@nik2208/node-auth 1.0.2

package/dist/services/token.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.service.d.ts","sourceRoot":"","sources":["../../src/services/token.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAGzD,qBAAa,YAAY;IACvB,iBAAiB,CAAC,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,UAAU,GAAG,SAAS;IAe7E,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,kBAAkB;IASxE,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,kBAAkB;IASzE,eAAe,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,GAAG,IAAI;IAkB3E,iBAAiB,CAAC,GAAG,EAAE,QAAQ,GAAG,IAAI;IAKtC,mBAAmB,CAAC,KAAK,GAAE,MAAW,GAAG,MAAM;IAI/C,sBAAsB,CAAC,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;CAexE"}

package/dist/services/token.service.js

@@ -0,0 +1,78 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenService = void 0;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const crypto_1 = __importDefault(require("crypto"));
+const errors_1 = require("../models/errors");
+class TokenService {
+    generateTokenPair(payload, config) {
+        const { sub, email, role } = payload;
+        const accessToken = jsonwebtoken_1.default.sign({ sub, email, role }, config.accessTokenSecret, { expiresIn: config.accessTokenExpiresIn ?? '15m' });
+        const refreshToken = jsonwebtoken_1.default.sign({ sub, email, role }, config.refreshTokenSecret, { expiresIn: config.refreshTokenExpiresIn ?? '7d' });
+        return { accessToken, refreshToken };
+    }
+    verifyAccessToken(token, config) {
+        try {
+            const payload = jsonwebtoken_1.default.verify(token, config.accessTokenSecret);
+            return payload;
+        }
+        catch {
+            throw new errors_1.AuthError('Invalid or expired access token', 'INVALID_ACCESS_TOKEN', 401);
+        }
+    }
+    verifyRefreshToken(token, config) {
+        try {
+            const payload = jsonwebtoken_1.default.verify(token, config.refreshTokenSecret);
+            return payload;
+        }
+        catch {
+            throw new errors_1.AuthError('Invalid or expired refresh token', 'INVALID_REFRESH_TOKEN', 401);
+        }
+    }
+    setTokenCookies(res, tokens, config) {
+        const cookieOpts = {
+            httpOnly: true,
+            secure: config.cookieOptions?.secure ?? false,
+            sameSite: (config.cookieOptions?.sameSite ?? 'lax'),
+            domain: config.cookieOptions?.domain,
+        };
+        res.cookie('accessToken', tokens.accessToken, {
+            ...cookieOpts,
+            maxAge: 15 * 60 * 1000,
+        });
+        res.cookie('refreshToken', tokens.refreshToken, {
+            ...cookieOpts,
+            maxAge: 7 * 24 * 60 * 60 * 1000,
+            path: '/auth/refresh',
+        });
+    }
+    clearTokenCookies(res) {
+        res.clearCookie('accessToken');
+        res.clearCookie('refreshToken', { path: '/auth/refresh' });
+    }
+    generateSecureToken(bytes = 32) {
+        return crypto_1.default.randomBytes(bytes).toString('hex');
+    }
+    extractTokenFromCookie(req, cookieName) {
+        // First try cookie-parser parsed cookies
+        if (req.cookies && req.cookies[cookieName]) {
+            return req.cookies[cookieName];
+        }
+        // Fallback: parse raw Cookie header
+        const cookieHeader = req.headers?.cookie;
+        if (!cookieHeader)
+            return null;
+        const cookies = cookieHeader.split(';').reduce((acc, part) => {
+            const [key, ...val] = part.trim().split('=');
+            if (key)
+                acc[key.trim()] = decodeURIComponent(val.join('='));
+            return acc;
+        }, {});
+        return cookies[cookieName] ?? null;
+    }
+}
+exports.TokenService = TokenService;
+//# sourceMappingURL=token.service.js.map

