@nauth-toolkit/core 0.1.14 → 0.1.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (623) hide show
  1. package/dist/adapters/database-columns.d.ts +70 -0
  2. package/dist/adapters/database-columns.d.ts.map +1 -1
  3. package/dist/adapters/database-columns.js +76 -2
  4. package/dist/adapters/database-columns.js.map +1 -1
  5. package/dist/adapters/express.adapter.d.ts +66 -0
  6. package/dist/adapters/express.adapter.d.ts.map +1 -1
  7. package/dist/adapters/express.adapter.js +80 -0
  8. package/dist/adapters/express.adapter.js.map +1 -1
  9. package/dist/adapters/fastify.adapter.d.ts +42 -0
  10. package/dist/adapters/fastify.adapter.d.ts.map +1 -1
  11. package/dist/adapters/fastify.adapter.js +86 -0
  12. package/dist/adapters/fastify.adapter.js.map +1 -1
  13. package/dist/adapters/index.d.ts +5 -0
  14. package/dist/adapters/index.d.ts.map +1 -1
  15. package/dist/adapters/index.js +9 -0
  16. package/dist/adapters/index.js.map +1 -1
  17. package/dist/adapters/storage.factory.d.ts +107 -0
  18. package/dist/adapters/storage.factory.d.ts.map +1 -1
  19. package/dist/adapters/storage.factory.js +114 -0
  20. package/dist/adapters/storage.factory.js.map +1 -1
  21. package/dist/adapters.d.ts +8 -0
  22. package/dist/adapters.d.ts.map +1 -1
  23. package/dist/adapters.js +8 -0
  24. package/dist/adapters.js.map +1 -1
  25. package/dist/bootstrap.d.ts +82 -0
  26. package/dist/bootstrap.d.ts.map +1 -1
  27. package/dist/bootstrap.js +106 -0
  28. package/dist/bootstrap.js.map +1 -1
  29. package/dist/dto/admin-set-password.dto.d.ts +90 -0
  30. package/dist/dto/admin-set-password.dto.d.ts.map +1 -1
  31. package/dist/dto/admin-set-password.dto.js +91 -0
  32. package/dist/dto/admin-set-password.dto.js.map +1 -1
  33. package/dist/dto/auth-challenge.dto.d.ts +170 -0
  34. package/dist/dto/auth-challenge.dto.d.ts.map +1 -1
  35. package/dist/dto/auth-challenge.dto.js +170 -0
  36. package/dist/dto/auth-challenge.dto.js.map +1 -1
  37. package/dist/dto/auth-response.dto.d.ts +196 -0
  38. package/dist/dto/auth-response.dto.d.ts.map +1 -1
  39. package/dist/dto/auth-response.dto.js +149 -0
  40. package/dist/dto/auth-response.dto.js.map +1 -1
  41. package/dist/dto/challenge-response.dto.d.ts +155 -0
  42. package/dist/dto/challenge-response.dto.d.ts.map +1 -1
  43. package/dist/dto/challenge-response.dto.js +8 -0
  44. package/dist/dto/challenge-response.dto.js.map +1 -1
  45. package/dist/dto/change-password-request.dto.d.ts +35 -0
  46. package/dist/dto/change-password-request.dto.d.ts.map +1 -1
  47. package/dist/dto/change-password-request.dto.js +35 -0
  48. package/dist/dto/change-password-request.dto.js.map +1 -1
  49. package/dist/dto/change-password-response.dto.d.ts +25 -0
  50. package/dist/dto/change-password-response.dto.d.ts.map +1 -1
  51. package/dist/dto/change-password-response.dto.js +25 -0
  52. package/dist/dto/change-password-response.dto.js.map +1 -1
  53. package/dist/dto/change-password.dto.d.ts +45 -0
  54. package/dist/dto/change-password.dto.d.ts.map +1 -1
  55. package/dist/dto/change-password.dto.js +45 -0
  56. package/dist/dto/change-password.dto.js.map +1 -1
  57. package/dist/dto/confirm-forgot-password.dto.d.ts +59 -0
  58. package/dist/dto/confirm-forgot-password.dto.d.ts.map +1 -1
  59. package/dist/dto/confirm-forgot-password.dto.js +59 -0
  60. package/dist/dto/confirm-forgot-password.dto.js.map +1 -1
  61. package/dist/dto/error-response.dto.d.ts +103 -0
  62. package/dist/dto/error-response.dto.d.ts.map +1 -1
  63. package/dist/dto/error-response.dto.js +103 -0
  64. package/dist/dto/error-response.dto.js.map +1 -1
  65. package/dist/dto/forgot-password.dto.d.ts +58 -0
  66. package/dist/dto/forgot-password.dto.d.ts.map +1 -1
  67. package/dist/dto/forgot-password.dto.js +58 -0
  68. package/dist/dto/forgot-password.dto.js.map +1 -1
  69. package/dist/dto/get-available-methods.dto.d.ts +37 -0
  70. package/dist/dto/get-available-methods.dto.d.ts.map +1 -1
  71. package/dist/dto/get-available-methods.dto.js +37 -0
  72. package/dist/dto/get-available-methods.dto.js.map +1 -1
  73. package/dist/dto/get-challenge-data-response.dto.d.ts +24 -0
  74. package/dist/dto/get-challenge-data-response.dto.d.ts.map +1 -1
  75. package/dist/dto/get-challenge-data-response.dto.js +24 -0
  76. package/dist/dto/get-challenge-data-response.dto.js.map +1 -1
  77. package/dist/dto/get-challenge-data.dto.d.ts +46 -0
  78. package/dist/dto/get-challenge-data.dto.d.ts.map +1 -1
  79. package/dist/dto/get-challenge-data.dto.js +46 -0
  80. package/dist/dto/get-challenge-data.dto.js.map +1 -1
  81. package/dist/dto/get-client-info.dto.d.ts +74 -0
  82. package/dist/dto/get-client-info.dto.d.ts.map +1 -1
  83. package/dist/dto/get-client-info.dto.js +74 -0
  84. package/dist/dto/get-client-info.dto.js.map +1 -1
  85. package/dist/dto/get-device-token-response.dto.d.ts +21 -0
  86. package/dist/dto/get-device-token-response.dto.d.ts.map +1 -1
  87. package/dist/dto/get-device-token-response.dto.js +21 -0
  88. package/dist/dto/get-device-token-response.dto.js.map +1 -1
  89. package/dist/dto/get-events-by-type.dto.d.ts +50 -0
  90. package/dist/dto/get-events-by-type.dto.d.ts.map +1 -1
  91. package/dist/dto/get-events-by-type.dto.js +50 -0
  92. package/dist/dto/get-events-by-type.dto.js.map +1 -1
  93. package/dist/dto/get-ip-address-response.dto.d.ts +20 -0
  94. package/dist/dto/get-ip-address-response.dto.d.ts.map +1 -1
  95. package/dist/dto/get-ip-address-response.dto.js +20 -0
  96. package/dist/dto/get-ip-address-response.dto.js.map +1 -1
  97. package/dist/dto/get-mfa-status.dto.d.ts +59 -0
  98. package/dist/dto/get-mfa-status.dto.d.ts.map +1 -1
  99. package/dist/dto/get-mfa-status.dto.js +59 -0
  100. package/dist/dto/get-mfa-status.dto.js.map +1 -1
  101. package/dist/dto/get-risk-assessment-history.dto.d.ts +28 -0
  102. package/dist/dto/get-risk-assessment-history.dto.d.ts.map +1 -1
  103. package/dist/dto/get-risk-assessment-history.dto.js +28 -0
  104. package/dist/dto/get-risk-assessment-history.dto.js.map +1 -1
  105. package/dist/dto/get-session-id-response.dto.d.ts +21 -0
  106. package/dist/dto/get-session-id-response.dto.d.ts.map +1 -1
  107. package/dist/dto/get-session-id-response.dto.js +21 -0
  108. package/dist/dto/get-session-id-response.dto.js.map +1 -1
  109. package/dist/dto/get-setup-data-response.dto.d.ts +27 -0
