: LoginDto): Promise<AuthTokensDto> {\n return this.authService.login(dto);\n }\n\n @Post(\"refresh\")\n @HttpCode(HttpStatus.OK)\n refresh(@Body() dto: RefreshTokenDto): Promise<AuthTokensDto> {\n return this.authService.refresh(dto.refreshToken);\n }\n\n @Post(\"logout\")\n @UseGuards(JwtAuthGuard)\n @HttpCode(HttpStatus.OK)\n logout(@CurrentUser() user: AuthJwtPayload): Promise<{ loggedOut: true }> {\n return this.authService.logout(user.sub);\n }\n\n @Get(\"me\")\n @UseGuards(JwtAuthGuard)\n me(@CurrentUser() user: AuthJwtPayload): Promise<Record<string, unknown>> {\n return this.authService.me(user.sub);\n }\n\n /** Available only when `features.emailVerification` is enabled. */\n @Post(\"verify-email\")\n @HttpCode(HttpStatus.OK)\n verifyEmail(@Body() dto: VerifyEmailDto): Promise<{ verified: true }> {\n return this.authService.verifyEmail(dto.token);\n }\n\n /** Available only when `features.passwordReset` is enabled. */\n @Post(\"forgot-password\")\n @HttpCode(HttpStatus.OK)\n forgotPassword(@Body() dto: ForgotPasswordDto): Promise<{ sent: true }> {\n return this.authService.forgotPassword(dto.email);\n }\n\n /** Available only when `features.passwordReset` is enabled. */\n @Post(\"reset-password\")\n @HttpCode(HttpStatus.OK)\n resetPassword(@Body() dto: ResetPasswordDto): Promise<{ reset: true }> {\n return this.authService.resetPassword(dto.token, dto.newPassword);\n }\n}\n","import { Inject, Injectable, UnauthorizedException } from \"@nestjs/common\";\nimport { PassportStrategy } from \"@nestjs/passport\";\nimport { ExtractJwt, Strategy } from \"passport-jwt\";\n\nimport { AUTH_MODULE_OPTIONS, AUTH_REPOSITORY } from \"../constants/tokens\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type { IAuthRepository } from \"../interfaces/auth-repository.interface\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\n@Injectable()\nexport class JwtStrategy extends PassportStrategy(Strategy) {\n constructor(\n @Inject(AUTH_MODULE_OPTIONS)\n options: AuthModuleOptions,\n @Inject(AUTH_REPOSITORY)\n private readonly authRepository: IAuthRepository,\n ) {\n super({\n jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),\n ignoreExpiration: false,\n secretOrKey: options.secret,\n });\n }\n\n async validate(payload: AuthJwtPayload): Promise<AuthJwtPayload> {\n const account = await this.authRepository.findById(payload.sub);\n if (account == null || account.disabled) {\n throw new UnauthorizedException(\"Account not found or inactive\");\n }\n return payload;\n }\n}\n","import { DynamicModule, Module, Provider } from \"@nestjs/common\";\nimport { JwtModule, type JwtModuleOptions } from \"@nestjs/jwt\";\nimport { PassportModule } from \"@nestjs/passport\";\n\nimport { AuthController } from \"./controllers/auth.controller\";\nimport { AUTH_HOOKS, AUTH_MODULE_OPTIONS } from \"./constants/tokens\";\nimport { DefaultAuthHooks } from \"./hooks/default-auth.hooks\";\nimport type {\n AuthModuleAsyncOptions,\n AuthModuleOptions,\n} from \"./interfaces/auth-config.interface\";\nimport { AuthService } from \"./services/auth.service\";\nimport { TokenService } from \"./services/token.service\";\nimport { JwtAuthGuard } from \"./guards/jwt-auth.guard\";\nimport { JwtStrategy } from \"./strategies/jwt.strategy\";\n\ntype ModuleImports = NonNullable<DynamicModule[\"imports\"]>;\n\nfunction createAuthProviders(options: AuthModuleOptions): Provider[] {\n return [\n {\n provide: AUTH_MODULE_OPTIONS,\n useValue: options,\n },\n {\n provide: AUTH_HOOKS,\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) => {\n const HooksClass = opts.hooks ?? DefaultAuthHooks;\n return new HooksClass();\n },\n },\n AuthService,\n TokenService,\n JwtStrategy,\n JwtAuthGuard,\n ];\n}\n\nfunction createAuthImports(): ModuleImports {\n return [\n PassportModule.register({ defaultStrategy: \"jwt\" }),\n JwtModule.registerAsync({\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) =>\n ({\n secret: opts.secret,\n signOptions: { expiresIn: opts.expiresIn ?? \"1h\" },\n }) as JwtModuleOptions,\n }),\n ];\n}\n\nfunction mergeImports(userImports?: unknown): ModuleImports {\n const merged: ModuleImports = [...createAuthImports()];\n if (userImports != null) {\n merged.unshift(...(userImports as ModuleImports));\n }\n return merged;\n}\n\n@Module({})\nexport class AuthModule {\n static forRoot(options: AuthModuleOptions): DynamicModule {\n return {\n module: AuthModule,\n global: true,\n imports: createAuthImports(),\n controllers: [AuthController],\n providers: createAuthProviders(options),\n exports: [\n AUTH_MODULE_OPTIONS,\n AUTH_HOOKS,\n AuthService,\n TokenService,\n JwtAuthGuard,\n JwtModule,\n PassportModule,\n ],\n };\n }\n\n static forRootAsync(options: AuthModuleAsyncOptions): DynamicModule {\n return {\n module: AuthModule,\n global: true,\n imports: mergeImports(options.imports),\n controllers: [AuthController],\n providers: [\n {\n provide: AUTH_MODULE_OPTIONS,\n inject: (options.inject ?? []) as never[],\n useFactory: options.useFactory,\n },\n {\n provide: AUTH_HOOKS,\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) => {\n const HooksClass = opts.hooks ?? DefaultAuthHooks;\n return new HooksClass();\n },\n },\n AuthService,\n TokenService,\n JwtStrategy,\n JwtAuthGuard,\n ],\n exports: [\n AUTH_MODULE_OPTIONS,\n AUTH_HOOKS,\n AuthService,\n TokenService,\n JwtAuthGuard,\n JwtModule,\n PassportModule,\n ],\n };\n }\n}\n","export class AuthTokensDto {\n accessToken!: string;\n refreshToken!: string;\n}\n","import { IsEmail } from \"class-validator\";\n\nexport class ForgotPasswordDto {\n @IsEmail()\n email!: string;\n}\n","import { IsNotEmpty, IsOptional, IsString, Length } from \"class-validator\";\n\nexport class LoginDto {\n @IsOptional()\n @IsString()\n @Length(3, 255)\n email?: string;\n\n @IsOptional()\n @IsString()\n @Length(3, 50)\n username?: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n password!: string;\n}\n","import { IsNotEmpty, IsString } from \"class-validator\";\n\nexport class RefreshTokenDto {\n @IsString()\n @IsNotEmpty()\n refreshToken!: string;\n}\n","export class RegisterAckDto {\n registered!: true;\n}\n","import { IsNotEmpty, IsOptional, IsString, Length, Matches } from \"class-validator\";\n\nexport class RegisterDto {\n @IsOptional()\n @IsString()\n @Length(3, 255)\n email?: string;\n\n @IsOptional()\n @IsString()\n @Length(3, 50)\n @Matches(/^[a-zA-Z0-9._-]+$/)\n username?: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n password!: string;\n}\n","import { IsNotEmpty, IsString, Length } from \"class-validator\";\n\nexport class ResetPasswordDto {\n @IsString()\n @IsNotEmpty()\n token!: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n newPassword!: string;\n}\n","import { IsNotEmpty, IsString } from \"class-validator\";\n\nexport class VerifyEmailDto {\n @IsString()\n @IsNotEmpty()\n token!: string;\n}\n"]}
|