@tekcify/auth-backend 1.0.0 → 1.0.1

package/README.md

@@ -28,9 +28,10 @@ You need the JWT access secret from your Tekcify Auth server. This should match
 
 ```env
 JWT_ACCESS_SECRET=your-jwt-access-secret-here
-AUTH_SERVER_URL=http://localhost:7001
 ```
 
+**Note:** The auth server URL is centralized in `@tekcify/auth-core-client` package as `AUTH_SERVER_URL` (default: `http://localhost:7002`). Functions that communicate with the auth server use this constant automatically.
+
 ## NestJS Integration
 
 ### Step 1: Install Dependencies
@@ -255,7 +256,7 @@ import { introspectToken } from '@tekcify/auth-core-client';
 
 const token = req.headers.authorization?.replace('Bearer ', '');
 
-const result = await introspectToken(process.env.AUTH_SERVER_URL!, {
+const result = await introspectToken({
   token: token!,
   clientId: process.env.CLIENT_ID,
   clientSecret: process.env.CLIENT_SECRET,
@@ -277,10 +278,7 @@ Fetch user information from the auth server:
 ```typescript
 import { fetchUserInfo } from '@tekcify/auth-backend';
 
-const userInfo = await fetchUserInfo(
-  process.env.AUTH_SERVER_URL!,
-  accessToken
-);
+const userInfo = await fetchUserInfo(accessToken);
 
 console.log('Email:', userInfo.email);
 console.log('Name:', userInfo.name);
@@ -426,15 +424,12 @@ verifyAccessToken(token: string, {
 }): VerifiedToken
 ```
 
-#### `fetchUserInfo(authServerUrl, accessToken)`
+#### `fetchUserInfo(accessToken)`
 
-Fetches user information from the auth server.
+Fetches user information from the Tekcify auth server using the centralized `AUTH_SERVER_URL`.
 
 ```typescript
-fetchUserInfo(
-  authServerUrl: string,
-  accessToken: string
-): Promise<UserInfo>
+fetchUserInfo(accessToken: string): Promise<UserInfo>
 ```
 
 ### Types

package/{src/express/index.ts → dist/express/index.d.ts}

@@ -1,2 +1,3 @@
 export { createAuthMiddleware } from './middleware';
 export type { ExpressAuthOptions } from './middleware';
+//# sourceMappingURL=index.d.ts.map

package/dist/express/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,YAAY,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC"}

package/dist/express/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthMiddleware = void 0;
+var middleware_1 = require("./middleware");
+Object.defineProperty(exports, "createAuthMiddleware", { enumerable: true, get: function () { return middleware_1.createAuthMiddleware; } });
+//# sourceMappingURL=index.js.map

package/dist/express/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":";;;AAAA,2CAAoD;AAA3C,kHAAA,oBAAoB,OAAA"}

package/dist/express/middleware.d.ts

@@ -0,0 +1,16 @@
+import type { Request, Response, NextFunction } from 'express';
+import type { VerifyTokenOptions, UserPayload } from '../types';
+export interface ExpressAuthOptions extends VerifyTokenOptions {
+    getUserInfo?: (userId: string) => Promise<{
+        email: string;
+    } | null>;
+}
+declare global {
+    namespace Express {
+        interface Request {
+            user?: UserPayload;
+        }
+    }
+}
+export declare function createAuthMiddleware(options: ExpressAuthOptions): (req: Request, res: Response, next: NextFunction) => Promise<void>;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/express/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/express/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE/D,OAAO,KAAK,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEhE,MAAM,WAAW,kBAAmB,SAAQ,kBAAkB;IAC5D,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;CACrE;AAED,OAAO,CAAC,MAAM,CAAC;IAEb,UAAU,OAAO,CAAC;QAChB,UAAU,OAAO;YACf,IAAI,CAAC,EAAE,WAAW,CAAC;SACpB;KACF;CACF;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,kBAAkB,IAE5D,KAAK,OAAO,EACZ,KAAK,QAAQ,EACb,MAAM,YAAY,KACjB,OAAO,CAAC,IAAI,CAAC,CAsCjB"}

