npm - @nauth-toolkit/core - Versions diffs - 0.1.0 - Mend

@nauth-toolkit/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (778) hide show

package/dist/adapters/database-columns.d.ts +10 -0
package/dist/adapters/database-columns.d.ts.map +1 -0
package/dist/adapters/database-columns.js +85 -0
package/dist/adapters/database-columns.js.map +1 -0
package/dist/adapters/express.adapter.d.ts +41 -0
package/dist/adapters/express.adapter.d.ts.map +1 -0
package/dist/adapters/express.adapter.js +188 -0
package/dist/adapters/express.adapter.js.map +1 -0
package/dist/adapters/fastify.adapter.d.ts +33 -0
package/dist/adapters/fastify.adapter.d.ts.map +1 -0
package/dist/adapters/fastify.adapter.js +223 -0
package/dist/adapters/fastify.adapter.js.map +1 -0
package/dist/adapters/index.d.ts +5 -0
package/dist/adapters/index.d.ts.map +1 -0
package/dist/adapters/index.js +25 -0
package/dist/adapters/index.js.map +1 -0
package/dist/adapters/storage.factory.d.ts +7 -0
package/dist/adapters/storage.factory.d.ts.map +1 -0
package/dist/adapters/storage.factory.js +24 -0
package/dist/adapters/storage.factory.js.map +1 -0
package/dist/bootstrap.d.ts +41 -0
package/dist/bootstrap.d.ts.map +1 -0
package/dist/bootstrap.js +113 -0
package/dist/bootstrap.js.map +1 -0
package/dist/dto/auth-challenge.dto.d.ts +19 -0
package/dist/dto/auth-challenge.dto.d.ts.map +1 -0
package/dist/dto/auth-challenge.dto.js +86 -0
package/dist/dto/auth-challenge.dto.js.map +1 -0
package/dist/dto/auth-response.dto.d.ts +31 -0
package/dist/dto/auth-response.dto.d.ts.map +1 -0
package/dist/dto/auth-response.dto.js +18 -0
package/dist/dto/auth-response.dto.js.map +1 -0
package/dist/dto/challenge-response.dto.d.ts +36 -0
package/dist/dto/challenge-response.dto.d.ts.map +1 -0
package/dist/dto/challenge-response.dto.js +3 -0
package/dist/dto/challenge-response.dto.js.map +1 -0
package/dist/dto/change-password-request.dto.d.ts +5 -0
package/dist/dto/change-password-request.dto.d.ts.map +1 -0
package/dist/dto/change-password-request.dto.js +30 -0
package/dist/dto/change-password-request.dto.js.map +1 -0
package/dist/dto/change-password-response.dto.d.ts +4 -0
package/dist/dto/change-password-response.dto.d.ts.map +1 -0
package/dist/dto/change-password-response.dto.js +8 -0
package/dist/dto/change-password-response.dto.js.map +1 -0
package/dist/dto/change-password.dto.d.ts +5 -0
package/dist/dto/change-password.dto.d.ts.map +1 -0
package/dist/dto/change-password.dto.js +29 -0
package/dist/dto/change-password.dto.js.map +1 -0
package/dist/dto/error-response.dto.d.ts +9 -0
package/dist/dto/error-response.dto.d.ts.map +1 -0
package/dist/dto/error-response.dto.js +59 -0
package/dist/dto/error-response.dto.js.map +1 -0
package/dist/dto/get-available-methods.dto.d.ts +7 -0
package/dist/dto/get-available-methods.dto.d.ts.map +1 -0
package/dist/dto/get-available-methods.dto.js +33 -0
package/dist/dto/get-available-methods.dto.js.map +1 -0
package/dist/dto/get-challenge-data-response.dto.d.ts +4 -0
package/dist/dto/get-challenge-data-response.dto.d.ts.map +1 -0
package/dist/dto/get-challenge-data-response.dto.js +8 -0
package/dist/dto/get-challenge-data-response.dto.js.map +1 -0
package/dist/dto/get-challenge-data.dto.d.ts +8 -0
package/dist/dto/get-challenge-data.dto.d.ts.map +1 -0
package/dist/dto/get-challenge-data.dto.js +40 -0
package/dist/dto/get-challenge-data.dto.js.map +1 -0
package/dist/dto/get-client-info.dto.d.ts +17 -0
package/dist/dto/get-client-info.dto.d.ts.map +1 -0
package/dist/dto/get-client-info.dto.js +20 -0
package/dist/dto/get-client-info.dto.js.map +1 -0
package/dist/dto/get-device-token-response.dto.d.ts +4 -0
package/dist/dto/get-device-token-response.dto.d.ts.map +1 -0
package/dist/dto/get-device-token-response.dto.js +8 -0
package/dist/dto/get-device-token-response.dto.js.map +1 -0
package/dist/dto/get-events-by-type.dto.d.ts +17 -0
package/dist/dto/get-events-by-type.dto.d.ts.map +1 -0
package/dist/dto/get-events-by-type.dto.js +20 -0
package/dist/dto/get-events-by-type.dto.js.map +1 -0
package/dist/dto/get-ip-address-response.dto.d.ts +4 -0
package/dist/dto/get-ip-address-response.dto.d.ts.map +1 -0
package/dist/dto/get-ip-address-response.dto.js +8 -0
package/dist/dto/get-ip-address-response.dto.js.map +1 -0
package/dist/dto/get-mfa-status.dto.d.ts +16 -0
package/dist/dto/get-mfa-status.dto.d.ts.map +1 -0
package/dist/dto/get-mfa-status.dto.js +41 -0
package/dist/dto/get-mfa-status.dto.js.map +1 -0
package/dist/dto/get-risk-assessment-history.dto.d.ts +9 -0
package/dist/dto/get-risk-assessment-history.dto.d.ts.map +1 -0
package/dist/dto/get-risk-assessment-history.dto.js +13 -0
package/dist/dto/get-risk-assessment-history.dto.js.map +1 -0
package/dist/dto/get-session-id-response.dto.d.ts +4 -0
package/dist/dto/get-session-id-response.dto.d.ts.map +1 -0
package/dist/dto/get-session-id-response.dto.js +8 -0
package/dist/dto/get-session-id-response.dto.js.map +1 -0
package/dist/dto/get-setup-data-response.dto.d.ts +4 -0
package/dist/dto/get-setup-data-response.dto.d.ts.map +1 -0
package/dist/dto/get-setup-data-response.dto.js +8 -0
package/dist/dto/get-setup-data-response.dto.js.map +1 -0
package/dist/dto/get-setup-data.dto.d.ts +7 -0
package/dist/dto/get-setup-data.dto.d.ts.map +1 -0
package/dist/dto/get-setup-data.dto.js +43 -0
package/dist/dto/get-setup-data.dto.js.map +1 -0
package/dist/dto/get-suspicious-activity.dto.d.ts +9 -0
package/dist/dto/get-suspicious-activity.dto.d.ts.map +1 -0
package/dist/dto/get-suspicious-activity.dto.js +13 -0
package/dist/dto/get-suspicious-activity.dto.js.map +1 -0
package/dist/dto/get-user-agent-response.dto.d.ts +4 -0
package/dist/dto/get-user-agent-response.dto.d.ts.map +1 -0
package/dist/dto/get-user-agent-response.dto.js +8 -0
package/dist/dto/get-user-agent-response.dto.js.map +1 -0
package/dist/dto/get-user-auth-history.dto.d.ts +20 -0
package/dist/dto/get-user-auth-history.dto.d.ts.map +1 -0
package/dist/dto/get-user-auth-history.dto.js +22 -0
package/dist/dto/get-user-auth-history.dto.js.map +1 -0
package/dist/dto/get-user-by-email.dto.d.ts +5 -0
package/dist/dto/get-user-by-email.dto.d.ts.map +1 -0
package/dist/dto/get-user-by-email.dto.js +36 -0
package/dist/dto/get-user-by-email.dto.js.map +1 -0
package/dist/dto/get-user-by-id.dto.d.ts +4 -0
package/dist/dto/get-user-by-id.dto.d.ts.map +1 -0
package/dist/dto/get-user-by-id.dto.js +29 -0
package/dist/dto/get-user-by-id.dto.js.map +1 -0
package/dist/dto/get-user-devices.dto.d.ts +8 -0
package/dist/dto/get-user-devices.dto.d.ts.map +1 -0
package/dist/dto/get-user-devices.dto.js +33 -0
package/dist/dto/get-user-devices.dto.js.map +1 -0
package/dist/dto/get-user-response.dto.d.ts +2 -0
package/dist/dto/get-user-response.dto.d.ts.map +1 -0
package/dist/dto/get-user-response.dto.js +6 -0
package/dist/dto/get-user-response.dto.js.map +1 -0
package/dist/dto/has-provider.dto.d.ts +7 -0
package/dist/dto/has-provider.dto.d.ts.map +1 -0
package/dist/dto/has-provider.dto.js +38 -0
package/dist/dto/has-provider.dto.js.map +1 -0
package/dist/dto/index.d.ts +51 -0
package/dist/dto/index.d.ts.map +1 -0
package/dist/dto/index.js +67 -0
package/dist/dto/index.js.map +1 -0
package/dist/dto/is-trusted-device-response.dto.d.ts +4 -0
package/dist/dto/is-trusted-device-response.dto.d.ts.map +1 -0
package/dist/dto/is-trusted-device-response.dto.js +8 -0
package/dist/dto/is-trusted-device-response.dto.js.map +1 -0
