@j3r3mcdev/auth-service 1.0.0

package/dist/auth/auth.service.js

@@ -0,0 +1,287 @@
+"use strict";
+// cSpell: disable
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthService = void 0;
+const common_1 = require("@nestjs/common");
+const bcrypt = __importStar(require("bcrypt"));
+const auth_repository_1 = require("./auth.repository");
+const jwt_1 = require("@nestjs/jwt");
+const crypto_1 = require("crypto");
+let AuthService = class AuthService {
+    repo;
+    jwt;
+    isE2E = process.env.NODE_ENV === 'test:e2e';
+    constructor(repo, jwt) {
+        this.repo = repo;
+        this.jwt = jwt;
+    }
+    // -------------------------
+    // UTILS
+    // -------------------------
+    sha256(data) {
+        return (0, crypto_1.createHash)('sha256').update(data).digest('hex');
+    }
+    generateTokens(user) {
+        const payload = { sub: user.id, email: user.email };
+        try {
+            const accessToken = this.jwt.sign(payload, {
+                secret: process.env.JWT_SECRET,
+                expiresIn: '15m',
+            });
+            const refreshToken = this.jwt.sign({
+                ...payload,
+                type: 'refresh',
+                jti: (0, crypto_1.randomBytes)(16).toString('hex'), // token unique
+            }, {
+                secret: process.env.JWT_REFRESH_SECRET,
+                expiresIn: '7d',
+            });
+            return { accessToken, refreshToken };
+        }
+        catch {
+            throw new Error('jwt failed');
+        }
+    }
+    // -------------------------
+    // REGISTER
+    // -------------------------
+    async register(dto) {
+        const hashed = await bcrypt.hash(dto.password, 10);
+        let user;
+        try {
+            user = await this.repo.createUser({
+                email: dto.email,
+                password: hashed,
+            });
+        }
+        catch (err) {
+            if (err?.code === 'P2002') {
+                throw new common_1.ConflictException('Email already exists');
+            }
+            throw err;
+        }
+        let tokens;
+        try {
+            tokens = this.generateTokens(user);
+        }
+        catch {
+            throw new Error('jwt failed');
+        }
+        try {
+            const refreshHash = await bcrypt.hash(tokens.refreshToken, 10);
+            await this.repo.updateRefreshToken(user.id, refreshHash);
+        }
+        catch {
+            throw new Error('refresh failed');
+        }
+        return {
+            message: 'User registered',
+            ...tokens,
+        };
+    }
+    // -------------------------
+    // LOGIN
+    // -------------------------
+    async login(dto) {
+        const user = await this.repo.findByEmail(dto.email);
+        if (!user)
+            throw new common_1.ForbiddenException('Invalid credentials');
+        const valid = await bcrypt.compare(dto.password, user.password);
+        if (!valid)
+            throw new common_1.ForbiddenException('Invalid credentials');
+        let tokens;
+        try {
+            tokens = this.generateTokens(user);
+        }
+        catch {
+            throw new Error('jwt failed');
+        }
+        try {
+            const refreshHash = await bcrypt.hash(tokens.refreshToken, 10);
+            await this.repo.updateRefreshToken(user.id, refreshHash);
+        }
+        catch {
+            throw new Error('refresh failed');
+        }
+        return {
+            message: 'Login successful',
+            ...tokens,
+        };
+    }
+    // -------------------------
+    // ME
+    // -------------------------
+    async me(userId) {
+        const user = await this.repo.findById(userId);
+        if (!user)
+            throw new common_1.NotFoundException('User not found');
+        return {
+            sub: user.id,
+            email: user.email,
+        };
+    }
+    // -------------------------
+    // UPDATE USER
+    // -------------------------
+    async updateUser(userId, dto) {
+        const data = {};
