@aranzatech/aranza-auth 0.1.2 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +47 -24
- package/README.md +106 -10
- package/SECURITY.md +58 -0
- package/dist/{auth-repository.interface-BMlJc-98.d.cts → auth-repository.interface-9PpDVOs8.d.cts} +32 -2
- package/dist/{auth-repository.interface-BMlJc-98.d.ts → auth-repository.interface-9PpDVOs8.d.ts} +32 -2
- package/dist/{chunk-JLRBMDLH.js → chunk-QNEFN5ES.js} +5 -5
- package/dist/chunk-QNEFN5ES.js.map +1 -0
- package/dist/index.cjs +274 -68
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +65 -3
- package/dist/index.d.ts +65 -3
- package/dist/index.js +273 -69
- package/dist/index.js.map +1 -1
- package/dist/mongo/index.cjs +56 -5
- package/dist/mongo/index.cjs.map +1 -1
- package/dist/mongo/index.d.cts +7 -1
- package/dist/mongo/index.d.ts +7 -1
- package/dist/mongo/index.js +57 -3
- package/dist/mongo/index.js.map +1 -1
- package/package.json +3 -2
- package/dist/chunk-JLRBMDLH.js.map +0 -1
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/decorators/current-user.decorator.ts","../src/guards/jwt-auth.guard.ts","../src/hooks/default-auth.hooks.ts","../src/utils/duplicate-key.util.ts","../src/utils/token.util.ts","../src/services/token.service.ts","../src/services/auth.service.ts","../src/controllers/auth.controller.ts","../src/strategies/jwt.strategy.ts","../src/auth.module.ts","../src/dto/auth-tokens.dto.ts","../src/dto/forgot-password.dto.ts","../src/dto/login.dto.ts","../src/dto/refresh-token.dto.ts","../src/dto/register-ack.dto.ts","../src/dto/register.dto.ts","../src/dto/reset-password.dto.ts","../src/dto/verify-email.dto.ts"],"names":["Injectable","bcrypt","hash","UnauthorizedException","Inject","IsString","IsNotEmpty","IsOptional","Length"],"mappings":";;;;;;;;;;AAIO,IAAM,WAAA,GAAc,oBAAA;AAAA,EACzB,CAAC,OAAgB,GAAA,KAA0C;AACzD,IAAA,MAAM,OAAA,GAAU,GAAA,CAAI,YAAA,EAAa,CAAE,UAAA,EAAqC;AACxE,IAAA,OAAO,OAAA,CAAQ,IAAA;AAAA,EACjB;AACF;ACLO,IAAM,YAAA,GAAN,cAA2B,SAAA,CAAU,KAAK,CAAA,CAAE;AAAA,EACjD,aAAA,CACE,GAAA,EACA,IAAA,EACA,KAAA,EACO;AAEP,IAAA,IAAI,GAAA,IAAO,IAAA,IAAQ,CAAC,IAAA,EAAM;AACxB,MAAA,MAAM,GAAA,IAAO,IAAI,qBAAA,EAAsB;AAAA,IACzC;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAZa,YAAA,GAAN,eAAA,CAAA;AAAA,EADN,UAAA;AAAW,CAAA,EACC,YAAA,CAAA;ACKN,IAAM,mBAAN,MAA4C;AAAA,EACjD,MAAM,gBACJ,OAAA,EACkC;AAClC,IAAA,OAAO;AAAA,MACL,KAAK,OAAA,CAAQ,EAAA;AAAA,MACb,GAAI,QAAQ,KAAA,IAAS,IAAA,GAAO,EAAE,KAAA,EAAO,OAAA,CAAQ,KAAA,EAAM,GAAI,EAAC;AAAA,MACxD,GAAI,QAAQ,QAAA,IAAY,IAAA,GAAO,EAAE,QAAA,EAAU,OAAA,CAAQ,QAAA,EAAS,GAAI;AAAC,KACnE;AAAA,EACF;AAAA,EAEA,MAAM,SAAS,OAAA,EAA4D;AACzE,IAAA,OAAO;AAAA,MACL,IAAI,OAAA,CAAQ,EAAA;AAAA,MACZ,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,UAAU,OAAA,CAAQ,QAAA;AAAA,MAClB,eAAe,OAAA,CAAQ,aAAA;AAAA,MACvB,UAAU,OAAA,CAAQ;AAAA,KACpB;AAAA,EACF;AAAA,EAEA,MAAM,iBAAiB,MAAA,EAAsC;AAC3D,IAAA;AAAA,EACF;AAAA,EAEA,MAAM,gBAAgB,QAAA,EAA0C;AAC9D,IAAA;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,QAAA,EAA0C;AAC3D,IAAA;AAAA,EACF;AACF;AAhCa,gBAAA,GAAN,eAAA,CAAA;AAAA,EADNA,UAAAA;AAAW,CAAA,EACC,gBAAA,CAAA;;;ACTN,SAAS,oBAAoB,KAAA,EAAyB;AAC3D,EAAA,OACE,CAAC,CAAC,KAAA,IACF,OAAO,UAAU,QAAA,IACjB,MAAA,IAAU,KAAA,IACT,KAAA,CAA2B,IAAA,KAAS,IAAA;AAEzC;ACLO,SAAS,gBAAA,CAAiB,aAAa,EAAA,EAAY;AACxD,EAAA,OAAO,WAAA,CAAY,UAAU,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AAC/C;AAEO,SAAS,UAAU,KAAA,EAAuB;AAC/C,EAAA,OAAO,WAAW,QAAQ,CAAA,CAAE,OAAO,KAAK,CAAA,CAAE,OAAO,KAAK,CAAA;AACxD;AAEO,SAAS,mBAAmB,KAAA,EAAqB;AACtD,EAAA,OAAO,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,KAAK,CAAA;AACpC;AAGO,IAAM,iCAAA,GAAoC,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAGzD,IAAM,6BAAA,GAAgC,KAAK,EAAA,GAAK,GAAA;ACRhD,IAAM,eAAN,MAAmB;AAAA,EACxB,WAAA,CAEmB,YAEA,OAAA,EACjB;AAHiB,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAEA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAChB;AAAA,EAEH,MAAM,WAAW,OAAA,EAA8C;AAC7D,IAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,OAAA,CAAQ,SAAA,IAAa,IAAA;AAClD,IAAA,MAAM,gBAAA,GAAmB,IAAA,CAAK,OAAA,CAAQ,gBAAA,IAAoB,IAAA;AAE1D,IAAA,MAAM,CAAC,WAAA,EAAa,YAAY,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,MACpD,KAAK,UAAA,CAAW,SAAA;AAAA,QACd,OAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,KAAK,OAAA,CAAQ,MAAA;AAAA,UACrB,SAAA,EAAW;AAAA;AACb,OACF;AAAA,MACA,KAAK,UAAA,CAAW,SAAA;AAAA,QACd,OAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,KAAK,OAAA,CAAQ,aAAA;AAAA,UACrB,SAAA,EAAW;AAAA;AACb;AACF,KACD,CAAA;AAED,IAAA,OAAO,EAAE,aAAa,YAAA,EAAa;AAAA,EACrC;AAAA,EAEA,MAAM,mBAAmB,YAAA,EAA+C;AACtE,IAAA,OAAO,IAAA,CAAK,UAAA,CAAW,WAAA,CAA4B,YAAA,EAAc;AAAA,MAC/D,MAAA,EAAQ,KAAK,OAAA,CAAQ;AAAA,KACtB,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,iBAAiB,YAAA,EAAuC;AAC5D,IAAA,OAAcC,OAAA,CAAA,IAAA,CAAK,cAAc,EAAE,CAAA;AAAA,EACrC;AAAA,EAEA,MAAM,mBAAA,CACJ,YAAA,EACAC,KAAAA,EACkB;AAClB,IAAA,OAAcD,OAAA,CAAA,OAAA,CAAQ,cAAcC,KAAI,CAAA;AAAA,EAC1C;AACF;AAhDa,YAAA,GAAN,eAAA,CAAA;AAAA,EADNF,UAAAA,EAAW;AAAA,EAGP,0BAAO,UAAU,CAAA,CAAA;AAAA,EAEjB,0BAAO,mBAAmB,CAAA;AAAA,CAAA,EAJlB,YAAA,CAAA;;;AC+BN,IAAM,cAAN,MAAkB;AAAA,EACvB,WAAA,CAEmB,cAAA,EAEA,OAAA,EAEA,KAAA,EAEA,YAAA,EACjB;AAPiB,IAAA,IAAA,CAAA,cAAA,GAAA,cAAA;AAEA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAEA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AAAA,EAChB;AAAA,EAEH,IAAY,eAAA,GAAkB;AAC5B,IAAA,OAAO,IAAA,CAAK,QAAQ,eAAA,IAAmB,OAAA;AAAA,EACzC;AAAA,EAEA,IAAY,wBAAA,GAA2B;AACrC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,iBAAA,KAAsB,IAAA;AAAA,EACtD;AAAA,EAEA,IAAY,oBAAA,GAAuB;AACjC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,aAAA,KAAkB,IAAA;AAAA,EAClD;AAAA,EAEA,IAAY,kBAAA,GAAqB;AAC/B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,oBAAA,KAAyB,KAAA;AAAA,EACzD;AAAA,EAEQ,uBAAuB,GAAA,EAAuB;AACpD,IAAA,MAAM,QACJ,IAAA,CAAK,eAAA,KAAoB,OAAA,GAAU,GAAA,CAAI,QAAQ,GAAA,CAAI,QAAA;AACrD,IAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR,CAAA,EAAG,KAAK,eAAe,CAAA,sBAAA;AAAA,OACzB;AAAA,IACF;AACA,IAAA,OAAO,oBAAoB,KAAK,CAAA;AAAA,EAClC;AAAA,EAEA,MAAM,SAAS,GAAA,EAAiD;AAC9D,IAAA,IAAA,CAAK,sCAAA,EAAuC;AAE5C,IAAA,MAAM,KAAA,GAAuB,EAAE,QAAA,EAAU,GAAA,CAAI,QAAA,EAAS;AACtD,IAAA,IAAI,GAAA,CAAI,KAAA,IAAS,IAAA,EAAM,KAAA,CAAM,QAAQ,GAAA,CAAI,KAAA;AACzC,IAAA,IAAI,GAAA,CAAI,QAAA,IAAY,IAAA,EAAM,KAAA,CAAM,WAAW,GAAA,CAAI,QAAA;AAE/C,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,gBAAA,GAAmB,KAAK,CAAA;AAEzC,IAAA,yBAAA,CAA0B,KAAA,EAAO,KAAK,eAAe,CAAA;AACrD,IAAA,IAAA,CAAK,2CAA2C,KAAK,CAAA;AAErD,IAAA,MAAM,YAAA,GAAe,MAAa,OAAA,CAAA,IAAA,CAAK,GAAA,CAAI,UAAU,EAAE,CAAA;AAEvD,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAA,CAAO;AAAA,QAC/C,GAAG,KAAA;AAAA,QACH,YAAA;AAAA,QACA,aAAA,EAAe,CAAC,IAAA,CAAK;AAAA,OACtB,CAAA;AAED,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,eAAA,GAAkB,OAAO,CAAA;AAE1C,MAAA,IAAI,KAAK,wBAAA,EAA0B;AACjC,QAAA,MAAM,IAAA,CAAK,sBAAsB,OAAO,CAAA;AAAA,MAC1C;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC9B,QAAA,MAAM,IAAIG,qBAAAA,CAAsB,CAAA,EAAG,IAAA,CAAK,eAAe,CAAA,eAAA,CAAiB,CAAA;AAAA,MAC1E;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AAEA,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,MAAM,GAAA,EAAoC;AAC9C,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,sBAAA,CAAuB,GAAG,CAAA;AAClD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,2BAAA;AAAA,MACxC;AAAA,KACF;AAEA,IAAA,IAAI,OAAA,EAAS,gBAAgB,IAAA,EAAM;AACjC,MAAA,MAAM,IAAIA,sBAAsB,qBAAqB,CAAA;AAAA,IACvD;AAEA,IAAA,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAEhC,IAAA,MAAM,kBAAkB,MAAa,OAAA,CAAA,OAAA;AAAA,MACnC,GAAA,CAAI,QAAA;AAAA,MACJ,OAAA,CAAQ;AAAA,KACV;AACA,IAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,MAAA,MAAM,IAAIA,sBAAsB,qBAAqB,CAAA;AAAA,IACvD;AAEA,IAAA,OAAO,IAAA,CAAK,YAAY,OAAO,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,QAAQ,YAAA,EAA2C;AACvD,IAAA,IAAI,OAAA;AACJ,IAAA,IAAI;AACF,MAAA,OAAA,GAAU,MAAM,IAAA,CAAK,YAAA,CAAa,kBAAA,CAAmB,YAAY,CAAA;AAAA,IACnE,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAIA,sBAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,cAAA,CAAe,mBAAA,CAAoB,QAAQ,GAAG,CAAA;AACzE,IAAA,IAAI,OAAA,EAAS,oBAAoB,IAAA,EAAM;AACrC,MAAA,MAAM,IAAIA,sBAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAEhC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,YAAA,CAAa,mBAAA;AAAA,MAC3C,YAAA;AAAA,MACA,OAAA,CAAQ;AAAA,KACV;AACA,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,MAAM,IAAIA,sBAAsB,uBAAuB,CAAA;AAAA,IACzD;AAEA,IAAA,OAAO,IAAA,CAAK,YAAY,OAAO,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,OAAO,MAAA,EAA8C;AACzD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,MAAA,EAAQ,IAAI,CAAA;AAC7D,IAAA,OAAO,EAAE,WAAW,IAAA,EAAK;AAAA,EAC3B;AAAA,EAEA,MAAM,GAAG,MAAA,EAAkD;AACzD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,MAAM,CAAA;AACzD,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAIA,sBAAsB,mBAAmB,CAAA;AAAA,IACrD;AAEA,IAAA,IAAI,IAAA,CAAK,KAAA,CAAM,QAAA,IAAY,IAAA,EAAM;AAC/B,MAAA,OAAO,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,OAAO,CAAA;AAAA,IACpC;AAEA,IAAA,OAAO,IAAI,gBAAA,EAAiB,CAAE,QAAA,CAAS,OAAO,CAAA;AAAA,EAChD;AAAA,EAEA,MAAM,YAAY,KAAA,EAA4C;AAC5D,IAAA,IAAA,CAAK,8BAAA,EAA+B;AAEpC,IAAA,MAAM,SAAA,GAAY,UAAU,KAAK,CAAA;AACjC,IAAA,MAAM,OAAA,GACJ,MAAM,IAAA,CAAK,cAAA,CAAe,iCAAiC,SAAS,CAAA;AACtE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAI,oBAAoB,0BAA0B,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,iBAAA,CAAkB,OAAA,CAAQ,EAAE,CAAA;AACtD,IAAA,OAAO,EAAE,UAAU,IAAA,EAAK;AAAA,EAC1B;AAAA,EAEA,MAAM,eAAe,KAAA,EAAwC;AAC3D,IAAA,IAAA,CAAK,0BAAA,EAA2B;AAChC,IAAA,IAAA,CAAK,uCAAA,EAAwC;AAE7C,IAAA,MAAM,eAAA,GAAkB,oBAAoB,KAAK,CAAA;AACjD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,YAAY,eAAe,CAAA;AAErE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,WAAW,gBAAA,EAAiB;AAClC,MAAA,MAAM,SAAA,GAAY,UAAU,QAAQ,CAAA;AACpC,MAAA,MAAM,SAAA,GAAY,kBAAA;AAAA,QAChB,IAAA,CAAK,QAAQ,uBAAA,IAA2B;AAAA,OAC1C;AAEA,MAAA,MAAM,KAAK,cAAA,CAAe,aAAA,CAAc,OAAA,CAAQ,EAAA,EAAI,WAAW,SAAS,CAAA;AACxE,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,SAAA,CAAW,OAAA,EAAS,iBAAiB,QAAQ,CAAA;AAAA,IAChE;AAEA,IAAA,OAAO,EAAE,MAAM,IAAA,EAAK;AAAA,EACtB;AAAA,EAEA,MAAM,aAAA,CACJ,KAAA,EACA,WAAA,EAC0B;AAC1B,IAAA,IAAA,CAAK,0BAAA,EAA2B;AAEhC,IAAA,MAAM,SAAA,GAAY,UAAU,KAAK,CAAA;AACjC,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,qBAAqB,SAAS,CAAA;AACxE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAI,oBAAoB,0BAA0B,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,YAAA,GAAe,MAAa,OAAA,CAAA,IAAA,CAAK,WAAA,EAAa,EAAE,CAAA;AACtD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,kBAAA,CAAmB,OAAA,CAAQ,IAAI,YAAY,CAAA;AACrE,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,eAAA,CAAgB,OAAA,CAAQ,EAAE,CAAA;AACpD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,OAAA,CAAQ,IAAI,IAAI,CAAA;AAEjE,IAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AAAA,EACvB;AAAA,EAEQ,oBAAoB,OAAA,EAAgC;AAC1D,IAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,MAAA,MAAM,IAAIA,sBAAsB,kBAAkB,CAAA;AAAA,IACpD;AAEA,IAAA,IAAI,IAAA,CAAK,wBAAA,IAA4B,CAAC,OAAA,CAAQ,aAAA,EAAe;AAC3D,MAAA,MAAM,IAAIA,sBAAsB,oBAAoB,CAAA;AAAA,IACtD;AAAA,EACF;AAAA,EAEA,MAAc,YAAY,OAAA,EAA+C;AACvE,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,KAAA,CAAM,gBAAgB,OAAO,CAAA;AACxD,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,UAAA,CAAW;AAAA,MAChD,GAAG,OAAA;AAAA,MACH,KAAK,OAAA,CAAQ;AAAA,KACd,CAAA;AAED,IAAA,IAAI,KAAK,kBAAA,EAAoB;AAC3B,MAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,YAAA,CAAa,gBAAA;AAAA,QAC/C,MAAA,CAAO;AAAA,OACT;AACA,MAAA,MAAM,KAAK,cAAA,CAAe,sBAAA;AAAA,QACxB,OAAA,CAAQ,EAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,YAAA,GAAe,OAAO,CAAA;AACvC,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,MAAc,sBAAsB,OAAA,EAAyC;AAC3E,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,mBAAA,CAAoB,OAAO,CAAA;AAC9C,IAAA,IAAI,SAAS,IAAA,EAAM;AAEnB,IAAA,MAAM,WAAW,gBAAA,EAAiB;AAClC,IAAA,MAAM,SAAA,GAAY,UAAU,QAAQ,CAAA;AACpC,IAAA,MAAM,SAAA,GAAY,kBAAA;AAAA,MAChB,IAAA,CAAK,QAAQ,2BAAA,IACX;AAAA,KACJ;AAEA,IAAA,MAAM,KAAK,cAAA,CAAe,yBAAA;AAAA,MACxB,OAAA,CAAQ,EAAA;AAAA,MACR,SAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,SAAA,CAAW,QAAA,EAAU,OAAO,QAAQ,CAAA;AAAA,EACvD;AAAA,EAEQ,oBAAoB,OAAA,EAAyC;AACnE,IAAA,IAAI,QAAQ,KAAA,IAAS,IAAA,IAAQ,QAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxD,MAAA,OAAO,mBAAA,CAAoB,QAAQ,KAAK,CAAA;AAAA,IAC1C;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEQ,2CAA2C,KAAA,EAA4B;AAC7E,IAAA,IAAI,CAAC,KAAK,wBAAA,EAA0B;AAEpC,IAAA,MAAM,KAAA,GACJ,IAAA,CAAK,eAAA,KAAoB,OAAA,GACrB,0BAA0B,KAAA,EAAO,OAAO,CAAA,GACxC,KAAA,CAAM,KAAA,IAAS,IAAA,GACb,mBAAA,CAAoB,KAAA,CAAM,KAAK,CAAA,GAC/B,IAAA;AAER,IAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,sCAAA,GAA+C;AACrD,IAAA,IAAI,IAAA,CAAK,wBAAA,IAA4B,IAAA,CAAK,KAAA,CAAM,aAAa,IAAA,EAAM;AACjE,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,uCAAA,GAAgD;AACtD,IAAA,IAAI,IAAA,CAAK,oBAAA,IAAwB,IAAA,CAAK,KAAA,CAAM,aAAa,IAAA,EAAM;AAC7D,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,8BAAA,GAAuC;AAC7C,IAAA,IAAI,CAAC,KAAK,wBAAA,EAA0B;AAClC,MAAA,MAAM,IAAI,iBAAA,EAAkB;AAAA,IAC9B;AAAA,EACF;AAAA,EAEQ,0BAAA,GAAmC;AACzC,IAAA,IAAI,CAAC,KAAK,oBAAA,EAAsB;AAC9B,MAAA,MAAM,IAAI,iBAAA,EAAkB;AAAA,IAC9B;AAAA,EACF;AAAA,EAEA,wBAAwB,OAAA,EAA8C;AACpE,IAAA,OAAO,qBAAA,CAAsB,OAAA,EAAS,IAAA,CAAK,eAAe,CAAA;AAAA,EAC5D;AACF;AA9Sa,WAAA,GAAN,eAAA,CAAA;AAAA,EADNH,UAAAA,EAAW;AAAA,EAGP,eAAA,CAAA,CAAA,EAAAI,OAAO,eAAe,CAAA,CAAA;AAAA,EAEtB,eAAA,CAAA,CAAA,EAAAA,OAAO,mBAAmB,CAAA,CAAA;AAAA,EAE1B,eAAA,CAAA,CAAA,EAAAA,OAAO,UAAU,CAAA,CAAA;AAAA,EAEjB,eAAA,CAAA,CAAA,EAAAA,OAAO,YAAY,CAAA;AAAA,CAAA,EARX,WAAA,CAAA;;;AChBN,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAAkD,WAAA,EAA0B;AAA1B,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AAAA,EAA2B;AAAA,EAG7E,SAAiB,GAAA,EAA2C;AAC1D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,QAAA,CAAS,GAAG,CAAA;AAAA,EACtC;AAAA,EAGA,MAAc,GAAA,EAAuC;AACnD,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,KAAA,CAAM,GAAG,CAAA;AAAA,EACnC;AAAA,EAIA,QAAgB,GAAA,EAA8C;AAC5D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AAAA,EAClD;AAAA,EAKA,OAAsB,IAAA,EAAoD;AACxE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAAA,EACzC;AAAA,EAIA,GAAkB,IAAA,EAAwD;AACxE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,EAAA,CAAG,IAAA,CAAK,GAAG,CAAA;AAAA,EACrC;AAAA,EAKA,YAAoB,GAAA,EAAkD;AACpE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,WAAA,CAAY,GAAA,CAAI,KAAK,CAAA;AAAA,EAC/C;AAAA,EAKA,eAAuB,GAAA,EAAiD;AACtE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,cAAA,CAAe,GAAA,CAAI,KAAK,CAAA;AAAA,EAClD;AAAA,EAKA,cAAsB,GAAA,EAAiD;AACrE,IAAA,OAAO,KAAK,WAAA,CAAY,aAAA,CAAc,GAAA,CAAI,KAAA,EAAO,IAAI,WAAW,CAAA;AAAA,EAClE;AACF,CAAA;AAhDE,eAAA,CAAA;AAAA,EADC,KAAK,UAAU,CAAA;AAAA,EACN,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAJJ,cAAA,CAIX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EADC,KAAK,OAAO,CAAA;AAAA,EACN,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EATD,cAAA,CASX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAFC,KAAK,SAAS,CAAA;AAAA,EACd,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACd,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAfH,cAAA,CAeX,SAAA,EAAA,SAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAHC,KAAK,QAAQ,CAAA;AAAA,EACb,UAAU,YAAY,CAAA;AAAA,EACtB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACf,eAAA,CAAA,CAAA,EAAA,WAAA,EAAY;AAAA,CAAA,EAtBT,cAAA,CAsBX,SAAA,EAAA,QAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAFC,IAAI,IAAI,CAAA;AAAA,EACR,UAAU,YAAY,CAAA;AAAA,EACnB,eAAA,CAAA,CAAA,EAAA,WAAA,EAAY;AAAA,CAAA,EA5BL,cAAA,CA4BX,SAAA,EAAA,IAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFC,KAAK,cAAc,CAAA;AAAA,EACnB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACV,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAnCP,cAAA,CAmCX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFC,KAAK,iBAAiB,CAAA;AAAA,EACtB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACP,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EA1CV,cAAA,CA0CX,SAAA,EAAA,gBAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFC,KAAK,gBAAgB,CAAA;AAAA,EACrB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACR,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAjDT,cAAA,CAiDX,SAAA,EAAA,eAAA,EAAA,CAAA,CAAA;AAjDW,cAAA,GAAN,eAAA,CAAA;AAAA,EADN,WAAW,MAAM,CAAA;AAAA,EAEH,eAAA,CAAA,CAAA,EAAAA,OAAO,WAAW,CAAA;AAAA,CAAA,EADpB,cAAA,CAAA;ACfN,IAAM,WAAA,GAAN,cAA0B,gBAAA,CAAiB,QAAQ,CAAA,CAAE;AAAA,EAC1D,WAAA,CAEE,SAEiB,cAAA,EACjB;AACA,IAAA,KAAA,CAAM;AAAA,MACJ,cAAA,EAAgB,WAAW,2BAAA,EAA4B;AAAA,MACvD,gBAAA,EAAkB,KAAA;AAAA,MAClB,aAAa,OAAA,CAAQ;AAAA,KACtB,CAAA;AANgB,IAAA,IAAA,CAAA,cAAA,GAAA,cAAA;AAAA,EAOnB;AAAA,EAEA,MAAM,SAAS,OAAA,EAAkD;AAC/D,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,cAAA,CAAe,QAAA,CAAS,QAAQ,GAAG,CAAA;AAC9D,IAAA,IAAI,OAAA,IAAW,IAAA,IAAQ,OAAA,CAAQ,QAAA,EAAU;AACvC,MAAA,MAAM,IAAID,sBAAsB,+BAA+B,CAAA;AAAA,IACjE;AACA,IAAA,OAAO,OAAA;AAAA,EACT;AACF,CAAA;AArBa,WAAA,GAAN,eAAA,CAAA;AAAA,EADNH,UAAAA,EAAW;AAAA,EAGP,eAAA,CAAA,CAAA,EAAAI,OAAO,mBAAmB,CAAA,CAAA;AAAA,EAE1B,eAAA,CAAA,CAAA,EAAAA,OAAO,eAAe,CAAA;AAAA,CAAA,EAJd,WAAA,CAAA;;;ACQb,SAAS,oBAAoB,OAAA,EAAwC;AACnE,EAAA,OAAO;AAAA,IACL;AAAA,MACE,OAAA,EAAS,mBAAA;AAAA,MACT,QAAA,EAAU;AAAA,KACZ;AAAA,IACA;AAAA,MACE,OAAA,EAAS,UAAA;AAAA,MACT,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,MAC5B,UAAA,EAAY,CAAC,IAAA,KAA4B;AACvC,QAAA,MAAM,UAAA,GAAa,KAAK,KAAA,IAAS,gBAAA;AACjC,QAAA,OAAO,IAAI,UAAA,EAAW;AAAA,MACxB;AAAA,KACF;AAAA,IACA,WAAA;AAAA,IACA,YAAA;AAAA,IACA,WAAA;AAAA,IACA;AAAA,GACF;AACF;AAEA,SAAS,iBAAA,GAAmC;AAC1C,EAAA,OAAO;AAAA,IACL,cAAA,CAAe,QAAA,CAAS,EAAE,eAAA,EAAiB,OAAO,CAAA;AAAA,IAClD,UAAU,aAAA,CAAc;AAAA,MACtB,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,MAC5B,UAAA,EAAY,CAAC,IAAA,MACV;AAAA,QACC,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,WAAA,EAAa,EAAE,SAAA,EAAW,IAAA,CAAK,aAAa,IAAA;AAAK,OACnD;AAAA,KACH;AAAA,GACH;AACF;AAEA,SAAS,aAAa,WAAA,EAAsC;AAC1D,EAAA,MAAM,MAAA,GAAwB,CAAC,GAAG,iBAAA,EAAmB,CAAA;AACrD,EAAA,IAAI,eAAe,IAAA,EAAM;AACvB,IAAA,MAAA,CAAO,OAAA,CAAQ,GAAI,WAA6B,CAAA;AAAA,EAClD;AACA,EAAA,OAAO,MAAA;AACT;AAGO,IAAM,aAAN,MAAiB;AAAA,EACtB,OAAO,QAAQ,OAAA,EAA2C;AACxD,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,UAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,SAAS,iBAAA,EAAkB;AAAA,MAC3B,WAAA,EAAa,CAAC,cAAc,CAAA;AAAA,MAC5B,SAAA,EAAW,oBAAoB,OAAO,CAAA;AAAA,MACtC,OAAA,EAAS;AAAA,QACP,mBAAA;AAAA,QACA,UAAA;AAAA,QACA,WAAA;AAAA,QACA,YAAA;AAAA,QACA,YAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA;AACF,KACF;AAAA,EACF;AAAA,EAEA,OAAO,aAAa,OAAA,EAAgD;AAClE,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,UAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,YAAA,CAAa,OAAA,CAAQ,OAAO,CAAA;AAAA,MACrC,WAAA,EAAa,CAAC,cAAc,CAAA;AAAA,MAC5B,SAAA,EAAW;AAAA,QACT;AAAA,UACE,OAAA,EAAS,mBAAA;AAAA,UACT,MAAA,EAAS,OAAA,CAAQ,MAAA,IAAU,EAAC;AAAA,UAC5B,YAAY,OAAA,CAAQ;AAAA,SACtB;AAAA,QACA;AAAA,UACE,OAAA,EAAS,UAAA;AAAA,UACT,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,UAC5B,UAAA,EAAY,CAAC,IAAA,KAA4B;AACvC,YAAA,MAAM,UAAA,GAAa,KAAK,KAAA,IAAS,gBAAA;AACjC,YAAA,OAAO,IAAI,UAAA,EAAW;AAAA,UACxB;AAAA,SACF;AAAA,QACA,WAAA;AAAA,QACA,YAAA;AAAA,QACA,WAAA;AAAA,QACA;AAAA,OACF;AAAA,MACA,OAAA,EAAS;AAAA,QACP,mBAAA;AAAA,QACA,UAAA;AAAA,QACA,WAAA;AAAA,QACA,YAAA;AAAA,QACA,YAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA;AACF,KACF;AAAA,EACF;AACF;AAxDa,UAAA,GAAN,eAAA,CAAA;AAAA,EADN,MAAA,CAAO,EAAE;AAAA,CAAA,EACG,UAAA,CAAA;;;AC9DN,IAAM,gBAAN,MAAoB;AAG3B;ACDO,IAAM,oBAAN,MAAwB;AAG/B;AADE,eAAA,CAAA;AAAA,EADC,OAAA;AAAQ,CAAA,EADE,iBAAA,CAEX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;ACFK,IAAM,WAAN,MAAe;AAetB;AAXE,eAAA,CAAA;AAAA,EAHC,UAAA,EAAW;AAAA,EACX,QAAA,EAAS;AAAA,EACT,MAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAHH,QAAA,CAIX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHC,UAAA,EAAW;AAAA,EACX,QAAA,EAAS;AAAA,EACT,MAAA,CAAO,GAAG,EAAE;AAAA,CAAA,EARF,QAAA,CASX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHC,QAAA,EAAS;AAAA,EACT,UAAA,EAAW;AAAA,EACX,MAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAbH,QAAA,CAcX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;ACdK,IAAM,kBAAN,MAAsB;AAI7B;AADE,eAAA,CAAA;AAAA,EAFCC,QAAAA,EAAS;AAAA,EACTC,UAAAA;AAAW,CAAA,EAFD,eAAA,CAGX,SAAA,EAAA,cAAA,EAAA,CAAA,CAAA;;;ACLK,IAAM,iBAAN,MAAqB;AAE5B;ACAO,IAAM,cAAN,MAAkB;AAgBzB;AAZE,eAAA,CAAA;AAAA,EAHCC,UAAAA,EAAW;AAAA,EACXF,QAAAA,EAAS;AAAA,EACTG,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAHH,WAAA,CAIX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAJCD,UAAAA,EAAW;AAAA,EACXF,QAAAA,EAAS;AAAA,EACTG,MAAAA,CAAO,GAAG,EAAE,CAAA;AAAA,EACZ,QAAQ,mBAAmB;AAAA,CAAA,EATjB,WAAA,CAUX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCH,QAAAA,EAAS;AAAA,EACTC,UAAAA,EAAW;AAAA,EACXE,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAdH,WAAA,CAeX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;ACfK,IAAM,mBAAN,MAAuB;AAS9B;AANE,eAAA,CAAA;AAAA,EAFCH,QAAAA,EAAS;AAAA,EACTC,UAAAA;AAAW,CAAA,EAFD,gBAAA,CAGX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCD,QAAAA,EAAS;AAAA,EACTC,UAAAA,EAAW;AAAA,EACXE,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAPH,gBAAA,CAQX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;ACRK,IAAM,iBAAN,MAAqB;AAI5B;AADE,eAAA,CAAA;AAAA,EAFCH,QAAAA,EAAS;AAAA,EACTC,UAAAA;AAAW,CAAA,EAFD,cAAA,CAGX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA","file":"index.js","sourcesContent":["import { createParamDecorator, type ExecutionContext } from \"@nestjs/common\";\n\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\nexport const CurrentUser = createParamDecorator(\n (_data: unknown, ctx: ExecutionContext): AuthJwtPayload => {\n const request = ctx.switchToHttp().getRequest<{ user: AuthJwtPayload }>();\n return request.user;\n },\n);\n","import { Injectable, UnauthorizedException } from \"@nestjs/common\";\nimport { AuthGuard } from \"@nestjs/passport\";\n\n@Injectable()\nexport class JwtAuthGuard extends AuthGuard(\"jwt\") {\n handleRequest<TUser>(\n err: Error | null,\n user: TUser,\n _info: unknown,\n ): TUser {\n // Passport returns `false` (not null) when no/invalid token.