package/dist/dto/list-providers-response.dto.d.ts +4 -0
package/dist/dto/list-providers-response.dto.d.ts.map +1 -0
package/dist/dto/list-providers-response.dto.js +8 -0
package/dist/dto/list-providers-response.dto.js.map +1 -0
package/dist/dto/login.dto.d.ts +7 -0
package/dist/dto/login.dto.d.ts.map +1 -0
package/dist/dto/login.dto.js +68 -0
package/dist/dto/login.dto.js.map +1 -0
package/dist/dto/logout-all-response.dto.d.ts +4 -0
package/dist/dto/logout-all-response.dto.d.ts.map +1 -0
package/dist/dto/logout-all-response.dto.js +8 -0
package/dist/dto/logout-all-response.dto.js.map +1 -0
package/dist/dto/logout-all.dto.d.ts +5 -0
package/dist/dto/logout-all.dto.d.ts.map +1 -0
package/dist/dto/logout-all.dto.js +42 -0
package/dist/dto/logout-all.dto.js.map +1 -0
package/dist/dto/logout-response.dto.d.ts +4 -0
package/dist/dto/logout-response.dto.d.ts.map +1 -0
package/dist/dto/logout-response.dto.js +8 -0
package/dist/dto/logout-response.dto.js.map +1 -0
package/dist/dto/logout.dto.d.ts +5 -0
package/dist/dto/logout.dto.d.ts.map +1 -0
package/dist/dto/logout.dto.js +36 -0
package/dist/dto/logout.dto.js.map +1 -0
package/dist/dto/refresh-token.dto.d.ts +4 -0
package/dist/dto/refresh-token.dto.d.ts.map +1 -0
package/dist/dto/refresh-token.dto.js +24 -0
package/dist/dto/refresh-token.dto.js.map +1 -0
package/dist/dto/remove-devices.dto.d.ts +9 -0
package/dist/dto/remove-devices.dto.d.ts.map +1 -0
package/dist/dto/remove-devices.dto.js +50 -0
package/dist/dto/remove-devices.dto.js.map +1 -0
package/dist/dto/resend-code-response.dto.d.ts +4 -0
package/dist/dto/resend-code-response.dto.d.ts.map +1 -0
package/dist/dto/resend-code-response.dto.js +8 -0
package/dist/dto/resend-code-response.dto.js.map +1 -0
package/dist/dto/resend-code.dto.d.ts +4 -0
package/dist/dto/resend-code.dto.d.ts.map +1 -0
package/dist/dto/resend-code.dto.js +29 -0
package/dist/dto/resend-code.dto.js.map +1 -0
package/dist/dto/reset-password.dto.d.ts +8 -0
package/dist/dto/reset-password.dto.d.ts.map +1 -0
package/dist/dto/reset-password.dto.js +61 -0
package/dist/dto/reset-password.dto.js.map +1 -0
package/dist/dto/respond-challenge.dto.d.ts +33 -0
package/dist/dto/respond-challenge.dto.d.ts.map +1 -0
package/dist/dto/respond-challenge.dto.js +131 -0
package/dist/dto/respond-challenge.dto.js.map +1 -0
package/dist/dto/set-mfa-exemption.dto.d.ts +12 -0
package/dist/dto/set-mfa-exemption.dto.d.ts.map +1 -0
package/dist/dto/set-mfa-exemption.dto.js +66 -0
package/dist/dto/set-mfa-exemption.dto.js.map +1 -0
package/dist/dto/set-must-change-password-response.dto.d.ts +4 -0
package/dist/dto/set-must-change-password-response.dto.d.ts.map +1 -0
package/dist/dto/set-must-change-password-response.dto.js +8 -0
package/dist/dto/set-must-change-password-response.dto.js.map +1 -0
package/dist/dto/set-must-change-password.dto.d.ts +4 -0
package/dist/dto/set-must-change-password.dto.d.ts.map +1 -0
package/dist/dto/set-must-change-password.dto.js +29 -0
package/dist/dto/set-must-change-password.dto.js.map +1 -0
package/dist/dto/set-preferred-method.dto.d.ts +8 -0
package/dist/dto/set-preferred-method.dto.d.ts.map +1 -0
package/dist/dto/set-preferred-method.dto.js +49 -0
package/dist/dto/set-preferred-method.dto.js.map +1 -0
package/dist/dto/setup-mfa.dto.d.ts +9 -0
package/dist/dto/setup-mfa.dto.d.ts.map +1 -0
package/dist/dto/setup-mfa.dto.js +55 -0
package/dist/dto/setup-mfa.dto.js.map +1 -0
package/dist/dto/signup.dto.d.ts +10 -0
package/dist/dto/signup.dto.d.ts.map +1 -0
package/dist/dto/signup.dto.js +109 -0
package/dist/dto/signup.dto.js.map +1 -0
package/dist/dto/social-auth.dto.d.ts +54 -0
package/dist/dto/social-auth.dto.d.ts.map +1 -0
package/dist/dto/social-auth.dto.js +232 -0
package/dist/dto/social-auth.dto.js.map +1 -0
package/dist/dto/trust-device-response.dto.d.ts +4 -0
package/dist/dto/trust-device-response.dto.d.ts.map +1 -0
package/dist/dto/trust-device-response.dto.js +8 -0
package/dist/dto/trust-device-response.dto.js.map +1 -0
package/dist/dto/trust-device.dto.d.ts +1 -0
package/dist/dto/trust-device.dto.d.ts.map +1 -0
package/dist/dto/trust-device.dto.js +2 -0
package/dist/dto/trust-device.dto.js.map +1 -0
package/dist/dto/update-user-attributes-request.dto.d.ts +5 -0
package/dist/dto/update-user-attributes-request.dto.d.ts.map +1 -0
package/dist/dto/update-user-attributes-request.dto.js +30 -0
package/dist/dto/update-user-attributes-request.dto.js.map +1 -0
package/dist/dto/user-response.dto.d.ts +20 -0
package/dist/dto/user-response.dto.d.ts.map +1 -0
package/dist/dto/user-response.dto.js +42 -0
package/dist/dto/user-response.dto.js.map +1 -0
package/dist/dto/user-update.dto.d.ts +12 -0
package/dist/dto/user-update.dto.d.ts.map +1 -0
package/dist/dto/user-update.dto.js +119 -0
package/dist/dto/user-update.dto.js.map +1 -0
package/dist/dto/verify-email.dto.d.ts +29 -0
package/dist/dto/verify-email.dto.d.ts.map +1 -0
package/dist/dto/verify-email.dto.js +161 -0
package/dist/dto/verify-email.dto.js.map +1 -0
package/dist/dto/verify-mfa-code.dto.d.ts +10 -0
package/dist/dto/verify-mfa-code.dto.d.ts.map +1 -0
package/dist/dto/verify-mfa-code.dto.js +56 -0
package/dist/dto/verify-mfa-code.dto.js.map +1 -0
package/dist/dto/verify-phone-by-sub.dto.d.ts +6 -0
package/dist/dto/verify-phone-by-sub.dto.d.ts.map +1 -0
package/dist/dto/verify-phone-by-sub.dto.js +49 -0
package/dist/dto/verify-phone-by-sub.dto.js.map +1 -0
package/dist/dto/verify-phone.dto.d.ts +24 -0
package/dist/dto/verify-phone.dto.d.ts.map +1 -0
package/dist/dto/verify-phone.dto.js +124 -0
package/dist/dto/verify-phone.dto.js.map +1 -0
package/dist/entities/auth-audit.entity.d.ts +31 -0
package/dist/entities/auth-audit.entity.d.ts.map +1 -0
package/dist/entities/auth-audit.entity.js +33 -0
package/dist/entities/auth-audit.entity.js.map +1 -0
package/dist/entities/challenge-session.entity.d.ts +17 -0
package/dist/entities/challenge-session.entity.d.ts.map +1 -0
package/dist/entities/challenge-session.entity.js +21 -0
package/dist/entities/challenge-session.entity.js.map +1 -0
package/dist/entities/index.d.ts +12 -0
package/dist/entities/index.d.ts.map +1 -0
package/dist/entities/index.js +26 -0
package/dist/entities/index.js.map +1 -0
package/dist/entities/login-attempt.entity.d.ts +13 -0
package/dist/entities/login-attempt.entity.d.ts.map +1 -0
package/dist/entities/login-attempt.entity.js +17 -0
package/dist/entities/login-attempt.entity.js.map +1 -0
package/dist/entities/mfa-device.entity.d.ts +22 -0
package/dist/entities/mfa-device.entity.d.ts.map +1 -0
package/dist/entities/mfa-device.entity.js +25 -0
package/dist/entities/mfa-device.entity.js.map +1 -0
package/dist/entities/rate-limit.entity.d.ts +9 -0
package/dist/entities/rate-limit.entity.d.ts.map +1 -0
package/dist/entities/rate-limit.entity.js +13 -0
package/dist/entities/rate-limit.entity.js.map +1 -0
package/dist/entities/session.entity.d.ts +32 -0
package/dist/entities/session.entity.d.ts.map +1 -0
package/dist/entities/session.entity.js +36 -0
package/dist/entities/session.entity.js.map +1 -0
package/dist/entities/social-account.entity.d.ts +13 -0
package/dist/entities/social-account.entity.d.ts.map +1 -0
package/dist/entities/social-account.entity.js +17 -0
package/dist/entities/social-account.entity.js.map +1 -0
package/dist/entities/storage-lock.entity.d.ts +8 -0
package/dist/entities/storage-lock.entity.d.ts.map +1 -0
package/dist/entities/storage-lock.entity.js +12 -0
