npm - @nauth-toolkit/core - Versions diffs - 0.1.28 → 0.1.29 - Mend

@nauth-toolkit/core 0.1.28 → 0.1.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/dist/dto/get-events-by-type.dto.d.ts.map +1 -1
package/dist/dto/get-events-by-type.dto.js +55 -0
package/dist/dto/get-events-by-type.dto.js.map +1 -1
package/dist/dto/get-risk-assessment-history.dto.d.ts.map +1 -1
package/dist/dto/get-risk-assessment-history.dto.js +35 -0
package/dist/dto/get-risk-assessment-history.dto.js.map +1 -1
package/dist/dto/get-suspicious-activity.dto.d.ts.map +1 -1
package/dist/dto/get-suspicious-activity.dto.js +36 -0
package/dist/dto/get-suspicious-activity.dto.js.map +1 -1
package/dist/dto/get-user-auth-history.dto.d.ts.map +1 -1
package/dist/dto/get-user-auth-history.dto.js +76 -0
package/dist/dto/get-user-auth-history.dto.js.map +1 -1
package/dist/dto/login.dto.d.ts.map +1 -1
package/dist/dto/login.dto.js +15 -0
package/dist/dto/login.dto.js.map +1 -1
package/dist/dto/verify-mfa-code.dto.d.ts.map +1 -1
package/dist/dto/verify-mfa-code.dto.js +15 -0
package/dist/dto/verify-mfa-code.dto.js.map +1 -1
package/dist/services/auth-audit.service.d.ts.map +1 -1
package/dist/services/auth-audit.service.js +5 -0
package/dist/services/auth-audit.service.js.map +1 -1
package/dist/services/auth.service.d.ts.map +1 -1
package/dist/services/auth.service.js +49 -0
package/dist/services/auth.service.js.map +1 -1
package/dist/services/email-verification.service.d.ts.map +1 -1
package/dist/services/email-verification.service.js +5 -0
package/dist/services/email-verification.service.js.map +1 -1
package/dist/services/mfa.service.d.ts.map +1 -1
package/dist/services/mfa.service.js +13 -0
package/dist/services/mfa.service.js.map +1 -1
package/dist/services/phone-verification.service.d.ts.map +1 -1
package/dist/services/phone-verification.service.js +6 -0
package/dist/services/phone-verification.service.js.map +1 -1
package/dist/services/social-auth.service.d.ts.map +1 -1
package/dist/services/social-auth.service.js +9 -0
package/dist/services/social-auth.service.js.map +1 -1
package/dist/utils/dto-validator.d.ts +113 -0
package/dist/utils/dto-validator.d.ts.map +1 -0
package/dist/utils/dto-validator.js +224 -0
package/dist/utils/dto-validator.js.map +1 -0
package/dist/utils/index.d.ts +1 -0
package/dist/utils/index.d.ts.map +1 -1
package/dist/utils/index.js +1 -0
package/dist/utils/index.js.map +1 -1
package/dist/utils/setup/init-services.d.ts.map +1 -1
package/dist/utils/setup/init-services.js +43 -1
package/dist/utils/setup/init-services.js.map +1 -1
package/package.json +1 -1

