@nauth-toolkit/core 0.1.18 → 0.1.22

package/dist/handlers/auth.handler.js

@@ -20,13 +20,13 @@ const index_1 = require("../index");
 class AuthHandler {
     jwtService;
     sessionService;
-    userRepository;
+    authService;
     config;
     logger;
-    constructor(jwtService, sessionService, userRepository, config, logger) {
+    constructor(jwtService, sessionService, authService, config, logger) {
         this.jwtService = jwtService;
         this.sessionService = sessionService;
-        this.userRepository = userRepository;
+        this.authService = authService;
         this.config = config;
         this.logger = logger;
     }
@@ -74,21 +74,13 @@ class AuthHandler {
                 await next();
                 return;
             }
-            // Load user
-            const user = await this.userRepository.findOne({
-                select: this.getUserSelectFields(),
-                where: { sub: validation.payload.sub },
-            });
-            if (!user) {
-                this.logger?.warn?.('User not found:', validation.payload.sub);
-                await next();
-                return;
-            }
-            if (!user.isActive) {
-                this.logger?.warn?.('Account is not active:', user.sub);
-                await next();
-                return;
-            }
+            // Load user via AuthService (service-first architecture)
+            // AuthService.getUserForAuthContext handles:
+            // - User lookup by sub
+            // - Active status check
+            // - Computing hasPasswordHash from passwordHash
+            // - Removing sensitive fields (passwordHash, totpSecret, backupCodes, passwordHistory)
+            const user = await this.authService.getUserForAuthContext(validation.payload.sub);
             // Optimistic locking check - ensure session wasn't modified during request
             const revalidated = await this.sessionService.findByIdLight(sessionId);
             if (!revalidated || revalidated.version !== initialVersion || revalidated.isRevoked) {
@@ -177,43 +169,6 @@ class AuthHandler {
             }
         }
     }
-    /**
-     * Get fields to select when loading user
-     */
-    getUserSelectFields() {
-        return [
-            'id',
-            'sub',
-            'username',
-            'firstName',
-            'lastName',
-            'email',
-            'phone',
-            'isEmailVerified',
-            'isPhoneVerified',
-            'isActive',
-            'mustChangePassword',
-            'isLocked',
-            'lockReason',
-            'lockedAt',
-            'lockedUntil',
-            'failedLoginAttempts',
-            'lastFailedLoginAt',
-            'lastLoginAt',
-            'lastLoginIp',
-            'hasSocialAuth',
-            'socialProviders',
-            'mfaEnabled',
-            'mfaMethods',
-            'preferredMfaMethod',
-            'mfaExempt',
-            'mfaExemptReason',
-            'mfaExemptGrantedAt',
-            'metadata',
-            'createdAt',
-            'updatedAt',
-        ];
-    }
 }
 exports.AuthHandler = AuthHandler;
 //# sourceMappingURL=auth.handler.js.map

package/dist/handlers/auth.handler.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.handler.js","sourceRoot":"","sources":["../../src/handlers/auth.handler.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAGH,oCAUkB;AAIlB;;;;;GAKG;AACH,MAAa,WAAW;IAEZ;IACA;IACA;IACA;IACA;IALV,YACU,UAAsB,EACtB,cAA8B,EAC9B,cAAoC,EACpC,MAAmB,EACnB,MAAoB;QAJpB,eAAU,GAAV,UAAU,CAAY;QACtB,mBAAc,GAAd,cAAc,CAAgB;QAC9B,mBAAc,GAAd,cAAc,CAAsB;QACpC,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAc;IAC3B,CAAC;IAEJ;;;;OAIG;IACI,KAAK,CAAC,MAAM,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgC;QAC1F,IAAI,CAAC;YACH,oCAAoC;YACpC,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;gBAC/B,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YAErC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,6DAA6D;gBAC7D,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAEpE,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACtB,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,gBAAgB,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