@nauth-toolkit/core 0.1.60 → 0.1.62
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bootstrap.d.ts.map +1 -1
- package/dist/bootstrap.js +0 -22
- package/dist/bootstrap.js.map +1 -1
- package/dist/dto/change-password-request.dto.d.ts +5 -2
- package/dist/dto/change-password-request.dto.d.ts.map +1 -1
- package/dist/dto/change-password-request.dto.js +6 -1
- package/dist/dto/change-password-request.dto.js.map +1 -1
- package/dist/dto/logout-all.dto.d.ts +5 -2
- package/dist/dto/logout-all.dto.d.ts.map +1 -1
- package/dist/dto/logout-all.dto.js +6 -1
- package/dist/dto/logout-all.dto.js.map +1 -1
- package/dist/dto/refresh-token.dto.d.ts +19 -7
- package/dist/dto/refresh-token.dto.d.ts.map +1 -1
- package/dist/dto/refresh-token.dto.js +20 -6
- package/dist/dto/refresh-token.dto.js.map +1 -1
- package/dist/dto/setup-mfa.dto.d.ts +5 -2
- package/dist/dto/setup-mfa.dto.d.ts.map +1 -1
- package/dist/dto/setup-mfa.dto.js +6 -1
- package/dist/dto/setup-mfa.dto.js.map +1 -1
- package/dist/dto/update-user-attributes-request.dto.d.ts +5 -2
- package/dist/dto/update-user-attributes-request.dto.d.ts.map +1 -1
- package/dist/dto/update-user-attributes-request.dto.js +6 -1
- package/dist/dto/update-user-attributes-request.dto.js.map +1 -1
- package/dist/handlers/csrf.handler.d.ts.map +1 -1
- package/dist/handlers/csrf.handler.js +12 -1
- package/dist/handlers/csrf.handler.js.map +1 -1
- package/dist/interfaces/config.interface.d.ts +306 -76
- package/dist/interfaces/config.interface.d.ts.map +1 -1
- package/dist/interfaces/hooks.interface.d.ts +753 -7
- package/dist/interfaces/hooks.interface.d.ts.map +1 -1
- package/dist/interfaces/provider.interface.d.ts +143 -0
- package/dist/interfaces/provider.interface.d.ts.map +1 -1
- package/dist/interfaces/template.interface.d.ts +20 -43
- package/dist/interfaces/template.interface.d.ts.map +1 -1
- package/dist/interfaces/template.interface.js +8 -0
- package/dist/interfaces/template.interface.js.map +1 -1
- package/dist/internal.d.ts +5 -0
- package/dist/internal.d.ts.map +1 -1
- package/dist/internal.js +7 -1
- package/dist/internal.js.map +1 -1
- package/dist/schemas/auth-config.schema.d.ts +445 -104
- package/dist/schemas/auth-config.schema.d.ts.map +1 -1
- package/dist/schemas/auth-config.schema.js +55 -8
- package/dist/schemas/auth-config.schema.js.map +1 -1
- package/dist/services/adaptive-mfa-decision.service.d.ts +25 -1
- package/dist/services/adaptive-mfa-decision.service.d.ts.map +1 -1
- package/dist/services/adaptive-mfa-decision.service.js +91 -8
- package/dist/services/adaptive-mfa-decision.service.js.map +1 -1
- package/dist/services/auth-audit.service.d.ts.map +1 -1
- package/dist/services/auth-audit.service.js +25 -4
- package/dist/services/auth-audit.service.js.map +1 -1
- package/dist/services/auth-flow-context-builder.service.d.ts.map +1 -1
- package/dist/services/auth-flow-context-builder.service.js +8 -1
- package/dist/services/auth-flow-context-builder.service.js.map +1 -1
- package/dist/services/auth-service-internal-helpers.d.ts +3 -1
- package/dist/services/auth-service-internal-helpers.d.ts.map +1 -1
- package/dist/services/auth-service-internal-helpers.js +28 -1
- package/dist/services/auth-service-internal-helpers.js.map +1 -1
- package/dist/services/auth.service.d.ts.map +1 -1
- package/dist/services/auth.service.js +84 -27
- package/dist/services/auth.service.js.map +1 -1
- package/dist/services/email-notifications.hook.d.ts +14 -0
- package/dist/services/email-notifications.hook.d.ts.map +1 -0
- package/dist/services/email-notifications.hook.js +254 -0
- package/dist/services/email-notifications.hook.js.map +1 -0
- package/dist/services/email-verification.service.d.ts.map +1 -1
- package/dist/services/email-verification.service.js +55 -0
- package/dist/services/email-verification.service.js.map +1 -1
- package/dist/services/hook-registry.service.d.ts +222 -1
- package/dist/services/hook-registry.service.d.ts.map +1 -1
- package/dist/services/hook-registry.service.js +391 -0
- package/dist/services/hook-registry.service.js.map +1 -1
- package/dist/services/mfa-base.service.d.ts +3 -1
- package/dist/services/mfa-base.service.d.ts.map +1 -1
- package/dist/services/mfa-base.service.js +70 -1
- package/dist/services/mfa-base.service.js.map +1 -1
- package/dist/services/mfa.service.d.ts +3 -1
- package/dist/services/mfa.service.d.ts.map +1 -1
- package/dist/services/mfa.service.js +32 -1
- package/dist/services/mfa.service.js.map +1 -1
- package/dist/services/password-reset.service.d.ts.map +1 -1
- package/dist/services/password-reset.service.js +5 -3
- package/dist/services/password-reset.service.js.map +1 -1
- package/dist/services/phone-verification.service.d.ts.map +1 -1
- package/dist/services/phone-verification.service.js +56 -2
- package/dist/services/phone-verification.service.js.map +1 -1
- package/dist/services/user.service.d.ts.map +1 -1
- package/dist/services/user.service.js +84 -1
- package/dist/services/user.service.js.map +1 -1
- package/dist/utils/setup/init-services.d.ts.map +1 -1
- package/dist/utils/setup/init-services.js +22 -23
- package/dist/utils/setup/init-services.js.map +1 -1
- package/dist/validators/template.validator.d.ts.map +1 -1
- package/dist/validators/template.validator.js +8 -0
- package/dist/validators/template.validator.js.map +1 -1
- package/package.json +1 -1
