@nauth-toolkit/nestjs 0.1.3

package/dist/guards/csrf.guard.js

@@ -0,0 +1,95 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CsrfGuard = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const core_2 = require("@nauth-toolkit/core");
+const public_decorator_1 = require("../decorators/public.decorator");
+const token_delivery_decorator_1 = require("../decorators/token-delivery.decorator");
+const csrf_service_1 = require("../services/csrf.service");
+let CsrfGuard = class CsrfGuard {
+    config;
+    csrfService;
+    reflector;
+    constructor(config, csrfService, reflector) {
+        this.config = config;
+        this.csrfService = csrfService;
+        this.reflector = reflector;
+    }
+    canActivate(context) {
+        if (context.getType() !== 'http') {
+            return true;
+        }
+        const request = context.switchToHttp().getRequest();
+        const csrfConfig = this.config.security?.csrf;
+        if (!csrfConfig) {
+            return true;
+        }
+        if (['GET', 'HEAD', 'OPTIONS'].includes(request.method)) {
+            return true;
+        }
+        const isPublic = this.reflector.getAllAndOverride(public_decorator_1.IS_PUBLIC_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        if (isPublic) {
+            return true;
+        }
+        if (csrfConfig.excludedPaths?.some((path) => request.url.startsWith(path))) {
+            return true;
+        }
+        const deliveryConfig = this.config.tokenDelivery;
+        const routeMode = this.reflector.get(token_delivery_decorator_1.TOKEN_DELIVERY_KEY, context.getHandler());
+        const method = deliveryConfig?.method || 'json';
+        let effective = 'json';
+        if (routeMode) {
+            effective = routeMode;
+        }
+        else if (method === 'hybrid') {
+            effective = (0, core_2.resolveDeliveryForRequest)(request, deliveryConfig?.hybridPolicy);
+        }
+        else if (method === 'cookies') {
+            effective = 'cookies';
+        }
+        else {
+            effective = 'json';
+        }
+        if (effective !== 'cookies') {
+            return true;
+        }
+        const cookieName = this.csrfService.getCookieName();
+        const headerName = this.csrfService.getHeaderName();
+        const csrfToken = request.headers[headerName.toLowerCase()];
+        const csrfCookie = request.cookies?.[cookieName];
+        if (!csrfToken) {
+            throw new core_2.NAuthException(core_2.AuthErrorCode.CSRF_TOKEN_MISSING, `CSRF token missing in header: ${headerName}`);
+        }
+        if (!csrfCookie) {
+            throw new core_2.NAuthException(core_2.AuthErrorCode.CSRF_TOKEN_MISSING, `CSRF token missing in cookie: ${cookieName}`);
+        }
+        if (csrfToken !== csrfCookie) {
+            throw new core_2.NAuthException(core_2.AuthErrorCode.CSRF_TOKEN_INVALID, 'CSRF token mismatch');
+        }
+        return true;
+    }
+};
+exports.CsrfGuard = CsrfGuard;
+exports.CsrfGuard = CsrfGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Inject)('NAUTH_CONFIG')),
+    __metadata("design:paramtypes", [Object, csrf_service_1.CsrfService,
+        core_1.Reflector])
+], CsrfGuard);
+//# sourceMappingURL=csrf.guard.js.map

package/dist/guards/csrf.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.guard.js","sourceRoot":"","sources":["../../src/guards/csrf.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAmF;AACnF,uCAAyC;AACzC,8CAA4G;AAC5G,qEAA+D;AAC/D,qFAA2F;AAC3F,2DAAuD;AAwBhD,IAAM,SAAS,GAAf,MAAM,SAAS;IAGD;IACA;IACA;IAJnB,YAEmB,MAAmB,EACnB,WAAwB,EACxB,SAAoB;QAFpB,WAAM,GAAN,MAAM,CAAa;QACnB,gBAAW,GAAX,WAAW,CAAa;QACxB,cAAS,GAAT,SAAS,CAAW;IACpC,CAAC;IAEJ,WAAW,CAAC,OAAyB;QAEnC,IAAI,OAAO,CAAC,OAAO,EAAE,KAAK,MAAM,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC;QAG9C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAU,gCAAa,EAAE;YACxE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QACH,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,IAAI,UAAU,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YAC3E,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAgB,6CAAkB,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QAC9F,MAAM,MAAM,GAAG,cAAc,EAAE,MAAM,IAAI,MAAM,CAAC;QAChD,IAAI,SAAS,GAAuB,MAAM,CAAC;QAE3C,IAAI,SAAS,EAAE,CAAC;YACd,SAAS,GAAG,SAAS,CAAC;QACxB,CAAC;aAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,SAAS,GAAG,IAAA,gCAAyB,EAAC,OAAO,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;QAC/E,CAAC;aAAM,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YAChC,SAAS,GAAG,SAAS,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,CAAC;QACrB,CAAC;QAGD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,WAAW,EAAE,CAAuB,CAAC;QAClF,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,UAAU,CAAuB,CAAC;QAEvE,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,kBAAkB,EAAE,iCAAiC,UAAU,EAAE,CAAC,CAAC;QAC5G,CAAC;QAED,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,kBAAkB,EAAE,iCAAiC,UAAU,EAAE,CAAC,CAAC;QAC5G,CAAC;QAED,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;YAC7B,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,kBAAkB,EAAE,qBAAqB,CAAC,CAAC;QACpF,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AAlFY,8BAAS;oBAAT,SAAS;IADrB,IAAA,mBAAU,GAAE;IAGR,WAAA,IAAA,eAAM,EAAC,cAAc,CAAC,CAAA;6CAEO,0BAAW;QACb,gBAAS;GAL5B,SAAS,CAkFrB"}

