npm - @skyapp-labs/blueprint-backend-core - Versions diffs - 1.0.9 - Mend

@skyapp-labs/blueprint-backend-core 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (737) hide show

package/dist/modules/auth/services/login.service.js ADDED Viewed

@@ -0,0 +1,210 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var LoginService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoginService = void 0;
+const common_1 = require("@nestjs/common");
+const token_service_1 = require("../../sessions/services/token.service");
+const users_service_1 = require("../../users/services/users.service");
+const provider_registry_1 = require("../providers/provider.registry");
+const user_entity_1 = require("../../users/entities/user.entity");
+const crypto_1 = require("crypto");
+const redis_module_1 = require("../../../config/redis.module");
+const settings_service_1 = require("../../settings/services/settings.service");
+const settings_keys_1 = require("../../settings/constants/settings.keys");
+let LoginService = LoginService_1 = class LoginService {
+    constructor(usersService, tokenService, providerRegistry, redis, settingsService) {
+        this.usersService = usersService;
+        this.tokenService = tokenService;
+        this.providerRegistry = providerRegistry;
+        this.redis = redis;
+        this.settingsService = settingsService;
+        this.logger = new common_1.Logger(LoginService_1.name);
+    }
+    async login(dto, deviceInfo, ipAddress) {
+        if (dto._authMethod === 'phone') {
+            return this.loginWithPhone(dto.verificationToken, deviceInfo, ipAddress);
+        }
+        return this.loginWithEmailViaProvider(dto.email, dto.password, deviceInfo, ipAddress);
+    }
+    async loginWithPhone(token, deviceInfo, ipAddress) {
+        const userId = await this.tokenService.verifyTemporaryToken(token).catch(() => {
+            this.logFailure({
+                method: 'phone',
+                reason: 'invalid_credentials',
+                ipAddress,
+                deviceInfo,
+            });
+            throw new common_1.UnauthorizedException('Invalid or expired token');
+        });
+        const user = await this.usersService.findById(userId);
+        if (!user) {
+            this.logFailure({
+                method: 'phone',
+                reason: 'user_not_found',
+                identity: userId,
+                ipAddress,
+                deviceInfo,
+            });
+            throw new common_1.UnauthorizedException('User not found');
+        }
+        this.assertAccountActive(user, 'phone', ipAddress, deviceInfo);
+        await this.usersService.updateLastLogin(user.id);
+        const tokens = await this.tokenService.generateTokens({ user, ipAddress, deviceInfo });
+        this.logSuccess({ userId: user.id, method: 'phone', ipAddress, deviceInfo });
+        return tokens;
+    }
+    async loginWithEmailViaProvider(email, password, deviceInfo, ipAddress) {
+        await this.checkIdentifierLockout(email);
+        const provider = this.providerRegistry.getActiveProvider();
+        const { identity, providerRefreshToken } = await provider
+            .verifyEmailCredentials(email, password)
+            .catch(async (err) => {
+            await this.recordFailedAttempt(email);
+            this.logFailure({
+                method: 'email',
+                reason: 'invalid_credentials',
+                identity: email,
+                provider: provider.name,
+                ipAddress,
+                deviceInfo,
+            });
+            throw err;
+        });
+        const user = (identity.externalUid
+            ? ((await this.usersService.findBy({ uid: identity.externalUid })) ??
+                (await this.usersService.findBy({ email: identity.email })))
+            : await this.usersService.findBy({ email: identity.email })) ?? null;
+        if (!user) {
+            this.logFailure({
+                method: 'email',
+                reason: 'user_not_found',
+                identity: email,
+                provider: provider.name,
+                ipAddress,
+                deviceInfo,
+            });
+            throw new common_1.UnauthorizedException('No account found. Please register first.');
+        }
+        this.assertAccountActive(user, 'email', ipAddress, deviceInfo);
+        await this.usersService.updateLastLogin(user.id);
+        await this.resetFailedAttempts(email);
+        const tokens = await this.tokenService.generateTokens({
+            user,
+            providerRefreshToken,
+            ipAddress,
+            deviceInfo,
+        });
+        this.logSuccess({
+            userId: user.id,
+            method: 'email',
+            provider: provider.name,
+            ipAddress,
+            deviceInfo,
+        });
+        return tokens;
+    }
+    assertAccountActive(user, method, ipAddress, deviceInfo) {
+        if (!user.isActive ||
+            user.status === user_entity_1.UserStatus.SUSPENDED ||
+            user.status === user_entity_1.UserStatus.REVOKED) {
+            this.logFailure({
+                method,
+                reason: 'account_deactivated',
+                identity: user.id,
+                ipAddress,
+                deviceInfo,
+            });
+            throw new common_1.UnauthorizedException('Your account has been deactivated.');
+        }
+        if (user.status === user_entity_1.UserStatus.INVITED) {
+            this.logFailure({
+                method,
+                reason: 'account_deactivated',
+                identity: user.id,
+                ipAddress,
+                deviceInfo,
+            });
+            throw new common_1.UnauthorizedException('Your account registration is incomplete. Please accept your invitation first.');
+        }
+    }
+    logSuccess(args) {
+        this.logger.log({
+            event: 'LOGIN_SUCCESS',
+            userId: args.userId,
+            method: args.method,
+            provider: args.provider ?? 'native',
+            ipAddress: args.ipAddress,
+            deviceInfo: args.deviceInfo,
+        });
+    }
+    logFailure(args) {
+        this.logger.warn({
+            event: 'LOGIN_FAILED',
+            reason: args.reason,
+            identity: args.identity ? this.hashIdentity(args.identity) : undefined,
+            method: args.method,
+            provider: args.provider ?? 'native',
+            ipAddress: args.ipAddress,
+            deviceInfo: args.deviceInfo,
+            timestamp: new Date().toISOString(),
+        });
+    }
+    hashIdentity(value) {
+        return (0, crypto_1.createHash)('sha256').update(value).digest('hex').slice(0, 16);
+    }
+    lockoutKey(identifier) {
+        return `login:lockout:${(0, crypto_1.createHash)('sha256').update(identifier).digest('hex')}`;
+    }
+    async checkIdentifierLockout(identifier) {
+        if (!this.redis)
+            return;
+        const key = this.lockoutKey(identifier);
+        const count = await this.redis.get(key);
+        if (!count)
+            return;
+        const max = this.settingsService.get(settings_keys_1.SETTING_KEYS.LOGIN_LOCKOUT_MAX_ATTEMPTS);
+        if (parseInt(count, 10) >= max) {
+            const ttl = await this.redis.ttl(key);
+            throw new common_1.HttpException({
+                message: `Too many failed login attempts. Please try again in ${ttl}s.`,
+                retryAfter: ttl,
+            }, common_1.HttpStatus.TOO_MANY_REQUESTS);
+        }
+    }
+    async recordFailedAttempt(identifier) {
+        if (!this.redis)
+            return;
+        const duration = this.settingsService.get(settings_keys_1.SETTING_KEYS.LOGIN_LOCKOUT_DURATION_SECONDS);
+        const key = this.lockoutKey(identifier);
+        await this.redis.eval(`local n = redis.call('INCR', KEYS[1])
+			 if n == 1 then redis.call('EXPIRE', KEYS[1], ARGV[1]) end
+			 return n`, 1, key, String(duration));
+    }
+    async resetFailedAttempts(identifier) {
+        if (!this.redis)
+            return;
+        await this.redis.del(this.lockoutKey(identifier));
+    }
+};
+exports.LoginService = LoginService;
+exports.LoginService = LoginService = LoginService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __param(3, (0, common_1.Optional)()),
+    __param(3, (0, common_1.Inject)(redis_module_1.REDIS_CLIENT)),
+    __metadata("design:paramtypes", [users_service_1.UsersService,
+        token_service_1.TokenService,
+        provider_registry_1.AuthProviderRegistry, Object, settings_service_1.SettingsService])
+], LoginService);
+//# sourceMappingURL=login.service.js.map

