@nauth-toolkit/nestjs 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/LICENSE +90 -0
  2. package/README.md +53 -0
  3. package/dist/auth.module.d.ts +14 -0
  4. package/dist/auth.module.d.ts.map +1 -0
  5. package/dist/auth.module.js +718 -0
  6. package/dist/auth.module.js.map +1 -0
  7. package/dist/decorators/client-info.decorator.d.ts +3 -0
  8. package/dist/decorators/client-info.decorator.d.ts.map +1 -0
  9. package/dist/decorators/client-info.decorator.js +13 -0
  10. package/dist/decorators/client-info.decorator.js.map +1 -0
  11. package/dist/decorators/current-user.decorator.d.ts +2 -0
  12. package/dist/decorators/current-user.decorator.d.ts.map +1 -0
  13. package/dist/decorators/current-user.decorator.js +9 -0
  14. package/dist/decorators/current-user.decorator.js.map +1 -0
  15. package/dist/decorators/index.d.ts +5 -0
  16. package/dist/decorators/index.d.ts.map +1 -0
  17. package/dist/decorators/index.js +21 -0
  18. package/dist/decorators/index.js.map +1 -0
  19. package/dist/decorators/public.decorator.d.ts +3 -0
  20. package/dist/decorators/public.decorator.d.ts.map +1 -0
  21. package/dist/decorators/public.decorator.js +8 -0
  22. package/dist/decorators/public.decorator.js.map +1 -0
  23. package/dist/decorators/token-delivery.decorator.d.ts +4 -0
  24. package/dist/decorators/token-delivery.decorator.d.ts.map +1 -0
  25. package/dist/decorators/token-delivery.decorator.js +8 -0
  26. package/dist/decorators/token-delivery.decorator.js.map +1 -0
  27. package/dist/dto/index.d.ts +2 -0
  28. package/dist/dto/index.d.ts.map +1 -0
  29. package/dist/dto/index.js +18 -0
  30. package/dist/dto/index.js.map +1 -0
  31. package/dist/factories/storage-adapter.factory.d.ts +7 -0
  32. package/dist/factories/storage-adapter.factory.d.ts.map +1 -0
  33. package/dist/factories/storage-adapter.factory.js +24 -0
  34. package/dist/factories/storage-adapter.factory.js.map +1 -0
  35. package/dist/filters/nauth-http-exception.filter.d.ts +7 -0
  36. package/dist/filters/nauth-http-exception.filter.d.ts.map +1 -0
  37. package/dist/filters/nauth-http-exception.filter.js +81 -0
  38. package/dist/filters/nauth-http-exception.filter.js.map +1 -0
  39. package/dist/guards/auth.guard.d.ts +16 -0
  40. package/dist/guards/auth.guard.d.ts.map +1 -0
  41. package/dist/guards/auth.guard.js +158 -0
  42. package/dist/guards/auth.guard.js.map +1 -0
  43. package/dist/guards/csrf.guard.d.ts +12 -0
  44. package/dist/guards/csrf.guard.d.ts.map +1 -0
  45. package/dist/guards/csrf.guard.js +95 -0
  46. package/dist/guards/csrf.guard.js.map +1 -0
  47. package/dist/guards/index.d.ts +2 -0
  48. package/dist/guards/index.d.ts.map +1 -0
  49. package/dist/guards/index.js +18 -0
  50. package/dist/guards/index.js.map +1 -0
  51. package/dist/index.d.ts +16 -0
  52. package/dist/index.d.ts.map +1 -0
  53. package/dist/index.js +50 -0
  54. package/dist/index.js.map +1 -0
  55. package/dist/interceptors/client-info.interceptor.d.ts +13 -0
  56. package/dist/interceptors/client-info.interceptor.d.ts.map +1 -0
  57. package/dist/interceptors/client-info.interceptor.js +108 -0
  58. package/dist/interceptors/client-info.interceptor.js.map +1 -0
  59. package/dist/interceptors/cookie-token.interceptor.d.ts +15 -0
  60. package/dist/interceptors/cookie-token.interceptor.d.ts.map +1 -0
  61. package/dist/interceptors/cookie-token.interceptor.js +164 -0
  62. package/dist/interceptors/cookie-token.interceptor.js.map +1 -0
  63. package/dist/interceptors/index.d.ts +3 -0
  64. package/dist/interceptors/index.d.ts.map +1 -0
  65. package/dist/interceptors/index.js +19 -0
  66. package/dist/interceptors/index.js.map +1 -0
  67. package/dist/providers/nestjs-logger.adapter.d.ts +18 -0
  68. package/dist/providers/nestjs-logger.adapter.d.ts.map +1 -0
  69. package/dist/providers/nestjs-logger.adapter.js +83 -0
  70. package/dist/providers/nestjs-logger.adapter.js.map +1 -0
  71. package/dist/services/csrf.service.d.ts +16 -0
  72. package/dist/services/csrf.service.d.ts.map +1 -0
  73. package/dist/services/csrf.service.js +51 -0
  74. package/dist/services/csrf.service.js.map +1 -0
