@nauth-toolkit/nestjs 0.1.13 → 0.1.17

package/dist/interceptors/cookie-token.interceptor.js

@@ -20,6 +20,22 @@ const core_2 = require("@nauth-toolkit/core");
 const internal_1 = require("@nauth-toolkit/core/internal");
 const token_delivery_decorator_1 = require("../decorators/token-delivery.decorator");
 const csrf_service_1 = require("../services/csrf.service");
+/**
+ * Cookie Token Interceptor
+ *
+ * Automatically sets JWT tokens as httpOnly cookies for HTTP responses when
+ * token delivery mode is configured as 'cookies' or 'hybrid'.
+ *
+ * Security defaults:
+ * - Cookie names prefixed with 'nauth_' to avoid conflicts: 'nauth_access_token', 'nauth_refresh_token'
+ * - httpOnly: true (always)
+ * - secure: true (configurable via cookieOptions.secure)
+ * - sameSite: 'strict' (configurable via cookieOptions.sameSite)
+ * - path: '/' (configurable via cookieOptions.path)
+ *
+ * This interceptor is transport-aware and only applies to HTTP requests.
+ * It does nothing in other contexts (e.g., WebSocket, GraphQL).
+ */
 let CookieTokenInterceptor = class CookieTokenInterceptor {
     config;
     jwtService;
@@ -32,6 +48,7 @@ let CookieTokenInterceptor = class CookieTokenInterceptor {
         this.csrfService = csrfService;
     }
     intercept(context, next) {
+        // Only operate in HTTP context
         if (context.getType() !== 'http') {
             return next.handle();
         }
@@ -39,17 +56,23 @@ let CookieTokenInterceptor = class CookieTokenInterceptor {
         const http = context.switchToHttp();
         const req = http.getRequest();
         const res = http.getResponse();
+        // Determine effective delivery for this request
         const routeMode = this.reflector.get(token_delivery_decorator_1.TOKEN_DELIVERY_KEY, context.getHandler());
         const method = deliveryConfig?.method || 'json';
+        // Validate route-level delivery mode against global configuration
         if (routeMode === 'cookies') {
+            // Route requests cookies - config must allow cookies (cookies or hybrid)
             if (method === 'json') {
                 throw new core_2.NAuthException(core_2.AuthErrorCode.COOKIES_NOT_ALLOWED, "Route-level cookie delivery requested, but tokenDelivery.method is 'json' (cookies disabled)");
             }
+            // method === 'cookies' or 'hybrid' - both allow cookies, so OK
         }
         else if (routeMode === 'json') {
+            // Route requests JSON - config must allow JSON (json or hybrid)
             if (method === 'cookies') {
                 throw new core_2.NAuthException(core_2.AuthErrorCode.BEARER_NOT_ALLOWED, "Route-level JSON delivery requested, but tokenDelivery.method is 'cookies' (JSON/Bearer tokens disabled)");
             }
+            // method === 'json' or 'hybrid' - both allow JSON, so OK
         }
         let effective = 'json';
         if (routeMode) {
@@ -65,24 +88,54 @@ let CookieTokenInterceptor = class CookieTokenInterceptor {
             effective = 'json';
         }
         return next.handle().pipe((0, operators_1.map)((data) => {
-            const hasDeviceTokenOnly = data && 'deviceToken' in data && !('accessToken' in data);
-            const hasAccessToken = data && 'accessToken' in data && data.accessToken;
-            if (!data || (!hasAccessToken && !hasDeviceTokenOnly)) {
+            // ============================================================================
+            // Safety: Only process object responses
+            // ============================================================================
+            // Some consumer endpoints (e.g. health checks) legitimately return primitives
+            // like strings. The `in` operator throws on non-objects, so we must no-op.
+            if (!data || typeof data !== 'object' || Array.isArray(data)) {
                 return data;
             }
+            const responseData = data;
+            const record = data;
+            // Handle trust-device endpoint which returns only deviceToken
+            const hasDeviceTokenOnly = 'deviceToken' in record && !('accessToken' in record) && typeof responseData.deviceToken === 'string';
+            const hasAccessToken = 'accessToken' in record && typeof responseData.accessToken === 'string' && !!responseData.accessToken;
+            // Only process responses that include tokens OR deviceToken
+            if (!hasAccessToken && !hasDeviceTokenOnly) {
+                return responseData;
+            }
+            // Smart default cookie options
             const opt = deliveryConfig?.cookieOptions;
+            // Cookie domain handling:
+            // - undefined: Cookie set for exact host:port (e.g., localhost:3000)
+            //   For cross-port requests (localhost:4200 → localhost:3000), cookies work IF:
+            //   - Frontend sends withCredentials: true
+            //   - Backend CORS allows credentials
+            //   - SameSite allows cross-site requests (e.g., 'lax' or 'none')
+            //
+            // - 'localhost' or '.localhost': Some browsers accept this, others reject it
+            //   Modern browsers generally allow 'localhost' without domain attribute
+            //
+            // - '.example.com': For production cross-subdomain sharing
+            //   Allows cookies set by api.example.com to be sent from app.example.com
             const cookieOptions = {
                 httpOnly: true,
-                secure: opt?.secure !== false,
+                secure: opt?.secure !== false, // default true
                 sameSite: (opt?.sameSite || 'strict'),
                 path: opt?.path || '/',
             };
+            // Include domain if provided (browsers handle localhost differently - some accept, some reject)
+            // For cross-port testing (like Cognito), omitting domain works with sameSite: 'lax' or 'none'
             if (opt?.domain) {
                 cookieOptions.domain = opt.domain;
             }
+            // Derive expiry strictly from JWT claims (no fallback)
+            // We decode here (signature already trusted as tokens are freshly issued);
+            // full validation and blacklist checks happen in the AuthGuard on subsequent requests.
