npm - @nauth-toolkit/core - Versions diffs - 0.1.0 → 0.1.5 - Mend

@nauth-toolkit/core 0.1.0 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (184) hide show

package/LICENSE +90 -0
package/README.md +9 -0
package/package.json +8 -3
package/jest.config.js +0 -15
package/jest.setup.ts +0 -6
package/src/adapters/database-columns.ts +0 -165
package/src/adapters/express.adapter.ts +0 -385
package/src/adapters/fastify.adapter.ts +0 -416
package/src/adapters/index.ts +0 -16
package/src/adapters/storage.factory.ts +0 -143
package/src/bootstrap.ts +0 -374
package/src/dto/auth-challenge.dto.ts +0 -231
package/src/dto/auth-response.dto.ts +0 -253
package/src/dto/challenge-response.dto.ts +0 -234
package/src/dto/change-password-request.dto.ts +0 -50
package/src/dto/change-password-response.dto.ts +0 -29
package/src/dto/change-password.dto.ts +0 -57
package/src/dto/error-response.dto.ts +0 -136
package/src/dto/get-available-methods.dto.ts +0 -55
package/src/dto/get-challenge-data-response.dto.ts +0 -28
package/src/dto/get-challenge-data.dto.ts +0 -69
package/src/dto/get-client-info.dto.ts +0 -104
package/src/dto/get-device-token-response.dto.ts +0 -25
package/src/dto/get-events-by-type.dto.ts +0 -76
package/src/dto/get-ip-address-response.dto.ts +0 -24
package/src/dto/get-mfa-status.dto.ts +0 -94
package/src/dto/get-risk-assessment-history.dto.ts +0 -39
package/src/dto/get-session-id-response.dto.ts +0 -25
package/src/dto/get-setup-data-response.dto.ts +0 -31
package/src/dto/get-setup-data.dto.ts +0 -75
package/src/dto/get-suspicious-activity.dto.ts +0 -42
package/src/dto/get-user-agent-response.dto.ts +0 -23
package/src/dto/get-user-auth-history.dto.ts +0 -95
package/src/dto/get-user-by-email.dto.ts +0 -61
package/src/dto/get-user-by-id.dto.ts +0 -46
package/src/dto/get-user-devices.dto.ts +0 -53
package/src/dto/get-user-response.dto.ts +0 -17
package/src/dto/has-provider.dto.ts +0 -56
package/src/dto/index.ts +0 -57
package/src/dto/is-trusted-device-response.dto.ts +0 -34
package/src/dto/list-providers-response.dto.ts +0 -23
package/src/dto/login.dto.ts +0 -95
package/src/dto/logout-all-response.dto.ts +0 -24
package/src/dto/logout-all.dto.ts +0 -65
package/src/dto/logout-response.dto.ts +0 -25
package/src/dto/logout.dto.ts +0 -64
package/src/dto/refresh-token.dto.ts +0 -36
package/src/dto/remove-devices.dto.ts +0 -85
package/src/dto/resend-code-response.dto.ts +0 -32
package/src/dto/resend-code.dto.ts +0 -51
package/src/dto/reset-password.dto.ts +0 -115
package/src/dto/respond-challenge.dto.ts +0 -272
package/src/dto/set-mfa-exemption.dto.ts +0 -112
package/src/dto/set-must-change-password-response.dto.ts +0 -27
package/src/dto/set-must-change-password.dto.ts +0 -46
package/src/dto/set-preferred-method.dto.ts +0 -80
package/src/dto/setup-mfa.dto.ts +0 -98
package/src/dto/signup.dto.ts +0 -174
package/src/dto/social-auth.dto.ts +0 -422
package/src/dto/trust-device-response.dto.ts +0 -30
package/src/dto/trust-device.dto.ts +0 -9
package/src/dto/update-user-attributes-request.dto.ts +0 -51
package/src/dto/user-response.dto.ts +0 -138
package/src/dto/user-update.dto.ts +0 -222
package/src/dto/verify-email.dto.ts +0 -313
package/src/dto/verify-mfa-code.dto.ts +0 -103
