@ciscode/authentication-kit 1.2.1 → 1.4.0

package/dist/auth-kit.module.js

@@ -16,6 +16,7 @@ exports.AuthKitModule = void 0;
 require("dotenv/config");
 const common_1 = require("@nestjs/common");
 const mongoose_1 = require("@nestjs/mongoose");
+const core_1 = require("@nestjs/core");
 const cookie_parser_1 = __importDefault(require("cookie-parser"));
 const auth_controller_1 = require("./controllers/auth.controller");
 const users_controller_1 = require("./controllers/users.controller");
@@ -30,6 +31,7 @@ const roles_service_1 = require("./services/roles.service");
 const permissions_service_1 = require("./services/permissions.service");
 const mail_service_1 = require("./services/mail.service");
 const seed_service_1 = require("./services/seed.service");
+const logger_service_1 = require("./services/logger.service");
 const user_repository_1 = require("./repositories/user.repository");
 const role_repository_1 = require("./repositories/role.repository");
 const permission_repository_1 = require("./repositories/permission.repository");
@@ -37,6 +39,7 @@ const authenticate_guard_1 = require("./middleware/authenticate.guard");
 const admin_guard_1 = require("./middleware/admin.guard");
 const admin_role_service_1 = require("./services/admin-role.service");
 const oauth_service_1 = require("./services/oauth.service");
+const http_exception_filter_1 = require("./filters/http-exception.filter");
 const passport_1 = __importDefault(require("passport"));
 const passport_config_1 = require("./config/passport.config");
 let AuthKitModule = class AuthKitModule {
@@ -69,12 +72,17 @@ exports.AuthKitModule = AuthKitModule = __decorate([
             permissions_controller_1.PermissionsController,
         ],
         providers: [
+            {
+                provide: core_1.APP_FILTER,
+                useClass: http_exception_filter_1.GlobalExceptionFilter,
+            },
             auth_service_1.AuthService,
             users_service_1.UsersService,
             roles_service_1.RolesService,
             permissions_service_1.PermissionsService,
             mail_service_1.MailService,
             seed_service_1.SeedService,
+            logger_service_1.LoggerService,
             user_repository_1.UserRepository,
             role_repository_1.RoleRepository,
             permission_repository_1.PermissionRepository,
@@ -89,6 +97,7 @@ exports.AuthKitModule = AuthKitModule = __decorate([
             roles_service_1.RolesService,
             permissions_service_1.PermissionsService,
             seed_service_1.SeedService,
+            logger_service_1.LoggerService,
             authenticate_guard_1.AuthenticateGuard,
             user_repository_1.UserRepository,
             role_repository_1.RoleRepository,

package/dist/filters/http-exception.filter.d.ts

@@ -0,0 +1,5 @@
+import { ExceptionFilter, ArgumentsHost } from '@nestjs/common';
+export declare class GlobalExceptionFilter implements ExceptionFilter {
+    private readonly logger;
+    catch(exception: any, host: ArgumentsHost): void;
+}

package/dist/filters/http-exception.filter.js

@@ -0,0 +1,89 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GlobalExceptionFilter = void 0;
+const common_1 = require("@nestjs/common");
+let GlobalExceptionFilter = class GlobalExceptionFilter {
+    constructor() {
+        this.logger = new common_1.Logger('ExceptionFilter');
+    }
+    catch(exception, host) {
+        const ctx = host.switchToHttp();
+        const response = ctx.getResponse();
+        const request = ctx.getRequest();
+        let status = common_1.HttpStatus.INTERNAL_SERVER_ERROR;
+        let message = 'Internal server error';
+        let errors = null;
+        if (exception instanceof common_1.HttpException) {
+            status = exception.getStatus();
+            const exceptionResponse = exception.getResponse();
+            if (typeof exceptionResponse === 'string') {
+                message = exceptionResponse;
+            }
+            else if (typeof exceptionResponse === 'object') {
+                message = exceptionResponse.message || exception.message;
+                errors = exceptionResponse.errors || null;
+            }
+        }
+        else if ((exception === null || exception === void 0 ? void 0 : exception.code) === 11000) {
+            // MongoDB duplicate key error
+            status = common_1.HttpStatus.CONFLICT;
+            message = 'Resource already exists';
+        }
+        else if ((exception === null || exception === void 0 ? void 0 : exception.name) === 'ValidationError') {
+            // Mongoose validation error
+            status = common_1.HttpStatus.BAD_REQUEST;
+            message = 'Validation failed';
+            errors = exception.errors;
+        }
+        else if ((exception === null || exception === void 0 ? void 0 : exception.name) === 'CastError') {
+            // Mongoose cast error (invalid ObjectId)
+            status = common_1.HttpStatus.BAD_REQUEST;
+            message = 'Invalid resource identifier';
+        }
+        else {
+            message = 'An unexpected error occurred';
+        }
+        // Log the error (but not in test environment)
+        if (process.env.NODE_ENV !== 'test') {
+            const errorLog = {
+                timestamp: new Date().toISOString(),
+                path: request.url,
+                method: request.method,
+                statusCode: status,
+                message: (exception === null || exception === void 0 ? void 0 : exception.message) || message,
+                stack: exception === null || exception === void 0 ? void 0 : exception.stack,
+            };
+            if (status >= 500) {
+                this.logger.error('Server error', JSON.stringify(errorLog));
+            }
+            else if (status >= 400) {
+                this.logger.warn('Client error', JSON.stringify(errorLog));
+            }
+        }
+        // Send response
+        const errorResponse = {
+            statusCode: status,
+            message,
+            timestamp: new Date().toISOString(),
+            path: request.url,
+        };
+        if (errors) {
+            errorResponse.errors = errors;
+        }
+        // Don't send stack trace in production
+        if (process.env.NODE_ENV === 'development' && (exception === null || exception === void 0 ? void 0 : exception.stack)) {
+            errorResponse.stack = exception.stack;
+        }
+        response.status(status).json(errorResponse);
+    }
+};
+exports.GlobalExceptionFilter = GlobalExceptionFilter;
+exports.GlobalExceptionFilter = GlobalExceptionFilter = __decorate([
+    (0, common_1.Catch)()
+], GlobalExceptionFilter);

