npm - @nauth-toolkit/core - Versions diffs - 0.1.0 → 0.1.5 - Mend

@nauth-toolkit/core 0.1.0 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (184) hide show

package/LICENSE +90 -0
package/README.md +9 -0
package/package.json +8 -3
package/jest.config.js +0 -15
package/jest.setup.ts +0 -6
package/src/adapters/database-columns.ts +0 -165
package/src/adapters/express.adapter.ts +0 -385
package/src/adapters/fastify.adapter.ts +0 -416
package/src/adapters/index.ts +0 -16
package/src/adapters/storage.factory.ts +0 -143
package/src/bootstrap.ts +0 -374
package/src/dto/auth-challenge.dto.ts +0 -231
package/src/dto/auth-response.dto.ts +0 -253
package/src/dto/challenge-response.dto.ts +0 -234
package/src/dto/change-password-request.dto.ts +0 -50
package/src/dto/change-password-response.dto.ts +0 -29
package/src/dto/change-password.dto.ts +0 -57
package/src/dto/error-response.dto.ts +0 -136
package/src/dto/get-available-methods.dto.ts +0 -55
package/src/dto/get-challenge-data-response.dto.ts +0 -28
package/src/dto/get-challenge-data.dto.ts +0 -69
package/src/dto/get-client-info.dto.ts +0 -104
package/src/dto/get-device-token-response.dto.ts +0 -25
package/src/dto/get-events-by-type.dto.ts +0 -76
package/src/dto/get-ip-address-response.dto.ts +0 -24
package/src/dto/get-mfa-status.dto.ts +0 -94
package/src/dto/get-risk-assessment-history.dto.ts +0 -39
package/src/dto/get-session-id-response.dto.ts +0 -25
package/src/dto/get-setup-data-response.dto.ts +0 -31
package/src/dto/get-setup-data.dto.ts +0 -75
package/src/dto/get-suspicious-activity.dto.ts +0 -42
package/src/dto/get-user-agent-response.dto.ts +0 -23
package/src/dto/get-user-auth-history.dto.ts +0 -95
package/src/dto/get-user-by-email.dto.ts +0 -61
package/src/dto/get-user-by-id.dto.ts +0 -46
package/src/dto/get-user-devices.dto.ts +0 -53
package/src/dto/get-user-response.dto.ts +0 -17
package/src/dto/has-provider.dto.ts +0 -56
package/src/dto/index.ts +0 -57
package/src/dto/is-trusted-device-response.dto.ts +0 -34
package/src/dto/list-providers-response.dto.ts +0 -23
package/src/dto/login.dto.ts +0 -95
package/src/dto/logout-all-response.dto.ts +0 -24
package/src/dto/logout-all.dto.ts +0 -65
package/src/dto/logout-response.dto.ts +0 -25
package/src/dto/logout.dto.ts +0 -64
package/src/dto/refresh-token.dto.ts +0 -36
package/src/dto/remove-devices.dto.ts +0 -85
package/src/dto/resend-code-response.dto.ts +0 -32
package/src/dto/resend-code.dto.ts +0 -51
package/src/dto/reset-password.dto.ts +0 -115
package/src/dto/respond-challenge.dto.ts +0 -272
package/src/dto/set-mfa-exemption.dto.ts +0 -112
package/src/dto/set-must-change-password-response.dto.ts +0 -27
package/src/dto/set-must-change-password.dto.ts +0 -46
package/src/dto/set-preferred-method.dto.ts +0 -80
package/src/dto/setup-mfa.dto.ts +0 -98
package/src/dto/signup.dto.ts +0 -174
package/src/dto/social-auth.dto.ts +0 -422
package/src/dto/trust-device-response.dto.ts +0 -30
package/src/dto/trust-device.dto.ts +0 -9
package/src/dto/update-user-attributes-request.dto.ts +0 -51
package/src/dto/user-response.dto.ts +0 -138
package/src/dto/user-update.dto.ts +0 -222
package/src/dto/verify-email.dto.ts +0 -313
package/src/dto/verify-mfa-code.dto.ts +0 -103
package/src/dto/verify-phone-by-sub.dto.ts +0 -78
package/src/dto/verify-phone.dto.ts +0 -245
package/src/entities/auth-audit.entity.ts +0 -232
package/src/entities/challenge-session.entity.ts +0 -116
package/src/entities/index.ts +0 -29
package/src/entities/login-attempt.entity.ts +0 -64
package/src/entities/mfa-device.entity.ts +0 -151
package/src/entities/rate-limit.entity.ts +0 -44
package/src/entities/session.entity.ts +0 -180
package/src/entities/social-account.entity.ts +0 -96
package/src/entities/storage-lock.entity.ts +0 -39
package/src/entities/trusted-device.entity.ts +0 -112
package/src/entities/user.entity.ts +0 -243
