@os.io/nest-kit 0.0.1-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +111 -0
- package/dist/auth/auth.constants.d.ts +19 -0
- package/dist/auth/auth.constants.d.ts.map +1 -0
- package/dist/auth/auth.constants.js +19 -0
- package/dist/auth/auth.constants.js.map +1 -0
- package/dist/auth/auth.guard.d.ts +20 -0
- package/dist/auth/auth.guard.d.ts.map +1 -0
- package/dist/auth/auth.guard.js +84 -0
- package/dist/auth/auth.guard.js.map +1 -0
- package/dist/auth/auth.module.d.ts +26 -0
- package/dist/auth/auth.module.d.ts.map +1 -0
- package/dist/auth/auth.module.js +344 -0
- package/dist/auth/auth.module.js.map +1 -0
- package/dist/auth/auth.options.d.ts +179 -0
- package/dist/auth/auth.options.d.ts.map +1 -0
- package/dist/auth/auth.options.js +2 -0
- package/dist/auth/auth.options.js.map +1 -0
- package/dist/auth/auth.service.d.ts +57 -0
- package/dist/auth/auth.service.d.ts.map +1 -0
- package/dist/auth/auth.service.js +175 -0
- package/dist/auth/auth.service.js.map +1 -0
- package/dist/auth/authorization/index.d.ts +3 -0
- package/dist/auth/authorization/index.d.ts.map +1 -0
- package/dist/auth/authorization/index.js +3 -0
- package/dist/auth/authorization/index.js.map +1 -0
- package/dist/auth/authorization/pbac/index.d.ts +6 -0
- package/dist/auth/authorization/pbac/index.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/index.js +4 -0
- package/dist/auth/authorization/pbac/index.js.map +1 -0
- package/dist/auth/authorization/pbac/pbac.decorator.d.ts +18 -0
- package/dist/auth/authorization/pbac/pbac.decorator.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/pbac.decorator.js +14 -0
- package/dist/auth/authorization/pbac/pbac.decorator.js.map +1 -0
- package/dist/auth/authorization/pbac/pbac.guard.d.ts +19 -0
- package/dist/auth/authorization/pbac/pbac.guard.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/pbac.guard.js +60 -0
- package/dist/auth/authorization/pbac/pbac.guard.js.map +1 -0
- package/dist/auth/authorization/pbac/pbac.service.d.ts +44 -0
- package/dist/auth/authorization/pbac/pbac.service.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/pbac.service.js +146 -0
- package/dist/auth/authorization/pbac/pbac.service.js.map +1 -0
- package/dist/auth/authorization/pbac/pbac.types.d.ts +47 -0
- package/dist/auth/authorization/pbac/pbac.types.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/pbac.types.js +2 -0
- package/dist/auth/authorization/pbac/pbac.types.js.map +1 -0
- package/dist/auth/authorization/rbac/index.d.ts +4 -0
- package/dist/auth/authorization/rbac/index.d.ts.map +1 -0
- package/dist/auth/authorization/rbac/index.js +4 -0
- package/dist/auth/authorization/rbac/index.js.map +1 -0
- package/dist/auth/authorization/rbac/rbac.decorator.d.ts +18 -0
- package/dist/auth/authorization/rbac/rbac.decorator.d.ts.map +1 -0
- package/dist/auth/authorization/rbac/rbac.decorator.js +25 -0
- package/dist/auth/authorization/rbac/rbac.decorator.js.map +1 -0
- package/dist/auth/authorization/rbac/rbac.guard.d.ts +19 -0
- package/dist/auth/authorization/rbac/rbac.guard.d.ts.map +1 -0
- package/dist/auth/authorization/rbac/rbac.guard.js +50 -0
- package/dist/auth/authorization/rbac/rbac.guard.js.map +1 -0
- package/dist/auth/authorization/rbac/rbac.service.d.ts +43 -0
- package/dist/auth/authorization/rbac/rbac.service.d.ts.map +1 -0
- package/dist/auth/authorization/rbac/rbac.service.js +95 -0
- package/dist/auth/authorization/rbac/rbac.service.js.map +1 -0
- package/dist/auth/decorators/current-user.decorator.d.ts +17 -0
- package/dist/auth/decorators/current-user.decorator.d.ts.map +1 -0
- package/dist/auth/decorators/current-user.decorator.js +23 -0
- package/dist/auth/decorators/current-user.decorator.js.map +1 -0
- package/dist/auth/decorators/index.d.ts +3 -0
- package/dist/auth/decorators/index.d.ts.map +1 -0
- package/dist/auth/decorators/index.js +3 -0
- package/dist/auth/decorators/index.js.map +1 -0
- package/dist/auth/decorators/public.decorator.d.ts +13 -0
- package/dist/auth/decorators/public.decorator.d.ts.map +1 -0
- package/dist/auth/decorators/public.decorator.js +15 -0
- package/dist/auth/decorators/public.decorator.js.map +1 -0
- package/dist/auth/index.d.ts +63 -0
- package/dist/auth/index.d.ts.map +1 -0
- package/dist/auth/index.js +65 -0
- package/dist/auth/index.js.map +1 -0
- package/dist/auth/interfaces/auth-request.interface.d.ts +18 -0
- package/dist/auth/interfaces/auth-request.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/auth-request.interface.js +2 -0
- package/dist/auth/interfaces/auth-request.interface.js.map +1 -0
- package/dist/auth/interfaces/auth-result.interface.d.ts +28 -0
- package/dist/auth/interfaces/auth-result.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/auth-result.interface.js +2 -0
- package/dist/auth/interfaces/auth-result.interface.js.map +1 -0
- package/dist/auth/interfaces/auth-strategy.interface.d.ts +37 -0
- package/dist/auth/interfaces/auth-strategy.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/auth-strategy.interface.js +16 -0
- package/dist/auth/interfaces/auth-strategy.interface.js.map +1 -0
- package/dist/auth/interfaces/auth-user.interface.d.ts +25 -0
- package/dist/auth/interfaces/auth-user.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/auth-user.interface.js +2 -0
- package/dist/auth/interfaces/auth-user.interface.js.map +1 -0
- package/dist/auth/interfaces/cache-service.interface.d.ts +30 -0
- package/dist/auth/interfaces/cache-service.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/cache-service.interface.js +2 -0
- package/dist/auth/interfaces/cache-service.interface.js.map +1 -0
- package/dist/auth/interfaces/index.d.ts +8 -0
- package/dist/auth/interfaces/index.d.ts.map +1 -0
- package/dist/auth/interfaces/index.js +2 -0
- package/dist/auth/interfaces/index.js.map +1 -0
- package/dist/auth/interfaces/user-service.interface.d.ts +34 -0
