@tinyrack/tinyauth-server 0.0.7

package/dist/repositories/jwt-key.repository.js

@@ -0,0 +1,72 @@
+import { EntityRepository } from '@mikro-orm/core';
+import { JwtKeyStatus } from "../entities/jwt-key.entity.js";
+/**
+ * Repository for JWT Key management
+ *
+ * Handles CRUD operations and queries for RSA key pairs
+ * used in JWT signing and verification.
+ */
+export class JwtKeyRepository extends EntityRepository {
+    /**
+     * Get the currently active signing key
+     *
+     * @returns Active key with private_key loaded, or null if none exists
+     */
+    async getActiveKey() {
+        return this.findOne({ status: JwtKeyStatus.ACTIVE }, { populate: ['private_key'] });
+    }
+    /**
+     * Get all keys valid for token verification (active + previous)
+     *
+     * @returns Array of keys that can verify tokens
+     */
+    async getVerificationKeys() {
+        return this.find({
+            status: { $in: [JwtKeyStatus.ACTIVE, JwtKeyStatus.PREVIOUS] },
+        });
+    }
+    /**
+     * Get all keys to expose in JWKS endpoint (public keys only)
+     *
+     * @returns Array of active and previous keys for JWKS
+     */
+    async getPublicKeys() {
+        return this.find({
+            status: { $in: [JwtKeyStatus.ACTIVE, JwtKeyStatus.PREVIOUS] },
+        }, {
+            orderBy: { created_at: 'DESC' },
+        });
+    }
+    /**
+     * Get key by kid for verification
+     *
+     * @param kid - Key ID from JWT header
+     * @returns Key entity or null
+     */
+    async getByKid(kid) {
+        return this.findOne({ kid });
+    }
+    /**
+     * Get the next key waiting to be activated
+     *
+     * @returns Next key or null
+     */
+    async getNextKey() {
+        return this.findOne({ status: JwtKeyStatus.NEXT }, { populate: ['private_key'] });
+    }
+    /**
+     * Get keys that should be retired (past overlap period)
+     *
+     * @param overlapDays - Number of days to keep previous keys
+     * @returns Keys that should be retired
+     */
+    async getKeysToRetire(overlapDays) {
+        const cutoffDate = new Date();
+        cutoffDate.setDate(cutoffDate.getDate() - overlapDays);
+        return this.find({
+            status: JwtKeyStatus.PREVIOUS,
+            deactivated_at: { $lt: cutoffDate },
+        });
+    }
+}
+//# sourceMappingURL=jwt-key.repository.js.map

package/dist/repositories/jwt-key.repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-key.repository.js","sourceRoot":"","sources":["../../src/repositories/jwt-key.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAqB,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAEhF;;;;;GAKG;AACH,MAAM,OAAO,gBAAiB,SAAQ,gBAA8B;IAClE;;;;OAIG;IACH,KAAK,CAAC,YAAY;QAChB,OAAO,IAAI,CAAC,OAAO,CACjB,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,EAC/B,EAAE,QAAQ,EAAE,CAAC,aAAa,CAAC,EAAE,CAC9B,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,mBAAmB;QACvB,OAAO,IAAI,CAAC,IAAI,CAAC;YACf,MAAM,EAAE,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,YAAY,CAAC,QAAQ,CAAC,EAAE;SAC9D,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa;QACjB,OAAO,IAAI,CAAC,IAAI,CACd;YACE,MAAM,EAAE,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,YAAY,CAAC,QAAQ,CAAC,EAAE;SAC9D,EACD;YACE,OAAO,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE;SAChC,CACF,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,QAAQ,CAAC,GAAW;QACxB,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;IAC/B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,UAAU;QACd,OAAO,IAAI,CAAC,OAAO,CACjB,EAAE,MAAM,EAAE,YAAY,CAAC,IAAI,EAAE,EAC7B,EAAE,QAAQ,EAAE,CAAC,aAAa,CAAC,EAAE,CAC9B,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,eAAe,CAAC,WAAmB;QACvC,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QAC9B,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,WAAW,CAAC,CAAC;QAEvD,OAAO,IAAI,CAAC,IAAI,CAAC;YACf,MAAM,EAAE,YAAY,CAAC,QAAQ;YAC7B,cAAc,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/repositories/oauth-client.repository.d.ts

