@os.io/nest-kit 0.0.1-alpha.0 → 0.0.1-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (286) hide show
  1. package/README.md +30 -30
  2. package/package.json +41 -5
  3. package/dist/auth/auth.constants.d.ts +0 -19
  4. package/dist/auth/auth.constants.d.ts.map +0 -1
  5. package/dist/auth/auth.constants.js +0 -19
  6. package/dist/auth/auth.constants.js.map +0 -1
  7. package/dist/auth/auth.guard.d.ts +0 -20
  8. package/dist/auth/auth.guard.d.ts.map +0 -1
  9. package/dist/auth/auth.guard.js +0 -84
  10. package/dist/auth/auth.guard.js.map +0 -1
  11. package/dist/auth/auth.module.d.ts +0 -26
  12. package/dist/auth/auth.module.d.ts.map +0 -1
  13. package/dist/auth/auth.module.js +0 -344
  14. package/dist/auth/auth.module.js.map +0 -1
  15. package/dist/auth/auth.options.d.ts +0 -179
  16. package/dist/auth/auth.options.d.ts.map +0 -1
  17. package/dist/auth/auth.options.js +0 -2
  18. package/dist/auth/auth.options.js.map +0 -1
  19. package/dist/auth/auth.service.d.ts +0 -57
  20. package/dist/auth/auth.service.d.ts.map +0 -1
  21. package/dist/auth/auth.service.js +0 -175
  22. package/dist/auth/auth.service.js.map +0 -1
  23. package/dist/auth/authorization/index.d.ts +0 -3
  24. package/dist/auth/authorization/index.d.ts.map +0 -1
  25. package/dist/auth/authorization/index.js +0 -3
  26. package/dist/auth/authorization/index.js.map +0 -1
  27. package/dist/auth/authorization/pbac/index.d.ts +0 -6
  28. package/dist/auth/authorization/pbac/index.d.ts.map +0 -1
  29. package/dist/auth/authorization/pbac/index.js +0 -4
  30. package/dist/auth/authorization/pbac/index.js.map +0 -1
  31. package/dist/auth/authorization/pbac/pbac.decorator.d.ts +0 -18
  32. package/dist/auth/authorization/pbac/pbac.decorator.d.ts.map +0 -1
  33. package/dist/auth/authorization/pbac/pbac.decorator.js +0 -14
  34. package/dist/auth/authorization/pbac/pbac.decorator.js.map +0 -1
  35. package/dist/auth/authorization/pbac/pbac.guard.d.ts +0 -19
  36. package/dist/auth/authorization/pbac/pbac.guard.d.ts.map +0 -1
  37. package/dist/auth/authorization/pbac/pbac.guard.js +0 -60
  38. package/dist/auth/authorization/pbac/pbac.guard.js.map +0 -1
  39. package/dist/auth/authorization/pbac/pbac.service.d.ts +0 -44
  40. package/dist/auth/authorization/pbac/pbac.service.d.ts.map +0 -1
  41. package/dist/auth/authorization/pbac/pbac.service.js +0 -146
  42. package/dist/auth/authorization/pbac/pbac.service.js.map +0 -1
  43. package/dist/auth/authorization/pbac/pbac.types.d.ts +0 -47
  44. package/dist/auth/authorization/pbac/pbac.types.d.ts.map +0 -1
  45. package/dist/auth/authorization/pbac/pbac.types.js +0 -2
  46. package/dist/auth/authorization/pbac/pbac.types.js.map +0 -1
  47. package/dist/auth/authorization/rbac/index.d.ts +0 -4
  48. package/dist/auth/authorization/rbac/index.d.ts.map +0 -1
  49. package/dist/auth/authorization/rbac/index.js +0 -4
  50. package/dist/auth/authorization/rbac/index.js.map +0 -1
  51. package/dist/auth/authorization/rbac/rbac.decorator.d.ts +0 -18
  52. package/dist/auth/authorization/rbac/rbac.decorator.d.ts.map +0 -1
  53. package/dist/auth/authorization/rbac/rbac.decorator.js +0 -25
  54. package/dist/auth/authorization/rbac/rbac.decorator.js.map +0 -1
  55. package/dist/auth/authorization/rbac/rbac.guard.d.ts +0 -19
  56. package/dist/auth/authorization/rbac/rbac.guard.d.ts.map +0 -1
  57. package/dist/auth/authorization/rbac/rbac.guard.js +0 -50
  58. package/dist/auth/authorization/rbac/rbac.guard.js.map +0 -1
  59. package/dist/auth/authorization/rbac/rbac.service.d.ts +0 -43
  60. package/dist/auth/authorization/rbac/rbac.service.d.ts.map +0 -1
  61. package/dist/auth/authorization/rbac/rbac.service.js +0 -95
  62. package/dist/auth/authorization/rbac/rbac.service.js.map +0 -1
  63. package/dist/auth/decorators/current-user.decorator.d.ts +0 -17
  64. package/dist/auth/decorators/current-user.decorator.d.ts.map +0 -1
  65. package/dist/auth/decorators/current-user.decorator.js +0 -23
  66. package/dist/auth/decorators/current-user.decorator.js.map +0 -1
  67. package/dist/auth/decorators/index.d.ts +0 -3
  68. package/dist/auth/decorators/index.d.ts.map +0 -1
  69. package/dist/auth/decorators/index.js +0 -3
  70. package/dist/auth/decorators/index.js.map +0 -1
  71. package/dist/auth/decorators/public.decorator.d.ts +0 -13
  72. package/dist/auth/decorators/public.decorator.d.ts.map +0 -1
  73. package/dist/auth/decorators/public.decorator.js +0 -15
  74. package/dist/auth/decorators/public.decorator.js.map +0 -1
  75. package/dist/auth/index.d.ts +0 -63
  76. package/dist/auth/index.d.ts.map +0 -1
  77. package/dist/auth/index.js +0 -65
  78. package/dist/auth/index.js.map +0 -1
  79. package/dist/auth/interfaces/auth-request.interface.d.ts +0 -18
  80. package/dist/auth/interfaces/auth-request.interface.d.ts.map +0 -1
  81. package/dist/auth/interfaces/auth-request.interface.js +0 -2
  82. package/dist/auth/interfaces/auth-request.interface.js.map +0 -1
  83. package/dist/auth/interfaces/auth-result.interface.d.ts +0 -28
  84. package/dist/auth/interfaces/auth-result.interface.d.ts.map +0 -1
  85. package/dist/auth/interfaces/auth-result.interface.js +0 -2
  86. package/dist/auth/interfaces/auth-result.interface.js.map +0 -1
  87. package/dist/auth/interfaces/auth-strategy.interface.d.ts +0 -37
  88. package/dist/auth/interfaces/auth-strategy.interface.d.ts.map +0 -1
  89. package/dist/auth/interfaces/auth-strategy.interface.js +0 -16
  90. package/dist/auth/interfaces/auth-strategy.interface.js.map +0 -1
  91. package/dist/auth/interfaces/auth-user.interface.d.ts +0 -25
  92. package/dist/auth/interfaces/auth-user.interface.d.ts.map +0 -1
  93. package/dist/auth/interfaces/auth-user.interface.js +0 -2
  94. package/dist/auth/interfaces/auth-user.interface.js.map +0 -1
  95. package/dist/auth/interfaces/cache-service.interface.d.ts +0 -30
