@nauth-toolkit/core 0.1.14 → 0.1.18

package/dist/services/client-info.service.d.ts

@@ -1,14 +1,157 @@
 import { GetClientInfoResponseDTO, GetIpAddressResponseDTO, GetUserAgentResponseDTO, GetDeviceTokenResponseDTO, GetSessionIdResponseDTO } from '../dto';
+/**
+ * Client Info Service
+ *
+ * Provides transparent access to client information (IP address, user agent, device info)
+ * from the current request context using async local storage.
+ *
+ * This service eliminates the need to pass IP addresses and user agents as parameters
+ * to authentication methods. The library handles this automatically, just like AWS Cognito.
+ *
+ * **Key Features:**
+ * - Transparent access to client metadata
+ * - No parameters needed in service methods
+ * - Works across async boundaries
+ * - Type-safe with TypeScript
+ * - Thread-safe with async local storage
+ * - Platform-agnostic (no framework dependencies)
+ *
+ * **Usage:**
+ * ```typescript
+ * export class AuthService {
+ *   constructor(private clientInfoService: ClientInfoService) {}
+ *
+ *   async login(dto: LoginDTO) {
+ *     // Get client info from context (no parameters needed!)
+ *     const clientInfo = this.clientInfoService.get();
+ *
+ *     // Use it
+ *     logger.debug('IP Address:', clientInfo.ipAddress);
+ *     logger.debug('User Agent:', clientInfo.userAgent);
+ *   }
+ * }
+ * ```
+ *
+ * **Note:**
+ * This service must be called within the context of an HTTP request.
+ * If called outside a request context (e.g., cron jobs, CLI), it will
+ * return a default ClientInfo object with 'unknown' values.
+ */
 export declare class ClientInfoService {
     constructor();
+    /**
+     * Get client information from the current request context
+     *
+     * This method retrieves client metadata that was automatically extracted
+     * by ClientInfoInterceptor and stored in async local storage.
+     *
+     * @returns Response DTO with client information
+     *
+     * @example
+     * ```typescript
+     * const result = this.clientInfoService.get();
+     * logger.debug('IP Address:', result.ipAddress);  // 192.168.1.100
+     * logger.debug('User Agent:', result.userAgent);  // Mozilla/5.0 ...
+     * ```
+     *
+     * @example
+     * ```typescript
+     * // If called outside request context (e.g., cron job)
+     * const result = this.clientInfoService.get();
+     * logger.debug('IP Address:', result.ipAddress);  // 'unknown'
+     * ```
+     */
     get(): GetClientInfoResponseDTO;
+    /**
+     * Get IP address from the current request context
+     *
+     * Convenience method to get just the IP address without the full ClientInfo object.
+     *
+     * @returns Response DTO with IP address
+     *
+     * @example
+     * ```typescript
+     * const result = this.clientInfoService.getIpAddress();
+     * logger.debug('IP Address:', result.ipAddress);  // 192.168.1.100
+     * ```
+     */
     getIpAddress(): GetIpAddressResponseDTO;
+    /**
+     * Get user agent from the current request context
+     *
+     * Convenience method to get just the user agent without the full ClientInfo object.
+     *
+     * @returns Response DTO with user agent
+     *
+     * @example
+     * ```typescript
+     * const result = this.clientInfoService.getUserAgent();
+     * logger.debug('User Agent:', result.userAgent);  // Mozilla/5.0 (Windows NT 10.0; Win64; x64)...
+     * ```
+     */
     getUserAgent(): GetUserAgentResponseDTO;
+    /**
+     * Get device token from the current request context
+     *
+     * Convenience method to get just the device token (for trusted device feature).
+     *
+     * @returns Response DTO with device token
+     *
+     * @example
+     * ```typescript
+     * const result = this.clientInfoService.getDeviceToken();
+     * if (result.deviceToken) {
+     *   logger.debug('Device token:', result.deviceToken);
+     * }
+     * ```
+     */
     getDeviceToken(): GetDeviceTokenResponseDTO;
+    /**
+     * Get session ID from the current request context
+     *
+     * Convenience method to get just the session ID (extracted from JWT token after authentication).
+     *
+     * @returns Response DTO with session ID
+     *
+     * @example
+     * ```typescript
+     * const result = this.clientInfoService.getSessionId();
+     * if (result.sessionId) {
+     *   logger.debug('Session ID:', result.sessionId);
+     * }
+     * ```
+     */
     getSessionId(): GetSessionIdResponseDTO;
+    /**
+     * Get response object from the current request context
+     *
+     * Returns the HTTP response object that was stored by the framework interceptor.
+     * Used internally by services to perform response operations like clearing cookies.
+     *
+     * @returns Response object with cookie manipulation methods, or null if not available
+     * @internal - Used by core services, not by application code
+     *
+     * @example
+     * ```typescript
+     * const response = this.clientInfoService.getResponse();
+     * if (response?.clearCookie) {
+     *   response.clearCookie('my_cookie');
+     * }
+     * ```
+     */
     getResponse(): {
         clearCookie?: (name: string, options?: unknown) => void;
     } | null;
+    /**
+     * Parse user-agent string to extract browser, platform, and device information
+     *
+     * This method is used internally by interceptors to populate ClientInfo.
+     * Services should use ClientInfoService.get() to access parsed information.
+     *
+     * @param userAgent - User-agent string from HTTP request
+     * @returns Parsed user-agent information
+     * @internal - Used by interceptors, not by application code
+     */
     parseUserAgent(userAgent?: string | null): {
         browser: string | null;
         platform: string | null;

