@iquadras/shared-guards 0.0.1

package/.gitattributes

@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto

package/LICENSE

@@ -0,0 +1,24 @@
+Copyright (c) iQuadras. All Rights Reserved.
+
+Este software e seu código-fonte são protegidos por direitos autorais e pertencem exclusivamente à iQuadras.
+
+1. Direitos reservados
+   Todo o direito de propriedade intelectual sobre o software permanece com a iQuadras. Nenhum direito de uso é concedido além do expressamente autorizado por contrato ou por escrito.
+
+2. Uso permitido
+   • Em servidores da iQuadras.
+   • Em ambiente local ou em servidor do cliente, quando houver contrato ou autorização escrita da iQuadras.
+
+3. Restrições
+   É proibido, sem autorização prévia por escrito: reproduzir, distribuir, modificar, sublicenciar, fazer engenharia reversa ou utilizar o software para fins não autorizados. O código e as informações técnicas são confidenciais.
+
+4. Sem licenças implícitas
+   Nada neste documento concede direitos a terceiros ou implica qualquer relação contratual além do acordado por escrito com a iQuadras.
+
+5. Sem garantias
+   O software é fornecido "como está" (as is), sem garantias de qualquer tipo, expressas ou implícitas, incluindo comercialização ou adequação a um propósito específico.
+
+6. Limitação de responsabilidade
+   Em nenhuma hipótese a iQuadras será responsável por danos diretos, indiretos, incidentais ou consequenciais decorrentes do uso ou da impossibilidade de uso do software.
+
+Contato para licenciamento: canais oficiais da iQuadras.

