@pafi-dev/issuer 0.39.1 → 0.39.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,37 +1,50 @@
1
1
  import {
2
2
  PafiAuthClient
3
- } from "../chunk-7VEYSL2C.js";
3
+ } from "../chunk-2Z3M2KQG.js";
4
4
  import {
5
- __decorateClass,
6
- __decorateParam
7
- } from "../chunk-BRKEJJFQ.js";
5
+ __name
6
+ } from "../chunk-7QVYU63E.js";
8
7
 
9
8
  // src/direct-auth/pafi-direct-auth.module.ts
10
- import {
11
- Module
12
- } from "@nestjs/common";
9
+ import { Module } from "@nestjs/common";
13
10
 
14
11
  // src/direct-auth/services/pafi-auth-client.provider.ts
15
12
  import { Injectable, Inject } from "@nestjs/common";
16
13
 
17
14
  // src/direct-auth/pafi-direct-auth.module-options.ts
18
- var PAFI_DIRECT_AUTH_MODULE_OPTIONS = /* @__PURE__ */ Symbol(
19
- "PAFI_DIRECT_AUTH_MODULE_OPTIONS"
20
- );
15
+ var PAFI_DIRECT_AUTH_MODULE_OPTIONS = /* @__PURE__ */ Symbol("PAFI_DIRECT_AUTH_MODULE_OPTIONS");
21
16
 
22
17
  // src/direct-auth/services/pafi-auth-client.provider.ts
18
+ function _ts_decorate(decorators, target, key, desc) {
19
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
20
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
21
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
22
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
23
+ }
24
+ __name(_ts_decorate, "_ts_decorate");
25
+ function _ts_metadata(k, v) {
26
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
27
+ }
28
+ __name(_ts_metadata, "_ts_metadata");
29
+ function _ts_param(paramIndex, decorator) {
30
+ return function(target, key) {
31
+ decorator(target, key, paramIndex);
32
+ };
33
+ }
34
+ __name(_ts_param, "_ts_param");
23
35
  var PafiAuthClientProvider = class {
24
- constructor(options) {
25
- this.options = options;
36
+ static {
37
+ __name(this, "PafiAuthClientProvider");
26
38
  }
27
39
  options;
28
40
  _client;
41
+ constructor(options) {
42
+ this.options = options;
43
+ }
29
44
  onModuleInit() {
30
45
  const jwk = this.options.clientPrivateJwk;
31
46
  if (!jwk.kid) {
32
- throw new Error(
33
- "PafiDirectAuthModule: clientPrivateJwk.kid is required \u2014 gateway uses kid for key lookup"
34
- );
47
+ throw new Error("PafiDirectAuthModule: clientPrivateJwk.kid is required \u2014 gateway uses kid for key lookup");
35
48
  }
36
49
  this._client = new PafiAuthClient({
37
50
  gatewayUrl: this.options.gatewayUrl,
@@ -44,25 +57,43 @@ var PafiAuthClientProvider = class {
44
57
  return this._client;
45
58
  }
46
59
  };
47
- PafiAuthClientProvider = __decorateClass([
60
+ PafiAuthClientProvider = _ts_decorate([
48
61
  Injectable(),
49
- __decorateParam(0, Inject(PAFI_DIRECT_AUTH_MODULE_OPTIONS))
62
+ _ts_param(0, Inject(PAFI_DIRECT_AUTH_MODULE_OPTIONS)),
63
+ _ts_metadata("design:type", Function),
64
+ _ts_metadata("design:paramtypes", [
65
+ typeof PafiDirectAuthModuleOptions === "undefined" ? Object : PafiDirectAuthModuleOptions
66
+ ])
50
67
  ], PafiAuthClientProvider);
51
68
 
52
69
  // src/direct-auth/services/pafi-session-verifier.service.ts
53
- import {
54
- Injectable as Injectable2,
55
- Inject as Inject2,
56
- UnauthorizedException
57
- } from "@nestjs/common";
70
+ import { Injectable as Injectable2, Inject as Inject2, UnauthorizedException } from "@nestjs/common";
58
71
  import { createRemoteJWKSet, jwtVerify } from "jose";
72
+ function _ts_decorate2(decorators, target, key, desc) {
73
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
74
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
75
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
76
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
77
+ }
78
+ __name(_ts_decorate2, "_ts_decorate");
79
+ function _ts_metadata2(k, v) {
80
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
81
+ }
82
+ __name(_ts_metadata2, "_ts_metadata");
83
+ function _ts_param2(paramIndex, decorator) {
84
+ return function(target, key) {
85
+ decorator(target, key, paramIndex);
86
+ };
87
+ }
88
+ __name(_ts_param2, "_ts_param");
