@nauth-toolkit/core 0.1.18 → 0.1.22

package/dist/dto/admin-signup.dto.js

@@ -0,0 +1,317 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AdminSignupResponseDTO = exports.AdminSignupDTO = void 0;
+const class_validator_1 = require("class-validator");
+const class_transformer_1 = require("class-transformer");
+/**
+ * DTO for administrative user creation with override capabilities
+ *
+ * Allows administrators to create user accounts with:
+ * - Bypass email/phone verification requirements
+ * - Force password change on first login
+ * - Auto-generate secure passwords
+ *
+ * Security:
+ * - All fields validated against DB constraints
+ * - Input sanitization applied automatically
+ * - Password strength enforced (8-128 chars) unless auto-generated
+ * - Email/username uniqueness checked in service layer
+ * - Audit trail records admin-created accounts
+ *
+ * Warning: This endpoint should be protected by admin authentication.
+ * The service does not enforce authorization - it is the responsibility
+ * of the framework adapter (NestJS/Express/Fastify) to protect the endpoint.
+ *
+ * @example
+ * ```typescript
+ * // Create user with pre-verified email
+ * const dto: AdminSignupDTO = {
+ *   email: 'user@example.com',
+ *   password: 'SecurePass123!',
+ *   isEmailVerified: true,
+ *   mustChangePassword: false,
+ * };
+ *
+ * // Create user with auto-generated password
+ * const dto: AdminSignupDTO = {
+ *   email: 'user@example.com',
+ *   generatePassword: true,
+ *   isEmailVerified: true,
+ *   mustChangePassword: true, // User must change generated password
+ * };
+ * ```
+ */
+class AdminSignupDTO {
+    /**
+     * User email address
+     *
+     * Validation:
+     * - Valid email format (RFC 5322)
+     * - Max 255 characters (matches DB limit)
+     *
+     * Sanitization:
+     * - Trimmed and lowercased
+     */
+    email;
+    /**
+     * User password
+     *
+     * Required unless `generatePassword` is true.
+     *
+     * Validation:
+     * - Min 8 characters
+     * - Max 128 characters (prevents DoS via bcrypt)
+     * - Additional policy checks in service layer
+     *
+     * Note: NOT trimmed (passwords can have leading/trailing spaces)
+     */
+    password;
+    /**
+     * Optional username
+     *
+     * Validation:
+     * - 3-50 characters
+     * - Alphanumeric, underscores, and hyphens only
+     * - Max 255 characters (DB limit)
+     *
+     * Sanitization:
+     * - Trimmed
+     * - Case preserved (username can be case-sensitive per config)
+     */
+    username;
+    /**
+     * Optional first name
+     *
+     * Validation:
+     * - 1-100 characters
+     * - Letters, spaces, hyphens, and apostrophes only
+     * - Max 100 characters (DB limit)
+     *
+     * Sanitization:
+     * - Trimmed
+     * - Title case preserved
+     */
+    firstName;
+    /**
+     * Optional last name
+     *
+     * Validation:
+     * - 1-100 characters
+     * - Letters, spaces, hyphens, and apostrophes only
+     * - Max 100 characters (DB limit)
+     *
+     * Sanitization:
+     * - Trimmed
+     * - Title case preserved
+     */
+    lastName;
+    /**
+     * Optional phone number
+     *
+     * Validation:
+     * - E.164 format (international standard)
+     * - MUST start with + (required for security)
+     * - Max 20 characters (DB limit)
+     * - Example: +14155552671, +61444567890
+     *
+     * Sanitization:
+     * - Whitespace removed
+     * - Only digits and leading + preserved
+     *
+     * Security:
+     * - Strict E.164 validation prevents SQL injection
+     * - Max length prevents oversized inputs
+     */
+    phone;
+    /**
+     * Optional metadata (custom fields)
+     *
+     * Security:
+     * - Validated in service layer if used
+     * - Max depth/size limits should be enforced
+     */
+    metadata;
+    /**
+     * Bypass email verification requirement
+     *
+     * If true, user's email is marked as verified without sending verification email.
+     * If false (default), user must verify email through normal flow.
+     *
+     * Default: false
+     */
+    isEmailVerified;
+    /**
+     * Bypass phone verification requirement
+     *
+     * If true, user's phone is marked as verified without sending verification SMS.
+     * If false (default), user must verify phone through normal flow.
+     *
+     * Default: false
+     */
+    isPhoneVerified;
+    /**
+     * Force password change on first login
+     *
+     * If true, user will be required to change password on next login.
+     * Useful when auto-generating passwords or when admin sets temporary passwords.
+     *
+     * Default: false
+     */
+    mustChangePassword;
+    /**
+     * Auto-generate secure password
+     *
+     * If true, a cryptographically secure random password will be generated.
+     * The generated password will be returned in the response (returned once only).
+     * Password field is not required when this is true.
+     *
+     * Default: false
+     *
+     * Security: Generated passwords are 16 characters, mixed case, numbers, and special characters.
+     * They are returned once in the response and never stored in plain text.
+     */
+    generatePassword;
+}
+exports.AdminSignupDTO = AdminSignupDTO;
+__decorate([
+    (0, class_validator_1.IsEmail)({}, { message: 'Invalid email format' }),
+    (0, class_validator_1.MaxLength)(255, { message: 'Email must not exceed 255 characters' }),
+    (0, class_transformer_1.Transform)(({ value }) => {
+        if (typeof value === 'string') {
+            return value.trim().toLowerCase();
+        }
+        return value;
+    }),
+    __metadata("design:type", String)
+], AdminSignupDTO.prototype, "email", void 0);
+__decorate([
+    (0, class_validator_1.ValidateIf)((o) => !o.generatePassword),
+    (0, class_validator_1.IsString)({ message: 'Password must be a string' }),
+    (0, class_validator_1.MinLength)(8, { message: 'Password must be at least 8 characters' }),
+    (0, class_validator_1.MaxLength)(128, { message: 'Password must not exceed 128 characters' }),
+    __metadata("design:type", String)
+], AdminSignupDTO.prototype, "password", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)({ message: 'Username must be a string' }),
+    (0, class_validator_1.MinLength)(3, { message: 'Username must be at least 3 characters' }),
+    (0, class_validator_1.MaxLength)(255, { message: 'Username must not exceed 255 characters' }),
+    (0, class_validator_1.Matches)(/^[a-zA-Z0-9_-]+$/, {
+        message: 'Username can only contain letters, numbers, underscores, and hyphens',
+    }),
+    (0, class_transformer_1.Transform)(({ value }) => {
+        if (typeof value === 'string') {
+            return value.trim().toLowerCase();
+        }
+        return value;
+    }),
+    __metadata("design:type", String)
+], AdminSignupDTO.prototype, "username", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)({ message: 'First name must be a string' }),
+    (0, class_validator_1.MinLength)(1, { message: 'First name must be at least 1 character' }),
+    (0, class_validator_1.MaxLength)(100, { message: 'First name must not exceed 100 characters' }),
+    (0, class_validator_1.Matches)(/^[a-zA-Z\s\-']+$/, {
+        message: 'First name can only contain letters, spaces, hyphens, and apostrophes',
+    }),
+    (0, class_transformer_1.Transform)(({ value }) => {
+        if (typeof value === 'string') {
+            return value.trim();
+        }
+        return value;
+    }),
+    __metadata("design:type", String)
+], AdminSignupDTO.prototype, "firstName", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)({ message: 'Last name must be a string' }),
+    (0, class_validator_1.MinLength)(1, { message: 'Last name must be at least 1 character' }),
+    (0, class_validator_1.MaxLength)(100, { message: 'Last name must not exceed 100 characters' }),
+    (0, class_validator_1.Matches)(/^[a-zA-Z\s\-']+$/, {
+        message: 'Last name can only contain letters, spaces, hyphens, and apostrophes',
+    }),
+    (0, class_transformer_1.Transform)(({ value }) => {
+        if (typeof value === 'string') {
+            return value.trim();
+        }
+        return value;
+    }),
+    __metadata("design:type", String)
+], AdminSignupDTO.prototype, "lastName", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)({ message: 'Phone must be a string' }),
+    (0, class_validator_1.MaxLength)(20, { message: 'Phone must not exceed 20 characters' }),
+    (0, class_validator_1.Matches)(/^\+[1-9]\d{1,14}$/, {
+        message: 'Phone must be in E.164 format with + prefix (e.g., +14155552671)',
+    }),
+    (0, class_transformer_1.Transform)(({ value }) => {
+        if (typeof value === 'string') {
+            // Remove all whitespace and keep only digits and +
+            return value.replace(/\s/g, '');
+        }
+        return value;
+    }),
+    __metadata("design:type", String)
+], AdminSignupDTO.prototype, "phone", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    __metadata("design:type", Object)
+], AdminSignupDTO.prototype, "metadata", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsBoolean)({ message: 'isEmailVerified must be a boolean' }),
+    __metadata("design:type", Boolean)
+], AdminSignupDTO.prototype, "isEmailVerified", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsBoolean)({ message: 'isPhoneVerified must be a boolean' }),
+    __metadata("design:type", Boolean)
+], AdminSignupDTO.prototype, "isPhoneVerified", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsBoolean)({ message: 'mustChangePassword must be a boolean' }),
+    __metadata("design:type", Boolean)
+], AdminSignupDTO.prototype, "mustChangePassword", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsBoolean)({ message: 'generatePassword must be a boolean' }),
+    __metadata("design:type", Boolean)
+], AdminSignupDTO.prototype, "generatePassword", void 0);
+/**
+ * Response DTO for admin signup
+ *
+ * Returns the created user object (sanitized, excludes sensitive fields like passwordHash)
+ * and optionally the generated password (only if generatePassword was true in the request).
+ */
+class AdminSignupResponseDTO {
+    /**
+     * Created user object (sanitized)
+     *
+     * Uses UserResponseDto which excludes sensitive fields:
+     * - No passwordHash
+     * - No internal database ID (uses 'sub' UUID instead)
+     * - No MFA secrets
+     * - No internal tracking fields
+     */
+    user;
+    /**
+     * Generated password (only present if generatePassword was true)
+     *
+     * Security: This is returned once and never stored in plain text.
+     * The admin should securely deliver this to the user.
+     */
+    generatedPassword;
+}
+exports.AdminSignupResponseDTO = AdminSignupResponseDTO;
+//# sourceMappingURL=admin-signup.dto.js.map