package/README.md

@@ -0,0 +1,201 @@
+# @iquadras/shared-guards
+
+Guards compartilhados para autenticação e autorização JWT no ecossistema iQuadras.
+
+## Geral
+
+### Hierarquia de permissões
+
+1. **superAdmin** — Acesso total ao sistema (admin iQuadras)
+2. **isAdmin na organização** — Acesso total naquela organização (dono do centro)
+3. **Módulos** — Acesso apenas aos módulos em `permissions[].modules`
+
+### Módulos disponíveis
+
+| Módulo | Descrição |
+|--------|-----------|
+| `MODULES.BOOKING` | Reserva de quadras |
+| `MODULES.CLASSES` | Aulas |
+| `MODULES.REPLAY` | Replay |
+
+### Funções de permissão (core)
+
+- `isSuperAdmin(user)` — É super admin?
+- `isOrgAdmin(user, organizationId)` — É admin da org ou super admin?
+- `hasModuleAccess(user, organizationId, module)` — Tem acesso ao módulo na org?
+
+### Header do JWT
+
+O token deve ser enviado em **`x-auth-access-token`**.
+
+---
+
+## NestJS
+
+### Instalação
+
+```bash
+npm install @iquadras/shared-guards @nestjs/jwt
+```
+
+### Configuração
+
+**1.** Defina `JWT_SECRET` no `.env`
+
+**2.** Importe o módulo no `AppModule`:
+
+```typescript
+import { SharedGuardsModule } from '@iquadras/shared-guards';
+
+@Module({
+  imports: [SharedGuardsModule.forRoot()],
+})
+export class AppModule {}
+```
+
+**3.** Remova o `JwtModule` de outros módulos — o `SharedGuardsModule` já registra globalmente.
+
+**4.** (Opcional) Logs em `main.ts`:
+
+```typescript
+const app = await NestFactory.create(AppModule, {
+  logger: ['error', 'warn', 'log', 'debug'],
+});
+```
+
+### Uso
+
+Rotas são públicas por padrão. Use decorators para proteger.
+
+| Decorator | Quem tem acesso |
+|-----------|-----------------|
+| `@RequireAnyAuth()` | Qualquer usuário autenticado |
+| `@RequireSuperAdminAuth()` | Apenas super admins |
+| `@RequireOrganizationAdminAuth({ organizationIdSource })` | Super admins ou admin da organização |
+| `@RequireModuleAuth(module, { organizationIdSource })` | Super admin, admin da org ou usuário com o módulo |
+
+**OrganizationId:** `@RequireOrganizationAdminAuth` e `@RequireModuleAuth` exigem `organizationIdSource` — informe sempre de onde virá o ID (params, query ou body):
+
+```typescript
+import { RequireAnyAuth, GetUser, RequireModuleAuth, RequireOrganizationAdminAuth, RequireSuperAdminAuth, MODULES } from '@iquadras/shared-guards';
+
+@Controller('organizations/:organizationId/reservas')
+export class ReservasController {
+  @Get(':id') findOne(@Param('id') id: string) { /* público */ }
+
+  // organizationId no path (params)
+  @Post() @RequireModuleAuth(MODULES.BOOKING, { organizationIdSource: 'params.organizationId' }) create(@Body() dto: CreateReservaDto) { }
+
+  // organizationId no body
+  @Post('outra-rota') @RequireModuleAuth(MODULES.BOOKING, { organizationIdSource: 'body.organizationId' }) createFromBody(@Body() dto: Dto) { }
+
+  // organizationId na query
+  @Get() @RequireOrganizationAdminAuth({ organizationIdSource: 'query.orgId' }) list(@Query() q: { orgId: string }) { }
+
+  @Patch(':id/estornar') @RequireOrganizationAdminAuth({ organizationIdSource: 'params.organizationId' }) estornar(@Param('id') id: string) { }
+
+  @Delete(':id') @RequireSuperAdminAuth() remove(@Param('id') id: string) { }
+}
+```
+
+Paths comuns: `params.organizationId`, `params.orgId`, `query.organizationId`, `query.orgId`, `body.organizationId`, `body.orgId`. Pode passar array para tentar na ordem: `{ organizationIdSource: ['body.organizationId', 'query.orgId'] }`.
+
+**Quando o organizationId é descoberto no processo** (ex: buscando um recurso pelo id e obtendo a org dele), valide manualmente no controller com as funções do core:
+
+```typescript
+import { isOrgAdmin, hasModuleAccess, GetUser } from '@iquadras/shared-guards';
+import type { JwtPayload } from '@iquadras/shared-guards';
+
+// No controller, após buscar o recurso:
+const reserva = await this.reservasService.findOne(id);
+const user = request.user as JwtPayload;
+if (!isOrgAdmin(user, reserva.organizationId)) {
+  throw new ForbiddenException('Sem permissão');
+}
+```
+
+---
+
+## Adonis
+
+### Instalação
+
+```bash
+npm install @iquadras/shared-guards
+```
+
+### Uso
+
+As funções recebem o token e fazem a validação internamente:
+
+```typescript
+import {
+  getTokenFromHeader,
+  isSuperAdmin,
+  isOrgAdmin,
+  hasModuleAccess,
+  MODULES,
+  AUTH_ACCESS_TOKEN_HEADER,
+} from '@iquadras/shared-guards/adonis';
+
+// Exemplo no middleware
+export default class RequireSuperAdminMiddleware {
+  async handle(ctx: HttpContext, next: NextFn) {
+    const token = getTokenFromHeader(ctx.request.header(AUTH_ACCESS_TOKEN_HEADER));
+    if (!token) return ctx.response.unauthorized({ message: 'Token não informado' });
+
+    if (!(await isSuperAdmin(token))) {
+      return ctx.response.forbidden({ message: 'Acesso negado' });
+    }
+    await next();
+  }
+}
+```
+
+---
+
+## React
+
+### Instalação
+
+```bash
+npm install @iquadras/shared-guards
+```
+
+### Uso
+
+As funções recebem o token e fazem o decode internamente (sem validar — no client não temos o secret):
+
+```typescript
+import {
+  isSuperAdmin,
+  isOrgAdmin,
+  hasModuleAccess,
+  MODULES,
+} from '@iquadras/shared-guards/react';
+
+// No componente — token do localStorage, contexto de auth, etc.
+const token = getTokenFromStorage(); // sua função
+
+const canCreate = hasModuleAccess(token, orgId, MODULES.BOOKING);
+const isAdmin = isOrgAdmin(token, orgId);
+const isSuper = isSuperAdmin(token);
+```
+
+> **Atenção:** O decode no React não valida a assinatura. Use apenas para UI (exibir/esconder elementos). A validação real ocorre na API.
+
+---
+
+## Core
+
+Para usar apenas a lógica (sem framework):
+
+```typescript
+import {
+  isSuperAdmin,
+  isOrgAdmin,
+  hasModuleAccess,
+  decodeToken,
+  MODULES,
+} from '@iquadras/shared-guards/core';
+```

