@os.io/nest-kit 0.0.1-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +111 -0
- package/dist/auth/auth.constants.d.ts +19 -0
- package/dist/auth/auth.constants.d.ts.map +1 -0
- package/dist/auth/auth.constants.js +19 -0
- package/dist/auth/auth.constants.js.map +1 -0
- package/dist/auth/auth.guard.d.ts +20 -0
- package/dist/auth/auth.guard.d.ts.map +1 -0
- package/dist/auth/auth.guard.js +84 -0
- package/dist/auth/auth.guard.js.map +1 -0
- package/dist/auth/auth.module.d.ts +26 -0
- package/dist/auth/auth.module.d.ts.map +1 -0
- package/dist/auth/auth.module.js +344 -0
- package/dist/auth/auth.module.js.map +1 -0
- package/dist/auth/auth.options.d.ts +179 -0
- package/dist/auth/auth.options.d.ts.map +1 -0
- package/dist/auth/auth.options.js +2 -0
- package/dist/auth/auth.options.js.map +1 -0
- package/dist/auth/auth.service.d.ts +57 -0
- package/dist/auth/auth.service.d.ts.map +1 -0
- package/dist/auth/auth.service.js +175 -0
- package/dist/auth/auth.service.js.map +1 -0
- package/dist/auth/authorization/index.d.ts +3 -0
- package/dist/auth/authorization/index.d.ts.map +1 -0
- package/dist/auth/authorization/index.js +3 -0
- package/dist/auth/authorization/index.js.map +1 -0
- package/dist/auth/authorization/pbac/index.d.ts +6 -0
- package/dist/auth/authorization/pbac/index.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/index.js +4 -0
- package/dist/auth/authorization/pbac/index.js.map +1 -0
- package/dist/auth/authorization/pbac/pbac.decorator.d.ts +18 -0
- package/dist/auth/authorization/pbac/pbac.decorator.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/pbac.decorator.js +14 -0
- package/dist/auth/authorization/pbac/pbac.decorator.js.map +1 -0
- package/dist/auth/authorization/pbac/pbac.guard.d.ts +19 -0
- package/dist/auth/authorization/pbac/pbac.guard.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/pbac.guard.js +60 -0
- package/dist/auth/authorization/pbac/pbac.guard.js.map +1 -0
- package/dist/auth/authorization/pbac/pbac.service.d.ts +44 -0
- package/dist/auth/authorization/pbac/pbac.service.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/pbac.service.js +146 -0
- package/dist/auth/authorization/pbac/pbac.service.js.map +1 -0
- package/dist/auth/authorization/pbac/pbac.types.d.ts +47 -0
- package/dist/auth/authorization/pbac/pbac.types.d.ts.map +1 -0
- package/dist/auth/authorization/pbac/pbac.types.js +2 -0
- package/dist/auth/authorization/pbac/pbac.types.js.map +1 -0
- package/dist/auth/authorization/rbac/index.d.ts +4 -0
- package/dist/auth/authorization/rbac/index.d.ts.map +1 -0
- package/dist/auth/authorization/rbac/index.js +4 -0
- package/dist/auth/authorization/rbac/index.js.map +1 -0
- package/dist/auth/authorization/rbac/rbac.decorator.d.ts +18 -0
- package/dist/auth/authorization/rbac/rbac.decorator.d.ts.map +1 -0
- package/dist/auth/authorization/rbac/rbac.decorator.js +25 -0
- package/dist/auth/authorization/rbac/rbac.decorator.js.map +1 -0
- package/dist/auth/authorization/rbac/rbac.guard.d.ts +19 -0
- package/dist/auth/authorization/rbac/rbac.guard.d.ts.map +1 -0
- package/dist/auth/authorization/rbac/rbac.guard.js +50 -0
- package/dist/auth/authorization/rbac/rbac.guard.js.map +1 -0
- package/dist/auth/authorization/rbac/rbac.service.d.ts +43 -0
- package/dist/auth/authorization/rbac/rbac.service.d.ts.map +1 -0
- package/dist/auth/authorization/rbac/rbac.service.js +95 -0
- package/dist/auth/authorization/rbac/rbac.service.js.map +1 -0
- package/dist/auth/decorators/current-user.decorator.d.ts +17 -0
- package/dist/auth/decorators/current-user.decorator.d.ts.map +1 -0
- package/dist/auth/decorators/current-user.decorator.js +23 -0
- package/dist/auth/decorators/current-user.decorator.js.map +1 -0
- package/dist/auth/decorators/index.d.ts +3 -0
- package/dist/auth/decorators/index.d.ts.map +1 -0
- package/dist/auth/decorators/index.js +3 -0
- package/dist/auth/decorators/index.js.map +1 -0
- package/dist/auth/decorators/public.decorator.d.ts +13 -0
- package/dist/auth/decorators/public.decorator.d.ts.map +1 -0
- package/dist/auth/decorators/public.decorator.js +15 -0
- package/dist/auth/decorators/public.decorator.js.map +1 -0
- package/dist/auth/index.d.ts +63 -0
- package/dist/auth/index.d.ts.map +1 -0
- package/dist/auth/index.js +65 -0
- package/dist/auth/index.js.map +1 -0
- package/dist/auth/interfaces/auth-request.interface.d.ts +18 -0
- package/dist/auth/interfaces/auth-request.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/auth-request.interface.js +2 -0
- package/dist/auth/interfaces/auth-request.interface.js.map +1 -0
- package/dist/auth/interfaces/auth-result.interface.d.ts +28 -0
- package/dist/auth/interfaces/auth-result.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/auth-result.interface.js +2 -0
- package/dist/auth/interfaces/auth-result.interface.js.map +1 -0
- package/dist/auth/interfaces/auth-strategy.interface.d.ts +37 -0
- package/dist/auth/interfaces/auth-strategy.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/auth-strategy.interface.js +16 -0
- package/dist/auth/interfaces/auth-strategy.interface.js.map +1 -0
- package/dist/auth/interfaces/auth-user.interface.d.ts +25 -0
- package/dist/auth/interfaces/auth-user.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/auth-user.interface.js +2 -0
- package/dist/auth/interfaces/auth-user.interface.js.map +1 -0
- package/dist/auth/interfaces/cache-service.interface.d.ts +30 -0
- package/dist/auth/interfaces/cache-service.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/cache-service.interface.js +2 -0
- package/dist/auth/interfaces/cache-service.interface.js.map +1 -0
- package/dist/auth/interfaces/index.d.ts +8 -0
- package/dist/auth/interfaces/index.d.ts.map +1 -0
- package/dist/auth/interfaces/index.js +2 -0
- package/dist/auth/interfaces/index.js.map +1 -0
- package/dist/auth/interfaces/user-service.interface.d.ts +34 -0
- package/dist/auth/interfaces/user-service.interface.d.ts.map +1 -0
- package/dist/auth/interfaces/user-service.interface.js +2 -0
- package/dist/auth/interfaces/user-service.interface.js.map +1 -0
- package/dist/auth/password/password.service.d.ts +23 -0
