@os.io/nest-kit 0.0.1-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (287) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +111 -0
  3. package/dist/auth/auth.constants.d.ts +19 -0
  4. package/dist/auth/auth.constants.d.ts.map +1 -0
  5. package/dist/auth/auth.constants.js +19 -0
  6. package/dist/auth/auth.constants.js.map +1 -0
  7. package/dist/auth/auth.guard.d.ts +20 -0
  8. package/dist/auth/auth.guard.d.ts.map +1 -0
  9. package/dist/auth/auth.guard.js +84 -0
  10. package/dist/auth/auth.guard.js.map +1 -0
  11. package/dist/auth/auth.module.d.ts +26 -0
  12. package/dist/auth/auth.module.d.ts.map +1 -0
  13. package/dist/auth/auth.module.js +344 -0
  14. package/dist/auth/auth.module.js.map +1 -0
  15. package/dist/auth/auth.options.d.ts +179 -0
  16. package/dist/auth/auth.options.d.ts.map +1 -0
  17. package/dist/auth/auth.options.js +2 -0
  18. package/dist/auth/auth.options.js.map +1 -0
  19. package/dist/auth/auth.service.d.ts +57 -0
  20. package/dist/auth/auth.service.d.ts.map +1 -0
  21. package/dist/auth/auth.service.js +175 -0
  22. package/dist/auth/auth.service.js.map +1 -0
  23. package/dist/auth/authorization/index.d.ts +3 -0
  24. package/dist/auth/authorization/index.d.ts.map +1 -0
  25. package/dist/auth/authorization/index.js +3 -0
  26. package/dist/auth/authorization/index.js.map +1 -0
  27. package/dist/auth/authorization/pbac/index.d.ts +6 -0
  28. package/dist/auth/authorization/pbac/index.d.ts.map +1 -0
  29. package/dist/auth/authorization/pbac/index.js +4 -0
  30. package/dist/auth/authorization/pbac/index.js.map +1 -0
  31. package/dist/auth/authorization/pbac/pbac.decorator.d.ts +18 -0
  32. package/dist/auth/authorization/pbac/pbac.decorator.d.ts.map +1 -0
  33. package/dist/auth/authorization/pbac/pbac.decorator.js +14 -0
  34. package/dist/auth/authorization/pbac/pbac.decorator.js.map +1 -0
  35. package/dist/auth/authorization/pbac/pbac.guard.d.ts +19 -0
  36. package/dist/auth/authorization/pbac/pbac.guard.d.ts.map +1 -0
  37. package/dist/auth/authorization/pbac/pbac.guard.js +60 -0
  38. package/dist/auth/authorization/pbac/pbac.guard.js.map +1 -0
  39. package/dist/auth/authorization/pbac/pbac.service.d.ts +44 -0
  40. package/dist/auth/authorization/pbac/pbac.service.d.ts.map +1 -0
  41. package/dist/auth/authorization/pbac/pbac.service.js +146 -0
  42. package/dist/auth/authorization/pbac/pbac.service.js.map +1 -0
  43. package/dist/auth/authorization/pbac/pbac.types.d.ts +47 -0
  44. package/dist/auth/authorization/pbac/pbac.types.d.ts.map +1 -0
  45. package/dist/auth/authorization/pbac/pbac.types.js +2 -0
  46. package/dist/auth/authorization/pbac/pbac.types.js.map +1 -0
  47. package/dist/auth/authorization/rbac/index.d.ts +4 -0
  48. package/dist/auth/authorization/rbac/index.d.ts.map +1 -0
  49. package/dist/auth/authorization/rbac/index.js +4 -0
  50. package/dist/auth/authorization/rbac/index.js.map +1 -0
  51. package/dist/auth/authorization/rbac/rbac.decorator.d.ts +18 -0
  52. package/dist/auth/authorization/rbac/rbac.decorator.d.ts.map +1 -0
  53. package/dist/auth/authorization/rbac/rbac.decorator.js +25 -0
  54. package/dist/auth/authorization/rbac/rbac.decorator.js.map +1 -0
  55. package/dist/auth/authorization/rbac/rbac.guard.d.ts +19 -0
  56. package/dist/auth/authorization/rbac/rbac.guard.d.ts.map +1 -0
  57. package/dist/auth/authorization/rbac/rbac.guard.js +50 -0
  58. package/dist/auth/authorization/rbac/rbac.guard.js.map +1 -0
  59. package/dist/auth/authorization/rbac/rbac.service.d.ts +43 -0
  60. package/dist/auth/authorization/rbac/rbac.service.d.ts.map +1 -0
  61. package/dist/auth/authorization/rbac/rbac.service.js +95 -0
  62. package/dist/auth/authorization/rbac/rbac.service.js.map +1 -0
  63. package/dist/auth/decorators/current-user.decorator.d.ts +17 -0
  64. package/dist/auth/decorators/current-user.decorator.d.ts.map +1 -0
  65. package/dist/auth/decorators/current-user.decorator.js +23 -0
  66. package/dist/auth/decorators/current-user.decorator.js.map +1 -0
  67. package/dist/auth/decorators/index.d.ts +3 -0
  68. package/dist/auth/decorators/index.d.ts.map +1 -0
  69. package/dist/auth/decorators/index.js +3 -0
  70. package/dist/auth/decorators/index.js.map +1 -0
  71. package/dist/auth/decorators/public.decorator.d.ts +13 -0
  72. package/dist/auth/decorators/public.decorator.d.ts.map +1 -0
  73. package/dist/auth/decorators/public.decorator.js +15 -0
  74. package/dist/auth/decorators/public.decorator.js.map +1 -0
  75. package/dist/auth/index.d.ts +63 -0
  76. package/dist/auth/index.d.ts.map +1 -0
  77. package/dist/auth/index.js +65 -0
  78. package/dist/auth/index.js.map +1 -0
  79. package/dist/auth/interfaces/auth-request.interface.d.ts +18 -0
  80. package/dist/auth/interfaces/auth-request.interface.d.ts.map +1 -0
  81. package/dist/auth/interfaces/auth-request.interface.js +2 -0
  82. package/dist/auth/interfaces/auth-request.interface.js.map +1 -0
  83. package/dist/auth/interfaces/auth-result.interface.d.ts +28 -0
  84. package/dist/auth/interfaces/auth-result.interface.d.ts.map +1 -0
  85. package/dist/auth/interfaces/auth-result.interface.js +2 -0
  86. package/dist/auth/interfaces/auth-result.interface.js.map +1 -0
  87. package/dist/auth/interfaces/auth-strategy.interface.d.ts +37 -0
  88. package/dist/auth/interfaces/auth-strategy.interface.d.ts.map +1 -0
  89. package/dist/auth/interfaces/auth-strategy.interface.js +16 -0
  90. package/dist/auth/interfaces/auth-strategy.interface.js.map +1 -0
  91. package/dist/auth/interfaces/auth-user.interface.d.ts +25 -0
  92. package/dist/auth/interfaces/auth-user.interface.d.ts.map +1 -0
  93. package/dist/auth/interfaces/auth-user.interface.js +2 -0
  94. package/dist/auth/interfaces/auth-user.interface.js.map +1 -0
  95. package/dist/auth/interfaces/cache-service.interface.d.ts +30 -0
  96. package/dist/auth/interfaces/cache-service.interface.d.ts.map +1 -0
  97. package/dist/auth/interfaces/cache-service.interface.js +2 -0
  98. package/dist/auth/interfaces/cache-service.interface.js.map +1 -0
  99. package/dist/auth/interfaces/index.d.ts +8 -0
