@os.io/nest-kit 0.0.1-alpha.0 → 0.0.1-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +30 -30
- package/package.json +41 -5
- package/dist/auth/auth.constants.d.ts +0 -19
- package/dist/auth/auth.constants.d.ts.map +0 -1
- package/dist/auth/auth.constants.js +0 -19
- package/dist/auth/auth.constants.js.map +0 -1
- package/dist/auth/auth.guard.d.ts +0 -20
- package/dist/auth/auth.guard.d.ts.map +0 -1
- package/dist/auth/auth.guard.js +0 -84
- package/dist/auth/auth.guard.js.map +0 -1
- package/dist/auth/auth.module.d.ts +0 -26
- package/dist/auth/auth.module.d.ts.map +0 -1
- package/dist/auth/auth.module.js +0 -344
- package/dist/auth/auth.module.js.map +0 -1
- package/dist/auth/auth.options.d.ts +0 -179
- package/dist/auth/auth.options.d.ts.map +0 -1
- package/dist/auth/auth.options.js +0 -2
- package/dist/auth/auth.options.js.map +0 -1
- package/dist/auth/auth.service.d.ts +0 -57
- package/dist/auth/auth.service.d.ts.map +0 -1
- package/dist/auth/auth.service.js +0 -175
- package/dist/auth/auth.service.js.map +0 -1
- package/dist/auth/authorization/index.d.ts +0 -3
- package/dist/auth/authorization/index.d.ts.map +0 -1
- package/dist/auth/authorization/index.js +0 -3
- package/dist/auth/authorization/index.js.map +0 -1
- package/dist/auth/authorization/pbac/index.d.ts +0 -6
- package/dist/auth/authorization/pbac/index.d.ts.map +0 -1
- package/dist/auth/authorization/pbac/index.js +0 -4
- package/dist/auth/authorization/pbac/index.js.map +0 -1
- package/dist/auth/authorization/pbac/pbac.decorator.d.ts +0 -18
- package/dist/auth/authorization/pbac/pbac.decorator.d.ts.map +0 -1
- package/dist/auth/authorization/pbac/pbac.decorator.js +0 -14
- package/dist/auth/authorization/pbac/pbac.decorator.js.map +0 -1
- package/dist/auth/authorization/pbac/pbac.guard.d.ts +0 -19
- package/dist/auth/authorization/pbac/pbac.guard.d.ts.map +0 -1
- package/dist/auth/authorization/pbac/pbac.guard.js +0 -60
- package/dist/auth/authorization/pbac/pbac.guard.js.map +0 -1
- package/dist/auth/authorization/pbac/pbac.service.d.ts +0 -44
- package/dist/auth/authorization/pbac/pbac.service.d.ts.map +0 -1
- package/dist/auth/authorization/pbac/pbac.service.js +0 -146
- package/dist/auth/authorization/pbac/pbac.service.js.map +0 -1
- package/dist/auth/authorization/pbac/pbac.types.d.ts +0 -47
- package/dist/auth/authorization/pbac/pbac.types.d.ts.map +0 -1
- package/dist/auth/authorization/pbac/pbac.types.js +0 -2
- package/dist/auth/authorization/pbac/pbac.types.js.map +0 -1
- package/dist/auth/authorization/rbac/index.d.ts +0 -4
- package/dist/auth/authorization/rbac/index.d.ts.map +0 -1
- package/dist/auth/authorization/rbac/index.js +0 -4
- package/dist/auth/authorization/rbac/index.js.map +0 -1
- package/dist/auth/authorization/rbac/rbac.decorator.d.ts +0 -18
- package/dist/auth/authorization/rbac/rbac.decorator.d.ts.map +0 -1
- package/dist/auth/authorization/rbac/rbac.decorator.js +0 -25
- package/dist/auth/authorization/rbac/rbac.decorator.js.map +0 -1
- package/dist/auth/authorization/rbac/rbac.guard.d.ts +0 -19
- package/dist/auth/authorization/rbac/rbac.guard.d.ts.map +0 -1
- package/dist/auth/authorization/rbac/rbac.guard.js +0 -50
- package/dist/auth/authorization/rbac/rbac.guard.js.map +0 -1
- package/dist/auth/authorization/rbac/rbac.service.d.ts +0 -43
- package/dist/auth/authorization/rbac/rbac.service.d.ts.map +0 -1
- package/dist/auth/authorization/rbac/rbac.service.js +0 -95
- package/dist/auth/authorization/rbac/rbac.service.js.map +0 -1
- package/dist/auth/decorators/current-user.decorator.d.ts +0 -17
- package/dist/auth/decorators/current-user.decorator.d.ts.map +0 -1
- package/dist/auth/decorators/current-user.decorator.js +0 -23
- package/dist/auth/decorators/current-user.decorator.js.map +0 -1
- package/dist/auth/decorators/index.d.ts +0 -3
- package/dist/auth/decorators/index.d.ts.map +0 -1
- package/dist/auth/decorators/index.js +0 -3
- package/dist/auth/decorators/index.js.map +0 -1
- package/dist/auth/decorators/public.decorator.d.ts +0 -13
- package/dist/auth/decorators/public.decorator.d.ts.map +0 -1
- package/dist/auth/decorators/public.decorator.js +0 -15
- package/dist/auth/decorators/public.decorator.js.map +0 -1
- package/dist/auth/index.d.ts +0 -63
- package/dist/auth/index.d.ts.map +0 -1
- package/dist/auth/index.js +0 -65
- package/dist/auth/index.js.map +0 -1
- package/dist/auth/interfaces/auth-request.interface.d.ts +0 -18
- package/dist/auth/interfaces/auth-request.interface.d.ts.map +0 -1
- package/dist/auth/interfaces/auth-request.interface.js +0 -2
- package/dist/auth/interfaces/auth-request.interface.js.map +0 -1
- package/dist/auth/interfaces/auth-result.interface.d.ts +0 -28
- package/dist/auth/interfaces/auth-result.interface.d.ts.map +0 -1
- package/dist/auth/interfaces/auth-result.interface.js +0 -2
- package/dist/auth/interfaces/auth-result.interface.js.map +0 -1
- package/dist/auth/interfaces/auth-strategy.interface.d.ts +0 -37
- package/dist/auth/interfaces/auth-strategy.interface.d.ts.map +0 -1
- package/dist/auth/interfaces/auth-strategy.interface.js +0 -16
- package/dist/auth/interfaces/auth-strategy.interface.js.map +0 -1
- package/dist/auth/interfaces/auth-user.interface.d.ts +0 -25
- package/dist/auth/interfaces/auth-user.interface.d.ts.map +0 -1
- package/dist/auth/interfaces/auth-user.interface.js +0 -2
- package/dist/auth/interfaces/auth-user.interface.js.map +0 -1
- package/dist/auth/interfaces/cache-service.interface.d.ts +0 -30
- package/dist/auth/interfaces/cache-service.interface.d.ts.map +0 -1
- package/dist/auth/interfaces/cache-service.interface.js +0 -2
- package/dist/auth/interfaces/cache-service.interface.js.map +0 -1
- package/dist/auth/interfaces/index.d.ts +0 -8
- package/dist/auth/interfaces/index.d.ts.map +0 -1
- package/dist/auth/interfaces/index.js +0 -2
- package/dist/auth/interfaces/index.js.map +0 -1
- package/dist/auth/interfaces/user-service.interface.d.ts +0 -34
- package/dist/auth/interfaces/user-service.interface.d.ts.map +0 -1
- package/dist/auth/interfaces/user-service.interface.js +0 -2
- package/dist/auth/interfaces/user-service.interface.js.map +0 -1
