@os.io/nest-kit 0.0.1-alpha.0 → 0.0.1-alpha.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +30 -30
- package/package.json +41 -5
- package/dist/auth/auth.constants.d.ts +0 -19
- package/dist/auth/auth.constants.d.ts.map +0 -1
- package/dist/auth/auth.constants.js +0 -19
- package/dist/auth/auth.constants.js.map +0 -1
- package/dist/auth/auth.guard.d.ts +0 -20
- package/dist/auth/auth.guard.d.ts.map +0 -1
- package/dist/auth/auth.guard.js +0 -84
- package/dist/auth/auth.guard.js.map +0 -1
- package/dist/auth/auth.module.d.ts +0 -26
- package/dist/auth/auth.module.d.ts.map +0 -1
- package/dist/auth/auth.module.js +0 -344
- package/dist/auth/auth.module.js.map +0 -1
- package/dist/auth/auth.options.d.ts +0 -179
- package/dist/auth/auth.options.d.ts.map +0 -1
- package/dist/auth/auth.options.js +0 -2
- package/dist/auth/auth.options.js.map +0 -1
- package/dist/auth/auth.service.d.ts +0 -57
- package/dist/auth/auth.service.d.ts.map +0 -1
- package/dist/auth/auth.service.js +0 -175
- package/dist/auth/auth.service.js.map +0 -1
- package/dist/auth/authorization/index.d.ts +0 -3
- package/dist/auth/authorization/index.d.ts.map +0 -1
- package/dist/auth/authorization/index.js +0 -3
- package/dist/auth/authorization/index.js.map +0 -1
- package/dist/auth/authorization/pbac/index.d.ts +0 -6
- package/dist/auth/authorization/pbac/index.d.ts.map +0 -1
- package/dist/auth/authorization/pbac/index.js +0 -4
- package/dist/auth/authorization/pbac/index.js.map +0 -1
- package/dist/auth/authorization/pbac/pbac.decorator.d.ts +0 -18
- package/dist/auth/authorization/pbac/pbac.decorator.d.ts.map +0 -1
- package/dist/auth/authorization/pbac/pbac.decorator.js +0 -14
- package/dist/auth/authorization/pbac/pbac.decorator.js.map +0 -1
- package/dist/auth/authorization/pbac/pbac.guard.d.ts +0 -19
- package/dist/auth/authorization/pbac/pbac.guard.d.ts.map +0 -1
- package/dist/auth/authorization/pbac/pbac.guard.js +0 -60
- package/dist/auth/authorization/pbac/pbac.guard.js.map +0 -1
- package/dist/auth/authorization/pbac/pbac.service.d.ts +0 -44
- package/dist/auth/authorization/pbac/pbac.service.d.ts.map +0 -1
- package/dist/auth/authorization/pbac/pbac.service.js +0 -146
- package/dist/auth/authorization/pbac/pbac.service.js.map +0 -1
- package/dist/auth/authorization/pbac/pbac.types.d.ts +0 -47
- package/dist/auth/authorization/pbac/pbac.types.d.ts.map +0 -1
- package/dist/auth/authorization/pbac/pbac.types.js +0 -2
- package/dist/auth/authorization/pbac/pbac.types.js.map +0 -1
- package/dist/auth/authorization/rbac/index.d.ts +0 -4
- package/dist/auth/authorization/rbac/index.d.ts.map +0 -1
- package/dist/auth/authorization/rbac/index.js +0 -4
- package/dist/auth/authorization/rbac/index.js.map +0 -1
- package/dist/auth/authorization/rbac/rbac.decorator.d.ts +0 -18
- package/dist/auth/authorization/rbac/rbac.decorator.d.ts.map +0 -1
- package/dist/auth/authorization/rbac/rbac.decorator.js +0 -25
- package/dist/auth/authorization/rbac/rbac.decorator.js.map +0 -1
- package/dist/auth/authorization/rbac/rbac.guard.d.ts +0 -19
- package/dist/auth/authorization/rbac/rbac.guard.d.ts.map +0 -1
- package/dist/auth/authorization/rbac/rbac.guard.js +0 -50
- package/dist/auth/authorization/rbac/rbac.guard.js.map +0 -1
- package/dist/auth/authorization/rbac/rbac.service.d.ts +0 -43
- package/dist/auth/authorization/rbac/rbac.service.d.ts.map +0 -1
- package/dist/auth/authorization/rbac/rbac.service.js +0 -95
- package/dist/auth/authorization/rbac/rbac.service.js.map +0 -1
- package/dist/auth/decorators/current-user.decorator.d.ts +0 -17
- package/dist/auth/decorators/current-user.decorator.d.ts.map +0 -1
- package/dist/auth/decorators/current-user.decorator.js +0 -23
- package/dist/auth/decorators/current-user.decorator.js.map +0 -1
- package/dist/auth/decorators/index.d.ts +0 -3
- package/dist/auth/decorators/index.d.ts.map +0 -1
- package/dist/auth/decorators/index.js +0 -3
- package/dist/auth/decorators/index.js.map +0 -1
- package/dist/auth/decorators/public.decorator.d.ts +0 -13
- package/dist/auth/decorators/public.decorator.d.ts.map +0 -1
- package/dist/auth/decorators/public.decorator.js +0 -15
- package/dist/auth/decorators/public.decorator.js.map +0 -1
- package/dist/auth/index.d.ts +0 -63
- package/dist/auth/index.d.ts.map +0 -1
- package/dist/auth/index.js +0 -65
- package/dist/auth/index.js.map +0 -1
- package/dist/auth/interfaces/auth-request.interface.d.ts +0 -18
- package/dist/auth/interfaces/auth-request.interface.d.ts.map +0 -1
- package/dist/auth/interfaces/auth-request.interface.js +0 -2
- package/dist/auth/interfaces/auth-request.interface.js.map +0 -1
- package/dist/auth/interfaces/auth-result.interface.d.ts +0 -28
- package/dist/auth/interfaces/auth-result.interface.d.ts.map +0 -1
- package/dist/auth/interfaces/auth-result.interface.js +0 -2
- package/dist/auth/interfaces/auth-result.interface.js.map +0 -1
- package/dist/auth/interfaces/auth-strategy.interface.d.ts +0 -37
- package/dist/auth/interfaces/auth-strategy.interface.d.ts.map +0 -1
- package/dist/auth/interfaces/auth-strategy.interface.js +0 -16
- package/dist/auth/interfaces/auth-strategy.interface.js.map +0 -1
- package/dist/auth/interfaces/auth-user.interface.d.ts +0 -25
- package/dist/auth/interfaces/auth-user.interface.d.ts.map +0 -1
- package/dist/auth/interfaces/auth-user.interface.js +0 -2
- package/dist/auth/interfaces/auth-user.interface.js.map +0 -1
- package/dist/auth/interfaces/cache-service.interface.d.ts +0 -30
- package/dist/auth/interfaces/cache-service.interface.d.ts.map +0 -1
- package/dist/auth/interfaces/cache-service.interface.js +0 -2
- package/dist/auth/interfaces/cache-service.interface.js.map +0 -1
- package/dist/auth/interfaces/index.d.ts +0 -8
- package/dist/auth/interfaces/index.d.ts.map +0 -1
- package/dist/auth/interfaces/index.js +0 -2
- package/dist/auth/interfaces/index.js.map +0 -1
- package/dist/auth/interfaces/user-service.interface.d.ts +0 -34
- package/dist/auth/interfaces/user-service.interface.d.ts.map +0 -1
- package/dist/auth/interfaces/user-service.interface.js +0 -2