- package/dist/auth/password/password.service.d.ts.map +1 -0
- package/dist/auth/password/password.service.js +52 -0
- package/dist/auth/password/password.service.js.map +1 -0
- package/dist/auth/session/device-session.service.d.ts +43 -0
- package/dist/auth/session/device-session.service.d.ts.map +1 -0
- package/dist/auth/session/device-session.service.js +72 -0
- package/dist/auth/session/device-session.service.js.map +1 -0
- package/dist/auth/session/index.d.ts +5 -0
- package/dist/auth/session/index.d.ts.map +1 -0
- package/dist/auth/session/index.js +4 -0
- package/dist/auth/session/index.js.map +1 -0
- package/dist/auth/session/jwt.service.d.ts +37 -0
- package/dist/auth/session/jwt.service.d.ts.map +1 -0
- package/dist/auth/session/jwt.service.js +119 -0
- package/dist/auth/session/jwt.service.js.map +1 -0
- package/dist/auth/session/token-blacklist.service.d.ts +37 -0
- package/dist/auth/session/token-blacklist.service.d.ts.map +1 -0
- package/dist/auth/session/token-blacklist.service.js +70 -0
- package/dist/auth/session/token-blacklist.service.js.map +1 -0
- package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts +19 -0
- package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/anonymous/anonymous.strategy.js +49 -0
- package/dist/auth/strategies/anonymous/anonymous.strategy.js.map +1 -0
- package/dist/auth/strategies/base/base.strategy.d.ts +11 -0
- package/dist/auth/strategies/base/base.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/base/base.strategy.js +6 -0
- package/dist/auth/strategies/base/base.strategy.js.map +1 -0
- package/dist/auth/strategies/credentials/credentials.strategy.d.ts +21 -0
- package/dist/auth/strategies/credentials/credentials.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/credentials/credentials.strategy.js +67 -0
- package/dist/auth/strategies/credentials/credentials.strategy.js.map +1 -0
- package/dist/auth/strategies/index.d.ts +12 -0
- package/dist/auth/strategies/index.d.ts.map +1 -0
- package/dist/auth/strategies/index.js +12 -0
- package/dist/auth/strategies/index.js.map +1 -0
- package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts +31 -0
- package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/magic-link/magic-link.strategy.js +88 -0
- package/dist/auth/strategies/magic-link/magic-link.strategy.js.map +1 -0
- package/dist/auth/strategies/oauth/index.d.ts +3 -0
- package/dist/auth/strategies/oauth/index.d.ts.map +1 -0
- package/dist/auth/strategies/oauth/index.js +3 -0
- package/dist/auth/strategies/oauth/index.js.map +1 -0
- package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts +13 -0
- package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts.map +1 -0
- package/dist/auth/strategies/oauth/oauth-provider-registry.js +20 -0
- package/dist/auth/strategies/oauth/oauth-provider-registry.js.map +1 -0
- package/dist/auth/strategies/oauth/oauth.strategy.d.ts +23 -0
- package/dist/auth/strategies/oauth/oauth.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/oauth/oauth.strategy.js +79 -0
- package/dist/auth/strategies/oauth/oauth.strategy.js.map +1 -0
- package/dist/auth/strategies/onetap/onetap.strategy.d.ts +24 -0
- package/dist/auth/strategies/onetap/onetap.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/onetap/onetap.strategy.js +77 -0
- package/dist/auth/strategies/onetap/onetap.strategy.js.map +1 -0
- package/dist/auth/strategies/otp/otp.strategy.d.ts +31 -0
- package/dist/auth/strategies/otp/otp.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/otp/otp.strategy.js +93 -0
- package/dist/auth/strategies/otp/otp.strategy.js.map +1 -0
- package/dist/auth/strategies/passkey/passkey.strategy.d.ts +32 -0
- package/dist/auth/strategies/passkey/passkey.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/passkey/passkey.strategy.js +102 -0
- package/dist/auth/strategies/passkey/passkey.strategy.js.map +1 -0
- package/dist/auth/strategies/sso/sso.strategy.d.ts +25 -0
- package/dist/auth/strategies/sso/sso.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/sso/sso.strategy.js +80 -0
- package/dist/auth/strategies/sso/sso.strategy.js.map +1 -0
- package/dist/auth/strategies/totp/totp.strategy.d.ts +37 -0
- package/dist/auth/strategies/totp/totp.strategy.d.ts.map +1 -0
- package/dist/auth/strategies/totp/totp.strategy.js +109 -0
- package/dist/auth/strategies/totp/totp.strategy.js.map +1 -0
- package/dist/auth/throttling/index.d.ts +2 -0
- package/dist/auth/throttling/index.d.ts.map +1 -0
- package/dist/auth/throttling/index.js +2 -0
- package/dist/auth/throttling/index.js.map +1 -0
- package/dist/auth/throttling/throttle.service.d.ts +27 -0
- package/dist/auth/throttling/throttle.service.d.ts.map +1 -0
- package/dist/auth/throttling/throttle.service.js +63 -0
- package/dist/auth/throttling/throttle.service.js.map +1 -0
- package/dist/bootstrap/cache/config.d.ts +135 -0
- package/dist/bootstrap/cache/config.d.ts.map +1 -0
- package/dist/bootstrap/cache/config.js +189 -0
- package/dist/bootstrap/cache/config.js.map +1 -0
- package/dist/bootstrap/cache/index.d.ts +11 -0
- package/dist/bootstrap/cache/index.d.ts.map +1 -0
- package/dist/bootstrap/cache/index.js +11 -0
- package/dist/bootstrap/cache/index.js.map +1 -0
- package/dist/bootstrap/index.d.ts +21 -0
- package/dist/bootstrap/index.d.ts.map +1 -0
- package/dist/bootstrap/index.js +21 -0
- package/dist/bootstrap/index.js.map +1 -0
- package/dist/bootstrap/scalar/api-docs.d.ts +39 -0
- package/dist/bootstrap/scalar/api-docs.d.ts.map +1 -0
- package/dist/bootstrap/scalar/api-docs.js +41 -0
- package/dist/bootstrap/scalar/api-docs.js.map +1 -0
- package/dist/bootstrap/scalar/index.d.ts +39 -0
- package/dist/bootstrap/scalar/index.d.ts.map +1 -0
- package/dist/bootstrap/scalar/index.js +41 -0
- package/dist/bootstrap/scalar/index.js.map +1 -0
- package/dist/bootstrap/swagger/api-docs.d.ts +73 -0
- package/dist/bootstrap/swagger/api-docs.d.ts.map +1 -0
- package/dist/bootstrap/swagger/api-docs.js +87 -0
- package/dist/bootstrap/swagger/api-docs.js.map +1 -0
- package/dist/bootstrap/swagger/index.d.ts +37 -0
- package/dist/bootstrap/swagger/index.d.ts.map +1 -0
