@checkfirst/nestjs-outlook 3.0.0 → 4.0.0

package/README.md

@@ -16,11 +16,11 @@ An opinionated NestJS module for Microsoft Outlook integration that provides eas
 
 ## Features
 
-- 🔄 Simplified Microsoft OAuth flow
-- 📅 Calendar events management
-- 📧 Email sending capabilities
-- 🔔 Real-time webhooks for changes
-- 🔐 Secure token storage and refresh
+- 🔗 Simple Microsoft authentication integration
+- 📅 Calendar management (create/update/delete events)
+- 📧 Email sending with rich content
+- 🔔 Real-time notifications via webhooks
+- 🔍 Event-driven architecture for easy integration
 
 ## Installation
 
@@ -32,66 +32,42 @@ npm install @checkfirst/nestjs-outlook
 
 ### 1. Database Setup
 
-This library requires two database tables in your application's database. Create these tables using a migration:
+This library requires database tables to store authentication and subscription data. You can use the built-in migrations to set up these tables automatically.
+
+For details, see the [Migration Guide](src/migrations/README.md).
+
+Alternatively, you can create the tables manually based on your database dialect (PostgreSQL, MySQL, etc.):
 
 ```typescript
 import { MigrationInterface, QueryRunner } from 'typeorm';
 
 export class CreateOutlookTables1697025846000 implements MigrationInterface {
   public async up(queryRunner: QueryRunner): Promise<void> {
-    // Create outlook_webhook_subscriptions table
-    await queryRunner.query(`
-      CREATE TABLE outlook_webhook_subscriptions (
-        id INTEGER PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
-        subscription_id VARCHAR(255) NOT NULL,
-        user_id INTEGER NOT NULL,
-        resource VARCHAR(255) NOT NULL,
-        change_type VARCHAR(255) NOT NULL,
-        client_state VARCHAR(255) NOT NULL,
-        notification_url VARCHAR(255) NOT NULL,
-        expiration_date_time TIMESTAMP NOT NULL,
-        is_active BOOLEAN DEFAULT true,
-        access_token TEXT,
-        refresh_token TEXT,
-        created_at TIMESTAMP DEFAULT NOW() NOT NULL,
-        updated_at TIMESTAMP DEFAULT NOW() NOT NULL
-      );
-    `);
-
-    // Create microsoft_csrf_tokens table
-    await queryRunner.query(`
-      CREATE TABLE microsoft_csrf_tokens (
-        id INTEGER PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
-        token VARCHAR(64) NOT NULL,
-        user_id VARCHAR(255) NOT NULL,
-        expires TIMESTAMP NOT NULL,
-        created_at TIMESTAMP DEFAULT NOW() NOT NULL,
-        CONSTRAINT "UQ_microsoft_csrf_tokens_token" UNIQUE (token)
-      );
-    `);
+    // Create required tables for webhooks, authentication, and user data
+    // See the Migration Guide for details
   }
 
   public async down(queryRunner: QueryRunner): Promise<void> {
+    // Drop tables in reverse order
     await queryRunner.query(`DROP TABLE IF EXISTS outlook_webhook_subscriptions`);
     await queryRunner.query(`DROP TABLE IF EXISTS microsoft_csrf_tokens`);
+    await queryRunner.query(`DROP TABLE IF EXISTS microsoft_users`);
   }
 }
 ```
 
-You can customize this migration to match your database dialect (PostgreSQL, MySQL, etc.) if needed.
-
 ### 2. Microsoft App Registration
 
-Register your application in the Azure Portal to get a client ID and secret:
+Register your application with Microsoft to get the necessary credentials:
 
 1. Go to the [Azure Portal](https://portal.azure.com/)
 2. Navigate to Azure Active Directory > App registrations
 3. Create a new registration
-4. Configure redirects to include your callback URL
-5. Add the following Microsoft Graph API permissions:
-   - `Calendars.ReadWrite` - For calendar operations
-   - `Mail.Send` - For sending emails
-   - `offline_access` - For refresh tokens
+4. Configure redirects to include your callback URL (e.g., `https://your-api.example.com/auth/microsoft/callback`)
+5. Add Microsoft Graph API permissions based on what features you need:
+   - `Calendars.ReadWrite` - For calendar features
+   - `Mail.Send` - For email features
+   - `offline_access` - Required for all applications
 
 ### 3. Import Required Modules
 
@@ -142,7 +118,7 @@ The library provides a MicrosoftAuthController for handling authentication, but
 
 ```typescript
 import { Controller, Get, Req } from '@nestjs/common';
-import { MicrosoftAuthService } from '@checkfirst/nestjs-outlook';
+import { MicrosoftAuthService, PermissionScope } from '@checkfirst/nestjs-outlook';
 
 @Controller('auth')
 export class AuthController {
@@ -155,37 +131,63 @@ export class AuthController {
     // In a real application, get the user ID from your authentication system
     const userId = req.user?.id.toString() || '1';
         
-    // Get the login URL from the Microsoft auth service
-    return await this.microsoftAuthService.getLoginUrl(userId);
+    // Get the login URL with specific permission scopes
+    return await this.microsoftAuthService.getLoginUrl(userId, [
+      PermissionScope.CALENDAR_READ,
+      PermissionScope.EMAIL_READ,
+      PermissionScope.EMAIL_SEND
+    ]);
   }
 }
 ```
 
