@nauth-toolkit/database-typeorm-postgres 0.1.107 → 0.1.109
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/entities/mfa-device.entity.d.ts +2 -2
- package/dist/entities/mfa-device.entity.js +4 -4
- package/dist/entities/mfa-device.entity.js.map +1 -1
- package/dist/migrations/1769212800000-AllowMultipleMFADevices.d.ts +19 -0
- package/dist/migrations/1769212800000-AllowMultipleMFADevices.d.ts.map +1 -0
- package/dist/migrations/1769212800000-AllowMultipleMFADevices.js +57 -0
- package/dist/migrations/1769212800000-AllowMultipleMFADevices.js.map +1 -0
- package/dist/migrations/index.d.ts.map +1 -1
- package/dist/migrations/index.js +6 -1
- package/dist/migrations/index.js.map +1 -1
- package/package.json +2 -2
|
@@ -7,8 +7,8 @@ import { User } from './user.entity';
|
|
|
7
7
|
* All field definitions and business logic are in the base class.
|
|
8
8
|
*
|
|
9
9
|
* **Database Integrity:**
|
|
10
|
-
* -
|
|
11
|
-
* -
|
|
10
|
+
* - Multiple devices per method are allowed (e.g., multiple TOTP apps, multiple passkeys).
|
|
11
|
+
* - Passkeys are de-duplicated by unique constraint on (userId, type, credentialId).
|
|
12
12
|
*/
|
|
13
13
|
export declare class MFADevice extends BaseMFADevice {
|
|
14
14
|
id: number;
|
|
@@ -20,8 +20,8 @@ const user_entity_1 = require("./user.entity");
|
|
|
20
20
|
* All field definitions and business logic are in the base class.
|
|
21
21
|
*
|
|
22
22
|
* **Database Integrity:**
|
|
23
|
-
* -
|
|
24
|
-
* -
|
|
23
|
+
* - Multiple devices per method are allowed (e.g., multiple TOTP apps, multiple passkeys).
|
|
24
|
+
* - Passkeys are de-duplicated by unique constraint on (userId, type, credentialId).
|
|
25
25
|
*/
|
|
26
26
|
let MFADevice = class MFADevice extends core_1.BaseMFADevice {
|
|
27
27
|
user;
|
|
@@ -57,7 +57,7 @@ __decorate([
|
|
|
57
57
|
__metadata("design:type", Object)
|
|
58
58
|
], MFADevice.prototype, "phoneNumber", void 0);
|
|
59
59
|
__decorate([
|
|
60
|
-
(0, typeorm_1.Column)({ type: '
|
|
60
|
+
(0, typeorm_1.Column)({ type: 'varchar', length: 512, nullable: true }),
|
|
61
61
|
__metadata("design:type", Object)
|
|
62
62
|
], MFADevice.prototype, "credentialId", void 0);
|
|
63
63
|
__decorate([
|
|
@@ -105,6 +105,6 @@ exports.MFADevice = MFADevice = __decorate([
|
|
|
105
105
|
(0, typeorm_1.Index)(['userId']),
|
|
106
106
|
(0, typeorm_1.Index)(['type']),
|
|
107
107
|
(0, typeorm_1.Index)(['isActive']),
|
|
108
|
-
(0, typeorm_1.Unique)('
|
|
108
|
+
(0, typeorm_1.Unique)('uq_mfa_device_user_type_credential', ['userId', 'type', 'credentialId'])
|
|
109
109
|
], MFADevice);
|
|
110
110
|
//# sourceMappingURL=mfa-device.entity.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mfa-device.entity.js","sourceRoot":"","sources":["../../src/entities/mfa-device.entity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAUiB;AACjB,8CAAqE;AACrE,+CAAqC;AAErC;;;;;;;;;GASG;AAMI,IAAM,SAAS,GAAf,MAAM,SAAU,SAAQ,oBAAa;IAM1C,IAAI,CAAQ;CAiDb,CAAA;AAvDY,8BAAS;AAEZ;IADP,IAAA,gCAAsB,GAAE;;qCACN;AAInB;IAFC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,kBAAI,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAC9C,IAAA,oBAAU,EAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;8BACxB,kBAAI;uCAAC;AAGJ;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;;yCACD;AAGf;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;;uCACV;AAGtB;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;;uCACpB;AAGb;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;yCACV;AAGvB;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;8CACpB;AAG5B;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;+
|
|
