@open-kingdom/shared-backend-feature-user-management 0.0.2-10

package/README.md

@@ -0,0 +1,11 @@
+# feature-user-management
+
+This library was generated with [Nx](https://nx.dev).
+
+## Building
+
+Run `nx build feature-user-management` to build the library.
+
+## Running unit tests
+
+Run `nx test feature-user-management` to execute the unit tests via [Jest](https://jestjs.io).

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export * from './lib/feature-user-management.module';
+export * from './lib/schemas';
+export * from './lib/services';
+export * from './lib/dto';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,sCAAsC,CAAC;AACrD,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,WAAW,CAAC"}

package/dist/index.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./lib/feature-user-management.module"), exports);
+tslib_1.__exportStar(require("./lib/schemas"), exports);
+tslib_1.__exportStar(require("./lib/services"), exports);
+tslib_1.__exportStar(require("./lib/dto"), exports);

package/dist/lib/controllers/index.d.ts

@@ -0,0 +1,3 @@
+export * from './invitations.controller';
+export * from './users.controller';
+//# sourceMappingURL=index.d.ts.map

package/dist/lib/controllers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/controllers/index.ts"],"names":[],"mappings":"AAAA,cAAc,0BAA0B,CAAC;AACzC,cAAc,oBAAoB,CAAC"}

package/dist/lib/controllers/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./invitations.controller"), exports);
+tslib_1.__exportStar(require("./users.controller"), exports);

package/dist/lib/controllers/invitations.controller.d.ts

@@ -0,0 +1,16 @@
+import { InvitationsService } from '../services';
+import { InviteUserDto, AcceptInvitationDto } from '../dto';
+import type { AuthenticatedRequest } from '../types';
+export declare class InvitationsController {
+    private readonly invitationsService;
+    constructor(invitationsService: InvitationsService);
+    invite(dto: InviteUserDto, req: AuthenticatedRequest): Promise<import("../services").InvitationResponse>;
+    validate(token: string): Promise<import("../types").ValidationResult>;
+    accept(dto: AcceptInvitationDto): Promise<{
+        id: number;
+        email: string;
+        firstName: string | null;
+        lastName: string | null;
+    }>;
+}
+//# sourceMappingURL=invitations.controller.d.ts.map

package/dist/lib/controllers/invitations.controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"invitations.controller.d.ts","sourceRoot":"","sources":["../../../src/lib/controllers/invitations.controller.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,QAAQ,CAAC;AAC5D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAErD,qBAEa,qBAAqB;IACpB,OAAO,CAAC,QAAQ,CAAC,kBAAkB;gBAAlB,kBAAkB,EAAE,kBAAkB;IAoB7D,MAAM,CACF,GAAG,EAAE,aAAa,EACf,GAAG,EAAE,oBAAoB;IA8BhC,QAAQ,CAAiB,KAAK,EAAE,MAAM;IAiBtC,MAAM,CAAS,GAAG,EAAE,mBAAmB;;;;;;CAW9C"}

package/dist/lib/controllers/invitations.controller.js

@@ -0,0 +1,102 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InvitationsController = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const swagger_1 = require("@nestjs/swagger");
+const passport_1 = require("@nestjs/passport");
+const services_1 = require("../services");
+const dto_1 = require("../dto");
+let InvitationsController = class InvitationsController {
+    constructor(invitationsService) {
+        this.invitationsService = invitationsService;
+    }
+    async invite(dto, req) {
+        return this.invitationsService.invite(dto.email, dto.role ?? 'guest', req.user.id);
+    }
+    async validate(token) {
+        return this.invitationsService.validate(token);
+    }
+    async accept(dto) {
+        const user = await this.invitationsService.accept(dto.token, dto.password, dto.firstName, dto.lastName);
+        const { password: _password, ...userWithoutPassword } = user;
+        return userWithoutPassword;
+    }
+};
+exports.InvitationsController = InvitationsController;
+tslib_1.__decorate([
+    (0, common_1.Post)('invite'),
+    (0, swagger_1.ApiBearerAuth)('JWT-auth'),
+    (0, common_1.UseGuards)((0, passport_1.AuthGuard)('jwt')),
+    (0, swagger_1.ApiOperation)({
+        summary: 'Invite a new user',
+        description: 'Send an invitation to a new user. Requires authentication.',
+    }),
+    (0, swagger_1.ApiBody)({ type: dto_1.InviteUserDto }),
+    (0, swagger_1.ApiResponse)({
+        status: 201,
+        description: 'Invitation created successfully',
+    }),
+    (0, swagger_1.ApiBadRequestResponse)({
+        description: 'User already exists or pending invitation exists',
+    }),
+    (0, swagger_1.ApiUnauthorizedResponse)({
+        description: 'Unauthorized - Invalid or missing JWT token',
+    }),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__param(1, (0, common_1.Request)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [dto_1.InviteUserDto, Object]),
+    tslib_1.__metadata("design:returntype", Promise)
+], InvitationsController.prototype, "invite", null);
+tslib_1.__decorate([
+    (0, common_1.Get)('validate/:token'),
+    (0, swagger_1.ApiOperation)({
+        summary: 'Validate an invitation token',
+        description: 'Check if an invitation token is valid and not expired',
+    }),
+    (0, swagger_1.ApiResponse)({
+        status: 200,
+        description: 'Validation result',
+        schema: {
+            type: 'object',
+            properties: {
+                valid: { type: 'boolean' },
+                email: { type: 'string', nullable: true },
+                role: {
+                    type: 'string',
+                    enum: ['guest', 'user', 'admin'],
+                    nullable: true,
+                },
+            },
+        },
+    }),
+    tslib_1.__param(0, (0, common_1.Param)('token')),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [String]),
+    tslib_1.__metadata("design:returntype", Promise)
+], InvitationsController.prototype, "validate", null);
+tslib_1.__decorate([
+    (0, common_1.Post)('accept'),
+    (0, swagger_1.ApiOperation)({
+        summary: 'Accept an invitation',
+        description: 'Accept an invitation and create a new user account',
+    }),
+    (0, swagger_1.ApiBody)({ type: dto_1.AcceptInvitationDto }),
+    (0, swagger_1.ApiResponse)({
+        status: 201,
+        description: 'User created successfully',
+    }),
+    (0, swagger_1.ApiBadRequestResponse)({
+        description: 'Invalid or expired invitation token',
+    }),
+    tslib_1.__param(0, (0, common_1.Body)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [dto_1.AcceptInvitationDto]),
+    tslib_1.__metadata("design:returntype", Promise)
+], InvitationsController.prototype, "accept", null);
+exports.InvitationsController = InvitationsController = tslib_1.__decorate([
+    (0, swagger_1.ApiTags)('Invitations'),
+    (0, common_1.Controller)('invitations'),
+    tslib_1.__metadata("design:paramtypes", [services_1.InvitationsService])
+], InvitationsController);

