@nauth-toolkit/core 0.1.0

package/dist/adapters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAOA,yDAAuC;AAGvC,qDAA0E;AAAjE,iHAAA,cAAc,OAAA;AACvB,qDAAmD;AAA1C,iHAAA,cAAc,OAAA;AAIvB,qDAAqD;AAA5C,mHAAA,gBAAgB,OAAA"}

package/dist/adapters/storage.factory.d.ts

@@ -0,0 +1,7 @@
+import { StorageAdapter } from '../interfaces/storage-adapter.interface';
+export declare function createDatabaseStorageAdapter(): StorageAdapter;
+export declare function createRedisStorageAdapter(url?: string): StorageAdapter;
+export declare function createRedisClusterAdapter(nodes: Array<{
+    url: string;
+}>): StorageAdapter;
+//# sourceMappingURL=storage.factory.d.ts.map

package/dist/adapters/storage.factory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage.factory.d.ts","sourceRoot":"","sources":["../../src/adapters/storage.factory.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAE,cAAc,EAAE,MAAM,yCAAyC,CAAC;AA2BzE,wBAAgB,4BAA4B,IAAI,cAAc,CAI7D;AAmCD,wBAAgB,yBAAyB,CAAC,GAAG,GAAE,MAAiC,GAAG,cAAc,CAWhG;AAgCD,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,CAAC,GAAG,cAAc,CAavF"}

package/dist/adapters/storage.factory.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createDatabaseStorageAdapter = createDatabaseStorageAdapter;
+exports.createRedisStorageAdapter = createRedisStorageAdapter;
+exports.createRedisClusterAdapter = createRedisClusterAdapter;
+function createDatabaseStorageAdapter() {
+    const { DatabaseStorageAdapter } = require('@nauth-toolkit/storage-database');
+    return new DatabaseStorageAdapter(null, null, null);
+}
+function createRedisStorageAdapter(url = 'redis://localhost:6379') {
+    const { RedisStorageAdapter } = require('@nauth-toolkit/storage-redis');
+    const { createClient } = require('redis');
+    const redisClient = createClient({ url });
+    return new RedisStorageAdapter(redisClient);
+}
+function createRedisClusterAdapter(nodes) {
+    const { RedisStorageAdapter } = require('@nauth-toolkit/storage-redis');
+    const { createCluster } = require('redis');
+    const clusterClient = createCluster({
+        rootNodes: nodes,
+    });
+    return new RedisStorageAdapter(clusterClient);
+}
+//# sourceMappingURL=storage.factory.js.map

package/dist/adapters/storage.factory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage.factory.js","sourceRoot":"","sources":["../../src/adapters/storage.factory.ts"],"names":[],"mappings":";;AA+CA,oEAIC;AAmCD,8DAWC;AAgCD,8DAaC;AA/FD,SAAgB,4BAA4B;IAE1C,MAAM,EAAE,sBAAsB,EAAE,GAAG,OAAO,CAAC,iCAAiC,CAAC,CAAC;IAC9E,OAAO,IAAI,sBAAsB,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AACtD,CAAC;AAmCD,SAAgB,yBAAyB,CAAC,MAAc,wBAAwB;IAE9E,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,8BAA8B,CAAC,CAAC;IACxE,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE1C,MAAM,WAAW,GAAG,YAAY,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;IAK1C,OAAO,IAAI,mBAAmB,CAAC,WAAW,CAAC,CAAC;AAC9C,CAAC;AAgCD,SAAgB,yBAAyB,CAAC,KAA6B;IAErE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,8BAA8B,CAAC,CAAC;IACxE,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE3C,MAAM,aAAa,GAAG,aAAa,CAAC;QAClC,SAAS,EAAE,KAAK;KACjB,CAAC,CAAC;IAKH,OAAO,IAAI,mBAAmB,CAAC,aAAa,CAAC,CAAC;AAChD,CAAC"}

package/dist/bootstrap.d.ts

@@ -0,0 +1,41 @@
+import { DataSource } from 'typeorm';
+import { NAuthConfig } from './interfaces/config.interface';
+import { NAuthLogger } from './utils/nauth-logger';
+import { NAuthAdapter } from './platform/interfaces';
+import { CsrfService } from './services/csrf.service';
+import { NAuthServices } from './utils/setup/init-services';
+import { NAuthSocialProviders } from './utils/setup/init-social';
+import { ClientInfo } from './interfaces/client-info.interface';
+import { IUser } from './interfaces/entities.interface';
+export interface NAuthOptions {
+    config: NAuthConfig;
+    dataSource: DataSource;
+    adapter?: NAuthAdapter;
+}
+export interface NAuthInstance<TMiddleware = unknown, THelper = unknown> extends Omit<NAuthServices, 'challengeService' | 'authChallengeHelperService'>, NAuthSocialProviders {
+    middleware: {
+        clientInfo: TMiddleware;
+        auth: TMiddleware;
+        csrf: TMiddleware;
+        tokenDelivery: TMiddleware;
+    };
+    helpers: {
+        public: () => THelper;
+        requireAuth: (options?: {
+            csrf?: boolean;
+        }) => THelper;
+        optionalAuth: () => THelper;
+        tokenDelivery: (mode: 'json' | 'cookies') => THelper;
+        getCurrentUser: () => IUser | undefined;
+        getCurrentSession: () => string | number | undefined;
+        getClientInfo: () => ClientInfo | undefined;
+    };
+    adapter: NAuthAdapter;
+    config: NAuthConfig;
+    logger: NAuthLogger;
+    csrfService?: CsrfService;
+}
+export declare class NAuth {
+    static create(options: NAuthOptions): Promise<NAuthInstance>;
+}
+//# sourceMappingURL=bootstrap.d.ts.map

