@scryan7371/sdr-security 0.1.1 → 0.1.2

package/dist/nest/entities/app-user.entity.js

@@ -0,0 +1,64 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppUserEntity = void 0;
+const typeorm_1 = require("typeorm");
+let AppUserEntity = class AppUserEntity {
+    id;
+    email;
+    passwordHash;
+    firstName;
+    lastName;
+    emailVerifiedAt;
+    emailVerificationToken;
+    adminApprovedAt;
+    isActive;
+};
+exports.AppUserEntity = AppUserEntity;
+__decorate([
+    (0, typeorm_1.PrimaryGeneratedColumn)("uuid"),
+    __metadata("design:type", String)
+], AppUserEntity.prototype, "id", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "varchar" }),
+    __metadata("design:type", String)
+], AppUserEntity.prototype, "email", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "varchar", name: "password_hash" }),
+    __metadata("design:type", String)
+], AppUserEntity.prototype, "passwordHash", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "varchar", name: "first_name", nullable: true }),
+    __metadata("design:type", Object)
+], AppUserEntity.prototype, "firstName", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "varchar", name: "last_name", nullable: true }),
+    __metadata("design:type", Object)
+], AppUserEntity.prototype, "lastName", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "timestamptz", name: "email_verified_at", nullable: true }),
+    __metadata("design:type", Object)
+], AppUserEntity.prototype, "emailVerifiedAt", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "varchar", name: "email_verification_token", nullable: true }),
+    __metadata("design:type", Object)
+], AppUserEntity.prototype, "emailVerificationToken", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "timestamptz", name: "admin_approved_at", nullable: true }),
+    __metadata("design:type", Object)
+], AppUserEntity.prototype, "adminApprovedAt", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "boolean", name: "is_active", default: true }),
+    __metadata("design:type", Boolean)
+], AppUserEntity.prototype, "isActive", void 0);
+exports.AppUserEntity = AppUserEntity = __decorate([
+    (0, typeorm_1.Entity)({ name: "app_user" })
+], AppUserEntity);

package/dist/nest/entities/password-reset-token.entity.d.ts

@@ -0,0 +1,8 @@
+export declare class PasswordResetTokenEntity {
+    id: string;
+    userId: string;
+    token: string;
+    expiresAt: Date;
+    usedAt: Date | null;
+    createdAt: Date;
+}

package/dist/nest/entities/password-reset-token.entity.js

@@ -0,0 +1,49 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PasswordResetTokenEntity = void 0;
+const typeorm_1 = require("typeorm");
+let PasswordResetTokenEntity = class PasswordResetTokenEntity {
+    id;
+    userId;
+    token;
+    expiresAt;
+    usedAt;
+    createdAt;
+};
+exports.PasswordResetTokenEntity = PasswordResetTokenEntity;
+__decorate([
+    (0, typeorm_1.PrimaryGeneratedColumn)("uuid"),
+    __metadata("design:type", String)
+], PasswordResetTokenEntity.prototype, "id", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "varchar", name: "user_id" }),
+    __metadata("design:type", String)
+], PasswordResetTokenEntity.prototype, "userId", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "varchar", unique: true }),
+    __metadata("design:type", String)
+], PasswordResetTokenEntity.prototype, "token", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "timestamptz", name: "expires_at" }),
+    __metadata("design:type", Date)
+], PasswordResetTokenEntity.prototype, "expiresAt", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "timestamptz", name: "used_at", nullable: true }),
+    __metadata("design:type", Object)
+], PasswordResetTokenEntity.prototype, "usedAt", void 0);
+__decorate([
+    (0, typeorm_1.CreateDateColumn)({ name: "created_at" }),
+    __metadata("design:type", Date)
+], PasswordResetTokenEntity.prototype, "createdAt", void 0);
+exports.PasswordResetTokenEntity = PasswordResetTokenEntity = __decorate([
+    (0, typeorm_1.Entity)({ name: "security_password_reset_token" })
+], PasswordResetTokenEntity);

package/dist/nest/entities/refresh-token.entity.d.ts

@@ -0,0 +1,8 @@
+export declare class RefreshTokenEntity {
+    id: string;
+    tokenHash: string;
+    expiresAt: Date;
+    revokedAt: Date | null;
+    userId: string | null;
+    createdAt: Date;
+}

