@nauth-toolkit/core 0.1.0

package/dist/handlers/auth.handler.js

@@ -0,0 +1,173 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthHandler = void 0;
+const index_1 = require("../index");
+class AuthHandler {
+    jwtService;
+    sessionService;
+    userRepository;
+    config;
+    logger;
+    constructor(jwtService, sessionService, userRepository, config, logger) {
+        this.jwtService = jwtService;
+        this.sessionService = sessionService;
+        this.userRepository = userRepository;
+        this.config = config;
+        this.logger = logger;
+    }
+    async handle(req, _res, next) {
+        try {
+            if (req.attributes.nauthPublic) {
+                await next();
+                return;
+            }
+            const token = this.extractToken(req);
+            if (!token) {
+                await next();
+                return;
+            }
+            const validation = await this.jwtService.validateAccessToken(token);
+            if (!validation.valid) {
+                this.logger?.debug?.('Invalid token:', validation.error);
+                await next();
+                return;
+            }
+            const sessionId = validation.payload.sessionId;
+            const userId = validation.payload.sub;
+            const session = await this.sessionService.findByIdLight(sessionId);
+            if (!session) {
+                this.logger?.debug?.('Session not found:', sessionId);
+                await next();
+                return;
+            }
+            const initialVersion = session.version;
+            if (session.isRevoked) {
+                this.logger?.warn?.('Session has been revoked:', sessionId);
+                await next();
+                return;
+            }
+            if (session.expiresAt < new Date()) {
+                this.logger?.debug?.('Session has expired:', sessionId);
+                await next();
+                return;
+            }
+            const user = await this.userRepository.findOne({
+                select: this.getUserSelectFields(),
+                where: { sub: validation.payload.sub },
+            });
+            if (!user) {
+                this.logger?.warn?.('User not found:', validation.payload.sub);
+                await next();
+                return;
+            }
+            if (!user.isActive) {
+                this.logger?.warn?.('Account is not active:', user.sub);
+                await next();
+                return;
+            }
+            const revalidated = await this.sessionService.findByIdLight(sessionId);
+            if (!revalidated || revalidated.version !== initialVersion || revalidated.isRevoked) {
+                this.logger?.error?.('Session was modified during request - possible security breach');
+                await next();
+                return;
+            }
+            req.attributes.user = user;
+            req.attributes.token = validation.payload;
+            index_1.ContextStorage.set('CURRENT_USER', user);
+            index_1.ContextStorage.set('JWT_PAYLOAD', validation.payload);
+            index_1.ContextStorage.set('CURRENT_SESSION', sessionId);
+            this.logger?.debug?.(`User ${user.sub} authenticated successfully`);
+            this.updateClientInfoSessionId(sessionId);
+            this.updateClientInfoUserId(userId);
+            await next();
+        }
+        catch (error) {
+            this.logger?.error?.('Error in auth handler:', error instanceof Error ? error.message : String(error), error instanceof Error ? error.stack : undefined);
+            await next();
+        }
+    }
+    extractToken(req) {
+        const method = this.config.tokenDelivery?.method || 'json';
+        const authHeader = req.getHeader('authorization');
+        const headerToken = authHeader?.startsWith('Bearer ') ? authHeader.substring(7) : null;
+        const accessTokenCookieName = (0, index_1.getAccessTokenCookieName)(this.config);
+        const cookieToken = req.cookies[accessTokenCookieName];
+        const routeMode = req.attributes.nauthTokenDelivery;
+        let effective = 'json';
+        if (routeMode) {
+            effective = routeMode;
+        }
+        else if (method === 'hybrid') {
+            effective = (0, index_1.resolveDeliveryForRequest)(req.raw, this.config.tokenDelivery?.hybridPolicy);
+        }
+        else {
+            effective = method === 'cookies' ? 'cookies' : 'json';
+        }
+        if (effective === 'cookies') {
+            if (headerToken && !cookieToken) {
+                throw new index_1.NAuthException(index_1.AuthErrorCode.BEARER_NOT_ALLOWED, 'Bearer tokens are not allowed in cookie-only path.');
+            }
+            return cookieToken || null;
+        }
+        if (cookieToken && !headerToken) {
+            throw new index_1.NAuthException(index_1.AuthErrorCode.COOKIES_NOT_ALLOWED, 'Cookie tokens are not allowed in JSON-only path.');
+        }
+        return headerToken || null;
+    }
+    updateClientInfoSessionId(sessionId) {
+        const clientInfo = index_1.ContextStorage.get('CLIENT_INFO');
+        if (clientInfo) {
+            const sessionIdNumber = typeof sessionId === 'number' ? sessionId : parseInt(String(sessionId), 10);
+            if (!isNaN(sessionIdNumber) && sessionIdNumber > 0) {
+                clientInfo.sessionId = sessionIdNumber;
+                index_1.ContextStorage.set('CLIENT_INFO', clientInfo);
+            }
+        }
+    }
+    updateClientInfoUserId(userId) {
+        const clientInfo = index_1.ContextStorage.get('CLIENT_INFO');
+        if (clientInfo) {
+            const userIdNumber = typeof userId === 'number' ? userId : parseInt(String(userId), 10);
+            if (!isNaN(userIdNumber) && userIdNumber > 0) {
+                clientInfo.userId = userIdNumber;
+                index_1.ContextStorage.set('CLIENT_INFO', clientInfo);
+            }
+        }
+    }
+    getUserSelectFields() {
+        return [
+            'id',
+            'sub',
+            'username',
+            'firstName',
+            'lastName',
+            'email',
+            'phone',
+            'isEmailVerified',
+            'isPhoneVerified',
+            'isActive',
+            'mustChangePassword',
+            'isLocked',
+            'lockReason',
+            'lockedAt',
+            'lockedUntil',
+            'failedLoginAttempts',
+            'lastFailedLoginAt',
+            'lastLoginAt',
+            'lastLoginIp',
+            'hasSocialAuth',
+            'socialProviders',
+            'mfaEnabled',
+            'mfaMethods',
+            'preferredMfaMethod',
+            'mfaExempt',
+            'mfaExemptReason',
+            'mfaExemptGrantedAt',
+            'metadata',
+            'createdAt',
+            'updatedAt',
+        ];
+    }
+}
+exports.AuthHandler = AuthHandler;
+//# sourceMappingURL=auth.handler.js.map

