@os.io/nest-kit 0.0.1-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (287) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +111 -0
  3. package/dist/auth/auth.constants.d.ts +19 -0
  4. package/dist/auth/auth.constants.d.ts.map +1 -0
  5. package/dist/auth/auth.constants.js +19 -0
  6. package/dist/auth/auth.constants.js.map +1 -0
  7. package/dist/auth/auth.guard.d.ts +20 -0
  8. package/dist/auth/auth.guard.d.ts.map +1 -0
  9. package/dist/auth/auth.guard.js +84 -0
  10. package/dist/auth/auth.guard.js.map +1 -0
  11. package/dist/auth/auth.module.d.ts +26 -0
  12. package/dist/auth/auth.module.d.ts.map +1 -0
  13. package/dist/auth/auth.module.js +344 -0
  14. package/dist/auth/auth.module.js.map +1 -0
  15. package/dist/auth/auth.options.d.ts +179 -0
  16. package/dist/auth/auth.options.d.ts.map +1 -0
  17. package/dist/auth/auth.options.js +2 -0
  18. package/dist/auth/auth.options.js.map +1 -0
  19. package/dist/auth/auth.service.d.ts +57 -0
  20. package/dist/auth/auth.service.d.ts.map +1 -0
  21. package/dist/auth/auth.service.js +175 -0
  22. package/dist/auth/auth.service.js.map +1 -0
  23. package/dist/auth/authorization/index.d.ts +3 -0
  24. package/dist/auth/authorization/index.d.ts.map +1 -0
  25. package/dist/auth/authorization/index.js +3 -0
  26. package/dist/auth/authorization/index.js.map +1 -0
  27. package/dist/auth/authorization/pbac/index.d.ts +6 -0
  28. package/dist/auth/authorization/pbac/index.d.ts.map +1 -0
  29. package/dist/auth/authorization/pbac/index.js +4 -0
  30. package/dist/auth/authorization/pbac/index.js.map +1 -0
  31. package/dist/auth/authorization/pbac/pbac.decorator.d.ts +18 -0
  32. package/dist/auth/authorization/pbac/pbac.decorator.d.ts.map +1 -0
  33. package/dist/auth/authorization/pbac/pbac.decorator.js +14 -0
  34. package/dist/auth/authorization/pbac/pbac.decorator.js.map +1 -0
  35. package/dist/auth/authorization/pbac/pbac.guard.d.ts +19 -0
  36. package/dist/auth/authorization/pbac/pbac.guard.d.ts.map +1 -0
  37. package/dist/auth/authorization/pbac/pbac.guard.js +60 -0
  38. package/dist/auth/authorization/pbac/pbac.guard.js.map +1 -0
  39. package/dist/auth/authorization/pbac/pbac.service.d.ts +44 -0
  40. package/dist/auth/authorization/pbac/pbac.service.d.ts.map +1 -0
  41. package/dist/auth/authorization/pbac/pbac.service.js +146 -0
  42. package/dist/auth/authorization/pbac/pbac.service.js.map +1 -0
  43. package/dist/auth/authorization/pbac/pbac.types.d.ts +47 -0
  44. package/dist/auth/authorization/pbac/pbac.types.d.ts.map +1 -0
  45. package/dist/auth/authorization/pbac/pbac.types.js +2 -0
  46. package/dist/auth/authorization/pbac/pbac.types.js.map +1 -0
  47. package/dist/auth/authorization/rbac/index.d.ts +4 -0
  48. package/dist/auth/authorization/rbac/index.d.ts.map +1 -0
  49. package/dist/auth/authorization/rbac/index.js +4 -0
  50. package/dist/auth/authorization/rbac/index.js.map +1 -0
  51. package/dist/auth/authorization/rbac/rbac.decorator.d.ts +18 -0
  52. package/dist/auth/authorization/rbac/rbac.decorator.d.ts.map +1 -0
  53. package/dist/auth/authorization/rbac/rbac.decorator.js +25 -0
  54. package/dist/auth/authorization/rbac/rbac.decorator.js.map +1 -0
  55. package/dist/auth/authorization/rbac/rbac.guard.d.ts +19 -0
  56. package/dist/auth/authorization/rbac/rbac.guard.d.ts.map +1 -0
  57. package/dist/auth/authorization/rbac/rbac.guard.js +50 -0
  58. package/dist/auth/authorization/rbac/rbac.guard.js.map +1 -0
  59. package/dist/auth/authorization/rbac/rbac.service.d.ts +43 -0
  60. package/dist/auth/authorization/rbac/rbac.service.d.ts.map +1 -0
  61. package/dist/auth/authorization/rbac/rbac.service.js +95 -0
  62. package/dist/auth/authorization/rbac/rbac.service.js.map +1 -0
  63. package/dist/auth/decorators/current-user.decorator.d.ts +17 -0
  64. package/dist/auth/decorators/current-user.decorator.d.ts.map +1 -0
  65. package/dist/auth/decorators/current-user.decorator.js +23 -0
  66. package/dist/auth/decorators/current-user.decorator.js.map +1 -0
  67. package/dist/auth/decorators/index.d.ts +3 -0
  68. package/dist/auth/decorators/index.d.ts.map +1 -0
  69. package/dist/auth/decorators/index.js +3 -0
  70. package/dist/auth/decorators/index.js.map +1 -0
  71. package/dist/auth/decorators/public.decorator.d.ts +13 -0
  72. package/dist/auth/decorators/public.decorator.d.ts.map +1 -0
  73. package/dist/auth/decorators/public.decorator.js +15 -0
  74. package/dist/auth/decorators/public.decorator.js.map +1 -0
  75. package/dist/auth/index.d.ts +63 -0
  76. package/dist/auth/index.d.ts.map +1 -0
  77. package/dist/auth/index.js +65 -0
  78. package/dist/auth/index.js.map +1 -0
  79. package/dist/auth/interfaces/auth-request.interface.d.ts +18 -0
  80. package/dist/auth/interfaces/auth-request.interface.d.ts.map +1 -0
  81. package/dist/auth/interfaces/auth-request.interface.js +2 -0
  82. package/dist/auth/interfaces/auth-request.interface.js.map +1 -0
  83. package/dist/auth/interfaces/auth-result.interface.d.ts +28 -0
  84. package/dist/auth/interfaces/auth-result.interface.d.ts.map +1 -0
  85. package/dist/auth/interfaces/auth-result.interface.js +2 -0
  86. package/dist/auth/interfaces/auth-result.interface.js.map +1 -0
  87. package/dist/auth/interfaces/auth-strategy.interface.d.ts +37 -0
  88. package/dist/auth/interfaces/auth-strategy.interface.d.ts.map +1 -0
  89. package/dist/auth/interfaces/auth-strategy.interface.js +16 -0
  90. package/dist/auth/interfaces/auth-strategy.interface.js.map +1 -0
  91. package/dist/auth/interfaces/auth-user.interface.d.ts +25 -0
  92. package/dist/auth/interfaces/auth-user.interface.d.ts.map +1 -0
  93. package/dist/auth/interfaces/auth-user.interface.js +2 -0
  94. package/dist/auth/interfaces/auth-user.interface.js.map +1 -0
  95. package/dist/auth/interfaces/cache-service.interface.d.ts +30 -0
  96. package/dist/auth/interfaces/cache-service.interface.d.ts.map +1 -0
  97. package/dist/auth/interfaces/cache-service.interface.js +2 -0