59
89
  var PafiSessionVerifierService = class {
90
+ static {
91
+ __name(this, "PafiSessionVerifierService");
92
+ }
60
93
  jwks;
61
94
  expectedIssuer;
62
95
  constructor(options) {
63
- this.jwks = createRemoteJWKSet(
64
- new URL(`${options.gatewayUrl}/.well-known/jwks.json`)
65
- );
96
+ this.jwks = createRemoteJWKSet(new URL(`${options.gatewayUrl}/.well-known/jwks.json`));
66
97
  this.expectedIssuer = options.gatewayUrl;
67
98
  }
68
99
  async verify(token) {
@@ -72,14 +103,10 @@ var PafiSessionVerifierService = class {
72
103
  issuer: this.expectedIssuer
73
104
  }));
74
105
  } catch (err) {
75
- throw new UnauthorizedException(
76
- `Invalid pafi_session_token: ${err.message}`
77
- );
106
+ throw new UnauthorizedException(`Invalid pafi_session_token: ${err.message}`);
78
107
  }
79
108
  if (payload.scope !== "pafi-session") {
80
- throw new UnauthorizedException(
81
- `pafi_session_token has wrong scope: ${String(payload.scope)}`
82
- );
109
+ throw new UnauthorizedException(`pafi_session_token has wrong scope: ${String(payload.scope)}`);
83
110
  }
84
111
  if (typeof payload.sub !== "string") {
85
112
  throw new UnauthorizedException("pafi_session_token missing sub");
@@ -87,9 +114,7 @@ var PafiSessionVerifierService = class {
87
114
  if (typeof payload.exp !== "number" || typeof payload.iat !== "number") {
88
115
  throw new UnauthorizedException("pafi_session_token missing iat/exp");
89
116
  }
90
- const verifiedAttribute = parseVerifiedAttribute(
91
- payload.verified_attribute
92
- );
117
+ const verifiedAttribute = parseVerifiedAttribute(payload.verified_attribute);
93
118
  return {
94
119
  sub: payload.sub,
95
120
  scope: "pafi-session",
@@ -101,9 +126,13 @@ var PafiSessionVerifierService = class {
101
126
  };
102
127
  }
103
128
  };
104
- PafiSessionVerifierService = __decorateClass([
129
+ PafiSessionVerifierService = _ts_decorate2([
105
130
  Injectable2(),
106
- __decorateParam(0, Inject2(PAFI_DIRECT_AUTH_MODULE_OPTIONS))
131
+ _ts_param2(0, Inject2(PAFI_DIRECT_AUTH_MODULE_OPTIONS)),
132
+ _ts_metadata2("design:type", Function),
133
+ _ts_metadata2("design:paramtypes", [
134
+ typeof PafiDirectAuthModuleOptions === "undefined" ? Object : PafiDirectAuthModuleOptions
135
+ ])
107
136
  ], PafiSessionVerifierService);
108
137
  function parseVerifiedAttribute(raw) {
109
138
  if (!raw || typeof raw !== "object") return void 0;
@@ -114,6 +143,7 @@ function parseVerifiedAttribute(raw) {
114
143
  valueHash: typeof obj.value_hash === "string" ? obj.value_hash : void 0
115
144
  };
116
145
  }
146
+ __name(parseVerifiedAttribute, "parseVerifiedAttribute");
117
147
 
118
148
  // src/direct-auth/services/pafi-direct-auth.service.ts
119
149
  import { Injectable as Injectable3, Inject as Inject3, Logger } from "@nestjs/common";
@@ -125,18 +155,38 @@ var USER_STORE = /* @__PURE__ */ Symbol("USER_STORE");
125
155
  var SESSION_TOKEN_MINTER = /* @__PURE__ */ Symbol("SESSION_TOKEN_MINTER");
126
156
 
127
157
  // src/direct-auth/services/pafi-direct-auth.service.ts
128
- var PafiDirectAuthService = class {
158
+ function _ts_decorate3(decorators, target, key, desc) {
159
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
160
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
161
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
162
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
163
+ }
164
+ __name(_ts_decorate3, "_ts_decorate");
165
+ function _ts_metadata3(k, v) {
166
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
167
+ }
168
+ __name(_ts_metadata3, "_ts_metadata");
169
+ function _ts_param3(paramIndex, decorator) {
170
+ return function(target, key) {
171
+ decorator(target, key, paramIndex);
172
+ };
173
+ }
174
+ __name(_ts_param3, "_ts_param");
175
+ var PafiDirectAuthService = class _PafiDirectAuthService {
176
+ static {
177
+ __name(this, "PafiDirectAuthService");
178
+ }
179
+ clientProvider;
180
+ sessionVerifier;
181
+ userStore;
182