package/dist/modules/auth/services/login.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"login.service.js","sourceRoot":"","sources":["../../../../modules/auth/services/login.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAQwB;AAExB,yEAAqE;AACrE,sEAAkE;AAGlE,sEAAsE;AACtE,kEAAoE;AACpE,mCAAoC;AACpC,+DAA4D;AAC5D,+EAA2E;AAC3E,0EAAsE;AAG/D,IAAM,YAAY,oBAAlB,MAAM,YAAY;IAGxB,YACkB,YAA0B,EAC1B,YAA0B,EAC1B,gBAAsC,EAGvD,KAAsC,EACrB,eAAgC;QANhC,iBAAY,GAAZ,YAAY,CAAc;QAC1B,iBAAY,GAAZ,YAAY,CAAc;QAC1B,qBAAgB,GAAhB,gBAAgB,CAAsB;QAGtC,UAAK,GAAL,KAAK,CAAgB;QACrB,oBAAe,GAAf,eAAe,CAAiB;QATjC,WAAM,GAAG,IAAI,eAAM,CAAC,cAAY,CAAC,IAAI,CAAC,CAAC;IAUrD,CAAC;IAEJ,KAAK,CAAC,KAAK,CAAC,GAAa,EAAE,UAAmB,EAAE,SAAkB;QACjE,IAAI,GAAG,CAAC,WAAW,KAAK,OAAO,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,iBAAiB,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;IACvF,CAAC;IAIO,KAAK,CAAC,cAAc,CAC3B,KAAa,EACb,UAAmB,EACnB,SAAkB;QAElB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YAC7E,IAAI,CAAC,UAAU,CAAC;gBACf,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,qBAAqB;gBAC7B,SAAS;gBACT,UAAU;aACV,CAAC,CAAC;YACH,MAAM,IAAI,8BAAqB,CAAC,0BAA0B,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAEtD,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,IAAI,CAAC,UAAU,CAAC;gBACf,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,gBAAgB;gBACxB,QAAQ,EAAE,MAAM;gBAChB,SAAS;gBACT,UAAU;aACV,CAAC,CAAC;YACH,MAAM,IAAI,8BAAqB,CAAC,gBAAgB,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAE/D,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC;QAEvF,IAAI,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC;QAE7E,OAAO,MAAM,CAAC;IACf,CAAC;IAIO,KAAK,CAAC,yBAAyB,CACtC,KAAa,EACb,QAAgB,EAChB,UAAmB,EACnB,SAAkB;QAElB,MAAM,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;QAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;QAG3D,MAAM,EAAE,QAAQ,EAAE,oBAAoB,EAAE,GAAG,MAAM,QAAQ;aACvD,sBAAsB,CAAC,KAAK,EAAE,QAAQ,CAAC;aACvC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YACpB,MAAM,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YACtC,IAAI,CAAC,UAAU,CAAC;gBACf,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,qBAAqB;gBAC7B,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,QAAQ,CAAC,IAAI;gBACvB,SAAS;gBACT,UAAU;aACV,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACX,CAAC,CAAC,CAAC;QAGJ,MAAM,IAAI,GACT,CAAC,QAAQ,CAAC,WAAW;YACpB,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;gBACjE,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAC7D,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC;QAEvE,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,IAAI,CAAC,UAAU,CAAC;gBACf,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,gBAAgB;gBACxB,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,QAAQ,CAAC,IAAI;gBACvB,SAAS;gBACT,UAAU;aACV,CAAC,CAAC;YACH,MAAM,IAAI,8BAAqB,CAAC,0CAA0C,CAAC,CAAC;QAC7E,CAAC;QAED,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAE/D,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjD,MAAM,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QAEtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC;YACrD,IAAI;YACJ,oBAAoB;YACpB,SAAS;YACT,UAAU;SACV,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,CAAC;YACf,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,MAAM,EAAE,OAAO;YACf,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,SAAS;YACT,UAAU;SACV,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IACf,CAAC;IAQO,mBAAmB,CAC1B,IAAU,EACV,MAAyB,EACzB,SAAkB,EAClB,UAAmB;QAEnB,IACC,CAAC,IAAI,CAAC,QAAQ;YACd,IAAI,CAAC,MAAM,KAAK,wBAAU,CAAC,SAAS;YACpC,IAAI,CAAC,MAAM,KAAK,wBAAU,CAAC,OAAO,EACjC,CAAC;YACF,IAAI,CAAC,UAAU,CAAC;gBACf,MAAM;gBACN,MAAM,EAAE,qBAAqB;gBAC7B,QAAQ,EAAE,IAAI,CAAC,EAAE;gBACjB,SAAS;gBACT,UAAU;aACV,CAAC,CAAC;YACH,MAAM,IAAI,8BAAqB,CAAC,oCAAoC,CAAC,CAAC;QACvE,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,KAAK,wBAAU,CAAC,OAAO,EAAE,CAAC;YACxC,IAAI,CAAC,UAAU,CAAC;gBACf,MAAM;gBACN,MAAM,EAAE,qBAAqB;gBAC7B,QAAQ,EAAE,IAAI,CAAC,EAAE;gBACjB,SAAS;gBACT,UAAU;aACV,CAAC,CAAC;YACH,MAAM,IAAI,8BAAqB,CAC9B,+EAA+E,CAC/E,CAAC;QACH,CAAC;IACF,CAAC;IAIO,UAAU,CAAC,IAMlB;QACA,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;YACf,KAAK,EAAE,eAAe;YACtB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,QAAQ;YACnC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU;SAC3B,CAAC,CAAC;IACJ,CAAC;IAEO,UAAU,CAAC,IAOlB;QACA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YAChB,KAAK,EAAE,cAAc;YACrB,MAAM,EAAE,IAAI,CAAC,MAAM;YAEnB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;YACtE,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,QAAQ;YACnC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACnC,CAAC,CAAC;IACJ,CAAC;IAMO,YAAY,CAAC,KAAa;QACjC,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACtE,CAAC;IAMO,UAAU,CAAC,UAAkB;QACpC,OAAO,iBAAiB,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;IACjF,CAAC;IAQO,KAAK,CAAC,sBAAsB,CAAC,UAAkB;QACtD,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,OAAO;QAExB,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAExC,IAAI,CAAC,KAAK;YAAE,OAAO;QAEnB,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAS,4BAAY,CAAC,0BAA0B,CAAC,CAAC;QAEtF,IAAI,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACtC,MAAM,IAAI,sBAAa,CACtB;gBACC,OAAO,EAAE,uDAAuD,GAAG,IAAI;gBACvE,UAAU,EAAE,GAAG;aACf,EACD,mBAAU,CAAC,iBAAiB,CAC5B,CAAC;QACH,CAAC;IACF,CAAC;IAQO,KAAK,CAAC,mBAAmB,CAAC,UAAkB;QACnD,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,OAAO;QAExB,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CACxC,4BAAY,CAAC,8BAA8B,CAC3C,CAAC;QACF,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QAExC,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CACpB;;aAEU,EACV,CAAC,EACD,GAAG,EACH,MAAM,CAAC,QAAQ,CAAC,CAChB,CAAC;IACH,CAAC;IAMO,KAAK,CAAC,mBAAmB,CAAC,UAAkB;QACnD,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,OAAO;QACxB,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;IACnD,CAAC;CACD,CAAA;AAhSY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;IAQV,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,eAAM,EAAC,2BAAY,CAAC,CAAA;qCAJU,4BAAY;QACZ,4BAAY;QACR,wCAAoB,UAIrB,kCAAe;GAVtC,YAAY,CAgSxB"}

