@nauth-toolkit/core 0.1.14 → 0.1.17

package/dist/bootstrap.d.ts

@@ -1,3 +1,31 @@
+/**
+ * NAuth Bootstrap
+ *
+ * Entry point for initializing NAuth with platform adapters.
+ *
+ * **Usage:**
+ * ```typescript
+ * import { NAuth, ExpressAdapter } from '@nauth-toolkit/core';
+ *
+ * const nauth = await NAuth.create({
+ *   config: authConfig,
+ *   dataSource: dataSource,
+ *   adapter: new ExpressAdapter(),
+ * });
+ *
+ * // Mount middleware
+ * app.use(nauth.middleware.clientInfo);
+ * app.use(nauth.middleware.csrf);
+ * app.use(nauth.middleware.auth);
+ * app.use(nauth.middleware.tokenDelivery);
+ *
+ * // Protected routes
+ * app.get('/profile', nauth.helpers.requireAuth(), (req, res) => {
+ *   const user = nauth.helpers.getCurrentUser();
+ *   res.json({ user });
+ * });
+ * ```
+ */
 import { DataSource } from 'typeorm';
 import { NAuthConfig } from './interfaces/config.interface';
 import { NAuthLogger } from './utils/nauth-logger';
@@ -7,35 +35,89 @@ import { NAuthServices } from './utils/setup/init-services';
 import { NAuthSocialProviders } from './utils/setup/init-social';
 import { ClientInfo } from './interfaces/client-info.interface';
 import { IUser } from './interfaces/entities.interface';
+/**
+ * Options for NAuth initialization
+ */
 export interface NAuthOptions {
+    /** NAuth configuration */
     config: NAuthConfig;
+    /** TypeORM DataSource */
     dataSource: DataSource;
+    /**
+     * Platform adapter (Express, Fastify, etc.)
+     * @default ExpressAdapter
+     */
     adapter?: NAuthAdapter;
 }
+/**
+ * NAuth instance returned by NAuth.create()
+ *
+ * Contains services, middleware, and helpers for authentication.
+ *
+ * @typeParam TMiddleware - Type for middleware (framework-specific)
+ * @typeParam THelper - Type for route helpers (framework-specific)
+ */
 export interface NAuthInstance<TMiddleware = unknown, THelper = unknown> extends Omit<NAuthServices, 'challengeService' | 'authChallengeHelperService'>, NAuthSocialProviders {
+    /** Framework-specific middleware/hooks */
     middleware: {
+        /** Client info extraction (MUST BE FIRST) */
         clientInfo: TMiddleware;
+        /** JWT authentication */
         auth: TMiddleware;
+        /** CSRF protection */
         csrf: TMiddleware;
+        /** Token delivery (response interceptor) */
         tokenDelivery: TMiddleware;
     };
+    /** Route helpers */
     helpers: {
+        /** Mark route as public (bypasses CSRF) */
         public: () => THelper;
+        /** Require authentication (with optional CSRF bypass) */
         requireAuth: (options?: {
             csrf?: boolean;
         }) => THelper;
+        /** Optional authentication marker */
         optionalAuth: () => THelper;
+        /** Override token delivery mode */
         tokenDelivery: (mode: 'json' | 'cookies') => THelper;
+        /** Get current authenticated user */
         getCurrentUser: () => IUser | undefined;
+        /** Get current session ID */
         getCurrentSession: () => string | number | undefined;
+        /** Get client info */
         getClientInfo: () => ClientInfo | undefined;
     };
+    /** The adapter being used */
     adapter: NAuthAdapter;
+    /** Configuration */
     config: NAuthConfig;
+    /** Logger instance */
     logger: NAuthLogger;
+    /** CSRF service (if enabled) */
     csrfService?: CsrfService;
 }
+/**
+ * NAuth Bootstrap
+ *
+ * Main entry point for initializing NAuth.
+ */
 export declare class NAuth {
+    /**
+     * Create NAuth instance
+     *
+     * @param options - Configuration options
+     * @returns Initialized NAuth instance
+     *
+     * @example
+     * ```typescript
+     * const nauth = await NAuth.create({
+     *   config: authConfig,
+     *   dataSource: dataSource,
+     *   adapter: new ExpressAdapter(),
+     * });
+     * ```
+     */
     static create(options: NAuthOptions): Promise<NAuthInstance>;
 }
 //# sourceMappingURL=bootstrap.d.ts.map

package/dist/bootstrap.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":"AA6BA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAGnD,OAAO,EAAE,YAAY,EAA+B,MAAM,uBAAuB,CAAC;AASlF,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAKtD,OAAO,EAAgB,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE1E,OAAO,EAAkB,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAGjF,OAAO,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC;AAChE,OAAO,EAAE,KAAK,EAAE,MAAM,iCAAiC,CAAC;AASxD,MAAM,WAAW,YAAY;IAE3B,MAAM,EAAE,WAAW,CAAC;IAGpB,UAAU,EAAE,UAAU,CAAC;IAMvB,OAAO,CAAC,EAAE,YAAY,CAAC;CACxB;AAUD,MAAM,WAAW,aAAa,CAAC,WAAW,GAAG,OAAO,EAAE,OAAO,GAAG,OAAO,CACrE,SAAQ,IAAI,CAAC,aAAa,EAAE,kBAAkB,GAAG,4BAA4B,CAAC,EAAE,oBAAoB;IAEpG,UAAU,EAAE;QAEV,UAAU,EAAE,WAAW,CAAC;QAExB,IAAI,EAAE,WAAW,CAAC;QAElB,IAAI,EAAE,WAAW,CAAC;QAElB,aAAa,EAAE,WAAW,CAAC;KAC5B,CAAC;IAGF,OAAO,EAAE;QAEP,MAAM,EAAE,MAAM,OAAO,CAAC;QAEtB,WAAW,EAAE,CAAC,OAAO,CAAC,EAAE;YAAE,IAAI,CAAC,EAAE,OAAO,CAAA;SAAE,KAAK,OAAO,CAAC;QAEvD,YAAY,EAAE,MAAM,OAAO,CAAC;QAE5B,aAAa,EAAE,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,KAAK,OAAO,CAAC;QAErD,cAAc,EAAE,MAAM,KAAK,GAAG,SAAS,CAAC;QAExC,iBAAiB,EAAE,MAAM,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;QAErD,aAAa,EAAE,MAAM,UAAU,GAAG,SAAS,CAAC;KAC7C,CAAC;IAGF,OAAO,EAAE,YAAY,CAAC;IAGtB,MAAM,EAAE,WAAW,CAAC;IAGpB,MAAM,EAAE,WAAW,CAAC;IAGpB,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAWD,qBAAa,KAAK;WAgBH,MAAM,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;CA0NnE"}
