@nauth-toolkit/core 0.1.0

package/dist/services/risk-scoring.service.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RiskScoringService = void 0;
+class RiskScoringService {
+    config;
+    logger;
+    defaultWeights = {
+        new_device: 25,
+        new_ip: 15,
+        new_country: 25,
+        impossible_travel: 40,
+        suspicious_activity: 30,
+        incomplete_location_data: 20,
+    };
+    constructor(config, logger) {
+        this.config = config;
+        this.logger = logger;
+    }
+    calculateRiskScore(riskFactors) {
+        const weights = this.config.mfa?.adaptive?.riskWeights || this.defaultWeights;
+        let score = 0;
+        for (const factor of riskFactors) {
+            const weight = weights[factor];
+            if (weight !== undefined) {
+                score += weight;
+            }
+            else {
+                this.logger?.warn?.(`Unknown risk factor: ${factor}, ignoring in score calculation`);
+            }
+        }
+        return Math.min(score, 100);
+    }
+    getRiskLevel(score) {
+        if (score <= 20) {
+            return 'low';
+        }
+        if (score <= 50) {
+            return 'medium';
+        }
+        return 'high';
+    }
+}
+exports.RiskScoringService = RiskScoringService;
+//# sourceMappingURL=risk-scoring.service.js.map

package/dist/services/risk-scoring.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-scoring.service.js","sourceRoot":"","sources":["../../src/services/risk-scoring.service.ts"],"names":[],"mappings":";;;AAyCA,MAAa,kBAAkB;IAyBV;IACA;IAXF,cAAc,GAA2B;QACxD,UAAU,EAAE,EAAE;QACd,MAAM,EAAE,EAAE;QACV,WAAW,EAAE,EAAE;QACf,iBAAiB,EAAE,EAAE;QACrB,mBAAmB,EAAE,EAAE;QACvB,wBAAwB,EAAE,EAAE;KAC7B,CAAC;IAEF,YACmB,MAAmB,EACnB,MAAmB;QADnB,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAa;IACnC,CAAC;IAiBJ,kBAAkB,CAAC,WAAyB;QAE1C,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,EAAE,WAAW,IAAI,IAAI,CAAC,cAAc,CAAC;QAE9E,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;YACjC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;YAC/B,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,KAAK,IAAI,MAAM,CAAC;YAClB,CAAC;iBAAM,CAAC;gBAEN,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,wBAAwB,MAAM,iCAAiC,CAAC,CAAC;YACvF,CAAC;QACH,CAAC;QAGD,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC9B,CAAC;IAmBD,YAAY,CAAC,KAAa;QACxB,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;YAChB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;YAChB,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAzFD,gDAyFC"}

package/dist/services/session.service.d.ts

@@ -0,0 +1,64 @@
+import { ISession } from '../interfaces/entities.interface';
+import { Repository } from 'typeorm';
+import { BaseSession } from '../entities';
+import { StorageAdapter } from '../interfaces/storage-adapter.interface';
+import { InternalAuthAuditService as AuthAuditService } from './auth-audit.service';
+import { ClientInfoService } from './client-info.service';
+import { NAuthLogger } from '../utils/nauth-logger';
+import { NAuthConfig } from '../interfaces/config.interface';
+export declare class SessionService {
+    private readonly sessionRepository;
+    private readonly storageAdapter;
+    private readonly clientInfoService;
+    private readonly config;
+    private readonly logger;
+    private readonly auditService?;
+    constructor(sessionRepository: Repository<BaseSession>, storageAdapter: StorageAdapter, clientInfoService: ClientInfoService, config: NAuthConfig, logger: NAuthLogger, auditService?: AuthAuditService | undefined);
+    getSessionExpirationDate(): Date;
+    private parseMaxLifetime;
+    createSession(data: {
+        userId: number;
+        accessTokenHash: string;
+        refreshTokenHash: string;
+        tokenFamily: string;
+        deviceId?: string;
+        deviceName?: string;
+        deviceType?: string;
+        expiresAt: Date;
+        isRemembered?: boolean;
+        authMethod?: string;
+    }): Promise<ISession>;
+    findById(sessionId: string | number): Promise<ISession | null>;
+    findByIdLight(sessionId: string | number): Promise<Pick<ISession, 'id' | 'version' | 'isRevoked' | 'expiresAt' | 'userId'> | null>;
+    findByRefreshToken(refreshTokenHash: string): Promise<ISession | null>;
+    findUserSessions(userId: number): Promise<ISession[]>;
+    updateActivity(sessionId: string | number): Promise<void>;
+    updateTokens(sessionId: string | number, accessTokenHash: string, refreshTokenHash: string): Promise<void>;
+    createSessionAtomic<T>(data: {
+        userId: number;
+        tokenFamily: string;
+        deviceId?: string;
+        deviceName?: string;
+        deviceType?: string;
+        expiresAt: Date;
+        isRemembered?: boolean;
+        authMethod?: string;
+    }, generateHashes: (sessionId: number) => Promise<{
+        accessTokenHash: string;
+        refreshTokenHash: string;
+        extra?: T;
+    }>): Promise<{
+        session: ISession;
+        extra?: T;
+    }>;
+    revokeSession(sessionId: string | number, reason?: string, metadata?: Record<string, unknown>): Promise<void>;
+    revokeAllUserSessions(userId: number, reason?: string): Promise<number>;
+    revokeTokenFamily(tokenFamily: string, reason?: string): Promise<number>;
+    cleanupExpiredSessions(): Promise<number>;
+    countUserSessions(userId: number): Promise<number>;
+    markRefreshTokenAsUsed(tokenHash: string, ttlSeconds: number): Promise<boolean>;
+    isRefreshTokenUsed(tokenHash: string): Promise<boolean>;
+    acquireRefreshLock(lockKey: string, ttlMs?: number): Promise<boolean>;
+    releaseRefreshLock(lockKey: string): Promise<void>;
+}
+//# sourceMappingURL=session.service.d.ts.map