package/dist/modules/auth/services/otp-auth.service.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { IOtpService, OtpGenerateResult, OtpVerifyResult } from '../../otp/interfaces/otp.service.interface';
+import { TokenService } from '../../sessions/services/token.service';
+import { UsersService } from '../../users/services/users.service';
+import { SettingsService } from '../../settings/services/settings.service';
+export declare class OtpAuthService {
+    private readonly otpService;
+    private readonly usersService;
+    private readonly tokenService;
+    private readonly settingsService;
+    constructor(otpService: IOtpService, usersService: UsersService, tokenService: TokenService, settingsService: SettingsService);
+    sendOtp(identifier: string, channel: 'sms' | 'email'): Promise<OtpGenerateResult>;
+    resendOtp(verificationId: string): Promise<OtpGenerateResult>;
+    verifyOtp(verificationId: string, otp: string): Promise<OtpVerifyResult>;
+    verifyOtpChallenge(verificationId: string, otp: string): Promise<void>;
+}
+//# sourceMappingURL=otp-auth.service.d.ts.map

package/dist/modules/auth/services/otp-auth.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"otp-auth.service.d.ts","sourceRoot":"","sources":["../../../../modules/auth/services/otp-auth.service.ts"],"names":[],"mappings":"AACA,OAAO,EACN,WAAW,EACX,iBAAiB,EACjB,eAAe,EACf,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,uCAAuC,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,0CAA0C,CAAC;AAG3E,qBACa,cAAc;IAGzB,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,eAAe;gBAHf,UAAU,EAAE,WAAW,EACvB,YAAY,EAAE,YAAY,EAC1B,YAAY,EAAE,YAAY,EAC1B,eAAe,EAAE,eAAe;IAGlD,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,GAAG,OAAO,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAIjF,SAAS,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAIvD,SAAS,CAAC,cAAc,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAwCxE,kBAAkB,CAAC,cAAc,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAK5E"}

package/dist/modules/auth/services/otp-auth.service.js ADDED Viewed

@@ -0,0 +1,75 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OtpAuthService = void 0;
+const common_1 = require("@nestjs/common");
+const otp_service_interface_1 = require("../../otp/interfaces/otp.service.interface");
+const token_service_1 = require("../../sessions/services/token.service");
+const users_service_1 = require("../../users/services/users.service");
+const settings_service_1 = require("../../settings/services/settings.service");
+const settings_keys_1 = require("../../settings/constants/settings.keys");
+let OtpAuthService = class OtpAuthService {
+    constructor(otpService, usersService, tokenService, settingsService) {
+        this.otpService = otpService;
+        this.usersService = usersService;
+        this.tokenService = tokenService;
+        this.settingsService = settingsService;
+    }
+    sendOtp(identifier, channel) {
+        return this.otpService.generateOtp(identifier, channel);
+    }
+    resendOtp(verificationId) {
+        return this.otpService.resendOtp(verificationId);
+    }
+    async verifyOtp(verificationId, otp) {
+        const verifyResult = await this.otpService.verifyOtp(verificationId, otp);
+        const { subject: identifier, channel } = verifyResult.data;
+        const user = await (channel === 'sms'
+            ? this.usersService.findBy({ phoneNumber: identifier })
+            : this.usersService.findBy({ email: identifier }));
+        const ttl = this.settingsService.get(settings_keys_1.SETTING_KEYS.TOKENS_TEMPORARY_TTL_SECONDS);
+        verifyResult.data.expiresAt = Date.now() + ttl * 1000;
+        if (user) {
+            verifyResult.data.verificationToken =
+                channel === 'email'
+                    ?
+                        await this.tokenService.createEmailVerifiedToken(identifier)
+                    :
+                        await this.tokenService.createTemporaryToken(user.id);
+            verifyResult.data.hasAccount = true;
+            return verifyResult;
+        }
+        verifyResult.data.verificationToken =
+            channel === 'email'
+                ? await this.tokenService.createEmailVerifiedToken(identifier)
+                : await this.tokenService.createPhoneVerifiedToken(identifier);
+        verifyResult.data.hasAccount = false;
+        return verifyResult;
+    }
+    async verifyOtpChallenge(verificationId, otp) {
+        await this.otpService.verifyOtp(verificationId, otp).catch(() => {
+            throw new common_1.UnauthorizedException('Invalid or expired OTP code.');
+        });
+    }
+};
+exports.OtpAuthService = OtpAuthService;
+exports.OtpAuthService = OtpAuthService = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Inject)(otp_service_interface_1.IOtpService)),
+    __metadata("design:paramtypes", [otp_service_interface_1.IOtpService,
+        users_service_1.UsersService,
+        token_service_1.TokenService,
+        settings_service_1.SettingsService])
+], OtpAuthService);
+//# sourceMappingURL=otp-auth.service.js.map

package/dist/modules/auth/services/otp-auth.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"otp-auth.service.js","sourceRoot":"","sources":["../../../../modules/auth/services/otp-auth.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAA2E;AAC3E,sFAIoD;AACpD,yEAAqE;AACrE,sEAAkE;AAClE,+EAA2E;AAC3E,0EAAsE;AAG/D,IAAM,cAAc,GAApB,MAAM,cAAc;IAC1B,YAEkB,UAAuB,EACvB,YAA0B,EAC1B,YAA0B,EAC1B,eAAgC;QAHhC,eAAU,GAAV,UAAU,CAAa;QACvB,iBAAY,GAAZ,YAAY,CAAc;QAC1B,iBAAY,GAAZ,YAAY,CAAc;QAC1B,oBAAe,GAAf,eAAe,CAAiB;IAC/C,CAAC;IAEJ,OAAO,CAAC,UAAkB,EAAE,OAAwB;QACnD,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACzD,CAAC;IAED,SAAS,CAAC,cAAsB;QAC/B,OAAO,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,cAAsB,EAAE,GAAW;QAClD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;QAE1E,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC;QAE3D,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,KAAK,KAAK;YACpC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;YACvD,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QAEpD,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAS,4BAAY,CAAC,4BAA4B,CAAC,CAAC;QACxF,YAAY,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,IAAI,CAAC;QAEtD,IAAI,IAAI,EAAE,CAAC;YACV,YAAY,CAAC,IAAI,CAAC,iBAAiB;gBAClC,OAAO,KAAK,OAAO;oBAClB,CAAC;wBAEA,MAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAAC,UAAU,CAAC;oBAC7D,CAAC;wBACA,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACzD,YAAY,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;YACpC,OAAO,YAAY,CAAC;QACrB,CAAC;QAID,YAAY,CAAC,IAAI,CAAC,iBAAiB;YAClC,OAAO,KAAK,OAAO;gBAClB,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAAC,UAAU,CAAC;gBAC9D,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAC;QACjE,YAAY,CAAC,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;QAErC,OAAO,YAAY,CAAC;IACrB,CAAC;IAOD,KAAK,CAAC,kBAAkB,CAAC,cAAsB,EAAE,GAAW;QAC3D,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YAC/D,MAAM,IAAI,8BAAqB,CAAC,8BAA8B,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;IACJ,CAAC;CACD,CAAA;AA9DY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,mBAAU,GAAE;IAGV,WAAA,IAAA,eAAM,EAAC,mCAAW,CAAC,CAAA;qCACS,mCAAW;QACT,4BAAY;QACZ,4BAAY;QACT,kCAAe;GANtC,cAAc,CA8D1B"}

