@heejun/auth-nest 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 heejun
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/auth.controller.d.ts

@@ -0,0 +1,19 @@
+import { AuthService } from '@heejun/auth';
+import { Principal } from '@heejun/contracts';
+import { AuthedRequest } from './http-types';
+export declare class AuthController {
+    private readonly auth;
+    constructor(auth: AuthService);
+    register(body: unknown, req: AuthedRequest): Promise<import("@heejun/auth").AuthResult>;
+    login(body: unknown, req: AuthedRequest): Promise<import("@heejun/auth").AuthResult>;
+    google(body: unknown, req: AuthedRequest): Promise<import("@heejun/auth").AuthResult>;
+    refresh(body: unknown, req: AuthedRequest): Promise<import("@heejun/auth").AuthResult>;
+    logout(body: unknown): Promise<void>;
+    me(user: Principal | null): {
+        userId: string;
+        roles: ("guest" | "member" | "moderator" | "admin" | "owner")[];
+        orgId?: string | undefined;
+        email?: string | undefined;
+    } | null;
+}
+//# sourceMappingURL=auth.controller.d.ts.map

package/dist/auth.controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.controller.d.ts","sourceRoot":"","sources":["../src/auth.controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAI7C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AAO5C,qBACa,cAAc;IACb,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,WAAW;IAG9C,QAAQ,CAAS,IAAI,EAAE,OAAO,EAAS,GAAG,EAAE,aAAa;IAKzD,KAAK,CAAS,IAAI,EAAE,OAAO,EAAS,GAAG,EAAE,aAAa;IAKtD,MAAM,CAAS,IAAI,EAAE,OAAO,EAAS,GAAG,EAAE,aAAa;IAKvD,OAAO,CAAS,IAAI,EAAE,OAAO,EAAS,GAAG,EAAE,aAAa;IAMlD,MAAM,CAAS,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAMlD,EAAE,CAAgB,IAAI,EAAE,SAAS,GAAG,IAAI;;;;;;CAGzC"}

package/dist/auth.controller.js

@@ -0,0 +1,99 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthController = void 0;
+const auth_1 = require("@heejun/auth");
+const common_1 = require("@nestjs/common");
+const current_user_decorator_1 = require("./current-user.decorator");
+const jwt_auth_guard_1 = require("./jwt-auth.guard");
+function userAgent(req) {
+    return req.headers['user-agent'];
+}
+let AuthController = class AuthController {
+    constructor(auth) {
+        this.auth = auth;
+    }
+    register(body, req) {
+        return this.auth.register(body, userAgent(req));
+    }
+    login(body, req) {
+        return this.auth.login(body, userAgent(req));
+    }
+    google(body, req) {
+        return this.auth.loginWithGoogle(body, userAgent(req));
+    }
+    refresh(body, req) {
+        return this.auth.refresh(body, userAgent(req));
+    }
+    async logout(body) {
+        await this.auth.logout(body);
+    }
+    me(user) {
+        return user;
+    }
+};
+exports.AuthController = AuthController;
+__decorate([
+    (0, common_1.Post)('register'),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Req)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", void 0)
+], AuthController.prototype, "register", null);
+__decorate([
+    (0, common_1.Post)('login'),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Req)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", void 0)
+], AuthController.prototype, "login", null);
+__decorate([
+    (0, common_1.Post)('google'),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Req)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", void 0)
+], AuthController.prototype, "google", null);
+__decorate([
+    (0, common_1.Post)('refresh'),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Req)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", void 0)
+], AuthController.prototype, "refresh", null);
+__decorate([
+    (0, common_1.Post)('logout'),
+    (0, common_1.HttpCode)(204),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "logout", null);
+__decorate([
+    (0, common_1.Get)('me'),
+    (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", void 0)
+], AuthController.prototype, "me", null);
+exports.AuthController = AuthController = __decorate([
+    (0, common_1.Controller)('auth'),
+    __metadata("design:paramtypes", [auth_1.AuthService])
+], AuthController);
+//# sourceMappingURL=auth.controller.js.map