package/src/entities/verification-token.entity.ts +0 -141
package/src/enums/auth-audit-event-type.enum.ts +0 -360
package/src/enums/error-codes.enum.ts +0 -420
package/src/enums/mfa-method.enum.ts +0 -97
package/src/enums/risk-factor.enum.ts +0 -111
package/src/exceptions/nauth.exception.ts +0 -231
package/src/handlers/auth.handler.ts +0 -260
package/src/handlers/client-info.handler.ts +0 -101
package/src/handlers/csrf.handler.ts +0 -156
package/src/handlers/token-delivery.handler.ts +0 -118
package/src/index.ts +0 -118
package/src/interfaces/client-info.interface.ts +0 -85
package/src/interfaces/config.interface.ts +0 -2135
package/src/interfaces/entities.interface.ts +0 -226
package/src/interfaces/index.ts +0 -15
package/src/interfaces/logger.interface.ts +0 -283
package/src/interfaces/mfa-provider.interface.ts +0 -154
package/src/interfaces/oauth.interface.ts +0 -148
package/src/interfaces/provider.interface.ts +0 -47
package/src/interfaces/social-auth-provider.interface.ts +0 -131
package/src/interfaces/storage-adapter.interface.ts +0 -82
package/src/interfaces/template.interface.ts +0 -510
package/src/interfaces/token-verifier.interface.ts +0 -110
package/src/internal.ts +0 -178
package/src/platform/interfaces.ts +0 -299
package/src/schemas/auth-config.schema.ts +0 -646
package/src/services/adaptive-mfa-decision.service.spec.ts +0 -1058
package/src/services/adaptive-mfa-decision.service.ts +0 -457
package/src/services/auth-audit.service.spec.ts +0 -675
package/src/services/auth-audit.service.ts +0 -558
package/src/services/auth-challenge-helper.service.spec.ts +0 -3227
package/src/services/auth-challenge-helper.service.ts +0 -825
package/src/services/auth-flow-context-builder.service.ts +0 -520
package/src/services/auth-flow-rules.ts +0 -202
package/src/services/auth-flow-state-definitions.ts +0 -190
package/src/services/auth-flow-state-machine.service.ts +0 -207
package/src/services/auth-flow-state-machine.types.ts +0 -316
package/src/services/auth.service.spec.ts +0 -4195
package/src/services/auth.service.ts +0 -3727
package/src/services/challenge.service.spec.ts +0 -1363
package/src/services/challenge.service.ts +0 -696
package/src/services/client-info.service.spec.ts +0 -572
package/src/services/client-info.service.ts +0 -374
package/src/services/csrf.service.ts +0 -54
package/src/services/email-verification.service.spec.ts +0 -1229
package/src/services/email-verification.service.ts +0 -578
package/src/services/geo-location.service.spec.ts +0 -603
package/src/services/geo-location.service.ts +0 -599
package/src/services/index.ts +0 -13
package/src/services/jwt.service.spec.ts +0 -882
package/src/services/jwt.service.ts +0 -621
package/src/services/mfa-base.service.spec.ts +0 -246
package/src/services/mfa-base.service.ts +0 -611
package/src/services/mfa.service.spec.ts +0 -693
package/src/services/mfa.service.ts +0 -960
package/src/services/password.service.spec.ts +0 -166
package/src/services/password.service.ts +0 -309
package/src/services/phone-verification.service.spec.ts +0 -1120
package/src/services/phone-verification.service.ts +0 -751
package/src/services/risk-detection.service.spec.ts +0 -1292
package/src/services/risk-detection.service.ts +0 -1012
package/src/services/risk-scoring.service.spec.ts +0 -204
package/src/services/risk-scoring.service.ts +0 -131
package/src/services/session.service.spec.ts +0 -1293
package/src/services/session.service.ts +0 -803
package/src/services/social-account.service.spec.ts +0 -725
package/src/services/social-auth-base.service.spec.ts +0 -418
package/src/services/social-auth-base.service.ts +0 -581
package/src/services/social-auth.service.spec.ts +0 -238
package/src/services/social-auth.service.ts +0 -436
package/src/services/social-provider-registry.service.spec.ts +0 -238
package/src/services/social-provider-registry.service.ts +0 -122
