@ciscode/authentication-kit 1.2.0 → 1.4.0

package/dist/services/oauth.service.js

@@ -20,22 +20,30 @@ const jwks_rsa_1 = __importDefault(require("jwks-rsa"));
 const user_repository_1 = require("../repositories/user.repository");
 const role_repository_1 = require("../repositories/role.repository");
 const auth_service_1 = require("./auth.service");
+const logger_service_1 = require("./logger.service");
 let OAuthService = class OAuthService {
-    constructor(users, roles, auth) {
+    constructor(users, roles, auth, logger) {
         this.users = users;
         this.roles = roles;
         this.auth = auth;
+        this.logger = logger;
         this.msJwks = (0, jwks_rsa_1.default)({
             jwksUri: 'https://login.microsoftonline.com/common/discovery/v2.0/keys',
             cache: true,
             rateLimit: true,
             jwksRequestsPerMinute: 5,
         });
+        // Configure axios with timeout
+        this.axiosConfig = {
+            timeout: 10000, // 10 seconds
+        };
     }
     async getDefaultRoleId() {
         const role = await this.roles.findByName('user');
-        if (!role)
-            throw new Error('Default role not seeded.');
+        if (!role) {
+            this.logger.error('Default user role not found - seed data missing', 'OAuthService');
+            throw new common_1.InternalServerErrorException('System configuration error');
+        }
         return role._id;
     }
     verifyMicrosoftIdToken(idToken) {
@@ -44,89 +52,184 @@ let OAuthService = class OAuthService {
                 this.msJwks
                     .getSigningKey(header.kid)
                     .then((k) => cb(null, k.getPublicKey()))
-                    .catch(cb);
+                    .catch((err) => {
+                    this.logger.error(`Failed to get Microsoft signing key: ${err.message}`, err.stack, 'OAuthService');
+                    cb(err);
+                });
             };
-            jsonwebtoken_1.default.verify(idToken, getKey, { algorithms: ['RS256'], audience: process.env.MICROSOFT_CLIENT_ID }, (err, payload) => (err ? reject(err) : resolve(payload)));
+            jsonwebtoken_1.default.verify(idToken, getKey, { algorithms: ['RS256'], audience: process.env.MICROSOFT_CLIENT_ID }, (err, payload) => {
+                if (err) {
+                    this.logger.error(`Microsoft token verification failed: ${err.message}`, err.stack, 'OAuthService');
+                    reject(new common_1.UnauthorizedException('Invalid Microsoft token'));
+                }
+                else {
+                    resolve(payload);
+                }
+            });
         });
     }
     async loginWithMicrosoft(idToken) {
-        const ms = await this.verifyMicrosoftIdToken(idToken);
-        const email = ms.preferred_username || ms.email;
-        if (!email)
-            throw new Error('Email missing');
-        return this.findOrCreateOAuthUser(email, ms.name);
+        try {
+            const ms = await this.verifyMicrosoftIdToken(idToken);
+            const email = ms.preferred_username || ms.email;
+            if (!email) {
+                throw new common_1.BadRequestException('Email not provided by Microsoft');
+            }
+            return this.findOrCreateOAuthUser(email, ms.name);
+        }
+        catch (error) {
+            if (error instanceof common_1.UnauthorizedException || error instanceof common_1.BadRequestException) {
+                throw error;
+            }
+            this.logger.error(`Microsoft login failed: ${error.message}`, error.stack, 'OAuthService');
+            throw new common_1.UnauthorizedException('Microsoft authentication failed');
+        }
     }
     async loginWithGoogleIdToken(idToken) {
         var _a, _b;
