@ofeklabs/horizon-auth 0.2.1 → 0.4.0

package/dist/two-factor/dto/enable-two-factor.dto.d.ts

@@ -0,0 +1,2 @@
+export declare class EnableTwoFactorDto {
+}

package/dist/two-factor/dto/enable-two-factor.dto.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnableTwoFactorDto = void 0;
+class EnableTwoFactorDto {
+}
+exports.EnableTwoFactorDto = EnableTwoFactorDto;
+//# sourceMappingURL=enable-two-factor.dto.js.map

package/dist/two-factor/dto/enable-two-factor.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"enable-two-factor.dto.js","sourceRoot":"","sources":["../../../src/two-factor/dto/enable-two-factor.dto.ts"],"names":[],"mappings":";;;AACA,MAAa,kBAAkB;CAAG;AAAlC,gDAAkC"}

package/dist/two-factor/dto/index.d.ts

@@ -0,0 +1,2 @@
+export * from './verify-two-factor-setup.dto';
+export * from './verify-two-factor-login.dto';

package/dist/two-factor/dto/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./verify-two-factor-setup.dto"), exports);
+__exportStar(require("./verify-two-factor-login.dto"), exports);
+//# sourceMappingURL=index.js.map

package/dist/two-factor/dto/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/two-factor/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,gEAA8C;AAC9C,gEAA8C"}

package/dist/two-factor/dto/two-factor-enabled-response.dto.d.ts

@@ -0,0 +1,3 @@
+export declare class TwoFactorEnabledResponseDto {
+    backupCodes: string[];
+}

package/dist/two-factor/dto/two-factor-enabled-response.dto.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TwoFactorEnabledResponseDto = void 0;
+class TwoFactorEnabledResponseDto {
+}
+exports.TwoFactorEnabledResponseDto = TwoFactorEnabledResponseDto;
+//# sourceMappingURL=two-factor-enabled-response.dto.js.map

package/dist/two-factor/dto/two-factor-enabled-response.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"two-factor-enabled-response.dto.js","sourceRoot":"","sources":["../../../src/two-factor/dto/two-factor-enabled-response.dto.ts"],"names":[],"mappings":";;;AAAA,MAAa,2BAA2B;CAEvC;AAFD,kEAEC"}

package/dist/two-factor/dto/two-factor-setup-response.dto.d.ts

@@ -0,0 +1,4 @@
+export declare class TwoFactorSetupResponseDto {
+    secret: string;
+    qrCode: string;
+}

package/dist/two-factor/dto/two-factor-setup-response.dto.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TwoFactorSetupResponseDto = void 0;
+class TwoFactorSetupResponseDto {
+}
+exports.TwoFactorSetupResponseDto = TwoFactorSetupResponseDto;
+//# sourceMappingURL=two-factor-setup-response.dto.js.map

package/dist/two-factor/dto/two-factor-setup-response.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"two-factor-setup-response.dto.js","sourceRoot":"","sources":["../../../src/two-factor/dto/two-factor-setup-response.dto.ts"],"names":[],"mappings":";;;AAAA,MAAa,yBAAyB;CAGrC;AAHD,8DAGC"}

package/dist/two-factor/dto/verify-two-factor-login.dto.d.ts

@@ -0,0 +1,3 @@
+export declare class VerifyTwoFactorLoginDto {
+    code: string;
+}

package/dist/two-factor/dto/verify-two-factor-login.dto.js

@@ -0,0 +1,22 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VerifyTwoFactorLoginDto = void 0;
+const class_validator_1 = require("class-validator");
+class VerifyTwoFactorLoginDto {
+}
+exports.VerifyTwoFactorLoginDto = VerifyTwoFactorLoginDto;
+__decorate([
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.Length)(6, 9),
+    __metadata("design:type", String)
+], VerifyTwoFactorLoginDto.prototype, "code", void 0);
+//# sourceMappingURL=verify-two-factor-login.dto.js.map

