@os.io/nest-kit 0.0.1-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +111 -0
- package/dist/auth/auth.constants.d.ts +19 -0
- package/dist/auth/auth.constants.d.ts.map +1 -0
- package/dist/auth/auth.constants.js +19 -0
- package/dist/auth/auth.constants.js.map +1 -0
- package/dist/auth/auth.guard.d.ts +20 -0
- package/dist/auth/auth.guard.d.ts.map +1 -0
- package/dist/auth/auth.guard.js +84 -0
- package/dist/auth/auth.guard.js.map +1 -0
- package/dist/auth/auth.module.d.ts +26 -0
- package/dist/auth/auth.module.d.ts.map +1 -0
- package/dist/auth/auth.module.js +344 -0
- package/dist/auth/auth.module.js.map +1 -0
- package/dist/auth/auth.options.d.ts +179 -0
- package/dist/auth/auth.options.d.ts.map +1 -0
- package/dist/auth/auth.options.js +2 -0
- package/dist/auth/auth.options.js.map +1 -0
- package/dist/auth/auth.service.d.ts +57 -0
- package/dist/auth/auth.service.d.ts.map +1 -0
- package/dist/auth/auth.service.js +175 -0
- package/dist/auth/auth.service.js.map +1 -0
- package/dist/auth/authorization/index.d.ts +3 -0
- package/dist/auth/authorization/index.d.ts.map +1 -0
- package/dist/auth/authorization/index.js +3 -0
- package/dist/auth/authorization/index.js.map +1 -0
- package/dist/auth/authorization/pbac/index.d.ts +6 -0
- package/dist/auth/authorization/pbac/index.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/index.js +4 -0
- package/dist/auth/authorization/pbac/index.js.map +1 -0
- package/dist/auth/authorization/pbac/pbac.decorator.d.ts +18 -0
- package/dist/auth/authorization/pbac/pbac.decorator.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/pbac.decorator.js +14 -0
- package/dist/auth/authorization/pbac/pbac.decorator.js.map +1 -0
- package/dist/auth/authorization/pbac/pbac.guard.d.ts +19 -0
- package/dist/auth/authorization/pbac/pbac.guard.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/pbac.guard.js +60 -0
- package/dist/auth/authorization/pbac/pbac.guard.js.map +1 -0
- package/dist/auth/authorization/pbac/pbac.service.d.ts +44 -0
- package/dist/auth/authorization/pbac/pbac.service.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/pbac.service.js +146 -0
- package/dist/auth/authorization/pbac/pbac.service.js.map +1 -0
- package/dist/auth/authorization/pbac/pbac.types.d.ts +47 -0
- package/dist/auth/authorization/pbac/pbac.types.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/pbac.types.js +2 -0
- package/dist/auth/authorization/pbac/pbac.types.js.map +1 -0
- package/dist/auth/authorization/rbac/index.d.ts +4 -0
- package/dist/auth/authorization/rbac/index.d.ts.map +1 -0
- package/dist/auth/authorization/rbac/index.js +4 -0
- package/dist/auth/authorization/rbac/index.js.map +1 -0
- package/dist/auth/authorization/rbac/rbac.decorator.d.ts +18 -0
- package/dist/auth/authorization/rbac/rbac.decorator.d.ts.map +1 -0
- package/dist/auth/authorization/rbac/rbac.decorator.js +25 -0
- package/dist/auth/authorization/rbac/rbac.decorator.js.map +1 -0
- package/dist/auth/authorization/rbac/rbac.guard.d.ts +19 -0
- package/dist/auth/authorization/rbac/rbac.guard.d.ts.map +1 -0
- package/dist/auth/authorization/rbac/rbac.guard.js +50 -0
- package/dist/auth/authorization/rbac/rbac.guard.js.map +1 -0
- package/dist/auth/authorization/rbac/rbac.service.d.ts +43 -0
- package/dist/auth/authorization/rbac/rbac.service.d.ts.map +1 -0
- package/dist/auth/authorization/rbac/rbac.service.js +95 -0
- package/dist/auth/authorization/rbac/rbac.service.js.map +1 -0
- package/dist/auth/decorators/current-user.decorator.d.ts +17 -0
- package/dist/auth/decorators/current-user.decorator.d.ts.map +1 -0
- package/dist/auth/decorators/current-user.decorator.js +23 -0
- package/dist/auth/decorators/current-user.decorator.js.map +1 -0
- package/dist/auth/decorators/index.d.ts +3 -0
- package/dist/auth/decorators/index.d.ts.map +1 -0
- package/dist/auth/decorators/index.js +3 -0
- package/dist/auth/decorators/index.js.map +1 -0
- package/dist/auth/decorators/public.decorator.d.ts +13 -0
- package/dist/auth/decorators/public.decorator.d.ts.map +1 -0
- package/dist/auth/decorators/public.decorator.js +15 -0
- package/dist/auth/decorators/public.decorator.js.map +1 -0
- package/dist/auth/index.d.ts +63 -0
- package/dist/auth/index.d.ts.map +1 -0
- package/dist/auth/index.js +65 -0
- package/dist/auth/index.js.map +1 -0
- package/dist/auth/interfaces/auth-request.interface.d.ts +18 -0
- package/dist/auth/interfaces/auth-request.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/auth-request.interface.js +2 -0
- package/dist/auth/interfaces/auth-request.interface.js.map +1 -0
- package/dist/auth/interfaces/auth-result.interface.d.ts +28 -0
- package/dist/auth/interfaces/auth-result.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/auth-result.interface.js +2 -0
- package/dist/auth/interfaces/auth-result.interface.js.map +1 -0
- package/dist/auth/interfaces/auth-strategy.interface.d.ts +37 -0
- package/dist/auth/interfaces/auth-strategy.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/auth-strategy.interface.js +16 -0
- package/dist/auth/interfaces/auth-strategy.interface.js.map +1 -0
- package/dist/auth/interfaces/auth-user.interface.d.ts +25 -0
- package/dist/auth/interfaces/auth-user.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/auth-user.interface.js +2 -0
- package/dist/auth/interfaces/auth-user.interface.js.map +1 -0
- package/dist/auth/interfaces/cache-service.interface.d.ts +30 -0
- package/dist/auth/interfaces/cache-service.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/cache-service.interface.js +2 -0
- package/dist/auth/interfaces/cache-service.interface.js.map +1 -0
- package/dist/auth/interfaces/index.d.ts +8 -0
- package/dist/auth/interfaces/index.d.ts.map +1 -0
- package/dist/auth/interfaces/index.js +2 -0
- package/dist/auth/interfaces/index.js.map +1 -0
- package/dist/auth/interfaces/user-service.interface.d.ts +34 -0
- package/dist/auth/interfaces/user-service.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/user-service.interface.js +2 -0
- package/dist/auth/interfaces/user-service.interface.js.map +1 -0
- package/dist/auth/password/password.service.d.ts +23 -0
- package/dist/auth/password/password.service.d.ts.map +1 -0
- package/dist/auth/password/password.service.js +52 -0
- package/dist/auth/password/password.service.js.map +1 -0
- package/dist/auth/session/device-session.service.d.ts +43 -0
- package/dist/auth/session/device-session.service.d.ts.map +1 -0
- package/dist/auth/session/device-session.service.js +72 -0
- package/dist/auth/session/device-session.service.js.map +1 -0
- package/dist/auth/session/index.d.ts +5 -0
- package/dist/auth/session/index.d.ts.map +1 -0
- package/dist/auth/session/index.js +4 -0
- package/dist/auth/session/index.js.map +1 -0
- package/dist/auth/session/jwt.service.d.ts +37 -0
- package/dist/auth/session/jwt.service.d.ts.map +1 -0
- package/dist/auth/session/jwt.service.js +119 -0
- package/dist/auth/session/jwt.service.js.map +1 -0
- package/dist/auth/session/token-blacklist.service.d.ts +37 -0
- package/dist/auth/session/token-blacklist.service.d.ts.map +1 -0
- package/dist/auth/session/token-blacklist.service.js +70 -0
- package/dist/auth/session/token-blacklist.service.js.map +1 -0
- package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts +19 -0
- package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/anonymous/anonymous.strategy.js +49 -0
- package/dist/auth/strategies/anonymous/anonymous.strategy.js.map +1 -0
- package/dist/auth/strategies/base/base.strategy.d.ts +11 -0
- package/dist/auth/strategies/base/base.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/base/base.strategy.js +6 -0
- package/dist/auth/strategies/base/base.strategy.js.map +1 -0
- package/dist/auth/strategies/credentials/credentials.strategy.d.ts +21 -0
