@spinajs/rbac-http-user 2.0.470 → 2.0.472

package/lib/cjs/controllers/UserMetadataController.js

@@ -20,29 +20,80 @@ const orm_http_1 = require("@spinajs/orm-http");
 const metadata_dto_js_1 = require("../dto/metadata-dto.js");
 const orm_1 = require("@spinajs/orm");
 const FilterableUserMetadata_js_1 = require("../models/FilterableUserMetadata.js");
+/**
+ * User metadata management.
+ * Provides CRUD operations for key-value metadata entries attached to user accounts.
+ * Admin routes operate on any user (identified by UUID), while own routes operate on the
+ * currently authenticated user's metadata.
+ * @tags User Metadata
+ */
 let UserMetadataController = class UserMetadataController extends http_1.BaseController {
     /**
-     *  SPECIFIC USER FUNCTIONS ( ADMIN FUNCTIONS )
+     * List metadata for a specific user (admin)
+     * Returns a paginated, filtered, and ordered list of metadata entries for the given user.
+     * @security cookieAuth
+     * @param user User UUID path parameter
+     * @param pagination.page Page number (zero-based)
+     * @param pagination.limit Number of entries per page
+     * @param order.column Column to sort by (default: Id)
+     * @param order.order Sort direction: ASC or DESC (default: DESC)
+     * @returns {IUserMetadataEntry[]} Paginated list of metadata entries for the user
+     * @response 401 Unauthorized — valid session required
+     * @response 403 Forbidden — readAny permission required
+     * @response 404 User not found
      */
     async readUserMeta(user, pagination, order, filter) {
         return new http_1.Ok(FilterableUserMetadata_js_1.FilterableUserMetadata.select().where({
             user_id: user.Id
-        }).filter(filter?.filters, filter?.op)
-            .take(pagination?.limit ?? undefined)
-            .skip(pagination?.limit * pagination?.page || 0)
+        }).filter(filter?.filters ?? [], filter?.op)
+            .take(pagination?.limit ?? 0)
+            .skip((pagination?.limit ?? 0) * (pagination?.page ?? 0))
             .order(order?.column ?? 'Id', order?.order ?? orm_1.SortOrder.DESC));
     }
+    /**
+     * Get a single metadata entry for a specific user (admin)
+     * Retrieves one metadata entry by key for the given user.
+     * @security cookieAuth
+     * @param user User UUID path parameter
+     * @param key Metadata key to retrieve
+     * @returns {IUserMetadataEntry} Single metadata entry for the user
+     * @response 401 Unauthorized — valid session required
+     * @response 403 Forbidden — readAny permission required
+     * @response 404 User or metadata key not found
+     */
     async getUserMeta(user, key) {
         return new http_1.Ok(rbac_1.UserMetadata.where({
             Key: key,
             user_id: user.Id
         }).firstOrFail());
     }
+    /**
+     * Add or update metadata for a specific user (admin)
+     * Inserts a new metadata entry for the given user, or updates it if the key already exists.
+     * @security cookieAuth
+     * @param user User UUID path parameter
+     * @response 200 Metadata created or updated successfully
+     * @response 401 Unauthorized — valid session required
+     * @response 403 Forbidden — updateAny permission required
+     * @response 404 User not found
+     */
     async addUserMetadata(user, metadata) {
         metadata.User.attach(user);
         await metadata.insert(orm_1.InsertBehaviour.InsertOrUpdate);
         return new http_1.Ok();
     }
+    /**
+     * Update a metadata entry for a specific user (admin)
+     * Updates Key, Value, and Type of an existing metadata entry identified by Id or Key.
+     * @security cookieAuth
+     * @param _user User UUID path parameter (used for authorization scope)
+     * @param meta Metadata Id or Key to update
+
+     * @response 200 Metadata updated successfully
+     * @response 401 Unauthorized — valid session required
+     * @response 403 Forbidden — updateAny permission required
+     * @response 404 User or metadata entry not found
+     */
     async updateUserMetadata(meta, _user, data) {
         await meta.update({
             Key: data.Key,
@@ -51,6 +102,17 @@ let UserMetadataController = class UserMetadataController extends http_1.BaseCon
         });
         return new http_1.Ok();
     }
+    /**
+     * Delete a metadata entry for a specific user (admin)
+     * Permanently removes a metadata entry by Id from the given user's metadata.
+     * @security cookieAuth
+     * @param user User UUID path parameter
+     * @param meta Metadata Id to delete
+     * @response 200 Metadata deleted successfully
+     * @response 401 Unauthorized — valid session required
+     * @response 403 Forbidden — deleteAny permission required
+     * @response 404 User or metadata entry not found
+     */
     async deleteUserMetadata(user, meta) {
         await rbac_1.UserMetadata.destroy().where({
             Id: meta,
@@ -59,22 +121,72 @@ let UserMetadataController = class UserMetadataController extends http_1.BaseCon
         return new http_1.Ok();
     }
     /**
-     * --------------------------------------------------------------------------
+     * List own metadata
+     * Returns a paginated, filtered, and ordered list of metadata entries for the authenticated user.
+     * @security cookieAuth
+     * @param pagination.page Page number (zero-based)
+     * @param pagination.limit Number of entries per page
+     * @param order.column Column to sort by (default: Id)
+     * @param order.order Sort direction: ASC or DESC (default: DESC)
+     * @returns {IUserMetadataEntry[]} Paginated list of own metadata entries
+     * @response 401 Unauthorized — valid session required
+     * @response 403 Forbidden — readOwn permission required
+     */
+    /**
+     * List own metadata
+     * Returns a paginated, filtered, and ordered list of metadata entries for the authenticated user.
+     * @security cookieAuth
+     * @param pagination.page Page number (zero-based)
+     * @param pagination.limit Number of entries per page
+     * @param order.column Column to sort by (default: Id)
+     * @param order.order Sort direction: ASC or DESC (default: DESC)
+     * @returns {IUserMetadataEntry[]} Paginated list of own metadata entries
+     * @response 401 Unauthorized — valid session required
+     * @response 403 Forbidden — readOwn permission required
      */
     async readMeta(pagination, order, filter) {
-        return new http_1.Ok(FilterableUserMetadata_js_1.FilterableUserMetadata.select().filter(filter?.filters, filter?.op)
-            .take(pagination?.limit ?? undefined)
-            .skip(pagination?.limit * pagination?.page || 0)
+        return new http_1.Ok(FilterableUserMetadata_js_1.FilterableUserMetadata.select().filter(filter?.filters ?? [], filter?.op)
+            .take(pagination?.limit ?? 0)
+            .skip((pagination?.limit ?? 0) * (pagination?.page ?? 0))
             .order(order?.column ?? 'Id', order?.order ?? orm_1.SortOrder.DESC));
     }
+    /**
+     * Get own metadata entry by key
+     * Retrieves a single metadata entry by key for the authenticated user.
+     * @security cookieAuth
+     * @param key Metadata key to retrieve
+     * @returns {IUserMetadataEntry} Single own metadata entry by key
+     * @response 401 Unauthorized — valid session required
+     * @response 403 Forbidden — readOwn permission required
+     * @response 404 Metadata key not found
+     */
     async getMeta(key) {
         return new http_1.Ok(rbac_1.UserMetadata.where({
             Key: key,
         }).firstOrFail());
     }
+    /**
+     * Add or update own metadata
+     * Inserts a new metadata entry for the authenticated user, or updates it if the key already exists.
+     * @security cookieAuth
+     * @response 200 Metadata created or updated successfully
+     * @response 401 Unauthorized — valid session required
+     * @response 403 Forbidden — updateOwn permission required
+     */
     async addMetadata(metadata) {
         await metadata.insert(orm_1.InsertBehaviour.InsertOrUpdate);
     }
+    /**
+     * Update own metadata entry
+     * Updates Key, Value, and Type of an existing metadata entry identified by Id or Key.
+     * @security cookieAuth
+     * @param meta Metadata Id or Key to update
+
+     * @response 200 Metadata updated successfully
+     * @response 401 Unauthorized — valid session required
+     * @response 403 Forbidden — updateOwn permission required
+     * @response 404 Metadata entry not found
+     */
     async updateMetadata(meta, data) {
         await rbac_1.UserMetadata.update({
             Key: data.Key,
@@ -83,6 +195,16 @@ let UserMetadataController = class UserMetadataController extends http_1.BaseCon
         }).where("Key", meta).orWhere("Id", meta);
         return new http_1.Ok();
     }
+    /**
+     * Delete own metadata entry
+     * Permanently removes a metadata entry by Id from the authenticated user's metadata.
+     * @security cookieAuth
+     * @param meta Metadata Id to delete
+     * @response 200 Metadata deleted successfully
+     * @response 401 Unauthorized — valid session required
+     * @response 403 Forbidden — deleteOwn permission required
+     * @response 404 Metadata entry not found
+     */
     async deleteMetadata(meta) {
         await rbac_1.UserMetadata.destroy().where({
             Id: meta

