@pafi-dev/issuer 0.39.2 → 0.39.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth-client/index.cjs +65 -79
- package/dist/auth-client/index.cjs.map +1 -1
- package/dist/auth-client/index.js +2 -2
- package/dist/{chunk-7VEYSL2C.js → chunk-2Z3M2KQG.js} +69 -80
- package/dist/{chunk-7VEYSL2C.js.map → chunk-2Z3M2KQG.js.map} +1 -1
- package/dist/chunk-7QVYU63E.js +7 -0
- package/dist/{chunk-QLNGNH4A.js → chunk-RNQQYJIB.js} +23 -7
- package/dist/{chunk-QLNGNH4A.js.map → chunk-RNQQYJIB.js.map} +1 -1
- package/dist/direct-auth/index.cjs +363 -195
- package/dist/direct-auth/index.cjs.map +1 -1
- package/dist/direct-auth/index.js +304 -132
- package/dist/direct-auth/index.js.map +1 -1
- package/dist/http/index.cjs +14 -1
- package/dist/http/index.cjs.map +1 -1
- package/dist/http/index.js +2 -2
- package/dist/index.cjs +1096 -1280
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +1094 -1355
- package/dist/index.js.map +1 -1
- package/dist/nestjs/index.cjs +114 -50
- package/dist/nestjs/index.cjs.map +1 -1
- package/dist/nestjs/index.js +106 -61
- package/dist/nestjs/index.js.map +1 -1
- package/dist/wallet-auth/index.cjs +11 -5
- package/dist/wallet-auth/index.cjs.map +1 -1
- package/dist/wallet-auth/index.js +13 -6
- package/dist/wallet-auth/index.js.map +1 -1
- package/package.json +4 -2
- package/dist/chunk-BRKEJJFQ.js +0 -17
- /package/dist/{chunk-BRKEJJFQ.js.map → chunk-7QVYU63E.js.map} +0 -0
|
@@ -3,6 +3,7 @@ var __defProp = Object.defineProperty;
|
|
|
3
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
6
7
|
var __export = (target, all) => {
|
|
7
8
|
for (var name in all)
|
|
8
9
|
__defProp(target, name, { get: all[name], enumerable: true });
|
|
@@ -16,15 +17,6 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
16
17
|
return to;
|
|
17
18
|
};
|
|
18
19
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
-
var __decorateClass = (decorators, target, key, kind) => {
|
|
20
|
-
var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
|
|
21
|
-
for (var i = decorators.length - 1, decorator; i >= 0; i--)
|
|
22
|
-
if (decorator = decorators[i])
|
|
23
|
-
result = (kind ? decorator(target, key, result) : decorator(result)) || result;
|
|
24
|
-
if (kind && result) __defProp(target, key, result);
|
|
25
|
-
return result;
|
|
26
|
-
};
|
|
27
|
-
var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
|
|
28
20
|
|
|
29
21
|
// src/direct-auth/index.ts
|
|
30
22
|
var direct_auth_exports = {};
|
|
@@ -62,117 +54,109 @@ async function signClientAssertion(args) {
|
|
|
62
54
|
const alg = args.alg ?? args.privateJwk.alg ?? "ES256";
|
|
63
55
|
const key = await (0, import_jose.importJWK)(args.privateJwk, alg);
|
|
64
56
|
const now = Math.floor(Date.now() / 1e3);
|
|
65
|
-
return new import_jose.SignJWT({}).setProtectedHeader({
|
|
57
|
+
return new import_jose.SignJWT({}).setProtectedHeader({
|
|
58
|
+
alg,
|
|
59
|
+
typ: "JWT",
|
|
60
|
+
kid: args.privateJwk.kid
|
|
61
|
+
}).setIssuer(args.clientId).setSubject(args.clientId).setAudience(`${args.gatewayUrl}/v1/token-exchange`).setIssuedAt(now).setExpirationTime(now + 60).setJti((0, import_node_crypto.randomUUID)()).sign(key);
|
|
66
62
|
}
|
|
63
|
+
__name(signClientAssertion, "signClientAssertion");
|
|
67
64
|
|
|
68
65
|
// src/auth-client/types.ts
|
|
69
66
|
var PafiAuthError = class extends Error {
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
this.status = status;
|
|
73
|
-
this.code = code;
|
|
74
|
-
this.correlationId = correlationId;
|
|
75
|
-
this.name = "PafiAuthError";
|
|
67
|
+
static {
|
|
68
|
+
__name(this, "PafiAuthError");
|
|
76
69
|
}
|
|
77
70
|
status;
|
|
78
71
|
code;
|
|
79
72
|
correlationId;
|
|
73
|
+
constructor(message, status, code, correlationId) {
|
|
74
|
+
super(message), this.status = status, this.code = code, this.correlationId = correlationId;
|
|
75
|
+
this.name = "PafiAuthError";
|
|
76
|
+
}
|
|
80
77
|
};
|
|
81
78
|
|
|
82
79
|
// src/auth-client/pafi-auth-client.ts
|
|
83
80
|
var PafiAuthClient = class {
|
|
81
|
+
static {
|
|
82
|
+
__name(this, "PafiAuthClient");
|
|
83
|
+
}
|
|
84
|
+
opts;
|
|
85
|
+
fetchImpl;
|
|
86
|
+
tokenExchangeAud;
|
|
84
87
|
constructor(opts) {
|
|
85
88
|
this.opts = opts;
|
|
86
89
|
if (!opts.clientPrivateJwk.kid) {
|
|
87
|
-
throw new Error(
|
|
88
|
-
"PafiAuthClient: clientPrivateJwk.kid is required (gateway uses kid to look up the verification key)"
|
|
89
|
-
);
|
|
90
|
+
throw new Error("PafiAuthClient: clientPrivateJwk.kid is required (gateway uses kid to look up the verification key)");
|
|
90
91
|
}
|
|
91
92
|
this.fetchImpl = opts.fetchImpl ?? fetch;
|
|
92
93
|
this.tokenExchangeAud = `${opts.gatewayUrl}/v1/token-exchange`;
|
|
93
94
|
}
|
|
94
|
-
opts;
|
|
95
|
-
fetchImpl;
|
|
96
|
-
tokenExchangeAud;
|
|
97
95
|
// ───────────────────────────────────────────────────────────────
|
|
98
96
|
// EMAIL OTP — 2-step
|
|
99
97
|
// ───────────────────────────────────────────────────────────────
|
|
100
98
|
/**
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
99
|
+
* Step 1: ask the gateway to send the user an OTP. Returns the
|
|
100
|
+
* `challengeId` to echo back on {@link verifyEmail}.