package/dist/modules/auth/services/password.service.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import { Repository } from 'typeorm';
+import IORedis from 'ioredis';
+import { ConfigService } from '@nestjs/config';
+import { UsersService } from '../../users/services/users.service';
+import { TokenService } from '../../sessions/services/token.service';
+import { AuthProviderRegistry } from '../providers/provider.registry';
+import { PasswordResetToken } from '../entities/password-reset-token.entity';
+import { SettingsService } from '../../settings/services/settings.service';
+import { JobsQueue } from '../../../jobs';
+import { ForgotPasswordDto, ResetPasswordDto, ResetPasswordWithPhoneDto, ChangePasswordDto } from '../dto/password.dto';
+export declare class PasswordService {
+    private readonly usersService;
+    private readonly tokenService;
+    private readonly providerRegistry;
+    private readonly resetAuditRepo;
+    private readonly redis;
+    private readonly settingsService;
+    private readonly configService;
+    private readonly jobsQueue;
+    private readonly logger;
+    constructor(usersService: UsersService, tokenService: TokenService, providerRegistry: AuthProviderRegistry, resetAuditRepo: Repository<PasswordResetToken>, redis: IORedis | null, settingsService: SettingsService, configService: ConfigService, jobsQueue: JobsQueue | null);
+    forgotPassword(dto: ForgotPasswordDto): Promise<{
+        message: string;
+    }>;
+    resetPassword(dto: ResetPasswordDto, ipAddress?: string): Promise<{
+        message: string;
+    }>;
+    resetPasswordWithPhone(dto: ResetPasswordWithPhoneDto, _ipAddress?: string): Promise<{
+        message: string;
+    }>;
+    changePassword(userId: string, dto: ChangePasswordDto): Promise<{
+        message: string;
+    }>;
+    private storeNativeResetToken;
+    private consumeNativeResetToken;
+    private assertRedis;
+    private hashIdentity;
+}
+//# sourceMappingURL=password.service.d.ts.map

package/dist/modules/auth/services/password.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"password.service.d.ts","sourceRoot":"","sources":["../../../../modules/auth/services/password.service.ts"],"names":[],"mappings":"AAWA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAGrC,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,uCAAuC,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yCAAyC,CAAC;AAE7E,OAAO,EAAE,eAAe,EAAE,MAAM,0CAA0C,CAAC;AAE3E,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EACN,iBAAiB,EACjB,gBAAgB,EAChB,yBAAyB,EACzB,iBAAiB,EACjB,MAAM,qBAAqB,CAAC;AAI7B,qBACa,eAAe;IAI1B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IAEjC,OAAO,CAAC,QAAQ,CAAC,cAAc;IAG/B,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,aAAa;IAG9B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAf3B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAoC;gBAGzC,YAAY,EAAE,YAAY,EAC1B,YAAY,EAAE,YAAY,EAC1B,gBAAgB,EAAE,oBAAoB,EAEtC,cAAc,EAAE,UAAU,CAAC,kBAAkB,CAAC,EAG9C,KAAK,EAAE,OAAO,GAAG,IAAI,EACrB,eAAe,EAAE,eAAe,EAChC,aAAa,EAAE,aAAa,EAG5B,SAAS,EAAE,SAAS,GAAG,IAAI;IAavC,cAAc,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAiDpE,aAAa,CAAC,GAAG,EAAE,gBAAgB,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAkCtF,sBAAsB,CAC3B,GAAG,EAAE,yBAAyB,EAC9B,UAAU,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IA6BzB,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;YAoB5E,qBAAqB;YA0DrB,uBAAuB;IAYrC,OAAO,CAAC,WAAW;IAQnB,OAAO,CAAC,YAAY;CAGpB"}