@@ -0,0 +1,5 @@
+import { EntityRepository } from '@mikro-orm/core';
+import type { IOAuthClientEntity } from '../entities/oauth-client.entity.ts';
+export declare class OAuthClientRepository extends EntityRepository<IOAuthClientEntity> {
+}
+//# sourceMappingURL=oauth-client.repository.d.ts.map

package/dist/repositories/oauth-client.repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client.repository.d.ts","sourceRoot":"","sources":["../../src/repositories/oauth-client.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AAE7E,qBAAa,qBAAsB,SAAQ,gBAAgB,CAAC,kBAAkB,CAAC;CAAG"}

package/dist/repositories/oauth-client.repository.js

@@ -0,0 +1,4 @@
+import { EntityRepository } from '@mikro-orm/core';
+export class OAuthClientRepository extends EntityRepository {
+}
+//# sourceMappingURL=oauth-client.repository.js.map

package/dist/repositories/oauth-client.repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client.repository.js","sourceRoot":"","sources":["../../src/repositories/oauth-client.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAGnD,MAAM,OAAO,qBAAsB,SAAQ,gBAAoC;CAAG"}

package/dist/repositories/oauth-code.repository.d.ts

@@ -0,0 +1,19 @@
+import { EntityRepository } from '@mikro-orm/core';
+import type { IOAuthCodeEntity, OAuthCodeChallengeMethods } from '../entities/oauth-code.entity.ts';
+export declare class OAuthCodeRepository extends EntityRepository<IOAuthCodeEntity> {
+    createAuthorizationCode(params: {
+        clientId: string;
+        userSub: string;
+        codeHash: string;
+        redirectUri: string;
+        scope: string[];
+        nonce?: string;
+        codeChallenge?: string;
+        codeChallengeMethod?: OAuthCodeChallengeMethods;
+        expiresInSeconds?: number;
+        /** OIDC: Time when End-User authentication occurred (Unix timestamp) */
+        authTime?: number;
+    }): Promise<IOAuthCodeEntity>;
+    findUnconsumedByClientAndCodeHash(clientId: string, codeHash: string): Promise<IOAuthCodeEntity | null>;
+}
+//# sourceMappingURL=oauth-code.repository.d.ts.map

package/dist/repositories/oauth-code.repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-code.repository.d.ts","sourceRoot":"","sources":["../../src/repositories/oauth-code.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,KAAK,EACV,gBAAgB,EAChB,yBAAyB,EAC1B,MAAM,kCAAkC,CAAC;AAE1C,qBAAa,mBAAoB,SAAQ,gBAAgB,CAAC,gBAAgB,CAAC;IACnE,uBAAuB,CAAC,MAAM,EAAE;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,mBAAmB,CAAC,EAAE,yBAAyB,CAAC;QAChD,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,wEAAwE;QACxE,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAyBvB,iCAAiC,CACrC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;CAOpC"}

package/dist/repositories/oauth-code.repository.js

@@ -0,0 +1,32 @@
+import { EntityRepository } from '@mikro-orm/core';
+export class OAuthCodeRepository extends EntityRepository {
+    async createAuthorizationCode(params) {
+        const expiresInSeconds = params.expiresInSeconds || 600;
+        const expiredAt = new Date(Date.now() + expiresInSeconds * 1000);
+        const entity = this.create({
+            client: params.clientId,
+            user: params.userSub,
+            codeHash: params.codeHash,
+            redirectUri: params.redirectUri,
+            scope: params.scope,
+            nonce: params.nonce || '',
+            codeChallenge: params.codeChallenge || '',
+            codeChallengeMethod: params.codeChallengeMethod || 'S256',
+            expiredAt,
+            // Only include OIDC auth metadata when defined (exactOptionalPropertyTypes)
+            ...(params.authTime !== undefined && {
+                authTime: params.authTime,
+            }),
+        });
+        await this.getEntityManager().persist(entity).flush();
+        return entity;
+    }
+    async findUnconsumedByClientAndCodeHash(clientId, codeHash) {
+        return this.findOne({
+            client: clientId,
+            codeHash,
+            consumedAt: null,
+        });
+    }
+}
+//# sourceMappingURL=oauth-code.repository.js.map