package/dist/bootstrap.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAGnD,OAAO,EAAE,YAAY,EAA+B,MAAM,uBAAuB,CAAC;AASlF,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAKtD,OAAO,EAAgB,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE1E,OAAO,EAAkB,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAGjF,OAAO,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC;AAChE,OAAO,EAAE,KAAK,EAAE,MAAM,iCAAiC,CAAC;AAOxD;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,0BAA0B;IAC1B,MAAM,EAAE,WAAW,CAAC;IAEpB,yBAAyB;IACzB,UAAU,EAAE,UAAU,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,YAAY,CAAC;CACxB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,aAAa,CAAC,WAAW,GAAG,OAAO,EAAE,OAAO,GAAG,OAAO,CACrE,SAAQ,IAAI,CAAC,aAAa,EAAE,kBAAkB,GAAG,4BAA4B,CAAC,EAAE,oBAAoB;IACpG,0CAA0C;IAC1C,UAAU,EAAE;QACV,6CAA6C;QAC7C,UAAU,EAAE,WAAW,CAAC;QACxB,yBAAyB;QACzB,IAAI,EAAE,WAAW,CAAC;QAClB,sBAAsB;QACtB,IAAI,EAAE,WAAW,CAAC;QAClB,4CAA4C;QAC5C,aAAa,EAAE,WAAW,CAAC;KAC5B,CAAC;IAEF,oBAAoB;IACpB,OAAO,EAAE;QACP,2CAA2C;QAC3C,MAAM,EAAE,MAAM,OAAO,CAAC;QACtB,yDAAyD;QACzD,WAAW,EAAE,CAAC,OAAO,CAAC,EAAE;YAAE,IAAI,CAAC,EAAE,OAAO,CAAA;SAAE,KAAK,OAAO,CAAC;QACvD,qCAAqC;QACrC,YAAY,EAAE,MAAM,OAAO,CAAC;QAC5B,mCAAmC;QACnC,aAAa,EAAE,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,KAAK,OAAO,CAAC;QACrD,qCAAqC;QACrC,cAAc,EAAE,MAAM,KAAK,GAAG,SAAS,CAAC;QACxC,6BAA6B;QAC7B,iBAAiB,EAAE,MAAM,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;QACrD,sBAAsB;QACtB,aAAa,EAAE,MAAM,UAAU,GAAG,SAAS,CAAC;KAC7C,CAAC;IAEF,6BAA6B;IAC7B,OAAO,EAAE,YAAY,CAAC;IAEtB,oBAAoB;IACpB,MAAM,EAAE,WAAW,CAAC;IAEpB,sBAAsB;IACtB,MAAM,EAAE,WAAW,CAAC;IAEpB,gCAAgC;IAChC,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAMD;;;;GAIG;AACH,qBAAa,KAAK;IAChB;;;;;;;;;;;;;;OAcG;WACU,MAAM,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAGnD,OAAO,EAAE,YAAY,EAA+B,MAAM,uBAAuB,CAAC;AASlF,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAKtD,OAAO,EAAgB,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE1E,OAAO,EAAkB,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAGjF,OAAO,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC;AAChE,OAAO,EAAE,KAAK,EAAE,MAAM,iCAAiC,CAAC;AAOxD;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,0BAA0B;IAC1B,MAAM,EAAE,WAAW,CAAC;IAEpB,yBAAyB;IACzB,UAAU,EAAE,UAAU,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,YAAY,CAAC;CACxB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,aAAa,CAAC,WAAW,GAAG,OAAO,EAAE,OAAO,GAAG,OAAO,CACrE,SAAQ,IAAI,CAAC,aAAa,EAAE,kBAAkB,GAAG,4BAA4B,CAAC,EAAE,oBAAoB;IACpG,0CAA0C;IAC1C,UAAU,EAAE;QACV,6CAA6C;QAC7C,UAAU,EAAE,WAAW,CAAC;QACxB,yBAAyB;QACzB,IAAI,EAAE,WAAW,CAAC;QAClB,sBAAsB;QACtB,IAAI,EAAE,WAAW,CAAC;QAClB,4CAA4C;QAC5C,aAAa,EAAE,WAAW,CAAC;KAC5B,CAAC;IAEF,oBAAoB;IACpB,OAAO,EAAE;QACP,2CAA2C;QAC3C,MAAM,EAAE,MAAM,OAAO,CAAC;QACtB,yDAAyD;QACzD,WAAW,EAAE,CAAC,OAAO,CAAC,EAAE;YAAE,IAAI,CAAC,EAAE,OAAO,CAAA;SAAE,KAAK,OAAO,CAAC;QACvD,qCAAqC;QACrC,YAAY,EAAE,MAAM,OAAO,CAAC;QAC5B,mCAAmC;QACnC,aAAa,EAAE,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,KAAK,OAAO,CAAC;QACrD,qCAAqC;QACrC,cAAc,EAAE,MAAM,KAAK,GAAG,SAAS,CAAC;QACxC,6BAA6B;QAC7B,iBAAiB,EAAE,MAAM,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;QACrD,sBAAsB;QACtB,aAAa,EAAE,MAAM,UAAU,GAAG,SAAS,CAAC;KAC7C,CAAC;IAEF,6BAA6B;IAC7B,OAAO,EAAE,YAAY,CAAC;IAEtB,oBAAoB;IACpB,MAAM,EAAE,WAAW,CAAC;IAEpB,sBAAsB;IACtB,MAAM,EAAE,WAAW,CAAC;IAEpB,gCAAgC;IAChC,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAMD;;;;GAIG;AACH,qBAAa,KAAK;IAChB;;;;;;;;;;;;;;OAcG;WACU,MAAM,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;CA6NnE"}
|
package/dist/bootstrap.js
CHANGED
|
@@ -81,30 +81,21 @@ class NAuth {
|
|
|
81
81
|
// ========================================================================
|
|
82
82
|
// 0. Run database migrations (adapter-owned, auto-run, no consumer burden)
|
|
83
83
|
// ========================================================================
|
|
84
|
-
logger.debug('[PERF] Starting database migrations...');
|
|
85
84
|
await (0, run_nauth_migrations_1.runNAuthMigrationsOnStartup)(config, dataSource, logger);
|
|
86
|
-
logger.debug('[PERF] Database migrations completed');
|
|
87
85
|
// ========================================================================
|
|
88
86
|
// 1. Initialize Repositories & Storage
|
|
89
87
|
// ========================================================================
|
|
90
|
-
logger.debug('[PERF] Discovering repositories...');
|
|
91
88
|
const repos = (0, get_repositories_1.getRepositories)(dataSource);
|
|
92
|
-
logger.debug('[PERF] Repositories discovered');
|
|
93
|
-
logger.debug('[PERF] Initializing storage...');
|
|
94
89
|
const storage = await (0, init_storage_1.initStorage)(config, repos.rateLimitRepository, repos.storageLockRepository, logger);
|
|
95
|
-
logger.debug('[PERF] Storage initialized');
|
|
96
90
|
// ========================================================================
|
|
97
91
|
// 2. Initialize Services
|
|
98
92
|
// ========================================================================
|
|
99
|
-
logger.debug('[PERF] Initializing services...');
|
|
100
93
|
const emailProvider = config.emailProvider;
|
|
101
94
|
const smsProvider = config.smsProvider;
|
|
102
95
|
const services = (0, init_services_1.initServices)(config, repos, storage, logger, emailProvider, smsProvider);
|
|
103
|
-
logger.debug('[PERF] Services initialized');
|
|
104
96
|
// ========================================================================
|
|
105
97
|
// 3. Initialize Auth Flow State Machine
|
|
106
98
|
// ========================================================================
|
|
107
|
-
logger.debug('[PERF] Initializing auth flow state machine...');
|
|
108
99
|
const contextBuilder = new internal_1.AuthFlowContextBuilder(services.trustedDeviceService, services.adaptiveMFADecisionService, services.clientInfoService, logger);
|
|
109
100
|
const stateMachine = new internal_1.AuthFlowStateMachineService(contextBuilder, logger);
|
|
110
101
|
if (services.authChallengeHelperService) {
|
|
@@ -114,25 +105,17 @@ class NAuth {
|
|
|
114
105
|
else {
|
|
115
106
|
throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.INTERNAL_ERROR, 'AuthChallengeHelperService not initialized.');
|
|
116
107
|
}
|
|
117
|
-
logger.debug('[PERF] Auth flow state machine initialized');
|
|
118
108
|
// ========================================================================
|
|
119
109
|
// 4. Register MFA & Social Providers
|
|
120
110
|
// ========================================================================
|
|
121
|
-
logger.debug('[PERF] Registering providers...');
|
|
122
111
|
const socialAuthStateStore = new social_auth_state_store_service_1.SocialAuthStateStore(storage, logger);
|
|
123
112
|
if (config.mfa?.enabled && services.mfaService) {
|
|
124
|
-