package/dist/handlers/auth.handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.handler.js","sourceRoot":"","sources":["../../src/handlers/auth.handler.ts"],"names":[],"mappings":";;;AAWA,oCAUkB;AAUlB,MAAa,WAAW;IAEZ;IACA;IACA;IACA;IACA;IALV,YACU,UAAsB,EACtB,cAA8B,EAC9B,cAAoC,EACpC,MAAmB,EACnB,MAAoB;QAJpB,eAAU,GAAV,UAAU,CAAY;QACtB,mBAAc,GAAd,cAAc,CAAgB;QAC9B,mBAAc,GAAd,cAAc,CAAsB;QACpC,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAc;IAC3B,CAAC;IAOG,KAAK,CAAC,MAAM,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgC;QAC1F,IAAI,CAAC;YAEH,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;gBAC/B,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YAErC,IAAI,CAAC,KAAK,EAAE,CAAC;gBAEX,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAEpE,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACtB,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,gBAAgB,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;gBACzD,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAGD,MAAM,SAAS,GAAG,UAAU,CAAC,OAAQ,CAAC,SAAS,CAAC;YAChD,MAAM,MAAM,GAAG,UAAU,CAAC,OAAQ,CAAC,GAAG,CAAC;YACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;YAEnE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC;gBACtD,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC;YAEvC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtB,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,2BAA2B,EAAE,SAAS,CAAC,CAAC;gBAC5D,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBACnC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,sBAAsB,EAAE,SAAS,CAAC,CAAC;gBACxD,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAGD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,IAAI,CAAC,mBAAmB,EAAE;gBAClC,KAAK,EAAE,EAAE,GAAG,EAAE,UAAU,CAAC,OAAQ,CAAC,GAAG,EAAE;aACxC,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,iBAAiB,EAAE,UAAU,CAAC,OAAQ,CAAC,GAAG,CAAC,CAAC;gBAChE,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnB,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,wBAAwB,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;gBACxD,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAGD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;YACvE,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,OAAO,KAAK,cAAc,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;gBACpF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,gEAAgE,CAAC,CAAC;gBACvF,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAGD,GAAG,CAAC,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC;YAC3B,GAAG,CAAC,UAAU,CAAC,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC;YAG1C,sBAAc,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;YACzC,sBAAc,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;YACtD,sBAAc,CAAC,GAAG,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;YAEjD,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,QAAQ,IAAI,CAAC,GAAG,6BAA6B,CAAC,CAAC;YAGpE,IAAI,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAC;YAC1C,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;YAEpC,MAAM,IAAI,EAAE,CAAC;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,wBAAwB,EACxB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EACtD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CACjD,CAAC;YACF,MAAM,IAAI,EAAE,CAAC;QACf,CAAC;IACH,CAAC;IAKO,YAAY,CAAC,GAAiB;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,IAAI,MAAM,CAAC;QAG3D,MAAM,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAClD,MAAM,WAAW,GAAG,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAGvF,MAAM,qBAAqB,GAAG,IAAA,gCAAwB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;QAGvD,MAAM,SAAS,GAAG,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC;QAEpD,IAAI,SAAS,GAAuB,MAAM,CAAC;QAE3C,IAAI,SAAS,EAAE,CAAC;YACd,SAAS,GAAG,SAAS,CAAC;QACxB,CAAC;aAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAE/B,SAAS,GAAG,IAAA,iCAAyB,EAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC;QACxD,CAAC;QAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAE5B,IAAI,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;gBAChC,MAAM,IAAI,sBAAc,CACtB,qBAAa,CAAC,kBAAkB,EAChC,oDAAoD,CACrD,CAAC;YACJ,CAAC;YACD,OAAO,WAAW,IAAI,IAAI,CAAC;QAC7B,CAAC;QAGD,IAAI,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YAChC,MAAM,IAAI,sBAAc,CAAC,qBAAa,CAAC,mBAAmB,EAAE,kDAAkD,CAAC,CAAC;QAClH,CAAC;QACD,OAAO,WAAW,IAAI,IAAI,CAAC;IAC7B,CAAC;IAKO,yBAAyB,CAAC,SAA0B;QAC1D,MAAM,UAAU,GAAG,sBAAc,CAAC,GAAG,CAAc,aAAa,CAAC,CAAC;QAClE,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,eAAe,GAAG,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,CAAC;YAEpG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;gBACnD,UAAU,CAAC,SAAS,GAAG,eAAe,CAAC;gBACvC,sBAAc,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IAKO,sBAAsB,CAAC,MAAuB;QACpD,MAAM,UAAU,GAAG,sBAAc,CAAC,GAAG,CAAc,aAAa,CAAC,CAAC;QAClE,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;YAExF,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;gBAC7C,UAAU,CAAC,MAAM,GAAG,YAAY,CAAC;gBACjC,sBAAc,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IAKO,mBAAmB;QACzB,OAAO;YACL,IAAI;YACJ,KAAK;YACL,UAAU;YACV,WAAW;YACX,UAAU;YACV,OAAO;YACP,OAAO;YACP,iBAAiB;YACjB,iBAAiB;YACjB,UAAU;YACV,oBAAoB;YACpB,UAAU;YACV,YAAY;YACZ,UAAU;YACV,aAAa;YACb,qBAAqB;YACrB,mBAAmB;YACnB,aAAa;YACb,aAAa;YACb,eAAe;YACf,iBAAiB;YACjB,YAAY;YACZ,YAAY;YACZ,oBAAoB;YACpB,WAAW;YACX,iBAAiB;YACjB,oBAAoB;YACpB,UAAU;YACV,WAAW;YACX,WAAW;SACU,CAAC;IAC1B,CAAC;CACF;AApOD,kCAoOC"}