package/dist/services/session.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.service.d.ts","sourceRoot":"","sources":["../../src/services/session.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kCAAkC,CAAC;AAC5D,OAAO,EAAE,UAAU,EAA0B,MAAM,SAAS,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAEpF,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAyC7D,qBAAa,cAAc;IAEvB,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;gBALb,iBAAiB,EAAE,UAAU,CAAC,WAAW,CAAC,EAC1C,cAAc,EAAE,cAAc,EAC9B,iBAAiB,EAAE,iBAAiB,EACpC,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,WAAW,EACnB,YAAY,CAAC,EAAE,gBAAgB,YAAA;IAWlD,wBAAwB,IAAI,IAAI;IAahC,OAAO,CAAC,gBAAgB;IAuDlB,aAAa,CAAC,IAAI,EAAE;QACxB,MAAM,EAAE,MAAM,CAAC;QACf,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,MAAM,CAAC;QACzB,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QAEpB,SAAS,EAAE,IAAI,CAAC;QAChB,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,GAAG,OAAO,CAAC,QAAQ,CAAC;IA+Jf,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAU9D,aAAa,CACjB,SAAS,EAAE,MAAM,GAAG,MAAM,GACzB,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,GAAG,SAAS,GAAG,WAAW,GAAG,WAAW,GAAG,QAAQ,CAAC,GAAG,IAAI,CAAC;IAuBpF,kBAAkB,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAYtE,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAWrD,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWzD,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAe1G,mBAAmB,CAAC,CAAC,EACzB,IAAI,EAAE;QACJ,MAAM,EAAE,MAAM,CAAC;QACf,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QAEpB,SAAS,EAAE,IAAI,CAAC;QAChB,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,EACD,cAAc,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,eAAe,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,CAAC,CAAA;KAAE,CAAC,GAC/G,OAAO,CAAC;QAAE,OAAO,EAAE,QAAQ,CAAC;QAAC,KAAK,CAAC,EAAE,CAAC,CAAA;KAAE,CAAC;IAwHtC,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IA8C7G,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAoFvE,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgBxE,sBAAsB,IAAI,OAAO,CAAC,MAAM,CAAC;IAazC,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IA2BlD,sBAAsB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA6B/E,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA6BvD,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,GAAE,MAAc,GAAG,OAAO,CAAC,OAAO,CAAC;IAgC5E,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGzD"}

package/dist/services/session.service.js

@@ -0,0 +1,455 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionService = void 0;
+const typeorm_1 = require("typeorm");
+const auth_audit_event_type_enum_1 = require("../enums/auth-audit-event-type.enum");
+class SessionService {
+    sessionRepository;
+    storageAdapter;
+    clientInfoService;
+    config;
+    logger;
+    auditService;
+    constructor(sessionRepository, storageAdapter, clientInfoService, config, logger, auditService) {
+        this.sessionRepository = sessionRepository;
+        this.storageAdapter = storageAdapter;
+        this.clientInfoService = clientInfoService;
+        this.config = config;
+        this.logger = logger;
+        this.auditService = auditService;
+    }
+    getSessionExpirationDate() {
+        const maxLifetime = this.config.session?.maxLifetime || '30d';
+        const expiresInSeconds = this.parseMaxLifetime(maxLifetime);
+        return new Date(Date.now() + expiresInSeconds * 1000);
+    }
+    parseMaxLifetime(maxLifetime) {
+        if (typeof maxLifetime === 'number') {
+            return maxLifetime;
+        }
+        const units = {
+            s: 1,
+            m: 60,
+            h: 3600,
+            d: 86400,
+        };
+        const match = maxLifetime.match(/^(\d+)([smhd])$/);
+        if (!match) {
+            this.logger?.warn?.(`Invalid session.maxLifetime format: ${maxLifetime}. Using default 30 days.`);
+            return 30 * 86400;
+        }
+        const [, value, unit] = match;
+        return parseInt(value, 10) * units[unit];
+    }
+    async createSession(data) {
+        const maxConcurrent = this.config.session?.maxConcurrent;
+        if (maxConcurrent && maxConcurrent > 0) {
+            const now = new Date();
+            const activeIds = (await this.sessionRepository.find({
+                select: ['id'],
+                where: { userId: data.userId, isRevoked: false, expiresAt: (0, typeorm_1.MoreThan)(now) },
+                order: { lastActivityAt: 'ASC' },
+            }));
+            if (activeIds.length >= maxConcurrent) {
+                const toRevokeCount = activeIds.length - maxConcurrent + 1;
+                const idsToRevoke = activeIds.slice(0, toRevokeCount).map((s) => s.id);
+                if (idsToRevoke.length > 0) {
+                    const nowTs = new Date();
+                    const result = await this.sessionRepository.update({ id: (0, typeorm_1.In)(idsToRevoke) }, { isRevoked: true, revokedAt: nowTs, revokeReason: 'Max concurrent sessions exceeded' });
+                    const affected = result.affected || idsToRevoke.length;
+                    if (affected > 0) {
+                        try {
+                            await this.auditService?.recordEvent({
+                                userId: data.userId,
+                                eventType: auth_audit_event_type_enum_1.AuthAuditEventType.SESSION_REVOKED,
+                                eventStatus: 'INFO',
+                                reason: 'Max concurrent sessions exceeded',
+                                description: `Revoked ${affected} session(s) due to max concurrent sessions limit`,
+                                metadata: {
+                                    revokedCount: affected,
+                                    sessionIds: idsToRevoke,
+                                },
+                            });
+                        }
+                        catch (auditError) {
+                            const errorMessage = auditError instanceof Error ? auditError.message : 'Unknown error';
