npm - @nauth-toolkit/core - Versions diffs - 0.1.0 → 0.1.3 - Mend

@nauth-toolkit/core 0.1.0 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (184) hide show

package/LICENSE +90 -0
package/README.md +30 -0
package/package.json +7 -2
package/jest.config.js +0 -15
package/jest.setup.ts +0 -6
package/src/adapters/database-columns.ts +0 -165
package/src/adapters/express.adapter.ts +0 -385
package/src/adapters/fastify.adapter.ts +0 -416
package/src/adapters/index.ts +0 -16
package/src/adapters/storage.factory.ts +0 -143
package/src/bootstrap.ts +0 -374
package/src/dto/auth-challenge.dto.ts +0 -231
package/src/dto/auth-response.dto.ts +0 -253
package/src/dto/challenge-response.dto.ts +0 -234
package/src/dto/change-password-request.dto.ts +0 -50
package/src/dto/change-password-response.dto.ts +0 -29
package/src/dto/change-password.dto.ts +0 -57
package/src/dto/error-response.dto.ts +0 -136
package/src/dto/get-available-methods.dto.ts +0 -55
package/src/dto/get-challenge-data-response.dto.ts +0 -28
package/src/dto/get-challenge-data.dto.ts +0 -69
package/src/dto/get-client-info.dto.ts +0 -104
package/src/dto/get-device-token-response.dto.ts +0 -25
package/src/dto/get-events-by-type.dto.ts +0 -76
package/src/dto/get-ip-address-response.dto.ts +0 -24
package/src/dto/get-mfa-status.dto.ts +0 -94
package/src/dto/get-risk-assessment-history.dto.ts +0 -39
package/src/dto/get-session-id-response.dto.ts +0 -25
package/src/dto/get-setup-data-response.dto.ts +0 -31
package/src/dto/get-setup-data.dto.ts +0 -75
package/src/dto/get-suspicious-activity.dto.ts +0 -42
package/src/dto/get-user-agent-response.dto.ts +0 -23
package/src/dto/get-user-auth-history.dto.ts +0 -95
package/src/dto/get-user-by-email.dto.ts +0 -61
package/src/dto/get-user-by-id.dto.ts +0 -46
package/src/dto/get-user-devices.dto.ts +0 -53
package/src/dto/get-user-response.dto.ts +0 -17
package/src/dto/has-provider.dto.ts +0 -56
package/src/dto/index.ts +0 -57
package/src/dto/is-trusted-device-response.dto.ts +0 -34
package/src/dto/list-providers-response.dto.ts +0 -23
package/src/dto/login.dto.ts +0 -95
package/src/dto/logout-all-response.dto.ts +0 -24
package/src/dto/logout-all.dto.ts +0 -65
package/src/dto/logout-response.dto.ts +0 -25
package/src/dto/logout.dto.ts +0 -64
package/src/dto/refresh-token.dto.ts +0 -36
package/src/dto/remove-devices.dto.ts +0 -85
package/src/dto/resend-code-response.dto.ts +0 -32
package/src/dto/resend-code.dto.ts +0 -51
package/src/dto/reset-password.dto.ts +0 -115
package/src/dto/respond-challenge.dto.ts +0 -272
package/src/dto/set-mfa-exemption.dto.ts +0 -112
package/src/dto/set-must-change-password-response.dto.ts +0 -27
package/src/dto/set-must-change-password.dto.ts +0 -46
package/src/dto/set-preferred-method.dto.ts +0 -80
package/src/dto/setup-mfa.dto.ts +0 -98
package/src/dto/signup.dto.ts +0 -174
package/src/dto/social-auth.dto.ts +0 -422
package/src/dto/trust-device-response.dto.ts +0 -30
package/src/dto/trust-device.dto.ts +0 -9
package/src/dto/update-user-attributes-request.dto.ts +0 -51
package/src/dto/user-response.dto.ts +0 -138
package/src/dto/user-update.dto.ts +0 -222
package/src/dto/verify-email.dto.ts +0 -313
package/src/dto/verify-mfa-code.dto.ts +0 -103
package/src/dto/verify-phone-by-sub.dto.ts +0 -78
package/src/dto/verify-phone.dto.ts +0 -245
package/src/entities/auth-audit.entity.ts +0 -232
package/src/entities/challenge-session.entity.ts +0 -116
package/src/entities/index.ts +0 -29
package/src/entities/login-attempt.entity.ts +0 -64
package/src/entities/mfa-device.entity.ts +0 -151
package/src/entities/rate-limit.entity.ts +0 -44
package/src/entities/session.entity.ts +0 -180
package/src/entities/social-account.entity.ts +0 -96
package/src/entities/storage-lock.entity.ts +0 -39
package/src/entities/trusted-device.entity.ts +0 -112