package/dist/bootstrap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":"AA6BA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAGnD,OAAO,EAAE,YAAY,EAA+B,MAAM,uBAAuB,CAAC;AASlF,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAKtD,OAAO,EAAgB,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE1E,OAAO,EAAkB,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAGjF,OAAO,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC;AAChE,OAAO,EAAE,KAAK,EAAE,MAAM,iCAAiC,CAAC;AASxD,MAAM,WAAW,YAAY;IAE3B,MAAM,EAAE,WAAW,CAAC;IAGpB,UAAU,EAAE,UAAU,CAAC;IAMvB,OAAO,CAAC,EAAE,YAAY,CAAC;CACxB;AAUD,MAAM,WAAW,aAAa,CAAC,WAAW,GAAG,OAAO,EAAE,OAAO,GAAG,OAAO,CACrE,SAAQ,IAAI,CAAC,aAAa,EAAE,kBAAkB,GAAG,4BAA4B,CAAC,EAAE,oBAAoB;IAEpG,UAAU,EAAE;QAEV,UAAU,EAAE,WAAW,CAAC;QAExB,IAAI,EAAE,WAAW,CAAC;QAElB,IAAI,EAAE,WAAW,CAAC;QAElB,aAAa,EAAE,WAAW,CAAC;KAC5B,CAAC;IAGF,OAAO,EAAE;QAEP,MAAM,EAAE,MAAM,OAAO,CAAC;QAEtB,WAAW,EAAE,CAAC,OAAO,CAAC,EAAE;YAAE,IAAI,CAAC,EAAE,OAAO,CAAA;SAAE,KAAK,OAAO,CAAC;QAEvD,YAAY,EAAE,MAAM,OAAO,CAAC;QAE5B,aAAa,EAAE,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,KAAK,OAAO,CAAC;QAErD,cAAc,EAAE,MAAM,KAAK,GAAG,SAAS,CAAC;QAExC,iBAAiB,EAAE,MAAM,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;QAErD,aAAa,EAAE,MAAM,UAAU,GAAG,SAAS,CAAC;KAC7C,CAAC;IAGF,OAAO,EAAE,YAAY,CAAC;IAGtB,MAAM,EAAE,WAAW,CAAC;IAGpB,MAAM,EAAE,WAAW,CAAC;IAGpB,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAWD,qBAAa,KAAK;WAgBH,MAAM,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;CA0NnE"}