package/dist/nest/entities/refresh-token.entity.js

@@ -0,0 +1,49 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RefreshTokenEntity = void 0;
+const typeorm_1 = require("typeorm");
+let RefreshTokenEntity = class RefreshTokenEntity {
+    id;
+    tokenHash;
+    expiresAt;
+    revokedAt;
+    userId;
+    createdAt;
+};
+exports.RefreshTokenEntity = RefreshTokenEntity;
+__decorate([
+    (0, typeorm_1.PrimaryColumn)({ type: "varchar" }),
+    __metadata("design:type", String)
+], RefreshTokenEntity.prototype, "id", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "varchar", name: "token_hash" }),
+    __metadata("design:type", String)
+], RefreshTokenEntity.prototype, "tokenHash", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "timestamptz", name: "expires_at" }),
+    __metadata("design:type", Date)
+], RefreshTokenEntity.prototype, "expiresAt", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "timestamptz", name: "revoked_at", nullable: true }),
+    __metadata("design:type", Object)
+], RefreshTokenEntity.prototype, "revokedAt", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "varchar", name: "userId", nullable: true }),
+    __metadata("design:type", Object)
+], RefreshTokenEntity.prototype, "userId", void 0);
+__decorate([
+    (0, typeorm_1.CreateDateColumn)({ name: "created_at" }),
+    __metadata("design:type", Date)
+], RefreshTokenEntity.prototype, "createdAt", void 0);
+exports.RefreshTokenEntity = RefreshTokenEntity = __decorate([
+    (0, typeorm_1.Entity)({ name: "refresh_token" })
+], RefreshTokenEntity);

package/dist/nest/entities/security-role.entity.d.ts

@@ -0,0 +1,6 @@
+export declare class SecurityRoleEntity {
+    id: string;
+    roleKey: string;
+    description: string | null;
+    isSystem: boolean;
+}

package/dist/nest/entities/security-role.entity.js

@@ -0,0 +1,39 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityRoleEntity = void 0;
+const typeorm_1 = require("typeorm");
+let SecurityRoleEntity = class SecurityRoleEntity {
+    id;
+    roleKey;
+    description;
+    isSystem;
+};
+exports.SecurityRoleEntity = SecurityRoleEntity;
+__decorate([
+    (0, typeorm_1.PrimaryGeneratedColumn)("uuid"),
+    __metadata("design:type", String)
+], SecurityRoleEntity.prototype, "id", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "varchar", name: "role_key", unique: true }),
+    __metadata("design:type", String)
+], SecurityRoleEntity.prototype, "roleKey", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "text", nullable: true }),
+    __metadata("design:type", Object)
+], SecurityRoleEntity.prototype, "description", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "boolean", name: "is_system", default: false }),
+    __metadata("design:type", Boolean)
+], SecurityRoleEntity.prototype, "isSystem", void 0);
+exports.SecurityRoleEntity = SecurityRoleEntity = __decorate([
+    (0, typeorm_1.Entity)({ name: "security_role" })
+], SecurityRoleEntity);

package/dist/nest/entities/security-user-role.entity.d.ts

@@ -0,0 +1,5 @@
+export declare class SecurityUserRoleEntity {
+    id: string;
+    userId: string;
+    roleId: string;
+}

package/dist/nest/entities/security-user-role.entity.js

@@ -0,0 +1,34 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityUserRoleEntity = void 0;
+const typeorm_1 = require("typeorm");
+let SecurityUserRoleEntity = class SecurityUserRoleEntity {
+    id;
+    userId;
+    roleId;
+};
+exports.SecurityUserRoleEntity = SecurityUserRoleEntity;
+__decorate([
+    (0, typeorm_1.PrimaryGeneratedColumn)("uuid"),
+    __metadata("design:type", String)
+], SecurityUserRoleEntity.prototype, "id", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "varchar", name: "user_id" }),
+    __metadata("design:type", String)
+], SecurityUserRoleEntity.prototype, "userId", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: "uuid", name: "role_id" }),
+    __metadata("design:type", String)
+], SecurityUserRoleEntity.prototype, "roleId", void 0);
+exports.SecurityUserRoleEntity = SecurityUserRoleEntity = __decorate([
+    (0, typeorm_1.Entity)({ name: "security_user_role" })
+], SecurityUserRoleEntity);