logger.debug('[PERF] Registering MFA providers...');
|
|
125
113
|
await (0, register_mfa_1.registerMFAProviders)(config, services.mfaService, repos.mfaDeviceRepository, repos.userRepository, logger, services.passwordService, services.emailVerificationService, services.phoneVerificationService, services.challengeService, services.auditService, services.clientInfoService);
|
|
126
|
-
logger.debug('[PERF] MFA providers registered');
|
|
127
114
|
}
|
|
128
|
-
logger.debug('[PERF] Initializing social auth...');
|
|
129
115
|
const socialProviders = await (0, init_social_1.initSocialAuth)(config, services.socialProviderRegistry, services.authService, services.socialAuthService, services.jwtService, services.sessionService, services.authChallengeHelperService, services.clientInfoService, logger, socialAuthStateStore, repos.userRepository, services.phoneVerificationService, services.auditService, services.trustedDeviceService, repos.socialProviderSecretRepository, services.hookRegistry);
|
|
130
|
-
logger.debug('[PERF] Social auth initialized');
|
|
131
|
-
logger.debug('[PERF] Providers registration completed');
|
|
132
116
|
// ========================================================================
|
|
133
117
|
// 5. Create Handlers
|
|
134
118
|
// ========================================================================
|
|
135
|
-
logger.debug('[PERF] Creating handlers...');
|
|
136
119
|
const clientInfoHandler = new client_info_handler_1.ClientInfoHandler(services.clientInfoService, services.geoLocationService, logger);
|
|
137
120
|
const authHandler = new auth_handler_1.AuthHandler(services.jwtService, services.sessionService, services.authService, config, logger);
|
|
138
121
|
const tokenDeliveryHandler = new token_delivery_handler_1.TokenDeliveryHandler(config, logger);
|
|
@@ -141,11 +124,9 @@ class NAuth {
|
|
|
141
124
|
? new csrf_service_1.CsrfService(config)
|
|
142
125
|
: undefined;
|
|
143
126
|
const csrfHandler = csrfService ? new csrf_handler_1.CsrfHandler(csrfService, config, logger) : null;
|
|
144
|
-
logger.debug('[PERF] Handlers created');
|
|
145
127
|
// ========================================================================
|
|
146
128
|
// 6. Register Middleware with Adapter
|
|
147
129
|
// ========================================================================
|
|
148
|
-
logger.debug('[PERF] Registering middleware with adapter...');
|
|
149
130
|
const middleware = {
|
|
150
131
|
// ClientInfo MUST be first - initializes context
|
|
151
132
|
clientInfo: adapter.registerMiddleware('clientInfo', clientInfoHandler.handle.bind(clientInfoHandler), {
|
|
@@ -216,15 +197,12 @@ class NAuth {
|
|
|
216
197
|
getCurrentSession: () => context_storage_1.ContextStorage.get('CURRENT_SESSION'),
|
|
217
198
|
getClientInfo: () => context_storage_1.ContextStorage.get('CLIENT_INFO'),
|
|
218
199
|
};
|
|
219
|
-
logger.debug('[PERF] Middleware registered with adapter');
|
|
220
200
|
// ========================================================================
|
|
221
201
|
// 8. Build and Return Instance
|
|
222
202
|
// ========================================================================
|
|
223
|
-
logger.debug('[PERF] Building NAuth instance...');
|
|
224
203
|
// Exclude internal services from public API
|
|
225
204
|
const { challengeService, authChallengeHelperService, ...publicServices } = services;
|
|
226
205
|
logger.log(`NAuth initialized successfully with ${adapter.name}`);
|
|
227
|
-
logger.debug('[PERF] NAuth initialization completed');
|
|
228
206
|
return {
|
|
229
207
|
...publicServices,
|
|
230
208
|
...socialProviders,
|
package/dist/bootstrap.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;;AAIH,uDAAmD;AACnD,kEAA8D;AAC9D,+DAAyD;AAEzD,gEAA4D;AAC5D,6DAAyD;AAEzD,WAAW;AACX,wEAAmE;AACnE,0DAAsD;AACtD,8EAAyE;AACzE,0DAAsD;AACtD,0DAAsD;AAEtD,gBAAgB;AAChB,qEAAiE;AACjE,6DAAyD;AACzD,+DAA0E;AAC1E,6DAAkE;AAClE,2DAAiF;AACjF,6EAAiF;AACjF,yCAAiF;AAGjF,gGAAkF;AA4ElF,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;;GAIG;AACH,MAAa,KAAK;IAChB;;;;;;;;;;;;;;OAcG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAqB;QACvC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;QACvC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,gCAAc,EAAE,CAAC;QAExD,MAAM,MAAM,GAAG,IAAI,0BAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC9C,MAAM,CAAC,GAAG,CAAC,2BAA2B,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC;QAEzD,2EAA2E;QAC3E,2EAA2E;QAC3E,2EAA2E;QAC3E,MAAM,
|
|
1
|
+
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;;AAIH,uDAAmD;AACnD,kEAA8D;AAC9D,+DAAyD;AAEzD,gEAA4D;AAC5D,6DAAyD;AAEzD,WAAW;AACX,wEAAmE;AACnE,0DAAsD;AACtD,8EAAyE;AACzE,0DAAsD;AACtD,0DAAsD;AAEtD,gBAAgB;AAChB,qEAAiE;AACjE,6DAAyD;AACzD,+DAA0E;AAC1E,6DAAkE;AAClE,2DAAiF;AACjF,6EAAiF;AACjF,yCAAiF;AAGjF,gGAAkF;AA4ElF,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;;GAIG;AACH,MAAa,KAAK;IAChB;;;;;;;;;;;;;;OAcG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAqB;QACvC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;QACvC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,gCAAc,EAAE,CAAC;QAExD,MAAM,MAAM,GAAG,IAAI,0BAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC9C,MAAM,CAAC,GAAG,CAAC,2BAA2B,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC;QAEzD,2EAA2E;QAC3E,2EAA2E;QAC3E,2EAA2E;QAC3E,MAAM,IAAA,kDAA2B,EAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QAE9D,2EAA2E;QAC3E,uCAAuC;QACvC,2EAA2E;QAC3E,MAAM,KAAK,GAAG,IAAA,kCAAe,EAAC,UAAU,CAAC,CAAC;QAE1C,MAAM,OAAO,GAAG,MAAM,IAAA,0BAAW,EAAC,MAAM,EAAE,KAAK,CAAC,mBAAmB,EAAE,KAAK,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAE1G,2EAA2E;QAC3E,yBAAyB;QACzB,2EAA2E;QAC3E,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACvC,MAAM,QAAQ,GAAkB,IAAA,4BAAY,EAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;QAEzG,2EAA2E;QAC3E,wCAAwC;QACxC,2EAA2E;QAC3E,MAAM,cAAc,GAAG,IAAI,iCAAsB,CAC/C,QAAQ,CAAC,oBAAoB,EAC7B,QAAQ,CAAC,0BAA0B,EACnC,QAAQ,CAAC,iBAAiB,EAC1B,MAAM,CACP,CAAC;QACF,MAAM,YAAY,GAAG,IAAI,sCAA2B,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAE7E,IAAI,QAAQ,CAAC,0BAA0B,EAAE,CAAC;YACvC,QAAQ,CAAC,0BAAiE,CAAC,YAAY,GAAG,YAAY,CAAC;YACvG,QAAQ,CAAC,0BAAiE,CAAC,cAAc,GAAG,cAAc,CAAC;QAC9G,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,cAAc,EAAE,6CAA6C,CAAC,CAAC;QACxG,CAAC;QAED,2EAA2E;QAC3E,qCAAqC;QACrC,2EAA2E;QAC3E,MAAM,oBAAoB,GAAG,IAAI,sDAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEvE,IAAI,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC/C,MAAM,IAAA,mCAAoB,EACxB,MAAM,EACN,QAAQ,CAAC,UAAU,EACnB,KAAK,CAAC,mBAAoB,EAC1B,KAAK,CAAC,cAAc,EACpB,MAAM,EACN,QAAQ,CAAC,eAAe,EACxB,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,gBAAgB,EACzB,QAAQ,CAAC,YAAY,EACrB,QAAQ,CAAC,iBAAiB,CAC3B,CAAC;QACJ,CAAC;QAED,MAAM,eAAe,GAAyB,MAAM,IAAA,4BAAc,EAChE,MAAM,EACN,QAAQ,CAAC,sBAAsB,EAC/B,QAAQ,CAAC,WAAW,EACpB,QAAQ,CAAC,iBAAiB,EAC1B,QAAQ,CAAC,UAAU,EACnB,QAAQ,CAAC,cAAc,EACvB,QAAQ,CAAC,0BAA0B,EACnC,QAAQ,CAAC,iBAAiB,EAC1B,MAAM,EACN,oBAAoB,EACpB,KAAK,CAAC,cAAc,EACpB,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,YAAY,EACrB,QAAQ,CAAC,oBAAoB,EAC7B,KAAK,CAAC,8BAA8B,EACpC,QAAQ,CAAC,YAAY,CACtB,CAAC;QAEF,2EAA2E;QAC3E,qBAAqB;QACrB,2EAA2E;QAC3E,MAAM,iBAAiB,GAAG,IAAI,uCAAiB,CAAC,QAAQ,CAAC,iBAAiB,EAAE,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;QAEjH,MAAM,WAAW,GAAG,IAAI,0BAAW,CACjC,QAAQ,CAAC,UAAU,EACnB,QAAQ,CAAC,cAAc,EACvB,QAAQ,CAAC,WAAW,EACpB,MAAM,EACN,MAAM,CACP,CAAC;QAEF,MAAM,oBAAoB,GAAG,IAAI,6CAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEtE,kDAAkD;QAClD,MAAM,WAAW,GACf,MAAM,CAAC,aAAa,EAAE,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,aAAa,EAAE,MAAM,KAAK,QAAQ;YACrF,CAAC,CAAC,IAAI,0BAAW,CAAC,MAAM,CAAC;YACzB,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,IAAI,0BAAW,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEtF,2EAA2E;QAC3E,sCAAsC;QACtC,2EAA2E;QAC3E,MAAM,UAAU,GAAG;YACjB,iDAAiD;YACjD,UAAU,EAAE,OAAO,CAAC,kBAAkB,CAAC,YAAY,EAAE,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE;gBACrG,kBAAkB,EAAE,IAAI;aACzB,CAAC;YAEF,eAAe;YACf,IAAI,EAAE,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAE9E,mCAAmC;YACnC,IAAI,EAAE,WAAW;gBACf,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC1E,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,KAAK,EAAE,IAAkB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;oBACrG,MAAM,IAAI,EAAE,CAAC;gBACf,CAAC,CAAC;YAEN,wCAAwC;YACxC,aAAa,EAAE,OAAO,CAAC,2BAA2B,CAChD,oBAAoB,CAAC,cAAc,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAC/D;SACF,CAAC;QAEF,2EAA2E;QAC3E,oBAAoB;QACpB,2EAA2E;QAC3E,MAAM,OAAO,GAAG;YACd;;eAEG;YACH,MAAM,EAAE,GAAG,EAAE,CACX,OAAO,CAAC,kBAAkB,CAAC,QAAQ,EAAE,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBAChG,GAAG,CAAC,UAAU,CAAC,WAAW,GAAG,IAAI,CAAC;gBAClC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAEJ;;;;eAIG;YACH,WAAW,EAAE,CAAC,OAA4B,EAAE,EAAE,CAC5C,OAAO,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC,GAAiB,EAAE,GAAkB,EAAE,IAAgB,EAAE,EAAE;gBACpG,gDAAgD;gBAChD,IAAI,OAAO,EAAE,IAAI,KAAK,KAAK,IAAI,GAAG,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;oBAC7D,MAAM,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;gBACtC,CAAC;gBAED,yBAAyB;gBACzB,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;oBACzB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACnB,UAAU,EAAE,GAAG;wBACf,KAAK,EAAE,cAAc;wBACrB,OAAO,EAAE,yBAAyB;wBAClC,IAAI,EAAE,eAAe;qBACtB,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAEJ;;;;;eAKG;YACH,YAAY,EAAE,GAAG,EAAE,CACjB,OAAO,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC,IAAkB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBACvG,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAEJ;;eAEG;YACH,aAAa,EAAE,CAAC,IAAwB,EAAE,EAAE,CAC1C,OAAO,CAAC,kBAAkB,CACxB,qBAAqB,EACrB,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBAC3D,GAAG,CAAC,UAAU,CAAC,kBAAkB,GAAG,IAAI,CAAC;gBACzC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CACF;YAEH,6CAA6C;YAC7C,cAAc,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAQ,cAAc,CAAC;YAC/D,iBAAiB,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAkB,iBAAiB,CAAC;YAC/E,aAAa,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAa,aAAa,CAAC;SACnE,CAAC;QAEF,2EAA2E;QAC3E,+BAA+B;QAC/B,2EAA2E;QAE3E,4CAA4C;QAC5C,MAAM,EAAE,gBAAgB,EAAE,0BAA0B,EAAE,GAAG,cAAc,EAAE,GAAG,QAAQ,CAAC;QAErF,MAAM,CAAC,GAAG,CAAC,uCAAuC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAElE,OAAO;YACL,GAAG,cAAc;YACjB,GAAG,eAAe;YAClB,UAAU;YACV,OAAO;YACP,OAAO;YACP,MAAM;YACN,MAAM;YACN,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB;YAC7C,WAAW;SACZ,CAAC;IACJ,CAAC;CACF;AA7OD,sBA6OC"}
|
|
@@ -25,8 +25,11 @@ export declare class ChangePasswordRequestDTO extends ChangePasswordDTO {
|
|
|
25
25
|
/**
|
|
26
26
|
* User's unique identifier (UUID v4)
|
|
27
27
|
*
|
|
28
|
+
* Optional at controller level - filled from authenticated user's JWT.
|
|
29
|
+
* Validated only when provided (service layer will ensure it's set).
|
|
30
|
+
*
|
|
28
31
|
* Validation:
|
|
29
|
-
* - Must be a valid UUID v4 format
|
|
32
|
+
* - Must be a valid UUID v4 format when provided
|
|
30
33
|
* - Matches DB constraint: char(36) or uuid
|
|
31
34
|
*
|
|
32
35
|
* Sanitization:
|
|
@@ -35,6 +38,6 @@ export declare class ChangePasswordRequestDTO extends ChangePasswordDTO {
|
|
|
35
38
|
*
|
|
36
39
|
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
37
40
|
*/
|
|
38
|
-
sub
|
|
41
|
+
sub?: string;
|
|
39
42
|
}
|
|
40
43
|
//# sourceMappingURL=change-password-request.dto.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"change-password-request.dto.d.ts","sourceRoot":"","sources":["../../src/dto/change-password-request.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE1D;;GAEG;AACH,qBAAa,wBAAyB,SAAQ,iBAAiB;IAC7D
|
|
1
|
+
{"version":3,"file":"change-password-request.dto.d.ts","sourceRoot":"","sources":["../../src/dto/change-password-request.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE1D;;GAEG;AACH,qBAAa,wBAAyB,SAAQ,iBAAiB;IAC7D;;;;;;;;;;;;;;;OAeG;IAUH,GAAG,CAAC,EAAE,MAAM,CAAC;CACd"}
|
|
@@ -39,8 +39,11 @@ class ChangePasswordRequestDTO extends change_password_dto_1.ChangePasswordDTO {
|
|
|
39
39
|
/**
|
|
40
40
|
* User's unique identifier (UUID v4)
|
|
41
41
|
*
|
|
42
|
+
* Optional at controller level - filled from authenticated user's JWT.