- package/dist/bootstrap/swagger/index.js +36 -0
- package/dist/bootstrap/swagger/index.js.map +1 -0
- package/dist/bootstrap/typeorm/config/index.d.ts +12 -0
- package/dist/bootstrap/typeorm/config/index.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/config/index.js +62 -0
- package/dist/bootstrap/typeorm/config/index.js.map +1 -0
- package/dist/bootstrap/typeorm/crud/controller.d.ts +13 -0
- package/dist/bootstrap/typeorm/crud/controller.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/crud/controller.js +72 -0
- package/dist/bootstrap/typeorm/crud/controller.js.map +1 -0
- package/dist/bootstrap/typeorm/crud/index.d.ts +4 -0
- package/dist/bootstrap/typeorm/crud/index.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/crud/index.js +3 -0
- package/dist/bootstrap/typeorm/crud/index.js.map +1 -0
- package/dist/bootstrap/typeorm/crud/service.d.ts +10 -0
- package/dist/bootstrap/typeorm/crud/service.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/crud/service.js +21 -0
- package/dist/bootstrap/typeorm/crud/service.js.map +1 -0
- package/dist/bootstrap/typeorm/index.d.ts +18 -0
- package/dist/bootstrap/typeorm/index.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/index.js +18 -0
- package/dist/bootstrap/typeorm/index.js.map +1 -0
- package/dist/bootstrap/typeorm/uow/factory.d.ts +5 -0
- package/dist/bootstrap/typeorm/uow/factory.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/uow/factory.js +27 -0
- package/dist/bootstrap/typeorm/uow/factory.js.map +1 -0
- package/dist/bootstrap/typeorm/uow/index.d.ts +4 -0
- package/dist/bootstrap/typeorm/uow/index.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/uow/index.js +4 -0
- package/dist/bootstrap/typeorm/uow/index.js.map +1 -0
- package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts +62 -0
- package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/uow/transactional.decorator.js +114 -0
- package/dist/bootstrap/typeorm/uow/transactional.decorator.js.map +1 -0
- package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts +11 -0
- package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts.map +1 -0
- package/dist/bootstrap/typeorm/uow/unit-of-work.js +23 -0
- package/dist/bootstrap/typeorm/uow/unit-of-work.js.map +1 -0
- package/dist/core/index.d.ts +11 -0
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +11 -0
- package/dist/core/index.js.map +1 -0
- package/dist/infra/audit-log/index.d.ts +12 -0
- package/dist/infra/audit-log/index.d.ts.map +1 -0
- package/dist/infra/audit-log/index.js +13 -0
- package/dist/infra/audit-log/index.js.map +1 -0
- package/dist/infra/index.d.ts +20 -0
- package/dist/infra/index.d.ts.map +1 -0
- package/dist/infra/index.js +21 -0
- package/dist/infra/index.js.map +1 -0
- package/dist/infra/logger/index.d.ts +12 -0
- package/dist/infra/logger/index.d.ts.map +1 -0
- package/dist/infra/logger/index.js +13 -0
- package/dist/infra/logger/index.js.map +1 -0
- package/dist/infra/metrics/index.d.ts +18 -0
- package/dist/infra/metrics/index.d.ts.map +1 -0
- package/dist/infra/metrics/index.js +19 -0
- package/dist/infra/metrics/index.js.map +1 -0
- package/dist/infra/notification/index.d.ts +12 -0
- package/dist/infra/notification/index.d.ts.map +1 -0
- package/dist/infra/notification/index.js +13 -0
- package/dist/infra/notification/index.js.map +1 -0
- package/dist/infra/storage/index.d.ts +12 -0
- package/dist/infra/storage/index.d.ts.map +1 -0
- package/dist/infra/storage/index.js +13 -0
- package/dist/infra/storage/index.js.map +1 -0
- package/dist/infra/stripe/index.d.ts +12 -0
- package/dist/infra/stripe/index.d.ts.map +1 -0
- package/dist/infra/stripe/index.js +13 -0
- package/dist/infra/stripe/index.js.map +1 -0
- package/dist/saas/index.d.ts +18 -0
- package/dist/saas/index.d.ts.map +1 -0
- package/dist/saas/index.js +19 -0
- package/dist/saas/index.js.map +1 -0
- package/package.json +165 -0
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
+
};
|
|
13
|
+
import { Inject, Injectable } from '@nestjs/common';
|
|
14
|
+
import { CACHE_SERVICE, DEVICE_SESSION_PREFIX } from '../auth.constants';
|
|
15
|
+
/**
|
|
16
|
+
* Tracks active devices / sessions per user so that:
|
|
17
|
+
* - Users can view all active sessions
|
|
18
|
+
* - Users can log out a specific device (like Telegram)
|
|
19
|
+
* - Admins can force-terminate sessions
|
|
20
|
+
*/
|
|
21
|
+
let DeviceSessionService = class DeviceSessionService {
|
|
22
|
+
cache;
|
|
23
|
+
constructor(cache) {
|
|
24
|
+
this.cache = cache;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Register a new device session.
|
|
28
|
+
*
|
|
29
|
+
* @param info Device and session metadata
|
|
30
|
+
* @param ttl Session TTL in seconds (default 30 days)
|
|
31
|
+
*/
|
|
32
|
+
async register(info, ttl = 2_592_000) {
|
|
33
|
+
const session = { ...info, createdAt: Date.now() };
|
|
34
|
+
await this.cache.set(`${DEVICE_SESSION_PREFIX}${info.userId}:${info.deviceId}`, session, ttl);
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Get all active sessions for a user.
|
|
38
|
+
*/
|
|
39
|
+
getUserSessions(_userId) {
|
|
40
|
+
// In production, this would use Redis SCAN or a session DB table.
|
|
41
|
+
// For simplicity we rely on a key convention and read individually.
|
|
42
|
+
// Consumers are encouraged to override this method.
|
|
43
|
+
return Promise.resolve([]);
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Get a single device session by user + device ID.
|
|
47
|
+
*/
|
|
48
|
+
async getSession(userId, deviceId) {
|
|
49
|
+
const result = await this.cache.get(`${DEVICE_SESSION_PREFIX}${userId}:${deviceId}`);
|
|
50
|
+
return result ?? null;
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Remove a specific device session (per-device logout).
|
|
54
|
+
*/
|
|
55
|
+
async removeSession(userId, deviceId) {
|
|
56
|
+
await this.cache.del(`${DEVICE_SESSION_PREFIX}${userId}:${deviceId}`);
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Remove all sessions for a user (global logout).
|
|
60
|
+
*/
|
|
61
|
+
async removeAllUserSessions(_userId) {
|
|
62
|
+
// TODO: iterate all user sessions. For now, consumer's responsibility.
