@nauth-toolkit/core 0.2.7 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bootstrap.d.ts +3 -0
- package/dist/bootstrap.d.ts.map +1 -1
- package/dist/bootstrap.js +63 -0
- package/dist/bootstrap.js.map +1 -1
- package/dist/dto/admin-api-key.dto.d.ts +69 -0
- package/dist/dto/admin-api-key.dto.d.ts.map +1 -0
- package/dist/dto/admin-api-key.dto.js +144 -0
- package/dist/dto/admin-api-key.dto.js.map +1 -0
- package/dist/dto/admin-signup-social.dto.d.ts +1 -1
- package/dist/dto/admin-signup-social.dto.js +1 -1
- package/dist/dto/admin-signup.dto.d.ts +1 -1
- package/dist/dto/admin-signup.dto.js +1 -1
- package/dist/dto/api-key.dto.d.ts +132 -0
- package/dist/dto/api-key.dto.d.ts.map +1 -0
- package/dist/dto/api-key.dto.js +198 -0
- package/dist/dto/api-key.dto.js.map +1 -0
- package/dist/dto/change-password.dto.d.ts +2 -2
- package/dist/dto/change-password.dto.js +2 -2
- package/dist/dto/index.d.ts +2 -0
- package/dist/dto/index.d.ts.map +1 -1
- package/dist/dto/index.js +3 -0
- package/dist/dto/index.js.map +1 -1
- package/dist/dto/reset-password.dto.d.ts +1 -1
- package/dist/dto/reset-password.dto.js +1 -1
- package/dist/dto/respond-challenge.dto.d.ts +1 -1
- package/dist/dto/respond-challenge.dto.js +1 -1
- package/dist/dto/signup.dto.d.ts +1 -1
- package/dist/dto/signup.dto.js +1 -1
- package/dist/entities/api-key.entity.d.ts +135 -0
- package/dist/entities/api-key.entity.d.ts.map +1 -0
- package/dist/entities/api-key.entity.js +149 -0
- package/dist/entities/api-key.entity.js.map +1 -0
- package/dist/entities/index.d.ts +1 -0
- package/dist/entities/index.d.ts.map +1 -1
- package/dist/entities/index.js +3 -1
- package/dist/entities/index.js.map +1 -1
- package/dist/enums/auth-audit-event-type.enum.d.ts +25 -1
- package/dist/enums/auth-audit-event-type.enum.d.ts.map +1 -1
- package/dist/enums/auth-audit-event-type.enum.js +27 -0
- package/dist/enums/auth-audit-event-type.enum.js.map +1 -1
- package/dist/enums/error-codes.enum.d.ts +56 -1
- package/dist/enums/error-codes.enum.d.ts.map +1 -1
- package/dist/enums/error-codes.enum.js +58 -0
- package/dist/enums/error-codes.enum.js.map +1 -1
- package/dist/exceptions/nauth.exception.d.ts.map +1 -1
- package/dist/exceptions/nauth.exception.js +13 -0
- package/dist/exceptions/nauth.exception.js.map +1 -1
- package/dist/handlers/api-key.handler.d.ts +45 -0
- package/dist/handlers/api-key.handler.d.ts.map +1 -0
- package/dist/handlers/api-key.handler.js +99 -0
- package/dist/handlers/api-key.handler.js.map +1 -0
- package/dist/handlers/auth.handler.d.ts.map +1 -1
- package/dist/handlers/auth.handler.js +6 -0
- package/dist/handlers/auth.handler.js.map +1 -1
- package/dist/index.d.ts +7 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -1
- package/dist/index.js.map +1 -1
- package/dist/interfaces/config.interface.d.ts +162 -0
- package/dist/interfaces/config.interface.d.ts.map +1 -1
- package/dist/internal.d.ts +7 -0
- package/dist/internal.d.ts.map +1 -1
- package/dist/internal.js +8 -1
- package/dist/internal.js.map +1 -1
- package/dist/openapi/components.schemas.json +284 -7
- package/dist/platform/interfaces.d.ts +8 -0
- package/dist/platform/interfaces.d.ts.map +1 -1
- package/dist/schemas/auth-config.schema.d.ts +211 -0
- package/dist/schemas/auth-config.schema.d.ts.map +1 -1
- package/dist/schemas/auth-config.schema.js +33 -1
- package/dist/schemas/auth-config.schema.js.map +1 -1
- package/dist/services/admin-auth.service.d.ts +59 -1
- package/dist/services/admin-auth.service.d.ts.map +1 -1
- package/dist/services/admin-auth.service.js +99 -1
- package/dist/services/admin-auth.service.js.map +1 -1
- package/dist/services/api-key.service.d.ts +152 -0
- package/dist/services/api-key.service.d.ts.map +1 -0
- package/dist/services/api-key.service.js +378 -0
- package/dist/services/api-key.service.js.map +1 -0
- package/dist/services/telemetry.service.d.ts +154 -0
- package/dist/services/telemetry.service.d.ts.map +1 -0
- package/dist/services/telemetry.service.js +345 -0
- package/dist/services/telemetry.service.js.map +1 -0
- package/dist/utils/get-package-version.d.ts +15 -0
- package/dist/utils/get-package-version.d.ts.map +1 -0
- package/dist/utils/get-package-version.js +84 -0
- package/dist/utils/get-package-version.js.map +1 -0
- package/dist/utils/index.d.ts +1 -0
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +1 -0
- package/dist/utils/index.js.map +1 -1
- package/dist/utils/ip-match.d.ts +44 -0
- package/dist/utils/ip-match.d.ts.map +1 -0
- package/dist/utils/ip-match.js +135 -0
- package/dist/utils/ip-match.js.map +1 -0
- package/dist/utils/setup/get-repositories.d.ts +2 -1
- package/dist/utils/setup/get-repositories.d.ts.map +1 -1
- package/dist/utils/setup/get-repositories.js +2 -0
- package/dist/utils/setup/get-repositories.js.map +1 -1
- package/dist/utils/setup/init-services.d.ts +4 -2
- package/dist/utils/setup/init-services.d.ts.map +1 -1
- package/dist/utils/setup/init-services.js +8 -1
- package/dist/utils/setup/init-services.js.map +1 -1
- package/package.json +2 -2
package/dist/bootstrap.d.ts
CHANGED
|
@@ -31,6 +31,7 @@ import { NAuthConfig } from './interfaces/config.interface';
|
|
|
31
31
|
import { NAuthLogger } from './utils/nauth-logger';
|
|
32
32
|
import { NAuthAdapter } from './platform/interfaces';
|
|
33
33
|
import { CsrfService } from './services/csrf.service';
|
|
34
|
+
import { TelemetryService } from './services/telemetry.service';
|
|
34
35
|
import { NAuthServices } from './utils/setup/init-services';
|
|
35
36
|
import { NAuthSocialProviders } from './utils/setup/init-social';
|
|
36
37
|
import { ClientInfo } from './interfaces/client-info.interface';
|
|
@@ -103,6 +104,8 @@ export interface NAuthInstance<TMiddleware = unknown, THelper = unknown> extends
|
|
|
103
104
|
csrfService?: CsrfService;
|
|
104
105
|
/** Social OAuth redirect handler — start, callback, and exchange flows */
|
|
105
106
|
socialRedirect?: SocialRedirectHandler;
|
|
107
|
+
/** Anonymous usage telemetry (opt-out) — see https://nauth.dev/docs/concepts/telemetry */
|
|
108
|
+
telemetryService?: TelemetryService;
|
|
106
109
|
}
|
|
107
110
|
/**
|
|
