@scryan7371/sdr-security 0.1.2 → 0.1.3

package/src/api/migrations/1739510000000-create-security-roles.ts

@@ -2,20 +2,11 @@ export class CreateSecurityRoles1739510000000 {
   name = "CreateSecurityRoles1739510000000";
 
   async up(queryRunner: {
-    query: (sql: string, params?: unknown[]) => Promise<unknown>;
+    query: (sql: string) => Promise<unknown>;
   }): Promise<void> {
-    const userTable = getSafeIdentifier(process.env.USER_TABLE, "app_user");
-    const userSchema = getSafeIdentifier(
-      process.env.USER_TABLE_SCHEMA,
-      "public",
-    );
-    const userTableRef = `"${userSchema}"."${userTable}"`;
-
-    await queryRunner.query(`CREATE EXTENSION IF NOT EXISTS "uuid-ossp"`);
-
     await queryRunner.query(`
       CREATE TABLE IF NOT EXISTS "security_role" (
-        "id" uuid PRIMARY KEY NOT NULL DEFAULT uuid_generate_v4(),
+        "id" uuid PRIMARY KEY NOT NULL DEFAULT uuidv7(),
         "role_key" varchar NOT NULL,
         "description" text,
         "is_system" boolean NOT NULL DEFAULT false,
@@ -28,95 +19,17 @@ export class CreateSecurityRoles1739510000000 {
       `CREATE UNIQUE INDEX IF NOT EXISTS "IDX_security_role_key" ON "security_role" ("role_key")`,
     );
 
-    await queryRunner.query(`
-      CREATE TABLE IF NOT EXISTS "security_user_role" (
-        "id" uuid PRIMARY KEY NOT NULL DEFAULT uuid_generate_v4(),
-        "user_id" varchar NOT NULL,
-        "role_id" uuid NOT NULL,
-        "created_at" timestamptz NOT NULL DEFAULT now(),
-        CONSTRAINT "FK_security_user_role_user_id" FOREIGN KEY ("user_id") REFERENCES ${userTableRef} ("id") ON DELETE CASCADE,
-        CONSTRAINT "FK_security_user_role_role_id" FOREIGN KEY ("role_id") REFERENCES "security_role" ("id") ON DELETE CASCADE
-      )
-    `);
-
-    await queryRunner.query(
-      `CREATE UNIQUE INDEX IF NOT EXISTS "IDX_security_user_role_user_role" ON "security_user_role" ("user_id", "role_id")`,
-    );
-
     await queryRunner.query(`
       INSERT INTO "security_role" ("role_key", "description", "is_system", "created_at", "updated_at")
       VALUES ('ADMIN', 'Administrative access', true, now(), now())
       ON CONFLICT ("role_key") DO NOTHING
     `);
-
-    const hasRoleColumn = (await queryRunner.query(
-      `
-        SELECT 1
-        FROM information_schema.columns
-        WHERE table_schema = $1
-          AND table_name = $2
-          AND column_name = 'role'
-        LIMIT 1
-      `,
-      [userSchema, userTable],
-    )) as Array<{ "?column?": number }>;
-
-    if (hasRoleColumn.length > 0) {
-      await queryRunner.query(`
-        INSERT INTO "security_role" ("role_key", "description", "is_system", "created_at", "updated_at")
-        SELECT DISTINCT
-          CASE
-            WHEN UPPER(TRIM("role")) = 'ADMINISTRATOR' THEN 'ADMIN'
-            ELSE UPPER(TRIM("role"))
-          END AS "role_key",
-          NULL,
-          false,
-          now(),
-          now()
-        FROM ${userTableRef}
-        WHERE "role" IS NOT NULL
-          AND LENGTH(TRIM("role")) > 0
-        ON CONFLICT ("role_key") DO NOTHING
-      `);
-
-      await queryRunner.query(`
-        INSERT INTO "security_user_role" ("user_id", "role_id", "created_at")
-        SELECT
-          u."id" AS "user_id",
-          r."id" AS "role_id",
-          now()
-        FROM ${userTableRef} u
-        INNER JOIN "security_role" r ON r."role_key" = CASE
-          WHEN UPPER(TRIM(u."role")) = 'ADMINISTRATOR' THEN 'ADMIN'
-          ELSE UPPER(TRIM(u."role"))
-        END
-        WHERE u."role" IS NOT NULL
-          AND LENGTH(TRIM(u."role")) > 0
-        ON CONFLICT ("user_id", "role_id") DO NOTHING
-      `);
-
-      await queryRunner.query(
-        `ALTER TABLE ${userTableRef} DROP COLUMN IF EXISTS "role"`,
-      );
-    }
   }
 