- package/dist/auth/interfaces/user-service.interface.js.map +0 -1
- package/dist/auth/password/password.service.d.ts +0 -23
- package/dist/auth/password/password.service.d.ts.map +0 -1
- package/dist/auth/password/password.service.js +0 -52
- package/dist/auth/password/password.service.js.map +0 -1
- package/dist/auth/session/device-session.service.d.ts +0 -43
- package/dist/auth/session/device-session.service.d.ts.map +0 -1
- package/dist/auth/session/device-session.service.js +0 -72
- package/dist/auth/session/device-session.service.js.map +0 -1
- package/dist/auth/session/index.d.ts +0 -5
- package/dist/auth/session/index.d.ts.map +0 -1
- package/dist/auth/session/index.js +0 -4
- package/dist/auth/session/index.js.map +0 -1
- package/dist/auth/session/jwt.service.d.ts +0 -37
- package/dist/auth/session/jwt.service.d.ts.map +0 -1
- package/dist/auth/session/jwt.service.js +0 -119
- package/dist/auth/session/jwt.service.js.map +0 -1
- package/dist/auth/session/token-blacklist.service.d.ts +0 -37
- package/dist/auth/session/token-blacklist.service.d.ts.map +0 -1
- package/dist/auth/session/token-blacklist.service.js +0 -70
- package/dist/auth/session/token-blacklist.service.js.map +0 -1
- package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts +0 -19
- package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/anonymous/anonymous.strategy.js +0 -49
- package/dist/auth/strategies/anonymous/anonymous.strategy.js.map +0 -1
- package/dist/auth/strategies/base/base.strategy.d.ts +0 -11
- package/dist/auth/strategies/base/base.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/base/base.strategy.js +0 -6
- package/dist/auth/strategies/base/base.strategy.js.map +0 -1
- package/dist/auth/strategies/credentials/credentials.strategy.d.ts +0 -21
- package/dist/auth/strategies/credentials/credentials.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/credentials/credentials.strategy.js +0 -67
- package/dist/auth/strategies/credentials/credentials.strategy.js.map +0 -1
- package/dist/auth/strategies/index.d.ts +0 -12
- package/dist/auth/strategies/index.d.ts.map +0 -1
- package/dist/auth/strategies/index.js +0 -12
- package/dist/auth/strategies/index.js.map +0 -1
- package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts +0 -31
- package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/magic-link/magic-link.strategy.js +0 -88
- package/dist/auth/strategies/magic-link/magic-link.strategy.js.map +0 -1
- package/dist/auth/strategies/oauth/index.d.ts +0 -3
- package/dist/auth/strategies/oauth/index.d.ts.map +0 -1
- package/dist/auth/strategies/oauth/index.js +0 -3
- package/dist/auth/strategies/oauth/index.js.map +0 -1
- package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts +0 -13
- package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts.map +0 -1
- package/dist/auth/strategies/oauth/oauth-provider-registry.js +0 -20
- package/dist/auth/strategies/oauth/oauth-provider-registry.js.map +0 -1
- package/dist/auth/strategies/oauth/oauth.strategy.d.ts +0 -23
- package/dist/auth/strategies/oauth/oauth.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/oauth/oauth.strategy.js +0 -79
- package/dist/auth/strategies/oauth/oauth.strategy.js.map +0 -1
- package/dist/auth/strategies/onetap/onetap.strategy.d.ts +0 -24
- package/dist/auth/strategies/onetap/onetap.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/onetap/onetap.strategy.js +0 -77
- package/dist/auth/strategies/onetap/onetap.strategy.js.map +0 -1
- package/dist/auth/strategies/otp/otp.strategy.d.ts +0 -31
- package/dist/auth/strategies/otp/otp.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/otp/otp.strategy.js +0 -93
- package/dist/auth/strategies/otp/otp.strategy.js.map +0 -1
- package/dist/auth/strategies/passkey/passkey.strategy.d.ts +0 -32
- package/dist/auth/strategies/passkey/passkey.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/passkey/passkey.strategy.js +0 -102
- package/dist/auth/strategies/passkey/passkey.strategy.js.map +0 -1
- package/dist/auth/strategies/sso/sso.strategy.d.ts +0 -25
- package/dist/auth/strategies/sso/sso.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/sso/sso.strategy.js +0 -80
- package/dist/auth/strategies/sso/sso.strategy.js.map +0 -1
- package/dist/auth/strategies/totp/totp.strategy.d.ts +0 -37
- package/dist/auth/strategies/totp/totp.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/totp/totp.strategy.js +0 -109
- package/dist/auth/strategies/totp/totp.strategy.js.map +0 -1
- package/dist/auth/throttling/index.d.ts +0 -2
- package/dist/auth/throttling/index.d.ts.map +0 -1
- package/dist/auth/throttling/index.js +0 -2
- package/dist/auth/throttling/index.js.map +0 -1
- package/dist/auth/throttling/throttle.service.d.ts +0 -27
- package/dist/auth/throttling/throttle.service.d.ts.map +0 -1
- package/dist/auth/throttling/throttle.service.js +0 -63
- package/dist/auth/throttling/throttle.service.js.map +0 -1
- package/dist/bootstrap/cache/config.d.ts +0 -135
- package/dist/bootstrap/cache/config.d.ts.map +0 -1
- package/dist/bootstrap/cache/config.js +0 -189
- package/dist/bootstrap/cache/config.js.map +0 -1
- package/dist/bootstrap/cache/index.d.ts +0 -11
- package/dist/bootstrap/cache/index.d.ts.map +0 -1
- package/dist/bootstrap/cache/index.js +0 -11
- package/dist/bootstrap/cache/index.js.map +0 -1
- package/dist/bootstrap/index.d.ts +0 -21
- package/dist/bootstrap/index.d.ts.map +0 -1
- package/dist/bootstrap/index.js +0 -21
- package/dist/bootstrap/index.js.map +0 -1
- package/dist/bootstrap/scalar/api-docs.d.ts +0 -39
- package/dist/bootstrap/scalar/api-docs.d.ts.map +0 -1
- package/dist/bootstrap/scalar/api-docs.js +0 -41
- package/dist/bootstrap/scalar/api-docs.js.map +0 -1
- package/dist/bootstrap/scalar/index.d.ts +0 -39
- package/dist/bootstrap/scalar/index.d.ts.map +0 -1
- package/dist/bootstrap/scalar/index.js +0 -41
- package/dist/bootstrap/scalar/index.js.map +0 -1
- package/dist/bootstrap/swagger/api-docs.d.ts +0 -73
- package/dist/bootstrap/swagger/api-docs.d.ts.map +0 -1