package/dist/adonis/index.d.ts

@@ -0,0 +1,7 @@
+export { MODULES, AUTH_ACCESS_TOKEN_HEADER } from '../core';
+export { verifyToken } from './jwt';
+export type { JwtPayload, OrganizationPermission, ModuleType } from '../core';
+export declare function getTokenFromHeader(header: string | string[] | undefined): string | undefined;
+export declare function isSuperAdmin(token: string): Promise<boolean>;
+export declare function isOrgAdmin(token: string, organizationId: string): Promise<boolean>;
+export declare function hasModuleAccess(token: string, organizationId: string, module: string): Promise<boolean>;

package/dist/adonis/index.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyToken = exports.AUTH_ACCESS_TOKEN_HEADER = exports.MODULES = void 0;
+exports.getTokenFromHeader = getTokenFromHeader;
+exports.isSuperAdmin = isSuperAdmin;
+exports.isOrgAdmin = isOrgAdmin;
+exports.hasModuleAccess = hasModuleAccess;
+const permissions_1 = require("../core/permissions");
+const jwt_1 = require("./jwt");
+var core_1 = require("../core");
+Object.defineProperty(exports, "MODULES", { enumerable: true, get: function () { return core_1.MODULES; } });
+Object.defineProperty(exports, "AUTH_ACCESS_TOKEN_HEADER", { enumerable: true, get: function () { return core_1.AUTH_ACCESS_TOKEN_HEADER; } });
+var jwt_2 = require("./jwt");
+Object.defineProperty(exports, "verifyToken", { enumerable: true, get: function () { return jwt_2.verifyToken; } });
+function getTokenFromHeader(header) {
+    if (typeof header === 'string')
+        return header;
+    if (Array.isArray(header) && header.length > 0)
+        return header[0];
+    return undefined;
+}
+async function isSuperAdmin(token) {
+    const user = await (0, jwt_1.verifyToken)(token);
+    return (0, permissions_1.isSuperAdmin)(user);
+}
+async function isOrgAdmin(token, organizationId) {
+    const user = await (0, jwt_1.verifyToken)(token);
+    return (0, permissions_1.isOrgAdmin)(user, organizationId);
+}
+async function hasModuleAccess(token, organizationId, module) {
+    const user = await (0, jwt_1.verifyToken)(token);
+    return (0, permissions_1.hasModuleAccess)(user, organizationId, module);
+}
+//# sourceMappingURL=index.js.map

package/dist/adonis/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/adonis/index.ts"],"names":[],"mappings":";;;AAmBA,gDAMC;AAED,oCAGC;AAED,gCAMC;AAED,0CAOC;AA3CD,qDAI6B;AAE7B,+BAAoC;AAEpC,gCAA4D;AAAnD,+FAAA,OAAO,OAAA;AAAE,gHAAA,wBAAwB,OAAA;AAC1C,6BAAoC;AAA3B,kGAAA,WAAW,OAAA;AAMpB,SAAgB,kBAAkB,CAChC,MAAqC;IAErC,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC;IAC9C,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;IACjE,OAAO,SAAS,CAAC;AACnB,CAAC;AAEM,KAAK,UAAU,YAAY,CAAC,KAAa;IAC9C,MAAM,IAAI,GAAG,MAAM,IAAA,iBAAW,EAAC,KAAK,CAAC,CAAC;IACtC,OAAO,IAAA,0BAAgB,EAAC,IAAI,CAAC,CAAC;AAChC,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,KAAa,EACb,cAAsB;IAEtB,MAAM,IAAI,GAAG,MAAM,IAAA,iBAAW,EAAC,KAAK,CAAC,CAAC;IACtC,OAAO,IAAA,wBAAc,EAAC,IAAI,EAAE,cAAc,CAAC,CAAC;AAC9C,CAAC;AAEM,KAAK,UAAU,eAAe,CACnC,KAAa,EACb,cAAsB,EACtB,MAAc;IAEd,MAAM,IAAI,GAAG,MAAM,IAAA,iBAAW,EAAC,KAAK,CAAC,CAAC;IACtC,OAAO,IAAA,6BAAmB,EAAC,IAAI,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC;AAC3D,CAAC"}