  96. package/dist/auth/interfaces/cache-service.interface.d.ts.map +0 -1
  97. package/dist/auth/interfaces/cache-service.interface.js +0 -2
  98. package/dist/auth/interfaces/cache-service.interface.js.map +0 -1
  99. package/dist/auth/interfaces/index.d.ts +0 -8
  100. package/dist/auth/interfaces/index.d.ts.map +0 -1
  101. package/dist/auth/interfaces/index.js +0 -2
  102. package/dist/auth/interfaces/index.js.map +0 -1
  103. package/dist/auth/interfaces/user-service.interface.d.ts +0 -34
  104. package/dist/auth/interfaces/user-service.interface.d.ts.map +0 -1
  105. package/dist/auth/interfaces/user-service.interface.js +0 -2
  106. package/dist/auth/interfaces/user-service.interface.js.map +0 -1
  107. package/dist/auth/password/password.service.d.ts +0 -23
  108. package/dist/auth/password/password.service.d.ts.map +0 -1
  109. package/dist/auth/password/password.service.js +0 -52
  110. package/dist/auth/password/password.service.js.map +0 -1
  111. package/dist/auth/session/device-session.service.d.ts +0 -43
  112. package/dist/auth/session/device-session.service.d.ts.map +0 -1
  113. package/dist/auth/session/device-session.service.js +0 -72
  114. package/dist/auth/session/device-session.service.js.map +0 -1
  115. package/dist/auth/session/index.d.ts +0 -5
  116. package/dist/auth/session/index.d.ts.map +0 -1
  117. package/dist/auth/session/index.js +0 -4
  118. package/dist/auth/session/index.js.map +0 -1
  119. package/dist/auth/session/jwt.service.d.ts +0 -37
  120. package/dist/auth/session/jwt.service.d.ts.map +0 -1
  121. package/dist/auth/session/jwt.service.js +0 -119
  122. package/dist/auth/session/jwt.service.js.map +0 -1
  123. package/dist/auth/session/token-blacklist.service.d.ts +0 -37
  124. package/dist/auth/session/token-blacklist.service.d.ts.map +0 -1
  125. package/dist/auth/session/token-blacklist.service.js +0 -70
  126. package/dist/auth/session/token-blacklist.service.js.map +0 -1
  127. package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts +0 -19
  128. package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts.map +0 -1
  129. package/dist/auth/strategies/anonymous/anonymous.strategy.js +0 -49
  130. package/dist/auth/strategies/anonymous/anonymous.strategy.js.map +0 -1
  131. package/dist/auth/strategies/base/base.strategy.d.ts +0 -11
  132. package/dist/auth/strategies/base/base.strategy.d.ts.map +0 -1
  133. package/dist/auth/strategies/base/base.strategy.js +0 -6
  134. package/dist/auth/strategies/base/base.strategy.js.map +0 -1
  135. package/dist/auth/strategies/credentials/credentials.strategy.d.ts +0 -21
  136. package/dist/auth/strategies/credentials/credentials.strategy.d.ts.map +0 -1
  137. package/dist/auth/strategies/credentials/credentials.strategy.js +0 -67
  138. package/dist/auth/strategies/credentials/credentials.strategy.js.map +0 -1
  139. package/dist/auth/strategies/index.d.ts +0 -12
  140. package/dist/auth/strategies/index.d.ts.map +0 -1
  141. package/dist/auth/strategies/index.js +0 -12
  142. package/dist/auth/strategies/index.js.map +0 -1
  143. package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts +0 -31
  144. package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts.map +0 -1
  145. package/dist/auth/strategies/magic-link/magic-link.strategy.js +0 -88
  146. package/dist/auth/strategies/magic-link/magic-link.strategy.js.map +0 -1
  147. package/dist/auth/strategies/oauth/index.d.ts +0 -3
  148. package/dist/auth/strategies/oauth/index.d.ts.map +0 -1
  149. package/dist/auth/strategies/oauth/index.js +0 -3
  150. package/dist/auth/strategies/oauth/index.js.map +0 -1
  151. package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts +0 -13
  152. package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts.map +0 -1
  153. package/dist/auth/strategies/oauth/oauth-provider-registry.js +0 -20
  154. package/dist/auth/strategies/oauth/oauth-provider-registry.js.map +0 -1
  155. package/dist/auth/strategies/oauth/oauth.strategy.d.ts +0 -23
  156. package/dist/auth/strategies/oauth/oauth.strategy.d.ts.map +0 -1
  157. package/dist/auth/strategies/oauth/oauth.strategy.js +0 -79
  158. package/dist/auth/strategies/oauth/oauth.strategy.js.map +0 -1
  159. package/dist/auth/strategies/onetap/onetap.strategy.d.ts +0 -24
  160. package/dist/auth/strategies/onetap/onetap.strategy.d.ts.map +0 -1
  161. package/dist/auth/strategies/onetap/onetap.strategy.js +0 -77
  162. package/dist/auth/strategies/onetap/onetap.strategy.js.map +0 -1
  163. package/dist/auth/strategies/otp/otp.strategy.d.ts +0 -31
  164. package/dist/auth/strategies/otp/otp.strategy.d.ts.map +0 -1
  165. package/dist/auth/strategies/otp/otp.strategy.js +0 -93
  166. package/dist/auth/strategies/otp/otp.strategy.js.map +0 -1
  167. package/dist/auth/strategies/passkey/passkey.strategy.d.ts +0 -32
  168. package/dist/auth/strategies/passkey/passkey.strategy.d.ts.map +0 -1
  169. package/dist/auth/strategies/passkey/passkey.strategy.js +0 -102
  170. package/dist/auth/strategies/passkey/passkey.strategy.js.map +0 -1
  171. package/dist/auth/strategies/sso/sso.strategy.d.ts +0 -25
  172. package/dist/auth/strategies/sso/sso.strategy.d.ts.map +0 -1
  173. package/dist/auth/strategies/sso/sso.strategy.js +0 -80
  174. package/dist/auth/strategies/sso/sso.strategy.js.map +0 -1
  175. package/dist/auth/strategies/totp/totp.strategy.d.ts +0 -37
  176. package/dist/auth/strategies/totp/totp.strategy.d.ts.map +0 -1
  177. package/dist/auth/strategies/totp/totp.strategy.js +0 -109
  178. package/dist/auth/strategies/totp/totp.strategy.js.map +0 -1
  179. package/dist/auth/throttling/index.d.ts +0 -2
  180. package/dist/auth/throttling/index.d.ts.map +0 -1
  181. package/dist/auth/throttling/index.js +0 -2
  182. package/dist/auth/throttling/index.js.map +0 -1
  183. package/dist/auth/throttling/throttle.service.d.ts +0 -27
  184. package/dist/auth/throttling/throttle.service.d.ts.map +0 -1
