@ciscode/authentication-kit 1.1.5 → 1.2.0

package/dist/auth-kit.module.js

@@ -5,6 +5,9 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
     else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
     return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -12,39 +15,87 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthKitModule = void 0;
 require("dotenv/config");
 const common_1 = require("@nestjs/common");
-const passport_config_1 = __importDefault(require("./config/passport.config"));
+const mongoose_1 = require("@nestjs/mongoose");
 const cookie_parser_1 = __importDefault(require("cookie-parser"));
-const mongoose_1 = __importDefault(require("mongoose"));
-const db_config_1 = require("./config/db.config");
 const auth_controller_1 = require("./controllers/auth.controller");
-const password_reset_controller_1 = require("./controllers/password-reset.controller");
 const users_controller_1 = require("./controllers/users.controller");
 const roles_controller_1 = require("./controllers/roles.controller");
 const permissions_controller_1 = require("./controllers/permissions.controller");
-const admin_controller_1 = require("./controllers/admin.controller");
+const user_model_1 = require("./models/user.model");
+const role_model_1 = require("./models/role.model");
+const permission_model_1 = require("./models/permission.model");
+const auth_service_1 = require("./services/auth.service");
+const users_service_1 = require("./services/users.service");
+const roles_service_1 = require("./services/roles.service");
+const permissions_service_1 = require("./services/permissions.service");
+const mail_service_1 = require("./services/mail.service");
+const seed_service_1 = require("./services/seed.service");
+const user_repository_1 = require("./repositories/user.repository");
+const role_repository_1 = require("./repositories/role.repository");
+const permission_repository_1 = require("./repositories/permission.repository");
+const authenticate_guard_1 = require("./middleware/authenticate.guard");
+const admin_guard_1 = require("./middleware/admin.guard");
+const admin_role_service_1 = require("./services/admin-role.service");
+const oauth_service_1 = require("./services/oauth.service");
+const passport_1 = __importDefault(require("passport"));
+const passport_config_1 = require("./config/passport.config");
 let AuthKitModule = class AuthKitModule {
-    async onModuleInit() {
-        await (0, db_config_1.connectDB)();
+    constructor(oauth) {
+        this.oauth = oauth;
     }
-    async onModuleDestroy() {
-        await mongoose_1.default.disconnect();
+    onModuleInit() {
+        (0, passport_config_1.registerOAuthStrategies)(this.oauth);
     }
     configure(consumer) {
         consumer
-            .apply((0, cookie_parser_1.default)(), passport_config_1.default.initialize())
+            .apply((0, cookie_parser_1.default)(), passport_1.default.initialize())
             .forRoutes({ path: '*', method: common_1.RequestMethod.ALL });
     }
 };
 exports.AuthKitModule = AuthKitModule;
 exports.AuthKitModule = AuthKitModule = __decorate([
     (0, common_1.Module)({
+        imports: [
+            mongoose_1.MongooseModule.forFeature([
+                { name: user_model_1.User.name, schema: user_model_1.UserSchema },
+                { name: role_model_1.Role.name, schema: role_model_1.RoleSchema },
+                { name: permission_model_1.Permission.name, schema: permission_model_1.PermissionSchema },
+            ]),
+        ],
         controllers: [
             auth_controller_1.AuthController,
-            password_reset_controller_1.PasswordResetController,
             users_controller_1.UsersController,
             roles_controller_1.RolesController,
             permissions_controller_1.PermissionsController,
-            admin_controller_1.AdminController,
         ],
-    })
+        providers: [
+            auth_service_1.AuthService,
+            users_service_1.UsersService,
+            roles_service_1.RolesService,
+            permissions_service_1.PermissionsService,
+            mail_service_1.MailService,
+            seed_service_1.SeedService,
+            user_repository_1.UserRepository,
+            role_repository_1.RoleRepository,
+            permission_repository_1.PermissionRepository,
+            authenticate_guard_1.AuthenticateGuard,
+            admin_guard_1.AdminGuard,
+            admin_role_service_1.AdminRoleService,
+            oauth_service_1.OAuthService,
+        ],
+        exports: [
+            auth_service_1.AuthService,
+            users_service_1.UsersService,
+            roles_service_1.RolesService,