- package/dist/auth/strategies/credentials/credentials.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/credentials/credentials.strategy.js +67 -0
- package/dist/auth/strategies/credentials/credentials.strategy.js.map +1 -0
- package/dist/auth/strategies/index.d.ts +12 -0
- package/dist/auth/strategies/index.d.ts.map +1 -0
- package/dist/auth/strategies/index.js +12 -0
- package/dist/auth/strategies/index.js.map +1 -0
- package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts +31 -0
- package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/magic-link/magic-link.strategy.js +88 -0
- package/dist/auth/strategies/magic-link/magic-link.strategy.js.map +1 -0
- package/dist/auth/strategies/oauth/index.d.ts +3 -0
- package/dist/auth/strategies/oauth/index.d.ts.map +1 -0
- package/dist/auth/strategies/oauth/index.js +3 -0
- package/dist/auth/strategies/oauth/index.js.map +1 -0
- package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts +13 -0
- package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts.map +1 -0
- package/dist/auth/strategies/oauth/oauth-provider-registry.js +20 -0
- package/dist/auth/strategies/oauth/oauth-provider-registry.js.map +1 -0
- package/dist/auth/strategies/oauth/oauth.strategy.d.ts +23 -0
- package/dist/auth/strategies/oauth/oauth.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/oauth/oauth.strategy.js +79 -0
- package/dist/auth/strategies/oauth/oauth.strategy.js.map +1 -0
- package/dist/auth/strategies/onetap/onetap.strategy.d.ts +24 -0
- package/dist/auth/strategies/onetap/onetap.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/onetap/onetap.strategy.js +77 -0
- package/dist/auth/strategies/onetap/onetap.strategy.js.map +1 -0
- package/dist/auth/strategies/otp/otp.strategy.d.ts +31 -0
- package/dist/auth/strategies/otp/otp.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/otp/otp.strategy.js +93 -0
- package/dist/auth/strategies/otp/otp.strategy.js.map +1 -0
- package/dist/auth/strategies/passkey/passkey.strategy.d.ts +32 -0
- package/dist/auth/strategies/passkey/passkey.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/passkey/passkey.strategy.js +102 -0
- package/dist/auth/strategies/passkey/passkey.strategy.js.map +1 -0
- package/dist/auth/strategies/sso/sso.strategy.d.ts +25 -0
- package/dist/auth/strategies/sso/sso.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/sso/sso.strategy.js +80 -0
- package/dist/auth/strategies/sso/sso.strategy.js.map +1 -0
- package/dist/auth/strategies/totp/totp.strategy.d.ts +37 -0
- package/dist/auth/strategies/totp/totp.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/totp/totp.strategy.js +109 -0
- package/dist/auth/strategies/totp/totp.strategy.js.map +1 -0
- package/dist/auth/throttling/index.d.ts +2 -0
- package/dist/auth/throttling/index.d.ts.map +1 -0
- package/dist/auth/throttling/index.js +2 -0
- package/dist/auth/throttling/index.js.map +1 -0
- package/dist/auth/throttling/throttle.service.d.ts +27 -0
- package/dist/auth/throttling/throttle.service.d.ts.map +1 -0
- package/dist/auth/throttling/throttle.service.js +63 -0
- package/dist/auth/throttling/throttle.service.js.map +1 -0
- package/dist/bootstrap/cache/config.d.ts +135 -0
- package/dist/bootstrap/cache/config.d.ts.map +1 -0
- package/dist/bootstrap/cache/config.js +189 -0
- package/dist/bootstrap/cache/config.js.map +1 -0
- package/dist/bootstrap/cache/index.d.ts +11 -0
- package/dist/bootstrap/cache/index.d.ts.map +1 -0
- package/dist/bootstrap/cache/index.js +11 -0
- package/dist/bootstrap/cache/index.js.map +1 -0
- package/dist/bootstrap/index.d.ts +21 -0
- package/dist/bootstrap/index.d.ts.map +1 -0
- package/dist/bootstrap/index.js +21 -0
- package/dist/bootstrap/index.js.map +1 -0
- package/dist/bootstrap/scalar/api-docs.d.ts +39 -0
- package/dist/bootstrap/scalar/api-docs.d.ts.map +1 -0
- package/dist/bootstrap/scalar/api-docs.js +41 -0
- package/dist/bootstrap/scalar/api-docs.js.map +1 -0
- package/dist/bootstrap/scalar/index.d.ts +39 -0
- package/dist/bootstrap/scalar/index.d.ts.map +1 -0
- package/dist/bootstrap/scalar/index.js +41 -0
- package/dist/bootstrap/scalar/index.js.map +1 -0
- package/dist/bootstrap/swagger/api-docs.d.ts +73 -0
- package/dist/bootstrap/swagger/api-docs.d.ts.map +1 -0
- package/dist/bootstrap/swagger/api-docs.js +87 -0
- package/dist/bootstrap/swagger/api-docs.js.map +1 -0
- package/dist/bootstrap/swagger/index.d.ts +37 -0
- package/dist/bootstrap/swagger/index.d.ts.map +1 -0
- package/dist/bootstrap/swagger/index.js +36 -0
- package/dist/bootstrap/swagger/index.js.map +1 -0
- package/dist/bootstrap/typeorm/config/index.d.ts +12 -0
- package/dist/bootstrap/typeorm/config/index.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/config/index.js +62 -0
- package/dist/bootstrap/typeorm/config/index.js.map +1 -0
- package/dist/bootstrap/typeorm/crud/controller.d.ts +13 -0
- package/dist/bootstrap/typeorm/crud/controller.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/crud/controller.js +72 -0
- package/dist/bootstrap/typeorm/crud/controller.js.map +1 -0
- package/dist/bootstrap/typeorm/crud/index.d.ts +4 -0
- package/dist/bootstrap/typeorm/crud/index.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/crud/index.js +3 -0
- package/dist/bootstrap/typeorm/crud/index.js.map +1 -0
- package/dist/bootstrap/typeorm/crud/service.d.ts +10 -0
- package/dist/bootstrap/typeorm/crud/service.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/crud/service.js +21 -0
- package/dist/bootstrap/typeorm/crud/service.js.map +1 -0
- package/dist/bootstrap/typeorm/index.d.ts +18 -0
- package/dist/bootstrap/typeorm/index.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/index.js +18 -0
- package/dist/bootstrap/typeorm/index.js.map +1 -0
- package/dist/bootstrap/typeorm/uow/factory.d.ts +5 -0
- package/dist/bootstrap/typeorm/uow/factory.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/uow/factory.js +27 -0
- package/dist/bootstrap/typeorm/uow/factory.js.map +1 -0
- package/dist/bootstrap/typeorm/uow/index.d.ts +4 -0
- package/dist/bootstrap/typeorm/uow/index.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/uow/index.js +4 -0
- package/dist/bootstrap/typeorm/uow/index.js.map +1 -0
- package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts +62 -0
- package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/uow/transactional.decorator.js +114 -0
- package/dist/bootstrap/typeorm/uow/transactional.decorator.js.map +1 -0
- package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts +11 -0
- package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/uow/unit-of-work.js +23 -0
- package/dist/bootstrap/typeorm/uow/unit-of-work.js.map +1 -0
- package/dist/core/index.d.ts +11 -0
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +11 -0
- package/dist/core/index.js.map +1 -0
- package/dist/infra/audit-log/index.d.ts +12 -0
- package/dist/infra/audit-log/index.d.ts.map +1 -0
- package/dist/infra/audit-log/index.js +13 -0
- package/dist/infra/audit-log/index.js.map +1 -0
- package/dist/infra/index.d.ts +20 -0
- package/dist/infra/index.d.ts.map +1 -0
- package/dist/infra/index.js +21 -0
- package/dist/infra/index.js.map +1 -0
- package/dist/infra/logger/index.d.ts +12 -0
- package/dist/infra/logger/index.d.ts.map +1 -0
- package/dist/infra/logger/index.js +13 -0
- package/dist/infra/logger/index.js.map +1 -0
- package/dist/infra/metrics/index.d.ts +18 -0
- package/dist/infra/metrics/index.d.ts.map +1 -0
- package/dist/infra/metrics/index.js +19 -0
- package/dist/infra/metrics/index.js.map +1 -0
- package/dist/infra/notification/index.d.ts +12 -0
- package/dist/infra/notification/index.d.ts.map +1 -0
- package/dist/infra/notification/index.js +13 -0
- package/dist/infra/notification/index.js.map +1 -0
- package/dist/infra/storage/index.d.ts +12 -0
