@spinajs/rbac-http-user 2.0.187 → 2.0.189

package/lib/cjs/index.js

@@ -0,0 +1,21 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./controllers/LoginController.js"), exports);
+// export * from './controllers/UserController.js';
+// export * from './2fa/SpeakEasy2FaToken.js';
+// export * from "./fingerprint/FingerprintJs.js";
+//# sourceMappingURL=index.js.map

package/lib/cjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mEAAiD;AACjD,mDAAmD;AACnD,8CAA8C;AAC9C,kDAAkD"}

package/lib/cjs/middlewares/AttributeFilter.d.ts

@@ -0,0 +1,11 @@
+import { RouteMiddleware, IController, IRoute } from '@spinajs/http';
+/**
+ * Filters attributes of db models
+ */
+export declare class FilterAttribute extends RouteMiddleware {
+    onResponse(): Promise<void>;
+    isEnabled(_action: IRoute, _instance: IController): boolean;
+    onBefore(): Promise<void>;
+    onAfter(): Promise<void>;
+}
+//# sourceMappingURL=AttributeFilter.d.ts.map

package/lib/cjs/middlewares/AttributeFilter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AttributeFilter.d.ts","sourceRoot":"","sources":["../../../src/middlewares/AttributeFilter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAErE;;GAEG;AACH,qBAAa,eAAgB,SAAQ,eAAe;IACrC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAEjC,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,GAAG,OAAO;IAKrD,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAGzB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CACtC"}

package/lib/cjs/middlewares/AttributeFilter.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FilterAttribute = void 0;
+const http_1 = require("@spinajs/http");
+/**
+ * Filters attributes of db models
+ */
+class FilterAttribute extends http_1.RouteMiddleware {
+    async onResponse() { }
+    isEnabled(_action, _instance) {
+        return true;
+    }
+    // tslint:disable-next-line: no-empty
+    async onBefore() { }
+    // tslint:disable-next-line: no-empty
+    async onAfter() { }
+}
+exports.FilterAttribute = FilterAttribute;
+//# sourceMappingURL=AttributeFilter.js.map

package/lib/cjs/middlewares/AttributeFilter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AttributeFilter.js","sourceRoot":"","sources":["../../../src/middlewares/AttributeFilter.ts"],"names":[],"mappings":";;;AAAA,wCAAqE;AAErE;;GAEG;AACH,MAAa,eAAgB,SAAQ,sBAAe;IAC3C,KAAK,CAAC,UAAU,KAAmB,CAAC;IAEpC,SAAS,CAAC,OAAe,EAAE,SAAsB;QACtD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qCAAqC;IAC9B,KAAK,CAAC,QAAQ,KAAmB,CAAC;IAEzC,qCAAqC;IAC9B,KAAK,CAAC,OAAO,KAAmB,CAAC;CACzC;AAZD,0CAYC"}

package/lib/cjs/package.json

@@ -0,0 +1 @@
+{"type":"commonjs"}

package/lib/cjs/policies/2FaPolicy.d.ts

@@ -0,0 +1,8 @@
+import { BasePolicy } from '@spinajs/http';
+import { TwoFactorAuthConfig } from '@spinajs/rbac-http';
+export declare class TwoFacRouteEnabled extends BasePolicy {
+    protected TwoFactorConfig: TwoFactorAuthConfig;
+    isEnabled(): boolean;
+    execute(): Promise<void>;
+}
+//# sourceMappingURL=2FaPolicy.d.ts.map

package/lib/cjs/policies/2FaPolicy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"2FaPolicy.d.ts","sourceRoot":"","sources":["../../../src/policies/2FaPolicy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAEzD,qBAAa,kBAAmB,SAAQ,UAAU;IAEhD,SAAS,CAAC,eAAe,EAAE,mBAAmB,CAAC;IAExC,SAAS,IAAI,OAAO;IAGpB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAOhC"}

package/lib/cjs/policies/2FaPolicy.js

@@ -0,0 +1,32 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TwoFacRouteEnabled = void 0;
+const exceptions_1 = require("@spinajs/exceptions");
+const configuration_1 = require("@spinajs/configuration");
+const http_1 = require("@spinajs/http");
+class TwoFacRouteEnabled extends http_1.BasePolicy {
+    isEnabled() {
+        return true;
+    }
+    execute() {
+        if (this.TwoFactorConfig.enabled === false) {
+            throw new exceptions_1.InvalidOperation('2 factor auth is not enabled');
+        }
+        return Promise.resolve();
+    }
+}
+exports.TwoFacRouteEnabled = TwoFacRouteEnabled;
+__decorate([
+    (0, configuration_1.Config)('rbac.twoFactorAuth'),
+    __metadata("design:type", Object)
+], TwoFacRouteEnabled.prototype, "TwoFactorConfig", void 0);
+//# sourceMappingURL=2FaPolicy.js.map