- package/dist/auth/password/password.service.d.ts +0 -23
- package/dist/auth/password/password.service.d.ts.map +0 -1
- package/dist/auth/password/password.service.js +0 -52
- package/dist/auth/password/password.service.js.map +0 -1
- package/dist/auth/session/device-session.service.d.ts +0 -43
- package/dist/auth/session/device-session.service.d.ts.map +0 -1
- package/dist/auth/session/device-session.service.js +0 -72
- package/dist/auth/session/device-session.service.js.map +0 -1
- package/dist/auth/session/index.d.ts +0 -5
- package/dist/auth/session/index.d.ts.map +0 -1
- package/dist/auth/session/index.js +0 -4
- package/dist/auth/session/index.js.map +0 -1
- package/dist/auth/session/jwt.service.d.ts +0 -37
- package/dist/auth/session/jwt.service.d.ts.map +0 -1
- package/dist/auth/session/jwt.service.js +0 -119
- package/dist/auth/session/jwt.service.js.map +0 -1
- package/dist/auth/session/token-blacklist.service.d.ts +0 -37
- package/dist/auth/session/token-blacklist.service.d.ts.map +0 -1
- package/dist/auth/session/token-blacklist.service.js +0 -70
- package/dist/auth/session/token-blacklist.service.js.map +0 -1
- package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts +0 -19
- package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/anonymous/anonymous.strategy.js +0 -49
- package/dist/auth/strategies/anonymous/anonymous.strategy.js.map +0 -1
- package/dist/auth/strategies/base/base.strategy.d.ts +0 -11
- package/dist/auth/strategies/base/base.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/base/base.strategy.js +0 -6
- package/dist/auth/strategies/base/base.strategy.js.map +0 -1
- package/dist/auth/strategies/credentials/credentials.strategy.d.ts +0 -21
- package/dist/auth/strategies/credentials/credentials.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/credentials/credentials.strategy.js +0 -67
- package/dist/auth/strategies/credentials/credentials.strategy.js.map +0 -1
- package/dist/auth/strategies/index.d.ts +0 -12
- package/dist/auth/strategies/index.d.ts.map +0 -1
- package/dist/auth/strategies/index.js +0 -12
- package/dist/auth/strategies/index.js.map +0 -1
- package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts +0 -31
- package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/magic-link/magic-link.strategy.js +0 -88
- package/dist/auth/strategies/magic-link/magic-link.strategy.js.map +0 -1
- package/dist/auth/strategies/oauth/index.d.ts +0 -3
- package/dist/auth/strategies/oauth/index.d.ts.map +0 -1
- package/dist/auth/strategies/oauth/index.js +0 -3
- package/dist/auth/strategies/oauth/index.js.map +0 -1
- package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts +0 -13
- package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts.map +0 -1
- package/dist/auth/strategies/oauth/oauth-provider-registry.js +0 -20
- package/dist/auth/strategies/oauth/oauth-provider-registry.js.map +0 -1
- package/dist/auth/strategies/oauth/oauth.strategy.d.ts +0 -23
- package/dist/auth/strategies/oauth/oauth.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/oauth/oauth.strategy.js +0 -79
- package/dist/auth/strategies/oauth/oauth.strategy.js.map +0 -1
- package/dist/auth/strategies/onetap/onetap.strategy.d.ts +0 -24
- package/dist/auth/strategies/onetap/onetap.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/onetap/onetap.strategy.js +0 -77
- package/dist/auth/strategies/onetap/onetap.strategy.js.map +0 -1
- package/dist/auth/strategies/otp/otp.strategy.d.ts +0 -31
- package/dist/auth/strategies/otp/otp.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/otp/otp.strategy.js +0 -93
- package/dist/auth/strategies/otp/otp.strategy.js.map +0 -1
- package/dist/auth/strategies/passkey/passkey.strategy.d.ts +0 -32
- package/dist/auth/strategies/passkey/passkey.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/passkey/passkey.strategy.js +0 -102
- package/dist/auth/strategies/passkey/passkey.strategy.js.map +0 -1
- package/dist/auth/strategies/sso/sso.strategy.d.ts +0 -25
- package/dist/auth/strategies/sso/sso.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/sso/sso.strategy.js +0 -80
- package/dist/auth/strategies/sso/sso.strategy.js.map +0 -1
- package/dist/auth/strategies/totp/totp.strategy.d.ts +0 -37
- package/dist/auth/strategies/totp/totp.strategy.d.ts.map +0 -1
- package/dist/auth/strategies/totp/totp.strategy.js +0 -109
- package/dist/auth/strategies/totp/totp.strategy.js.map +0 -1
- package/dist/auth/throttling/index.d.ts +0 -2
- package/dist/auth/throttling/index.d.ts.map +0 -1
- package/dist/auth/throttling/index.js +0 -2
- package/dist/auth/throttling/index.js.map +0 -1
- package/dist/auth/throttling/throttle.service.d.ts +0 -27
- package/dist/auth/throttling/throttle.service.d.ts.map +0 -1
- package/dist/auth/throttling/throttle.service.js +0 -63
- package/dist/auth/throttling/throttle.service.js.map +0 -1
- package/dist/bootstrap/cache/config.d.ts +0 -135
- package/dist/bootstrap/cache/config.d.ts.map +0 -1
- package/dist/bootstrap/cache/config.js +0 -189
- package/dist/bootstrap/cache/config.js.map +0 -1
- package/dist/bootstrap/cache/index.d.ts +0 -11
- package/dist/bootstrap/cache/index.d.ts.map +0 -1
- package/dist/bootstrap/cache/index.js +0 -11
- package/dist/bootstrap/cache/index.js.map +0 -1
- package/dist/bootstrap/index.d.ts +0 -21
- package/dist/bootstrap/index.d.ts.map +0 -1
- package/dist/bootstrap/index.js +0 -21
- package/dist/bootstrap/index.js.map +0 -1
- package/dist/bootstrap/scalar/api-docs.d.ts +0 -39
- package/dist/bootstrap/scalar/api-docs.d.ts.map +0 -1
- package/dist/bootstrap/scalar/api-docs.js +0 -41
- package/dist/bootstrap/scalar/api-docs.js.map +0 -1
- package/dist/bootstrap/scalar/index.d.ts +0 -39
- package/dist/bootstrap/scalar/index.d.ts.map +0 -1
- package/dist/bootstrap/scalar/index.js +0 -41
- package/dist/bootstrap/scalar/index.js.map +0 -1
- package/dist/bootstrap/swagger/api-docs.d.ts +0 -73
- package/dist/bootstrap/swagger/api-docs.d.ts.map +0 -1
- package/dist/bootstrap/swagger/api-docs.js +0 -87
- package/dist/bootstrap/swagger/api-docs.js.map +0 -1
- package/dist/bootstrap/swagger/index.d.ts +0 -37
- package/dist/bootstrap/swagger/index.d.ts.map +0 -1
