@ofeklabs/horizon-auth 1.0.6 → 1.0.8

package/dist/users/users.service.d.ts

@@ -1,9 +1,27 @@
 import { PrismaClient } from '@prisma/client';
 import { User } from '@prisma/client';
+import { HorizonAuthConfig } from '../lib/horizon-auth-config.interface';
 export type SafeUser = Omit<User, 'passwordHash' | 'emailVerifyToken' | 'resetToken' | 'resetTokenExpiry'>;
 export declare class UsersService {
+    private readonly config;
     private readonly prisma;
-    constructor(prisma: PrismaClient);
+    constructor(prisma: PrismaClient, config: HorizonAuthConfig);
+    private generateOtp;
+    generateEmailVerificationOtp(userId: string, otpLength: number, expiryMinutes: number): Promise<{
+        otp: string;
+        expiresAt: Date;
+    }>;
+    verifyEmailWithOtp(email: string, otp: string): Promise<User>;
+    resendVerification(email: string): Promise<{
+        otp?: string;
+        token?: string;
+        expiresAt: Date;
+    }>;
+    generatePasswordResetOtp(email: string, otpLength: number, expiryMinutes: number): Promise<{
+        otp: string;
+        expiresAt: Date;
+    }>;
+    verifyPasswordResetOtp(email: string, otp: string): Promise<User>;
     findByEmail(email: string): Promise<User | null>;
     findById(id: string): Promise<User | null>;
     create(email: string, passwordHash: string | null, tenantId?: string): Promise<User>;

package/dist/users/users.service.js

@@ -18,7 +18,8 @@ const client_1 = require("@prisma/client");
 const crypto_1 = require("crypto");
 const constants_1 = require("../common/constants");
 let UsersService = class UsersService {
-    constructor(prisma) {
+    constructor(prisma, config) {
+        this.config = config;
         this.prisma = prisma;
         console.log('🔍 UsersService constructor - prisma type:', prisma?.constructor?.name);
         console.log('🔍 UsersService constructor - prisma defined:', !!prisma);
@@ -29,6 +30,150 @@ let UsersService = class UsersService {
                 `Please ensure your application's PrismaModule is @Global() and provides PRISMA_CLIENT_TOKEN before HorizonAuthModule.`);
         }
     }
+    generateOtp(length) {
+        const min = Math.pow(10, length - 1);
+        const max = Math.pow(10, length) - 1;
+        const otp = (0, crypto_1.randomInt)(min, max + 1);
+        return otp.toString().padStart(length, '0');
+    }
+    async generateEmailVerificationOtp(userId, otpLength, expiryMinutes) {
+        const otp = this.generateOtp(otpLength);
+        const now = new Date();
+        const expiresAt = new Date(now.getTime() + expiryMinutes * 60 * 1000);
+        const sentAt = now;
+        await this.prisma.user.update({
+            where: { id: userId },
+            data: {
+                emailVerificationOtp: otp,
+                emailVerificationExpiresAt: expiresAt,
+                emailVerificationSentAt: sentAt,
+                emailVerificationAttempts: 0,
+            },
+        });
+        return { otp, expiresAt };
+    }
+    async verifyEmailWithOtp(email, otp) {
+        const user = await this.findByEmail(email);
+        if (!user) {
+            throw new common_1.NotFoundException('User not found');
+        }
+        if (!user.emailVerificationOtp) {
+            throw new common_1.NotFoundException('No pending email verification found');
+        }
+        if (!user.emailVerificationExpiresAt || user.emailVerificationExpiresAt < new Date()) {
+            throw new common_1.BadRequestException('Verification code has expired');
+        }
+        if (user.emailVerificationAttempts >= 5) {
+            throw new common_1.BadRequestException('Too many failed attempts. Please request a new verification code');
+        }
+        if (user.emailVerificationOtp !== otp) {
+            await this.prisma.user.update({
+                where: { id: user.id },
+                data: {
+                    emailVerificationAttempts: user.emailVerificationAttempts + 1,
+                },
+            });
+            throw new common_1.BadRequestException('Invalid verification code');