package/dist/repositories/oauth-code.repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-code.repository.js","sourceRoot":"","sources":["../../src/repositories/oauth-code.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAMnD,MAAM,OAAO,mBAAoB,SAAQ,gBAAkC;IACzE,KAAK,CAAC,uBAAuB,CAAC,MAY7B;QACC,MAAM,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,IAAI,GAAG,CAAC;QACxD,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,GAAG,IAAI,CAAC,CAAC;QAEjE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,QAAQ;YACvB,IAAI,EAAE,MAAM,CAAC,OAAO;YACpB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;YACzB,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,EAAE;YACzC,mBAAmB,EAAE,MAAM,CAAC,mBAAmB,IAAI,MAAM;YACzD,SAAS;YACT,4EAA4E;YAC5E,GAAG,CAAC,MAAM,CAAC,QAAQ,KAAK,SAAS,IAAI;gBACnC,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC1B,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC;QAEtD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,iCAAiC,CACrC,QAAgB,EAChB,QAAgB;QAEhB,OAAO,IAAI,CAAC,OAAO,CAAC;YAClB,MAAM,EAAE,QAAQ;YAChB,QAAQ;YACR,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/repositories/password-reset.repository.d.ts

@@ -0,0 +1,19 @@
+import { EntityRepository } from '@mikro-orm/core';
+import type { IPasswordResetEntity } from '../entities/password-reset.entity.ts';
+export declare class PasswordResetRepository extends EntityRepository<IPasswordResetEntity> {
+    /**
+     * Generate and store a new password reset token
+     * Invalidates all previous unused tokens for the user
+     * @returns The created password reset entity with token
+     */
+    generateToken(params: {
+        userSub: string;
+        expiresInHours?: number;
+    }): Promise<IPasswordResetEntity>;
+    /**
+     * Verify a token and mark it as used
+     * @returns The verified entity with user populated, or null if invalid
+     */
+    verifyToken(token: string): Promise<IPasswordResetEntity | null>;
+}
+//# sourceMappingURL=password-reset.repository.d.ts.map

package/dist/repositories/password-reset.repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password-reset.repository.d.ts","sourceRoot":"","sources":["../../src/repositories/password-reset.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAO,MAAM,iBAAiB,CAAC;AACxD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAGjF,qBAAa,uBAAwB,SAAQ,gBAAgB,CAAC,oBAAoB,CAAC;IACjF;;;;OAIG;IACG,aAAa,CAAC,MAAM,EAAE;QAC1B,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IA+BjC;;;OAGG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;CAuBvE"}

package/dist/repositories/password-reset.repository.js

@@ -0,0 +1,53 @@
+import { EntityRepository, ref } from '@mikro-orm/core';
+import { UserEntity } from "../entities/user.entity.js";
+export class PasswordResetRepository extends EntityRepository {
+    /**
+     * Generate and store a new password reset token
+     * Invalidates all previous unused tokens for the user
+     * @returns The created password reset entity with token
+     */
+    async generateToken(params) {
+        // Generate a UUID token for security
+        const token = crypto.randomUUID();
+        // Calculate expiration time (default: 1 hour for security)
+        const expiresInHours = params.expiresInHours || 1;
+        const expiresAt = new Date(Date.now() + expiresInHours * 60 * 60 * 1000);
+        // Invalidate all previous unused tokens for this user
+        const previousTokens = await this.find({
+            user: ref(UserEntity, params.userSub),
+            used: false,
+        });
+        for (const prevToken of previousTokens) {
+            prevToken.expiresAt = new Date(); // Expire immediately
+        }
+        // Create the entity
+        const entity = this.create({
+            user: params.userSub,
+            token,
+            expiresAt,
+        });
+        // Persist to database
+        this.getEntityManager().persist(entity);
+        return entity;
+    }
+    /**
+     * Verify a token and mark it as used
+     * @returns The verified entity with user populated, or null if invalid
+     */
+    async verifyToken(token) {
+        const entity = await this.findOne({ token, used: false }, { populate: ['user'] });
+        if (!entity) {
+            return null;
+        }
+        // Check if expired
+        if (entity.expiresAt < new Date()) {
+            return null;
+        }
+        // Mark as used
+        entity.used = true;
+        entity.usedAt = new Date();
+        await this.getEntityManager().flush();
+        return entity;
+    }
+}
+//# sourceMappingURL=password-reset.repository.js.map