package/src/services/trusted-device.service.spec.ts +0 -505
package/src/services/trusted-device.service.ts +0 -339
package/src/storage/account-lockout-storage.service.spec.ts +0 -310
package/src/storage/account-lockout-storage.service.ts +0 -89
package/src/storage/index.ts +0 -3
package/src/storage/memory-storage.adapter.ts +0 -443
package/src/storage/rate-limit-storage.service.spec.ts +0 -247
package/src/storage/rate-limit-storage.service.ts +0 -38
package/src/templates/html-template.engine.spec.ts +0 -161
package/src/templates/html-template.engine.ts +0 -688
package/src/templates/index.ts +0 -7
package/src/utils/common-passwords.spec.ts +0 -230
package/src/utils/common-passwords.ts +0 -170
package/src/utils/context-storage.ts +0 -188
package/src/utils/cookie-names.util.ts +0 -67
package/src/utils/cookies.util.ts +0 -94
package/src/utils/index.ts +0 -12
package/src/utils/ip-extractor.spec.ts +0 -330
package/src/utils/ip-extractor.ts +0 -220
package/src/utils/nauth-logger.spec.ts +0 -388
package/src/utils/nauth-logger.ts +0 -215
package/src/utils/pii-redactor.spec.ts +0 -130
package/src/utils/pii-redactor.ts +0 -288
package/src/utils/setup/get-repositories.ts +0 -140
package/src/utils/setup/init-services.ts +0 -422
package/src/utils/setup/init-social.ts +0 -189
package/src/utils/setup/init-storage.ts +0 -94
package/src/utils/setup/register-mfa.ts +0 -165
package/src/utils/setup/run-nauth-migrations.ts +0 -61
package/src/utils/token-delivery-policy.ts +0 -38
package/src/validators/template.validator.ts +0 -219
package/tsconfig.json +0 -37
package/tsconfig.lint.json +0 -6

package/src/exceptions/nauth.exception.ts DELETED Viewed

@@ -1,231 +0,0 @@
-import { AuthErrorCode } from '../enums/error-codes.enum';
-/**
- * Custom exception for nauth-toolkit
- *
- * **Framework-Agnostic Design:**
- * This exception extends standard `Error`, not `HttpException`, making it
- * usable in any context:
- * - HTTP APIs (REST, NestJS)
- * - WebSocket connections
- * - GraphQL resolvers
- * - gRPC services
- * - Message queue workers
- * - CLI tools
- * - Standalone services
- *
- * **Consumer Responsibility:**
- * The consumer application decides how to map these domain exceptions
- * to their transport layer (HTTP status codes, WebSocket events, etc.)
- *
- * **Structured Error Data:**
- * Provides error code, message, and optional metadata. Consumer can
- * transform this into any response format needed.
- *
- * @example
- * ```typescript
- * // Throw domain exception
- * throw new NAuthException(
- *   AuthErrorCode.RATE_LIMIT_SMS,
- *   'Too many verification SMS sent',
- *   { retryAfter: 3600, maxAttempts: 3 }
- * );
- *
- * // Consumer maps to HTTP (if using HTTP)
- * catch (error) {
- *   if (error instanceof NAuthException) {
- *     const statusCode = this.mapErrorCodeToHttpStatus(error.code);
- *     return res.status(statusCode).json({
- *       code: error.code,
- *       message: error.message,
- *       details: error.details,
- *       timestamp: new Date().toISOString()
- *     });
- *   }
- * }
- *
- * // Or map to WebSocket
- * catch (error) {
- *   if (error instanceof NAuthException) {
- *     socket.emit('error', {
- *       code: error.code,
- *       message: error.message,
- *       details: error.details
- *     });
- *   }
- * }
- * ```
- */
-export class NAuthException extends Error {
-  /**
-   * Error code for programmatic handling
-   */
-  public readonly code: AuthErrorCode;
-  /**
-   * Additional error details/metadata
-   */
-  public readonly details?: Record<string, unknown>;
-  /**
-   * Timestamp when error was created
-   */
-  public readonly timestamp: string;
-  /**
-   * Create a new NAuthException
-   *
-   * @param code - Error code from AuthErrorCode enum
-   * @param message - Human-readable error message
-   * @param details - Optional metadata (retryAfter, validation errors, etc.)
