@nauth-toolkit/core 0.1.18 → 0.1.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/storage.factory.d.ts.map +1 -1
- package/dist/adapters/storage.factory.js +250 -18
- package/dist/adapters/storage.factory.js.map +1 -1
- package/dist/bootstrap.d.ts.map +1 -1
- package/dist/bootstrap.js +3 -2
- package/dist/bootstrap.js.map +1 -1
- package/dist/dto/admin-signup.dto.d.ts +196 -0
- package/dist/dto/admin-signup.dto.d.ts.map +1 -0
- package/dist/dto/admin-signup.dto.js +317 -0
- package/dist/dto/admin-signup.dto.js.map +1 -0
- package/dist/dto/auth-response.dto.d.ts +14 -0
- package/dist/dto/auth-response.dto.d.ts.map +1 -1
- package/dist/dto/auth-response.dto.js +14 -0
- package/dist/dto/auth-response.dto.js.map +1 -1
- package/dist/dto/index.d.ts +1 -0
- package/dist/dto/index.d.ts.map +1 -1
- package/dist/dto/index.js +1 -0
- package/dist/dto/index.js.map +1 -1
- package/dist/dto/social-auth.dto.d.ts +24 -0
- package/dist/dto/social-auth.dto.d.ts.map +1 -1
- package/dist/dto/social-auth.dto.js +37 -1
- package/dist/dto/social-auth.dto.js.map +1 -1
- package/dist/entities/user.entity.d.ts +8 -0
- package/dist/entities/user.entity.d.ts.map +1 -1
- package/dist/entities/user.entity.js +8 -0
- package/dist/entities/user.entity.js.map +1 -1
- package/dist/handlers/auth.handler.d.ts +3 -8
- package/dist/handlers/auth.handler.d.ts.map +1 -1
- package/dist/handlers/auth.handler.js +10 -55
- package/dist/handlers/auth.handler.js.map +1 -1
- package/dist/handlers/csrf.handler.d.ts.map +1 -1
- package/dist/handlers/csrf.handler.js +7 -2
- package/dist/handlers/csrf.handler.js.map +1 -1
- package/dist/handlers/social-redirect.handler.d.ts +136 -0
- package/dist/handlers/social-redirect.handler.d.ts.map +1 -0
- package/dist/handlers/social-redirect.handler.js +364 -0
- package/dist/handlers/social-redirect.handler.js.map +1 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -0
- package/dist/index.js.map +1 -1
- package/dist/interfaces/config.interface.d.ts +43 -0
- package/dist/interfaces/config.interface.d.ts.map +1 -1
- package/dist/interfaces/entities.interface.d.ts +6 -0
- package/dist/interfaces/entities.interface.d.ts.map +1 -1
- package/dist/interfaces/index.d.ts +1 -0
- package/dist/interfaces/index.d.ts.map +1 -1
- package/dist/interfaces/index.js +1 -0
- package/dist/interfaces/index.js.map +1 -1
- package/dist/interfaces/social-auth-state-store.interface.d.ts +100 -0
- package/dist/interfaces/social-auth-state-store.interface.d.ts.map +1 -0
- package/dist/interfaces/social-auth-state-store.interface.js +3 -0
- package/dist/interfaces/social-auth-state-store.interface.js.map +1 -0
- package/dist/interfaces/storage-adapter.interface.d.ts +2 -2
- package/dist/interfaces/storage-adapter.interface.d.ts.map +1 -1
- package/dist/internal.d.ts +5 -0
- package/dist/internal.d.ts.map +1 -1
- package/dist/internal.js +7 -1
- package/dist/internal.js.map +1 -1
- package/dist/schemas/auth-config.schema.d.ts +107 -28
- package/dist/schemas/auth-config.schema.d.ts.map +1 -1
- package/dist/schemas/auth-config.schema.js +20 -1
- package/dist/schemas/auth-config.schema.js.map +1 -1
- package/dist/services/auth-challenge-helper.service.d.ts +1 -1
- package/dist/services/auth-challenge-helper.service.d.ts.map +1 -1
- package/dist/services/auth-challenge-helper.service.js +9 -4
- package/dist/services/auth-challenge-helper.service.js.map +1 -1
- package/dist/services/auth.service.d.ts +59 -3
- package/dist/services/auth.service.d.ts.map +1 -1
- package/dist/services/auth.service.js +276 -50
- package/dist/services/auth.service.js.map +1 -1
- package/dist/services/geo-location.service.js +2 -2
- package/dist/services/geo-location.service.js.map +1 -1
- package/dist/services/password-reset.service.d.ts.map +1 -1
- package/dist/services/password-reset.service.js.map +1 -1
- package/dist/services/phone-verification.service.js.map +1 -1
- package/dist/services/social-auth-base.service.d.ts +5 -10
- package/dist/services/social-auth-base.service.d.ts.map +1 -1
- package/dist/services/social-auth-base.service.js +30 -61
- package/dist/services/social-auth-base.service.js.map +1 -1
- package/dist/services/social-auth-state-store.service.d.ts +58 -0
- package/dist/services/social-auth-state-store.service.d.ts.map +1 -0
- package/dist/services/social-auth-state-store.service.js +261 -0
- package/dist/services/social-auth-state-store.service.js.map +1 -0
- package/dist/storage/account-lockout-storage.service.d.ts +2 -2
- package/dist/storage/account-lockout-storage.service.d.ts.map +1 -1
- package/dist/storage/account-lockout-storage.service.js +2 -2
- package/dist/storage/account-lockout-storage.service.js.map +1 -1
- package/dist/templates/sms-template.engine.d.ts.map +1 -1
- package/dist/templates/sms-template.engine.js +1 -2
- package/dist/templates/sms-template.engine.js.map +1 -1
- package/dist/utils/index.d.ts +1 -0
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +1 -0
- package/dist/utils/index.js.map +1 -1
- package/dist/utils/password-generator.d.ts +29 -0
- package/dist/utils/password-generator.d.ts.map +1 -0
- package/dist/utils/password-generator.js +98 -0
- package/dist/utils/password-generator.js.map +1 -0
- package/dist/utils/setup/init-social.d.ts +2 -5
- package/dist/utils/setup/init-social.d.ts.map +1 -1
- package/dist/utils/setup/init-social.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Social OAuth state store interface
|
|
3
|
+
*
|
|
4
|
+
* This abstracts storage for OAuth CSRF `state` and redirect context so it can be:
|
|
5
|
+
* - shared across multiple server instances (ECS / k8s / multi-node)
|
|
6
|
+
* - backed by Redis or database using the existing transient `StorageAdapter`
|
|
7
|
+
*
|
|
8
|
+
* Security notes:
|
|
9
|
+
* - `state` MUST be one-time use (replay protection)
|
|
10
|
+
* - `state` MUST expire quickly (default: 5 minutes)
|
|
11
|
+
* - Stored redirect context MUST NOT include secrets (it may be echoed back to the frontend)
|
|
12
|
+
*
|
|
13
|
+
* @example
|
|
14
|
+
* ```typescript
|
|
15
|
+
* // Provider flow (CSRF)
|
|
16
|
+
* const state = await store.createCsrfState('google');
|
|
17
|
+
* // redirect user to provider with state
|
|
18
|
+
* await store.validateAndConsumeCsrfState('google', state);
|
|
19
|
+
*
|
|
20
|
+
* // Redirect flow context (optional)
|
|
21
|
+
* await store.setRedirectContext(state, { returnTo: '/auth/callback', appState: '12345', action: 'login' });
|
|
22
|
+
* const ctx = await store.consumeRedirectContext(state);
|
|
23
|
+
* ```
|
|
24
|
+
*/
|
|
25
|
+
export interface ISocialAuthStateStore {
|
|
26
|
+
/**
|
|
27
|
+
* Create a CSRF `state` value for a provider and persist it for later validation.