  110. package/dist/dto/get-setup-data-response.dto.d.ts.map +1 -1
  111. package/dist/dto/get-setup-data-response.dto.js +27 -0
  112. package/dist/dto/get-setup-data-response.dto.js.map +1 -1
  113. package/dist/dto/get-setup-data.dto.d.ts +51 -0
  114. package/dist/dto/get-setup-data.dto.d.ts.map +1 -1
  115. package/dist/dto/get-setup-data.dto.js +51 -0
  116. package/dist/dto/get-setup-data.dto.js.map +1 -1
  117. package/dist/dto/get-suspicious-activity.dto.d.ts +31 -0
  118. package/dist/dto/get-suspicious-activity.dto.d.ts.map +1 -1
  119. package/dist/dto/get-suspicious-activity.dto.js +31 -0
  120. package/dist/dto/get-suspicious-activity.dto.js.map +1 -1
  121. package/dist/dto/get-user-agent-response.dto.d.ts +19 -0
  122. package/dist/dto/get-user-agent-response.dto.d.ts.map +1 -1
  123. package/dist/dto/get-user-agent-response.dto.js +19 -0
  124. package/dist/dto/get-user-agent-response.dto.js.map +1 -1
  125. package/dist/dto/get-user-auth-history.dto.d.ts +64 -0
  126. package/dist/dto/get-user-auth-history.dto.d.ts.map +1 -1
  127. package/dist/dto/get-user-auth-history.dto.js +64 -0
  128. package/dist/dto/get-user-auth-history.dto.js.map +1 -1
  129. package/dist/dto/get-user-by-email.dto.d.ts +42 -0
  130. package/dist/dto/get-user-by-email.dto.d.ts.map +1 -1
  131. package/dist/dto/get-user-by-email.dto.js +42 -0
  132. package/dist/dto/get-user-by-email.dto.js.map +1 -1
  133. package/dist/dto/get-user-by-id.dto.d.ts +32 -0
  134. package/dist/dto/get-user-by-id.dto.d.ts.map +1 -1
  135. package/dist/dto/get-user-by-id.dto.js +32 -0
  136. package/dist/dto/get-user-by-id.dto.js.map +1 -1
  137. package/dist/dto/get-user-devices.dto.d.ts +34 -0
  138. package/dist/dto/get-user-devices.dto.d.ts.map +1 -1
  139. package/dist/dto/get-user-devices.dto.js +34 -0
  140. package/dist/dto/get-user-devices.dto.js.map +1 -1
  141. package/dist/dto/get-user-response.dto.d.ts +14 -0
  142. package/dist/dto/get-user-response.dto.d.ts.map +1 -1
  143. package/dist/dto/get-user-response.dto.js +15 -0
  144. package/dist/dto/get-user-response.dto.js.map +1 -1
  145. package/dist/dto/has-provider.dto.d.ts +33 -0
  146. package/dist/dto/has-provider.dto.d.ts.map +1 -1
  147. package/dist/dto/has-provider.dto.js +33 -0
  148. package/dist/dto/has-provider.dto.js.map +1 -1
  149. package/dist/dto/index.js +5 -0
  150. package/dist/dto/index.js.map +1 -1
  151. package/dist/dto/is-trusted-device-response.dto.d.ts +28 -0
  152. package/dist/dto/is-trusted-device-response.dto.d.ts.map +1 -1
  153. package/dist/dto/is-trusted-device-response.dto.js +28 -0
  154. package/dist/dto/is-trusted-device-response.dto.js.map +1 -1
  155. package/dist/dto/list-providers-response.dto.d.ts +19 -0
  156. package/dist/dto/list-providers-response.dto.d.ts.map +1 -1
  157. package/dist/dto/list-providers-response.dto.js +19 -0
  158. package/dist/dto/list-providers-response.dto.js.map +1 -1
  159. package/dist/dto/login.dto.d.ts +48 -0
  160. package/dist/dto/login.dto.d.ts.map +1 -1
  161. package/dist/dto/login.dto.js +50 -1
  162. package/dist/dto/login.dto.js.map +1 -1
  163. package/dist/dto/logout-all-response.dto.d.ts +20 -0
  164. package/dist/dto/logout-all-response.dto.d.ts.map +1 -1
  165. package/dist/dto/logout-all-response.dto.js +20 -0
  166. package/dist/dto/logout-all-response.dto.js.map +1 -1
  167. package/dist/dto/logout-all.dto.d.ts +42 -0
  168. package/dist/dto/logout-all.dto.d.ts.map +1 -1
  169. package/dist/dto/logout-all.dto.js +42 -0
  170. package/dist/dto/logout-all.dto.js.map +1 -1
  171. package/dist/dto/logout-response.dto.d.ts +21 -0
  172. package/dist/dto/logout-response.dto.d.ts.map +1 -1
  173. package/dist/dto/logout-response.dto.js +21 -0
  174. package/dist/dto/logout-response.dto.js.map +1 -1
  175. package/dist/dto/logout.dto.d.ts +45 -0
  176. package/dist/dto/logout.dto.d.ts.map +1 -1
  177. package/dist/dto/logout.dto.js +45 -0
  178. package/dist/dto/logout.dto.js.map +1 -1
  179. package/dist/dto/refresh-token.dto.d.ts +28 -0
  180. package/dist/dto/refresh-token.dto.d.ts.map +1 -1
  181. package/dist/dto/refresh-token.dto.js +28 -0
  182. package/dist/dto/refresh-token.dto.js.map +1 -1
  183. package/dist/dto/remove-devices.dto.d.ts +51 -0
  184. package/dist/dto/remove-devices.dto.d.ts.map +1 -1
  185. package/dist/dto/remove-devices.dto.js +51 -0
  186. package/dist/dto/remove-devices.dto.js.map +1 -1
  187. package/dist/dto/resend-code-response.dto.d.ts +28 -0
  188. package/dist/dto/resend-code-response.dto.d.ts.map +1 -1
  189. package/dist/dto/resend-code-response.dto.js +28 -0
  190. package/dist/dto/resend-code-response.dto.js.map +1 -1
  191. package/dist/dto/resend-code.dto.d.ts +37 -0
  192. package/dist/dto/resend-code.dto.d.ts.map +1 -1
  193. package/dist/dto/resend-code.dto.js +37 -0
  194. package/dist/dto/resend-code.dto.js.map +1 -1
  195. package/dist/dto/reset-password.dto.d.ts +74 -0
  196. package/dist/dto/reset-password.dto.d.ts.map +1 -1
  197. package/dist/dto/reset-password.dto.js +76 -1
  198. package/dist/dto/reset-password.dto.js.map +1 -1
  199. package/dist/dto/respond-challenge.dto.d.ts +147 -0
  200. package/dist/dto/respond-challenge.dto.d.ts.map +1 -1
  201. package/dist/dto/respond-challenge.dto.js +162 -0
  202. package/dist/dto/respond-challenge.dto.js.map +1 -1
  203. package/dist/dto/set-mfa-exemption.dto.d.ts +65 -0
  204. package/dist/dto/set-mfa-exemption.dto.d.ts.map +1 -1
  205. package/dist/dto/set-mfa-exemption.dto.js +65 -0
  206. package/dist/dto/set-mfa-exemption.dto.js.map +1 -1
  207. package/dist/dto/set-must-change-password-response.dto.d.ts +23 -0
  208. package/dist/dto/set-must-change-password-response.dto.d.ts.map +1 -1
  209. package/dist/dto/set-must-change-password-response.dto.js +23 -0
  210. package/dist/dto/set-must-change-password-response.dto.js.map +1 -1
  211. package/dist/dto/set-must-change-password.dto.d.ts +32 -0
  212. package/dist/dto/set-must-change-password.dto.d.ts.map +1 -1
  213. package/dist/dto/set-must-change-password.dto.js +32 -0
  214. package/dist/dto/set-must-change-password.dto.js.map +1 -1
  215. package/dist/dto/set-preferred-method.dto.d.ts +48 -0
  216. package/dist/dto/set-preferred-method.dto.d.ts.map +1 -1
  217. package/dist/dto/set-preferred-method.dto.js +48 -0