  185. package/dist/auth/throttling/throttle.service.js +0 -63
  186. package/dist/auth/throttling/throttle.service.js.map +0 -1
  187. package/dist/bootstrap/cache/config.d.ts +0 -135
  188. package/dist/bootstrap/cache/config.d.ts.map +0 -1
  189. package/dist/bootstrap/cache/config.js +0 -189
  190. package/dist/bootstrap/cache/config.js.map +0 -1
  191. package/dist/bootstrap/cache/index.d.ts +0 -11
  192. package/dist/bootstrap/cache/index.d.ts.map +0 -1
  193. package/dist/bootstrap/cache/index.js +0 -11
  194. package/dist/bootstrap/cache/index.js.map +0 -1
  195. package/dist/bootstrap/index.d.ts +0 -21
  196. package/dist/bootstrap/index.d.ts.map +0 -1
  197. package/dist/bootstrap/index.js +0 -21
  198. package/dist/bootstrap/index.js.map +0 -1
  199. package/dist/bootstrap/scalar/api-docs.d.ts +0 -39
  200. package/dist/bootstrap/scalar/api-docs.d.ts.map +0 -1
  201. package/dist/bootstrap/scalar/api-docs.js +0 -41
  202. package/dist/bootstrap/scalar/api-docs.js.map +0 -1
  203. package/dist/bootstrap/scalar/index.d.ts +0 -39
  204. package/dist/bootstrap/scalar/index.d.ts.map +0 -1
  205. package/dist/bootstrap/scalar/index.js +0 -41
  206. package/dist/bootstrap/scalar/index.js.map +0 -1
  207. package/dist/bootstrap/swagger/api-docs.d.ts +0 -73
  208. package/dist/bootstrap/swagger/api-docs.d.ts.map +0 -1
  209. package/dist/bootstrap/swagger/api-docs.js +0 -87
  210. package/dist/bootstrap/swagger/api-docs.js.map +0 -1
  211. package/dist/bootstrap/swagger/index.d.ts +0 -37
  212. package/dist/bootstrap/swagger/index.d.ts.map +0 -1
  213. package/dist/bootstrap/swagger/index.js +0 -36
  214. package/dist/bootstrap/swagger/index.js.map +0 -1
  215. package/dist/bootstrap/typeorm/config/index.d.ts +0 -12
  216. package/dist/bootstrap/typeorm/config/index.d.ts.map +0 -1
  217. package/dist/bootstrap/typeorm/config/index.js +0 -62
  218. package/dist/bootstrap/typeorm/config/index.js.map +0 -1
  219. package/dist/bootstrap/typeorm/crud/controller.d.ts +0 -13
  220. package/dist/bootstrap/typeorm/crud/controller.d.ts.map +0 -1
  221. package/dist/bootstrap/typeorm/crud/controller.js +0 -72
  222. package/dist/bootstrap/typeorm/crud/controller.js.map +0 -1
  223. package/dist/bootstrap/typeorm/crud/index.d.ts +0 -4
  224. package/dist/bootstrap/typeorm/crud/index.d.ts.map +0 -1
  225. package/dist/bootstrap/typeorm/crud/index.js +0 -3
  226. package/dist/bootstrap/typeorm/crud/index.js.map +0 -1
  227. package/dist/bootstrap/typeorm/crud/service.d.ts +0 -10
  228. package/dist/bootstrap/typeorm/crud/service.d.ts.map +0 -1
  229. package/dist/bootstrap/typeorm/crud/service.js +0 -21
  230. package/dist/bootstrap/typeorm/crud/service.js.map +0 -1
  231. package/dist/bootstrap/typeorm/index.d.ts +0 -18
  232. package/dist/bootstrap/typeorm/index.d.ts.map +0 -1
  233. package/dist/bootstrap/typeorm/index.js +0 -18
  234. package/dist/bootstrap/typeorm/index.js.map +0 -1
  235. package/dist/bootstrap/typeorm/uow/factory.d.ts +0 -5
  236. package/dist/bootstrap/typeorm/uow/factory.d.ts.map +0 -1
  237. package/dist/bootstrap/typeorm/uow/factory.js +0 -27
  238. package/dist/bootstrap/typeorm/uow/factory.js.map +0 -1
  239. package/dist/bootstrap/typeorm/uow/index.d.ts +0 -4
  240. package/dist/bootstrap/typeorm/uow/index.d.ts.map +0 -1
  241. package/dist/bootstrap/typeorm/uow/index.js +0 -4
  242. package/dist/bootstrap/typeorm/uow/index.js.map +0 -1
  243. package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts +0 -62
  244. package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts.map +0 -1
  245. package/dist/bootstrap/typeorm/uow/transactional.decorator.js +0 -114
  246. package/dist/bootstrap/typeorm/uow/transactional.decorator.js.map +0 -1
  247. package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts +0 -11
  248. package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts.map +0 -1
  249. package/dist/bootstrap/typeorm/uow/unit-of-work.js +0 -23
  250. package/dist/bootstrap/typeorm/uow/unit-of-work.js.map +0 -1
  251. package/dist/core/index.d.ts +0 -11
  252. package/dist/core/index.d.ts.map +0 -1
  253. package/dist/core/index.js +0 -11
  254. package/dist/core/index.js.map +0 -1
  255. package/dist/infra/audit-log/index.d.ts +0 -12
  256. package/dist/infra/audit-log/index.d.ts.map +0 -1
  257. package/dist/infra/audit-log/index.js +0 -13
  258. package/dist/infra/audit-log/index.js.map +0 -1
  259. package/dist/infra/index.d.ts +0 -20
  260. package/dist/infra/index.d.ts.map +0 -1
  261. package/dist/infra/index.js +0 -21
  262. package/dist/infra/index.js.map +0 -1
  263. package/dist/infra/logger/index.d.ts +0 -12
  264. package/dist/infra/logger/index.d.ts.map +0 -1
  265. package/dist/infra/logger/index.js +0 -13
  266. package/dist/infra/logger/index.js.map +0 -1
  267. package/dist/infra/metrics/index.d.ts +0 -18
  268. package/dist/infra/metrics/index.d.ts.map +0 -1
  269. package/dist/infra/metrics/index.js +0 -19
  270. package/dist/infra/metrics/index.js.map +0 -1
  271. package/dist/infra/notification/index.d.ts +0 -12
  272. package/dist/infra/notification/index.d.ts.map +0 -1
  273. package/dist/infra/notification/index.js +0 -13
  274. package/dist/infra/notification/index.js.map +0 -1
  275. package/dist/infra/storage/index.d.ts +0 -12
  276. package/dist/infra/storage/index.d.ts.map +0 -1
  277. package/dist/infra/storage/index.js +0 -13
  278. package/dist/infra/storage/index.js.map +0 -1
  279. package/dist/infra/stripe/index.d.ts +0 -12
  280. package/dist/infra/stripe/index.d.ts.map +0 -1
  281. package/dist/infra/stripe/index.js +0 -13
  282. package/dist/infra/stripe/index.js.map +0 -1
  283. package/dist/saas/index.d.ts +0 -18
  284. package/dist/saas/index.d.ts.map +0 -1
  285. package/dist/saas/index.js +0 -19
  286. package/dist/saas/index.js.map +0 -1
@@ -1,18 +0,0 @@
1
- /**
2
- * Require specific roles to access a route.