|
|
28
|
+
*
|
|
29
|
+
* @param provider - Provider name (e.g. 'google', 'apple', 'facebook')
|
|
30
|
+
* @returns Newly generated state token
|
|
31
|
+
* @throws {Error} When provider is invalid or storage fails
|
|
32
|
+
*/
|
|
33
|
+
createCsrfState(provider: string): Promise<string>;
|
|
34
|
+
/**
|
|
35
|
+
* Validate and consume a CSRF `state` token.
|
|
36
|
+
*
|
|
37
|
+
* This MUST be one-time use: subsequent validations must fail.
|
|
38
|
+
*
|
|
39
|
+
* @param provider - Provider expected for this state token
|
|
40
|
+
* @param state - State token from the OAuth callback
|
|
41
|
+
* @throws {Error} When state is missing/invalid/expired or provider mismatch occurs
|
|
42
|
+
*/
|
|
43
|
+
validateAndConsumeCsrfState(provider: string, state: string): Promise<void>;
|
|
44
|
+
/**
|
|
45
|
+
* Store optional redirect context for a CSRF state token.
|
|
46
|
+
*
|
|
47
|
+
* @param state - CSRF state token
|
|
48
|
+
* @param context - Redirect context (non-secret)
|
|
49
|
+
* @throws {Error} When storage fails
|
|
50
|
+
*/
|
|
51
|
+
setRedirectContext(state: string, context: SocialAuthRedirectContext): Promise<void>;
|
|
52
|
+
/**
|
|
53
|
+
* Consume (read and delete) redirect context for a CSRF state token.
|
|
54
|
+
*
|
|
55
|
+
* This is separate from CSRF validation consumption; controllers may consume context
|
|
56
|
+
* after provider validation to build the final frontend redirect.
|
|
57
|
+
*
|
|
58
|
+
* @param state - CSRF state token
|
|
59
|
+
* @returns Context or null if missing/expired
|
|
60
|
+
*/
|
|
61
|
+
consumeRedirectContext(state: string): Promise<SocialAuthRedirectContext | null>;
|
|
62
|
+
}
|
|
63
|
+
/**
|
|
64
|
+
* Redirect context stored during the redirect-first social login flow.
|
|
65
|
+
*
|
|
66
|
+
* @example
|
|
67
|
+
* ```typescript
|
|
68
|
+
* { returnTo: '/auth/callback', appState: '12345', action: 'login' }
|
|
69
|
+
* ```
|
|
70
|
+
*/
|
|
71
|
+
export interface SocialAuthRedirectContext {
|
|
72
|
+
/**
|
|
73
|
+
* Frontend URL or path to redirect to after completing authentication.
|
|
74
|
+
*
|
|
75
|
+
* Recommended: relative path only (e.g. `/auth/callback`) to prevent open redirects.
|
|
76
|
+
*/
|
|
77
|
+
returnTo: string;
|
|
78
|
+
/**
|
|
79
|
+
* Opaque, non-secret application state to round-trip back to the frontend.
|
|
80
|
+
* This should be URL-safe or will be URL-encoded when appended as a query param.
|
|
81
|
+
*/
|
|
82
|
+
appState?: string;
|
|
83
|
+
/**
|
|
84
|
+
* Delivery mode chosen at redirect start time.
|
|
85
|
+
*
|
|
86
|
+
* Why this exists:
|
|
87
|
+
* - In hybrid deployments, the provider callback request often has no reliable `Origin` header.
|
|
88
|
+
* - We must not guess delivery based on the provider callback request.
|
|
89
|
+
*
|
|
90
|
+
* When set, the callback flow MUST honor it.
|
|
91
|
+
*/
|
|
92
|
+
delivery?: 'cookies' | 'json';
|
|
93
|
+
/**
|
|
94
|
+
* Redirect flow action.