package/dist/bootstrap.js

@@ -0,0 +1,113 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NAuth = void 0;
+const nauth_logger_1 = require("./utils/nauth-logger");
+const nauth_exception_1 = require("./exceptions/nauth.exception");
+const error_codes_enum_1 = require("./enums/error-codes.enum");
+const express_adapter_1 = require("./adapters/express.adapter");
+const context_storage_1 = require("./utils/context-storage");
+const client_info_handler_1 = require("./handlers/client-info.handler");
+const auth_handler_1 = require("./handlers/auth.handler");
+const token_delivery_handler_1 = require("./handlers/token-delivery.handler");
+const csrf_handler_1 = require("./handlers/csrf.handler");
+const csrf_service_1 = require("./services/csrf.service");
+const get_repositories_1 = require("./utils/setup/get-repositories");
+const init_storage_1 = require("./utils/setup/init-storage");
+const init_services_1 = require("./utils/setup/init-services");
+const register_mfa_1 = require("./utils/setup/register-mfa");
+const init_social_1 = require("./utils/setup/init-social");
+const run_nauth_migrations_1 = require("./utils/setup/run-nauth-migrations");
+const internal_1 = require("./internal");
+class NAuth {
+    static async create(options) {
+        const { config, dataSource } = options;
+        const adapter = options.adapter || new express_adapter_1.ExpressAdapter();
+        const logger = new nauth_logger_1.NAuthLogger(config.logger);
+        logger.log(`Initializing NAuth with ${adapter.name}...`);
+        await (0, run_nauth_migrations_1.runNAuthMigrationsOnStartup)(config, dataSource, logger);
+        const repos = (0, get_repositories_1.getRepositories)(dataSource);
+        const storage = await (0, init_storage_1.initStorage)(config, repos.rateLimitRepository, repos.storageLockRepository, logger);
+        const emailProvider = config.emailProvider;
+        const smsProvider = config.smsProvider;
+        const services = (0, init_services_1.initServices)(config, repos, storage, logger, emailProvider, smsProvider);
+        const contextBuilder = new internal_1.AuthFlowContextBuilder(services.trustedDeviceService, services.adaptiveMFADecisionService, services.clientInfoService, logger);
+        const stateMachine = new internal_1.AuthFlowStateMachineService(contextBuilder, logger);
+        if (services.authChallengeHelperService) {
+            services.authChallengeHelperService.stateMachine = stateMachine;
+            services.authChallengeHelperService.contextBuilder = contextBuilder;
+        }
+        else {
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.INTERNAL_ERROR, 'AuthChallengeHelperService not initialized.');
+        }
+        const socialAuthStateStore = new Map();
+        if (config.mfa?.enabled && services.mfaService) {
+            await (0, register_mfa_1.registerMFAProviders)(config, services.mfaService, repos.mfaDeviceRepository, repos.userRepository, logger, services.passwordService, services.emailVerificationService, services.phoneVerificationService, services.challengeService, services.auditService, services.clientInfoService);
+        }
+        const socialProviders = await (0, init_social_1.initSocialAuth)(config, services.socialProviderRegistry, services.authService, services.socialAuthService, services.jwtService, services.sessionService, services.authChallengeHelperService, services.clientInfoService, logger, socialAuthStateStore, repos.userRepository, services.phoneVerificationService, services.auditService, services.trustedDeviceService);
+        const clientInfoHandler = new client_info_handler_1.ClientInfoHandler(services.clientInfoService, services.geoLocationService, logger);
+        const authHandler = new auth_handler_1.AuthHandler(services.jwtService, services.sessionService, repos.userRepository, config, logger);
+        const tokenDeliveryHandler = new token_delivery_handler_1.TokenDeliveryHandler(config, logger);
+        const csrfService = config.tokenDelivery?.method === 'cookies' || config.tokenDelivery?.method === 'hybrid'
+            ? new csrf_service_1.CsrfService(config)
+            : undefined;
+        const csrfHandler = csrfService ? new csrf_handler_1.CsrfHandler(csrfService, config, logger) : null;
+        const middleware = {
+            clientInfo: adapter.registerMiddleware('clientInfo', clientInfoHandler.handle.bind(clientInfoHandler), {
+                initializesContext: true,
+            }),
+            auth: adapter.registerMiddleware('auth', authHandler.handle.bind(authHandler)),
+            csrf: csrfHandler
+                ? adapter.registerMiddleware('csrf', csrfHandler.handle.bind(csrfHandler))
+                : adapter.registerMiddleware('noop', async (_req, _res, next) => {
+                    await next();
+                }),
+            tokenDelivery: adapter.registerResponseInterceptor(tokenDeliveryHandler.handleResponse.bind(tokenDeliveryHandler)),
+        };
+        const helpers = {
+            public: () => adapter.registerMiddleware('public', (req, _res, next) => {
+                req.attributes.nauthPublic = true;
+                return next();
+            }),
+            requireAuth: (options) => adapter.registerMiddleware('requireAuth', (req, res, next) => {
+                if (options?.csrf !== false && req.attributes.nauthCsrfError) {
+                    throw req.attributes.nauthCsrfError;
+                }
+                if (!req.attributes.user) {
+                    res.status(401).json({
+                        statusCode: 401,
+                        error: 'Unauthorized',
+                        message: 'Authentication required',
+                        code: 'AUTH_REQUIRED',
+                    });
+                    return;
+                }
+                return next();
+            }),
+            optionalAuth: () => adapter.registerMiddleware('optionalAuth', (_req, _res, next) => {
+                return next();
+            }),
+            tokenDelivery: (mode) => adapter.registerMiddleware('tokenDeliveryConfig', (req, _res, next) => {
+                req.attributes.nauthTokenDelivery = mode;
+                return next();
+            }),
+            getCurrentUser: () => context_storage_1.ContextStorage.get('CURRENT_USER'),
+            getCurrentSession: () => context_storage_1.ContextStorage.get('CURRENT_SESSION'),
+            getClientInfo: () => context_storage_1.ContextStorage.get('CLIENT_INFO'),
+        };
+        const { challengeService, authChallengeHelperService, ...publicServices } = services;
+        logger.log(`NAuth initialized successfully with ${adapter.name}`);
+        return {
+            ...publicServices,
+            ...socialProviders,
+            middleware,
+            helpers,
+            adapter,
+            config,
+            logger,
+            socialAuthService: services.socialAuthService,
+            csrfService,
+        };
+    }
+}
+exports.NAuth = NAuth;
+//# sourceMappingURL=bootstrap.js.map

