npm - @veritas-lex/contract-analysis-package - Versions diffs - 1.2.3 - Mend

@veritas-lex/contract-analysis-package 1.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (214) hide show

package/README.md +181 -0
package/dist/auth/auth-core.module.d.ts +21 -0
package/dist/auth/auth-core.module.d.ts.map +1 -0
package/dist/auth/auth-core.module.js +56 -0
package/dist/auth/auth-core.module.js.map +1 -0
package/dist/auth/decorators/current-user.decorator.d.ts +2 -0
package/dist/auth/decorators/current-user.decorator.d.ts.map +1 -0
package/dist/auth/decorators/current-user.decorator.js +9 -0
package/dist/auth/decorators/current-user.decorator.js.map +1 -0
package/dist/auth/decorators/public.decorator.d.ts +3 -0
package/dist/auth/decorators/public.decorator.d.ts.map +1 -0
package/dist/auth/decorators/public.decorator.js +8 -0
package/dist/auth/decorators/public.decorator.js.map +1 -0
package/dist/auth/guards/jwt-auth.guard.d.ts +11 -0
package/dist/auth/guards/jwt-auth.guard.d.ts.map +1 -0
package/dist/auth/guards/jwt-auth.guard.js +39 -0
package/dist/auth/guards/jwt-auth.guard.js.map +1 -0
package/dist/auth/index.d.ts +7 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/auth/index.js +15 -0
package/dist/auth/index.js.map +1 -0
package/dist/auth/interfaces/jwt-payload.interface.d.ts +24 -0
package/dist/auth/interfaces/jwt-payload.interface.d.ts.map +1 -0
package/dist/auth/interfaces/jwt-payload.interface.js +3 -0
package/dist/auth/interfaces/jwt-payload.interface.js.map +1 -0
package/dist/auth/strategies/base-jwt.strategy.d.ts +47 -0
package/dist/auth/strategies/base-jwt.strategy.d.ts.map +1 -0
package/dist/auth/strategies/base-jwt.strategy.js +162 -0
package/dist/auth/strategies/base-jwt.strategy.js.map +1 -0
package/dist/bootstrap/configure-app.d.ts +50 -0
package/dist/bootstrap/configure-app.d.ts.map +1 -0
package/dist/bootstrap/configure-app.js +117 -0
package/dist/bootstrap/configure-app.js.map +1 -0
package/dist/bootstrap/index.d.ts +3 -0
package/dist/bootstrap/index.d.ts.map +1 -0
package/dist/bootstrap/index.js +6 -0
package/dist/bootstrap/index.js.map +1 -0
package/dist/config/app.config.d.ts +37 -0
package/dist/config/app.config.d.ts.map +1 -0
package/dist/config/app.config.js +28 -0
package/dist/config/app.config.js.map +1 -0
package/dist/config/database.config.d.ts +48 -0
package/dist/config/database.config.d.ts.map +1 -0
package/dist/config/database.config.js +34 -0
package/dist/config/database.config.js.map +1 -0
package/dist/config/doc.config.d.ts +31 -0
package/dist/config/doc.config.d.ts.map +1 -0
package/dist/config/doc.config.js +22 -0
package/dist/config/doc.config.js.map +1 -0
package/dist/config/index.d.ts +17 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +26 -0
package/dist/config/index.js.map +1 -0
package/dist/config/jwt.config.d.ts +19 -0
package/dist/config/jwt.config.d.ts.map +1 -0
package/dist/config/jwt.config.js +28 -0
package/dist/config/jwt.config.js.map +1 -0
package/dist/config/logging.config.d.ts +33 -0
package/dist/config/logging.config.d.ts.map +1 -0
package/dist/config/logging.config.js +106 -0
package/dist/config/logging.config.js.map +1 -0
package/dist/config/redis.config.d.ts +19 -0
package/dist/config/redis.config.d.ts.map +1 -0
package/dist/config/redis.config.js +16 -0
package/dist/config/redis.config.js.map +1 -0
package/dist/config/security.config.d.ts +66 -0
package/dist/config/security.config.d.ts.map +1 -0
package/dist/config/security.config.js +66 -0
package/dist/config/security.config.js.map +1 -0
package/dist/config/storage.config.d.ts +20 -0
package/dist/config/storage.config.d.ts.map +1 -0
package/dist/config/storage.config.js +17 -0
package/dist/config/storage.config.js.map +1 -0
package/dist/config/validation.config.d.ts +62 -0
package/dist/config/validation.config.d.ts.map +1 -0
package/dist/config/validation.config.js +139 -0