-        const verifyResp = await axios_1.default.get('https://oauth2.googleapis.com/tokeninfo', {
-            params: { id_token: idToken },
-        });
-        const email = (_a = verifyResp.data) === null || _a === void 0 ? void 0 : _a.email;
-        if (!email)
-            throw new Error('Email missing');
-        return this.findOrCreateOAuthUser(email, (_b = verifyResp.data) === null || _b === void 0 ? void 0 : _b.name);
+        try {
+            const verifyResp = await axios_1.default.get('https://oauth2.googleapis.com/tokeninfo', {
+                params: { id_token: idToken },
+                ...this.axiosConfig,
+            });
+            const email = (_a = verifyResp.data) === null || _a === void 0 ? void 0 : _a.email;
+            if (!email) {
+                throw new common_1.BadRequestException('Email not provided by Google');
+            }
+            return this.findOrCreateOAuthUser(email, (_b = verifyResp.data) === null || _b === void 0 ? void 0 : _b.name);
+        }
+        catch (error) {
+            if (error instanceof common_1.BadRequestException) {
+                throw error;
+            }
+            const axiosError = error;
+            if (axiosError.code === 'ECONNABORTED') {
+                this.logger.error('Google API timeout', axiosError.stack, 'OAuthService');
+                throw new common_1.InternalServerErrorException('Authentication service timeout');
+            }
+            this.logger.error(`Google ID token login failed: ${error.message}`, error.stack, 'OAuthService');
+            throw new common_1.UnauthorizedException('Google authentication failed');
+        }
     }
     async loginWithGoogleCode(code) {
         var _a, _b;
-        const tokenResp = await axios_1.default.post('https://oauth2.googleapis.com/token', {
-            code,
-            client_id: process.env.GOOGLE_CLIENT_ID,
-            client_secret: process.env.GOOGLE_CLIENT_SECRET,
-            redirect_uri: 'postmessage',
-            grant_type: 'authorization_code',
-        });
-        const { access_token } = tokenResp.data || {};
-        if (!access_token)
-            throw new Error('Failed to exchange code');
-        const profileResp = await axios_1.default.get('https://www.googleapis.com/oauth2/v2/userinfo', {
-            headers: { Authorization: `Bearer ${access_token}` },
-        });
-        const email = (_a = profileResp.data) === null || _a === void 0 ? void 0 : _a.email;
-        if (!email)
-            throw new Error('Email missing');
-        return this.findOrCreateOAuthUser(email, (_b = profileResp.data) === null || _b === void 0 ? void 0 : _b.name);
+        try {
+            const tokenResp = await axios_1.default.post('https://oauth2.googleapis.com/token', {
+                code,
+                client_id: process.env.GOOGLE_CLIENT_ID,
+                client_secret: process.env.GOOGLE_CLIENT_SECRET,
+                redirect_uri: 'postmessage',
+                grant_type: 'authorization_code',
+            }, this.axiosConfig);
+            const { access_token } = tokenResp.data || {};
+            if (!access_token) {
+                throw new common_1.BadRequestException('Failed to exchange authorization code');
+            }
+            const profileResp = await axios_1.default.get('https://www.googleapis.com/oauth2/v2/userinfo', {
+                headers: { Authorization: `Bearer ${access_token}` },
+                ...this.axiosConfig,
+            });
+            const email = (_a = profileResp.data) === null || _a === void 0 ? void 0 : _a.email;
+            if (!email) {
+                throw new common_1.BadRequestException('Email not provided by Google');
+            }
+            return this.findOrCreateOAuthUser(email, (_b = profileResp.data) === null || _b === void 0 ? void 0 : _b.name);