+        }
+        return this.prisma.user.update({
+            where: { id: user.id },
+            data: {
+                emailVerified: true,
+                emailVerificationOtp: null,
+                emailVerificationExpiresAt: null,
+                emailVerificationSentAt: null,
+                emailVerificationAttempts: 0,
+            },
+        });
+    }
+    async resendVerification(email) {
+        const user = await this.findByEmail(email);
+        if (!user) {
+            throw new common_1.NotFoundException('User not found');
+        }
+        if (user.emailVerificationSentAt) {
+            const timeSinceLastSend = Date.now() - user.emailVerificationSentAt.getTime();
+            const rateLimitMs = 60 * 1000;
+            if (timeSinceLastSend < rateLimitMs) {
+                throw new common_1.BadRequestException('Please wait before requesting another verification code');
+            }
+        }
+        const verificationConfig = this.config.emailVerification || { method: 'otp' };
+        const method = verificationConfig.method || 'otp';
+        const otpLength = verificationConfig.otpLength || 6;
+        const otpExpiry = verificationConfig.otpExpiry || 10;
+        const tokenExpiry = verificationConfig.tokenExpiry || 24;
+        const now = new Date();
+        let otp;
+        let token;
+        let expiresAt;
+        const updateData = {
+            emailVerificationSentAt: now,
+        };
+        if (method === 'otp' || method === 'both') {
+            otp = this.generateOtp(otpLength);
+            expiresAt = new Date(now.getTime() + otpExpiry * 60 * 1000);
+            updateData.emailVerificationOtp = otp;
+            updateData.emailVerificationExpiresAt = expiresAt;
+            updateData.emailVerificationAttempts = 0;
+        }
+        if (method === 'magic-link' || method === 'both') {
+            token = (0, crypto_1.randomUUID)();
+            expiresAt = new Date(now.getTime() + tokenExpiry * 60 * 60 * 1000);
+            updateData.emailVerifyToken = token;
+        }
+        if (!expiresAt) {
+            expiresAt = new Date(now.getTime() + otpExpiry * 60 * 1000);
+        }
+        await this.prisma.user.update({
+            where: { id: user.id },
+            data: updateData,
+        });
+        return { otp, token, expiresAt };
+    }
+    async generatePasswordResetOtp(email, otpLength, expiryMinutes) {
+        const user = await this.findByEmail(email);
+        if (!user) {
+            throw new common_1.NotFoundException('If the email exists, a reset code will be sent');
+        }
+        const otp = this.generateOtp(otpLength);
+        const now = new Date();
+        const expiresAt = new Date(now.getTime() + expiryMinutes * 60 * 1000);
+        await this.prisma.user.update({
+            where: { id: user.id },
+            data: {
+                passwordResetOtp: otp,
+                passwordResetOtpExpiresAt: expiresAt,
+                passwordResetOtpAttempts: 0,
+            },
+        });
+        return { otp, expiresAt };
+    }
+    async verifyPasswordResetOtp(email, otp) {
+        const user = await this.findByEmail(email);
+        if (!user) {
+            throw new common_1.NotFoundException('User not found');
+        }
+        if (!user.passwordResetOtp) {
+            throw new common_1.NotFoundException('No pending password reset found');
+        }
+        if (!user.passwordResetOtpExpiresAt || user.passwordResetOtpExpiresAt < new Date()) {
+            throw new common_1.BadRequestException('Reset code has expired');
+        }
+        if (user.passwordResetOtpAttempts >= 5) {
+            throw new common_1.BadRequestException('Too many failed attempts. Please request a new reset code');
+        }
+        if (user.passwordResetOtp !== otp) {
+            await this.prisma.user.update({
+                where: { id: user.id },
+                data: {
+                    passwordResetOtpAttempts: user.passwordResetOtpAttempts + 1,
+                },