  75. package/dist/services/migrations-bootstrap.service.d.ts +4 -0
  76. package/dist/services/migrations-bootstrap.service.d.ts.map +1 -0
  77. package/dist/services/migrations-bootstrap.service.js +75 -0
  78. package/dist/services/migrations-bootstrap.service.js.map +1 -0
  79. package/package.json +63 -0
package/dist/auth.module.js ADDED
@@ -0,0 +1,718 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
19
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
20
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
21
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
22
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
23
+ };
24
+ var __importStar = (this && this.__importStar) || (function () {
25
+ var ownKeys = function(o) {
26
+ ownKeys = Object.getOwnPropertyNames || function (o) {
27
+ var ar = [];
28
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
29
+ return ar;
30
+ };
31
+ return ownKeys(o);
32
+ };
33
+ return function (mod) {
34
+ if (mod && mod.__esModule) return mod;
35
+ var result = {};
36
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
37
+ __setModuleDefault(result, mod);
38
+ return result;
39
+ };
40
+ })();
41
+ var AuthModule_1;
42
+ Object.defineProperty(exports, "__esModule", { value: true });
43
+ exports.AuthModule = void 0;
44
+ const common_1 = require("@nestjs/common");
45
+ const core_1 = require("@nestjs/core");
46
+ const typeorm_1 = require("@nestjs/typeorm");
47
+ const typeorm_2 = require("typeorm");
48
+ const core_2 = require("@nauth-toolkit/core");
49
+ const internal_1 = require("@nauth-toolkit/core/internal");
50
+ const client_info_interceptor_1 = require("./interceptors/client-info.interceptor");
51
+ const cookie_token_interceptor_1 = require("./interceptors/cookie-token.interceptor");
52
+ const auth_guard_1 = require("./guards/auth.guard");
53
+ const csrf_guard_1 = require("./guards/csrf.guard");
54
+ const csrf_service_1 = require("./services/csrf.service");
55
+ const migrations_bootstrap_service_1 = require("./services/migrations-bootstrap.service");
56
+ let AuthModule = AuthModule_1 = class AuthModule {
57
+ static forRoot(config) {
58
+ this.validateConfig(config);
59
+ const nauthLogger = new core_2.NAuthLogger(config.logger);
60
+ if (nauthLogger.isEnabled()) {
61
+ nauthLogger.log('Initializing nauth-toolkit...');
62
+ nauthLogger.debug(`Table prefix: ${config.tablePrefix || 'nauth_'}`);
63
+ nauthLogger.debug(`JWT algorithm: ${config.jwt.algorithm || 'HS256'}`);
64
+ }
65
+ const entities = config.entities || [];
66
+ return {
67
+ module: AuthModule_1,
68
+ imports: [
69
+ ...(entities.length > 0 ? [typeorm_1.TypeOrmModule.forFeature(entities)] : []),
70
+ ],
71
+ providers: [
72
+ migrations_bootstrap_service_1.nauthMigrationsBootstrapProvider,
73
+ {
74
+ provide: core_1.APP_INTERCEPTOR,
75
+ useClass: client_info_interceptor_1.ClientInfoInterceptor,
76
+ },
77
+ {
78
+ provide: core_1.APP_INTERCEPTOR,
79
+ useFactory: (config, jwtService, reflector, csrfService) => {
80
+ return new cookie_token_interceptor_1.CookieTokenInterceptor(config, jwtService, reflector, csrfService);
81
+ },
82
+ inject: [
83
+ 'NAUTH_CONFIG',
84
+ internal_1.JwtService,
85
+ core_1.Reflector,
86
+ { token: csrf_service_1.CsrfService, optional: true },
87
+ ],
88
+ },
89
+ {
90
+ provide: csrf_service_1.CsrfService,
91
+ useFactory: (config) => {
92
+ return new csrf_service_1.CsrfService(config);
93
+ },
94
+ inject: ['NAUTH_CONFIG'],
95
+ },
96
+ ...(config.tokenDelivery?.method === 'cookies' || config.tokenDelivery?.method === 'hybrid'
97
+ ? [
98
+ {
99
+ provide: core_1.APP_GUARD,
100
+ useClass: csrf_guard_1.CsrfGuard,
101
+ },
102
+ ]
103
+ : []),
104
+ {
105
+ provide: 'NAUTH_CONFIG',
106
+ useValue: config,
107
+ },
108
+ {
109
+ provide: 'NAUTH_LOGGER',
110
+ useValue: nauthLogger,
111
+ },
112
+ {
113
+ provide: 'STORAGE_ADAPTER',
114
+ useFactory: async (config, logger, rateLimitRepo, storageLockRepo) => {
115
+ if (config.storageAdapter) {
116
+ const adapter = config.storageAdapter;
117
+ if (adapter &&
118
+ typeof adapter.setLogger === 'function') {
119
+ adapter.setLogger(logger);
120
+ }
121
+ if (adapter &&