|
|
63
|
+
return Promise.resolve();
|
|
64
|
+
}
|
|
65
|
+
};
|
|
66
|
+
DeviceSessionService = __decorate([
|
|
67
|
+
Injectable(),
|
|
68
|
+
__param(0, Inject(CACHE_SERVICE)),
|
|
69
|
+
__metadata("design:paramtypes", [Object])
|
|
70
|
+
], DeviceSessionService);
|
|
71
|
+
export { DeviceSessionService };
|
|
72
|
+
//# sourceMappingURL=device-session.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"device-session.service.js","sourceRoot":"","sources":["../../../packages/auth/session/device-session.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAWzE;;;;;GAKG;AAEI,IAAM,oBAAoB,GAA1B,MAAM,oBAAoB;IAGZ;IAFnB,YAEmB,KAAoB;QAApB,UAAK,GAAL,KAAK,CAAe;IACpC,CAAC;IAEJ;;;;;OAKG;IACH,KAAK,CAAC,QAAQ,CAAC,IAAoC,EAAE,GAAG,GAAG,SAAS;QAClE,MAAM,OAAO,GAAgB,EAAE,GAAG,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QAChE,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,qBAAqB,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;IAChG,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,OAAe;QAC7B,kEAAkE;QAClE,oEAAoE;QACpE,oDAAoD;QACpD,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,QAAgB;QAC/C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CACjC,GAAG,qBAAqB,GAAG,MAAM,IAAI,QAAQ,EAAE,CAChD,CAAC;QACF,OAAO,MAAM,IAAI,IAAI,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,MAAc,EAAE,QAAgB;QAClD,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,qBAAqB,GAAG,MAAM,IAAI,QAAQ,EAAE,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB,CAAC,OAAe;QACzC,uEAAuE;QACvE,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF,CAAA;AAnDY,oBAAoB;IADhC,UAAU,EAAE;IAGR,WAAA,MAAM,CAAC,aAAa,CAAC,CAAA;;GAFb,oBAAoB,CAmDhC"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
export { JwtService } from './jwt.service';
|
|
2
|
+
export { TokenBlacklistService } from './token-blacklist.service';
|
|
3
|
+
export { DeviceSessionService } from './device-session.service';
|
|
4
|
+
export type { IDeviceInfo } from './device-session.service';
|
|
5
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../packages/auth/session/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,YAAY,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../packages/auth/session/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import type { IAuthUser, ITokenPair } from '../interfaces';
|
|
2
|
+
import type { SessionOptions } from '../auth.options';
|
|
3
|
+
/**
|
|
4
|
+
* Low-level JWT service that signs and verifies tokens
|
|
5
|
+
* using `@nestjs/jwt` (loaded dynamically so the dependency is optional).
|
|
6
|
+
*/
|
|
7
|
+
export declare class JwtService {
|
|
8
|
+
private readonly options;
|
|
9
|
+
private nestJwt;
|
|
10
|
+
private jwtServiceInstance;
|
|
11
|
+
private resolved;
|
|
12
|
+
constructor(options: {
|
|
13
|
+
jwtSecret?: string;
|
|
14
|
+
jwtPrivateKey?: string;
|
|
15
|
+
jwtPublicKey?: string;
|
|
16
|
+
session?: SessionOptions;
|
|
17
|
+
});
|
|
18
|
+
/**
|
|
19
|
+
* Generate an access + refresh token pair for the given user.
|
|
20
|
+
*/
|
|
21
|
+
signTokens(user: IAuthUser): Promise<ITokenPair>;
|
|
22
|
+
/**
|
|
23
|
+
* Verify and decode an access token. Throws if invalid / expired.
|
|
24
|
+
*/
|
|
25
|
+
verifyAccess(token: string): Promise<Record<string, unknown>>;
|
|
26
|
+
/**
|
|
27
|
+
* Verify a refresh token. Throws if invalid / expired.
|
|
28
|
+
*/
|
|
29
|
+
verifyRefresh(token: string): Promise<Record<string, unknown>>;
|
|
30
|
+
/**
|
|
31
|
+
* Decode a token without verification (useful for extracting metadata).
|
|
32
|
+
*/
|
|
33
|
+
decode(token: string): Record<string, unknown> | null;
|
|
34
|
+
private parseExpiresIn;
|
|
35
|
+
private getInstance;
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=jwt.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.service.d.ts","sourceRoot":"","sources":["../../../packages/auth/session/jwt.service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAGtD;;;GAGG;AACH,qBACa,UAAU;IAOnB,OAAO,CAAC,QAAQ,CAAC,OAAO;IAN1B,OAAO,CAAC,OAAO,CAA6C;IAC5D,OAAO,CAAC,kBAAkB,CAAiD;IAC3E,OAAO,CAAC,QAAQ,CAAS;gBAIN,OAAO,EAAE;QACxB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,OAAO,CAAC,EAAE,cAAc,CAAC;KAC1B;IAGH;;OAEG;IACG,UAAU,CAAC,IAAI,EAAE,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC;IA+BtD;;OAEG;IACG,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAKnE;;OAEG;IACG,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAKpE;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAKrD,OAAO,CAAC,cAAc;YAcR,WAAW;CAqB1B"}
|
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
+
};
|
|
13
|
+
import { Injectable, Inject } from '@nestjs/common';
|
|
14
|
+
import { AUTH_MODULE_OPTIONS } from '../auth.constants';
|
|
15
|
+
/**
|
|
16
|
+
* Low-level JWT service that signs and verifies tokens
|
|
17
|
+
* using `@nestjs/jwt` (loaded dynamically so the dependency is optional).
|
|
18
|
+
*/
|
|
19
|
+
let JwtService = class JwtService {
|
|
20
|
+
options;
|
|
21
|
+
nestJwt = null;
|
|
22
|
+
jwtServiceInstance = null;
|
|
23
|
+
resolved = false;
|
|
24
|
+
constructor(options) {
|
|
25
|
+
this.options = options;
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Generate an access + refresh token pair for the given user.
|
|
29
|
+
*/
|
|
30
|
+
async signTokens(user) {
|
|
31
|
+
const jwt = await this.getInstance();
|
|
32
|
+
const session = this.options.session ?? {};
|
|
33
|
+
const accessExp = session.accessTokenExpiresIn ?? '15m';
|
|
34
|
+
const refreshExp = session.refreshTokenExpiresIn ?? '7d';
|
|
35
|
+
const payload = {
|
|
36
|
+
sub: user.id,
|
|
37
|
+
email: user.email,
|
|
38
|
+
username: user.username,
|
|
39
|
+
roles: user.roles,
|
|
40
|
+
permissions: user.permissions,
|
|
41
|
+
isAnonymous: user.isAnonymous ?? false,
|
|
42
|
+
isMfaVerified: user.isMfaVerified ?? false,
|
|
43
|
+
};
|
|
44
|
+
const accessToken = jwt.sign(payload, {
|
|
45
|
+
expiresIn: accessExp,
|
|
46
|
+
});
|
|
47
|
+
const refreshToken = jwt.sign({ sub: user.id, type: 'refresh' }, { expiresIn: refreshExp });
|
|
48
|
+
return {
|
|
49
|
+
accessToken,
|
|
50
|
+
refreshToken,
|
|
51
|
+
expiresIn: this.parseExpiresIn(accessExp),
|
|
52
|
+
};
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Verify and decode an access token. Throws if invalid / expired.