+                            this.logger?.error?.(`Failed to record SESSION_REVOKED summary event: ${errorMessage}`, {
+                                error: auditError,
+                                userId: data.userId,
+                            });
+                        }
+                    }
+                }
+            }
+        }
+        const clientInfo = this.clientInfoService.get();
+        const deviceType = data.deviceType || clientInfo.deviceType || null;
+        const deviceName = data.deviceName || clientInfo.deviceName || null;
+        const platform = clientInfo.platform || null;
+        const browser = clientInfo.browser || null;
+        let deviceId = data.deviceId;
+        if (!deviceId) {
+            const crypto = await Promise.resolve().then(() => __importStar(require('crypto')));
+            deviceId = crypto.randomUUID();
+        }
+        if (!clientInfo.ipLatitude || !clientInfo.ipLongitude) {
+            this.logger?.warn?.(`[SessionService] Creating session WITHOUT coordinates: ` +
+                `IP=${clientInfo.ipAddress}, country=${clientInfo.ipCountry}, city=${clientInfo.ipCity}, ` +
+                `lat=${clientInfo.ipLatitude}, lon=${clientInfo.ipLongitude}`);
+        }
+        else {
+            this.logger?.debug?.(`[SessionService] Creating session WITH coordinates: ` +
+                `IP=${clientInfo.ipAddress}, ${clientInfo.ipCity}, ${clientInfo.ipCountry} ` +
+                `(${clientInfo.ipLatitude}, ${clientInfo.ipLongitude})`);
+        }
+        const session = this.sessionRepository.create({
+            userId: data.userId,
+            accessTokenHash: data.accessTokenHash,
+            refreshTokenHash: data.refreshTokenHash,
+            tokenFamily: data.tokenFamily,
+            deviceId,
+            deviceName,
+            deviceType,
+            ipAddress: clientInfo.ipAddress || null,
+            ipCountry: clientInfo.ipCountry || null,
+            ipCity: clientInfo.ipCity || null,
+            ipLatitude: clientInfo.ipLatitude || null,
+            ipLongitude: clientInfo.ipLongitude || null,
+            userAgent: clientInfo.userAgent || null,
+            platform,
+            browser,
+            authMethod: data.authMethod || null,
+            expiresAt: data.expiresAt,
+            isRemembered: data.isRemembered || false,
+            lastActivityAt: new Date(),
+        });
+        const savedSession = (await this.sessionRepository.save(session));
+        try {
+            await this.auditService?.recordEvent({
+                userId: data.userId,
+                eventType: auth_audit_event_type_enum_1.AuthAuditEventType.SESSION_CREATED,
+                eventStatus: 'INFO',
+                sessionId: savedSession.id,
+                authMethod: data.authMethod || null,
+                metadata: {
+                    deviceId: savedSession.deviceId,
+                    deviceName: savedSession.deviceName,
+                    deviceType: savedSession.deviceType,
+                    isRemembered: savedSession.isRemembered,
+                },
+            });
+        }
+        catch (auditError) {
+            const errorMessage = auditError instanceof Error ? auditError.message : 'Unknown error';
+            this.logger?.error?.(`Failed to record SESSION_CREATED audit event: ${errorMessage}`, {
+                error: auditError,
+                userId: data.userId,
+                sessionId: savedSession.id,
+            });
+        }
+        return savedSession;
+    }
+    async findById(sessionId) {
+        return (await this.sessionRepository.findOne({
+            where: { id: typeof sessionId === 'string' ? parseInt(sessionId, 10) : sessionId },
+        }));
+    }
+    async findByIdLight(sessionId) {
+        const id = typeof sessionId === 'string' ? parseInt(sessionId, 10) : sessionId;
+        const record = (await this.sessionRepository.findOne({
+            select: ['id', 'version', 'isRevoked', 'expiresAt', 'userId'],
+            where: { id },
+        }));
+        if (!record)
+            return null;
+        const versionValue = record.version ?? undefined;
+        const light = {
+            id: record.id,
+            version: versionValue,
+            isRevoked: record.isRevoked,
+            expiresAt: record.expiresAt,
+            userId: record.userId,
+        };
+        return light;
+    }
+    async findByRefreshToken(refreshTokenHash) {
+        return (await this.sessionRepository.findOne({
+            select: ['id', 'userId', 'isRevoked', 'tokenFamily', 'expiresAt'],
+            where: { refreshTokenHash, isRevoked: false },
+        }));
+    }
+    async findUserSessions(userId) {
+        return (await this.sessionRepository.find({
+            where: { userId, isRevoked: false },
+            order: { createdAt: 'DESC' },
+        }));
+    }
+    async updateActivity(sessionId) {
+        const id = typeof sessionId === 'string' ? parseInt(sessionId, 10) : sessionId;
+        await this.sessionRepository.update(id, {
+            lastActivityAt: new Date(),
+        });
+    }
+    async updateTokens(sessionId, accessTokenHash, refreshTokenHash) {
+        const id = typeof sessionId === 'string' ? parseInt(sessionId, 10) : sessionId;
+        await this.sessionRepository.update(id, {
+            accessTokenHash,
+            refreshTokenHash,
+            lastActivityAt: new Date(),
+        });
+    }
+    async createSessionAtomic(data, generateHashes) {
+        const clientInfo = this.clientInfoService.get();
+        const result = await this.sessionRepository.manager.transaction(async (trx) => {
+            const deviceType = data.deviceType || clientInfo.deviceType || null;
+            const deviceName = data.deviceName || clientInfo.deviceName || null;