package/lib/cjs/controllers/UserMetadataController.js.map

@@ -1 +1 @@
-{"version":3,"file":"UserMetadataController.js","sourceRoot":"","sources":["../../../src/controllers/UserMetadataController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,wCAAgH;AAChH,wCAAgE;AAChE,kDAA4E;AAC5E,gDAAwG;AACxG,4DAAyD;AACzD,sCAA0D;AAC1D,mFAA6E;AAKtE,IAAM,sBAAsB,GAA5B,MAAM,sBAAuB,SAAQ,qBAAc;IAGtD;;OAEG;IAIU,AAAN,KAAK,CAAC,YAAY,CACc,IAAe,EACzC,UAA0B,EAC1B,KAAgB,EAEzB,MAAuB;QAEvB,OAAO,IAAI,SAAE,CAAC,kDAAsB,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC;YAChD,OAAO,EAAE,IAAI,CAAC,EAAE;SACnB,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,CAAC;aACjC,IAAI,CAAC,UAAU,EAAE,KAAK,IAAI,SAAS,CAAC;aACpC,IAAI,CAAC,UAAU,EAAE,KAAK,GAAG,UAAU,EAAE,IAAI,IAAI,CAAC,CAAC;aAC/C,KAAK,CAAC,KAAK,EAAE,MAAM,IAAI,IAAI,EAAE,KAAK,EAAE,KAAK,IAAI,eAAS,CAAC,IAAI,CAAC,CAChE,CAAC;IACN,CAAC;IAKY,AAAN,KAAK,CAAC,WAAW,CACe,IAAe,EACzC,GAAW;QACpB,OAAO,IAAI,SAAE,CAAC,mBAAY,CAAC,KAAK,CAAC;YAC7B,GAAG,EAAE,GAAG;YACR,OAAO,EAAE,IAAI,CAAC,EAAE;SACnB,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACtB,CAAC;IAIY,AAAN,KAAK,CAAC,eAAe,CACW,IAAe,EACvC,QAAsB;QAEjC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,QAAQ,CAAC,MAAM,CAAC,qBAAe,CAAC,cAAc,CAAC,CAAC;QACtD,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;IAIY,AAAN,KAAK,CAAC,kBAAkB,CAOxB,IAAkB,EACc,KAAgB,EAC3C,IAAqB;QAC7B,MAAM,IAAI,CAAC,MAAM,CAAC;YACd,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;SAClB,CAAC,CAAA;QAEF,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;IAIY,AAAN,KAAK,CAAC,kBAAkB,CACQ,IAAe,EACzC,IAAY;QACrB,MAAM,mBAAY,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC;YAC/B,EAAE,EAAE,IAAI;YACR,OAAO,EAAE,IAAI,CAAC,EAAE;SACnB,CAAC,CAAC;QAEH,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;IAID;;OAEG;IAMU,AAAN,KAAK,CAAC,QAAQ,CACR,UAA0B,EAC1B,KAAgB,EAEzB,MAAuB;QAEvB,OAAO,IAAI,SAAE,CAAC,kDAAsB,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,CAAC;aAC5E,IAAI,CAAC,UAAU,EAAE,KAAK,IAAI,SAAS,CAAC;aACpC,IAAI,CAAC,UAAU,EAAE,KAAK,GAAG,UAAU,EAAE,IAAI,IAAI,CAAC,CAAC;aAC/C,KAAK,CAAC,KAAK,EAAE,MAAM,IAAI,IAAI,EAAE,KAAK,EAAE,KAAK,IAAI,eAAS,CAAC,IAAI,CAAC,CAChE,CAAC;IACN,CAAC;IAIY,AAAN,KAAK,CAAC,OAAO,CAAU,GAAW;QACrC,OAAO,IAAI,SAAE,CAAC,mBAAY,CAAC,KAAK,CAAC;YAC7B,GAAG,EAAE,GAAG;SACX,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACtB,CAAC;IAIY,AAAN,KAAK,CAAC,WAAW,CAAY,QAAsB;QACtD,MAAM,QAAQ,CAAC,MAAM,CAAC,qBAAe,CAAC,cAAc,CAAC,CAAC;IAC1D,CAAC;IAIY,AAAN,KAAK,CAAC,cAAc,CAAU,IAAY,EAAU,IAAqB;QAC5E,MAAM,mBAAY,CAAC,MAAM,CAAC;YACtB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;SAClB,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAE1C,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;IAIY,AAAN,KAAK,CAAC,cAAc,CAAU,IAAY;QAC7C,MAAM,mBAAY,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC;YAC/B,EAAE,EAAE,IAAI;SACX,CAAC,CAAC;QAEH,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;CACJ,CAAA;AA5IY,wDAAsB;AASlB;IAFZ,IAAA,UAAG,EAAC,gBAAgB,CAAC;IACrB,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IAEnB,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,YAAK,GAAE,CAAA;IACP,WAAA,IAAA,YAAK,GAAE,CAAA;IACP,WAAA,IAAA,iBAAM,EAAC,kDAAsB,CAAC,CAAA;;qCAHU,WAAS;QAC5B,wBAAa;QAClB,mBAAQ;;0DAW5B;AAKY;IAFZ,IAAA,UAAG,EAAC,qBAAqB,CAAC;IAC1B,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IAEnB,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,YAAK,GAAE,CAAA;;qCADiC,WAAS;;yDAMrD;AAIY;IAFZ,IAAA,WAAI,EAAC,gBAAgB,CAAC;IACtB,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IAErB,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,kBAAO,GAAE,CAAA;;qCAD+B,WAAS;QAC7B,mBAAY;;6DAKpC;AAIY;IAFZ,IAAA,YAAK,EAAC,uBAAuB,CAAC;IAC9B,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IAErB,WAAA,IAAA,oBAAS,EAAC;QACP,KAAK,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,IAAI;YAC7B,OAAO,IAAI,CAAC,KAAK,CAAC;gBACd,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;YAC/C,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAA;QACnC,CAAC,CAAC;KACL,CAAC,CAAA;IACD,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,WAAI,GAAE,CAAA;;qCAFE,mBAAY;QACqB,WAAS;QACrC,iCAAe;;gEAQhC;AAIY;IAFZ,IAAA,UAAG,EAAC,sBAAsB,CAAC;IAC3B,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IAErB,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,YAAK,GAAE,CAAA;;qCADiC,WAAS;;gEAQrD;AAYY;IAFZ,IAAA,UAAG,EAAC,UAAU,CAAC;IACf,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IAEnB,WAAA,IAAA,YAAK,GAAE,CAAA;IACP,WAAA,IAAA,YAAK,GAAE,CAAA;IACP,WAAA,IAAA,iBAAM,EAAC,kDAAsB,CAAC,CAAA;;qCAFT,wBAAa;QAClB,mBAAQ;;sDAS5B;AAIY;IAFZ,IAAA,UAAG,EAAC,eAAe,CAAC;IACpB,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IACF,WAAA,IAAA,YAAK,GAAE,CAAA;;;;qDAI5B;AAIY;IAFZ,IAAA,WAAI,EAAC,UAAU,CAAC;IAChB,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IACA,WAAA,IAAA,kBAAO,GAAE,CAAA;;qCAAW,mBAAY;;yDAEzD;AAIY;IAFZ,IAAA,YAAK,EAAC,gBAAgB,CAAC;IACvB,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IACG,WAAA,IAAA,YAAK,GAAE,CAAA;IAAgB,WAAA,IAAA,WAAI,GAAE,CAAA;;6CAAO,iCAAe;;4DAQ/E;AAIY;IAFZ,IAAA,UAAG,EAAC,gBAAgB,CAAC;IACrB,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IACG,WAAA,IAAA,YAAK,GAAE,CAAA;;;;4DAMnC;iCA3IQ,sBAAsB;IAHlC,IAAA,eAAQ,EAAC,MAAM,CAAC;IAChB,IAAA,oBAAQ,EAAC,eAAe,CAAC;IACzB,IAAA,aAAM,EAAC,4BAAgB,CAAC;GACZ,sBAAsB,CA4IlC"}