3
- * Works with the RbacGuard.
4
- *
5
- * By default, a user needs **at least one** of the listed roles.
6
- * Pass `{ requireAll: true }` in options to require all roles.
7
- *
8
- * @example
9
- * ```typescript
10
- * @Roles('admin')
11
- * @Roles('admin', 'moderator')
12
- * @Roles('admin', 'super-admin', { requireAll: true })
13
- * ```
14
- */
15
- export declare const Roles: (...args: (string | {
16
- requireAll: boolean;
17
- })[]) => import("@nestjs/common").CustomDecorator<string>;
18
- //# sourceMappingURL=rbac.decorator.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"rbac.decorator.d.ts","sourceRoot":"","sources":["../../../../packages/auth/authorization/rbac/rbac.decorator.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,KAAK,GAAI,GAAG,MAAM,CAAC,MAAM,GAAG;IAAE,UAAU,EAAE,OAAO,CAAA;CAAE,CAAC,EAAE,qDAOlE,CAAC"}
@@ -1,25 +0,0 @@
1
- import { SetMetadata } from '@nestjs/common';
2
- import { METADATA_ROLES } from '../../auth.constants';
3
- /**
4
- * Require specific roles to access a route.
5
- * Works with the RbacGuard.
6
- *
7
- * By default, a user needs **at least one** of the listed roles.
8
- * Pass `{ requireAll: true }` in options to require all roles.
9
- *
10
- * @example
11
- * ```typescript
12
- * @Roles('admin')
13
- * @Roles('admin', 'moderator')
14
- * @Roles('admin', 'super-admin', { requireAll: true })
15
- * ```
16
- */
17
- export const Roles = (...args) => {
18
- const last = args[args.length - 1];
19
- const opts = typeof last === 'object' ? args.pop() : undefined;
20
- return SetMetadata(METADATA_ROLES, {
21
- roles: args,
22
- requireAll: opts?.requireAll ?? false,
23
- });
24
- };
25
- //# sourceMappingURL=rbac.decorator.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"rbac.decorator.js","sourceRoot":"","sources":["../../../../packages/auth/authorization/rbac/rbac.decorator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,GAAG,IAA0C,EAAE,EAAE;IACrE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAE,IAAI,CAAC,GAAG,EAA8B,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5F,OAAO,WAAW,CAAC,cAAc,EAAE;QACjC,KAAK,EAAE,IAAgB;QACvB,UAAU,EAAE,IAAI,EAAE,UAAU,IAAI,KAAK;KACtC,CAAC,CAAC;AACL,CAAC,CAAC"}
@@ -1,19 +0,0 @@
1
- import { CanActivate, ExecutionContext } from '@nestjs/common';
2
- import { Reflector } from '@nestjs/core';
3
- import { RbacService } from './rbac.service';
4
- /**
5
- * Guard that enforces Role-Based Access Control.
6
- *
7
- * Reads the required roles from the `@Roles()` decorator on the route
8
- * handler (or controller) and checks them against the authenticated user.
9
- *
10
- * This guard is independent — you can use it with or without PBAC on
11
- * different routes in the same application.
12
- */
13
- export declare class RbacGuard implements CanActivate {
14
- private readonly reflector;
15
- private readonly rbacService;
16
- constructor(reflector: Reflector, rbacService: RbacService);
17
- canActivate(context: ExecutionContext): Promise<boolean>;
18
- }
19
- //# sourceMappingURL=rbac.guard.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"rbac.guard.d.ts","sourceRoot":"","sources":["../../../../packages/auth/authorization/rbac/rbac.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,WAAW,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAG7C;;;;;;;;GAQG;AACH,qBACa,SAAU,YAAW,WAAW;IAEzC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,WAAW;gBADX,SAAS,EAAE,SAAS,EACpB,WAAW,EAAE,WAAW;IAGrC,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAmB/D"}
@@ -1,50 +0,0 @@
1
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
- return c > 3 && r && Object.defineProperty(target, key, r), r;
6
- };
7
- var __metadata = (this && this.__metadata) || function (k, v) {
8
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
- };
10
- import { Injectable } from '@nestjs/common';
11
- import { Reflector } from '@nestjs/core';
12
- import { RbacService } from './rbac.service';
13
- import { METADATA_ROLES } from '../../auth.constants';
14
- /**
15
- * Guard that enforces Role-Based Access Control.
16
- *
17
- * Reads the required roles from the `@Roles()` decorator on the route
18
- * handler (or controller) and checks them against the authenticated user.
19
- *
20
- * This guard is independent — you can use it with or without PBAC on
21
- * different routes in the same application.
