@os.io/nest-kit 0.0.1-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (287) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +111 -0
  3. package/dist/auth/auth.constants.d.ts +19 -0
  4. package/dist/auth/auth.constants.d.ts.map +1 -0
  5. package/dist/auth/auth.constants.js +19 -0
  6. package/dist/auth/auth.constants.js.map +1 -0
  7. package/dist/auth/auth.guard.d.ts +20 -0
  8. package/dist/auth/auth.guard.d.ts.map +1 -0
  9. package/dist/auth/auth.guard.js +84 -0
  10. package/dist/auth/auth.guard.js.map +1 -0
  11. package/dist/auth/auth.module.d.ts +26 -0
  12. package/dist/auth/auth.module.d.ts.map +1 -0
  13. package/dist/auth/auth.module.js +344 -0
  14. package/dist/auth/auth.module.js.map +1 -0
  15. package/dist/auth/auth.options.d.ts +179 -0
  16. package/dist/auth/auth.options.d.ts.map +1 -0
  17. package/dist/auth/auth.options.js +2 -0
  18. package/dist/auth/auth.options.js.map +1 -0
  19. package/dist/auth/auth.service.d.ts +57 -0
  20. package/dist/auth/auth.service.d.ts.map +1 -0
  21. package/dist/auth/auth.service.js +175 -0
  22. package/dist/auth/auth.service.js.map +1 -0
  23. package/dist/auth/authorization/index.d.ts +3 -0
  24. package/dist/auth/authorization/index.d.ts.map +1 -0
  25. package/dist/auth/authorization/index.js +3 -0
  26. package/dist/auth/authorization/index.js.map +1 -0
  27. package/dist/auth/authorization/pbac/index.d.ts +6 -0
  28. package/dist/auth/authorization/pbac/index.d.ts.map +1 -0
  29. package/dist/auth/authorization/pbac/index.js +4 -0
  30. package/dist/auth/authorization/pbac/index.js.map +1 -0
  31. package/dist/auth/authorization/pbac/pbac.decorator.d.ts +18 -0
  32. package/dist/auth/authorization/pbac/pbac.decorator.d.ts.map +1 -0
  33. package/dist/auth/authorization/pbac/pbac.decorator.js +14 -0
  34. package/dist/auth/authorization/pbac/pbac.decorator.js.map +1 -0
  35. package/dist/auth/authorization/pbac/pbac.guard.d.ts +19 -0
  36. package/dist/auth/authorization/pbac/pbac.guard.d.ts.map +1 -0
  37. package/dist/auth/authorization/pbac/pbac.guard.js +60 -0
  38. package/dist/auth/authorization/pbac/pbac.guard.js.map +1 -0
  39. package/dist/auth/authorization/pbac/pbac.service.d.ts +44 -0
  40. package/dist/auth/authorization/pbac/pbac.service.d.ts.map +1 -0
  41. package/dist/auth/authorization/pbac/pbac.service.js +146 -0
  42. package/dist/auth/authorization/pbac/pbac.service.js.map +1 -0
  43. package/dist/auth/authorization/pbac/pbac.types.d.ts +47 -0
  44. package/dist/auth/authorization/pbac/pbac.types.d.ts.map +1 -0
  45. package/dist/auth/authorization/pbac/pbac.types.js +2 -0
  46. package/dist/auth/authorization/pbac/pbac.types.js.map +1 -0
  47. package/dist/auth/authorization/rbac/index.d.ts +4 -0
  48. package/dist/auth/authorization/rbac/index.d.ts.map +1 -0
  49. package/dist/auth/authorization/rbac/index.js +4 -0
  50. package/dist/auth/authorization/rbac/index.js.map +1 -0
  51. package/dist/auth/authorization/rbac/rbac.decorator.d.ts +18 -0
  52. package/dist/auth/authorization/rbac/rbac.decorator.d.ts.map +1 -0
  53. package/dist/auth/authorization/rbac/rbac.decorator.js +25 -0
  54. package/dist/auth/authorization/rbac/rbac.decorator.js.map +1 -0
  55. package/dist/auth/authorization/rbac/rbac.guard.d.ts +19 -0
  56. package/dist/auth/authorization/rbac/rbac.guard.d.ts.map +1 -0
  57. package/dist/auth/authorization/rbac/rbac.guard.js +50 -0
  58. package/dist/auth/authorization/rbac/rbac.guard.js.map +1 -0
  59. package/dist/auth/authorization/rbac/rbac.service.d.ts +43 -0
  60. package/dist/auth/authorization/rbac/rbac.service.d.ts.map +1 -0
  61. package/dist/auth/authorization/rbac/rbac.service.js +95 -0
  62. package/dist/auth/authorization/rbac/rbac.service.js.map +1 -0
  63. package/dist/auth/decorators/current-user.decorator.d.ts +17 -0
  64. package/dist/auth/decorators/current-user.decorator.d.ts.map +1 -0
  65. package/dist/auth/decorators/current-user.decorator.js +23 -0
  66. package/dist/auth/decorators/current-user.decorator.js.map +1 -0
  67. package/dist/auth/decorators/index.d.ts +3 -0
  68. package/dist/auth/decorators/index.d.ts.map +1 -0
  69. package/dist/auth/decorators/index.js +3 -0
  70. package/dist/auth/decorators/index.js.map +1 -0
  71. package/dist/auth/decorators/public.decorator.d.ts +13 -0
  72. package/dist/auth/decorators/public.decorator.d.ts.map +1 -0
  73. package/dist/auth/decorators/public.decorator.js +15 -0
  74. package/dist/auth/decorators/public.decorator.js.map +1 -0
  75. package/dist/auth/index.d.ts +63 -0
  76. package/dist/auth/index.d.ts.map +1 -0
  77. package/dist/auth/index.js +65 -0
  78. package/dist/auth/index.js.map +1 -0
  79. package/dist/auth/interfaces/auth-request.interface.d.ts +18 -0
  80. package/dist/auth/interfaces/auth-request.interface.d.ts.map +1 -0
  81. package/dist/auth/interfaces/auth-request.interface.js +2 -0
  82. package/dist/auth/interfaces/auth-request.interface.js.map +1 -0
