@tinyrack/tinyauth-server 0.0.7

package/dist/services/terms.service.d.ts

@@ -0,0 +1,131 @@
+import type { Loaded } from '@mikro-orm/core';
+import type { ITermsEntity } from '../entities/terms.entity.ts';
+import type { UserTermsConsentEntity } from '../entities/user-terms-consent.entity.ts';
+import type { MikroService } from './mikro.service.ts';
+/**
+ * Loaded terms type alias for readability
+ */
+type LoadedTerms = Loaded<ITermsEntity, 'contents', '*', never>;
+/**
+ * User consent status for a specific term
+ */
+export interface TermsUserConsent {
+    agreed: boolean;
+    agreedVersion: string | null;
+    agreedAt: Date | null;
+    consentType: 'explicit' | 'implicit' | null;
+    requiresUpdate: boolean;
+}
+/**
+ * Content type for terms content
+ */
+export type TermsContentType = 'link' | 'text';
+/**
+ * Localized term content for a specific language
+ */
+export interface LocalizedTermContent {
+    title: string;
+    type: TermsContentType;
+    content: string;
+}
+/**
+ * Term item localized to a specific language
+ */
+export interface LocalizedTermItem {
+    id: string;
+    required: boolean;
+    consentMode: 'explicit' | 'implicit';
+    version: string;
+    title: string;
+    type: TermsContentType;
+    content: string;
+    userConsent: TermsUserConsent | null;
+}
+export declare class TermsService {
+    private readonly mikro;
+    constructor(mikro: MikroService);
+    /**
+     * Get all global terms from database
+     */
+    getGlobalTerms(): Promise<LoadedTerms[]>;
+    /**
+     * Get localized content for a term from its contents collection
+     */
+    getLocalizedContent(term: LoadedTerms, lang: string): LocalizedTermContent | null;
+    /**
+     * Get global terms with user consent status
+     */
+    getGlobalTermsWithConsent(userId: string | null, lang: string): Promise<LocalizedTermItem[]>;
+    /**
+     * Extract pending required term IDs from already-loaded
+     * localized terms. Use this instead of getPendingRequiredTerms
+     * when you already have the result of getGlobalTermsWithConsent.
+     */
+    getPendingFromLocalizedTerms(terms: LocalizedTermItem[]): string[];
+    /**
+     * Check if user needs to consent to any required terms
+     * Returns list of term IDs that need consent
+     */
+    getPendingRequiredTerms(userId: string): Promise<string[]>;
+    /**
+     * Record consent for multiple terms.
+     * Accepts optional pre-loaded terms to avoid redundant DB queries.
+     */
+    recordConsents(params: {
+        userSub: string;
+        consents: Array<{
+            termsId: string;
+            agreed: boolean;
+            consentType?: 'explicit' | 'implicit' | undefined;
+        }>;
+        terms?: LoadedTerms[];
+    }): Promise<UserTermsConsentEntity[]>;
+    /**
+     * Record implicit consent for terms with implicit consent mode.
+     * Used during signup for terms that don't require explicit user
+     * action. Accepts optional pre-loaded terms to avoid redundant
+     * DB queries.
+     */
+    recordImplicitConsents(params: {
+        userSub: string;
+        terms?: LoadedTerms[];
+    }): Promise<UserTermsConsentEntity[]>;
+    /**
+     * Get terms that require explicit consent (checkbox).
+     * Accepts optional pre-loaded terms to avoid redundant DB
+     * queries.
+     */
+    getExplicitTerms(terms?: LoadedTerms[]): Promise<LoadedTerms[]>;
+    /**
+     * Validate that all required explicit terms have been agreed to.
+     * (implicit terms are auto-agreed, so they don't need validation)
+     * Accepts optional pre-loaded terms to avoid redundant DB
+     * queries.
+     */
+    validateExplicitConsents(consents: Array<{
+        termsId: string;
+        agreed: boolean;
+    }>, terms?: LoadedTerms[]): Promise<{
+        valid: boolean;
+        missingTerms: string[];
+    }>;
+    /**
+     * Validate explicit consents, then record all consents
+     * (explicit + implicit) in a single flow. Loads terms only once.