- package/dist/bootstrap/swagger/api-docs.js +0 -87
- package/dist/bootstrap/swagger/api-docs.js.map +0 -1
- package/dist/bootstrap/swagger/index.d.ts +0 -37
- package/dist/bootstrap/swagger/index.d.ts.map +0 -1
- package/dist/bootstrap/swagger/index.js +0 -36
- package/dist/bootstrap/swagger/index.js.map +0 -1
- package/dist/bootstrap/typeorm/config/index.d.ts +0 -12
- package/dist/bootstrap/typeorm/config/index.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/config/index.js +0 -62
- package/dist/bootstrap/typeorm/config/index.js.map +0 -1
- package/dist/bootstrap/typeorm/crud/controller.d.ts +0 -13
- package/dist/bootstrap/typeorm/crud/controller.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/crud/controller.js +0 -72
- package/dist/bootstrap/typeorm/crud/controller.js.map +0 -1
- package/dist/bootstrap/typeorm/crud/index.d.ts +0 -4
- package/dist/bootstrap/typeorm/crud/index.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/crud/index.js +0 -3
- package/dist/bootstrap/typeorm/crud/index.js.map +0 -1
- package/dist/bootstrap/typeorm/crud/service.d.ts +0 -10
- package/dist/bootstrap/typeorm/crud/service.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/crud/service.js +0 -21
- package/dist/bootstrap/typeorm/crud/service.js.map +0 -1
- package/dist/bootstrap/typeorm/index.d.ts +0 -18
- package/dist/bootstrap/typeorm/index.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/index.js +0 -18
- package/dist/bootstrap/typeorm/index.js.map +0 -1
- package/dist/bootstrap/typeorm/uow/factory.d.ts +0 -5
- package/dist/bootstrap/typeorm/uow/factory.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/uow/factory.js +0 -27
- package/dist/bootstrap/typeorm/uow/factory.js.map +0 -1
- package/dist/bootstrap/typeorm/uow/index.d.ts +0 -4
- package/dist/bootstrap/typeorm/uow/index.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/uow/index.js +0 -4
- package/dist/bootstrap/typeorm/uow/index.js.map +0 -1
- package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts +0 -62
- package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/uow/transactional.decorator.js +0 -114
- package/dist/bootstrap/typeorm/uow/transactional.decorator.js.map +0 -1
- package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts +0 -11
- package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/uow/unit-of-work.js +0 -23
- package/dist/bootstrap/typeorm/uow/unit-of-work.js.map +0 -1
- package/dist/core/index.d.ts +0 -11
- package/dist/core/index.d.ts.map +0 -1
- package/dist/core/index.js +0 -11
- package/dist/core/index.js.map +0 -1
- package/dist/infra/audit-log/index.d.ts +0 -12
- package/dist/infra/audit-log/index.d.ts.map +0 -1
- package/dist/infra/audit-log/index.js +0 -13
- package/dist/infra/audit-log/index.js.map +0 -1
- package/dist/infra/index.d.ts +0 -20
- package/dist/infra/index.d.ts.map +0 -1
- package/dist/infra/index.js +0 -21
- package/dist/infra/index.js.map +0 -1
- package/dist/infra/logger/index.d.ts +0 -12
- package/dist/infra/logger/index.d.ts.map +0 -1
- package/dist/infra/logger/index.js +0 -13
- package/dist/infra/logger/index.js.map +0 -1
- package/dist/infra/metrics/index.d.ts +0 -18
- package/dist/infra/metrics/index.d.ts.map +0 -1
- package/dist/infra/metrics/index.js +0 -19
- package/dist/infra/metrics/index.js.map +0 -1
- package/dist/infra/notification/index.d.ts +0 -12
- package/dist/infra/notification/index.d.ts.map +0 -1
- package/dist/infra/notification/index.js +0 -13
- package/dist/infra/notification/index.js.map +0 -1
- package/dist/infra/storage/index.d.ts +0 -12
- package/dist/infra/storage/index.d.ts.map +0 -1
- package/dist/infra/storage/index.js +0 -13
- package/dist/infra/storage/index.js.map +0 -1
- package/dist/infra/stripe/index.d.ts +0 -12
- package/dist/infra/stripe/index.d.ts.map +0 -1
- package/dist/infra/stripe/index.js +0 -13
- package/dist/infra/stripe/index.js.map +0 -1
- package/dist/saas/index.d.ts +0 -18
- package/dist/saas/index.d.ts.map +0 -1
- package/dist/saas/index.js +0 -19
- package/dist/saas/index.js.map +0 -1
|
@@ -1,70 +0,0 @@
|
|
|
1
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
-
};
|
|
7
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
-
};
|
|
10
|
-
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
-
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
-
};
|
|
13
|
-
import { Inject, Injectable } from '@nestjs/common';
|
|
14
|
-
import { CACHE_SERVICE, TOKEN_BLACKLIST_PREFIX, REFRESH_TOKEN_FAMILY_PREFIX, } from '../auth.constants';
|
|
15
|
-
/**
|
|
16
|
-
* Redis-backed token blacklist that enables immediate token revocation.
|
|
17
|
-
*
|
|
18
|
-
* Tokens are stored with a TTL matching the token's remaining lifespan
|
|
19
|
-
* so the blacklist does not grow unbounded.
|
|
20
|
-
*/
|
|
21
|
-
let TokenBlacklistService = class TokenBlacklistService {
|
|
22
|
-
cache;
|
|
23
|
-
constructor(cache) {
|
|
24
|
-
this.cache = cache;
|
|
25
|
-
}
|
|
26
|
-
/**
|
|
27
|
-
* Blacklist an access token (by its `jti`) until its natural expiry.
|
|
28
|
-
*
|
|
29
|
-
* @param jti Token ID (unique per token)
|
|
30
|
-
* @param ttlSeconds Seconds until the token would have expired
|
|
31
|
-
*/
|
|
32
|
-
async blacklistAccess(jti, ttlSeconds) {
|
|
33
|
-
await this.cache.set(`${TOKEN_BLACKLIST_PREFIX}${jti}`, true, ttlSeconds);
|
|
34
|
-
}
|
|
35
|
-
/**
|
|
36
|
-
* Check whether an access token has been blacklisted.
|
|
37
|
-
*/
|
|
38
|
-
async isBlacklisted(jti) {
|
|
39
|
-
const result = await this.cache.get(`${TOKEN_BLACKLIST_PREFIX}${jti}`);
|
|
40
|
-
return result === true;
|
|
41
|
-
}
|
|
42
|
-
/**
|
|
43
|
-
* Flag a refresh token family as revoked.
|
|
44
|
-
* When rotation detects a reused old refresh token, the entire
|
|
45
|
-
* family is revoked to prevent token theft.
|
|
46
|
-
*/
|
|
47
|
-
async revokeFamily(familyId, ttlSeconds) {
|
|
48
|
-
await this.cache.set(`${REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`, true, ttlSeconds);
|
|
49
|
-
}
|
|
50
|
-
/**
|
|
51
|
-
* Check whether a refresh token family has been revoked.