122
+ typeof adapter.setRepositories === 'function') {
123
+ if (rateLimitRepo && storageLockRepo) {
124
+ adapter.setRepositories(rateLimitRepo, storageLockRepo);
125
+ }
126
+ }
127
+ await adapter.initialize();
128
+ return adapter;
129
+ }
130
+ if (rateLimitRepo && storageLockRepo) {
131
+ try {
132
+ const { DatabaseStorageAdapter } = await Promise.resolve().then(() => __importStar(require('@nauth-toolkit/storage-database')));
133
+ const adapter = new DatabaseStorageAdapter(null, null, logger);
134
+ adapter.setRepositories(rateLimitRepo, storageLockRepo);
135
+ await adapter.initialize();
136
+ logger?.warn?.('WARNING: Storage adapter not provided. Using DatabaseStorageAdapter as default. ' +
137
+ 'For production, explicitly configure storageAdapter in your config.');
138
+ return adapter;
139
+ }
140
+ catch (error) {
141
+ logger?.error?.('Failed to create DatabaseStorageAdapter. Please explicitly configure storageAdapter in your config.', { error });
142
+ }
143
+ }
144
+ throw new Error('Storage adapter is REQUIRED for production deployments. ' +
145
+ 'MemoryStorageAdapter is NOT safe for production (data lost on restart, not shared across instances). ' +
146
+ 'Please configure storageAdapter in your NAuthConfig:\n\n' +
147
+ 'Option 1: DatabaseStorageAdapter (recommended if you have a database)\n' +
148
+ ' import { DatabaseStorageAdapter } from "@nauth-toolkit/storage-database";\n' +
149
+ ' storageAdapter: new DatabaseStorageAdapter()\n\n' +
150
+ 'Option 2: RedisStorageAdapter (for high-performance multi-server deployments)\n' +
151
+ ' import { RedisStorageAdapter } from "@nauth-toolkit/storage-redis";\n' +
152
+ ' storageAdapter: new RedisStorageAdapter(redisClient)\n\n' +
153
+ 'Make sure to include storage entities in your TypeORM configuration:\n' +
154
+ ' import { getNAuthStorageEntities } from "@nauth-toolkit/database-typeorm-postgres";\n' +
155
+ ' entities: [...getNAuthEntities(), ...getNAuthStorageEntities()]');
156
+ },
157
+ inject: ['NAUTH_CONFIG', 'NAUTH_LOGGER', 'RateLimitRepository', 'StorageLockRepository'],
158
+ },
159
+ {
160
+ provide: 'RateLimitRepository',
161
+ useFactory: (dataSource) => {
162
+ const entityFromConfig = entities.find((e) => e.name === 'RateLimit');
163
+ if (entityFromConfig) {
164
+ return dataSource.getRepository(entityFromConfig);
165
+ }
166
+ const metadata = dataSource.entityMetadatas.find((m) => m.tableName === 'nauth_rate_limits');
167
+ if (metadata) {
168
+ return dataSource.getRepository(metadata.target);
169
+ }
170
+ const metadataByName = dataSource.entityMetadatas.find((m) => typeof m.target === 'function' && m.target.name === 'RateLimit');
171
+ if (metadataByName && typeof metadataByName.target === 'function') {
172
+ return dataSource.getRepository(metadataByName.target);
173
+ }
174
+ return null;
175
+ },
176
+ inject: [typeorm_2.DataSource],
177
+ },
178
+ {
179
+ provide: 'StorageLockRepository',
180
+ useFactory: (dataSource) => {
181
+ const entityFromConfig = entities.find((e) => e.name === 'StorageLock');
182
+ if (entityFromConfig) {
183
+ return dataSource.getRepository(entityFromConfig);
184
+ }
185
+ const metadata = dataSource.entityMetadatas.find((m) => m.tableName === 'nauth_storage_locks');
186
+ if (metadata) {
187
+ return dataSource.getRepository(metadata.target);
188
+ }
189
+ const metadataByName = dataSource.entityMetadatas.find((m) => typeof m.target === 'function' && m.target.name === 'StorageLock');
190
+ if (metadataByName && typeof metadataByName.target === 'function') {
191
+ return dataSource.getRepository(metadataByName.target);
192
+ }
193
+ return null;
194
+ },
195
+ inject: [typeorm_2.DataSource],
196
+ },
197
+ {
198
+ provide: 'UserRepository',
199
+ useFactory: (dataSource) => {
200
+ const entityFromConfig = entities.find((e) => e.name === 'User');
201
+ if (entityFromConfig) {
202
+ return dataSource.getRepository(entityFromConfig);
203
+ }
204
+ const metadata = dataSource.entityMetadatas.find((m) => m.tableName === 'nauth_users');
205
+ if (!metadata) {
206
+ throw new core_2.NAuthException(core_2.AuthErrorCode.VALIDATION_FAILED, 'User entity not found. Register entities in TypeORM.forRoot() or provide in config.entities');