108
111
|
* NAuth Bootstrap
|
package/dist/bootstrap.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAGnD,OAAO,EAAE,YAAY,EAA+B,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAGnD,OAAO,EAAE,YAAY,EAA+B,MAAM,uBAAuB,CAAC;AAUlF,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAKhE,OAAO,EAAgB,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE1E,OAAO,EAAkB,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAGjF,OAAO,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC;AAChE,OAAO,EAAE,KAAK,EAAE,MAAM,iCAAiC,CAAC;AAExD,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAM3E;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,0BAA0B;IAC1B,MAAM,EAAE,WAAW,CAAC;IAEpB,yBAAyB;IACzB,UAAU,EAAE,UAAU,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,YAAY,CAAC;CACxB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,aAAa,CAAC,WAAW,GAAG,OAAO,EAAE,OAAO,GAAG,OAAO,CACrE,SAAQ,IAAI,CAAC,aAAa,EAAE,kBAAkB,GAAG,4BAA4B,CAAC,EAAE,oBAAoB;IACpG,0CAA0C;IAC1C,UAAU,EAAE;QACV,6CAA6C;QAC7C,UAAU,EAAE,WAAW,CAAC;QACxB,yBAAyB;QACzB,IAAI,EAAE,WAAW,CAAC;QAClB,sBAAsB;QACtB,IAAI,EAAE,WAAW,CAAC;QAClB,4CAA4C;QAC5C,aAAa,EAAE,WAAW,CAAC;KAC5B,CAAC;IAEF,oBAAoB;IACpB,OAAO,EAAE;QACP,2CAA2C;QAC3C,MAAM,EAAE,MAAM,OAAO,CAAC;QACtB,yDAAyD;QACzD,WAAW,EAAE,CAAC,OAAO,CAAC,EAAE;YAAE,IAAI,CAAC,EAAE,OAAO,CAAA;SAAE,KAAK,OAAO,CAAC;QACvD,qCAAqC;QACrC,YAAY,EAAE,MAAM,OAAO,CAAC;QAC5B,mCAAmC;QACnC,aAAa,EAAE,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,KAAK,OAAO,CAAC;QACrD,+CAA+C;QAC/C,aAAa,EAAE,MAAM,OAAO,CAAC;QAC7B,kDAAkD;QAClD,gBAAgB,EAAE,MAAM,OAAO,CAAC;QAChC,qCAAqC;QACrC,cAAc,EAAE,MAAM,KAAK,GAAG,SAAS,CAAC;QACxC,6BAA6B;QAC7B,iBAAiB,EAAE,MAAM,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;QACrD,sBAAsB;QACtB,aAAa,EAAE,MAAM,UAAU,GAAG,SAAS,CAAC;KAC7C,CAAC;IAEF,6BAA6B;IAC7B,OAAO,EAAE,YAAY,CAAC;IAEtB,oBAAoB;IACpB,MAAM,EAAE,WAAW,CAAC;IAEpB,sBAAsB;IACtB,MAAM,EAAE,WAAW,CAAC;IAEpB,gCAAgC;IAChC,WAAW,CAAC,EAAE,WAAW,CAAC;IAE1B,0EAA0E;IAC1E,cAAc,CAAC,EAAE,qBAAqB,CAAC;IAEvC,0FAA0F;IAC1F,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC;AAMD;;;;GAIG;AACH,qBAAa,KAAK;IAChB;;;;;;;;;;;;;;OAcG;WACU,MAAM,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;CAsZnE"}
|
package/dist/bootstrap.js
CHANGED
|
@@ -37,9 +37,11 @@ const context_storage_1 = require("./utils/context-storage");
|
|
|
37
37
|
// Handlers
|
|
38
38
|
const client_info_handler_1 = require("./handlers/client-info.handler");
|
|
39
39
|
const auth_handler_1 = require("./handlers/auth.handler");
|
|
40
|
+
const api_key_handler_1 = require("./handlers/api-key.handler");
|
|
40
41
|
const token_delivery_handler_1 = require("./handlers/token-delivery.handler");
|
|
41
42
|
const csrf_handler_1 = require("./handlers/csrf.handler");
|
|
42
43
|
const csrf_service_1 = require("./services/csrf.service");
|
|
44
|
+
const telemetry_service_1 = require("./services/telemetry.service");
|
|
43
45
|
// Setup Helpers
|
|
44
46
|
const get_repositories_1 = require("./utils/setup/get-repositories");
|
|
45
47
|
const init_storage_1 = require("./utils/setup/init-storage");
|
|
@@ -158,6 +160,10 @@ class NAuth {
|
|
|
158
160
|
// ========================================================================
|
|
159
161
|
const clientInfoHandler = new client_info_handler_1.ClientInfoHandler(services.clientInfoService, config, services.geoLocationService, logger);
|
|
160
162
|
const authHandler = new auth_handler_1.AuthHandler(services.jwtService, services.sessionService, services.authService, config, logger);
|
|
163
|
+
// API key handler (only when the feature is enabled and the service is available)
|
|
164
|
+
const apiKeyHandler = config.apiKeys?.enabled && services.apiKeyService
|
|
165
|
+
? new api_key_handler_1.ApiKeyHandler(services.apiKeyService, services.authService, config, logger)
|
|
166
|
+
: null;
|
|
161
167
|
const tokenDeliveryHandler = new token_delivery_handler_1.TokenDeliveryHandler(config, logger);
|
|
162
168
|
// CSRF service (only for cookies/hybrid delivery)
|
|
163
169
|
const csrfService = config.tokenDelivery?.method === 'cookies' || config.tokenDelivery?.method === 'hybrid'
|
|
@@ -172,6 +178,13 @@ class NAuth {
|
|
|
172
178
|
clientInfo: adapter.registerMiddleware('clientInfo', clientInfoHandler.handle.bind(clientInfoHandler), {
|
|
173
179
|
initializesContext: true,
|
|
174
180
|
}),
|
|
181
|
+
// API key handler - MUST run before the JWT auth handler. When an API key is present it
|
|
182
|
+
// is the only credential considered; a valid key makes the auth handler skip cookie/bearer.
|
|
183
|
+
apiKey: apiKeyHandler
|
|
184
|
+
? adapter.registerMiddleware('apiKey', apiKeyHandler.handle.bind(apiKeyHandler))
|
|
185
|
+
: adapter.registerMiddleware('noop', async (_req, _res, next) => {
|
|
186
|
+
await next();
|
|
187
|
+
}),
|
|
175
188
|
// Auth handler
|
|
176
189
|
auth: adapter.registerMiddleware('auth', authHandler.handle.bind(authHandler)),
|
|
177
190
|
// CSRF handler (no-op if disabled)
|
|
@@ -214,6 +227,22 @@ class NAuth {
|
|
|
214
227
|
});
|
|
215
228
|
return;
|
|
216
229
|
}
|
|
230
|
+
// API-key route opt-in enforcement (deny-wins, least privilege):
|
|
231
|
+
// a key-authenticated request is only allowed on routes explicitly opted-in via
|
|
232
|
+
// allowApiKey() (or globalAllowlist), and never on routes opted-out via denyApiKey().
|
|
233
|
+
if (req.attributes.nauthApiKeyAuth) {
|
|
234
|
+
const allowed = req.attributes.nauthDenyApiKey !== true &&
|
|
235
|
+
(req.attributes.nauthAllowApiKey === true || config.apiKeys?.globalAllowlist === true);
|
|
236
|
+
if (!allowed) {
|
|
237
|
+
res.status(403).json({
|
|
238
|
+
statusCode: 403,
|
|
239
|
+
error: 'Forbidden',
|
|
240
|
+
message: 'API key authentication is not allowed for this route',
|
|
241
|
+
code: error_codes_enum_1.AuthErrorCode.FORBIDDEN,
|
|
242
|
+
});
|
|
243
|
+
return;
|
|
244
|
+
}
|
|
245
|
+
}
|
|
217
246
|
return next();
|
|
218
247
|
}),
|
|
219
248
|
/**
|
|
@@ -282,6 +311,31 @@ class NAuth {
|
|
|
282
311
|
req.attributes.nauthRequireRecaptcha = true;
|
|
283
312
|
return next();
|
|
284
313
|
}),
|
|
314
|
+
/**
|
|
315
|
+
* Allow API-key authentication for this route (opt-in).
