@scryan7371/sdr-security 0.1.1 → 0.1.3

package/dist/nest/security-jwt.guard.test.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const common_1 = require("@nestjs/common");
+const vitest_1 = require("vitest");
+vitest_1.vi.mock("jsonwebtoken", () => ({
+    verify: vitest_1.vi.fn(),
+}));
+const jsonwebtoken_1 = require("jsonwebtoken");
+const security_jwt_guard_1 = require("./security-jwt.guard");
+const mockedVerify = vitest_1.vi.mocked(jsonwebtoken_1.verify);
+const makeContext = (headers) => ({
+    switchToHttp: () => ({
+        getRequest: () => ({ headers }),
+    }),
+});
+(0, vitest_1.describe)("SecurityJwtGuard", () => {
+    (0, vitest_1.it)("throws when header is missing", () => {
+        const guard = new security_jwt_guard_1.SecurityJwtGuard({ jwtSecret: "secret" });
+        (0, vitest_1.expect)(() => guard.canActivate(makeContext())).toThrow(common_1.UnauthorizedException);
+    });
+    (0, vitest_1.it)("throws when token is invalid", () => {
+        mockedVerify.mockImplementation(() => {
+            throw new Error("bad token");
+        });
+        const guard = new security_jwt_guard_1.SecurityJwtGuard({ jwtSecret: "secret" });
+        (0, vitest_1.expect)(() => guard.canActivate(makeContext({ authorization: "Bearer token" }))).toThrow("Invalid token");
+    });
+    (0, vitest_1.it)("attaches user payload on success", () => {
+        mockedVerify.mockReturnValue({
+            sub: "user-1",
+            email: "user@example.com",
+            roles: ["ADMIN"],
+        });
+        const request = {
+            headers: { Authorization: "Bearer good-token" },
+            user: undefined,
+        };
+        const context = {
+            switchToHttp: () => ({
+                getRequest: () => request,
+            }),
+        };
+        const guard = new security_jwt_guard_1.SecurityJwtGuard({ jwtSecret: "secret" });
+        (0, vitest_1.expect)(guard.canActivate(context)).toBe(true);
+        (0, vitest_1.expect)(request.user).toEqual({
+            sub: "user-1",
+            email: "user@example.com",
+            roles: ["ADMIN"],
+        });
+    });
+});

package/dist/nest/security-modules.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/nest/security-modules.test.js