package/dist/config/validation.config.js.map +1 -0
package/dist/constants/enums.d.ts +76 -0
package/dist/constants/enums.d.ts.map +1 -0
package/dist/constants/enums.js +92 -0
package/dist/constants/enums.js.map +1 -0
package/dist/constants/file-validation.constants.d.ts +28 -0
package/dist/constants/file-validation.constants.d.ts.map +1 -0
package/dist/constants/file-validation.constants.js +81 -0
package/dist/constants/file-validation.constants.js.map +1 -0
package/dist/constants/index.d.ts +6 -0
package/dist/constants/index.d.ts.map +1 -0
package/dist/constants/index.js +26 -0
package/dist/constants/index.js.map +1 -0
package/dist/constants/pii-classifications.constants.d.ts +27 -0
package/dist/constants/pii-classifications.constants.d.ts.map +1 -0
package/dist/constants/pii-classifications.constants.js +68 -0
package/dist/constants/pii-classifications.constants.js.map +1 -0
package/dist/database/base.entity.d.ts +6 -0
package/dist/database/base.entity.d.ts.map +1 -0
package/dist/database/base.entity.js +32 -0
package/dist/database/base.entity.js.map +1 -0
package/dist/database/database.module.d.ts +32 -0
package/dist/database/database.module.d.ts.map +1 -0
package/dist/database/database.module.js +69 -0
package/dist/database/database.module.js.map +1 -0
package/dist/database/entities/base-audit-log.entity.d.ts +21 -0
package/dist/database/entities/base-audit-log.entity.d.ts.map +1 -0
package/dist/database/entities/base-audit-log.entity.js +90 -0
package/dist/database/entities/base-audit-log.entity.js.map +1 -0
package/dist/database/entities/base-contract-chunk.entity.d.ts +18 -0
package/dist/database/entities/base-contract-chunk.entity.d.ts.map +1 -0
package/dist/database/entities/base-contract-chunk.entity.js +71 -0
package/dist/database/entities/base-contract-chunk.entity.js.map +1 -0
package/dist/database/entities/base-contract-event.entity.d.ts +16 -0
package/dist/database/entities/base-contract-event.entity.d.ts.map +1 -0
package/dist/database/entities/base-contract-event.entity.js +66 -0
package/dist/database/entities/base-contract-event.entity.js.map +1 -0
package/dist/database/entities/base-contract-key-date-rule.entity.d.ts +31 -0
package/dist/database/entities/base-contract-key-date-rule.entity.d.ts.map +1 -0
package/dist/database/entities/base-contract-key-date-rule.entity.js +140 -0
package/dist/database/entities/base-contract-key-date-rule.entity.js.map +1 -0
package/dist/database/entities/base-contract-pii-replacement.entity.d.ts +18 -0
package/dist/database/entities/base-contract-pii-replacement.entity.d.ts.map +1 -0
package/dist/database/entities/base-contract-pii-replacement.entity.js +67 -0
package/dist/database/entities/base-contract-pii-replacement.entity.js.map +1 -0
package/dist/database/entities/base-contract-red-flag.entity.d.ts +27 -0
package/dist/database/entities/base-contract-red-flag.entity.d.ts.map +1 -0
package/dist/database/entities/base-contract-red-flag.entity.js +114 -0
package/dist/database/entities/base-contract-red-flag.entity.js.map +1 -0
package/dist/database/entities/base-contract-task.entity.d.ts +20 -0
package/dist/database/entities/base-contract-task.entity.d.ts.map +1 -0
package/dist/database/entities/base-contract-task.entity.js +87 -0
package/dist/database/entities/base-contract-task.entity.js.map +1 -0
package/dist/database/entities/base-contract-text.entity.d.ts +19 -0
package/dist/database/entities/base-contract-text.entity.d.ts.map +1 -0
package/dist/database/entities/base-contract-text.entity.js +77 -0
package/dist/database/entities/base-contract-text.entity.js.map +1 -0
package/dist/database/entities/base-contract.entity.d.ts +56 -0
package/dist/database/entities/base-contract.entity.d.ts.map +1 -0
package/dist/database/entities/base-contract.entity.js +221 -0
package/dist/database/entities/base-contract.entity.js.map +1 -0
package/dist/database/entities/base-job.entity.d.ts +21 -0
