npm - @ofeklabs/horizon-auth - Versions diffs - 0.1.0 - Mend

@ofeklabs/horizon-auth 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (85) hide show

package/README.md +359 -0
package/dist/auth/auth.controller.d.ts +36 -0
package/dist/auth/auth.controller.js +173 -0
package/dist/auth/auth.controller.js.map +1 -0
package/dist/auth/auth.module.d.ts +2 -0
package/dist/auth/auth.module.js +55 -0
package/dist/auth/auth.module.js.map +1 -0
package/dist/auth/auth.service.d.ts +26 -0
package/dist/auth/auth.service.js +180 -0
package/dist/auth/auth.service.js.map +1 -0
package/dist/auth/dto/login.dto.d.ts +4 -0
package/dist/auth/dto/login.dto.js +25 -0
package/dist/auth/dto/login.dto.js.map +1 -0
package/dist/auth/dto/password-reset.dto.d.ts +10 -0
package/dist/auth/dto/password-reset.dto.js +40 -0
package/dist/auth/dto/password-reset.dto.js.map +1 -0
package/dist/auth/dto/register.dto.d.ts +6 -0
package/dist/auth/dto/register.dto.js +36 -0
package/dist/auth/dto/register.dto.js.map +1 -0
package/dist/auth/guards/jwt-auth.guard.d.ts +9 -0
package/dist/auth/guards/jwt-auth.guard.js +37 -0
package/dist/auth/guards/jwt-auth.guard.js.map +1 -0
package/dist/auth/guards/roles.guard.d.ts +7 -0
package/dist/auth/guards/roles.guard.js +39 -0
package/dist/auth/guards/roles.guard.js.map +1 -0
package/dist/auth/interfaces/token.interface.d.ts +20 -0
package/dist/auth/interfaces/token.interface.js +3 -0
package/dist/auth/interfaces/token.interface.js.map +1 -0
package/dist/auth/jwks.controller.d.ts +14 -0
package/dist/auth/jwks.controller.js +53 -0
package/dist/auth/jwks.controller.js.map +1 -0
package/dist/auth/services/password.service.d.ts +10 -0
package/dist/auth/services/password.service.js +42 -0
package/dist/auth/services/password.service.js.map +1 -0
package/dist/auth/services/token.service.d.ts +16 -0
package/dist/auth/services/token.service.js +91 -0
package/dist/auth/services/token.service.js.map +1 -0
package/dist/auth/strategies/jwt.strategy.d.ts +12 -0
package/dist/auth/strategies/jwt.strategy.js +56 -0
package/dist/auth/strategies/jwt.strategy.js.map +1 -0
package/dist/common/decorators/current-tenant.decorator.d.ts +1 -0
package/dist/common/decorators/current-tenant.decorator.js +9 -0
package/dist/common/decorators/current-tenant.decorator.js.map +1 -0
package/dist/common/decorators/current-user.decorator.d.ts +1 -0
package/dist/common/decorators/current-user.decorator.js +9 -0
package/dist/common/decorators/current-user.decorator.js.map +1 -0
package/dist/common/decorators/public.decorator.d.ts +2 -0
package/dist/common/decorators/public.decorator.js +8 -0
package/dist/common/decorators/public.decorator.js.map +1 -0
package/dist/common/decorators/roles.decorator.d.ts +2 -0
package/dist/common/decorators/roles.decorator.js +8 -0
package/dist/common/decorators/roles.decorator.js.map +1 -0
package/dist/common/middleware/tenant-extractor.middleware.d.ts +9 -0
package/dist/common/middleware/tenant-extractor.middleware.js +61 -0
package/dist/common/middleware/tenant-extractor.middleware.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.js +31 -0
package/dist/index.js.map +1 -0
package/dist/lib/horizon-auth-config.interface.d.ts +54 -0
package/dist/lib/horizon-auth-config.interface.js +3 -0
package/dist/lib/horizon-auth-config.interface.js.map +1 -0
package/dist/lib/horizon-auth.module.d.ts +11 -0