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const security_auth_constants_1 = require("./security-auth.constants");
+const security_auth_module_1 = require("./security-auth.module");
+const security_workflows_module_1 = require("./security-workflows.module");
+const tokens_1 = require("./tokens");
+(0, vitest_1.describe)("Security module factories", () => {
+    (0, vitest_1.it)("builds auth module with custom notifier", () => {
+        const notifierProvider = {
+            provide: tokens_1.SECURITY_WORKFLOW_NOTIFIER,
+            useValue: {
+                sendAdminsUserEmailVerified: async () => undefined,
+                sendUserAccountApproved: async () => undefined,
+            },
+        };
+        const dynamicModule = security_auth_module_1.SecurityAuthModule.forRoot({
+            auth: { jwtSecret: "secret", requireAdminApproval: true },
+            notifierProvider,
+        });
+        (0, vitest_1.expect)(dynamicModule.module).toBe(security_auth_module_1.SecurityAuthModule);
+        (0, vitest_1.expect)(dynamicModule.controllers).toBeDefined();
+        (0, vitest_1.expect)(dynamicModule.providers).toEqual(vitest_1.expect.arrayContaining([
+            vitest_1.expect.objectContaining({ provide: security_auth_constants_1.SECURITY_AUTH_OPTIONS }),
+            notifierProvider,
+        ]));
+    });
+    (0, vitest_1.it)("builds auth module with default notifier", () => {
+        const dynamicModule = security_auth_module_1.SecurityAuthModule.forRoot({
+            auth: { jwtSecret: "secret" },
+        });
+        const notifier = (dynamicModule.providers ?? []).find((provider) => typeof provider === "object" &&
+            provider !== null &&
+            "provide" in provider &&
+            provider.provide ===
+                tokens_1.SECURITY_WORKFLOW_NOTIFIER);
+        (0, vitest_1.expect)(notifier).toBeDefined();
+    });
+    (0, vitest_1.it)("builds workflows module with default auth options", () => {
+        const dynamicModule = security_workflows_module_1.SecurityWorkflowsModule.forRoot();
+        (0, vitest_1.expect)(dynamicModule.module).toBe(security_workflows_module_1.SecurityWorkflowsModule);
+        (0, vitest_1.expect)(dynamicModule.providers).toEqual(vitest_1.expect.arrayContaining([
+            vitest_1.expect.objectContaining({ provide: security_auth_constants_1.SECURITY_AUTH_OPTIONS }),
+            vitest_1.expect.objectContaining({ provide: tokens_1.SECURITY_WORKFLOW_NOTIFIER }),
+        ]));
+    });
+    (0, vitest_1.it)("builds workflows module with custom options", () => {
+        const notifierProvider = {
+            provide: tokens_1.SECURITY_WORKFLOW_NOTIFIER,
+            useValue: {
+                sendAdminsUserEmailVerified: async () => undefined,
+                sendUserAccountApproved: async () => undefined,
+            },
+        };
+        const dynamicModule = security_workflows_module_1.SecurityWorkflowsModule.forRoot({
+            auth: { jwtSecret: "custom" },
+            notifierProvider,
+        });
+        (0, vitest_1.expect)(dynamicModule.providers).toEqual(vitest_1.expect.arrayContaining([notifierProvider]));
+    });
+});

package/dist/nest/security-workflows.controller.d.ts

@@ -0,0 +1,72 @@
+import { SecurityWorkflowsService } from "./security-workflows.service";
+export declare class SecurityWorkflowsController {
+    private readonly workflowsService;
+    constructor(workflowsService: SecurityWorkflowsService);
+    markEmailVerified(id: string): Promise<{
+        success: true;
+        notified: false;
+        adminEmails: string[];
+    } | {
+        success: true;
+        notified: true;
+        adminEmails: string[];
+    }>;
+    setAdminApproval(id: string, body: {
+        approved?: boolean;
+    }): Promise<{
+        success: true;
+        notified: false;
+    } | {
+        success: true;
+        notified: true;
+    }>;
+    setUserActive(id: string, body: {
+        active?: boolean;
+    }): Promise<{
+        success: true;
+        userId: string;
+        active: boolean;
+    }>;
+    listRoles(): Promise<{
+        roles: {
+            role: string;
+            description: string | null;
+            isSystem: boolean;
+        }[];
+    }>;
+    createRole(body: {
+        role?: string;
+        description?: string | null;
+    }): Promise<{
+        roles: {
+            role: string;
+            description: string | null;
+            isSystem: boolean;
+        }[];
+    }>;
+    removeRole(role: string): Promise<{
+        success: false;
+    } | {
+        success: true;
+    }>;
+    getUserRoles(id: string): Promise<{
+        userId: string;
+        roles: string[];
+    }>;
+    setUserRoles(id: string, body: {
+        roles?: string[];
+    }): Promise<{
+        userId: string;
+        roles: string[];
+    }>;
+    assignUserRole(id: string, body: {
+        role?: string;
+    }): Promise<{
+        userId: string;
+        roles: string[];
+    }>;
+    removeUserRole(id: string, role: string): Promise<{
+        userId: string;
+        roles: string[];
+    }>;
+}

