@pafi-dev/issuer 0.39.1 → 0.39.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth-client/index.cjs +65 -79
- package/dist/auth-client/index.cjs.map +1 -1
- package/dist/auth-client/index.js +2 -2
- package/dist/{chunk-7VEYSL2C.js → chunk-2Z3M2KQG.js} +69 -80
- package/dist/{chunk-7VEYSL2C.js.map → chunk-2Z3M2KQG.js.map} +1 -1
- package/dist/chunk-7QVYU63E.js +7 -0
- package/dist/{chunk-QLNGNH4A.js → chunk-RNQQYJIB.js} +23 -7
- package/dist/{chunk-QLNGNH4A.js.map → chunk-RNQQYJIB.js.map} +1 -1
- package/dist/direct-auth/index.cjs +363 -195
- package/dist/direct-auth/index.cjs.map +1 -1
- package/dist/direct-auth/index.d.cts +25 -10
- package/dist/direct-auth/index.d.ts +25 -10
- package/dist/direct-auth/index.js +305 -135
- package/dist/direct-auth/index.js.map +1 -1
- package/dist/http/index.cjs +14 -1
- package/dist/http/index.cjs.map +1 -1
- package/dist/http/index.js +2 -2
- package/dist/index.cjs +1096 -1280
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +1094 -1355
- package/dist/index.js.map +1 -1
- package/dist/nestjs/index.cjs +114 -50
- package/dist/nestjs/index.cjs.map +1 -1
- package/dist/nestjs/index.js +106 -61
- package/dist/nestjs/index.js.map +1 -1
- package/dist/wallet-auth/index.cjs +11 -5
- package/dist/wallet-auth/index.cjs.map +1 -1
- package/dist/wallet-auth/index.js +13 -6
- package/dist/wallet-auth/index.js.map +1 -1
- package/package.json +4 -2
- package/dist/chunk-BRKEJJFQ.js +0 -17
- /package/dist/{chunk-BRKEJJFQ.js.map → chunk-7QVYU63E.js.map} +0 -0
|
@@ -1,37 +1,50 @@
|
|
|
1
1
|
import {
|
|
2
2
|
PafiAuthClient
|
|
3
|
-
} from "../chunk-
|
|
3
|
+
} from "../chunk-2Z3M2KQG.js";
|
|
4
4
|
import {
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
} from "../chunk-BRKEJJFQ.js";
|
|
5
|
+
__name
|
|
6
|
+
} from "../chunk-7QVYU63E.js";
|
|
8
7
|
|
|
9
8
|
// src/direct-auth/pafi-direct-auth.module.ts
|
|
10
|
-
import {
|
|
11
|
-
Module
|
|
12
|
-
} from "@nestjs/common";
|
|
9
|
+
import { Module } from "@nestjs/common";
|
|
13
10
|
|
|
14
11
|
// src/direct-auth/services/pafi-auth-client.provider.ts
|
|
15
12
|
import { Injectable, Inject } from "@nestjs/common";
|
|
16
13
|
|
|
17
14
|
// src/direct-auth/pafi-direct-auth.module-options.ts
|
|
18
|
-
var PAFI_DIRECT_AUTH_MODULE_OPTIONS = /* @__PURE__ */ Symbol(
|
|
19
|
-
"PAFI_DIRECT_AUTH_MODULE_OPTIONS"
|
|
20
|
-
);
|
|
15
|
+
var PAFI_DIRECT_AUTH_MODULE_OPTIONS = /* @__PURE__ */ Symbol("PAFI_DIRECT_AUTH_MODULE_OPTIONS");
|
|
21
16
|
|
|
22
17
|
// src/direct-auth/services/pafi-auth-client.provider.ts
|
|
18
|
+
function _ts_decorate(decorators, target, key, desc) {
|
|
19
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
20
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
21
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
22
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
23
|
+
}
|
|
24
|
+
__name(_ts_decorate, "_ts_decorate");
|
|
25
|
+
function _ts_metadata(k, v) {
|
|
26
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
27
|
+
}
|
|
28
|
+
__name(_ts_metadata, "_ts_metadata");
|
|
29
|
+
function _ts_param(paramIndex, decorator) {
|
|
30
|
+
return function(target, key) {
|
|
31
|
+
decorator(target, key, paramIndex);
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
__name(_ts_param, "_ts_param");
|
|
23
35
|
var PafiAuthClientProvider = class {
|
|
24
|
-
|
|
25
|
-
this
|
|
36
|
+
static {
|
|
37
|
+
__name(this, "PafiAuthClientProvider");
|
|
26
38
|
}
|
|
27
39
|
options;
|
|
28
40
|
_client;
|
|
41
|
+
constructor(options) {
|
|
42
|
+
this.options = options;