;gBACzD,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,mBAAmB;YACnB,MAAM,SAAS,GAAG,UAAU,CAAC,OAAQ,CAAC,SAAS,CAAC;YAChD,MAAM,MAAM,GAAG,UAAU,CAAC,OAAQ,CAAC,GAAG,CAAC,CAAC,sCAAsC;YAC9E,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;YAEnE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC;gBACtD,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC;YAEvC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtB,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,2BAA2B,EAAE,SAAS,CAAC,CAAC;gBAC5D,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBACnC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,sBAAsB,EAAE,SAAS,CAAC,CAAC;gBACxD,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,YAAY;YACZ,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,IAAI,CAAC,mBAAmB,EAAE;gBAClC,KAAK,EAAE,EAAE,GAAG,EAAE,UAAU,CAAC,OAAQ,CAAC,GAAG,EAAE;aACxC,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,iBAAiB,EAAE,UAAU,CAAC,OAAQ,CAAC,GAAG,CAAC,CAAC;gBAChE,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnB,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,wBAAwB,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;gBACxD,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,2EAA2E;YAC3E,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;YACvE,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,OAAO,KAAK,cAAc,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;gBACpF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,gEAAgE,CAAC,CAAC;gBACvF,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,+BAA+B;YAC/B,GAAG,CAAC,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC;YAC3B,GAAG,CAAC,UAAU,CAAC,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC;YAE1C,6CAA6C;YAC7C,sBAAc,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;YACzC,sBAAc,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;YACtD,sBAAc,CAAC,GAAG,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;YAEjD,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,QAAQ,IAAI,CAAC,GAAG,6BAA6B,CAAC,CAAC;YAEpE,+CAA+C;YAC/C,IAAI,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAC;YAC1C,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;YAEpC,MAAM,IAAI,EAAE,CAAC;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,wBAAwB,EACxB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EACtD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CACjD,CAAC;YACF,MAAM,IAAI,EAAE,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,GAAiB;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,IAAI,MAAM,CAAC;QAE3D,wBAAwB;QACxB,MAAM,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAClD,MAAM,WAAW,GAAG,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEvF,wBAAwB;QACxB,MAAM,qBAAqB,GAAG,IAAA,gCAAwB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;QAEvD,iCAAiC;QACjC,MAAM,SAAS,GAAG,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC;QAEpD,IAAI,SAAS,GAAuB,MAAM,CAAC;QAE3C,IAAI,SAAS,EAAE,CAAC;YACd,SAAS,GAAG,SAAS,CAAC;QACxB,CAAC;aAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,kDAAkD;YAClD,SAAS,GAAG,IAAA,iCAAyB,EAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC;QACxD,CAAC;QAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,+CAA+C;YAC/C,IAAI,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;gBAChC,MAAM,IAAI,sBAAc,CACtB,qBAAa,CAAC,kBAAkB,EAChC,oDAAoD,CACrD,CAAC;YACJ,CAAC;YACD,OAAO,WAAW,IAAI,IAAI,CAAC;QAC7B,CAAC;QAED,sCAAsC;QACtC,IAAI,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YAChC,MAAM,IAAI,sBAAc,CAAC,qBAAa,CAAC,mBAAmB,EAAE,kDAAkD,CAAC,CAAC;QAClH,CAAC;QACD,OAAO,WAAW,IAAI,IAAI,CAAC;IAC7B,CAAC;IAED;;OAEG;IACK,yBAAyB,CAAC,SAA0B;QAC1D,MAAM,UAAU,GAAG,sBAAc,CAAC,GAAG,CAAc,aAAa,CAAC,CAAC;QAClE,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,eAAe,GAAG,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,CAAC;YAEpG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;gBACnD,UAAU,CAAC,SAAS,GAAG,eAAe,CAAC;gBACvC,sBAAc,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,MAAuB;QACpD,MAAM,UAAU,GAAG,sBAAc,CAAC,GAAG,CAAc,aAAa,CAAC,CAAC;QAClE,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;YAExF,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;gBAC7C,UAAU,CAAC,MAAM,GAAG,YAAY,CAAC;gBACjC,sBAAc,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,mBAAmB;QACzB,OAAO;YACL,IAAI;YACJ,KAAK;YACL,UAAU;YACV,WAAW;YACX,UAAU;YACV,OAAO;YACP,OAAO;YACP,iBAAiB;YACjB,iBAAiB;YACjB,UAAU;YACV,oBAAoB;YACpB,UAAU;YACV,YAAY;YACZ,UAAU;YACV,aAAa;YACb,qBAAqB;YACrB,mBAAmB;YACnB,aAAa;YACb,aAAa;YACb,eAAe;YACf,iBAAiB;YACjB,YAAY;YACZ,YAAY;YACZ,oBAAoB;YACpB,WAAW;YACX,iBAAiB;YACjB,oBAAoB;YACpB,UAAU;YACV,WAAW;YACX,WAAW;SACU,CAAC;IAC1B,CAAC;CACF;AApOD,kCAoOC"}