package/dist/services/token.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.service.js","sourceRoot":"","sources":["../../src/services/token.service.ts"],"names":[],"mappings":";;;;;;AAAA,gEAA+B;AAC/B,oDAA4B;AAI5B,6CAA6C;AAE7C,MAAa,YAAY;IACvB,iBAAiB,CAAC,OAA2B,EAAE,MAAkB;QAC/D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;QACrC,MAAM,WAAW,GAAG,sBAAG,CAAC,IAAI,CAC1B,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EACpB,MAAM,CAAC,iBAAiB,EACxB,EAAE,SAAS,EAAE,MAAM,CAAC,oBAAoB,IAAI,KAAK,EAAqB,CACvE,CAAC;QACF,MAAM,YAAY,GAAG,sBAAG,CAAC,IAAI,CAC3B,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EACpB,MAAM,CAAC,kBAAkB,EACzB,EAAE,SAAS,EAAE,MAAM,CAAC,qBAAqB,IAAI,IAAI,EAAqB,CACvE,CAAC;QACF,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;IACvC,CAAC;IAED,iBAAiB,CAAC,KAAa,EAAE,MAAkB;QACjD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,iBAAiB,CAAuB,CAAC;YAClF,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,kBAAS,CAAC,iCAAiC,EAAE,sBAAsB,EAAE,GAAG,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAED,kBAAkB,CAAC,KAAa,EAAE,MAAkB;QAClD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,kBAAkB,CAAuB,CAAC;YACnF,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,kBAAS,CAAC,kCAAkC,EAAE,uBAAuB,EAAE,GAAG,CAAC,CAAC;QACxF,CAAC;IACH,CAAC;IAED,eAAe,CAAC,GAAa,EAAE,MAAiB,EAAE,MAAkB;QAClE,MAAM,UAAU,GAAG;YACjB,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,IAAI,KAAK;YAC7C,QAAQ,EAAE,CAAC,MAAM,CAAC,aAAa,EAAE,QAAQ,IAAI,KAAK,CAA8B;YAChF,MAAM,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM;SACrC,CAAC;QACF,GAAG,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,WAAW,EAAE;YAC5C,GAAG,UAAU;YACb,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;SACvB,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,YAAY,EAAE;YAC9C,GAAG,UAAU;YACb,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;YAC/B,IAAI,EAAE,eAAe;SACtB,CAAC,CAAC;IACL,CAAC;IAED,iBAAiB,CAAC,GAAa;QAC7B,GAAG,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;QAC/B,GAAG,CAAC,WAAW,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,mBAAmB,CAAC,QAAgB,EAAE;QACpC,OAAO,gBAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnD,CAAC;IAED,sBAAsB,CAAC,GAAY,EAAE,UAAkB;QACrD,yCAAyC;QACzC,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3C,OAAO,GAAG,CAAC,OAAO,CAAC,UAAU,CAAW,CAAC;QAC3C,CAAC;QACD,oCAAoC;QACpC,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC;QACzC,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QAC/B,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAyB,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YACnF,MAAM,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC7C,IAAI,GAAG;gBAAE,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAC7D,OAAO,GAAG,CAAC;QACb,CAAC,EAAE,EAAE,CAAC,CAAC;QACP,OAAO,OAAO,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;IACrC,CAAC;CACF;AA5ED,oCA4EC"}

package/dist/strategies/local/local.strategy.d.ts

@@ -0,0 +1,19 @@
+import { BaseAuthStrategy } from '../../abstract/base-auth-strategy.abstract';
+import { AuthConfig } from '../../models/auth-config.model';
+import { BaseUser } from '../../models/user.model';
+import { IUserStore } from '../../interfaces/user-store.interface';
+import { PasswordService } from '../../services/password.service';
+export declare class LocalStrategy extends BaseAuthStrategy<{
+    email: string;
+    password: string;
+}, BaseUser> {
+    private readonly userStore;
+    private readonly passwordService;
+    name: string;
+    constructor(userStore: IUserStore, passwordService: PasswordService);
+    authenticate(input: {
+        email: string;
+        password: string;
+    }, _config: AuthConfig): Promise<BaseUser>;
+}
+//# sourceMappingURL=local.strategy.d.ts.map

package/dist/strategies/local/local.strategy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"local.strategy.d.ts","sourceRoot":"","sources":["../../../src/strategies/local/local.strategy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,4CAA4C,CAAC;AAC9E,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAC5D,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,uCAAuC,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAGlE,qBAAa,aAAc,SAAQ,gBAAgB,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,EAAE,QAAQ,CAAC;IAI9F,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,eAAe;IAJlC,IAAI,SAAW;gBAGI,SAAS,EAAE,UAAU,EACrB,eAAe,EAAE,eAAe;IAK7C,YAAY,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC;CAcvG"}

package/dist/strategies/local/local.strategy.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LocalStrategy = void 0;
+const base_auth_strategy_abstract_1 = require("../../abstract/base-auth-strategy.abstract");
+const errors_1 = require("../../models/errors");
+class LocalStrategy extends base_auth_strategy_abstract_1.BaseAuthStrategy {
+    constructor(userStore, passwordService) {
+        super();
+        this.userStore = userStore;
+        this.passwordService = passwordService;
+        this.name = 'local';
+    }
+    async authenticate(input, _config) {
+        const user = await this.userStore.findByEmail(input.email);
+        if (!user) {
+            throw new errors_1.AuthError('Invalid credentials', 'INVALID_CREDENTIALS', 401);
+        }
+        if (!user.password) {
+            throw new errors_1.AuthError('Invalid credentials', 'INVALID_CREDENTIALS', 401);
+        }
+        const valid = await this.passwordService.compare(input.password, user.password);
+        if (!valid) {
+            throw new errors_1.AuthError('Invalid credentials', 'INVALID_CREDENTIALS', 401);
+        }
+        return user;
+    }
+}
+exports.LocalStrategy = LocalStrategy;
+//# sourceMappingURL=local.strategy.js.map