22
- */
23
- let RbacGuard = class RbacGuard {
24
- reflector;
25
- rbacService;
26
- constructor(reflector, rbacService) {
27
- this.reflector = reflector;
28
- this.rbacService = rbacService;
29
- }
30
- async canActivate(context) {
31
- const meta = this.reflector.getAllAndOverride(METADATA_ROLES, [context.getHandler(), context.getClass()]);
32
- if (!meta || !meta.roles || meta.roles.length === 0) {
33
- return true;
34
- }
35
- const request = context
36
- .switchToHttp()
37
- .getRequest();
38
- const user = request.user;
39
- if (!user)
40
- return false;
41
- return this.rbacService.hasRoles(user, meta.roles, meta.requireAll);
42
- }
43
- };
44
- RbacGuard = __decorate([
45
- Injectable(),
46
- __metadata("design:paramtypes", [Reflector,
47
- RbacService])
48
- ], RbacGuard);
49
- export { RbacGuard };
50
- //# sourceMappingURL=rbac.guard.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"rbac.guard.js","sourceRoot":"","sources":["../../../../packages/auth/authorization/rbac/rbac.guard.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAiC,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD;;;;;;;;GAQG;AAEI,IAAM,SAAS,GAAf,MAAM,SAAS;IAED;IACA;IAFnB,YACmB,SAAoB,EACpB,WAAwB;QADxB,cAAS,GAAT,SAAS,CAAW;QACpB,gBAAW,GAAX,WAAW,CAAa;IACxC,CAAC;IAEJ,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAG1C,cAAc,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAE/D,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,OAAO;aACpB,YAAY,EAAE;aACd,UAAU,EAAmD,CAAC;QACjE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAE1B,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACtE,CAAC;CACF,CAAA;AAzBY,SAAS;IADrB,UAAU,EAAE;qCAGmB,SAAS;QACP,WAAW;GAHhC,SAAS,CAyBrB"}
@@ -1,43 +0,0 @@
1
- import type { IAuthUser, ICacheService } from '../../interfaces';
2
- /**
3
- * Service that resolves and caches role → permissions mappings.
4
- *
5
- * Cache key convention: `rbac:roles:<userId>` → string[]
6
- * `rbac:perms:<role>` → string[]
7
- */
8
- export declare class RbacService {
9
- private readonly cache;
10
- constructor(cache: ICacheService);
11
- /**
12
- * Check if a user has at least one of the required roles.
13
- *
14
- * @param user Authenticated user
15
- * @param roles List of role names required (at least one must match)
16
- * @param requireAll If true, the user must have ALL specified roles
17
- */
18
- hasRoles(user: IAuthUser, roles: string[], requireAll?: boolean): Promise<boolean>;
19
- /**
20
- * Check if a user has a specific permission (derived from their roles).
21
- *
22
- * @param user Authenticated user
23
- * @param permission Permission identifier
24
- */
25
- hasPermission(user: IAuthUser, permission: string): Promise<boolean>;
26
- /**
27
- * Fetch roles for a user, using cache when possible.
28
- */
29
- getUserRoles(userId: string): Promise<string[]>;
30
- /**
31
- * Fetch permissions for a role, using cache when possible.
32
- */
33
- getRolePermissions(role: string): Promise<string[]>;
34
- /**
35
- * Invalidate the role cache for a user.
36
- */
37
- invalidateUser(userId: string): Promise<void>;
38
- /**
39
- * Invalidate the permission cache for a role.
40
- */
41
- invalidateRole(role: string): Promise<void>;
42
- }
43
- //# sourceMappingURL=rbac.service.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"rbac.service.d.ts","sourceRoot":"","sources":["../../../../packages/auth/authorization/rbac/rbac.service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGjE;;;;;GAKG;AACH,qBACa,WAAW;IAGpB,OAAO,CAAC,QAAQ,CAAC,KAAK;gBAAL,KAAK,EAAE,aAAa;IAGvC;;;;;;OAMG;IACG,QAAQ,CAAC,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,UAAU,UAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;IAUtF;;;;;OAKG;IACG,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAW1E;;OAEG;IACG,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAOrD;;OAEG;IACG,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAOzD;;OAEG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAInD;;OAEG;IACG,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGlD"}
@@ -1,95 +0,0 @@
1
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
- return c > 3 && r && Object.defineProperty(target, key, r), r;
6
- };
7
- var __metadata = (this && this.__metadata) || function (k, v) {
8
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
- };
10
- var __param = (this && this.__param) || function (paramIndex, decorator) {
11
- return function (target, key) { decorator(target, key, paramIndex); }
12
- };
13
- import { Inject, Injectable } from '@nestjs/common';
14
- import { CACHE_SERVICE } from '../../auth.constants';
15
- /**
16
- * Service that resolves and caches role → permissions mappings.
17
- *
18
- * Cache key convention: `rbac:roles:<userId>` → string[]
19
- * `rbac:perms:<role>` → string[]
20
- */
21
- let RbacService = class RbacService {
22
- cache;
23
- constructor(cache) {
24
- this.cache = cache;
25
- }
26
- /**
27
- * Check if a user has at least one of the required roles.
28
- *
29
- * @param user Authenticated user
30
- * @param roles List of role names required (at least one must match)
31
- * @param requireAll If true, the user must have ALL specified roles
32
- */
33
- async hasRoles(user, roles, requireAll = false) {
34
- if (!roles.length)
35
- return true;
36
- const userRoles = user.roles ?? (await this.getUserRoles(user.id));
37
- return requireAll
38
- ? roles.every((r) => userRoles.includes(r))
39
- : roles.some((r) => userRoles.includes(r));
40
- }
41
- /**
42
- * Check if a user has a specific permission (derived from their roles).
43
- *
44
- * @param user Authenticated user
45
- * @param permission Permission identifier
46
- */
47
- async hasPermission(user, permission) {
48
- const userRoles = user.roles ?? (await this.getUserRoles(user.id));
49
- for (const role of userRoles) {
50
- const perms = await this.getRolePermissions(role);
51
- if (perms.includes(permission))
52
- return true;
53
- }
54
- return false;
55
- }
56
- /**
57
- * Fetch roles for a user, using cache when possible.
58
- */
59
- async getUserRoles(userId) {
60
- const cacheKey = `rbac:roles:${userId}`;
61
- const cached = await this.cache.get(cacheKey);
62
- if (cached)
63
- return cached;
64
- return [];
65
- }
66
- /**
67
- * Fetch permissions for a role, using cache when possible.