+            });
+            throw new common_1.BadRequestException('Invalid reset code');
+        }
+        return user;
+    }
     async findByEmail(email) {
         console.log('🔍 findByEmail called - this.prisma defined:', !!this.prisma);
         console.log('🔍 findByEmail called - this.prisma type:', this.prisma?.constructor?.name);
@@ -51,14 +196,31 @@ let UsersService = class UsersService {
         if (existingUser) {
             throw new common_1.ConflictException('User with this email already exists');
         }
+        const verificationConfig = this.config.emailVerification || { method: 'otp' };
+        const method = verificationConfig.method || 'otp';
+        const otpLength = verificationConfig.otpLength || 6;
+        const otpExpiry = verificationConfig.otpExpiry || 10;
+        const tokenExpiry = verificationConfig.tokenExpiry || 24;
+        const now = new Date();
+        const createData = {
+            email,
+            passwordHash,
+            tenantId: tenantId || 'default',
+            roles: ['user'],
+        };
+        if (method === 'otp' || method === 'both') {
+            const otp = this.generateOtp(otpLength);
+            const expiresAt = new Date(now.getTime() + otpExpiry * 60 * 1000);
+            createData.emailVerificationOtp = otp;
+            createData.emailVerificationExpiresAt = expiresAt;
+            createData.emailVerificationSentAt = now;
+            createData.emailVerificationAttempts = 0;
+        }
+        if (method === 'magic-link' || method === 'both') {
+            createData.emailVerifyToken = (0, crypto_1.randomUUID)();
+        }
         return this.prisma.user.create({
-            data: {
-                email,
-                passwordHash,
-                emailVerifyToken: (0, crypto_1.randomUUID)(),
-                tenantId: tenantId || 'default',
-                roles: ['user'],
-            },
+            data: createData,
         });
     }
     async update(id, data) {
@@ -123,6 +285,7 @@ exports.UsersService = UsersService;
 exports.UsersService = UsersService = __decorate([
     (0, common_1.Injectable)(),
     __param(0, (0, common_1.Inject)(constants_1.PRISMA_CLIENT_TOKEN)),
-    __metadata("design:paramtypes", [client_1.PrismaClient])
+    __param(1, (0, common_1.Inject)('HORIZON_AUTH_CONFIG')),
+    __metadata("design:paramtypes", [client_1.PrismaClient, Object])
 ], UsersService);
 //# sourceMappingURL=users.service.js.map

package/dist/users/users.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"users.service.js","sourceRoot":"","sources":["../../src/users/users.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAA0F;AAC1F,2CAA8C;AAE9C,mCAAoC;AACpC,mDAA0D;AAKnD,IAAM,YAAY,GAAlB,MAAM,YAAY;IAGvB,YAAyC,MAAoB;QAC3D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,4CAA4C,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;QACrF,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,oDAAoD,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjF,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,wDAAwD;gBACxD,iBAAiB,+BAAmB,KAAK;gBACzC,uHAAuH,CACxH,CAAC;QACJ,CAAC;IACH,CAAC;IAOD,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,OAAO,CAAC,GAAG,CAAC,8CAA8C,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,2CAA2C,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;QACzF,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YACjC,KAAK,EAAE,EAAE,KAAK,EAAE;YAChB,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE;SACjC,CAAC,CAAC;IACL,CAAC;IAOD,KAAK,CAAC,QAAQ,CAAC,EAAU;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YACjC,KAAK,EAAE,EAAE,EAAE,EAAE;YACb,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE;SACjC,CAAC,CAAC;IACL,CAAC;IASD,KAAK,CAAC,MAAM,CACV,KAAa,EACb,YAA2B,EAC3B,QAAiB;QAGjB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,0BAAiB,CAAC,qCAAqC,CAAC,CAAC;QACrE,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,IAAI,EAAE;gBACJ,KAAK;gBACL,YAAY;gBACZ,gBAAgB,EAAE,IAAA,mBAAU,GAAE;gBAC9B,QAAQ,EAAE,QAAQ,IAAI,SAAS;gBAC/B,KAAK,EAAE,CAAC,MAAM,CAAC;aAChB;SACF,CAAC,CAAC;IACL,CAAC;IAQD,KAAK,CAAC,MAAM,CAAC,EAAU,EAAE,IAAmB;QAC1C,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,EAAE,EAAE,EAAE;YACb,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAOD,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7C,KAAK,EAAE,EAAE,gBAAgB,EAAE,KAAK,EAAE;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,0BAAiB,CAAC,4BAA4B,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,aAAa,EAAE,IAAI;gBACnB,gBAAgB,EAAE,IAAI;aACvB;SACF,CAAC,CAAC;IACL,CAAC;IAOD,KAAK,CAAC,kBAAkB,CAAC,KAAa;QACpC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,IAAI,EAAE,CAAC;YAEV,MAAM,IAAI,0BAAiB,CAAC,gDAAgD,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,UAAU,GAAG,IAAA,mBAAU,GAAE,CAAC;QAChC,MAAM,gBAAgB,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE/D,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC5B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,UAAU;gBACV,gBAAgB;aACjB;SACF,CAAC,CAAC;QAEH,OAAO,UAAU,CAAC;IACpB,CAAC;IAQD,KAAK,CAAC,aAAa,CAAC,KAAa,EAAE,eAAuB;QACxD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7C,KAAK,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAC1E,MAAM,IAAI,0BAAiB,CAAC,gCAAgC,CAAC,CAAC;QAChE,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,YAAY,EAAE,eAAe;gBAC7B,UAAU,EAAE,IAAI;gBAChB,gBAAgB,EAAE,IAAI;aACvB;SACF,CAAC,CAAC;IACL,CAAC;IAOD,UAAU,CAAC,IAAU;QACnB,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,UAAU,EAAE,gBAAgB,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAI,CAAC;QAC3F,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAA;AA3KY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;IAIE,WAAA,IAAA,eAAM,EAAC,+BAAmB,CAAC,CAAA;qCAAS,qBAAY;GAHlD,YAAY,CA2KxB"}
+{"version":3,"file":"users.service.js","sourceRoot":"","sources":["../../src/users/users.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAA+G;AAC/G,2CAA8C;AAE9C,mCAA+C;AAC/C,mDAA0D;AAMnD,IAAM,YAAY,GAAlB,MAAM,YAAY;IAGvB,YAC+B,MAAoB,EACD,MAAyB;QAAzB,WAAM,GAAN,MAAM,CAAmB;QAEzE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,4CAA4C,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;QACrF,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,oDAAoD,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjF,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,wDAAwD;gBACxD,iBAAiB,+BAAmB,KAAK;gBACzC,uHAAuH,CACxH,CAAC;QACJ,CAAC;IACH,CAAC;IAOO,WAAW,CAAC,MAAc;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,CAAC,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAGrC,MAAM,GAAG,GAAG,IAAA,kBAAS,EAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC;QAEpC,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC9C,CAAC;IASD,KAAK,CAAC,4BAA4B,CAChC,MAAc,EACd,SAAiB,EACjB,aAAqB;QAGrB,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAGxC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,aAAa,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACtE,MAAM,MAAM,GAAG,GAAG,CAAC;QAGnB,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC5B,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE;gBACJ,oBAAoB,EAAE,GAAG;gBACzB,0BAA0B,EAAE,SAAS;gBACrC,uBAAuB,EAAE,MAAM;gBAC/B,yBAAyB,EAAE,CAAC;aAC7B;SACF,CAAC,CAAC;QAEH,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;IAC5B,CAAC;IAUD,KAAK,CAAC,kBAAkB,CAAC,KAAa,EAAE,GAAW;QAEjD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAE3C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,0BAAiB,CAAC,gBAAgB,CAAC,CAAC;QAChD,CAAC;QAGD,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC/B,MAAM,IAAI,0BAAiB,CAAC,qCAAqC,CAAC,CAAC;QACrE,CAAC;QAGD,IAAI,CAAC,IAAI,CAAC,0BAA0B,IAAI,IAAI,CAAC,0BAA0B,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YACrF,MAAM,IAAI,4BAAmB,CAAC,+BAA+B,CAAC,CAAC;QACjE,CAAC;QAGD,IAAI,IAAI,CAAC,yBAAyB,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,4BAAmB,CAAC,kEAAkE,CAAC,CAAC;QACpG,CAAC;QAGD,IAAI,IAAI,CAAC,oBAAoB,KAAK,GAAG,EAAE,CAAC;YAEtC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;gBAC5B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;gBACtB,IAAI,EAAE;oBACJ,yBAAyB,EAAE,IAAI,CAAC,yBAAyB,GAAG,CAAC;iBAC9D;aACF,CAAC,CAAC;YACH,MAAM,IAAI,4BAAmB,CAAC,2BAA2