package/dist/bootstrap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":";;;AA+BA,uDAAmD;AACnD,kEAA8D;AAC9D,+DAAyD;AAEzD,gEAA4D;AAC5D,6DAAyD;AAGzD,wEAAmE;AACnE,0DAAsD;AACtD,8EAAyE;AACzE,0DAAsD;AACtD,0DAAsD;AAGtD,qEAAiE;AACjE,6DAAyD;AACzD,+DAA0E;AAC1E,6DAAkE;AAClE,2DAAiF;AACjF,6EAAiF;AACjF,yCAAiF;AAuFjF,MAAa,KAAK;IAgBhB,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAqB;QACvC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;QACvC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,gCAAc,EAAE,CAAC;QAExD,MAAM,MAAM,GAAG,IAAI,0BAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC9C,MAAM,CAAC,GAAG,CAAC,2BAA2B,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC;QAKzD,MAAM,IAAA,kDAA2B,EAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QAK9D,MAAM,KAAK,GAAG,IAAA,kCAAe,EAAC,UAAU,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,MAAM,IAAA,0BAAW,EAAC,MAAM,EAAE,KAAK,CAAC,mBAAmB,EAAE,KAAK,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAK1G,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACvC,MAAM,QAAQ,GAAkB,IAAA,4BAAY,EAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;QAKzG,MAAM,cAAc,GAAG,IAAI,iCAAsB,CAC/C,QAAQ,CAAC,oBAAoB,EAC7B,QAAQ,CAAC,0BAA0B,EACnC,QAAQ,CAAC,iBAAiB,EAC1B,MAAM,CACP,CAAC;QACF,MAAM,YAAY,GAAG,IAAI,sCAA2B,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAE7E,IAAI,QAAQ,CAAC,0BAA0B,EAAE,CAAC;YACvC,QAAQ,CAAC,0BAAiE,CAAC,YAAY,GAAG,YAAY,CAAC;YACvG,QAAQ,CAAC,0BAAiE,CAAC,cAAc,GAAG,cAAc,CAAC;QAC9G,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,cAAc,EAAE,6CAA6C,CAAC,CAAC;QACxG,CAAC;QAKD,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAmD,CAAC;QAExF,IAAI,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC/C,MAAM,IAAA,mCAAoB,EACxB,MAAM,EACN,QAAQ,CAAC,UAAU,EACnB,KAAK,CAAC,mBAAoB,EAC1B,KAAK,CAAC,cAAc,EACpB,MAAM,EACN,QAAQ,CAAC,eAAe,EACxB,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,gBAAgB,EACzB,QAAQ,CAAC,YAAY,EACrB,QAAQ,CAAC,iBAAiB,CAC3B,CAAC;QACJ,CAAC;QAED,MAAM,eAAe,GAAyB,MAAM,IAAA,4BAAc,EAChE,MAAM,EACN,QAAQ,CAAC,sBAAsB,EAC/B,QAAQ,CAAC,WAAW,EACpB,QAAQ,CAAC,iBAAiB,EAC1B,QAAQ,CAAC,UAAU,EACnB,QAAQ,CAAC,cAAc,EACvB,QAAQ,CAAC,0BAA0B,EACnC,QAAQ,CAAC,iBAAiB,EAC1B,MAAM,EACN,oBAAoB,EACpB,KAAK,CAAC,cAAc,EACpB,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,YAAY,EACrB,QAAQ,CAAC,oBAAoB,CAC9B,CAAC;QAKF,MAAM,iBAAiB,GAAG,IAAI,uCAAiB,CAAC,QAAQ,CAAC,iBAAiB,EAAE,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;QAEjH,MAAM,WAAW,GAAG,IAAI,0BAAW,CACjC,QAAQ,CAAC,UAAU,EACnB,QAAQ,CAAC,cAAc,EACvB,KAAK,CAAC,cAAc,EACpB,MAAM,EACN,MAAM,CACP,CAAC;QAEF,MAAM,oBAAoB,GAAG,IAAI,6CAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAGtE,MAAM,WAAW,GACf,MAAM,CAAC,aAAa,EAAE,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,aAAa,EAAE,MAAM,KAAK,QAAQ;YACrF,CAAC,CAAC,IAAI,0BAAW,CAAC,MAAM,CAAC;YACzB,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,IAAI,0BAAW,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAKtF,MAAM,UAAU,GAAG;YAEjB,UAAU,EAAE,OAAO,CAAC,kBAAkB,CAAC,YAAY,EAAE,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE;gBACrG,kBAAkB,EAAE,IAAI;aACzB,CAAC;YAGF,IAAI,EAAE,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAG9E,IAAI,EAAE,WAAW;gBACf,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC1E,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,KAAK,EAAE,IAAkB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;oBACrG,MAAM,IAAI,EAAE,CAAC;gBACf,CAAC,CAAC;YAGN,aAAa,EAAE,OAAO,CAAC,2BAA2B,CAChD,oBAAoB,CAAC,cAAc,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAC/D;SACF,CAAC;QAKF,MAAM,OAAO,GAAG;YAId,MAAM,EAAE,GAAG,EAAE,CACX,OAAO,CAAC,kBAAkB,CAAC,QAAQ,EAAE,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBAChG,GAAG,CAAC,UAAU,CAAC,WAAW,GAAG,IAAI,CAAC;gBAClC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAOJ,WAAW,EAAE,CAAC,OAA4B,EAAE,EAAE,CAC5C,OAAO,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC,GAAiB,EAAE,GAAkB,EAAE,IAAgB,EAAE,EAAE;gBAEpG,IAAI,OAAO,EAAE,IAAI,KAAK,KAAK,IAAI,GAAG,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;oBAC7D,MAAM,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;gBACtC,CAAC;gBAGD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;oBACzB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACnB,UAAU,EAAE,GAAG;wBACf,KAAK,EAAE,cAAc;wBACrB,OAAO,EAAE,yBAAyB;wBAClC,IAAI,EAAE,eAAe;qBACtB,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAQJ,YAAY,EAAE,GAAG,EAAE,CACjB,OAAO,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC,IAAkB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBACvG,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAKJ,aAAa,EAAE,CAAC,IAAwB,EAAE,EAAE,CAC1C,OAAO,CAAC,kBAAkB,CACxB,qBAAqB,EACrB,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBAC3D,GAAG,CAAC,UAAU,CAAC,kBAAkB,GAAG,IAAI,CAAC;gBACzC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CACF;YAGH,cAAc,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAQ,cAAc,CAAC;YAC/D,iBAAiB,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAkB,iBAAiB,CAAC;YAC/E,aAAa,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAa,aAAa,CAAC;SACnE,CAAC;QAOF,MAAM,EAAE,gBAAgB,EAAE,0BAA0B,EAAE,GAAG,cAAc,EAAE,GAAG,QAAQ,CAAC;QAErF,MAAM,CAAC,GAAG,CAAC,uCAAuC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAElE,OAAO;YACL,GAAG,cAAc;YACjB,GAAG,eAAe;YAClB,UAAU;YACV,OAAO;YACP,OAAO;YACP,MAAM;YACN,MAAM;YACN,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB;YAC7C,WAAW;SACZ,CAAC;IACJ,CAAC;CACF;AA1OD,sBA0OC"}