package/dist/guards/index.d.ts

@@ -0,0 +1,2 @@
+export * from './auth.guard';
+//# sourceMappingURL=index.d.ts.map

package/dist/guards/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/guards/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC"}

package/dist/guards/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./auth.guard"), exports);
+//# sourceMappingURL=index.js.map

package/dist/guards/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/guards/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B"}

package/dist/index.d.ts

@@ -0,0 +1,16 @@
+export * from '@nauth-toolkit/core';
+export { AuthModule, NAuthModuleConfig } from './auth.module';
+export { AuthGuard } from './guards/auth.guard';
+export { CsrfGuard } from './guards/csrf.guard';
+export { ClientInfoInterceptor } from './interceptors/client-info.interceptor';
+export { CookieTokenInterceptor } from './interceptors/cookie-token.interceptor';
+export { CurrentUser } from './decorators/current-user.decorator';
+export { Public, IS_PUBLIC_KEY } from './decorators/public.decorator';
+export { ClientInfo } from './decorators/client-info.decorator';
+export { TokenDelivery, TOKEN_DELIVERY_KEY, RouteDelivery } from './decorators/token-delivery.decorator';
+export { NAuthHttpExceptionFilter } from './filters/nauth-http-exception.filter';
+export { NestJsLoggerAdapter } from './providers/nestjs-logger.adapter';
+export { CsrfService } from './services/csrf.service';
+export * from './dto';
+export { createDatabaseStorageAdapter, createRedisStorageAdapter, createRedisClusterAdapter, } from './factories/storage-adapter.factory';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAiBA,cAAc,qBAAqB,CAAC;AASpC,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAK9D,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAKhD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAC/E,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAKjF,OAAO,EAAE,WAAW,EAAE,MAAM,qCAAqC,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,uCAAuC,CAAC;AAKzG,OAAO,EAAE,wBAAwB,EAAE,MAAM,uCAAuC,CAAC;AAKjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AAKxE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAKtD,cAAc,OAAO,CAAC;AAKtB,OAAO,EACL,4BAA4B,EAC5B,yBAAyB,EACzB,yBAAyB,GAC1B,MAAM,qCAAqC,CAAC"}

package/dist/index.js

@@ -0,0 +1,50 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createRedisClusterAdapter = exports.createRedisStorageAdapter = exports.createDatabaseStorageAdapter = exports.CsrfService = exports.NestJsLoggerAdapter = exports.NAuthHttpExceptionFilter = exports.TOKEN_DELIVERY_KEY = exports.TokenDelivery = exports.ClientInfo = exports.IS_PUBLIC_KEY = exports.Public = exports.CurrentUser = exports.CookieTokenInterceptor = exports.ClientInfoInterceptor = exports.CsrfGuard = exports.AuthGuard = exports.AuthModule = void 0;
+__exportStar(require("@nauth-toolkit/core"), exports);
+var auth_module_1 = require("./auth.module");
+Object.defineProperty(exports, "AuthModule", { enumerable: true, get: function () { return auth_module_1.AuthModule; } });
+var auth_guard_1 = require("./guards/auth.guard");
+Object.defineProperty(exports, "AuthGuard", { enumerable: true, get: function () { return auth_guard_1.AuthGuard; } });
+var csrf_guard_1 = require("./guards/csrf.guard");
+Object.defineProperty(exports, "CsrfGuard", { enumerable: true, get: function () { return csrf_guard_1.CsrfGuard; } });
+var client_info_interceptor_1 = require("./interceptors/client-info.interceptor");
+Object.defineProperty(exports, "ClientInfoInterceptor", { enumerable: true, get: function () { return client_info_interceptor_1.ClientInfoInterceptor; } });
+var cookie_token_interceptor_1 = require("./interceptors/cookie-token.interceptor");
+Object.defineProperty(exports, "CookieTokenInterceptor", { enumerable: true, get: function () { return cookie_token_interceptor_1.CookieTokenInterceptor; } });
+var current_user_decorator_1 = require("./decorators/current-user.decorator");
+Object.defineProperty(exports, "CurrentUser", { enumerable: true, get: function () { return current_user_decorator_1.CurrentUser; } });
+var public_decorator_1 = require("./decorators/public.decorator");
+Object.defineProperty(exports, "Public", { enumerable: true, get: function () { return public_decorator_1.Public; } });
+Object.defineProperty(exports, "IS_PUBLIC_KEY", { enumerable: true, get: function () { return public_decorator_1.IS_PUBLIC_KEY; } });
+var client_info_decorator_1 = require("./decorators/client-info.decorator");
+Object.defineProperty(exports, "ClientInfo", { enumerable: true, get: function () { return client_info_decorator_1.ClientInfo; } });
+var token_delivery_decorator_1 = require("./decorators/token-delivery.decorator");
+Object.defineProperty(exports, "TokenDelivery", { enumerable: true, get: function () { return token_delivery_decorator_1.TokenDelivery; } });
+Object.defineProperty(exports, "TOKEN_DELIVERY_KEY", { enumerable: true, get: function () { return token_delivery_decorator_1.TOKEN_DELIVERY_KEY; } });
+var nauth_http_exception_filter_1 = require("./filters/nauth-http-exception.filter");
+Object.defineProperty(exports, "NAuthHttpExceptionFilter", { enumerable: true, get: function () { return nauth_http_exception_filter_1.NAuthHttpExceptionFilter; } });
+var nestjs_logger_adapter_1 = require("./providers/nestjs-logger.adapter");
+Object.defineProperty(exports, "NestJsLoggerAdapter", { enumerable: true, get: function () { return nestjs_logger_adapter_1.NestJsLoggerAdapter; } });
+var csrf_service_1 = require("./services/csrf.service");
+Object.defineProperty(exports, "CsrfService", { enumerable: true, get: function () { return csrf_service_1.CsrfService; } });
+__exportStar(require("./dto"), exports);
+var storage_adapter_factory_1 = require("./factories/storage-adapter.factory");
+Object.defineProperty(exports, "createDatabaseStorageAdapter", { enumerable: true, get: function () { return storage_adapter_factory_1.createDatabaseStorageAdapter; } });
+Object.defineProperty(exports, "createRedisStorageAdapter", { enumerable: true, get: function () { return storage_adapter_factory_1.createRedisStorageAdapter; } });
+Object.defineProperty(exports, "createRedisClusterAdapter", { enumerable: true, get: function () { return storage_adapter_factory_1.createRedisClusterAdapter; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAiBA,sDAAoC;AASpC,6CAA8D;AAArD,yGAAA,UAAU,OAAA;AAKnB,kDAAgD;AAAvC,uGAAA,SAAS,OAAA;AAClB,kDAAgD;AAAvC,uGAAA,SAAS,OAAA;AAKlB,kFAA+E;AAAtE,gIAAA,qBAAqB,OAAA;AAC9B,oFAAiF;AAAxE,kIAAA,sBAAsB,OAAA;AAK/B,8EAAkE;AAAzD,qHAAA,WAAW,OAAA;AACpB,kEAAsE;AAA7D,0GAAA,MAAM,OAAA;AAAE,iHAAA,aAAa,OAAA;AAC9B,4EAAgE;AAAvD,mHAAA,UAAU,OAAA;AACnB,kFAAyG;AAAhG,yHAAA,aAAa,OAAA;AAAE,8HAAA,kBAAkB,OAAA;AAK1C,qFAAiF;AAAxE,uIAAA,wBAAwB,OAAA;AAKjC,2EAAwE;AAA/D,4HAAA,mBAAmB,OAAA;AAK5B,wDAAsD;AAA7C,2GAAA,WAAW,OAAA;AAKpB,wCAAsB;AAKtB,+EAI6C;AAH3C,uIAAA,4BAA4B,OAAA;AAC5B,oIAAA,yBAAyB,OAAA;AACzB,oIAAA,yBAAyB,OAAA"}