-   *
-   * @example
-   * ```typescript
-   * throw new NAuthException(
-   *   AuthErrorCode.INVALID_CREDENTIALS,
-   *   'Invalid email or password'
-   * );
-   *
-   * throw new NAuthException(
-   *   AuthErrorCode.RATE_LIMIT_SMS,
-   *   'Too many SMS sent',
-   *   { retryAfter: 3600, currentCount: 4 }
-   * );
-   * ```
-   */
-  constructor(code: AuthErrorCode, message: string, details?: Record<string, unknown>) {
-    super(message);
-    this.code = code;
-    this.details = details;
-    this.timestamp = new Date().toISOString();
-    this.name = 'NAuthException';
-    // Ensure proper prototype chain for instanceof checks
-    Object.setPrototypeOf(this, NAuthException.prototype);
-    // Capture stack trace (excluding constructor call)
-    if (Error.captureStackTrace) {
-      Error.captureStackTrace(this, this.constructor);
-    }
-  }
-  /**
-   * Get the error code
-   *
-   * @returns Error code
-   */
-  getCode(): AuthErrorCode {
-    return this.code;
-  }
-  /**
-   * Get error details/metadata
-   *
-   * @returns Error details or undefined
-   */
-  getDetails(): Record<string, unknown> | undefined {
-    return this.details;
-  }
-  /**
-   * Check if error is a specific code
-   *
-   * @param code - Error code to check
-   * @returns True if error matches code
-   *
-   * @example
-   * ```typescript
-   * try {
-   *   await sendSMS();
-   * } catch (error) {
-   *   if (error instanceof NAuthException && error.isCode(AuthErrorCode.RATE_LIMIT_SMS)) {
-   *     // Handle rate limit specifically
-   *   }
-   * }
-   * ```
-   */
-  isCode(code: AuthErrorCode): boolean {
-    return this.code === code;
-  }
-  /**
-   * Serialize error to plain object
-   *
-   * Useful for logging, HTTP responses, or any serialization needs.
-   *
-   * @returns Plain object representation
-   *
-   * @example
-   * ```typescript
-   * catch (error) {
-   *   if (error instanceof NAuthException) {
-   *     console.log(error.toJSON());
-   *     // { code: 'RATE_LIMIT_SMS', message: '...', details: {...}, timestamp: '...' }
-   *   }
-   * }
-   * ```
-   */
-  toJSON(): { code: string; message: string; details?: Record<string, unknown>; timestamp: string } {
-    return {
-      code: this.code,
-      message: this.message,
-      details: this.details,
-      timestamp: this.timestamp,
-    };
-  }
-}
-/**
- * Helper function to map error codes to suggested HTTP status codes
- *
- * **Optional** - Consumer can use this or define their own mapping.
- * Provided as a convenience for HTTP-based applications.
