@ciscode/authentication-kit 1.4.0 → 1.4.2

package/README.md

@@ -107,17 +107,18 @@ export class AppModule implements OnModuleInit {
 
 ## API Routes
 
-### Local Auth Routes (Public)
+### Local Auth Routes
 
 ```
-POST   /api/auth/register
-POST   /api/auth/verify-email
-POST   /api/auth/resend-verification
-POST   /api/auth/login
-POST   /api/auth/refresh-token
-POST   /api/auth/forgot-password
-POST   /api/auth/reset-password
-DELETE /api/auth/account (protected)
+POST   /api/auth/register              | Register new user (public)
+POST   /api/auth/verify-email          | Verify email with token (public)
+POST   /api/auth/resend-verification   | Resend verification email (public)
+POST   /api/auth/login                 | Login with credentials (public)
+POST   /api/auth/refresh-token         | Refresh access token (public)
+POST   /api/auth/forgot-password       | Request password reset (public)
+POST   /api/auth/reset-password        | Reset password with token (public)
+GET    /api/auth/me                    | Get current user profile (protected)
+DELETE /api/auth/account               | Delete own account (protected)
 ```
 
 ### OAuth Routes - Mobile Exchange (Public)
@@ -321,6 +322,54 @@ Content-Type: application/json
 }
 ```
 
+### Get Current User Profile
+
+**Request:**
+
+```json
+GET /api/auth/me
+Authorization: Bearer access-token
+```
+
+**Response:**
+
+```json
+{
+  "ok": true,
+  "data": {
+    "_id": "507f1f77bcf86cd799439011",
+    "fullname": {
+      "fname": "Test",
+      "lname": "User"
+    },
+    "username": "test-user",
+    "email": "user@example.com",
+    "avatar": "https://example.com/avatar.jpg",
+    "phoneNumber": "+1234567890",
+    "jobTitle": "Software Engineer",
+    "company": "Ciscode",
+    "isVerified": true,
+    "isBanned": false,
+    "roles": [
+      {
+        "_id": "507f1f77bcf86cd799439012",
+        "name": "user",
+        "permissions": [
+          {
+            "_id": "507f1f77bcf86cd799439013",
+            "name": "read:profile"
+          }
+        ]
+      }
+    ],
+    "createdAt": "2026-01-28T10:00:00.000Z",
+    "updatedAt": "2026-01-28T10:00:00.000Z"
+  }
+}
+```
+
+**Note:** Sensitive fields like `password` and `passwordChangedAt` are automatically excluded from the response.
+
 ### Delete Account
 
 **Request:**

package/dist/auth-kit.module.js

@@ -22,6 +22,7 @@ const auth_controller_1 = require("./controllers/auth.controller");
 const users_controller_1 = require("./controllers/users.controller");
 const roles_controller_1 = require("./controllers/roles.controller");
 const permissions_controller_1 = require("./controllers/permissions.controller");
+const health_controller_1 = require("./controllers/health.controller");
 const user_model_1 = require("./models/user.model");
 const role_model_1 = require("./models/role.model");
 const permission_model_1 = require("./models/permission.model");
@@ -70,6 +71,7 @@ exports.AuthKitModule = AuthKitModule = __decorate([
             users_controller_1.UsersController,
             roles_controller_1.RolesController,
             permissions_controller_1.PermissionsController,
+            health_controller_1.HealthController,
         ],
         providers: [
             {

package/dist/controllers/auth.controller.d.ts

@@ -19,6 +19,7 @@ export declare class AuthController {
     refresh(dto: RefreshTokenDto, req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
     forgotPassword(dto: ForgotPasswordDto, res: Response): Promise<Response<any, Record<string, any>>>;
     resetPassword(dto: ResetPasswordDto, res: Response): Promise<Response<any, Record<string, any>>>;
+    getMe(req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
     deleteAccount(req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
     microsoftExchange(body: {
         idToken: string;

package/dist/controllers/auth.controller.js

@@ -84,6 +84,14 @@ let AuthController = class AuthController {
         const result = await this.auth.resetPassword(dto.token, dto.newPassword);
         return res.status(200).json(result);
     }
+    async getMe(req, res) {
+        var _a;
+        const userId = (_a = req.user) === null || _a === void 0 ? void 0 : _a.sub;
+        if (!userId)
+            return res.status(401).json({ message: 'Unauthorized.' });
+        const result = await this.auth.getMe(userId);
+        return res.status(200).json(result);
+    }
     async deleteAccount(req, res) {
         var _a;
         const userId = (_a = req.user) === null || _a === void 0 ? void 0 : _a.sub;
@@ -202,6 +210,15 @@ __decorate([
     __metadata("design:paramtypes", [reset_password_dto_1.ResetPasswordDto, Object]),
     __metadata("design:returntype", Promise)
 ], AuthController.prototype, "resetPassword", null);
+__decorate([
+    (0, common_1.Get)('me'),