package/dist/adonis/jwt.d.ts

@@ -0,0 +1,2 @@
+import type { JwtPayload } from '../core/types';
+export declare function verifyToken(token: string, secret?: string): Promise<JwtPayload>;

package/dist/adonis/jwt.js

@@ -0,0 +1,46 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyToken = verifyToken;
+const jwt = __importStar(require("jsonwebtoken"));
+async function verifyToken(token, secret) {
+    const key = secret ?? process.env.JWT_SECRET;
+    if (!key) {
+        throw new Error('JWT_SECRET deve ser definido na variável de ambiente');
+    }
+    const payload = jwt.verify(token, key);
+    return payload;
+}
+//# sourceMappingURL=jwt.js.map

package/dist/adonis/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../src/adonis/jwt.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOA,kCAUC;AAjBD,kDAAoC;AAO7B,KAAK,UAAU,WAAW,CAC/B,KAAa,EACb,MAAe;IAEf,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IAC7C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAe,CAAC;IACrD,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/core/constants.d.ts

@@ -0,0 +1,7 @@
+export declare const AUTH_ACCESS_TOKEN_HEADER = "x-auth-access-token";
+export declare const MODULES: {
+    readonly BOOKING: "BOOKING";
+    readonly CLASSES: "CLASSES";
+    readonly REPLAY: "REPLAY";
+};
+export type ModuleType = (typeof MODULES)[keyof typeof MODULES];

package/dist/core/constants.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MODULES = exports.AUTH_ACCESS_TOKEN_HEADER = void 0;
+exports.AUTH_ACCESS_TOKEN_HEADER = 'x-auth-access-token';
+exports.MODULES = {
+    BOOKING: 'BOOKING',
+    CLASSES: 'CLASSES',
+    REPLAY: 'REPLAY',
+};
+//# sourceMappingURL=constants.js.map

package/dist/core/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/core/constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,wBAAwB,GAAG,qBAAqB,CAAC;AAEjD,QAAA,OAAO,GAAG;IACrB,OAAO,EAAE,SAAS;IAClB,OAAO,EAAE,SAAS;IAClB,MAAM,EAAE,QAAQ;CACR,CAAC"}

package/dist/core/index.d.ts

@@ -0,0 +1,4 @@
+export * from './types';
+export * from './constants';
+export * from './permissions';
+export * from './jwt';

package/dist/core/index.js

@@ -0,0 +1,21 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./types"), exports);
+__exportStar(require("./constants"), exports);
+__exportStar(require("./permissions"), exports);
+__exportStar(require("./jwt"), exports);
+//# sourceMappingURL=index.js.map

package/dist/core/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwB;AACxB,8CAA4B;AAC5B,gDAA8B;AAC9B,wCAAsB"}

package/dist/core/jwt.d.ts

@@ -0,0 +1,2 @@
+import type { JwtPayload } from './types';
+export declare function decodeToken(token: string): JwtPayload;

package/dist/core/jwt.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decodeToken = decodeToken;
+function decodeToken(token) {
+    const parts = token.split('.');
+    if (parts.length !== 3) {
+        throw new Error('Token JWT inválido');
+    }
+    const base64 = parts[1].replace(/-/g, '+').replace(/_/g, '/');
+    const pad = base64.length % 4;
+    const padded = pad ? base64 + '='.repeat(4 - pad) : base64;
+    const json = typeof atob !== 'undefined'
+        ? atob(padded)
+        : Buffer.from(padded, 'base64').toString('utf-8');
+    return JSON.parse(json);
+}
+//# sourceMappingURL=jwt.js.map