|
|
95
|
+
* - `login`: Authenticate user
|
|
96
|
+
* - `link`: Link provider to existing session (future)
|
|
97
|
+
*/
|
|
98
|
+
action: 'login' | 'link';
|
|
99
|
+
}
|
|
100
|
+
//# sourceMappingURL=social-auth-state-store.interface.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"social-auth-state-store.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/social-auth-state-store.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;;;;OAMG;IACH,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnD;;;;;;;;OAQG;IACH,2BAA2B,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5E;;;;;;OAMG;IACH,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,yBAAyB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErF;;;;;;;;OAQG;IACH,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,GAAG,IAAI,CAAC,CAAC;CAClF;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,yBAAyB;IACxC;;;;OAIG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;OAQG;IACH,QAAQ,CAAC,EAAE,SAAS,GAAG,MAAM,CAAC;IAE9B;;;;OAIG;IACH,MAAM,EAAE,OAAO,GAAG,MAAM,CAAC;CAC1B"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"social-auth-state-store.interface.js","sourceRoot":"","sources":["../../src/interfaces/social-auth-state-store.interface.ts"],"names":[],"mappings":""}
|
|
@@ -69,8 +69,8 @@ export interface AccountLockoutStorage {
|
|
|
69
69
|
recordFailedAttempt(ipAddress: string): Promise<number>;
|
|
70
70
|
getFailedAttempts(ipAddress: string): Promise<number>;
|
|
71
71
|
isAccountLocked(ipAddress: string): Promise<boolean>;
|
|
72
|
-
|
|
73
|
-
|
|
72
|
+
lockIpAddress(ipAddress: string, duration: number, reason: string): Promise<void>;
|
|
73
|
+
unlockIpAddress(ipAddress: string): Promise<void>;
|
|
74
74
|
resetFailedAttempts(ipAddress: string): Promise<void>;
|
|
75
75
|
}
|
|
76
76
|
//# sourceMappingURL=storage-adapter.interface.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"storage-adapter.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/storage-adapter.interface.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5B;;OAEG;IACH,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAE9B;;OAEG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,EAAE,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC;IAChH,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEtC;;OAEG;IACH,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACxD,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAElC;;OAEG;IACH,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzD,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACtD,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAExD;;OAEG;IACH,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjD,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACpE,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnC;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAElF;;OAEG;IACH,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,kBAAkB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC5F,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACpE,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACrE;AAED;;;;;GAKG;AACH,MAAM,WAAW,qBAAqB;IACpC,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACxD,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACtD,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACrD,
|
|
1
|
+
{"version":3,"file":"storage-adapter.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/storage-adapter.interface.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5B;;OAEG;IACH,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAE9B;;OAEG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,EAAE,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC;IAChH,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEtC;;OAEG;IACH,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACxD,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAElC;;OAEG;IACH,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzD,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACtD,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAExD;;OAEG;IACH,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjD,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACpE,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnC;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAElF;;OAEG;IACH,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,kBAAkB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC5F,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACpE,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACrE;AAED;;;;;GAKG;AACH,MAAM,WAAW,qBAAqB;IACpC,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACxD,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACtD,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACrD,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClF,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACvD"}
|
package/dist/internal.d.ts
CHANGED
|
@@ -126,6 +126,11 @@ export { BaseMFAProviderService } from './services/mfa-base.service';
|
|
|
126
126
|
* @internal
|
|
127
127
|
*/
|
|
128
128
|
export { BaseSocialAuthProviderService } from './services/social-auth-base.service';
|
|
129
|
+
/**
|
|
130
|
+
* Storage-backed OAuth CSRF + redirect context store
|
|
131
|
+
* @internal
|
|
132
|
+
*/
|
|
133
|
+
export { SocialAuthStateStore } from './services/social-auth-state-store.service';
|
|
129
134
|
/**
|
|
130
135
|
* Social provider registry service
|
|
131
136
|
* Internal registry for managing social auth provider instances
|