  98. package/dist/auth/interfaces/cache-service.interface.js.map +1 -0
  99. package/dist/auth/interfaces/index.d.ts +8 -0
  100. package/dist/auth/interfaces/index.d.ts.map +1 -0
  101. package/dist/auth/interfaces/index.js +2 -0
  102. package/dist/auth/interfaces/index.js.map +1 -0
  103. package/dist/auth/interfaces/user-service.interface.d.ts +34 -0
  104. package/dist/auth/interfaces/user-service.interface.d.ts.map +1 -0
  105. package/dist/auth/interfaces/user-service.interface.js +2 -0
  106. package/dist/auth/interfaces/user-service.interface.js.map +1 -0
  107. package/dist/auth/password/password.service.d.ts +23 -0
  108. package/dist/auth/password/password.service.d.ts.map +1 -0
  109. package/dist/auth/password/password.service.js +52 -0
  110. package/dist/auth/password/password.service.js.map +1 -0
  111. package/dist/auth/session/device-session.service.d.ts +43 -0
  112. package/dist/auth/session/device-session.service.d.ts.map +1 -0
  113. package/dist/auth/session/device-session.service.js +72 -0
  114. package/dist/auth/session/device-session.service.js.map +1 -0
  115. package/dist/auth/session/index.d.ts +5 -0
  116. package/dist/auth/session/index.d.ts.map +1 -0
  117. package/dist/auth/session/index.js +4 -0
  118. package/dist/auth/session/index.js.map +1 -0
  119. package/dist/auth/session/jwt.service.d.ts +37 -0
  120. package/dist/auth/session/jwt.service.d.ts.map +1 -0
  121. package/dist/auth/session/jwt.service.js +119 -0
  122. package/dist/auth/session/jwt.service.js.map +1 -0
  123. package/dist/auth/session/token-blacklist.service.d.ts +37 -0
  124. package/dist/auth/session/token-blacklist.service.d.ts.map +1 -0
  125. package/dist/auth/session/token-blacklist.service.js +70 -0
  126. package/dist/auth/session/token-blacklist.service.js.map +1 -0
  127. package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts +19 -0
  128. package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts.map +1 -0
  129. package/dist/auth/strategies/anonymous/anonymous.strategy.js +49 -0
  130. package/dist/auth/strategies/anonymous/anonymous.strategy.js.map +1 -0
  131. package/dist/auth/strategies/base/base.strategy.d.ts +11 -0
  132. package/dist/auth/strategies/base/base.strategy.d.ts.map +1 -0
  133. package/dist/auth/strategies/base/base.strategy.js +6 -0
  134. package/dist/auth/strategies/base/base.strategy.js.map +1 -0
  135. package/dist/auth/strategies/credentials/credentials.strategy.d.ts +21 -0
  136. package/dist/auth/strategies/credentials/credentials.strategy.d.ts.map +1 -0
  137. package/dist/auth/strategies/credentials/credentials.strategy.js +67 -0
  138. package/dist/auth/strategies/credentials/credentials.strategy.js.map +1 -0
  139. package/dist/auth/strategies/index.d.ts +12 -0
  140. package/dist/auth/strategies/index.d.ts.map +1 -0
  141. package/dist/auth/strategies/index.js +12 -0
  142. package/dist/auth/strategies/index.js.map +1 -0
  143. package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts +31 -0
  144. package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts.map +1 -0
  145. package/dist/auth/strategies/magic-link/magic-link.strategy.js +88 -0
  146. package/dist/auth/strategies/magic-link/magic-link.strategy.js.map +1 -0
  147. package/dist/auth/strategies/oauth/index.d.ts +3 -0
  148. package/dist/auth/strategies/oauth/index.d.ts.map +1 -0
  149. package/dist/auth/strategies/oauth/index.js +3 -0
  150. package/dist/auth/strategies/oauth/index.js.map +1 -0
  151. package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts +13 -0
  152. package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts.map +1 -0
  153. package/dist/auth/strategies/oauth/oauth-provider-registry.js +20 -0
  154. package/dist/auth/strategies/oauth/oauth-provider-registry.js.map +1 -0
  155. package/dist/auth/strategies/oauth/oauth.strategy.d.ts +23 -0
  156. package/dist/auth/strategies/oauth/oauth.strategy.d.ts.map +1 -0
  157. package/dist/auth/strategies/oauth/oauth.strategy.js +79 -0
  158. package/dist/auth/strategies/oauth/oauth.strategy.js.map +1 -0
  159. package/dist/auth/strategies/onetap/onetap.strategy.d.ts +24 -0
  160. package/dist/auth/strategies/onetap/onetap.strategy.d.ts.map +1 -0
  161. package/dist/auth/strategies/onetap/onetap.strategy.js +77 -0
  162. package/dist/auth/strategies/onetap/onetap.strategy.js.map +1 -0
  163. package/dist/auth/strategies/otp/otp.strategy.d.ts +31 -0
  164. package/dist/auth/strategies/otp/otp.strategy.d.ts.map +1 -0
  165. package/dist/auth/strategies/otp/otp.strategy.js +93 -0
  166. package/dist/auth/strategies/otp/otp.strategy.js.map +1 -0
  167. package/dist/auth/strategies/passkey/passkey.strategy.d.ts +32 -0
  168. package/dist/auth/strategies/passkey/passkey.strategy.d.ts.map +1 -0
  169. package/dist/auth/strategies/passkey/passkey.strategy.js +102 -0
  170. package/dist/auth/strategies/passkey/passkey.strategy.js.map +1 -0
  171. package/dist/auth/strategies/sso/sso.strategy.d.ts +25 -0
  172. package/dist/auth/strategies/sso/sso.strategy.d.ts.map +1 -0
  173. package/dist/auth/strategies/sso/sso.strategy.js +80 -0
  174. package/dist/auth/strategies/sso/sso.strategy.js.map +1 -0
  175. package/dist/auth/strategies/totp/totp.strategy.d.ts +37 -0
  176. package/dist/auth/strategies/totp/totp.strategy.d.ts.map +1 -0
  177. package/dist/auth/strategies/totp/totp.strategy.js +109 -0
  178. package/dist/auth/strategies/totp/totp.strategy.js.map +1 -0
  179. package/dist/auth/throttling/index.d.ts +2 -0
  180. package/dist/auth/throttling/index.d.ts.map +1 -0
  181. package/dist/auth/throttling/index.js +2 -0
  182. package/dist/auth/throttling/index.js.map +1 -0
  183. package/dist/auth/throttling/throttle.service.d.ts +27 -0
  184. package/dist/auth/throttling/throttle.service.d.ts.map +1 -0
  185. package/dist/auth/throttling/throttle.service.js +63 -0
  186. package/dist/auth/throttling/throttle.service.js.map +1 -0
  187. package/dist/bootstrap/cache/config.d.ts +135 -0
  188. package/dist/bootstrap/cache/config.d.ts.map +1 -0