package/src/dto/verify-phone-by-sub.dto.ts +0 -78
package/src/dto/verify-phone.dto.ts +0 -245
package/src/entities/auth-audit.entity.ts +0 -232
package/src/entities/challenge-session.entity.ts +0 -116
package/src/entities/index.ts +0 -29
package/src/entities/login-attempt.entity.ts +0 -64
package/src/entities/mfa-device.entity.ts +0 -151
package/src/entities/rate-limit.entity.ts +0 -44
package/src/entities/session.entity.ts +0 -180
package/src/entities/social-account.entity.ts +0 -96
package/src/entities/storage-lock.entity.ts +0 -39
package/src/entities/trusted-device.entity.ts +0 -112
package/src/entities/user.entity.ts +0 -243
package/src/entities/verification-token.entity.ts +0 -141
package/src/enums/auth-audit-event-type.enum.ts +0 -360
package/src/enums/error-codes.enum.ts +0 -420
package/src/enums/mfa-method.enum.ts +0 -97
package/src/enums/risk-factor.enum.ts +0 -111
package/src/exceptions/nauth.exception.ts +0 -231
package/src/handlers/auth.handler.ts +0 -260
package/src/handlers/client-info.handler.ts +0 -101
package/src/handlers/csrf.handler.ts +0 -156
package/src/handlers/token-delivery.handler.ts +0 -118
package/src/index.ts +0 -118
package/src/interfaces/client-info.interface.ts +0 -85
package/src/interfaces/config.interface.ts +0 -2135
package/src/interfaces/entities.interface.ts +0 -226
package/src/interfaces/index.ts +0 -15
package/src/interfaces/logger.interface.ts +0 -283
package/src/interfaces/mfa-provider.interface.ts +0 -154
package/src/interfaces/oauth.interface.ts +0 -148
package/src/interfaces/provider.interface.ts +0 -47
package/src/interfaces/social-auth-provider.interface.ts +0 -131
package/src/interfaces/storage-adapter.interface.ts +0 -82
package/src/interfaces/template.interface.ts +0 -510
package/src/interfaces/token-verifier.interface.ts +0 -110
package/src/internal.ts +0 -178
package/src/platform/interfaces.ts +0 -299
package/src/schemas/auth-config.schema.ts +0 -646
package/src/services/adaptive-mfa-decision.service.spec.ts +0 -1058
package/src/services/adaptive-mfa-decision.service.ts +0 -457
package/src/services/auth-audit.service.spec.ts +0 -675
package/src/services/auth-audit.service.ts +0 -558
package/src/services/auth-challenge-helper.service.spec.ts +0 -3227
package/src/services/auth-challenge-helper.service.ts +0 -825
package/src/services/auth-flow-context-builder.service.ts +0 -520
package/src/services/auth-flow-rules.ts +0 -202
package/src/services/auth-flow-state-definitions.ts +0 -190
package/src/services/auth-flow-state-machine.service.ts +0 -207
package/src/services/auth-flow-state-machine.types.ts +0 -316
package/src/services/auth.service.spec.ts +0 -4195
package/src/services/auth.service.ts +0 -3727
package/src/services/challenge.service.spec.ts +0 -1363
package/src/services/challenge.service.ts +0 -696
package/src/services/client-info.service.spec.ts +0 -572
package/src/services/client-info.service.ts +0 -374
package/src/services/csrf.service.ts +0 -54
package/src/services/email-verification.service.spec.ts +0 -1229
package/src/services/email-verification.service.ts +0 -578
package/src/services/geo-location.service.spec.ts +0 -603
package/src/services/geo-location.service.ts +0 -599
package/src/services/index.ts +0 -13