  218. package/dist/dto/set-preferred-method.dto.js.map +1 -1
  219. package/dist/dto/setup-mfa.dto.d.ts +62 -0
  220. package/dist/dto/setup-mfa.dto.d.ts.map +1 -1
  221. package/dist/dto/setup-mfa.dto.js +62 -0
  222. package/dist/dto/setup-mfa.dto.js.map +1 -1
  223. package/dist/dto/signup.dto.d.ts +92 -0
  224. package/dist/dto/signup.dto.d.ts.map +1 -1
  225. package/dist/dto/signup.dto.js +93 -0
  226. package/dist/dto/signup.dto.js.map +1 -1
  227. package/dist/dto/social-auth.dto.d.ts +234 -0
  228. package/dist/dto/social-auth.dto.d.ts.map +1 -1
  229. package/dist/dto/social-auth.dto.js +234 -0
  230. package/dist/dto/social-auth.dto.js.map +1 -1
  231. package/dist/dto/trust-device-response.dto.d.ts +26 -0
  232. package/dist/dto/trust-device-response.dto.d.ts.map +1 -1
  233. package/dist/dto/trust-device-response.dto.js +26 -0
  234. package/dist/dto/trust-device-response.dto.js.map +1 -1
  235. package/dist/dto/trust-device.dto.d.ts +9 -0
  236. package/dist/dto/trust-device.dto.d.ts.map +1 -1
  237. package/dist/dto/trust-device.dto.js +9 -0
  238. package/dist/dto/trust-device.dto.js.map +1 -1
  239. package/dist/dto/update-user-attributes-request.dto.d.ts +36 -0
  240. package/dist/dto/update-user-attributes-request.dto.d.ts.map +1 -1
  241. package/dist/dto/update-user-attributes-request.dto.js +36 -0
  242. package/dist/dto/update-user-attributes-request.dto.js.map +1 -1
  243. package/dist/dto/user-response.dto.d.ts +81 -0
  244. package/dist/dto/user-response.dto.d.ts.map +1 -1
  245. package/dist/dto/user-response.dto.js +84 -2
  246. package/dist/dto/user-response.dto.js.map +1 -1
  247. package/dist/dto/user-update.dto.d.ts +132 -0
  248. package/dist/dto/user-update.dto.d.ts.map +1 -1
  249. package/dist/dto/user-update.dto.js +133 -0
  250. package/dist/dto/user-update.dto.js.map +1 -1
  251. package/dist/dto/verify-email.dto.d.ts +171 -0
  252. package/dist/dto/verify-email.dto.d.ts.map +1 -1
  253. package/dist/dto/verify-email.dto.js +173 -1
  254. package/dist/dto/verify-email.dto.js.map +1 -1
  255. package/dist/dto/verify-mfa-code.dto.d.ts +65 -0
  256. package/dist/dto/verify-mfa-code.dto.d.ts.map +1 -1
  257. package/dist/dto/verify-mfa-code.dto.js +65 -0
  258. package/dist/dto/verify-mfa-code.dto.js.map +1 -1
  259. package/dist/dto/verify-phone-by-sub.dto.d.ts +49 -0
  260. package/dist/dto/verify-phone-by-sub.dto.d.ts.map +1 -1
  261. package/dist/dto/verify-phone-by-sub.dto.js +49 -0
  262. package/dist/dto/verify-phone-by-sub.dto.js.map +1 -1
  263. package/dist/dto/verify-phone.dto.d.ts +139 -0
  264. package/dist/dto/verify-phone.dto.d.ts.map +1 -1
  265. package/dist/dto/verify-phone.dto.js +142 -1
  266. package/dist/dto/verify-phone.dto.js.map +1 -1
  267. package/dist/dto.d.ts +10 -0
  268. package/dist/dto.d.ts.map +1 -1
  269. package/dist/dto.js +10 -0
  270. package/dist/dto.js.map +1 -1
  271. package/dist/entities/auth-audit.entity.d.ts +159 -0
  272. package/dist/entities/auth-audit.entity.d.ts.map +1 -1
  273. package/dist/entities/auth-audit.entity.js +166 -0
  274. package/dist/entities/auth-audit.entity.js.map +1 -1
  275. package/dist/entities/challenge-session.entity.d.ts +87 -0
  276. package/dist/entities/challenge-session.entity.d.ts.map +1 -1
  277. package/dist/entities/challenge-session.entity.js +87 -0
  278. package/dist/entities/challenge-session.entity.js.map +1 -1
  279. package/dist/entities/index.d.ts +18 -0
  280. package/dist/entities/index.d.ts.map +1 -1
  281. package/dist/entities/index.js +18 -0
  282. package/dist/entities/index.js.map +1 -1
  283. package/dist/entities/login-attempt.entity.d.ts +43 -0
  284. package/dist/entities/login-attempt.entity.d.ts.map +1 -1
  285. package/dist/entities/login-attempt.entity.js +43 -0
  286. package/dist/entities/login-attempt.entity.js.map +1 -1
  287. package/dist/entities/mfa-device.entity.d.ts +112 -0
  288. package/dist/entities/mfa-device.entity.d.ts.map +1 -1
  289. package/dist/entities/mfa-device.entity.js +112 -0
  290. package/dist/entities/mfa-device.entity.js.map +1 -1
  291. package/dist/entities/rate-limit.entity.d.ts +31 -0
  292. package/dist/entities/rate-limit.entity.d.ts.map +1 -1
  293. package/dist/entities/rate-limit.entity.js +31 -0
  294. package/dist/entities/rate-limit.entity.js.map +1 -1
  295. package/dist/entities/session.entity.d.ts +121 -0
  296. package/dist/entities/session.entity.d.ts.map +1 -1
  297. package/dist/entities/session.entity.js +121 -0
  298. package/dist/entities/session.entity.js.map +1 -1
  299. package/dist/entities/social-account.entity.d.ts +75 -0
  300. package/dist/entities/social-account.entity.d.ts.map +1 -1
  301. package/dist/entities/social-account.entity.js +75 -0
  302. package/dist/entities/social-account.entity.js.map +1 -1
  303. package/dist/entities/storage-lock.entity.d.ts +28 -0
  304. package/dist/entities/storage-lock.entity.d.ts.map +1 -1
  305. package/dist/entities/storage-lock.entity.js +28 -0
  306. package/dist/entities/storage-lock.entity.js.map +1 -1
  307. package/dist/entities/trusted-device.entity.d.ts +83 -0
  308. package/dist/entities/trusted-device.entity.d.ts.map +1 -1
  309. package/dist/entities/trusted-device.entity.js +83 -0
  310. package/dist/entities/trusted-device.entity.js.map +1 -1
  311. package/dist/entities/user.entity.d.ts +166 -0
  312. package/dist/entities/user.entity.d.ts.map +1 -1
  313. package/dist/entities/user.entity.js +166 -0
  314. package/dist/entities/user.entity.js.map +1 -1
  315. package/dist/entities/verification-token.entity.d.ts +102 -0
  316. package/dist/entities/verification-token.entity.d.ts.map +1 -1
  317. package/dist/entities/verification-token.entity.js +102 -0
  318. package/dist/entities/verification-token.entity.js.map +1 -1
  319. package/dist/entities.d.ts +8 -0
  320. package/dist/entities.d.ts.map +1 -1
  321. package/dist/entities.js +8 -0
  322. package/dist/entities.js.map +1 -1
  323. package/dist/enums/auth-audit-event-type.enum.d.ts +211 -0
  324. package/dist/enums/auth-audit-event-type.enum.d.ts.map +1 -1
  325. package/dist/enums/auth-audit-event-type.enum.js +244 -0
  326. package/dist/enums/auth-audit-event-type.enum.js.map +1 -1
  327. package/dist/enums/error-codes.enum.d.ts +296 -0
  328. package/dist/enums/error-codes.enum.d.ts.map +1 -1
  329. package/dist/enums/error-codes.enum.js +332 -0