package/dist/auth.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.controller.js","sourceRoot":"","sources":["../src/auth.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,uCAA0C;AAE1C,2CAAsF;AAEtF,qEAAsD;AAEtD,qDAA+C;AAE/C,SAAS,SAAS,CAAC,GAAkB;IACnC,OAAO,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,CAAA;AAClC,CAAC;AAGM,IAAM,cAAc,GAApB,MAAM,cAAc;IACzB,YAA6B,IAAiB;QAAjB,SAAI,GAAJ,IAAI,CAAa;IAAG,CAAC;IAGlD,QAAQ,CAAS,IAAa,EAAS,GAAkB;QACvD,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;IACjD,CAAC;IAGD,KAAK,CAAS,IAAa,EAAS,GAAkB;QACpD,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;IAC9C,CAAC;IAGD,MAAM,CAAS,IAAa,EAAS,GAAkB;QACrD,OAAO,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;IACxD,CAAC;IAGD,OAAO,CAAS,IAAa,EAAS,GAAkB;QACtD,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;IAChD,CAAC;IAIK,AAAN,KAAK,CAAC,MAAM,CAAS,IAAa;QAChC,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC9B,CAAC;IAID,EAAE,CAAgB,IAAsB;QACtC,OAAO,IAAI,CAAA;IACb,CAAC;CACF,CAAA;AAlCY,wCAAc;AAIzB;IADC,IAAA,aAAI,EAAC,UAAU,CAAC;IACP,WAAA,IAAA,aAAI,GAAE,CAAA;IAAiB,WAAA,IAAA,YAAG,GAAE,CAAA;;;;8CAErC;AAGD;IADC,IAAA,aAAI,EAAC,OAAO,CAAC;IACP,WAAA,IAAA,aAAI,GAAE,CAAA;IAAiB,WAAA,IAAA,YAAG,GAAE,CAAA;;;;2CAElC;AAGD;IADC,IAAA,aAAI,EAAC,QAAQ,CAAC;IACP,WAAA,IAAA,aAAI,GAAE,CAAA;IAAiB,WAAA,IAAA,YAAG,GAAE,CAAA;;;;4CAEnC;AAGD;IADC,IAAA,aAAI,EAAC,SAAS,CAAC;IACP,WAAA,IAAA,aAAI,GAAE,CAAA;IAAiB,WAAA,IAAA,YAAG,GAAE,CAAA;;;;6CAEpC;AAIK;IAFL,IAAA,aAAI,EAAC,QAAQ,CAAC;IACd,IAAA,iBAAQ,EAAC,GAAG,CAAC;IACA,WAAA,IAAA,aAAI,GAAE,CAAA;;;;4CAEnB;AAID;IAFC,IAAA,YAAG,EAAC,IAAI,CAAC;IACT,IAAA,kBAAS,EAAC,6BAAY,CAAC;IACpB,WAAA,IAAA,oCAAW,GAAE,CAAA;;;;wCAEhB;yBAjCU,cAAc;IAD1B,IAAA,mBAAU,EAAC,MAAM,CAAC;qCAEkB,kBAAW;GADnC,cAAc,CAkC1B"}

package/dist/auth.module.d.ts

@@ -0,0 +1,22 @@
+import { AuthServiceConfig, JwtConfig, OAuthVerifier, PasswordHasher, SessionStore, UserStore } from '@heejun/auth';
+import { DynamicModule } from '@nestjs/common';
+export interface AuthModuleOptions {
+    jwt: JwtConfig;
+    users: UserStore;
+    sessions: SessionStore;
+    hasher?: PasswordHasher;
+    oauth?: OAuthVerifier;
+    config?: AuthServiceConfig;
+    /** false 면 컨트롤러를 등록하지 않음(서비스/가드만 사용). */
+    registerController?: boolean;
+    /** DomainError→HTTP 필터 자동 등록(기본 true). */
+    registerExceptionFilter?: boolean;
+}
+/**
+ * AuthModule.forRoot({ jwt, users, sessions, oauth }) 로 인증 일체를 마운트.
+ * users/sessions 는 호스트가 어댑터(in-memory·@heejun/auth/drizzle 등)로 주입.
+ */
+export declare class AuthModule {
+    static forRoot(options: AuthModuleOptions): DynamicModule;
+}
+//# sourceMappingURL=auth.module.d.ts.map