|
|
101
|
+
*/
|
|
104
102
|
async startEmail(args) {
|
|
105
|
-
const res = await this.post(
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
email: args.email
|
|
110
|
-
},
|
|
111
|
-
args.correlationId
|
|
112
|
-
);
|
|
103
|
+
const res = await this.post("/v1/auth/email/start", {
|
|
104
|
+
issuer_id: this.opts.issuerId,
|
|
105
|
+
email: args.email
|
|
106
|
+
}, args.correlationId);
|
|
113
107
|
return {
|
|
114
108
|
challengeId: res.challenge_id,
|
|
115
109
|
expiresInSec: res.expires_in
|
|
116
110
|
};
|
|
117
111
|
}
|
|
118
112
|
/**
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
113
|
+
* Step 2: submit the OTP the user received. On success returns
|
|
114
|
+
* {@link AuthSuccess} containing BOTH the long-lived
|
|
115
|
+
* pafi_session_token (issuer verifies via gateway JWKS) AND the
|
|
116
|
+
* short-lived pafi_jwt (issuer FE feeds to Privy).
|
|
117
|
+
*/
|
|
124
118
|
async verifyEmail(args) {
|
|
125
|
-
const res = await this.post(
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
otp_code: args.otpCode
|
|
130
|
-
},
|
|
131
|
-
args.correlationId
|
|
132
|
-
);
|
|
119
|
+
const res = await this.post("/v1/auth/email/verify", {
|
|
120
|
+
challenge_id: args.challengeId,
|
|
121
|
+
otp_code: args.otpCode
|
|
122
|
+
}, args.correlationId);
|
|
133
123
|
return mapAuthSuccess(res);
|
|
134
124
|
}
|
|
135
125
|
// ───────────────────────────────────────────────────────────────
|
|
136
126
|
// GOOGLE — 1-step exchange
|
|
137
127
|
// ───────────────────────────────────────────────────────────────
|
|
138
128
|
/**
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
129
|
+
* Hand the gateway an id_token the issuer FE obtained from Google
|
|
130
|
+
* Identity Services (using PAFI's shared client_id). Gateway verifies
|
|
131
|
+
* signature + audience + `email_verified` before resolving identity.
|
|
132
|
+
*/
|
|
143
133
|
async exchangeGoogle(args) {
|
|
144
|
-
const res = await this.post(
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
id_token: args.idToken
|
|
149
|
-
},
|
|
150
|
-
args.correlationId
|
|
151
|
-
);
|
|
134
|
+
const res = await this.post("/v1/auth/google/exchange", {
|
|
135
|
+
issuer_id: this.opts.issuerId,
|
|
136
|
+
id_token: args.idToken
|
|
137
|
+
}, args.correlationId);
|
|
152
138
|
return mapAuthSuccess(res);
|
|
153
139
|
}
|
|
154
140
|
// ───────────────────────────────────────────────────────────────
|
|
155
141
|
// KAKAO — 1-step exchange (authorization code)
|
|
156
142
|
// ───────────────────────────────────────────────────────────────
|
|
157
143
|
/**
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
144
|
+
* Hand the gateway the authorization code returned by Kakao's
|
|
145
|
+
* redirect. Gateway exchanges with Kakao (server-to-server using
|
|
146
|
+
* PAFI's client_secret), verifies id_token, resolves identity.
|
|
147
|
+
*
|
|
148
|
+
* `redirectUri` must match the URL the FE used when starting the
|
|
149
|
+
* Kakao flow. Falls back to the gateway's KAKAO_REDIRECT_URI when
|
|
150
|
+
* omitted — pass an explicit value for multi-environment FEs.
|
|
151
|
+
*/
|
|
166
152
|
async exchangeKakao(args) {
|
|
167
|
-
const res = await this.post(
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
args.correlationId
|
|
175
|
-
);
|
|
153
|
+
const res = await this.post("/v1/auth/kakao/exchange", {
|
|
154
|
+
issuer_id: this.opts.issuerId,
|
|
155
|
+
code: args.code,
|
|
156
|
+
...args.redirectUri ? {
|
|
157
|
+
redirect_uri: args.redirectUri
|
|
158
|
+
} : {}
|
|
159
|
+
}, args.correlationId);
|
|
176
160
|
return mapAuthSuccess(res);
|
|
177
161
|
}
|
|
178
162
|
// ───────────────────────────────────────────────────────────────
|
|
@@ -198,21 +182,11 @@ var PafiAuthClient = class {
|
|
|
198
182
|
try {
|
|
199
183
|
parsed = text ? JSON.parse(text) : {};
|
|
200
184
|
} catch {
|
|
201
|
-
throw new PafiAuthError(
|
|
202
|
-
`Non-JSON response from gateway (${path}): ${text.slice(0, 120)}`,
|
|
203
|
-
res.status,
|
|
204
|
-
"non_json_response",
|
|
205
|
-
finalCorrelationId
|
|
206
|
-
);
|
|
185
|
+
throw new PafiAuthError(`Non-JSON response from gateway (${path}): ${text.slice(0, 120)}`, res.status, "non_json_response", finalCorrelationId);
|
|
207
186
|
}
|
|
208
187
|
if (!res.ok) {
|
|
209
188
|
const err = parsed;
|
|
210
|
-
throw new PafiAuthError(
|
|
211
|
-
err.error_description ?? err.error ?? `Gateway returned HTTP ${res.status}`,
|
|
212
|
-
res.status,
|
|
213
|
-
err.error ?? "unknown_error",
|
|
214
|
-
err.correlation_id ?? finalCorrelationId
|
|
215
|
-
);
|
|
189
|
+