package/dist/dto/auth-challenge.dto.d.ts

@@ -0,0 +1,19 @@
+export declare enum AuthChallenge {
+    VERIFY_EMAIL = "VERIFY_EMAIL",
+    VERIFY_PHONE = "VERIFY_PHONE",
+    MFA_REQUIRED = "MFA_REQUIRED",
+    MFA_SETUP_REQUIRED = "MFA_SETUP_REQUIRED",
+    FORCE_CHANGE_PASSWORD = "FORCE_CHANGE_PASSWORD"
+}
+export declare class AuthChallengeResponseDTO {
+    challengeName: AuthChallenge;
+    session: string;
+    challengeParameters: Record<string, unknown>;
+    userSub: string;
+}
+export declare class ChallengeResponseRequestDTO {
+    session: string;
+    challengeName: AuthChallenge;
+    challengeResponses: Record<string, unknown>;
+}
+//# sourceMappingURL=auth-challenge.dto.d.ts.map

package/dist/dto/auth-challenge.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-challenge.dto.d.ts","sourceRoot":"","sources":["../../src/dto/auth-challenge.dto.ts"],"names":[],"mappings":"AAoBA,oBAAY,aAAa;IAKvB,YAAY,iBAAiB;IAM7B,YAAY,iBAAiB;IAO7B,YAAY,iBAAiB;IAO7B,kBAAkB,uBAAuB;IAOzC,qBAAqB,0BAA0B;CAChD;AAwBD,qBAAa,wBAAwB;IAUnC,aAAa,EAAG,aAAa,CAAC;IAmB9B,OAAO,EAAG,MAAM,CAAC;IAyBjB,mBAAmB,EAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAmB9C,OAAO,EAAG,MAAM,CAAC;CAClB;AA2BD,qBAAa,2BAA2B;IAqBtC,OAAO,EAAG,MAAM,CAAC;IAWjB,aAAa,EAAG,aAAa,CAAC;IAmB9B,kBAAkB,EAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9C"}

package/dist/dto/auth-challenge.dto.js

@@ -0,0 +1,86 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChallengeResponseRequestDTO = exports.AuthChallengeResponseDTO = exports.AuthChallenge = void 0;
+const class_validator_1 = require("class-validator");
+const class_transformer_1 = require("class-transformer");
+var AuthChallenge;
+(function (AuthChallenge) {
+    AuthChallenge["VERIFY_EMAIL"] = "VERIFY_EMAIL";
+    AuthChallenge["VERIFY_PHONE"] = "VERIFY_PHONE";
+    AuthChallenge["MFA_REQUIRED"] = "MFA_REQUIRED";
+    AuthChallenge["MFA_SETUP_REQUIRED"] = "MFA_SETUP_REQUIRED";
+    AuthChallenge["FORCE_CHANGE_PASSWORD"] = "FORCE_CHANGE_PASSWORD";
+})(AuthChallenge || (exports.AuthChallenge = AuthChallenge = {}));
+class AuthChallengeResponseDTO {
+    challengeName;
+    session;
+    challengeParameters;
+    userSub;
+}
+exports.AuthChallengeResponseDTO = AuthChallengeResponseDTO;
+__decorate([
+    (0, class_validator_1.IsEnum)(AuthChallenge, {
+        message: 'Challenge name must be a valid AuthChallenge enum value',
+    }),
+    __metadata("design:type", String)
+], AuthChallengeResponseDTO.prototype, "challengeName", void 0);
+__decorate([
+    (0, class_validator_1.IsUUID)('4', { message: 'Session token must be a valid UUID v4 format' }),
+    (0, class_transformer_1.Transform)(({ value }) => {
+        if (typeof value === 'string') {
+            return value.trim().toLowerCase();
+        }
+        return value;
+    }),
+    __metadata("design:type", String)
+], AuthChallengeResponseDTO.prototype, "session", void 0);
+__decorate([
+    (0, class_validator_1.IsObject)({ message: 'Challenge parameters must be an object' }),
+    __metadata("design:type", Object)
+], AuthChallengeResponseDTO.prototype, "challengeParameters", void 0);
+__decorate([
+    (0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
+    (0, class_transformer_1.Transform)(({ value }) => {
+        if (typeof value === 'string') {
+            return value.trim().toLowerCase();
+        }
+        return value;
+    }),
+    __metadata("design:type", String)
+], AuthChallengeResponseDTO.prototype, "userSub", void 0);
+class ChallengeResponseRequestDTO {
+    session;
+    challengeName;
+    challengeResponses;
+}
+exports.ChallengeResponseRequestDTO = ChallengeResponseRequestDTO;
+__decorate([
+    (0, class_validator_1.IsUUID)('4', { message: 'Session token must be a valid UUID v4 format' }),
+    (0, class_transformer_1.Transform)(({ value }) => {
+        if (typeof value === 'string') {
+            return value.trim().toLowerCase();
+        }
+        return value;
+    }),
+    __metadata("design:type", String)
+], ChallengeResponseRequestDTO.prototype, "session", void 0);
+__decorate([
+    (0, class_validator_1.IsEnum)(AuthChallenge, {
+        message: 'Challenge name must be a valid AuthChallenge enum value',
+    }),
+    __metadata("design:type", String)
+], ChallengeResponseRequestDTO.prototype, "challengeName", void 0);
+__decorate([
+    (0, class_validator_1.IsObject)({ message: 'Challenge responses must be an object' }),
+    __metadata("design:type", Object)
+], ChallengeResponseRequestDTO.prototype, "challengeResponses", void 0);
+//# sourceMappingURL=auth-challenge.dto.js.map