package/dist/internal.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"internal.d.ts","sourceRoot":"","sources":["../src/internal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAMH;;;GAGG;AACH,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAEhE;;;GAGG;AACH,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAMtF;;;GAGG;AACH,OAAO,EAAE,2BAA2B,EAAE,MAAM,4CAA4C,CAAC;AAEzF;;;GAGG;AACH,OAAO,EAAE,sBAAsB,EAAE,MAAM,8CAA8C,CAAC;AAEtF;;;GAGG;AACH,cAAc,0CAA0C,CAAC;AAEzD;;;GAGG;AACH,cAAc,4BAA4B,CAAC;AAE3C;;;GAGG;AACH,cAAc,wCAAwC,CAAC;AAMvD;;;GAGG;AACH,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAE9D;;;GAGG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEpD;;;GAGG;AACH,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAE5D;;;GAGG;AACH,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAEzE;;;GAGG;AACH,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAEzE;;;GAGG;AACH,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAMrE;;;GAGG;AACH,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAEzE;;;GAGG;AACH,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAErE;;;GAGG;AACH,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAMtF;;;GAGG;AACH,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE;;;GAGG;AACH,OAAO,EAAE,6BAA6B,EAAE,MAAM,qCAAqC,CAAC;AAEpF;;;;GAIG;AACH,OAAO,EAAE,sBAAsB,EAAE,MAAM,6CAA6C,CAAC;AAMrF;;;;GAIG;AACH,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,+BAA+B,CAAC"}
|
|
1
|
+
{"version":3,"file":"internal.d.ts","sourceRoot":"","sources":["../src/internal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAMH;;;GAGG;AACH,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAEhE;;;GAGG;AACH,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAMtF;;;GAGG;AACH,OAAO,EAAE,2BAA2B,EAAE,MAAM,4CAA4C,CAAC;AAEzF;;;GAGG;AACH,OAAO,EAAE,sBAAsB,EAAE,MAAM,8CAA8C,CAAC;AAEtF;;;GAGG;AACH,cAAc,0CAA0C,CAAC;AAEzD;;;GAGG;AACH,cAAc,4BAA4B,CAAC;AAE3C;;;GAGG;AACH,cAAc,wCAAwC,CAAC;AAMvD;;;GAGG;AACH,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAE9D;;;GAGG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEpD;;;GAGG;AACH,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAE5D;;;GAGG;AACH,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAEzE;;;GAGG;AACH,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAEzE;;;GAGG;AACH,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAMrE;;;GAGG;AACH,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAEzE;;;GAGG;AACH,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAErE;;;GAGG;AACH,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAMtF;;;GAGG;AACH,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE;;;GAGG;AACH,OAAO,EAAE,6BAA6B,EAAE,MAAM,qCAAqC,CAAC;AAEpF;;;GAGG;AACH,OAAO,EAAE,oBAAoB,EAAE,MAAM,4CAA4C,CAAC;AAElF;;;;GAIG;AACH,OAAO,EAAE,sBAAsB,EAAE,MAAM,6CAA6C,CAAC;AAMrF;;;;GAIG;AACH,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,+BAA+B,CAAC"}
|
package/dist/internal.js
CHANGED
|
@@ -52,7 +52,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
52
52
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
53
53
|
};
|
|
54
54
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
55
|
-
exports.AuthAuditService = exports.SocialProviderRegistry = exports.BaseSocialAuthProviderService = exports.BaseMFAProviderService = exports.AdaptiveMFADecisionService = exports.RiskScoringService = exports.RiskDetectionService = exports.GeoLocationService = exports.TrustedDeviceService = exports.PasswordResetService = exports.SessionService = exports.JwtService = exports.PasswordService = exports.AuthFlowContextBuilder = exports.AuthFlowStateMachineService = exports.AuthChallengeHelperService = exports.ChallengeService = void 0;
|
|
55
|
+
exports.AuthAuditService = exports.SocialProviderRegistry = exports.SocialAuthStateStore = exports.BaseSocialAuthProviderService = exports.BaseMFAProviderService = exports.AdaptiveMFADecisionService = exports.RiskScoringService = exports.RiskDetectionService = exports.GeoLocationService = exports.TrustedDeviceService = exports.PasswordResetService = exports.SessionService = exports.JwtService = exports.PasswordService = exports.AuthFlowContextBuilder = exports.AuthFlowStateMachineService = exports.AuthChallengeHelperService = exports.ChallengeService = void 0;
|
|
56
56
|
// ============================================================================
|
|
57
57
|
// Challenge System (Internal Orchestration)
|
|
58
58
|
// ============================================================================
|
|
@@ -173,6 +173,12 @@ Object.defineProperty(exports, "BaseMFAProviderService", { enumerable: true, get
|
|
|
173
173
|
*/
|
|
174
174
|
var social_auth_base_service_1 = require("./services/social-auth-base.service");
|
|
175
175
|
Object.defineProperty(exports, "BaseSocialAuthProviderService", { enumerable: true, get: function () { return social_auth_base_service_1.BaseSocialAuthProviderService; } });
|
|
176
|
+
/**
|
|
177
|
+
* Storage-backed OAuth CSRF + redirect context store
|
|
178
|
+
* @internal
|
|
179
|
+
*/
|
|
180
|
+
var social_auth_state_store_service_1 = require("./services/social-auth-state-store.service");
|
|
181
|
+
Object.defineProperty(exports, "SocialAuthStateStore", { enumerable: true, get: function () { return social_auth_state_store_service_1.SocialAuthStateStore; } });
|
|
176
182
|
/**
|
|
177
183
|
* Social provider registry service
|
|
178
184
|
* Internal registry for managing social auth provider instances
|
package/dist/internal.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"internal.js","sourceRoot":"","sources":["../src/internal.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;;;;;;;;;;;;;;;;;AAEH,+EAA+E;AAC/E,4CAA4C;AAC5C,+EAA+E;AAE/E;;;GAGG;AACH,kEAAgE;AAAvD,qHAAA,gBAAgB,OAAA;AAEzB;;;GAGG;AACH,0FAAsF;AAA7E,2IAAA,0BAA0B,OAAA;AAEnC,+EAA+E;AAC/E,+CAA+C;AAC/C,+EAA+E;AAE/E;;;GAGG;AACH,8FAAyF;AAAhF,8IAAA,2BAA2B,OAAA;AAEpC;;;GAGG;AACH,kGAAsF;AAA7E,2IAAA,sBAAsB,OAAA;AAE/B;;;GAGG;AACH,2EAAyD;AAEzD;;;GAGG;AACH,6DAA2C;AAE3C;;;GAGG;AACH,yEAAuD;AAEvD,+EAA+E;AAC/E,0CAA0C;AAC1C,+EAA+E;AAE/E;;;GAGG;AACH,gEAA8D;AAArD,mHAAA,eAAe,OAAA;AAExB;;;GAGG;AACH,sDAAoD;AAA3C,yGAAA,UAAU,OAAA;AAEnB;;;GAGG;AACH,8DAA4D;AAAnD,iHAAA,cAAc,OAAA;AAEvB;;;GAGG;AACH,4EAAyE;AAAhE,8HAAA,oBAAoB,OAAA;AAE7B;;;GAGG;AACH,4EAAyE;AAAhE,8HAAA,oBAAoB,OAAA;AAE7B;;;GAGG;AACH,wEAAqE;AAA5D,0HAAA,kBAAkB,OAAA;AAE3B,+EAA+E;AAC/E,sCAAsC;AACtC,+EAA+E;AAE/E;;;GAGG;AACH,4EAAyE;AAAhE,8HAAA,oBAAoB,OAAA;AAE7B;;;GAGG;AACH,wEAAqE;AAA5D,0HAAA,kBAAkB,OAAA;AAE3B;;;GAGG;AACH,0FAAsF;AAA7E,2IAAA,0BAA0B,OAAA;AAEnC,+EAA+E;AAC/E,yDAAyD;AACzD,+EAA+E;AAE/E;;;GAGG;AACH,gEAAqE;AAA5D,0HAAA,sBAAsB,OAAA;AAE/B;;;GAGG;AACH,gFAAoF;AAA3E,yIAAA,6BAA6B,OAAA;AAEtC;;;;GAIG;AACH,gGAAqF;AAA5E,0IAAA,sBAAsB,OAAA;AAE/B,+EAA+E;AAC/E,8CAA8C;AAC9C,+EAA+E;AAE/E;;;;GAIG;AACH,oEAA6F;AAApF,sHAAA,wBAAwB,OAAoB"}
