@vnodes/auth 0.0.3

package/README.md

@@ -0,0 +1,35 @@
+![Npm version](https://img.shields.io/npm/v/@vnodes/auth)
+![Npm downloads](https://img.shields.io/npm/dm/@vnodes/auth)
+![Build Status](https://img.shields.io/github/actions/workflow/status/vnodes/vnodes/ci.yml)
+![Doc Status](https://img.shields.io/github/actions/workflow/status/vnodes/vnodes/doc.yml)
+![Bundle size](https://img.shields.io/bundlephobia/min/@vnodes/auth)
+
+<p align="center">
+  <img src="https://vnodes.github.io/vnodes/libs/auth/assets/favicon.png" alt="Logo"  width="200" height="200" style="border-radius: 100%"/>
+</p>
+
+## @vnodes/auth
+
+Nestjs authentication and authorization module
+
+## Installation
+
+```bash
+pnpm add @vnodes/auth
+```
+
+## 💖 Support My Work
+
+If you find my open-source contributions or the **@vnodes/auth** project helpful, consider supporting my work. Your sponsorship helps me maintain these projects and explore new enterprise patterns.
+
+[![CashApp](https://img.shields.io/badge/Sponsor%20me-%23EA4AAA.svg?style=for-the-badge&logo=github-sponsors&logoColor=white)](https://cash.app/$puqlib)
+
+---
+
+## 🤝 Connect with Me
+
+<p align="left">
+<a href="mailto:robert.brightline+vnodes-auth@gmail.com">
+<img src="https://img.shields.io/badge/Email-D14836?style=for-the-badge&logo=gmail&logoColor=white" />
+</a>
+</p>

package/dist/auth.controller.d.ts

@@ -0,0 +1,11 @@
+import { ForgotPasswordDto } from './dto/forgot-password.dto.js';
+import { LoginDto } from './dto/login.dto.js';
+import { AuthService } from './services/auth.service.js';
+export declare class AuthController {
+    protected readonly authService: AuthService;
+    constructor(authService: AuthService);
+    login(body: LoginDto): Promise<import("./index.js").AccessTokenDto>;
+    logout(accessToken: string): import("./index.js").MessageDto;
+    forgotPassword(body: ForgotPasswordDto): import("./index.js").MessageDto;
+}
+//# sourceMappingURL=auth.controller.d.ts.map

package/dist/auth.controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.controller.d.ts","sourceRoot":"","sources":["../src/auth.controller.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAEzD,qBAEa,cAAc;IACX,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW;gBAAxB,WAAW,EAAE,WAAW;IAIvD,KAAK,CAAS,IAAI,EAAE,QAAQ;IAK5B,MAAM,CAAgB,WAAW,EAAE,MAAM;IAMzC,cAAc,CAAS,IAAI,EAAE,iBAAiB;CAGjD"}

package/dist/auth.controller.js

@@ -0,0 +1,52 @@
+import { __decorate, __metadata, __param } from "tslib";
+import { Body, Controller, Post } from '@nestjs/common';
+import { Throttle } from '@nestjs/throttler';
+import { Public } from '@vnodes/metadata';
+import { AccessToken } from './context/context.js';
+import { ForgotPasswordDto } from './dto/forgot-password.dto.js';
+import { LoginDto } from './dto/login.dto.js';
+import { AuthService } from './services/auth.service.js';
+let AuthController = class AuthController {
+    authService;
+    constructor(authService) {
+        this.authService = authService;
+    }
+    login(body) {
+        return this.authService.login(body);
+    }
+    logout(accessToken) {
+        return this.authService.logout(accessToken);
+    }
+    forgotPassword(body) {
+        return this.authService.forgotPassword(body);
+    }
+};
+__decorate([
+    Public(),
+    Post('login'),
+    __param(0, Body()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [LoginDto]),
+    __metadata("design:returntype", void 0)
+], AuthController.prototype, "login", null);
+__decorate([
+    Post('logout'),
+    __param(0, AccessToken()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String]),
+    __metadata("design:returntype", void 0)
+], AuthController.prototype, "logout", null);
+__decorate([
+    Public(),
+    Post('forgot-password'),
+    __param(0, Body()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [ForgotPasswordDto]),
+    __metadata("design:returntype", void 0)
+], AuthController.prototype, "forgotPassword", null);
+AuthController = __decorate([
+    Throttle({ default: { limit: 6, ttl: 30_000 } }),
+    Controller('auth'),
+    __metadata("design:paramtypes", [AuthService])
+], AuthController);
+export { AuthController };