+ sessionTokenMinter;
183
+ logger = new Logger(_PafiDirectAuthService.name);
129
184
  constructor(clientProvider, sessionVerifier, userStore, sessionTokenMinter) {
130
185
  this.clientProvider = clientProvider;
131
186
  this.sessionVerifier = sessionVerifier;
132
187
  this.userStore = userStore;
133
188
  this.sessionTokenMinter = sessionTokenMinter;
134
189
  }
135
- clientProvider;
136
- sessionVerifier;
137
- userStore;
138
- sessionTokenMinter;
139
- logger = new Logger(PafiDirectAuthService.name);
140
190
  // ── Email OTP ────────────────────────────────────────────────────
141
191
  async startEmail(args) {
142
192
  return this.clientProvider.client.startEmail({
@@ -189,105 +239,146 @@ var PafiDirectAuthService = class {
189
239
  pafiSessionToken: success.pafiSessionToken,
190
240
  canonicalId: success.canonicalId,
191
241
  isFirstLogin: success.isFirstLogin,
192
- ...success.verifiedEmail ? { verifiedEmail: success.verifiedEmail } : {}
242
+ ...success.verifiedEmail ? {
243
+ verifiedEmail: success.verifiedEmail
244
+ } : {}
193
245
  };
194
246
  }
195
247
  };
196
- PafiDirectAuthService = __decorateClass([
248
+ PafiDirectAuthService = _ts_decorate3([
197
249
  Injectable3(),
198
- __decorateParam(2, Inject3(USER_STORE)),
199
- __decorateParam(3, Inject3(SESSION_TOKEN_MINTER))
250
+ _ts_param3(2, Inject3(USER_STORE)),
251
+ _ts_param3(3, Inject3(SESSION_TOKEN_MINTER)),
252
+ _ts_metadata3("design:type", Function),
253
+ _ts_metadata3("design:paramtypes", [
254
+ typeof PafiAuthClientProvider === "undefined" ? Object : PafiAuthClientProvider,
255
+ typeof PafiSessionVerifierService === "undefined" ? Object : PafiSessionVerifierService,
256
+ typeof IUserStore === "undefined" ? Object : IUserStore,
257
+ typeof ISessionTokenMinter === "undefined" ? Object : ISessionTokenMinter
258
+ ])
200
259
  ], PafiDirectAuthService);
201
260
 
202
261
  // src/direct-auth/pafi-direct-auth.controller.ts
203
- import {
204
- Body,
205
- Controller,
206
- HttpCode,
207
- HttpStatus,
208
- Post
209
- } from "@nestjs/common";
262
+ import { Body, Controller, HttpCode, HttpStatus, Post } from "@nestjs/common";
210
263
  import { ApiOkResponse, ApiOperation, ApiTags } from "@nestjs/swagger";
211
264
 
212
265
  // src/direct-auth/pafi-direct-auth.dto.ts
213
266
  import { ApiProperty } from "@nestjs/swagger";
214
- import {
215
- IsEmail,
216
- IsNotEmpty,
217
- IsOptional,
218
- IsString,
219
- IsUrl,
220
- Length,
221
- MaxLength
222
- } from "class-validator";
267
+ import { IsEmail, IsNotEmpty, IsOptional, IsString, IsUrl, Length, MaxLength } from "class-validator";
268
+ function _ts_decorate4(decorators, target, key, desc) {
269
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
270
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
271
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
272
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
273
+ }
274
+ __name(_ts_decorate4, "_ts_decorate");
275
+ function _ts_metadata4(k, v) {
276
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
277
+ }
278
+ __name(_ts_metadata4, "_ts_metadata");
223
279
  var EmailStartRequestDto = class {
280
+ static {
281
+ __name(this, "EmailStartRequestDto");
282
+ }
224
283
  email;
225
284
  };
226
- __decorateClass([
227
- ApiProperty({ example: "user1@example.com" }),
285
+ _ts_decorate4([
286
+ ApiProperty({
287
+ example: "user1@example.com"
288
+ }),
228
289
  IsEmail(),
229
- MaxLength(320)
230
- ], EmailStartRequestDto.prototype, "email", 2);
290
+ MaxLength(320),
291
+ _ts_metadata4("design:type", String)
292
+ ], EmailStartRequestDto.prototype, "email", void 0);
231
293
  var EmailVerifyRequestDto = class {
294
+ static {
295
+ __name(this, "EmailVerifyRequestDto");
296
+ }
232
297
  challengeId;
233
298
  otpCode;
234
299
  };
235
- __decorateClass([
300
+ _ts_decorate4([
236
301
  ApiProperty({
237
302
  description: "Challenge id returned by POST /auth/v2/email/start. Opaque to the FE; echo verbatim."