  83. package/dist/auth/interfaces/auth-result.interface.d.ts +28 -0
  84. package/dist/auth/interfaces/auth-result.interface.d.ts.map +1 -0
  85. package/dist/auth/interfaces/auth-result.interface.js +2 -0
  86. package/dist/auth/interfaces/auth-result.interface.js.map +1 -0
  87. package/dist/auth/interfaces/auth-strategy.interface.d.ts +37 -0
  88. package/dist/auth/interfaces/auth-strategy.interface.d.ts.map +1 -0
  89. package/dist/auth/interfaces/auth-strategy.interface.js +16 -0
  90. package/dist/auth/interfaces/auth-strategy.interface.js.map +1 -0
  91. package/dist/auth/interfaces/auth-user.interface.d.ts +25 -0
  92. package/dist/auth/interfaces/auth-user.interface.d.ts.map +1 -0
  93. package/dist/auth/interfaces/auth-user.interface.js +2 -0
  94. package/dist/auth/interfaces/auth-user.interface.js.map +1 -0
  95. package/dist/auth/interfaces/cache-service.interface.d.ts +30 -0
  96. package/dist/auth/interfaces/cache-service.interface.d.ts.map +1 -0
  97. package/dist/auth/interfaces/cache-service.interface.js +2 -0
  98. package/dist/auth/interfaces/cache-service.interface.js.map +1 -0
  99. package/dist/auth/interfaces/index.d.ts +8 -0
  100. package/dist/auth/interfaces/index.d.ts.map +1 -0
  101. package/dist/auth/interfaces/index.js +2 -0
  102. package/dist/auth/interfaces/index.js.map +1 -0
  103. package/dist/auth/interfaces/user-service.interface.d.ts +34 -0
  104. package/dist/auth/interfaces/user-service.interface.d.ts.map +1 -0
  105. package/dist/auth/interfaces/user-service.interface.js +2 -0
  106. package/dist/auth/interfaces/user-service.interface.js.map +1 -0
  107. package/dist/auth/password/password.service.d.ts +23 -0
  108. package/dist/auth/password/password.service.d.ts.map +1 -0
  109. package/dist/auth/password/password.service.js +52 -0
  110. package/dist/auth/password/password.service.js.map +1 -0
  111. package/dist/auth/session/device-session.service.d.ts +43 -0
  112. package/dist/auth/session/device-session.service.d.ts.map +1 -0
  113. package/dist/auth/session/device-session.service.js +72 -0
  114. package/dist/auth/session/device-session.service.js.map +1 -0
  115. package/dist/auth/session/index.d.ts +5 -0
  116. package/dist/auth/session/index.d.ts.map +1 -0
  117. package/dist/auth/session/index.js +4 -0
  118. package/dist/auth/session/index.js.map +1 -0
  119. package/dist/auth/session/jwt.service.d.ts +37 -0
  120. package/dist/auth/session/jwt.service.d.ts.map +1 -0
  121. package/dist/auth/session/jwt.service.js +119 -0
  122. package/dist/auth/session/jwt.service.js.map +1 -0
  123. package/dist/auth/session/token-blacklist.service.d.ts +37 -0
  124. package/dist/auth/session/token-blacklist.service.d.ts.map +1 -0
  125. package/dist/auth/session/token-blacklist.service.js +70 -0
  126. package/dist/auth/session/token-blacklist.service.js.map +1 -0
  127. package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts +19 -0
  128. package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts.map +1 -0
  129. package/dist/auth/strategies/anonymous/anonymous.strategy.js +49 -0
  130. package/dist/auth/strategies/anonymous/anonymous.strategy.js.map +1 -0
  131. package/dist/auth/strategies/base/base.strategy.d.ts +11 -0
  132. package/dist/auth/strategies/base/base.strategy.d.ts.map +1 -0
  133. package/dist/auth/strategies/base/base.strategy.js +6 -0
  134. package/dist/auth/strategies/base/base.strategy.js.map +1 -0
  135. package/dist/auth/strategies/credentials/credentials.strategy.d.ts +21 -0
  136. package/dist/auth/strategies/credentials/credentials.strategy.d.ts.map +1 -0
  137. package/dist/auth/strategies/credentials/credentials.strategy.js +67 -0
  138. package/dist/auth/strategies/credentials/credentials.strategy.js.map +1 -0
  139. package/dist/auth/strategies/index.d.ts +12 -0
  140. package/dist/auth/strategies/index.d.ts.map +1 -0
  141. package/dist/auth/strategies/index.js +12 -0
  142. package/dist/auth/strategies/index.js.map +1 -0
  143. package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts +31 -0
  144. package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts.map +1 -0
  145. package/dist/auth/strategies/magic-link/magic-link.strategy.js +88 -0
  146. package/dist/auth/strategies/magic-link/magic-link.strategy.js.map +1 -0
  147. package/dist/auth/strategies/oauth/index.d.ts +3 -0
  148. package/dist/auth/strategies/oauth/index.d.ts.map +1 -0
  149. package/dist/auth/strategies/oauth/index.js +3 -0
  150. package/dist/auth/strategies/oauth/index.js.map +1 -0
  151. package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts +13 -0
  152. package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts.map +1 -0
  153. package/dist/auth/strategies/oauth/oauth-provider-registry.js +20 -0
  154. package/dist/auth/strategies/oauth/oauth-provider-registry.js.map +1 -0
  155. package/dist/auth/strategies/oauth/oauth.strategy.d.ts +23 -0
