@os.io/nest-kit 0.0.1-alpha.0 → 0.0.1-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (286) hide show
  1. package/README.md +30 -30
  2. package/package.json +41 -5
  3. package/dist/auth/auth.constants.d.ts +0 -19
  4. package/dist/auth/auth.constants.d.ts.map +0 -1
  5. package/dist/auth/auth.constants.js +0 -19
  6. package/dist/auth/auth.constants.js.map +0 -1
  7. package/dist/auth/auth.guard.d.ts +0 -20
  8. package/dist/auth/auth.guard.d.ts.map +0 -1
  9. package/dist/auth/auth.guard.js +0 -84
  10. package/dist/auth/auth.guard.js.map +0 -1
  11. package/dist/auth/auth.module.d.ts +0 -26
  12. package/dist/auth/auth.module.d.ts.map +0 -1
  13. package/dist/auth/auth.module.js +0 -344
  14. package/dist/auth/auth.module.js.map +0 -1
  15. package/dist/auth/auth.options.d.ts +0 -179
  16. package/dist/auth/auth.options.d.ts.map +0 -1
  17. package/dist/auth/auth.options.js +0 -2
  18. package/dist/auth/auth.options.js.map +0 -1
  19. package/dist/auth/auth.service.d.ts +0 -57
  20. package/dist/auth/auth.service.d.ts.map +0 -1
  21. package/dist/auth/auth.service.js +0 -175
  22. package/dist/auth/auth.service.js.map +0 -1
  23. package/dist/auth/authorization/index.d.ts +0 -3
  24. package/dist/auth/authorization/index.d.ts.map +0 -1
  25. package/dist/auth/authorization/index.js +0 -3
  26. package/dist/auth/authorization/index.js.map +0 -1
  27. package/dist/auth/authorization/pbac/index.d.ts +0 -6
  28. package/dist/auth/authorization/pbac/index.d.ts.map +0 -1
  29. package/dist/auth/authorization/pbac/index.js +0 -4
  30. package/dist/auth/authorization/pbac/index.js.map +0 -1
  31. package/dist/auth/authorization/pbac/pbac.decorator.d.ts +0 -18
  32. package/dist/auth/authorization/pbac/pbac.decorator.d.ts.map +0 -1
  33. package/dist/auth/authorization/pbac/pbac.decorator.js +0 -14
  34. package/dist/auth/authorization/pbac/pbac.decorator.js.map +0 -1
  35. package/dist/auth/authorization/pbac/pbac.guard.d.ts +0 -19
  36. package/dist/auth/authorization/pbac/pbac.guard.d.ts.map +0 -1
  37. package/dist/auth/authorization/pbac/pbac.guard.js +0 -60
  38. package/dist/auth/authorization/pbac/pbac.guard.js.map +0 -1
  39. package/dist/auth/authorization/pbac/pbac.service.d.ts +0 -44
  40. package/dist/auth/authorization/pbac/pbac.service.d.ts.map +0 -1
  41. package/dist/auth/authorization/pbac/pbac.service.js +0 -146
  42. package/dist/auth/authorization/pbac/pbac.service.js.map +0 -1
  43. package/dist/auth/authorization/pbac/pbac.types.d.ts +0 -47
  44. package/dist/auth/authorization/pbac/pbac.types.d.ts.map +0 -1
  45. package/dist/auth/authorization/pbac/pbac.types.js +0 -2
  46. package/dist/auth/authorization/pbac/pbac.types.js.map +0 -1
  47. package/dist/auth/authorization/rbac/index.d.ts +0 -4
  48. package/dist/auth/authorization/rbac/index.d.ts.map +0 -1
  49. package/dist/auth/authorization/rbac/index.js +0 -4
  50. package/dist/auth/authorization/rbac/index.js.map +0 -1
  51. package/dist/auth/authorization/rbac/rbac.decorator.d.ts +0 -18
  52. package/dist/auth/authorization/rbac/rbac.decorator.d.ts.map +0 -1
  53. package/dist/auth/authorization/rbac/rbac.decorator.js +0 -25
  54. package/dist/auth/authorization/rbac/rbac.decorator.js.map +0 -1
  55. package/dist/auth/authorization/rbac/rbac.guard.d.ts +0 -19
  56. package/dist/auth/authorization/rbac/rbac.guard.d.ts.map +0 -1
  57. package/dist/auth/authorization/rbac/rbac.guard.js +0 -50
  58. package/dist/auth/authorization/rbac/rbac.guard.js.map +0 -1
  59. package/dist/auth/authorization/rbac/rbac.service.d.ts +0 -43
  60. package/dist/auth/authorization/rbac/rbac.service.d.ts.map +0 -1
  61. package/dist/auth/authorization/rbac/rbac.service.js +0 -95
  62. package/dist/auth/authorization/rbac/rbac.service.js.map +0 -1
  63. package/dist/auth/decorators/current-user.decorator.d.ts +0 -17
  64. package/dist/auth/decorators/current-user.decorator.d.ts.map +0 -1
  65. package/dist/auth/decorators/current-user.decorator.js +0 -23
  66. package/dist/auth/decorators/current-user.decorator.js.map +0 -1
  67. package/dist/auth/decorators/index.d.ts +0 -3
  68. package/dist/auth/decorators/index.d.ts.map +0 -1
  69. package/dist/auth/decorators/index.js +0 -3
  70. package/dist/auth/decorators/index.js.map +0 -1
  71. package/dist/auth/decorators/public.decorator.d.ts +0 -13
  72. package/dist/auth/decorators/public.decorator.d.ts.map +0 -1
  73. package/dist/auth/decorators/public.decorator.js +0 -15
  74. package/dist/auth/decorators/public.decorator.js.map +0 -1
  75. package/dist/auth/index.d.ts +0 -63
  76. package/dist/auth/index.d.ts.map +0 -1
  77. package/dist/auth/index.js +0 -65
  78. package/dist/auth/index.js.map +0 -1
  79. package/dist/auth/interfaces/auth-request.interface.d.ts +0 -18
  80. package/dist/auth/interfaces/auth-request.interface.d.ts.map +0 -1
  81. package/dist/auth/interfaces/auth-request.interface.js +0 -2
  82. package/dist/auth/interfaces/auth-request.interface.js.map +0 -1
  83. package/dist/auth/interfaces/auth-result.interface.d.ts +0 -28
  84. package/dist/auth/interfaces/auth-result.interface.d.ts.map +0 -1
  85. package/dist/auth/interfaces/auth-result.interface.js +0 -2
  86. package/dist/auth/interfaces/auth-result.interface.js.map +0 -1
  87. package/dist/auth/interfaces/auth-strategy.interface.d.ts +0 -37
  88. package/dist/auth/interfaces/auth-strategy.interface.d.ts.map +0 -1
  89. package/dist/auth/interfaces/auth-strategy.interface.js +0 -16
  90. package/dist/auth/interfaces/auth-strategy.interface.js.map +0 -1
  91. package/dist/auth/interfaces/auth-user.interface.d.ts +0 -25
  92. package/dist/auth/interfaces/auth-user.interface.d.ts.map +0 -1
  93. package/dist/auth/interfaces/auth-user.interface.js +0 -2
  94. package/dist/auth/interfaces/auth-user.interface.js.map +0 -1
  95. package/dist/auth/interfaces/cache-service.interface.d.ts +0 -30
  96. package/dist/auth/interfaces/cache-service.interface.d.ts.map +0 -1
  97. package/dist/auth/interfaces/cache-service.interface.js +0 -2
  98. package/dist/auth/interfaces/cache-service.interface.js.map +0 -1
  99. package/dist/auth/interfaces/index.d.ts +0 -8