238
303
  }),
239
304
  IsString(),
240
305
  IsNotEmpty(),
241
- MaxLength(128)
242
- ], EmailVerifyRequestDto.prototype, "challengeId", 2);
243
- __decorateClass([
244
- ApiProperty({ example: "123456" }),
306
+ MaxLength(128),
307
+ _ts_metadata4("design:type", String)
308
+ ], EmailVerifyRequestDto.prototype, "challengeId", void 0);
309
+ _ts_decorate4([
310
+ ApiProperty({
311
+ example: "123456"
312
+ }),
245
313
  IsString(),
246
- Length(4, 10)
247
- ], EmailVerifyRequestDto.prototype, "otpCode", 2);
314
+ Length(4, 10),
315
+ _ts_metadata4("design:type", String)
316
+ ], EmailVerifyRequestDto.prototype, "otpCode", void 0);
248
317
  var GoogleExchangeRequestDto = class {
318
+ static {
319
+ __name(this, "GoogleExchangeRequestDto");
320
+ }
249
321
  idToken;
250
322
  };
251
- __decorateClass([
323
+ _ts_decorate4([
252
324
  ApiProperty({
253
325
  description: "Google-issued ID token (JWS). Obtain on FE via Google Identity Services using PAFI's Google OAuth client_id."
254
326
  }),
255
327
  IsString(),
256
328
  IsNotEmpty(),
257
- MaxLength(8192)
258
- ], GoogleExchangeRequestDto.prototype, "idToken", 2);
329
+ MaxLength(8192),
330
+ _ts_metadata4("design:type", String)
331
+ ], GoogleExchangeRequestDto.prototype, "idToken", void 0);
259
332
  var KakaoExchangeRequestDto = class {
333
+ static {
334
+ __name(this, "KakaoExchangeRequestDto");
335
+ }
260
336
  code;
261
337
  redirectUri;
262
338
  };
263
- __decorateClass([
339
+ _ts_decorate4([
264
340
  ApiProperty({
265
341
  description: "Authorization code returned by Kakao to the FE redirect URL."
266
342
  }),
267
343
  IsString(),
268
344
  IsNotEmpty(),
269
- MaxLength(2048)
270
- ], KakaoExchangeRequestDto.prototype, "code", 2);
271
- __decorateClass([
345
+ MaxLength(2048),
346
+ _ts_metadata4("design:type", String)
347
+ ], KakaoExchangeRequestDto.prototype, "code", void 0);
348
+ _ts_decorate4([
272
349
  ApiProperty({
273
350
  description: "Redirect URI the FE used when initiating the Kakao flow. Optional \u2014 gateway falls back to its own KAKAO_REDIRECT_URI env.",
274
351
  required: false
275
352
  }),
276
353
  IsOptional(),
277
- IsUrl({ require_tld: false, require_protocol: true }),
278
- MaxLength(2048)
279
- ], KakaoExchangeRequestDto.prototype, "redirectUri", 2);
354
+ IsUrl({
355
+ require_tld: false,
356
+ require_protocol: true
357
+ }),
358
+ MaxLength(2048),
359
+ _ts_metadata4("design:type", String)
360
+ ], KakaoExchangeRequestDto.prototype, "redirectUri", void 0);
280
361
  var EmailStartResponseDto = class {
362
+ static {
363
+ __name(this, "EmailStartResponseDto");
364
+ }
281
365
  challengeId;
282
366
  expiresInSec;
283
367
  };
284
- __decorateClass([
285
- ApiProperty()
286
- ], EmailStartResponseDto.prototype, "challengeId", 2);
287
- __decorateClass([
288
- ApiProperty({ description: "Seconds until the challenge expires." })
289
- ], EmailStartResponseDto.prototype, "expiresInSec", 2);
368
+ _ts_decorate4([
369
+ ApiProperty(),
370
+ _ts_metadata4("design:type", String)
371
+ ], EmailStartResponseDto.prototype, "challengeId", void 0);
372
+ _ts_decorate4([
373
+ ApiProperty({
374
+ description: "Seconds until the challenge expires."
