npm - @nauth-toolkit/core - Versions diffs - 0.1.0 - Mend

@nauth-toolkit/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (778) hide show

package/dist/adapters/database-columns.d.ts +10 -0
package/dist/adapters/database-columns.d.ts.map +1 -0
package/dist/adapters/database-columns.js +85 -0
package/dist/adapters/database-columns.js.map +1 -0
package/dist/adapters/express.adapter.d.ts +41 -0
package/dist/adapters/express.adapter.d.ts.map +1 -0
package/dist/adapters/express.adapter.js +188 -0
package/dist/adapters/express.adapter.js.map +1 -0
package/dist/adapters/fastify.adapter.d.ts +33 -0
package/dist/adapters/fastify.adapter.d.ts.map +1 -0
package/dist/adapters/fastify.adapter.js +223 -0
package/dist/adapters/fastify.adapter.js.map +1 -0
package/dist/adapters/index.d.ts +5 -0
package/dist/adapters/index.d.ts.map +1 -0
package/dist/adapters/index.js +25 -0
package/dist/adapters/index.js.map +1 -0
package/dist/adapters/storage.factory.d.ts +7 -0
package/dist/adapters/storage.factory.d.ts.map +1 -0
package/dist/adapters/storage.factory.js +24 -0
package/dist/adapters/storage.factory.js.map +1 -0
package/dist/bootstrap.d.ts +41 -0
package/dist/bootstrap.d.ts.map +1 -0
package/dist/bootstrap.js +113 -0
package/dist/bootstrap.js.map +1 -0
package/dist/dto/auth-challenge.dto.d.ts +19 -0
package/dist/dto/auth-challenge.dto.d.ts.map +1 -0
package/dist/dto/auth-challenge.dto.js +86 -0
package/dist/dto/auth-challenge.dto.js.map +1 -0
package/dist/dto/auth-response.dto.d.ts +31 -0
package/dist/dto/auth-response.dto.d.ts.map +1 -0
package/dist/dto/auth-response.dto.js +18 -0
package/dist/dto/auth-response.dto.js.map +1 -0
package/dist/dto/challenge-response.dto.d.ts +36 -0
package/dist/dto/challenge-response.dto.d.ts.map +1 -0
package/dist/dto/challenge-response.dto.js +3 -0
package/dist/dto/challenge-response.dto.js.map +1 -0
package/dist/dto/change-password-request.dto.d.ts +5 -0
package/dist/dto/change-password-request.dto.d.ts.map +1 -0
package/dist/dto/change-password-request.dto.js +30 -0
package/dist/dto/change-password-request.dto.js.map +1 -0
package/dist/dto/change-password-response.dto.d.ts +4 -0
package/dist/dto/change-password-response.dto.d.ts.map +1 -0
package/dist/dto/change-password-response.dto.js +8 -0
package/dist/dto/change-password-response.dto.js.map +1 -0
package/dist/dto/change-password.dto.d.ts +5 -0
package/dist/dto/change-password.dto.d.ts.map +1 -0
package/dist/dto/change-password.dto.js +29 -0
package/dist/dto/change-password.dto.js.map +1 -0
package/dist/dto/error-response.dto.d.ts +9 -0
package/dist/dto/error-response.dto.d.ts.map +1 -0
package/dist/dto/error-response.dto.js +59 -0
package/dist/dto/error-response.dto.js.map +1 -0
package/dist/dto/get-available-methods.dto.d.ts +7 -0
package/dist/dto/get-available-methods.dto.d.ts.map +1 -0
package/dist/dto/get-available-methods.dto.js +33 -0
package/dist/dto/get-available-methods.dto.js.map +1 -0
package/dist/dto/get-challenge-data-response.dto.d.ts +4 -0
package/dist/dto/get-challenge-data-response.dto.d.ts.map +1 -0
package/dist/dto/get-challenge-data-response.dto.js +8 -0
package/dist/dto/get-challenge-data-response.dto.js.map +1 -0
package/dist/dto/get-challenge-data.dto.d.ts +8 -0
package/dist/dto/get-challenge-data.dto.d.ts.map +1 -0
package/dist/dto/get-challenge-data.dto.js +40 -0
package/dist/dto/get-challenge-data.dto.js.map +1 -0
package/dist/dto/get-client-info.dto.d.ts +17 -0
package/dist/dto/get-client-info.dto.d.ts.map +1 -0
package/dist/dto/get-client-info.dto.js +20 -0
package/dist/dto/get-client-info.dto.js.map +1 -0
package/dist/dto/get-device-token-response.dto.d.ts +4 -0
package/dist/dto/get-device-token-response.dto.d.ts.map +1 -0
package/dist/dto/get-device-token-response.dto.js +8 -0
package/dist/dto/get-device-token-response.dto.js.map +1 -0
package/dist/dto/get-events-by-type.dto.d.ts +17 -0
package/dist/dto/get-events-by-type.dto.d.ts.map +1 -0
package/dist/dto/get-events-by-type.dto.js +20 -0
package/dist/dto/get-events-by-type.dto.js.map +1 -0
package/dist/dto/get-ip-address-response.dto.d.ts +4 -0
package/dist/dto/get-ip-address-response.dto.d.ts.map +1 -0
package/dist/dto/get-ip-address-response.dto.js +8 -0
package/dist/dto/get-ip-address-response.dto.js.map +1 -0
package/dist/dto/get-mfa-status.dto.d.ts +16 -0
package/dist/dto/get-mfa-status.dto.d.ts.map +1 -0
package/dist/dto/get-mfa-status.dto.js +41 -0
package/dist/dto/get-mfa-status.dto.js.map +1 -0
package/dist/dto/get-risk-assessment-history.dto.d.ts +9 -0
package/dist/dto/get-risk-assessment-history.dto.d.ts.map +1 -0
package/dist/dto/get-risk-assessment-history.dto.js +13 -0
package/dist/dto/get-risk-assessment-history.dto.js.map +1 -0
package/dist/dto/get-session-id-response.dto.d.ts +4 -0
package/dist/dto/get-session-id-response.dto.d.ts.map +1 -0
package/dist/dto/get-session-id-response.dto.js +8 -0
package/dist/dto/get-session-id-response.dto.js.map +1 -0
package/dist/dto/get-setup-data-response.dto.d.ts +4 -0
package/dist/dto/get-setup-data-response.dto.d.ts.map +1 -0
package/dist/dto/get-setup-data-response.dto.js +8 -0
package/dist/dto/get-setup-data-response.dto.js.map +1 -0
package/dist/dto/get-setup-data.dto.d.ts +7 -0
package/dist/dto/get-setup-data.dto.d.ts.map +1 -0
package/dist/dto/get-setup-data.dto.js +43 -0
package/dist/dto/get-setup-data.dto.js.map +1 -0
package/dist/dto/get-suspicious-activity.dto.d.ts +9 -0
package/dist/dto/get-suspicious-activity.dto.d.ts.map +1 -0
package/dist/dto/get-suspicious-activity.dto.js +13 -0
package/dist/dto/get-suspicious-activity.dto.js.map +1 -0
package/dist/dto/get-user-agent-response.dto.d.ts +4 -0
package/dist/dto/get-user-agent-response.dto.d.ts.map +1 -0
package/dist/dto/get-user-agent-response.dto.js +8 -0
package/dist/dto/get-user-agent-response.dto.js.map +1 -0
package/dist/dto/get-user-auth-history.dto.d.ts +20 -0
package/dist/dto/get-user-auth-history.dto.d.ts.map +1 -0
package/dist/dto/get-user-auth-history.dto.js +22 -0
package/dist/dto/get-user-auth-history.dto.js.map +1 -0
package/dist/dto/get-user-by-email.dto.d.ts +5 -0
package/dist/dto/get-user-by-email.dto.d.ts.map +1 -0
package/dist/dto/get-user-by-email.dto.js +36 -0
package/dist/dto/get-user-by-email.dto.js.map +1 -0
package/dist/dto/get-user-by-id.dto.d.ts +4 -0
package/dist/dto/get-user-by-id.dto.d.ts.map +1 -0
package/dist/dto/get-user-by-id.dto.js +29 -0
package/dist/dto/get-user-by-id.dto.js.map +1 -0
package/dist/dto/get-user-devices.dto.d.ts +8 -0
package/dist/dto/get-user-devices.dto.d.ts.map +1 -0
package/dist/dto/get-user-devices.dto.js +33 -0
package/dist/dto/get-user-devices.dto.js.map +1 -0
package/dist/dto/get-user-response.dto.d.ts +2 -0
package/dist/dto/get-user-response.dto.d.ts.map +1 -0
package/dist/dto/get-user-response.dto.js +6 -0