throw new PafiAuthError(err.error_description ?? err.error ?? `Gateway returned HTTP ${res.status}`, res.status, err.error ?? "unknown_error", err.correlation_id ?? finalCorrelationId);
|
|
216
190
|
}
|
|
217
191
|
return parsed;
|
|
218
192
|
}
|
|
@@ -224,28 +198,47 @@ function mapAuthSuccess(res) {
|
|
|
224
198
|
canonicalId: res.canonical_id,
|
|
225
199
|
expiresAt: res.expires_at,
|
|
226
200
|
isFirstLogin: res.is_first_login,
|
|
227
|
-
...res.verified_email ? {
|
|
201
|
+
...res.verified_email ? {
|
|
202
|
+
verifiedEmail: res.verified_email
|
|
203
|
+
} : {}
|
|
228
204
|
};
|
|
229
205
|
}
|
|
206
|
+
__name(mapAuthSuccess, "mapAuthSuccess");
|
|
230
207
|
|
|
231
208
|
// src/direct-auth/pafi-direct-auth.module-options.ts
|
|
232
|
-
var PAFI_DIRECT_AUTH_MODULE_OPTIONS = /* @__PURE__ */ Symbol(
|
|
233
|
-
"PAFI_DIRECT_AUTH_MODULE_OPTIONS"
|
|
234
|
-
);
|
|
209
|
+
var PAFI_DIRECT_AUTH_MODULE_OPTIONS = /* @__PURE__ */ Symbol("PAFI_DIRECT_AUTH_MODULE_OPTIONS");
|
|
235
210
|
|
|
236
211
|
// src/direct-auth/services/pafi-auth-client.provider.ts
|
|
212
|
+
function _ts_decorate(decorators, target, key, desc) {
|
|
213
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
214
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
215
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
216
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
217
|
+
}
|
|
218
|
+
__name(_ts_decorate, "_ts_decorate");
|
|
219
|
+
function _ts_metadata(k, v) {
|
|
220
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
221
|
+
}
|
|
222
|
+
__name(_ts_metadata, "_ts_metadata");
|
|
223
|
+
function _ts_param(paramIndex, decorator) {
|
|
224
|
+
return function(target, key) {
|
|
225
|
+
decorator(target, key, paramIndex);
|
|
226
|
+
};
|
|
227
|
+
}
|
|
228
|
+
__name(_ts_param, "_ts_param");
|
|
237
229
|
var PafiAuthClientProvider = class {
|
|
238
|
-
|
|
239
|
-
this
|
|
230
|
+
static {
|
|
231
|
+
__name(this, "PafiAuthClientProvider");
|
|
240
232
|
}
|
|
241
233
|
options;
|
|
242
234
|
_client;
|
|
235
|
+
constructor(options) {
|
|
236
|
+
this.options = options;
|
|
237
|
+
}
|
|
243
238
|
onModuleInit() {
|
|
244
239
|
const jwk = this.options.clientPrivateJwk;
|
|
245
240
|
if (!jwk.kid) {
|
|
246
|
-
throw new Error(
|
|
247
|
-
"PafiDirectAuthModule: clientPrivateJwk.kid is required \u2014 gateway uses kid for key lookup"
|
|
248
|
-
);
|
|
241
|
+
throw new Error("PafiDirectAuthModule: clientPrivateJwk.kid is required \u2014 gateway uses kid for key lookup");
|
|
249
242
|
}
|
|
250
243
|
this._client = new PafiAuthClient({
|
|
251
244
|
gatewayUrl: this.options.gatewayUrl,
|
|
@@ -258,21 +251,43 @@ var PafiAuthClientProvider = class {
|
|
|
258
251
|
return this._client;
|
|
259
252
|
}
|
|
260
253
|
};
|
|
261
|
-
PafiAuthClientProvider =
|
|
254
|
+
PafiAuthClientProvider = _ts_decorate([
|
|
262
255
|
(0, import_common.Injectable)(),
|
|
263
|
-
|
|
256
|
+
_ts_param(0, (0, import_common.Inject)(PAFI_DIRECT_AUTH_MODULE_OPTIONS)),
|
|
257
|
+
_ts_metadata("design:type", Function),
|
|
258
|
+
_ts_metadata("design:paramtypes", [
|
|
259
|
+
typeof PafiDirectAuthModuleOptions === "undefined" ? Object : PafiDirectAuthModuleOptions
|
|
260
|
+
])
|
|
264
261
|
], PafiAuthClientProvider);
|
|
265
262
|
|
|
266
263
|
// src/direct-auth/services/pafi-session-verifier.service.ts
|
|
267
264
|
var import_common2 = require("@nestjs/common");
|
|
268
265
|
var import_jose2 = require("jose");
|
|
266
|
+
function _ts_decorate2(decorators, target, key, desc) {
|
|
267
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
268
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
269
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
270
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
271
|
+
}
|
|
272
|
+
__name(_ts_decorate2, "_ts_decorate");
|
|
273
|
+
function _ts_metadata2(k, v) {
|
|
274
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
275
|
+
}
|
|
276
|
+
__name(_ts_metadata2, "_ts_metadata");
|
|
277
|
+
function _ts_param2(paramIndex, decorator) {
|
|
278
|
+
return function(target, key) {
|
|
279
|
+
decorator(target, key, paramIndex);
|
|
280
|
+
};
|
|
281
|
+
}
|
|
282
|
+
__name(_ts_param2, "_ts_param");
|
|
269
283
|
var PafiSessionVerifierService = class {
|
|
284
|
+
static {
|
|
285
|
+
__name(this, "PafiSessionVerifierService");
|
|
286
|
+
}
|
|
270
287
|
jwks;
|
|
271
288
|
expectedIssuer;
|
|
272
289
|
constructor(options) {
|
|
273
|
-
this.jwks = (0, import_jose2.createRemoteJWKSet)(
|
|
274
|
-
new URL(`${options.gatewayUrl}/.well-known/jwks.json`)
|
|
275
|
-
);
|
|
290
|
+