  100. package/dist/auth/interfaces/index.d.ts.map +0 -1
  101. package/dist/auth/interfaces/index.js +0 -2
  102. package/dist/auth/interfaces/index.js.map +0 -1
  103. package/dist/auth/interfaces/user-service.interface.d.ts +0 -34
  104. package/dist/auth/interfaces/user-service.interface.d.ts.map +0 -1
  105. package/dist/auth/interfaces/user-service.interface.js +0 -2
  106. package/dist/auth/interfaces/user-service.interface.js.map +0 -1
  107. package/dist/auth/password/password.service.d.ts +0 -23
  108. package/dist/auth/password/password.service.d.ts.map +0 -1
  109. package/dist/auth/password/password.service.js +0 -52
  110. package/dist/auth/password/password.service.js.map +0 -1
  111. package/dist/auth/session/device-session.service.d.ts +0 -43
  112. package/dist/auth/session/device-session.service.d.ts.map +0 -1
  113. package/dist/auth/session/device-session.service.js +0 -72
  114. package/dist/auth/session/device-session.service.js.map +0 -1
  115. package/dist/auth/session/index.d.ts +0 -5
  116. package/dist/auth/session/index.d.ts.map +0 -1
  117. package/dist/auth/session/index.js +0 -4
  118. package/dist/auth/session/index.js.map +0 -1
  119. package/dist/auth/session/jwt.service.d.ts +0 -37
  120. package/dist/auth/session/jwt.service.d.ts.map +0 -1
  121. package/dist/auth/session/jwt.service.js +0 -119
  122. package/dist/auth/session/jwt.service.js.map +0 -1
  123. package/dist/auth/session/token-blacklist.service.d.ts +0 -37
  124. package/dist/auth/session/token-blacklist.service.d.ts.map +0 -1
  125. package/dist/auth/session/token-blacklist.service.js +0 -70
  126. package/dist/auth/session/token-blacklist.service.js.map +0 -1
  127. package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts +0 -19
  128. package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts.map +0 -1
  129. package/dist/auth/strategies/anonymous/anonymous.strategy.js +0 -49
  130. package/dist/auth/strategies/anonymous/anonymous.strategy.js.map +0 -1
  131. package/dist/auth/strategies/base/base.strategy.d.ts +0 -11
  132. package/dist/auth/strategies/base/base.strategy.d.ts.map +0 -1
  133. package/dist/auth/strategies/base/base.strategy.js +0 -6
  134. package/dist/auth/strategies/base/base.strategy.js.map +0 -1
  135. package/dist/auth/strategies/credentials/credentials.strategy.d.ts +0 -21
  136. package/dist/auth/strategies/credentials/credentials.strategy.d.ts.map +0 -1
  137. package/dist/auth/strategies/credentials/credentials.strategy.js +0 -67
  138. package/dist/auth/strategies/credentials/credentials.strategy.js.map +0 -1
  139. package/dist/auth/strategies/index.d.ts +0 -12
  140. package/dist/auth/strategies/index.d.ts.map +0 -1
  141. package/dist/auth/strategies/index.js +0 -12
  142. package/dist/auth/strategies/index.js.map +0 -1
  143. package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts +0 -31
  144. package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts.map +0 -1
  145. package/dist/auth/strategies/magic-link/magic-link.strategy.js +0 -88
  146. package/dist/auth/strategies/magic-link/magic-link.strategy.js.map +0 -1
  147. package/dist/auth/strategies/oauth/index.d.ts +0 -3
  148. package/dist/auth/strategies/oauth/index.d.ts.map +0 -1
  149. package/dist/auth/strategies/oauth/index.js +0 -3
  150. package/dist/auth/strategies/oauth/index.js.map +0 -1
  151. package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts +0 -13
  152. package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts.map +0 -1
  153. package/dist/auth/strategies/oauth/oauth-provider-registry.js +0 -20
  154. package/dist/auth/strategies/oauth/oauth-provider-registry.js.map +0 -1
  155. package/dist/auth/strategies/oauth/oauth.strategy.d.ts +0 -23
  156. package/dist/auth/strategies/oauth/oauth.strategy.d.ts.map +0 -1
  157. package/dist/auth/strategies/oauth/oauth.strategy.js +0 -79
  158. package/dist/auth/strategies/oauth/oauth.strategy.js.map +0 -1
  159. package/dist/auth/strategies/onetap/onetap.strategy.d.ts +0 -24
  160. package/dist/auth/strategies/onetap/onetap.strategy.d.ts.map +0 -1
  161. package/dist/auth/strategies/onetap/onetap.strategy.js +0 -77
  162. package/dist/auth/strategies/onetap/onetap.strategy.js.map +0 -1
  163. package/dist/auth/strategies/otp/otp.strategy.d.ts +0 -31
  164. package/dist/auth/strategies/otp/otp.strategy.d.ts.map +0 -1
  165. package/dist/auth/strategies/otp/otp.strategy.js +0 -93
  166. package/dist/auth/strategies/otp/otp.strategy.js.map +0 -1
  167. package/dist/auth/strategies/passkey/passkey.strategy.d.ts +0 -32
  168. package/dist/auth/strategies/passkey/passkey.strategy.d.ts.map +0 -1
  169. package/dist/auth/strategies/passkey/passkey.strategy.js +0 -102
  170. package/dist/auth/strategies/passkey/passkey.strategy.js.map +0 -1
  171. package/dist/auth/strategies/sso/sso.strategy.d.ts +0 -25
  172. package/dist/auth/strategies/sso/sso.strategy.d.ts.map +0 -1
  173. package/dist/auth/strategies/sso/sso.strategy.js +0 -80
  174. package/dist/auth/strategies/sso/sso.strategy.js.map +0 -1
  175. package/dist/auth/strategies/totp/totp.strategy.d.ts +0 -37
  176. package/dist/auth/strategies/totp/totp.strategy.d.ts.map +0 -1
  177. package/dist/auth/strategies/totp/totp.strategy.js +0 -109
  178. package/dist/auth/strategies/totp/totp.strategy.js.map +0 -1
  179. package/dist/auth/throttling/index.d.ts +0 -2
  180. package/dist/auth/throttling/index.d.ts.map +0 -1
  181. package/dist/auth/throttling/index.js +0 -2
  182. package/dist/auth/throttling/index.js.map +0 -1
  183. package/dist/auth/throttling/throttle.service.d.ts +0 -27
  184. package/dist/auth/throttling/throttle.service.d.ts.map +0 -1
  185. package/dist/auth/throttling/throttle.service.js +0 -63
  186. package/dist/auth/throttling/throttle.service.js.map +0 -1
  187. package/dist/bootstrap/cache/config.d.ts +0 -135
  188. package/dist/bootstrap/cache/config.d.ts.map +0 -1
  189. package/dist/bootstrap/cache/config.js +0 -189
  190. package/dist/bootstrap/cache/config.js.map +0 -1
  191. package/dist/bootstrap/cache/index.d.ts +0 -11
  192. package/dist/bootstrap/cache/index.d.ts.map +0 -1
  193. package/dist/bootstrap/cache/index.js +0 -11