package/dist/lib/horizon-auth.module.js +117 -0
package/dist/lib/horizon-auth.module.js.map +1 -0
package/dist/prisma/prisma.module.d.ts +4 -0
package/dist/prisma/prisma.module.js +33 -0
package/dist/prisma/prisma.module.js.map +1 -0
package/dist/prisma/prisma.service.d.ts +8 -0
package/dist/prisma/prisma.service.js +42 -0
package/dist/prisma/prisma.service.js.map +1 -0
package/dist/redis/redis.module.d.ts +4 -0
package/dist/redis/redis.module.js +33 -0
package/dist/redis/redis.module.js.map +1 -0
package/dist/redis/redis.service.d.ts +17 -0
package/dist/redis/redis.service.js +83 -0
package/dist/redis/redis.service.js.map +1 -0
package/dist/tsconfig.build.tsbuildinfo +1 -0
package/dist/users/users.module.d.ts +2 -0
package/dist/users/users.module.js +23 -0
package/dist/users/users.module.js.map +1 -0
package/dist/users/users.service.d.ts +15 -0
package/dist/users/users.service.js +110 -0
package/dist/users/users.service.js.map +1 -0
package/package.json +78 -0
package/prisma/schema.prisma +46 -0

package/README.md ADDED Viewed

@@ -0,0 +1,359 @@
+# @ofeklabs/horizon-auth
+Production-ready NestJS authentication module with 2026 security standards. Add enterprise-grade authentication to your application in under 60 seconds.
+## Features
+- 🔐 **Modern Security**: Argon2id password hashing, RS256 JWT signing
+- 🔄 **Refresh Token Rotation**: Automatic token rotation with reuse detection
+- 🚫 **Redis Blacklisting**: Revoked token management with TTL
+- 🏢 **Multi-Tenant Support**: Built-in tenant isolation
+- 🌍 **Cross-Language**: JWKS endpoint for polyglot microservices
+- ⚡ **Rate Limiting**: Built-in protection against brute force attacks
+- 🎯 **Type-Safe**: Full TypeScript support
+- 📦 **Zero Config**: Sensible defaults, fully customizable
+## Quick Start (60 seconds)
+### 1. Install
+```bash
+npm install @ofeklabs/horizon-auth @prisma/client ioredis passport passport-jwt
+npm install -D prisma
+```
+### 2. Generate RSA Keys
+```bash
+# Generate private key
+openssl genrsa -out private.pem 2048
+# Generate public key
+openssl rsa -in private.pem -pubout -out public.pem
+```
+### 3. Configure Module
+```typescript
+// app.module.ts
+import { Module } from '@nestjs/common';
+import { HorizonAuthModule } from '@ofeklabs/horizon-auth';
+import { readFileSync } from 'fs';
+import { join } from 'path';
+@Module({
+  imports: [
+    HorizonAuthModule.forRoot({
+      database: {
+        url: process.env.DATABASE_URL,
+      },
+      redis: {
+        host: process.env.REDIS_HOST || 'localhost',
+        port: parseInt(process.env.REDIS_PORT) || 6379,
+      },
+      jwt: {
+        privateKey: readFileSync(join(__dirname, '../certs/private.pem'), 'utf8'),
+        publicKey: readFileSync(join(__dirname, '../certs/public.pem'), 'utf8'),
+      },
+    }),
+  ],
+})
+export class AppModule {}
+```
+### 4. Set Up Database
+```bash
+# Start PostgreSQL and Redis
+docker-compose up -d
+# Run Prisma migrations
+npx prisma migrate dev
+```
+### 5. Use in Controllers
+```typescript
+import { Controller, Get, Post, Body, UseGuards } from '@nestjs/common';
+import {
+  Public,
+  CurrentUser,
+  JwtAuthGuard,
+  Roles,
+  LoginDto,
+  RegisterDto,
+} from '@ofeklabs/horizon-auth';
+@Controller()
+export class AppController {
+  // Public endpoint - no authentication required