package/dist/dto/auth-challenge.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-challenge.dto.js","sourceRoot":"","sources":["../../src/dto/auth-challenge.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAA2D;AAC3D,yDAA8C;AAmB9C,IAAY,aAiCX;AAjCD,WAAY,aAAa;IAKvB,8CAA6B,CAAA;IAM7B,8CAA6B,CAAA;IAO7B,8CAA6B,CAAA;IAO7B,0DAAyC,CAAA;IAOzC,gEAA+C,CAAA;AACjD,CAAC,EAjCW,aAAa,6BAAb,aAAa,QAiCxB;AAwBD,MAAa,wBAAwB;IAUnC,aAAa,CAAiB;IAmB9B,OAAO,CAAU;IAyBjB,mBAAmB,CAA2B;IAmB9C,OAAO,CAAU;CAClB;AA1ED,4DA0EC;AAhEC;IAHC,IAAA,wBAAM,EAAC,aAAa,EAAE;QACrB,OAAO,EAAE,yDAAyD;KACnE,CAAC;;+DAC4B;AAmB9B;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACe;AAyBjB;IADC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;;qEAClB;AAmB9C;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACe;AA4BnB,MAAa,2BAA2B;IAqBtC,OAAO,CAAU;IAWjB,aAAa,CAAiB;IAmB9B,kBAAkB,CAA2B;CAC9C;AApDD,kEAoDC;AA/BC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;4DACe;AAWjB;IAHC,IAAA,wBAAM,EAAC,aAAa,EAAE;QACrB,OAAO,EAAE,yDAAyD;KACnE,CAAC;;kEAC4B;AAmB9B;IADC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;;uEAClB"}

package/dist/dto/auth-response.dto.d.ts

@@ -0,0 +1,31 @@
+import { AuthChallenge } from './auth-challenge.dto';
+export declare class AuthResponseDTO {
+    accessToken?: string;
+    refreshToken?: string;
+    accessTokenExpiresAt?: number;
+    refreshTokenExpiresAt?: number;
+    trusted?: boolean;
+    deviceToken?: string;
+    user?: {
+        sub: string;
+        email: string;
+        firstName?: string | null;
+        lastName?: string | null;
+        phone?: string;
+        isEmailVerified: boolean;
+        isPhoneVerified?: boolean;
+        socialProviders?: string[];
+        hasPasswordHash?: boolean;
+    };
+    challengeName?: AuthChallenge;
+    session?: string;
+    challengeParameters?: Record<string, unknown>;
+    userSub?: string;
+}
+export interface TokenResponse {
+    accessToken: string;
+    refreshToken: string;
+    accessTokenExpiresAt: number;
+    refreshTokenExpiresAt: number;
+}
+//# sourceMappingURL=auth-response.dto.d.ts.map

package/dist/dto/auth-response.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-response.dto.d.ts","sourceRoot":"","sources":["../../src/dto/auth-response.dto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AA+BrD,qBAAa,eAAe;IAO1B,WAAW,CAAC,EAAE,MAAM,CAAC;IAQrB,YAAY,CAAC,EAAE,MAAM,CAAC;IAUtB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAU9B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAe/B,OAAO,CAAC,EAAE,OAAO,CAAC;IA0BlB,WAAW,CAAC,EAAE,MAAM,CAAC;IAQrB,IAAI,CAAC,EAAE;QAKL,GAAG,EAAE,MAAM,CAAC;QAKZ,KAAK,EAAE,MAAM,CAAC;QAKd,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAK1B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAMzB,KAAK,CAAC,EAAE,MAAM,CAAC;QAKf,eAAe,EAAE,OAAO,CAAC;QAKzB,eAAe,CAAC,EAAE,OAAO,CAAC;QAM1B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAO3B,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,CAAC;IAgBF,aAAa,CAAC,EAAE,aAAa,CAAC;IAa9B,OAAO,CAAC,EAAE,MAAM,CAAC;IAoBjB,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAS9C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAQD,MAAM,WAAW,aAAa;IAI5B,WAAW,EAAE,MAAM,CAAC;IAKpB,YAAY,EAAE,MAAM,CAAC;IAKrB,oBAAoB,EAAE,MAAM,CAAC;IAK7B,qBAAqB,EAAE,MAAM,CAAC;CAC/B"}

package/dist/dto/auth-response.dto.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthResponseDTO = void 0;
+class AuthResponseDTO {
+    accessToken;
+    refreshToken;
+    accessTokenExpiresAt;
+    refreshTokenExpiresAt;
+    trusted;
+    deviceToken;
+    user;
+    challengeName;
+    session;
+    challengeParameters;
+    userSub;
+}
+exports.AuthResponseDTO = AuthResponseDTO;
+//# sourceMappingURL=auth-response.dto.js.map