package/dist/dto/admin-signup.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-signup.dto.js","sourceRoot":"","sources":["../../src/dto/admin-signup.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAsH;AACtH,yDAA8C;AAG9C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAa,cAAc;IACzB;;;;;;;;;OASG;IASH,KAAK,CAAU;IAEf;;;;;;;;;;;OAWG;IAKH,QAAQ,CAAU;IAElB;;;;;;;;;;;OAWG;IAcH,QAAQ,CAAU;IAElB;;;;;;;;;;;OAWG;IAcH,SAAS,CAAU;IAEnB;;;;;;;;;;;OAWG;IAcH,QAAQ,CAAU;IAElB;;;;;;;;;;;;;;;;OAgBG;IAcH,KAAK,CAAU;IAEf;;;;;;OAMG;IAEH,QAAQ,CAA2B;IAEnC;;;;;;;OAOG;IAGH,eAAe,CAAW;IAE1B;;;;;;;OAOG;IAGH,eAAe,CAAW;IAE1B;;;;;;;OAOG;IAGH,kBAAkB,CAAW;IAE7B;;;;;;;;;;;OAWG;IAGH,gBAAgB,CAAW;CAC5B;AArND,wCAqNC;AAlMC;IARC,IAAA,yBAAO,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAChD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;6CACa;AAkBf;IAJC,IAAA,4BAAU,EAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;IACtC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACnE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;gDACrD;AA2BlB;IAbC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACnE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACtE,IAAA,yBAAO,EAAC,kBAAkB,EAAE;QAC3B,OAAO,EAAE,sEAAsE;KAChF,CAAC;IACD,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;gDACgB;AA2BlB;IAbC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;IACpD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACpE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACxE,IAAA,yBAAO,EAAC,kBAAkB,EAAE;QAC3B,OAAO,EAAE,uEAAuE;KACjF,CAAC;IACD,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;iDACiB;AA2BnB;IAbC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACnE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;IACvE,IAAA,yBAAO,EAAC,kBAAkB,EAAE;QAC3B,OAAO,EAAE,sEAAsE;KAChF,CAAC;IACD,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;gDACgB;AAgClB;IAbC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,qCAAqC,EAAE,CAAC;IACjE,IAAA,yBAAO,EAAC,mBAAmB,EAAE;QAC5B,OAAO,EAAE,kEAAkE;KAC5E,CAAC;IACD,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,mDAAmD;YACnD,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAClC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;6CACa;AAUf;IADC,IAAA,4BAAU,GAAE;;gDACsB;AAYnC;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,mCAAmC,EAAE,CAAC;;uDAClC;AAY1B;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,mCAAmC,EAAE,CAAC;;uDAClC;AAY1B;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;0DAClC;AAgB7B;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,oCAAoC,EAAE,CAAC;;wDAClC;AAG7B;;;;;GAKG;AACH,MAAa,sBAAsB;IACjC;;;;;;;;OAQG;IACH,IAAI,CAAmB;IAEvB;;;;;OAKG;IACH,iBAAiB,CAAU;CAC5B;AAnBD,wDAmBC"}

package/dist/dto/auth-response.dto.d.ts

@@ -61,6 +61,20 @@ export declare class AuthResponseDTO {
      * NOTE: Only present when authentication is complete (no pending challenges)
      */
     refreshTokenExpiresAt?: number;
+    /**
+     * Authentication method used to create the current session (when authentication succeeds).
+     *
+     * Semantics:
+     * - `password`: email/username/phone + password login, or password-first flows
+     * - `<provider>`: social login provider that created the session (e.g., `google`, `apple`, `facebook`)
+     *
+     * Notes:
+     * - This is session-scoped state (not account capability). Account capabilities are expressed via:
+     *   - `user.hasPasswordHash`
+     *   - `user.socialProviders`
+     * - Only present when authentication is complete (no pending challenges).
+     */
+    authMethod?: string;
     /**
      * Whether the current device is already trusted
      *