+{"version":3,"file":"UserMetadataController.js","sourceRoot":"","sources":["../../../src/controllers/UserMetadataController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,wCAAgH;AAChH,wCAAgE;AAChE,kDAA4E;AAC5E,gDAAwG;AACxG,4DAAyD;AACzD,sCAA0D;AAC1D,mFAA6E;AAE7E;;;;;;GAMG;AAII,IAAM,sBAAsB,GAA5B,MAAM,sBAAuB,SAAQ,qBAAc;IAEtD;;;;;;;;;;;;;OAaG;IAGU,AAAN,KAAK,CAAC,YAAY,CACc,IAAe,EACzC,UAA0B,EAC1B,KAAgB,EAEzB,MAAuB;QAEvB,OAAO,IAAI,SAAE,CAAC,kDAAsB,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC;YAChD,OAAO,EAAE,IAAI,CAAC,EAAE;SACnB,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,IAAI,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC;aACvC,IAAI,CAAC,UAAU,EAAE,KAAK,IAAI,CAAC,CAAC;aAC5B,IAAI,CAAC,CAAC,UAAU,EAAE,KAAK,IAAI,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC;aACxD,KAAK,CAAC,KAAK,EAAE,MAAM,IAAI,IAAI,EAAE,KAAK,EAAE,KAAK,IAAI,eAAS,CAAC,IAAI,CAAC,CAChE,CAAC;IACN,CAAC;IAGD;;;;;;;;;;OAUG;IAGU,AAAN,KAAK,CAAC,WAAW,CACe,IAAe,EACzC,GAAW;QACpB,OAAO,IAAI,SAAE,CAAC,mBAAY,CAAC,KAAK,CAAC;YAC7B,GAAG,EAAE,GAAG;YACR,OAAO,EAAE,IAAI,CAAC,EAAE;SACnB,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACtB,CAAC;IAED;;;;;;;;;OASG;IAGU,AAAN,KAAK,CAAC,eAAe,CACW,IAAe,EACvC,QAAsB;QAEjC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,QAAQ,CAAC,MAAM,CAAC,qBAAe,CAAC,cAAc,CAAC,CAAC;QACtD,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;IAED;;;;;;;;;;;OAWG;IAGU,AAAN,KAAK,CAAC,kBAAkB,CAOxB,IAAkB,EACc,KAAgB,EAC3C,IAAqB;QAC7B,MAAM,IAAI,CAAC,MAAM,CAAC;YACd,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;SAClB,CAAC,CAAA;QAEF,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;IAED;;;;;;;;;;OAUG;IAGU,AAAN,KAAK,CAAC,kBAAkB,CACQ,IAAe,EACzC,IAAY;QACrB,MAAM,mBAAY,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC;YAC/B,EAAE,EAAE,IAAI;YACR,OAAO,EAAE,IAAI,CAAC,EAAE;SACnB,CAAC,CAAC;QAEH,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;IAED;;;;;;;;;;;OAWG;IAIH;;;;;;;;;;;OAWG;IAGU,AAAN,KAAK,CAAC,QAAQ,CACR,UAA0B,EAC1B,KAAgB,EAEzB,MAAuB;QAEvB,OAAO,IAAI,SAAE,CAAC,kDAAsB,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,IAAI,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC;aAClF,IAAI,CAAC,UAAU,EAAE,KAAK,IAAI,CAAC,CAAC;aAC5B,IAAI,CAAC,CAAC,UAAU,EAAE,KAAK,IAAI,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC;aACxD,KAAK,CAAC,KAAK,EAAE,MAAM,IAAI,IAAI,EAAE,KAAK,EAAE,KAAK,IAAI,eAAS,CAAC,IAAI,CAAC,CAChE,CAAC;IACN,CAAC;IAED;;;;;;;;;OASG;IAGU,AAAN,KAAK,CAAC,OAAO,CAAU,GAAW;QACrC,OAAO,IAAI,SAAE,CAAC,mBAAY,CAAC,KAAK,CAAC;YAC7B,GAAG,EAAE,GAAG;SACX,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACtB,CAAC;IAED;;;;;;;OAOG;IAGU,AAAN,KAAK,CAAC,WAAW,CAAY,QAAsB;QACtD,MAAM,QAAQ,CAAC,MAAM,CAAC,qBAAe,CAAC,cAAc,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;;;;;;OAUG;IAGU,AAAN,KAAK,CAAC,cAAc,CAAU,IAAY,EAAU,IAAqB;QAC5E,MAAM,mBAAY,CAAC,MAAM,CAAC;YACtB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;SAClB,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAE1C,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;IAED;;;;;;;;;OASG;IAGU,AAAN,KAAK,CAAC,cAAc,CAAU,IAAY;QAC7C,MAAM,mBAAY,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC;YAC/B,EAAE,EAAE,IAAI;SACX,CAAC,CAAC;QAEH,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;CACJ,CAAA;AA3PY,wDAAsB;AAkBlB;IAFZ,IAAA,UAAG,EAAC,gBAAgB,CAAC;IACrB,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IAEnB,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,YAAK,GAAE,CAAA;IACP,WAAA,IAAA,YAAK,GAAE,CAAA;IACP,WAAA,IAAA,iBAAM,EAAC,kDAAsB,CAAC,CAAA;;qCAHU,WAAS;QAC5B,wBAAa;QAClB,mBAAQ;;0DAW5B;AAgBY;IAFZ,IAAA,UAAG,EAAC,qBAAqB,CAAC;IAC1B,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IAEnB,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,YAAK,GAAE,CAAA;;qCADiC,WAAS;;yDAMrD;AAcY;IAFZ,IAAA,WAAI,EAAC,gBAAgB,CAAC;IACtB,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IAErB,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,kBAAO,GAAE,CAAA;;qCAD+B,WAAS;QAC7B,mBAAY;;6DAKpC;AAgBY;IAFZ,IAAA,YAAK,EAAC,uBAAuB,CAAC;IAC9B,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IAErB,WAAA,IAAA,oBAAS,EAAC;QACP,KAAK,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,IAAI;YAC7B,OAAO,IAAI,CAAC,KAAK,CAAC;gBACd,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;YAC/C,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAA;QACnC,CAAC,CAAC;KACL,CAAC,CAAA;IACD,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,WAAI,GAAE,CAAA;;qCAFE,mBAAY;QACqB,WAAS;QACrC,iCAAe;;gEAQhC;AAeY;IAFZ,IAAA,UAAG,EAAC,sBAAsB,CAAC;IAC3B,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IAErB,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,YAAK,GAAE,CAAA;;qCADiC,WAAS;;gEAQrD;AA+BY;IAFZ,IAAA,UAAG,EAAC,UAAU,CAAC;IACf,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IAEnB,WAAA,IAAA,YAAK,GAAE,CAAA;IACP,WAAA,IAAA,YAAK,GAAE,CAAA;IACP,WAAA,IAAA,iBAAM,EAAC,kDAAsB,CAAC,CAAA;;qCAFT,wBAAa;QAClB,mBAAQ;;sDAS5B;AAcY;IAFZ,IAAA,UAAG,EAAC,eAAe,CAAC;IACpB,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IACF,WAAA,IAAA,YAAK,GAAE,CAAA;;;;qDAI5B;AAYY;IAFZ,IAAA,WAAI,EAAC,UAAU,CAAC;IAChB,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IACA,WAAA,IAAA,kBAAO,GAAE,CAAA;;qCAAW,mBAAY;;yDAEzD;AAeY;IAFZ,IAAA,YAAK,EAAC,gBAAgB,CAAC;IACvB,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IACG,WAAA,IAAA,YAAK,GAAE,CAAA;IAAgB,WAAA,IAAA,WAAI,GAAE,CAAA;;6CAAO,iCAAe;;4DAQ/E;AAcY;IAFZ,IAAA,UAAG,EAAC,gBAAgB,CAAC;IACrB,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IACG,WAAA,IAAA,YAAK,GAAE,CAAA;;;;4DAMnC;iCA1PQ,sBAAsB;IAHlC,IAAA,eAAQ,EAAC,MAAM,CAAC;IAChB,IAAA,oBAAQ,EAAC,eAAe,CAAC;IACzB,IAAA,aAAM,EAAC,4BAAgB,CAAC;GACZ,sBAAsB,CA2PlC"}