package/lib/cjs/policies/2FaPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"2FaPolicy.js","sourceRoot":"","sources":["../../../src/policies/2FaPolicy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAuD;AACvD,0DAAgD;AAChD,wCAA2C;AAG3C,MAAa,kBAAmB,SAAQ,iBAAU;IAIzC,SAAS;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IACM,OAAO;QACZ,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,KAAK,KAAK,EAAE;YAC1C,MAAM,IAAI,6BAAgB,CAAC,8BAA8B,CAAC,CAAC;SAC5D;QAED,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF;AAdD,gDAcC;AAZW;IADT,IAAA,sBAAM,EAAC,oBAAoB,CAAC;;2DACkB"}

package/lib/cjs/policies/AllowFederatedLoginPolicy.d.ts

@@ -0,0 +1,7 @@
+import { BasePolicy } from '@spinajs/http';
+export declare class AllowFederatedLoginPolicy extends BasePolicy {
+    protected allowFeredatedLogin: boolean;
+    isEnabled(): boolean;
+    execute(): Promise<void>;
+}
+//# sourceMappingURL=AllowFederatedLoginPolicy.d.ts.map

package/lib/cjs/policies/AllowFederatedLoginPolicy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AllowFederatedLoginPolicy.d.ts","sourceRoot":"","sources":["../../../src/policies/AllowFederatedLoginPolicy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE3C,qBAAa,yBAA0B,SAAQ,UAAU;IAEvD,SAAS,CAAC,mBAAmB,EAAE,OAAO,CAAC;IAEhC,SAAS,IAAI,OAAO;IAGpB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAOhC"}

package/lib/cjs/policies/AllowFederatedLoginPolicy.js

@@ -0,0 +1,32 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AllowFederatedLoginPolicy = void 0;
+const exceptions_1 = require("@spinajs/exceptions");
+const configuration_1 = require("@spinajs/configuration");
+const http_1 = require("@spinajs/http");
+class AllowFederatedLoginPolicy extends http_1.BasePolicy {
+    isEnabled() {
+        return true;
+    }
+    execute() {
+        if (!this.allowFeredatedLogin) {
+            throw new exceptions_1.InvalidOperation('federated login is not enabled');
+        }
+        return Promise.resolve();
+    }
+}
+exports.AllowFederatedLoginPolicy = AllowFederatedLoginPolicy;
+__decorate([
+    (0, configuration_1.Config)('rbac.allowFederated'),
+    __metadata("design:type", Boolean)
+], AllowFederatedLoginPolicy.prototype, "allowFeredatedLogin", void 0);
+//# sourceMappingURL=AllowFederatedLoginPolicy.js.map

package/lib/cjs/policies/AllowFederatedLoginPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AllowFederatedLoginPolicy.js","sourceRoot":"","sources":["../../../src/policies/AllowFederatedLoginPolicy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAuD;AACvD,0DAAgD;AAChD,wCAA2C;AAE3C,MAAa,yBAA0B,SAAQ,iBAAU;IAIhD,SAAS;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IACM,OAAO;QACZ,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE;YAC7B,MAAM,IAAI,6BAAgB,CAAC,gCAAgC,CAAC,CAAC;SAC9D;QAED,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF;AAdD,8DAcC;AAZW;IADT,IAAA,sBAAM,EAAC,qBAAqB,CAAC;;sEACS"}

package/lib/cjs/policies/CaptchaPolicy.d.ts

@@ -0,0 +1 @@
+//# sourceMappingURL=CaptchaPolicy.d.ts.map

package/lib/cjs/policies/CaptchaPolicy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CaptchaPolicy.d.ts","sourceRoot":"","sources":["../../../src/policies/CaptchaPolicy.ts"],"names":[],"mappings":""}

package/lib/cjs/policies/CaptchaPolicy.js

@@ -0,0 +1 @@
+//# sourceMappingURL=CaptchaPolicy.js.map

package/lib/cjs/policies/CaptchaPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CaptchaPolicy.js","sourceRoot":"","sources":["../../../src/policies/CaptchaPolicy.ts"],"names":[],"mappings":""}

package/lib/mjs/2fa/SpeakEasy2FaToken.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=SpeakEasy2FaToken.d.ts.map

package/lib/mjs/2fa/SpeakEasy2FaToken.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SpeakEasy2FaToken.d.ts","sourceRoot":"","sources":["../../../src/2fa/SpeakEasy2FaToken.ts"],"names":[],"mappings":""}

