npm - @lenan-soft/auth - Versions diffs - 1.0.1 - Mend

@lenan-soft/auth 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/README.md +591 -0
package/dist/index.cjs +45 -0
package/dist/index.cjs.map +1 -0
package/dist/index.d.cts +129 -0
package/dist/index.d.ts +129 -0
package/dist/index.js +17 -0
package/dist/index.js.map +1 -0
package/dist/nestjs/index.cjs +738 -0
package/dist/nestjs/index.cjs.map +1 -0
package/dist/nestjs/index.d.cts +510 -0
package/dist/nestjs/index.d.ts +510 -0
package/dist/nestjs/index.js +709 -0
package/dist/nestjs/index.js.map +1 -0
package/dist/react/index.cjs +560 -0
package/dist/react/index.cjs.map +1 -0
package/dist/react/index.d.cts +285 -0
package/dist/react/index.d.ts +285 -0
package/dist/react/index.js +531 -0
package/dist/react/index.js.map +1 -0
package/dist/react/native/index.cjs +60 -0
package/dist/react/native/index.cjs.map +1 -0
package/dist/react/native/index.d.cts +50 -0
package/dist/react/native/index.d.ts +50 -0
package/dist/react/native/index.js +41 -0
package/dist/react/native/index.js.map +1 -0
package/dist/shared/index.cjs +45 -0
package/dist/shared/index.cjs.map +1 -0
package/dist/shared/index.d.cts +129 -0
package/dist/shared/index.d.ts +129 -0
package/dist/shared/index.js +17 -0
package/dist/shared/index.js.map +1 -0
package/package.json +151 -0

package/dist/nestjs/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/nestjs/index.ts","../../src/nestjs/lenan-auth.module.ts","../../src/nestjs/controllers/auth.controller.ts","../../src/nestjs/decorators/index.ts","../../src/nestjs/dto/index.ts","../../src/nestjs/guards/jwt-auth.guard.ts","../../src/nestjs/guards/refresh-token.guard.ts","../../src/nestjs/interfaces/index.ts","../../src/nestjs/services/auth.service.ts","../../src/nestjs/services/jwt-token.service.ts","../../src/nestjs/services/password.service.ts","../../src/nestjs/strategies/jwt.strategy.ts","../../src/nestjs/strategies/refresh-token.strategy.ts"],"sourcesContent":["// Module\nexport { LenanAuthModule } from \"./lenan-auth.module\";\n\n// Interfaces\nexport { LENAN_AUTH_OPTIONS, LENAN_USER_SERVICE } from \"./interfaces\";\nexport type {\n AccessTokenPayload,\n AuthModuleAsyncOptions,\n AuthModuleOptions,\n AuthOptionsFactory,\n AuthenticatedRequest,\n RefreshTokenPayload,\n UserServiceInterface,\n} from \"./interfaces\";\n\n// Services\nexport { AuthService, JwtTokenService, PasswordService } from \"./services\";\n\n// Guards\nexport { JwtAuthGuard, RefreshTokenGuard } from \"./guards\";\n\n// Strategies\nexport { JwtStrategy, RefreshTokenStrategy } from \"./strategies\";\n\n// Decorators\nexport { CurrentUser, IS_PUBLIC_KEY, Public } from \"./decorators\";\n\n// DTOs\nexport {\n LoginDto,\n MessageResponseDto,\n RefreshTokenDto,\n RegisterDto,\n TokensResponseDto,\n} from \"./dto\";\n\n// Controller\nexport { AuthController } from \"./controllers\";\n\n// Re-export shared types for convenience\nexport type {\n AuthTokens,\n AuthUser,\n BaseUser,\n JwtPayload,\n LoginCredentials,\n RegisterData,\n} from \"../shared\";\n","import { DynamicModule, Module, Provider, Type } from \"@nestjs/common\";\nimport { JwtModule } from \"@nestjs/jwt\";\nimport { PassportModule } from \"@nestjs/passport\";\nimport { AuthController } from \"./controllers\";\nimport {\n LENAN_AUTH_OPTIONS,\n LENAN_USER_SERVICE,\n type AuthModuleAsyncOptions,\n type AuthModuleOptions,\n type AuthOptionsFactory,\n type UserServiceInterface,\n} from \"./interfaces\";\nimport { AuthService, JwtTokenService, PasswordService } from \"./services\";\nimport { JwtStrategy, RefreshTokenStrategy } from \"./strategies\";\n\n/**\n * Lenan Auth Module for NestJS\n *\n * A flexible authentication module supporting JWT access/refresh tokens.\n * Requires consumers to implement UserServiceInterface.\n *\n * @example\n * ```typescript\n * // Sync registration\n * @Module({\n * imports: [\n * LenanAuthModule.register({\n * jwtSecret: 'your-secret',\n * jwtAccessExpiry: '15m',\n * jwtRefreshExpiry: '7d',\n * }, UserService),\n * ],\n * })\n * export class AppModule {}\n *\n * // Async registration with ConfigService\n * @Module({\n * imports: [\n * LenanAuthModule.registerAsync({\n * imports: [ConfigModule],\n * useFactory: (config: ConfigService) => ({\n * jwtSecret: config.get('JWT_SECRET'),\n * jwtAccessExpiry: config.get('JWT_ACCESS_EXPIRY', '15m'),\n * jwtRefreshExpiry: config.get('JWT_REFRESH_EXPIRY', '7d'),\n * }),\n * inject: [ConfigService],\n * }, UserService),\n * ],\n * })\n * export class AppModule {}\n * ```\n */\n@Module({})\nexport class LenanAuthModule {\n /**\n * Register the auth module with synchronous configuration\n *\n * @param options - Auth module configuration options\n * @param userService - Your UserService class implementing UserServiceInterface\n */\n static register(\n options: AuthModuleOptions,\n userService: Type<UserServiceInterface>,\n ): DynamicModule {\n const providers = this.createProviders(options, userService);\n const controllers = options.useController !== false ? [AuthController] : [];\n\n return {\n module: LenanAuthModule,\n imports: [\n PassportModule.register({ defaultStrategy: \"lenan-jwt\" }),\n JwtModule.register({\n secret: options.jwtSecret,\n signOptions: { expiresIn: (options.jwtAccessExpiry ?? \"15m\") as any },\n }),\n ],\n providers,\n controllers,\n exports: [\n AuthService,\n PasswordService,\n JwtTokenService,\n JwtStrategy,\n LENAN_USER_SERVICE,\n ],\n };\n }\n\n /**\n * Register the auth module with async configuration\n *\n * @param asyncOptions - Async configuration options\n * @param userService - Your UserService class implementing UserServiceInterface\n */\n static registerAsync(\n asyncOptions: AuthModuleAsyncOptions,\n userService: Type<UserServiceInterface>,\n ): DynamicModule {\n const providers = this.createAsyncProviders(asyncOptions, userService);\n\n return {\n module: LenanAuthModule,\n imports: [\n ...