package/dist/strategies/local/local.strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"local.strategy.js","sourceRoot":"","sources":["../../../src/strategies/local/local.strategy.ts"],"names":[],"mappings":";;;AAAA,4FAA8E;AAK9E,gDAAgD;AAEhD,MAAa,aAAc,SAAQ,8CAA+D;IAGhG,YACmB,SAAqB,EACrB,eAAgC;QAEjD,KAAK,EAAE,CAAC;QAHS,cAAS,GAAT,SAAS,CAAY;QACrB,oBAAe,GAAf,eAAe,CAAiB;QAJnD,SAAI,GAAG,OAAO,CAAC;IAOf,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAA0C,EAAE,OAAmB;QAChF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC3D,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,kBAAS,CAAC,qBAAqB,EAAE,qBAAqB,EAAE,GAAG,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAI,kBAAS,CAAC,qBAAqB,EAAE,qBAAqB,EAAE,GAAG,CAAC,CAAC;QACzE,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,kBAAS,CAAC,qBAAqB,EAAE,qBAAqB,EAAE,GAAG,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAxBD,sCAwBC"}

package/dist/strategies/magic-link/magic-link.strategy.d.ts

@@ -0,0 +1,8 @@
+import { IUserStore } from '../../interfaces/user-store.interface';
+import { AuthConfig } from '../../models/auth-config.model';
+import { BaseUser } from '../../models/user.model';
+export declare class MagicLinkStrategy {
+    sendMagicLink(email: string, userStore: IUserStore, config: AuthConfig, lang?: string): Promise<void>;
+    verify(token: string, userStore: IUserStore): Promise<BaseUser>;
+}
+//# sourceMappingURL=magic-link.strategy.d.ts.map

package/dist/strategies/magic-link/magic-link.strategy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"magic-link.strategy.d.ts","sourceRoot":"","sources":["../../../src/strategies/magic-link/magic-link.strategy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,uCAAuC,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAC5D,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AAOnD,qBAAa,iBAAiB;IACtB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAsBrG,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC;CAiBtE"}

package/dist/strategies/magic-link/magic-link.strategy.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MagicLinkStrategy = void 0;
+const token_service_1 = require("../../services/token.service");
+const mailer_service_1 = require("../../services/mailer.service");
+const errors_1 = require("../../models/errors");
+const tokenService = new token_service_1.TokenService();
+class MagicLinkStrategy {
+    async sendMagicLink(email, userStore, config, lang) {
+        if (!config.email?.sendMagicLink && !config.email?.mailer) {
+            throw new errors_1.AuthError('Email not configured', 'EMAIL_NOT_CONFIGURED', 500);
+        }
+        const user = await userStore.findByEmail(email);
+        if (!user) {
+            // Don't reveal whether email exists
+            return;
+        }
+        const token = tokenService.generateSecureToken();
+        const expiry = new Date(Date.now() + 15 * 60 * 1000); // 15 min
+        await userStore.updateMagicLinkToken(user.id, token, expiry);
+        const siteUrl = config.email?.siteUrl ?? '';
+        const link = `${siteUrl}/auth/magic-link/verify?token=${token}`;
+        if (config.email?.sendMagicLink) {
+            await config.email.sendMagicLink(email, token, link, lang);
+        }
+        else if (config.email?.mailer) {
+            const mailer = new mailer_service_1.MailerService(config.email.mailer);
+            await mailer.sendMagicLink(email, token, link, lang);
+        }
+    }
+    async verify(token, userStore) {
+        if (!userStore.findByMagicLinkToken) {
+            throw new errors_1.AuthError('UserStore does not implement findByMagicLinkToken', 'NOT_IMPLEMENTED', 500);
+        }
+        const user = await userStore.findByMagicLinkToken(token);
+        if (!user) {
+            throw new errors_1.AuthError('Invalid magic link token', 'INVALID_MAGIC_LINK', 401);
+        }
+        if (!user.magicLinkToken || user.magicLinkToken !== token) {
+            throw new errors_1.AuthError('Invalid magic link token', 'INVALID_MAGIC_LINK', 401);
+        }
+        if (user.magicLinkTokenExpiry && new Date() > user.magicLinkTokenExpiry) {
+            throw new errors_1.AuthError('Magic link token has expired', 'MAGIC_LINK_EXPIRED', 401);
+        }
+        await userStore.updateMagicLinkToken(user.id, null, null);
+        return user;
+    }
+}
+exports.MagicLinkStrategy = MagicLinkStrategy;
+//# sourceMappingURL=magic-link.strategy.js.map