package/dist/services/client-info.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client-info.service.d.ts","sourceRoot":"","sources":["../../src/services/client-info.service.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,EACvB,yBAAyB,EACzB,uBAAuB,EACxB,MAAM,QAAQ,CAAC;AAwChB,qBAAa,iBAAiB;;IA2B5B,GAAG,IAAI,wBAAwB;IA2B/B,YAAY,IAAI,uBAAuB;IAmBvC,YAAY,IAAI,uBAAuB;IAqBvC,cAAc,IAAI,yBAAyB;IAqB3C,YAAY,IAAI,uBAAuB;IAuBvC,WAAW,IAAI;QAAE,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,KAAK,IAAI,CAAA;KAAE,GAAG,IAAI;IAcjF,cAAc,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG;QACzC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;QACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QACxB,UAAU,EAAE,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,IAAI,CAAC;QACnD,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;KAC3B;CAuJF"}
+{"version":3,"file":"client-info.service.d.ts","sourceRoot":"","sources":["../../src/services/client-info.service.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,EACvB,yBAAyB,EACzB,uBAAuB,EACxB,MAAM,QAAQ,CAAC;AAEhB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,qBAAa,iBAAiB;;IAK5B;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,GAAG,IAAI,wBAAwB;IAc/B;;;;;;;;;;;;OAYG;IACH,YAAY,IAAI,uBAAuB;IAMvC;;;;;;;;;;;;OAYG;IACH,YAAY,IAAI,uBAAuB;IAMvC;;;;;;;;;;;;;;OAcG;IACH,cAAc,IAAI,yBAAyB;IAM3C;;;;;;;;;;;;;;OAcG;IACH,YAAY,IAAI,uBAAuB;IAMvC;;;;;;;;;;;;;;;;OAgBG;IACH,WAAW,IAAI;QAAE,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,KAAK,IAAI,CAAA;KAAE,GAAG,IAAI;IAIjF;;;;;;;;;OASG;IACH,cAAc,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG;QACzC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;QACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QACxB,UAAU,EAAE,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,IAAI,CAAC;QACnD,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;KAC3B;CAuJF"}