68
- */
69
- async getRolePermissions(role) {
70
- const cacheKey = `rbac:perms:${role}`;
71
- const cached = await this.cache.get(cacheKey);
72
- if (cached)
73
- return cached;
74
- return [];
75
- }
76
- /**
77
- * Invalidate the role cache for a user.
78
- */
79
- async invalidateUser(userId) {
80
- await this.cache.del(`rbac:roles:${userId}`);
81
- }
82
- /**
83
- * Invalidate the permission cache for a role.
84
- */
85
- async invalidateRole(role) {
86
- await this.cache.del(`rbac:perms:${role}`);
87
- }
88
- };
89
- RbacService = __decorate([
90
- Injectable(),
91
- __param(0, Inject(CACHE_SERVICE)),
92
- __metadata("design:paramtypes", [Object])
93
- ], RbacService);
94
- export { RbacService };
95
- //# sourceMappingURL=rbac.service.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"rbac.service.js","sourceRoot":"","sources":["../../../../packages/auth/authorization/rbac/rbac.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAErD;;;;;GAKG;AAEI,IAAM,WAAW,GAAjB,MAAM,WAAW;IAGH;IAFnB,YAEmB,KAAoB;QAApB,UAAK,GAAL,KAAK,CAAe;IACpC,CAAC;IAEJ;;;;;;OAMG;IACH,KAAK,CAAC,QAAQ,CAAC,IAAe,EAAE,KAAe,EAAE,UAAU,GAAG,KAAK;QACjE,IAAI,CAAC,KAAK,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAE/B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAEnE,OAAO,UAAU;YACf,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC3C,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CAAC,IAAe,EAAE,UAAkB;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAEnE,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAClD,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC9C,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,MAAc;QAC/B,MAAM,QAAQ,GAAG,cAAc,MAAM,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAW,QAAQ,CAAC,CAAC;QACxD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,IAAY;QACnC,MAAM,QAAQ,GAAG,cAAc,IAAI,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAW,QAAQ,CAAC,CAAC;QACxD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,MAAM,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,IAAY;QAC/B,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;CACF,CAAA;AAzEY,WAAW;IADvB,UAAU,EAAE;IAGR,WAAA,MAAM,CAAC,aAAa,CAAC,CAAA;;GAFb,WAAW,CAyEvB"}
@@ -1,17 +0,0 @@
1
- import type { IAuthUser } from '../interfaces';
2
- /**
3
- * Parameter decorator that extracts the authenticated user from the request.
4
- *
5
- * @example
6
- * ```typescript
7
- * // Returns the full IAuthUser object
8
- * @Get('me')
9
- * getProfile(@CurrentUser() user: IAuthUser) { … }
10
- *
11
- * // Returns only the email
12
- * @Get('email')
13
- * getEmail(@CurrentUser('email') email: string) { … }
14
- * ```
15
- */
16
- export declare const CurrentUser: (...dataOrPipes: (keyof IAuthUser | import("@nestjs/common").PipeTransform<any, any> | import("@nestjs/common").Type<import("@nestjs/common").PipeTransform<any, any>> | undefined)[]) => ParameterDecorator;
17
- //# sourceMappingURL=current-user.decorator.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"current-user.decorator.d.ts","sourceRoot":"","sources":["../../../packages/auth/decorators/current-user.decorator.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE/C;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,WAAW,8MAOvB,CAAC"}
@@ -1,23 +0,0 @@
1
- import { createParamDecorator } from '@nestjs/common';
2
- /**
3
- * Parameter decorator that extracts the authenticated user from the request.
4
- *
5
- * @example
6
- * ```typescript
7
- * // Returns the full IAuthUser object
8
- * @Get('me')
9
- * getProfile(@CurrentUser() user: IAuthUser) { … }
10
- *
11
- * // Returns only the email
12
- * @Get('email')
13
- * getEmail(@CurrentUser('email') email: string) { … }
14
- * ```
15
- */
16
- export const CurrentUser = createParamDecorator((key, ctx) => {
17
- const request = ctx.switchToHttp().getRequest();
18
- const user = request.user;
19
- if (!user)
20
- return undefined;
21
- return key ? user[key] : user;
22
- });
23
- //# sourceMappingURL=current-user.decorator.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"current-user.decorator.js","sourceRoot":"","sources":["../../../packages/auth/decorators/current-user.decorator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAyB,MAAM,gBAAgB,CAAC;AAG7E;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,oBAAoB,CAC7C,CAAC,GAAgC,EAAE,GAAqB,EAAW,EAAE;IACnE,MAAM,OAAO,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC,UAAU,EAAwB,CAAC;IACtE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC1B,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAChC,CAAC,CACF,CAAC"}
@@ -1,3 +0,0 @@
1
- export { CurrentUser } from './current-user.decorator';
2
- export { Public } from './public.decorator';
3
- //# sourceMappingURL=index.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../packages/auth/decorators/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC"}
@@ -1,3 +0,0 @@
1
- export { CurrentUser } from './current-user.decorator';
2
- export { Public } from './public.decorator';
3
- //# sourceMappingURL=index.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../packages/auth/decorators/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC"}
@@ -1,13 +0,0 @@
1
- /**
2
- * Mark a route handler or controller as publicly accessible
3
- * (bypasses the global AuthGuard).
4
- *
5
- * @example
6
- * ```typescript
7
- * @Public()
8
- * @Get('login')
9
- * login() { … }
10
- * ```
11
- */
12
- export declare const Public: () => import("@nestjs/common").CustomDecorator<string>;
13
- //# sourceMappingURL=public.decorator.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"public.decorator.d.ts","sourceRoot":"","sources":["../../../packages/auth/decorators/public.decorator.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;GAUG;AACH,eAAO,MAAM,MAAM,wDAA2C,CAAC"}
@@ -1,15 +0,0 @@
1
- import { SetMetadata } from '@nestjs/common';
2
- import { METADATA_PUBLIC } from '../auth.constants';
3
- /**
4
- * Mark a route handler or controller as publicly accessible
5
- * (bypasses the global AuthGuard).
6
- *
7
- * @example
8
- * ```typescript
9
- * @Public()
10
- * @Get('login')
11
- * login() { … }
12
- * ```
13
- */
14
- export const Public = () => SetMetadata(METADATA_PUBLIC, true);
15
- //# sourceMappingURL=public.decorator.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"public.decorator.js","sourceRoot":"","sources":["../../../packages/auth/decorators/public.decorator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,GAAG,EAAE,CAAC,WAAW,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC"}
@@ -1,63 +0,0 @@
1
- /**
2
- * @os.io/nest-kit/auth
3
- *
4
- * Authentication & Authorization toolkit for NestJS applications.