|
|
52
|
-
*/
|
|
53
|
-
async isFamilyRevoked(familyId) {
|
|
54
|
-
const result = await this.cache.get(`${REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`);
|
|
55
|
-
return result === true;
|
|
56
|
-
}
|
|
57
|
-
/**
|
|
58
|
-
* Remove a specific token from the blacklist (used during cleanup).
|
|
59
|
-
*/
|
|
60
|
-
async remove(jti) {
|
|
61
|
-
await this.cache.del(`${TOKEN_BLACKLIST_PREFIX}${jti}`);
|
|
62
|
-
}
|
|
63
|
-
};
|
|
64
|
-
TokenBlacklistService = __decorate([
|
|
65
|
-
Injectable(),
|
|
66
|
-
__param(0, Inject(CACHE_SERVICE)),
|
|
67
|
-
__metadata("design:paramtypes", [Object])
|
|
68
|
-
], TokenBlacklistService);
|
|
69
|
-
export { TokenBlacklistService };
|
|
70
|
-
//# sourceMappingURL=token-blacklist.service.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"token-blacklist.service.js","sourceRoot":"","sources":["../../../packages/auth/session/token-blacklist.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,2BAA2B,GAC5B,MAAM,mBAAmB,CAAC;AAE3B;;;;;GAKG;AAEI,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAGb;IAFnB,YAEmB,KAAoB;QAApB,UAAK,GAAL,KAAK,CAAe;IACpC,CAAC;IAEJ;;;;;OAKG;IACH,KAAK,CAAC,eAAe,CAAC,GAAW,EAAE,UAAkB;QACnD,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,sBAAsB,GAAG,GAAG,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,GAAW;QAC7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAU,GAAG,sBAAsB,GAAG,GAAG,EAAE,CAAC,CAAC;QAChF,OAAO,MAAM,KAAK,IAAI,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,UAAkB;QACrD,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,2BAA2B,GAAG,QAAQ,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;IACtF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,QAAgB;QACpC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAU,GAAG,2BAA2B,GAAG,QAAQ,EAAE,CAAC,CAAC;QAC1F,OAAO,MAAM,KAAK,IAAI,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,sBAAsB,GAAG,GAAG,EAAE,CAAC,CAAC;IAC1D,CAAC;CACF,CAAA;AA/CY,qBAAqB;IADjC,UAAU,EAAE;IAGR,WAAA,MAAM,CAAC,aAAa,CAAC,CAAA;;GAFb,qBAAqB,CA+CjC"}
|
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import { AuthMethod, type IAuthResult } from '../../interfaces';
|
|
3
|
-
import { JwtService } from '../../session/jwt.service';
|
|
4
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
5
|
-
/**
|
|
6
|
-
* Anonymous session strategy.
|
|
7
|
-
*
|
|
8
|
-
* Creates a temporary identity without requiring credentials.
|
|
9
|
-
* These sessions can later be converted to permanent accounts.
|
|
10
|
-
*/
|
|
11
|
-
export declare class AnonymousStrategy extends BaseStrategy {
|
|
12
|
-
private readonly jwtService;
|
|
13
|
-
readonly type = AuthMethod.ANONYMOUS;
|
|
14
|
-
readonly name = "anonymous";
|
|
15
|
-
private counter;
|
|
16
|
-
constructor(jwtService: JwtService);
|
|
17
|
-
authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
|
|
18
|
-
}
|
|
19
|
-
//# sourceMappingURL=anonymous.strategy.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"anonymous.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/anonymous/anonymous.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AACH,qBACa,iBAAkB,SAAQ,YAAY;IAMrC,OAAO,CAAC,QAAQ,CAAC,UAAU;IALvC,QAAQ,CAAC,IAAI,wBAAwB;IACrC,QAAQ,CAAC,IAAI,eAAe;IAE5B,OAAO,CAAC,OAAO,CAAK;gBAES,UAAU,EAAE,UAAU;IAIpC,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CAiBxB"}
|
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
-
};
|
|
7
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
-
};
|
|
10
|
-
import { Injectable } from '@nestjs/common';
|
|
11
|
-
import { AuthMethod } from '../../interfaces';
|
|
12
|
-
import { JwtService } from '../../session/jwt.service';
|
|
13
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
14
|
-
/**
|
|
15
|
-
* Anonymous session strategy.
|
|
16
|
-
*
|
|
17
|
-
* Creates a temporary identity without requiring credentials.
|
|
18
|
-
* These sessions can later be converted to permanent accounts.
|
|
19
|
-
*/
|
|
20
|
-
let AnonymousStrategy = class AnonymousStrategy extends BaseStrategy {
|
|
21
|
-
jwtService;
|
|
22
|
-
type = AuthMethod.ANONYMOUS;
|
|
23
|
-
name = 'anonymous';
|
|
24
|
-
counter = 0;
|
|
25
|
-
constructor(jwtService) {
|
|
26
|
-
super();
|
|
27
|
-
this.jwtService = jwtService;
|
|
28
|
-
}
|
|
29
|
-
async authenticate(payload, _context) {
|
|
30
|
-
this.counter += 1;
|
|
31
|
-
const idPrefix = payload.idPrefix || 'anon_';
|
|
32
|
-
const id = `${idPrefix}${Date.now()}_${this.counter}_${Math.random().toString(36).slice(2, 8)}`;
|
|
33
|
-
const user = {
|
|
34
|
-
id,
|
|
35
|
-
username: `Anonymous_${id.slice(-8)}`,
|
|
36
|
-
isAnonymous: true,
|
|
37
|
-
roles: [],
|
|
38
|
-
permissions: [],
|
|
39
|
-
};
|
|
40
|
-
const tokens = await this.jwtService.signTokens(user);
|
|
41
|
-
return { user, tokens, isNewUser: true };
|
|
42
|
-
}
|
|
43
|
-
};
|
|
44
|
-
AnonymousStrategy = __decorate([
|
|
45
|
-
Injectable(),
|
|
46
|
-
__metadata("design:paramtypes", [JwtService])
|
|
47
|
-
], AnonymousStrategy);
|
|
48
|
-
export { AnonymousStrategy };
|
|
49
|
-
//# sourceMappingURL=anonymous.strategy.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"anonymous.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/anonymous/anonymous.strategy.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AAEI,IAAM,iBAAiB,GAAvB,MAAM,iBAAkB,SAAQ,YAAY;IAMpB;IALpB,IAAI,GAAG,UAAU,CAAC,SAAS,CAAC;IAC5B,IAAI,GAAG,WAAW,CAAC;IAEpB,OAAO,GAAG,CAAC,CAAC;IAEpB,YAA6B,UAAsB;QACjD,KAAK,EAAE,CAAC;QADmB,eAAU,GAAV,UAAU,CAAY;IAEnD,CAAC;IAEQ,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,IAAI,CAAC,OAAO,IAAI,CAAC,CAAC;QAClB,MAAM,QAAQ,GAAI,OAAO,CAAC,QAAmB,IAAI,OAAO,CAAC;QACzD,MAAM,EAAE,GAAG,GAAG,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QAEhG,MAAM,IAAI,GAAG;YACX,EAAE;YACF,QAAQ,EAAE,aAAa,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;YACrC,WAAW,EAAE,IAAI;YACjB,KAAK,EAAE,EAAc;YACrB,WAAW,EAAE,EAAc;SAC5B,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAC3C,CAAC;CACF,CAAA;AA9BY,iBAAiB;IAD7B,UAAU,EAAE;qCAO8B,UAAU;GANxC,iBAAiB,CA8B7B"}
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import type { IAuthStrategy, IAuthResult, AuthMethod } from '../../interfaces';
|
|
3
|
-
/**
|
|
4
|
-
* Abstract base strategy providing a common type and name for all strategies.