+  @Public()
+  @Get()
+  getHello() {
+    return { message: 'Hello World' };
+  }
+  // Protected endpoint - requires JWT
+  @UseGuards(JwtAuthGuard)
+  @Get('profile')
+  getProfile(@CurrentUser() user) {
+    return user;
+  }
+  // Role-based access control
+  @UseGuards(JwtAuthGuard)
+  @Roles('admin')
+  @Get('admin')
+  adminOnly() {
+    return { message: 'Admin access granted' };
+  }
+}
+```
+## API Endpoints
+The package automatically provides these endpoints:
+### Authentication
+- `POST /auth/register` - Register new user
+- `POST /auth/login` - Login with email/password
+- `POST /auth/refresh` - Refresh access token
+- `POST /auth/logout` - Logout and revoke tokens
+- `GET /auth/profile` - Get current user profile
+### Password Management
+- `POST /auth/password-reset/request` - Request password reset
+- `POST /auth/password-reset/complete` - Complete password reset
+- `POST /auth/verify-email` - Verify email address
+### Cross-Language Support
+- `GET /.well-known/jwks.json` - Public keys for JWT verification
+## Configuration Options
+```typescript
+interface HorizonAuthConfig {
+  // Required
+  database: {
+    url: string;
+  };
+  redis: {
+    host: string;
+    port: number;
+    password?: string;
+    db?: number;
+  };
+  jwt: {
+    privateKey: string; // RSA private key (PEM format)
+    publicKey: string; // RSA public key (PEM format)
+    accessTokenExpiry?: string; // Default: '15m'
+    refreshTokenExpiry?: string; // Default: '7d'
+    issuer?: string; // Default: 'horizon-auth'
+    audience?: string; // Default: 'horizon-api'
+  };
+  // Optional
+  multiTenant?: {
+    enabled: boolean;
+    tenantIdExtractor?: 'header' | 'subdomain' | 'custom';
+    defaultTenantId?: string;
+  };
+  rateLimit?: {
+    login?: { limit: number; ttl: number };
+    register?: { limit: number; ttl: number };
+    passwordReset?: { limit: number; ttl: number };
+  };
+  guards?: {
+    applyJwtGuardGlobally?: boolean;
+  };
+}
+```
+## Decorators
+### @Public()
+Mark routes as publicly accessible (skip authentication)
+```typescript
+@Public()
+@Get('public')
+publicRoute() {
+  return { message: 'No auth required' };
+}
+```
+### @CurrentUser()
+Inject authenticated user into controller
+```typescript
+@Get('me')
+getMe(@CurrentUser() user) {
+  return user;
+}
+```
+### @Roles(...roles)
+Require specific roles for access
+```typescript
+@Roles('admin', 'moderator')
+@Get('admin')
+adminRoute() {
+  return { message: 'Admin only' };
+}
+```
+### @CurrentTenant()
+Get current tenant ID
+```typescript
+@Get('tenant-data')
+getTenantData(@CurrentTenant() tenantId: string) {
+  return { tenantId };
+}
+```
+## Multi-Tenant Configuration
+```typescript
+HorizonAuthModule.forRoot({
+  // ... other config
+  multiTenant: {
+    enabled: true,
+    tenantIdExtractor: 'header', // or 'subdomain' or 'custom'
+    defaultTenantId: 'default',
+  },
+});
+```
+## Dev SSO Mode
+For local development with multiple microservices:
+```yaml
+# docker-compose.dev-sso.yml
+version: '3.8'
+services:
+  auth-service:
+    build: .
+    ports:
+      - '3000:3000'
+    environment:
+      COOKIE_DOMAIN: '.localhost'
+      REDIS_HOST: redis
+    depends_on:
+      - postgres
+      - redis
+```
+All `*.localhost:3000` apps will share the same authentication session.