package/dist/two-factor/dto/verify-two-factor-login.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-two-factor-login.dto.js","sourceRoot":"","sources":["../../../src/two-factor/dto/verify-two-factor-login.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAmD;AAEnD,MAAa,uBAAuB;CAInC;AAJD,0DAIC;AADC;IAFC,IAAA,0BAAQ,GAAE;IACV,IAAA,wBAAM,EAAC,CAAC,EAAE,CAAC,CAAC;;qDACA"}

package/dist/two-factor/dto/verify-two-factor-setup.dto.d.ts

@@ -0,0 +1,3 @@
+export declare class VerifyTwoFactorSetupDto {
+    code: string;
+}

package/dist/two-factor/dto/verify-two-factor-setup.dto.js

@@ -0,0 +1,22 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VerifyTwoFactorSetupDto = void 0;
+const class_validator_1 = require("class-validator");
+class VerifyTwoFactorSetupDto {
+}
+exports.VerifyTwoFactorSetupDto = VerifyTwoFactorSetupDto;
+__decorate([
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.Length)(6, 6),
+    __metadata("design:type", String)
+], VerifyTwoFactorSetupDto.prototype, "code", void 0);
+//# sourceMappingURL=verify-two-factor-setup.dto.js.map

package/dist/two-factor/dto/verify-two-factor-setup.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-two-factor-setup.dto.js","sourceRoot":"","sources":["../../../src/two-factor/dto/verify-two-factor-setup.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAmD;AAEnD,MAAa,uBAAuB;CAInC;AAJD,0DAIC;AADC;IAFC,IAAA,0BAAQ,GAAE;IACV,IAAA,wBAAM,EAAC,CAAC,EAAE,CAAC,CAAC;;qDACA"}

package/dist/two-factor/two-factor.module.d.ts

@@ -0,0 +1,2 @@
+export declare class TwoFactorModule {
+}

package/dist/two-factor/two-factor.module.js

@@ -0,0 +1,23 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TwoFactorModule = void 0;
+const common_1 = require("@nestjs/common");
+const two_factor_service_1 = require("./two-factor.service");
+const prisma_module_1 = require("../prisma/prisma.module");
+let TwoFactorModule = class TwoFactorModule {
+};
+exports.TwoFactorModule = TwoFactorModule;
+exports.TwoFactorModule = TwoFactorModule = __decorate([
+    (0, common_1.Module)({
+        imports: [prisma_module_1.PrismaModule],
+        providers: [two_factor_service_1.TwoFactorService],
+        exports: [two_factor_service_1.TwoFactorService],
+    })
+], TwoFactorModule);
+//# sourceMappingURL=two-factor.module.js.map

package/dist/two-factor/two-factor.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"two-factor.module.js","sourceRoot":"","sources":["../../src/two-factor/two-factor.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAwC;AACxC,6DAAwD;AACxD,2DAAuD;AAOhD,IAAM,eAAe,GAArB,MAAM,eAAe;CAAG,CAAA;AAAlB,0CAAe;0BAAf,eAAe;IAL3B,IAAA,eAAM,EAAC;QACN,OAAO,EAAE,CAAC,4BAAY,CAAC;QACvB,SAAS,EAAE,CAAC,qCAAgB,CAAC;QAC7B,OAAO,EAAE,CAAC,qCAAgB,CAAC;KAC5B,CAAC;GACW,eAAe,CAAG"}

package/dist/two-factor/two-factor.service.d.ts

@@ -0,0 +1,19 @@
+import { PrismaService } from '../prisma/prisma.service';
+export declare class TwoFactorService {
+    private readonly prisma;
+    constructor(prisma: PrismaService);
+    generateTotpSecret(userId: string, issuer?: string): Promise<{
+        secret: string;
+        qrCode: string;
+    }>;
+    verifyTotpSetup(userId: string, code: string): Promise<boolean>;
+    enableTwoFactor(userId: string): Promise<{
+        backupCodes: string[];
+    }>;
+    disableTwoFactor(userId: string): Promise<void>;
+    verifyTotpCode(userId: string, code: string): Promise<boolean>;
+    verifyBackupCode(userId: string, code: string): Promise<boolean>;
+    regenerateBackupCodes(userId: string): Promise<string[]>;
+    isTwoFactorEnabled(userId: string): Promise<boolean>;
+    private generateBackupCodes;
+}

