@pafi-dev/issuer 0.39.2 → 0.39.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth-client/index.cjs +65 -79
- package/dist/auth-client/index.cjs.map +1 -1
- package/dist/auth-client/index.js +2 -2
- package/dist/{chunk-7VEYSL2C.js → chunk-2Z3M2KQG.js} +69 -80
- package/dist/{chunk-7VEYSL2C.js.map → chunk-2Z3M2KQG.js.map} +1 -1
- package/dist/chunk-7QVYU63E.js +7 -0
- package/dist/{chunk-QLNGNH4A.js → chunk-RNQQYJIB.js} +23 -7
- package/dist/{chunk-QLNGNH4A.js.map → chunk-RNQQYJIB.js.map} +1 -1
- package/dist/direct-auth/index.cjs +363 -195
- package/dist/direct-auth/index.cjs.map +1 -1
- package/dist/direct-auth/index.js +304 -132
- package/dist/direct-auth/index.js.map +1 -1
- package/dist/http/index.cjs +14 -1
- package/dist/http/index.cjs.map +1 -1
- package/dist/http/index.js +2 -2
- package/dist/index.cjs +1096 -1280
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +1094 -1355
- package/dist/index.js.map +1 -1
- package/dist/nestjs/index.cjs +114 -50
- package/dist/nestjs/index.cjs.map +1 -1
- package/dist/nestjs/index.js +106 -61
- package/dist/nestjs/index.js.map +1 -1
- package/dist/wallet-auth/index.cjs +11 -5
- package/dist/wallet-auth/index.cjs.map +1 -1
- package/dist/wallet-auth/index.js +13 -6
- package/dist/wallet-auth/index.js.map +1 -1
- package/package.json +4 -2
- package/dist/chunk-BRKEJJFQ.js +0 -17
- /package/dist/{chunk-BRKEJJFQ.js.map → chunk-7QVYU63E.js.map} +0 -0
|
@@ -1,10 +1,9 @@
|
|
|
1
1
|
import {
|
|
2
2
|
PafiAuthClient
|
|
3
|
-
} from "../chunk-
|
|
3
|
+
} from "../chunk-2Z3M2KQG.js";
|
|
4
4
|
import {
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
} from "../chunk-BRKEJJFQ.js";
|
|
5
|
+
__name
|
|
6
|
+
} from "../chunk-7QVYU63E.js";
|
|
8
7
|
|
|
9
8
|
// src/direct-auth/pafi-direct-auth.module.ts
|
|
10
9
|
import { Module } from "@nestjs/common";
|
|
@@ -13,23 +12,39 @@ import { Module } from "@nestjs/common";
|
|
|
13
12
|
import { Injectable, Inject } from "@nestjs/common";
|
|
14
13
|
|
|
15
14
|
// src/direct-auth/pafi-direct-auth.module-options.ts
|
|
16
|
-
var PAFI_DIRECT_AUTH_MODULE_OPTIONS = /* @__PURE__ */ Symbol(
|
|
17
|
-
"PAFI_DIRECT_AUTH_MODULE_OPTIONS"
|
|
18
|
-
);
|
|
15
|
+
var PAFI_DIRECT_AUTH_MODULE_OPTIONS = /* @__PURE__ */ Symbol("PAFI_DIRECT_AUTH_MODULE_OPTIONS");
|
|
19
16
|
|
|
20
17
|
// src/direct-auth/services/pafi-auth-client.provider.ts
|
|
18
|
+
function _ts_decorate(decorators, target, key, desc) {
|
|
19
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
20
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
21
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
22
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
23
|
+
}
|
|
24
|
+
__name(_ts_decorate, "_ts_decorate");
|
|
25
|
+
function _ts_metadata(k, v) {
|
|
26
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
27
|
+
}
|
|
28
|
+
__name(_ts_metadata, "_ts_metadata");
|
|
29
|
+
function _ts_param(paramIndex, decorator) {
|
|
30
|
+
return function(target, key) {
|
|
31
|
+
decorator(target, key, paramIndex);
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
__name(_ts_param, "_ts_param");
|
|
21
35
|
var PafiAuthClientProvider = class {
|
|
22
|
-
|
|
23
|
-
this
|
|
36
|
+
static {
|
|
37
|
+
__name(this, "PafiAuthClientProvider");
|
|
24
38
|
}
|
|
25
39
|
options;
|
|
26
40
|
_client;
|
|
41
|
+
constructor(options) {
|
|
42
|
+
this.options = options;
|
|
43
|
+
}
|
|
27
44
|
onModuleInit() {
|
|
28
45
|
const jwk = this.options.clientPrivateJwk;
|
|
29
46
|
if (!jwk.kid) {
|
|
30