+## Cross-Language Token Verification
+### C# Example
+```csharp
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+var jwks = await httpClient.GetStringAsync("http://auth-service/.well-known/jwks.json");
+var keys = JsonConvert.DeserializeObject<JsonWebKeySet>(jwks);
+var tokenHandler = new JwtSecurityTokenHandler();
+var validationParameters = new TokenValidationParameters
+{
+    ValidateIssuerSigningKey = true,
+    IssuerSigningKeys = keys.Keys,
+    ValidateIssuer = true,
+    ValidIssuer = "horizon-auth",
+    ValidateAudience = true,
+    ValidAudience = "horizon-api"
+};
+var principal = tokenHandler.ValidateToken(token, validationParameters, out var validatedToken);
+```
+### Python Example
+```python
+import jwt
+import requests
+# Fetch JWKS
+jwks_url = "http://auth-service/.well-known/jwks.json"
+jwks = requests.get(jwks_url).json()
+# Verify token
+token = "your-jwt-token"
+decoded = jwt.decode(
+    token,
+    jwks,
+    algorithms=["RS256"],
+    issuer="horizon-auth",
+    audience="horizon-api"
+)
+```
+## Security Best Practices
+1. **Always use HTTPS in production**
+2. **Store RSA keys securely** (environment variables, secrets manager)
+3. **Enable rate limiting** to prevent brute force attacks
+4. **Monitor security events** (failed logins, token reuse)
+5. **Rotate JWT keys periodically**
+6. **Use strong Redis passwords** in production
+## Environment Variables
+```env
+# Database
+DATABASE_URL=postgresql://user:password@localhost:5432/horizon_auth
+# Redis
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_PASSWORD=your_redis_password
+# Application
+NODE_ENV=production
+```
+## Troubleshooting
+### "Invalid or expired access token"
+- Check that your JWT keys are correctly configured
+- Verify token hasn't expired (default 15 minutes)
+- Ensure token isn't blacklisted
+### "Redis connection error"
+- Verify Redis is running: `docker ps`
+- Check Redis connection settings
+- Test connection: `redis-cli ping`
+### "Token reuse detected"
+- This is a security feature - someone tried to reuse a revoked refresh token
+- All user tokens have been revoked for security
+- User needs to login again
+## Migration from Existing Auth
+See [MIGRATION.md](./MIGRATION.md) for guides on:
+- Migrating from bcrypt to Argon2id
+- Migrating from HS256 to RS256
+- Database schema migration
+## License
+MIT
+## Support
+- GitHub Issues: https://github.com/OfekItzhaki/horizon-auth-platform/issues
+- Documentation: https://github.com/OfekItzhaki/horizon-auth-platform
+## Credits
+Created by Ofek Itzhaki

package/dist/auth/auth.controller.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+import { Response, Request } from 'express';
+import { AuthService } from './auth.service';
+import { RegisterDto } from './dto/register.dto';
+import { LoginDto } from './dto/login.dto';
+import { RequestPasswordResetDto, ResetPasswordDto, VerifyEmailDto } from './dto/password-reset.dto';
+import { SafeUser } from '../users/users.service';
+export declare class AuthController {
+    private readonly authService;
+    constructor(authService: AuthService);
+    register(registerDto: RegisterDto, response: Response): Promise<{
+        user: SafeUser;
+        accessToken: string;
+    }>;
+    login(loginDto: LoginDto, response: Response): Promise<{
+        user: SafeUser;
+        accessToken: string;
+    }>;
+    refresh(request: Request, response: Response): Promise<{
+        user: SafeUser;
+        accessToken: string;
+    }>;
+    logout(user: SafeUser, response: Response): Promise<{
+        message: string;
+    }>;
+    getProfile(user: SafeUser): Promise<SafeUser>;
+    requestPasswordReset(dto: RequestPasswordResetDto): Promise<{
