@lenne.tech/nest-server 11.10.1 → 11.10.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. package/dist/config.env.js +16 -133
  2. package/dist/config.env.js.map +1 -1
  3. package/dist/core/common/interfaces/server-options.interface.d.ts +4 -0
  4. package/dist/core/modules/auth/guards/auth.guard.d.ts +2 -2
  5. package/dist/core/modules/auth/guards/auth.guard.js +68 -8
  6. package/dist/core/modules/auth/guards/auth.guard.js.map +1 -1
  7. package/dist/core/modules/auth/guards/roles.guard.d.ts +3 -4
  8. package/dist/core/modules/auth/guards/roles.guard.js +64 -159
  9. package/dist/core/modules/auth/guards/roles.guard.js.map +1 -1
  10. package/dist/core/modules/better-auth/better-auth-token.service.d.ts +21 -0
  11. package/dist/core/modules/better-auth/better-auth-token.service.js +153 -0
  12. package/dist/core/modules/better-auth/better-auth-token.service.js.map +1 -0
  13. package/dist/core/modules/better-auth/better-auth.config.d.ts +3 -0
  14. package/dist/core/modules/better-auth/better-auth.config.js +176 -47
  15. package/dist/core/modules/better-auth/better-auth.config.js.map +1 -1
  16. package/dist/core/modules/better-auth/better-auth.types.d.ts +13 -0
  17. package/dist/core/modules/better-auth/better-auth.types.js.map +1 -1
  18. package/dist/core/modules/better-auth/core-better-auth-api.middleware.d.ts +5 -1
  19. package/dist/core/modules/better-auth/core-better-auth-api.middleware.js +101 -8
  20. package/dist/core/modules/better-auth/core-better-auth-api.middleware.js.map +1 -1
  21. package/dist/core/modules/better-auth/core-better-auth-challenge.service.d.ts +20 -0
  22. package/dist/core/modules/better-auth/core-better-auth-challenge.service.js +142 -0
  23. package/dist/core/modules/better-auth/core-better-auth-challenge.service.js.map +1 -0
  24. package/dist/core/modules/better-auth/core-better-auth-user.mapper.js +1 -1
  25. package/dist/core/modules/better-auth/core-better-auth-user.mapper.js.map +1 -1
  26. package/dist/core/modules/better-auth/core-better-auth-web.helper.d.ts +2 -0
  27. package/dist/core/modules/better-auth/core-better-auth-web.helper.js +29 -1
  28. package/dist/core/modules/better-auth/core-better-auth-web.helper.js.map +1 -1
  29. package/dist/core/modules/better-auth/core-better-auth.controller.js +5 -13
  30. package/dist/core/modules/better-auth/core-better-auth.controller.js.map +1 -1
  31. package/dist/core/modules/better-auth/core-better-auth.middleware.d.ts +0 -1
  32. package/dist/core/modules/better-auth/core-better-auth.middleware.js +6 -19
  33. package/dist/core/modules/better-auth/core-better-auth.middleware.js.map +1 -1
  34. package/dist/core/modules/better-auth/core-better-auth.module.d.ts +6 -1
  35. package/dist/core/modules/better-auth/core-better-auth.module.js +82 -19
  36. package/dist/core/modules/better-auth/core-better-auth.module.js.map +1 -1
  37. package/dist/core/modules/better-auth/core-better-auth.resolver.js +7 -6
  38. package/dist/core/modules/better-auth/core-better-auth.resolver.js.map +1 -1
  39. package/dist/core/modules/better-auth/core-better-auth.service.d.ts +1 -2
  40. package/dist/core/modules/better-auth/core-better-auth.service.js +27 -37
  41. package/dist/core/modules/better-auth/core-better-auth.service.js.map +1 -1