package/lib/mjs/2fa/SpeakEasy2FaToken.js

@@ -0,0 +1,49 @@
+// import { Injectable } from '@spinajs/di';
+// import * as speakeasy from 'speakeasy';
+// import { User } from '@spinajs/rbac';
+// import { Config } from '@spinajs/configuration';
+// import { Log, Logger } from '@spinajs/log';
+export {};
+// @Injectable(TwoFactorAuthProvider)
+// export class SpeakEasy2FaToken extends TwoFactorAuthProvider {
+//   @Config('rbac.speakeasy')
+//   protected Config: any;
+//   @Logger('SPEAKEASY_2FA_TOKEN')
+//   protected Log: Log;
+//   constructor() {
+//     super();
+//   }
+//   public execute(_: User): Promise<void> {
+//     // empty, speakasy works offline eg. google authenticator
+//     // we dont send any email or sms
+//     return Promise.resolve();
+//   }
+//   public async verifyToken(token: string, user: User): Promise<boolean> {
+//     const meta = user.Metadata.find((x) => x.Key === '2fa_speakeasy_token');
+//     if (!meta || meta.Value === '') {
+//       this.Log.trace(`Cannot verify 2fa token, no 2fa token for user ${user.Id}`);
+//       return false;
+//     }
+//     const verified = speakeasy.totp.verify({
+//       secret: meta.Value,
+//       encoding: 'base32',
+//       token,
+//       window: 5,
+//     });
+//     return verified;
+//   }
+//   public async initialize(user: User): Promise<any> {
+//     const secret = speakeasy.generateSecret(this.Config);
+//     await (user.Metadata['2fa_speakeasy_token'] = secret.base32);
+//     return secret.base32;
+//   }
+//   public async isEnabled(user: User): Promise<boolean> {
+//     const val = await user.Metadata['2fa_enabled'];
+//     return val as boolean;
+//   }
+//   public async isInitialized(user: User): Promise<boolean> {
+//     const val = await user.Metadata['2fa_speakeasy_token'];
+//     return val !== '';
+//   }
+// }
+//# sourceMappingURL=SpeakEasy2FaToken.js.map

package/lib/mjs/2fa/SpeakEasy2FaToken.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SpeakEasy2FaToken.js","sourceRoot":"","sources":["../../../src/2fa/SpeakEasy2FaToken.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,0CAA0C;AAC1C,wCAAwC;AACxC,mDAAmD;AACnD,8CAA8C;;AAE9C,qCAAqC;AACrC,iEAAiE;AACjE,8BAA8B;AAC9B,2BAA2B;AAE3B,mCAAmC;AACnC,wBAAwB;AAExB,oBAAoB;AACpB,eAAe;AACf,MAAM;AAEN,6CAA6C;AAC7C,gEAAgE;AAChE,uCAAuC;AACvC,gCAAgC;AAChC,MAAM;AAEN,4EAA4E;AAC5E,+EAA+E;AAE/E,wCAAwC;AACxC,qFAAqF;AAErF,sBAAsB;AACtB,QAAQ;AAER,+CAA+C;AAC/C,4BAA4B;AAC5B,4BAA4B;AAC5B,eAAe;AACf,mBAAmB;AACnB,UAAU;AAEV,uBAAuB;AACvB,MAAM;AAEN,wDAAwD;AACxD,4DAA4D;AAC5D,oEAAoE;AACpE,4BAA4B;AAC5B,MAAM;AAEN,2DAA2D;AAC3D,sDAAsD;AACtD,6BAA6B;AAC7B,MAAM;AAEN,+DAA+D;AAC/D,8DAA8D;AAC9D,yBAAyB;AACzB,MAAM;AACN,IAAI"}

package/lib/mjs/config/rbac-http.d.ts

@@ -0,0 +1,34 @@
+declare const rbacHttp: {
+    system: {
+        dirs: {
+            controllers: string[];
+            locales: string[];
+            views: string[];
+        };
+    };
+    rbac: {
+        twoFactorAuth: {
+            enabled: boolean;
+            service: string;
+        };
+        fingerprint: {
+            enabled: boolean;
+            maxDevices: number;
+            service: string;
+        };
+        password: {
+            tokenTTL: number;
+            /**
+             * Block account after invalid login attempts
+             */
+            blockAfterAttempts: number;
+        };
+        /**
+         * Should federated login be enabled ? eg. facebook
+         */
+        allowFederated: boolean;
+    };
+    http: {};
+};
+export default rbacHttp;
+//# sourceMappingURL=rbac-http.d.ts.map

package/lib/mjs/config/rbac-http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-http.d.ts","sourceRoot":"","sources":["../../../src/config/rbac-http.ts"],"names":[],"mappings":"AAQA,QAAA,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;YAsBR;;eAEG;;;QAGL;;WAEG;;;;CAQN,CAAC;AAEF,eAAe,QAAQ,CAAC"}