package/dist/entities/storage-lock.entity.js.map +1 -0
package/dist/entities/trusted-device.entity.d.ts +17 -0
package/dist/entities/trusted-device.entity.d.ts.map +1 -0
package/dist/entities/trusted-device.entity.js +21 -0
package/dist/entities/trusted-device.entity.js.map +1 -0
package/dist/entities/user.entity.d.ts +41 -0
package/dist/entities/user.entity.d.ts.map +1 -0
package/dist/entities/user.entity.js +45 -0
package/dist/entities/user.entity.js.map +1 -0
package/dist/entities/verification-token.entity.d.ts +19 -0
package/dist/entities/verification-token.entity.d.ts.map +1 -0
package/dist/entities/verification-token.entity.js +29 -0
package/dist/entities/verification-token.entity.js.map +1 -0
package/dist/enums/auth-audit-event-type.enum.d.ts +55 -0
package/dist/enums/auth-audit-event-type.enum.d.ts.map +1 -0
package/dist/enums/auth-audit-event-type.enum.js +59 -0
package/dist/enums/auth-audit-event-type.enum.js.map +1 -0
package/dist/enums/error-codes.enum.d.ts +53 -0
package/dist/enums/error-codes.enum.d.ts.map +1 -0
package/dist/enums/error-codes.enum.js +57 -0
package/dist/enums/error-codes.enum.js.map +1 -0
package/dist/enums/mfa-method.enum.d.ts +11 -0
package/dist/enums/mfa-method.enum.d.ts.map +1 -0
package/dist/enums/mfa-method.enum.js +18 -0
package/dist/enums/mfa-method.enum.js.map +1 -0
package/dist/enums/risk-factor.enum.d.ts +14 -0
package/dist/enums/risk-factor.enum.d.ts.map +1 -0
package/dist/enums/risk-factor.enum.js +18 -0
package/dist/enums/risk-factor.enum.js.map +1 -0
package/dist/exceptions/nauth.exception.d.ts +18 -0
package/dist/exceptions/nauth.exception.d.ts.map +1 -0
package/dist/exceptions/nauth.exception.js +64 -0
package/dist/exceptions/nauth.exception.js.map +1 -0
package/dist/handlers/auth.handler.d.ts +18 -0
package/dist/handlers/auth.handler.d.ts.map +1 -0
package/dist/handlers/auth.handler.js +173 -0
package/dist/handlers/auth.handler.js.map +1 -0
package/dist/handlers/client-info.handler.d.ts +12 -0
package/dist/handlers/client-info.handler.d.ts.map +1 -0
package/dist/handlers/client-info.handler.js +61 -0
package/dist/handlers/client-info.handler.js.map +1 -0
package/dist/handlers/csrf.handler.d.ts +13 -0
package/dist/handlers/csrf.handler.d.ts.map +1 -0
package/dist/handlers/csrf.handler.js +84 -0
package/dist/handlers/csrf.handler.js.map +1 -0
package/dist/handlers/token-delivery.handler.d.ts +12 -0
package/dist/handlers/token-delivery.handler.d.ts.map +1 -0
package/dist/handlers/token-delivery.handler.js +86 -0
package/dist/handlers/token-delivery.handler.js.map +1 -0
package/dist/index.d.ts +27 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +51 -0
package/dist/index.js.map +1 -0
package/dist/interfaces/client-info.interface.d.ts +16 -0
package/dist/interfaces/client-info.interface.d.ts.map +1 -0
package/dist/interfaces/client-info.interface.js +3 -0
package/dist/interfaces/client-info.interface.js.map +1 -0
package/dist/interfaces/config.interface.d.ts +279 -0
package/dist/interfaces/config.interface.d.ts.map +1 -0
package/dist/interfaces/config.interface.js +3 -0
package/dist/interfaces/config.interface.js.map +1 -0
package/dist/interfaces/entities.interface.d.ts +169 -0
package/dist/interfaces/entities.interface.d.ts.map +1 -0
package/dist/interfaces/entities.interface.js +3 -0
package/dist/interfaces/entities.interface.js.map +1 -0
package/dist/interfaces/index.d.ts +11 -0
package/dist/interfaces/index.d.ts.map +1 -0
package/dist/interfaces/index.js +27 -0
package/dist/interfaces/index.js.map +1 -0
package/dist/interfaces/logger.interface.d.ts +43 -0
package/dist/interfaces/logger.interface.d.ts.map +1 -0
package/dist/interfaces/logger.interface.js +12 -0
package/dist/interfaces/logger.interface.js.map +1 -0
package/dist/interfaces/mfa-provider.interface.d.ts +12 -0
package/dist/interfaces/mfa-provider.interface.d.ts.map +1 -0
package/dist/interfaces/mfa-provider.interface.js +3 -0
package/dist/interfaces/mfa-provider.interface.js.map +1 -0
package/dist/interfaces/oauth.interface.d.ts +24 -0
package/dist/interfaces/oauth.interface.d.ts.map +1 -0
package/dist/interfaces/oauth.interface.js +3 -0
package/dist/interfaces/oauth.interface.js.map +1 -0
package/dist/interfaces/provider.interface.d.ts +12 -0
package/dist/interfaces/provider.interface.d.ts.map +1 -0
package/dist/interfaces/provider.interface.js +3 -0
package/dist/interfaces/provider.interface.js.map +1 -0
package/dist/interfaces/social-auth-provider.interface.d.ts +13 -0
package/dist/interfaces/social-auth-provider.interface.d.ts.map +1 -0
package/dist/interfaces/social-auth-provider.interface.js +3 -0
package/dist/interfaces/social-auth-provider.interface.js.map +1 -0
package/dist/interfaces/storage-adapter.interface.d.ts +39 -0
package/dist/interfaces/storage-adapter.interface.d.ts.map +1 -0
package/dist/interfaces/storage-adapter.interface.js +3 -0
package/dist/interfaces/storage-adapter.interface.js.map +1 -0
package/dist/interfaces/template.interface.d.ts +99 -0
package/dist/interfaces/template.interface.d.ts.map +1 -0
package/dist/interfaces/template.interface.js +15 -0
package/dist/interfaces/template.interface.js.map +1 -0
package/dist/interfaces/token-verifier.interface.d.ts +7 -0
package/dist/interfaces/token-verifier.interface.d.ts.map +1 -0
package/dist/interfaces/token-verifier.interface.js +3 -0
package/dist/interfaces/token-verifier.interface.js.map +1 -0
package/dist/internal.d.ts +20 -0
package/dist/internal.d.ts.map +1 -0
package/dist/internal.js +53 -0
package/dist/internal.js.map +1 -0
package/dist/platform/interfaces.d.ts +56 -0
package/dist/platform/interfaces.d.ts.map +1 -0
package/dist/platform/interfaces.js +3 -0
package/dist/platform/interfaces.js.map +1 -0
package/dist/schemas/auth-config.schema.d.ts +3411 -0
package/dist/schemas/auth-config.schema.d.ts.map +1 -0
package/dist/schemas/auth-config.schema.js +428 -0
package/dist/schemas/auth-config.schema.js.map +1 -0
package/dist/services/adaptive-mfa-decision.service.d.ts +39 -0
package/dist/services/adaptive-mfa-decision.service.d.ts.map +1 -0
package/dist/services/adaptive-mfa-decision.service.js +223 -0
package/dist/services/adaptive-mfa-decision.service.js.map +1 -0
package/dist/services/auth-audit.service.d.ts +44 -0
package/dist/services/auth-audit.service.d.ts.map +1 -0
package/dist/services/auth-audit.service.js +241 -0
package/dist/services/auth-audit.service.js.map +1 -0
package/dist/services/auth-challenge-helper.service.d.ts +48 -0
package/dist/services/auth-challenge-helper.service.d.ts.map +1 -0
package/dist/services/auth-challenge-helper.service.js +425 -0
package/dist/services/auth-challenge-helper.service.js.map +1 -0
package/dist/services/auth-flow-context-builder.service.d.ts +31 -0
package/dist/services/auth-flow-context-builder.service.d.ts.map +1 -0
package/dist/services/auth-flow-context-builder.service.js +253 -0
package/dist/services/auth-flow-context-builder.service.js.map +1 -0
package/dist/services/auth-flow-rules.d.ts +18 -0
package/dist/services/auth-flow-rules.d.ts.map +1 -0
package/dist/services/auth-flow-rules.js +55 -0
package/dist/services/auth-flow-rules.js.map +1 -0
package/dist/services/auth-flow-state-definitions.d.ts +5 -0
package/dist/services/auth-flow-state-definitions.d.ts.map +1 -0
package/dist/services/auth-flow-state-definitions.js +87 -0
package/dist/services/auth-flow-state-definitions.js.map +1 -0
package/dist/services/auth-flow-state-machine.service.d.ts +17 -0