(asyncOptions.imports ?? []),\n PassportModule.register({ defaultStrategy: \"lenan-jwt\" }),\n JwtModule.registerAsync({\n imports: asyncOptions.imports,\n useFactory: async (...args: any[]) => {\n let options: AuthModuleOptions;\n\n if (asyncOptions.useFactory) {\n options = await asyncOptions.useFactory(...args);\n } else {\n throw new Error(\"useFactory is required for async registration\");\n }\n\n return {\n secret: options.jwtSecret,\n signOptions: {\n expiresIn: (options.jwtAccessExpiry ?? \"15m\") as any,\n },\n };\n },\n inject: asyncOptions.inject ?? [],\n }),\n ],\n providers,\n controllers: [AuthController],\n exports: [\n AuthService,\n PasswordService,\n JwtTokenService,\n JwtStrategy,\n LENAN_USER_SERVICE,\n ],\n };\n }\n\n private static createProviders(\n options: AuthModuleOptions,\n userService: Type<UserServiceInterface>,\n ): Provider[] {\n return [\n {\n provide: LENAN_AUTH_OPTIONS,\n useValue: options,\n },\n {\n provide: LENAN_USER_SERVICE,\n useClass: userService,\n },\n AuthService,\n PasswordService,\n JwtTokenService,\n JwtStrategy,\n RefreshTokenStrategy,\n ];\n }\n\n private static createAsyncProviders(\n asyncOptions: AuthModuleAsyncOptions,\n userService: Type<UserServiceInterface>,\n ): Provider[] {\n const asyncOptionsProvider = this.createAsyncOptionsProvider(asyncOptions);\n\n return [\n asyncOptionsProvider,\n {\n provide: LENAN_USER_SERVICE,\n useClass: userService,\n },\n AuthService,\n PasswordService,\n JwtTokenService,\n JwtStrategy,\n RefreshTokenStrategy,\n ];\n }\n\n private static createAsyncOptionsProvider(\n asyncOptions: AuthModuleAsyncOptions,\n ): Provider {\n if (asyncOptions.useFactory) {\n return {\n provide: LENAN_AUTH_OPTIONS,\n useFactory: asyncOptions.useFactory,\n inject: asyncOptions.inject ?? [],\n };\n }\n\n if (asyncOptions.useClass) {\n return {\n provide: LENAN_AUTH_OPTIONS,\n useFactory: async (optionsFactory: AuthOptionsFactory) => {\n return optionsFactory.createAuthOptions();\n },\n inject: [asyncOptions.useClass],\n };\n }\n\n if (asyncOptions.useExisting) {\n return {\n provide: LENAN_AUTH_OPTIONS,\n useFactory: async (optionsFactory: AuthOptionsFactory) => {\n return optionsFactory.createAuthOptions();\n },\n inject: [asyncOptions.useExisting],\n };\n }\n\n throw new Error(\n \"Invalid async options: must provide useFactory, useClass, or useExisting\",\n );\n }\n}\n","import {\n Body,\n Controller,\n Get,\n HttpCode,\n HttpStatus,\n Post,\n UseGuards,\n} from \"@nestjs/common\";\nimport type { BaseUser } from \"../../shared\";\nimport { CurrentUser, Public } from \"../decorators\";\nimport {\n LoginDto,\n MessageResponseDto,\n RegisterDto,\n TokensResponseDto,\n} from \"../dto\";\nimport { JwtAuthGuard, RefreshTokenGuard } from \"../guards\";\nimport { AuthService } from \"../services/auth.service\";\n\n/**\n * Authentication controller providing standard auth endpoints\n * This controller is optional - consumers can disable it and implement their own\n */\n@Controller(\"auth\")\nexport class AuthController {\n constructor(private readonly authService: AuthService) {}\n\n /**\n * Register a new user\n * POST /auth/register\n */\n @Public()\n @Post(\"register\")\n @HttpCode(HttpStatus.CREATED)\n async register(@Body() dto: RegisterDto): Promise<TokensResponseDto> {\n const tokens = await this.authService.register(dto);\n return new TokensResponseDto(tokens.accessToken, tokens.refreshToken);\n }\n\n /**\n * Login with email and password\n * POST /auth/login\n */\n @Public()\n @Post(\"login\")\n @HttpCode(HttpStatus.OK)\n async login(@Body() dto: LoginDto): Promise<TokensResponseDto> {\n const tokens = await this.authService.login(dto);\n return new TokensResponseDto(tokens.accessToken, tokens.refreshToken);\n }\n\n /**\n * Refresh access token using refresh token\n * POST /auth/refresh\n */\n @Public()\n @UseGuards(RefreshTokenGuard)\n @Post(\"refresh\")\n @HttpCode(HttpStatus.OK)\n async refresh(\n @CurrentUser() user: BaseUser & { refreshToken: string },\n ): Promise<TokensResponseDto> {\n const tokens = await this.authService.refreshTokens(\n user.id,\n user.refreshToken,\n );\n return new TokensResponseDto(tokens.accessToken, tokens.refreshToken);\n }\n\n /**\n * Logout (invalidate refresh token)\n * POST /auth/logout\n */\n @UseGuards(JwtAuthGuard)\n @Post(\"logout\")\n @HttpCode(HttpStatus.OK)\n async logout(@CurrentUser(\"id\") userId: string): Promise<MessageResponseDto> {\n await this.authService.logout(userId);\n return new MessageResponseDto(\"Logged out successfully\");\n }\n\n /**\n * Get current authenticated user\n * GET /auth/me\n */\n @UseGuards(JwtAuthGuard)\n @Get(\"me\")\n async me(@CurrentUser() user: BaseUser) {\n return user;\n }\n}\n","import {\n createParamDecorator,\n ExecutionContext,\n SetMetadata,\n} from \"@nestjs/common\";\n\n/**\n * Metadata key for public routes\n */\nexport const IS_PUBLIC_KEY = \"isPublic\";\n\n/**\n * Mark a route as public (no authentication required)\n * Use this decorator on routes that should be accessible without a valid JWT\n *\n * @example\n * ```typescript\n * @Public()\n * @Get('health')\n * healthCheck() {\n * return { status: 'ok' };\n * }\n * ```\n */\nexport const Public = () => SetMetadata(IS_PUBLIC_KEY, true);\n\n/**\n * Extract the current authenticated user from the request\n * Can optionally extract a specific property from the user object\n *\n * @example\n * ```typescript\n * // Get the entire user object\n * @Get('profile')\n * getProfile(@CurrentUser() user: User) {\n * return user;\n * }\n *\n * // Get a specific property\n * @Get('my-id')\n * getMyId(@CurrentUser('id') userId: string) {\n * return { id: userId };\n * }\n * ```\n */\nexport const CurrentUser = createParamDecorator(\n (data: string | undefined, ctx: ExecutionContext) => {\n const request = ctx.switchToHttp().getRequest();\n const user = request.user;\n\n if (!user) {\n return null;\n }\n\n return data ? user[data] : user;\n },\n);\n","import {\n IsEmail,\n IsString,\n Matches,\n MaxLength,\n MinLength,\n} from \"class-validator\";\n\n/**\n * Login request DTO\n */\nexport class LoginDto {\n @IsEmail({}, { message: \"Please provide a valid email address\" })\n email!: string;\n\n @IsString()\n @MinLength(1, { message: \"Password is required\" })\n password!: string;\n}\n\n/**\n * Registration request DTO\n */\nexport class RegisterDto {\n @IsEmail({}, { message: \"Please provide a valid email address\" })\n email!: string;\n\n @IsString()\n @MinLength(8, { message: \"Password must be at least 8 characters long\" })\n @MaxLength(128, { message: \"Password must be at most 128 characters long\" })\n @Matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)/, {\n message:\n \"Password must contain at least one lowercase letter, one uppercase letter, and one number\",\n })\n password!: string;\n\n @IsString()\n @MinLength(1, { message: \"Password confirmation is required\" })\n confirmPassword!: string;\n}\n\n/**\n * Refresh token request DTO\n */\nexport class RefreshTokenDto {\n @IsString()\n @MinLength(1, { message: \"Refresh token is required\" })\n refreshToken!: string;\n}\n\n/**\n * Token response DTO\n */\nexport class TokensResponseDto {\n accessToken!: string;\n refreshToken!: string;\n\n constructor(accessToken: string, refreshToken: string) {\n this.accessToken = accessToken;\n this.refreshToken = refreshToken;\n }\n}\n\n/**\n * Message response DTO\n */\nexport class MessageResponseDto {\n message!: string;\n\n constructor(message: string) {\n this.message = message;\n }\n}\n","import { ExecutionContext, Injectable } from \"@nestjs/common\";\nimport { Reflector } from \"@nestjs/core\";\nimport { AuthGuard } from \"@nestjs/passport\";\nimport { IS_PUBLIC_KEY } from \"../decorators\";\n\n/**\n * JWT Auth Guard for protecting routes\n * Uses the 'lenan-jwt' strategy to validate access tokens\n * Respects the @Public() decorator to skip authentication\n */\n@Injectable()\nexport class JwtAuthGuard extends AuthGuard(\"lenan-jwt\") {\n constructor(private reflector: Reflector) {\n super();\n }\n\n canActivate(context: ExecutionContext) {\n // Check if route is marked as public\n const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [\n context.getHandler(),\n context.getClass(),\n ]);\n\n if (isPublic) {\n return true;\n }\n\n return super.canActivate(context);\n }\n}\n","import { Injectable } from \"@nestjs/common\";\nimport { AuthGuard } from \"@nestjs/passport\";\n\n/**\n * Refresh Token Guard for protecting the refresh endpoint\n * Uses the 'lenan-jwt-refresh' strategy to validate refresh tokens\n */\n@Injectable()\nexport class RefreshTokenGuard extends AuthGuard(\"lenan-jwt-refresh\") {}\n","import type { AuthUser, BaseUser } from \"../../shared\";\n\n/**\n * User service interface that consumers must implement\n * This is the contract between the auth library and your application's user management\n */\nexport interface UserServiceInterface<TUser extends AuthUser = AuthUser> {\n /**\n * Find a user by their email address\n * Used during login to validate credentials\n */\n findByEmail(email: string): Promise<TUser | null>;\n\n /**\n * Find a user by their ID\n * Used for token validation and user retrieval\n */\n findById(id: string): Promise<TUser | null>;\n\n /**\n * Create a new user with hashed password\n * Called during registration\n */\n createUser(data: { email: string; passwordHash: string }): Promise<TUser>;\n\n /**\n * Update the user's hashed refresh token\n * Called after login/refresh to store the new refresh token\n * Pass null to clear the token (logout)\n */\n updateRefreshToken(userId: string, hashedToken: string | null): Promise<void>;\n\n /**\n * Validate that the provided refresh token matches the stored one\n * Should compare hashed values\n */\n validateRefreshToken(userId: string, hashedToken: string): Promise<boolean>;\n}\n\n/**\n * Injection token for the user service\n */\nexport const LENAN_USER_SERVICE = Symbol(\"LENAN_USER_SERVICE\");\n\n/**\n * Configuration options for the auth module\n */\nexport interface AuthModuleOptions {\n /** Secret key for signing JWT access tokens */\n jwtSecret: string;\n\n /** Access token expiration time (e.g., '15m', '1h') */\n jwtAccessExpiry?: string;\n\n /** Refresh token expiration time (e.g., '7d', '30d') */\n jwtRefreshExpiry?: string;\n\n /** Optional separate secret for refresh tokens (defaults to jwtSecret + '_refresh') */\n jwtRefreshSecret?: string;\n\n /** Whether to register the default AuthController (default: true) */\n useController?: boolean;\n\n /** Global route prefix for auth endpoints (default: 'auth') */\n routePrefix?: string;\n}\n\n/**\n * Async configuration options for the auth module\n */\nexport interface AuthModuleAsyncOptions {\n /**\n * Imports required for the factory/useClass\n */\n imports?: any[];\n\n /**\n * Factory function to create the options\n */\n useFactory?: (\n ...args: any[]\n ) => Promise<AuthModuleOptions> | AuthModuleOptions;\n\n /**\n * Dependencies to inject into the factory\n */\n inject?: any[];\n\n /**\n * Class that implements AuthOptionsFactory\n */\n useClass?: new (...args: any[]) => AuthOptionsFactory;\n\n /**\n * Existing provider to use\n */\n useExisting?: new (...args: any[]) => AuthOptionsFactory;\n}\n\n/**\n * Factory interface for creating auth options\n */\nexport interface AuthOptionsFactory {\n createAuthOptions(): Promise<AuthModuleOptions> | AuthModuleOptions;\n}\n\n/**\n * Injection token for auth module options\n */\nexport const LENAN_AUTH_OPTIONS = Symbol(\"LENAN_AUTH_OPTIONS\");\n\n/**\n * Request with user attached (after authentication)\n */\nexport interface AuthenticatedRequest<\n TUser extends BaseUser = BaseUser,\n> extends Request {\n user: TUser;\n}\n\n/**\n * JWT payload for access tokens\n */\nexport interface AccessTokenPayload {\n sub: string;\n email: string;\n type: \"access\";\n}\n\n/**\n * JWT payload for refresh tokens\n */\nexport interface RefreshTokenPayload {\n sub: string;\n email: string;\n type: \"refresh\";\n}\n","import {\n BadRequestException,\n ConflictException,\n Inject,\n Injectable,\n UnauthorizedException,\n} from \"@nestjs/common\";\nimport type { AuthTokens, AuthUser } from \"../../shared\";\nimport type { LoginDto, RegisterDto } from \"../dto\";\nimport { LENAN_USER_SERVICE, type UserServiceInterface } from \"../interfaces\";\nimport { JwtTokenService } from \"./jwt-token.service\";\nimport { PasswordService } from \"./password.service\";\n\n/**\n * Main authentication service\n * Orchestrates user authentication, registration, and token management\n */\n@Injectable()\nexport class AuthService {\n constructor(\n @Inject(LENAN_USER_SERVICE)\n private readonly userService: UserServiceInterface,\n private readonly passwordService: PasswordService,\n private readonly jwtTokenService: JwtTokenService,\n ) {}\n\n /**\n * Register a new user\n * @throws ConflictException if email already exists\n */\n async register(dto: RegisterDto): Promise<AuthTokens> {\n // Check if user already exists\n const existingUser = await this.userService.findByEmail(dto.email);\n if (existingUser) {\n throw new ConflictException(\"Email already registered\");\n }\n\n // Validate password confirmation\n if (dto.password !