\n if (err != null || !user) {\n throw err ?? new UnauthorizedException();\n }\n return user;\n }\n}\n","import { Injectable } from \"@nestjs/common\";\n\nimport type {\n AuthHooks,\n BaseAuthAccount,\n RegisterInput,\n} from \"../interfaces/auth-hooks.interface\";\n\n@Injectable()\nexport class DefaultAuthHooks implements AuthHooks {\n async buildJwtPayload(\n account: BaseAuthAccount,\n ): Promise<Record<string, unknown>> {\n return {\n sub: account.id,\n ...(account.email != null ? { email: account.email } : {}),\n ...(account.username != null ? { username: account.username } : {}),\n };\n }\n\n async enrichMe(account: BaseAuthAccount): Promise<Record<string, unknown>> {\n return {\n id: account.id,\n email: account.email,\n username: account.username,\n emailVerified: account.emailVerified,\n disabled: account.disabled,\n };\n }\n\n async onBeforeRegister(_input: RegisterInput): Promise<void> {\n return;\n }\n\n async onAfterRegister(_account: BaseAuthAccount): Promise<void> {\n return;\n }\n\n async onAfterLogin(_account: BaseAuthAccount): Promise<void> {\n return;\n }\n}\n","export function isDuplicateKeyError(error: unknown): boolean {\n return (\n !!error &&\n typeof error === \"object\" &&\n \"code\" in error &&\n (error as { code: number }).code === 11000\n );\n}\n","import { createHash, randomBytes } from \"crypto\";\n\nexport function generateRawToken(byteLength = 32): string {\n return randomBytes(byteLength).toString(\"hex\");\n}\n\nexport function hashToken(token: string): string {\n return createHash(\"sha256\").update(token).digest(\"hex\");\n}\n\nexport function expiresAtFromTtlMs(ttlMs: number): Date {\n return new Date(Date.now() + ttlMs);\n}\n\n/** Default: 24 hours */\nexport const DEFAULT_EMAIL_VERIFICATION_TTL_MS = 24 * 60 * 60 * 1000;\n\n/** Default: 15 minutes */\nexport const DEFAULT_PASSWORD_RESET_TTL_MS = 15 * 60 * 1000;\n","import { Inject, Injectable } from \"@nestjs/common\";\nimport { JwtService, type JwtSignOptions } from \"@nestjs/jwt\";\nimport * as bcrypt from \"bcryptjs\";\n\nimport { AUTH_MODULE_OPTIONS } from \"../constants/tokens\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type { AuthTokens } from \"../interfaces/auth-hooks.interface\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\n@Injectable()\nexport class TokenService {\n constructor(\n @Inject(JwtService)\n private readonly jwtService: JwtService,\n @Inject(AUTH_MODULE_OPTIONS)\n private readonly options: AuthModuleOptions,\n ) {}\n\n async signTokens(payload: AuthJwtPayload): Promise<AuthTokens> {\n const accessExpiresIn = this.options.expiresIn ?? \"1h\";\n const refreshExpiresIn = this.options.refreshExpiresIn ?? \"7d\";\n\n const [accessToken, refreshToken] = await Promise.all([\n this.jwtService.signAsync(\n payload as Record<string, unknown>,\n {\n secret: this.options.secret,\n expiresIn: accessExpiresIn,\n } as JwtSignOptions,\n ),\n this.jwtService.signAsync(\n payload as Record<string, unknown>,\n {\n secret: this.options.refreshSecret,\n expiresIn: refreshExpiresIn,\n } as JwtSignOptions,\n ),\n ]);\n\n return { accessToken, refreshToken };\n }\n\n async verifyRefreshToken(refreshToken: string): Promise<AuthJwtPayload> {\n return this.jwtService.verifyAsync<AuthJwtPayload>(refreshToken, {\n secret: this.options.refreshSecret,\n });\n }\n\n async hashRefreshToken(refreshToken: string): Promise<string> {\n return bcrypt.hash(refreshToken, 10);\n }\n\n async compareRefreshToken(\n refreshToken: string,\n hash: string,\n ): Promise<boolean> {\n return bcrypt.compare(refreshToken, hash);\n }\n}\n","import {\n BadRequestException,\n Inject,\n Injectable,\n NotFoundException,\n UnauthorizedException,\n} from \"@nestjs/common\";\nimport * as bcrypt from \"bcryptjs\";\n\nimport {\n AUTH_HOOKS,\n AUTH_MODULE_OPTIONS,\n AUTH_REPOSITORY,\n} from \"../constants/tokens\";\nimport type { LoginDto } from \"../dto/login.dto\";\nimport type { RegisterDto } from \"../dto/register.dto\";\nimport { DefaultAuthHooks } from \"../hooks/default-auth.hooks\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type {\n AuthHooks,\n AuthTokens,\n BaseAuthAccount,\n RegisterInput,\n} from \"../interfaces/auth-hooks.interface\";\nimport type { IAuthRepository } from \"../interfaces/auth-repository.interface\";\nimport { isDuplicateKeyError } from \"../utils/duplicate-key.util\";\nimport {\n normalizeIdentifier,\n readAccountIdentifier,\n resolveRegisterIdentifier,\n} from \"../utils/identifier.util\";\nimport {\n DEFAULT_EMAIL_VERIFICATION_TTL_MS,\n DEFAULT_PASSWORD_RESET_TTL_MS,\n expiresAtFromTtlMs,\n generateRawToken,\n hashToken,\n} from \"../utils/token.util\";\nimport { TokenService } from \"./token.service\";\n\n@Injectable()\nexport class AuthService {\n constructor(\n @Inject(AUTH_REPOSITORY)\n private readonly authRepository: IAuthRepository,\n @Inject(AUTH_MODULE_OPTIONS)\n private readonly options: AuthModuleOptions,\n @Inject(AUTH_HOOKS)\n private readonly hooks: AuthHooks,\n @Inject(TokenService)\n private readonly tokenService: TokenService,\n ) {}\n\n private get identifierField() {\n return this.options.identifierField ?? \"email\";\n }\n\n private get emailVerificationEnabled() {\n return this.options.features?.emailVerification === true;\n }\n\n private get passwordResetEnabled() {\n return this.options.features?.passwordReset === true;\n }\n\n private get rotateRefreshToken() {\n return this.options.features?.refreshTokenRotation !== false;\n }\n\n private resolveLoginIdentifier(dto: LoginDto): string {\n const value =\n this.identifierField === \"email\" ? dto.email : dto.username;\n if (value == null || value.trim() === \"\") {\n throw new BadRequestException(\n `${this.identifierField} is required for login`,\n );\n }\n return normalizeIdentifier(value);\n }\n\n async register(dto: RegisterDto): Promise<{ registered: true }> {\n this.assertEmailHookWhenVerificationEnabled();\n\n const input: RegisterInput = { password: dto.password };\n if (dto.email != null) input.email = dto.email;\n if (dto.username != null) input.username = dto.username;\n\n await this.hooks.onBeforeRegister?.(input);\n\n resolveRegisterIdentifier(input, this.identifierField);\n this.assertRegisterEmailWhenVerificationEnabled(input);\n\n const passwordHash = await bcrypt.hash(dto.password, 10);\n\n try {\n const account = await this.authRepository.create({\n ...input,\n passwordHash,\n emailVerified: !this.emailVerificationEnabled,\n });\n\n await this.hooks.onAfterRegister?.(account);\n\n if (this.emailVerificationEnabled) {\n await this.sendVerificationEmail(account);\n }\n } catch (error) {\n if (isDuplicateKeyError(error)) {\n throw new UnauthorizedException(`${this.identifierField} already exists`);\n }\n throw error;\n }\n\n return { registered: true };\n }\n\n async login(dto: LoginDto): Promise<AuthTokens> {\n const identifier = this.resolveLoginIdentifier(dto);\n const account = await this.authRepository.findByIdentifierWithSecrets(\n identifier,\n );\n\n if (account?.passwordHash == null) {\n throw new UnauthorizedException(\"Invalid credentials\");\n }\n\n this.assertAccountActive(account);\n\n const passwordMatches = await bcrypt.compare(\n dto.password,\n account.passwordHash,\n );\n if (!passwordMatches) {\n throw new UnauthorizedException(\"Invalid credentials\");\n }\n\n return this.issueTokens(account);\n }\n\n async refresh(refreshToken: string): Promise<AuthTokens> {\n let payload;\n try {\n payload = await this.tokenService.verifyRefreshToken(refreshToken);\n } catch {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n const account = await this.authRepository.findByIdWithSecrets(payload.sub);\n if (account?.refreshTokenHash == null) {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n this.assertAccountActive(account);\n\n const tokenMatches = await this.tokenService.compareRefreshToken(\n refreshToken,\n account.refreshTokenHash,\n );\n if (!tokenMatches) {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n return this.issueTokens(account);\n }\n\n async logout(authId: string): Promise<{ loggedOut: true }> {\n await this.authRepository.updateRefreshTokenHash(authId, null);\n return { loggedOut: true };\n }\n\n async me(authId: string): Promise<Record<string, unknown>> {\n const account = await this.authRepository.findById(authId);\n if (account == null) {\n throw new UnauthorizedException(\"Account not found\");\n }\n\n if (this.hooks.enrichMe != null) {\n return this.hooks.enrichMe(account);\n }\n\n return new DefaultAuthHooks().enrichMe(account);\n }\n\n async verifyEmail(token: string): Promise<{ verified: true }> {\n this.assertEmailVerificationEnabled();\n\n const tokenHash = hashToken(token);\n const account =\n await this.authRepository.findByEmailVerificationTokenHash(tokenHash);\n if (account == null) {\n throw new BadRequestException(\"TOKEN_INVALID_OR_EXPIRED\");\n }\n\n await this.authRepository.markEmailVerified(account.id);\n return { verified: true };\n }\n\n async forgotPassword(email: string): Promise<{ sent: true }> {\n this.assertPasswordResetEnabled();\n this.assertEmailHookWhenPasswordResetEnabled();\n\n const normalizedEmail = normalizeIdentifier(email);\n const account = await this.authRepository.findByEmail(normalizedEmail);\n\n if (account != null) {\n const rawToken = generateRawToken();\n const tokenHash = hashToken(rawToken);\n const expiresAt = expiresAtFromTtlMs(\n this.options.passwordResetTokenTtlMs ?? DEFAULT_PASSWORD_RESET_TTL_MS,\n );\n\n await this.authRepository.setResetToken(account.id, tokenHash, expiresAt);\n await this.hooks.sendEmail!(\"reset\", normalizedEmail, rawToken);\n }\n\n return { sent: true };\n }\n\n async resetPassword(\n token: string,\n newPassword: string,\n ): Promise<{ reset: true }> {\n this.assertPasswordResetEnabled();\n\n const tokenHash = hashToken(token);\n const account = await this.authRepository.findByResetTokenHash(tokenHash);\n if (account == null) {\n throw new BadRequestException(\"TOKEN_INVALID_OR_EXPIRED\");\n }\n\n const passwordHash = await bcrypt.hash(newPassword, 10);\n await this.authRepository.updatePasswordHash(account.id, passwordHash);\n await this.authRepository.clearResetToken(account.id);\n await this.authRepository.updateRefreshTokenHash(account.id, null);\n\n return { reset: true };\n }\n\n private assertAccountActive(account: BaseAuthAccount): void {\n if (account.disabled) {\n throw new UnauthorizedException(\"ACCOUNT_DISABLED\");\n }\n\n if (this.emailVerificationEnabled && !account.emailVerified) {\n throw new UnauthorizedException(\"EMAIL_NOT_VERIFIED\");\n }\n }\n\n private async issueTokens(account: BaseAuthAccount): Promise<AuthTokens> {\n const payload = await this.hooks.buildJwtPayload(account);\n const tokens = await this.tokenService.signTokens({\n ...payload,\n sub: account.id,\n });\n\n if (this.rotateRefreshToken) {\n const refreshTokenHash = await this.tokenService.hashRefreshToken(\n tokens.refreshToken,\n );\n await this.authRepository.updateRefreshTokenHash(\n account.id,\n refreshTokenHash,\n );\n }\n\n await this.hooks.onAfterLogin?.(account);\n return tokens;\n }\n\n private async sendVerificationEmail(account: BaseAuthAccount): Promise<void> {\n const email = this.resolveAccountEmail(account);\n if (email == null) return;\n\n const rawToken = generateRawToken();\n const tokenHash = hashToken(rawToken);\n const expiresAt = expiresAtFromTtlMs(\n this.options.emailVerificationTokenTtlMs ??\n DEFAULT_EMAIL_VERIFICATION_TTL_MS,\n );\n\n await this.authRepository.setEmailVerificationToken(\n account.id,\n tokenHash,\n expiresAt,\n );\n await this.hooks.sendEmail!(\"verify\", email, rawToken);\n }\n\n private resolveAccountEmail(account: BaseAuthAccount): string | null {\n if (account.email != null && account.email.trim() !== \"\") {\n return normalizeIdentifier(account.email);\n }\n return null;\n }\n\n private assertRegisterEmailWhenVerificationEnabled(input: RegisterInput): void {\n if (!this.emailVerificationEnabled) return;\n\n const email =\n this.identifierField === \"email\"\n ? resolveRegisterIdentifier(input, \"email\")\n : input.email != null\n ? normalizeIdentifier(input.email)\n : null;\n\n if (email == null || email.trim() === \"\") {\n throw new BadRequestException(\n \"email is required when emailVerification feature is enabled\",\n );\n }\n }\n\n private assertEmailHookWhenVerificationEnabled(): void {\n if (this.emailVerificationEnabled && this.hooks.sendEmail == null) {\n throw new BadRequestException(\n \"emailVerification is enabled but AuthHooks.sendEmail is not implemented\",\n );\n }\n }\n\n private assertEmailHookWhenPasswordResetEnabled(): void {\n if (this.passwordResetEnabled && this.hooks.sendEmail == null) {\n throw new BadRequestException(\n \"passwordReset is enabled but AuthHooks.sendEmail is not implemented\",\n );\n }\n }\n\n private assertEmailVerificationEnabled(): void {\n if (!this.emailVerificationEnabled) {\n throw new NotFoundException();\n }\n }\n\n private assertPasswordResetEnabled(): void {\n if (!this.passwordResetEnabled) {\n throw new NotFoundException();\n }\n }\n\n getIdentifierForAccount(account: BaseAuthAccount): string | undefined {\n return readAccountIdentifier(account, this.identifierField);\n }\n}\n","import {\n Body,\n Controller,\n Get,\n HttpCode,\n HttpStatus,\n Inject,\n Post,\n UseGuards,\n} from \"@nestjs/common\";\n\nimport { AuthTokensDto } from \"../dto/auth-tokens.dto\";\nimport { ForgotPasswordDto } from \"../dto/forgot-password.dto\";\nimport { LoginDto } from \"../dto/login.dto\";\nimport { RefreshTokenDto } from \"../dto/refresh-token.dto\";\nimport { RegisterAckDto } from \"../dto/register-ack.dto\";\nimport { RegisterDto } from \"../dto/register.dto\";\nimport { ResetPasswordDto } from \"../dto/reset-password.dto\";\nimport { VerifyEmailDto } from \"../dto/verify-email.dto\";\nimport { CurrentUser } from \"../decorators/current-user.decorator\";\nimport { JwtAuthGuard } from \"../guards/jwt-auth.guard\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\nimport { AuthService } from \"../services/auth.service\";\n\n@Controller(\"auth\")\nexport class AuthController {\n constructor(@Inject(AuthService) private readonly authService: AuthService) {}\n\n @Post(\"register\")\n register(@Body() dto: RegisterDto): Promise<RegisterAckDto> {\n return this.authService.register(dto);\n }\n\n @Post(\"login\")\n login(@Body() dto: LoginDto): Promise<AuthTokensDto> {\n return this.authService.login(dto);\n }\n\n @Post(\"refresh\")\n @HttpCode(HttpStatus.OK)\n refresh(@Body() dto: RefreshTokenDto): Promise<AuthTokensDto> {\n return this.authService.refresh(dto.refreshToken);\n }\n\n @Post(\"logout\")\n @UseGuards(JwtAuthGuard)\n @HttpCode(HttpStatus.OK)\n logout(@CurrentUser() user: AuthJwtPayload): Promise<{ loggedOut: true }> {\n return this.authService.logout(user.sub);\n }\n\n @Get(\"me\")\n @UseGuards(JwtAuthGuard)\n me(@CurrentUser() user: AuthJwtPayload): Promise<Record<string, unknown>> {\n return this.authService.me(user.sub);\n }\n\n /** Available only when `features.emailVerification` is enabled. */\n @Post(\"verify-email\")\n @HttpCode(HttpStatus.OK)\n verifyEmail(@Body() dto: VerifyEmailDto): Promise<{ verified: true }> {\n return this.authService.verifyEmail(dto.token);\n }\n\n /** Available only when `features.passwordReset` is enabled. */\n @Post(\"forgot-password\")\n @HttpCode(HttpStatus.OK)\n forgotPassword(@Body() dto: ForgotPasswordDto): Promise<{ sent: true }> {\n return this.authService.forgotPassword(dto.email);\n }\n\n /** Available only when `features.passwordReset` is enabled. */\n @Post(\"reset-password\")\n @HttpCode(HttpStatus.OK)\n resetPassword(@Body() dto: ResetPasswordDto): Promise<{ reset: true }> {\n return this.authService.resetPassword(dto.token, dto.newPassword);\n }\n}\n","import { Inject, Injectable, UnauthorizedException } from \"@nestjs/common\";\nimport { PassportStrategy } from \"@nestjs/passport\";\nimport { ExtractJwt, Strategy } from \"passport-jwt\";\n\nimport { AUTH_MODULE_OPTIONS, AUTH_REPOSITORY } from \"../constants/tokens\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type { IAuthRepository } from \"../interfaces/auth-repository.interface\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\n@Injectable()\nexport class JwtStrategy extends PassportStrategy(Strategy) {\n constructor(\n @Inject(AUTH_MODULE_OPTIONS)\n options: AuthModuleOptions,\n @Inject(AUTH_REPOSITORY)\n private readonly authRepository: IAuthRepository,\n ) {\n super({\n jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),\n ignoreExpiration: false,\n secretOrKey: options.secret,\n });\n }\n\n async validate(payload: AuthJwtPayload): Promise<AuthJwtPayload> {\n const account = await this.authRepository.findById(payload.sub);\n if (account == null || account.disabled) {\n throw new UnauthorizedException(\"Account not found or inactive\");\n }\n return payload;\n }\n}\n","import { DynamicModule, Module, Provider } from \"@nestjs/common\";\nimport { JwtModule, type JwtModuleOptions } from \"@nestjs/jwt\";\nimport { PassportModule } from \"@nestjs/passport\";\n\nimport { AuthController } from \"./controllers/auth.controller\";\nimport { AUTH_HOOKS, AUTH_MODULE_OPTIONS } from \"./constants/tokens\";\nimport { DefaultAuthHooks } from \"./hooks/default-auth.hooks\";\nimport type {\n AuthModuleAsyncOptions,\n AuthModuleOptions,\n} from \"./interfaces/auth-config.interface\";\nimport { AuthService } from \"./services/auth.service\";\nimport { TokenService } from \"./services/token.service\";\nimport { JwtAuthGuard } from \"./guards/jwt-auth.guard\";\nimport { JwtStrategy } from \"./strategies/jwt.strategy\";\n\ntype ModuleImports = NonNullable<DynamicModule[\"imports\"]>;\n\nfunction createAuthProviders(options: AuthModuleOptions): Provider[] {\n return [\n {\n provide: AUTH_MODULE_OPTIONS,\n useValue: options,\n },\n {\n provide: AUTH_HOOKS,\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) => {\n const HooksClass = opts.hooks ?? DefaultAuthHooks;\n return new HooksClass();\n },\n },\n AuthService,\n TokenService,\n JwtStrategy,\n JwtAuthGuard,\n ];\n}\n\nfunction createAuthImports(): ModuleImports {\n return [\n PassportModule.register({ defaultStrategy: \"jwt\" }),\n JwtModule.registerAsync({\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) =>\n ({\n secret: opts.secret,\n signOptions: { expiresIn: opts.expiresIn ?? \"1h\" },\n }) as JwtModuleOptions,\n }),\n ];\n}\n\nfunction mergeImports(userImports?: unknown): ModuleImports {\n const merged: ModuleImports = [...createAuthImports()];\n if (userImports != null) {\n merged.unshift(...