- package/dist/infra/storage/index.d.ts.map +1 -0
- package/dist/infra/storage/index.js +13 -0
- package/dist/infra/storage/index.js.map +1 -0
- package/dist/infra/stripe/index.d.ts +12 -0
- package/dist/infra/stripe/index.d.ts.map +1 -0
- package/dist/infra/stripe/index.js +13 -0
- package/dist/infra/stripe/index.js.map +1 -0
- package/dist/saas/index.d.ts +18 -0
- package/dist/saas/index.d.ts.map +1 -0
- package/dist/saas/index.js +19 -0
- package/dist/saas/index.js.map +1 -0
- package/package.json +165 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.module.js","sourceRoot":"","sources":["../../packages/auth/auth.module.ts"],"names":[],"mappings":";;;;;;;AAAA,OAAO,EAAqC,MAAM,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAEnF,OAAO,EACL,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,YAAY,GACb,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAC1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAC;AACpF,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAChF,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,2CAA2C,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,6CAA6C,CAAC;AAChF,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,qCAAqC,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAG9D,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC;AAGjC,IAAM,UAAU,kBAAhB,MAAM,UAAU;IACrB;;OAEG;IACH,MAAM,CAAC,OAAO,CAAC,OAA0B,EAAE,iBAA6B,EAAE;QACxE,OAAO,YAAU,CAAC,WAAW,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,OAA+B;QACjD,MAAM,cAAc,GAAG,YAAU,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAChE,MAAM,iBAAiB,GAAG,YAAU,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QACnE,MAAM,aAAa,GAAG,YAAU,CAAC,mBAAmB,EAAE,CAAC;QACvD,MAAM,cAAc,GAAG,YAAU,CAAC,oBAAoB,EAAE,CAAC;QACzD,MAAM,yBAAyB,GAAG,YAAU,CAAC,+BAA+B,EAAE,CAAC;QAE/E,OAAO;YACL,MAAM,EAAE,YAAU;YAClB,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,IAAI;YAC9B,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,EAAE;YAC9B,SAAS,EAAE;gBACT,GAAG,cAAc;gBACjB,GAAG,iBAAiB;gBACpB,GAAG,aAAa;gBAChB,GAAG,cAAc;gBACjB,yBAAyB;gBACzB,GAAG,CAAC,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC;aAClC;YACD,OAAO,EAAE,YAAU,CAAC,UAAU,EAAE;SACjC,CAAC;IACJ,CAAC;IAEO,MAAM,CAAC,WAAW,CACxB,OAA0B,EAC1B,cAA0B;QAE1B,MAAM,SAAS,GAAe;YAC5B,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,OAAO,EAAE;YACnD,GAAG,YAAU,CAAC,uBAAuB,CAAC,KAAK,CAAC;YAC5C,GAAG,YAAU,CAAC,mBAAmB,EAAE;YACnC,GAAG,YAAU,CAAC,oBAAoB,EAAE;YACpC,YAAU,CAAC,+BAA+B,EAAE;YAC5C,GAAG,cAAc;SAClB,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CACT,0EAA0E;gBACxE,0CAA0C,CAC7C,CAAC;QACJ,CAAC;QAED,OAAO;YACL,MAAM,EAAE,YAAU;YAClB,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,IAAI;YAC9B,SAAS;YACT,OAAO,EAAE,YAAU,CAAC,UAAU,EAAE;SACjC,CAAC;IACJ,CAAC;IAEO,MAAM,CAAC,oBAAoB,CAAC,OAA+B;QACjE,OAAO;YACL;gBACE,OAAO,EAAE,mBAAmB;gBAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;aAC7B;SACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,MAAM,CAAC,uBAAuB,CAAC,KAAc;QACnD,MAAM,SAAS,GAAe,EAAE,CAAC;QAEjC,6DAA6D;QAC7D,SAAS,CAAC,IAAI,CAAC;YACb,OAAO,EAAE,mBAAmB;YAC5B,UAAU,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE;gBACjC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAsB,CAAC;gBAC7C,IAAI,OAAO,CAAC,WAAW,KAAK,KAAK,EAAE,CAAC;oBAClC,OAAO,YAAU,CAAC,sBAAsB,CAAC,YAAU,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC;gBAC9E,CAAC;gBACD,OAAO,IAAI,mBAAmB,CAC5B,IAAI,CAAC,CAAC,CAAiB,EACvB,IAAI,CAAC,CAAC,CAAoB,EAC1B,IAAI,CAAC,CAAC,CAAe,CACtB,CAAC;YACJ,CAAC;YACD,MAAM,EAAE,KAAK;gBACX,CAAC,CAAE,CAAC,mBAAmB,EAAE,YAAY,EAAE,eAAe,EAAE,UAAU,CAAW;gBAC7E,CAAC,CAAE,CAAC,mBAAmB,EAAE,YAAY,EAAE,eAAe,EAAE,UAAU,CAAW;SAChF,CAAC,CAAC;QAEH,uCAAuC;QACvC,SAAS,CAAC,IAAI,CAAC;YACb,OAAO,EAAE,aAAa;YACtB,UAAU,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE;gBACjC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAsB,CAAC;gBAC7C,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;oBACnB,OAAO,YAAU,CAAC,sBAAsB,CAAC,YAAU,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;gBACxE,CAAC;gBACD,MAAM,QAAQ,GAAG,IAAI,qBAAqB,EAAE,CAAC;gBAC7C,MAAM,SAAS,GAAG,OAAO,CAAC,KAAgC,CAAC;gBAC3D,KAAK,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;oBACxD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;wBAC5C,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,GAAY,CAAC,CAAC;oBAC5C,CAAC;gBACH,CAAC;gBACD,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAiB,EAAE,IAAI,CAAC,CAAC,CAAe,EAAE,QAAQ,CAAC,CAAC;YACrF,CAAC;YACD,MAAM,EAAE,KAAK;gBACX,CAAC,CAAE,CAAC,mBAAmB,EAAE,YAAY,EAAE,UAAU,CAAW;gBAC5D,CAAC,CAAE,CAAC,mBAAmB,EAAE,YAAY,EAAE,UAAU,CAAW;SAC/D,CAAC,CAAC;QAEH,sCAAsC;QACtC,SAAS,CAAC,IAAI,CAAC;YACb,OAAO,EAAE,YAAY;YACrB,UAAU,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE;gBACjC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAsB,CAAC;gBAC7C,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;oBAClB,OAAO,YAAU,CAAC,sBAAsB,CAAC,YAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;gBACvE,CAAC;gBACD,OAAO,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAiB,EAAE,IAAI,CAAC,CAAC,CAAe,CAAC,CAAC;YAC1E,CAAC;YACD,MAAM,EAAE,KAAK;gBACX,CAAC,CAAE,CAAC,mBAAmB,EAAE,YAAY,EAAE,UAAU,CAAW;gBAC5D,CAAC,CAAE,CAAC,mBAAmB,EAAE,YAAY,EAAE,UAAU,CAAW;SAC/D,CAAC,CAAC;QAEH,2CAA2C;QAC3C,SAAS,CAAC,IAAI,CAAC;YACb,OAAO,EAAE,iBAAiB;YAC1B,UAAU,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE;gBACjC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAsB,CAAC;gBAC7C,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;oBACvB,OAAO,YAAU,CAAC,sBAAsB,CAAC,YAAU,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;gBAC5E,CAAC;gBACD,OAAO,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAe,CAAC,CAAC;YACtD,CAAC;YACD,MAAM,EAAE,KAAK;gBACX,CAAC,CAAE,CAAC,mBAAmB,EAAE,UAAU,CAAW;gBAC9C,CAAC,CAAE,CAAC,mBAAmB,EAAE,UAAU,CAAW;SACjD,CAAC,CAAC;QAEH,4CAA4C;QAC5C,SAAS,CAAC,IAAI,CAAC;YACb,OAAO,EAAE,iBAAiB;YAC1B,UAAU,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE;gBACjC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAsB,CAAC;gBAC7C,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;oBACvB,OAAO,YAAU,CAAC,sBAAsB,CAAC,YAAU,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;gBAC7E,CAAC;gBACD,OAAO,IAAI,iBAAiB,CAC1B,IAAI,CAAC,CAAC,CAAkB,EACxB,IAAI,CAAC,CAAC,CAAiB,EACvB,IAAI,CAAC,CAAC,CAAe,CACtB,CAAC;YACJ,CAAC;YACD,MAAM,EAAE,KAAK;gBACX,CAAC,CAAE,CAAC,mBAAmB,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,CAAW;gBAC3E,CAAC,CAAE,CAAC,mBAAmB,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,CAAW;SAC9E,CAAC,CAAC;QAEH,qCAAqC;QACrC,SAAS,CAAC,IAAI,CAAC;YACb,OAAO,EAAE,WAAW;YACpB,UAAU,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE;gBACjC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAsB,CAAC;gBAC7C,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBACjB,OAAO,YAAU,CAAC,sBAAsB,CAAC,YAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;gBACtE,CAAC;gBACD,OAAO,IAAI,WAAW,CACpB,IAAI,CAAC,CAAC,CAAkB,EACxB,IAAI,CAAC,CAAC,CAAiB,EACvB,IAAI,CAAC,CAAC,CAAe,CACtB,CAAC;YACJ,CAAC;YACD,MAAM,EAAE,KAAK;gBACX,CAAC,CAAE,CAAC,mBAAmB,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,CAAW;gBAC3E,CAAC,CAAE,CAAC,mBAAmB,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,CAAW;SAC9E,CAAC,CAAC;QAEH,yCAAyC;QACzC,SAAS,CAAC,IAAI,CAAC;YACb,OAAO,EAAE,eAAe;YACxB,UAAU,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE;gBACjC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAsB,CAAC;gBAC7C,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;oBACrB,OAAO,YAAU,CAAC,sBAAsB,CAAC,YAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC1E,CAAC;gBACD,OAAO,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAiB,EAAE,IAAI,CAAC,CAAC,CAAe,CAAC,CAAC;YAC7E,CAAC;YACD,MAAM,EAAE,KAAK;gBACX,CAAC,CAAE,CAAC,mBAAmB,EAAE,YAAY,EAAE,UAAU,CAAW;gBAC5D,CAAC,CAAE,CAAC,mBAAmB,EAAE,YAAY,EAAE,UAAU,CAAW;SAC/D,CAAC,CAAC;QAEH,wCAAwC;QACxC,SAAS,CAAC,IAAI,CAAC;YACb,OAAO,EAAE,cAAc;YACvB,UAAU,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE;gBACjC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAsB,CAAC;gBAC7C,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBACpB,OAAO,YAAU,CAAC,sBAAsB,CAAC,YAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;gBACzE,CAAC;gBACD,OAAO,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAiB,EAAE,IAAI,CAAC,CAAC,CAAe,CAAC,CAAC;YAC5E,CAAC;YACD,MAAM,EAAE,KAAK;gBACX,CAAC,CAAE,CAAC,mBAAmB,EAAE,YAAY,EAAE,UAAU,CAAW;gBAC5D,CAAC,CAAE,CAAC,mBAAmB,EAAE,YAAY,EAAE,UAAU,CAAW;SAC/D,CAAC,CAAC;QAEH,qCAAqC;QACrC,SAAS,CAAC,IAAI,CAAC;YACb,OAAO,EAAE,WAAW;YACpB,UAAU,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE;gBACjC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAsB,CAAC;gBAC7C,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBACjB,OAAO,YAAU,CAAC,sBAAsB,CAAC,YAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;gBACtE,CAAC;gBACD,OAAO,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAiB,EAAE,IAAI,CAAC,CAAC,CAAe,CAAC,CAAC;YACzE,CAAC;YACD,MAAM,EAAE,KAAK;gBACX,CAAC,CAAE,CAAC,mBAAmB,EAAE,YAAY,EAAE,UAAU,CAAW;gBAC5D,CAAC,CAAE,CAAC,mBAAmB,EAAE,YAAY,EAAE,UAAU,CAAW;SAC/D,CAAC,CAAC;QAEH,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,MAAM,CAAC,mBAAmB;QAChC,OAAO;YACL,WAAW;YACX,SAAS;YACT,eAAe;YACf,UAAU;YACV,qBAAqB;YACrB,oBAAoB;YACpB,eAAe;SAChB,CAAC;IACJ,CAAC;IAEO,MAAM,CAAC,oBAAoB;QACjC,OAAO;YACL,SAAS;YACT;gBACE,OAAO,EAAE,WAAW;gBACpB,UAAU,EAAE,CAAC,KAAoB,EAAE,EAAE;oBACnC,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC;gBAChC,CAAC;gBACD,MAAM,EAAE,CAAC,aAAa,CAAC;aACxB;YACD;gBACE,OAAO,EAAE,SAAS;gBAClB,UAAU,EAAE,CAAC,SAAkB,EAAE,WAAwB,EAAE,EAAE;oBAC3D,OAAO,IAAI,SAAS,CAAC,SAAkB,EAAE,WAAW,CAAC,CAAC;gBACxD,CAAC;gBACD,MAAM,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC;aACnC;YACD;gBACE,OAAO,EAAE,WAAW;gBACpB,UAAU,EAAE,CAAC,KAAoB,EAAE,EAAE;oBACnC,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC;gBAChC,CAAC;gBACD,MAAM,EAAE,CAAC,aAAa,CAAC;aACxB;SACF,CAAC;IACJ,CAAC;IAEO,MAAM,CAAC,+BAA+B;QAC5C,OAAO;YACL,OAAO,EAAE,eAAe;YACxB,UAAU,EAAE,CACV,WAA0B,EAC1B,KAAoB,EACpB,IAAmB,EACnB,SAAwB,EACxB,SAAwB,EACxB,GAAkB,EAClB,OAAsB,EACtB,MAAqB,EACrB,GAAkB,EAClB,EAAE;gBACF,MAAM,GAAG,GAAG;oBACV,WAAW;oBACX,KAAK;oBACL,IAAI;oBACJ,SAAS;oBACT,SAAS;oBACT,GAAG;oBACH,OAAO;oBACP,MAAM;oBACN,GAAG;iBACe,CAAC;gBACrB,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAE,CAAiC,CAAC,SAAS,CAAC,CAAC;YAC1E,CAAC;YACD,MAAM,EAAE;gBACN,mBAAmB;gBACnB,aAAa;gBACb,YAAY;gBACZ,iBAAiB;gBACjB,iBAAiB;gBACjB,WAAW;gBACX,eAAe;gBACf,cAAc;gBACd,WAAW;aACZ;SACF,CAAC;IACJ,CAAC;IAEO,MAAM,CAAC,UAAU;QACvB,OAAO;YACL,WAAW;YACX,SAAS;YACT,WAAW;YACX,SAAS;YACT,WAAW;YACX,SAAS;YACT,eAAe;YACf,UAAU;YACV,qBAAqB;YACrB,oBAAoB;YACpB,eAAe;YACf,mBAAmB;YACnB,aAAa;YACb,qBAAqB;YACrB,YAAY;YACZ,iBAAiB;YACjB,iBAAiB;YACjB,WAAW;YACX,eAAe;YACf,cAAc;YACd,WAAW;SACZ,CAAC;IACJ,CAAC;IAEO,MAAM,CAAC,sBAAsB,CAAC,IAAY;QAChD,MAAM,CAAC,GAAG,IAAI,gBAAgB,EAAE,CAAC;QACjC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC;QACf,OAAO,CAAC,CAAC;IACX,CAAC;IAEO,MAAM,CAAC,OAAO,CAAC,MAAc;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC;CACF,CAAA;AA/VY,UAAU;IADtB,MAAM,CAAC,EAAE,CAAC;GACE,UAAU,CA+VtB;;AAED,MAAM,gBAAgB;IACpB,SAAS,GAAG,IAAI,CAAC;IACjB,KAAK,GAAG,UAAU,CAAC;IACnB,IAAI,GAAG,EAAW,CAAC;IACnB,IAAI,GAAG,UAAU,CAAC;IAElB,YAAY;QACV,MAAM,IAAI,KAAK,CAAC,aAAa,IAAI,CAAC,KAAK,kBAAkB,CAAC,CAAC;IAC7D,CAAC;CACF"}
|
|
@@ -0,0 +1,179 @@
|
|
|
1
|
+
import type { Provider, DynamicModule, Type } from '@nestjs/common';
|
|
2
|
+
import type { AuthMethod } from './interfaces';
|
|
3
|
+
export interface CredentialsOptions {
|
|
4
|
+
/** Enable email login (default true) */
|
|
5
|
+
email?: boolean;
|
|
6
|
+
/** Enable username login (default false) */
|
|
7
|
+
username?: boolean;
|
|
8
|
+
/** Require email verification before login (default false) */
|
|
9
|
+
requireEmailVerification?: boolean;
|
|
10
|
+
}
|
|
11
|
+
export interface OAuthProviderConfig {
|
|
12
|
+
clientId: string;
|
|
13
|
+
clientSecret: string;
|
|
14
|
+
callbackUrl: string;
|
|
15
|
+
scopes?: string[];
|
|
16
|
+
additionalParams?: Record<string, string>;
|
|
17
|
+
}
|
|
18
|
+
export interface OAuthOptions {
|
|
19
|
+
google?: OAuthProviderConfig;
|
|
20
|
+
github?: OAuthProviderConfig;
|
|
21
|
+
facebook?: OAuthProviderConfig;
|
|
22
|
+
apple?: OAuthProviderConfig;
|
|
23
|
+
microsoft?: OAuthProviderConfig;
|
|
24
|
+
discord?: OAuthProviderConfig;
|
|
25
|
+
custom?: Record<string, OAuthProviderConfig>;
|
|
26
|
+
}
|
|
27
|
+
export interface TOTPOptions {
|
|
28
|
+
/** Issuer name shown in authenticator apps (default "NestKit") */
|
|
29
|
+
issuer?: string;
|
|
30
|
+
/** Number of backup codes to generate (default 8) */
|
|
31
|
+
backupCodeCount?: number;
|
|
32
|
+
/** Algorithm: 'sha1' | 'sha256' | 'sha512' (default 'sha1') */
|
|
33
|
+
algorithm?: 'sha1' | 'sha256' | 'sha512';
|
|
34
|
+
/** Number of digits (default 6) */
|
|
35
|
+
digits?: number;
|
|
36
|
+
/** TOTP step window (seconds, default 30) */
|
|
37
|
+
period?: number;
|
|
38
|
+
}
|
|
39
|
+
export interface AnonymousOptions {
|
|
40
|
+
/** Prefix for anonymous user IDs (default "anon_") */
|
|
41
|
+
idPrefix?: string;
|
|
42
|
+
/** Whether anonymous sessions can be persisted (default true) */
|
|
43
|
+
allowConversion?: boolean;
|
|
44
|
+
}
|
|
45
|
+
export interface MagicLinkOptions {
|
|
46
|
+
/** Token expiry in seconds (default 900 / 15 min) */
|
|
47
|
+
tokenExpiresIn?: number;
|
|
48
|
+
/** Token length in bytes (default 32) */
|
|
49
|
+
tokenBytes?: number;
|
|
50
|
+
}
|
|
51
|
+
export interface OTPOptions {
|
|
52
|
+
/** OTP code length (default 6) */
|
|
53
|
+
digits?: number;
|
|
54
|
+
/** OTP expiry in seconds (default 300 / 5 min) */
|
|
55
|
+
expiresIn?: number;
|
|
56
|
+
/** Max allowed attempts before code is invalidated (default 3) */
|
|
57
|
+
maxAttempts?: number;
|
|
58
|
+
}
|
|
59
|
+
export interface PasskeyOptions {
|
|
60
|
+
/** Relying Party name (default "NestKit") */
|
|
61
|
+
rpName?: string;
|
|
62
|
+
/** Relying Party ID (default request hostname) */
|
|
63
|
+
rpId?: string;
|
|
64
|
+
/** Origin URL(s) allowed (default [request origin]) */
|
|
65
|
+
origins?: string[];
|
|
66
|
+
/** Timeout for WebAuthn ceremonies (ms, default 60000) */
|
|
67
|
+
timeout?: number;
|
|
68
|
+
}
|
|
69
|
+
export interface OneTapOptions {
|
|
70
|
+
google?: {
|
|
71
|
+
clientId: string;
|
|
72
|
+
};
|
|
73
|
+
apple?: {
|
|
74
|
+
clientId: string;
|
|
75
|
+
keyId: string;
|
|
76
|
+
teamId: string;
|
|
77
|
+
privateKey: string;
|
|
78
|
+
};
|
|
79
|
+
}
|
|
80
|
+
export interface SSOOptions {
|
|
81
|
+
/** SAML providers */
|
|
82
|
+
saml?: Record<string, SamlProviderConfig>;
|
|
83
|
+
/** OIDC providers */
|
|
84
|
+
oidc?: Record<string, OidcProviderConfig>;
|
|
85
|
+
}
|
|
86
|
+
export interface SamlProviderConfig {
|
|
87
|
+
entryPoint: string;
|
|
88
|
+
issuer: string;
|
|
89
|
+
cert?: string;
|
|
90
|
+
privateKey?: string;
|
|
91
|
+
callbackUrl: string;
|
|
92
|
+
}
|
|
93
|
+
export interface OidcProviderConfig {
|
|
94
|
+
issuerUrl: string;
|
|
95
|
+
clientId: string;
|
|
96
|
+
clientSecret: string;
|
|
97
|
+
callbackUrl: string;
|
|
98
|
+
scopes?: string[];
|
|
99
|
+
}
|
|
100
|
+
export interface RBACOptions {
|
|
101
|
+
/** Key in JWT payload that holds roles (default "roles") */
|
|
102
|
+
rolesClaim?: string;
|
|
103
|
+
/** Whether to require at least one role on protected routes (default true) */
|
|
104
|
+
requireRole?: boolean;
|
|
105
|
+
}
|
|
106
|
+
export interface PBACOptions {
|
|
107
|
+
/** Policy evaluation mode (default "deny-unless-permit") */
|
|
108
|
+
defaultEffect?: 'deny-unless-permit' | 'permit-unless-deny';
|
|
109
|
+
}
|
|
110
|
+
export interface SessionOptions {
|
|
111
|
+
/** Access token TTL (default "15m") */
|
|
112
|
+
accessTokenExpiresIn?: string;
|
|
113
|
+