  330. package/dist/enums/error-codes.enum.js.map +1 -1
  331. package/dist/enums/mfa-method.enum.d.ts +74 -0
  332. package/dist/enums/mfa-method.enum.d.ts.map +1 -1
  333. package/dist/enums/mfa-method.enum.js +64 -0
  334. package/dist/enums/mfa-method.enum.js.map +1 -1
  335. package/dist/enums/risk-factor.enum.d.ts +91 -0
  336. package/dist/enums/risk-factor.enum.d.ts.map +1 -1
  337. package/dist/enums/risk-factor.enum.js +97 -0
  338. package/dist/enums/risk-factor.enum.js.map +1 -1
  339. package/dist/exceptions/nauth.exception.d.ts +149 -0
  340. package/dist/exceptions/nauth.exception.d.ts.map +1 -1
  341. package/dist/exceptions/nauth.exception.js +159 -0
  342. package/dist/exceptions/nauth.exception.js.map +1 -1
  343. package/dist/handlers/auth.handler.d.ts +32 -0
  344. package/dist/handlers/auth.handler.d.ts.map +1 -1
  345. package/dist/handlers/auth.handler.js +47 -1
  346. package/dist/handlers/auth.handler.js.map +1 -1
  347. package/dist/handlers/client-info.handler.d.ts +25 -0
  348. package/dist/handlers/client-info.handler.d.ts.map +1 -1
  349. package/dist/handlers/client-info.handler.js +36 -2
  350. package/dist/handlers/client-info.handler.js.map +1 -1
  351. package/dist/handlers/csrf.handler.d.ts +32 -0
  352. package/dist/handlers/csrf.handler.d.ts.map +1 -1
  353. package/dist/handlers/csrf.handler.js +49 -1
  354. package/dist/handlers/csrf.handler.js.map +1 -1
  355. package/dist/handlers/token-delivery.handler.d.ts +16 -0
  356. package/dist/handlers/token-delivery.handler.d.ts.map +1 -1
  357. package/dist/handlers/token-delivery.handler.js +22 -1
  358. package/dist/handlers/token-delivery.handler.js.map +1 -1
  359. package/dist/index.d.ts +34 -0
  360. package/dist/index.d.ts.map +1 -1
  361. package/dist/index.js +67 -0
  362. package/dist/index.js.map +1 -1
  363. package/dist/interfaces/client-info.interface.d.ts +58 -0
  364. package/dist/interfaces/client-info.interface.d.ts.map +1 -1
  365. package/dist/interfaces/config.interface.d.ts +1774 -0
  366. package/dist/interfaces/config.interface.d.ts.map +1 -1
  367. package/dist/interfaces/config.interface.js +16 -0
  368. package/dist/interfaces/config.interface.js.map +1 -1
  369. package/dist/interfaces/entities.interface.d.ts +48 -0
  370. package/dist/interfaces/entities.interface.d.ts.map +1 -1
  371. package/dist/interfaces/entities.interface.js +8 -0
  372. package/dist/interfaces/entities.interface.js.map +1 -1
  373. package/dist/interfaces/index.js +5 -0
  374. package/dist/interfaces/index.js.map +1 -1
  375. package/dist/interfaces/logger.interface.d.ts +213 -0
  376. package/dist/interfaces/logger.interface.d.ts.map +1 -1
  377. package/dist/interfaces/logger.interface.js +35 -0
  378. package/dist/interfaces/logger.interface.js.map +1 -1
  379. package/dist/interfaces/mfa-provider.interface.d.ts +134 -0
  380. package/dist/interfaces/mfa-provider.interface.d.ts.map +1 -1
  381. package/dist/interfaces/oauth.interface.d.ts +110 -0
  382. package/dist/interfaces/oauth.interface.d.ts.map +1 -1
  383. package/dist/interfaces/provider.interface.d.ts +83 -0
  384. package/dist/interfaces/provider.interface.d.ts.map +1 -1
  385. package/dist/interfaces/sms-template.interface.d.ts +246 -0
  386. package/dist/interfaces/sms-template.interface.d.ts.map +1 -1
  387. package/dist/interfaces/sms-template.interface.js +26 -0
  388. package/dist/interfaces/sms-template.interface.js.map +1 -1
  389. package/dist/interfaces/social-auth-provider.interface.d.ts +115 -0
  390. package/dist/interfaces/social-auth-provider.interface.d.ts.map +1 -1
  391. package/dist/interfaces/storage-adapter.interface.d.ts +37 -0
  392. package/dist/interfaces/storage-adapter.interface.d.ts.map +1 -1
  393. package/dist/interfaces/template.interface.d.ts +351 -0
  394. package/dist/interfaces/template.interface.d.ts.map +1 -1
  395. package/dist/interfaces/template.interface.js +13 -0
  396. package/dist/interfaces/template.interface.js.map +1 -1
  397. package/dist/interfaces/token-verifier.interface.d.ts +101 -0
  398. package/dist/interfaces/token-verifier.interface.d.ts.map +1 -1
  399. package/dist/interfaces.d.ts +8 -0
  400. package/dist/interfaces.d.ts.map +1 -1
  401. package/dist/interfaces.js +8 -0
  402. package/dist/interfaces.js.map +1 -1
  403. package/dist/internal.d.ts +120 -0
  404. package/dist/internal.d.ts.map +1 -1
  405. package/dist/internal.js +138 -0
  406. package/dist/internal.js.map +1 -1
  407. package/dist/platform/interfaces.d.ts +187 -0
  408. package/dist/platform/interfaces.d.ts.map +1 -1
  409. package/dist/platform/interfaces.js +11 -0
  410. package/dist/platform/interfaces.js.map +1 -1
  411. package/dist/schemas/auth-config.schema.d.ts +48 -0
  412. package/dist/schemas/auth-config.schema.d.ts.map +1 -1
  413. package/dist/schemas/auth-config.schema.js +188 -9
  414. package/dist/schemas/auth-config.schema.js.map +1 -1
  415. package/dist/services/adaptive-mfa-decision.service.d.ts +144 -0
  416. package/dist/services/adaptive-mfa-decision.service.d.ts.map +1 -1
  417. package/dist/services/adaptive-mfa-decision.service.js +151 -5
  418. package/dist/services/adaptive-mfa-decision.service.js.map +1 -1
  419. package/dist/services/auth-audit.service.d.ts +195 -0
  420. package/dist/services/auth-audit.service.d.ts.map +1 -1
  421. package/dist/services/auth-audit.service.js +228 -1
  422. package/dist/services/auth-audit.service.js.map +1 -1
  423. package/dist/services/auth-challenge-helper.service.d.ts +144 -1
  424. package/dist/services/auth-challenge-helper.service.d.ts.map +1 -1
  425. package/dist/services/auth-challenge-helper.service.js +295 -16
  426. package/dist/services/auth-challenge-helper.service.js.map +1 -1
  427. package/dist/services/auth-flow-context-builder.service.d.ts +120 -1
  428. package/dist/services/auth-flow-context-builder.service.d.ts.map +1 -1
  429. package/dist/services/auth-flow-context-builder.service.js +184 -5
  430. package/dist/services/auth-flow-context-builder.service.js.map +1 -1
  431. package/dist/services/auth-flow-rules.d.ts +136 -0
  432. package/dist/services/auth-flow-rules.d.ts.map +1 -1
  433. package/dist/services/auth-flow-rules.js +137 -0
  434. package/dist/services/auth-flow-rules.js.map +1 -1
  435. package/dist/services/auth-flow-state-definitions.d.ts +40 -0
