@ofeklabs/horizon-auth 0.2.0 → 0.3.0

package/dist/account/account.module.d.ts

@@ -0,0 +1,2 @@
+export declare class AccountModule {
+}

package/dist/account/account.module.js

@@ -0,0 +1,23 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccountModule = void 0;
+const common_1 = require("@nestjs/common");
+const account_service_1 = require("./account.service");
+const prisma_module_1 = require("../prisma/prisma.module");
+let AccountModule = class AccountModule {
+};
+exports.AccountModule = AccountModule;
+exports.AccountModule = AccountModule = __decorate([
+    (0, common_1.Module)({
+        imports: [prisma_module_1.PrismaModule],
+        providers: [account_service_1.AccountService],
+        exports: [account_service_1.AccountService],
+    })
+], AccountModule);
+//# sourceMappingURL=account.module.js.map

package/dist/account/account.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"account.module.js","sourceRoot":"","sources":["../../src/account/account.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAwC;AACxC,uDAAmD;AACnD,2DAAuD;AAOhD,IAAM,aAAa,GAAnB,MAAM,aAAa;CAAG,CAAA;AAAhB,sCAAa;wBAAb,aAAa;IALzB,IAAA,eAAM,EAAC;QACN,OAAO,EAAE,CAAC,4BAAY,CAAC;QACvB,SAAS,EAAE,CAAC,gCAAc,CAAC;QAC3B,OAAO,EAAE,CAAC,gCAAc,CAAC;KAC1B,CAAC;GACW,aAAa,CAAG"}

package/dist/account/account.service.d.ts

@@ -0,0 +1,10 @@
+import { PrismaService } from '../prisma/prisma.service';
+export declare class AccountService {
+    private readonly prisma;
+    constructor(prisma: PrismaService);
+    deactivateAccount(userId: string, reason?: string): Promise<void>;
+    reactivateAccount(userId: string): Promise<void>;
+    reactivateAccountByEmail(email: string): Promise<string>;
+    deleteAccount(userId: string): Promise<void>;
+    isAccountActive(userId: string): Promise<boolean>;
+}

package/dist/account/account.service.js

@@ -0,0 +1,69 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccountService = void 0;
+const common_1 = require("@nestjs/common");
+const prisma_service_1 = require("../prisma/prisma.service");
+let AccountService = class AccountService {
+    constructor(prisma) {
+        this.prisma = prisma;
+    }
+    async deactivateAccount(userId, reason) {
+        await this.prisma.refreshToken.updateMany({
+            where: { userId, revoked: false },
+            data: { revoked: true },
+        });
+        await this.prisma.user.update({
+            where: { id: userId },
+            data: {
+                isActive: false,
+                deactivationReason: reason,
+            },
+        });
+    }
+    async reactivateAccount(userId) {
+        await this.prisma.user.update({
+            where: { id: userId },
+            data: {
+                isActive: true,
+                deactivationReason: null,
+            },
+        });
+    }
+    async reactivateAccountByEmail(email) {
+        const user = await this.prisma.user.findUnique({
+            where: { email },
+        });
+        if (!user) {
+            throw new Error('User not found');
+        }
+        await this.reactivateAccount(user.id);
+        return user.id;
+    }
+    async deleteAccount(userId) {
+        await this.prisma.user.delete({
+            where: { id: userId },
+        });
+    }
+    async isAccountActive(userId) {
+        const user = await this.prisma.user.findUnique({
+            where: { id: userId },
+            select: { isActive: true },
+        });
+        return user?.isActive ?? false;
+    }
+};
+exports.AccountService = AccountService;
+exports.AccountService = AccountService = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [prisma_service_1.PrismaService])
+], AccountService);
+//# sourceMappingURL=account.service.js.map