package/lib/mjs/config/rbac-http.js

@@ -0,0 +1,44 @@
+import { join, normalize, resolve } from 'path';
+function dir(path) {
+    const inCommonJs = typeof module !== 'undefined';
+    return resolve(normalize(join(process.cwd(), 'node_modules', '@spinajs', 'rbac-http-user', 'lib', inCommonJs ? 'cjs' : 'mjs', path)));
+}
+const rbacHttp = {
+    system: {
+        dirs: {
+            controllers: [dir('controllers')],
+            locales: [dir('locales')],
+            views: [dir('views')],
+        },
+    },
+    rbac: {
+        twoFactorAuth: {
+            enabled: true,
+            service: 'SpeakEasy2FaToken',
+        },
+        fingerprint: {
+            enabled: false,
+            maxDevices: 3,
+            service: 'FingerprintJs',
+        },
+        password: {
+            // password reset token ttl in minutes
+            tokenTTL: 60,
+            /**
+             * Block account after invalid login attempts
+             */
+            blockAfterAttempts: 3,
+        },
+        /**
+         * Should federated login be enabled ? eg. facebook
+         */
+        allowFederated: false,
+    },
+    http: {
+    // middlewares: [
+    //   // add global user from session middleware
+    // ],
+    },
+};
+export default rbacHttp;
+//# sourceMappingURL=rbac-http.js.map

package/lib/mjs/config/rbac-http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-http.js","sourceRoot":"","sources":["../../../src/config/rbac-http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAEhD,SAAS,GAAG,CAAC,IAAY;IACvB,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,WAAW,CAAC;IACjD,OAAO,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,UAAU,EAAE,gBAAgB,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACxI,CAAC;AAGD,MAAM,QAAQ,GAAG;IACf,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,WAAW,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACjC,OAAO,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACzB,KAAK,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;SACtB;KACF;IACD,IAAI,EAAE;QACJ,aAAa,EAAE;YACb,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,mBAAmB;SAC7B;QACD,WAAW,EAAE;YACX,OAAO,EAAE,KAAK;YACd,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,eAAe;SACzB;QACD,QAAQ,EAAE;YACR,sCAAsC;YACtC,QAAQ,EAAE,EAAE;YAEZ;;eAEG;YACH,kBAAkB,EAAE,CAAC;SACtB;QACD;;WAEG;QACH,cAAc,EAAE,KAAK;KACtB;IACD,IAAI,EAAE;IACJ,iBAAiB;IACjB,+CAA+C;IAC/C,KAAK;KACN;CACF,CAAC;AAEF,eAAe,QAAQ,CAAC"}

package/lib/mjs/controllers/AuthController.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=AuthController.d.ts.map

package/lib/mjs/controllers/AuthController.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthController.d.ts","sourceRoot":"","sources":["../../../src/controllers/AuthController.ts"],"names":[],"mappings":""}