package/dist/services/auth-flow-state-machine.service.d.ts.map +1 -0
package/dist/services/auth-flow-state-machine.service.js +91 -0
package/dist/services/auth-flow-state-machine.service.js.map +1 -0
package/dist/services/auth-flow-state-machine.types.d.ts +55 -0
package/dist/services/auth-flow-state-machine.types.d.ts.map +1 -0
package/dist/services/auth-flow-state-machine.types.js +16 -0
package/dist/services/auth-flow-state-machine.types.js.map +1 -0
package/dist/services/auth.service.d.ts +87 -0
package/dist/services/auth.service.d.ts.map +1 -0
package/dist/services/auth.service.js +2356 -0
package/dist/services/auth.service.js.map +1 -0
package/dist/services/challenge.service.d.ts +32 -0
package/dist/services/challenge.service.d.ts.map +1 -0
package/dist/services/challenge.service.js +293 -0
package/dist/services/challenge.service.js.map +1 -0
package/dist/services/client-info.service.d.ts +20 -0
package/dist/services/client-info.service.d.ts.map +1 -0
package/dist/services/client-info.service.js +202 -0
package/dist/services/client-info.service.js.map +1 -0
package/dist/services/csrf.service.d.ts +13 -0
package/dist/services/csrf.service.d.ts.map +1 -0
package/dist/services/csrf.service.js +67 -0
package/dist/services/csrf.service.js.map +1 -0
package/dist/services/email-verification.service.d.ts +30 -0
package/dist/services/email-verification.service.d.ts.map +1 -0
package/dist/services/email-verification.service.js +373 -0
package/dist/services/email-verification.service.js.map +1 -0
package/dist/services/geo-location.service.d.ts +85 -0
package/dist/services/geo-location.service.d.ts.map +1 -0
package/dist/services/geo-location.service.js +338 -0
package/dist/services/geo-location.service.js.map +1 -0
package/dist/services/index.d.ts +14 -0
package/dist/services/index.d.ts.map +1 -0
package/dist/services/index.js +30 -0
package/dist/services/index.js.map +1 -0
package/dist/services/jwt.service.d.ts +62 -0
package/dist/services/jwt.service.d.ts.map +1 -0
package/dist/services/jwt.service.js +261 -0
package/dist/services/jwt.service.js.map +1 -0
package/dist/services/mfa-base.service.d.ts +37 -0
package/dist/services/mfa-base.service.d.ts.map +1 -0
package/dist/services/mfa-base.service.js +297 -0
package/dist/services/mfa-base.service.js.map +1 -0
package/dist/services/mfa.service.d.ts +35 -0
package/dist/services/mfa.service.d.ts.map +1 -0
package/dist/services/mfa.service.js +449 -0
package/dist/services/mfa.service.js.map +1 -0
package/dist/services/password.service.d.ts +19 -0
package/dist/services/password.service.d.ts.map +1 -0
package/dist/services/password.service.js +150 -0
package/dist/services/password.service.js.map +1 -0
package/dist/services/phone-verification.service.d.ts +32 -0
package/dist/services/phone-verification.service.d.ts.map +1 -0
package/dist/services/phone-verification.service.js +474 -0
package/dist/services/phone-verification.service.js.map +1 -0
package/dist/services/risk-detection.service.d.ts +30 -0
package/dist/services/risk-detection.service.d.ts.map +1 -0
package/dist/services/risk-detection.service.js +518 -0
package/dist/services/risk-detection.service.js.map +1 -0
package/dist/services/risk-scoring.service.d.ts +12 -0
package/dist/services/risk-scoring.service.d.ts.map +1 -0
package/dist/services/risk-scoring.service.js +44 -0
package/dist/services/risk-scoring.service.js.map +1 -0
package/dist/services/session.service.d.ts +64 -0
package/dist/services/session.service.d.ts.map +1 -0
package/dist/services/session.service.js +455 -0
package/dist/services/session.service.js.map +1 -0
package/dist/services/social-auth-base.service.d.ts +57 -0
package/dist/services/social-auth-base.service.d.ts.map +1 -0
package/dist/services/social-auth-base.service.js +340 -0
package/dist/services/social-auth-base.service.js.map +1 -0
package/dist/services/social-auth.service.d.ts +31 -0
package/dist/services/social-auth.service.d.ts.map +1 -0
package/dist/services/social-auth.service.js +172 -0
package/dist/services/social-auth.service.js.map +1 -0
package/dist/services/social-provider-registry.service.d.ts +9 -0
package/dist/services/social-provider-registry.service.d.ts.map +1 -0
package/dist/services/social-provider-registry.service.js +30 -0
package/dist/services/social-provider-registry.service.js.map +1 -0
package/dist/services/trusted-device.service.d.ts +29 -0
package/dist/services/trusted-device.service.d.ts.map +1 -0
package/dist/services/trusted-device.service.js +190 -0
package/dist/services/trusted-device.service.js.map +1 -0
package/dist/storage/account-lockout-storage.service.d.ts +16 -0
package/dist/storage/account-lockout-storage.service.d.ts.map +1 -0
package/dist/storage/account-lockout-storage.service.js +50 -0
package/dist/storage/account-lockout-storage.service.js.map +1 -0
package/dist/storage/index.d.ts +4 -0
package/dist/storage/index.d.ts.map +1 -0
package/dist/storage/index.js +20 -0
package/dist/storage/index.js.map +1 -0
package/dist/storage/memory-storage.adapter.d.ts +33 -0
package/dist/storage/memory-storage.adapter.d.ts.map +1 -0
package/dist/storage/memory-storage.adapter.js +195 -0
package/dist/storage/memory-storage.adapter.js.map +1 -0
package/dist/storage/rate-limit-storage.service.d.ts +11 -0
package/dist/storage/rate-limit-storage.service.d.ts.map +1 -0
package/dist/storage/rate-limit-storage.service.js +33 -0
package/dist/storage/rate-limit-storage.service.js.map +1 -0
package/dist/templates/html-template.engine.d.ts +16 -0
package/dist/templates/html-template.engine.d.ts.map +1 -0
package/dist/templates/html-template.engine.js +502 -0
package/dist/templates/html-template.engine.js.map +1 -0
package/dist/templates/index.d.ts +2 -0
package/dist/templates/index.d.ts.map +1 -0
package/dist/templates/index.js +18 -0
package/dist/templates/index.js.map +1 -0
package/dist/utils/common-passwords.d.ts +4 -0
package/dist/utils/common-passwords.d.ts.map +1 -0
package/dist/utils/common-passwords.js +108 -0
package/dist/utils/common-passwords.js.map +1 -0
package/dist/utils/context-storage.d.ts +13 -0
package/dist/utils/context-storage.d.ts.map +1 -0
package/dist/utils/context-storage.js +54 -0
package/dist/utils/context-storage.js.map +1 -0
package/dist/utils/cookie-names.util.d.ts +7 -0
package/dist/utils/cookie-names.util.d.ts.map +1 -0
package/dist/utils/cookie-names.util.js +30 -0
package/dist/utils/cookie-names.util.js.map +1 -0
package/dist/utils/cookies.util.d.ts +12 -0
package/dist/utils/cookies.util.d.ts.map +1 -0
package/dist/utils/cookies.util.js +48 -0
package/dist/utils/cookies.util.js.map +1 -0
package/dist/utils/index.d.ts +8 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +24 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/ip-extractor.d.ts +12 -0
package/dist/utils/ip-extractor.d.ts.map +1 -0
package/dist/utils/ip-extractor.js +88 -0
package/dist/utils/ip-extractor.js.map +1 -0
package/dist/utils/nauth-logger.d.ts +20 -0
package/dist/utils/nauth-logger.d.ts.map +1 -0
package/dist/utils/nauth-logger.js +129 -0
package/dist/utils/nauth-logger.js.map +1 -0
package/dist/utils/pii-redactor.d.ts +16 -0
package/dist/utils/pii-redactor.d.ts.map +1 -0
package/dist/utils/pii-redactor.js +147 -0
package/dist/utils/pii-redactor.js.map +1 -0
package/dist/utils/setup/get-repositories.d.ts +16 -0
package/dist/utils/setup/get-repositories.d.ts.map +1 -0
package/dist/utils/setup/get-repositories.js +36 -0