  156. package/dist/auth/strategies/oauth/oauth.strategy.d.ts.map +1 -0
  157. package/dist/auth/strategies/oauth/oauth.strategy.js +79 -0
  158. package/dist/auth/strategies/oauth/oauth.strategy.js.map +1 -0
  159. package/dist/auth/strategies/onetap/onetap.strategy.d.ts +24 -0
  160. package/dist/auth/strategies/onetap/onetap.strategy.d.ts.map +1 -0
  161. package/dist/auth/strategies/onetap/onetap.strategy.js +77 -0
  162. package/dist/auth/strategies/onetap/onetap.strategy.js.map +1 -0
  163. package/dist/auth/strategies/otp/otp.strategy.d.ts +31 -0
  164. package/dist/auth/strategies/otp/otp.strategy.d.ts.map +1 -0
  165. package/dist/auth/strategies/otp/otp.strategy.js +93 -0
  166. package/dist/auth/strategies/otp/otp.strategy.js.map +1 -0
  167. package/dist/auth/strategies/passkey/passkey.strategy.d.ts +32 -0
  168. package/dist/auth/strategies/passkey/passkey.strategy.d.ts.map +1 -0
  169. package/dist/auth/strategies/passkey/passkey.strategy.js +102 -0
  170. package/dist/auth/strategies/passkey/passkey.strategy.js.map +1 -0
  171. package/dist/auth/strategies/sso/sso.strategy.d.ts +25 -0
  172. package/dist/auth/strategies/sso/sso.strategy.d.ts.map +1 -0
  173. package/dist/auth/strategies/sso/sso.strategy.js +80 -0
  174. package/dist/auth/strategies/sso/sso.strategy.js.map +1 -0
  175. package/dist/auth/strategies/totp/totp.strategy.d.ts +37 -0
  176. package/dist/auth/strategies/totp/totp.strategy.d.ts.map +1 -0
  177. package/dist/auth/strategies/totp/totp.strategy.js +109 -0
  178. package/dist/auth/strategies/totp/totp.strategy.js.map +1 -0
  179. package/dist/auth/throttling/index.d.ts +2 -0
  180. package/dist/auth/throttling/index.d.ts.map +1 -0
  181. package/dist/auth/throttling/index.js +2 -0
  182. package/dist/auth/throttling/index.js.map +1 -0
  183. package/dist/auth/throttling/throttle.service.d.ts +27 -0
  184. package/dist/auth/throttling/throttle.service.d.ts.map +1 -0
  185. package/dist/auth/throttling/throttle.service.js +63 -0
  186. package/dist/auth/throttling/throttle.service.js.map +1 -0
  187. package/dist/bootstrap/cache/config.d.ts +135 -0
  188. package/dist/bootstrap/cache/config.d.ts.map +1 -0
  189. package/dist/bootstrap/cache/config.js +189 -0
  190. package/dist/bootstrap/cache/config.js.map +1 -0
  191. package/dist/bootstrap/cache/index.d.ts +11 -0
  192. package/dist/bootstrap/cache/index.d.ts.map +1 -0
  193. package/dist/bootstrap/cache/index.js +11 -0
  194. package/dist/bootstrap/cache/index.js.map +1 -0
  195. package/dist/bootstrap/index.d.ts +21 -0
  196. package/dist/bootstrap/index.d.ts.map +1 -0
  197. package/dist/bootstrap/index.js +21 -0
  198. package/dist/bootstrap/index.js.map +1 -0
  199. package/dist/bootstrap/scalar/api-docs.d.ts +39 -0
  200. package/dist/bootstrap/scalar/api-docs.d.ts.map +1 -0
  201. package/dist/bootstrap/scalar/api-docs.js +41 -0
  202. package/dist/bootstrap/scalar/api-docs.js.map +1 -0
  203. package/dist/bootstrap/scalar/index.d.ts +39 -0
  204. package/dist/bootstrap/scalar/index.d.ts.map +1 -0
  205. package/dist/bootstrap/scalar/index.js +41 -0
  206. package/dist/bootstrap/scalar/index.js.map +1 -0
  207. package/dist/bootstrap/swagger/api-docs.d.ts +73 -0
  208. package/dist/bootstrap/swagger/api-docs.d.ts.map +1 -0
  209. package/dist/bootstrap/swagger/api-docs.js +87 -0
  210. package/dist/bootstrap/swagger/api-docs.js.map +1 -0
  211. package/dist/bootstrap/swagger/index.d.ts +37 -0
  212. package/dist/bootstrap/swagger/index.d.ts.map +1 -0
  213. package/dist/bootstrap/swagger/index.js +36 -0
  214. package/dist/bootstrap/swagger/index.js.map +1 -0
  215. package/dist/bootstrap/typeorm/config/index.d.ts +12 -0
  216. package/dist/bootstrap/typeorm/config/index.d.ts.map +1 -0
  217. package/dist/bootstrap/typeorm/config/index.js +62 -0
  218. package/dist/bootstrap/typeorm/config/index.js.map +1 -0
  219. package/dist/bootstrap/typeorm/crud/controller.d.ts +13 -0
  220. package/dist/bootstrap/typeorm/crud/controller.d.ts.map +1 -0
  221. package/dist/bootstrap/typeorm/crud/controller.js +72 -0
  222. package/dist/bootstrap/typeorm/crud/controller.js.map +1 -0
  223. package/dist/bootstrap/typeorm/crud/index.d.ts +4 -0
  224. package/dist/bootstrap/typeorm/crud/index.d.ts.map +1 -0
  225. package/dist/bootstrap/typeorm/crud/index.js +3 -0
  226. package/dist/bootstrap/typeorm/crud/index.js.map +1 -0
  227. package/dist/bootstrap/typeorm/crud/service.d.ts +10 -0
  228. package/dist/bootstrap/typeorm/crud/service.d.ts.map +1 -0
  229. package/dist/bootstrap/typeorm/crud/service.js +21 -0
  230. package/dist/bootstrap/typeorm/crud/service.js.map +1 -0
  231. package/dist/bootstrap/typeorm/index.d.ts +18 -0
  232. package/dist/bootstrap/typeorm/index.d.ts.map +1 -0
  233. package/dist/bootstrap/typeorm/index.js +18 -0
  234. package/dist/bootstrap/typeorm/index.js.map +1 -0