package/lib/cjs/dto/metadata-dto.d.ts

@@ -7,13 +7,16 @@ export declare const MetadataDtoSchema: {
             type: string;
             maxLength: number;
             minLength: number;
+            description: string;
         };
         Value: {
             type: string;
+            description: string;
         };
         Type: {
             type: string;
             enum: string[];
+            description: string;
         };
     };
     required: string[];

package/lib/cjs/dto/metadata-dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"metadata-dto.d.ts","sourceRoot":"","sources":["../../../src/dto/metadata-dto.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;CAU7B,CAAC;AAEF,qBACa,eAAe;IACjB,GAAG,EAAG,MAAM,CAAC;IACb,KAAK,EAAG,MAAM,CAAC;IACf,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;gBACjE,IAAI,EAAE,GAAG;CAGxB"}
+{"version":3,"file":"metadata-dto.d.ts","sourceRoot":"","sources":["../../../src/dto/metadata-dto.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;CAU7B,CAAC;AAEF,qBACa,eAAe;IACjB,GAAG,EAAG,MAAM,CAAC;IACb,KAAK,EAAG,MAAM,CAAC;IACf,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;gBACjE,IAAI,EAAE,GAAG;CAGxB"}

package/lib/cjs/dto/metadata-dto.js

@@ -16,9 +16,9 @@ exports.MetadataDtoSchema = {
     title: 'User metadata DTO',
     type: 'object',
     properties: {
-        Key: { type: 'string', maxLength: 255, minLength: 6 },
-        Value: { type: 'string' },
-        Type: { type: "string", enum: ['number', 'float', 'string', 'json', 'boolean', 'datetime'] }
+        Key: { type: 'string', maxLength: 255, minLength: 6, description: 'Metadata key (dot-notation supported, e.g. user:niceName)' },
+        Value: { type: 'string', description: 'Metadata value stored as a string regardless of Type' },
+        Type: { type: 'string', enum: ['number', 'float', 'string', 'json', 'boolean', 'datetime'], description: 'Declared value type used for serialization/deserialization' },
     },
     required: ['Key', 'Type'],
 };

package/lib/cjs/dto/metadata-dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"metadata-dto.js","sourceRoot":"","sources":["../../../src/dto/metadata-dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAA6C;AAEhC,QAAA,iBAAiB,GAAG;IAC7B,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,mBAAmB;IAC1B,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACR,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,EAAE;QACrD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;QACzB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE;KAC/F;IACD,QAAQ,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC;CAC5B,CAAC;AAGK,IAAM,eAAe,GAArB,MAAM,eAAe;IAIxB,YAAY,IAAS;QACjB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9B,CAAC;CACJ,CAAA;AAPY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAM,EAAC,yBAAiB,CAAC;;GACb,eAAe,CAO3B"}
+{"version":3,"file":"metadata-dto.js","sourceRoot":"","sources":["../../../src/dto/metadata-dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAA6C;AAEhC,QAAA,iBAAiB,GAAG;IAC7B,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,mBAAmB;IAC1B,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACR,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,2DAA2D,EAAE;QAC/H,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sDAAsD,EAAE;QAC9F,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,WAAW,EAAE,4DAA4D,EAAE;KAC1K;IACD,QAAQ,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC;CAC5B,CAAC;AAGK,IAAM,eAAe,GAArB,MAAM,eAAe;IAIxB,YAAY,IAAS;QACjB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9B,CAAC;CACJ,CAAA;AAPY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAM,EAAC,yBAAiB,CAAC;;GACb,eAAe,CAO3B"}

package/lib/cjs/dto/password-dto.d.ts

@@ -7,16 +7,19 @@ export declare const PasswordDtoSchema: {
             type: string;
             maxLength: number;
             minLength: number;
+            description: string;
         };
         Password: {
             type: string;
             maxLength: number;
             minLength: number;
+            description: string;
         };
         ConfirmPassword: {
             type: string;
             maxLength: number;
             minLength: number;
+            description: string;
         };
     };
     required: string[];

package/lib/cjs/dto/password-dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"password-dto.d.ts","sourceRoot":"","sources":["../../../src/dto/password-dto.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;CAU7B,CAAC;AAEF,qBACa,WAAW;IACf,WAAW,EAAE,MAAM,CAAC;IAEpB,QAAQ,EAAE,MAAM,CAAC;IAEjB,eAAe,EAAE,MAAM,CAAC;gBAEnB,IAAI,EAAE,GAAG;CAGtB"}
+{"version":3,"file":"password-dto.d.ts","sourceRoot":"","sources":["../../../src/dto/password-dto.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;CAU7B,CAAC;AAEF,qBACa,WAAW;IACf,WAAW,EAAE,MAAM,CAAC;IAEpB,QAAQ,EAAE,MAAM,CAAC;IAEjB,eAAe,EAAE,MAAM,CAAC;gBAEnB,IAAI,EAAE,GAAG;CAGtB"}

package/lib/cjs/dto/password-dto.js

@@ -16,9 +16,9 @@ exports.PasswordDtoSchema = {
     title: 'User password DTO',
     type: 'object',
     properties: {
-        OldPassword: { type: 'string', maxLength: 32, minLength: 6 },
-        Password: { type: 'string', maxLength: 32, minLength: 6 },
-        ConfirmPassword: { type: 'string', maxLength: 32, minLength: 6 },
+        OldPassword: { type: 'string', maxLength: 32, minLength: 6, description: 'Current password for verification' },
+        Password: { type: 'string', maxLength: 32, minLength: 6, description: 'New password (6–32 characters)' },
+        ConfirmPassword: { type: 'string', maxLength: 32, minLength: 6, description: 'Must match Password' },
     },
     required: ['OldPassword', 'Password', 'ConfirmPassword'],
 };

package/lib/cjs/dto/password-dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"password-dto.js","sourceRoot":"","sources":["../../../src/dto/password-dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAA6C;AAEhC,QAAA,iBAAiB,GAAG;IAC/B,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,mBAAmB;IAC1B,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE;QAC5D,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE;QACzD,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE;KACjE;IACD,QAAQ,EAAE,CAAC,aAAa,EAAE,UAAU,EAAE,iBAAiB,CAAC;CACzD,CAAC;AAGK,IAAM,WAAW,GAAjB,MAAM,WAAW;IAOtB,YAAY,IAAS;QACnB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC;CACF,CAAA;AAVY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAM,EAAC,yBAAiB,CAAC;;GACb,WAAW,CAUvB"}
+{"version":3,"file":"password-dto.js","sourceRoot":"","sources":["../../../src/dto/password-dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAA6C;AAEhC,QAAA,iBAAiB,GAAG;IAC/B,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,mBAAmB;IAC1B,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,mCAAmC,EAAE;QAC9G,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,gCAAgC,EAAE;QACxG,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE;KACrG;IACD,QAAQ,EAAE,CAAC,aAAa,EAAE,UAAU,EAAE,iBAAiB,CAAC;CACzD,CAAC;AAGK,IAAM,WAAW,GAAjB,MAAM,WAAW;IAOtB,YAAY,IAAS;QACnB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC;CACF,CAAA;AAVY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAM,EAAC,yBAAiB,CAAC;;GACb,WAAW,CAUvB"}