-## Available Services and Controllers
+## Permission Scopes
 
-The library provides specialized services and controllers for Microsoft Graph API operations:
+You can request specific Microsoft permissions based on what your application needs:
 
-### 1. MicrosoftAuthService and MicrosoftAuthController
+```typescript
+import { PermissionScope } from '@checkfirst/nestjs-outlook';
+
+// Available permission scopes:
+PermissionScope.CALENDAR_READ      // Read-only access to calendars
+PermissionScope.CALENDAR_WRITE     // Read-write access to calendars
+PermissionScope.EMAIL_READ         // Read-only access to emails
+PermissionScope.EMAIL_WRITE        // Read-write access to emails
+PermissionScope.EMAIL_SEND         // Permission to send emails
+```
 
-Handle authentication, token management, and OAuth flow:
+When getting a login URL, specify which permissions you need:
 
 ```typescript
-// Initiate the OAuth flow - redirects user to Microsoft login
-const loginUrl = await microsoftAuthService.getLoginUrl(userId);
+// For a calendar-only app
+const loginUrl = await microsoftAuthService.getLoginUrl(userId, [
+  PermissionScope.CALENDAR_READ
+]);
+
+// For an email-only app
+const loginUrl = await microsoftAuthService.getLoginUrl(userId, [
+  PermissionScope.EMAIL_SEND
+]);
+```
 
-// Exchange OAuth code for tokens (used in callback endpoint)
-const tokens = await microsoftAuthService.exchangeCodeForToken(code, state);
+## Available Services and Controllers
+
+The library provides specialized services and controllers for Microsoft integration:
 
-// Refresh an expired access token
-const newTokens = await microsoftAuthService.refreshAccessToken(refreshToken, userId);
+### 1. MicrosoftAuthService and MicrosoftAuthController
 
-// Check if a token is expired
-const isExpired = microsoftAuthService.isTokenExpired(tokenExpiryDate);
+Handles the authentication flow with Microsoft:
+
+```typescript
+// Get a login URL to redirect your user to Microsoft's OAuth page
+const loginUrl = await microsoftAuthService.getLoginUrl(userId);
 ```
 
+After the user authenticates with Microsoft, they'll be redirected to your callback URL where you can complete the process.
+
 ### 2. CalendarService and CalendarController
 
-Manage calendar operations with Microsoft Graph API:
+Manage calendar operations:
 
 ```typescript
 // Create a calendar event
@@ -201,27 +203,22 @@ const event = {
   },
 };
 
+// Create the event
 const result = await calendarService.createEvent(
   event,
-  accessToken,
-  refreshToken,
-  tokenExpiry,
-  userId,
+  externalUserId,
   calendarId
 );
 
 // Get user's default calendar ID
-const calendarId = await calendarService.getDefaultCalendarId(accessToken);
-
-// Create webhook subscription for calendar events
-await calendarService.createWebhookSubscription(userId, accessToken, refreshToken);
+const calendarId = await calendarService.getDefaultCalendarId(externalUserId);
 ```
 
 The CalendarController provides a webhook endpoint at `/calendar/webhook` for receiving notifications from Microsoft Graph about calendar changes.
 
 ### 3. EmailService
 
-Provides email sending capabilities via Microsoft Graph API:
+Send emails:
 
 ```typescript
 // Create email message
@@ -243,63 +240,46 @@ const message = {
 // Send the email
 const result = await emailService.sendEmail(
   message,
-  accessToken,
-  refreshToken,
-  tokenExpiry,
-  userId
+  externalUserId
 );
 ```
 
 ## Events
 
-The library uses NestJS's EventEmitter to emit events for various Outlook activities. You can listen to these events in your application to react to changes.
+The library emits events for various Microsoft activities that you can listen to in your application.
 
 ### Available Events
 
-The library exposes event types through the `OutlookEventTypes` enum:
-
-- `OutlookEventTypes.AUTH_TOKENS_SAVE` - Emitted when OAuth tokens are initially saved
-- `OutlookEventTypes.AUTH_TOKENS_UPDATE` - Emitted when OAuth tokens are refreshed
-- `OutlookEventTypes.EVENT_CREATED` - Emitted when a new Outlook calendar event is created via webhook
-- `OutlookEventTypes.EVENT_UPDATED` - Emitted when an Outlook calendar event is updated via webhook
-- `OutlookEventTypes.EVENT_DELETED` - Emitted when an Outlook calendar event is deleted via webhook
+- `USER_AUTHENTICATED` - When a user completes authentication with Microsoft
+- `EVENT_CREATED` - When a new calendar event is created 
+- `EVENT_UPDATED` - When a calendar event is updated
+- `EVENT_DELETED` - When a calendar event is deleted
+- `EMAIL_RECEIVED` - When a new email is received
+- `EMAIL_UPDATED` - When an email is updated
+- `EMAIL_DELETED` - When an email is deleted
 