|
|
56
|
+
*/
|
|
57
|
+
async verifyAccess(token) {
|
|
58
|
+
const jwt = await this.getInstance();
|
|
59
|
+
return jwt.verifyAsync(token);
|
|
60
|
+
}
|
|
61
|
+
/**
|
|
62
|
+
* Verify a refresh token. Throws if invalid / expired.
|
|
63
|
+
*/
|
|
64
|
+
async verifyRefresh(token) {
|
|
65
|
+
const jwt = await this.getInstance();
|
|
66
|
+
return jwt.verifyAsync(token);
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Decode a token without verification (useful for extracting metadata).
|
|
70
|
+
*/
|
|
71
|
+
decode(token) {
|
|
72
|
+
if (!this.jwtServiceInstance)
|
|
73
|
+
return null;
|
|
74
|
+
return this.jwtServiceInstance.decode(token);
|
|
75
|
+
}
|
|
76
|
+
parseExpiresIn(value) {
|
|
77
|
+
const match = value.match(/^(\d+)([smhd])$/);
|
|
78
|
+
if (!match)
|
|
79
|
+
return 900;
|
|
80
|
+
const num = parseInt(match[1], 10);
|
|
81
|
+
const unit = match[2];
|
|
82
|
+
const multipliers = {
|
|
83
|
+
s: 1,
|
|
84
|
+
m: 60,
|
|
85
|
+
h: 3600,
|
|
86
|
+
d: 86400,
|
|
87
|
+
};
|
|
88
|
+
return num * (multipliers[unit] ?? 1);
|
|
89
|
+
}
|
|
90
|
+
async getInstance() {
|
|
91
|
+
if (!this.resolved) {
|
|
92
|
+
try {
|
|
93
|
+
this.nestJwt = await import('@nestjs/jwt');
|
|
94
|
+
const secretOrPrivateKey = this.options.jwtSecret ?? this.options.jwtPrivateKey;
|
|
95
|
+
this.jwtServiceInstance = new this.nestJwt.JwtService({
|
|
96
|
+
secret: secretOrPrivateKey,
|
|
97
|
+
publicKey: this.options.jwtPublicKey,
|
|
98
|
+
signOptions: {
|
|
99
|
+
algorithm: this.options.session?.algorithm ?? 'HS256',
|
|
100
|
+
issuer: this.options.session?.issuer,
|
|
101
|
+
audience: this.options.session?.audience,
|
|
102
|
+
},
|
|
103
|
+
});
|
|
104
|
+
}
|
|
105
|
+
catch {
|
|
106
|
+
throw new Error('JwtService requires "@nestjs/jwt". Run: npm install @nestjs/jwt');
|
|
107
|
+
}
|
|
108
|
+
this.resolved = true;
|
|
109
|
+
}
|
|
110
|
+
return this.jwtServiceInstance;
|
|
111
|
+
}
|
|
112
|
+
};
|
|
113
|
+
JwtService = __decorate([
|
|
114
|
+
Injectable(),
|
|
115
|
+
__param(0, Inject(AUTH_MODULE_OPTIONS)),
|
|
116
|
+
__metadata("design:paramtypes", [Object])
|
|
117
|
+
], JwtService);
|
|
118
|
+
export { JwtService };
|
|
119
|
+
//# sourceMappingURL=jwt.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.service.js","sourceRoot":"","sources":["../../../packages/auth/session/jwt.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAGpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAExD;;;GAGG;AAEI,IAAM,UAAU,GAAhB,MAAM,UAAU;IAOF;IANX,OAAO,GAAwC,IAAI,CAAC;IACpD,kBAAkB,GAA4C,IAAI,CAAC;IACnE,QAAQ,GAAG,KAAK,CAAC;IAEzB,YAEmB,OAKhB;QALgB,YAAO,GAAP,OAAO,CAKvB;IACA,CAAC;IAEJ;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,IAAe;QAC9B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,OAAO,CAAC,oBAAoB,IAAI,KAAK,CAAC;QACxD,MAAM,UAAU,GAAG,OAAO,CAAC,qBAAqB,IAAI,IAAI,CAAC;QAEzD,MAAM,OAAO,GAA4B;YACvC,GAAG,EAAE,IAAI,CAAC,EAAE;YACZ,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,KAAK;YACtC,aAAa,EAAE,IAAI,CAAC,aAAa,IAAI,KAAK;SAC3C,CAAC;QAEF,MAAM,WAAW,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE;YACpC,SAAS,EAAE,SAAgD;SAC5D,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,GAAG,CAAC,IAAI,CAC3B,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,EAAE,SAAS,EAAE,UAAiD,EAAE,CACjE,CAAC;QAEF,OAAO;YACL,WAAW;YACX,YAAY;YACZ,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC;SAC1C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,KAAa;QAC9B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QACrC,OAAO,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,KAAa;QAC/B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QACrC,OAAO,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAa;QAClB,IAAI,CAAC,IAAI,CAAC,kBAAkB;YAAE,OAAO,IAAI,CAAC;QAC1C,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/C,CAAC;IAEO,cAAc,CAAC,KAAa;QAClC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAC7C,IAAI,CAAC,KAAK;YAAE,OAAO,GAAG,CAAC;QACvB,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,WAAW,GAA2B;YAC1C,CAAC,EAAE,CAAC;YACJ,CAAC,EAAE,EAAE;YACL,CAAC,EAAE,IAAI;YACP,CAAC,EAAE,KAAK;SACT,CAAC;QACF,OAAO,GAAG,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,IAAI,CAAC,OAAO,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;gBAC3C,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC;gBAChF,IAAI,CAAC,kBAAkB,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;oBACpD,MAAM,EAAE,kBAAkB;oBAC1B,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY;oBACpC,WAAW,EAAE;wBACX,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,SAAS,IAAI,OAAO;wBACrD,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM;wBACpC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ;qBACzC;iBACF,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;YACrF,CAAC;YACD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,CAAC;QACD,OAAO,IAAI,CAAC,kBAAmB,CAAC;IAClC,CAAC;CACF,CAAA;AA5GY,UAAU;IADtB,UAAU,EAAE;IAOR,WAAA,MAAM,CAAC,mBAAmB,CAAC,CAAA;;GANnB,UAAU,CA4GtB"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import type { ICacheService } from '../interfaces';
|
|
2
|
+
/**
|
|
3
|
+
* Redis-backed token blacklist that enables immediate token revocation.
|
|
4
|
+
*
|
|
5
|
+
* Tokens are stored with a TTL matching the token's remaining lifespan
|
|
6
|
+
* so the blacklist does not grow unbounded.