package/dist/core/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../src/core/jwt.ts"],"names":[],"mappings":";;AAOA,kCAaC;AAbD,SAAgB,WAAW,CAAC,KAAa;IACvC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IACD,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC9D,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAC3D,MAAM,IAAI,GACR,OAAO,IAAI,KAAK,WAAW;QACzB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;QACd,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACtD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAe,CAAC;AACxC,CAAC"}

package/dist/core/permissions.d.ts

@@ -0,0 +1,4 @@
+import type { JwtPayload } from './types';
+export declare function isSuperAdmin(user: JwtPayload): boolean;
+export declare function isOrgAdmin(user: JwtPayload, organizationId: string): boolean;
+export declare function hasModuleAccess(user: JwtPayload, organizationId: string, module: string): boolean;

package/dist/core/permissions.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isSuperAdmin = isSuperAdmin;
+exports.isOrgAdmin = isOrgAdmin;
+exports.hasModuleAccess = hasModuleAccess;
+function findOrgPermission(user, organizationId) {
+    return user.permissions?.find((p) => p.organizationId.toLowerCase() === organizationId.toLowerCase());
+}
+function isSuperAdmin(user) {
+    return user.superAdmin === true;
+}
+function isOrgAdmin(user, organizationId) {
+    if (user.superAdmin)
+        return true;
+    const perm = findOrgPermission(user, organizationId);
+    return perm?.isAdmin === true;
+}
+function hasModuleAccess(user, organizationId, module) {
+    if (user.superAdmin)
+        return true;
+    const perm = findOrgPermission(user, organizationId);
+    if (!perm)
+        return false;
+    if (perm.isAdmin)
+        return true;
+    return perm.modules.includes(module);
+}
+//# sourceMappingURL=permissions.js.map

package/dist/core/permissions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions.js","sourceRoot":"","sources":["../../src/core/permissions.ts"],"names":[],"mappings":";;AAWA,oCAEC;AAED,gCAIC;AAED,0CAUC;AA7BD,SAAS,iBAAiB,CACxB,IAAgB,EAChB,cAAsB;IAEtB,OAAO,IAAI,CAAC,WAAW,EAAE,IAAI,CAC3B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,WAAW,EAAE,KAAK,cAAc,CAAC,WAAW,EAAE,CACvE,CAAC;AACJ,CAAC;AAED,SAAgB,YAAY,CAAC,IAAgB;IAC3C,OAAO,IAAI,CAAC,UAAU,KAAK,IAAI,CAAC;AAClC,CAAC;AAED,SAAgB,UAAU,CAAC,IAAgB,EAAE,cAAsB;IACjE,IAAI,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACjC,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACrD,OAAO,IAAI,EAAE,OAAO,KAAK,IAAI,CAAC;AAChC,CAAC;AAED,SAAgB,eAAe,CAC7B,IAAgB,EAChB,cAAsB,EACtB,MAAc;IAEd,IAAI,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACjC,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACrD,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IACxB,IAAI,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACvC,CAAC"}

package/dist/core/types.d.ts

@@ -0,0 +1,19 @@
+export interface OrganizationPermission {
+    organizationId: string;
+    isAdmin: boolean;
+    modules: string[];
+}
+export interface JwtPayload {
+    sub: string;
+    email: string;
+    phone?: string;
+    name?: string;
+    documentType?: string;
+    document?: string;
+    avatar?: string;
+    isVerified?: boolean;
+    superAdmin: boolean;
+    permissions?: OrganizationPermission[];
+    iat?: number;
+    exp?: number;
+}

package/dist/core/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/core/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":""}

package/dist/index.d.ts

@@ -0,0 +1 @@
+export * from './nestjs';

package/dist/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./nestjs"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAOA,2CAAyB"}

package/dist/nestjs/constants.d.ts

@@ -0,0 +1,3 @@
+import { AUTH_ACCESS_TOKEN_HEADER } from '../core/constants';
+export { AUTH_ACCESS_TOKEN_HEADER };
+export declare const REQUIRES_AUTH_KEY = "requiresAuth";