  235. package/dist/bootstrap/typeorm/uow/factory.d.ts +5 -0
  236. package/dist/bootstrap/typeorm/uow/factory.d.ts.map +1 -0
  237. package/dist/bootstrap/typeorm/uow/factory.js +27 -0
  238. package/dist/bootstrap/typeorm/uow/factory.js.map +1 -0
  239. package/dist/bootstrap/typeorm/uow/index.d.ts +4 -0
  240. package/dist/bootstrap/typeorm/uow/index.d.ts.map +1 -0
  241. package/dist/bootstrap/typeorm/uow/index.js +4 -0
  242. package/dist/bootstrap/typeorm/uow/index.js.map +1 -0
  243. package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts +62 -0
  244. package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts.map +1 -0
  245. package/dist/bootstrap/typeorm/uow/transactional.decorator.js +114 -0
  246. package/dist/bootstrap/typeorm/uow/transactional.decorator.js.map +1 -0
  247. package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts +11 -0
  248. package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts.map +1 -0
  249. package/dist/bootstrap/typeorm/uow/unit-of-work.js +23 -0
  250. package/dist/bootstrap/typeorm/uow/unit-of-work.js.map +1 -0
  251. package/dist/core/index.d.ts +11 -0
  252. package/dist/core/index.d.ts.map +1 -0
  253. package/dist/core/index.js +11 -0
  254. package/dist/core/index.js.map +1 -0
  255. package/dist/infra/audit-log/index.d.ts +12 -0
  256. package/dist/infra/audit-log/index.d.ts.map +1 -0
  257. package/dist/infra/audit-log/index.js +13 -0
  258. package/dist/infra/audit-log/index.js.map +1 -0
  259. package/dist/infra/index.d.ts +20 -0
  260. package/dist/infra/index.d.ts.map +1 -0
  261. package/dist/infra/index.js +21 -0
  262. package/dist/infra/index.js.map +1 -0
  263. package/dist/infra/logger/index.d.ts +12 -0
  264. package/dist/infra/logger/index.d.ts.map +1 -0
  265. package/dist/infra/logger/index.js +13 -0
  266. package/dist/infra/logger/index.js.map +1 -0
  267. package/dist/infra/metrics/index.d.ts +18 -0
  268. package/dist/infra/metrics/index.d.ts.map +1 -0
  269. package/dist/infra/metrics/index.js +19 -0
  270. package/dist/infra/metrics/index.js.map +1 -0
  271. package/dist/infra/notification/index.d.ts +12 -0
  272. package/dist/infra/notification/index.d.ts.map +1 -0
  273. package/dist/infra/notification/index.js +13 -0
  274. package/dist/infra/notification/index.js.map +1 -0
  275. package/dist/infra/storage/index.d.ts +12 -0
  276. package/dist/infra/storage/index.d.ts.map +1 -0
  277. package/dist/infra/storage/index.js +13 -0
  278. package/dist/infra/storage/index.js.map +1 -0
  279. package/dist/infra/stripe/index.d.ts +12 -0
  280. package/dist/infra/stripe/index.d.ts.map +1 -0
  281. package/dist/infra/stripe/index.js +13 -0
  282. package/dist/infra/stripe/index.js.map +1 -0
  283. package/dist/saas/index.d.ts +18 -0
  284. package/dist/saas/index.d.ts.map +1 -0
  285. package/dist/saas/index.js +19 -0
  286. package/dist/saas/index.js.map +1 -0
  287. package/package.json +165 -0
@@ -0,0 +1 @@
1
+ {"version":3,"file":"public.decorator.d.ts","sourceRoot":"","sources":["../../../packages/auth/decorators/public.decorator.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;GAUG;AACH,eAAO,MAAM,MAAM,wDAA2C,CAAC"}
@@ -0,0 +1,15 @@
1
+ import { SetMetadata } from '@nestjs/common';
2
+ import { METADATA_PUBLIC } from '../auth.constants';
3
+ /**
4
+ * Mark a route handler or controller as publicly accessible
5
+ * (bypasses the global AuthGuard).
6
+ *
7
+ * @example
8
+ * ```typescript
9
+ * @Public()
10
+ * @Get('login')
11
+ * login() { … }
12
+ * ```
13
+ */
14
+ export const Public = () => SetMetadata(METADATA_PUBLIC, true);
15
+ //# sourceMappingURL=public.decorator.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"public.decorator.js","sourceRoot":"","sources":["../../../packages/auth/decorators/public.decorator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,GAAG,EAAE,CAAC,WAAW,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC"}
@@ -0,0 +1,63 @@
1
+ /**
2
+ * @os.io/nest-kit/auth
3
+ *
4
+ * Authentication & Authorization toolkit for NestJS applications.
5
+ *
6
+ * ## Features
7
+ *
8
+ * - **Authentication**: Credentials (email/password), OAuth (Google, GitHub,
9
+ * Facebook, Apple, Microsoft, Discord, custom), TOTP 2FA, Anonymous sessions,
10
+ * Magic Link, OTP (email/phone), Passkey (WebAuthn/FIDO2), OneTap (Google
11
+ * & Apple), SSO (SAML & OpenID Connect).
12
+ * - **Authorization**: RBAC (Role-Based) and PBAC (Policy-Based) — use either
13
+ * or both independently on different routes.
14
+ * - **Session**: Stateless JWT with refresh-token rotation, multi-device tracking,
15
+ * per-device logout (Telegram-style).
16
+ * - **Security**: bcrypt password hashing, rate limiting, token blacklisting
17
+ * via Redis/Valkey, token versioning.
18
+ * - **Scalability**: Horizontal scaling via shared cache; asymmetric JWT
19
+ * (RS256/ES256) enables service-to-service token validation without
20
+ * centralised auth calls.