+{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAGnD,OAAO,EAAE,YAAY,EAA+B,MAAM,uBAAuB,CAAC;AASlF,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAKtD,OAAO,EAAgB,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE1E,OAAO,EAAkB,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAGjF,OAAO,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC;AAChE,OAAO,EAAE,KAAK,EAAE,MAAM,iCAAiC,CAAC;AAMxD;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,0BAA0B;IAC1B,MAAM,EAAE,WAAW,CAAC;IAEpB,yBAAyB;IACzB,UAAU,EAAE,UAAU,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,YAAY,CAAC;CACxB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,aAAa,CAAC,WAAW,GAAG,OAAO,EAAE,OAAO,GAAG,OAAO,CACrE,SAAQ,IAAI,CAAC,aAAa,EAAE,kBAAkB,GAAG,4BAA4B,CAAC,EAAE,oBAAoB;IACpG,0CAA0C;IAC1C,UAAU,EAAE;QACV,6CAA6C;QAC7C,UAAU,EAAE,WAAW,CAAC;QACxB,yBAAyB;QACzB,IAAI,EAAE,WAAW,CAAC;QAClB,sBAAsB;QACtB,IAAI,EAAE,WAAW,CAAC;QAClB,4CAA4C;QAC5C,aAAa,EAAE,WAAW,CAAC;KAC5B,CAAC;IAEF,oBAAoB;IACpB,OAAO,EAAE;QACP,2CAA2C;QAC3C,MAAM,EAAE,MAAM,OAAO,CAAC;QACtB,yDAAyD;QACzD,WAAW,EAAE,CAAC,OAAO,CAAC,EAAE;YAAE,IAAI,CAAC,EAAE,OAAO,CAAA;SAAE,KAAK,OAAO,CAAC;QACvD,qCAAqC;QACrC,YAAY,EAAE,MAAM,OAAO,CAAC;QAC5B,mCAAmC;QACnC,aAAa,EAAE,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,KAAK,OAAO,CAAC;QACrD,qCAAqC;QACrC,cAAc,EAAE,MAAM,KAAK,GAAG,SAAS,CAAC;QACxC,6BAA6B;QAC7B,iBAAiB,EAAE,MAAM,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;QACrD,sBAAsB;QACtB,aAAa,EAAE,MAAM,UAAU,GAAG,SAAS,CAAC;KAC7C,CAAC;IAEF,6BAA6B;IAC7B,OAAO,EAAE,YAAY,CAAC;IAEtB,oBAAoB;IACpB,MAAM,EAAE,WAAW,CAAC;IAEpB,sBAAsB;IACtB,MAAM,EAAE,WAAW,CAAC;IAEpB,gCAAgC;IAChC,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAMD;;;;GAIG;AACH,qBAAa,KAAK;IAChB;;;;;;;;;;;;;;OAcG;WACU,MAAM,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;CA0NnE"}

package/dist/bootstrap.js

@@ -1,4 +1,32 @@
 "use strict";
+/**
+ * NAuth Bootstrap
+ *
+ * Entry point for initializing NAuth with platform adapters.
+ *
+ * **Usage:**
+ * ```typescript
+ * import { NAuth, ExpressAdapter } from '@nauth-toolkit/core';
+ *
+ * const nauth = await NAuth.create({
+ *   config: authConfig,
+ *   dataSource: dataSource,
+ *   adapter: new ExpressAdapter(),
+ * });
+ *
+ * // Mount middleware
+ * app.use(nauth.middleware.clientInfo);
+ * app.use(nauth.middleware.csrf);
+ * app.use(nauth.middleware.auth);
+ * app.use(nauth.middleware.tokenDelivery);
+ *
+ * // Protected routes
+ * app.get('/profile', nauth.helpers.requireAuth(), (req, res) => {
+ *   const user = nauth.helpers.getCurrentUser();
+ *   res.json({ user });
+ * });
+ * ```
+ */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.NAuth = void 0;
 const nauth_logger_1 = require("./utils/nauth-logger");
@@ -6,11 +34,13 @@ const nauth_exception_1 = require("./exceptions/nauth.exception");
 const error_codes_enum_1 = require("./enums/error-codes.enum");
 const express_adapter_1 = require("./adapters/express.adapter");
 const context_storage_1 = require("./utils/context-storage");
+// Handlers
 const client_info_handler_1 = require("./handlers/client-info.handler");
 const auth_handler_1 = require("./handlers/auth.handler");
 const token_delivery_handler_1 = require("./handlers/token-delivery.handler");
 const csrf_handler_1 = require("./handlers/csrf.handler");
 const csrf_service_1 = require("./services/csrf.service");
+// Setup Helpers
 const get_repositories_1 = require("./utils/setup/get-repositories");
 const init_storage_1 = require("./utils/setup/init-storage");
 const init_services_1 = require("./utils/setup/init-services");
@@ -18,18 +48,53 @@ const register_mfa_1 = require("./utils/setup/register-mfa");
 const init_social_1 = require("./utils/setup/init-social");
 const run_nauth_migrations_1 = require("./utils/setup/run-nauth-migrations");
 const internal_1 = require("./internal");
+// ============================================================================
+// NAuth Bootstrap Class
+// ============================================================================
+/**
+ * NAuth Bootstrap
+ *
+ * Main entry point for initializing NAuth.