 ### Listening to Events
 
-You can listen to these events in your application using the `@OnEvent` decorator from `@nestjs/event-emitter` and the `OutlookEventTypes` enum:
-
 ```typescript
 import { Injectable } from '@nestjs/common';
 import { OnEvent } from '@nestjs/event-emitter';
-import { OutlookEventTypes, OutlookResourceData, TokenResponse } from '@checkfirst/nestjs-outlook';
+import { OutlookEventTypes, OutlookResourceData } from '@checkfirst/nestjs-outlook';
 
 @Injectable()
 export class YourService {
-  // Handle token save event
-  @OnEvent(OutlookEventTypes.AUTH_TOKENS_SAVE)
-  async handleAuthTokensSave(userId: string, tokenData: TokenResponse) {
-    console.log(`Saving new tokens for user ${userId}`);
-    // Save tokens to your database
+  // Handle user authentication event
+  @OnEvent(OutlookEventTypes.USER_AUTHENTICATED)
+  async handleUserAuthenticated(externalUserId: string, data: { externalUserId: string, scopes: string[] }) {
+    console.log(`User ${externalUserId} authenticated with Microsoft`);
+    // Perform any custom logic needed when a user authenticates
   }
 
   // Handle calendar events
   @OnEvent(OutlookEventTypes.EVENT_CREATED)
   handleOutlookEventCreated(data: OutlookResourceData) {
-    console.log('New Outlook event created:', data.id);
+    console.log('New calendar event created:', data.id);
     // Handle the new event
   }
-
-  @OnEvent(OutlookEventTypes.EVENT_UPDATED)
-  handleOutlookEventUpdated(data: OutlookResourceData) {
-    console.log('Outlook event updated:', data.id);
-    // Handle the updated event
-  }
-
-  @OnEvent(OutlookEventTypes.EVENT_DELETED)
-  handleOutlookEventDeleted(data: OutlookResourceData) {
-    console.log('Outlook event deleted:', data.id);
-    // Handle the deleted event
-  }
 }
 ```
 

package/dist/controllers/microsoft-auth.controller.d.ts

@@ -2,6 +2,7 @@ import { Response } from 'express';
 import { MicrosoftAuthService } from '../services/auth/microsoft-auth.service';
 export declare class MicrosoftAuthController {
     private readonly microsoftAuthService;
+    private readonly logger;
     constructor(microsoftAuthService: MicrosoftAuthService);
-    callback(code: string, state: string, res: Response): Promise<Response<any, Record<string, any>>>;
+    handleOauthCallback(code: string, state: string, res: Response): Promise<Response<any, Record<string, any>>>;
 }

package/dist/controllers/microsoft-auth.controller.js

@@ -11,23 +11,23 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 var __param = (this && this.__param) || function (paramIndex, decorator) {
     return function (target, key) { decorator(target, key, paramIndex); }
 };
+var MicrosoftAuthController_1;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.MicrosoftAuthController = void 0;
 const common_1 = require("@nestjs/common");
 const swagger_1 = require("@nestjs/swagger");
 const microsoft_auth_service_1 = require("../services/auth/microsoft-auth.service");
-let MicrosoftAuthController = class MicrosoftAuthController {
+let MicrosoftAuthController = MicrosoftAuthController_1 = class MicrosoftAuthController {
     constructor(microsoftAuthService) {
         this.microsoftAuthService = microsoftAuthService;
+        this.logger = new common_1.Logger(MicrosoftAuthController_1.name);
     }
-    async callback(code, state, res) {
-        if (!code) {
-            throw new common_1.BadRequestException('No code provided');
-        }
-        if (!state) {
-            throw new common_1.BadRequestException('No state parameter provided');
-        }
+    async handleOauthCallback(code, state, res) {
         try {
+            if (!code || !state) {
+                this.logger.error('Missing required parameters for OAuth callback');
+                return res.status(common_1.HttpStatus.BAD_REQUEST).send('Missing required parameters');
+            }
             await this.microsoftAuthService.exchangeCodeForToken(code, state);
             return res.status(common_1.HttpStatus.OK).send(`
         <h1>Authorization successful!</h1>
@@ -42,8 +42,10 @@ let MicrosoftAuthController = class MicrosoftAuthController {
       `);
         }
         catch (error) {
-            console.error('Authentication failed:', error);
-            throw new common_1.InternalServerErrorException('Authentication failed. Please try again.');
+            this.logger.error('Error handling OAuth callback:', error);
+            return res
+                .status(common_1.HttpStatus.INTERNAL_SERVER_ERROR)
+                .send('An error occurred during authentication');
         }
     }
 };
@@ -92,8 +94,8 @@ __decorate([
     __metadata("design:type", Function),
     __metadata("design:paramtypes", [String, String, Object]),
     __metadata("design:returntype", Promise)
-], MicrosoftAuthController.prototype, "callback", null);
-exports.MicrosoftAuthController = MicrosoftAuthController = __decorate([
+], MicrosoftAuthController.prototype, "handleOauthCallback", null);
+exports.MicrosoftAuthController = MicrosoftAuthController = MicrosoftAuthController_1 = __decorate([
     (0, swagger_1.ApiTags)('Microsoft Auth'),
     (0, common_1.Controller)('auth/microsoft'),
     __metadata("design:paramtypes", [microsoft_auth_service_1.MicrosoftAuthService])