(userImports as ModuleImports));\n }\n return merged;\n}\n\n@Module({})\nexport class AuthModule {\n static forRoot(options: AuthModuleOptions): DynamicModule {\n return {\n module: AuthModule,\n global: true,\n imports: createAuthImports(),\n controllers: [AuthController],\n providers: createAuthProviders(options),\n exports: [\n AUTH_MODULE_OPTIONS,\n AUTH_HOOKS,\n AuthService,\n TokenService,\n JwtAuthGuard,\n JwtModule,\n PassportModule,\n ],\n };\n }\n\n static forRootAsync(options: AuthModuleAsyncOptions): DynamicModule {\n return {\n module: AuthModule,\n global: true,\n imports: mergeImports(options.imports),\n controllers: [AuthController],\n providers: [\n {\n provide: AUTH_MODULE_OPTIONS,\n inject: (options.inject ?? []) as never[],\n useFactory: options.useFactory,\n },\n {\n provide: AUTH_HOOKS,\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) => {\n const HooksClass = opts.hooks ?? DefaultAuthHooks;\n return new HooksClass();\n },\n },\n AuthService,\n TokenService,\n JwtStrategy,\n JwtAuthGuard,\n ],\n exports: [\n AUTH_MODULE_OPTIONS,\n AUTH_HOOKS,\n AuthService,\n TokenService,\n JwtAuthGuard,\n JwtModule,\n PassportModule,\n ],\n };\n }\n}\n","export class AuthTokensDto {\n accessToken!: string;\n refreshToken!: string;\n}\n","import { IsEmail } from \"class-validator\";\n\nexport class ForgotPasswordDto {\n @IsEmail()\n email!: string;\n}\n","import { IsNotEmpty, IsOptional, IsString, Length } from \"class-validator\";\n\nexport class LoginDto {\n @IsOptional()\n @IsString()\n @Length(3, 255)\n email?: string;\n\n @IsOptional()\n @IsString()\n @Length(3, 50)\n username?: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n password!: string;\n}\n","import { IsNotEmpty, IsString } from \"class-validator\";\n\nexport class RefreshTokenDto {\n @IsString()\n @IsNotEmpty()\n refreshToken!: string;\n}\n","export class RegisterAckDto {\n registered!: true;\n}\n","import { IsNotEmpty, IsOptional, IsString, Length, Matches } from \"class-validator\";\n\nexport class RegisterDto {\n @IsOptional()\n @IsString()\n @Length(3, 255)\n email?: string;\n\n @IsOptional()\n @IsString()\n @Length(3, 50)\n @Matches(/^[a-zA-Z0-9._-]+$/)\n username?: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n password!: string;\n}\n","import { IsNotEmpty, IsString, Length } from \"class-validator\";\n\nexport class ResetPasswordDto {\n @IsString()\n @IsNotEmpty()\n token!: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n newPassword!: string;\n}\n","import { IsNotEmpty, IsString } from \"class-validator\";\n\nexport class VerifyEmailDto {\n @IsString()\n @IsNotEmpty()\n token!: string;\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/constants/rate-limit.presets.ts","../src/constants/auth-errors.ts","../src/decorators/current-user.decorator.ts","../src/guards/jwt-auth.guard.ts","../src/constants/password.constants.ts","../src/hooks/default-auth.hooks.ts","../src/utils/duplicate-key.util.ts","../src/utils/password.util.ts","../src/utils/token.util.ts","../src/services/token.service.ts","../src/services/auth.service.ts","../src/controllers/auth.controller.ts","../src/controllers/auth.controller.factory.ts","../src/strategies/jwt.strategy.ts","../src/utils/hooks-provider.util.ts","../src/utils/validate-auth-config.util.ts","../src/auth.module.ts","../src/dto/auth-tokens.dto.ts","../src/dto/change-password.dto.ts","../src/dto/forgot-password.dto.ts","../src/dto/login.dto.ts","../src/dto/refresh-token.dto.ts","../src/dto/register-ack.dto.ts","../src/dto/register.dto.ts","../src/dto/reset-password.dto.ts","../src/dto/verify-email.dto.ts"],"names":["Injectable","bcrypt","hash","BadRequestException","UnauthorizedException","Inject","Controller","IsEmail","Length","IsString","IsNotEmpty","IsOptional","ValidateIf"],"mappings":";;;;;;;;;;;;AAYO,IAAM,uBAAA,GAA0B;AAAA;AAAA,EAErC,SAAS,EAAE,IAAA,EAAM,gBAAgB,GAAA,EAAK,GAAA,EAAQ,OAAO,EAAA,EAAG;AAAA;AAAA,EAExD,aAAa,EAAE,IAAA,EAAM,oBAAoB,GAAA,EAAK,GAAA,EAAQ,OAAO,CAAA,EAAE;AAAA;AAAA,EAE/D,eAAe,EAAE,IAAA,EAAM,uBAAuB,GAAA,EAAK,GAAA,EAAQ,OAAO,CAAA;AACpE;;;AClBO,IAAM,aAAA,GAAgB;AAAA,EAC3B,mBAAA,EAAqB,qBAAA;AAAA,EACrB,qBAAA,EAAuB,uBAAA;AAAA,EACvB,mBAAA,EAAqB,qBAAA;AAAA,EACrB,gBAAA,EAAkB,kBAAA;AAAA,EAClB,kBAAA,EAAoB,oBAAA;AAAA,EACpB,wBAAA,EAA0B,0BAAA;AAAA,EAC1B,cAAA,EAAgB,gBAAA;AAAA,EAChB,wBAAA,EAA0B,0BAAA;AAAA,EAC1B,kBAAA,EAAoB;AACtB;ACPO,IAAM,WAAA,GAAc,oBAAA;AAAA,EACzB,CAAC,OAAgB,GAAA,KAA0C;AACzD,IAAA,MAAM,OAAA,GAAU,GAAA,CAAI,YAAA,EAAa,CAAE,UAAA,EAAqC;AACxE,IAAA,OAAO,OAAA,CAAQ,IAAA;AAAA,EACjB;AACF;ACLO,IAAM,YAAA,GAAN,cAA2B,SAAA,CAAU,KAAK,CAAA,CAAE;AAAA,EACjD,aAAA,CACE,GAAA,EACA,IAAA,EACA,KAAA,EACO;AAEP,IAAA,IAAI,GAAA,IAAO,IAAA,IAAQ,CAAC,IAAA,EAAM;AACxB,MAAA,MAAM,GAAA,IAAO,IAAI,qBAAA,EAAsB;AAAA,IACzC;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAZa,YAAA,GAAN,eAAA,CAAA;AAAA,EADN,UAAA;AAAW,CAAA,EACC,YAAA,CAAA;;;ACAN,IAAM,mBAAA,GACX,8DAAA;ACIK,IAAM,mBAAN,MAA4C;AAAA,EACjD,MAAM,gBACJ,OAAA,EACkC;AAClC,IAAA,OAAO;AAAA,MACL,KAAK,OAAA,CAAQ,EAAA;AAAA,MACb,GAAI,QAAQ,KAAA,IAAS,IAAA,GAAO,EAAE,KAAA,EAAO,OAAA,CAAQ,KAAA,EAAM,GAAI,EAAC;AAAA,MACxD,GAAI,QAAQ,QAAA,IAAY,IAAA,GAAO,EAAE,QAAA,EAAU,OAAA,CAAQ,QAAA,EAAS,GAAI;AAAC,KACnE;AAAA,EACF;AAAA,EAEA,MAAM,SAAS,OAAA,EAA4D;AACzE,IAAA,OAAO;AAAA,MACL,IAAI,OAAA,CAAQ,EAAA;AAAA,MACZ,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,UAAU,OAAA,CAAQ,QAAA;AAAA,MAClB,eAAe,OAAA,CAAQ,aAAA;AAAA,MACvB,UAAU,OAAA,CAAQ,QAAA;AAAA,MAClB,GAAI,QAAQ,WAAA,IAAe,IAAA,GACvB,EAAE,WAAA,EAAa,OAAA,CAAQ,WAAA,EAAY,GACnC,EAAC;AAAA,MACL,GAAI,QAAQ,iBAAA,IAAqB,IAAA,GAC7B,EAAE,iBAAA,EAAmB,OAAA,CAAQ,iBAAA,EAAkB,GAC/C;AAAC,KACP;AAAA,EACF;AAAA,EAEA,MAAM,iBAAiB,MAAA,EAAsC;AAC3D,IAAA;AAAA,EACF;AAAA,EAEA,MAAM,gBAAgB,QAAA,EAA0C;AAC9D,IAAA;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,QAAA,EAA0C;AAC3D,IAAA;AAAA,EACF;AACF;AAtCa,gBAAA,GAAN,eAAA,CAAA;AAAA,EADNA,UAAAA;AAAW,CAAA,EACC,gBAAA,CAAA;;;ACTN,SAAS,oBAAoB,KAAA,EAAyB;AAC3D,EAAA,OACE,CAAC,CAAC,KAAA,IACF,OAAO,UAAU,QAAA,IACjB,MAAA,IAAU,KAAA,IACT,KAAA,CAA2B,IAAA,KAAS,IAAA;AAEzC;ACLA,IAAM,kBAAA,GACJ,oCAAA;AAEK,SAAS,yBAAyB,QAAA,EAAwB;AAC/D,EAAA,IAAI,CAAC,kBAAA,CAAmB,IAAA,CAAK,QAAQ,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,mBAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AACF;ACTO,SAAS,gBAAA,CAAiB,aAAa,EAAA,EAAY;AACxD,EAAA,OAAO,WAAA,CAAY,UAAU,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AAC/C;AAEO,SAAS,UAAU,KAAA,EAAuB;AAC/C,EAAA,OAAO,WAAW,QAAQ,CAAA,CAAE,OAAO,KAAK,CAAA,CAAE,OAAO,KAAK,CAAA;AACxD;AAEO,SAAS,mBAAmB,KAAA,EAAqB;AACtD,EAAA,OAAO,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,KAAK,CAAA;AACpC;AAGO,IAAM,iCAAA,GAAoC,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAGzD,IAAM,6BAAA,GAAgC,KAAK,EAAA,GAAK,GAAA;ACTvD,IAAM,aAAA,GAAgB,OAAA;AAGf,IAAM,eAAN,MAAmB;AAAA,EACxB,WAAA,CAEmB,YAEA,OAAA,EACjB;AAHiB,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAEA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAChB;AAAA,EAEH,IAAY,YAAA,GAAuB;AACjC,IAAA,OAAO,IAAA,CAAK,QAAQ,YAAA,IAAgB,EAAA;AAAA,EACtC;AAAA,EAEA,MAAM,WAAW,OAAA,EAA8C;AAC7D,IAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,OAAA,CAAQ,SAAA,IAAa,IAAA;AAClD,IAAA,MAAM,gBAAA,GAAmB,IAAA,CAAK,OAAA,CAAQ,gBAAA,IAAoB,IAAA;AAE1D,IAAA,MAAM,CAAC,WAAA,EAAa,YAAY,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,MACpD,KAAK,UAAA,CAAW,SAAA;AAAA,QACd,OAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,KAAK,OAAA,CAAQ,MAAA;AAAA,UACrB,SAAA,EAAW,eAAA;AAAA,UACX,SAAA,EAAW;AAAA;AACb,OACF;AAAA,MACA,KAAK,UAAA,CAAW,SAAA;AAAA,QACd,OAAA;AAAA,QACA;AAAA,UACE,MAAA,EAAQ,KAAK,OAAA,CAAQ,aAAA;AAAA,UACrB,SAAA,EAAW,gBAAA;AAAA,UACX,SAAA,EAAW;AAAA;AACb;AACF,KACD,CAAA;AAED,IAAA,OAAO,EAAE,aAAa,YAAA,EAAa;AAAA,EACrC;AAAA,EAEA,MAAM,mBAAmB,YAAA,EAA+C;AACtE,IAAA,OAAO,IAAA,CAAK,UAAA,CAAW,WAAA,CAA4B,YAAA,EAAc;AAAA,MAC/D,MAAA,EAAQ,KAAK,OAAA,CAAQ,aAAA;AAAA,MACrB,UAAA,EAAY,CAAC,aAAa;AAAA,KAC3B,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,iBAAiB,YAAA,EAAuC;AAC5D,IAAA,OAAcC,OAAA,CAAA,IAAA,CAAK,YAAA,EAAc,IAAA,CAAK,YAAY,CAAA;AAAA,EACpD;AAAA,EAEA,MAAM,mBAAA,CACJ,YAAA,EACAC,KAAAA,EACkB;AAClB,IAAA,OAAcD,OAAA,CAAA,OAAA,CAAQ,cAAcC,KAAI,CAAA;AAAA,EAC1C;AACF;AAvDa,YAAA,GAAN,eAAA,CAAA;AAAA,EADNF,UAAAA,EAAW;AAAA,EAGP,0BAAO,UAAU,CAAA,CAAA;AAAA,EAEjB,0BAAO,mBAAmB,CAAA;AAAA,CAAA,EAJlB,YAAA,CAAA;;;ACiCN,IAAM,cAAN,MAAkB;AAAA,EACvB,WAAA,CAEmB,cAAA,EAEA,OAAA,EAEA,KAAA,EAEA,YAAA,EACjB;AAPiB,IAAA,IAAA,CAAA,cAAA,GAAA,cAAA;AAEA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAEA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AAAA,EAChB;AAAA,EAEH,IAAY,eAAA,GAAkB;AAC5B,IAAA,OAAO,IAAA,CAAK,QAAQ,eAAA,IAAmB,OAAA;AAAA,EACzC;AAAA,EAEA,IAAY,wBAAA,GAA2B;AACrC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,iBAAA,KAAsB,IAAA;AAAA,EACtD;AAAA,EAEA,IAAY,oBAAA,GAAuB;AACjC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,aAAA,KAAkB,IAAA;AAAA,EAClD;AAAA,EAEA,IAAY,kBAAA,GAAqB;AAC/B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,oBAAA,KAAyB,KAAA;AAAA,EACzD;AAAA,EAEA,IAAY,YAAA,GAAuB;AACjC,IAAA,OAAO,IAAA,CAAK,QAAQ,YAAA,IAAgB,EAAA;AAAA,EACtC;AAAA,EAEA,IAAY,qBAAA,GAAiC;AAC3C,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,QAAA,EAAU,cAAA,KAAmB,IAAA;AAAA,EACnD;AAAA,EAEA,IAAY,cAAA,GAAiB;AAC3B,IAAA,OAAO,KAAK,OAAA,CAAQ,OAAA;AAAA,EACtB;AAAA,EAEQ,uBAAuB,GAAA,EAAuB;AACpD,IAAA,MAAM,QACJ,IAAA,CAAK,eAAA,KAAoB,OAAA,GAAU,GAAA,CAAI,QAAQ,GAAA,CAAI,QAAA;AACrD,IAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,MAAA,MAAM,IAAIG,mBAAAA;AAAA,QACR,CAAA,EAAG,KAAK,eAAe,CAAA,sBAAA;AAAA,OACzB;AAAA,IACF;AACA,IAAA,OAAO,oBAAoB,KAAK,CAAA;AAAA,EAClC;AAAA,EAEA,MAAM,SAAS,GAAA,EAAiD;AAC9D,IAAA,IAAA,CAAK,sCAAA,EAAuC;AAE5C,IAAA,MAAM,KAAA,GAAuB,EAAE,QAAA,EAAU,GAAA,CAAI,QAAA,EAAS;AACtD,IAAA,IAAI,GAAA,CAAI,KAAA,IAAS,IAAA,EAAM,KAAA,CAAM,QAAQ,GAAA,CAAI,KAAA;AACzC,IAAA,IAAI,GAAA,CAAI,QAAA,IAAY,IAAA,EAAM,KAAA,CAAM,WAAW,GAAA,CAAI,QAAA;AAE/C,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,gBAAA,GAAmB,KAAK,CAAA;AAEzC,IAAA,yBAAA,CAA0B,KAAA,EAAO,KAAK,eAAe,CAAA;AACrD,IAAA,IAAA,CAAK,2CAA2C,KAAK,CAAA;AACrD,IAAA,IAAA,CAAK,oBAAA,CAAqB,IAAI,QAAQ,CAAA;AAEtC,IAAA,MAAM,eAAe,MAAa,OAAA,CAAA,IAAA,CAAK,GAAA,CAAI,QAAA,EAAU,KAAK,YAAY,CAAA;AAEtE,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAA,CAAO;AAAA,QAC/C,GAAG,KAAA;AAAA,QACH,YAAA;AAAA,QACA,aAAA,EAAe,CAAC,IAAA,CAAK;AAAA,OACtB,CAAA;AAED,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,eAAA,GAAkB,OAAO,CAAA;AAE1C,MAAA,IAAI,KAAK,wBAAA,EAA0B;AACjC,QAAA,MAAM,IAAA,CAAK,sBAAsB,OAAO,CAAA;AAAA,MAC1C;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAE9B,QAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,MAC5B;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AAEA,IAAA,OAAO,EAAE,YAAY,IAAA,EAAK;AAAA,EAC5B;AAAA,EAEA,MAAM,MAAM,GAAA,EAAoC;AAC9C,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,sBAAA,CAAuB,GAAG,CAAA;AAClD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,2BAAA;AAAA,MACxC;AAAA,KACF;AAEA,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,IAAA,CAAK,uBAAuB,OAAO,CAAA;AAAA,IACrC;AAEA,IAAA,MAAM,YAAA,GAAe,SAAS,YAAA,IAAgB,mBAAA;AAC9C,IAAA,MAAM,eAAA,GAAkB,MAAa,OAAA,CAAA,OAAA,CAAQ,GAAA,CAAI,UAAU,YAAY,CAAA;AAEvE,IAAA,IAAI,OAAA,EAAS,YAAA,IAAgB,IAAA,IAAQ,CAAC,eAAA,EAAiB;AACrD,MAAA,IAAI,OAAA,IAAW,IAAA,IAAQ,IAAA,CAAK,qBAAA,EAAuB;AACjD,QAAA,MAAM,KAAK,cAAA,CAAe,kBAAA;AAAA,UACxB,OAAA,CAAQ,EAAA;AAAA,UACR,IAAA,CAAK;AAAA,SACP;AAAA,MACF;AACA,MAAA,MAAM,IAAIC,qBAAAA,CAAsB,aAAA,CAAc,mBAAmB,CAAA;AAAA,IACnE;AAEA,IAAA,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAEhC,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,kBAAA,CAAmB,OAAA,CAAQ,EAAE,CAAA;AACvD,IAAA,OAAO,IAAA,CAAK,YAAY,OAAO,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,QAAQ,YAAA,EAA2C;AACvD,IAAA,IAAI,OAAA;AACJ,IAAA,IAAI;AACF,MAAA,OAAA,GAAU,MAAM,IAAA,CAAK,YAAA,CAAa,kBAAA,CAAmB,YAAY,CAAA;AAAA,IACnE,CAAA,CAAA,MAAQ;AACN,MAAA,MAAM,IAAIA,qBAAAA,CAAsB,aAAA,CAAc,qBAAqB,CAAA;AAAA,IACrE;AAEA,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,cAAA,CAAe,mBAAA,CAAoB,QAAQ,GAAG,CAAA;AACzE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAIA,qBAAAA,CAAsB,aAAA,CAAc,qBAAqB,CAAA;AAAA,IACrE;AAEA,IAAA,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAEhC,IAAA,IAAI,KAAK,kBAAA,EAAoB;AAC3B,MAAA,IAAI,OAAA,CAAQ,oBAAoB,IAAA,EAAM;AACpC,QAAA,MAAM,IAAIA,qBAAAA,CAAsB,aAAA,CAAc,qBAAqB,CAAA;AAAA,MACrE;AAEA,MAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,YAAA,CAAa,mBAAA;AAAA,QAC3C,YAAA;AAAA,QACA,OAAA,CAAQ;AAAA,OACV;AACA,MAAA,IAAI,CAAC,YAAA,EAAc;AAEjB,QAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,OAAA,CAAQ,IAAI,IAAI,CAAA;AACjE,QAAA,MAAM,IAAIA,qBAAAA,CAAsB,aAAA,CAAc,mBAAmB,CAAA;AAAA,MACnE;AAAA,IACF;AAEA,IAAA,OAAO,IAAA,CAAK,YAAY,OAAO,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,OAAO,MAAA,EAA8C;AACzD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,MAAA,EAAQ,IAAI,CAAA;AAC7D,IAAA,OAAO,EAAE,WAAW,IAAA,EAAK;AAAA,EAC3B;AAAA,EAEA,MAAM,GAAG,MAAA,EAAkD;AACzD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,MAAM,CAAA;AACzD,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAIA,sBAAsB,mBAAmB,CAAA;AAAA,IACrD;AAEA,IAAA,IAAI,IAAA,CAAK,KAAA,CAAM,QAAA,IAAY,IAAA,EAAM;AAC/B,MAAA,OAAO,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,OAAO,CAAA;AAAA,IACpC;AAEA,IAAA,OAAO,IAAI,gBAAA,EAAiB,CAAE,QAAA,CAAS,OAAO,CAAA;AAAA,EAChD;AAAA,EAEA,MAAM,YAAY,KAAA,EAA4C;AAC5D,IAAA,IAAA,CAAK,8BAAA,EAA+B;AAEpC,IAAA,MAAM,SAAA,GAAY,UAAU,KAAK,CAAA;AACjC,IAAA,MAAM,OAAA,GACJ,MAAM,IAAA,CAAK,cAAA,CAAe,iCAAiC,SAAS,CAAA;AACtE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAID,mBAAAA,CAAoB,aAAA,CAAc,wBAAwB,CAAA;AAAA,IACtE;AAEA,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,iBAAA,CAAkB,OAAA,CAAQ,EAAE,CAAA;AACtD,IAAA,OAAO,EAAE,UAAU,IAAA,EAAK;AAAA,EAC1B;AAAA,EAEA,MAAM,eAAe,KAAA,EAAwC;AAC3D,IAAA,IAAA,CAAK,0BAAA,EAA2B;AAChC,IAAA,IAAA,CAAK,uCAAA,EAAwC;AAE7C,IAAA,MAAM,eAAA,GAAkB,oBAAoB,KAAK,CAAA;AACjD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,YAAY,eAAe,CAAA;AAErE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,WAAW,gBAAA,EAAiB;AAClC,MAAA,MAAM,SAAA,GAAY,UAAU,QAAQ,CAAA;AACpC,MAAA,MAAM,SAAA,GAAY,kBAAA;AAAA,QAChB,IAAA,CAAK,QAAQ,uBAAA,IAA2B;AAAA,OAC1C;AAEA,MAAA,MAAM,KAAK,cAAA,CAAe,aAAA,CAAc,OAAA,CAAQ,EAAA,EAAI,WAAW,SAAS,CAAA;AACxE,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,SAAA,CAAW,OAAA,EAAS,iBAAiB,QAAQ,CAAA;AAAA,IAChE;AAEA,IAAA,OAAO,EAAE,MAAM,IAAA,EAAK;AAAA,EACtB;AAAA,EAEA,MAAM,aAAA,CACJ,KAAA,EACA,WAAA,EAC0B;AAC1B,IAAA,IAAA,CAAK,0BAAA,EAA2B;AAEhC,IAAA,MAAM,SAAA,GAAY,UAAU,KAAK,CAAA;AACjC,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,qBAAqB,SAAS,CAAA;AACxE,IAAA,IAAI,WAAW,IAAA,EAAM;AACnB,MAAA,MAAM,IAAIA,mBAAAA,CAAoB,aAAA,CAAc,wBAAwB,CAAA;AAAA,IACtE;AAEA,IAAA,IAAA,CAAK,qBAAqB,WAAW,CAAA;AAErC,IAAA,MAAM,YAAA,GAAe,MAAa,OAAA,CAAA,IAAA,CAAK,WAAA,EAAa,KAAK,YAAY,CAAA;AACrE,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,kBAAA,CAAmB,OAAA,CAAQ,IAAI,YAAY,CAAA;AACrE,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,eAAA,CAAgB,OAAA,CAAQ,EAAE,CAAA;AACpD,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,OAAA,CAAQ,IAAI,IAAI,CAAA;AAEjE,IAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AAAA,EACvB;AAAA,EAEA,MAAM,cAAA,CACJ,MAAA,EACA,eAAA,EACA,WAAA,EAC4B;AAC5B,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,oBAAoB,MAAM,CAAA;AACpE,IAAA,IAAI,OAAA,EAAS,gBAAgB,IAAA,EAAM;AACjC,MAAA,MAAM,IAAIC,qBAAAA,CAAsB,aAAA,CAAc,wBAAwB,CAAA;AAAA,IACxE;AAEA,IAAA,MAAM,iBAAiB,MAAa,OAAA,CAAA,OAAA;AAAA,MAClC,eAAA;AAAA,MACA,OAAA,CAAQ;AAAA,KACV;AACA,IAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,MAAA,MAAM,IAAIA,qBAAAA,CAAsB,aAAA,CAAc,wBAAwB,CAAA;AAAA,IACxE;AAEA,IAAA,IAAI,oBAAoB,WAAA,EAAa;AACnC,MAAA,MAAM,IAAID,mBAAAA,CAAoB,aAAA,CAAc,kBAAkB,CAAA;AAAA,IAChE;AAEA,IAAA,IAAA,CAAK,qBAAqB,WAAW,CAAA;AAErC,IAAA,MAAM,YAAA,GAAe,MAAa,OAAA,CAAA,IAAA,CAAK,WAAA,EAAa,KAAK,YAAY,CAAA;AACrE,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,kBAAA,CAAmB,OAAA,CAAQ,IAAI,YAAY,CAAA;AACrE,IAAA,MAAM,IAAA,CAAK,cAAA,CAAe,sBAAA,CAAuB,OAAA,CAAQ,IAAI,IAAI,CAAA;AAEjE,IAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AAAA,EACzB;AAAA,EAEQ,uBAAuB,OAAA,EAAuC;AACpE,IAAA,IAAI,CAAC,IAAA,CAAK,qBAAA,IAAyB,OAAA,CAAQ,eAAe,IAAA,EAAM;AAC9D,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,OAAA,CAAQ,WAAA,mBAAc,IAAI,IAAA,EAAK,EAAG;AACpC,MAAA,MAAM,IAAIC,qBAAAA,CAAsB,aAAA,CAAc,cAAc,CAAA;AAAA,IAC9D;AAAA,EACF;AAAA,EAEQ,oBAAoB,OAAA,EAAgC;AAC1D,IAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,MAAA,MAAM,IAAIA,qBAAAA,CAAsB,aAAA,CAAc,gBAAgB,CAAA;AAAA,IAChE;AAEA,IAAA,IAAI,IAAA,CAAK,wBAAA,IAA4B,CAAC,OAAA,CAAQ,aAAA,EAAe;AAC3D,MAAA,MAAM,IAAIA,qBAAAA,CAAsB,aAAA,CAAc,kBAAkB,CAAA;AAAA,IAClE;AAAA,EACF;AAAA,EAEQ,qBAAqB,QAAA,EAAwB;AACnD,IAAA,IAAI,IAAA,CAAK,OAAA,CAAQ,kBAAA,KAAuB,IAAA,EAAM;AAC5C,MAAA,wBAAA,CAAyB,QAAQ,CAAA;AAAA,IACnC;AAAA,EACF;AAAA,EAEA,MAAc,YAAY,OAAA,EAA+C;AACvE,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,KAAA,CAAM,gBAAgB,OAAO,CAAA;AACxD,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,UAAA,CAAW;AAAA,MAChD,GAAG,OAAA;AAAA,MACH,KAAK,OAAA,CAAQ;AAAA,KACd,CAAA;AAED,IAAA,IAAI,KAAK,kBAAA,EAAoB;AAC3B,MAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,YAAA,CAAa,gBAAA;AAAA,QAC/C,MAAA,CAAO;AAAA,OACT;AACA,MAAA,MAAM,KAAK,cAAA,CAAe,sBAAA;AAAA,QACxB,OAAA,CAAQ,EAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,YAAA,GAAe,OAAO,CAAA;AACvC,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,MAAc,sBAAsB,OAAA,EAAyC;AAC3E,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,mBAAA,CAAoB,OAAO,CAAA;AAC9C,IAAA,IAAI,SAAS,IAAA,EAAM;AAEnB,IAAA,MAAM,WAAW,gBAAA,EAAiB;AAClC,IAAA,MAAM,SAAA,GAAY,UAAU,QAAQ,CAAA;AACpC,IAAA,MAAM,SAAA,GAAY,kBAAA;AAAA,MAChB,IAAA,CAAK,QAAQ,2BAAA,IACX;AAAA,KACJ;AAEA,IAAA,MAAM,KAAK,cAAA,CAAe,yBAAA;AAAA,MACxB,OAAA,CAAQ,EAAA;AAAA,MACR,SAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,SAAA,CAAW,QAAA,EAAU,OAAO,QAAQ,CAAA;AAAA,EACvD;AAAA,EAEQ,oBAAoB,OAAA,EAAyC;AACnE,IAAA,IAAI,QAAQ,KAAA,IAAS,IAAA,IAAQ,QAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxD,MAAA,OAAO,mBAAA,CAAoB,QAAQ,KAAK,CAAA;AAAA,IAC1C;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEQ,2CAA2C,KAAA,EAA4B;AAC7E,IAAA,IAAI,CAAC,KAAK,wBAAA,EAA0B;AAEpC,IAAA,MAAM,KAAA,GACJ,IAAA,CAAK,eAAA,KAAoB,OAAA,GACrB,0BAA0B,KAAA,EAAO,OAAO,CAAA,GACxC,KAAA,CAAM,KAAA,IAAS,IAAA,GACb,mBAAA,CAAoB,KAAA,CAAM,KAAK,CAAA,GAC/B,IAAA;AAER,IAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,MAAA,MAAM,IAAID,mBAAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,sCAAA,GAA+C;AACrD,IAAA,IAAI,IAAA,CAAK,wBAAA,IAA4B,IAAA,CAAK,KAAA,CAAM,aAAa,IAAA,EAAM;AACjE,MAAA,MAAM,IAAIA,mBAAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,uCAAA,GAAgD;AACtD,IAAA,IAAI,IAAA,CAAK,oBAAA,IAAwB,IAAA,CAAK,KAAA,CAAM,aAAa,IAAA,EAAM;AAC7D,MAAA,MAAM,IAAIA,mBAAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,8BAAA,GAAuC;AAC7C,IAAA,IAAI,CAAC,KAAK,wBAAA,EAA0B;AAClC,MAAA,MAAM,IAAI,iBAAA,EAAkB;AAAA,IAC9B;AAAA,EACF;AAAA,EAEQ,0BAAA,GAAmC;AACzC,IAAA,IAAI,CAAC,KAAK,oBAAA,EAAsB;AAC9B,MAAA,MAAM,IAAI,iBAAA,EAAkB;AAAA,IAC9B;AAAA,EACF;AAAA,EAEA,wBAAwB,OAAA,EAA8C;AACpE,IAAA,OAAO,qBAAA,CAAsB,OAAA,EAAS,IAAA,CAAK,eAAe,CAAA;AAAA,EAC5D;AACF;AA3Xa,WAAA,GAAN,eAAA,CAAA;AAAA,EADNH,UAAAA,EAAW;AAAA,EAGP,eAAA,CAAA,CAAA,EAAAK,OAAO,eAAe,CAAA,CAAA;AAAA,EAEtB,eAAA,CAAA,CAAA,EAAAA,OAAO,mBAAmB,CAAA,CAAA;AAAA,EAE1B,eAAA,CAAA,CAAA,EAAAA,OAAO,UAAU,CAAA,CAAA;AAAA,EAEjB,eAAA,CAAA,CAAA,EAAAA,OAAO,YAAY,CAAA;AAAA,CAAA,EARX,WAAA,CAAA;;;ACnBN,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAAkD,WAAA,EAA0B;AAA1B,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AAAA,EAA2B;AAAA,EAG7E,SAAiB,GAAA,EAA2C;AAC1D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,QAAA,CAAS,GAAG,CAAA;AAAA,EACtC;AAAA,EAGA,MAAc,GAAA,EAAuC;AACnD,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,KAAA,CAAM,GAAG,CAAA;AAAA,EACnC;AAAA,EAIA,QAAgB,GAAA,EAA8C;AAC5D,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AAAA,EAClD;AAAA,EAKA,OAAsB,IAAA,EAAoD;AACxE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAAA,EACzC;AAAA,EAIA,GAAkB,IAAA,EAAwD;AACxE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,EAAA,CAAG,IAAA,CAAK,GAAG,CAAA;AAAA,EACrC;AAAA,EAKA,YAAoB,GAAA,EAAkD;AACpE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,WAAA,CAAY,GAAA,CAAI,KAAK,CAAA;AAAA,EAC/C;AAAA,EAKA,eAAuB,GAAA,EAAiD;AACtE,IAAA,OAAO,IAAA,CAAK,WAAA,CAAY,cAAA,CAAe,GAAA,CAAI,KAAK,CAAA;AAAA,EAClD;AAAA,EAKA,cAAsB,GAAA,EAAiD;AACrE,IAAA,OAAO,KAAK,WAAA,CAAY,aAAA,CAAc,GAAA,CAAI,KAAA,EAAO,IAAI,WAAW,CAAA;AAAA,EAClE;AAAA,EAKA,cAAA,CACiB,MACP,GAAA,EACoB;AAC5B,IAAA,OAAO,KAAK,WAAA,CAAY,cAAA;AAAA,MACtB,IAAA,CAAK,GAAA;AAAA,MACL,GAAA,CAAI,eAAA;AAAA,MACJ,GAAA,CAAI;AAAA,KACN;AAAA,EACF;AACF,CAAA;AA9DE,eAAA,CAAA;AAAA,EADC,KAAK,UAAU,CAAA;AAAA,EACN,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAJJ,cAAA,CAIX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EADC,KAAK,OAAO,CAAA;AAAA,EACN,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EATD,cAAA,CASX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAFC,KAAK,SAAS,CAAA;AAAA,EACd,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACd,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAfH,cAAA,CAeX,SAAA,EAAA,SAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAHC,KAAK,QAAQ,CAAA;AAAA,EACb,UAAU,YAAY,CAAA;AAAA,EACtB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACf,eAAA,CAAA,CAAA,EAAA,WAAA,EAAY;AAAA,CAAA,EAtBT,cAAA,CAsBX,SAAA,EAAA,QAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAFC,IAAI,IAAI,CAAA;AAAA,EACR,UAAU,YAAY,CAAA;AAAA,EACnB,eAAA,CAAA,CAAA,EAAA,WAAA,EAAY;AAAA,CAAA,EA5BL,cAAA,CA4BX,SAAA,EAAA,IAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFC,KAAK,cAAc,CAAA;AAAA,EACnB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACV,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAnCP,cAAA,CAmCX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFC,KAAK,iBAAiB,CAAA;AAAA,EACtB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACP,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EA1CV,cAAA,CA0CX,SAAA,EAAA,gBAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAFC,KAAK,gBAAgB,CAAA;AAAA,EACrB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EACR,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EAjDT,cAAA,CAiDX,SAAA,EAAA,eAAA,EAAA,CAAA,CAAA;AAOA,eAAA,CAAA;AAAA,EAHC,KAAK,iBAAiB,CAAA;AAAA,EACtB,UAAU,YAAY,CAAA;AAAA,EACtB,QAAA,CAAS,WAAW,EAAE,CAAA;AAAA,EAEpB,eAAA,CAAA,CAAA,EAAA,WAAA,EAAY,CAAA;AAAA,EACZ,eAAA,CAAA,CAAA,EAAA,IAAA,EAAK;AAAA,CAAA,EA1DG,cAAA,CAwDX,SAAA,EAAA,gBAAA,EAAA,CAAA,CAAA;AAxDW,cAAA,GAAN,eAAA,CAAA;AAAA,EADN,WAAW,MAAM,CAAA;AAAA,EAEH,eAAA,CAAA,CAAA,EAAAA,OAAO,WAAW,CAAA;AAAA,CAAA,EADpB,cAAA,CAAA;;;ACtBN,SAAS,oBAAA,CAAqB,cAAc,MAAA,EAA+B;AAEhF,EAAA,IAAM,wBAAA,GAAN,cAAuC,cAAA,CAAe;AAAA,GAAC;AAAjD,EAAA,wBAAA,GAAN,eAAA,CAAA;AAAA,IADCC,WAAW,WAAW;AAAA,GAAA,EACjB,wBAAA,CAAA;AAEN,EAAA,MAAA,CAAO,cAAA,CAAe,0BAA0B,MAAA,EAAQ;AAAA,IACtD,OAAO,CAAA,eAAA,EAAkB,WAAA,CAAY,OAAA,CAAQ,MAAA,EAAQ,GAAG,CAAC,CAAA;AAAA,GAC1D,CAAA;AAED,EAAA,OAAO,wBAAA;AACT;ACFO,IAAM,WAAA,GAAN,cAA0B,gBAAA,CAAiB,QAAQ,CAAA,CAAE;AAAA,EAC1D,WAAA,CAEmB,SAEA,cAAA,EACjB;AACA,IAAA,KAAA,CAAM;AAAA,MACJ,cAAA,EAAgB,WAAW,2BAAA,EAA4B;AAAA,MACvD,gBAAA,EAAkB,KAAA;AAAA,MAClB,aAAa,OAAA,CAAQ,MAAA;AAAA,MACrB,UAAA,EAAY,CAAC,OAAO;AAAA,KACrB,CAAA;AATgB,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAEA,IAAA,IAAA,CAAA,cAAA,GAAA,cAAA;AAAA,EAQnB;AAAA,EAEA,MAAM,SAAS,OAAA,EAAkD;AAC/D,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,cAAA,CAAe,QAAA,CAAS,QAAQ,GAAG,CAAA;AAC9D,IAAA,IAAI,OAAA,IAAW,IAAA,IAAQ,OAAA,CAAQ,QAAA,EAAU;AACvC,MAAA,MAAM,IAAIF,sBAAsB,+BAA+B,CAAA;AAAA,IACjE;AAEA,IAAA,IACE,KAAK,OAAA,CAAQ,QAAA,EAAU,sBAAsB,IAAA,IAC7C,CAAC,QAAQ,aAAA,EACT;AACA,MAAA,MAAM,IAAIA,qBAAAA,CAAsB,aAAA,CAAc,kBAAkB,CAAA;AAAA,IAClE;AAEA,IAAA,OAAO,OAAA;AAAA,EACT;AACF,CAAA;AA9Ba,WAAA,GAAN,eAAA,CAAA;AAAA,EADNJ,UAAAA,EAAW;AAAA,EAGP,eAAA,CAAA,CAAA,EAAAK,OAAO,mBAAmB,CAAA,CAAA;AAAA,EAE1B,eAAA,CAAA,CAAA,EAAAA,OAAO,eAAe,CAAA;AAAA,CAAA,EAJd,WAAA,CAAA;;;ACLN,SAAS,oBAAoB,OAAA,EAAsC;AACxE,EAAA,IAAI,OAAA,CAAQ,iBAAiB,IAAA,EAAM;AACjC,IAAA,OAAO,OAAA,CAAQ,aAAA;AAAA,EACjB;AAEA,EAAA,MAAM,UAAA,GAAa,QAAQ,KAAA,IAAS,gBAAA;AACpC,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,UAAA;AAAA,IACT,QAAA,EAAU;AAAA,GACZ;AACF;;;ACdA,IAAM,iBAAA,GAAoB,EAAA;AAC1B,IAAM,iBAAA,GAAoB,EAAA;AAC1B,IAAM,iBAAA,GAAoB,EAAA;AAEnB,SAAS,0BAA0B,OAAA,EAAkC;AAC1E,EAAA,IAAI,OAAA,CAAQ,MAAA,CAAO,MAAA,GAAS,iBAAA,EAAmB;AAC7C,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,uCAAuC,iBAAiB,CAAA,WAAA;AAAA,KAC1D;AAAA,EACF;AAEA,EAAA,IAAI,OAAA,CAAQ,aAAA,CAAc,MAAA,GAAS,iBAAA,EAAmB;AACpD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,8CAA8C,iBAAiB,CAAA,WAAA;AAAA,KACjE;AAAA,EACF;AAEA,EAAA,IAAI,OAAA,CAAQ,MAAA,KAAW,OAAA,CAAQ,aAAA,EAAe;AAC5C,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,MAAA,GAAS,QAAQ,YAAA,IAAgB,iBAAA;AACvC,EAAA,IAAI,MAAA,GAAS,iBAAA,IAAqB,MAAA,GAAS,iBAAA,EAAmB;AAC5D,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,yCAAA,EAA4C,iBAAiB,CAAA,KAAA,EAAQ,iBAAiB,CAAA;AAAA,KACxF;AAAA,EACF;AAEA,EAAA,IACE,OAAA,CAAQ,2BAAA,IAA+B,IAAA,IACvC,OAAA,CAAQ,8BAA8B,GAAA,EACtC;AACA,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IACE,OAAA,CAAQ,uBAAA,IAA2B,IAAA,IACnC,OAAA,CAAQ,0BAA0B,GAAA,EAClC;AACA,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AACF;;;AC3BA,SAAS,oBAAoB,OAAA,EAAwC;AACnE,EAAA,yBAAA,CAA0B,OAAO,CAAA;AAEjC,EAAA,OAAO;AAAA,IACL;AAAA,MACE,OAAA,EAAS,mBAAA;AAAA,MACT,QAAA,EAAU;AAAA,KACZ;AAAA,IACA,oBAAoB,OAAO,CAAA;AAAA,IAC3B,WAAA;AAAA,IACA,YAAA;AAAA,IACA,WAAA;AAAA,IACA;AAAA,GACF;AACF;AAEA,SAAS,yBACP,OAAA,EACU;AACV,EAAA,IAAI,OAAA,CAAQ,iBAAiB,IAAA,EAAM;AACjC,IAAA,OAAO,OAAA,CAAQ,aAAA;AAAA,EACjB;AAEA,EAAA,MAAM,UAAA,GAAa,QAAQ,KAAA,IAAS,gBAAA;AAEpC,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,UAAA;AAAA,IACT,MAAA,EAAQ,CAAC,SAAS,CAAA;AAAA,IAClB,UAAA,EAAY,CAAC,SAAA,KACX,SAAA,CAAU,OAAO,UAA6B;AAAA,GAClD;AACF;AAEA,SAAS,iBAAA,GAAmC;AAC1C,EAAA,OAAO;AAAA,IACL,cAAA,CAAe,QAAA,CAAS,EAAE,eAAA,EAAiB,OAAO,CAAA;AAAA,IAClD,UAAU,aAAA,CAAc;AAAA,MACtB,MAAA,EAAQ,CAAC,mBAAmB,CAAA;AAAA,MAC5B,UAAA,EAAY,CAAC,IAAA,MACV;AAAA,QACC,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,WAAA,EAAa;AAAA,UACX,SAAA,EAAW,KAAK,SAAA,IAAa,IAAA;AAAA,UAC7B,SAAA,EAAW;AAAA;AACb,OACF;AAAA,KACH;AAAA,GACH;AACF;AAEA,SAAS,aAAa,WAAA,EAAsC;AAC1D,EAAA,MAAM,MAAA,GAAwB,CAAC,GAAG,iBAAA,EAAmB,CAAA;AACrD,EAAA,IAAI,eAAe,IAAA,EAAM;AACvB,IAAA,MAAA,CAAO,OAAA,CAAQ,GAAI,WAA6B,CAAA;AAAA,EAClD;AACA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,qBAAqB,OAAA,EAA6C;AACzE,EAAA,OAAO;AAAA,IACL;AAAA,MACE,OAAA,EAAS,mBAAA;AAAA,MACT,MAAA,EAAS,OAAA,CAAQ,MAAA,IAAU,EAAC;AAAA,MAC5B,UAAA,EAAY,UAAU,IAAA,KAAoB;AACxC,QAAA,MAAM,MAAA,GAAS,MAAM,OAAA,CAAQ,UAAA,CAAW,GAAG,IAAI,CAAA;AAC/C,QAAA,yBAAA,CAA0B,MAAM,CAAA;AAChC,QAAA,OAAO,MAAA;AAAA,MACT;AAAA,KACF;AAAA,IACA,yBAAyB,OAAO,CAAA;AAAA,IAChC,WAAA;AAAA,IACA,YAAA;AAAA,IACA,WAAA;AAAA,IACA;AAAA,GACF;AACF;AAGO,IAAM,aAAN,MAAiB;AAAA,EACtB,OAAO,QAAQ,OAAA,EAA2C;AACxD,IAAA,MAAM,WAAA,GAAc,QAAQ,WAAA,IAAe,MAAA;AAE3C,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,UAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,SAAS,iBAAA,EAAkB;AAAA,MAC3B,WAAA,EAAa,CAAC,oBAAA,CAAqB,WAAW,CAAC,CAAA;AAAA,MAC/C,SAAA,EAAW,oBAAoB,OAAO,CAAA;AAAA,MACtC,OAAA,EAAS;AAAA,QACP,mBAAA;AAAA,QACA,UAAA;AAAA,QACA,WAAA;AAAA,QACA,YAAA;AAAA,QACA,YAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA;AACF,KACF;AAAA,EACF;AAAA,EAEA,OAAO,aAAa,OAAA,EAAgD;AAClE,IAAA,MAAM,WAAA,GAAc,QAAQ,WAAA,IAAe,MAAA;AAE3C,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,UAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,YAAA,CAAa,OAAA,CAAQ,OAAO,CAAA;AAAA,MACrC,WAAA,EAAa,CAAC,oBAAA,CAAqB,WAAW,CAAC,CAAA;AAAA,MAC/C,SAAA,EAAW,qBAAqB,OAAO,CAAA;AAAA,MACvC,OAAA,EAAS;AAAA,QACP,mBAAA;AAAA,QACA,UAAA;AAAA,QACA,WAAA;AAAA,QACA,YAAA;AAAA,QACA,YAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA;AACF,KACF;AAAA,EACF;AACF;AA1Ca,UAAA,GAAN,eAAA,CAAA;AAAA,EADN,MAAA,CAAO,EAAE;AAAA,CAAA,EACG,UAAA,CAAA;;;ACpGN,IAAM,gBAAN,MAAoB;AAG3B;ACDO,IAAM,oBAAN,MAAwB;AAS/B;AANE,eAAA,CAAA;AAAA,EAFC,QAAA,EAAS;AAAA,EACT,UAAA;AAAW,CAAA,EAFD,iBAAA,CAGX,SAAA,EAAA,iBAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHC,QAAA,EAAS;AAAA,EACT,UAAA,EAAW;AAAA,EACX,MAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAPH,iBAAA,CAQX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;ACRK,IAAM,oBAAN,MAAwB;AAG/B;AADE,eAAA,CAAA;AAAA,EADC,OAAA;AAAQ,CAAA,EADE,iBAAA,CAEX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;ACFK,IAAM,WAAN,MAAe;AAgBtB;AAXE,eAAA,CAAA;AAAA,EAJC,UAAA,EAAW;AAAA,EACX,UAAA,CAAW,CAAC,GAAA,KAAkB,GAAA,CAAI,KAAA,IAAS,QAAQ,GAAA,CAAI,KAAA,CAAM,IAAA,EAAK,KAAM,EAAE,CAAA;AAAA,EAC1EE,OAAAA,EAAQ;AAAA,EACRC,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAJH,QAAA,CAKX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHC,UAAA,EAAW;AAAA,EACXC,QAAAA,EAAS;AAAA,EACTD,MAAAA,CAAO,GAAG,EAAE;AAAA,CAAA,EATF,QAAA,CAUX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCC,QAAAA,EAAS;AAAA,EACTC,UAAAA,EAAW;AAAA,EACXF,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAdH,QAAA,CAeX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;ACfK,IAAM,kBAAN,MAAsB;AAI7B;AADE,eAAA,CAAA;AAAA,EAFCC,QAAAA,EAAS;AAAA,EACTC,UAAAA;AAAW,CAAA,EAFD,eAAA,CAGX,SAAA,EAAA,cAAA,EAAA,CAAA,CAAA;;;ACLK,IAAM,iBAAN,MAAqB;AAE5B;ACAO,IAAM,cAAN,MAAkB;AAiBzB;AAZE,eAAA,CAAA;AAAA,EAJCC,UAAAA,EAAW;AAAA,EACXC,UAAAA,CAAW,CAAC,GAAA,KAAqB,GAAA,CAAI,KAAA,IAAS,QAAQ,GAAA,CAAI,KAAA,CAAM,IAAA,EAAK,KAAM,EAAE,CAAA;AAAA,EAC7EL,OAAAA,EAAQ;AAAA,EACRC,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAJH,WAAA,CAKX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAMA,eAAA,CAAA;AAAA,EAJCG,UAAAA,EAAW;AAAA,EACXF,QAAAA,EAAS;AAAA,EACTD,MAAAA,CAAO,GAAG,EAAE,CAAA;AAAA,EACZ,QAAQ,mBAAmB;AAAA,CAAA,EAVjB,WAAA,CAWX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCC,QAAAA,EAAS;AAAA,EACTC,UAAAA,EAAW;AAAA,EACXF,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAfH,WAAA,CAgBX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AChBK,IAAM,mBAAN,MAAuB;AAS9B;AANE,eAAA,CAAA;AAAA,EAFCC,QAAAA,EAAS;AAAA,EACTC,UAAAA;AAAW,CAAA,EAFD,gBAAA,CAGX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAKA,eAAA,CAAA;AAAA,EAHCD,QAAAA,EAAS;AAAA,EACTC,UAAAA,EAAW;AAAA,EACXF,MAAAA,CAAO,GAAG,GAAG;AAAA,CAAA,EAPH,gBAAA,CAQX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;ACRK,IAAM,iBAAN,MAAqB;AAI5B;AADE,eAAA,CAAA;AAAA,EAFCC,QAAAA,EAAS;AAAA,EACTC,UAAAA;AAAW,CAAA,EAFD,cAAA,CAGX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA","file":"index.js","sourcesContent":["/**\n * Recommended @nestjs/throttler settings for auth endpoints.\n * Apply in the consumer app — this library does not bundle ThrottlerModule.\n *\n * @example\n * ```typescript\n * import { ThrottlerModule } from \"@nestjs/throttler\";\n * import { AUTH_RATE_LIMIT_PRESETS } from \"@aranzatech/aranza-auth\";\n *\n * ThrottlerModule.forRoot([AUTH_RATE_LIMIT_PRESETS.default])\n * ```\n */\nexport const AUTH_RATE_LIMIT_PRESETS = {\n /** General auth routes: 10 requests / minute / IP */\n default: { name: \"auth-default\", ttl: 60_000, limit: 10 },\n /** Login, register, refresh: 5 requests / minute / IP */\n credentials: { name: \"auth-credentials\", ttl: 60_000, limit: 5 },\n /** Forgot password: 3 requests / minute / IP */\n passwordReset: { name: \"auth-password-reset\", ttl: 60_000, limit: 3 },\n} as const;\n\nexport type AuthRateLimitPreset =\n (typeof AUTH_RATE_LIMIT_PRESETS)[keyof typeof AUTH_RATE_LIMIT_PRESETS];\n","/** Machine-readable auth error codes returned in HTTP responses. */\nexport const AuthErrorCode = {\n INVALID_CREDENTIALS: \"Invalid credentials\",\n INVALID_REFRESH_TOKEN: \"Invalid refresh token\",\n REFRESH_TOKEN_REUSE: \"REFRESH_TOKEN_REUSE\",\n ACCOUNT_DISABLED: \"ACCOUNT_DISABLED\",\n EMAIL_NOT_VERIFIED: \"EMAIL_NOT_VERIFIED\",\n TOKEN_INVALID_OR_EXPIRED: \"TOKEN_INVALID_OR_EXPIRED\",\n ACCOUNT_LOCKED: \"ACCOUNT_LOCKED\",\n INVALID_CURRENT_PASSWORD: \"INVALID_CURRENT_PASSWORD\",\n PASSWORD_UNCHANGED: \"PASSWORD_UNCHANGED\",\n} as const;\n\nexport type AuthErrorCodeValue =\n (typeof AuthErrorCode)[keyof typeof AuthErrorCode];\n","import { createParamDecorator, type ExecutionContext } from \"@nestjs/common\";\n\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\nexport const CurrentUser = createParamDecorator(\n (_data: unknown, ctx: ExecutionContext): AuthJwtPayload => {\n const request = ctx.switchToHttp().getRequest<{ user: AuthJwtPayload }>();\n return request.user;\n },\n);\n","import { Injectable, UnauthorizedException } from \"@nestjs/common\";\nimport { AuthGuard } from \"@nestjs/passport\";\n\n@Injectable()\nexport class JwtAuthGuard extends AuthGuard(\"jwt\") {\n handleRequest<TUser>(\n err: Error | null,\n user: TUser,\n _info: unknown,\n ): TUser {\n // Passport returns `false` (not null) when no/invalid token.\n if (err != null || !user) {\n throw err ?? new UnauthorizedException();\n }\n return user;\n }\n}\n","/**\n * Precomputed bcrypt hash for constant-time login when the account is missing.\n * Never store real passwords against this hash — comparison only.\n */\nexport const DUMMY_PASSWORD_HASH =\n \"$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy\";\n","import { Injectable } from \"@nestjs/common\";\n\nimport type {\n AuthHooks,\n BaseAuthAccount,\n RegisterInput,\n} from \"../interfaces/auth-hooks.interface\";\n\n@Injectable()\nexport class DefaultAuthHooks implements AuthHooks {\n async buildJwtPayload(\n account: BaseAuthAccount,\n ): Promise<Record<string, unknown>> {\n return {\n sub: account.id,\n ...(account.email != null ? { email: account.email } : {}),\n ...(account.username != null ? { username: account.username } : {}),\n };\n }\n\n async enrichMe(account: BaseAuthAccount): Promise<Record<string, unknown>> {\n return {\n id: account.id,\n email: account.email,\n username: account.username,\n emailVerified: account.emailVerified,\n disabled: account.disabled,\n ...(account.lastLoginAt != null\n ? { lastLoginAt: account.lastLoginAt }\n : {}),\n ...(account.passwordChangedAt != null\n ? { passwordChangedAt: account.passwordChangedAt }\n : {}),\n };\n }\n\n async onBeforeRegister(_input: RegisterInput): Promise<void> {\n return;\n }\n\n async onAfterRegister(_account: BaseAuthAccount): Promise<void> {\n return;\n }\n\n async onAfterLogin(_account: BaseAuthAccount): Promise<void> {\n return;\n }\n}\n","export function isDuplicateKeyError(error: unknown): boolean {\n return (\n !!error &&\n typeof error === \"object\" &&\n \"code\" in error &&\n (error as { code: number }).code === 11000\n );\n}\n","import { BadRequestException } from \"@nestjs/common\";\n\nconst COMPLEXITY_PATTERN =\n /^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d).+$/;\n\nexport function assertPasswordComplexity(password: string): void {\n if (!COMPLEXITY_PATTERN.test(password)) {\n throw new BadRequestException(\n \"Password must contain at least one uppercase letter, one lowercase letter, and one digit\",\n );\n }\n}\n","import { createHash, randomBytes } from \"crypto\";\n\nexport function generateRawToken(byteLength = 32): string {\n return randomBytes(byteLength).toString(\"hex\");\n}\n\nexport function hashToken(token: string): string {\n return createHash(\"sha256\").update(token).digest(\"hex\");\n}\n\nexport function expiresAtFromTtlMs(ttlMs: number): Date {\n return new Date(Date.now() + ttlMs);\n}\n\n/** Default: 24 hours */\nexport const DEFAULT_EMAIL_VERIFICATION_TTL_MS = 24 * 60 * 60 * 1000;\n\n/** Default: 15 minutes */\nexport const DEFAULT_PASSWORD_RESET_TTL_MS = 15 * 60 * 1000;\n","import { Inject, Injectable } from \"@nestjs/common\";\nimport { JwtService, type JwtSignOptions } from \"@nestjs/jwt\";\nimport * as bcrypt from \"bcryptjs\";\n\nimport { AUTH_MODULE_OPTIONS } from \"../constants/tokens\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type { AuthTokens } from \"../interfaces/auth-hooks.interface\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\nconst JWT_ALGORITHM = \"HS256\" as const;\n\n@Injectable()\nexport class TokenService {\n constructor(\n @Inject(JwtService)\n private readonly jwtService: JwtService,\n @Inject(AUTH_MODULE_OPTIONS)\n private readonly options: AuthModuleOptions,\n ) {}\n\n private get bcryptRounds(): number {\n return this.options.bcryptRounds ?? 10;\n }\n\n async signTokens(payload: AuthJwtPayload): Promise<AuthTokens> {\n const accessExpiresIn = this.options.expiresIn ?? \"1h\";\n const refreshExpiresIn = this.options.refreshExpiresIn ?? \"7d\";\n\n const [accessToken, refreshToken] = await Promise.all([\n this.jwtService.signAsync(\n payload as Record<string, unknown>,\n {\n secret: this.options.secret,\n expiresIn: accessExpiresIn,\n algorithm: JWT_ALGORITHM,\n } as JwtSignOptions,\n ),\n this.jwtService.signAsync(\n payload as Record<string, unknown>,\n {\n secret: this.options.refreshSecret,\n expiresIn: refreshExpiresIn,\n algorithm: JWT_ALGORITHM,\n } as JwtSignOptions,\n ),\n ]);\n\n return { accessToken, refreshToken };\n }\n\n async verifyRefreshToken(refreshToken: string): Promise<AuthJwtPayload> {\n return this.jwtService.verifyAsync<AuthJwtPayload>(refreshToken, {\n secret: this.options.refreshSecret,\n algorithms: [JWT_ALGORITHM],\n });\n }\n\n async hashRefreshToken(refreshToken: string): Promise<string> {\n return bcrypt.hash(refreshToken, this.bcryptRounds);\n }\n\n async compareRefreshToken(\n refreshToken: string,\n hash: string,\n ): Promise<boolean> {\n return bcrypt.compare(refreshToken, hash);\n }\n}\n","import {\n BadRequestException,\n Inject,\n Injectable,\n NotFoundException,\n UnauthorizedException,\n} from \"@nestjs/common\";\nimport * as bcrypt from \"bcryptjs\";\n\nimport {\n AUTH_HOOKS,\n AUTH_MODULE_OPTIONS,\n AUTH_REPOSITORY,\n} from \"../constants/tokens\";\nimport { DUMMY_PASSWORD_HASH } from \"../constants/password.constants\";\nimport { AuthErrorCode } from \"../constants/auth-errors\";\nimport type { LoginDto } from \"../dto/login.dto\";\nimport type { RegisterDto } from \"../dto/register.dto\";\nimport { DefaultAuthHooks } from \"../hooks/default-auth.hooks\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type {\n AuthHooks,\n AuthTokens,\n AuthAccountWithSecrets,\n BaseAuthAccount,\n RegisterInput,\n} from \"../interfaces/auth-hooks.interface\";\nimport type { IAuthRepository } from \"../interfaces/auth-repository.interface\";\nimport { isDuplicateKeyError } from \"../utils/duplicate-key.util\";\nimport { assertPasswordComplexity } from \"../utils/password.util\";\nimport {\n normalizeIdentifier,\n readAccountIdentifier,\n resolveRegisterIdentifier,\n} from \"../utils/identifier.util\";\nimport {\n DEFAULT_EMAIL_VERIFICATION_TTL_MS,\n DEFAULT_PASSWORD_RESET_TTL_MS,\n expiresAtFromTtlMs,\n generateRawToken,\n hashToken,\n} from \"../utils/token.util\";\nimport { TokenService } from \"./token.service\";\n\n@Injectable()\nexport class AuthService {\n constructor(\n @Inject(AUTH_REPOSITORY)\n private readonly authRepository: IAuthRepository,\n @Inject(AUTH_MODULE_OPTIONS)\n private readonly options: AuthModuleOptions,\n @Inject(AUTH_HOOKS)\n private readonly hooks: AuthHooks,\n @Inject(TokenService)\n private readonly tokenService: TokenService,\n ) {}\n\n private get identifierField() {\n return this.options.identifierField ?? \"email\";\n }\n\n private get emailVerificationEnabled() {\n return this.options.features?.emailVerification === true;\n }\n\n private get passwordResetEnabled() {\n return this.options.features?.passwordReset === true;\n }\n\n private get rotateRefreshToken() {\n return this.options.features?.refreshTokenRotation !