|
-
throw new Error(
|
|
31
|
-
"PafiDirectAuthModule: clientPrivateJwk.kid is required \u2014 gateway uses kid for key lookup"
|
|
32
|
-
);
|
|
47
|
+
throw new Error("PafiDirectAuthModule: clientPrivateJwk.kid is required \u2014 gateway uses kid for key lookup");
|
|
33
48
|
}
|
|
34
49
|
this._client = new PafiAuthClient({
|
|
35
50
|
gatewayUrl: this.options.gatewayUrl,
|
|
@@ -42,25 +57,43 @@ var PafiAuthClientProvider = class {
|
|
|
42
57
|
return this._client;
|
|
43
58
|
}
|
|
44
59
|
};
|
|
45
|
-
PafiAuthClientProvider =
|
|
60
|
+
PafiAuthClientProvider = _ts_decorate([
|
|
46
61
|
Injectable(),
|
|
47
|
-
|
|
62
|
+
_ts_param(0, Inject(PAFI_DIRECT_AUTH_MODULE_OPTIONS)),
|
|
63
|
+
_ts_metadata("design:type", Function),
|
|
64
|
+
_ts_metadata("design:paramtypes", [
|
|
65
|
+
typeof PafiDirectAuthModuleOptions === "undefined" ? Object : PafiDirectAuthModuleOptions
|
|
66
|
+
])
|
|
48
67
|
], PafiAuthClientProvider);
|
|
49
68
|
|
|
50
69
|
// src/direct-auth/services/pafi-session-verifier.service.ts
|
|
51
|
-
import {
|
|
52
|
-
Injectable as Injectable2,
|
|
53
|
-
Inject as Inject2,
|
|
54
|
-
UnauthorizedException
|
|
55
|
-
} from "@nestjs/common";
|
|
70
|
+
import { Injectable as Injectable2, Inject as Inject2, UnauthorizedException } from "@nestjs/common";
|
|
56
71
|
import { createRemoteJWKSet, jwtVerify } from "jose";
|
|
72
|
+
function _ts_decorate2(decorators, target, key, desc) {
|
|
73
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
74
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
75
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
76
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
77
|
+
}
|
|
78
|
+
__name(_ts_decorate2, "_ts_decorate");
|
|
79
|
+
function _ts_metadata2(k, v) {
|
|
80
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
81
|
+
}
|
|
82
|
+
__name(_ts_metadata2, "_ts_metadata");
|
|
83
|
+
function _ts_param2(paramIndex, decorator) {
|
|
84
|
+
return function(target, key) {
|
|
85
|
+
decorator(target, key, paramIndex);
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
__name(_ts_param2, "_ts_param");
|
|
57
89
|
var PafiSessionVerifierService = class {
|
|
90
|
+
static {
|
|
91
|
+
__name(this, "PafiSessionVerifierService");
|
|
92
|
+
}
|
|
58
93
|
jwks;
|
|
59
94
|
expectedIssuer;
|
|
60
95
|
constructor(options) {
|
|
61
|
-
this.jwks = createRemoteJWKSet(
|
|
62
|
-
new URL(`${options.gatewayUrl}/.well-known/jwks.json`)
|
|
63
|
-
);
|
|
96
|
+
this.jwks = createRemoteJWKSet(new URL(`${options.gatewayUrl}/.well-known/jwks.json`));
|
|
64
97
|
this.expectedIssuer = options.gatewayUrl;
|
|
65
98
|
}
|
|
66
99
|
async verify(token) {
|
|
@@ -70,14 +103,10 @@ var PafiSessionVerifierService = class {
|
|
|
70
103
|
issuer: this.expectedIssuer
|
|
71
104
|
}));
|
|
72
105
|
} catch (err) {
|
|
73
|
-
throw new UnauthorizedException(
|
|
74
|
-
`Invalid pafi_session_token: ${err.message}`
|
|
75
|
-
);
|
|
106
|
+
throw new UnauthorizedException(`Invalid pafi_session_token: ${err.message}`);
|
|
76
107
|
}
|
|
77
108
|
if (payload.scope !== "pafi-session") {
|
|
78
|
-
throw new UnauthorizedException(
|
|
79
|
-
`pafi_session_token has wrong scope: ${String(payload.scope)}`
|
|
80
|
-
);
|
|
109
|
+
throw new UnauthorizedException(`pafi_session_token has wrong scope: ${String(payload.scope)}`);
|
|
81
110
|
}
|
|
82
111
|
if (typeof payload.sub !== "string") {
|
|
83
112
|
throw new UnauthorizedException("pafi_session_token missing sub");
|
|
@@ -85,9 +114,7 @@ var PafiSessionVerifierService = class {