  194. package/dist/bootstrap/cache/index.js.map +0 -1
  195. package/dist/bootstrap/index.d.ts +0 -21
  196. package/dist/bootstrap/index.d.ts.map +0 -1
  197. package/dist/bootstrap/index.js +0 -21
  198. package/dist/bootstrap/index.js.map +0 -1
  199. package/dist/bootstrap/scalar/api-docs.d.ts +0 -39
  200. package/dist/bootstrap/scalar/api-docs.d.ts.map +0 -1
  201. package/dist/bootstrap/scalar/api-docs.js +0 -41
  202. package/dist/bootstrap/scalar/api-docs.js.map +0 -1
  203. package/dist/bootstrap/scalar/index.d.ts +0 -39
  204. package/dist/bootstrap/scalar/index.d.ts.map +0 -1
  205. package/dist/bootstrap/scalar/index.js +0 -41
  206. package/dist/bootstrap/scalar/index.js.map +0 -1
  207. package/dist/bootstrap/swagger/api-docs.d.ts +0 -73
  208. package/dist/bootstrap/swagger/api-docs.d.ts.map +0 -1
  209. package/dist/bootstrap/swagger/api-docs.js +0 -87
  210. package/dist/bootstrap/swagger/api-docs.js.map +0 -1
  211. package/dist/bootstrap/swagger/index.d.ts +0 -37
  212. package/dist/bootstrap/swagger/index.d.ts.map +0 -1
  213. package/dist/bootstrap/swagger/index.js +0 -36
  214. package/dist/bootstrap/swagger/index.js.map +0 -1
  215. package/dist/bootstrap/typeorm/config/index.d.ts +0 -12
  216. package/dist/bootstrap/typeorm/config/index.d.ts.map +0 -1
  217. package/dist/bootstrap/typeorm/config/index.js +0 -62
  218. package/dist/bootstrap/typeorm/config/index.js.map +0 -1
  219. package/dist/bootstrap/typeorm/crud/controller.d.ts +0 -13
  220. package/dist/bootstrap/typeorm/crud/controller.d.ts.map +0 -1
  221. package/dist/bootstrap/typeorm/crud/controller.js +0 -72
  222. package/dist/bootstrap/typeorm/crud/controller.js.map +0 -1
  223. package/dist/bootstrap/typeorm/crud/index.d.ts +0 -4
  224. package/dist/bootstrap/typeorm/crud/index.d.ts.map +0 -1
  225. package/dist/bootstrap/typeorm/crud/index.js +0 -3
  226. package/dist/bootstrap/typeorm/crud/index.js.map +0 -1
  227. package/dist/bootstrap/typeorm/crud/service.d.ts +0 -10
  228. package/dist/bootstrap/typeorm/crud/service.d.ts.map +0 -1
  229. package/dist/bootstrap/typeorm/crud/service.js +0 -21
  230. package/dist/bootstrap/typeorm/crud/service.js.map +0 -1
  231. package/dist/bootstrap/typeorm/index.d.ts +0 -18
  232. package/dist/bootstrap/typeorm/index.d.ts.map +0 -1
  233. package/dist/bootstrap/typeorm/index.js +0 -18
  234. package/dist/bootstrap/typeorm/index.js.map +0 -1
  235. package/dist/bootstrap/typeorm/uow/factory.d.ts +0 -5
  236. package/dist/bootstrap/typeorm/uow/factory.d.ts.map +0 -1
  237. package/dist/bootstrap/typeorm/uow/factory.js +0 -27
  238. package/dist/bootstrap/typeorm/uow/factory.js.map +0 -1
  239. package/dist/bootstrap/typeorm/uow/index.d.ts +0 -4
  240. package/dist/bootstrap/typeorm/uow/index.d.ts.map +0 -1
  241. package/dist/bootstrap/typeorm/uow/index.js +0 -4
  242. package/dist/bootstrap/typeorm/uow/index.js.map +0 -1
  243. package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts +0 -62
  244. package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts.map +0 -1
  245. package/dist/bootstrap/typeorm/uow/transactional.decorator.js +0 -114
  246. package/dist/bootstrap/typeorm/uow/transactional.decorator.js.map +0 -1
  247. package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts +0 -11
  248. package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts.map +0 -1
  249. package/dist/bootstrap/typeorm/uow/unit-of-work.js +0 -23
  250. package/dist/bootstrap/typeorm/uow/unit-of-work.js.map +0 -1
  251. package/dist/core/index.d.ts +0 -11
  252. package/dist/core/index.d.ts.map +0 -1
  253. package/dist/core/index.js +0 -11
  254. package/dist/core/index.js.map +0 -1
  255. package/dist/infra/audit-log/index.d.ts +0 -12
  256. package/dist/infra/audit-log/index.d.ts.map +0 -1
  257. package/dist/infra/audit-log/index.js +0 -13
  258. package/dist/infra/audit-log/index.js.map +0 -1
  259. package/dist/infra/index.d.ts +0 -20
  260. package/dist/infra/index.d.ts.map +0 -1
  261. package/dist/infra/index.js +0 -21
  262. package/dist/infra/index.js.map +0 -1
  263. package/dist/infra/logger/index.d.ts +0 -12
  264. package/dist/infra/logger/index.d.ts.map +0 -1
  265. package/dist/infra/logger/index.js +0 -13
  266. package/dist/infra/logger/index.js.map +0 -1
  267. package/dist/infra/metrics/index.d.ts +0 -18
  268. package/dist/infra/metrics/index.d.ts.map +0 -1
  269. package/dist/infra/metrics/index.js +0 -19
  270. package/dist/infra/metrics/index.js.map +0 -1
  271. package/dist/infra/notification/index.d.ts +0 -12
  272. package/dist/infra/notification/index.d.ts.map +0 -1
  273. package/dist/infra/notification/index.js +0 -13
  274. package/dist/infra/notification/index.js.map +0 -1
  275. package/dist/infra/storage/index.d.ts +0 -12
  276. package/dist/infra/storage/index.d.ts.map +0 -1
  277. package/dist/infra/storage/index.js +0 -13
  278. package/dist/infra/storage/index.js.map +0 -1
  279. package/dist/infra/stripe/index.d.ts +0 -12
  280. package/dist/infra/stripe/index.d.ts.map +0 -1
  281. package/dist/infra/stripe/index.js +0 -13
  282. package/dist/infra/stripe/index.js.map +0 -1
  283. package/dist/saas/index.d.ts +0 -18
  284. package/dist/saas/index.d.ts.map +0 -1
  285. package/dist/saas/index.js +0 -19
  286. package/dist/saas/index.js.map +0 -1
@@ -1,175 +0,0 @@
1
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
- return c > 3 && r && Object.defineProperty(target, key, r), r;
6
- };
7
- var __metadata = (this && this.__metadata) || function (k, v) {
8
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
- };
10
- var __param = (this && this.__param) || function (paramIndex, decorator) {
11
- return function (target, key) { decorator(target, key, paramIndex); }
12
- };
13
- import { Inject, Injectable } from '@nestjs/common';
14
- import { AUTH_MODULE_OPTIONS, AUTH_STRATEGIES, CACHE_SERVICE } from './auth.constants';
15
- import { JwtService } from './session/jwt.service';
16
- import { TokenBlacklistService } from './session/token-blacklist.service';
17
- import { DeviceSessionService } from './session/device-session.service';
18
- /**
19
- * Central authentication orchestrator.