+        }
+        catch (error) {
+            if (error instanceof common_1.BadRequestException) {
+                throw error;
+            }
+            const axiosError = error;
+            if (axiosError.code === 'ECONNABORTED') {
+                this.logger.error('Google API timeout', axiosError.stack, 'OAuthService');
+                throw new common_1.InternalServerErrorException('Authentication service timeout');
+            }
+            this.logger.error(`Google code exchange failed: ${error.message}`, error.stack, 'OAuthService');
+            throw new common_1.UnauthorizedException('Google authentication failed');
+        }
     }
     async loginWithFacebook(accessToken) {
         var _a, _b, _c, _d, _e;
-        const appTokenResp = await axios_1.default.get('https://graph.facebook.com/oauth/access_token', {
-            params: {
-                client_id: process.env.FB_CLIENT_ID,
-                client_secret: process.env.FB_CLIENT_SECRET,
-                grant_type: 'client_credentials',
-            },
-        });
-        const appAccessToken = (_a = appTokenResp.data) === null || _a === void 0 ? void 0 : _a.access_token;
-        const debug = await axios_1.default.get('https://graph.facebook.com/debug_token', {
-            params: { input_token: accessToken, access_token: appAccessToken },
-        });
-        if (!((_c = (_b = debug.data) === null || _b === void 0 ? void 0 : _b.data) === null || _c === void 0 ? void 0 : _c.is_valid))
-            throw new Error('Invalid Facebook token');
-        const me = await axios_1.default.get('https://graph.facebook.com/me', {
-            params: { access_token: accessToken, fields: 'id,name,email' },
-        });
-        const email = (_d = me.data) === null || _d === void 0 ? void 0 : _d.email;
-        if (!email)
-            throw new Error('Email missing');
-        return this.findOrCreateOAuthUser(email, (_e = me.data) === null || _e === void 0 ? void 0 : _e.name);
+        try {
+            const appTokenResp = await axios_1.default.get('https://graph.facebook.com/oauth/access_token', {
+                params: {
+                    client_id: process.env.FB_CLIENT_ID,
+                    client_secret: process.env.FB_CLIENT_SECRET,
+                    grant_type: 'client_credentials',
+                },
+                ...this.axiosConfig,
+            });
+            const appAccessToken = (_a = appTokenResp.data) === null || _a === void 0 ? void 0 : _a.access_token;
+            if (!appAccessToken) {
+                throw new common_1.InternalServerErrorException('Failed to get Facebook app token');
+            }
+            const debug = await axios_1.default.get('https://graph.facebook.com/debug_token', {
+                params: { input_token: accessToken, access_token: appAccessToken },
+                ...this.axiosConfig,
+            });
+            if (!((_c = (_b = debug.data) === null || _b === void 0 ? void 0 : _b.data) === null || _c === void 0 ? void 0 : _c.is_valid)) {
+                throw new common_1.UnauthorizedException('Invalid Facebook access token');
+            }
+            const me = await axios_1.default.get('https://graph.facebook.com/me', {
+                params: { access_token: accessToken, fields: 'id,name,email' },
+                ...this.axiosConfig,
+            });
+            const email = (_d = me.data) === null || _d === void 0 ? void 0 : _d.email;
+            if (!email) {
+                throw new common_1.BadRequestException('Email not provided by Facebook');
+            }
+            return this.findOrCreateOAuthUser(email, (_e = me.data) === null || _e === void 0 ? void 0 : _e.name);
+        }