package/dist/account/account.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"account.service.js","sourceRoot":"","sources":["../../src/account/account.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4C;AAC5C,6DAAyD;AAGlD,IAAM,cAAc,GAApB,MAAM,cAAc;IACzB,YAA6B,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAKtD,KAAK,CAAC,iBAAiB,CAAC,MAAc,EAAE,MAAe;QAErD,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC;YACxC,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE;YACjC,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;SACxB,CAAC,CAAC;QAGH,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC5B,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE;gBACJ,QAAQ,EAAE,KAAK;gBACf,kBAAkB,EAAE,MAAM;aAC3B;SACF,CAAC,CAAC;IACL,CAAC;IAKD,KAAK,CAAC,iBAAiB,CAAC,MAAc;QACpC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC5B,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE;gBACJ,QAAQ,EAAE,IAAI;gBACd,kBAAkB,EAAE,IAAI;aACzB;SACF,CAAC,CAAC;IACL,CAAC;IAKD,KAAK,CAAC,wBAAwB,CAAC,KAAa;QAC1C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7C,KAAK,EAAE,EAAE,KAAK,EAAE;SACjB,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtC,OAAO,IAAI,CAAC,EAAE,CAAC;IACjB,CAAC;IAKD,KAAK,CAAC,aAAa,CAAC,MAAc;QAEhC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC5B,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;SACtB,CAAC,CAAC;IACL,CAAC;IAKD,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7C,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,MAAM,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE;SAC3B,CAAC,CAAC;QAEH,OAAO,IAAI,EAAE,QAAQ,IAAI,KAAK,CAAC;IACjC,CAAC;CACF,CAAA;AAzEY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,mBAAU,GAAE;qCAE0B,8BAAa;GADvC,cAAc,CAyE1B"}

package/dist/account/dto/deactivate-account.dto.d.ts

@@ -0,0 +1,3 @@
+export declare class DeactivateAccountDto {
+    reason?: string;
+}

package/dist/account/dto/deactivate-account.dto.js

@@ -0,0 +1,22 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DeactivateAccountDto = void 0;
+const class_validator_1 = require("class-validator");
+class DeactivateAccountDto {
+}
+exports.DeactivateAccountDto = DeactivateAccountDto;
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    __metadata("design:type", String)
+], DeactivateAccountDto.prototype, "reason", void 0);
+//# sourceMappingURL=deactivate-account.dto.js.map

package/dist/account/dto/deactivate-account.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deactivate-account.dto.js","sourceRoot":"","sources":["../../../src/account/dto/deactivate-account.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAuD;AAEvD,MAAa,oBAAoB;CAIhC;AAJD,oDAIC;AADC;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,GAAE;;oDACK"}

package/dist/account/dto/index.d.ts

@@ -0,0 +1 @@
+export * from './deactivate-account.dto';

package/dist/account/dto/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./deactivate-account.dto"), exports);
+//# sourceMappingURL=index.js.map

package/dist/account/dto/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/account/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2DAAyC"}

package/dist/auth/auth.controller.d.ts

@@ -4,16 +4,37 @@ import { RegisterDto } from './dto/register.dto';
 import { LoginDto } from './dto/login.dto';
 import { RequestPasswordResetDto, ResetPasswordDto, VerifyEmailDto } from './dto/password-reset.dto';
 import { SafeUser } from '../users/users.service';
+import { TwoFactorService } from '../two-factor/two-factor.service';
+import { VerifyTwoFactorSetupDto } from '../two-factor/dto/verify-two-factor-setup.dto';
+import { AccountService } from '../account/account.service';
+import { DeactivateAccountDto } from '../account/dto/deactivate-account.dto';
