@ciscode/authentication-kit 1.2.1 → 1.4.1

package/README.md

@@ -107,17 +107,18 @@ export class AppModule implements OnModuleInit {
 
 ## API Routes
 
-### Local Auth Routes (Public)
+### Local Auth Routes
 
 ```
-POST   /api/auth/register
-POST   /api/auth/verify-email
-POST   /api/auth/resend-verification
-POST   /api/auth/login
-POST   /api/auth/refresh-token
-POST   /api/auth/forgot-password
-POST   /api/auth/reset-password
-DELETE /api/auth/account (protected)
+POST   /api/auth/register              | Register new user (public)
+POST   /api/auth/verify-email          | Verify email with token (public)
+POST   /api/auth/resend-verification   | Resend verification email (public)
+POST   /api/auth/login                 | Login with credentials (public)
+POST   /api/auth/refresh-token         | Refresh access token (public)
+POST   /api/auth/forgot-password       | Request password reset (public)
+POST   /api/auth/reset-password        | Reset password with token (public)
+GET    /api/auth/me                    | Get current user profile (protected)
+DELETE /api/auth/account               | Delete own account (protected)
 ```
 
 ### OAuth Routes - Mobile Exchange (Public)
@@ -321,6 +322,54 @@ Content-Type: application/json
 }
 ```
 
+### Get Current User Profile
+
+**Request:**
+
+```json
+GET /api/auth/me
+Authorization: Bearer access-token
+```
+
+**Response:**
+
+```json
+{
+  "ok": true,
+  "data": {
+    "_id": "507f1f77bcf86cd799439011",
+    "fullname": {
+      "fname": "Test",
+      "lname": "User"
+    },
+    "username": "test-user",
+    "email": "user@example.com",
+    "avatar": "https://example.com/avatar.jpg",
+    "phoneNumber": "+1234567890",
+    "jobTitle": "Software Engineer",
+    "company": "Ciscode",
+    "isVerified": true,
+    "isBanned": false,
+    "roles": [
+      {
+        "_id": "507f1f77bcf86cd799439012",
+        "name": "user",
+        "permissions": [
+          {
+            "_id": "507f1f77bcf86cd799439013",
+            "name": "read:profile"
+          }
+        ]
+      }
+    ],
+    "createdAt": "2026-01-28T10:00:00.000Z",
+    "updatedAt": "2026-01-28T10:00:00.000Z"
+  }
+}
+```
+
+**Note:** Sensitive fields like `password` and `passwordChangedAt` are automatically excluded from the response.
+
 ### Delete Account
 
 **Request:**

package/dist/auth-kit.module.js

@@ -16,6 +16,7 @@ exports.AuthKitModule = void 0;
 require("dotenv/config");
 const common_1 = require("@nestjs/common");
 const mongoose_1 = require("@nestjs/mongoose");
+const core_1 = require("@nestjs/core");
 const cookie_parser_1 = __importDefault(require("cookie-parser"));
 const auth_controller_1 = require("./controllers/auth.controller");
 const users_controller_1 = require("./controllers/users.controller");
@@ -30,6 +31,7 @@ const roles_service_1 = require("./services/roles.service");
 const permissions_service_1 = require("./services/permissions.service");
 const mail_service_1 = require("./services/mail.service");
 const seed_service_1 = require("./services/seed.service");
+const logger_service_1 = require("./services/logger.service");
 const user_repository_1 = require("./repositories/user.repository");
 const role_repository_1 = require("./repositories/role.repository");
 const permission_repository_1 = require("./repositories/permission.repository");
@@ -37,6 +39,7 @@ const authenticate_guard_1 = require("./middleware/authenticate.guard");
 const admin_guard_1 = require("./middleware/admin.guard");
 const admin_role_service_1 = require("./services/admin-role.service");
 const oauth_service_1 = require("./services/oauth.service");
+const http_exception_filter_1 = require("./filters/http-exception.filter");
 const passport_1 = __importDefault(require("passport"));
 const passport_config_1 = require("./config/passport.config");
 let AuthKitModule = class AuthKitModule {
@@ -69,12 +72,17 @@ exports.AuthKitModule = AuthKitModule = __decorate([
             permissions_controller_1.PermissionsController,
         ],
         providers: [
+            {
+                provide: core_1.APP_FILTER,
+                useClass: http_exception_filter_1.GlobalExceptionFilter,
+            },
             auth_service_1.AuthService,
             users_service_1.UsersService,
             roles_service_1.RolesService,
             permissions_service_1.PermissionsService,
             mail_service_1.MailService,
             seed_service_1.SeedService,
+            logger_service_1.LoggerService,
             user_repository_1.UserRepository,
             role_repository_1.RoleRepository,
             permission_repository_1.PermissionRepository,
@@ -89,6 +97,7 @@ exports.AuthKitModule = AuthKitModule = __decorate([
             roles_service_1.RolesService,
             permissions_service_1.PermissionsService,
             seed_service_1.SeedService,
+            logger_service_1.LoggerService,
             authenticate_guard_1.AuthenticateGuard,