  189. package/dist/bootstrap/cache/config.js +189 -0
  190. package/dist/bootstrap/cache/config.js.map +1 -0
  191. package/dist/bootstrap/cache/index.d.ts +11 -0
  192. package/dist/bootstrap/cache/index.d.ts.map +1 -0
  193. package/dist/bootstrap/cache/index.js +11 -0
  194. package/dist/bootstrap/cache/index.js.map +1 -0
  195. package/dist/bootstrap/index.d.ts +21 -0
  196. package/dist/bootstrap/index.d.ts.map +1 -0
  197. package/dist/bootstrap/index.js +21 -0
  198. package/dist/bootstrap/index.js.map +1 -0
  199. package/dist/bootstrap/scalar/api-docs.d.ts +39 -0
  200. package/dist/bootstrap/scalar/api-docs.d.ts.map +1 -0
  201. package/dist/bootstrap/scalar/api-docs.js +41 -0
  202. package/dist/bootstrap/scalar/api-docs.js.map +1 -0
  203. package/dist/bootstrap/scalar/index.d.ts +39 -0
  204. package/dist/bootstrap/scalar/index.d.ts.map +1 -0
  205. package/dist/bootstrap/scalar/index.js +41 -0
  206. package/dist/bootstrap/scalar/index.js.map +1 -0
  207. package/dist/bootstrap/swagger/api-docs.d.ts +73 -0
  208. package/dist/bootstrap/swagger/api-docs.d.ts.map +1 -0
  209. package/dist/bootstrap/swagger/api-docs.js +87 -0
  210. package/dist/bootstrap/swagger/api-docs.js.map +1 -0
  211. package/dist/bootstrap/swagger/index.d.ts +37 -0
  212. package/dist/bootstrap/swagger/index.d.ts.map +1 -0
  213. package/dist/bootstrap/swagger/index.js +36 -0
  214. package/dist/bootstrap/swagger/index.js.map +1 -0
  215. package/dist/bootstrap/typeorm/config/index.d.ts +12 -0
  216. package/dist/bootstrap/typeorm/config/index.d.ts.map +1 -0
  217. package/dist/bootstrap/typeorm/config/index.js +62 -0
  218. package/dist/bootstrap/typeorm/config/index.js.map +1 -0
  219. package/dist/bootstrap/typeorm/crud/controller.d.ts +13 -0
  220. package/dist/bootstrap/typeorm/crud/controller.d.ts.map +1 -0
  221. package/dist/bootstrap/typeorm/crud/controller.js +72 -0
  222. package/dist/bootstrap/typeorm/crud/controller.js.map +1 -0
  223. package/dist/bootstrap/typeorm/crud/index.d.ts +4 -0
  224. package/dist/bootstrap/typeorm/crud/index.d.ts.map +1 -0
  225. package/dist/bootstrap/typeorm/crud/index.js +3 -0
  226. package/dist/bootstrap/typeorm/crud/index.js.map +1 -0
  227. package/dist/bootstrap/typeorm/crud/service.d.ts +10 -0
  228. package/dist/bootstrap/typeorm/crud/service.d.ts.map +1 -0
  229. package/dist/bootstrap/typeorm/crud/service.js +21 -0
  230. package/dist/bootstrap/typeorm/crud/service.js.map +1 -0
  231. package/dist/bootstrap/typeorm/index.d.ts +18 -0
  232. package/dist/bootstrap/typeorm/index.d.ts.map +1 -0
  233. package/dist/bootstrap/typeorm/index.js +18 -0
  234. package/dist/bootstrap/typeorm/index.js.map +1 -0
  235. package/dist/bootstrap/typeorm/uow/factory.d.ts +5 -0
  236. package/dist/bootstrap/typeorm/uow/factory.d.ts.map +1 -0
  237. package/dist/bootstrap/typeorm/uow/factory.js +27 -0
  238. package/dist/bootstrap/typeorm/uow/factory.js.map +1 -0
  239. package/dist/bootstrap/typeorm/uow/index.d.ts +4 -0
  240. package/dist/bootstrap/typeorm/uow/index.d.ts.map +1 -0
  241. package/dist/bootstrap/typeorm/uow/index.js +4 -0
  242. package/dist/bootstrap/typeorm/uow/index.js.map +1 -0
  243. package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts +62 -0
  244. package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts.map +1 -0
  245. package/dist/bootstrap/typeorm/uow/transactional.decorator.js +114 -0
  246. package/dist/bootstrap/typeorm/uow/transactional.decorator.js.map +1 -0
  247. package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts +11 -0
  248. package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts.map +1 -0
  249. package/dist/bootstrap/typeorm/uow/unit-of-work.js +23 -0
  250. package/dist/bootstrap/typeorm/uow/unit-of-work.js.map +1 -0
  251. package/dist/core/index.d.ts +11 -0
  252. package/dist/core/index.d.ts.map +1 -0
  253. package/dist/core/index.js +11 -0
  254. package/dist/core/index.js.map +1 -0
  255. package/dist/infra/audit-log/index.d.ts +12 -0
  256. package/dist/infra/audit-log/index.d.ts.map +1 -0
  257. package/dist/infra/audit-log/index.js +13 -0
  258. package/dist/infra/audit-log/index.js.map +1 -0
  259. package/dist/infra/index.d.ts +20 -0
  260. package/dist/infra/index.d.ts.map +1 -0
  261. package/dist/infra/index.js +21 -0
  262. package/dist/infra/index.js.map +1 -0
  263. package/dist/infra/logger/index.d.ts +12 -0
  264. package/dist/infra/logger/index.d.ts.map +1 -0
  265. package/dist/infra/logger/index.js +13 -0
  266. package/dist/infra/logger/index.js.map +1 -0
  267. package/dist/infra/metrics/index.d.ts +18 -0
  268. package/dist/infra/metrics/index.d.ts.map +1 -0
  269. package/dist/infra/metrics/index.js +19 -0
  270. package/dist/infra/metrics/index.js.map +1 -0
  271. package/dist/infra/notification/index.d.ts +12 -0
  272. package/dist/infra/notification/index.d.ts.map +1 -0
  273. package/dist/infra/notification/index.js +13 -0
  274. package/dist/infra/notification/index.js.map +1 -0
  275. package/dist/infra/storage/index.d.ts +12 -0
  276. package/dist/infra/storage/index.d.ts.map +1 -0
  277. package/dist/infra/storage/index.js +13 -0
  278. package/dist/infra/storage/index.js.map +1 -0
  279. package/dist/infra/stripe/index.d.ts +12 -0
  280. package/dist/infra/stripe/index.d.ts.map +1 -0
  281. package/dist/infra/stripe/index.js +13 -0
  282. package/dist/infra/stripe/index.js.map +1 -0
  283. package/dist/saas/index.d.ts +18 -0
  284. package/dist/saas/index.d.ts.map +1 -0
  285. package/dist/saas/index.js +19 -0
  286. package/dist/saas/index.js.map +1 -0
  287. package/package.json +165 -0
@@ -0,0 +1,31 @@
1
+ import type { ExecutionContext } from '@nestjs/common';
2
+ import { AuthMethod, type IAuthResult, type ICacheService } from '../../interfaces';
3
+ import type { IUserService } from '../../interfaces';
4
+ import { JwtService } from '../../session/jwt.service';
5
+ import { BaseStrategy } from '../base/base.strategy';
6
+ /**
7
+ * Passwordless email login via magic links.