|
|
1
|
+
{"version":3,"file":"internal.js","sourceRoot":"","sources":["../src/internal.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;;;;;;;;;;;;;;;;;AAEH,+EAA+E;AAC/E,4CAA4C;AAC5C,+EAA+E;AAE/E;;;GAGG;AACH,kEAAgE;AAAvD,qHAAA,gBAAgB,OAAA;AAEzB;;;GAGG;AACH,0FAAsF;AAA7E,2IAAA,0BAA0B,OAAA;AAEnC,+EAA+E;AAC/E,+CAA+C;AAC/C,+EAA+E;AAE/E;;;GAGG;AACH,8FAAyF;AAAhF,8IAAA,2BAA2B,OAAA;AAEpC;;;GAGG;AACH,kGAAsF;AAA7E,2IAAA,sBAAsB,OAAA;AAE/B;;;GAGG;AACH,2EAAyD;AAEzD;;;GAGG;AACH,6DAA2C;AAE3C;;;GAGG;AACH,yEAAuD;AAEvD,+EAA+E;AAC/E,0CAA0C;AAC1C,+EAA+E;AAE/E;;;GAGG;AACH,gEAA8D;AAArD,mHAAA,eAAe,OAAA;AAExB;;;GAGG;AACH,sDAAoD;AAA3C,yGAAA,UAAU,OAAA;AAEnB;;;GAGG;AACH,8DAA4D;AAAnD,iHAAA,cAAc,OAAA;AAEvB;;;GAGG;AACH,4EAAyE;AAAhE,8HAAA,oBAAoB,OAAA;AAE7B;;;GAGG;AACH,4EAAyE;AAAhE,8HAAA,oBAAoB,OAAA;AAE7B;;;GAGG;AACH,wEAAqE;AAA5D,0HAAA,kBAAkB,OAAA;AAE3B,+EAA+E;AAC/E,sCAAsC;AACtC,+EAA+E;AAE/E;;;GAGG;AACH,4EAAyE;AAAhE,8HAAA,oBAAoB,OAAA;AAE7B;;;GAGG;AACH,wEAAqE;AAA5D,0HAAA,kBAAkB,OAAA;AAE3B;;;GAGG;AACH,0FAAsF;AAA7E,2IAAA,0BAA0B,OAAA;AAEnC,+EAA+E;AAC/E,yDAAyD;AACzD,+EAA+E;AAE/E;;;GAGG;AACH,gEAAqE;AAA5D,0HAAA,sBAAsB,OAAA;AAE/B;;;GAGG;AACH,gFAAoF;AAA3E,yIAAA,6BAA6B,OAAA;AAEtC;;;GAGG;AACH,8FAAkF;AAAzE,uIAAA,oBAAoB,OAAA;AAE7B;;;;GAIG;AACH,gGAAqF;AAA5E,0IAAA,sBAAsB,OAAA;AAE/B,+EAA+E;AAC/E,8CAA8C;AAC9C,+EAA+E;AAE/E;;;;GAIG;AACH,oEAA6F;AAApF,sHAAA,wBAAwB,OAAoB"}
|
|
@@ -436,24 +436,24 @@ export declare const lifecycleHooksSchema: z.ZodObject<{
|
|
|
436
436
|
onAdaptiveMFATriggered?: any;
|
|
437
437
|
onSignInBlocked?: any;
|
|
438
438
|
afterSignup?: any;
|
|
439
|
+
afterLogin?: any;
|
|
439
440
|
beforePasswordChange?: any;
|
|
440
441
|
afterPasswordChange?: any;
|
|
442
|
+
afterLoginFailed?: any;
|
|
441
443
|
beforeSignup?: any;
|
|
442
444
|
beforeLogin?: any;
|
|
443
|
-
afterLogin?: any;
|
|
444
|
-
afterLoginFailed?: any;
|
|
445
445
|
beforeAccountLock?: any;
|
|
446
446
|
afterAccountLock?: any;
|
|
447
447
|
}, {
|
|
448
448
|
onAdaptiveMFATriggered?: any;
|
|
449
449
|
onSignInBlocked?: any;
|
|
450
450
|
afterSignup?: any;
|
|
451
|
+
afterLogin?: any;
|
|
451
452
|
beforePasswordChange?: any;
|
|
452
453
|
afterPasswordChange?: any;
|
|
454
|
+
afterLoginFailed?: any;
|
|
453
455
|
beforeSignup?: any;
|
|
454
456
|
beforeLogin?: any;
|
|
455
|
-
afterLogin?: any;
|
|
456
|
-
afterLoginFailed?: any;
|
|
457
457
|
beforeAccountLock?: any;
|
|
458
458
|
afterAccountLock?: any;
|
|
459
459
|
}>;
|
|
@@ -675,6 +675,19 @@ export declare const socialProviderConfigSchema: z.ZodObject<{
|
|
|
675
675
|
autoLink?: boolean | undefined;
|
|
676
676
|
allowSignup?: boolean | undefined;
|
|
677
677
|
}>;
|
|
678
|
+
export declare const socialRedirectConfigSchema: z.ZodObject<{
|
|
679
|
+
frontendBaseUrl: z.ZodOptional<z.ZodString>;
|
|
680
|
+
allowAbsoluteReturnTo: z.ZodOptional<z.ZodBoolean>;
|
|
681
|
+
allowedReturnToOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
682
|
+
}, "strip", z.ZodTypeAny, {
|
|
683
|
+
frontendBaseUrl?: string | undefined;
|
|
684
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
685
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
686
|
+
}, {
|
|
687
|
+
frontendBaseUrl?: string | undefined;
|
|
688
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
689
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
690
|
+
}>;
|
|
678
691
|
export declare const socialConfigSchema: z.ZodObject<{
|
|
679
692
|
google: z.ZodOptional<z.ZodObject<{
|
|
680
693
|
enabled: z.ZodOptional<z.ZodBoolean>;
|
|
@@ -751,6 +764,19 @@ export declare const socialConfigSchema: z.ZodObject<{
|
|
|
751
764
|
autoLink?: boolean | undefined;
|
|
752
765
|
allowSignup?: boolean | undefined;
|
|
753
766
|
}>>;
|
|
767
|
+
redirect: z.ZodOptional<z.ZodObject<{
|
|
768
|
+
frontendBaseUrl: z.ZodOptional<z.ZodString>;
|
|
769
|
+
allowAbsoluteReturnTo: z.ZodOptional<z.ZodBoolean>;
|
|
770
|
+
allowedReturnToOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
771
|
+
}, "strip", z.ZodTypeAny, {
|
|
772
|
+
frontendBaseUrl?: string | undefined;
|
|
773
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
774
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
775
|
+
}, {
|
|
776
|
+
frontendBaseUrl?: string | undefined;
|
|
777
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
778
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
779
|
+
}>>;
|
|
754
780
|
}, "strip", z.ZodTypeAny, {
|
|
755
781
|
google?: {
|
|
756
782
|
enabled?: boolean | undefined;
|
|
@@ -779,6 +805,11 @@ export declare const socialConfigSchema: z.ZodObject<{
|
|
|
779
805
|
autoLink?: boolean | undefined;
|
|
780
806
|
allowSignup?: boolean | undefined;
|
|
781
807
|
} | undefined;
|
|
808
|
+
redirect?: {
|
|
809
|
+
frontendBaseUrl?: string | undefined;
|
|
810
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
811
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
812
|
+
} | undefined;
|
|
782
813
|
}, {
|
|
783
814
|
google?: {
|
|
784
815
|
enabled?: boolean | undefined;
|
|
@@ -807,6 +838,11 @@ export declare const socialConfigSchema: z.ZodObject<{
|
|
|
807
838
|
autoLink?: boolean | undefined;
|
|
808
839
|
allowSignup?: boolean | undefined;
|
|
809
840
|
} | undefined;
|
|
841