21
+ *
22
+ * ## Quick Start
23
+ *
24
+ * ```typescript
25
+ * import { AuthModule } from '@os.io/nest-kit/auth';
26
+ *
27
+ * @Module({
28
+ * imports: [
29
+ * AuthModule.forRoot({
30
+ * jwtSecret: process.env.JWT_SECRET,
31
+ * credentials: true,
32
+ * rbac: true,
33
+ * }),
34
+ * ],
35
+ * providers: [
36
+ * { provide: 'USER_SERVICE', useClass: MyUserService },
37
+ * { provide: 'CACHE_SERVICE', useExisting: getCache() },
38
+ * ],
39
+ * })
40
+ * export class AppModule {}
41
+ * ```
42
+ *
43
+ * @module
44
+ * @packageDocumentation
45
+ */
46
+ export { AuthModule } from './auth.module';
47
+ export { AuthService } from './auth.service';
48
+ export { AuthGuard } from './auth.guard';
49
+ export { AUTH_MODULE_OPTIONS, CACHE_SERVICE, USER_SERVICE, AUTH_STRATEGIES, METADATA_PUBLIC, METADATA_ROLES, METADATA_PERMISSIONS, METADATA_POLICY, } from './auth.constants';
50
+ export type { AuthModuleOptions, AuthModuleAsyncOptions, CredentialsOptions, OAuthOptions, OAuthProviderConfig, TOTPOptions, AnonymousOptions, MagicLinkOptions, OTPOptions, PasskeyOptions, OneTapOptions, SSOOptions, SamlProviderConfig, OidcProviderConfig, RBACOptions, PBACOptions, SessionOptions, ThrottleOptions, } from './auth.options';
51
+ export type { IAuthUser, IAuthRequest, ITokenPair, IAuthResult, IAuthStrategy, ICacheService, IUserService, } from './interfaces';
52
+ export { AuthMethod } from './interfaces';
53
+ export { CurrentUser, Public } from './decorators';
54
+ export { JwtService, TokenBlacklistService, DeviceSessionService } from './session';
55
+ export type { IDeviceInfo } from './session';
56
+ export { PasswordService } from './password/password.service';
57
+ export { ThrottleService } from './throttling/throttle.service';
58
+ export { BaseStrategy, CredentialsStrategy, OAuthStrategy, OAuthProviderRegistry, TotpStrategy, AnonymousStrategy, MagicLinkStrategy, OtpStrategy, PasskeyStrategy, OneTapStrategy, SsoStrategy, } from './strategies';
59
+ export { RbacService, RbacGuard, Roles } from './authorization/rbac';
60
+ export { PbacService, PbacGuard, RequirePolicy } from './authorization/pbac';
61
+ export type { PolicyDecoratorOptions } from './authorization/pbac';
62
+ export type { PolicyStatement, PolicyDocument, PolicyContext, PolicyEffect, } from './authorization/pbac';
63
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../packages/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAGzC,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,YAAY,EACZ,eAAe,EACf,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,eAAe,GAChB,MAAM,kBAAkB,CAAC;AAG1B,YAAY,EACV,iBAAiB,EACjB,sBAAsB,EACtB,kBAAkB,EAClB,YAAY,EACZ,mBAAmB,EACnB,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,kBAAkB,EAClB,WAAW,EACX,WAAW,EACX,cAAc,EACd,eAAe,GAChB,MAAM,gBAAgB,CAAC;AAGxB,YAAY,EACV,SAAS,EACT,YAAY,EACZ,UAAU,EACV,WAAW,EACX,aAAa,EACb,aAAa,EACb,YAAY,GACb,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAG1C,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAGnD,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AACpF,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAG7C,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAG9D,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAGhE,OAAO,EACL,YAAY,EACZ,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,WAAW,EACX,eAAe,EACf,cAAc,EACd,WAAW,GACZ,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC7E,YAAY,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AACnE,YAAY,EACV,eAAe,EACf,cAAc,EACd,aAAa,EACb,YAAY,GACb,MAAM,sBAAsB,CAAC"}
@@ -0,0 +1,65 @@
1
+ /**
2
+ * @os.io/nest-kit/auth
3
+ *
4
+ * Authentication & Authorization toolkit for NestJS applications.
5
+ *
6
+ * ## Features
7
+ *
8
+ * - **Authentication**: Credentials (email/password), OAuth (Google, GitHub,
9
+ * Facebook, Apple, Microsoft, Discord, custom), TOTP 2FA, Anonymous sessions,
10
+ * Magic Link, OTP (email/phone), Passkey (WebAuthn/FIDO2), OneTap (Google
11
+ * & Apple), SSO (SAML & OpenID Connect).
12
+ * - **Authorization**: RBAC (Role-Based) and PBAC (Policy-Based) — use either
13
+ * or both independently on different routes.
14
+ * - **Session**: Stateless JWT with refresh-token rotation, multi-device tracking,
15
+ * per-device logout (Telegram-style).
16
+ * - **Security**: bcrypt password hashing, rate limiting, token blacklisting
17
+ * via Redis/Valkey, token versioning.
18
+ * - **Scalability**: Horizontal scaling via shared cache; asymmetric JWT
19
+ * (RS256/ES256) enables service-to-service token validation without
20
+ * centralised auth calls.
21
+ *
22
+ * ## Quick Start
23
+ *
24
+ * ```typescript
25
+ * import { AuthModule } from '@os.io/nest-kit/auth';
26
+ *
27
+ * @Module({
28
+ * imports: [
29
+ * AuthModule.forRoot({
30
+ * jwtSecret: process.env.JWT_SECRET,
31
+ * credentials: true,
32
+ * rbac: true,
33
+ * }),
34
+ * ],
35
+ * providers: [
36
+ * { provide: 'USER_SERVICE', useClass: MyUserService },
37
+ * { provide: 'CACHE_SERVICE', useExisting: getCache() },
38
+ * ],
39
+ * })
40
+ * export class AppModule {}
41
+ * ```
42
+ *
43
+ * @module
44
+ * @packageDocumentation
45
+ */
46
+ export { AuthModule } from './auth.module';
47
+ export { AuthService } from './auth.service';
48
+ export { AuthGuard } from './auth.guard';
49
+ // ── Constants ──
50
+ export { AUTH_MODULE_OPTIONS, CACHE_SERVICE, USER_SERVICE, AUTH_STRATEGIES, METADATA_PUBLIC, METADATA_ROLES, METADATA_PERMISSIONS, METADATA_POLICY, } from './auth.constants';
51
+ export { AuthMethod } from './interfaces';
52
+ // ── Decorators ──
53
+ export { CurrentUser, Public } from './decorators';
54
+ // ── Session ──
55
+ export { JwtService, TokenBlacklistService, DeviceSessionService } from './session';
56
+ // ── Password ──
57
+ export { PasswordService } from './password/password.service';
58
+ // ── Throttling ──
59
+ export { ThrottleService } from './throttling/throttle.service';
60
+ // ── Strategies ──
61
+ export { BaseStrategy, CredentialsStrategy, OAuthStrategy, OAuthProviderRegistry, TotpStrategy, AnonymousStrategy, MagicLinkStrategy, OtpStrategy, PasskeyStrategy, OneTapStrategy, SsoStrategy, } from './strategies';
62
+ // ── Authorization ──
63
+ export { RbacService, RbacGuard, Roles } from './authorization/rbac';
64
+ export { PbacService, PbacGuard, RequirePolicy } from './authorization/pbac';
65
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../packages/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,kBAAkB;AAClB,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,YAAY,EACZ,eAAe,EACf,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,eAAe,GAChB,MAAM,kBAAkB,CAAC;AAkC1B,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,mBAAmB;AACnB,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEnD,gBAAgB;AAChB,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAGpF,iBAAiB;AACjB,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAE9D,mBAAmB;AACnB,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE,mBAAmB;AACnB,OAAO,EACL,YAAY,EACZ,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,WAAW,EACX,eAAe,EACf,cAAc,EACd,WAAW,GACZ,MAAM,cAAc,CAAC;AAEtB,sBAAsB;AACtB,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC"}
@@ -0,0 +1,18 @@
1
+ import type { IAuthUser } from './auth-user.interface';
2
+ /**
3
+ * Extended Express/NestJS request with authenticated user info.