package/dist/strategies/magic-link/magic-link.strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"magic-link.strategy.js","sourceRoot":"","sources":["../../../src/strategies/magic-link/magic-link.strategy.ts"],"names":[],"mappings":";;;AAGA,gEAA4D;AAC5D,kEAA8D;AAC9D,gDAAgD;AAEhD,MAAM,YAAY,GAAG,IAAI,4BAAY,EAAE,CAAC;AAExC,MAAa,iBAAiB;IAC5B,KAAK,CAAC,aAAa,CAAC,KAAa,EAAE,SAAqB,EAAE,MAAkB,EAAE,IAAa;QACzF,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,aAAa,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC;YAC1D,MAAM,IAAI,kBAAS,CAAC,sBAAsB,EAAE,sBAAsB,EAAE,GAAG,CAAC,CAAC;QAC3E,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,oCAAoC;YACpC,OAAO;QACT,CAAC;QACD,MAAM,KAAK,GAAG,YAAY,CAAC,mBAAmB,EAAE,CAAC;QACjD,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS;QAC/D,MAAM,SAAS,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC7D,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,GAAG,OAAO,iCAAiC,KAAK,EAAE,CAAC;QAChE,IAAI,MAAM,CAAC,KAAK,EAAE,aAAa,EAAE,CAAC;YAChC,MAAM,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAC7D,CAAC;aAAM,IAAI,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC;YAChC,MAAM,MAAM,GAAG,IAAI,8BAAa,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACtD,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,SAAqB;QAC/C,IAAI,CAAC,SAAS,CAAC,oBAAoB,EAAE,CAAC;YACpC,MAAM,IAAI,kBAAS,CAAC,mDAAmD,EAAE,iBAAiB,EAAE,GAAG,CAAC,CAAC;QACnG,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,kBAAS,CAAC,0BAA0B,EAAE,oBAAoB,EAAE,GAAG,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,KAAK,KAAK,EAAE,CAAC;YAC1D,MAAM,IAAI,kBAAS,CAAC,0BAA0B,EAAE,oBAAoB,EAAE,GAAG,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,IAAI,CAAC,oBAAoB,IAAI,IAAI,IAAI,EAAE,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC;YACxE,MAAM,IAAI,kBAAS,CAAC,8BAA8B,EAAE,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,SAAS,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAxCD,8CAwCC"}

package/dist/strategies/oauth/github.strategy.d.ts

@@ -0,0 +1,29 @@
+import { BaseOAuthStrategy } from '../../abstract/base-oauth-strategy.abstract';
+import { BaseUser } from '../../models/user.model';
+import { AuthConfig } from '../../models/auth-config.model';
+export declare abstract class GithubStrategy<TUser extends BaseUser = BaseUser> extends BaseOAuthStrategy<TUser> {
+    name: string;
+    private readonly clientId;
+    private readonly clientSecret;
+    private readonly callbackUrl;
+    constructor(config: AuthConfig);
+    getAuthorizationUrl(state?: string): string;
+    protected exchangeCodeForTokens(code: string): Promise<{
+        accessToken: string;
+        idToken?: string;
+    }>;
+    protected getUserProfile(accessToken: string): Promise<{
+        id: string;
+        email: string;
+        name?: string;
+        picture?: string;
+    }>;
+    handleCallback(code: string, state?: string): Promise<TUser>;
+    abstract findOrCreateUser(profile: {
+        id: string;
+        email: string;
+        name?: string;
+        picture?: string;
+    }, state?: string): Promise<TUser>;
+}
+//# sourceMappingURL=github.strategy.d.ts.map

package/dist/strategies/oauth/github.strategy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.strategy.d.ts","sourceRoot":"","sources":["../../../src/strategies/oauth/github.strategy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,6CAA6C,CAAC;AAChF,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAG5D,8BAAsB,cAAc,CAAC,KAAK,SAAS,QAAQ,GAAG,QAAQ,CAAE,SAAQ,iBAAiB,CAAC,KAAK,CAAC;IACtG,IAAI,SAAY;IAEhB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;gBAEzB,MAAM,EAAE,UAAU;IAU9B,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM;cAU3B,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;cAgBvF,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAoBtH,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAMlE,QAAQ,CAAC,gBAAgB,CAAC,OAAO,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;CACnI"}