|
|
|
85
114
|
if (typeof payload.exp !== "number" || typeof payload.iat !== "number") {
|
|
86
115
|
throw new UnauthorizedException("pafi_session_token missing iat/exp");
|
|
87
116
|
}
|
|
88
|
-
const verifiedAttribute = parseVerifiedAttribute(
|
|
89
|
-
payload.verified_attribute
|
|
90
|
-
);
|
|
117
|
+
const verifiedAttribute = parseVerifiedAttribute(payload.verified_attribute);
|
|
91
118
|
return {
|
|
92
119
|
sub: payload.sub,
|
|
93
120
|
scope: "pafi-session",
|
|
@@ -99,9 +126,13 @@ var PafiSessionVerifierService = class {
|
|
|
99
126
|
};
|
|
100
127
|
}
|
|
101
128
|
};
|
|
102
|
-
PafiSessionVerifierService =
|
|
129
|
+
PafiSessionVerifierService = _ts_decorate2([
|
|
103
130
|
Injectable2(),
|
|
104
|
-
|
|
131
|
+
_ts_param2(0, Inject2(PAFI_DIRECT_AUTH_MODULE_OPTIONS)),
|
|
132
|
+
_ts_metadata2("design:type", Function),
|
|
133
|
+
_ts_metadata2("design:paramtypes", [
|
|
134
|
+
typeof PafiDirectAuthModuleOptions === "undefined" ? Object : PafiDirectAuthModuleOptions
|
|
135
|
+
])
|
|
105
136
|
], PafiSessionVerifierService);
|
|
106
137
|
function parseVerifiedAttribute(raw) {
|
|
107
138
|
if (!raw || typeof raw !== "object") return void 0;
|
|
@@ -112,6 +143,7 @@ function parseVerifiedAttribute(raw) {
|
|
|
112
143
|
valueHash: typeof obj.value_hash === "string" ? obj.value_hash : void 0
|
|
113
144
|
};
|
|
114
145
|
}
|
|
146
|
+
__name(parseVerifiedAttribute, "parseVerifiedAttribute");
|
|
115
147
|
|
|
116
148
|
// src/direct-auth/services/pafi-direct-auth.service.ts
|
|
117
149
|
import { Injectable as Injectable3, Inject as Inject3, Logger } from "@nestjs/common";
|
|
@@ -123,18 +155,38 @@ var USER_STORE = /* @__PURE__ */ Symbol("USER_STORE");
|
|
|
123
155
|
var SESSION_TOKEN_MINTER = /* @__PURE__ */ Symbol("SESSION_TOKEN_MINTER");
|
|
124
156
|
|
|
125
157
|
// src/direct-auth/services/pafi-direct-auth.service.ts
|
|
126
|
-
|
|
158
|
+
function _ts_decorate3(decorators, target, key, desc) {
|
|
159
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
160
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
161
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
162
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
163
|
+
}
|
|
164
|
+
__name(_ts_decorate3, "_ts_decorate");
|
|
165
|
+
function _ts_metadata3(k, v) {
|
|
166
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
167
|
+
}
|
|
168
|
+
__name(_ts_metadata3, "_ts_metadata");
|
|
169
|
+
function _ts_param3(paramIndex, decorator) {
|
|
170
|
+
return function(target, key) {
|
|
171
|
+
decorator(target, key, paramIndex);
|
|
172
|
+
};
|
|
173
|
+
}
|
|
174
|
+
__name(_ts_param3, "_ts_param");
|
|
175
|
+
var PafiDirectAuthService = class _PafiDirectAuthService {
|
|
176
|
+
static {
|
|
177
|
+
__name(this, "PafiDirectAuthService");
|
|
178
|
+
}
|
|
179
|
+
clientProvider;
|
|
180
|
+
sessionVerifier;
|
|
181
|
+
userStore;
|
|
182
|
+
sessionTokenMinter;
|
|
183
|
+
logger = new Logger(_PafiDirectAuthService.name);
|
|
127
184
|
constructor(clientProvider, sessionVerifier, userStore, sessionTokenMinter) {
|
|
128
185
|
this.clientProvider = clientProvider;
|
|
129
186
|
this.sessionVerifier = sessionVerifier;
|
|
130
187
|
this.userStore = userStore;
|
|
131
188
|
this.sessionTokenMinter = sessionTokenMinter;
|
|
132
189
|
}
|
|
133
|
-
clientProvider;
|
|
134
|
-
sessionVerifier;
|
|
135
|
-
userStore;
|
|
136
|
-
sessionTokenMinter;
|
|
137
|
-
logger = new Logger(PafiDirectAuthService.name);
|
|
138
190
|