+        message: string;
+    }>;
+    resetPassword(dto: ResetPasswordDto): Promise<{
+        message: string;
+    }>;
+    verifyEmail(dto: VerifyEmailDto): Promise<{
+        message: string;
+    }>;
+    private setRefreshTokenCookie;
+}

package/dist/auth/auth.controller.js ADDED Viewed

@@ -0,0 +1,173 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthController = void 0;
+const common_1 = require("@nestjs/common");
+const throttler_1 = require("@nestjs/throttler");
+const auth_service_1 = require("./auth.service");
+const register_dto_1 = require("./dto/register.dto");
+const login_dto_1 = require("./dto/login.dto");
+const password_reset_dto_1 = require("./dto/password-reset.dto");
+const jwt_auth_guard_1 = require("./guards/jwt-auth.guard");
+const public_decorator_1 = require("../common/decorators/public.decorator");
+const current_user_decorator_1 = require("../common/decorators/current-user.decorator");
+let AuthController = class AuthController {
+    constructor(authService) {
+        this.authService = authService;
+    }
+    async register(registerDto, response) {
+        const result = await this.authService.register(registerDto.email, registerDto.password, registerDto.fullName, registerDto.tenantId);
+        this.setRefreshTokenCookie(response, result.refreshToken);
+        return {
+            user: result.user,
+            accessToken: result.accessToken,
+        };
+    }
+    async login(loginDto, response) {
+        const result = await this.authService.login(loginDto.email, loginDto.password);
+        this.setRefreshTokenCookie(response, result.refreshToken);
+        return {
+            user: result.user,
+            accessToken: result.accessToken,
+        };
+    }
+    async refresh(request, response) {
+        const refreshToken = request.cookies?.refreshToken;
+        if (!refreshToken) {
+            throw new Error('Refresh token not found');
+        }
+        const result = await this.authService.refresh(refreshToken);
+        this.setRefreshTokenCookie(response, result.refreshToken);
+        return {
+            user: result.user,
+            accessToken: result.accessToken,
+        };
+    }
+    async logout(user, response) {
+        await this.authService.logout(user.id);
+        response.clearCookie('refreshToken', {
+            httpOnly: true,
+            secure: process.env.NODE_ENV === 'production',
+            sameSite: 'strict',
+        });
+        return { message: 'Logged out successfully' };
+    }
+    async getProfile(user) {
+        return user;
+    }
+    async requestPasswordReset(dto) {
+        await this.authService.requestPasswordReset(dto.email);
+        return { message: 'If the email exists, a reset link will be sent' };
+    }
+    async resetPassword(dto) {
+        await this.authService.resetPassword(dto.token, dto.newPassword);
+        return { message: 'Password reset successfully' };
+    }
+    async verifyEmail(dto) {
+        await this.authService.verifyEmail(dto.token);
+        return { message: 'Email verified successfully' };
+    }
+    setRefreshTokenCookie(response, refreshToken) {
+        response.cookie('refreshToken', refreshToken, {
+            httpOnly: true,
+            secure: process.env.NODE_ENV === 'production',
+            sameSite: 'strict',
+            maxAge: 7 * 24 * 60 * 60 * 1000,
+        });
+    }
+};
+exports.AuthController = AuthController;
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, throttler_1.Throttle)({ default: { limit: 3, ttl: 60000 } }),