package/dist/lib/controllers/users.controller.d.ts

@@ -0,0 +1,12 @@
+import { UserManagementService } from '../services';
+import type { AuthenticatedRequest } from '../types';
+export declare class UsersController {
+    private readonly userManagementService;
+    constructor(userManagementService: UserManagementService);
+    findAll(): Promise<import("../services").UserWithoutPassword[]>;
+    findOne(id: number): Promise<import("../services").UserWithoutPassword>;
+    delete(id: number, req: AuthenticatedRequest): Promise<{
+        message: string;
+    }>;
+}
+//# sourceMappingURL=users.controller.d.ts.map

package/dist/lib/controllers/users.controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"users.controller.d.ts","sourceRoot":"","sources":["../../../src/lib/controllers/users.controller.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAErD,qBAOa,eAAe;IACd,OAAO,CAAC,QAAQ,CAAC,qBAAqB;gBAArB,qBAAqB,EAAE,qBAAqB;IAWnE,OAAO;IAgBP,OAAO,CAA4B,EAAE,EAAE,MAAM;IAmB7C,MAAM,CACiB,EAAE,EAAE,MAAM,EAC1B,GAAG,EAAE,oBAAoB;;;CAKvC"}

package/dist/lib/controllers/users.controller.js

@@ -0,0 +1,88 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UsersController = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const swagger_1 = require("@nestjs/swagger");
+const passport_1 = require("@nestjs/passport");
+const services_1 = require("../services");
+let UsersController = class UsersController {
+    constructor(userManagementService) {
+        this.userManagementService = userManagementService;
+    }
+    async findAll() {
+        return this.userManagementService.findAll();
+    }
+    async findOne(id) {
+        return this.userManagementService.findById(id);
+    }
+    async delete(id, req) {
+        await this.userManagementService.delete(id, req.user.id);
+        return { message: 'User deleted successfully' };
+    }
+};
+exports.UsersController = UsersController;
+tslib_1.__decorate([
+    (0, common_1.Get)(),
+    (0, swagger_1.ApiOperation)({
+        summary: 'List all users',
+        description: 'Returns a list of all users without passwords',
+    }),
+    (0, swagger_1.ApiResponse)({
+        status: 200,
+        description: 'List of users',
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", []),
+    tslib_1.__metadata("design:returntype", Promise)
+], UsersController.prototype, "findAll", null);
+tslib_1.__decorate([
+    (0, common_1.Get)(':id'),
+    (0, swagger_1.ApiOperation)({
+        summary: 'Get a user by ID',
+        description: 'Returns a single user by their ID',
+    }),
+    (0, swagger_1.ApiResponse)({
+        status: 200,
+        description: 'User found',
+    }),
+    (0, swagger_1.ApiNotFoundResponse)({
+        description: 'User not found',
+    }),
+    tslib_1.__param(0, (0, common_1.Param)('id', common_1.ParseIntPipe)),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Number]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UsersController.prototype, "findOne", null);
+tslib_1.__decorate([
+    (0, common_1.Delete)(':id'),
+    (0, swagger_1.ApiOperation)({
+        summary: 'Delete a user',
+        description: 'Delete a user by their ID. Cannot delete your own account.',
+    }),
+    (0, swagger_1.ApiResponse)({
+        status: 200,
+        description: 'User deleted successfully',
+    }),
+    (0, swagger_1.ApiNotFoundResponse)({
+        description: 'User not found',
+    }),
+    (0, swagger_1.ApiForbiddenResponse)({
+        description: 'Cannot delete your own account',
+    }),
+    tslib_1.__param(0, (0, common_1.Param)('id', common_1.ParseIntPipe)),
+    tslib_1.__param(1, (0, common_1.Request)()),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Number, Object]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UsersController.prototype, "delete", null);
+exports.UsersController = UsersController = tslib_1.__decorate([
+    (0, swagger_1.ApiTags)('Users'),
+    (0, common_1.Controller)('users'),
+    (0, swagger_1.ApiBearerAuth)('JWT-auth'),
+    (0, common_1.UseGuards)((0, passport_1.AuthGuard)('jwt')),
+    (0, swagger_1.ApiUnauthorizedResponse)({
+        description: 'Unauthorized - Invalid or missing JWT token',
+    }),
+    tslib_1.__metadata("design:paramtypes", [services_1.UserManagementService])
+], UsersController);