package/dist/auth.module.d.ts

@@ -0,0 +1,3 @@
+export declare class AuthModule {
+}
+//# sourceMappingURL=auth.module.d.ts.map

package/dist/auth.module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.module.d.ts","sourceRoot":"","sources":["../src/auth.module.ts"],"names":[],"mappings":"AAQA,qBAqBa,UAAU;CAAG"}

package/dist/auth.module.js

@@ -0,0 +1,34 @@
+import { __decorate } from "tslib";
+import { Module } from '@nestjs/common';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { EventEmitterModule } from '@nestjs/event-emitter';
+import { JwtModule } from '@nestjs/jwt';
+import { AuthController } from './auth.controller.js';
+import { AuthService } from './services/auth.service.js';
+import { UserService } from './services/user.service.js';
+let AuthModule = class AuthModule {
+};
+AuthModule = __decorate([
+    Module({
+        imports: [
+            EventEmitterModule,
+            JwtModule.registerAsync({
+                imports: [ConfigModule],
+                inject: [ConfigService],
+                useFactory(config) {
+                    const secret = config.getOrThrow('JWT_SECRET');
+                    const expiresIn = config.getOrThrow('JWT_EXPIRES_IN');
+                    return {
+                        secret,
+                        signOptions: {
+                            expiresIn,
+                        },
+                    };
+                },
+            }),
+        ],
+        controllers: [AuthController],
+        providers: [UserService, AuthService],
+    })
+], AuthModule);
+export { AuthModule };

package/dist/context/context.d.ts

@@ -0,0 +1,10 @@
+import { User } from '../services/user-manager.js';
+/**
+ * Get the user info {@link UserInfo} of the current session from the request
+ */
+export declare const UserInfo: (...dataOrPipes: (User | import("@nestjs/common").PipeTransform<any, any> | import("@nestjs/common").Type<import("@nestjs/common").PipeTransform<any, any>>)[]) => ParameterDecorator;
+/**
+ * Get the access token of the current session from the request
+ */
+export declare const AccessToken: (...dataOrPipes: (string | import("@nestjs/common").PipeTransform<any, any> | import("@nestjs/common").Type<import("@nestjs/common").PipeTransform<any, any>>)[]) => ParameterDecorator;
+//# sourceMappingURL=context.d.ts.map

package/dist/context/context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../../src/context/context.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,6BAA6B,CAAC;AAGnD;;GAEG;AACH,eAAO,MAAM,QAAQ,uLAEnB,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,WAAW,yLAEtB,CAAC"}

package/dist/context/context.js

@@ -0,0 +1,13 @@
+import { createParamDecorator } from '@nestjs/common';
+/**
+ * Get the user info {@link UserInfo} of the current session from the request
+ */
+export const UserInfo = createParamDecorator((_, context) => {
+    return context.switchToHttp().getRequest().user;
+});
+/**
+ * Get the access token of the current session from the request
+ */
+export const AccessToken = createParamDecorator((_, context) => {
+    return context.switchToHttp().getRequest().accessToken;
+});

package/dist/dto/access-token.dto.d.ts

@@ -0,0 +1,5 @@
+export declare class AccessTokenDto {
+    token: string;
+    constructor(dto: AccessTokenDto);
+}
+//# sourceMappingURL=access-token.dto.d.ts.map

package/dist/dto/access-token.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-token.dto.d.ts","sourceRoot":"","sources":["../../src/dto/access-token.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,cAAc;IACf,KAAK,EAAE,MAAM,CAAC;gBAEV,GAAG,EAAE,cAAc;CAGlC"}

package/dist/dto/access-token.dto.js

@@ -0,0 +1,12 @@
+import { __decorate, __metadata } from "tslib";
+import { Prop } from '@vnodes/property';
+export class AccessTokenDto {
+    token;
+    constructor(dto) {
+        Object.assign(this, dto);
+    }
+}
+__decorate([
+    Prop(),
+    __metadata("design:type", String)
+], AccessTokenDto.prototype, "token", void 0);

package/dist/dto/forgot-password.dto.d.ts

@@ -0,0 +1,4 @@
+export declare class ForgotPasswordDto {
+    username: string;
+}
+//# sourceMappingURL=forgot-password.dto.d.ts.map