package/dist/repositories/password-reset.repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password-reset.repository.js","sourceRoot":"","sources":["../../src/repositories/password-reset.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAC;AAExD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAExD,MAAM,OAAO,uBAAwB,SAAQ,gBAAsC;IACjF;;;;OAIG;IACH,KAAK,CAAC,aAAa,CAAC,MAGnB;QACC,qCAAqC;QACrC,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAElC,2DAA2D;QAC3D,MAAM,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAEzE,sDAAsD;QACtD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC;YACrC,IAAI,EAAE,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC;YACrC,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC;QAEH,KAAK,MAAM,SAAS,IAAI,cAAc,EAAE,CAAC;YACvC,SAAS,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,CAAC,qBAAqB;QACzD,CAAC;QAED,oBAAoB;QACpB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACzB,IAAI,EAAE,MAAM,CAAC,OAAO;YACpB,KAAK;YACL,SAAS;SACV,CAAC,CAAC;QAEH,sBAAsB;QACtB,IAAI,CAAC,gBAAgB,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAExC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAC/B,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,EACtB,EAAE,QAAQ,EAAE,CAAC,MAAM,CAAC,EAAE,CACvB,CAAC;QAEF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mBAAmB;QACnB,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,eAAe;QACf,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;QACnB,MAAM,CAAC,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QAE3B,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,KAAK,EAAE,CAAC;QAEtC,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/dist/repositories/pending-oauth-registration.repository.d.ts

@@ -0,0 +1,38 @@
+import { EntityRepository } from '@mikro-orm/core';
+import type { IPendingOAuthRegistrationEntity } from '../entities/pending-oauth-registration.entity.ts';
+export interface CreatePendingRegistrationParams {
+    providerId: string;
+    accessToken: string;
+    refreshToken?: string | undefined;
+    expiresIn?: number | undefined;
+    tokenType: string;
+    userInfo: {
+        id: string;
+        email: string;
+        email_verified: boolean;
+        name?: string | undefined;
+        picture?: string | undefined;
+    };
+    returnUrl?: string | undefined;
+    expiresAt: Date;
+}
+export declare class PendingOAuthRegistrationRepository extends EntityRepository<IPendingOAuthRegistrationEntity> {
+    /**
+     * Create a pending registration record and return its lookup token.
+     */
+    createPendingRegistration(params: CreatePendingRegistrationParams): Promise<string>;
+    /**
+     * Find a valid (non-expired) pending registration by its token.
+     * Eagerly loads lazy fields (accessToken, refreshToken).
+     */
+    findValidByToken(token: string): Promise<IPendingOAuthRegistrationEntity | null>;
+    /**
+     * Delete a pending registration record after it has been consumed.
+     */
+    consumeByToken(token: string): Promise<void>;
+    /**
+     * Delete all expired pending registrations.
+     */
+    cleanExpired(cutoffDate: Date): Promise<number>;
+}
+//# sourceMappingURL=pending-oauth-registration.repository.d.ts.map

package/dist/repositories/pending-oauth-registration.repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pending-oauth-registration.repository.d.ts","sourceRoot":"","sources":["../../src/repositories/pending-oauth-registration.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,kDAAkD,CAAC;AAExG,MAAM,WAAW,+BAA+B;IAC9C,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAClC,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE;QACR,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;QACd,cAAc,EAAE,OAAO,CAAC;QACxB,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAC1B,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;KAC9B,CAAC;IACF,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,qBAAa,kCAAmC,SAAQ,gBAAgB,CAAC,+BAA+B,CAAC;IACvG;;OAEG;IACG,yBAAyB,CAC7B,MAAM,EAAE,+BAA+B,GACtC,OAAO,CAAC,MAAM,CAAC;IAqBlB;;;OAGG;IACG,gBAAgB,CACpB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,+BAA+B,GAAG,IAAI,CAAC;IAUlD;;OAEG;IACG,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIlD;;OAEG;IACG,YAAY,CAAC,UAAU,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC;CAKtD"}

package/dist/repositories/pending-oauth-registration.repository.js

@@ -0,0 +1,50 @@
+import { EntityRepository } from '@mikro-orm/core';
+export class PendingOAuthRegistrationRepository extends EntityRepository {
+    /**
+     * Create a pending registration record and return its lookup token.
+     */
+    async createPendingRegistration(params) {
+        const token = crypto.randomUUID();
+        const entity = this.create({
+            token,
+            providerId: params.providerId,
+            accessToken: params.accessToken,
+            refreshToken: params.refreshToken ?? null,
+            expiresIn: params.expiresIn ?? null,
+            tokenType: params.tokenType,
+            userInfo: params.userInfo,
+            returnUrl: params.returnUrl ?? null,
+            expiresAt: params.expiresAt,
+        });
+        this.getEntityManager().persist(entity);
+        await this.getEntityManager().flush();
+        return token;
+    }
+    /**
+     * Find a valid (non-expired) pending registration by its token.
+     * Eagerly loads lazy fields (accessToken, refreshToken).
+     */
+    async findValidByToken(token) {
+        const entity = await this.findOne({ token }, { populate: ['accessToken', 'refreshToken'] });
+        if (!entity)
+            return null;
+        if (entity.expiresAt < new Date())
+            return null;
+        return entity;
+    }
+    /**
+     * Delete a pending registration record after it has been consumed.
+     */
+    async consumeByToken(token) {
+        await this.nativeDelete({ token });
+    }
+    /**
+     * Delete all expired pending registrations.
+     */
+    async cleanExpired(cutoffDate) {
+        return await this.nativeDelete({
+            expiresAt: { $lt: cutoffDate },
+        });
+    }
+}
+//# sourceMappingURL=pending-oauth-registration.repository.js.map