package/dist/lib/dto/accept-invitation.dto.d.ts

@@ -0,0 +1,7 @@
+export declare class AcceptInvitationDto {
+    token: string;
+    password: string;
+    firstName?: string;
+    lastName?: string;
+}
+//# sourceMappingURL=accept-invitation.dto.d.ts.map

package/dist/lib/dto/accept-invitation.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"accept-invitation.dto.d.ts","sourceRoot":"","sources":["../../../src/lib/dto/accept-invitation.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,mBAAmB;IAK9B,KAAK,EAAG,MAAM,CAAC;IAOf,QAAQ,EAAG,MAAM,CAAC;IAOlB,SAAS,CAAC,EAAE,MAAM,CAAC;IAOnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}

package/dist/lib/dto/accept-invitation.dto.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AcceptInvitationDto = void 0;
+const tslib_1 = require("tslib");
+const swagger_1 = require("@nestjs/swagger");
+class AcceptInvitationDto {
+}
+exports.AcceptInvitationDto = AcceptInvitationDto;
+tslib_1.__decorate([
+    (0, swagger_1.ApiProperty)({
+        description: 'Invitation token from the invite link',
+        example: 'abc123def456',
+    }),
+    tslib_1.__metadata("design:type", String)
+], AcceptInvitationDto.prototype, "token", void 0);
+tslib_1.__decorate([
+    (0, swagger_1.ApiProperty)({
+        description: 'Password for the new account',
+        example: 'securePassword123',
+        minLength: 8,
+    }),
+    tslib_1.__metadata("design:type", String)
+], AcceptInvitationDto.prototype, "password", void 0);
+tslib_1.__decorate([
+    (0, swagger_1.ApiProperty)({
+        description: 'First name of the user',
+        example: 'John',
+        required: false,
+    }),
+    tslib_1.__metadata("design:type", String)
+], AcceptInvitationDto.prototype, "firstName", void 0);
+tslib_1.__decorate([
+    (0, swagger_1.ApiProperty)({
+        description: 'Last name of the user',
+        example: 'Doe',
+        required: false,
+    }),
+    tslib_1.__metadata("design:type", String)
+], AcceptInvitationDto.prototype, "lastName", void 0);

package/dist/lib/dto/index.d.ts

@@ -0,0 +1,3 @@
+export * from './invite-user.dto';
+export * from './accept-invitation.dto';
+//# sourceMappingURL=index.d.ts.map

package/dist/lib/dto/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/dto/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,yBAAyB,CAAC"}

package/dist/lib/dto/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./invite-user.dto"), exports);
+tslib_1.__exportStar(require("./accept-invitation.dto"), exports);

package/dist/lib/dto/invite-user.dto.d.ts

@@ -0,0 +1,5 @@
+export declare class InviteUserDto {
+    email: string;
+    role?: 'guest' | 'user' | 'admin';
+}
+//# sourceMappingURL=invite-user.dto.d.ts.map

package/dist/lib/dto/invite-user.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"invite-user.dto.d.ts","sourceRoot":"","sources":["../../../src/lib/dto/invite-user.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,aAAa;IAMxB,KAAK,EAAG,MAAM,CAAC;IASf,IAAI,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;CACnC"}

package/dist/lib/dto/invite-user.dto.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InviteUserDto = void 0;
+const tslib_1 = require("tslib");
+const swagger_1 = require("@nestjs/swagger");
+class InviteUserDto {
+}
+exports.InviteUserDto = InviteUserDto;
+tslib_1.__decorate([
+    (0, swagger_1.ApiProperty)({
+        description: 'Email address of the user to invite',
+        example: 'newuser@example.com',
+        format: 'email',
+    }),
+    tslib_1.__metadata("design:type", String)
+], InviteUserDto.prototype, "email", void 0);
+tslib_1.__decorate([
+    (0, swagger_1.ApiProperty)({
+        description: 'Role to assign to the invited user',
+        example: 'user',
+        enum: ['guest', 'user', 'admin'],
+        default: 'guest',
+        required: false,
+    }),
+    tslib_1.__metadata("design:type", String)
+], InviteUserDto.prototype, "role", void 0);

package/dist/lib/feature-user-management.module.d.ts

@@ -0,0 +1,8 @@
+import { DynamicModule } from '@nestjs/common';
+import type { UserManagementModuleOptions } from './types';
+export { USER_MANAGEMENT_OPTIONS, EMAIL_SENDER, INVITATION_STATUS, } from './types';
+export type { UserManagementModuleOptions, EmailSender, AuthenticatedRequest, Role, InvitationStatus, ValidationResult, } from './types';
+export declare class FeatureUserManagementModule {
+    static forRoot(options: UserManagementModuleOptions): DynamicModule;
+}
+//# sourceMappingURL=feature-user-management.module.d.ts.map

package/dist/lib/feature-user-management.module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"feature-user-management.module.d.ts","sourceRoot":"","sources":["../../src/lib/feature-user-management.module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAOvD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,SAAS,CAAC;AAE3D,OAAO,EACL,uBAAuB,EACvB,YAAY,EACZ,iBAAiB,GAClB,MAAM,SAAS,CAAC;AACjB,YAAY,EACV,2BAA2B,EAC3B,WAAW,EACX,oBAAoB,EACpB,IAAI,EACJ,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,SAAS,CAAC;AAEjB,qBACa,2BAA2B;IACtC,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,2BAA2B,GAAG,aAAa;CAcpE"}