+            const platform = clientInfo.platform || null;
+            const browser = clientInfo.browser || null;
+            let deviceId = data.deviceId;
+            if (!deviceId) {
+                const crypto = await Promise.resolve().then(() => __importStar(require('crypto')));
+                deviceId = crypto.randomUUID();
+            }
+            const sessionEntity = this.sessionRepository.create({
+                userId: data.userId,
+                accessTokenHash: '',
+                refreshTokenHash: '',
+                tokenFamily: data.tokenFamily,
+                deviceId,
+                deviceName,
+                deviceType,
+                ipAddress: clientInfo.ipAddress || null,
+                ipCountry: clientInfo.ipCountry || null,
+                ipCity: clientInfo.ipCity || null,
+                ipLatitude: clientInfo.ipLatitude || null,
+                ipLongitude: clientInfo.ipLongitude || null,
+                userAgent: clientInfo.userAgent || null,
+                platform,
+                browser,
+                authMethod: data.authMethod || null,
+                expiresAt: data.expiresAt,
+                isRemembered: data.isRemembered || false,
+                lastActivityAt: new Date(),
+            });
+            if (!clientInfo.ipLatitude || !clientInfo.ipLongitude) {
+                this.logger?.warn?.(`[SessionService.createSessionAtomic] Creating session WITHOUT coordinates: ` +
+                    `IP=${clientInfo.ipAddress}, country=${clientInfo.ipCountry}, city=${clientInfo.ipCity}, ` +
+                    `lat=${clientInfo.ipLatitude}, lon=${clientInfo.ipLongitude}`);
+            }
+            else {
+                this.logger?.debug?.(`[SessionService.createSessionAtomic] Creating session WITH coordinates: ` +
+                    `IP=${clientInfo.ipAddress}, ${clientInfo.ipCity}, ${clientInfo.ipCountry} ` +
+                    `(${clientInfo.ipLatitude}, ${clientInfo.ipLongitude})`);
+            }
+            const saved = await trx.save(sessionEntity);
+            const savedId = saved.id;
+            const { accessTokenHash, refreshTokenHash, extra } = await generateHashes(savedId);
+            await trx
+                .createQueryBuilder()
+                .update(this.sessionRepository.target)
+                .set({ accessTokenHash, refreshTokenHash, lastActivityAt: new Date() })
+                .where({ id: savedId })
+                .execute();
+            const sessionLight = (await trx.findOne(this.sessionRepository.target, {
+                where: { id: savedId },
+            }));
+            if (!sessionLight) {
+                throw new Error('Failed to load session after creation');
+            }
+            return { session: sessionLight, extra };
+        });
+        try {
+            await this.auditService?.recordEvent({
+                userId: data.userId,
+                eventType: auth_audit_event_type_enum_1.AuthAuditEventType.SESSION_CREATED,
+                eventStatus: 'INFO',
+                sessionId: result.session.id,
+                authMethod: data.authMethod || null,
+                metadata: {
+                    deviceId: result.session.deviceId,
+                    deviceName: result.session.deviceName,
+                    deviceType: result.session.deviceType,
+                    isRemembered: result.session.isRemembered,
+                },
+            });
+        }
+        catch (auditError) {
+            const errorMessage = auditError instanceof Error ? auditError.message : 'Unknown error';
+            this.logger?.error?.(`Failed to record SESSION_CREATED audit event: ${errorMessage}`, {
+                error: auditError,
+                userId: data.userId,
+                sessionId: result.session.id,
+            });
+        }
+        return result;
+    }
+    async revokeSession(sessionId, reason, metadata) {
+        const id = typeof sessionId === 'string' ? parseInt(sessionId, 10) : sessionId;
+        const session = await this.findById(id);
+        if (!session) {
+            return;
+        }
+        await this.sessionRepository.update(id, {
+            isRevoked: true,
+            revokedAt: new Date(),
+            revokeReason: reason,
+        });
+        try {
+            await this.auditService?.recordEvent({
+                userId: session.userId,
+                eventType: auth_audit_event_type_enum_1.AuthAuditEventType.SESSION_REVOKED,
+                eventStatus: 'INFO',
+                sessionId: id,
+                reason: reason || 'User logout',
+                description: `Session revoked: ${reason || 'User logout'}`,
+                metadata: metadata || undefined,
+            });
+        }
+        catch (auditError) {
+            const errorMessage = auditError instanceof Error ? auditError.message : 'Unknown error';
+            this.logger?.error?.(`Failed to record SESSION_REVOKED audit event: ${errorMessage}`, {
+                error: auditError,
+                userId: session.userId,
+                sessionId: id,
+            });
+        }
+    }
+    async revokeAllUserSessions(userId, reason) {
+        const sessions = await this.findUserSessions(userId);
+        const result = await this.sessionRepository.update({ userId, isRevoked: false }, {
+            isRevoked: true,
+            revokedAt: new Date(),
+            revokeReason: reason,
+        });
+        const revokedCount = result.affected || 0;
+        if (revokedCount > 0) {
+            try {
+                const isGlobalSignout = reason === 'Global signout';
+                if (isGlobalSignout) {
+                    for (const session of sessions) {
+                        try {
+                            await this.auditService?.recordEvent({
+                                userId,