package/dist/dto/get-user-response.dto.js.map +1 -0
package/dist/dto/has-provider.dto.d.ts +7 -0
package/dist/dto/has-provider.dto.d.ts.map +1 -0
package/dist/dto/has-provider.dto.js +38 -0
package/dist/dto/has-provider.dto.js.map +1 -0
package/dist/dto/index.d.ts +51 -0
package/dist/dto/index.d.ts.map +1 -0
package/dist/dto/index.js +67 -0
package/dist/dto/index.js.map +1 -0
package/dist/dto/is-trusted-device-response.dto.d.ts +4 -0
package/dist/dto/is-trusted-device-response.dto.d.ts.map +1 -0
package/dist/dto/is-trusted-device-response.dto.js +8 -0
package/dist/dto/is-trusted-device-response.dto.js.map +1 -0
package/dist/dto/list-providers-response.dto.d.ts +4 -0
package/dist/dto/list-providers-response.dto.d.ts.map +1 -0
package/dist/dto/list-providers-response.dto.js +8 -0
package/dist/dto/list-providers-response.dto.js.map +1 -0
package/dist/dto/login.dto.d.ts +7 -0
package/dist/dto/login.dto.d.ts.map +1 -0
package/dist/dto/login.dto.js +68 -0
package/dist/dto/login.dto.js.map +1 -0
package/dist/dto/logout-all-response.dto.d.ts +4 -0
package/dist/dto/logout-all-response.dto.d.ts.map +1 -0
package/dist/dto/logout-all-response.dto.js +8 -0
package/dist/dto/logout-all-response.dto.js.map +1 -0
package/dist/dto/logout-all.dto.d.ts +5 -0
package/dist/dto/logout-all.dto.d.ts.map +1 -0
package/dist/dto/logout-all.dto.js +42 -0
package/dist/dto/logout-all.dto.js.map +1 -0
package/dist/dto/logout-response.dto.d.ts +4 -0
package/dist/dto/logout-response.dto.d.ts.map +1 -0
package/dist/dto/logout-response.dto.js +8 -0
package/dist/dto/logout-response.dto.js.map +1 -0
package/dist/dto/logout.dto.d.ts +5 -0
package/dist/dto/logout.dto.d.ts.map +1 -0
package/dist/dto/logout.dto.js +36 -0
package/dist/dto/logout.dto.js.map +1 -0
package/dist/dto/refresh-token.dto.d.ts +4 -0
package/dist/dto/refresh-token.dto.d.ts.map +1 -0
package/dist/dto/refresh-token.dto.js +24 -0
package/dist/dto/refresh-token.dto.js.map +1 -0
package/dist/dto/remove-devices.dto.d.ts +9 -0
package/dist/dto/remove-devices.dto.d.ts.map +1 -0
package/dist/dto/remove-devices.dto.js +50 -0
package/dist/dto/remove-devices.dto.js.map +1 -0
package/dist/dto/resend-code-response.dto.d.ts +4 -0
package/dist/dto/resend-code-response.dto.d.ts.map +1 -0
package/dist/dto/resend-code-response.dto.js +8 -0
package/dist/dto/resend-code-response.dto.js.map +1 -0
package/dist/dto/resend-code.dto.d.ts +4 -0
package/dist/dto/resend-code.dto.d.ts.map +1 -0
package/dist/dto/resend-code.dto.js +29 -0
package/dist/dto/resend-code.dto.js.map +1 -0
package/dist/dto/reset-password.dto.d.ts +8 -0
package/dist/dto/reset-password.dto.d.ts.map +1 -0
package/dist/dto/reset-password.dto.js +61 -0
package/dist/dto/reset-password.dto.js.map +1 -0
package/dist/dto/respond-challenge.dto.d.ts +33 -0
package/dist/dto/respond-challenge.dto.d.ts.map +1 -0
package/dist/dto/respond-challenge.dto.js +131 -0
package/dist/dto/respond-challenge.dto.js.map +1 -0
package/dist/dto/set-mfa-exemption.dto.d.ts +12 -0
package/dist/dto/set-mfa-exemption.dto.d.ts.map +1 -0
package/dist/dto/set-mfa-exemption.dto.js +66 -0
package/dist/dto/set-mfa-exemption.dto.js.map +1 -0
package/dist/dto/set-must-change-password-response.dto.d.ts +4 -0
package/dist/dto/set-must-change-password-response.dto.d.ts.map +1 -0
package/dist/dto/set-must-change-password-response.dto.js +8 -0
package/dist/dto/set-must-change-password-response.dto.js.map +1 -0
package/dist/dto/set-must-change-password.dto.d.ts +4 -0
package/dist/dto/set-must-change-password.dto.d.ts.map +1 -0
package/dist/dto/set-must-change-password.dto.js +29 -0
package/dist/dto/set-must-change-password.dto.js.map +1 -0
package/dist/dto/set-preferred-method.dto.d.ts +8 -0
package/dist/dto/set-preferred-method.dto.d.ts.map +1 -0
package/dist/dto/set-preferred-method.dto.js +49 -0
package/dist/dto/set-preferred-method.dto.js.map +1 -0
package/dist/dto/setup-mfa.dto.d.ts +9 -0
package/dist/dto/setup-mfa.dto.d.ts.map +1 -0
package/dist/dto/setup-mfa.dto.js +55 -0
package/dist/dto/setup-mfa.dto.js.map +1 -0
package/dist/dto/signup.dto.d.ts +10 -0
package/dist/dto/signup.dto.d.ts.map +1 -0
package/dist/dto/signup.dto.js +109 -0
package/dist/dto/signup.dto.js.map +1 -0
package/dist/dto/social-auth.dto.d.ts +54 -0
package/dist/dto/social-auth.dto.d.ts.map +1 -0
package/dist/dto/social-auth.dto.js +232 -0
package/dist/dto/social-auth.dto.js.map +1 -0
package/dist/dto/trust-device-response.dto.d.ts +4 -0
package/dist/dto/trust-device-response.dto.d.ts.map +1 -0
package/dist/dto/trust-device-response.dto.js +8 -0
package/dist/dto/trust-device-response.dto.js.map +1 -0
package/dist/dto/trust-device.dto.d.ts +1 -0
package/dist/dto/trust-device.dto.d.ts.map +1 -0
package/dist/dto/trust-device.dto.js +2 -0
package/dist/dto/trust-device.dto.js.map +1 -0
package/dist/dto/update-user-attributes-request.dto.d.ts +5 -0
package/dist/dto/update-user-attributes-request.dto.d.ts.map +1 -0
package/dist/dto/update-user-attributes-request.dto.js +30 -0
package/dist/dto/update-user-attributes-request.dto.js.map +1 -0
package/dist/dto/user-response.dto.d.ts +20 -0
package/dist/dto/user-response.dto.d.ts.map +1 -0
package/dist/dto/user-response.dto.js +42 -0
package/dist/dto/user-response.dto.js.map +1 -0
package/dist/dto/user-update.dto.d.ts +12 -0
package/dist/dto/user-update.dto.d.ts.map +1 -0
package/dist/dto/user-update.dto.js +119 -0
package/dist/dto/user-update.dto.js.map +1 -0
package/dist/dto/verify-email.dto.d.ts +29 -0
package/dist/dto/verify-email.dto.d.ts.map +1 -0
package/dist/dto/verify-email.dto.js +161 -0
package/dist/dto/verify-email.dto.js.map +1 -0
package/dist/dto/verify-mfa-code.dto.d.ts +10 -0
package/dist/dto/verify-mfa-code.dto.d.ts.map +1 -0
package/dist/dto/verify-mfa-code.dto.js +56 -0
package/dist/dto/verify-mfa-code.dto.js.map +1 -0
package/dist/dto/verify-phone-by-sub.dto.d.ts +6 -0
package/dist/dto/verify-phone-by-sub.dto.d.ts.map +1 -0
package/dist/dto/verify-phone-by-sub.dto.js +49 -0
package/dist/dto/verify-phone-by-sub.dto.js.map +1 -0
package/dist/dto/verify-phone.dto.d.ts +24 -0
package/dist/dto/verify-phone.dto.d.ts.map +1 -0
package/dist/dto/verify-phone.dto.js +124 -0
package/dist/dto/verify-phone.dto.js.map +1 -0
package/dist/entities/auth-audit.entity.d.ts +31 -0
package/dist/entities/auth-audit.entity.d.ts.map +1 -0
package/dist/entities/auth-audit.entity.js +33 -0
package/dist/entities/auth-audit.entity.js.map +1 -0
package/dist/entities/challenge-session.entity.d.ts +17 -0
package/dist/entities/challenge-session.entity.d.ts.map +1 -0
package/dist/entities/challenge-session.entity.js +21 -0
package/dist/entities/challenge-session.entity.js.map +1 -0
package/dist/entities/index.d.ts +12 -0
package/dist/entities/index.d.ts.map +1 -0