package/dist/interceptors/client-info.interceptor.d.ts

@@ -0,0 +1,13 @@
+import { NestInterceptor, ExecutionContext, CallHandler } from '@nestjs/common';
+import { Observable } from 'rxjs';
+import { NAuthConfig } from '@nauth-toolkit/core';
+import { GeoLocationService } from '@nauth-toolkit/core/internal';
+export declare class ClientInfoInterceptor implements NestInterceptor {
+    private readonly config?;
+    private readonly geoLocationService?;
+    private readonly clientInfoService;
+    constructor(config?: NAuthConfig | undefined, geoLocationService?: GeoLocationService | undefined);
+    intercept(context: ExecutionContext, next: CallHandler): Observable<unknown>;
+    private extractAndStoreClientInfo;
+}
+//# sourceMappingURL=client-info.interceptor.d.ts.map

package/dist/interceptors/client-info.interceptor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-info.interceptor.d.ts","sourceRoot":"","sources":["../../src/interceptors/client-info.interceptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,eAAe,EAAE,gBAAgB,EAAE,WAAW,EAAoB,MAAM,gBAAgB,CAAC;AAC9G,OAAO,EAAE,UAAU,EAAY,MAAM,MAAM,CAAC;AAE5C,OAAO,EAKL,WAAW,EAEZ,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAgClE,qBACa,qBAAsB,YAAW,eAAe;IAMzD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;IAExB,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC;IAPtC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAA2B;gBAK1C,MAAM,CAAC,EAAE,WAAW,YAAA,EAEpB,kBAAkB,CAAC,EAAE,kBAAkB,YAAA;IAG1D,SAAS,CAAC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC;IAoB5E,OAAO,CAAC,yBAAyB;CAkIlC"}