  100. package/dist/auth/interfaces/index.d.ts.map +1 -0
  101. package/dist/auth/interfaces/index.js +2 -0
  102. package/dist/auth/interfaces/index.js.map +1 -0
  103. package/dist/auth/interfaces/user-service.interface.d.ts +34 -0
  104. package/dist/auth/interfaces/user-service.interface.d.ts.map +1 -0
  105. package/dist/auth/interfaces/user-service.interface.js +2 -0
  106. package/dist/auth/interfaces/user-service.interface.js.map +1 -0
  107. package/dist/auth/password/password.service.d.ts +23 -0
  108. package/dist/auth/password/password.service.d.ts.map +1 -0
  109. package/dist/auth/password/password.service.js +52 -0
  110. package/dist/auth/password/password.service.js.map +1 -0
  111. package/dist/auth/session/device-session.service.d.ts +43 -0
  112. package/dist/auth/session/device-session.service.d.ts.map +1 -0
  113. package/dist/auth/session/device-session.service.js +72 -0
  114. package/dist/auth/session/device-session.service.js.map +1 -0
  115. package/dist/auth/session/index.d.ts +5 -0
  116. package/dist/auth/session/index.d.ts.map +1 -0
  117. package/dist/auth/session/index.js +4 -0
  118. package/dist/auth/session/index.js.map +1 -0
  119. package/dist/auth/session/jwt.service.d.ts +37 -0
  120. package/dist/auth/session/jwt.service.d.ts.map +1 -0
  121. package/dist/auth/session/jwt.service.js +119 -0
  122. package/dist/auth/session/jwt.service.js.map +1 -0
  123. package/dist/auth/session/token-blacklist.service.d.ts +37 -0
  124. package/dist/auth/session/token-blacklist.service.d.ts.map +1 -0
  125. package/dist/auth/session/token-blacklist.service.js +70 -0
  126. package/dist/auth/session/token-blacklist.service.js.map +1 -0
  127. package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts +19 -0
  128. package/dist/auth/strategies/anonymous/anonymous.strategy.d.ts.map +1 -0
  129. package/dist/auth/strategies/anonymous/anonymous.strategy.js +49 -0
  130. package/dist/auth/strategies/anonymous/anonymous.strategy.js.map +1 -0
  131. package/dist/auth/strategies/base/base.strategy.d.ts +11 -0
  132. package/dist/auth/strategies/base/base.strategy.d.ts.map +1 -0
  133. package/dist/auth/strategies/base/base.strategy.js +6 -0
  134. package/dist/auth/strategies/base/base.strategy.js.map +1 -0
  135. package/dist/auth/strategies/credentials/credentials.strategy.d.ts +21 -0
  136. package/dist/auth/strategies/credentials/credentials.strategy.d.ts.map +1 -0
  137. package/dist/auth/strategies/credentials/credentials.strategy.js +67 -0
  138. package/dist/auth/strategies/credentials/credentials.strategy.js.map +1 -0
  139. package/dist/auth/strategies/index.d.ts +12 -0
  140. package/dist/auth/strategies/index.d.ts.map +1 -0
  141. package/dist/auth/strategies/index.js +12 -0
  142. package/dist/auth/strategies/index.js.map +1 -0
  143. package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts +31 -0
  144. package/dist/auth/strategies/magic-link/magic-link.strategy.d.ts.map +1 -0
  145. package/dist/auth/strategies/magic-link/magic-link.strategy.js +88 -0
  146. package/dist/auth/strategies/magic-link/magic-link.strategy.js.map +1 -0
  147. package/dist/auth/strategies/oauth/index.d.ts +3 -0
  148. package/dist/auth/strategies/oauth/index.d.ts.map +1 -0
  149. package/dist/auth/strategies/oauth/index.js +3 -0
  150. package/dist/auth/strategies/oauth/index.js.map +1 -0
  151. package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts +13 -0
  152. package/dist/auth/strategies/oauth/oauth-provider-registry.d.ts.map +1 -0
  153. package/dist/auth/strategies/oauth/oauth-provider-registry.js +20 -0
  154. package/dist/auth/strategies/oauth/oauth-provider-registry.js.map +1 -0
  155. package/dist/auth/strategies/oauth/oauth.strategy.d.ts +23 -0
  156. package/dist/auth/strategies/oauth/oauth.strategy.d.ts.map +1 -0
  157. package/dist/auth/strategies/oauth/oauth.strategy.js +79 -0
  158. package/dist/auth/strategies/oauth/oauth.strategy.js.map +1 -0
  159. package/dist/auth/strategies/onetap/onetap.strategy.d.ts +24 -0
  160. package/dist/auth/strategies/onetap/onetap.strategy.d.ts.map +1 -0
  161. package/dist/auth/strategies/onetap/onetap.strategy.js +77 -0
  162. package/dist/auth/strategies/onetap/onetap.strategy.js.map +1 -0
  163. package/dist/auth/strategies/otp/otp.strategy.d.ts +31 -0
  164. package/dist/auth/strategies/otp/otp.strategy.d.ts.map +1 -0
  165. package/dist/auth/strategies/otp/otp.strategy.js +93 -0
  166. package/dist/auth/strategies/otp/otp.strategy.js.map +1 -0
  167. package/dist/auth/strategies/passkey/passkey.strategy.d.ts +32 -0
  168. package/dist/auth/strategies/passkey/passkey.strategy.d.ts.map +1 -0
  169. package/dist/auth/strategies/passkey/passkey.strategy.js +102 -0
  170. package/dist/auth/strategies/passkey/passkey.strategy.js.map +1 -0
  171. package/dist/auth/strategies/sso/sso.strategy.d.ts +25 -0
  172. package/dist/auth/strategies/sso/sso.strategy.d.ts.map +1 -0
  173. package/dist/auth/strategies/sso/sso.strategy.js +80 -0
  174. package/dist/auth/strategies/sso/sso.strategy.js.map +1 -0
  175. package/dist/auth/strategies/totp/totp.strategy.d.ts +37 -0
  176. package/dist/auth/strategies/totp/totp.strategy.d.ts.map +1 -0
  177. package/dist/auth/strategies/totp/totp.strategy.js +109 -0
  178. package/dist/auth/strategies/totp/totp.strategy.js.map +1 -0
  179. package/dist/auth/throttling/index.d.ts +2 -0
  180. package/dist/auth/throttling/index.d.ts.map +1 -0
  181. package/dist/auth/throttling/index.js +2 -0
  182. package/dist/auth/throttling/index.js.map +1 -0
  183. package/dist/auth/throttling/throttle.service.d.ts +27 -0
  184. package/dist/auth/throttling/throttle.service.d.ts.map +1 -0
  185. package/dist/auth/throttling/throttle.service.js +63 -0
  186. package/dist/auth/throttling/throttle.service.js.map +1 -0
  187. package/dist/bootstrap/cache/config.d.ts +135 -0
  188. package/dist/bootstrap/cache/config.d.ts.map +1 -0
  189. package/dist/bootstrap/cache/config.js +189 -0
  190. package/dist/bootstrap/cache/config.js.map +1 -0
  191. package/dist/bootstrap/cache/index.d.ts +11 -0
  192. package/dist/bootstrap/cache/index.d.ts.map +1 -0