// ── Email OTP ────────────────────────────────────────────────────
|
|
139
191
|
async startEmail(args) {
|
|
140
192
|
return this.clientProvider.client.startEmail({
|
|
@@ -187,105 +239,146 @@ var PafiDirectAuthService = class {
|
|
|
187
239
|
pafiSessionToken: success.pafiSessionToken,
|
|
188
240
|
canonicalId: success.canonicalId,
|
|
189
241
|
isFirstLogin: success.isFirstLogin,
|
|
190
|
-
...success.verifiedEmail ? {
|
|
242
|
+
...success.verifiedEmail ? {
|
|
243
|
+
verifiedEmail: success.verifiedEmail
|
|
244
|
+
} : {}
|
|
191
245
|
};
|
|
192
246
|
}
|
|
193
247
|
};
|
|
194
|
-
PafiDirectAuthService =
|
|
248
|
+
PafiDirectAuthService = _ts_decorate3([
|
|
195
249
|
Injectable3(),
|
|
196
|
-
|
|
197
|
-
|
|
250
|
+
_ts_param3(2, Inject3(USER_STORE)),
|
|
251
|
+
_ts_param3(3, Inject3(SESSION_TOKEN_MINTER)),
|
|
252
|
+
_ts_metadata3("design:type", Function),
|
|
253
|
+
_ts_metadata3("design:paramtypes", [
|
|
254
|
+
typeof PafiAuthClientProvider === "undefined" ? Object : PafiAuthClientProvider,
|
|
255
|
+
typeof PafiSessionVerifierService === "undefined" ? Object : PafiSessionVerifierService,
|
|
256
|
+
typeof IUserStore === "undefined" ? Object : IUserStore,
|
|
257
|
+
typeof ISessionTokenMinter === "undefined" ? Object : ISessionTokenMinter
|
|
258
|
+
])
|
|
198
259
|
], PafiDirectAuthService);
|
|
199
260
|
|
|
200
261
|
// src/direct-auth/pafi-direct-auth.controller.ts
|
|
201
|
-
import {
|
|
202
|
-
Body,
|
|
203
|
-
Controller,
|
|
204
|
-
HttpCode,
|
|
205
|
-
HttpStatus,
|
|
206
|
-
Post
|
|
207
|
-
} from "@nestjs/common";
|
|
262
|
+
import { Body, Controller, HttpCode, HttpStatus, Post } from "@nestjs/common";
|
|
208
263
|
import { ApiOkResponse, ApiOperation, ApiTags } from "@nestjs/swagger";
|
|
209
264
|
|
|
210
265
|
// src/direct-auth/pafi-direct-auth.dto.ts
|
|
211
266
|
import { ApiProperty } from "@nestjs/swagger";
|
|
212
|
-
import {
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
267
|
+
import { IsEmail, IsNotEmpty, IsOptional, IsString, IsUrl, Length, MaxLength } from "class-validator";
|
|
268
|
+
function _ts_decorate4(decorators, target, key, desc) {
|
|
269
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
270
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
271
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
272
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
273
|
+
}
|
|
274
|
+
__name(_ts_decorate4, "_ts_decorate");
|
|
275
|
+
function _ts_metadata4(k, v) {
|
|
276
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
277
|
+
}
|
|
278
|
+
__name(_ts_metadata4, "_ts_metadata");
|
|
221
279
|
var EmailStartRequestDto = class {
|
|
280
|
+
static {
|
|
281
|
+
__name(this, "EmailStartRequestDto");
|
|
282
|
+
}
|
|
222
283
|
email;
|
|
223
284
|
};
|
|
224
|
-
|
|
225
|
-
ApiProperty({
|
|
285
|
+
_ts_decorate4([
|
|
286
|
+
ApiProperty({
|
|
287
|
+
example: "user1@example.com"
|
|
288
|
+
}),
|
|
226
289
|
IsEmail(),
|
|
227
|
-
MaxLength(320)
|
|
228
|
-
|
|
290
|
+
MaxLength(320),
|
|
291
|
+
_ts_metadata4("design:type", String)
|
|
292
|
+
], EmailStartRequestDto.prototype, "email", void 0);
|
|
229
293
|
var EmailVerifyRequestDto = class {
|
|
294
|
+
static {
|
|
295
|
+
__name(this, "EmailVerifyRequestDto");
|
|
296
|
+
}
|
|
230
297
|
challengeId;
|
|
231
298
|
otpCode;
|
|
232
299
|
};
|
|
233
|
-
|
|
300
|
+
_ts_decorate4([
|
|
234
301
|
ApiProperty({
|
|
235
302
|
description: "Challenge id returned by POST /auth/v2/email/start. Opaque to the FE; echo verbatim."