package/src/services/jwt.service.spec.ts +0 -882
package/src/services/jwt.service.ts +0 -621
package/src/services/mfa-base.service.spec.ts +0 -246
package/src/services/mfa-base.service.ts +0 -611
package/src/services/mfa.service.spec.ts +0 -693
package/src/services/mfa.service.ts +0 -960
package/src/services/password.service.spec.ts +0 -166
package/src/services/password.service.ts +0 -309
package/src/services/phone-verification.service.spec.ts +0 -1120
package/src/services/phone-verification.service.ts +0 -751
package/src/services/risk-detection.service.spec.ts +0 -1292
package/src/services/risk-detection.service.ts +0 -1012
package/src/services/risk-scoring.service.spec.ts +0 -204
package/src/services/risk-scoring.service.ts +0 -131
package/src/services/session.service.spec.ts +0 -1293
package/src/services/session.service.ts +0 -803
package/src/services/social-account.service.spec.ts +0 -725
package/src/services/social-auth-base.service.spec.ts +0 -418
package/src/services/social-auth-base.service.ts +0 -581
package/src/services/social-auth.service.spec.ts +0 -238
package/src/services/social-auth.service.ts +0 -436
package/src/services/social-provider-registry.service.spec.ts +0 -238
package/src/services/social-provider-registry.service.ts +0 -122
package/src/services/trusted-device.service.spec.ts +0 -505
package/src/services/trusted-device.service.ts +0 -339
package/src/storage/account-lockout-storage.service.spec.ts +0 -310
package/src/storage/account-lockout-storage.service.ts +0 -89
package/src/storage/index.ts +0 -3
package/src/storage/memory-storage.adapter.ts +0 -443
package/src/storage/rate-limit-storage.service.spec.ts +0 -247
package/src/storage/rate-limit-storage.service.ts +0 -38
package/src/templates/html-template.engine.spec.ts +0 -161
package/src/templates/html-template.engine.ts +0 -688
package/src/templates/index.ts +0 -7
package/src/utils/common-passwords.spec.ts +0 -230
package/src/utils/common-passwords.ts +0 -170
package/src/utils/context-storage.ts +0 -188
package/src/utils/cookie-names.util.ts +0 -67
package/src/utils/cookies.util.ts +0 -94
package/src/utils/index.ts +0 -12
package/src/utils/ip-extractor.spec.ts +0 -330
package/src/utils/ip-extractor.ts +0 -220
package/src/utils/nauth-logger.spec.ts +0 -388
package/src/utils/nauth-logger.ts +0 -215
package/src/utils/pii-redactor.spec.ts +0 -130
package/src/utils/pii-redactor.ts +0 -288
package/src/utils/setup/get-repositories.ts +0 -140
package/src/utils/setup/init-services.ts +0 -422
package/src/utils/setup/init-social.ts +0 -189
package/src/utils/setup/init-storage.ts +0 -94
package/src/utils/setup/register-mfa.ts +0 -165
package/src/utils/setup/run-nauth-migrations.ts +0 -61
package/src/utils/token-delivery-policy.ts +0 -38
package/src/validators/template.validator.ts +0 -219
package/tsconfig.json +0 -37
package/tsconfig.lint.json +0 -6

package/src/dto/respond-challenge.dto.ts DELETED Viewed

@@ -1,272 +0,0 @@
-/**
- * Unified Challenge Response DTO with Comprehensive Validation
- *
- * Provides class-validator validation for challenge responses.
- * This is the single source of truth for challenge response validation,
- * used by both NestJS and Express adapters.