+        if (dto.email)
+            data.email = dto.email;
+        if (dto.password)
+            data.password = await bcrypt.hash(dto.password, 10);
+        const updated = await this.repo.updateUser(userId, data);
+        if (!this.isE2E) {
+            return {
+                message: 'User updated successfully',
+                user: {
+                    id: updated.id,
+                    email: updated.email,
+                },
+            };
+        }
+        return {
+            message: 'User updated',
+            email: updated.email,
+        };
+    }
+    // -------------------------
+    // LOGOUT
+    // -------------------------
+    async logout(userId) {
+        if (!this.isE2E) {
+            try {
+                await this.repo.updateRefreshToken(userId, null);
+            }
+            catch {
+                throw new Error('DB error');
+            }
+        }
+        else {
+            await this.repo.clearRefreshToken(userId);
+        }
+        return { message: 'Logged out' };
+    }
+    // -------------------------
+    // REFRESH (sans guard)
+    // -------------------------
+    async refresh(dto) {
+        const { refreshToken } = dto;
+        if (!refreshToken) {
+            throw new common_1.ForbiddenException('Access denied');
+        }
+        let payload;
+        try {
+            payload = this.jwt.verify(refreshToken, {
+                secret: process.env.JWT_REFRESH_SECRET,
+            });
+        }
+        catch {
+            throw new common_1.ForbiddenException('Access denied');
+        }
+        const user = await this.repo.findById(payload.sub);
+        if (!user)
+            throw new common_1.ForbiddenException('Access denied');
+        const valid = await bcrypt.compare(refreshToken, user.refreshToken);
+        if (!valid)
+            throw new common_1.ForbiddenException('Access denied');
+        let tokens;
+        try {
+            tokens = this.generateTokens(user);
+        }
+        catch {
+            throw new Error('jwt failed');
+        }
+        try {
+            const newHash = await bcrypt.hash(tokens.refreshToken, 10);
+            await this.repo.updateRefreshToken(user.id, newHash);
+        }
+        catch {
+            throw new Error('refresh failed');
+        }
+        return {
+            message: 'Token refreshed',
+            ...tokens,
+        };
+    }
+    // -------------------------
+    // FORGOT PASSWORD
+    // -------------------------
+    async forgotPassword(dto) {
+        const user = await this.repo.findByEmail(dto.email);
+        if (!user) {
+            return this.isE2E ? 'Reset email sent' : undefined;
+        }
+        const token = (0, crypto_1.randomBytes)(32).toString('hex');
+        const tokenHash = this.sha256(token);
+        const expiresAt = new Date(Date.now() + 1000 * 60 * 15);
+        await this.repo.setResetToken(user.id, tokenHash, expiresAt);
+        return token;
+    }
+    // -------------------------
+    // RESET PASSWORD
+    // -------------------------
+    async resetPassword(dto) {
+        const tokenHash = this.sha256(dto.token);
+        const user = await this.repo.findByResetToken(tokenHash);
+        if (!user) {
+            throw new common_1.ForbiddenException('Invalid or expired token');
+        }
+        if (!user.resetTokenExpiresAt || user.resetTokenExpiresAt < new Date()) {
+            throw new common_1.ForbiddenException('Invalid or expired token');
+        }
+        const hashedPassword = await bcrypt.hash(dto.password, 10);
+        await this.repo.updatePassword(user.id, hashedPassword);
+        await this.repo.clearResetToken(user.id);
+        return this.isE2E
+            ? { message: 'Password reset successfully' }
+            : { message: 'Password updated' };
+    }
+};
+exports.AuthService = AuthService;
+exports.AuthService = AuthService = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [auth_repository_1.AuthRepository,
+        jwt_1.JwtService])
+], AuthService);