package/dist/controllers/microsoft-auth.controller.js.map

@@ -1 +1 @@
-{"version":3,"file":"microsoft-auth.controller.js","sourceRoot":"","sources":["../../src/controllers/microsoft-auth.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAQwB;AAExB,6CAA4F;AAC5F,oFAA+E;AAIxE,IAAM,uBAAuB,GAA7B,MAAM,uBAAuB;IAClC,YAA6B,oBAA0C;QAA1C,yBAAoB,GAApB,oBAAoB,CAAsB;IAAG,CAAC;IA4DrE,AAAN,KAAK,CAAC,QAAQ,CAAgB,IAAY,EAAkB,KAAa,EAAS,GAAa;QAC7F,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,4BAAmB,CAAC,kBAAkB,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,4BAAmB,CAAC,6BAA6B,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,oBAAoB,CAAC,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAGlE,OAAO,GAAG,CAAC,MAAM,CAAC,mBAAU,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC;;;;;;;;;;OAUrC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;YAC/C,MAAM,IAAI,qCAA4B,CAAC,0CAA0C,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;CACF,CAAA;AA1FY,0DAAuB;AA6D5B;IAvCL,IAAA,YAAG,EAAC,UAAU,CAAC;IACf,IAAA,sBAAY,EAAC;QACZ,OAAO,EAAE,kCAAkC;QAC3C,WAAW,EACT,2QAA2Q;KAC9Q,CAAC;IACD,IAAA,kBAAQ,EAAC;QACR,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,mCAAmC;QAChD,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,+CAA+C;KACzD,CAAC;IACD,IAAA,kBAAQ,EAAC;QACR,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,wDAAwD;QACrE,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,yCAAyC;KACnD,CAAC;IACD,IAAA,qBAAW,EAAC;QACX,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,8DAA8D;QAC3E,OAAO,EAAE;YACP,WAAW,EAAE;gBACX,OAAO,EACL,+FAA+F;aAClG;SACF;KACF,CAAC;IACD,IAAA,qBAAW,EAAC;QACX,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,0CAA0C;KACxD,CAAC;IACD,IAAA,qBAAW,EAAC;QACX,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,4CAA4C;KAC1D,CAAC;IACD,IAAA,qBAAW,EAAC,WAAW,CAAC;IACT,WAAA,IAAA,cAAK,EAAC,MAAM,CAAC,CAAA;IAAgB,WAAA,IAAA,cAAK,EAAC,OAAO,CAAC,CAAA;IAAiB,WAAA,IAAA,YAAG,GAAE,CAAA;;;;uDA4BhF;kCAzFU,uBAAuB;IAFnC,IAAA,iBAAO,EAAC,gBAAgB,CAAC;IACzB,IAAA,mBAAU,EAAC,gBAAgB,CAAC;qCAEwB,6CAAoB;GAD5D,uBAAuB,CA0FnC"}
+{"version":3,"file":"microsoft-auth.controller.js","sourceRoot":"","sources":["../../src/controllers/microsoft-auth.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAiF;AAEjF,6CAA4F;AAC5F,oFAA+E;AAIxE,IAAM,uBAAuB,+BAA7B,MAAM,uBAAuB;IAGlC,YAA6B,oBAA0C;QAA1C,yBAAoB,GAApB,oBAAoB,CAAsB;QAFtD,WAAM,GAAG,IAAI,eAAM,CAAC,yBAAuB,CAAC,IAAI,CAAC,CAAC;IAEO,CAAC;IA4DrE,AAAN,KAAK,CAAC,mBAAmB,CACR,IAAY,EACX,KAAa,EACtB,GAAa;QAEpB,IAAI,CAAC;YACH,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACpB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;gBACpE,OAAO,GAAG,CAAC,MAAM,CAAC,mBAAU,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;YAChF,CAAC;YAGD,MAAM,IAAI,CAAC,oBAAoB,CAAC,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAGlE,OAAO,GAAG,CAAC,MAAM,CAAC,mBAAU,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC;;;;;;;;;;OAUrC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE,KAAK,CAAC,CAAC;YAC3D,OAAO,GAAG;iBACP,MAAM,CAAC,mBAAU,CAAC,qBAAqB,CAAC;iBACxC,IAAI,CAAC,yCAAyC,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;CACF,CAAA;AAhGY,0DAAuB;AA+D5B;IAvCL,IAAA,YAAG,EAAC,UAAU,CAAC;IACf,IAAA,sBAAY,EAAC;QACZ,OAAO,EAAE,kCAAkC;QAC3C,WAAW,EACT,2QAA2Q;KAC9Q,CAAC;IACD,IAAA,kBAAQ,EAAC;QACR,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,mCAAmC;QAChD,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,+CAA+C;KACzD,CAAC;IACD,IAAA,kBAAQ,EAAC;QACR,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,wDAAwD;QACrE,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,yCAAyC;KACnD,CAAC;IACD,IAAA,qBAAW,EAAC;QACX,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,8DAA8D;QAC3E,OAAO,EAAE;YACP,WAAW,EAAE;gBACX,OAAO,EACL,+FAA+F;aAClG;SACF;KACF,CAAC;IACD,IAAA,qBAAW,EAAC;QACX,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,0CAA0C;KACxD,CAAC;IACD,IAAA,qBAAW,EAAC;QACX,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,4CAA4C;KAC1D,CAAC;IACD,IAAA,qBAAW,EAAC,WAAW,CAAC;IAEtB,WAAA,IAAA,cAAK,EAAC,MAAM,CAAC,CAAA;IACb,WAAA,IAAA,cAAK,EAAC,OAAO,CAAC,CAAA;IACd,WAAA,IAAA,YAAG,GAAE,CAAA;;;;kEA6BP;kCA/FU,uBAAuB;IAFnC,IAAA,iBAAO,EAAC,gBAAgB,CAAC;IACzB,IAAA,mBAAU,EAAC,gBAAgB,CAAC;qCAIwB,6CAAoB;GAH5D,uBAAuB,CAgGnC"}