package/dist/entities/index.js +26 -0
package/dist/entities/index.js.map +1 -0
package/dist/entities/login-attempt.entity.d.ts +13 -0
package/dist/entities/login-attempt.entity.d.ts.map +1 -0
package/dist/entities/login-attempt.entity.js +17 -0
package/dist/entities/login-attempt.entity.js.map +1 -0
package/dist/entities/mfa-device.entity.d.ts +22 -0
package/dist/entities/mfa-device.entity.d.ts.map +1 -0
package/dist/entities/mfa-device.entity.js +25 -0
package/dist/entities/mfa-device.entity.js.map +1 -0
package/dist/entities/rate-limit.entity.d.ts +9 -0
package/dist/entities/rate-limit.entity.d.ts.map +1 -0
package/dist/entities/rate-limit.entity.js +13 -0
package/dist/entities/rate-limit.entity.js.map +1 -0
package/dist/entities/session.entity.d.ts +32 -0
package/dist/entities/session.entity.d.ts.map +1 -0
package/dist/entities/session.entity.js +36 -0
package/dist/entities/session.entity.js.map +1 -0
package/dist/entities/social-account.entity.d.ts +13 -0
package/dist/entities/social-account.entity.d.ts.map +1 -0
package/dist/entities/social-account.entity.js +17 -0
package/dist/entities/social-account.entity.js.map +1 -0
package/dist/entities/storage-lock.entity.d.ts +8 -0
package/dist/entities/storage-lock.entity.d.ts.map +1 -0
package/dist/entities/storage-lock.entity.js +12 -0
package/dist/entities/storage-lock.entity.js.map +1 -0
package/dist/entities/trusted-device.entity.d.ts +17 -0
package/dist/entities/trusted-device.entity.d.ts.map +1 -0
package/dist/entities/trusted-device.entity.js +21 -0
package/dist/entities/trusted-device.entity.js.map +1 -0
package/dist/entities/user.entity.d.ts +41 -0
package/dist/entities/user.entity.d.ts.map +1 -0
package/dist/entities/user.entity.js +45 -0
package/dist/entities/user.entity.js.map +1 -0
package/dist/entities/verification-token.entity.d.ts +19 -0
package/dist/entities/verification-token.entity.d.ts.map +1 -0
package/dist/entities/verification-token.entity.js +29 -0
package/dist/entities/verification-token.entity.js.map +1 -0
package/dist/enums/auth-audit-event-type.enum.d.ts +55 -0
package/dist/enums/auth-audit-event-type.enum.d.ts.map +1 -0
package/dist/enums/auth-audit-event-type.enum.js +59 -0
package/dist/enums/auth-audit-event-type.enum.js.map +1 -0
package/dist/enums/error-codes.enum.d.ts +53 -0
package/dist/enums/error-codes.enum.d.ts.map +1 -0
package/dist/enums/error-codes.enum.js +57 -0
package/dist/enums/error-codes.enum.js.map +1 -0
package/dist/enums/mfa-method.enum.d.ts +11 -0
package/dist/enums/mfa-method.enum.d.ts.map +1 -0
package/dist/enums/mfa-method.enum.js +18 -0
package/dist/enums/mfa-method.enum.js.map +1 -0
package/dist/enums/risk-factor.enum.d.ts +14 -0
package/dist/enums/risk-factor.enum.d.ts.map +1 -0
package/dist/enums/risk-factor.enum.js +18 -0
package/dist/enums/risk-factor.enum.js.map +1 -0
package/dist/exceptions/nauth.exception.d.ts +18 -0
package/dist/exceptions/nauth.exception.d.ts.map +1 -0
package/dist/exceptions/nauth.exception.js +64 -0
package/dist/exceptions/nauth.exception.js.map +1 -0
package/dist/handlers/auth.handler.d.ts +18 -0
package/dist/handlers/auth.handler.d.ts.map +1 -0
package/dist/handlers/auth.handler.js +173 -0
package/dist/handlers/auth.handler.js.map +1 -0
package/dist/handlers/client-info.handler.d.ts +12 -0
package/dist/handlers/client-info.handler.d.ts.map +1 -0
package/dist/handlers/client-info.handler.js +61 -0
package/dist/handlers/client-info.handler.js.map +1 -0
package/dist/handlers/csrf.handler.d.ts +13 -0
package/dist/handlers/csrf.handler.d.ts.map +1 -0
package/dist/handlers/csrf.handler.js +84 -0
package/dist/handlers/csrf.handler.js.map +1 -0
package/dist/handlers/token-delivery.handler.d.ts +12 -0
package/dist/handlers/token-delivery.handler.d.ts.map +1 -0
package/dist/handlers/token-delivery.handler.js +86 -0
package/dist/handlers/token-delivery.handler.js.map +1 -0
package/dist/index.d.ts +27 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +51 -0
package/dist/index.js.map +1 -0
package/dist/interfaces/client-info.interface.d.ts +16 -0
package/dist/interfaces/client-info.interface.d.ts.map +1 -0
package/dist/interfaces/client-info.interface.js +3 -0
package/dist/interfaces/client-info.interface.js.map +1 -0
package/dist/interfaces/config.interface.d.ts +279 -0
package/dist/interfaces/config.interface.d.ts.map +1 -0
package/dist/interfaces/config.interface.js +3 -0
package/dist/interfaces/config.interface.js.map +1 -0
package/dist/interfaces/entities.interface.d.ts +169 -0
package/dist/interfaces/entities.interface.d.ts.map +1 -0
package/dist/interfaces/entities.interface.js +3 -0
package/dist/interfaces/entities.interface.js.map +1 -0
package/dist/interfaces/index.d.ts +11 -0
package/dist/interfaces/index.d.ts.map +1 -0
package/dist/interfaces/index.js +27 -0
package/dist/interfaces/index.js.map +1 -0
package/dist/interfaces/logger.interface.d.ts +43 -0
package/dist/interfaces/logger.interface.d.ts.map +1 -0
package/dist/interfaces/logger.interface.js +12 -0
package/dist/interfaces/logger.interface.js.map +1 -0
package/dist/interfaces/mfa-provider.interface.d.ts +12 -0
package/dist/interfaces/mfa-provider.interface.d.ts.map +1 -0
package/dist/interfaces/mfa-provider.interface.js +3 -0
package/dist/interfaces/mfa-provider.interface.js.map +1 -0
package/dist/interfaces/oauth.interface.d.ts +24 -0
package/dist/interfaces/oauth.interface.d.ts.map +1 -0
package/dist/interfaces/oauth.interface.js +3 -0
package/dist/interfaces/oauth.interface.js.map +1 -0
package/dist/interfaces/provider.interface.d.ts +12 -0
package/dist/interfaces/provider.interface.d.ts.map +1 -0
package/dist/interfaces/provider.interface.js +3 -0
package/dist/interfaces/provider.interface.js.map +1 -0
package/dist/interfaces/social-auth-provider.interface.d.ts +13 -0
package/dist/interfaces/social-auth-provider.interface.d.ts.map +1 -0
package/dist/interfaces/social-auth-provider.interface.js +3 -0
package/dist/interfaces/social-auth-provider.interface.js.map +1 -0
package/dist/interfaces/storage-adapter.interface.d.ts +39 -0
package/dist/interfaces/storage-adapter.interface.d.ts.map +1 -0
package/dist/interfaces/storage-adapter.interface.js +3 -0
package/dist/interfaces/storage-adapter.interface.js.map +1 -0
package/dist/interfaces/template.interface.d.ts +99 -0
package/dist/interfaces/template.interface.d.ts.map +1 -0
package/dist/interfaces/template.interface.js +15 -0
package/dist/interfaces/template.interface.js.map +1 -0
package/dist/interfaces/token-verifier.interface.d.ts +7 -0
package/dist/interfaces/token-verifier.interface.d.ts.map +1 -0
package/dist/interfaces/token-verifier.interface.js +3 -0
package/dist/interfaces/token-verifier.interface.js.map +1 -0
package/dist/internal.d.ts +20 -0
package/dist/internal.d.ts.map +1 -0