+            permissions_service_1.PermissionsService,
+            seed_service_1.SeedService,
+            authenticate_guard_1.AuthenticateGuard,
+            user_repository_1.UserRepository,
+            role_repository_1.RoleRepository,
+            permission_repository_1.PermissionRepository,
+            admin_guard_1.AdminGuard,
+            admin_role_service_1.AdminRoleService,
+        ],
+    }),
+    __metadata("design:paramtypes", [oauth_service_1.OAuthService])
 ], AuthKitModule);

package/dist/config/passport.config.d.ts

@@ -1,3 +1,4 @@
 import passport from 'passport';
-import 'dotenv/config';
+import { OAuthService } from '../services/oauth.service';
+export declare const registerOAuthStrategies: (oauth: OAuthService) => void;
 export default passport;

package/dist/config/passport.config.js

@@ -3,257 +3,80 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerOAuthStrategies = void 0;
 const passport_1 = __importDefault(require("passport"));
-const passport_local_1 = require("passport-local");
 const passport_azure_ad_oauth2_1 = require("passport-azure-ad-oauth2");
 const passport_google_oauth20_1 = require("passport-google-oauth20");
 const passport_facebook_1 = require("passport-facebook");
-const bcryptjs_1 = __importDefault(require("bcryptjs"));
-const jsonwebtoken_1 = require("jsonwebtoken");
-const user_model_1 = __importDefault(require("../models/user.model"));
-const client_model_1 = __importDefault(require("../models/client.model"));
-require("dotenv/config");
-const MAX_FAILED = parseInt(process.env.MAX_FAILED_LOGIN_ATTEMPTS || '', 10) || 3;
-const LOCK_TIME_MIN = parseInt(process.env.ACCOUNT_LOCK_TIME_MINUTES || '', 10) || 15;
-const LOCK_TIME_MS = LOCK_TIME_MIN * 60 * 1000;
-passport_1.default.use(new passport_local_1.Strategy({ usernameField: 'email', passwordField: 'password', passReqToCallback: true }, async (req, email, password, done) => {
-    try {
-        const user = await user_model_1.default.findOne({ email });
-        if (!user)
-            return done(null, false, { message: 'Incorrect email.' });
-        if (user.lockUntil && user.lockUntil > Date.now()) {
-            return done(null, false, { message: `Account locked until ${new Date(user.lockUntil).toLocaleString()}.` });
-        }
-        const ok = await bcryptjs_1.default.compare(password, user.password);
-        if (!ok) {
-            user.failedLoginAttempts += 1;
-            if (user.failedLoginAttempts >= MAX_FAILED)
-                user.lockUntil = Date.now() + LOCK_TIME_MS;
-            await user.save();
-            return done(null, false, { message: 'Incorrect password.' });
-        }
-        user.failedLoginAttempts = 0;
-        user.lockUntil = undefined;
-        await user.save();
-        return done(null, user);
-    }
-    catch (err) {
-        return done(err);
-    }
-}));
-passport_1.default.use(new passport_azure_ad_oauth2_1.Strategy({
-    clientID: process.env.MICROSOFT_CLIENT_ID,
-    clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
-    callbackURL: process.env.MICROSOFT_CALLBACK_URL,
-}, async (_at, _rt, params, _profile, done) => {
-    try {
-        const decoded = (0, jsonwebtoken_1.decode)(params.id_token);
-        const microsoftId = decoded.oid || decoded.sub;
-        const email = decoded.preferred_username || decoded.upn || decoded.email;
-        const name = decoded.name;
-        const match = [{ microsoftId }];
-        if (email)
-            match.push({ email });
-        let user = await user_model_1.default.findOne({ $or: match });
-        if (!user) {
-            user = new user_model_1.default({ email, name, microsoftId, roles: [], status: 'active' });
-            await user.save();
-        }
-        else {
-            let changed = false;
-            if (!user.microsoftId) {
-                user.microsoftId = microsoftId;
-                changed = true;
-            }
-            if (changed)
-                await user.save();
-        }
-        return done(null, user);
-    }
-    catch (err) {
-        return done(err);
-    }
-}));
-passport_1.default.use('azure_ad_oauth2_client', new passport_azure_ad_oauth2_1.Strategy({
-    clientID: process.env.MICROSOFT_CLIENT_ID_CLIENT || process.env.MICROSOFT_CLIENT_ID,
-    clientSecret: process.env.MICROSOFT_CLIENT_SECRET_CLIENT || process.env.MICROSOFT_CLIENT_SECRET,
-    callbackURL: process.env.MICROSOFT_CALLBACK_URL_CLIENT,
-}, async (_at, _rt, params, _profile, done) => {
-    try {
-        const decoded = (0, jsonwebtoken_1.decode)(params.id_token);
-        const microsoftId = decoded.oid || decoded.sub;
-        const email = decoded.preferred_username || decoded.upn || decoded.email;