package/dist/dto/forgot-password.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"forgot-password.dto.d.ts","sourceRoot":"","sources":["../../src/dto/forgot-password.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,iBAAiB;IACiB,QAAQ,EAAE,MAAM,CAAC;CAC/D"}

package/dist/dto/forgot-password.dto.js

@@ -0,0 +1,9 @@
+import { __decorate, __metadata } from "tslib";
+import { Prop } from '@vnodes/property';
+export class ForgotPasswordDto {
+    username;
+}
+__decorate([
+    Prop({ required: true, format: 'email' }),
+    __metadata("design:type", String)
+], ForgotPasswordDto.prototype, "username", void 0);

package/dist/dto/login-with-otp.dto.d.ts

@@ -0,0 +1,5 @@
+export declare class LoginWithOtpDto {
+    username: string;
+    otp: string;
+}
+//# sourceMappingURL=login-with-otp.dto.d.ts.map

package/dist/dto/login-with-otp.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login-with-otp.dto.d.ts","sourceRoot":"","sources":["../../src/dto/login-with-otp.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,eAAe;IACmB,QAAQ,EAAE,MAAM,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;CACvD"}

package/dist/dto/login-with-otp.dto.js

@@ -0,0 +1,14 @@
+import { __decorate, __metadata } from "tslib";
+import { Prop } from '@vnodes/property';
+export class LoginWithOtpDto {
+    username;
+    otp;
+}
+__decorate([
+    Prop({ required: true, format: 'email' }),
+    __metadata("design:type", String)
+], LoginWithOtpDto.prototype, "username", void 0);
+__decorate([
+    Prop({ required: true, minLength: 6 }),
+    __metadata("design:type", String)
+], LoginWithOtpDto.prototype, "otp", void 0);

package/dist/dto/login.dto.d.ts

@@ -0,0 +1,5 @@
+export declare class LoginDto {
+    username: string;
+    password: string;
+}
+//# sourceMappingURL=login.dto.d.ts.map

package/dist/dto/login.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.dto.d.ts","sourceRoot":"","sources":["../../src/dto/login.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,QAAQ;IAC0B,QAAQ,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CAClE"}

package/dist/dto/login.dto.js

@@ -0,0 +1,14 @@
+import { __decorate, __metadata } from "tslib";
+import { Prop } from '@vnodes/property';
+export class LoginDto {
+    username;
+    password;
+}
+__decorate([
+    Prop({ required: true, format: 'email' }),
+    __metadata("design:type", String)
+], LoginDto.prototype, "username", void 0);
+__decorate([
+    Prop({ required: true, format: 'password' }),
+    __metadata("design:type", String)
+], LoginDto.prototype, "password", void 0);

package/dist/dto/message.dto.d.ts

@@ -0,0 +1,5 @@
+export declare class MessageDto {
+    message: string;
+    constructor(data: MessageDto);
+}
+//# sourceMappingURL=message.dto.d.ts.map

package/dist/dto/message.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"message.dto.d.ts","sourceRoot":"","sources":["../../src/dto/message.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,UAAU;IACX,OAAO,EAAE,MAAM,CAAC;gBAEZ,IAAI,EAAE,UAAU;CAG/B"}

package/dist/dto/message.dto.js

@@ -0,0 +1,12 @@
+import { __decorate, __metadata } from "tslib";
+import { Prop } from '@vnodes/property';
+export class MessageDto {
+    message;
+    constructor(data) {
+        Object.assign(this, data);
+    }
+}
+__decorate([
+    Prop(),
+    __metadata("design:type", String)
+], MessageDto.prototype, "message", void 0);

package/dist/dto/otp-response-dto.d.ts

@@ -0,0 +1,5 @@
+export declare class OtpResponseDto {
+    otp: string;
+    constructor(data: OtpResponseDto);
+}
+//# sourceMappingURL=otp-response-dto.d.ts.map

package/dist/dto/otp-response-dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"otp-response-dto.d.ts","sourceRoot":"","sources":["../../src/dto/otp-response-dto.ts"],"names":[],"mappings":"AAEA,qBAAa,cAAc;IACf,GAAG,EAAE,MAAM,CAAC;gBACR,IAAI,EAAE,cAAc;CAGnC"}

package/dist/dto/otp-response-dto.js

@@ -0,0 +1,12 @@
+import { __decorate, __metadata } from "tslib";
+import { Prop } from '@vnodes/property';
+export class OtpResponseDto {
+    otp;
+    constructor(data) {
+        Object.assign(this, data);
+    }
+}
+__decorate([
+    Prop(),
+    __metadata("design:type", String)
+], OtpResponseDto.prototype, "otp", void 0);