package/dist/two-factor/two-factor.service.js

@@ -0,0 +1,215 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TwoFactorService = void 0;
+const common_1 = require("@nestjs/common");
+const prisma_service_1 = require("../prisma/prisma.service");
+const otplib_1 = require("otplib");
+const QRCode = __importStar(require("qrcode"));
+const crypto = __importStar(require("crypto"));
+const bcrypt = __importStar(require("bcrypt"));
+let TwoFactorService = class TwoFactorService {
+    constructor(prisma) {
+        this.prisma = prisma;
+    }
+    async generateTotpSecret(userId, issuer = 'HorizonAuth') {
+        const user = await this.prisma.user.findUnique({
+            where: { id: userId },
+            select: { email: true },
+        });
+        if (!user) {
+            throw new Error('User not found');
+        }
+        const secret = await (0, otplib_1.generateSecret)();
+        const otpauthUrl = (0, otplib_1.generateURI)({
+            issuer,
+            label: user.email,
+            secret,
+        });
+        const qrCode = await QRCode.toDataURL(otpauthUrl);
+        await this.prisma.twoFactorAuth.upsert({
+            where: { userId },
+            create: {
+                userId,
+                totpSecret: secret,
+                enabled: false,
+            },
+            update: {
+                totpSecret: secret,
+                enabled: false,
+            },
+        });
+        return { secret, qrCode };
+    }
+    async verifyTotpSetup(userId, code) {
+        const twoFactorAuth = await this.prisma.twoFactorAuth.findUnique({
+            where: { userId },
+        });
+        if (!twoFactorAuth) {
+            return false;
+        }
+        const result = await (0, otplib_1.verify)({
+            token: code,
+            secret: twoFactorAuth.totpSecret,
+        });
+        return result.valid;
+    }
+    async enableTwoFactor(userId) {
+        const twoFactorAuth = await this.prisma.twoFactorAuth.findUnique({
+            where: { userId },
+        });
+        if (!twoFactorAuth) {
+            throw new Error('2FA setup not initiated');
+        }
+        const backupCodes = this.generateBackupCodes();
+        const hashedCodes = await Promise.all(backupCodes.map(async (code) => ({
+            userId,
+            codeHash: await bcrypt.hash(code, 10),
+            used: false,
+        })));
+        await this.prisma.$transaction([
+            this.prisma.twoFactorAuth.update({
+                where: { userId },
+                data: {
+                    enabled: true,
+                    enabledAt: new Date(),
+                },
+            }),
+            this.prisma.backupCode.createMany({
+                data: hashedCodes,
+            }),
+        ]);
+        return { backupCodes };
+    }
+    async disableTwoFactor(userId) {
+        await this.prisma.$transaction([
+            this.prisma.twoFactorAuth.delete({
+                where: { userId },