+    (0, common_1.Post)('register'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.CREATED),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [register_dto_1.RegisterDto, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "register", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, throttler_1.Throttle)({ default: { limit: 5, ttl: 60000 } }),
+    (0, common_1.Post)('login'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [login_dto_1.LoginDto, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "login", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, common_1.Post)('refresh'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Req)()),
+    __param(1, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "refresh", null);
+__decorate([
+    (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard),
+    (0, common_1.Post)('logout'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __param(1, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "logout", null);
+__decorate([
+    (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard),
+    (0, common_1.Get)('profile'),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "getProfile", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, throttler_1.Throttle)({ default: { limit: 3, ttl: 3600000 } }),
+    (0, common_1.Post)('password-reset/request'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [password_reset_dto_1.RequestPasswordResetDto]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "requestPasswordReset", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, common_1.Post)('password-reset/complete'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [password_reset_dto_1.ResetPasswordDto]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "resetPassword", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, common_1.Post)('verify-email'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [password_reset_dto_1.VerifyEmailDto]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "verifyEmail", null);
+exports.AuthController = AuthController = __decorate([
+    (0, common_1.Controller)('auth'),
+    __metadata("design:paramtypes", [auth_service_1.AuthService])
+], AuthController);
+//# sourceMappingURL=auth.controller.js.map

package/dist/auth/auth.controller.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.controller.js","sourceRoot":"","sources":["../../src/auth/auth.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAUwB;AACxB,iDAA6C;AAE7C,iDAA6C;AAC7C,qDAAiD;AACjD,+CAA2C;AAC3C,iEAAqG;AACrG,4DAAuD;AACvD,4EAA+D;AAC/D,wFAA0E;AAInE,IAAM,cAAc,GAApB,MAAM,cAAc;IACzB,YAA6B,WAAwB;QAAxB,gBAAW,GAAX,WAAW,CAAa;IAAG,CAAC;IAWnD,AAAN,KAAK,CAAC,QAAQ,CACJ,WAAwB,EACJ,QAAkB;QAE9C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAC5C,WAAW,CAAC,KAAK,EACjB,WAAW,CAAC,QAAQ,EACpB,WAAW,CAAC,QAAQ,EACpB,WAAW,CAAC,QAAQ,CACrB,CAAC;QAGF,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QAE1D,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,WAAW,EAAE,MAAM,CAAC,WAAW;SAChC,CAAC;IACJ,CAAC;IAWK,AAAN,KAAK,CAAC,KAAK,CACD,QAAkB,EACE,QAAkB;QAE9C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAG/E,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QAE1D,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,WAAW,EAAE,MAAM,CAAC,WAAW;SAChC,CAAC;IACJ,CAAC;IASK,AAAN,KAAK,CAAC,OAAO,CACJ,OAAgB,EACK,QAAkB;QAE9C,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC;QACnD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAG5D,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QAE1D,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,WAAW,EAAE,MAAM,CAAC,WAAW;SAChC,CAAC;IACJ,CAAC;IASK,AAAN,KAAK,CAAC,MAAM,CACK,IAAc,EACD,QAAkB;QAE9C,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAGvC,QAAQ,CAAC,WAAW,CAAC,cAAc,EAAE;YACnC,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YAC7C,QAAQ,EAAE,QAAQ;SACnB,CAAC,CAAC;QAEH,OAAO,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC;IAChD,CAAC;IAQK,AAAN,KAAK,CAAC,UAAU,CAAgB,IAAc;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IAWK,AAAN,KAAK,CAAC,oBAAoB,CAAS,GAA4B;QAC7D,MAAM,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACvD,OAAO,EAAE,OAAO,EAAE,gDAAgD,EAAE,CAAC;IACvE,CAAC;IASK,AAAN,KAAK,CAAC,aAAa,CAAS,GAAqB;QAC/C,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;QACjE,OAAO,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;IACpD,CAAC;IASK,AAAN,KAAK,CAAC,WAAW,CAAS,GAAmB;QAC3C,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC9C,OAAO,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;IACpD,CAAC;IAKO,qBAAqB,CAAC,QAAkB,EAAE,YAAoB;QACpE,QAAQ,CAAC,MAAM,CAAC,cAAc,EAAE,YAAY,EAAE;YAC5C,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YAC7C,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;SAChC,CAAC,CAAC;IACL,CAAC;CACF,CAAA;AArKY,wCAAc;AAYnB;IAJL,IAAA,yBAAM,GAAE;IACR,IAAA,oBAAQ,EAAC,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC;IAC/C,IAAA,aAAI,EAAC,UAAU,CAAC;IAChB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,OAAO,CAAC;IAE1B,WAAA,IAAA,aAAI,GAAE,CAAA;IACN,WAAA,IAAA,YAAG,EAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAA;;qCADN,0BAAW;;8CAiBjC;AAWK;IAJL,IAAA,yBAAM,GAAE;IACR,IAAA,oBAAQ,EAAC,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC;IAC/C,IAAA,aAAI,EAAC,OAAO,CAAC;IACb,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IAErB,WAAA,IAAA,aAAI,GAAE,CAAA;IACN,WAAA,IAAA,YAAG,EAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAA;;qCADT,oBAAQ;;2CAY3B;AASK;IAHL,IAAA,yBAAM,GAAE;IACR,IAAA,aAAI,EAAC,SAAS,CAAC;IACf,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IAErB,WAAA,IAAA,YAAG,GAAE,CAAA;IACL,WAAA,IAAA,YAAG,EAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAA;;;;6CAgB5B;AASK;IAHL,IAAA,kBAAS,EAAC,6BAAY,CAAC;IACvB,IAAA,aAAI,EAAC,QAAQ,CAAC;IACd,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IAErB,WAAA,IAAA,oCAAW,GAAE,CAAA;IACb,WAAA,IAAA,YAAG,EAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAA;;;;4CAY5B;AAQK;IAFL,IAAA,kBAAS,EAAC,6BAAY,CAAC;IACvB,IAAA,YAAG,EAAC,SAAS,CAAC;IACG,WAAA,IAAA,oCAAW,GAAE,CAAA;;;;gDAE9B;AAWK;IAJL,IAAA,yBAAM,GAAE;IACR,IAAA,oBAAQ,EAAC,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,CAAC;IACjD,IAAA,aAAI,EAAC,wBAAwB,CAAC;IAC9B,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACI,WAAA,IAAA,aAAI,GAAE,CAAA;;qCAAM,4CAAuB;;0DAG9D;AASK;IAHL,IAAA,yBAAM,GAAE;IACR,IAAA,aAAI,EAAC,yBAAyB,CAAC;IAC/B,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACH,WAAA,IAAA,aAAI,GAAE,CAAA;;qCAAM,qCAAgB;;mDAGhD;AASK;IAHL,IAAA,yBAAM,GAAE;IACR,IAAA,aAAI,EAAC,cAAc,CAAC;IACpB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACL,WAAA,IAAA,aAAI,GAAE,CAAA;;qCAAM,mCAAc;;iDAG5C;yBAxJU,cAAc;IAD1B,IAAA,mBAAU,EAAC,MAAM,CAAC;qCAEyB,0BAAW;GAD1C,cAAc,CAqK1B"}

package/dist/auth/auth.module.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare class AuthModule {
2	+ }

package/dist/auth/auth.module.js ADDED Viewed

@@ -0,0 +1,55 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthModule = void 0;
+const common_1 = require("@nestjs/common");
+const jwt_1 = require("@nestjs/jwt");
+const passport_1 = require("@nestjs/passport");
+const throttler_1 = require("@nestjs/throttler");
+const auth_service_1 = require("./auth.service");
+const auth_controller_1 = require("./auth.controller");
+const jwks_controller_1 = require("./jwks.controller");
+const password_service_1 = require("./services/password.service");
+const token_service_1 = require("./services/token.service");
+const jwt_strategy_1 = require("./strategies/jwt.strategy");