package/dist/dto/auth-response.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-response.dto.d.ts","sourceRoot":"","sources":["../../src/dto/auth-response.dto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAErD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,qBAAa,eAAe;IAC1B;;;;;OAKG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;;;;;OAOG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAE9B;;;;;;;OAOG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,IAAI,CAAC,EAAE;QACL;;;WAGG;QACH,GAAG,EAAE,MAAM,CAAC;QAEZ;;WAEG;QACH,KAAK,EAAE,MAAM,CAAC;QAEd;;WAEG;QACH,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAE1B;;WAEG;QACH,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAEzB;;;WAGG;QACH,KAAK,CAAC,EAAE,MAAM,CAAC;QAEf;;WAEG;QACH,eAAe,EAAE,OAAO,CAAC;QAEzB;;WAEG;QACH,eAAe,CAAC,EAAE,OAAO,CAAC;QAE1B;;;WAGG;QACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAE3B;;;;WAIG;QACH,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,CAAC;IAMF;;;;;;;;;OASG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;;;;;;;;;OAUG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;;;;;;;;;;;;;;OAiBG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE9C;;;;;;OAMG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,oBAAoB,EAAE,MAAM,CAAC;IAE7B;;OAEG;IACH,qBAAqB,EAAE,MAAM,CAAC;CAC/B"}
+{"version":3,"file":"auth-response.dto.d.ts","sourceRoot":"","sources":["../../src/dto/auth-response.dto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAErD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,qBAAa,eAAe;IAC1B;;;;;OAKG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;;;;;OAOG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAE9B;;;;;;;OAOG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B;;;;;;;;;;;;OAYG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,IAAI,CAAC,EAAE;QACL;;;WAGG;QACH,GAAG,EAAE,MAAM,CAAC;QAEZ;;WAEG;QACH,KAAK,EAAE,MAAM,CAAC;QAEd;;WAEG;QACH,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAE1B;;WAEG;QACH,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAEzB;;;WAGG;QACH,KAAK,CAAC,EAAE,MAAM,CAAC;QAEf;;WAEG;QACH,eAAe,EAAE,OAAO,CAAC;QAEzB;;WAEG;QACH,eAAe,CAAC,EAAE,OAAO,CAAC;QAE1B;;;WAGG;QACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAE3B;;;;WAIG;QACH,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,CAAC;IAMF;;;;;;;;;OASG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;;;;;;;;;OAUG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;;;;;;;;;;;;;;OAiBG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE9C;;;;;;OAMG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,oBAAoB,EAAE,MAAM,CAAC;IAE7B;;OAEG;IACH,qBAAqB,EAAE,MAAM,CAAC;CAC/B"}

package/dist/dto/auth-response.dto.js

@@ -63,6 +63,20 @@ class AuthResponseDTO {
      * NOTE: Only present when authentication is complete (no pending challenges)
      */
     refreshTokenExpiresAt;
+    /**
+     * Authentication method used to create the current session (when authentication succeeds).
+     *
+     * Semantics:
+     * - `password`: email/username/phone + password login, or password-first flows
+     * - `<provider>`: social login provider that created the session (e.g., `google`, `apple`, `facebook`)
+     *
+     * Notes:
+     * - This is session-scoped state (not account capability). Account capabilities are expressed via:
+     *   - `user.hasPasswordHash`
+     *   - `user.socialProviders`
+     * - Only present when authentication is complete (no pending challenges).
+     */
+    authMethod;
     /**
      * Whether the current device is already trusted
      *

package/dist/dto/auth-response.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-response.dto.js","sourceRoot":"","sources":["../../src/dto/auth-response.dto.ts"],"names":[],"mappings":";;;AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAa,eAAe;IAC1B;;;;;OAKG;IACH,WAAW,CAAU;IAErB;;;;;OAKG;IACH,YAAY,CAAU;IAEtB;;;;;;;OAOG;IACH,oBAAoB,CAAU;IAE9B;;;;;;;OAOG;IACH,qBAAqB,CAAU;IAE/B;;;;;;;;;;;;OAYG;IACH,OAAO,CAAW;IAElB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,WAAW,CAAU;IAErB;;;;;OAKG;IACH,IAAI,CAkDF;IAEF,+EAA+E;IAC/E,4CAA4C;IAC5C,+EAA+E;IAE/E;;;;;;;;;OASG;IACH,aAAa,CAAiB;IAE9B;;;;;;;;;;OAUG;IACH,OAAO,CAAU;IAEjB;;;;;;;;;;;;;;;;;OAiBG;IACH,mBAAmB,CAA2B;IAE9C;;;;;;OAMG;IACH,OAAO,CAAU;CAClB;AAjMD,0CAiMC"}
+{"version":3,"file":"auth-response.dto.js","sourceRoot":"","sources":["../../src/dto/auth-response.dto.ts"],"names":[],"mappings":";;;AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAa,eAAe;IAC1B;;;;;OAKG;IACH,WAAW,CAAU;IAErB;;;;;OAKG;IACH,YAAY,CAAU;IAEtB;;;;;;;OAOG;IACH,oBAAoB,CAAU;IAE9B;;;;;;;OAOG;IACH,qBAAqB,CAAU;IAE/B;;;;;;;;;;;;OAYG;IACH,UAAU,CAAU;IAEpB;;;;;;;;;;;;OAYG;IACH,OAAO,CAAW;IAElB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,WAAW,CAAU;IAErB;;;;;OAKG;IACH,IAAI,CAkDF;IAEF,+EAA+E;IAC/E,4CAA4C;IAC5C,+EAA+E;IAE/E;;;;;;;;;OASG;IACH,aAAa,CAAiB;IAE9B;;;;;;;;;;OAUG;IACH,OAAO,CAAU;IAEjB;;;;;;;;;;;;;;;;;OAiBG;IACH,mBAAmB,CAA2B;IAE9C;;;;;;OAMG;IACH,OAAO,CAAU;CAClB;AAhND,0CAgNC"}

package/dist/dto/index.d.ts

@@ -1,4 +1,5 @@
 export * from './signup.dto';
+export * from './admin-signup.dto';
 export * from './login.dto';
 export * from './change-password.dto';
 export * from './change-password-request.dto';

package/dist/dto/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/dto/index.ts"],"names":[],"mappings":"AACA,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,sCAAsC,CAAC;AACrD,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AACzC,cAAc,mCAAmC,CAAC;AAClD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AACvC,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,iBAAiB,CAAC;AAChC,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,mBAAmB,CAAC;AAClC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,cAAc,CAAC;AAC7B,cAAc,uBAAuB,CAAC;AACtC,cAAc,kBAAkB,CAAC;AACjC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yCAAyC,CAAC;AACxD,cAAc,0BAA0B,CAAC;AAEzC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,kCAAkC,CAAC;AAEjD,cAAc,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/dto/index.ts"],"names":[],"mappings":"AACA,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC;AACnC,cAAc,aAAa,CAAC;AAC5B,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,sCAAsC,CAAC;AACrD,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AACzC,cAAc,mCAAmC,CAAC;AAClD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AACvC,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,iBAAiB,CAAC;AAChC,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,mBAAmB,CAAC;AAClC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,cAAc,CAAC;AAC7B,cAAc,uBAAuB,CAAC;AACtC,cAAc,kBAAkB,CAAC;AACjC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yCAAyC,CAAC;AACxD,cAAc,0BAA0B,CAAC;AAEzC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,kCAAkC,CAAC;AAEjD,cAAc,mBAAmB,CAAC"}

package/dist/dto/index.js

@@ -16,6 +16,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 // Core Auth DTOs
 __exportStar(require("./signup.dto"), exports);
+__exportStar(require("./admin-signup.dto"), exports);
 __exportStar(require("./login.dto"), exports);
 __exportStar(require("./change-password.dto"), exports);
 __exportStar(require("./change-password-request.dto"), exports);