5
- *
6
- * ## Features
7
- *
8
- * - **Authentication**: Credentials (email/password), OAuth (Google, GitHub,
9
- * Facebook, Apple, Microsoft, Discord, custom), TOTP 2FA, Anonymous sessions,
10
- * Magic Link, OTP (email/phone), Passkey (WebAuthn/FIDO2), OneTap (Google
11
- * & Apple), SSO (SAML & OpenID Connect).
12
- * - **Authorization**: RBAC (Role-Based) and PBAC (Policy-Based) — use either
13
- * or both independently on different routes.
14
- * - **Session**: Stateless JWT with refresh-token rotation, multi-device tracking,
15
- * per-device logout (Telegram-style).
16
- * - **Security**: bcrypt password hashing, rate limiting, token blacklisting
17
- * via Redis/Valkey, token versioning.
18
- * - **Scalability**: Horizontal scaling via shared cache; asymmetric JWT
19
- * (RS256/ES256) enables service-to-service token validation without
20
- * centralised auth calls.
21
- *
22
- * ## Quick Start
23
- *
24
- * ```typescript
25
- * import { AuthModule } from '@os.io/nest-kit/auth';
26
- *
27
- * @Module({
28
- * imports: [
29
- * AuthModule.forRoot({
30
- * jwtSecret: process.env.JWT_SECRET,
31
- * credentials: true,
32
- * rbac: true,
33
- * }),
34
- * ],
35
- * providers: [
36
- * { provide: 'USER_SERVICE', useClass: MyUserService },
37
- * { provide: 'CACHE_SERVICE', useExisting: getCache() },
38
- * ],
39
- * })
40
- * export class AppModule {}
41
- * ```
42
- *
43
- * @module
44
- * @packageDocumentation
45
- */
46
- export { AuthModule } from './auth.module';
47
- export { AuthService } from './auth.service';
48
- export { AuthGuard } from './auth.guard';
49
- export { AUTH_MODULE_OPTIONS, CACHE_SERVICE, USER_SERVICE, AUTH_STRATEGIES, METADATA_PUBLIC, METADATA_ROLES, METADATA_PERMISSIONS, METADATA_POLICY, } from './auth.constants';
50
- export type { AuthModuleOptions, AuthModuleAsyncOptions, CredentialsOptions, OAuthOptions, OAuthProviderConfig, TOTPOptions, AnonymousOptions, MagicLinkOptions, OTPOptions, PasskeyOptions, OneTapOptions, SSOOptions, SamlProviderConfig, OidcProviderConfig, RBACOptions, PBACOptions, SessionOptions, ThrottleOptions, } from './auth.options';
51
- export type { IAuthUser, IAuthRequest, ITokenPair, IAuthResult, IAuthStrategy, ICacheService, IUserService, } from './interfaces';
52
- export { AuthMethod } from './interfaces';
53
- export { CurrentUser, Public } from './decorators';
54
- export { JwtService, TokenBlacklistService, DeviceSessionService } from './session';
55
- export type { IDeviceInfo } from './session';
56
- export { PasswordService } from './password/password.service';
57
- export { ThrottleService } from './throttling/throttle.service';
58
- export { BaseStrategy, CredentialsStrategy, OAuthStrategy, OAuthProviderRegistry, TotpStrategy, AnonymousStrategy, MagicLinkStrategy, OtpStrategy, PasskeyStrategy, OneTapStrategy, SsoStrategy, } from './strategies';
59
- export { RbacService, RbacGuard, Roles } from './authorization/rbac';
60
- export { PbacService, PbacGuard, RequirePolicy } from './authorization/pbac';
61
- export type { PolicyDecoratorOptions } from './authorization/pbac';
62
- export type { PolicyStatement, PolicyDocument, PolicyContext, PolicyEffect, } from './authorization/pbac';
63
- //# sourceMappingURL=index.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../packages/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAGzC,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,YAAY,EACZ,eAAe,EACf,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,eAAe,GAChB,MAAM,kBAAkB,CAAC;AAG1B,YAAY,EACV,iBAAiB,EACjB,sBAAsB,EACtB,kBAAkB,EAClB,YAAY,EACZ,mBAAmB,EACnB,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,kBAAkB,EAClB,WAAW,EACX,WAAW,EACX,cAAc,EACd,eAAe,GAChB,MAAM,gBAAgB,CAAC;AAGxB,YAAY,EACV,SAAS,EACT,YAAY,EACZ,UAAU,EACV,WAAW,EACX,aAAa,EACb,aAAa,EACb,YAAY,GACb,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAG1C,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAGnD,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AACpF,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAG7C,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAG9D,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAGhE,OAAO,EACL,YAAY,EACZ,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,WAAW,EACX,eAAe,EACf,cAAc,EACd,WAAW,GACZ,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC7E,YAAY,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AACnE,YAAY,EACV,eAAe,EACf,cAAc,EACd,aAAa,EACb,YAAY,GACb,MAAM,sBAAsB,CAAC"}
@@ -1,65 +0,0 @@
1
- /**
2
- * @os.io/nest-kit/auth
3
- *
4
- * Authentication & Authorization toolkit for NestJS applications.
5
- *
6
- * ## Features
7
- *
8
- * - **Authentication**: Credentials (email/password), OAuth (Google, GitHub,
9
- * Facebook, Apple, Microsoft, Discord, custom), TOTP 2FA, Anonymous sessions,
10
- * Magic Link, OTP (email/phone), Passkey (WebAuthn/FIDO2), OneTap (Google
11
- * & Apple), SSO (SAML & OpenID Connect).
12
- * - **Authorization**: RBAC (Role-Based) and PBAC (Policy-Based) — use either
13
- * or both independently on different routes.
14
- * - **Session**: Stateless JWT with refresh-token rotation, multi-device tracking,
15
- * per-device logout (Telegram-style).
16
- * - **Security**: bcrypt password hashing, rate limiting, token blacklisting
17
- * via Redis/Valkey, token versioning.
18
- * - **Scalability**: Horizontal scaling via shared cache; asymmetric JWT
19
- * (RS256/ES256) enables service-to-service token validation without
20
- * centralised auth calls.