+    (0, common_1.UseGuards)(authenticate_guard_1.AuthenticateGuard),
+    __param(0, (0, common_1.Req)()),
+    __param(1, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "getMe", null);
 __decorate([
     (0, common_1.Delete)('account'),
     (0, common_1.UseGuards)(authenticate_guard_1.AuthenticateGuard),

package/dist/controllers/health.controller.d.ts

@@ -0,0 +1,48 @@
+import { MailService } from '../services/mail.service';
+import { LoggerService } from '../services/logger.service';
+export declare class HealthController {
+    private readonly mail;
+    private readonly logger;
+    constructor(mail: MailService, logger: LoggerService);
+    checkSmtp(): Promise<{
+        config: {
+            host: string;
+            port: string;
+            secure: string;
+            user: string;
+            fromEmail: string;
+        };
+        error: string;
+        service: string;
+        status: string;
+    } | {
+        service: string;
+        status: string;
+        error: any;
+    }>;
+    checkAll(): Promise<{
+        status: string;
+        checks: {
+            smtp: {
+                config: {
+                    host: string;
+                    port: string;
+                    secure: string;
+                    user: string;
+                    fromEmail: string;
+                };
+                error: string;
+                service: string;
+                status: string;
+            } | {
+                service: string;
+                status: string;
+                error: any;
+            };
+        };
+        environment: {
+            nodeEnv: string;
+            frontendUrl: string;
+        };
+    }>;
+}

package/dist/controllers/health.controller.js

@@ -0,0 +1,77 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HealthController = void 0;
+const common_1 = require("@nestjs/common");
+const mail_service_1 = require("../services/mail.service");
+const logger_service_1 = require("../services/logger.service");
+let HealthController = class HealthController {
+    constructor(mail, logger) {
+        this.mail = mail;
+        this.logger = logger;
+    }
+    async checkSmtp() {
+        try {
+            const result = await this.mail.verifyConnection();
+            return {
+                service: 'smtp',
+                status: result.connected ? 'connected' : 'disconnected',
+                ...(result.error && { error: result.error }),
+                config: {
+                    host: process.env.SMTP_HOST || 'not set',
+                    port: process.env.SMTP_PORT || 'not set',
+                    secure: process.env.SMTP_SECURE || 'not set',
+                    user: process.env.SMTP_USER ? '***' + process.env.SMTP_USER.slice(-4) : 'not set',
+                    fromEmail: process.env.FROM_EMAIL || 'not set',
+                }
+            };
+        }
+        catch (error) {
+            this.logger.error(`SMTP health check failed: ${error.message}`, error.stack, 'HealthController');
+            return {
+                service: 'smtp',
+                status: 'error',
+                error: error.message
+            };
+        }
+    }
+    async checkAll() {
+        const smtp = await this.checkSmtp();
+        return {
+            status: smtp.status === 'connected' ? 'healthy' : 'degraded',
+            checks: {
+                smtp
+            },
+            environment: {
+                nodeEnv: process.env.NODE_ENV || 'not set',
+                frontendUrl: process.env.FRONTEND_URL || 'not set',
+            }
+        };
+    }
+};
+exports.HealthController = HealthController;
+__decorate([
+    (0, common_1.Get)('smtp'),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", []),
+    __metadata("design:returntype", Promise)
+], HealthController.prototype, "checkSmtp", null);
+__decorate([
+    (0, common_1.Get)(),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", []),
+    __metadata("design:returntype", Promise)
+], HealthController.prototype, "checkAll", null);
+exports.HealthController = HealthController = __decorate([
+    (0, common_1.Controller)('api/health'),
+    __metadata("design:paramtypes", [mail_service_1.MailService,
+        logger_service_1.LoggerService])
+], HealthController);

package/dist/services/auth.service.d.ts

@@ -21,9 +21,17 @@ export declare class AuthService {
         accessToken: string;
         refreshToken: string;
     }>;
+    getMe(userId: string): Promise<{
+        ok: boolean;
+        data: any;
+    }>;
     register(dto: RegisterDto): Promise<{
+        emailError: string;
+        emailHint: string;
+        ok: boolean;
         id: any;
         email: string;
+        emailSent: boolean;
     }>;
     verifyEmail(token: string): Promise<{
         ok: boolean;
@@ -32,6 +40,23 @@ export declare class AuthService {
