@lenne.tech/nest-server 11.10.2 → 11.10.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config.env.js +16 -133
- package/dist/config.env.js.map +1 -1
- package/dist/core/common/interfaces/server-options.interface.d.ts +4 -0
- package/dist/core/modules/auth/core-auth.module.js +8 -4
- package/dist/core/modules/auth/core-auth.module.js.map +1 -1
- package/dist/core/modules/auth/guards/roles-guard-registry.d.ts +9 -0
- package/dist/core/modules/auth/guards/roles-guard-registry.js +30 -0
- package/dist/core/modules/auth/guards/roles-guard-registry.js.map +1 -0
- package/dist/core/modules/better-auth/better-auth.config.d.ts +3 -0
- package/dist/core/modules/better-auth/better-auth.config.js +176 -47
- package/dist/core/modules/better-auth/better-auth.config.js.map +1 -1
- package/dist/core/modules/better-auth/core-better-auth-api.middleware.d.ts +5 -1
- package/dist/core/modules/better-auth/core-better-auth-api.middleware.js +101 -8
- package/dist/core/modules/better-auth/core-better-auth-api.middleware.js.map +1 -1
- package/dist/core/modules/better-auth/core-better-auth-challenge.service.d.ts +20 -0
- package/dist/core/modules/better-auth/core-better-auth-challenge.service.js +142 -0
- package/dist/core/modules/better-auth/core-better-auth-challenge.service.js.map +1 -0
- package/dist/core/modules/better-auth/core-better-auth-user.mapper.js +1 -1
- package/dist/core/modules/better-auth/core-better-auth-user.mapper.js.map +1 -1
- package/dist/core/modules/better-auth/core-better-auth-web.helper.d.ts +2 -0
- package/dist/core/modules/better-auth/core-better-auth-web.helper.js +29 -1
- package/dist/core/modules/better-auth/core-better-auth-web.helper.js.map +1 -1
- package/dist/core/modules/better-auth/core-better-auth.controller.js +5 -13
- package/dist/core/modules/better-auth/core-better-auth.controller.js.map +1 -1
- package/dist/core/modules/better-auth/core-better-auth.middleware.d.ts +0 -1
- package/dist/core/modules/better-auth/core-better-auth.middleware.js +6 -19
- package/dist/core/modules/better-auth/core-better-auth.middleware.js.map +1 -1
- package/dist/core/modules/better-auth/core-better-auth.module.d.ts +5 -1
- package/dist/core/modules/better-auth/core-better-auth.module.js +74 -27
- package/dist/core/modules/better-auth/core-better-auth.module.js.map +1 -1
- package/dist/core/modules/better-auth/core-better-auth.resolver.js +7 -6
- package/dist/core/modules/better-auth/core-better-auth.resolver.js.map +1 -1
- package/dist/core/modules/better-auth/core-better-auth.service.d.ts +0 -2
- package/dist/core/modules/better-auth/core-better-auth.service.js +23 -37
- package/dist/core/modules/better-auth/core-better-auth.service.js.map +1 -1
- package/dist/core.module.js +10 -1
- package/dist/core.module.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/server/modules/better-auth/better-auth.module.d.ts +4 -1
- package/dist/server/modules/better-auth/better-auth.module.js +4 -1
- package/dist/server/modules/better-auth/better-auth.module.js.map +1 -1
- package/dist/server/server.module.js +1 -4
- package/dist/server/server.module.js.map +1 -1
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/src/config.env.ts +24 -174
- package/src/core/common/interfaces/server-options.interface.ts +288 -35
- package/src/core/modules/auth/core-auth.module.ts +11 -5
- package/src/core/modules/auth/guards/roles-guard-registry.ts +57 -0
- package/src/core/modules/better-auth/INTEGRATION-CHECKLIST.md +85 -56
- package/src/core/modules/better-auth/README.md +132 -35
- package/src/core/modules/better-auth/better-auth.config.ts +402 -70
- package/src/core/modules/better-auth/core-better-auth-api.middleware.ts +158 -18
- package/src/core/modules/better-auth/core-better-auth-challenge.service.ts +254 -0
- package/src/core/modules/better-auth/core-better-auth-user.mapper.ts +1 -1
- package/src/core/modules/better-auth/core-better-auth-web.helper.ts +64 -1
- package/src/core/modules/better-auth/core-better-auth.controller.ts +6 -14
- package/src/core/modules/better-auth/core-better-auth.middleware.ts +7 -20
- package/src/core/modules/better-auth/core-better-auth.module.ts +173 -38
- package/src/core/modules/better-auth/core-better-auth.resolver.ts +7 -6
- package/src/core/modules/better-auth/core-better-auth.service.ts +27 -48
- package/src/core.module.ts +21 -3
- package/src/index.ts +1 -0