package/lib/cjs/dto/token-dto.d.ts

@@ -6,8 +6,10 @@ export declare const TokenDtoSchema: {
         Token: {
             type: string;
             maxLength: number;
+            description: string;
         };
     };
+    required: string[];
 };
 export declare class TokenDto {
     Token: string;

package/lib/cjs/dto/token-dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"token-dto.d.ts","sourceRoot":"","sources":["../../../src/dto/token-dto.ts"],"names":[],"mappings":"AACA,eAAO,MAAM,cAAc;;;;;;;;;;CAO1B,CAAC;AAEF,qBACa,QAAQ;IACZ,KAAK,EAAE,MAAM,CAAC;gBAET,IAAI,EAAE,GAAG;CAGtB"}
+{"version":3,"file":"token-dto.d.ts","sourceRoot":"","sources":["../../../src/dto/token-dto.ts"],"names":[],"mappings":"AACA,eAAO,MAAM,cAAc;;;;;;;;;;;;CAQ1B,CAAC;AAEF,qBACa,QAAQ;IACZ,KAAK,EAAE,MAAM,CAAC;gBAET,IAAI,EAAE,GAAG;CAGtB"}

package/lib/cjs/dto/token-dto.js

@@ -16,8 +16,9 @@ exports.TokenDtoSchema = {
     title: 'Token DTO',
     type: 'object',
     properties: {
-        Token: { type: 'string', maxLength: 64 },
+        Token: { type: 'string', maxLength: 64, description: 'Six-digit TOTP code from the authenticator app' },
     },
+    required: ['Token'],
 };
 let TokenDto = class TokenDto {
     constructor(data) {

package/lib/cjs/dto/token-dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"token-dto.js","sourceRoot":"","sources":["../../../src/dto/token-dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAA6C;AAChC,QAAA,cAAc,GAAG;IAC5B,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,WAAW;IAClB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;KACzC;CACF,CAAC;AAGK,IAAM,QAAQ,GAAd,MAAM,QAAQ;IAGnB,YAAY,IAAS;QACnB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC;CACF,CAAA;AANY,4BAAQ;mBAAR,QAAQ;IADpB,IAAA,mBAAM,EAAC,sBAAc,CAAC;;GACV,QAAQ,CAMpB"}
+{"version":3,"file":"token-dto.js","sourceRoot":"","sources":["../../../src/dto/token-dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAA6C;AAChC,QAAA,cAAc,GAAG;IAC5B,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,WAAW;IAClB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,WAAW,EAAE,gDAAgD,EAAE;KACxG;IACD,QAAQ,EAAE,CAAC,OAAO,CAAC;CACpB,CAAC;AAGK,IAAM,QAAQ,GAAd,MAAM,QAAQ;IAGnB,YAAY,IAAS;QACnB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC;CACF,CAAA;AANY,4BAAQ;mBAAR,QAAQ;IADpB,IAAA,mBAAM,EAAC,sBAAc,CAAC;;GACV,QAAQ,CAMpB"}

package/lib/cjs/dto/userLogin-dto.d.ts

@@ -3,13 +3,15 @@ export declare const UserLoginDtoSchema: {
     title: string;
     type: string;
     properties: {
-        Login: {
+        Email: {
             type: string;
             format: string;
+            description: string;
         };
         Password: {
             type: string;
             maxLength: number;
+            description: string;
         };
     };
     required: string[];

package/lib/cjs/dto/userLogin-dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"userLogin-dto.d.ts","sourceRoot":"","sources":["../../../src/dto/userLogin-dto.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;CAS9B,CAAC;AAEF,qBACa,YAAY;IAChB,KAAK,EAAE,MAAM,CAAC;IAEd,QAAQ,EAAE,MAAM,CAAC;gBAEZ,IAAI,EAAE,GAAG;CAGtB"}
+{"version":3,"file":"userLogin-dto.d.ts","sourceRoot":"","sources":["../../../src/dto/userLogin-dto.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;CAS9B,CAAC;AAEF,qBACa,YAAY;IAChB,KAAK,EAAE,MAAM,CAAC;IAEd,QAAQ,EAAE,MAAM,CAAC;gBAEZ,IAAI,EAAE,GAAG;CAGtB"}

package/lib/cjs/dto/userLogin-dto.js

@@ -16,8 +16,8 @@ exports.UserLoginDtoSchema = {
     title: 'User login DTO',
     type: 'object',
     properties: {
-        Login: { type: 'string', format: 'email' },
-        Password: { type: 'string', maxLength: 32 },
+        Email: { type: 'string', format: 'email', description: 'User email address' },
+        Password: { type: 'string', maxLength: 32, description: 'User password' },
     },
     required: ['Email', 'Password'],
 };

package/lib/cjs/dto/userLogin-dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"userLogin-dto.js","sourceRoot":"","sources":["../../../src/dto/userLogin-dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAA6C;AAEhC,QAAA,kBAAkB,GAAG;IAChC,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,gBAAgB;IACvB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE;QAC1C,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;KAC5C;IACD,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC;CAChC,CAAC;AAGK,IAAM,YAAY,GAAlB,MAAM,YAAY;IAKvB,YAAY,IAAS;QACnB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC;CACF,CAAA;AARY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAM,EAAC,0BAAkB,CAAC;;GACd,YAAY,CAQxB"}
+{"version":3,"file":"userLogin-dto.js","sourceRoot":"","sources":["../../../src/dto/userLogin-dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAA6C;AAEhC,QAAA,kBAAkB,GAAG;IAChC,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,gBAAgB;IACvB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,oBAAoB,EAAE;QAC7E,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE;KAC1E;IACD,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC;CAChC,CAAC;AAGK,IAAM,YAAY,GAAlB,MAAM,YAAY;IAKvB,YAAY,IAAS;QACnB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC;CACF,CAAA;AARY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAM,EAAC,0BAAkB,CAAC;;GACd,YAAY,CAQxB"}

package/lib/mjs/controllers/LoginController.d.ts

@@ -2,7 +2,14 @@ import { UserLoginDto } from '../dto/userLogin-dto.js';
 import { BaseController, Ok, Unauthorized } from '@spinajs/http';
 import { AuthProvider, SessionProvider, AccessControl } from '@spinajs/rbac';
 import { Configuration } from '@spinajs/configuration';
+import { ILoginResponse } from '@spinajs/rbac-http';
 import { User } from '@spinajs/rbac';
+/**
+ * Authentication endpoints.
+ * Handles user login, logout, and current-session inspection.
+ * All session state is maintained via the signed `ssid` cookie.
+ * @tags Authentication
+ */
 export declare class LoginController extends BaseController {
     protected Configuration: Configuration;
     protected AuthProvider: AuthProvider;
@@ -12,8 +19,33 @@ export declare class LoginController extends BaseController {
     protected TwoFactorAuthForceUser: boolean;
     protected SessionCookieConfig: any;
     protected AC: AccessControl;
-    login(logged: User, ssid: string, credentials: UserLoginDto): Promise<Ok | Unauthorized>;
-    logout(ssid: string): Promise<Ok>;
-    whoami(User: User): Promise<Ok>;
+    /**
+     * Login
+     * Authenticates the user with email and password. On success, sets the signed `ssid` session cookie
+     * and returns user data with their RBAC grants. When two-factor authentication is enabled and
+     * configured for the user, the response instead signals that 2FA verification is required.
+     * If the caller already has an active session it is invalidated before creating a new one.
+     * @security []
+     * @returns {ILoginResponse} On full login: IUserWithGrants. On 2FA required: ITwoFactorAuthRequired. On 2FA setup required: ITwoFactorInitRequired
+     * @response 401 Invalid email or password
+     */
+    login(logged: User, ssid: string, credentials: UserLoginDto): Promise<Ok<ILoginResponse> | Unauthorized>;
+    /**
+     * Logout
+     * Destroys the current session identified by the `ssid` cookie and clears the cookie on the client.
+     * Requires the user to be logged in (session exists), but full authorization (2FA) is not required.
+     * @security cookieAuth
+     * @response 401 No active session
+     */
+    logout(ssid: string): Promise<Ok<any>>;
+    /**
+     * Get current user
+     * Returns the user object associated with the current session.
+     * Requires the user to be logged in (session exists), but full authorization (2FA) is not required.
+     * @security cookieAuth
+     * @returns {IUserProfile} User data from the current session
+     * @response 401 No active session
+     */
+    whoami(User: User): Promise<Ok<User>>;
 }
 //# sourceMappingURL=LoginController.d.ts.map