|
|
43
|
+
}
|
|
29
44
|
onModuleInit() {
|
|
30
45
|
const jwk = this.options.clientPrivateJwk;
|
|
31
46
|
if (!jwk.kid) {
|
|
32
|
-
throw new Error(
|
|
33
|
-
"PafiDirectAuthModule: clientPrivateJwk.kid is required \u2014 gateway uses kid for key lookup"
|
|
34
|
-
);
|
|
47
|
+
throw new Error("PafiDirectAuthModule: clientPrivateJwk.kid is required \u2014 gateway uses kid for key lookup");
|
|
35
48
|
}
|
|
36
49
|
this._client = new PafiAuthClient({
|
|
37
50
|
gatewayUrl: this.options.gatewayUrl,
|
|
@@ -44,25 +57,43 @@ var PafiAuthClientProvider = class {
|
|
|
44
57
|
return this._client;
|
|
45
58
|
}
|
|
46
59
|
};
|
|
47
|
-
PafiAuthClientProvider =
|
|
60
|
+
PafiAuthClientProvider = _ts_decorate([
|
|
48
61
|
Injectable(),
|
|
49
|
-
|
|
62
|
+
_ts_param(0, Inject(PAFI_DIRECT_AUTH_MODULE_OPTIONS)),
|
|
63
|
+
_ts_metadata("design:type", Function),
|
|
64
|
+
_ts_metadata("design:paramtypes", [
|
|
65
|
+
typeof PafiDirectAuthModuleOptions === "undefined" ? Object : PafiDirectAuthModuleOptions
|
|
66
|
+
])
|
|
50
67
|
], PafiAuthClientProvider);
|
|
51
68
|
|
|
52
69
|
// src/direct-auth/services/pafi-session-verifier.service.ts
|
|
53
|
-
import {
|
|
54
|
-
Injectable as Injectable2,
|
|
55
|
-
Inject as Inject2,
|
|
56
|
-
UnauthorizedException
|
|
57
|
-
} from "@nestjs/common";
|
|
70
|
+
import { Injectable as Injectable2, Inject as Inject2, UnauthorizedException } from "@nestjs/common";
|
|
58
71
|
import { createRemoteJWKSet, jwtVerify } from "jose";
|
|
72
|
+
function _ts_decorate2(decorators, target, key, desc) {
|
|
73
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
74
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
75
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
76
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
77
|
+
}
|
|
78
|
+
__name(_ts_decorate2, "_ts_decorate");
|
|
79
|
+
function _ts_metadata2(k, v) {
|
|
80
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
81
|
+
}
|
|
82
|
+
__name(_ts_metadata2, "_ts_metadata");
|
|
83
|
+
function _ts_param2(paramIndex, decorator) {
|
|
84
|
+
return function(target, key) {
|
|
85
|
+
decorator(target, key, paramIndex);
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
__name(_ts_param2, "_ts_param");
|
|
59
89
|
var PafiSessionVerifierService = class {
|
|
90
|
+
static {
|
|
91
|
+
__name(this, "PafiSessionVerifierService");
|
|
92
|
+
}
|
|
60
93
|
jwks;
|
|
61
94
|
expectedIssuer;
|
|
62
95
|
constructor(options) {
|
|
63
|
-
this.jwks = createRemoteJWKSet(
|
|
64
|
-
new URL(`${options.gatewayUrl}/.well-known/jwks.json`)
|
|
65
|
-
);
|
|
96
|
+
this.jwks = createRemoteJWKSet(new URL(`${options.gatewayUrl}/.well-known/jwks.json`));
|
|
66
97
|
this.expectedIssuer = options.gatewayUrl;
|
|
67
98
|
}
|
|
68
99
|
async verify(token) {
|
|
@@ -72,14 +103,10 @@ var PafiSessionVerifierService = class {
|
|
|
72
103
|
issuer: this.expectedIssuer
|
|
73
104
|
}));
|
|
74
105
|
} catch (err) {
|
|
75
|
-
throw new UnauthorizedException(
|
|
76
|
-
`Invalid pafi_session_token: ${err.message}`
|
|
77
|
-
);
|
|
106
|
+
throw new UnauthorizedException(`Invalid pafi_session_token: ${err.message}`);
|
|
78
107
|
}
|
|
79
108
|
if (payload.scope !== "pafi-session") {
|
|
80
|
-
throw new UnauthorizedException(
|
|
81
|
-
`pafi_session_token has wrong scope: ${String(payload.scope)}`
|
|
82
|
-
);
|
|
109
|
+
throw new UnauthorizedException(`pafi_session_token has wrong scope: ${String(payload.scope)}`);
|
|
83
110
|
}
|
|
84
111
|
if (typeof payload.sub !== "string") {
|
|
85
112
|