package/dist/handlers/client-info.handler.d.ts

@@ -0,0 +1,12 @@
+import { ClientInfoService, NAuthLogger } from '../index';
+import { GeoLocationService } from '../internal';
+import { NAuthRequest, NAuthResponse } from '../platform/interfaces';
+export declare class ClientInfoHandler {
+    private clientInfoService;
+    private geoLocationService?;
+    private logger?;
+    constructor(clientInfoService: ClientInfoService, geoLocationService?: GeoLocationService | undefined, logger?: NAuthLogger | undefined);
+    handle(req: NAuthRequest, res: NAuthResponse, next: () => Promise<void> | void): Promise<void>;
+    private extractAndStore;
+}
+//# sourceMappingURL=client-info.handler.d.ts.map

package/dist/handlers/client-info.handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-info.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/client-info.handler.ts"],"names":[],"mappings":"AAWA,OAAO,EAAkB,iBAAiB,EAAe,WAAW,EAA4B,MAAM,UAAU,CAAC;AACjH,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAQrE,qBAAa,iBAAiB;IAE1B,OAAO,CAAC,iBAAiB;IACzB,OAAO,CAAC,kBAAkB,CAAC;IAC3B,OAAO,CAAC,MAAM,CAAC;gBAFP,iBAAiB,EAAE,iBAAiB,EACpC,kBAAkB,CAAC,EAAE,kBAAkB,YAAA,EACvC,MAAM,CAAC,EAAE,WAAW,YAAA;IASjB,MAAM,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;YAa7F,eAAe;CAqD9B"}

package/dist/handlers/client-info.handler.js

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ClientInfoHandler = void 0;
+const index_1 = require("../index");
+class ClientInfoHandler {
+    clientInfoService;
+    geoLocationService;
+    logger;
+    constructor(clientInfoService, geoLocationService, logger) {
+        this.clientInfoService = clientInfoService;
+        this.geoLocationService = geoLocationService;
+        this.logger = logger;
+    }
+    async handle(req, res, next) {
+        try {
+            await this.extractAndStore(req, res);
+        }
+        catch (error) {
+            this.logger?.error?.('Error extracting client info:', error);
+        }
+        await next();
+    }
+    async extractAndStore(req, res) {
+        const userAgent = req.getHeader('user-agent') || 'unknown';
+        const parsedUA = this.clientInfoService.parseUserAgent(userAgent);
+        const deviceTokenCookieName = (0, index_1.getDeviceTokenCookieName)();
+        const deviceToken = req.cookies[deviceTokenCookieName] || req.getHeader('x-device-token');
+        const clientInfo = {
+            ipAddress: req.ip,
+            userAgent,
+            deviceToken,
+            deviceName: req.body.deviceName || parsedUA.deviceName || undefined,
+            deviceType: (req.body.deviceType || parsedUA.deviceType || undefined),
+            platform: parsedUA.platform || undefined,
+            browser: parsedUA.browser || undefined,
+            sessionId: undefined,
+            userId: undefined,
+            ipCountry: undefined,
+            ipCity: undefined,
+            ipLatitude: undefined,
+            ipLongitude: undefined,
+        };
+        if (this.geoLocationService && clientInfo.ipAddress && clientInfo.ipAddress !== '0.0.0.0') {
+            try {
+                const geo = await this.geoLocationService.getIpGeolocation(clientInfo.ipAddress);
+                clientInfo.ipCountry = geo.country;
+                clientInfo.ipCity = geo.city;
+                clientInfo.ipLatitude = geo.latitude;
+                clientInfo.ipLongitude = geo.longitude;
+            }
+            catch (error) {
+                this.logger?.error?.(`Geolocation lookup failed for IP ${clientInfo.ipAddress}:`, error instanceof Error ? error.message : 'Unknown error');
+            }
+        }
+        index_1.ContextStorage.set('CLIENT_INFO', clientInfo);
+        index_1.ContextStorage.set('HTTP_RESPONSE', res.raw);
+        req.attributes.clientInfo = clientInfo;
+    }
+}
+exports.ClientInfoHandler = ClientInfoHandler;
+//# sourceMappingURL=client-info.handler.js.map