     resendVerification(email: string): Promise<{
         ok: boolean;
         message: string;
+        emailSent?: undefined;
+        error?: undefined;
+    } | {
+        ok: boolean;
+        message: string;
+        emailSent: boolean;
+        error?: undefined;
+    } | {
+        ok: boolean;
+        message: string;
+        emailSent: boolean;
+        error: any;
+    } | {
+        ok: boolean;
+        message: string;
+        error: any;
+        emailSent?: undefined;
     }>;
     login(dto: LoginDto): Promise<{
         accessToken: string;
@@ -44,6 +69,23 @@ export declare class AuthService {
     forgotPassword(email: string): Promise<{
         ok: boolean;
         message: string;
+        emailSent?: undefined;
+        error?: undefined;
+    } | {
+        ok: boolean;
+        message: string;
+        emailSent: boolean;
+        error?: undefined;
+    } | {
+        ok: boolean;
+        message: string;
+        emailSent: boolean;
+        error: any;
+    } | {
+        ok: boolean;
+        message: string;
+        error: any;
+        emailSent?: undefined;
     }>;
     resetPassword(token: string, newPassword: string): Promise<{
         ok: boolean;

package/dist/services/auth.service.js

@@ -113,6 +113,31 @@ let AuthService = class AuthService {
         const refreshToken = this.signRefreshToken({ sub: userId, purpose: 'refresh' });
         return { accessToken, refreshToken };
     }
+    async getMe(userId) {
+        try {
+            const user = await this.users.findByIdWithRolesAndPermissions(userId);
+            if (!user) {
+                throw new common_1.NotFoundException('User not found');
+            }
+            if (user.isBanned) {
+                throw new common_1.ForbiddenException('Account has been banned. Please contact support');
+            }
+            // Return user data without sensitive information
+            const userObject = user.toObject ? user.toObject() : user;
+            const { password, passwordChangedAt, ...safeUser } = userObject;
+            return {
+                ok: true,
+                data: safeUser
+            };
+        }
+        catch (error) {
+            if (error instanceof common_1.NotFoundException || error instanceof common_1.ForbiddenException) {
+                throw error;
+            }
+            this.logger.error(`Get profile failed: ${error.message}`, error.stack, 'AuthService');
+            throw new common_1.InternalServerErrorException('Failed to retrieve profile');
+        }
+    }
     async register(dto) {
         try {
             // Generate username from fname-lname if not provided
@@ -160,15 +185,25 @@ let AuthService = class AuthService {
                 passwordChangedAt: new Date()
             });
             // Send verification email (don't let email failures crash registration)
+            let emailSent = true;
+            let emailError;
             try {
                 const emailToken = this.signEmailToken({ sub: user._id.toString(), purpose: 'verify' });
                 await this.mail.sendVerificationEmail(user.email, emailToken);
             }
             catch (error) {
+                emailSent = false;
+                emailError = error.message || 'Failed to send verification email';
                 this.logger.error(`Failed to send verification email: ${error.message}`, error.stack, 'AuthService');
                 // Continue - user is created, they can resend verification
             }
-            return { id: user._id, email: user.email };
+            return {
+                ok: true,
+                id: user._id,
+                email: user.email,
+                emailSent,
+                ...(emailError && { emailError, emailHint: 'User created successfully. You can resend verification email later.' })
+            };
         }
         catch (error) {
             // Re-throw HTTP exceptions
@@ -222,13 +257,29 @@ let AuthService = class AuthService {
                 return { ok: true, message: 'If the email exists and is unverified, a verification email has been sent' };
             }
             const emailToken = this.signEmailToken({ sub: user._id.toString(), purpose: 'verify' });
-            await this.mail.sendVerificationEmail(user.email, emailToken);
-            return { ok: true, message: 'Verification email sent successfully' };
+            try {
+                await this.mail.sendVerificationEmail(user.email, emailToken);
+                return { ok: true, message: 'Verification email sent successfully', emailSent: true };
+            }
+            catch (emailError) {
+                // Log the actual error but return generic message
+                this.logger.error(`Failed to send verification email: ${emailError.message}`, emailError.stack, 'AuthService');
