npm - @nauth-toolkit/core - Versions diffs - 0.1.28 → 0.1.30 - Mend

@nauth-toolkit/core 0.1.28 → 0.1.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

package/dist/dto/get-events-by-type.dto.d.ts.map +1 -1
package/dist/dto/get-events-by-type.dto.js +55 -0
package/dist/dto/get-events-by-type.dto.js.map +1 -1
package/dist/dto/get-risk-assessment-history.dto.d.ts.map +1 -1
package/dist/dto/get-risk-assessment-history.dto.js +35 -0
package/dist/dto/get-risk-assessment-history.dto.js.map +1 -1
package/dist/dto/get-suspicious-activity.dto.d.ts.map +1 -1
package/dist/dto/get-suspicious-activity.dto.js +36 -0
package/dist/dto/get-suspicious-activity.dto.js.map +1 -1
package/dist/dto/get-user-auth-history.dto.d.ts.map +1 -1
package/dist/dto/get-user-auth-history.dto.js +76 -0
package/dist/dto/get-user-auth-history.dto.js.map +1 -1
package/dist/dto/index.d.ts +1 -0
package/dist/dto/index.d.ts.map +1 -1
package/dist/dto/index.js +1 -0
package/dist/dto/index.js.map +1 -1
package/dist/dto/login.dto.d.ts.map +1 -1
package/dist/dto/login.dto.js +15 -0
package/dist/dto/login.dto.js.map +1 -1
package/dist/dto/social-redirect.dto.d.ts +302 -0
package/dist/dto/social-redirect.dto.d.ts.map +1 -0
package/dist/dto/social-redirect.dto.js +464 -0
package/dist/dto/social-redirect.dto.js.map +1 -0
package/dist/dto/verify-mfa-code.dto.d.ts.map +1 -1
package/dist/dto/verify-mfa-code.dto.js +15 -0
package/dist/dto/verify-mfa-code.dto.js.map +1 -1
package/dist/schemas/auth-config.schema.d.ts +12 -12
package/dist/services/auth-audit.service.d.ts.map +1 -1
package/dist/services/auth-audit.service.js +5 -0
package/dist/services/auth-audit.service.js.map +1 -1
package/dist/services/auth.service.d.ts.map +1 -1
package/dist/services/auth.service.js +49 -0
package/dist/services/auth.service.js.map +1 -1
package/dist/services/email-verification.service.d.ts.map +1 -1
package/dist/services/email-verification.service.js +5 -0
package/dist/services/email-verification.service.js.map +1 -1
package/dist/services/index.d.ts +0 -1
package/dist/services/index.d.ts.map +1 -1
package/dist/services/index.js +1 -1
package/dist/services/index.js.map +1 -1
package/dist/services/mfa.service.d.ts.map +1 -1
package/dist/services/mfa.service.js +13 -0
package/dist/services/mfa.service.js.map +1 -1
package/dist/services/phone-verification.service.d.ts.map +1 -1
package/dist/services/phone-verification.service.js +6 -0
package/dist/services/phone-verification.service.js.map +1 -1
package/dist/services/social-auth.service.d.ts.map +1 -1
package/dist/services/social-auth.service.js +9 -0
package/dist/services/social-auth.service.js.map +1 -1
package/dist/utils/dto-validator.d.ts +113 -0
package/dist/utils/dto-validator.d.ts.map +1 -0
package/dist/utils/dto-validator.js +224 -0
package/dist/utils/dto-validator.js.map +1 -0
package/dist/utils/index.d.ts +1 -0
package/dist/utils/index.d.ts.map +1 -1
package/dist/utils/index.js +1 -0
package/dist/utils/index.js.map +1 -1
package/dist/utils/setup/init-services.d.ts.map +1 -1
package/dist/utils/setup/init-services.js +43 -1
package/dist/utils/setup/init-services.js.map +1 -1
package/package.json +1 -1