package/dist/internal.js +53 -0
package/dist/internal.js.map +1 -0
package/dist/platform/interfaces.d.ts +56 -0
package/dist/platform/interfaces.d.ts.map +1 -0
package/dist/platform/interfaces.js +3 -0
package/dist/platform/interfaces.js.map +1 -0
package/dist/schemas/auth-config.schema.d.ts +3411 -0
package/dist/schemas/auth-config.schema.d.ts.map +1 -0
package/dist/schemas/auth-config.schema.js +428 -0
package/dist/schemas/auth-config.schema.js.map +1 -0
package/dist/services/adaptive-mfa-decision.service.d.ts +39 -0
package/dist/services/adaptive-mfa-decision.service.d.ts.map +1 -0
package/dist/services/adaptive-mfa-decision.service.js +223 -0
package/dist/services/adaptive-mfa-decision.service.js.map +1 -0
package/dist/services/auth-audit.service.d.ts +44 -0
package/dist/services/auth-audit.service.d.ts.map +1 -0
package/dist/services/auth-audit.service.js +241 -0
package/dist/services/auth-audit.service.js.map +1 -0
package/dist/services/auth-challenge-helper.service.d.ts +48 -0
package/dist/services/auth-challenge-helper.service.d.ts.map +1 -0
package/dist/services/auth-challenge-helper.service.js +425 -0
package/dist/services/auth-challenge-helper.service.js.map +1 -0
package/dist/services/auth-flow-context-builder.service.d.ts +31 -0
package/dist/services/auth-flow-context-builder.service.d.ts.map +1 -0
package/dist/services/auth-flow-context-builder.service.js +253 -0
package/dist/services/auth-flow-context-builder.service.js.map +1 -0
package/dist/services/auth-flow-rules.d.ts +18 -0
package/dist/services/auth-flow-rules.d.ts.map +1 -0
package/dist/services/auth-flow-rules.js +55 -0
package/dist/services/auth-flow-rules.js.map +1 -0
package/dist/services/auth-flow-state-definitions.d.ts +5 -0
package/dist/services/auth-flow-state-definitions.d.ts.map +1 -0
package/dist/services/auth-flow-state-definitions.js +87 -0
package/dist/services/auth-flow-state-definitions.js.map +1 -0
package/dist/services/auth-flow-state-machine.service.d.ts +17 -0
package/dist/services/auth-flow-state-machine.service.d.ts.map +1 -0
package/dist/services/auth-flow-state-machine.service.js +91 -0
package/dist/services/auth-flow-state-machine.service.js.map +1 -0
package/dist/services/auth-flow-state-machine.types.d.ts +55 -0
package/dist/services/auth-flow-state-machine.types.d.ts.map +1 -0
package/dist/services/auth-flow-state-machine.types.js +16 -0
package/dist/services/auth-flow-state-machine.types.js.map +1 -0
package/dist/services/auth.service.d.ts +87 -0
package/dist/services/auth.service.d.ts.map +1 -0
package/dist/services/auth.service.js +2356 -0
package/dist/services/auth.service.js.map +1 -0
package/dist/services/challenge.service.d.ts +32 -0
package/dist/services/challenge.service.d.ts.map +1 -0
package/dist/services/challenge.service.js +293 -0
package/dist/services/challenge.service.js.map +1 -0
package/dist/services/client-info.service.d.ts +20 -0
package/dist/services/client-info.service.d.ts.map +1 -0
package/dist/services/client-info.service.js +202 -0
package/dist/services/client-info.service.js.map +1 -0
package/dist/services/csrf.service.d.ts +13 -0
package/dist/services/csrf.service.d.ts.map +1 -0
package/dist/services/csrf.service.js +67 -0
package/dist/services/csrf.service.js.map +1 -0
package/dist/services/email-verification.service.d.ts +30 -0
package/dist/services/email-verification.service.d.ts.map +1 -0
package/dist/services/email-verification.service.js +373 -0
package/dist/services/email-verification.service.js.map +1 -0
package/dist/services/geo-location.service.d.ts +85 -0
package/dist/services/geo-location.service.d.ts.map +1 -0
package/dist/services/geo-location.service.js +338 -0
package/dist/services/geo-location.service.js.map +1 -0
package/dist/services/index.d.ts +14 -0
package/dist/services/index.d.ts.map +1 -0
package/dist/services/index.js +30 -0
package/dist/services/index.js.map +1 -0
package/dist/services/jwt.service.d.ts +62 -0
package/dist/services/jwt.service.d.ts.map +1 -0
package/dist/services/jwt.service.js +261 -0
package/dist/services/jwt.service.js.map +1 -0
package/dist/services/mfa-base.service.d.ts +37 -0
package/dist/services/mfa-base.service.d.ts.map +1 -0
package/dist/services/mfa-base.service.js +297 -0
package/dist/services/mfa-base.service.js.map +1 -0
package/dist/services/mfa.service.d.ts +35 -0
package/dist/services/mfa.service.d.ts.map +1 -0
package/dist/services/mfa.service.js +449 -0
package/dist/services/mfa.service.js.map +1 -0
package/dist/services/password.service.d.ts +19 -0
package/dist/services/password.service.d.ts.map +1 -0
package/dist/services/password.service.js +150 -0
package/dist/services/password.service.js.map +1 -0
package/dist/services/phone-verification.service.d.ts +32 -0
package/dist/services/phone-verification.service.d.ts.map +1 -0
package/dist/services/phone-verification.service.js +474 -0
package/dist/services/phone-verification.service.js.map +1 -0
package/dist/services/risk-detection.service.d.ts +30 -0
package/dist/services/risk-detection.service.d.ts.map +1 -0
package/dist/services/risk-detection.service.js +518 -0
package/dist/services/risk-detection.service.js.map +1 -0
package/dist/services/risk-scoring.service.d.ts +12 -0
package/dist/services/risk-scoring.service.d.ts.map +1 -0
package/dist/services/risk-scoring.service.js +44 -0
package/dist/services/risk-scoring.service.js.map +1 -0
package/dist/services/session.service.d.ts +64 -0
package/dist/services/session.service.d.ts.map +1 -0
package/dist/services/session.service.js +455 -0
package/dist/services/session.service.js.map +1 -0
package/dist/services/social-auth-base.service.d.ts +57 -0
package/dist/services/social-auth-base.service.d.ts.map +1 -0
package/dist/services/social-auth-base.service.js +340 -0
package/dist/services/social-auth-base.service.js.map +1 -0
package/dist/services/social-auth.service.d.ts +31 -0
package/dist/services/social-auth.service.d.ts.map +1 -0
package/dist/services/social-auth.service.js +172 -0
package/dist/services/social-auth.service.js.map +1 -0
package/dist/services/social-provider-registry.service.d.ts +9 -0
package/dist/services/social-provider-registry.service.d.ts.map +1 -0
package/dist/services/social-provider-registry.service.js +30 -0
package/dist/services/social-provider-registry.service.js.map +1 -0
package/dist/services/trusted-device.service.d.ts +29 -0
package/dist/services/trusted-device.service.d.ts.map +1 -0
package/dist/services/trusted-device.service.js +190 -0
package/dist/services/trusted-device.service.js.map +1 -0
package/dist/storage/account-lockout-storage.service.d.ts +16 -0
package/dist/storage/account-lockout-storage.service.d.ts.map +1 -0
package/dist/storage/account-lockout-storage.service.js +50 -0