375
+ }),
376
+ _ts_metadata4("design:type", Number)
377
+ ], EmailStartResponseDto.prototype, "expiresInSec", void 0);
290
378
  var PafiAuthSuccessDto = class {
379
+ static {
380
+ __name(this, "PafiAuthSuccessDto");
381
+ }
291
382
  sessionToken;
292
383
  sessionExpiresAt;
293
384
  pafiJwt;
@@ -296,47 +387,80 @@ var PafiAuthSuccessDto = class {
296
387
  isFirstLogin;
297
388
  verifiedEmail;
298
389
  };
299
- __decorateClass([
390
+ _ts_decorate4([
300
391
  ApiProperty({
301
392
  description: "Issuer-native session token (typically HS256, minted by ISessionTokenMinter) \u2014 Bearer-auth for subsequent issuer API calls."
302
- })
303
- ], PafiAuthSuccessDto.prototype, "sessionToken", 2);
304
- __decorateClass([
305
- ApiProperty({ description: "Issuer session token expiration (ISO 8601)." })
306
- ], PafiAuthSuccessDto.prototype, "sessionExpiresAt", 2);
307
- __decorateClass([
393
+ }),
394
+ _ts_metadata4("design:type", String)
395
+ ], PafiAuthSuccessDto.prototype, "sessionToken", void 0);
396
+ _ts_decorate4([
397
+ ApiProperty({
398
+ description: "Issuer session token expiration (ISO 8601)."
399
+ }),
400
+ _ts_metadata4("design:type", String)
401
+ ], PafiAuthSuccessDto.prototype, "sessionExpiresAt", void 0);
402
+ _ts_decorate4([
308
403
  ApiProperty({
309
404
  description: "Short-lived PAFI JWT (60s) \u2014 FE feeds verbatim to Privy.loginWithCustomAuth() to provision the embedded wallet."
310
- })
311
- ], PafiAuthSuccessDto.prototype, "pafiJwt", 2);
312
- __decorateClass([
405
+ }),
406
+ _ts_metadata4("design:type", String)
407
+ ], PafiAuthSuccessDto.prototype, "pafiJwt", void 0);
408
+ _ts_decorate4([
313
409
  ApiProperty({
314
410
  description: "Long-lived PAFI session token (24h) \u2014 opaque to FE; keep alongside sessionToken if you ever need to call the gateway directly."
315
- })
316
- ], PafiAuthSuccessDto.prototype, "pafiSessionToken", 2);
317
- __decorateClass([
318
- ApiProperty({ description: "canonical_pafi_user_id assigned by the gateway." })
319
- ], PafiAuthSuccessDto.prototype, "canonicalId", 2);
320
- __decorateClass([
411
+ }),
412
+ _ts_metadata4("design:type", String)
413
+ ], PafiAuthSuccessDto.prototype, "pafiSessionToken", void 0);
414
+ _ts_decorate4([
415
+ ApiProperty({
416
+ description: "canonical_pafi_user_id assigned by the gateway."
417
+ }),
418
+ _ts_metadata4("design:type", String)
419
+ ], PafiAuthSuccessDto.prototype, "canonicalId", void 0);
420
+ _ts_decorate4([
321
421
  ApiProperty({
322
422
  description: "True the first time the user appears at the gateway."