  193. package/dist/bootstrap/cache/index.js +11 -0
  194. package/dist/bootstrap/cache/index.js.map +1 -0
  195. package/dist/bootstrap/index.d.ts +21 -0
  196. package/dist/bootstrap/index.d.ts.map +1 -0
  197. package/dist/bootstrap/index.js +21 -0
  198. package/dist/bootstrap/index.js.map +1 -0
  199. package/dist/bootstrap/scalar/api-docs.d.ts +39 -0
  200. package/dist/bootstrap/scalar/api-docs.d.ts.map +1 -0
  201. package/dist/bootstrap/scalar/api-docs.js +41 -0
  202. package/dist/bootstrap/scalar/api-docs.js.map +1 -0
  203. package/dist/bootstrap/scalar/index.d.ts +39 -0
  204. package/dist/bootstrap/scalar/index.d.ts.map +1 -0
  205. package/dist/bootstrap/scalar/index.js +41 -0
  206. package/dist/bootstrap/scalar/index.js.map +1 -0
  207. package/dist/bootstrap/swagger/api-docs.d.ts +73 -0
  208. package/dist/bootstrap/swagger/api-docs.d.ts.map +1 -0
  209. package/dist/bootstrap/swagger/api-docs.js +87 -0
  210. package/dist/bootstrap/swagger/api-docs.js.map +1 -0
  211. package/dist/bootstrap/swagger/index.d.ts +37 -0
  212. package/dist/bootstrap/swagger/index.d.ts.map +1 -0
  213. package/dist/bootstrap/swagger/index.js +36 -0
  214. package/dist/bootstrap/swagger/index.js.map +1 -0
  215. package/dist/bootstrap/typeorm/config/index.d.ts +12 -0
  216. package/dist/bootstrap/typeorm/config/index.d.ts.map +1 -0
  217. package/dist/bootstrap/typeorm/config/index.js +62 -0
  218. package/dist/bootstrap/typeorm/config/index.js.map +1 -0
  219. package/dist/bootstrap/typeorm/crud/controller.d.ts +13 -0
  220. package/dist/bootstrap/typeorm/crud/controller.d.ts.map +1 -0
  221. package/dist/bootstrap/typeorm/crud/controller.js +72 -0
  222. package/dist/bootstrap/typeorm/crud/controller.js.map +1 -0
  223. package/dist/bootstrap/typeorm/crud/index.d.ts +4 -0
  224. package/dist/bootstrap/typeorm/crud/index.d.ts.map +1 -0
  225. package/dist/bootstrap/typeorm/crud/index.js +3 -0
  226. package/dist/bootstrap/typeorm/crud/index.js.map +1 -0
  227. package/dist/bootstrap/typeorm/crud/service.d.ts +10 -0
  228. package/dist/bootstrap/typeorm/crud/service.d.ts.map +1 -0
  229. package/dist/bootstrap/typeorm/crud/service.js +21 -0
  230. package/dist/bootstrap/typeorm/crud/service.js.map +1 -0
  231. package/dist/bootstrap/typeorm/index.d.ts +18 -0
  232. package/dist/bootstrap/typeorm/index.d.ts.map +1 -0
  233. package/dist/bootstrap/typeorm/index.js +18 -0
  234. package/dist/bootstrap/typeorm/index.js.map +1 -0
  235. package/dist/bootstrap/typeorm/uow/factory.d.ts +5 -0
  236. package/dist/bootstrap/typeorm/uow/factory.d.ts.map +1 -0
  237. package/dist/bootstrap/typeorm/uow/factory.js +27 -0
  238. package/dist/bootstrap/typeorm/uow/factory.js.map +1 -0
  239. package/dist/bootstrap/typeorm/uow/index.d.ts +4 -0
  240. package/dist/bootstrap/typeorm/uow/index.d.ts.map +1 -0
  241. package/dist/bootstrap/typeorm/uow/index.js +4 -0
  242. package/dist/bootstrap/typeorm/uow/index.js.map +1 -0
  243. package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts +62 -0
  244. package/dist/bootstrap/typeorm/uow/transactional.decorator.d.ts.map +1 -0
  245. package/dist/bootstrap/typeorm/uow/transactional.decorator.js +114 -0
  246. package/dist/bootstrap/typeorm/uow/transactional.decorator.js.map +1 -0
  247. package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts +11 -0
  248. package/dist/bootstrap/typeorm/uow/unit-of-work.d.ts.map +1 -0
  249. package/dist/bootstrap/typeorm/uow/unit-of-work.js +23 -0
  250. package/dist/bootstrap/typeorm/uow/unit-of-work.js.map +1 -0
  251. package/dist/core/index.d.ts +11 -0
  252. package/dist/core/index.d.ts.map +1 -0
  253. package/dist/core/index.js +11 -0
  254. package/dist/core/index.js.map +1 -0
  255. package/dist/infra/audit-log/index.d.ts +12 -0
  256. package/dist/infra/audit-log/index.d.ts.map +1 -0
  257. package/dist/infra/audit-log/index.js +13 -0
  258. package/dist/infra/audit-log/index.js.map +1 -0
  259. package/dist/infra/index.d.ts +20 -0
  260. package/dist/infra/index.d.ts.map +1 -0
  261. package/dist/infra/index.js +21 -0
  262. package/dist/infra/index.js.map +1 -0
  263. package/dist/infra/logger/index.d.ts +12 -0
  264. package/dist/infra/logger/index.d.ts.map +1 -0
  265. package/dist/infra/logger/index.js +13 -0
  266. package/dist/infra/logger/index.js.map +1 -0
  267. package/dist/infra/metrics/index.d.ts +18 -0
  268. package/dist/infra/metrics/index.d.ts.map +1 -0
  269. package/dist/infra/metrics/index.js +19 -0
  270. package/dist/infra/metrics/index.js.map +1 -0
  271. package/dist/infra/notification/index.d.ts +12 -0
  272. package/dist/infra/notification/index.d.ts.map +1 -0
  273. package/dist/infra/notification/index.js +13 -0
  274. package/dist/infra/notification/index.js.map +1 -0
  275. package/dist/infra/storage/index.d.ts +12 -0
  276. package/dist/infra/storage/index.d.ts.map +1 -0
  277. package/dist/infra/storage/index.js +13 -0
  278. package/dist/infra/storage/index.js.map +1 -0
  279. package/dist/infra/stripe/index.d.ts +12 -0
  280. package/dist/infra/stripe/index.d.ts.map +1 -0
  281. package/dist/infra/stripe/index.js +13 -0
  282. package/dist/infra/stripe/index.js.map +1 -0
  283. package/dist/saas/index.d.ts +18 -0
  284. package/dist/saas/index.d.ts.map +1 -0
  285. package/dist/saas/index.js +19 -0
  286. package/dist/saas/index.js.map +1 -0
  287. package/package.json +165 -0
@@ -0,0 +1,102 @@
1
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
6
+ };
7
+ var __metadata = (this && this.__metadata) || function (k, v) {
8
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
+ };
10
+ var __param = (this && this.__param) || function (paramIndex, decorator) {
11
+ return function (target, key) { decorator(target, key, paramIndex); }
12
+ };
13
+ import { Inject, Injectable } from '@nestjs/common';
14
+ import { AuthMethod } from '../../interfaces';
15
+ import { USER_SERVICE } from '../../auth.constants';
16
+ import { JwtService } from '../../session/jwt.service';
17
+ import { BaseStrategy } from '../base/base.strategy';
18
+ /**
19
+ * WebAuthn / FIDO2 Passkey authentication strategy.