== dto.confirmPassword) {\n throw new BadRequestException(\"Passwords do not match\");\n }\n\n // Hash password and create user\n const passwordHash = await this.passwordService.hash(dto.password);\n const user = await this.userService.createUser({\n email: dto.email,\n passwordHash,\n });\n\n // Generate tokens\n const tokens = await this.jwtTokenService.generateTokens(\n user.id,\n user.email,\n );\n\n // Store hashed refresh token\n const hashedRefreshToken = await this.passwordService.hashToken(\n tokens.refreshToken,\n );\n await this.userService.updateRefreshToken(user.id, hashedRefreshToken);\n\n return tokens;\n }\n\n /**\n * Authenticate a user with email and password\n * @throws UnauthorizedException if credentials are invalid\n */\n async login(dto: LoginDto): Promise<AuthTokens> {\n const user = await this.userService.findByEmail(dto.email);\n if (!user) {\n throw new UnauthorizedException(\"Invalid credentials\");\n }\n\n const isPasswordValid = await this.passwordService.compare(\n dto.password,\n user.passwordHash,\n );\n if (!isPasswordValid) {\n throw new UnauthorizedException(\"Invalid credentials\");\n }\n\n // Generate tokens\n const tokens = await this.jwtTokenService.generateTokens(\n user.id,\n user.email,\n );\n\n // Store hashed refresh token\n const hashedRefreshToken = await this.passwordService.hashToken(\n tokens.refreshToken,\n );\n await this.userService.updateRefreshToken(user.id, hashedRefreshToken);\n\n return tokens;\n }\n\n /**\n * Refresh tokens using a valid refresh token\n * @throws UnauthorizedException if refresh token is invalid\n */\n async refreshTokens(\n userId: string,\n refreshToken: string,\n ): Promise<AuthTokens> {\n const user = await this.userService.findById(userId);\n if (!user || !user.hashedRefreshToken) {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n // Verify the refresh token matches\n const isValid = await this.passwordService.compareToken(\n refreshToken,\n user.hashedRefreshToken,\n );\n if (!isValid) {\n throw new UnauthorizedException(\"Invalid refresh token\");\n }\n\n // Generate new tokens\n const tokens = await this.jwtTokenService.generateTokens(\n user.id,\n user.email,\n );\n\n // Store new hashed refresh token\n const hashedRefreshToken = await this.passwordService.hashToken(\n tokens.refreshToken,\n );\n await this.userService.updateRefreshToken(user.id, hashedRefreshToken);\n\n return tokens;\n }\n\n /**\n * Log out a user by clearing their refresh token\n */\n async logout(userId: string): Promise<void> {\n await this.userService.updateRefreshToken(userId, null);\n }\n\n /**\n * Validate a user exists by ID\n * Used by JWT strategy to validate token payloads\n */\n async validateUser(userId: string): Promise<AuthUser | null> {\n return this.userService.findById(userId);\n }\n\n /**\n * Get current user by ID (without sensitive fields)\n */\n async getCurrentUser(\n userId: string,\n ): Promise<Omit<AuthUser, \"passwordHash\" | \"hashedRefreshToken\"> | null> {\n const user = await this.userService.findById(userId);\n if (!user) {\n return null;\n }\n\n // Remove sensitive fields\n const { passwordHash, hashedRefreshToken, ...safeUser } = user;\n return safeUser;\n }\n}\n","import { Inject, Injectable } from \"@nestjs/common\";\nimport { JwtService } from \"@nestjs/jwt\";\nimport type { AuthTokens } from \"../../shared\";\nimport {\n LENAN_AUTH_OPTIONS,\n type AccessTokenPayload,\n type AuthModuleOptions,\n type RefreshTokenPayload,\n} from \"../interfaces\";\n\n/**\n * Service for JWT token generation and verification\n */\n@Injectable()\nexport class JwtTokenService {\n private readonly accessExpiry: string;\n private readonly refreshExpiry: string;\n private readonly accessSecret: string;\n private readonly refreshSecret: string;\n\n constructor(\n private readonly jwtService: JwtService,\n @Inject(LENAN_AUTH_OPTIONS) options: AuthModuleOptions,\n ) {\n this.accessSecret = options.jwtSecret;\n this.refreshSecret =\n options.jwtRefreshSecret ?? `${options.jwtSecret}_refresh`;\n this.accessExpiry = options.jwtAccessExpiry ?? \"15m\";\n this.refreshExpiry = options.jwtRefreshExpiry ?? \"7d\";\n }\n\n /**\n * Generate access and refresh tokens for a user\n */\n async generateTokens(userId: string, email: string): Promise<AuthTokens> {\n const [accessToken, refreshToken] = await Promise.all([\n this.generateAccessToken(userId, email),\n this.generateRefreshToken(userId, email),\n ]);\n\n return { accessToken, refreshToken };\n }\n\n /**\n * Generate an access token\n */\n async generateAccessToken(userId: string, email: string): Promise<string> {\n const payload: AccessTokenPayload = {\n sub: userId,\n email,\n type: \"access\",\n };\n\n return this.jwtService.signAsync(payload, {\n secret: this.accessSecret,\n expiresIn: this.accessExpiry as any,\n });\n }\n\n /**\n * Generate a refresh token\n */\n async generateRefreshToken(userId: string, email: string): Promise<string> {\n const payload: RefreshTokenPayload = {\n sub: userId,\n email,\n type: \"refresh\",\n };\n\n return this.jwtService.signAsync(payload, {\n secret: this.refreshSecret,\n expiresIn: this.refreshExpiry as any,\n });\n }\n\n /**\n * Verify an access token and return its payload\n */\n async verifyAccessToken(token: string): Promise<AccessTokenPayload | null> {\n try {\n const payload = await this.jwtService.verifyAsync<AccessTokenPayload>(\n token,\n {\n secret: this.accessSecret,\n },\n );\n\n if (payload.type !== \"access\") {\n return null;\n }\n\n return payload;\n } catch {\n return null;\n }\n }\n\n /**\n * Verify a refresh token and return its payload\n */\n async verifyRefreshToken(token: string): Promise<RefreshTokenPayload | null> {\n try {\n const payload = await this.jwtService.verifyAsync<RefreshTokenPayload>(\n token,\n {\n secret: this.refreshSecret,\n },\n );\n\n if (payload.type !== \"refresh\") {\n return null;\n }\n\n return payload;\n } catch {\n return null;\n }\n }\n\n /**\n * Decode a token without verification (useful for debugging)\n */\n decodeToken<T = any>(token: string): T | null {\n try {\n return this.jwtService.decode(token) as T;\n } catch {\n return null;\n }\n }\n}\n","import { Injectable } from \"@nestjs/common\";\nimport * as bcrypt from \"bcryptjs\";\n\n/**\n * Service for password hashing and comparison using bcrypt\n */\n@Injectable()\nexport class PasswordService {\n private readonly saltRounds = 12;\n\n /**\n * Hash a plain text password\n */\n async hash(password: string): Promise<string> {\n return bcrypt.hash(password, this.saltRounds);\n }\n\n /**\n * Compare a plain text password with a hash\n */\n async compare(password: string, hash: string): Promise<boolean> {\n return bcrypt.compare(password, hash);\n }\n\n /**\n * Hash a refresh token for storage\n * Uses fewer rounds since refresh tokens are already random\n */\n async hashToken(token: string): Promise<string> {\n return bcrypt.hash(token, 10);\n }\n\n /**\n * Compare a refresh token with its hash\n */\n async compareToken(token: string, hash: string): Promise<boolean> {\n