   async down(queryRunner: {
     query: (sql: string) => Promise<unknown>;
   }): Promise<void> {
-    await queryRunner.query(
-      `DROP INDEX IF EXISTS "IDX_security_user_role_user_role"`,
-    );
-    await queryRunner.query(`DROP TABLE IF EXISTS "security_user_role"`);
     await queryRunner.query(`DROP INDEX IF EXISTS "IDX_security_role_key"`);
     await queryRunner.query(`DROP TABLE IF EXISTS "security_role"`);
   }
 }
-
-const getSafeIdentifier = (value: string | undefined, fallback: string) => {
-  const resolved = value?.trim() || fallback;
-  if (!resolved || !/^[A-Za-z_][A-Za-z0-9_]*$/.test(resolved)) {
-    throw new Error(`Invalid SQL identifier: ${resolved}`);
-  }
-  return resolved;
-};

package/src/api/migrations/1739515000000-create-security-user-roles.ts

@@ -0,0 +1,49 @@
+export class CreateSecurityUserRoles1739515000000 {
+  name = "CreateSecurityUserRoles1739515000000";
+
+  async up(queryRunner: {
+    query: (sql: string) => Promise<unknown>;
+  }): Promise<void> {
+    const userTableRef = getUserTableReference();
+
+    await queryRunner.query(`
+      CREATE TABLE IF NOT EXISTS "security_user_role" (
+        "id" uuid PRIMARY KEY NOT NULL DEFAULT uuidv7(),
+        "user_id" varchar NOT NULL,
+        "role_id" uuid NOT NULL,
+        "created_at" timestamptz NOT NULL DEFAULT now(),
+        CONSTRAINT "FK_security_user_role_user_id" FOREIGN KEY ("user_id") REFERENCES ${userTableRef} ("id") ON DELETE CASCADE,
+        CONSTRAINT "FK_security_user_role_role_id" FOREIGN KEY ("role_id") REFERENCES "security_role" ("id") ON DELETE CASCADE
+      )
+    `);
+
+    await queryRunner.query(
+      `CREATE UNIQUE INDEX IF NOT EXISTS "IDX_security_user_role_user_role" ON "security_user_role" ("user_id", "role_id")`,
+    );
+  }
+
+  async down(queryRunner: {
+    query: (sql: string) => Promise<unknown>;
+  }): Promise<void> {
+    await queryRunner.query(
+      `DROP INDEX IF EXISTS "IDX_security_user_role_user_role"`,
+    );
+    await queryRunner.query(`DROP TABLE IF EXISTS "security_user_role"`);
+  }
+}
+
+const getUserTableReference = () => {
+  const table = getSafeIdentifier(process.env.USER_TABLE, "app_user");
+  const schema = process.env.USER_TABLE_SCHEMA
+    ? getSafeIdentifier(process.env.USER_TABLE_SCHEMA, "public")
+    : "public";
+  return `"${schema}"."${table}"`;
+};
+
+const getSafeIdentifier = (value: string | undefined, fallback: string) => {
+  const resolved = value?.trim() || fallback;
+  if (!resolved || !/^[A-Za-z_][A-Za-z0-9_]*$/.test(resolved)) {
+    throw new Error(`Invalid SQL identifier: ${resolved}`);
+  }
+  return resolved;
+};

package/src/api/migrations/1739520000000-create-password-reset-tokens.ts

@@ -8,7 +8,7 @@ export class CreatePasswordResetTokens1739520000000 {
 
     await queryRunner.query(`
       CREATE TABLE IF NOT EXISTS "security_password_reset_token" (
-        "id" uuid PRIMARY KEY NOT NULL DEFAULT uuid_generate_v4(),
+        "id" uuid PRIMARY KEY NOT NULL DEFAULT uuidv7(),
         "user_id" varchar NOT NULL,
         "token" varchar NOT NULL,
         "expires_at" timestamptz NOT NULL,