+                return {
+                    ok: false,
+                    message: 'Failed to send verification email',
+                    emailSent: false,
+                    error: emailError.message || 'Email service error'
+                };
+            }
         }
         catch (error) {
             this.logger.error(`Resend verification failed: ${error.message}`, error.stack, 'AuthService');
-            // Return success to prevent email enumeration
-            return { ok: true, message: 'If the email exists and is unverified, a verification email has been sent' };
+            // Return error details for debugging
+            return {
+                ok: false,
+                message: 'Failed to resend verification email',
+                error: error.message
+            };
         }
     }
     async login(dto) {
@@ -303,17 +354,36 @@ let AuthService = class AuthService {
     async forgotPassword(email) {
         try {
             const user = await this.users.findByEmail(email);
-            // Always return success to prevent email enumeration
+            // Always return success to prevent email enumeration (in production)
             if (!user) {
                 return { ok: true, message: 'If the email exists, a password reset link has been sent' };
             }
             const resetToken = this.signResetToken({ sub: user._id.toString(), purpose: 'reset' });
-            await this.mail.sendPasswordResetEmail(user.email, resetToken);
-            return { ok: true, message: 'Password reset link sent successfully' };
+            try {
+                await this.mail.sendPasswordResetEmail(user.email, resetToken);
+                return { ok: true, message: 'Password reset link sent successfully', emailSent: true };
+            }
+            catch (emailError) {
+                // Log the actual error but return generic message for security
+                this.logger.error(`Failed to send reset email: ${emailError.message}`, emailError.stack, 'AuthService');
+                // In development, return error details; in production, hide for security
+                if (process.env.NODE_ENV === 'development') {
+                    return {
+                        ok: false,
+                        message: 'Failed to send password reset email',
+                        emailSent: false,
+                        error: emailError.message
+                    };
+                }
+                return { ok: true, message: 'If the email exists, a password reset link has been sent' };
+            }
         }
         catch (error) {
             this.logger.error(`Forgot password failed: ${error.message}`, error.stack, 'AuthService');
-            // Return success to prevent email enumeration
+            // In development, return error; in production, hide for security
+            if (process.env.NODE_ENV === 'development') {
+                return { ok: false, message: 'Failed to process password reset', error: error.message };
+            }
             return { ok: true, message: 'If the email exists, a password reset link has been sent' };
         }
     }

package/dist/services/mail.service.d.ts

@@ -2,7 +2,14 @@ import { LoggerService } from './logger.service';
 export declare class MailService {
     private readonly logger;
     private transporter;
+    private smtpConfigured;
     constructor(logger: LoggerService);
+    private initializeTransporter;
+    verifyConnection(): Promise<{
+        connected: boolean;
+        error?: string;
+    }>;
     sendVerificationEmail(email: string, token: string): Promise<void>;
     sendPasswordResetEmail(email: string, token: string): Promise<void>;
+    private getDetailedSmtpError;
 }

package/dist/services/mail.service.js

@@ -19,17 +19,56 @@ const logger_service_1 = require("./logger.service");
 let MailService = class MailService {
     constructor(logger) {
         this.logger = logger;
-        this.transporter = nodemailer_1.default.createTransport({
-            host: process.env.SMTP_HOST,
-            port: parseInt(process.env.SMTP_PORT, 10),
-            secure: process.env.SMTP_SECURE === 'true',
-            auth: {
-                user: process.env.SMTP_USER,
-                pass: process.env.SMTP_PASS
+        this.smtpConfigured = false;
+        this.initializeTransporter();
+    }
+    initializeTransporter() {
+        try {
+            // Check if SMTP is configured
+            if (!process.env.SMTP_HOST || !process.env.SMTP_PORT) {
+                this.logger.warn('SMTP not configured - email functionality will be disabled', 'MailService');
+                this.smtpConfigured = false;
+                return;
             }
-        });
+            this.transporter = nodemailer_1.default.createTransport({