207
+ }
208
+ return dataSource.getRepository(metadata.target);
209
+ },
210
+ inject: [typeorm_2.DataSource],
211
+ },
212
+ {
213
+ provide: 'SessionRepository',
214
+ useFactory: (dataSource) => {
215
+ const entityFromConfig = entities.find((e) => e.name === 'Session');
216
+ if (entityFromConfig) {
217
+ return dataSource.getRepository(entityFromConfig);
218
+ }
219
+ const metadata = dataSource.entityMetadatas.find((m) => m.tableName === 'nauth_sessions');
220
+ if (!metadata) {
221
+ throw new core_2.NAuthException(core_2.AuthErrorCode.VALIDATION_FAILED, 'Session entity not found. Register entities in TypeORM.forRoot() or provide in config.entities');
222
+ }
223
+ return dataSource.getRepository(metadata.target);
224
+ },
225
+ inject: [typeorm_2.DataSource],
226
+ },
227
+ {
228
+ provide: 'LoginAttemptRepository',
229
+ useFactory: (dataSource) => {
230
+ const entityFromConfig = entities.find((e) => e.name === 'LoginAttempt');
231
+ if (entityFromConfig) {
232
+ return dataSource.getRepository(entityFromConfig);
233
+ }
234
+ const metadata = dataSource.entityMetadatas.find((m) => m.tableName === 'nauth_login_attempts');
235
+ if (!metadata) {
236
+ throw new core_2.NAuthException(core_2.AuthErrorCode.VALIDATION_FAILED, 'LoginAttempt entity not found. Register entities in TypeORM.forRoot() or provide in config.entities');
237
+ }
238
+ return dataSource.getRepository(metadata.target);
239
+ },
240
+ inject: [typeorm_2.DataSource],
241
+ },
242
+ {
243
+ provide: 'VerificationTokenRepository',
244
+ useFactory: (dataSource) => {
245
+ const entityFromConfig = entities.find((e) => e.name === 'VerificationToken');
246
+ if (entityFromConfig) {
247
+ return dataSource.getRepository(entityFromConfig);
248
+ }
249
+ const metadata = dataSource.entityMetadatas.find((m) => m.tableName === 'nauth_verification_tokens');
250
+ if (!metadata) {
251
+ throw new core_2.NAuthException(core_2.AuthErrorCode.VALIDATION_FAILED, 'VerificationToken entity not found. Register entities in TypeORM.forRoot() or provide in config.entities');
252
+ }
253
+ return dataSource.getRepository(metadata.target);
254
+ },
255
+ inject: [typeorm_2.DataSource],
256
+ },
257
+ {
258
+ provide: 'SocialAccountRepository',
259
+ useFactory: (dataSource) => {
260
+ const entityFromConfig = entities.find((e) => e.name === 'SocialAccount');
261
+ if (entityFromConfig) {
262
+ return dataSource.getRepository(entityFromConfig);
263
+ }
264
+ const metadata = dataSource.entityMetadatas.find((m) => m.tableName === 'nauth_social_accounts');
265
+ if (!metadata) {
266
+ throw new core_2.NAuthException(core_2.AuthErrorCode.VALIDATION_FAILED, 'SocialAccount entity not found. Register entities in TypeORM.forRoot() or provide in config.entities');
267
+ }
268
+ return dataSource.getRepository(metadata.target);
269
+ },
270
+ inject: [typeorm_2.DataSource],
271
+ },
272
+ {
273
+ provide: 'ChallengeSessionRepository',
274
+ useFactory: (dataSource) => {
275
+ const entityFromConfig = entities.find((e) => e.name === 'ChallengeSession');
276
+ if (entityFromConfig) {
277
+ return dataSource.getRepository(entityFromConfig);
278
+ }
279
+ const metadata = dataSource.entityMetadatas.find((m) => m.tableName === 'nauth_challenge_sessions');
280
+ if (!metadata) {
281
+ throw new core_2.NAuthException(core_2.AuthErrorCode.VALIDATION_FAILED, 'ChallengeSession entity not found. Register entities in TypeORM.forRoot() or provide in config.entities');
282
+ }
283
+ return dataSource.getRepository(metadata.target);
284
+ },
285
+ inject: [typeorm_2.DataSource],
286
+ },
287
+ {
288
+ provide: 'MFADeviceRepository',
289
+ useFactory: (dataSource) => {
290
+ const entityFromConfig = entities.find((e) => e.name === 'MFADevice');
291
+ if (entityFromConfig) {
292
+ return dataSource.getRepository(entityFromConfig);
293
+ }
294
+ const metadata = dataSource.entityMetadatas.find((m) => m.tableName === 'nauth_mfa_devices');
295
+ if (!metadata) {
296
+ throw new core_2.NAuthException(core_2.AuthErrorCode.VALIDATION_FAILED, 'MFADevice entity not found. Register entities in TypeORM.forRoot() or provide in config.entities');