package/dist/lib/feature-user-management.module.js

@@ -0,0 +1,35 @@
+"use strict";
+var FeatureUserManagementModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FeatureUserManagementModule = exports.INVITATION_STATUS = exports.EMAIL_SENDER = exports.USER_MANAGEMENT_OPTIONS = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const shared_backend_data_access_users_1 = require("@open-kingdom/shared-backend-data-access-users");
+const shared_backend_feature_email_1 = require("@open-kingdom/shared-backend-feature-email");
+const services_1 = require("./services");
+const controllers_1 = require("./controllers");
+const types_1 = require("./types");
+var types_2 = require("./types");
+Object.defineProperty(exports, "USER_MANAGEMENT_OPTIONS", { enumerable: true, get: function () { return types_2.USER_MANAGEMENT_OPTIONS; } });
+Object.defineProperty(exports, "EMAIL_SENDER", { enumerable: true, get: function () { return types_2.EMAIL_SENDER; } });
+Object.defineProperty(exports, "INVITATION_STATUS", { enumerable: true, get: function () { return types_2.INVITATION_STATUS; } });
+let FeatureUserManagementModule = FeatureUserManagementModule_1 = class FeatureUserManagementModule {
+    static forRoot(options) {
+        return {
+            module: FeatureUserManagementModule_1,
+            imports: [shared_backend_data_access_users_1.OpenKingdomDataAccessBackendUsersModule],
+            controllers: [controllers_1.InvitationsController, controllers_1.UsersController],
+            providers: [
+                { provide: types_1.USER_MANAGEMENT_OPTIONS, useValue: options },
+                { provide: types_1.EMAIL_SENDER, useExisting: shared_backend_feature_email_1.EmailService },
+                services_1.InvitationsService,
+                services_1.UserManagementService,
+            ],
+            exports: [services_1.InvitationsService, services_1.UserManagementService],
+        };
+    }
+};
+exports.FeatureUserManagementModule = FeatureUserManagementModule;
+exports.FeatureUserManagementModule = FeatureUserManagementModule = FeatureUserManagementModule_1 = tslib_1.__decorate([
+    (0, common_1.Module)({})
+], FeatureUserManagementModule);

package/dist/lib/schemas/index.d.ts

@@ -0,0 +1,3 @@
+export * from './invitations.schema';
+export * from './user-roles.schema';
+//# sourceMappingURL=index.d.ts.map

package/dist/lib/schemas/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/schemas/index.ts"],"names":[],"mappings":"AAAA,cAAc,sBAAsB,CAAC;AACrC,cAAc,qBAAqB,CAAC"}

package/dist/lib/schemas/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./invitations.schema"), exports);
+tslib_1.__exportStar(require("./user-roles.schema"), exports);

package/dist/lib/schemas/invitations.schema.d.ts

@@ -0,0 +1,158 @@
+import * as t from 'drizzle-orm/sqlite-core';
+export declare const InvitationsTableName = "invitations";
+export declare const invitations: t.SQLiteTableWithColumns<{
+    name: "invitations";
+    schema: undefined;
+    columns: {
+        id: t.SQLiteColumn<{
+            name: "id";
+            tableName: "invitations";
+            dataType: "number";
+            columnType: "SQLiteInteger";
+            data: number;
+            driverParam: number;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: true;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        email: t.SQLiteColumn<{
+            name: "email";
+            tableName: "invitations";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: undefined;
+        }>;
+        token: t.SQLiteColumn<{
+            name: "token";
+            tableName: "invitations";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: undefined;
+        }>;
+        tokenExpiry: t.SQLiteColumn<{
+            name: "token_expiry";
+            tableName: "invitations";
+            dataType: "number";
+            columnType: "SQLiteInteger";
+            data: number;
+            driverParam: number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        invitedBy: t.SQLiteColumn<{
+            name: "invited_by";
+            tableName: "invitations";
+            dataType: "number";
+            columnType: "SQLiteInteger";
+            data: number;
+            driverParam: number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        invitedAt: t.SQLiteColumn<{
+            name: "invited_at";
+            tableName: "invitations";
+            dataType: "number";
+            columnType: "SQLiteInteger";
+            data: number;
+            driverParam: number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        role: t.SQLiteColumn<{
+            name: "role";
+            tableName: "invitations";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: "guest" | "user" | "admin";
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: undefined;
+            $type: "guest" | "user" | "admin";
+        }>;
+        status: t.SQLiteColumn<{
+            name: "status";
+            tableName: "invitations";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: "pending" | "accepted" | "expired";
+            driverParam: string;
+            notNull: false;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: undefined;
+            $type: "pending" | "accepted" | "expired";
+        }>;
+    };
+    dialect: "sqlite";
+}>;
+export type Invitation = typeof invitations.$inferSelect;
+export type NewInvitation = typeof invitations.$inferInsert;
+//# sourceMappingURL=invitations.schema.d.ts.map

package/dist/lib/schemas/invitations.schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"invitations.schema.d.ts","sourceRoot":"","sources":["../../../src/lib/schemas/invitations.schema.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,yBAAyB,CAAC;AAI7C,eAAO,MAAM,oBAAoB,gBAAgB,CAAC;AAElD,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAetB,CAAC;AAEH,MAAM,MAAM,UAAU,GAAG,OAAO,WAAW,CAAC,YAAY,CAAC;AACzD,MAAM,MAAM,aAAa,GAAG,OAAO,WAAW,CAAC,YAAY,CAAC"}