package/dist/auth.module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.module.d.ts","sourceRoot":"","sources":["../src/auth.module.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,iBAAiB,EACjB,SAAS,EAET,aAAa,EACb,cAAc,EAEd,YAAY,EACZ,SAAS,EACV,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,aAAa,EAAoB,MAAM,gBAAgB,CAAA;AAQhE,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,SAAS,CAAA;IACd,KAAK,EAAE,SAAS,CAAA;IAChB,QAAQ,EAAE,YAAY,CAAA;IACtB,MAAM,CAAC,EAAE,cAAc,CAAA;IACvB,KAAK,CAAC,EAAE,aAAa,CAAA;IACrB,MAAM,CAAC,EAAE,iBAAiB,CAAA;IAC1B,yCAAyC;IACzC,kBAAkB,CAAC,EAAE,OAAO,CAAA;IAC5B,0CAA0C;IAC1C,uBAAuB,CAAC,EAAE,OAAO,CAAA;CAClC;AAED;;;GAGG;AACH,qBACa,UAAU;IACrB,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,iBAAiB,GAAG,aAAa;CA0B1D"}

package/dist/auth.module.js

@@ -0,0 +1,51 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var AuthModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthModule = void 0;
+const auth_1 = require("@heejun/auth");
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const auth_controller_1 = require("./auth.controller");
+const domain_exception_filter_1 = require("./domain-exception.filter");
+const jwt_auth_guard_1 = require("./jwt-auth.guard");
+const roles_guard_1 = require("./roles.guard");
+/**
+ * AuthModule.forRoot({ jwt, users, sessions, oauth }) 로 인증 일체를 마운트.
+ * users/sessions 는 호스트가 어댑터(in-memory·@heejun/auth/drizzle 등)로 주입.
+ */
+let AuthModule = AuthModule_1 = class AuthModule {
+    static forRoot(options) {
+        const authServiceProvider = {
+            provide: auth_1.AuthService,
+            useFactory: () => new auth_1.AuthService({
+                users: options.users,
+                sessions: options.sessions,
+                hasher: options.hasher ?? new auth_1.ScryptHasher(),
+                jwt: new auth_1.JwtService(options.jwt),
+                oauth: options.oauth,
+                config: options.config,
+            }),
+        };
+        const providers = [authServiceProvider, jwt_auth_guard_1.JwtAuthGuard, roles_guard_1.RolesGuard];
+        if (options.registerExceptionFilter !== false) {
+            providers.push({ provide: core_1.APP_FILTER, useClass: domain_exception_filter_1.DomainExceptionFilter });
+        }
+        return {
+            module: AuthModule_1,
+            controllers: options.registerController === false ? [] : [auth_controller_1.AuthController],
+            providers,
+            exports: [auth_1.AuthService, jwt_auth_guard_1.JwtAuthGuard, roles_guard_1.RolesGuard],
+        };
+    }
+};
+exports.AuthModule = AuthModule;
+exports.AuthModule = AuthModule = AuthModule_1 = __decorate([
+    (0, common_1.Module)({})
+], AuthModule);
+//# sourceMappingURL=auth.module.js.map