package/dist/dto/auth-response.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-response.dto.js","sourceRoot":"","sources":["../../src/dto/auth-response.dto.ts"],"names":[],"mappings":";;;AA+BA,MAAa,eAAe;IAO1B,WAAW,CAAU;IAQrB,YAAY,CAAU;IAUtB,oBAAoB,CAAU;IAU9B,qBAAqB,CAAU;IAe/B,OAAO,CAAW;IA0BlB,WAAW,CAAU;IAQrB,IAAI,CAkDF;IAgBF,aAAa,CAAiB;IAa9B,OAAO,CAAU;IAoBjB,mBAAmB,CAA2B;IAS9C,OAAO,CAAU;CAClB;AAjMD,0CAiMC"}

package/dist/dto/challenge-response.dto.d.ts

@@ -0,0 +1,36 @@
+export interface BaseChallengeResponse {
+    session: string;
+}
+export interface VerifyEmailResponse extends BaseChallengeResponse {
+    type: 'VERIFY_EMAIL';
+    code: string;
+}
+export interface CollectPhoneResponse extends BaseChallengeResponse {
+    type: 'VERIFY_PHONE';
+    phone: string;
+}
+export interface VerifyPhoneResponse extends BaseChallengeResponse {
+    type: 'VERIFY_PHONE';
+    code: string;
+}
+export interface VerifyMFACodeResponse extends BaseChallengeResponse {
+    type: 'MFA_REQUIRED';
+    method: 'sms' | 'totp' | 'backup';
+    code: string;
+}
+export interface VerifyMFAPasskeyResponse extends BaseChallengeResponse {
+    type: 'MFA_REQUIRED';
+    method: 'passkey';
+    credential: Record<string, unknown>;
+}
+export interface ForceChangePasswordResponse extends BaseChallengeResponse {
+    type: 'FORCE_CHANGE_PASSWORD';
+    newPassword: string;
+}
+export interface MFASetupResponse extends BaseChallengeResponse {
+    type: 'MFA_SETUP_REQUIRED';
+    method: 'sms' | 'email' | 'totp' | 'passkey';
+    setupData: Record<string, unknown>;
+}
+export type ChallengeResponseData = VerifyEmailResponse | CollectPhoneResponse | VerifyPhoneResponse | VerifyMFACodeResponse | VerifyMFAPasskeyResponse | ForceChangePasswordResponse | MFASetupResponse;
+//# sourceMappingURL=challenge-response.dto.d.ts.map

package/dist/dto/challenge-response.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"challenge-response.dto.d.ts","sourceRoot":"","sources":["../../src/dto/challenge-response.dto.ts"],"names":[],"mappings":"AAgBA,MAAM,WAAW,qBAAqB;IAEpC,OAAO,EAAE,MAAM,CAAC;CACjB;AAkBD,MAAM,WAAW,mBAAoB,SAAQ,qBAAqB;IAChE,IAAI,EAAE,cAAc,CAAC;IAErB,IAAI,EAAE,MAAM,CAAC;CACd;AAkBD,MAAM,WAAW,oBAAqB,SAAQ,qBAAqB;IACjE,IAAI,EAAE,cAAc,CAAC;IAErB,KAAK,EAAE,MAAM,CAAC;CACf;AAcD,MAAM,WAAW,mBAAoB,SAAQ,qBAAqB;IAChE,IAAI,EAAE,cAAc,CAAC;IAErB,IAAI,EAAE,MAAM,CAAC;CACd;AAmBD,MAAM,WAAW,qBAAsB,SAAQ,qBAAqB;IAClE,IAAI,EAAE,cAAc,CAAC;IAErB,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,QAAQ,CAAC;IAElC,IAAI,EAAE,MAAM,CAAC;CACd;AAeD,MAAM,WAAW,wBAAyB,SAAQ,qBAAqB;IACrE,IAAI,EAAE,cAAc,CAAC;IAErB,MAAM,EAAE,SAAS,CAAC;IAElB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAkBD,MAAM,WAAW,2BAA4B,SAAQ,qBAAqB;IACxE,IAAI,EAAE,uBAAuB,CAAC;IAE9B,WAAW,EAAE,MAAM,CAAC;CACrB;AAoCD,MAAM,WAAW,gBAAiB,SAAQ,qBAAqB;IAC7D,IAAI,EAAE,oBAAoB,CAAC;IAE3B,MAAM,EAAE,KAAK,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;IAO7C,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AA8BD,MAAM,MAAM,qBAAqB,GAC7B,mBAAmB,GACnB,oBAAoB,GACpB,mBAAmB,GACnB,qBAAqB,GACrB,wBAAwB,GACxB,2BAA2B,GAC3B,gBAAgB,CAAC"}

package/dist/dto/challenge-response.dto.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=challenge-response.dto.js.map

package/dist/dto/challenge-response.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"challenge-response.dto.js","sourceRoot":"","sources":["../../src/dto/challenge-response.dto.ts"],"names":[],"mappings":""}

package/dist/dto/change-password-request.dto.d.ts

@@ -0,0 +1,5 @@
+import { ChangePasswordDTO } from './change-password.dto';
+export declare class ChangePasswordRequestDTO extends ChangePasswordDTO {
+    sub: string;
+}
+//# sourceMappingURL=change-password-request.dto.d.ts.map

package/dist/dto/change-password-request.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"change-password-request.dto.d.ts","sourceRoot":"","sources":["../../src/dto/change-password-request.dto.ts"],"names":[],"mappings":"AAsBA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAK1D,qBAAa,wBAAyB,SAAQ,iBAAiB;IAqB7D,GAAG,EAAG,MAAM,CAAC;CACd"}

