@lenan-soft/auth 1.0.1

package/dist/nestjs/index.js

@@ -0,0 +1,709 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp(target, key, result);
+  return result;
+};
+var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
+
+// src/nestjs/lenan-auth.module.ts
+import { Module } from "@nestjs/common";
+import { JwtModule } from "@nestjs/jwt";
+import { PassportModule } from "@nestjs/passport";
+
+// src/nestjs/controllers/auth.controller.ts
+import {
+  Body,
+  Controller,
+  Get,
+  HttpCode,
+  HttpStatus,
+  Post,
+  UseGuards
+} from "@nestjs/common";
+
+// src/nestjs/decorators/index.ts
+import {
+  createParamDecorator,
+  SetMetadata
+} from "@nestjs/common";
+var IS_PUBLIC_KEY = "isPublic";
+var Public = () => SetMetadata(IS_PUBLIC_KEY, true);
+var CurrentUser = createParamDecorator(
+  (data, ctx) => {
+    const request = ctx.switchToHttp().getRequest();
+    const user = request.user;
+    if (!user) {
+      return null;
+    }
+    return data ? user[data] : user;
+  }
+);
+
+// src/nestjs/dto/index.ts
+import {
+  IsEmail,
+  IsString,
+  Matches,
+  MaxLength,
+  MinLength
+} from "class-validator";
+var LoginDto = class {
+  email;
+  password;
+};
+__decorateClass([
+  IsEmail({}, { message: "Please provide a valid email address" })
+], LoginDto.prototype, "email", 2);
+__decorateClass([
+  IsString(),
+  MinLength(1, { message: "Password is required" })
+], LoginDto.prototype, "password", 2);
+var RegisterDto = class {
+  email;
+  password;
+  confirmPassword;
+};
+__decorateClass([
+  IsEmail({}, { message: "Please provide a valid email address" })
+], RegisterDto.prototype, "email", 2);
+__decorateClass([
+  IsString(),
+  MinLength(8, { message: "Password must be at least 8 characters long" }),
+  MaxLength(128, { message: "Password must be at most 128 characters long" }),
+  Matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)/, {
+    message: "Password must contain at least one lowercase letter, one uppercase letter, and one number"
+  })
+], RegisterDto.prototype, "password", 2);
+__decorateClass([
+  IsString(),
+  MinLength(1, { message: "Password confirmation is required" })
+], RegisterDto.prototype, "confirmPassword", 2);
+var RefreshTokenDto = class {
+  refreshToken;
+};
+__decorateClass([
+  IsString(),
+  MinLength(1, { message: "Refresh token is required" })
+], RefreshTokenDto.prototype, "refreshToken", 2);
+var TokensResponseDto = class {
+  accessToken;
+  refreshToken;
+  constructor(accessToken, refreshToken) {
+    this.accessToken = accessToken;
+    this.refreshToken = refreshToken;
+  }
+};
+var MessageResponseDto = class {
+  message;
+  constructor(message) {
+    this.message = message;
+  }
+};
+
+// src/nestjs/guards/jwt-auth.guard.ts
+import { Injectable } from "@nestjs/common";
+import { AuthGuard } from "@nestjs/passport";
+var JwtAuthGuard = class extends AuthGuard("lenan-jwt") {
+  constructor(reflector) {
+    super();
+    this.reflector = reflector;
+  }
+  canActivate(context) {
+    const isPublic = this.reflector.getAllAndOverride(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass()
+    ]);
+    if (isPublic) {
+      return true;
+    }
+    return super.canActivate(context);
+  }
+};
+JwtAuthGuard = __decorateClass([
+  Injectable()
+], JwtAuthGuard);
+
+// src/nestjs/guards/refresh-token.guard.ts
+import { Injectable as Injectable2 } from "@nestjs/common";
+import { AuthGuard as AuthGuard2 } from "@nestjs/passport";
+var RefreshTokenGuard = class extends AuthGuard2("lenan-jwt-refresh") {
+};
+RefreshTokenGuard = __decorateClass([
+  Injectable2()
+], RefreshTokenGuard);
+
+// src/nestjs/controllers/auth.controller.ts
+var AuthController = class {
+  constructor(authService) {
+    this.authService = authService;
+  }
+  async register(dto) {
+    const tokens = await this.authService.register(dto);
+    return new TokensResponseDto(tokens.accessToken, tokens.refreshToken);
+  }
+  async login(dto) {
+    const tokens = await this.authService.login(dto);
+    return new TokensResponseDto(tokens.accessToken, tokens.refreshToken);