- *
- * @param code - Error code
- * @returns Suggested HTTP status code
- *
- * @example
- * ```typescript
- * // In NestJS exception filter
- * catch (exception: NAuthException, host: ArgumentsHost) {
- *   const statusCode = getHttpStatusForErrorCode(exception.code);
- *   const response = host.switchToHttp().getResponse();
- *   response.status(statusCode).json(exception.toJSON());
- * }
- * ```
- */
-export function getHttpStatusForErrorCode(code: AuthErrorCode): number {
-  // Rate limits
-  if (code.startsWith('RATE_LIMIT_')) return 429;
-  // Authentication errors
-  if (code.startsWith('AUTH_')) {
-    if (code === AuthErrorCode.ACCOUNT_INACTIVE || code === AuthErrorCode.ACCOUNT_LOCKED) return 403;
-    return 401;
-  }
-  // Signup conflicts
-  if (
-    code === AuthErrorCode.EMAIL_EXISTS ||
-    code === AuthErrorCode.USERNAME_EXISTS ||
-    code === AuthErrorCode.PHONE_EXISTS
-  )
-    return 409;
-  if (code === AuthErrorCode.SIGNUP_DISABLED) return 403;
-  // Validation errors
-  if (code.startsWith('VALIDATION_') || code.startsWith('INVALID_')) return 400;
-  // Not found
-  if (code === AuthErrorCode.NOT_FOUND) return 404;
-  // Forbidden
-  if (code === AuthErrorCode.FORBIDDEN) return 403;
-  // Server errors
-  if (code === AuthErrorCode.INTERNAL_ERROR || code === AuthErrorCode.SERVICE_UNAVAILABLE) return 500;
-  // Default to 400
-  return 400;
-}

package/src/handlers/auth.handler.ts DELETED Viewed

@@ -1,260 +0,0 @@
-/**
- * Authentication Handler
- *
- * Validates JWT tokens and attaches user to request.
- *
- * **Platform-Agnostic:**
- * This handler operates purely on NAuthRequest interface.
- * Context is managed by the adapter, not this handler.
- */
-import { Repository } from 'typeorm';
-import {
-  NAuthConfig,
-  NAuthException,
-  AuthErrorCode,
-  resolveDeliveryForRequest,
-  BaseUser,
-  getAccessTokenCookieName,
-  NAuthLogger,
-  ContextStorage,
-  IClientInfo,
-} from '../index';
-import { JwtService, SessionService } from '../internal';
-import { NAuthRequest, NAuthResponse } from '../platform/interfaces';
-/**
- * AuthHandler
- *
- * Validates JWT tokens and populates user context.
- * Performs optional authentication by default (doesn't reject unauthenticated requests).
- */
-export class AuthHandler {
-  constructor(
-    private jwtService: JwtService,
-    private sessionService: SessionService,
-    private userRepository: Repository<BaseUser>,
-    private config: NAuthConfig,
-    private logger?: NAuthLogger,
-  ) {}
-  /**
-   * Handle request - validate token and attach user
-   *
-   * Note: Context is managed by adapter. This handler assumes context is available.
-   */
-  public async handle(req: NAuthRequest, _res: NAuthResponse, next: () => Promise<void> | void): Promise<void> {
-    try {
-      // Skip if route is marked as public
-      if (req.attributes.nauthPublic) {
-        await next();
-        return;
-      }
-      const token = this.extractToken(req);
-      if (!token) {
-        // No token - continue without authentication (optional auth)
-        await next();
-        return;
-      }
-      const validation = await this.jwtService.validateAccessToken(token);
-      if (!validation.valid) {
-        this.logger?.debug?.('Invalid token:', validation.error);
-        await next();
-        return;
-      }
-      // Validate session
-      const sessionId = validation.payload!.sessionId;
-      const userId = validation.payload!.sub; // Extract userId from token sub claim
-      const session = await this.sessionService.findByIdLight(sessionId);
-      if (!session) {
-        this.logger?.debug?.('Session not found:', sessionId);
-        await next();
-        return;
-      }
-      const initialVersion = session.version;
-      if (session.isRevoked) {
-        this.logger?.warn?.('Session has been revoked:', sessionId);
-        await next();
-        return;
-      }
-      if (session.expiresAt < new Date()) {
-        this.logger?.debug?.('Session has expired:', sessionId);
-        await next();
-        return;
-      }
-      // Load user
-      const user = await this.userRepository.findOne({
-        select: this.getUserSelectFields(),
-        where: { sub: validation.payload!.sub },
-      });
-      if (!user) {
-        this.logger?.warn?.('User not found:', validation.payload!.sub);
-        await next();
-        return;
-      }
-      if (!user.isActive) {
-        this.logger?.warn?.('Account is not active:', user.sub);
-        await next();
-        return;
-      }
-      // Optimistic locking check - ensure session wasn't modified during request
-      const revalidated = await this.sessionService.findByIdLight(sessionId);