+{"version":3,"file":"auth.handler.js","sourceRoot":"","sources":["../../src/handlers/auth.handler.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAEH,oCAUkB;AAIlB;;;;;GAKG;AACH,MAAa,WAAW;IAEZ;IACA;IACA;IACA;IACA;IALV,YACU,UAAsB,EACtB,cAA8B,EAC9B,WAAwB,EACxB,MAAmB,EACnB,MAAoB;QAJpB,eAAU,GAAV,UAAU,CAAY;QACtB,mBAAc,GAAd,cAAc,CAAgB;QAC9B,gBAAW,GAAX,WAAW,CAAa;QACxB,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAc;IAC3B,CAAC;IAEJ;;;;OAIG;IACI,KAAK,CAAC,MAAM,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgC;QAC1F,IAAI,CAAC;YACH,oCAAoC;YACpC,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;gBAC/B,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YAErC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,6DAA6D;gBAC7D,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAEpE,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACtB,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,gBAAgB,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;gBACzD,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,mBAAmB;YACnB,MAAM,SAAS,GAAG,UAAU,CAAC,OAAQ,CAAC,SAAS,CAAC;YAChD,MAAM,MAAM,GAAG,UAAU,CAAC,OAAQ,CAAC,GAAG,CAAC,CAAC,sCAAsC;YAC9E,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;YAEnE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC;gBACtD,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC;YAEvC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtB,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,2BAA2B,EAAE,SAAS,CAAC,CAAC;gBAC5D,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBACnC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,sBAAsB,EAAE,SAAS,CAAC,CAAC;gBACxD,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,yDAAyD;YACzD,6CAA6C;YAC7C,uBAAuB;YACvB,wBAAwB;YACxB,gDAAgD;YAChD,uFAAuF;YACvF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,qBAAqB,CAAC,UAAU,CAAC,OAAQ,CAAC,GAAG,CAAC,CAAC;YAEnF,2EAA2E;YAC3E,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;YACvE,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,OAAO,KAAK,cAAc,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;gBACpF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,gEAAgE,CAAC,CAAC;gBACvF,MAAM,IAAI,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,+BAA+B;YAC/B,GAAG,CAAC,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC;YAC3B,GAAG,CAAC,UAAU,CAAC,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC;YAE1C,6CAA6C;YAC7C,sBAAc,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;YACzC,sBAAc,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;YACtD,sBAAc,CAAC,GAAG,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;YAEjD,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,QAAQ,IAAI,CAAC,GAAG,6BAA6B,CAAC,CAAC;YAEpE,+CAA+C;YAC/C,IAAI,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAC;YAC1C,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;YAEpC,MAAM,IAAI,EAAE,CAAC;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAClB,wBAAwB,EACxB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EACtD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CACjD,CAAC;YACF,MAAM,IAAI,EAAE,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,GAAiB;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,IAAI,MAAM,CAAC;QAE3D,wBAAwB;QACxB,MAAM,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAClD,MAAM,WAAW,GAAG,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEvF,wBAAwB;QACxB,MAAM,qBAAqB,GAAG,IAAA,gCAAwB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;QAEvD,iCAAiC;QACjC,MAAM,SAAS,GAAG,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC;QAEpD,IAAI,SAAS,GAAuB,MAAM,CAAC;QAE3C,IAAI,SAAS,EAAE,CAAC;YACd,SAAS,GAAG,SAAS,CAAC;QACxB,CAAC;aAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,kDAAkD;YAClD,SAAS,GAAG,IAAA,iCAAyB,EAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC;QACxD,CAAC;QAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,+CAA+C;YAC