package/lib/mjs/controllers/LoginController.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"LoginController.d.ts","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAwB,EAAE,EAAe,YAAY,EAAU,MAAM,eAAe,CAAC;AAC5G,OAAO,EAAE,YAAY,EAAE,eAAe,EAAsB,aAAa,EAAiB,MAAM,eAAe,CAAC;AAEhH,OAAO,EAA6B,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAGlF,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAGrC,qBACa,eAAgB,SAAQ,cAAc;IAEjD,SAAS,CAAC,aAAa,EAAE,aAAa,CAAC;IAGvC,SAAS,CAAC,YAAY,EAAE,YAAY,CAAC;IAGrC,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC;IAK3C,SAAS,CAAC,qBAAqB,EAAE,MAAM,CAAC;IAKxC,SAAS,CAAC,oBAAoB,EAAE,OAAO,CAAC;IAMxC,SAAS,CAAC,sBAAsB,EAAE,OAAO,CAAC;IAG1C,SAAS,CAAC,mBAAmB,EAAE,GAAG,CAAC;IAGnC,SAAS,CAAC,EAAE,EAAE,aAAa,CAAC;IAGf,KAAK,CAAiB,MAAM,EAAE,IAAI,EAAgB,IAAI,EAAE,MAAM,EAAU,WAAW,EAAE,YAAY;IA8GjG,MAAM,CAAe,IAAI,EAAE,MAAM;IA4BjC,MAAM,CAAiB,IAAI,EAAE,IAAI;CAK/C"}
+{"version":3,"file":"LoginController.d.ts","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAwB,EAAE,EAAe,YAAY,EAAU,MAAM,eAAe,CAAC;AAC5G,OAAO,EAAE,YAAY,EAAE,eAAe,EAAsB,aAAa,EAAiB,MAAM,eAAe,CAAC;AAEhH,OAAO,EAA6B,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAElF,OAAO,EAAsC,cAAc,EAAmB,MAAM,oBAAoB,CAAC;AACzG,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAGrC;;;;;GAKG;AACH,qBACa,eAAgB,SAAQ,cAAc;IAEjD,SAAS,CAAC,aAAa,EAAE,aAAa,CAAC;IAGvC,SAAS,CAAC,YAAY,EAAE,YAAY,CAAC;IAGrC,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC;IAK3C,SAAS,CAAC,qBAAqB,EAAE,MAAM,CAAC;IAKxC,SAAS,CAAC,oBAAoB,EAAE,OAAO,CAAC;IAMxC,SAAS,CAAC,sBAAsB,EAAE,OAAO,CAAC;IAG1C,SAAS,CAAC,mBAAmB,EAAE,GAAG,CAAC;IAGnC,SAAS,CAAC,EAAE,EAAE,aAAa,CAAC;IAE5B;;;;;;;;;OASG;IAEU,KAAK,CAAiB,MAAM,EAAE,IAAI,EAAgB,IAAI,EAAE,MAAM,EAAU,WAAW,EAAE,YAAY,GAAG,OAAO,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,YAAY,CAAC;IAwG3J;;;;;;OAMG;IAGU,MAAM,CAAe,IAAI,EAAE,MAAM;IA0B9C;;;;;;;OAOG;IAGU,MAAM,CAAiB,IAAI,EAAE,IAAI;CAK/C"}

package/lib/mjs/controllers/LoginController.js

@@ -17,7 +17,23 @@ import { Autoinject } from '@spinajs/di';
 import { AutoinjectService, Config, Configuration } from '@spinajs/configuration';
 import { LoggedPolicy, User as UserRouteArg } from '@spinajs/rbac-http';
 import { User } from '@spinajs/rbac';
+/**
+ * Authentication endpoints.
+ * Handles user login, logout, and current-session inspection.
+ * All session state is maintained via the signed `ssid` cookie.
+ * @tags Authentication
+ */
 let LoginController = class LoginController extends BaseController {
+    /**
+     * Login
+     * Authenticates the user with email and password. On success, sets the signed `ssid` session cookie
+     * and returns user data with their RBAC grants. When two-factor authentication is enabled and
+     * configured for the user, the response instead signals that 2FA verification is required.
+     * If the caller already has an active session it is invalidated before creating a new one.
+     * @security []
+     * @returns {ILoginResponse} On full login: IUserWithGrants. On 2FA required: ITwoFactorAuthRequired. On 2FA setup required: ITwoFactorInitRequired
+     * @response 401 Invalid email or password
+     */
     async login(logged, ssid, credentials) {
         try {
             // if logged user is already logged in, delete his session
@@ -42,7 +58,7 @@ let LoginController = class LoginController extends BaseController {
                     },
                 },
             ];
-            let result = {};
+            let result;
             session.Data.set('User', user.Uuid);
             // we have two states for user
             // LOGGED - when user use proper login/password and session is created
@@ -58,9 +74,7 @@ let LoginController = class LoginController extends BaseController {
                 });
                 session.Data.set('Authorized', false);
                 session.Data.set('TwoFactorAuth', true);
-                result = {
-                    TwoFactorInitRequired: true,
-                };
+                result = { TwoFactorInitRequired: true };
             }
             else if (this.TwoFactorAuthEnabled && user.Metadata['2fa:enabled']) {
                 this._log.trace('User logged in, 2fa required', {
@@ -68,19 +82,17 @@ let LoginController = class LoginController extends BaseController {
                 });
                 session.Data.set('Authorized', false);
                 session.Data.set('TwoFactorAuth', true);
-                result = {
-                    TwoFactorAuthRequired: true,
-                };
+                result = { TwoFactorAuthRequired: true };
             }
             else {
                 session.Data.set('Authorized', true);
                 const grants = this.AC.getGrants();
                 const userGrants = user.Role.map(r => _unwindGrants(r, grants));
                 const combinedGrants = Object.assign({}, ...userGrants);
+                // dehydrateWithRelations({ dateTimeFormat: 'iso' }) converts DateTime to ISO strings
+                // at runtime — the ORM types don't reflect the dateTimeFormat option in generics
                 result = {
-                    ...user.dehydrateWithRelations({
-                        dateTimeFormat: "iso"
-                    }),
+                    ...user.dehydrateWithRelations({ dateTimeFormat: "iso" }),
                     Grants: combinedGrants,
                 };
             }
@@ -102,6 +114,13 @@ let LoginController = class LoginController extends BaseController {
             });
         }
     }
+    /**
+     * Logout
+     * Destroys the current session identified by the `ssid` cookie and clears the cookie on the client.
+     * Requires the user to be logged in (session exists), but full authorization (2FA) is not required.
+     * @security cookieAuth
+     * @response 401 No active session
+     */
     async logout(ssid) {
         if (!ssid) {
             return new Ok();
@@ -124,6 +143,14 @@ let LoginController = class LoginController extends BaseController {
             ],
         });
     }
+    /**
+     * Get current user
+     * Returns the user object associated with the current session.
+     * Requires the user to be logged in (session exists), but full authorization (2FA) is not required.
+     * @security cookieAuth
+     * @returns {IUserProfile} User data from the current session
+     * @response 401 No active session
+     */
     async whoami(User) {
         // user is taken from session data
         return new Ok(User);