package/dist/dto/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iBAAiB;AACjB,+CAA6B;AAC7B,8CAA4B;AAC5B,wDAAsC;AACtC,gEAA8C;AAC9C,iEAA+C;AAC/C,sDAAoC;AACpC,oDAAkC;AAClC,uEAAqD;AACrD,qDAAmC;AACnC,qDAAmC;AACnC,4DAA0C;AAC1C,uDAAqC;AACrC,wDAAsC;AACtC,gEAA8C;AAC9C,sDAAoC;AACpC,sDAAoC;AACpC,uDAAqC;AACrC,2DAAyC;AACzC,0DAAwC;AACxC,uDAAqC;AACrC,gEAA8C;AAC9C,2DAAyC;AACzC,oEAAkD;AAClD,8DAA4C;AAC5C,uDAAqC;AACrC,yDAAuC;AACvC,qDAAmC;AACnC,gEAA8C;AAC9C,uDAAqC;AACrC,0DAAwC;AACxC,6DAA2C;AAC3C,kDAAgC;AAChC,wDAAsC;AACtC,wDAAsC;AACtC,gEAA8C;AAC9C,gEAA8C;AAC9C,kEAAgD;AAChD,gEAA8C;AAC9C,oDAAkC;AAClC,6DAA2C;AAC3C,0DAAwC;AACxC,uDAAqC;AACrC,0DAAwC;AACxC,+CAA6B;AAC7B,wDAAsC;AACtC,mDAAiC;AACjC,4DAA0C;AAC1C,iEAA+C;AAC/C,0EAAwD;AACxD,2DAAyC;AACzC,+EAA+E;AAC/E,8DAA4C;AAC5C,mEAAiD;AAEjD,oDAAkC;AAElC,+DAA+D;AAC/D,+CAA+C;AAC/C,mCAAmC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iBAAiB;AACjB,+CAA6B;AAC7B,qDAAmC;AACnC,8CAA4B;AAC5B,wDAAsC;AACtC,gEAA8C;AAC9C,iEAA+C;AAC/C,sDAAoC;AACpC,oDAAkC;AAClC,uEAAqD;AACrD,qDAAmC;AACnC,qDAAmC;AACnC,4DAA0C;AAC1C,uDAAqC;AACrC,wDAAsC;AACtC,gEAA8C;AAC9C,sDAAoC;AACpC,sDAAoC;AACpC,uDAAqC;AACrC,2DAAyC;AACzC,0DAAwC;AACxC,uDAAqC;AACrC,gEAA8C;AAC9C,2DAAyC;AACzC,oEAAkD;AAClD,8DAA4C;AAC5C,uDAAqC;AACrC,yDAAuC;AACvC,qDAAmC;AACnC,gEAA8C;AAC9C,uDAAqC;AACrC,0DAAwC;AACxC,6DAA2C;AAC3C,kDAAgC;AAChC,wDAAsC;AACtC,wDAAsC;AACtC,gEAA8C;AAC9C,gEAA8C;AAC9C,kEAAgD;AAChD,gEAA8C;AAC9C,oDAAkC;AAClC,6DAA2C;AAC3C,0DAAwC;AACxC,uDAAqC;AACrC,0DAAwC;AACxC,+CAA6B;AAC7B,wDAAsC;AACtC,mDAAiC;AACjC,4DAA0C;AAC1C,iEAA+C;AAC/C,0EAAwD;AACxD,2DAAyC;AACzC,+EAA+E;AAC/E,8DAA4C;AAC5C,mEAAiD;AAEjD,oDAAkC;AAElC,+DAA+D;AAC/D,+CAA+C;AAC/C,mCAAmC"}

package/dist/dto/social-auth.dto.d.ts

@@ -285,4 +285,28 @@ export declare class SetPasswordForSocialUserResponseDTO {
      */
     message: string;
 }
+/**
+ * DTO for exchanging a social redirect exchange token
+ *
+ * Used in redirect-first social login flow. The backend redirects back to the frontend
+ * with an `exchangeToken` in the URL, and the frontend exchanges it for an AuthResponse.
+ *
+ * Security:
+ * - Exchange token validated for length
+ * - One-time use (consumed immediately)
+ * - Short TTL (default: 60 seconds)
+ */
+export declare class SocialExchangeDTO {
+    /**
+     * One-time exchange token from callback redirect URL
+     *
+     * Validation:
+     * - Must be non-empty string
+     * - Max 500 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    exchangeToken: string;
+}
 //# sourceMappingURL=social-auth.dto.d.ts.map

package/dist/dto/social-auth.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"social-auth.dto.d.ts","sourceRoot":"","sources":["../../src/dto/social-auth.dto.ts"],"names":[],"mappings":"AAGA;;;;;;GAMG;AACH,qBAAa,mBAAmB;IAC9B;;;;;;;;;OASG;IASH,QAAQ,EAAG,MAAM,CAAC;IAElB;;;;;;;;;OASG;IAUH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,qBAAa,2BAA2B;IACtC;;OAEG;IACH,GAAG,EAAG,MAAM,CAAC;CACd;AAED;;;;;;;GAOG;AACH,qBAAa,uBAAuB;IAClC;;;;;;;;;OASG;IASH,QAAQ,EAAG,MAAM,CAAC;IAElB;;;;;;;;;OASG;IASH,IAAI,EAAG,MAAM,CAAC;IAEd;;;;;;;;;OASG;IASH,KAAK,EAAG,MAAM,CAAC;CAChB;AAED;;;;;;;GAOG;AACH,qBAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;;;;;OASG;IASH,QAAQ,EAAG,MAAM,CAAC;IAElB;;;;;;;;;OASG;IASH,IAAI,EAAG,MAAM,CAAC;IAEd;;;;;;;;;OASG;IASH,KAAK,EAAG,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,qBAAa,4BAA4B;IACvC;;OAEG;IACH,OAAO,EAAG,MAAM,CAAC;IAEjB;;OAEG;IACH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;;;;GAKG;AACH,qBAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,4BAA4B;IACvC;;OAEG;IACH,QAAQ,EAAG,KAAK,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,EAAE,IAAI,CAAC;QACf,UAAU,CAAC,EAAE,IAAI,CAAC;KACnB,CAAC,CAAC;CACJ;AAED;;;;;;GAMG;AACH,qBAAa,sBAAsB;IACjC;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;;;;;OASG;IASH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,8BAA8B;IACzC;;OAEG;IACH,OAAO,EAAG,MAAM,CAAC;CAClB;AAED;;;;;GAKG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,yBAAyB;IACpC;;OAEG;IACH,cAAc,EAAG,OAAO,CAAC;CAC1B;AAED;;;;;;GAMG;AACH,qBAAa,2BAA2B;IACtC;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;;;;;;OAUG;IAIH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,mCAAmC;IAC9C;;OAEG;IACH,OAAO,EAAG,MAAM,CAAC;CAClB"}
+{"version":3,"file":"social-auth.dto.d.ts","sourceRoot":"","sources":["../../src/dto/social-auth.dto.ts"],"names":[],"mappings":"AAGA;;;;;;GAMG;AACH,qBAAa,mBAAmB;IAC9B;;;;;;;;;OASG;IASH,QAAQ,EAAG,MAAM,CAAC;IAElB;;;;;;;;;OASG;IAUH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,qBAAa,2BAA2B;IACtC;;OAEG;IACH,GAAG,EAAG,MAAM,CAAC;CACd;AAED;;;;;;;GAOG;AACH,qBAAa,uBAAuB;IAClC;;;;;;;;;OASG;IASH,QAAQ,EAAG,MAAM,CAAC;IAElB;;;;;;;;;OASG;IASH,IAAI,EAAG,MAAM,CAAC;IAEd;;;;;;;;;OASG;IASH,KAAK,EAAG,MAAM,CAAC;CAChB;AAED;;;;;;;GAOG;AACH,qBAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;;;;;OASG;IASH,QAAQ,EAAG,MAAM,CAAC;IAElB;;;;;;;;;OASG;IASH,IAAI,EAAG,MAAM,CAAC;IAEd;;;;;;;;;OASG;IASH,KAAK,EAAG,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,qBAAa,4BAA4B;IACvC;;OAEG;IACH,OAAO,EAAG,MAAM,CAAC;IAEjB;;OAEG;IACH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;;;;GAKG;AACH,qBAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,4BAA4B;IACvC;;OAEG;IACH,QAAQ,EAAG,KAAK,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,EAAE,IAAI,CAAC;QACf,UAAU,CAAC,EAAE,IAAI,CAAC;KACnB,CAAC,CAAC;CACJ;AAED;;;;;;GAMG;AACH,qBAAa,sBAAsB;IACjC;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;;;;;OASG;IASH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,8BAA8B;IACzC;;OAEG;IACH,OAAO,EAAG,MAAM,CAAC;CAClB;AAED;;;;;GAKG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,yBAAyB;IACpC;;OAEG;IACH,cAAc,EAAG,OAAO,CAAC;CAC1B;AAED;;;;;;GAMG;AACH,qBAAa,2BAA2B;IACtC;;;;;;;;OAQG;IAQH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;;;;;;OAUG;IAIH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,mCAAmC;IAC9C;;OAEG;IACH,OAAO,EAAG,MAAM,CAAC;CAClB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;;;;OASG;IASH,aAAa,EAAG,MAAM,CAAC;CACxB"}