20
+ *
21
+ * Provides credential registration and assertion ceremonies
22
+ * using the `@simplewebauthn/server` package (loaded dynamically).
23
+ */
24
+ let PasskeyStrategy = class PasskeyStrategy extends BaseStrategy {
25
+ userService;
26
+ jwtService;
27
+ type = AuthMethod.PASSKEY;
28
+ name = 'passkey';
29
+ constructor(userService, jwtService) {
30
+ super();
31
+ this.userService = userService;
32
+ this.jwtService = jwtService;
33
+ }
34
+ /**
35
+ * Authenticate using a WebAuthn assertion response.
36
+ */
37
+ async authenticate(payload, _context) {
38
+ const userId = payload.userId;
39
+ const credential = payload.credential;
40
+ if (!userId || !credential) {
41
+ throw new Error('userId and credential are required');
42
+ }
43
+ const user = await this.userService.findById(userId);
44
+ if (!user) {
45
+ throw new Error('User not found');
46
+ }
47
+ // In production, use @simplewebauthn/server to verify the assertion.
48
+ // This requires stored credential records (credentialID, publicKey, counter).
49
+ //
50
+ // const verification = await verifyAuthenticationResponse({ ... });
51
+ //
52
+ // For now, we assume verification succeeds when the strategy is called.
53
+ // Consumers should override or extend this behavior.
54
+ user.roles = await this.userService.getRoles(user.id);
55
+ user.permissions = await this.userService.getPermissions(user.id);
56
+ const tokens = await this.jwtService.signTokens(user);
57
+ return { user, tokens };
58
+ }
59
+ /**
60
+ * Generate registration options for the WebAuthn ceremony.
61
+ */
62
+ async generateRegistrationOptions(userId, userName, rpName = 'NestKit', rpId) {
63
+ const webauthn = await this.loadWebAuthn();
64
+ const userEncoder = new TextEncoder();
65
+ const options = webauthn.generateRegistrationOptions({
66
+ rpName,
67
+ rpID: rpId ?? 'localhost',
68
+ userName,
69
+ userID: userEncoder.encode(userId),
70
+ attestationType: 'none',
71
+ });
72
+ return options;
73
+ }
74
+ /**
75
+ * Verify a registration response and return the credential.
76
+ */
77
+ async verifyRegistrationResponse(credential, expectedChallenge, expectedOrigin, expectedRpId) {
78
+ const webauthn = await this.loadWebAuthn();
79
+ const verification = await webauthn.verifyRegistrationResponse({
80
+ response: credential,
81
+ expectedChallenge,
82
+ expectedOrigin,
83
+ expectedRPID: expectedRpId,
84
+ });
85
+ return verification;
86
+ }
87
+ async loadWebAuthn() {
88
+ try {
89
+ return await import('@simplewebauthn/server');
90
+ }
91
+ catch {
92
+ throw new Error('Passkey strategy requires "@simplewebauthn/server". Run: npm install @simplewebauthn/server');
93
+ }
94
+ }
95
+ };
96
+ PasskeyStrategy = __decorate([
97
+ Injectable(),
98
+ __param(0, Inject(USER_SERVICE)),
99
+ __metadata("design:paramtypes", [Object, JwtService])
100
+ ], PasskeyStrategy);
101
+ export { PasskeyStrategy };
102
+ //# sourceMappingURL=passkey.strategy.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"passkey.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/passkey/passkey.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AAEI,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,YAAY;IAM5B;IACA;IANV,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC;IAC1B,IAAI,GAAG,SAAS,CAAC;IAE1B,YAEmB,WAAyB,EACzB,UAAsB;QAEvC,KAAK,EAAE,CAAC;QAHS,gBAAW,GAAX,WAAW,CAAc;QACzB,eAAU,GAAV,UAAU,CAAY;IAGzC,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAgB,CAAC;QACxC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAqC,CAAC;QAEjE,IAAI,CAAC,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACrD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QAED,qEAAqE;QACrE,8EAA8E;QAC9E,EAAE;QACF,oEAAoE;QACpE,EAAE;QACF,wEAAwE;QACxE,qDAAqD;QAErD,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,2BAA2B,CAC/B,MAAc,EACd,QAAgB,EAChB,MAAM,GAAG,SAAS,EAClB,IAAa;QAEb,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC3C,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,QAAQ,CAAC,2BAA2B,CAAC;YACnD,MAAM;YACN,IAAI,EAAE,IAAI,IAAI,WAAW;YACzB,QAAQ;YACR,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC;YAClC,eAAe,EAAE,MAAM;SACxB,CAAC,CAAC;QAEH,OAAO,OAA6C,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,0BAA0B,CAC9B,UAAmC,EACnC,iBAAyB,EACzB,cAAsB,EACtB,YAAoB;QAEpB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC3C,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,0BAA0B,CAAC;YAC7D,QAAQ,EAAE,UAAmB;YAC7B,iBAAiB;YACjB,cAAc;YACd,YAAY,EAAE,YAAY;SAC3B,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,IAAI,CAAC;YACH,OAAO,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAC;QACJ,CAAC;IACH,CAAC;CACF,CAAA;AAlGY,eAAe;IAD3B,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;6CAEQ,UAAU;GAP9B,eAAe,CAkG3B"}
@@ -0,0 +1,25 @@
1
+ import type { ExecutionContext } from '@nestjs/common';
2
+ import { AuthMethod, type IAuthResult } from '../../interfaces';
3
+ import type { IUserService } from '../../interfaces';
4
+ import { JwtService } from '../../session/jwt.service';
5
+ import { BaseStrategy } from '../base/base.strategy';
6
+ /**
7
+ * SSO authentication via SAML2 or OpenID Connect.