- *
- * Security Features:
- * - All string inputs have max length (prevents DoS attacks)
- * - Phone numbers validated against E.164 format
- * - Password strength enforced (8-128 chars)
- * - Conditional validation based on challenge type
- * - Enum validation prevents invalid challenge types
- *
- * @module RespondChallengeDTO
- */
-import { IsString, IsEnum, ValidateIf, IsObject, MinLength, MaxLength, Matches, Length, IsUUID } from 'class-validator';
-import { Transform } from 'class-transformer';
-/**
- * Challenge type enum for validation
- */
-export enum ChallengeType {
-  VERIFY_EMAIL = 'VERIFY_EMAIL',
-  VERIFY_PHONE = 'VERIFY_PHONE',
-  MFA_REQUIRED = 'MFA_REQUIRED',
-  FORCE_CHANGE_PASSWORD = 'FORCE_CHANGE_PASSWORD',
-  MFA_SETUP_REQUIRED = 'MFA_SETUP_REQUIRED',
-}
-/**
- * MFA method enum for validation
- */
-export enum MFAMethodType {
-  SMS = 'sms',
-  EMAIL = 'email',
-  TOTP = 'totp',
-  PASSKEY = 'passkey',
-  BACKUP = 'backup',
-}
-/**
- * Unified DTO for responding to authentication challenges
- *
- * Uses conditional validation (@ValidateIf) to validate fields based on challenge type.
- * This ensures proper validation while maintaining a single endpoint for all challenge types.
- *
- * Security:
- * - All strings have max length constraints matching DB limits
- * - Phone numbers validated against E.164 format (prevents SQL injection)
- * - Verification codes validated for length (4-10 chars)
- * - Passwords validated for strength requirements
- * - Session tokens validated as UUID v4 format (prevents injection)
- *
- * @example
- * ```typescript
- * @Controller('auth')
- * export class AuthController {
- *   @Post('respond-challenge')
- *   async respondToChallenge(@Body() dto: RespondChallengeDTO) {
- *     return await this.authService.respondToChallenge(dto);
- *   }
- * }
- * ```
- */
-export class RespondChallengeDTO {
-  /**
-   * Challenge session token (UUID v4)
-   * Always required
-   *
-   * Validation:
-   * - Must be a valid UUID v4 format
-   * - Generated using randomUUID() in challenge service
-   * - Matches DB constraint: varchar(255) but UUID format enforced
-   *
-   * Sanitization:
-   * - Trimmed
-   * - Lowercased for consistency
-   *
-   * @example "a21b654c-2746-4168-acee-c175083a65cd"
-   */
-  @IsUUID('4', { message: 'Session token must be a valid UUID v4 format' })
-  @Transform(({ value }) => {
-    if (typeof value === 'string') {
-      return value.trim().toLowerCase();
-    }
-    return value;
-  })
-  session!: string;
-  /**
-   * Challenge type being responded to
-   * Always required
-   */
-  @IsEnum(ChallengeType, {
-    message:
-      'Challenge type must be one of: VERIFY_EMAIL, VERIFY_PHONE, MFA_REQUIRED, FORCE_CHANGE_PASSWORD, MFA_SETUP_REQUIRED',
-  })
-  type!: ChallengeType;
-  // ============================================================================
-  // VERIFY_EMAIL / VERIFY_PHONE / MFA_REQUIRED (code-based)
-  // ============================================================================
-  /**
-   * Verification code
-   * Required for:
-   * - VERIFY_EMAIL
-   * - VERIFY_PHONE (when verifying code)
-   * - MFA_REQUIRED (for SMS/Email/TOTP/Backup methods)
-   *
-   * Validation:
-   * - Must be a string
-   * - Length 4-10 characters (covers all code types)
-   * - Alphanumeric only
-   *
-   * Note: NOT trimmed (codes should be exact)
-   */
-  @ValidateIf(
-    (o) =>
-      o.type === ChallengeType.VERIFY_EMAIL ||
-      (o.type === ChallengeType.VERIFY_PHONE && !o.phone) ||
-      (o.type === ChallengeType.MFA_REQUIRED && o.method !== MFAMethodType.PASSKEY),
-  )
-  @IsString({ message: 'Code must be a string' })
-  @Length(4, 10, { message: 'Code must be between 4 and 10 characters' })
-  @Matches(/^[A-Za-z0-9]+$/, { message: 'Code can only contain letters and numbers' })
-  code?: string;