8
+ *
9
+ * Flow:
10
+ * 1. User enters their email → a token is generated and stored in cache
11
+ * 2. Email is sent with a link containing the token
12
+ * 3. User clicks the link → token is validated → user is signed in
13
+ */
14
+ export declare class MagicLinkStrategy extends BaseStrategy {
15
+ private readonly cache;
16
+ private readonly userService;
17
+ private readonly jwtService;
18
+ readonly type = AuthMethod.MAGIC_LINK;
19
+ readonly name = "magic-link";
20
+ constructor(cache: ICacheService, userService: IUserService, jwtService: JwtService);
21
+ /**
22
+ * Request a magic link for the given email.
23
+ * Returns the raw token (in production, send this via email).
24
+ */
25
+ requestLink(email: string, expiresIn?: number, tokenBytes?: number): Promise<string>;
26
+ /**
27
+ * Authenticate using a magic-link token.
28
+ */
29
+ authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
30
+ }
31
+ //# sourceMappingURL=magic-link.strategy.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"magic-link.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/magic-link/magic-link.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,KAAK,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACpF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAGrD;;;;;;;GAOG;AACH,qBACa,iBAAkB,SAAQ,YAAY;IAM/C,OAAO,CAAC,QAAQ,CAAC,KAAK;IAEtB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAR7B,QAAQ,CAAC,IAAI,yBAAyB;IACtC,QAAQ,CAAC,IAAI,gBAAgB;gBAIV,KAAK,EAAE,aAAa,EAEpB,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU;IAKzC;;;OAGG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,SAAM,EAAE,UAAU,SAAK,GAAG,OAAO,CAAC,MAAM,CAAC;IAMnF;;OAEG;IACY,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CAwCxB"}
@@ -0,0 +1,88 @@
1
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
6
+ };
7
+ var __metadata = (this && this.__metadata) || function (k, v) {
8
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
+ };
10
+ var __param = (this && this.__param) || function (paramIndex, decorator) {
11
+ return function (target, key) { decorator(target, key, paramIndex); }
12
+ };
13
+ import { Inject, Injectable } from '@nestjs/common';
14
+ import { AuthMethod } from '../../interfaces';
15
+ import { CACHE_SERVICE, MAGIC_LINK_PREFIX, USER_SERVICE } from '../../auth.constants';
16
+ import { JwtService } from '../../session/jwt.service';
17
+ import { BaseStrategy } from '../base/base.strategy';
18
+ import { randomBytes } from 'node:crypto';
19
+ /**
20
+ * Passwordless email login via magic links.
21
+ *
22
+ * Flow:
23
+ * 1. User enters their email → a token is generated and stored in cache
24
+ * 2. Email is sent with a link containing the token
25
+ * 3. User clicks the link → token is validated → user is signed in
26
+ */
27
+ let MagicLinkStrategy = class MagicLinkStrategy extends BaseStrategy {
28
+ cache;
29
+ userService;
30
+ jwtService;
31
+ type = AuthMethod.MAGIC_LINK;
32
+ name = 'magic-link';
33
+ constructor(cache, userService, jwtService) {
34
+ super();
35
+ this.cache = cache;
36
+ this.userService = userService;
37
+ this.jwtService = jwtService;
38
+ }
39
+ /**
40
+ * Request a magic link for the given email.
41
+ * Returns the raw token (in production, send this via email).
42
+ */
43
+ async requestLink(email, expiresIn = 900, tokenBytes = 32) {
44
+ const token = randomBytes(tokenBytes).toString('hex');
45
+ await this.cache.set(`${MAGIC_LINK_PREFIX}${token}`, { email, used: false }, expiresIn);
46
+ return token;
47
+ }
48
+ /**
49
+ * Authenticate using a magic-link token.