== false;\n }\n\n private get bcryptRounds(): number {\n return this.options.bcryptRounds ?? 10;\n }\n\n private get accountLockoutEnabled(): boolean {\n return this.options.features?.accountLockout === true;\n }\n\n private get lockoutOptions() {\n return this.options.lockout;\n }\n\n private resolveLoginIdentifier(dto: LoginDto): string {\n const value =\n this.identifierField === \"email\" ? dto.email : dto.username;\n if (value == null || value.trim() === \"\") {\n throw new BadRequestException(\n `${this.identifierField} is required for login`,\n );\n }\n return normalizeIdentifier(value);\n }\n\n async register(dto: RegisterDto): Promise<{ registered: true }> {\n this.assertEmailHookWhenVerificationEnabled();\n\n const input: RegisterInput = { password: dto.password };\n if (dto.email != null) input.email = dto.email;\n if (dto.username != null) input.username = dto.username;\n\n await this.hooks.onBeforeRegister?.(input);\n\n resolveRegisterIdentifier(input, this.identifierField);\n this.assertRegisterEmailWhenVerificationEnabled(input);\n this.assertPasswordPolicy(dto.password);\n\n const passwordHash = await bcrypt.hash(dto.password, this.bcryptRounds);\n\n try {\n const account = await this.authRepository.create({\n ...input,\n passwordHash,\n emailVerified: !this.emailVerificationEnabled,\n });\n\n await this.hooks.onAfterRegister?.(account);\n\n if (this.emailVerificationEnabled) {\n await this.sendVerificationEmail(account);\n }\n } catch (error) {\n if (isDuplicateKeyError(error)) {\n // Same response as success — do not reveal whether the identifier exists.\n return { registered: true };\n }\n throw error;\n }\n\n return { registered: true };\n }\n\n async login(dto: LoginDto): Promise<AuthTokens> {\n const identifier = this.resolveLoginIdentifier(dto);\n const account = await this.authRepository.findByIdentifierWithSecrets(\n identifier,\n );\n\n if (account != null) {\n this.assertAccountNotLocked(account);\n }\n\n const passwordHash = account?.passwordHash ?? DUMMY_PASSWORD_HASH;\n const passwordMatches = await bcrypt.compare(dto.password, passwordHash);\n\n if (account?.passwordHash == null || !passwordMatches) {\n if (account != null && this.accountLockoutEnabled) {\n await this.authRepository.recordLoginFailure(\n account.id,\n this.lockoutOptions,\n );\n }\n throw new UnauthorizedException(AuthErrorCode.INVALID_CREDENTIALS);\n }\n\n this.assertAccountActive(account);\n\n await this.authRepository.recordLoginSuccess(account.id);\n return this.issueTokens(account);\n }\n\n async refresh(refreshToken: string): Promise<AuthTokens> {\n let payload;\n try {\n payload = await this.tokenService.verifyRefreshToken(refreshToken);\n } catch {\n throw new UnauthorizedException(AuthErrorCode.INVALID_REFRESH_TOKEN);\n }\n\n const account = await this.authRepository.findByIdWithSecrets(payload.sub);\n if (account == null) {\n throw new UnauthorizedException(AuthErrorCode.INVALID_REFRESH_TOKEN);\n }\n\n this.assertAccountActive(account);\n\n if (this.rotateRefreshToken) {\n if (account.refreshTokenHash == null) {\n throw new UnauthorizedException(AuthErrorCode.INVALID_REFRESH_TOKEN);\n }\n\n const tokenMatches = await this.tokenService.compareRefreshToken(\n refreshToken,\n account.refreshTokenHash,\n );\n if (!tokenMatches) {\n // Stale/reused refresh token — possible theft; revoke all refresh sessions.\n await this.authRepository.updateRefreshTokenHash(account.id, null);\n throw new UnauthorizedException(AuthErrorCode.REFRESH_TOKEN_REUSE);\n }\n }\n\n return this.issueTokens(account);\n }\n\n async logout(authId: string): Promise<{ loggedOut: true }> {\n await this.authRepository.updateRefreshTokenHash(authId, null);\n return { loggedOut: true };\n }\n\n async me(authId: string): Promise<Record<string, unknown>> {\n const account = await this.authRepository.findById(authId);\n if (account == null) {\n throw new UnauthorizedException(\"Account not found\");\n }\n\n if (this.hooks.enrichMe != null) {\n return this.hooks.enrichMe(account);\n }\n\n return new DefaultAuthHooks().enrichMe(account);\n }\n\n async verifyEmail(token: string): Promise<{ verified: true }> {\n this.assertEmailVerificationEnabled();\n\n const tokenHash = hashToken(token);\n const account =\n await this.authRepository.findByEmailVerificationTokenHash(tokenHash);\n if (account == null) {\n throw new BadRequestException(AuthErrorCode.TOKEN_INVALID_OR_EXPIRED);\n }\n\n await this.authRepository.markEmailVerified(account.id);\n return { verified: true };\n }\n\n async forgotPassword(email: string): Promise<{ sent: true }> {\n this.assertPasswordResetEnabled();\n this.assertEmailHookWhenPasswordResetEnabled();\n\n const normalizedEmail = normalizeIdentifier(email);\n const account = await this.authRepository.findByEmail(normalizedEmail);\n\n if (account != null) {\n const rawToken = generateRawToken();\n const tokenHash = hashToken(rawToken);\n const expiresAt = expiresAtFromTtlMs(\n this.options.passwordResetTokenTtlMs ?? DEFAULT_PASSWORD_RESET_TTL_MS,\n );\n\n await this.authRepository.setResetToken(account.id, tokenHash, expiresAt);\n await this.hooks.sendEmail!(\"reset\", normalizedEmail, rawToken);\n }\n\n return { sent: true };\n }\n\n async resetPassword(\n token: string,\n newPassword: string,\n ): Promise<{ reset: true }> {\n this.assertPasswordResetEnabled();\n\n const tokenHash = hashToken(token);\n const account = await this.authRepository.findByResetTokenHash(tokenHash);\n if (account == null) {\n throw new BadRequestException(AuthErrorCode.TOKEN_INVALID_OR_EXPIRED);\n }\n\n this.assertPasswordPolicy(newPassword);\n\n const passwordHash = await bcrypt.hash(newPassword, this.bcryptRounds);\n await this.authRepository.updatePasswordHash(account.id, passwordHash);\n await this.authRepository.clearResetToken(account.id);\n await this.authRepository.updateRefreshTokenHash(account.id, null);\n\n return { reset: true };\n }\n\n async changePassword(\n authId: string,\n currentPassword: string,\n newPassword: string,\n ): Promise<{ changed: true }> {\n const account = await this.authRepository.findByIdWithSecrets(authId);\n if (account?.passwordHash == null) {\n throw new UnauthorizedException(AuthErrorCode.INVALID_CURRENT_PASSWORD);\n }\n\n const currentMatches = await bcrypt.compare(\n currentPassword,\n account.passwordHash,\n );\n if (!currentMatches) {\n throw new UnauthorizedException(AuthErrorCode.INVALID_CURRENT_PASSWORD);\n }\n\n if (currentPassword === newPassword) {\n throw new BadRequestException(AuthErrorCode.PASSWORD_UNCHANGED);\n }\n\n this.assertPasswordPolicy(newPassword);\n\n const passwordHash = await bcrypt.hash(newPassword, this.bcryptRounds);\n await this.authRepository.updatePasswordHash(account.id, passwordHash);\n await this.authRepository.updateRefreshTokenHash(account.id, null);\n\n return { changed: true };\n }\n\n private assertAccountNotLocked(account: AuthAccountWithSecrets): void {\n if (!this.accountLockoutEnabled || account.lockedUntil == null) {\n return;\n }\n\n if (account.lockedUntil > new Date()) {\n throw new UnauthorizedException(AuthErrorCode.ACCOUNT_LOCKED);\n }\n }\n\n private assertAccountActive(account: BaseAuthAccount): void {\n if (account.disabled) {\n throw new UnauthorizedException(AuthErrorCode.ACCOUNT_DISABLED);\n }\n\n if (this.emailVerificationEnabled && !account.emailVerified) {\n throw new UnauthorizedException(AuthErrorCode.EMAIL_NOT_VERIFIED);\n }\n }\n\n private assertPasswordPolicy(password: string): void {\n if (this.options.passwordComplexity === true) {\n assertPasswordComplexity(password);\n }\n }\n\n private async issueTokens(account: BaseAuthAccount): Promise<AuthTokens> {\n const payload = await this.hooks.buildJwtPayload(account);\n const tokens = await this.tokenService.signTokens({\n ...payload,\n sub: account.id,\n });\n\n if (this.rotateRefreshToken) {\n const refreshTokenHash = await this.tokenService.hashRefreshToken(\n tokens.refreshToken,\n );\n await this.authRepository.updateRefreshTokenHash(\n account.id,\n refreshTokenHash,\n );\n }\n\n await this.hooks.onAfterLogin?.(account);\n return tokens;\n }\n\n private async sendVerificationEmail(account: BaseAuthAccount): Promise<void> {\n const email = this.resolveAccountEmail(account);\n if (email == null) return;\n\n const rawToken = generateRawToken();\n const tokenHash = hashToken(rawToken);\n const expiresAt = expiresAtFromTtlMs(\n this.options.emailVerificationTokenTtlMs ??\n DEFAULT_EMAIL_VERIFICATION_TTL_MS,\n );\n\n await this.authRepository.setEmailVerificationToken(\n account.id,\n tokenHash,\n expiresAt,\n );\n await this.hooks.sendEmail!(\"verify\", email, rawToken);\n }\n\n private resolveAccountEmail(account: BaseAuthAccount): string | null {\n if (account.email != null && account.email.trim() !== \"\") {\n return normalizeIdentifier(account.email);\n }\n return null;\n }\n\n private assertRegisterEmailWhenVerificationEnabled(input: RegisterInput): void {\n if (!this.emailVerificationEnabled) return;\n\n const email =\n this.identifierField === \"email\"\n ? resolveRegisterIdentifier(input, \"email\")\n : input.email != null\n ? normalizeIdentifier(input.email)\n : null;\n\n if (email == null || email.trim() === \"\") {\n throw new BadRequestException(\n \"email is required when emailVerification feature is enabled\",\n );\n }\n }\n\n private assertEmailHookWhenVerificationEnabled(): void {\n if (this.emailVerificationEnabled && this.hooks.sendEmail == null) {\n throw new BadRequestException(\n \"emailVerification is enabled but AuthHooks.sendEmail is not implemented\",\n );\n }\n }\n\n private assertEmailHookWhenPasswordResetEnabled(): void {\n if (this.passwordResetEnabled && this.hooks.sendEmail == null) {\n throw new BadRequestException(\n \"passwordReset is enabled but AuthHooks.sendEmail is not implemented\",\n );\n }\n }\n\n private assertEmailVerificationEnabled(): void {\n if (!this.emailVerificationEnabled) {\n throw new NotFoundException();\n }\n }\n\n private assertPasswordResetEnabled(): void {\n if (!this.passwordResetEnabled) {\n throw new NotFoundException();\n }\n }\n\n getIdentifierForAccount(account: BaseAuthAccount): string | undefined {\n return readAccountIdentifier(account, this.identifierField);\n }\n}\n","import {\n Body,\n Controller,\n Get,\n HttpCode,\n HttpStatus,\n Inject,\n Post,\n UseGuards,\n} from \"@nestjs/common\";\n\nimport { AuthTokensDto } from \"../dto/auth-tokens.dto\";\nimport { ChangePasswordDto } from \"../dto/change-password.dto\";\nimport { ForgotPasswordDto } from \"../dto/forgot-password.dto\";\nimport { LoginDto } from \"../dto/login.dto\";\nimport { RefreshTokenDto } from \"../dto/refresh-token.dto\";\nimport { RegisterAckDto } from \"../dto/register-ack.dto\";\nimport { RegisterDto } from \"../dto/register.dto\";\nimport { ResetPasswordDto } from \"../dto/reset-password.dto\";\nimport { VerifyEmailDto } from \"../dto/verify-email.dto\";\nimport { CurrentUser } from \"../decorators/current-user.decorator\";\nimport { JwtAuthGuard } from \"../guards/jwt-auth.guard\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\nimport { AuthService } from \"../services/auth.service\";\n\n@Controller(\"auth\")\nexport class AuthController {\n constructor(@Inject(AuthService) private readonly authService: AuthService) {}\n\n @Post(\"register\")\n register(@Body() dto: RegisterDto): Promise<RegisterAckDto> {\n return this.authService.register(dto);\n }\n\n @Post(\"login\")\n login(@Body() dto: LoginDto): Promise<AuthTokensDto> {\n return this.authService.login(dto);\n }\n\n @Post(\"refresh\")\n @HttpCode(HttpStatus.OK)\n refresh(@Body() dto: RefreshTokenDto): Promise<AuthTokensDto> {\n return this.authService.refresh(dto.refreshToken);\n }\n\n @Post(\"logout\")\n @UseGuards(JwtAuthGuard)\n @HttpCode(HttpStatus.OK)\n logout(@CurrentUser() user: AuthJwtPayload): Promise<{ loggedOut: true }> {\n return this.authService.logout(user.sub);\n }\n\n @Get(\"me\")\n @UseGuards(JwtAuthGuard)\n me(@CurrentUser() user: AuthJwtPayload): Promise<Record<string, unknown>> {\n return this.authService.me(user.sub);\n }\n\n /** Available only when `features.emailVerification` is enabled. */\n @Post(\"verify-email\")\n @HttpCode(HttpStatus.OK)\n verifyEmail(@Body() dto: VerifyEmailDto): Promise<{ verified: true }> {\n return this.authService.verifyEmail(dto.token);\n }\n\n /** Available only when `features.passwordReset` is enabled. */\n @Post(\"forgot-password\")\n @HttpCode(HttpStatus.OK)\n forgotPassword(@Body() dto: ForgotPasswordDto): Promise<{ sent: true }> {\n return this.authService.forgotPassword(dto.email);\n }\n\n /** Available only when `features.passwordReset` is enabled. */\n @Post(\"reset-password\")\n @HttpCode(HttpStatus.OK)\n resetPassword(@Body() dto: ResetPasswordDto): Promise<{ reset: true }> {\n return this.authService.resetPassword(dto.token, dto.newPassword);\n }\n\n @Post(\"change-password\")\n @UseGuards(JwtAuthGuard)\n @HttpCode(HttpStatus.OK)\n changePassword(\n @CurrentUser() user: AuthJwtPayload,\n @Body() dto: ChangePasswordDto,\n ): Promise<{ changed: true }> {\n return this.authService.changePassword(\n user.sub,\n dto.currentPassword,\n dto.newPassword,\n );\n }\n}\n","import { Controller } from \"@nestjs/common\";\n\nimport { AuthController } from \"./auth.controller\";\n\nexport function createAuthController(routePrefix = \"auth\"): typeof AuthController {\n @Controller(routePrefix)\n class ConfiguredAuthController extends AuthController {}\n\n Object.defineProperty(ConfiguredAuthController, \"name\", {\n value: `AuthController_${routePrefix.replace(/\\W+/g, \"_\")}`,\n });\n\n return ConfiguredAuthController;\n}\n","import { Inject, Injectable, UnauthorizedException } from \"@nestjs/common\";\nimport { PassportStrategy } from \"@nestjs/passport\";\nimport { ExtractJwt, Strategy } from \"passport-jwt\";\n\nimport { AUTH_MODULE_OPTIONS, AUTH_REPOSITORY } from \"../constants/tokens\";\nimport { AuthErrorCode } from \"../constants/auth-errors\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport type { IAuthRepository } from \"../interfaces/auth-repository.interface\";\nimport type { AuthJwtPayload } from \"../interfaces/jwt-payload.interface\";\n\n@Injectable()\nexport class JwtStrategy extends PassportStrategy(Strategy) {\n constructor(\n @Inject(AUTH_MODULE_OPTIONS)\n private readonly options: AuthModuleOptions,\n @Inject(AUTH_REPOSITORY)\n private readonly authRepository: IAuthRepository,\n ) {\n super({\n jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),\n ignoreExpiration: false,\n secretOrKey: options.secret,\n algorithms: [\"HS256\"],\n });\n }\n\n async validate(payload: AuthJwtPayload): Promise<AuthJwtPayload> {\n const account = await this.authRepository.findById(payload.sub);\n if (account == null || account.disabled) {\n throw new UnauthorizedException(\"Account not found or inactive\");\n }\n\n if (\n this.options.features?.emailVerification === true &&\n !account.emailVerified\n ) {\n throw new UnauthorizedException(AuthErrorCode.EMAIL_NOT_VERIFIED);\n }\n\n return payload;\n }\n}\n","import type { Provider } from \"@nestjs/common\";\n\nimport { AUTH_HOOKS } from \"../constants/tokens\";\nimport { DefaultAuthHooks } from \"../hooks/default-auth.hooks\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\n\nexport function createHooksProvider(options: AuthModuleOptions): Provider {\n if (options.hooksProvider != null) {\n return options.hooksProvider;\n }\n\n const HooksClass = options.hooks ?? DefaultAuthHooks;\n return {\n provide: AUTH_HOOKS,\n useClass: HooksClass,\n };\n}\n","import type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\n\nconst MIN_SECRET_LENGTH = 32;\nconst MIN_BCRYPT_ROUNDS = 10;\nconst MAX_BCRYPT_ROUNDS = 14;\n\nexport function validateAuthModuleOptions(options: AuthModuleOptions): void {\n if (options.secret.length < MIN_SECRET_LENGTH) {\n throw new Error(\n `AuthModule: secret must be at least ${MIN_SECRET_LENGTH} characters`,\n );\n }\n\n if (options.refreshSecret.length < MIN_SECRET_LENGTH) {\n throw new Error(\n `AuthModule: refreshSecret must be at least ${MIN_SECRET_LENGTH} characters`,\n );\n }\n\n if (options.secret === options.refreshSecret) {\n throw new Error(\n \"AuthModule: secret and refreshSecret must be different\",\n );\n }\n\n const rounds = options.bcryptRounds ?? MIN_BCRYPT_ROUNDS;\n if (rounds < MIN_BCRYPT_ROUNDS || rounds > MAX_BCRYPT_ROUNDS) {\n throw new Error(\n `AuthModule: bcryptRounds must be between ${MIN_BCRYPT_ROUNDS} and ${MAX_BCRYPT_ROUNDS}`,\n );\n }\n\n if (\n options.emailVerificationTokenTtlMs != null &&\n options.emailVerificationTokenTtlMs < 60_000\n ) {\n throw new Error(\n \"AuthModule: emailVerificationTokenTtlMs must be at least 60000 (1 minute)\",\n );\n }\n\n if (\n options.passwordResetTokenTtlMs != null &&\n options.passwordResetTokenTtlMs < 60_000\n ) {\n throw new Error(\n \"AuthModule: passwordResetTokenTtlMs must be at least 60000 (1 minute)\",\n );\n }\n}\n","import { DynamicModule, Module, Provider, Type } from \"@nestjs/common\";\nimport { ModuleRef } from \"@nestjs/core\";\nimport { JwtModule, type JwtModuleOptions } from \"@nestjs/jwt\";\nimport { PassportModule } from \"@nestjs/passport\";\n\nimport { createAuthController } from \"./controllers/auth.controller.factory\";\nimport { AUTH_HOOKS, AUTH_MODULE_OPTIONS } from \"./constants/tokens\";\nimport { DefaultAuthHooks } from \"./hooks/default-auth.hooks\";\nimport type {\n AuthModuleAsyncOptions,\n AuthModuleOptions,\n} from \"./interfaces/auth-config.interface\";\nimport type { AuthHooks } from \"./interfaces/auth-hooks.interface\";\nimport { AuthService } from \"./services/auth.service\";\nimport { TokenService } from \"./services/token.service\";\nimport { JwtAuthGuard } from \"./guards/jwt-auth.guard\";\nimport { JwtStrategy } from \"./strategies/jwt.strategy\";\nimport { createHooksProvider } from \"./utils/hooks-provider.util\";\nimport { validateAuthModuleOptions } from \"./utils/validate-auth-config.util\";\n\ntype ModuleImports = NonNullable<DynamicModule[\"imports\"]>;\n\nfunction createCoreProviders(options: AuthModuleOptions): Provider[] {\n validateAuthModuleOptions(options);\n\n return [\n {\n provide: AUTH_MODULE_OPTIONS,\n useValue: options,\n },\n createHooksProvider(options),\n AuthService,\n TokenService,\n JwtStrategy,\n JwtAuthGuard,\n ];\n}\n\nfunction createAsyncHooksProvider(\n options: AuthModuleAsyncOptions,\n): Provider {\n if (options.hooksProvider != null) {\n return options.hooksProvider;\n }\n\n const HooksClass = options.hooks ?? DefaultAuthHooks;\n\n return {\n provide: AUTH_HOOKS,\n inject: [ModuleRef],\n useFactory: (moduleRef: ModuleRef) =>\n moduleRef.create(HooksClass as Type<AuthHooks>),\n };\n}\n\nfunction createAuthImports(): ModuleImports {\n return [\n PassportModule.register({ defaultStrategy: \"jwt\" }),\n JwtModule.registerAsync({\n inject: [AUTH_MODULE_OPTIONS],\n useFactory: (opts: AuthModuleOptions) =>\n ({\n secret: opts.secret,\n signOptions: {\n expiresIn: opts.expiresIn ?? \"1h\",\n algorithm: \"HS256\",\n },\n }) as JwtModuleOptions,\n }),\n ];\n}\n\nfunction mergeImports(userImports?: unknown): ModuleImports {\n const merged: ModuleImports = [...createAuthImports()];\n if (userImports != null) {\n merged.unshift(...