package/lib/mjs/controllers/AuthController.js

@@ -0,0 +1,212 @@
+// import { InvalidOperation } from '@spinajs/exceptions';
+// import { UserLoginDto } from '../dto/userLogin-dto.js';
+// import { BaseController, BasePath, Post, Body, Ok, Get, Cookie, CookieResponse, Unauthorized, Policy, Query, BadRequest, NotFound } from '@spinajs/http';
+// import { AuthProvider, FederatedAuthProvider, PasswordProvider, PasswordValidationProvider, Session, SessionProvider, User, User as UserModel, UserMetadata, UserPasswordChanged } from '@spinajs/rbac';
+// import { Autoinject } from '@spinajs/di';
+// import { AutoinjectService, Config, Configuration } from '@spinajs/configuration';
+// import _ from 'lodash';
+// import { FingerprintProvider, TwoFactorAuthProvider } from '../interfaces.js';
+// import { QueueService } from '@spinajs/queue';
+export {};
+// import { NotLoggedPolicy } from '../policies/NotLoggedPolicy.js';
+// import { UserPasswordRestore } from '../events/UserPassordRestore.js';
+// import { RestorePasswordDto } from '../dto/restore-password-dto.js';
+// import { v4 as uuidv4 } from 'uuid';
+// import { DateTime } from 'luxon';
+// import { UserAction } from '@spinajs/rbac';
+// import { UserLoginSuccess } from '../events/UserLoginSuccess.js';
+// @BasePath('auth')
+// @Policy(NotLoggedPolicy)
+// export class LoginController extends BaseController {
+//   @Autoinject()
+//   protected Configuration: Configuration;
+//   @AutoinjectService('rbac.auth')
+//   protected AuthProvider: AuthProvider;
+//   @AutoinjectService('rbac.session')
+//   protected SessionProvider: SessionProvider;
+//   @Config('rbac.session.expiration', {
+//     defaultValue: 120,
+//   })
+//   protected SessionExpirationTime: number;
+//   @Config('rbac.password_reset.ttl')
+//   protected PasswordResetTokenTTL: number;
+//   @AutoinjectService('rbac.twoFactorAuth')
+//   protected TwoFactorAuthProvider: TwoFactorAuthProvider;
+//   @AutoinjectService('rbac.fingerprint')
+//   protected FingerprintProvider: FingerprintProvider;
+//   @AutoinjectService('rbac.password.validation')
+//   protected PasswordValidationService: PasswordValidationProvider;
+//   @Autoinject(FederatedAuthProvider)
+//   protected FederatedLoginStrategies: FederatedAuthProvider<any>[];
+//   @Autoinject()
+//   protected PasswordProvider: PasswordProvider;
+//   @Autoinject(QueueService)
+//   protected Queue: QueueService;
+//   @Post()
+//   public async login(@Body() credentials: UserLoginDto) {
+//     const result = await this.AuthProvider.authenticate(credentials.Email, credentials.Password);
+//     if (!result.Error) {
+//       // proceed with standard authentication
+//       return await this.authenticate(result.User);
+//     }
+//     return new Unauthorized(result.Error);
+//   }
+//   @Post('new-password')
+//   public async setNewPassword(@Query() token: string, @Body() pwd: RestorePasswordDto) {
+//     const user = await User.query()
+//       .innerJoin(UserMetadata, function () {
+//         this.where({
+//           Key: 'password:reset:token',
+//           Value: token,
+//         });
+//       })
+//       .populate('Metadata')
+//       .first();
+//     if (!user) {
+//       return new NotFound({
+//         error: {
+//           code: 'ERR_USER_NOT_FOUND',
+//           message: 'No user found for this reset token',
+//         },
+//       });
+//     }
+//     const val = (await user.Metadata['password:reset:start']) as DateTime;
+//     const now = DateTime.now().plus({ seconds: -this.PasswordResetTokenTTL });
+//     if (val < now) {
+//       return new BadRequest({
+//         error: {
+//           code: 'ERR_RESET_TOKEN_EXPIRED',
+//           message: 'Password reset token expired',
+//         },
+//       });
+//     }
+//     if (!this.PasswordValidationService.check(pwd.Password)) {
+//       return new BadRequest({
+//         error: {
+//           code: 'ERR_PASSWORD_RULE',
+//           message: 'Invalid password, does not match password rules',
+//         },
+//       });
+//     }
+//     if (pwd.Password !== pwd.ConfirmPassword) {
+//       return new BadRequest({
+//         error: {
+//           code: 'ERR_PASSWORD_NOT_MATCH',
+//           message: 'Password and repeat password does not match',
+//         },
+//       });
+//     }
+//     const hashedPassword = await this.PasswordProvider.hash(pwd.Password);