package/dist/entities/microsoft-user.entity.d.ts

@@ -0,0 +1,11 @@
+export declare class MicrosoftUser {
+    id: number;
+    externalUserId: string;
+    accessToken: string;
+    refreshToken: string;
+    tokenExpiry: Date;
+    scopes: string;
+    isActive: boolean;
+    createdAt: Date;
+    updatedAt: Date;
+}

package/dist/entities/microsoft-user.entity.js

@@ -0,0 +1,67 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MicrosoftUser = void 0;
+const typeorm_1 = require("typeorm");
+let MicrosoftUser = class MicrosoftUser {
+    constructor() {
+        this.externalUserId = '';
+        this.accessToken = '';
+        this.refreshToken = '';
+        this.tokenExpiry = new Date();
+        this.scopes = '';
+        this.isActive = true;
+        this.createdAt = new Date();
+        this.updatedAt = new Date();
+    }
+};
+exports.MicrosoftUser = MicrosoftUser;
+__decorate([
+    (0, typeorm_1.PrimaryGeneratedColumn)('increment'),
+    __metadata("design:type", Number)
+], MicrosoftUser.prototype, "id", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ name: 'external_user_id' }),
+    (0, typeorm_1.Index)(),
+    __metadata("design:type", String)
+], MicrosoftUser.prototype, "externalUserId", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ name: 'access_token', type: 'text' }),
+    __metadata("design:type", String)
+], MicrosoftUser.prototype, "accessToken", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ name: 'refresh_token', type: 'text' }),
+    __metadata("design:type", String)
+], MicrosoftUser.prototype, "refreshToken", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ name: 'token_expiry', type: 'datetime' }),
+    __metadata("design:type", Date)
+], MicrosoftUser.prototype, "tokenExpiry", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ name: 'scopes', type: 'text' }),
+    __metadata("design:type", String)
+], MicrosoftUser.prototype, "scopes", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ name: 'is_active', default: true }),
+    __metadata("design:type", Boolean)
+], MicrosoftUser.prototype, "isActive", void 0);
+__decorate([
+    (0, typeorm_1.CreateDateColumn)({ name: 'created_at' }),
+    __metadata("design:type", Date)
+], MicrosoftUser.prototype, "createdAt", void 0);
+__decorate([
+    (0, typeorm_1.UpdateDateColumn)({ name: 'updated_at' }),
+    __metadata("design:type", Date)
+], MicrosoftUser.prototype, "updatedAt", void 0);
+exports.MicrosoftUser = MicrosoftUser = __decorate([
+    (0, typeorm_1.Entity)('microsoft_users')
+], MicrosoftUser);
+//# sourceMappingURL=microsoft-user.entity.js.map