+     */
+    validateAndRecordConsents(params: {
+        userSub: string;
+        consents: Array<{
+            termsId: string;
+            agreed: boolean;
+        }>;
+    }): Promise<{
+        validation: {
+            valid: boolean;
+            missingTerms: string[];
+        };
+        records: UserTermsConsentEntity[];
+    }>;
+}
+export {};
+//# sourceMappingURL=terms.service.d.ts.map

package/dist/services/terms.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"terms.service.d.ts","sourceRoot":"","sources":["../../src/services/terms.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,0CAA0C,CAAC;AACvF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEvD;;GAEG;AACH,KAAK,WAAW,GAAG,MAAM,CAAC,YAAY,EAAE,UAAU,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;AAEhE;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,OAAO,CAAC;IAChB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,QAAQ,EAAE,IAAI,GAAG,IAAI,CAAC;IACtB,WAAW,EAAE,UAAU,GAAG,UAAU,GAAG,IAAI,CAAC;IAC5C,cAAc,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,MAAM,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,gBAAgB,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,UAAU,GAAG,UAAU,CAAC;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,gBAAgB,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,gBAAgB,GAAG,IAAI,CAAC;CACtC;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAe;gBAClB,KAAK,EAAE,YAAY;IAItC;;OAEG;IACU,cAAc,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IAIrD;;OAEG;IACI,mBAAmB,CACxB,IAAI,EAAE,WAAW,EACjB,IAAI,EAAE,MAAM,GACX,oBAAoB,GAAG,IAAI;IAiB9B;;OAEG;IACU,yBAAyB,CACpC,MAAM,EAAE,MAAM,GAAG,IAAI,EACrB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAqC/B;;;;OAIG;IACI,4BAA4B,CAAC,KAAK,EAAE,iBAAiB,EAAE,GAAG,MAAM,EAAE;IAQzE;;;OAGG;IACU,uBAAuB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA2BvE;;;OAGG;IACU,cAAc,CAAC,MAAM,EAAE;QAClC,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,KAAK,CAAC;YACd,OAAO,EAAE,MAAM,CAAC;YAChB,MAAM,EAAE,OAAO,CAAC;YAChB,WAAW,CAAC,EAAE,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;SACnD,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC;KACvB,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;IA6BrC;;;;;OAKG;IACU,sBAAsB,CAAC,MAAM,EAAE;QAC1C,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC;KACvB,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;IAqBrC;;;;OAIG;IACU,gBAAgB,CAAC,KAAK,CAAC,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAK5E;;;;;OAKG;IACU,wBAAwB,CACnC,QAAQ,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,OAAO,CAAA;KAAE,CAAC,EACrD,KAAK,CAAC,EAAE,WAAW,EAAE,GACpB,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,YAAY,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAuBtD;;;OAGG;IACU,yBAAyB,CAAC,MAAM,EAAE;QAC7C,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,KAAK,CAAC;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,OAAO,CAAA;SAAE,CAAC,CAAC;KACvD,GAAG,OAAO,CAAC;QACV,UAAU,EAAE;YAAE,KAAK,EAAE,OAAO,CAAC;YAAC,YAAY,EAAE,MAAM,EAAE,CAAA;SAAE,CAAC;QACvD,OAAO,EAAE,sBAAsB,EAAE,CAAC;KACnC,CAAC;CAiCH"}

package/dist/services/terms.service.js

@@ -0,0 +1,210 @@
+export class TermsService {
+    mikro;
+    constructor(mikro) {
+        this.mikro = mikro;
+    }
+    /**
+     * Get all global terms from database
+     */
+    async getGlobalTerms() {
+        return this.mikro.terms.findAllWithContents();
+    }
+    /**
+     * Get localized content for a term from its contents collection
+     */
+    getLocalizedContent(term, lang) {
+        const contents = term.contents.getItems();
+        const content = contents.find((c) => c.lang === lang);
+        const fallback = contents.find((c) => c.lang === 'en');
+        const result = content ?? fallback;
+        if (!result) {
+            return null;
+        }
+        return {
+            title: result.title,
+            type: result.type,
+            content: result.content,
+        };
+    }
+    /**
+     * Get global terms with user consent status
+     */
+    async getGlobalTermsWithConsent(userId, lang) {
+        const terms = await this.getGlobalTerms();
+        let consentsMap = new Map();
+        if (userId) {
+            consentsMap =
+                await this.mikro.userTermsConsent.findLatestConsentsMap(userId);