             user_repository_1.UserRepository,
             role_repository_1.RoleRepository,

package/dist/controllers/auth.controller.d.ts

@@ -19,6 +19,7 @@ export declare class AuthController {
     refresh(dto: RefreshTokenDto, req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
     forgotPassword(dto: ForgotPasswordDto, res: Response): Promise<Response<any, Record<string, any>>>;
     resetPassword(dto: ResetPasswordDto, res: Response): Promise<Response<any, Record<string, any>>>;
+    getMe(req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
     deleteAccount(req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
     microsoftExchange(body: {
         idToken: string;

package/dist/controllers/auth.controller.js

@@ -84,6 +84,14 @@ let AuthController = class AuthController {
         const result = await this.auth.resetPassword(dto.token, dto.newPassword);
         return res.status(200).json(result);
     }
+    async getMe(req, res) {
+        var _a;
+        const userId = (_a = req.user) === null || _a === void 0 ? void 0 : _a.sub;
+        if (!userId)
+            return res.status(401).json({ message: 'Unauthorized.' });
+        const result = await this.auth.getMe(userId);
+        return res.status(200).json(result);
+    }
     async deleteAccount(req, res) {
         var _a;
         const userId = (_a = req.user) === null || _a === void 0 ? void 0 : _a.sub;
@@ -202,6 +210,15 @@ __decorate([
     __metadata("design:paramtypes", [reset_password_dto_1.ResetPasswordDto, Object]),
     __metadata("design:returntype", Promise)
 ], AuthController.prototype, "resetPassword", null);
+__decorate([
+    (0, common_1.Get)('me'),
+    (0, common_1.UseGuards)(authenticate_guard_1.AuthenticateGuard),
+    __param(0, (0, common_1.Req)()),
+    __param(1, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "getMe", null);
 __decorate([
     (0, common_1.Delete)('account'),
     (0, common_1.UseGuards)(authenticate_guard_1.AuthenticateGuard),

package/dist/filters/http-exception.filter.d.ts

@@ -0,0 +1,5 @@
+import { ExceptionFilter, ArgumentsHost } from '@nestjs/common';
+export declare class GlobalExceptionFilter implements ExceptionFilter {
+    private readonly logger;
+    catch(exception: any, host: ArgumentsHost): void;
+}

package/dist/filters/http-exception.filter.js

@@ -0,0 +1,89 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GlobalExceptionFilter = void 0;
+const common_1 = require("@nestjs/common");
+let GlobalExceptionFilter = class GlobalExceptionFilter {
+    constructor() {
+        this.logger = new common_1.Logger('ExceptionFilter');
+    }
+    catch(exception, host) {
+        const ctx = host.switchToHttp();
+        const response = ctx.getResponse();
+        const request = ctx.getRequest();
+        let status = common_1.HttpStatus.INTERNAL_SERVER_ERROR;
+        let message = 'Internal server error';
+        let errors = null;
+        if (exception instanceof common_1.HttpException) {
+            status = exception.getStatus();
+            const exceptionResponse = exception.getResponse();
+            if (typeof exceptionResponse === 'string') {
+                message = exceptionResponse;
+            }
+            else if (typeof exceptionResponse === 'object') {
+                message = exceptionResponse.message || exception.message;
+                errors = exceptionResponse.errors || null;
+            }
+        }
+        else if ((exception === null || exception === void 0 ? void 0 : exception.code) === 11000) {
+            // MongoDB duplicate key error
+            status = common_1.HttpStatus.CONFLICT;
+            message = 'Resource already exists';
+        }
+        else if ((exception === null || exception === void 0 ? void 0 : exception.name) === 'ValidationError') {
+            // Mongoose validation error
+            status = common_1.HttpStatus.BAD_REQUEST;
+            message = 'Validation failed';
+            errors = exception.errors;
+        }
+        else if ((exception === null || exception === void 0 ? void 0 : exception.name) === 'CastError') {
+            // Mongoose cast error (invalid ObjectId)
+            status = common_1.HttpStatus.BAD_REQUEST;
+            message = 'Invalid resource identifier';
+        }
+        else {
+            message = 'An unexpected error occurred';
+        }
+        // Log the error (but not in test environment)
+        if (process.env.NODE_ENV !== 'test') {
+            const errorLog = {
+                timestamp: new Date().toISOString(),
+                path: request.url,
+                method: request.method,
+                statusCode: status,
+                message: (exception === null || exception === void 0 ? void 0 : exception.message) || message,
+                stack: exception === null || exception === void 0 ? void 0 : exception.stack,
+            };
+            if (status >= 500) {
+                this.logger.error('Server error', JSON.stringify(errorLog));