package/src/api/migrations/1739530000000-create-security-user.ts

@@ -0,0 +1,51 @@
+export class CreateSecurityUser1739530000000 {
+  name = "CreateSecurityUser1739530000000";
+
+  async up(queryRunner: {
+    query: (sql: string) => Promise<unknown>;
+  }): Promise<void> {
+    const userTableRef = getUserTableReference();
+
+    await queryRunner.query(`
+      CREATE TABLE IF NOT EXISTS "security_user" (
+        "user_id" varchar PRIMARY KEY NOT NULL,
+        "password_hash" varchar NOT NULL,
+        "email_verified_at" timestamptz,
+        "email_verification_token" varchar,
+        "admin_approved_at" timestamptz,
+        "is_active" boolean NOT NULL DEFAULT true,
+        "created_at" timestamptz NOT NULL DEFAULT now(),
+        CONSTRAINT "FK_security_user_user_id" FOREIGN KEY ("user_id") REFERENCES ${userTableRef} ("id") ON DELETE CASCADE
+      )
+    `);
+
+    await queryRunner.query(
+      `CREATE UNIQUE INDEX IF NOT EXISTS "IDX_security_user_email_verification_token" ON "security_user" ("email_verification_token") WHERE "email_verification_token" IS NOT NULL`,
+    );
+  }
+
+  async down(queryRunner: {
+    query: (sql: string) => Promise<unknown>;
+  }): Promise<void> {
+    await queryRunner.query(
+      `DROP INDEX IF EXISTS "IDX_security_user_email_verification_token"`,
+    );
+    await queryRunner.query(`DROP TABLE IF EXISTS "security_user"`);
+  }
+}
+
+const getSafeIdentifier = (value: string | undefined, fallback: string) => {
+  const resolved = value?.trim() || fallback;
+  if (!resolved || !/^[A-Za-z_][A-Za-z0-9_]*$/.test(resolved)) {
+    throw new Error(`Invalid SQL identifier: ${resolved}`);
+  }
+  return resolved;
+};
+
+const getUserTableReference = () => {
+  const table = getSafeIdentifier(process.env.USER_TABLE, "app_user");
+  const schema = process.env.USER_TABLE_SCHEMA
+    ? getSafeIdentifier(process.env.USER_TABLE_SCHEMA, "public")
+    : "public";
+  return `"${schema}"."${table}"`;
+};

package/src/api/migrations/index.ts

@@ -1,21 +1,24 @@
 import { AddRefreshTokens1700000000001 } from "./1700000000001-add-refresh-tokens";
-import { AddGoogleSubjectToUser1739490000000 } from "./1739490000000-add-google-subject-to-user";
 import { CreateSecurityIdentity1739500000000 } from "./1739500000000-create-security-identity";
 import { CreateSecurityRoles1739510000000 } from "./1739510000000-create-security-roles";
+import { CreateSecurityUserRoles1739515000000 } from "./1739515000000-create-security-user-roles";
 import { CreatePasswordResetTokens1739520000000 } from "./1739520000000-create-password-reset-tokens";
+import { CreateSecurityUser1739530000000 } from "./1739530000000-create-security-user";
 
 export const securityMigrations = [
   AddRefreshTokens1700000000001,
-  AddGoogleSubjectToUser1739490000000,
   CreateSecurityIdentity1739500000000,
   CreateSecurityRoles1739510000000,
+  CreateSecurityUserRoles1739515000000,
   CreatePasswordResetTokens1739520000000,
+  CreateSecurityUser1739530000000,
 ];
 
 export {
   AddRefreshTokens1700000000001,
-  AddGoogleSubjectToUser1739490000000,
   CreateSecurityIdentity1739500000000,
   CreateSecurityRoles1739510000000,
+  CreateSecurityUserRoles1739515000000,
   CreatePasswordResetTokens1739520000000,
+  CreateSecurityUser1739530000000,
 };

package/src/api/migrations/migrations.test.ts

@@ -1,9 +1,10 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
 import { AddRefreshTokens1700000000001 } from "./1700000000001-add-refresh-tokens";
-import { AddGoogleSubjectToUser1739490000000 } from "./1739490000000-add-google-subject-to-user";
 import { CreateSecurityIdentity1739500000000 } from "./1739500000000-create-security-identity";
 import { CreateSecurityRoles1739510000000 } from "./1739510000000-create-security-roles";
+import { CreateSecurityUserRoles1739515000000 } from "./1739515000000-create-security-user-roles";
 import { CreatePasswordResetTokens1739520000000 } from "./1739520000000-create-password-reset-tokens";
+import { CreateSecurityUser1739530000000 } from "./1739530000000-create-security-user";
 import { securityMigrations } from "./index";
 
 const originalEnv = { ...process.env };
@@ -15,11 +16,18 @@ afterEach(() => {
 
 describe("security migrations", () => {
   it("exports migration list", () => {
-    expect(securityMigrations.length).toBe(5);
-    expect(securityMigrations[0]).toBe(AddRefreshTokens1700000000001);
+    expect(securityMigrations.length).toBe(6);
+    expect(securityMigrations).toEqual([
+      AddRefreshTokens1700000000001,
+      CreateSecurityIdentity1739500000000,
+      CreateSecurityRoles1739510000000,
+      CreateSecurityUserRoles1739515000000,
+      CreatePasswordResetTokens1739520000000,
+      CreateSecurityUser1739530000000,
+    ]);
   });
 