  436. package/dist/services/auth-flow-state-definitions.d.ts.map +1 -1
  437. package/dist/services/auth-flow-state-definitions.js +98 -0
  438. package/dist/services/auth-flow-state-definitions.js.map +1 -1
  439. package/dist/services/auth-flow-state-machine.service.d.ts +91 -0
  440. package/dist/services/auth-flow-state-machine.service.d.ts.map +1 -1
  441. package/dist/services/auth-flow-state-machine.service.js +102 -0
  442. package/dist/services/auth-flow-state-machine.service.js.map +1 -1
  443. package/dist/services/auth-flow-state-machine.types.d.ts +221 -0
  444. package/dist/services/auth-flow-state-machine.types.d.ts.map +1 -1
  445. package/dist/services/auth-flow-state-machine.types.js +47 -0
  446. package/dist/services/auth-flow-state-machine.types.js.map +1 -1
  447. package/dist/services/auth.service.d.ts +397 -1
  448. package/dist/services/auth.service.d.ts.map +1 -1
  449. package/dist/services/auth.service.js +943 -27
  450. package/dist/services/auth.service.js.map +1 -1
  451. package/dist/services/challenge.service.d.ts +255 -1
  452. package/dist/services/challenge.service.d.ts.map +1 -1
  453. package/dist/services/challenge.service.js +327 -3
  454. package/dist/services/challenge.service.js.map +1 -1
  455. package/dist/services/client-info.service.d.ts +143 -0
  456. package/dist/services/client-info.service.d.ts.map +1 -1
  457. package/dist/services/client-info.service.js +161 -0
  458. package/dist/services/client-info.service.js.map +1 -1
  459. package/dist/services/csrf.service.d.ts +15 -0
  460. package/dist/services/csrf.service.d.ts.map +1 -1
  461. package/dist/services/csrf.service.js +16 -0
  462. package/dist/services/csrf.service.js.map +1 -1
  463. package/dist/services/email-verification.service.d.ts +52 -0
  464. package/dist/services/email-verification.service.d.ts.map +1 -1
  465. package/dist/services/email-verification.service.js +149 -10
  466. package/dist/services/email-verification.service.js.map +1 -1
  467. package/dist/services/geo-location.service.d.ts +105 -0
  468. package/dist/services/geo-location.service.d.ts.map +1 -1
  469. package/dist/services/geo-location.service.js +188 -2
  470. package/dist/services/geo-location.service.js.map +1 -1
  471. package/dist/services/jwt.service.d.ts +257 -0
  472. package/dist/services/jwt.service.d.ts.map +1 -1
  473. package/dist/services/jwt.service.js +284 -1
  474. package/dist/services/jwt.service.js.map +1 -1
  475. package/dist/services/mfa-base.service.d.ts +179 -1
  476. package/dist/services/mfa-base.service.d.ts.map +1 -1
  477. package/dist/services/mfa-base.service.js +256 -2
  478. package/dist/services/mfa-base.service.js.map +1 -1
  479. package/dist/services/mfa.service.d.ts +304 -0
  480. package/dist/services/mfa.service.d.ts.map +1 -1
  481. package/dist/services/mfa.service.js +380 -0
  482. package/dist/services/mfa.service.js.map +1 -1
  483. package/dist/services/password-reset.service.d.ts +46 -0
  484. package/dist/services/password-reset.service.d.ts.map +1 -1
  485. package/dist/services/password-reset.service.js +79 -0
  486. package/dist/services/password-reset.service.js.map +1 -1
  487. package/dist/services/password.service.d.ts +139 -0
  488. package/dist/services/password.service.d.ts.map +1 -1
  489. package/dist/services/password.service.js +167 -9
  490. package/dist/services/password.service.js.map +1 -1
  491. package/dist/services/phone-verification.service.d.ts +75 -0
  492. package/dist/services/phone-verification.service.d.ts.map +1 -1
  493. package/dist/services/phone-verification.service.js +188 -6
  494. package/dist/services/phone-verification.service.js.map +1 -1
  495. package/dist/services/risk-detection.service.d.ts +198 -0
  496. package/dist/services/risk-detection.service.d.ts.map +1 -1
  497. package/dist/services/risk-detection.service.js +358 -11
  498. package/dist/services/risk-detection.service.js.map +1 -1
  499. package/dist/services/risk-scoring.service.d.ts +84 -0
  500. package/dist/services/risk-scoring.service.d.ts.map +1 -1
  501. package/dist/services/risk-scoring.service.js +87 -0
  502. package/dist/services/risk-scoring.service.js.map +1 -1
  503. package/dist/services/session.service.d.ts +204 -0
  504. package/dist/services/session.service.d.ts.map +1 -1
  505. package/dist/services/session.service.js +289 -4
  506. package/dist/services/session.service.js.map +1 -1
  507. package/dist/services/social-auth-base.service.d.ts +123 -1
  508. package/dist/services/social-auth-base.service.d.ts.map +1 -1
  509. package/dist/services/social-auth-base.service.js +155 -2
  510. package/dist/services/social-auth-base.service.js.map +1 -1
  511. package/dist/services/social-auth.service.d.ts +191 -0
  512. package/dist/services/social-auth.service.d.ts.map +1 -1
  513. package/dist/services/social-auth.service.js +215 -2
  514. package/dist/services/social-auth.service.js.map +1 -1
  515. package/dist/services/social-provider-registry.service.d.ts +86 -0
  516. package/dist/services/social-provider-registry.service.d.ts.map +1 -1
  517. package/dist/services/social-provider-registry.service.js +86 -0
  518. package/dist/services/social-provider-registry.service.js.map +1 -1
  519. package/dist/services/trusted-device.service.d.ts +105 -0
  520. package/dist/services/trusted-device.service.d.ts.map +1 -1
  521. package/dist/services/trusted-device.service.js +133 -4
  522. package/dist/services/trusted-device.service.js.map +1 -1
  523. package/dist/storage/account-lockout-storage.service.d.ts +35 -0
  524. package/dist/storage/account-lockout-storage.service.d.ts.map +1 -1
  525. package/dist/storage/account-lockout-storage.service.js +35 -0
  526. package/dist/storage/account-lockout-storage.service.js.map +1 -1
  527. package/dist/storage/memory-storage.adapter.d.ts +148 -0
  528. package/dist/storage/memory-storage.adapter.d.ts.map +1 -1
  529. package/dist/storage/memory-storage.adapter.js +201 -6
  530. package/dist/storage/memory-storage.adapter.js.map +1 -1
  531. package/dist/storage/rate-limit-storage.service.d.ts +3 -0
  532. package/dist/storage/rate-limit-storage.service.d.ts.map +1 -1
  533. package/dist/storage/rate-limit-storage.service.js +4 -0
  534. package/dist/storage/rate-limit-storage.service.js.map +1 -1
  535. package/dist/storage.d.ts +8 -0
  536. package/dist/storage.d.ts.map +1 -1