8
+ *
9
+ * Supports multiple SAML and OIDC providers configured at module init.
10
+ */
11
+ export declare class SsoStrategy extends BaseStrategy {
12
+ private readonly userService;
13
+ private readonly jwtService;
14
+ readonly type = AuthMethod.SSO;
15
+ readonly name = "sso";
16
+ constructor(userService: IUserService, jwtService: JwtService);
17
+ /**
18
+ * Authenticate using an SSO assertion / token.
19
+ *
20
+ * SAML: payload contains `SAMLResponse` (base64-encoded XML assertion)
21
+ * OIDC: payload contains `idToken` (JWT)
22
+ */
23
+ authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
24
+ }
25
+ //# sourceMappingURL=sso.strategy.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sso.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/sso/sso.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;GAIG;AACH,qBACa,WAAY,SAAQ,YAAY;IAMzC,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAN7B,QAAQ,CAAC,IAAI,kBAAkB;IAC/B,QAAQ,CAAC,IAAI,SAAS;gBAIH,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU;IAKzC;;;;;OAKG;IACY,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;CA2CxB"}
@@ -0,0 +1,80 @@
1
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
6
+ };
7
+ var __metadata = (this && this.__metadata) || function (k, v) {
8
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
+ };
10
+ var __param = (this && this.__param) || function (paramIndex, decorator) {
11
+ return function (target, key) { decorator(target, key, paramIndex); }
12
+ };
13
+ import { Inject, Injectable } from '@nestjs/common';
14
+ import { AuthMethod } from '../../interfaces';
15
+ import { USER_SERVICE } from '../../auth.constants';
16
+ import { JwtService } from '../../session/jwt.service';
17
+ import { BaseStrategy } from '../base/base.strategy';
18
+ /**
19
+ * SSO authentication via SAML2 or OpenID Connect.
20
+ *
21
+ * Supports multiple SAML and OIDC providers configured at module init.
22
+ */
23
+ let SsoStrategy = class SsoStrategy extends BaseStrategy {
24
+ userService;
25
+ jwtService;
26
+ type = AuthMethod.SSO;
27
+ name = 'sso';
28
+ constructor(userService, jwtService) {
29
+ super();
30
+ this.userService = userService;
31
+ this.jwtService = jwtService;
32
+ }
33
+ /**
34
+ * Authenticate using an SSO assertion / token.
35
+ *
36
+ * SAML: payload contains `SAMLResponse` (base64-encoded XML assertion)
37
+ * OIDC: payload contains `idToken` (JWT)
38
+ */
39
+ async authenticate(payload, _context) {
40
+ const provider = payload.provider;
41
+ const samlResponse = payload.SAMLResponse;
42
+ const idToken = payload.idToken;
43
+ if (!provider) {
44
+ throw new Error('SSO provider is required');
45
+ }
46
+ if (!samlResponse && !idToken) {
47
+ throw new Error('Either SAMLResponse or idToken is required');
48
+ }
49
+ // SAML: Parse the assertion, extract attributes (NameID, email, etc.)
50
+ // OIDC: Verify the ID token JWT, extract claims
51
+ //
52
+ // In production, use passport-saml for SAML or manually verify OIDC JWTs.
53
+ //
54
+ // const profile = samlResponse
55
+ // ? await parseSamlResponse(samlResponse, providerConfig)
56
+ // : await verifyOidcToken(idToken, providerConfig);
57
+ const subject = payload.sub || payload.NameID;
58
+ const email = payload.email;
59
+ const name = payload.name;
60
+ const socialId = `sso:${provider}:${subject}`;
61
+ let user = await this.userService.findBySocialId(provider, socialId);
62
+ if (!user) {
63
+ user = await this.userService.create({
64
+ email,
65
+ username: name,
66
+ });
67
+ }
68
+ user.roles = await this.userService.getRoles(user.id);
69
+ user.permissions = await this.userService.getPermissions(user.id);
70
+ const tokens = await this.jwtService.signTokens(user);
71
+ return { user, tokens, isNewUser: !user.email };
72
+ }
73
+ };
74
+ SsoStrategy = __decorate([
75
+ Injectable(),
76
+ __param(0, Inject(USER_SERVICE)),
77
+ __metadata("design:paramtypes", [Object, JwtService])
78
+ ], SsoStrategy);
79
+ export { SsoStrategy };
80
+ //# sourceMappingURL=sso.strategy.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sso.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/sso/sso.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;GAIG;AAEI,IAAM,WAAW,GAAjB,MAAM,WAAY,SAAQ,YAAY;IAMxB;IACA;IANV,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC;IACtB,IAAI,GAAG,KAAK,CAAC;IAEtB,YAEmB,WAAyB,EACzB,UAAsB;QAEvC,KAAK,EAAE,CAAC;QAHS,gBAAW,GAAX,WAAW,CAAc;QACzB,eAAU,GAAV,UAAU,CAAY;IAGzC,CAAC;IAED;;;;;OAKG;IACM,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAkB,CAAC;QAC5C,MAAM,YAAY,GAAG,OAAO,CAAC,YAAkC,CAAC;QAChE,MAAM,OAAO,GAAG,OAAO,CAAC,OAA6B,CAAC;QAEtD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,sEAAsE;QACtE,gDAAgD;QAChD,EAAE;QACF,0EAA0E;QAC1E,EAAE;QACF,+BAA+B;QAC/B,4DAA4D;QAC5D,sDAAsD;QAEtD,MAAM,OAAO,GAAI,OAAO,CAAC,GAAc,IAAK,OAAO,CAAC,MAAiB,CAAC;QACtE,MAAM,KAAK,GAAG,OAAO,CAAC,KAA2B,CAAC;QAClD,MAAM,IAAI,GAAG,OAAO,CAAC,IAA0B,CAAC;QAEhD,MAAM,QAAQ,GAAG,OAAO,QAAQ,IAAI,OAAO,EAAE,CAAC;QAC9C,IAAI,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAErE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;gBACnC,KAAK;gBACL,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IAClD,CAAC;CACF,CAAA;AAhEY,WAAW;IADvB,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;6CAEQ,UAAU;GAP9B,WAAW,CAgEvB"}
@@ -0,0 +1,37 @@
1
+ import type { ExecutionContext } from '@nestjs/common';
2
+ import { AuthMethod, type IAuthResult } from '../../interfaces';
3
+ import type { IUserService } from '../../interfaces';
4
+ import { JwtService } from '../../session/jwt.service';
5
+ import { BaseStrategy } from '../base/base.strategy';
6
+ /**
7
+ * TOTP-based Two-Factor Authentication.
8
+ *
9
+ * Supports enrollment (generating secret + QR code), verification of codes,
10
+ * and backup-code management.