throw new UnauthorizedException("pafi_session_token missing sub");
|
|
@@ -87,9 +114,7 @@ var PafiSessionVerifierService = class {
|
|
|
87
114
|
if (typeof payload.exp !== "number" || typeof payload.iat !== "number") {
|
|
88
115
|
throw new UnauthorizedException("pafi_session_token missing iat/exp");
|
|
89
116
|
}
|
|
90
|
-
const verifiedAttribute = parseVerifiedAttribute(
|
|
91
|
-
payload.verified_attribute
|
|
92
|
-
);
|
|
117
|
+
const verifiedAttribute = parseVerifiedAttribute(payload.verified_attribute);
|
|
93
118
|
return {
|
|
94
119
|
sub: payload.sub,
|
|
95
120
|
scope: "pafi-session",
|
|
@@ -101,9 +126,13 @@ var PafiSessionVerifierService = class {
|
|
|
101
126
|
};
|
|
102
127
|
}
|
|
103
128
|
};
|
|
104
|
-
PafiSessionVerifierService =
|
|
129
|
+
PafiSessionVerifierService = _ts_decorate2([
|
|
105
130
|
Injectable2(),
|
|
106
|
-
|
|
131
|
+
_ts_param2(0, Inject2(PAFI_DIRECT_AUTH_MODULE_OPTIONS)),
|
|
132
|
+
_ts_metadata2("design:type", Function),
|
|
133
|
+
_ts_metadata2("design:paramtypes", [
|
|
134
|
+
typeof PafiDirectAuthModuleOptions === "undefined" ? Object : PafiDirectAuthModuleOptions
|
|
135
|
+
])
|
|
107
136
|
], PafiSessionVerifierService);
|
|
108
137
|
function parseVerifiedAttribute(raw) {
|
|
109
138
|
if (!raw || typeof raw !== "object") return void 0;
|
|
@@ -114,6 +143,7 @@ function parseVerifiedAttribute(raw) {
|
|
|
114
143
|
valueHash: typeof obj.value_hash === "string" ? obj.value_hash : void 0
|
|
115
144
|
};
|
|
116
145
|
}
|
|
146
|
+
__name(parseVerifiedAttribute, "parseVerifiedAttribute");
|
|
117
147
|
|
|
118
148
|
// src/direct-auth/services/pafi-direct-auth.service.ts
|
|
119
149
|
import { Injectable as Injectable3, Inject as Inject3, Logger } from "@nestjs/common";
|
|
@@ -125,18 +155,38 @@ var USER_STORE = /* @__PURE__ */ Symbol("USER_STORE");
|
|
|
125
155
|
var SESSION_TOKEN_MINTER = /* @__PURE__ */ Symbol("SESSION_TOKEN_MINTER");
|
|
126
156
|
|
|
127
157
|
// src/direct-auth/services/pafi-direct-auth.service.ts
|
|
128
|
-
|
|
158
|
+
function _ts_decorate3(decorators, target, key, desc) {
|
|
159
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
160
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
161
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
162
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
163
|
+
}
|
|
164
|
+
__name(_ts_decorate3, "_ts_decorate");
|
|
165
|
+
function _ts_metadata3(k, v) {
|
|
166
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
167
|
+
}
|
|
168
|
+
__name(_ts_metadata3, "_ts_metadata");
|
|
169
|
+
function _ts_param3(paramIndex, decorator) {
|
|
170
|
+
return function(target, key) {
|
|
171
|
+
decorator(target, key, paramIndex);
|
|
172
|
+
};
|
|
173
|
+
}
|
|
174
|
+
__name(_ts_param3, "_ts_param");
|
|
175
|
+
var PafiDirectAuthService = class _PafiDirectAuthService {
|
|
176
|
+
static {
|
|
177
|
+
__name(this, "PafiDirectAuthService");
|
|
178
|
+
}
|
|
179
|
+
clientProvider;
|
|
180
|
+
sessionVerifier;
|
|
181
|
+
userStore;
|
|
182
|
+
sessionTokenMinter;
|
|
183
|
+
logger = new Logger(_PafiDirectAuthService.name);
|
|
129
184
|
constructor(clientProvider, sessionVerifier, userStore, sessionTokenMinter) {
|
|
130
185
|
this.clientProvider = clientProvider;
|
|
131
186
|
this.sessionVerifier = sessionVerifier;
|
|
132
187
|
this.userStore = userStore;
|
|
133
188
|
this.sessionTokenMinter = sessionTokenMinter;
|
|
134
189
|
}
|
|
135
|
-
clientProvider;
|
|
136
|
-
sessionVerifier;
|
|
137
|
-
userStore;
|
|
138
|
-
sessionTokenMinter;
|
|
139
|
-