  537. package/dist/storage.js +8 -0
  538. package/dist/storage.js.map +1 -1
  539. package/dist/templates/html-template.engine.d.ts +110 -0
  540. package/dist/templates/html-template.engine.d.ts.map +1 -1
  541. package/dist/templates/html-template.engine.js +147 -0
  542. package/dist/templates/html-template.engine.js.map +1 -1
  543. package/dist/templates/index.d.ts +5 -0
  544. package/dist/templates/index.d.ts.map +1 -1
  545. package/dist/templates/index.js +5 -0
  546. package/dist/templates/index.js.map +1 -1
  547. package/dist/templates/sms-template.engine.d.ts +151 -0
  548. package/dist/templates/sms-template.engine.d.ts.map +1 -1
  549. package/dist/templates/sms-template.engine.js +171 -0
  550. package/dist/templates/sms-template.engine.js.map +1 -1
  551. package/dist/templates.d.ts +8 -0
  552. package/dist/templates.d.ts.map +1 -1
  553. package/dist/templates.js +8 -0
  554. package/dist/templates.js.map +1 -1
  555. package/dist/utils/common-passwords.d.ts +42 -0
  556. package/dist/utils/common-passwords.d.ts.map +1 -1
  557. package/dist/utils/common-passwords.js +88 -0
  558. package/dist/utils/common-passwords.js.map +1 -1
  559. package/dist/utils/context-storage.d.ts +129 -0
  560. package/dist/utils/context-storage.d.ts.map +1 -1
  561. package/dist/utils/context-storage.js +129 -0
  562. package/dist/utils/context-storage.js.map +1 -1
  563. package/dist/utils/cookie-names.util.d.ts +35 -0
  564. package/dist/utils/cookie-names.util.d.ts.map +1 -1
  565. package/dist/utils/cookie-names.util.js +37 -0
  566. package/dist/utils/cookie-names.util.js.map +1 -1
  567. package/dist/utils/cookies.util.d.ts +19 -0
  568. package/dist/utils/cookies.util.d.ts.map +1 -1
  569. package/dist/utils/cookies.util.js +30 -3
  570. package/dist/utils/cookies.util.js.map +1 -1
  571. package/dist/utils/index.d.ts +3 -0
  572. package/dist/utils/index.d.ts.map +1 -1
  573. package/dist/utils/index.js +4 -0
  574. package/dist/utils/index.js.map +1 -1
  575. package/dist/utils/ip-extractor.d.ts +88 -0
  576. package/dist/utils/ip-extractor.d.ts.map +1 -1
  577. package/dist/utils/ip-extractor.js +109 -16
  578. package/dist/utils/ip-extractor.js.map +1 -1
  579. package/dist/utils/nauth-logger.d.ts +70 -0
  580. package/dist/utils/nauth-logger.d.ts.map +1 -1
  581. package/dist/utils/nauth-logger.js +82 -4
  582. package/dist/utils/nauth-logger.js.map +1 -1
  583. package/dist/utils/pii-redactor.d.ts +70 -0
  584. package/dist/utils/pii-redactor.d.ts.map +1 -1
  585. package/dist/utils/pii-redactor.js +102 -0
  586. package/dist/utils/pii-redactor.js.map +1 -1
  587. package/dist/utils/setup/get-repositories.d.ts +16 -0
  588. package/dist/utils/setup/get-repositories.d.ts.map +1 -1
  589. package/dist/utils/setup/get-repositories.js +21 -0
  590. package/dist/utils/setup/get-repositories.js.map +1 -1
  591. package/dist/utils/setup/init-services.d.ts +40 -1
  592. package/dist/utils/setup/init-services.d.ts.map +1 -1
  593. package/dist/utils/setup/init-services.js +98 -0
  594. package/dist/utils/setup/init-services.js.map +1 -1
  595. package/dist/utils/setup/init-social.d.ts +27 -0
  596. package/dist/utils/setup/init-social.d.ts.map +1 -1
  597. package/dist/utils/setup/init-social.js +49 -0
  598. package/dist/utils/setup/init-social.js.map +1 -1
  599. package/dist/utils/setup/init-storage.d.ts +22 -0
  600. package/dist/utils/setup/init-storage.d.ts.map +1 -1
  601. package/dist/utils/setup/init-storage.js +36 -0
  602. package/dist/utils/setup/init-storage.js.map +1 -1
  603. package/dist/utils/setup/register-mfa.d.ts +22 -0
  604. package/dist/utils/setup/register-mfa.d.ts.map +1 -1
  605. package/dist/utils/setup/register-mfa.js +41 -0
  606. package/dist/utils/setup/register-mfa.js.map +1 -1
  607. package/dist/utils/setup/run-nauth-migrations.d.ts +7 -0
  608. package/dist/utils/setup/run-nauth-migrations.d.ts.map +1 -1
  609. package/dist/utils/setup/run-nauth-migrations.js +8 -0
  610. package/dist/utils/setup/run-nauth-migrations.js.map +1 -1
  611. package/dist/utils/token-delivery-policy.d.ts +17 -0
  612. package/dist/utils/token-delivery-policy.d.ts.map +1 -1
  613. package/dist/utils/token-delivery-policy.js +17 -0
  614. package/dist/utils/token-delivery-policy.js.map +1 -1
  615. package/dist/utils.d.ts +8 -0
  616. package/dist/utils.d.ts.map +1 -1
  617. package/dist/utils.js +8 -0
  618. package/dist/utils.js.map +1 -1
  619. package/dist/validators/template.validator.d.ts +80 -0
  620. package/dist/validators/template.validator.d.ts.map +1 -1
  621. package/dist/validators/template.validator.js +94 -0
  622. package/dist/validators/template.validator.js.map +1 -1
  623. package/package.json +7 -2
package/dist/services/jwt.service.d.ts CHANGED
@@ -1,65 +1,322 @@
1
1
  import { JwtConfig } from '../interfaces/config.interface';
2
+ /**
3
+ * JWT Payload structure
4
+ */
2
5
  export interface JwtPayload {
6
+ /** User ID */
3
7
  sub: string;
8
+ /** User email */
4
9
  email: string;
10
+ /** Token type (access or refresh) */
5
11
  type: 'access' | 'refresh';
12
+ /** Session ID */
6
13
  sessionId: string;
14
+ /** Token family ID (for rotation detection) */
7
15
  tokenFamily?: string;
16
+ /** Issued at timestamp */
8
17
  iat: number;
18
+ /** Expiration timestamp */
9
19
  exp: number;
20
+ /** Issuer */
10
21
  iss?: string;
22
+ /** Audience */
11
23
  aud?: string | string[];
24
+ /** Device ID */
12
25
  deviceId?: string;
13
26
  }
27
+ /**
28
+ * Token validation result
29
+ */
14
30
  export interface TokenValidationResult {
31
+ /** Whether token is valid */
15
32
  valid: boolean;
33
+ /** Decoded payload if valid */
16
34
  payload?: JwtPayload;
35
+ /** Error message if invalid */
17
36
  error?: string;
37
+ /** Error type for specific handling */
18
38
  errorType?: 'expired' | 'invalid' | 'malformed' | 'blacklisted';
19
39
  }
40
+ /**
41
+ * Token pair (access + refresh)
42
+ */
20
43
  export interface TokenPair {
44
+ /** Short-lived access token */
21
45
  accessToken: string;
46
+ /** Long-lived refresh token */
22
47
  refreshToken: string;
48
+ /** Access token expiration in seconds */
23
49
  expiresIn: number;
24
50
  }
51
+ /**
52
+ * JWT Service (Platform-Agnostic)
53
+ *
54
+ * Handles all JWT token operations using jose library for platform independence.