-  it("runs add refresh tokens migration up/down", async () => {
+  it("runs refresh token migration up/down", async () => {
     const query = vi.fn().mockResolvedValue(undefined);
     const migration = new AddRefreshTokens1700000000001();
 
@@ -34,46 +42,10 @@ describe("security migrations", () => {
     );
   });
 
-  it("uses schema/table env in refresh token migration", async () => {
-    process.env.USER_TABLE = "users";
-    process.env.USER_TABLE_SCHEMA = "security";
+  it("runs security identity migration up/down", async () => {
     const query = vi.fn().mockResolvedValue(undefined);
-
-    await new AddRefreshTokens1700000000001().up({ query });
-
-    expect(query).toHaveBeenCalledWith(
-      expect.stringContaining('REFERENCES "security"."users" ("id")'),
-    );
-  });
-
-  it("throws for invalid identifiers in refresh token migration", async () => {
-    process.env.USER_TABLE = "bad-name;drop";
-    const query = vi.fn().mockResolvedValue(undefined);
-
-    await expect(
-      new AddRefreshTokens1700000000001().up({ query }),
-    ).rejects.toThrow("Invalid SQL identifier");
-  });
-
-  it("keeps legacy google subject migration as no-op", async () => {
-    const migration = new AddGoogleSubjectToUser1739490000000();
-    await expect(migration.up()).resolves.toBeUndefined();
-    await expect(migration.down()).resolves.toBeUndefined();
-  });
-
-  it("runs security identity migration path with google_subject present", async () => {
-    const query = vi
-      .fn()
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce([{ "?column?": 1 }])
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined);
-
     const migration = new CreateSecurityIdentity1739500000000();
+
     await migration.up({ query });
     await migration.down({ query });
 
@@ -85,52 +57,28 @@ describe("security migrations", () => {
     );
   });
 
-  it("skips google_subject migration block when column absent", async () => {
-    const query = vi
-      .fn()
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce([]);
+  it("runs security role migration up/down", async () => {
+    const query = vi.fn().mockResolvedValue(undefined);
+    const migration = new CreateSecurityRoles1739510000000();
 
-    await new CreateSecurityIdentity1739500000000().up({ query });
+    await migration.up({ query });
+    await migration.down({ query });
 
-    expect(query).not.toHaveBeenCalledWith(
-      expect.stringContaining('DROP COLUMN IF EXISTS "google_subject"'),
+    expect(query).toHaveBeenCalledWith(
+      expect.stringContaining('CREATE TABLE IF NOT EXISTS "security_role"'),
+    );
+    expect(query).toHaveBeenCalledWith(
+      expect.stringContaining('DROP TABLE IF EXISTS "security_role"'),
     );
   });
 
-  it("throws for invalid identifiers in identity migration", async () => {
-    process.env.USER_TABLE_SCHEMA = "bad-schema!";
+  it("runs security user role migration up/down", async () => {
     const query = vi.fn().mockResolvedValue(undefined);
+    const migration = new CreateSecurityUserRoles1739515000000();
 
-    await expect(
-      new CreateSecurityIdentity1739500000000().up({ query }),
-    ).rejects.toThrow("Invalid SQL identifier");
-  });
-
-  it("runs security roles migration path with legacy role column", async () => {
-    const query = vi
-      .fn()
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce([{ "?column?": 1 }])
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined);
-
-    const migration = new CreateSecurityRoles1739510000000();
     await migration.up({ query });
     await migration.down({ query });
 
-    expect(query).toHaveBeenCalledWith(
-      expect.stringContaining('CREATE TABLE IF NOT EXISTS "security_role"'),
-    );
     expect(query).toHaveBeenCalledWith(
       expect.stringContaining(
         'CREATE TABLE IF NOT EXISTS "security_user_role"',
@@ -141,33 +89,6 @@ describe("security migrations", () => {
     );
   });
 