package/dist/nest/security-workflows.controller.js

@@ -0,0 +1,187 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityWorkflowsController = void 0;
+const common_1 = require("@nestjs/common");
+const swagger_1 = require("@nestjs/swagger");
+const security_admin_guard_1 = require("./security-admin.guard");
+const security_jwt_guard_1 = require("./security-jwt.guard");
+const security_workflows_service_1 = require("./security-workflows.service");
+const workflows_dto_1 = require("./dto/workflows.dto");
+let SecurityWorkflowsController = class SecurityWorkflowsController {
+    workflowsService;
+    constructor(workflowsService) {
+        this.workflowsService = workflowsService;
+    }
+    async markEmailVerified(id) {
+        return this.workflowsService.markEmailVerifiedAndNotifyAdmins(id);
+    }
+    async setAdminApproval(id, body) {
+        if (typeof body.approved !== "boolean") {
+            throw new common_1.BadRequestException("approved is required");
+        }
+        return this.workflowsService.setAdminApprovalAndNotifyUser(id, body.approved);
+    }
+    async setUserActive(id, body) {
+        if (typeof body.active !== "boolean") {
+            throw new common_1.BadRequestException("active is required");
+        }
+        return this.workflowsService.setUserActive(id, body.active);
+    }
+    async listRoles() {
+        return { roles: await this.workflowsService.listRoles() };
+    }
+    async createRole(body) {
+        if (!body.role || !body.role.trim()) {
+            throw new common_1.BadRequestException("role is required");
+        }
+        return {
+            roles: await this.workflowsService.createRole(body.role, body.description),
+        };
+    }
+    async removeRole(role) {
+        return this.workflowsService.removeRole(role);
+    }
+    async getUserRoles(id) {
+        return this.workflowsService.getUserRoles(id);
+    }
+    async setUserRoles(id, body) {
+        if (!Array.isArray(body.roles)) {
+            throw new common_1.BadRequestException("roles must be an array");
+        }
+        return this.workflowsService.setUserRoles(id, body.roles);
+    }
+    async assignUserRole(id, body) {
+        if (!body.role || !body.role.trim()) {
+            throw new common_1.BadRequestException("role is required");
+        }
+        return this.workflowsService.assignRoleToUser(id, body.role);
+    }
+    async removeUserRole(id, role) {
+        return this.workflowsService.removeRoleFromUser(id, role);
+    }
+};
+exports.SecurityWorkflowsController = SecurityWorkflowsController;
+__decorate([
+    (0, common_1.Post)("users/:id/email-verified"),
+    (0, swagger_1.ApiOperation)({ summary: "Mark user email as verified and notify admins" }),
+    __param(0, (0, common_1.Param)("id")),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String]),
+    __metadata("design:returntype", Promise)
+], SecurityWorkflowsController.prototype, "markEmailVerified", null);
+__decorate([
+    (0, common_1.Patch)("users/:id/admin-approval"),
+    (0, common_1.UseGuards)(security_jwt_guard_1.SecurityJwtGuard, security_admin_guard_1.SecurityAdminGuard),
+    (0, swagger_1.ApiOperation)({ summary: "Approve/unapprove user and notify on approval" }),
+    (0, swagger_1.ApiBearerAuth)(),
+    (0, swagger_1.ApiBody)({ type: workflows_dto_1.SetAdminApprovalDto }),
+    __param(0, (0, common_1.Param)("id")),
+    __param(1, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object]),
+    __metadata("design:returntype", Promise)
+], SecurityWorkflowsController.prototype, "setAdminApproval", null);
+__decorate([
+    (0, common_1.Patch)("users/:id/active"),
+    (0, common_1.UseGuards)(security_jwt_guard_1.SecurityJwtGuard, security_admin_guard_1.SecurityAdminGuard),
+    (0, swagger_1.ApiOperation)({ summary: "Activate/deactivate a user" }),
+    (0, swagger_1.ApiBearerAuth)(),
+    (0, swagger_1.ApiBody)({ type: workflows_dto_1.SetUserActiveDto }),
+    __param(0, (0, common_1.Param)("id")),
+    __param(1, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object]),