package/dist/lib/schemas/invitations.schema.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.invitations = exports.InvitationsTableName = void 0;
+const tslib_1 = require("tslib");
+const sqlite_core_1 = require("drizzle-orm/sqlite-core");
+const t = tslib_1.__importStar(require("drizzle-orm/sqlite-core"));
+const shared_backend_data_access_users_1 = require("@open-kingdom/shared-backend-data-access-users");
+exports.InvitationsTableName = 'invitations';
+exports.invitations = (0, sqlite_core_1.sqliteTable)(exports.InvitationsTableName, {
+    id: t.int().primaryKey({ autoIncrement: true }),
+    email: t.text().notNull(),
+    token: t.text().notNull().unique(),
+    tokenExpiry: t.int('token_expiry').notNull(),
+    invitedBy: t
+        .int('invited_by')
+        .notNull()
+        .references(() => shared_backend_data_access_users_1.users.id),
+    invitedAt: t.int('invited_at').notNull(),
+    role: t.text().$type().notNull().default('guest'),
+    status: t
+        .text()
+        .$type()
+        .default('pending'),
+});

package/dist/lib/schemas/user-roles.schema.d.ts

@@ -0,0 +1,100 @@
+import * as t from 'drizzle-orm/sqlite-core';
+export declare const UserRolesTableName = "user_roles";
+export declare const userRoles: t.SQLiteTableWithColumns<{
+    name: "user_roles";
+    schema: undefined;
+    columns: {
+        id: t.SQLiteColumn<{
+            name: "id";
+            tableName: "user_roles";
+            dataType: "number";
+            columnType: "SQLiteInteger";
+            data: number;
+            driverParam: number;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: true;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        userId: t.SQLiteColumn<{
+            name: "user_id";
+            tableName: "user_roles";
+            dataType: "number";
+            columnType: "SQLiteInteger";
+            data: number;
+            driverParam: number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        role: t.SQLiteColumn<{
+            name: "role";
+            tableName: "user_roles";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: "guest" | "user" | "admin";
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: undefined;
+            $type: "guest" | "user" | "admin";
+        }>;
+        assignedAt: t.SQLiteColumn<{
+            name: "assigned_at";
+            tableName: "user_roles";
+            dataType: "number";
+            columnType: "SQLiteInteger";
+            data: number;
+            driverParam: number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        assignedBy: t.SQLiteColumn<{
+            name: "assigned_by";
+            tableName: "user_roles";
+            dataType: "number";
+            columnType: "SQLiteInteger";
+            data: number;
+            driverParam: number;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+    };
+    dialect: "sqlite";
+}>;
+export type UserRole = typeof userRoles.$inferSelect;
+export type NewUserRole = typeof userRoles.$inferInsert;
+//# sourceMappingURL=user-roles.schema.d.ts.map

package/dist/lib/schemas/user-roles.schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-roles.schema.d.ts","sourceRoot":"","sources":["../../../src/lib/schemas/user-roles.schema.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,yBAAyB,CAAC;AAI7C,eAAO,MAAM,kBAAkB,eAAe,CAAC;AAE/C,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EASpB,CAAC;AAEH,MAAM,MAAM,QAAQ,GAAG,OAAO,SAAS,CAAC,YAAY,CAAC;AACrD,MAAM,MAAM,WAAW,GAAG,OAAO,SAAS,CAAC,YAAY,CAAC"}

package/dist/lib/schemas/user-roles.schema.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.userRoles = exports.UserRolesTableName = void 0;
+const tslib_1 = require("tslib");
+const sqlite_core_1 = require("drizzle-orm/sqlite-core");
+const t = tslib_1.__importStar(require("drizzle-orm/sqlite-core"));
+const shared_backend_data_access_users_1 = require("@open-kingdom/shared-backend-data-access-users");
+exports.UserRolesTableName = 'user_roles';
+exports.userRoles = (0, sqlite_core_1.sqliteTable)(exports.UserRolesTableName, {
+    id: t.int().primaryKey({ autoIncrement: true }),
+    userId: t
+        .int('user_id')
+        .notNull()
+        .references(() => shared_backend_data_access_users_1.users.id),
+    role: t.text().$type().notNull().default('guest'),
+    assignedAt: t.int('assigned_at').notNull(),
+    assignedBy: t.int('assigned_by').references(() => shared_backend_data_access_users_1.users.id),
+});

package/dist/lib/services/index.d.ts

@@ -0,0 +1,3 @@
+export * from './invitations.service';
+export * from './user-management.service';
+//# sourceMappingURL=index.d.ts.map

package/dist/lib/services/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC;AACtC,cAAc,2BAA2B,CAAC"}

package/dist/lib/services/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./invitations.service"), exports);
+tslib_1.__exportStar(require("./user-management.service"), exports);

package/dist/lib/services/invitations.service.d.ts

@@ -0,0 +1,31 @@
+import { BetterSQLite3Database } from 'drizzle-orm/better-sqlite3';
+import { UsersService, User, users, UsersTableName } from '@open-kingdom/shared-backend-data-access-users';
+import { invitations, Invitation, InvitationsTableName } from '../schemas/invitations.schema';
+import type { UserManagementModuleOptions, EmailSender, Role, ValidationResult } from '../types';
+export type InvitationResponse = Omit<Invitation, 'token'>;
+type Schema = {
+    [UsersTableName]: typeof users;
+    [InvitationsTableName]: typeof invitations;
+};
+export declare class InvitationsService {
+    private readonly db;
+    private readonly options;
+    private readonly usersService;
+    private readonly emailSender?;
+    private readonly logger;
+    constructor(db: BetterSQLite3Database<Schema>, options: UserManagementModuleOptions, usersService: UsersService, emailSender?: EmailSender | undefined);
+    invite(email: string, role: Role, invitedById: number): Promise<InvitationResponse>;
+    validate(token: string): Promise<ValidationResult>;
+    accept(token: string, password: string, firstName?: string, lastName?: string): Promise<User>;
+    private ensureUserDoesNotExist;
+    private ensureNoPendingInvitation;
+    private isExpired;
+    private findByToken;
+    private markAsExpired;
+    private markAsAccepted;
+    private get expiryDays();
+    private generateToken;
+    private sendInvitationEmail;
+}
+export {};
+//# sourceMappingURL=invitations.service.d.ts.map