20
- *
21
- * Delegates to the appropriate strategy based on `AuthMethod`,
22
- * manages token lifecycle, session tracking, and cache acceleration.
23
- */
24
- let AuthService = class AuthService {
25
- options;
26
- cache;
27
- jwtService;
28
- tokenBlacklist;
29
- deviceSession;
30
- strategyMap = new Map();
31
- constructor(options, _strategies, cache, jwtService, tokenBlacklist, deviceSession) {
32
- this.options = options;
33
- this.cache = cache;
34
- this.jwtService = jwtService;
35
- this.tokenBlacklist = tokenBlacklist;
36
- this.deviceSession = deviceSession;
37
- for (const strategy of _strategies) {
38
- this.strategyMap.set(strategy.type, strategy);
39
- }
40
- }
41
- /**
42
- * Authenticate using the given method.
43
- *
44
- * @param method Authentication method (e.g. 'credentials', 'oauth')
45
- * @param payload Strategy-specific payload
46
- * @param context Optional execution context
47
- */
48
- async authenticate(method, payload, context) {
49
- const strategy = this.strategyMap.get(method);
50
- if (!strategy) {
51
- throw new Error(`Authentication method "${method}" is not enabled`);
52
- }
53
- const result = await strategy.authenticate(payload, context);
54
- // Track device session if multi-device is enabled
55
- if (this.options.session?.multiDevice) {
56
- await this.deviceSession.register({
57
- deviceId: payload.deviceId ?? 'default',
58
- userId: result.user.id,
59
- userAgent: payload.userAgent,
60
- ip: payload.ip,
61
- lastActivity: Date.now(),
62
- });
63
- }
64
- return result;
65
- }
66
- /**
67
- * Validate an access token and return its decoded payload.
68
- * Uses cache for fast-path validation when available.
69
- *
70
- * @param token Raw JWT access token
71
- */
72
- async validateToken(token) {
73
- // Fast-path: check cache first
74
- const cacheKey = `auth:token:${this.hash(token)}`;
75
- const cached = await this.cache.get(cacheKey);
76
- if (cached)
77
- return cached;
78
- const payload = await this.jwtService.verifyAccess(token);
79
- // Check blacklist
80
- const jti = payload.jti;
81
- if (jti && (await this.tokenBlacklist.isBlacklisted(jti))) {
82
- throw new Error('Token has been revoked');
83
- }
84
- // Cache the validated payload for 30 seconds
85
- await this.cache.set(cacheKey, payload, 30);
86
- return payload;
87
- }
88
- /**
89
- * Refresh an expired access token using a refresh token.
90
- * Implements refresh token rotation.
91
- */
92
- async refreshToken(refreshToken, deviceId) {
93
- const payload = await this.jwtService.verifyRefresh(refreshToken);
94
- const userId = payload.sub;
95
- // Check family revocation
96
- if (this.options.session?.rotation !== false) {
97
- const familyId = payload.family ?? payload.jti;
98
- if (familyId && (await this.tokenBlacklist.isFamilyRevoked(familyId))) {
99
- throw new Error('Refresh token family has been revoked');
100
- }
101
- }
102
- // In rotation mode, blacklist the current refresh token
103
- if (this.options.session?.rotation !== false && payload.jti) {
104
- const exp = payload.exp;
105
- const ttl = exp ? Math.max(1, exp - Math.floor(Date.now() / 1000)) : 86400;
106
- await this.tokenBlacklist.blacklistAccess(payload.jti, ttl);
107
- }
108
- const user = {
109
- id: userId,
110
- email: payload.email,
111
- username: payload.username,
112
- roles: payload.roles,
113
- permissions: payload.permissions,
114
- isAnonymous: payload.isAnonymous ?? false,
115
- isMfaVerified: payload.isMfaVerified ?? false,
116
- };
117
- const tokens = await this.jwtService.signTokens(user);
118
- // Update device session timestamp
119
- if (deviceId) {
120
- const session = await this.deviceSession.getSession(userId, deviceId);
121
- if (session) {
122
- session.lastActivity = Date.now();
123
- await this.deviceSession.register(session);
124
- }
125
- }
126
- return tokens;
127
- }
128
- /**
129
- * Logout — blacklist the current access token and optionally
130
- * remove a specific device session.
131
- */
132
- async logout(accessToken, deviceId) {
133
- const payload = this.jwtService.decode(accessToken);
134
- const jti = payload?.jti ?? this.hash(accessToken);
135
- const exp = payload?.exp;
136
- const ttl = exp ? Math.max(1, exp - Math.floor(Date.now() / 1000)) : 3600;
137
- await this.tokenBlacklist.blacklistAccess(jti, ttl);
138
- const userId = payload?.sub;
139
- if (userId && deviceId) {
140
- await this.deviceSession.removeSession(userId, deviceId);
141
- }
142
- }
143
- /**
144
- * Logout from all devices — revoke all sessions for a user.