package/dist/storage/account-lockout-storage.service.js.map +1 -0
package/dist/storage/index.d.ts +4 -0
package/dist/storage/index.d.ts.map +1 -0
package/dist/storage/index.js +20 -0
package/dist/storage/index.js.map +1 -0
package/dist/storage/memory-storage.adapter.d.ts +33 -0
package/dist/storage/memory-storage.adapter.d.ts.map +1 -0
package/dist/storage/memory-storage.adapter.js +195 -0
package/dist/storage/memory-storage.adapter.js.map +1 -0
package/dist/storage/rate-limit-storage.service.d.ts +11 -0
package/dist/storage/rate-limit-storage.service.d.ts.map +1 -0
package/dist/storage/rate-limit-storage.service.js +33 -0
package/dist/storage/rate-limit-storage.service.js.map +1 -0
package/dist/templates/html-template.engine.d.ts +16 -0
package/dist/templates/html-template.engine.d.ts.map +1 -0
package/dist/templates/html-template.engine.js +502 -0
package/dist/templates/html-template.engine.js.map +1 -0
package/dist/templates/index.d.ts +2 -0
package/dist/templates/index.d.ts.map +1 -0
package/dist/templates/index.js +18 -0
package/dist/templates/index.js.map +1 -0
package/dist/utils/common-passwords.d.ts +4 -0
package/dist/utils/common-passwords.d.ts.map +1 -0
package/dist/utils/common-passwords.js +108 -0
package/dist/utils/common-passwords.js.map +1 -0
package/dist/utils/context-storage.d.ts +13 -0
package/dist/utils/context-storage.d.ts.map +1 -0
package/dist/utils/context-storage.js +54 -0
package/dist/utils/context-storage.js.map +1 -0
package/dist/utils/cookie-names.util.d.ts +7 -0
package/dist/utils/cookie-names.util.d.ts.map +1 -0
package/dist/utils/cookie-names.util.js +30 -0
package/dist/utils/cookie-names.util.js.map +1 -0
package/dist/utils/cookies.util.d.ts +12 -0
package/dist/utils/cookies.util.d.ts.map +1 -0
package/dist/utils/cookies.util.js +48 -0
package/dist/utils/cookies.util.js.map +1 -0
package/dist/utils/index.d.ts +8 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +24 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/ip-extractor.d.ts +12 -0
package/dist/utils/ip-extractor.d.ts.map +1 -0
package/dist/utils/ip-extractor.js +88 -0
package/dist/utils/ip-extractor.js.map +1 -0
package/dist/utils/nauth-logger.d.ts +20 -0
package/dist/utils/nauth-logger.d.ts.map +1 -0
package/dist/utils/nauth-logger.js +129 -0
package/dist/utils/nauth-logger.js.map +1 -0
package/dist/utils/pii-redactor.d.ts +16 -0
package/dist/utils/pii-redactor.d.ts.map +1 -0
package/dist/utils/pii-redactor.js +147 -0
package/dist/utils/pii-redactor.js.map +1 -0
package/dist/utils/setup/get-repositories.d.ts +16 -0
package/dist/utils/setup/get-repositories.d.ts.map +1 -0
package/dist/utils/setup/get-repositories.js +36 -0
package/dist/utils/setup/get-repositories.js.map +1 -0
package/dist/utils/setup/init-services.d.ts +41 -0
package/dist/utils/setup/init-services.d.ts.map +1 -0
package/dist/utils/setup/init-services.js +107 -0
package/dist/utils/setup/init-services.js.map +1 -0
package/dist/utils/setup/init-social.d.ts +13 -0
package/dist/utils/setup/init-social.d.ts.map +1 -0
package/dist/utils/setup/init-social.js +77 -0
package/dist/utils/setup/init-social.js.map +1 -0
package/dist/utils/setup/init-storage.d.ts +4 -0
package/dist/utils/setup/init-storage.d.ts.map +1 -0
package/dist/utils/setup/init-storage.js +79 -0
package/dist/utils/setup/init-storage.js.map +1 -0
package/dist/utils/setup/register-mfa.d.ts +5 -0
package/dist/utils/setup/register-mfa.d.ts.map +1 -0
package/dist/utils/setup/register-mfa.js +85 -0
package/dist/utils/setup/register-mfa.js.map +1 -0
package/dist/utils/setup/run-nauth-migrations.d.ts +5 -0
package/dist/utils/setup/run-nauth-migrations.d.ts.map +1 -0
package/dist/utils/setup/run-nauth-migrations.js +67 -0
package/dist/utils/setup/run-nauth-migrations.js.map +1 -0
package/dist/utils/token-delivery-policy.d.ts +6 -0
package/dist/utils/token-delivery-policy.d.ts.map +1 -0
package/dist/utils/token-delivery-policy.js +15 -0
package/dist/utils/token-delivery-policy.js.map +1 -0
package/dist/validators/template.validator.d.ts +7 -0
package/dist/validators/template.validator.d.ts.map +1 -0
package/dist/validators/template.validator.js +95 -0
package/dist/validators/template.validator.js.map +1 -0
package/jest.config.js +15 -0
package/jest.setup.ts +6 -0
package/package.json +73 -0
package/src/adapters/database-columns.ts +165 -0
package/src/adapters/express.adapter.ts +385 -0
package/src/adapters/fastify.adapter.ts +416 -0
package/src/adapters/index.ts +16 -0
package/src/adapters/storage.factory.ts +143 -0
package/src/bootstrap.ts +374 -0
package/src/dto/auth-challenge.dto.ts +231 -0
package/src/dto/auth-response.dto.ts +253 -0
package/src/dto/challenge-response.dto.ts +234 -0
package/src/dto/change-password-request.dto.ts +50 -0
package/src/dto/change-password-response.dto.ts +29 -0
package/src/dto/change-password.dto.ts +57 -0
package/src/dto/error-response.dto.ts +136 -0
package/src/dto/get-available-methods.dto.ts +55 -0
package/src/dto/get-challenge-data-response.dto.ts +28 -0
package/src/dto/get-challenge-data.dto.ts +69 -0
package/src/dto/get-client-info.dto.ts +104 -0
package/src/dto/get-device-token-response.dto.ts +25 -0
package/src/dto/get-events-by-type.dto.ts +76 -0
package/src/dto/get-ip-address-response.dto.ts +24 -0
package/src/dto/get-mfa-status.dto.ts +94 -0
package/src/dto/get-risk-assessment-history.dto.ts +39 -0
package/src/dto/get-session-id-response.dto.ts +25 -0
package/src/dto/get-setup-data-response.dto.ts +31 -0
package/src/dto/get-setup-data.dto.ts +75 -0
package/src/dto/get-suspicious-activity.dto.ts +42 -0
package/src/dto/get-user-agent-response.dto.ts +23 -0
package/src/dto/get-user-auth-history.dto.ts +95 -0
package/src/dto/get-user-by-email.dto.ts +61 -0
package/src/dto/get-user-by-id.dto.ts +46 -0
package/src/dto/get-user-devices.dto.ts +53 -0
package/src/dto/get-user-response.dto.ts +17 -0
package/src/dto/has-provider.dto.ts +56 -0
package/src/dto/index.ts +57 -0
package/src/dto/is-trusted-device-response.dto.ts +34 -0
package/src/dto/list-providers-response.dto.ts +23 -0
package/src/dto/login.dto.ts +95 -0
package/src/dto/logout-all-response.dto.ts +24 -0
package/src/dto/logout-all.dto.ts +65 -0
package/src/dto/logout-response.dto.ts +25 -0
package/src/dto/logout.dto.ts +64 -0
package/src/dto/refresh-token.dto.ts +36 -0
package/src/dto/remove-devices.dto.ts +85 -0
package/src/dto/resend-code-response.dto.ts +32 -0
package/src/dto/resend-code.dto.ts +51 -0
package/src/dto/reset-password.dto.ts +115 -0
package/src/dto/respond-challenge.dto.ts +272 -0
package/src/dto/set-mfa-exemption.dto.ts +112 -0
package/src/dto/set-must-change-password-response.dto.ts +27 -0
package/src/dto/set-must-change-password.dto.ts +46 -0
package/src/dto/set-preferred-method.dto.ts +80 -0
