@ciscode/authentication-kit 1.1.1 → 1.1.3

package/dist/middleware/auth.guard.d.ts

@@ -0,0 +1,4 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+export declare class AuthGuard implements CanActivate {
+    canActivate(context: ExecutionContext): boolean;
+}

package/dist/middleware/auth.guard.js

@@ -0,0 +1,39 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthGuard = void 0;
+const common_1 = require("@nestjs/common");
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+let AuthGuard = class AuthGuard {
+    canActivate(context) {
+        var _a, _b;
+        const req = context.switchToHttp().getRequest();
+        const res = context.switchToHttp().getResponse();
+        const token = (_b = (_a = req.headers) === null || _a === void 0 ? void 0 : _a.authorization) === null || _b === void 0 ? void 0 : _b.split(' ')[1];
+        if (!token) {
+            res.status(401).json({ error: 'Unauthorized' });
+            return false;
+        }
+        try {
+            const decoded = jsonwebtoken_1.default.verify(token, process.env.JWT_SECRET);
+            req.user = decoded;
+            return true;
+        }
+        catch (error) {
+            res.status(403).json({ error: 'Invalid token' });
+            return false;
+        }
+    }
+};
+exports.AuthGuard = AuthGuard;
+exports.AuthGuard = AuthGuard = __decorate([
+    (0, common_1.Injectable)()
+], AuthGuard);

package/dist/middleware/authenticate.guard.d.ts

@@ -0,0 +1,4 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+export declare class AuthenticateGuard implements CanActivate {
+    canActivate(context: ExecutionContext): boolean;
+}

package/dist/middleware/authenticate.guard.js

@@ -0,0 +1,44 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthenticateGuard = void 0;
+const common_1 = require("@nestjs/common");
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+let AuthenticateGuard = class AuthenticateGuard {
+    canActivate(context) {
+        var _a;
+        const req = context.switchToHttp().getRequest();
+        const res = context.switchToHttp().getResponse();
+        const authHeader = (_a = req.headers) === null || _a === void 0 ? void 0 : _a.authorization;
+        if (!authHeader || !authHeader.startsWith('Bearer ')) {
+            res.status(401).json({ message: 'Missing or invalid Authorization header.' });
+            return false;
+        }
+        const token = authHeader.split(' ')[1];
+        try {
+            const decoded = jsonwebtoken_1.default.verify(token, process.env.JWT_SECRET);
+            req.user = decoded;
+            return true;
+        }
+        catch (err) {
+            if ((err === null || err === void 0 ? void 0 : err.name) === 'TokenExpiredError') {
+                res.status(401).json({ message: 'Access token expired.' });
+                return false;
+            }
+            res.status(401).json({ message: 'Invalid access token.' });
+            return false;
+        }
+    }
+};
+exports.AuthenticateGuard = AuthenticateGuard;
+exports.AuthenticateGuard = AuthenticateGuard = __decorate([
+    (0, common_1.Injectable)()
+], AuthenticateGuard);

package/dist/middleware/permission.guard.d.ts

@@ -0,0 +1,4 @@
+import { ExecutionContext } from '@nestjs/common';
+export declare const hasPermission: (requiredPermission: string) => import("@nestjs/common").Type<{
+    canActivate(context: ExecutionContext): Promise<boolean>;
+}>;

package/dist/middleware/permission.guard.js

@@ -0,0 +1,52 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hasPermission = void 0;
+const common_1 = require("@nestjs/common");
+const role_model_1 = __importDefault(require("../models/role.model"));
+const hasPermission = (requiredPermission) => {
+    let PermissionGuard = class PermissionGuard {
+        async canActivate(context) {
+            const req = context.switchToHttp().getRequest();
+            const res = context.switchToHttp().getResponse();
+            try {
+                const { roleIds, roles, permissions } = req.user || {};
+                const tokenPermissions = Array.isArray(permissions) ? permissions : [];
+                if (tokenPermissions.includes(requiredPermission)) {
+                    return true;
+                }
+                let resolvedPermissions = [];
+                if (Array.isArray(roleIds) && roleIds.length > 0) {
+                    const roleDocs = await role_model_1.default.find({ _id: { $in: roleIds } });
+                    resolvedPermissions = roleDocs.flatMap((role) => role.permissions);
+                }
+                else if (Array.isArray(roles) && roles.length > 0) {
+                    const roleDocs = await role_model_1.default.find({ name: { $in: roles } });
+                    resolvedPermissions = roleDocs.flatMap((role) => role.permissions);
+                }
+                if (resolvedPermissions.includes(requiredPermission)) {
+                    return true;
+                }
+                res.status(403).json({ error: 'Forbidden: Insufficient permissions' });
+                return false;
+            }
+            catch (error) {
+                res.status(500).json({ error: 'Authorization error' });
+                return false;
+            }
+        }
+    };
+    PermissionGuard = __decorate([
+        (0, common_1.Injectable)()
+    ], PermissionGuard);
+    return (0, common_1.mixin)(PermissionGuard);
+};
+exports.hasPermission = hasPermission;