-  it("skips legacy role backfill when role column absent", async () => {
-    const query = vi
-      .fn()
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce(undefined)
-      .mockResolvedValueOnce([]);
-
-    await new CreateSecurityRoles1739510000000().up({ query });
-
-    expect(query).not.toHaveBeenCalledWith(
-      expect.stringContaining('DROP COLUMN IF EXISTS "role"'),
-    );
-  });
-
-  it("throws for invalid identifiers in roles migration", async () => {
-    process.env.USER_TABLE = "bad-name*";
-    const query = vi.fn().mockResolvedValue(undefined);
-
-    await expect(
-      new CreateSecurityRoles1739510000000().up({ query }),
-    ).rejects.toThrow("Invalid SQL identifier");
-  });
-
   it("runs password reset token migration up/down", async () => {
     const query = vi.fn().mockResolvedValue(undefined);
     const migration = new CreatePasswordResetTokens1739520000000();
@@ -187,22 +108,38 @@ describe("security migrations", () => {
     );
   });
 
-  it("uses default public schema in password reset migration", async () => {
+  it("runs security user migration up/down", async () => {
     const query = vi.fn().mockResolvedValue(undefined);
+    const migration = new CreateSecurityUser1739530000000();
+
+    await migration.up({ query });
+    await migration.down({ query });
+
+    expect(query).toHaveBeenCalledWith(
+      expect.stringContaining('CREATE TABLE IF NOT EXISTS "security_user"'),
+    );
+    expect(query).toHaveBeenCalledWith(
+      expect.stringContaining('DROP TABLE IF EXISTS "security_user"'),
+    );
+  });
 
-    await new CreatePasswordResetTokens1739520000000().up({ query });
+  it("uses user schema/table env safely", async () => {
+    process.env.USER_TABLE = "users";
+    process.env.USER_TABLE_SCHEMA = "security";
+    const query = vi.fn().mockResolvedValue(undefined);
 
+    await new CreateSecurityUser1739530000000().up({ query });
     expect(query).toHaveBeenCalledWith(
-      expect.stringContaining('REFERENCES "public"."app_user" ("id")'),
+      expect.stringContaining('REFERENCES "security"."users" ("id")'),
     );
   });
 
-  it("throws for invalid identifiers in password reset migration", async () => {
-    process.env.USER_TABLE_SCHEMA = "bad.schema";
+  it("throws for invalid identifiers", async () => {
+    process.env.USER_TABLE = "bad-name!";
     const query = vi.fn().mockResolvedValue(undefined);
 
     await expect(
-      new CreatePasswordResetTokens1739520000000().up({ query }),
+      new CreateSecurityUserRoles1739515000000().up({ query }),
     ).rejects.toThrow("Invalid SQL identifier");
   });
 });

package/src/api/notification-workflows.test.ts

@@ -15,8 +15,6 @@ describe("notification-workflows", () => {
       user: {
         id: "user-1",
         email: "user@example.com",
-        firstName: "User",
-        lastName: "One",
       },
       listAdminEmails,
       notifyAdmins,
@@ -55,14 +53,13 @@ describe("notification-workflows", () => {
 
     const result = await notifyUserOnAdminApproval({
       approved: true,
-      user: { email: "user@example.com", firstName: "User" },
+      user: { email: "user@example.com" },
       notifyUser,
     });
 
     expect(result).toEqual({ notified: true });
     expect(notifyUser).toHaveBeenCalledWith({
       email: "user@example.com",
-      firstName: "User",
     });
   });
 

package/src/api/notification-workflows.ts

@@ -1,8 +1,6 @@
 export type VerificationNotificationUser = {
   id: string;
   email: string;
-  firstName?: string | null;
-  lastName?: string | null;
 };
 
 export const notifyAdminsOnEmailVerified = async (params: {
@@ -26,12 +24,8 @@ export const notifyUserOnAdminApproval = async (params: {
   approved: boolean;
   user: {
     email: string;
-    firstName?: string | null;
   };
-  notifyUser: (payload: {
-    email: string;
-    firstName?: string | null;
-  }) => Promise<void>;
+  notifyUser: (payload: { email: string }) => Promise<void>;
 }) => {
   if (!params.approved) {
     return { notified: false as const };
@@ -39,7 +33,6 @@ export const notifyUserOnAdminApproval = async (params: {
 
   await params.notifyUser({
     email: params.user.email,
-    firstName: params.user.firstName,
   });
   return { notified: true as const };
 };

package/src/app/client.test.ts

@@ -30,8 +30,6 @@ describe("createSecurityClient", () => {
     await client.register({
       email: "user@example.com",
       password: "Secret123",
-      firstName: "A",
-      lastName: "B",
     });
 