this.jwks = (0, import_jose2.createRemoteJWKSet)(new URL(`${options.gatewayUrl}/.well-known/jwks.json`));
|
|
276
291
|
this.expectedIssuer = options.gatewayUrl;
|
|
277
292
|
}
|
|
278
293
|
async verify(token) {
|
|
@@ -282,14 +297,10 @@ var PafiSessionVerifierService = class {
|
|
|
282
297
|
issuer: this.expectedIssuer
|
|
283
298
|
}));
|
|
284
299
|
} catch (err) {
|
|
285
|
-
throw new import_common2.UnauthorizedException(
|
|
286
|
-
`Invalid pafi_session_token: ${err.message}`
|
|
287
|
-
);
|
|
300
|
+
throw new import_common2.UnauthorizedException(`Invalid pafi_session_token: ${err.message}`);
|
|
288
301
|
}
|
|
289
302
|
if (payload.scope !== "pafi-session") {
|
|
290
|
-
throw new import_common2.UnauthorizedException(
|
|
291
|
-
`pafi_session_token has wrong scope: ${String(payload.scope)}`
|
|
292
|
-
);
|
|
303
|
+
throw new import_common2.UnauthorizedException(`pafi_session_token has wrong scope: ${String(payload.scope)}`);
|
|
293
304
|
}
|
|
294
305
|
if (typeof payload.sub !== "string") {
|
|
295
306
|
throw new import_common2.UnauthorizedException("pafi_session_token missing sub");
|
|
@@ -297,9 +308,7 @@ var PafiSessionVerifierService = class {
|
|
|
297
308
|
if (typeof payload.exp !== "number" || typeof payload.iat !== "number") {
|
|
298
309
|
throw new import_common2.UnauthorizedException("pafi_session_token missing iat/exp");
|
|
299
310
|
}
|
|
300
|
-
const verifiedAttribute = parseVerifiedAttribute(
|
|
301
|
-
payload.verified_attribute
|
|
302
|
-
);
|
|
311
|
+
const verifiedAttribute = parseVerifiedAttribute(payload.verified_attribute);
|
|
303
312
|
return {
|
|
304
313
|
sub: payload.sub,
|
|
305
314
|
scope: "pafi-session",
|
|
@@ -311,9 +320,13 @@ var PafiSessionVerifierService = class {
|
|
|
311
320
|
};
|
|
312
321
|
}
|
|
313
322
|
};
|
|
314
|
-
PafiSessionVerifierService =
|
|
323
|
+
PafiSessionVerifierService = _ts_decorate2([
|
|
315
324
|
(0, import_common2.Injectable)(),
|
|
316
|
-
|
|
325
|
+
_ts_param2(0, (0, import_common2.Inject)(PAFI_DIRECT_AUTH_MODULE_OPTIONS)),
|
|
326
|
+
_ts_metadata2("design:type", Function),
|
|
327
|
+
_ts_metadata2("design:paramtypes", [
|
|
328
|
+
typeof PafiDirectAuthModuleOptions === "undefined" ? Object : PafiDirectAuthModuleOptions
|
|
329
|
+
])
|
|
317
330
|
], PafiSessionVerifierService);
|
|
318
331
|
function parseVerifiedAttribute(raw) {
|
|
319
332
|
if (!raw || typeof raw !== "object") return void 0;
|
|
@@ -324,6 +337,7 @@ function parseVerifiedAttribute(raw) {
|
|
|
324
337
|
valueHash: typeof obj.value_hash === "string" ? obj.value_hash : void 0
|
|
325
338
|
};
|
|
326
339
|
}
|
|
340
|
+
__name(parseVerifiedAttribute, "parseVerifiedAttribute");
|
|
327
341
|
|
|
328
342
|
// src/direct-auth/services/pafi-direct-auth.service.ts
|
|
329
343
|
var import_common3 = require("@nestjs/common");
|
|
@@ -335,18 +349,38 @@ var USER_STORE = /* @__PURE__ */ Symbol("USER_STORE");
|
|
|
335
349
|
var SESSION_TOKEN_MINTER = /* @__PURE__ */ Symbol("SESSION_TOKEN_MINTER");
|
|
336
350
|
|
|
337
351
|
// src/direct-auth/services/pafi-direct-auth.service.ts
|
|
338
|
-
|
|
352
|
+
function _ts_decorate3(decorators, target, key, desc) {
|
|
353
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
354
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
355
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
356
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
357
|
+
}
|
|
358
|
+
__name(_ts_decorate3, "_ts_decorate");
|
|
359
|
+
function _ts_metadata3(k, v) {
|
|
360
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
361
|
+
}
|
|
362
|
+
__name(_ts_metadata3, "_ts_metadata");
|
|
363
|
+
function _ts_param3(paramIndex, decorator) {
|
|
364
|
+
return function(target, key) {
|
|
365
|
+
decorator(target, key, paramIndex);
|
|
366
|
+
};
|
|
367
|
+
}
|
|
368
|
+
__name(_ts_param3, "_ts_param");
|
|
369
|
+
var PafiDirectAuthService = class _PafiDirectAuthService {
|
|
370
|
+
static {
|
|
371
|
+
__name(this, "PafiDirectAuthService");
|
|
372
|
+
}
|
|
373
|
+
clientProvider;
|
|
374
|
+
sessionVerifier;
|
|
375
|
+
userStore;
|
|
376
|
+
sessionTokenMinter;
|
|
377
|
+
logger = new import_common3.Logger(_PafiDirectAuthService.name);
|
|
339
378
|
constructor(clientProvider, sessionVerifier, userStore, sessionTokenMinter) {
|
|
340
379
|
this.clientProvider = clientProvider;
|
|
341
380
|
this.sessionVerifier = sessionVerifier;
|
|
342
381
|
this.userStore = userStore;
|
|
343
382
|
this.sessionTokenMinter = sessionTokenMinter;
|
|
344
383
|
}
|
|
345
|
-
clientProvider;
|
|
346
|
-
sessionVerifier;
|
|
347
|
-
userStore;
|
|
348
|
-
sessionTokenMinter;
|
|
349
|
-