package/dist/models/client.model.d.ts

@@ -0,0 +1,54 @@
+import mongoose from 'mongoose';
+declare const ClientSchema: mongoose.Schema<any, mongoose.Model<any, any, any, any, any, any>, {}, {}, {}, {}, {
+    timestamps: true;
+}, {
+    createdAt: NativeDate;
+    updatedAt: NativeDate;
+} & {
+    email: string;
+    roles: mongoose.Types.ObjectId[];
+    createdAt: Date;
+    name?: string;
+    password?: string;
+    microsoftId?: string;
+    googleId?: string;
+    facebookId?: string;
+    resetPasswordToken?: string;
+    resetPasswordExpires?: Date;
+    refreshToken?: string;
+}, mongoose.Document<unknown, {}, mongoose.FlatRecord<{
+    createdAt: NativeDate;
+    updatedAt: NativeDate;
+} & {
+    email: string;
+    roles: mongoose.Types.ObjectId[];
+    createdAt: Date;
+    name?: string;
+    password?: string;
+    microsoftId?: string;
+    googleId?: string;
+    facebookId?: string;
+    resetPasswordToken?: string;
+    resetPasswordExpires?: Date;
+    refreshToken?: string;
+}>> & mongoose.FlatRecord<{
+    createdAt: NativeDate;
+    updatedAt: NativeDate;
+} & {
+    email: string;
+    roles: mongoose.Types.ObjectId[];
+    createdAt: Date;
+    name?: string;
+    password?: string;
+    microsoftId?: string;
+    googleId?: string;
+    facebookId?: string;
+    resetPasswordToken?: string;
+    resetPasswordExpires?: Date;
+    refreshToken?: string;
+}> & {
+    _id: mongoose.Types.ObjectId;
+}>;
+declare const Client: mongoose.Model<any, {}, {}, {}, any, any>;
+export { ClientSchema };
+export default Client;

package/dist/models/client.model.js

@@ -0,0 +1,34 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ClientSchema = void 0;
+const mongoose_1 = __importDefault(require("mongoose"));
+const mongoose_paginate_v2_1 = __importDefault(require("mongoose-paginate-v2"));
+const ClientSchema = new mongoose_1.default.Schema({
+    email: {
+        type: String,
+        required: true,
+        unique: true
+    },
+    password: {
+        type: String,
+        required: function () {
+            return !this.microsoftId && !this.googleId && !this.facebookId;
+        }
+    },
+    name: { type: String },
+    microsoftId: { type: String, index: true },
+    googleId: { type: String, index: true },
+    facebookId: { type: String, index: true },
+    roles: [{ type: mongoose_1.default.Schema.Types.ObjectId, ref: 'Role' }],
+    resetPasswordToken: { type: String },
+    resetPasswordExpires: { type: Date },
+    refreshToken: { type: String },
+    createdAt: { type: Date, default: Date.now }
+}, { timestamps: true });
+exports.ClientSchema = ClientSchema;
+ClientSchema.plugin(mongoose_paginate_v2_1.default);
+const Client = mongoose_1.default.models.Client || mongoose_1.default.model('Client', ClientSchema);
+exports.default = Client;

package/dist/models/permission.model.d.ts

@@ -0,0 +1,19 @@
+import mongoose from 'mongoose';
+declare const PermissionSchema: mongoose.Schema<any, mongoose.Model<any, any, any, any, any, any>, {}, {}, {}, {}, mongoose.DefaultSchemaOptions, {
+    name: string;
+    description?: string;
+    category?: string;
+}, mongoose.Document<unknown, {}, mongoose.FlatRecord<{
+    name: string;
+    description?: string;
+    category?: string;
+}>> & mongoose.FlatRecord<{
+    name: string;
+    description?: string;
+    category?: string;
+}> & {
+    _id: mongoose.Types.ObjectId;
+}>;
+declare const Permission: mongoose.Model<any, {}, {}, {}, any, any>;
+export { PermissionSchema };
+export default Permission;

package/dist/models/permission.model.js

@@ -0,0 +1,17 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionSchema = void 0;
+const mongoose_1 = __importDefault(require("mongoose"));
+const mongoose_paginate_v2_1 = __importDefault(require("mongoose-paginate-v2"));
+const PermissionSchema = new mongoose_1.default.Schema({
+    name: { type: String, required: true, unique: true },
+    category: { type: String },
+    description: { type: String }
+});
+exports.PermissionSchema = PermissionSchema;
+PermissionSchema.plugin(mongoose_paginate_v2_1.default);
+const Permission = mongoose_1.default.models.Permission || mongoose_1.default.model('Permission', PermissionSchema);
+exports.default = Permission;