return bcrypt.compare(token, hash);\n }\n}\n","import { Inject, Injectable, UnauthorizedException } from \"@nestjs/common\";\nimport { PassportStrategy } from \"@nestjs/passport\";\nimport { ExtractJwt, Strategy } from \"passport-jwt\";\nimport {\n LENAN_AUTH_OPTIONS,\n LENAN_USER_SERVICE,\n type AccessTokenPayload,\n type AuthModuleOptions,\n type UserServiceInterface,\n} from \"../interfaces\";\n\n/**\n * JWT Strategy for validating access tokens\n * Extracts token from Authorization header and validates against the user service\n */\n@Injectable()\nexport class JwtStrategy extends PassportStrategy(Strategy, \"lenan-jwt\") {\n constructor(\n @Inject(LENAN_AUTH_OPTIONS) options: AuthModuleOptions,\n @Inject(LENAN_USER_SERVICE)\n private readonly userService: UserServiceInterface,\n ) {\n super({\n jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),\n ignoreExpiration: false,\n secretOrKey: options.jwtSecret,\n });\n }\n\n /**\n * Validate the JWT payload and return the user\n * This is called by Passport after successfully verifying the token signature\n */\n async validate(payload: AccessTokenPayload) {\n // Ensure this is an access token, not a refresh token\n if (payload.type !== \"access\") {\n throw new UnauthorizedException(\"Invalid token type\");\n }\n\n const user = await this.userService.findById(payload.sub);\n if (!user) {\n throw new UnauthorizedException(\"User not found\");\n }\n\n // Return user without sensitive fields\n const { passwordHash, hashedRefreshToken, ...safeUser } = user;\n return safeUser;\n }\n}\n","import { Inject, Injectable, UnauthorizedException } from \"@nestjs/common\";\nimport { PassportStrategy } from \"@nestjs/passport\";\nimport { Request } from \"express\";\nimport { ExtractJwt, Strategy } from \"passport-jwt\";\nimport {\n LENAN_AUTH_OPTIONS,\n LENAN_USER_SERVICE,\n type AuthModuleOptions,\n type RefreshTokenPayload,\n type UserServiceInterface,\n} from \"../interfaces\";\n\n/**\n * Refresh Token Strategy for validating refresh tokens\n * Extracts token from request body and validates it\n */\n@Injectable()\nexport class RefreshTokenStrategy extends PassportStrategy(\n Strategy,\n \"lenan-jwt-refresh\",\n) {\n constructor(\n @Inject(LENAN_AUTH_OPTIONS) options: AuthModuleOptions,\n @Inject(LENAN_USER_SERVICE)\n private readonly userService: UserServiceInterface,\n ) {\n const refreshSecret =\n options.jwtRefreshSecret ?? `${options.jwtSecret}_refresh`;\n\n super({\n jwtFromRequest: ExtractJwt.fromBodyField(\"refreshToken\"),\n ignoreExpiration: false,\n secretOrKey: refreshSecret,\n passReqToCallback: true,\n });\n }\n\n /**\n * Validate the refresh token payload\n * Returns user with the refresh token attached for further validation\n */\n async validate(req: Request, payload: RefreshTokenPayload) {\n // Ensure this is a refresh token\n if (payload.type !== \"refresh\") {\n throw new UnauthorizedException(\"Invalid token type\");\n }\n\n const user = await this.userService.findById(payload.sub);\n if (!user) {\n throw new UnauthorizedException(\"User not found\");\n }\n\n if (!user.hashedRefreshToken) {\n throw new UnauthorizedException(\"Refresh token has been revoked\");\n }\n\n // Return user with refresh token for AuthService to validate\n const refreshToken = req.body?.refreshToken;\n return { ...user, refreshToken };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,IAAAA,kBAAsD;AACtD,IAAAC,cAA0B;AAC1B,IAAAC,mBAA+B;;;ACF/B,IAAAC,iBAQO;;;ACRP,oBAIO;AAKA,IAAM,gBAAgB;AAetB,IAAM,SAAS,UAAM,2BAAY,eAAe,IAAI;AAqBpD,IAAM,kBAAc;AAAA,EACzB,CAAC,MAA0B,QAA0B;AACnD,UAAM,UAAU,IAAI,aAAa,EAAE,WAAW;AAC9C,UAAM,OAAO,QAAQ;AAErB,QAAI,CAAC,MAAM;AACT,aAAO;AAAA,IACT;AAEA,WAAO,OAAO,KAAK,IAAI,IAAI;AAAA,EAC7B;AACF;;;ACxDA,6BAMO;AAKA,IAAM,WAAN,MAAe;AAAA,EAEpB;AAAA,EAIA;AACF;AALE;AAAA,MADC,gCAAQ,CAAC,GAAG,EAAE,SAAS,uCAAuC,CAAC;AAAA,GADrD,SAEX;AAIA;AAAA,MAFC,iCAAS;AAAA,MACT,kCAAU,GAAG,EAAE,SAAS,uBAAuB,CAAC;AAAA,GALtC,SAMX;AAMK,IAAM,cAAN,MAAkB;AAAA,EAEvB;AAAA,EASA;AAAA,EAIA;AACF;AAdE;AAAA,MADC,gCAAQ,CAAC,GAAG,EAAE,SAAS,uCAAuC,CAAC;AAAA,GADrD,YAEX;AASA;AAAA,MAPC,iCAAS;AAAA,MACT,kCAAU,GAAG,EAAE,SAAS,8CAA8C,CAAC;AAAA,MACvE,kCAAU,KAAK,EAAE,SAAS,+CAA+C,CAAC;AAAA,MAC1E,gCAAQ,mCAAmC;AAAA,IAC1C,SACE;AAAA,EACJ,CAAC;AAAA,GAVU,YAWX;AAIA;AAAA,MAFC,iCAAS;AAAA,MACT,kCAAU,GAAG,EAAE,SAAS,oCAAoC,CAAC;AAAA,GAdnD,YAeX;AAMK,IAAM,kBAAN,MAAsB;AAAA,EAG3B;AACF;AADE;AAAA,MAFC,iCAAS;AAAA,MACT,kCAAU,GAAG,EAAE,SAAS,4BAA4B,CAAC;AAAA,GAF3C,gBAGX;AAMK,IAAM,oBAAN,MAAwB;AAAA,EAC7B;AAAA,EACA;AAAA,EAEA,YAAY,aAAqB,cAAsB;AACrD,SAAK,cAAc;AACnB,SAAK,eAAe;AAAA,EACtB;AACF;AAKO,IAAM,qBAAN,MAAyB;AAAA,EAC9B;AAAA,EAEA,YAAY,SAAiB;AAC3B,SAAK,UAAU;AAAA,EACjB;AACF;;;ACxEA,IAAAC,iBAA6C;AAE7C,sBAA0B;AASnB,IAAM,eAAN,kBAA2B,2BAAU,WAAW,EAAE;AAAA,EACvD,YAAoB,WAAsB;AACxC,UAAM;AADY;AAAA,EAEpB;AAAA,EAEA,YAAY,SAA2B;AAErC,UAAM,WAAW,KAAK,UAAU,kBAA2B,eAAe;AAAA,MACxE,QAAQ,WAAW;AAAA,MACnB,QAAQ,SAAS;AAAA,IACnB,CAAC;AAED,QAAI,UAAU;AACZ,aAAO;AAAA,IACT;AAEA,WAAO,MAAM,YAAY,OAAO;AAAA,EAClC;AACF;AAlBa,eAAN;AAAA,MADN,2BAAW;AAAA,GACC;;;ACXb,IAAAC,iBAA2B;AAC3B,IAAAC,mBAA0B;AAOnB,IAAM,oBAAN,kBAAgC,4BAAU,mBAAmB,EAAE;AAAC;AAA1D,oBAAN;AAAA,MADN,2BAAW;AAAA,GACC;;;AJiBN,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAA6B,aAA0B;AAA1B;AAAA,EAA2B;AAAA,EASxD,MAAM,SAAiB,KAA8C;AACnE,UAAM,SAAS,MAAM,KAAK,YAAY,SAAS,GAAG;AAClD,WAAO,IAAI,kBAAkB,OAAO,aAAa,OAAO,YAAY;AAAA,EACtE;AAAA,EASA,MAAM,MAAc,KAA2C;AAC7D,UAAM,SAAS,MAAM,KAAK,YAAY,MAAM,GAAG;AAC/C,WAAO,IAAI,kBAAkB,OAAO,aAAa,OAAO,YAAY;AAAA,EACtE;AAAA,EAUA,MAAM,QACW,MACa;AAC5B,UAAM,SAAS,MAAM,KAAK,YAAY;AAAA,MACpC,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AACA,WAAO,IAAI,kBAAkB,OAAO,aAAa,OAAO,YAAY;AAAA,EACtE;AAAA,EASA,MAAM,OAA0B,QAA6C;AAC3E,UAAM,KAAK,YAAY,OAAO,MAAM;AACpC,WAAO,IAAI,mBAAmB,yBAAyB;AAAA,EACzD;AAAA,EAQA,MAAM,GAAkB,MAAgB;AACtC,WAAO;AAAA,EACT;AACF;AAxDQ;AAAA,EAHL,OAAO;AAAA,MACP,qBAAK,UAAU;AAAA,MACf,yBAAS,0BAAW,OAAO;AAAA,EACZ,4CAAK;AAAA,GAVV,eAUL;AAYA;AAAA,EAHL,OAAO;AAAA,MACP,qBAAK,OAAO;AAAA,MACZ,yBAAS,0BAAW,EAAE;AAAA,EACV,4CAAK;AAAA,GAtBP,eAsBL;AAaA;AAAA,EAJL,OAAO;AAAA,MACP,0BAAU,iBAAiB;AAAA,MAC3B,qBAAK,SAAS;AAAA,MACd,yBAAS,0BAAW,EAAE;AAAA,EAEpB,+BAAY;AAAA,GApCJ,eAmCL;AAiBA;AAAA,MAHL,0BAAU,YAAY;AAAA,MACtB,qBAAK,QAAQ;AAAA,MACb,yBAAS,0BAAW,EAAE;AAAA,EACT,+BAAY,IAAI;AAAA,GApDnB,eAoDL;AAWA;AAAA,MAFL,0BAAU,YAAY;AAAA,MACtB,oBAAI,IAAI;AAAA,EACC,+BAAY;AAAA,GA/DX,eA+DL;AA/DK,iBAAN;AAAA,MADN,2BAAW,MAAM;AAAA,GACL;;;AKiBN,IAAM,qBAAqB,uBAAO,oBAAoB;AAmEtD,IAAM,qBAAqB,uBAAO,oBAAoB;;;AC7G7D,IAAAC,iBAMO;AAYA,IAAM,cAAN,MAAkB;AAAA,EACvB,YAEmB,aACA,iBACA,iBACjB;AAHiB;AACA;AACA;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMH,MAAM,SAAS,KAAuC;AAEpD,UAAM,eAAe,MAAM,KAAK,YAAY,YAAY,IAAI,KAAK;AACjE,QAAI,cAAc;AAChB,YAAM,IAAI,iCAAkB,0BAA0B;AAAA,IACxD;AAGA,QAAI,IAAI,aAAa,IAAI,iBAAiB;AACxC,YAAM,IAAI,mCAAoB,wBAAwB;AAAA,IACxD;AAGA,UAAM,eAAe,MAAM,KAAK,gBAAgB,KAAK,IAAI,QAAQ;AACjE,UAAM,OAAO,MAAM,KAAK,YAAY,WAAW;AAAA,MAC7C,OAAO,IAAI;AAAA,MACX;AAAA,IACF,CAAC;AAGD,UAAM,SAAS,MAAM,KAAK,gBAAgB;AAAA,MACxC,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAGA,UAAM,qBAAqB,MAAM,KAAK,gBAAgB;AAAA,MACpD,OAAO;AAAA,IACT;AACA,UAAM,KAAK,YAAY,mBAAmB,KAAK,IAAI,kBAAkB;AAErE,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,MAAM,KAAoC;AAC9C,UAAM,OAAO,MAAM,KAAK,YAAY,YAAY,IAAI,KAAK;AACzD,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qCAAsB,qBAAqB;AAAA,IACvD;AAEA,UAAM,kBAAkB,MAAM,KAAK,gBAAgB;AAAA,MACjD,IAAI;AAAA,MACJ,KAAK;AAAA,IACP;AACA,QAAI,CAAC,iBAAiB;AACpB,YAAM,IAAI,qCAAsB,qBAAqB;AAAA,IACvD;AAGA,UAAM,SAAS,MAAM,KAAK,gBAAgB;AAAA,MACxC,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAGA,UAAM,qBAAqB,MAAM,KAAK,gBAAgB;AAAA,MACpD,OAAO;AAAA,IACT;AACA,UAAM,KAAK,YAAY,mBAAmB,KAAK,IAAI,kBAAkB;AAErE,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,cACJ,QACA,cACqB;AACrB,UAAM,OAAO,MAAM,KAAK,YAAY,SAAS,MAAM;AACnD,QAAI,CAAC,QAAQ,CAAC,KAAK,oBAAoB;AACrC,YAAM,IAAI,qCAAsB,uBAAuB;AAAA,IACzD;AAGA,UAAM,UAAU,MAAM,KAAK,gBAAgB;AAAA,MACzC;AAAA,MACA,KAAK;AAAA,IACP;AACA,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,qCAAsB,uBAAuB;AAAA,IACzD;AAGA,UAAM,SAAS,MAAM,KAAK,gBAAgB;AAAA,MACxC,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAGA,UAAM,qBAAqB,MAAM,KAAK,gBAAgB;AAAA,MACpD,OAAO;AAAA,IACT;AACA,UAAM,KAAK,YAAY,mBAAmB,KAAK,IAAI,kBAAkB;AAErE,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,QAA+B;AAC1C,UAAM,KAAK,YAAY,mBAAmB,QAAQ,IAAI;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,aAAa,QAA0C;AAC3D,WAAO,KAAK,YAAY,SAAS,MAAM;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eACJ,QACuE;AACvE,UAAM,OAAO,MAAM,KAAK,YAAY,SAAS,MAAM;AACnD,QAAI,CAAC,MAAM;AACT,aAAO;AAAA,IACT;AAGA,UAAM,EAAE,cAAc,oBAAoB,GAAG,SAAS,IAAI;AAC1D,WAAO;AAAA,EACT;AACF;AAlJa,cAAN;AAAA,MADN,2BAAW;AAAA,EAGP,8CAAO,kBAAkB;AAAA,GAFjB;;;AClBb,IAAAC,iBAAmC;AAc5B,IAAM,kBAAN,MAAsB;AAAA,EAM3B,YACmB,YACW,SAC5B;AAFiB;AAGjB,SAAK,eAAe,QAAQ;AAC5B,SAAK,gBACH,QAAQ,oBAAoB,GAAG,QAAQ,SAAS;AAClD,SAAK,eAAe,QAAQ,mBAAmB;AAC/C,SAAK,gBAAgB,QAAQ,oBAAoB;AAAA,EACnD;AAAA,EAdiB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA,EAgBjB,MAAM,eAAe,QAAgB,OAAoC;AACvE,UAAM,CAAC,aAAa,YAAY,IAAI,MAAM,QAAQ,IAAI;AAAA,MACpD,KAAK,oBAAoB,QAAQ,KAAK;AAAA,MACtC,KAAK,qBAAqB,QAAQ,KAAK;AAAA,IACzC,CAAC;AAED,WAAO,EAAE,aAAa,aAAa;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBAAoB,QAAgB,OAAgC;AACxE,UAAM,UAA8B;AAAA,MAClC,KAAK;AAAA,MACL;AAAA,MACA,MAAM;AAAA,IACR;AAEA,WAAO,KAAK,WAAW,UAAU,SAAS;AAAA,MACxC,QAAQ,KAAK;AAAA,MACb,WAAW,KAAK;AAAA,IAClB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,qBAAqB,QAAgB,OAAgC;AACzE,UAAM,UAA+B;AAAA,MACnC,KAAK;AAAA,MACL;AAAA,MACA,MAAM;AAAA,IACR;AAEA,WAAO,KAAK,WAAW,UAAU,SAAS;AAAA,MACxC,QAAQ,KAAK;AAAA,MACb,WAAW,KAAK;AAAA,IAClB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAkB,OAAmD;AACzE,QAAI;AACF,YAAM,UAAU,MAAM,KAAK,WAAW;AAAA,QACpC;AAAA,QACA;AAAA,UACE,QAAQ,KAAK;AAAA,QACf;AAAA,MACF;AAEA,UAAI,QAAQ,SAAS,UAAU;AAC7B,eAAO;AAAA,MACT;AAEA,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAmB,OAAoD;AAC3E,QAAI;AACF,YAAM,UAAU,MAAM,KAAK,WAAW;AAAA,QACpC;AAAA,QACA;AAAA,UACE,QAAQ,KAAK;AAAA,QACf;AAAA,MACF;AAEA,UAAI,QAAQ,SAAS,WAAW;AAC9B,eAAO;AAAA,MACT;AAEA,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,YAAqB,OAAyB;AAC5C,QAAI;AACF,aAAO,KAAK,WAAW,OAAO,KAAK;AAAA,IACrC,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAnHa,kBAAN;AAAA,MADN,2BAAW;AAAA,EASP,8CAAO,kBAAkB;AAAA,GARjB;;;ACdb,IAAAC,iBAA2B;AAC3B,aAAwB;AAMjB,IAAM,kBAAN,MAAsB;AAAA,EACV,aAAa;AAAA;AAAA;AAAA;AAAA,EAK9B,MAAM,KAAK,UAAmC;AAC5C,WAAc,YAAK,UAAU,KAAK,UAAU;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAQ,UAAkBC,OAAgC;AAC9D,WAAc,eAAQ,UAAUA,KAAI;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,UAAU,OAAgC;AAC9C,WAAc,YAAK,OAAO,EAAE;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,OAAeA,OAAgC;AAChE,WAAc,eAAQ,OAAOA,KAAI;AAAA,EACnC;AACF;AA/Ba,kBAAN;AAAA,MADN,2BAAW;AAAA,GACC;;;ACPb,IAAAC,iBAA0D;AAC1D,IAAAC,mBAAiC;AACjC,0BAAqC;AAc9B,IAAM,cAAN,kBAA0B,mCAAiB,8BAAU,WAAW,EAAE;AAAA,EACvE,YAC8B,SAEX,aACjB;AACA,UAAM;AAAA,MACJ,gBAAgB,+BAAW,4BAA4B;AAAA,MACvD,kBAAkB;AAAA,MAClB,aAAa,QAAQ;AAAA,IACvB,CAAC;AANgB;AAAA,EAOnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,SAAS,SAA6B;AAE1C,QAAI,QAAQ,SAAS,UAAU;AAC7B,YAAM,IAAI,qCAAsB,oBAAoB;AAAA,IACtD;AAEA,UAAM,OAAO,MAAM,KAAK,YAAY,SAAS,QAAQ,GAAG;AACxD,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qCAAsB,gBAAgB;AAAA,IAClD;AAGA,UAAM,EAAE,cAAc,oBAAoB,GAAG,SAAS,IAAI;AAC1D,WAAO;AAAA,EACT;AACF;AAhCa,cAAN;AAAA,MADN,2BAAW;AAAA,EAGP,8CAAO,kBAAkB;AAAA,EACzB,8CAAO,kBAAkB;AAAA,GAHjB;;;AChBb,IAAAC,iBAA0D;AAC1D,IAAAC,mBAAiC;AAEjC,IAAAC,uBAAqC;AAc9B,IAAM,uBAAN,kBAAmC;AAAA,EACxC;AAAA,EACA;AACF,EAAE;AAAA,EACA,YAC8B,SAEX,aACjB;AACA,UAAM,gBACJ,QAAQ,oBAAoB,GAAG,QAAQ,SAAS;AAElD,UAAM;AAAA,MACJ,gBAAgB,gCAAW,cAAc,cAAc;AAAA,MACvD,kBAAkB;AAAA,MAClB,aAAa;AAAA,MACb,mBAAmB;AAAA,IACrB,CAAC;AAVgB;AAAA,EAWnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,SAAS,KAAc,SAA8B;AAEzD,QAAI,QAAQ,SAAS,WAAW;AAC9B,YAAM,IAAI,qCAAsB,oBAAoB;AAAA,IACtD;AAEA,UAAM,OAAO,MAAM,KAAK,YAAY,SAAS,QAAQ,GAAG;AACxD,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qCAAsB,gBAAgB;AAAA,IAClD;AAEA,QAAI,CAAC,KAAK,oBAAoB;AAC5B,YAAM,IAAI,qCAAsB,gCAAgC;AAAA,IAClE;AAGA,UAAM,eAAe,IAAI,MAAM;AAC/B,WAAO,EAAE,GAAG,MAAM,aAAa;AAAA,EACjC;AACF;AA3Ca,uBAAN;AAAA,MADN,2BAAW;AAAA,EAMP,8CAAO,kBAAkB;AAAA,EACzB,8CAAO,kBAAkB;AAAA,GANjB;;;AXoCN,IAAM,kBAAN,MAAsB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO3B,OAAO,SACL,SACA,aACe;AACf,UAAM,YAAY,KAAK,gBAAgB,SAAS,WAAW;AAC3D,UAAM,cAAc,QAAQ,kBAAkB,QAAQ,CAAC,cAAc,IAAI,CAAC;AAE1E,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gCAAe,SAAS,EAAE,iBAAiB,YAAY,CAAC;AAAA,QACxD,sBAAU,SAAS;AAAA,UACjB,QAAQ,QAAQ;AAAA,UAChB,aAAa,EAAE,WAAY,QAAQ,mBAAmB,MAAc;AAAA,QACtE,CAAC;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,MACA,SAAS;AAAA,QACP;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,cACL,cACA,aACe;AACf,UAAM,YAAY,KAAK,qBAAqB,cAAc,WAAW;AAErE,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,GAAI,aAAa,WAAW,CAAC;AAAA,QAC7B,gCAAe,SAAS,EAAE,iBAAiB,YAAY,CAAC;AAAA,QACxD,sBAAU,cAAc;AAAA,UACtB,SAAS,aAAa;AAAA,UACtB,YAAY,UAAU,SAAgB;AACpC,gBAAI;AAEJ,gBAAI,aAAa,YAAY;AAC3B,wBAAU,MAAM,aAAa,WAAW,GAAG,IAAI;AAAA,YACjD,OAAO;AACL,oBAAM,IAAI,MAAM,+CAA+C;AAAA,YACjE;AAEA,mBAAO;AAAA,cACL,QAAQ,QAAQ;AAAA,cAChB,aAAa;AAAA,gBACX,WAAY,QAAQ,mBAAmB;AAAA,cACzC;AAAA,YACF