package/dist/strategies/oauth/github.strategy.js

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GithubStrategy = void 0;
+const base_oauth_strategy_abstract_1 = require("../../abstract/base-oauth-strategy.abstract");
+const errors_1 = require("../../models/errors");
+class GithubStrategy extends base_oauth_strategy_abstract_1.BaseOAuthStrategy {
+    constructor(config) {
+        super();
+        this.name = 'github';
+        if (!config.oauth?.github) {
+            throw new errors_1.AuthError('GitHub OAuth not configured', 'OAUTH_NOT_CONFIGURED', 500);
+        }
+        this.clientId = config.oauth.github.clientId;
+        this.clientSecret = config.oauth.github.clientSecret;
+        this.callbackUrl = config.oauth.github.callbackUrl;
+    }
+    getAuthorizationUrl(state) {
+        const params = new URLSearchParams({
+            client_id: this.clientId,
+            redirect_uri: this.callbackUrl,
+            scope: 'user:email',
+            ...(state ? { state } : {}),
+        });
+        return `https://github.com/login/oauth/authorize?${params.toString()}`;
+    }
+    async exchangeCodeForTokens(code) {
+        const res = await fetch('https://github.com/login/oauth/access_token', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+            body: JSON.stringify({
+                client_id: this.clientId,
+                client_secret: this.clientSecret,
+                code,
+                redirect_uri: this.callbackUrl,
+            }),
+        });
+        if (!res.ok)
+            throw new errors_1.AuthError('GitHub token exchange failed', 'OAUTH_TOKEN_EXCHANGE_FAILED', 401);
+        const data = await res.json();
+        return { accessToken: data.access_token };
+    }
+    async getUserProfile(accessToken) {
+        const [userRes, emailRes] = await Promise.all([
+            fetch('https://api.github.com/user', {
+                headers: { Authorization: `token ${accessToken}`, Accept: 'application/vnd.github.v3+json' },
+            }),
+            fetch('https://api.github.com/user/emails', {
+                headers: { Authorization: `token ${accessToken}`, Accept: 'application/vnd.github.v3+json' },
+            }),
+        ]);
+        if (!userRes.ok)
+            throw new errors_1.AuthError('Failed to get GitHub user profile', 'OAUTH_PROFILE_FAILED', 401);
+        const user = await userRes.json();
+        let email = user.email ?? '';
+        if (!email && emailRes.ok) {
+            const emails = await emailRes.json();
+            const primary = emails.find(e => e.primary && e.verified);
+            email = primary?.email ?? emails[0]?.email ?? '';
+        }
+        return { id: String(user.id), email, name: user.name ?? user.login, picture: user.avatar_url };
+    }
+    async handleCallback(code, state) {
+        const { accessToken } = await this.exchangeCodeForTokens(code);
+        const profile = await this.getUserProfile(accessToken);
+        return this.findOrCreateUser(profile, state);
+    }
+}
+exports.GithubStrategy = GithubStrategy;
+//# sourceMappingURL=github.strategy.js.map

package/dist/strategies/oauth/github.strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.strategy.js","sourceRoot":"","sources":["../../../src/strategies/oauth/github.strategy.ts"],"names":[],"mappings":";;;AAAA,8FAAgF;AAGhF,gDAAgD;AAEhD,MAAsB,cAAkD,SAAQ,gDAAwB;IAOtG,YAAY,MAAkB;QAC5B,KAAK,EAAE,CAAC;QAPV,SAAI,GAAG,QAAQ,CAAC;QAQd,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC;YAC1B,MAAM,IAAI,kBAAS,CAAC,6BAA6B,EAAE,sBAAsB,EAAE,GAAG,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC;QAC7C,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC;QACrD,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC;IACrD,CAAC;IAED,mBAAmB,CAAC,KAAc;QAChC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,YAAY,EAAE,IAAI,CAAC,WAAW;YAC9B,KAAK,EAAE,YAAY;YACnB,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5B,CAAC,CAAC;QACH,OAAO,4CAA4C,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IACzE,CAAC;IAES,KAAK,CAAC,qBAAqB,CAAC,IAAY;QAChD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,6CAA6C,EAAE;YACrE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,EAAE,kBAAkB,EAAE;YAC3E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;gBAChC,IAAI;gBACJ,YAAY,EAAE,IAAI,CAAC,WAAW;aAC/B,CAAC;SACH,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,kBAAS,CAAC,8BAA8B,EAAE,6BAA6B,EAAE,GAAG,CAAC,CAAC;QACrG,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA8B,CAAC;QAC1D,OAAO,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;IAC5C,CAAC;IAES,KAAK,CAAC,cAAc,CAAC,WAAmB;QAChD,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAC5C,KAAK,CAAC,6BAA6B,EAAE;gBACnC,OAAO,EAAE,EAAE,aAAa,EAAE,SAAS,WAAW,EAAE,EAAE,MAAM,EAAE,gCAAgC,EAAE;aAC7F,CAAC;YACF,KAAK,CAAC,oCAAoC,EAAE;gBAC1C,OAAO,EAAE,EAAE,aAAa,EAAE,SAAS,WAAW,EAAE,EAAE,MAAM,EAAE,gCAAgC,EAAE;aAC7F,CAAC;SACH,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,EAAE;YAAE,MAAM,IAAI,kBAAS,CAAC,mCAAmC,EAAE,sBAAsB,EAAE,GAAG,CAAC,CAAC;QACvG,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAuF,CAAC;QACvH,IAAI,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,KAAK,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAmE,CAAC;YACtG,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC;YAC1D,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QACnD,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;IACjG,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,IAAY,EAAE,KAAc;QAC/C,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAC/D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;CAGF;AAtED,wCAsEC"}