|
|
43
|
+
* Validated only when provided (service layer will ensure it's set).
|
|
44
|
+
*
|
|
42
45
|
* Validation:
|
|
43
|
-
* - Must be a valid UUID v4 format
|
|
46
|
+
* - Must be a valid UUID v4 format when provided
|
|
44
47
|
* - Matches DB constraint: char(36) or uuid
|
|
45
48
|
*
|
|
46
49
|
* Sanitization:
|
|
@@ -53,6 +56,7 @@ class ChangePasswordRequestDTO extends change_password_dto_1.ChangePasswordDTO {
|
|
|
53
56
|
}
|
|
54
57
|
exports.ChangePasswordRequestDTO = ChangePasswordRequestDTO;
|
|
55
58
|
__decorate([
|
|
59
|
+
(0, class_validator_1.ValidateIf)((o) => o.sub !== undefined && o.sub !== null && o.sub !== ''),
|
|
56
60
|
(0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
|
|
57
61
|
(0, class_transformer_1.Transform)(({ value }) => {
|
|
58
62
|
if (typeof value === 'string') {
|
|
@@ -60,6 +64,7 @@ __decorate([
|
|
|
60
64
|
}
|
|
61
65
|
return value;
|
|
62
66
|
}),
|
|
67
|
+
(0, class_validator_1.IsOptional)(),
|
|
63
68
|
__metadata("design:type", String)
|
|
64
69
|
], ChangePasswordRequestDTO.prototype, "sub", void 0);
|
|
65
70
|
//# sourceMappingURL=change-password-request.dto.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"change-password-request.dto.js","sourceRoot":"","sources":["../../src/dto/change-password-request.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;GAkBG;;;;;;;;;;;;AAEH,
|
|
1
|
+
{"version":3,"file":"change-password-request.dto.js","sourceRoot":"","sources":["../../src/dto/change-password-request.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;GAkBG;;;;;;;;;;;;AAEH,qDAAiE;AACjE,yDAA8C;AAC9C,+DAA0D;AAE1D;;GAEG;AACH,MAAa,wBAAyB,SAAQ,uCAAiB;IAC7D;;;;;;;;;;;;;;;OAeG;IAUH,GAAG,CAAU;CACd;AA3BD,4DA2BC;AADC;IATC,IAAA,4BAAU,EAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,CAAC,GAAG,KAAK,EAAE,CAAC;IACxE,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IACD,IAAA,4BAAU,GAAE;;qDACA"}
|
|
@@ -21,8 +21,11 @@ export declare class LogoutAllDTO {
|
|
|
21
21
|
/**
|
|
22
22
|
* User's unique identifier (UUID v4)
|
|
23
23
|
*
|
|
24
|
+
* Optional at controller level - filled from authenticated user's JWT.
|
|
25
|
+
* Validated only when provided (service layer will ensure it's set).
|
|
26
|
+
*
|
|
24
27
|
* Validation:
|
|
25
|
-
* - Must be a valid UUID v4 format
|
|
28
|
+
* - Must be a valid UUID v4 format when provided
|
|
26
29
|
* - Matches DB constraint: char(36) or uuid
|
|
27
30
|
*
|
|
28
31
|
* Sanitization:
|
|
@@ -31,7 +34,7 @@ export declare class LogoutAllDTO {
|
|
|
31
34
|
*
|
|
32
35
|
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
33
36
|
*/
|
|
34
|
-
sub
|
|
37
|
+
sub?: string;
|
|
35
38
|
/**
|
|
36
39
|
* Whether to also forget/revoke all trusted devices
|
|
37
40
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout-all.dto.d.ts","sourceRoot":"","sources":["../../src/dto/logout-all.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH;;GAEG;AACH,qBAAa,YAAY;IACvB
|
|
1
|
+
{"version":3,"file":"logout-all.dto.d.ts","sourceRoot":"","sources":["../../src/dto/logout-all.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH;;GAEG;AACH,qBAAa,YAAY;IACvB;;;;;;;;;;;;;;;OAeG;IAUH,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb;;;;;;;;;OASG;IAQH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB"}
|
|
@@ -35,8 +35,11 @@ class LogoutAllDTO {
|
|
|
35
35
|
/**
|
|
36
36
|
* User's unique identifier (UUID v4)
|
|
37
37
|
*
|
|
38
|
+
* Optional at controller level - filled from authenticated user's JWT.
|
|
39
|
+
* Validated only when provided (service layer will ensure it's set).
|
|
40
|
+
*
|
|
38
41
|
* Validation:
|
|
39
|
-
* - Must be a valid UUID v4 format
|
|
42
|
+
* - Must be a valid UUID v4 format when provided
|
|
40
43
|
* - Matches DB constraint: char(36) or uuid
|
|
41
44
|
*
|
|
42
45
|
* Sanitization:
|
|
@@ -60,6 +63,7 @@ class LogoutAllDTO {
|
|
|
60
63
|
}
|
|
61
64
|
exports.LogoutAllDTO = LogoutAllDTO;
|
|
62
65
|
__decorate([
|
|
66
|
+
(0, class_validator_1.ValidateIf)((o) => o.sub !== undefined && o.sub !== null && o.sub !== ''),
|
|
63
67
|
(0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
|
|
64
68
|
(0, class_transformer_1.Transform)(({ value }) => {
|
|
65
69
|
if (typeof value === 'string') {
|
|
@@ -67,6 +71,7 @@ __decorate([
|
|
|
67
71
|
}
|
|
68
72
|
return value;
|
|
69
73
|
}),
|
|
74
|
+
(0, class_validator_1.IsOptional)(),
|
|
70
75
|
__metadata("design:type", String)
|
|
71
76
|
], LogoutAllDTO.prototype, "sub", void 0);
|
|
72
77
|
__decorate([
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout-all.dto.js","sourceRoot":"","sources":["../../src/dto/logout-all.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;;;;;AAEH,
|
|
1
|
+
{"version":3,"file":"logout-all.dto.js","sourceRoot":"","sources":["../../src/dto/logout-all.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;;;;;AAEH,qDAA4E;AAC5E,yDAA8C;AAE9C;;GAEG;AACH,MAAa,YAAY;IACvB;;;;;;;;;;;;;;;OAeG;IAUH,GAAG,CAAU;IAEb;;;;;;;;;OASG;IAQH,aAAa,CAAW;CACzB;AA9CD,oCA8CC;AApBC;IATC,IAAA,4BAAU,EAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,CAAC,GAAG,KAAK,EAAE,CAAC;IACxE,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IACD,IAAA,4BAAU,GAAE;;yCACA;AAmBb;IAPC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,GAAE;IACX,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QACnD,IAAI,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,GAAG;YAAE,OAAO,KAAK,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;mDACsB"}
|
|
@@ -3,6 +3,10 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Used for refreshing access tokens with a valid refresh token.