package/dist/models/role.model.d.ts

@@ -0,0 +1,30 @@
+import mongoose from 'mongoose';
+declare const RoleSchema: mongoose.Schema<any, mongoose.Model<any, any, any, any, any, any>, {}, {}, {}, {}, {
+    timestamps: true;
+}, {
+    createdAt: NativeDate;
+    updatedAt: NativeDate;
+} & {
+    name: string;
+    permissions: string[];
+    description?: string;
+}, mongoose.Document<unknown, {}, mongoose.FlatRecord<{
+    createdAt: NativeDate;
+    updatedAt: NativeDate;
+} & {
+    name: string;
+    permissions: string[];
+    description?: string;
+}>> & mongoose.FlatRecord<{
+    createdAt: NativeDate;
+    updatedAt: NativeDate;
+} & {
+    name: string;
+    permissions: string[];
+    description?: string;
+}> & {
+    _id: mongoose.Types.ObjectId;
+}>;
+declare const Role: mongoose.Model<any, {}, {}, {}, any, any>;
+export { RoleSchema };
+export default Role;

package/dist/models/role.model.js

@@ -0,0 +1,17 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RoleSchema = void 0;
+const mongoose_1 = __importDefault(require("mongoose"));
+const mongoose_paginate_v2_1 = __importDefault(require("mongoose-paginate-v2"));
+const RoleSchema = new mongoose_1.default.Schema({
+    name: { type: String, required: true, unique: true },
+    description: { type: String },
+    permissions: [{ type: String }]
+}, { timestamps: true });
+exports.RoleSchema = RoleSchema;
+RoleSchema.plugin(mongoose_paginate_v2_1.default);
+const Role = mongoose_1.default.models.Role || mongoose_1.default.model('Role', RoleSchema);
+exports.default = Role;

package/dist/models/tenant.model.d.ts

@@ -0,0 +1,19 @@
+import mongoose from 'mongoose';
+declare const TenantSchema: mongoose.Schema<any, mongoose.Model<any, any, any, any, any, any>, {}, {}, {}, {}, mongoose.DefaultSchemaOptions, {
+    _id?: string;
+    name?: string;
+    plan?: string;
+}, mongoose.Document<unknown, {}, mongoose.FlatRecord<{
+    _id?: string;
+    name?: string;
+    plan?: string;
+}>> & mongoose.FlatRecord<{
+    _id?: string;
+    name?: string;
+    plan?: string;
+}> & Required<{
+    _id: string;
+}>>;
+declare const Tenant: mongoose.Model<any, {}, {}, {}, any, any>;
+export { TenantSchema };
+export default Tenant;

package/dist/models/tenant.model.js

@@ -0,0 +1,15 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TenantSchema = void 0;
+const mongoose_1 = __importDefault(require("mongoose"));
+const TenantSchema = new mongoose_1.default.Schema({
+    _id: String,
+    name: String,
+    plan: String
+});
+exports.TenantSchema = TenantSchema;
+const Tenant = mongoose_1.default.models.Tenant || mongoose_1.default.model('Tenant', TenantSchema);
+exports.default = Tenant;

package/dist/models/user.model.d.ts

@@ -0,0 +1,66 @@
+import mongoose from 'mongoose';
+declare const UserSchema: mongoose.Schema<any, mongoose.Model<any, any, any, any, any, any>, {}, {}, {}, {}, {
+    timestamps: true;
+}, {
+    createdAt: NativeDate;
+    updatedAt: NativeDate;
+} & {
+    email: string;
+    roles: mongoose.Types.ObjectId[];
+    status: "pending" | "active" | "suspended" | "deactivated";
+    failedLoginAttempts: number;
+    name?: string;
+    password?: string;
+    jobTitle?: string;
+    company?: string;
+    microsoftId?: string;
+    googleId?: string;
+    facebookId?: string;
+    resetPasswordToken?: string;
+    resetPasswordExpires?: Date;
+    refreshToken?: string;
+    lockUntil?: Date;
+}, mongoose.Document<unknown, {}, mongoose.FlatRecord<{
+    createdAt: NativeDate;
+    updatedAt: NativeDate;
+} & {
+    email: string;
+    roles: mongoose.Types.ObjectId[];
+    status: "pending" | "active" | "suspended" | "deactivated";
+    failedLoginAttempts: number;
+    name?: string;
+    password?: string;
+    jobTitle?: string;
+    company?: string;
+    microsoftId?: string;
+    googleId?: string;
+    facebookId?: string;
+    resetPasswordToken?: string;
+    resetPasswordExpires?: Date;
+    refreshToken?: string;
+    lockUntil?: Date;
+}>> & mongoose.FlatRecord<{
+    createdAt: NativeDate;
+    updatedAt: NativeDate;
+} & {
+    email: string;
+    roles: mongoose.Types.ObjectId[];
+    status: "pending" | "active" | "suspended" | "deactivated";
+    failedLoginAttempts: number;
+    name?: string;
+    password?: string;
+    jobTitle?: string;
+    company?: string;
+    microsoftId?: string;
+    googleId?: string;
+    facebookId?: string;
+    resetPasswordToken?: string;
+    resetPasswordExpires?: Date;
+    refreshToken?: string;
+    lockUntil?: Date;
+}> & {
+    _id: mongoose.Types.ObjectId;
+}>;
+declare const User: mongoose.Model<any, {}, {}, {}, any, any>;
+export { UserSchema };
+export default User;