+        }
+        return terms.map((term) => {
+            const content = this.getLocalizedContent(term, lang);
+            const consent = consentsMap.get(term.id);
+            let userConsent = null;
+            if (consent) {
+                userConsent = {
+                    agreed: consent.agreed,
+                    agreedVersion: consent.termsVersion,
+                    agreedAt: consent.agreedAt,
+                    consentType: consent.consentType,
+                    requiresUpdate: consent.termsVersion !== term.version,
+                };
+            }
+            return {
+                id: term.id,
+                required: term.required,
+                consentMode: term.consentMode,
+                version: term.version,
+                title: content?.title ?? term.id,
+                type: content?.type ?? 'link',
+                content: content?.content ?? '',
+                userConsent,
+            };
+        });
+    }
+    /**
+     * Extract pending required term IDs from already-loaded
+     * localized terms. Use this instead of getPendingRequiredTerms
+     * when you already have the result of getGlobalTermsWithConsent.
+     */
+    getPendingFromLocalizedTerms(terms) {
+        return terms
+            .filter((t) => t.required && (!t.userConsent || t.userConsent.requiresUpdate))
+            .map((t) => t.id);
+    }
+    /**
+     * Check if user needs to consent to any required terms
+     * Returns list of term IDs that need consent
+     */
+    async getPendingRequiredTerms(userId) {
+        const terms = await this.getGlobalTerms();
+        const consentsMap = await this.mikro.userTermsConsent.findLatestConsentsMap(userId);
+        const pending = [];
+        for (const term of terms) {
+            if (!term.required) {
+                continue;
+            }
+            const consent = consentsMap.get(term.id);
+            if (!consent) {
+                pending.push(term.id);
+                continue;
+            }
+            // Check if version matches
+            if (consent.termsVersion !== term.version) {
+                pending.push(term.id);
+            }
+        }
+        return pending;
+    }
+    /**
+     * Record consent for multiple terms.
+     * Accepts optional pre-loaded terms to avoid redundant DB queries.
+     */
+    async recordConsents(params) {
+        const terms = params.terms ?? (await this.getGlobalTerms());
+        const termsMap = new Map(terms.map((t) => [t.id, t]));
+        const records = params.consents
+            .map((consent) => {
+            const term = termsMap.get(consent.termsId);
+            if (!term) {
+                return null;
+            }
+            return {
+                userSub: params.userSub,
+                termsId: consent.termsId,
+                termsVersion: term.version,
+                agreed: consent.agreed,
+                // Use provided consentType or derive from term's consentMode
+                consentType: consent.consentType ?? term.consentMode,
+            };
+        })
+            .filter((r) => r !== null);
+        if (records.length === 0) {
+            return [];
+        }
+        return this.mikro.userTermsConsent.recordConsents(records);
+    }
+    /**
+     * Record implicit consent for terms with implicit consent mode.
+     * Used during signup for terms that don't require explicit user
+     * action. Accepts optional pre-loaded terms to avoid redundant
+     * DB queries.
+     */
+    async recordImplicitConsents(params) {
+        const terms = params.terms ?? (await this.getGlobalTerms());
+        // Only record consent for terms with implicit consent mode
+        const implicitTerms = terms.filter((t) => t.consentMode === 'implicit');
+        if (implicitTerms.length === 0) {
+            return [];
+        }
+        return this.recordConsents({
+            userSub: params.userSub,
+            consents: implicitTerms.map((t) => ({
+                termsId: t.id,
+                agreed: true,
+                consentType: 'implicit',
+            })),
+            terms,
+        });
+    }
+    /**
+     * Get terms that require explicit consent (checkbox).