+//     user.Password = hashedPassword;
+//     await user.update();
+//     /**
+//      * Delete all reset related meta for user
+//      */
+//     await user.Metadata.delete(/password:reset.*/);
+//     // add to action list
+//     await user.Actions.add(
+//       new UserAction({
+//         Persistent: true,
+//         Action: 'password:reset',
+//       }),
+//     );
+//     // inform others
+//     await this.Queue.emit(new UserPasswordChanged(user.Uuid));
+//   }
+//   @Post('forgot-password')
+//   public async forgotPassword(@Body() login: UserLoginDto) {
+//     const user = await this.AuthProvider.getByEmail(login.Email);
+//     if (!user.IsActive || user.IsBanned || user.DeletedAt !== null) {
+//       return new InvalidOperation('User is inactive, banned or deleted. Contact system administrator');
+//     }
+//     const token = uuidv4();
+//     // assign meta to user
+//     await (user.Metadata['password:reset'] = true);
+//     await (user.Metadata['password:reset:token'] = token);
+//     await (user.Metadata['password:reset:start'] = DateTime.now());
+//     await user.Actions.add(
+//       new UserAction({
+//         Action: 'user:password:reset',
+//         Data: DateTime.now().toISO(),
+//         Persistent: true,
+//       }),
+//     );
+//     await this.Queue.emit(new UserPasswordRestore(user.Uuid, token));
+//     return new Ok({
+//       reset_token: token,
+//       ttl: this.PasswordResetTokenTTL,
+//     });
+//   }
+//   protected async authenticate(user: UserModel, federated?: boolean) {
+//     if (!user) {
+//       return new Unauthorized({
+//         error: {
+//           message: 'login or password incorrect',
+//         },
+//       });
+//     }
+//     await user.Metadata.populate();
+//     const session = new Session();
+//     const dUser = user.dehydrate();
+//     session.Data.set('User', dUser);
+//     // we found user but we still dont know if is authorized
+//     // eg. 2fa auth is not performed
+//     // create session, but user is not yet authorized
+//     session.Data.set('Authorized', false);
+//     // if its federated login, skip 2fa - assume
+//     // external login service provided it
+//     if (this.TwoFactorConfig.enabled || !federated) {
+//       await this.SessionProvider.save(session);
+//       const enabledForUser = await this.TwoFactorAuthProvider.isEnabled(user);
+//       /**
+//        * if 2fa is enabled for user, proceed
+//        */
+//       if (enabledForUser) {
+//         /**
+//          * check if 2fa system is initialized for user eg. private key is generated.
+//          */
+//         const isInitialized = await this.TwoFactorAuthProvider.isInitialized(user);
+//         if (!isInitialized) {
+//           const twoFaResult = await this.TwoFactorAuthProvider.initialize(user);
+//           return new CookieResponse(
+//             'ssid',
+//             session.SessionId,
+//             this.SessionExpirationTime,
+//             true,
+//             {
+//               toFactorAuth: true,
+//               twoFactorAuthFirstTime: true,
+//               method: this.TwoFactorConfig.service,
+//               data: twoFaResult,
+//             },
+//             { httpOnly: true },
+//           );
+//         }
+//         // give chance to execute 2fa eg. send sms or email
+//         await this.TwoFactorAuthProvider.execute(user);
+//         // return session to identify user
+//         // and only info that twoFactor auth is requested
+//         return new CookieResponse(
+//           'ssid',
+//           session.SessionId,
+//           this.SessionExpirationTime,
+//           true,
+//           {
+//             toFactorAuth: true,
+//           },
+//           { httpOnly: true },
+//         );
+//       }
+//     }
+//     // 2fa is not enabled, so we found user, it means it is logged
+//     session.Data.set('Authorized', true);
+//     await this.SessionProvider.save(session);
+//     await this.Queue.emit(new UserLoginSuccess(user.Uuid));
+//     user.LastLoginAt = DateTime.now();
+//     await user.update();
+//     // BEWARE: httpOnly coockie, only accesible via http method in browser
+//     // return coockie session id with additional user data
+//     return new CookieResponse('ssid', session.SessionId, this.SessionExpirationTime, true, dUser, { httpOnly: true });
+//   }
+// }
+//# sourceMappingURL=AuthController.js.map