297
+ }
298
+ return dataSource.getRepository(metadata.target);
299
+ },
300
+ inject: [typeorm_2.DataSource],
301
+ },
302
+ {
303
+ provide: 'AuthAuditRepository',
304
+ useFactory: (dataSource) => {
305
+ const entityFromConfig = entities.find((e) => e.name === 'AuthAudit');
306
+ if (entityFromConfig) {
307
+ return dataSource.getRepository(entityFromConfig);
308
+ }
309
+ const metadata = dataSource.entityMetadatas.find((m) => m.tableName === 'nauth_auth_audit');
310
+ if (!metadata) {
311
+ throw new core_2.NAuthException(core_2.AuthErrorCode.VALIDATION_FAILED, 'AuthAudit entity not found. Register entities in TypeORM.forRoot() or provide in config.entities');
312
+ }
313
+ return dataSource.getRepository(metadata.target);
314
+ },
315
+ inject: [typeorm_2.DataSource],
316
+ },
317
+ {
318
+ provide: 'TrustedDeviceRepository',
319
+ useFactory: (dataSource) => {
320
+ const entityFromConfig = entities.find((e) => e.name === 'TrustedDevice');
321
+ if (entityFromConfig) {
322
+ return dataSource.getRepository(entityFromConfig);
323
+ }
324
+ const metadata = dataSource.entityMetadatas.find((m) => m.tableName === 'nauth_trusted_devices');
325
+ if (!metadata) {
326
+ return null;
327
+ }
328
+ return dataSource.getRepository(metadata.target);
329
+ },
330
+ inject: [typeorm_2.DataSource],
331
+ },
332
+ {
333
+ provide: internal_1.PasswordService,
334
+ useFactory: () => {
335
+ return new internal_1.PasswordService(config.password);
336
+ },
337
+ },
338
+ {
339
+ provide: 'PASSWORD_SERVICE',
340
+ useFactory: () => {
341
+ return new internal_1.PasswordService(config.password);
342
+ },
343
+ },
344
+ {
345
+ provide: internal_1.JwtService,
346
+ useFactory: () => {
347
+ return new internal_1.JwtService(config.jwt);
348
+ },
349
+ },
350
+ {
351
+ provide: internal_1.SessionService,
352
+ useFactory: (sessionRepository, storageAdapter, clientInfoService, nauthConfig, logger, auditService) => {
353
+ return new internal_1.SessionService(sessionRepository, storageAdapter, clientInfoService, nauthConfig, logger, auditService);
354
+ },
355
+ inject: [
356
+ 'SessionRepository',
357
+ 'STORAGE_ADAPTER',
358
+ core_2.ClientInfoService,
359
+ 'NAUTH_CONFIG',
360
+ 'NAUTH_LOGGER',
361
+ { token: internal_1.AuthAuditService, optional: true },
362
+ ],
363
+ },
364
+ {
365
+ provide: internal_1.ChallengeService,
366
+ useFactory: (challengeSessionRepository, clientInfoService, logger, auditService) => {
367
+ return new internal_1.ChallengeService(challengeSessionRepository, clientInfoService, logger, auditService);
368
+ },
369
+ inject: [
370
+ 'ChallengeSessionRepository',
371
+ core_2.ClientInfoService,
372
+ 'NAUTH_LOGGER',
373
+ { token: internal_1.AuthAuditService, optional: true },
374
+ ],
375
+ },
376
+ {
377
+ provide: internal_1.AuthFlowContextBuilder,
378
+ useFactory: (trustedDeviceService, adaptiveMFADecisionService, clientInfoService, logger) => {
379
+ return new internal_1.AuthFlowContextBuilder(trustedDeviceService || undefined, adaptiveMFADecisionService, clientInfoService, logger);
380
+ },
381
+ inject: [
382
+ { token: internal_1.TrustedDeviceService, optional: true },
383
+ { token: internal_1.AdaptiveMFADecisionService, optional: true },
384
+ { token: core_2.ClientInfoService, optional: true },
385
+ { token: 'NAUTH_LOGGER', optional: true },
386
+ ],
387
+ },
388
+ {
389
+ provide: internal_1.AuthFlowStateMachineService,
390
+ useFactory: (contextBuilder, logger) => {
391
+ return new internal_1.AuthFlowStateMachineService(contextBuilder, logger);
392
+ },
393
+ inject: [internal_1.AuthFlowContextBuilder, { token: 'NAUTH_LOGGER', optional: true }],
394
+ },
395
+ {
396
+ provide: internal_1.AuthChallengeHelperService,
397
+ useFactory: (challengeService, jwtService, sessionService, mfaDeviceRepository, logger, stateMachine, contextBuilder, clientInfoService, emailVerificationService, phoneVerificationService) => {
398
+ return new internal_1.AuthChallengeHelperService(challengeService, jwtService, sessionService, mfaDeviceRepository, logger, stateMachine, contextBuilder, clientInfoService, emailVerificationService, phoneVerificationService);