package/dist/lib/services/invitations.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"invitations.service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/invitations.service.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAKnE,OAAO,EACL,YAAY,EACZ,IAAI,EACJ,KAAK,EACL,cAAc,EACf,MAAM,gDAAgD,CAAC;AACxD,OAAO,EACL,WAAW,EACX,UAAU,EACV,oBAAoB,EACrB,MAAM,+BAA+B,CAAC;AAUvC,OAAO,KAAK,EACV,2BAA2B,EAC3B,WAAW,EACX,IAAI,EACJ,gBAAgB,EACjB,MAAM,UAAU,CAAC;AAElB,MAAM,MAAM,kBAAkB,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;AAE3D,KAAK,MAAM,GAAG;IACZ,CAAC,cAAc,CAAC,EAAE,OAAO,KAAK,CAAC;IAC/B,CAAC,oBAAoB,CAAC,EAAE,OAAO,WAAW,CAAC;CAC5C,CAAC;AAKF,qBACa,kBAAkB;IAIX,OAAO,CAAC,QAAQ,CAAC,EAAE;IAEnC,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,YAAY;IACK,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;IAPjE,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAuC;gBAG3B,EAAE,EAAE,qBAAqB,CAAC,MAAM,CAAC,EAEjD,OAAO,EAAE,2BAA2B,EACpC,YAAY,EAAE,YAAY,EACQ,WAAW,CAAC,EAAE,WAAW,YAAA;IAGxE,MAAM,CACV,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,IAAI,EACV,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAqCxB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAmBlD,MAAM,CACV,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC;YAmBF,sBAAsB;YAQtB,yBAAyB;IAevC,OAAO,CAAC,SAAS;YAIH,WAAW;YAMX,aAAa;YAOb,cAAc;IAO5B,OAAO,KAAK,UAAU,GAErB;IAED,OAAO,CAAC,aAAa;YAUP,mBAAmB;CAyBlC"}

package/dist/lib/services/invitations.service.js

@@ -0,0 +1,152 @@
+"use strict";
+var InvitationsService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InvitationsService = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const better_sqlite3_1 = require("drizzle-orm/better-sqlite3");
+const drizzle_orm_1 = require("drizzle-orm");
+const crypto_1 = require("crypto");
+const shared_poly_util_constants_1 = require("@open-kingdom/shared-poly-util-constants");
+const shared_backend_data_access_users_1 = require("@open-kingdom/shared-backend-data-access-users");
+const invitations_schema_1 = require("../schemas/invitations.schema");
+const types_1 = require("../types");
+const templates_1 = require("../templates");
+const MS_PER_DAY = 24 * 60 * 60 * 1000;
+const DEFAULT_EXPIRY_DAYS = 7;
+let InvitationsService = InvitationsService_1 = class InvitationsService {
+    constructor(db, options, usersService, emailSender) {
+        this.db = db;
+        this.options = options;
+        this.usersService = usersService;
+        this.emailSender = emailSender;
+        this.logger = new common_1.Logger(InvitationsService_1.name);
+    }
+    async invite(email, role, invitedById) {
+        await this.ensureUserDoesNotExist(email);
+        await this.ensureNoPendingInvitation(email);
+        const { token, expiresAt } = this.generateToken(email);
+        await this.db.insert(invitations_schema_1.invitations).values({
+            email,
+            token,
+            tokenExpiry: expiresAt,
+            invitedBy: invitedById,
+            invitedAt: Date.now(),
+            role,
+            status: types_1.INVITATION_STATUS.PENDING,
+        });
+        const invitation = await this.findByToken(token);
+        try {
+            await this.sendInvitationEmail(email, token);
+        }
+        catch (error) {
+            this.logger.error(`Failed to send invitation email to ${email}, rolling back invitation`, error);
+            await this.db.delete(invitations_schema_1.invitations).where((0, drizzle_orm_1.eq)(invitations_schema_1.invitations.token, token));
+            throw new common_1.BadRequestException('Failed to send invitation email. Please try again.');
+        }
+        // Never return token - it's only sent via email
+        const { token: _token, ...invitationWithoutToken } = invitation;
+        return invitationWithoutToken;
+    }
+    async validate(token) {
+        const invitation = await this.findByToken(token);
+        if (!invitation || invitation.status !== types_1.INVITATION_STATUS.PENDING) {
+            return { valid: false };
+        }
+        if (this.isExpired(invitation.tokenExpiry)) {
+            await this.markAsExpired(invitation.id);
+            return { valid: false };
+        }
+        return {
+            valid: true,
+            email: invitation.email,
+            role: invitation.role,
+        };
+    }
+    async accept(token, password, firstName, lastName) {
+        const validation = await this.validate(token);
+        if (!validation.valid || !validation.email) {
+            throw new common_1.BadRequestException('Invalid or expired invitation token');
+        }
+        const user = await this.usersService.create({
+            email: validation.email,
+            password,
+            firstName: firstName ?? null,
+            lastName: lastName ?? null,
+        });
+        await this.markAsAccepted(token);
+        return user;
+    }
+    async ensureUserDoesNotExist(email) {
+        const existingUser = await this.usersService.findOne(email);
+        if (existingUser) {
+            throw new common_1.BadRequestException('User with this email already exists');
+        }
+    }
+    async ensureNoPendingInvitation(email) {
+        const existing = await this.db.query.invitations.findFirst({
+            where: (0, drizzle_orm_1.eq)(invitations_schema_1.invitations.email, email),
+        });
+        if (existing?.status === types_1.INVITATION_STATUS.PENDING &&
+            !this.isExpired(existing.tokenExpiry)) {
+            throw new common_1.BadRequestException('A pending invitation already exists for this email');
+        }
+    }
+    isExpired(tokenExpiry) {
+        return tokenExpiry < Date.now();
+    }
+    async findByToken(token) {
+        return this.db.query.invitations.findFirst({
+            where: (0, drizzle_orm_1.eq)(invitations_schema_1.invitations.token, token),
+        });
+    }
+    async markAsExpired(id) {
+        await this.db
+            .update(invitations_schema_1.invitations)
+            .set({ status: types_1.INVITATION_STATUS.EXPIRED })
+            .where((0, drizzle_orm_1.eq)(invitations_schema_1.invitations.id, id));
+    }
+    async markAsAccepted(token) {
+        await this.db
+            .update(invitations_schema_1.invitations)
+            .set({ status: types_1.INVITATION_STATUS.ACCEPTED })
+            .where((0, drizzle_orm_1.eq)(invitations_schema_1.invitations.token, token));
+    }
+    get expiryDays() {
+        return this.options.invitationExpiryDays ?? DEFAULT_EXPIRY_DAYS;
+    }
+    generateToken(email) {
+        const expiresAt = Date.now() + this.expiryDays * MS_PER_DAY;
+        const payload = `${email}:${expiresAt}:${(0, crypto_1.randomBytes)(16).toString('hex')}`;
+        const token = (0, crypto_1.createHmac)('sha256', this.options.invitationTokenSecret)
+            .update(payload)
+            .digest('hex');
+        return { token, expiresAt };
+    }
+    async sendInvitationEmail(email, token) {
+        const inviteUrl = `${this.options.frontendBaseUrl}/accept-invitation?token=${token}`;
+        this.logger.debug(`Invitation for ${email}: ${inviteUrl}`);
+        if (!this.emailSender) {
+            this.logger.warn('EmailSender not configured - skipping invitation email');
+            return;
+        }
+        await this.emailSender.send({
+            to: email,
+            subject: templates_1.INVITATION_EMAIL_SUBJECT,
+            body: (0, templates_1.buildInvitationEmailBody)({
+                inviteUrl,
+                expiryDays: this.expiryDays,
+            }),
+        });
+        this.logger.log(`Invitation email sent to ${email}`);
+    }
+};
+exports.InvitationsService = InvitationsService;
+exports.InvitationsService = InvitationsService = InvitationsService_1 = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__param(0, (0, common_1.Inject)(shared_poly_util_constants_1.DB_TAG)),
+    tslib_1.__param(1, (0, common_1.Inject)(types_1.USER_MANAGEMENT_OPTIONS)),
+    tslib_1.__param(3, (0, common_1.Optional)()),
+    tslib_1.__param(3, (0, common_1.Inject)(types_1.EMAIL_SENDER)),
+    tslib_1.__metadata("design:paramtypes", [better_sqlite3_1.BetterSQLite3Database, Object, shared_backend_data_access_users_1.UsersService, Object])
+], InvitationsService);