package/dist/auth.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.module.js","sourceRoot":"","sources":["../src/auth.module.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,uCAUqB;AACrB,2CAAgE;AAChE,uCAAyC;AAEzC,uDAAkD;AAClD,uEAAiE;AACjE,qDAA+C;AAC/C,+CAA0C;AAe1C;;;GAGG;AAEI,IAAM,UAAU,kBAAhB,MAAM,UAAU;IACrB,MAAM,CAAC,OAAO,CAAC,OAA0B;QACvC,MAAM,mBAAmB,GAAa;YACpC,OAAO,EAAE,kBAAW;YACpB,UAAU,EAAE,GAAG,EAAE,CACf,IAAI,kBAAW,CAAC;gBACd,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,IAAI,mBAAY,EAAE;gBAC5C,GAAG,EAAE,IAAI,iBAAU,CAAC,OAAO,CAAC,GAAG,CAAC;gBAChC,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC;SACL,CAAA;QAED,MAAM,SAAS,GAAe,CAAC,mBAAmB,EAAE,6BAAY,EAAE,wBAAU,CAAC,CAAA;QAC7E,IAAI,OAAO,CAAC,uBAAuB,KAAK,KAAK,EAAE,CAAC;YAC9C,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,iBAAU,EAAE,QAAQ,EAAE,+CAAqB,EAAE,CAAC,CAAA;QAC1E,CAAC;QAED,OAAO;YACL,MAAM,EAAE,YAAU;YAClB,WAAW,EAAE,OAAO,CAAC,kBAAkB,KAAK,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,gCAAc,CAAC;YACzE,SAAS;YACT,OAAO,EAAE,CAAC,kBAAW,EAAE,6BAAY,EAAE,wBAAU,CAAC;SACjD,CAAA;IACH,CAAC;CACF,CAAA;AA3BY,gCAAU;qBAAV,UAAU;IADtB,IAAA,eAAM,EAAC,EAAE,CAAC;GACE,UAAU,CA2BtB"}

package/dist/bearer.d.ts

@@ -0,0 +1,3 @@
+/** Authorization 헤더에서 Bearer 토큰 추출(순수 함수, 테스트 대상). */
+export declare function extractBearerToken(authorization?: string | null): string | null;
+//# sourceMappingURL=bearer.d.ts.map

package/dist/bearer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bearer.d.ts","sourceRoot":"","sources":["../src/bearer.ts"],"names":[],"mappings":"AAAA,sDAAsD;AACtD,wBAAgB,kBAAkB,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,GAAG,IAAI,CAM/E"}

package/dist/bearer.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractBearerToken = extractBearerToken;
+/** Authorization 헤더에서 Bearer 토큰 추출(순수 함수, 테스트 대상). */
+function extractBearerToken(authorization) {
+    if (!authorization)
+        return null;
+    const [scheme, token] = authorization.split(' ');
+    if (!scheme || scheme.toLowerCase() !== 'bearer' || !token)
+        return null;
+    const trimmed = token.trim();
+    return trimmed.length > 0 ? trimmed : null;
+}
+//# sourceMappingURL=bearer.js.map

package/dist/bearer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bearer.js","sourceRoot":"","sources":["../src/bearer.ts"],"names":[],"mappings":";;AACA,gDAMC;AAPD,sDAAsD;AACtD,SAAgB,kBAAkB,CAAC,aAA6B;IAC9D,IAAI,CAAC,aAAa;QAAE,OAAO,IAAI,CAAA;IAC/B,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAChD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,QAAQ,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvE,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAA;IAC5B,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAA;AAC5C,CAAC"}

package/dist/current-user.decorator.d.ts

@@ -0,0 +1,3 @@
+/** 가드가 주입한 principal 을 핸들러 인자로 꺼낸다. */
+export declare const CurrentUser: (...dataOrPipes: unknown[]) => ParameterDecorator;
+//# sourceMappingURL=current-user.decorator.d.ts.map

package/dist/current-user.decorator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"current-user.decorator.d.ts","sourceRoot":"","sources":["../src/current-user.decorator.ts"],"names":[],"mappings":"AAIA,uCAAuC;AACvC,eAAO,MAAM,WAAW,mDAKvB,CAAA"}