- package/src/server/modules/better-auth/better-auth.module.ts +40 -10
- package/src/server/server.module.ts +2 -4
package/src/core.module.ts
CHANGED
|
@@ -247,12 +247,25 @@ export class CoreModule implements NestModule {
|
|
|
247
247
|
}
|
|
248
248
|
|
|
249
249
|
// Add CoreBetterAuthModule based on mode
|
|
250
|
-
// IAM-only mode:
|
|
250
|
+
// IAM-only mode: BetterAuth is enabled by default (it's the only auth option)
|
|
251
251
|
// Legacy mode: Only register if autoRegister is explicitly true
|
|
252
252
|
// betterAuth can be: boolean | IBetterAuth | undefined
|
|
253
253
|
const betterAuthConfig = config.betterAuth;
|
|
254
|
-
|
|
255
|
-
|
|
254
|
+
|
|
255
|
+
// Determine if BetterAuth is explicitly disabled
|
|
256
|
+
// In IAM-only mode: enabled by default (undefined = true), only false or { enabled: false } disables
|
|
257
|
+
// In Legacy mode: disabled by default (undefined = false), must be explicitly enabled
|
|
258
|
+
const isExplicitlyDisabled = betterAuthConfig === false ||
|
|
259
|
+
(typeof betterAuthConfig === 'object' && betterAuthConfig?.enabled === false);
|
|
260
|
+
const isExplicitlyEnabled = betterAuthConfig === true ||
|
|
261
|
+
(typeof betterAuthConfig === 'object' && betterAuthConfig?.enabled !== false);
|
|
262
|
+
|
|
263
|
+
// IAM-only mode: enabled unless explicitly disabled
|
|
264
|
+
// Legacy mode: enabled only if explicitly enabled
|
|
265
|
+
const isBetterAuthEnabled = isIamOnlyMode
|
|
266
|
+
? !isExplicitlyDisabled
|
|
267
|
+
: isExplicitlyEnabled;
|
|
268
|
+
|
|
256
269
|
const isAutoRegister = typeof betterAuthConfig === 'object' && betterAuthConfig?.autoRegister === true;
|
|
257
270
|
|
|
258
271
|
if (isBetterAuthEnabled) {
|
|
@@ -265,6 +278,11 @@ export class CoreModule implements NestModule {
|
|
|
265
278
|
// In IAM-only mode, register RolesGuard globally to enforce @Roles() decorators
|
|
266
279
|
// In Legacy mode (autoRegister), RolesGuard is already registered via CoreAuthModule
|
|
267
280
|
registerRolesGuardGlobally: isIamOnlyMode,
|
|
281
|
+
// Pass server-level URLs for Passkey auto-detection
|
|
282
|
+
// When env: 'local', defaults are: baseUrl=localhost:3000, appUrl=localhost:3001
|
|
283
|
+
serverAppUrl: config.appUrl,
|
|
284
|
+
serverBaseUrl: config.baseUrl,
|
|
285
|
+
serverEnv: config.env,
|
|
268
286
|
}),
|
|
269
287
|
);
|
|
270
288
|
}
|
package/src/index.ts
CHANGED
|
@@ -112,6 +112,7 @@ export * from './core/modules/auth/exceptions/invalid-token.exception';
|
|
|
112
112
|
export * from './core/modules/auth/exceptions/legacy-auth-disabled.exception';
|
|
113
113
|
export * from './core/modules/auth/guards/auth.guard';
|
|
114
114
|
export * from './core/modules/auth/guards/legacy-auth-rate-limit.guard';
|
|
115
|
+
export * from './core/modules/auth/guards/roles-guard-registry';
|
|
115
116
|
export * from './core/modules/auth/guards/roles.guard';
|
|
116
117
|
export * from './core/modules/auth/inputs/core-auth-sign-in.input';
|
|
117
118
|
export * from './core/modules/auth/inputs/core-auth-sign-up.input';
|
|
@@ -7,6 +7,19 @@ import { BetterAuthResolver } from './better-auth.resolver';
|
|
|
7
7
|
|
|
8
8
|
/**
|
|
9
9
|
* Options for BetterAuthModule.forRoot()
|
|
10
|
+
*
|
|
11
|
+
* All options are optional when using Zero-Config:
|
|
12
|
+
* All values are auto-read from ConfigService (set by CoreModule.forRoot)
|
|
13
|
+
*
|
|
14
|
+
* @example
|
|
15
|
+
* // Zero-Config - all values auto-detected from ConfigService
|
|
16
|
+
* BetterAuthModule.forRoot({})
|
|
17
|
+
*
|
|
18
|
+
* // Or with explicit overrides
|
|
19
|
+
* BetterAuthModule.forRoot({
|
|
20
|
+
* config: { secret: 'custom-secret' },
|
|
21
|
+
* serverAppUrl: 'https://custom-app.com',
|
|
22
|
+
* })
|
|
10
23
|
*/
|
|
11
24
|
export interface ServerBetterAuthModuleOptions {
|
|
12
25
|
/**
|
|
@@ -15,14 +28,33 @@ export interface ServerBetterAuthModuleOptions {
|
|
|
15
28
|
* - `true`: Enable with all defaults (including JWT)
|
|
16
29
|
* - `false`: Disable BetterAuth
|
|
17
30
|
* - `{ ... }`: Enable with custom configuration
|
|
31
|
+
* - `undefined`: Auto-read from ConfigService (Zero-Config)
|
|
18
32
|
*/
|
|
19
|
-
config
|
|
33
|
+
config?: boolean | IBetterAuth;
|
|
20
34
|
|
|
21
35
|
/**
|
|
22
36
|
* Fallback secrets for backwards compatibility with JWT config.