4
+ * Attached by AuthGuard after successful token validation.
5
+ */
6
+ export interface IAuthRequest {
7
+ /** Authenticated user entity */
8
+ user?: IAuthUser;
9
+ /** Raw access token from the request */
10
+ accessToken?: string;
11
+ /** Raw refresh token (if present in request) */
12
+ refreshToken?: string;
13
+ /** Device / session identifier for multi-device tracking */
14
+ deviceId?: string;
15
+ /** Session identifier */
16
+ sessionId?: string;
17
+ }
18
+ //# sourceMappingURL=auth-request.interface.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auth-request.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-request.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAEvD;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,wCAAwC;IACxC,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,yBAAyB;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=auth-request.interface.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auth-request.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-request.interface.ts"],"names":[],"mappings":""}
@@ -0,0 +1,28 @@
1
+ import type { IAuthUser } from './auth-user.interface';
2
+ /**
3
+ * Pair of access and refresh tokens returned from successful authentication.
4
+ */
5
+ export interface ITokenPair {
6
+ /** Short-lived JWT access token (Bearer) */
7
+ accessToken: string;
8
+ /** Long-lived refresh token for rotating sessions */
9
+ refreshToken: string;
10
+ /** Access token TTL in seconds */
11
+ expiresIn: number;
12
+ }
13
+ /**
14
+ * Result returned by every authentication strategy on success.
15
+ */
16
+ export interface IAuthResult {
17
+ /** Authenticated user entity */
18
+ user: IAuthUser;
19
+ /** Token pair for subsequent requests */
20
+ tokens: ITokenPair;
21
+ /** Whether the user was just created (first sign-up) */
22
+ isNewUser?: boolean;
23
+ /** Whether the user must complete a second factor */
24
+ isMfaRequired?: boolean;
25
+ /** Server-generated session identifier */
26
+ sessionId?: string;
27
+ }
28
+ //# sourceMappingURL=auth-result.interface.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auth-result.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-result.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,YAAY,EAAE,MAAM,CAAC;IACrB,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,gCAAgC;IAChC,IAAI,EAAE,SAAS,CAAC;IAChB,yCAAyC;IACzC,MAAM,EAAE,UAAU,CAAC;IACnB,wDAAwD;IACxD,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,qDAAqD;IACrD,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,0CAA0C;IAC1C,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=auth-result.interface.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auth-result.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-result.interface.ts"],"names":[],"mappings":""}
@@ -0,0 +1,37 @@
1
+ import type { ExecutionContext } from '@nestjs/common';
2
+ import type { IAuthResult } from './auth-result.interface';
3
+ /**
4
+ * Authentication method enum — each value maps to a strategy.
5
+ */
6
+ export declare enum AuthMethod {
7
+ CREDENTIALS = "credentials",
8
+ OAUTH = "oauth",
9
+ TOTP = "totp",
10
+ ANONYMOUS = "anonymous",
11
+ MAGIC_LINK = "magic-link",
12
+ OTP = "otp",
13
+ PASSKEY = "passkey",
14
+ ONETAP = "onetap",
15
+ SSO = "sso"
16
+ }
17
+ /**
18
+ * Every authentication strategy must implement this interface.
19
+ * Strategies are registered in the IoC container and discovered by AuthGuard.
20
+ */
21
+ export interface IAuthStrategy {
22
+ /** Unique strategy type identifier */
23
+ readonly type: AuthMethod;
24
+ /** Human-readable strategy name for logging / debugging */
25
+ readonly name: string;
26
+ /**
27
+ * Attempt to authenticate the request.
28
+ *
29
+ * @param payload Strategy-specific authentication payload
30
+ * (e.g. { email, password } for credentials,
31
+ * { provider, code } for OAuth, …)
32
+ * @param context Optional NestJS execution context for
33
+ * access to request / response objects
34
+ */
35
+ authenticate(payload: Record<string, unknown>, context?: ExecutionContext): Promise<IAuthResult>;
36
+ }
37
+ //# sourceMappingURL=auth-strategy.interface.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auth-strategy.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-strategy.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAE3D;;GAEG;AACH,oBAAY,UAAU;IACpB,WAAW,gBAAgB;IAC3B,KAAK,UAAU;IACf,IAAI,SAAS;IACb,SAAS,cAAc;IACvB,UAAU,eAAe;IACzB,GAAG,QAAQ;IACX,OAAO,YAAY;IACnB,MAAM,WAAW;IACjB,GAAG,QAAQ;CACZ;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,sCAAsC;IACtC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAE1B,2DAA2D;IAC3D,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;;;;;;;OAQG;IACH,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;CAClG"}
@@ -0,0 +1,16 @@
1
+ /**
2
+ * Authentication method enum — each value maps to a strategy.
3
+ */
4
+ export var AuthMethod;
5
+ (function (AuthMethod) {
6
+ AuthMethod["CREDENTIALS"] = "credentials";
7
+ AuthMethod["OAUTH"] = "oauth";
8
+ AuthMethod["TOTP"] = "totp";
9
+ AuthMethod["ANONYMOUS"] = "anonymous";
10
+ AuthMethod["MAGIC_LINK"] = "magic-link";
11
+ AuthMethod["OTP"] = "otp";
12
+ AuthMethod["PASSKEY"] = "passkey";
13
+ AuthMethod["ONETAP"] = "onetap";
14
+ AuthMethod["SSO"] = "sso";
15
+ })(AuthMethod || (AuthMethod = {}));
16
+ //# sourceMappingURL=auth-strategy.interface.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auth-strategy.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-strategy.interface.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,CAAN,IAAY,UAUX;AAVD,WAAY,UAAU;IACpB,yCAA2B,CAAA;IAC3B,6BAAe,CAAA;IACf,2BAAa,CAAA;IACb,qCAAuB,CAAA;IACvB,uCAAyB,CAAA;IACzB,yBAAW,CAAA;IACX,iCAAmB,CAAA;IACnB,+BAAiB,CAAA;IACjB,yBAAW,CAAA;AACb,CAAC,EAVW,UAAU,KAAV,UAAU,QAUrB"}
@@ -0,0 +1,25 @@
1
+ /**
2
+ * Represents an authenticated user across the system.
3
+ * This interface is used inside JWT payloads, request objects, and guards.