11
+ */
12
+ export declare class TotpStrategy extends BaseStrategy {
13
+ private readonly userService;
14
+ private readonly jwtService;
15
+ readonly type = AuthMethod.TOTP;
16
+ readonly name = "totp";
17
+ constructor(userService: IUserService, jwtService: JwtService);
18
+ /**
19
+ * Authenticate using a TOTP code after primary authentication.
20
+ * Expects `userId` and `code` in the payload.
21
+ */
22
+ authenticate(payload: Record<string, unknown>, _context?: ExecutionContext): Promise<IAuthResult>;
23
+ /**
24
+ * Generate a new TOTP secret for a user (enrollment).
25
+ * Returns the secret and an otpauth URL for QR code generation.
26
+ */
27
+ enroll(userId: string, issuer?: string): Promise<{
28
+ secret: string;
29
+ otpauthUrl: string;
30
+ }>;
31
+ /**
32
+ * Verify a TOTP or backup code.
33
+ */
34
+ verifyCode(secret: string, code: string): Promise<boolean>;
35
+ private loadOtpauth;
36
+ }
37
+ //# sourceMappingURL=totp.strategy.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"totp.strategy.d.ts","sourceRoot":"","sources":["../../../../packages/auth/strategies/totp/totp.strategy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AACH,qBACa,YAAa,SAAQ,YAAY;IAM1C,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAN7B,QAAQ,CAAC,IAAI,mBAAmB;IAChC,QAAQ,CAAC,IAAI,UAAU;gBAIJ,WAAW,EAAE,YAAY,EACzB,UAAU,EAAE,UAAU;IAKzC;;;OAGG;IACY,YAAY,CACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,WAAW,CAAC;IAgCvB;;;OAGG;IACG,MAAM,CACV,MAAM,EAAE,MAAM,EACd,MAAM,SAAY,GACjB,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAgBlD;;OAEG;IACG,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;YAclD,WAAW;CAO1B"}
@@ -0,0 +1,109 @@
1
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
6
+ };
7
+ var __metadata = (this && this.__metadata) || function (k, v) {
8
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
+ };
10
+ var __param = (this && this.__param) || function (paramIndex, decorator) {
11
+ return function (target, key) { decorator(target, key, paramIndex); }
12
+ };
13
+ import { Inject, Injectable } from '@nestjs/common';
14
+ import { AuthMethod } from '../../interfaces';
15
+ import { USER_SERVICE } from '../../auth.constants';
16
+ import { JwtService } from '../../session/jwt.service';
17
+ import { BaseStrategy } from '../base/base.strategy';
18
+ /**
19
+ * TOTP-based Two-Factor Authentication.
20
+ *
21
+ * Supports enrollment (generating secret + QR code), verification of codes,
22
+ * and backup-code management.
23
+ */
24
+ let TotpStrategy = class TotpStrategy extends BaseStrategy {
25
+ userService;
26
+ jwtService;
27
+ type = AuthMethod.TOTP;
28
+ name = 'totp';
29
+ constructor(userService, jwtService) {
30
+ super();
31
+ this.userService = userService;
32
+ this.jwtService = jwtService;
33
+ }
34
+ /**
35
+ * Authenticate using a TOTP code after primary authentication.
36
+ * Expects `userId` and `code` in the payload.
37
+ */
38
+ async authenticate(payload, _context) {
39
+ const userId = payload.userId;
40
+ const code = payload.code;
41
+ if (!userId || !code) {
42
+ throw new Error('userId and code are required');
43
+ }
44
+ const secret = await this.userService.getTotpSecret(userId);
45
+ if (!secret) {
46
+ throw new Error('TOTP is not configured for this user');
47
+ }
48
+ const valid = await this.verifyCode(secret, code);
49
+ if (!valid) {
50
+ throw new Error('Invalid TOTP code');
51
+ }
52
+ const user = await this.userService.findById(userId);
53
+ if (!user) {
54
+ throw new Error('User not found');
55
+ }
56
+ user.isMfaVerified = true;
57
+ user.roles = await this.userService.getRoles(user.id);
58
+ user.permissions = await this.userService.getPermissions(user.id);
59
+ const tokens = await this.jwtService.signTokens(user);
60
+ return { user, tokens };
61
+ }
62
+ /**
63
+ * Generate a new TOTP secret for a user (enrollment).
64
+ * Returns the secret and an otpauth URL for QR code generation.
65
+ */
66
+ async enroll(userId, issuer = 'NestKit') {
67
+ const otpauth = await this.loadOtpauth();
68
+ const secret = new otpauth.Secret({ size: 20 });
69
+ const secretBase32 = secret.base32;
70
+ const totp = new otpauth.TOTP({
71
+ issuer,
72
+ label: userId,
73
+ secret,
74
+ });
75
+ await this.userService.setTotpSecret(userId, secretBase32);
76
+ return { secret: secretBase32, otpauthUrl: totp.toString() };
77
+ }
78
+ /**
79
+ * Verify a TOTP or backup code.
80
+ */
81
+ async verifyCode(secret, code) {
82
+ const otpauth = await this.loadOtpauth();
83
+ try {
84
+ const totp = new otpauth.TOTP({
85
+ secret: otpauth.Secret.fromBase32(secret),
86
+ });
87
+ const delta = totp.validate({ token: code });
88
+ return delta !== null;
89
+ }
90
+ catch {
91
+ return false;
92
+ }
93
+ }
94
+ async loadOtpauth() {
95
+ try {
96
+ return await import('otpauth');
97
+ }
98
+ catch {
99
+ throw new Error('TOTP strategy requires "otpauth". Run: npm install otpauth');
100
+ }
101
+ }
102
+ };
103
+ TotpStrategy = __decorate([
104
+ Injectable(),
105
+ __param(0, Inject(USER_SERVICE)),
106
+ __metadata("design:paramtypes", [Object, JwtService])
107
+ ], TotpStrategy);
108
+ export { TotpStrategy };
109
+ //# sourceMappingURL=totp.strategy.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"totp.strategy.js","sourceRoot":"","sources":["../../../../packages/auth/strategies/totp/totp.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAoB,MAAM,kBAAkB,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD;;;;;GAKG;AAEI,IAAM,YAAY,GAAlB,MAAM,YAAa,SAAQ,YAAY;IAMzB;IACA;IANV,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC;IACvB,IAAI,GAAG,MAAM,CAAC;IAEvB,YAEmB,WAAyB,EACzB,UAAsB;QAEvC,KAAK,EAAE,CAAC;QAHS,gBAAW,GAAX,WAAW,CAAc;QACzB,eAAU,GAAV,UAAU,CAAY;IAGzC,CAAC;IAED;;;OAGG;IACM,KAAK,CAAC,YAAY,CACzB,OAAgC,EAChC,QAA2B;QAE3B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAgB,CAAC;QACxC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAc,CAAC;QAEpC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAC5D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAClD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACrD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QAED,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC1B,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CACV,MAAc,EACd,MAAM,GAAG,SAAS;QAElB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QACzC,MAAM,MAAM,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC;QAEnC,MAAM,IAAI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;YAC5B,MAAM;YACN,KAAK,EAAE,MAAM;YACb,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAE3D,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,IAAY;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;aAC1C,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7C,OAAO,KAAK,KAAK,IAAI,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,IAAI,CAAC;YACH,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;CACF,CAAA;AAlGY,YAAY;IADxB,UAAU,EAAE;IAMR,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;6CAEQ,UAAU;GAP9B,YAAY,CAkGxB"}
@@ -0,0 +1,2 @@
1
+ export { ThrottleService } from './throttle.service';
2
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../packages/auth/throttling/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC"}
@@ -0,0 +1,2 @@
1
+ export { ThrottleService } from './throttle.service';
2
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../packages/auth/throttling/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC"}
@@ -0,0 +1,27 @@
1
+ import type { ICacheService } from '../interfaces';
2
+ /**
3
+ * Rate-limits login attempts per identifier (email, IP, etc.)