|
|
316
|
+
*
|
|
317
|
+
* With the default opt-in policy, API keys only authenticate on routes marked with this
|
|
318
|
+
* helper. Enforced by `requireAuth()`.
|
|
319
|
+
*
|
|
320
|
+
* @example
|
|
321
|
+
* ```typescript
|
|
322
|
+
* app.get('/api/data', nauth.helpers.allowApiKey(), nauth.helpers.requireAuth(), handler);
|
|
323
|
+
* ```
|
|
324
|
+
*/
|
|
325
|
+
allowApiKey: () => adapter.registerMiddleware('allowApiKey', (req, _res, next) => {
|
|
326
|
+
req.attributes.nauthAllowApiKey = true;
|
|
327
|
+
return next();
|
|
328
|
+
}),
|
|
329
|
+
/**
|
|
330
|
+
* Deny API-key authentication for this route (takes precedence over allow / globalAllowlist).
|
|
331
|
+
*
|
|
332
|
+
* Use to exclude a sensitive route even when keys are enabled globally or on a controller.
|
|
333
|
+
* Enforced by `requireAuth()`.
|
|
334
|
+
*/
|
|
335
|
+
denyApiKey: () => adapter.registerMiddleware('denyApiKey', (req, _res, next) => {
|
|
336
|
+
req.attributes.nauthDenyApiKey = true;
|
|
337
|
+
return next();
|
|
338
|
+
}),
|
|
285
339
|
// Context helpers (read from ContextStorage)
|
|
286
340
|
getCurrentUser: () => context_storage_1.ContextStorage.get('CURRENT_USER'),
|
|
287
341
|
getCurrentSession: () => context_storage_1.ContextStorage.get('CURRENT_SESSION'),
|
|
@@ -293,6 +347,14 @@ class NAuth {
|
|
|
293
347
|
// Exclude internal services from public API
|
|
294
348
|
const { challengeService, authChallengeHelperService, ...publicServices } = services;
|
|
295
349
|
logger.log(`NAuth initialized successfully with ${adapter.name}`);
|
|
350
|
+
// Anonymous usage telemetry (opt-out). Deferred via setImmediate so
|
|
351
|
+
// NAuth.create() gains no awaits; all telemetry work is fire-and-forget
|
|
352
|
+
// off the startup path and never touches a request path.
|
|
353
|
+
const telemetryService = new telemetry_service_1.TelemetryService(config, storage, logger, adapter.name.replace(/Adapter$/i, '').toLowerCase(), services.mfaService, services.socialProviderRegistry);
|
|
354
|
+
setImmediate(() => {
|
|
355
|
+
telemetryService.sendBootPing();
|
|
356
|
+
telemetryService.startHeartbeat();
|
|
357
|
+
});
|
|
296
358
|
return {
|
|
297
359
|
...publicServices,
|
|
298
360
|
...socialProviders,
|
|
@@ -304,6 +366,7 @@ class NAuth {
|
|
|
304
366
|
socialAuthService: services.socialAuthService,
|
|
305
367
|
csrfService,
|
|
306
368
|
socialRedirect: socialRedirectHandler,
|
|
369
|
+
telemetryService,
|
|
307
370
|
};
|
|
308
371
|
}
|
|
309
372
|
}
|
package/dist/bootstrap.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;;AAIH,uDAAmD;AACnD,kEAA8D;AAC9D,+DAAyD;AAEzD,gEAA4D;AAC5D,6DAAyD;AAEzD,WAAW;AACX,wEAAmE;AACnE,0DAAsD;AACtD,8EAAyE;AACzE,0DAAsD;AACtD,0DAAsD;
|
|
1
|
+
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;;AAIH,uDAAmD;AACnD,kEAA8D;AAC9D,+DAAyD;AAEzD,gEAA4D;AAC5D,6DAAyD;AAEzD,WAAW;AACX,wEAAmE;AACnE,0DAAsD;AACtD,gEAA2D;AAC3D,8EAAyE;AACzE,0DAAsD;AACtD,0DAAsD;AACtD,oEAAgE;AAEhE,gBAAgB;AAChB,qEAAiE;AACjE,6DAAyD;AACzD,+DAA0E;AAC1E,6DAAkE;AAClE,2DAAiF;AACjF,6EAAiF;AACjF,yCAAiF;AAGjF,gGAAkF;AAClF,gFAA2E;AAsF3E,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;;GAIG;AACH,MAAa,KAAK;IAChB;;;;;;;;;;;;;;OAcG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAqB;QACvC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;QACvC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,gCAAc,EAAE,CAAC;QAExD,MAAM,MAAM,GAAG,IAAI,0BAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC9C,MAAM,CAAC,GAAG,CAAC,2BAA2B,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC;QAEzD,2EAA2E;QAC3E,2EAA2E;QAC3E,2EAA2E;QAC3E,MAAM,IAAA,kDAA2B,EAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QAE9D,2EAA2E;QAC3E,uCAAuC;QACvC,2EAA2E;QAC3E,MAAM,KAAK,GAAG,IAAA,kCAAe,EAAC,UAAU,CAAC,CAAC;QAE1C,MAAM,OAAO,GAAG,MAAM,IAAA,0BAAW,EAAC,MAAM,EAAE,KAAK,CAAC,mBAAmB,EAAE,KAAK,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAE1G,2EAA2E;QAC3E,yBAAyB;QACzB,2EAA2E;QAC3E,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACvC,MAAM,QAAQ,GAAkB,IAAA,4BAAY,EAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;QAEzG,2EAA2E;QAC3E,wCAAwC;QACxC,2EAA2E;QAC3E,MAAM,cAAc,GAAG,IAAI,iCAAsB,CAC/C,QAAQ,CAAC,oBAAoB,EAC7B,QAAQ,CAAC,0BAA0B,EACnC,QAAQ,CAAC,iBAAiB,EAC1B,MAAM,CACP,CAAC;QACF,MAAM,YAAY,GAAG,IAAI,sCAA2B,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAE7E,IAAI,QAAQ,CAAC,0BAA0B,EAAE,CAAC;YACvC,QAAQ,CAAC,0BAAiE,CAAC,YAAY,GAAG,YAAY,CAAC;YACvG,QAAQ,CAAC,0BAAiE,CAAC,cAAc,GAAG,cAAc,CAAC;QAC9G,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,gCAAc,CAAC,gCAAa,CAAC,cAAc,EAAE,6CAA6C,CAAC,CAAC;QACxG,CAAC;QAED,2EAA2E;QAC3E,qCAAqC;QACrC,2EAA2E;QAC3E,MAAM,oBAAoB,GAAG,IAAI,sDAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEvE,IAAI,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC/C,MAAM,IAAA,mCAAoB,EACxB,MAAM,EACN,QAAQ,CAAC,UAAU,EACnB,KAAK,CAAC,mBAAoB,EAC1B,KAAK,CAAC,cAAc,EACpB,MAAM,EACN,QAAQ,CAAC,eAAe,EACxB,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,gBAAgB,EACzB,QAAQ,CAAC,YAAY,EACrB,QAAQ,CAAC,iBAAiB,CAC3B,CAAC;QACJ,CAAC;QAED,MAAM,eAAe,GAAyB,MAAM,IAAA,4BAAc,EAChE,MAAM,EACN,QAAQ,CAAC,sBAAsB,EAC/B,QAAQ,CAAC,WAAW,EACpB,QAAQ,CAAC,iBAAiB,EAC1B,QAAQ,CAAC,UAAU,EACnB,QAAQ,CAAC,cAAc,EACvB,QAAQ,CAAC,0BAA0B,EACnC,QAAQ,CAAC,iBAAiB,EAC1B,MAAM,EACN,oBAAoB,EACpB,KAAK,CAAC,cAAc,EACpB,QAAQ,CAAC,wBAAwB,EACjC,QAAQ,CAAC,YAAY,EACrB,QAAQ,CAAC,oBAAoB,EAC7B,KAAK,CAAC,8BAA8B,EACpC,QAAQ,CAAC,YAAY,CACtB,CAAC;QAEF,kEAAkE;QAClE,MAAM,SAAS,GACb,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,IAAI,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC;QACtG,MAAM,qBAAqB,GAAG,SAAS;YACrC,CAAC,CAAC,IAAI,+CAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,sBAAsB,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM,CAAC;YAC3G,CAAC,CAAC,SAAS,CAAC;QAEd,2EAA2E;QAC3E,+CAA+C;QAC/C,2EAA2E;QAC3E,IAAI,MAAM,CAAC,SAAS,EAAE,OAAO,IAAI,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC3D,MAAM,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC,iBAAiB,IAAI,MAAM,CAAC;YAClE,gFAAgF;YAChF,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,QAEjC,CAAC;YAEF,IAAI,YAAY,KAAK,KAAK,IAAI,OAAO,QAAQ,CAAC,cAAc,KAAK,UAAU,EAAE,CAAC;gBAC5E,IAAI,CAAC;oBACH,MAAM,gBAAgB,GAAG,MAAM,QAAQ,CAAC,cAAc,EAAE,CAAC;oBAEzD,IAAI,gBAAgB,CAAC,KAAK,EAAE,CAAC;wBAC3B,MAAM,CAAC,GAAG,CAAC,cAAc,gBAAgB,CAAC,OAAO,EAAE,CAAC,CAAC;oBACvD,CAAC;yBAAM,CAAC;wBACN,MAAM,WAAW,GAAG,gBAAgB,CAAC,IAAI;4BACvC,CAAC,CAAC,GAAG,gBAAgB,CAAC,OAAO,IAAI,gBAAgB,CAAC,IAAI,EAAE;4BACxD,CAAC,CAAC,gBAAgB,CAAC,OAAO,CAAC;wBAE7B,IAAI,YAAY,KAAK,OAAO,EAAE,CAAC;4BAC7B,MAAM,IAAI,gCAAc,CACtB,gCAAa,CAAC,0BAA0B,EACxC,wCAAwC,WAAW,EAAE,CACtD,CAAC;wBACJ,CAAC;6BAAM,CAAC;4BACN,MAAM,CAAC,IAAI,CAAC,wCAAwC,WAAW,EAAE,CAAC,CAAC;wBACrE,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAc,EAAE,CAAC;oBACxB,IAAI,KAAK,YAAY,gCAAc,EAAE,CAAC;wBACpC,MAAM,KAAK,CAAC;oBACd,CAAC;oBACD,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,0BAA0B,CAAC;oBACzF,MAAM,CAAC,IAAI,CAAC,oDAAoD,YAAY,EAAE,CAAC,CAAC;gBAClF,CAAC;YACH,CAAC;QACH,CAAC;QAED,2EAA2E;QAC3E,qBAAqB;QACrB,2EAA2E;QAC3E,MAAM,iBAAiB,GAAG,IAAI,uCAAiB,CAC7C,QAAQ,CAAC,iBAAiB,EAC1B,MAAM,EACN,QAAQ,CAAC,kBAAkB,EAC3B,MAAM,CACP,CAAC;QAEF,MAAM,WAAW,GAAG,IAAI,0BAAW,CACjC,QAAQ,CAAC,UAAU,EACnB,QAAQ,CAAC,cAAc,EACvB,QAAQ,CAAC,WAAW,EACpB,MAAM,EACN,MAAM,CACP,CAAC;QAEF,kFAAkF;QAClF,MAAM,aAAa,GACjB,MAAM,CAAC,OAAO,EAAE,OAAO,IAAI,QAAQ,CAAC,aAAa;YAC/C,CAAC,CAAC,IAAI,+BAAa,CAAC,QAAQ,CAAC,aAAa,EAAE,QAAQ,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC;YACjF,CAAC,CAAC,IAAI,CAAC;QAEX,MAAM,oBAAoB,GAAG,IAAI,6CAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEtE,kDAAkD;QAClD,MAAM,WAAW,GACf,MAAM,CAAC,aAAa,EAAE,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,aAAa,EAAE,MAAM,KAAK,QAAQ;YACrF,CAAC,CAAC,IAAI,0BAAW,CAAC,MAAM,CAAC;YACzB,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,IAAI,0BAAW,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEtF,2EAA2E;QAC3E,sCAAsC;QACtC,2EAA2E;QAC3E,MAAM,UAAU,GAAG;YACjB,iDAAiD;YACjD,UAAU,EAAE,OAAO,CAAC,kBAAkB,CAAC,YAAY,EAAE,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE;gBACrG,kBAAkB,EAAE,IAAI;aACzB,CAAC;YAEF,wFAAwF;YACxF,4FAA4F;YAC5F,MAAM,EAAE,aAAa;gBACnB,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,QAAQ,EAAE,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAChF,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,KAAK,EAAE,IAAkB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;oBACrG,MAAM,IAAI,EAAE,CAAC;gBACf,CAAC,CAAC;YAEN,eAAe;YACf,IAAI,EAAE,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAE9E,mCAAmC;YACnC,IAAI,EAAE,WAAW;gBACf,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC1E,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,EAAE,KAAK,EAAE,IAAkB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;oBACrG,MAAM,IAAI,EAAE,CAAC;gBACf,CAAC,CAAC;YAEN,wCAAwC;YACxC,aAAa,EAAE,OAAO,CAAC,2BAA2B,CAChD,oBAAoB,CAAC,cAAc,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAC/D;SACF,CAAC;QAEF,2EAA2E;QAC3E,oBAAoB;QACpB,2EAA2E;QAC3E,MAAM,OAAO,GAAG;YACd;;eAEG;YACH,MAAM,EAAE,GAAG,EAAE,CACX,OAAO,CAAC,kBAAkB,CAAC,QAAQ,EAAE,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBAChG,GAAG,CAAC,UAAU,CAAC,WAAW,GAAG,IAAI,CAAC;gBAClC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAEJ;;;;eAIG;YACH,WAAW,EAAE,CAAC,OAA4B,EAAE,EAAE,CAC5C,OAAO,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC,GAAiB,EAAE,GAAkB,EAAE,IAAgB,EAAE,EAAE;gBACpG,gDAAgD;gBAChD,IAAI,OAAO,EAAE,IAAI,KAAK,KAAK,IAAI,GAAG,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;oBAC7D,MAAM,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;gBACtC,CAAC;gBAED,yBAAyB;gBACzB,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;oBACzB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACnB,UAAU,EAAE,GAAG;wBACf,KAAK,EAAE,cAAc;wBACrB,OAAO,EAAE,yBAAyB;wBAClC,IAAI,EAAE,eAAe;qBACtB,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,iEAAiE;gBACjE,gFAAgF;gBAChF,sFAAsF;gBACtF,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,EAAE,CAAC;oBACnC,MAAM,OAAO,GACX,GAAG,CAAC,UAAU,CAAC,eAAe,KAAK,IAAI;wBACvC,CAAC,GAAG,CAAC,UAAU,CAAC,gBAAgB,KAAK,IAAI,IAAI,MAAM,CAAC,OAAO,EAAE,eAAe,KAAK,IAAI,CAAC,CAAC;oBACzF,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;4BACnB,UAAU,EAAE,GAAG;4BACf,KAAK,EAAE,WAAW;4BAClB,OAAO,EAAE,sDAAsD;4BAC/D,IAAI,EAAE,gCAAa,CAAC,SAAS;yBAC9B,CAAC,CAAC;wBACH,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAEJ;;;;;eAKG;YACH,YAAY,EAAE,GAAG,EAAE,CACjB,OAAO,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAC,IAAkB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBACvG,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAEJ;;eAEG;YACH,aAAa,EAAE,CAAC,IAAwB,EAAE,EAAE,CAC1C,OAAO,CAAC,kBAAkB,CACxB,qBAAqB,EACrB,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBAC3D,GAAG,CAAC,UAAU,CAAC,kBAAkB,GAAG,IAAI,CAAC;gBACzC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CACF;YAEH;;;;;;;;;;;;;;;;;;;;eAoBG;YACH,aAAa,EAAE,GAAG,EAAE,CAClB,OAAO,CAAC,kBAAkB,CAAC,eAAe,EAAE,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBACvG,GAAG,CAAC,UAAU,CAAC,kBAAkB,GAAG,IAAI,CAAC;gBACzC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAEJ;;;;;;;;;;;;;;;;;;;;eAoBG;YACH,gBAAgB,EAAE,GAAG,EAAE,CACrB,OAAO,CAAC,kBAAkB,CAAC,kBAAkB,EAAE,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBAC1G,GAAG,CAAC,UAAU,CAAC,qBAAqB,GAAG,IAAI,CAAC;gBAC5C,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAEJ;;;;;;;;;;eAUG;YACH,WAAW,EAAE,GAAG,EAAE,CAChB,OAAO,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBACrG,GAAG,CAAC,UAAU,CAAC,gBAAgB,GAAG,IAAI,CAAC;gBACvC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAEJ;;;;;eAKG;YACH,UAAU,EAAE,GAAG,EAAE,CACf,OAAO,CAAC,kBAAkB,CAAC,YAAY,EAAE,CAAC,GAAiB,EAAE,IAAmB,EAAE,IAAgB,EAAE,EAAE;gBACpG,GAAG,CAAC,UAAU,CAAC,eAAe,GAAG,IAAI,CAAC;gBACtC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC;YAEJ,6CAA6C;YAC7C,cAAc,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAQ,cAAc,CAAC;YAC/D,iBAAiB,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAkB,iBAAiB,CAAC;YAC/E,aAAa,EAAE,GAAG,EAAE,CAAC,gCAAc,CAAC,GAAG,CAAa,aAAa,CAAC;SACnE,CAAC;QAEF,2EAA2E;QAC3E,+BAA+B;QAC/B,2EAA2E;QAE3E,4CAA4C;QAC5C,MAAM,EAAE,gBAAgB,EAAE,0BAA0B,EAAE,GAAG,cAAc,EAAE,GAAG,QAAQ,CAAC;QAErF,MAAM,CAAC,GAAG,CAAC,uCAAuC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAElE,oEAAoE;QACpE,wEAAwE;QACxE,yDAAyD;QACzD,MAAM,gBAAgB,GAAG,IAAI,oCAAgB,CAC3C,MAAM,EACN,OAAO,EACP,MAAM,EACN,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,EACnD,QAAQ,CAAC,UAAU,EACnB,QAAQ,CAAC,sBAAsB,CAChC,CAAC;QACF,YAAY,CAAC,GAAG,EAAE;YAChB,gBAAgB,CAAC,YAAY,EAAE,CAAC;YAChC,gBAAgB,CAAC,cAAc,EAAE,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,OAAO;YACL,GAAG,cAAc;YACjB,GAAG,eAAe;YAClB,UAAU;YACV,OAAO;YACP,OAAO;YACP,MAAM;YACN,MAAM;YACN,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB;YAC7C,WAAW;YACX,cAAc,EAAE,qBAAqB;YACrC,gBAAgB;SACjB,CAAC;IACJ,CAAC;CACF;AAtaD,sBAsaC"}
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* DTO for administrative API key creation on behalf of a user
|
|
3
|
+
*
|
|
4
|
+
* Warning: This endpoint should be protected by admin authentication.
|
|
5
|
+
* The service does not enforce authorization - it is the responsibility of the
|
|
6
|
+
* framework adapter (NestJS/Express/Fastify) to protect the endpoint.
|
|
7
|
+
*
|
|
8
|
+
* Admin-created keys bypass the `allowUserCreation` restriction but still obey
|
|
9
|
+
* `maxKeysPerUser`, expiry, and IP-restriction rules.
|
|
10
|
+
*/
|
|
11
|
+
export declare class AdminCreateApiKeyDTO {
|
|
12
|
+
/**
|
|
13
|
+
* Target user sub (UUID v4)
|
|
14
|
+
*
|
|
15
|
+
* Sanitization: Trimmed and lowercased.
|
|
16
|
+
*/
|
|
17
|
+
sub: string;
|
|
18
|
+
/**
|
|
19
|
+
* User-friendly label for the key (optional)
|
|
20
|
+
*/
|
|
21
|
+
name?: string;
|
|
22
|
+
/**
|
|
23
|
+
* Key expiry in days, or `null` for a key that never expires
|
|
24
|
+
*
|
|
25
|
+
* Mandatory at creation (see {@link CreateApiKeyDTO} for the rules the service enforces).
|
|
26
|
+
*/
|
|
27
|
+
expiresInDays?: number | null;
|
|
28
|
+
/**
|
|
29
|
+
* Allowed source IPs / CIDR ranges for this key (optional)
|
|
30
|
+
*/
|
|
31
|
+
allowedIps?: string[];
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* DTO for administrative API key update on behalf of a user
|
|
35
|
+
*/
|
|
36
|
+
export declare class AdminUpdateApiKeyDTO {
|
|
37
|
+
/**
|
|
38
|
+
* Target user sub (UUID v4)
|
|
39
|
+
*/
|
|
40
|
+
sub: string;
|
|
41
|
+
/**
|
|
42
|
+
* External key identifier (UUID v4)
|
|
43
|
+
*/
|
|
44
|
+
keyId: string;
|
|
45
|
+
/**
|
|
46
|
+
* New label for the key (optional)
|
|
47
|
+
*/
|
|
48
|
+
name?: string;
|
|
49
|
+
/**
|
|
50
|
+
* Replacement IP allowlist (optional). Pass an empty array to clear restrictions.
|
|
51
|
+
*/
|
|
52
|
+
allowedIps?: string[];
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* DTO for administrative API key management (list / revoke / delete) by user sub
|
|
56
|
+
*
|
|
57
|
+
* For list operations, only `sub` is required. For revoke/delete, `keyId` is also required.
|
|
58
|
+
*/
|
|
59
|
+
export declare class AdminManageApiKeyDTO {
|
|
60
|
+
/**
|
|
61
|
+
* Target user sub (UUID v4)
|
|
62
|
+
*/
|
|
63
|
+
sub: string;
|
|
64
|
+
/**
|
|
65
|
+
* External key identifier (UUID v4). Required for revoke/delete, omitted for list.