package/dist/database/entities/base-job.entity.d.ts.map +1 -0
package/dist/database/entities/base-job.entity.js +89 -0
package/dist/database/entities/base-job.entity.js.map +1 -0
package/dist/database/entities/base-qna-question.entity.d.ts +22 -0
package/dist/database/entities/base-qna-question.entity.d.ts.map +1 -0
package/dist/database/entities/base-qna-question.entity.js +92 -0
package/dist/database/entities/base-qna-question.entity.js.map +1 -0
package/dist/database/entities/base-scoring-criteria.entity.d.ts +57 -0
package/dist/database/entities/base-scoring-criteria.entity.d.ts.map +1 -0
package/dist/database/entities/base-scoring-criteria.entity.js +376 -0
package/dist/database/entities/base-scoring-criteria.entity.js.map +1 -0
package/dist/database/entities/base-users-profile.entity.d.ts +32 -0
package/dist/database/entities/base-users-profile.entity.d.ts.map +1 -0
package/dist/database/entities/base-users-profile.entity.js +91 -0
package/dist/database/entities/base-users-profile.entity.js.map +1 -0
package/dist/database/entities/index.d.ts +16 -0
package/dist/database/entities/index.d.ts.map +1 -0
package/dist/database/entities/index.js +37 -0
package/dist/database/entities/index.js.map +1 -0
package/dist/database/entities/qna-question-template.entity.d.ts +30 -0
package/dist/database/entities/qna-question-template.entity.d.ts.map +1 -0
package/dist/database/entities/qna-question-template.entity.js +145 -0
package/dist/database/entities/qna-question-template.entity.js.map +1 -0
package/dist/database/entities/qna-response.entity.d.ts +29 -0
package/dist/database/entities/qna-response.entity.d.ts.map +1 -0
package/dist/database/entities/qna-response.entity.js +129 -0
package/dist/database/entities/qna-response.entity.js.map +1 -0
package/dist/database/index.d.ts +7 -0
package/dist/database/index.d.ts.map +1 -0
package/dist/database/index.js +32 -0
package/dist/database/index.js.map +1 -0
package/dist/database/redis.module.d.ts +12 -0
package/dist/database/redis.module.d.ts.map +1 -0
package/dist/database/redis.module.js +40 -0
package/dist/database/redis.module.js.map +1 -0
package/dist/database/redis.provider.d.ts +15 -0
package/dist/database/redis.provider.d.ts.map +1 -0
package/dist/database/redis.provider.js +42 -0
package/dist/database/redis.provider.js.map +1 -0
package/dist/dto/api-response.dto.d.ts +36 -0
package/dist/dto/api-response.dto.d.ts.map +1 -0
package/dist/dto/api-response.dto.js +88 -0
package/dist/dto/api-response.dto.js.map +1 -0
package/dist/dto/index.d.ts +2 -0
package/dist/dto/index.d.ts.map +1 -0
package/dist/dto/index.js +6 -0
package/dist/dto/index.js.map +1 -0
package/dist/filters/all-exceptions.filter.d.ts +43 -0
package/dist/filters/all-exceptions.filter.d.ts.map +1 -0
package/dist/filters/all-exceptions.filter.js +123 -0
package/dist/filters/all-exceptions.filter.js.map +1 -0
package/dist/filters/index.d.ts +3 -0
package/dist/filters/index.d.ts.map +1 -0
package/dist/filters/index.js +6 -0
package/dist/filters/index.js.map +1 -0
package/dist/helpers/crypto.service.d.ts +53 -0
package/dist/helpers/crypto.service.d.ts.map +1 -0
package/dist/helpers/crypto.service.js +153 -0
package/dist/helpers/crypto.service.js.map +1 -0
package/dist/helpers/index.d.ts +2 -0
package/dist/helpers/index.d.ts.map +1 -0
package/dist/helpers/index.js +6 -0
package/dist/helpers/index.js.map +1 -0
package/dist/index.d.ts +17 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +86 -0
package/dist/index.js.map +1 -0
package/dist/swagger/index.d.ts +2 -0
package/dist/swagger/index.d.ts.map +1 -0
package/dist/swagger/index.js +6 -0
package/dist/swagger/index.js.map +1 -0
package/dist/swagger/swagger.d.ts +16 -0
package/dist/swagger/swagger.d.ts.map +1 -0
package/dist/swagger/swagger.js +59 -0
package/dist/swagger/swagger.js.map +1 -0
package/package.json +63 -0