package/src/entities/user.entity.ts +0 -243
package/src/entities/verification-token.entity.ts +0 -141
package/src/enums/auth-audit-event-type.enum.ts +0 -360
package/src/enums/error-codes.enum.ts +0 -420
package/src/enums/mfa-method.enum.ts +0 -97
package/src/enums/risk-factor.enum.ts +0 -111
package/src/exceptions/nauth.exception.ts +0 -231
package/src/handlers/auth.handler.ts +0 -260
package/src/handlers/client-info.handler.ts +0 -101
package/src/handlers/csrf.handler.ts +0 -156
package/src/handlers/token-delivery.handler.ts +0 -118
package/src/index.ts +0 -118
package/src/interfaces/client-info.interface.ts +0 -85
package/src/interfaces/config.interface.ts +0 -2135
package/src/interfaces/entities.interface.ts +0 -226
package/src/interfaces/index.ts +0 -15
package/src/interfaces/logger.interface.ts +0 -283
package/src/interfaces/mfa-provider.interface.ts +0 -154
package/src/interfaces/oauth.interface.ts +0 -148
package/src/interfaces/provider.interface.ts +0 -47
package/src/interfaces/social-auth-provider.interface.ts +0 -131
package/src/interfaces/storage-adapter.interface.ts +0 -82
package/src/interfaces/template.interface.ts +0 -510
package/src/interfaces/token-verifier.interface.ts +0 -110
package/src/internal.ts +0 -178
package/src/platform/interfaces.ts +0 -299
package/src/schemas/auth-config.schema.ts +0 -646
package/src/services/adaptive-mfa-decision.service.spec.ts +0 -1058
package/src/services/adaptive-mfa-decision.service.ts +0 -457
package/src/services/auth-audit.service.spec.ts +0 -675
package/src/services/auth-audit.service.ts +0 -558
package/src/services/auth-challenge-helper.service.spec.ts +0 -3227
package/src/services/auth-challenge-helper.service.ts +0 -825
package/src/services/auth-flow-context-builder.service.ts +0 -520
package/src/services/auth-flow-rules.ts +0 -202
package/src/services/auth-flow-state-definitions.ts +0 -190
package/src/services/auth-flow-state-machine.service.ts +0 -207
package/src/services/auth-flow-state-machine.types.ts +0 -316
package/src/services/auth.service.spec.ts +0 -4195
package/src/services/auth.service.ts +0 -3727
package/src/services/challenge.service.spec.ts +0 -1363
package/src/services/challenge.service.ts +0 -696
package/src/services/client-info.service.spec.ts +0 -572
package/src/services/client-info.service.ts +0 -374
package/src/services/csrf.service.ts +0 -54
package/src/services/email-verification.service.spec.ts +0 -1229
package/src/services/email-verification.service.ts +0 -578
package/src/services/geo-location.service.spec.ts +0 -603
package/src/services/geo-location.service.ts +0 -599
package/src/services/index.ts +0 -13
package/src/services/jwt.service.spec.ts +0 -882
package/src/services/jwt.service.ts +0 -621
package/src/services/mfa-base.service.spec.ts +0 -246
package/src/services/mfa-base.service.ts +0 -611
package/src/services/mfa.service.spec.ts +0 -693
package/src/services/mfa.service.ts +0 -960
package/src/services/password.service.spec.ts +0 -166
package/src/services/password.service.ts +0 -309
package/src/services/phone-verification.service.spec.ts +0 -1120
package/src/services/phone-verification.service.ts +0 -751
package/src/services/risk-detection.service.spec.ts +0 -1292
package/src/services/risk-detection.service.ts +0 -1012
package/src/services/risk-scoring.service.spec.ts +0 -204
package/src/services/risk-scoring.service.ts +0 -131
package/src/services/session.service.spec.ts +0 -1293
package/src/services/session.service.ts +0 -803
package/src/services/social-account.service.spec.ts +0 -725
package/src/services/social-auth-base.service.spec.ts +0 -418
package/src/services/social-auth-base.service.ts +0 -581
package/src/services/social-auth.service.spec.ts +0 -238
package/src/services/social-auth.service.ts +0 -436
package/src/services/social-provider-registry.service.spec.ts +0 -238