|
+
redirect?: {
|
|
842
|
+
frontendBaseUrl?: string | undefined;
|
|
843
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
844
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
845
|
+
} | undefined;
|
|
810
846
|
}>;
|
|
811
847
|
export declare const totpConfigSchema: z.ZodObject<{
|
|
812
848
|
window: z.ZodOptional<z.ZodNumber>;
|
|
@@ -1882,24 +1918,24 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
1882
1918
|
onAdaptiveMFATriggered?: any;
|
|
1883
1919
|
onSignInBlocked?: any;
|
|
1884
1920
|
afterSignup?: any;
|
|
1921
|
+
afterLogin?: any;
|
|
1885
1922
|
beforePasswordChange?: any;
|
|
1886
1923
|
afterPasswordChange?: any;
|
|
1924
|
+
afterLoginFailed?: any;
|
|
1887
1925
|
beforeSignup?: any;
|
|
1888
1926
|
beforeLogin?: any;
|
|
1889
|
-
afterLogin?: any;
|
|
1890
|
-
afterLoginFailed?: any;
|
|
1891
1927
|
beforeAccountLock?: any;
|
|
1892
1928
|
afterAccountLock?: any;
|
|
1893
1929
|
}, {
|
|
1894
1930
|
onAdaptiveMFATriggered?: any;
|
|
1895
1931
|
onSignInBlocked?: any;
|
|
1896
1932
|
afterSignup?: any;
|
|
1933
|
+
afterLogin?: any;
|
|
1897
1934
|
beforePasswordChange?: any;
|
|
1898
1935
|
afterPasswordChange?: any;
|
|
1936
|
+
afterLoginFailed?: any;
|
|
1899
1937
|
beforeSignup?: any;
|
|
1900
1938
|
beforeLogin?: any;
|
|
1901
|
-
afterLogin?: any;
|
|
1902
|
-
afterLoginFailed?: any;
|
|
1903
1939
|
beforeAccountLock?: any;
|
|
1904
1940
|
afterAccountLock?: any;
|
|
1905
1941
|
}>>;
|
|
@@ -2179,6 +2215,19 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2179
2215
|
autoLink?: boolean | undefined;
|
|
2180
2216
|
allowSignup?: boolean | undefined;
|
|
2181
2217
|
}>>;
|
|
2218
|
+
redirect: z.ZodOptional<z.ZodObject<{
|
|
2219
|
+
frontendBaseUrl: z.ZodOptional<z.ZodString>;
|
|
2220
|
+
allowAbsoluteReturnTo: z.ZodOptional<z.ZodBoolean>;
|
|
2221
|
+
allowedReturnToOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
2222
|
+
}, "strip", z.ZodTypeAny, {
|
|
2223
|
+
frontendBaseUrl?: string | undefined;
|
|
2224
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
2225
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
2226
|
+
}, {
|
|
2227
|
+
frontendBaseUrl?: string | undefined;
|
|
2228
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
2229
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
2230
|
+
}>>;
|
|
2182
2231
|
}, "strip", z.ZodTypeAny, {
|
|
2183
2232
|
google?: {
|
|
2184
2233
|
enabled?: boolean | undefined;
|
|
@@ -2207,6 +2256,11 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2207
2256
|
autoLink?: boolean | undefined;
|
|
2208
2257
|
allowSignup?: boolean | undefined;
|
|
2209
2258
|
} | undefined;
|
|
2259
|
+
redirect?: {
|
|
2260
|
+
frontendBaseUrl?: string | undefined;
|
|
2261
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
2262
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
2263
|
+
} | undefined;
|
|
2210
2264
|
}, {
|
|
2211
2265
|
google?: {
|
|
2212
2266
|
enabled?: boolean | undefined;
|
|
@@ -2235,6 +2289,11 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2235
2289
|
autoLink?: boolean | undefined;
|
|
2236
2290
|
allowSignup?: boolean | undefined;
|
|
2237
2291
|
} | undefined;
|
|
2292
|
+
redirect?: {
|
|
2293
|
+
frontendBaseUrl?: string | undefined;
|
|
2294
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
2295
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
2296
|
+
} | undefined;
|
|
2238
2297
|
}>>;
|
|
2239
2298
|
mfa: z.ZodOptional<z.ZodObject<{
|
|
2240
2299
|
enabled: z.ZodOptional<z.ZodBoolean>;
|
|
@@ -2836,6 +2895,14 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2836
2895
|
autoLink?: boolean | undefined;
|
|
2837
2896
|
allowSignup?: boolean | undefined;
|
|
2838
2897
|
} | undefined;
|
|
2898
|
+
redirect?: {
|
|
2899
|
+
frontendBaseUrl?: string | undefined;
|
|
2900
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
2901
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
2902
|
+
} | undefined;
|
|
2903
|
+
} | undefined;
|
|
2904
|
+
login?: {
|
|
2905
|
+
identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
|
|
2839
2906
|
} | undefined;
|
|
2840
2907
|
tablePrefix?: string | undefined;
|
|
2841
2908
|
signup?: {
|
|
@@ -2864,9 +2931,6 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2864
2931
|
codeLength?: number | undefined;
|
|
2865
2932
|
} | undefined;
|
|
2866
2933
|
} | undefined;
|
|
2867
|
-
login?: {
|
|
2868
|
-
identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
|
|
2869
|
-
} | undefined;
|
|
2870
2934
|
lockout?: {
|
|
2871
2935
|
duration?: number | undefined;
|
|
2872
2936
|
maxAttempts?: number | undefined;
|
|
@@ -2891,12 +2955,12 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2891
2955
|
onAdaptiveMFATriggered?: any;
|
|
2892
2956
|
onSignInBlocked?: any;
|
|
2893
2957
|
afterSignup?: any;
|
|
2958
|
+
afterLogin?: any;
|
|
2894
2959
|
beforePasswordChange?: any;
|
|
2895
2960
|
afterPasswordChange?: any;
|
|
2961
|
+
afterLoginFailed?: any;
|
|
2896
2962
|
beforeSignup?: any;
|
|
2897
2963
|
beforeLogin?: any;
|
|
2898
|
-
afterLogin?: any;
|
|
2899
|
-
afterLoginFailed?: any;
|
|
2900
2964
|
beforeAccountLock?: any;
|
|
2901
2965
|
afterAccountLock?: any;
|
|
2902
2966
|
} | undefined;
|
|
@@ -3097,6 +3161,14 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
3097
3161
|
autoLink?: boolean | undefined;
|
|
3098
3162
|
allowSignup?: boolean | undefined;
|
|
3099
3163
|
} | undefined;
|
|
3164
|
+
redirect?: {
|
|
3165
|
+
frontendBaseUrl?: string | undefined;
|
|
3166
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
3167
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
3168
|
+
} | undefined;
|
|
3169
|
+
} | undefined;
|
|
3170
|
+
login?: {
|
|
3171
|
+
identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
|
|
3100
3172
|
} | undefined;
|
|
3101
3173
|
tablePrefix?: string | undefined;