package/dist/middleware/authenticate.guard.d.ts

@@ -1,8 +1,10 @@
 import { CanActivate, ExecutionContext } from '@nestjs/common';
 import { UserRepository } from '../repositories/user.repository';
+import { LoggerService } from '../services/logger.service';
 export declare class AuthenticateGuard implements CanActivate {
     private readonly users;
-    constructor(users: UserRepository);
+    private readonly logger;
+    constructor(users: UserRepository, logger: LoggerService);
     private getEnv;
     canActivate(context: ExecutionContext): Promise<boolean>;
 }

package/dist/middleware/authenticate.guard.js

@@ -16,56 +16,68 @@ exports.AuthenticateGuard = void 0;
 const common_1 = require("@nestjs/common");
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const user_repository_1 = require("../repositories/user.repository");
+const logger_service_1 = require("../services/logger.service");
 let AuthenticateGuard = class AuthenticateGuard {
-    constructor(users) {
+    constructor(users, logger) {
         this.users = users;
+        this.logger = logger;
     }
     getEnv(name) {
         const v = process.env[name];
-        if (!v)
-            throw new Error(`${name} is not set`);
+        if (!v) {
+            this.logger.error(`Environment variable ${name} is not set`, 'AuthenticateGuard');
+            throw new common_1.InternalServerErrorException('Server configuration error');
+        }
         return v;
     }
     async canActivate(context) {
         var _a;
         const req = context.switchToHttp().getRequest();
-        const res = context.switchToHttp().getResponse();
         const authHeader = (_a = req.headers) === null || _a === void 0 ? void 0 : _a.authorization;
         if (!authHeader || !authHeader.startsWith('Bearer ')) {
-            res.status(401).json({ message: 'Missing or invalid Authorization header.' });
-            return false;
+            throw new common_1.UnauthorizedException('Missing or invalid Authorization header');
         }
         const token = authHeader.split(' ')[1];
         try {
             const decoded = jsonwebtoken_1.default.verify(token, this.getEnv('JWT_SECRET'));
             const user = await this.users.findById(decoded.sub);
             if (!user) {
-                res.status(401).json({ message: 'User not found.' });
-                return false;
+                throw new common_1.UnauthorizedException('User not found');
             }
             if (!user.isVerified) {
-                res.status(403).json({ message: 'Email not verified.' });
-                return false;
+                throw new common_1.ForbiddenException('Email not verified. Please check your inbox');
             }
             if (user.isBanned) {
-                res.status(403).json({ message: 'Account banned.' });
-                return false;
+                throw new common_1.ForbiddenException('Account has been banned. Please contact support');
             }
+            // Check if token was issued before password change
             if (user.passwordChangedAt && decoded.iat * 1000 < user.passwordChangedAt.getTime()) {
-                res.status(401).json({ message: 'Token expired.' });
-                return false;
+                throw new common_1.UnauthorizedException('Token expired due to password change. Please login again');
             }
             req.user = decoded;
             return true;
         }
-        catch {
-            res.status(401).json({ message: 'Invalid access token.' });
-            return false;
+        catch (error) {
+            if (error instanceof common_1.UnauthorizedException || error instanceof common_1.ForbiddenException) {
+                throw error;
+            }
+            if (error.name === 'TokenExpiredError') {
+                throw new common_1.UnauthorizedException('Access token has expired');
+            }
+            if (error.name === 'JsonWebTokenError') {
+                throw new common_1.UnauthorizedException('Invalid access token');
+            }
+            if (error.name === 'NotBeforeError') {
+                throw new common_1.UnauthorizedException('Token not yet valid');
+            }
+            this.logger.error(`Authentication failed: ${error.message}`, error.stack, 'AuthenticateGuard');
+            throw new common_1.UnauthorizedException('Authentication failed');
         }
     }
 };
 exports.AuthenticateGuard = AuthenticateGuard;
 exports.AuthenticateGuard = AuthenticateGuard = __decorate([
     (0, common_1.Injectable)(),
-    __metadata("design:paramtypes", [user_repository_1.UserRepository])
+    __metadata("design:paramtypes", [user_repository_1.UserRepository,
+        logger_service_1.LoggerService])
 ], AuthenticateGuard);