package/README.md ADDED Viewed

@@ -0,0 +1,181 @@
+# @ignatg/contract-analysis-package
+Shared NestJS infrastructure for the Contract Analysis platform. This package extracts duplicated infrastructure code from `contract-analysis-api` and `ai-analysis-api` into a single, versioned package.
+## Installation
+```bash
+npm install @ignatg/contract-analysis-package
+```
+Or reference locally during development:
+```json
+{
+  "dependencies": {
+    "@ignatg/contract-analysis-package": "^1.0.0",
+  }
+}
+```
+## What's Included
+| Module | Exports | Description |
+|--------|---------|-------------|
+| **Auth** | `JwtAuthGuard`, `BaseJwtStrategy`, `AuthCoreModule`, `CurrentUser`, `Public` | JWT authentication with Supabase JWKS support |
+| **Config** | `createAppConfig`, `createDatabaseConfig`, `createDocConfig`, `createJwtConfig`, `createLoggingConfig`, `createSecurityConfig`, `buildPinoParams`, `RedisConfig`, `StorageConfig` | Parameterised config factories |
+| **Constants** | `CRITICAL_PII_TYPES`, `HIGH_RISK_PII_TYPES`, `STANDARD_PII_TYPES`, `CONTEXTUAL_ENTITIES`, `ContractStatus`, `JobType`, `JobStatus`, `TaskStatus`, `TaskPriority`, `RiskLevel`, `RuleKind`, `RuleDirection` | PII classification + workflow enums |
+| **Database** | `DatabaseModule`, `BaseEntity`, `RedisModule`, `RedisProvider` | TypeORM + BullMQ infrastructure |
+| **DTO** | `ApiResponseDto` | Standard API response wrapper |
+| **Filters** | `AllExceptionsFilter` | Global exception filter |
+| **Helpers** | `TransformInterceptor` | Response transformation interceptor |
+| **Swagger** | `SwaggerDocs` | Swagger/OpenAPI documentation setup |
+| **Bootstrap** | `configureApp` | Shared application bootstrap helper |
+## Usage
+### Config Factories
+Each API calls factory functions with its own defaults:
+```typescript
+// config/index.ts
+import {
+  createAppConfig,
+  createDatabaseConfig,
+  createDocConfig,
+  createJwtConfig,
+  createLoggingConfig,
+  createSecurityConfig,
+  RedisConfig,
+  StorageConfig,
+} from '@ignatg/contract-analysis-package';
+const AppConfig = createAppConfig({
+  name: 'My API',
+  port: 3000,
+  corsOrigins: 'http://localhost:3333',
+});
+const DatabaseConfig = createDatabaseConfig({
+  defaultDbName: 'mydb',
+  defaultPoolMax: 20,
+});
+const DocConfig = createDocConfig({
+  name: 'My API Specification',
+  description: 'API documentation',
+});
+const JwtConfig = createJwtConfig({ strict: true });
+const LoggingConfig = createLoggingConfig({ defaultLevel: 'debug' });
+const SecurityConfig = createSecurityConfig({ includeEncryptionKey: true });
+export default [
+  AppConfig,
+  DatabaseConfig,
+  DocConfig,
+  JwtConfig,
+  LoggingConfig,
+  SecurityConfig,
+  RedisConfig,
+  StorageConfig,
+];
+```
+### Auth Module
+Extend `BaseJwtStrategy` with your custom `validate()` logic:
+```typescript
+import { Injectable } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { BaseJwtStrategy, JwtPayload } from '@ignatg/contract-analysis-package';
+@Injectable()
+export class JwtStrategy extends BaseJwtStrategy {
+  constructor(configService: ConfigService) {
+    super(configService);
+  }
+  validate(payload: JwtPayload) {
+    this.validateCorePayload(payload);
+    return {
+      userId: payload.sub,
+      email: payload.email || '',
+      role: payload.role || 'user',
+    };
+  }
+}
+```
+### Bootstrap Helper
+Simplify your `main.ts`:
+```typescript
+import { NestFactory, NestApplication } from '@nestjs/core';
+import { ConfigService } from '@nestjs/config';
+import { Logger } from 'nestjs-pino';
+import { configureApp } from '@ignatg/contract-analysis-package';
+import { MainModule } from './main.module';
+async function bootstrap() {
+  const app = await NestFactory.create<NestApplication>(MainModule, { bufferLogs: true });
+  await configureApp(app);
+  const configService = app.get(ConfigService);
+  const port = configService.get<number>('app.port');
+  const logger = app.get(Logger);
+  logger.log(`Main app will serve on PORT ${port}`, 'MainApplication');
+  await app.listen(port);
+}
+bootstrap();
+```
+### Database Module
+```typescript
+import { Module } from '@nestjs/common';
+import { DatabaseModule } from '@ignatg/contract-analysis-package';
+@Module({
+  imports: [DatabaseModule.register()],
+})
+export class MainModule {}
+```
+### Shared Enums
+```typescript
+import { ContractStatus, JobStatus, RiskLevel } from '@ignatg/contract-analysis-package';
+// Use in entity files (re-export pattern)
+export { ContractStatus } from '@ignatg/contract-analysis-package';
+// Use in services
+if (contract.status === ContractStatus.READY) { ... }
+if (job.status === JobStatus.QUEUED) { ... }
+```
+Available enums: `ContractStatus`, `JobType`, `JobStatus`, `TaskStatus`, `TaskPriority`, `RiskLevel`, `RuleKind`, `RuleDirection`
+## Peer Dependencies
+This package declares all NestJS ecosystem packages as `peerDependencies` to avoid version conflicts. Your consuming application must have them installed.
+## Building
+```bash
+npm run build    # Compiles TypeScript to dist/
+npm run clean    # Removes dist/
+```
+## Publishing
+Configured for GitHub Packages:
+```bash
+npm publish
+```

package/dist/auth/auth-core.module.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { DynamicModule } from "@nestjs/common";
+/**
+ * Auth Core Module
+ *
+ * Provides the shared Passport + JWT infrastructure that all APIs need.
+ * Each API imports this module and registers its own JwtStrategy and guards.
+ *
+ * @example
+ * ```typescript
+ * @Module({
+ *   imports: [AuthCoreModule.register(), TypeOrmModule.forFeature([User])],
+ *   providers: [JwtStrategy, JwtAuthGuard, AuthService],
+ *   exports: [JwtStrategy, JwtAuthGuard],
+ * })
+ * export class AuthModule {}
+ * ```
+ */
+export declare class AuthCoreModule {
+    static register(): DynamicModule;
+}
+//# sourceMappingURL=auth-core.module.d.ts.map

package/dist/auth/auth-core.module.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"auth-core.module.d.ts","sourceRoot":"","sources":["../../src/auth/auth-core.module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAKvD;;;;;;;;;;;;;;;GAeG;AACH,qBACa,cAAc;IACzB,MAAM,CAAC,QAAQ,IAAI,aAAa;CAoBjC"}