+            }),
+            this.prisma.backupCode.deleteMany({
+                where: { userId },
+            }),
+        ]);
+    }
+    async verifyTotpCode(userId, code) {
+        const twoFactorAuth = await this.prisma.twoFactorAuth.findUnique({
+            where: { userId, enabled: true },
+        });
+        if (!twoFactorAuth) {
+            return false;
+        }
+        const result = await (0, otplib_1.verify)({
+            token: code,
+            secret: twoFactorAuth.totpSecret,
+        });
+        return result.valid;
+    }
+    async verifyBackupCode(userId, code) {
+        const backupCodes = await this.prisma.backupCode.findMany({
+            where: { userId, used: false },
+        });
+        for (const backupCode of backupCodes) {
+            const isValid = await bcrypt.compare(code, backupCode.codeHash);
+            if (isValid) {
+                await this.prisma.backupCode.update({
+                    where: { id: backupCode.id },
+                    data: {
+                        used: true,
+                        usedAt: new Date(),
+                    },
+                });
+                return true;
+            }
+        }
+        return false;
+    }
+    async regenerateBackupCodes(userId) {
+        const twoFactorAuth = await this.prisma.twoFactorAuth.findUnique({
+            where: { userId, enabled: true },
+        });
+        if (!twoFactorAuth) {
+            throw new Error('2FA not enabled');
+        }
+        const backupCodes = this.generateBackupCodes();
+        const hashedCodes = await Promise.all(backupCodes.map(async (code) => ({
+            userId,
+            codeHash: await bcrypt.hash(code, 10),
+            used: false,
+        })));
+        await this.prisma.$transaction([
+            this.prisma.backupCode.deleteMany({
+                where: { userId },
+            }),
+            this.prisma.backupCode.createMany({
+                data: hashedCodes,
+            }),
+        ]);
+        return backupCodes;
+    }
+    async isTwoFactorEnabled(userId) {
+        const twoFactorAuth = await this.prisma.twoFactorAuth.findUnique({
+            where: { userId, enabled: true },
+        });
+        return !!twoFactorAuth;
+    }
+    generateBackupCodes() {
+        const codes = [];
+        const chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789';
+        for (let i = 0; i < 10; i++) {
+            let code = '';
+            const bytes = crypto.randomBytes(8);
+            for (let j = 0; j < 8; j++) {
+                code += chars[bytes[j] % chars.length];
+            }
+            codes.push(`${code.slice(0, 4)}-${code.slice(4)}`);
+        }
+        return codes;
+    }
+};
+exports.TwoFactorService = TwoFactorService;
+exports.TwoFactorService = TwoFactorService = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [prisma_service_1.PrismaService])
+], TwoFactorService);
+//# sourceMappingURL=two-factor.service.js.map