package/src/dto/setup-mfa.dto.ts +98 -0
package/src/dto/signup.dto.ts +174 -0
package/src/dto/social-auth.dto.ts +422 -0
package/src/dto/trust-device-response.dto.ts +30 -0
package/src/dto/trust-device.dto.ts +9 -0
package/src/dto/update-user-attributes-request.dto.ts +51 -0
package/src/dto/user-response.dto.ts +138 -0
package/src/dto/user-update.dto.ts +222 -0
package/src/dto/verify-email.dto.ts +313 -0
package/src/dto/verify-mfa-code.dto.ts +103 -0
package/src/dto/verify-phone-by-sub.dto.ts +78 -0
package/src/dto/verify-phone.dto.ts +245 -0
package/src/entities/auth-audit.entity.ts +232 -0
package/src/entities/challenge-session.entity.ts +116 -0
package/src/entities/index.ts +29 -0
package/src/entities/login-attempt.entity.ts +64 -0
package/src/entities/mfa-device.entity.ts +151 -0
package/src/entities/rate-limit.entity.ts +44 -0
package/src/entities/session.entity.ts +180 -0
package/src/entities/social-account.entity.ts +96 -0
package/src/entities/storage-lock.entity.ts +39 -0
package/src/entities/trusted-device.entity.ts +112 -0
package/src/entities/user.entity.ts +243 -0
package/src/entities/verification-token.entity.ts +141 -0
package/src/enums/auth-audit-event-type.enum.ts +360 -0
package/src/enums/error-codes.enum.ts +420 -0
package/src/enums/mfa-method.enum.ts +97 -0
package/src/enums/risk-factor.enum.ts +111 -0
package/src/exceptions/nauth.exception.ts +231 -0
package/src/handlers/auth.handler.ts +260 -0
package/src/handlers/client-info.handler.ts +101 -0
package/src/handlers/csrf.handler.ts +156 -0
package/src/handlers/token-delivery.handler.ts +118 -0
package/src/index.ts +118 -0
package/src/interfaces/client-info.interface.ts +85 -0
package/src/interfaces/config.interface.ts +2135 -0
package/src/interfaces/entities.interface.ts +226 -0
package/src/interfaces/index.ts +15 -0
package/src/interfaces/logger.interface.ts +283 -0
package/src/interfaces/mfa-provider.interface.ts +154 -0
package/src/interfaces/oauth.interface.ts +148 -0
package/src/interfaces/provider.interface.ts +47 -0
package/src/interfaces/social-auth-provider.interface.ts +131 -0
package/src/interfaces/storage-adapter.interface.ts +82 -0
package/src/interfaces/template.interface.ts +510 -0
package/src/interfaces/token-verifier.interface.ts +110 -0
package/src/internal.ts +178 -0
package/src/platform/interfaces.ts +299 -0
package/src/schemas/auth-config.schema.ts +646 -0
package/src/services/adaptive-mfa-decision.service.spec.ts +1058 -0
package/src/services/adaptive-mfa-decision.service.ts +457 -0
package/src/services/auth-audit.service.spec.ts +675 -0
package/src/services/auth-audit.service.ts +558 -0
package/src/services/auth-challenge-helper.service.spec.ts +3227 -0
package/src/services/auth-challenge-helper.service.ts +825 -0
package/src/services/auth-flow-context-builder.service.ts +520 -0
package/src/services/auth-flow-rules.ts +202 -0
package/src/services/auth-flow-state-definitions.ts +190 -0
package/src/services/auth-flow-state-machine.service.ts +207 -0
package/src/services/auth-flow-state-machine.types.ts +316 -0
package/src/services/auth.service.spec.ts +4195 -0
package/src/services/auth.service.ts +3727 -0
package/src/services/challenge.service.spec.ts +1363 -0
package/src/services/challenge.service.ts +696 -0
package/src/services/client-info.service.spec.ts +572 -0
package/src/services/client-info.service.ts +374 -0
package/src/services/csrf.service.ts +54 -0
package/src/services/email-verification.service.spec.ts +1229 -0
package/src/services/email-verification.service.ts +578 -0
package/src/services/geo-location.service.spec.ts +603 -0
package/src/services/geo-location.service.ts +599 -0
package/src/services/index.ts +13 -0
package/src/services/jwt.service.spec.ts +882 -0
package/src/services/jwt.service.ts +621 -0
package/src/services/mfa-base.service.spec.ts +246 -0
package/src/services/mfa-base.service.ts +611 -0
package/src/services/mfa.service.spec.ts +693 -0
package/src/services/mfa.service.ts +960 -0
package/src/services/password.service.spec.ts +166 -0
package/src/services/password.service.ts +309 -0
package/src/services/phone-verification.service.spec.ts +1120 -0
package/src/services/phone-verification.service.ts +751 -0
package/src/services/risk-detection.service.spec.ts +1292 -0
package/src/services/risk-detection.service.ts +1012 -0
package/src/services/risk-scoring.service.spec.ts +204 -0
package/src/services/risk-scoring.service.ts +131 -0
package/src/services/session.service.spec.ts +1293 -0
package/src/services/session.service.ts +803 -0
package/src/services/social-account.service.spec.ts +725 -0
package/src/services/social-auth-base.service.spec.ts +418 -0
package/src/services/social-auth-base.service.ts +581 -0
package/src/services/social-auth.service.spec.ts +238 -0
package/src/services/social-auth.service.ts +436 -0
package/src/services/social-provider-registry.service.spec.ts +238 -0
package/src/services/social-provider-registry.service.ts +122 -0
package/src/services/trusted-device.service.spec.ts +505 -0
package/src/services/trusted-device.service.ts +339 -0
package/src/storage/account-lockout-storage.service.spec.ts +310 -0
package/src/storage/account-lockout-storage.service.ts +89 -0
package/src/storage/index.ts +3 -0
package/src/storage/memory-storage.adapter.ts +443 -0
package/src/storage/rate-limit-storage.service.spec.ts +247 -0
package/src/storage/rate-limit-storage.service.ts +38 -0
package/src/templates/html-template.engine.spec.ts +161 -0
package/src/templates/html-template.engine.ts +688 -0
package/src/templates/index.ts +7 -0
package/src/utils/common-passwords.spec.ts +230 -0
package/src/utils/common-passwords.ts +170 -0
package/src/utils/context-storage.ts +188 -0
package/src/utils/cookie-names.util.ts +67 -0
package/src/utils/cookies.util.ts +94 -0
package/src/utils/index.ts +12 -0
package/src/utils/ip-extractor.spec.ts +330 -0
package/src/utils/ip-extractor.ts +220 -0
package/src/utils/nauth-logger.spec.ts +388 -0
package/src/utils/nauth-logger.ts +215 -0
package/src/utils/pii-redactor.spec.ts +130 -0
package/src/utils/pii-redactor.ts +288 -0
package/src/utils/setup/get-repositories.ts +140 -0
package/src/utils/setup/init-services.ts +422 -0
package/src/utils/setup/init-social.ts +189 -0
package/src/utils/setup/init-storage.ts +94 -0
package/src/utils/setup/register-mfa.ts +165 -0
package/src/utils/setup/run-nauth-migrations.ts +61 -0
package/src/utils/token-delivery-policy.ts +38 -0
package/src/validators/template.validator.ts +219 -0
package/tsconfig.json +37 -0
package/tsconfig.lint.json +6 -0

package/src/entities/storage-lock.entity.ts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * Base Storage Lock Entity
+ *
+ * Stores distributed locks for transient state management.