package/dist/auth/auth-core.module.js ADDED Viewed

@@ -0,0 +1,56 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var AuthCoreModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthCoreModule = void 0;
+const common_1 = require("@nestjs/common");
+const config_1 = require("@nestjs/config");
+const jwt_1 = require("@nestjs/jwt");
+const passport_1 = require("@nestjs/passport");
+/**
+ * Auth Core Module
+ *
+ * Provides the shared Passport + JWT infrastructure that all APIs need.
+ * Each API imports this module and registers its own JwtStrategy and guards.
+ *
+ * @example
+ * ```typescript
+ * @Module({
+ *   imports: [AuthCoreModule.register(), TypeOrmModule.forFeature([User])],
+ *   providers: [JwtStrategy, JwtAuthGuard, AuthService],
+ *   exports: [JwtStrategy, JwtAuthGuard],
+ * })
+ * export class AuthModule {}
+ * ```
+ */
+let AuthCoreModule = AuthCoreModule_1 = class AuthCoreModule {
+    static register() {
+        return {
+            module: AuthCoreModule_1,
+            imports: [
+                passport_1.PassportModule,
+                jwt_1.JwtModule.registerAsync({
+                    imports: [config_1.ConfigModule],
+                    useFactory: (configService) => ({
+                        secret: configService.get("jwt.secret"),
+                        signOptions: {
+                            expiresIn: configService.get("jwt.expiresIn") || "7d",
+                        },
+                    }),
+                    inject: [config_1.ConfigService],
+                }),
+            ],
+            exports: [passport_1.PassportModule, jwt_1.JwtModule],
+        };
+    }
+};
+exports.AuthCoreModule = AuthCoreModule;
+exports.AuthCoreModule = AuthCoreModule = AuthCoreModule_1 = __decorate([
+    (0, common_1.Module)({})
+], AuthCoreModule);
+//# sourceMappingURL=auth-core.module.js.map

package/dist/auth/auth-core.module.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth-core.module.js","sourceRoot":"","sources":["../../src/auth/auth-core.module.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAAuD;AACvD,2CAA6D;AAC7D,qCAAwC;AACxC,+CAAkD;AAElD;;;;;;;;;;;;;;;GAeG;AAEI,IAAM,cAAc,sBAApB,MAAM,cAAc;IACzB,MAAM,CAAC,QAAQ;QACb,OAAO;YACL,MAAM,EAAE,gBAAc;YACtB,OAAO,EAAE;gBACP,yBAAc;gBACd,eAAS,CAAC,aAAa,CAAC;oBACtB,OAAO,EAAE,CAAC,qBAAY,CAAC;oBACvB,UAAU,EAAE,CAAC,aAA4B,EAAE,EAAE,CAC3C,CAAC;wBACC,MAAM,EAAE,aAAa,CAAC,GAAG,CAAS,YAAY,CAAC;wBAC/C,WAAW,EAAE;4BACX,SAAS,EAAE,aAAa,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,IAAI;yBACtD;qBACF,CAA0C;oBAC7C,MAAM,EAAE,CAAC,sBAAa,CAAC;iBACxB,CAAC;aACH;YACD,OAAO,EAAE,CAAC,yBAAc,EAAE,eAAS,CAAC;SACrC,CAAC;IACJ,CAAC;CACF,CAAA;AArBY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,eAAM,EAAC,EAAE,CAAC;GACE,cAAc,CAqB1B"}

package/dist/auth/decorators/current-user.decorator.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const CurrentUser: (...dataOrPipes: unknown[]) => ParameterDecorator;
2	+ //# sourceMappingURL=current-user.decorator.d.ts.map

package/dist/auth/decorators/current-user.decorator.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"current-user.decorator.d.ts","sourceRoot":"","sources":["../../../src/auth/decorators/current-user.decorator.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,WAAW,mDAKvB,CAAC"}

package/dist/auth/decorators/current-user.decorator.js ADDED Viewed

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CurrentUser = void 0;
+const common_1 = require("@nestjs/common");
+exports.CurrentUser = (0, common_1.createParamDecorator)((data, ctx) => {
+    const request = ctx.switchToHttp().getRequest();
+    return request.user;
+});
+//# sourceMappingURL=current-user.decorator.js.map

package/dist/auth/decorators/current-user.decorator.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"current-user.decorator.js","sourceRoot":"","sources":["../../../src/auth/decorators/current-user.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAAwE;AAE3D,QAAA,WAAW,GAAG,IAAA,6BAAoB,EAC7C,CAAC,IAAa,EAAE,GAAqB,EAAE,EAAE;IACvC,MAAM,OAAO,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;IAChD,OAAO,OAAO,CAAC,IAAI,CAAC;AACtB,CAAC,CACF,CAAC"}

package/dist/auth/decorators/public.decorator.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export declare const IS_PUBLIC_KEY = "isPublic";
+export declare const Public: () => import("@nestjs/common").CustomDecorator<string>;
+//# sourceMappingURL=public.decorator.d.ts.map

package/dist/auth/decorators/public.decorator.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"public.decorator.d.ts","sourceRoot":"","sources":["../../../src/auth/decorators/public.decorator.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,aAAa,aAAa,CAAC;AACxC,eAAO,MAAM,MAAM,wDAAyC,CAAC"}

