@nauth-toolkit/core 0.2.7 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (104) hide show
  1. package/dist/bootstrap.d.ts +3 -0
  2. package/dist/bootstrap.d.ts.map +1 -1
  3. package/dist/bootstrap.js +63 -0
  4. package/dist/bootstrap.js.map +1 -1
  5. package/dist/dto/admin-api-key.dto.d.ts +69 -0
  6. package/dist/dto/admin-api-key.dto.d.ts.map +1 -0
  7. package/dist/dto/admin-api-key.dto.js +144 -0
  8. package/dist/dto/admin-api-key.dto.js.map +1 -0
  9. package/dist/dto/admin-signup-social.dto.d.ts +1 -1
  10. package/dist/dto/admin-signup-social.dto.js +1 -1
  11. package/dist/dto/admin-signup.dto.d.ts +1 -1
  12. package/dist/dto/admin-signup.dto.js +1 -1
  13. package/dist/dto/api-key.dto.d.ts +132 -0
  14. package/dist/dto/api-key.dto.d.ts.map +1 -0
  15. package/dist/dto/api-key.dto.js +198 -0
  16. package/dist/dto/api-key.dto.js.map +1 -0
  17. package/dist/dto/change-password.dto.d.ts +2 -2
  18. package/dist/dto/change-password.dto.js +2 -2
  19. package/dist/dto/index.d.ts +2 -0
  20. package/dist/dto/index.d.ts.map +1 -1
  21. package/dist/dto/index.js +3 -0
  22. package/dist/dto/index.js.map +1 -1
  23. package/dist/dto/reset-password.dto.d.ts +1 -1
  24. package/dist/dto/reset-password.dto.js +1 -1
  25. package/dist/dto/respond-challenge.dto.d.ts +1 -1
  26. package/dist/dto/respond-challenge.dto.js +1 -1
  27. package/dist/dto/signup.dto.d.ts +1 -1
  28. package/dist/dto/signup.dto.js +1 -1
  29. package/dist/entities/api-key.entity.d.ts +135 -0
  30. package/dist/entities/api-key.entity.d.ts.map +1 -0
  31. package/dist/entities/api-key.entity.js +149 -0
  32. package/dist/entities/api-key.entity.js.map +1 -0
  33. package/dist/entities/index.d.ts +1 -0
  34. package/dist/entities/index.d.ts.map +1 -1
  35. package/dist/entities/index.js +3 -1
  36. package/dist/entities/index.js.map +1 -1
  37. package/dist/enums/auth-audit-event-type.enum.d.ts +25 -1
  38. package/dist/enums/auth-audit-event-type.enum.d.ts.map +1 -1
  39. package/dist/enums/auth-audit-event-type.enum.js +27 -0
  40. package/dist/enums/auth-audit-event-type.enum.js.map +1 -1
  41. package/dist/enums/error-codes.enum.d.ts +56 -1
  42. package/dist/enums/error-codes.enum.d.ts.map +1 -1
  43. package/dist/enums/error-codes.enum.js +58 -0
  44. package/dist/enums/error-codes.enum.js.map +1 -1
  45. package/dist/exceptions/nauth.exception.d.ts.map +1 -1
  46. package/dist/exceptions/nauth.exception.js +13 -0
  47. package/dist/exceptions/nauth.exception.js.map +1 -1
  48. package/dist/handlers/api-key.handler.d.ts +45 -0
  49. package/dist/handlers/api-key.handler.d.ts.map +1 -0
  50. package/dist/handlers/api-key.handler.js +99 -0
  51. package/dist/handlers/api-key.handler.js.map +1 -0
  52. package/dist/handlers/auth.handler.d.ts.map +1 -1
  53. package/dist/handlers/auth.handler.js +6 -0
  54. package/dist/handlers/auth.handler.js.map +1 -1
  55. package/dist/index.d.ts +7 -0
  56. package/dist/index.d.ts.map +1 -1
  57. package/dist/index.js +8 -1
  58. package/dist/index.js.map +1 -1
  59. package/dist/interfaces/config.interface.d.ts +162 -0
  60. package/dist/interfaces/config.interface.d.ts.map +1 -1
  61. package/dist/internal.d.ts +7 -0
  62. package/dist/internal.d.ts.map +1 -1
  63. package/dist/internal.js +8 -1
  64. package/dist/internal.js.map +1 -1
  65. package/dist/openapi/components.schemas.json +284 -7
  66. package/dist/platform/interfaces.d.ts +8 -0