package/dist/nest/index.d.ts

@@ -0,0 +1,18 @@
+export * from "./contracts";
+export * from "./tokens";
+export * from "./security-auth.constants";
+export * from "./security-auth.options";
+export * from "./security-auth.service";
+export * from "./security-auth.controller";
+export * from "./security-auth.module";
+export * from "./security-jwt.guard";
+export * from "./security-admin.guard";
+export * from "./swagger";
+export * from "./security-workflows.service";
+export * from "./security-workflows.controller";
+export * from "./security-workflows.module";
+export * from "./entities/app-user.entity";
+export * from "./entities/refresh-token.entity";
+export * from "./entities/password-reset-token.entity";
+export * from "./entities/security-role.entity";
+export * from "./entities/security-user-role.entity";

package/dist/nest/index.js

@@ -0,0 +1,34 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./contracts"), exports);
+__exportStar(require("./tokens"), exports);
+__exportStar(require("./security-auth.constants"), exports);
+__exportStar(require("./security-auth.options"), exports);
+__exportStar(require("./security-auth.service"), exports);
+__exportStar(require("./security-auth.controller"), exports);
+__exportStar(require("./security-auth.module"), exports);
+__exportStar(require("./security-jwt.guard"), exports);
+__exportStar(require("./security-admin.guard"), exports);
+__exportStar(require("./swagger"), exports);
+__exportStar(require("./security-workflows.service"), exports);
+__exportStar(require("./security-workflows.controller"), exports);
+__exportStar(require("./security-workflows.module"), exports);
+__exportStar(require("./entities/app-user.entity"), exports);
+__exportStar(require("./entities/refresh-token.entity"), exports);
+__exportStar(require("./entities/password-reset-token.entity"), exports);
+__exportStar(require("./entities/security-role.entity"), exports);
+__exportStar(require("./entities/security-user-role.entity"), exports);

package/dist/nest/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/nest/index.test.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const index_1 = require("./index");
+(0, vitest_1.describe)("nest exports", () => {
+    (0, vitest_1.it)("exports core module surface", () => {
+        (0, vitest_1.expect)(index_1.SecurityAuthModule).toBeDefined();
+        (0, vitest_1.expect)(index_1.SecurityWorkflowsModule).toBeDefined();
+        (0, vitest_1.expect)(index_1.SecurityAuthController).toBeDefined();
+        (0, vitest_1.expect)(index_1.SecurityWorkflowsController).toBeDefined();
+        (0, vitest_1.expect)(index_1.SecurityJwtGuard).toBeDefined();
+        (0, vitest_1.expect)(index_1.SecurityAdminGuard).toBeDefined();
+    });
+});

package/dist/nest/security-admin.guard.d.ts

@@ -0,0 +1,4 @@
+import { CanActivate, ExecutionContext } from "@nestjs/common";
+export declare class SecurityAdminGuard implements CanActivate {
+    canActivate(context: ExecutionContext): boolean;
+}

package/dist/nest/security-admin.guard.js

@@ -0,0 +1,25 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityAdminGuard = void 0;
+const common_1 = require("@nestjs/common");
+const contracts_1 = require("../api/contracts");
+let SecurityAdminGuard = class SecurityAdminGuard {
+    canActivate(context) {
+        const request = context.switchToHttp().getRequest();
+        const roles = request.user?.roles ?? [];
+        if (!roles.includes(contracts_1.ADMIN_ROLE)) {
+            throw new common_1.ForbiddenException("Admin access required");
+        }
+        return true;
+    }
+};
+exports.SecurityAdminGuard = SecurityAdminGuard;
+exports.SecurityAdminGuard = SecurityAdminGuard = __decorate([
+    (0, common_1.Injectable)()
+], SecurityAdminGuard);

package/dist/nest/security-admin.guard.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/nest/security-admin.guard.test.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const common_1 = require("@nestjs/common");
+const vitest_1 = require("vitest");
+const security_admin_guard_1 = require("./security-admin.guard");
+const makeContext = (roles) => ({
+    switchToHttp: () => ({
+        getRequest: () => ({ user: { roles } }),
+    }),
+});
+(0, vitest_1.describe)("SecurityAdminGuard", () => {
+    (0, vitest_1.it)("allows admin role", () => {
+        const guard = new security_admin_guard_1.SecurityAdminGuard();
+        (0, vitest_1.expect)(guard.canActivate(makeContext(["ADMIN"]))).toBe(true);
+    });
+    (0, vitest_1.it)("rejects non-admin roles", () => {
+        const guard = new security_admin_guard_1.SecurityAdminGuard();
+        (0, vitest_1.expect)(() => guard.canActivate(makeContext(["USER"]))).toThrow(common_1.ForbiddenException);
+    });
+    (0, vitest_1.it)("rejects when user/roles are missing", () => {
+        const guard = new security_admin_guard_1.SecurityAdminGuard();
+        (0, vitest_1.expect)(() => guard.canActivate(makeContext(undefined))).toThrow("Admin access required");
+    });
+});