+                host: process.env.SMTP_HOST,
+                port: parseInt(process.env.SMTP_PORT, 10),
+                secure: process.env.SMTP_SECURE === 'true',
+                auth: {
+                    user: process.env.SMTP_USER,
+                    pass: process.env.SMTP_PASS
+                },
+                connectionTimeout: 10000, // 10 seconds
+                greetingTimeout: 10000,
+            });
+            this.smtpConfigured = true;
+        }
+        catch (error) {
+            this.logger.error(`Failed to initialize SMTP transporter: ${error.message}`, error.stack, 'MailService');
+            this.smtpConfigured = false;
+        }
+    }
+    async verifyConnection() {
+        if (!this.smtpConfigured) {
+            return { connected: false, error: 'SMTP not configured' };
+        }
+        try {
+            await this.transporter.verify();
+            this.logger.log('SMTP connection verified successfully', 'MailService');
+            return { connected: true };
+        }
+        catch (error) {
+            const errorMsg = `SMTP connection failed: ${error.message}`;
+            this.logger.error(errorMsg, error.stack, 'MailService');
+            return { connected: false, error: errorMsg };
+        }
     }
     async sendVerificationEmail(email, token) {
+        if (!this.smtpConfigured) {
+            const error = new common_1.InternalServerErrorException('SMTP not configured - cannot send emails');
+            this.logger.error('Attempted to send email but SMTP is not configured', '', 'MailService');
+            throw error;
+        }
         try {
             const url = `${process.env.FRONTEND_URL}/confirm-email?token=${token}`;
             await this.transporter.sendMail({
@@ -42,11 +81,17 @@ let MailService = class MailService {
             this.logger.log(`Verification email sent to ${email}`, 'MailService');
         }
         catch (error) {
-            this.logger.error(`Failed to send verification email to ${email}: ${error.message}`, error.stack, 'MailService');
-            throw error; // Re-throw so caller can handle
+            const detailedError = this.getDetailedSmtpError(error);
+            this.logger.error(`Failed to send verification email to ${email}: ${detailedError}`, error.stack, 'MailService');
+            throw new common_1.InternalServerErrorException(detailedError);
         }
     }
     async sendPasswordResetEmail(email, token) {
+        if (!this.smtpConfigured) {
+            const error = new common_1.InternalServerErrorException('SMTP not configured - cannot send emails');
+            this.logger.error('Attempted to send email but SMTP is not configured', '', 'MailService');
+            throw error;
+        }
         try {
             const url = `${process.env.FRONTEND_URL}/reset-password?token=${token}`;
             await this.transporter.sendMail({
@@ -59,9 +104,28 @@ let MailService = class MailService {
             this.logger.log(`Password reset email sent to ${email}`, 'MailService');
         }
         catch (error) {
-            this.logger.error(`Failed to send password reset email to ${email}: ${error.message}`, error.stack, 'MailService');
-            throw error; // Re-throw so caller can handle
+            const detailedError = this.getDetailedSmtpError(error);
+            this.logger.error(`Failed to send password reset email to ${email}: ${detailedError}`, error.stack, 'MailService');
+            throw new common_1.InternalServerErrorException(detailedError);
+        }
+    }
+    getDetailedSmtpError(error) {
+        if (error.code === 'EAUTH') {
+            return 'SMTP authentication failed. Check SMTP_USER and SMTP_PASS environment variables.';
+        }
+        if (error.code === 'ESOCKET' || error.code === 'ECONNECTION') {
+            return `Cannot connect to SMTP server at ${process.env.SMTP_HOST}:${process.env.SMTP_PORT}. Check network/firewall settings.`;
+        }
+        if (error.code === 'ETIMEDOUT' || error.code === 'ECONNABORTED') {
+            return 'SMTP connection timed out. Server may be unreachable or firewalled.';
+        }
+        if (error.responseCode >= 500) {
+            return `SMTP server error (${error.responseCode}): ${error.response}`;
+        }
+        if (error.responseCode >= 400) {
+            return `SMTP client error (${error.responseCode}): Check FROM_EMAIL and recipient addresses.`;
         }
+        return error.message || 'Unknown SMTP error';
     }
 };
 exports.MailService = MailService;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ciscode/authentication-kit",
-  "version": "1.4.0",
+  "version": "1.4.2",
   "description": "NestJS auth kit with local + OAuth, JWT, RBAC, password reset.",
   "publishConfig": {
     "access": "public"