package/dist/express/middleware.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthMiddleware = createAuthMiddleware;
+const verify_1 = require("../verify");
+function createAuthMiddleware(options) {
+    return async (req, res, next) => {
+        const authHeader = req.headers.authorization;
+        if (!authHeader?.startsWith('Bearer ')) {
+            res
+                .status(401)
+                .json({ message: 'Missing or invalid authorization header' });
+            return;
+        }
+        const token = authHeader.substring(7);
+        const verified = (0, verify_1.verifyAccessToken)(token, options);
+        if (!verified.valid) {
+            res.status(401).json({ message: 'Invalid or expired token' });
+            return;
+        }
+        let email = '';
+        if (options.getUserInfo) {
+            const userInfo = await options.getUserInfo(verified.payload.sub);
+            if (!userInfo) {
+                res.status(401).json({ message: 'User not found' });
+                return;
+            }
+            email = userInfo.email;
+        }
+        req.user = {
+            userId: verified.payload.sub,
+            email,
+            scopes: Array.isArray(verified.payload.scopes)
+                ? verified.payload.scopes
+                : [],
+        };
+        next();
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/express/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/express/middleware.ts"],"names":[],"mappings":";;AAiBA,oDA2CC;AA3DD,sCAA8C;AAgB9C,SAAgB,oBAAoB,CAAC,OAA2B;IAC9D,OAAO,KAAK,EACV,GAAY,EACZ,GAAa,EACb,IAAkB,EACH,EAAE;QACjB,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAmC,CAAC;QAEnE,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,GAAG;iBACA,MAAM,CAAC,GAAG,CAAC;iBACX,IAAI,CAAC,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC,CAAC;YAChE,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,QAAQ,GAAG,IAAA,0BAAiB,EAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAEnD,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QAED,IAAI,KAAK,GAAG,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjE,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC,CAAC;gBACpD,OAAO;YACT,CAAC;YACD,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC;QACzB,CAAC;QAED,GAAG,CAAC,IAAI,GAAG;YACT,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG;YAC5B,KAAK;YACL,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;gBAC5C,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM;gBACzB,CAAC,CAAC,EAAE;SACP,CAAC;QAEF,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC"}

package/{src/index.ts → dist/index.d.ts}

@@ -3,3 +3,4 @@ export * from './verify';
 export * from './userinfo';
 export * from './nestjs';
 export * from './express';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,UAAU,CAAC;AACzB,cAAc,YAAY,CAAC;AAC3B,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC"}

package/dist/index.js

@@ -0,0 +1,22 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./types"), exports);
+__exportStar(require("./verify"), exports);
+__exportStar(require("./userinfo"), exports);
+__exportStar(require("./nestjs"), exports);
+__exportStar(require("./express"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwB;AACxB,2CAAyB;AACzB,6CAA2B;AAC3B,2CAAyB;AACzB,4CAA0B"}

package/dist/nestjs/decorator.d.ts

@@ -0,0 +1,2 @@
+export declare const CurrentUser: (...dataOrPipes: unknown[]) => ParameterDecorator;
+//# sourceMappingURL=decorator.d.ts.map

package/dist/nestjs/decorator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decorator.d.ts","sourceRoot":"","sources":["../../src/nestjs/decorator.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,WAAW,mDAOvB,CAAC"}

package/dist/nestjs/decorator.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CurrentUser = void 0;
+const common_1 = require("@nestjs/common");
+exports.CurrentUser = (0, common_1.createParamDecorator)((data, ctx) => {
+    const request = ctx
+        .switchToHttp()
+        .getRequest();
+    return request.user;
+});
+//# sourceMappingURL=decorator.js.map

package/dist/nestjs/decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decorator.js","sourceRoot":"","sources":["../../src/nestjs/decorator.ts"],"names":[],"mappings":";;;AAAA,2CAAwE;AAI3D,QAAA,WAAW,GAAG,IAAA,6BAAoB,EAC7C,CAAC,IAAa,EAAE,GAAqB,EAA2B,EAAE;IAChE,MAAM,OAAO,GAAG,GAAG;SAChB,YAAY,EAAE;SACd,UAAU,EAAoC,CAAC;IAClD,OAAO,OAAO,CAAC,IAAI,CAAC;AACtB,CAAC,CACF,CAAC"}