logger = new Logger(PafiDirectAuthService.name);
|
|
140
190
|
// ── Email OTP ────────────────────────────────────────────────────
|
|
141
191
|
async startEmail(args) {
|
|
142
192
|
return this.clientProvider.client.startEmail({
|
|
@@ -189,105 +239,146 @@ var PafiDirectAuthService = class {
|
|
|
189
239
|
pafiSessionToken: success.pafiSessionToken,
|
|
190
240
|
canonicalId: success.canonicalId,
|
|
191
241
|
isFirstLogin: success.isFirstLogin,
|
|
192
|
-
...success.verifiedEmail ? {
|
|
242
|
+
...success.verifiedEmail ? {
|
|
243
|
+
verifiedEmail: success.verifiedEmail
|
|
244
|
+
} : {}
|
|
193
245
|
};
|
|
194
246
|
}
|
|
195
247
|
};
|
|
196
|
-
PafiDirectAuthService =
|
|
248
|
+
PafiDirectAuthService = _ts_decorate3([
|
|
197
249
|
Injectable3(),
|
|
198
|
-
|
|
199
|
-
|
|
250
|
+
_ts_param3(2, Inject3(USER_STORE)),
|
|
251
|
+
_ts_param3(3, Inject3(SESSION_TOKEN_MINTER)),
|
|
252
|
+
_ts_metadata3("design:type", Function),
|
|
253
|
+
_ts_metadata3("design:paramtypes", [
|
|
254
|
+
typeof PafiAuthClientProvider === "undefined" ? Object : PafiAuthClientProvider,
|
|
255
|
+
typeof PafiSessionVerifierService === "undefined" ? Object : PafiSessionVerifierService,
|
|
256
|
+
typeof IUserStore === "undefined" ? Object : IUserStore,
|
|
257
|
+
typeof ISessionTokenMinter === "undefined" ? Object : ISessionTokenMinter
|
|
258
|
+
])
|
|
200
259
|
], PafiDirectAuthService);
|
|
201
260
|
|
|
202
261
|
// src/direct-auth/pafi-direct-auth.controller.ts
|
|
203
|
-
import {
|
|
204
|
-
Body,
|
|
205
|
-
Controller,
|
|
206
|
-
HttpCode,
|
|
207
|
-
HttpStatus,
|
|
208
|
-
Post
|
|
209
|
-
} from "@nestjs/common";
|
|
262
|
+
import { Body, Controller, HttpCode, HttpStatus, Post } from "@nestjs/common";
|
|
210
263
|
import { ApiOkResponse, ApiOperation, ApiTags } from "@nestjs/swagger";
|
|
211
264
|
|
|
212
265
|
// src/direct-auth/pafi-direct-auth.dto.ts
|
|
213
266
|
import { ApiProperty } from "@nestjs/swagger";
|
|
214
|
-
import {
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
267
|
+
import { IsEmail, IsNotEmpty, IsOptional, IsString, IsUrl, Length, MaxLength } from "class-validator";
|
|
268
|
+
function _ts_decorate4(decorators, target, key, desc) {
|
|
269
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
270
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
271
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
272
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
273
|
+
}
|
|
274
|
+
__name(_ts_decorate4, "_ts_decorate");
|
|
275
|
+
function _ts_metadata4(k, v) {
|
|
276
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
277
|
+
}
|
|
278
|
+
__name(_ts_metadata4, "_ts_metadata");
|
|
223
279
|
var EmailStartRequestDto = class {
|
|
280
|
+
static {
|
|
281
|
+
__name(this, "EmailStartRequestDto");
|
|
282
|
+
}
|
|
224
283
|
email;
|
|
225
284
|
};
|
|
226
|
-
|
|
227
|
-
ApiProperty({
|
|
285
|
+
_ts_decorate4([
|
|
286
|
+
ApiProperty({
|
|
287
|
+
example: "user1@example.com"
|
|
288
|
+
}),
|
|
228
289
|
IsEmail(),
|
|
229
|
-
MaxLength(320)
|
|
230
|
-
|
|
290
|
+
MaxLength(320),
|
|
291
|
+
_ts_metadata4("design:type", String)
|
|
292
|
+
], EmailStartRequestDto.prototype, "email", void 0);
|
|
231
293
|
var EmailVerifyRequestDto = class {
|
|
294
|
+
static {
|
|
295
|
+
__name(this, "EmailVerifyRequestDto");
|
|
296
|
+
}
|
|
232
297
|
challengeId;
|
|
233
298
|
otpCode;
|
|
234
299
|
};
|
|
235
|
-
|
|
300
|
+
_ts_decorate4([
|
|
236
301
|
ApiProperty({
|
|
237
302
|
description: "Challenge id returned by POST /auth/v2/email/start. Opaque to the FE; echo verbatim."