|
|
5
5
|
*
|
|
6
|
+
* Supports both JSON and cookies token delivery modes:
|
|
7
|
+
* - JSON mode: refreshToken must be provided in request body
|
|
8
|
+
* - Cookies mode: refreshToken is optional in body (read from cookie by controller)
|
|
9
|
+
*
|
|
6
10
|
* Security:
|
|
7
11
|
* - Token length validated (prevents DoS)
|
|
8
12
|
* - JWT tokens can be long, but we validate input length
|
|
@@ -10,23 +14,31 @@
|
|
|
10
14
|
*
|
|
11
15
|
* @example
|
|
12
16
|
* ```typescript
|
|
17
|
+
* // JSON mode
|
|
18
|
+
* POST /auth/refresh
|
|
19
|
+
* { "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." }
|
|
20
|
+
*
|
|
21
|
+
* // Cookies mode
|
|
13
22
|
* POST /auth/refresh
|
|
14
|
-
* {
|
|
15
|
-
* "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
|
|
16
|
-
* }
|
|
23
|
+
* {} // refreshToken read from cookie by controller
|
|
17
24
|
* ```
|
|
18
25
|
*/
|
|
19
26
|
export declare class RefreshTokenDTO {
|
|
20
27
|
/**
|
|
21
28
|
* JWT refresh token
|
|
22
29
|
*
|
|
30
|
+
* Optional to support cookies mode where token is read from cookie.
|
|
31
|
+
* If provided, must be a valid string with min 10 characters.
|
|
32
|
+
*
|
|
23
33
|
* Validation:
|
|
24
|
-
* -
|
|
25
|
-
* -
|
|
26
|
-
* -
|
|
34
|
+
* - Optional (allows cookies mode with empty body)
|
|
35
|
+
* - If provided, must be a string
|
|
36
|
+
* - If provided, min 10 characters (minimum valid JWT length)
|
|
37
|
+
* - If provided, max 2048 characters (prevents DoS, typical JWT is 200-500 chars)
|
|
27
38
|
*
|
|
28
39
|
* Note: Token format and signature validated in service layer
|
|
40
|
+
* Note: Controller fills this from cookies if empty in cookies mode
|
|
29
41
|
*/
|
|
30
|
-
refreshToken
|
|
42
|
+
refreshToken?: string;
|
|
31
43
|
}
|
|
32
44
|
//# sourceMappingURL=refresh-token.dto.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"refresh-token.dto.d.ts","sourceRoot":"","sources":["../../src/dto/refresh-token.dto.ts"],"names":[],"mappings":"AAEA
|
|
1
|
+
{"version":3,"file":"refresh-token.dto.d.ts","sourceRoot":"","sources":["../../src/dto/refresh-token.dto.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,eAAe;IAC1B;;;;;;;;;;;;;;OAcG;IAMH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB"}
|
|
@@ -16,6 +16,10 @@ const class_validator_1 = require("class-validator");
|
|
|
16
16
|
*
|
|
17
17
|
* Used for refreshing access tokens with a valid refresh token.
|
|
18
18
|
*
|
|
19
|
+
* Supports both JSON and cookies token delivery modes:
|
|
20
|
+
* - JSON mode: refreshToken must be provided in request body
|
|
21
|
+
* - Cookies mode: refreshToken is optional in body (read from cookie by controller)
|
|
22
|
+
*
|
|
19
23
|
* Security:
|
|
20
24
|
* - Token length validated (prevents DoS)
|
|
21
25
|
* - JWT tokens can be long, but we validate input length
|
|
@@ -23,30 +27,40 @@ const class_validator_1 = require("class-validator");
|
|
|
23
27
|
*
|
|
24
28
|
* @example
|
|
25
29
|
* ```typescript
|
|
30
|
+
* // JSON mode
|
|
31
|
+
* POST /auth/refresh
|
|
32
|
+
* { "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." }
|
|
33
|
+
*
|
|
34
|
+
* // Cookies mode
|
|
26
35
|
* POST /auth/refresh
|
|
27
|
-
* {
|
|
28
|
-
* "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
|
|
29
|
-
* }
|
|
36
|
+
* {} // refreshToken read from cookie by controller
|
|
30
37
|
* ```
|
|
31
38
|
*/
|
|
32
39
|
class RefreshTokenDTO {
|
|
33
40
|
/**
|
|
34
41
|
* JWT refresh token
|
|
35
42
|
*
|
|
43
|
+
* Optional to support cookies mode where token is read from cookie.
|
|
44
|
+
* If provided, must be a valid string with min 10 characters.
|
|
45
|
+
*
|
|
36
46
|
* Validation:
|
|
37
|
-
* -
|
|
38
|
-
* -
|
|
39
|
-
* -
|
|
47
|
+
* - Optional (allows cookies mode with empty body)
|
|
48
|
+
* - If provided, must be a string
|
|
49
|
+
* - If provided, min 10 characters (minimum valid JWT length)
|
|
50
|
+
* - If provided, max 2048 characters (prevents DoS, typical JWT is 200-500 chars)
|
|
40
51
|
*
|
|
41
52
|
* Note: Token format and signature validated in service layer
|
|
53
|
+
* Note: Controller fills this from cookies if empty in cookies mode
|
|
42
54
|
*/
|
|
43
55
|
refreshToken;
|
|
44
56
|
}
|
|
45
57
|
exports.RefreshTokenDTO = RefreshTokenDTO;
|
|
46
58
|
__decorate([
|
|
59
|
+
(0, class_validator_1.ValidateIf)((o) => o.refreshToken !== undefined && o.refreshToken !== null && o.refreshToken !== ''),
|
|
47
60
|
(0, class_validator_1.IsString)({ message: 'Refresh token must be a string' }),
|
|
48
61
|
(0, class_validator_1.MinLength)(10, { message: 'Refresh token is required' }),
|
|
49
62
|
(0, class_validator_1.MaxLength)(2048, { message: 'Refresh token must not exceed 2048 characters' }),
|
|
63
|
+
(0, class_validator_1.IsOptional)(),
|
|
50
64
|
__metadata("design:type", String)
|
|
51
65
|
], RefreshTokenDTO.prototype, "refreshToken", void 0);
|
|
52
66
|
//# sourceMappingURL=refresh-token.dto.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"refresh-token.dto.js","sourceRoot":"","sources":["../../src/dto/refresh-token.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"refresh-token.dto.js","sourceRoot":"","sources":["../../src/dto/refresh-token.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAyF;AAEzF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAa,eAAe;IAC1B;;;;;;;;;;;;;;OAcG;IAMH,YAAY,CAAU;CACvB;AAtBD,0CAsBC;AADC;IALC,IAAA,4BAAU,EAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,SAAS,IAAI,CAAC,CAAC,YAAY,KAAK,IAAI,IAAI,CAAC,CAAC,YAAY,KAAK,EAAE,CAAC;IACnG,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;IACvD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;IACvD,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC;IAC7E,IAAA,4BAAU,GAAE;;qDACS"}
|
|
@@ -19,8 +19,11 @@ export declare class SetupMFADTO {
|
|
|
19
19
|
/**
|
|
20
20
|
* User's unique identifier (UUID v4)
|
|
21
21
|
*
|
|
22
|
+
* Optional at controller level - filled from authenticated user's JWT.
|
|
23
|
+
* Validated only when provided (service layer will ensure it's set).