  67. package/dist/platform/interfaces.d.ts.map +1 -1
  68. package/dist/schemas/auth-config.schema.d.ts +211 -0
  69. package/dist/schemas/auth-config.schema.d.ts.map +1 -1
  70. package/dist/schemas/auth-config.schema.js +33 -1
  71. package/dist/schemas/auth-config.schema.js.map +1 -1
  72. package/dist/services/admin-auth.service.d.ts +59 -1
  73. package/dist/services/admin-auth.service.d.ts.map +1 -1
  74. package/dist/services/admin-auth.service.js +99 -1
  75. package/dist/services/admin-auth.service.js.map +1 -1
  76. package/dist/services/api-key.service.d.ts +152 -0
  77. package/dist/services/api-key.service.d.ts.map +1 -0
  78. package/dist/services/api-key.service.js +378 -0
  79. package/dist/services/api-key.service.js.map +1 -0
  80. package/dist/services/telemetry.service.d.ts +154 -0
  81. package/dist/services/telemetry.service.d.ts.map +1 -0
  82. package/dist/services/telemetry.service.js +345 -0
  83. package/dist/services/telemetry.service.js.map +1 -0
  84. package/dist/utils/get-package-version.d.ts +15 -0
  85. package/dist/utils/get-package-version.d.ts.map +1 -0
  86. package/dist/utils/get-package-version.js +84 -0
  87. package/dist/utils/get-package-version.js.map +1 -0
  88. package/dist/utils/index.d.ts +1 -0
  89. package/dist/utils/index.d.ts.map +1 -1
  90. package/dist/utils/index.js +1 -0
  91. package/dist/utils/index.js.map +1 -1
  92. package/dist/utils/ip-match.d.ts +44 -0
  93. package/dist/utils/ip-match.d.ts.map +1 -0
  94. package/dist/utils/ip-match.js +135 -0
  95. package/dist/utils/ip-match.js.map +1 -0
  96. package/dist/utils/setup/get-repositories.d.ts +2 -1
  97. package/dist/utils/setup/get-repositories.d.ts.map +1 -1
  98. package/dist/utils/setup/get-repositories.js +2 -0
  99. package/dist/utils/setup/get-repositories.js.map +1 -1
  100. package/dist/utils/setup/init-services.d.ts +4 -2
  101. package/dist/utils/setup/init-services.d.ts.map +1 -1
  102. package/dist/utils/setup/init-services.js +8 -1
  103. package/dist/utils/setup/init-services.js.map +1 -1
  104. package/package.json +2 -2
@@ -2,6 +2,38 @@
2
2
  "openapi": "3.0.3",
3
3
  "components": {
4
4
  "schemas": {
5
+ "AdminCreateApiKeyDTO": {
6
+ "type": "object",
7
+ "properties": {
8
+ "sub": {
9
+ "type": "string",
10
+ "description": "Target user sub (UUID v4)\n\nSanitization: Trimmed and lowercased."
11
+ },
12
+ "name": {
13
+ "type": "string",
14
+ "description": "User-friendly label for the key (optional)"
15
+ },
16
+ "expiresInDays": {
17
+ "type": [
18
+ "number",
19
+ "null"
20
+ ],
21
+ "description": "Key expiry in days, or `null` for a key that never expires\n\nMandatory at creation (see {@link CreateApiKeyDTO } for the rules the service enforces)."
22
+ },
23
+ "allowedIps": {
24
+ "type": "array",
25
+ "items": {
26
+ "type": "string"
27
+ },
28
+ "description": "Allowed source IPs / CIDR ranges for this key (optional)"
29
+ }
30
+ },
31
+ "required": [
32
+ "sub"
33
+ ],
34
+ "additionalProperties": false,
35
+ "description": "DTO for administrative API key creation on behalf of a user\n\nWarning: This endpoint should be protected by admin authentication. The service does not enforce authorization - it is the responsibility of the framework adapter (NestJS/Express/Fastify) to protect the endpoint.\n\nAdmin-created keys bypass the `allowUserCreation` restriction but still obey `maxKeysPerUser`, expiry, and IP-restriction rules."