50
+ */
51
+ async authenticate(payload, _context) {
52
+ const token = payload.token;
53
+ if (!token) {
54
+ throw new Error('Magic link token is required');
55
+ }
56
+ const data = await this.cache.get(`${MAGIC_LINK_PREFIX}${token}`);
57
+ if (!data) {
58
+ throw new Error('Invalid or expired magic link');
59
+ }
60
+ if (data.used) {
61
+ throw new Error('Magic link has already been used');
62
+ }
63
+ // Mark as used immediately (prevent replay)
64
+ await this.cache.set(`${MAGIC_LINK_PREFIX}${token}`, { ...data, used: true }, 60);
65
+ const existingUser = await this.userService.findByEmail(data.email);
66
+ let finalUser;
67
+ let isNewUser = false;
68
+ if (!existingUser) {
69
+ finalUser = await this.userService.create({ email: data.email });
70
+ isNewUser = true;
71
+ }
72
+ else {
73
+ finalUser = existingUser;
74
+ }
75
+ finalUser.roles = await this.userService.getRoles(finalUser.id);
76
+ finalUser.permissions = await this.userService.getPermissions(finalUser.id);
77
+ const tokens = await this.jwtService.signTokens(finalUser);
78
+ return { user: finalUser, tokens, isNewUser };
79
+ }
80
+ };
81
+ MagicLinkStrategy = __decorate([
82
+ Injectable(),
83
+ __param(0, Inject(CACHE_SERVICE)),
84
+ __param(1, Inject(USER_SERVICE)),
85
+ __metadata("design:paramtypes", [Object, Object, JwtService])
86
+ ], MagicLinkStrategy);
87
+ export { MagicLinkStrategy };
88
+ //# sourceMappingURL=magic-link.strategy.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"magic-link.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/magic-link/magic-link.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAwC,MAAM,kBAAkB,CAAC;AAEpF,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACtF,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C;;;;;;;GAOG;AAEI,IAAM,iBAAiB,GAAvB,MAAM,iBAAkB,SAAQ,YAAY;IAM9B;IAEA;IACA;IARV,IAAI,GAAG,UAAU,CAAC,UAAU,CAAC;IAC7B,IAAI,GAAG,YAAY,CAAC;IAE7B,YAEmB,KAAoB,EAEpB,WAAyB,EACzB,UAAsB;QAEvC,KAAK,EAAE,CAAC;QALS,UAAK,GAAL,KAAK,CAAe;QAEpB,gBAAW,GAAX,WAAW,CAAc;QACzB,eAAU,GAAV,UAAU,CAAY;IAGzC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,KAAa,EAAE,SAAS,GAAG,GAAG,EAAE,UAAU,GAAG,EAAE;QAC/D,MAAM,KAAK,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACtD,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,iBAAiB,GAAG,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;QACxF,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAe,CAAC;QAEtC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAC/B,GAAG,iBAAiB,GAAG,KAAK,EAAE,CAC/B,CAAC;QAEF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,4CAA4C;QAC5C,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,iBAAiB,GAAG,KAAK,EAAE,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAElF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpE,IAAI,SAA+C,CAAC;QACpD,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YACjE,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,YAAY,CAAC;QAC3B,CAAC;QAED,SAAS,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAChE,SAAS,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAE5E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAE3D,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAChD,CAAC;CACF,CAAA;AAtEY,iBAAiB;IAD7B,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,aAAa,CAAC,CAAA;IAErB,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;qDAEQ,UAAU;GAT9B,iBAAiB,CAsE7B"}
@@ -0,0 +1,3 @@
1
+ export { OAuthProviderRegistry } from './oauth-provider-registry';
2
+ export { OAuthStrategy } from './oauth.strategy';
3
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC"}
@@ -0,0 +1,3 @@
1
+ export { OAuthProviderRegistry } from './oauth-provider-registry';
2
+ export { OAuthStrategy } from './oauth.strategy';
3
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC"}
@@ -0,0 +1,13 @@
1
+ import type { OAuthProviderConfig } from '../../auth.options';
2
+ /**
3
+ * Registry of OAuth provider configurations.
4
+ * Populated at runtime from AuthModuleOptions.oauth.
5
+ */
6
+ export declare class OAuthProviderRegistry {
7
+ private providers;
8
+ register(provider: string, config: OAuthProviderConfig): void;
9
+ get(provider: string): OAuthProviderConfig | undefined;
10
+ has(provider: string): boolean;
11
+ all(): Map<string, OAuthProviderConfig>;
12
+ }
13
+ //# sourceMappingURL=oauth-provider-registry.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-provider-registry.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/oauth/oauth-provider-registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE9D;;;GAGG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,SAAS,CAA0C;IAE3D,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,GAAG,IAAI;IAI7D,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,mBAAmB,GAAG,SAAS;IAItD,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAI9B,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,mBAAmB,CAAC;CAGxC"}
@@ -0,0 +1,20 @@
1
+ /**
2
+ * Registry of OAuth provider configurations.
3
+ * Populated at runtime from AuthModuleOptions.oauth.
4
+ */
5
+ export class OAuthProviderRegistry {
6
+ providers = new Map();
7
+ register(provider, config) {
8
+ this.providers.set(provider.toLowerCase(), config);
9
+ }
10
+ get(provider) {
11
+ return this.providers.get(provider.toLowerCase());
12
+ }
13
+ has(provider) {
14
+ return this.providers.has(provider.toLowerCase());
15
+ }
16
+ all() {
17
+ return new Map(this.providers);
18
+ }
19
+ }
20
+ //# sourceMappingURL=oauth-provider-registry.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-provider-registry.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/oauth/oauth-provider-registry.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,OAAO,qBAAqB;IACxB,SAAS,GAAG,IAAI,GAAG,EAA+B,CAAC;IAE3D,QAAQ,CAAC,QAAgB,EAAE,MAA2B;QACpD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,CAAC,CAAC;IACrD,CAAC;IAED,GAAG,CAAC,QAAgB;QAClB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,GAAG,CAAC,QAAgB;QAClB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,GAAG;QACD,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;CACF"}
@@ -0,0 +1,23 @@
1
+ import type { ExecutionContext } from '@nestjs/common';
2
+ import { AuthMethod, type IAuthResult } from '../../interfaces';
3
+ import type { IUserService } from '../../interfaces';
4
+ import { JwtService } from '../../session/jwt.service';
5
+ import { BaseStrategy } from '../base/base.strategy';
6
+ import { OAuthProviderRegistry } from './oauth-provider-registry';
7
+ /**
8
+ * OAuth 2.0 authentication strategy supporting Google, GitHub, Facebook,
9
+ * Apple, Microsoft, Discord, and custom providers.
10
+ *
11
+ * The consumer must provide a handler to exchange the authorization code
12
+ * for user info (or pass an access token directly).
13
+ */
14
+ export declare class OAuthStrategy extends BaseStrategy {
15
+ private readonly userService;
16
+ private readonly jwtService;
17
+ readonly registry: OAuthProviderRegistry;
18
+ readonly type = AuthMethod.OAUTH;
19
+ readonly name = "oauth";
20
+ constructor(userService: IUserService, jwtService: JwtService, registry: OAuthProviderRegistry);
21
+ authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
22
+ }
23
+ //# sourceMappingURL=oauth.strategy.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/oauth/oauth.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAElE;;;;;;GAMG;AACH,qBACa,aAAc,SAAQ,YAAY;IAM3C,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;aACX,QAAQ,EAAE,qBAAqB;IAPjD,QAAQ,CAAC,IAAI,oBAAoB;IACjC,QAAQ,CAAC,IAAI,WAAW;gBAIL,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU,EACvB,QAAQ,EAAE,qBAAqB;IAKlC,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CA0CxB"}
@@ -0,0 +1,79 @@
1
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
6
+ };
7
+ var __metadata = (this && this.__metadata) || function (k, v) {
8
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
+ };
10
+ var __param = (this && this.__param) || function (paramIndex, decorator) {
11
+ return function (target, key) { decorator(target, key, paramIndex); }
12
+ };
13
+ import { Inject, Injectable } from '@nestjs/common';
14
+ import { AuthMethod } from '../../interfaces';
15
+ import { USER_SERVICE } from '../../auth.constants';
16
+ import { JwtService } from '../../session/jwt.service';
17
+ import { BaseStrategy } from '../base/base.strategy';
18
+ import { OAuthProviderRegistry } from './oauth-provider-registry';
19
+ /**
20
+ * OAuth 2.0 authentication strategy supporting Google, GitHub, Facebook,
21
+ * Apple, Microsoft, Discord, and custom providers.