package/dist/two-factor/two-factor.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"two-factor.service.js","sourceRoot":"","sources":["../../src/two-factor/two-factor.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA4C;AAC5C,6DAAyD;AACzD,mCAA6D;AAC7D,+CAAiC;AACjC,+CAAiC;AACjC,+CAAiC;AAG1B,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;IAC3B,YAA6B,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAKtD,KAAK,CAAC,kBAAkB,CACtB,MAAc,EACd,SAAiB,aAAa;QAE9B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7C,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,MAAM,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;SACxB,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QAGD,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAc,GAAE,CAAC;QAGtC,MAAM,UAAU,GAAG,IAAA,oBAAW,EAAC;YAC7B,MAAM;YACN,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,MAAM;SACP,CAAC,CAAC;QAGH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAGlD,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC;YACrC,KAAK,EAAE,EAAE,MAAM,EAAE;YACjB,MAAM,EAAE;gBACN,MAAM;gBACN,UAAU,EAAE,MAAM;gBAClB,OAAO,EAAE,KAAK;aACf;YACD,MAAM,EAAE;gBACN,UAAU,EAAE,MAAM;gBAClB,OAAO,EAAE,KAAK;aACf;SACF,CAAC,CAAC;QAEH,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC5B,CAAC;IAKD,KAAK,CAAC,eAAe,CAAC,MAAc,EAAE,IAAY;QAChD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC;YAC/D,KAAK,EAAE,EAAE,MAAM,EAAE;SAClB,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,eAAM,EAAC;YAC1B,KAAK,EAAE,IAAI;YACX,MAAM,EAAE,aAAa,CAAC,UAAU;SACjC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAKD,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC;YAC/D,KAAK,EAAE,EAAE,MAAM,EAAE;SAClB,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAGD,MAAM,WAAW,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAG/C,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CACnC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;YAC/B,MAAM;YACN,QAAQ,EAAE,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;YACrC,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC,CACJ,CAAC;QAGF,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC;gBAC/B,KAAK,EAAE,EAAE,MAAM,EAAE;gBACjB,IAAI,EAAE;oBACJ,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI,IAAI,EAAE;iBACtB;aACF,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;gBAChC,IAAI,EAAE,WAAW;aAClB,CAAC;SACH,CAAC,CAAC;QAEH,OAAO,EAAE,WAAW,EAAE,CAAC;IACzB,CAAC;IAKD,KAAK,CAAC,gBAAgB,CAAC,MAAc;QACnC,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC;gBAC/B,KAAK,EAAE,EAAE,MAAM,EAAE;aAClB,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;gBAChC,KAAK,EAAE,EAAE,MAAM,EAAE;aAClB,CAAC;SACH,CAAC,CAAC;IACL,CAAC;IAKD,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,IAAY;QAC/C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC;YAC/D,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,eAAM,EAAC;YAC1B,KAAK,EAAE,IAAI;YACX,MAAM,EAAE,aAAa,CAAC,UAAU;SACjC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAKD,KAAK,CAAC,gBAAgB,CAAC,MAAc,EAAE,IAAY;QACjD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC;YACxD,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE;SAC/B,CAAC,CAAC;QAEH,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC;YAChE,IAAI,OAAO,EAAE,CAAC;gBAEZ,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;oBAClC,KAAK,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,EAAE;oBAC5B,IAAI,EAAE;wBACJ,IAAI,EAAE,IAAI;wBACV,MAAM,EAAE,IAAI,IAAI,EAAE;qBACnB;iBACF,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAKD,KAAK,CAAC,qBAAqB,CAAC,MAAc;QACxC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC;YAC/D,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;QAGD,MAAM,WAAW,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAG/C,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CACnC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;YAC/B,MAAM;YACN,QAAQ,EAAE,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;YACrC,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC,CACJ,CAAC;QAGF,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;gBAChC,KAAK,EAAE,EAAE,MAAM,EAAE;aAClB,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;gBAChC,IAAI,EAAE,WAAW;aAClB,CAAC;SACH,CAAC,CAAC;QAEH,OAAO,WAAW,CAAC;IACrB,CAAC;IAKD,KAAK,CAAC,kBAAkB,CAAC,MAAc;QACrC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC;YAC/D,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE;SACjC,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,aAAa,CAAC;IACzB,CAAC;IAKO,mBAAmB;QACzB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,kCAAkC,CAAC;QAEjD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,IAAI,IAAI,GAAG,EAAE,CAAC;YACd,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;YAEpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;YACzC,CAAC;YAGD,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;CACF,CAAA;AA/OY,4CAAgB;2BAAhB,gBAAgB;IAD5B,IAAA,mBAAU,GAAE;qCAE0B,8BAAa;GADvC,gBAAgB,CA+O5B"}