36
+ },
5
37
  "AdminGetMFAStatusDTO": {
6
38
  "type": "object",
7
39
  "properties": {
@@ -128,7 +160,13 @@
128
160
  "CHALLENGE_CREATED",
129
161
  "CHALLENGE_COMPLETED",
130
162
  "CHALLENGE_ATTEMPT_FAILED",
131
- "SUSPICIOUS_ACTIVITY"
163
+ "SUSPICIOUS_ACTIVITY",
164
+ "API_KEY_CREATED",
165
+ "API_KEY_UPDATED",
166
+ "API_KEY_USED",
167
+ "API_KEY_REVOKED",
168
+ "API_KEY_DELETED",
169
+ "API_KEY_AUTH_FAILED"
132
170
  ],
133
171
  "description": "Authentication Audit Event Types\n\nComprehensive enumeration of all authentication and security events that are recorded in the audit trail.\n\n**Organization:**\n- Login events (success, failure, blocked)\n- Session management events\n- Password operations\n- Multi-Factor Authentication (MFA) events\n- Adaptive MFA events (risk-based)\n- Verification events (email, phone)\n- Account management events\n- Profile update events\n- Social authentication events\n- Challenge flow events\n- Security violation events\n\n**Note:** TOKEN_REFRESHED is intentionally excluded as it occurs too frequently and would create excessive audit noise. Only security-relevant token operations are audited."
134
172
  },
@@ -180,6 +218,24 @@
180
218
  "additionalProperties": false,
181
219
  "description": "Request DTO for admin logout all sessions"
182
220
  },
221
+ "AdminManageApiKeyDTO": {
222
+ "type": "object",
223
+ "properties": {
224
+ "sub": {
225
+ "type": "string",
226
+ "description": "Target user sub (UUID v4)"
227
+ },
228
+ "keyId": {
229
+ "type": "string",
230
+ "description": "External key identifier (UUID v4). Required for revoke/delete, omitted for list."
231
+ }
232
+ },
233
+ "required": [
234
+ "sub"
235
+ ],
236
+ "additionalProperties": false,
237
+ "description": "DTO for administrative API key management (list / revoke / delete) by user sub\n\nFor list operations, only `sub` is required. For revoke/delete, `keyId` is also required."
238
+ },
183
239
  "AdminRemoveDeviceDTO": {
184
240
  "type": "object",
185
241
  "properties": {
@@ -415,7 +471,7 @@
415
471
  },
416
472
  "password": {
417
473
  "type": "string",
418
- "description": "User password\n\nRequired unless `generatePassword` is true.\n\nValidation:\n- Min 8 characters\n- Max 128 characters (prevents DoS via bcrypt)\n- Additional policy checks in service layer\n\nNote: NOT trimmed (passwords can have leading/trailing spaces)"
474
+ "description": "User password\n\nRequired unless `generatePassword` is true.\n\nValidation:\n- Min 8 characters\n- Max 128 characters (prevents DoS via Argon2 hashing)\n- Additional policy checks in service layer\n\nNote: NOT trimmed (passwords can have leading/trailing spaces)"
419
475
  },
420
476
  "username": {
421
477
  "type": "string",
@@ -619,7 +675,7 @@
619
675
  },
620
676
  "password": {
621
677
  "type": "string",
622
- "description": "Optional password for hybrid social+password accounts\n\nValidation:\n- Min 8 characters\n- Max 128 characters (prevents DoS via bcrypt)\n- Additional policy checks in service layer\n\nNote: NOT trimmed (passwords can have leading/trailing spaces)\n\nSecurity: If not provided, user will be social-only (no password login). Password can be set later via setPasswordForSocialUser()."
678
+ "description": "Optional password for hybrid social+password accounts\n\nValidation:\n- Min 8 characters\n- Max 128 characters (prevents DoS via Argon2 hashing)\n- Additional policy checks in service layer\n\nNote: NOT trimmed (passwords can have leading/trailing spaces)\n\nSecurity: If not provided, user will be social-only (no password login). Password can be set later via setPasswordForSocialUser()."