package/dist/strategies/oauth/google.strategy.d.ts

@@ -0,0 +1,29 @@
+import { BaseOAuthStrategy } from '../../abstract/base-oauth-strategy.abstract';
+import { BaseUser } from '../../models/user.model';
+import { AuthConfig } from '../../models/auth-config.model';
+export declare abstract class GoogleStrategy<TUser extends BaseUser = BaseUser> extends BaseOAuthStrategy<TUser> {
+    name: string;
+    private readonly clientId;
+    private readonly clientSecret;
+    private readonly callbackUrl;
+    constructor(config: AuthConfig);
+    getAuthorizationUrl(state?: string): string;
+    protected exchangeCodeForTokens(code: string): Promise<{
+        accessToken: string;
+        idToken?: string;
+    }>;
+    protected getUserProfile(accessToken: string): Promise<{
+        id: string;
+        email: string;
+        name?: string;
+        picture?: string;
+    }>;
+    handleCallback(code: string, state?: string): Promise<TUser>;
+    abstract findOrCreateUser(profile: {
+        id: string;
+        email: string;
+        name?: string;
+        picture?: string;
+    }, state?: string): Promise<TUser>;
+}
+//# sourceMappingURL=google.strategy.d.ts.map

package/dist/strategies/oauth/google.strategy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.strategy.d.ts","sourceRoot":"","sources":["../../../src/strategies/oauth/google.strategy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,6CAA6C,CAAC;AAChF,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAG5D,8BAAsB,cAAc,CAAC,KAAK,SAAS,QAAQ,GAAG,QAAQ,CAAE,SAAQ,iBAAiB,CAAC,KAAK,CAAC;IACtG,IAAI,SAAY;IAEhB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;gBAEzB,MAAM,EAAE,UAAU;IAU9B,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM;cAY3B,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;cAiBvF,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAStH,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAMlE,QAAQ,CAAC,gBAAgB,CAAC,OAAO,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;CACnI"}

package/dist/strategies/oauth/google.strategy.js

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GoogleStrategy = void 0;
+const base_oauth_strategy_abstract_1 = require("../../abstract/base-oauth-strategy.abstract");
+const errors_1 = require("../../models/errors");
+class GoogleStrategy extends base_oauth_strategy_abstract_1.BaseOAuthStrategy {
+    constructor(config) {
+        super();
+        this.name = 'google';
+        if (!config.oauth?.google) {
+            throw new errors_1.AuthError('Google OAuth not configured', 'OAUTH_NOT_CONFIGURED', 500);
+        }
+        this.clientId = config.oauth.google.clientId;
+        this.clientSecret = config.oauth.google.clientSecret;
+        this.callbackUrl = config.oauth.google.callbackUrl;
+    }
+    getAuthorizationUrl(state) {
+        const params = new URLSearchParams({
+            client_id: this.clientId,
+            redirect_uri: this.callbackUrl,
+            response_type: 'code',
+            scope: 'openid email profile',
+            access_type: 'offline',
+            ...(state ? { state } : {}),
+        });
+        return `https://accounts.google.com/o/oauth2/v2/auth?${params.toString()}`;
+    }
+    async exchangeCodeForTokens(code) {
+        const res = await fetch('https://oauth2.googleapis.com/token', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: new URLSearchParams({
+                code,
+                client_id: this.clientId,
+                client_secret: this.clientSecret,
+                redirect_uri: this.callbackUrl,
+                grant_type: 'authorization_code',
+            }).toString(),
+        });
+        if (!res.ok)
+            throw new errors_1.AuthError('Google token exchange failed', 'OAUTH_TOKEN_EXCHANGE_FAILED', 401);
+        const data = await res.json();
+        return { accessToken: data.access_token, idToken: data.id_token };
+    }
+    async getUserProfile(accessToken) {
+        const res = await fetch('https://www.googleapis.com/oauth2/v3/userinfo', {
+            headers: { Authorization: `Bearer ${accessToken}` },
+        });
+        if (!res.ok)
+            throw new errors_1.AuthError('Failed to get Google user profile', 'OAUTH_PROFILE_FAILED', 401);
+        const data = await res.json();
+        return { id: data.sub, email: data.email, name: data.name, picture: data.picture };
+    }
+    async handleCallback(code, state) {
+        const { accessToken } = await this.exchangeCodeForTokens(code);
+        const profile = await this.getUserProfile(accessToken);
+        return this.findOrCreateUser(profile, state);
+    }
+}
+exports.GoogleStrategy = GoogleStrategy;
+//# sourceMappingURL=google.strategy.js.map