             let accessTokenMaxAgeMs = 0;
-            if (hasAccessToken && 'accessToken' in data && data.accessToken) {
-                const accessPayload = this.jwtService.decodeToken(data.accessToken);
+            if (hasAccessToken && responseData.accessToken) {
+                const accessPayload = this.jwtService.decodeToken(responseData.accessToken);
                 if (!accessPayload?.exp) {
                     throw new core_2.NAuthException(core_2.AuthErrorCode.TOKEN_INVALID, 'Access token missing or invalid exp claim; refusing to set cookies');
                 }
@@ -100,15 +153,16 @@ let CookieTokenInterceptor = class CookieTokenInterceptor {
                     res.setCookie(name, value, options);
                 }
             };
-            if (effective === 'cookies' && hasAccessToken && 'accessToken' in data && data.accessToken) {
+            // Set cookies only when effective is 'cookies'
+            if (effective === 'cookies' && hasAccessToken && responseData.accessToken) {
                 const accessTokenCookieName = (0, core_2.getAccessTokenCookieName)(this.config);
-                setCookie(accessTokenCookieName, data.accessToken, {
+                setCookie(accessTokenCookieName, responseData.accessToken, {
                     ...cookieOptions,
                     maxAge: accessTokenMaxAgeMs,
                 });
             }
-            if ('refreshToken' in data && data.refreshToken && effective === 'cookies') {
-                const refreshPayload = this.jwtService.decodeToken(data.refreshToken);
+            if (typeof responseData.refreshToken === 'string' && responseData.refreshToken && effective === 'cookies') {
+                const refreshPayload = this.jwtService.decodeToken(responseData.refreshToken);
                 if (!refreshPayload?.exp) {
                     throw new core_2.NAuthException(core_2.AuthErrorCode.TOKEN_INVALID, 'Refresh token missing or invalid exp claim; refusing to set cookies');
                 }
@@ -118,38 +172,48 @@ let CookieTokenInterceptor = class CookieTokenInterceptor {
                     throw new core_2.NAuthException(core_2.AuthErrorCode.TOKEN_INVALID, 'Refresh token already expired; refusing to set cookies');
                 }
                 const refreshTokenCookieName = (0, core_2.getRefreshTokenCookieName)(this.config);
-                setCookie(refreshTokenCookieName, data.refreshToken, {
+                setCookie(refreshTokenCookieName, responseData.refreshToken, {
                     ...cookieOptions,
                     maxAge: refreshTokenMaxAgeMs,
                 });
             }
-            if ('deviceToken' in data && data.deviceToken && effective === 'cookies') {
+            // Set device token cookie for trusted device feature (web)
+            // Only set cookie when deviceToken is present and effective is cookies
+            // (hybrid mode may resolve to cookies for web origins)
+            if (typeof responseData.deviceToken === 'string' && responseData.deviceToken && effective === 'cookies') {
                 const rememberDeviceDays = this.config.mfa?.rememberDeviceDays || 30;
-                const deviceTokenMaxAgeMs = rememberDeviceDays * 24 * 60 * 60 * 1000;
+                const deviceTokenMaxAgeMs = rememberDeviceDays * 24 * 60 * 60 * 1000; // Convert days to milliseconds
                 const deviceTokenCookieName = (0, core_2.getDeviceTokenCookieName)(this.config);
-                setCookie(deviceTokenCookieName, data.deviceToken, {
+                setCookie(deviceTokenCookieName, responseData.deviceToken, {
                     ...cookieOptions,
                     maxAge: deviceTokenMaxAgeMs,
                 });
             }
+            // Set CSRF token cookie when using cookie-based token delivery
+            // CSRF token is required for state-changing requests to prevent CSRF attacks
             if (effective === 'cookies' && this.csrfService && this.config.security?.csrf) {
                 const csrfToken = this.csrfService.generateToken();
                 const csrfCookieName = this.csrfService.getCookieName();
                 const csrfCookieOptions = this.csrfService.getCookieOptions();
+                // Use same max age as access token for CSRF cookie
+                // This ensures CSRF token expires when access token expires
                 setCookie(csrfCookieName, csrfToken, {
                     ...csrfCookieOptions,
                     maxAge: accessTokenMaxAgeMs > 0 ? accessTokenMaxAgeMs : undefined,
                 });
             }
+            // Strip tokens, deviceToken, and expiration fields only when effective is cookies (strict web path)
+            // Expiration is managed by cookie maxAge, so these fields are not needed
             if (effective === 'cookies') {
                 if (hasDeviceTokenOnly) {
+                    // For trust-device endpoint, return empty object (deviceToken set as cookie)
                     return {};
                 }
-                const authData = data;