623
679
  },
624
680
  "phone": {
625
681
  "type": "string",
@@ -701,6 +757,36 @@
701
757
  "additionalProperties": false,
702
758
  "description": "Response DTO for admin social signup\n\nReturns the created user object (sanitized, excludes sensitive fields like passwordHash) and social account information for confirmation."
703
759
  },
760
+ "AdminUpdateApiKeyDTO": {
761
+ "type": "object",
762
+ "properties": {
763
+ "sub": {
764
+ "type": "string",
765
+ "description": "Target user sub (UUID v4)"
766
+ },
767
+ "keyId": {
768
+ "type": "string",
769
+ "description": "External key identifier (UUID v4)"
770
+ },
771
+ "name": {
772
+ "type": "string",
773
+ "description": "New label for the key (optional)"
774
+ },
775
+ "allowedIps": {
776
+ "type": "array",
777
+ "items": {
778
+ "type": "string"
779
+ },
780
+ "description": "Replacement IP allowlist (optional). Pass an empty array to clear restrictions."
781
+ }
782
+ },
783
+ "required": [
784
+ "sub",
785
+ "keyId"
786
+ ],
787
+ "additionalProperties": false,
788
+ "description": "DTO for administrative API key update on behalf of a user"
789
+ },
704
790
  "AdminUpdateUserAttributesDTO": {
705
791
  "type": "object",
706
792
  "properties": {
@@ -787,6 +873,100 @@
787
873
  "const": "passkey",
788
874
  "description": "WebAuthn/FIDO2 passkeys Biometric authentication (Face ID, Touch ID, Windows Hello) Hardware security keys (YubiKey, etc.)"
789
875
  },
876
+ "ApiKeyResponseDTO": {
877
+ "type": "object",
878
+ "properties": {
879
+ "keyId": {
880
+ "type": "string",
881
+ "description": "External key identifier (UUID v4)"
882
+ },
883
+ "name": {
884
+ "type": [
885
+ "string",
886
+ "null"
887
+ ],
888
+ "description": "User-friendly label"
889
+ },
890
+ "lastFour": {
891
+ "type": [
892
+ "string",
893
+ "null"
894
+ ],
895
+ "description": "Last few characters of the key (display hint)"
896
+ },
897
+ "allowedIps": {
898
+ "anyOf": [
899
+ {
900
+ "type": "array",
901
+ "items": {
902
+ "type": "string"
903
+ }
904
+ },
905
+ {
906
+ "type": "null"
907
+ }
908
+ ],
909
+ "description": "Allowed source IPs / CIDR ranges (empty/null = any IP)"
910
+ },
911
+ "expiresAt": {
912
+ "anyOf": [
913
+ {
914
+ "type": "string",
915
+ "format": "date-time"
916
+ },
917
+ {
918
+ "type": "null"
919
+ }
920
+ ],
921
+ "description": "Expiry timestamp, or null if the key never expires"
922
+ },
923
+ "isActive": {
924
+ "type": "boolean",
925
+ "description": "Whether the key is active"
926
+ },
927
+ "createdByAdmin": {
928
+ "type": "boolean",
929
+ "description": "Whether the key was created by an administrator"
930
+ },
931
+ "lastUsedAt": {
932
+ "anyOf": [
933
+ {
934
+ "type": "string",
935
+ "format": "date-time"
936
+ },
937
+ {
938
+ "type": "null"
939
+ }
940
+ ],
941
+ "description": "Last successful use timestamp, or null if never used"
942
+ },
943
+ "lastUsedIp": {
944
+ "type": [
945
+ "string",
946
+ "null"
947
+ ],
948
+ "description": "IP of the last successful use (only when usage IP tracking is enabled)"
949
+ },
950
+ "usageCount": {
951
+ "type": "number",
952
+ "description": "Total number of successful authentications with this key"
953
+ },
954
+ "createdAt": {
955
+ "type": "string",
956
+ "format": "date-time",
957
+ "description": "Creation timestamp"
958
+ }
959
+ },
960
+ "required": [
961
+ "keyId",
962
+ "isActive",
963
+ "createdByAdmin",
964
+ "usageCount",
965
+ "createdAt"
966
+ ],
967
+ "additionalProperties": false,
968
+ "description": "Sanitized API key response\n\nNever includes the plaintext key or its hash. Returned by list and update operations."