4
+ * using the shared cache.
5
+ */
6
+ export declare class ThrottleService {
7
+ private readonly cache;
8
+ constructor(cache: ICacheService);
9
+ /**
10
+ * Check if the identifier is currently throttled.
11
+ *
12
+ * @param identifier User email, IP, or any unique key
13
+ * @param maxAttempts Max allowed attempts (default 5)
14
+ * @param windowSec Window in seconds (default 900 = 15 min)
15
+ * @throws Error if throttled
16
+ */
17
+ check(identifier: string, maxAttempts?: number, windowSec?: number): Promise<void>;
18
+ /**
19
+ * Record a failed login attempt.
20
+ */
21
+ recordFailure(identifier: string, windowSec?: number): Promise<void>;
22
+ /**
23
+ * Clear the attempt counter on successful login.
24
+ */
25
+ clear(identifier: string): Promise<void>;
26
+ }
27
+ //# sourceMappingURL=throttle.service.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"throttle.service.d.ts","sourceRoot":"","sources":["../../../packages/auth/throttling/throttle.service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGnD;;;GAGG;AACH,qBACa,eAAe;IAGxB,OAAO,CAAC,QAAQ,CAAC,KAAK;gBAAL,KAAK,EAAE,aAAa;IAGvC;;;;;;;OAOG;IACG,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,WAAW,SAAI,EAAE,SAAS,SAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAUhF;;OAEG;IACG,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,SAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IASvE;;OAEG;IACG,KAAK,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG/C"}
@@ -0,0 +1,63 @@
1
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
6
+ };
7
+ var __metadata = (this && this.__metadata) || function (k, v) {
8
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
+ };
10
+ var __param = (this && this.__param) || function (paramIndex, decorator) {
11
+ return function (target, key) { decorator(target, key, paramIndex); }
12
+ };
13
+ import { Inject, Injectable } from '@nestjs/common';
14
+ import { CACHE_SERVICE, LOGIN_ATTEMPT_PREFIX } from '../auth.constants';
15
+ /**
16
+ * Rate-limits login attempts per identifier (email, IP, etc.)
17
+ * using the shared cache.
18
+ */
19
+ let ThrottleService = class ThrottleService {
20
+ cache;
21
+ constructor(cache) {
22
+ this.cache = cache;
23
+ }
24
+ /**
25
+ * Check if the identifier is currently throttled.
26
+ *
27
+ * @param identifier User email, IP, or any unique key
28
+ * @param maxAttempts Max allowed attempts (default 5)
29
+ * @param windowSec Window in seconds (default 900 = 15 min)
30
+ * @throws Error if throttled
31
+ */
32
+ async check(identifier, maxAttempts = 5, windowSec = 900) {
33
+ const key = `${LOGIN_ATTEMPT_PREFIX}${identifier}`;
34
+ const attempts = await this.cache.get(key);
35
+ const current = attempts ?? 0;
36
+ if (current >= maxAttempts) {
37
+ throw new Error(`Too many login attempts. Please try again in ${windowSec} seconds.`);
38
+ }
39
+ }
40
+ /**
41
+ * Record a failed login attempt.
42
+ */
43
+ async recordFailure(identifier, windowSec = 900) {
44
+ const key = `${LOGIN_ATTEMPT_PREFIX}${identifier}`;
45
+ const attempts = await this.cache.get(key);
46
+ const next = (attempts ?? 0) + 1;
47
+ // Extend TTL on each failure so the window resets only after inactivity
48
+ await this.cache.set(key, next, windowSec);
49
+ }
50
+ /**
51
+ * Clear the attempt counter on successful login.
52
+ */
53
+ async clear(identifier) {
54
+ await this.cache.del(`${LOGIN_ATTEMPT_PREFIX}${identifier}`);
55
+ }
56
+ };
57
+ ThrottleService = __decorate([
58
+ Injectable(),
59
+ __param(0, Inject(CACHE_SERVICE)),
60
+ __metadata("design:paramtypes", [Object])
61
+ ], ThrottleService);
62
+ export { ThrottleService };
63
+ //# sourceMappingURL=throttle.service.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"throttle.service.js","sourceRoot":"","sources":["../../../packages/auth/throttling/throttle.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AAExE;;;GAGG;AAEI,IAAM,eAAe,GAArB,MAAM,eAAe;IAGP;IAFnB,YAEmB,KAAoB;QAApB,UAAK,GAAL,KAAK,CAAe;IACpC,CAAC;IAEJ;;;;;;;OAOG;IACH,KAAK,CAAC,KAAK,CAAC,UAAkB,EAAE,WAAW,GAAG,CAAC,EAAE,SAAS,GAAG,GAAG;QAC9D,MAAM,GAAG,GAAG,GAAG,oBAAoB,GAAG,UAAU,EAAE,CAAC;QACnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAS,GAAG,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,QAAQ,IAAI,CAAC,CAAC;QAE9B,IAAI,OAAO,IAAI,WAAW,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,gDAAgD,SAAS,WAAW,CAAC,CAAC;QACxF,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,UAAkB,EAAE,SAAS,GAAG,GAAG;QACrD,MAAM,GAAG,GAAG,GAAG,oBAAoB,GAAG,UAAU,EAAE,CAAC;QACnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAS,GAAG,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAEjC,wEAAwE;QACxE,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK,CAAC,UAAkB;QAC5B,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,oBAAoB,GAAG,UAAU,EAAE,CAAC,CAAC;IAC/D,CAAC;CACF,CAAA;AA1CY,eAAe;IAD3B,UAAU,EAAE;IAGR,WAAA,MAAM,CAAC,aAAa,CAAC,CAAA;;GAFb,eAAe,CA0C3B"}
@@ -0,0 +1,135 @@
1
+ import { ConfigService } from '@nestjs/config';
2
+ /** Per-store configuration. */
3
+ export interface CacheStoreConfig {
4
+ /** Store type */
5
+ type: 'memory' | 'redis' | 'valkey';
6
+ /**
7
+ * Optional name to distinguish this store.