package/dist/utils/setup/get-repositories.js.map +1 -0
package/dist/utils/setup/init-services.d.ts +41 -0
package/dist/utils/setup/init-services.d.ts.map +1 -0
package/dist/utils/setup/init-services.js +107 -0
package/dist/utils/setup/init-services.js.map +1 -0
package/dist/utils/setup/init-social.d.ts +13 -0
package/dist/utils/setup/init-social.d.ts.map +1 -0
package/dist/utils/setup/init-social.js +77 -0
package/dist/utils/setup/init-social.js.map +1 -0
package/dist/utils/setup/init-storage.d.ts +4 -0
package/dist/utils/setup/init-storage.d.ts.map +1 -0
package/dist/utils/setup/init-storage.js +79 -0
package/dist/utils/setup/init-storage.js.map +1 -0
package/dist/utils/setup/register-mfa.d.ts +5 -0
package/dist/utils/setup/register-mfa.d.ts.map +1 -0
package/dist/utils/setup/register-mfa.js +85 -0
package/dist/utils/setup/register-mfa.js.map +1 -0
package/dist/utils/setup/run-nauth-migrations.d.ts +5 -0
package/dist/utils/setup/run-nauth-migrations.d.ts.map +1 -0
package/dist/utils/setup/run-nauth-migrations.js +67 -0
package/dist/utils/setup/run-nauth-migrations.js.map +1 -0
package/dist/utils/token-delivery-policy.d.ts +6 -0
package/dist/utils/token-delivery-policy.d.ts.map +1 -0
package/dist/utils/token-delivery-policy.js +15 -0
package/dist/utils/token-delivery-policy.js.map +1 -0
package/dist/validators/template.validator.d.ts +7 -0
package/dist/validators/template.validator.d.ts.map +1 -0
package/dist/validators/template.validator.js +95 -0
package/dist/validators/template.validator.js.map +1 -0
package/jest.config.js +15 -0
package/jest.setup.ts +6 -0
package/package.json +73 -0
package/src/adapters/database-columns.ts +165 -0
package/src/adapters/express.adapter.ts +385 -0
package/src/adapters/fastify.adapter.ts +416 -0
package/src/adapters/index.ts +16 -0
package/src/adapters/storage.factory.ts +143 -0
package/src/bootstrap.ts +374 -0
package/src/dto/auth-challenge.dto.ts +231 -0
package/src/dto/auth-response.dto.ts +253 -0
package/src/dto/challenge-response.dto.ts +234 -0
package/src/dto/change-password-request.dto.ts +50 -0
package/src/dto/change-password-response.dto.ts +29 -0
package/src/dto/change-password.dto.ts +57 -0
package/src/dto/error-response.dto.ts +136 -0
package/src/dto/get-available-methods.dto.ts +55 -0
package/src/dto/get-challenge-data-response.dto.ts +28 -0
package/src/dto/get-challenge-data.dto.ts +69 -0
package/src/dto/get-client-info.dto.ts +104 -0
package/src/dto/get-device-token-response.dto.ts +25 -0
package/src/dto/get-events-by-type.dto.ts +76 -0
package/src/dto/get-ip-address-response.dto.ts +24 -0
package/src/dto/get-mfa-status.dto.ts +94 -0
package/src/dto/get-risk-assessment-history.dto.ts +39 -0
package/src/dto/get-session-id-response.dto.ts +25 -0
package/src/dto/get-setup-data-response.dto.ts +31 -0
package/src/dto/get-setup-data.dto.ts +75 -0
package/src/dto/get-suspicious-activity.dto.ts +42 -0
package/src/dto/get-user-agent-response.dto.ts +23 -0
package/src/dto/get-user-auth-history.dto.ts +95 -0
package/src/dto/get-user-by-email.dto.ts +61 -0
package/src/dto/get-user-by-id.dto.ts +46 -0
package/src/dto/get-user-devices.dto.ts +53 -0
package/src/dto/get-user-response.dto.ts +17 -0
package/src/dto/has-provider.dto.ts +56 -0
package/src/dto/index.ts +57 -0
package/src/dto/is-trusted-device-response.dto.ts +34 -0
package/src/dto/list-providers-response.dto.ts +23 -0
package/src/dto/login.dto.ts +95 -0
package/src/dto/logout-all-response.dto.ts +24 -0
package/src/dto/logout-all.dto.ts +65 -0
package/src/dto/logout-response.dto.ts +25 -0
package/src/dto/logout.dto.ts +64 -0
package/src/dto/refresh-token.dto.ts +36 -0
package/src/dto/remove-devices.dto.ts +85 -0
package/src/dto/resend-code-response.dto.ts +32 -0
package/src/dto/resend-code.dto.ts +51 -0
package/src/dto/reset-password.dto.ts +115 -0
package/src/dto/respond-challenge.dto.ts +272 -0
package/src/dto/set-mfa-exemption.dto.ts +112 -0
package/src/dto/set-must-change-password-response.dto.ts +27 -0
package/src/dto/set-must-change-password.dto.ts +46 -0
package/src/dto/set-preferred-method.dto.ts +80 -0
package/src/dto/setup-mfa.dto.ts +98 -0
package/src/dto/signup.dto.ts +174 -0
package/src/dto/social-auth.dto.ts +422 -0
package/src/dto/trust-device-response.dto.ts +30 -0
package/src/dto/trust-device.dto.ts +9 -0
package/src/dto/update-user-attributes-request.dto.ts +51 -0
package/src/dto/user-response.dto.ts +138 -0
package/src/dto/user-update.dto.ts +222 -0
package/src/dto/verify-email.dto.ts +313 -0
package/src/dto/verify-mfa-code.dto.ts +103 -0
package/src/dto/verify-phone-by-sub.dto.ts +78 -0
package/src/dto/verify-phone.dto.ts +245 -0
package/src/entities/auth-audit.entity.ts +232 -0
package/src/entities/challenge-session.entity.ts +116 -0
package/src/entities/index.ts +29 -0
package/src/entities/login-attempt.entity.ts +64 -0
package/src/entities/mfa-device.entity.ts +151 -0
package/src/entities/rate-limit.entity.ts +44 -0
package/src/entities/session.entity.ts +180 -0
package/src/entities/social-account.entity.ts +96 -0
package/src/entities/storage-lock.entity.ts +39 -0
package/src/entities/trusted-device.entity.ts +112 -0
package/src/entities/user.entity.ts +243 -0
package/src/entities/verification-token.entity.ts +141 -0
package/src/enums/auth-audit-event-type.enum.ts +360 -0
package/src/enums/error-codes.enum.ts +420 -0
package/src/enums/mfa-method.enum.ts +97 -0
package/src/enums/risk-factor.enum.ts +111 -0
package/src/exceptions/nauth.exception.ts +231 -0
package/src/handlers/auth.handler.ts +260 -0
package/src/handlers/client-info.handler.ts +101 -0
package/src/handlers/csrf.handler.ts +156 -0
package/src/handlers/token-delivery.handler.ts +118 -0
package/src/index.ts +118 -0
package/src/interfaces/client-info.interface.ts +85 -0
package/src/interfaces/config.interface.ts +2135 -0
package/src/interfaces/entities.interface.ts +226 -0
package/src/interfaces/index.ts +15 -0
package/src/interfaces/logger.interface.ts +283 -0
package/src/interfaces/mfa-provider.interface.ts +154 -0
package/src/interfaces/oauth.interface.ts +148 -0
package/src/interfaces/provider.interface.ts +47 -0
package/src/interfaces/social-auth-provider.interface.ts +131 -0
package/src/interfaces/storage-adapter.interface.ts +82 -0
package/src/interfaces/template.interface.ts +510 -0
package/src/interfaces/token-verifier.interface.ts +110 -0
package/src/internal.ts +178 -0
package/src/platform/interfaces.ts +299 -0
package/src/schemas/auth-config.schema.ts +646 -0
package/src/services/adaptive-mfa-decision.service.spec.ts +1058 -0
package/src/services/adaptive-mfa-decision.service.ts +457 -0
package/src/services/auth-audit.service.spec.ts +675 -0
package/src/services/auth-audit.service.ts +558 -0
package/src/services/auth-challenge-helper.service.spec.ts +3227 -0
package/src/services/auth-challenge-helper.service.ts +825 -0
package/src/services/auth-flow-context-builder.service.ts +520 -0
package/src/services/auth-flow-rules.ts +202 -0
package/src/services/auth-flow-state-definitions.ts +190 -0
package/src/services/auth-flow-state-machine.service.ts +207 -0
package/src/services/auth-flow-state-machine.types.ts +316 -0
package/src/services/auth.service.spec.ts +4195 -0
package/src/services/auth.service.ts +3727 -0
package/src/services/challenge.service.spec.ts +1363 -0
package/src/services/challenge.service.ts +696 -0
package/src/services/client-info.service.spec.ts +572 -0