package/dist/services/client-info.service.js

@@ -2,11 +2,73 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ClientInfoService = void 0;
 const context_storage_1 = require("../utils/context-storage");
+/**
+ * Client Info Service
+ *
+ * Provides transparent access to client information (IP address, user agent, device info)
+ * from the current request context using async local storage.
+ *
+ * This service eliminates the need to pass IP addresses and user agents as parameters
+ * to authentication methods. The library handles this automatically, just like AWS Cognito.
+ *
+ * **Key Features:**
+ * - Transparent access to client metadata
+ * - No parameters needed in service methods
+ * - Works across async boundaries
+ * - Type-safe with TypeScript
+ * - Thread-safe with async local storage
+ * - Platform-agnostic (no framework dependencies)
+ *
+ * **Usage:**
+ * ```typescript
+ * export class AuthService {
+ *   constructor(private clientInfoService: ClientInfoService) {}
+ *
+ *   async login(dto: LoginDTO) {
+ *     // Get client info from context (no parameters needed!)
+ *     const clientInfo = this.clientInfoService.get();
+ *
+ *     // Use it
+ *     logger.debug('IP Address:', clientInfo.ipAddress);
+ *     logger.debug('User Agent:', clientInfo.userAgent);
+ *   }
+ * }
+ * ```
+ *
+ * **Note:**
+ * This service must be called within the context of an HTTP request.
+ * If called outside a request context (e.g., cron jobs, CLI), it will
+ * return a default ClientInfo object with 'unknown' values.
+ */
 class ClientInfoService {
     constructor() {
+        // No dependencies - uses static ContextStorage
     }
+    /**
+     * Get client information from the current request context
+     *
+     * This method retrieves client metadata that was automatically extracted
+     * by ClientInfoInterceptor and stored in async local storage.
+     *
+     * @returns Response DTO with client information
+     *
+     * @example
+     * ```typescript
+     * const result = this.clientInfoService.get();
+     * logger.debug('IP Address:', result.ipAddress);  // 192.168.1.100
+     * logger.debug('User Agent:', result.userAgent);  // Mozilla/5.0 ...
+     * ```
+     *
+     * @example
+     * ```typescript
+     * // If called outside request context (e.g., cron job)
+     * const result = this.clientInfoService.get();
+     * logger.debug('IP Address:', result.ipAddress);  // 'unknown'
+     * ```
+     */
     get() {
         const clientInfo = context_storage_1.ContextStorage.get('CLIENT_INFO');
+        // If no client info in context (e.g., cron job, CLI), return default
         if (!clientInfo) {
             return {
                 ipAddress: 'unknown',
@@ -15,29 +77,112 @@ class ClientInfoService {
         }
         return clientInfo;
     }
+    /**
+     * Get IP address from the current request context
+     *
+     * Convenience method to get just the IP address without the full ClientInfo object.
+     *
+     * @returns Response DTO with IP address
+     *
+     * @example
+     * ```typescript
+     * const result = this.clientInfoService.getIpAddress();
+     * logger.debug('IP Address:', result.ipAddress);  // 192.168.1.100
+     * ```
+     */
     getIpAddress() {
         return {
             ipAddress: this.get().ipAddress,
         };
     }
+    /**
+     * Get user agent from the current request context
+     *
+     * Convenience method to get just the user agent without the full ClientInfo object.
+     *
+     * @returns Response DTO with user agent
+     *
+     * @example
+     * ```typescript
+     * const result = this.clientInfoService.getUserAgent();
+     * logger.debug('User Agent:', result.userAgent);  // Mozilla/5.0 (Windows NT 10.0; Win64; x64)...
+     * ```
+     */
     getUserAgent() {
         return {
             userAgent: this.get().userAgent,
         };
     }
+    /**
+     * Get device token from the current request context
+     *
+     * Convenience method to get just the device token (for trusted device feature).
+     *
+     * @returns Response DTO with device token
+     *
+     * @example
+     * ```typescript
+     * const result = this.clientInfoService.getDeviceToken();
+     * if (result.deviceToken) {
+     *   logger.debug('Device token:', result.deviceToken);
+     * }
+     * ```
+     */
     getDeviceToken() {
         return {
             deviceToken: this.get().deviceToken,
         };
     }
+    /**
+     * Get session ID from the current request context
+     *
+     * Convenience method to get just the session ID (extracted from JWT token after authentication).
+     *
+     * @returns Response DTO with session ID
+     *
+     * @example
+     * ```typescript
+     * const result = this.clientInfoService.getSessionId();
+     * if (result.sessionId) {
+     *   logger.debug('Session ID:', result.sessionId);
+     * }
+     * ```
+     */
     getSessionId() {
         return {
             sessionId: this.get().sessionId,
         };
     }
+    /**
+     * Get response object from the current request context
+     *
+     * Returns the HTTP response object that was stored by the framework interceptor.
+     * Used internally by services to perform response operations like clearing cookies.
+     *
+     * @returns Response object with cookie manipulation methods, or null if not available
+     * @internal - Used by core services, not by application code
+     *
+     * @example
+     * ```typescript
+     * const response = this.clientInfoService.getResponse();
+     * if (response?.clearCookie) {
+     *   response.clearCookie('my_cookie');
+     * }
+     * ```
+     */
     getResponse() {
         return context_storage_1.ContextStorage.get('HTTP_RESPONSE') || null;
     }
+    /**
+     * Parse user-agent string to extract browser, platform, and device information
+     *
+     * This method is used internally by interceptors to populate ClientInfo.
+     * Services should use ClientInfoService.get() to access parsed information.
+     *
+     * @param userAgent - User-agent string from HTTP request
+     * @returns Parsed user-agent information
+     * @internal - Used by interceptors, not by application code
+     */
     parseUserAgent(userAgent) {
         if (!userAgent || typeof userAgent !== 'string' || userAgent.trim() === '') {
             return {
@@ -48,8 +193,13 @@ class ClientInfoService {
             };
         }
         const ua = userAgent.toLowerCase();
+        // ============================================================================
+        // Detect Device Type
+        // ============================================================================
         let deviceType = null;
+        // Mobile devices
         if (/mobile|android|iphone|ipod|blackberry|opera|mini|windows\s+phone|palm|iemobile/i.test(ua)) {
+            // Tablets
             if (/tablet|ipad|playbook|silk|kindle/i.test(ua)) {
                 deviceType = 'tablet';
             }
@@ -60,6 +210,9 @@ class ClientInfoService {
         else {
             deviceType = 'desktop';
         }
+        // ============================================================================
+        // Detect Platform/OS
+        // ============================================================================
         let platform = null;
         if (/windows/i.test(ua)) {
             if (/windows nt 10/i.test(ua)) {
@@ -85,6 +238,7 @@ class ClientInfoService {
             const match = ua.match(/mac os x (\d+)[._](\d+)/);
             if (match) {
                 const major = parseInt(match[1], 10);
+                // Convert to macOS version names (approximate)
                 if (major >= 13) {
                     platform = 'macOS Ventura+';
                 }
@@ -132,6 +286,9 @@ class ClientInfoService {
         else {
             platform = null;
         }
+        // ============================================================================
+        // Detect Browser
+        // ============================================================================
         let browser = null;
         if (/edg/i.test(ua)) {
             browser = 'Edge';
@@ -160,6 +317,9 @@ class ClientInfoService {
         else {
             browser = null;
         }
+        // ============================================================================
+        // Generate Device Name
+        // ============================================================================
         let deviceName = null;
         if (browser && platform) {
             deviceName = `${browser} on ${platform}`;
@@ -170,6 +330,7 @@ class ClientInfoService {
         else if (platform) {
             deviceName = platform;
         }
+        // Special cases for mobile devices
         if (deviceType === 'mobile' || deviceType === 'tablet') {
             if (/iphone/i.test(ua)) {
                 const modelMatch = ua.match(/iphone(\d+),?(\d+)?/);