- package/dist/auth/interfaces/user-service.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/user-service.interface.js +2 -0
- package/dist/auth/interfaces/user-service.interface.js.map +1 -0
- package/dist/auth/password/password.service.d.ts +23 -0
- package/dist/auth/password/password.service.d.ts.map +1 -0
- package/dist/auth/password/password.service.js +52 -0
- package/dist/auth/password/password.service.js.map +1 -0
- package/dist/auth/session/device-session.service.d.ts +43 -0
- package/dist/auth/session/device-session.service.d.ts.map +1 -0
- package/dist/auth/session/device-session.service.js +72 -0
- package/dist/auth/session/device-session.service.js.map +1 -0
- package/dist/auth/session/index.d.ts +5 -0
- package/dist/auth/session/index.d.ts.map +1 -0
- package/dist/auth/session/index.js +4 -0
- package/dist/auth/session/index.js.map +1 -0
- package/dist/auth/session/jwt.service.d.ts +37 -0
- package/dist/auth/session/jwt.service.d.ts.map +1 -0
- package/dist/auth/session/jwt.service.js +119 -0
- package/dist/auth/session/jwt.service.js.map +1 -0
- package/dist/auth/session/token-blacklist.service.d.ts +37 -0
- package/dist/auth/session/token-blacklist.service.d.ts.map +1 -0
- package/dist/auth/session/token-blacklist.service.js +70 -0
- package/dist/auth/session/token-blacklist.service.js.map +1 -0
- package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts +19 -0
- package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/anonymous/anonymous.strategy.js +49 -0
- package/dist/auth/strategies/anonymous/anonymous.strategy.js.map +1 -0
- package/dist/auth/strategies/base/base.strategy.d.ts +11 -0
- package/dist/auth/strategies/base/base.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/base/base.strategy.js +6 -0
- package/dist/auth/strategies/base/base.strategy.js.map +1 -0
- package/dist/auth/strategies/credentials/credentials.strategy.d.ts +21 -0
- package/dist/auth/strategies/credentials/credentials.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/credentials/credentials.strategy.js +67 -0
- package/dist/auth/strategies/credentials/credentials.strategy.js.map +1 -0
- package/dist/auth/strategies/index.d.ts +12 -0
- package/dist/auth/strategies/index.d.ts.map +1 -0
- package/dist/auth/strategies/index.js +12 -0
- package/dist/auth/strategies/index.js.map +1 -0
- package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts +31 -0
- package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/magic-link/magic-link.strategy.js +88 -0
- package/dist/auth/strategies/magic-link/magic-link.strategy.js.map +1 -0
- package/dist/auth/strategies/oauth/index.d.ts +3 -0
- package/dist/auth/strategies/oauth/index.d.ts.map +1 -0
- package/dist/auth/strategies/oauth/index.js +3 -0
- package/dist/auth/strategies/oauth/index.js.map +1 -0
- package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts +13 -0
- package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts.map +1 -0
- package/dist/auth/strategies/oauth/oauth-provider-registry.js +20 -0
- package/dist/auth/strategies/oauth/oauth-provider-registry.js.map +1 -0
- package/dist/auth/strategies/oauth/oauth.strategy.d.ts +23 -0
- package/dist/auth/strategies/oauth/oauth.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/oauth/oauth.strategy.js +79 -0
- package/dist/auth/strategies/oauth/oauth.strategy.js.map +1 -0
- package/dist/auth/strategies/onetap/onetap.strategy.d.ts +24 -0
- package/dist/auth/strategies/onetap/onetap.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/onetap/onetap.strategy.js +77 -0
- package/dist/auth/strategies/onetap/onetap.strategy.js.map +1 -0
- package/dist/auth/strategies/otp/otp.strategy.d.ts +31 -0
- package/dist/auth/strategies/otp/otp.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/otp/otp.strategy.js +93 -0
- package/dist/auth/strategies/otp/otp.strategy.js.map +1 -0
- package/dist/auth/strategies/passkey/passkey.strategy.d.ts +32 -0
- package/dist/auth/strategies/passkey/passkey.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/passkey/passkey.strategy.js +102 -0
- package/dist/auth/strategies/passkey/passkey.strategy.js.map +1 -0
- package/dist/auth/strategies/sso/sso.strategy.d.ts +25 -0
- package/dist/auth/strategies/sso/sso.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/sso/sso.strategy.js +80 -0
- package/dist/auth/strategies/sso/sso.strategy.js.map +1 -0
- package/dist/auth/strategies/totp/totp.strategy.d.ts +37 -0
- package/dist/auth/strategies/totp/totp.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/totp/totp.strategy.js +109 -0
- package/dist/auth/strategies/totp/totp.strategy.js.map +1 -0
- package/dist/auth/throttling/index.d.ts +2 -0
- package/dist/auth/throttling/index.d.ts.map +1 -0
- package/dist/auth/throttling/index.js +2 -0
- package/dist/auth/throttling/index.js.map +1 -0
- package/dist/auth/throttling/throttle.service.d.ts +27 -0
- package/dist/auth/throttling/throttle.service.d.ts.map +1 -0
- package/dist/auth/throttling/throttle.service.js +63 -0
- package/dist/auth/throttling/throttle.service.js.map +1 -0
- package/dist/bootstrap/cache/config.d.ts +135 -0
- package/dist/bootstrap/cache/config.d.ts.map +1 -0
- package/dist/bootstrap/cache/config.js +189 -0
- package/dist/bootstrap/cache/config.js.map +1 -0
- package/dist/bootstrap/cache/index.d.ts +11 -0
- package/dist/bootstrap/cache/index.d.ts.map +1 -0
- package/dist/bootstrap/cache/index.js +11 -0
- package/dist/bootstrap/cache/index.js.map +1 -0
- package/dist/bootstrap/index.d.ts +21 -0
- package/dist/bootstrap/index.d.ts.map +1 -0
- package/dist/bootstrap/index.js +21 -0
- package/dist/bootstrap/index.js.map +1 -0
- package/dist/bootstrap/scalar/api-docs.d.ts +39 -0
- package/dist/bootstrap/scalar/api-docs.d.ts.map +1 -0
- package/dist/bootstrap/scalar/api-docs.js +41 -0
- package/dist/bootstrap/scalar/api-docs.js.map +1 -0
- package/dist/bootstrap/scalar/index.d.ts +39 -0
- package/dist/bootstrap/scalar/index.d.ts.map +1 -0