package/dist/auth/decorators/public.decorator.js ADDED Viewed

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Public = exports.IS_PUBLIC_KEY = void 0;
+const common_1 = require("@nestjs/common");
+exports.IS_PUBLIC_KEY = "isPublic";
+const Public = () => (0, common_1.SetMetadata)(exports.IS_PUBLIC_KEY, true);
+exports.Public = Public;
+//# sourceMappingURL=public.decorator.js.map

package/dist/auth/decorators/public.decorator.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"public.decorator.js","sourceRoot":"","sources":["../../../src/auth/decorators/public.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAA6C;AAEhC,QAAA,aAAa,GAAG,UAAU,CAAC;AACjC,MAAM,MAAM,GAAG,GAAG,EAAE,CAAC,IAAA,oBAAW,EAAC,qBAAa,EAAE,IAAI,CAAC,CAAC;AAAhD,QAAA,MAAM,UAA0C"}

package/dist/auth/guards/jwt-auth.guard.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { ExecutionContext } from "@nestjs/common";
+import { Reflector } from "@nestjs/core";
+export declare const IS_PUBLIC_KEY = "isPublic";
+declare const JwtAuthGuard_base: import("@nestjs/passport").Type<import("@nestjs/passport").IAuthGuard>;
+export declare class JwtAuthGuard extends JwtAuthGuard_base {
+    private reflector;
+    constructor(reflector: Reflector);
+    canActivate(context: ExecutionContext): boolean | Promise<boolean> | import("rxjs").Observable<boolean>;
+}
+export {};
+//# sourceMappingURL=jwt-auth.guard.d.ts.map

package/dist/auth/guards/jwt-auth.guard.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"jwt-auth.guard.d.ts","sourceRoot":"","sources":["../../../src/auth/guards/jwt-auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAc,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAGzC,eAAO,MAAM,aAAa,aAAa,CAAC;;AAExC,qBACa,YAAa,SAAQ,iBAAgB;IACpC,OAAO,CAAC,SAAS;gBAAT,SAAS,EAAE,SAAS;IAIxC,WAAW,CAAC,OAAO,EAAE,gBAAgB;CAYtC"}

package/dist/auth/guards/jwt-auth.guard.js ADDED Viewed

@@ -0,0 +1,39 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtAuthGuard = exports.IS_PUBLIC_KEY = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const passport_1 = require("@nestjs/passport");
+exports.IS_PUBLIC_KEY = "isPublic";
+let JwtAuthGuard = class JwtAuthGuard extends (0, passport_1.AuthGuard)("jwt") {
+    reflector;
+    constructor(reflector) {
+        super();
+        this.reflector = reflector;
+    }
+    canActivate(context) {
+        const isPublic = this.reflector.getAllAndOverride(exports.IS_PUBLIC_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        if (isPublic) {
+            return true;
+        }
+        return super.canActivate(context);
+    }
+};
+exports.JwtAuthGuard = JwtAuthGuard;
+exports.JwtAuthGuard = JwtAuthGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [core_1.Reflector])
+], JwtAuthGuard);
+//# sourceMappingURL=jwt-auth.guard.js.map

package/dist/auth/guards/jwt-auth.guard.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"jwt-auth.guard.js","sourceRoot":"","sources":["../../../src/auth/guards/jwt-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA8D;AAC9D,uCAAyC;AACzC,+CAA6C;AAEhC,QAAA,aAAa,GAAG,UAAU,CAAC;AAGjC,IAAM,YAAY,GAAlB,MAAM,YAAa,SAAQ,IAAA,oBAAS,EAAC,KAAK,CAAC;IAC5B;IAApB,YAAoB,SAAoB;QACtC,KAAK,EAAE,CAAC;QADU,cAAS,GAAT,SAAS,CAAW;IAExC,CAAC;IAED,WAAW,CAAC,OAAyB;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAU,qBAAa,EAAE;YACxE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QAEH,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;CACF,CAAA;AAjBY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;qCAEoB,gBAAS;GAD7B,YAAY,CAiBxB"}

package/dist/auth/index.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+export { CurrentUser } from "./decorators/current-user.decorator";
+export { IS_PUBLIC_KEY, Public } from "./decorators/public.decorator";
+export { JwtAuthGuard } from "./guards/jwt-auth.guard";
+export { BaseJwtStrategy } from "./strategies/base-jwt.strategy";
+export { AuthCoreModule } from "./auth-core.module";
+export type { JwtPayload } from "./interfaces/jwt-payload.interface";
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,qCAAqC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,YAAY,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC"}