/C,IAAI,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;gBAChC,MAAM,IAAI,sBAAc,CACtB,qBAAa,CAAC,kBAAkB,EAChC,oDAAoD,CACrD,CAAC;YACJ,CAAC;YACD,OAAO,WAAW,IAAI,IAAI,CAAC;QAC7B,CAAC;QAED,sCAAsC;QACtC,IAAI,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YAChC,MAAM,IAAI,sBAAc,CAAC,qBAAa,CAAC,mBAAmB,EAAE,kDAAkD,CAAC,CAAC;QAClH,CAAC;QACD,OAAO,WAAW,IAAI,IAAI,CAAC;IAC7B,CAAC;IAED;;OAEG;IACK,yBAAyB,CAAC,SAA0B;QAC1D,MAAM,UAAU,GAAG,sBAAc,CAAC,GAAG,CAAc,aAAa,CAAC,CAAC;QAClE,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,eAAe,GAAG,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,CAAC;YAEpG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;gBACnD,UAAU,CAAC,SAAS,GAAG,eAAe,CAAC;gBACvC,sBAAc,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,MAAuB;QACpD,MAAM,UAAU,GAAG,sBAAc,CAAC,GAAG,CAAc,aAAa,CAAC,CAAC;QAClE,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;YAExF,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;gBAC7C,UAAU,CAAC,MAAM,GAAG,YAAY,CAAC;gBACjC,sBAAc,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;CACF;AApLD,kCAoLC"}

package/dist/handlers/csrf.handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"csrf.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,WAAW,EAAiC,WAAW,EAAE,MAAM,UAAU,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAKrE;;;;GAIG;AACH,qBAAa,WAAW;IAEpB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAFP,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,WAAW,EACnB,MAAM,CAAC,EAAE,WAAW,YAAA;IAGvC;;;;OAIG;IACU,MAAM,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAkC3G;;OAEG;YACW,sBAAsB;IAgCpC;;;;;OAKG;YACW,aAAa;CA0C5B"}
+{"version":3,"file":"csrf.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,WAAW,EAAiC,WAAW,EAAE,MAAM,UAAU,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAKrE;;;;GAIG;AACH,qBAAa,WAAW;IAEpB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAFP,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,WAAW,EACnB,MAAM,CAAC,EAAE,WAAW,YAAA;IAGvC;;;;OAIG;IACU,MAAM,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAkC3G;;OAEG;YACW,sBAAsB;IAsCpC;;;;;OAKG;YACW,aAAa;CA0C5B"}

package/dist/handlers/csrf.handler.js

@@ -77,14 +77,19 @@ class CsrfHandler {
         }
         // Generate new token
         const token = this.csrfService.generateToken();
+        // Allow per-app override, but default to readable cookie (NOT httpOnly)
+        // so browser clients can send the value back in the CSRF header.
+        const csrfCookieOptions = this.csrfService.getCookieOptions();
         // Build cookie options
         const cookieOptions = {
-            httpOnly: true, // Prevents XSS access to token
+            // CSRF token is not a secret; it must be readable by JS to be sent as a header.
+            // If an app wants httpOnly CSRF (header-based acquisition), they can override via config.
+            httpOnly: csrfCookieOptions.httpOnly ?? false,
             secure: this.config.tokenDelivery?.cookieOptions?.secure ?? true,
             sameSite: (this.config.tokenDelivery?.cookieOptions?.sameSite || 'strict'),
             domain: this.config.tokenDelivery?.cookieOptions?.domain,
             path: '/',
-            ...this.csrfService.getCookieOptions(),
+            ...csrfCookieOptions,
         };
         // Set cookie
         res.setCookie(cookieName, token, cookieOptions);

package/dist/handlers/csrf.handler.js.map

@@ -1 +1 @@
-{"version":3,"file":"csrf.handler.js","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAEH,oCAAmF;AAInF,sDAAsD;AACtD,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAEhD;;;;GAIG;AACH,MAAa,WAAW;IAEH;IACA;IACA;IAHnB,YACmB,WAAwB,EACxB,MAAmB,EACnB,MAAoB;QAFpB,gBAAW,GAAX,WAAW,CAAa;QACxB,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAc;IACpC,CAAC;IAEJ;;;;OAIG;IACI,KAAK,CAAC,MAAM,CAAC,GAAiB,EAAE,GAAkB,EAAE,IAAgC;QACzF,kDAAkD;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,IAAI,MAAM,CAAC;QAC3D,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,0CAA0C;QAC1C,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC5C,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,yCAAyC;QACzC,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC/B,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,sBAAsB;QACtB,