package/dist/handlers/client-info.handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-info.handler.js","sourceRoot":"","sources":["../../src/handlers/client-info.handler.ts"],"names":[],"mappings":";;;AAWA,oCAAiH;AAUjH,MAAa,iBAAiB;IAElB;IACA;IACA;IAHV,YACU,iBAAoC,EACpC,kBAAuC,EACvC,MAAoB;QAFpB,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,uBAAkB,GAAlB,kBAAkB,CAAqB;QACvC,WAAM,GAAN,MAAM,CAAc;IAC3B,CAAC;IAQG,KAAK,CAAC,MAAM,CAAC,GAAiB,EAAE,GAAkB,EAAE,IAAgC;QACzF,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,IAAI,EAAE,CAAC;IACf,CAAC;IAKO,KAAK,CAAC,eAAe,CAAC,GAAiB,EAAE,GAAkB;QAEjE,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC;QAG3D,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QAIlE,MAAM,qBAAqB,GAAG,IAAA,gCAAwB,GAAE,CAAC;QACzD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAG1F,MAAM,UAAU,GAAgB;YAC9B,SAAS,EAAE,GAAG,CAAC,EAAE;YACjB,SAAS;YACT,WAAW;YACX,UAAU,EAAG,GAAG,CAAC,IAAI,CAAC,UAAqB,IAAI,QAAQ,CAAC,UAAU,IAAI,SAAS;YAC/E,UAAU,EAAE,CAAE,GAAG,CAAC,IAAI,CAAC,UAAqB,IAAI,QAAQ,CAAC,UAAU,IAAI,SAAS,CAA8B;YAC9G,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,SAAS;YACxC,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,SAAS;YACtC,SAAS,EAAE,SAAS;YACpB,MAAM,EAAE,SAAS;YACjB,SAAS,EAAE,SAAS;YACpB,MAAM,EAAE,SAAS;YACjB,UAAU,EAAE,SAAS;YACrB,WAAW,EAAE,SAAS;SACvB,CAAC;QAGF,IAAI,IAAI,CAAC,kBAAkB,IAAI,UAAU,CAAC,SAAS,IAAI,UAAU,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YAC1F,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;gBACjF,UAAU,CAAC,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC;gBACnC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC;gBAC7B,UAAU,CAAC,UAAU,GAAG,GAAG,CAAC,QAAQ,CAAC;gBACrC,UAAU,CAAC,WAAW,GAAG,GAAG,CAAC,SAAS,CAAC;YACzC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAEf,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,oCAAoC,UAAU,CAAC,SAAS,GAAG,EAC3D,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CACzD,CAAC;YACJ,CAAC;QACH,CAAC;QAGD,sBAAc,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;QAC9C,sBAAc,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;QAG7C,GAAG,CAAC,UAAU,CAAC,UAAU,GAAG,UAAU,CAAC;IACzC,CAAC;CACF;AA/ED,8CA+EC"}

package/dist/handlers/csrf.handler.d.ts

@@ -0,0 +1,13 @@
+import { NAuthConfig, NAuthLogger } from '../index';
+import { CsrfService } from '../services/csrf.service';
+import { NAuthRequest, NAuthResponse } from '../platform/interfaces';
+export declare class CsrfHandler {
+    private readonly csrfService;
+    private readonly config;
+    private readonly logger?;
+    constructor(csrfService: CsrfService, config: NAuthConfig, logger?: NAuthLogger | undefined);
+    handle(req: NAuthRequest, res: NAuthResponse, next: () => Promise<void> | void): Promise<void>;
+    private generateTokenIfMissing;
+    private validateToken;
+}
+//# sourceMappingURL=csrf.handler.d.ts.map

package/dist/handlers/csrf.handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,WAAW,EAAiC,WAAW,EAAE,MAAM,UAAU,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAUrE,qBAAa,WAAW;IAEpB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAFP,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,WAAW,EACnB,MAAM,CAAC,EAAE,WAAW,YAAA;IAQ1B,MAAM,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;YAqC7F,sBAAsB;YAsCtB,aAAa;CA0C5B"}