package/dist/interceptors/client-info.interceptor.js

@@ -0,0 +1,108 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ClientInfoInterceptor = void 0;
+const common_1 = require("@nestjs/common");
+const rxjs_1 = require("rxjs");
+const operators_1 = require("rxjs/operators");
+const core_1 = require("@nauth-toolkit/core");
+const internal_1 = require("@nauth-toolkit/core/internal");
+let ClientInfoInterceptor = class ClientInfoInterceptor {
+    config;
+    geoLocationService;
+    clientInfoService = new core_1.ClientInfoService();
+    constructor(config, geoLocationService) {
+        this.config = config;
+        this.geoLocationService = geoLocationService;
+    }
+    intercept(context, next) {
+        return new rxjs_1.Observable((subscriber) => {
+            core_1.ContextStorage.run(() => {
+                this.extractAndStoreClientInfo(context, next).subscribe({
+                    next: (value) => subscriber.next(value),
+                    error: (err) => subscriber.error(err),
+                    complete: () => subscriber.complete(),
+                });
+            });
+        });
+    }
+    extractAndStoreClientInfo(context, next) {
+        const request = context.switchToHttp().getRequest();
+        const response = context.switchToHttp().getResponse();
+        const headers = request.headers || {};
+        const userAgent = headers['user-agent'];
+        const userAgentString = typeof userAgent === 'string' ? userAgent : 'unknown';
+        const parsedUA = this.clientInfoService.parseUserAgent(userAgentString);
+        const deviceTokenCookieName = this.config ? (0, core_1.getDeviceTokenCookieName)(this.config) : 'nauth_device_token';
+        const deviceTokenCookie = request.cookies?.[deviceTokenCookieName];
+        const deviceTokenHeader = headers['x-device-token'] || headers['X-Device-Token'];
+        const deviceToken = (typeof deviceTokenCookie === 'string' ? deviceTokenCookie : undefined) ||
+            (typeof deviceTokenHeader === 'string' ? deviceTokenHeader : undefined) ||
+            (deviceTokenHeader ? String(deviceTokenHeader) : undefined);
+        const sessionIdFromToken = request?.token?.sessionId;
+        const sessionIdNumber = sessionIdFromToken ? parseInt(sessionIdFromToken, 10) : undefined;
+        const userIdFromToken = request?.token?.sub;
+        const userIdNumber = userIdFromToken ? parseInt(userIdFromToken, 10) : undefined;
+        const clientInfo = {
+            ipAddress: (0, core_1.extractClientIp)(request),
+            userAgent: userAgentString,
+            deviceToken,
+            deviceName: request.body?.deviceName || parsedUA.deviceName || undefined,
+            deviceType: request.body?.deviceType || parsedUA.deviceType || undefined,
+            platform: parsedUA.platform || undefined,
+            browser: parsedUA.browser || undefined,
+            sessionId: sessionIdNumber && !isNaN(sessionIdNumber) ? sessionIdNumber : undefined,
+            userId: userIdNumber && !isNaN(userIdNumber) ? userIdNumber : undefined,
+            ipCountry: undefined,
+            ipCity: undefined,
+            ipLatitude: undefined,
+            ipLongitude: undefined,
+        };
+        if (this.geoLocationService && clientInfo.ipAddress) {
+            return (0, rxjs_1.from)(this.geoLocationService.getIpGeolocation(clientInfo.ipAddress)).pipe((0, operators_1.catchError)(() => {
+                return (0, rxjs_1.of)({ country: undefined, city: undefined, latitude: undefined, longitude: undefined });
+            }), (0, operators_1.switchMap)((geo) => {
+                clientInfo.ipCountry = geo.country;
+                clientInfo.ipCity = geo.city;
+                clientInfo.ipLatitude = geo.latitude;
+                clientInfo.ipLongitude = geo.longitude;
+                core_1.ContextStorage.set('CLIENT_INFO', clientInfo);
+                core_1.ContextStorage.set('HTTP_RESPONSE', response);
+                request.clientInfo = clientInfo;
+                const sessionId = request?.token?.sessionId;
+                if (sessionId && typeof response.setHeader === 'function') {
+                    response.setHeader('X-Session-Id', sessionId);
+                }
+                return next.handle();
+            }));
+        }
+        core_1.ContextStorage.set('CLIENT_INFO', clientInfo);
+        core_1.ContextStorage.set('HTTP_RESPONSE', response);
+        request.clientInfo = clientInfo;
+        const sessionId = request?.token?.sessionId;
+        if (sessionId && typeof response.setHeader === 'function') {
+            response.setHeader('X-Session-Id', sessionId);
+        }
+        return next.handle();
+    }
+};
+exports.ClientInfoInterceptor = ClientInfoInterceptor;
+exports.ClientInfoInterceptor = ClientInfoInterceptor = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Optional)()),
+    __param(0, (0, common_1.Inject)('NAUTH_CONFIG')),
+    __param(1, (0, common_1.Optional)()),
+    __metadata("design:paramtypes", [Object, internal_1.GeoLocationService])
+], ClientInfoInterceptor);
+//# sourceMappingURL=client-info.interceptor.js.map