|
|
66
|
+
*/
|
|
67
|
+
keyId?: string;
|
|
68
|
+
}
|
|
69
|
+
//# sourceMappingURL=admin-api-key.dto.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"admin-api-key.dto.d.ts","sourceRoot":"","sources":["../../src/dto/admin-api-key.dto.ts"],"names":[],"mappings":"AAaA;;;;;;;;;GASG;AACH,qBAAa,oBAAoB;IAC/B;;;;OAIG;IAGH,GAAG,EAAG,MAAM,CAAC;IAEb;;OAEG;IAKH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;;OAIG;IAIH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAE9B;;OAEG;IAKH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;GAEG;AACH,qBAAa,oBAAoB;IAC/B;;OAEG;IAGH,GAAG,EAAG,MAAM,CAAC;IAEb;;OAEG;IAEH,KAAK,EAAG,MAAM,CAAC;IAEf;;OAEG;IAKH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;OAEG;IAKH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;;;GAIG;AACH,qBAAa,oBAAoB;IAC/B;;OAEG;IAGH,GAAG,EAAG,MAAM,CAAC;IAEb;;OAEG;IAGH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB"}
|
|
@@ -0,0 +1,144 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.AdminManageApiKeyDTO = exports.AdminUpdateApiKeyDTO = exports.AdminCreateApiKeyDTO = void 0;
|
|
13
|
+
const class_validator_1 = require("class-validator");
|
|
14
|
+
const class_transformer_1 = require("class-transformer");
|
|
15
|
+
/**
|
|
16
|
+
* DTO for administrative API key creation on behalf of a user
|
|
17
|
+
*
|
|
18
|
+
* Warning: This endpoint should be protected by admin authentication.
|
|
19
|
+
* The service does not enforce authorization - it is the responsibility of the
|
|
20
|
+
* framework adapter (NestJS/Express/Fastify) to protect the endpoint.
|
|
21
|
+
*
|
|
22
|
+
* Admin-created keys bypass the `allowUserCreation` restriction but still obey
|
|
23
|
+
* `maxKeysPerUser`, expiry, and IP-restriction rules.
|
|
24
|
+
*/
|
|
25
|
+
class AdminCreateApiKeyDTO {
|
|
26
|
+
/**
|
|
27
|
+
* Target user sub (UUID v4)
|
|
28
|
+
*
|
|
29
|
+
* Sanitization: Trimmed and lowercased.
|
|
30
|
+
*/
|
|
31
|
+
sub;
|
|
32
|
+
/**
|
|
33
|
+
* User-friendly label for the key (optional)
|
|
34
|
+
*/
|
|
35
|
+
name;
|
|
36
|
+
/**
|
|
37
|
+
* Key expiry in days, or `null` for a key that never expires
|
|
38
|
+
*
|
|
39
|
+
* Mandatory at creation (see {@link CreateApiKeyDTO} for the rules the service enforces).
|
|
40
|
+
*/
|
|
41
|
+
expiresInDays;
|
|
42
|
+
/**
|
|
43
|
+
* Allowed source IPs / CIDR ranges for this key (optional)
|
|
44
|
+
*/
|
|
45
|
+
allowedIps;
|
|
46
|
+
}
|
|
47
|
+
exports.AdminCreateApiKeyDTO = AdminCreateApiKeyDTO;
|
|
48
|
+
__decorate([
|
|
49
|
+
(0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4' }),
|
|
50
|
+
(0, class_transformer_1.Transform)(({ value }) => (typeof value === 'string' ? value.trim().toLowerCase() : value)),
|
|
51
|
+
__metadata("design:type", String)
|
|
52
|
+
], AdminCreateApiKeyDTO.prototype, "sub", void 0);
|
|
53
|
+
__decorate([
|
|
54
|
+
(0, class_validator_1.IsOptional)(),
|
|
55
|
+
(0, class_validator_1.IsString)({ message: 'Name must be a string' }),
|
|
56
|
+
(0, class_validator_1.MaxLength)(255, { message: 'Name must not exceed 255 characters' }),
|
|
57
|
+
(0, class_transformer_1.Transform)(({ value }) => (typeof value === 'string' ? value.trim() : value)),
|
|
58
|
+
__metadata("design:type", String)
|
|
59
|
+
], AdminCreateApiKeyDTO.prototype, "name", void 0);
|
|
60
|
+
__decorate([
|
|
61
|
+
(0, class_validator_1.ValidateIf)((o) => o.expiresInDays !== undefined && o.expiresInDays !== null),
|
|
62
|
+
(0, class_validator_1.IsInt)({ message: 'expiresInDays must be an integer number of days or null' }),
|
|
63
|
+
(0, class_validator_1.Min)(1, { message: 'expiresInDays must be at least 1' }),
|
|
64
|
+
__metadata("design:type", Object)
|
|
65
|
+
], AdminCreateApiKeyDTO.prototype, "expiresInDays", void 0);
|
|
66
|
+
__decorate([
|
|
67
|
+
(0, class_validator_1.IsOptional)(),
|
|
68
|
+
(0, class_validator_1.IsArray)({ message: 'allowedIps must be an array of IP addresses or CIDR ranges' }),
|
|
69
|
+
(0, class_validator_1.ArrayMaxSize)(100, { message: 'allowedIps has too many entries' }),
|
|
70
|
+
(0, class_validator_1.IsString)({ each: true, message: 'Each allowedIps entry must be a string' }),
|
|
71
|
+
__metadata("design:type", Array)
|
|
72
|
+
], AdminCreateApiKeyDTO.prototype, "allowedIps", void 0);
|
|
73
|
+
/**
|
|
74
|
+
* DTO for administrative API key update on behalf of a user
|
|
75
|
+
*/
|
|
76
|
+
class AdminUpdateApiKeyDTO {
|
|
77
|
+
/**
|
|
78
|
+
* Target user sub (UUID v4)
|
|
79
|
+
*/
|
|
80
|
+
sub;
|
|
81
|
+
/**
|
|
82
|
+
* External key identifier (UUID v4)
|
|
83
|
+
*/
|
|
84
|
+
keyId;
|
|
85
|
+
/**
|
|
86
|
+
* New label for the key (optional)
|
|
87
|
+
*/
|
|
88
|
+
name;
|
|
89
|
+
/**
|
|
90
|
+
* Replacement IP allowlist (optional). Pass an empty array to clear restrictions.
|
|
91
|
+
*/
|
|
92
|
+
allowedIps;
|
|
93
|
+
}
|
|
94
|
+
exports.AdminUpdateApiKeyDTO = AdminUpdateApiKeyDTO;
|
|
95
|
+
__decorate([
|
|
96
|
+
(0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4' }),
|
|
97
|
+
(0, class_transformer_1.Transform)(({ value }) => (typeof value === 'string' ? value.trim().toLowerCase() : value)),
|
|
98
|
+
__metadata("design:type", String)
|
|
99
|
+
], AdminUpdateApiKeyDTO.prototype, "sub", void 0);
|
|
100
|
+
__decorate([
|
|
101
|
+
(0, class_validator_1.IsUUID)('4', { message: 'keyId must be a valid UUID v4' }),
|
|
102
|
+
__metadata("design:type", String)
|
|
103
|
+
], AdminUpdateApiKeyDTO.prototype, "keyId", void 0);
|
|
104
|
+
__decorate([
|
|
105
|
+
(0, class_validator_1.IsOptional)(),
|
|
106
|
+
(0, class_validator_1.IsString)({ message: 'Name must be a string' }),
|
|
107
|
+
(0, class_validator_1.MaxLength)(255, { message: 'Name must not exceed 255 characters' }),
|
|
108
|
+
(0, class_transformer_1.Transform)(({ value }) => (typeof value === 'string' ? value.trim() : value)),
|
|
109
|
+
__metadata("design:type", String)
|
|
110
|
+
], AdminUpdateApiKeyDTO.prototype, "name", void 0);
|
|
111
|
+
__decorate([
|
|
112
|
+
(0, class_validator_1.IsOptional)(),
|
|
113
|
+
(0, class_validator_1.IsArray)({ message: 'allowedIps must be an array of IP addresses or CIDR ranges' }),
|
|
114
|
+
(0, class_validator_1.ArrayMaxSize)(100, { message: 'allowedIps has too many entries' }),
|
|
115
|
+
(0, class_validator_1.IsString)({ each: true, message: 'Each allowedIps entry must be a string' }),
|
|
116
|
+
__metadata("design:type", Array)
|
|
117
|
+
], AdminUpdateApiKeyDTO.prototype, "allowedIps", void 0);
|
|
118
|
+
/**
|
|
119
|
+
* DTO for administrative API key management (list / revoke / delete) by user sub
|
|
120
|
+
*
|
|
121
|
+
* For list operations, only `sub` is required. For revoke/delete, `keyId` is also required.