package/dist/nest/security-auth.constants.d.ts

@@ -0,0 +1 @@
+export declare const SECURITY_AUTH_OPTIONS: unique symbol;

package/dist/nest/security-auth.constants.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SECURITY_AUTH_OPTIONS = void 0;
+exports.SECURITY_AUTH_OPTIONS = Symbol("SECURITY_AUTH_OPTIONS");

package/dist/nest/security-auth.controller.d.ts

@@ -0,0 +1,53 @@
+import { SecurityAuthService } from "./security-auth.service";
+type AuthedRequest = {
+    user: {
+        sub: string;
+    };
+};
+export declare class SecurityAuthController {
+    private readonly authService;
+    constructor(authService: SecurityAuthService);
+    register(body: {
+        email?: string;
+        password?: string;
+        firstName?: string;
+        lastName?: string;
+    }): Promise<import("../api").RegisterResponse>;
+    login(body: {
+        email?: string;
+        password?: string;
+    }): Promise<import("../api").AuthResponse>;
+    refresh(body: {
+        refreshToken?: string;
+    }): Promise<import("../api").AuthResponse>;
+    logout(body: {
+        refreshToken?: string;
+    }): Promise<{
+        success: true;
+    }>;
+    changePassword(request: AuthedRequest, body: {
+        currentPassword?: string;
+        newPassword?: string;
+    }): Promise<{
+        success: true;
+    }>;
+    forgotPassword(body: {
+        email?: string;
+    }): Promise<{
+        success: true;
+    }>;
+    resetPassword(body: {
+        token?: string;
+        newPassword?: string;
+    }): Promise<{
+        success: true;
+    }>;
+    verifyEmail(token?: string): Promise<{
+        success: true;
+    }>;
+    getMyRoles(request: AuthedRequest): Promise<{
+        userId: string;
+        roles: string[];
+    }>;
+}
+export {};