|
|
236
303
|
}),
|
|
237
304
|
IsString(),
|
|
238
305
|
IsNotEmpty(),
|
|
239
|
-
MaxLength(128)
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
306
|
+
MaxLength(128),
|
|
307
|
+
_ts_metadata4("design:type", String)
|
|
308
|
+
], EmailVerifyRequestDto.prototype, "challengeId", void 0);
|
|
309
|
+
_ts_decorate4([
|
|
310
|
+
ApiProperty({
|
|
311
|
+
example: "123456"
|
|
312
|
+
}),
|
|
243
313
|
IsString(),
|
|
244
|
-
Length(4, 10)
|
|
245
|
-
|
|
314
|
+
Length(4, 10),
|
|
315
|
+
_ts_metadata4("design:type", String)
|
|
316
|
+
], EmailVerifyRequestDto.prototype, "otpCode", void 0);
|
|
246
317
|
var GoogleExchangeRequestDto = class {
|
|
318
|
+
static {
|
|
319
|
+
__name(this, "GoogleExchangeRequestDto");
|
|
320
|
+
}
|
|
247
321
|
idToken;
|
|
248
322
|
};
|
|
249
|
-
|
|
323
|
+
_ts_decorate4([
|
|
250
324
|
ApiProperty({
|
|
251
325
|
description: "Google-issued ID token (JWS). Obtain on FE via Google Identity Services using PAFI's Google OAuth client_id."
|
|
252
326
|
}),
|
|
253
327
|
IsString(),
|
|
254
328
|
IsNotEmpty(),
|
|
255
|
-
MaxLength(8192)
|
|
256
|
-
|
|
329
|
+
MaxLength(8192),
|
|
330
|
+
_ts_metadata4("design:type", String)
|
|
331
|
+
], GoogleExchangeRequestDto.prototype, "idToken", void 0);
|
|
257
332
|
var KakaoExchangeRequestDto = class {
|
|
333
|
+
static {
|
|
334
|
+
__name(this, "KakaoExchangeRequestDto");
|
|
335
|
+
}
|
|
258
336
|
code;
|
|
259
337
|
redirectUri;
|
|
260
338
|
};
|
|
261
|
-
|
|
339
|
+
_ts_decorate4([
|
|
262
340
|
ApiProperty({
|
|
263
341
|
description: "Authorization code returned by Kakao to the FE redirect URL."
|
|
264
342
|
}),
|
|
265
343
|
IsString(),
|
|
266
344
|
IsNotEmpty(),
|
|
267
|
-
MaxLength(2048)
|
|
268
|
-
|
|
269
|
-
|
|
345
|
+
MaxLength(2048),
|
|
346
|
+
_ts_metadata4("design:type", String)
|
|
347
|
+
], KakaoExchangeRequestDto.prototype, "code", void 0);
|
|
348
|
+
_ts_decorate4([
|
|
270
349
|
ApiProperty({
|
|
271
350
|
description: "Redirect URI the FE used when initiating the Kakao flow. Optional \u2014 gateway falls back to its own KAKAO_REDIRECT_URI env.",
|
|
272
351
|
required: false
|
|
273
352
|
}),
|
|
274
353
|
IsOptional(),
|
|
275
|
-
IsUrl({
|
|
276
|
-
|
|
277
|
-
|
|
354
|
+
IsUrl({
|
|
355
|
+
require_tld: false,
|
|
356
|
+
require_protocol: true
|
|
357
|
+
}),
|
|
358
|
+
MaxLength(2048),
|
|
359
|
+
_ts_metadata4("design:type", String)
|
|
360
|
+
], KakaoExchangeRequestDto.prototype, "redirectUri", void 0);
|
|
278
361
|
var EmailStartResponseDto = class {
|
|
362
|
+
static {
|
|
363
|
+
__name(this, "EmailStartResponseDto");
|
|
364
|
+
}
|
|
279
365
|
challengeId;
|
|
280
366
|
expiresInSec;
|
|
281
367
|
};
|
|
282
|
-
|
|
283
|
-
ApiProperty()
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
368
|
+
_ts_decorate4([
|
|
369
|
+
ApiProperty(),
|
|
370
|
+
_ts_metadata4("design:type", String)
|
|
371
|
+
], EmailStartResponseDto.prototype, "challengeId", void 0);
|
|
372
|
+
_ts_decorate4([
|
|
373
|
+
ApiProperty({
|
|
374
|
+
description: "Seconds until the challenge expires."