+            }
+            else if (status >= 400) {
+                this.logger.warn('Client error', JSON.stringify(errorLog));
+            }
+        }
+        // Send response
+        const errorResponse = {
+            statusCode: status,
+            message,
+            timestamp: new Date().toISOString(),
+            path: request.url,
+        };
+        if (errors) {
+            errorResponse.errors = errors;
+        }
+        // Don't send stack trace in production
+        if (process.env.NODE_ENV === 'development' && (exception === null || exception === void 0 ? void 0 : exception.stack)) {
+            errorResponse.stack = exception.stack;
+        }
+        response.status(status).json(errorResponse);
+    }
+};
+exports.GlobalExceptionFilter = GlobalExceptionFilter;
+exports.GlobalExceptionFilter = GlobalExceptionFilter = __decorate([
+    (0, common_1.Catch)()
+], GlobalExceptionFilter);

package/dist/middleware/authenticate.guard.d.ts

@@ -1,8 +1,10 @@
 import { CanActivate, ExecutionContext } from '@nestjs/common';
 import { UserRepository } from '../repositories/user.repository';
+import { LoggerService } from '../services/logger.service';
 export declare class AuthenticateGuard implements CanActivate {
     private readonly users;
-    constructor(users: UserRepository);
+    private readonly logger;
+    constructor(users: UserRepository, logger: LoggerService);
     private getEnv;
     canActivate(context: ExecutionContext): Promise<boolean>;
 }

package/dist/middleware/authenticate.guard.js

@@ -16,56 +16,68 @@ exports.AuthenticateGuard = void 0;
 const common_1 = require("@nestjs/common");
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const user_repository_1 = require("../repositories/user.repository");
+const logger_service_1 = require("../services/logger.service");
 let AuthenticateGuard = class AuthenticateGuard {
-    constructor(users) {
+    constructor(users, logger) {
         this.users = users;
+        this.logger = logger;
     }
     getEnv(name) {
         const v = process.env[name];
-        if (!v)
-            throw new Error(`${name} is not set`);
+        if (!v) {
+            this.logger.error(`Environment variable ${name} is not set`, 'AuthenticateGuard');
+            throw new common_1.InternalServerErrorException('Server configuration error');
+        }
         return v;
     }
     async canActivate(context) {
         var _a;
         const req = context.switchToHttp().getRequest();
-        const res = context.switchToHttp().getResponse();
         const authHeader = (_a = req.headers) === null || _a === void 0 ? void 0 : _a.authorization;
         if (!authHeader || !authHeader.startsWith('Bearer ')) {
-            res.status(401).json({ message: 'Missing or invalid Authorization header.' });
-            return false;
+            throw new common_1.UnauthorizedException('Missing or invalid Authorization header');
         }
         const token = authHeader.split(' ')[1];
         try {
             const decoded = jsonwebtoken_1.default.verify(token, this.getEnv('JWT_SECRET'));
             const user = await this.users.findById(decoded.sub);
             if (!user) {
-                res.status(401).json({ message: 'User not found.' });
-                return false;
+                throw new common_1.UnauthorizedException('User not found');
             }
             if (!user.isVerified) {
-                res.status(403).json({ message: 'Email not verified.' });
-                return false;
+                throw new common_1.ForbiddenException('Email not verified. Please check your inbox');
             }
             if (user.isBanned) {
-                res.status(403).json({ message: 'Account banned.' });
-                return false;
+                throw new common_1.ForbiddenException('Account has been banned. Please contact support');
             }
+            // Check if token was issued before password change
             if (user.passwordChangedAt && decoded.iat * 1000 < user.passwordChangedAt.getTime()) {
-                res.status(401).json({ message: 'Token expired.' });
-                return false;
+                throw new common_1.UnauthorizedException('Token expired due to password change. Please login again');
             }
             req.user = decoded;
             return true;
         }
-        catch {
-            res.status(401).json({ message: 'Invalid access token.' });
-            return false;
+        catch (error) {
+            if (error instanceof common_1.UnauthorizedException || error instanceof common_1.ForbiddenException) {
+                throw error;
+            }
+            if (error.name === 'TokenExpiredError') {
+                throw new common_1.UnauthorizedException('Access token has expired');
+            }
+            if (error.name === 'JsonWebTokenError') {
+                throw new common_1.UnauthorizedException('Invalid access token');