package/dist/auth/index.js ADDED Viewed

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthCoreModule = exports.BaseJwtStrategy = exports.JwtAuthGuard = exports.Public = exports.IS_PUBLIC_KEY = exports.CurrentUser = void 0;
+var current_user_decorator_1 = require("./decorators/current-user.decorator");
+Object.defineProperty(exports, "CurrentUser", { enumerable: true, get: function () { return current_user_decorator_1.CurrentUser; } });
+var public_decorator_1 = require("./decorators/public.decorator");
+Object.defineProperty(exports, "IS_PUBLIC_KEY", { enumerable: true, get: function () { return public_decorator_1.IS_PUBLIC_KEY; } });
+Object.defineProperty(exports, "Public", { enumerable: true, get: function () { return public_decorator_1.Public; } });
+var jwt_auth_guard_1 = require("./guards/jwt-auth.guard");
+Object.defineProperty(exports, "JwtAuthGuard", { enumerable: true, get: function () { return jwt_auth_guard_1.JwtAuthGuard; } });
+var base_jwt_strategy_1 = require("./strategies/base-jwt.strategy");
+Object.defineProperty(exports, "BaseJwtStrategy", { enumerable: true, get: function () { return base_jwt_strategy_1.BaseJwtStrategy; } });
+var auth_core_module_1 = require("./auth-core.module");
+Object.defineProperty(exports, "AuthCoreModule", { enumerable: true, get: function () { return auth_core_module_1.AuthCoreModule; } });
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";;;AAAA,8EAAkE;AAAzD,qHAAA,WAAW,OAAA;AACpB,kEAAsE;AAA7D,iHAAA,aAAa,OAAA;AAAE,0GAAA,MAAM,OAAA;AAC9B,0DAAuD;AAA9C,8GAAA,YAAY,OAAA;AACrB,oEAAiE;AAAxD,oHAAA,eAAe,OAAA;AACxB,uDAAoD;AAA3C,kHAAA,cAAc,OAAA"}

package/dist/auth/interfaces/jwt-payload.interface.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * JWT Payload interface for Supabase-issued tokens.
+ *
+ * Shared across all APIs that validate Supabase JWTs.
+ */
+export interface JwtPayload {
+    sub: string;
+    username?: string;
+    email?: string;
+    role?: string;
+    iat?: number;
+    exp?: number;
+    /** Supabase audience claim — 'authenticated' for valid user tokens */
+    aud?: string;
+    /** Supabase user metadata from OAuth or registration */
+    user_metadata?: {
+        firstName?: string;
+        lastName?: string;
+        first_name?: string;
+        last_name?: string;
+        full_name?: string;
+    };
+}
+//# sourceMappingURL=jwt-payload.interface.d.ts.map

package/dist/auth/interfaces/jwt-payload.interface.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"jwt-payload.interface.d.ts","sourceRoot":"","sources":["../../../src/auth/interfaces/jwt-payload.interface.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wDAAwD;IACxD,aAAa,CAAC,EAAE;QACd,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;CACH"}

package/dist/auth/interfaces/jwt-payload.interface.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=jwt-payload.interface.js.map

package/dist/auth/interfaces/jwt-payload.interface.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"jwt-payload.interface.js","sourceRoot":"","sources":["../../../src/auth/interfaces/jwt-payload.interface.ts"],"names":[],"mappings":""}

package/dist/auth/strategies/base-jwt.strategy.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+import { ConfigService } from "@nestjs/config";
+import { Strategy } from "passport-jwt";
+import { JwksClient } from "jwks-rsa";
+import { JwtPayload } from "../interfaces/jwt-payload.interface";
+declare const BaseJwtStrategy_base: new (...args: [opt: import("passport-jwt").StrategyOptionsWithRequest] | [opt: import("passport-jwt").StrategyOptionsWithoutRequest]) => Strategy & {
+    validate(...args: any[]): unknown;
+};
+/**
+ * Base JWT Strategy for Supabase JWKS (ES256) token verification.
+ *
+ * Provides shared JWKS client setup, `secretOrKeyProvider` callback,
+ * and core payload validation. Each API extends this class with its
+ * own `validate()` method to customise the returned user object.
+ *
+ * @example
+ * ```typescript
+ * @Injectable()
+ * export class JwtStrategy extends BaseJwtStrategy {
+ *   constructor(configService: ConfigService) {
+ *     super(configService);
+ *   }
+ *
+ *   validate(payload: JwtPayload) {
+ *     this.validateCorePayload(payload);
+ *     return { userId: payload.sub, email: payload.email };
+ *   }
+ * }
+ * ```
+ */
+export declare abstract class BaseJwtStrategy extends BaseJwtStrategy_base {
+    protected readonly jwksClient: JwksClient | null;
+    constructor(configService: ConfigService);
+    /**
+     * Validates core JWT claims shared across all APIs.
+     * Call this at the top of your `validate()` method.
+     *
+     * @throws UnauthorizedException if sub, iat, or exp are missing or token is expired
+     */
+    protected validateCorePayload(payload: JwtPayload): void;
+    /**
+     * Validate the JWT payload and return the user object.
+     * Each API implements this with its own user shape and optional DB lookups.
+     */
+    abstract validate(payload: JwtPayload): unknown | Promise<unknown>;
+}
+export {};
+//# sourceMappingURL=base-jwt.strategy.d.ts.map