package/dist/repositories/pending-oauth-registration.repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pending-oauth-registration.repository.js","sourceRoot":"","sources":["../../src/repositories/pending-oauth-registration.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAoBnD,MAAM,OAAO,kCAAmC,SAAQ,gBAAiD;IACvG;;OAEG;IACH,KAAK,CAAC,yBAAyB,CAC7B,MAAuC;QAEvC,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAElC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACzB,KAAK;YACL,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,IAAI;YACzC,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,KAAK,EAAE,CAAC;QAEtC,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CACpB,KAAa;QAEb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAC/B,EAAE,KAAK,EAAE,EACT,EAAE,QAAQ,EAAE,CAAC,aAAa,EAAE,cAAc,CAAC,EAAE,CAC9C,CAAC;QACF,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC;QAC/C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,KAAa;QAChC,MAAM,IAAI,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,UAAgB;QACjC,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC;YAC7B,SAAS,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE;SAC/B,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/repositories/revoked-token.repository.d.ts

@@ -0,0 +1,32 @@
+import { EntityRepository } from '@mikro-orm/core';
+import type { IRevokedTokenEntity, TokenType } from '../entities/revoked-token.entity.ts';
+/**
+ * Repository for managing revoked tokens
+ *
+ * Implements OAuth 2.0 Token Revocation (RFC 7009) storage layer.
+ * Supports both individual token revocation and bulk revocation
+ * by user/client combination.
+ */
+export declare class RevokedTokenRepository extends EntityRepository<IRevokedTokenEntity> {
+    /**
+     * Revoke a single token by its JTI
+     *
+     * @param params - Token revocation parameters
+     * @returns The created revoked token entity
+     */
+    revokeToken(params: {
+        jti: string;
+        token_type: TokenType;
+        clientId: string;
+        userSub: string;
+        expires_at: Date;
+    }): Promise<IRevokedTokenEntity>;
+    /**
+     * Check if a token is revoked by its JTI
+     *
+     * @param jti - JWT ID to check
+     * @returns true if the token is revoked
+     */
+    isRevoked(jti: string): Promise<boolean>;
+}
+//# sourceMappingURL=revoked-token.repository.d.ts.map

package/dist/repositories/revoked-token.repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"revoked-token.repository.d.ts","sourceRoot":"","sources":["../../src/repositories/revoked-token.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,KAAK,EACV,mBAAmB,EACnB,SAAS,EACV,MAAM,qCAAqC,CAAC;AAE7C;;;;;;GAMG;AACH,qBAAa,sBAAuB,SAAQ,gBAAgB,CAAC,mBAAmB,CAAC;IAC/E;;;;;OAKG;IACG,WAAW,CAAC,MAAM,EAAE;QACxB,GAAG,EAAE,MAAM,CAAC;QACZ,UAAU,EAAE,SAAS,CAAC;QACtB,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,IAAI,CAAC;KAClB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAmBhC;;;;;OAKG;IACG,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAI/C"}

package/dist/repositories/revoked-token.repository.js

@@ -0,0 +1,43 @@
+import { EntityRepository } from '@mikro-orm/core';
+/**
+ * Repository for managing revoked tokens
+ *
+ * Implements OAuth 2.0 Token Revocation (RFC 7009) storage layer.
+ * Supports both individual token revocation and bulk revocation
+ * by user/client combination.
+ */
+export class RevokedTokenRepository extends EntityRepository {
+    /**
+     * Revoke a single token by its JTI
+     *
+     * @param params - Token revocation parameters
+     * @returns The created revoked token entity
+     */
+    async revokeToken(params) {
+        // Check if already revoked
+        const existing = await this.findOne({ jti: params.jti });
+        if (existing) {
+            return existing;
+        }
+        const entity = this.create({
+            jti: params.jti,
+            token_type: params.token_type,
+            client: params.clientId,
+            user: params.userSub,
+            expires_at: params.expires_at,
+        });
+        await this.getEntityManager().persist(entity).flush();
+        return entity;
+    }
+    /**
+     * Check if a token is revoked by its JTI
+     *
+     * @param jti - JWT ID to check
+     * @returns true if the token is revoked
+     */
+    async isRevoked(jti) {
+        const count = await this.count({ jti });
+        return count > 0;
+    }
+}
+//# sourceMappingURL=revoked-token.repository.js.map