145
- */
146
- async logoutAll(userId) {
147
- await this.deviceSession.removeAllUserSessions(userId);
148
- }
149
- /**
150
- * Get all active sessions for a user (multi-device view).
151
- */
152
- async getUserSessions(userId) {
153
- return this.deviceSession.getUserSessions(userId);
154
- }
155
- hash(value) {
156
- let hash = 0;
157
- for (let i = 0; i < value.length; i++) {
158
- const char = value.charCodeAt(i);
159
- hash = (hash << 5) - hash + char;
160
- hash |= 0;
161
- }
162
- return Math.abs(hash).toString(16);
163
- }
164
- };
165
- AuthService = __decorate([
166
- Injectable(),
167
- __param(0, Inject(AUTH_MODULE_OPTIONS)),
168
- __param(1, Inject(AUTH_STRATEGIES)),
169
- __param(2, Inject(CACHE_SERVICE)),
170
- __metadata("design:paramtypes", [Object, Array, Object, JwtService,
171
- TokenBlacklistService,
172
- DeviceSessionService])
173
- ], AuthService);
174
- export { AuthService };
175
- //# sourceMappingURL=auth.service.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../packages/auth/auth.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAyB,MAAM,gBAAgB,CAAC;AAG3E,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEvF,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAC1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AAExE;;;;;GAKG;AAEI,IAAM,WAAW,GAAjB,MAAM,WAAW;IAKH;IAIA;IACA;IACA;IACA;IAXF,WAAW,GAAG,IAAI,GAAG,EAA6B,CAAC;IAEpE,YAEmB,OAA0B,EAE3C,WAA4B,EAEX,KAAoB,EACpB,UAAsB,EACtB,cAAqC,EACrC,aAAmC;QAPnC,YAAO,GAAP,OAAO,CAAmB;QAI1B,UAAK,GAAL,KAAK,CAAe;QACpB,eAAU,GAAV,UAAU,CAAY;QACtB,mBAAc,GAAd,cAAc,CAAuB;QACrC,kBAAa,GAAb,aAAa,CAAsB;QAEpD,KAAK,MAAM,QAAQ,IAAI,WAAW,EAAE,CAAC;YACnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,YAAY,CAChB,MAAkB,EAClB,OAAgC,EAChC,OAA0B;QAE1B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,0BAA0B,MAAM,kBAAkB,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAE7D,kDAAkD;QAClD,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC;gBAChC,QAAQ,EAAG,OAAO,CAAC,QAAmB,IAAI,SAAS;gBACnD,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;gBACtB,SAAS,EAAE,OAAO,CAAC,SAA+B;gBAClD,EAAE,EAAE,OAAO,CAAC,EAAwB;gBACpC,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE;aACzB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CAAC,KAAa;QAC/B,+BAA+B;QAC/B,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAA0B,QAAQ,CAAC,CAAC;QACvE,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAE1D,kBAAkB;QAClB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAyB,CAAC;QAC9C,IAAI,GAAG,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,6CAA6C;QAC7C,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;QAE5C,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,YAAoB,EAAE,QAAiB;QACxD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAa,CAAC;QAErC,0BAA0B;QAC1B,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,KAAK,KAAK,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC;YAC/C,IAAI,QAAQ,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,QAAkB,CAAC,CAAC,EAAE,CAAC;gBAChF,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,KAAK,KAAK,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAC5D,MAAM,GAAG,GAAG,OAAO,CAAC,GAAyB,CAAC;YAC9C,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAC3E,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,GAAa,EAAE,GAAG,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,IAAI,GAAG;YACX,EAAE,EAAE,MAAM;YACV,KAAK,EAAE,OAAO,CAAC,KAA2B;YAC1C,QAAQ,EAAE,OAAO,CAAC,QAA8B;YAChD,KAAK,EAAE,OAAO,CAAC,KAA6B;YAC5C,WAAW,EAAE,OAAO,CAAC,WAAmC;YACxD,WAAW,EAAG,OAAO,CAAC,WAAuB,IAAI,KAAK;YACtD,aAAa,EAAG,OAAO,CAAC,aAAyB,IAAI,KAAK;SAC3D,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,kCAAkC;QAClC,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACtE,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBAClC,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,WAAmB,EAAE,QAAiB;QACjD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,GAAG,GAAI,OAAO,EAAE,GAAc,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC/D,MAAM,GAAG,GAAG,OAAO,EAAE,GAAyB,CAAC;QAC/C,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE1E,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAEpD,MAAM,MAAM,GAAG,OAAO,EAAE,GAAyB,CAAC;QAClD,IAAI,MAAM,IAAI,QAAQ,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,MAAc;QAC5B,MAAM,IAAI,CAAC,aAAa,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,OAAO,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;IAEO,IAAI,CAAC,KAAa;QACxB,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;YACjC,IAAI,IAAI,CAAC,CAAC;QACZ,CAAC;QACD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACrC,CAAC;CACF,CAAA;AAtKY,WAAW;IADvB,UAAU,EAAE;IAKR,WAAA,MAAM,CAAC,mBAAmB,CAAC,CAAA;IAE3B,WAAA,MAAM,CAAC,eAAe,CAAC,CAAA;IAEvB,WAAA,MAAM,CAAC,aAAa,CAAC,CAAA;4DAEO,UAAU;QACN,qBAAqB;QACtB,oBAAoB;GAZ3C,WAAW,CAsKvB"}
@@ -1,3 +0,0 @@
1
- export * from './rbac';
2
- export * from './pbac';
3
- //# sourceMappingURL=index.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../packages/auth/authorization/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAC;AACvB,cAAc,QAAQ,CAAC"}
@@ -1,3 +0,0 @@
1
- export * from './rbac';
2
- export * from './pbac';
3
- //# sourceMappingURL=index.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../packages/auth/authorization/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAC;AACvB,cAAc,QAAQ,CAAC"}
@@ -1,6 +0,0 @@
1
- export { PbacService } from './pbac.service';
2
- export { PbacGuard } from './pbac.guard';
3
- export { RequirePolicy } from './pbac.decorator';
4
- export type { PolicyDecoratorOptions } from './pbac.decorator';
5
- export type { PolicyStatement, PolicyDocument, PolicyContext, PolicyEffect } from './pbac.types';
6
- //# sourceMappingURL=index.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,YAAY,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAC/D,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC"}
@@ -1,4 +0,0 @@
1
- export { PbacService } from './pbac.service';
2
- export { PbacGuard } from './pbac.guard';
3
- export { RequirePolicy } from './pbac.decorator';
4
- //# sourceMappingURL=index.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC"}
@@ -1,18 +0,0 @@
1
- export interface PolicyDecoratorOptions {
2
- /** Action being performed (e.g. 'document:read') */
3
- action: string;
4
- /** Resource being accessed (e.g. 'org:123:doc:456') */
5
- resource: string | ((req: unknown) => string);
6
- }
7
- /**
8
- * Require a policy check on a route handler.