399
+ },
400
+ inject: [
401
+ internal_1.ChallengeService,
402
+ internal_1.JwtService,
403
+ internal_1.SessionService,
404
+ 'MFADeviceRepository',
405
+ 'NAUTH_LOGGER',
406
+ internal_1.AuthFlowStateMachineService,
407
+ internal_1.AuthFlowContextBuilder,
408
+ core_2.ClientInfoService,
409
+ { token: core_2.EmailVerificationService, optional: true },
410
+ { token: core_2.PhoneVerificationService, optional: true },
411
+ ],
412
+ },
413
+ {
414
+ provide: core_2.AuthService,
415
+ useFactory: (userRepository, loginAttemptRepository, passwordService, jwtService, sessionService, challengeService, challengeHelper, emailVerificationService, clientInfoService, accountLockoutStorage, nauthConfig, logger, auditService, phoneVerificationService, mfaService, mfaDeviceRepository, trustedDeviceService) => {
416
+ return new core_2.AuthService(userRepository, loginAttemptRepository, passwordService, jwtService, sessionService, challengeService, challengeHelper, emailVerificationService, clientInfoService, accountLockoutStorage, nauthConfig, logger, auditService, phoneVerificationService, mfaService, mfaDeviceRepository, trustedDeviceService);
417
+ },
418
+ inject: [
419
+ 'UserRepository',
420
+ 'LoginAttemptRepository',
421
+ internal_1.PasswordService,
422
+ internal_1.JwtService,
423
+ internal_1.SessionService,
424
+ internal_1.ChallengeService,
425
+ internal_1.AuthChallengeHelperService,
426
+ core_2.EmailVerificationService,
427
+ core_2.ClientInfoService,
428
+ core_2.AccountLockoutStorageService,
429
+ 'NAUTH_CONFIG',
430
+ 'NAUTH_LOGGER',
431
+ { token: internal_1.AuthAuditService, optional: true },
432
+ { token: core_2.PhoneVerificationService, optional: true },
433
+ { token: core_2.MFAService, optional: true },
434
+ { token: 'MFADeviceRepository', optional: true },
435
+ { token: internal_1.TrustedDeviceService, optional: true },
436
+ ],
437
+ },
438
+ {
439
+ provide: internal_1.TrustedDeviceService,
440
+ useFactory: (config, logger, trustedDeviceRepository) => {
441
+ if (!trustedDeviceRepository) {
442
+ return null;
443
+ }
444
+ return new internal_1.TrustedDeviceService(config, logger, trustedDeviceRepository);
445
+ },
446
+ inject: ['NAUTH_CONFIG', 'NAUTH_LOGGER', { token: 'TrustedDeviceRepository', optional: true }],
447
+ },
448
+ {
449
+ provide: 'SOCIAL_AUTH_STATE_STORE',
450
+ useValue: new Map(),
451
+ },
452
+ internal_1.SocialProviderRegistry,
453
+ {
454
+ provide: core_2.MFAService,
455
+ useFactory: (mfaDeviceRepository, userRepository, challengeService, nauthConfig, logger, auditService, clientInfoService) => {
456
+ return new core_2.MFAService(mfaDeviceRepository, userRepository, challengeService, nauthConfig, logger, auditService, clientInfoService);
457
+ },
458
+ inject: [
459
+ 'MFADeviceRepository',
460
+ 'UserRepository',
461
+ { token: internal_1.ChallengeService, optional: true },
462
+ { token: 'NAUTH_CONFIG', optional: true },
463
+ { token: 'NAUTH_LOGGER', optional: true },
464
+ { token: core_2.AuthAuditService, optional: true },
465
+ { token: core_2.ClientInfoService, optional: true },
466
+ ],
467
+ },
468
+ {
469
+ provide: core_2.SocialAuthService,
470
+ useFactory: (providerRegistry, userRepository, socialAccountRepository, authService, logger, auditService) => {
471
+ return new core_2.SocialAuthService(providerRegistry, userRepository, socialAccountRepository, authService, logger, auditService);
472
+ },
473
+ inject: [
474
+ internal_1.SocialProviderRegistry,
475
+ 'UserRepository',
476
+ 'SocialAccountRepository',
477
+ core_2.AuthService,
478
+ 'NAUTH_LOGGER',
479
+ { token: internal_1.AuthAuditService, optional: true },
480
+ ],
481
+ },
482
+ core_2.ClientInfoService,
483
+ ...(config.auditLogs?.enabled !== false
484
+ ? [
485
+ {
486
+ provide: internal_1.AuthAuditService,
487
+ useFactory: (auditRepository, userRepository, logger, clientInfoService) => {
488
+ return new internal_1.AuthAuditService(auditRepository, userRepository, logger, clientInfoService);
489
+ },
490
+ inject: ['AuthAuditRepository', 'UserRepository', 'NAUTH_LOGGER', core_2.ClientInfoService],
491
+ },