+const jwt_auth_guard_1 = require("./guards/jwt-auth.guard");
+const roles_guard_1 = require("./guards/roles.guard");
+const users_module_1 = require("../users/users.module");
+const redis_module_1 = require("../redis/redis.module");
+const prisma_module_1 = require("../prisma/prisma.module");
+let AuthModule = class AuthModule {
+};
+exports.AuthModule = AuthModule;
+exports.AuthModule = AuthModule = __decorate([
+    (0, common_1.Module)({
+        imports: [
+            passport_1.PassportModule,
+            jwt_1.JwtModule.register({}),
+            throttler_1.ThrottlerModule.forRoot([
+                {
+                    ttl: 60000,
+                    limit: 10,
+                },
+            ]),
+            users_module_1.UsersModule,
+            redis_module_1.RedisModule,
+            prisma_module_1.PrismaModule,
+        ],
+        controllers: [auth_controller_1.AuthController, jwks_controller_1.JwksController],
+        providers: [
+            auth_service_1.AuthService,
+            password_service_1.PasswordService,
+            token_service_1.TokenService,
+            jwt_strategy_1.JwtStrategy,
+            jwt_auth_guard_1.JwtAuthGuard,
+            roles_guard_1.RolesGuard,
+        ],
+        exports: [auth_service_1.AuthService, jwt_auth_guard_1.JwtAuthGuard, roles_guard_1.RolesGuard],
+    })
+], AuthModule);
+//# sourceMappingURL=auth.module.js.map

package/dist/auth/auth.module.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.module.js","sourceRoot":"","sources":["../../src/auth/auth.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAwC;AACxC,qCAAwC;AACxC,+CAAkD;AAClD,iDAAoD;AACpD,iDAA6C;AAC7C,uDAAmD;AACnD,uDAAmD;AACnD,kEAA8D;AAC9D,4DAAwD;AACxD,4DAAwD;AACxD,4DAAuD;AACvD,sDAAkD;AAClD,wDAAoD;AACpD,wDAAoD;AACpD,2DAAuD;AA2BhD,IAAM,UAAU,GAAhB,MAAM,UAAU;CAAG,CAAA;AAAb,gCAAU;qBAAV,UAAU;IAzBtB,IAAA,eAAM,EAAC;QACN,OAAO,EAAE;YACP,yBAAc;YACd,eAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YACtB,2BAAe,CAAC,OAAO,CAAC;gBACtB;oBACE,GAAG,EAAE,KAAK;oBACV,KAAK,EAAE,EAAE;iBACV;aACF,CAAC;YACF,0BAAW;YACX,0BAAW;YACX,4BAAY;SACb;QACD,WAAW,EAAE,CAAC,gCAAc,EAAE,gCAAc,CAAC;QAC7C,SAAS,EAAE;YACT,0BAAW;YACX,kCAAe;YACf,4BAAY;YACZ,0BAAW;YACX,6BAAY;YACZ,wBAAU;SACX;QACD,OAAO,EAAE,CAAC,0BAAW,EAAE,6BAAY,EAAE,wBAAU,CAAC;KACjD,CAAC;GACW,UAAU,CAAG"}

package/dist/auth/auth.service.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import { UsersService, SafeUser } from '../users/users.service';
+import { PasswordService } from './services/password.service';
+import { TokenService } from './services/token.service';
+import { RedisService } from '../redis/redis.service';
+import { PrismaService } from '../prisma/prisma.service';
+export interface AuthResult {
+    user: SafeUser;
+    accessToken: string;
+    refreshToken: string;
+}
+export declare class AuthService {
+    private readonly usersService;
+    private readonly passwordService;
+    private readonly tokenService;
+    private readonly redisService;
+    private readonly prisma;
+    constructor(usersService: UsersService, passwordService: PasswordService, tokenService: TokenService, redisService: RedisService, prisma: PrismaService);
+    register(email: string, password: string, fullName?: string, tenantId?: string): Promise<AuthResult>;
+    login(email: string, password: string): Promise<AuthResult>;
+    refresh(refreshToken: string): Promise<AuthResult>;
+    logout(userId: string): Promise<void>;
+    private revokeAllUserTokens;
+    requestPasswordReset(email: string): Promise<void>;
+    resetPassword(token: string, newPassword: string): Promise<void>;
+    verifyEmail(token: string): Promise<void>;
+}