8
+ *
9
+ * When set, the bootstrapper also reads `CACHE_{NAME}_URL`,
10
+ * `CACHE_{NAME}_KEY_PREFIX`, `CACHE_{NAME}_TTL`, and
11
+ * `CACHE_{NAME}_MAX` environment variables (with `NAME`
12
+ * uppercased). Named env vars take priority over the
13
+ * generic `REDIS_*` / `VALKEY_*` / `CACHE_*` variables.
14
+ *
15
+ * @example
16
+ * ```ts
17
+ * stores: [
18
+ * { type: 'redis', name: 'sessions' },
19
+ * { type: 'redis', name: 'data' },
20
+ * ]
21
+ * // Also reads: CACHE_SESSIONS_URL, CACHE_DATA_URL
22
+ * ```
23
+ */
24
+ name?: string;
25
+ /**
26
+ * Keyv adapter constructor.
27
+ *
28
+ * @example
29
+ * ```ts
30
+ * import { KeyvCacheableMemory } from 'cacheable';
31
+ * import KeyvRedis from '@keyv/redis';
32
+ * import KeyvValkey from '@keyv/valkey';
33
+ *
34
+ * const cfg = configCache({
35
+ * keyv: Keyv,
36
+ * stores: [
37
+ * { type: 'memory', adapter: KeyvCacheableMemory },
38
+ * { type: 'redis', adapter: KeyvRedis },
39
+ * { type: 'valkey', adapter: KeyvValkey },
40
+ * ],
41
+ * });
42
+ * ```
43
+ */
44
+ adapter?: new (...args: unknown[]) => unknown;
45
+ /** Connection URL (redis / valkey), e.g. `redis://localhost:6379`. */
46
+ url?: string;
47
+ /** Max items (memory store). */
48
+ max?: number;
49
+ /** Key prefix for namespacing. */
50
+ keyPrefix?: string;
51
+ /** Enable RDS (ElastiCache) TLS mode. */
52
+ rdsEnabled?: boolean;
53
+ /** TTL override for this store (seconds). */
54
+ ttl?: number;
55
+ }
56
+ /** Top-level cache configuration. */
57
+ export interface CacheConfigOptions {
58
+ /**
59
+ * Default TTL (seconds).
60
+ * When `keyv` is provided, this value is converted to milliseconds for Keyv.
61
+ */
62
+ ttl?: number;
63
+ /** Register as `@Global()`. */
64
+ isGlobal?: boolean;
65
+ /**
66
+ * One or more cache stores. Pass multiple to enable multi-tier caching.
67
+ * Each store creates a separate `Keyv` instance.
68
+ */
69
+ stores?: CacheStoreConfig[];
70
+ /**
71
+ * The `Keyv` class from the `keyv` package.
72
+ *
73
+ * Required when any store provides an `adapter` — the config builds Keyv
74
+ * instances so the output is ready for `CacheModule.register()`.
75
+ *
76
+ * @example
77
+ * ```ts
78
+ * import Keyv from 'keyv';
79
+ * ```
80
+ */
81
+ keyv?: new (options?: Record<string, unknown>) => Record<string, unknown>;
82
+ }
83
+ type StoreRecord = Record<string, unknown>;
84
+ /**
85
+ * Build cache module options from environment variables.
86
+ *
87
+ * @example
88
+ * ```ts
89
+ * import Keyv from 'keyv';
90
+ * import KeyvRedis from '@keyv/redis';
91
+ * import { KeyvCacheableMemory } from 'cacheable';
92
+ *
93
+ * const cfg = configCache({
94
+ * keyv: Keyv,
95
+ * stores: [
96
+ * { type: 'memory', adapter: KeyvCacheableMemory },
97
+ * { type: 'redis', adapter: KeyvRedis },
98
+ * ],
99
+ * });
100
+ * CacheModule.register(cfg);
101
+ * ```
102
+ *
103
+ * Environment variables:
104
+ * | Variable | Default | Description |
105
+ * |---------------------------|----------------------------|-------------------------------------------|
106
+ * | `CACHE_STORE` | `memory` | Comma-separated store types |
107
+ * | `CACHE_TTL` | `60` | Default TTL (seconds) |
108
+ * | `CACHE_MAX` | `100` | Max items (memory store) |
109
+ * | `CACHE_IS_GLOBAL` | `false` | Register as global module |
110
+ * | `CACHE_{NAME}_URL` | — | Named-store URL (overrides `REDIS_URL`) |
111
+ * | `CACHE_{NAME}_KEY_PREFIX` | — | Named-store key prefix |
112
+ * | `CACHE_{NAME}_TTL` | — | Named-store TTL (overrides `CACHE_TTL`) |
113
+ * | `CACHE_{NAME}_MAX` | — | Named-store max (overrides `CACHE_MAX`) |
114
+ * | `REDIS_URL` | `redis://localhost:6379/0` | Redis connection URL |
115
+ * | `REDIS_KEY_PREFIX` | — | Redis key prefix |
116
+ * | `VALKEY_URL` | `redis://localhost:6379/0` | Valkey connection URL |
117
+ * | `VALKEY_KEY_PREFIX` | — | Valkey key prefix |
118
+ * | `RDS_CACHE_ENABLED` | `false` | Enable TLS for Redis / Valkey |
119
+ */
120
+ export declare function configCache(options?: CacheConfigOptions): StoreRecord;
121
+ /**
122
+ * Build cache module options from `ConfigService`.
123
+ *
124
+ * @example
125
+ * ```ts
126
+ * CacheModule.registerAsync({
127
+ * imports: [ConfigModule],
128
+ * inject: [ConfigService],
129
+ * useFactory: (cs) => configCacheAsync(cs, { keyv: Keyv, stores: [...] }),
130
+ * })
131
+ * ```
132
+ */
133
+ export declare function configCacheAsync(configService: ConfigService, options?: CacheConfigOptions): StoreRecord;
134
+ export {};
135
+ //# sourceMappingURL=config.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../packages/bootstrap/cache/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE/C,+BAA+B;AAC/B,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB;IACjB,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,QAAQ,CAAC;IAEpC;;;;;;;;;;;;;;;;;OAiBG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;;;;;;;;;;;;;;;;OAkBG;IACH,OAAO,CAAC,EAAE,KAAK,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC;IAE9C,sEAAsE;IACtE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,gCAAgC;IAChC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,kCAAkC;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,6CAA6C;IAC7C,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,qCAAqC;AACrC,MAAM,WAAW,kBAAkB;IACjC;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,OAAO,CAAC;IAEnB;;;OAGG;IACH,MAAM,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAE5B;;;;;;;;;;OAUG;IACH,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC3E;AAYD,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAiL3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,wBAAgB,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,GAAG,WAAW,CAYrE;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,gBAAgB,CAC9B,aAAa,EAAE,aAAa,EAC5B,OAAO,CAAC,EAAE,kBAAkB,GAC3B,WAAW,CASb"}