+                                eventType: auth_audit_event_type_enum_1.AuthAuditEventType.SESSION_REVOKED,
+                                eventStatus: 'INFO',
+                                reason: 'Global signout',
+                                description: `Session revoked by global signout`,
+                                sessionId: session.id,
+                                metadata: {
+                                    revokedBy: 'global_signout',
+                                },
+                            });
+                        }
+                        catch (sessionAuditError) {
+                            const errorMessage = sessionAuditError instanceof Error ? sessionAuditError.message : 'Unknown error';
+                            this.logger?.error?.(`Failed to record SESSION_REVOKED audit event for session ${session.id}: ${errorMessage}`, {
+                                error: sessionAuditError,
+                                userId,
+                                sessionId: session.id,
+                            });
+                        }
+                    }
+                }
+                else {
+                    await this.auditService?.recordEvent({
+                        userId,
+                        eventType: auth_audit_event_type_enum_1.AuthAuditEventType.SESSION_REVOKED,
+                        eventStatus: 'INFO',
+                        reason: reason || 'Session revocation',
+                        description: `All user sessions revoked (${revokedCount} session(s))`,
+                        metadata: {
+                            revokedCount,
+                            sessionIds: sessions.map((s) => s.id),
+                        },
+                    });
+                }
+            }
+            catch (auditError) {
+                const errorMessage = auditError instanceof Error ? auditError.message : 'Unknown error';
+                this.logger?.error?.(`Failed to record SESSION_REVOKED audit event (all sessions): ${errorMessage}`, {
+                    error: auditError,
+                    userId,
+                    revokedCount,
+                });
+            }
+        }
+        return revokedCount;
+    }
+    async revokeTokenFamily(tokenFamily, reason) {
+        const result = await this.sessionRepository.update({ tokenFamily, isRevoked: false }, {
+            isRevoked: true,
+            revokedAt: new Date(),
+            revokeReason: reason || 'Token reuse detected',
+        });
+        return result.affected || 0;
+    }
+    async cleanupExpiredSessions() {
+        const result = await this.sessionRepository.delete({
+            expiresAt: (0, typeorm_1.LessThan)(new Date()),
+        });
+        return result.affected || 0;
+    }
+    async countUserSessions(userId) {
+        return await this.sessionRepository.count({
+            where: { userId, isRevoked: false },
+        });
+    }
+    async markRefreshTokenAsUsed(tokenHash, ttlSeconds) {
+        const key = `used-token:${tokenHash}`;
+        const result = await this.storageAdapter.set(key, 'true', ttlSeconds, { nx: true });
+        return result !== null;
+    }
+    async isRefreshTokenUsed(tokenHash) {
+        const key = `used-token:${tokenHash}`;
+        return await this.storageAdapter.exists(key);
+    }
+    async acquireRefreshLock(lockKey, ttlMs = 10000) {
+        const baseTtlSeconds = Math.max(1, Math.ceil(ttlMs / 1000));
+        const jitterMax = Math.max(1, Math.floor(baseTtlSeconds * 0.05));
+        const jitter = Math.floor(Math.random() * (jitterMax * 2 + 1)) - jitterMax;
+        const ttlWithJitter = Math.max(1, baseTtlSeconds + jitter);
+        const result = await this.storageAdapter.set(lockKey, 'locked', ttlWithJitter, { nx: true });
+        const acquired = result !== null;
+        if (!acquired) {
+        }
+        return acquired;
+    }
+    async releaseRefreshLock(lockKey) {
+        await this.storageAdapter.del(lockKey);
+    }
+}
+exports.SessionService = SessionService;
+//# sourceMappingURL=session.service.js.map

package/dist/services/session.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.service.js","sourceRoot":"","sources":["../../src/services/session.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,qCAA6D;AAI7D,oFAAyE;AA4CzE,MAAa,cAAc;IAEN;IACA;IACA;IACA;IACA;IACA;IANnB,YACmB,iBAA0C,EAC1C,cAA8B,EAC9B,iBAAoC,EACpC,MAAmB,EACnB,MAAmB,EACnB,YAA+B;QAL/B,sBAAiB,GAAjB,iBAAiB,CAAyB;QAC1C,mBAAc,GAAd,cAAc,CAAgB;QAC9B,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAa;QACnB,iBAAY,GAAZ,YAAY,CAAmB;IAC/C,CAAC;IAUJ,wBAAwB;QACtB,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,WAAW,IAAI,KAAK,CAAC;QAC9D,MAAM,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;QAC5D,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,GAAG,IAAI,CAAC,CAAC;IACxD,CAAC;IASO,gBAAgB,CAAC,WAA4B;QACnD,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO,WAAW,CAAC;QACrB,CAAC;QAGD,MAAM,KAAK,GAA2B;YACpC,CAAC,EAAE,CAAC;YACJ,CAAC,EAAE,EAAE;YACL,CAAC,EAAE,IAAI;YACP,CAAC,EAAE,KAAK;SACT,CAAC;QAEF,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACnD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,uCAAuC,WAAW,0BAA0B,CAAC,CAAC;YAClG,OAAO,EAAE,GAAG,KAAK,CAAC;QACpB,CAAC;QAED,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,KAAK,CAAC;QAC9B,OAAO,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAkCD,KAAK,CAAC,aAAa,CAAC,IAYnB;QAIC,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,CAAC;QACzD,IAAI,aAAa,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;YAEvC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YAEvB,MAAM,SAAS,GAA0B,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC;gBAC1E,MAAM,EAAE,CAAC,IAAI,CAAC;gBACd,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,IAAA,kBAAQ,EAAC,GAAG,CAAC,EAAE;gBAC1E,KAAK,