package/dist/lib/services/user-management.service.d.ts

@@ -0,0 +1,11 @@
+import { UsersService, User } from '@open-kingdom/shared-backend-data-access-users';
+export type UserWithoutPassword = Omit<User, 'password'>;
+export declare class UserManagementService {
+    private readonly usersService;
+    constructor(usersService: UsersService);
+    findAll(): Promise<UserWithoutPassword[]>;
+    findById(id: number): Promise<UserWithoutPassword>;
+    delete(id: number, requesterId: number): Promise<void>;
+    private excludePassword;
+}
+//# sourceMappingURL=user-management.service.d.ts.map

package/dist/lib/services/user-management.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-management.service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/user-management.service.ts"],"names":[],"mappings":"AAMA,OAAO,EACL,YAAY,EACZ,IAAI,EACL,MAAM,gDAAgD,CAAC;AAExD,MAAM,MAAM,mBAAmB,GAAG,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AAEzD,qBACa,qBAAqB;IACpB,OAAO,CAAC,QAAQ,CAAC,YAAY;gBAAZ,YAAY,EAAE,YAAY;IAEjD,OAAO,IAAI,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAKzC,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAQlD,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAa5D,OAAO,CAAC,eAAe;CAIxB"}

package/dist/lib/services/user-management.service.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserManagementService = void 0;
+const tslib_1 = require("tslib");
+const common_1 = require("@nestjs/common");
+const shared_backend_data_access_users_1 = require("@open-kingdom/shared-backend-data-access-users");
+let UserManagementService = class UserManagementService {
+    constructor(usersService) {
+        this.usersService = usersService;
+    }
+    async findAll() {
+        const users = await this.usersService.findAll();
+        return users.map((user) => this.excludePassword(user));
+    }
+    async findById(id) {
+        const user = await this.usersService.findById(id);
+        if (!user) {
+            throw new common_1.NotFoundException('User not found');
+        }
+        return this.excludePassword(user);
+    }
+    async delete(id, requesterId) {
+        if (id === requesterId) {
+            throw new common_1.ForbiddenException('Cannot delete your own account');
+        }
+        const user = await this.usersService.findById(id);
+        if (!user) {
+            throw new common_1.NotFoundException('User not found');
+        }
+        await this.usersService.delete(id);
+    }
+    excludePassword(user) {
+        const { password: _password, ...userWithoutPassword } = user;
+        return userWithoutPassword;
+    }
+};
+exports.UserManagementService = UserManagementService;
+exports.UserManagementService = UserManagementService = tslib_1.__decorate([
+    (0, common_1.Injectable)(),
+    tslib_1.__metadata("design:paramtypes", [shared_backend_data_access_users_1.UsersService])
+], UserManagementService);