+        catch (error) {
+            if (error instanceof common_1.UnauthorizedException || error instanceof common_1.BadRequestException || error instanceof common_1.InternalServerErrorException) {
+                throw error;
+            }
+            const axiosError = error;
+            if (axiosError.code === 'ECONNABORTED') {
+                this.logger.error('Facebook API timeout', axiosError.stack, 'OAuthService');
+                throw new common_1.InternalServerErrorException('Authentication service timeout');
+            }
+            this.logger.error(`Facebook login failed: ${error.message}`, error.stack, 'OAuthService');
+            throw new common_1.UnauthorizedException('Facebook authentication failed');
+        }
     }
     async findOrCreateOAuthUser(email, name) {
-        let user = await this.users.findByEmail(email);
-        if (!user) {
-            const [fname, ...rest] = (name || 'User OAuth').split(' ');
-            const lname = rest.join(' ') || 'OAuth';
-            const defaultRoleId = await this.getDefaultRoleId();
-            user = await this.users.create({
-                fullname: { fname, lname },
-                username: email.split('@')[0],
-                email,
-                roles: [defaultRoleId],
-                isVerified: true,
-                isBanned: false,
-                passwordChangedAt: new Date()
-            });
+        try {
+            let user = await this.users.findByEmail(email);
+            if (!user) {
+                const [fname, ...rest] = (name || 'User OAuth').split(' ');
+                const lname = rest.join(' ') || 'OAuth';
+                const defaultRoleId = await this.getDefaultRoleId();
+                user = await this.users.create({
+                    fullname: { fname, lname },
+                    username: email.split('@')[0],
+                    email,
+                    roles: [defaultRoleId],
+                    isVerified: true,
+                    isBanned: false,
+                    passwordChangedAt: new Date()
+                });
+            }
+            const { accessToken, refreshToken } = await this.auth.issueTokensForUser(user._id.toString());
+            return { accessToken, refreshToken };
+        }
+        catch (error) {
+            if ((error === null || error === void 0 ? void 0 : error.code) === 11000) {
+                // Race condition - user was created between check and insert, retry once
+                try {
+                    const user = await this.users.findByEmail(email);
+                    if (user) {
+                        const { accessToken, refreshToken } = await this.auth.issueTokensForUser(user._id.toString());
+                        return { accessToken, refreshToken };
+                    }
+                }
+                catch (retryError) {
+                    this.logger.error(`OAuth user retry failed: ${retryError.message}`, retryError.stack, 'OAuthService');
+                }
+            }
+            this.logger.error(`OAuth user creation/login failed: ${error.message}`, error.stack, 'OAuthService');
+            throw new common_1.InternalServerErrorException('Authentication failed');
         }
-        const { accessToken, refreshToken } = await this.auth.issueTokensForUser(user._id.toString());
-        return { accessToken, refreshToken };
     }
 };
 exports.OAuthService = OAuthService;
@@ -134,5 +237,6 @@ exports.OAuthService = OAuthService = __decorate([
     (0, common_1.Injectable)(),
     __metadata("design:paramtypes", [user_repository_1.UserRepository,
         role_repository_1.RoleRepository,
-        auth_service_1.AuthService])
+        auth_service_1.AuthService,
+        logger_service_1.LoggerService])
 ], OAuthService);