+ */
 class NAuth {
+    /**
+     * Create NAuth instance
+     *
+     * @param options - Configuration options
+     * @returns Initialized NAuth instance
+     *
+     * @example
+     * ```typescript
+     * const nauth = await NAuth.create({
+     *   config: authConfig,
+     *   dataSource: dataSource,
+     *   adapter: new ExpressAdapter(),
+     * });
+     * ```
+     */
     static async create(options) {
         const { config, dataSource } = options;
         const adapter = options.adapter || new express_adapter_1.ExpressAdapter();
         const logger = new nauth_logger_1.NAuthLogger(config.logger);
         logger.log(`Initializing NAuth with ${adapter.name}...`);
+        // ========================================================================
+        // 0. Run database migrations (adapter-owned, auto-run, no consumer burden)
+        // ========================================================================
         await (0, run_nauth_migrations_1.runNAuthMigrationsOnStartup)(config, dataSource, logger);
+        // ========================================================================
+        // 1. Initialize Repositories & Storage
+        // ========================================================================
         const repos = (0, get_repositories_1.getRepositories)(dataSource);
         const storage = await (0, init_storage_1.initStorage)(config, repos.rateLimitRepository, repos.storageLockRepository, logger);
+        // ========================================================================
+        // 2. Initialize Services
+        // ========================================================================
         const emailProvider = config.emailProvider;
         const smsProvider = config.smsProvider;
         const services = (0, init_services_1.initServices)(config, repos, storage, logger, emailProvider, smsProvider);
+        // ========================================================================
+        // 3. Initialize Auth Flow State Machine
+        // ========================================================================
         const contextBuilder = new internal_1.AuthFlowContextBuilder(services.trustedDeviceService, services.adaptiveMFADecisionService, services.clientInfoService, logger);
         const stateMachine = new internal_1.AuthFlowStateMachineService(contextBuilder, logger);
         if (services.authChallengeHelperService) {
@@ -39,39 +104,66 @@ class NAuth {
         else {
             throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.INTERNAL_ERROR, 'AuthChallengeHelperService not initialized.');
         }
+        // ========================================================================
+        // 4. Register MFA & Social Providers
+        // ========================================================================
         const socialAuthStateStore = new Map();
         if (config.mfa?.enabled && services.mfaService) {
             await (0, register_mfa_1.registerMFAProviders)(config, services.mfaService, repos.mfaDeviceRepository, repos.userRepository, logger, services.passwordService, services.emailVerificationService, services.phoneVerificationService, services.challengeService, services.auditService, services.clientInfoService);
         }
         const socialProviders = await (0, init_social_1.initSocialAuth)(config, services.socialProviderRegistry, services.authService, services.socialAuthService, services.jwtService, services.sessionService, services.authChallengeHelperService, services.clientInfoService, logger, socialAuthStateStore, repos.userRepository, services.phoneVerificationService, services.auditService, services.trustedDeviceService);
+        // ========================================================================
+        // 5. Create Handlers
+        // ========================================================================
         const clientInfoHandler = new client_info_handler_1.ClientInfoHandler(services.clientInfoService, services.geoLocationService, logger);
         const authHandler = new auth_handler_1.AuthHandler(services.jwtService, services.sessionService, repos.userRepository, config, logger);
         const tokenDeliveryHandler = new token_delivery_handler_1.TokenDeliveryHandler(config, logger);
+        // CSRF service (only for cookies/hybrid delivery)
         const csrfService = config.tokenDelivery?.method === 'cookies' || config.tokenDelivery?.method === 'hybrid'
             ? new csrf_service_1.CsrfService(config)
             : undefined;
         const csrfHandler = csrfService ? new csrf_handler_1.CsrfHandler(csrfService, config, logger) : null;
+        // ========================================================================
+        // 6. Register Middleware with Adapter
+        // ========================================================================
         const middleware = {
+            // ClientInfo MUST be first - initializes context
             clientInfo: adapter.registerMiddleware('clientInfo', clientInfoHandler.handle.bind(clientInfoHandler), {
                 initializesContext: true,
             }),
+            // Auth handler
             auth: adapter.registerMiddleware('auth', authHandler.handle.bind(authHandler)),
+            // CSRF handler (no-op if disabled)
             csrf: csrfHandler
                 ? adapter.registerMiddleware('csrf', csrfHandler.handle.bind(csrfHandler))
                 : adapter.registerMiddleware('noop', async (_req, _res, next) => {
                     await next();
                 }),
+            // Token delivery (response interceptor)
             tokenDelivery: adapter.registerResponseInterceptor(tokenDeliveryHandler.handleResponse.bind(tokenDeliveryHandler)),
         };
+        // ========================================================================
+        // 7. Create Helpers
+        // ========================================================================
         const helpers = {
+            /**
+             * Mark route as public - bypasses CSRF validation
+             */
             public: () => adapter.registerMiddleware('public', (req, _res, next) => {
                 req.attributes.nauthPublic = true;
                 return next();
             }),
+            /**
+             * Require authentication
+             *
+             * @param options.csrf - Set to false to bypass CSRF check (e.g., for logout)
+             */
             requireAuth: (options) => adapter.registerMiddleware('requireAuth', (req, res, next) => {
+                // Enforce deferred CSRF check (unless disabled)
                 if (options?.csrf !== false && req.attributes.nauthCsrfError) {
                     throw req.attributes.nauthCsrfError;
                 }
+                // Enforce authentication
                 if (!req.attributes.user) {
                     res.status(401).json({
                         statusCode: 401,
@@ -83,17 +175,31 @@ class NAuth {
                 }
                 return next();
             }),
+            /**
+             * Optional authentication marker
+             *
+             * Auth middleware already does optional auth by default.