package/dist/interceptors/client-info.interceptor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-info.interceptor.js","sourceRoot":"","sources":["../../src/interceptors/client-info.interceptor.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAA8G;AAC9G,+BAA4C;AAC5C,8CAAuD;AACvD,8CAO6B;AAC7B,2DAAkE;AAiC3D,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAMb;IAEA;IAPF,iBAAiB,GAAG,IAAI,wBAAiB,EAAE,CAAC;IAE7D,YAGmB,MAAoB,EAEpB,kBAAuC;QAFvC,WAAM,GAAN,MAAM,CAAc;QAEpB,uBAAkB,GAAlB,kBAAkB,CAAqB;IACvD,CAAC;IAEJ,SAAS,CAAC,OAAyB,EAAE,IAAiB;QAEpD,OAAO,IAAI,iBAAU,CAAC,CAAC,UAAU,EAAE,EAAE;YACnC,qBAAc,CAAC,GAAG,CAAC,GAAG,EAAE;gBACtB,IAAI,CAAC,yBAAyB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,SAAS,CAAC;oBACtD,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;oBACvC,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC;oBACrC,QAAQ,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE;iBACtC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IASO,yBAAyB,CAAC,OAAyB,EAAE,IAAiB;QAC5E,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,CAAC;QAGtD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;QACxC,MAAM,eAAe,GAAG,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;QAG9E,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC;QAIxE,MAAM,qBAAqB,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAA,+BAAwB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC;QACzG,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,qBAAqB,CAAC,CAAC;QACnE,MAAM,iBAAiB,GAAG,OAAO,CAAC,gBAAgB,CAAC,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAAC;QACjF,MAAM,WAAW,GACf,CAAC,OAAO,iBAAiB,KAAK,QAAQ,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YACvE,CAAC,OAAO,iBAAiB,KAAK,QAAQ,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YACvE,CAAC,iBAAiB,CAAC,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAI9D,MAAM,kBAAkB,GAAuB,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC;QACzE,MAAM,eAAe,GAAuB,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC9G,MAAM,eAAe,GAAuB,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC;QAChE,MAAM,YAAY,GAAuB,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAErG,MAAM,UAAU,GAAgB;YAO9B,SAAS,EAAE,IAAA,sBAAe,EAAC,OAAO,CAAC;YAgBnC,SAAS,EAAE,eAAe;YAC1B,WAAW;YAEX,UAAU,EAAE,OAAO,CAAC,IAAI,EAAE,UAAU,IAAI,QAAQ,CAAC,UAAU,IAAI,SAAS;YACxE,UAAU,EAAE,OAAO,CAAC,IAAI,EAAE,UAAU,IAAI,QAAQ,CAAC,UAAU,IAAI,SAAS;YACxE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,SAAS;YACxC,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,SAAS;YAEtC,SAAS,EAAE,eAAe,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;YAEnF,MAAM,EAAE,YAAY,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;YAEvE,SAAS,EAAE,SAAS;YACpB,MAAM,EAAE,SAAS;YACjB,UAAU,EAAE,SAAS;YACrB,WAAW,EAAE,SAAS;SACvB,CAAC;QAKF,IAAI,IAAI,CAAC,kBAAkB,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;YAIpD,OAAO,IAAA,WAAI,EAAC,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAC9E,IAAA,sBAAU,EAAC,GAAG,EAAE;gBAId,OAAO,IAAA,SAAE,EAAC,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;YAChG,CAAC,CAAC,EACF,IAAA,qBAAS,EAAC,CAAC,GAAG,EAAE,EAAE;gBAEhB,UAAU,CAAC,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC;gBACnC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC;gBAC7B,UAAU,CAAC,UAAU,GAAG,GAAG,CAAC,QAAQ,CAAC;gBACrC,UAAU,CAAC,WAAW,GAAG,GAAG,CAAC,SAAS,CAAC;gBAGvC,qBAAc,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;gBAG9C,qBAAc,CAAC,GAAG,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;gBAG9C,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC;gBAIhC,MAAM,SAAS,GAAuB,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC;gBAChE,IAAI,SAAS,IAAI,OAAO,QAAQ,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;oBAC1D,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;gBAChD,CAAC;gBAED,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;YACvB,CAAC,CAAC,CACH,CAAC;QACJ,CAAC;QAGD,qBAAc,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;QAG9C,qBAAc,CAAC,GAAG,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QAG9C,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC;QAIhC,MAAM,SAAS,GAAuB,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC;QAChE,IAAI,SAAS,IAAI,OAAO,QAAQ,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;YAC1D,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QAChD,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;CACF,CAAA;AAjKY,sDAAqB;gCAArB,qBAAqB;IADjC,IAAA,mBAAU,GAAE;IAKR,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,eAAM,EAAC,cAAc,CAAC,CAAA;IAEtB,WAAA,IAAA,iBAAQ,GAAE,CAAA;6CAC2B,6BAAkB;GAR/C,qBAAqB,CAiKjC"}

package/dist/interceptors/cookie-token.interceptor.d.ts

@@ -0,0 +1,15 @@
+import { NestInterceptor, ExecutionContext, CallHandler } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { Observable } from 'rxjs';
+import { NAuthConfig } from '@nauth-toolkit/core';
+import { JwtService } from '@nauth-toolkit/core/internal';
+import { CsrfService } from '../services/csrf.service';
+export declare class CookieTokenInterceptor implements NestInterceptor {
+    private readonly config;
+    private readonly jwtService;
+    private readonly reflector;
+    private readonly csrfService?;
+    constructor(config: NAuthConfig, jwtService: JwtService, reflector: Reflector, csrfService?: CsrfService | undefined);
+    intercept(context: ExecutionContext, next: CallHandler): Observable<unknown>;
+}
+//# sourceMappingURL=cookie-token.interceptor.d.ts.map

package/dist/interceptors/cookie-token.interceptor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookie-token.interceptor.d.ts","sourceRoot":"","sources":["../../src/interceptors/cookie-token.interceptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,eAAe,EAAE,gBAAgB,EAAE,WAAW,EAAU,MAAM,gBAAgB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAElC,OAAO,EAEL,WAAW,EAQZ,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAE1D,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAkBvD,qBACa,sBAAuB,YAAW,eAAe;IAG1D,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAHZ,MAAM,EAAE,WAAW,EACnB,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,SAAS,EACpB,WAAW,CAAC,EAAE,WAAW,YAAA;IAG5C,SAAS,CAAC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC;CAwM7E"}