package/dist/current-user.decorator.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CurrentUser = void 0;
+const common_1 = require("@nestjs/common");
+/** 가드가 주입한 principal 을 핸들러 인자로 꺼낸다. */
+exports.CurrentUser = (0, common_1.createParamDecorator)((_data, ctx) => {
+    const req = ctx.switchToHttp().getRequest();
+    return req.principal ?? null;
+});
+//# sourceMappingURL=current-user.decorator.js.map

package/dist/current-user.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"current-user.decorator.js","sourceRoot":"","sources":["../src/current-user.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAAuE;AAIvE,uCAAuC;AAC1B,QAAA,WAAW,GAAG,IAAA,6BAAoB,EAC7C,CAAC,KAAc,EAAE,GAAqB,EAAoB,EAAE;IAC1D,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC,UAAU,EAA6B,CAAA;IACtE,OAAO,GAAG,CAAC,SAAS,IAAI,IAAI,CAAA;AAC9B,CAAC,CACF,CAAA"}

package/dist/domain-exception.filter.d.ts

@@ -0,0 +1,7 @@
+import { DomainError } from '@heejun/core-server';
+import { ArgumentsHost, ExceptionFilter } from '@nestjs/common';
+/** core-server DomainError 를 적절한 HTTP 상태/바디로 매핑. */
+export declare class DomainExceptionFilter implements ExceptionFilter {
+    catch(err: DomainError, host: ArgumentsHost): void;
+}
+//# sourceMappingURL=domain-exception.filter.d.ts.map

package/dist/domain-exception.filter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"domain-exception.filter.d.ts","sourceRoot":"","sources":["../src/domain-exception.filter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AACjD,OAAO,EAAE,aAAa,EAAS,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAItE,oDAAoD;AACpD,qBACa,qBAAsB,YAAW,eAAe;IAC3D,KAAK,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,aAAa,GAAG,IAAI;CAInD"}

package/dist/domain-exception.filter.js

@@ -0,0 +1,23 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DomainExceptionFilter = void 0;
+const core_server_1 = require("@heejun/core-server");
+const common_1 = require("@nestjs/common");
+/** core-server DomainError 를 적절한 HTTP 상태/바디로 매핑. */
+let DomainExceptionFilter = class DomainExceptionFilter {
+    catch(err, host) {
+        const res = host.switchToHttp().getResponse();
+        res.status(err.httpStatus).json(err.toBody());
+    }
+};
+exports.DomainExceptionFilter = DomainExceptionFilter;
+exports.DomainExceptionFilter = DomainExceptionFilter = __decorate([
+    (0, common_1.Catch)(core_server_1.DomainError)
+], DomainExceptionFilter);
+//# sourceMappingURL=domain-exception.filter.js.map

package/dist/domain-exception.filter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"domain-exception.filter.js","sourceRoot":"","sources":["../src/domain-exception.filter.ts"],"names":[],"mappings":";;;;;;;;;AAAA,qDAAiD;AACjD,2CAAsE;AAItE,oDAAoD;AAE7C,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAChC,KAAK,CAAC,GAAgB,EAAE,IAAmB;QACzC,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,WAAW,EAAgB,CAAA;QAC3D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IAC/C,CAAC;CACF,CAAA;AALY,sDAAqB;gCAArB,qBAAqB;IADjC,IAAA,cAAK,EAAC,yBAAW,CAAC;GACN,qBAAqB,CAKjC"}

package/dist/http-types.d.ts

@@ -0,0 +1,12 @@
+import type { Principal } from '@heejun/contracts';
+/** 프레임워크 비의존 요청/응답 최소 형태(express 타입 의존 회피). */
+export interface AuthedRequest {
+    headers: Record<string, string | undefined>;
+    principal?: Principal;
+}
+export interface JsonResponse {
+    status(code: number): {
+        json(body: unknown): void;
+    };
+}
+//# sourceMappingURL=http-types.d.ts.map