+  }
+  async refresh(user) {
+    const tokens = await this.authService.refreshTokens(
+      user.id,
+      user.refreshToken
+    );
+    return new TokensResponseDto(tokens.accessToken, tokens.refreshToken);
+  }
+  async logout(userId) {
+    await this.authService.logout(userId);
+    return new MessageResponseDto("Logged out successfully");
+  }
+  async me(user) {
+    return user;
+  }
+};
+__decorateClass([
+  Public(),
+  Post("register"),
+  HttpCode(HttpStatus.CREATED),
+  __decorateParam(0, Body())
+], AuthController.prototype, "register", 1);
+__decorateClass([
+  Public(),
+  Post("login"),
+  HttpCode(HttpStatus.OK),
+  __decorateParam(0, Body())
+], AuthController.prototype, "login", 1);
+__decorateClass([
+  Public(),
+  UseGuards(RefreshTokenGuard),
+  Post("refresh"),
+  HttpCode(HttpStatus.OK),
+  __decorateParam(0, CurrentUser())
+], AuthController.prototype, "refresh", 1);
+__decorateClass([
+  UseGuards(JwtAuthGuard),
+  Post("logout"),
+  HttpCode(HttpStatus.OK),
+  __decorateParam(0, CurrentUser("id"))
+], AuthController.prototype, "logout", 1);
+__decorateClass([
+  UseGuards(JwtAuthGuard),
+  Get("me"),
+  __decorateParam(0, CurrentUser())
+], AuthController.prototype, "me", 1);
+AuthController = __decorateClass([
+  Controller("auth")
+], AuthController);
+
+// src/nestjs/interfaces/index.ts
+var LENAN_USER_SERVICE = /* @__PURE__ */ Symbol("LENAN_USER_SERVICE");
+var LENAN_AUTH_OPTIONS = /* @__PURE__ */ Symbol("LENAN_AUTH_OPTIONS");
+
+// src/nestjs/services/auth.service.ts
+import {
+  BadRequestException,
+  ConflictException,
+  Inject,
+  Injectable as Injectable3,
+  UnauthorizedException
+} from "@nestjs/common";
+var AuthService = class {
+  constructor(userService, passwordService, jwtTokenService) {
+    this.userService = userService;
+    this.passwordService = passwordService;
+    this.jwtTokenService = jwtTokenService;
+  }
+  /**
+   * Register a new user
+   * @throws ConflictException if email already exists
+   */
+  async register(dto) {
+    const existingUser = await this.userService.findByEmail(dto.email);
+    if (existingUser) {
+      throw new ConflictException("Email already registered");
+    }
+    if (dto.password !== dto.confirmPassword) {
+      throw new BadRequestException("Passwords do not match");
+    }
+    const passwordHash = await this.passwordService.hash(dto.password);
+    const user = await this.userService.createUser({
+      email: dto.email,
+      passwordHash
+    });
+    const tokens = await this.jwtTokenService.generateTokens(
+      user.id,
+      user.email
+    );
+    const hashedRefreshToken = await this.passwordService.hashToken(
+      tokens.refreshToken
+    );
+    await this.userService.updateRefreshToken(user.id, hashedRefreshToken);
+    return tokens;
+  }
+  /**
+   * Authenticate a user with email and password
+   * @throws UnauthorizedException if credentials are invalid
+   */
+  async login(dto) {
+    const user = await this.userService.findByEmail(dto.email);
+    if (!user) {
+      throw new UnauthorizedException("Invalid credentials");
+    }
+    const isPasswordValid = await this.passwordService.compare(
+      dto.password,
+      user.passwordHash
+    );
+    if (!isPasswordValid) {
+      throw new UnauthorizedException("Invalid credentials");
+    }
+    const tokens = await this.jwtTokenService.generateTokens(
+      user.id,
+      user.email
+    );
+    const hashedRefreshToken = await this.passwordService.hashToken(
+      tokens.refreshToken
+    );
+    await this.userService.updateRefreshToken(user.id, hashedRefreshToken);
+    return tokens;
+  }
+  /**
+   * Refresh tokens using a valid refresh token
+   * @throws UnauthorizedException if refresh token is invalid
+   */
+  async refreshTokens(userId, refreshToken) {
+    const user = await this.userService.findById(userId);
+    if (!user || !user.hashedRefreshToken) {
+      throw new UnauthorizedException("Invalid refresh token");
+    }