package/dist/interceptors/cookie-token.interceptor.js

@@ -0,0 +1,164 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CookieTokenInterceptor = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const operators_1 = require("rxjs/operators");
+const core_2 = require("@nauth-toolkit/core");
+const internal_1 = require("@nauth-toolkit/core/internal");
+const token_delivery_decorator_1 = require("../decorators/token-delivery.decorator");
+const csrf_service_1 = require("../services/csrf.service");
+let CookieTokenInterceptor = class CookieTokenInterceptor {
+    config;
+    jwtService;
+    reflector;
+    csrfService;
+    constructor(config, jwtService, reflector, csrfService) {
+        this.config = config;
+        this.jwtService = jwtService;
+        this.reflector = reflector;
+        this.csrfService = csrfService;
+    }
+    intercept(context, next) {
+        if (context.getType() !== 'http') {
+            return next.handle();
+        }
+        const deliveryConfig = this.config.tokenDelivery;
+        const http = context.switchToHttp();
+        const req = http.getRequest();
+        const res = http.getResponse();
+        const routeMode = this.reflector.get(token_delivery_decorator_1.TOKEN_DELIVERY_KEY, context.getHandler());
+        const method = deliveryConfig?.method || 'json';
+        if (routeMode === 'cookies') {
+            if (method === 'json') {
+                throw new core_2.NAuthException(core_2.AuthErrorCode.COOKIES_NOT_ALLOWED, "Route-level cookie delivery requested, but tokenDelivery.method is 'json' (cookies disabled)");
+            }
+        }
+        else if (routeMode === 'json') {
+            if (method === 'cookies') {
+                throw new core_2.NAuthException(core_2.AuthErrorCode.BEARER_NOT_ALLOWED, "Route-level JSON delivery requested, but tokenDelivery.method is 'cookies' (JSON/Bearer tokens disabled)");
+            }
+        }
+        let effective = 'json';
+        if (routeMode) {
+            effective = routeMode;
+        }
+        else if (method === 'hybrid') {
+            effective = (0, core_2.resolveDeliveryForRequest)(req, deliveryConfig?.hybridPolicy);
+        }
+        else if (method === 'cookies') {
+            effective = 'cookies';
+        }
+        else {
+            effective = 'json';
+        }
+        return next.handle().pipe((0, operators_1.map)((data) => {
+            const hasDeviceTokenOnly = data && 'deviceToken' in data && !('accessToken' in data);
+            const hasAccessToken = data && 'accessToken' in data && data.accessToken;
+            if (!data || (!hasAccessToken && !hasDeviceTokenOnly)) {
+                return data;
+            }
+            const opt = deliveryConfig?.cookieOptions;
+            const cookieOptions = {
+                httpOnly: true,
+                secure: opt?.secure !== false,
+                sameSite: (opt?.sameSite || 'strict'),
+                path: opt?.path || '/',
+            };
+            if (opt?.domain) {
+                cookieOptions.domain = opt.domain;
+            }
+            let accessTokenMaxAgeMs = 0;
+            if (hasAccessToken && 'accessToken' in data && data.accessToken) {
+                const accessPayload = this.jwtService.decodeToken(data.accessToken);
+                if (!accessPayload?.exp) {
+                    throw new core_2.NAuthException(core_2.AuthErrorCode.TOKEN_INVALID, 'Access token missing or invalid exp claim; refusing to set cookies');
+                }
+                const accessExpSeconds = accessPayload.exp;
+                accessTokenMaxAgeMs = Math.max(0, accessExpSeconds * 1000 - Date.now());
+                if (accessTokenMaxAgeMs <= 0) {
+                    throw new core_2.NAuthException(core_2.AuthErrorCode.TOKEN_INVALID, 'Access token already expired; refusing to set cookies');
+                }
+            }
+            const setCookie = (name, value, options) => {
+                if (res && typeof res.cookie === 'function') {
+                    res.cookie(name, value, options);
+                }
+                else if (res && typeof res.setCookie === 'function') {
+                    res.setCookie(name, value, options);
+                }
+            };
+            if (effective === 'cookies' && hasAccessToken && 'accessToken' in data && data.accessToken) {
+                const accessTokenCookieName = (0, core_2.getAccessTokenCookieName)(this.config);
+                setCookie(accessTokenCookieName, data.accessToken, {
+                    ...cookieOptions,
+                    maxAge: accessTokenMaxAgeMs,
+                });
+            }
+            if ('refreshToken' in data && data.refreshToken && effective === 'cookies') {
+                const refreshPayload = this.jwtService.decodeToken(data.refreshToken);
+                if (!refreshPayload?.exp) {
+                    throw new core_2.NAuthException(core_2.AuthErrorCode.TOKEN_INVALID, 'Refresh token missing or invalid exp claim; refusing to set cookies');
+                }
+                const refreshExpSeconds = refreshPayload.exp;
+                const refreshTokenMaxAgeMs = Math.max(0, refreshExpSeconds * 1000 - Date.now());
+                if (refreshTokenMaxAgeMs <= 0) {
+                    throw new core_2.NAuthException(core_2.AuthErrorCode.TOKEN_INVALID, 'Refresh token already expired; refusing to set cookies');
+                }
+                const refreshTokenCookieName = (0, core_2.getRefreshTokenCookieName)(this.config);
+                setCookie(refreshTokenCookieName, data.refreshToken, {
+                    ...cookieOptions,
+                    maxAge: refreshTokenMaxAgeMs,
+                });
+            }
+            if ('deviceToken' in data && data.deviceToken && effective === 'cookies') {
+                const rememberDeviceDays = this.config.mfa?.rememberDeviceDays || 30;
+                const deviceTokenMaxAgeMs = rememberDeviceDays * 24 * 60 * 60 * 1000;
+                const deviceTokenCookieName = (0, core_2.getDeviceTokenCookieName)(this.config);
+                setCookie(deviceTokenCookieName, data.deviceToken, {
+                    ...cookieOptions,
+                    maxAge: deviceTokenMaxAgeMs,
+                });
+            }
+            if (effective === 'cookies' && this.csrfService && this.config.security?.csrf) {
+                const csrfToken = this.csrfService.generateToken();
+                const csrfCookieName = this.csrfService.getCookieName();
+                const csrfCookieOptions = this.csrfService.getCookieOptions();
+                setCookie(csrfCookieName, csrfToken, {
+                    ...csrfCookieOptions,
+                    maxAge: accessTokenMaxAgeMs > 0 ? accessTokenMaxAgeMs : undefined,
+                });
+            }
+            if (effective === 'cookies') {
+                if (hasDeviceTokenOnly) {
+                    return {};
+                }
+                const authData = data;
+                const { accessToken, refreshToken, deviceToken, accessTokenExpiresAt, refreshTokenExpiresAt, ...sanitized } = authData;
+                return sanitized;
+            }
+            return data;
+        }));
+    }
+};
+exports.CookieTokenInterceptor = CookieTokenInterceptor;
+exports.CookieTokenInterceptor = CookieTokenInterceptor = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Inject)('NAUTH_CONFIG')),
+    __metadata("design:paramtypes", [Object, internal_1.JwtService,
+        core_1.Reflector,
+        csrf_service_1.CsrfService])
+], CookieTokenInterceptor);
+//# sourceMappingURL=cookie-token.interceptor.js.map