package/dist/strategies/oauth/google.strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.strategy.js","sourceRoot":"","sources":["../../../src/strategies/oauth/google.strategy.ts"],"names":[],"mappings":";;;AAAA,8FAAgF;AAGhF,gDAAgD;AAEhD,MAAsB,cAAkD,SAAQ,gDAAwB;IAOtG,YAAY,MAAkB;QAC5B,KAAK,EAAE,CAAC;QAPV,SAAI,GAAG,QAAQ,CAAC;QAQd,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC;YAC1B,MAAM,IAAI,kBAAS,CAAC,6BAA6B,EAAE,sBAAsB,EAAE,GAAG,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC;QAC7C,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC;QACrD,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC;IACrD,CAAC;IAED,mBAAmB,CAAC,KAAc;QAChC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,YAAY,EAAE,IAAI,CAAC,WAAW;YAC9B,aAAa,EAAE,MAAM;YACrB,KAAK,EAAE,sBAAsB;YAC7B,WAAW,EAAE,SAAS;YACtB,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5B,CAAC,CAAC;QACH,OAAO,gDAAgD,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC7E,CAAC;IAES,KAAK,CAAC,qBAAqB,CAAC,IAAY;QAChD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,qCAAqC,EAAE;YAC7D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;gBAChC,YAAY,EAAE,IAAI,CAAC,WAAW;gBAC9B,UAAU,EAAE,oBAAoB;aACjC,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,kBAAS,CAAC,8BAA8B,EAAE,6BAA6B,EAAE,GAAG,CAAC,CAAC;QACrG,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAiD,CAAC;QAC7E,OAAO,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC;IACpE,CAAC;IAES,KAAK,CAAC,cAAc,CAAC,WAAmB;QAChD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,+CAA+C,EAAE;YACvE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;SACpD,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,kBAAS,CAAC,mCAAmC,EAAE,sBAAsB,EAAE,GAAG,CAAC,CAAC;QACnG,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAqE,CAAC;QACjG,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;IACrF,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,IAAY,EAAE,KAAc;QAC/C,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAC/D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;CAGF;AA9DD,wCA8DC"}

package/dist/strategies/sms/sms.strategy.d.ts

@@ -0,0 +1,7 @@
+import { IUserStore } from '../../interfaces/user-store.interface';
+import { AuthConfig } from '../../models/auth-config.model';
+export declare class SmsStrategy {
+    sendCode(phone: string, userId: string, userStore: IUserStore, config: AuthConfig): Promise<void>;
+    verify(userId: string, code: string, userStore: IUserStore): Promise<boolean>;
+}
+//# sourceMappingURL=sms.strategy.d.ts.map

package/dist/strategies/sms/sms.strategy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sms.strategy.d.ts","sourceRoot":"","sources":["../../../src/strategies/sms/sms.strategy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,uCAAuC,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAO5D,qBAAa,WAAW;IAChB,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAajG,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;CAcpF"}

package/dist/strategies/sms/sms.strategy.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SmsStrategy = void 0;
+const sms_service_1 = require("../../services/sms.service");
+const password_service_1 = require("../../services/password.service");
+const errors_1 = require("../../models/errors");
+const passwordService = new password_service_1.PasswordService();
+class SmsStrategy {
+    async sendCode(phone, userId, userStore, config) {
+        if (!config.sms) {
+            throw new errors_1.AuthError('SMS not configured', 'SMS_NOT_CONFIGURED', 500);
+        }
+        const smsService = new sms_service_1.SmsService(config.sms);
+        const code = smsService.generateCode();
+        const hashedCode = await passwordService.hash(code, 10);
+        const expiresInMin = config.sms.codeExpiresInMinutes ?? 10;
+        const expiry = new Date(Date.now() + expiresInMin * 60 * 1000);
+        await userStore.updateSmsCode(userId, hashedCode, expiry);
+        await smsService.sendSms(phone, `Your verification code is: ${code}`);
+    }
+    async verify(userId, code, userStore) {
+        const user = await userStore.findById(userId);
+        if (!user)
+            return false;
+        if (!user.smsCode)
+            return false;
+        if (user.smsCodeExpiry && new Date() > user.smsCodeExpiry) {
+            await userStore.updateSmsCode(userId, null, null);
+            return false;
+        }
+        const valid = await passwordService.compare(code, user.smsCode);
+        if (valid) {
+            await userStore.updateSmsCode(userId, null, null);
+        }
+        return valid;
+    }
+}
+exports.SmsStrategy = SmsStrategy;
+//# sourceMappingURL=sms.strategy.js.map

package/dist/strategies/sms/sms.strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sms.strategy.js","sourceRoot":"","sources":["../../../src/strategies/sms/sms.strategy.ts"],"names":[],"mappings":";;;AAEA,4DAAwD;AACxD,sEAAkE;AAClE,gDAAgD;AAEhD,MAAM,eAAe,GAAG,IAAI,kCAAe,EAAE,CAAC;AAE9C,MAAa,WAAW;IACtB,KAAK,CAAC,QAAQ,CAAC,KAAa,EAAE,MAAc,EAAE,SAAqB,EAAE,MAAkB;QACrF,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAS,CAAC,oBAAoB,EAAE,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACvE,CAAC;QACD,MAAM,UAAU,GAAG,IAAI,wBAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,UAAU,CAAC,YAAY,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACxD,MAAM,YAAY,GAAG,MAAM,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC/D,MAAM,SAAS,CAAC,aAAa,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QAC1D,MAAM,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,8BAA8B,IAAI,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAAc,EAAE,IAAY,EAAE,SAAqB;QAC9D,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAChC,IAAI,IAAI,CAAC,aAAa,IAAI,IAAI,IAAI,EAAE,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YAC1D,MAAM,SAAS,CAAC,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAClD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAChE,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,SAAS,CAAC,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AA5BD,kCA4BC"}