package/dist/entities/microsoft-user.entity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"microsoft-user.entity.js","sourceRoot":"","sources":["../../src/entities/microsoft-user.entity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAOiB;AAQV,IAAM,aAAa,GAAnB,MAAM,aAAa;IAAnB;QAML,mBAAc,GAAW,EAAE,CAAC;QAG5B,gBAAW,GAAW,EAAE,CAAC;QAGzB,iBAAY,GAAW,EAAE,CAAC;QAG1B,gBAAW,GAAS,IAAI,IAAI,EAAE,CAAC;QAG/B,WAAM,GAAW,EAAE,CAAC;QAGpB,aAAQ,GAAY,IAAI,CAAC;QAGzB,cAAS,GAAS,IAAI,IAAI,EAAE,CAAC;QAG7B,cAAS,GAAS,IAAI,IAAI,EAAE,CAAC;IAC/B,CAAC;CAAA,CAAA;AA5BY,sCAAa;AAExB;IADC,IAAA,gCAAsB,EAAC,WAAW,CAAC;;yCACxB;AAIZ;IAFC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC;IACpC,IAAA,eAAK,GAAE;;qDACoB;AAG5B;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;;kDACtB;AAGzB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;;mDACtB;AAG1B;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;8BACtC,IAAI;kDAAc;AAG/B;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;;6CACrB;AAGpB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;;+CACpB;AAGzB;IADC,IAAA,0BAAgB,EAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;8BAC9B,IAAI;gDAAc;AAG7B;IADC,IAAA,0BAAgB,EAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;8BAC9B,IAAI;gDAAc;wBA3BlB,aAAa;IADzB,IAAA,gBAAM,EAAC,iBAAiB,CAAC;GACb,aAAa,CA4BzB"}

package/dist/entities/outlook-webhook-subscription.entity.d.ts

@@ -8,8 +8,6 @@ export declare class OutlookWebhookSubscription {
     notificationUrl: string;
     expirationDateTime: Date;
     isActive: boolean;
-    accessToken: string;
-    refreshToken: string;
     createdAt: Date;
     updatedAt: Date;
 }

package/dist/entities/outlook-webhook-subscription.entity.js

@@ -21,8 +21,6 @@ let OutlookWebhookSubscription = class OutlookWebhookSubscription {
         this.notificationUrl = '';
         this.expirationDateTime = new Date();
         this.isActive = true;
-        this.accessToken = '';
-        this.refreshToken = '';
         this.createdAt = new Date();
         this.updatedAt = new Date();
     }
@@ -64,14 +62,6 @@ __decorate([
     (0, typeorm_1.Column)({ name: 'is_active', default: true }),
     __metadata("design:type", Boolean)
 ], OutlookWebhookSubscription.prototype, "isActive", void 0);
-__decorate([
-    (0, typeorm_1.Column)({ name: 'access_token', type: 'text', nullable: true }),
-    __metadata("design:type", String)
-], OutlookWebhookSubscription.prototype, "accessToken", void 0);
-__decorate([
-    (0, typeorm_1.Column)({ name: 'refresh_token', type: 'text', nullable: true }),
-    __metadata("design:type", String)
-], OutlookWebhookSubscription.prototype, "refreshToken", void 0);
 __decorate([
     (0, typeorm_1.CreateDateColumn)({ name: 'created_at' }),
     __metadata("design:type", Date)