|
|
7
|
+
*/
|
|
8
|
+
export declare class TokenBlacklistService {
|
|
9
|
+
private readonly cache;
|
|
10
|
+
constructor(cache: ICacheService);
|
|
11
|
+
/**
|
|
12
|
+
* Blacklist an access token (by its `jti`) until its natural expiry.
|
|
13
|
+
*
|
|
14
|
+
* @param jti Token ID (unique per token)
|
|
15
|
+
* @param ttlSeconds Seconds until the token would have expired
|
|
16
|
+
*/
|
|
17
|
+
blacklistAccess(jti: string, ttlSeconds: number): Promise<void>;
|
|
18
|
+
/**
|
|
19
|
+
* Check whether an access token has been blacklisted.
|
|
20
|
+
*/
|
|
21
|
+
isBlacklisted(jti: string): Promise<boolean>;
|
|
22
|
+
/**
|
|
23
|
+
* Flag a refresh token family as revoked.
|
|
24
|
+
* When rotation detects a reused old refresh token, the entire
|
|
25
|
+
* family is revoked to prevent token theft.
|
|
26
|
+
*/
|
|
27
|
+
revokeFamily(familyId: string, ttlSeconds: number): Promise<void>;
|
|
28
|
+
/**
|
|
29
|
+
* Check whether a refresh token family has been revoked.
|
|
30
|
+
*/
|
|
31
|
+
isFamilyRevoked(familyId: string): Promise<boolean>;
|
|
32
|
+
/**
|
|
33
|
+
* Remove a specific token from the blacklist (used during cleanup).
|
|
34
|
+
*/
|
|
35
|
+
remove(jti: string): Promise<void>;
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=token-blacklist.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-blacklist.service.d.ts","sourceRoot":"","sources":["../../../packages/auth/session/token-blacklist.service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAOnD;;;;;GAKG;AACH,qBACa,qBAAqB;IAG9B,OAAO,CAAC,QAAQ,CAAC,KAAK;gBAAL,KAAK,EAAE,aAAa;IAGvC;;;;;OAKG;IACG,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIrE;;OAEG;IACG,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlD;;;;OAIG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIvE;;OAEG;IACG,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKzD;;OAEG;IACG,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGzC"}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
+
};
|
|
13
|
+
import { Inject, Injectable } from '@nestjs/common';
|
|
14
|
+
import { CACHE_SERVICE, TOKEN_BLACKLIST_PREFIX, REFRESH_TOKEN_FAMILY_PREFIX, } from '../auth.constants';
|
|
15
|
+
/**
|
|
16
|
+
* Redis-backed token blacklist that enables immediate token revocation.
|
|
17
|
+
*
|
|
18
|
+
* Tokens are stored with a TTL matching the token's remaining lifespan
|
|
19
|
+
* so the blacklist does not grow unbounded.
|
|
20
|
+
*/
|
|
21
|
+
let TokenBlacklistService = class TokenBlacklistService {
|
|
22
|
+
cache;
|
|
23
|
+
constructor(cache) {
|
|
24
|
+
this.cache = cache;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Blacklist an access token (by its `jti`) until its natural expiry.
|
|
28
|
+
*
|
|
29
|
+
* @param jti Token ID (unique per token)
|
|
30
|
+
* @param ttlSeconds Seconds until the token would have expired
|
|
31
|
+
*/
|
|
32
|
+
async blacklistAccess(jti, ttlSeconds) {
|
|
33
|
+
await this.cache.set(`${TOKEN_BLACKLIST_PREFIX}${jti}`, true, ttlSeconds);
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Check whether an access token has been blacklisted.
|
|
37
|
+
*/
|
|
38
|
+
async isBlacklisted(jti) {
|
|
39
|
+
const result = await this.cache.get(`${TOKEN_BLACKLIST_PREFIX}${jti}`);
|
|
40
|
+
return result === true;
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Flag a refresh token family as revoked.
|
|
44
|
+
* When rotation detects a reused old refresh token, the entire
|
|
45
|
+
* family is revoked to prevent token theft.
|
|
46
|
+
*/
|
|
47
|
+
async revokeFamily(familyId, ttlSeconds) {
|
|
48
|
+
await this.cache.set(`${REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`, true, ttlSeconds);
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Check whether a refresh token family has been revoked.
|
|
52
|
+
*/
|
|
53
|
+
async isFamilyRevoked(familyId) {
|
|
54
|
+
const result = await this.cache.get(`${REFRESH_TOKEN_FAMILY_PREFIX}${familyId}`);
|
|
55
|
+
return result === true;
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Remove a specific token from the blacklist (used during cleanup).
|
|
59
|
+
*/
|
|
60
|
+
async remove(jti) {
|
|
61
|
+
await this.cache.del(`${TOKEN_BLACKLIST_PREFIX}${jti}`);
|
|
62
|
+
}
|
|
63
|
+
};
|
|
64
|
+
TokenBlacklistService = __decorate([
|
|
65
|
+
Injectable(),
|
|
66
|
+
__param(0, Inject(CACHE_SERVICE)),
|
|
67
|
+
__metadata("design:paramtypes", [Object])
|
|
68
|
+
], TokenBlacklistService);
|
|
69
|
+
export { TokenBlacklistService };
|
|
70
|
+
//# sourceMappingURL=token-blacklist.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-blacklist.service.js","sourceRoot":"","sources":["../../../packages/auth/session/token-blacklist.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,2BAA2B,GAC5B,MAAM,mBAAmB,CAAC;AAE3B;;;;;GAKG;AAEI,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAGb;IAFnB,YAEmB,KAAoB;QAApB,UAAK,GAAL,KAAK,CAAe;IACpC,CAAC;IAEJ;;;;;OAKG;IACH,KAAK,CAAC,eAAe,CAAC,GAAW,EAAE,UAAkB;QACnD,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,sBAAsB,GAAG,GAAG,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,GAAW;QAC7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAU,GAAG,sBAAsB,GAAG,GAAG,EAAE,CAAC,CAAC;QAChF,OAAO,MAAM,KAAK,IAAI,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,UAAkB;QACrD,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,2BAA2B,GAAG,QAAQ,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;IACtF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,QAAgB;QACpC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAU,GAAG,2BAA2B,GAAG,QAAQ,EAAE,CAAC,CAAC;QAC1F,OAAO,MAAM,KAAK,IAAI,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,sBAAsB,GAAG,GAAG,EAAE,CAAC,CAAC;IAC1D,CAAC;CACF,CAAA;AA/CY,qBAAqB;IADjC,UAAU,EAAE;IAGR,WAAA,MAAM,CAAC,aAAa,CAAC,CAAA;;GAFb,qBAAqB,CA+CjC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import { AuthMethod, type IAuthResult } from '../../interfaces';
|
|
3
|
+
import { JwtService } from '../../session/jwt.service';
|
|
4
|
+
import { BaseStrategy } from '../base/base.strategy';
|
|
5
|
+
/**
|
|
6
|
+
* Anonymous session strategy.