package/dist/repositories/revoked-token.repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"revoked-token.repository.js","sourceRoot":"","sources":["../../src/repositories/revoked-token.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAMnD;;;;;;GAMG;AACH,MAAM,OAAO,sBAAuB,SAAQ,gBAAqC;IAC/E;;;;;OAKG;IACH,KAAK,CAAC,WAAW,CAAC,MAMjB;QACC,2BAA2B;QAC3B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;QACzD,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACzB,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,MAAM,EAAE,MAAM,CAAC,QAAQ;YACvB,IAAI,EAAE,MAAM,CAAC,OAAO;YACpB,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC;QACtD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,SAAS,CAAC,GAAW;QACzB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QACxC,OAAO,KAAK,GAAG,CAAC,CAAC;IACnB,CAAC;CACF"}

package/dist/repositories/terms-content.repository.d.ts

@@ -0,0 +1,5 @@
+import { EntityRepository } from '@mikro-orm/core';
+import type { ITermsContentEntity } from '../entities/terms-content.entity.ts';
+export declare class TermsContentRepository extends EntityRepository<ITermsContentEntity> {
+}
+//# sourceMappingURL=terms-content.repository.d.ts.map

package/dist/repositories/terms-content.repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"terms-content.repository.d.ts","sourceRoot":"","sources":["../../src/repositories/terms-content.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qCAAqC,CAAC;AAE/E,qBAAa,sBAAuB,SAAQ,gBAAgB,CAAC,mBAAmB,CAAC;CAAG"}

package/dist/repositories/terms-content.repository.js

@@ -0,0 +1,4 @@
+import { EntityRepository } from '@mikro-orm/core';
+export class TermsContentRepository extends EntityRepository {
+}
+//# sourceMappingURL=terms-content.repository.js.map

package/dist/repositories/terms-content.repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"terms-content.repository.js","sourceRoot":"","sources":["../../src/repositories/terms-content.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAGnD,MAAM,OAAO,sBAAuB,SAAQ,gBAAqC;CAAG"}

package/dist/repositories/terms.repository.d.ts

@@ -0,0 +1,9 @@
+import { EntityRepository, type Loaded } from '@mikro-orm/core';
+import type { ITermsEntity } from '../entities/terms.entity.ts';
+export declare class TermsRepository extends EntityRepository<ITermsEntity> {
+    /**
+     * Find all global terms with their localized contents
+     */
+    findAllWithContents(): Promise<Loaded<ITermsEntity, 'contents', '*', never>[]>;
+}
+//# sourceMappingURL=terms.repository.d.ts.map

package/dist/repositories/terms.repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"terms.repository.d.ts","sourceRoot":"","sources":["../../src/repositories/terms.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,KAAK,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAEhE,qBAAa,eAAgB,SAAQ,gBAAgB,CAAC,YAAY,CAAC;IACjE;;OAEG;IACG,mBAAmB,IAAI,OAAO,CAClC,MAAM,CAAC,YAAY,EAAE,UAAU,EAAE,GAAG,EAAE,KAAK,CAAC,EAAE,CAC/C;CAKF"}

package/dist/repositories/terms.repository.js

@@ -0,0 +1,12 @@
+import { EntityRepository } from '@mikro-orm/core';
+export class TermsRepository extends EntityRepository {
+    /**
+     * Find all global terms with their localized contents
+     */
+    async findAllWithContents() {
+        return this.findAll({
+            populate: ['contents'],
+        });
+    }
+}
+//# sourceMappingURL=terms.repository.js.map

package/dist/repositories/terms.repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"terms.repository.js","sourceRoot":"","sources":["../../src/repositories/terms.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAe,MAAM,iBAAiB,CAAC;AAGhE,MAAM,OAAO,eAAgB,SAAQ,gBAA8B;IACjE;;OAEG;IACH,KAAK,CAAC,mBAAmB;QAGvB,OAAO,IAAI,CAAC,OAAO,CAAC;YAClB,QAAQ,EAAE,CAAC,UAAU,CAAC;SACvB,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/repositories/user-consent.repository.d.ts