package/dist/dto/change-password-request.dto.js

@@ -0,0 +1,30 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChangePasswordRequestDTO = void 0;
+const class_validator_1 = require("class-validator");
+const class_transformer_1 = require("class-transformer");
+const change_password_dto_1 = require("./change-password.dto");
+class ChangePasswordRequestDTO extends change_password_dto_1.ChangePasswordDTO {
+    sub;
+}
+exports.ChangePasswordRequestDTO = ChangePasswordRequestDTO;
+__decorate([
+    (0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
+    (0, class_transformer_1.Transform)(({ value }) => {
+        if (typeof value === 'string') {
+            return value.trim().toLowerCase();
+        }
+        return value;
+    }),
+    __metadata("design:type", String)
+], ChangePasswordRequestDTO.prototype, "sub", void 0);
+//# sourceMappingURL=change-password-request.dto.js.map

package/dist/dto/change-password-request.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"change-password-request.dto.js","sourceRoot":"","sources":["../../src/dto/change-password-request.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAoBA,qDAAyC;AACzC,yDAA8C;AAC9C,+DAA0D;AAK1D,MAAa,wBAAyB,SAAQ,uCAAiB;IAqB7D,GAAG,CAAU;CACd;AAtBD,4DAsBC;AADC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACW"}

package/dist/dto/change-password-response.dto.d.ts

@@ -0,0 +1,4 @@
+export declare class ChangePasswordResponseDTO {
+    success: boolean;
+}
+//# sourceMappingURL=change-password-response.dto.d.ts.map

package/dist/dto/change-password-response.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"change-password-response.dto.d.ts","sourceRoot":"","sources":["../../src/dto/change-password-response.dto.ts"],"names":[],"mappings":"AAoBA,qBAAa,yBAAyB;IAOpC,OAAO,EAAG,OAAO,CAAC;CACnB"}

package/dist/dto/change-password-response.dto.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChangePasswordResponseDTO = void 0;
+class ChangePasswordResponseDTO {
+    success;
+}
+exports.ChangePasswordResponseDTO = ChangePasswordResponseDTO;
+//# sourceMappingURL=change-password-response.dto.js.map

package/dist/dto/change-password-response.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"change-password-response.dto.js","sourceRoot":"","sources":["../../src/dto/change-password-response.dto.ts"],"names":[],"mappings":";;;AAoBA,MAAa,yBAAyB;IAOpC,OAAO,CAAW;CACnB;AARD,8DAQC"}

package/dist/dto/change-password.dto.d.ts

@@ -0,0 +1,5 @@
+export declare class ChangePasswordDTO {
+    oldPassword: string;
+    newPassword: string;
+}
+//# sourceMappingURL=change-password.dto.d.ts.map

package/dist/dto/change-password.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"change-password.dto.d.ts","sourceRoot":"","sources":["../../src/dto/change-password.dto.ts"],"names":[],"mappings":"AAyBA,qBAAa,iBAAiB;IAU5B,WAAW,EAAG,MAAM,CAAC;IAoBrB,WAAW,EAAG,MAAM,CAAC;CACtB"}

package/dist/dto/change-password.dto.js

@@ -0,0 +1,29 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChangePasswordDTO = void 0;
+const class_validator_1 = require("class-validator");
+class ChangePasswordDTO {
+    oldPassword;
+    newPassword;
+}
+exports.ChangePasswordDTO = ChangePasswordDTO;
+__decorate([
+    (0, class_validator_1.IsString)({ message: 'Old password must be a string' }),
+    __metadata("design:type", String)
+], ChangePasswordDTO.prototype, "oldPassword", void 0);
+__decorate([
+    (0, class_validator_1.IsString)({ message: 'New password must be a string' }),
+    (0, class_validator_1.MinLength)(8, { message: 'Password must be at least 8 characters' }),
+    (0, class_validator_1.MaxLength)(128, { message: 'Password must not exceed 128 characters' }),
+    __metadata("design:type", String)
+], ChangePasswordDTO.prototype, "newPassword", void 0);
+//# sourceMappingURL=change-password.dto.js.map

package/dist/dto/change-password.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"change-password.dto.js","sourceRoot":"","sources":["../../src/dto/change-password.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAuBA,qDAAiE;AAEjE,MAAa,iBAAiB;IAU5B,WAAW,CAAU;IAoBrB,WAAW,CAAU;CACtB;AA/BD,8CA+BC;AArBC;IADC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;;sDAClC;AAoBrB;IAHC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACtD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACnE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;sDAClD"}

package/dist/dto/error-response.dto.d.ts

@@ -0,0 +1,9 @@
+export declare class ErrorResponseDTO {
+    statusCode: number;
+    code: string;
+    message: string;
+    details?: Record<string, unknown>;
+    timestamp: string;
+    path?: string;
+}
+//# sourceMappingURL=error-response.dto.d.ts.map

package/dist/dto/error-response.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-response.dto.d.ts","sourceRoot":"","sources":["../../src/dto/error-response.dto.ts"],"names":[],"mappings":"AA0BA,qBAAa,gBAAgB;IAW3B,UAAU,EAAG,MAAM,CAAC;IAoBpB,IAAI,EAAG,MAAM,CAAC;IAgBd,OAAO,EAAG,MAAM,CAAC;IA0BjB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAmBlC,SAAS,EAAG,MAAM,CAAC;IAgBnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf"}