|
|
5
|
-
*/
|
|
6
|
-
export declare abstract class BaseStrategy implements IAuthStrategy {
|
|
7
|
-
abstract readonly type: AuthMethod;
|
|
8
|
-
abstract readonly name: string;
|
|
9
|
-
abstract authenticate(payload: Record<string, unknown>, context?: ExecutionContext): Promise<IAuthResult>;
|
|
10
|
-
}
|
|
11
|
-
//# sourceMappingURL=base.strategy.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"base.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/base/base.strategy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,KAAK,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE/E;;GAEG;AACH,8BAAsB,YAAa,YAAW,aAAa;IACzD,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IACnC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAE/B,QAAQ,CAAC,YAAY,CACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,WAAW,CAAC;CACxB"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"base.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/base/base.strategy.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,OAAgB,YAAY;CAQjC"}
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import { AuthMethod, type IAuthResult } from '../../interfaces';
|
|
3
|
-
import type { IUserService } from '../../interfaces';
|
|
4
|
-
import { PasswordService } from '../../password/password.service';
|
|
5
|
-
import { JwtService } from '../../session/jwt.service';
|
|
6
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
7
|
-
/**
|
|
8
|
-
* Authenticates users via email/username + password.
|
|
9
|
-
*
|
|
10
|
-
* Enabled by default when `AuthModuleOptions.credentials` is `true`
|
|
11
|
-
* (or an object).
|
|
12
|
-
*/
|
|
13
|
-
export declare class CredentialsStrategy extends BaseStrategy {
|
|
14
|
-
private readonly userService;
|
|
15
|
-
private readonly jwtService;
|
|
16
|
-
readonly type = AuthMethod.CREDENTIALS;
|
|
17
|
-
readonly name = "credentials";
|
|
18
|
-
constructor(userService: IUserService, _passwordService: PasswordService, jwtService: JwtService);
|
|
19
|
-
authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
|
|
20
|
-
}
|
|
21
|
-
//# sourceMappingURL=credentials.strategy.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"credentials.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/credentials/credentials.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AACH,qBACa,mBAAoB,SAAQ,YAAY;IAMjD,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAP7B,QAAQ,CAAC,IAAI,0BAA0B;IACvC,QAAQ,CAAC,IAAI,iBAAiB;gBAIX,WAAW,EAAE,YAAY,EAC1C,gBAAgB,EAAE,eAAe,EAChB,UAAU,EAAE,UAAU;IAK1B,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CA+BxB"}
|
|
@@ -1,67 +0,0 @@
|
|
|
1
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
-
};
|
|
7
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
-
};
|
|
10
|
-
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
-
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
-
};
|
|
13
|
-
import { Inject, Injectable } from '@nestjs/common';
|
|
14
|
-
import { AuthMethod } from '../../interfaces';
|
|
15
|
-
import { USER_SERVICE } from '../../auth.constants';
|
|
16
|
-
import { PasswordService } from '../../password/password.service';
|
|
17
|
-
import { JwtService } from '../../session/jwt.service';
|
|
18
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
19
|
-
/**
|
|
20
|
-
* Authenticates users via email/username + password.
|
|
21
|
-
*
|
|
22
|
-
* Enabled by default when `AuthModuleOptions.credentials` is `true`
|
|
23
|
-
* (or an object).
|
|
24
|
-
*/
|
|
25
|
-
let CredentialsStrategy = class CredentialsStrategy extends BaseStrategy {
|
|
26
|
-
userService;
|
|
27
|
-
jwtService;
|
|
28
|
-
type = AuthMethod.CREDENTIALS;
|
|
29
|
-
name = 'credentials';
|
|
30
|
-
constructor(userService, _passwordService, jwtService) {
|
|
31
|
-
super();
|
|
32
|
-
this.userService = userService;
|
|
33
|
-
this.jwtService = jwtService;
|
|
34
|
-
}
|
|
35
|
-
async authenticate(payload, _context) {
|
|
36
|
-
const email = payload.email;
|
|
37
|
-
const username = payload.username;
|
|
38
|
-
const password = payload.password;
|
|
39
|
-
if (!password) {
|
|
40
|
-
throw new Error('Password is required');
|
|
41
|
-
}
|
|
42
|
-
const user = email
|
|
43
|
-
? await this.userService.findByEmail(email)
|
|
44
|
-
: username
|
|
45
|
-
? await this.userService.findByUsername(username)
|
|
46
|
-
: null;
|
|
47
|
-
if (!user) {
|
|
48
|
-
throw new Error('Invalid credentials');
|
|
49
|
-
}
|
|
50
|
-
const valid = await this.userService.validatePassword(user, password);
|
|
51
|
-
if (!valid) {
|
|
52
|
-
throw new Error('Invalid credentials');
|
|
53
|
-
}
|
|
54
|
-
user.roles = await this.userService.getRoles(user.id);
|
|
55
|
-
user.permissions = await this.userService.getPermissions(user.id);
|
|
56
|
-
const tokens = await this.jwtService.signTokens(user);
|
|
57
|
-
return { user, tokens };
|
|
58
|
-
}
|
|
59
|
-
};
|
|
60
|
-
CredentialsStrategy = __decorate([
|
|
61
|
-
Injectable(),
|
|
62
|
-
__param(0, Inject(USER_SERVICE)),
|
|
63
|
-
__metadata("design:paramtypes", [Object, PasswordService,
|
|
64
|
-
JwtService])
|
|
65
|
-
], CredentialsStrategy);
|
|
66
|
-
export { CredentialsStrategy };
|
|
67
|
-
//# sourceMappingURL=credentials.strategy.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"credentials.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/credentials/credentials.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AAEI,IAAM,mBAAmB,GAAzB,MAAM,mBAAoB,SAAQ,YAAY;IAMhC;IAEA;IAPV,IAAI,GAAG,UAAU,CAAC,WAAW,CAAC;IAC9B,IAAI,GAAG,aAAa,CAAC;IAE9B,YAEmB,WAAyB,EAC1C,gBAAiC,EAChB,UAAsB;QAEvC,KAAK,EAAE,CAAC;QAJS,gBAAW,GAAX,WAAW,CAAc;QAEzB,eAAU,GAAV,UAAU,CAAY;IAGzC,CAAC;IAEQ,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,KAAK,GAAG,OAAO,CAAC,KAA2B,CAAC;QAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAA8B,CAAC;QACxD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAkB,CAAC;QAE5C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,IAAI,GAAG,KAAK;YAChB,CAAC,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC;YAC3C,CAAC,CAAC,QAAQ;gBACR,CAAC,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC;gBACjD,CAAC,CAAC,IAAI,CAAC;QAEX,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACtE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC1B,CAAC;CACF,CAAA;AA/CY,mBAAmB;IAD/B,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;6CAEH,eAAe;QACJ,UAAU;GAR9B,mBAAmB,CA+C/B"}