package/dist/nestjs/constants.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.REQUIRES_AUTH_KEY = exports.AUTH_ACCESS_TOKEN_HEADER = void 0;
+const constants_1 = require("../core/constants");
+Object.defineProperty(exports, "AUTH_ACCESS_TOKEN_HEADER", { enumerable: true, get: function () { return constants_1.AUTH_ACCESS_TOKEN_HEADER; } });
+exports.REQUIRES_AUTH_KEY = 'requiresAuth';
+//# sourceMappingURL=constants.js.map

package/dist/nestjs/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/nestjs/constants.ts"],"names":[],"mappings":";;;AAAA,iDAA6D;AAEpD,yGAFA,oCAAwB,OAEA;AAEpB,QAAA,iBAAiB,GAAG,cAAc,CAAC"}

package/dist/nestjs/decorators/auth.decorator.d.ts

@@ -0,0 +1 @@
+export declare const RequireAnyAuth: () => import("@nestjs/common").CustomDecorator<string>;

package/dist/nestjs/decorators/auth.decorator.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RequireAnyAuth = void 0;
+const common_1 = require("@nestjs/common");
+const constants_1 = require("../constants");
+const RequireAnyAuth = () => (0, common_1.SetMetadata)(constants_1.REQUIRES_AUTH_KEY, true);
+exports.RequireAnyAuth = RequireAnyAuth;
+//# sourceMappingURL=auth.decorator.js.map

package/dist/nestjs/decorators/auth.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.decorator.js","sourceRoot":"","sources":["../../../src/nestjs/decorators/auth.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAA6C;AAC7C,4CAAiD;AAE1C,MAAM,cAAc,GAAG,GAAG,EAAE,CAAC,IAAA,oBAAW,EAAC,6BAAiB,EAAE,IAAI,CAAC,CAAC;AAA5D,QAAA,cAAc,kBAA8C"}

package/dist/nestjs/decorators/get-user.decorator.d.ts

@@ -0,0 +1,2 @@
+import type { JwtPayload } from '../../core/types';
+export declare const GetUser: (...dataOrPipes: (keyof JwtPayload | import("@nestjs/common").PipeTransform<any, any> | import("@nestjs/common").Type<import("@nestjs/common").PipeTransform<any, any>> | undefined)[]) => ParameterDecorator;

package/dist/nestjs/decorators/get-user.decorator.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GetUser = void 0;
+const common_1 = require("@nestjs/common");
+exports.GetUser = (0, common_1.createParamDecorator)((data, ctx) => {
+    const request = ctx.switchToHttp().getRequest();
+    const user = request.user;
+    if (data)
+        return user?.[data];
+    return user;
+});
+//# sourceMappingURL=get-user.decorator.js.map

package/dist/nestjs/decorators/get-user.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-user.decorator.js","sourceRoot":"","sources":["../../../src/nestjs/decorators/get-user.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAAwE;AAG3D,QAAA,OAAO,GAAG,IAAA,6BAAoB,EACzC,CAAC,IAAkC,EAAE,GAAqB,EAAwB,EAAE;IAClF,MAAM,OAAO,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC,UAAU,EAAwB,CAAC;IACtE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC1B,IAAI,IAAI;QAAE,OAAO,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC;IAC9B,OAAO,IAAI,CAAC;AACd,CAAC,CACF,CAAC"}

package/dist/nestjs/decorators/permissions.decorator.d.ts

@@ -0,0 +1,9 @@
+import type { ModuleType } from '../../core/constants';
+export type PermissionType = 'SUPER_ADMIN_ONLY' | 'ORGANIZATION_ADMIN_ONLY' | 'MODULE_ACCESS';
+export type OrganizationIdSource = string | string[];
+export interface PermissionMetadata {
+    type: PermissionType;
+    module?: ModuleType;
+    organizationIdSource?: OrganizationIdSource;
+}
+export declare const Permission: import("@nestjs/core").ReflectableDecorator<PermissionMetadata, PermissionMetadata>;