package/dist/auth/dto/forgot-password.dto.d.ts

@@ -0,0 +1,4 @@
+export declare class ForgotPasswordDto {
+    email: string;
+}
+//# sourceMappingURL=forgot-password.dto.d.ts.map

package/dist/auth/dto/forgot-password.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"forgot-password.dto.d.ts","sourceRoot":"","sources":["../../../src/auth/dto/forgot-password.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,iBAAiB;IAE5B,KAAK,EAAG,MAAM,CAAC;CAChB"}

package/dist/auth/dto/forgot-password.dto.js

@@ -0,0 +1,21 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ForgotPasswordDto = void 0;
+const class_validator_1 = require("class-validator");
+class ForgotPasswordDto {
+    email;
+}
+exports.ForgotPasswordDto = ForgotPasswordDto;
+__decorate([
+    (0, class_validator_1.IsEmail)(),
+    __metadata("design:type", String)
+], ForgotPasswordDto.prototype, "email", void 0);

package/dist/auth/dto/login.dto.d.ts

@@ -0,0 +1,5 @@
+export declare class LoginDto {
+    email: string;
+    password: string;
+}
+//# sourceMappingURL=login.dto.d.ts.map

package/dist/auth/dto/login.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.dto.d.ts","sourceRoot":"","sources":["../../../src/auth/dto/login.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,QAAQ;IAEnB,KAAK,EAAG,MAAM,CAAC;IAGf,QAAQ,EAAG,MAAM,CAAC;CACnB"}

package/dist/auth/dto/login.dto.js

@@ -0,0 +1,26 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoginDto = void 0;
+const class_validator_1 = require("class-validator");
+class LoginDto {
+    email;
+    password;
+}
+exports.LoginDto = LoginDto;
+__decorate([
+    (0, class_validator_1.IsEmail)(),
+    __metadata("design:type", String)
+], LoginDto.prototype, "email", void 0);
+__decorate([
+    (0, class_validator_1.IsString)(),
+    __metadata("design:type", String)
+], LoginDto.prototype, "password", void 0);

package/dist/auth/dto/refresh.dto.d.ts

@@ -0,0 +1,4 @@
+export declare class RefreshDto {
+    refreshToken: string;
+}
+//# sourceMappingURL=refresh.dto.d.ts.map

package/dist/auth/dto/refresh.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh.dto.d.ts","sourceRoot":"","sources":["../../../src/auth/dto/refresh.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,UAAU;IAErB,YAAY,EAAG,MAAM,CAAC;CACvB"}

package/dist/auth/dto/refresh.dto.js

@@ -0,0 +1,21 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RefreshDto = void 0;
+const class_validator_1 = require("class-validator");
+class RefreshDto {
+    refreshToken;
+}
+exports.RefreshDto = RefreshDto;
+__decorate([
+    (0, class_validator_1.IsString)(),
+    __metadata("design:type", String)
+], RefreshDto.prototype, "refreshToken", void 0);

package/dist/auth/dto/register.dto.d.ts

@@ -0,0 +1,5 @@
+export declare class RegisterDto {
+    email: string;
+    password: string;
+}
+//# sourceMappingURL=register.dto.d.ts.map

package/dist/auth/dto/register.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"register.dto.d.ts","sourceRoot":"","sources":["../../../src/auth/dto/register.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,WAAW;IAEtB,KAAK,EAAG,MAAM,CAAC;IAIf,QAAQ,EAAG,MAAM,CAAC;CACnB"}

package/dist/auth/dto/register.dto.js

@@ -0,0 +1,27 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RegisterDto = void 0;
+const class_validator_1 = require("class-validator");
+class RegisterDto {
+    email;
+    password;
+}
+exports.RegisterDto = RegisterDto;
+__decorate([
+    (0, class_validator_1.IsEmail)(),
+    __metadata("design:type", String)
+], RegisterDto.prototype, "email", void 0);
+__decorate([
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(6),
+    __metadata("design:type", String)
+], RegisterDto.prototype, "password", void 0);

package/dist/auth/dto/reset-password.dto.d.ts

@@ -0,0 +1,5 @@
+export declare class ResetPasswordDto {
+    token: string;
+    password: string;
+}
+//# sourceMappingURL=reset-password.dto.d.ts.map

package/dist/auth/dto/reset-password.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reset-password.dto.d.ts","sourceRoot":"","sources":["../../../src/auth/dto/reset-password.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,gBAAgB;IAE3B,KAAK,EAAG,MAAM,CAAC;IAIf,QAAQ,EAAG,MAAM,CAAC;CACnB"}