+             * This helper is a semantic marker for documentation purposes.
+             */
             optionalAuth: () => adapter.registerMiddleware('optionalAuth', (_req, _res, next) => {
                 return next();
             }),
+            /**
+             * Override token delivery mode for this route
+             */
             tokenDelivery: (mode) => adapter.registerMiddleware('tokenDeliveryConfig', (req, _res, next) => {
                 req.attributes.nauthTokenDelivery = mode;
                 return next();
             }),
+            // Context helpers (read from ContextStorage)
             getCurrentUser: () => context_storage_1.ContextStorage.get('CURRENT_USER'),
             getCurrentSession: () => context_storage_1.ContextStorage.get('CURRENT_SESSION'),
             getClientInfo: () => context_storage_1.ContextStorage.get('CLIENT_INFO'),
         };
+        // ========================================================================
+        // 8. Build and Return Instance
+        // ========================================================================
+        // Exclude internal services from public API
         const { challengeService, authChallengeHelperService, ...publicServices } = services;
         logger.log(`NAuth initialized successfully with ${adapter.name}`);
         return {

package/dist/bootstrap.js.map

@@ -1 +1 @@
-{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":";;;AA+BA,uDAAmD;AACnD,kEAA8D;AAC9D,+DAAyD;AAEzD,gEAA4D;AAC5D,6DAAyD;AAGzD,wEAAmE;AACnE,0DAAsD;AACtD,8EAAyE;AACzE,0DAAsD;AACtD,0DAAsD;AAGtD,qEAAiE;AACjE,6DAAyD;AACzD,+DAA0E;AAC1E,6DAAkE;AAClE,2DAAiF;AACjF,6EAAiF;AACjF,yCAAiF;AAuFjF,MAAa,KAAK;IAgBhB,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAqB;QACvC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;QACvC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,gCAAc,EAAE,CAAC;QAExD,MAAM,MAAM,GAAG,IAAI,0BAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC9C,MAAM,CAAC,GAAG,CAAC,2BAA2B,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC;QAKzD,MAAM,IAAA,kDAA2B,EAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QAK9D,MAAM,KAAK,GAAG,IAAA,kCAAe,EAAC,UAAU,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,MAAM,IAAA,0BAAW,EAAC,MAAM,EAAE,KAAK,CAAC,mBAAmB,EAAE,KAAK,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAK1G,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACvC,MAAM,QAAQ,GAAkB,IAAA,4BAAY,EAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;QAKzG,MAAM,cAAc,GAAG,IAAI,iCAAsB,CAC/C,QAAQ,CAAC,oBAAoB,EAC7B,QAAQ,CAAC,0BAA0B,EACnC,QAAQ,CAAC,iBAAiB,EAC1B,MAAM,CACP,CAAC;QACF,MAAM,YAAY,GAAG,IAAI,sCAA2B,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAE7E,IAAI,QAAQ,CAAC,0BAA0B,EAAE,CAAC;YACvC,QAAQ,CAAC,0BAAiE,CAAC,YAAY,GAAG,YAAY,CAAC;YACvG,QAAQ,CAAC,0BAAiE,CAAC,cAAc,GAAG,cAAc,CAAC;QAC9G,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,cAAc,EAAE,6CAA6C,CAAC,CAAC;QACxG,CAAC;QAKD,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAmD,CAAC;QAExF,IAAI,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC/C,MAAM,IAAA,mCAAoB,EACxB,MAAM,EACN,QAAQ,CAAC,UAAU,EACnB,KAAK,CAAC,mBAAoB,EAC1B,KAAK,CAAC,cAAc,EACpB,MAAM,EACN,QAAQ,CAAC,eAAe,EACxB,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,gBAAgB,EACzB,QAAQ,CAAC,YAAY,EACrB,QAAQ,CAAC,iBAAiB,CAC3B,CAAC;QACJ,CAAC;QAED,MAAM,eAAe,GAAyB,MAAM,IAAA,4BAAc,EAChE,MAAM,EACN,QAAQ,CAAC,sBAAsB,EAC/B,QAAQ,CAAC,WAAW,EACpB,QAAQ,CAAC,iBAAiB,EAC1B,QAAQ,CAAC,UAAU,EACnB,QAAQ,CAAC,cAAc,EACvB,QAAQ,CAAC,0BAA0B,EACnC,QAAQ,CAAC,iBAAiB,EAC1B,MAAM,EACN,oBAAoB,EACpB,KAAK,CAAC,cAAc,EACpB,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,YAAY,EACrB,QAAQ,CAAC,oBAAoB,CAC9B,CAAC;QAKF,MAAM,iBAAiB,GAAG,IAAI,uCAAiB,CAAC,QAAQ,CAAC,iBAAiB,EAAE,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;QAEjH,MAAM,WAAW,GAAG,IAAI,0BAAW,CACjC,QAAQ,CAAC,UAAU,EACnB,QAAQ,CAAC,cAAc,EACvB,KAAK,CAAC,cAAc,EACpB,MAAM,EACN,MAAM,CACP,CAAC;QAEF,MAAM,oBAAoB,GAAG,IAAI,6CAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAGtE,MAAM,WAAW,GACf,MAAM,CAAC,aAAa,EAAE,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,aAAa,EAAE,MAAM,KAAK,QAAQ;YACrF,CAAC,CAAC,IAAI,0BAAW,CAAC,MAAM,CAAC;YACzB,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,IAAI,0BAAW,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAKtF,MAAM,UAAU,GAAG;YAEjB,UAAU,EAAE,OAAO,CAAC,kBAAkB,CAAC,YAAY,EAAE,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE;gBACrG,kBAAkB,EAAE,IAAI;aACzB,CAAC;YAGF,IAAI,EAAE,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAG9E,IAAI,EAAE,WAAW;gBACf,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC1E,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,KAAK,EAAE,IAAkB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;oBACrG,MAAM,IAAI,EAAE,CAAC;gBACf,CAAC,CAAC;YAGN,aAAa,EAAE,OAAO,CAAC,2BAA2B,CAChD,oBAAoB,CAAC,cAAc,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAC/D;SACF,CAAC;QAKF,MAAM,OAAO,GAAG;YAId,MAAM,EAAE,GAAG,EAAE,CACX,OAAO,CAAC,kBAAkB,CAAC,QAAQ,EAAE,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBAChG,GAAG,CAAC,UAAU,CAAC,WAAW,GAAG,IAAI,CAAC;gBAClC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAOJ,WAAW,EAAE,CAAC,OAA4B,EAAE,EAAE,CAC5C,OAAO,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC,GAAiB,EAAE,GAAkB,EAAE,IAAgB,EAAE,EAAE;gBAEpG,IAAI,OAAO,EAAE,IAAI,KAAK,KAAK,IAAI,GAAG,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;oBAC7D,MAAM,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;gBACtC,CAAC;gBAGD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;oBACzB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACnB,UAAU,EAAE,GAAG;wBACf,KAAK,EAAE,cAAc;wBACrB,OAAO,EAAE,yBAAyB;wBAClC,IAAI,EAAE,eAAe;qBACtB,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAQJ,YAAY,EAAE,GAAG,EAAE,CACjB,OAAO,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC,IAAkB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBACvG,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAKJ,aAAa,EAAE,CAAC,IAAwB,EAAE,EAAE,CAC1C,OAAO,CAAC,kBAAkB,CACxB,qBAAqB,EACrB,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBAC3D,GAAG,CAAC,UAAU,CAAC,kBAAkB,GAAG,IAAI,CAAC;gBACzC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CACF;YAGH,cAAc,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAQ,cAAc,CAAC;YAC/D,iBAAiB,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAkB,iBAAiB,CAAC;YAC/E,aAAa,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAa,aAAa,CAAC;SACnE,CAAC;QAOF,MAAM,EAAE,gBAAgB,EAAE,0BAA0B,EAAE,GAAG,cAAc,EAAE,GAAG,QAAQ,CAAC;QAErF,MAAM,CAAC,GAAG,CAAC,uCAAuC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAElE,OAAO;YACL,GAAG,cAAc;YACjB,GAAG,eAAe;YAClB,UAAU;YACV,OAAO;YACP,OAAO;YACP,MAAM;YACN,MAAM;YACN,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB;YAC7C,WAAW;SACZ,CAAC;IACJ,CAAC;CACF;AA1OD,sBA0OC"}
+{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;;AAIH,uDAAmD;AACnD,kEAA8D;AAC9D,+DAAyD;AAEzD,gEAA4D;AAC5D,6DAAyD;AAEzD,WAAW;AACX,wEAAmE;AACnE,0DAAsD;AACtD,8EAAyE;AACzE,0DAAsD;AACtD,0DAAsD;AAEtD,gBAAgB;AAChB,qEAAiE;AACjE,6DAAyD;AACzD,+DAA0E;AAC1E,6DAAkE;AAClE,2DAAiF;AACjF,6EAAiF;AACjF,yCAAiF;AA8EjF,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;;GAIG;AACH,MAAa,KAAK;IAChB;;;;;;;;;;;;;;OAcG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAqB;QACvC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;QACvC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,gCAAc,EAAE,CAAC;QAExD,MAAM,MAAM,GAAG,IAAI,0BAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC9C,MAAM,CAAC,GAAG,CAAC,2BAA2B,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC;QAEzD,2EAA2E;QAC3E,2EAA2E;QAC3E,2EAA2E;QAC3E,MAAM,IAAA,kDAA2B,EAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QAE9D,2EAA2E;QAC3E,uCAAuC;QACvC,2EAA2E;QAC3E,MAAM,KAAK,GAAG,IAAA,kCAAe,EAAC,UAAU,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,MAAM,IAAA,0BAAW,EAAC,MAAM,EAAE,KAAK,CAAC,mBAAmB,EAAE,KAAK,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAE1G,2EAA2E;QAC3E,yBAAyB;QACzB,2EAA2E;QAC3E,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACvC,MAAM,QAAQ,GAAkB,IAAA,4BAAY,EAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;QAEzG,2EAA2E;QAC3E,wCAAwC;QACxC,2EAA2E;QAC3E,MAAM,cAAc,GAAG,IAAI,iCAAsB,CAC/C,QAAQ,CAAC,oBAAoB,EAC7B,QAAQ,CAAC,0BAA0B,EACnC,QAAQ,CAAC,iBAAiB,EAC1B,MAAM,CACP,CAAC;QACF,MAAM,YAAY,GAAG,IAAI,sCAA2B,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAE7E,IAAI,QAAQ,CAAC,0BAA0B,EAAE,CAAC;YACvC,QAAQ,CAAC,0BAAiE,CAAC,YAAY,GAAG,YAAY,CAAC;YACvG,QAAQ,CAAC,0BAAiE,CAAC,cAAc,GAAG,cAAc,CAAC;QAC9G,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,cAAc,EAAE,6CAA6C,CAAC,CAAC;QACxG,CAAC;QAED,2EAA2E;QAC3E,qCAAqC;QACrC,2EAA2E;QAC3E,