- package/dist/bootstrap/swagger/index.js +0 -36
- package/dist/bootstrap/swagger/index.js.map +0 -1
- package/dist/bootstrap/typeorm/config/index.d.ts +0 -12
- package/dist/bootstrap/typeorm/config/index.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/config/index.js +0 -62
- package/dist/bootstrap/typeorm/config/index.js.map +0 -1
- package/dist/bootstrap/typeorm/crud/controller.d.ts +0 -13
- package/dist/bootstrap/typeorm/crud/controller.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/crud/controller.js +0 -72
- package/dist/bootstrap/typeorm/crud/controller.js.map +0 -1
- package/dist/bootstrap/typeorm/crud/index.d.ts +0 -4
- package/dist/bootstrap/typeorm/crud/index.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/crud/index.js +0 -3
- package/dist/bootstrap/typeorm/crud/index.js.map +0 -1
- package/dist/bootstrap/typeorm/crud/service.d.ts +0 -10
- package/dist/bootstrap/typeorm/crud/service.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/crud/service.js +0 -21
- package/dist/bootstrap/typeorm/crud/service.js.map +0 -1
- package/dist/bootstrap/typeorm/index.d.ts +0 -18
- package/dist/bootstrap/typeorm/index.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/index.js +0 -18
- package/dist/bootstrap/typeorm/index.js.map +0 -1
- package/dist/bootstrap/typeorm/uow/factory.d.ts +0 -5
- package/dist/bootstrap/typeorm/uow/factory.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/uow/factory.js +0 -27
- package/dist/bootstrap/typeorm/uow/factory.js.map +0 -1
- package/dist/bootstrap/typeorm/uow/index.d.ts +0 -4
- package/dist/bootstrap/typeorm/uow/index.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/uow/index.js +0 -4
- package/dist/bootstrap/typeorm/uow/index.js.map +0 -1
- package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts +0 -62
- package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/uow/transactional.decorator.js +0 -114
- package/dist/bootstrap/typeorm/uow/transactional.decorator.js.map +0 -1
- package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts +0 -11
- package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts.map +0 -1
- package/dist/bootstrap/typeorm/uow/unit-of-work.js +0 -23
- package/dist/bootstrap/typeorm/uow/unit-of-work.js.map +0 -1
- package/dist/core/index.d.ts +0 -11
- package/dist/core/index.d.ts.map +0 -1
- package/dist/core/index.js +0 -11
- package/dist/core/index.js.map +0 -1
- package/dist/infra/audit-log/index.d.ts +0 -12
- package/dist/infra/audit-log/index.d.ts.map +0 -1
- package/dist/infra/audit-log/index.js +0 -13
- package/dist/infra/audit-log/index.js.map +0 -1
- package/dist/infra/index.d.ts +0 -20
- package/dist/infra/index.d.ts.map +0 -1
- package/dist/infra/index.js +0 -21
- package/dist/infra/index.js.map +0 -1
- package/dist/infra/logger/index.d.ts +0 -12
- package/dist/infra/logger/index.d.ts.map +0 -1
- package/dist/infra/logger/index.js +0 -13
- package/dist/infra/logger/index.js.map +0 -1
- package/dist/infra/metrics/index.d.ts +0 -18
- package/dist/infra/metrics/index.d.ts.map +0 -1
- package/dist/infra/metrics/index.js +0 -19
- package/dist/infra/metrics/index.js.map +0 -1
- package/dist/infra/notification/index.d.ts +0 -12
- package/dist/infra/notification/index.d.ts.map +0 -1
- package/dist/infra/notification/index.js +0 -13
- package/dist/infra/notification/index.js.map +0 -1
- package/dist/infra/storage/index.d.ts +0 -12
- package/dist/infra/storage/index.d.ts.map +0 -1
- package/dist/infra/storage/index.js +0 -13
- package/dist/infra/storage/index.js.map +0 -1
- package/dist/infra/stripe/index.d.ts +0 -12
- package/dist/infra/stripe/index.d.ts.map +0 -1
- package/dist/infra/stripe/index.js +0 -13
- package/dist/infra/stripe/index.js.map +0 -1
- package/dist/saas/index.d.ts +0 -18
- package/dist/saas/index.d.ts.map +0 -1
- package/dist/saas/index.js +0 -19
- package/dist/saas/index.js.map +0 -1
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import { AuthMethod, type IAuthResult } from '../../interfaces';
|
|
3
|
-
import type { IUserService } from '../../interfaces';
|
|
4
|
-
import { JwtService } from '../../session/jwt.service';
|
|
5
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
6
|
-
/**
|
|
7
|
-
* Google & Apple OneTap sign-in strategy.
|
|
8
|
-
*
|
|
9
|
-
* OneTap provides a streamlined sign-in experience where users
|
|
10
|
-
* authenticate with a single tap using their Google or Apple ID.
|
|
11
|
-
*/
|
|
12
|
-
export declare class OneTapStrategy extends BaseStrategy {
|
|
13
|
-
private readonly userService;
|
|
14
|
-
private readonly jwtService;
|
|
15
|
-
readonly type = AuthMethod.ONETAP;
|
|
16
|
-
readonly name = "onetap";
|
|
17
|
-
constructor(userService: IUserService, jwtService: JwtService);
|
|
18
|
-
/**
|
|
19
|
-
* Authenticate using a OneTap credential token.
|
|
20
|
-
* Expects `provider` ('google' | 'apple') and `credential` (ID token).
|
|
21
|
-
*/
|
|
22
|
-
authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
|
|
23
|
-
}
|
|
24
|
-
//# sourceMappingURL=onetap.strategy.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"onetap.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/onetap/onetap.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AACH,qBACa,cAAe,SAAQ,YAAY;IAM5C,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAN7B,QAAQ,CAAC,IAAI,qBAAqB;IAClC,QAAQ,CAAC,IAAI,YAAY;gBAIN,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU;IAKzC;;;OAGG;IACY,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CAyCxB"}
|
|
@@ -1,77 +0,0 @@
|
|
|
1
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
-
};
|
|
7
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
-
};
|
|
10
|
-
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
-
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
-
};
|
|
13
|
-
import { Inject, Injectable } from '@nestjs/common';
|
|
14
|
-
import { AuthMethod } from '../../interfaces';
|
|
15
|
-
import { USER_SERVICE } from '../../auth.constants';
|
|
16
|
-
import { JwtService } from '../../session/jwt.service';
|
|
17
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
18
|
-
/**
|
|
19
|
-
* Google & Apple OneTap sign-in strategy.