/** Refresh token TTL (default "7d") */
|
|
114
|
+
refreshTokenExpiresIn?: string;
|
|
115
|
+
/** JWT signing algorithm (default "HS256") */
|
|
116
|
+
algorithm?: 'HS256' | 'RS256' | 'ES256';
|
|
117
|
+
/** Custom issuer claim */
|
|
118
|
+
issuer?: string;
|
|
119
|
+
/** Custom audience claim */
|
|
120
|
+
audience?: string;
|
|
121
|
+
/** Blacklist TTL (seconds, default = refresh token TTL) */
|
|
122
|
+
blacklistTtl?: number;
|
|
123
|
+
/** Enable refresh token rotation (default true) */
|
|
124
|
+
rotation?: boolean;
|
|
125
|
+
/** Enable multi-device tracking (default false) */
|
|
126
|
+
multiDevice?: boolean;
|
|
127
|
+
}
|
|
128
|
+
export interface ThrottleOptions {
|
|
129
|
+
/** Max login attempts per window (default 5) */
|
|
130
|
+
maxAttempts?: number;
|
|
131
|
+
/** Window duration in seconds (default 900 / 15 min) */
|
|
132
|
+
windowSeconds?: number;
|
|
133
|
+
}
|
|
134
|
+
export interface AuthModuleOptions {
|
|
135
|
+
/** JWT secret (required for HS256, ignored for RS256/ES256) */
|
|
136
|
+
jwtSecret?: string;
|
|
137
|
+
/** Private key PEM (required for RS256/ES256) */
|
|
138
|
+
jwtPrivateKey?: string;
|
|
139
|
+
/** Public key PEM (required for RS256/ES256) */
|
|
140
|
+
jwtPublicKey?: string;
|
|
141
|
+
/** Bcrypt cost rounds (default 12) */
|
|
142
|
+
passwordRounds?: number;
|
|
143
|
+
/** Injection token for your cache-service provider (default 'CACHE_SERVICE') */
|
|
144
|
+
cacheServiceToken?: string;
|
|
145
|
+
/**
|
|
146
|
+
* Injection token for your user-service provider (default 'USER_SERVICE').
|
|
147
|
+
* The token must resolve to an object implementing IUserService.
|
|
148
|
+
*/
|
|
149
|
+
userServiceToken?: string;
|
|
150
|
+
/** Additional NestJS providers to register (e.g. your own services) */
|
|
151
|
+
extraProviders?: Provider[];
|
|
152
|
+
credentials?: boolean | CredentialsOptions;
|
|
153
|
+
oauth?: boolean | OAuthOptions;
|
|
154
|
+
totp?: boolean | TOTPOptions;
|
|
155
|
+
anonymous?: boolean | AnonymousOptions;
|
|
156
|
+
magicLink?: boolean | MagicLinkOptions;
|
|
157
|
+
otp?: boolean | OTPOptions;
|
|
158
|
+
passkey?: boolean | PasskeyOptions;
|
|
159
|
+
onetap?: boolean | OneTapOptions;
|
|
160
|
+
sso?: boolean | SSOOptions;
|
|
161
|
+
/**
|
|
162
|
+
* Override the default authentication method for routes.
|
|
163
|
+
* If not set, AuthGuard uses the first enabled strategy.
|
|
164
|
+
*/
|
|
165
|
+
defaultAuthMethod?: AuthMethod;
|
|
166
|
+
rbac?: boolean | RBACOptions;
|
|
167
|
+
pbac?: boolean | PBACOptions;
|
|
168
|
+
session?: SessionOptions;
|
|
169
|
+
throttle?: ThrottleOptions;
|
|
170
|
+
global?: boolean;
|
|
171
|
+
}
|
|
172
|
+
export interface AuthModuleAsyncOptions {
|
|
173
|
+
useFactory: (...args: unknown[]) => Promise<AuthModuleOptions> | AuthModuleOptions;
|
|
174
|
+
inject?: (Type<unknown> | string | symbol)[];
|
|
175
|
+
imports?: DynamicModule['imports'];
|
|
176
|
+
extraProviders?: Provider[];
|
|
177
|
+
global?: boolean;
|
|
178
|
+
}
|
|
179
|
+
//# sourceMappingURL=auth.options.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.options.d.ts","sourceRoot":"","sources":["../../packages/auth/auth.options.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACpE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAI/C,MAAM,WAAW,kBAAkB;IACjC,wCAAwC;IACxC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,4CAA4C;IAC5C,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,8DAA8D;IAC9D,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAC7B,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAC7B,QAAQ,CAAC,EAAE,mBAAmB,CAAC;IAC/B,KAAK,CAAC,EAAE,mBAAmB,CAAC;IAC5B,SAAS,CAAC,EAAE,mBAAmB,CAAC;IAChC,OAAO,CAAC,EAAE,mBAAmB,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;CAC9C;AAED,MAAM,WAAW,WAAW;IAC1B,kEAAkE;IAClE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qDAAqD;IACrD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,+DAA+D;IAC/D,SAAS,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACzC,mCAAmC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,6CAA6C;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,sDAAsD;IACtD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iEAAiE;IACjE,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,gBAAgB;IAC/B,qDAAqD;IACrD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,yCAAyC;IACzC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,kCAAkC;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,kEAAkE;IAClE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,6CAA6C;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,0DAA0D;IAC1D,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAC9B,KAAK,CAAC,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;CACjF;AAED,MAAM,WAAW,UAAU;IACzB,qBAAqB;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;IAC1C,qBAAqB;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;CAC3C;AAED,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAID,MAAM,WAAW,WAAW;IAC1B,4DAA4D;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8EAA8E;IAC9E,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,WAAW;IAC1B,4DAA4D;IAC5D,aAAa,CAAC,EAAE,oBAAoB,GAAG,oBAAoB,CAAC;CAC7D;AAID,MAAM,WAAW,cAAc;IAC7B,uCAAuC;IACvC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uCAAuC;IACvC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,8CAA8C;IAC9C,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,GAAG,OAAO,CAAC;IACxC,0BAA0B;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,2DAA2D;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mDAAmD;IACnD,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,mDAAmD;IACnD,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAID,MAAM,WAAW,eAAe;IAC9B,gDAAgD;IAChD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wDAAwD;IACxD,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,WAAW,iBAAiB;IAChC,+DAA+D;IAC/D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iDAAiD;IACjD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,sCAAsC;IACtC,cAAc,CAAC,EAAE,MAAM,CAAC;IAGxB,gFAAgF;IAChF,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAG1B,uEAAuE;IACvE,cAAc,CAAC,EAAE,QAAQ,EAAE,CAAC;IAG5B,WAAW,CAAC,EAAE,OAAO,GAAG,kBAAkB,CAAC;IAC3C,KAAK,CAAC,EAAE,OAAO,GAAG,YAAY,CAAC;IAC/B,IAAI,CAAC,EAAE,OAAO,GAAG,WAAW,CAAC;IAC7B,SAAS,CAAC,EAAE,OAAO,GAAG,gBAAgB,CAAC;IACvC,SAAS,CAAC,EAAE,OAAO,GAAG,gBAAgB,CAAC;IACvC,GAAG,CAAC,EAAE,OAAO,GAAG,UAAU,CAAC;IAC3B,OAAO,CAAC,EAAE,OAAO,GAAG,cAAc,CAAC;IACnC,MAAM,CAAC,EAAE,OAAO,GAAG,aAAa,CAAC;IACjC,GAAG,CAAC,EAAE,OAAO,GAAG,UAAU,CAAC;IAG3B;;;OAGG;IACH,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAG/B,IAAI,CAAC,EAAE,OAAO,GAAG,WAAW,CAAC;IAC7B,IAAI,CAAC,EAAE,OAAO,GAAG,WAAW,CAAC;IAG7B,OAAO,CAAC,EAAE,cAAc,CAAC;IAGzB,QAAQ,CAAC,EAAE,eAAe,CAAC;IAG3B,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,sBAAsB;IACrC,UAAU,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,iBAAiB,CAAC,GAAG,iBAAiB,CAAC;IACnF,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IAC7C,OAAO,CAAC,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC;IACnC,cAAc,CAAC,EAAE,QAAQ,EAAE,CAAC;IAC5B,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.options.js","sourceRoot":"","sources":["../../packages/auth/auth.options.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
import { type ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import type { IAuthResult, IAuthStrategy, ICacheService, ITokenPair } from './interfaces';
|
|
3
|
+
import { AuthMethod } from './interfaces';
|
|
4
|
+
import type { AuthModuleOptions } from './auth.options';
|
|
5
|
+
import { JwtService } from './session/jwt.service';
|
|
6
|
+
import { TokenBlacklistService } from './session/token-blacklist.service';
|
|
7
|
+
import { DeviceSessionService } from './session/device-session.service';
|
|
8
|
+
/**
|
|
9
|
+
* Central authentication orchestrator.