package/dist/models/user.model.js

@@ -0,0 +1,42 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserSchema = void 0;
+const mongoose_1 = __importDefault(require("mongoose"));
+const mongoose_paginate_v2_1 = __importDefault(require("mongoose-paginate-v2"));
+const UserSchema = new mongoose_1.default.Schema({
+    email: {
+        type: String,
+        required: true,
+        unique: true
+    },
+    password: {
+        type: String,
+        required: function () {
+            return !this.microsoftId && !this.googleId && !this.facebookId;
+        }
+    },
+    name: { type: String },
+    jobTitle: { type: String },
+    company: { type: String },
+    microsoftId: { type: String, index: true },
+    googleId: { type: String, index: true },
+    facebookId: { type: String, index: true },
+    roles: [{ type: mongoose_1.default.Schema.Types.ObjectId, ref: 'Role' }],
+    resetPasswordToken: { type: String },
+    resetPasswordExpires: { type: Date },
+    status: {
+        type: String,
+        enum: ['pending', 'active', 'suspended', 'deactivated'],
+        default: 'pending'
+    },
+    refreshToken: { type: String },
+    failedLoginAttempts: { type: Number, default: 0 },
+    lockUntil: { type: Date }
+}, { timestamps: true });
+exports.UserSchema = UserSchema;
+UserSchema.plugin(mongoose_paginate_v2_1.default);
+const User = mongoose_1.default.models.User || mongoose_1.default.model('User', UserSchema);
+exports.default = User;

package/dist/standalone.d.ts

@@ -0,0 +1 @@
+import 'dotenv/config';

package/dist/standalone.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+require("dotenv/config");
+const core_1 = require("@nestjs/core");
+const auth_kit_module_1 = require("./auth-kit.module");
+async function bootstrap() {
+    const app = await core_1.NestFactory.create(auth_kit_module_1.AuthKitModule);
+    const port = process.env.PORT || 3000;
+    await app.listen(port);
+    console.log('AuthKit listening on', port);
+}
+bootstrap();

package/dist/utils/helper.d.ts

@@ -0,0 +1 @@
+export declare function getMillisecondsFromExpiry(expiry: string | number): number;

package/dist/utils/helper.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getMillisecondsFromExpiry = getMillisecondsFromExpiry;
+function getMillisecondsFromExpiry(expiry) {
+    if (typeof expiry === 'number') {
+        return expiry * 1000;
+    }
+    const unit = expiry.slice(-1).toLowerCase();
+    const value = parseInt(expiry.slice(0, -1), 10);
+    switch (unit) {
+        case 's':
+            return value * 1000;
+        case 'm':
+            return value * 60 * 1000;
+        case 'h':
+            return value * 60 * 60 * 1000;
+        case 'd':
+            return value * 24 * 60 * 60 * 1000;
+        default:
+            return 0;
+    }
+}

package/package.json

@@ -7,8 +7,8 @@
     "type": "git",
     "url": "git+https://github.com/CISCODE-MA/AuthKit.git"
   },
-  "version": "1.1.1",
-  "description": "A login library with local login, Microsoft Entra ID authentication, password reset, and roles/permissions for multi-tenant applications.",
+  "version": "1.1.3",
+  "description": "A login library with local login, Microsoft Entra ID authentication, password reset, and roles/permissions.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "files": [
@@ -20,6 +20,7 @@
     "build": "tsc -p tsconfig.json",
     "start": "node dist/standalone.js",
     "test": "echo \"No tests defined\" && exit 0",
+    "prepack": "npm run build",
     "release": "semantic-release"
   },
   "keywords": [
@@ -29,7 +30,7 @@
     "password-reset",
     "roles",
     "permissions",
-    "multi-tenant"
+    "users"
   ],
   "author": "Ciscode",
   "license": "MIT",