package/dist/nestjs/guard.d.ts

@@ -0,0 +1,13 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import type { VerifyTokenOptions } from '../types';
+export interface JwtAuthGuardOptions extends VerifyTokenOptions {
+    getUserInfo?: (userId: string) => Promise<{
+        email: string;
+    } | null>;
+}
+export declare class JwtAuthGuard implements CanActivate {
+    private readonly options;
+    constructor(options: JwtAuthGuardOptions);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+}
+//# sourceMappingURL=guard.d.ts.map

package/dist/nestjs/guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../../src/nestjs/guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,WAAW,EACX,gBAAgB,EAEjB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,KAAK,EAAE,kBAAkB,EAAe,MAAM,UAAU,CAAC;AAEhE,MAAM,WAAW,mBAAoB,SAAQ,kBAAkB;IAC7D,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;CACrE;AAED,qBACa,YAAa,YAAW,WAAW;IAClC,OAAO,CAAC,QAAQ,CAAC,OAAO;gBAAP,OAAO,EAAE,mBAAmB;IAEnD,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAsC/D"}

package/dist/nestjs/guard.js

@@ -0,0 +1,56 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtAuthGuard = void 0;
+const common_1 = require("@nestjs/common");
+const verify_1 = require("../verify");
+let JwtAuthGuard = class JwtAuthGuard {
+    options;
+    constructor(options) {
+        this.options = options;
+    }
+    async canActivate(context) {
+        const request = context
+            .switchToHttp()
+            .getRequest();
+        const authHeader = request.headers.authorization;
+        if (!authHeader?.startsWith('Bearer ')) {
+            throw new common_1.UnauthorizedException('Missing or invalid authorization header');
+        }
+        const token = authHeader.substring(7);
+        const verified = (0, verify_1.verifyAccessToken)(token, this.options);
+        if (!verified.valid) {
+            throw new common_1.UnauthorizedException('Invalid or expired token');
+        }
+        let email = '';
+        if (this.options.getUserInfo) {
+            const userInfo = await this.options.getUserInfo(verified.payload.sub);
+            if (!userInfo) {
+                throw new common_1.UnauthorizedException('User not found');
+            }
+            email = userInfo.email;
+        }
+        request.user = {
+            userId: verified.payload.sub,
+            email,
+            scopes: Array.isArray(verified.payload.scopes)
+                ? verified.payload.scopes
+                : [],
+        };
+        return true;
+    }
+};
+exports.JwtAuthGuard = JwtAuthGuard;
+exports.JwtAuthGuard = JwtAuthGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [Object])
+], JwtAuthGuard);
+//# sourceMappingURL=guard.js.map

package/dist/nestjs/guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"guard.js","sourceRoot":"","sources":["../../src/nestjs/guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAKwB;AAExB,sCAA8C;AAQvC,IAAM,YAAY,GAAlB,MAAM,YAAY;IACM;IAA7B,YAA6B,OAA4B;QAA5B,YAAO,GAAP,OAAO,CAAqB;IAAG,CAAC;IAE7D,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,MAAM,OAAO,GAAG,OAAO;aACpB,YAAY,EAAE;aACd,UAAU,EAAoC,CAAC;QAClD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAmC,CAAC;QAEvE,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,8BAAqB,CAC7B,yCAAyC,CAC1C,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,QAAQ,GAAG,IAAA,0BAAiB,EAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAExD,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;YACpB,MAAM,IAAI,8BAAqB,CAAC,0BAA0B,CAAC,CAAC;QAC9D,CAAC;QAED,IAAI,KAAK,GAAG,EAAE,CAAC;QACf,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACtE,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,8BAAqB,CAAC,gBAAgB,CAAC,CAAC;YACpD,CAAC;YACD,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC;QACzB,CAAC;QAED,OAAO,CAAC,IAAI,GAAG;YACb,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG;YAC5B,KAAK;YACL,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;gBAC5C,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM;gBACzB,CAAC,CAAC,EAAE;SACP,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AAzCY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;;GACA,YAAY,CAyCxB"}