(userImports as ModuleImports));\n }\n return merged;\n}\n\nfunction createAsyncProviders(options: AuthModuleAsyncOptions): Provider[] {\n return [\n {\n provide: AUTH_MODULE_OPTIONS,\n inject: (options.inject ?? []) as never[],\n useFactory: async (...args: unknown[]) => {\n const config = await options.useFactory(...args);\n validateAuthModuleOptions(config);\n return config;\n },\n },\n createAsyncHooksProvider(options),\n AuthService,\n TokenService,\n JwtStrategy,\n JwtAuthGuard,\n ];\n}\n\n@Module({})\nexport class AuthModule {\n static forRoot(options: AuthModuleOptions): DynamicModule {\n const routePrefix = options.routePrefix ?? \"auth\";\n\n return {\n module: AuthModule,\n global: true,\n imports: createAuthImports(),\n controllers: [createAuthController(routePrefix)],\n providers: createCoreProviders(options),\n exports: [\n AUTH_MODULE_OPTIONS,\n AUTH_HOOKS,\n AuthService,\n TokenService,\n JwtAuthGuard,\n JwtModule,\n PassportModule,\n ],\n };\n }\n\n static forRootAsync(options: AuthModuleAsyncOptions): DynamicModule {\n const routePrefix = options.routePrefix ?? \"auth\";\n\n return {\n module: AuthModule,\n global: true,\n imports: mergeImports(options.imports),\n controllers: [createAuthController(routePrefix)],\n providers: createAsyncProviders(options),\n exports: [\n AUTH_MODULE_OPTIONS,\n AUTH_HOOKS,\n AuthService,\n TokenService,\n JwtAuthGuard,\n JwtModule,\n PassportModule,\n ],\n };\n }\n}\n","export class AuthTokensDto {\n accessToken!: string;\n refreshToken!: string;\n}\n","import { IsNotEmpty, IsString, Length } from \"class-validator\";\n\nexport class ChangePasswordDto {\n @IsString()\n @IsNotEmpty()\n currentPassword!: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n newPassword!: string;\n}\n","import { IsEmail } from \"class-validator\";\n\nexport class ForgotPasswordDto {\n @IsEmail()\n email!: string;\n}\n","import { IsEmail, IsNotEmpty, IsOptional, IsString, Length, ValidateIf } from \"class-validator\";\n\nexport class LoginDto {\n @IsOptional()\n @ValidateIf((dto: LoginDto) => dto.email != null && dto.email.trim() !== \"\")\n @IsEmail()\n @Length(3, 255)\n email?: string;\n\n @IsOptional()\n @IsString()\n @Length(3, 50)\n username?: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n password!: string;\n}\n","import { IsNotEmpty, IsString } from \"class-validator\";\n\nexport class RefreshTokenDto {\n @IsString()\n @IsNotEmpty()\n refreshToken!: string;\n}\n","export class RegisterAckDto {\n registered!: true;\n}\n","import { IsEmail, IsNotEmpty, IsOptional, IsString, Length, Matches, ValidateIf } from \"class-validator\";\n\nexport class RegisterDto {\n @IsOptional()\n @ValidateIf((dto: RegisterDto) => dto.email != null && dto.email.trim() !== \"\")\n @IsEmail()\n @Length(3, 255)\n email?: string;\n\n @IsOptional()\n @IsString()\n @Length(3, 50)\n @Matches(/^[a-zA-Z0-9._-]+$/)\n username?: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n password!: string;\n}\n","import { IsNotEmpty, IsString, Length } from \"class-validator\";\n\nexport class ResetPasswordDto {\n @IsString()\n @IsNotEmpty()\n token!: string;\n\n @IsString()\n @IsNotEmpty()\n @Length(8, 128)\n newPassword!: string;\n}\n","import { IsNotEmpty, IsString } from \"class-validator\";\n\nexport class VerifyEmailDto {\n @IsString()\n @IsNotEmpty()\n token!: string;\n}\n"]}
|
package/dist/mongo/index.cjs
CHANGED
|
@@ -18,19 +18,21 @@ var __decorateClass = (decorators, target, key, kind) => {
|
|
|
18
18
|
// src/constants/tokens.ts
|
|
19
19
|
var AUTH_MODULE_OPTIONS = "AUTH_MODULE_OPTIONS";
|
|
20
20
|
var AUTH_REPOSITORY = "AUTH_REPOSITORY";
|
|
21
|
-
|
|
22
|
-
// src/utils/identifier.util.ts
|
|
23
21
|
function normalizeIdentifier(value) {
|
|
24
22
|
return value.trim().toLowerCase();
|
|
25
23
|
}
|
|
26
24
|
function resolveRegisterIdentifier(input, field) {
|
|
27
25
|
const value = field === "email" ? input.email : input.username;
|
|
28
26
|
if (value == null || value.trim() === "") {
|
|
29
|
-
throw new
|
|
27
|
+
throw new common.BadRequestException(`Register input requires ${field}`);
|
|
30
28
|
}
|
|
31
29
|
return normalizeIdentifier(value);
|
|
32
30
|
}
|
|
33
31
|
|
|
32
|
+
// src/constants/lockout.constants.ts
|
|
33
|
+
var DEFAULT_LOCKOUT_MAX_ATTEMPTS = 5;
|
|
34
|
+
var DEFAULT_LOCKOUT_DURATION_MS = 15 * 60 * 1e3;
|
|
35
|
+
|
|
34
36
|
// src/mongo/mongo-auth.repository.ts
|
|
35
37
|
function toAccount(doc) {
|
|
36
38
|
return {
|
|
@@ -39,6 +41,8 @@ function toAccount(doc) {
|
|
|
39
41
|
...doc.username != null ? { username: doc.username } : {},
|
|
40
42
|
emailVerified: doc.emailVerified,
|
|
41
43
|
disabled: doc.disabled,
|
|
44
|
+
...doc.lastLoginAt != null ? { lastLoginAt: doc.lastLoginAt } : {},
|
|
45
|
+
...doc.passwordChangedAt != null ? { passwordChangedAt: doc.passwordChangedAt } : {},
|
|
42
46
|
createdAt: doc.createdAt,
|
|
43
47
|
updatedAt: doc.updatedAt
|
|
44
48
|
};
|
|
@@ -47,7 +51,9 @@ function toAccountWithSecrets(doc) {
|
|
|
47
51
|
return {
|
|
48
52
|
...toAccount(doc),
|
|
49
53
|
passwordHash: doc.passwordHash,
|
|
50
|
-
refreshTokenHash: doc.refreshTokenHash ?? null
|
|
54
|
+
refreshTokenHash: doc.refreshTokenHash ?? null,
|
|
55
|
+
failedLoginAttempts: doc.failedLoginAttempts ?? 0,
|
|
56
|
+
lockedUntil: doc.lockedUntil ?? null
|
|
51
57
|
};
|
|
52
58
|
}
|
|
53
59
|
exports.MongoAuthRepository = class MongoAuthRepository {
|
|
@@ -98,7 +104,10 @@ exports.MongoAuthRepository = class MongoAuthRepository {
|
|
|
98
104
|
}
|
|
99
105
|
async updatePasswordHash(id, passwordHash) {
|
|
100
106
|
if (!mongoose$1.Types.ObjectId.isValid(id)) return;
|
|
101
|
-
await this.authModel.updateOne(
|
|
107
|
+
await this.authModel.updateOne(
|
|
108
|
+
{ _id: id },
|
|
109
|
+
{ $set: { passwordHash, passwordChangedAt: /* @__PURE__ */ new Date() } }
|
|
110
|
+
).exec();
|
|
102
111
|
}
|
|
103
112
|
async setEmailVerificationToken(id, tokenHash, expiresAt) {
|
|
104
113
|
if (!mongoose$1.Types.ObjectId.isValid(id)) return;
|
|
@@ -153,6 +162,32 @@ exports.MongoAuthRepository = class MongoAuthRepository {
|
|
|
153
162
|
{ $unset: { resetTokenHash: "", resetTokenExpiresAt: "" } }
|
|
154
163
|
).exec();
|
|
155
164
|
}
|
|
165
|
+
async recordLoginSuccess(id) {
|
|
166
|
+
if (!mongoose$1.Types.ObjectId.isValid(id)) return;
|
|
167
|
+
await this.authModel.updateOne(
|
|
168
|
+
{ _id: id },
|
|
169
|
+
{
|
|
170
|
+
$set: {
|
|
171
|
+
lastLoginAt: /* @__PURE__ */ new Date(),
|
|
172
|
+
failedLoginAttempts: 0,
|
|
173
|
+
lockedUntil: null
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
).exec();
|
|
177
|
+
}
|
|
178
|
+
async recordLoginFailure(id, lockout) {
|
|
179
|
+
if (!mongoose$1.Types.ObjectId.isValid(id)) return;
|
|
180
|
+
const maxAttempts = lockout?.maxAttempts ?? DEFAULT_LOCKOUT_MAX_ATTEMPTS;
|
|
181
|
+
const lockoutDurationMs = lockout?.lockoutDurationMs ?? DEFAULT_LOCKOUT_DURATION_MS;
|
|
182
|
+
const doc = await this.authModel.findById(id).select("failedLoginAttempts").exec();
|
|
183
|
+
if (doc == null) return;
|
|
184
|
+
const attempts = (doc.failedLoginAttempts ?? 0) + 1;
|
|
185
|
+
const update = { failedLoginAttempts: attempts };
|
|
186
|
+
if (attempts >= maxAttempts) {
|
|
187
|
+
update.lockedUntil = new Date(Date.now() + lockoutDurationMs);
|
|
188
|
+
}
|
|
189
|
+
await this.authModel.updateOne({ _id: id }, { $set: update }).exec();
|
|
190
|
+
}
|
|
156
191
|
identifierQuery(identifier) {
|
|
157
192
|
const normalized = normalizeIdentifier(identifier);
|
|
158
193
|
return this.identifierField === "email" ? { email: normalized } : { username: normalized };
|
|
@@ -194,6 +229,18 @@ __decorateClass([
|
|
|
194
229
|
__decorateClass([
|
|
195
230
|
mongoose.Prop({ type: Date, required: false })
|
|
196
231
|
], exports.BaseAuthAccountSchema.prototype, "resetTokenExpiresAt", 2);
|
|
232
|
+
__decorateClass([
|
|
233
|
+
mongoose.Prop({ type: Number, default: 0 })
|
|
234
|
+
], exports.BaseAuthAccountSchema.prototype, "failedLoginAttempts", 2);
|
|
235
|
+
__decorateClass([
|
|
236
|
+
mongoose.Prop({ type: Date, required: false, default: null })
|
|
237
|
+
], exports.BaseAuthAccountSchema.prototype, "lockedUntil", 2);
|
|
238
|
+
__decorateClass([
|
|
239
|
+
mongoose.Prop({ type: Date, required: false })
|
|
240
|
+
], exports.BaseAuthAccountSchema.prototype, "lastLoginAt", 2);
|
|
241
|
+
__decorateClass([
|
|
242
|
+
mongoose.Prop({ type: Date, required: false })
|
|
243
|
+
], exports.BaseAuthAccountSchema.prototype, "passwordChangedAt", 2);
|
|
197
244
|
exports.BaseAuthAccountSchema = __decorateClass([
|
|
198
245
|
mongoose.Schema({
|
|
199
246
|
timestamps: true,
|
|
@@ -215,6 +262,10 @@ baseAuthAccountSchema.index(
|
|
|
215
262
|
partialFilterExpression: { username: { $type: "string" } }
|
|
216
263
|
}
|
|
217
264
|
);
|
|
265
|
+
baseAuthAccountSchema.index({ emailVerificationTokenHash: 1 });
|
|
266
|
+
baseAuthAccountSchema.index({ resetTokenHash: 1 });
|
|
267
|
+
baseAuthAccountSchema.index({ emailVerificationExpiresAt: 1 });
|
|
268
|
+
baseAuthAccountSchema.index({ resetTokenExpiresAt: 1 });
|
|
218
269
|
|
|
219
270
|
// src/mongo/mongo-auth.module.ts
|
|
220
271
|
exports.MongoAuthModule = class MongoAuthModule {
|
package/dist/mongo/index.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/constants/tokens.ts","../../src/utils/identifier.util.ts","../../src/mongo/mongo-auth.repository.ts","../../src/mongo/schemas/base-auth-account.schema.ts","../../src/mongo/mongo-auth.module.ts"],"names":["MongoAuthRepository","Types","Injectable","BaseAuthAccountSchema","Prop","Schema","SchemaFactory","MongoAuthModule","MongooseModule","getModelToken","Module"],"mappings":";;;;;;;;;;;;;;;;;;AACO,IAAM,mBAAA,GAAsB,qBAAA;AAE5B,IAAM,eAAA,GAAkB,iBAAA;;;ACAxB,SAAS,oBAAoB,KAAA,EAAuB;AACzD,EAAA,OAAO,KAAA,CAAM,IAAA,EAAK,CAAE,WAAA,EAAY;AAClC;AAEO,SAAS,yBAAA,CACd,OACA,KAAA,EACQ;AACR,EAAA,MAAM,KAAA,GAAQ,KAAA,KAAU,OAAA,GAAU,KAAA,CAAM,QAAQ,KAAA,CAAM,QAAA;AACtD,EAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,wBAAA,EAA2B,KAAK,CAAA,CAAE,CAAA;AAAA,EACpD;AACA,EAAA,OAAO,oBAAoB,KAAK,CAAA;AAClC;;;ACEA,SAAS,UAAU,GAAA,EAA+C;AAChE,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,GAAA,CAAI,GAAA,CAAI,QAAA,EAAS;AAAA,IACrB,GAAI,IAAI,KAAA,IAAS,IAAA,GAAO,EAAE,KAAA,EAAO,GAAA,CAAI,KAAA,EAAM,GAAI,EAAC;AAAA,IAChD,GAAI,IAAI,QAAA,IAAY,IAAA,GAAO,EAAE,QAAA,EAAU,GAAA,CAAI,QAAA,EAAS,GAAI,EAAC;AAAA,IACzD,eAAe,GAAA,CAAI,aAAA;AAAA,IACnB,UAAU,GAAA,CAAI,QAAA;AAAA,IACd,WAAW,GAAA,CAAI,SAAA;AAAA,IACf,WAAW,GAAA,CAAI;AAAA,GACjB;AACF;AAEA,SAAS,qBACP,GAAA,EACwB;AACxB,EAAA,OAAO;AAAA,IACL,GAAG,UAAU,GAAG,CAAA;AAAA,IAChB,cAAc,GAAA,CAAI,YAAA;AAAA,IAClB,gBAAA,EAAkB,IAAI,gBAAA,IAAoB;AAAA,GAC5C;AACF;AAGaA,8BAAN,yBAAA,CAAqD;AAAA,EAC1D,WAAA,CACmB,SAAA,EACA,eAAA,GAAuC,OAAA,EACxD;AAFiB,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,eAAA,GAAA,eAAA;AAAA,EAChB;AAAA,EAEH,MAAM,OAAO,IAAA,EAAmD;AAC9D,IAAA,MAAM,UAAA,GAAa,yBAAA;AAAA,MACjB,IAAA;AAAA,MACA,IAAA,CAAK;AAAA,KACP;AAEA,IAAA,MAAM,OAAA,GAAU,IAAI,IAAA,CAAK,SAAA,CAAU;AAAA,MACjC,KAAA,EACE,IAAA,CAAK,eAAA,KAAoB,OAAA,GACrB,UAAA,GACA,IAAA,CAAK,KAAA,IAAS,IAAA,GACZ,mBAAA,CAAoB,IAAA,CAAK,KAAK,CAAA,GAC9B,MAAA;AAAA,MACR,QAAA,EACE,IAAA,CAAK,eAAA,KAAoB,UAAA,GACrB,UAAA,GACA,IAAA,CAAK,QAAA,IAAY,IAAA,GACf,mBAAA,CAAoB,IAAA,CAAK,QAAQ,CAAA,GACjC,MAAA;AAAA,MACR,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,aAAA,EAAe,KAAK,aAAA,IAAiB,KAAA;AAAA,MACrC,QAAA,EAAU;AAAA,KACX,CAAA;AAED,IAAA,MAAM,KAAA,GAAQ,MAAM,OAAA,CAAQ,IAAA,EAAK;AACjC,IAAA,OAAO,UAAU,KAAK,CAAA;AAAA,EACxB;AAAA,EAEA,MAAM,YAAY,KAAA,EAAgD;AAChE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CACpB,OAAA,CAAQ,EAAE,KAAA,EAAO,mBAAA,CAAoB,KAAK,CAAA,EAAG,CAAA,CAC7C,IAAA,EAAK;AACR,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,SAAA,CAAU,GAAG,CAAA,GAAI,IAAA;AAAA,EACxC;AAAA,EAEA,MAAM,iBAAiB,UAAA,EAAqD;AAC1E,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CACpB,OAAA,CAAQ,KAAK,eAAA,CAAgB,UAAU,CAAC,CAAA,CACxC,IAAA,EAAK;AACR,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,SAAA,CAAU,GAAG,CAAA,GAAI,IAAA;AAAA,EACxC;AAAA,EAEA,MAAM,4BACJ,UAAA,EACwC;AACxC,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CACpB,OAAA,CAAQ,IAAA,CAAK,eAAA,CAAgB,UAAU,CAAC,CAAA,CACxC,MAAA,CAAO,iCAAiC,EACxC,IAAA,EAAK;AACR,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,oBAAA,CAAqB,GAAG,CAAA,GAAI,IAAA;AAAA,EACnD;AAAA,EAEA,MAAM,SAAS,EAAA,EAA6C;AAC1D,IAAA,IAAI,CAACC,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,GAAG,OAAO,IAAA;AACxC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,UAAU,QAAA,CAAS,EAAE,EAAE,IAAA,EAAK;AACnD,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,SAAA,CAAU,GAAG,CAAA,GAAI,IAAA;AAAA,EACxC;AAAA,EAEA,MAAM,oBAAoB,EAAA,EAAoD;AAC5E,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,GAAG,OAAO,IAAA;AACxC,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CACpB,QAAA,CAAS,EAAE,CAAA,CACX,MAAA,CAAO,iCAAiC,CAAA,CACxC,IAAA,EAAK;AACR,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,oBAAA,CAAqB,GAAG,CAAA,GAAI,IAAA;AAAA,EACnD;AAAA,EAEA,MAAM,sBAAA,CACJ,EAAA,EACA,IAAA,EACe;AACf,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AACjC,IAAA,MAAM,IAAA,CAAK,SAAA,CACR,SAAA,CAAU,EAAE,KAAK,EAAA,EAAG,EAAG,EAAE,IAAA,EAAM,EAAE,gBAAA,EAAkB,IAAA,EAAK,EAAG,EAC3D,IAAA,EAAK;AAAA,EACV;AAAA,EAEA,MAAM,kBAAA,CAAmB,EAAA,EAAY,YAAA,EAAqC;AACxE,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AACjC,IAAA,MAAM,IAAA,CAAK,SAAA,CACR,SAAA,CAAU,EAAE,KAAK,EAAA,EAAG,EAAG,EAAE,IAAA,EAAM,EAAE,YAAA,EAAa,EAAG,EACjD,IAAA,EAAK;AAAA,EACV;AAAA,EAEA,MAAM,yBAAA,CACJ,EAAA,EACA,SAAA,EACA,SAAA,EACe;AACf,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AACjC,IAAA,MAAM,KAAK,SAAA,CACR,SAAA;AAAA,MACC,EAAE,KAAK,EAAA,EAAG;AAAA,MACV;AAAA,QACE,IAAA,EAAM;AAAA,UACJ,0BAAA,EAA4B,SAAA;AAAA,UAC5B,0BAAA,EAA4B;AAAA;AAC9B;AACF,MAED,IAAA,EAAK;AAAA,EACV;AAAA,EAEA,MAAM,iCACJ,SAAA,EACiC;AACjC,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CACpB,OAAA,CAAQ;AAAA,MACP,0BAAA,EAA4B,SAAA;AAAA,MAC5B,0BAAA,EAA4B,EAAE,GAAA,kBAAK,IAAI,MAAK;AAAE,KAC/C,CAAA,CACA,MAAA,CAAO,6BAA6B,EACpC,IAAA,EAAK;AACR,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,SAAA,CAAU,GAAG,CAAA,GAAI,IAAA;AAAA,EACxC;AAAA,EAEA,MAAM,kBAAkB,EAAA,EAA2B;AACjD,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AACjC,IAAA,MAAM,KAAK,SAAA,CACR,SAAA;AAAA,MACC,EAAE,KAAK,EAAA,EAAG;AAAA,MACV;AAAA,QACE,IAAA,EAAM,EAAE,aAAA,EAAe,IAAA,EAAK;AAAA,QAC5B,MAAA,EAAQ;AAAA,UACN,0BAAA,EAA4B,EAAA;AAAA,UAC5B,0BAAA,EAA4B;AAAA;AAC9B;AACF,MAED,IAAA,EAAK;AAAA,EACV;AAAA,EAEA,MAAM,aAAA,CACJ,EAAA,EACA,SAAA,EACA,SAAA,EACe;AACf,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AACjC,IAAA,MAAM,KAAK,SAAA,CACR,SAAA;AAAA,MACC,EAAE,KAAK,EAAA,EAAG;AAAA,MACV,EAAE,IAAA,EAAM,EAAE,gBAAgB,SAAA,EAAW,mBAAA,EAAqB,WAAU;AAAE,MAEvE,IAAA,EAAK;AAAA,EACV;AAAA,EAEA,MAAM,qBACJ,SAAA,EACwC;AACxC,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CACpB,OAAA,CAAQ;AAAA,MACP,cAAA,EAAgB,SAAA;AAAA,MAChB,mBAAA,EAAqB,EAAE,GAAA,kBAAK,IAAI,MAAK;AAAE,KACxC,CAAA,CACA,MAAA,CAAO,+BAA+B,EACtC,IAAA,EAAK;AACR,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,oBAAA,CAAqB,GAAG,CAAA,GAAI,IAAA;AAAA,EACnD;AAAA,EAEA,MAAM,gBAAgB,EAAA,EAA2B;AAC/C,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AACjC,IAAA,MAAM,KAAK,SAAA,CACR,SAAA;AAAA,MACC,EAAE,KAAK,EAAA,EAAG;AAAA,MACV,EAAE,MAAA,EAAQ,EAAE,gBAAgB,EAAA,EAAI,mBAAA,EAAqB,IAAG;AAAE,MAE3D,IAAA,EAAK;AAAA,EACV;AAAA,EAEQ,gBAAgB,UAAA,EAAoB;AAC1C,IAAA,MAAM,UAAA,GAAa,oBAAoB,UAAU,CAAA;AACjD,IAAA,OAAO,IAAA,CAAK,oBAAoB,OAAA,GAC5B,EAAE,OAAO,UAAA,EAAW,GACpB,EAAE,QAAA,EAAU,UAAA,EAAW;AAAA,EAC7B;AACF;AArLaD,2BAAA,GAAN,eAAA,CAAA;AAAA,EADNE,iBAAA;AAAW,CAAA,EACCF,2BAAA,CAAA;ACtCN,IAAM,uBAAA,GAA0B;AAM1BG,gCAAN,2BAAA,CAA4B;AAiCnC;AA/BE,eAAA,CAAA;AAAA,EADCC,aAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,QAAA,EAAU,OAAO,IAAA,EAAM,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM;AAAA,CAAA,EADzDD,6BAAA,CAEX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,aAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,QAAA,EAAU,OAAO,IAAA,EAAM,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM;AAAA,CAAA,EAJzDD,6BAAA,CAKX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,aAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,UAAU,IAAA,EAAM,MAAA,EAAQ,OAAO;AAAA,CAAA,EAP1CD,6BAAA,CAQX,SAAA,EAAA,cAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,aAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,QAAA,EAAU,OAAO,MAAA,EAAQ,KAAA,EAAO,OAAA,EAAS,IAAA,EAAM;AAAA,CAAA,EAV1DD,6BAAA,CAWX,SAAA,EAAA,kBAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,cAAK,EAAE,IAAA,EAAM,OAAA,EAAS,OAAA,EAAS,OAAO;AAAA,CAAA,EAb5BD,6BAAA,CAcX,SAAA,EAAA,eAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,cAAK,EAAE,IAAA,EAAM,OAAA,EAAS,OAAA,EAAS,OAAO;AAAA,CAAA,EAhB5BD,6BAAA,CAiBX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,aAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,UAAU,KAAA,EAAO,MAAA,EAAQ,OAAO;AAAA,CAAA,EAnB3CD,6BAAA,CAoBX,SAAA,EAAA,4BAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,cAAK,EAAE,IAAA,EAAM,IAAA,EAAM,QAAA,EAAU,OAAO;AAAA,CAAA,EAtB1BD,6BAAA,CAuBX,SAAA,EAAA,4BAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,aAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,UAAU,KAAA,EAAO,MAAA,EAAQ,OAAO;AAAA,CAAA,EAzB3CD,6BAAA,CA0BX,SAAA,EAAA,gBAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,cAAK,EAAE,IAAA,EAAM,IAAA,EAAM,QAAA,EAAU,OAAO;AAAA,CAAA,EA5B1BD,6BAAA,CA6BX,SAAA,EAAA,qBAAA,EAAA,CAAA,CAAA;AA7BWA,6BAAA,GAAN,eAAA,CAAA;AAAA,EAJNE,eAAA,CAAO;AAAA,IACN,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY;AAAA,GACb;AAAA,CAAA,EACYF,6BAAA,CAAA;AAqCN,IAAM,qBAAA,GACXG,sBAAA,CAAc,cAAA,CAAeH,6BAAqB;AAEpD,qBAAA,CAAsB,KAAA;AAAA,EACpB,EAAE,OAAO,CAAA,EAAE;AAAA,EACX;AAAA,IACE,MAAA,EAAQ,IAAA;AAAA,IACR,yBAAyB,EAAE,KAAA,EAAO,EAAE,KAAA,EAAO,UAAS;AAAE;AAE1D,CAAA;AAEA,qBAAA,CAAsB,KAAA;AAAA,EACpB,EAAE,UAAU,CAAA,EAAE;AAAA,EACd;AAAA,IACE,MAAA,EAAQ,IAAA;AAAA,IACR,yBAAyB,EAAE,QAAA,EAAU,EAAE,KAAA,EAAO,UAAS;AAAE;AAE7D,CAAA;;;ACtCaI,0BAAN,qBAAA,CAAsB;AAAA,EAC3B,OAAO,WAAW,OAAA,EAAkD;AAClE,IAAA,MAAM,IAAA,GAAO,SAAS,IAAA,IAAQ,uBAAA;AAC9B,IAAA,MAAM,MAAA,GAAS,SAAS,MAAA,IAAU,qBAAA;AAClC,IAAA,MAAM,eAAA,GAAkB,SAAS,eAAA,IAAmB,OAAA;AAEpD,IAAA,OAAO;AAAA,MACL,MAAA,EAAQA,uBAAA;AAAA,MACR,OAAA,EAAS,CAACC,uBAAA,CAAe,UAAA,CAAW,CAAC,EAAE,IAAA,EAAM,MAAA,EAAQ,CAAC,CAAC,CAAA;AAAA,MACvD,SAAA,EAAW;AAAA,QACT;AAAA,UACE,OAAA,EAASR,2BAAA;AAAA,UACT,UAAA,EAAY,CACV,KAAA,EACA,WAAA,KAEA,IAAIA,2BAAA;AAAA,YACF,KAAA;AAAA,YACA,aAAa,eAAA,IAAmB;AAAA,WAClC;AAAA,UACF,MAAA,EAAQ;AAAA,YACNS,uBAAc,IAAI,CAAA;AAAA,YAClB,EAAE,KAAA,EAAO,mBAAA,EAAqB,QAAA,EAAU,IAAA;AAAK;AAC/C,SACF;AAAA,QACA;AAAA,UACE,OAAA,EAAS,eAAA;AAAA,UACT,WAAA,EAAaT;AAAA;AACf,OACF;AAAA,MACA,OAAA,EAAS,CAAC,eAAA,EAAiBQ,uBAAc;AAAA,KAC3C;AAAA,EACF;AACF;AAjCaD,uBAAA,GAAN,eAAA,CAAA;AAAA,EADNG,aAAA,CAAO,EAAE;AAAA,CAAA,EACGH,uBAAA,CAAA","file":"index.cjs","sourcesContent":["/** String tokens — stable across tsup entry points (index + mongo). */\nexport const AUTH_MODULE_OPTIONS = \"AUTH_MODULE_OPTIONS\";\nexport const AUTH_HOOKS = \"AUTH_HOOKS\";\nexport const AUTH_REPOSITORY = \"AUTH_REPOSITORY\";\n","import type { AuthIdentifierField } from \"../interfaces/auth-config.interface\";\nimport type { BaseAuthAccount, RegisterInput } from \"../interfaces/auth-hooks.interface\";\n\nexport function normalizeIdentifier(value: string): string {\n return value.trim().toLowerCase();\n}\n\nexport function resolveRegisterIdentifier(\n input: RegisterInput,\n field: AuthIdentifierField,\n): string {\n const value = field === \"email\" ? input.email : input.username;\n if (value == null || value.trim() === \"\") {\n throw new Error(`Register input requires ${field}`);\n }\n return normalizeIdentifier(value);\n}\n\nexport function readAccountIdentifier(\n account: BaseAuthAccount,\n field: AuthIdentifierField,\n): string | undefined {\n const value = field === \"email\" ? account.email : account.username;\n return value != null ? normalizeIdentifier(value) : undefined;\n}\n","import { Injectable } from \"@nestjs/common\";\nimport { Types, type Model } from \"mongoose\";\n\nimport type { AuthIdentifierField } from \"../interfaces/auth-config.interface\";\nimport type {\n AuthAccountWithSecrets,\n BaseAuthAccount,\n} from \"../interfaces/auth-hooks.interface\";\nimport type {\n CreateAccountData,\n IAuthRepository,\n} from \"../interfaces/auth-repository.interface\";\nimport {\n normalizeIdentifier,\n resolveRegisterIdentifier,\n} from \"../utils/identifier.util\";\nimport type { BaseAuthAccountDocument } from \"./schemas/base-auth-account.schema\";\n\nfunction toAccount(doc: BaseAuthAccountDocument): BaseAuthAccount {\n return {\n id: doc._id.toString(),\n ...