package/dist/interceptors/cookie-token.interceptor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookie-token.interceptor.js","sourceRoot":"","sources":["../../src/interceptors/cookie-token.interceptor.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAoG;AACpG,uCAAyC;AAEzC,8CAAqC;AACrC,8CAU6B;AAC7B,2DAA0D;AAC1D,qFAA2F;AAC3F,2DAAuD;AAmBhD,IAAM,sBAAsB,GAA5B,MAAM,sBAAsB;IAGd;IACA;IACA;IACA;IALnB,YAEmB,MAAmB,EACnB,UAAsB,EACtB,SAAoB,EACpB,WAAyB;QAHzB,WAAM,GAAN,MAAM,CAAa;QACnB,eAAU,GAAV,UAAU,CAAY;QACtB,cAAS,GAAT,SAAS,CAAW;QACpB,gBAAW,GAAX,WAAW,CAAc;IACzC,CAAC;IAEJ,SAAS,CAAC,OAAyB,EAAE,IAAiB;QAEpD,IAAI,OAAO,CAAC,OAAO,EAAE,KAAK,MAAM,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,CAAC;QAED,MAAM,cAAc,GAAoC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;QAClF,MAAM,IAAI,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;QAGpC,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAkB,CAAC;QAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,EAAmB,CAAC;QAGhD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAgB,6CAAkB,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QAC9F,MAAM,MAAM,GAAG,cAAc,EAAE,MAAM,IAAI,MAAM,CAAC;QAGhD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAE5B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;gBACtB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,mBAAmB,EACjC,8FAA8F,CAC/F,CAAC;YACJ,CAAC;QAEH,CAAC;aAAM,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;YAEhC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,kBAAkB,EAChC,0GAA0G,CAC3G,CAAC;YACJ,CAAC;QAEH,CAAC;QAED,IAAI,SAAS,GAAuB,MAAM,CAAC;QAC3C,IAAI,SAAS,EAAE,CAAC;YACd,SAAS,GAAG,SAAS,CAAC;QACxB,CAAC;aAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,SAAS,GAAG,IAAA,gCAAyB,EAAC,GAAG,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;QAC3E,CAAC;aAAM,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YAChC,SAAS,GAAG,SAAS,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,CAAC;QACrB,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CACvB,IAAA,eAAG,EAAC,CAAC,IAAgD,EAAE,EAAE;YAEvD,MAAM,kBAAkB,GAAG,IAAI,IAAI,aAAa,IAAI,IAAI,IAAI,CAAC,CAAC,aAAa,IAAI,IAAI,CAAC,CAAC;YACrF,MAAM,cAAc,GAAG,IAAI,IAAI,aAAa,IAAI,IAAI,IAAI,IAAI,CAAC,WAAW,CAAC;YAGzE,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,cAAc,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACtD,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,MAAM,GAAG,GAAG,cAAc,EAAE,aAAa,CAAC;YAc1C,MAAM,aAAa,GAMf;gBACF,QAAQ,EAAE,IAAa;gBACvB,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,KAAK;gBAC7B,QAAQ,EAAE,CAAC,GAAG,EAAE,QAAQ,IAAI,QAAQ,CAA8B;gBAClE,IAAI,EAAE,GAAG,EAAE,IAAI,IAAI,GAAG;aACvB,CAAC;YAIF,IAAI,GAAG,EAAE,MAAM,EAAE,CAAC;gBAChB,aAAa,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YACpC,CAAC;YAKD,IAAI,mBAAmB,GAAG,CAAC,CAAC;YAC5B,IAAI,cAAc,IAAI,aAAa,IAAI,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAChE,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACpE,IAAI,CAAC,aAAa,EAAE,GAAG,EAAE,CAAC;oBACxB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,aAAa,EAC3B,oEAAoE,CACrE,CAAC;gBACJ,CAAC;gBACD,MAAM,gBAAgB,GAAG,aAAa,CAAC,GAAa,CAAC;gBACrD,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,gBAAgB,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACxE,IAAI,mBAAmB,IAAI,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,aAAa,EAC3B,uDAAuD,CACxD,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,SAAS,GAAG,CAAC,IAAY,EAAE,KAAa,EAAE,OAAgC,EAAE,EAAE;gBAClF,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;oBAC5C,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;gBACnC,CAAC;qBAAM,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;oBACtD,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC,CAAC;YAGF,IAAI,SAAS,KAAK,SAAS,IAAI,cAAc,IAAI,aAAa,IAAI,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC3F,MAAM,qBAAqB,GAAG,IAAA,+BAAwB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACpE,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,WAAW,EAAE;oBACjD,GAAG,aAAa;oBAChB,MAAM,EAAE,mBAAmB;iBAC5B,CAAC,CAAC;YACL,CAAC;YAED,IAAI,cAAc,IAAI,IAAI,IAAI,IAAI,CAAC,YAAY,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC3E,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBACtE,IAAI,CAAC,cAAc,EAAE,GAAG,EAAE,CAAC;oBACzB,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,aAAa,EAC3B,qEAAqE,CACtE,CAAC;gBACJ,CAAC;gBACD,MAAM,iBAAiB,GAAG,cAAc,CAAC,GAAa,CAAC;gBACvD,MAAM,oBAAoB,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,iBAAiB,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBAChF,IAAI,oBAAoB,IAAI,CAAC,EAAE,CAAC;oBAC9B,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,aAAa,EAC3B,wDAAwD,CACzD,CAAC;gBACJ,CAAC;gBACD,MAAM,sBAAsB,GAAG,IAAA,gCAAyB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACtE,SAAS,CAAC,sBAAsB,EAAE,IAAI,CAAC,YAAY,EAAE;oBACnD,GAAG,aAAa;oBAChB,MAAM,EAAE,oBAAoB;iBAC7B,CAAC,CAAC;YACL,CAAC;YAKD,IAAI,aAAa,IAAI,IAAI,IAAI,IAAI,CAAC,WAAW,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBACzE,MAAM,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,kBAAkB,IAAI,EAAE,CAAC;gBACrE,MAAM,mBAAmB,GAAG,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;gBACrE,MAAM,qBAAqB,GAAG,IAAA,+BAAwB,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACpE,SAAS,CAAC,qBAAqB,EAAE,IAAI,CAAC,WAAW,EAAE;oBACjD,GAAG,aAAa;oBAChB,MAAM,EAAE,mBAAmB;iBAC5B,CAAC,CAAC;YACL,CAAC;YAID,IAAI,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;gBAC9E,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;gBACnD,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;gBACxD,MAAM,iBAAiB,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC;gBAI9D,SAAS,CAAC,cAAc,EAAE,SAAS,EAAE;oBACnC,GAAG,iBAAiB;oBACpB,MAAM,EAAE,mBAAmB,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;iBAClE,CAAC,CAAC;YACL,CAAC;YAID,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC5B,IAAI,kBAAkB,EAAE,CAAC;oBAEvB,OAAO,EAAE,CAAC;gBACZ,CAAC;gBACD,MAAM,QAAQ,GAAG,IAAuB,CAAC;gBACzC,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,GAAG,SAAS,EAAE,GACzG,QAAQ,CAAC;gBACX,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;CACF,CAAA;AAjNY,wDAAsB;iCAAtB,sBAAsB;IADlC,IAAA,mBAAU,GAAE;IAGR,WAAA,IAAA,eAAM,EAAC,cAAc,CAAC,CAAA;6CAEM,qBAAU;QACX,gBAAS;QACN,0BAAW;GANjC,sBAAsB,CAiNlC"}