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAmD,CAAC;QAExF,IAAI,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC/C,MAAM,IAAA,mCAAoB,EACxB,MAAM,EACN,QAAQ,CAAC,UAAU,EACnB,KAAK,CAAC,mBAAoB,EAC1B,KAAK,CAAC,cAAc,EACpB,MAAM,EACN,QAAQ,CAAC,eAAe,EACxB,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,gBAAgB,EACzB,QAAQ,CAAC,YAAY,EACrB,QAAQ,CAAC,iBAAiB,CAC3B,CAAC;QACJ,CAAC;QAED,MAAM,eAAe,GAAyB,MAAM,IAAA,4BAAc,EAChE,MAAM,EACN,QAAQ,CAAC,sBAAsB,EAC/B,QAAQ,CAAC,WAAW,EACpB,QAAQ,CAAC,iBAAiB,EAC1B,QAAQ,CAAC,UAAU,EACnB,QAAQ,CAAC,cAAc,EACvB,QAAQ,CAAC,0BAA0B,EACnC,QAAQ,CAAC,iBAAiB,EAC1B,MAAM,EACN,oBAAoB,EACpB,KAAK,CAAC,cAAc,EACpB,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,YAAY,EACrB,QAAQ,CAAC,oBAAoB,CAC9B,CAAC;QAEF,2EAA2E;QAC3E,qBAAqB;QACrB,2EAA2E;QAC3E,MAAM,iBAAiB,GAAG,IAAI,uCAAiB,CAAC,QAAQ,CAAC,iBAAiB,EAAE,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;QAEjH,MAAM,WAAW,GAAG,IAAI,0BAAW,CACjC,QAAQ,CAAC,UAAU,EACnB,QAAQ,CAAC,cAAc,EACvB,KAAK,CAAC,cAAc,EACpB,MAAM,EACN,MAAM,CACP,CAAC;QAEF,MAAM,oBAAoB,GAAG,IAAI,6CAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEtE,kDAAkD;QAClD,MAAM,WAAW,GACf,MAAM,CAAC,aAAa,EAAE,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,aAAa,EAAE,MAAM,KAAK,QAAQ;YACrF,CAAC,CAAC,IAAI,0BAAW,CAAC,MAAM,CAAC;YACzB,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,IAAI,0BAAW,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEtF,2EAA2E;QAC3E,sCAAsC;QACtC,2EAA2E;QAC3E,MAAM,UAAU,GAAG;YACjB,iDAAiD;YACjD,UAAU,EAAE,OAAO,CAAC,kBAAkB,CAAC,YAAY,EAAE,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE;gBACrG,kBAAkB,EAAE,IAAI;aACzB,CAAC;YAEF,eAAe;YACf,IAAI,EAAE,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAE9E,mCAAmC;YACnC,IAAI,EAAE,WAAW;gBACf,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC1E,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,KAAK,EAAE,IAAkB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;oBACrG,MAAM,IAAI,EAAE,CAAC;gBACf,CAAC,CAAC;YAEN,wCAAwC;YACxC,aAAa,EAAE,OAAO,CAAC,2BAA2B,CAChD,oBAAoB,CAAC,cAAc,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAC/D;SACF,CAAC;QAEF,2EAA2E;QAC3E,oBAAoB;QACpB,2EAA2E;QAC3E,MAAM,OAAO,GAAG;YACd;;eAEG;YACH,MAAM,EAAE,GAAG,EAAE,CACX,OAAO,CAAC,kBAAkB,CAAC,QAAQ,EAAE,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBAChG,GAAG,CAAC,UAAU,CAAC,WAAW,GAAG,IAAI,CAAC;gBAClC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAEJ;;;;eAIG;YACH,WAAW,EAAE,CAAC,OAA4B,EAAE,EAAE,CAC5C,OAAO,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC,GAAiB,EAAE,GAAkB,EAAE,IAAgB,EAAE,EAAE;gBACpG,gDAAgD;gBAChD,IAAI,OAAO,EAAE,IAAI,KAAK,KAAK,IAAI,GAAG,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;oBAC7D,MAAM,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;gBACtC,CAAC;gBAED,yBAAyB;gBACzB,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;oBACzB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACnB,UAAU,EAAE,GAAG;wBACf,KAAK,EAAE,cAAc;wBACrB,OAAO,EAAE,yBAAyB;wBAClC,IAAI,EAAE,eAAe;qBACtB,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAEJ;;;;;eAKG;YACH,YAAY,EAAE,GAAG,EAAE,CACjB,OAAO,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC,IAAkB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBACvG,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAEJ;;eAEG;YACH,aAAa,EAAE,CAAC,IAAwB,EAAE,EAAE,CAC1C,OAAO,CAAC,kBAAkB,CACxB,qBAAqB,EACrB,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBAC3D,GAAG,CAAC,UAAU,CAAC,kBAAkB,GAAG,IAAI,CAAC;gBACzC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CACF;YAEH,6CAA6C;YAC7C,cAAc,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAQ,cAAc,CAAC;YAC/D,iBAAiB,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAkB,iBAAiB,CAAC;YAC/E,aAAa,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAa,aAAa,CAAC;SACnE,CAAC;QAEF,2EAA2E;QAC3E,+BAA+B;QAC/B,2EAA2E;QAE3E,4CAA4C;QAC5C,MAAM,EAAE,gBAAgB,EAAE,0BAA0B,EAAE,GAAG,cAAc,EAAE,GAAG,QAAQ,CAAC;QAErF,MAAM,CAAC,GAAG,CAAC,uCAAuC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAElE,OAAO;YACL,GAAG,cAAc;YACjB,GAAG,eAAe;YAClB,UAAU;YACV,OAAO;YACP,OAAO;YACP,MAAM;YACN,MAAM;YACN,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB;YAC7C,WAAW;SACZ,CAAC;IACJ,CAAC;CACF;AA1OD,sBA0OC"}

package/dist/dto/admin-set-password.dto.d.ts

@@ -1,12 +1,102 @@
+/**
+ * Admin Set Password Request DTO
+ *
+ * Request DTO for admin-initiated password reset.