|
|
238
303
|
}),
|
|
239
304
|
IsString(),
|
|
240
305
|
IsNotEmpty(),
|
|
241
|
-
MaxLength(128)
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
306
|
+
MaxLength(128),
|
|
307
|
+
_ts_metadata4("design:type", String)
|
|
308
|
+
], EmailVerifyRequestDto.prototype, "challengeId", void 0);
|
|
309
|
+
_ts_decorate4([
|
|
310
|
+
ApiProperty({
|
|
311
|
+
example: "123456"
|
|
312
|
+
}),
|
|
245
313
|
IsString(),
|
|
246
|
-
Length(4, 10)
|
|
247
|
-
|
|
314
|
+
Length(4, 10),
|
|
315
|
+
_ts_metadata4("design:type", String)
|
|
316
|
+
], EmailVerifyRequestDto.prototype, "otpCode", void 0);
|
|
248
317
|
var GoogleExchangeRequestDto = class {
|
|
318
|
+
static {
|
|
319
|
+
__name(this, "GoogleExchangeRequestDto");
|
|
320
|
+
}
|
|
249
321
|
idToken;
|
|
250
322
|
};
|
|
251
|
-
|
|
323
|
+
_ts_decorate4([
|
|
252
324
|
ApiProperty({
|
|
253
325
|
description: "Google-issued ID token (JWS). Obtain on FE via Google Identity Services using PAFI's Google OAuth client_id."
|
|
254
326
|
}),
|
|
255
327
|
IsString(),
|
|
256
328
|
IsNotEmpty(),
|
|
257
|
-
MaxLength(8192)
|
|
258
|
-
|
|
329
|
+
MaxLength(8192),
|
|
330
|
+
_ts_metadata4("design:type", String)
|
|
331
|
+
], GoogleExchangeRequestDto.prototype, "idToken", void 0);
|
|
259
332
|
var KakaoExchangeRequestDto = class {
|
|
333
|
+
static {
|
|
334
|
+
__name(this, "KakaoExchangeRequestDto");
|
|
335
|
+
}
|
|
260
336
|
code;
|
|
261
337
|
redirectUri;
|
|
262
338
|
};
|
|
263
|
-
|
|
339
|
+
_ts_decorate4([
|
|
264
340
|
ApiProperty({
|
|
265
341
|
description: "Authorization code returned by Kakao to the FE redirect URL."
|
|
266
342
|
}),
|
|
267
343
|
IsString(),
|
|
268
344
|
IsNotEmpty(),
|
|
269
|
-
MaxLength(2048)
|
|
270
|
-
|
|
271
|
-
|
|
345
|
+
MaxLength(2048),
|
|
346
|
+
_ts_metadata4("design:type", String)
|
|
347
|
+
], KakaoExchangeRequestDto.prototype, "code", void 0);
|
|
348
|
+
_ts_decorate4([
|
|
272
349
|
ApiProperty({
|
|
273
350
|
description: "Redirect URI the FE used when initiating the Kakao flow. Optional \u2014 gateway falls back to its own KAKAO_REDIRECT_URI env.",
|
|
274
351
|
required: false
|
|
275
352
|
}),
|
|
276
353
|
IsOptional(),
|
|
277
|
-
IsUrl({
|
|
278
|
-
|
|
279
|
-
|
|
354
|
+
IsUrl({
|
|
355
|
+
require_tld: false,
|
|
356
|
+
require_protocol: true
|
|
357
|
+
}),
|
|
358
|
+
MaxLength(2048),
|
|
359
|
+
_ts_metadata4("design:type", String)
|
|
360
|
+
], KakaoExchangeRequestDto.prototype, "redirectUri", void 0);
|
|
280
361
|
var EmailStartResponseDto = class {
|
|
362
|
+
static {
|
|
363
|
+
__name(this, "EmailStartResponseDto");
|
|
364
|
+
}
|
|
281
365
|
challengeId;
|
|
282
366
|
expiresInSec;
|
|
283
367
|
};
|
|
284
|
-
|
|
285
|
-
ApiProperty()
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
368
|
+
_ts_decorate4([
|
|
369
|
+
ApiProperty(),
|
|
370
|
+
_ts_metadata4("design:type", String)
|
|
371
|
+
], EmailStartResponseDto.prototype, "challengeId", void 0);
|
|
372
|
+
_ts_decorate4([
|
|
373
|
+
ApiProperty({
|
|
374
|
+
description: "Seconds until the challenge expires."