package/src/services/client-info.service.ts +374 -0
package/src/services/csrf.service.ts +54 -0
package/src/services/email-verification.service.spec.ts +1229 -0
package/src/services/email-verification.service.ts +578 -0
package/src/services/geo-location.service.spec.ts +603 -0
package/src/services/geo-location.service.ts +599 -0
package/src/services/index.ts +13 -0
package/src/services/jwt.service.spec.ts +882 -0
package/src/services/jwt.service.ts +621 -0
package/src/services/mfa-base.service.spec.ts +246 -0
package/src/services/mfa-base.service.ts +611 -0
package/src/services/mfa.service.spec.ts +693 -0
package/src/services/mfa.service.ts +960 -0
package/src/services/password.service.spec.ts +166 -0
package/src/services/password.service.ts +309 -0
package/src/services/phone-verification.service.spec.ts +1120 -0
package/src/services/phone-verification.service.ts +751 -0
package/src/services/risk-detection.service.spec.ts +1292 -0
package/src/services/risk-detection.service.ts +1012 -0
package/src/services/risk-scoring.service.spec.ts +204 -0
package/src/services/risk-scoring.service.ts +131 -0
package/src/services/session.service.spec.ts +1293 -0
package/src/services/session.service.ts +803 -0
package/src/services/social-account.service.spec.ts +725 -0
package/src/services/social-auth-base.service.spec.ts +418 -0
package/src/services/social-auth-base.service.ts +581 -0
package/src/services/social-auth.service.spec.ts +238 -0
package/src/services/social-auth.service.ts +436 -0
package/src/services/social-provider-registry.service.spec.ts +238 -0
package/src/services/social-provider-registry.service.ts +122 -0
package/src/services/trusted-device.service.spec.ts +505 -0
package/src/services/trusted-device.service.ts +339 -0
package/src/storage/account-lockout-storage.service.spec.ts +310 -0
package/src/storage/account-lockout-storage.service.ts +89 -0
package/src/storage/index.ts +3 -0
package/src/storage/memory-storage.adapter.ts +443 -0
package/src/storage/rate-limit-storage.service.spec.ts +247 -0
package/src/storage/rate-limit-storage.service.ts +38 -0
package/src/templates/html-template.engine.spec.ts +161 -0
package/src/templates/html-template.engine.ts +688 -0
package/src/templates/index.ts +7 -0
package/src/utils/common-passwords.spec.ts +230 -0
package/src/utils/common-passwords.ts +170 -0
package/src/utils/context-storage.ts +188 -0
package/src/utils/cookie-names.util.ts +67 -0
package/src/utils/cookies.util.ts +94 -0
package/src/utils/index.ts +12 -0
package/src/utils/ip-extractor.spec.ts +330 -0
package/src/utils/ip-extractor.ts +220 -0
package/src/utils/nauth-logger.spec.ts +388 -0
package/src/utils/nauth-logger.ts +215 -0
package/src/utils/pii-redactor.spec.ts +130 -0
package/src/utils/pii-redactor.ts +288 -0
package/src/utils/setup/get-repositories.ts +140 -0
package/src/utils/setup/init-services.ts +422 -0
package/src/utils/setup/init-social.ts +189 -0
package/src/utils/setup/init-storage.ts +94 -0
package/src/utils/setup/register-mfa.ts +165 -0
package/src/utils/setup/run-nauth-migrations.ts +61 -0
package/src/utils/token-delivery-policy.ts +38 -0
package/src/validators/template.validator.ts +219 -0
package/tsconfig.json +37 -0
package/tsconfig.lint.json +6 -0

package/src/services/auth-audit.service.ts ADDED Viewed

@@ -0,0 +1,558 @@
+import { Repository } from 'typeorm';
+import { BaseAuthAudit, BaseUser } from '../entities';
+import { IAuthAudit, IUser } from '../interfaces/entities.interface';
+import { AuthAuditEventType } from '../enums/auth-audit-event-type.enum';
+import { AuthAuditEventStatus } from '../entities/auth-audit.entity';
+import { NAuthLogger } from '../utils/nauth-logger';
+import { NAuthException } from '../exceptions/nauth.exception';
+import { AuthErrorCode } from '../enums/error-codes.enum';
+import { ClientInfoService } from './client-info.service';
+import { RiskFactor } from '../enums/risk-factor.enum';
+import { GetUserAuthHistoryDTO, GetUserAuthHistoryResponseDTO } from '../dto/get-user-auth-history.dto';
+import { GetEventsByTypeDTO, GetEventsByTypeResponseDTO } from '../dto/get-events-by-type.dto';
+import { GetSuspiciousActivityDTO, GetSuspiciousActivityResponseDTO } from '../dto/get-suspicious-activity.dto';
+import {
+  GetRiskAssessmentHistoryDTO,
+  GetRiskAssessmentHistoryResponseDTO,
+} from '../dto/get-risk-assessment-history.dto';
+/**
+ * DTO for creating audit events
+ *
+ * @internal
+ * This DTO is only used by InternalAuthAuditService and should not be exposed
+ * to consumer applications.
+ */
+export interface CreateAuthAuditEventDTO {
+  userId?: number; // Internal user ID (preferred)
+  userSub?: string; // External user identifier (will lookup userId)
+  eventType: AuthAuditEventType;
+  eventStatus: AuthAuditEventStatus;
+  riskFactor?: number | null;
+  riskFactors?: RiskFactor[] | null;
+  adaptiveMfaTriggered?: boolean | null;
+  // Note: ipAddress, ipCountry, ipCity, userAgent, platform, browser, deviceId, deviceName, deviceType
+  // are automatically captured from ClientInfoService and cannot be overridden
+  // Use metadata for event-specific data only
+  deviceId?: string | null; // Special case: can override for newly created device tokens
+  sessionId?: number | null;
+  challengeSessionId?: number | null;
+  authMethod?: string | null;
+  performedBy?: string | null; // Auto-populated from session context if not provided (userId of authenticated user)
+  reason?: string | null;
+  description?: string | null;
+  metadata?: Record<string, unknown> | null;
+}
+/**
+ * Authentication Audit Service (Base Class - Public API)
+ *
+ * Manages audit trail queries for authentication and security events.
+ * Provides query capabilities for retrieving audit history.
+ *
+ * **Key Features:**
+ * - Efficient queries using userId (internal integer ID)
+ * - Pagination support for large datasets
+ * - Query filtering by event type, status, date ranges
+ * - User history queries (resolves userSub to userId automatically)
+ *
+ * **Design Notes:**
+ * - Only stores `userId` (integer) - no userSub duplication
+ * - All methods accepting userSub resolve to userId before querying
+ * - Risk tracking fields are infrastructure for future adaptive MFA (no business logic)
+ *
+ * **Note:** This is the public API class. Event recording is handled internally
+ * by `InternalAuthAuditService` and is not exposed to consumer applications.
+ *
+ * @example
+ * ```typescript
+ * // Get user history (accepts userSub, resolves to userId)
+ * const history = await auditService.getUserAuthHistory({
+ *   userSub: 'user-uuid',
+ *   page: 1,
+ *   limit: 50,
+ *   startDate: new Date('2025-01-01'),
+ * });
+ * ```
+ */
+export class AuthAuditService {
+  constructor(
+    protected readonly auditRepository: Repository<BaseAuthAudit>,
+    protected readonly userRepository: Repository<BaseUser>,
+    protected readonly logger: NAuthLogger,
+    protected readonly clientInfoService?: ClientInfoService,
+  ) {}
+  // ============================================================================
+  // Query Methods
+  // ============================================================================
+  /**
+   * Get paginated authentication history for a user
+   *
+   * Accepts userSub (external identifier) and resolves to userId for efficient queries.
+   * Supports filtering by event types, status, and date ranges.