9
- * Works with the PbacGuard.
10
- *
11
- * @example
12
- * ```typescript
13
- * @RequirePolicy({ action: 'document:delete', resource: 'org:*' })
14
- * @RequirePolicy({ action: 'document:read', resource: (req) => req.params.docId })
15
- * ```
16
- */
17
- export declare const RequirePolicy: (options: PolicyDecoratorOptions) => import("@nestjs/common").CustomDecorator<string>;
18
- //# sourceMappingURL=pbac.decorator.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"pbac.decorator.d.ts","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/pbac.decorator.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,sBAAsB;IACrC,oDAAoD;IACpD,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,QAAQ,EAAE,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,CAAC,CAAC;CAC/C;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,aAAa,GAAI,SAAS,sBAAsB,qDACtB,CAAC"}
@@ -1,14 +0,0 @@
1
- import { SetMetadata } from '@nestjs/common';
2
- import { METADATA_POLICY } from '../../auth.constants';
3
- /**
4
- * Require a policy check on a route handler.
5
- * Works with the PbacGuard.
6
- *
7
- * @example
8
- * ```typescript
9
- * @RequirePolicy({ action: 'document:delete', resource: 'org:*' })
10
- * @RequirePolicy({ action: 'document:read', resource: (req) => req.params.docId })
11
- * ```
12
- */
13
- export const RequirePolicy = (options) => SetMetadata(METADATA_POLICY, options);
14
- //# sourceMappingURL=pbac.decorator.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"pbac.decorator.js","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/pbac.decorator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AASvD;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,OAA+B,EAAE,EAAE,CAC/D,WAAW,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC"}
@@ -1,19 +0,0 @@
1
- import { CanActivate, ExecutionContext } from '@nestjs/common';
2
- import { Reflector } from '@nestjs/core';
3
- import { PbacService } from './pbac.service';
4
- /**
5
- * Guard that enforces Policy-Based Access Control.
6
- *
7
- * Reads the required policy from the `@RequirePolicy()` decorator
8
- * and evaluates it against the user's assigned policies.
9
- *
10
- * This guard is independent — you can use it with or without RBAC on
11
- * different routes in the same application.
12
- */
13
- export declare class PbacGuard implements CanActivate {
14
- private readonly reflector;
15
- private readonly pbacService;
16
- constructor(reflector: Reflector, pbacService: PbacService);
17
- canActivate(context: ExecutionContext): Promise<boolean>;
18
- }
19
- //# sourceMappingURL=pbac.guard.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"pbac.guard.d.ts","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/pbac.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,WAAW,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAM7C;;;;;;;;GAQG;AACH,qBACa,SAAU,YAAW,WAAW;IAEzC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,WAAW;gBADX,SAAS,EAAE,SAAS,EACpB,WAAW,EAAE,WAAW;IAGrC,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAgC/D"}
@@ -1,60 +0,0 @@
1
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
- return c > 3 && r && Object.defineProperty(target, key, r), r;
6
- };
7
- var __metadata = (this && this.__metadata) || function (k, v) {
8
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
- };
10
- import { Injectable } from '@nestjs/common';
11
- import { Reflector } from '@nestjs/core';
12
- import { PbacService } from './pbac.service';
13
- import { METADATA_POLICY } from '../../auth.constants';
14
- /**
15
- * Guard that enforces Policy-Based Access Control.
16
- *
17
- * Reads the required policy from the `@RequirePolicy()` decorator
18
- * and evaluates it against the user's assigned policies.
19
- *
20
- * This guard is independent — you can use it with or without RBAC on
21
- * different routes in the same application.
22
- */
23
- let PbacGuard = class PbacGuard {
24
- reflector;
25
- pbacService;
26
- constructor(reflector, pbacService) {
27
- this.reflector = reflector;
28
- this.pbacService = pbacService;
29
- }
30
- async canActivate(context) {
31
- const policyMeta = this.reflector.getAllAndOverride(METADATA_POLICY, [
32
- context.getHandler(),
33
- context.getClass(),
34
- ]);
35
- if (!policyMeta)
36
- return true;
37
- const request = context.switchToHttp().getRequest();
38
- const user = request.user;
39
- if (!user)
40
- return false;
41
- const action = policyMeta.action;
42
- const resource = typeof policyMeta.resource === 'function'
43
- ? policyMeta.resource(request)
44
- : policyMeta.resource;
45
- const policies = await this.pbacService.getUserPolicies(user.id);
46
- const ctx = {
47
- user: user,
48
- resource: { id: resource, ...request.params },
49
- environment: {},
50
- };
51
- return this.pbacService.evaluate(policies, action, resource, ctx);
52
- }
53
- };
54
- PbacGuard = __decorate([
55
- Injectable(),
56
- __metadata("design:paramtypes", [Reflector,
57
- PbacService])
58
- ], PbacGuard);
59
- export { PbacGuard };
60
- //# sourceMappingURL=pbac.guard.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"pbac.guard.js","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/pbac.guard.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAiC,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAKvD;;;;;;;;GAQG;AAEI,IAAM,SAAS,GAAf,MAAM,SAAS;IAED;IACA;IAFnB,YACmB,SAAoB,EACpB,WAAwB;QADxB,cAAS,GAAT,SAAS,CAAW;QACpB,gBAAW,GAAX,WAAW,CAAa;IACxC,CAAC;IAEJ,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAyB,eAAe,EAAE;YAC3F,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAE7B,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAI7C,CAAC;QACL,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAC1B,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;QACjC,MAAM,QAAQ,GACZ,OAAO,UAAU,CAAC,QAAQ,KAAK,UAAU;YACvC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;YAC9B,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC;QAE1B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEjE,MAAM,GAAG,GAAkB;YACzB,IAAI,EAAE,IAAI;YACV,QAAQ,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE;YAC7C,WAAW,EAAE,EAAE;SAChB,CAAC;QAEF,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;IACpE,CAAC;CACF,CAAA;AAtCY,SAAS;IADrB,UAAU,EAAE;qCAGmB,SAAS;QACP,WAAW;GAHhC,SAAS,CAsCrB"}
@@ -1,44 +0,0 @@
1
- import type { ICacheService } from '../../interfaces';
2
- import type { PolicyContext, PolicyEffect, PolicyDocument } from './pbac.types';
3
- /**
4
- * Policy-Based Access Control service.
5
- *
6
- * Evaluates user-assigned policies against the current request context.
7
- * Supports wildcard matching and simple condition evaluation.