|
|
23
37
|
* If no betterAuth.secret is configured, these secrets are tried in order.
|
|
24
38
|
*/
|
|
25
39
|
fallbackSecrets?: (string | undefined)[];
|
|
40
|
+
|
|
41
|
+
/**
|
|
42
|
+
* Server-level app URL for Passkey auto-detection.
|
|
43
|
+
* @see IServerOptions.appUrl
|
|
44
|
+
*/
|
|
45
|
+
serverAppUrl?: string;
|
|
46
|
+
|
|
47
|
+
/**
|
|
48
|
+
* Server-level base URL for Passkey auto-detection.
|
|
49
|
+
* @see IServerOptions.baseUrl
|
|
50
|
+
*/
|
|
51
|
+
serverBaseUrl?: string;
|
|
52
|
+
|
|
53
|
+
/**
|
|
54
|
+
* Server environment for localhost defaults (local, ci, e2e).
|
|
55
|
+
* @see IServerOptions.env
|
|
56
|
+
*/
|
|
57
|
+
serverEnv?: string;
|
|
26
58
|
}
|
|
27
59
|
|
|
28
60
|
/**
|
|
@@ -42,14 +74,9 @@ export interface ServerBetterAuthModuleOptions {
|
|
|
42
74
|
*
|
|
43
75
|
* @Module({
|
|
44
76
|
* imports: [
|
|
45
|
-
* CoreModule.forRoot(CoreAuthService, AuthModule.forRoot(envConfig.jwt),
|
|
46
|
-
*
|
|
47
|
-
*
|
|
48
|
-
* }),
|
|
49
|
-
* BetterAuthModule.forRoot({
|
|
50
|
-
* config: envConfig.betterAuth,
|
|
51
|
-
* fallbackSecrets: [envConfig.jwt?.secret, envConfig.jwt?.refresh?.secret],
|
|
52
|
-
* }),
|
|
77
|
+
* CoreModule.forRoot(CoreAuthService, AuthModule.forRoot(envConfig.jwt), envConfig),
|
|
78
|
+
* // Zero-Config: All values auto-read from ConfigService
|
|
79
|
+
* BetterAuthModule.forRoot({}),
|
|
53
80
|
* ],
|
|
54
81
|
* })
|
|
55
82
|
* export class ServerModule {}
|
|
@@ -64,7 +91,7 @@ export class BetterAuthModule {
|
|
|
64
91
|
* @returns Dynamic module configuration
|
|
65
92
|
*/
|
|
66
93
|
static forRoot(options: ServerBetterAuthModuleOptions): DynamicModule {
|
|
67
|
-
const { config, fallbackSecrets } = options;
|
|
94
|
+
const { config, fallbackSecrets, serverAppUrl, serverBaseUrl, serverEnv } = options;
|
|
68
95
|
|
|
69
96
|
// If better-auth is explicitly disabled, return minimal module
|
|
70
97
|
// Supports: false, { enabled: false }, or undefined/null
|
|
@@ -85,6 +112,9 @@ export class BetterAuthModule {
|
|
|
85
112
|
controller: BetterAuthController,
|
|
86
113
|
fallbackSecrets,
|
|
87
114
|
resolver: BetterAuthResolver,
|
|
115
|
+
serverAppUrl,
|
|
116
|
+
serverBaseUrl,
|
|
117
|
+
serverEnv,
|
|
88
118
|
}),
|
|
89
119
|
],
|
|
90
120
|
module: BetterAuthModule,
|
|
@@ -45,11 +45,9 @@ import { ServerController } from './server.controller';
|
|
|
45
45
|
AuthModule.forRoot(envConfig.jwt),
|
|
46
46
|
|
|
47
47
|
// Include BetterAuthModule for better-auth integration
|
|
48
|
+
// Zero-Config: All values are auto-read from ConfigService (set by CoreModule.forRoot)
|
|
48
49
|
// This allows project-specific customization via BetterAuthResolver
|
|
49
|
-
BetterAuthModule.forRoot({
|
|
50
|
-
config: envConfig.betterAuth,
|
|
51
|
-
fallbackSecrets: [envConfig.jwt?.secret, envConfig.jwt?.refresh?.secret],
|
|
52
|
-
}),
|
|
50
|
+
BetterAuthModule.forRoot({}),
|
|
53
51
|
|
|
54
52
|
// Include ErrorCodeModule with project-specific error codes
|
|
55
53
|
// Uses Core ErrorCodeModule.forRoot() with custom service and controller
|