package/dist/users/users.service.d.ts

@@ -6,7 +6,7 @@ export declare class UsersService {
     constructor(prisma: PrismaService);
     findByEmail(email: string): Promise<User | null>;
     findById(id: string): Promise<User | null>;
-    create(email: string, passwordHash: string, tenantId?: string): Promise<User>;
+    create(email: string, passwordHash: string | null, tenantId?: string): Promise<User>;
     update(id: string, data: Partial<User>): Promise<User>;
     verifyEmail(token: string): Promise<User>;
     generateResetToken(email: string): Promise<string>;

package/dist/users/users.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"users.service.js","sourceRoot":"","sources":["../../src/users/users.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAkF;AAClF,6DAAyD;AAEzD,mCAAoC;AAK7B,IAAM,YAAY,GAAlB,MAAM,YAAY;IACvB,YAA6B,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAOtD,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YACjC,KAAK,EAAE,EAAE,KAAK,EAAE;YAChB,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE;SACjC,CAAC,CAAC;IACL,CAAC;IAOD,KAAK,CAAC,QAAQ,CAAC,EAAU;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YACjC,KAAK,EAAE,EAAE,EAAE,EAAE;YACb,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE;SACjC,CAAC,CAAC;IACL,CAAC;IASD,KAAK,CAAC,MAAM,CACV,KAAa,EACb,YAAoB,EACpB,QAAiB;QAGjB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,0BAAiB,CAAC,qCAAqC,CAAC,CAAC;QACrE,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,IAAI,EAAE;gBACJ,KAAK;gBACL,YAAY;gBACZ,gBAAgB,EAAE,IAAA,mBAAU,GAAE;gBAC9B,QAAQ,EAAE,QAAQ,IAAI,SAAS;gBAC/B,KAAK,EAAE,CAAC,MAAM,CAAC;aAChB;SACF,CAAC,CAAC;IACL,CAAC;IAQD,KAAK,CAAC,MAAM,CAAC,EAAU,EAAE,IAAmB;QAC1C,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,EAAE,EAAE,EAAE;YACb,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAOD,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7C,KAAK,EAAE,EAAE,gBAAgB,EAAE,KAAK,EAAE;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,0BAAiB,CAAC,4BAA4B,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,aAAa,EAAE,IAAI;gBACnB,gBAAgB,EAAE,IAAI;aACvB;SACF,CAAC,CAAC;IACL,CAAC;IAOD,KAAK,CAAC,kBAAkB,CAAC,KAAa;QACpC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,IAAI,EAAE,CAAC;YAEV,MAAM,IAAI,0BAAiB,CAAC,gDAAgD,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,UAAU,GAAG,IAAA,mBAAU,GAAE,CAAC;QAChC,MAAM,gBAAgB,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE/D,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC5B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,UAAU;gBACV,gBAAgB;aACjB;SACF,CAAC,CAAC;QAEH,OAAO,UAAU,CAAC;IACpB,CAAC;IAQD,KAAK,CAAC,aAAa,CAAC,KAAa,EAAE,eAAuB;QACxD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7C,KAAK,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAC1E,MAAM,IAAI,0BAAiB,CAAC,gCAAgC,CAAC,CAAC;QAChE,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,YAAY,EAAE,eAAe;gBAC7B,UAAU,EAAE,IAAI;gBAChB,gBAAgB,EAAE,IAAI;aACvB;SACF,CAAC,CAAC;IACL,CAAC;IAOD,UAAU,CAAC,IAAU;QACnB,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,UAAU,EAAE,gBAAgB,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAI,CAAC;QAC3F,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAA;AAxJY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;qCAE0B,8BAAa;GADvC,YAAY,CAwJxB"}
+{"version":3,"file":"users.service.js","sourceRoot":"","sources":["../../src/users/users.