package/dist/services/client-info.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"client-info.service.js","sourceRoot":"","sources":["../../src/services/client-info.service.ts"],"names":[],"mappings":";;;AACA,8DAA0D;AA+C1D,MAAa,iBAAiB;IAC5B;IAEA,CAAC;IAwBD,GAAG;QACD,MAAM,UAAU,GAAG,gCAAc,CAAC,GAAG,CAAa,aAAa,CAAC,CAAC;QAGjE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO;gBACL,SAAS,EAAE,SAAS;gBACpB,SAAS,EAAE,SAAS;aACO,CAAC;QAChC,CAAC;QAED,OAAO,UAAsC,CAAC;IAChD,CAAC;IAeD,YAAY;QACV,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,SAAS;SAChC,CAAC;IACJ,CAAC;IAeD,YAAY;QACV,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,SAAS;SAChC,CAAC;IACJ,CAAC;IAiBD,cAAc;QACZ,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,WAAW;SACpC,CAAC;IACJ,CAAC;IAiBD,YAAY;QACV,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,SAAS;SAChC,CAAC;IACJ,CAAC;IAmBD,WAAW;QACT,OAAO,gCAAc,CAAC,GAAG,CAA8D,eAAe,CAAC,IAAI,IAAI,CAAC;IAClH,CAAC;IAYD,cAAc,CAAC,SAAyB;QAMtC,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC3E,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,IAAI;gBACd,UAAU,EAAE,IAAI;gBAChB,UAAU,EAAE,IAAI;aACjB,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QAKnC,IAAI,UAAU,GAA2C,IAAI,CAAC;QAG9D,IAAI,iFAAiF,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAE/F,IAAI,mCAAmC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACjD,UAAU,GAAG,QAAQ,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,UAAU,GAAG,QAAQ,CAAC;YACxB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,SAAS,CAAC;QACzB,CAAC;QAKD,IAAI,QAAQ,GAAkB,IAAI,CAAC;QAEnC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACxB,IAAI,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC9B,QAAQ,GAAG,YAAY,CAAC;YAC1B,CAAC;iBAAM,IAAI,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACrC,QAAQ,GAAG,YAAY,CAAC;YAC1B,CAAC;iBAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACtC,QAAQ,GAAG,aAAa,CAAC;YAC3B,CAAC;iBAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACtC,QAAQ,GAAG,WAAW,CAAC;YACzB,CAAC;iBAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACtC,QAAQ,GAAG,WAAW,CAAC;YACzB,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG,SAAS,CAAC;YACvB,CAAC;QACH,CAAC;aAAM,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC1C,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;YAClD,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAErC,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;oBAChB,QAAQ,GAAG,gBAAgB,CAAC;gBAC9B,CAAC;qBAAM,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;oBACvB,QAAQ,GAAG,gBAAgB,CAAC;gBAC9B,CAAC;qBAAM,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;oBACvB,QAAQ,GAAG,eAAe,CAAC;gBAC7B,CAAC;qBAAM,CAAC;oBACN,QAAQ,GAAG,OAAO,CAAC;gBACrB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG,OAAO,CAAC;YACrB,CAAC;QACH,CAAC;aAAM,IAAI,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACxC,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC5C,IAAI,KAAK,EAAE,CAAC;gBACV,QAAQ,GAAG,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG,KAAK,CAAC;YACnB,CAAC;QACH,CAAC;aAAM,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACjD,IAAI,KAAK,EAAE,CAAC;gBACV,QAAQ,GAAG,WAAW,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/C,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG,SAAS,CAAC;YACvB,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC7B,QAAQ,GAAG,OAAO,CAAC;QACrB,CAAC;aAAM,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC9B,QAAQ,GAAG,QAAQ,CAAC;QACtB,CAAC;aAAM,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC9B,QAAQ,GAAG,QAAQ,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,IAAI,CAAC;QAClB,CAAC;QAKD,IAAI,OAAO,GAAkB,IAAI,CAAC;QAElC,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACpB,OAAO,GAAG,MAAM,CAAC;QACnB,CAAC;aAAM,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YACxC,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;QACpD,CAAC;aAAM,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACrD,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YACzC,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;QACpD,CAAC;aAAM,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YACzC,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;QACtD,CAAC;aAAM,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACjC,OAAO,GAAG,OAAO,CAAC;QACpB,CAAC;aAAM,IAAI,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACpC,OAAO,GAAG,mBAAmB,CAAC;QAChC,CAAC;aAAM,IAAI,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC7B,OAAO,GAAG,OAAO,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC;QAKD,IAAI,UAAU,GAAkB,IAAI,CAAC;QAErC,IAAI,OAAO,IAAI,QAAQ,EAAE,CAAC;YACxB,UAAU,GAAG,GAAG,OAAO,OAAO,QAAQ,EAAE,CAAC;QAC3C,CAAC;aAAM,IAAI,OAAO,EAAE,CAAC;YACnB,UAAU,GAAG,OAAO,CAAC;QACvB,CAAC;aAAM,IAAI,QAAQ,EAAE,CAAC;YACpB,UAAU,GAAG,QAAQ,CAAC;QACxB,CAAC;QAGD,IAAI,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;YACvD,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACvB,MAAM,UAAU,GAAG,EAAE,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;gBACnD,IAAI,UAAU,EAAE,CAAC;oBACf,UAAU,GAAG,UAAU,UAAU,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,QAAQ,IAAI,KAAK,EAAE,CAAC;gBAC5G,CAAC;qBAAM,CAAC;oBACN,UAAU,GAAG,aAAa,QAAQ,IAAI,KAAK,EAAE,CAAC;gBAChD,CAAC;YACH,CAAC;iBAAM,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC5B,UAAU,GAAG,WAAW,QAAQ,IAAI,KAAK,EAAE,CAAC;YAC9C,CAAC;iBAAM,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC/B,UAAU,GAAG,GAAG,OAAO,IAAI,SAAS,OAAO,QAAQ,IAAI,SAAS,EAAE,CAAC;YACrE,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO;YACP,QAAQ;YACR,UAAU;YACV,UAAU;SACX,CAAC;IACJ,CAAC;CACF;AApTD,8CAoTC"}