492
+ {
493
+ provide: core_2.AuthAuditService,
494
+ useExisting: internal_1.AuthAuditService,
495
+ },
496
+ ]
497
+ : []),
498
+ {
499
+ provide: internal_1.RiskDetectionService,
500
+ useFactory: (sessionRepository, auditRepository, config, logger, trustedDeviceService) => {
501
+ return new internal_1.RiskDetectionService(sessionRepository, auditRepository, config, logger, trustedDeviceService ?? undefined);
502
+ },
503
+ inject: [
504
+ 'SessionRepository',
505
+ 'AuthAuditRepository',
506
+ 'NAUTH_CONFIG',
507
+ 'NAUTH_LOGGER',
508
+ { token: internal_1.TrustedDeviceService, optional: true },
509
+ ],
510
+ },
511
+ {
512
+ provide: internal_1.RiskScoringService,
513
+ useFactory: (config, logger) => {
514
+ return new internal_1.RiskScoringService(config, logger);
515
+ },
516
+ inject: ['NAUTH_CONFIG', 'NAUTH_LOGGER'],
517
+ },
518
+ {
519
+ provide: internal_1.AdaptiveMFADecisionService,
520
+ useFactory: (riskDetectionService, riskScoringService, storageAdapter, clientInfoService, config, logger, auditService) => {
521
+ return new internal_1.AdaptiveMFADecisionService(riskDetectionService, riskScoringService, storageAdapter, clientInfoService, config, logger, auditService);
522
+ },
523
+ inject: [
524
+ internal_1.RiskDetectionService,
525
+ internal_1.RiskScoringService,
526
+ 'STORAGE_ADAPTER',
527
+ core_2.ClientInfoService,
528
+ 'NAUTH_CONFIG',
529
+ 'NAUTH_LOGGER',
530
+ { token: internal_1.AuthAuditService, optional: true },
531
+ ],
532
+ },
533
+ ...(config.geoLocation?.maxMind
534
+ ? [
535
+ {
536
+ provide: 'MAXMIND_MODULE',
537
+ useFactory: async () => {
538
+ try {
539
+ const maxMindModule = await Promise.resolve().then(() => __importStar(require('@maxmind/geoip2-node')));
540
+ return maxMindModule;
541
+ }
542
+ catch {
543
+ return null;
544
+ }
545
+ },
546
+ },
547
+ ]
548
+ : [
549
+ {
550
+ provide: 'MAXMIND_MODULE',
551
+ useValue: null,
552
+ },
553
+ ]),
554
+ ...(config.geoLocation?.maxMind
555
+ ? [
556
+ {
557
+ provide: internal_1.GeoLocationService,
558
+ useFactory: (nauthConfig, storageAdapter, maxMindLib, logger) => {
559
+ return new internal_1.GeoLocationService(nauthConfig, storageAdapter, maxMindLib, logger);
560
+ },
561
+ inject: ['NAUTH_CONFIG', 'STORAGE_ADAPTER', 'MAXMIND_MODULE', 'NAUTH_LOGGER'],
562
+ },
563
+ ]
564
+ : []),
565
+ {
566
+ provide: 'EMAIL_PROVIDER',
567
+ useFactory: () => {
568
+ if (!config.emailProvider) {
569
+ throw new core_2.NAuthException(core_2.AuthErrorCode.VALIDATION_FAILED, 'emailProvider is required. Install and configure an email package:\n' +
570
+ ' yarn add @nauth-toolkit/email-console (for dev)\n' +
571
+ ' yarn add @nauth-toolkit/email-nodemailer (for production)');
572
+ }
573
+ const provider = config.emailProvider;
574
+ if (provider && typeof provider.setLogger === 'function') {
575
+ provider.setLogger(nauthLogger);
576
+ }
577
+ if (provider && typeof provider.setGlobalVariables === 'function' && config.email) {
578
+ const globalVars = {};
579
+ if (config.email.appName)
580
+ globalVars.appName = config.email.appName;
581
+ if (config.email.companyName)
582
+ globalVars.companyName = config.email.companyName;
583
+ if (config.email.logoUrl)
584
+ globalVars.logoUrl = config.email.logoUrl;
585
+ if (config.email.supportEmail)
586
+ globalVars.supportEmail = config.email.supportEmail;
587
+ if (config.email.dashboardUrl)
588
+ globalVars.dashboardUrl = config.email.dashboardUrl;
589
+ if (config.email.brandColor)
590
+ globalVars.brandColor = config.email.brandColor;
591
+ if (config.email.footerDisclaimer)
592
+ globalVars.footerDisclaimer = config.email.footerDisclaimer;
593
+ const mergedVars = {
594
+ ...globalVars,
595
+ ...(config.email.templates?.globalVariables || {}),
596
+ };
597
+ provider.setGlobalVariables(mergedVars);
598
+ }
599
+ return provider;
600
+ },
601
+ },
602
+ {
603
+ provide: core_2.EmailVerificationService,
604
+ useFactory: (verificationTokenRepo, userRepo, emailProvider, storageAdapter, nauthConfig, clientInfoService, logger, auditService) => {
605
+ return new core_2.EmailVerificationService(verificationTokenRepo, userRepo, emailProvider, storageAdapter, nauthConfig, clientInfoService, logger, auditService);