+ * Used by DatabaseStorageAdapter for token refresh locks and other distributed operations.
+ *
+ * @remarks
+ * This class is database-agnostic. TypeORM, Prisma, or other ORMs
+ * extend this class in their respective packages.
+ */
+export class BaseStorageLock {
+  /**
+   * Internal lock record ID (auto-increment integer)
+   */
+  id!: number;
+  /**
+   * Unique key identifier for the lock
+   * Format: <lock-type>:<identifier> (e.g., "refresh-lock:token-hash-123")
+   */
+  key!: string;
+  /**
+   * Lock value (stored as string, typically timestamp or lock holder identifier)
+   */
+  value!: string;
+  /**
+   * Lock expiration timestamp
+   * Used for TTL-based cleanup and automatic lock release
+   * Can be null for locks that don't expire
+   */
+  expiresAt!: Date | null;
+  /**
+   * Lock creation timestamp
+   */
+  createdAt!: Date;
+}

package/src/entities/trusted-device.entity.ts ADDED Viewed

@@ -0,0 +1,112 @@
+/**
+ * Base Trusted Device Entity
+ *
+ * Stores trusted device information for MFA "remember device" feature.
+ * Devices marked as trusted can skip MFA verification for a configured period.
+ * Uses HttpOnly cookies for secure device token storage.
+ *
+ * @remarks
+ * Each user can have multiple trusted devices. Each record represents one device
+ * that has been marked as trusted after successful MFA verification.
+ * Trust persists across logouts and session expiration.
+ *
+ * Database adapters extend this class and add ORM-specific decorators.
+ *
+ * @example
+ * ```typescript
+ * // Trust a device after MFA verification
+ * const trustedDevice = new TrustedDevice();
+ * trustedDevice.userId = user.id;
+ * trustedDevice.deviceTokenHash = hashToken(deviceToken);
+ * trustedDevice.trustedUntil = new Date(Date.now() + 30 * 24 * 60 * 60 * 1000); // 30 days
+ * trustedDevice.deviceName = 'iPhone 15 Pro';
+ * trustedDevice.deviceType = 'mobile';
+ * ```
+ */
+export class BaseTrustedDevice {
+  /**
+   * Internal device ID (auto-increment integer)
+   */
+  id!: number;
+  /**
+   * Internal user ID (foreign key to users table)
+   * References the user who trusted this device
+   */
+  userId!: number;
+  /**
+   * Hashed device token (SHA-256)
+   * The actual token is stored in HttpOnly cookie, only hash stored in DB
+   * Used for validation and lookup
+   *
+   * ⚠️ SECURITY: Never store the actual token, only the hash
+   */
+  deviceTokenHash!: string;
+  /**
+   * Device identifier (UUID from client or generated)
+   * Used for additional validation and device management
+   * Can be used to identify the same device across different tokens
+   */
+  deviceId?: string | null;
+  /**
+   * User-friendly device name
+   * Examples: "iPhone 15 Pro", "Chrome on MacBook", "Firefox on Windows"
+   */
+  deviceName?: string | null;
+  /**
+   * Device type
+   * Examples: "mobile", "desktop", "tablet"
+   */
+  deviceType?: string | null;
+  /**
+   * IP address when device was trusted
+   * Used for audit and security monitoring
+   */
+  ipAddress?: string | null;
+  /**
+   * User agent string when device was trusted
+   * Used for audit and device identification
+   */
+  userAgent?: string | null;
+  /**
+   * Platform extracted from user agent
+   * Examples: "iOS", "Android", "Windows", "macOS"
+   */
+  platform?: string | null;
+  /**
+   * Browser extracted from user agent
+   * Examples: "Chrome", "Safari", "Firefox"
+   */
+  browser?: string | null;
+  /**
+   * When trust expires
+   * After this date, device is no longer trusted and MFA is required
+   * Calculated as: createdAt + rememberDeviceDays
+   */
+  trustedUntil!: Date;
+  /**
+   * When this device was last used for login
+   * Updated on each successful login from this trusted device
+   */
+  lastUsedAt?: Date | null;
+  /**
+   * Device creation timestamp
+   */
+  createdAt!: Date;
+  /**
+   * Last update timestamp
+   */
+  updatedAt!: Date;
+}

package/src/entities/user.entity.ts ADDED Viewed

@@ -0,0 +1,243 @@
+/**
+ * Base User Entity
+ *
+ * Core user authentication record with all fields and business logic.
+ * Database adapters extend this class and add ORM-specific decorators.
+ *
+ * @remarks
+ * This class is database-agnostic. TypeORM, Prisma, or other ORMs
+ * extend this class in their respective packages.