55
+ *
56
+ * **Features:**
57
+ * - Platform-agnostic (no framework dependencies)
58
+ * - Support for multiple algorithms (HS256, HS384, HS512, RS256, RS384, RS512)
59
+ * - Token rotation with family tracking
60
+ * - Token reuse detection
61
+ * - Symmetric and asymmetric key support
62
+ *
63
+ * **Security Features:**
64
+ * - HS256 as default algorithm (symmetric key)
65
+ * - HS256/HS384/HS512 for symmetric keys
66
+ * - RS256/RS384/RS512 for asymmetric keys
67
+ * - Token rotation on refresh
68
+ * - Token family tracking for reuse detection
69
+ * - Configurable expiration times
70
+ * - Standard JWT claims (iss, aud, sub, exp, iat)
71
+ *
72
+ * @example
73
+ * ```typescript
74
+ * const jwtService = new JwtService(config);
75
+ *
76
+ * // Generate token pair
77
+ * const tokens = await jwtService.generateTokenPair({
78
+ * userId: 'user-123',
79
+ * email: 'user@example.com',
80
+ * sessionId: 'session-456',
81
+ * });
82
+ *
83
+ * // Validate token
84
+ * const result = await jwtService.validateAccessToken(tokens.accessToken);
85
+ * if (result.valid) {
86
+ * console.log('User ID:', result.payload.sub);
87
+ * }
88
+ * ```
89
+ */
25
90
  export declare class JwtService {
91
+ /** JWT configuration */
26
92
  private readonly config;
93
+ /** Cached access token key (for performance) */
27
94
  private accessTokenKey;
95
+ /** Cached refresh token key (for performance) */
28
96
  private refreshTokenKey;
97
+ /**
98
+ * Cached dynamic import of jose.
99
+ * Kept as a promise so concurrent calls share the same module load.
100
+ */
29
101
  private joseModulePromise;
30
102
  constructor(jwtConfig: JwtConfig);
103
+ /**
104
+ * Lazy-load jose (ESM-only) in a CJS-compatible way.
105
+ * @private
106
+ */
31
107
  private getJose;
108
+ /**
109
+ * Prepare and cache signing keys for better performance
110
+ * @private
111
+ */
32
112
  private prepareKeys;
113
+ /**
114
+ * Get algorithm for signing access tokens
115
+ *
116
+ * Automatically selects appropriate algorithm based on key material:
117
+ * - If privateKey is provided → uses configured algorithm (RS256, RS384, RS512)
118
+ * - If only secret is provided → uses configured algorithm or defaults to HS256
119
+ *
120
+ * @private
121
+ */
33
122
  private getAlgorithm;
123
+ /**
124
+ * Get algorithm for signing refresh tokens
125
+ *
126
+ * Refresh tokens only support symmetric algorithms (HS256/HS384/HS512)
127
+ * because RefreshTokenConfig only provides a secret, not a privateKey.
128
+ *
129
+ * Automatically selects appropriate symmetric algorithm:
130
+ * - If configured algorithm is symmetric (HS256/HS384/HS512) → uses it
131
+ * - If configured algorithm is asymmetric (RS256, RS384, RS512) → falls back to HS256
132
+ * - Defaults to HS256 if no algorithm is configured
133
+ *
134
+ * @private
135
+ */
34
136
  private getRefreshTokenAlgorithm;
137
+ /**
138
+ * Generate both access and refresh tokens
139
+ *
140
+ * Creates a pair of tokens with the same token family for rotation tracking.
141
+ * The token family allows detection of token reuse attacks.
142
+ *
143
+ * @param data - User and session information
144
+ * @returns Token pair with access and refresh tokens
145
+ *
146
+ * @example
147
+ * ```typescript
148
+ * const tokens = await jwtService.generateTokenPair({
149
+ * userId: 'user-123',
150
+ * email: 'user@example.com',
151
+ * sessionId: 'session-456',
152
+ * });
153
+ *
154
+ * // Store tokens and send to client
155
+ * res.json({
156
+ * accessToken: tokens.accessToken,
157
+ * refreshToken: tokens.refreshToken,
158
+ * expiresIn: tokens.expiresIn,
159
+ * });
160
+ * ```
161
+ */
35
162
  generateTokenPair(data: {
36
163
  userId: string;
37
164
  email: string;
38
165
  sessionId: string;
39
166
  tokenFamily?: string;
40
167
  }): Promise<TokenPair>;
168
+ /**
169
+ * Generate an access token
170
+ *
171
+ * Access tokens are short-lived (typically 15 minutes) and used for API authentication.
172
+ * They contain user identity and authorization information.
173
+ *
174
+ * @param data - Token payload data
175
+ * @returns Signed JWT access token
176
+ */
41
177
  generateAccessToken(data: {
42
178
  userId: string;
43
179
  email: string;
44
180
  sessionId: string;
45
181
  tokenFamily: string;
46
182
  }): Promise<string>;
183
+ /**
184
+ * Generate a refresh token
185
+ *
186
+ * Refresh tokens are long-lived (typically 30 days) and used to obtain new access tokens.
187
+ * They should be stored securely and rotated on each use.
188
+ *
189
+ * NOTE: Refresh tokens always use a symmetric algorithm (HS256/HS384/HS512)
190
+ * because RefreshTokenConfig only provides a secret, not a privateKey.
191
+ * This ensures compatibility between the algorithm and key type.
192
+ *
193
+ * @param data - Token payload data
194
+ * @returns Signed JWT refresh token
195
+ */
47
196
  generateRefreshToken(data: {
48
197
  userId: string;
49
198
  email: string;
50
199
  sessionId: string;
51
200
  tokenFamily: string;
52
201
  }): Promise<string>;
202
+ /**
203
+ * Validate an access token
204
+ *
205
+ * Verifies:
206
+ * - Token signature is valid
207
+ * - Token hasn't expired
208
+ * - Token type is 'access'
209
+ * - Token structure is correct
210
+ *
211
+ * @param token - JWT access token to validate
212
+ * @returns Validation result with payload or error
213
+ *
214
+ * @example
215
+ * ```typescript
216
+ * const result = await jwtService.validateAccessToken(token);
217
+ *
218
+ * if (!result.valid) {
219
+ * if (result.errorType === 'expired') {
220
+ * // Attempt to refresh token
221
+ * } else {
222
+ * // Invalid token, reject request
223
+ * }
224
+ * }
225
+ * ```
226
+ */
53
227
  validateAccessToken(token: string): Promise<TokenValidationResult>;
228
+ /**
229
+ * Validate a refresh token
230
+ *
231
+ * Similar to access token validation but checks for 'refresh' type.
232
+ * Also verifies token hasn't been used before (if rotation is enabled).
233
+ *
234
+ * @param token - JWT refresh token to validate
235
+ * @returns Validation result with payload or error
236
+ */
54
237
  validateRefreshToken(token: string): Promise<TokenValidationResult>;
238
+ /**
239
+ * Decode a token without verification
240
+ *
241
+ * WARNING: This method does NOT validate the token signature or expiration.
242
+ * Only use for non-security-critical operations like logging or analytics.
243
+ *
244
+ * @param token - JWT token to decode
245
+ * @returns Decoded payload or null if malformed
246
+ */
55
247
  decodeToken(token: string): JwtPayload | null;
248
+ /**
249
+ * Convert base64url-encoded strings to standard base64 for decoding.
250
+ * @private
251
+ */
56
252
  private base64UrlToBase64;
253
+ /**
254
+ * Generate a unique token family identifier
255
+ *
256
+ * Token families are used to track token rotation and detect reuse attacks.
257
+ * All tokens in the same "family" (original + rotated versions) share this ID.
258
+ *
259
+ * SECURITY FIX #10: Increased from 16 bytes (128 bits) to 32 bytes (256 bits)
260
+ *
261
+ * @returns Random token family ID (256 bits)
262
+ */
57
263
  generateTokenFamily(): string;
264
+ /**
265
+ * Hash a token for storage
266
+ *
267
+ * Tokens should be hashed before storing in the database for security.
268
+ * This prevents token exposure if the database is compromised.