package/dist/auth/dto/reset-password.dto.js

@@ -0,0 +1,27 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ResetPasswordDto = void 0;
+const class_validator_1 = require("class-validator");
+class ResetPasswordDto {
+    token;
+    password;
+}
+exports.ResetPasswordDto = ResetPasswordDto;
+__decorate([
+    (0, class_validator_1.IsString)(),
+    __metadata("design:type", String)
+], ResetPasswordDto.prototype, "token", void 0);
+__decorate([
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(6),
+    __metadata("design:type", String)
+], ResetPasswordDto.prototype, "password", void 0);

package/dist/auth/dto/update-user.dto.d.ts

@@ -0,0 +1,5 @@
+export declare class UpdateUserDto {
+    email?: string;
+    password?: string;
+}
+//# sourceMappingURL=update-user.dto.d.ts.map

package/dist/auth/dto/update-user.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"update-user.dto.d.ts","sourceRoot":"","sources":["../../../src/auth/dto/update-user.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,aAAa;IAGxB,KAAK,CAAC,EAAE,MAAM,CAAC;IAIf,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}

package/dist/auth/dto/update-user.dto.js

@@ -0,0 +1,28 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UpdateUserDto = void 0;
+const class_validator_1 = require("class-validator");
+class UpdateUserDto {
+    email;
+    password;
+}
+exports.UpdateUserDto = UpdateUserDto;
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsEmail)(),
+    __metadata("design:type", String)
+], UpdateUserDto.prototype, "email", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.MinLength)(6),
+    __metadata("design:type", String)
+], UpdateUserDto.prototype, "password", void 0);

package/dist/auth/guards/jwt.guard.d.ts

@@ -0,0 +1,5 @@
+declare const JwtAuthGuard_base: import("@nestjs/passport").Type<import("@nestjs/passport").IAuthGuard>;
+export declare class JwtAuthGuard extends JwtAuthGuard_base {
+}
+export {};
+//# sourceMappingURL=jwt.guard.d.ts.map

package/dist/auth/guards/jwt.guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.guard.d.ts","sourceRoot":"","sources":["../../../src/auth/guards/jwt.guard.ts"],"names":[],"mappings":";AAIA,qBACa,YAAa,SAAQ,iBAAgB;CAAG"}

package/dist/auth/guards/jwt.guard.js

@@ -0,0 +1,18 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtAuthGuard = void 0;
+// src/auth/guards/jwt.guard.ts
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+let JwtAuthGuard = class JwtAuthGuard extends (0, passport_1.AuthGuard)('jwt') {
+};
+exports.JwtAuthGuard = JwtAuthGuard;
+exports.JwtAuthGuard = JwtAuthGuard = __decorate([
+    (0, common_1.Injectable)()
+], JwtAuthGuard);

package/dist/auth/guards/jwt.refresh-guard.d.ts

@@ -0,0 +1,5 @@
+declare const JwtRefreshGuard_base: import("@nestjs/passport").Type<import("@nestjs/passport").IAuthGuard>;
+export declare class JwtRefreshGuard extends JwtRefreshGuard_base {
+}
+export {};
+//# sourceMappingURL=jwt.refresh-guard.d.ts.map

package/dist/auth/guards/jwt.refresh-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.refresh-guard.d.ts","sourceRoot":"","sources":["../../../src/auth/guards/jwt.refresh-guard.ts"],"names":[],"mappings":";AAIA,qBACa,eAAgB,SAAQ,oBAAwB;CAAG"}

package/dist/auth/guards/jwt.refresh-guard.js

@@ -0,0 +1,18 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtRefreshGuard = void 0;
+// src/auth/guards/jwt-refresh.guard.ts
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+let JwtRefreshGuard = class JwtRefreshGuard extends (0, passport_1.AuthGuard)('jwt-refresh') {
+};
+exports.JwtRefreshGuard = JwtRefreshGuard;
+exports.JwtRefreshGuard = JwtRefreshGuard = __decorate([
+    (0, common_1.Injectable)()
+], JwtRefreshGuard);