4
+ */
5
+ export interface IAuthUser {
6
+ /** Unique user identifier (UUID or numeric ID as string) */
7
+ id: string;
8
+ /** Email address (may be absent for anonymous users) */
9
+ email?: string;
10
+ /** Phone number (may be absent) */
11
+ phone?: string;
12
+ /** Username or display name */
13
+ username?: string;
14
+ /** Assigned roles for RBAC */
15
+ roles?: string[];
16
+ /** Direct permissions for simple permission checks */
17
+ permissions?: string[];
18
+ /** Whether this is an anonymous session */
19
+ isAnonymous?: boolean;
20
+ /** Whether the user has passed 2FA in this session */
21
+ isMfaVerified?: boolean;
22
+ /** Custom claims bag for extensibility */
23
+ [key: string]: unknown;
24
+ }
25
+ //# sourceMappingURL=auth-user.interface.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auth-user.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-user.interface.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,4DAA4D;IAC5D,EAAE,EAAE,MAAM,CAAC;IAEX,wDAAwD;IACxD,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,mCAAmC;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IAEjB,sDAAsD;IACtD,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB,2CAA2C;IAC3C,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,sDAAsD;IACtD,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB,0CAA0C;IAC1C,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB"}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=auth-user.interface.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auth-user.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/auth-user.interface.ts"],"names":[],"mappings":""}
@@ -0,0 +1,30 @@
1
+ /**
2
+ * Minimal cache abstraction consumed internally by the auth module.
3
+ *
4
+ * > IMPORTANT: You must register a provider under the `'CACHE_SERVICE'`
5
+ * > token (or a custom token via `AuthModuleOptions.cacheServiceToken`).
6
+ * > The provider can be any compatible cache implementation:
7
+ * > - `cache-manager` (`Cache` from `@nestjs/cache-manager`)
8
+ * > - `keyv` instance
9
+ * > - A custom wrapper implementing this interface
10
+ *
11
+ * @example
12
+ * ```typescript
13
+ * // Register this in your consumer module:
14
+ * {
15
+ * provide: 'CACHE_SERVICE',
16
+ * useExisting: getCache(), // your cache instance
17
+ * }
18
+ * ```
19
+ */
20
+ export interface ICacheService {
21
+ /** Retrieve a cached value by key */
22
+ get<T = unknown>(key: string): Promise<T | undefined>;
23
+ /** Store a value with optional TTL (seconds) */
24
+ set<T = unknown>(key: string, value: T, ttl?: number): Promise<void>;
25
+ /** Delete a single key */
26
+ del(key: string): Promise<void>;
27
+ /** Flush entire cache (use with care) */
28
+ reset(): Promise<void>;
29
+ }
30
+ //# sourceMappingURL=cache-service.interface.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"cache-service.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/cache-service.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,aAAa;IAC5B,qCAAqC;IACrC,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC;IAEtD,gDAAgD;IAChD,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErE,0BAA0B;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC,yCAAyC;IACzC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB"}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=cache-service.interface.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"cache-service.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/cache-service.interface.ts"],"names":[],"mappings":""}
@@ -0,0 +1,8 @@
1
+ export type { IAuthUser } from './auth-user.interface';
2
+ export type { IAuthRequest } from './auth-request.interface';
3
+ export type { ITokenPair, IAuthResult } from './auth-result.interface';
4
+ export { AuthMethod } from './auth-strategy.interface';
5
+ export type { IAuthStrategy } from './auth-strategy.interface';
6
+ export type { ICacheService } from './cache-service.interface';
7
+ export type { IUserService } from './user-service.interface';
8
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACvD,YAAY,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAC7D,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,YAAY,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC/D,YAAY,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC/D,YAAY,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC"}
@@ -0,0 +1,2 @@
1
+ export { AuthMethod } from './auth-strategy.interface';
2
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC"}
@@ -0,0 +1,34 @@
1
+ import type { IAuthUser } from './auth-user.interface';
2
+ /**
3
+ * Consumer-provided user service.
4
+ * You must register a provider under the `'USER_SERVICE'` token.
5
+ */
6
+ export interface IUserService {
7
+ /** Find a user by their unique ID */
8
+ findById(id: string): Promise<IAuthUser | null>;
9
+ /** Find a user by email address */
10
+ findByEmail(email: string): Promise<IAuthUser | null>;
11
+ /** Find a user by username */
12
+ findByUsername(username: string): Promise<IAuthUser | null>;
13
+ /** Find a user by a social / OAuth provider ID */
14
+ findBySocialId(provider: string, socialId: string): Promise<IAuthUser | null>;
15
+ /** Create a new user account */
16
+ create(data: Partial<IAuthUser> & {
17
+ password?: string;
18
+ }): Promise<IAuthUser>;
19
+ /** Update user fields */
20
+ update(id: string, data: Partial<IAuthUser>): Promise<IAuthUser>;
21
+ /** Compare a plaintext password against the stored hash */
22
+ validatePassword(user: IAuthUser, password: string): Promise<boolean>;
23
+ /** Store / overwrite the password hash for a user */
24
+ setPassword(id: string, passwordHash: string): Promise<void>;
25
+ /** Retrieve the stored TOTP secret (null if 2FA not configured) */
26
+ getTotpSecret(id: string): Promise<string | null>;
27
+ /** Persist a new TOTP secret (e.g. after enrollment) */
28
+ setTotpSecret(id: string, secret: string): Promise<void>;
29
+ /** Get the list of role identifiers assigned to a user */
30
+ getRoles(id: string): Promise<string[]>;
31
+ /** Get the list of permission identifiers assigned to a user */
32
+ getPermissions(id: string): Promise<string[]>;
33
+ }
34
+ //# sourceMappingURL=user-service.interface.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"user-service.interface.d.ts","sourceRoot":"","sources":["../../../packages/auth/interfaces/user-service.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAEvD;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,qCAAqC;IACrC,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAEhD,mCAAmC;IACnC,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAEtD,8BAA8B;IAC9B,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAE5D,kDAAkD;IAClD,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAE9E,gCAAgC;IAChC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAE7E,yBAAyB;IACzB,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAEjE,2DAA2D;IAC3D,gBAAgB,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEtE,qDAAqD;IACrD,WAAW,CAAC,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7D,mEAAmE;IACnE,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAElD,wDAAwD;IACxD,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzD,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAExC,gEAAgE;IAChE,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;CAC/C"}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=user-service.interface.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"user-service.interface.js","sourceRoot":"","sources":["../../../packages/auth/interfaces/user-service.interface.ts"],"names":[],"mappings":""}
@@ -0,0 +1,23 @@
1
+ /**
2
+ * Service for hashing and verifying passwords using bcrypt.