logger = new import_common3.Logger(PafiDirectAuthService.name);
|
|
350
384
|
// ── Email OTP ────────────────────────────────────────────────────
|
|
351
385
|
async startEmail(args) {
|
|
352
386
|
return this.clientProvider.client.startEmail({
|
|
@@ -399,14 +433,23 @@ var PafiDirectAuthService = class {
|
|
|
399
433
|
pafiSessionToken: success.pafiSessionToken,
|
|
400
434
|
canonicalId: success.canonicalId,
|
|
401
435
|
isFirstLogin: success.isFirstLogin,
|
|
402
|
-
...success.verifiedEmail ? {
|
|
436
|
+
...success.verifiedEmail ? {
|
|
437
|
+
verifiedEmail: success.verifiedEmail
|
|
438
|
+
} : {}
|
|
403
439
|
};
|
|
404
440
|
}
|
|
405
441
|
};
|
|
406
|
-
PafiDirectAuthService =
|
|
442
|
+
PafiDirectAuthService = _ts_decorate3([
|
|
407
443
|
(0, import_common3.Injectable)(),
|
|
408
|
-
|
|
409
|
-
|
|
444
|
+
_ts_param3(2, (0, import_common3.Inject)(USER_STORE)),
|
|
445
|
+
_ts_param3(3, (0, import_common3.Inject)(SESSION_TOKEN_MINTER)),
|
|
446
|
+
_ts_metadata3("design:type", Function),
|
|
447
|
+
_ts_metadata3("design:paramtypes", [
|
|
448
|
+
typeof PafiAuthClientProvider === "undefined" ? Object : PafiAuthClientProvider,
|
|
449
|
+
typeof PafiSessionVerifierService === "undefined" ? Object : PafiSessionVerifierService,
|
|
450
|
+
typeof IUserStore === "undefined" ? Object : IUserStore,
|
|
451
|
+
typeof ISessionTokenMinter === "undefined" ? Object : ISessionTokenMinter
|
|
452
|
+
])
|
|
410
453
|
], PafiDirectAuthService);
|
|
411
454
|
|
|
412
455
|
// src/direct-auth/pafi-direct-auth.controller.ts
|
|
@@ -416,74 +459,120 @@ var import_swagger2 = require("@nestjs/swagger");
|
|
|
416
459
|
// src/direct-auth/pafi-direct-auth.dto.ts
|
|
417
460
|
var import_swagger = require("@nestjs/swagger");
|
|
418
461
|
var import_class_validator = require("class-validator");
|
|
462
|
+
function _ts_decorate4(decorators, target, key, desc) {
|
|
463
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
464
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
465
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
466
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
467
|
+
}
|
|
468
|
+
__name(_ts_decorate4, "_ts_decorate");
|
|
469
|
+
function _ts_metadata4(k, v) {
|
|
470
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
471
|
+
}
|
|
472
|
+
__name(_ts_metadata4, "_ts_metadata");
|
|
419
473
|
var EmailStartRequestDto = class {
|
|
474
|
+
static {
|
|
475
|
+
__name(this, "EmailStartRequestDto");
|
|
476
|
+
}
|
|
420
477
|
email;
|
|
421
478
|
};
|
|
422
|
-
|
|
423
|
-
(0, import_swagger.ApiProperty)({
|
|
479
|
+
_ts_decorate4([
|
|
480
|
+
(0, import_swagger.ApiProperty)({
|
|
481
|
+
example: "user1@example.com"
|
|
482
|
+
}),
|
|
424
483
|
(0, import_class_validator.IsEmail)(),
|
|
425
|
-
(0, import_class_validator.MaxLength)(320)
|
|
426
|
-
|
|
484
|
+
(0, import_class_validator.MaxLength)(320),
|
|
485
|
+
_ts_metadata4("design:type", String)
|
|
486
|
+
], EmailStartRequestDto.prototype, "email", void 0);
|
|
427
487
|
var EmailVerifyRequestDto = class {
|
|
488
|
+
static {
|
|
489
|
+
__name(this, "EmailVerifyRequestDto");
|
|
490
|
+
}
|
|
428
491
|
challengeId;
|
|
429
492
|
otpCode;
|
|
430
493
|
};
|
|
431
|
-
|
|
494
|
+
_ts_decorate4([
|
|
432
495
|
(0, import_swagger.ApiProperty)({
|
|
433
496
|
description: "Challenge id returned by POST /auth/v2/email/start. Opaque to the FE; echo verbatim."
|
|
434
497
|
}),
|
|
435
498
|
(0, import_class_validator.IsString)(),
|
|
436
499
|
(0, import_class_validator.IsNotEmpty)(),
|
|
437
|
-
(0, import_class_validator.MaxLength)(128)
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
500
|
+
(0, import_class_validator.MaxLength)(128),
|
|
501
|
+
_ts_metadata4("design:type", String)
|
|
502
|
+
], EmailVerifyRequestDto.prototype, "challengeId", void 0);
|
|
503
|
+
_ts_decorate4([
|
|
504
|
+
(0, import_swagger.ApiProperty)({
|
|
505
|
+
example: "123456"
|
|
506
|
+
}),
|
|
441
507
|
(0, import_class_validator.IsString)(),
|
|
442
|
-
(0, import_class_validator.Length)(4, 10)
|
|
443
|
-
|
|
508
|
+
(0, import_class_validator.Length)(4, 10),
|
|
509
|
+
_ts_metadata4("design:type", String)
|
|
510
|
+
], EmailVerifyRequestDto.prototype, "otpCode", void 0);
|
|
444
511
|
var GoogleExchangeRequestDto = class {
|
|
512
|
+
static {
|
|
513
|
+
__name(this, "GoogleExchangeRequestDto");
|
|
514
|
+
}
|
|
445
515
|
idToken;
|
|
446
516
|
};
|
|
447
|
-
|
|
517
|
+
_ts_decorate4([
|
|
448
518
|
(0, import_swagger.ApiProperty)({
|
|
449
519
|
description: "Google-issued ID token (JWS). Obtain on FE via Google Identity Services using PAFI's Google OAuth client_id."