969
+ },
790
970
  "AuthChallenge": {
791
971
  "type": "string",
792
972
  "enum": [
@@ -1266,7 +1446,7 @@
1266
1446
  },
1267
1447
  "newPassword": {
1268
1448
  "type": "string",
1269
- "description": "New password\n\nValidation:\n- Must be a string\n- Min 8 characters (security requirement)\n- Max 128 characters (prevents DoS via bcrypt)\n\nNote: NOT trimmed (passwords can have leading/trailing spaces)\n\nAdditional checks in service layer:\n- Password history (prevent reuse of recent passwords)\n- Password strength (if configured)\n- Not same as old password"
1449
+ "description": "New password\n\nValidation:\n- Must be a string\n- Min 8 characters (security requirement)\n- Max 128 characters (prevents DoS via Argon2 hashing)\n\nNote: NOT trimmed (passwords can have leading/trailing spaces)\n\nAdditional checks in service layer:\n- Password history (prevent reuse of recent passwords)\n- Password strength (if configured)\n- Not same as old password"
1270
1450
  }
1271
1451
  },
1272
1452
  "required": [
@@ -1382,6 +1562,50 @@
1382
1562
  "additionalProperties": false,
1383
1563
  "description": "Confirm Forgot Password Response DTO\n\nResponse for a confirmed password reset."
1384
1564
  },
1565
+ "CreateApiKeyDTO": {
1566
+ "type": "object",
1567
+ "properties": {
1568
+ "name": {
1569
+ "type": "string",
1570
+ "description": "User-friendly label for the key (optional)\n\nValidation:\n- Max 255 characters\n\nSanitization:\n- Trimmed"
1571
+ },
1572
+ "expiresInDays": {
1573
+ "type": [
1574
+ "number",
1575
+ "null"
1576
+ ],
1577
+ "description": "Key expiry in days, or `null` for a key that never expires\n\nThis field is mandatory at creation. The service rejects the request when it is omitted (`API_KEY_EXPIRY_REQUIRED`), when `null` is used but indefinite keys are disallowed (`API_KEY_INDEFINITE_NOT_ALLOWED`), or when it exceeds the configured maximum (`API_KEY_EXPIRY_TOO_LONG`).\n\nValidation:\n- When provided and not null: positive integer"
1578
+ },
1579
+ "allowedIps": {
1580
+ "type": "array",
1581
+ "items": {
1582
+ "type": "string"
1583
+ },
1584
+ "description": "Allowed source IPs / CIDR ranges for this key (optional)\n\nWhen omitted or empty, the key may be used from any IP. Each entry must be a valid IPv4/IPv6 address or CIDR range (validated in the service layer).\n\nValidation:\n- Array of strings, max 100 entries at the DTO layer (per-key cap enforced by config)"
1585
+ }
1586
+ },
1587
+ "additionalProperties": false,
1588
+ "description": "DTO for creating an API key (user self-service)\n\nSecurity:\n- Expiry is explicit and mandatory (enforced in the service layer): provide a positive number of days, or `null` for a never-expiring key (only allowed when `apiKeys.allowIndefinite` is true).\n- Optional per-key IP allowlist restricts which source IPs may use the key.\n\nNote: The owning user is derived from the authenticated request, never from the body."
1589
+ },
1590
+ "CreateApiKeyResponseDTO": {
1591
+ "type": "object",
1592
+ "properties": {
1593
+ "key": {
1594
+ "type": "string",
1595
+ "description": "The full plaintext API key (shown once)\n\nSecurity: Never stored in plaintext. Deliver securely to the consumer."
1596
+ },
1597
+ "apiKey": {
1598
+ "$ref": "#/components/schemas/ApiKeyResponseDTO",
1599
+ "description": "Sanitized metadata for the created key"
1600
+ }
1601
+ },
1602
+ "required": [
1603
+ "key",
1604
+ "apiKey"
1605
+ ],
1606
+ "additionalProperties": false,
1607
+ "description": "Response returned once when a key is created\n\nThe plaintext `key` is shown only here and never again — the caller must store it securely."