package/dist/auth/strategies/base-jwt.strategy.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"base-jwt.strategy.d.ts","sourceRoot":"","sources":["../../../src/auth/strategies/base-jwt.strategy.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE/C,OAAO,EAAc,QAAQ,EAAE,MAAM,cAAc,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,qCAAqC,CAAC;;;;AAEjE;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,8BACsB,eAAgB,SAAQ,oBAA0B;IACtE,SAAS,CAAC,QAAQ,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI,CAAQ;gBAE5C,aAAa,EAAE,aAAa;IAiFxC;;;;;OAKG;IACH,SAAS,CAAC,mBAAmB,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI;IAmBxD;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;CACnE"}

package/dist/auth/strategies/base-jwt.strategy.js ADDED Viewed

@@ -0,0 +1,162 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BaseJwtStrategy = void 0;
+const common_1 = require("@nestjs/common");
+const config_1 = require("@nestjs/config");
+const passport_1 = require("@nestjs/passport");
+const passport_jwt_1 = require("passport-jwt");
+const jwt = __importStar(require("jsonwebtoken"));
+const jwks_rsa_1 = require("jwks-rsa");
+/**
+ * Base JWT Strategy for Supabase JWKS (ES256) token verification.
+ *
+ * Provides shared JWKS client setup, `secretOrKeyProvider` callback,
+ * and core payload validation. Each API extends this class with its
+ * own `validate()` method to customise the returned user object.
+ *
+ * @example
+ * ```typescript
+ * @Injectable()
+ * export class JwtStrategy extends BaseJwtStrategy {
+ *   constructor(configService: ConfigService) {
+ *     super(configService);
+ *   }
+ *
+ *   validate(payload: JwtPayload) {
+ *     this.validateCorePayload(payload);
+ *     return { userId: payload.sub, email: payload.email };
+ *   }
+ * }
+ * ```
+ */
+let BaseJwtStrategy = class BaseJwtStrategy extends (0, passport_1.PassportStrategy)(passport_jwt_1.Strategy) {
+    jwksClient = null;
+    constructor(configService) {
+        const supabaseUrl = configService.get("storage.supabase.url");
+        let jwksClient = null;
+        if (supabaseUrl) {
+            const jwksUri = `${supabaseUrl}/auth/v1/.well-known/jwks.json`;
+            try {
+                jwksClient = new jwks_rsa_1.JwksClient({
+                    jwksUri,
+                    cache: true,
+                    cacheMaxAge: 600000, // 10 minutes
+                    rateLimit: true,
+                    jwksRequestsPerMinute: 10,
+                });
+            }
+            catch (error) {
+                console.warn("Failed to initialize Supabase JWKS client:", error);
+            }
+        }
+        super({
+            jwtFromRequest: passport_jwt_1.ExtractJwt.fromAuthHeaderAsBearerToken(),
+            ignoreExpiration: false,
+            secretOrKeyProvider: async (_request, rawJwtToken, done) => {
+                try {
+                    if (!rawJwtToken) {
+                        console.error("[JwtStrategy] No JWT token found in request — check that the frontend sends Authorization: Bearer <token>");
+                        done(new Error("No token provided"));
+                        return;
+                    }
+                    const decoded = jwt.decode(rawJwtToken, { complete: true });
+                    if (decoded &&
+                        typeof decoded === "object" &&
+                        decoded.payload &&
+                        decoded.header) {
+                        const header = decoded.header;
+                        if (jwksClient && header.kid) {
+                            try {
+                                const key = await jwksClient.getSigningKey(header.kid);
+                                const publicKey = key.getPublicKey();
+                                done(null, publicKey);
+                                return;
+                            }
+                            catch (error) {
+                                console.error("[JwtStrategy] Failed to get signing key from JWKS:", error);
+                                done(error);
+                                return;
+                            }
+                        }
+                    }
+                    done(new Error("Invalid token or JWKS not available"));
+                }
+                catch (error) {
+                    console.error("[JwtStrategy] Unexpected error in secretOrKeyProvider:", error);
+                    done(error);
+                }
+            },
+            algorithms: ["ES256"],
+        });
+        this.jwksClient = jwksClient;
+    }
+    /**
+     * Validates core JWT claims shared across all APIs.
+     * Call this at the top of your `validate()` method.
+     *
+     * @throws UnauthorizedException if sub, iat, or exp are missing or token is expired
+     */
+    validateCorePayload(payload) {
+        if (!payload.sub) {
+            throw new common_1.UnauthorizedException("Invalid token: missing subject");
+        }
+        if (!payload.iat) {
+            throw new common_1.UnauthorizedException("Invalid token: missing issued at time");
+        }
+        if (!payload.exp) {
+            throw new common_1.UnauthorizedException("Invalid token: missing expiration time");
+        }
+        const now = Math.floor(Date.now() / 1000);
+        if (payload.exp < now) {
+            throw new common_1.UnauthorizedException("Token has expired");
+        }
+    }
+};
+exports.BaseJwtStrategy = BaseJwtStrategy;
+exports.BaseJwtStrategy = BaseJwtStrategy = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [config_1.ConfigService])
+], BaseJwtStrategy);
+//# sourceMappingURL=base-jwt.strategy.js.map