- package/dist/bootstrap/scalar/index.js +41 -0
- package/dist/bootstrap/scalar/index.js.map +1 -0
- package/dist/bootstrap/swagger/api-docs.d.ts +73 -0
- package/dist/bootstrap/swagger/api-docs.d.ts.map +1 -0
- package/dist/bootstrap/swagger/api-docs.js +87 -0
- package/dist/bootstrap/swagger/api-docs.js.map +1 -0
- package/dist/bootstrap/swagger/index.d.ts +37 -0
- package/dist/bootstrap/swagger/index.d.ts.map +1 -0
- package/dist/bootstrap/swagger/index.js +36 -0
- package/dist/bootstrap/swagger/index.js.map +1 -0
- package/dist/bootstrap/typeorm/config/index.d.ts +12 -0
- package/dist/bootstrap/typeorm/config/index.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/config/index.js +62 -0
- package/dist/bootstrap/typeorm/config/index.js.map +1 -0
- package/dist/bootstrap/typeorm/crud/controller.d.ts +13 -0
- package/dist/bootstrap/typeorm/crud/controller.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/crud/controller.js +72 -0
- package/dist/bootstrap/typeorm/crud/controller.js.map +1 -0
- package/dist/bootstrap/typeorm/crud/index.d.ts +4 -0
- package/dist/bootstrap/typeorm/crud/index.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/crud/index.js +3 -0
- package/dist/bootstrap/typeorm/crud/index.js.map +1 -0
- package/dist/bootstrap/typeorm/crud/service.d.ts +10 -0
- package/dist/bootstrap/typeorm/crud/service.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/crud/service.js +21 -0
- package/dist/bootstrap/typeorm/crud/service.js.map +1 -0
- package/dist/bootstrap/typeorm/index.d.ts +18 -0
- package/dist/bootstrap/typeorm/index.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/index.js +18 -0
- package/dist/bootstrap/typeorm/index.js.map +1 -0
- package/dist/bootstrap/typeorm/uow/factory.d.ts +5 -0
- package/dist/bootstrap/typeorm/uow/factory.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/uow/factory.js +27 -0
- package/dist/bootstrap/typeorm/uow/factory.js.map +1 -0
- package/dist/bootstrap/typeorm/uow/index.d.ts +4 -0
- package/dist/bootstrap/typeorm/uow/index.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/uow/index.js +4 -0
- package/dist/bootstrap/typeorm/uow/index.js.map +1 -0
- package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts +62 -0
- package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/uow/transactional.decorator.js +114 -0
- package/dist/bootstrap/typeorm/uow/transactional.decorator.js.map +1 -0
- package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts +11 -0
- package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/uow/unit-of-work.js +23 -0
- package/dist/bootstrap/typeorm/uow/unit-of-work.js.map +1 -0
- package/dist/core/index.d.ts +11 -0
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +11 -0
- package/dist/core/index.js.map +1 -0
- package/dist/infra/audit-log/index.d.ts +12 -0
- package/dist/infra/audit-log/index.d.ts.map +1 -0
- package/dist/infra/audit-log/index.js +13 -0
- package/dist/infra/audit-log/index.js.map +1 -0
- package/dist/infra/index.d.ts +20 -0
- package/dist/infra/index.d.ts.map +1 -0
- package/dist/infra/index.js +21 -0
- package/dist/infra/index.js.map +1 -0
- package/dist/infra/logger/index.d.ts +12 -0
- package/dist/infra/logger/index.d.ts.map +1 -0
- package/dist/infra/logger/index.js +13 -0
- package/dist/infra/logger/index.js.map +1 -0
- package/dist/infra/metrics/index.d.ts +18 -0
- package/dist/infra/metrics/index.d.ts.map +1 -0
- package/dist/infra/metrics/index.js +19 -0
- package/dist/infra/metrics/index.js.map +1 -0
- package/dist/infra/notification/index.d.ts +12 -0
- package/dist/infra/notification/index.d.ts.map +1 -0
- package/dist/infra/notification/index.js +13 -0
- package/dist/infra/notification/index.js.map +1 -0
- package/dist/infra/storage/index.d.ts +12 -0
- package/dist/infra/storage/index.d.ts.map +1 -0
- package/dist/infra/storage/index.js +13 -0
- package/dist/infra/storage/index.js.map +1 -0
- package/dist/infra/stripe/index.d.ts +12 -0
- package/dist/infra/stripe/index.d.ts.map +1 -0
- package/dist/infra/stripe/index.js +13 -0
- package/dist/infra/stripe/index.js.map +1 -0
- package/dist/saas/index.d.ts +18 -0
- package/dist/saas/index.d.ts.map +1 -0
- package/dist/saas/index.js +19 -0
- package/dist/saas/index.js.map +1 -0
- package/package.json +165 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"public.decorator.d.ts","sourceRoot":"","sources":["../../../packages/auth/decorators/public.decorator.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;GAUG;AACH,eAAO,MAAM,MAAM,wDAA2C,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { SetMetadata } from '@nestjs/common';
|
|
2
|
+
import { METADATA_PUBLIC } from '../auth.constants';
|
|
3
|
+
/**
|
|
4
|
+
* Mark a route handler or controller as publicly accessible
|
|
5
|
+
* (bypasses the global AuthGuard).
|
|
6
|
+
*
|
|
7
|
+
* @example
|
|
8
|
+
* ```typescript
|
|
9
|
+
* @Public()
|
|
10
|
+
* @Get('login')
|
|
11
|
+
* login() { … }
|
|
12
|
+
* ```
|
|
13
|
+
*/
|
|
14
|
+
export const Public = () => SetMetadata(METADATA_PUBLIC, true);
|
|
15
|
+
//# sourceMappingURL=public.decorator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"public.decorator.js","sourceRoot":"","sources":["../../../packages/auth/decorators/public.decorator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,GAAG,EAAE,CAAC,WAAW,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC"}
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @os.io/nest-kit/auth
|
|
3
|
+
*
|
|
4
|
+
* Authentication & Authorization toolkit for NestJS applications.
|
|
5
|
+
*
|
|
6
|
+
* ## Features
|
|
7
|
+
*
|
|
8
|
+
* - **Authentication**: Credentials (email/password), OAuth (Google, GitHub,
|
|
9
|
+
* Facebook, Apple, Microsoft, Discord, custom), TOTP 2FA, Anonymous sessions,
|
|
10
|
+
* Magic Link, OTP (email/phone), Passkey (WebAuthn/FIDO2), OneTap (Google
|
|
11
|
+
* & Apple), SSO (SAML & OpenID Connect).