+                const authData = responseData;
                 const { accessToken, refreshToken, deviceToken, accessTokenExpiresAt, refreshTokenExpiresAt, ...sanitized } = authData;
                 return sanitized;
             }
-            return data;
+            return responseData;
         }));
     }
 };

package/dist/interceptors/cookie-token.interceptor.js.map

@@ -1 +1 @@
-{"version":3,"file":"cookie-token.interceptor.js","sourceRoot":"","sources":["../../src/interceptors/cookie-token.interceptor.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAoG;AACpG,uCAAyC;AAEzC,8CAAqC;AACrC,8CAU6B;AAC7B,2DAA0D;AAC1D,qFAA2F;AAC3F,2DAAuD;AAmBhD,IAAM,sBAAsB,GAA5B,MAAM,sBAAsB;IAGd;IACA;IACA;IACA;IALnB,YAEmB,MAAmB,EACnB,UAAsB,EACtB,SAAoB,EACpB,WAAyB;QAHzB,WAAM,GAAN,MAAM,CAAa;QACnB,eAAU,GAAV,UAAU,CAAY;QACtB,cAAS,GAAT,SAAS,CAAW;QACpB,gBAAW,GAAX,WAAW,CAAc;IACzC,CAAC;IAEJ,SAAS,CAAC,OAAyB,EAAE,IAAiB;QAEpD,IAAI,OAAO,CAAC,OAAO,EAAE,KAAK,MAAM,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,CAAC;QAED,MAAM,cAAc,GAAoC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;QAClF,MAAM,IAAI,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;QAGpC,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAkB,CAAC;QAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,EAAmB,CAAC;QAGhD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAgB,6CAAkB,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QAC9F,MAAM,MAAM,GAAG,cAAc,EAAE,MAAM,IAAI,MAAM,CAAC;QAGhD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAE5B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;gBACtB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,mBAAmB,EACjC,8FAA8F,CAC/F,CAAC;YACJ,CAAC;QAEH,CAAC;aAAM,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;YAEhC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,kBAAkB,EAChC,0GAA0G,CAC3G,CAAC;YACJ,CAAC;QAEH,CAAC;QAED,IAAI,SAAS,GAAuB,MAAM,CAAC;QAC3C,IAAI,SAAS,EAAE,CAAC;YACd,SAAS,GAAG,SAAS,CAAC;QACxB,CAAC;aAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,SAAS,GAAG,IAAA,gCAAyB,EAAC,GAAG,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;QAC3E,CAAC;aAAM,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YAChC,SAAS,GAAG,SAAS,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,CAAC;QACrB,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CACvB,IAAA,eAAG,EAAC,CAAC,IAAgD,EAAE,EAAE;YAEvD,MAAM,kBAAkB,GAAG,IAAI,IAAI,aAAa,IAAI,IAAI,IAAI,CAAC,CAAC,aAAa,IAAI,IAAI,CAAC,CAAC;YACrF,MAAM,cAAc,GAAG,IAAI,IAAI,aAAa,IAAI,IAAI,IAAI,IAAI,CAAC,WAAW,CAAC;YAGzE,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,cAAc,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACtD,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,MAAM,GAAG,GAAG,cAAc,EAAE,aAAa,CAAC;YAc1C,MAAM,aAAa,GAMf;gBACF,QAAQ,EAAE,IAAa;gBACvB,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,KAAK;gBAC7B,QAAQ,EAAE,CAAC,GAAG,EAAE,QAAQ,IAAI,QAAQ,CAA8B;gBAClE,IAAI,EAAE,GAAG,EAAE,IAAI,IAAI,GAAG;aACvB,CAAC;YAIF,IAAI,GAAG,EAAE,MAAM,EAAE,CAAC;gBAChB,aAAa,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YACpC,CAAC;YAKD,IAAI,mBAAmB,GAAG,CAAC,CAAC;YAC5B,IAAI,cAAc,IAAI,aAAa,IAAI,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAChE,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACpE,IAAI,CAAC,aAAa,EAAE,GAAG,EAAE,CAAC;oBACxB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,aAAa,EAC3B,oEAAoE,CACrE,CAAC;gBACJ,CAAC;gBACD,MAAM,gBAAgB,GAAG,aAAa,CAAC,GAAa,CAAC;gBACrD,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,gBAAgB,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACxE,IAAI,mBAAmB,IAAI,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,aAAa,EAC3B,uDAAuD,CACxD,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,SAAS,GAAG,CAAC,IAAY,EAAE,KAAa,EAAE,OAAgC,EAAE,EAAE;gBAClF,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;oBAC5C,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;gBACnC,CAAC;qBAAM,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;oBACtD,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC,CAAC;YAGF,IAAI,SAAS,KAAK,SAAS,IAAI,cAAc,IAAI,aAAa,IAAI,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC3F,MAAM,qBAAqB,GAAG,IAAA,+BAAwB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACpE,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,WAAW,EAAE;oBACjD,GAAG,aAAa;oBAChB,MAAM,EAAE,mBAAmB;iBAC5B,CAAC,CAAC;YACL,CAAC;YAED,IAAI,cAAc,IAAI,IAAI,IAAI,IAAI,CAAC,YAAY,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC3E,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBACtE,IAAI,CAAC,cAAc,EAAE,GAAG,EAAE,CAAC;oBACzB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,aAAa,EAC3B,qEAAqE,CACtE,CAAC;gBACJ,CAAC;gBACD,MAAM,iBAAiB,GAAG,cAAc,CAAC,GAAa,CAAC;gBACvD,MAAM,oBAAoB,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,iBAAiB,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBAChF,IAAI,oBAAoB,IAAI,CAAC,EAAE,CAAC;oBAC9B,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,aAAa,EAC3B,wDAAwD,CACzD,CAAC;gBACJ,CAAC;gBACD,MAAM,sBAAsB,GAAG,IAAA,gCAAyB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACtE,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC,YAAY,EAAE;oBACnD,GAAG,aAAa;oBAChB,MAAM,EAAE,oBAAoB;iBAC7B,CAAC,CAAC;YACL,CAAC;YAKD,IAAI,aAAa,IAAI,IAAI,IAAI,IAAI,CAAC,WAAW,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBACzE,MAAM,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,kBAAkB,IAAI,EAAE,CAAC;gBACrE,MAAM,mBAAmB,GAAG,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;gBACrE,MAAM,qBAAqB,GAAG,IAAA,+BAAwB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACpE,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,WAAW,EAAE;oBACjD,GAAG,aAAa;oBAChB,MAAM,EAAE,mBAAmB;iBAC5B,CAAC,CAAC;YACL,CAAC;YAID,IAAI,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;gBAC9E,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;gBACnD,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;gBACxD,MAAM,iBAAiB,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC;gBAI9D,SAAS,CAAC,cAAc,EAAE,SAAS,EAAE;oBACnC,GAAG,iBAAiB;oBACpB,MAAM,EAAE,mBAAmB,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;iBAClE,CAAC,CAAC;YACL,CAAC;YAID,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC5B,IAAI,kBAAkB,EAAE,CAAC;oBAEvB,OAAO,EAAE,CAAC;gBACZ,CAAC;gBACD,MAAM,QAAQ,GAAG,IAAuB,CAAC;gBACzC,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,GAAG,SAAS,EAAE,GACzG,QAAQ,CAAC;gBACX,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;CACF,CAAA;AAjNY,wDAAsB;iCAAtB,sBAAsB;IADlC,IAAA,mBAAU,GAAE;IAGR,WAAA,IAAA,eAAM,EAAC,cAAc,CAAC,CAAA;6CAEM,qBAAU;QACX,gBAAS;QACN,0BAAW;GANjC,sBAAsB,CAiNlC"}
+{"version":3,"file":"cookie-token.interceptor.js","sourceRoot":"","sources":["../../src/interceptors/cookie-token.interceptor.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAoG;AACpG,uCAAyC;AAEzC,8CAAqC;AACrC,8CAU6B;AAC7B,2DAA0D;AAC1D,qFAA2F;AAC3F,2DAAuD;AAEvD;;;;;;;;;;;;;;;GAeG;AAEI,IAAM,sBAAsB,GAA5B,MAAM,sBAAsB;IAGd;IACA;IACA;IACA;IALnB,YAEmB,MAAmB,EACnB,UAAsB,EACtB,SAAoB,EACpB,WAAyB;QAHzB,WAAM,GAAN,MAAM,CAAa;QACnB,eAAU,GAAV,UAAU,CAAY;QACtB,cAAS,GAAT,SAAS,CAAW;QACpB,gBAAW,GAAX,WAAW,CAAc;IACzC,CAAC;IAEJ,SAAS,CAAC,OAAyB,EAAE,IAAiB;QACpD,+BAA+B;QAC/B,IAAI,OAAO,CAAC,OAAO,EAAE,KAAK,MAAM,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,CAAC;QAED,MAAM,cAAc,GAAoC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;QAClF,MAAM,IAAI,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;QAGpC,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAkB,CAAC;QAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,EAAmB,CAAC;QAEhD,gDAAgD;QAChD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAgB,6CAAkB,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QAC9F,MAAM,MAAM,GAAG,cAAc,EAAE,MAAM,IAAI,MAAM,CAAC;QAEhD,kEAAkE;QAClE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,yEAAyE;YACzE,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;gBACtB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,mBAAmB,EACjC,8FAA8F,CAC/F,CAAC;YACJ,CAAC;YACD,+DAA+D;QACjE,CAAC;aAAM,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;YAChC,gEAAgE;YAChE,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,kBAAkB,EAChC,0GAA0G,CAC3G,CAAC;YACJ,CAAC;YACD,yDAAyD;QAC3D,CAAC;QAED,IAAI,SAAS,GAAuB,MAAM,CAAC;QAC3C,IAAI,SAAS,EAAE,CAAC;YACd,SAAS,GAAG,SAAS,CAAC;QACxB,CAAC;aAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,SAAS,GAAG,IAAA,gCAAyB,EAAC,GAAG,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;QAC3E,CAAC;aAAM,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YAChC,SAAS,GAAG,SAAS,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,CAAC;QACrB,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CACvB,IAAA,eAAG,EAAC,CAAC,IAAa,EAAE,EAAE;YACpB,+EAA+E;YAC/E,wCAAwC;YACxC,+EAA+E;YAC/E,8EAA8E;YAC9E,2EAA2E;YAC3E,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7D,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,MAAM,YAAY,GAAG,IAAwB,CAAC;YAC9C,MAAM,MAAM,GAAG,IAA+B,CAAC;YAE/C,8DAA8D;YAC9D,MAAM,kBAAkB,GACtB,aAAa,IAAI,MAAM,IAAI,CAAC,CAAC,aAAa,IAAI,MAAM,CAAC,IAAI,OAAO,YAAY,CAAC,WAAW,KAAK,QAAQ,CAAC;YACxG,MAAM,cAAc,GAClB,aAAa,IAAI,MAAM,IAAI,OAAO,YAAY,CAAC,WAAW,KAAK,QAAQ,IAAI,CAAC,CAAC,YAAY,CAAC,WAAW,CAAC;YAExG,4DAA4D;YAC5D,IAAI,CAAC,cAAc,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC3C,OAAO,YAAY,CAAC;YACtB,CAAC;YAED,+BAA+B;YAC/B,MAAM,GAAG,GAAG,cAAc,EAAE,aAAa,CAAC;YAE1C,0BAA0B;YAC1B,qEAAqE;YACrE,gFAAgF;YAChF,2CAA2C;YAC3C,sCAAsC;YACtC,kEAAkE;YAClE,EAAE;YACF,6EAA6E;YAC7E,yEAAyE;YACzE,EAAE;YACF,2DAA2D;YAC3D,0EAA0E;YAC1E,MAAM,aAAa,GAMf;gBACF,QAAQ,EAAE,IAAa;gBACvB,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,KAAK,EAAE,eAAe;gBAC9C,QAAQ,EAAE,CAAC,GAAG,EAAE,QAAQ,IAAI,QAAQ,CAA8B;gBAClE,IAAI,EAAE,GAAG,EAAE,IAAI,IAAI,GAAG;aACvB,CAAC;YAEF,gGAAgG;YAChG,8FAA8F;YAC9F,IAAI,GAAG,EAAE,MAAM,EAAE,CAAC;gBAChB,aAAa,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YACpC,CAAC;YAED,uDAAuD;YACvD,2EAA2E;YAC3E,uFAAuF;YACvF,IAAI,mBAAmB,GAAG,CAAC,CAAC;YAC5B,IAAI,cAAc,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC;gBAC/C,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;gBAC5E,IAAI,CAAC,aAAa,EAAE,GAAG,EAAE,CAAC;oBACxB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,aAAa,EAC3B,oEAAoE,CACrE,CAAC;gBACJ,CAAC;gBACD,MAAM,gBAAgB,GAAG,aAAa,CAAC,GAAa,CAAC;gBACrD,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