package/dist/lib/templates/index.d.ts

@@ -0,0 +1,2 @@
+export * from './invitation-email.template';
+//# sourceMappingURL=index.d.ts.map

package/dist/lib/templates/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/templates/index.ts"],"names":[],"mappings":"AAAA,cAAc,6BAA6B,CAAC"}

package/dist/lib/templates/index.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./invitation-email.template"), exports);

package/dist/lib/templates/invitation-email.template.d.ts

@@ -0,0 +1,7 @@
+export interface InvitationEmailParams {
+    inviteUrl: string;
+    expiryDays: number;
+}
+export declare const INVITATION_EMAIL_SUBJECT = "You have been invited";
+export declare const buildInvitationEmailBody: (params: InvitationEmailParams) => string;
+//# sourceMappingURL=invitation-email.template.d.ts.map

package/dist/lib/templates/invitation-email.template.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"invitation-email.template.d.ts","sourceRoot":"","sources":["../../../src/lib/templates/invitation-email.template.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,eAAO,MAAM,wBAAwB,0BAA0B,CAAC;AAEhE,eAAO,MAAM,wBAAwB,GACnC,QAAQ,qBAAqB,KAC5B,MAUF,CAAC"}

package/dist/lib/templates/invitation-email.template.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildInvitationEmailBody = exports.INVITATION_EMAIL_SUBJECT = void 0;
+exports.INVITATION_EMAIL_SUBJECT = 'You have been invited';
+const buildInvitationEmailBody = (params) => {
+    return [
+        'You have been invited to join the platform.',
+        '',
+        'Click the link below to accept the invitation and create your account:',
+        '',
+        params.inviteUrl,
+        '',
+        `This invitation will expire in ${params.expiryDays} days.`,
+    ].join('\n');
+};
+exports.buildInvitationEmailBody = buildInvitationEmailBody;

package/dist/lib/types.d.ts

@@ -0,0 +1,36 @@
+import type { Request } from 'express';
+export declare const USER_MANAGEMENT_OPTIONS = "USER_MANAGEMENT_OPTIONS";
+export declare const EMAIL_SENDER = "EMAIL_SENDER";
+export interface UserManagementModuleOptions {
+    invitationTokenSecret: string;
+    invitationExpiryDays?: number;
+    frontendBaseUrl: string;
+}
+export interface AuthenticatedRequest extends Request {
+    user: {
+        id: number;
+        email: string;
+    };
+}
+export type Role = 'guest' | 'user' | 'admin';
+export type InvitationStatus = 'pending' | 'accepted' | 'expired';
+export declare const INVITATION_STATUS: {
+    readonly PENDING: "pending";
+    readonly ACCEPTED: "accepted";
+    readonly EXPIRED: "expired";
+};
+export interface ValidationResult {
+    valid: boolean;
+    email?: string;
+    role?: Role;
+}
+export interface EmailSender {
+    send(message: {
+        to: string;
+        subject: string;
+        body: string;
+    }): Promise<{
+        success: boolean;
+    }>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/lib/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/lib/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAGvC,eAAO,MAAM,uBAAuB,4BAA4B,CAAC;AACjE,eAAO,MAAM,YAAY,iBAAiB,CAAC;AAG3C,MAAM,WAAW,2BAA2B;IAC1C,qBAAqB,EAAE,MAAM,CAAC;IAC9B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,eAAe,EAAE,MAAM,CAAC;CACzB;AAGD,MAAM,WAAW,oBAAqB,SAAQ,OAAO;IACnD,IAAI,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CACrC;AAGD,MAAM,MAAM,IAAI,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;AAE9C,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,UAAU,GAAG,SAAS,CAAC;AAElE,eAAO,MAAM,iBAAiB;;;;CAIpB,CAAC;AAEX,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,IAAI,CAAC;CACb;AAGD,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,OAAO,EAAE;QACZ,EAAE,EAAE,MAAM,CAAC;QACX,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;KACd,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CACnC"}

package/dist/lib/types.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.INVITATION_STATUS = exports.EMAIL_SENDER = exports.USER_MANAGEMENT_OPTIONS = void 0;
+// Injection tokens
+exports.USER_MANAGEMENT_OPTIONS = 'USER_MANAGEMENT_OPTIONS';
+exports.EMAIL_SENDER = 'EMAIL_SENDER';
+exports.INVITATION_STATUS = {
+    PENDING: 'pending',
+    ACCEPTED: 'accepted',
+    EXPIRED: 'expired',
+};

package/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "@open-kingdom/shared-backend-feature-user-management",
+  "version": "0.0.2-10",
+  "publishConfig": {
+    "access": "public"
+  },
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "@open-kingdom/source": "./src/index.ts",
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "!**/*.tsbuildinfo"
+  ],
+  "nx": {
+    "tags": [
+      "scope:shared",
+      "type:feature",
+      "environment:backend"
+    ]
+  },
+  "dependencies": {
+    "tslib": "^2.3.0",
+    "@nestjs/common": "^11.0.0",
+    "@nestjs/passport": "^11.0.5",
+    "@nestjs/swagger": "^11.2.3",
+    "@open-kingdom/shared-backend-data-access-users": "0.0.2-10",
+    "@open-kingdom/shared-backend-feature-email": "0.0.2-10",
+    "@open-kingdom/shared-poly-util-constants": "0.0.2-10",
+    "drizzle-orm": "^0.44.5",
+    "express": "5.2.1"
+  }
+}