package/dist/interceptors/index.d.ts

@@ -0,0 +1,3 @@
+export * from './client-info.interceptor';
+export * from './cookie-token.interceptor';
+//# sourceMappingURL=index.d.ts.map

package/dist/interceptors/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/interceptors/index.ts"],"names":[],"mappings":"AAAA,cAAc,2BAA2B,CAAC;AAC1C,cAAc,4BAA4B,CAAC"}

package/dist/interceptors/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./client-info.interceptor"), exports);
+__exportStar(require("./cookie-token.interceptor"), exports);
+//# sourceMappingURL=index.js.map

package/dist/interceptors/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/interceptors/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,4DAA0C;AAC1C,6DAA2C"}

package/dist/providers/nestjs-logger.adapter.d.ts

@@ -0,0 +1,18 @@
+import { LoggerProvider, LogMetadata, LogLevel } from '@nauth-toolkit/core';
+export declare class NestJsLoggerAdapter implements LoggerProvider {
+    private readonly logger;
+    private readonly piiRedactor;
+    private readonly enablePiiRedaction;
+    constructor(options?: {
+        context?: string;
+        enablePiiRedaction?: boolean;
+        piiRedactionOptions?: any;
+    });
+    debug(message: string, metadata?: LogMetadata): void;
+    log(message: string, metadata?: LogMetadata): void;
+    warn(message: string, metadata?: LogMetadata): void;
+    error(message: string, metadata?: LogMetadata): void;
+    setLogLevel(level: LogLevel): void;
+    isLevelEnabled(_level: LogLevel): boolean;
+}
+//# sourceMappingURL=nestjs-logger.adapter.d.ts.map

package/dist/providers/nestjs-logger.adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nestjs-logger.adapter.d.ts","sourceRoot":"","sources":["../../src/providers/nestjs-logger.adapter.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAe,MAAM,qBAAqB,CAAC;AA8CzF,qBACa,mBAAoB,YAAW,cAAc;IACxD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAU;gBAOjC,OAAO,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAAC,mBAAmB,CAAC,EAAE,GAAG,CAAA;KAAE;IAkBnG,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,IAAI;IAmBpD,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,IAAI;IAmBlD,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,IAAI;IAmBnD,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,IAAI;IA4BpD,WAAW,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI;IAYlC,cAAc,CAAC,MAAM,EAAE,QAAQ,GAAG,OAAO;CAK1C"}