-  // ============================================================================
-  // VERIFY_PHONE (phone collection)
-  // ============================================================================
-  /**
-   * Phone number in E.164 format
-   * Required for VERIFY_PHONE when collecting phone number (first step)
-   *
-   * Validation:
-   * - Must be a string
-   * - Must match E.164 format: +[country code][number]
-   * - Example: +14155552671
-   * - Max 20 characters (matches DB limit)
-   *
-   * Sanitization:
-   * - Trimmed
-   * - Only digits and leading + allowed
-   */
-  @ValidateIf((o) => o.type === ChallengeType.VERIFY_PHONE && !o.code)
-  @IsString({ message: 'Phone must be a string' })
-  @MaxLength(20, { message: 'Phone number must not exceed 20 characters' })
-  @Matches(/^\+[1-9]\d{1,14}$/, {
-    message: 'Phone must be in E.164 format (e.g., +14155552671)',
-  })
-  @Transform(({ value }) => {
-    if (typeof value === 'string') {
-      return value.trim();
-    }
-    return value;
-  })
-  phone?: string;
-  // ============================================================================
-  // FORCE_CHANGE_PASSWORD
-  // ============================================================================
-  /**
-   * New password
-   * Required for FORCE_CHANGE_PASSWORD challenge
-   *
-   * Validation:
-   * - Must be a string
-   * - Min 8 characters (security requirement)
-   * - Max 128 characters (prevents DoS via bcrypt)
-   *
-   * Note: NOT trimmed (passwords can have leading/trailing spaces)
-   */
-  @ValidateIf((o) => o.type === ChallengeType.FORCE_CHANGE_PASSWORD)
-  @IsString({ message: 'New password must be a string' })
-  @MinLength(8, { message: 'Password must be at least 8 characters' })
-  @MaxLength(128, { message: 'Password must not exceed 128 characters' })
-  newPassword?: string;
-  // ============================================================================
-  // MFA_REQUIRED / MFA_SETUP_REQUIRED
-  // ============================================================================
-  /**
-   * MFA method being used or set up
-   * Required for:
-   * - MFA_REQUIRED challenge (method being used for verification)
-   * - MFA_SETUP_REQUIRED challenge (method being set up)
-   *
-   * Validation:
-   * - Must be one of: sms, email, totp, passkey, backup
-   */
-  @ValidateIf((o) => o.type === ChallengeType.MFA_REQUIRED || o.type === ChallengeType.MFA_SETUP_REQUIRED)
-  @IsEnum(MFAMethodType, { message: 'MFA method must be one of: sms, email, totp, passkey, backup' })
-  method?: MFAMethodType;
-  /**
-   * Passkey credential
-   * Required for MFA_REQUIRED when method is 'passkey'
-   *
-   * Validation:
-   * - Must be an object
-   * - Contains WebAuthn credential from navigator.credentials.get()
-   */
-  @ValidateIf((o) => o.type === ChallengeType.MFA_REQUIRED && o.method === MFAMethodType.PASSKEY)
-  @IsObject({ message: 'Credential must be an object' })
-  credential?: Record<string, unknown>;
-  // ============================================================================
-  // MFA_SETUP_REQUIRED
-  // ============================================================================
-  /**
-   * MFA setup data (method-specific)
-   * Required for MFA_SETUP_REQUIRED challenge
-   *
-   * Expected structure by method:
-   * - SMS: { phone: string, code: string }
-   * - Email: { code: string }
-   * - TOTP: { code: string }
-   * - Passkey: { credential: Record<string, unknown> }
-   *
-   * Validation:
-   * - Must be an object
-   * - Structure validated by MFA provider services
-   */
-  @ValidateIf((o) => o.type === ChallengeType.MFA_SETUP_REQUIRED)
-  @IsObject({ message: 'Setup data must be an object' })
-  setupData?: Record<string, unknown>;
-}
-/**
- * Helper type guards for challenge response
- *
- * Use these to narrow TypeScript types in your application logic.