package/dist/handlers/csrf.handler.js

@@ -0,0 +1,84 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CsrfHandler = void 0;
+const index_1 = require("../index");
+const SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS'];
+class CsrfHandler {
+    csrfService;
+    config;
+    logger;
+    constructor(csrfService, config, logger) {
+        this.csrfService = csrfService;
+        this.config = config;
+        this.logger = logger;
+    }
+    async handle(req, res, next) {
+        const method = this.config.tokenDelivery?.method || 'json';
+        if (method !== 'cookies' && method !== 'hybrid') {
+            await next();
+            return;
+        }
+        if (SAFE_METHODS.includes(req.method)) {
+            await this.generateTokenIfMissing(req, res);
+            await next();
+            return;
+        }
+        if (req.attributes.nauthPublic) {
+            await next();
+            return;
+        }
+        const excludedPaths = this.config.security?.csrf?.excludedPaths || [];
+        if (excludedPaths.some((p) => req.path.startsWith(p))) {
+            await next();
+            return;
+        }
+        await this.validateToken(req);
+        await next();
+    }
+    async generateTokenIfMissing(req, res) {
+        const cookieName = this.csrfService.getCookieName();
+        const existingToken = req.cookies[cookieName];
+        if (existingToken) {
+            delete req.attributes.nauthCsrfError;
+            return;
+        }
+        const token = this.csrfService.generateToken();
+        const cookieOptions = {
+            httpOnly: true,
+            secure: this.config.tokenDelivery?.cookieOptions?.secure ?? true,
+            sameSite: (this.config.tokenDelivery?.cookieOptions?.sameSite || 'strict'),
+            domain: this.config.tokenDelivery?.cookieOptions?.domain,
+            path: '/',
+            ...this.csrfService.getCookieOptions(),
+        };
+        res.setCookie(cookieName, token, cookieOptions);
+        res.header(this.csrfService.getHeaderName(), token);
+        this.logger?.debug?.('CSRF token generated and set');
+    }
+    async validateToken(req) {
+        const headerName = this.csrfService.getHeaderName();
+        const cookieName = this.csrfService.getCookieName();
+        let tokenFromRequest = req.getHeader(headerName);
+        if (!tokenFromRequest && req.body) {
+            const body = req.body;
+            tokenFromRequest = (body[headerName] || body['_csrf'] || body['csrfToken']);
+        }
+        const cookieToken = req.cookies[cookieName];
+        if (!tokenFromRequest) {
+            req.attributes.nauthCsrfError = new index_1.NAuthException(index_1.AuthErrorCode.CSRF_TOKEN_MISSING, `CSRF token required. Include ${headerName} header or _csrf/csrfToken in body with the value from ${cookieName} cookie.`);
+            return;
+        }
+        if (!cookieToken) {
+            req.attributes.nauthCsrfError = new index_1.NAuthException(index_1.AuthErrorCode.CSRF_TOKEN_MISSING, 'CSRF cookie missing. Make a GET request first to obtain a token.');
+            return;
+        }
+        const isValid = this.csrfService.validateToken(String(tokenFromRequest), cookieToken);
+        if (!isValid) {
+            req.attributes.nauthCsrfError = new index_1.NAuthException(index_1.AuthErrorCode.CSRF_TOKEN_INVALID, 'CSRF token mismatch.');
+            return;
+        }
+        this.logger?.debug?.('CSRF token validated successfully');
+    }
+}
+exports.CsrfHandler = CsrfHandler;
+//# sourceMappingURL=csrf.handler.js.map

package/dist/handlers/csrf.handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.handler.js","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":";;;AAcA,oCAAmF;AAKnF,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAOhD,MAAa,WAAW;IAEH;IACA;IACA;IAHnB,YACmB,WAAwB,EACxB,MAAmB,EACnB,MAAoB;QAFpB,gBAAW,GAAX,WAAW,CAAa;QACxB,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAc;IACpC,CAAC;IAOG,KAAK,CAAC,MAAM,CAAC,GAAiB,EAAE,GAAkB,EAAE,IAAgC;QAEzF,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,IAAI,MAAM,CAAC;QAC3D,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAGD,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC5C,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAGD,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC/B,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAGD,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,aAAa,IAAI,EAAE,CAAC;QACtE,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAGD,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAE9B,MAAM,IAAI,EAAE,CAAC;IACf,CAAC;IAKO,KAAK,CAAC,sBAAsB,CAAC,GAAiB,EAAE,GAAkB;QACxE,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,aAAa,EAAE,CAAC;YAElB,OAAO,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;YACrC,OAAO;QACT,CAAC;QAGD,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAG/C,MAAM,aAAa,GAAG;YACpB,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM,IAAI,IAAI;YAChE,QAAQ,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,QAAQ,IAAI,QAAQ,CAA8B;YACvG,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM;YACxD,IAAI,EAAE,GAAG;YACT,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE;SACvC,CAAC;QAGF,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC;QAGhD,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,EAAE,KAAK,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,8BAA8B,CAAC,CAAC;IACvD,CAAC;IAQO,KAAK,CAAC,aAAa,CAAC,GAAiB;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAGpD,IAAI,gBAAgB,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,gBAAgB,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YAElC,MAAM,IAAI,GAAG,GAAG,CAAC,IAA+B,CAAC;YACjD,gBAAgB,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,CAAuB,CAAC;QACpG,CAAC;QAGD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAG5C,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAChD,qBAAa,CAAC,kBAAkB,EAChC,gCAAgC,UAAU,0DAA0D,UAAU,UAAU,CACzH,CAAC;YACF,OAAO;QACT,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAChD,qBAAa,CAAC,kBAAkB,EAChC,kEAAkE,CACnE,CAAC;YACF,OAAO;QACT,CAAC;QAGD,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,WAAW,CAAC,CAAC;QAEtF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAAC,qBAAa,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;YAC7G,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,mCAAmC,CAAC,CAAC;IAC5D,CAAC;CACF;AAjID,kCAiIC"}

package/dist/handlers/token-delivery.handler.d.ts

@@ -0,0 +1,12 @@
+import { NAuthConfig, NAuthLogger } from '../index';
+import { NAuthRequest, NAuthResponse } from '../platform/interfaces';
+export declare class TokenDeliveryHandler {
+    private config;
+    private logger?;
+    constructor(config: NAuthConfig, logger?: NAuthLogger | undefined);
+    handleResponse(req: NAuthRequest, res: NAuthResponse, body: any): Promise<any>;
+    private resolveDeliveryMode;
+    private setTokenCookies;
+    private parseExpiry;
+}
+//# sourceMappingURL=token-delivery.handler.d.ts.map