|
|
10
|
+
*
|
|
11
|
+
* Delegates to the appropriate strategy based on `AuthMethod`,
|
|
12
|
+
* manages token lifecycle, session tracking, and cache acceleration.
|
|
13
|
+
*/
|
|
14
|
+
export declare class AuthService {
|
|
15
|
+
private readonly options;
|
|
16
|
+
private readonly cache;
|
|
17
|
+
private readonly jwtService;
|
|
18
|
+
private readonly tokenBlacklist;
|
|
19
|
+
private readonly deviceSession;
|
|
20
|
+
private readonly strategyMap;
|
|
21
|
+
constructor(options: AuthModuleOptions, _strategies: IAuthStrategy[], cache: ICacheService, jwtService: JwtService, tokenBlacklist: TokenBlacklistService, deviceSession: DeviceSessionService);
|
|
22
|
+
/**
|
|
23
|
+
* Authenticate using the given method.
|
|
24
|
+
*
|
|
25
|
+
* @param method Authentication method (e.g. 'credentials', 'oauth')
|
|
26
|
+
* @param payload Strategy-specific payload
|
|
27
|
+
* @param context Optional execution context
|
|
28
|
+
*/
|
|
29
|
+
authenticate(method: AuthMethod, payload: Record<string, unknown>, context?: ExecutionContext): Promise<IAuthResult>;
|
|
30
|
+
/**
|
|
31
|
+
* Validate an access token and return its decoded payload.
|
|
32
|
+
* Uses cache for fast-path validation when available.
|
|
33
|
+
*
|
|
34
|
+
* @param token Raw JWT access token
|
|
35
|
+
*/
|
|
36
|
+
validateToken(token: string): Promise<Record<string, unknown>>;
|
|
37
|
+
/**
|
|
38
|
+
* Refresh an expired access token using a refresh token.
|
|
39
|
+
* Implements refresh token rotation.
|
|
40
|
+
*/
|
|
41
|
+
refreshToken(refreshToken: string, deviceId?: string): Promise<ITokenPair>;
|
|
42
|
+
/**
|
|
43
|
+
* Logout — blacklist the current access token and optionally
|
|
44
|
+
* remove a specific device session.
|
|
45
|
+
*/
|
|
46
|
+
logout(accessToken: string, deviceId?: string): Promise<void>;
|
|
47
|
+
/**
|
|
48
|
+
* Logout from all devices — revoke all sessions for a user.
|
|
49
|
+
*/
|
|
50
|
+
logoutAll(userId: string): Promise<void>;
|
|
51
|
+
/**
|
|
52
|
+
* Get all active sessions for a user (multi-device view).
|
|
53
|
+
*/
|
|
54
|
+
getUserSessions(userId: string): Promise<import("./session").IDeviceInfo[]>;
|
|
55
|
+
private hash;
|
|
56
|
+
}
|
|
57
|
+
//# sourceMappingURL=auth.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../packages/auth/auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAsB,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAC3E,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1F,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAC1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AAExE;;;;;GAKG;AACH,qBACa,WAAW;IAKpB,OAAO,CAAC,QAAQ,CAAC,OAAO;IAIxB,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAXhC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAwC;gBAIjD,OAAO,EAAE,iBAAiB,EAE3C,WAAW,EAAE,aAAa,EAAE,EAEX,KAAK,EAAE,aAAa,EACpB,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,qBAAqB,EACrC,aAAa,EAAE,oBAAoB;IAOtD;;;;;;OAMG;IACG,YAAY,CAChB,MAAM,EAAE,UAAU,EAClB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,WAAW,CAAC;IAsBvB;;;;;OAKG;IACG,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAoBpE;;;OAGG;IACG,YAAY,CAAC,YAAY,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IA2ChF;;;OAGG;IACG,MAAM,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAcnE;;OAEG;IACG,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C;;OAEG;IACG,eAAe,CAAC,MAAM,EAAE,MAAM;IAIpC,OAAO,CAAC,IAAI;CASb"}
|
|
@@ -0,0 +1,175 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
+
};
|
|
13
|
+
import { Inject, Injectable } from '@nestjs/common';
|
|
14
|
+
import { AUTH_MODULE_OPTIONS, AUTH_STRATEGIES, CACHE_SERVICE } from './auth.constants';
|
|
15
|
+
import { JwtService } from './session/jwt.service';
|
|
16
|
+
import { TokenBlacklistService } from './session/token-blacklist.service';
|
|
17
|
+
import { DeviceSessionService } from './session/device-session.service';
|
|
18
|
+
/**
|
|
19
|
+
* Central authentication orchestrator.
|
|
20
|
+
*
|
|
21
|
+
* Delegates to the appropriate strategy based on `AuthMethod`,
|
|
22
|
+
* manages token lifecycle, session tracking, and cache acceleration.
|
|
23
|
+
*/
|
|
24
|
+
let AuthService = class AuthService {
|
|
25
|
+
options;
|
|
26
|
+
cache;
|
|
27
|
+
jwtService;
|
|
28
|
+
tokenBlacklist;
|
|
29
|
+
deviceSession;
|
|
30
|
+
strategyMap = new Map();
|
|
31
|
+
constructor(options, _strategies, cache, jwtService, tokenBlacklist, deviceSession) {
|
|
32
|
+
this.options = options;
|
|
33
|
+
this.cache = cache;
|
|
34
|
+
this.jwtService = jwtService;
|
|
35
|
+
this.tokenBlacklist = tokenBlacklist;
|
|
36
|
+
this.deviceSession = deviceSession;
|
|
37
|
+
for (const strategy of _strategies) {
|
|
38
|
+
this.strategyMap.set(strategy.type, strategy);
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Authenticate using the given method.
|
|
43
|
+
*
|
|
44
|
+
* @param method Authentication method (e.g. 'credentials', 'oauth')
|
|
45
|
+
* @param payload Strategy-specific payload
|
|
46
|
+
* @param context Optional execution context
|
|
47
|
+
*/
|
|
48
|
+
async authenticate(method, payload, context) {
|
|
49
|
+
const strategy = this.strategyMap.get(method);
|
|
50
|
+
if (!strategy) {
|
|
51
|
+
throw new Error(`Authentication method "${method}" is not enabled`);
|
|
52
|
+
}
|
|
53
|
+
const result = await strategy.authenticate(payload, context);
|
|
54
|
+
// Track device session if multi-device is enabled
|
|
55
|
+
if (this.options.session?.multiDevice) {
|
|
56
|
+
await this.deviceSession.register({
|
|
57
|
+
deviceId: payload.deviceId ?? 'default',
|
|
58
|
+
userId: result.user.id,
|
|
59
|
+
userAgent: payload.userAgent,
|
|
60
|
+
ip: payload.ip,
|
|
61
|
+
lastActivity: Date.now(),
|
|
62
|
+
});
|
|
63
|
+
}
|
|
64
|
+
return result;
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Validate an access token and return its decoded payload.