+import { SocialAuthService } from '../social-auth/social-auth.service';
+import { GoogleCallbackDto, FacebookCallbackDto } from '../social-auth/dto';
+import { PushTokenService } from '../push-tokens/push-token.service';
+import { RegisterPushTokenDto } from '../push-tokens/dto/register-push-token.dto';
+import { DeviceService } from '../devices/device.service';
 export declare class AuthController {
     private readonly authService;
-    constructor(authService: AuthService);
+    private readonly twoFactorService?;
+    private readonly accountService?;
+    private readonly socialAuthService?;
+    private readonly pushTokenService?;
+    private readonly deviceService?;
+    constructor(authService: AuthService, twoFactorService?: TwoFactorService | undefined, accountService?: AccountService | undefined, socialAuthService?: SocialAuthService | undefined, pushTokenService?: PushTokenService | undefined, deviceService?: DeviceService | undefined);
     register(registerDto: RegisterDto, response: Response): Promise<{
         user: SafeUser;
         accessToken: string;
     }>;
-    login(loginDto: LoginDto, response: Response): Promise<{
+    login(loginDto: LoginDto, request: Request, response: Response): Promise<{
+        requiresTwoFactor: boolean;
+        userId: string;
+        user?: undefined;
+        accessToken?: undefined;
+    } | {
         user: SafeUser;
         accessToken: string;
+        requiresTwoFactor?: undefined;
+        userId?: undefined;
     }>;
     refresh(request: Request, response: Response): Promise<{
         user: SafeUser;
@@ -32,5 +53,63 @@ export declare class AuthController {
     verifyEmail(dto: VerifyEmailDto): Promise<{
         message: string;
     }>;
+    verifyTwoFactorLogin(dto: {
+        userId: string;
+        code: string;
+    }, request: Request, response: Response): Promise<{
+        user: SafeUser;
+        accessToken: string;
+    }>;
+    enableTwoFactor(user: SafeUser): Promise<{
+        secret: string;
+        qrCode: string;
+    }>;
+    verifyTwoFactorSetup(user: SafeUser, dto: VerifyTwoFactorSetupDto): Promise<{
+        backupCodes: string[];
+    }>;
+    disableTwoFactor(user: SafeUser): Promise<{
+        message: string;
+    }>;
+    regenerateBackupCodes(user: SafeUser): Promise<{
+        backupCodes: string[];
+    }>;
+    googleCallback(dto: GoogleCallbackDto, response: Response): Promise<void>;
+    facebookCallback(dto: FacebookCallbackDto, response: Response): Promise<void>;
+    registerPushToken(user: SafeUser, dto: RegisterPushTokenDto): Promise<{
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        userId: string;
+        token: string;
+        deviceId: string;
+        tokenType: string;
+        active: boolean;
+    }>;
+    revokePushToken(user: SafeUser, tokenId: string): Promise<{
+        message: string;
+    }>;
+    getDevices(user: SafeUser, request: Request): Promise<import("../devices/device.service").DeviceResponse[]>;
+    revokeDevice(user: SafeUser, deviceId: string): Promise<{
+        message: string;
+    }>;
+    deactivateAccount(user: SafeUser, dto: DeactivateAccountDto, response: Response): Promise<{
+        message: string;
+    }>;
+    reactivateAccount(dto: {
+        email: string;
+        password: string;
+    }): Promise<{
+        user: SafeUser;
+        accessToken: string;
+        refreshToken: string;
+        message: string;
+    } | {
+        requiresTwoFactor: true;
+        userId: string;
+        message: string;
+    }>;
+    deleteAccount(user: SafeUser, response: Response): Promise<{
+        message: string;
+    }>;
     private setRefreshTokenCookie;
 }