package/dist/strategies/two-factor/totp.strategy.d.ts

@@ -0,0 +1,12 @@
+import { IUserStore } from '../../interfaces/user-store.interface';
+export declare class TotpStrategy {
+    generateSecret(email: string, appName?: string): {
+        secret: string;
+        otpauthUrl: string;
+        qrCode: Promise<string>;
+    };
+    verify(token: string, secret: string): Promise<boolean>;
+    enable(userId: string, secret: string, userStore: IUserStore): Promise<void>;
+    disable(userId: string, userStore: IUserStore): Promise<void>;
+}
+//# sourceMappingURL=totp.strategy.d.ts.map

package/dist/strategies/two-factor/totp.strategy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"totp.strategy.d.ts","sourceRoot":"","sources":["../../../src/strategies/two-factor/totp.strategy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,uCAAuC,CAAC;AAOnE,qBAAa,YAAY;IACvB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,GAAE,MAAoB,GAAG;QAC5D,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;KACzB;IAOK,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKvD,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5E,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;CAGpE"}

package/dist/strategies/two-factor/totp.strategy.js

@@ -0,0 +1,32 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TotpStrategy = void 0;
+const otplib_1 = require("otplib");
+const qrcode_1 = __importDefault(require("qrcode"));
+const totp = new otplib_1.TOTP({
+    crypto: new otplib_1.NobleCryptoPlugin(),
+    base32: new otplib_1.ScureBase32Plugin(),
+});
+class TotpStrategy {
+    generateSecret(email, appName = 'node-auth') {
+        const secret = totp.generateSecret();
+        const otpauthUrl = totp.toURI({ label: email, issuer: appName, secret });
+        const qrCode = qrcode_1.default.toDataURL(otpauthUrl);
+        return { secret, otpauthUrl, qrCode };
+    }
+    async verify(token, secret) {
+        const result = await totp.verify(token, { secret });
+        return result.valid;
+    }
+    async enable(userId, secret, userStore) {
+        await userStore.updateTotpSecret(userId, secret);
+    }
+    async disable(userId, userStore) {
+        await userStore.updateTotpSecret(userId, null);
+    }
+}
+exports.TotpStrategy = TotpStrategy;
+//# sourceMappingURL=totp.strategy.js.map

package/dist/strategies/two-factor/totp.strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"totp.strategy.js","sourceRoot":"","sources":["../../../src/strategies/two-factor/totp.strategy.ts"],"names":[],"mappings":";;;;;;AAAA,mCAAoE;AACpE,oDAA4B;AAG5B,MAAM,IAAI,GAAG,IAAI,aAAI,CAAC;IACpB,MAAM,EAAE,IAAI,0BAAiB,EAAE;IAC/B,MAAM,EAAE,IAAI,0BAAiB,EAAE;CAChC,CAAC,CAAC;AAEH,MAAa,YAAY;IACvB,cAAc,CAAC,KAAa,EAAE,UAAkB,WAAW;QAKzD,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACrC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QACzE,MAAM,MAAM,GAAG,gBAAM,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAC5C,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,MAAc;QACxC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAAc,EAAE,MAAc,EAAE,SAAqB;QAChE,MAAM,SAAS,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAc,EAAE,SAAqB;QACjD,MAAM,SAAS,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACjD,CAAC;CACF;AAxBD,oCAwBC"}

package/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "@nik2208/node-auth",
+  "version": "1.0.2",
+  "description": "Database-agnostic JWT authentication library for Node.js",
+  "main": "dist/index.js",
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/nik2208/node-auth.git"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "type": "commonjs",
+  "bugs": {
+    "url": "https://github.com/nik2208/node-auth/issues"
+  },
+  "homepage": "https://github.com/nik2208/node-auth#readme",
+  "dependencies": {
+    "bcryptjs": "^3.0.3",
+    "jsonwebtoken": "^9.0.3",
+    "otplib": "^13.3.0",
+    "qrcode": "^1.5.4"
+  },
+  "devDependencies": {
+    "@types/bcryptjs": "^2.4.6",
+    "@types/express": "^5.0.6",
+    "@types/jsonwebtoken": "^9.0.10",
+    "@types/node": "^25.3.0",
+    "@types/qrcode": "^1.5.6",
+    "@types/supertest": "^6.0.3",
+    "@vitest/coverage-v8": "^4.0.18",
+    "express": "^5.2.1",
+    "supertest": "^7.2.2",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18"
+  },
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ]
+}