package/dist/dto/social-auth.dto.js

@@ -9,7 +9,7 @@ var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SetPasswordForSocialUserResponseDTO = exports.SetPasswordForSocialUserDTO = exports.CanSetPasswordResponseDTO = exports.CanSetPasswordDTO = exports.UnlinkSocialAccountResponseDTO = exports.UnlinkSocialAccountDTO = exports.GetLinkedAccountsResponseDTO = exports.GetLinkedAccountsDTO = exports.LinkSocialAccountResponseDTO = exports.LinkSocialAccountDTO = exports.HandleSocialCallbackDTO = exports.GetSocialAuthUrlResponseDTO = exports.GetSocialAuthUrlDTO = void 0;
+exports.SocialExchangeDTO = exports.SetPasswordForSocialUserResponseDTO = exports.SetPasswordForSocialUserDTO = exports.CanSetPasswordResponseDTO = exports.CanSetPasswordDTO = exports.UnlinkSocialAccountResponseDTO = exports.UnlinkSocialAccountDTO = exports.GetLinkedAccountsResponseDTO = exports.GetLinkedAccountsDTO = exports.LinkSocialAccountResponseDTO = exports.LinkSocialAccountDTO = exports.HandleSocialCallbackDTO = exports.GetSocialAuthUrlResponseDTO = exports.GetSocialAuthUrlDTO = void 0;
 const class_validator_1 = require("class-validator");
 const class_transformer_1 = require("class-transformer");
 /**
@@ -463,4 +463,40 @@ class SetPasswordForSocialUserResponseDTO {
     message;
 }
 exports.SetPasswordForSocialUserResponseDTO = SetPasswordForSocialUserResponseDTO;
+/**
+ * DTO for exchanging a social redirect exchange token
+ *
+ * Used in redirect-first social login flow. The backend redirects back to the frontend
+ * with an `exchangeToken` in the URL, and the frontend exchanges it for an AuthResponse.
+ *
+ * Security:
+ * - Exchange token validated for length
+ * - One-time use (consumed immediately)
+ * - Short TTL (default: 60 seconds)
+ */
+class SocialExchangeDTO {
+    /**
+     * One-time exchange token from callback redirect URL
+     *
+     * Validation:
+     * - Must be non-empty string
+     * - Max 500 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    exchangeToken;
+}
+exports.SocialExchangeDTO = SocialExchangeDTO;
+__decorate([
+    (0, class_validator_1.IsString)({ message: 'exchangeToken must be a string' }),
+    (0, class_validator_1.MaxLength)(500, { message: 'exchangeToken must not exceed 500 characters' }),
+    (0, class_transformer_1.Transform)(({ value }) => {
+        if (typeof value === 'string') {
+            return value.trim();
+        }
+        return value;
+    }),
+    __metadata("design:type", String)
+], SocialExchangeDTO.prototype, "exchangeToken", void 0);
 //# sourceMappingURL=social-auth.dto.js.map