package/dist/auth/auth.controller.js

@@ -22,9 +22,25 @@ const password_reset_dto_1 = require("./dto/password-reset.dto");
 const jwt_auth_guard_1 = require("./guards/jwt-auth.guard");
 const public_decorator_1 = require("../common/decorators/public.decorator");
 const current_user_decorator_1 = require("../common/decorators/current-user.decorator");
+const two_factor_service_1 = require("../two-factor/two-factor.service");
+const verify_two_factor_setup_dto_1 = require("../two-factor/dto/verify-two-factor-setup.dto");
+const account_service_1 = require("../account/account.service");
+const deactivate_account_dto_1 = require("../account/dto/deactivate-account.dto");
+const social_auth_service_1 = require("../social-auth/social-auth.service");
+const dto_1 = require("../social-auth/dto");
+const push_token_service_1 = require("../push-tokens/push-token.service");
+const register_push_token_dto_1 = require("../push-tokens/dto/register-push-token.dto");
+const device_service_1 = require("../devices/device.service");
+const common_2 = require("@nestjs/common");
+const exceptions_1 = require("../common/exceptions");
 let AuthController = class AuthController {
-    constructor(authService) {
+    constructor(authService, twoFactorService, accountService, socialAuthService, pushTokenService, deviceService) {
         this.authService = authService;
+        this.twoFactorService = twoFactorService;
+        this.accountService = accountService;
+        this.socialAuthService = socialAuthService;
+        this.pushTokenService = pushTokenService;
+        this.deviceService = deviceService;
     }
     async register(registerDto, response) {
         const result = await this.authService.register(registerDto.email, registerDto.password, registerDto.fullName, registerDto.tenantId);
@@ -34,8 +50,18 @@ let AuthController = class AuthController {
             accessToken: result.accessToken,
         };
     }
-    async login(loginDto, response) {
-        const result = await this.authService.login(loginDto.email, loginDto.password);
+    async login(loginDto, request, response) {
+        const deviceInfo = {
+            userAgent: request.headers['user-agent'],
+            ip: request.ip || request.socket.remoteAddress,
+        };
+        const result = await this.authService.login(loginDto.email, loginDto.password, deviceInfo);
+        if ('requiresTwoFactor' in result) {
+            return {
+                requiresTwoFactor: true,
+                userId: result.userId,
+            };
+        }
         this.setRefreshTokenCookie(response, result.refreshToken);
         return {
             user: result.user,
@@ -78,6 +104,127 @@ let AuthController = class AuthController {
         await this.authService.verifyEmail(dto.token);
         return { message: 'Email verified successfully' };
     }
+    async verifyTwoFactorLogin(dto, request, response) {
+        const deviceInfo = {
+            userAgent: request.headers['user-agent'],
+            ip: request.ip || request.socket.remoteAddress,
+        };
+        const result = await this.authService.verifyTwoFactorLogin(dto.userId, dto.code, deviceInfo);
+        this.setRefreshTokenCookie(response, result.refreshToken);
+        return {
+            user: result.user,
+            accessToken: result.accessToken,
+        };
+    }
+    async enableTwoFactor(user) {
+        if (!this.twoFactorService) {
+            throw new exceptions_1.FeatureDisabledException('Two-factor authentication');
+        }
+        const result = await this.twoFactorService.generateTotpSecret(user.id);
+        return result;
+    }
+    async verifyTwoFactorSetup(user, dto) {
+        if (!this.twoFactorService) {
+            throw new exceptions_1.FeatureDisabledException('Two-factor authentication');
+        }
+        const isValid = await this.twoFactorService.verifyTotpSetup(user.id, dto.code);
+        if (!isValid) {
+            throw new Error('Invalid 2FA code');
+        }
+        const result = await this.twoFactorService.enableTwoFactor(user.id);
+        return result;
+    }
+    async disableTwoFactor(user) {
+        if (!this.twoFactorService) {
+            throw new exceptions_1.FeatureDisabledException('Two-factor authentication');
+        }
+        await this.twoFactorService.disableTwoFactor(user.id);
+        return { message: '2FA disabled successfully' };
+    }
+    async regenerateBackupCodes(user) {
+        if (!this.twoFactorService) {
+            throw new exceptions_1.FeatureDisabledException('Two-factor authentication');
+        }
+        const backupCodes = await this.twoFactorService.regenerateBackupCodes(user.id);
+        return { backupCodes };
+    }
+    async googleCallback(dto, response) {
+        throw new Error('Google OAuth not fully implemented - requires OAuth code exchange');
+    }
+    async facebookCallback(dto, response) {
+        throw new Error('Facebook OAuth not fully implemented - requires OAuth code exchange');
+    }
+    async registerPushToken(user, dto) {
+        if (!this.pushTokenService) {
+            throw new exceptions_1.FeatureDisabledException('Push notifications');
+        }
+        if (!dto.deviceId) {
+            throw new Error('Device ID is required');
+        }
+        const pushToken = await this.pushTokenService.registerPushToken({
+            userId: user.id,
+            token: dto.token,
+            tokenType: dto.tokenType,
+            deviceId: dto.deviceId,
+        });
+        return pushToken;
+    }
+    async revokePushToken(user, tokenId) {
+        if (!this.pushTokenService) {
+            throw new exceptions_1.FeatureDisabledException('Push notifications');
+        }
+        await this.pushTokenService.revokePushToken(tokenId);
+        return { message: 'Push token revoked successfully' };
+    }
+    async getDevices(user, request) {
+        if (!this.deviceService) {
+            throw new exceptions_1.FeatureDisabledException('Device management');
+        }
+        const devices = await this.deviceService.getUserDevices(user.id);
+        return devices;
+    }
+    async revokeDevice(user, deviceId) {
+        if (!this.deviceService) {
+            throw new exceptions_1.FeatureDisabledException('Device management');
+        }
+        await this.deviceService.revokeDevice(user.id, deviceId);
+        return { message: 'Device revoked successfully' };
+    }
+    async deactivateAccount(user, dto, response) {
+        if (!this.accountService) {
+            throw new exceptions_1.FeatureDisabledException('Account management');
+        }
+        await this.accountService.deactivateAccount(user.id, dto.reason);
+        response.clearCookie('refreshToken', {
+            httpOnly: true,
+            secure: process.env.NODE_ENV === 'production',