package/lib/mjs/controllers/LoginController.js.map

@@ -1 +1 @@
-{"version":3,"file":"LoginController.js","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAC5G,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAChH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAElF,OAAO,EAAE,YAAY,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAI9B,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,cAAc;IAiCpC,AAAN,KAAK,CAAC,KAAK,CAAiB,MAAY,EAAgB,IAAY,EAAU,WAAyB;QAC5G,IAAI,CAAC;YAEH,0DAA0D;YAC1D,2BAA2B;YAC3B,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;gBACnB,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;YAClE,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAElC,MAAM,QAAQ,GAAG;gBACf;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,OAAO,CAAC,SAAS;oBACxB,OAAO,EAAE;wBACP,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE,IAAI;wBAEd,4BAA4B;wBAC5B,MAAM,EAAE,IAAI,CAAC,qBAAqB,GAAG,IAAI;wBAEzC,8BAA8B;wBAC9B,2BAA2B;wBAC3B,GAAG,IAAI,CAAC,mBAAmB;qBAC5B;iBACF;aACF,CAAC;YACF,IAAI,MAAM,GAAQ,EAAE,CAAC;YAErB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAEpC,8BAA8B;YAC9B,sEAAsE;YACtE,+EAA+E;YAC/E,yDAAyD;YACzD,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;YAEzB,gDAAgD;YAChD,OAAO,CAAC,MAAM,EAAE,CAAC;YAIjB,IAAI,IAAI,CAAC,sBAAsB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACjE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,mCAAmC,EAAE;oBACnD,IAAI,EAAE,IAAI,CAAC,IAAI;iBAChB,CAAC,CAAC;gBAEH,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;gBAExC,MAAM,GAAG;oBACP,qBAAqB,EAAE,IAAI;iBAC5B,CAAC;YACJ,CAAC;iBACI,IAAI,IAAI,CAAC,oBAAoB,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBAEnE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,8BAA8B,EAAE;oBAC9C,IAAI,EAAE,IAAI,CAAC,IAAI;iBAChB,CAAC,CAAC;gBAEH,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;gBAExC,MAAM,GAAG;oBACP,qBAAqB,EAAE,IAAI;iBAC5B,CAAC;YACJ,CAAC;iBAAM,CAAC;gBAEN,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;gBAErC,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;gBACnC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;gBAChE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC;gBAExD,MAAM,GAAG;oBACP,GAAG,IAAI,CAAC,sBAAsB,CAAC;wBAC7B,cAAc,EAAE,KAAK;qBACtB,CAAC;oBACF,MAAM,EAAE,cAAc;iBACvB,CAAC;YACJ,CAAC;YAGD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,iCAAiC,EAAE;gBACjD,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEzC,OAAO,IAAI,EAAE,CAAC,MAAM,EAAE;gBACpB,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;QAEL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAErB,OAAO,IAAI,YAAY,CAAC;gBACtB,KAAK,EAAE;oBACL,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,6BAA6B;iBACvC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAIY,AAAN,KAAK,CAAC,MAAM,CAAe,IAAY;QAC5C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,EAAE,EAAE,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAExC,gDAAgD;QAChD,OAAO,IAAI,EAAE,CAAC,IAAI,EAAE;YAClB,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,EAAE;oBACT,OAAO,EAAE;wBACP,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,CAAC;wBAET,8BAA8B;wBAC9B,2BAA2B;wBAC3B,GAAG,IAAI,CAAC,mBAAmB;qBAC5B;iBACF;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAIY,AAAN,KAAK,CAAC,MAAM,CAAiB,IAAU;QAE5C,kCAAkC;QAClC,OAAO,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;CACF,CAAA;AA9KW;IADT,UAAU,EAAE;8BACY,aAAa;sDAAC;AAG7B;IADT,iBAAiB,CAAC,WAAW,CAAC;8BACP,YAAY;qDAAC;AAG3B;IADT,iBAAiB,CAAC,cAAc,CAAC;8BACP,eAAe;wDAAC;AAKjC;IAHT,MAAM,CAAC,yBAAyB,EAAE;QACjC,YAAY,EAAE,GAAG;KAClB,CAAC;;8DACsC;AAK9B;IAHT,MAAM,CAAC,4BAA4B,EAAE;QACpC,YAAY,EAAE,KAAK;KACpB,CAAC;;6DACsC;AAM9B;IAHT,MAAM,CAAC,8BAA8B,EAAE;QACtC,YAAY,EAAE,KAAK;KACpB,CAAC;;+DACwC;AAGhC;IADT,MAAM,CAAC,qBAAqB,EAAE,EAAE,CAAC;;4DACC;AAGzB;IADT,UAAU,CAAC,aAAa,CAAC;8BACZ,aAAa;2CAAC;AAGf;IADZ,IAAI,EAAE;IACa,WAAA,YAAY,EAAE,CAAA;IAAgB,WAAA,MAAM,CAAC,IAAI,CAAC,CAAA;IAAgB,WAAA,IAAI,EAAE,CAAA;;qCAAzC,IAAI,UAAmD,YAAY;;4CA0G7G;AAIY;IAFZ,GAAG,EAAE;IACL,MAAM,CAAC,YAAY,CAAC;IACA,WAAA,MAAM,CAAC,IAAI,CAAC,CAAA;;;;6CAwBhC;AAIY;IAFZ,GAAG,EAAE;IACL,MAAM,CAAC,YAAY,CAAC;IACA,WAAA,YAAY,EAAE,CAAA;;qCAAO,IAAI;;6CAI7C;AA/KU,eAAe;IAD3B,QAAQ,CAAC,MAAM,CAAC;GACJ,eAAe,CAgL3B"}
+{"version":3,"file":"LoginController.js","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAC5G,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAChH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAElF,OAAO,EAAE,YAAY,EAAE,IAAI,IAAI,YAAY,EAAmC,MAAM,oBAAoB,CAAC;AACzG,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAGrC;;;;;GAKG;AAEI,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,cAAc;IAgCjD;;;;;;;;;OASG;IAEU,AAAN,KAAK,CAAC,KAAK,CAAiB,MAAY,EAAgB,IAAY,EAAU,WAAyB;QAC5G,IAAI,CAAC;YAEH,0DAA0D;YAC1D,2BAA2B;YAC3B,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;gBACnB,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;YAClE,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAElC,MAAM,QAAQ,GAAG;gBACf;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,OAAO,CAAC,SAAS;oBACxB,OAAO,EAAE;wBACP,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE,IAAI;wBAEd,4BAA4B;wBAC5B,MAAM,EAAE,IAAI,CAAC,qBAAqB,GAAG,IAAI;wBAEzC,8BAA8B;wBAC9B,2BAA2B;wBAC3B,GAAG,IAAI,CAAC,mBAAmB;qBAC5B;iBACF;aACF,CAAC;YACF,IAAI,MAAsB,CAAC;YAE3B,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAEpC,8BAA8B;YAC9B,sEAAsE;YACtE,+EAA+E;YAC/E,yDAAyD;YACzD,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;YAEzB,gDAAgD;YAChD,OAAO,CAAC,MAAM,EAAE,CAAC;YAIjB,IAAI,IAAI,CAAC,sBAAsB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACjE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,mCAAmC,EAAE;oBACnD,IAAI,EAAE,IAAI,CAAC,IAAI;iBAChB,CAAC,CAAC;gBAEH,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;gBAExC,MAAM,GAAG,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC;YAC3C,CAAC;iBACI,IAAI,IAAI,CAAC,oBAAoB,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBAEnE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,8BAA8B,EAAE;oBAC9C,IAAI,EAAE,IAAI,CAAC,IAAI;iBAChB,CAAC,CAAC;gBAEH,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;gBAExC,MAAM,GAAG,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC;YAC3C,CAAC;iBAAM,CAAC;gBAEN,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;gBAErC,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;gBACnC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;gBAChE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC;gBAExD,qFAAqF;gBACrF,iFAAiF;gBACjF,MAAM,GAAG;oBACP,GAAG,IAAI,CAAC,sBAAsB,CAAC,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC;oBACzD,MAAM,EAAE,cAAc;iBACO,CAAC;YAClC,CAAC;YAGD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,iCAAiC,EAAE;gBACjD,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEzC,OAAO,IAAI,EAAE,CAAC,MAAM,EAAE;gBACpB,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;QAEL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAErB,OAAO,IAAI,YAAY,CAAC;gBACtB,KAAK,EAAE;oBACL,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,6BAA6B;iBACvC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IAGU,AAAN,KAAK,CAAC,MAAM,CAAe,IAAY;QAC5C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,EAAE,EAAE,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAExC,gDAAgD;QAChD,OAAO,IAAI,EAAE,CAAC,IAAI,EAAE;YAClB,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,EAAE;oBACT,OAAO,EAAE;wBACP,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,CAAC;wBAET,8BAA8B;wBAC9B,2BAA2B;wBAC3B,GAAG,IAAI,CAAC,mBAAmB;qBAC5B;iBACF;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IAGU,AAAN,KAAK,CAAC,MAAM,CAAiB,IAAU;QAE5C,kCAAkC;QAClC,OAAO,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;CACF,CAAA;AAnMW;IADT,UAAU,EAAE;8BACY,aAAa;sDAAC;AAG7B;IADT,iBAAiB,CAAC,WAAW,CAAC;8BACP,YAAY;qDAAC;AAG3B;IADT,iBAAiB,CAAC,cAAc,CAAC;8BACP,eAAe;wDAAC;AAKjC;IAHT,MAAM,CAAC,yBAAyB,EAAE;QACjC,YAAY,EAAE,GAAG;KAClB,CAAC;;8DACsC;AAK9B;IAHT,MAAM,CAAC,4BAA4B,EAAE;QACpC,YAAY,EAAE,KAAK;KACpB,CAAC;;6DACsC;AAM9B;IAHT,MAAM,CAAC,8BAA8B,EAAE;QACtC,YAAY,EAAE,KAAK;KACpB,CAAC;;+DACwC;AAGhC;IADT,MAAM,CAAC,qBAAqB,EAAE,EAAE,CAAC;;4DACC;AAGzB;IADT,UAAU,CAAC,aAAa,CAAC;8BACZ,aAAa;2CAAC;AAaf;IADZ,IAAI,EAAE;IACa,WAAA,YAAY,EAAE,CAAA;IAAgB,WAAA,MAAM,CAAC,IAAI,CAAC,CAAA;IAAgB,WAAA,IAAI,EAAE,CAAA;;qCAAzC,IAAI,UAAmD,YAAY;;4CAsG7G;AAWY;IAFZ,GAAG,EAAE;IACL,MAAM,CAAC,YAAY,CAAC;IACA,WAAA,MAAM,CAAC,IAAI,CAAC,CAAA;;;;6CAwBhC;AAYY;IAFZ,GAAG,EAAE;IACL,MAAM,CAAC,YAAY,CAAC;IACA,WAAA,YAAY,EAAE,CAAA;;qCAAO,IAAI;;6CAI7C;AApMU,eAAe;IAD3B,QAAQ,CAAC,MAAM,CAAC;GACJ,eAAe,CAqM3B"}