(doc.email != null ? { email: doc.email } : {}),\n ...(doc.username != null ? { username: doc.username } : {}),\n emailVerified: doc.emailVerified,\n disabled: doc.disabled,\n createdAt: doc.createdAt,\n updatedAt: doc.updatedAt,\n };\n}\n\nfunction toAccountWithSecrets(\n doc: BaseAuthAccountDocument,\n): AuthAccountWithSecrets {\n return {\n ...toAccount(doc),\n passwordHash: doc.passwordHash,\n refreshTokenHash: doc.refreshTokenHash ?? null,\n };\n}\n\n@Injectable()\nexport class MongoAuthRepository implements IAuthRepository {\n constructor(\n private readonly authModel: Model<BaseAuthAccountDocument>,\n private readonly identifierField: AuthIdentifierField = \"email\",\n ) {}\n\n async create(data: CreateAccountData): Promise<BaseAuthAccount> {\n const identifier = resolveRegisterIdentifier(\n data,\n this.identifierField,\n );\n\n const created = new this.authModel({\n email:\n this.identifierField === \"email\"\n ? identifier\n : data.email != null\n ? normalizeIdentifier(data.email)\n : undefined,\n username:\n this.identifierField === \"username\"\n ? identifier\n : data.username != null\n ? normalizeIdentifier(data.username)\n : undefined,\n passwordHash: data.passwordHash,\n emailVerified: data.emailVerified ?? false,\n disabled: false,\n });\n\n const saved = await created.save();\n return toAccount(saved);\n }\n\n async findByEmail(email: string): Promise<BaseAuthAccount | null> {\n const doc = await this.authModel\n .findOne({ email: normalizeIdentifier(email) })\n .exec();\n return doc != null ? toAccount(doc) : null;\n }\n\n async findByIdentifier(identifier: string): Promise<BaseAuthAccount | null> {\n const doc = await this.authModel\n .findOne(this.identifierQuery(identifier))\n .exec();\n return doc != null ? toAccount(doc) : null;\n }\n\n async findByIdentifierWithSecrets(\n identifier: string,\n ): Promise<AuthAccountWithSecrets | null> {\n const doc = await this.authModel\n .findOne(this.identifierQuery(identifier))\n .select(\"+passwordHash +refreshTokenHash\")\n .exec();\n return doc != null ? toAccountWithSecrets(doc) : null;\n }\n\n async findById(id: string): Promise<BaseAuthAccount | null> {\n if (!Types.ObjectId.isValid(id)) return null;\n const doc = await this.authModel.findById(id).exec();\n return doc != null ? toAccount(doc) : null;\n }\n\n async findByIdWithSecrets(id: string): Promise<AuthAccountWithSecrets | null> {\n if (!Types.ObjectId.isValid(id)) return null;\n const doc = await this.authModel\n .findById(id)\n .select(\"+passwordHash +refreshTokenHash\")\n .exec();\n return doc != null ? toAccountWithSecrets(doc) : null;\n }\n\n async updateRefreshTokenHash(\n id: string,\n hash: string | null,\n ): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n await this.authModel\n .updateOne({ _id: id }, { $set: { refreshTokenHash: hash } })\n .exec();\n }\n\n async updatePasswordHash(id: string, passwordHash: string): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n await this.authModel\n .updateOne({ _id: id }, { $set: { passwordHash } })\n .exec();\n }\n\n async setEmailVerificationToken(\n id: string,\n tokenHash: string,\n expiresAt: Date,\n ): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n await this.authModel\n .updateOne(\n { _id: id },\n {\n $set: {\n emailVerificationTokenHash: tokenHash,\n emailVerificationExpiresAt: expiresAt,\n },\n },\n )\n .exec();\n }\n\n async findByEmailVerificationTokenHash(\n tokenHash: string,\n ): Promise<BaseAuthAccount | null> {\n const doc = await this.authModel\n .findOne({\n emailVerificationTokenHash: tokenHash,\n emailVerificationExpiresAt: { $gt: new Date() },\n })\n .select(\"+emailVerificationTokenHash\")\n .exec();\n return doc != null ? toAccount(doc) : null;\n }\n\n async markEmailVerified(id: string): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n await this.authModel\n .updateOne(\n { _id: id },\n {\n $set: { emailVerified: true },\n $unset: {\n emailVerificationTokenHash: \"\",\n emailVerificationExpiresAt: \"\",\n },\n },\n )\n .exec();\n }\n\n async setResetToken(\n id: string,\n tokenHash: string,\n expiresAt: Date,\n ): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n await this.authModel\n .updateOne(\n { _id: id },\n { $set: { resetTokenHash: tokenHash, resetTokenExpiresAt: expiresAt } },\n )\n .exec();\n }\n\n async findByResetTokenHash(\n tokenHash: string,\n ): Promise<AuthAccountWithSecrets | null> {\n const doc = await this.authModel\n .findOne({\n resetTokenHash: tokenHash,\n resetTokenExpiresAt: { $gt: new Date() },\n })\n .select(\"+passwordHash +resetTokenHash\")\n .exec();\n return doc != null ? toAccountWithSecrets(doc) : null;\n }\n\n async clearResetToken(id: string): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n await this.authModel\n .updateOne(\n { _id: id },\n { $unset: { resetTokenHash: \"\", resetTokenExpiresAt: \"\" } },\n )\n .exec();\n }\n\n private identifierQuery(identifier: string) {\n const normalized = normalizeIdentifier(identifier);\n return this.identifierField === \"email\"\n ? { email: normalized }\n : { username: normalized };\n }\n}\n","import { Prop, Schema, SchemaFactory } from \"@nestjs/mongoose\";\nimport type { HydratedDocument } from \"mongoose\";\n\nexport const BASE_AUTH_ACCOUNT_MODEL = \"AuthAccount\";\n\n@Schema({\n timestamps: true,\n collection: \"auth_accounts\",\n})\nexport class BaseAuthAccountSchema {\n @Prop({ type: String, required: false, trim: true, lowercase: true })\n email?: string;\n\n @Prop({ type: String, required: false, trim: true, lowercase: true })\n username?: string;\n\n @Prop({ type: String, required: true, select: false })\n passwordHash!: string;\n\n @Prop({ type: String, required: false, select: false, default: null })\n refreshTokenHash?: string | null;\n\n @Prop({ type: Boolean, default: false })\n emailVerified!: boolean;\n\n @Prop({ type: Boolean, default: false })\n disabled!: boolean;\n\n @Prop({ type: String, required: false, select: false })\n emailVerificationTokenHash?: string;\n\n @Prop({ type: Date, required: false })\n emailVerificationExpiresAt?: Date;\n\n @Prop({ type: String, required: false, select: false })\n resetTokenHash?: string;\n\n @Prop({ type: Date, required: false })\n resetTokenExpiresAt?: Date;\n\n createdAt!: Date;\n updatedAt!: Date;\n}\n\nexport type BaseAuthAccountDocument = HydratedDocument<BaseAuthAccountSchema>;\n\nexport const baseAuthAccountSchema =\n SchemaFactory.createForClass(BaseAuthAccountSchema);\n\nbaseAuthAccountSchema.index(\n { email: 1 },\n {\n unique: true,\n partialFilterExpression: { email: { $type: \"string\" } },\n },\n);\n\nbaseAuthAccountSchema.index(\n { username: 1 },\n {\n unique: true,\n partialFilterExpression: { username: { $type: \"string\" } },\n },\n);\n","import { DynamicModule, Module } from \"@nestjs/common\";\nimport { getModelToken } from \"@nestjs/mongoose\";\nimport { MongooseModule } from \"@nestjs/mongoose\";\nimport type { Model, Schema } from \"mongoose\";\n\nimport { AUTH_MODULE_OPTIONS, AUTH_REPOSITORY } from \"../constants/tokens\";\nimport type { AuthIdentifierField } from \"../interfaces/auth-config.interface\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport { MongoAuthRepository } from \"./mongo-auth.repository\";\nimport {\n BASE_AUTH_ACCOUNT_MODEL,\n baseAuthAccountSchema,\n type BaseAuthAccountDocument,\n} from \"./schemas/base-auth-account.schema\";\n\nexport interface MongoAuthFeatureOptions {\n /** Mongoose model name. Default: `AuthAccount`. */\n name?: string;\n /** Custom schema (e.g. extended with orgId, roleId). Default: base auth schema. */\n schema?: Schema;\n /** Identifier field when AuthModule options are not yet available. Default: `email`. */\n identifierField?: AuthIdentifierField;\n}\n\n@Module({})\nexport class MongoAuthModule {\n static forFeature(options?: MongoAuthFeatureOptions): DynamicModule {\n const name = options?.name ?? BASE_AUTH_ACCOUNT_MODEL;\n const schema = options?.schema ?? baseAuthAccountSchema;\n const identifierField = options?.identifierField ?? \"email\";\n\n return {\n module: MongoAuthModule,\n imports: [MongooseModule.forFeature([{ name, schema }])],\n providers: [\n {\n provide: MongoAuthRepository,\n useFactory: (\n model: Model<BaseAuthAccountDocument>,\n authOptions?: AuthModuleOptions,\n ) =>\n new MongoAuthRepository(\n model,\n authOptions?.identifierField ?? identifierField,\n ),\n inject: [\n getModelToken(name),\n { token: AUTH_MODULE_OPTIONS, optional: true },\n ],\n },\n {\n provide: AUTH_REPOSITORY,\n useExisting: MongoAuthRepository,\n },\n ],\n exports: [AUTH_REPOSITORY, MongooseModule],\n };\n }\n}"]}
|
|
1
|
+
{"version":3,"sources":["../../src/constants/tokens.ts","../../src/utils/identifier.util.ts","../../src/constants/lockout.constants.ts","../../src/mongo/mongo-auth.repository.ts","../../src/mongo/schemas/base-auth-account.schema.ts","../../src/mongo/mongo-auth.module.ts"],"names":["BadRequestException","MongoAuthRepository","Types","Injectable","BaseAuthAccountSchema","Prop","Schema","SchemaFactory","MongoAuthModule","MongooseModule","getModelToken","Module"],"mappings":";;;;;;;;;;;;;;;;;;AACO,IAAM,mBAAA,GAAsB,qBAAA;AAE5B,IAAM,eAAA,GAAkB,iBAAA;ACExB,SAAS,oBAAoB,KAAA,EAAuB;AACzD,EAAA,OAAO,KAAA,CAAM,IAAA,EAAK,CAAE,WAAA,EAAY;AAClC;AAEO,SAAS,yBAAA,CACd,OACA,KAAA,EACQ;AACR,EAAA,MAAM,KAAA,GAAQ,KAAA,KAAU,OAAA,GAAU,KAAA,CAAM,QAAQ,KAAA,CAAM,QAAA;AACtD,EAAA,IAAI,KAAA,IAAS,IAAA,IAAQ,KAAA,CAAM,IAAA,OAAW,EAAA,EAAI;AACxC,IAAA,MAAM,IAAIA,0BAAA,CAAoB,CAAA,wBAAA,EAA2B,KAAK,CAAA,CAAE,CAAA;AAAA,EAClE;AACA,EAAA,OAAO,oBAAoB,KAAK,CAAA;AAClC;;;AClBO,IAAM,4BAAA,GAA+B,CAAA;AACrC,IAAM,2BAAA,GAA8B,KAAK,EAAA,GAAK,GAAA;;;ACsBrD,SAAS,UAAU,GAAA,EAA+C;AAChE,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,GAAA,CAAI,GAAA,CAAI,QAAA,EAAS;AAAA,IACrB,GAAI,IAAI,KAAA,IAAS,IAAA,GAAO,EAAE,KAAA,EAAO,GAAA,CAAI,KAAA,EAAM,GAAI,EAAC;AAAA,IAChD,GAAI,IAAI,QAAA,IAAY,IAAA,GAAO,EAAE,QAAA,EAAU,GAAA,CAAI,QAAA,EAAS,GAAI,EAAC;AAAA,IACzD,eAAe,GAAA,CAAI,aAAA;AAAA,IACnB,UAAU,GAAA,CAAI,QAAA;AAAA,IACd,GAAI,IAAI,WAAA,IAAe,IAAA,GAAO,EAAE,WAAA,EAAa,GAAA,CAAI,WAAA,EAAY,GAAI,EAAC;AAAA,IAClE,GAAI,IAAI,iBAAA,IAAqB,IAAA,GACzB,EAAE,iBAAA,EAAmB,GAAA,CAAI,iBAAA,EAAkB,GAC3C,EAAC;AAAA,IACL,WAAW,GAAA,CAAI,SAAA;AAAA,IACf,WAAW,GAAA,CAAI;AAAA,GACjB;AACF;AAEA,SAAS,qBACP,GAAA,EACwB;AACxB,EAAA,OAAO;AAAA,IACL,GAAG,UAAU,GAAG,CAAA;AAAA,IAChB,cAAc,GAAA,CAAI,YAAA;AAAA,IAClB,gBAAA,EAAkB,IAAI,gBAAA,IAAoB,IAAA;AAAA,IAC1C,mBAAA,EAAqB,IAAI,mBAAA,IAAuB,CAAA;AAAA,IAChD,WAAA,EAAa,IAAI,WAAA,IAAe;AAAA,GAClC;AACF;AAGaC,8BAAN,yBAAA,CAAqD;AAAA,EAC1D,WAAA,CACmB,SAAA,EACA,eAAA,GAAuC,OAAA,EACxD;AAFiB,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,eAAA,GAAA,eAAA;AAAA,EAChB;AAAA,EAEH,MAAM,OAAO,IAAA,EAAmD;AAC9D,IAAA,MAAM,UAAA,GAAa,yBAAA;AAAA,MACjB,IAAA;AAAA,MACA,IAAA,CAAK;AAAA,KACP;AAEA,IAAA,MAAM,OAAA,GAAU,IAAI,IAAA,CAAK,SAAA,CAAU;AAAA,MACjC,KAAA,EACE,IAAA,CAAK,eAAA,KAAoB,OAAA,GACrB,UAAA,GACA,IAAA,CAAK,KAAA,IAAS,IAAA,GACZ,mBAAA,CAAoB,IAAA,CAAK,KAAK,CAAA,GAC9B,MAAA;AAAA,MACR,QAAA,EACE,IAAA,CAAK,eAAA,KAAoB,UAAA,GACrB,UAAA,GACA,IAAA,CAAK,QAAA,IAAY,IAAA,GACf,mBAAA,CAAoB,IAAA,CAAK,QAAQ,CAAA,GACjC,MAAA;AAAA,MACR,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,aAAA,EAAe,KAAK,aAAA,IAAiB,KAAA;AAAA,MACrC,QAAA,EAAU;AAAA,KACX,CAAA;AAED,IAAA,MAAM,KAAA,GAAQ,MAAM,OAAA,CAAQ,IAAA,EAAK;AACjC,IAAA,OAAO,UAAU,KAAK,CAAA;AAAA,EACxB;AAAA,EAEA,MAAM,YAAY,KAAA,EAAgD;AAChE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CACpB,OAAA,CAAQ,EAAE,KAAA,EAAO,mBAAA,CAAoB,KAAK,CAAA,EAAG,CAAA,CAC7C,IAAA,EAAK;AACR,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,SAAA,CAAU,GAAG,CAAA,GAAI,IAAA;AAAA,EACxC;AAAA,EAEA,MAAM,iBAAiB,UAAA,EAAqD;AAC1E,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CACpB,OAAA,CAAQ,KAAK,eAAA,CAAgB,UAAU,CAAC,CAAA,CACxC,IAAA,EAAK;AACR,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,SAAA,CAAU,GAAG,CAAA,GAAI,IAAA;AAAA,EACxC;AAAA,EAEA,MAAM,4BACJ,UAAA,EACwC;AACxC,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CACpB,OAAA,CAAQ,IAAA,CAAK,eAAA,CAAgB,UAAU,CAAC,CAAA,CACxC,MAAA,CAAO,iCAAiC,EACxC,IAAA,EAAK;AACR,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,oBAAA,CAAqB,GAAG,CAAA,GAAI,IAAA;AAAA,EACnD;AAAA,EAEA,MAAM,SAAS,EAAA,EAA6C;AAC1D,IAAA,IAAI,CAACC,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,GAAG,OAAO,IAAA;AACxC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,UAAU,QAAA,CAAS,EAAE,EAAE,IAAA,EAAK;AACnD,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,SAAA,CAAU,GAAG,CAAA,GAAI,IAAA;AAAA,EACxC;AAAA,EAEA,MAAM,oBAAoB,EAAA,EAAoD;AAC5E,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,GAAG,OAAO,IAAA;AACxC,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CACpB,QAAA,CAAS,EAAE,CAAA,CACX,MAAA,CAAO,iCAAiC,CAAA,CACxC,IAAA,EAAK;AACR,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,oBAAA,CAAqB,GAAG,CAAA,GAAI,IAAA;AAAA,EACnD;AAAA,EAEA,MAAM,sBAAA,CACJ,EAAA,EACA,IAAA,EACe;AACf,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AACjC,IAAA,MAAM,IAAA,CAAK,SAAA,CACR,SAAA,CAAU,EAAE,KAAK,EAAA,EAAG,EAAG,EAAE,IAAA,EAAM,EAAE,gBAAA,EAAkB,IAAA,EAAK,EAAG,EAC3D,IAAA,EAAK;AAAA,EACV;AAAA,EAEA,MAAM,kBAAA,CAAmB,EAAA,EAAY,YAAA,EAAqC;AACxE,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AACjC,IAAA,MAAM,KAAK,SAAA,CACR,SAAA;AAAA,MACC,EAAE,KAAK,EAAA,EAAG;AAAA,MACV,EAAE,MAAM,EAAE,YAAA,EAAc,mCAAmB,IAAI,IAAA,IAAO;AAAE,MAEzD,IAAA,EAAK;AAAA,EACV;AAAA,EAEA,MAAM,yBAAA,CACJ,EAAA,EACA,SAAA,EACA,SAAA,EACe;AACf,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AACjC,IAAA,MAAM,KAAK,SAAA,CACR,SAAA;AAAA,MACC,EAAE,KAAK,EAAA,EAAG;AAAA,MACV;AAAA,QACE,IAAA,EAAM;AAAA,UACJ,0BAAA,EAA4B,SAAA;AAAA,UAC5B,0BAAA,EAA4B;AAAA;AAC9B;AACF,MAED,IAAA,EAAK;AAAA,EACV;AAAA,EAEA,MAAM,iCACJ,SAAA,EACiC;AACjC,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CACpB,OAAA,CAAQ;AAAA,MACP,0BAAA,EAA4B,SAAA;AAAA,MAC5B,0BAAA,EAA4B,EAAE,GAAA,kBAAK,IAAI,MAAK;AAAE,KAC/C,CAAA,CACA,MAAA,CAAO,6BAA6B,EACpC,IAAA,EAAK;AACR,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,SAAA,CAAU,GAAG,CAAA,GAAI,IAAA;AAAA,EACxC;AAAA,EAEA,MAAM,kBAAkB,EAAA,EAA2B;AACjD,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AACjC,IAAA,MAAM,KAAK,SAAA,CACR,SAAA;AAAA,MACC,EAAE,KAAK,EAAA,EAAG;AAAA,MACV;AAAA,QACE,IAAA,EAAM,EAAE,aAAA,EAAe,IAAA,EAAK;AAAA,QAC5B,MAAA,EAAQ;AAAA,UACN,0BAAA,EAA4B,EAAA;AAAA,UAC5B,0BAAA,EAA4B;AAAA;AAC9B;AACF,MAED,IAAA,EAAK;AAAA,EACV;AAAA,EAEA,MAAM,aAAA,CACJ,EAAA,EACA,SAAA,EACA,SAAA,EACe;AACf,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AACjC,IAAA,MAAM,KAAK,SAAA,CACR,SAAA;AAAA,MACC,EAAE,KAAK,EAAA,EAAG;AAAA,MACV,EAAE,IAAA,EAAM,EAAE,gBAAgB,SAAA,EAAW,mBAAA,EAAqB,WAAU;AAAE,MAEvE,IAAA,EAAK;AAAA,EACV;AAAA,EAEA,MAAM,qBACJ,SAAA,EACwC;AACxC,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CACpB,OAAA,CAAQ;AAAA,MACP,cAAA,EAAgB,SAAA;AAAA,MAChB,mBAAA,EAAqB,EAAE,GAAA,kBAAK,IAAI,MAAK;AAAE,KACxC,CAAA,CACA,MAAA,CAAO,+BAA+B,EACtC,IAAA,EAAK;AACR,IAAA,OAAO,GAAA,IAAO,IAAA,GAAO,oBAAA,CAAqB,GAAG,CAAA,GAAI,IAAA;AAAA,EACnD;AAAA,EAEA,MAAM,gBAAgB,EAAA,EAA2B;AAC/C,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AACjC,IAAA,MAAM,KAAK,SAAA,CACR,SAAA;AAAA,MACC,EAAE,KAAK,EAAA,EAAG;AAAA,MACV,EAAE,MAAA,EAAQ,EAAE,gBAAgB,EAAA,EAAI,mBAAA,EAAqB,IAAG;AAAE,MAE3D,IAAA,EAAK;AAAA,EACV;AAAA,EAEA,MAAM,mBAAmB,EAAA,EAA2B;AAClD,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AACjC,IAAA,MAAM,KAAK,SAAA,CACR,SAAA;AAAA,MACC,EAAE,KAAK,EAAA,EAAG;AAAA,MACV;AAAA,QACE,IAAA,EAAM;AAAA,UACJ,WAAA,sBAAiB,IAAA,EAAK;AAAA,UACtB,mBAAA,EAAqB,CAAA;AAAA,UACrB,WAAA,EAAa;AAAA;AACf;AACF,MAED,IAAA,EAAK;AAAA,EACV;AAAA,EAEA,MAAM,kBAAA,CACJ,EAAA,EACA,OAAA,EACe;AACf,IAAA,IAAI,CAACA,gBAAA,CAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,CAAA,EAAG;AAEjC,IAAA,MAAM,WAAA,GAAc,SAAS,WAAA,IAAe,4BAAA;AAC5C,IAAA,MAAM,iBAAA,GACJ,SAAS,iBAAA,IAAqB,2BAAA;AAEhC,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CACpB,QAAA,CAAS,EAAE,CAAA,CACX,MAAA,CAAO,qBAAqB,CAAA,CAC5B,IAAA,EAAK;AACR,IAAA,IAAI,OAAO,IAAA,EAAM;AAEjB,IAAA,MAAM,QAAA,GAAA,CAAY,GAAA,CAAI,mBAAA,IAAuB,CAAA,IAAK,CAAA;AAClD,IAAA,MAAM,MAAA,GAAkC,EAAE,mBAAA,EAAqB,QAAA,EAAS;AAExE,IAAA,IAAI,YAAY,WAAA,EAAa;AAC3B,MAAA,MAAA,CAAO,cAAc,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,iBAAiB,CAAA;AAAA,IAC9D;AAEA,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,SAAA,CAAU,EAAE,GAAA,EAAK,EAAA,EAAG,EAAG,EAAE,IAAA,EAAM,MAAA,EAAQ,CAAA,CAAE,IAAA,EAAK;AAAA,EACrE;AAAA,EAEQ,gBAAgB,UAAA,EAAoB;AAC1C,IAAA,MAAM,UAAA,GAAa,oBAAoB,UAAU,CAAA;AACjD,IAAA,OAAO,IAAA,CAAK,oBAAoB,OAAA,GAC5B,EAAE,OAAO,UAAA,EAAW,GACpB,EAAE,QAAA,EAAU,UAAA,EAAW;AAAA,EAC7B;AACF;AAlOaD,2BAAA,GAAN,eAAA,CAAA;AAAA,EADNE,iBAAA;AAAW,CAAA,EACCF,2BAAA,CAAA;ACjDN,IAAM,uBAAA,GAA0B;AAM1BG,gCAAN,2BAAA,CAA4B;AA6CnC;AA3CE,eAAA,CAAA;AAAA,EADCC,aAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,QAAA,EAAU,OAAO,IAAA,EAAM,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM;AAAA,CAAA,EADzDD,6BAAA,CAEX,SAAA,EAAA,OAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,aAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,QAAA,EAAU,OAAO,IAAA,EAAM,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM;AAAA,CAAA,EAJzDD,6BAAA,CAKX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,aAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,UAAU,IAAA,EAAM,MAAA,EAAQ,OAAO;AAAA,CAAA,EAP1CD,6BAAA,CAQX,SAAA,EAAA,cAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,aAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,QAAA,EAAU,OAAO,MAAA,EAAQ,KAAA,EAAO,OAAA,EAAS,IAAA,EAAM;AAAA,CAAA,EAV1DD,6BAAA,CAWX,SAAA,EAAA,kBAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,cAAK,EAAE,IAAA,EAAM,OAAA,EAAS,OAAA,EAAS,OAAO;AAAA,CAAA,EAb5BD,6BAAA,CAcX,SAAA,EAAA,eAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,cAAK,EAAE,IAAA,EAAM,OAAA,EAAS,OAAA,EAAS,OAAO;AAAA,CAAA,EAhB5BD,6BAAA,CAiBX,SAAA,EAAA,UAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,aAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,UAAU,KAAA,EAAO,MAAA,EAAQ,OAAO;AAAA,CAAA,EAnB3CD,6BAAA,CAoBX,SAAA,EAAA,4BAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,cAAK,EAAE,IAAA,EAAM,IAAA,EAAM,QAAA,EAAU,OAAO;AAAA,CAAA,EAtB1BD,6BAAA,CAuBX,SAAA,EAAA,4BAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,aAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,UAAU,KAAA,EAAO,MAAA,EAAQ,OAAO;AAAA,CAAA,EAzB3CD,6BAAA,CA0BX,SAAA,EAAA,gBAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,cAAK,EAAE,IAAA,EAAM,IAAA,EAAM,QAAA,EAAU,OAAO;AAAA,CAAA,EA5B1BD,6BAAA,CA6BX,SAAA,EAAA,qBAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,cAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,OAAA,EAAS,GAAG;AAAA,CAAA,EA/BvBD,6BAAA,CAgCX,SAAA,EAAA,qBAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,aAAA,CAAK,EAAE,IAAA,EAAM,IAAA,EAAM,UAAU,KAAA,EAAO,OAAA,EAAS,MAAM;AAAA,CAAA,EAlCzCD,6BAAA,CAmCX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,cAAK,EAAE,IAAA,EAAM,IAAA,EAAM,QAAA,EAAU,OAAO;AAAA,CAAA,EArC1BD,6BAAA,CAsCX,SAAA,EAAA,aAAA,EAAA,CAAA,CAAA;AAGA,eAAA,CAAA;AAAA,EADCC,cAAK,EAAE,IAAA,EAAM,IAAA,EAAM,QAAA,EAAU,OAAO;AAAA,CAAA,EAxC1BD,6BAAA,CAyCX,SAAA,EAAA,mBAAA,EAAA,CAAA,CAAA;AAzCWA,6BAAA,GAAN,eAAA,CAAA;AAAA,EAJNE,eAAA,CAAO;AAAA,IACN,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY;AAAA,GACb;AAAA,CAAA,EACYF,6BAAA,CAAA;AAiDN,IAAM,qBAAA,GACXG,sBAAA,CAAc,cAAA,CAAeH,6BAAqB;AAEpD,qBAAA,CAAsB,KAAA;AAAA,EACpB,EAAE,OAAO,CAAA,EAAE;AAAA,EACX;AAAA,IACE,MAAA,EAAQ,IAAA;AAAA,IACR,yBAAyB,EAAE,KAAA,EAAO,EAAE,KAAA,EAAO,UAAS;AAAE;AAE1D,CAAA;AAEA,qBAAA,CAAsB,KAAA;AAAA,EACpB,EAAE,UAAU,CAAA,EAAE;AAAA,EACd;AAAA,IACE,MAAA,EAAQ,IAAA;AAAA,IACR,yBAAyB,EAAE,QAAA,EAAU,EAAE,KAAA,EAAO,UAAS;AAAE;AAE7D,CAAA;AAEA,qBAAA,CAAsB,KAAA,CAAM,EAAE,0BAAA,EAA4B,CAAA,EAAG,CAAA;AAC7D,qBAAA,CAAsB,KAAA,CAAM,EAAE,cAAA,EAAgB,CAAA,EAAG,CAAA;AACjD,qBAAA,CAAsB,KAAA,CAAM,EAAE,0BAAA,EAA4B,CAAA,EAAG,CAAA;AAC7D,qBAAA,CAAsB,KAAA,CAAM,EAAE,mBAAA,EAAqB,CAAA,EAAG,CAAA;;;ACvDzCI,0BAAN,qBAAA,CAAsB;AAAA,EAC3B,OAAO,WAAW,OAAA,EAAkD;AAClE,IAAA,MAAM,IAAA,GAAO,SAAS,IAAA,IAAQ,uBAAA;AAC9B,IAAA,MAAM,MAAA,GAAS,SAAS,MAAA,IAAU,qBAAA;AAClC,IAAA,MAAM,eAAA,GAAkB,SAAS,eAAA,IAAmB,OAAA;AAEpD,IAAA,OAAO;AAAA,MACL,MAAA,EAAQA,uBAAA;AAAA,MACR,OAAA,EAAS,CAACC,uBAAA,CAAe,UAAA,CAAW,CAAC,EAAE,IAAA,EAAM,MAAA,EAAQ,CAAC,CAAC,CAAA;AAAA,MACvD,SAAA,EAAW;AAAA,QACT;AAAA,UACE,OAAA,EAASR,2BAAA;AAAA,UACT,UAAA,EAAY,CACV,KAAA,EACA,WAAA,KAEA,IAAIA,2BAAA;AAAA,YACF,KAAA;AAAA,YACA,aAAa,eAAA,IAAmB;AAAA,WAClC;AAAA,UACF,MAAA,EAAQ;AAAA,YACNS,uBAAc,IAAI,CAAA;AAAA,YAClB,EAAE,KAAA,EAAO,mBAAA,EAAqB,QAAA,EAAU,IAAA;AAAK;AAC/C,SACF;AAAA,QACA;AAAA,UACE,OAAA,EAAS,eAAA;AAAA,UACT,WAAA,EAAaT;AAAA;AACf,OACF;AAAA,MACA,OAAA,EAAS,CAAC,eAAA,EAAiBQ,uBAAc;AAAA,KAC3C;AAAA,EACF;AACF;AAjCaD,uBAAA,GAAN,eAAA,CAAA;AAAA,EADNG,aAAA,CAAO,EAAE;AAAA,CAAA,EACGH,uBAAA,CAAA","file":"index.cjs","sourcesContent":["/** String tokens — stable across tsup entry points (index + mongo). */\nexport const AUTH_MODULE_OPTIONS = \"AUTH_MODULE_OPTIONS\";\nexport const AUTH_HOOKS = \"AUTH_HOOKS\";\nexport const AUTH_REPOSITORY = \"AUTH_REPOSITORY\";\n","import { BadRequestException } from \"@nestjs/common\";\n\nimport type { AuthIdentifierField } from \"../interfaces/auth-config.interface\";\nimport type { BaseAuthAccount, RegisterInput } from \"../interfaces/auth-hooks.interface\";\n\nexport function normalizeIdentifier(value: string): string {\n return value.trim().toLowerCase();\n}\n\nexport function resolveRegisterIdentifier(\n input: RegisterInput,\n field: AuthIdentifierField,\n): string {\n const value = field === \"email\" ? input.email : input.username;\n if (value == null || value.trim() === \"\") {\n throw new BadRequestException(`Register input requires ${field}`);\n }\n return normalizeIdentifier(value);\n}\n\nexport function readAccountIdentifier(\n account: BaseAuthAccount,\n field: AuthIdentifierField,\n): string | undefined {\n const value = field === \"email\" ? account.email : account.username;\n return value != null ? normalizeIdentifier(value) : undefined;\n}\n","export const DEFAULT_LOCKOUT_MAX_ATTEMPTS = 5;\nexport const DEFAULT_LOCKOUT_DURATION_MS = 15 * 60 * 1000;\n","import { Injectable } from \"@nestjs/common\";\nimport { Types, type Model } from \"mongoose\";\n\nimport type { AuthIdentifierField } from \"../interfaces/auth-config.interface\";\nimport type { AuthLockoutOptions } from \"../interfaces/auth-config.interface\";\nimport type {\n AuthAccountWithSecrets,\n BaseAuthAccount,\n} from \"../interfaces/auth-hooks.interface\";\nimport type {\n CreateAccountData,\n IAuthRepository,\n} from \"../interfaces/auth-repository.interface\";\nimport {\n normalizeIdentifier,\n resolveRegisterIdentifier,\n} from \"../utils/identifier.util\";\nimport {\n DEFAULT_LOCKOUT_DURATION_MS,\n DEFAULT_LOCKOUT_MAX_ATTEMPTS,\n} from \"../constants/lockout.constants\";\nimport type { BaseAuthAccountDocument } from \"./schemas/base-auth-account.schema\";\n\nfunction toAccount(doc: BaseAuthAccountDocument): BaseAuthAccount {\n return {\n id: doc._id.toString(),\n ...(doc.email != null ? { email: doc.email } : {}),\n ...(doc.username != null ? { username: doc.username } : {}),\n emailVerified: doc.emailVerified,\n disabled: doc.disabled,\n ...(doc.lastLoginAt != null ? { lastLoginAt: doc.lastLoginAt } : {}),\n ...(doc.passwordChangedAt != null\n ? { passwordChangedAt: doc.passwordChangedAt }\n : {}),\n createdAt: doc.createdAt,\n updatedAt: doc.updatedAt,\n };\n}\n\nfunction toAccountWithSecrets(\n doc: BaseAuthAccountDocument,\n): AuthAccountWithSecrets {\n return {\n ...toAccount(doc),\n passwordHash: doc.passwordHash,\n refreshTokenHash: doc.refreshTokenHash ?? null,\n failedLoginAttempts: doc.failedLoginAttempts ?? 0,\n lockedUntil: doc.lockedUntil ?? null,\n };\n}\n\n@Injectable()\nexport class MongoAuthRepository implements IAuthRepository {\n constructor(\n private readonly authModel: Model<BaseAuthAccountDocument>,\n private readonly identifierField: AuthIdentifierField = \"email\",\n ) {}\n\n async create(data: CreateAccountData): Promise<BaseAuthAccount> {\n const identifier = resolveRegisterIdentifier(\n data,\n this.identifierField,\n );\n\n const created = new this.authModel({\n email:\n this.identifierField === \"email\"\n ? identifier\n : data.email != null\n ? normalizeIdentifier(data.email)\n : undefined,\n username:\n this.identifierField === \"username\"\n ? identifier\n : data.username != null\n ? normalizeIdentifier(data.username)\n : undefined,\n passwordHash: data.passwordHash,\n emailVerified: data.emailVerified ?? false,\n disabled: false,\n });\n\n const saved = await created.save();\n return toAccount(saved);\n }\n\n async findByEmail(email: string): Promise<BaseAuthAccount | null> {\n const doc = await this.authModel\n .findOne({ email: normalizeIdentifier(email) })\n .exec();\n return doc != null ? toAccount(doc) : null;\n }\n\n async findByIdentifier(identifier: string): Promise<BaseAuthAccount | null> {\n const doc = await this.authModel\n .findOne(this.identifierQuery(identifier))\n .exec();\n return doc != null ? toAccount(doc) : null;\n }\n\n async findByIdentifierWithSecrets(\n identifier: string,\n ): Promise<AuthAccountWithSecrets | null> {\n const doc = await this.authModel\n .findOne(this.identifierQuery(identifier))\n .select(\"+passwordHash +refreshTokenHash\")\n .exec();\n return doc != null ? toAccountWithSecrets(doc) : null;\n }\n\n async findById(id: string): Promise<BaseAuthAccount | null> {\n if (!Types.ObjectId.isValid(id)) return null;\n const doc = await this.authModel.findById(id).exec();\n return doc != null ? toAccount(doc) : null;\n }\n\n async findByIdWithSecrets(id: string): Promise<AuthAccountWithSecrets | null> {\n if (!Types.ObjectId.isValid(id)) return null;\n const doc = await this.authModel\n .findById(id)\n .select(\"+passwordHash +refreshTokenHash\")\n .exec();\n return doc != null ? toAccountWithSecrets(doc) : null;\n }\n\n async updateRefreshTokenHash(\n id: string,\n hash: string | null,\n ): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n await this.authModel\n .updateOne({ _id: id }, { $set: { refreshTokenHash: hash } })\n .exec();\n }\n\n async updatePasswordHash(id: string, passwordHash: string): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n await this.authModel\n .updateOne(\n { _id: id },\n { $set: { passwordHash, passwordChangedAt: new Date() } },\n )\n .exec();\n }\n\n async setEmailVerificationToken(\n id: string,\n tokenHash: string,\n expiresAt: Date,\n ): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n await this.authModel\n .updateOne(\n { _id: id },\n {\n $set: {\n emailVerificationTokenHash: tokenHash,\n emailVerificationExpiresAt: expiresAt,\n },\n },\n )\n .exec();\n }\n\n async findByEmailVerificationTokenHash(\n tokenHash: string,\n ): Promise<BaseAuthAccount | null> {\n const doc = await this.authModel\n .findOne({\n emailVerificationTokenHash: tokenHash,\n emailVerificationExpiresAt: { $gt: new Date() },\n })\n .select(\"+emailVerificationTokenHash\")\n .exec();\n return doc != null ? toAccount(doc) : null;\n }\n\n async markEmailVerified(id: string): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n await this.authModel\n .updateOne(\n { _id: id },\n {\n $set: { emailVerified: true },\n $unset: {\n emailVerificationTokenHash: \"\",\n emailVerificationExpiresAt: \"\",\n },\n },\n )\n .exec();\n }\n\n async setResetToken(\n id: string,\n tokenHash: string,\n expiresAt: Date,\n ): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n await this.authModel\n .updateOne(\n { _id: id },\n { $set: { resetTokenHash: tokenHash, resetTokenExpiresAt: expiresAt } },\n )\n .exec();\n }\n\n async findByResetTokenHash(\n tokenHash: string,\n ): Promise<AuthAccountWithSecrets | null> {\n const doc = await this.authModel\n .findOne({\n resetTokenHash: tokenHash,\n resetTokenExpiresAt: { $gt: new Date() },\n })\n .select(\"+passwordHash +resetTokenHash\")\n .exec();\n return doc != null ? toAccountWithSecrets(doc) : null;\n }\n\n async clearResetToken(id: string): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n await this.authModel\n .updateOne(\n { _id: id },\n { $unset: { resetTokenHash: \"\", resetTokenExpiresAt: \"\" } },\n )\n .exec();\n }\n\n async recordLoginSuccess(id: string): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n await this.authModel\n .updateOne(\n { _id: id },\n {\n $set: {\n lastLoginAt: new Date(),\n failedLoginAttempts: 0,\n lockedUntil: null,\n },\n },\n )\n .exec();\n }\n\n async recordLoginFailure(\n id: string,\n lockout?: AuthLockoutOptions,\n ): Promise<void> {\n if (!Types.ObjectId.isValid(id)) return;\n\n const maxAttempts = lockout?.maxAttempts ?? DEFAULT_LOCKOUT_MAX_ATTEMPTS;\n const lockoutDurationMs =\n lockout?.lockoutDurationMs ?? DEFAULT_LOCKOUT_DURATION_MS;\n\n const doc = await this.authModel\n .findById(id)\n .select(\"failedLoginAttempts\")\n .exec();\n if (doc == null) return;\n\n const attempts = (doc.failedLoginAttempts ?? 0) + 1;\n const update: Record<string, unknown> = { failedLoginAttempts: attempts };\n\n if (attempts >= maxAttempts) {\n update.lockedUntil = new Date(Date.now() + lockoutDurationMs);\n }\n\n await this.authModel.updateOne({ _id: id }, { $set: update }).exec();\n }\n\n private identifierQuery(identifier: string) {\n const normalized = normalizeIdentifier(identifier);\n return this.identifierField === \"email\"\n ? { email: normalized }\n : { username: normalized };\n }\n}\n","import { Prop, Schema, SchemaFactory } from \"@nestjs/mongoose\";\nimport type { HydratedDocument } from \"mongoose\";\n\nexport const BASE_AUTH_ACCOUNT_MODEL = \"AuthAccount\";\n\n@Schema({\n timestamps: true,\n collection: \"auth_accounts\",\n})\nexport class BaseAuthAccountSchema {\n @Prop({ type: String, required: false, trim: true, lowercase: true })\n email?: string;\n\n @Prop({ type: String, required: false, trim: true, lowercase: true })\n username?: string;\n\n @Prop({ type: String, required: true, select: false })\n passwordHash!: string;\n\n @Prop({ type: String, required: false, select: false, default: null })\n refreshTokenHash?: string | null;\n\n @Prop({ type: Boolean, default: false })\n emailVerified!: boolean;\n\n @Prop({ type: Boolean, default: false })\n disabled!: boolean;\n\n @Prop({ type: String, required: false, select: false })\n emailVerificationTokenHash?: string;\n\n @Prop({ type: Date, required: false })\n emailVerificationExpiresAt?: Date;\n\n @Prop({ type: String, required: false, select: false })\n resetTokenHash?: string;\n\n @Prop({ type: Date, required: false })\n resetTokenExpiresAt?: Date;\n\n @Prop({ type: Number, default: 0 })\n failedLoginAttempts!: number;\n\n @Prop({ type: Date, required: false, default: null })\n lockedUntil?: Date | null;\n\n @Prop({ type: Date, required: false })\n lastLoginAt?: Date;\n\n @Prop({ type: Date, required: false })\n passwordChangedAt?: Date;\n\n createdAt!: Date;\n updatedAt!: Date;\n}\n\nexport type BaseAuthAccountDocument = HydratedDocument<BaseAuthAccountSchema>;\n\nexport const baseAuthAccountSchema =\n SchemaFactory.createForClass(BaseAuthAccountSchema);\n\nbaseAuthAccountSchema.index(\n { email: 1 },\n {\n unique: true,\n partialFilterExpression: { email: { $type: \"string\" } },\n },\n);\n\nbaseAuthAccountSchema.index(\n { username: 1 },\n {\n unique: true,\n partialFilterExpression: { username: { $type: \"string\" } },\n },\n);\n\nbaseAuthAccountSchema.index({ emailVerificationTokenHash: 1 });\nbaseAuthAccountSchema.index({ resetTokenHash: 1 });\nbaseAuthAccountSchema.index({ emailVerificationExpiresAt: 1 });\nbaseAuthAccountSchema.index({ resetTokenExpiresAt: 1 });\n","import { DynamicModule, Module } from \"@nestjs/common\";\nimport { getModelToken } from \"@nestjs/mongoose\";\nimport { MongooseModule } from \"@nestjs/mongoose\";\nimport type { Model, Schema } from \"mongoose\";\n\nimport { AUTH_MODULE_OPTIONS, AUTH_REPOSITORY } from \"../constants/tokens\";\nimport type { AuthIdentifierField } from \"../interfaces/auth-config.interface\";\nimport type { AuthModuleOptions } from \"../interfaces/auth-config.interface\";\nimport { MongoAuthRepository } from \"./mongo-auth.repository\";\nimport {\n BASE_AUTH_ACCOUNT_MODEL,\n baseAuthAccountSchema,\n type BaseAuthAccountDocument,\n} from \"./schemas/base-auth-account.schema\";\n\nexport interface MongoAuthFeatureOptions {\n /** Mongoose model name. Default: `AuthAccount`. */\n name?: string;\n /** Custom schema (e.g. extended with orgId, roleId). Default: base auth schema. */\n schema?: Schema;\n /** Identifier field when AuthModule options are not yet available. Default: `email`. */\n identifierField?: AuthIdentifierField;\n}\n\n@Module({})\nexport class MongoAuthModule {\n static forFeature(options?: MongoAuthFeatureOptions): DynamicModule {\n const name = options?.name ?? BASE_AUTH_ACCOUNT_MODEL;\n const schema = options?.schema ?? baseAuthAccountSchema;\n const identifierField = options?.identifierField ?? \"email\";\n\n return {\n module: MongoAuthModule,\n imports: [MongooseModule.forFeature([{ name, schema }])],\n providers: [\n {\n provide: MongoAuthRepository,\n useFactory: (\n model: Model<BaseAuthAccountDocument>,\n authOptions?: AuthModuleOptions,\n ) =>\n new MongoAuthRepository(\n model,\n authOptions?.identifierField ?? identifierField,\n ),\n inject: [\n getModelToken(name),\n { token: AUTH_MODULE_OPTIONS, optional: true },\n ],\n },\n {\n provide: AUTH_REPOSITORY,\n useExisting: MongoAuthRepository,\n },\n ],\n exports: [AUTH_REPOSITORY, MongooseModule],\n };\n }\n}"]}
|
package/dist/mongo/index.d.cts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { DynamicModule } from '@nestjs/common';
|
|
2
2
|
import * as mongoose from 'mongoose';
|
|
3
3
|
import { Schema, HydratedDocument, Model } from 'mongoose';
|
|
4
|
-
import { f as AuthIdentifierField, I as IAuthRepository, C as CreateAccountData, B as BaseAuthAccount, d as AuthAccountWithSecrets } from '../auth-repository.interface-
|
|
4
|
+
import { f as AuthIdentifierField, I as IAuthRepository, C as CreateAccountData, B as BaseAuthAccount, d as AuthAccountWithSecrets, h as AuthLockoutOptions } from '../auth-repository.interface-9PpDVOs8.cjs';
|
|
5
5
|
|
|
6
6
|
interface MongoAuthFeatureOptions {
|
|
7
7
|
/** Mongoose model name. Default: `AuthAccount`. */
|
|
@@ -27,6 +27,10 @@ declare class BaseAuthAccountSchema {
|
|
|
27
27
|
emailVerificationExpiresAt?: Date;
|
|
28
28
|
resetTokenHash?: string;
|
|
29
29
|
resetTokenExpiresAt?: Date;
|
|
30
|
+
failedLoginAttempts: number;
|
|
31
|
+
lockedUntil?: Date | null;
|
|
32
|
+
lastLoginAt?: Date;
|
|
33
|
+
passwordChangedAt?: Date;
|
|
30
34
|
createdAt: Date;
|
|
31
35
|
updatedAt: Date;
|
|
32
36
|
}
|
|
@@ -59,6 +63,8 @@ declare class MongoAuthRepository implements IAuthRepository {
|
|
|
59
63
|
setResetToken(id: string, tokenHash: string, expiresAt: Date): Promise<void>;
|
|
60
64
|
findByResetTokenHash(tokenHash: string): Promise<AuthAccountWithSecrets | null>;
|
|
61
65
|
clearResetToken(id: string): Promise<void>;
|
|
66
|
+
recordLoginSuccess(id: string): Promise<void>;
|
|
67
|
+
recordLoginFailure(id: string, lockout?: AuthLockoutOptions): Promise<void>;
|
|
62
68
|
private identifierQuery;
|
|
63
69
|
}
|
|
64
70
|
|
package/dist/mongo/index.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { DynamicModule } from '@nestjs/common';
|
|
2
2
|
import * as mongoose from 'mongoose';
|
|
3
3
|
import { Schema, HydratedDocument, Model } from 'mongoose';
|
|
4
|
-
import { f as AuthIdentifierField, I as IAuthRepository, C as CreateAccountData, B as BaseAuthAccount, d as AuthAccountWithSecrets } from '../auth-repository.interface-
|
|
4
|
+
import { f as AuthIdentifierField, I as IAuthRepository, C as CreateAccountData, B as BaseAuthAccount, d as AuthAccountWithSecrets, h as AuthLockoutOptions } from '../auth-repository.interface-9PpDVOs8.js';
|
|
5
5
|
|
|
6
6
|
interface MongoAuthFeatureOptions {
|
|
7
7
|
/** Mongoose model name. Default: `AuthAccount`. */
|
|
@@ -27,6 +27,10 @@ declare class BaseAuthAccountSchema {
|
|
|
27
27
|
emailVerificationExpiresAt?: Date;
|
|
28
28
|
resetTokenHash?: string;
|
|
29
29
|
resetTokenExpiresAt?: Date;
|
|
30
|
+
failedLoginAttempts: number;
|
|
31
|
+
lockedUntil?: Date | null;
|
|
32
|
+
lastLoginAt?: Date;
|
|
33
|
+
passwordChangedAt?: Date;
|
|
30
34
|
createdAt: Date;
|
|
31
35
|
updatedAt: Date;
|
|
32
36
|
}
|
|
@@ -59,6 +63,8 @@ declare class MongoAuthRepository implements IAuthRepository {
|
|
|
59
63
|
setResetToken(id: string, tokenHash: string, expiresAt: Date): Promise<void>;
|
|
60
64
|
findByResetTokenHash(tokenHash: string): Promise<AuthAccountWithSecrets | null>;
|
|
61
65
|
clearResetToken(id: string): Promise<void>;
|
|
66
|
+
recordLoginSuccess(id: string): Promise<void>;
|
|
67
|
+
recordLoginFailure(id: string, lockout?: AuthLockoutOptions): Promise<void>;
|
|
62
68
|
private identifierQuery;
|
|
63
69
|
}
|
|
64
70
|
|