package/dist/http-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-types.d.ts","sourceRoot":"","sources":["../src/http-types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAElD,+CAA+C;AAC/C,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;IAC3C,SAAS,CAAC,EAAE,SAAS,CAAA;CACtB;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG;QAAE,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAA;KAAE,CAAA;CACpD"}

package/dist/http-types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=http-types.js.map

package/dist/http-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-types.js","sourceRoot":"","sources":["../src/http-types.ts"],"names":[],"mappings":""}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+export { AuthModule, type AuthModuleOptions } from './auth.module';
+export { AuthController } from './auth.controller';
+export { JwtAuthGuard } from './jwt-auth.guard';
+export { RolesGuard, Roles, ROLES_KEY } from './roles.guard';
+export { CurrentUser } from './current-user.decorator';
+export { DomainExceptionFilter } from './domain-exception.filter';
+export { extractBearerToken } from './bearer';
+export type { AuthedRequest, JsonResponse } from './http-types';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,KAAK,iBAAiB,EAAE,MAAM,eAAe,CAAA;AAClE,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAA;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAA;AAC7C,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA"}

package/dist/index.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractBearerToken = exports.DomainExceptionFilter = exports.CurrentUser = exports.ROLES_KEY = exports.Roles = exports.RolesGuard = exports.JwtAuthGuard = exports.AuthController = exports.AuthModule = void 0;
+var auth_module_1 = require("./auth.module");
+Object.defineProperty(exports, "AuthModule", { enumerable: true, get: function () { return auth_module_1.AuthModule; } });
+var auth_controller_1 = require("./auth.controller");
+Object.defineProperty(exports, "AuthController", { enumerable: true, get: function () { return auth_controller_1.AuthController; } });
+var jwt_auth_guard_1 = require("./jwt-auth.guard");
+Object.defineProperty(exports, "JwtAuthGuard", { enumerable: true, get: function () { return jwt_auth_guard_1.JwtAuthGuard; } });
+var roles_guard_1 = require("./roles.guard");
+Object.defineProperty(exports, "RolesGuard", { enumerable: true, get: function () { return roles_guard_1.RolesGuard; } });
+Object.defineProperty(exports, "Roles", { enumerable: true, get: function () { return roles_guard_1.Roles; } });
+Object.defineProperty(exports, "ROLES_KEY", { enumerable: true, get: function () { return roles_guard_1.ROLES_KEY; } });
+var current_user_decorator_1 = require("./current-user.decorator");
+Object.defineProperty(exports, "CurrentUser", { enumerable: true, get: function () { return current_user_decorator_1.CurrentUser; } });
+var domain_exception_filter_1 = require("./domain-exception.filter");
+Object.defineProperty(exports, "DomainExceptionFilter", { enumerable: true, get: function () { return domain_exception_filter_1.DomainExceptionFilter; } });
+var bearer_1 = require("./bearer");
+Object.defineProperty(exports, "extractBearerToken", { enumerable: true, get: function () { return bearer_1.extractBearerToken; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,6CAAkE;AAAzD,yGAAA,UAAU,OAAA;AACnB,qDAAkD;AAAzC,iHAAA,cAAc,OAAA;AACvB,mDAA+C;AAAtC,8GAAA,YAAY,OAAA;AACrB,6CAA4D;AAAnD,yGAAA,UAAU,OAAA;AAAE,oGAAA,KAAK,OAAA;AAAE,wGAAA,SAAS,OAAA;AACrC,mEAAsD;AAA7C,qHAAA,WAAW,OAAA;AACpB,qEAAiE;AAAxD,gIAAA,qBAAqB,OAAA;AAC9B,mCAA6C;AAApC,4GAAA,kBAAkB,OAAA"}

package/dist/jwt-auth.guard.d.ts

@@ -0,0 +1,9 @@
+import { AuthService } from '@heejun/auth';
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+/** Bearer 액세스 토큰을 검증해 req.principal 주입. */
+export declare class JwtAuthGuard implements CanActivate {
+    private readonly auth;
+    constructor(auth: AuthService);
+    canActivate(ctx: ExecutionContext): Promise<boolean>;
+}
+//# sourceMappingURL=jwt-auth.guard.d.ts.map