269
+ *
270
+ * @param token - Token to hash
271
+ * @returns SHA-256 hash of the token
272
+ */
58
273
  hashToken(token: string): string;
274
+ /**
275
+ * Get access token expiry time in seconds
276
+ *
277
+ * @returns Access token expiry time in seconds
278
+ *
279
+ * @example
280
+ * ```typescript
281
+ * const expiry = jwtService.getAccessTokenExpiry();
282
+ * console.log(expiry); // 900 (15 minutes)
283
+ * ```
284
+ */
59
285
  getAccessTokenExpiry(): number;
286
+ /**
287
+ * Get refresh token TTL in seconds
288
+ *
289
+ * Used for setting expiration on used-token tracking in storage.
290
+ *
291
+ * @returns TTL in seconds
292
+ */
60
293
  getRefreshTokenTTL(): number;
294
+ /**
295
+ * Extract token from Authorization header
296
+ *
297
+ * Supports standard "Bearer <token>" format
298
+ *
299
+ * @param authHeader - Authorization header value
300
+ * @returns Extracted token or null
301
+ *
302
+ * @example
303
+ * ```typescript
304
+ * const token = jwtService.extractTokenFromHeader('Bearer eyJhbGc...');
305
+ * // Returns: 'eyJhbGc...'
306
+ * ```
307
+ */
61
308
  extractTokenFromHeader(authHeader?: string): string | null;
309
+ /**
310
+ * Parse expiration time from string or number
311
+ * @param expiresIn - Expiration time (e.g., '15m', 900, '1h')
312
+ * @returns Expiration time in seconds
313
+ */
62
314
  private parseExpiresIn;
315
+ /**
316
+ * Handle JWT validation errors and convert to standardized result
317
+ * @param error - Error from JWT verification
318
+ * @returns Standardized validation result
319
+ */
63
320
  private handleValidationError;
64
321
  }
65
322
  //# sourceMappingURL=jwt.service.d.ts.map
package/dist/services/jwt.service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"jwt.service.d.ts","sourceRoot":"","sources":["../../src/services/jwt.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAC;AAiB3D,MAAM,WAAW,UAAU;IAEzB,GAAG,EAAE,MAAM,CAAC;IAGZ,KAAK,EAAE,MAAM,CAAC;IAGd,IAAI,EAAE,QAAQ,GAAG,SAAS,CAAC;IAG3B,SAAS,EAAE,MAAM,CAAC;IAGlB,WAAW,CAAC,EAAE,MAAM,CAAC;IAGrB,GAAG,EAAE,MAAM,CAAC;IAGZ,GAAG,EAAE,MAAM,CAAC;IAGZ,GAAG,CAAC,EAAE,MAAM,CAAC;IAGb,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAGxB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAKD,MAAM,WAAW,qBAAqB;IAEpC,KAAK,EAAE,OAAO,CAAC;IAGf,OAAO,CAAC,EAAE,UAAU,CAAC;IAGrB,KAAK,CAAC,EAAE,MAAM,CAAC;IAGf,SAAS,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,aAAa,CAAC;CACjE;AAKD,MAAM,WAAW,SAAS;IAExB,WAAW,EAAE,MAAM,CAAC;IAGpB,YAAY,EAAE,MAAM,CAAC;IAGrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAyCD,qBAAa,UAAU;IAErB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAY;IAGnC,OAAO,CAAC,cAAc,CAA8C;IAGpE,OAAO,CAAC,eAAe,CAA8C;IAMrE,OAAO,CAAC,iBAAiB,CAAoC;gBAEjD,SAAS,EAAE,SAAS;YAalB,OAAO;IAerB,OAAO,CAAC,WAAW;IAyBnB,OAAO,CAAC,YAAY;IAkBpB,OAAO,CAAC,wBAAwB;IA2C1B,iBAAiB,CAAC,IAAI,EAAE;QAC5B,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,OAAO,CAAC,SAAS,CAAC;IAmChB,mBAAmB,CAAC,IAAI,EAAE;QAC9B,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;KACrB,GAAG,OAAO,CAAC,MAAM,CAAC;IAmDb,oBAAoB,CAAC,IAAI,EAAE;QAC/B,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;KACrB,GAAG,OAAO,CAAC,MAAM,CAAC;IAmDb,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAoDlE,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAwCzE,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI;IAmB7C,OAAO,CAAC,iBAAiB;IAqBzB,mBAAmB,IAAI,MAAM;IAa7B,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAehC,oBAAoB,IAAI,MAAM;IAW9B,kBAAkB,IAAI,MAAM;IAkB5B,sBAAsB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAoB1D,OAAO,CAAC,cAAc;IA2BtB,OAAO,CAAC,qBAAqB;CAgC9B"}
1
+ {"version":3,"file":"jwt.service.d.ts","sourceRoot":"","sources":["../../src/services/jwt.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAC;AAc3D;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,cAAc;IACd,GAAG,EAAE,MAAM,CAAC;IAEZ,iBAAiB;IACjB,KAAK,EAAE,MAAM,CAAC;IAEd,qCAAqC;IACrC,IAAI,EAAE,QAAQ,GAAG,SAAS,CAAC;IAE3B,iBAAiB;IACjB,SAAS,EAAE,MAAM,CAAC;IAElB,+CAA+C;IAC/C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,0BAA0B;IAC1B,GAAG,EAAE,MAAM,CAAC;IAEZ,2BAA2B;IAC3B,GAAG,EAAE,MAAM,CAAC;IAEZ,aAAa;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb,eAAe;IACf,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,gBAAgB;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,6BAA6B;IAC7B,KAAK,EAAE,OAAO,CAAC;IAEf,+BAA+B;IAC/B,OAAO,CAAC,EAAE,UAAU,CAAC;IAErB,+BAA+B;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,uCAAuC;IACvC,SAAS,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,aAAa,CAAC;CACjE;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;IAEpB,+BAA+B;IAC/B,YAAY,EAAE,MAAM,CAAC;IAErB,yCAAyC;IACzC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,qBAAa,UAAU;IACrB,wBAAwB;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAY;IAEnC,gDAAgD;IAChD,OAAO,CAAC,cAAc,CAA8C;IAEpE,iDAAiD;IACjD,OAAO,CAAC,eAAe,CAA8C;IAErE;;;OAGG;IACH,OAAO,CAAC,iBAAiB,CAAoC;gBAEjD,SAAS,EAAE,SAAS;IAShC;;;OAGG;YACW,OAAO;IAWrB;;;OAGG;IACH,OAAO,CAAC,WAAW;IAgBnB;;;;;;;;OAQG;IACH,OAAO,CAAC,YAAY;IAKpB;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,wBAAwB;IAkBhC;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACG,iBAAiB,CAAC,IAAI,EAAE;QAC5B,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,OAAO,CAAC,SAAS,CAAC;IA0BtB;;;;;;;;OAQG;IACG,mBAAmB,CAAC,IAAI,EAAE;QAC9B,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;KACrB,GAAG,OAAO,CAAC,MAAM,CAAC;IAsCnB;;;;;;;;;;;;OAYG;IACG,oBAAoB,CAAC,IAAI,EAAE;QAC/B,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;KACrB,GAAG,OAAO,CAAC,MAAM,CAAC;IA0BnB;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACG,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;IA2CxE;;;;;;;;OAQG;IACG,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;IA+BzE;;;;;;;;OAQG;IACH,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI;IAe7C;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAWzB;;;;;;;;;OASG;IACH,mBAAmB,IAAI,MAAM;IAI7B;;;;;;;;OAQG;IACH,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAIhC;;;;;;;;;;OAUG;IACH,oBAAoB,IAAI,MAAM;IAI9B;;;;;;OAMG;IACH,kBAAkB,IAAI,MAAM;IAI5B;;;;;;;;;;;;;OAaG;IACH,sBAAsB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAe1D;;;;OAIG;IACH,OAAO,CAAC,cAAc;IAsBtB;;;;OAIG;IACH,OAAO,CAAC,qBAAqB;CAgC9B"}