package/lib/mjs/controllers/AuthController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthController.js","sourceRoot":"","sources":["../../../src/controllers/AuthController.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,0DAA0D;AAC1D,4JAA4J;AAC5J,2MAA2M;AAC3M,4CAA4C;AAC5C,qFAAqF;AACrF,0BAA0B;AAC1B,iFAAiF;AACjF,iDAAiD;;AAEjD,oEAAoE;AACpE,yEAAyE;AACzE,uEAAuE;AAEvE,uCAAuC;AACvC,oCAAoC;AACpC,8CAA8C;AAC9C,oEAAoE;AAEpE,oBAAoB;AACpB,2BAA2B;AAC3B,wDAAwD;AACxD,kBAAkB;AAClB,4CAA4C;AAE5C,oCAAoC;AACpC,0CAA0C;AAE1C,uCAAuC;AACvC,gDAAgD;AAEhD,yCAAyC;AACzC,yBAAyB;AACzB,OAAO;AACP,6CAA6C;AAE7C,uCAAuC;AACvC,6CAA6C;AAE7C,6CAA6C;AAC7C,4DAA4D;AAE5D,2CAA2C;AAC3C,wDAAwD;AAExD,mDAAmD;AACnD,qEAAqE;AAErE,uCAAuC;AACvC,sEAAsE;AAEtE,kBAAkB;AAClB,kDAAkD;AAElD,8BAA8B;AAC9B,mCAAmC;AAEnC,YAAY;AACZ,4DAA4D;AAC5D,oGAAoG;AAEpG,2BAA2B;AAC3B,gDAAgD;AAChD,qDAAqD;AACrD,QAAQ;AAER,6CAA6C;AAC7C,MAAM;AAEN,0BAA0B;AAC1B,2FAA2F;AAC3F,sCAAsC;AACtC,+CAA+C;AAC/C,uBAAuB;AACvB,yCAAyC;AACzC,0BAA0B;AAC1B,cAAc;AACd,WAAW;AACX,8BAA8B;AAC9B,kBAAkB;AAElB,mBAAmB;AACnB,8BAA8B;AAC9B,mBAAmB;AACnB,wCAAwC;AACxC,2DAA2D;AAC3D,aAAa;AACb,YAAY;AACZ,QAAQ;AAER,6EAA6E;AAC7E,iFAAiF;AAEjF,uBAAuB;AACvB,gCAAgC;AAChC,mBAAmB;AACnB,6CAA6C;AAC7C,qDAAqD;AACrD,aAAa;AACb,YAAY;AACZ,QAAQ;AAER,iEAAiE;AACjE,gCAAgC;AAChC,mBAAmB;AACnB,uCAAuC;AACvC,wEAAwE;AACxE,aAAa;AACb,YAAY;AACZ,QAAQ;AAER,kDAAkD;AAClD,gCAAgC;AAChC,mBAAmB;AACnB,4CAA4C;AAC5C,oEAAoE;AACpE,aAAa;AACb,YAAY;AACZ,QAAQ;AAER,6EAA6E;AAC7E,sCAAsC;AAEtC,2BAA2B;AAE3B,UAAU;AACV,gDAAgD;AAChD,UAAU;AACV,sDAAsD;AAEtD,4BAA4B;AAC5B,8BAA8B;AAC9B,yBAAyB;AACzB,4BAA4B;AAC5B,oCAAoC;AACpC,YAAY;AACZ,SAAS;AAET,uBAAuB;AACvB,iEAAiE;AACjE,MAAM;AAEN,6BAA6B;AAC7B,+DAA+D;AAC/D,oEAAoE;AAEpE,wEAAwE;AACxE,0GAA0G;AAC1G,QAAQ;AAER,8BAA8B;AAE9B,6BAA6B;AAC7B,sDAAsD;AACtD,6DAA6D;AAC7D,sEAAsE;AAEtE,8BAA8B;AAC9B,yBAAyB;AACzB,yCAAyC;AACzC,wCAAwC;AACxC,4BAA4B;AAC5B,YAAY;AACZ,SAAS;AAET,wEAAwE;AAExE,sBAAsB;AACtB,4BAA4B;AAC5B,yCAAyC;AACzC,UAAU;AACV,MAAM;AAIN,yEAAyE;AACzE,mBAAmB;AACnB,kCAAkC;AAClC,mBAAmB;AACnB,oDAAoD;AACpD,aAAa;AACb,YAAY;AACZ,QAAQ;AAER,sCAAsC;AAEtC,qCAAqC;AACrC,sCAAsC;AACtC,uCAAuC;AAEvC,+DAA+D;AAC/D,uCAAuC;AACvC,wDAAwD;AACxD,6CAA6C;AAE7C,mDAAmD;AACnD,4CAA4C;AAC5C,wDAAwD;AACxD,kDAAkD;AAElD,iFAAiF;AAEjF,YAAY;AACZ,+CAA+C;AAC/C,YAAY;AACZ,8BAA8B;AAC9B,cAAc;AACd,uFAAuF;AACvF,cAAc;AACd,sFAAsF;AACtF,gCAAgC;AAChC,mFAAmF;AAEnF,uCAAuC;AACvC,sBAAsB;AACtB,iCAAiC;AACjC,0CAA0C;AAC1C,oBAAoB;AACpB,gBAAgB;AAChB,oCAAoC;AACpC,8CAA8C;AAC9C,sDAAsD;AACtD,mCAAmC;AACnC,iBAAiB;AACjB,kCAAkC;AAClC,eAAe;AACf,YAAY;AAEZ,8DAA8D;AAC9D,0DAA0D;AAE1D,6CAA6C;AAC7C,4DAA4D;AAC5D,qCAAqC;AACrC,oBAAoB;AACpB,+BAA+B;AAC/B,wCAAwC;AACxC,kBAAkB;AAClB,cAAc;AACd,kCAAkC;AAClC,eAAe;AACf,gCAAgC;AAChC,aAAa;AACb,UAAU;AACV,QAAQ;AAER,qEAAqE;AACrE,4CAA4C;AAC5C,gDAAgD;AAEhD,8DAA8D;AAE9D,yCAAyC;AACzC,2BAA2B;AAE3B,6EAA6E;AAC7E,6DAA6D;AAC7D,yHAAyH;AACzH,MAAM;AACN,IAAI"}

package/lib/mjs/controllers/FederatedLoginController.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=FederatedLoginController.d.ts.map

package/lib/mjs/controllers/FederatedLoginController.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"FederatedLoginController.d.ts","sourceRoot":"","sources":["../../../src/controllers/FederatedLoginController.ts"],"names":[],"mappings":""}

package/lib/mjs/controllers/FederatedLoginController.js

@@ -0,0 +1,39 @@
+// import { InvalidOperation } from '@spinajs/exceptions';
+// import { BaseController, BasePath, Post, Body, Ok, Get, Unauthorized, Header, Policy } from '@spinajs/http';
+// import { FederatedAuthProvider } from '@spinajs/rbac';
+// import { Autoinject } from '@spinajs/di';
+// import _ from 'lodash';
+// import { AllowFederatedLoginPolicy } from '../policies/AllowFederatedLoginPolicy.js';
+export {};
+// @BasePath('user/auth')
+// export class LoginController extends BaseController {
+//   @Autoinject(FederatedAuthProvider)
+//   protected FederatedLoginStrategies: FederatedAuthProvider<any>[];
+//   @Post('federated-login')
+//   @Policy(AllowFederatedLoginPolicy)
+//   public async loginFederated(@Body() credentials: unknown, @Header('Host') caller: string) {
+//     const strategy = this.FederatedLoginStrategies.find((x) => x.callerCheck(caller));
+//     if (!strategy) {
+//       throw new InvalidOperation(`No auth stragegy registered for caller ${caller}`);
+//     }
+//     const result = await strategy.authenticate(credentials);
+//     if (!result.Error) {
+//       // proceed with standard authentication
+//       return await this.authenticate(result.User);
+//     }
+//     return new Unauthorized(result.Error);
+//   }
+//   /**
+//    *
+//    * Api call for listing avaible federated login strategies
+//    *
+//    * @returns response with avaible login strategies
+//    */
+//   @Get()
+//   @Policy(NotLoggedPolicy)
+//   @Policy(AllowFederatedLoginPolicy)
+//   public async federatedLoginList() {
+//     return new Ok(this.FederatedLoginStrategies.map((x) => x.Name));
+//   }
+// }
+//# sourceMappingURL=FederatedLoginController.js.map

package/lib/mjs/controllers/FederatedLoginController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"FederatedLoginController.js","sourceRoot":"","sources":["../../../src/controllers/FederatedLoginController.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,+GAA+G;AAC/G,yDAAyD;AACzD,4CAA4C;AAC5C,0BAA0B;AAC1B,wFAAwF;;AAExF,yBAAyB;AACzB,wDAAwD;AACxD,uCAAuC;AACvC,sEAAsE;AAEtE,6BAA6B;AAC7B,uCAAuC;AACvC,gGAAgG;AAChG,yFAAyF;AACzF,uBAAuB;AACvB,wFAAwF;AACxF,QAAQ;AAER,+DAA+D;AAC/D,2BAA2B;AAC3B,gDAAgD;AAChD,qDAAqD;AACrD,QAAQ;AAER,6CAA6C;AAC7C,MAAM;AAEN,QAAQ;AACR,OAAO;AACP,+DAA+D;AAC/D,OAAO;AACP,uDAAuD;AACvD,QAAQ;AACR,WAAW;AACX,6BAA6B;AAC7B,uCAAuC;AACvC,wCAAwC;AACxC,uEAAuE;AACvE,MAAM;AACN,IAAI"}

package/lib/mjs/controllers/LoginController.d.ts

@@ -0,0 +1,13 @@
+import { UserLoginDto } from '../dto/userLogin-dto.js';
+import { BaseController, Ok, Unauthorized } from '@spinajs/http';
+import { AuthProvider, SessionProvider } from '@spinajs/rbac';
+import { Configuration } from '@spinajs/configuration';
+export declare class LoginController extends BaseController {
+    protected Configuration: Configuration;
+    protected AuthProvider: AuthProvider;
+    protected SessionProvider: SessionProvider;
+    protected SessionExpirationTime: number;
+    login(credentials: UserLoginDto): Promise<Ok | Unauthorized>;
+    logout(ssid: string): Promise<Ok>;
+}
+//# sourceMappingURL=LoginController.d.ts.map

package/lib/mjs/controllers/LoginController.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"LoginController.d.ts","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAwB,EAAE,EAAe,YAAY,EAAU,MAAM,eAAe,CAAC;AAC5G,OAAO,EAAE,YAAY,EAAE,eAAe,EAAqB,MAAM,eAAe,CAAC;AAEjF,OAAO,EAA6B,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAIlF,qBACa,eAAgB,SAAQ,cAAc;IAEjD,SAAS,CAAC,aAAa,EAAE,aAAa,CAAC;IAGvC,SAAS,CAAC,YAAY,EAAE,YAAY,CAAC;IAGrC,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC;IAK3C,SAAS,CAAC,qBAAqB,EAAE,MAAM,CAAC;IAI3B,KAAK,CAAS,WAAW,EAAE,YAAY;IAkJvC,MAAM,CAAW,IAAI,EAAE,MAAM;CA0G3C"}