+    __metadata("design:returntype", Promise)
+], SecurityWorkflowsController.prototype, "setUserActive", null);
+__decorate([
+    (0, common_1.Get)("roles"),
+    (0, common_1.UseGuards)(security_jwt_guard_1.SecurityJwtGuard, security_admin_guard_1.SecurityAdminGuard),
+    (0, swagger_1.ApiOperation)({ summary: "List role catalog" }),
+    (0, swagger_1.ApiBearerAuth)(),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", []),
+    __metadata("design:returntype", Promise)
+], SecurityWorkflowsController.prototype, "listRoles", null);
+__decorate([
+    (0, common_1.Post)("roles"),
+    (0, common_1.UseGuards)(security_jwt_guard_1.SecurityJwtGuard, security_admin_guard_1.SecurityAdminGuard),
+    (0, swagger_1.ApiOperation)({ summary: "Create or update a role" }),
+    (0, swagger_1.ApiBearerAuth)(),
+    (0, swagger_1.ApiBody)({ type: workflows_dto_1.CreateRoleDto }),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], SecurityWorkflowsController.prototype, "createRole", null);
+__decorate([
+    (0, common_1.Delete)("roles/:role"),
+    (0, common_1.UseGuards)(security_jwt_guard_1.SecurityJwtGuard, security_admin_guard_1.SecurityAdminGuard),
+    (0, swagger_1.ApiOperation)({ summary: "Remove a role" }),
+    (0, swagger_1.ApiBearerAuth)(),
+    __param(0, (0, common_1.Param)("role")),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String]),
+    __metadata("design:returntype", Promise)
+], SecurityWorkflowsController.prototype, "removeRole", null);
+__decorate([
+    (0, common_1.Get)("users/:id/roles"),
+    (0, common_1.UseGuards)(security_jwt_guard_1.SecurityJwtGuard, security_admin_guard_1.SecurityAdminGuard),
+    (0, swagger_1.ApiOperation)({ summary: "Get assigned roles for a user" }),
+    (0, swagger_1.ApiBearerAuth)(),
+    __param(0, (0, common_1.Param)("id")),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String]),
+    __metadata("design:returntype", Promise)
+], SecurityWorkflowsController.prototype, "getUserRoles", null);
+__decorate([
+    (0, common_1.Put)("users/:id/roles"),
+    (0, common_1.UseGuards)(security_jwt_guard_1.SecurityJwtGuard, security_admin_guard_1.SecurityAdminGuard),
+    (0, swagger_1.ApiOperation)({ summary: "Replace user roles" }),
+    (0, swagger_1.ApiBearerAuth)(),
+    (0, swagger_1.ApiBody)({ type: workflows_dto_1.SetUserRolesDto }),
+    __param(0, (0, common_1.Param)("id")),
+    __param(1, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object]),
+    __metadata("design:returntype", Promise)
+], SecurityWorkflowsController.prototype, "setUserRoles", null);
+__decorate([
+    (0, common_1.Post)("users/:id/roles"),
+    (0, common_1.UseGuards)(security_jwt_guard_1.SecurityJwtGuard, security_admin_guard_1.SecurityAdminGuard),
+    (0, swagger_1.ApiOperation)({ summary: "Assign one role to a user" }),
+    (0, swagger_1.ApiBearerAuth)(),
+    (0, swagger_1.ApiBody)({ type: workflows_dto_1.AssignRoleDto }),
+    __param(0, (0, common_1.Param)("id")),
+    __param(1, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object]),
+    __metadata("design:returntype", Promise)
+], SecurityWorkflowsController.prototype, "assignUserRole", null);
+__decorate([
+    (0, common_1.Delete)("users/:id/roles/:role"),
+    (0, common_1.UseGuards)(security_jwt_guard_1.SecurityJwtGuard, security_admin_guard_1.SecurityAdminGuard),
+    (0, swagger_1.ApiOperation)({ summary: "Remove one role from a user" }),
+    (0, swagger_1.ApiBearerAuth)(),
+    __param(0, (0, common_1.Param)("id")),
+    __param(1, (0, common_1.Param)("role")),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, String]),
+    __metadata("design:returntype", Promise)
+], SecurityWorkflowsController.prototype, "removeUserRole", null);
+exports.SecurityWorkflowsController = SecurityWorkflowsController = __decorate([
+    (0, common_1.Controller)("security/workflows"),
+    (0, swagger_1.ApiTags)("security-workflows"),
+    __metadata("design:paramtypes", [security_workflows_service_1.SecurityWorkflowsService])
+], SecurityWorkflowsController);