package/dist/nest/security-auth.controller.js

@@ -0,0 +1,179 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityAuthController = void 0;
+const common_1 = require("@nestjs/common");
+const swagger_1 = require("@nestjs/swagger");
+const security_jwt_guard_1 = require("./security-jwt.guard");
+const security_auth_service_1 = require("./security-auth.service");
+const auth_dto_1 = require("./dto/auth.dto");
+let SecurityAuthController = class SecurityAuthController {
+    authService;
+    constructor(authService) {
+        this.authService = authService;
+    }
+    async register(body) {
+        if (!body.email || !body.password) {
+            throw new common_1.BadRequestException("Email and password are required");
+        }
+        return this.authService.register({
+            email: body.email,
+            password: body.password,
+            firstName: body.firstName ?? null,
+            lastName: body.lastName ?? null,
+        });
+    }
+    async login(body) {
+        if (!body.email || !body.password) {
+            throw new common_1.BadRequestException("Email and password are required");
+        }
+        return this.authService.login({
+            email: body.email,
+            password: body.password,
+        });
+    }
+    async refresh(body) {
+        if (!body.refreshToken) {
+            throw new common_1.BadRequestException("Refresh token is required");
+        }
+        return this.authService.refresh(body.refreshToken);
+    }
+    async logout(body) {
+        return this.authService.logout(body.refreshToken);
+    }
+    async changePassword(request, body) {
+        if (!body.currentPassword || !body.newPassword) {
+            throw new common_1.BadRequestException("Current password and new password are required");
+        }
+        return this.authService.changePassword({
+            userId: request.user.sub,
+            currentPassword: body.currentPassword,
+            newPassword: body.newPassword,
+        });
+    }
+    async forgotPassword(body) {
+        if (!body.email) {
+            throw new common_1.BadRequestException("Email is required");
+        }
+        return this.authService.requestForgotPassword(body.email);
+    }
+    async resetPassword(body) {
+        if (!body.token || !body.newPassword) {
+            throw new common_1.BadRequestException("Token and newPassword are required");
+        }
+        return this.authService.resetPassword(body.token, body.newPassword);
+    }
+    async verifyEmail(token) {
+        if (!token) {
+            throw new common_1.BadRequestException("Verification token is required");
+        }
+        return this.authService.verifyEmailByToken(token);
+    }
+    async getMyRoles(request) {
+        return this.authService.getMyRoles(request.user.sub);
+    }
+};
+exports.SecurityAuthController = SecurityAuthController;
+__decorate([
+    (0, common_1.Post)("register"),
+    (0, swagger_1.ApiOperation)({ summary: "Register a new user" }),
+    (0, swagger_1.ApiBody)({ type: auth_dto_1.RegisterDto }),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], SecurityAuthController.prototype, "register", null);
+__decorate([
+    (0, common_1.Post)("login"),
+    (0, swagger_1.ApiOperation)({ summary: "Login with email/password" }),
+    (0, swagger_1.ApiBody)({ type: auth_dto_1.LoginDto }),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], SecurityAuthController.prototype, "login", null);
+__decorate([
+    (0, common_1.Post)("refresh"),
+    (0, swagger_1.ApiOperation)({ summary: "Refresh access token" }),
+    (0, swagger_1.ApiBody)({ type: auth_dto_1.RefreshDto }),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], SecurityAuthController.prototype, "refresh", null);
+__decorate([
+    (0, common_1.UseGuards)(security_jwt_guard_1.SecurityJwtGuard),
+    (0, common_1.Post)("logout"),
+    (0, swagger_1.ApiOperation)({ summary: "Logout user" }),
+    (0, swagger_1.ApiBearerAuth)(),
+    (0, swagger_1.ApiBody)({ type: auth_dto_1.LogoutDto }),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], SecurityAuthController.prototype, "logout", null);
+__decorate([
+    (0, common_1.UseGuards)(security_jwt_guard_1.SecurityJwtGuard),
+    (0, common_1.Post)("change-password"),
+    (0, swagger_1.ApiOperation)({ summary: "Change password for authenticated user" }),
+    (0, swagger_1.ApiBearerAuth)(),
+    (0, swagger_1.ApiBody)({ type: auth_dto_1.ChangePasswordDto }),
+    __param(0, (0, common_1.Req)()),
+    __param(1, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], SecurityAuthController.prototype, "changePassword", null);
+__decorate([
+    (0, common_1.Post)("forgot-password"),
+    (0, swagger_1.ApiOperation)({ summary: "Request password reset token by email" }),
+    (0, swagger_1.ApiBody)({ type: auth_dto_1.ForgotPasswordDto }),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], SecurityAuthController.prototype, "forgotPassword", null);
+__decorate([
+    (0, common_1.Post)("reset-password"),
+    (0, swagger_1.ApiOperation)({ summary: "Reset password with token" }),
+    (0, swagger_1.ApiBody)({ type: auth_dto_1.ResetPasswordDto }),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], SecurityAuthController.prototype, "resetPassword", null);
+__decorate([
+    (0, common_1.Get)("verify-email"),
+    (0, swagger_1.ApiOperation)({ summary: "Verify email using token" }),
+    (0, swagger_1.ApiQuery)({ name: "token", required: true }),
+    __param(0, (0, common_1.Query)("token")),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String]),
+    __metadata("design:returntype", Promise)
+], SecurityAuthController.prototype, "verifyEmail", null);
+__decorate([
+    (0, common_1.UseGuards)(security_jwt_guard_1.SecurityJwtGuard),
+    (0, common_1.Get)("me/roles"),
+    (0, swagger_1.ApiOperation)({ summary: "Get roles for authenticated user" }),
+    (0, swagger_1.ApiBearerAuth)(),
+    __param(0, (0, common_1.Req)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], SecurityAuthController.prototype, "getMyRoles", null);
+exports.SecurityAuthController = SecurityAuthController = __decorate([
+    (0, common_1.Controller)("security/auth"),
+    (0, swagger_1.ApiTags)("security-auth"),
+    __metadata("design:paramtypes", [security_auth_service_1.SecurityAuthService])
+], SecurityAuthController);

package/dist/nest/security-auth.controller.test.d.ts

@@ -0,0 +1 @@
+export {};