|
|
68
|
+
* Uses cache for fast-path validation when available.
|
|
69
|
+
*
|
|
70
|
+
* @param token Raw JWT access token
|
|
71
|
+
*/
|
|
72
|
+
async validateToken(token) {
|
|
73
|
+
// Fast-path: check cache first
|
|
74
|
+
const cacheKey = `auth:token:${this.hash(token)}`;
|
|
75
|
+
const cached = await this.cache.get(cacheKey);
|
|
76
|
+
if (cached)
|
|
77
|
+
return cached;
|
|
78
|
+
const payload = await this.jwtService.verifyAccess(token);
|
|
79
|
+
// Check blacklist
|
|
80
|
+
const jti = payload.jti;
|
|
81
|
+
if (jti && (await this.tokenBlacklist.isBlacklisted(jti))) {
|
|
82
|
+
throw new Error('Token has been revoked');
|
|
83
|
+
}
|
|
84
|
+
// Cache the validated payload for 30 seconds
|
|
85
|
+
await this.cache.set(cacheKey, payload, 30);
|
|
86
|
+
return payload;
|
|
87
|
+
}
|
|
88
|
+
/**
|
|
89
|
+
* Refresh an expired access token using a refresh token.
|
|
90
|
+
* Implements refresh token rotation.
|
|
91
|
+
*/
|
|
92
|
+
async refreshToken(refreshToken, deviceId) {
|
|
93
|
+
const payload = await this.jwtService.verifyRefresh(refreshToken);
|
|
94
|
+
const userId = payload.sub;
|
|
95
|
+
// Check family revocation
|
|
96
|
+
if (this.options.session?.rotation !== false) {
|
|
97
|
+
const familyId = payload.family ?? payload.jti;
|
|
98
|
+
if (familyId && (await this.tokenBlacklist.isFamilyRevoked(familyId))) {
|
|
99
|
+
throw new Error('Refresh token family has been revoked');
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
// In rotation mode, blacklist the current refresh token
|
|
103
|
+
if (this.options.session?.rotation !== false && payload.jti) {
|
|
104
|
+
const exp = payload.exp;
|
|
105
|
+
const ttl = exp ? Math.max(1, exp - Math.floor(Date.now() / 1000)) : 86400;
|
|
106
|
+
await this.tokenBlacklist.blacklistAccess(payload.jti, ttl);
|
|
107
|
+
}
|
|
108
|
+
const user = {
|
|
109
|
+
id: userId,
|
|
110
|
+
email: payload.email,
|
|
111
|
+
username: payload.username,
|
|
112
|
+
roles: payload.roles,
|
|
113
|
+
permissions: payload.permissions,
|
|
114
|
+
isAnonymous: payload.isAnonymous ?? false,
|
|
115
|
+
isMfaVerified: payload.isMfaVerified ?? false,
|
|
116
|
+
};
|
|
117
|
+
const tokens = await this.jwtService.signTokens(user);
|
|
118
|
+
// Update device session timestamp
|
|
119
|
+
if (deviceId) {
|
|
120
|
+
const session = await this.deviceSession.getSession(userId, deviceId);
|
|
121
|
+
if (session) {
|
|
122
|
+
session.lastActivity = Date.now();
|
|
123
|
+
await this.deviceSession.register(session);
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
return tokens;
|
|
127
|
+
}
|
|
128
|
+
/**
|
|
129
|
+
* Logout — blacklist the current access token and optionally
|
|
130
|
+
* remove a specific device session.
|
|
131
|
+
*/
|
|
132
|
+
async logout(accessToken, deviceId) {
|
|
133
|
+
const payload = this.jwtService.decode(accessToken);
|
|
134
|
+
const jti = payload?.jti ?? this.hash(accessToken);
|
|
135
|
+
const exp = payload?.exp;
|
|
136
|
+
const ttl = exp ? Math.max(1, exp - Math.floor(Date.now() / 1000)) : 3600;
|
|
137
|
+
await this.tokenBlacklist.blacklistAccess(jti, ttl);
|
|
138
|
+
const userId = payload?.sub;
|
|
139
|
+
if (userId && deviceId) {
|
|
140
|
+
await this.deviceSession.removeSession(userId, deviceId);
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
/**
|
|
144
|
+
* Logout from all devices — revoke all sessions for a user.
|
|
145
|
+
*/
|
|
146
|
+
async logoutAll(userId) {
|
|
147
|
+
await this.deviceSession.removeAllUserSessions(userId);
|
|
148
|
+
}
|
|
149
|
+
/**
|
|
150
|
+
* Get all active sessions for a user (multi-device view).
|
|
151
|
+
*/
|
|
152
|
+
async getUserSessions(userId) {
|
|
153
|
+
return this.deviceSession.getUserSessions(userId);
|
|
154
|
+
}
|
|
155
|
+
hash(value) {
|
|
156
|
+
let hash = 0;
|
|
157
|
+
for (let i = 0; i < value.length; i++) {
|
|
158
|
+
const char = value.charCodeAt(i);
|
|
159
|
+
hash = (hash << 5) - hash + char;
|
|
160
|
+
hash |= 0;
|
|
161
|
+
}
|
|
162
|
+
return Math.abs(hash).toString(16);
|
|
163
|
+
}
|
|
164
|
+
};
|
|
165
|
+
AuthService = __decorate([
|
|
166
|
+
Injectable(),
|
|
167
|
+
__param(0, Inject(AUTH_MODULE_OPTIONS)),
|
|
168
|
+
__param(1, Inject(AUTH_STRATEGIES)),
|
|
169
|
+
__param(2, Inject(CACHE_SERVICE)),
|
|
170
|
+
__metadata("design:paramtypes", [Object, Array, Object, JwtService,
|
|
171
|
+
TokenBlacklistService,
|
|
172
|
+
DeviceSessionService])
|
|
173
|
+
], AuthService);
|
|
174
|
+
export { AuthService };
|
|
175
|
+
//# sourceMappingURL=auth.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../packages/auth/auth.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAyB,MAAM,gBAAgB,CAAC;AAG3E,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEvF,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAC1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AAExE;;;;;GAKG;AAEI,IAAM,WAAW,GAAjB,MAAM,WAAW;IAKH;IAIA;IACA;IACA;IACA;IAXF,WAAW,GAAG,IAAI,GAAG,EAA6B,CAAC;IAEpE,YAEmB,OAA0B,EAE3C,WAA4B,EAEX,KAAoB,EACpB,UAAsB,EACtB,cAAqC,EACrC,aAAmC;QAPnC,YAAO,GAAP,OAAO,CAAmB;QAI1B,UAAK,GAAL,KAAK,CAAe;QACpB,eAAU,GAAV,UAAU,CAAY;QACtB,mBAAc,GAAd,cAAc,CAAuB;QACrC,kBAAa,GAAb,aAAa,CAAsB;QAEpD,KAAK,MAAM,QAAQ,IAAI,WAAW,EAAE,CAAC;YACnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,YAAY,CAChB,MAAkB,EAClB,OAAgC,EAChC,OAA0B;QAE1B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,0BAA0B,MAAM,kBAAkB,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAE7D,kDAAkD;QAClD,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC;gBAChC,QAAQ,EAAG,OAAO,CAAC,QAAmB,IAAI,SAAS;gBACnD,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;gBACtB,SAAS,EAAE,OAAO,CAAC,SAA+B;gBAClD,EAAE,EAAE,OAAO,CAAC,EAAwB;gBACpC,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE;aACzB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CAAC,KAAa;QAC/B,+BAA+B;QAC/B,MAAM,QAAQ,GAAG,cAAc,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAA0B,QAAQ,CAAC,CAAC;QACvE,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAE1D,kBAAkB;QAClB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAyB,CAAC;QAC9C,IAAI,GAAG,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,6CAA6C;QAC7C,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;QAE5C,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,YAAoB,EAAE,QAAiB;QACxD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAa,CAAC;QAErC,0BAA0B;QAC1B,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,KAAK,KAAK,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC;YAC/C,IAAI,QAAQ,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,QAAkB,CAAC,CAAC,EAAE,CAAC;gBAChF,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,KAAK,KAAK,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAC5D,MAAM,GAAG,GAAG,OAAO,CAAC,GAAyB,CAAC;YAC9C,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAC3E,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,GAAa,EAAE,GAAG,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,IAAI,GAAG;YACX,EAAE,EAAE,MAAM;YACV,KAAK,EAAE,OAAO,CAAC,KAA2B;YAC1C,QAAQ,EAAE,OAAO,CAAC,QAA8B;YAChD,KAAK,EAAE,OAAO,CAAC,KAA6B;YAC5C,WAAW,EAAE,OAAO,CAAC,WAAmC;YACxD,WAAW,EAAG,OAAO,CAAC,WAAuB,IAAI,KAAK;YACtD,aAAa,EAAG,OAAO,CAAC,aAAyB,IAAI,KAAK;SAC3D,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,kCAAkC;QAClC,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACtE,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBAClC,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,WAAmB,EAAE,QAAiB;QACjD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,GAAG,GAAI,OAAO,EAAE,GAAc,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC/D,MAAM,GAAG,GAAG,OAAO,EAAE,GAAyB,CAAC;QAC/C,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE1E,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAEpD,MAAM,MAAM,GAAG,OAAO,EAAE,GAAyB,CAAC;QAClD,IAAI,MAAM,IAAI,QAAQ,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,MAAc;QAC5B,MAAM,IAAI,CAAC,aAAa,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,OAAO,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;IAEO,IAAI,CAAC,KAAa;QACxB,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;YACjC,IAAI,IAAI,CAAC,CAAC;QACZ,CAAC;QACD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACrC,CAAC;CACF,CAAA;AAtKY,WAAW;IADvB,UAAU,EAAE;IAKR,WAAA,MAAM,CAAC,mBAAmB,CAAC,CAAA;IAE3B,WAAA,MAAM,CAAC,eAAe,CAAC,CAAA;IAEvB,WAAA,MAAM,CAAC,aAAa,CAAC,CAAA;4DAEO,UAAU;QACN,qBAAqB;QACtB,oBAAoB;GAZ3C,WAAW,CAsKvB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../packages/auth/authorization/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAC;AACvB,cAAc,QAAQ,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../packages/auth/authorization/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAC;AACvB,cAAc,QAAQ,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export { PbacService } from './pbac.service';
|
|
2
|
+
export { PbacGuard } from './pbac.guard';
|
|
3
|
+
export { RequirePolicy } from './pbac.decorator';
|
|
4
|
+
export type { PolicyDecoratorOptions } from './pbac.decorator';
|
|
5
|
+
export type { PolicyStatement, PolicyDocument, PolicyContext, PolicyEffect } from './pbac.types';
|
|
6
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,YAAY,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAC/D,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
export interface PolicyDecoratorOptions {
|
|
2
|
+
/** Action being performed (e.g. 'document:read') */
|
|
3
|
+
action: string;
|
|
4
|
+
/** Resource being accessed (e.g. 'org:123:doc:456') */
|
|
5
|
+
resource: string | ((req: unknown) => string);
|
|
6
|
+
}
|
|
7
|
+
/**
|
|
8
|
+
* Require a policy check on a route handler.