package/dist/nest/security-workflows.controller.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/nest/security-workflows.controller.test.js

@@ -0,0 +1,87 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const common_1 = require("@nestjs/common");
+const vitest_1 = require("vitest");
+const security_workflows_controller_1 = require("./security-workflows.controller");
+const makeService = () => ({
+    markEmailVerifiedAndNotifyAdmins: vitest_1.vi.fn(),
+    setAdminApprovalAndNotifyUser: vitest_1.vi.fn(),
+    setUserActive: vitest_1.vi.fn(),
+    listRoles: vitest_1.vi.fn(),
+    createRole: vitest_1.vi.fn(),
+    removeRole: vitest_1.vi.fn(),
+    getUserRoles: vitest_1.vi.fn(),
+    setUserRoles: vitest_1.vi.fn(),
+    assignRoleToUser: vitest_1.vi.fn(),
+    removeRoleFromUser: vitest_1.vi.fn(),
+});
+(0, vitest_1.describe)("SecurityWorkflowsController", () => {
+    let service;
+    let controller;
+    (0, vitest_1.beforeEach)(() => {
+        service = makeService();
+        controller = new security_workflows_controller_1.SecurityWorkflowsController(service);
+    });
+    (0, vitest_1.it)("marks email verified", async () => {
+        service.markEmailVerifiedAndNotifyAdmins.mockResolvedValue({
+            success: true,
+        });
+        await (0, vitest_1.expect)(controller.markEmailVerified("u1")).resolves.toEqual({
+            success: true,
+        });
+    });
+    (0, vitest_1.it)("validates admin approval and active payload", async () => {
+        await (0, vitest_1.expect)(controller.setAdminApproval("u1", {})).rejects.toBeInstanceOf(common_1.BadRequestException);
+        await (0, vitest_1.expect)(controller.setUserActive("u1", {})).rejects.toBeInstanceOf(common_1.BadRequestException);
+    });
+    (0, vitest_1.it)("delegates admin approval and active updates", async () => {
+        service.setAdminApprovalAndNotifyUser.mockResolvedValue({ success: true });
+        service.setUserActive.mockResolvedValue({ success: true });
+        await controller.setAdminApproval("u1", { approved: true });
+        await controller.setUserActive("u1", { active: false });
+        (0, vitest_1.expect)(service.setAdminApprovalAndNotifyUser).toHaveBeenCalledWith("u1", true);
+        (0, vitest_1.expect)(service.setUserActive).toHaveBeenCalledWith("u1", false);
+    });
+    (0, vitest_1.it)("lists and creates roles", async () => {
+        service.listRoles.mockResolvedValue([{ role: "ADMIN" }]);
+        service.createRole.mockResolvedValue([
+            { role: "ADMIN" },
+            { role: "COACH" },
+        ]);
+        await (0, vitest_1.expect)(controller.listRoles()).resolves.toEqual({
+            roles: [{ role: "ADMIN" }],
+        });
+        await (0, vitest_1.expect)(controller.createRole({ role: "coach", description: null })).resolves.toEqual({ roles: [{ role: "ADMIN" }, { role: "COACH" }] });
+        await (0, vitest_1.expect)(controller.createRole({ role: "   " })).rejects.toBeInstanceOf(common_1.BadRequestException);
+    });
+    (0, vitest_1.it)("delegates role assignment and removal", async () => {
+        service.removeRole.mockResolvedValue({ success: true });
+        service.getUserRoles.mockResolvedValue({ userId: "u1", roles: ["ADMIN"] });
+        service.setUserRoles.mockResolvedValue({ userId: "u1", roles: ["ADMIN"] });
+        service.assignRoleToUser.mockResolvedValue({
+            userId: "u1",
+            roles: ["ADMIN"],
+        });
+        service.removeRoleFromUser.mockResolvedValue({ userId: "u1", roles: [] });
+        await (0, vitest_1.expect)(controller.removeRole("ADMIN")).resolves.toEqual({
+            success: true,
+        });
+        await (0, vitest_1.expect)(controller.getUserRoles("u1")).resolves.toEqual({
+            userId: "u1",
+            roles: ["ADMIN"],
+        });
+        await (0, vitest_1.expect)(controller.setUserRoles("u1", { roles: ["ADMIN"] })).resolves.toEqual({
+            userId: "u1",
+            roles: ["ADMIN"],
+        });
+        await (0, vitest_1.expect)(controller.assignUserRole("u1", { role: "ADMIN" })).resolves.toEqual({ userId: "u1", roles: ["ADMIN"] });
+        await (0, vitest_1.expect)(controller.removeUserRole("u1", "ADMIN")).resolves.toEqual({
+            userId: "u1",
+            roles: [],
+        });
+    });
+    (0, vitest_1.it)("validates role array and role string", async () => {
+        await (0, vitest_1.expect)(controller.setUserRoles("u1", { roles: undefined })).rejects.toBeInstanceOf(common_1.BadRequestException);
+        await (0, vitest_1.expect)(controller.assignUserRole("u1", {})).rejects.toBeInstanceOf(common_1.BadRequestException);
+    });
+});