-        const name = decoded.name;
-        const match = [{ microsoftId }];
-        if (email)
-            match.push({ email });
-        let client = await client_model_1.default.findOne({ $or: match });
-        if (!client) {
-            client = new client_model_1.default({ email, name, microsoftId, roles: [] });
-            await client.save();
-        }
-        else if (!client.microsoftId) {
-            client.microsoftId = microsoftId;
-            await client.save();
-        }
-        return done(null, client);
-    }
-    catch (err) {
-        return done(err);
-    }
-}));
-if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET && process.env.GOOGLE_CALLBACK_URL_USER) {
-    passport_1.default.use('google-user', new passport_google_oauth20_1.Strategy({
-        clientID: process.env.GOOGLE_CLIENT_ID,
-        clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-        callbackURL: process.env.GOOGLE_CALLBACK_URL_USER
-    }, async (_at, _rt, profile, done) => {
-        var _a;
-        try {
-            const email = profile.emails && ((_a = profile.emails[0]) === null || _a === void 0 ? void 0 : _a.value);
-            if (!email)
-                return done(null, false);
-            let user = await user_model_1.default.findOne({ email });
-            if (!user) {
-                user = new user_model_1.default({
-                    email,
-                    name: profile.displayName,
-                    googleId: profile.id,
-                    roles: [],
-                    status: 'active'
-                });
-                await user.save();
-            }
-            else {
-                let changed = false;
-                if (!user.googleId) {
-                    user.googleId = profile.id;
-                    changed = true;
-                }
-                if (changed)
-                    await user.save();
-            }
-            return done(null, user);
-        }
-        catch (err) {
-            return done(err);
-        }
-    }));
-}
-if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET && process.env.GOOGLE_CALLBACK_URL_CLIENT) {
-    passport_1.default.use('google-client', new passport_google_oauth20_1.Strategy({
-        clientID: process.env.GOOGLE_CLIENT_ID,
-        clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-        callbackURL: process.env.GOOGLE_CALLBACK_URL_CLIENT
-    }, async (_at, _rt, profile, done) => {
-        var _a;
-        try {
-            const email = profile.emails && ((_a = profile.emails[0]) === null || _a === void 0 ? void 0 : _a.value);
-            if (!email)
-                return done(null, false);
-            let client = await client_model_1.default.findOne({ email });
-            if (!client) {
-                client = new client_model_1.default({
-                    email,
-                    name: profile.displayName,
-                    googleId: profile.id,
-                    roles: []
+const axios_1 = __importDefault(require("axios"));
+const registerOAuthStrategies = (oauth) => {
+    // Microsoft
+    if (process.env.MICROSOFT_CLIENT_ID && process.env.MICROSOFT_CLIENT_SECRET && process.env.MICROSOFT_CALLBACK_URL) {
+        passport_1.default.use('azure_ad_oauth2', new passport_azure_ad_oauth2_1.Strategy({
+            clientID: process.env.MICROSOFT_CLIENT_ID,
+            clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
+            callbackURL: process.env.MICROSOFT_CALLBACK_URL,
+            resource: 'https://graph.microsoft.com',
+            tenant: process.env.MICROSOFT_TENANT_ID || 'common'
+        }, async (accessToken, _rt, _params, _profile, done) => {
+            var _a, _b, _c;
+            try {
+                const me = await axios_1.default.get('https://graph.microsoft.com/v1.0/me', {
+                    headers: { Authorization: `Bearer ${accessToken}` },
                 });
-                await client.save();
+                const email = ((_a = me.data) === null || _a === void 0 ? void 0 : _a.mail) || ((_b = me.data) === null || _b === void 0 ? void 0 : _b.userPrincipalName);
+                const name = (_c = me.data) === null || _c === void 0 ? void 0 : _c.displayName;
+                if (!email)
+                    return done(null, false);
+                const { accessToken: appToken, refreshToken } = await oauth.findOrCreateOAuthUser(email, name);
+                return done(null, { accessToken: appToken, refreshToken });
             }
-            else if (!client.googleId) {
-                client.googleId = profile.id;
-                await client.save();
+            catch (err) {