|
|
24
|
+
*
|
|
22
25
|
* Validation:
|
|
23
|
-
* - Must be a valid UUID v4 format
|
|
26
|
+
* - Must be a valid UUID v4 format when provided
|
|
24
27
|
* - Matches DB constraint: char(36) or uuid
|
|
25
28
|
*
|
|
26
29
|
* Sanitization:
|
|
@@ -29,7 +32,7 @@ export declare class SetupMFADTO {
|
|
|
29
32
|
*
|
|
30
33
|
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
31
34
|
*/
|
|
32
|
-
sub
|
|
35
|
+
sub?: string;
|
|
33
36
|
/**
|
|
34
37
|
* MFA method name
|
|
35
38
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"setup-mfa.dto.d.ts","sourceRoot":"","sources":["../../src/dto/setup-mfa.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAMH;;GAEG;AACH,qBAAa,WAAW;IACtB
|
|
1
|
+
{"version":3,"file":"setup-mfa.dto.d.ts","sourceRoot":"","sources":["../../src/dto/setup-mfa.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAMH;;GAEG;AACH,qBAAa,WAAW;IACtB;;;;;;;;;;;;;;;OAeG;IAUH,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb;;;;;;;;;;;OAWG;IAYH,UAAU,EAAG,MAAM,CAAC;IAEpB;;;;;;;;OAQG;IAGH,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED;;GAEG;AACH,qBAAa,mBAAmB;IAC9B;;;;;;;OAOG;IACH,SAAS,EAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC"}
|
|
@@ -34,8 +34,11 @@ class SetupMFADTO {
|
|
|
34
34
|
/**
|
|
35
35
|
* User's unique identifier (UUID v4)
|
|
36
36
|
*
|
|
37
|
+
* Optional at controller level - filled from authenticated user's JWT.
|
|
38
|
+
* Validated only when provided (service layer will ensure it's set).
|
|
39
|
+
*
|
|
37
40
|
* Validation:
|
|
38
|
-
* - Must be a valid UUID v4 format
|
|
41
|
+
* - Must be a valid UUID v4 format when provided
|
|
39
42
|
* - Matches DB constraint: char(36) or uuid
|
|
40
43
|
*
|
|
41
44
|
* Sanitization:
|
|
@@ -71,6 +74,7 @@ class SetupMFADTO {
|
|
|
71
74
|
}
|
|
72
75
|
exports.SetupMFADTO = SetupMFADTO;
|
|
73
76
|
__decorate([
|
|
77
|
+
(0, class_validator_1.ValidateIf)((o) => o.sub !== undefined && o.sub !== null && o.sub !== ''),
|
|
74
78
|
(0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
|
|
75
79
|
(0, class_transformer_1.Transform)(({ value }) => {
|
|
76
80
|
if (typeof value === 'string') {
|
|
@@ -78,6 +82,7 @@ __decorate([
|
|
|
78
82
|
}
|
|
79
83
|
return value;
|
|
80
84
|
}),
|
|
85
|
+
(0, class_validator_1.IsOptional)(),
|
|
81
86
|
__metadata("design:type", String)
|
|
82
87
|
], SetupMFADTO.prototype, "sub", void 0);
|
|
83
88
|
__decorate([
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"setup-mfa.dto.js","sourceRoot":"","sources":["../../src/dto/setup-mfa.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;;;;;;;;;;AAEH,
|
|
1
|
+
{"version":3,"file":"setup-mfa.dto.js","sourceRoot":"","sources":["../../src/dto/setup-mfa.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;;;;;;;;;;AAEH,qDAAwG;AACxG,yDAA8C;AAC9C,8DAAqD;AAErD;;GAEG;AACH,MAAa,WAAW;IACtB;;;;;;;;;;;;;;;OAeG;IAUH,GAAG,CAAU;IAEb;;;;;;;;;;;OAWG;IAYH,UAAU,CAAU;IAEpB;;;;;;;;OAQG;IAGH,SAAS,CAA2B;CACrC;AAjED,kCAiEC;AAvCC;IATC,IAAA,4BAAU,EAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,CAAC,GAAG,KAAK,EAAE,CAAC;IACxE,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IACD,IAAA,4BAAU,GAAE;;wCACA;AAyBb;IAXC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;IACrD,IAAA,wBAAM,EAAC,CAAC,2BAAS,CAAC,IAAI,EAAE,2BAAS,CAAC,GAAG,EAAE,2BAAS,CAAC,KAAK,EAAE,2BAAS,CAAC,OAAO,CAAC,EAAE;QAC3E,OAAO,EAAE,uDAAuD;KACjE,CAAC;IACD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACvE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;+CACkB;AAapB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;;8CAClB;AAGtC;;GAEG;AACH,MAAa,mBAAmB;IAC9B;;;;;;;OAOG;IACH,SAAS,CAA2B;CACrC;AAVD,kDAUC"}
|
|
@@ -26,8 +26,11 @@ export declare class UpdateUserAttributesRequestDTO extends UserUpdateDTO {
|
|
|
26
26
|
/**
|
|
27
27
|
* User's unique identifier (UUID v4)
|
|
28
28
|
*
|
|
29
|
+
* Optional at controller level - filled from authenticated user's JWT.
|
|
30
|
+
* Validated only when provided (service layer will ensure it's set).
|
|
31
|
+
*
|
|
29
32
|
* Validation:
|
|
30
|
-
* - Must be a valid UUID v4 format
|
|
33
|
+
* - Must be a valid UUID v4 format when provided
|
|
31
34
|
* - Matches DB constraint: char(36) or uuid
|
|
32
35
|
*
|
|
33
36
|
* Sanitization:
|
|
@@ -36,6 +39,6 @@ export declare class UpdateUserAttributesRequestDTO extends UserUpdateDTO {
|
|
|
36
39
|
*
|
|
37
40
|
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
38
41
|
*/
|
|
39
|
-
sub
|
|
42
|
+
sub?: string;
|
|
40
43
|
}
|
|
41
44
|
//# sourceMappingURL=update-user-attributes-request.dto.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"update-user-attributes-request.dto.d.ts","sourceRoot":"","sources":["../../src/dto/update-user-attributes-request.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAIH,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD;;GAEG;AACH,qBAAa,8BAA+B,SAAQ,aAAa;IAC/D
|
|
1
|
+
{"version":3,"file":"update-user-attributes-request.dto.d.ts","sourceRoot":"","sources":["../../src/dto/update-user-attributes-request.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAIH,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD;;GAEG;AACH,qBAAa,8BAA+B,SAAQ,aAAa;IAC/D;;;;;;;;;;;;;;;OAeG;IAUH,GAAG,CAAC,EAAE,MAAM,CAAC;CACd"}
|
|
@@ -40,8 +40,11 @@ class UpdateUserAttributesRequestDTO extends user_update_dto_1.UserUpdateDTO {
|
|
|
40
40
|
/**
|
|
41
41
|
* User's unique identifier (UUID v4)
|
|
42
42
|
*
|
|
43
|
+
* Optional at controller level - filled from authenticated user's JWT.
|
|
44
|
+
* Validated only when provided (service layer will ensure it's set).