package/{src/nestjs/index.ts → dist/nestjs/index.d.ts}

@@ -2,3 +2,4 @@ export { JwtAuthGuard } from './guard';
 export type { JwtAuthGuardOptions } from './guard';
 export { CurrentUser } from './decorator';
 export type { UserPayload } from '../types';
+//# sourceMappingURL=index.d.ts.map

package/dist/nestjs/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nestjs/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,YAAY,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,YAAY,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC"}

package/dist/nestjs/index.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CurrentUser = exports.JwtAuthGuard = void 0;
+var guard_1 = require("./guard");
+Object.defineProperty(exports, "JwtAuthGuard", { enumerable: true, get: function () { return guard_1.JwtAuthGuard; } });
+var decorator_1 = require("./decorator");
+Object.defineProperty(exports, "CurrentUser", { enumerable: true, get: function () { return decorator_1.CurrentUser; } });
+//# sourceMappingURL=index.js.map

package/dist/nestjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nestjs/index.ts"],"names":[],"mappings":";;;AAAA,iCAAuC;AAA9B,qGAAA,YAAY,OAAA;AAErB,yCAA0C;AAAjC,wGAAA,WAAW,OAAA"}

package/dist/types.d.ts

@@ -0,0 +1,22 @@
+export interface TokenPayload {
+    sub: string;
+    type: 'access' | 'refresh' | 'temp';
+    scopes?: string[];
+    clientId?: string;
+    [key: string]: unknown;
+}
+export interface VerifyTokenOptions {
+    secret: string;
+    issuer?: string;
+    audience?: string;
+}
+export interface VerifiedToken {
+    payload: TokenPayload;
+    valid: boolean;
+}
+export interface UserPayload {
+    userId: string;
+    email: string;
+    scopes?: string[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,QAAQ,GAAG,SAAS,GAAG,MAAM,CAAC;IACpC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,YAAY,CAAC;IACtB,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB"}

package/dist/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/dist/userinfo.d.ts

@@ -0,0 +1,9 @@
+import type { UserInfo, IntrospectResult } from '@tekcify/auth-core-client';
+export declare function fetchUserInfo(accessToken: string): Promise<UserInfo>;
+export interface IntrospectTokenOptions {
+    token: string;
+    clientId?: string;
+    clientSecret?: string;
+}
+export declare function introspectAccessToken(options: IntrospectTokenOptions): Promise<IntrospectResult>;
+//# sourceMappingURL=userinfo.d.ts.map

package/dist/userinfo.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"userinfo.d.ts","sourceRoot":"","sources":["../src/userinfo.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAG5E,wBAAsB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAE1E;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,sBAAsB,GAC9B,OAAO,CAAC,gBAAgB,CAAC,CAM3B"}

package/dist/userinfo.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchUserInfo = fetchUserInfo;
+exports.introspectAccessToken = introspectAccessToken;
+const auth_core_client_1 = require("@tekcify/auth-core-client");
+async function fetchUserInfo(accessToken) {
+    return (0, auth_core_client_1.getUserInfo)(accessToken);
+}
+async function introspectAccessToken(options) {
+    return (0, auth_core_client_1.introspectToken)({
+        token: options.token,
+        clientId: options.clientId,
+        clientSecret: options.clientSecret,
+    });
+}
+//# sourceMappingURL=userinfo.js.map

package/dist/userinfo.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"userinfo.js","sourceRoot":"","sources":["../src/userinfo.ts"],"names":[],"mappings":";;AAGA,sCAEC;AAQD,sDAQC;AApBD,gEAAyE;AAElE,KAAK,UAAU,aAAa,CAAC,WAAmB;IACrD,OAAO,IAAA,8BAAW,EAAC,WAAW,CAAC,CAAC;AAClC,CAAC;AAQM,KAAK,UAAU,qBAAqB,CACzC,OAA+B;IAE/B,OAAO,IAAA,kCAAe,EAAC;QACrB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;KACnC,CAAC,CAAC;AACL,CAAC"}