|
|
20
|
-
*
|
|
21
|
-
* OneTap provides a streamlined sign-in experience where users
|
|
22
|
-
* authenticate with a single tap using their Google or Apple ID.
|
|
23
|
-
*/
|
|
24
|
-
let OneTapStrategy = class OneTapStrategy extends BaseStrategy {
|
|
25
|
-
userService;
|
|
26
|
-
jwtService;
|
|
27
|
-
type = AuthMethod.ONETAP;
|
|
28
|
-
name = 'onetap';
|
|
29
|
-
constructor(userService, jwtService) {
|
|
30
|
-
super();
|
|
31
|
-
this.userService = userService;
|
|
32
|
-
this.jwtService = jwtService;
|
|
33
|
-
}
|
|
34
|
-
/**
|
|
35
|
-
* Authenticate using a OneTap credential token.
|
|
36
|
-
* Expects `provider` ('google' | 'apple') and `credential` (ID token).
|
|
37
|
-
*/
|
|
38
|
-
async authenticate(payload, _context) {
|
|
39
|
-
const provider = payload.provider;
|
|
40
|
-
const credential = payload.credential;
|
|
41
|
-
if (!provider || !credential) {
|
|
42
|
-
throw new Error('provider and credential are required');
|
|
43
|
-
}
|
|
44
|
-
if (!['google', 'apple'].includes(provider)) {
|
|
45
|
-
throw new Error(`Unsupported OneTap provider: ${provider}`);
|
|
46
|
-
}
|
|
47
|
-
// In production, verify the credential (ID token) using the provider's
|
|
48
|
-
// public keys (JWKS). Extract email, name, sub from the decoded token.
|
|
49
|
-
//
|
|
50
|
-
// For Google: use google-auth-library or manually verify the JWT
|
|
51
|
-
// For Apple: fetch Apple's public keys and verify the JWT
|
|
52
|
-
//
|
|
53
|
-
// const payload = await verifyGoogleIdToken(credential, clientId);
|
|
54
|
-
const sub = payload.sub;
|
|
55
|
-
const email = payload.email;
|
|
56
|
-
const name = payload.name;
|
|
57
|
-
const socialId = `${provider}:${sub}`;
|
|
58
|
-
let user = await this.userService.findBySocialId(provider, socialId);
|
|
59
|
-
if (!user) {
|
|
60
|
-
user = await this.userService.create({
|
|
61
|
-
email,
|
|
62
|
-
username: name,
|
|
63
|
-
});
|
|
64
|
-
}
|
|
65
|
-
user.roles = await this.userService.getRoles(user.id);
|
|
66
|
-
user.permissions = await this.userService.getPermissions(user.id);
|
|
67
|
-
const tokens = await this.jwtService.signTokens(user);
|
|
68
|
-
return { user, tokens, isNewUser: !user.email };
|
|
69
|
-
}
|
|
70
|
-
};
|
|
71
|
-
OneTapStrategy = __decorate([
|
|
72
|
-
Injectable(),
|
|
73
|
-
__param(0, Inject(USER_SERVICE)),
|
|
74
|
-
__metadata("design:paramtypes", [Object, JwtService])
|
|
75
|
-
], OneTapStrategy);
|
|
76
|
-
export { OneTapStrategy };
|
|
77
|
-
//# sourceMappingURL=onetap.strategy.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"onetap.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/onetap/onetap.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AAEI,IAAM,cAAc,GAApB,MAAM,cAAe,SAAQ,YAAY;IAM3B;IACA;IANV,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC;IACzB,IAAI,GAAG,QAAQ,CAAC;IAEzB,YAEmB,WAAyB,EACzB,UAAsB;QAEvC,KAAK,EAAE,CAAC;QAHS,gBAAW,GAAX,WAAW,CAAc;QACzB,eAAU,GAAV,UAAU,CAAY;IAGzC,CAAC;IAED;;;OAGG;IACM,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAkB,CAAC;QAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,UAAoB,CAAC;QAEhD,IAAI,CAAC,QAAQ,IAAI,CAAC,UAAU,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,uEAAuE;QACvE,uEAAuE;QACvE,EAAE;QACF,iEAAiE;QACjE,0DAA0D;QAC1D,EAAE;QACF,mEAAmE;QAEnE,MAAM,GAAG,GAAG,OAAO,CAAC,GAAa,CAAC;QAClC,MAAM,KAAK,GAAG,OAAO,CAAC,KAA2B,CAAC;QAClD,MAAM,IAAI,GAAG,OAAO,CAAC,IAA0B,CAAC;QAEhD,MAAM,QAAQ,GAAG,GAAG,QAAQ,IAAI,GAAG,EAAE,CAAC;QACtC,IAAI,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAErE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;gBACnC,KAAK;gBACL,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IAClD,CAAC;CACF,CAAA;AA5DY,cAAc;IAD1B,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;6CAEQ,UAAU;GAP9B,cAAc,CA4D1B"}
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import { AuthMethod, type IAuthResult, type ICacheService } from '../../interfaces';
|
|
3
|
-
import type { IUserService } from '../../interfaces';
|
|
4
|
-
import { JwtService } from '../../session/jwt.service';
|
|
5
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
6
|
-
/**
|
|
7
|
-
* One-Time Password (OTP) authentication via email or phone.
|
|
8
|
-
*
|
|
9
|
-
* Flow:
|
|
10
|
-
* 1. User enters email/phone → a numeric code is generated and stored in cache
|
|
11
|
-
* 2. Code is dispatched via email or SMS (consumer's responsibility)
|
|
12
|
-
* 3. User submits code → validated → signed in
|
|
13
|
-
*/
|
|
14
|
-
export declare class OtpStrategy extends BaseStrategy {
|
|
15
|
-
private readonly cache;
|
|
16
|
-
private readonly userService;
|
|
17
|
-
private readonly jwtService;
|
|
18
|
-
readonly type = AuthMethod.OTP;
|
|
19
|
-
readonly name = "otp";
|
|
20
|
-
constructor(cache: ICacheService, userService: IUserService, jwtService: JwtService);
|
|
21
|
-
/**
|
|
22
|
-
* Request an OTP code for the given email or phone.
|
|
23
|
-
* Returns the plaintext code (in production, dispatch via email/SMS).
|
|
24
|
-
*/
|
|
25
|
-
requestOtp(identifier: string, digits?: number, expiresIn?: number): Promise<string>;
|
|
26
|
-
/**
|
|
27
|
-
* Authenticate using an email/phone + OTP code.