1608
+ },
1385
1609
  "DateFilterDTO": {
1386
1610
  "type": "object",
1387
1611
  "properties": {
@@ -1409,6 +1633,20 @@
1409
1633
  "additionalProperties": false,
1410
1634
  "description": "Date filter with operator support\n\nSupports gt (greater than), gte (greater than or equal), lt (less than), lte (less than or equal), eq (equal) operators for date comparisons."
1411
1635
  },
1636
+ "DeleteApiKeyDTO": {
1637
+ "type": "object",
1638
+ "properties": {
1639
+ "keyId": {
1640
+ "type": "string",
1641
+ "description": "External key identifier (UUID v4)"
1642
+ }
1643
+ },
1644
+ "required": [
1645
+ "keyId"
1646
+ ],
1647
+ "additionalProperties": false,
1648
+ "description": "DTO for permanently deleting an API key"
1649
+ },
1412
1650
  "DeleteUserDTO": {
1413
1651
  "type": "object",
1414
1652
  "properties": {
@@ -3106,7 +3344,7 @@
3106
3344
  },
3107
3345
  "newPassword": {
3108
3346
  "type": "string",
3109
- "description": "New password\n\nValidation:\n- Must be a string\n- Min 8 characters (security requirement)\n- Max 128 characters (prevents DoS via bcrypt)\n\nNote: NOT trimmed (passwords can have leading/trailing spaces) Additional checks in service layer:\n- Password strength (if configured)\n- Password history (prevent reuse)"
3347
+ "description": "New password\n\nValidation:\n- Must be a string\n- Min 8 characters (security requirement)\n- Max 128 characters (prevents DoS via Argon2 hashing)\n\nNote: NOT trimmed (passwords can have leading/trailing spaces) Additional checks in service layer:\n- Password strength (if configured)\n- Password history (prevent reuse)"
3110
3348
  }
3111
3349
  },
3112
3350
  "required": [
@@ -3154,7 +3392,7 @@
3154
3392
  },
3155
3393
  "newPassword": {
3156
3394
  "type": "string",
3157
- "description": "New password Required for FORCE_CHANGE_PASSWORD challenge\n\nValidation:\n- Must be a string\n- Min 8 characters (security requirement)\n- Max 128 characters (prevents DoS via bcrypt)\n\nNote: NOT trimmed (passwords can have leading/trailing spaces)"
3395
+ "description": "New password Required for FORCE_CHANGE_PASSWORD challenge\n\nValidation:\n- Must be a string\n- Min 8 characters (security requirement)\n- Max 128 characters (prevents DoS via Argon2 hashing)\n\nNote: NOT trimmed (passwords can have leading/trailing spaces)"
3158
3396
  },
3159
3397
  "method": {
3160
3398
  "$ref": "#/components/schemas/MFAMethodType",
@@ -3180,6 +3418,20 @@
3180
3418
  "additionalProperties": false,
3181
3419
  "description": "Unified DTO for responding to authentication challenges\n\nUses conditional validation (@ValidateIf) to validate fields based on challenge type. This ensures proper validation while maintaining a single endpoint for all challenge types.\n\nSecurity:\n- All strings have max length constraints matching DB limits\n- Phone numbers validated against E.164 format (prevents SQL injection)\n- Verification codes validated for length (4-10 chars)\n- Passwords validated for strength requirements\n- Session tokens validated as UUID v4 format (prevents injection)"
3182
3420
  },
3421
+ "RevokeApiKeyDTO": {
3422
+ "type": "object",
3423
+ "properties": {
3424
+ "keyId": {
3425
+ "type": "string",
3426
+ "description": "External key identifier (UUID v4)"
3427
+ }
3428
+ },
3429
+ "required": [
3430
+ "keyId"
3431
+ ],
3432
+ "additionalProperties": false,
3433
+ "description": "DTO for revoking an API key (soft delete)"
3434
+ },
3183
3435
  "SendVerificationEmailDTO": {
3184
3436
  "type": "object",
3185
3437
  "properties": {
@@ -3476,7 +3728,7 @@
3476
3728
  },
3477
3729
  "password": {
3478
3730
  "type": "string",
3479
- "description": "User password\n\nValidation:\n- Min 8 characters\n- Max 128 characters (prevents DoS via bcrypt)\n- Additional policy checks in service layer\n\nNote: NOT trimmed (passwords can have leading/trailing spaces)"
3731
+ "description": "User password\n\nValidation:\n- Min 8 characters\n- Max 128 characters (prevents DoS via Argon2 hashing)\n- Additional policy checks in service layer\n\nNote: NOT trimmed (passwords can have leading/trailing spaces)"
3480
3732
  },
3481
3733
  "username": {
3482
3734
  "type": "string",
@@ -3762,6 +4014,31 @@
3762
4014
  "additionalProperties": false,
3763
4015
  "description": "Response DTO for unlinkSocialAccount"
3764
4016
  },
4017
+ "UpdateApiKeyDTO": {
4018
+ "type": "object",
4019
+ "properties": {
4020
+ "keyId": {
4021
+ "type": "string",
4022
+ "description": "External key identifier (UUID v4)"
4023
+ },
4024
+ "name": {
4025
+ "type": "string",
4026
+ "description": "New label for the key (optional)"
4027
+ },
4028
+ "allowedIps": {
4029
+ "type": "array",
4030
+ "items": {
4031
+ "type": "string"
4032
+ },
4033
+ "description": "Replacement IP allowlist (optional)\n\nPass an empty array to clear restrictions (open to any IP)."