8
- */
9
- export declare class PbacService {
10
- private readonly cache;
11
- private defaultEffect;
12
- constructor(cache: ICacheService);
13
- /**
14
- * Configure the default effect when no policy matches.
15
- */
16
- setDefaultEffect(effect: PolicyEffect): void;
17
- /**
18
- * Evaluate a list of policy documents for a given action + resource.
19
- *
20
- * Returns `true` if access is granted, `false` otherwise.
21
- *
22
- * Evaluation logic (AWS IAM style):
23
- * 1. An explicit `deny` overrides everything.
24
- * 2. If any statement matches with `allow`, access is granted.
25
- * 3. If no statement matches, the default effect applies.
26
- */
27
- evaluate(policies: PolicyDocument[], action: string, resource: string, context: PolicyContext): boolean;
28
- /**
29
- * Fetch policies for a user, using cache when possible.
30
- */
31
- getUserPolicies(userId: string): Promise<PolicyDocument[]>;
32
- /**
33
- * Invalidate cached policies for a user.
34
- */
35
- invalidateUser(userId: string): Promise<void>;
36
- private matchAction;
37
- private matchResource;
38
- private wildcardMatch;
39
- private evaluateCondition;
40
- private resolveCondition;
41
- private eq;
42
- private resolveValue;
43
- }
44
- //# sourceMappingURL=pbac.service.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"pbac.service.d.ts","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/pbac.service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,OAAO,KAAK,EAAmB,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAEjG;;;;;GAKG;AACH,qBACa,WAAW;IAKpB,OAAO,CAAC,QAAQ,CAAC,KAAK;IAJxB,OAAO,CAAC,aAAa,CAAwB;gBAI1B,KAAK,EAAE,aAAa;IAGvC;;OAEG;IACH,gBAAgB,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI;IAI5C;;;;;;;;;OASG;IACH,QAAQ,CACN,QAAQ,EAAE,cAAc,EAAE,EAC1B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,aAAa,GACrB,OAAO;IAoBV;;OAEG;IACG,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAOhE;;OAEG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAInD,OAAO,CAAC,WAAW;IAInB,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,aAAa;IAKrB,OAAO,CAAC,iBAAiB;IAUzB,OAAO,CAAC,gBAAgB;IAoBxB,OAAO,CAAC,EAAE;IAWV,OAAO,CAAC,YAAY;CAWrB"}
@@ -1,146 +0,0 @@
1
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
- return c > 3 && r && Object.defineProperty(target, key, r), r;
6
- };
7
- var __metadata = (this && this.__metadata) || function (k, v) {
8
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
- };
10
- var __param = (this && this.__param) || function (paramIndex, decorator) {
11
- return function (target, key) { decorator(target, key, paramIndex); }
12
- };
13
- import { Inject, Injectable } from '@nestjs/common';
14
- import { CACHE_SERVICE } from '../../auth.constants';
15
- /**
16
- * Policy-Based Access Control service.
17
- *
18
- * Evaluates user-assigned policies against the current request context.
19
- * Supports wildcard matching and simple condition evaluation.
20
- */
21
- let PbacService = class PbacService {
22
- cache;
23
- defaultEffect = 'deny';
24
- constructor(cache) {
25
- this.cache = cache;
26
- }
27
- /**
28
- * Configure the default effect when no policy matches.
29
- */
30
- setDefaultEffect(effect) {
31
- this.defaultEffect = effect;
32
- }
33
- /**
34
- * Evaluate a list of policy documents for a given action + resource.
35
- *
36
- * Returns `true` if access is granted, `false` otherwise.
37
- *
38
- * Evaluation logic (AWS IAM style):
39
- * 1. An explicit `deny` overrides everything.
40
- * 2. If any statement matches with `allow`, access is granted.
41
- * 3. If no statement matches, the default effect applies.
42
- */
43
- evaluate(policies, action, resource, context) {
44
- let allowCount = 0;
45
- for (const doc of policies) {
46
- for (const stmt of doc.statements) {
47
- if (!this.matchAction(stmt, action))
48
- continue;
49
- if (!this.matchResource(stmt, resource))
50
- continue;
51
- if (stmt.condition && !this.evaluateCondition(stmt.condition, context)) {
52
- continue;
53
- }
54
- if (stmt.effect === 'deny')
55
- return false;
56
- if (stmt.effect === 'allow')
57
- allowCount += 1;
58
- }
59
- }
60
- if (allowCount > 0)
61
- return true;
62
- return this.defaultEffect === 'allow';
63
- }
64
- /**
65
- * Fetch policies for a user, using cache when possible.
66
- */
67
- async getUserPolicies(userId) {
68
- const cacheKey = `pbac:policies:${userId}`;
69
- const cached = await this.cache.get(cacheKey);
70
- if (cached)
71
- return cached;
72
- return [];
73
- }
74
- /**
75
- * Invalidate cached policies for a user.
76
- */
77
- async invalidateUser(userId) {
78
- await this.cache.del(`pbac:policies:${userId}`);
79
- }
80
- matchAction(stmt, action) {
81
- return stmt.actions.some((a) => this.wildcardMatch(a, action));
82
- }
83
- matchResource(stmt, resource) {
84
- return stmt.resources.some((r) => this.wildcardMatch(r, resource));
85
- }
86
- wildcardMatch(pattern, value) {
87
- const regexStr = pattern.replace(/[.+^${}()|[\]\\]/g, '\\$&').replace(/\*/g, '.*');
88
- return new RegExp(`^${regexStr}$`).test(value);
89
- }
90
- evaluateCondition(condition, context) {
91
- // Simple condition evaluator — supports { "eq": { "user.department": "engineering" } }
92
- // Extend this for production use with a proper expression engine.