|
|
450
520
|
}),
|
|
451
521
|
(0, import_class_validator.IsString)(),
|
|
452
522
|
(0, import_class_validator.IsNotEmpty)(),
|
|
453
|
-
(0, import_class_validator.MaxLength)(8192)
|
|
454
|
-
|
|
523
|
+
(0, import_class_validator.MaxLength)(8192),
|
|
524
|
+
_ts_metadata4("design:type", String)
|
|
525
|
+
], GoogleExchangeRequestDto.prototype, "idToken", void 0);
|
|
455
526
|
var KakaoExchangeRequestDto = class {
|
|
527
|
+
static {
|
|
528
|
+
__name(this, "KakaoExchangeRequestDto");
|
|
529
|
+
}
|
|
456
530
|
code;
|
|
457
531
|
redirectUri;
|
|
458
532
|
};
|
|
459
|
-
|
|
533
|
+
_ts_decorate4([
|
|
460
534
|
(0, import_swagger.ApiProperty)({
|
|
461
535
|
description: "Authorization code returned by Kakao to the FE redirect URL."
|
|
462
536
|
}),
|
|
463
537
|
(0, import_class_validator.IsString)(),
|
|
464
538
|
(0, import_class_validator.IsNotEmpty)(),
|
|
465
|
-
(0, import_class_validator.MaxLength)(2048)
|
|
466
|
-
|
|
467
|
-
|
|
539
|
+
(0, import_class_validator.MaxLength)(2048),
|
|
540
|
+
_ts_metadata4("design:type", String)
|
|
541
|
+
], KakaoExchangeRequestDto.prototype, "code", void 0);
|
|
542
|
+
_ts_decorate4([
|
|
468
543
|
(0, import_swagger.ApiProperty)({
|
|
469
544
|
description: "Redirect URI the FE used when initiating the Kakao flow. Optional \u2014 gateway falls back to its own KAKAO_REDIRECT_URI env.",
|
|
470
545
|
required: false
|
|
471
546
|
}),
|
|
472
547
|
(0, import_class_validator.IsOptional)(),
|
|
473
|
-
(0, import_class_validator.IsUrl)({
|
|
474
|
-
|
|
475
|
-
|
|
548
|
+
(0, import_class_validator.IsUrl)({
|
|
549
|
+
require_tld: false,
|
|
550
|
+
require_protocol: true
|
|
551
|
+
}),
|
|
552
|
+
(0, import_class_validator.MaxLength)(2048),
|
|
553
|
+
_ts_metadata4("design:type", String)
|
|
554
|
+
], KakaoExchangeRequestDto.prototype, "redirectUri", void 0);
|
|
476
555
|
var EmailStartResponseDto = class {
|
|
556
|
+
static {
|
|
557
|
+
__name(this, "EmailStartResponseDto");
|
|
558
|
+
}
|
|
477
559
|
challengeId;
|
|
478
560
|
expiresInSec;
|
|
479
561
|
};
|
|
480
|
-
|
|
481
|
-
(0, import_swagger.ApiProperty)()
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
562
|
+
_ts_decorate4([
|
|
563
|
+
(0, import_swagger.ApiProperty)(),
|
|
564
|
+
_ts_metadata4("design:type", String)
|
|
565
|
+
], EmailStartResponseDto.prototype, "challengeId", void 0);
|
|
566
|
+
_ts_decorate4([
|
|
567
|
+
(0, import_swagger.ApiProperty)({
|
|
568
|
+
description: "Seconds until the challenge expires."
|
|
569
|
+
}),
|
|
570
|
+
_ts_metadata4("design:type", Number)
|
|
571
|
+
], EmailStartResponseDto.prototype, "expiresInSec", void 0);
|
|
486
572
|
var PafiAuthSuccessDto = class {
|
|
573
|
+
static {
|
|
574
|
+
__name(this, "PafiAuthSuccessDto");
|
|
575
|
+
}
|
|
487
576
|
sessionToken;
|
|
488
577
|
sessionExpiresAt;
|
|
489
578
|
pafiJwt;
|
|
@@ -492,47 +581,80 @@ var PafiAuthSuccessDto = class {
|
|
|
492
581
|
isFirstLogin;
|
|
493
582
|
verifiedEmail;
|
|
494
583
|
};
|
|
495
|
-
|
|
584
|
+
_ts_decorate4([
|
|
496
585
|
(0, import_swagger.ApiProperty)({
|
|
497
586
|
description: "Issuer-native session token (typically HS256, minted by ISessionTokenMinter) \u2014 Bearer-auth for subsequent issuer API calls."
|
|
498
|
-
})
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
587
|
+
}),
|
|
588
|
+
_ts_metadata4("design:type", String)
|
|
589
|
+
], PafiAuthSuccessDto.prototype, "sessionToken", void 0);
|
|
590
|
+
_ts_decorate4([
|
|
591
|
+
(0, import_swagger.ApiProperty)({
|
|
592
|
+
description: "Issuer session token expiration (ISO 8601)."
|
|
593
|
+
}),
|
|
594
|
+
_ts_metadata4("design:type", String)
|
|
595
|
+
], PafiAuthSuccessDto.prototype, "sessionExpiresAt", void 0);
|
|
596
|
+
_ts_decorate4([
|
|
504
597
|
(0, import_swagger.ApiProperty)({
|
|
505
598
|
description: "Short-lived PAFI JWT (60s) \u2014 FE feeds verbatim to Privy.loginWithCustomAuth() to provision the embedded wallet."
|
|
506
|
-
})
|
|
507
|
-
|
|
508
|
-
|
|
599
|
+
}),
|
|
600
|
+
_ts_metadata4("design:type", String)
|
|
601
|
+
], PafiAuthSuccessDto.prototype, "pafiJwt", void 0);
|
|
602
|
+
_ts_decorate4([
|
|
509
603
|
(0, import_swagger.ApiProperty)({
|
|
510
604
|
description: "Long-lived PAFI session token (24h) \u2014 opaque to FE; keep alongside sessionToken if you ever need to call the gateway directly."
|
|
511
|
-
})
|
|
512
|
-
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
605
|
+
}),
|
|
606
|
+
_ts_metadata4("design:type", String)
|
|
607
|
+
], PafiAuthSuccessDto.prototype, "pafiSessionToken", void 0);
|
|
608
|
+
_ts_decorate4([
|
|
609
|
+
(0, import_swagger.ApiProperty)({
|
|
610
|
+
description: "canonical_pafi_user_id assigned by the gateway."