;AAAA,UACF;AAAA,UACA,QAAQ,aAAa,UAAU,CAAC;AAAA,QAClC,CAAC;AAAA,MACH;AAAA,MACA;AAAA,MACA,aAAa,CAAC,cAAc;AAAA,MAC5B,SAAS;AAAA,QACP;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,gBACb,SACA,aACY;AACZ,WAAO;AAAA,MACL;AAAA,QACE,SAAS;AAAA,QACT,UAAU;AAAA,MACZ;AAAA,MACA;AAAA,QACE,SAAS;AAAA,QACT,UAAU;AAAA,MACZ;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,qBACb,cACA,aACY;AACZ,UAAM,uBAAuB,KAAK,2BAA2B,YAAY;AAEzE,WAAO;AAAA,MACL;AAAA,MACA;AAAA,QACE,SAAS;AAAA,QACT,UAAU;AAAA,MACZ;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAe,2BACb,cACU;AACV,QAAI,aAAa,YAAY;AAC3B,aAAO;AAAA,QACL,SAAS;AAAA,QACT,YAAY,aAAa;AAAA,QACzB,QAAQ,aAAa,UAAU,CAAC;AAAA,MAClC;AAAA,IACF;AAEA,QAAI,aAAa,UAAU;AACzB,aAAO;AAAA,QACL,SAAS;AAAA,QACT,YAAY,OAAO,mBAAuC;AACxD,iBAAO,eAAe,kBAAkB;AAAA,QAC1C;AAAA,QACA,QAAQ,CAAC,aAAa,QAAQ;AAAA,MAChC;AAAA,IACF;AAEA,QAAI,aAAa,aAAa;AAC5B,aAAO;AAAA,QACL,SAAS;AAAA,QACT,YAAY,OAAO,mBAAuC;AACxD,iBAAO,eAAe,kBAAkB;AAAA,QAC1C;AAAA,QACA,QAAQ,CAAC,aAAa,WAAW;AAAA,MACnC;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACF;AAjKa,kBAAN;AAAA,MADN,wBAAO,CAAC,CAAC;AAAA,GACG;","names":["import_common","import_jwt","import_passport","import_common","import_common","import_common","import_passport","import_common","import_common","import_common","hash","import_common","import_passport","import_common","import_passport","import_passport_jwt"]}

package/dist/nestjs/index.d.cts ADDED Viewed

@@ -0,0 +1,510 @@
+import * as _nestjs_common from '@nestjs/common';
+import { Type, DynamicModule, ExecutionContext } from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import * as rxjs from 'rxjs';
+import * as _nestjs_passport from '@nestjs/passport';
+import { Reflector } from '@nestjs/core';
+import * as passport_jwt from 'passport-jwt';
+import { Strategy } from 'passport-jwt';
+import { Request as Request$1 } from 'express';
+/**
+ * JWT payload structure
+ */
+interface JwtPayload {
+    /** User ID (subject) */
+    sub: string;
+    /** User email */
+    email: string;
+    /** Issued at timestamp */
+    iat?: number;
+    /** Expiration timestamp */
+    exp?: number;
+}
+/**
+ * Token response containing access and refresh tokens
+ */
+interface AuthTokens {
+    /** Short-lived access token */
+    accessToken: string;
+    /** Long-lived refresh token */
+    refreshToken: string;
+}
+/**
+ * Base user interface - minimal fields required by the auth system
+ * Consumers should extend this with their own user properties
+ */
+interface BaseUser {
+    /** Unique user identifier */
+    id: string;
+    /** User email address */
+    email: string;
+}
+/**
+ * Full auth user interface combining all auth-related fields
+ */
+interface AuthUser extends BaseUser {
+    passwordHash: string;
+    hashedRefreshToken: string | null;
+}
+/**
+ * Login credentials
+ */
+interface LoginCredentials {
+    email: string;
+    password: string;
+}
+/**
+ * Registration data
+ */
+interface RegisterData {
+    email: string;
+    password: string;
+}
+/**
+ * User service interface that consumers must implement
+ * This is the contract between the auth library and your application's user management
+ */
+interface UserServiceInterface<TUser extends AuthUser = AuthUser> {
+    /**
+     * Find a user by their email address
+     * Used during login to validate credentials
+     */
+    findByEmail(email: string): Promise<TUser | null>;
+    /**
+     * Find a user by their ID
+     * Used for token validation and user retrieval
+     */
+    findById(id: string): Promise<TUser | null>;
+    /**
+     * Create a new user with hashed password
+     * Called during registration
+     */
+    createUser(data: {
+        email: string;
+        passwordHash: string;
+    }): Promise<TUser>;
+    /**
+     * Update the user's hashed refresh token
+     * Called after login/refresh to store the new refresh token
+     * Pass null to clear the token (logout)
+     */
+    updateRefreshToken(userId: string, hashedToken: string | null): Promise<void>;
+    /**
+     * Validate that the provided refresh token matches the stored one
+     * Should compare hashed values
+     */
+    validateRefreshToken(userId: string, hashedToken: string): Promise<boolean>;
+}
+/**
+ * Injection token for the user service
+ */
+declare const LENAN_USER_SERVICE: unique symbol;
+/**
+ * Configuration options for the auth module
+ */
+interface AuthModuleOptions {
+    /** Secret key for signing JWT access tokens */
+    jwtSecret: string;
+    /** Access token expiration time (e.g., '15m', '1h') */
+    jwtAccessExpiry?: string;
+    /** Refresh token expiration time (e.g., '7d', '30d') */
+    jwtRefreshExpiry?: string;
+    /** Optional separate secret for refresh tokens (defaults to jwtSecret + '_refresh') */
+    jwtRefreshSecret?: string;
+    /** Whether to register the default AuthController (default: true) */
+    useController?: boolean;
+    /** Global route prefix for auth endpoints (default: 'auth') */
+    routePrefix?: string;
+}
+/**
+ * Async configuration options for the auth module
+ */
+interface AuthModuleAsyncOptions {
+    /**
+     * Imports required for the factory/useClass
+     */
+    imports?: any[];
+    /**
+     * Factory function to create the options
+     */
+    useFactory?: (...args: any[]) => Promise<AuthModuleOptions> | AuthModuleOptions;
+    /**
+     * Dependencies to inject into the factory
+     */
+    inject?: any[];
+    /**
+     * Class that implements AuthOptionsFactory
+     */
+    useClass?: new (...args: any[]) => AuthOptionsFactory;
+    /**
+     * Existing provider to use
+     */
+    useExisting?: new (...args: any[]) => AuthOptionsFactory;
+}
+/**
+ * Factory interface for creating auth options
+ */
+interface AuthOptionsFactory {
+    createAuthOptions(): Promise<AuthModuleOptions> | AuthModuleOptions;
+}
+/**
+ * Injection token for auth module options
+ */
+declare const LENAN_AUTH_OPTIONS: unique symbol;
+/**
+ * Request with user attached (after authentication)
+ */
+interface AuthenticatedRequest<TUser extends BaseUser = BaseUser> extends Request {
+    user: TUser;
+}
+/**
+ * JWT payload for access tokens
+ */
+interface AccessTokenPayload {
+    sub: string;
+    email: string;
+    type: "access";
+}
+/**
+ * JWT payload for refresh tokens
+ */
+interface RefreshTokenPayload {
+    sub: string;
+    email: string;
+    type: "refresh";
+}
+/**
+ * Lenan Auth Module for NestJS
+ *
+ * A flexible authentication module supporting JWT access/refresh tokens.
+ * Requires consumers to implement UserServiceInterface.