|
|
45
|
+
*
|
|
43
46
|
* Validation:
|
|
44
|
-
* - Must be a valid UUID v4 format
|
|
47
|
+
* - Must be a valid UUID v4 format when provided
|
|
45
48
|
* - Matches DB constraint: char(36) or uuid
|
|
46
49
|
*
|
|
47
50
|
* Sanitization:
|
|
@@ -54,6 +57,7 @@ class UpdateUserAttributesRequestDTO extends user_update_dto_1.UserUpdateDTO {
|
|
|
54
57
|
}
|
|
55
58
|
exports.UpdateUserAttributesRequestDTO = UpdateUserAttributesRequestDTO;
|
|
56
59
|
__decorate([
|
|
60
|
+
(0, class_validator_1.ValidateIf)((o) => o.sub !== undefined && o.sub !== null && o.sub !== ''),
|
|
57
61
|
(0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
|
|
58
62
|
(0, class_transformer_1.Transform)(({ value }) => {
|
|
59
63
|
if (typeof value === 'string') {
|
|
@@ -61,6 +65,7 @@ __decorate([
|
|
|
61
65
|
}
|
|
62
66
|
return value;
|
|
63
67
|
}),
|
|
68
|
+
(0, class_validator_1.IsOptional)(),
|
|
64
69
|
__metadata("design:type", String)
|
|
65
70
|
], UpdateUserAttributesRequestDTO.prototype, "sub", void 0);
|
|
66
71
|
//# sourceMappingURL=update-user-attributes-request.dto.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"update-user-attributes-request.dto.js","sourceRoot":"","sources":["../../src/dto/update-user-attributes-request.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;;;;;;;;;;;AAEH,
|
|
1
|
+
{"version":3,"file":"update-user-attributes-request.dto.js","sourceRoot":"","sources":["../../src/dto/update-user-attributes-request.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;;;;;;;;;;;AAEH,qDAAiE;AACjE,yDAA8C;AAC9C,uDAAkD;AAElD;;GAEG;AACH,MAAa,8BAA+B,SAAQ,+BAAa;IAC/D;;;;;;;;;;;;;;;OAeG;IAUH,GAAG,CAAU;CACd;AA3BD,wEA2BC;AADC;IATC,IAAA,4BAAU,EAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,CAAC,GAAG,KAAK,EAAE,CAAC;IACxE,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IACD,IAAA,4BAAU,GAAE;;2DACA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csrf.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,WAAW,EAAiC,WAAW,EAAE,MAAM,UAAU,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAKrE;;;;GAIG;AACH,qBAAa,WAAW;IAEpB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAFP,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,WAAW,EACnB,MAAM,CAAC,EAAE,WAAW,YAAA;IAGvC;;;;OAIG;IACU,MAAM,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"csrf.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,WAAW,EAAiC,WAAW,EAAE,MAAM,UAAU,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAKrE;;;;GAIG;AACH,qBAAa,WAAW;IAEpB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAFP,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,WAAW,EACnB,MAAM,CAAC,EAAE,WAAW,YAAA;IAGvC;;;;OAIG;IACU,MAAM,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IA8C3G;;OAEG;YACW,sBAAsB;IAsCpC;;;;;OAKG;YACW,aAAa;CA0C5B"}
|
|
@@ -16,7 +16,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
16
16
|
exports.CsrfHandler = void 0;
|
|
17
17
|
const index_1 = require("../index");
|
|
18
18
|
/** HTTP methods that don't require CSRF validation */
|
|
19
|
-
const SAFE_METHODS = ['GET', 'HEAD'
|
|
19
|
+
const SAFE_METHODS = ['GET', 'HEAD'];
|
|
20
20
|
/**
|
|
21
21
|
* CsrfHandler
|
|
22
22
|
*
|
|
@@ -43,6 +43,17 @@ class CsrfHandler {
|
|
|
43
43
|
await next();
|
|
44
44
|
return;
|
|
45
45
|
}
|
|
46
|
+
// ============================================================================
|
|
47
|
+
// IMPORTANT: Never generate CSRF cookies on CORS preflight (OPTIONS)
|
|
48
|
+
// ============================================================================
|
|
49
|
+
// Browsers typically do NOT include cookies on preflight requests.
|
|
50
|
+
// If we generated a CSRF cookie here, we'd rotate the token between the time
|
|
51
|
+
// the client reads document.cookie (to set the header) and the actual request
|
|
52
|
+
// is sent, causing intermittent CSRF mismatches.
|
|
53
|
+
if (req.method === 'OPTIONS') {
|
|
54
|
+
await next();
|
|
55
|
+
return;
|
|
56
|
+
}
|
|
46
57
|
// Safe methods: Generate token if missing
|
|
47
58
|
if (SAFE_METHODS.includes(req.method)) {
|
|
48
59
|
await this.generateTokenIfMissing(req, res);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csrf.handler.js","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAEH,oCAAmF;AAInF,sDAAsD;AACtD,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"csrf.handler.js","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAEH,oCAAmF;AAInF,sDAAsD;AACtD,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AAErC;;;;GAIG;AACH,MAAa,WAAW;IAEH;IACA;IACA;IAHnB,YACmB,WAAwB,EACxB,MAAmB,EACnB,MAAoB;QAFpB,gBAAW,GAAX,WAAW,CAAa;QACxB,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAc;IACpC,CAAC;IAEJ;;;;OAIG;IACI,KAAK,CAAC,MAAM,CAAC,GAAiB,EAAE,GAAkB,EAAE,IAAgC;QACzF,kDAAkD;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,IAAI,MAAM,CAAC;QAC3D,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,+EAA+E;QAC/E,qEAAqE;QACrE,+EAA+E;QAC/E,mEAAmE;QACnE,6EAA6E;QAC7E,8EAA8E;QAC9E,iDAAiD;QACjD,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,0CAA0C;QAC1C,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC5C,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,yCAAyC;QACzC,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC/B,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,sBAAsB;QACtB,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,aAAa,IAAI,EAAE,CAAC;QACtE,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,mEAAmE;QACnE,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAE9B,MAAM,IAAI,EAAE,CAAC;IACf,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAAC,GAAiB,EAAE,GAAkB;QACxE,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,aAAa,EAAE,CAAC;YAClB,+CAA+C;YAC/C,OAAO,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;YACrC,OAAO;QACT,CAAC;QAED,qBAAqB;QACrB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAE/C,wEAAwE;QACxE,iEAAiE;QACjE,MAAM,iBAAiB,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC;QAE9D,uBAAuB;QACvB,MAAM,aAAa,GAAG;YACpB,gFAAgF;YAChF,0FAA0F;YAC1F,QAAQ,EAAE,iBAAiB,CAAC,QAAQ,IAAI,KAAK;YAC7C,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM,IAAI,IAAI;YAChE,QAAQ,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,QAAQ,IAAI,QAAQ,CAA8B;YACvG,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM;YACxD,IAAI,EAAE,GAAG;YACT,GAAG,iBAAiB;SACrB,CAAC;QAEF,aAAa;QACb,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC;QAEhD,kEAAkE;QAClE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,EAAE,KAAK,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,8BAA8B,CAAC,CAAC;IACvD,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,aAAa,CAAC,GAAiB;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAEpD,gCAAgC;QAChC,IAAI,gBAAgB,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,gBAAgB,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YAClC,2BAA2B;YAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,IAA+B,CAAC;YACjD,gBAAgB,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,CAAuB,CAAC;QACpG,CAAC;QAED,wBAAwB;QACxB,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE5C,iCAAiC;QACjC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAChD,qBAAa,CAAC,kBAAkB,EAChC,gCAAgC,UAAU,0DAA0D,UAAU,UAAU,CACzH,CAAC;YACF,OAAO;QACT,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAChD,qBAAa,CAAC,kBAAkB,EAChC,kEAAkE,CACnE,CAAC;YACF,OAAO;QACT,CAAC;QAED,yBAAyB;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,WAAW,CAAC,CAAC;QAEtF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAAC,qBAAa,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;YAC7G,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,mCAAmC,CAAC,CAAC;IAC5D,CAAC;CACF;AAnJD,kCAmJC"}
|