|
|
375
|
+
}),
|
|
376
|
+
_ts_metadata4("design:type", Number)
|
|
377
|
+
], EmailStartResponseDto.prototype, "expiresInSec", void 0);
|
|
290
378
|
var PafiAuthSuccessDto = class {
|
|
379
|
+
static {
|
|
380
|
+
__name(this, "PafiAuthSuccessDto");
|
|
381
|
+
}
|
|
291
382
|
sessionToken;
|
|
292
383
|
sessionExpiresAt;
|
|
293
384
|
pafiJwt;
|
|
@@ -296,47 +387,80 @@ var PafiAuthSuccessDto = class {
|
|
|
296
387
|
isFirstLogin;
|
|
297
388
|
verifiedEmail;
|
|
298
389
|
};
|
|
299
|
-
|
|
390
|
+
_ts_decorate4([
|
|
300
391
|
ApiProperty({
|
|
301
392
|
description: "Issuer-native session token (typically HS256, minted by ISessionTokenMinter) \u2014 Bearer-auth for subsequent issuer API calls."
|
|
302
|
-
})
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
393
|
+
}),
|
|
394
|
+
_ts_metadata4("design:type", String)
|
|
395
|
+
], PafiAuthSuccessDto.prototype, "sessionToken", void 0);
|
|
396
|
+
_ts_decorate4([
|
|
397
|
+
ApiProperty({
|
|
398
|
+
description: "Issuer session token expiration (ISO 8601)."
|
|
399
|
+
}),
|
|
400
|
+
_ts_metadata4("design:type", String)
|
|
401
|
+
], PafiAuthSuccessDto.prototype, "sessionExpiresAt", void 0);
|
|
402
|
+
_ts_decorate4([
|
|
308
403
|
ApiProperty({
|
|
309
404
|
description: "Short-lived PAFI JWT (60s) \u2014 FE feeds verbatim to Privy.loginWithCustomAuth() to provision the embedded wallet."
|
|
310
|
-
})
|
|
311
|
-
|
|
312
|
-
|
|
405
|
+
}),
|
|
406
|
+
_ts_metadata4("design:type", String)
|
|
407
|
+
], PafiAuthSuccessDto.prototype, "pafiJwt", void 0);
|
|
408
|
+
_ts_decorate4([
|
|
313
409
|
ApiProperty({
|
|
314
410
|
description: "Long-lived PAFI session token (24h) \u2014 opaque to FE; keep alongside sessionToken if you ever need to call the gateway directly."
|
|
315
|
-
})
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
411
|
+
}),
|
|
412
|
+
_ts_metadata4("design:type", String)
|
|
413
|
+
], PafiAuthSuccessDto.prototype, "pafiSessionToken", void 0);
|
|
414
|
+
_ts_decorate4([
|
|
415
|
+
ApiProperty({
|
|
416
|
+
description: "canonical_pafi_user_id assigned by the gateway."
|
|
417
|
+
}),
|
|
418
|
+
_ts_metadata4("design:type", String)
|
|
419
|
+
], PafiAuthSuccessDto.prototype, "canonicalId", void 0);
|
|
420
|
+
_ts_decorate4([
|
|
321
421
|
ApiProperty({
|
|
322
422
|
description: "True the first time the user appears at the gateway."