+   *
+   * @param request - Request DTO containing userSub and filtering options
+   * @returns Response DTO with paginated audit records
+   * @throws {NAuthException} If user not found
+   *
+   * @example
+   * ```typescript
+   * const history = await auditService.getUserAuthHistory({
+   *   userSub: 'user-uuid',
+   *   page: 1,
+   *   limit: 50,
+   *   eventTypes: [AuthAuditEventType.LOGIN_SUCCESS, AuthAuditEventType.LOGIN_FAILED],
+   *   startDate: new Date('2025-01-01'),
+   * });
+   * ```
+   */
+  async getUserAuthHistory(request: GetUserAuthHistoryDTO): Promise<GetUserAuthHistoryResponseDTO> {
+    // Resolve userSub to userId
+    const user = (await this.userRepository.findOne({ where: { sub: request.userSub } })) as IUser | null;
+    if (!user) {
+      throw new NAuthException(AuthErrorCode.NOT_FOUND, 'User not found');
+    }
+    const page = request.page || 1;
+    const limit = request.limit || 50;
+    const skip = (page - 1) * limit;
+    // Build query
+    const queryBuilder = this.auditRepository
+      .createQueryBuilder('audit')
+      .where('audit.userId = :userId', { userId: user.id });
+    // Date range filter
+    if (request.startDate) {
+      queryBuilder.andWhere('audit.createdAt >= :startDate', { startDate: request.startDate });
+    }
+    if (request.endDate) {
+      queryBuilder.andWhere('audit.createdAt <= :endDate', { endDate: request.endDate });
+    }
+    // Event type filter
+    if (request.eventTypes && request.eventTypes.length > 0) {
+      queryBuilder.andWhere('audit.eventType IN (:...eventTypes)', { eventTypes: request.eventTypes });
+    }
+    // Event status filter
+    if (request.eventStatus && request.eventStatus.length > 0) {
+      queryBuilder.andWhere('audit.eventStatus IN (:...eventStatus)', { eventStatus: request.eventStatus });
+    }
+    // Order by date (newest first)
+    queryBuilder.orderBy('audit.createdAt', 'DESC');
+    // Pagination
+    queryBuilder.skip(skip).take(limit);
+    const [data, total] = await queryBuilder.getManyAndCount();
+    const response = new GetUserAuthHistoryResponseDTO();
+    response.data = data as unknown as IAuthAudit[];
+    response.total = total;
+    response.page = page;
+    response.limit = limit;
+    response.totalPages = Math.ceil(total / limit);
+    return response;
+  }
+  /**
+   * Get events by type with pagination
+   *
+   * @param request - Request DTO containing eventType and pagination options
+   * @returns Response DTO with paginated audit records
+   *
+   * @example
+   * ```typescript
+   * const events = await auditService.getEventsByType({
+   *   eventType: AuthAuditEventType.SUSPICIOUS_ACTIVITY,
+   *   page: 1,
+   *   limit: 100,
+   * });
+   * ```
+   */
+  async getEventsByType(request: GetEventsByTypeDTO): Promise<GetEventsByTypeResponseDTO> {
+    const page = request.page || 1;
+    const limit = request.limit || 50;
+    const skip = (page - 1) * limit;
+    const queryBuilder = this.auditRepository.createQueryBuilder('audit').where('audit.eventType = :eventType', {
+      eventType: request.eventType,
+    });
+    // Date range filter
+    if (request.startDate) {
+      queryBuilder.andWhere('audit.createdAt >= :startDate', { startDate: request.startDate });
+    }
+    if (request.endDate) {
+      queryBuilder.andWhere('audit.createdAt <= :endDate', { endDate: request.endDate });
+    }
+    queryBuilder.orderBy('audit.createdAt', 'DESC').skip(skip).take(limit);
+    const [data, total] = await queryBuilder.getManyAndCount();
+    const response = new GetEventsByTypeResponseDTO();
+    response.data = data as unknown as IAuthAudit[];
+    response.total = total;
+    response.page = page;
+    response.limit = limit;
+    response.totalPages = Math.ceil(total / limit);
+    return response;
+  }
+  /**
+   * Get suspicious activity events
+   *
+   * Returns events with SUSPICIOUS status or SUSPICIOUS_ACTIVITY event type.
+   *
+   * @param request - Request DTO containing optional userSub and limit
+   * @returns Response DTO with array of suspicious audit events
+   *
+   * @example
+   * ```typescript
+   * // Get all suspicious activity
+   * const suspicious = await auditService.getSuspiciousActivity({});
+   *
+   * // Get suspicious activity for specific user
+   * const userSuspicious = await auditService.getSuspiciousActivity({
+   *   userSub: 'user-uuid',
+   *   limit: 50,
+   * });
+   * ```
+   */
+  async getSuspiciousActivity(request: GetSuspiciousActivityDTO): Promise<GetSuspiciousActivityResponseDTO> {
+    const limit = request.limit || 100;
+    const queryBuilder = this.auditRepository
+      .createQueryBuilder('audit')
+      .where('(audit.eventStatus = :status OR audit.eventType = :eventType)', {
+        status: 'SUSPICIOUS',
+        eventType: AuthAuditEventType.SUSPICIOUS_ACTIVITY,
+      });
+    // Filter by user if provided
+    if (request.userSub) {
+      const user = (await this.userRepository.findOne({ where: { sub: request.userSub } })) as IUser | null;
+      if (!user) {
+        throw new NAuthException(AuthErrorCode.NOT_FOUND, 'User not found');
+      }
+      queryBuilder.andWhere('audit.userId = :userId', { userId: user.id });
+    }
+    queryBuilder.orderBy('audit.createdAt', 'DESC').take(limit);
+    const data = await queryBuilder.getMany();
+    const response = new GetSuspiciousActivityResponseDTO();
+    response.data = data as unknown as IAuthAudit[];
+    return response;
+  }
+  /**
+   * Get risk assessment history for adaptive MFA analysis
+   *
+   * Returns events where risk assessment was performed (ADAPTIVE_MFA_RISK_ASSESSED,
+   * ADAPTIVE_MFA_TRIGGERED, ADAPTIVE_MFA_BYPASSED).
+   *
+   * @param request - Request DTO containing userSub and limit
+   * @returns Response DTO with array of risk assessment audit events
+   * @throws {NAuthException} If user not found
+   *
+   * @example
+   * ```typescript
+   * const riskHistory = await auditService.getRiskAssessmentHistory({
+   *   userSub: 'user-uuid',
+   *   limit: 50,
+   * });
+   * ```
+   */
+  async getRiskAssessmentHistory(request: GetRiskAssessmentHistoryDTO): Promise<GetRiskAssessmentHistoryResponseDTO> {
+    const limit = request.limit || 100;
+    // Resolve userSub to userId
+    const user = (await this.userRepository.findOne({ where: { sub: request.userSub } })) as IUser | null;
+    if (!user) {
+      throw new NAuthException(AuthErrorCode.NOT_FOUND, 'User not found');
+    }
+    const queryBuilder = this.auditRepository
+      .createQueryBuilder('audit')
+      .where('audit.userId = :userId', { userId: user.id })
+      .andWhere('audit.eventType IN (:...eventTypes)', {
+        eventTypes: [
+          AuthAuditEventType.ADAPTIVE_MFA_RISK_ASSESSED,
+          AuthAuditEventType.ADAPTIVE_MFA_TRIGGERED,
+          AuthAuditEventType.ADAPTIVE_MFA_BYPASSED,
+        ],
+      })
+      .orderBy('audit.createdAt', 'DESC')
+      .take(limit);
+    const data = await queryBuilder.getMany();
+    const response = new GetRiskAssessmentHistoryResponseDTO();
+    response.data = data as unknown as IAuthAudit[];
+    return response;
+  }
+}
+// ============================================================================
+// Internal Service (Framework Adapters Only)
+// ============================================================================
+/**
+ * Internal Authentication Audit Service
+ *
+ * Extends the base AuthAuditService with event recording capabilities.
+ * This service is only available via `@nauth-toolkit/core/internal` and should
+ * NOT be used by consumer applications.
+ *
+ * **Event Recording:**
+ * The `recordEvent()` method is internal-only and is used by nauth-toolkit
+ * services to log authentication events. Consumer applications should use
+ * the query methods from the base `AuthAuditService` class.
+ *
+ * @internal
+ * This class is only exported from `@nauth-toolkit/core/internal` for use
+ * by framework adapters. Consumer applications should use the base
+ * `AuthAuditService` from `@nauth-toolkit/core`.
+ *
+ * @example
+ * ```typescript
+ * // Framework adapter usage
+ * import { AuthAuditService } from '@nauth-toolkit/core/internal';
+ *
+ * const auditService = new AuthAuditService(...);
+ * // Can use recordEvent() here (internal only)
+ * await auditService.recordEvent({ ... });
+ * ```
+ */
+export class InternalAuthAuditService extends AuthAuditService {
+  /**
+   * Record an authentication audit event
+   *
+   * Creates an audit record for an authentication or security event.
+   * Automatically extracts client information from request context when available.
+   * This method is non-blocking - errors are logged but don't throw exceptions.
+   *
+   * **Automatic Client Info Extraction:**
+   * When ClientInfoService is available, the following fields are automatically populated:
+   * - ipAddress, ipCountry, ipCity (from request and geolocation)
+   * - userAgent, platform, browser (from user agent parsing)
+   * - deviceId, deviceName, deviceType (from request context)
+   *
+   * Note: These fields cannot be overridden via the DTO - they are always captured from the request context.