package/dist/entities/outlook-webhook-subscription.entity.js.map

@@ -1 +1 @@
-{"version":3,"file":"outlook-webhook-subscription.entity.js","sourceRoot":"","sources":["../../src/entities/outlook-webhook-subscription.entity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAMiB;AAGV,IAAM,0BAA0B,GAAhC,MAAM,0BAA0B;IAAhC;QAKL,mBAAc,GAAW,EAAE,CAAC;QAG5B,WAAM,GAAW,CAAC,CAAC;QAGnB,aAAQ,GAAW,EAAE,CAAC;QAGtB,eAAU,GAAW,EAAE,CAAC;QAGxB,gBAAW,GAAW,EAAE,CAAC;QAGzB,oBAAe,GAAW,EAAE,CAAC;QAG7B,uBAAkB,GAAS,IAAI,IAAI,EAAE,CAAC;QAGtC,aAAQ,GAAY,IAAI,CAAC;QAGzB,gBAAW,GAAW,EAAE,CAAC;QAGzB,iBAAY,GAAW,EAAE,CAAC;QAG1B,cAAS,GAAS,IAAI,IAAI,EAAE,CAAC;QAG7B,cAAS,GAAS,IAAI,IAAI,EAAE,CAAC;IAC/B,CAAC;CAAA,CAAA;AAvCY,gEAA0B;AAErC;IADC,IAAA,gCAAsB,EAAC,WAAW,CAAC;;sDACxB;AAGZ;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;;kEACnC;AAG5B;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;;0DACT;AAGnB;IADC,IAAA,gBAAM,EAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;;4DACF;AAGtB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;;8DACrB;AAGxB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;;+DACrB;AAGzB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;;mEACrB;AAG7B;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;8BACvC,IAAI;sEAAc;AAGtC;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;;4DACpB;AAGzB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;+DACtC;AAGzB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;gEACtC;AAG1B;IADC,IAAA,0BAAgB,EAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;8BAC9B,IAAI;6DAAc;AAG7B;IADC,IAAA,0BAAgB,EAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;8BAC9B,IAAI;6DAAc;qCAtClB,0BAA0B;IADtC,IAAA,gBAAM,EAAC,+BAA+B,CAAC;GAC3B,0BAA0B,CAuCtC"}
+{"version":3,"file":"outlook-webhook-subscription.entity.js","sourceRoot":"","sources":["../../src/entities/outlook-webhook-subscription.entity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAMiB;AAGV,IAAM,0BAA0B,GAAhC,MAAM,0BAA0B;IAAhC;QAKL,mBAAc,GAAW,EAAE,CAAC;QAG5B,WAAM,GAAW,CAAC,CAAC;QAGnB,aAAQ,GAAW,EAAE,CAAC;QAGtB,eAAU,GAAW,EAAE,CAAC;QAGxB,gBAAW,GAAW,EAAE,CAAC;QAGzB,oBAAe,GAAW,EAAE,CAAC;QAG7B,uBAAkB,GAAS,IAAI,IAAI,EAAE,CAAC;QAGtC,aAAQ,GAAY,IAAI,CAAC;QAGzB,cAAS,GAAS,IAAI,IAAI,EAAE,CAAC;QAG7B,cAAS,GAAS,IAAI,IAAI,EAAE,CAAC;IAC/B,CAAC;CAAA,CAAA;AAjCY,gEAA0B;AAErC;IADC,IAAA,gCAAsB,EAAC,WAAW,CAAC;;sDACxB;AAGZ;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;;kEACnC;AAG5B;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;;0DACT;AAGnB;IADC,IAAA,gBAAM,EAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;;4DACF;AAGtB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;;8DACrB;AAGxB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;;+DACrB;AAGzB;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;;mEACrB;AAG7B;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;8BACvC,IAAI;sEAAc;AAGtC;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;;4DACpB;AAGzB;IADC,IAAA,0BAAgB,EAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;8BAC9B,IAAI;6DAAc;AAG7B;IADC,IAAA,0BAAgB,EAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;8BAC9B,IAAI;6DAAc;qCAhClB,0BAA0B;IADtC,IAAA,gBAAM,EAAC,+BAA+B,CAAC;GAC3B,0BAA0B,CAiCtC"}

package/dist/{event-types.enum.d.ts → enums/event-types.enum.d.ts}

@@ -1,6 +1,5 @@
 export declare enum OutlookEventTypes {
-    AUTH_TOKENS_SAVE = "microsoft.auth.tokens.save",
-    AUTH_TOKENS_UPDATE = "microsoft.auth.tokens.update",
+    USER_AUTHENTICATED = "microsoft.auth.user.authenticated",
     EVENT_DELETED = "outlook.event.deleted",
     EVENT_CREATED = "outlook.event.created",
     EVENT_UPDATED = "outlook.event.updated",

package/dist/{event-types.enum.js → enums/event-types.enum.js}

@@ -3,8 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.OutlookEventTypes = void 0;
 var OutlookEventTypes;
 (function (OutlookEventTypes) {
-    OutlookEventTypes["AUTH_TOKENS_SAVE"] = "microsoft.auth.tokens.save";
-    OutlookEventTypes["AUTH_TOKENS_UPDATE"] = "microsoft.auth.tokens.update";
+    OutlookEventTypes["USER_AUTHENTICATED"] = "microsoft.auth.user.authenticated";
     OutlookEventTypes["EVENT_DELETED"] = "outlook.event.deleted";
     OutlookEventTypes["EVENT_CREATED"] = "outlook.event.created";
     OutlookEventTypes["EVENT_UPDATED"] = "outlook.event.updated";

package/dist/enums/event-types.enum.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"event-types.enum.js","sourceRoot":"","sources":["../../src/enums/event-types.enum.ts"],"names":[],"mappings":";;;AAGA,IAAY,iBAaX;AAbD,WAAY,iBAAiB;IAE3B,6EAAwD,CAAA;IAGxD,4DAAuC,CAAA;IACvC,4DAAuC,CAAA;IACvC,4DAAuC,CAAA;IAGvC,8DAAyC,CAAA;IACzC,4DAAuC,CAAA;IACvC,4DAAuC,CAAA;AACzC,CAAC,EAbW,iBAAiB,iCAAjB,iBAAiB,QAa5B"}

package/dist/enums/permission-scope.enum.d.ts

@@ -0,0 +1,7 @@
+export declare enum PermissionScope {
+    CALENDAR_READ = "CALENDAR_READ",
+    CALENDAR_WRITE = "CALENDAR_WRITE",
+    EMAIL_READ = "EMAIL_READ",
+    EMAIL_WRITE = "EMAIL_WRITE",
+    EMAIL_SEND = "EMAIL_SEND"
+}