+ *
+ * @example
+ * ```typescript
+ * // Sync registration
+ * @Module({
+ *   imports: [
+ *     LenanAuthModule.register({
+ *       jwtSecret: 'your-secret',
+ *       jwtAccessExpiry: '15m',
+ *       jwtRefreshExpiry: '7d',
+ *     }, UserService),
+ *   ],
+ * })
+ * export class AppModule {}
+ *
+ * // Async registration with ConfigService
+ * @Module({
+ *   imports: [
+ *     LenanAuthModule.registerAsync({
+ *       imports: [ConfigModule],
+ *       useFactory: (config: ConfigService) => ({
+ *         jwtSecret: config.get('JWT_SECRET'),
+ *         jwtAccessExpiry: config.get('JWT_ACCESS_EXPIRY', '15m'),
+ *         jwtRefreshExpiry: config.get('JWT_REFRESH_EXPIRY', '7d'),
+ *       }),
+ *       inject: [ConfigService],
+ *     }, UserService),
+ *   ],
+ * })
+ * export class AppModule {}
+ * ```
+ */
+declare class LenanAuthModule {
+    /**
+     * Register the auth module with synchronous configuration
+     *
+     * @param options - Auth module configuration options
+     * @param userService - Your UserService class implementing UserServiceInterface
+     */
+    static register(options: AuthModuleOptions, userService: Type<UserServiceInterface>): DynamicModule;
+    /**
+     * Register the auth module with async configuration
+     *
+     * @param asyncOptions - Async configuration options
+     * @param userService - Your UserService class implementing UserServiceInterface
+     */
+    static registerAsync(asyncOptions: AuthModuleAsyncOptions, userService: Type<UserServiceInterface>): DynamicModule;
+    private static createProviders;
+    private static createAsyncProviders;
+    private static createAsyncOptionsProvider;
+}
+/**
+ * Login request DTO
+ */
+declare class LoginDto {
+    email: string;
+    password: string;
+}
+/**
+ * Registration request DTO
+ */
+declare class RegisterDto {
+    email: string;
+    password: string;
+    confirmPassword: string;
+}
+/**
+ * Refresh token request DTO
+ */
+declare class RefreshTokenDto {
+    refreshToken: string;
+}
+/**
+ * Token response DTO
+ */
+declare class TokensResponseDto {
+    accessToken: string;
+    refreshToken: string;
+    constructor(accessToken: string, refreshToken: string);
+}
+/**
+ * Message response DTO
+ */
+declare class MessageResponseDto {
+    message: string;
+    constructor(message: string);
+}
+/**
+ * Service for JWT token generation and verification
+ */
+declare class JwtTokenService {
+    private readonly jwtService;
+    private readonly accessExpiry;
+    private readonly refreshExpiry;
+    private readonly accessSecret;
+    private readonly refreshSecret;
+    constructor(jwtService: JwtService, options: AuthModuleOptions);
+    /**
+     * Generate access and refresh tokens for a user
+     */
+    generateTokens(userId: string, email: string): Promise<AuthTokens>;
+    /**
+     * Generate an access token
+     */
+    generateAccessToken(userId: string, email: string): Promise<string>;
+    /**
+     * Generate a refresh token
+     */
+    generateRefreshToken(userId: string, email: string): Promise<string>;
+    /**
+     * Verify an access token and return its payload
+     */
+    verifyAccessToken(token: string): Promise<AccessTokenPayload | null>;
+    /**
+     * Verify a refresh token and return its payload
+     */
+    verifyRefreshToken(token: string): Promise<RefreshTokenPayload | null>;
+    /**
+     * Decode a token without verification (useful for debugging)
+     */
+    decodeToken<T = any>(token: string): T | null;
+}
+/**
+ * Service for password hashing and comparison using bcrypt
+ */
+declare class PasswordService {
+    private readonly saltRounds;
+    /**
+     * Hash a plain text password
+     */
+    hash(password: string): Promise<string>;
+    /**
+     * Compare a plain text password with a hash
+     */
+    compare(password: string, hash: string): Promise<boolean>;
+    /**
+     * Hash a refresh token for storage
+     * Uses fewer rounds since refresh tokens are already random
+     */
+    hashToken(token: string): Promise<string>;
+    /**
+     * Compare a refresh token with its hash
+     */
+    compareToken(token: string, hash: string): Promise<boolean>;
+}
+/**
+ * Main authentication service
+ * Orchestrates user authentication, registration, and token management
+ */
+declare class AuthService {
+    private readonly userService;
+    private readonly passwordService;
+    private readonly jwtTokenService;
+    constructor(userService: UserServiceInterface, passwordService: PasswordService, jwtTokenService: JwtTokenService);
+    /**
+     * Register a new user
+     * @throws ConflictException if email already exists
+     */
+    register(dto: RegisterDto): Promise<AuthTokens>;
+    /**
+     * Authenticate a user with email and password
+     * @throws UnauthorizedException if credentials are invalid
+     */
+    login(dto: LoginDto): Promise<AuthTokens>;
+    /**
+     * Refresh tokens using a valid refresh token
+     * @throws UnauthorizedException if refresh token is invalid
+     */
+    refreshTokens(userId: string, refreshToken: string): Promise<AuthTokens>;
+    /**
+     * Log out a user by clearing their refresh token
+     */
+    logout(userId: string): Promise<void>;
+    /**
+     * Validate a user exists by ID
+     * Used by JWT strategy to validate token payloads
+     */
+    validateUser(userId: string): Promise<AuthUser | null>;
+    /**
+     * Get current user by ID (without sensitive fields)
+     */
+    getCurrentUser(userId: string): Promise<Omit<AuthUser, "passwordHash" | "hashedRefreshToken"> | null>;
+}
+declare const JwtAuthGuard_base: _nestjs_passport.Type<_nestjs_passport.IAuthGuard>;
+/**
+ * JWT Auth Guard for protecting routes
+ * Uses the 'lenan-jwt' strategy to validate access tokens
+ * Respects the @Public() decorator to skip authentication
+ */
+declare class JwtAuthGuard extends JwtAuthGuard_base {
+    private reflector;
+    constructor(reflector: Reflector);
+    canActivate(context: ExecutionContext): boolean | Promise<boolean> | rxjs.Observable<boolean>;
+}
+declare const RefreshTokenGuard_base: _nestjs_passport.Type<_nestjs_passport.IAuthGuard>;
+/**
+ * Refresh Token Guard for protecting the refresh endpoint
+ * Uses the 'lenan-jwt-refresh' strategy to validate refresh tokens
+ */
+declare class RefreshTokenGuard extends RefreshTokenGuard_base {
+}
+declare const JwtStrategy_base: new (...args: [opt: passport_jwt.StrategyOptionsWithRequest] | [opt: passport_jwt.StrategyOptionsWithoutRequest]) => Strategy & {
+    validate(...args: any[]): unknown;
+};
+/**
+ * JWT Strategy for validating access tokens
+ * Extracts token from Authorization header and validates against the user service
+ */
+declare class JwtStrategy extends JwtStrategy_base {
+    private readonly userService;
+    constructor(options: AuthModuleOptions, userService: UserServiceInterface);
+    /**
+     * Validate the JWT payload and return the user
+     * This is called by Passport after successfully verifying the token signature
+     */
+    validate(payload: AccessTokenPayload): Promise<{
+        id: string;
+        email: string;
+    }>;
+}
+declare const RefreshTokenStrategy_base: new (...args: [opt: passport_jwt.StrategyOptionsWithRequest] | [opt: passport_jwt.StrategyOptionsWithoutRequest]) => Strategy & {
+    validate(...args: any[]): unknown;
+};
+/**
+ * Refresh Token Strategy for validating refresh tokens
+ * Extracts token from request body and validates it
+ */
+declare class RefreshTokenStrategy extends RefreshTokenStrategy_base {
+    private readonly userService;
+    constructor(options: AuthModuleOptions, userService: UserServiceInterface);
+    /**
+     * Validate the refresh token payload
+     * Returns user with the refresh token attached for further validation
+     */
+    validate(req: Request$1, payload: RefreshTokenPayload): Promise<{
+        refreshToken: any;
+        passwordHash: string;
+        hashedRefreshToken: string | null;
+        id: string;
+        email: string;
+    }>;
+}
+/**
+ * Metadata key for public routes
+ */
+declare const IS_PUBLIC_KEY = "isPublic";
+/**
+ * Mark a route as public (no authentication required)
+ * Use this decorator on routes that should be accessible without a valid JWT
+ *
+ * @example
+ * ```typescript
+ * @Public()
+ * @Get('health')
+ * healthCheck() {
+ *   return { status: 'ok' };
+ * }
+ * ```
+ */
+declare const Public: () => _nestjs_common.CustomDecorator<string>;
+/**
+ * Extract the current authenticated user from the request
+ * Can optionally extract a specific property from the user object
+ *
+ * @example
+ * ```typescript
+ * // Get the entire user object
+ * @Get('profile')
+ * getProfile(@CurrentUser() user: User) {
+ *   return user;
+ * }
+ *
+ * // Get a specific property
+ * @Get('my-id')
+ * getMyId(@CurrentUser('id') userId: string) {
+ *   return { id: userId };
+ * }
+ * ```
+ */
+declare const CurrentUser: (...dataOrPipes: (string | _nestjs_common.PipeTransform<any, any> | _nestjs_common.Type<_nestjs_common.PipeTransform<any, any>> | undefined)[]) => ParameterDecorator;
+/**
+ * Authentication controller providing standard auth endpoints
+ * This controller is optional - consumers can disable it and implement their own
+ */
+declare class AuthController {
+    private readonly authService;
+    constructor(authService: AuthService);
+    /**
+     * Register a new user
+     * POST /auth/register
+     */
+    register(dto: RegisterDto): Promise<TokensResponseDto>;
+    /**
+     * Login with email and password
+     * POST /auth/login
+     */
+    login(dto: LoginDto): Promise<TokensResponseDto>;
+    /**
+     * Refresh access token using refresh token
+     * POST /auth/refresh
+     */
+    refresh(user: BaseUser & {
+        refreshToken: string;
+    }): Promise<TokensResponseDto>;
+    /**
+     * Logout (invalidate refresh token)
+     * POST /auth/logout
+     */
+    logout(userId: string): Promise<MessageResponseDto>;
+    /**
+     * Get current authenticated user
+     * GET /auth/me
+     */
+    me(user: BaseUser): Promise<BaseUser>;
+}
+export { type AccessTokenPayload, AuthController, type AuthModuleAsyncOptions, type AuthModuleOptions, type AuthOptionsFactory, AuthService, type AuthTokens, type AuthUser, type AuthenticatedRequest, type BaseUser, CurrentUser, IS_PUBLIC_KEY, JwtAuthGuard, type JwtPayload, JwtStrategy, JwtTokenService, LENAN_AUTH_OPTIONS, LENAN_USER_SERVICE, LenanAuthModule, type LoginCredentials, LoginDto, MessageResponseDto, PasswordService, Public, RefreshTokenDto, RefreshTokenGuard, type RefreshTokenPayload, RefreshTokenStrategy, type RegisterData, RegisterDto, TokensResponseDto, type UserServiceInterface };