+{"version":3,"file":"client-info.service.js","sourceRoot":"","sources":["../../src/services/client-info.service.ts"],"names":[],"mappings":";;;AACA,8DAA0D;AAS1D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAa,iBAAiB;IAC5B;QACE,+CAA+C;IACjD,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,GAAG;QACD,MAAM,UAAU,GAAG,gCAAc,CAAC,GAAG,CAAa,aAAa,CAAC,CAAC;QAEjE,qEAAqE;QACrE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO;gBACL,SAAS,EAAE,SAAS;gBACpB,SAAS,EAAE,SAAS;aACO,CAAC;QAChC,CAAC;QAED,OAAO,UAAsC,CAAC;IAChD,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,YAAY;QACV,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,SAAS;SAChC,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,YAAY;QACV,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,SAAS;SAChC,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACH,cAAc;QACZ,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,WAAW;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACH,YAAY;QACV,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,SAAS;SAChC,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACH,WAAW;QACT,OAAO,gCAAc,CAAC,GAAG,CAA8D,eAAe,CAAC,IAAI,IAAI,CAAC;IAClH,CAAC;IAED;;;;;;;;;OASG;IACH,cAAc,CAAC,SAAyB;QAMtC,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC3E,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,IAAI;gBACd,UAAU,EAAE,IAAI;gBAChB,UAAU,EAAE,IAAI;aACjB,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QAEnC,+EAA+E;QAC/E,qBAAqB;QACrB,+EAA+E;QAC/E,IAAI,UAAU,GAA2C,IAAI,CAAC;QAE9D,iBAAiB;QACjB,IAAI,iFAAiF,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC/F,UAAU;YACV,IAAI,mCAAmC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACjD,UAAU,GAAG,QAAQ,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,UAAU,GAAG,QAAQ,CAAC;YACxB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,SAAS,CAAC;QACzB,CAAC;QAED,+EAA+E;QAC/E,qBAAqB;QACrB,+EAA+E;QAC/E,IAAI,QAAQ,GAAkB,IAAI,CAAC;QAEnC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACxB,IAAI,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC9B,QAAQ,GAAG,YAAY,CAAC;YAC1B,CAAC;iBAAM,IAAI,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACrC,QAAQ,GAAG,YAAY,CAAC;YAC1B,CAAC;iBAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACtC,QAAQ,GAAG,aAAa,CAAC;YAC3B,CAAC;iBAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACtC,QAAQ,GAAG,WAAW,CAAC;YACzB,CAAC;iBAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACtC,QAAQ,GAAG,WAAW,CAAC;YACzB,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG,SAAS,CAAC;YACvB,CAAC;QACH,CAAC;aAAM,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC1C,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;YAClD,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACrC,+CAA+C;gBAC/C,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;oBAChB,QAAQ,GAAG,gBAAgB,CAAC;gBAC9B,CAAC;qBAAM,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;oBACvB,QAAQ,GAAG,gBAAgB,CAAC;gBAC9B,CAAC;qBAAM,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;oBACvB,QAAQ,GAAG,eAAe,CAAC;gBAC7B,CAAC;qBAAM,CAAC;oBACN,QAAQ,GAAG,OAAO,CAAC;gBACrB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG,OAAO,CAAC;YACrB,CAAC;QACH,CAAC;aAAM,IAAI,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACxC,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC5C,IAAI,KAAK,EAAE,CAAC;gBACV,QAAQ,GAAG,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG,KAAK,CAAC;YACnB,CAAC;QACH,CAAC;aAAM,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACjD,IAAI,KAAK,EAAE,CAAC;gBACV,QAAQ,GAAG,WAAW,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/C,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG,SAAS,CAAC;YACvB,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC7B,QAAQ,GAAG,OAAO,CAAC;QACrB,CAAC;aAAM,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC9B,QAAQ,GAAG,QAAQ,CAAC;QACtB,CAAC;aAAM,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC9B,QAAQ,GAAG,QAAQ,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,IAAI,CAAC;QAClB,CAAC;QAED,+EAA+E;QAC/E,iBAAiB;QACjB,+EAA+E;QAC/E,IAAI,OAAO,GAAkB,IAAI,CAAC;QAElC,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACpB,OAAO,GAAG,MAAM,CAAC;QACnB,CAAC;aAAM,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YACxC,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;QACpD,CAAC;aAAM,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACrD,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YACzC,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;QACpD,CAAC;aAAM,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YACzC,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;QACtD,CAAC;aAAM,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACjC,OAAO,GAAG,OAAO,CAAC;QACpB,CAAC;aAAM,IAAI,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACpC,OAAO,GAAG,mBAAmB,CAAC;QAChC,CAAC;aAAM,IAAI,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC7B,OAAO,GAAG,OAAO,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC;QAED,+EAA+E;QAC/E,uBAAuB;QACvB,+EAA+E;QAC/E,IAAI,UAAU,GAAkB,IAAI,CAAC;QAErC,IAAI,OAAO,IAAI,QAAQ,EAAE,CAAC;YACxB,UAAU,GAAG,GAAG,OAAO,OAAO,QAAQ,EAAE,CAAC;QAC3C,CAAC;aAAM,IAAI,OAAO,EAAE,CAAC;YACnB,UAAU,GAAG,OAAO,CAAC;QACvB,CAAC;aAAM,IAAI,QAAQ,EAAE,CAAC;YACpB,UAAU,GAAG,QAAQ,CAAC;QACxB,CAAC;QAED,mCAAmC;QACnC,IAAI,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;YACvD,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACvB,MAAM,UAAU,GAAG,EAAE,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;gBACnD,IAAI,UAAU,EAAE,CAAC;oBACf,UAAU,GAAG,UAAU,UAAU,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,QAAQ,IAAI,KAAK,EAAE,CAAC;gBAC5G,CAAC;qBAAM,CAAC;oBACN,UAAU,GAAG,aAAa,QAAQ,IAAI,KAAK,EAAE,CAAC;gBAChD,CAAC;YACH,CAAC;iBAAM,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC5B,UAAU,GAAG,WAAW,QAAQ,IAAI,KAAK,EAAE,CAAC;YAC9C,CAAC;iBAAM,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC/B,UAAU,GAAG,GAAG,OAAO,IAAI,SAAS,OAAO,QAAQ,IAAI,SAAS,EAAE,CAAC;YACrE,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO;YACP,QAAQ;YACR,UAAU;YACV,UAAU;SACX,CAAC;IACJ,CAAC;CACF;AApTD,8CAoTC"}