  42. package/dist/core/modules/better-auth/index.d.ts +1 -0
  43. package/dist/core/modules/better-auth/index.js +1 -0
  44. package/dist/core/modules/better-auth/index.js.map +1 -1
  45. package/dist/core.module.js +4 -0
  46. package/dist/core.module.js.map +1 -1
  47. package/dist/server/modules/better-auth/better-auth.module.d.ts +4 -1
  48. package/dist/server/modules/better-auth/better-auth.module.js +4 -1
  49. package/dist/server/modules/better-auth/better-auth.module.js.map +1 -1
  50. package/dist/server/server.module.js +1 -4
  51. package/dist/server/server.module.js.map +1 -1
  52. package/dist/tsconfig.build.tsbuildinfo +1 -1
  53. package/package.json +1 -1
  54. package/src/config.env.ts +24 -174
  55. package/src/core/common/interfaces/server-options.interface.ts +288 -35
  56. package/src/core/modules/auth/guards/auth.guard.ts +136 -23
  57. package/src/core/modules/auth/guards/roles.guard.ts +119 -239
  58. package/src/core/modules/better-auth/INTEGRATION-CHECKLIST.md +82 -56
  59. package/src/core/modules/better-auth/README.md +132 -35
  60. package/src/core/modules/better-auth/better-auth-token.service.ts +241 -0
  61. package/src/core/modules/better-auth/better-auth.config.ts +402 -70
  62. package/src/core/modules/better-auth/better-auth.types.ts +37 -0
  63. package/src/core/modules/better-auth/core-better-auth-api.middleware.ts +158 -18
  64. package/src/core/modules/better-auth/core-better-auth-challenge.service.ts +254 -0
  65. package/src/core/modules/better-auth/core-better-auth-user.mapper.ts +1 -1
  66. package/src/core/modules/better-auth/core-better-auth-web.helper.ts +64 -1
  67. package/src/core/modules/better-auth/core-better-auth.controller.ts +7 -15
  68. package/src/core/modules/better-auth/core-better-auth.middleware.ts +7 -20
  69. package/src/core/modules/better-auth/core-better-auth.module.ts +182 -25
  70. package/src/core/modules/better-auth/core-better-auth.resolver.ts +8 -7
  71. package/src/core/modules/better-auth/core-better-auth.service.ts +40 -48
  72. package/src/core/modules/better-auth/index.ts +1 -0
  73. package/src/core.module.ts +8 -0
  74. package/src/server/modules/better-auth/better-auth.module.ts +40 -10
  75. package/src/server/server.module.ts +2 -4
package/src/core.module.ts CHANGED
@@ -262,6 +262,14 @@ export class CoreModule implements NestModule {
262
262
  config: betterAuthConfig === true ? {} : betterAuthConfig || {},
263
263
  // Pass JWT secrets for backwards compatibility fallback
264
264
  fallbackSecrets: [config.jwt?.secret, config.jwt?.refresh?.secret],
265
+ // In IAM-only mode, register RolesGuard globally to enforce @Roles() decorators
266
+ // In Legacy mode (autoRegister), RolesGuard is already registered via CoreAuthModule
267
+ registerRolesGuardGlobally: isIamOnlyMode,
268
+ // Pass server-level URLs for Passkey auto-detection
269
+ // When env: 'local', defaults are: baseUrl=localhost:3000, appUrl=localhost:3001
270
+ serverAppUrl: config.appUrl,
271
+ serverBaseUrl: config.baseUrl,
272
+ serverEnv: config.env,
265
273
  }),
266
274
  );
267
275
  }
package/src/server/modules/better-auth/better-auth.module.ts CHANGED
@@ -7,6 +7,19 @@ import { BetterAuthResolver } from './better-auth.resolver';
7
7
 