@@ -0,0 +1,22 @@
+import { EntityRepository } from '@mikro-orm/core';
+import type { UserConsentEntity } from '../entities/user-consent.entity.ts';
+export declare class UserConsentRepository extends EntityRepository<UserConsentEntity> {
+    /**
+     * Find active consent for a user and client
+     */
+    findConsent(userSub: string, clientId: string): Promise<UserConsentEntity | null>;
+    /**
+     * Check if user has consented to all requested scopes for a client
+     */
+    hasConsent(userSub: string, clientId: string, requestedScopes: string[]): Promise<boolean>;
+    /**
+     * Grant consent for a user to a client with specific scopes.
+     * If consent already exists, update the scopes (merge with existing).
+     */
+    grantConsent(params: {
+        userSub: string;
+        clientId: string;
+        scopes: string[];
+    }): Promise<UserConsentEntity>;
+}
+//# sourceMappingURL=user-consent.repository.d.ts.map

package/dist/repositories/user-consent.repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-consent.repository.d.ts","sourceRoot":"","sources":["../../src/repositories/user-consent.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAO,MAAM,iBAAiB,CAAC;AAExD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAE5E,qBAAa,qBAAsB,SAAQ,gBAAgB,CAAC,iBAAiB,CAAC;IAC5E;;OAEG;IACG,WAAW,CACf,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAQpC;;OAEG;IACG,UAAU,CACd,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,MAAM,EAAE,GACxB,OAAO,CAAC,OAAO,CAAC;IAQnB;;;OAGG;IACG,YAAY,CAAC,MAAM,EAAE;QACzB,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,EAAE,CAAC;KAClB,GAAG,OAAO,CAAC,iBAAiB,CAAC;CA4B/B"}

package/dist/repositories/user-consent.repository.js

@@ -0,0 +1,51 @@
+import { EntityRepository, ref } from '@mikro-orm/core';
+import { UserEntity } from "../entities/user.entity.js";
+export class UserConsentRepository extends EntityRepository {
+    /**
+     * Find active consent for a user and client
+     */
+    async findConsent(userSub, clientId) {
+        return this.findOne({
+            user: ref(UserEntity, userSub),
+            client: clientId,
+            revoked_at: null,
+        });
+    }
+    /**
+     * Check if user has consented to all requested scopes for a client
+     */
+    async hasConsent(userSub, clientId, requestedScopes) {
+        const consent = await this.findConsent(userSub, clientId);
+        if (!consent) {
+            return false;
+        }
+        return consent.hasScopes(requestedScopes);
+    }
+    /**
+     * Grant consent for a user to a client with specific scopes.
+     * If consent already exists, update the scopes (merge with existing).
+     */
+    async grantConsent(params) {
+        const existingConsent = await this.findConsent(params.userSub, params.clientId);
+        if (existingConsent) {
+            // Merge scopes (add new scopes to existing ones)
+            const mergedScopes = [
+                ...new Set([...existingConsent.scopes, ...params.scopes]),
+            ];
+            existingConsent.scopes = mergedScopes;
+            existingConsent.granted_at = new Date();
+            existingConsent.revoked_at = null;
+            await this.getEntityManager().flush();
+            return existingConsent;
+        }
+        // Create new consent
+        const consent = this.create({
+            user: params.userSub,
+            client: params.clientId,
+            scopes: params.scopes,
+        });
+        await this.getEntityManager().persist(consent).flush();
+        return consent;
+    }
+}
+//# sourceMappingURL=user-consent.repository.js.map

package/dist/repositories/user-consent.repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-consent.repository.js","sourceRoot":"","sources":["../../src/repositories/user-consent.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAGxD,MAAM,OAAO,qBAAsB,SAAQ,gBAAmC;IAC5E;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,OAAe,EACf,QAAgB;QAEhB,OAAO,IAAI,CAAC,OAAO,CAAC;YAClB,IAAI,EAAE,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC;YAC9B,MAAM,EAAE,QAAQ;YAChB,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,OAAe,EACf,QAAgB,EAChB,eAAyB;QAEzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC1D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAC5C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,MAIlB;QACC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,WAAW,CAC5C,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,QAAQ,CAChB,CAAC;QAEF,IAAI,eAAe,EAAE,CAAC;YACpB,iDAAiD;YACjD,MAAM,YAAY,GAAG;gBACnB,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,eAAe,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;aAC1D,CAAC;YACF,eAAe,CAAC,MAAM,GAAG,YAAY,CAAC;YACtC,eAAe,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;YACxC,eAAe,CAAC,UAAU,GAAG,IAAI,CAAC;YAClC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,KAAK,EAAE,CAAC;YACtC,OAAO,eAAe,CAAC;QACzB,CAAC;QAED,qBAAqB;QACrB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;YAC1B,IAAI,EAAE,MAAM,CAAC,OAAO;YACpB,MAAM,EAAE,MAAM,CAAC,QAAQ;YACvB,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC;QACvD,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}