package/dist/jwt-auth.guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-auth.guard.d.ts","sourceRoot":"","sources":["../src/jwt-auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAqC,MAAM,gBAAgB,CAAA;AAKjG,2CAA2C;AAC3C,qBACa,YAAa,YAAW,WAAW;IAClC,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,WAAW;IAExC,WAAW,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAW3D"}

package/dist/jwt-auth.guard.js

@@ -0,0 +1,40 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtAuthGuard = void 0;
+const auth_1 = require("@heejun/auth");
+const common_1 = require("@nestjs/common");
+const bearer_1 = require("./bearer");
+/** Bearer 액세스 토큰을 검증해 req.principal 주입. */
+let JwtAuthGuard = class JwtAuthGuard {
+    constructor(auth) {
+        this.auth = auth;
+    }
+    async canActivate(ctx) {
+        const req = ctx.switchToHttp().getRequest();
+        const token = (0, bearer_1.extractBearerToken)(req.headers.authorization);
+        if (!token)
+            throw new common_1.UnauthorizedException();
+        try {
+            req.principal = await this.auth.verifyAccessToken(token);
+            return true;
+        }
+        catch {
+            throw new common_1.UnauthorizedException();
+        }
+    }
+};
+exports.JwtAuthGuard = JwtAuthGuard;
+exports.JwtAuthGuard = JwtAuthGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [auth_1.AuthService])
+], JwtAuthGuard);
+//# sourceMappingURL=jwt-auth.guard.js.map

package/dist/jwt-auth.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-auth.guard.js","sourceRoot":"","sources":["../src/jwt-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,uCAA0C;AAC1C,2CAAiG;AAEjG,qCAA6C;AAG7C,2CAA2C;AAEpC,IAAM,YAAY,GAAlB,MAAM,YAAY;IACvB,YAA6B,IAAiB;QAAjB,SAAI,GAAJ,IAAI,CAAa;IAAG,CAAC;IAElD,KAAK,CAAC,WAAW,CAAC,GAAqB;QACrC,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC,UAAU,EAAiB,CAAA;QAC1D,MAAM,KAAK,GAAG,IAAA,2BAAkB,EAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QAC3D,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,8BAAqB,EAAE,CAAA;QAC7C,IAAI,CAAC;YACH,GAAG,CAAC,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAA;YACxD,OAAO,IAAI,CAAA;QACb,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,8BAAqB,EAAE,CAAA;QACnC,CAAC;IACH,CAAC;CACF,CAAA;AAdY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;qCAEwB,kBAAW;GADnC,YAAY,CAcxB"}

package/dist/roles.guard.d.ts

@@ -0,0 +1,12 @@
+import { Role } from '@heejun/contracts';
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+export declare const ROLES_KEY = "heejun:roles";
+/** 핸들러/컨트롤러에 필요한 역할 표시. JwtAuthGuard 뒤에 둔다. */
+export declare const Roles: (...roles: Role[]) => import("@nestjs/common").CustomDecorator<string>;
+export declare class RolesGuard implements CanActivate {
+    private readonly reflector;
+    constructor(reflector: Reflector);
+    canActivate(ctx: ExecutionContext): boolean;
+}
+//# sourceMappingURL=roles.guard.d.ts.map

package/dist/roles.guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"roles.guard.d.ts","sourceRoot":"","sources":["../src/roles.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAsB,IAAI,EAAE,MAAM,mBAAmB,CAAA;AAC5D,OAAO,EACL,WAAW,EACX,gBAAgB,EAIjB,MAAM,gBAAgB,CAAA;AACvB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAExC,eAAO,MAAM,SAAS,iBAAiB,CAAA;AAEvC,+CAA+C;AAC/C,eAAO,MAAM,KAAK,GAAI,GAAG,OAAO,IAAI,EAAE,qDAAkC,CAAA;AAExE,qBACa,UAAW,YAAW,WAAW;IAChC,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAAT,SAAS,EAAE,SAAS;IAEjD,WAAW,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO;CAa5C"}