4034
+ }
4035
+ },
4036
+ "required": [
4037
+ "keyId"
4038
+ ],
4039
+ "additionalProperties": false,
4040
+ "description": "DTO for updating an API key (user self-service)\n\nOnly the label and IP allowlist are mutable. The secret and expiry are immutable — to rotate or extend a key, delete it and create a new one."
4041
+ },
3765
4042
  "UpdateUserAttributesDTO": {
3766
4043
  "type": "object",
3767
4044
  "additionalProperties": false,
@@ -78,6 +78,14 @@ export interface NAuthRequestAttributes {
78
78
  nauthTokenDeliveryOverride?: 'json' | 'cookies';
79
79
  /** Require reCAPTCHA validation for this route (set by @RequireRecaptcha()) */
80
80
  nauthRequireRecaptcha?: boolean;
81
+ /** Request was authenticated via an API key (set by ApiKeyHandler / AuthGuard) */
82
+ nauthApiKeyAuth?: boolean;
83
+ /** External identifier of the API key used to authenticate (when nauthApiKeyAuth is true) */
84
+ nauthApiKeyId?: string;
85
+ /** Route opts in to accepting API-key auth (set by allowApiKey() / @AllowApiKey()) */
86
+ nauthAllowApiKey?: boolean;
87
+ /** Route opts out of API-key auth — takes precedence (set by denyApiKey() / @DenyApiKey()) */
88
+ nauthDenyApiKey?: boolean;
81
89
  /** Allow arbitrary string keys for extensibility */
82
90
  [key: string]: unknown;
83
91
  }
@@ -1 +1 @@
1
- {"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../../src/platform/interfaces.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B,oEAAoE;IACpE,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAExB,gEAAgE;IAChE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB,8CAA8C;IAC9C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IAErB,2CAA2C;IAC3C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEvC,2BAA2B;IAC3B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAExC,oDAAoD;IACpD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAExC,oCAAoC;IACpC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IAEhE,qBAAqB;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IAErD,wBAAwB;IACxB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,EAAE,sBAAsB,CAAC;IAE5C;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;IAEtB;;;;;OAKG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CAC7C;AAED;;;;GAIG;AACH,MAAM,WAAW,sBAAsB;IACrC,sDAAsD;IACtD,IAAI,CAAC,EAAE,OAAO,CAAC;IAEf,uCAAuC;IACvC,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,iDAAiD;IACjD,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB,6CAA6C;IAC7C,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,qCAAqC;IACrC,cAAc,CAAC,EAAE,KAAK,CAAC;IAEvB,mCAAmC;IACnC,kBAAkB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAExC,oFAAoF;IACpF,0BAA0B,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAEhD,+EAA+E;IAC/E,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAEhC,oDAAoD;IACpD,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAMD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;IAC/C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,IAAI,CAAC;IACf;;;OAGG;IACH,QAAQ,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CACtC;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;OAIG;IACH,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;IAEtB;;;;;OAKG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IAE3B;;;;;;OAMG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,IAAI,CAAC;IAErD;;;;;;;OAOG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAE3E;;;;;;OAMG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAE9D;;;;OAIG;IACH,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;IAE1B;;;;OAIG;IACH,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;IAE1B;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAE7C;;;;OAIG;IACH,MAAM,IAAI,OAAO,CAAC;CACnB;AAMD;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG,CACnC,GAAG,EAAE,YAAY,EACjB,GAAG,EAAE,aAAa,EAClB,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,KAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAE1B;;GAEG;AACH,MAAM,MAAM,+BAA+B,GAAG,CAC5C,GAAG,EAAE,YAAY,EACjB,GAAG,EAAE,aAAa,EAClB,IAAI,EAAE,OAAO,KACV,OAAO,CAAC,OAAO,CAAC,CAAC;AAEtB;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAAC,CAAC,GAAG,OAAO,IAAI,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;AAEvG;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;;;;;;;;;;OAaG;IACH,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,sBAAsB,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,OAAO,CAAC;IAExG;;;;;;;;OAQG;IACH,2BAA2B,CAAC,OAAO,EAAE,+BAA+B,GAAG,OAAO,CAAC;IAE/E;;;;;;;;;;OAUG;IACH,gBAAgB,CAAC,CAAC,EAAE,OAAO,EAAE,iBAAiB,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC;IAE5D;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;OAGG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B"}