package/dist/services/permissions.service.d.ts

@@ -1,9 +1,11 @@
 import { PermissionRepository } from '../repositories/permission.repository';
 import { CreatePermissionDto } from '../dtos/permission/create-permission.dto';
 import { UpdatePermissionDto } from '../dtos/permission/update-permission.dto';
+import { LoggerService } from './logger.service';
 export declare class PermissionsService {
     private readonly perms;
-    constructor(perms: PermissionRepository);
+    private readonly logger;
+    constructor(perms: PermissionRepository, logger: LoggerService);
     create(dto: CreatePermissionDto): Promise<import("mongoose").Document<unknown, {}, import("../models/permission.model").PermissionDocument> & import("../models/permission.model").Permission & import("mongoose").Document<any, any, any> & {
         _id: import("mongoose").Types.ObjectId;
     }>;

package/dist/services/permissions.service.js

@@ -12,33 +12,75 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.PermissionsService = void 0;
 const common_1 = require("@nestjs/common");
 const permission_repository_1 = require("../repositories/permission.repository");
+const logger_service_1 = require("./logger.service");
 let PermissionsService = class PermissionsService {
-    constructor(perms) {
+    constructor(perms, logger) {
         this.perms = perms;
+        this.logger = logger;
     }
     async create(dto) {
-        if (await this.perms.findByName(dto.name))
-            throw new Error('Permission already exists.');
-        return this.perms.create(dto);
+        try {
+            if (await this.perms.findByName(dto.name)) {
+                throw new common_1.ConflictException('Permission already exists');
+            }
+            return this.perms.create(dto);
+        }
+        catch (error) {
+            if (error instanceof common_1.ConflictException) {
+                throw error;
+            }
+            if ((error === null || error === void 0 ? void 0 : error.code) === 11000) {
+                throw new common_1.ConflictException('Permission already exists');
+            }
+            this.logger.error(`Permission creation failed: ${error.message}`, error.stack, 'PermissionsService');
+            throw new common_1.InternalServerErrorException('Failed to create permission');
+        }
     }
     async list() {
-        return this.perms.list();
+        try {
+            return this.perms.list();
+        }
+        catch (error) {
+            this.logger.error(`Permission list failed: ${error.message}`, error.stack, 'PermissionsService');
+            throw new common_1.InternalServerErrorException('Failed to retrieve permissions');
+        }
     }
     async update(id, dto) {
-        const perm = await this.perms.updateById(id, dto);
-        if (!perm)
-            throw new Error('Permission not found.');
-        return perm;
+        try {
+            const perm = await this.perms.updateById(id, dto);
+            if (!perm) {
+                throw new common_1.NotFoundException('Permission not found');
+            }
+            return perm;
+        }
+        catch (error) {
+            if (error instanceof common_1.NotFoundException) {
+                throw error;
+            }
+            this.logger.error(`Permission update failed: ${error.message}`, error.stack, 'PermissionsService');
+            throw new common_1.InternalServerErrorException('Failed to update permission');
+        }
     }
     async delete(id) {
-        const perm = await this.perms.deleteById(id);
-        if (!perm)
-            throw new Error('Permission not found.');
-        return { ok: true };
+        try {
+            const perm = await this.perms.deleteById(id);
+            if (!perm) {
+                throw new common_1.NotFoundException('Permission not found');
+            }
+            return { ok: true };
+        }
+        catch (error) {
+            if (error instanceof common_1.NotFoundException) {
+                throw error;
+            }
+            this.logger.error(`Permission deletion failed: ${error.message}`, error.stack, 'PermissionsService');
+            throw new common_1.InternalServerErrorException('Failed to delete permission');
+        }
     }
 };
 exports.PermissionsService = PermissionsService;
 exports.PermissionsService = PermissionsService = __decorate([
     (0, common_1.Injectable)(),
-    __metadata("design:paramtypes", [permission_repository_1.PermissionRepository])
+    __metadata("design:paramtypes", [permission_repository_1.PermissionRepository,
+        logger_service_1.LoggerService])
 ], PermissionsService);

package/dist/services/roles.service.d.ts

@@ -2,9 +2,11 @@ import { RoleRepository } from '../repositories/role.repository';
 import { CreateRoleDto } from '../dtos/role/create-role.dto';
 import { UpdateRoleDto } from '../dtos/role/update-role.dto';
 import { Types } from 'mongoose';
+import { LoggerService } from './logger.service';
 export declare class RolesService {
     private readonly roles;
-    constructor(roles: RoleRepository);
+    private readonly logger;
+    constructor(roles: RoleRepository, logger: LoggerService);
     create(dto: CreateRoleDto): Promise<import("mongoose").Document<unknown, {}, import("../models/role.model").RoleDocument> & import("../models/role.model").Role & import("mongoose").Document<any, any, any> & {
         _id: Types.ObjectId;
     }>;