+ * Allows resetting a user's password by identifier (email, username, phone, or sub).
+ *
+ * Security:
+ * - Admin-only operation (should be protected by admin guard)
+ * - User identifier validated
+ * - Password policy enforced
+ * - Session revocation configurable
+ *
+ * @example
+ * ```typescript
+ * await authService.adminSetPassword({
+ *   identifier: 'user@example.com',
+ *   newPassword: 'NewSecurePassword123!',
+ *   mustChangePassword: true,
+ *   revokeSessions: true
+ * });
+ * ```
+ */
+/**
+ * Request DTO for admin password reset
+ */
 export declare class AdminSetPasswordDTO {
+    /**
+     * User identifier (email, username, phone, or sub/UUID)
+     *
+     * Validation:
+     * - Must be a string
+     * - Min 1 character
+     * - Max 255 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     * - Lowercased if email format detected
+     *
+     * @example "user@example.com" | "johndoe" | "+1234567890" | "a21b654c-2746-4168-acee-c175083a65cd"
+     */
     identifier: string;
+    /**
+     * New password
+     *
+     * Validation:
+     * - Must be a string
+     * - Min 8 characters (security requirement)
+     * - Max 128 characters (prevents DoS)
+     *
+     * Note: NOT trimmed (passwords can have leading/trailing spaces)
+     * Additional checks in service layer:
+     * - Password strength (if configured)
+     * - Password history (prevent reuse)
+     */
     newPassword: string;
+    /**
+     * Require user to change password on next login
+     *
+     * Default: true (security best practice)
+     *
+     * @example true
+     */
     mustChangePassword?: boolean;
+    /**
+     * Revoke all active sessions after password reset
+     *
+     * Default: true (security best practice)
+     *
+     * @example true
+     */
     revokeSessions?: boolean;
 }
+/**
+ * Admin Set Password Response DTO
+ *
+ * Response DTO for admin password reset operation.
+ *
+ * @example
+ * ```typescript
+ * {
+ *   success: true,
+ *   mustChangePassword: true,
+ *   sessionsRevoked: 3
+ * }
+ * ```
+ */
 export declare class AdminSetPasswordResponseDTO {
+    /**
+     * Success indicator
+     * Always true on successful password reset
+     */
     success: boolean;
+    /**
+     * Whether user must change password on next login
+     */
     mustChangePassword: boolean;
+    /**
+     * Number of sessions revoked
+     */
     sessionsRevoked: number;
 }
 //# sourceMappingURL=admin-set-password.dto.d.ts.map

package/dist/dto/admin-set-password.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin-set-password.dto.d.ts","sourceRoot":"","sources":["../../src/dto/admin-set-password.dto.ts"],"names":[],"mappings":"AA6BA,qBAAa,mBAAmB;IA8B9B,UAAU,EAAG,MAAM,CAAC;IAmBpB,WAAW,EAAG,MAAM,CAAC;IAWrB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAW7B,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAgBD,qBAAa,2BAA2B;IAKtC,OAAO,EAAG,OAAO,CAAC;IAKlB,kBAAkB,EAAG,OAAO,CAAC;IAK7B,eAAe,EAAG,MAAM,CAAC;CAC1B"}
+{"version":3,"file":"admin-set-password.dto.d.ts","sourceRoot":"","sources":["../../src/dto/admin-set-password.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAKH;;GAEG;AACH,qBAAa,mBAAmB;IAC9B;;;;;;;;;;;;;OAaG;IAgBH,UAAU,EAAG,MAAM,CAAC;IAEpB;;;;;;;;;;;;OAYG;IAKH,WAAW,EAAG,MAAM,CAAC;IAErB;;;;;;OAMG;IAGH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAE7B;;;;;;OAMG;IAGH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;;;;;;;;;;;;GAaG;AACH,qBAAa,2BAA2B;IACtC;;;OAGG;IACH,OAAO,EAAG,OAAO,CAAC;IAElB;;OAEG;IACH,kBAAkB,EAAG,OAAO,CAAC;IAE7B;;OAEG;IACH,eAAe,EAAG,MAAM,CAAC;CAC1B"}

package/dist/dto/admin-set-password.dto.js

@@ -1,4 +1,26 @@
 "use strict";
+/**
+ * Admin Set Password Request DTO
+ *
+ * Request DTO for admin-initiated password reset.