|
|
3102
3174
|
signup?: {
|
|
@@ -3125,9 +3197,6 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
3125
3197
|
codeLength?: number | undefined;
|
|
3126
3198
|
} | undefined;
|
|
3127
3199
|
} | undefined;
|
|
3128
|
-
login?: {
|
|
3129
|
-
identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
|
|
3130
|
-
} | undefined;
|
|
3131
3200
|
lockout?: {
|
|
3132
3201
|
duration?: number | undefined;
|
|
3133
3202
|
maxAttempts?: number | undefined;
|
|
@@ -3152,12 +3221,12 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
3152
3221
|
onAdaptiveMFATriggered?: any;
|
|
3153
3222
|
onSignInBlocked?: any;
|
|
3154
3223
|
afterSignup?: any;
|
|
3224
|
+
afterLogin?: any;
|
|
3155
3225
|
beforePasswordChange?: any;
|
|
3156
3226
|
afterPasswordChange?: any;
|
|
3227
|
+
afterLoginFailed?: any;
|
|
3157
3228
|
beforeSignup?: any;
|
|
3158
3229
|
beforeLogin?: any;
|
|
3159
|
-
afterLogin?: any;
|
|
3160
|
-
afterLoginFailed?: any;
|
|
3161
3230
|
beforeAccountLock?: any;
|
|
3162
3231
|
afterAccountLock?: any;
|
|
3163
3232
|
} | undefined;
|
|
@@ -3358,6 +3427,14 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
3358
3427
|
autoLink?: boolean | undefined;
|
|
3359
3428
|
allowSignup?: boolean | undefined;
|
|
3360
3429
|
} | undefined;
|
|
3430
|
+
redirect?: {
|
|
3431
|
+
frontendBaseUrl?: string | undefined;
|
|
3432
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
3433
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
3434
|
+
} | undefined;
|
|
3435
|
+
} | undefined;
|
|
3436
|
+
login?: {
|
|
3437
|
+
identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
|
|
3361
3438
|
} | undefined;
|
|
3362
3439
|
tablePrefix?: string | undefined;
|
|
3363
3440
|
signup?: {
|
|
@@ -3386,9 +3463,6 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
3386
3463
|
codeLength?: number | undefined;
|
|
3387
3464
|
} | undefined;
|
|
3388
3465
|
} | undefined;
|
|
3389
|
-
login?: {
|
|
3390
|
-
identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
|
|
3391
|
-
} | undefined;
|
|
3392
3466
|
lockout?: {
|
|
3393
3467
|
duration?: number | undefined;
|
|
3394
3468
|
maxAttempts?: number | undefined;
|
|
@@ -3413,12 +3487,12 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
3413
3487
|
onAdaptiveMFATriggered?: any;
|
|
3414
3488
|
onSignInBlocked?: any;
|
|
3415
3489
|
afterSignup?: any;
|
|
3490
|
+
afterLogin?: any;
|
|
3416
3491
|
beforePasswordChange?: any;
|
|
3417
3492
|
afterPasswordChange?: any;
|
|
3493
|
+
afterLoginFailed?: any;
|
|
3418
3494
|
beforeSignup?: any;
|
|
3419
3495
|
beforeLogin?: any;
|
|
3420
|
-
afterLogin?: any;
|
|
3421
|
-
afterLoginFailed?: any;
|
|
3422
3496
|
beforeAccountLock?: any;
|
|
3423
3497
|
afterAccountLock?: any;
|
|
3424
3498
|
} | undefined;
|
|
@@ -3619,6 +3693,14 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
3619
3693
|
autoLink?: boolean | undefined;
|
|
3620
3694
|
allowSignup?: boolean | undefined;
|
|
3621
3695
|
} | undefined;
|
|
3696
|
+
redirect?: {
|
|
3697
|
+
frontendBaseUrl?: string | undefined;
|
|
3698
|
+
allowAbsoluteReturnTo?: boolean | undefined;
|
|
3699
|
+
allowedReturnToOrigins?: string[] | undefined;
|
|
3700
|
+
} | undefined;
|
|
3701
|
+
} | undefined;
|
|
3702
|
+
login?: {
|
|
3703
|
+
identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
|
|
3622
3704
|
} | undefined;
|
|
3623
3705
|
tablePrefix?: string | undefined;
|
|
3624
3706
|
signup?: {
|
|
@@ -3647,9 +3729,6 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
3647
3729
|
codeLength?: number | undefined;
|
|
3648
3730
|
} | undefined;
|
|
3649
3731
|
} | undefined;
|
|
3650
|
-
login?: {
|
|
3651
|
-
identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
|
|
3652
|
-
} | undefined;
|
|
3653
3732
|
lockout?: {
|
|
3654
3733
|
duration?: number | undefined;
|
|
3655
3734
|
maxAttempts?: number | undefined;
|
|
@@ -3674,12 +3753,12 @@ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
|
|
|
3674
3753
|
onAdaptiveMFATriggered?: any;
|
|
3675
3754
|
onSignInBlocked?: any;
|
|
3676
3755
|
afterSignup?: any;
|
|
3756
|
+
afterLogin?: any;
|
|
3677
3757
|
beforePasswordChange?: any;
|
|
3678
3758
|
afterPasswordChange?: any;
|
|
3759
|
+
afterLoginFailed?: any;
|
|
3679
3760
|
beforeSignup?: any;
|
|
3680
3761
|
beforeLogin?: any;
|
|
3681
|
-
afterLogin?: any;
|
|
3682
|
-
afterLoginFailed?: any;
|
|
3683
3762
|
beforeAccountLock?: any;
|
|
3684
3763
|
afterAccountLock?: any;
|
|
3685
3764
|
} | undefined;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-config.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/auth-config.schema.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AA0BxB;;GAEG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2CxB,CAAC;AAML,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6B7B,CAAC;AAMH,eAAO,MAAM,iBAAiB;;;;;;EAE5B,CAAC;AAMH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAqB/B,CAAC;AAMH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;EAK9B,CAAC;AAMH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;EAI9B,CAAC;AAMH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkB/B,CAAC;AAOH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAY/B,CAAC;AA6CH;;GAEG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAS5B,CAAC;AAqCH;;GAEG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE1B,CAAC;AAMH,eAAO,MAAM,iBAAiB,gDAG5B,CAAC;AAMH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;EAQrC,CAAC;AAEH,eAAO,MAAM,kBAAkB
|
|
1
|
+