|
|
611
|
+
}),
|
|
612
|
+
_ts_metadata4("design:type", String)
|
|
613
|
+
], PafiAuthSuccessDto.prototype, "canonicalId", void 0);
|
|
614
|
+
_ts_decorate4([
|
|
517
615
|
(0, import_swagger.ApiProperty)({
|
|
518
616
|
description: "True the first time the user appears at the gateway."
|
|
519
|
-
})
|
|
520
|
-
|
|
521
|
-
|
|
617
|
+
}),
|
|
618
|
+
_ts_metadata4("design:type", Boolean)
|
|
619
|
+
], PafiAuthSuccessDto.prototype, "isFirstLogin", void 0);
|
|
620
|
+
_ts_decorate4([
|
|
522
621
|
(0, import_swagger.ApiProperty)({
|
|
523
622
|
description: "Verified email (when the auth method exposed one \u2014 email OTP and Google always; Kakao only if the user shared their email).",
|
|
524
623
|
required: false
|
|
525
|
-
})
|
|
526
|
-
|
|
624
|
+
}),
|
|
625
|
+
_ts_metadata4("design:type", String)
|
|
626
|
+
], PafiAuthSuccessDto.prototype, "verifiedEmail", void 0);
|
|
527
627
|
|
|
528
628
|
// src/direct-auth/pafi-direct-auth.controller.ts
|
|
629
|
+
function _ts_decorate5(decorators, target, key, desc) {
|
|
630
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
631
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
632
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
633
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
634
|
+
}
|
|
635
|
+
__name(_ts_decorate5, "_ts_decorate");
|
|
636
|
+
function _ts_metadata5(k, v) {
|
|
637
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
638
|
+
}
|
|
639
|
+
__name(_ts_metadata5, "_ts_metadata");
|
|
640
|
+
function _ts_param4(paramIndex, decorator) {
|
|
641
|
+
return function(target, key) {
|
|
642
|
+
decorator(target, key, paramIndex);
|
|
643
|
+
};
|
|
644
|
+
}
|
|
645
|
+
__name(_ts_param4, "_ts_param");
|
|
529
646
|
var PafiDirectAuthController = class {
|
|
647
|
+
static {
|
|
648
|
+
__name(this, "PafiDirectAuthController");
|
|
649
|
+
}
|
|
650
|
+
directAuth;
|
|
530
651
|
constructor(directAuth) {
|
|
531
652
|
this.directAuth = directAuth;
|
|
532
653
|
}
|
|
533
|
-
directAuth;
|
|
534
654
|
async startEmail(body) {
|
|
535
|
-
const res = await this.directAuth.startEmail({
|
|
655
|
+
const res = await this.directAuth.startEmail({
|
|
656
|
+
email: body.email
|
|
657
|
+
});
|
|
536
658
|
return {
|
|
537
659
|
challengeId: res.challengeId,
|
|
538
660
|
expiresInSec: res.expiresInSec
|
|
@@ -545,7 +667,9 @@ var PafiDirectAuthController = class {
|
|
|
545
667
|
});
|
|
546
668
|
}
|
|
547
669
|
async exchangeGoogle(body) {
|
|
548
|
-
return this.directAuth.exchangeGoogle({
|
|
670
|
+
return this.directAuth.exchangeGoogle({
|
|
671
|
+
idToken: body.idToken
|
|
672
|
+
});
|
|
549
673
|
}
|
|
550
674
|
async exchangeKakao(body) {
|
|
551
675
|
return this.directAuth.exchangeKakao({
|
|
@@ -554,58 +678,102 @@ var PafiDirectAuthController = class {
|
|
|
554
678
|
});
|
|
555
679
|
}
|
|
556
680
|
};
|
|
557
|
-
|
|
681
|
+
_ts_decorate5([
|
|
558
682
|
(0, import_common4.Post)("email/start"),
|
|
559
683
|
(0, import_common4.HttpCode)(import_common4.HttpStatus.OK),
|
|
560
684
|
(0, import_swagger2.ApiOperation)({
|
|
561
685
|
summary: "Step 1: ask gateway to send an OTP to the user email.",
|
|
562
686
|
description: "Gateway generates the OTP, sends it via its configured email provider, and returns an opaque challenge_id. The FE echoes that challenge_id back on step 2 along with the code the user typed."
|
|
563
687
|
}),
|
|
564
|
-
(0, import_swagger2.ApiOkResponse)({
|
|
565
|
-
|
|
566
|
-
|
|
567
|
-
|
|
688
|
+
(0, import_swagger2.ApiOkResponse)({
|
|
689
|
+
type: EmailStartResponseDto
|
|
690
|
+
}),
|
|
691
|
+
_ts_param4(0, (0, import_common4.Body)()),
|
|
692
|
+
_ts_metadata5("design:type", Function),
|
|
693
|
+
_ts_metadata5("design:paramtypes", [
|
|
694
|
+
typeof EmailStartRequestDto === "undefined" ? Object : EmailStartRequestDto
|
|
695
|
+
]),
|
|
696
|
+
_ts_metadata5("design:returntype", Promise)
|
|
697
|
+
], PafiDirectAuthController.prototype, "startEmail", null);
|
|
698
|
+
_ts_decorate5([
|
|
568
699
|
(0, import_common4.Post)("email/verify"),
|
|
569
700
|
(0, import_common4.HttpCode)(import_common4.HttpStatus.OK),
|
|
570
701
|
(0, import_swagger2.ApiOperation)({
|
|
571
702
|
summary: "Step 2: submit the OTP to complete email sign-in.",
|
|
572
703
|
description: "Gateway verifies the OTP, derives canonical_id from the verified email, and mints both a pafi_session_token (24h, gateway-signed) and pafi_jwt (60s, for Privy.loginWithCustomAuth). Issuer wraps these in a session token of its own (sub = canonical_id) so existing guards keep working."