B,CAAC,CAAC;QAC7D,CAAC;QAGD,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,aAAa,EAAE,IAAI;gBACnB,oBAAoB,EAAE,IAAI;gBAC1B,0BAA0B,EAAE,IAAI;gBAChC,uBAAuB,EAAE,IAAI;gBAC7B,yBAAyB,EAAE,CAAC;aAC7B;SACF,CAAC,CAAC;IACL,CAAC;IAQD,KAAK,CAAC,kBAAkB,CAAC,KAAa;QAEpC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAG3C,IAAI,CAAC,IAAI,EAAE,CAAC;YAGV,MAAM,IAAI,0BAAiB,CAAC,gBAAgB,CAAC,CAAC;QAChD,CAAC;QAGD,IAAI,IAAI,CAAC,uBAAuB,EAAE,CAAC;YACjC,MAAM,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,EAAE,CAAC;YAC9E,MAAM,WAAW,GAAG,EAAE,GAAG,IAAI,CAAC;YAE9B,IAAI,iBAAiB,GAAG,WAAW,EAAE,CAAC;gBACpC,MAAM,IAAI,4BAAmB,CAAC,yDAAyD,CAAC,CAAC;YAC3F,CAAC;QACH,CAAC;QAGD,MAAM,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC9E,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,IAAI,KAAK,CAAC;QAClD,MAAM,SAAS,GAAG,kBAAkB,CAAC,SAAS,IAAI,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,kBAAkB,CAAC,SAAS,IAAI,EAAE,CAAC;QACrD,MAAM,WAAW,GAAG,kBAAkB,CAAC,WAAW,IAAI,EAAE,CAAC;QAEzD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAuB,CAAC;QAC5B,IAAI,KAAyB,CAAC;QAC9B,IAAI,SAAe,CAAC;QAGpB,MAAM,UAAU,GAAQ;YACtB,uBAAuB,EAAE,GAAG;SAC7B,CAAC;QAGF,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC1C,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YAClC,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,SAAS,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC5D,UAAU,CAAC,oBAAoB,GAAG,GAAG,CAAC;YACtC,UAAU,CAAC,0BAA0B,GAAG,SAAS,CAAC;YAClD,UAAU,CAAC,yBAAyB,GAAG,CAAC,CAAC;QAC3C,CAAC;QAGD,IAAI,MAAM,KAAK,YAAY,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACjD,KAAK,GAAG,IAAA,mBAAU,GAAE,CAAC;YAErB,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,WAAW,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YACnE,UAAU,CAAC,gBAAgB,GAAG,KAAK,CAAC;QACtC,CAAC;QAGD,IAAI,CAAC,SAAU,EAAE,CAAC;YAChB,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,SAAS,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC9D,CAAC;QAGD,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC5B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE,UAAU;SACjB,CAAC,CAAC;QAEH,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;IACnC,CAAC;IAUD,KAAK,CAAC,wBAAwB,CAC5B,KAAa,EACb,SAAiB,EACjB,aAAqB;QAGrB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAE3C,IAAI,CAAC,IAAI,EAAE,CAAC;YAEV,MAAM,IAAI,0BAAiB,CAAC,gDAAgD,CAAC,CAAC;QAChF,CAAC;QAGD,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAGxC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,aAAa,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAGtE,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC5B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,gBAAgB,EAAE,GAAG;gBACrB,yBAAyB,EAAE,SAAS;gBACpC,wBAAwB,EAAE,CAAC;aAC5B;SACF,CAAC,CAAC;QAEH,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;IAC5B,CAAC;IAUD,KAAK,CAAC,sBAAsB,CAAC,KAAa,EAAE,GAAW;QAErD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAE3C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,0BAAiB,CAAC,gBAAgB,CAAC,CAAC;QAChD,CAAC;QAGD,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,MAAM,IAAI,0BAAiB,CAAC,iCAAiC,CAAC,CAAC;QACjE,CAAC;QAGD,IAAI,CAAC,IAAI,CAAC,yBAAyB,IAAI,IAAI,CAAC,yBAAyB,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YACnF,MAAM,IAAI,4BAAmB,CAAC,wBAAwB,CAAC,CAAC;QAC1D,CAAC;QAGD,IAAI,IAAI,CAAC,wBAAwB,IAAI,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,4BAAmB,CAAC,2DAA2D,CAAC,CAAC;QAC7F,CAAC;QAGD,IAAI,IAAI,CAAC,gBAAgB,KAAK,GAAG,EAAE,CAAC;YAElC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;gBAC5B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;gBACtB,IAAI,EAAE;oBACJ,wBAAwB,EAAE,IAAI,CAAC,wBAAwB,GAAG,CAAC;iBAC5D;aACF,CAAC,CAAC;YACH,MAAM,IAAI,4BAAmB,CAAC,oBAAoB,CAAC,CAAC;QACtD,CAAC;QAID,OAAO,IAAI,CAAC;IACd,CAAC;IAQD,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,OAAO,CAAC,GAAG,CAAC,8CAA8C,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,2CAA2C,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;QACzF,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YACjC,KAAK,EAAE,EAAE,KAAK,EAAE;YAChB,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE;SACjC,CAAC,CAAC;IACL,CAAC;IAOD,KAAK,CAAC,QAAQ,CAAC,EAAU;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YACjC,KAAK,EAAE,EAAE,EAAE,EAAE;YACb,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE;SACjC,CAAC,CAAC;IACL,CAAC;IAgCC,KAAK,CAAC,MAAM,CACV,KAAa,EACb,YAA2B,EAC3B,QAAiB;QAGjB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,0BAAiB,CAAC,qCAAqC,CAAC,CAAC;QACrE,CAAC;QAGD,MAAM,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC9E,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,IAAI,KAAK,CAAC;QAClD,MAAM,SAAS,GAAG,kBAAkB,CAAC,SAAS,IAAI,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,kBAAkB,CAAC,SAAS,IAAI,EAAE,CAAC;QACrD,MAAM,WAAW,GAAG,kBAAkB,CAAC,WAAW,IAAI,EAAE,CAAC;QAEzD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,UAAU,GAAQ;YACtB,KAAK;YACL,YAAY;YACZ,QAAQ,EAAE,QAAQ,IAAI,SAAS;YAC/B,KAAK,EAAE,CAAC,MAAM,CAAC;SAChB,CAAC;QAGF,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACxC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,SAAS,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAElE,UAAU,CAAC,oBAAoB,GAAG,GAAG,CAAC;YACtC,UAAU,CAAC,0BAA0B,GAAG,SAAS,CAAC;YAClD,UAAU,CAAC,uBAAuB,GAAG,GAAG,CAAC;YACzC,UAAU,CAAC,yBAAyB,GAAG,CAAC,CAAC;QAC3C,CAAC;QAGD,IAAI,MAAM,KAAK,YAAY,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAGjD,UAAU,CAAC,gBAAgB,GAAG,IAAA,mBAAU,GAAE,CAAC;QAC7C,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,IAAI,EAAE,UAAU;SACjB,CAAC,CAAC;IACL,CAAC;IASH,KAAK,CAAC,MAAM,CAAC,EAAU,EAAE,IAAmB;QAC1C,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,EAAE,EAAE,EAAE;YACb,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAOD,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7C,KAAK,EAAE,EAAE,gBAAgB,EAAE,KAAK,EAAE;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,0BAAiB,CAAC,4BAA4B,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,aAAa,EAAE,IAAI;gBACnB,gBAAgB,EAAE,IAAI;aACvB;SACF,CAAC,CAAC;IACL,CAAC;IAOD,KAAK,CAAC,kBAAkB,CAAC,KAAa;QACpC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,IAAI,EAAE,CAAC;YAEV,MAAM,IAAI,0BAAiB,CAAC,gDAAgD,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,UAAU,GAAG,IAAA,mBAAU,GAAE,CAAC;QAChC,MAAM,gBAAgB,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE/D,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC5B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,UAAU;gBACV,gBAAgB;aACjB;SACF,CAAC,CAAC;QAEH,OAAO,UAAU,CAAC;IACpB,CAAC;IAQD,KAAK,CAAC,aAAa,CAAC,KAAa,EAAE,eAAuB;QACxD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7C,KAAK,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAC1E,MAAM,IAAI,0BAAiB,CAAC,gCAAgC,CAAC,CAAC;QAChE,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE;gBACJ,YAAY,EAAE,eAAe;gBAC7B,UAAU,EAAE,IAAI;gBAChB,gBAAgB,EAAE,IAAI;aACvB;SACF,CAAC,CAAC;IACL,CAAC;IAOD,UAAU,CAAC,IAAU;QACnB,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,UAAU,EAAE,gBAAgB,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAI,CAAC;QAC3F,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAA;AA/eY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;IAKR,WAAA,IAAA,eAAM,EAAC,+BAAmB,CAAC,CAAA;IAC3B,WAAA,IAAA,eAAM,EAAC,qBAAqB,CAAC,CAAA;qCADO,qBAAY;GAJxC,YAAY,CA+exB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ofeklabs/horizon-auth",
-  "version": "1.0.6",
+  "version": "1.0.8",
   "description": "Production-ready NestJS authentication module with 2FA, device management, push notifications, and account management",
   "author": "Ofek Itzhaki",
   "license": "MIT",
@@ -34,6 +34,14 @@
     "reflect-metadata": "^0.1.13",
     "rxjs": "^7.8.0"
   },
+  "peerDependenciesMeta": {
+    "resend": {
+      "optional": true
+    },
+    "@sendgrid/mail": {
+      "optional": true
+    }
+  },
   "dependencies": {
     "@nestjs/jwt": "^10.2.0",
     "@nestjs/throttler": "^5.1.0",

package/prisma/migrations/add_otp_fields_for_dual_verification.sql

@@ -0,0 +1,14 @@
+-- Migration: Add OTP fields for dual email verification support
+-- This migration adds OTP fields for both email verification and password reset
+-- while maintaining backward compatibility with existing magic link fields.