package/dist/services/csrf.service.d.ts

@@ -1,3 +1,9 @@
+/**
+ * CSRF Protection Service
+ *
+ * Handles CSRF token generation and validation for cookie-based authentication.
+ * Uses cryptographically secure random tokens.
+ */
 import { NAuthConfig } from '../index';
 import { NAuthCookieOptions } from '../platform/interfaces';
 export declare class CsrfService {
@@ -5,7 +11,16 @@ export declare class CsrfService {
     private readonly headerName;
     private readonly cookieOptions;
     constructor(config: NAuthConfig);
+    /**
+     * Generate a new CSRF token
+     * @returns Random 32-byte token as hex string
+     */
     generateToken(): string;
+    /**
+     * Validate CSRF token
+     * Compares token from request header with token from cookie.
+     * Uses constant-time comparison to prevent timing attacks.
+     */
     validateToken(headerToken: string, cookieToken: string): boolean;
     getCookieName(): string;
     getHeaderName(): string;

package/dist/services/csrf.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"csrf.service.d.ts","sourceRoot":"","sources":["../../src/services/csrf.service.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAE5D,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAqB;gBAEvC,MAAM,EAAE,WAAW;IAU/B,aAAa,IAAI,MAAM;IASvB,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO;IAQhE,aAAa,IAAI,MAAM;IAIvB,aAAa,IAAI,MAAM;IAIvB,gBAAgB,IAAI,kBAAkB;CAGvC"}
+{"version":3,"file":"csrf.service.d.ts","sourceRoot":"","sources":["../../src/services/csrf.service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAE5D,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAqB;gBAEvC,MAAM,EAAE,WAAW;IAM/B;;;OAGG;IACH,aAAa,IAAI,MAAM;IAIvB;;;;OAIG;IACH,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO;IAQhE,aAAa,IAAI,MAAM;IAIvB,aAAa,IAAI,MAAM;IAIvB,gBAAgB,IAAI,kBAAkB;CAGvC"}