package/dist/modules/auth/services/password.service.js ADDED Viewed

@@ -0,0 +1,213 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var PasswordService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PasswordService = void 0;
+const crypto_1 = require("crypto");
+const common_1 = require("@nestjs/common");
+const typeorm_1 = require("@nestjs/typeorm");
+const typeorm_2 = require("typeorm");
+const crypto_2 = require("crypto");
+const argon2 = __importStar(require("argon2"));
+const config_1 = require("@nestjs/config");
+const users_service_1 = require("../../users/services/users.service");
+const token_service_1 = require("../../sessions/services/token.service");
+const provider_registry_1 = require("../providers/provider.registry");
+const password_reset_token_entity_1 = require("../entities/password-reset-token.entity");
+const redis_module_1 = require("../../../config/redis.module");
+const settings_service_1 = require("../../settings/services/settings.service");
+const settings_keys_1 = require("../../settings/constants/settings.keys");
+const jobs_1 = require("../../../jobs");
+const KEY_PWD_RESET = 'pwd_reset:';
+let PasswordService = PasswordService_1 = class PasswordService {
+    constructor(usersService, tokenService, providerRegistry, resetAuditRepo, redis, settingsService, configService, jobsQueue) {
+        this.usersService = usersService;
+        this.tokenService = tokenService;
+        this.providerRegistry = providerRegistry;
+        this.resetAuditRepo = resetAuditRepo;
+        this.redis = redis;
+        this.settingsService = settingsService;
+        this.configService = configService;
+        this.jobsQueue = jobsQueue;
+        this.logger = new common_1.Logger(PasswordService_1.name);
+    }
+    async forgotPassword(dto) {
+        const SAFE_RESPONSE = {
+            message: 'If this email is registered, a reset link has been sent.',
+        };
+        const user = await this.usersService.findBy({ email: dto.email });
+        if (!user) {
+            this.logger.log({
+                event: 'FORGOT_PASSWORD_UNKNOWN_EMAIL',
+                email: this.hashIdentity(dto.email),
+            });
+            return SAFE_RESPONSE;
+        }
+        const provider = this.providerRegistry.getActiveProvider();
+        await provider.initiatePasswordReset(dto.email).catch((err) => {
+            this.logger.error({
+                event: 'FORGOT_PASSWORD_PROVIDER_ERROR',
+                userId: user.id,
+                provider: provider.name,
+                error: err?.message,
+            });
+        });
+        if (provider.name === 'native') {
+            await this.storeNativeResetToken(user.id, dto.email);
+        }
+        this.logger.log({
+            event: 'FORGOT_PASSWORD_INITIATED',
+            userId: user.id,
+            provider: provider.name,
+        });
+        return SAFE_RESPONSE;
+    }
+    async resetPassword(dto, ipAddress) {
+        const provider = this.providerRegistry.getActiveProvider();
+        await provider.resetPassword(dto.token, dto.newPassword);
+        const userId = await this.consumeNativeResetToken(dto.token);
+        const user = await this.usersService.findById(userId);
+        if (!user)
+            throw new common_1.NotFoundException('User not found.');
+        await this.usersService.setPasswordHash(userId, await argon2.hash(dto.newPassword));
+        await this.resetAuditRepo.save(this.resetAuditRepo.create({ userId, usedAt: new Date(), ipAddress }));
+        this.logger.log({ event: 'PASSWORD_RESET_SUCCESS', userId, method: 'email_token' });
+        return { message: 'Password reset successfully.' };
+    }
+    async resetPasswordWithPhone(dto, _ipAddress) {
+        const phoneNumber = await this.tokenService.verifyPhoneVerifiedToken(dto.verificationToken);
+        const user = await this.usersService.findBy({ phoneNumber });
+        if (!user)
+            throw new common_1.NotFoundException('No account found for this phone number.');
+        const provider = this.providerRegistry.getActiveProvider();
+        await provider.changePassword(user.id, undefined, dto.newPassword);