,gBAAgB,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACxE,IAAI,mBAAmB,IAAI,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,aAAa,EAC3B,uDAAuD,CACxD,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,SAAS,GAAG,CAAC,IAAY,EAAE,KAAa,EAAE,OAAgC,EAAE,EAAE;gBAClF,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;oBAC5C,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;gBACnC,CAAC;qBAAM,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;oBACtD,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC,CAAC;YAEF,+CAA+C;YAC/C,IAAI,SAAS,KAAK,SAAS,IAAI,cAAc,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC;gBAC1E,MAAM,qBAAqB,GAAG,IAAA,+BAAwB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACpE,SAAS,CAAC,qBAAqB,EAAE,YAAY,CAAC,WAAW,EAAE;oBACzD,GAAG,aAAa;oBAChB,MAAM,EAAE,mBAAmB;iBAC5B,CAAC,CAAC;YACL,CAAC;YAED,IAAI,OAAO,YAAY,CAAC,YAAY,KAAK,QAAQ,IAAI,YAAY,CAAC,YAAY,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC1G,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;gBAC9E,IAAI,CAAC,cAAc,EAAE,GAAG,EAAE,CAAC;oBACzB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,aAAa,EAC3B,qEAAqE,CACtE,CAAC;gBACJ,CAAC;gBACD,MAAM,iBAAiB,GAAG,cAAc,CAAC,GAAa,CAAC;gBACvD,MAAM,oBAAoB,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,iBAAiB,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBAChF,IAAI,oBAAoB,IAAI,CAAC,EAAE,CAAC;oBAC9B,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,aAAa,EAC3B,wDAAwD,CACzD,CAAC;gBACJ,CAAC;gBACD,MAAM,sBAAsB,GAAG,IAAA,gCAAyB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACtE,SAAS,CAAC,sBAAsB,EAAE,YAAY,CAAC,YAAY,EAAE;oBAC3D,GAAG,aAAa;oBAChB,MAAM,EAAE,oBAAoB;iBAC7B,CAAC,CAAC;YACL,CAAC;YAED,2DAA2D;YAC3D,uEAAuE;YACvE,uDAAuD;YACvD,IAAI,OAAO,YAAY,CAAC,WAAW,KAAK,QAAQ,IAAI,YAAY,CAAC,WAAW,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBACxG,MAAM,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,kBAAkB,IAAI,EAAE,CAAC;gBACrE,MAAM,mBAAmB,GAAG,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,+BAA+B;gBACrG,MAAM,qBAAqB,GAAG,IAAA,+BAAwB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACpE,SAAS,CAAC,qBAAqB,EAAE,YAAY,CAAC,WAAW,EAAE;oBACzD,GAAG,aAAa;oBAChB,MAAM,EAAE,mBAAmB;iBAC5B,CAAC,CAAC;YACL,CAAC;YAED,+DAA+D;YAC/D,6EAA6E;YAC7E,IAAI,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;gBAC9E,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;gBACnD,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;gBACxD,MAAM,iBAAiB,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC;gBAE9D,mDAAmD;gBACnD,4DAA4D;gBAC5D,SAAS,CAAC,cAAc,EAAE,SAAS,EAAE;oBACnC,GAAG,iBAAiB;oBACpB,MAAM,EAAE,mBAAmB,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;iBAClE,CAAC,CAAC;YACL,CAAC;YAED,oGAAoG;YACpG,yEAAyE;YACzE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC5B,IAAI,kBAAkB,EAAE,CAAC;oBACvB,6EAA6E;oBAC7E,OAAO,EAAE,CAAC;gBACZ,CAAC;gBACD,MAAM,QAAQ,GAAG,YAA+B,CAAC;gBACjD,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,GAAG,SAAS,EAAE,GACzG,QAAQ,CAAC;gBACX,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,OAAO,YAAY,CAAC;QACtB,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;CACF,CAAA;AAhOY,wDAAsB;iCAAtB,sBAAsB;IADlC,IAAA,mBAAU,GAAE;IAGR,WAAA,IAAA,eAAM,EAAC,cAAc,CAAC,CAAA;6CAEM,qBAAU;QACX,gBAAS;QACN,0BAAW;GANjC,sBAAsB,CAgOlC"}

package/dist/providers/nestjs-logger.adapter.d.ts

@@ -1,18 +1,114 @@
 import { LoggerProvider, LogMetadata, LogLevel } from '@nauth-toolkit/core';
+/**
+ * NestJS Logger Adapter
+ *
+ * Default logger adapter that uses NestJS's built-in Logger.
+ * Automatically redacts PII from all log messages and metadata.
+ *
+ * **Features:**
+ * - Uses NestJS Logger (familiar to NestJS developers)
+ * - Automatic PII redaction (emails, IPs, tokens, passwords)
+ * - Structured logging with metadata
+ * - Color-coded output in development
+ * - JSON output in production (via NestJS config)
+ *
+ * **Usage:**
+ * ```typescript
+ * // Default (automatically used if no logger provided)
+ * AuthModule.forRoot({
+ *   logger: {
+ *     provider: new NestJsLoggerAdapter(),
+ *   },
+ * })
+ *
+ * // With custom configuration
+ * AuthModule.forRoot({
+ *   logger: {
+ *     provider: new NestJsLoggerAdapter({
+ *       context: 'CustomAuth',
+ *       enablePiiRedaction: true,
+ *     }),
+ *   },
+ * })
+ * ```
+ *
+ * @example
+ * ```typescript
+ * const logger = new NestJsLoggerAdapter();
+ *
+ * logger.log('User logged in', {
+ *   userId: '123',
+ *   email: 'user@example.com',  // Redacted to u***@***.com
+ *   ipAddress: '192.168.1.100'  // Redacted to 192.168.1.***
+ * });
+ * ```
+ */
 export declare class NestJsLoggerAdapter implements LoggerProvider {
     private readonly logger;
     private readonly piiRedactor;
     private readonly enablePiiRedaction;
+    /**
+     * Constructor
+     *
+     * @param options - Logger configuration options
+     */
     constructor(options?: {
         context?: string;
         enablePiiRedaction?: boolean;
         piiRedactionOptions?: Record<string, unknown>;
     });
+    /**
+     * Log debug message (lowest priority)
+     *
+     * Used for detailed debugging information.