package/dist/enums/permission-scope.enum.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionScope = void 0;
+var PermissionScope;
+(function (PermissionScope) {
+    PermissionScope["CALENDAR_READ"] = "CALENDAR_READ";
+    PermissionScope["CALENDAR_WRITE"] = "CALENDAR_WRITE";
+    PermissionScope["EMAIL_READ"] = "EMAIL_READ";
+    PermissionScope["EMAIL_WRITE"] = "EMAIL_WRITE";
+    PermissionScope["EMAIL_SEND"] = "EMAIL_SEND";
+})(PermissionScope || (exports.PermissionScope = PermissionScope = {}));
+//# sourceMappingURL=permission-scope.enum.js.map

package/dist/enums/permission-scope.enum.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-scope.enum.js","sourceRoot":"","sources":["../../src/enums/permission-scope.enum.ts"],"names":[],"mappings":";;;AAIA,IAAY,eAMX;AAND,WAAY,eAAe;IACzB,kDAA+B,CAAA;IAC/B,oDAAiC,CAAA;IACjC,4CAAyB,CAAA;IACzB,8CAA2B,CAAA;IAC3B,4CAAyB,CAAA;AAC3B,CAAC,EANW,eAAe,+BAAf,eAAe,QAM1B"}

package/dist/index.d.ts

@@ -1,13 +1,16 @@
+export * from './services/auth/microsoft-auth.service';
+export * from './services/calendar/calendar.service';
+export * from './services/email/email.service';
 export * from './microsoft-outlook.module';
+export * from './interfaces/outlook/token-response.interface';
+export * from './interfaces/config/outlook-config.interface';
+export * from './enums/permission-scope.enum';
+export * from './enums/event-types.enum';
+export * from './constants';
 export * from './controllers/calendar.controller';
 export * from './controllers/microsoft-auth.controller';
 export * from './controllers/email.controller';
-export * from './services';
 export * from './dto/outlook-webhook-notification.dto';
-export * from './interfaces/outlook/token-response.interface';
-export * from './interfaces/config/outlook-config.interface';
-export * from './event-types.enum';
-export * from './constants';
 export * from './entities/outlook-webhook-subscription.entity';
 export * from './repositories/outlook-webhook-subscription.repository';
 export * from './types';

package/dist/index.js

@@ -14,16 +14,19 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./services/auth/microsoft-auth.service"), exports);
+__exportStar(require("./services/calendar/calendar.service"), exports);
+__exportStar(require("./services/email/email.service"), exports);
 __exportStar(require("./microsoft-outlook.module"), exports);
+__exportStar(require("./interfaces/outlook/token-response.interface"), exports);
+__exportStar(require("./interfaces/config/outlook-config.interface"), exports);
+__exportStar(require("./enums/permission-scope.enum"), exports);
+__exportStar(require("./enums/event-types.enum"), exports);
+__exportStar(require("./constants"), exports);
 __exportStar(require("./controllers/calendar.controller"), exports);
 __exportStar(require("./controllers/microsoft-auth.controller"), exports);
 __exportStar(require("./controllers/email.controller"), exports);
-__exportStar(require("./services"), exports);
 __exportStar(require("./dto/outlook-webhook-notification.dto"), exports);
-__exportStar(require("./interfaces/outlook/token-response.interface"), exports);
-__exportStar(require("./interfaces/config/outlook-config.interface"), exports);
-__exportStar(require("./event-types.enum"), exports);
-__exportStar(require("./constants"), exports);
 __exportStar(require("./entities/outlook-webhook-subscription.entity"), exports);
 __exportStar(require("./repositories/outlook-webhook-subscription.repository"), exports);
 __exportStar(require("./types"), exports);

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAGA,6DAA2C;AAG3C,oEAAkD;AAClD,0EAAwD;AACxD,iEAA+C;AAG/C,6CAA2B;AAG3B,yEAAuD;AAGvD,gFAA8D;AAC9D,+EAA6D;AAG7D,qDAAmC;AAGnC,8CAA4B;AAG5B,iFAA+D;AAG/D,yFAAuE;AAGvE,0CAAwB"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAGA,yEAAuD;AACvD,uEAAqD;AACrD,iEAA+C;AAG/C,6DAA2C;AAG3C,gFAA8D;AAC9D,+EAA6D;AAG7D,gEAA8C;AAC9C,2DAAyC;AAGzC,8CAA4B;AAG5B,oEAAkD;AAClD,0EAAwD;AACxD,iEAA+C;AAG/C,yEAAuD;AAGvD,iFAA+D;AAG/D,yFAAuE;AAGvE,0CAAwB"}

package/dist/interfaces/config/outlook-config.interface.d.ts

@@ -2,6 +2,6 @@ export interface MicrosoftOutlookConfig {
     clientId: string;
     clientSecret: string;
     redirectPath: string;
-    backendBaseUrl?: string;
+    backendBaseUrl: string;
     basePath?: string;
 }

package/dist/interfaces/microsoft-auth/state-object.interface.d.ts

@@ -1,5 +1,7 @@
+import { PermissionScope } from '../../enums/permission-scope.enum';
 export interface StateObject {
-    userId: string | number;
+    userId: string;
     csrf: string;
-    timestamp?: number;
+    timestamp: number;
+    requestedScopes?: PermissionScope[];
 }