+   * Only deviceId can be explicitly set for special cases (e.g., newly created device tokens).
+   * Do not include ipAddress, ipCountry, ipCity, userAgent, platform, browser, deviceName, or deviceType
+   * in the DTO - they will be automatically captured and attempts to include them will cause TypeScript errors.
+   *
+   * **Automatic performedBy Population:**
+   * The `performedBy` field is automatically populated from the authenticated user's context:
+   * - If userId is available from ClientInfoService (extracted from JWT token by interceptors/handlers), it is used as `performedBy`
+   * - This captures who performed the action (e.g., admin performing action on another user)
+   * - If no userId is found in client info, `performedBy` defaults to the event's `userId` (user performing action on themselves)
+   * - Explicit `performedBy` in DTO overrides automatic population
+   *
+   * @internal
+   * This method is only available in InternalAuthAuditService and should not
+   * be exposed to consumer applications.
+   *
+   * @param data - Audit event data (only event-specific fields needed)
+   * @param data.userId - Internal user ID (preferred, more efficient)
+   * @param data.userSub - External user identifier (will lookup userId if userId not provided)
+   * @param data.eventType - Type of event
+   * @param data.eventStatus - Event classification status
+   * @returns Created audit record
+   *
+   * @example
+   * ```typescript
+   * // Simple recording - client info auto-populated
+   * await auditService.recordEvent({
+   *   userId: user.id,
+   *   eventType: AuthAuditEventType.LOGIN_SUCCESS,
+   *   eventStatus: 'SUCCESS',
+   *   authMethod: 'password',
+   *   // ipAddress, userAgent, deviceName, etc. automatically included!
+   * });
+   *
+   * // Override specific fields if needed
+   * await auditService.recordEvent({
+   *   userId: user.id,
+   *   eventType: AuthAuditEventType.LOGIN_SUCCESS,
+   *   eventStatus: 'SUCCESS',
+   *   // ipAddress, userAgent, etc. automatically captured from request context
+   * });
+   * ```
+   */
+  async recordEvent(data: CreateAuthAuditEventDTO): Promise<IAuthAudit | null> {
+    try {
+      // Resolve userId if userSub provided
+      let userId = data.userId;
+      if (!userId && data.userSub) {
+        const user = (await this.userRepository.findOne({ where: { sub: data.userSub } })) as IUser | null;
+        if (!user) {
+          this.logger?.warn?.(`Cannot record audit event - user not found: ${data.userSub}`);
+          return null;
+        }
+        userId = user.id;
+      }
+      if (!userId) {
+        this.logger?.warn?.('Cannot record audit event - userId or userSub required');
+        return null;
+      }
+      // ============================================================================
+      // Auto-extract client info from context (when available)
+      // Note: These fields are automatically captured and cannot be overridden by callers
+      // ============================================================================
+      let clientInfo: {
+        ipAddress?: string | null;
+        ipCountry?: string | null;
+        ipCity?: string | null;
+        ipLatitude?: number | null;
+        ipLongitude?: number | null;
+        userAgent?: string | null;
+        platform?: string | null;
+        browser?: string | null;
+        deviceId?: string | null;
+        deviceName?: string | null;
+        deviceType?: string | null;
+        sessionId?: number | null;
+      } = {};
+      if (this.clientInfoService) {
+        try {
+          const clientInfoFromContext = this.clientInfoService.get();
+          // Debug logging
+          if (!clientInfoFromContext.ipLatitude || !clientInfoFromContext.ipLongitude) {
+            this.logger?.warn?.(
+              `[AuthAuditService] Creating audit WITHOUT coordinates from context: ` +
+              `IP=${clientInfoFromContext.ipAddress}, country=${clientInfoFromContext.ipCountry}, ` +
+              `city=${clientInfoFromContext.ipCity}, lat=${clientInfoFromContext.ipLatitude}, ` +
+              `lon=${clientInfoFromContext.ipLongitude}`,
+            );
+          } else {
+            this.logger?.debug?.(
+              `[AuthAuditService] Creating audit WITH coordinates from context: ` +
+              `IP=${clientInfoFromContext.ipAddress}, ${clientInfoFromContext.ipCity}, ` +
+              `${clientInfoFromContext.ipCountry} (${clientInfoFromContext.ipLatitude}, ${clientInfoFromContext.ipLongitude})`,
+            );
+          }
+          // Automatically capture from context (no override allowed)
+          clientInfo = {
+            ipAddress: clientInfoFromContext.ipAddress || null,
+            ipCountry: clientInfoFromContext.ipCountry || null,
+            ipCity: clientInfoFromContext.ipCity || null,
+            ipLatitude: clientInfoFromContext.ipLatitude || null,
+            ipLongitude: clientInfoFromContext.ipLongitude || null,
+            userAgent: clientInfoFromContext.userAgent || null,
+            platform: clientInfoFromContext.platform || null,
+            browser: clientInfoFromContext.browser || null,
+            deviceId: clientInfoFromContext.deviceToken || null,
+            deviceName: clientInfoFromContext.deviceName || null,
+            deviceType: clientInfoFromContext.deviceType || null,
+            sessionId: clientInfoFromContext.sessionId || null,
+          };
+        } catch (error) {
+          // Non-blocking: If client info extraction fails, continue without it
+          // This can happen if called outside request context (e.g., cron jobs)
+          this.logger?.debug?.(
+            `Failed to extract client info for audit: ${error instanceof Error ? error.message : 'Unknown error'}`,
+          );
+        }
+      }
+      // ============================================================================
+      // Use auto-extracted client info (deviceId can be overridden for special cases)
+      // ============================================================================
+      const mergedData = {
+        ipAddress: clientInfo.ipAddress ?? null,
+        ipCountry: clientInfo.ipCountry ?? null,
+        ipCity: clientInfo.ipCity ?? null,
+        ipLatitude: clientInfo.ipLatitude ?? null,
+        ipLongitude: clientInfo.ipLongitude ?? null,
+        userAgent: clientInfo.userAgent ?? null,
+        platform: clientInfo.platform ?? null,
+        browser: clientInfo.browser ?? null,
+        deviceId: data.deviceId ?? clientInfo.deviceId ?? null, // Allow override for newly created device tokens
+        deviceName: clientInfo.deviceName ?? null,
+        deviceType: clientInfo.deviceType ?? null,
+        sessionId: data.sessionId ?? clientInfo.sessionId ?? null,
+      };
+      // ============================================================================
+      // Auto-populate performedBy from client info context (if available)
+      // ============================================================================
+      let performedBy: string | null = data.performedBy ?? null;
+      if (!performedBy && this.clientInfoService) {
+        try {
+          // Get userId from client info (extracted from JWT token by interceptors/handlers)
+          const clientInfo = this.clientInfoService.get();
+          if (clientInfo?.userId) {
+            // Use the userId from client info as performedBy
+            // This captures who performed the action (could be admin performing action on another user)
+            performedBy = String(clientInfo.userId);
+          }
+        } catch (error) {
+          // Non-blocking: If client info extraction fails, continue without performedBy
+          this.logger?.debug?.(
+            `Failed to get userId from client info for performedBy: ${error instanceof Error ? error.message : 'Unknown error'}`,
+          );
+        }
+      }
+      // If still no performedBy and we have userId, use it as fallback
+      // (most actions are performed by the user themselves)
+      if (!performedBy && userId) {
+        performedBy = String(userId);
+      }
+      // Create audit record
+      const auditRecord = this.auditRepository.create({
+        userId,
+        eventType: data.eventType,
+        eventStatus: data.eventStatus,
+        riskFactor: data.riskFactor ?? null,
+        riskFactors: data.riskFactors ?? null,
+        adaptiveMfaTriggered: data.adaptiveMfaTriggered ?? null,
+        ipAddress: mergedData.ipAddress,
+        ipCountry: mergedData.ipCountry,
+        ipCity: mergedData.ipCity,
+        ipLatitude: mergedData.ipLatitude,
+        ipLongitude: mergedData.ipLongitude,
+        userAgent: mergedData.userAgent,
+        platform: mergedData.platform,
+        browser: mergedData.browser,
+        deviceId: mergedData.deviceId,
+        deviceName: mergedData.deviceName,
+        deviceType: mergedData.deviceType,
+        sessionId: mergedData.sessionId,
+        challengeSessionId: data.challengeSessionId ?? null,
+        authMethod: data.authMethod ?? null,
+        performedBy,
+        reason: data.reason ?? null,
+        description: data.description ?? null,
+        metadata: data.metadata ?? null,
+      });
+      const saved = await this.auditRepository.save(auditRecord);
+      return saved as unknown as IAuthAudit;
+    } catch (error) {
+      // Non-blocking: Log error but don't throw
+      const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+      this.logger?.error?.(`Failed to record audit event: ${errorMessage}`, { eventType: data.eventType, error });
+      return null;
+    }
+  }
+}