package/dist/dto/social-auth.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"social-auth.dto.js","sourceRoot":"","sources":["../../src/dto/social-auth.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAqF;AACrF,yDAA8C;AAE9C;;;;;;GAMG;AACH,MAAa,mBAAmB;IAC9B;;;;;;;;;OASG;IASH,QAAQ,CAAU;IAElB;;;;;;;;;OASG;IAUH,KAAK,CAAU;CAChB;AAzCD,kDAyCC;AAtBC;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAE,CAAC;IACzE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACgB;AAqBlB;IATC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;kDACa;AAGjB;;GAEG;AACH,MAAa,2BAA2B;IACtC;;OAEG;IACH,GAAG,CAAU;CACd;AALD,kEAKC;AAED;;;;;;;GAOG;AACH,MAAa,uBAAuB;IAClC;;;;;;;;;OASG;IASH,QAAQ,CAAU;IAElB;;;;;;;;;OASG;IASH,IAAI,CAAU;IAEd;;;;;;;;;OASG;IASH,KAAK,CAAU;CAChB;AA5DD,0DA4DC;AAzCC;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAE,CAAC;IACzE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACgB;AAoBlB;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;IAC9C,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,oDAAoD,EAAE,CAAC;IAClF,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACY;AAoBd;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;sDACa;AAGjB;;;;;;;GAOG;AACH,MAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,CAAU;IAEhB;;;;;;;;;OASG;IASH,QAAQ,CAAU;IAElB;;;;;;;;;OASG;IASH,IAAI,CAAU;IAEd;;;;;;;;;OASG;IASH,KAAK,CAAU;CAChB;AA9ED,oDA8EC;AA7DC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;oDACc;AAoBhB;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAE,CAAC;IACzE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;sDACgB;AAoBlB;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;IAC9C,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,oDAAoD,EAAE,CAAC;IAClF,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;kDACY;AAoBd;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;mDACa;AAGjB;;GAEG;AACH,MAAa,4BAA4B;IACvC;;OAEG;IACH,OAAO,CAAU;IAEjB;;OAEG;IACH,QAAQ,CAAU;CACnB;AAVD,oEAUC;AAED;;;;;GAKG;AACH,MAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,CAAU;CACjB;AAlBD,oDAkBC;AADC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;oDACc;AAGlB;;GAEG;AACH,MAAa,4BAA4B;IACvC;;OAEG;IACH,QAAQ,CAKL;CACJ;AAVD,oEAUC;AAED;;;;;;GAMG;AACH,MAAa,sBAAsB;IACjC;;;;;;;;OAQG;IAQH,MAAM,CAAU;IAEhB;;;;;;;;;OASG;IASH,QAAQ,CAAU;CACnB;AAtCD,wDAsCC;AArBC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;sDACc;AAoBhB;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAE,CAAC;IACzE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;wDACgB;AAGpB;;GAEG;AACH,MAAa,8BAA8B;IACzC;;OAEG;IACH,OAAO,CAAU;CAClB;AALD,wEAKC;AAED;;;;;GAKG;AACH,MAAa,iBAAiB;IAC5B;;;;;;;;OAQG;IAQH,MAAM,CAAU;CACjB;AAlBD,8CAkBC;AADC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;iDACc;AAGlB;;GAEG;AACH,MAAa,yBAAyB;IACpC;;OAEG;IACH,cAAc,CAAW;CAC1B;AALD,8DAKC;AAED;;;;;;GAMG;AACH,MAAa,2BAA2B;IACtC;;;;;;;;OAQG;IAQH,MAAM,CAAU;IAEhB;;;;;;;;;;OAUG;IAIH,QAAQ,CAAU;CACnB;AAlCD,kEAkCC;AAjBC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;2DACc;AAgBhB;IAHC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;IACjD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;6DACrD;AAGpB;;GAEG;AACH,MAAa,mCAAmC;IAC9C;;OAEG;IACH,OAAO,CAAU;CAClB;AALD,kFAKC"}
+{"version":3,"file":"social-auth.dto.js","sourceRoot":"","sources":["../../src/dto/social-auth.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAqF;AACrF,yDAA8C;AAE9C;;;;;;GAMG;AACH,MAAa,mBAAmB;IAC9B;;;;;;;;;OASG;IASH,QAAQ,CAAU;IAElB;;;;;;;;;OASG;IAUH,KAAK,CAAU;CAChB;AAzCD,kDAyCC;AAtBC;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAE,CAAC;IACzE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACgB;AAqBlB;IATC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;kDACa;AAGjB;;GAEG;AACH,MAAa,2BAA2B;IACtC;;OAEG;IACH,GAAG,CAAU;CACd;AALD,kEAKC;AAED;;;;;;;GAOG;AACH,MAAa,uBAAuB;IAClC;;;;;;;;;OASG;IASH,QAAQ,CAAU;IAElB;;;;;;;;;OASG;IASH,IAAI,CAAU;IAEd;;;;;;;;;OASG;IASH,KAAK,CAAU;CAChB;AA5DD,0DA4DC;AAzCC;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAE,CAAC;IACzE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACgB;AAoBlB;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;IAC9C,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,oDAAoD,EAAE,CAAC;IAClF,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACY;AAoBd;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;sDACa;AAGjB;;;;;;;GAOG;AACH,MAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,CAAU;IAEhB;;;;;;;;;OASG;IASH,QAAQ,CAAU;IAElB;;;;;;;;;OASG;IASH,IAAI,CAAU;IAEd;;;;;;;;;OASG;IASH,KAAK,CAAU;CAChB;AA9ED,oDA8EC;AA7DC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;oDACc;AAoBhB;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAE,CAAC;IACzE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;sDACgB;AAoBlB;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;IAC9C,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,oDAAoD,EAAE,CAAC;IAClF,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;kDACY;AAoBd;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;mDACa;AAGjB;;GAEG;AACH,MAAa,4BAA4B;IACvC;;OAEG;IACH,OAAO,CAAU;IAEjB;;OAEG;IACH,QAAQ,CAAU;CACnB;AAVD,oEAUC;AAED;;;;;GAKG;AACH,MAAa,oBAAoB;IAC/B;;;;;;;;OAQG;IAQH,MAAM,CAAU;CACjB;AAlBD,oDAkBC;AADC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;oDACc;AAGlB;;GAEG;AACH,MAAa,4BAA4B;IACvC;;OAEG;IACH,QAAQ,CAKL;CACJ;AAVD,oEAUC;AAED;;;;;;GAMG;AACH,MAAa,sBAAsB;IACjC;;;;;;;;OAQG;IAQH,MAAM,CAAU;IAEhB;;;;;;;;;OASG;IASH,QAAQ,CAAU;CACnB;AAtCD,wDAsCC;AArBC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;sDACc;AAoBhB;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAE,CAAC;IACzE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;wDACgB;AAGpB;;GAEG;AACH,MAAa,8BAA8B;IACzC;;OAEG;IACH,OAAO,CAAU;CAClB;AALD,wEAKC;AAED;;;;;GAKG;AACH,MAAa,iBAAiB;IAC5B;;;;;;;;OAQG;IAQH,MAAM,CAAU;CACjB;AAlBD,8CAkBC;AADC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;iDACc;AAGlB;;GAEG;AACH,MAAa,yBAAyB;IACpC;;OAEG;IACH,cAAc,CAAW;CAC1B;AALD,8DAKC;AAED;;;;;;GAMG;AACH,MAAa,2BAA2B;IACtC;;;;;;;;OAQG;IAQH,MAAM,CAAU;IAEhB;;;;;;;;;;OAUG;IAIH,QAAQ,CAAU;CACnB;AAlCD,kEAkCC;AAjBC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;2DACc;AAgBhB;IAHC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IAClD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;IACjD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;6DACrD;AAGpB;;GAEG;AACH,MAAa,mCAAmC;IAC9C;;OAEG;IACH,OAAO,CAAU;CAClB;AALD,kFAKC;AAED;;;;;;;;;;GAUG;AACH,MAAa,iBAAiB;IAC5B;;;;;;;;;OASG;IASH,aAAa,CAAU;CACxB;AApBD,8CAoBC;AADC;IARC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;IACvD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC;IAC3E,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;wDACqB"}

package/dist/entities/user.entity.d.ts

@@ -44,8 +44,16 @@ export declare class BaseUser {
     /**
      * Hashed password (Argon2)
      * NULL for social-only accounts
+     * SECURITY: This field should be excluded from select queries when returning user objects.
+     * Use hasPasswordHash boolean flag instead.
      */
     passwordHash: string | null;
+    /**
+     * Whether this user has a password set
+     * Computed field - derived from passwordHash at runtime via @AfterLoad hook
+     * Never expose passwordHash directly; use this boolean flag instead
+     */
+    hasPasswordHash?: boolean;
     /**
      * When password was last changed
      * Used for password expiry policies