package/dist/handlers/token-delivery.handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-delivery.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/token-delivery.handler.ts"],"names":[],"mappings":"AAMA,OAAO,EACL,WAAW,EAIX,WAAW,EACZ,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,YAAY,EAAE,aAAa,EAAsB,MAAM,wBAAwB,CAAC;AAEzF,qBAAa,oBAAoB;IAE7B,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,MAAM,CAAC;gBADP,MAAM,EAAE,WAAW,EACnB,MAAM,CAAC,EAAE,WAAW,YAAA;IAQjB,cAAc,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IA2B3F,OAAO,CAAC,mBAAmB;IAgB3B,OAAO,CAAC,eAAe;IA0BvB,OAAO,CAAC,WAAW;CAsBpB"}

package/dist/handlers/token-delivery.handler.js

@@ -0,0 +1,86 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenDeliveryHandler = void 0;
+const index_1 = require("../index");
+class TokenDeliveryHandler {
+    config;
+    logger;
+    constructor(config, logger) {
+        this.config = config;
+        this.logger = logger;
+    }
+    async handleResponse(req, res, body) {
+        if (body && typeof body === 'object' && body.accessToken && body.refreshToken) {
+            const deliveryMode = this.resolveDeliveryMode(req);
+            if (deliveryMode === 'cookies') {
+                this.setTokenCookies(res, body);
+                const sanitizedBody = { ...body };
+                delete sanitizedBody.accessToken;
+                delete sanitizedBody.refreshToken;
+                delete sanitizedBody.accessTokenExpiresAt;
+                delete sanitizedBody.refreshTokenExpiresAt;
+                this.logger?.debug?.('Tokens delivered via cookies');
+                return sanitizedBody;
+            }
+            else {
+                this.logger?.debug?.('Tokens delivered via JSON');
+                return body;
+            }
+        }
+        return body;
+    }
+    resolveDeliveryMode(req) {
+        const method = this.config.tokenDelivery?.method || 'json';
+        if (req.attributes['nauthTokenDelivery']) {
+            return req.attributes['nauthTokenDelivery'];
+        }
+        if (method === 'hybrid') {
+            return (0, index_1.resolveDeliveryForRequest)(req.raw, this.config.tokenDelivery?.hybridPolicy);
+        }
+        return method === 'cookies' ? 'cookies' : 'json';
+    }
+    setTokenCookies(res, body) {
+        const accessTokenCookieName = (0, index_1.getAccessTokenCookieName)(this.config);
+        const refreshTokenCookieName = (0, index_1.getRefreshTokenCookieName)(this.config);
+        const cookieOptions = {
+            httpOnly: true,
+            secure: this.config.tokenDelivery?.cookieOptions?.secure ?? true,
+            sameSite: (this.config.tokenDelivery?.cookieOptions?.sameSite || 'strict'),
+            domain: this.config.tokenDelivery?.cookieOptions?.domain,
+            path: '/',
+        };
+        const accessMaxAge = this.parseExpiry(this.config.jwt.accessToken.expiresIn) * 1000;
+        const refreshMaxAge = this.parseExpiry(this.config.jwt.refreshToken.expiresIn) * 1000;
+        res.setCookie(accessTokenCookieName, body.accessToken, {
+            ...cookieOptions,
+            maxAge: accessMaxAge,
+        });
+        res.setCookie(refreshTokenCookieName, body.refreshToken, {
+            ...cookieOptions,
+            maxAge: refreshMaxAge,
+        });
+    }
+    parseExpiry(expiry) {
+        if (typeof expiry === 'number')
+            return expiry;
+        const match = expiry.match(/^(\d+)([smhd])$/);
+        if (!match)
+            return 900;
+        const value = parseInt(match[1], 10);
+        const unit = match[2];
+        switch (unit) {
+            case 's':
+                return value;
+            case 'm':
+                return value * 60;
+            case 'h':
+                return value * 3600;
+            case 'd':
+                return value * 86400;
+            default:
+                return 900;
+        }
+    }
+}
+exports.TokenDeliveryHandler = TokenDeliveryHandler;
+//# sourceMappingURL=token-delivery.handler.js.map