+     * Only logged if log level is set to 'debug'.
+     *
+     * @param message - Log message
+     * @param metadata - Additional context (PII will be redacted)
+     */
     debug(message: string, metadata?: LogMetadata): void;
+    /**
+     * Log informational message
+     *
+     * Used for general informational messages about system operation.
+     *
+     * @param message - Log message
+     * @param metadata - Additional context (PII will be redacted)
+     */
     log(message: string, metadata?: LogMetadata): void;
+    /**
+     * Log warning message
+     *
+     * Used for potentially harmful situations.
+     *
+     * @param message - Log message
+     * @param metadata - Additional context (PII will be redacted)
+     */
     warn(message: string, metadata?: LogMetadata): void;
+    /**
+     * Log error message (highest priority)
+     *
+     * Used for error events that might still allow the application to continue.
+     *
+     * @param message - Log message
+     * @param metadata - Additional context (PII will be redacted)
+     */
     error(message: string, metadata?: LogMetadata): void;
+    /**
+     * Set log level at runtime
+     *
+     * Note: NestJS Logger doesn't directly support runtime log level changes,
+     * but you can use Logger.overrideLogger() globally.
+     *
+     * @param level - Log level to set
+     */
     setLogLevel(level: LogLevel): void;
+    /**
+     * Check if a log level is enabled
+     *
+     * @param level - Log level to check
+     * @returns True if the level is enabled
+     */
     isLevelEnabled(_level: LogLevel): boolean;
 }
 //# sourceMappingURL=nestjs-logger.adapter.d.ts.map

package/dist/providers/nestjs-logger.adapter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"nestjs-logger.adapter.d.ts","sourceRoot":"","sources":["../../src/providers/nestjs-logger.adapter.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAe,MAAM,qBAAqB,CAAC;AA8CzF,qBACa,mBAAoB,YAAW,cAAc;IACxD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAU;gBAOjC,OAAO,CAAC,EAAE;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAC/C;IAkBD,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,IAAI;IAmBpD,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,IAAI;IAmBlD,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,IAAI;IAmBnD,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,IAAI;IA4BpD,WAAW,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI;IAYlC,cAAc,CAAC,MAAM,EAAE,QAAQ,GAAG,OAAO;CAK1C"}
+{"version":3,"file":"nestjs-logger.adapter.d.ts","sourceRoot":"","sources":["../../src/providers/nestjs-logger.adapter.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAe,MAAM,qBAAqB,CAAC;AAEzF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AACH,qBACa,mBAAoB,YAAW,cAAc;IACxD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAU;IAE7C;;;;OAIG;gBACS,OAAO,CAAC,EAAE;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAC/C;IASD;;;;;;;;OAQG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,IAAI;IAWpD;;;;;;;OAOG;IACH,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,IAAI;IAWlD;;;;;;;OAOG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,IAAI;IAWnD;;;;;;;OAOG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,IAAI;IAoBpD;;;;;;;OAOG;IACH,WAAW,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI;IAMlC;;;;;OAKG;IACH,cAAc,CAAC,MAAM,EAAE,QAAQ,GAAG,OAAO;CAK1C"}

package/dist/providers/nestjs-logger.adapter.js

@@ -12,15 +12,75 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.NestJsLoggerAdapter = void 0;
 const common_1 = require("@nestjs/common");
 const core_1 = require("@nauth-toolkit/core");
+/**
+ * NestJS Logger Adapter
+ *
+ * Default logger adapter that uses NestJS's built-in Logger.
+ * Automatically redacts PII from all log messages and metadata.
+ *
+ * **Features:**
+ * - Uses NestJS Logger (familiar to NestJS developers)
+ * - Automatic PII redaction (emails, IPs, tokens, passwords)
+ * - Structured logging with metadata
+ * - Color-coded output in development
+ * - JSON output in production (via NestJS config)
+ *
+ * **Usage:**
+ * ```typescript
+ * // Default (automatically used if no logger provided)
+ * AuthModule.forRoot({
+ *   logger: {
+ *     provider: new NestJsLoggerAdapter(),
+ *   },
+ * })
+ *
+ * // With custom configuration
+ * AuthModule.forRoot({
+ *   logger: {
+ *     provider: new NestJsLoggerAdapter({
+ *       context: 'CustomAuth',
+ *       enablePiiRedaction: true,
+ *     }),
+ *   },
+ * })
+ * ```
+ *
+ * @example
+ * ```typescript
+ * const logger = new NestJsLoggerAdapter();
+ *
+ * logger.log('User logged in', {
+ *   userId: '123',
+ *   email: 'user@example.com',  // Redacted to u***@***.com
+ *   ipAddress: '192.168.1.100'  // Redacted to 192.168.1.***
+ * });
+ * ```
+ */
 let NestJsLoggerAdapter = class NestJsLoggerAdapter {
     logger;
     piiRedactor;
     enablePiiRedaction;
+    /**
+     * Constructor
+     *
+     * @param options - Logger configuration options
+     */
     constructor(options) {
+        // Initialize NestJS Logger with context
         this.logger = new common_1.Logger(options?.context || 'nauth-toolkit');
-        this.enablePiiRedaction = options?.enablePiiRedaction !== false;
+        // Initialize PII redactor
+        this.enablePiiRedaction = options?.enablePiiRedaction !== false; // Default: true
         this.piiRedactor = new core_1.PiiRedactor(options?.piiRedactionOptions);
     }
+    /**
+     * Log debug message (lowest priority)
+     *
+     * Used for detailed debugging information.
+     * Only logged if log level is set to 'debug'.