+        this.logger.log({
+            event: 'PASSWORD_RESET_SUCCESS',
+            userId: user.id,
+            method: 'phone_otp',
+            provider: provider.name,
+        });
+        return { message: 'Password reset successfully.' };
+    }
+    async changePassword(userId, dto) {
+        const user = await this.usersService.findById(userId);
+        if (!user)
+            throw new common_1.NotFoundException('User not found.');
+        const provider = this.providerRegistry.getActiveProvider();
+        await provider.changePassword(userId, dto.currentPassword, dto.newPassword);
+        this.logger.log({ event: 'PASSWORD_CHANGED', userId, provider: provider.name });
+        return { message: 'Password changed successfully.' };
+    }
+    async storeNativeResetToken(userId, email) {
+        this.assertRedis('storeNativeResetToken');
+        const rawToken = (0, crypto_2.randomUUID)();
+        const ttl = this.settingsService.get(settings_keys_1.SETTING_KEYS.TOKENS_PASSWORD_RESET_TTL_SECONDS);
+        const result = await this.redis.set(`${KEY_PWD_RESET}${rawToken}`, userId, 'EX', ttl, 'NX');
+        if (result !== 'OK') {
+            this.logger.error({ event: 'PASSWORD_RESET_REDIS_FAILED', userId });
+            throw new common_1.ServiceUnavailableException('Failed to generate reset token. Please try again.');
+        }
+        if (this.jobsQueue) {
+            const appUrl = this.configService.get('app.url') ?? '';
+            const resetUrl = `${appUrl}/auth/reset-password?token=${rawToken}`;
+            const ttlMinutes = Math.round(ttl / 60);
+            await this.jobsQueue.addSendEmail({
+                to: email,
+                subject: 'Reset your password',
+                template: 'password-reset',
+                data: {
+                    html: `
+						<p>Hi,</p>
+						<p>We received a request to reset your password. Click the link below to choose a new password:</p>
+						<p><a href="${resetUrl}" style="font-weight:bold">Reset Password</a></p>
+						<p>This link expires in ${ttlMinutes} minutes. If you did not request a password reset, you can safely ignore this email.</p>
+					`.trim(),
+                    text: `Reset your password: ${resetUrl}\n\nThis link expires in ${ttlMinutes} minutes.\n\nIf you did not request this, ignore this email.`,
+                },
+            });
+        }
+        else {
+            this.logger.warn({
+                event: 'PASSWORD_RESET_EMAIL_SKIPPED',
+                userId,
+                reason: 'JobsQueue unavailable',
+            });
+        }
+        this.logger.log({ event: 'PASSWORD_RESET_TOKEN_CREATED', userId });
+    }
+    async consumeNativeResetToken(rawToken) {
+        this.assertRedis('consumeNativeResetToken');
+        const userId = await this.redis.getdel(`${KEY_PWD_RESET}${rawToken}`);
+        if (!userId) {
+            throw new common_1.UnauthorizedException('Invalid or expired password reset token');
+        }
+        return userId;
+    }
+    assertRedis(method) {
+        if (!this.redis) {
+            throw new common_1.ServiceUnavailableException(`PasswordService.${method} requires Redis. Set REDIS_ENABLED=true in your environment.`);
+        }
+    }
+    hashIdentity(value) {
+        return (0, crypto_1.createHash)('sha256').update(value).digest('hex').slice(0, 16);
+    }
+};
+exports.PasswordService = PasswordService;
+exports.PasswordService = PasswordService = PasswordService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __param(3, (0, typeorm_1.InjectRepository)(password_reset_token_entity_1.PasswordResetToken)),
+    __param(4, (0, common_1.Optional)()),
+    __param(4, (0, common_1.Inject)(redis_module_1.REDIS_CLIENT)),
+    __param(7, (0, common_1.Optional)()),
+    __param(7, (0, common_1.Inject)(jobs_1.JobsQueue)),
+    __metadata("design:paramtypes", [users_service_1.UsersService,
+        token_service_1.TokenService,
+        provider_registry_1.AuthProviderRegistry,
+        typeorm_2.Repository, Object, settings_service_1.SettingsService,
+        config_1.ConfigService, Object])
+], PasswordService);
+//# sourceMappingURL=password.service.js.map