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
export { BaseStrategy } from './base/base.strategy';
|
|
2
|
-
export { CredentialsStrategy } from './credentials/credentials.strategy';
|
|
3
|
-
export { OAuthProviderRegistry } from './oauth/oauth-provider-registry';
|
|
4
|
-
export { OAuthStrategy } from './oauth/oauth.strategy';
|
|
5
|
-
export { TotpStrategy } from './totp/totp.strategy';
|
|
6
|
-
export { AnonymousStrategy } from './anonymous/anonymous.strategy';
|
|
7
|
-
export { MagicLinkStrategy } from './magic-link/magic-link.strategy';
|
|
8
|
-
export { OtpStrategy } from './otp/otp.strategy';
|
|
9
|
-
export { PasskeyStrategy } from './passkey/passkey.strategy';
|
|
10
|
-
export { OneTapStrategy } from './onetap/onetap.strategy';
|
|
11
|
-
export { SsoStrategy } from './sso/sso.strategy';
|
|
12
|
-
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../packages/auth/strategies/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC"}
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
export { BaseStrategy } from './base/base.strategy';
|
|
2
|
-
export { CredentialsStrategy } from './credentials/credentials.strategy';
|
|
3
|
-
export { OAuthProviderRegistry } from './oauth/oauth-provider-registry';
|
|
4
|
-
export { OAuthStrategy } from './oauth/oauth.strategy';
|
|
5
|
-
export { TotpStrategy } from './totp/totp.strategy';
|
|
6
|
-
export { AnonymousStrategy } from './anonymous/anonymous.strategy';
|
|
7
|
-
export { MagicLinkStrategy } from './magic-link/magic-link.strategy';
|
|
8
|
-
export { OtpStrategy } from './otp/otp.strategy';
|
|
9
|
-
export { PasskeyStrategy } from './passkey/passkey.strategy';
|
|
10
|
-
export { OneTapStrategy } from './onetap/onetap.strategy';
|
|
11
|
-
export { SsoStrategy } from './sso/sso.strategy';
|
|
12
|
-
//# sourceMappingURL=index.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../packages/auth/strategies/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC"}
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import { AuthMethod, type IAuthResult, type ICacheService } from '../../interfaces';
|
|
3
|
-
import type { IUserService } from '../../interfaces';
|
|
4
|
-
import { JwtService } from '../../session/jwt.service';
|
|
5
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
6
|
-
/**
|
|
7
|
-
* Passwordless email login via magic links.
|
|
8
|
-
*
|
|
9
|
-
* Flow:
|
|
10
|
-
* 1. User enters their email → a token is generated and stored in cache
|
|
11
|
-
* 2. Email is sent with a link containing the token
|
|
12
|
-
* 3. User clicks the link → token is validated → user is signed in
|
|
13
|
-
*/
|
|
14
|
-
export declare class MagicLinkStrategy extends BaseStrategy {
|
|
15
|
-
private readonly cache;
|
|
16
|
-
private readonly userService;
|
|
17
|
-
private readonly jwtService;
|
|
18
|
-
readonly type = AuthMethod.MAGIC_LINK;
|
|
19
|
-
readonly name = "magic-link";
|
|
20
|
-
constructor(cache: ICacheService, userService: IUserService, jwtService: JwtService);
|
|
21
|
-
/**
|
|
22
|
-
* Request a magic link for the given email.
|
|
23
|
-
* Returns the raw token (in production, send this via email).
|
|
24
|
-
*/
|
|
25
|
-
requestLink(email: string, expiresIn?: number, tokenBytes?: number): Promise<string>;
|
|
26
|
-
/**
|
|
27
|
-
* Authenticate using a magic-link token.
|
|
28
|
-
*/
|
|
29
|
-
authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
|
|
30
|
-
}
|
|
31
|
-
//# sourceMappingURL=magic-link.strategy.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"magic-link.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/magic-link/magic-link.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,KAAK,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACpF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAGrD;;;;;;;GAOG;AACH,qBACa,iBAAkB,SAAQ,YAAY;IAM/C,OAAO,CAAC,QAAQ,CAAC,KAAK;IAEtB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAR7B,QAAQ,CAAC,IAAI,yBAAyB;IACtC,QAAQ,CAAC,IAAI,gBAAgB;gBAIV,KAAK,EAAE,aAAa,EAEpB,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU;IAKzC;;;OAGG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,SAAM,EAAE,UAAU,SAAK,GAAG,OAAO,CAAC,MAAM,CAAC;IAMnF;;OAEG;IACY,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CAwCxB"}
|
|
@@ -1,88 +0,0 @@
|
|
|
1
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
-
};
|
|
7
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
-
};
|
|
10
|
-
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
-
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
-
};
|
|
13
|
-
import { Inject, Injectable } from '@nestjs/common';
|
|
14
|
-
import { AuthMethod } from '../../interfaces';
|
|
15
|
-
import { CACHE_SERVICE, MAGIC_LINK_PREFIX, USER_SERVICE } from '../../auth.constants';
|
|
16
|
-
import { JwtService } from '../../session/jwt.service';
|
|
17
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
18
|
-
import { randomBytes } from 'node:crypto';
|
|
19
|
-
/**
|
|
20
|
-
* Passwordless email login via magic links.
|
|
21
|
-
*
|
|
22
|
-
* Flow:
|
|
23
|
-
* 1. User enters their email → a token is generated and stored in cache
|
|
24
|
-
* 2. Email is sent with a link containing the token
|
|
25
|
-
* 3. User clicks the link → token is validated → user is signed in
|
|
26
|
-
*/
|
|
27
|
-
let MagicLinkStrategy = class MagicLinkStrategy extends BaseStrategy {
|
|
28
|
-
cache;
|
|
29
|
-
userService;
|
|
30
|
-
jwtService;
|
|
31
|
-
type = AuthMethod.MAGIC_LINK;
|
|
32
|
-
name = 'magic-link';
|
|
33
|
-
constructor(cache, userService, jwtService) {
|
|
34
|
-
super();
|
|
35
|
-
this.cache = cache;
|
|
36
|
-
this.userService = userService;
|
|
37
|
-
this.jwtService = jwtService;
|
|
38
|
-
}
|
|
39
|
-
/**
|
|
40
|
-
* Request a magic link for the given email.
|
|
41
|
-
* Returns the raw token (in production, send this via email).
|
|
42
|
-
*/
|
|
43
|
-
async requestLink(email, expiresIn = 900, tokenBytes = 32) {
|
|
44
|
-
const token = randomBytes(tokenBytes).toString('hex');
|
|
45
|
-
await this.cache.set(`${MAGIC_LINK_PREFIX}${token}`, { email, used: false }, expiresIn);
|
|
46
|
-
return token;
|
|
47
|
-
}
|
|
48
|
-
/**
|
|
49
|
-
* Authenticate using a magic-link token.