{"version":3,"file":"auth-config.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/auth-config.schema.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AA0BxB;;GAEG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2CxB,CAAC;AAML,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6B7B,CAAC;AAMH,eAAO,MAAM,iBAAiB;;;;;;EAE5B,CAAC;AAMH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAqB/B,CAAC;AAMH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;EAK9B,CAAC;AAMH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;EAI9B,CAAC;AAMH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkB/B,CAAC;AAOH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAY/B,CAAC;AA6CH;;GAEG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAS5B,CAAC;AAqCH;;GAEG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE1B,CAAC;AAMH,eAAO,MAAM,iBAAiB,gDAG5B,CAAC;AAMH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;EAQrC,CAAC;AAEH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;EAIrC,CAAC;AAEH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAK7B,CAAC;AAMH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;EAK3B,CAAC;AAEH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;EAO9B,CAAC;AAEH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;EAIlC,CAAC;AAEH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;EAIhC,CAAC;AAEH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgClC,CAAC;AAEH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc1B,CAAC;AAMH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiBpC,CAAC;AAMH,eAAO,MAAM,qBAAqB;;;;;;EAEhC,CAAC;AAMH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWlC,CAAC;AAMH;;;;;;;;;GASG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiNzB,CAAC;AAEL;;;GAGG;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC"}
|
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
* ```
|
|
26
26
|
*/
|
|
27
27
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
28
|
-
exports.authConfigSchema = exports.geoLocationConfigSchema = exports.challengeConfigSchema = exports.tokenDeliveryConfigSchema = exports.mfaConfigSchema = exports.adaptiveMFAConfigSchema = exports.riskLevelConfigSchema = exports.backupCodesConfigSchema = exports.passkeyConfigSchema = exports.totpConfigSchema = exports.socialConfigSchema = exports.socialProviderConfigSchema = exports.phoneConfigSchema = exports.smsConfigSchema = exports.emailConfigSchema = exports.lifecycleHooksSchema = exports.securityConfigSchema = exports.sessionConfigSchema = exports.lockoutConfigSchema = exports.passwordConfigSchema = exports.loginConfigSchema = exports.signupConfigSchema = exports.jwtConfigSchema = void 0;
|
|
28
|
+
exports.authConfigSchema = exports.geoLocationConfigSchema = exports.challengeConfigSchema = exports.tokenDeliveryConfigSchema = exports.mfaConfigSchema = exports.adaptiveMFAConfigSchema = exports.riskLevelConfigSchema = exports.backupCodesConfigSchema = exports.passkeyConfigSchema = exports.totpConfigSchema = exports.socialConfigSchema = exports.socialRedirectConfigSchema = exports.socialProviderConfigSchema = exports.phoneConfigSchema = exports.smsConfigSchema = exports.emailConfigSchema = exports.lifecycleHooksSchema = exports.securityConfigSchema = exports.sessionConfigSchema = exports.lockoutConfigSchema = exports.passwordConfigSchema = exports.loginConfigSchema = exports.signupConfigSchema = exports.jwtConfigSchema = void 0;
|
|
29
29
|
const zod_1 = require("zod");
|
|
30
30
|
// ============================================================================
|
|
31
31
|
// JWT Configuration Schemas
|
|
@@ -326,10 +326,16 @@ exports.socialProviderConfigSchema = zod_1.z.object({
|
|
|
326
326
|
autoLink: zod_1.z.boolean().optional(),
|
|
327
327
|
allowSignup: zod_1.z.boolean().optional(),
|
|
328
328
|
});
|
|
329
|
+
exports.socialRedirectConfigSchema = zod_1.z.object({
|
|
330
|
+
frontendBaseUrl: zod_1.z.string().optional(),
|
|
331
|
+
allowAbsoluteReturnTo: zod_1.z.boolean().optional(),
|
|
332
|
+
allowedReturnToOrigins: zod_1.z.array(zod_1.z.string()).optional(),
|
|
333
|
+
});
|
|
329
334
|
exports.socialConfigSchema = zod_1.z.object({
|
|
330
335
|
google: exports.socialProviderConfigSchema.optional(),
|
|
331
336
|
apple: exports.socialProviderConfigSchema.optional(),
|
|
332
337
|
facebook: exports.socialProviderConfigSchema.optional(),
|
|
338
|
+
redirect: exports.socialRedirectConfigSchema.optional(),
|
|
333
339
|
});
|
|
334
340
|
// ============================================================================
|
|
335
341
|
// MFA Configuration Schemas
|
|
@@ -599,9 +605,11 @@ exports.authConfigSchema = zod_1.z
|
|
|
599
605
|
// ============================================================================
|
|
600
606
|
// 11. Social Provider Validation
|
|
601
607
|
// ============================================================================
|
|
608
|
+
let anySocialEnabled = false;
|
|
602
609
|
['google', 'apple', 'facebook'].forEach((provider) => {
|
|
603
610
|
const providerConfig = data.social?.[provider];
|
|
604
611
|
if (providerConfig?.enabled) {
|
|
612
|
+
anySocialEnabled = true;
|
|
605
613
|
if (!providerConfig.clientId) {
|
|
606
614
|
ctx.addIssue({
|
|
607
615
|
code: zod_1.z.ZodIssueCode.custom,
|
|
@@ -618,6 +626,17 @@ exports.authConfigSchema = zod_1.z
|
|
|
618
626
|
}
|
|
619
627
|
}
|
|
620
628
|
});
|
|
629
|
+
// Redirect-first social login requires frontendBaseUrl when any provider is enabled
|
|
630
|
+
if (anySocialEnabled) {
|
|
631
|
+
const frontendBaseUrl = data.social?.redirect?.frontendBaseUrl;
|
|
632
|
+
if (!frontendBaseUrl || typeof frontendBaseUrl !== 'string' || frontendBaseUrl.trim() === '') {
|
|
633
|
+
ctx.addIssue({
|
|
634
|
+
code: zod_1.z.ZodIssueCode.custom,
|
|
635
|
+
message: 'social.redirect.frontendBaseUrl is required when any social provider is enabled',
|
|
636
|
+
path: ['social', 'redirect', 'frontendBaseUrl'],
|
|
637
|
+
});
|
|
638
|
+
}
|
|
639
|
+
}
|
|
621
640
|
// ============================================================================
|
|
622
641
|
// 12. MaxMind GeoLocation Validation
|
|
623
642
|
// ============================================================================
|