-      if (!revalidated || revalidated.version !== initialVersion || revalidated.isRevoked) {
-        this.logger?.error?.('Session was modified during request - possible security breach');
-        await next();
-        return;
-      }
-      // Attach to request attributes
-      req.attributes.user = user;
-      req.attributes.token = validation.payload;
-      // Store in ContextStorage for service access
-      ContextStorage.set('CURRENT_USER', user);
-      ContextStorage.set('JWT_PAYLOAD', validation.payload);
-      ContextStorage.set('CURRENT_SESSION', sessionId);
-      this.logger?.debug?.(`User ${user.sub} authenticated successfully`);
-      // Update CLIENT_INFO with sessionId and userId
-      this.updateClientInfoSessionId(sessionId);
-      this.updateClientInfoUserId(userId);
-      await next();
-    } catch (error) {
-      this.logger?.error?.(
-        'Error in auth handler:',
-        error instanceof Error ? error.message : String(error),
-        error instanceof Error ? error.stack : undefined,
-      );
-      await next();
-    }
-  }
-  /**
-   * Extract token from request based on delivery mode
-   */
-  private extractToken(req: NAuthRequest): string | null {
-    const method = this.config.tokenDelivery?.method || 'json';
-    // Get token from header
-    const authHeader = req.getHeader('authorization');
-    const headerToken = authHeader?.startsWith('Bearer ') ? authHeader.substring(7) : null;
-    // Get token from cookie
-    const accessTokenCookieName = getAccessTokenCookieName(this.config);
-    const cookieToken = req.cookies[accessTokenCookieName];
-    // Check for route-level override
-    const routeMode = req.attributes.nauthTokenDelivery;
-    let effective: 'cookies' | 'json' = 'json';
-    if (routeMode) {
-      effective = routeMode;
-    } else if (method === 'hybrid') {
-      // Determine mode based on request characteristics
-      effective = resolveDeliveryForRequest(req.raw, this.config.tokenDelivery?.hybridPolicy);
-    } else {
-      effective = method === 'cookies' ? 'cookies' : 'json';
-    }
-    if (effective === 'cookies') {
-      // Cookie mode: Reject if Bearer header present
-      if (headerToken && !cookieToken) {
-        throw new NAuthException(
-          AuthErrorCode.BEARER_NOT_ALLOWED,
-          'Bearer tokens are not allowed in cookie-only path.',
-        );
-      }
-      return cookieToken || null;
-    }
-    // JSON mode: Reject if cookie present
-    if (cookieToken && !headerToken) {
-      throw new NAuthException(AuthErrorCode.COOKIES_NOT_ALLOWED, 'Cookie tokens are not allowed in JSON-only path.');
-    }
-    return headerToken || null;
-  }
-  /**
-   * Update CLIENT_INFO with session ID from token
-   */
-  private updateClientInfoSessionId(sessionId: string | number): void {
-    const clientInfo = ContextStorage.get<IClientInfo>('CLIENT_INFO');
-    if (clientInfo) {
-      const sessionIdNumber = typeof sessionId === 'number' ? sessionId : parseInt(String(sessionId), 10);
-      if (!isNaN(sessionIdNumber) && sessionIdNumber > 0) {
-        clientInfo.sessionId = sessionIdNumber;
-        ContextStorage.set('CLIENT_INFO', clientInfo);
-      }
-    }
-  }
-  /**
-   * Update CLIENT_INFO with user ID from token
-   */
-  private updateClientInfoUserId(userId: string | number): void {
-    const clientInfo = ContextStorage.get<IClientInfo>('CLIENT_INFO');
-    if (clientInfo) {
-      const userIdNumber = typeof userId === 'number' ? userId : parseInt(String(userId), 10);
-      if (!isNaN(userIdNumber) && userIdNumber > 0) {
-        clientInfo.userId = userIdNumber;
-        ContextStorage.set('CLIENT_INFO', clientInfo);
-      }
-    }
-  }
-  /**
-   * Get fields to select when loading user
-   */
-  private getUserSelectFields(): (keyof BaseUser)[] {
-    return [
-      'id',
-      'sub',
-      'username',
-      'firstName',
-      'lastName',
-      'email',
-      'phone',
-      'isEmailVerified',
-      'isPhoneVerified',
-      'isActive',
-      'mustChangePassword',
-      'isLocked',
-      'lockReason',
-      'lockedAt',
-      'lockedUntil',
-      'failedLoginAttempts',
-      'lastFailedLoginAt',
-      'lastLoginAt',
-      'lastLoginIp',
-      'hasSocialAuth',
-      'socialProviders',
-      'mfaEnabled',
-      'mfaMethods',
-      'preferredMfaMethod',
-      'mfaExempt',
-      'mfaExemptReason',
-      'mfaExemptGrantedAt',
-      'metadata',
-      'createdAt',
-      'updatedAt',
-    ] as (keyof BaseUser)[];
-  }
-}

package/src/handlers/client-info.handler.ts DELETED Viewed

@@ -1,101 +0,0 @@
-/**
- * Client Info Handler
- *
- * Extracts client information (IP, user agent, device info) from NAuthRequest
- * and stores in AsyncLocalStorage context.