|
|
323
|
-
})
|
|
324
|
-
|
|
325
|
-
|
|
423
|
+
}),
|
|
424
|
+
_ts_metadata4("design:type", Boolean)
|
|
425
|
+
], PafiAuthSuccessDto.prototype, "isFirstLogin", void 0);
|
|
426
|
+
_ts_decorate4([
|
|
326
427
|
ApiProperty({
|
|
327
428
|
description: "Verified email (when the auth method exposed one \u2014 email OTP and Google always; Kakao only if the user shared their email).",
|
|
328
429
|
required: false
|
|
329
|
-
})
|
|
330
|
-
|
|
430
|
+
}),
|
|
431
|
+
_ts_metadata4("design:type", String)
|
|
432
|
+
], PafiAuthSuccessDto.prototype, "verifiedEmail", void 0);
|
|
331
433
|
|
|
332
434
|
// src/direct-auth/pafi-direct-auth.controller.ts
|
|
435
|
+
function _ts_decorate5(decorators, target, key, desc) {
|
|
436
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
437
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
438
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
439
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
440
|
+
}
|
|
441
|
+
__name(_ts_decorate5, "_ts_decorate");
|
|
442
|
+
function _ts_metadata5(k, v) {
|
|
443
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
444
|
+
}
|
|
445
|
+
__name(_ts_metadata5, "_ts_metadata");
|
|
446
|
+
function _ts_param4(paramIndex, decorator) {
|
|
447
|
+
return function(target, key) {
|
|
448
|
+
decorator(target, key, paramIndex);
|
|
449
|
+
};
|
|
450
|
+
}
|
|
451
|
+
__name(_ts_param4, "_ts_param");
|
|
333
452
|
var PafiDirectAuthController = class {
|
|
453
|
+
static {
|
|
454
|
+
__name(this, "PafiDirectAuthController");
|
|
455
|
+
}
|
|
456
|
+
directAuth;
|
|
334
457
|
constructor(directAuth) {
|
|
335
458
|
this.directAuth = directAuth;
|
|
336
459
|
}
|
|
337
|
-
directAuth;
|
|
338
460
|
async startEmail(body) {
|
|
339
|
-
const res = await this.directAuth.startEmail({
|
|
461
|
+
const res = await this.directAuth.startEmail({
|
|
462
|
+
email: body.email
|
|
463
|
+
});
|
|
340
464
|
return {
|
|
341
465
|
challengeId: res.challengeId,
|
|
342
466
|
expiresInSec: res.expiresInSec
|
|
@@ -349,7 +473,9 @@ var PafiDirectAuthController = class {
|
|
|
349
473
|
});
|
|
350
474
|
}
|
|
351
475
|
async exchangeGoogle(body) {
|
|
352
|
-
return this.directAuth.exchangeGoogle({
|
|
476
|
+
return this.directAuth.exchangeGoogle({
|
|
477
|
+
idToken: body.idToken
|
|
478
|
+
});
|
|
353
479
|
}
|
|
354
480
|
async exchangeKakao(body) {
|
|
355
481
|
return this.directAuth.exchangeKakao({
|
|
@@ -358,58 +484,102 @@ var PafiDirectAuthController = class {
|
|
|
358
484
|
});
|
|
359
485
|
}
|
|
360
486
|
};
|
|
361
|
-
|
|
487
|
+
_ts_decorate5([
|
|
362
488
|
Post("email/start"),
|
|
363
489
|
HttpCode(HttpStatus.OK),
|
|
364
490
|
ApiOperation({
|
|
365
491
|
summary: "Step 1: ask gateway to send an OTP to the user email.",
|
|
366
492
|
description: "Gateway generates the OTP, sends it via its configured email provider, and returns an opaque challenge_id. The FE echoes that challenge_id back on step 2 along with the code the user typed."
|
|
367
493
|
}),
|
|
368
|
-
ApiOkResponse({
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
494
|
+
ApiOkResponse({
|
|
495
|
+
type: EmailStartResponseDto
|
|
496
|
+
}),
|
|
497
|
+
_ts_param4(0, Body()),
|
|
498
|
+
_ts_metadata5("design:type", Function),
|
|
499
|
+
_ts_metadata5("design:paramtypes", [
|
|
500
|
+
typeof EmailStartRequestDto === "undefined" ? Object : EmailStartRequestDto
|
|
501
|
+
]),
|
|
502
|
+
_ts_metadata5("design:returntype", Promise)
|
|
503
|
+
], PafiDirectAuthController.prototype, "startEmail", null);
|
|
504
|
+
_ts_decorate5([
|
|
372
505
|
Post("email/verify"),
|
|
373
506
|
HttpCode(HttpStatus.OK),
|
|
374
507
|
ApiOperation({
|
|
375
508
|
summary: "Step 2: submit the OTP to complete email sign-in.",
|
|
376
509
|
description: "Gateway verifies the OTP, derives canonical_id from the verified email, and mints both a pafi_session_token (24h, gateway-signed) and pafi_jwt (60s, for Privy.loginWithCustomAuth). Issuer wraps these in a session token of its own (sub = canonical_id) so existing guards keep working."
|
|
377
510
|
}),
|
|
378
|
-
ApiOkResponse({
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
511
|
+
ApiOkResponse({
|
|
512
|
+
type: PafiAuthSuccessDto
|
|
513
|
+
}),
|
|
514
|
+
_ts_param4(0, Body()),
|
|
515
|
+
_ts_metadata5("design:type", Function),
|
|
516
|
+
_ts_metadata5("design:paramtypes", [
|
|
517
|
+
typeof EmailVerifyRequestDto === "undefined" ? Object : EmailVerifyRequestDto
|
|
518
|
+
]),
|
|
519
|
+
_ts_metadata5("design:returntype", Promise)
|
|
520
|
+
], PafiDirectAuthController.prototype, "verifyEmail", null);
|
|
521
|
+
_ts_decorate5([
|
|
382
522
|
Post("google/exchange"),
|
|
383
523
|
HttpCode(HttpStatus.OK),
|
|
384
524
|
ApiOperation({
|
|
385
525
|
summary: "Sign in with Google.",
|
|
386
526
|
description: "Hand the gateway a Google-issued id_token (FE obtains via Google Identity Services using PAFI's shared client_id). Gateway verifies signature + email_verified, derives canonical_id from the email, returns the same token bundle as /email/verify."