+ */
+export class BaseUser {
+  /**
+   * Internal database ID (auto-increment integer)
+   * Used for foreign key relationships and internal queries
+   * NOT exposed externally
+   */
+  id!: number;
+  /**
+   * External user identifier (UUID)
+   * Exposed in API responses and JWT tokens as 'sub' (subject)
+   * This is what consuming applications should use
+   */
+  sub!: string;
+  /**
+   * User's username (optional, unique if set)
+   */
+  username?: string | null;
+  /**
+   * User's first name
+   */
+  firstName?: string | null;
+  /**
+   * User's last name
+   */
+  lastName?: string | null;
+  /**
+   * User's email address (required, unique)
+   */
+  email!: string;
+  /**
+   * User's phone number in E.164 format (optional)
+   */
+  phone?: string | null;
+  /**
+   * Hashed password (Argon2)
+   * NULL for social-only accounts
+   */
+  passwordHash?: string | null;
+  /**
+   * When password was last changed
+   * Used for password expiry policies
+   */
+  passwordChangedAt?: Date | null;
+  /**
+   * Password history (hashed)
+   * Used to prevent password reuse
+   */
+  passwordHistory?: string[] | null;
+  /**
+   * Flag to force password change on next login
+   * When true, user must complete FORCE_CHANGE_PASSWORD challenge
+   * Can be set by admin or by password expiration policy
+   */
+  mustChangePassword!: boolean;
+  /**
+   * Email verification status
+   */
+  isEmailVerified!: boolean;
+  /**
+   * Phone verification status
+   */
+  isPhoneVerified!: boolean;
+  /**
+   * Account active status
+   * Inactive accounts cannot login
+   */
+  isActive!: boolean;
+  /**
+   * Account lock status
+   * Locked accounts cannot login until unlocked
+   */
+  isLocked!: boolean;
+  /**
+   * Reason for account lock
+   */
+  lockReason?: string | null;
+  /**
+   * When account was locked
+   */
+  lockedAt?: Date | null;
+  /**
+   * When account lock expires (NULL = permanent)
+   */
+  lockedUntil?: Date | null;
+  /**
+   * Number of consecutive failed login attempts
+   */
+  failedLoginAttempts!: number;
+  /**
+   * When last failed login occurred
+   */
+  lastFailedLoginAt?: Date | null;
+  /**
+   * When user last successfully logged in
+   */
+  lastLoginAt?: Date | null;
+  /**
+   * IP address of last successful login
+   */
+  lastLoginIp?: string | null;
+  /**
+   * MFA enabled status
+   */
+  mfaEnabled!: boolean;
+  /**
+   * List of enabled MFA methods
+   * Examples: ['totp', 'sms', 'passkey']
+   */
+  mfaMethods?: string[] | null;
+  /**
+   * When MFA was enforced for this user
+   */
+  mfaEnforcedAt?: Date | null;
+  /**
+   * TOTP secret (encrypted)
+   * ⚠️ DEPRECATED: Use MFADevice entity instead
+   */
+  totpSecret?: string | null;
+  /**
+   * Backup recovery codes (hashed)
+   * Single-use codes for account recovery
+   */
+  backupCodes?: string[] | null;
+  /**
+   * User's preferred MFA method
+   * Used to pre-select MFA method during authentication
+   */
+  preferredMfaMethod?: string | null;
+  /**
+   * MFA exemption status
+   *
+   * When true, user is exempt from MFA requirements (both setup and verification).
+   * This is an admin-only field and should only be set through admin functions.
+   *
+   * SECURITY: Exemption only affects MFA - other security measures (account lock,
+   * email verification, password change) still apply normally.
+   *
+   * @default false
+   */
+  mfaExempt?: boolean;
+  /**
+   * Reason for MFA exemption (optional, for audit trail)
+   *
+   * Admin should provide reason when granting exemption (e.g., "Internal service account",
+   * "Legacy system integration", "Special access approval")
+   *
+   * @default null
+   */
+  mfaExemptReason?: string | null;
+  /**
+   * When MFA exemption was granted
+   *
+   * Used for audit trail and potentially for expiration logic in future.
+   *
+   * @default null
+   */
+  mfaExemptGrantedAt?: Date | null;
+  /**
+   * Who granted the MFA exemption (optional, admin identifier)
+   *
+   * For audit trail - store admin user ID or identifier who granted exemption.
+   *
+   * @default null
+   */
+  mfaExemptGrantedBy?: string | null;
+  /**
+   * Optimization flag: indicates if user has any social authentication methods
+   * Prevents unnecessary joins for password-only users (80%+ of users)
+   * Updated automatically when social accounts are linked/unlinked
+   */
+  hasSocialAuth!: boolean;
+  /**
+   * Array of social providers linked to this account
+   * Examples: ['google', 'apple', 'facebook']
+   * Updated automatically when social accounts are linked/unlinked
+   */
+  socialProviders?: string[] | null;
+  /**
+   * Additional user metadata (JSON)
+   * For custom application-specific data
+   */
+  metadata?: Record<string, unknown> | null;
+  /**
+   * Account creation timestamp
+   */
+  createdAt!: Date;
+  /**
+   * Last account update timestamp
+   */
+  updatedAt!: Date;
+  /**
+   * Soft delete timestamp
+   * NULL if account is not deleted
+   */
+  deletedAt?: Date | null;
+}

package/src/entities/verification-token.entity.ts ADDED Viewed

@@ -0,0 +1,141 @@
+/**
+ * Base Verification Token Entity
+ *
+ * Stores email/phone verification codes and password reset tokens.
+ * Supports multiple verification types with expiry and attempt tracking.
+ * Database adapters extend this class and add ORM-specific decorators.
+ *
+ * @remarks
+ * This class is database-agnostic. TypeORM, Prisma, or other ORMs
+ * extend this class in their respective packages.
+ */
+export class BaseVerificationToken {
+  /**
+   * Internal verification token ID (auto-increment integer)
+   */
+  id!: number;
+  /**
+   * Internal user ID (foreign key to users table)
+   * Uses integer for optimal performance
+   */
+  userId!: number;
+  /**
+   * Challenge session ID (foreign key to challenge sessions table)
+   * Links verification token to specific challenge session for security.
+   * Prevents old tokens from being used with new challenge sessions.
+   * NULL for password reset tokens (not tied to challenges)
+   */
+  challengeSessionId?: number | null;
+  /**
+   * Token type
+   * - 'email': Email verification
+   * - 'phone': Phone verification
+   * - 'password_reset': Password reset
+   */
+  type!: 'email' | 'phone' | 'password_reset';
+  /**
+   * Verification token (hashed for security)
+   * Used for magic links and password reset
+   */
+  token!: string;
+  /**
+   * Verification code (for email/SMS OTP)
+   * Usually 6 digits, stored as string for flexibility
+   */
+  code?: string | null;
+  /**
+   * Token expiration timestamp
+   * After this time, token/code is invalid
+   */
+  expiresAt!: Date;
+  /**
+   * Number of failed verification attempts
+   * Used to prevent brute force attacks
+   */
+  attempts!: number;
+  /**
+   * When token was successfully used
+   * NULL if not yet used
+   */
+  usedAt?: Date | null;
+  /**
+   * IP address when token was created
+   * For security auditing
+   */
+  ipAddress?: string | null;
+  /**
+   * User agent when token was created
+   * For security auditing
+   */
+  userAgent?: string | null;
+  /**
+   * Additional metadata (JSON)
+   * For storing additional verification-specific data
+   */
+  metadata?: Record<string, unknown> | null;
+  /**
+   * Creation timestamp
+   */
+  createdAt!: Date;
+  /**
+   * Check if token is expired
+   *
+   * @returns true if token is expired
+   *
+   * @example
+   * ```typescript
+   * if (token.isExpired()) {
+   *   throw new Error('Verification code has expired');
+   * }
+   * ```
+   */
+  isExpired(): boolean {
+    return new Date() > this.expiresAt;
+  }
+  /**
+   * Check if token has been used
+   *
+   * @returns true if token has been used
+   *
+   * @example
+   * ```typescript
+   * if (token.isUsed()) {
+   *   throw new Error('Verification code has already been used');
+   * }
+   * ```
+   */
+  isUsed(): boolean {
+    return this.usedAt !== null && this.usedAt !== undefined;
+  }
+  /**
+   * Check if max attempts exceeded
+   *
+   * @param maxAttempts - Maximum allowed attempts
+   * @returns true if max attempts exceeded
+   *
+   * @example
+   * ```typescript
+   * if (token.maxAttemptsExceeded(3)) {
+   *   throw new Error('Too many failed attempts');
+   * }
+   * ```
+   */
+  maxAttemptsExceeded(maxAttempts: number): boolean {
+    return this.attempts >= maxAttempts;
+  }
+}