package/src/services/social-provider-registry.service.ts +0 -122
package/src/services/trusted-device.service.spec.ts +0 -505
package/src/services/trusted-device.service.ts +0 -339
package/src/storage/account-lockout-storage.service.spec.ts +0 -310
package/src/storage/account-lockout-storage.service.ts +0 -89
package/src/storage/index.ts +0 -3
package/src/storage/memory-storage.adapter.ts +0 -443
package/src/storage/rate-limit-storage.service.spec.ts +0 -247
package/src/storage/rate-limit-storage.service.ts +0 -38
package/src/templates/html-template.engine.spec.ts +0 -161
package/src/templates/html-template.engine.ts +0 -688
package/src/templates/index.ts +0 -7
package/src/utils/common-passwords.spec.ts +0 -230
package/src/utils/common-passwords.ts +0 -170
package/src/utils/context-storage.ts +0 -188
package/src/utils/cookie-names.util.ts +0 -67
package/src/utils/cookies.util.ts +0 -94
package/src/utils/index.ts +0 -12
package/src/utils/ip-extractor.spec.ts +0 -330
package/src/utils/ip-extractor.ts +0 -220
package/src/utils/nauth-logger.spec.ts +0 -388
package/src/utils/nauth-logger.ts +0 -215
package/src/utils/pii-redactor.spec.ts +0 -130
package/src/utils/pii-redactor.ts +0 -288
package/src/utils/setup/get-repositories.ts +0 -140
package/src/utils/setup/init-services.ts +0 -422
package/src/utils/setup/init-social.ts +0 -189
package/src/utils/setup/init-storage.ts +0 -94
package/src/utils/setup/register-mfa.ts +0 -165
package/src/utils/setup/run-nauth-migrations.ts +0 -61
package/src/utils/token-delivery-policy.ts +0 -38
package/src/validators/template.validator.ts +0 -219
package/tsconfig.json +0 -37
package/tsconfig.lint.json +0 -6

package/src/services/social-auth-base.service.spec.ts DELETED Viewed

@@ -1,418 +0,0 @@
-import { BaseSocialAuthProviderService } from './social-auth-base.service';
-import { AuthService } from './auth.service';
-import { SocialAuthService } from './social-auth.service';
-import { JwtService } from './jwt.service';
-import { SessionService } from './session.service';
-import { AuthChallengeHelperService } from './auth-challenge-helper.service';
-import { ClientInfoService } from './client-info.service';
-import { PhoneVerificationService } from './phone-verification.service';
-import { AuthAuditService } from './auth-audit.service';
-import { NAuthConfig } from '../interfaces/config.interface';
-import { NAuthLogger } from '../utils/nauth-logger';
-import { OAuthUserProfile } from '../interfaces/oauth.interface';
-import { NAuthException } from '../exceptions/nauth.exception';
-import { AuthErrorCode } from '../enums/error-codes.enum';
-import { IUser } from '../interfaces/entities.interface';
-/**
- * Test implementation of BaseSocialAuthProviderService
- */
-class TestSocialAuthProviderService extends BaseSocialAuthProviderService {
-  readonly providerName = 'test';
-  async getAuthUrl(state?: string): Promise<string> {
-    return `https://test.com/auth?state=${state || 'generated-state'}`;
-  }
-  protected async getOAuthProfile(code: string, _state: string): Promise<OAuthUserProfile> {
-    return {
-      id: 'test-user-id',
-      email: 'user@example.com',
-      firstName: 'John',
-      lastName: 'Doe',
-      picture: null,
-      verified: true,
-      raw: {},
-    };
-  }
-  protected async verifyNativeToken(
-    idToken: string,
-    _accessToken?: string,
-    _profileData?: unknown,
-  ): Promise<OAuthUserProfile> {
-    return {
-      id: 'test-user-id',
-      email: 'user@example.com',
-      firstName: 'John',
-      lastName: 'Doe',
-      picture: null,
-      verified: true,
-      raw: {},
-    };
-  }
-}
-/**
- * Base Social Auth Provider Service Unit Tests
- *
- * Tests shared functionality in BaseSocialAuthProviderService including
- * OAuth callback handling, token verification, and account linking.