|
|
12
|
+
* - **Authorization**: RBAC (Role-Based) and PBAC (Policy-Based) — use either
|
|
13
|
+
* or both independently on different routes.
|
|
14
|
+
* - **Session**: Stateless JWT with refresh-token rotation, multi-device tracking,
|
|
15
|
+
* per-device logout (Telegram-style).
|
|
16
|
+
* - **Security**: bcrypt password hashing, rate limiting, token blacklisting
|
|
17
|
+
* via Redis/Valkey, token versioning.
|
|
18
|
+
* - **Scalability**: Horizontal scaling via shared cache; asymmetric JWT
|
|
19
|
+
* (RS256/ES256) enables service-to-service token validation without
|
|
20
|
+
* centralised auth calls.
|
|
21
|
+
*
|
|
22
|
+
* ## Quick Start
|
|
23
|
+
*
|
|
24
|
+
* ```typescript
|
|
25
|
+
* import { AuthModule } from '@os.io/nest-kit/auth';
|
|
26
|
+
*
|
|
27
|
+
* @Module({
|
|
28
|
+
* imports: [
|
|
29
|
+
* AuthModule.forRoot({
|
|
30
|
+
* jwtSecret: process.env.JWT_SECRET,
|
|
31
|
+
* credentials: true,
|
|
32
|
+
* rbac: true,
|
|
33
|
+
* }),
|
|
34
|
+
* ],
|
|
35
|
+
* providers: [
|
|
36
|
+
* { provide: 'USER_SERVICE', useClass: MyUserService },
|
|
37
|
+
* { provide: 'CACHE_SERVICE', useExisting: getCache() },
|
|
38
|
+
* ],
|
|
39
|
+
* })
|
|
40
|
+
* export class AppModule {}
|
|
41
|
+
* ```
|
|
42
|
+
*
|
|
43
|
+
* @module
|
|
44
|
+
* @packageDocumentation
|
|
45
|
+
*/
|
|
46
|
+
export { AuthModule } from './auth.module';
|
|
47
|
+
export { AuthService } from './auth.service';
|
|
48
|
+
export { AuthGuard } from './auth.guard';
|
|
49
|
+
export { AUTH_MODULE_OPTIONS, CACHE_SERVICE, USER_SERVICE, AUTH_STRATEGIES, METADATA_PUBLIC, METADATA_ROLES, METADATA_PERMISSIONS, METADATA_POLICY, } from './auth.constants';
|
|
50
|
+
export type { AuthModuleOptions, AuthModuleAsyncOptions, CredentialsOptions, OAuthOptions, OAuthProviderConfig, TOTPOptions, AnonymousOptions, MagicLinkOptions, OTPOptions, PasskeyOptions, OneTapOptions, SSOOptions, SamlProviderConfig, OidcProviderConfig, RBACOptions, PBACOptions, SessionOptions, ThrottleOptions, } from './auth.options';
|
|
51
|
+
export type { IAuthUser, IAuthRequest, ITokenPair, IAuthResult, IAuthStrategy, ICacheService, IUserService, } from './interfaces';
|
|
52
|
+
export { AuthMethod } from './interfaces';
|
|
53
|
+
export { CurrentUser, Public } from './decorators';
|
|
54
|
+
export { JwtService, TokenBlacklistService, DeviceSessionService } from './session';
|
|
55
|
+
export type { IDeviceInfo } from './session';
|
|
56
|
+
export { PasswordService } from './password/password.service';
|
|
57
|
+
export { ThrottleService } from './throttling/throttle.service';
|
|
58
|
+
export { BaseStrategy, CredentialsStrategy, OAuthStrategy, OAuthProviderRegistry, TotpStrategy, AnonymousStrategy, MagicLinkStrategy, OtpStrategy, PasskeyStrategy, OneTapStrategy, SsoStrategy, } from './strategies';
|
|
59
|
+
export { RbacService, RbacGuard, Roles } from './authorization/rbac';
|
|
60
|
+
export { PbacService, PbacGuard, RequirePolicy } from './authorization/pbac';
|
|
61
|
+
export type { PolicyDecoratorOptions } from './authorization/pbac';
|
|
62
|
+
export type { PolicyStatement, PolicyDocument, PolicyContext, PolicyEffect, } from './authorization/pbac';
|
|
63
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../packages/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAGzC,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,YAAY,EACZ,eAAe,EACf,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,eAAe,GAChB,MAAM,kBAAkB,CAAC;AAG1B,YAAY,EACV,iBAAiB,EACjB,sBAAsB,EACtB,kBAAkB,EAClB,YAAY,EACZ,mBAAmB,EACnB,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,kBAAkB,EAClB,WAAW,EACX,WAAW,EACX,cAAc,EACd,eAAe,GAChB,MAAM,gBAAgB,CAAC;AAGxB,YAAY,EACV,SAAS,EACT,YAAY,EACZ,UAAU,EACV,WAAW,EACX,aAAa,EACb,aAAa,EACb,YAAY,GACb,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAG1C,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAGnD,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AACpF,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAG7C,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAG9D,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAGhE,OAAO,EACL,YAAY,EACZ,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,WAAW,EACX,eAAe,EACf,cAAc,EACd,WAAW,GACZ,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC7E,YAAY,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AACnE,YAAY,EACV,eAAe,EACf,cAAc,EACd,aAAa,EACb,YAAY,GACb,MAAM,sBAAsB,CAAC"}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @os.io/nest-kit/auth
|
|
3
|
+
*
|
|
4
|
+
* Authentication & Authorization toolkit for NestJS applications.
|
|
5
|
+
*
|
|
6
|
+
* ## Features
|
|
7
|
+
*
|
|
8
|
+
* - **Authentication**: Credentials (email/password), OAuth (Google, GitHub,
|
|
9
|
+
* Facebook, Apple, Microsoft, Discord, custom), TOTP 2FA, Anonymous sessions,
|
|
10
|
+
* Magic Link, OTP (email/phone), Passkey (WebAuthn/FIDO2), OneTap (Google
|
|
11
|
+
* & Apple), SSO (SAML & OpenID Connect).
|
|
12
|
+
* - **Authorization**: RBAC (Role-Based) and PBAC (Policy-Based) — use either
|
|
13
|
+
* or both independently on different routes.