- *
- * @example
- * ```typescript
- * if (RespondChallengeValidation.isEmailVerification(dto)) {
- *   // TypeScript knows dto.code is available
- * }
- * ```
- */
-export namespace RespondChallengeValidation {
-  export function isEmailVerification(dto: RespondChallengeDTO): boolean {
-    return dto.type === ChallengeType.VERIFY_EMAIL && !!dto.code;
-  }
-  export function isPhoneCollection(dto: RespondChallengeDTO): boolean {
-    return dto.type === ChallengeType.VERIFY_PHONE && !!dto.phone;
-  }
-  export function isPhoneVerification(dto: RespondChallengeDTO): boolean {
-    return dto.type === ChallengeType.VERIFY_PHONE && !!dto.code;
-  }
-  export function isPasswordChange(dto: RespondChallengeDTO): boolean {
-    return dto.type === ChallengeType.FORCE_CHANGE_PASSWORD && !!dto.newPassword;
-  }
-  export function isMFAVerification(dto: RespondChallengeDTO): boolean {
-    return dto.type === ChallengeType.MFA_REQUIRED && !!dto.method;
-  }
-  export function isMFASetup(dto: RespondChallengeDTO): boolean {
-    return dto.type === ChallengeType.MFA_SETUP_REQUIRED && !!dto.method && !!dto.setupData;
-  }
-}

package/src/dto/set-mfa-exemption.dto.ts DELETED Viewed

@@ -1,112 +0,0 @@
-/**
- * DTO for setting MFA exemption
- *
- * Used to grant or revoke a user's exemption from multi-factor authentication requirements.
- * Admin-only operation.
- *
- * @example
- * ```typescript
- * const result = await mfaService.setMFAExemption({
- *   userSub: 'user-uuid',
- *   exempt: true,
- *   reason: 'Business partner requires MFA bypass',
- *   grantedBy: 'admin@example.com'
- * });
- * ```
- */
-import { IsUUID, IsBoolean, IsOptional, IsString, MaxLength } from 'class-validator';
-import { Transform } from 'class-transformer';
-/**
- * DTO for setting MFA exemption
- */
-export class SetMFAExemptionDTO {
-  /**
-   * User's unique identifier (UUID v4)
-   *
-   * Validation:
-   * - Must be a valid UUID v4 format
-   * - Matches DB constraint: char(36) or uuid
-   *
-   * Sanitization:
-   * - Trimmed
-   * - Lowercased for consistency
-   *
-   * @example "a21b654c-2746-4168-acee-c175083a65cd"
-   */
-  @IsUUID('4', { message: 'User sub must be a valid UUID v4 format' })
-  @Transform(({ value }) => {
-    if (typeof value === 'string') {
-      return value.trim().toLowerCase();
-    }
-    return value;
-  })
-  userSub!: string;
-  /**
-   * Whether to grant exemption (true) or revoke exemption (false)
-   */
-  @IsBoolean({ message: 'Exempt must be a boolean' })
-  exempt!: boolean;
-  /**
-   * Optional reason for the exemption status change
-   *
-   * Validation:
-   * - Max 500 characters
-   *
-   * Sanitization:
-   * - Trimmed
-   */
-  @IsOptional()
-  @IsString({ message: 'Reason must be a string' })
-  @MaxLength(500, { message: 'Reason must not exceed 500 characters' })
-  @Transform(({ value }) => {
-    if (typeof value === 'string') {
-      return value.trim();
-    }
-    return value;
-  })
-  reason?: string | null;
-  /**
-   * Optional identifier of the admin performing this action
-   *
-   * Validation:
-   * - Max 255 characters
-   *
-   * Sanitization:
-   * - Trimmed
-   */
-  @IsOptional()
-  @IsString({ message: 'Granted by must be a string' })
-  @MaxLength(255, { message: 'Granted by must not exceed 255 characters' })
-  @Transform(({ value }) => {
-    if (typeof value === 'string') {
-      return value.trim();
-    }
-    return value;
-  })
-  grantedBy?: string | null;
-}
-/**
- * Response DTO for setting MFA exemption
- */
-export class SetMFAExemptionResponseDTO {
-  /**
-   * Whether user is exempt from MFA requirements
-   */
-  mfaExempt!: boolean;
-  /**
-   * Reason for MFA exemption (if exempt)
-   */
-  mfaExemptReason!: string | null;
-  /**
-   * Date when MFA exemption was granted (if exempt)
-   */
-  mfaExemptGrantedAt!: Date | null;
-}

package/src/dto/set-must-change-password-response.dto.ts DELETED Viewed

@@ -1,27 +0,0 @@
-/**
- * Set Must Change Password Response DTO
- *
- * Response DTO for setting must change password flag.