|
|
387
527
|
}),
|
|
388
|
-
ApiOkResponse({
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
528
|
+
ApiOkResponse({
|
|
529
|
+
type: PafiAuthSuccessDto
|
|
530
|
+
}),
|
|
531
|
+
_ts_param4(0, Body()),
|
|
532
|
+
_ts_metadata5("design:type", Function),
|
|
533
|
+
_ts_metadata5("design:paramtypes", [
|
|
534
|
+
typeof GoogleExchangeRequestDto === "undefined" ? Object : GoogleExchangeRequestDto
|
|
535
|
+
]),
|
|
536
|
+
_ts_metadata5("design:returntype", Promise)
|
|
537
|
+
], PafiDirectAuthController.prototype, "exchangeGoogle", null);
|
|
538
|
+
_ts_decorate5([
|
|
392
539
|
Post("kakao/exchange"),
|
|
393
540
|
HttpCode(HttpStatus.OK),
|
|
394
541
|
ApiOperation({
|
|
395
542
|
summary: "Sign in with Kakao.",
|
|
396
543
|
description: "Hand the gateway the authorization code Kakao redirected back to the FE. Gateway exchanges with Kakao server-to-server (using PAFI-held client_secret), verifies the id_token, and returns the same token bundle as /email/verify. canonical_id derives from email when present, else from the Kakao sub."
|
|
397
544
|
}),
|
|
398
|
-
ApiOkResponse({
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
|
|
545
|
+
ApiOkResponse({
|
|
546
|
+
type: PafiAuthSuccessDto
|
|
547
|
+
}),
|
|
548
|
+
_ts_param4(0, Body()),
|
|
549
|
+
_ts_metadata5("design:type", Function),
|
|
550
|
+
_ts_metadata5("design:paramtypes", [
|
|
551
|
+
typeof KakaoExchangeRequestDto === "undefined" ? Object : KakaoExchangeRequestDto
|
|
552
|
+
]),
|
|
553
|
+
_ts_metadata5("design:returntype", Promise)
|
|
554
|
+
], PafiDirectAuthController.prototype, "exchangeKakao", null);
|
|
555
|
+
PafiDirectAuthController = _ts_decorate5([
|
|
402
556
|
ApiTags("pafi-auth-v2"),
|
|
403
|
-
Controller("auth/v2")
|
|
557
|
+
Controller("auth/v2"),
|
|
558
|
+
_ts_metadata5("design:type", Function),
|
|
559
|
+
_ts_metadata5("design:paramtypes", [
|
|
560
|
+
typeof PafiDirectAuthService === "undefined" ? Object : PafiDirectAuthService
|
|
561
|
+
])
|
|
404
562
|
], PafiDirectAuthController);
|
|
405
563
|
|
|
406
564
|
// src/direct-auth/pafi-direct-auth.module.ts
|
|
407
|
-
|
|
565
|
+
function _ts_decorate6(decorators, target, key, desc) {
|
|
566
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
567
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
568
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
569
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
570
|
+
}
|
|
571
|
+
__name(_ts_decorate6, "_ts_decorate");
|
|
572
|
+
var PafiDirectAuthModule = class _PafiDirectAuthModule {
|
|
573
|
+
static {
|
|
574
|
+
__name(this, "PafiDirectAuthModule");
|
|
575
|
+
}
|
|
408
576
|
static forRoot(options) {
|
|
409
577
|
return {
|
|
410
|
-
module:
|
|
578
|
+
module: _PafiDirectAuthModule,
|
|
411
579
|
imports: options.imports ?? [],
|
|
412
|
-
controllers: [
|
|
580
|
+
controllers: [
|
|
581
|
+
PafiDirectAuthController
|
|
582
|
+
],
|
|
413
583
|
providers: [
|
|
414
584
|
{
|
|
415
585
|
provide: PAFI_DIRECT_AUTH_MODULE_OPTIONS,
|
|
@@ -443,7 +613,7 @@ var PafiDirectAuthModule = class {
|
|
|
443
613
|
};
|
|
444
614
|
}
|
|
445
615
|
};
|
|
446
|
-
PafiDirectAuthModule =
|
|
616
|
+
PafiDirectAuthModule = _ts_decorate6([
|
|
447
617
|
Module({})
|
|
448
618
|
], PafiDirectAuthModule);
|
|
449
619
|
export {
|