+                return done(err);
             }
-            return done(null, client);
-        }
-        catch (err) {
-            return done(err);
-        }
-    }));
-}
-if (process.env.FB_CLIENT_ID && process.env.FB_CLIENT_SECRET && process.env.FB_CALLBACK_URL_USER) {
-    passport_1.default.use('facebook-user', new passport_facebook_1.Strategy({
-        clientID: process.env.FB_CLIENT_ID,
-        clientSecret: process.env.FB_CLIENT_SECRET,
-        callbackURL: process.env.FB_CALLBACK_URL_USER,
-        profileFields: ['id', 'displayName', 'emails']
-    }, async (_at, _rt, profile, done) => {
-        var _a;
-        try {
-            const email = profile.emails && ((_a = profile.emails[0]) === null || _a === void 0 ? void 0 : _a.value);
-            if (!email)
-                return done(null, false);
-            let user = await user_model_1.default.findOne({ email });
-            if (!user) {
-                user = new user_model_1.default({
-                    email,
-                    name: profile.displayName,
-                    facebookId: profile.id,
-                    roles: [],
-                    status: 'active'
-                });
-                await user.save();
+        }));
+    }
+    // Google
+    if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET && process.env.GOOGLE_CALLBACK_URL) {
+        passport_1.default.use('google', new passport_google_oauth20_1.Strategy({
+            clientID: process.env.GOOGLE_CLIENT_ID,
+            clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+            callbackURL: process.env.GOOGLE_CALLBACK_URL,
+        }, async (_at, _rt, profile, done) => {
+            var _a, _b;
+            try {
+                const email = (_b = (_a = profile.emails) === null || _a === void 0 ? void 0 : _a[0]) === null || _b === void 0 ? void 0 : _b.value;
+                if (!email)
+                    return done(null, false);
+                const { accessToken, refreshToken } = await oauth.findOrCreateOAuthUser(email, profile.displayName);
+                return done(null, { accessToken, refreshToken });
             }
-            else {
-                let changed = false;
-                if (!user.facebookId) {
-                    user.facebookId = profile.id;
-                    changed = true;
-                }
-                if (changed)
-                    await user.save();
+            catch (err) {
+                return done(err);
             }
-            return done(null, user);
-        }
-        catch (err) {
-            return done(err);
-        }
-    }));
-}
-if (process.env.FB_CLIENT_ID && process.env.FB_CLIENT_SECRET && process.env.FB_CALLBACK_URL_CLIENT) {
-    passport_1.default.use('facebook-client', new passport_facebook_1.Strategy({
-        clientID: process.env.FB_CLIENT_ID,
-        clientSecret: process.env.FB_CLIENT_SECRET,
-        callbackURL: process.env.FB_CALLBACK_URL_CLIENT,
-        profileFields: ['id', 'displayName', 'emails']
-    }, async (_at, _rt, profile, done) => {
-        var _a;
-        try {
-            const email = profile.emails && ((_a = profile.emails[0]) === null || _a === void 0 ? void 0 : _a.value);
-            if (!email)
-                return done(null, false);
-            let client = await client_model_1.default.findOne({ email });
-            if (!client) {
-                client = new client_model_1.default({
-                    email,
-                    name: profile.displayName,
-                    facebookId: profile.id,
-                    roles: []
-                });
-                await client.save();
+        }));
+    }
+    // Facebook
+    if (process.env.FB_CLIENT_ID && process.env.FB_CLIENT_SECRET && process.env.FB_CALLBACK_URL) {
+        passport_1.default.use('facebook', new passport_facebook_1.Strategy({
+            clientID: process.env.FB_CLIENT_ID,
+            clientSecret: process.env.FB_CLIENT_SECRET,
+            callbackURL: process.env.FB_CALLBACK_URL,
+            profileFields: ['id', 'displayName', 'emails'],
+        }, async (_at, _rt, profile, done) => {
+            var _a, _b;
+            try {
+                const email = (_b = (_a = profile.emails) === null || _a === void 0 ? void 0 : _a[0]) === null || _b === void 0 ? void 0 : _b.value;
+                if (!email)
+                    return done(null, false);
+                const { accessToken, refreshToken } = await oauth.findOrCreateOAuthUser(email, profile.displayName);
+                return done(null, { accessToken, refreshToken });
             }
-            else if (!client.facebookId) {