package/dist/services/csrf.service.js

@@ -1,4 +1,10 @@
 "use strict";
+/**
+ * CSRF Protection Service
+ *
+ * Handles CSRF token generation and validation for cookie-based authentication.
+ * Uses cryptographically secure random tokens.
+ */
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     var desc = Object.getOwnPropertyDescriptor(m, k);
@@ -44,13 +50,23 @@ class CsrfService {
         this.headerName = config.security?.csrf?.headerName || 'x-csrf-token';
         this.cookieOptions = config.security?.csrf?.cookieOptions || {};
     }
+    /**
+     * Generate a new CSRF token
+     * @returns Random 32-byte token as hex string
+     */
     generateToken() {
         return crypto.randomBytes(32).toString('hex');
     }
+    /**
+     * Validate CSRF token
+     * Compares token from request header with token from cookie.
+     * Uses constant-time comparison to prevent timing attacks.
+     */
     validateToken(headerToken, cookieToken) {
         if (!headerToken || !cookieToken) {
             return false;
         }
+        // Constant-time comparison
         return crypto.timingSafeEqual(Buffer.from(headerToken), Buffer.from(cookieToken));
     }
     getCookieName() {

package/dist/services/csrf.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"csrf.service.js","sourceRoot":"","sources":["../../src/services/csrf.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOA,+CAAiC;AAIjC,MAAa,WAAW;IACL,UAAU,CAAS;IACnB,UAAU,CAAS;IACnB,aAAa,CAAqB;IAEnD,YAAY,MAAmB;QAC7B,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,IAAI,kBAAkB,CAAC;QAC1E,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,IAAI,cAAc,CAAC;QACtE,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,aAAa,IAAI,EAAE,CAAC;IAClE,CAAC;IAMD,aAAa;QACX,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAOD,aAAa,CAAC,WAAmB,EAAE,WAAmB;QACpD,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IACpF,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,gBAAgB;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;CACF;AA3CD,kCA2CC"}
+{"version":3,"file":"csrf.service.js","sourceRoot":"","sources":["../../src/services/csrf.service.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,+CAAiC;AAIjC,MAAa,WAAW;IACL,UAAU,CAAS;IACnB,UAAU,CAAS;IACnB,aAAa,CAAqB;IAEnD,YAAY,MAAmB;QAC7B,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,IAAI,kBAAkB,CAAC;QAC1E,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,IAAI,cAAc,CAAC;QACtE,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,aAAa,IAAI,EAAE,CAAC;IAClE,CAAC;IAED;;;OAGG;IACH,aAAa;QACX,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,WAAmB,EAAE,WAAmB;QACpD,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,2BAA2B;QAC3B,OAAO,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IACpF,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,gBAAgB;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;CACF;AA3CD,kCA2CC"}

package/dist/services/email-verification.service.d.ts

@@ -7,6 +7,17 @@ import { ClientInfoService } from './client-info.service';
 import { InternalAuthAuditService as AuthAuditService } from './auth-audit.service';
 import { NAuthLogger } from '../utils/nauth-logger';
 import { SendVerificationEmailDTO, SendVerificationEmailResponseDTO, VerifyEmailWithCodeDTO, VerifyEmailWithTokenDTO, ResendVerificationEmailDTO, ResendVerificationEmailResponseDTO, VerifyEmailResponseDTO } from '../dto/verify-email.dto';
+/**
+ * Email Verification Service
+ *
+ * Handles email verification workflow:
+ * - Generate verification codes
+ * - Send verification emails
+ * - Verify codes with token generation
+ * - Resend with rate limiting
+ *
+ * Supports both code-based (6-digit OTP) and link-based verification.
+ */
 export declare class EmailVerificationService {
     private readonly verificationTokenRepo;
     private readonly userRepo;
@@ -17,14 +28,55 @@ export declare class EmailVerificationService {
     private readonly logger;
     private readonly auditService?;
     constructor(verificationTokenRepo: Repository<BaseVerificationToken>, userRepo: Repository<BaseUser>, emailProvider: EmailProvider, storageAdapter: StorageAdapter, config: NAuthConfig, clientInfoService: ClientInfoService, logger: NAuthLogger, auditService?: AuthAuditService | undefined);
+    /**
+     * Send verification email to user
+     * Generates a new verification code and sends it via email
+     *
+     * @param dto - Request DTO containing sub, baseUrl, and skipAlreadyVerifiedCheck
+     * @returns Response DTO with verification token ID
+     */
     sendVerificationEmail(dto: SendVerificationEmailDTO): Promise<SendVerificationEmailResponseDTO>;
+    /**
+     * Verify email with code (6-digit OTP)
+     * Marks email as verified and activates user account
+     *
+     * @param dto - Request DTO containing email and code
+     * @returns Response DTO with success message
+     */
     verifyEmailWithCode(dto: VerifyEmailWithCodeDTO): Promise<VerifyEmailResponseDTO>;
+    /**
+     * Verify email with link token
+     * Marks email as verified and activates user account
+     *
+     * @param dto - Request DTO containing token
+     * @returns Response DTO with success message
+     */
     verifyEmailWithToken(dto: VerifyEmailWithTokenDTO): Promise<VerifyEmailResponseDTO>;
+    /**
+     * Resend verification email
+     * Supports both sub and email-based resend
+     *
+     * @param dto - Request DTO containing sub or email, and optional baseUrl
+     * @returns Response DTO with verification token ID
+     */
     resendVerificationEmail(dto: ResendVerificationEmailDTO): Promise<ResendVerificationEmailResponseDTO>;
     private resendVerificationEmailBySub;
     private resendVerificationEmailByEmail;
+    /**
+     * Generate 6-digit verification code
+     * @returns 6-digit numeric code
+     */
     private generateCode;
+    /**
+     * Generate secure random token
+     * @returns Random token (32 bytes, hex encoded)
+     */
     private generateToken;
+    /**
+     * Hash token with SHA-256
+     * @param token - Plain token
+     * @returns Hashed token
+     */
     private hashToken;
 }
 //# sourceMappingURL=email-verification.service.d.ts.map