package/dist/roles.guard.js

@@ -0,0 +1,44 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RolesGuard = exports.Roles = exports.ROLES_KEY = void 0;
+const contracts_1 = require("@heejun/contracts");
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+exports.ROLES_KEY = 'heejun:roles';
+/** 핸들러/컨트롤러에 필요한 역할 표시. JwtAuthGuard 뒤에 둔다. */
+const Roles = (...roles) => (0, common_1.SetMetadata)(exports.ROLES_KEY, roles);
+exports.Roles = Roles;
+let RolesGuard = class RolesGuard {
+    constructor(reflector) {
+        this.reflector = reflector;
+    }
+    canActivate(ctx) {
+        const required = this.reflector.getAllAndOverride(exports.ROLES_KEY, [
+            ctx.getHandler(),
+            ctx.getClass(),
+        ]);
+        if (!required || required.length === 0)
+            return true;
+        const req = ctx.switchToHttp().getRequest();
+        const principal = req.principal;
+        if (!principal || !required.some((role) => (0, contracts_1.hasRole)(principal, role))) {
+            throw new common_1.ForbiddenException();
+        }
+        return true;
+    }
+};
+exports.RolesGuard = RolesGuard;
+exports.RolesGuard = RolesGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [core_1.Reflector])
+], RolesGuard);
+//# sourceMappingURL=roles.guard.js.map

package/dist/roles.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roles.guard.js","sourceRoot":"","sources":["../src/roles.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,iDAA4D;AAC5D,2CAMuB;AACvB,uCAAwC;AAE3B,QAAA,SAAS,GAAG,cAAc,CAAA;AAEvC,+CAA+C;AACxC,MAAM,KAAK,GAAG,CAAC,GAAG,KAAa,EAAE,EAAE,CAAC,IAAA,oBAAW,EAAC,iBAAS,EAAE,KAAK,CAAC,CAAA;AAA3D,QAAA,KAAK,SAAsD;AAGjE,IAAM,UAAU,GAAhB,MAAM,UAAU;IACrB,YAA6B,SAAoB;QAApB,cAAS,GAAT,SAAS,CAAW;IAAG,CAAC;IAErD,WAAW,CAAC,GAAqB;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAqB,iBAAS,EAAE;YAC/E,GAAG,CAAC,UAAU,EAAE;YAChB,GAAG,CAAC,QAAQ,EAAE;SACf,CAAC,CAAA;QACF,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QACnD,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC,UAAU,EAA6B,CAAA;QACtE,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,CAAA;QAC/B,IAAI,CAAC,SAAS,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAA,mBAAO,EAAC,SAAS,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,2BAAkB,EAAE,CAAA;QAChC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;CACF,CAAA;AAhBY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;qCAE6B,gBAAS;GADtC,UAAU,CAgBtB"}

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "@heejun/auth-nest",
+  "version": "0.1.0",
+  "description": "NestJS 어댑터: AuthModule·AuthController·JwtAuthGuard·RolesGuard·@CurrentUser (tsc 빌드, 데코레이터 메타데이터 보존)",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "@heejun/auth": "0.1.0",
+    "@heejun/core-server": "0.1.0",
+    "@heejun/contracts": "0.1.0"
+  },
+  "peerDependencies": {
+    "@nestjs/common": "^11.0.0",
+    "@nestjs/core": "^11.0.0",
+    "reflect-metadata": "^0.2.0"
+  },
+  "devDependencies": {
+    "@nestjs/common": "^11.0.0",
+    "@nestjs/core": "^11.0.0",
+    "reflect-metadata": "^0.2.2",
+    "rxjs": "^7.8.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "dev": "tsc -p tsconfig.build.json --watch",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run"
+  }
+}