|
|
28
|
-
*/
|
|
29
|
-
authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
|
|
30
|
-
}
|
|
31
|
-
//# sourceMappingURL=otp.strategy.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"otp.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/otp/otp.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,KAAK,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACpF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAGrD;;;;;;;GAOG;AACH,qBACa,WAAY,SAAQ,YAAY;IAMzC,OAAO,CAAC,QAAQ,CAAC,KAAK;IAEtB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAR7B,QAAQ,CAAC,IAAI,kBAAkB;IAC/B,QAAQ,CAAC,IAAI,SAAS;gBAIH,KAAK,EAAE,aAAa,EAEpB,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU;IAKzC;;;OAGG;IACG,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,SAAI,EAAE,SAAS,SAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAWlF;;OAEG;IACY,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CA8CxB"}
|
|
@@ -1,93 +0,0 @@
|
|
|
1
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
-
};
|
|
7
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
-
};
|
|
10
|
-
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
-
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
-
};
|
|
13
|
-
import { Inject, Injectable } from '@nestjs/common';
|
|
14
|
-
import { AuthMethod } from '../../interfaces';
|
|
15
|
-
import { CACHE_SERVICE, OTP_PREFIX, USER_SERVICE } from '../../auth.constants';
|
|
16
|
-
import { JwtService } from '../../session/jwt.service';
|
|
17
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
18
|
-
import { randomInt } from 'node:crypto';
|
|
19
|
-
/**
|
|
20
|
-
* One-Time Password (OTP) authentication via email or phone.
|
|
21
|
-
*
|
|
22
|
-
* Flow:
|
|
23
|
-
* 1. User enters email/phone → a numeric code is generated and stored in cache
|
|
24
|
-
* 2. Code is dispatched via email or SMS (consumer's responsibility)
|
|
25
|
-
* 3. User submits code → validated → signed in
|
|
26
|
-
*/
|
|
27
|
-
let OtpStrategy = class OtpStrategy extends BaseStrategy {
|
|
28
|
-
cache;
|
|
29
|
-
userService;
|
|
30
|
-
jwtService;
|
|
31
|
-
type = AuthMethod.OTP;
|
|
32
|
-
name = 'otp';
|
|
33
|
-
constructor(cache, userService, jwtService) {
|
|
34
|
-
super();
|
|
35
|
-
this.cache = cache;
|
|
36
|
-
this.userService = userService;
|
|
37
|
-
this.jwtService = jwtService;
|
|
38
|
-
}
|
|
39
|
-
/**
|
|
40
|
-
* Request an OTP code for the given email or phone.
|
|
41
|
-
* Returns the plaintext code (in production, dispatch via email/SMS).
|
|
42
|
-
*/
|
|
43
|
-
async requestOtp(identifier, digits = 6, expiresIn = 300) {
|
|
44
|
-
const min = Math.pow(10, digits - 1);
|
|
45
|
-
const max = Math.pow(10, digits) - 1;
|
|
46
|
-
const code = randomInt(min, max).toString();
|
|
47
|
-
const data = { code, attempts: 0, identifier };
|
|
48
|
-
await this.cache.set(`${OTP_PREFIX}${identifier}`, data, expiresIn);
|
|
49
|
-
return code;
|
|
50
|
-
}
|
|
51
|
-
/**
|
|
52
|
-
* Authenticate using an email/phone + OTP code.
|
|
53
|
-
*/
|
|
54
|
-
async authenticate(payload, _context) {
|
|
55
|
-
const identifier = payload.identifier;
|
|
56
|
-
const code = payload.code;
|
|
57
|
-
if (!identifier || !code) {
|
|
58
|
-
throw new Error('identifier and code are required');
|
|
59
|
-
}
|
|
60
|
-
const data = await this.cache.get(`${OTP_PREFIX}${identifier}`);
|
|
61
|
-
if (!data) {
|
|
62
|
-
throw new Error('OTP not found or expired');
|
|
63
|
-
}
|
|
64
|
-
if (data.attempts >= 3) {
|
|
65
|
-
await this.cache.del(`${OTP_PREFIX}${identifier}`);
|
|
66
|
-
throw new Error('Too many failed OTP attempts');
|
|
67
|
-
}
|
|
68
|
-
if (data.code !== code) {
|
|
69
|
-
data.attempts += 1;
|
|
70
|
-
await this.cache.set(`${OTP_PREFIX}${identifier}`, data, 300);
|
|
71
|
-
throw new Error('Invalid OTP code');
|
|
72
|
-
}
|
|
73
|
-
// Code is valid — clean up
|
|
74
|
-
await this.cache.del(`${OTP_PREFIX}${identifier}`);
|
|
75
|
-
const isEmail = identifier.includes('@');
|
|
76
|
-
let user = isEmail ? await this.userService.findByEmail(identifier) : null;
|
|
77
|
-
if (!user) {
|
|
78
|
-
user = await this.userService.create(isEmail ? { email: identifier } : { phone: identifier });
|
|
79
|
-
}
|
|
80
|
-
user.roles = await this.userService.getRoles(user.id);
|
|
81
|
-
user.permissions = await this.userService.getPermissions(user.id);
|
|
82
|
-
const tokens = await this.jwtService.signTokens(user);
|
|
83
|
-
return { user, tokens, isNewUser: !user.email };
|
|
84
|
-
}
|
|
85
|
-
};
|
|
86
|
-
OtpStrategy = __decorate([
|
|
87
|
-
Injectable(),
|
|
88
|
-
__param(0, Inject(CACHE_SERVICE)),
|
|
89
|
-
__param(1, Inject(USER_SERVICE)),
|
|
90
|
-
__metadata("design:paramtypes", [Object, Object, JwtService])
|
|
91
|
-
], OtpStrategy);
|
|
92
|
-
export { OtpStrategy };
|
|
93
|
-
//# sourceMappingURL=otp.strategy.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"otp.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/otp/otp.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAwC,MAAM,kBAAkB,CAAC;AAEpF,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC/E,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC;;;;;;;GAOG;AAEI,IAAM,WAAW,GAAjB,MAAM,WAAY,SAAQ,YAAY;IAMxB;IAEA;IACA;IARV,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC;IACtB,IAAI,GAAG,KAAK,CAAC;IAEtB,YAEmB,KAAoB,EAEpB,WAAyB,EACzB,UAAsB;QAEvC,KAAK,EAAE,CAAC;QALS,UAAK,GAAL,KAAK,CAAe;QAEpB,gBAAW,GAAX,WAAW,CAAc;QACzB,eAAU,GAAV,UAAU,CAAY;IAGzC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,UAAkB,EAAE,MAAM,GAAG,CAAC,EAAE,SAAS,GAAG,GAAG;QAC9D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,CAAC,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;QAE5C,MAAM,IAAI,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC;QAC/C,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,UAAU,GAAG,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QAEpE,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAoB,CAAC;QAChD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAc,CAAC;QAEpC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAI9B,GAAG,UAAU,GAAG,UAAU,EAAE,CAAC,CAAC;QAEjC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,UAAU,GAAG,UAAU,EAAE,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YACvB,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC;YACnB,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,UAAU,GAAG,UAAU,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAC9D,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;QAED,2BAA2B;QAC3B,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,UAAU,GAAG,UAAU,EAAE,CAAC,CAAC;QAEnD,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE3E,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;QAChG,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IAClD,CAAC;CACF,CAAA;AAjFY,WAAW;IADvB,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,aAAa,CAAC,CAAA;IAErB,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;qDAEQ,UAAU;GAT9B,WAAW,CAiFvB"}
|
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import { AuthMethod, type IAuthResult } from '../../interfaces';
|
|
3
|
-
import type { IUserService } from '../../interfaces';
|
|
4
|
-
import { JwtService } from '../../session/jwt.service';
|
|
5
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
6
|
-
/**
|
|
7
|
-
* WebAuthn / FIDO2 Passkey authentication strategy.