|
|
122
|
+
*/
|
|
123
|
+
class AdminManageApiKeyDTO {
|
|
124
|
+
/**
|
|
125
|
+
* Target user sub (UUID v4)
|
|
126
|
+
*/
|
|
127
|
+
sub;
|
|
128
|
+
/**
|
|
129
|
+
* External key identifier (UUID v4). Required for revoke/delete, omitted for list.
|
|
130
|
+
*/
|
|
131
|
+
keyId;
|
|
132
|
+
}
|
|
133
|
+
exports.AdminManageApiKeyDTO = AdminManageApiKeyDTO;
|
|
134
|
+
__decorate([
|
|
135
|
+
(0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4' }),
|
|
136
|
+
(0, class_transformer_1.Transform)(({ value }) => (typeof value === 'string' ? value.trim().toLowerCase() : value)),
|
|
137
|
+
__metadata("design:type", String)
|
|
138
|
+
], AdminManageApiKeyDTO.prototype, "sub", void 0);
|
|
139
|
+
__decorate([
|
|
140
|
+
(0, class_validator_1.IsOptional)(),
|
|
141
|
+
(0, class_validator_1.IsUUID)('4', { message: 'keyId must be a valid UUID v4' }),
|
|
142
|
+
__metadata("design:type", String)
|
|
143
|
+
], AdminManageApiKeyDTO.prototype, "keyId", void 0);
|
|
144
|
+
//# sourceMappingURL=admin-api-key.dto.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"admin-api-key.dto.js","sourceRoot":"","sources":["../../src/dto/admin-api-key.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAUyB;AACzB,yDAA8C;AAE9C;;;;;;;;;GASG;AACH,MAAa,oBAAoB;IAC/B;;;;OAIG;IAGH,GAAG,CAAU;IAEb;;OAEG;IAKH,IAAI,CAAU;IAEd;;;;OAIG;IAIH,aAAa,CAAiB;IAE9B;;OAEG;IAKH,UAAU,CAAY;CACvB;AArCD,oDAqCC;AA7BC;IAFC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;IAC5D,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;;iDAC9E;AASb;IAJC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;IAC9C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,qCAAqC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;;kDAC/D;AAUd;IAHC,IAAA,4BAAU,EAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,KAAK,SAAS,IAAI,CAAC,CAAC,aAAa,KAAK,IAAI,CAAC;IAC5E,IAAA,uBAAK,EAAC,EAAE,OAAO,EAAE,yDAAyD,EAAE,CAAC;IAC7E,IAAA,qBAAG,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;;2DAC1B;AAS9B;IAJC,IAAA,4BAAU,GAAE;IACZ,IAAA,yBAAO,EAAC,EAAE,OAAO,EAAE,4DAA4D,EAAE,CAAC;IAClF,IAAA,8BAAY,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,iCAAiC,EAAE,CAAC;IACjE,IAAA,0BAAQ,EAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;;wDACtD;AAGxB;;GAEG;AACH,MAAa,oBAAoB;IAC/B;;OAEG;IAGH,GAAG,CAAU;IAEb;;OAEG;IAEH,KAAK,CAAU;IAEf;;OAEG;IAKH,IAAI,CAAU;IAEd;;OAEG;IAKH,UAAU,CAAY;CACvB;AA/BD,oDA+BC;AAzBC;IAFC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;IAC5D,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;;iDAC9E;AAMb;IADC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;;mDAC3C;AASf;IAJC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;IAC9C,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,qCAAqC,EAAE,CAAC;IAClE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;;kDAC/D;AASd;IAJC,IAAA,4BAAU,GAAE;IACZ,IAAA,yBAAO,EAAC,EAAE,OAAO,EAAE,4DAA4D,EAAE,CAAC;IAClF,IAAA,8BAAY,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,iCAAiC,EAAE,CAAC;IACjE,IAAA,0BAAQ,EAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;;wDACtD;AAGxB;;;;GAIG;AACH,MAAa,oBAAoB;IAC/B;;OAEG;IAGH,GAAG,CAAU;IAEb;;OAEG;IAGH,KAAK,CAAU;CAChB;AAdD,oDAcC;AARC;IAFC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;IAC5D,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;;iDAC9E;AAOb;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;;mDAC3C"}
|
|
@@ -111,7 +111,7 @@ export declare class AdminSignupSocialDTO {
|
|
|
111
111
|
*
|
|
112
112
|
* Validation:
|
|
113
113
|
* - Min 8 characters
|
|
114
|
-
* - Max 128 characters (prevents DoS via
|
|
114
|
+
* - Max 128 characters (prevents DoS via Argon2 hashing)
|
|
115
115
|
* - Additional policy checks in service layer
|
|
116
116
|
*
|
|
117
117
|
* Note: NOT trimmed (passwords can have leading/trailing spaces)
|
|
@@ -124,7 +124,7 @@ class AdminSignupSocialDTO {
|
|
|
124
124
|
*
|
|
125
125
|
* Validation:
|
|
126
126
|
* - Min 8 characters
|
|
127
|
-
* - Max 128 characters (prevents DoS via
|
|
127
|
+
* - Max 128 characters (prevents DoS via Argon2 hashing)
|
|
128
128
|
* - Additional policy checks in service layer
|
|
129
129
|
*
|
|
130
130
|
* Note: NOT trimmed (passwords can have leading/trailing spaces)
|
|
@@ -56,7 +56,7 @@ export declare class AdminSignupDTO {
|
|
|
56
56
|
*
|
|
57
57
|
* Validation:
|
|
58
58
|
* - Min 8 characters
|
|
59
|
-
* - Max 128 characters (prevents DoS via
|
|
59
|
+
* - Max 128 characters (prevents DoS via Argon2 hashing)
|
|
60
60
|
* - Additional policy checks in service layer
|
|
61
61
|
*
|
|
62
62
|
* Note: NOT trimmed (passwords can have leading/trailing spaces)
|
|
@@ -69,7 +69,7 @@ class AdminSignupDTO {
|
|
|
69
69
|
*
|
|
70
70
|
* Validation:
|
|
71
71
|
* - Min 8 characters
|
|
72
|
-
* - Max 128 characters (prevents DoS via
|
|
72
|
+
* - Max 128 characters (prevents DoS via Argon2 hashing)
|
|
73
73
|
* - Additional policy checks in service layer
|
|
74
74
|
*
|
|
75
75
|
* Note: NOT trimmed (passwords can have leading/trailing spaces)
|
|
@@ -0,0 +1,132 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* DTO for creating an API key (user self-service)
|
|
3
|
+
*
|
|
4
|
+
* Security:
|
|
5
|
+
* - Expiry is explicit and mandatory (enforced in the service layer):
|
|
6
|
+
* provide a positive number of days, or `null` for a never-expiring key
|
|
7
|
+
* (only allowed when `apiKeys.allowIndefinite` is true).
|
|
8
|
+
* - Optional per-key IP allowlist restricts which source IPs may use the key.
|
|
9
|
+
*
|
|
10
|
+
* Note: The owning user is derived from the authenticated request, never from the body.