package/dist/modules/auth/services/password.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"password.service.js","sourceRoot":"","sources":["../../../../modules/auth/services/password.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mCAAoC;AACpC,2CAQwB;AACxB,6CAAmD;AACnD,qCAAqC;AACrC,mCAAoC;AACpC,+CAAiC;AAEjC,2CAA+C;AAC/C,sEAAkE;AAClE,yEAAqE;AACrE,sEAAsE;AACtE,yFAA6E;AAC7E,+DAA4D;AAC5D,+EAA2E;AAC3E,0EAAsE;AACtE,wCAA0C;AAQ1C,MAAM,aAAa,GAAG,YAAY,CAAC;AAG5B,IAAM,eAAe,uBAArB,MAAM,eAAe;IAG3B,YACkB,YAA0B,EAC1B,YAA0B,EAC1B,gBAAsC,EAEvD,cAA+D,EAG/D,KAAsC,EACrB,eAAgC,EAChC,aAA4B,EAG7C,SAA4C;QAZ3B,iBAAY,GAAZ,YAAY,CAAc;QAC1B,iBAAY,GAAZ,YAAY,CAAc;QAC1B,qBAAgB,GAAhB,gBAAgB,CAAsB;QAEtC,mBAAc,GAAd,cAAc,CAAgC;QAG9C,UAAK,GAAL,KAAK,CAAgB;QACrB,oBAAe,GAAf,eAAe,CAAiB;QAChC,kBAAa,GAAb,aAAa,CAAe;QAG5B,cAAS,GAAT,SAAS,CAAkB;QAf5B,WAAM,GAAG,IAAI,eAAM,CAAC,iBAAe,CAAC,IAAI,CAAC,CAAC;IAgBxD,CAAC;IAYJ,KAAK,CAAC,cAAc,CAAC,GAAsB;QAC1C,MAAM,aAAa,GAAG;YACrB,OAAO,EAAE,0DAA0D;SACnE,CAAC;QAEF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;QAElE,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;gBACf,KAAK,EAAE,+BAA+B;gBACtC,KAAK,EAAE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC;aACnC,CAAC,CAAC;YACH,OAAO,aAAa,CAAC;QACtB,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;QAE3D,MAAM,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;gBACjB,KAAK,EAAE,gCAAgC;gBACvC,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,QAAQ,EAAE,QAAQ,CAAC,IAAI;gBACvB,KAAK,EAAE,GAAG,EAAE,OAAO;aACnB,CAAC,CAAC;QAEJ,CAAC,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAChC,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;YACf,KAAK,EAAE,2BAA2B;YAClC,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,QAAQ,EAAE,QAAQ,CAAC,IAAI;SACvB,CAAC,CAAC;QAEH,OAAO,aAAa,CAAC;IACtB,CAAC;IAWD,KAAK,CAAC,aAAa,CAAC,GAAqB,EAAE,SAAkB;QAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;QAG3D,MAAM,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;QAGzD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAE7D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,0BAAiB,CAAC,iBAAiB,CAAC,CAAC;QAE1D,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC;QAGpF,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAC7B,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,CACrE,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;QAEpF,OAAO,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;IACpD,CAAC;IAYD,KAAK,CAAC,sBAAsB,CAC3B,GAA8B,EAC9B,UAAmB;QAEnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAE5F,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,0BAAiB,CAAC,yCAAyC,CAAC,CAAC;QAElF,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;QAG3D,MAAM,QAAQ,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;QAEnE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;YACf,KAAK,EAAE,wBAAwB;YAC/B,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,MAAM,EAAE,WAAW;YACnB,QAAQ,EAAE,QAAQ,CAAC,IAAI;SACvB,CAAC,CAAC;QAEH,OAAO,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;IACpD,CAAC;IAUD,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,GAAsB;QAC1D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,0BAAiB,CAAC,iBAAiB,CAAC,CAAC;QAE1D,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;QAE3D,MAAM,QAAQ,CAAC,cAAc,CAAC,MAAM,EAAE,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;QAE5E,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAEhF,OAAO,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;IACtD,CAAC;IASO,KAAK,CAAC,qBAAqB,CAAC,MAAc,EAAE,KAAa;QAChE,IAAI,CAAC,WAAW,CAAC,uBAAuB,CAAC,CAAC;QAE1C,MAAM,QAAQ,GAAG,IAAA,mBAAU,GAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CACnC,4BAAY,CAAC,iCAAiC,CAC9C,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAM,CAAC,GAAG,CACnC,GAAG,aAAa,GAAG,QAAQ,EAAE,EAC7B,MAAM,EACN,IAAI,EACJ,GAAG,EACH,IAAI,CACJ,CAAC;QAEF,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACrB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,MAAM,EAAE,CAAC,CAAC;YACpE,MAAM,IAAI,oCAA2B,CACpC,mDAAmD,CACnD,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,SAAS,CAAC,IAAI,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAG,GAAG,MAAM,8BAA8B,QAAQ,EAAE,CAAC;YACnE,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC;YAExC,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;gBACjC,EAAE,EAAE,KAAK;gBACT,OAAO,EAAE,qBAAqB;gBAC9B,QAAQ,EAAE,gBAAgB;gBAC1B,IAAI,EAAE;oBACL,IAAI,EAAE;;;oBAGS,QAAQ;gCACI,UAAU;MACpC,CAAC,IAAI,EAAE;oBACR,IAAI,EAAE,wBAAwB,QAAQ,4BAA4B,UAAU,8DAA8D;iBAC1I;aACD,CAAC,CAAC;QACJ,CAAC;aAAM,CAAC;YACP,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBAChB,KAAK,EAAE,8BAA8B;gBACrC,MAAM;gBACN,MAAM,EAAE,uBAAuB;aAC/B,CAAC,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,MAAM,EAAE,CAAC,CAAC;IACpE,CAAC;IAOO,KAAK,CAAC,uBAAuB,CAAC,QAAgB;QACrD,IAAI,CAAC,WAAW,CAAC,yBAAyB,CAAC,CAAC;QAE5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAM,CAAC,MAAM,CAAC,GAAG,aAAa,GAAG,QAAQ,EAAE,CAAC,CAAC;QAEvE,IAAI,CAAC,MAAM,EAAE,CAAC;YACb,MAAM,IAAI,8BAAqB,CAAC,yCAAyC,CAAC,CAAC;QAC5E,CAAC;QAED,OAAO,MAAM,CAAC;IACf,CAAC;IAEO,WAAW,CAAC,MAAc;QACjC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACjB,MAAM,IAAI,oCAA2B,CACpC,mBAAmB,MAAM,8DAA8D,CACvF,CAAC;QACH,CAAC;IACF,CAAC;IAEO,YAAY,CAAC,KAAa;QACjC,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACtE,CAAC;CACD,CAAA;AArPY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;IAQV,WAAA,IAAA,0BAAgB,EAAC,gDAAkB,CAAC,CAAA;IAEpC,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,eAAM,EAAC,2BAAY,CAAC,CAAA;IAIpB,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,eAAM,EAAC,gBAAS,CAAC,CAAA;qCAXa,4BAAY;QACZ,4BAAY;QACR,wCAAoB;QAEtB,oBAAU,UAIT,kCAAe;QACjB,sBAAa;GAblC,eAAe,CAqP3B"}