package/dist/handlers/token-delivery.handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-delivery.handler.js","sourceRoot":"","sources":["../../src/handlers/token-delivery.handler.ts"],"names":[],"mappings":";;;AAMA,oCAMkB;AAGlB,MAAa,oBAAoB;IAErB;IACA;IAFV,YACU,MAAmB,EACnB,MAAoB;QADpB,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAc;IAC3B,CAAC;IAOG,KAAK,CAAC,cAAc,CAAC,GAAiB,EAAE,GAAkB,EAAE,IAAS;QAE1E,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC9E,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAEnD,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;gBAC/B,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;gBAIhC,MAAM,aAAa,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;gBAClC,OAAO,aAAa,CAAC,WAAW,CAAC;gBACjC,OAAO,aAAa,CAAC,YAAY,CAAC;gBAClC,OAAO,aAAa,CAAC,oBAAoB,CAAC;gBAC1C,OAAO,aAAa,CAAC,qBAAqB,CAAC;gBAE3C,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,8BAA8B,CAAC,CAAC;gBACrD,OAAO,aAAa,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,2BAA2B,CAAC,CAAC;gBAClD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,mBAAmB,CAAC,GAAiB;QAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,IAAI,MAAM,CAAC;QAG3D,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE,CAAC;YACzC,OAAO,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;QAC9C,CAAC;QAGD,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YACxB,OAAO,IAAA,iCAAyB,EAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;QACrF,CAAC;QAED,OAAO,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC;IACnD,CAAC;IAEO,eAAe,CAAC,GAAkB,EAAE,IAAS;QACnD,MAAM,qBAAqB,GAAG,IAAA,gCAAwB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,sBAAsB,GAAG,IAAA,iCAAyB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEtE,MAAM,aAAa,GAAuB;YACxC,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM,IAAI,IAAI;YAChE,QAAQ,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,QAAQ,IAAI,QAAQ,CAA8B;YACvG,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM;YACxD,IAAI,EAAE,GAAG;SACV,CAAC;QAEF,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC;QACpF,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC;QAEtF,GAAG,CAAC,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,WAAW,EAAE;YACrD,GAAG,aAAa;YAChB,MAAM,EAAE,YAAY;SACrB,CAAC,CAAC;QAEH,GAAG,CAAC,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC,YAAY,EAAE;YACvD,GAAG,aAAa;YAChB,MAAM,EAAE,aAAa;SACtB,CAAC,CAAC;IACL,CAAC;IAEO,WAAW,CAAC,MAAuB;QACzC,IAAI,OAAO,MAAM,KAAK,QAAQ;YAAE,OAAO,MAAM,CAAC;QAE9C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAC9C,IAAI,CAAC,KAAK;YAAE,OAAO,GAAG,CAAC;QAEvB,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,GAAG;gBACN,OAAO,KAAK,CAAC;YACf,KAAK,GAAG;gBACN,OAAO,KAAK,GAAG,EAAE,CAAC;YACpB,KAAK,GAAG;gBACN,OAAO,KAAK,GAAG,IAAI,CAAC;YACtB,KAAK,GAAG;gBACN,OAAO,KAAK,GAAG,KAAK,CAAC;YACvB;gBACE,OAAO,GAAG,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAtGD,oDAsGC"}

package/dist/index.d.ts

@@ -0,0 +1,27 @@
+export * from './services/auth.service';
+export * from './services/mfa.service';
+export * from './services/social-auth.service';
+export * from './services/email-verification.service';
+export * from './services/phone-verification.service';
+export * from './services/client-info.service';
+export { AuthAuditService } from './services/auth-audit.service';
+export { CsrfService } from './services/csrf.service';
+export * from './dto';
+export { NAuthException, getHttpStatusForErrorCode } from './exceptions/nauth.exception';
+export { AuthErrorCode } from './enums/error-codes.enum';
+export { AuthAuditEventType } from './enums/auth-audit-event-type.enum';
+export { MFAMethod, MFADeviceMethod, MFAVerificationMethod, MFADeviceMethods } from './enums/mfa-method.enum';
+export * from './interfaces';
+export type { ClientInfo as IClientInfo } from './interfaces/client-info.interface';
+export { authConfigSchema, type NAuthConfig as NAuthConfigFromSchema } from './schemas/auth-config.schema';
+export type { NAuthConfig } from './interfaces/config.interface';
+export * from './entities';
+export * from './storage';
+export * from './templates';
+export * from './utils';
+export * from './validators/template.validator';
+export * from './bootstrap';
+export * from './platform/interfaces';
+export * from './adapters';
+export * from './adapters/storage.factory';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAUA,cAAc,yBAAyB,CAAC;AAMxC,cAAc,wBAAwB,CAAC;AAMvC,cAAc,gCAAgC,CAAC;AAM/C,cAAc,uCAAuC,CAAC;AAMtD,cAAc,uCAAuC,CAAC;AAMtD,cAAc,gCAAgC,CAAC;AAS/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAKjE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAgBtD,cAAc,OAAO,CAAC;AAGtB,OAAO,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AACzF,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAG9G,cAAc,cAAc,CAAC;AAE7B,YAAY,EAAE,UAAU,IAAI,WAAW,EAAE,MAAM,oCAAoC,CAAC;AAGpF,OAAO,EAAE,gBAAgB,EAAE,KAAK,WAAW,IAAI,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AAE3G,YAAY,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAGjE,cAAc,YAAY,CAAC;AAG3B,cAAc,WAAW,CAAC;AAG1B,cAAc,aAAa,CAAC;AAG5B,cAAc,SAAS,CAAC;AAGxB,cAAc,iCAAiC,CAAC;AAOhD,cAAc,aAAa,CAAC;AAG5B,cAAc,uBAAuB,CAAC;AAGtC,cAAc,YAAY,CAAC;AAG3B,cAAc,4BAA4B,CAAC"}