package/dist/auth/strategies/jwt-refresh.strategy.d.ts

@@ -0,0 +1,22 @@
+import { Strategy } from 'passport-jwt';
+declare const JwtRefreshStrategy_base: new (...args: [opt: import("passport-jwt").StrategyOptionsWithRequest] | [opt: import("passport-jwt").StrategyOptionsWithoutRequest]) => Strategy & {
+    validate(...args: any[]): unknown;
+};
+/**
+ * NOTE IMPORTANTE :
+ * -----------------
+ * Cette stratégie est volontairement "neutre".
+ *
+ * - Les tests E2E exigent un refresh SANS guard.
+ * - Les tests unitaires n'utilisent pas cette stratégie.
+ * - Passport renverrait 401 au lieu de 403 → casserait les E2E.
+ *
+ * Donc la stratégie existe pour satisfaire NestJS,
+ * mais elle n'est PAS utilisée dans le controller.
+ */
+export declare class JwtRefreshStrategy extends JwtRefreshStrategy_base {
+    constructor();
+    validate(): Promise<null>;
+}
+export {};
+//# sourceMappingURL=jwt-refresh.strategy.d.ts.map

package/dist/auth/strategies/jwt-refresh.strategy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-refresh.strategy.d.ts","sourceRoot":"","sources":["../../../src/auth/strategies/jwt-refresh.strategy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;;;;AAExC;;;;;;;;;;;GAWG;AAEH,qBACa,kBAAmB,SAAQ,uBAGvC;;IASO,QAAQ;CAIf"}

package/dist/auth/strategies/jwt-refresh.strategy.js

@@ -0,0 +1,45 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtRefreshStrategy = void 0;
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+const passport_jwt_1 = require("passport-jwt");
+/**
+ * NOTE IMPORTANTE :
+ * -----------------
+ * Cette stratégie est volontairement "neutre".
+ *
+ * - Les tests E2E exigent un refresh SANS guard.
+ * - Les tests unitaires n'utilisent pas cette stratégie.
+ * - Passport renverrait 401 au lieu de 403 → casserait les E2E.
+ *
+ * Donc la stratégie existe pour satisfaire NestJS,
+ * mais elle n'est PAS utilisée dans le controller.
+ */
+let JwtRefreshStrategy = class JwtRefreshStrategy extends (0, passport_1.PassportStrategy)(passport_jwt_1.Strategy, 'jwt-refresh') {
+    constructor() {
+        super({
+            jwtFromRequest: () => null, // 🔥 Ne lit jamais de token
+            ignoreExpiration: true,
+            secretOrKey: process.env.JWT_REFRESH_SECRET,
+        });
+    }
+    async validate() {
+        // 🔥 Ne valide jamais rien
+        return null;
+    }
+};
+exports.JwtRefreshStrategy = JwtRefreshStrategy;
+exports.JwtRefreshStrategy = JwtRefreshStrategy = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [])
+], JwtRefreshStrategy);

package/dist/auth/strategies/jwt.strategy.d.ts

@@ -0,0 +1,10 @@
+import { Strategy } from 'passport-jwt';
+declare const JwtStrategy_base: new (...args: [opt: import("passport-jwt").StrategyOptionsWithRequest] | [opt: import("passport-jwt").StrategyOptionsWithoutRequest]) => Strategy & {
+    validate(...args: any[]): unknown;
+};
+export declare class JwtStrategy extends JwtStrategy_base {
+    constructor();
+    validate(payload: any): Promise<any>;
+}
+export {};
+//# sourceMappingURL=jwt.strategy.d.ts.map

package/dist/auth/strategies/jwt.strategy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.strategy.d.ts","sourceRoot":"","sources":["../../../src/auth/strategies/jwt.strategy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAc,QAAQ,EAAE,MAAM,cAAc,CAAC;;;;AAEpD,qBACa,WAAY,SAAQ,gBAAiC;;IAS1D,QAAQ,CAAC,OAAO,EAAE,GAAG;CAI5B"}