package/dist/repositories/user-oauth.repository.d.ts

@@ -0,0 +1,68 @@
+import { EntityRepository } from '@mikro-orm/core';
+import type { IUserOAuthEntity } from '../entities/user-oauth.entity.ts';
+export declare class UserOAuthRepository extends EntityRepository<IUserOAuthEntity> {
+    /**
+     * Find OAuth account by provider name and provider user ID
+     *
+     * @param providerName - Name of the OAuth provider (e.g., "google", "github")
+     * @param providerUserId - Unique user ID from the OAuth provider
+     * @returns OAuth account entity or null if not found
+     */
+    findByProviderUserId(providerName: string, providerUserId: string): Promise<IUserOAuthEntity | null>;
+    /**
+     * Find OAuth account by provider name and user sub
+     *
+     * @param userSub - User sub
+     * @param providerName - Name of the OAuth provider
+     * @returns OAuth account entity or null if not found
+     */
+    findByUserAndProvider(userSub: string, providerName: string): Promise<IUserOAuthEntity | null>;
+    /**
+     * Find all OAuth accounts linked to a user
+     *
+     * @param userSub - User sub
+     * @returns Array of OAuth account entities
+     */
+    findByUser(userSub: string): Promise<IUserOAuthEntity[]>;
+    /**
+     * Link an OAuth account to a user
+     *
+     * @param params - OAuth account data
+     * @returns Newly created OAuth account entity
+     */
+    linkAccount(params: {
+        userSub: string;
+        providerName: string;
+        providerUserId: string;
+        accessToken: string;
+        refreshToken: string;
+        expiresAt: Date | null;
+    }): Promise<IUserOAuthEntity>;
+    /**
+     * Update tokens for an existing OAuth account
+     *
+     * @param oauthAccount - OAuth account entity to update
+     * @param tokens - New token values
+     */
+    updateTokens(oauthAccount: IUserOAuthEntity, tokens: {
+        accessToken: string;
+        refreshToken: string;
+        expiresAt: Date | null;
+    }): Promise<void>;
+    /**
+     * Unlink an OAuth account from a user
+     *
+     * @param userSub - User sub
+     * @param providerName - Name of the OAuth provider to unlink
+     * @returns True if account was unlinked, false if not found
+     */
+    unlinkAccount(userSub: string, providerName: string): Promise<boolean>;
+    /**
+     * Count the number of OAuth accounts linked to a user
+     *
+     * @param userSub - User sub
+     * @returns Number of linked OAuth accounts
+     */
+    countByUser(userSub: string): Promise<number>;
+}
+//# sourceMappingURL=user-oauth.repository.d.ts.map

package/dist/repositories/user-oauth.repository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-oauth.repository.d.ts","sourceRoot":"","sources":["../../src/repositories/user-oauth.repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAO,MAAM,iBAAiB,CAAC;AAExD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AAEzE,qBAAa,mBAAoB,SAAQ,gBAAgB,CAAC,gBAAgB,CAAC;IACzE;;;;;;OAMG;IACG,oBAAoB,CACxB,YAAY,EAAE,MAAM,EACpB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAOnC;;;;;;OAMG;IACG,qBAAqB,CACzB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAOnC;;;;;OAKG;IACG,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAI9D;;;;;OAKG;IACG,WAAW,CAAC,MAAM,EAAE;QACxB,OAAO,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,cAAc,EAAE,MAAM,CAAC;QACvB,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;KACxB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAc7B;;;;;OAKG;IACG,YAAY,CAChB,YAAY,EAAE,gBAAgB,EAC9B,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;KACxB,GACA,OAAO,CAAC,IAAI,CAAC;IAQhB;;;;;;OAMG;IACG,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAa5E;;;;;OAKG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAGpD"}