|
|
8
|
-
*
|
|
9
|
-
* Provides credential registration and assertion ceremonies
|
|
10
|
-
* using the `@simplewebauthn/server` package (loaded dynamically).
|
|
11
|
-
*/
|
|
12
|
-
export declare class PasskeyStrategy extends BaseStrategy {
|
|
13
|
-
private readonly userService;
|
|
14
|
-
private readonly jwtService;
|
|
15
|
-
readonly type = AuthMethod.PASSKEY;
|
|
16
|
-
readonly name = "passkey";
|
|
17
|
-
constructor(userService: IUserService, jwtService: JwtService);
|
|
18
|
-
/**
|
|
19
|
-
* Authenticate using a WebAuthn assertion response.
|
|
20
|
-
*/
|
|
21
|
-
authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
|
|
22
|
-
/**
|
|
23
|
-
* Generate registration options for the WebAuthn ceremony.
|
|
24
|
-
*/
|
|
25
|
-
generateRegistrationOptions(userId: string, userName: string, rpName?: string, rpId?: string): Promise<Record<string, unknown>>;
|
|
26
|
-
/**
|
|
27
|
-
* Verify a registration response and return the credential.
|
|
28
|
-
*/
|
|
29
|
-
verifyRegistrationResponse(credential: Record<string, unknown>, expectedChallenge: string, expectedOrigin: string, expectedRpId: string): Promise<Record<string, unknown>>;
|
|
30
|
-
private loadWebAuthn;
|
|
31
|
-
}
|
|
32
|
-
//# sourceMappingURL=passkey.strategy.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"passkey.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/passkey/passkey.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AACH,qBACa,eAAgB,SAAQ,YAAY;IAM7C,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAN7B,QAAQ,CAAC,IAAI,sBAAsB;IACnC,QAAQ,CAAC,IAAI,aAAa;gBAIP,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU;IAKzC;;OAEG;IACY,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;IA6BvB;;OAEG;IACG,2BAA2B,CAC/B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,MAAM,SAAY,EAClB,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAcnC;;OAEG;IACG,0BAA0B,CAC9B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnC,iBAAiB,EAAE,MAAM,EACzB,cAAc,EAAE,MAAM,EACtB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAYrB,YAAY;CAS3B"}
|
|
@@ -1,102 +0,0 @@
|
|
|
1
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
-
};
|
|
7
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
-
};
|
|
10
|
-
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
-
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
-
};
|
|
13
|
-
import { Inject, Injectable } from '@nestjs/common';
|
|
14
|
-
import { AuthMethod } from '../../interfaces';
|
|
15
|
-
import { USER_SERVICE } from '../../auth.constants';
|
|
16
|
-
import { JwtService } from '../../session/jwt.service';
|
|
17
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
18
|
-
/**
|
|
19
|
-
* WebAuthn / FIDO2 Passkey authentication strategy.
|
|
20
|
-
*
|
|
21
|
-
* Provides credential registration and assertion ceremonies
|
|
22
|
-
* using the `@simplewebauthn/server` package (loaded dynamically).
|
|
23
|
-
*/
|
|
24
|
-
let PasskeyStrategy = class PasskeyStrategy extends BaseStrategy {
|
|
25
|
-
userService;
|
|
26
|
-
jwtService;
|
|
27
|
-
type = AuthMethod.PASSKEY;
|
|
28
|
-
name = 'passkey';
|
|
29
|
-
constructor(userService, jwtService) {
|
|
30
|
-
super();
|
|
31
|
-
this.userService = userService;
|
|
32
|
-
this.jwtService = jwtService;
|
|
33
|
-
}
|
|
34
|
-
/**
|
|
35
|
-
* Authenticate using a WebAuthn assertion response.
|
|
36
|
-
*/
|
|
37
|
-
async authenticate(payload, _context) {
|
|
38
|
-
const userId = payload.userId;
|
|
39
|
-
const credential = payload.credential;
|
|
40
|
-
if (!userId || !credential) {
|
|
41
|
-
throw new Error('userId and credential are required');
|
|
42
|
-
}
|
|
43
|
-
const user = await this.userService.findById(userId);
|
|
44
|
-
if (!user) {
|
|
45
|
-
throw new Error('User not found');
|
|
46
|
-
}
|
|
47
|
-
// In production, use @simplewebauthn/server to verify the assertion.
|
|
48
|
-
// This requires stored credential records (credentialID, publicKey, counter).
|
|
49
|
-
//
|
|
50
|
-
// const verification = await verifyAuthenticationResponse({ ... });
|
|
51
|
-
//
|
|
52
|
-
// For now, we assume verification succeeds when the strategy is called.
|
|
53
|
-
// Consumers should override or extend this behavior.
|
|
54
|
-
user.roles = await this.userService.getRoles(user.id);
|
|
55
|
-
user.permissions = await this.userService.getPermissions(user.id);
|
|
56
|
-
const tokens = await this.jwtService.signTokens(user);
|
|
57
|
-
return { user, tokens };
|
|
58
|
-
}
|
|
59
|
-
/**
|
|
60
|
-
* Generate registration options for the WebAuthn ceremony.
|
|
61
|
-
*/
|
|
62
|
-
async generateRegistrationOptions(userId, userName, rpName = 'NestKit', rpId) {
|
|
63
|
-
const webauthn = await this.loadWebAuthn();
|
|
64
|
-
const userEncoder = new TextEncoder();
|
|
65
|
-
const options = webauthn.generateRegistrationOptions({
|
|
66
|
-
rpName,
|
|
67
|
-
rpID: rpId ?? 'localhost',
|
|
68
|
-
userName,
|
|
69
|
-
userID: userEncoder.encode(userId),
|
|
70
|
-
attestationType: 'none',
|
|
71
|
-
});
|
|
72
|
-
return options;
|
|
73
|
-
}
|
|
74
|
-
/**
|
|
75
|
-
* Verify a registration response and return the credential.