3
+ *
4
+ * Uses dynamic import of `bcrypt` so the dependency is optional.
5
+ * If `bcrypt` is not installed, operations throw a descriptive error.
6
+ */
7
+ export declare class PasswordService {
8
+ private bcrypt;
9
+ private resolved;
10
+ /**
11
+ * Hash a plaintext password.
12
+ *
13
+ * @param password - Plaintext password
14
+ * @param rounds - Cost factor (default 12)
15
+ */
16
+ hash(password: string, rounds?: number): Promise<string>;
17
+ /**
18
+ * Compare a plaintext password against a stored hash.
19
+ */
20
+ verify(password: string, hash: string): Promise<boolean>;
21
+ private loadBcrypt;
22
+ }
23
+ //# sourceMappingURL=password.service.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"password.service.d.ts","sourceRoot":"","sources":["../../../packages/auth/password/password.service.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,qBACa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAwC;IACtD,OAAO,CAAC,QAAQ,CAAS;IAEzB;;;;;OAKG;IACG,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,SAAK,GAAG,OAAO,CAAC,MAAM,CAAC;IAK1D;;OAEG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;YAKhD,UAAU;CAczB"}
@@ -0,0 +1,52 @@
1
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
6
+ };
7
+ import { Injectable } from '@nestjs/common';
8
+ /**
9
+ * Service for hashing and verifying passwords using bcrypt.
10
+ *
11
+ * Uses dynamic import of `bcrypt` so the dependency is optional.
12
+ * If `bcrypt` is not installed, operations throw a descriptive error.
13
+ */
14
+ let PasswordService = class PasswordService {
15
+ bcrypt = null;
16
+ resolved = false;
17
+ /**
18
+ * Hash a plaintext password.
19
+ *
20
+ * @param password - Plaintext password
21
+ * @param rounds - Cost factor (default 12)
22
+ */
23
+ async hash(password, rounds = 12) {
24
+ const bcrypt = await this.loadBcrypt();
25
+ return bcrypt.hash(password, rounds);
26
+ }
27
+ /**
28
+ * Compare a plaintext password against a stored hash.
29
+ */
30
+ async verify(password, hash) {
31
+ const bcrypt = await this.loadBcrypt();
32
+ return bcrypt.compare(password, hash);
33
+ }
34
+ async loadBcrypt() {
35
+ if (!this.resolved) {
36
+ try {
37
+ this.bcrypt = await import('bcrypt');
38
+ }
39
+ catch {
40
+ throw new Error('PasswordService requires the "bcrypt" package. ' +
41
+ 'Run: npm install bcrypt && npm install -D @types/bcrypt');
42
+ }
43
+ this.resolved = true;
44
+ }
45
+ return this.bcrypt;
46
+ }
47
+ };
48
+ PasswordService = __decorate([
49
+ Injectable()
50
+ ], PasswordService);
51
+ export { PasswordService };
52
+ //# sourceMappingURL=password.service.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"password.service.js","sourceRoot":"","sources":["../../../packages/auth/password/password.service.ts"],"names":[],"mappings":";;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C;;;;;GAKG;AAEI,IAAM,eAAe,GAArB,MAAM,eAAe;IAClB,MAAM,GAAmC,IAAI,CAAC;IAC9C,QAAQ,GAAG,KAAK,CAAC;IAEzB;;;;;OAKG;IACH,KAAK,CAAC,IAAI,CAAC,QAAgB,EAAE,MAAM,GAAG,EAAE;QACtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACvC,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAY;QACzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACvC,OAAO,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACxC,CAAC;IAEO,KAAK,CAAC,UAAU;QACtB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,IAAI,CAAC,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;YACvC,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,KAAK,CACb,iDAAiD;oBAC/C,yDAAyD,CAC5D,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,CAAC;QACD,OAAO,IAAI,CAAC,MAAO,CAAC;IACtB,CAAC;CACF,CAAA;AArCY,eAAe;IAD3B,UAAU,EAAE;GACA,eAAe,CAqC3B"}
@@ -0,0 +1,43 @@
1
+ import type { ICacheService } from '../interfaces';
2
+ export interface IDeviceInfo {
3
+ deviceId: string;
4
+ userId: string;
5
+ userAgent?: string;
6
+ ip?: string;
7
+ lastActivity: number;
8
+ createdAt: number;
9
+ }
10
+ /**
11
+ * Tracks active devices / sessions per user so that:
12
+ * - Users can view all active sessions
13
+ * - Users can log out a specific device (like Telegram)
14
+ * - Admins can force-terminate sessions
15
+ */
16
+ export declare class DeviceSessionService {
17
+ private readonly cache;
18
+ constructor(cache: ICacheService);
19
+ /**
20
+ * Register a new device session.
21
+ *
22
+ * @param info Device and session metadata
23
+ * @param ttl Session TTL in seconds (default 30 days)
24
+ */
25
+ register(info: Omit<IDeviceInfo, 'createdAt'>, ttl?: number): Promise<void>;
26
+ /**
27
+ * Get all active sessions for a user.
28
+ */
29
+ getUserSessions(_userId: string): Promise<IDeviceInfo[]>;
30
+ /**
31
+ * Get a single device session by user + device ID.
32
+ */
33
+ getSession(userId: string, deviceId: string): Promise<IDeviceInfo | null>;
34
+ /**
35
+ * Remove a specific device session (per-device logout).
36
+ */
37
+ removeSession(userId: string, deviceId: string): Promise<void>;
38
+ /**
39
+ * Remove all sessions for a user (global logout).
40
+ */
41
+ removeAllUserSessions(_userId: string): Promise<void>;
42
+ }
43
+ //# sourceMappingURL=device-session.service.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"device-session.service.d.ts","sourceRoot":"","sources":["../../../packages/auth/session/device-session.service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGnD,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;GAKG;AACH,qBACa,oBAAoB;IAG7B,OAAO,CAAC,QAAQ,CAAC,KAAK;gBAAL,KAAK,EAAE,aAAa;IAGvC;;;;;OAKG;IACG,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,GAAG,SAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAKpF;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAOxD;;OAEG;IACG,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAO/E;;OAEG;IACG,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpE;;OAEG;IACG,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAI5D"}