package/dist/entities/user.entity.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"user.entity.d.ts","sourceRoot":"","sources":["../../src/entities/user.entity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,qBAAa,QAAQ;IACnB;;;;OAIG;IACH,EAAE,EAAG,MAAM,CAAC;IAEZ;;;;OAIG;IACH,GAAG,EAAG,MAAM,CAAC;IAEb;;OAEG;IACH,QAAQ,EAAG,MAAM,GAAG,IAAI,CAAC;IAEzB;;OAEG;IACH,SAAS,EAAG,MAAM,GAAG,IAAI,CAAC;IAE1B;;OAEG;IACH,QAAQ,EAAG,MAAM,GAAG,IAAI,CAAC;IAEzB;;OAEG;IACH,KAAK,EAAG,MAAM,CAAC;IAEf;;OAEG;IACH,KAAK,EAAG,MAAM,GAAG,IAAI,CAAC;IAEtB;;;OAGG;IACH,YAAY,EAAG,MAAM,GAAG,IAAI,CAAC;IAE7B;;;OAGG;IACH,iBAAiB,EAAG,IAAI,GAAG,IAAI,CAAC;IAEhC;;;OAGG;IACH,eAAe,EAAG,MAAM,EAAE,GAAG,IAAI,CAAC;IAElC;;;;OAIG;IACH,kBAAkB,EAAG,OAAO,CAAC;IAE7B;;OAEG;IACH,eAAe,EAAG,OAAO,CAAC;IAE1B;;OAEG;IACH,eAAe,EAAG,OAAO,CAAC;IAE1B;;;OAGG;IACH,QAAQ,EAAG,OAAO,CAAC;IAEnB;;;OAGG;IACH,QAAQ,EAAG,OAAO,CAAC;IAEnB;;OAEG;IACH,UAAU,EAAG,MAAM,GAAG,IAAI,CAAC;IAE3B;;OAEG;IACH,QAAQ,EAAG,IAAI,GAAG,IAAI,CAAC;IAEvB;;OAEG;IACH,WAAW,EAAG,IAAI,GAAG,IAAI,CAAC;IAE1B;;OAEG;IACH,mBAAmB,EAAG,MAAM,CAAC;IAE7B;;OAEG;IACH,iBAAiB,EAAG,IAAI,GAAG,IAAI,CAAC;IAEhC;;OAEG;IACH,WAAW,EAAG,IAAI,GAAG,IAAI,CAAC;IAE1B;;OAEG;IACH,WAAW,EAAG,MAAM,GAAG,IAAI,CAAC;IAE5B;;OAEG;IACH,UAAU,EAAG,OAAO,CAAC;IAErB;;;OAGG;IACH,UAAU,EAAG,MAAM,EAAE,GAAG,IAAI,CAAC;IAE7B;;OAEG;IACH,aAAa,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAE5B;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAE3B;;;OAGG;IACH,WAAW,EAAG,MAAM,EAAE,GAAG,IAAI,CAAC;IAE9B;;;OAGG;IACH,kBAAkB,EAAG,MAAM,GAAG,IAAI,CAAC;IAEnC;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB;;;;;;;OAOG;IACH,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEhC;;;;;;OAMG;IACH,kBAAkB,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAEjC;;;;;;OAMG;IACH,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEnC;;;;OAIG;IACH,aAAa,EAAG,OAAO,CAAC;IAExB;;;;OAIG;IACH,eAAe,EAAG,MAAM,EAAE,GAAG,IAAI,CAAC;IAElC;;;OAGG;IACH,QAAQ,EAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAE1C;;OAEG;IACH,SAAS,EAAG,IAAI,CAAC;IAEjB;;OAEG;IACH,SAAS,EAAG,IAAI,CAAC;IAEjB;;;OAGG;IACH,SAAS,EAAG,IAAI,GAAG,IAAI,CAAC;CACzB"}
+{"version":3,"file":"user.entity.d.ts","sourceRoot":"","sources":["../../src/entities/user.entity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,qBAAa,QAAQ;IACnB;;;;OAIG;IACH,EAAE,EAAG,MAAM,CAAC;IAEZ;;;;OAIG;IACH,GAAG,EAAG,MAAM,CAAC;IAEb;;OAEG;IACH,QAAQ,EAAG,MAAM,GAAG,IAAI,CAAC;IAEzB;;OAEG;IACH,SAAS,EAAG,MAAM,GAAG,IAAI,CAAC;IAE1B;;OAEG;IACH,QAAQ,EAAG,MAAM,GAAG,IAAI,CAAC;IAEzB;;OAEG;IACH,KAAK,EAAG,MAAM,CAAC;IAEf;;OAEG;IACH,KAAK,EAAG,MAAM,GAAG,IAAI,CAAC;IAEtB;;;;;OAKG;IACH,YAAY,EAAG,MAAM,GAAG,IAAI,CAAC;IAE7B;;;;OAIG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;;OAGG;IACH,iBAAiB,EAAG,IAAI,GAAG,IAAI,CAAC;IAEhC;;;OAGG;IACH,eAAe,EAAG,MAAM,EAAE,GAAG,IAAI,CAAC;IAElC;;;;OAIG;IACH,kBAAkB,EAAG,OAAO,CAAC;IAE7B;;OAEG;IACH,eAAe,EAAG,OAAO,CAAC;IAE1B;;OAEG;IACH,eAAe,EAAG,OAAO,CAAC;IAE1B;;;OAGG;IACH,QAAQ,EAAG,OAAO,CAAC;IAEnB;;;OAGG;IACH,QAAQ,EAAG,OAAO,CAAC;IAEnB;;OAEG;IACH,UAAU,EAAG,MAAM,GAAG,IAAI,CAAC;IAE3B;;OAEG;IACH,QAAQ,EAAG,IAAI,GAAG,IAAI,CAAC;IAEvB;;OAEG;IACH,WAAW,EAAG,IAAI,GAAG,IAAI,CAAC;IAE1B;;OAEG;IACH,mBAAmB,EAAG,MAAM,CAAC;IAE7B;;OAEG;IACH,iBAAiB,EAAG,IAAI,GAAG,IAAI,CAAC;IAEhC;;OAEG;IACH,WAAW,EAAG,IAAI,GAAG,IAAI,CAAC;IAE1B;;OAEG;IACH,WAAW,EAAG,MAAM,GAAG,IAAI,CAAC;IAE5B;;OAEG;IACH,UAAU,EAAG,OAAO,CAAC;IAErB;;;OAGG;IACH,UAAU,EAAG,MAAM,EAAE,GAAG,IAAI,CAAC;IAE7B;;OAEG;IACH,aAAa,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAE5B;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAE3B;;;OAGG;IACH,WAAW,EAAG,MAAM,EAAE,GAAG,IAAI,CAAC;IAE9B;;;OAGG;IACH,kBAAkB,EAAG,MAAM,GAAG,IAAI,CAAC;IAEnC;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB;;;;;;;OAOG;IACH,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEhC;;;;;;OAMG;IACH,kBAAkB,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAEjC;;;;;;OAMG;IACH,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEnC;;;;OAIG;IACH,aAAa,EAAG,OAAO,CAAC;IAExB;;;;OAIG;IACH,eAAe,EAAG,MAAM,EAAE,GAAG,IAAI,CAAC;IAElC;;;OAGG;IACH,QAAQ,EAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAE1C;;OAEG;IACH,SAAS,EAAG,IAAI,CAAC;IAEjB;;OAEG;IACH,SAAS,EAAG,IAAI,CAAC;IAEjB;;;OAGG;IACH,SAAS,EAAG,IAAI,GAAG,IAAI,CAAC;CACzB"}

package/dist/entities/user.entity.js

@@ -47,8 +47,16 @@ class BaseUser {
     /**
      * Hashed password (Argon2)
      * NULL for social-only accounts
+     * SECURITY: This field should be excluded from select queries when returning user objects.
+     * Use hasPasswordHash boolean flag instead.
      */
     passwordHash;
+    /**
+     * Whether this user has a password set
+     * Computed field - derived from passwordHash at runtime via @AfterLoad hook
+     * Never expose passwordHash directly; use this boolean flag instead
+     */
+    hasPasswordHash;
     /**
      * When password was last changed
      * Used for password expiry policies