|
|
50
|
-
*/
|
|
51
|
-
async authenticate(payload, _context) {
|
|
52
|
-
const token = payload.token;
|
|
53
|
-
if (!token) {
|
|
54
|
-
throw new Error('Magic link token is required');
|
|
55
|
-
}
|
|
56
|
-
const data = await this.cache.get(`${MAGIC_LINK_PREFIX}${token}`);
|
|
57
|
-
if (!data) {
|
|
58
|
-
throw new Error('Invalid or expired magic link');
|
|
59
|
-
}
|
|
60
|
-
if (data.used) {
|
|
61
|
-
throw new Error('Magic link has already been used');
|
|
62
|
-
}
|
|
63
|
-
// Mark as used immediately (prevent replay)
|
|
64
|
-
await this.cache.set(`${MAGIC_LINK_PREFIX}${token}`, { ...data, used: true }, 60);
|
|
65
|
-
const existingUser = await this.userService.findByEmail(data.email);
|
|
66
|
-
let finalUser;
|
|
67
|
-
let isNewUser = false;
|
|
68
|
-
if (!existingUser) {
|
|
69
|
-
finalUser = await this.userService.create({ email: data.email });
|
|
70
|
-
isNewUser = true;
|
|
71
|
-
}
|
|
72
|
-
else {
|
|
73
|
-
finalUser = existingUser;
|
|
74
|
-
}
|
|
75
|
-
finalUser.roles = await this.userService.getRoles(finalUser.id);
|
|
76
|
-
finalUser.permissions = await this.userService.getPermissions(finalUser.id);
|
|
77
|
-
const tokens = await this.jwtService.signTokens(finalUser);
|
|
78
|
-
return { user: finalUser, tokens, isNewUser };
|
|
79
|
-
}
|
|
80
|
-
};
|
|
81
|
-
MagicLinkStrategy = __decorate([
|
|
82
|
-
Injectable(),
|
|
83
|
-
__param(0, Inject(CACHE_SERVICE)),
|
|
84
|
-
__param(1, Inject(USER_SERVICE)),
|
|
85
|
-
__metadata("design:paramtypes", [Object, Object, JwtService])
|
|
86
|
-
], MagicLinkStrategy);
|
|
87
|
-
export { MagicLinkStrategy };
|
|
88
|
-
//# sourceMappingURL=magic-link.strategy.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"magic-link.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/magic-link/magic-link.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAwC,MAAM,kBAAkB,CAAC;AAEpF,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACtF,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C;;;;;;;GAOG;AAEI,IAAM,iBAAiB,GAAvB,MAAM,iBAAkB,SAAQ,YAAY;IAM9B;IAEA;IACA;IARV,IAAI,GAAG,UAAU,CAAC,UAAU,CAAC;IAC7B,IAAI,GAAG,YAAY,CAAC;IAE7B,YAEmB,KAAoB,EAEpB,WAAyB,EACzB,UAAsB;QAEvC,KAAK,EAAE,CAAC;QALS,UAAK,GAAL,KAAK,CAAe;QAEpB,gBAAW,GAAX,WAAW,CAAc;QACzB,eAAU,GAAV,UAAU,CAAY;IAGzC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,KAAa,EAAE,SAAS,GAAG,GAAG,EAAE,UAAU,GAAG,EAAE;QAC/D,MAAM,KAAK,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACtD,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,iBAAiB,GAAG,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;QACxF,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAe,CAAC;QAEtC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAC/B,GAAG,iBAAiB,GAAG,KAAK,EAAE,CAC/B,CAAC;QAEF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,4CAA4C;QAC5C,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,iBAAiB,GAAG,KAAK,EAAE,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAElF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpE,IAAI,SAA+C,CAAC;QACpD,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YACjE,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,YAAY,CAAC;QAC3B,CAAC;QAED,SAAS,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAChE,SAAS,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAE5E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAE3D,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAChD,CAAC;CACF,CAAA;AAtEY,iBAAiB;IAD7B,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,aAAa,CAAC,CAAA;IAErB,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;qDAEQ,UAAU;GAT9B,iBAAiB,CAsE7B"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC"}
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
import type { OAuthProviderConfig } from '../../auth.options';
|
|
2
|
-
/**
|
|
3
|
-
* Registry of OAuth provider configurations.
|
|
4
|
-
* Populated at runtime from AuthModuleOptions.oauth.
|
|
5
|
-
*/
|
|
6
|
-
export declare class OAuthProviderRegistry {
|
|
7
|
-
private providers;
|
|
8
|
-
register(provider: string, config: OAuthProviderConfig): void;
|
|
9
|
-
get(provider: string): OAuthProviderConfig | undefined;
|
|
10
|
-
has(provider: string): boolean;
|
|
11
|
-
all(): Map<string, OAuthProviderConfig>;
|
|
12
|
-
}
|
|
13
|
-
//# sourceMappingURL=oauth-provider-registry.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-provider-registry.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/oauth/oauth-provider-registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE9D;;;GAGG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,SAAS,CAA0C;IAE3D,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,GAAG,IAAI;IAI7D,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,mBAAmB,GAAG,SAAS;IAItD,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAI9B,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,mBAAmB,CAAC;CAGxC"}
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Registry of OAuth provider configurations.
|
|
3
|
-
* Populated at runtime from AuthModuleOptions.oauth.
|
|
4
|
-
*/
|
|
5
|
-
export class OAuthProviderRegistry {
|
|
6
|
-
providers = new Map();
|
|
7
|
-
register(provider, config) {
|
|
8
|
-
this.providers.set(provider.toLowerCase(), config);
|
|
9
|
-
}
|
|
10
|
-
get(provider) {
|
|
11
|
-
return this.providers.get(provider.toLowerCase());
|
|
12
|
-
}
|
|
13
|
-
has(provider) {
|
|
14
|
-
return this.providers.has(provider.toLowerCase());
|
|
15
|
-
}
|
|
16
|
-
all() {
|
|
17
|
-
return new Map(this.providers);
|
|
18
|
-
}
|
|
19
|
-
}
|
|
20
|
-
//# sourceMappingURL=oauth-provider-registry.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-provider-registry.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/oauth/oauth-provider-registry.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,OAAO,qBAAqB;IACxB,SAAS,GAAG,IAAI,GAAG,EAA+B,CAAC;IAE3D,QAAQ,CAAC,QAAgB,EAAE,MAA2B;QACpD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,CAAC,CAAC;IACrD,CAAC;IAED,GAAG,CAAC,QAAgB;QAClB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,GAAG,CAAC,QAAgB;QAClB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,GAAG;QACD,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import { AuthMethod, type IAuthResult } from '../../interfaces';
|
|
3
|
-
import type { IUserService } from '../../interfaces';
|
|
4
|
-
import { JwtService } from '../../session/jwt.service';
|
|
5
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
6
|
-
import { OAuthProviderRegistry } from './oauth-provider-registry';
|
|
7
|
-
/**
|
|
8
|
-
* OAuth 2.0 authentication strategy supporting Google, GitHub, Facebook,
|
|
9
|
-
* Apple, Microsoft, Discord, and custom providers.