|
|
375
|
+
}),
|
|
376
|
+
_ts_metadata4("design:type", Number)
|
|
377
|
+
], EmailStartResponseDto.prototype, "expiresInSec", void 0);
|
|
288
378
|
var PafiAuthSuccessDto = class {
|
|
379
|
+
static {
|
|
380
|
+
__name(this, "PafiAuthSuccessDto");
|
|
381
|
+
}
|
|
289
382
|
sessionToken;
|
|
290
383
|
sessionExpiresAt;
|
|
291
384
|
pafiJwt;
|
|
@@ -294,47 +387,80 @@ var PafiAuthSuccessDto = class {
|
|
|
294
387
|
isFirstLogin;
|
|
295
388
|
verifiedEmail;
|
|
296
389
|
};
|
|
297
|
-
|
|
390
|
+
_ts_decorate4([
|
|
298
391
|
ApiProperty({
|
|
299
392
|
description: "Issuer-native session token (typically HS256, minted by ISessionTokenMinter) \u2014 Bearer-auth for subsequent issuer API calls."
|
|
300
|
-
})
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
393
|
+
}),
|
|
394
|
+
_ts_metadata4("design:type", String)
|
|
395
|
+
], PafiAuthSuccessDto.prototype, "sessionToken", void 0);
|
|
396
|
+
_ts_decorate4([
|
|
397
|
+
ApiProperty({
|
|
398
|
+
description: "Issuer session token expiration (ISO 8601)."
|
|
399
|
+
}),
|
|
400
|
+
_ts_metadata4("design:type", String)
|
|
401
|
+
], PafiAuthSuccessDto.prototype, "sessionExpiresAt", void 0);
|
|
402
|
+
_ts_decorate4([
|
|
306
403
|
ApiProperty({
|
|
307
404
|
description: "Short-lived PAFI JWT (60s) \u2014 FE feeds verbatim to Privy.loginWithCustomAuth() to provision the embedded wallet."
|
|
308
|
-
})
|
|
309
|
-
|
|
310
|
-
|
|
405
|
+
}),
|
|
406
|
+
_ts_metadata4("design:type", String)
|
|
407
|
+
], PafiAuthSuccessDto.prototype, "pafiJwt", void 0);
|
|
408
|
+
_ts_decorate4([
|
|
311
409
|
ApiProperty({
|
|
312
410
|
description: "Long-lived PAFI session token (24h) \u2014 opaque to FE; keep alongside sessionToken if you ever need to call the gateway directly."
|
|
313
|
-
})
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
411
|
+
}),
|
|
412
|
+
_ts_metadata4("design:type", String)
|
|
413
|
+
], PafiAuthSuccessDto.prototype, "pafiSessionToken", void 0);
|
|
414
|
+
_ts_decorate4([
|
|
415
|
+
ApiProperty({
|
|
416
|
+
description: "canonical_pafi_user_id assigned by the gateway."
|
|
417
|
+
}),
|
|
418
|
+
_ts_metadata4("design:type", String)
|
|
419
|
+
], PafiAuthSuccessDto.prototype, "canonicalId", void 0);
|
|
420
|
+
_ts_decorate4([
|
|
319
421
|
ApiProperty({
|
|
320
422
|
description: "True the first time the user appears at the gateway."
|
|
321
|
-
})
|
|
322
|
-
|
|
323
|
-
|
|
423
|
+
}),
|
|
424
|
+
_ts_metadata4("design:type", Boolean)
|
|
425
|
+
], PafiAuthSuccessDto.prototype, "isFirstLogin", void 0);
|
|
426
|
+
_ts_decorate4([
|
|
324
427
|
ApiProperty({
|
|
325
428
|
description: "Verified email (when the auth method exposed one \u2014 email OTP and Google always; Kakao only if the user shared their email).",
|
|
326
429
|
required: false
|
|
327
|
-
})
|
|
328
|
-
|
|
430
|
+
}),
|
|
431
|
+
_ts_metadata4("design:type", String)
|
|
432
|
+
], PafiAuthSuccessDto.prototype, "verifiedEmail", void 0);
|
|
329
433
|
|
|
330
434
|
// src/direct-auth/pafi-direct-auth.controller.ts
|
|
435
|
+
function _ts_decorate5(decorators, target, key, desc) {
|
|
436
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
437
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
438
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
439
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
440
|
+
}
|
|
441
|
+
__name(_ts_decorate5, "_ts_decorate");
|
|
442
|
+
function _ts_metadata5(k, v) {
|
|
443
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
444
|
+
}
|
|
445
|
+
__name(_ts_metadata5, "_ts_metadata");
|
|
446
|
+
function _ts_param4(paramIndex, decorator) {
|
|
447
|
+
return function(target, key) {
|
|
448
|
+
decorator(target, key, paramIndex);
|
|