- * Uses direct instantiation, no NestJS dependencies.
- */
-describe('BaseSocialAuthProviderService', () => {
-  let service: TestSocialAuthProviderService;
-  let mockConfig: NAuthConfig;
-  let mockLogger: NAuthLogger;
-  let mockAuthService: jest.Mocked<AuthService>;
-  let mockSocialAuthService: jest.Mocked<SocialAuthService>;
-  let mockJwtService: jest.Mocked<JwtService>;
-  let mockSessionService: jest.Mocked<SessionService>;
-  let mockChallengeHelper: jest.Mocked<AuthChallengeHelperService>;
-  let mockClientInfoService: jest.Mocked<ClientInfoService>;
-  let mockStateStore: Map<string, { timestamp: number; provider: string }>;
-  let mockPhoneVerificationService: jest.Mocked<PhoneVerificationService>;
-  let mockAuditService: jest.Mocked<AuthAuditService>;
-  let mockUser: IUser;
-  beforeEach(() => {
-    mockLogger = {
-      log: jest.fn(),
-      error: jest.fn(),
-      warn: jest.fn(),
-      debug: jest.fn(),
-    } as any;
-    mockConfig = {
-      jwt: {
-        accessToken: {
-          secret: 'test-secret',
-          expiresIn: 3600,
-        },
-        refreshToken: {
-          secret: 'test-refresh-secret',
-          expiresIn: 2592000,
-        },
-      },
-      social: {
-        test: {
-          enabled: true,
-          allowSignup: true,
-          autoLink: false,
-        },
-      },
-    } as NAuthConfig;
-    mockAuthService = {
-      getUserById: jest.fn(),
-      getUserByEmail: jest.fn(),
-      createSocialUser: jest.fn(),
-    } as any;
-    mockSocialAuthService = {
-      findSocialAccountByProvider: jest.fn(),
-      createOrUpdateSocialAccount: jest.fn(),
-    } as any;
-    mockJwtService = {
-      generateTokens: jest.fn().mockResolvedValue({
-        accessToken: 'access-token',
-        refreshToken: 'refresh-token',
-      }),
-      generateTokenPair: jest.fn().mockResolvedValue({
-        accessToken: 'access-token',
-        refreshToken: 'refresh-token',
-      }),
-      hashToken: jest.fn((token: string) => `hashed-${token}`),
-      decodeToken: jest.fn((token: string) => ({
-        payload: { exp: Math.floor(Date.now() / 1000) + 3600 },
-      })),
-    } as any;
-    mockSessionService = {
-      createSession: jest.fn().mockResolvedValue({ id: 'session-id' }),
-      revokeAllUserSessions: jest.fn().mockResolvedValue(0),
-      updateTokens: jest.fn().mockResolvedValue(undefined),
-    } as any;
-    mockChallengeHelper = {
-      determineAuthResponse: jest.fn().mockResolvedValue({
-        user: {
-          sub: 'user-123',
-          email: 'user@example.com',
-        },
-        accessToken: 'access-token',
-        refreshToken: 'refresh-token',
-        accessTokenExpiresAt: Date.now() + 3600000,
-        refreshTokenExpiresAt: Date.now() + 2592000000,
-      }),
-    } as any;
-    mockClientInfoService = {
-      getClientInfo: jest.fn().mockResolvedValue({
-        ipAddress: '192.168.1.1',
-        userAgent: 'test-agent',
-      }),
-      get: jest.fn().mockReturnValue({
-        ipAddress: '192.168.1.1',
-        userAgent: 'test-agent',
-      }),
-    } as any;
-    mockStateStore = new Map();
-    mockPhoneVerificationService = {} as any;
-    mockAuditService = {
-      recordEvent: jest.fn(),
-    } as any;
-    mockUser = {
-      id: 1,
-      sub: 'user-123',
-      email: 'user@example.com',
-      isEmailVerified: true,
-    } as IUser;
-    service = new TestSocialAuthProviderService(
-      mockConfig,
-      mockLogger,
-      mockAuthService,
-      mockSocialAuthService,
-      mockJwtService,
-      mockSessionService,
-      mockChallengeHelper,
-      mockClientInfoService,
-      mockStateStore,
-      mockPhoneVerificationService,
-      mockAuditService,
-    );
-  });
-  afterEach(() => {