1
|
+
{"version":3,"file":"mfa-device.entity.js","sourceRoot":"","sources":["../../src/entities/mfa-device.entity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAUiB;AACjB,8CAAqE;AACrE,+CAAqC;AAErC;;;;;;;;;GASG;AAMI,IAAM,SAAS,GAAf,MAAM,SAAU,SAAQ,oBAAa;IAM1C,IAAI,CAAQ;CAiDb,CAAA;AAvDY,8BAAS;AAEZ;IADP,IAAA,gCAAsB,GAAE;;qCACN;AAInB;IAFC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,kBAAI,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAC9C,IAAA,oBAAU,EAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;8BACxB,kBAAI;uCAAC;AAGJ;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;;yCACD;AAGf;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;;uCACV;AAGtB;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;;uCACpB;AAGb;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;yCACV;AAGvB;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;8CACpB;AAG5B;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;+CACpB;AAG7B;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;4CACP;AAG1B;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;0CACR;AAGxB;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;6CACZ;AAG7B;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;;2CACjB;AAGlB;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;;4CACjB;AAGnB;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;6CACf;AAGzB;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;;6CACT;AAGnB;IADP,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;2CACQ;AAG1C;IADP,IAAA,0BAAgB,EAAC,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;8BACvB,IAAI;4CAAC;AAGhB;IADP,IAAA,0BAAgB,EAAC,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;8BACvB,IAAI;4CAAC;oBAtDb,SAAS;IALrB,IAAA,gBAAM,EAAC,mBAAmB,CAAC;IAC3B,IAAA,eAAK,EAAC,CAAC,QAAQ,CAAC,CAAC;IACjB,IAAA,eAAK,EAAC,CAAC,MAAM,CAAC,CAAC;IACf,IAAA,eAAK,EAAC,CAAC,UAAU,CAAC,CAAC;IACnB,IAAA,gBAAM,EAAC,oCAAoC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;GACpE,SAAS,CAuDrB"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { MigrationInterface, QueryRunner } from 'typeorm';
|
|
2
|
+
/**
|
|
3
|
+
* Allow multiple MFA devices per method (PostgreSQL).
|
|
4
|
+
*
|
|
5
|
+
* WHY:
|
|
6
|
+
* - Users may enroll multiple devices for the same MFA method (e.g., multiple TOTP authenticators
|
|
7
|
+
* and multiple passkeys) for redundancy.
|
|
8
|
+
* - We retain passkey de-duplication by enforcing uniqueness on (userId, type, credentialId).
|
|
9
|
+
*
|
|
10
|
+
* Notes:
|
|
11
|
+
* - `credentialId` is populated only for passkey devices.
|
|
12
|
+
* - Unique constraints treat NULL values as distinct, so non-passkey methods remain unaffected.
|
|
13
|
+
*/
|
|
14
|
+
export declare class AllowMultipleMFADevices1769212800000 implements MigrationInterface {
|
|
15
|
+
name: string;
|
|
16
|
+
up(queryRunner: QueryRunner): Promise<void>;
|
|
17
|
+
down(queryRunner: QueryRunner): Promise<void>;
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=1769212800000-AllowMultipleMFADevices.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"1769212800000-AllowMultipleMFADevices.d.ts","sourceRoot":"","sources":["../../src/migrations/1769212800000-AllowMultipleMFADevices.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE1D;;;;;;;;;;;GAWG;AACH,qBAAa,oCAAqC,YAAW,kBAAkB;IAC7E,IAAI,SAA0C;IAEjC,EAAE,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IA0B3C,IAAI,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;CAgB3D"}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AllowMultipleMFADevices1769212800000 = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Allow multiple MFA devices per method (PostgreSQL).