449
|
+
};
|
|
450
|
+
}
|
|
451
|
+
__name(_ts_param4, "_ts_param");
|
|
331
452
|
var PafiDirectAuthController = class {
|
|
453
|
+
static {
|
|
454
|
+
__name(this, "PafiDirectAuthController");
|
|
455
|
+
}
|
|
456
|
+
directAuth;
|
|
332
457
|
constructor(directAuth) {
|
|
333
458
|
this.directAuth = directAuth;
|
|
334
459
|
}
|
|
335
|
-
directAuth;
|
|
336
460
|
async startEmail(body) {
|
|
337
|
-
const res = await this.directAuth.startEmail({
|
|
461
|
+
const res = await this.directAuth.startEmail({
|
|
462
|
+
email: body.email
|
|
463
|
+
});
|
|
338
464
|
return {
|
|
339
465
|
challengeId: res.challengeId,
|
|
340
466
|
expiresInSec: res.expiresInSec
|
|
@@ -347,7 +473,9 @@ var PafiDirectAuthController = class {
|
|
|
347
473
|
});
|
|
348
474
|
}
|
|
349
475
|
async exchangeGoogle(body) {
|
|
350
|
-
return this.directAuth.exchangeGoogle({
|
|
476
|
+
return this.directAuth.exchangeGoogle({
|
|
477
|
+
idToken: body.idToken
|
|
478
|
+
});
|
|
351
479
|
}
|
|
352
480
|
async exchangeKakao(body) {
|
|
353
481
|
return this.directAuth.exchangeKakao({
|
|
@@ -356,58 +484,102 @@ var PafiDirectAuthController = class {
|
|
|
356
484
|
});
|
|
357
485
|
}
|
|
358
486
|
};
|
|
359
|
-
|
|
487
|
+
_ts_decorate5([
|
|
360
488
|
Post("email/start"),
|
|
361
489
|
HttpCode(HttpStatus.OK),
|
|
362
490
|
ApiOperation({
|
|
363
491
|
summary: "Step 1: ask gateway to send an OTP to the user email.",
|
|
364
492
|
description: "Gateway generates the OTP, sends it via its configured email provider, and returns an opaque challenge_id. The FE echoes that challenge_id back on step 2 along with the code the user typed."
|
|
365
493
|
}),
|
|
366
|
-
ApiOkResponse({
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
494
|
+
ApiOkResponse({
|
|
495
|
+
type: EmailStartResponseDto
|
|
496
|
+
}),
|
|
497
|
+
_ts_param4(0, Body()),
|
|
498
|
+
_ts_metadata5("design:type", Function),
|
|
499
|
+
_ts_metadata5("design:paramtypes", [
|
|
500
|
+
typeof EmailStartRequestDto === "undefined" ? Object : EmailStartRequestDto
|
|
501
|
+
]),
|
|
502
|
+
_ts_metadata5("design:returntype", Promise)
|
|
503
|
+
], PafiDirectAuthController.prototype, "startEmail", null);
|
|
504
|
+
_ts_decorate5([
|
|
370
505
|
Post("email/verify"),
|
|
371
506
|
HttpCode(HttpStatus.OK),
|
|
372
507
|
ApiOperation({
|
|
373
508
|
summary: "Step 2: submit the OTP to complete email sign-in.",
|
|
374
509
|
description: "Gateway verifies the OTP, derives canonical_id from the verified email, and mints both a pafi_session_token (24h, gateway-signed) and pafi_jwt (60s, for Privy.loginWithCustomAuth). Issuer wraps these in a session token of its own (sub = canonical_id) so existing guards keep working."
|
|
375
510
|
}),
|
|
376
|
-
ApiOkResponse({
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
511
|
+
ApiOkResponse({
|
|
512
|
+
type: PafiAuthSuccessDto
|
|
513
|
+
}),
|
|
514
|
+
_ts_param4(0, Body()),
|
|
515
|
+
_ts_metadata5("design:type", Function),
|
|
516
|
+
_ts_metadata5("design:paramtypes", [
|
|
517
|
+
typeof EmailVerifyRequestDto === "undefined" ? Object : EmailVerifyRequestDto
|
|
518
|
+
]),
|
|
519
|
+
_ts_metadata5("design:returntype", Promise)
|
|
520
|
+
], PafiDirectAuthController.prototype, "verifyEmail", null);
|
|
521
|
+
_ts_decorate5([
|
|
380
522
|
Post("google/exchange"),
|
|
381
523
|
HttpCode(HttpStatus.OK),
|
|
382
524
|
ApiOperation({
|
|
383
525
|
summary: "Sign in with Google.",
|
|
384
526
|
description: "Hand the gateway a Google-issued id_token (FE obtains via Google Identity Services using PAFI's shared client_id). Gateway verifies signature + email_verified, derives canonical_id from the email, returns the same token bundle as /email/verify."