package/dist/modules/auth/services/registration.service.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import { UsersService } from '../../users/services/users.service';
+import { TokenService } from '../../sessions/services/token.service';
+import { TokenResponse } from '../dto/token.dto';
+import { RegisterDto, AcceptInviteDto } from '../dto/register.dto';
+import { InviteService } from '../../users/services/invite.service';
+import { AuthProviderRegistry } from '../providers';
+import { RolesService } from '../../roles/services/roles.service';
+import { UserRolesService } from '../../roles/services/user-roles.service';
+import { SettingsService } from '../../settings/services/settings.service';
+export declare class RegistrationService {
+    private readonly usersService;
+    private readonly tokenService;
+    private readonly inviteService;
+    private readonly providerRegistry;
+    private readonly rolesService;
+    private readonly userRolesService;
+    private readonly settingsService;
+    private readonly logger;
+    constructor(usersService: UsersService, tokenService: TokenService, inviteService: InviteService, providerRegistry: AuthProviderRegistry, rolesService: RolesService, userRolesService: UserRolesService, settingsService: SettingsService);
+    register(dto: RegisterDto, deviceInfo?: string, ipAddress?: string): Promise<TokenResponse>;
+    acceptInvite(dto: AcceptInviteDto, deviceInfo?: string, ipAddress?: string): Promise<TokenResponse>;
+    private registerWithPhone;
+    private registerWithEmail;
+    private assertEmailUnique;
+    private assertPhoneUnique;
+    private extractCountryCode;
+    private assignDefaultRole;
+    private logRegistration;
+}
+//# sourceMappingURL=registration.service.d.ts.map

package/dist/modules/auth/services/registration.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"registration.service.d.ts","sourceRoot":"","sources":["../../../../modules/auth/services/registration.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,uCAAuC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAgB,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAElE,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,eAAe,EAAE,MAAM,0CAA0C,CAAC;AAG3E,qBACa,mBAAmB;IAI9B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,eAAe;IATjC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwC;gBAG7C,YAAY,EAAE,YAAY,EAC1B,YAAY,EAAE,YAAY,EAC1B,aAAa,EAAE,aAAa,EAC5B,gBAAgB,EAAE,oBAAoB,EACtC,YAAY,EAAE,YAAY,EAC1B,gBAAgB,EAAE,gBAAgB,EAClC,eAAe,EAAE,eAAe;IAK5C,QAAQ,CACb,GAAG,EAAE,WAAW,EAChB,UAAU,CAAC,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC;IAOnB,YAAY,CACjB,GAAG,EAAE,eAAe,EACpB,UAAU,CAAC,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC;YAuEX,iBAAiB;YA0CjB,iBAAiB;YA2DjB,iBAAiB;YAKjB,iBAAiB;IAQ/B,OAAO,CAAC,kBAAkB;YAWZ,iBAAiB;IAkB/B,OAAO,CAAC,eAAe;CAiBvB"}