|
|
10
|
-
*
|
|
11
|
-
* The consumer must provide a handler to exchange the authorization code
|
|
12
|
-
* for user info (or pass an access token directly).
|
|
13
|
-
*/
|
|
14
|
-
export declare class OAuthStrategy extends BaseStrategy {
|
|
15
|
-
private readonly userService;
|
|
16
|
-
private readonly jwtService;
|
|
17
|
-
readonly registry: OAuthProviderRegistry;
|
|
18
|
-
readonly type = AuthMethod.OAUTH;
|
|
19
|
-
readonly name = "oauth";
|
|
20
|
-
constructor(userService: IUserService, jwtService: JwtService, registry: OAuthProviderRegistry);
|
|
21
|
-
authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
|
|
22
|
-
}
|
|
23
|
-
//# sourceMappingURL=oauth.strategy.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/oauth/oauth.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAElE;;;;;;GAMG;AACH,qBACa,aAAc,SAAQ,YAAY;IAM3C,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;aACX,QAAQ,EAAE,qBAAqB;IAPjD,QAAQ,CAAC,IAAI,oBAAoB;IACjC,QAAQ,CAAC,IAAI,WAAW;gBAIL,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU,EACvB,QAAQ,EAAE,qBAAqB;IAKlC,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CA0CxB"}
|
|
@@ -1,79 +0,0 @@
|
|
|
1
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
-
};
|
|
7
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
-
};
|
|
10
|
-
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
-
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
-
};
|
|
13
|
-
import { Inject, Injectable } from '@nestjs/common';
|
|
14
|
-
import { AuthMethod } from '../../interfaces';
|
|
15
|
-
import { USER_SERVICE } from '../../auth.constants';
|
|
16
|
-
import { JwtService } from '../../session/jwt.service';
|
|
17
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
18
|
-
import { OAuthProviderRegistry } from './oauth-provider-registry';
|
|
19
|
-
/**
|
|
20
|
-
* OAuth 2.0 authentication strategy supporting Google, GitHub, Facebook,
|
|
21
|
-
* Apple, Microsoft, Discord, and custom providers.
|
|
22
|
-
*
|
|
23
|
-
* The consumer must provide a handler to exchange the authorization code
|
|
24
|
-
* for user info (or pass an access token directly).
|
|
25
|
-
*/
|
|
26
|
-
let OAuthStrategy = class OAuthStrategy extends BaseStrategy {
|
|
27
|
-
userService;
|
|
28
|
-
jwtService;
|
|
29
|
-
registry;
|
|
30
|
-
type = AuthMethod.OAUTH;
|
|
31
|
-
name = 'oauth';
|
|
32
|
-
constructor(userService, jwtService, registry) {
|
|
33
|
-
super();
|
|
34
|
-
this.userService = userService;
|
|
35
|
-
this.jwtService = jwtService;
|
|
36
|
-
this.registry = registry;
|
|
37
|
-
}
|
|
38
|
-
async authenticate(payload, _context) {
|
|
39
|
-
const provider = payload.provider;
|
|
40
|
-
const code = payload.code;
|
|
41
|
-
const accessToken = payload.accessToken;
|
|
42
|
-
if (!provider) {
|
|
43
|
-
throw new Error('OAuth provider is required');
|
|
44
|
-
}
|
|
45
|
-
if (!code && !accessToken) {
|
|
46
|
-
throw new Error('Either authorization code or access token is required');
|
|
47
|
-
}
|
|
48
|
-
if (!this.registry.has(provider)) {
|
|
49
|
-
throw new Error(`Unsupported OAuth provider: ${provider}`);
|
|
50
|
-
}
|
|
51
|
-
// In production, exchange the code for an access token and fetch user info
|
|
52
|
-
// from the provider's userinfo endpoint. The exact implementation depends
|
|
53
|
-
// on the provider. Here we delegate to the consumer via a custom handler.
|
|
54
|
-
//
|
|
55
|
-
// The consumer should override this by providing their own OAuth handler.
|
|
56
|
-
const socialId = `${provider}:${(payload.sub || payload.id)}`;
|
|
57
|
-
const email = payload.email;
|
|
58
|
-
const name = payload.name;
|
|
59
|
-
let user = await this.userService.findBySocialId(provider, socialId);
|
|
60
|
-
if (!user) {
|
|
61
|
-
user = await this.userService.create({
|
|
62
|
-
email,
|
|
63
|
-
username: name,
|
|
64
|
-
});
|
|
65
|
-
}
|
|
66
|
-
user.roles = await this.userService.getRoles(user.id);
|
|
67
|
-
user.permissions = await this.userService.getPermissions(user.id);
|
|
68
|
-
const tokens = await this.jwtService.signTokens(user);
|
|
69
|
-
return { user, tokens, isNewUser: !user.email };
|
|
70
|
-
}
|
|
71
|
-
};
|
|
72
|
-
OAuthStrategy = __decorate([
|
|
73
|
-
Injectable(),
|
|
74
|
-
__param(0, Inject(USER_SERVICE)),
|
|
75
|
-
__metadata("design:paramtypes", [Object, JwtService,
|
|
76
|
-
OAuthProviderRegistry])
|
|
77
|
-
], OAuthStrategy);
|
|
78
|
-
export { OAuthStrategy };
|
|
79
|
-
//# sourceMappingURL=oauth.strategy.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/oauth/oauth.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAElE;;;;;;GAMG;AAEI,IAAM,aAAa,GAAnB,MAAM,aAAc,SAAQ,YAAY;IAM1B;IACA;IACD;IAPT,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC;IACxB,IAAI,GAAG,OAAO,CAAC;IAExB,YAEmB,WAAyB,EACzB,UAAsB,EACvB,QAA+B;QAE/C,KAAK,EAAE,CAAC;QAJS,gBAAW,GAAX,WAAW,CAAc;QACzB,eAAU,GAAV,UAAU,CAAY;QACvB,aAAQ,GAAR,QAAQ,CAAuB;IAGjD,CAAC;IAEQ,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAkB,CAAC;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,IAA0B,CAAC;QAChD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAiC,CAAC;QAE9D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,2EAA2E;QAC3E,0EAA0E;QAC1E,0EAA0E;QAC1E,EAAE;QACF,0EAA0E;QAC1E,MAAM,QAAQ,GAAG,GAAG,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE,CAAW,EAAE,CAAC;QACxE,MAAM,KAAK,GAAG,OAAO,CAAC,KAA2B,CAAC;QAClD,MAAM,IAAI,GAAG,OAAO,CAAC,IAA0B,CAAC;QAEhD,IAAI,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAErE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;gBACnC,KAAK;gBACL,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IAClD,CAAC;CACF,CAAA;AA1DY,aAAa;IADzB,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;6CAEQ,UAAU;QACb,qBAAqB;GARtC,aAAa,CA0DzB"}
|