|
|
14
|
+
* - **Session**: Stateless JWT with refresh-token rotation, multi-device tracking,
|
|
15
|
+
* per-device logout (Telegram-style).
|
|
16
|
+
* - **Security**: bcrypt password hashing, rate limiting, token blacklisting
|
|
17
|
+
* via Redis/Valkey, token versioning.
|
|
18
|
+
* - **Scalability**: Horizontal scaling via shared cache; asymmetric JWT
|
|
19
|
+
* (RS256/ES256) enables service-to-service token validation without
|
|
20
|
+
* centralised auth calls.
|
|
21
|
+
*
|
|
22
|
+
* ## Quick Start
|
|
23
|
+
*
|
|
24
|
+
* ```typescript
|
|
25
|
+
* import { AuthModule } from '@os.io/nest-kit/auth';
|
|
26
|
+
*
|
|
27
|
+
* @Module({
|
|
28
|
+
* imports: [
|
|
29
|
+
* AuthModule.forRoot({
|
|
30
|
+
* jwtSecret: process.env.JWT_SECRET,
|
|
31
|
+
* credentials: true,
|
|
32
|
+
* rbac: true,
|
|
33
|
+
* }),
|
|
34
|
+
* ],
|
|
35
|
+
* providers: [
|
|
36
|
+
* { provide: 'USER_SERVICE', useClass: MyUserService },
|
|
37
|
+
* { provide: 'CACHE_SERVICE', useExisting: getCache() },
|
|
38
|
+
* ],
|
|
39
|
+
* })
|
|
40
|
+
* export class AppModule {}
|
|
41
|
+
* ```
|
|
42
|
+
*
|
|
43
|
+
* @module
|
|
44
|
+
* @packageDocumentation
|
|
45
|
+
*/
|
|
46
|
+
export { AuthModule } from './auth.module';
|
|
47
|
+
export { AuthService } from './auth.service';
|
|
48
|
+
export { AuthGuard } from './auth.guard';
|
|
49
|
+
// ── Constants ──
|
|
50
|
+
export { AUTH_MODULE_OPTIONS, CACHE_SERVICE, USER_SERVICE, AUTH_STRATEGIES, METADATA_PUBLIC, METADATA_ROLES, METADATA_PERMISSIONS, METADATA_POLICY, } from './auth.constants';
|
|
51
|
+
export { AuthMethod } from './interfaces';
|
|
52
|
+
// ── Decorators ──
|
|
53
|
+
export { CurrentUser, Public } from './decorators';
|
|
54
|
+
// ── Session ──
|
|
55
|
+
export { JwtService, TokenBlacklistService, DeviceSessionService } from './session';
|
|
56
|
+
// ── Password ──
|
|
57
|
+
export { PasswordService } from './password/password.service';
|
|
58
|
+
// ── Throttling ──
|
|
59
|
+
export { ThrottleService } from './throttling/throttle.service';
|
|
60
|
+
// ── Strategies ──
|
|
61
|
+
export { BaseStrategy, CredentialsStrategy, OAuthStrategy, OAuthProviderRegistry, TotpStrategy, AnonymousStrategy, MagicLinkStrategy, OtpStrategy, PasskeyStrategy, OneTapStrategy, SsoStrategy, } from './strategies';
|
|
62
|
+
// ── Authorization ──
|
|
63
|
+
export { RbacService, RbacGuard, Roles } from './authorization/rbac';
|
|
64
|
+
export { PbacService, PbacGuard, RequirePolicy } from './authorization/pbac';
|
|
65
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../packages/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,kBAAkB;AAClB,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,YAAY,EACZ,eAAe,EACf,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,eAAe,GAChB,MAAM,kBAAkB,CAAC;AAkC1B,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,mBAAmB;AACnB,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEnD,gBAAgB;AAChB,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAGpF,iBAAiB;AACjB,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAE9D,mBAAmB;AACnB,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE,mBAAmB;AACnB,OAAO,EACL,YAAY,EACZ,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,WAAW,EACX,eAAe,EACf,cAAc,EACd,WAAW,GACZ,MAAM,cAAc,CAAC;AAEtB,sBAAsB;AACtB,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import type { IAuthUser } from './auth-user.interface';
|
|
2
|
+
/**
|
|
3
|
+
* Extended Express/NestJS request with authenticated user info.
|
|
4
|
+
* Attached by AuthGuard after successful token validation.
|
|
5
|
+
*/
|
|
6
|
+
export interface IAuthRequest {
|
|
7
|
+
/** Authenticated user entity */
|
|
8
|
+
user?: IAuthUser;
|
|
9
|
+
/** Raw access token from the request */
|
|
10
|
+
accessToken?: string;
|
|
11
|
+
/** Raw refresh token (if present in request) */
|
|
12
|
+
refreshToken?: string;
|
|
13
|
+
/** Device / session identifier for multi-device tracking */
|
|
14
|
+
deviceId?: string;
|
|
15
|
+
/** Session identifier */
|
|
16
|
+
sessionId?: string;
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=auth-request.interface.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-request.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-request.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAEvD;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,wCAAwC;IACxC,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,yBAAyB;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-request.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-request.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import type { IAuthUser } from './auth-user.interface';
|
|
2
|
+
/**
|
|
3
|
+
* Pair of access and refresh tokens returned from successful authentication.
|
|
4
|
+
*/
|
|
5
|
+
export interface ITokenPair {
|
|
6
|
+
/** Short-lived JWT access token (Bearer) */
|
|
7
|
+
accessToken: string;
|
|
8
|
+
/** Long-lived refresh token for rotating sessions */
|
|
9
|
+
refreshToken: string;
|
|
10
|
+
/** Access token TTL in seconds */
|
|
11
|
+
expiresIn: number;
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* Result returned by every authentication strategy on success.
|
|
15
|
+
*/
|
|
16
|
+
export interface IAuthResult {
|
|
17
|
+
/** Authenticated user entity */
|
|
18
|
+
user: IAuthUser;
|
|
19
|
+
/** Token pair for subsequent requests */
|
|
20
|
+
tokens: ITokenPair;
|
|
21
|
+
/** Whether the user was just created (first sign-up) */
|
|
22
|
+
isNewUser?: boolean;
|
|
23
|
+
/** Whether the user must complete a second factor */
|
|
24
|
+
isMfaRequired?: boolean;
|
|
25
|
+
/** Server-generated session identifier */
|
|
26
|
+
sessionId?: string;
|
|
27
|
+
}
|
|
28
|
+
//# sourceMappingURL=auth-result.interface.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-result.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-result.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,YAAY,EAAE,MAAM,CAAC;IACrB,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,gCAAgC;IAChC,IAAI,EAAE,SAAS,CAAC;IAChB,yCAAyC;IACzC,MAAM,EAAE,UAAU,CAAC;IACnB,wDAAwD;IACxD,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,qDAAqD;IACrD,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,0CAA0C;IAC1C,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-result.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-result.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import type { IAuthResult } from './auth-result.interface';
|
|
3
|
+
/**
|
|
4
|
+
* Authentication method enum — each value maps to a strategy.