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,aAAa,IAAI,EAAE,CAAC;QACtE,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,mEAAmE;QACnE,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAE9B,MAAM,IAAI,EAAE,CAAC;IACf,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAAC,GAAiB,EAAE,GAAkB;QACxE,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,aAAa,EAAE,CAAC;YAClB,+CAA+C;YAC/C,OAAO,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;YACrC,OAAO;QACT,CAAC;QAED,qBAAqB;QACrB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAE/C,uBAAuB;QACvB,MAAM,aAAa,GAAG;YACpB,QAAQ,EAAE,IAAI,EAAE,+BAA+B;YAC/C,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM,IAAI,IAAI;YAChE,QAAQ,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,QAAQ,IAAI,QAAQ,CAA8B;YACvG,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM;YACxD,IAAI,EAAE,GAAG;YACT,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE;SACvC,CAAC;QAEF,aAAa;QACb,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC;QAEhD,kEAAkE;QAClE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,EAAE,KAAK,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,8BAA8B,CAAC,CAAC;IACvD,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,aAAa,CAAC,GAAiB;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAEpD,gCAAgC;QAChC,IAAI,gBAAgB,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,gBAAgB,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YAClC,2BAA2B;YAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,IAA+B,CAAC;YACjD,gBAAgB,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,CAAuB,CAAC;QACpG,CAAC;QAED,wBAAwB;QACxB,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE5C,iCAAiC;QACjC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAChD,qBAAa,CAAC,kBAAkB,EAChC,gCAAgC,UAAU,0DAA0D,UAAU,UAAU,CACzH,CAAC;YACF,OAAO;QACT,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAChD,qBAAa,CAAC,kBAAkB,EAChC,kEAAkE,CACnE,CAAC;YACF,OAAO;QACT,CAAC;QAED,yBAAyB;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,WAAW,CAAC,CAAC;QAEtF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAAC,qBAAa,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;YAC7G,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,mCAAmC,CAAC,CAAC;IAC5D,CAAC;CACF;AAjID,kCAiIC"}
+{"version":3,"file":"csrf.handler.js","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAEH,oCAAmF;AAInF,sDAAsD;AACtD,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAEhD;;;;GAIG;AACH,MAAa,WAAW;IAEH;IACA;IACA;IAHnB,YACmB,WAAwB,EACxB,MAAmB,EACnB,MAAoB;QAFpB,gBAAW,GAAX,WAAW,CAAa;QACxB,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAc;IACpC,CAAC;IAEJ;;;;OAIG;IACI,KAAK,CAAC,MAAM,CAAC,GAAiB,EAAE,GAAkB,EAAE,IAAgC;QACzF,kDAAkD;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,IAAI,MAAM,CAAC;QAC3D,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,0CAA0C;QAC1C,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC5C,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,yCAAyC;QACzC,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC/B,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,sBAAsB;QACtB,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,aAAa,IAAI,EAAE,CAAC;QACtE,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,mEAAmE;QACnE,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAE9B,MAAM,IAAI,EAAE,CAAC;IACf,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAAC,GAAiB,EAAE,GAAkB;QACxE,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,aAAa,EAAE,CAAC;YAClB,+CAA+C;YAC/C,OAAO,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;YACrC,OAAO;QACT,CAAC;QAED,qBAAqB;QACrB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAE/C,wEAAwE;QACxE,iEAAiE;QACjE,MAAM,iBAAiB,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC;QAE9D,uBAAuB;QACvB,MAAM,aAAa,GAAG;YACpB,gFAAgF;YAChF,0FAA0F;YAC1F,QAAQ,EAAE,iBAAiB,CAAC,QAAQ,IAAI,KAAK;YAC7C,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM,IAAI,IAAI;YAChE,QAAQ,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,QAAQ,IAAI,QAAQ,CAA8B;YACvG,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM;YACxD,IAAI,EAAE,GAAG;YACT,GAAG,iBAAiB;SACrB,CAAC;QAEF,aAAa;QACb,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC;QAEhD,kEAAkE;QAClE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,EAAE,KAAK,