22
+ *
23
+ * The consumer must provide a handler to exchange the authorization code
24
+ * for user info (or pass an access token directly).
25
+ */
26
+ let OAuthStrategy = class OAuthStrategy extends BaseStrategy {
27
+ userService;
28
+ jwtService;
29
+ registry;
30
+ type = AuthMethod.OAUTH;
31
+ name = 'oauth';
32
+ constructor(userService, jwtService, registry) {
33
+ super();
34
+ this.userService = userService;
35
+ this.jwtService = jwtService;
36
+ this.registry = registry;
37
+ }
38
+ async authenticate(payload, _context) {
39
+ const provider = payload.provider;
40
+ const code = payload.code;
41
+ const accessToken = payload.accessToken;
42
+ if (!provider) {
43
+ throw new Error('OAuth provider is required');
44
+ }
45
+ if (!code && !accessToken) {
46
+ throw new Error('Either authorization code or access token is required');
47
+ }
48
+ if (!this.registry.has(provider)) {
49
+ throw new Error(`Unsupported OAuth provider: ${provider}`);
50
+ }
51
+ // In production, exchange the code for an access token and fetch user info
52
+ // from the provider's userinfo endpoint. The exact implementation depends
53
+ // on the provider. Here we delegate to the consumer via a custom handler.
54
+ //
55
+ // The consumer should override this by providing their own OAuth handler.
56
+ const socialId = `${provider}:${(payload.sub || payload.id)}`;
57
+ const email = payload.email;
58
+ const name = payload.name;
59
+ let user = await this.userService.findBySocialId(provider, socialId);
60
+ if (!user) {
61
+ user = await this.userService.create({
62
+ email,
63
+ username: name,
64
+ });
65
+ }
66
+ user.roles = await this.userService.getRoles(user.id);
67
+ user.permissions = await this.userService.getPermissions(user.id);
68
+ const tokens = await this.jwtService.signTokens(user);
69
+ return { user, tokens, isNewUser: !user.email };
70
+ }
71
+ };
72
+ OAuthStrategy = __decorate([
73
+ Injectable(),
74
+ __param(0, Inject(USER_SERVICE)),
75
+ __metadata("design:paramtypes", [Object, JwtService,
76
+ OAuthProviderRegistry])
77
+ ], OAuthStrategy);
78
+ export { OAuthStrategy };
79
+ //# sourceMappingURL=oauth.strategy.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/oauth/oauth.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAElE;;;;;;GAMG;AAEI,IAAM,aAAa,GAAnB,MAAM,aAAc,SAAQ,YAAY;IAM1B;IACA;IACD;IAPT,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC;IACxB,IAAI,GAAG,OAAO,CAAC;IAExB,YAEmB,WAAyB,EACzB,UAAsB,EACvB,QAA+B;QAE/C,KAAK,EAAE,CAAC;QAJS,gBAAW,GAAX,WAAW,CAAc;QACzB,eAAU,GAAV,UAAU,CAAY;QACvB,aAAQ,GAAR,QAAQ,CAAuB;IAGjD,CAAC;IAEQ,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAkB,CAAC;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,IAA0B,CAAC;QAChD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAiC,CAAC;QAE9D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,2EAA2E;QAC3E,0EAA0E;QAC1E,0EAA0E;QAC1E,EAAE;QACF,0EAA0E;QAC1E,MAAM,QAAQ,GAAG,GAAG,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE,CAAW,EAAE,CAAC;QACxE,MAAM,KAAK,GAAG,OAAO,CAAC,KAA2B,CAAC;QAClD,MAAM,IAAI,GAAG,OAAO,CAAC,IAA0B,CAAC;QAEhD,IAAI,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAErE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;gBACnC,KAAK;gBACL,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IAClD,CAAC;CACF,CAAA;AA1DY,aAAa;IADzB,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;6CAEQ,UAAU;QACb,qBAAqB;GARtC,aAAa,CA0DzB"}
@@ -0,0 +1,24 @@
1
+ import type { ExecutionContext } from '@nestjs/common';
2
+ import { AuthMethod, type IAuthResult } from '../../interfaces';
3
+ import type { IUserService } from '../../interfaces';
4
+ import { JwtService } from '../../session/jwt.service';
5
+ import { BaseStrategy } from '../base/base.strategy';
6
+ /**
7
+ * Google & Apple OneTap sign-in strategy.
8
+ *
9
+ * OneTap provides a streamlined sign-in experience where users
10
+ * authenticate with a single tap using their Google or Apple ID.
11
+ */
12
+ export declare class OneTapStrategy extends BaseStrategy {
13
+ private readonly userService;
14
+ private readonly jwtService;
15
+ readonly type = AuthMethod.ONETAP;
16
+ readonly name = "onetap";
17
+ constructor(userService: IUserService, jwtService: JwtService);
18
+ /**
19
+ * Authenticate using a OneTap credential token.
20
+ * Expects `provider` ('google' | 'apple') and `credential` (ID token).
21
+ */
22
+ authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
23
+ }
24
+ //# sourceMappingURL=onetap.strategy.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"onetap.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/onetap/onetap.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AACH,qBACa,cAAe,SAAQ,YAAY;IAM5C,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAN7B,QAAQ,CAAC,IAAI,qBAAqB;IAClC,QAAQ,CAAC,IAAI,YAAY;gBAIN,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU;IAKzC;;;OAGG;IACY,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CAyCxB"}
@@ -0,0 +1,77 @@
1
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
6
+ };
7
+ var __metadata = (this && this.__metadata) || function (k, v) {
8
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
+ };
10
+ var __param = (this && this.__param) || function (paramIndex, decorator) {
11
+ return function (target, key) { decorator(target, key, paramIndex); }
12
+ };
13
+ import { Inject, Injectable } from '@nestjs/common';
14
+ import { AuthMethod } from '../../interfaces';
15
+ import { USER_SERVICE } from '../../auth.constants';
16
+ import { JwtService } from '../../session/jwt.service';
17
+ import { BaseStrategy } from '../base/base.strategy';
18
+ /**
19
+ * Google & Apple OneTap sign-in strategy.
20
+ *
21
+ * OneTap provides a streamlined sign-in experience where users
22
+ * authenticate with a single tap using their Google or Apple ID.
23
+ */
24
+ let OneTapStrategy = class OneTapStrategy extends BaseStrategy {
25
+ userService;
26
+ jwtService;
27
+ type = AuthMethod.ONETAP;
28
+ name = 'onetap';
29
+ constructor(userService, jwtService) {
30
+ super();
31
+ this.userService = userService;
32
+ this.jwtService = jwtService;
33
+ }
34
+ /**
35
+ * Authenticate using a OneTap credential token.