     expect(fetchImpl).toHaveBeenCalledWith(

package/src/app/client.ts

@@ -52,12 +52,7 @@ export const createSecurityClient = (options: SecurityClientOptions) => {
   };
 
   return {
-    register: (payload: {
-      email: string;
-      password: string;
-      firstName?: string;
-      lastName?: string;
-    }) =>
+    register: (payload: { email: string; password: string }) =>
       request<RegisterResponse>("/security/auth/register", {
         method: "POST",
         body: JSON.stringify(payload),

package/src/nest/contracts.ts

@@ -1,8 +1,6 @@
 export type SecurityWorkflowUser = {
   id: string;
   email: string;
-  firstName: string | null;
-  lastName: string | null;
 };
 
 export type SecurityWorkflowNotifier = {
@@ -18,8 +16,5 @@ export type SecurityWorkflowNotifier = {
     adminEmails: string[];
     user: SecurityWorkflowUser;
   }) => Promise<void>;
-  sendUserAccountApproved: (params: {
-    email: string;
-    firstName: string | null;
-  }) => Promise<void>;
+  sendUserAccountApproved: (params: { email: string }) => Promise<void>;
 };

package/src/nest/dto/auth.dto.ts

@@ -6,12 +6,6 @@ export class RegisterDto {
 
   @ApiProperty({ example: "StrongPass1" })
   password!: string;
-
-  @ApiProperty({ required: false, nullable: true, example: "John" })
-  firstName?: string | null;
-
-  @ApiProperty({ required: false, nullable: true, example: "Doe" })
-  lastName?: string | null;
 }
 
 export class LoginDto {

package/src/nest/entities/app-user.entity.ts

@@ -7,25 +7,4 @@ export class AppUserEntity {
 
   @Column({ type: "varchar" })
   email!: string;
-
-  @Column({ type: "varchar", name: "password_hash" })
-  passwordHash!: string;
-
-  @Column({ type: "varchar", name: "first_name", nullable: true })
-  firstName!: string | null;
-
-  @Column({ type: "varchar", name: "last_name", nullable: true })
-  lastName!: string | null;
-
-  @Column({ type: "timestamptz", name: "email_verified_at", nullable: true })
-  emailVerifiedAt!: Date | null;
-
-  @Column({ type: "varchar", name: "email_verification_token", nullable: true })
-  emailVerificationToken!: string | null;
-
-  @Column({ type: "timestamptz", name: "admin_approved_at", nullable: true })
-  adminApprovedAt!: Date | null;
-
-  @Column({ type: "boolean", name: "is_active", default: true })
-  isActive!: boolean;
 }

package/src/nest/entities/security-user.entity.ts

@@ -0,0 +1,25 @@
+import { Column, CreateDateColumn, Entity, PrimaryColumn } from "typeorm";
+
+@Entity({ name: "security_user" })
+export class SecurityUserEntity {
+  @PrimaryColumn({ type: "varchar", name: "user_id" })
+  userId!: string;
+
+  @Column({ type: "varchar", name: "password_hash" })
+  passwordHash!: string;
+
+  @Column({ type: "timestamptz", name: "email_verified_at", nullable: true })
+  emailVerifiedAt!: Date | null;
+
+  @Column({ type: "varchar", name: "email_verification_token", nullable: true })
+  emailVerificationToken!: string | null;
+
+  @Column({ type: "timestamptz", name: "admin_approved_at", nullable: true })
+  adminApprovedAt!: Date | null;
+
+  @Column({ type: "boolean", name: "is_active", default: true })
+  isActive!: boolean;
+
+  @CreateDateColumn({ name: "created_at" })
+  createdAt!: Date;
+}

package/src/nest/index.ts

@@ -15,4 +15,5 @@ export * from "./entities/app-user.entity";
 export * from "./entities/refresh-token.entity";
 export * from "./entities/password-reset-token.entity";
 export * from "./entities/security-role.entity";
+export * from "./entities/security-user.entity";
 export * from "./entities/security-user-role.entity";

package/src/nest/security-auth.controller.test.ts

@@ -34,15 +34,11 @@ describe("SecurityAuthController", () => {
     const result = await controller.register({
       email: "user@example.com",
       password: "Secret123",
-      firstName: "A",
-      lastName: "B",
     });
     expect(result).toEqual({ success: true });
     expect(service.register).toHaveBeenCalledWith({
       email: "user@example.com",
       password: "Secret123",
-      firstName: "A",
-      lastName: "B",
     });
   });