+            }
+            if (error.name === 'NotBeforeError') {
+                throw new common_1.UnauthorizedException('Token not yet valid');
+            }
+            this.logger.error(`Authentication failed: ${error.message}`, error.stack, 'AuthenticateGuard');
+            throw new common_1.UnauthorizedException('Authentication failed');
         }
     }
 };
 exports.AuthenticateGuard = AuthenticateGuard;
 exports.AuthenticateGuard = AuthenticateGuard = __decorate([
     (0, common_1.Injectable)(),
-    __metadata("design:paramtypes", [user_repository_1.UserRepository])
+    __metadata("design:paramtypes", [user_repository_1.UserRepository,
+        logger_service_1.LoggerService])
 ], AuthenticateGuard);

package/dist/services/admin-role.service.d.ts

@@ -1,7 +1,9 @@
 import { RoleRepository } from '../repositories/role.repository';
+import { LoggerService } from './logger.service';
 export declare class AdminRoleService {
     private readonly roles;
+    private readonly logger;
     private adminRoleId?;
-    constructor(roles: RoleRepository);
+    constructor(roles: RoleRepository, logger: LoggerService);
     loadAdminRoleId(): Promise<string>;
 }

package/dist/services/admin-role.service.js

@@ -12,22 +12,36 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.AdminRoleService = void 0;
 const common_1 = require("@nestjs/common");
 const role_repository_1 = require("../repositories/role.repository");
+const logger_service_1 = require("./logger.service");
 let AdminRoleService = class AdminRoleService {
-    constructor(roles) {
+    constructor(roles, logger) {
         this.roles = roles;
+        this.logger = logger;
     }
     async loadAdminRoleId() {
-        if (this.adminRoleId)
+        try {
+            if (this.adminRoleId)
+                return this.adminRoleId;
+            const admin = await this.roles.findByName('admin');
+            if (!admin) {
+                this.logger.error('Admin role not found - seed data may be missing', 'AdminRoleService');
+                throw new common_1.InternalServerErrorException('System configuration error');
+            }
+            this.adminRoleId = admin._id.toString();
             return this.adminRoleId;
-        const admin = await this.roles.findByName('admin');
-        if (!admin)
-            throw new Error('Admin role not seeded.');
-        this.adminRoleId = admin._id.toString();
-        return this.adminRoleId;
+        }
+        catch (error) {
+            if (error instanceof common_1.InternalServerErrorException) {
+                throw error;
+            }
+            this.logger.error(`Failed to load admin role: ${error.message}`, error.stack, 'AdminRoleService');
+            throw new common_1.InternalServerErrorException('Failed to verify admin permissions');
+        }
     }
 };
 exports.AdminRoleService = AdminRoleService;
 exports.AdminRoleService = AdminRoleService = __decorate([
     (0, common_1.Injectable)(),
-    __metadata("design:paramtypes", [role_repository_1.RoleRepository])
+    __metadata("design:paramtypes", [role_repository_1.RoleRepository,
+        logger_service_1.LoggerService])
 ], AdminRoleService);

package/dist/services/auth.service.d.ts

@@ -3,11 +3,13 @@ import { RegisterDto } from '../dtos/auth/register.dto';
 import { LoginDto } from '../dtos/auth/login.dto';
 import { MailService } from './mail.service';
 import { RoleRepository } from '../repositories/role.repository';
+import { LoggerService } from './logger.service';
 export declare class AuthService {
     private readonly users;
     private readonly mail;
     private readonly roles;
-    constructor(users: UserRepository, mail: MailService, roles: RoleRepository);
+    private readonly logger;
+    constructor(users: UserRepository, mail: MailService, roles: RoleRepository, logger: LoggerService);
     private resolveExpiry;
     private signAccessToken;
     private signRefreshToken;
@@ -19,15 +21,21 @@ export declare class AuthService {
         accessToken: string;
         refreshToken: string;
     }>;
+    getMe(userId: string): Promise<{
+        ok: boolean;
+        data: any;
+    }>;
     register(dto: RegisterDto): Promise<{
         id: any;
         email: string;
     }>;
     verifyEmail(token: string): Promise<{
         ok: boolean;
+        message: string;
     }>;
     resendVerification(email: string): Promise<{
         ok: boolean;
+        message: string;
     }>;
     login(dto: LoginDto): Promise<{
         accessToken: string;
@@ -39,11 +47,14 @@ export declare class AuthService {
     }>;
     forgotPassword(email: string): Promise<{
         ok: boolean;
+        message: string;
     }>;
     resetPassword(token: string, newPassword: string): Promise<{
         ok: boolean;
+        message: string;
     }>;
     deleteAccount(userId: string): Promise<{
         ok: boolean;
+        message: string;
     }>;
 }