|
|
11
|
+
*/
|
|
12
|
+
export declare class CreateApiKeyDTO {
|
|
13
|
+
/**
|
|
14
|
+
* User-friendly label for the key (optional)
|
|
15
|
+
*
|
|
16
|
+
* Validation:
|
|
17
|
+
* - Max 255 characters
|
|
18
|
+
*
|
|
19
|
+
* Sanitization:
|
|
20
|
+
* - Trimmed
|
|
21
|
+
*/
|
|
22
|
+
name?: string;
|
|
23
|
+
/**
|
|
24
|
+
* Key expiry in days, or `null` for a key that never expires
|
|
25
|
+
*
|
|
26
|
+
* This field is mandatory at creation. The service rejects the request when it
|
|
27
|
+
* is omitted (`API_KEY_EXPIRY_REQUIRED`), when `null` is used but indefinite keys
|
|
28
|
+
* are disallowed (`API_KEY_INDEFINITE_NOT_ALLOWED`), or when it exceeds the
|
|
29
|
+
* configured maximum (`API_KEY_EXPIRY_TOO_LONG`).
|
|
30
|
+
*
|
|
31
|
+
* Validation:
|
|
32
|
+
* - When provided and not null: positive integer
|
|
33
|
+
*/
|
|
34
|
+
expiresInDays?: number | null;
|
|
35
|
+
/**
|
|
36
|
+
* Allowed source IPs / CIDR ranges for this key (optional)
|
|
37
|
+
*
|
|
38
|
+
* When omitted or empty, the key may be used from any IP. Each entry must be a
|
|
39
|
+
* valid IPv4/IPv6 address or CIDR range (validated in the service layer).
|
|
40
|
+
*
|
|
41
|
+
* Validation:
|
|
42
|
+
* - Array of strings, max 100 entries at the DTO layer (per-key cap enforced by config)
|
|
43
|
+
*/
|
|
44
|
+
allowedIps?: string[];
|
|
45
|
+
}
|
|
46
|
+
/**
|
|
47
|
+
* DTO for updating an API key (user self-service)
|
|
48
|
+
*
|
|
49
|
+
* Only the label and IP allowlist are mutable. The secret and expiry are immutable —
|
|
50
|
+
* to rotate or extend a key, delete it and create a new one.
|
|
51
|
+
*/
|
|
52
|
+
export declare class UpdateApiKeyDTO {
|
|
53
|
+
/**
|
|
54
|
+
* External key identifier (UUID v4)
|
|
55
|
+
*/
|
|
56
|
+
keyId: string;
|
|
57
|
+
/**
|
|
58
|
+
* New label for the key (optional)
|
|
59
|
+
*/
|
|
60
|
+
name?: string;
|
|
61
|
+
/**
|
|
62
|
+
* Replacement IP allowlist (optional)
|
|
63
|
+
*
|
|
64
|
+
* Pass an empty array to clear restrictions (open to any IP).
|
|
65
|
+
*/
|
|
66
|
+
allowedIps?: string[];
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* DTO for revoking an API key (soft delete)
|
|
70
|
+
*/
|
|
71
|
+
export declare class RevokeApiKeyDTO {
|
|
72
|
+
/**
|
|
73
|
+
* External key identifier (UUID v4)
|
|
74
|
+
*/
|
|
75
|
+
keyId: string;
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* DTO for permanently deleting an API key
|
|
79
|
+
*/
|
|
80
|
+
export declare class DeleteApiKeyDTO {
|
|
81
|
+
/**
|
|
82
|
+
* External key identifier (UUID v4)
|
|
83
|
+
*/
|
|
84
|
+
keyId: string;
|
|
85
|
+
}
|
|
86
|
+
/**
|
|
87
|
+
* Sanitized API key response
|
|
88
|
+
*
|
|
89
|
+
* Never includes the plaintext key or its hash. Returned by list and update operations.
|
|
90
|
+
*/
|
|
91
|
+
export declare class ApiKeyResponseDTO {
|
|
92
|
+
/** External key identifier (UUID v4) */
|
|
93
|
+
keyId: string;
|
|
94
|
+
/** User-friendly label */
|
|
95
|
+
name?: string | null;
|
|
96
|
+
/** Last few characters of the key (display hint) */
|
|
97
|
+
lastFour?: string | null;
|
|
98
|
+
/** Allowed source IPs / CIDR ranges (empty/null = any IP) */
|
|
99
|
+
allowedIps?: string[] | null;
|
|
100
|
+
/** Expiry timestamp, or null if the key never expires */
|
|
101
|
+
expiresAt?: Date | null;
|
|
102
|
+
/** Whether the key is active */
|
|
103
|
+
isActive: boolean;
|
|
104
|
+
/** Whether the key was created by an administrator */
|
|
105
|
+
createdByAdmin: boolean;
|
|
106
|
+
/** Last successful use timestamp, or null if never used */
|
|
107
|
+
lastUsedAt?: Date | null;
|
|
108
|
+
/** IP of the last successful use (only when usage IP tracking is enabled) */
|
|
109
|
+
lastUsedIp?: string | null;
|
|
110
|
+
/** Total number of successful authentications with this key */
|
|
111
|
+
usageCount: number;
|
|
112
|
+
/** Creation timestamp */
|
|
113
|
+
createdAt: Date;
|
|
114
|
+
}
|
|
115
|
+
/**
|
|
116
|
+
* Response returned once when a key is created
|
|
117
|
+
*
|
|
118
|
+
* The plaintext `key` is shown only here and never again — the caller must store it securely.
|
|
119
|
+
*/
|
|
120
|
+
export declare class CreateApiKeyResponseDTO {
|
|
121
|
+
/**
|
|
122
|
+
* The full plaintext API key (shown once)
|
|
123
|
+
*
|
|
124
|
+
* Security: Never stored in plaintext. Deliver securely to the consumer.
|
|
125
|
+
*/
|
|
126
|
+
key: string;
|
|
127
|
+
/**
|
|
128
|
+
* Sanitized metadata for the created key
|
|
129
|
+
*/
|
|
130
|
+
apiKey: ApiKeyResponseDTO;
|
|
131
|
+
}
|
|
132
|
+
//# sourceMappingURL=api-key.dto.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-key.dto.d.ts","sourceRoot":"","sources":["../../src/dto/api-key.dto.ts"],"names":[],"mappings":"AAaA;;;;;;;;;;GAUG;AACH,qBAAa,eAAe;IAC1B;;;;;;;;OAQG;IAKH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;;;;;;;;OAUG;IAIH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAE9B;;;;;;;;OAQG;IAKH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;;;;GAKG;AACH,qBAAa,eAAe;IAC1B;;OAEG;IAEH,KAAK,EAAG,MAAM,CAAC;IAEf;;OAEG;IAKH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;;OAIG;IAKH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B;;OAEG;IAEH,KAAK,EAAG,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B;;OAEG;IAEH,KAAK,EAAG,MAAM,CAAC;CAChB;AAED;;;;GAIG;AACH,qBAAa,iBAAiB;IAC5B,wCAAwC;IACxC,KAAK,EAAG,MAAM,CAAC;IAEf,0BAA0B;IAC1B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAErB,oDAAoD;IACpD,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEzB,6DAA6D;IAC7D,UAAU,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAE7B,yDAAyD;IACzD,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAExB,gCAAgC;IAChC,QAAQ,EAAG,OAAO,CAAC;IAEnB,sDAAsD;IACtD,cAAc,EAAG,OAAO,CAAC;IAEzB,2DAA2D;IAC3D,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAEzB,6EAA6E;IAC7E,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAE3B,+DAA+D;IAC/D,UAAU,EAAG,MAAM,CAAC;IAEpB,yBAAyB;IACzB,SAAS,EAAG,IAAI,CAAC;CAClB;AAED;;;;GAIG;AACH,qBAAa,uBAAuB;IAClC;;;;OAIG;IACH,GAAG,EAAG,MAAM,CAAC;IAEb;;OAEG;IACH,MAAM,EAAG,iBAAiB,CAAC;CAC5B"}
|