|
|
76
|
-
*/
|
|
77
|
-
async verifyRegistrationResponse(credential, expectedChallenge, expectedOrigin, expectedRpId) {
|
|
78
|
-
const webauthn = await this.loadWebAuthn();
|
|
79
|
-
const verification = await webauthn.verifyRegistrationResponse({
|
|
80
|
-
response: credential,
|
|
81
|
-
expectedChallenge,
|
|
82
|
-
expectedOrigin,
|
|
83
|
-
expectedRPID: expectedRpId,
|
|
84
|
-
});
|
|
85
|
-
return verification;
|
|
86
|
-
}
|
|
87
|
-
async loadWebAuthn() {
|
|
88
|
-
try {
|
|
89
|
-
return await import('@simplewebauthn/server');
|
|
90
|
-
}
|
|
91
|
-
catch {
|
|
92
|
-
throw new Error('Passkey strategy requires "@simplewebauthn/server". Run: npm install @simplewebauthn/server');
|
|
93
|
-
}
|
|
94
|
-
}
|
|
95
|
-
};
|
|
96
|
-
PasskeyStrategy = __decorate([
|
|
97
|
-
Injectable(),
|
|
98
|
-
__param(0, Inject(USER_SERVICE)),
|
|
99
|
-
__metadata("design:paramtypes", [Object, JwtService])
|
|
100
|
-
], PasskeyStrategy);
|
|
101
|
-
export { PasskeyStrategy };
|
|
102
|
-
//# sourceMappingURL=passkey.strategy.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"passkey.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/passkey/passkey.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AAEI,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,YAAY;IAM5B;IACA;IANV,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC;IAC1B,IAAI,GAAG,SAAS,CAAC;IAE1B,YAEmB,WAAyB,EACzB,UAAsB;QAEvC,KAAK,EAAE,CAAC;QAHS,gBAAW,GAAX,WAAW,CAAc;QACzB,eAAU,GAAV,UAAU,CAAY;IAGzC,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAgB,CAAC;QACxC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAqC,CAAC;QAEjE,IAAI,CAAC,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACrD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QAED,qEAAqE;QACrE,8EAA8E;QAC9E,EAAE;QACF,oEAAoE;QACpE,EAAE;QACF,wEAAwE;QACxE,qDAAqD;QAErD,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,2BAA2B,CAC/B,MAAc,EACd,QAAgB,EAChB,MAAM,GAAG,SAAS,EAClB,IAAa;QAEb,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC3C,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,QAAQ,CAAC,2BAA2B,CAAC;YACnD,MAAM;YACN,IAAI,EAAE,IAAI,IAAI,WAAW;YACzB,QAAQ;YACR,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC;YAClC,eAAe,EAAE,MAAM;SACxB,CAAC,CAAC;QAEH,OAAO,OAA6C,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,0BAA0B,CAC9B,UAAmC,EACnC,iBAAyB,EACzB,cAAsB,EACtB,YAAoB;QAEpB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC3C,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,0BAA0B,CAAC;YAC7D,QAAQ,EAAE,UAAmB;YAC7B,iBAAiB;YACjB,cAAc;YACd,YAAY,EAAE,YAAY;SAC3B,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,IAAI,CAAC;YACH,OAAO,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAC;QACJ,CAAC;IACH,CAAC;CACF,CAAA;AAlGY,eAAe;IAD3B,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;6CAEQ,UAAU;GAP9B,eAAe,CAkG3B"}
|
|
@@ -1,25 +0,0 @@
|
|
|
1
|
-
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import { AuthMethod, type IAuthResult } from '../../interfaces';
|
|
3
|
-
import type { IUserService } from '../../interfaces';
|
|
4
|
-
import { JwtService } from '../../session/jwt.service';
|
|
5
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
6
|
-
/**
|
|
7
|
-
* SSO authentication via SAML2 or OpenID Connect.
|
|
8
|
-
*
|
|
9
|
-
* Supports multiple SAML and OIDC providers configured at module init.
|
|
10
|
-
*/
|
|
11
|
-
export declare class SsoStrategy extends BaseStrategy {
|
|
12
|
-
private readonly userService;
|
|
13
|
-
private readonly jwtService;
|
|
14
|
-
readonly type = AuthMethod.SSO;
|
|
15
|
-
readonly name = "sso";
|
|
16
|
-
constructor(userService: IUserService, jwtService: JwtService);
|
|
17
|
-
/**
|
|
18
|
-
* Authenticate using an SSO assertion / token.
|
|
19
|
-
*
|
|
20
|
-
* SAML: payload contains `SAMLResponse` (base64-encoded XML assertion)
|
|
21
|
-
* OIDC: payload contains `idToken` (JWT)
|
|
22
|
-
*/
|
|
23
|
-
authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
|
|
24
|
-
}
|
|
25
|
-
//# sourceMappingURL=sso.strategy.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"sso.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/sso/sso.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;GAIG;AACH,qBACa,WAAY,SAAQ,YAAY;IAMzC,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAN7B,QAAQ,CAAC,IAAI,kBAAkB;IAC/B,QAAQ,CAAC,IAAI,SAAS;gBAIH,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU;IAKzC;;;;;OAKG;IACY,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CA2CxB"}
|
|
@@ -1,80 +0,0 @@
|
|
|
1
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
-
};
|
|
7
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
-
};
|
|
10
|
-
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
-
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
-
};
|
|
13
|
-
import { Inject, Injectable } from '@nestjs/common';
|
|
14
|
-
import { AuthMethod } from '../../interfaces';
|
|
15
|
-
import { USER_SERVICE } from '../../auth.constants';
|
|
16
|
-
import { JwtService } from '../../session/jwt.service';
|
|
17
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
18
|
-
/**
|
|
19
|
-
* SSO authentication via SAML2 or OpenID Connect.
|
|
20
|
-
*
|
|
21
|
-
* Supports multiple SAML and OIDC providers configured at module init.
|
|
22
|
-
*/
|
|
23
|
-
let SsoStrategy = class SsoStrategy extends BaseStrategy {
|
|
24
|
-
userService;
|
|
25
|
-
jwtService;
|
|
26
|
-
type = AuthMethod.SSO;
|
|
27
|
-
name = 'sso';
|
|
28
|
-
constructor(userService, jwtService) {
|
|
29
|
-
super();
|
|
30
|
-
this.userService = userService;
|
|
31
|
-
this.jwtService = jwtService;
|
|
32
|
-
}
|
|
33
|
-
/**
|
|
34
|
-
* Authenticate using an SSO assertion / token.