package/dist/services/email-verification.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"email-verification.service.d.ts","sourceRoot":"","sources":["../../src/services/email-verification.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAU,MAAM,SAAS,CAAC;AAE7C,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAIpF,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EACL,wBAAwB,EACxB,gCAAgC,EAChC,sBAAsB,EACtB,uBAAuB,EACvB,0BAA0B,EAC1B,kCAAkC,EAClC,sBAAsB,EACvB,MAAM,yBAAyB,CAAC;AAcjC,qBAAa,wBAAwB;IAEjC,OAAO,CAAC,QAAQ,CAAC,qBAAqB;IACtC,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;gBAPb,qBAAqB,EAAE,UAAU,CAAC,qBAAqB,CAAC,EACxD,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC,EAC9B,aAAa,EAAE,aAAa,EAC5B,cAAc,EAAE,cAAc,EAC9B,MAAM,EAAE,WAAW,EACnB,iBAAiB,EAAE,iBAAiB,EACpC,MAAM,EAAE,WAAW,EACnB,YAAY,CAAC,EAAE,gBAAgB,YAAA;IAU5C,qBAAqB,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,gCAAgC,CAAC;IA6J/F,mBAAmB,CAAC,GAAG,EAAE,sBAAsB,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAsMjF,oBAAoB,CAAC,GAAG,EAAE,uBAAuB,GAAG,OAAO,CAAC,sBAAsB,CAAC;IA8EnF,uBAAuB,CAAC,GAAG,EAAE,0BAA0B,GAAG,OAAO,CAAC,kCAAkC,CAAC;YAa7F,4BAA4B;YA0C5B,8BAA8B;IAgB5C,OAAO,CAAC,YAAY;IAQpB,OAAO,CAAC,aAAa;IASrB,OAAO,CAAC,SAAS;CAGlB"}
+{"version":3,"file":"email-verification.service.d.ts","sourceRoot":"","sources":["../../src/services/email-verification.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAU,MAAM,SAAS,CAAC;AAE7C,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAIpF,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EACL,wBAAwB,EACxB,gCAAgC,EAChC,sBAAsB,EACtB,uBAAuB,EACvB,0BAA0B,EAC1B,kCAAkC,EAClC,sBAAsB,EACvB,MAAM,yBAAyB,CAAC;AAGjC;;;;;;;;;;GAUG;AACH,qBAAa,wBAAwB;IAEjC,OAAO,CAAC,QAAQ,CAAC,qBAAqB;IACtC,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;gBAPb,qBAAqB,EAAE,UAAU,CAAC,qBAAqB,CAAC,EACxD,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC,EAC9B,aAAa,EAAE,aAAa,EAC5B,cAAc,EAAE,cAAc,EAC9B,MAAM,EAAE,WAAW,EACnB,iBAAiB,EAAE,iBAAiB,EACpC,MAAM,EAAE,WAAW,EACnB,YAAY,CAAC,EAAE,gBAAgB,YAAA;IAGlD;;;;;;OAMG;IACG,qBAAqB,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,gCAAgC,CAAC;IAsJrG;;;;;;OAMG;IACG,mBAAmB,CAAC,GAAG,EAAE,sBAAsB,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgMvF;;;;;;OAMG;IACG,oBAAoB,CAAC,GAAG,EAAE,uBAAuB,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAuEzF;;;;;;OAMG;IACG,uBAAuB,CAAC,GAAG,EAAE,0BAA0B,GAAG,OAAO,CAAC,kCAAkC,CAAC;YAa7F,4BAA4B;YA0C5B,8BAA8B;IAY5C;;;OAGG;IACH,OAAO,CAAC,YAAY;IAIpB;;;OAGG;IACH,OAAO,CAAC,aAAa;IAIrB;;;;OAIG;IACH,OAAO,CAAC,SAAS;CAGlB"}