93
- try {
94
- return this.resolveCondition(condition, context);
95
- }
96
- catch {
97
- return false;
98
- }
99
- }
100
- resolveCondition(node, context) {
101
- if (typeof node !== 'object' || node === null)
102
- return true;
103
- const obj = node;
104
- // Operator keys
105
- if ('eq' in obj)
106
- return this.eq(obj.eq, context);
107
- if ('ne' in obj)
108
- return !this.eq(obj.ne, context);
109
- if ('and' in obj) {
110
- const conditions = obj.and;
111
- return conditions.every((c) => this.resolveCondition(c, context));
112
- }
113
- if ('or' in obj) {
114
- const conditions = obj.or;
115
- return conditions.some((c) => this.resolveCondition(c, context));
116
- }
117
- return true;
118
- }
119
- eq(mapping, context) {
120
- if (typeof mapping !== 'object' || mapping === null)
121
- return false;
122
- const entries = Object.entries(mapping);
123
- if (entries.length !== 1)
124
- return false;
125
- const [key, expected] = entries[0];
126
- const actual = this.resolveValue(key, context);
127
- return String(actual) === String(expected);
128
- }
129
- resolveValue(path, context) {
130
- const parts = path.split('.');
131
- let current = context;
132
- for (const part of parts) {
133
- if (typeof current !== 'object' || current === null)
134
- return undefined;
135
- current = current[part];
136
- }
137
- return current;
138
- }
139
- };
140
- PbacService = __decorate([
141
- Injectable(),
142
- __param(0, Inject(CACHE_SERVICE)),
143
- __metadata("design:paramtypes", [Object])
144
- ], PbacService);
145
- export { PbacService };
146
- //# sourceMappingURL=pbac.service.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"pbac.service.js","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/pbac.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAGrD;;;;;GAKG;AAEI,IAAM,WAAW,GAAjB,MAAM,WAAW;IAKH;IAJX,aAAa,GAAiB,MAAM,CAAC;IAE7C,YAEmB,KAAoB;QAApB,UAAK,GAAL,KAAK,CAAe;IACpC,CAAC;IAEJ;;OAEG;IACH,gBAAgB,CAAC,MAAoB;QACnC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC;IAC9B,CAAC;IAED;;;;;;;;;OASG;IACH,QAAQ,CACN,QAA0B,EAC1B,MAAc,EACd,QAAgB,EAChB,OAAsB;QAEtB,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;gBAClC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC;oBAAE,SAAS;gBAC9C,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC;oBAAE,SAAS;gBAClD,IAAI,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,CAAC;oBACvE,SAAS;gBACX,CAAC;gBAED,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM;oBAAE,OAAO,KAAK,CAAC;gBACzC,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO;oBAAE,UAAU,IAAI,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,IAAI,UAAU,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAChC,OAAO,IAAI,CAAC,aAAa,KAAK,OAAO,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,MAAM,QAAQ,GAAG,iBAAiB,MAAM,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAmB,QAAQ,CAAC,CAAC;QAChE,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,MAAM,EAAE,CAAC,CAAC;IAClD,CAAC;IAEO,WAAW,CAAC,IAAqB,EAAE,MAAc;QACvD,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACjE,CAAC;IAEO,aAAa,CAAC,IAAqB,EAAE,QAAgB;QAC3D,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IACrE,CAAC;IAEO,aAAa,CAAC,OAAe,EAAE,KAAa;QAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACnF,OAAO,IAAI,MAAM,CAAC,IAAI,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjD,CAAC;IAEO,iBAAiB,CAAC,SAAkC,EAAE,OAAsB;QAClF,uFAAuF;QACvF,kEAAkE;QAClE,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,IAAa,EAAE,OAAsB;QAC5D,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAE3D,MAAM,GAAG,GAAG,IAA+B,CAAC;QAE5C,gBAAgB;QAChB,IAAI,IAAI,IAAI,GAAG;YAAE,OAAO,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QACjD,IAAI,IAAI,IAAI,GAAG;YAAE,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAClD,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACjB,MAAM,UAAU,GAAG,GAAG,CAAC,GAAgB,CAAC;YACxC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;YAChB,MAAM,UAAU,GAAG,GAAG,CAAC,EAAe,CAAC;YACvC,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,EAAE,CAAC,OAAgB,EAAE,OAAsB;QACjD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI;YAAE,OAAO,KAAK,CAAC;QAClE,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,OAAkC,CAAC,CAAC;QACnE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAEvC,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAE/C,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAEO,YAAY,CAAC,IAAY,EAAE,OAAsB;QACvD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9B,IAAI,OAAO,GAAY,OAAO,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI;gBAAE,OAAO,SAAS,CAAC;YACtE,OAAO,GAAI,OAAmC,CAAC,IAAI,CAAC,CAAC;QACvD,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF,CAAA;AApIY,WAAW;IADvB,UAAU,EAAE;IAKR,WAAA,MAAM,CAAC,aAAa,CAAC,CAAA;;GAJb,WAAW,CAoIvB"}
@@ -1,47 +0,0 @@
1
- /**
2
- * Policy effect — the outcome of evaluating a policy statement.
3
- */
4
- export type PolicyEffect = 'allow' | 'deny';
5
- /**
6
- * A single policy statement (akin to AWS IAM).
7
- *
8
- * @example
9
- * ```typescript
10
- * const policy: PolicyStatement = {
11
- * effect: 'deny',
12
- * actions: ['document:delete'],
13
- * resources: ['org:*'],
14
- * condition: { department: { ne: { ref: 'user.department' } } },
15
- * };
16
- * ```
17
- */
18
- export interface PolicyStatement {
19
- /** Whether this statement allows or denies access */
20
- effect: PolicyEffect;
21
- /** Actions this statement applies to (supports wildcard: 'document:*') */
22
- actions: string[];
23
- /** Resources this statement applies to (supports wildcard) */
24
- resources: string[];
25
- /** Optional conditions that must be satisfied */
26
- condition?: Record<string, unknown>;
27
- }
28
- /**
29
- * A complete policy document assigned to a user or role.
30
- */
31
- export interface PolicyDocument {
32
- /** Policy identifier */
33
- id?: string;
34
- /** Policy name */
35
- name?: string;
36
- /** List of statements */
37
- statements: PolicyStatement[];
38
- }
39
- /**
40
- * Evaluation context passed to condition functions.
41
- */
42
- export interface PolicyContext {
43
- user: Record<string, unknown>;
44
- resource: Record<string, unknown>;
45
- environment: Record<string, unknown>;
46
- }
47
- //# sourceMappingURL=pbac.types.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"pbac.types.d.ts","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/pbac.types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,MAAM,CAAC;AAE5C;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,eAAe;IAC9B,qDAAqD;IACrD,MAAM,EAAE,YAAY,CAAC;IACrB,0EAA0E;IAC1E,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,8DAA8D;IAC9D,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,wBAAwB;IACxB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,kBAAkB;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,yBAAyB;IACzB,UAAU,EAAE,eAAe,EAAE,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC"}
@@ -1,2 +0,0 @@
1
- export {};
2
- //# sourceMappingURL=pbac.types.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"pbac.types.js","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/pbac.types.ts"],"names":[],"mappings":""}
@@ -1,4 +0,0 @@
1
- export { RbacService } from './rbac.service';
2
- export { RbacGuard } from './rbac.guard';
3
- export { Roles } from './rbac.decorator';
4
- //# sourceMappingURL=index.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../packages/auth/authorization/rbac/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC"}
@@ -1,4 +0,0 @@
1
- export { RbacService } from './rbac.service';
2
- export { RbacGuard } from './rbac.guard';
3
- export { Roles } from './rbac.decorator';
4
- //# sourceMappingURL=index.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../packages/auth/authorization/rbac/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC"}