package/dist/verify.d.ts

@@ -0,0 +1,4 @@
+import type { TokenPayload, VerifyTokenOptions, VerifiedToken } from './types';
+export declare function verifyAccessToken(token: string, options: VerifyTokenOptions): VerifiedToken;
+export declare function decodeToken(token: string): TokenPayload | null;
+//# sourceMappingURL=verify.d.ts.map

package/dist/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE/E,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,kBAAkB,GAC1B,aAAa,CAqBf;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI,CAM9D"}

package/dist/verify.js

@@ -0,0 +1,38 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyAccessToken = verifyAccessToken;
+exports.decodeToken = decodeToken;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+function verifyAccessToken(token, options) {
+    try {
+        const decoded = jsonwebtoken_1.default.verify(token, options.secret, {
+            issuer: options.issuer ?? 'tekcify-auth',
+            audience: options.audience ?? 'tekcify-api',
+        });
+        if (decoded.type !== 'access') {
+            return { payload: decoded, valid: false };
+        }
+        return { payload: decoded, valid: true };
+    }
+    catch (error) {
+        if (error instanceof jsonwebtoken_1.default.JsonWebTokenError) {
+            return { payload: {}, valid: false };
+        }
+        if (error instanceof jsonwebtoken_1.default.TokenExpiredError) {
+            return { payload: {}, valid: false };
+        }
+        throw error;
+    }
+}
+function decodeToken(token) {
+    try {
+        return jsonwebtoken_1.default.decode(token);
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=verify.js.map

package/dist/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":";;;;;AAGA,8CAwBC;AAED,kCAMC;AAnCD,gEAA+B;AAG/B,SAAgB,iBAAiB,CAC/B,KAAa,EACb,OAA2B;IAE3B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE;YAChD,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,cAAc;YACxC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,aAAa;SAC5C,CAAiB,CAAC;QAEnB,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;QAC5C,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC3C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,sBAAG,CAAC,iBAAiB,EAAE,CAAC;YAC3C,OAAO,EAAE,OAAO,EAAE,EAAkB,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;QACvD,CAAC;QACD,IAAI,KAAK,YAAY,sBAAG,CAAC,iBAAiB,EAAE,CAAC;YAC3C,OAAO,EAAE,OAAO,EAAE,EAAkB,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;QACvD,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,WAAW,CAAC,KAAa;IACvC,IAAI,CAAC;QACH,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,CAAwB,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tekcify/auth-backend",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Backend authentication helpers for Tekcify Auth. Provides middleware, guards, and utilities for validating JWT tokens and protecting API routes in NestJS and Express applications.",
   "author": "Tekcify",
   "main": "./dist/index.js",
@@ -31,7 +31,7 @@
     }
   },
   "scripts": {
-    "build": "tsc",
+    "build": "tsc -p tsconfig.build.json",
     "clean": "rm -rf dist",
     "lint": "eslint \"src/**/*.ts\" --max-warnings=0",
     "test": "vitest run",
@@ -44,18 +44,22 @@
     "jwt",
     "auth"
   ],
+  "files": [
+    "dist",
+    "README.md"
+  ],
   "license": "MIT",
   "dependencies": {
-    "@tekcify/auth-core-client": "^1.0.0",
-    "jsonwebtoken": "^9.0.2"
+    "@tekcify/auth-core-client": ">=1.0.5",
+    "jsonwebtoken": "^9.0.3"
   },
   "devDependencies": {
-    "@nestjs/common": "^11.0.1",
-    "@nestjs/core": "^11.0.1",
-    "@types/express": "^5.0.0",
+    "@nestjs/common": "^11.1.9",
+    "@nestjs/core": "^11.1.9",
+    "@types/express": "^5.0.6",
     "@types/jsonwebtoken": "^9.0.10",
-    "@types/node": "^22.10.7",
-    "typescript": "^5.7.3",
+    "@types/node": "^24.10.1",
+    "typescript": "^5.9.3",
     "vitest": "^4.0.15"
   },
   "peerDependencies": {
@@ -63,4 +67,3 @@
     "@nestjs/core": "^11.0.0"
   }
 }
-