-                client.facebookId = profile.id;
-                await client.save();
+            catch (err) {
+                return done(err);
             }
-            return done(null, client);
-        }
-        catch (err) {
-            return done(err);
-        }
-    }));
-}
-passport_1.default.serializeUser((principal, done) => done(null, principal.id));
-passport_1.default.deserializeUser(async (id, done) => {
-    try {
-        let principal = await user_model_1.default.findById(id);
-        if (!principal)
-            principal = await client_model_1.default.findById(id);
-        done(null, principal);
+        }));
     }
-    catch (err) {
-        done(err);
-    }
-});
+};
+exports.registerOAuthStrategies = registerOAuthStrategies;
 exports.default = passport_1.default;

package/dist/controllers/auth.controller.d.ts

@@ -1,23 +1,39 @@
-import type { Request, Response, NextFunction } from 'express';
+import type { NextFunction, Request, Response } from 'express';
+import { AuthService } from '../services/auth.service';
+import { LoginDto } from '../dtos/auth/login.dto';
+import { RegisterDto } from '../dtos/auth/register.dto';
+import { RefreshTokenDto } from '../dtos/auth/refresh-token.dto';
+import { VerifyEmailDto } from '../dtos/auth/verify-email.dto';
+import { ResendVerificationDto } from '../dtos/auth/resend-verification.dto';
+import { ForgotPasswordDto } from '../dtos/auth/forgot-password.dto';
+import { ResetPasswordDto } from '../dtos/auth/reset-password.dto';
+import { OAuthService } from '../services/oauth.service';
 export declare class AuthController {
-    private issueTokensAndRespond;
-    private respondWebOrMobile;
-    registerClient(req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
-    clientLogin(req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
-    localLogin(req: Request, res: Response, next: NextFunction): any;
+    private readonly auth;
+    private readonly oauth;
+    constructor(auth: AuthService, oauth: OAuthService);
+    register(dto: RegisterDto, res: Response): Promise<Response<any, Record<string, any>>>;
+    verifyEmail(dto: VerifyEmailDto, res: Response): Promise<Response<any, Record<string, any>>>;
+    resendVerification(dto: ResendVerificationDto, res: Response): Promise<Response<any, Record<string, any>>>;
+    login(dto: LoginDto, res: Response): Promise<Response<any, Record<string, any>>>;
+    refresh(dto: RefreshTokenDto, req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
+    forgotPassword(dto: ForgotPasswordDto, res: Response): Promise<Response<any, Record<string, any>>>;
+    resetPassword(dto: ResetPasswordDto, res: Response): Promise<Response<any, Record<string, any>>>;
+    deleteAccount(req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
+    microsoftExchange(body: {
+        idToken: string;
+    }, res: Response): Promise<Response<any, Record<string, any>>>;
+    googleExchange(body: {
+        idToken?: string;
+        code?: string;
+    }, res: Response): Promise<Response<any, Record<string, any>>>;
+    facebookExchange(body: {
+        accessToken: string;
+    }, res: Response): Promise<Response<any, Record<string, any>>>;
+    googleLogin(req: Request, res: Response, next: NextFunction): any;
+    googleCallback(req: Request, res: Response, next: NextFunction): void;
     microsoftLogin(req: Request, res: Response, next: NextFunction): any;
     microsoftCallback(req: Request, res: Response, next: NextFunction): void;
-    microsoftExchange(req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
-    googleUserLogin(req: Request, res: Response, next: NextFunction): any;
-    googleUserCallback(req: Request, res: Response, next: NextFunction): void;
-    googleClientLogin(req: Request, res: Response, next: NextFunction): any;
-    googleClientCallback(req: Request, res: Response, next: NextFunction): void;
-    googleExchange(req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
-    facebookUserLogin(req: Request, res: Response, next: NextFunction): any;
-    facebookUserCallback(req: Request, res: Response, next: NextFunction): void;
-    facebookClientLogin(req: Request, res: Response, next: NextFunction): any;
-    facebookClientCallback(req: Request, res: Response, next: NextFunction): void;
-    microsoftClientLogin(req: Request, res: Response, next: NextFunction): any;
-    microsoftClientCallback(req: Request, res: Response, next: NextFunction): void;
-    refreshToken(req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
+    facebookLogin(req: Request, res: Response, next: NextFunction): any;
+    facebookCallback(req: Request, res: Response, next: NextFunction): void;
 }