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE;aACjC,CAAC,CAAqC,CAAC;YAExC,IAAI,SAAS,CAAC,MAAM,IAAI,aAAa,EAAE,CAAC;gBAEtC,MAAM,aAAa,GAAG,SAAS,CAAC,MAAM,GAAG,aAAa,GAAG,CAAC,CAAC;gBAC3D,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAEvE,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC3B,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC;oBACzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAChD,EAAE,EAAE,EAAE,IAAA,YAAE,EAAC,WAAW,CAAC,EAAE,EACvB,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,YAAY,EAAE,kCAAkC,EAAE,CACxF,CAAC;oBAEF,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,WAAW,CAAC,MAAM,CAAC;oBACvD,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;wBAEjB,IAAI,CAAC;4BACH,MAAM,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC;gCACnC,MAAM,EAAE,IAAI,CAAC,MAAM;gCACnB,SAAS,EAAE,+CAAkB,CAAC,eAAe;gCAC7C,WAAW,EAAE,MAAM;gCACnB,MAAM,EAAE,kCAAkC;gCAC1C,WAAW,EAAE,WAAW,QAAQ,kDAAkD;gCAClF,QAAQ,EAAE;oCACR,YAAY,EAAE,QAAQ;oCACtB,UAAU,EAAE,WAAW;iCACxB;6BACF,CAAC,CAAC;wBACL,CAAC;wBAAC,OAAO,UAAU,EAAE,CAAC;4BACpB,MAAM,YAAY,GAAG,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;4BACxF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,mDAAmD,YAAY,EAAE,EAAE;gCACtF,KAAK,EAAE,UAAU;gCACjB,MAAM,EAAE,IAAI,CAAC,MAAM;6BACpB,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAOD,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC;QAOhD,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,UAAU,IAAI,IAAI,CAAC;QACpE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,UAAU,IAAI,IAAI,CAAC;QACpE,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,IAAI,IAAI,CAAC;QAC7C,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,IAAI,IAAI,CAAC;QAS3C,IAAI,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC7B,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,MAAM,GAAG,wDAAa,QAAQ,GAAC,CAAC;YACtC,QAAQ,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACjC,CAAC;QAGD,IAAI,CAAC,UAAU,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YACtD,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CACjB,yDAAyD;gBACzD,MAAM,UAAU,CAAC,SAAS,aAAa,UAAU,CAAC,SAAS,UAAU,UAAU,CAAC,MAAM,IAAI;gBAC1F,OAAO,UAAU,CAAC,UAAU,SAAS,UAAU,CAAC,WAAW,EAAE,CAC9D,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,sDAAsD;gBACtD,MAAM,UAAU,CAAC,SAAS,KAAK,UAAU,CAAC,MAAM,KAAK,UAAU,CAAC,SAAS,GAAG;gBAC5E,IAAI,UAAU,CAAC,UAAU,KAAK,UAAU,CAAC,WAAW,GAAG,CACxD,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC;YAC5C,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,QAAQ;YACR,UAAU;YACV,UAAU;YAEV,SAAS,EAAE,UAAU,CAAC,SAAS,IAAI,IAAI;YACvC,SAAS,EAAE,UAAU,CAAC,SAAS,IAAI,IAAI;YACvC,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,IAAI;YACjC,UAAU,EAAE,UAAU,CAAC,UAAU,IAAI,IAAI;YACzC,WAAW,EAAE,UAAU,CAAC,WAAW,IAAI,IAAI;YAC3C,SAAS,EAAE,UAAU,CAAC,SAAS,IAAI,IAAI;YACvC,QAAQ;YACR,OAAO;YACP,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI;YACnC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,KAAK;YACxC,cAAc,EAAE,IAAI,IAAI,EAAE;SAC3B,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAwB,CAAC;QAKzF,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC;gBACnC,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,+CAAkB,CAAC,eAAe;gBAC7C,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,YAAY,CAAC,EAAE;gBAC1B,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI;gBAEnC,QAAQ,EAAE;oBACR,QAAQ,EAAE,YAAY,CAAC,QAAQ;oBAC/B,UAAU,EAAE,YAAY,CAAC,UAAU;oBACnC,UAAU,EAAE,YAAY,CAAC,UAAU;oBACnC,YAAY,EAAE,YAAY,CAAC,YAAY;iBACxC;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YAEpB,MAAM,YAAY,GAAG,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACxF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,iDAAiD,YAAY,EAAE,EAAE;gBACpF,KAAK,EAAE,UAAU;gBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,YAAY,CAAC,EAAE;aAC3B,CAAC,CAAC;QACL,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAMD,KAAK,CAAC,QAAQ,CAAC,SAA0B;QACvC,OAAO,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC;YAC3C,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE;SACnF,CAAC,CAAoB,CAAC;IACzB,CAAC;IAMD,KAAK,CAAC,aAAa,CACjB,SAA0B;QAE1B,MAAM,EAAE,GAAG,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAE/E,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC;YACnD,MAAM,EAAE,CAAC,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,QAAQ,CAAC;YAC7D,KAAK,EAAE,EAAE,EAAE,EAAE;SACd,CAAC,CAA+B,CAAC;QAElC,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,MAAM,YAAY,GAAI,MAA0C,CAAC,OAAO,IAAK,SAA+B,CAAC;QAC7G,MAAM,KAAK,GAAG;YACZ,EAAE,EAAE,MAAM,CAAC,EAAE;YACb,OAAO,EAAE,YAAY;YACrB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;SACgE,CAAC;QACxF,OAAO,KAAK,CAAC;IACf,CAAC;IAKD,KAAK,CAAC,kBAAkB,CAAC,gBAAwB;QAC/C,OAAO,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC;YAC3C,MAAM,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,CAAC;YACjE,KAAK,EAAE,EAAE,gBAAgB,EAAE,SAAS,EAAE,KAAK,EAAE;SAC9C,CAAC,CAAoB,CAAC;IACzB,CAAC;IAOD,KAAK,CAAC,gBAAgB,CAAC,MAAc;QACnC,OAAO,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC;YACxC,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE;YACnC,KAAK,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE;SAC7B,CAAC,CAA0B,CAAC;IAC/B,CAAC;IAMD,KAAK,CAAC,cAAc,CAAC,SAA0B;QAC7C,MAAM,EAAE,GAAG,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC/E,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,EAAE;YACtC,cAAc,EAAE,IAAI,IAAI,EAAE;SAC3B,CAAC,CAAC;IACL,CAAC;IAMD,KAAK,CAAC,YAAY,CAAC,SAA0B,EAAE,eAAuB,EAAE,gBAAwB;QAC9F,MAAM,EAAE,GAAG,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC/E,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,EAAE;YACtC,eAAe;YACf,gBAAgB;YAChB,cAAc,EAAE,IAAI,IAAI,EAAE;SAC3B,CAAC,CAAC;IACL,CAAC;IAQD,KAAK,CAAC,mBAAmB,CACvB,IAUC,EACD,cAAgH;QAIhH,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC;QAEhD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YAG5E,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,UAAU,IAAI,IAAI,CAAC;YACpE