|
|
7
|
+
*
|
|
8
|
+
* Creates a temporary identity without requiring credentials.
|
|
9
|
+
* These sessions can later be converted to permanent accounts.
|
|
10
|
+
*/
|
|
11
|
+
export declare class AnonymousStrategy extends BaseStrategy {
|
|
12
|
+
private readonly jwtService;
|
|
13
|
+
readonly type = AuthMethod.ANONYMOUS;
|
|
14
|
+
readonly name = "anonymous";
|
|
15
|
+
private counter;
|
|
16
|
+
constructor(jwtService: JwtService);
|
|
17
|
+
authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=anonymous.strategy.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"anonymous.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/anonymous/anonymous.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AACH,qBACa,iBAAkB,SAAQ,YAAY;IAMrC,OAAO,CAAC,QAAQ,CAAC,UAAU;IALvC,QAAQ,CAAC,IAAI,wBAAwB;IACrC,QAAQ,CAAC,IAAI,eAAe;IAE5B,OAAO,CAAC,OAAO,CAAK;gBAES,UAAU,EAAE,UAAU;IAIpC,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CAiBxB"}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
import { Injectable } from '@nestjs/common';
|
|
11
|
+
import { AuthMethod } from '../../interfaces';
|
|
12
|
+
import { JwtService } from '../../session/jwt.service';
|
|
13
|
+
import { BaseStrategy } from '../base/base.strategy';
|
|
14
|
+
/**
|
|
15
|
+
* Anonymous session strategy.
|
|
16
|
+
*
|
|
17
|
+
* Creates a temporary identity without requiring credentials.
|
|
18
|
+
* These sessions can later be converted to permanent accounts.
|
|
19
|
+
*/
|
|
20
|
+
let AnonymousStrategy = class AnonymousStrategy extends BaseStrategy {
|
|
21
|
+
jwtService;
|
|
22
|
+
type = AuthMethod.ANONYMOUS;
|
|
23
|
+
name = 'anonymous';
|
|
24
|
+
counter = 0;
|
|
25
|
+
constructor(jwtService) {
|
|
26
|
+
super();
|
|
27
|
+
this.jwtService = jwtService;
|
|
28
|
+
}
|
|
29
|
+
async authenticate(payload, _context) {
|
|
30
|
+
this.counter += 1;
|
|
31
|
+
const idPrefix = payload.idPrefix || 'anon_';
|
|
32
|
+
const id = `${idPrefix}${Date.now()}_${this.counter}_${Math.random().toString(36).slice(2, 8)}`;
|
|
33
|
+
const user = {
|
|
34
|
+
id,
|
|
35
|
+
username: `Anonymous_${id.slice(-8)}`,
|
|
36
|
+
isAnonymous: true,
|
|
37
|
+
roles: [],
|
|
38
|
+
permissions: [],
|
|
39
|
+
};
|
|
40
|
+
const tokens = await this.jwtService.signTokens(user);
|
|
41
|
+
return { user, tokens, isNewUser: true };
|
|
42
|
+
}
|
|
43
|
+
};
|
|
44
|
+
AnonymousStrategy = __decorate([
|
|
45
|
+
Injectable(),
|
|
46
|
+
__metadata("design:paramtypes", [JwtService])
|
|
47
|
+
], AnonymousStrategy);
|
|
48
|
+
export { AnonymousStrategy };
|
|
49
|
+
//# sourceMappingURL=anonymous.strategy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"anonymous.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/anonymous/anonymous.strategy.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AAEI,IAAM,iBAAiB,GAAvB,MAAM,iBAAkB,SAAQ,YAAY;IAMpB;IALpB,IAAI,GAAG,UAAU,CAAC,SAAS,CAAC;IAC5B,IAAI,GAAG,WAAW,CAAC;IAEpB,OAAO,GAAG,CAAC,CAAC;IAEpB,YAA6B,UAAsB;QACjD,KAAK,EAAE,CAAC;QADmB,eAAU,GAAV,UAAU,CAAY;IAEnD,CAAC;IAEQ,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,IAAI,CAAC,OAAO,IAAI,CAAC,CAAC;QAClB,MAAM,QAAQ,GAAI,OAAO,CAAC,QAAmB,IAAI,OAAO,CAAC;QACzD,MAAM,EAAE,GAAG,GAAG,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QAEhG,MAAM,IAAI,GAAG;YACX,EAAE;YACF,QAAQ,EAAE,aAAa,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;YACrC,WAAW,EAAE,IAAI;YACjB,KAAK,EAAE,EAAc;YACrB,WAAW,EAAE,EAAc;SAC5B,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAC3C,CAAC;CACF,CAAA;AA9BY,iBAAiB;IAD7B,UAAU,EAAE;qCAO8B,UAAU;GANxC,iBAAiB,CA8B7B"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import type { IAuthStrategy, IAuthResult, AuthMethod } from '../../interfaces';
|
|
3
|
+
/**
|
|
4
|
+
* Abstract base strategy providing a common type and name for all strategies.
|
|
5
|
+
*/
|
|
6
|
+
export declare abstract class BaseStrategy implements IAuthStrategy {
|
|
7
|
+
abstract readonly type: AuthMethod;
|
|
8
|
+
abstract readonly name: string;
|
|
9
|
+
abstract authenticate(payload: Record<string, unknown>, context?: ExecutionContext): Promise<IAuthResult>;
|
|
10
|
+
}
|
|
11
|
+
//# sourceMappingURL=base.strategy.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"base.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/base/base.strategy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,KAAK,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE/E;;GAEG;AACH,8BAAsB,YAAa,YAAW,aAAa;IACzD,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IACnC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAE/B,QAAQ,CAAC,YAAY,CACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,WAAW,CAAC;CACxB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"base.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/base/base.strategy.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,OAAgB,YAAY;CAQjC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import type { ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import { AuthMethod, type IAuthResult } from '../../interfaces';
|
|
3
|
+
import type { IUserService } from '../../interfaces';
|
|
4
|
+
import { PasswordService } from '../../password/password.service';
|
|
5
|
+
import { JwtService } from '../../session/jwt.service';
|
|
6
|
+
import { BaseStrategy } from '../base/base.strategy';
|
|
7
|
+
/**
|
|
8
|
+
* Authenticates users via email/username + password.
|
|
9
|
+
*
|
|
10
|
+
* Enabled by default when `AuthModuleOptions.credentials` is `true`
|
|
11
|
+
* (or an object).