- * No validators needed - this is generated internally by the library.
- *
- * @example
- * ```typescript
- * await authService.setMustChangePassword({
- *   userId: 'user-uuid'
- * });
- * // Returns: { success: true }
- * ```
- */
-/**
- * Response DTO for set must change password
- */
-export class SetMustChangePasswordResponseDTO {
-  /**
-   * Success indicator
-   * Always true on successful flag set
-   *
-   * @example true
-   */
-  success!: boolean;
-}

package/src/dto/set-must-change-password.dto.ts DELETED Viewed

@@ -1,46 +0,0 @@
-/**
- * Set Must Change Password DTO
- *
- * Request DTO for requiring a user to change their password on next login.
- *
- * Security:
- * - User ID validated (UUID)
- * - Prevents unauthorized password change requirements
- *
- * @example
- * ```typescript
- * await authService.setMustChangePassword({
- *   userId: 'user-uuid'
- * });
- * ```
- */
-import { IsUUID } from 'class-validator';
-import { Transform } from 'class-transformer';
-/**
- * Request DTO for setting must change password flag
- */
-export class SetMustChangePasswordDTO {
-  /**
-   * User's unique identifier (UUID v4)
-   *
-   * Validation:
-   * - Must be a valid UUID v4 format
-   * - Matches DB constraint: char(36) or uuid
-   *
-   * Sanitization:
-   * - Trimmed
-   * - Lowercased for consistency
-   *
-   * @example "a21b654c-2746-4168-acee-c175083a65cd"
-   */
-  @IsUUID('4', { message: 'User ID must be a valid UUID v4 format' })
-  @Transform(({ value }) => {
-    if (typeof value === 'string') {
-      return value.trim().toLowerCase();
-    }
-    return value;
-  })
-  userId!: string;
-}

package/src/dto/set-preferred-method.dto.ts DELETED Viewed

@@ -1,80 +0,0 @@
-/**
- * DTO for setting preferred MFA method
- *
- * Used to set the preferred MFA method for a user.
- * Updates the user's preferred method and device primary flags.