package/dist/nest/security-workflows.module.d.ts

@@ -0,0 +1,9 @@
+import { DynamicModule, Provider } from "@nestjs/common";
+import { SecurityWorkflowNotifier } from "./contracts";
+import { SecurityAuthModuleOptions } from "./security-auth.options";
+export declare class SecurityWorkflowsModule {
+    static forRoot(options?: {
+        notifierProvider?: Provider<SecurityWorkflowNotifier>;
+        auth?: SecurityAuthModuleOptions;
+    }): DynamicModule;
+}

package/dist/nest/security-workflows.module.js

@@ -0,0 +1,61 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var SecurityWorkflowsModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityWorkflowsModule = void 0;
+const common_1 = require("@nestjs/common");
+const typeorm_1 = require("@nestjs/typeorm");
+const security_auth_constants_1 = require("./security-auth.constants");
+const security_admin_guard_1 = require("./security-admin.guard");
+const security_jwt_guard_1 = require("./security-jwt.guard");
+const app_user_entity_1 = require("./entities/app-user.entity");
+const security_role_entity_1 = require("./entities/security-role.entity");
+const security_user_entity_1 = require("./entities/security-user.entity");
+const security_user_role_entity_1 = require("./entities/security-user-role.entity");
+const security_workflows_controller_1 = require("./security-workflows.controller");
+const security_workflows_service_1 = require("./security-workflows.service");
+const tokens_1 = require("./tokens");
+const noopNotifier = {
+    sendAdminsUserEmailVerified: async () => undefined,
+    sendUserAccountApproved: async () => undefined,
+};
+let SecurityWorkflowsModule = SecurityWorkflowsModule_1 = class SecurityWorkflowsModule {
+    static forRoot(options) {
+        const notifierProvider = options?.notifierProvider ?? {
+            provide: tokens_1.SECURITY_WORKFLOW_NOTIFIER,
+            useValue: noopNotifier,
+        };
+        return {
+            module: SecurityWorkflowsModule_1,
+            imports: [
+                typeorm_1.TypeOrmModule.forFeature([
+                    app_user_entity_1.AppUserEntity,
+                    security_user_entity_1.SecurityUserEntity,
+                    security_role_entity_1.SecurityRoleEntity,
+                    security_user_role_entity_1.SecurityUserRoleEntity,
+                ]),
+            ],
+            controllers: [security_workflows_controller_1.SecurityWorkflowsController],
+            providers: [
+                {
+                    provide: security_auth_constants_1.SECURITY_AUTH_OPTIONS,
+                    useValue: options?.auth ?? { jwtSecret: "dev-secret" },
+                },
+                security_workflows_service_1.SecurityWorkflowsService,
+                security_jwt_guard_1.SecurityJwtGuard,
+                security_admin_guard_1.SecurityAdminGuard,
+                notifierProvider,
+            ],
+            exports: [security_workflows_service_1.SecurityWorkflowsService],
+        };
+    }
+};
+exports.SecurityWorkflowsModule = SecurityWorkflowsModule;
+exports.SecurityWorkflowsModule = SecurityWorkflowsModule = SecurityWorkflowsModule_1 = __decorate([
+    (0, common_1.Module)({})
+], SecurityWorkflowsModule);