+     * Accepts optional pre-loaded terms to avoid redundant DB
+     * queries.
+     */
+    async getExplicitTerms(terms) {
+        const allTerms = terms ?? (await this.getGlobalTerms());
+        return allTerms.filter((t) => t.consentMode === 'explicit');
+    }
+    /**
+     * Validate that all required explicit terms have been agreed to.
+     * (implicit terms are auto-agreed, so they don't need validation)
+     * Accepts optional pre-loaded terms to avoid redundant DB
+     * queries.
+     */
+    async validateExplicitConsents(consents, terms) {
+        const allTerms = terms ?? (await this.getGlobalTerms());
+        // Only validate required terms with explicit consent mode
+        const requiredExplicitTerms = allTerms.filter((t) => t.required && t.consentMode === 'explicit');
+        const consentsMap = new Map(consents.map((c) => [c.termsId, c]));
+        const missingTerms = [];
+        for (const term of requiredExplicitTerms) {
+            const consent = consentsMap.get(term.id);
+            if (!consent?.agreed) {
+                missingTerms.push(term.id);
+            }
+        }
+        return {
+            valid: missingTerms.length === 0,
+            missingTerms,
+        };
+    }
+    /**
+     * Validate explicit consents, then record all consents
+     * (explicit + implicit) in a single flow. Loads terms only once.
+     */
+    async validateAndRecordConsents(params) {
+        const terms = await this.getGlobalTerms();
+        const validation = await this.validateExplicitConsents(params.consents, terms);
+        if (!validation.valid) {
+            return { validation, records: [] };
+        }
+        // Record explicit consents
+        const explicitRecords = params.consents.length > 0
+            ? await this.recordConsents({
+                userSub: params.userSub,
+                consents: params.consents,
+                terms,
+            })
+            : [];
+        // Record implicit consents
+        const implicitRecords = await this.recordImplicitConsents({
+            userSub: params.userSub,
+            terms,
+        });
+        return {
+            validation,
+            records: [...explicitRecords, ...implicitRecords],
+        };
+    }
+}
+//# sourceMappingURL=terms.service.js.map

package/dist/services/terms.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"terms.service.js","sourceRoot":"","sources":["../../src/services/terms.service.ts"],"names":[],"mappings":"AAiDA,MAAM,OAAO,YAAY;IACN,KAAK,CAAe;IACrC,YAAmB,KAAmB;QACpC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc;QACzB,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;IAChD,CAAC;IAED;;OAEG;IACI,mBAAmB,CACxB,IAAiB,EACjB,IAAY;QAEZ,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,OAAO,IAAI,QAAQ,CAAC;QAEnC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,yBAAyB,CACpC,MAAqB,EACrB,IAAY;QAEZ,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAE1C,IAAI,WAAW,GAAG,IAAI,GAAG,EAAkC,CAAC;QAC5D,IAAI,MAAM,EAAE,CAAC;YACX,WAAW;gBACT,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACpE,CAAC;QAED,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;YACxB,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACrD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAEzC,IAAI,WAAW,GAA4B,IAAI,CAAC;YAChD,IAAI,OAAO,EAAE,CAAC;gBACZ,WAAW,GAAG;oBACZ,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,aAAa,EAAE,OAAO,CAAC,YAAY;oBACnC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,cAAc,EAAE,OAAO,CAAC,YAAY,KAAK,IAAI,CAAC,OAAO;iBACtD,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,KAAK,EAAE,OAAO,EAAE,KAAK,IAAI,IAAI,CAAC,EAAE;gBAChC,IAAI,EAAE,OAAO,EAAE,IAAI,IAAI,MAAM;gBAC7B,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE;gBAC/B,WAAW;aACZ,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACI,4BAA4B,CAAC,KAA0B;QAC5D,OAAO,KAAK;aACT,MAAM,CACL,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW,CAAC,cAAc,CAAC,CACtE;aACA,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACtB,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,uBAAuB,CAAC,MAAc;QACjD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC1C,MAAM,WAAW,GACf,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAElE,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnB,SAAS;YACX,CAAC;YAED,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACzC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACtB,SAAS;YACX,CAAC;YAED,2BAA2B;YAC3B,IAAI,OAAO,CAAC,YAAY,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC1C,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