package/dist/services/admin-role.service.d.ts

@@ -1,7 +1,9 @@
 import { RoleRepository } from '../repositories/role.repository';
+import { LoggerService } from './logger.service';
 export declare class AdminRoleService {
     private readonly roles;
+    private readonly logger;
     private adminRoleId?;
-    constructor(roles: RoleRepository);
+    constructor(roles: RoleRepository, logger: LoggerService);
     loadAdminRoleId(): Promise<string>;
 }

package/dist/services/admin-role.service.js

@@ -12,22 +12,36 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.AdminRoleService = void 0;
 const common_1 = require("@nestjs/common");
 const role_repository_1 = require("../repositories/role.repository");
+const logger_service_1 = require("./logger.service");
 let AdminRoleService = class AdminRoleService {
-    constructor(roles) {
+    constructor(roles, logger) {
         this.roles = roles;
+        this.logger = logger;
     }
     async loadAdminRoleId() {
-        if (this.adminRoleId)
+        try {
+            if (this.adminRoleId)
+                return this.adminRoleId;
+            const admin = await this.roles.findByName('admin');
+            if (!admin) {
+                this.logger.error('Admin role not found - seed data may be missing', 'AdminRoleService');
+                throw new common_1.InternalServerErrorException('System configuration error');
+            }
+            this.adminRoleId = admin._id.toString();
             return this.adminRoleId;
-        const admin = await this.roles.findByName('admin');
-        if (!admin)
-            throw new Error('Admin role not seeded.');
-        this.adminRoleId = admin._id.toString();
-        return this.adminRoleId;
+        }
+        catch (error) {
+            if (error instanceof common_1.InternalServerErrorException) {
+                throw error;
+            }
+            this.logger.error(`Failed to load admin role: ${error.message}`, error.stack, 'AdminRoleService');
+            throw new common_1.InternalServerErrorException('Failed to verify admin permissions');
+        }
     }
 };
 exports.AdminRoleService = AdminRoleService;
 exports.AdminRoleService = AdminRoleService = __decorate([
     (0, common_1.Injectable)(),
-    __metadata("design:paramtypes", [role_repository_1.RoleRepository])
+    __metadata("design:paramtypes", [role_repository_1.RoleRepository,
+        logger_service_1.LoggerService])
 ], AdminRoleService);

package/dist/services/auth.service.d.ts

@@ -3,11 +3,13 @@ import { RegisterDto } from '../dtos/auth/register.dto';
 import { LoginDto } from '../dtos/auth/login.dto';
 import { MailService } from './mail.service';
 import { RoleRepository } from '../repositories/role.repository';
+import { LoggerService } from './logger.service';
 export declare class AuthService {
     private readonly users;
     private readonly mail;
     private readonly roles;
-    constructor(users: UserRepository, mail: MailService, roles: RoleRepository);
+    private readonly logger;
+    constructor(users: UserRepository, mail: MailService, roles: RoleRepository, logger: LoggerService);
     private resolveExpiry;
     private signAccessToken;
     private signRefreshToken;
@@ -25,9 +27,11 @@ export declare class AuthService {
     }>;
     verifyEmail(token: string): Promise<{
         ok: boolean;
+        message: string;
     }>;
     resendVerification(email: string): Promise<{
         ok: boolean;
+        message: string;
     }>;
     login(dto: LoginDto): Promise<{
         accessToken: string;
@@ -39,11 +43,14 @@ export declare class AuthService {
     }>;
     forgotPassword(email: string): Promise<{
         ok: boolean;
+        message: string;
     }>;
     resetPassword(token: string, newPassword: string): Promise<{
         ok: boolean;
+        message: string;
     }>;
     deleteAccount(userId: string): Promise<{
         ok: boolean;
+        message: string;
     }>;
 }