|
|
5
|
+
*/
|
|
6
|
+
export declare enum AuthMethod {
|
|
7
|
+
CREDENTIALS = "credentials",
|
|
8
|
+
OAUTH = "oauth",
|
|
9
|
+
TOTP = "totp",
|
|
10
|
+
ANONYMOUS = "anonymous",
|
|
11
|
+
MAGIC_LINK = "magic-link",
|
|
12
|
+
OTP = "otp",
|
|
13
|
+
PASSKEY = "passkey",
|
|
14
|
+
ONETAP = "onetap",
|
|
15
|
+
SSO = "sso"
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Every authentication strategy must implement this interface.
|
|
19
|
+
* Strategies are registered in the IoC container and discovered by AuthGuard.
|
|
20
|
+
*/
|
|
21
|
+
export interface IAuthStrategy {
|
|
22
|
+
/** Unique strategy type identifier */
|
|
23
|
+
readonly type: AuthMethod;
|
|
24
|
+
/** Human-readable strategy name for logging / debugging */
|
|
25
|
+
readonly name: string;
|
|
26
|
+
/**
|
|
27
|
+
* Attempt to authenticate the request.
|
|
28
|
+
*
|
|
29
|
+
* @param payload Strategy-specific authentication payload
|
|
30
|
+
* (e.g. { email, password } for credentials,
|
|
31
|
+
* { provider, code } for OAuth, …)
|
|
32
|
+
* @param context Optional NestJS execution context for
|
|
33
|
+
* access to request / response objects
|
|
34
|
+
*/
|
|
35
|
+
authenticate(payload: Record<string, unknown>, context?: ExecutionContext): Promise<IAuthResult>;
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=auth-strategy.interface.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-strategy.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-strategy.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAE3D;;GAEG;AACH,oBAAY,UAAU;IACpB,WAAW,gBAAgB;IAC3B,KAAK,UAAU;IACf,IAAI,SAAS;IACb,SAAS,cAAc;IACvB,UAAU,eAAe;IACzB,GAAG,QAAQ;IACX,OAAO,YAAY;IACnB,MAAM,WAAW;IACjB,GAAG,QAAQ;CACZ;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,sCAAsC;IACtC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAE1B,2DAA2D;IAC3D,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;;;;;;;OAQG;IACH,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;CAClG"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Authentication method enum — each value maps to a strategy.
|
|
3
|
+
*/
|
|
4
|
+
export var AuthMethod;
|
|
5
|
+
(function (AuthMethod) {
|
|
6
|
+
AuthMethod["CREDENTIALS"] = "credentials";
|
|
7
|
+
AuthMethod["OAUTH"] = "oauth";
|
|
8
|
+
AuthMethod["TOTP"] = "totp";
|
|
9
|
+
AuthMethod["ANONYMOUS"] = "anonymous";
|
|
10
|
+
AuthMethod["MAGIC_LINK"] = "magic-link";
|
|
11
|
+
AuthMethod["OTP"] = "otp";
|
|
12
|
+
AuthMethod["PASSKEY"] = "passkey";
|
|
13
|
+
AuthMethod["ONETAP"] = "onetap";
|
|
14
|
+
AuthMethod["SSO"] = "sso";
|
|
15
|
+
})(AuthMethod || (AuthMethod = {}));
|
|
16
|
+
//# sourceMappingURL=auth-strategy.interface.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-strategy.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-strategy.interface.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,CAAN,IAAY,UAUX;AAVD,WAAY,UAAU;IACpB,yCAA2B,CAAA;IAC3B,6BAAe,CAAA;IACf,2BAAa,CAAA;IACb,qCAAuB,CAAA;IACvB,uCAAyB,CAAA;IACzB,yBAAW,CAAA;IACX,iCAAmB,CAAA;IACnB,+BAAiB,CAAA;IACjB,yBAAW,CAAA;AACb,CAAC,EAVW,UAAU,KAAV,UAAU,QAUrB"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Represents an authenticated user across the system.
|
|
3
|
+
* This interface is used inside JWT payloads, request objects, and guards.
|
|
4
|
+
*/
|
|
5
|
+
export interface IAuthUser {
|
|
6
|
+
/** Unique user identifier (UUID or numeric ID as string) */
|
|
7
|
+
id: string;
|
|
8
|
+
/** Email address (may be absent for anonymous users) */
|
|
9
|
+
email?: string;
|
|
10
|
+
/** Phone number (may be absent) */
|
|
11
|
+
phone?: string;
|
|
12
|
+
/** Username or display name */
|
|
13
|
+
username?: string;
|
|
14
|
+
/** Assigned roles for RBAC */
|
|
15
|
+
roles?: string[];
|
|
16
|
+
/** Direct permissions for simple permission checks */
|
|
17
|
+
permissions?: string[];
|
|
18
|
+
/** Whether this is an anonymous session */
|
|
19
|
+
isAnonymous?: boolean;
|
|
20
|
+
/** Whether the user has passed 2FA in this session */
|
|
21
|
+
isMfaVerified?: boolean;
|
|
22
|
+
/** Custom claims bag for extensibility */
|
|
23
|
+
[key: string]: unknown;
|
|
24
|
+
}
|
|
25
|
+
//# sourceMappingURL=auth-user.interface.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-user.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-user.interface.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,4DAA4D;IAC5D,EAAE,EAAE,MAAM,CAAC;IAEX,wDAAwD;IACxD,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,mCAAmC;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IAEjB,sDAAsD;IACtD,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB,2CAA2C;IAC3C,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,sDAAsD;IACtD,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB,0CAA0C;IAC1C,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-user.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-user.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Minimal cache abstraction consumed internally by the auth module.
|
|
3
|
+
*
|
|
4
|
+
* > IMPORTANT: You must register a provider under the `'CACHE_SERVICE'`
|
|
5
|
+
* > token (or a custom token via `AuthModuleOptions.cacheServiceToken`).