package/dist/index.js

@@ -0,0 +1,51 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authConfigSchema = exports.MFADeviceMethods = exports.MFAMethod = exports.AuthAuditEventType = exports.AuthErrorCode = exports.getHttpStatusForErrorCode = exports.NAuthException = exports.CsrfService = exports.AuthAuditService = void 0;
+__exportStar(require("./services/auth.service"), exports);
+__exportStar(require("./services/mfa.service"), exports);
+__exportStar(require("./services/social-auth.service"), exports);
+__exportStar(require("./services/email-verification.service"), exports);
+__exportStar(require("./services/phone-verification.service"), exports);
+__exportStar(require("./services/client-info.service"), exports);
+var auth_audit_service_1 = require("./services/auth-audit.service");
+Object.defineProperty(exports, "AuthAuditService", { enumerable: true, get: function () { return auth_audit_service_1.AuthAuditService; } });
+var csrf_service_1 = require("./services/csrf.service");
+Object.defineProperty(exports, "CsrfService", { enumerable: true, get: function () { return csrf_service_1.CsrfService; } });
+__exportStar(require("./dto"), exports);
+var nauth_exception_1 = require("./exceptions/nauth.exception");
+Object.defineProperty(exports, "NAuthException", { enumerable: true, get: function () { return nauth_exception_1.NAuthException; } });
+Object.defineProperty(exports, "getHttpStatusForErrorCode", { enumerable: true, get: function () { return nauth_exception_1.getHttpStatusForErrorCode; } });
+var error_codes_enum_1 = require("./enums/error-codes.enum");
+Object.defineProperty(exports, "AuthErrorCode", { enumerable: true, get: function () { return error_codes_enum_1.AuthErrorCode; } });
+var auth_audit_event_type_enum_1 = require("./enums/auth-audit-event-type.enum");
+Object.defineProperty(exports, "AuthAuditEventType", { enumerable: true, get: function () { return auth_audit_event_type_enum_1.AuthAuditEventType; } });
+var mfa_method_enum_1 = require("./enums/mfa-method.enum");
+Object.defineProperty(exports, "MFAMethod", { enumerable: true, get: function () { return mfa_method_enum_1.MFAMethod; } });
+Object.defineProperty(exports, "MFADeviceMethods", { enumerable: true, get: function () { return mfa_method_enum_1.MFADeviceMethods; } });
+__exportStar(require("./interfaces"), exports);
+var auth_config_schema_1 = require("./schemas/auth-config.schema");
+Object.defineProperty(exports, "authConfigSchema", { enumerable: true, get: function () { return auth_config_schema_1.authConfigSchema; } });
+__exportStar(require("./entities"), exports);
+__exportStar(require("./storage"), exports);
+__exportStar(require("./templates"), exports);
+__exportStar(require("./utils"), exports);
+__exportStar(require("./validators/template.validator"), exports);
+__exportStar(require("./bootstrap"), exports);
+__exportStar(require("./platform/interfaces"), exports);
+__exportStar(require("./adapters"), exports);
+__exportStar(require("./adapters/storage.factory"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAUA,0DAAwC;AAMxC,yDAAuC;AAMvC,iEAA+C;AAM/C,wEAAsD;AAMtD,wEAAsD;AAMtD,iEAA+C;AAS/C,oEAAiE;AAAxD,sHAAA,gBAAgB,OAAA;AAKzB,wDAAsD;AAA7C,2GAAA,WAAW,OAAA;AAgBpB,wCAAsB;AAGtB,gEAAyF;AAAhF,iHAAA,cAAc,OAAA;AAAE,4HAAA,yBAAyB,OAAA;AAClD,6DAAyD;AAAhD,iHAAA,aAAa,OAAA;AACtB,iFAAwE;AAA/D,gIAAA,kBAAkB,OAAA;AAC3B,2DAA8G;AAArG,4GAAA,SAAS,OAAA;AAA0C,mHAAA,gBAAgB,OAAA;AAG5E,+CAA6B;AAK7B,mEAA2G;AAAlG,sHAAA,gBAAgB,OAAA;AAKzB,6CAA2B;AAG3B,4CAA0B;AAG1B,8CAA4B;AAG5B,0CAAwB;AAGxB,kEAAgD;AAOhD,8CAA4B;AAG5B,wDAAsC;AAGtC,6CAA2B;AAG3B,6DAA2C"}

package/dist/interfaces/client-info.interface.d.ts

@@ -0,0 +1,16 @@
+export interface ClientInfo {
+    ipAddress: string;
+    userAgent: string;
+    deviceToken?: string;
+    deviceName?: string;
+    deviceType?: 'mobile' | 'desktop' | 'tablet';
+    ipCountry?: string;
+    ipCity?: string;
+    ipLatitude?: number;
+    ipLongitude?: number;
+    platform?: string;
+    browser?: string;
+    sessionId?: number;
+    userId?: number;
+}
+//# sourceMappingURL=client-info.interface.d.ts.map

package/dist/interfaces/client-info.interface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-info.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/client-info.interface.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,UAAU;IAKzB,SAAS,EAAE,MAAM,CAAC;IAKlB,SAAS,EAAE,MAAM,CAAC;IAYlB,WAAW,CAAC,EAAE,MAAM,CAAC;IAKrB,UAAU,CAAC,EAAE,MAAM,CAAC;IAKpB,UAAU,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,QAAQ,CAAC;IAK7C,SAAS,CAAC,EAAE,MAAM,CAAC;IAKnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAMhB,UAAU,CAAC,EAAE,MAAM,CAAC;IAMpB,WAAW,CAAC,EAAE,MAAM,CAAC;IAKrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAKlB,OAAO,CAAC,EAAE,MAAM,CAAC;IAMjB,SAAS,CAAC,EAAE,MAAM,CAAC;IAOnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB"}

package/dist/interfaces/client-info.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=client-info.interface.js.map

package/dist/interfaces/client-info.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-info.interface.js","sourceRoot":"","sources":["../../src/interfaces/client-info.interface.ts"],"names":[],"mappings":""}