8
8
  /**
9
9
  * Options for BetterAuthModule.forRoot()
10
+ *
11
+ * All options are optional when using Zero-Config:
12
+ * All values are auto-read from ConfigService (set by CoreModule.forRoot)
13
+ *
14
+ * @example
15
+ * // Zero-Config - all values auto-detected from ConfigService
16
+ * BetterAuthModule.forRoot({})
17
+ *
18
+ * // Or with explicit overrides
19
+ * BetterAuthModule.forRoot({
20
+ * config: { secret: 'custom-secret' },
21
+ * serverAppUrl: 'https://custom-app.com',
22
+ * })
10
23
  */
11
24
  export interface ServerBetterAuthModuleOptions {
12
25
  /**
@@ -15,14 +28,33 @@ export interface ServerBetterAuthModuleOptions {
15
28
  * - `true`: Enable with all defaults (including JWT)
16
29
  * - `false`: Disable BetterAuth
17
30
  * - `{ ... }`: Enable with custom configuration
31
+ * - `undefined`: Auto-read from ConfigService (Zero-Config)
18
32
  */
19
- config: boolean | IBetterAuth;
33
+ config?: boolean | IBetterAuth;
20
34
 
21
35
  /**
22
36
  * Fallback secrets for backwards compatibility with JWT config.
23
37
  * If no betterAuth.secret is configured, these secrets are tried in order.
24
38
  */
25
39
  fallbackSecrets?: (string | undefined)[];
40
+
41
+ /**
42
+ * Server-level app URL for Passkey auto-detection.
43
+ * @see IServerOptions.appUrl
44
+ */
45
+ serverAppUrl?: string;
46
+
47
+ /**
48
+ * Server-level base URL for Passkey auto-detection.
49
+ * @see IServerOptions.baseUrl
50
+ */
51
+ serverBaseUrl?: string;
52
+
53
+ /**
54
+ * Server environment for localhost defaults (local, ci, e2e).
55
+ * @see IServerOptions.env
56
+ */
57
+ serverEnv?: string;
26
58
  }
27
59
 
28
60
  /**
@@ -42,14 +74,9 @@ export interface ServerBetterAuthModuleOptions {
42
74
  *
43
75
  * @Module({
44
76
  * imports: [
45
- * CoreModule.forRoot(CoreAuthService, AuthModule.forRoot(envConfig.jwt), {
46
- * ...envConfig,
47
- * betterAuth: { ...envConfig.betterAuth, autoRegister: false },
48
- * }),
49
- * BetterAuthModule.forRoot({
50
- * config: envConfig.betterAuth,
51
- * fallbackSecrets: [envConfig.jwt?.secret, envConfig.jwt?.refresh?.secret],
52
- * }),
77
+ * CoreModule.forRoot(CoreAuthService, AuthModule.forRoot(envConfig.jwt), envConfig),
78
+ * // Zero-Config: All values auto-read from ConfigService
79
+ * BetterAuthModule.forRoot({}),
53
80
  * ],
54
81
  * })
55
82
  * export class ServerModule {}
@@ -64,7 +91,7 @@ export class BetterAuthModule {
64
91
  * @returns Dynamic module configuration
65
92
  */
66
93
  static forRoot(options: ServerBetterAuthModuleOptions): DynamicModule {
67
- const { config, fallbackSecrets } = options;
94
+ const { config, fallbackSecrets, serverAppUrl, serverBaseUrl, serverEnv } = options;
68
95
 
69
96
  // If better-auth is explicitly disabled, return minimal module
70
97
  // Supports: false, { enabled: false }, or undefined/null
@@ -85,6 +112,9 @@ export class BetterAuthModule {
85
112
  controller: BetterAuthController,
86
113
  fallbackSecrets,
87
114
  resolver: BetterAuthResolver,
115
+ serverAppUrl,
116
+ serverBaseUrl,
117
+ serverEnv,
88
118
  }),
89
119
  ],
90
120
  module: BetterAuthModule,
package/src/server/server.module.ts CHANGED
@@ -45,11 +45,9 @@ import { ServerController } from './server.controller';
45
45
  AuthModule.forRoot(envConfig.jwt),
46
46
 
47
47
  // Include BetterAuthModule for better-auth integration
48
+ // Zero-Config: All values are auto-read from ConfigService (set by CoreModule.forRoot)
48
49
  // This allows project-specific customization via BetterAuthResolver
49
- BetterAuthModule.forRoot({
50
- config: envConfig.betterAuth,
51
- fallbackSecrets: [envConfig.jwt?.secret, envConfig.jwt?.refresh?.secret],
52
- }),
50
+ BetterAuthModule.forRoot({}),
53
51
 
54
52
  // Include ErrorCodeModule with project-specific error codes
55
53
  // Uses Core ErrorCodeModule.forRoot() with custom service and controller