package/dist/nest/security-workflows.service.d.ts

@@ -0,0 +1,69 @@
+import { Repository } from "typeorm";
+import { AppUserEntity } from "./entities/app-user.entity";
+import { SecurityRoleEntity } from "./entities/security-role.entity";
+import { SecurityUserEntity } from "./entities/security-user.entity";
+import { SecurityUserRoleEntity } from "./entities/security-user-role.entity";
+import { SecurityWorkflowNotifier } from "./contracts";
+export declare class SecurityWorkflowsService {
+    private readonly appUsersRepo;
+    private readonly securityUsersRepo;
+    private readonly rolesRepo;
+    private readonly userRolesRepo;
+    private readonly notifier;
+    constructor(appUsersRepo: Repository<AppUserEntity>, securityUsersRepo: Repository<SecurityUserEntity>, rolesRepo: Repository<SecurityRoleEntity>, userRolesRepo: Repository<SecurityUserRoleEntity>, notifier: SecurityWorkflowNotifier);
+    markEmailVerifiedAndNotifyAdmins(userId: string): Promise<{
+        success: true;
+        notified: false;
+        adminEmails: string[];
+    } | {
+        success: true;
+        notified: true;
+        adminEmails: string[];
+    }>;
+    setAdminApprovalAndNotifyUser(userId: string, approved: boolean): Promise<{
+        success: true;
+        notified: false;
+    } | {
+        success: true;
+        notified: true;
+    }>;
+    listAdminEmails(): Promise<string[]>;
+    listRoles(): Promise<{
+        role: string;
+        description: string | null;
+        isSystem: boolean;
+    }[]>;
+    createRole(roleName: string, description?: string | null): Promise<{
+        role: string;
+        description: string | null;
+        isSystem: boolean;
+    }[]>;
+    removeRole(roleName: string): Promise<{
+        success: false;
+    } | {
+        success: true;
+    }>;
+    getUserRoles(userId: string): Promise<{
+        userId: string;
+        roles: string[];
+    }>;
+    setUserRoles(userId: string, roleNames: string[]): Promise<{
+        userId: string;
+        roles: string[];
+    }>;
+    assignRoleToUser(userId: string, roleName: string): Promise<{
+        userId: string;
+        roles: string[];
+    }>;
+    removeRoleFromUser(userId: string, roleName: string): Promise<{
+        userId: string;
+        roles: string[];
+    }>;
+    setUserActive(userId: string, active: boolean): Promise<{
+        success: true;
+        userId: string;
+        active: boolean;
+    }>;
+    private assertUserExists;
+    private ensureRoles;
+}