package/dist/dto/update-password.dto.d.ts

@@ -0,0 +1,4 @@
+export declare class UpdatePasswordDto {
+    password: string;
+}
+//# sourceMappingURL=update-password.dto.d.ts.map

package/dist/dto/update-password.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"update-password.dto.d.ts","sourceRoot":"","sources":["../../src/dto/update-password.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,iBAAiB;IACoB,QAAQ,EAAE,MAAM,CAAC;CAClE"}

package/dist/dto/update-password.dto.js

@@ -0,0 +1,9 @@
+import { __decorate, __metadata } from "tslib";
+import { Prop } from '@vnodes/property';
+export class UpdatePasswordDto {
+    password;
+}
+__decorate([
+    Prop({ required: true, format: 'password' }),
+    __metadata("design:type", String)
+], UpdatePasswordDto.prototype, "password", void 0);

package/dist/guards/auth.guard.d.ts

@@ -0,0 +1,12 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { UserService } from '../services/user.service.js';
+import { AuthRequest } from '../types/auth-request.js';
+export declare class AuthGuard implements CanActivate {
+    protected readonly reflector: Reflector;
+    protected readonly userService: UserService;
+    constructor(reflector: Reflector, userService: UserService);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+    extractToken(request: AuthRequest): string;
+}
+//# sourceMappingURL=auth.guard.d.ts.map

package/dist/guards/auth.guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.guard.d.ts","sourceRoot":"","sources":["../../src/guards/auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAqC,MAAM,gBAAgB,CAAC;AAClG,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,qBACa,SAAU,YAAW,WAAW;IAErC,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,SAAS;IACvC,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW;gBADxB,SAAS,EAAE,SAAS,EACpB,WAAW,EAAE,WAAW;IAGzC,WAAW,CAAC,OAAO,EAAE,gBAAgB;IAqC3C,YAAY,CAAC,OAAO,EAAE,WAAW;CAYpC"}

package/dist/guards/auth.guard.js

@@ -0,0 +1,58 @@
+import { __decorate, __metadata } from "tslib";
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { getPermissions, getRoles, isPublic } from '@vnodes/metadata';
+import { UserService } from '../services/user.service.js';
+let AuthGuard = class AuthGuard {
+    reflector;
+    userService;
+    constructor(reflector, userService) {
+        this.reflector = reflector;
+        this.userService = userService;
+    }
+    async canActivate(context) {
+        if (isPublic(this.reflector, context)) {
+            return true;
+        }
+        const permissions = getPermissions(this.reflector, context);
+        const roles = getRoles(this.reflector, context);
+        const requiredPolicy = ((permissions || roles) && permissions.length > 0) || roles.length > 0;
+        if (!requiredPolicy) {
+            return true;
+        }
+        const authRequest = context.switchToHttp().getRequest();
+        const token = this.extractToken(authRequest);
+        const user = await this.userService.findByToken(token);
+        authRequest.user = user.user;
+        if (user.isAdmin()) {
+            return true;
+        }
+        if (permissions.length > 0) {
+            if (!user.hasPermissions(permissions)) {
+                return false;
+            }
+        }
+        if (roles.length > 0) {
+            if (!user.hasRoles(roles)) {
+                return false;
+            }
+        }
+        return true;
+    }
+    extractToken(request) {
+        const rawToken = request.headers.authorization;
+        if (!rawToken) {
+            throw new UnauthorizedException('No token');
+        }
+        const [type, token] = rawToken.split(' ');
+        if (type === 'Bearer' && token)
+            return token;
+        throw new UnauthorizedException('Invalid token ');
+    }
+};
+AuthGuard = __decorate([
+    Injectable(),
+    __metadata("design:paramtypes", [Reflector,
+        UserService])
+], AuthGuard);
+export { AuthGuard };

package/dist/index.d.ts

@@ -0,0 +1,16 @@
+export * from './auth.controller.js';
+export * from './auth.module.js';
+export * from './context/context.js';
+export * from './dto/access-token.dto.js';
+export * from './dto/forgot-password.dto.js';
+export * from './dto/login.dto.js';
+export * from './dto/login-with-otp.dto.js';
+export * from './dto/message.dto.js';
+export * from './dto/otp-response-dto.js';
+export * from './dto/update-password.dto.js';
+export * from './guards/auth.guard.js';
+export * from './services/auth.service.js';
+export * from './services/user.service.js';
+export * from './services/user-manager.js';
+export * from './types/auth-request.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,sBAAsB,CAAC;AACrC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,oBAAoB,CAAC;AACnC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,sBAAsB,CAAC;AACrC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,wBAAwB,CAAC;AACvC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC"}