|
|
12
|
+
*/
|
|
13
|
+
export declare class CredentialsStrategy extends BaseStrategy {
|
|
14
|
+
private readonly userService;
|
|
15
|
+
private readonly jwtService;
|
|
16
|
+
readonly type = AuthMethod.CREDENTIALS;
|
|
17
|
+
readonly name = "credentials";
|
|
18
|
+
constructor(userService: IUserService, _passwordService: PasswordService, jwtService: JwtService);
|
|
19
|
+
authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=credentials.strategy.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"credentials.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/credentials/credentials.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AACH,qBACa,mBAAoB,SAAQ,YAAY;IAMjD,OAAO,CAAC,QAAQ,CAAC,WAAW;IAE5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAP7B,QAAQ,CAAC,IAAI,0BAA0B;IACvC,QAAQ,CAAC,IAAI,iBAAiB;gBAIX,WAAW,EAAE,YAAY,EAC1C,gBAAgB,EAAE,eAAe,EAChB,UAAU,EAAE,UAAU;IAK1B,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CA+BxB"}
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
+
};
|
|
13
|
+
import { Inject, Injectable } from '@nestjs/common';
|
|
14
|
+
import { AuthMethod } from '../../interfaces';
|
|
15
|
+
import { USER_SERVICE } from '../../auth.constants';
|
|
16
|
+
import { PasswordService } from '../../password/password.service';
|
|
17
|
+
import { JwtService } from '../../session/jwt.service';
|
|
18
|
+
import { BaseStrategy } from '../base/base.strategy';
|
|
19
|
+
/**
|
|
20
|
+
* Authenticates users via email/username + password.
|
|
21
|
+
*
|
|
22
|
+
* Enabled by default when `AuthModuleOptions.credentials` is `true`
|
|
23
|
+
* (or an object).
|
|
24
|
+
*/
|
|
25
|
+
let CredentialsStrategy = class CredentialsStrategy extends BaseStrategy {
|
|
26
|
+
userService;
|
|
27
|
+
jwtService;
|
|
28
|
+
type = AuthMethod.CREDENTIALS;
|
|
29
|
+
name = 'credentials';
|
|
30
|
+
constructor(userService, _passwordService, jwtService) {
|
|
31
|
+
super();
|
|
32
|
+
this.userService = userService;
|
|
33
|
+
this.jwtService = jwtService;
|
|
34
|
+
}
|
|
35
|
+
async authenticate(payload, _context) {
|
|
36
|
+
const email = payload.email;
|
|
37
|
+
const username = payload.username;
|
|
38
|
+
const password = payload.password;
|
|
39
|
+
if (!password) {
|
|
40
|
+
throw new Error('Password is required');
|
|
41
|
+
}
|
|
42
|
+
const user = email
|
|
43
|
+
? await this.userService.findByEmail(email)
|
|
44
|
+
: username
|
|
45
|
+
? await this.userService.findByUsername(username)
|
|
46
|
+
: null;
|
|
47
|
+
if (!user) {
|
|
48
|
+
throw new Error('Invalid credentials');
|
|
49
|
+
}
|
|
50
|
+
const valid = await this.userService.validatePassword(user, password);
|
|
51
|
+
if (!valid) {
|
|
52
|
+
throw new Error('Invalid credentials');
|
|
53
|
+
}
|
|
54
|
+
user.roles = await this.userService.getRoles(user.id);
|
|
55
|
+
user.permissions = await this.userService.getPermissions(user.id);
|
|
56
|
+
const tokens = await this.jwtService.signTokens(user);
|
|
57
|
+
return { user, tokens };
|
|
58
|
+
}
|
|
59
|
+
};
|
|
60
|
+
CredentialsStrategy = __decorate([
|
|
61
|
+
Injectable(),
|
|
62
|
+
__param(0, Inject(USER_SERVICE)),
|
|
63
|
+
__metadata("design:paramtypes", [Object, PasswordService,
|
|
64
|
+
JwtService])
|
|
65
|
+
], CredentialsStrategy);
|
|
66
|
+
export { CredentialsStrategy };
|
|
67
|
+
//# sourceMappingURL=credentials.strategy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"credentials.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/credentials/credentials.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AAEI,IAAM,mBAAmB,GAAzB,MAAM,mBAAoB,SAAQ,YAAY;IAMhC;IAEA;IAPV,IAAI,GAAG,UAAU,CAAC,WAAW,CAAC;IAC9B,IAAI,GAAG,aAAa,CAAC;IAE9B,YAEmB,WAAyB,EAC1C,gBAAiC,EAChB,UAAsB;QAEvC,KAAK,EAAE,CAAC;QAJS,gBAAW,GAAX,WAAW,CAAc;QAEzB,eAAU,GAAV,UAAU,CAAY;IAGzC,CAAC;IAEQ,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,KAAK,GAAG,OAAO,CAAC,KAA2B,CAAC;QAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAA8B,CAAC;QACxD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAkB,CAAC;QAE5C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,IAAI,GAAG,KAAK;YAChB,CAAC,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC;YAC3C,CAAC,CAAC,QAAQ;gBACR,CAAC,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC;gBACjD,CAAC,CAAC,IAAI,CAAC;QAEX,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACtE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC1B,CAAC;CACF,CAAA;AA/CY,mBAAmB;IAD/B,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;6CAEH,eAAe;QACJ,UAAU;GAR9B,mBAAmB,CA+C/B"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export { BaseStrategy } from './base/base.strategy';
|
|
2
|
+
export { CredentialsStrategy } from './credentials/credentials.strategy';
|
|
3
|
+
export { OAuthProviderRegistry } from './oauth/oauth-provider-registry';
|
|
4
|
+
export { OAuthStrategy } from './oauth/oauth.strategy';
|
|
5
|
+
export { TotpStrategy } from './totp/totp.strategy';
|
|
6
|
+
export { AnonymousStrategy } from './anonymous/anonymous.strategy';
|
|
7
|
+
export { MagicLinkStrategy } from './magic-link/magic-link.strategy';
|
|
8
|
+
export { OtpStrategy } from './otp/otp.strategy';
|
|
9
|
+
export { PasskeyStrategy } from './passkey/passkey.strategy';
|
|
10
|
+
export { OneTapStrategy } from './onetap/onetap.strategy';
|
|
11
|
+
export { SsoStrategy } from './sso/sso.strategy';
|
|
12
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../packages/auth/strategies/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export { BaseStrategy } from './base/base.strategy';
|
|
2
|
+
export { CredentialsStrategy } from './credentials/credentials.strategy';
|
|
3
|
+
export { OAuthProviderRegistry } from './oauth/oauth-provider-registry';
|
|
4
|
+
export { OAuthStrategy } from './oauth/oauth.strategy';
|
|
5
|
+
export { TotpStrategy } from './totp/totp.strategy';
|
|
6
|
+
export { AnonymousStrategy } from './anonymous/anonymous.strategy';
|
|
7
|
+
export { MagicLinkStrategy } from './magic-link/magic-link.strategy';
|
|
8
|
+
export { OtpStrategy } from './otp/otp.strategy';
|
|
9
|
+
export { PasskeyStrategy } from './passkey/passkey.strategy';
|
|
10
|
+
export { OneTapStrategy } from './onetap/onetap.strategy';
|
|
11
|
+
export { SsoStrategy } from './sso/sso.strategy';
|
|
12
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../packages/auth/strategies/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC"}
|