-    jest.clearAllMocks();
-  });
-  describe('getProviderConfig', () => {
-    it('should return provider config', () => {
-      const config = (service as any).getProviderConfig();
-      expect(config).toEqual({
-        enabled: true,
-        allowSignup: true,
-        autoLink: false,
-      });
-    });
-    it('should return null when social config is missing', () => {
-      mockConfig.social = undefined;
-      const newService = new TestSocialAuthProviderService(
-        mockConfig,
-        mockLogger,
-        mockAuthService,
-        mockSocialAuthService,
-        mockJwtService,
-        mockSessionService,
-        mockChallengeHelper,
-        mockClientInfoService,
-        mockStateStore,
-        mockPhoneVerificationService,
-        mockAuditService,
-      );
-      const config = (newService as any).getProviderConfig();
-      expect(config).toBeNull();
-    });
-  });
-  describe('validateState', () => {
-    it('should validate state parameter', () => {
-      const state = 'valid-state';
-      mockStateStore.set(state, {
-        timestamp: Date.now(),
-        provider: 'test',
-      });
-      (service as any).validateState(state);
-      expect(mockStateStore.has(state)).toBe(false); // Should be deleted after validation
-    });
-    it('should throw error when state is not found', () => {
-      try {
-        (service as any).validateState('invalid-state');
-        fail('Should have thrown NAuthException');
-      } catch (error) {
-        expect(error).toBeInstanceOf(NAuthException);
-        expect((error as NAuthException).code).toBe(AuthErrorCode.VALIDATION_FAILED);
-      }
-    });
-    it('should throw error when state provider mismatch', () => {
-      const state = 'valid-state';
-      mockStateStore.set(state, {
-        timestamp: Date.now(),
-        provider: 'different-provider',
-      });
-      try {
-        (service as any).validateState(state);
-        fail('Should have thrown NAuthException');
-      } catch (error) {
-        expect(error).toBeInstanceOf(NAuthException);
-        expect((error as NAuthException).code).toBe(AuthErrorCode.VALIDATION_FAILED);
-      }
-    });
-    it('should throw error when state is expired', () => {
-      const state = 'expired-state';
-      mockStateStore.set(state, {
-        timestamp: Date.now() - 6 * 60 * 1000, // 6 minutes ago
-        provider: 'test',
-      });
-      try {
-        (service as any).validateState(state);
-        fail('Should have thrown NAuthException');
-      } catch (error) {
-        expect(error).toBeInstanceOf(NAuthException);
-        expect((error as NAuthException).code).toBe(AuthErrorCode.CHALLENGE_EXPIRED);
-      }
-    });
-  });
-  describe('generateState', () => {
-    it('should generate state and store it', () => {
-      const state = (service as any).generateState();
-      expect(state).toBeDefined();
-      expect(typeof state).toBe('string');
-      expect(mockStateStore.has(state)).toBe(true);
-      expect(mockStateStore.get(state)?.provider).toBe('test');
-    });
-  });
-  describe('handleCallback', () => {
-    it('should handle OAuth callback and return auth response', async () => {
-      const state = 'valid-state';
-      mockStateStore.set(state, {
-        timestamp: Date.now(),
-        provider: 'test',
-      });
-      mockSocialAuthService.findSocialAccountByProvider.mockResolvedValue(null);
-      mockAuthService.getUserByEmail.mockResolvedValue(null);
-      mockAuthService.createSocialUser.mockResolvedValue(mockUser);
-      mockSocialAuthService.createOrUpdateSocialAccount.mockResolvedValue(undefined);
-      const result = await service.handleCallback('code', state);
-      expect(result).toBeDefined();