- *
- * **Platform-Agnostic:**
- * This handler operates purely on NAuthRequest interface.
- * Context initialization is handled by the adapter, not this handler.
- */
-import { ContextStorage, ClientInfoService, IClientInfo, NAuthLogger, getDeviceTokenCookieName } from '../index';
-import { GeoLocationService } from '../internal';
-import { NAuthRequest, NAuthResponse } from '../platform/interfaces';
-/**
- * ClientInfoHandler
- *
- * First handler in the chain. Extracts client information and stores it
- * in the context for downstream handlers and services.
- */
-export class ClientInfoHandler {
-  constructor(
-    private clientInfoService: ClientInfoService,
-    private geoLocationService?: GeoLocationService,
-    private logger?: NAuthLogger,
-  ) {}
-  /**
-   * Handle request - extract and store client info
-   *
-   * Context initialization is handled by the adapter.
-   * This handler assumes context is already available.
-   */
-  public async handle(req: NAuthRequest, res: NAuthResponse, next: () => Promise<void> | void): Promise<void> {
-    try {
-      await this.extractAndStore(req, res);
-    } catch (error) {
-      this.logger?.error?.('Error extracting client info:', error);
-    }
-    await next();
-  }
-  /**
-   * Extract client information and store in context
-   */
-  private async extractAndStore(req: NAuthRequest, res: NAuthResponse): Promise<void> {
-    // Extract user agent
-    const userAgent = req.getHeader('user-agent') || 'unknown';
-    // Parse user agent for device/browser info
-    const parsedUA = this.clientInfoService.parseUserAgent(userAgent);
-    // Extract device token from cookie or header
-    // Use default cookie name (nauth_device_token) if config not available
-    const deviceTokenCookieName = getDeviceTokenCookieName();
-    const deviceToken = req.cookies[deviceTokenCookieName] || req.getHeader('x-device-token');
-    // Build client info object
-    const clientInfo: IClientInfo = {
-      ipAddress: req.ip,
-      userAgent,
-      deviceToken,
-      deviceName: (req.body.deviceName as string) || parsedUA.deviceName || undefined,
-      deviceType: ((req.body.deviceType as string) || parsedUA.deviceType || undefined) as IClientInfo['deviceType'],
-      platform: parsedUA.platform || undefined,
-      browser: parsedUA.browser || undefined,
-      sessionId: undefined, // Set later by AuthHandler
-      userId: undefined, // Set later by AuthHandler
-      ipCountry: undefined,
-      ipCity: undefined,
-      ipLatitude: undefined,
-      ipLongitude: undefined,
-    };
-    // Populate geolocation if service available
-    if (this.geoLocationService && clientInfo.ipAddress && clientInfo.ipAddress !== '0.0.0.0') {
-      try {
-        const geo = await this.geoLocationService.getIpGeolocation(clientInfo.ipAddress);
-        clientInfo.ipCountry = geo.country;
-        clientInfo.ipCity = geo.city;
-        clientInfo.ipLatitude = geo.latitude;
-        clientInfo.ipLongitude = geo.longitude;
-      } catch (error) {
-        // Log error instead of silently failing
-        this.logger?.error?.(
-          `Geolocation lookup failed for IP ${clientInfo.ipAddress}:`,
-          error instanceof Error ? error.message : 'Unknown error',
-        );
-      }
-    }
-    // Store in context
-    ContextStorage.set('CLIENT_INFO', clientInfo);
-    ContextStorage.set('HTTP_RESPONSE', res.raw);
-    // Also attach to request attributes for handler access
-    req.attributes.clientInfo = clientInfo;
-  }
-}