+     *
+     * @param message - Log message
+     * @param metadata - Additional context (PII will be redacted)
+     */
     debug(message, metadata) {
         const safeMessage = this.enablePiiRedaction ? this.piiRedactor.redactMessage(message) : message;
         const safeMetadata = this.enablePiiRedaction ? this.piiRedactor.redactMetadata(metadata) : metadata;
@@ -31,6 +91,14 @@ let NestJsLoggerAdapter = class NestJsLoggerAdapter {
             this.logger.debug(safeMessage);
         }
     }
+    /**
+     * Log informational message
+     *
+     * Used for general informational messages about system operation.
+     *
+     * @param message - Log message
+     * @param metadata - Additional context (PII will be redacted)
+     */
     log(message, metadata) {
         const safeMessage = this.enablePiiRedaction ? this.piiRedactor.redactMessage(message) : message;
         const safeMetadata = this.enablePiiRedaction ? this.piiRedactor.redactMetadata(metadata) : metadata;
@@ -41,6 +109,14 @@ let NestJsLoggerAdapter = class NestJsLoggerAdapter {
             this.logger.log(safeMessage);
         }
     }
+    /**
+     * Log warning message
+     *
+     * Used for potentially harmful situations.
+     *
+     * @param message - Log message
+     * @param metadata - Additional context (PII will be redacted)
+     */
     warn(message, metadata) {
         const safeMessage = this.enablePiiRedaction ? this.piiRedactor.redactMessage(message) : message;
         const safeMetadata = this.enablePiiRedaction ? this.piiRedactor.redactMetadata(metadata) : metadata;
@@ -51,11 +127,21 @@ let NestJsLoggerAdapter = class NestJsLoggerAdapter {
             this.logger.warn(safeMessage);
         }
     }
+    /**
+     * Log error message (highest priority)
+     *
+     * Used for error events that might still allow the application to continue.
+     *
+     * @param message - Log message
+     * @param metadata - Additional context (PII will be redacted)
+     */
     error(message, metadata) {
         const safeMessage = this.enablePiiRedaction ? this.piiRedactor.redactMessage(message) : message;
         const safeMetadata = this.enablePiiRedaction ? this.piiRedactor.redactMetadata(metadata) : metadata;
         if (safeMetadata && safeMetadata.error instanceof Error) {
+            // Log error stack trace separately
             this.logger.error(safeMessage, safeMetadata.error.stack);
+            // Log remaining metadata
             const { error, ...rest } = safeMetadata;
             if (Object.keys(rest).length > 0) {
                 this.logger.error(JSON.stringify(rest));
@@ -68,10 +154,28 @@ let NestJsLoggerAdapter = class NestJsLoggerAdapter {
             this.logger.error(safeMessage);
         }
     }
+    /**
+     * Set log level at runtime
+     *
+     * Note: NestJS Logger doesn't directly support runtime log level changes,
+     * but you can use Logger.overrideLogger() globally.
+     *
+     * @param level - Log level to set
+     */
     setLogLevel(level) {
+        // NestJS Logger uses global log levels
+        // This is a placeholder for future enhancement
         this.logger.log(`Log level set to: ${level}`);
     }
+    /**
+     * Check if a log level is enabled
+     *
+     * @param level - Log level to check
+     * @returns True if the level is enabled
+     */
     isLevelEnabled(_level) {
+        // NestJS Logger doesn't expose this directly
+        // Default: all levels enabled
         return true;
     }
 };

package/dist/providers/nestjs-logger.adapter.js.map

@@ -1 +1 @@
-{"version":3,"file":"nestjs-logger.adapter.js","sourceRoot":"","sources":["../../src/providers/nestjs-logger.adapter.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAoD;AACpD,8CAAyF;AA+ClF,IAAM,mBAAmB,GAAzB,MAAM,mBAAmB;IACb,MAAM,CAAS;IACf,WAAW,CAAc;IACzB,kBAAkB,CAAU;IAO7C,YAAY,OAIX;QAEC,IAAI,CAAC,MAAM,GAAG,IAAI,eAAM,CAAC,OAAO,EAAE,OAAO,IAAI,eAAe,CAAC,CAAC;QAG9D,IAAI,CAAC,kBAAkB,GAAG,OAAO,EAAE,kBAAkB,KAAK,KAAK,CAAC;QAChE,IAAI,CAAC,WAAW,GAAG,IAAI,kBAAW,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACnE,CAAC;IAWD,KAAK,CAAC,OAAe,EAAE,QAAsB;QAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAChG,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEpG,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,WAAW,IAAI,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACtE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAUD,GAAG,CAAC,OAAe,EAAE,QAAsB;QACzC,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAChG,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEpG,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAUD,IAAI,CAAC,OAAe,EAAE,QAAsB;QAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAChG,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEpG,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,WAAW,IAAI,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAUD,KAAK,CAAC,OAAe,EAAE,QAAsB;QAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAChG,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEpG,IAAI,YAAY,IAAI,YAAY,CAAC,KAAK,YAAY,KAAK,EAAE,CAAC;YAExD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAGzD,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,EAAE,GAAG,YAAY,CAAC;YACxC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACjC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;aAAM,IAAI,YAAY,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,WAAW,IAAI,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACtE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAUD,WAAW,CAAC,KAAe;QAGzB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,KAAK,EAAE,CAAC,CAAC;IAChD,CAAC;IAQD,cAAc,CAAC,MAAgB;QAG7B,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AAtIY,kDAAmB;8BAAnB,mBAAmB;IAD/B,IAAA,mBAAU,GAAE;;GACA,mBAAmB,CAsI/B"}