-      expect(mockAuthService.createSocialUser).toHaveBeenCalled();
-    });
-    it('should throw error when provider config is missing', async () => {
-      mockConfig.social = undefined;
-      const newService = new TestSocialAuthProviderService(
-        mockConfig,
-        mockLogger,
-        mockAuthService,
-        mockSocialAuthService,
-        mockJwtService,
-        mockSessionService,
-        mockChallengeHelper,
-        mockClientInfoService,
-        mockStateStore,
-        mockPhoneVerificationService,
-        mockAuditService,
-      );
-      try {
-        await newService.handleCallback('code', 'state');
-        fail('Should have thrown NAuthException');
-      } catch (error) {
-        expect(error).toBeInstanceOf(NAuthException);
-        expect((error as NAuthException).code).toBe(AuthErrorCode.SOCIAL_CONFIG_MISSING);
-      }
-    });
-  });
-  describe('verifyToken', () => {
-    it('should verify native token and return auth response', async () => {
-      mockSocialAuthService.findSocialAccountByProvider.mockResolvedValue(null);
-      mockAuthService.getUserByEmail.mockResolvedValue(null);
-      mockAuthService.createSocialUser.mockResolvedValue(mockUser);
-      mockSocialAuthService.createOrUpdateSocialAccount.mockResolvedValue(undefined);
-      const result = await service.verifyToken('id-token');
-      expect(result).toBeDefined();
-      expect(mockAuthService.createSocialUser).toHaveBeenCalled();
-    });
-    it('should throw error when provider is not enabled', async () => {
-      (mockConfig.social as any).test.enabled = false;
-      const newService = new TestSocialAuthProviderService(
-        mockConfig,
-        mockLogger,
-        mockAuthService,
-        mockSocialAuthService,
-        mockJwtService,
-        mockSessionService,
-        mockChallengeHelper,
-        mockClientInfoService,
-        mockStateStore,
-        mockPhoneVerificationService,
-        mockAuditService,
-      );
-      try {
-        await newService.verifyToken('id-token');
-        fail('Should have thrown NAuthException');
-      } catch (error) {
-        expect(error).toBeInstanceOf(NAuthException);
-        expect((error as NAuthException).code).toBe(AuthErrorCode.SOCIAL_CONFIG_MISSING);
-      }
-    });
-  });
-  describe('linkAccount', () => {
-    it('should link social account to existing user', async () => {
-      const state = 'valid-state';
-      mockStateStore.set(state, {
-        timestamp: Date.now(),
-        provider: 'test',
-      });
-      mockAuthService.getUserById.mockResolvedValue(mockUser);
-      mockSocialAuthService.findSocialAccountByProvider.mockResolvedValue(null);
-      mockSocialAuthService.createOrUpdateSocialAccount.mockResolvedValue(undefined);
-      const result = await service.linkAccount('user-123', 'code', state);
-      expect(result.message).toContain('account linked successfully');
-      expect(mockSocialAuthService.createOrUpdateSocialAccount).toHaveBeenCalled();
-    });
-    it('should throw error when account is already linked', async () => {
-      const state = 'valid-state';
-      mockStateStore.set(state, {
-        timestamp: Date.now(),
-        provider: 'test',
-      });
-      mockAuthService.getUserById.mockResolvedValue(mockUser);
-      mockSocialAuthService.findSocialAccountByProvider.mockResolvedValue({
-        id: 1,
-        provider: 'test',
-        providerUserId: 'test-user-id',
-      } as any);
-      try {
-        await service.linkAccount('user-123', 'code', state);
-        fail('Should have thrown NAuthException');
-      } catch (error) {
-        expect(error).toBeInstanceOf(NAuthException);
-        expect((error as NAuthException).code).toBe(AuthErrorCode.SOCIAL_ACCOUNT_LINKED);
-      }
-    });
-  });
-});