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,UAAU,IAAI,IAAI,CAAC;YACpE,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,IAAI,IAAI,CAAC;YAC7C,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,IAAI,IAAI,CAAC;YAG3C,IAAI,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;YAC7B,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,MAAM,GAAG,wDAAa,QAAQ,GAAC,CAAC;gBACtC,QAAQ,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;YACjC,CAAC;YAGD,MAAM,aAAa,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC;gBAClD,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,eAAe,EAAE,EAAE;gBACnB,gBAAgB,EAAE,EAAE;gBACpB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,QAAQ;gBACR,UAAU;gBACV,UAAU;gBAEZ,SAAS,EAAE,UAAU,CAAC,SAAS,IAAI,IAAI;gBACvC,SAAS,EAAE,UAAU,CAAC,SAAS,IAAI,IAAI;gBACvC,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,IAAI;gBACjC,UAAU,EAAE,UAAU,CAAC,UAAU,IAAI,IAAI;gBACzC,WAAW,EAAE,UAAU,CAAC,WAAW,IAAI,IAAI;gBAC3C,SAAS,EAAE,UAAU,CAAC,SAAS,IAAI,IAAI;gBACvC,QAAQ;gBACR,OAAO;gBACP,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI;gBACnC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,KAAK;gBACxC,cAAc,EAAE,IAAI,IAAI,EAAE;aAC3B,CAAC,CAAC;YAGH,IAAI,CAAC,UAAU,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;gBACtD,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CACjB,6EAA6E;oBAC7E,MAAM,UAAU,CAAC,SAAS,aAAa,UAAU,CAAC,SAAS,UAAU,UAAU,CAAC,MAAM,IAAI;oBAC1F,OAAO,UAAU,CAAC,UAAU,SAAS,UAAU,CAAC,WAAW,EAAE,CAC9D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,0EAA0E;oBAC1E,MAAM,UAAU,CAAC,SAAS,KAAK,UAAU,CAAC,MAAM,KAAK,UAAU,CAAC,SAAS,GAAG;oBAC5E,IAAI,UAAU,CAAC,UAAU,KAAK,UAAU,CAAC,WAAW,GAAG,CACxD,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,EAAY,CAAC;YAEnC,MAAM,EAAE,eAAe,EAAE,gBAAgB,EAAE,KAAK,EAAE,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC;YAEnF,MAAM,GAAG;iBACN,kBAAkB,EAAE;iBACpB,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC;iBACrC,GAAG,CAAC,EAAE,eAAe,EAAE,gBAAgB,EAAE,cAAc,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;iBACtE,KAAK,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;iBACtB,OAAO,EAAE,CAAC;YAGb,MAAM,YAAY,GAAG,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE;gBACrE,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE;aACvB,CAAC,CAA+B,CAAC;YAElC,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAC3D,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,EAAsC,CAAC;QAC9E,CAAC,CAAC,CAAC;QAKH,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC;gBACnC,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,+CAAkB,CAAC,eAAe;gBAC7C,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE;gBAC5B,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI;gBAEnC,QAAQ,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ;oBACjC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU;oBACrC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU;oBACrC,YAAY,EAAE,MAAM,CAAC,OAAO,CAAC,YAAY;iBAC1C;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YAEpB,MAAM,YAAY,GAAG,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACxF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,iDAAiD,YAAY,EAAE,EAAE;gBACpF,KAAK,EAAE,UAAU;gBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE;aAC7B,CAAC,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAQD,KAAK,CAAC,aAAa,CAAC,SAA0B,EAAE,MAAe,EAAE,QAAkC;QACjG,MAAM,EAAE,GAAG,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAG/E,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACxC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,EAAE;YACtC,SAAS,EAAE,IAAI;YACf,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,YAAY,EAAE,MAAM;SACrB,CAAC,CAAC;QAKH,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC;gBACnC,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,SAAS,EAAE,+CAAkB,CAAC,eAAe;gBAC7C,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,EAAE;gBACb,MAAM,EAAE,MAAM,IAAI,aAAa;gBAC/B,WAAW,EAAE,oBAAoB,MAAM,IAAI,aAAa,EAAE;gBAE1D,QAAQ,EAAE,QAAQ,IAAI,SAAS;aAChC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YAEpB,MAAM,YAAY,GAAG,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACxF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,iDAAiD,YAAY,EAAE,EAAE;gBACpF,KAAK,EAAE,UAAU;gBACjB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,SAAS,EAAE,EAAE;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAQD,KAAK,CAAC,qBAAqB,CAAC,MAAc,EAAE,MAAe;QAEzD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAErD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAChD,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,EAC5B;YACE,SAAS,EAAE,IAAI;YACf,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,YAAY,EAAE,MAAM;SACrB,CACF,CAAC;QAEF,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;QAK1C,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,MAAM,eAAe,GAAG,MAAM,KAAK,gBAAgB,CAAC;gBAEpD,IAAI,eAAe,EAAE,CAAC;oBAGpB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;wBAC/B,IAAI,CAAC;4BACH,MAAM,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC;gCACnC,MAAM;gCACN,SAAS,EAAE,+CAAkB,CAAC,eAAe;gCAC7C,WAAW,EAAE,MAAM;gCACnB,MAAM,EAAE,gBAAgB;gCACxB,WAAW,EAAE,mCAAmC;gCAChD,SAAS,EAAE,OAAO,CAAC,EAAE;gCAErB,QAAQ,EAAE;oCACR,SAAS,EAAE,gBAAgB;iCAC5B;6BACF,CAAC,CAAC;wBACL,CAAC;wBAAC,OAAO,iBAAiB,EAAE,CAAC;4BAE3B,MAAM,YAAY,GAAG,iBAAiB,YAAY,KAAK,CAAC,CAAC,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;4BACtG,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,4DAA4D,OAAO,CAAC,EAAE,KAAK,YAAY,EAAE,EACzF;gCACE,KAAK,EAAE,iBAAiB;gCACxB,MAAM;gCACN,SAAS,EAAE,OAAO,CAAC,EAAE;6BACtB,CACF,CAAC;wBACJ,CAAC;oBACH,CAAC;gBACH,CAAC;qBAAM,CAAC;oBAEN,MAAM,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC;wBACnC,MAAM;wBACN,SAAS,EAAE,+CAAkB,CAAC,eAAe;wBAC7C,WAAW,EAAE,MAAM;wBACnB,MAAM,EAAE,MAAM,IAAI,oBAAoB;wBACtC,WAAW,EAAE,8BAA8B,YAAY,cAAc;wBAErE,QAAQ,EAAE;4BACR,YAAY;4BACZ,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;yBACtC;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBAEpB,MAAM,YAAY,GAAG,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBACxF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,gEAAgE,YAAY,EAAE,EAAE;oBACnG,KAAK,EAAE,UAAU;oBACjB,MAAM;oBACN,YAAY;iBACb,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAKD,KAAK,CAAC,iBAAiB,CAAC,WAAmB,EAAE,MAAe;QAC1D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAChD,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,EAAE,EACjC;YACE,SAAS,EAAE,IAAI;YACf,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,YAAY,EAAE,MAAM,IAAI,sBAAsB;SAC/C,CACF,CAAC;QAEF,OAAO,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;IAC9B,CAAC;IAKD,KAAK,CAAC,sBAAsB;QAC1B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC;YACjD,SAAS,EAAE,IAAA,kBAAQ,EAAC,IAAI,IAAI,EAAE,CAAC;SAChC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;IAC9B,CAAC;IAOD,KAAK,CAAC,iBAAiB,CAAC,MAAc;QACpC,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC;YACxC,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAuBD,KAAK,CAAC,sBAAsB,CAAC,SAAiB,EAAE,UAAkB;QAChE,MAAM,GAAG,GAAG,cAAc,SAAS,EAAE,CAAC;QAItC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpF,OAAO,MAAM,KAAK,IAAI,CAAC;IACzB,CAAC;IAqBD,KAAK,CAAC,kBAAkB,CAAC,SAAiB;QACxC,MAAM,GAAG,GAAG,cAAc,SAAS,EAAE,CAAC;QACtC,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC/C,CAAC;IA0BD,KAAK,CAAC,kBAAkB,CAAC,OAAe,EAAE,QAAgB,KAAK;QAS7D,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC;QAC5D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,SAAS,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC;QAC3E,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,cAAc,GAAG,MAAM,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;QAE7F,MAAM,QAAQ,GAAG,MAAM,KAAK,IAAI,CAAC;QAGjC,IAAI,CAAC,QAAQ,EAAE,CAAC;QAGhB,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAOD,KAAK,CAAC,kBAAkB,CAAC,OAAe;QACtC,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;CACF;AAjvBD,wCAivBC"}

package/dist/services/social-auth-base.service.d.ts

@@ -0,0 +1,57 @@
+import { Repository } from 'typeorm';
+import { BaseUser } from '../entities';
+import { IUser } from '../interfaces/entities.interface';
+import { AuthService } from './auth.service';
+import { SocialAuthService } from './social-auth.service';
+import { TrustedDeviceService } from './trusted-device.service';
+import { JwtService } from './jwt.service';
+import { SessionService } from './session.service';
+import { AuthChallengeHelperService } from './auth-challenge-helper.service';
+import { ClientInfoService } from './client-info.service';
+import { PhoneVerificationService } from './phone-verification.service';
+import { InternalAuthAuditService as AuthAuditService } from './auth-audit.service';
+import { NAuthConfig } from '../interfaces/config.interface';
+import { NAuthLogger } from '../utils/nauth-logger';
+import { AuthResponseDTO } from '../dto';
+import { OAuthUserProfile } from '../interfaces/oauth.interface';
+import { ISocialAuthProviderService } from '../interfaces/social-auth-provider.interface';
+export declare abstract class BaseSocialAuthProviderService implements ISocialAuthProviderService {
+    protected readonly config: NAuthConfig;
+    protected readonly logger: NAuthLogger;
+    protected readonly authService: AuthService;
+    protected readonly socialAuthService: SocialAuthService;
+    protected readonly jwtService: JwtService;
+    protected readonly sessionService: SessionService;
+    protected readonly challengeHelper: AuthChallengeHelperService;
+    protected readonly clientInfoService: ClientInfoService;
+    protected readonly stateStore: Map<string, {
+        timestamp: number;
+        provider: string;
+    }>;
+    protected readonly userRepository: Repository<BaseUser>;
+    protected readonly phoneVerificationService?: PhoneVerificationService | undefined;
+    protected readonly auditService?: AuthAuditService | undefined;
+    protected readonly trustedDeviceService?: TrustedDeviceService | undefined;
+    abstract readonly providerName: string;
+    constructor(config: NAuthConfig, logger: NAuthLogger, authService: AuthService, socialAuthService: SocialAuthService, jwtService: JwtService, sessionService: SessionService, challengeHelper: AuthChallengeHelperService, clientInfoService: ClientInfoService, stateStore: Map<string, {
+        timestamp: number;
+        provider: string;
+    }>, userRepository: Repository<BaseUser>, phoneVerificationService?: PhoneVerificationService | undefined, auditService?: AuthAuditService | undefined, trustedDeviceService?: TrustedDeviceService | undefined);
+    protected getProviderConfig(): any;
+    abstract getAuthUrl(state?: string): Promise<string>;
+    protected abstract getOAuthProfile(code: string, state: string): Promise<OAuthUserProfile>;
+    protected abstract verifyNativeToken(idToken: string, accessToken?: string, profileData?: any): Promise<OAuthUserProfile>;
+    handleCallback(code: string, state: string): Promise<AuthResponseDTO>;
+    verifyToken(idToken: string, accessToken?: string, profileData?: any): Promise<AuthResponseDTO>;
+    linkAccount(userId: string, code: string, state: string): Promise<{
+        message: string;
+    }>;
+    getUserProfileFromCallback(code: string, state: string): Promise<OAuthUserProfile>;
+    protected validateState(state: string): void;
+    protected generateState(): string;
+    protected findOrCreateUser(profile: OAuthUserProfile, providerConfig: any): Promise<IUser>;
+    protected createSocialUser(email: string, firstName?: string | null, lastName?: string | null, isEmailVerified?: boolean, socialProvider?: string): Promise<IUser>;
+    protected createOrUpdateSocialAccount(user: IUser, profile: OAuthUserProfile): Promise<void>;
+    protected createAuthResponse(user: IUser, _deviceType: 'web' | 'mobile'): Promise<AuthResponseDTO>;
+}
+//# sourceMappingURL=social-auth-base.service.d.ts.map