+
+-- Add email verification OTP fields
+ALTER TABLE "users" ADD COLUMN "emailVerificationOtp" TEXT;
+ALTER TABLE "users" ADD COLUMN "emailVerificationSentAt" TIMESTAMP(3);
+ALTER TABLE "users" ADD COLUMN "emailVerificationExpiresAt" TIMESTAMP(3);
+ALTER TABLE "users" ADD COLUMN "emailVerificationAttempts" INTEGER NOT NULL DEFAULT 0;
+
+-- Add password reset OTP fields
+ALTER TABLE "users" ADD COLUMN "passwordResetOtp" TEXT;
+ALTER TABLE "users" ADD COLUMN "passwordResetOtpExpiresAt" TIMESTAMP(3);
+ALTER TABLE "users" ADD COLUMN "passwordResetOtpAttempts" INTEGER NOT NULL DEFAULT 0;

package/prisma/schema.prisma

@@ -11,26 +11,42 @@ datasource db {
 }
 
 model User {
-  id                 String          @id @default(cuid())
-  email              String          @unique
-  fullName           String?
-  passwordHash       String?
-  emailVerified      Boolean         @default(false)
-  emailVerifyToken   String?         @unique
-  resetToken         String?         @unique
-  resetTokenExpiry   DateTime?
-  tenantId           String          @default("default")
-  roles              String[]        @default(["user"])
-  isActive           Boolean         @default(true)
-  deactivationReason String?
-  refreshTokens      RefreshToken[]
-  socialAccounts     SocialAccount[]
-  devices            Device[]
-  pushTokens         PushToken[]
-  twoFactorAuth      TwoFactorAuth?
-  backupCodes        BackupCode[]
-  createdAt          DateTime        @default(now())
-  updatedAt          DateTime        @updatedAt
+  id                           String          @id @default(cuid())
+  email                        String          @unique
+  fullName                     String?
+  passwordHash                 String?
+  emailVerified                Boolean         @default(false)
+  
+  // Email verification - OTP fields
+  emailVerificationOtp         String?
+  emailVerificationSentAt      DateTime?
+  emailVerificationExpiresAt   DateTime?
+  emailVerificationAttempts    Int             @default(0)
+  
+  // Email verification - Magic link (existing)
+  emailVerifyToken             String?         @unique
+  
+  // Password reset - OTP fields
+  passwordResetOtp             String?
+  passwordResetOtpExpiresAt    DateTime?
+  passwordResetOtpAttempts     Int             @default(0)
+  
+  // Password reset - Magic link (existing)
+  resetToken                   String?         @unique
+  resetTokenExpiry             DateTime?
+  
+  tenantId                     String          @default("default")
+  roles                        String[]        @default(["user"])
+  isActive                     Boolean         @default(true)
+  deactivationReason           String?
+  refreshTokens                RefreshToken[]
+  socialAccounts               SocialAccount[]
+  devices                      Device[]
+  pushTokens                   PushToken[]
+  twoFactorAuth                TwoFactorAuth?
+  backupCodes                  BackupCode[]
+  createdAt                    DateTime        @default(now())
+  updatedAt                    DateTime        @updatedAt
 
   @@index([email])
   @@index([tenantId])