- *
- * @example
- * ```typescript
- * await mfaService.setPreferredMethod({
- *   userSub: 'user-uuid',
- *   methodType: 'totp'
- * });
- * ```
- */
-import { IsEnum, IsString, IsUUID, MaxLength } from 'class-validator';
-import { Transform } from 'class-transformer';
-import { MFAMethod } from '../enums/mfa-method.enum';
-/**
- * DTO for setting preferred MFA method
- */
-export class SetPreferredMethodDTO {
-  /**
-   * User's unique identifier (UUID v4)
-   *
-   * Validation:
-   * - Must be a valid UUID v4 format
-   * - Matches DB constraint: char(36) or uuid
-   *
-   * Sanitization:
-   * - Trimmed
-   * - Lowercased for consistency
-   *
-   * @example "a21b654c-2746-4168-acee-c175083a65cd"
-   */
-  @IsUUID('4', { message: 'User sub must be a valid UUID v4 format' })
-  @Transform(({ value }) => {
-    if (typeof value === 'string') {
-      return value.trim().toLowerCase();
-    }
-    return value;
-  })
-  userSub!: string;
-  /**
-   * MFA method type to set as preferred
-   *
-   * Validation:
-   * - Must be one of: totp, sms, email, passkey
-   * - Max 50 characters
-   *
-   * Sanitization:
-   * - Trimmed and lowercased
-   *
-   * @example "totp"
-   */
-  @IsString({ message: 'Method type must be a string' })
-  @IsEnum([MFAMethod.TOTP, MFAMethod.SMS, MFAMethod.EMAIL, MFAMethod.PASSKEY], {
-    message: 'Method type must be one of: totp, sms, email, passkey',
-  })
-  @MaxLength(50, { message: 'Method type must not exceed 50 characters' })
-  @Transform(({ value }) => {
-    if (typeof value === 'string') {
-      return value.trim().toLowerCase();
-    }
-    return value;
-  })
-  methodType!: string;
-}
-/**
- * Response DTO for setting preferred method
- */
-export class SetPreferredMethodResponseDTO {
-  /**
-   * Success message
-   */
-  message!: string;
-}

package/src/dto/setup-mfa.dto.ts DELETED Viewed

@@ -1,98 +0,0 @@
-/**
- * DTO for setting up MFA device
- *
- * Used to initiate MFA device setup using the appropriate provider.
- *
- * @example
- * ```typescript
- * const setup = await mfaService.setup({
- *   sub: 'user-uuid',
- *   methodName: 'totp',
- *   setupData: {}
- * });
- * ```
- */
-import { IsEnum, IsString, IsUUID, IsOptional, IsObject, MaxLength } from 'class-validator';
-import { Transform } from 'class-transformer';
-import { MFAMethod } from '../enums/mfa-method.enum';
-/**
- * DTO for setting up MFA device
- */
-export class SetupMFADTO {
-  /**
-   * User's unique identifier (UUID v4)
-   *
-   * Validation:
-   * - Must be a valid UUID v4 format
-   * - Matches DB constraint: char(36) or uuid
-   *
-   * Sanitization:
-   * - Trimmed
-   * - Lowercased for consistency
-   *
-   * @example "a21b654c-2746-4168-acee-c175083a65cd"
-   */
-  @IsUUID('4', { message: 'User sub must be a valid UUID v4 format' })
-  @Transform(({ value }) => {
-    if (typeof value === 'string') {
-      return value.trim().toLowerCase();
-    }
-    return value;
-  })
-  sub!: string;
-  /**
-   * MFA method name
-   *
-   * Validation:
-   * - Must be one of: totp, sms, email, passkey
-   * - Max 50 characters
-   *
-   * Sanitization:
-   * - Trimmed and lowercased
-   *
-   * @example "totp"
-   */
-  @IsString({ message: 'Method name must be a string' })
-  @IsEnum([MFAMethod.TOTP, MFAMethod.SMS, MFAMethod.EMAIL, MFAMethod.PASSKEY], {
-    message: 'Method name must be one of: totp, sms, email, passkey',
-  })
-  @MaxLength(50, { message: 'Method name must not exceed 50 characters' })
-  @Transform(({ value }) => {
-    if (typeof value === 'string') {
-      return value.trim().toLowerCase();
-    }
-    return value;
-  })
-  methodName!: string;
-  /**
-   * Optional provider-specific setup data
-   *
-   * Validation:
-   * - Must be an object if provided
-   * - Structure validated by MFA provider services
-   *
-   * @example { phoneNumber: '+1234567890' } for SMS
-   */
-  @IsOptional()
-  @IsObject({ message: 'Setup data must be an object' })
-  setupData?: Record<string, unknown>;
-}
-/**
- * Response DTO for MFA setup
- */
-export class SetupMFAResponseDTO {
-  /**
-   * Provider-specific setup response
-   *
-   * Structure varies by method:
-   * - TOTP: { secret, qrCode, manualEntryKey }
-   * - SMS: { maskedPhone }
-   * - Passkey: WebAuthn registration options
-   */
-  setupData!: Record<string, unknown>;
-}