package/lib/mjs/controllers/TwoFactorAuthController.d.ts

@@ -2,12 +2,48 @@ import { TokenDto } from './../dto/token-dto.js';
 import { BaseController, Ok, ForbiddenResponse } from '@spinajs/http';
 import { ISession, SessionProvider, User as UserModel, AccessControl } from '@spinajs/rbac';
 import { QueueService } from '@spinajs/queue';
+import { IEnable2faResponse, IUserWithGrants } from "@spinajs/rbac-http";
+/**
+ * Two-factor authentication (TOTP) management.
+ * Enables, disables, and verifies TOTP-based two-factor authentication for users.
+ * All routes are only available when 2FA is enabled in the system configuration.
+ * The caller must be logged in but does NOT need to be fully authorized (2FA verified),
+ * allowing these routes to be used during the 2FA verification step itself.
+ * @tags Two-Factor Authentication
+ */
 export declare class TwoFactorAuthController extends BaseController {
     protected Queue: QueueService;
     protected SessionProvider: SessionProvider;
     protected AC: AccessControl;
-    enable2fa(user: UserModel): Promise<Ok>;
-    disable2Fa(user: UserModel): Promise<Ok>;
-    verifyToken(logged: UserModel, token: TokenDto, session: ISession): Promise<Ok | ForbiddenResponse>;
+    /**
+     * Enable two-factor authentication
+     * Generates a TOTP secret for the authenticated user and returns the OTP provisioning URI
+     * to be scanned by an authenticator app. Throws if 2FA is already enabled for the user.
+     * @security cookieAuth
+     * @returns {IEnable2faResponse} OTP provisioning URI to scan with an authenticator app
+     * @response 400 Two-factor authentication is already enabled for this user
+     * @response 401 Unauthorized — valid session required
+     */
+    enable2fa(user: UserModel): Promise<Ok<IEnable2faResponse>>;
+    /**
+     * Disable two-factor authentication
+     * Removes the TOTP secret and disables 2FA for the authenticated user.
+     * Throws if 2FA is not currently enabled for the user.
+     * @security cookieAuth
+     * @response 200 Two-factor authentication disabled successfully
+     * @response 400 Two-factor authentication is not enabled for this user
+     * @response 401 Unauthorized — valid session required
+     */
+    disable2Fa(user: UserModel): Promise<Ok<any>>;
+    /**
+     * Verify TOTP token
+     * Validates the provided TOTP token against the user's 2FA secret. On success, marks the session
+     * as fully authorized and returns the user profile with RBAC grants — identical to a full login response.
+     * @security cookieAuth
+     * @returns {IUserWithGrants} User profile merged with RBAC grants on successful 2FA verification
+     * @response 403 Invalid or expired TOTP token
+     * @response 401 Unauthorized — valid session required
+     */
+    verifyToken(logged: UserModel, token: TokenDto, session: ISession): Promise<Ok<IUserWithGrants> | ForbiddenResponse>;
 }
 //# sourceMappingURL=TwoFactorAuthController.d.ts.map

package/lib/mjs/controllers/TwoFactorAuthController.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"TwoFactorAuthController.d.ts","sourceRoot":"","sources":["../../../src/controllers/TwoFactorAuthController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAY,EAAE,EAAa,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAC3F,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,IAAI,SAAS,EAAyC,aAAa,EAAE,MAAM,eAAe,CAAC;AAOnI,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAO9C,qBAGa,uBAAwB,SAAQ,cAAc;IAEvD,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC;IAG9B,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC;IAG3C,SAAS,CAAC,EAAE,EAAE,aAAa,CAAC;IAGf,SAAS,CAAS,IAAI,EAAE,SAAS;IAajC,UAAU,CAAS,IAAI,EAAE,SAAS;IAUlC,WAAW,CAAS,MAAM,EAAE,SAAS,EAAU,KAAK,EAAE,QAAQ,EAAa,OAAO,EAAE,QAAQ;CA4C5G"}
+{"version":3,"file":"TwoFactorAuthController.d.ts","sourceRoot":"","sources":["../../../src/controllers/TwoFactorAuthController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAY,EAAE,EAAa,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAC3F,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,IAAI,SAAS,EAAyC,aAAa,EAAE,MAAM,eAAe,CAAC;AAOnI,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,OAAO,EAA6B,kBAAkB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAKpG;;;;;;;GAOG;AACH,qBAGa,uBAAwB,SAAQ,cAAc;IAEvD,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC;IAG9B,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC;IAG3C,SAAS,CAAC,EAAE,EAAE,aAAa,CAAC;IAE5B;;;;;;;;OAQG;IAEU,SAAS,CAAS,IAAI,EAAE,SAAS,GAAG,OAAO,CAAC,EAAE,CAAC,kBAAkB,CAAC,CAAC;IAYhF;;;;;;;;OAQG;IAEU,UAAU,CAAS,IAAI,EAAE,SAAS;IAS/C;;;;;;;;OAQG;IAEU,WAAW,CAAS,MAAM,EAAE,SAAS,EAAU,KAAK,EAAE,QAAQ,EAAa,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,EAAE,CAAC,eAAe,CAAC,GAAG,iBAAiB,CAAC;CA4C/J"}