package/dist/index.js

@@ -0,0 +1,16 @@
+// @index(['./**/*.ts', '!./**/*.spec.ts', '!./**/{main,serve,index}.ts', '!./**/prisma', '!./**/generated'], f => `export * from '${f.path}.js'`)
+export * from './auth.controller.js';
+export * from './auth.module.js';
+export * from './context/context.js';
+export * from './dto/access-token.dto.js';
+export * from './dto/forgot-password.dto.js';
+export * from './dto/login.dto.js';
+export * from './dto/login-with-otp.dto.js';
+export * from './dto/message.dto.js';
+export * from './dto/otp-response-dto.js';
+export * from './dto/update-password.dto.js';
+export * from './guards/auth.guard.js';
+export * from './services/auth.service.js';
+export * from './services/user.service.js';
+export * from './services/user-manager.js';
+export * from './types/auth-request.js';

package/dist/services/auth.service.d.ts

@@ -0,0 +1,37 @@
+import { EventEmitter2 } from '@nestjs/event-emitter';
+import { AccessTokenDto } from '../dto/access-token.dto.js';
+import { ForgotPasswordDto } from '../dto/forgot-password.dto.js';
+import { LoginDto } from '../dto/login.dto.js';
+import { LoginWithOtpDto } from '../dto/login-with-otp.dto.js';
+import { MessageDto } from '../dto/message.dto.js';
+import { UserService } from './user.service.js';
+export declare class AuthService {
+    protected readonly userService: UserService;
+    protected readonly eventEmitter: EventEmitter2;
+    constructor(userService: UserService, eventEmitter: EventEmitter2);
+    /**
+     * Login with credentials (find user by username and compare the passed with hashed password)
+     * @param body -- {@link LoginDto}
+     * @returns -- {@link AccessTokenDto}
+     */
+    login(body: LoginDto): Promise<AccessTokenDto>;
+    /**
+     * Login with otp code (generated and sent to the user via email or sms)
+     * @param body -- {@link LoginWithOtpDto}
+     * @returns -- {@link AccessTokenDto}
+     */
+    loginWithOtp(body: LoginWithOtpDto): Promise<AccessTokenDto>;
+    /**
+     * Logout from the current sesison (delete the session token from token hash map)
+     * @param token acesss token
+     * @returns -- {@link MessageDto}
+     */
+    logout(token: string): MessageDto;
+    /**
+     * Create a otp code and emit "email.otp" event with payload of {@link OtpResponseDto}
+     * @param body -- {@link ForgotPasswordDto}
+     * @returns -- {@link MessageDto}
+     */
+    forgotPassword(body: ForgotPasswordDto): MessageDto;
+}
+//# sourceMappingURL=auth.service.d.ts.map

package/dist/services/auth.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/services/auth.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEnD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,qBACa,WAAW;IAEhB,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW;IAC3C,SAAS,CAAC,QAAQ,CAAC,YAAY,EAAE,aAAa;gBAD3B,WAAW,EAAE,WAAW,EACxB,YAAY,EAAE,aAAa;IAGlD;;;;OAIG;IACG,KAAK,CAAC,IAAI,EAAE,QAAQ;IAQ1B;;;;OAIG;IACG,YAAY,CAAC,IAAI,EAAE,eAAe;IAQxC;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM;IAKpB;;;;OAIG;IACH,cAAc,CAAC,IAAI,EAAE,iBAAiB;CAKzC"}