+ * Allows resetting a user's password by identifier (email, username, phone, or sub).
+ *
+ * Security:
+ * - Admin-only operation (should be protected by admin guard)
+ * - User identifier validated
+ * - Password policy enforced
+ * - Session revocation configurable
+ *
+ * @example
+ * ```typescript
+ * await authService.adminSetPassword({
+ *   identifier: 'user@example.com',
+ *   newPassword: 'NewSecurePassword123!',
+ *   mustChangePassword: true,
+ *   revokeSessions: true
+ * });
+ * ```
+ */
 var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
     if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -12,10 +34,54 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.AdminSetPasswordResponseDTO = exports.AdminSetPasswordDTO = void 0;
 const class_validator_1 = require("class-validator");
 const class_transformer_1 = require("class-transformer");
+/**
+ * Request DTO for admin password reset
+ */
 class AdminSetPasswordDTO {
+    /**
+     * User identifier (email, username, phone, or sub/UUID)
+     *
+     * Validation:
+     * - Must be a string
+     * - Min 1 character
+     * - Max 255 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     * - Lowercased if email format detected
+     *
+     * @example "user@example.com" | "johndoe" | "+1234567890" | "a21b654c-2746-4168-acee-c175083a65cd"
+     */
     identifier;
+    /**
+     * New password
+     *
+     * Validation:
+     * - Must be a string
+     * - Min 8 characters (security requirement)
+     * - Max 128 characters (prevents DoS)
+     *
+     * Note: NOT trimmed (passwords can have leading/trailing spaces)
+     * Additional checks in service layer:
+     * - Password strength (if configured)
+     * - Password history (prevent reuse)
+     */
     newPassword;
+    /**
+     * Require user to change password on next login
+     *
+     * Default: true (security best practice)
+     *
+     * @example true
+     */
     mustChangePassword;
+    /**
+     * Revoke all active sessions after password reset
+     *
+     * Default: true (security best practice)
+     *
+     * @example true
+     */
     revokeSessions;
 }
 exports.AdminSetPasswordDTO = AdminSetPasswordDTO;
@@ -27,6 +93,7 @@ __decorate([
     (0, class_transformer_1.Transform)(({ value }) => {
         if (typeof value === 'string') {
             const trimmed = value.trim();
+            // If it contains @, treat as email and lowercase
             if (trimmed.includes('@')) {
                 return trimmed.toLowerCase();
             }
@@ -53,9 +120,33 @@ __decorate([
     (0, class_validator_1.IsBoolean)({ message: 'revokeSessions must be a boolean' }),
     __metadata("design:type", Boolean)
 ], AdminSetPasswordDTO.prototype, "revokeSessions", void 0);
+/**
+ * Admin Set Password Response DTO
+ *
+ * Response DTO for admin password reset operation.
+ *
+ * @example
+ * ```typescript
+ * {
+ *   success: true,
+ *   mustChangePassword: true,
+ *   sessionsRevoked: 3
+ * }
+ * ```
+ */
 class AdminSetPasswordResponseDTO {
+    /**
+     * Success indicator
+     * Always true on successful password reset
+     */
     success;
+    /**
+     * Whether user must change password on next login
+     */
     mustChangePassword;
+    /**
+     * Number of sessions revoked
+     */
     sessionsRevoked;
 }
 exports.AdminSetPasswordResponseDTO = AdminSetPasswordResponseDTO;

package/dist/dto/admin-set-password.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"admin-set-password.dto.js","sourceRoot":"","sources":["../../src/dto/admin-set-password.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAuBA,qDAAoG;AACpG,yDAA8C;AAK9C,MAAa,mBAAmB;IA8B9B,UAAU,CAAU;IAmBpB,WAAW,CAAU;IAWrB,kBAAkB,CAAW;IAW7B,cAAc,CAAW;CAC1B;AAxED,kDAwEC;AA1CC;IAfC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;IACpD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACjD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;YAE7B,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC;YAC/B,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;uDACkB;AAmBpB;IAJC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACtD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACnE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;wDAClD;AAWrB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;+DAClC;AAW7B;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;;2DAClC;AAiB3B,MAAa,2BAA2B;IAKtC,OAAO,CAAW;IAKlB,kBAAkB,CAAW;IAK7B,eAAe,CAAU;CAC1B;AAhBD,kEAgBC"}
+{"version":3,"file":"admin-set-password.dto.js","sourceRoot":"","sources":["../../src/dto/admin-set-password.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;;;;;;;;;;;AAEH,qDAAoG;AACpG,yDAA8C;AAE9C;;GAEG;AACH,MAAa,mBAAmB;IAC9B;;;;;;;;;;;;;OAaG;IAgBH,UAAU,CAAU;IAEpB;;;;;;;;;;;;OAYG;IAKH,WAAW,CAAU;IAErB;;;;;;OAMG;IAGH,kBAAkB,CAAW;IAE7B;;;;;;OAMG;IAGH,cAAc,CAAW;CAC1B;AAxED,kDAwEC;AA1CC;IAfC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;IACpD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACjD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;YAC7B,iDAAiD;YACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC;YAC/B,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;uDACkB;AAmBpB;IAJC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACtD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACnE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;wDAClD;AAWrB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;+DAClC;AAW7B;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;;2DAClC;AAG3B;;;;;;;;;;;;;GAaG;AACH,MAAa,2BAA2B;IACtC;;;OAGG;IACH,OAAO,CAAW;IAElB;;OAEG;IACH,kBAAkB,CAAW;IAE7B;;OAEG;IACH,eAAe,CAAU;CAC1B;AAhBD,kEAgBC"}