|
|
6
|
+
*
|
|
7
|
+
* WHY:
|
|
8
|
+
* - Users may enroll multiple devices for the same MFA method (e.g., multiple TOTP authenticators
|
|
9
|
+
* and multiple passkeys) for redundancy.
|
|
10
|
+
* - We retain passkey de-duplication by enforcing uniqueness on (userId, type, credentialId).
|
|
11
|
+
*
|
|
12
|
+
* Notes:
|
|
13
|
+
* - `credentialId` is populated only for passkey devices.
|
|
14
|
+
* - Unique constraints treat NULL values as distinct, so non-passkey methods remain unaffected.
|
|
15
|
+
*/
|
|
16
|
+
class AllowMultipleMFADevices1769212800000 {
|
|
17
|
+
name = 'AllowMultipleMFADevices1769212800000';
|
|
18
|
+
async up(queryRunner) {
|
|
19
|
+
// ============================================================================
|
|
20
|
+
// Drop legacy unique constraint (single device per method per user)
|
|
21
|
+
// ============================================================================
|
|
22
|
+
await queryRunner.query(`
|
|
23
|
+
ALTER TABLE "nauth_mfa_devices"
|
|
24
|
+
DROP CONSTRAINT IF EXISTS "uq_mfa_device_user_type"
|
|
25
|
+
`);
|
|
26
|
+
// ============================================================================
|
|
27
|
+
// Ensure credentialId is bounded and indexable across adapters
|
|
28
|
+
// ============================================================================
|
|
29
|
+
await queryRunner.query(`
|
|
30
|
+
ALTER TABLE "nauth_mfa_devices"
|
|
31
|
+
ALTER COLUMN "credentialId" TYPE character varying(512)
|
|
32
|
+
`);
|
|
33
|
+
// ============================================================================
|
|
34
|
+
// Add passkey-safe uniqueness (prevents duplicate credential registration)
|
|
35
|
+
// ============================================================================
|
|
36
|
+
await queryRunner.query(`
|
|
37
|
+
ALTER TABLE "nauth_mfa_devices"
|
|
38
|
+
ADD CONSTRAINT "uq_mfa_device_user_type_credential" UNIQUE ("userId", "type", "credentialId")
|
|
39
|
+
`);
|
|
40
|
+
}
|
|
41
|
+
async down(queryRunner) {
|
|
42
|
+
await queryRunner.query(`
|
|
43
|
+
ALTER TABLE "nauth_mfa_devices"
|
|
44
|
+
DROP CONSTRAINT IF EXISTS "uq_mfa_device_user_type_credential"
|
|
45
|
+
`);
|
|
46
|
+
await queryRunner.query(`
|
|
47
|
+
ALTER TABLE "nauth_mfa_devices"
|
|
48
|
+
ALTER COLUMN "credentialId" TYPE text
|
|
49
|
+
`);
|
|
50
|
+
await queryRunner.query(`
|
|
51
|
+
ALTER TABLE "nauth_mfa_devices"
|
|
52
|
+
ADD CONSTRAINT "uq_mfa_device_user_type" UNIQUE ("userId", "type")
|
|
53
|
+
`);
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
exports.AllowMultipleMFADevices1769212800000 = AllowMultipleMFADevices1769212800000;
|
|
57
|
+