package/src/__tests__/verify.test.ts

@@ -1,80 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import jwt from 'jsonwebtoken';
-import { verifyAccessToken } from '../verify';
-
-describe('verifyAccessToken', () => {
-  const secret = 'test-secret';
-  const issuer = 'tekcify-auth';
-  const audience = 'tekcify-api';
-
-  it('should verify a valid access token', () => {
-    const payload = {
-      sub: 'user-123',
-      type: 'access',
-      scopes: ['read:profile'],
-    };
-
-    const token = jwt.sign(payload, secret, {
-      issuer,
-      audience,
-      expiresIn: '1h',
-    });
-
-    const result = verifyAccessToken(token, { secret, issuer, audience });
-
-    expect(result.valid).toBe(true);
-    expect(result.payload.sub).toBe('user-123');
-    expect(result.payload.type).toBe('access');
-  });
-
-  it('should reject a refresh token', () => {
-    const payload = {
-      sub: 'user-123',
-      type: 'refresh',
-    };
-
-    const token = jwt.sign(payload, secret, {
-      issuer,
-      audience,
-      expiresIn: '7d',
-    });
-
-    const result = verifyAccessToken(token, { secret, issuer, audience });
-
-    expect(result.valid).toBe(false);
-  });
-
-  it('should reject an expired token', () => {
-    const payload = {
-      sub: 'user-123',
-      type: 'access',
-    };
-
-    const token = jwt.sign(payload, secret, {
-      issuer,
-      audience,
-      expiresIn: '-1h',
-    });
-
-    const result = verifyAccessToken(token, { secret, issuer, audience });
-
-    expect(result.valid).toBe(false);
-  });
-
-  it('should reject a token with wrong secret', () => {
-    const payload = {
-      sub: 'user-123',
-      type: 'access',
-    };
-
-    const token = jwt.sign(payload, 'wrong-secret', {
-      issuer,
-      audience,
-      expiresIn: '1h',
-    });
-
-    const result = verifyAccessToken(token, { secret, issuer, audience });
-
-    expect(result.valid).toBe(false);
-  });
-});

package/src/express/middleware.ts

@@ -1,61 +0,0 @@
-import type { Request, Response, NextFunction } from 'express';
-import { verifyAccessToken } from '../verify';
-import type { VerifyTokenOptions, UserPayload } from '../types';
-
-export interface ExpressAuthOptions extends VerifyTokenOptions {
-  getUserInfo?: (userId: string) => Promise<{ email: string } | null>;
-}
-
-declare global {
-  // eslint-disable-next-line @typescript-eslint/no-namespace
-  namespace Express {
-    interface Request {
-      user?: UserPayload;
-    }
-  }
-}
-
-export function createAuthMiddleware(options: ExpressAuthOptions) {
-  return async (
-    req: Request,
-    res: Response,
-    next: NextFunction,
-  ): Promise<void> => {
-    const authHeader = req.headers.authorization as string | undefined;
-
-    if (!authHeader?.startsWith('Bearer ')) {
-      res
-        .status(401)
-        .json({ message: 'Missing or invalid authorization header' });
-      return;
-    }
-
-    const token = authHeader.substring(7);
-    const verified = verifyAccessToken(token, options);
-
-    if (!verified.valid) {
-      res.status(401).json({ message: 'Invalid or expired token' });
-      return;
-    }
-
-    let email = '';
-    if (options.getUserInfo) {
-      const userInfo = await options.getUserInfo(verified.payload.sub);
-      if (!userInfo) {
-        res.status(401).json({ message: 'User not found' });
-        return;
-      }
-      email = userInfo.email;
-    }
-
-    req.user = {
-      userId: verified.payload.sub,
-      email,
-      scopes: Array.isArray(verified.payload.scopes)
-        ? verified.payload.scopes
-        : [],
-    };
-
-    next();
-  };
-}

package/src/nestjs/decorator.ts

@@ -1,12 +0,0 @@
-import { createParamDecorator, ExecutionContext } from '@nestjs/common';
-import type { Request } from 'express';
-import type { UserPayload } from '../types';
-
-export const CurrentUser = createParamDecorator(
-  (data: unknown, ctx: ExecutionContext): UserPayload | undefined => {
-    const request = ctx
-      .switchToHttp()
-      .getRequest<Request & { user?: UserPayload }>();
-    return request.user;
-  },
-);