|
|
573
704
|
}),
|
|
574
|
-
(0, import_swagger2.ApiOkResponse)({
|
|
575
|
-
|
|
576
|
-
|
|
577
|
-
|
|
705
|
+
(0, import_swagger2.ApiOkResponse)({
|
|
706
|
+
type: PafiAuthSuccessDto
|
|
707
|
+
}),
|
|
708
|
+
_ts_param4(0, (0, import_common4.Body)()),
|
|
709
|
+
_ts_metadata5("design:type", Function),
|
|
710
|
+
_ts_metadata5("design:paramtypes", [
|
|
711
|
+
typeof EmailVerifyRequestDto === "undefined" ? Object : EmailVerifyRequestDto
|
|
712
|
+
]),
|
|
713
|
+
_ts_metadata5("design:returntype", Promise)
|
|
714
|
+
], PafiDirectAuthController.prototype, "verifyEmail", null);
|
|
715
|
+
_ts_decorate5([
|
|
578
716
|
(0, import_common4.Post)("google/exchange"),
|
|
579
717
|
(0, import_common4.HttpCode)(import_common4.HttpStatus.OK),
|
|
580
718
|
(0, import_swagger2.ApiOperation)({
|
|
581
719
|
summary: "Sign in with Google.",
|
|
582
720
|
description: "Hand the gateway a Google-issued id_token (FE obtains via Google Identity Services using PAFI's shared client_id). Gateway verifies signature + email_verified, derives canonical_id from the email, returns the same token bundle as /email/verify."
|
|
583
721
|
}),
|
|
584
|
-
(0, import_swagger2.ApiOkResponse)({
|
|
585
|
-
|
|
586
|
-
|
|
587
|
-
|
|
722
|
+
(0, import_swagger2.ApiOkResponse)({
|
|
723
|
+
type: PafiAuthSuccessDto
|
|
724
|
+
}),
|
|
725
|
+
_ts_param4(0, (0, import_common4.Body)()),
|
|
726
|
+
_ts_metadata5("design:type", Function),
|
|
727
|
+
_ts_metadata5("design:paramtypes", [
|
|
728
|
+
typeof GoogleExchangeRequestDto === "undefined" ? Object : GoogleExchangeRequestDto
|
|
729
|
+
]),
|
|
730
|
+
_ts_metadata5("design:returntype", Promise)
|
|
731
|
+
], PafiDirectAuthController.prototype, "exchangeGoogle", null);
|
|
732
|
+
_ts_decorate5([
|
|
588
733
|
(0, import_common4.Post)("kakao/exchange"),
|
|
589
734
|
(0, import_common4.HttpCode)(import_common4.HttpStatus.OK),
|
|
590
735
|
(0, import_swagger2.ApiOperation)({
|
|
591
736
|
summary: "Sign in with Kakao.",
|
|
592
737
|
description: "Hand the gateway the authorization code Kakao redirected back to the FE. Gateway exchanges with Kakao server-to-server (using PAFI-held client_secret), verifies the id_token, and returns the same token bundle as /email/verify. canonical_id derives from email when present, else from the Kakao sub."
|
|
593
738
|
}),
|
|
594
|
-
(0, import_swagger2.ApiOkResponse)({
|
|
595
|
-
|
|
596
|
-
|
|
597
|
-
|
|
739
|
+
(0, import_swagger2.ApiOkResponse)({
|
|
740
|
+
type: PafiAuthSuccessDto
|
|
741
|
+
}),
|
|
742
|
+
_ts_param4(0, (0, import_common4.Body)()),
|
|
743
|
+
_ts_metadata5("design:type", Function),
|
|
744
|
+
_ts_metadata5("design:paramtypes", [
|
|
745
|
+
typeof KakaoExchangeRequestDto === "undefined" ? Object : KakaoExchangeRequestDto
|
|
746
|
+
]),
|
|
747
|
+
_ts_metadata5("design:returntype", Promise)
|
|
748
|
+
], PafiDirectAuthController.prototype, "exchangeKakao", null);
|
|
749
|
+
PafiDirectAuthController = _ts_decorate5([
|
|
598
750
|
(0, import_swagger2.ApiTags)("pafi-auth-v2"),
|
|
599
|
-
(0, import_common4.Controller)("auth/v2")
|
|
751
|
+
(0, import_common4.Controller)("auth/v2"),
|
|
752
|
+
_ts_metadata5("design:type", Function),
|
|
753
|
+
_ts_metadata5("design:paramtypes", [
|
|
754
|
+
typeof PafiDirectAuthService === "undefined" ? Object : PafiDirectAuthService
|
|
755
|
+
])
|
|
600
756
|
], PafiDirectAuthController);
|
|
601
757
|
|
|
602
758
|
// src/direct-auth/pafi-direct-auth.module.ts
|
|
603
|
-
|
|
759
|
+
function _ts_decorate6(decorators, target, key, desc) {
|
|
760
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
761
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
762
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
763
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
764
|
+
}
|
|
765
|
+
__name(_ts_decorate6, "_ts_decorate");
|
|
766
|
+
var PafiDirectAuthModule = class _PafiDirectAuthModule {
|
|
767
|
+
static {
|
|
768
|
+
__name(this, "PafiDirectAuthModule");
|
|
769
|
+
}
|
|
604
770
|
static forRoot(options) {
|
|
605
771
|
return {
|
|
606
|
-
module:
|
|
772
|
+
module: _PafiDirectAuthModule,
|
|
607
773
|
imports: options.imports ?? [],
|
|
608
|
-
controllers: [
|
|
774
|
+
controllers: [
|
|
775
|
+
PafiDirectAuthController
|
|
776
|
+
],
|
|
609
777
|
providers: [
|
|
610
778
|
{
|
|
611
779
|
provide: PAFI_DIRECT_AUTH_MODULE_OPTIONS,
|
|
@@ -639,7 +807,7 @@ var PafiDirectAuthModule = class {
|
|
|
639
807
|
};
|
|
640
808
|
}
|
|
641
809
|
};
|
|
642
|
-
PafiDirectAuthModule =
|
|
810
|
+
PafiDirectAuthModule = _ts_decorate6([
|
|
643
811
|
(0, import_common5.Module)({})
|
|
644
812
|
], PafiDirectAuthModule);
|
|
645
813
|
// Annotate the CommonJS export names for ESM import in node:
|