//# sourceMappingURL=1769212800000-AllowMultipleMFADevices.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"1769212800000-AllowMultipleMFADevices.js","sourceRoot":"","sources":["../../src/migrations/1769212800000-AllowMultipleMFADevices.ts"],"names":[],"mappings":";;;AAEA;;;;;;;;;;;GAWG;AACH,MAAa,oCAAoC;IAC/C,IAAI,GAAG,sCAAsC,CAAC;IAEvC,KAAK,CAAC,EAAE,CAAC,WAAwB;QACtC,+EAA+E;QAC/E,oEAAoE;QACpE,+EAA+E;QAC/E,MAAM,WAAW,CAAC,KAAK,CAAC;;;KAGvB,CAAC,CAAC;QAEH,+EAA+E;QAC/E,+DAA+D;QAC/D,+EAA+E;QAC/E,MAAM,WAAW,CAAC,KAAK,CAAC;;;KAGvB,CAAC,CAAC;QAEH,+EAA+E;QAC/E,2EAA2E;QAC3E,+EAA+E;QAC/E,MAAM,WAAW,CAAC,KAAK,CAAC;;;KAGvB,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,WAAwB;QACxC,MAAM,WAAW,CAAC,KAAK,CAAC;;;KAGvB,CAAC,CAAC;QAEH,MAAM,WAAW,CAAC,KAAK,CAAC;;;KAGvB,CAAC,CAAC;QAEH,MAAM,WAAW,CAAC,KAAK,CAAC;;;KAGvB,CAAC,CAAC;IACL,CAAC;CACF;AA7CD,oFA6CC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/migrations/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/migrations/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAKlD,MAAM,MAAM,oBAAoB,GAAG;IAAE,QAAQ,kBAAkB,CAAA;CAAE,CAAC;AAElE;;GAEG;AACH,eAAO,MAAM,UAAU,EAAE,oBAAoB,EAI5C,CAAC"}
|
package/dist/migrations/index.js
CHANGED
|
@@ -3,8 +3,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.migrations = void 0;
|
|
4
4
|
const _1734600000000_Initial_1 = require("./1734600000000-Initial");
|
|
5
5
|
const _1766480775000_AddSocialProviderSecrets_1 = require("./1766480775000-AddSocialProviderSecrets");
|
|
6
|
+
const _1769212800000_AllowMultipleMFADevices_1 = require("./1769212800000-AllowMultipleMFADevices");
|
|
6
7
|
/**
|
|
7
8
|
* Adapter-owned migrations for @nauth-toolkit/database-typeorm-postgres
|
|
8
9
|
*/
|
|
9
|
-
exports.migrations = [
|
|
10
|
+
exports.migrations = [
|
|
11
|
+
_1734600000000_Initial_1.Initial1734600000000,
|
|
12
|
+
_1766480775000_AddSocialProviderSecrets_1.AddSocialProviderSecrets1766480775000,
|
|
13
|
+
_1769212800000_AllowMultipleMFADevices_1.AllowMultipleMFADevices1769212800000,
|
|
14
|
+
];
|
|
10
15
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/migrations/index.ts"],"names":[],"mappings":";;;AACA,oEAA+D;AAC/D,sGAAiG;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/migrations/index.ts"],"names":[],"mappings":";;;AACA,oEAA+D;AAC/D,sGAAiG;AACjG,oGAA+F;AAI/F;;GAEG;AACU,QAAA,UAAU,GAA2B;IAChD,6CAAoB;IACpB,+EAAqC;IACrC,6EAAoC;CACrC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nauth-toolkit/database-typeorm-postgres",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.109",
|
|
4
4
|
"description": "PostgreSQL TypeORM adapter for nauth-toolkit",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
"format:check": "prettier --check \"src/**/*.ts\""
|
|
15
15
|
},
|
|
16
16
|
"peerDependencies": {
|
|
17
|
-
"@nauth-toolkit/core": "^0.1.
|
|
17
|
+
"@nauth-toolkit/core": "^0.1.109",
|
|
18
18
|
"typeorm": "^0.3.20",
|
|
19
19
|
"pg": "^8.0.0"
|
|
20
20
|
},
|