+            sameSite: 'strict',
+        });
+        return { message: 'Account deactivated successfully' };
+    }
+    async reactivateAccount(dto) {
+        if (!this.accountService) {
+            throw new exceptions_1.FeatureDisabledException('Account management');
+        }
+        await this.accountService.reactivateAccountByEmail(dto.email);
+        const result = await this.authService.login(dto.email, dto.password);
+        return {
+            message: 'Account reactivated successfully',
+            ...result,
+        };
+    }
+    async deleteAccount(user, response) {
+        if (!this.accountService) {
+            throw new exceptions_1.FeatureDisabledException('Account management');
+        }
+        await this.accountService.deleteAccount(user.id);
+        response.clearCookie('refreshToken', {
+            httpOnly: true,
+            secure: process.env.NODE_ENV === 'production',
+            sameSite: 'strict',
+        });
+        return { message: 'Account deleted successfully' };
+    }
     setRefreshTokenCookie(response, refreshToken) {
         response.cookie('refreshToken', refreshToken, {
             httpOnly: true,
@@ -105,9 +252,10 @@ __decorate([
     (0, common_1.Post)('login'),
     (0, common_1.HttpCode)(common_1.HttpStatus.OK),
     __param(0, (0, common_1.Body)()),
-    __param(1, (0, common_1.Res)({ passthrough: true })),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)({ passthrough: true })),
     __metadata("design:type", Function),
-    __metadata("design:paramtypes", [login_dto_1.LoginDto, Object]),
+    __metadata("design:paramtypes", [login_dto_1.LoginDto, Object, Object]),
     __metadata("design:returntype", Promise)
 ], AuthController.prototype, "login", null);
 __decorate([
@@ -166,8 +314,158 @@ __decorate([
     __metadata("design:paramtypes", [password_reset_dto_1.VerifyEmailDto]),
     __metadata("design:returntype", Promise)
 ], AuthController.prototype, "verifyEmail", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, throttler_1.Throttle)({ default: { limit: 5, ttl: 60000 } }),
+    (0, common_1.Post)('2fa/verify-login'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "verifyTwoFactorLogin", null);
+__decorate([
+    (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard),
+    (0, common_1.Post)('2fa/enable'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "enableTwoFactor", null);
+__decorate([
+    (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard),
+    (0, common_1.Post)('2fa/verify'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __param(1, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, verify_two_factor_setup_dto_1.VerifyTwoFactorSetupDto]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "verifyTwoFactorSetup", null);
+__decorate([
+    (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard),
+    (0, common_1.Post)('2fa/disable'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "disableTwoFactor", null);
+__decorate([
+    (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard),
+    (0, common_1.Post)('2fa/backup-codes/regenerate'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "regenerateBackupCodes", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, throttler_1.Throttle)({ default: { limit: 5, ttl: 60000 } }),
+    (0, common_1.Post)('social/google'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [dto_1.GoogleCallbackDto, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "googleCallback", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, throttler_1.Throttle)({ default: { limit: 5, ttl: 60000 } }),
+    (0, common_1.Post)('social/facebook'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [dto_1.FacebookCallbackDto, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "facebookCallback", null);
+__decorate([
+    (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard),
+    (0, common_1.Post)('push-tokens'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.CREATED),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __param(1, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, register_push_token_dto_1.RegisterPushTokenDto]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "registerPushToken", null);
+__decorate([
+    (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard),
+    (0, common_1.Delete)('push-tokens/:tokenId'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __param(1, (0, common_1.Param)('tokenId')),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, String]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "revokePushToken", null);
+__decorate([
+    (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard),
+    (0, common_1.Get)('devices'),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __param(1, (0, common_1.Req)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "getDevices", null);
+__decorate([
+    (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    (0, common_1.Post)('devices/:deviceId/revoke'),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __param(1, (0, common_1.Param)('deviceId')),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, String]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "revokeDevice", null);
+__decorate([
+    (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard),
+    (0, common_1.Post)('account/deactivate'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __param(1, (0, common_1.Body)()),
+    __param(2, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, deactivate_account_dto_1.DeactivateAccountDto, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "deactivateAccount", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, common_1.Post)('account/reactivate'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "reactivateAccount", null);
+__decorate([
+    (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard),
+    (0, common_1.Delete)('account'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __param(1, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "deleteAccount", null);
 exports.AuthController = AuthController = __decorate([
     (0, common_1.Controller)('auth'),
-    __metadata("design:paramtypes", [auth_service_1.AuthService])
+    __param(1, (0, common_2.Optional)()),
+    __param(2, (0, common_2.Optional)()),
+    __param(3, (0, common_2.Optional)()),
+    __param(4, (0, common_2.Optional)()),
+    __param(5, (0, common_2.Optional)()),
+    __metadata("design:paramtypes", [auth_service_1.AuthService,
+        two_factor_service_1.TwoFactorService,
+        account_service_1.AccountService,
+        social_auth_service_1.SocialAuthService,
+        push_token_service_1.PushTokenService,
+        device_service_1.DeviceService])
 ], AuthController);
 //# sourceMappingURL=auth.controller.js.map