,cAAc,CAAC,MAQ3B;QACC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAEtD,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ;aAC5B,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;YACf,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC3C,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,YAAY,EAAE,IAAI,CAAC,OAAO;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,6DAA6D;gBAC7D,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW;aACrD,CAAC;QACJ,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,CAAC,EAA8B,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;QAEzD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,sBAAsB,CAAC,MAGnC;QACC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;QAE5D,2DAA2D;QAC3D,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,UAAU,CAAC,CAAC;QAExE,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,OAAO,IAAI,CAAC,cAAc,CAAC;YACzB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAClC,OAAO,EAAE,CAAC,CAAC,EAAE;gBACb,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,UAAmB;aACjC,CAAC,CAAC;YACH,KAAK;SACN,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,gBAAgB,CAAC,KAAqB;QACjD,MAAM,QAAQ,GAAG,KAAK,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;QACxD,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,UAAU,CAAC,CAAC;IAC9D,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,wBAAwB,CACnC,QAAqD,EACrD,KAAqB;QAErB,MAAM,QAAQ,GAAG,KAAK,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;QACxD,0DAA0D;QAC1D,MAAM,qBAAqB,GAAG,QAAQ,CAAC,MAAM,CAC3C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,WAAW,KAAK,UAAU,CAClD,CAAC;QACF,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAEjE,MAAM,YAAY,GAAa,EAAE,CAAC;QAElC,KAAK,MAAM,IAAI,IAAI,qBAAqB,EAAE,CAAC;YACzC,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACzC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;gBACrB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,YAAY,CAAC,MAAM,KAAK,CAAC;YAChC,YAAY;SACb,CAAC;IACJ,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,yBAAyB,CAAC,MAGtC;QAIC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAE1C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,wBAAwB,CACpD,MAAM,CAAC,QAAQ,EACf,KAAK,CACN,CAAC;QAEF,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACrC,CAAC;QAED,2BAA2B;QAC3B,MAAM,eAAe,GACnB,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;YACxB,CAAC,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC;gBACxB,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,KAAK;aACN,CAAC;YACJ,CAAC,CAAC,EAAE,CAAC;QAET,2BAA2B;QAC3B,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC;YACxD,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,KAAK;SACN,CAAC,CAAC;QAEH,OAAO;YACL,UAAU;YACV,OAAO,EAAE,CAAC,GAAG,eAAe,EAAE,GAAG,eAAe,CAAC;SAClD,CAAC;IACJ,CAAC;CACF"}

package/dist/services/totp.service.d.ts

@@ -0,0 +1,86 @@
+import type { UserEntity } from '../entities/user.entity.ts';
+import type { TinyAuthRuntimeConfig } from '../lib/config/index.ts';
+import type { MikroService } from './mikro.service.ts';
+import type { SecurityService } from './security.service.ts';
+/**
+ * TOTP setup data returned when initiating 2FA setup
+ * Contains all information needed to display QR code and manual entry
+ */
+export interface TotpSetupData {
+    /** Base32-encoded TOTP secret key */
+    secret: string;
+    /** OTPAuth URL for authenticator apps (otpauth://totp/...) */
+    otpauthUrl: string;
+    /** QR code as data URL (data:image/png;base64,...) */
+    qrCodeDataUrl: string;
+}
+export declare class TotpService {
+    private readonly mikro;
+    private readonly config;
+    private readonly securityService;
+    constructor(mikro: MikroService, config: TinyAuthRuntimeConfig, securityService: SecurityService);
+    /**
+     * Generate a new TOTP secret for a user
+     */
+    generateSecret(): string;
+    /**
+     * Generate OTP auth URL for QR code
+     */
+    generateOtpAuthUrl(email: string, secret: string): string;
+    /**
+     * Generate QR code data URL from OTP auth URL
+     */
+    generateQrCode(otpauthUrl: string): Promise<string>;
+    /**
+     * Verify a TOTP token against a secret
+     */
+    verifyToken(token: string, secret: string): boolean;
+    /**
+     * Generate a TOTP token for a secret (used for testing)
+     */
+    generateToken(secret: string): string;
+    /**
+     * Start TOTP setup for a user
+     * Creates or updates unverified TOTP record
+     */
+    startSetup(user: UserEntity): Promise<TotpSetupData>;
+    /**
+     * Verify and complete TOTP setup.