|
|
385
527
|
}),
|
|
386
|
-
ApiOkResponse({
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
528
|
+
ApiOkResponse({
|
|
529
|
+
type: PafiAuthSuccessDto
|
|
530
|
+
}),
|
|
531
|
+
_ts_param4(0, Body()),
|
|
532
|
+
_ts_metadata5("design:type", Function),
|
|
533
|
+
_ts_metadata5("design:paramtypes", [
|
|
534
|
+
typeof GoogleExchangeRequestDto === "undefined" ? Object : GoogleExchangeRequestDto
|
|
535
|
+
]),
|
|
536
|
+
_ts_metadata5("design:returntype", Promise)
|
|
537
|
+
], PafiDirectAuthController.prototype, "exchangeGoogle", null);
|
|
538
|
+
_ts_decorate5([
|
|
390
539
|
Post("kakao/exchange"),
|
|
391
540
|
HttpCode(HttpStatus.OK),
|
|
392
541
|
ApiOperation({
|
|
393
542
|
summary: "Sign in with Kakao.",
|
|
394
543
|
description: "Hand the gateway the authorization code Kakao redirected back to the FE. Gateway exchanges with Kakao server-to-server (using PAFI-held client_secret), verifies the id_token, and returns the same token bundle as /email/verify. canonical_id derives from email when present, else from the Kakao sub."
|
|
395
544
|
}),
|
|
396
|
-
ApiOkResponse({
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
545
|
+
ApiOkResponse({
|
|
546
|
+
type: PafiAuthSuccessDto
|
|
547
|
+
}),
|
|
548
|
+
_ts_param4(0, Body()),
|
|
549
|
+
_ts_metadata5("design:type", Function),
|
|
550
|
+
_ts_metadata5("design:paramtypes", [
|
|
551
|
+
typeof KakaoExchangeRequestDto === "undefined" ? Object : KakaoExchangeRequestDto
|
|
552
|
+
]),
|
|
553
|
+
_ts_metadata5("design:returntype", Promise)
|
|
554
|
+
], PafiDirectAuthController.prototype, "exchangeKakao", null);
|
|
555
|
+
PafiDirectAuthController = _ts_decorate5([
|
|
400
556
|
ApiTags("pafi-auth-v2"),
|
|
401
|
-
Controller("auth/v2")
|
|
557
|
+
Controller("auth/v2"),
|
|
558
|
+
_ts_metadata5("design:type", Function),
|
|
559
|
+
_ts_metadata5("design:paramtypes", [
|
|
560
|
+
typeof PafiDirectAuthService === "undefined" ? Object : PafiDirectAuthService
|
|
561
|
+
])
|
|
402
562
|
], PafiDirectAuthController);
|
|
403
563
|
|
|
404
564
|
// src/direct-auth/pafi-direct-auth.module.ts
|
|
405
|
-
|
|
565
|
+
function _ts_decorate6(decorators, target, key, desc) {
|
|
566
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
567
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
568
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
569
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
570
|
+
}
|
|
571
|
+
__name(_ts_decorate6, "_ts_decorate");
|
|
572
|
+
var PafiDirectAuthModule = class _PafiDirectAuthModule {
|
|
573
|
+
static {
|
|
574
|
+
__name(this, "PafiDirectAuthModule");
|
|
575
|
+
}
|
|
406
576
|
static forRoot(options) {
|
|
407
577
|
return {
|
|
408
|
-
module:
|
|
578
|
+
module: _PafiDirectAuthModule,
|
|
409
579
|
imports: options.imports ?? [],
|
|
410
|
-
controllers: [
|
|
580
|
+
controllers: [
|
|
581
|
+
PafiDirectAuthController
|
|
582
|
+
],
|
|
411
583
|
providers: [
|
|
412
584
|
{
|
|
413
585
|
provide: PAFI_DIRECT_AUTH_MODULE_OPTIONS,
|
|
@@ -441,7 +613,7 @@ var PafiDirectAuthModule = class {
|
|
|
441
613
|
};
|
|
442
614
|
}
|
|
443
615
|
};
|
|
444
|
-
PafiDirectAuthModule =
|
|
616
|
+
PafiDirectAuthModule = _ts_decorate6([
|
|
445
617
|
Module({})
|
|
446
618
|
], PafiDirectAuthModule);
|
|
447
619
|
export {
|