323
- })
324
- ], PafiAuthSuccessDto.prototype, "isFirstLogin", 2);
325
- __decorateClass([
423
+ }),
424
+ _ts_metadata4("design:type", Boolean)
425
+ ], PafiAuthSuccessDto.prototype, "isFirstLogin", void 0);
426
+ _ts_decorate4([
326
427
  ApiProperty({
327
428
  description: "Verified email (when the auth method exposed one \u2014 email OTP and Google always; Kakao only if the user shared their email).",
328
429
  required: false
329
- })
330
- ], PafiAuthSuccessDto.prototype, "verifiedEmail", 2);
430
+ }),
431
+ _ts_metadata4("design:type", String)
432
+ ], PafiAuthSuccessDto.prototype, "verifiedEmail", void 0);
331
433
 
332
434
  // src/direct-auth/pafi-direct-auth.controller.ts
435
+ function _ts_decorate5(decorators, target, key, desc) {
436
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
437
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
438
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
439
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
440
+ }
441
+ __name(_ts_decorate5, "_ts_decorate");
442
+ function _ts_metadata5(k, v) {
443
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
444
+ }
445
+ __name(_ts_metadata5, "_ts_metadata");
446
+ function _ts_param4(paramIndex, decorator) {
447
+ return function(target, key) {
448
+ decorator(target, key, paramIndex);
449
+ };
450
+ }
451
+ __name(_ts_param4, "_ts_param");
333
452
  var PafiDirectAuthController = class {
453
+ static {
454
+ __name(this, "PafiDirectAuthController");
455
+ }
456
+ directAuth;
334
457
  constructor(directAuth) {
335
458
  this.directAuth = directAuth;
336
459
  }
337
- directAuth;
338
460
  async startEmail(body) {
339
- const res = await this.directAuth.startEmail({ email: body.email });
461
+ const res = await this.directAuth.startEmail({
462
+ email: body.email
463
+ });
340
464
  return {
341
465
  challengeId: res.challengeId,
342
466
  expiresInSec: res.expiresInSec
@@ -349,7 +473,9 @@ var PafiDirectAuthController = class {
349
473
  });
350
474
  }
351
475
  async exchangeGoogle(body) {
352
- return this.directAuth.exchangeGoogle({ idToken: body.idToken });
476
+ return this.directAuth.exchangeGoogle({
477
+ idToken: body.idToken
478
+ });
353
479
  }
354
480
  async exchangeKakao(body) {
355
481
  return this.directAuth.exchangeKakao({
@@ -358,58 +484,102 @@ var PafiDirectAuthController = class {
358
484
  });
359
485
  }
360
486
  };
361
- __decorateClass([
487
+ _ts_decorate5([
362
488
  Post("email/start"),
363
489
  HttpCode(HttpStatus.OK),
364
490
  ApiOperation({
365
491
  summary: "Step 1: ask gateway to send an OTP to the user email.",
366
492
  description: "Gateway generates the OTP, sends it via its configured email provider, and returns an opaque challenge_id. The FE echoes that challenge_id back on step 2 along with the code the user typed."
367
493
  }),
368
- ApiOkResponse({ type: EmailStartResponseDto }),
369
- __decorateParam(0, Body())
370
- ], PafiDirectAuthController.prototype, "startEmail", 1);
371
- __decorateClass([
494
+ ApiOkResponse({
495
+ type: EmailStartResponseDto
496
+ }),
497
+ _ts_param4(0, Body()),
498
+ _ts_metadata5("design:type", Function),
499
+ _ts_metadata5("design:paramtypes", [
500
+ typeof EmailStartRequestDto === "undefined" ? Object : EmailStartRequestDto
501
+ ]),
502
+ _ts_metadata5("design:returntype", Promise)
503
+ ], PafiDirectAuthController.prototype, "startEmail", null);
504
+ _ts_decorate5([
372
505
  Post("email/verify"),
373
506
  HttpCode(HttpStatus.OK),
374
507
  ApiOperation({
375
508
  summary: "Step 2: submit the OTP to complete email sign-in.",
376
509
  description: "Gateway verifies the OTP, derives canonical_id from the verified email, and mints both a pafi_session_token (24h, gateway-signed) and pafi_jwt (60s, for Privy.loginWithCustomAuth). Issuer wraps these in a session token of its own (sub = canonical_id) so existing guards keep working."
377
510
  }),
378
- ApiOkResponse({ type: PafiAuthSuccessDto }),
379
- __decorateParam(0, Body())
380
- ], PafiDirectAuthController.prototype, "verifyEmail", 1);
381
- __decorateClass([
511
+ ApiOkResponse({
512
+ type: PafiAuthSuccessDto
513
+ }),
514
+ _ts_param4(0, Body()),
515
+ _ts_metadata5("design:type", Function),
516
+ _ts_metadata5("design:paramtypes", [
517
+ typeof EmailVerifyRequestDto === "undefined" ? Object : EmailVerifyRequestDto
518
+ ]),
519
+ _ts_metadata5("design:returntype", Promise)
520
+ ], PafiDirectAuthController.prototype, "verifyEmail", null);
521
+ _ts_decorate5([
382
522
  Post("google/exchange"),
383
523
  HttpCode(HttpStatus.OK),
384
524
  ApiOperation({
385
525
  summary: "Sign in with Google.",
386
526
  description: "Hand the gateway a Google-issued id_token (FE obtains via Google Identity Services using PAFI's shared client_id). Gateway verifies signature + email_verified, derives canonical_id from the email, returns the same token bundle as /email/verify."