36
+ * Expects `provider` ('google' | 'apple') and `credential` (ID token).
37
+ */
38
+ async authenticate(payload, _context) {
39
+ const provider = payload.provider;
40
+ const credential = payload.credential;
41
+ if (!provider || !credential) {
42
+ throw new Error('provider and credential are required');
43
+ }
44
+ if (!['google', 'apple'].includes(provider)) {
45
+ throw new Error(`Unsupported OneTap provider: ${provider}`);
46
+ }
47
+ // In production, verify the credential (ID token) using the provider's
48
+ // public keys (JWKS). Extract email, name, sub from the decoded token.
49
+ //
50
+ // For Google: use google-auth-library or manually verify the JWT
51
+ // For Apple: fetch Apple's public keys and verify the JWT
52
+ //
53
+ // const payload = await verifyGoogleIdToken(credential, clientId);
54
+ const sub = payload.sub;
55
+ const email = payload.email;
56
+ const name = payload.name;
57
+ const socialId = `${provider}:${sub}`;
58
+ let user = await this.userService.findBySocialId(provider, socialId);
59
+ if (!user) {
60
+ user = await this.userService.create({
61
+ email,
62
+ username: name,
63
+ });
64
+ }
65
+ user.roles = await this.userService.getRoles(user.id);
66
+ user.permissions = await this.userService.getPermissions(user.id);
67
+ const tokens = await this.jwtService.signTokens(user);
68
+ return { user, tokens, isNewUser: !user.email };
69
+ }
70
+ };
71
+ OneTapStrategy = __decorate([
72
+ Injectable(),
73
+ __param(0, Inject(USER_SERVICE)),
74
+ __metadata("design:paramtypes", [Object, JwtService])
75
+ ], OneTapStrategy);
76
+ export { OneTapStrategy };
77
+ //# sourceMappingURL=onetap.strategy.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"onetap.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/onetap/onetap.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AAEI,IAAM,cAAc,GAApB,MAAM,cAAe,SAAQ,YAAY;IAM3B;IACA;IANV,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC;IACzB,IAAI,GAAG,QAAQ,CAAC;IAEzB,YAEmB,WAAyB,EACzB,UAAsB;QAEvC,KAAK,EAAE,CAAC;QAHS,gBAAW,GAAX,WAAW,CAAc;QACzB,eAAU,GAAV,UAAU,CAAY;IAGzC,CAAC;IAED;;;OAGG;IACM,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAkB,CAAC;QAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,UAAoB,CAAC;QAEhD,IAAI,CAAC,QAAQ,IAAI,CAAC,UAAU,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,uEAAuE;QACvE,uEAAuE;QACvE,EAAE;QACF,iEAAiE;QACjE,0DAA0D;QAC1D,EAAE;QACF,mEAAmE;QAEnE,MAAM,GAAG,GAAG,OAAO,CAAC,GAAa,CAAC;QAClC,MAAM,KAAK,GAAG,OAAO,CAAC,KAA2B,CAAC;QAClD,MAAM,IAAI,GAAG,OAAO,CAAC,IAA0B,CAAC;QAEhD,MAAM,QAAQ,GAAG,GAAG,QAAQ,IAAI,GAAG,EAAE,CAAC;QACtC,IAAI,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAErE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;gBACnC,KAAK;gBACL,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IAClD,CAAC;CACF,CAAA;AA5DY,cAAc;IAD1B,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;6CAEQ,UAAU;GAP9B,cAAc,CA4D1B"}
@@ -0,0 +1,31 @@
1
+ import type { ExecutionContext } from '@nestjs/common';
2
+ import { AuthMethod, type IAuthResult, type ICacheService } from '../../interfaces';
3
+ import type { IUserService } from '../../interfaces';
4
+ import { JwtService } from '../../session/jwt.service';
5
+ import { BaseStrategy } from '../base/base.strategy';
6
+ /**
7
+ * One-Time Password (OTP) authentication via email or phone.
8
+ *
9
+ * Flow:
10
+ * 1. User enters email/phone → a numeric code is generated and stored in cache
11
+ * 2. Code is dispatched via email or SMS (consumer's responsibility)
12
+ * 3. User submits code → validated → signed in
13
+ */
14
+ export declare class OtpStrategy extends BaseStrategy {
15
+ private readonly cache;
16
+ private readonly userService;
17
+ private readonly jwtService;
18
+ readonly type = AuthMethod.OTP;
19
+ readonly name = "otp";
20
+ constructor(cache: ICacheService, userService: IUserService, jwtService: JwtService);
21
+ /**
22
+ * Request an OTP code for the given email or phone.
23
+ * Returns the plaintext code (in production, dispatch via email/SMS).
24
+ */
25
+ requestOtp(identifier: string, digits?: number, expiresIn?: number): Promise<string>;
26
+ /**
27
+ * Authenticate using an email/phone + OTP code.
28
+ */
29
+ authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
30
+ }
31
+ //# sourceMappingURL=otp.strategy.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"otp.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/otp/otp.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,KAAK,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACpF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAGrD;;;;;;;GAOG;AACH,qBACa,WAAY,SAAQ,YAAY;IAMzC,OAAO,CAAC,QAAQ,CAAC,KAAK;IAEtB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAR7B,QAAQ,CAAC,IAAI,kBAAkB;IAC/B,QAAQ,CAAC,IAAI,SAAS;gBAIH,KAAK,EAAE,aAAa,EAEpB,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU;IAKzC;;;OAGG;IACG,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,SAAI,EAAE,SAAS,SAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAWlF;;OAEG;IACY,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CA8CxB"}
@@ -0,0 +1,93 @@
1
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
6
+ };
7
+ var __metadata = (this && this.__metadata) || function (k, v) {
8
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
+ };
10
+ var __param = (this && this.__param) || function (paramIndex, decorator) {
11
+ return function (target, key) { decorator(target, key, paramIndex); }
12
+ };
13
+ import { Inject, Injectable } from '@nestjs/common';
14
+ import { AuthMethod } from '../../interfaces';
15
+ import { CACHE_SERVICE, OTP_PREFIX, USER_SERVICE } from '../../auth.constants';
16
+ import { JwtService } from '../../session/jwt.service';
17
+ import { BaseStrategy } from '../base/base.strategy';
18
+ import { randomInt } from 'node:crypto';
19
+ /**
20
+ * One-Time Password (OTP) authentication via email or phone.
21
+ *
22
+ * Flow:
23
+ * 1. User enters email/phone → a numeric code is generated and stored in cache
24
+ * 2. Code is dispatched via email or SMS (consumer's responsibility)
25
+ * 3. User submits code → validated → signed in
26
+ */
27
+ let OtpStrategy = class OtpStrategy extends BaseStrategy {
28
+ cache;
29
+ userService;
30
+ jwtService;
31
+ type = AuthMethod.OTP;
32
+ name = 'otp';
33
+ constructor(cache, userService, jwtService) {
34
+ super();
35
+ this.cache = cache;
36
+ this.userService = userService;
37
+ this.jwtService = jwtService;
38
+ }
39
+ /**
40
+ * Request an OTP code for the given email or phone.