+    const isValid = await this.passwordService.compareToken(
+      refreshToken,
+      user.hashedRefreshToken
+    );
+    if (!isValid) {
+      throw new UnauthorizedException("Invalid refresh token");
+    }
+    const tokens = await this.jwtTokenService.generateTokens(
+      user.id,
+      user.email
+    );
+    const hashedRefreshToken = await this.passwordService.hashToken(
+      tokens.refreshToken
+    );
+    await this.userService.updateRefreshToken(user.id, hashedRefreshToken);
+    return tokens;
+  }
+  /**
+   * Log out a user by clearing their refresh token
+   */
+  async logout(userId) {
+    await this.userService.updateRefreshToken(userId, null);
+  }
+  /**
+   * Validate a user exists by ID
+   * Used by JWT strategy to validate token payloads
+   */
+  async validateUser(userId) {
+    return this.userService.findById(userId);
+  }
+  /**
+   * Get current user by ID (without sensitive fields)
+   */
+  async getCurrentUser(userId) {
+    const user = await this.userService.findById(userId);
+    if (!user) {
+      return null;
+    }
+    const { passwordHash, hashedRefreshToken, ...safeUser } = user;
+    return safeUser;
+  }
+};
+AuthService = __decorateClass([
+  Injectable3(),
+  __decorateParam(0, Inject(LENAN_USER_SERVICE))
+], AuthService);
+
+// src/nestjs/services/jwt-token.service.ts
+import { Inject as Inject2, Injectable as Injectable4 } from "@nestjs/common";
+var JwtTokenService = class {
+  constructor(jwtService, options) {
+    this.jwtService = jwtService;
+    this.accessSecret = options.jwtSecret;
+    this.refreshSecret = options.jwtRefreshSecret ?? `${options.jwtSecret}_refresh`;
+    this.accessExpiry = options.jwtAccessExpiry ?? "15m";
+    this.refreshExpiry = options.jwtRefreshExpiry ?? "7d";
+  }
+  accessExpiry;
+  refreshExpiry;
+  accessSecret;
+  refreshSecret;
+  /**
+   * Generate access and refresh tokens for a user
+   */
+  async generateTokens(userId, email) {
+    const [accessToken, refreshToken] = await Promise.all([
+      this.generateAccessToken(userId, email),
+      this.generateRefreshToken(userId, email)
+    ]);
+    return { accessToken, refreshToken };
+  }
+  /**
+   * Generate an access token
+   */
+  async generateAccessToken(userId, email) {
+    const payload = {
+      sub: userId,
+      email,
+      type: "access"
+    };
+    return this.jwtService.signAsync(payload, {
+      secret: this.accessSecret,
+      expiresIn: this.accessExpiry
+    });
+  }
+  /**
+   * Generate a refresh token
+   */
+  async generateRefreshToken(userId, email) {
+    const payload = {
+      sub: userId,
+      email,
+      type: "refresh"
+    };
+    return this.jwtService.signAsync(payload, {
+      secret: this.refreshSecret,
+      expiresIn: this.refreshExpiry
+    });
+  }
+  /**
+   * Verify an access token and return its payload
+   */
+  async verifyAccessToken(token) {
+    try {
+      const payload = await this.jwtService.verifyAsync(
+        token,
+        {
+          secret: this.accessSecret
+        }
+      );
+      if (payload.type !== "access") {
+        return null;
+      }
+      return payload;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Verify a refresh token and return its payload
+   */
+  async verifyRefreshToken(token) {
+    try {
+      const payload = await this.jwtService.verifyAsync(
+        token,
+        {
+          secret: this.refreshSecret
+        }
+      );
+      if (payload.type !== "refresh") {
+        return null;
+      }
+      return payload;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Decode a token without verification (useful for debugging)
+   */
+  decodeToken(token) {
+    try {
+      return this.jwtService.decode(token);
+    } catch {
+      return null;
+    }
+  }
+};
+JwtTokenService = __decorateClass([
+  Injectable4(),
+  __decorateParam(1, Inject2(LENAN_AUTH_OPTIONS))
+], JwtTokenService);
+
+// src/nestjs/services/password.service.ts
+import { Injectable as Injectable5 } from "@nestjs/common";
+import * as bcrypt from "bcryptjs";