1
+ {"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../../src/platform/interfaces.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B,oEAAoE;IACpE,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAExB,gEAAgE;IAChE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB,8CAA8C;IAC9C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IAErB,2CAA2C;IAC3C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEvC,2BAA2B;IAC3B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAExC,oDAAoD;IACpD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAExC,oCAAoC;IACpC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IAEhE,qBAAqB;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IAErD,wBAAwB;IACxB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,EAAE,sBAAsB,CAAC;IAE5C;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;IAEtB;;;;;OAKG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CAC7C;AAED;;;;GAIG;AACH,MAAM,WAAW,sBAAsB;IACrC,sDAAsD;IACtD,IAAI,CAAC,EAAE,OAAO,CAAC;IAEf,uCAAuC;IACvC,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,iDAAiD;IACjD,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB,6CAA6C;IAC7C,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,qCAAqC;IACrC,cAAc,CAAC,EAAE,KAAK,CAAC;IAEvB,mCAAmC;IACnC,kBAAkB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAExC,oFAAoF;IACpF,0BAA0B,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAEhD,+EAA+E;IAC/E,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAEhC,kFAAkF;IAClF,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B,6FAA6F;IAC7F,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,sFAAsF;IACtF,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B,8FAA8F;IAC9F,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B,oDAAoD;IACpD,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAMD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;IAC/C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,IAAI,CAAC;IACf;;;OAGG;IACH,QAAQ,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CACtC;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;OAIG;IACH,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;IAEtB;;;;;OAKG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IAE3B;;;;;;OAMG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,IAAI,CAAC;IAErD;;;;;;;OAOG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAE3E;;;;;;OAMG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAE9D;;;;OAIG;IACH,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;IAE1B;;;;OAIG;IACH,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;IAE1B;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAE7C;;;;OAIG;IACH,MAAM,IAAI,OAAO,CAAC;CACnB;AAMD;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG,CACnC,GAAG,EAAE,YAAY,EACjB,GAAG,EAAE,aAAa,EAClB,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,KAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAE1B;;GAEG;AACH,MAAM,MAAM,+BAA+B,GAAG,CAC5C,GAAG,EAAE,YAAY,EACjB,GAAG,EAAE,aAAa,EAClB,IAAI,EAAE,OAAO,KACV,OAAO,CAAC,OAAO,CAAC,CAAC;AAEtB;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAAC,CAAC,GAAG,OAAO,IAAI,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;AAEvG;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;;;;;;;;;;OAaG;IACH,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,sBAAsB,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,OAAO,CAAC;IAExG;;;;;;;;OAQG;IACH,2BAA2B,CAAC,OAAO,EAAE,+BAA+B,GAAG,OAAO,CAAC;IAE/E;;;;;;;;;;OAUG;IACH,gBAAgB,CAAC,CAAC,EAAE,OAAO,EAAE,iBAAiB,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC;IAE5D;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;OAGG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B"}