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,8BAA8B,CAAC,CAAC;IACvD,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,aAAa,CAAC,GAAiB;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAEpD,gCAAgC;QAChC,IAAI,gBAAgB,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,gBAAgB,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YAClC,2BAA2B;YAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,IAA+B,CAAC;YACjD,gBAAgB,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,CAAuB,CAAC;QACpG,CAAC;QAED,wBAAwB;QACxB,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE5C,iCAAiC;QACjC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAChD,qBAAa,CAAC,kBAAkB,EAChC,gCAAgC,UAAU,0DAA0D,UAAU,UAAU,CACzH,CAAC;YACF,OAAO;QACT,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAChD,qBAAa,CAAC,kBAAkB,EAChC,kEAAkE,CACnE,CAAC;YACF,OAAO;QACT,CAAC;QAED,yBAAyB;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,WAAW,CAAC,CAAC;QAEtF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAAC,qBAAa,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;YAC7G,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,mCAAmC,CAAC,CAAC;IAC5D,CAAC;CACF;AAvID,kCAuIC"}

package/dist/handlers/social-redirect.handler.d.ts

@@ -0,0 +1,136 @@
+import { AuthResponseDTO } from '../dto/auth-response.dto';
+import { NAuthConfig } from '../interfaces/config.interface';
+import { ISocialAuthStateStore } from '../interfaces/social-auth-state-store.interface';
+import { StorageAdapter } from '../interfaces/storage-adapter.interface';
+import { NAuthCookieOptions } from '../platform/interfaces';
+import { SocialAuthService } from '../services/social-auth.service';
+import { NAuthLogger } from '../utils/nauth-logger';
+/**
+ * Social Redirect Handler (framework-neutral)
+ *
+ * Consumer backends should implement their own HTTP controllers/routes and delegate to this handler.
+ * The handler returns a small "response recipe" that the consumer applies to their framework response.
+ *
+ * Key properties:
+ * - Backend-first redirect (provider -> backend callback -> frontend)
+ * - Cluster-safe CSRF `state` storage via `ISocialAuthStateStore` (StorageAdapter-backed)
+ * - Optional `appState` round-trip (opaque string, URL-encoded)
+ * - Supports `cookies`, `json`, and `hybrid` (origin-based) delivery modes
+ *
+ * @example
+ * ```typescript
+ * // NestJS controller pseudocode
+ * const start = await socialRedirect.start({ provider: 'google', returnTo: '/auth/callback', appState: '12345', req });
+ * return res.redirect(start.redirectUrl);
+ *
+ * const cb = await socialRedirect.callback({ provider: 'google', code, state, req });
+ * cb.cookies?.forEach((c) => res.setCookie(c.name, c.value, c.options));
+ * return res.redirect(cb.redirectUrl);
+ *
+ * const auth = await socialRedirect.exchange(exchangeToken);
+ * return auth;
+ * ```
+ */
+export declare class SocialRedirectHandler {
+    private readonly config;
+    private readonly socialAuthService;
+    private readonly socialStateStore;
+    private readonly storage;
+    private readonly logger?;
+    private readonly csrfService;
+    private readonly exchangeTtlSeconds;
+    constructor(config: NAuthConfig, socialAuthService: SocialAuthService, socialStateStore: ISocialAuthStateStore, storage: StorageAdapter, logger?: NAuthLogger | undefined, exchangeTtlSeconds?: number);
+    /**
+     * Start redirect-first social login.
+     *
+     * @param input - Start parameters
+     * @returns Redirect recipe to send user to the provider authorization URL
+     * @throws {NAuthException} When provider/returnTo are invalid or config is missing
+     */
+    start(input: SocialRedirectStartInput): Promise<SocialRedirectStartResult>;
+    /**
+     * Handle provider callback and produce a frontend redirect recipe.
+     *
+     * @param input - Callback parameters from provider (GET query or POST form_post)
+     * @returns Redirect recipe to send user back to frontend with `appState` (and optional `exchangeToken`)
+     * @throws {NAuthException} When required params are missing/invalid
+     */
+    callback(input: SocialRedirectCallbackInput): Promise<SocialRedirectCallbackResult>;
+    /**
+     * Exchange a short-lived exchange token for an AuthResponse.