+var PasswordService = class {
+  saltRounds = 12;
+  /**
+   * Hash a plain text password
+   */
+  async hash(password) {
+    return bcrypt.hash(password, this.saltRounds);
+  }
+  /**
+   * Compare a plain text password with a hash
+   */
+  async compare(password, hash2) {
+    return bcrypt.compare(password, hash2);
+  }
+  /**
+   * Hash a refresh token for storage
+   * Uses fewer rounds since refresh tokens are already random
+   */
+  async hashToken(token) {
+    return bcrypt.hash(token, 10);
+  }
+  /**
+   * Compare a refresh token with its hash
+   */
+  async compareToken(token, hash2) {
+    return bcrypt.compare(token, hash2);
+  }
+};
+PasswordService = __decorateClass([
+  Injectable5()
+], PasswordService);
+
+// src/nestjs/strategies/jwt.strategy.ts
+import { Inject as Inject3, Injectable as Injectable6, UnauthorizedException as UnauthorizedException2 } from "@nestjs/common";
+import { PassportStrategy } from "@nestjs/passport";
+import { ExtractJwt, Strategy } from "passport-jwt";
+var JwtStrategy = class extends PassportStrategy(Strategy, "lenan-jwt") {
+  constructor(options, userService) {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKey: options.jwtSecret
+    });
+    this.userService = userService;
+  }
+  /**
+   * Validate the JWT payload and return the user
+   * This is called by Passport after successfully verifying the token signature
+   */
+  async validate(payload) {
+    if (payload.type !== "access") {
+      throw new UnauthorizedException2("Invalid token type");
+    }
+    const user = await this.userService.findById(payload.sub);
+    if (!user) {
+      throw new UnauthorizedException2("User not found");
+    }
+    const { passwordHash, hashedRefreshToken, ...safeUser } = user;
+    return safeUser;
+  }
+};
+JwtStrategy = __decorateClass([
+  Injectable6(),
+  __decorateParam(0, Inject3(LENAN_AUTH_OPTIONS)),
+  __decorateParam(1, Inject3(LENAN_USER_SERVICE))
+], JwtStrategy);
+
+// src/nestjs/strategies/refresh-token.strategy.ts
+import { Inject as Inject4, Injectable as Injectable7, UnauthorizedException as UnauthorizedException3 } from "@nestjs/common";
+import { PassportStrategy as PassportStrategy2 } from "@nestjs/passport";
+import { ExtractJwt as ExtractJwt2, Strategy as Strategy2 } from "passport-jwt";
+var RefreshTokenStrategy = class extends PassportStrategy2(
+  Strategy2,
+  "lenan-jwt-refresh"
+) {
+  constructor(options, userService) {
+    const refreshSecret = options.jwtRefreshSecret ?? `${options.jwtSecret}_refresh`;
+    super({
+      jwtFromRequest: ExtractJwt2.fromBodyField("refreshToken"),
+      ignoreExpiration: false,
+      secretOrKey: refreshSecret,
+      passReqToCallback: true
+    });
+    this.userService = userService;
+  }
+  /**
+   * Validate the refresh token payload
+   * Returns user with the refresh token attached for further validation
+   */
+  async validate(req, payload) {
+    if (payload.type !== "refresh") {
+      throw new UnauthorizedException3("Invalid token type");
+    }
+    const user = await this.userService.findById(payload.sub);
+    if (!user) {
+      throw new UnauthorizedException3("User not found");
+    }
+    if (!user.hashedRefreshToken) {
+      throw new UnauthorizedException3("Refresh token has been revoked");
+    }
+    const refreshToken = req.body?.refreshToken;
+    return { ...user, refreshToken };
+  }
+};
+RefreshTokenStrategy = __decorateClass([
+  Injectable7(),
+  __decorateParam(0, Inject4(LENAN_AUTH_OPTIONS)),
+  __decorateParam(1, Inject4(LENAN_USER_SERVICE))
+], RefreshTokenStrategy);
+
+// src/nestjs/lenan-auth.module.ts
+var LenanAuthModule = class {
+  /**
+   * Register the auth module with synchronous configuration
+   *
+   * @param options - Auth module configuration options
+   * @param userService - Your UserService class implementing UserServiceInterface
+   */
+  static register(options, userService) {
+    const providers = this.createProviders(options, userService);
+    const controllers = options.useController !== false ? [AuthController] : [];