|
|
9
|
+
* Works with the PbacGuard.
|
|
10
|
+
*
|
|
11
|
+
* @example
|
|
12
|
+
* ```typescript
|
|
13
|
+
* @RequirePolicy({ action: 'document:delete', resource: 'org:*' })
|
|
14
|
+
* @RequirePolicy({ action: 'document:read', resource: (req) => req.params.docId })
|
|
15
|
+
* ```
|
|
16
|
+
*/
|
|
17
|
+
export declare const RequirePolicy: (options: PolicyDecoratorOptions) => import("@nestjs/common").CustomDecorator<string>;
|
|
18
|
+
//# sourceMappingURL=pbac.decorator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pbac.decorator.d.ts","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/pbac.decorator.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,sBAAsB;IACrC,oDAAoD;IACpD,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,QAAQ,EAAE,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,CAAC,CAAC;CAC/C;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,aAAa,GAAI,SAAS,sBAAsB,qDACtB,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { SetMetadata } from '@nestjs/common';
|
|
2
|
+
import { METADATA_POLICY } from '../../auth.constants';
|
|
3
|
+
/**
|
|
4
|
+
* Require a policy check on a route handler.
|
|
5
|
+
* Works with the PbacGuard.
|
|
6
|
+
*
|
|
7
|
+
* @example
|
|
8
|
+
* ```typescript
|
|
9
|
+
* @RequirePolicy({ action: 'document:delete', resource: 'org:*' })
|
|
10
|
+
* @RequirePolicy({ action: 'document:read', resource: (req) => req.params.docId })
|
|
11
|
+
* ```
|
|
12
|
+
*/
|
|
13
|
+
export const RequirePolicy = (options) => SetMetadata(METADATA_POLICY, options);
|
|
14
|
+
//# sourceMappingURL=pbac.decorator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pbac.decorator.js","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/pbac.decorator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AASvD;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,OAA+B,EAAE,EAAE,CAC/D,WAAW,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import { Reflector } from '@nestjs/core';
|
|
3
|
+
import { PbacService } from './pbac.service';
|
|
4
|
+
/**
|
|
5
|
+
* Guard that enforces Policy-Based Access Control.
|
|
6
|
+
*
|
|
7
|
+
* Reads the required policy from the `@RequirePolicy()` decorator
|
|
8
|
+
* and evaluates it against the user's assigned policies.
|
|
9
|
+
*
|
|
10
|
+
* This guard is independent — you can use it with or without RBAC on
|
|
11
|
+
* different routes in the same application.
|
|
12
|
+
*/
|
|
13
|
+
export declare class PbacGuard implements CanActivate {
|
|
14
|
+
private readonly reflector;
|
|
15
|
+
private readonly pbacService;
|
|
16
|
+
constructor(reflector: Reflector, pbacService: PbacService);
|
|
17
|
+
canActivate(context: ExecutionContext): Promise<boolean>;
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=pbac.guard.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pbac.guard.d.ts","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/pbac.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,WAAW,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAM7C;;;;;;;;GAQG;AACH,qBACa,SAAU,YAAW,WAAW;IAEzC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,WAAW;gBADX,SAAS,EAAE,SAAS,EACpB,WAAW,EAAE,WAAW;IAGrC,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAgC/D"}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
import { Injectable } from '@nestjs/common';
|
|
11
|
+
import { Reflector } from '@nestjs/core';
|
|
12
|
+
import { PbacService } from './pbac.service';
|
|
13
|
+
import { METADATA_POLICY } from '../../auth.constants';
|
|
14
|
+
/**
|
|
15
|
+
* Guard that enforces Policy-Based Access Control.
|
|
16
|
+
*
|
|
17
|
+
* Reads the required policy from the `@RequirePolicy()` decorator
|
|
18
|
+
* and evaluates it against the user's assigned policies.
|
|
19
|
+
*
|
|
20
|
+
* This guard is independent — you can use it with or without RBAC on
|
|
21
|
+
* different routes in the same application.
|
|
22
|
+
*/
|
|
23
|
+
let PbacGuard = class PbacGuard {
|
|
24
|
+
reflector;
|
|
25
|
+
pbacService;
|
|
26
|
+
constructor(reflector, pbacService) {
|
|
27
|
+
this.reflector = reflector;
|
|
28
|
+
this.pbacService = pbacService;
|
|
29
|
+
}
|
|
30
|
+
async canActivate(context) {
|
|
31
|
+
const policyMeta = this.reflector.getAllAndOverride(METADATA_POLICY, [
|
|
32
|
+
context.getHandler(),
|
|
33
|
+
context.getClass(),
|
|
34
|
+
]);
|
|
35
|
+
if (!policyMeta)
|
|
36
|
+
return true;
|
|
37
|
+
const request = context.switchToHttp().getRequest();
|
|
38
|
+
const user = request.user;
|
|
39
|
+
if (!user)
|
|
40
|
+
return false;
|
|
41
|
+
const action = policyMeta.action;
|
|
42
|
+
const resource = typeof policyMeta.resource === 'function'
|
|
43
|
+
? policyMeta.resource(request)
|
|
44
|
+
: policyMeta.resource;
|
|
45
|
+
const policies = await this.pbacService.getUserPolicies(user.id);
|
|
46
|
+
const ctx = {
|
|
47
|
+
user: user,
|
|
48
|
+
resource: { id: resource, ...request.params },
|
|
49
|
+
environment: {},
|
|
50
|
+
};
|
|
51
|
+
return this.pbacService.evaluate(policies, action, resource, ctx);
|
|
52
|
+
}
|
|
53
|
+
};
|
|
54
|
+
PbacGuard = __decorate([
|
|
55
|
+
Injectable(),
|
|
56
|
+
__metadata("design:paramtypes", [Reflector,
|
|
57
|
+
PbacService])
|
|
58
|
+
], PbacGuard);
|
|
59
|
+
export { PbacGuard };
|
|
60
|
+
//# sourceMappingURL=pbac.guard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pbac.guard.js","sourceRoot":"","sources":["../../../../packages/auth/authorization/pbac/pbac.guard.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAiC,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAKvD;;;;;;;;GAQG;AAEI,IAAM,SAAS,GAAf,MAAM,SAAS;IAED;IACA;IAFnB,YACmB,SAAoB,EACpB,WAAwB;QADxB,cAAS,GAAT,SAAS,CAAW;QACpB,gBAAW,GAAX,WAAW,CAAa;IACxC,CAAC;IAEJ,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAyB,eAAe,EAAE;YAC3F,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAE7B,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAI7C,CAAC;QACL,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAC1B,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;QACjC,MAAM,QAAQ,GACZ,OAAO,UAAU,CAAC,QAAQ,KAAK,UAAU;YACvC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;YAC9B,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC;QAE1B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEjE,MAAM,GAAG,GAAkB;YACzB,IAAI,EAAE,IAAI;YACV,QAAQ,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE;YAC7C,WAAW,EAAE,EAAE;SAChB,CAAC;QAEF,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;IACpE,CAAC;CACF,CAAA;AAtCY,SAAS;IADrB,UAAU,EAAE;qCAGmB,SAAS;QACP,WAAW;GAHhC,SAAS,CAsCrB"}
|