package/dist/dto/social-redirect.dto.d.ts ADDED Viewed

@@ -0,0 +1,302 @@
+/**
+ * DTO for starting the redirect-first social login flow
+ *
+ * Used when initiating a backend-first OAuth redirect flow where the provider
+ * redirects back to the backend callback endpoint.
+ *
+ * @example
+ * ```typescript
+ * // GET /auth/social/google/redirect?returnTo=/auth/callback&appState=12345&action=login
+ * ```
+ */
+export declare class StartSocialRedirectQueryDTO {
+    /**
+     * Frontend path or absolute URL to redirect to after authentication completes
+     *
+     * Validation:
+     * - Optional field
+     * - Max 2048 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     *
+     * @example '/auth/callback'
+     * @example 'https://myapp.com/auth/callback'
+     */
+    returnTo?: string;
+    /**
+     * Opaque, non-secret state to round-trip back to the frontend
+     *
+     * This value is stored during the OAuth flow and returned to the frontend
+     * after authentication completes. Use it to maintain UI state across the redirect.
+     *
+     * Validation:
+     * - Optional field
+     * - Max 2000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     *
+     * @example '12345'
+     * @example 'page=dashboard&mode=dark'
+     */
+    appState?: string;
+    /**
+     * Redirect action type
+     *
+     * - `login`: Standard social login/signup (default)
+     * - `link`: Link social account to existing authenticated user
+     *
+     * Validation:
+     * - Optional field
+     * - Must be either 'login' or 'link'
+     *
+     * @example 'login'
+     * @example 'link'
+     */
+    action?: 'login' | 'link';
+}
+/**
+ * DTO for OAuth callbacks via GET query parameters
+ *
+ * Used by providers that redirect with query params (Google, Facebook).
+ * This DTO handles both successful callbacks and error scenarios.
+ *
+ * @example
+ * ```typescript
+ * // Successful callback
+ * // GET /auth/social/google/callback?code=ABC123&state=xyz789
+ *
+ * // Error callback
+ * // GET /auth/social/google/callback?error=access_denied&error_description=User+cancelled
+ * ```
+ */
+export declare class SocialCallbackQueryDTO {
+    /**
+     * OAuth authorization code from provider
+     *
+     * Validation:
+     * - Optional field
+     * - Max 2000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    code?: string;
+    /**
+     * OAuth state parameter for CSRF protection
+     *
+     * Validation:
+     * - Optional field
+     * - Max 500 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    state?: string;
+    /**
+     * Provider error code (if user cancels or error occurs)
+     *
+     * Validation:
+     * - Optional field
+     * - Max 2000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     *
+     * @example 'access_denied'
+     */
+    error?: string;
+    /**
+     * Provider error description
+     *
+     * Validation:
+     * - Optional field
+     * - Max 4000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     *
+     * @example 'User cancelled the authentication request'
+     */
+    error_description?: string;
+    /**
+     * Google-specific: OAuth scope parameter
+     *
+     * Google often includes this in the callback. Explicitly allowed to avoid
+     * validation errors when using whitelist + forbidNonWhitelisted validation.
+     *
+     * Validation:
+     * - Optional field
+     * - Max 4000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    scope?: string;
+    /**
+     * Google-specific: Authenticated user index
+     *
+     * Validation:
+     * - Optional field
+     * - Max 50 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    authuser?: string;
+    /**
+     * Google-specific: Hosted domain parameter
+     *
+     * Validation:
+     * - Optional field
+     * - Max 2000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    hd?: string;
+    /**
+     * Google-specific: Prompt parameter
+     *
+     * Validation:
+     * - Optional field
+     * - Max 2000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    prompt?: string;
+    /**
+     * Provider-specific: Session state parameter
+     *
+     * Some providers include this for session management.
+     *
+     * Validation:
+     * - Optional field
+     * - Max 2000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    session_state?: string;
+    /**
+     * Provider-specific: Error URI parameter
+     *
+     * Some providers include a URI with more error details.
+     *
+     * Validation:
+     * - Optional field
+     * - Max 4000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    error_uri?: string;
+}
+/**
+ * DTO for Apple form_post OAuth callbacks
+ *
+ * Apple uses POST form_post response mode instead of query parameters.
+ * This DTO handles the form data sent to the callback endpoint.
+ *
+ * @example
+ * ```typescript
+ * // POST /auth/social/apple/callback
+ * // Content-Type: application/x-www-form-urlencoded
+ * // code=ABC123&state=xyz789
+ * ```
+ */
+export declare class SocialCallbackFormDTO {
+    /**
+     * OAuth authorization code from provider
+     *
+     * Validation:
+     * - Optional field
+     * - Max 2000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    code?: string;
+    /**
+     * OAuth state parameter for CSRF protection
+     *
+     * Validation:
+     * - Optional field
+     * - Max 500 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    state?: string;
+    /**
+     * Provider error code (if user cancels or error occurs)
+     *
+     * Validation:
+     * - Optional field
+     * - Max 2000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    error?: string;
+    /**
+     * Provider error description
+     *
+     * Validation:
+     * - Optional field
+     * - Max 4000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    error_description?: string;
+    /**
+     * Provider callback extras (for validation compatibility)
+     *
+     * Included for parity with GET callback DTO to avoid strict validation issues.
+     *
+     * Validation:
+     * - Optional field
+     * - Max 4000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    scope?: string;
+    /**
+     * Provider-specific parameter
+     *
+     * Validation:
+     * - Optional field
+     * - Max 50 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    authuser?: string;
+    /**
+     * Provider-specific parameter
+     *
+     * Validation:
+     * - Optional field
+     * - Max 2000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    hd?: string;
+    /**
+     * Provider-specific parameter
+     *
+     * Validation:
+     * - Optional field
+     * - Max 2000 characters
+     *
+     * Sanitization:
+     * - Trimmed
+     */
+    prompt?: string;
+}
+//# sourceMappingURL=social-redirect.dto.d.ts.map

package/dist/dto/social-redirect.dto.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"social-redirect.dto.d.ts","sourceRoot":"","sources":["../../src/dto/social-redirect.dto.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;GAUG;AACH,qBAAa,2BAA2B;IACtC;;;;;;;;;;;;OAYG;IAKH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;;;;OAeG;IAKH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;OAYG;IAGH,MAAM,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;CAC3B;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,sBAAsB;IACjC;;;;;;;;;OASG;IAKH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;;;;;;;OASG;IAKH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;;;;;;;;;OAWG;IAKH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;;;;;;;;;OAWG;IAKH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;;;;;;;;;;;OAYG;IAKH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;;;;;;;OASG;IAKH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;OASG;IAKH,EAAE,CAAC,EAAE,MAAM,CAAC;IAEZ;;;;;;;;;OASG;IAKH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;;;;;;;;;OAWG;IAKH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;;;;;;;;;OAWG;IAKH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,qBAAqB;IAChC;;;;;;;;;OASG;IAKH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;;;;;;;OASG;IAKH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;;;;;;;OASG;IAKH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;;;;;;;OASG;IAKH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;;;;;;;;;;OAWG;IAKH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;;;;;;;OASG;IAKH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;OASG;IAKH,EAAE,CAAC,EAAE,MAAM,CAAC;IAEZ;;;;;;;;;OASG;IAKH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB"}