package/dist/nestjs/decorators/permissions.decorator.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Permission = void 0;
+const core_1 = require("@nestjs/core");
+exports.Permission = core_1.Reflector.createDecorator();
+//# sourceMappingURL=permissions.decorator.js.map

package/dist/nestjs/decorators/permissions.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions.decorator.js","sourceRoot":"","sources":["../../../src/nestjs/decorators/permissions.decorator.ts"],"names":[],"mappings":";;;AAAA,uCAAyC;AAsB5B,QAAA,UAAU,GAAG,gBAAS,CAAC,eAAe,EAAsB,CAAC"}

package/dist/nestjs/decorators/require-module.decorator.d.ts

@@ -0,0 +1,6 @@
+import type { ModuleType } from '../../core/constants';
+import type { OrganizationIdSource } from './permissions.decorator';
+export interface RequireModuleAuthOptions {
+    organizationIdSource: OrganizationIdSource;
+}
+export declare const RequireModuleAuth: (module: ModuleType, options: RequireModuleAuthOptions) => import("@nestjs/common").CustomDecorator;

package/dist/nestjs/decorators/require-module.decorator.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RequireModuleAuth = void 0;
+const permissions_decorator_1 = require("./permissions.decorator");
+const RequireModuleAuth = (module, options) => (0, permissions_decorator_1.Permission)({
+    type: 'MODULE_ACCESS',
+    module,
+    organizationIdSource: options.organizationIdSource,
+});
+exports.RequireModuleAuth = RequireModuleAuth;
+//# sourceMappingURL=require-module.decorator.js.map

package/dist/nestjs/decorators/require-module.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"require-module.decorator.js","sourceRoot":"","sources":["../../../src/nestjs/decorators/require-module.decorator.ts"],"names":[],"mappings":";;;AAAA,mEAAqD;AAS9C,MAAM,iBAAiB,GAAG,CAAC,MAAkB,EAAE,OAAiC,EAAE,EAAE,CACzF,IAAA,kCAAU,EAAC;IACT,IAAI,EAAE,eAAe;IACrB,MAAM;IACN,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;CACnD,CAAC,CAAC;AALQ,QAAA,iBAAiB,qBAKzB"}

package/dist/nestjs/decorators/require-organization-admin.decorator.d.ts

@@ -0,0 +1,5 @@
+import type { OrganizationIdSource } from './permissions.decorator';
+export interface RequireOrganizationAdminOptions {
+    organizationIdSource: OrganizationIdSource;
+}
+export declare const RequireOrganizationAdminAuth: (options: RequireOrganizationAdminOptions) => import("@nestjs/common").CustomDecorator;

package/dist/nestjs/decorators/require-organization-admin.decorator.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RequireOrganizationAdminAuth = void 0;
+const permissions_decorator_1 = require("./permissions.decorator");
+const RequireOrganizationAdminAuth = (options) => (0, permissions_decorator_1.Permission)({
+    type: 'ORGANIZATION_ADMIN_ONLY',
+    organizationIdSource: options.organizationIdSource,
+});
+exports.RequireOrganizationAdminAuth = RequireOrganizationAdminAuth;
+//# sourceMappingURL=require-organization-admin.decorator.js.map

package/dist/nestjs/decorators/require-organization-admin.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"require-organization-admin.decorator.js","sourceRoot":"","sources":["../../../src/nestjs/decorators/require-organization-admin.decorator.ts"],"names":[],"mappings":";;;AAAA,mEAAqD;AAQ9C,MAAM,4BAA4B,GAAG,CAAC,OAAwC,EAAE,EAAE,CACvF,IAAA,kCAAU,EAAC;IACT,IAAI,EAAE,yBAAyB;IAC/B,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;CACnD,CAAC,CAAC;AAJQ,QAAA,4BAA4B,gCAIpC"}

package/dist/nestjs/decorators/require-super-admin.decorator.d.ts

@@ -0,0 +1 @@
+export declare const RequireSuperAdminAuth: () => import("@nestjs/common").CustomDecorator;