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAkF;AAClF,6DAAyD;AAEzD,mCAAoC;AAK7B,IAAM,YAAY,GAAlB,MAAM,YAAY;IACvB,YAA6B,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAOtD,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YACjC,KAAK,EAAE,EAAE,KAAK,EAAE;YAChB,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE;SACjC,CAAC,CAAC;IACL,CAAC;IAOD,KAAK,CAAC,QAAQ,CAAC,EAAU;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YACjC,KAAK,EAAE,EAAE,EAAE,EAAE;YACb,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE;SACjC,CAAC,CAAC;IACL,CAAC;IASD,KAAK,CAAC,MAAM,CACV,KAAa,EACb,YAA2B,EAC3B,QAAiB;QAGjB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,0BAAiB,CAAC,qCAAqC,CAAC,CAAC;QACrE,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,IAAI,EAAE;gBACJ,KAAK;gBACL,YAAY;gBACZ,gBAAgB,EAAE,IAAA,mBAAU,GAAE;gBAC9B,QAAQ,EAAE,QAAQ,IAAI,SAAS;gBAC/B,KAAK,EAAE,CAAC,MAAM,CAAC;aAChB;SACF,CAAC,CAAC;IACL,CAAC;IAQD,KAAK,CAAC,MAAM,CAAC,EAAU,EAAE,IAAmB;QAC1C,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,EAAE,EAAE,EAAE;YACb,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAOD,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7C,KAAK,EAAE,EAAE,gBAAgB,EAAE,KAAK,EAAE;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,0BAAiB,CAAC,4BAA4B,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,aAAa,EAAE,IAAI;gBACnB,gBAAgB,EAAE,IAAI;aACvB;SACF,CAAC,CAAC;IACL,CAAC;IAOD,KAAK,CAAC,kBAAkB,CAAC,KAAa;QACpC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,IAAI,EAAE,CAAC;YAEV,MAAM,IAAI,0BAAiB,CAAC,gDAAgD,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,UAAU,GAAG,IAAA,mBAAU,GAAE,CAAC;QAChC,MAAM,gBAAgB,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE/D,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC5B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,UAAU;gBACV,gBAAgB;aACjB;SACF,CAAC,CAAC;QAEH,OAAO,UAAU,CAAC;IACpB,CAAC;IAQD,KAAK,CAAC,aAAa,CAAC,KAAa,EAAE,eAAuB;QACxD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7C,KAAK,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAC1E,MAAM,IAAI,0BAAiB,CAAC,gCAAgC,CAAC,CAAC;QAChE,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,YAAY,EAAE,eAAe;gBAC7B,UAAU,EAAE,IAAI;gBAChB,gBAAgB,EAAE,IAAI;aACvB;SACF,CAAC,CAAC;IACL,CAAC;IAOD,UAAU,CAAC,IAAU;QACnB,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,UAAU,EAAE,gBAAgB,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAI,CAAC;QAC3F,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAA;AAxJY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;qCAE0B,8BAAa;GADvC,YAAY,CAwJxB"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@ofeklabs/horizon-auth",
-  "version": "0.2.1",
-  "description": "Production-ready NestJS authentication module with 2026 security standards",
+  "version": "0.4.0",
+  "description": "Production-ready NestJS authentication module with ENV-based configuration, 2FA, device management, and SSO support",
   "author": "Ofek Itzhaki",
   "license": "MIT",
   "main": "dist/index.js",
@@ -38,11 +38,18 @@
     "@nestjs/jwt": "^10.2.0",
     "@nestjs/throttler": "^5.1.0",
     "@node-rs/argon2": "^1.8.0",
+    "@types/bcrypt": "^6.0.0",
+    "bcrypt": "^6.0.0",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.1",
     "dotenv": "^17.3.1",
     "ioredis": "^5.3.2",
-    "pg": "^8.18.0"
+    "otplib": "^13.3.0",
+    "passport-facebook": "^3.0.0",
+    "passport-google-oauth20": "^2.0.0",
+    "pg": "^8.18.0",
+    "qrcode": "^1.5.4",
+    "ua-parser-js": "^2.0.9"
   },
   "devDependencies": {
     "@nestjs/cli": "^10.3.0",
@@ -50,7 +57,11 @@
     "@nestjs/testing": "^10.3.0",
     "@types/jest": "^29.5.11",
     "@types/node": "^20.11.0",
+    "@types/passport-facebook": "^3.0.4",
+    "@types/passport-google-oauth20": "^2.0.17",
     "@types/passport-jwt": "^4.0.0",
+    "@types/qrcode": "^1.5.6",
+    "@types/ua-parser-js": "^0.7.39",
     "@typescript-eslint/eslint-plugin": "^6.19.0",
     "@typescript-eslint/parser": "^6.19.0",
     "eslint": "^8.56.0",
@@ -69,7 +80,18 @@
     "refresh-token",
     "redis",
     "multi-tenant",
-    "security"
+    "security",
+    "2fa",
+    "totp",
+    "two-factor",
+    "device-management",
+    "push-notifications",
+    "account-management",
+    "social-login",
+    "oauth",
+    "sso",
+    "env-config",
+    "zero-config"
   ],
   "repository": {
     "type": "git",