package/dist/services/auth.service.js CHANGED Viewed

@@ -37,8 +37,24 @@ exports.AuthService = void 0;
 const auth_audit_event_type_enum_1 = require("../enums/auth-audit-event-type.enum");
 const risk_factor_enum_1 = require("../enums/risk-factor.enum");
 const context_storage_1 = require("../utils/context-storage");
+const signup_dto_1 = require("../dto/signup.dto");
+const admin_signup_dto_1 = require("../dto/admin-signup.dto");
+const login_dto_1 = require("../dto/login.dto");
+const change_password_request_dto_1 = require("../dto/change-password-request.dto");
+const update_user_attributes_request_dto_1 = require("../dto/update-user-attributes-request.dto");
 const user_response_dto_1 = require("../dto/user-response.dto");
 const auth_challenge_dto_1 = require("../dto/auth-challenge.dto");
+const respond_challenge_dto_1 = require("../dto/respond-challenge.dto");
+const get_user_by_email_dto_1 = require("../dto/get-user-by-email.dto");
+const get_user_by_id_dto_1 = require("../dto/get-user-by-id.dto");
+const logout_dto_1 = require("../dto/logout.dto");
+const logout_all_dto_1 = require("../dto/logout-all.dto");
+const refresh_token_dto_1 = require("../dto/refresh-token.dto");
+const resend_code_dto_1 = require("../dto/resend-code.dto");
+const set_must_change_password_dto_1 = require("../dto/set-must-change-password.dto");
+const admin_set_password_dto_1 = require("../dto/admin-set-password.dto");
+const forgot_password_dto_1 = require("../dto/forgot-password.dto");
+const confirm_forgot_password_dto_1 = require("../dto/confirm-forgot-password.dto");
 const verify_email_dto_1 = require("../dto/verify-email.dto");
 const verify_phone_dto_1 = require("../dto/verify-phone.dto");
 const verify_phone_by_sub_dto_1 = require("../dto/verify-phone-by-sub.dto");
@@ -48,6 +64,7 @@ const mfa_method_enum_1 = require("../enums/mfa-method.enum");
 const class_validator_1 = require("class-validator");
 const crypto = __importStar(require("crypto"));
 const password_generator_1 = require("../utils/password-generator");
+const dto_validator_1 = require("../utils/dto-validator");
 /**
  * Dummy Argon2 hash for constant-time response
  *
@@ -125,6 +142,8 @@ class AuthService {
      * ```
      */
     async signup(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(signup_dto_1.SignupDTO, dto);
         // Get client info from request context (transparent!)
         const clientInfo = this.clientInfoService.get();
         this.logger?.log?.(`Signup attempt for email: ${dto.email}`);
@@ -330,6 +349,8 @@ class AuthService {
      * ```
      */
     async adminSignup(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(admin_signup_dto_1.AdminSignupDTO, dto);
         // Get client info from request context (transparent!)
         const clientInfo = this.clientInfoService.get();
         this.logger?.log?.(`Admin signup attempt for email: ${dto.email}`);
@@ -504,6 +525,8 @@ class AuthService {
      * ```
      */
     async login(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(login_dto_1.LoginDTO, dto);
         // Get client info from request context (transparent!)
         const clientInfo = this.clientInfoService.get();
         const fireAndForget = this.config.auditLogs?.fireAndForget === true;
@@ -1085,6 +1108,8 @@ class AuthService {
      * ```
      */
     async respondToChallenge(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(respond_challenge_dto_1.RespondChallengeDTO, dto);
         const responseData = dto;
         const { session, type } = responseData;
         const requestTrace = `${Date.now()}-${Math.random().toString(36).substring(7)}`;
@@ -1871,6 +1896,8 @@ class AuthService {
      * ```
      */
     async resendCode(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(resend_code_dto_1.ResendCodeDTO, dto);
         this.logger?.debug?.(`Resending verification code: session=${dto.session}`);
         // Validate session (session must be valid to resend)
         const challengeSession = await this.challengeService.validateSession(dto.session);
@@ -2133,6 +2160,8 @@ class AuthService {
      * ```
      */
     async refreshToken(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(refresh_token_dto_1.RefreshTokenDTO, dto);
         const tokenHash = this.jwtService.hashToken(dto.refreshToken);
         // ============================================================================
         // CRITICAL SECURITY FIX #1 & #2: Distributed Lock + Reuse Detection
@@ -2360,6 +2389,8 @@ class AuthService {
      * @throws {NAuthException} If session ID is not available in request context
      */
     async logout(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(logout_dto_1.LogoutDTO, dto);
         // Get sessionId from context (automatically extracted from JWT token)
         const clientInfo = this.clientInfoService.get();
         let sessionId = clientInfo.sessionId;
@@ -2488,6 +2519,8 @@ class AuthService {
      * @returns Number of sessions revoked
      */
     async logoutAll(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(logout_all_dto_1.LogoutAllDTO, dto);
         // Get user by sub to get internal id
         const user = (await this.userRepository.findOne({ where: { sub: dto.sub } }));
         if (!user) {
@@ -2621,6 +2654,8 @@ class AuthService {
      * ```
      */
     async changePassword(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(change_password_request_dto_1.ChangePasswordRequestDTO, dto);
         // Get user by sub
         const user = (await this.userRepository.findOne({ where: { sub: dto.sub } }));
         if (!user || !user.passwordHash) {
@@ -2669,6 +2704,8 @@ class AuthService {
      * await authService.updateUserAttributes(sub, { email: 'test@example.com' });
      */
     async updateUserAttributes(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(update_user_attributes_request_dto_1.UpdateUserAttributesRequestDTO, dto);
         // Find user by sub (external identifier)
         const user = (await this.userRepository.findOne({ where: { sub: dto.sub } }));
         if (!user) {
@@ -3307,6 +3344,8 @@ class AuthService {
         return safeUser;
     }
     async getUserById(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(get_user_by_id_dto_1.GetUserByIdDTO, dto);
         const user = (await this.userRepository.findOne({ where: { sub: dto.sub } }));
         return user ? user_response_dto_1.UserResponseDto.fromEntity(user) : null;
     }
@@ -3324,6 +3363,8 @@ class AuthService {
      * ```
      */
     async getUserByEmail(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(get_user_by_email_dto_1.GetUserByEmailDTO, dto);
         const where = dto.requireEmailVerified
             ? { email: dto.email, isEmailVerified: true }
             : { email: dto.email };
@@ -3343,6 +3384,8 @@ class AuthService {
      * await authService.setMustChangePassword('user-uuid-123');
      */
     async setMustChangePassword(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(set_must_change_password_dto_1.SetMustChangePasswordDTO, dto);
         const user = await this.userRepository.findOne({ where: { sub: dto.userId } });
         if (!user) {
             throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.NOT_FOUND, 'User not found');
@@ -3390,6 +3433,8 @@ class AuthService {
      * ```
      */
     async adminSetPassword(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(admin_set_password_dto_1.AdminSetPasswordDTO, dto);
         this.logger?.log?.(`Admin password reset requested for identifier: ${dto.identifier}`);
         this.logger?.debug?.(`Reset details: { identifier: ${dto.identifier}, mustChangePassword: ${dto.mustChangePassword ?? true}, revokeSessions: ${dto.revokeSessions ?? true} }`);
         // ============================================================================
@@ -3464,6 +3509,8 @@ class AuthService {
      * @returns Delivery metadata (masked destination) when available
      */
     async forgotPassword(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(forgot_password_dto_1.ForgotPasswordDTO, dto);
         const response = { success: true };
         if (!this.passwordResetService) {
             // Do not leak configuration details to clients.
@@ -3546,6 +3593,8 @@ class AuthService {
      * @throws {NAuthException} PASSWORD_RESET_CODE_INVALID | PASSWORD_RESET_CODE_EXPIRED | PASSWORD_RESET_MAX_ATTEMPTS
      */
     async confirmForgotPassword(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(confirm_forgot_password_dto_1.ConfirmForgotPasswordDTO, dto);
         if (!this.passwordResetService) {
             throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.SERVICE_UNAVAILABLE, 'Password reset is not available');
         }