package/dist/services/roles.service.js

@@ -13,45 +13,97 @@ exports.RolesService = void 0;
 const common_1 = require("@nestjs/common");
 const role_repository_1 = require("../repositories/role.repository");
 const mongoose_1 = require("mongoose");
+const logger_service_1 = require("./logger.service");
 let RolesService = class RolesService {
-    constructor(roles) {
+    constructor(roles, logger) {
         this.roles = roles;
+        this.logger = logger;
     }
     async create(dto) {
-        if (await this.roles.findByName(dto.name))
-            throw new Error('Role already exists.');
-        const permIds = (dto.permissions || []).map((p) => new mongoose_1.Types.ObjectId(p));
-        return this.roles.create({ name: dto.name, permissions: permIds });
+        try {
+            if (await this.roles.findByName(dto.name)) {
+                throw new common_1.ConflictException('Role already exists');
+            }
+            const permIds = (dto.permissions || []).map((p) => new mongoose_1.Types.ObjectId(p));
+            return this.roles.create({ name: dto.name, permissions: permIds });
+        }
+        catch (error) {
+            if (error instanceof common_1.ConflictException) {
+                throw error;
+            }
+            if ((error === null || error === void 0 ? void 0 : error.code) === 11000) {
+                throw new common_1.ConflictException('Role already exists');
+            }
+            this.logger.error(`Role creation failed: ${error.message}`, error.stack, 'RolesService');
+            throw new common_1.InternalServerErrorException('Failed to create role');
+        }
     }
     async list() {
-        return this.roles.list();
+        try {
+            return this.roles.list();
+        }
+        catch (error) {
+            this.logger.error(`Role list failed: ${error.message}`, error.stack, 'RolesService');
+            throw new common_1.InternalServerErrorException('Failed to retrieve roles');
+        }
     }
     async update(id, dto) {
-        const data = { ...dto };
-        if (dto.permissions) {
-            data.permissions = dto.permissions.map((p) => new mongoose_1.Types.ObjectId(p));
-        }
-        const role = await this.roles.updateById(id, data);
-        if (!role)
-            throw new Error('Role not found.');
-        return role;
+        try {
+            const data = { ...dto };
+            if (dto.permissions) {
+                data.permissions = dto.permissions.map((p) => new mongoose_1.Types.ObjectId(p));
+            }
+            const role = await this.roles.updateById(id, data);
+            if (!role) {
+                throw new common_1.NotFoundException('Role not found');
+            }
+            return role;
+        }
+        catch (error) {
+            if (error instanceof common_1.NotFoundException) {
+                throw error;
+            }
+            this.logger.error(`Role update failed: ${error.message}`, error.stack, 'RolesService');
+            throw new common_1.InternalServerErrorException('Failed to update role');
+        }
     }
     async delete(id) {
-        const role = await this.roles.deleteById(id);
-        if (!role)
-            throw new Error('Role not found.');
-        return { ok: true };
+        try {
+            const role = await this.roles.deleteById(id);
+            if (!role) {
+                throw new common_1.NotFoundException('Role not found');
+            }
+            return { ok: true };
+        }
+        catch (error) {
+            if (error instanceof common_1.NotFoundException) {
+                throw error;
+            }
+            this.logger.error(`Role deletion failed: ${error.message}`, error.stack, 'RolesService');
+            throw new common_1.InternalServerErrorException('Failed to delete role');
+        }
     }
     async setPermissions(roleId, permissionIds) {
-        const permIds = permissionIds.map((p) => new mongoose_1.Types.ObjectId(p));
-        const role = await this.roles.updateById(roleId, { permissions: permIds });
-        if (!role)
-            throw new Error('Role not found.');
-        return role;
+        try {
+            const permIds = permissionIds.map((p) => new mongoose_1.Types.ObjectId(p));
+            const role = await this.roles.updateById(roleId, { permissions: permIds });
+            if (!role) {
+                throw new common_1.NotFoundException('Role not found');
+            }
+            return role;
+        }
+        catch (error) {
+            if (error instanceof common_1.NotFoundException) {
+                throw error;
+            }
+            this.logger.error(`Set permissions failed: ${error.message}`, error.stack, 'RolesService');
+            throw new common_1.InternalServerErrorException('Failed to set permissions');
+        }
     }
 };
 exports.RolesService = RolesService;
 exports.RolesService = RolesService = __decorate([
     (0, common_1.Injectable)(),
-    __metadata("design:paramtypes", [role_repository_1.RoleRepository])
+    __metadata("design:paramtypes", [role_repository_1.RoleRepository,
+        logger_service_1.LoggerService])
 ], RolesService);

package/dist/services/users.service.d.ts

@@ -2,10 +2,12 @@ import { UserRepository } from '../repositories/user.repository';
 import { RoleRepository } from '../repositories/role.repository';
 import { RegisterDto } from '../dtos/auth/register.dto';
 import { Types } from 'mongoose';
+import { LoggerService } from './logger.service';
 export declare class UsersService {
     private readonly users;
     private readonly rolesRepo;
-    constructor(users: UserRepository, rolesRepo: RoleRepository);
+    private readonly logger;
+    constructor(users: UserRepository, rolesRepo: RoleRepository, logger: LoggerService);
     create(dto: RegisterDto): Promise<{
         id: any;
         email: string;