+     * Also generates recovery codes upon successful verification.
+     *
+     * @returns Array of plain-text recovery codes (shown only once)
+     */
+    verifySetup(userId: string, token: string): Promise<string[]>;
+    /**
+     * Confirm TOTP setup by acknowledging recovery codes.
+     * This marks the TOTP setup as fully complete.
+     */
+    confirmSetup(userId: string): Promise<void>;
+    /**
+     * Disable TOTP for a user
+     * Also deletes all recovery codes
+     */
+    disable(userId: string, token: string, options: {
+        secondFactorRequired: boolean;
+        hasOtherSecondFactor: boolean;
+    }): Promise<void>;
+    verifyForAuth(userId: string, token: string): Promise<void>;
+    /**
+     * Generate a single recovery code in the format XXXX-XXXX-XXXX-XXXX.
+     */
+    generateRecoveryCodeString(): string;
+    /**
+     * Generate recovery codes for a user.
+     * Deletes any existing recovery codes first, then creates new ones.
+     *
+     * @returns Array of plain-text recovery codes (shown only once)
+     */
+    generateRecoveryCodes(user: UserEntity): Promise<string[]>;
+    /**
+     * Verify a recovery code for authentication.
+     * The code is single-use: once verified, it is marked as used.
+     */
+    verifyRecoveryCode(userId: string, code: string): Promise<void>;
+    regenerateRecoveryCodes(userId: string, token: string): Promise<string[]>;
+}
+//# sourceMappingURL=totp.service.d.ts.map

package/dist/services/totp.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"totp.service.d.ts","sourceRoot":"","sources":["../../src/services/totp.service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAGpE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE7D;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,8DAA8D;IAC9D,UAAU,EAAE,MAAM,CAAC;IACnB,sDAAsD;IACtD,aAAa,EAAE,MAAM,CAAC;CACvB;AAQD,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAe;IACrC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwB;IAC/C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;gBAEhD,KAAK,EAAE,YAAY,EACnB,MAAM,EAAE,qBAAqB,EAC7B,eAAe,EAAE,eAAe;IAOlC;;OAEG;IACI,cAAc,IAAI,MAAM;IAI/B;;OAEG;IACI,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM;IAUhE;;OAEG;IACU,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIhE;;OAEG;IACI,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;IAY1D;;OAEG;IACI,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IAI5C;;;OAGG;IACU,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC;IAmCjE;;;;;OAKG;IACU,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA+B1E;;;OAGG;IACU,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAcxD;;;OAGG;IACU,OAAO,CAClB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,OAAO,EAAE;QACP,oBAAoB,EAAE,OAAO,CAAC;QAC9B,oBAAoB,EAAE,OAAO,CAAC;KAC/B,GACA,OAAO,CAAC,IAAI,CAAC;IAmBH,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQxE;;OAEG;IACI,0BAA0B,IAAI,MAAM;IAiB3C;;;;;OAKG;IACU,qBAAqB,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAgCvE;;;OAGG;IACU,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAmC/D,uBAAuB,CAClC,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,EAAE,CAAC;CAmBrB"}