41
+ * Returns the plaintext code (in production, dispatch via email/SMS).
42
+ */
43
+ async requestOtp(identifier, digits = 6, expiresIn = 300) {
44
+ const min = Math.pow(10, digits - 1);
45
+ const max = Math.pow(10, digits) - 1;
46
+ const code = randomInt(min, max).toString();
47
+ const data = { code, attempts: 0, identifier };
48
+ await this.cache.set(`${OTP_PREFIX}${identifier}`, data, expiresIn);
49
+ return code;
50
+ }
51
+ /**
52
+ * Authenticate using an email/phone + OTP code.
53
+ */
54
+ async authenticate(payload, _context) {
55
+ const identifier = payload.identifier;
56
+ const code = payload.code;
57
+ if (!identifier || !code) {
58
+ throw new Error('identifier and code are required');
59
+ }
60
+ const data = await this.cache.get(`${OTP_PREFIX}${identifier}`);
61
+ if (!data) {
62
+ throw new Error('OTP not found or expired');
63
+ }
64
+ if (data.attempts >= 3) {
65
+ await this.cache.del(`${OTP_PREFIX}${identifier}`);
66
+ throw new Error('Too many failed OTP attempts');
67
+ }
68
+ if (data.code !== code) {
69
+ data.attempts += 1;
70
+ await this.cache.set(`${OTP_PREFIX}${identifier}`, data, 300);
71
+ throw new Error('Invalid OTP code');
72
+ }
73
+ // Code is valid — clean up
74
+ await this.cache.del(`${OTP_PREFIX}${identifier}`);
75
+ const isEmail = identifier.includes('@');
76
+ let user = isEmail ? await this.userService.findByEmail(identifier) : null;
77
+ if (!user) {
78
+ user = await this.userService.create(isEmail ? { email: identifier } : { phone: identifier });
79
+ }
80
+ user.roles = await this.userService.getRoles(user.id);
81
+ user.permissions = await this.userService.getPermissions(user.id);
82
+ const tokens = await this.jwtService.signTokens(user);
83
+ return { user, tokens, isNewUser: !user.email };
84
+ }
85
+ };
86
+ OtpStrategy = __decorate([
87
+ Injectable(),
88
+ __param(0, Inject(CACHE_SERVICE)),
89
+ __param(1, Inject(USER_SERVICE)),
90
+ __metadata("design:paramtypes", [Object, Object, JwtService])
91
+ ], OtpStrategy);
92
+ export { OtpStrategy };
93
+ //# sourceMappingURL=otp.strategy.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"otp.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/otp/otp.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAwC,MAAM,kBAAkB,CAAC;AAEpF,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC/E,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC;;;;;;;GAOG;AAEI,IAAM,WAAW,GAAjB,MAAM,WAAY,SAAQ,YAAY;IAMxB;IAEA;IACA;IARV,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC;IACtB,IAAI,GAAG,KAAK,CAAC;IAEtB,YAEmB,KAAoB,EAEpB,WAAyB,EACzB,UAAsB;QAEvC,KAAK,EAAE,CAAC;QALS,UAAK,GAAL,KAAK,CAAe;QAEpB,gBAAW,GAAX,WAAW,CAAc;QACzB,eAAU,GAAV,UAAU,CAAY;IAGzC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,UAAkB,EAAE,MAAM,GAAG,CAAC,EAAE,SAAS,GAAG,GAAG;QAC9D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,CAAC,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;QAE5C,MAAM,IAAI,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC;QAC/C,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,UAAU,GAAG,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QAEpE,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAoB,CAAC;QAChD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAc,CAAC;QAEpC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAI9B,GAAG,UAAU,GAAG,UAAU,EAAE,CAAC,CAAC;QAEjC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,UAAU,GAAG,UAAU,EAAE,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YACvB,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC;YACnB,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,UAAU,GAAG,UAAU,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAC9D,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;QAED,2BAA2B;QAC3B,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,UAAU,GAAG,UAAU,EAAE,CAAC,CAAC;QAEnD,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE3E,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;QAChG,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IAClD,CAAC;CACF,CAAA;AAjFY,WAAW;IADvB,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,aAAa,CAAC,CAAA;IAErB,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;qDAEQ,UAAU;GAT9B,WAAW,CAiFvB"}
@@ -0,0 +1,32 @@
1
+ import type { ExecutionContext } from '@nestjs/common';
2
+ import { AuthMethod, type IAuthResult } from '../../interfaces';
3
+ import type { IUserService } from '../../interfaces';
4
+ import { JwtService } from '../../session/jwt.service';
5
+ import { BaseStrategy } from '../base/base.strategy';
6
+ /**
7
+ * WebAuthn / FIDO2 Passkey authentication strategy.
8
+ *
9
+ * Provides credential registration and assertion ceremonies
10
+ * using the `@simplewebauthn/server` package (loaded dynamically).
11
+ */
12
+ export declare class PasskeyStrategy extends BaseStrategy {
13
+ private readonly userService;
14
+ private readonly jwtService;
15
+ readonly type = AuthMethod.PASSKEY;
16
+ readonly name = "passkey";
17
+ constructor(userService: IUserService, jwtService: JwtService);
18
+ /**
19
+ * Authenticate using a WebAuthn assertion response.
20
+ */
21
+ authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
22
+ /**
23
+ * Generate registration options for the WebAuthn ceremony.
24
+ */
25
+ generateRegistrationOptions(userId: string, userName: string, rpName?: string, rpId?: string): Promise<Record<string, unknown>>;
26
+ /**
27
+ * Verify a registration response and return the credential.
28
+ */
29
+ verifyRegistrationResponse(credential: Record<string, unknown>, expectedChallenge: string, expectedOrigin: string, expectedRpId: string): Promise<Record<string, unknown>>;
30
+ private loadWebAuthn;
31
+ }
32
+ //# sourceMappingURL=passkey.strategy.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"passkey.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/passkey/passkey.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AACH,qBACa,eAAgB,SAAQ,YAAY;IAM7C,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAN7B,QAAQ,CAAC,IAAI,sBAAsB;IACnC,QAAQ,CAAC,IAAI,aAAa;gBAIP,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU;IAKzC;;OAEG;IACY,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;IA6BvB;;OAEG;IACG,2BAA2B,CAC/B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,MAAM,SAAY,EAClB,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAcnC;;OAEG;IACG,0BAA0B,CAC9B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnC,iBAAiB,EAAE,MAAM,EACzB,cAAc,EAAE,MAAM,EACtB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAYrB,YAAY;CAS3B"}