|
|
6
|
+
* > The provider can be any compatible cache implementation:
|
|
7
|
+
* > - `cache-manager` (`Cache` from `@nestjs/cache-manager`)
|
|
8
|
+
* > - `keyv` instance
|
|
9
|
+
* > - A custom wrapper implementing this interface
|
|
10
|
+
*
|
|
11
|
+
* @example
|
|
12
|
+
* ```typescript
|
|
13
|
+
* // Register this in your consumer module:
|
|
14
|
+
* {
|
|
15
|
+
* provide: 'CACHE_SERVICE',
|
|
16
|
+
* useExisting: getCache(), // your cache instance
|
|
17
|
+
* }
|
|
18
|
+
* ```
|
|
19
|
+
*/
|
|
20
|
+
export interface ICacheService {
|
|
21
|
+
/** Retrieve a cached value by key */
|
|
22
|
+
get<T = unknown>(key: string): Promise<T | undefined>;
|
|
23
|
+
/** Store a value with optional TTL (seconds) */
|
|
24
|
+
set<T = unknown>(key: string, value: T, ttl?: number): Promise<void>;
|
|
25
|
+
/** Delete a single key */
|
|
26
|
+
del(key: string): Promise<void>;
|
|
27
|
+
/** Flush entire cache (use with care) */
|
|
28
|
+
reset(): Promise<void>;
|
|
29
|
+
}
|
|
30
|
+
//# sourceMappingURL=cache-service.interface.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cache-service.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/cache-service.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,aAAa;IAC5B,qCAAqC;IACrC,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC;IAEtD,gDAAgD;IAChD,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErE,0BAA0B;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC,yCAAyC;IACzC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cache-service.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/cache-service.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export type { IAuthUser } from './auth-user.interface';
|
|
2
|
+
export type { IAuthRequest } from './auth-request.interface';
|
|
3
|
+
export type { ITokenPair, IAuthResult } from './auth-result.interface';
|
|
4
|
+
export { AuthMethod } from './auth-strategy.interface';
|
|
5
|
+
export type { IAuthStrategy } from './auth-strategy.interface';
|
|
6
|
+
export type { ICacheService } from './cache-service.interface';
|
|
7
|
+
export type { IUserService } from './user-service.interface';
|
|
8
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACvD,YAAY,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAC7D,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,YAAY,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC/D,YAAY,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC/D,YAAY,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
import type { IAuthUser } from './auth-user.interface';
|
|
2
|
+
/**
|
|
3
|
+
* Consumer-provided user service.
|
|
4
|
+
* You must register a provider under the `'USER_SERVICE'` token.
|
|
5
|
+
*/
|
|
6
|
+
export interface IUserService {
|
|
7
|
+
/** Find a user by their unique ID */
|
|
8
|
+
findById(id: string): Promise<IAuthUser | null>;
|
|
9
|
+
/** Find a user by email address */
|
|
10
|
+
findByEmail(email: string): Promise<IAuthUser | null>;
|
|
11
|
+
/** Find a user by username */
|
|
12
|
+
findByUsername(username: string): Promise<IAuthUser | null>;
|
|
13
|
+
/** Find a user by a social / OAuth provider ID */
|
|
14
|
+
findBySocialId(provider: string, socialId: string): Promise<IAuthUser | null>;
|
|
15
|
+
/** Create a new user account */
|
|
16
|
+
create(data: Partial<IAuthUser> & {
|
|
17
|
+
password?: string;
|
|
18
|
+
}): Promise<IAuthUser>;
|
|
19
|
+
/** Update user fields */
|
|
20
|
+
update(id: string, data: Partial<IAuthUser>): Promise<IAuthUser>;
|
|
21
|
+
/** Compare a plaintext password against the stored hash */
|
|
22
|
+
validatePassword(user: IAuthUser, password: string): Promise<boolean>;
|
|
23
|
+
/** Store / overwrite the password hash for a user */
|
|
24
|
+
setPassword(id: string, passwordHash: string): Promise<void>;
|
|
25
|
+
/** Retrieve the stored TOTP secret (null if 2FA not configured) */
|
|
26
|
+
getTotpSecret(id: string): Promise<string | null>;
|
|
27
|
+
/** Persist a new TOTP secret (e.g. after enrollment) */
|
|
28
|
+
setTotpSecret(id: string, secret: string): Promise<void>;
|
|
29
|
+
/** Get the list of role identifiers assigned to a user */
|
|
30
|
+
getRoles(id: string): Promise<string[]>;
|
|
31
|
+
/** Get the list of permission identifiers assigned to a user */
|
|
32
|
+
getPermissions(id: string): Promise<string[]>;
|
|
33
|
+
}
|
|
34
|
+
//# sourceMappingURL=user-service.interface.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user-service.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/user-service.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAEvD;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,qCAAqC;IACrC,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAEhD,mCAAmC;IACnC,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAEtD,8BAA8B;IAC9B,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAE5D,kDAAkD;IAClD,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAE9E,gCAAgC;IAChC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAE7E,yBAAyB;IACzB,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAEjE,2DAA2D;IAC3D,gBAAgB,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEtE,qDAAqD;IACrD,WAAW,CAAC,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7D,mEAAmE;IACnE,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAElD,wDAAwD;IACxD,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzD,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAExC,gEAAgE;IAChE,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;CAC/C"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user-service.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/user-service.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Service for hashing and verifying passwords using bcrypt.
|
|
3
|
+
*
|
|
4
|
+
* Uses dynamic import of `bcrypt` so the dependency is optional.
|
|
5
|
+
* If `bcrypt` is not installed, operations throw a descriptive error.
|
|
6
|
+
*/
|
|
7
|
+
export declare class PasswordService {
|
|
8
|
+
private bcrypt;
|
|
9
|
+
private resolved;
|
|
10
|
+
/**
|
|
11
|
+
* Hash a plaintext password.
|
|
12
|
+
*
|
|
13
|
+
* @param password - Plaintext password
|
|
14
|
+
* @param rounds - Cost factor (default 12)
|
|
15
|
+
*/
|
|
16
|
+
hash(password: string, rounds?: number): Promise<string>;
|
|
17
|
+
/**
|
|
18
|
+
* Compare a plaintext password against a stored hash.