+{"version":3,"file":"nestjs-logger.adapter.js","sourceRoot":"","sources":["../../src/providers/nestjs-logger.adapter.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAoD;AACpD,8CAAyF;AAEzF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAEI,IAAM,mBAAmB,GAAzB,MAAM,mBAAmB;IACb,MAAM,CAAS;IACf,WAAW,CAAc;IACzB,kBAAkB,CAAU;IAE7C;;;;OAIG;IACH,YAAY,OAIX;QACC,wCAAwC;QACxC,IAAI,CAAC,MAAM,GAAG,IAAI,eAAM,CAAC,OAAO,EAAE,OAAO,IAAI,eAAe,CAAC,CAAC;QAE9D,0BAA0B;QAC1B,IAAI,CAAC,kBAAkB,GAAG,OAAO,EAAE,kBAAkB,KAAK,KAAK,CAAC,CAAC,gBAAgB;QACjF,IAAI,CAAC,WAAW,GAAG,IAAI,kBAAW,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACnE,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,OAAe,EAAE,QAAsB;QAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAChG,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEpG,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,WAAW,IAAI,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACtE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,GAAG,CAAC,OAAe,EAAE,QAAsB;QACzC,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAChG,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEpG,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,IAAI,CAAC,OAAe,EAAE,QAAsB;QAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAChG,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEpG,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,WAAW,IAAI,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,OAAe,EAAE,QAAsB;QAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAChG,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEpG,IAAI,YAAY,IAAI,YAAY,CAAC,KAAK,YAAY,KAAK,EAAE,CAAC;YACxD,mCAAmC;YACnC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAEzD,yBAAyB;YACzB,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,EAAE,GAAG,YAAY,CAAC;YACxC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACjC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;aAAM,IAAI,YAAY,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,WAAW,IAAI,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACtE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,WAAW,CAAC,KAAe;QACzB,uCAAuC;QACvC,+CAA+C;QAC/C,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,KAAK,EAAE,CAAC,CAAC;IAChD,CAAC;IAED;;;;;OAKG;IACH,cAAc,CAAC,MAAgB;QAC7B,6CAA6C;QAC7C,8BAA8B;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AAtIY,kDAAmB;8BAAnB,mBAAmB;IAD/B,IAAA,mBAAU,GAAE;;GACA,mBAAmB,CAsI/B"}

package/dist/services/csrf.service.d.ts

@@ -1,8 +1,44 @@
 import { NAuthConfig } from '@nauth-toolkit/core';
+/**
+ * CSRF Service
+ *
+ * Generates and manages CSRF tokens for cookie-based token delivery.
+ * CSRF protection prevents Cross-Site Request Forgery attacks when tokens
+ * are stored in httpOnly cookies.
+ *
+ * @example
+ * ```typescript
+ * const csrfService = new CsrfService(config);
+ * const token = csrfService.generateToken();
+ * const cookieOptions = csrfService.getCookieOptions();
+ * ```
+ */
 export declare class CsrfService {
     private readonly config;
     constructor(config: NAuthConfig);
+    /**
+     * Generate a cryptographically secure CSRF token
+     *
+     * @returns CSRF token as hexadecimal string
+     *
+     * @example
+     * ```typescript
+     * const token = csrfService.generateToken();
+     * // Returns: 'a1b2c3d4e5f6...' (length depends on config.security.csrf.tokenLength)
+     * ```
+     */
     generateToken(): string;
+    /**
+     * Get CSRF cookie options from configuration
+     *
+     * @returns Cookie options object with defaults
+     *
+     * @example
+     * ```typescript
+     * const options = csrfService.getCookieOptions();
+     * res.cookie(csrfService.getCookieName(), token, options);
+     * ```
+     */
     getCookieOptions(): {
         httpOnly: boolean;
         secure: boolean;
@@ -10,7 +46,32 @@ export declare class CsrfService {
         domain?: string;
         path?: string;
     };
+    /**
+     * Get CSRF cookie name from configuration
+     *
+     * If explicitly configured via security.csrf.cookieName, uses that value.
+     * Otherwise, uses the prefix: `${prefix}csrf_token` (default: 'nauth_csrf_token')
+     *
+     * @returns Cookie name (default: 'nauth_csrf_token' with default prefix)
+     *
+     * @example
+     * ```typescript
+     * const cookieName = csrfService.getCookieName();
+     * // Returns: 'nauth_csrf_token' (or configured value)
+     * ```
+     */
     getCookieName(): string;
+    /**
+     * Get CSRF header name from configuration
+     *
+     * @returns Header name (default: 'x-csrf-token')
+     *
+     * @example
+     * ```typescript
+     * const headerName = csrfService.getHeaderName();
+     * // Returns: 'x-csrf-token' (or configured value)
+     * ```
+     */
     getHeaderName(): string;
 }
 //# sourceMappingURL=csrf.service.d.ts.map

package/dist/services/csrf.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"csrf.service.d.ts","sourceRoot":"","sources":["../../src/services/csrf.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAA0B,MAAM,qBAAqB,CAAC;AAgB1E,qBACa,WAAW;IAGpB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,WAAW;IActC,aAAa,IAAI,MAAM;IAgBvB,gBAAgB,IAAI;QAClB,QAAQ,EAAE,OAAO,CAAC;QAClB,MAAM,EAAE,OAAO,CAAC;QAChB,QAAQ,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;QACpC,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf;IAyBD,aAAa,IAAI,MAAM;IAevB,aAAa,IAAI,MAAM;CAGxB"}
+{"version":3,"file":"csrf.service.d.ts","sourceRoot":"","sources":["../../src/services/csrf.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAA0B,MAAM,qBAAqB,CAAC;AAE1E;;;;;;;;;;;;;GAaG;AACH,qBACa,WAAW;IAGpB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,WAAW;IAGtC;;;;;;;;;;OAUG;IACH,aAAa,IAAI,MAAM;IAKvB;;;;;;;;;;OAUG;IACH,gBAAgB,IAAI;QAClB,QAAQ,EAAE,OAAO,CAAC;QAClB,MAAM,EAAE,OAAO,CAAC;QAChB,QAAQ,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;QACpC,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf;IAWD;;;;;;;;;;;;;OAaG;IACH,aAAa,IAAI,MAAM;IAIvB;;;;;;;;;;OAUG;IACH,aAAa,IAAI,MAAM;CAGxB"}