606
+ },
607
+ inject: [
608
+ 'VerificationTokenRepository',
609
+ 'UserRepository',
610
+ 'EMAIL_PROVIDER',
611
+ 'STORAGE_ADAPTER',
612
+ 'NAUTH_CONFIG',
613
+ core_2.ClientInfoService,
614
+ 'NAUTH_LOGGER',
615
+ { token: internal_1.AuthAuditService, optional: true },
616
+ ],
617
+ },
618
+ ...(config.smsProvider
619
+ ? [
620
+ {
621
+ provide: 'SMS_PROVIDER',
622
+ useFactory: () => {
623
+ const provider = config.smsProvider;
624
+ if (provider && typeof provider.setLogger === 'function') {
625
+ provider.setLogger(nauthLogger);
626
+ }
627
+ return provider;
628
+ },
629
+ },
630
+ {
631
+ provide: core_2.PhoneVerificationService,
632
+ useFactory: (verificationTokenRepo, userRepo, smsProvider, storageAdapter, nauthConfig, clientInfoService, logger, auditService) => {
633
+ return new core_2.PhoneVerificationService(verificationTokenRepo, userRepo, smsProvider, storageAdapter, nauthConfig, clientInfoService, logger, auditService);
634
+ },
635
+ inject: [
636
+ 'VerificationTokenRepository',
637
+ 'UserRepository',
638
+ 'SMS_PROVIDER',
639
+ 'STORAGE_ADAPTER',
640
+ 'NAUTH_CONFIG',
641
+ core_2.ClientInfoService,
642
+ { token: internal_1.AuthAuditService, optional: true },
643
+ 'NAUTH_LOGGER',
644
+ ],
645
+ },
646
+ ]
647
+ : []),
648
+ {
649
+ provide: core_2.RateLimitStorageService,
650
+ useFactory: (storageAdapter) => {
651
+ return new core_2.RateLimitStorageService(storageAdapter);
652
+ },
653
+ inject: ['STORAGE_ADAPTER'],
654
+ },
655
+ {
656
+ provide: core_2.AccountLockoutStorageService,
657
+ useFactory: (storageAdapter) => {
658
+ return new core_2.AccountLockoutStorageService(storageAdapter);
659
+ },
660
+ inject: ['STORAGE_ADAPTER'],
661
+ },
662
+ auth_guard_1.AuthGuard,
663
+ ...(config.tokenDelivery?.method === 'cookies' || config.tokenDelivery?.method === 'hybrid' ? [csrf_guard_1.CsrfGuard] : []),
664
+ ],
665
+ exports: [
666
+ core_2.AuthService,
667
+ internal_1.PasswordService,
668
+ internal_1.JwtService,
669
+ internal_1.SessionService,
670
+ internal_1.ChallengeService,
671
+ internal_1.AuthChallengeHelperService,
672
+ internal_1.SocialProviderRegistry,
673
+ core_2.ClientInfoService,
674
+ ...(config.auditLogs?.enabled !== false ? [core_2.AuthAuditService, internal_1.AuthAuditService] : []),
675
+ auth_guard_1.AuthGuard,
676
+ ...(config.tokenDelivery?.method === 'cookies' || config.tokenDelivery?.method === 'hybrid'
677
+ ? [csrf_guard_1.CsrfGuard, csrf_service_1.CsrfService]
678
+ : []),
679
+ core_2.RateLimitStorageService,
680
+ core_2.AccountLockoutStorageService,
681
+ ...(config.geoLocation?.maxMind ? [internal_1.GeoLocationService] : []),
682
+ 'EMAIL_PROVIDER',
683
+ core_2.EmailVerificationService,
684
+ ...(config.smsProvider ? ['SMS_PROVIDER', core_2.PhoneVerificationService] : []),
685
+ core_2.SocialAuthService,
686
+ core_2.MFAService,
687
+ 'NAUTH_LOGGER',
688
+ 'NAUTH_CONFIG',
689
+ 'SOCIAL_AUTH_STATE_STORE',
690
+ 'UserRepository',
691
+ 'MFADeviceRepository',
692
+ ],
693
+ };
694
+ }
695
+ static forRootAsync(_options) {
696
+ throw new core_2.NAuthException(core_2.AuthErrorCode.INTERNAL_ERROR, 'forRootAsync() is deprecated in v2.0. Use forRoot() instead.\n' +
697
+ 'The modular architecture requires entities to be provided synchronously.');
698
+ }
699
+ static validateConfig(config) {
700
+ const result = core_2.authConfigSchema.safeParse(config);
701
+ if (!result.success) {
702
+ const errors = result.error.errors
703
+ .map((err) => {
704
+ const path = err.path.length > 0 ? err.path.join('.') : 'root';
705
+ return ` - ${path}: ${err.message}`;
706
+ })
707
+ .join('\n');
708
+ throw new core_2.NAuthException(core_2.AuthErrorCode.VALIDATION_FAILED, `Configuration validation failed:\n\n${errors}\n\n` +
709
+ 'Please check your auth configuration and ensure all required fields are provided.');
710
+ }
711
+ }
712
+ };
713
+ exports.AuthModule = AuthModule;
714
+ exports.AuthModule = AuthModule = AuthModule_1 = __decorate([
715
+ (0, common_1.Global)(),
716
+ (0, common_1.Module)({})
717
+ ], AuthModule);
718
+ //# sourceMappingURL=auth.module.js.map