|
|
19
|
+
*/
|
|
20
|
+
verify(password: string, hash: string): Promise<boolean>;
|
|
21
|
+
private loadBcrypt;
|
|
22
|
+
}
|
|
23
|
+
//# sourceMappingURL=password.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"password.service.d.ts","sourceRoot":"","sources":["../../../packages/auth/password/password.service.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,qBACa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAwC;IACtD,OAAO,CAAC,QAAQ,CAAS;IAEzB;;;;;OAKG;IACG,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,SAAK,GAAG,OAAO,CAAC,MAAM,CAAC;IAK1D;;OAEG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;YAKhD,UAAU;CAczB"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
import { Injectable } from '@nestjs/common';
|
|
8
|
+
/**
|
|
9
|
+
* Service for hashing and verifying passwords using bcrypt.
|
|
10
|
+
*
|
|
11
|
+
* Uses dynamic import of `bcrypt` so the dependency is optional.
|
|
12
|
+
* If `bcrypt` is not installed, operations throw a descriptive error.
|
|
13
|
+
*/
|
|
14
|
+
let PasswordService = class PasswordService {
|
|
15
|
+
bcrypt = null;
|
|
16
|
+
resolved = false;
|
|
17
|
+
/**
|
|
18
|
+
* Hash a plaintext password.
|
|
19
|
+
*
|
|
20
|
+
* @param password - Plaintext password
|
|
21
|
+
* @param rounds - Cost factor (default 12)
|
|
22
|
+
*/
|
|
23
|
+
async hash(password, rounds = 12) {
|
|
24
|
+
const bcrypt = await this.loadBcrypt();
|
|
25
|
+
return bcrypt.hash(password, rounds);
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Compare a plaintext password against a stored hash.
|
|
29
|
+
*/
|
|
30
|
+
async verify(password, hash) {
|
|
31
|
+
const bcrypt = await this.loadBcrypt();
|
|
32
|
+
return bcrypt.compare(password, hash);
|
|
33
|
+
}
|
|
34
|
+
async loadBcrypt() {
|
|
35
|
+
if (!this.resolved) {
|
|
36
|
+
try {
|
|
37
|
+
this.bcrypt = await import('bcrypt');
|
|
38
|
+
}
|
|
39
|
+
catch {
|
|
40
|
+
throw new Error('PasswordService requires the "bcrypt" package. ' +
|
|
41
|
+
'Run: npm install bcrypt && npm install -D @types/bcrypt');
|
|
42
|
+
}
|
|
43
|
+
this.resolved = true;
|
|
44
|
+
}
|
|
45
|
+
return this.bcrypt;
|
|
46
|
+
}
|
|
47
|
+
};
|
|
48
|
+
PasswordService = __decorate([
|
|
49
|
+
Injectable()
|
|
50
|
+
], PasswordService);
|
|
51
|
+
export { PasswordService };
|
|
52
|
+
//# sourceMappingURL=password.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"password.service.js","sourceRoot":"","sources":["../../../packages/auth/password/password.service.ts"],"names":[],"mappings":";;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C;;;;;GAKG;AAEI,IAAM,eAAe,GAArB,MAAM,eAAe;IAClB,MAAM,GAAmC,IAAI,CAAC;IAC9C,QAAQ,GAAG,KAAK,CAAC;IAEzB;;;;;OAKG;IACH,KAAK,CAAC,IAAI,CAAC,QAAgB,EAAE,MAAM,GAAG,EAAE;QACtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACvC,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAY;QACzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACvC,OAAO,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACxC,CAAC;IAEO,KAAK,CAAC,UAAU;QACtB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,IAAI,CAAC,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;YACvC,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,KAAK,CACb,iDAAiD;oBAC/C,yDAAyD,CAC5D,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,CAAC;QACD,OAAO,IAAI,CAAC,MAAO,CAAC;IACtB,CAAC;CACF,CAAA;AArCY,eAAe;IAD3B,UAAU,EAAE;GACA,eAAe,CAqC3B"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
import type { ICacheService } from '../interfaces';
|
|
2
|
+
export interface IDeviceInfo {
|
|
3
|
+
deviceId: string;
|
|
4
|
+
userId: string;
|
|
5
|
+
userAgent?: string;
|
|
6
|
+
ip?: string;
|
|
7
|
+
lastActivity: number;
|
|
8
|
+
createdAt: number;
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Tracks active devices / sessions per user so that:
|
|
12
|
+
* - Users can view all active sessions
|
|
13
|
+
* - Users can log out a specific device (like Telegram)
|
|
14
|
+
* - Admins can force-terminate sessions
|
|
15
|
+
*/
|
|
16
|
+
export declare class DeviceSessionService {
|
|
17
|
+
private readonly cache;
|
|
18
|
+
constructor(cache: ICacheService);
|
|
19
|
+
/**
|
|
20
|
+
* Register a new device session.
|
|
21
|
+
*
|
|
22
|
+
* @param info Device and session metadata
|
|
23
|
+
* @param ttl Session TTL in seconds (default 30 days)
|
|
24
|
+
*/
|
|
25
|
+
register(info: Omit<IDeviceInfo, 'createdAt'>, ttl?: number): Promise<void>;
|
|
26
|
+
/**
|
|
27
|
+
* Get all active sessions for a user.
|
|
28
|
+
*/
|
|
29
|
+
getUserSessions(_userId: string): Promise<IDeviceInfo[]>;
|
|
30
|
+
/**
|
|
31
|
+
* Get a single device session by user + device ID.
|
|
32
|
+
*/
|
|
33
|
+
getSession(userId: string, deviceId: string): Promise<IDeviceInfo | null>;
|
|
34
|
+
/**
|
|
35
|
+
* Remove a specific device session (per-device logout).
|
|
36
|
+
*/
|
|
37
|
+
removeSession(userId: string, deviceId: string): Promise<void>;
|
|
38
|
+
/**
|
|
39
|
+
* Remove all sessions for a user (global logout).
|
|
40
|
+
*/
|
|
41
|
+
removeAllUserSessions(_userId: string): Promise<void>;
|
|
42
|
+
}
|
|
43
|
+
//# sourceMappingURL=device-session.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"device-session.service.d.ts","sourceRoot":"","sources":["../../../packages/auth/session/device-session.service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGnD,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;GAKG;AACH,qBACa,oBAAoB;IAG7B,OAAO,CAAC,QAAQ,CAAC,KAAK;gBAAL,KAAK,EAAE,aAAa;IAGvC;;;;;OAKG;IACG,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,GAAG,SAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAKpF;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAOxD;;OAEG;IACG,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAO/E;;OAEG;IACG,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpE;;OAEG;IACG,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAI5D"}
|