21
- *
22
- * ## Quick Start
23
- *
24
- * ```typescript
25
- * import { AuthModule } from '@os.io/nest-kit/auth';
26
- *
27
- * @Module({
28
- * imports: [
29
- * AuthModule.forRoot({
30
- * jwtSecret: process.env.JWT_SECRET,
31
- * credentials: true,
32
- * rbac: true,
33
- * }),
34
- * ],
35
- * providers: [
36
- * { provide: 'USER_SERVICE', useClass: MyUserService },
37
- * { provide: 'CACHE_SERVICE', useExisting: getCache() },
38
- * ],
39
- * })
40
- * export class AppModule {}
41
- * ```
42
- *
43
- * @module
44
- * @packageDocumentation
45
- */
46
- export { AuthModule } from './auth.module';
47
- export { AuthService } from './auth.service';
48
- export { AuthGuard } from './auth.guard';
49
- // ── Constants ──
50
- export { AUTH_MODULE_OPTIONS, CACHE_SERVICE, USER_SERVICE, AUTH_STRATEGIES, METADATA_PUBLIC, METADATA_ROLES, METADATA_PERMISSIONS, METADATA_POLICY, } from './auth.constants';
51
- export { AuthMethod } from './interfaces';
52
- // ── Decorators ──
53
- export { CurrentUser, Public } from './decorators';
54
- // ── Session ──
55
- export { JwtService, TokenBlacklistService, DeviceSessionService } from './session';
56
- // ── Password ──
57
- export { PasswordService } from './password/password.service';
58
- // ── Throttling ──
59
- export { ThrottleService } from './throttling/throttle.service';
60
- // ── Strategies ──
61
- export { BaseStrategy, CredentialsStrategy, OAuthStrategy, OAuthProviderRegistry, TotpStrategy, AnonymousStrategy, MagicLinkStrategy, OtpStrategy, PasskeyStrategy, OneTapStrategy, SsoStrategy, } from './strategies';
62
- // ── Authorization ──
63
- export { RbacService, RbacGuard, Roles } from './authorization/rbac';
64
- export { PbacService, PbacGuard, RequirePolicy } from './authorization/pbac';
65
- //# sourceMappingURL=index.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../packages/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,kBAAkB;AAClB,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,YAAY,EACZ,eAAe,EACf,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,eAAe,GAChB,MAAM,kBAAkB,CAAC;AAkC1B,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,mBAAmB;AACnB,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEnD,gBAAgB;AAChB,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAGpF,iBAAiB;AACjB,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAE9D,mBAAmB;AACnB,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE,mBAAmB;AACnB,OAAO,EACL,YAAY,EACZ,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,WAAW,EACX,eAAe,EACf,cAAc,EACd,WAAW,GACZ,MAAM,cAAc,CAAC;AAEtB,sBAAsB;AACtB,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC"}
@@ -1,18 +0,0 @@
1
- import type { IAuthUser } from './auth-user.interface';
2
- /**
3
- * Extended Express/NestJS request with authenticated user info.
4
- * Attached by AuthGuard after successful token validation.
5
- */
6
- export interface IAuthRequest {
7
- /** Authenticated user entity */
8
- user?: IAuthUser;
9
- /** Raw access token from the request */
10
- accessToken?: string;
11
- /** Raw refresh token (if present in request) */
12
- refreshToken?: string;
13
- /** Device / session identifier for multi-device tracking */
14
- deviceId?: string;
15
- /** Session identifier */
16
- sessionId?: string;
17
- }
18
- //# sourceMappingURL=auth-request.interface.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"auth-request.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-request.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAEvD;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,wCAAwC;IACxC,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,yBAAyB;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}
@@ -1,2 +0,0 @@
1
- export {};
2
- //# sourceMappingURL=auth-request.interface.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"auth-request.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-request.interface.ts"],"names":[],"mappings":""}
@@ -1,28 +0,0 @@
1
- import type { IAuthUser } from './auth-user.interface';
2
- /**
3
- * Pair of access and refresh tokens returned from successful authentication.
4
- */
5
- export interface ITokenPair {
6
- /** Short-lived JWT access token (Bearer) */
7
- accessToken: string;
8
- /** Long-lived refresh token for rotating sessions */
9
- refreshToken: string;
10
- /** Access token TTL in seconds */
11
- expiresIn: number;
12
- }
13
- /**
14
- * Result returned by every authentication strategy on success.
15
- */
16
- export interface IAuthResult {
17
- /** Authenticated user entity */
18
- user: IAuthUser;
19
- /** Token pair for subsequent requests */
20
- tokens: ITokenPair;
21
- /** Whether the user was just created (first sign-up) */
22
- isNewUser?: boolean;
23
- /** Whether the user must complete a second factor */
24
- isMfaRequired?: boolean;
25
- /** Server-generated session identifier */
26
- sessionId?: string;
27
- }
28
- //# sourceMappingURL=auth-result.interface.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"auth-result.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-result.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,YAAY,EAAE,MAAM,CAAC;IACrB,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,gCAAgC;IAChC,IAAI,EAAE,SAAS,CAAC;IAChB,yCAAyC;IACzC,MAAM,EAAE,UAAU,CAAC;IACnB,wDAAwD;IACxD,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,qDAAqD;IACrD,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,0CAA0C;IAC1C,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}
@@ -1,2 +0,0 @@
1
- export {};
2
- //# sourceMappingURL=auth-result.interface.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"auth-result.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-result.interface.ts"],"names":[],"mappings":""}
@@ -1,37 +0,0 @@
1
- import type { ExecutionContext } from '@nestjs/common';
2
- import type { IAuthResult } from './auth-result.interface';
3
- /**
4
- * Authentication method enum — each value maps to a strategy.
5
- */
6
- export declare enum AuthMethod {
7
- CREDENTIALS = "credentials",
8
- OAUTH = "oauth",
9
- TOTP = "totp",
10
- ANONYMOUS = "anonymous",
11
- MAGIC_LINK = "magic-link",
12
- OTP = "otp",
13
- PASSKEY = "passkey",
14
- ONETAP = "onetap",
15
- SSO = "sso"
16
- }
17
- /**
18
- * Every authentication strategy must implement this interface.
19
- * Strategies are registered in the IoC container and discovered by AuthGuard.
20
- */
21
- export interface IAuthStrategy {
22
- /** Unique strategy type identifier */
23
- readonly type: AuthMethod;
24
- /** Human-readable strategy name for logging / debugging */
25
- readonly name: string;
26
- /**
27
- * Attempt to authenticate the request.
28
- *
29
- * @param payload Strategy-specific authentication payload
30
- * (e.g. { email, password } for credentials,
31
- * { provider, code } for OAuth, …)
32
- * @param context Optional NestJS execution context for
33
- * access to request / response objects
34
- */
35
- authenticate(payload: Record<string, unknown>, context?: ExecutionContext): Promise<IAuthResult>;
36
- }
37
- //# sourceMappingURL=auth-strategy.interface.d.ts.map