+    return {
+      module: LenanAuthModule,
+      imports: [
+        PassportModule.register({ defaultStrategy: "lenan-jwt" }),
+        JwtModule.register({
+          secret: options.jwtSecret,
+          signOptions: { expiresIn: options.jwtAccessExpiry ?? "15m" }
+        })
+      ],
+      providers,
+      controllers,
+      exports: [
+        AuthService,
+        PasswordService,
+        JwtTokenService,
+        JwtStrategy,
+        LENAN_USER_SERVICE
+      ]
+    };
+  }
+  /**
+   * Register the auth module with async configuration
+   *
+   * @param asyncOptions - Async configuration options
+   * @param userService - Your UserService class implementing UserServiceInterface
+   */
+  static registerAsync(asyncOptions, userService) {
+    const providers = this.createAsyncProviders(asyncOptions, userService);
+    return {
+      module: LenanAuthModule,
+      imports: [
+        ...asyncOptions.imports ?? [],
+        PassportModule.register({ defaultStrategy: "lenan-jwt" }),
+        JwtModule.registerAsync({
+          imports: asyncOptions.imports,
+          useFactory: async (...args) => {
+            let options;
+            if (asyncOptions.useFactory) {
+              options = await asyncOptions.useFactory(...args);
+            } else {
+              throw new Error("useFactory is required for async registration");
+            }
+            return {
+              secret: options.jwtSecret,
+              signOptions: {
+                expiresIn: options.jwtAccessExpiry ?? "15m"
+              }
+            };
+          },
+          inject: asyncOptions.inject ?? []
+        })
+      ],
+      providers,
+      controllers: [AuthController],
+      exports: [
+        AuthService,
+        PasswordService,
+        JwtTokenService,
+        JwtStrategy,
+        LENAN_USER_SERVICE
+      ]
+    };
+  }
+  static createProviders(options, userService) {
+    return [
+      {
+        provide: LENAN_AUTH_OPTIONS,
+        useValue: options
+      },
+      {
+        provide: LENAN_USER_SERVICE,
+        useClass: userService
+      },
+      AuthService,
+      PasswordService,
+      JwtTokenService,
+      JwtStrategy,
+      RefreshTokenStrategy
+    ];
+  }
+  static createAsyncProviders(asyncOptions, userService) {
+    const asyncOptionsProvider = this.createAsyncOptionsProvider(asyncOptions);
+    return [
+      asyncOptionsProvider,
+      {
+        provide: LENAN_USER_SERVICE,
+        useClass: userService
+      },
+      AuthService,
+      PasswordService,
+      JwtTokenService,
+      JwtStrategy,
+      RefreshTokenStrategy
+    ];
+  }
+  static createAsyncOptionsProvider(asyncOptions) {
+    if (asyncOptions.useFactory) {
+      return {
+        provide: LENAN_AUTH_OPTIONS,
+        useFactory: asyncOptions.useFactory,
+        inject: asyncOptions.inject ?? []
+      };
+    }
+    if (asyncOptions.useClass) {
+      return {
+        provide: LENAN_AUTH_OPTIONS,
+        useFactory: async (optionsFactory) => {
+          return optionsFactory.createAuthOptions();
+        },
+        inject: [asyncOptions.useClass]
+      };
+    }
+    if (asyncOptions.useExisting) {
+      return {
+        provide: LENAN_AUTH_OPTIONS,
+        useFactory: async (optionsFactory) => {
+          return optionsFactory.createAuthOptions();
+        },
+        inject: [asyncOptions.useExisting]
+      };
+    }
+    throw new Error(
+      "Invalid async options: must provide useFactory, useClass, or useExisting"
+    );
+  }
+};
+LenanAuthModule = __decorateClass([
+  Module({})
+], LenanAuthModule);
+export {
+  AuthController,
+  AuthService,
+  CurrentUser,
+  IS_PUBLIC_KEY,
+  JwtAuthGuard,
+  JwtStrategy,
+  JwtTokenService,
+  LENAN_AUTH_OPTIONS,
+  LENAN_USER_SERVICE,
+  LenanAuthModule,
+  LoginDto,
+  MessageResponseDto,
+  PasswordService,
+  Public,
+  RefreshTokenDto,
+  RefreshTokenGuard,
+  RefreshTokenStrategy,
+  RegisterDto,
+  TokensResponseDto
+};
+//# sourceMappingURL=index.js.map