387
527
  }),
388
- ApiOkResponse({ type: PafiAuthSuccessDto }),
389
- __decorateParam(0, Body())
390
- ], PafiDirectAuthController.prototype, "exchangeGoogle", 1);
391
- __decorateClass([
528
+ ApiOkResponse({
529
+ type: PafiAuthSuccessDto
530
+ }),
531
+ _ts_param4(0, Body()),
532
+ _ts_metadata5("design:type", Function),
533
+ _ts_metadata5("design:paramtypes", [
534
+ typeof GoogleExchangeRequestDto === "undefined" ? Object : GoogleExchangeRequestDto
535
+ ]),
536
+ _ts_metadata5("design:returntype", Promise)
537
+ ], PafiDirectAuthController.prototype, "exchangeGoogle", null);
538
+ _ts_decorate5([
392
539
  Post("kakao/exchange"),
393
540
  HttpCode(HttpStatus.OK),
394
541
  ApiOperation({
395
542
  summary: "Sign in with Kakao.",
396
543
  description: "Hand the gateway the authorization code Kakao redirected back to the FE. Gateway exchanges with Kakao server-to-server (using PAFI-held client_secret), verifies the id_token, and returns the same token bundle as /email/verify. canonical_id derives from email when present, else from the Kakao sub."
397
544
  }),
398
- ApiOkResponse({ type: PafiAuthSuccessDto }),
399
- __decorateParam(0, Body())
400
- ], PafiDirectAuthController.prototype, "exchangeKakao", 1);
401
- PafiDirectAuthController = __decorateClass([
545
+ ApiOkResponse({
546
+ type: PafiAuthSuccessDto
547
+ }),
548
+ _ts_param4(0, Body()),
549
+ _ts_metadata5("design:type", Function),
550
+ _ts_metadata5("design:paramtypes", [
551
+ typeof KakaoExchangeRequestDto === "undefined" ? Object : KakaoExchangeRequestDto
552
+ ]),
553
+ _ts_metadata5("design:returntype", Promise)
554
+ ], PafiDirectAuthController.prototype, "exchangeKakao", null);
555
+ PafiDirectAuthController = _ts_decorate5([
402
556
  ApiTags("pafi-auth-v2"),
403
- Controller("auth/v2")
557
+ Controller("auth/v2"),
558
+ _ts_metadata5("design:type", Function),
559
+ _ts_metadata5("design:paramtypes", [
560
+ typeof PafiDirectAuthService === "undefined" ? Object : PafiDirectAuthService
561
+ ])
404
562
  ], PafiDirectAuthController);
405
563
 
406
564
  // src/direct-auth/pafi-direct-auth.module.ts
407
- var PafiDirectAuthModule = class {
565
+ function _ts_decorate6(decorators, target, key, desc) {
566
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
567
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
568
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
569
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
570
+ }
571
+ __name(_ts_decorate6, "_ts_decorate");
572
+ var PafiDirectAuthModule = class _PafiDirectAuthModule {
573
+ static {
574
+ __name(this, "PafiDirectAuthModule");
575
+ }
408
576
  static forRoot(options) {
409
577
  return {
410
- module: PafiDirectAuthModule,
578
+ module: _PafiDirectAuthModule,
411
579
  imports: options.imports ?? [],
412
- controllers: [PafiDirectAuthController],
580
+ controllers: [
581
+ PafiDirectAuthController
582
+ ],
413
583
  providers: [
414
584
  {
415
585
  provide: PAFI_DIRECT_AUTH_MODULE_OPTIONS,
@@ -443,7 +613,7 @@ var PafiDirectAuthModule = class {
443
613
  };
444
614
  }
445
615
  };
446
- PafiDirectAuthModule = __decorateClass([
616
+ PafiDirectAuthModule = _ts_decorate6([
447
617
  Module({})
448
618
  ], PafiDirectAuthModule);
449
619
  export {