package/dist/entities/user.entity.js.map

@@ -1 +1 @@
-{"version":3,"file":"user.entity.js","sourceRoot":"","sources":["../../src/entities/user.entity.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACH,MAAa,QAAQ;IACnB;;;;OAIG;IACH,EAAE,CAAU;IAEZ;;;;OAIG;IACH,GAAG,CAAU;IAEb;;OAEG;IACH,QAAQ,CAAiB;IAEzB;;OAEG;IACH,SAAS,CAAiB;IAE1B;;OAEG;IACH,QAAQ,CAAiB;IAEzB;;OAEG;IACH,KAAK,CAAU;IAEf;;OAEG;IACH,KAAK,CAAiB;IAEtB;;;OAGG;IACH,YAAY,CAAiB;IAE7B;;;OAGG;IACH,iBAAiB,CAAe;IAEhC;;;OAGG;IACH,eAAe,CAAmB;IAElC;;;;OAIG;IACH,kBAAkB,CAAW;IAE7B;;OAEG;IACH,eAAe,CAAW;IAE1B;;OAEG;IACH,eAAe,CAAW;IAE1B;;;OAGG;IACH,QAAQ,CAAW;IAEnB;;;OAGG;IACH,QAAQ,CAAW;IAEnB;;OAEG;IACH,UAAU,CAAiB;IAE3B;;OAEG;IACH,QAAQ,CAAe;IAEvB;;OAEG;IACH,WAAW,CAAe;IAE1B;;OAEG;IACH,mBAAmB,CAAU;IAE7B;;OAEG;IACH,iBAAiB,CAAe;IAEhC;;OAEG;IACH,WAAW,CAAe;IAE1B;;OAEG;IACH,WAAW,CAAiB;IAE5B;;OAEG;IACH,UAAU,CAAW;IAErB;;;OAGG;IACH,UAAU,CAAmB;IAE7B;;OAEG;IACH,aAAa,CAAe;IAE5B;;;OAGG;IACH,UAAU,CAAiB;IAE3B;;;OAGG;IACH,WAAW,CAAmB;IAE9B;;;OAGG;IACH,kBAAkB,CAAiB;IAEnC;;;;;;;;;;OAUG;IACH,SAAS,CAAW;IAEpB;;;;;;;OAOG;IACH,eAAe,CAAiB;IAEhC;;;;;;OAMG;IACH,kBAAkB,CAAe;IAEjC;;;;;;OAMG;IACH,kBAAkB,CAAiB;IAEnC;;;;OAIG;IACH,aAAa,CAAW;IAExB;;;;OAIG;IACH,eAAe,CAAmB;IAElC;;;OAGG;IACH,QAAQ,CAAkC;IAE1C;;OAEG;IACH,SAAS,CAAQ;IAEjB;;OAEG;IACH,SAAS,CAAQ;IAEjB;;;OAGG;IACH,SAAS,CAAe;CACzB;AAxOD,4BAwOC"}
+{"version":3,"file":"user.entity.js","sourceRoot":"","sources":["../../src/entities/user.entity.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACH,MAAa,QAAQ;IACnB;;;;OAIG;IACH,EAAE,CAAU;IAEZ;;;;OAIG;IACH,GAAG,CAAU;IAEb;;OAEG;IACH,QAAQ,CAAiB;IAEzB;;OAEG;IACH,SAAS,CAAiB;IAE1B;;OAEG;IACH,QAAQ,CAAiB;IAEzB;;OAEG;IACH,KAAK,CAAU;IAEf;;OAEG;IACH,KAAK,CAAiB;IAEtB;;;;;OAKG;IACH,YAAY,CAAiB;IAE7B;;;;OAIG;IACH,eAAe,CAAW;IAE1B;;;OAGG;IACH,iBAAiB,CAAe;IAEhC;;;OAGG;IACH,eAAe,CAAmB;IAElC;;;;OAIG;IACH,kBAAkB,CAAW;IAE7B;;OAEG;IACH,eAAe,CAAW;IAE1B;;OAEG;IACH,eAAe,CAAW;IAE1B;;;OAGG;IACH,QAAQ,CAAW;IAEnB;;;OAGG;IACH,QAAQ,CAAW;IAEnB;;OAEG;IACH,UAAU,CAAiB;IAE3B;;OAEG;IACH,QAAQ,CAAe;IAEvB;;OAEG;IACH,WAAW,CAAe;IAE1B;;OAEG;IACH,mBAAmB,CAAU;IAE7B;;OAEG;IACH,iBAAiB,CAAe;IAEhC;;OAEG;IACH,WAAW,CAAe;IAE1B;;OAEG;IACH,WAAW,CAAiB;IAE5B;;OAEG;IACH,UAAU,CAAW;IAErB;;;OAGG;IACH,UAAU,CAAmB;IAE7B;;OAEG;IACH,aAAa,CAAe;IAE5B;;;OAGG;IACH,UAAU,CAAiB;IAE3B;;;OAGG;IACH,WAAW,CAAmB;IAE9B;;;OAGG;IACH,kBAAkB,CAAiB;IAEnC;;;;;;;;;;OAUG;IACH,SAAS,CAAW;IAEpB;;;;;;;OAOG;IACH,eAAe,CAAiB;IAEhC;;;;;;OAMG;IACH,kBAAkB,CAAe;IAEjC;;;;;;OAMG;IACH,kBAAkB,CAAiB;IAEnC;;;;OAIG;IACH,aAAa,CAAW;IAExB;;;;OAIG;IACH,eAAe,CAAmB;IAElC;;;OAGG;IACH,QAAQ,CAAkC;IAE1C;;OAEG;IACH,SAAS,CAAQ;IAEjB;;OAEG;IACH,SAAS,CAAQ;IAEjB;;;OAGG;IACH,SAAS,CAAe;CACzB;AAjPD,4BAiPC"}

package/dist/handlers/auth.handler.d.ts

@@ -7,8 +7,7 @@
  * This handler operates purely on NAuthRequest interface.
  * Context is managed by the adapter, not this handler.
  */
-import { Repository } from 'typeorm';
-import { NAuthConfig, BaseUser, NAuthLogger } from '../index';
+import { NAuthConfig, NAuthLogger, AuthService } from '../index';
 import { JwtService, SessionService } from '../internal';
 import { NAuthRequest, NAuthResponse } from '../platform/interfaces';
 /**
@@ -20,10 +19,10 @@ import { NAuthRequest, NAuthResponse } from '../platform/interfaces';
 export declare class AuthHandler {
     private jwtService;
     private sessionService;
-    private userRepository;
+    private authService;
     private config;
     private logger?;
-    constructor(jwtService: JwtService, sessionService: SessionService, userRepository: Repository<BaseUser>, config: NAuthConfig, logger?: NAuthLogger | undefined);
+    constructor(jwtService: JwtService, sessionService: SessionService, authService: AuthService, config: NAuthConfig, logger?: NAuthLogger | undefined);
     /**
      * Handle request - validate token and attach user
      *
@@ -42,9 +41,5 @@ export declare class AuthHandler {
      * Update CLIENT_INFO with user ID from token
      */
     private updateClientInfoUserId;
-    /**
-     * Get fields to select when loading user
-     */
-    private getUserSelectFields;
 }
 //# sourceMappingURL=auth.handler.d.ts.map

package/dist/handlers/auth.handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/auth.handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EACL,WAAW,EAIX,QAAQ,EAER,WAAW,EAGZ,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAErE;;;;;GAKG;AACH,qBAAa,WAAW;IAEpB,OAAO,CAAC,UAAU;IAClB,OAAO,CAAC,cAAc;IACtB,OAAO,CAAC,cAAc;IACtB,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,MAAM,CAAC;gBAJP,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,cAAc,EAC9B,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EACpC,MAAM,EAAE,WAAW,EACnB,MAAM,CAAC,EAAE,WAAW,YAAA;IAG9B;;;;OAIG;IACU,MAAM,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAqG5G;;OAEG;IACH,OAAO,CAAC,YAAY;IA2CpB;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAYjC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAY9B;;OAEG;IACH,OAAO,CAAC,mBAAmB;CAkC5B"}
+{"version":3,"file":"auth.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/auth.handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,WAAW,EAKX,WAAW,EAGX,WAAW,EACZ,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAErE;;;;;GAKG;AACH,qBAAa,WAAW;IAEpB,OAAO,CAAC,UAAU;IAClB,OAAO,CAAC,cAAc;IACtB,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,MAAM,CAAC;gBAJP,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,cAAc,EAC9B,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,WAAW,EACnB,MAAM,CAAC,EAAE,WAAW,YAAA;IAG9B;;;;OAIG;IACU,MAAM,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IA2F5G;;OAEG;IACH,OAAO,CAAC,YAAY;IA2CpB;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAYjC;;OAEG;IACH,OAAO,CAAC,sBAAsB;CAW/B"}