+     *
+     * @param exchangeToken - One-time token from callback redirect URL
+     * @returns AuthResponse payload (tokens or challenge)
+     * @throws {NAuthException} When exchangeToken is invalid/expired
+     */
+    exchange(exchangeToken: string): Promise<AuthResponseDTO>;
+    private buildAuthCookies;
+    private buildCsrfCookie;
+    private getFrontendBaseUrl;
+    private buildFrontendRedirectUrl;
+    private appendQuery;
+    private resolveEffectiveDelivery;
+    private getRouteDeliveryOverrideFromRequest;
+    private normalizeProvider;
+    private getExchangeKey;
+    private safeParseExchangePayload;
+}
+/**
+ * Start input for redirect-first social login.
+ */
+export interface SocialRedirectStartInput {
+    /** OAuth provider (google|apple|facebook) */
+    provider: string;
+    /** Frontend path or URL to return to (default: `/auth/callback`) */
+    returnTo?: string;
+    /** Optional application state to round-trip back to frontend */
+    appState?: string;
+    /** Optional action (default: `login`) */
+    action?: 'login' | 'link';
+    /** Request object for hybrid origin-based delivery */
+    req?: unknown;
+}
+/**
+ * Callback input for redirect-first social login.
+ */
+export interface SocialRedirectCallbackInput {
+    provider: string;
+    code?: string;
+    state?: string;
+    error?: string;
+    errorDescription?: string;
+    req?: unknown;
+}
+/**
+ * Cookie instruction returned by SocialRedirectHandler.
+ */
+export interface SocialRedirectCookie {
+    name: string;
+    value: string;
+    options?: NAuthCookieOptions;
+}
+/**
+ * Start redirect result.
+ */
+export interface SocialRedirectStartResult {
+    redirectUrl: string;
+}
+/**
+ * Callback redirect result.
+ */
+export interface SocialRedirectCallbackResult {
+    redirectUrl: string;
+    cookies?: SocialRedirectCookie[];
+    /**
+     * AuthResponse payload, only populated when:
+     * - effective delivery is `cookies`, AND
+     * - the social callback produced tokens
+     *
+     * This enables frameworks with automatic cookie delivery (e.g., NestJS interceptor + `@TokenDelivery()`)
+     * to set cookies without consumer code manually iterating over `cookies`.
+     *
+     * ⚠️ WARNING: Do not log this value (contains tokens).
+     */
+    authResponse?: AuthResponseDTO;
+}
+//# sourceMappingURL=social-redirect.handler.d.ts.map

package/dist/handlers/social-redirect.handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"social-redirect.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/social-redirect.handler.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE3D,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,iDAAiD,CAAC;AACxF,OAAO,EAAE,cAAc,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AAQpE,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,qBAAa,qBAAqB;IAK9B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;IAR1B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAS;gBAGzB,MAAM,EAAE,WAAW,EACnB,iBAAiB,EAAE,iBAAiB,EACpC,gBAAgB,EAAE,qBAAqB,EACvC,OAAO,EAAE,cAAc,EACvB,MAAM,CAAC,EAAE,WAAW,YAAA,EACrC,kBAAkB,GAAE,MAAW;IAMjC;;;;;;OAMG;IACG,KAAK,CAAC,KAAK,EAAE,wBAAwB,GAAG,OAAO,CAAC,yBAAyB,CAAC;IAuBhF;;;;;;OAMG;IACG,QAAQ,CAAC,KAAK,EAAE,2BAA2B,GAAG,OAAO,CAAC,4BAA4B,CAAC;IA2DzF;;;;;;OAMG;IACG,QAAQ,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAyB/D,OAAO,CAAC,gBAAgB;IAyDxB,OAAO,CAAC,eAAe;IA0BvB,OAAO,CAAC,kBAAkB;IAU1B,OAAO,CAAC,wBAAwB;IAyBhC,OAAO,CAAC,WAAW;IAYnB,OAAO,CAAC,wBAAwB;IAiChC,OAAO,CAAC,mCAAmC;IAM3C,OAAO,CAAC,iBAAiB;IAWzB,OAAO,CAAC,cAAc;IAItB,OAAO,CAAC,wBAAwB;CAYjC;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,6CAA6C;IAC7C,QAAQ,EAAE,MAAM,CAAC;IACjB,oEAAoE;IACpE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yCAAyC;IACzC,MAAM,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IAC1B,sDAAsD;IACtD,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,oBAAoB,EAAE,CAAC;IACjC;;;;;;;;;OASG;IACH,YAAY,CAAC,EAAE,eAAe,CAAC;CAChC"}