|
|
35
|
-
*
|
|
36
|
-
* SAML: payload contains `SAMLResponse` (base64-encoded XML assertion)
|
|
37
|
-
* OIDC: payload contains `idToken` (JWT)
|
|
38
|
-
*/
|
|
39
|
-
async authenticate(payload, _context) {
|
|
40
|
-
const provider = payload.provider;
|
|
41
|
-
const samlResponse = payload.SAMLResponse;
|
|
42
|
-
const idToken = payload.idToken;
|
|
43
|
-
if (!provider) {
|
|
44
|
-
throw new Error('SSO provider is required');
|
|
45
|
-
}
|
|
46
|
-
if (!samlResponse && !idToken) {
|
|
47
|
-
throw new Error('Either SAMLResponse or idToken is required');
|
|
48
|
-
}
|
|
49
|
-
// SAML: Parse the assertion, extract attributes (NameID, email, etc.)
|
|
50
|
-
// OIDC: Verify the ID token JWT, extract claims
|
|
51
|
-
//
|
|
52
|
-
// In production, use passport-saml for SAML or manually verify OIDC JWTs.
|
|
53
|
-
//
|
|
54
|
-
// const profile = samlResponse
|
|
55
|
-
// ? await parseSamlResponse(samlResponse, providerConfig)
|
|
56
|
-
// : await verifyOidcToken(idToken, providerConfig);
|
|
57
|
-
const subject = payload.sub || payload.NameID;
|
|
58
|
-
const email = payload.email;
|
|
59
|
-
const name = payload.name;
|
|
60
|
-
const socialId = `sso:${provider}:${subject}`;
|
|
61
|
-
let user = await this.userService.findBySocialId(provider, socialId);
|
|
62
|
-
if (!user) {
|
|
63
|
-
user = await this.userService.create({
|
|
64
|
-
email,
|
|
65
|
-
username: name,
|
|
66
|
-
});
|
|
67
|
-
}
|
|
68
|
-
user.roles = await this.userService.getRoles(user.id);
|
|
69
|
-
user.permissions = await this.userService.getPermissions(user.id);
|
|
70
|
-
const tokens = await this.jwtService.signTokens(user);
|
|
71
|
-
return { user, tokens, isNewUser: !user.email };
|
|
72
|
-
}
|
|
73
|
-
};
|
|
74
|
-
SsoStrategy = __decorate([
|
|
75
|
-
Injectable(),
|
|
76
|
-
__param(0, Inject(USER_SERVICE)),
|
|
77
|
-
__metadata("design:paramtypes", [Object, JwtService])
|
|
78
|
-
], SsoStrategy);
|
|
79
|
-
export { SsoStrategy };
|
|
80
|
-
//# sourceMappingURL=sso.strategy.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"sso.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/sso/sso.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;GAIG;AAEI,IAAM,WAAW,GAAjB,MAAM,WAAY,SAAQ,YAAY;IAMxB;IACA;IANV,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC;IACtB,IAAI,GAAG,KAAK,CAAC;IAEtB,YAEmB,WAAyB,EACzB,UAAsB;QAEvC,KAAK,EAAE,CAAC;QAHS,gBAAW,GAAX,WAAW,CAAc;QACzB,eAAU,GAAV,UAAU,CAAY;IAGzC,CAAC;IAED;;;;;OAKG;IACM,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAkB,CAAC;QAC5C,MAAM,YAAY,GAAG,OAAO,CAAC,YAAkC,CAAC;QAChE,MAAM,OAAO,GAAG,OAAO,CAAC,OAA6B,CAAC;QAEtD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,sEAAsE;QACtE,gDAAgD;QAChD,EAAE;QACF,0EAA0E;QAC1E,EAAE;QACF,+BAA+B;QAC/B,4DAA4D;QAC5D,sDAAsD;QAEtD,MAAM,OAAO,GAAI,OAAO,CAAC,GAAc,IAAK,OAAO,CAAC,MAAiB,CAAC;QACtE,MAAM,KAAK,GAAG,OAAO,CAAC,KAA2B,CAAC;QAClD,MAAM,IAAI,GAAG,OAAO,CAAC,IAA0B,CAAC;QAEhD,MAAM,QAAQ,GAAG,OAAO,QAAQ,IAAI,OAAO,EAAE,CAAC;QAC9C,IAAI,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAErE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;gBACnC,KAAK;gBACL,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IAClD,CAAC;CACF,CAAA;AAhEY,WAAW;IADvB,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;6CAEQ,UAAU;GAP9B,WAAW,CAgEvB"}
|
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import { AuthMethod, type IAuthResult } from '../../interfaces';
|
|
3
|
-
import type { IUserService } from '../../interfaces';
|
|
4
|
-
import { JwtService } from '../../session/jwt.service';
|
|
5
|
-
import { BaseStrategy } from '../base/base.strategy';
|
|
6
|
-
/**
|
|
7
|
-
* TOTP-based Two-Factor Authentication.
|
|
8
|
-
*
|
|
9
|
-
* Supports enrollment (generating secret + QR code), verification of codes,
|
|
10
|
-
* and backup-code management.
|
|
11
|
-
*/
|
|
12
|
-
export declare class TotpStrategy extends BaseStrategy {
|
|
13
|
-
private readonly userService;
|
|
14
|
-
private readonly jwtService;
|
|
15
|
-
readonly type = AuthMethod.TOTP;
|
|
16
|
-
readonly name = "totp";
|
|
17
|
-
constructor(userService: IUserService, jwtService: JwtService);
|
|
18
|
-
/**
|
|
19
|
-
* Authenticate using a TOTP code after primary authentication.
|
|
20
|
-
* Expects `userId` and `code` in the payload.
|
|
21
|
-
*/
|
|
22
|
-
authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
|
|
23
|
-
/**
|
|
24
|
-
* Generate a new TOTP secret for a user (enrollment).
|
|
25
|
-
* Returns the secret and an otpauth URL for QR code generation.
|
|
26
|
-
*/
|
|
27
|
-
enroll(userId: string, issuer?: string): Promise<{
|
|
28
|
-
secret: string;
|
|
29
|
-
otpauthUrl: string;
|
|
30
|
-
}>;
|
|
31
|
-
/**
|
|
32
|
-
* Verify a TOTP or backup code.
|
|
33
|
-
*/
|
|
34
|
-
verifyCode(secret: string, code: string): Promise<boolean>;
|
|
35
|
-
private loadOtpauth;
|
|
36
|
-
}
|
|
37
|
-
//# sourceMappingURL=totp.strategy.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"totp.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/totp/totp.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AACH,qBACa,YAAa,SAAQ,YAAY;IAM1C,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAN7B,QAAQ,CAAC,IAAI,mBAAmB;IAChC,QAAQ,CAAC,IAAI,UAAU;gBAIJ,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU;IAKzC;;;OAGG;IACY,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;IAgCvB;;;OAGG;IACG,MAAM,CACV,MAAM,EAAE,MAAM,EACd,MAAM,SAAY,GACjB,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAgBlD;;OAEG;IACG,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;YAclD,WAAW;CAO1B"}
|