package/dist/services/auth.service.js

@@ -0,0 +1,64 @@
+import { __decorate, __metadata } from "tslib";
+import { Injectable } from '@nestjs/common';
+import { EventEmitter2 } from '@nestjs/event-emitter';
+import { AccessTokenDto } from '../dto/access-token.dto.js';
+import { MessageDto } from '../dto/message.dto.js';
+import { OtpResponseDto } from '../dto/otp-response-dto.js';
+import { UserService } from './user.service.js';
+let AuthService = class AuthService {
+    userService;
+    eventEmitter;
+    constructor(userService, eventEmitter) {
+        this.userService = userService;
+        this.eventEmitter = eventEmitter;
+    }
+    /**
+     * Login with credentials (find user by username and compare the passed with hashed password)
+     * @param body -- {@link LoginDto}
+     * @returns -- {@link AccessTokenDto}
+     */
+    async login(body) {
+        const user = this.userService.findByUsername(body.username);
+        await user.comparePassword(body.password);
+        const token = await user.signToken();
+        this.userService.updateToken(token, user.user.username);
+        return new AccessTokenDto({ token });
+    }
+    /**
+     * Login with otp code (generated and sent to the user via email or sms)
+     * @param body -- {@link LoginWithOtpDto}
+     * @returns -- {@link AccessTokenDto}
+     */
+    async loginWithOtp(body) {
+        this.userService.compareOtp(body.username, body.otp);
+        this.userService.deleteOtp(body.username);
+        const user = this.userService.findByUsername(body.username);
+        const token = await user.signToken();
+        return new AccessTokenDto({ token });
+    }
+    /**
+     * Logout from the current sesison (delete the session token from token hash map)
+     * @param token acesss token
+     * @returns -- {@link MessageDto}
+     */
+    logout(token) {
+        this.userService.deleteToken(token);
+        return new MessageDto({ message: 'Bye for now' });
+    }
+    /**
+     * Create a otp code and emit "email.otp" event with payload of {@link OtpResponseDto}
+     * @param body -- {@link ForgotPasswordDto}
+     * @returns -- {@link MessageDto}
+     */
+    forgotPassword(body) {
+        const otp = this.userService.createOtp(body.username);
+        this.eventEmitter.emit('email.otp', new OtpResponseDto({ otp }));
+        return new MessageDto({ message: 'We sent the otp to your email' });
+    }
+};
+AuthService = __decorate([
+    Injectable(),
+    __metadata("design:paramtypes", [UserService,
+        EventEmitter2])
+], AuthService);
+export { AuthService };

package/dist/services/user-manager.d.ts

@@ -0,0 +1,71 @@
+import { JwtService } from '@nestjs/jwt';
+export declare class JwtPayload {
+    sub: number;
+    username: string;
+    version: string;
+}
+export declare class User {
+    id: number;
+    version: string;
+    username: string;
+    password: string;
+    permissions?: string[];
+    roles?: string[];
+    constructor(user: User);
+}
+export declare class UserManager {
+    protected readonly userData: User;
+    protected readonly jwt: JwtService;
+    constructor(userData: User, jwt: JwtService);
+    /**
+     * Get the user data
+     */
+    get user(): User;
+    /**
+     * Get the set of user permissions
+     */
+    get permisisons(): Set<string>;
+    /**
+     * Get the set of user roles
+     */
+    get roles(): Set<string>;
+    /**
+     * Get the user version
+     */
+    get version(): string;
+    /**
+     * Check the user has the "admin" role
+     */
+    isAdmin(): boolean;
+    /**
+     * Check the user has all {@link requiredPermissions} or throw {@link ForbiddenException}
+     */
+    hasPermissions(requiredPermissions: string[]): boolean;
+    /**
+     * Check the user has one of the {@link requiredRoles} or throw {@link ForbiddenException}
+     */
+    hasRoles(requiredRoles: string[]): boolean;
+    /**
+     * Create the jwt payload object {@link JwtPayload}
+     * @returns -- {@link JwtPayload}
+     */
+    toJwtPayload(): JwtPayload;
+    /**
+     * Compare the plain password with the hashed password
+     * @param password plain password
+     * @returns boolean or throw {@link UnauthorizedException}
+     */
+    comparePassword(password: string): Promise<boolean>;
+    /**
+     * Sign the jwt token
+     * @returns jwt token
+     */
+    signToken(): Promise<string>;
+    /**
+     * Verify jwt {@link token}
+     * @param token jwt token
+     * @returns string or throw {@link UnauthorizedException} that indicated invalid or old versioned token
+     */
+    verifyToken(token: string): Promise<JwtPayload>;
+}
+//# sourceMappingURL=user-manager.d.ts.map

package/dist/services/user-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-manager.d.ts","sourceRoot":"","sources":["../../src/services/user-manager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC,qBAAa,UAAU;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,IAAI;IACb,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;gBAEL,IAAI,EAAE,IAAI;CAWzB;AAED,qBAAa,WAAW;IAEhB,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI;IACjC,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE,UAAU;gBADf,QAAQ,EAAE,IAAI,EACd,GAAG,EAAE,UAAU;IAGtC;;OAEG;IACH,IAAI,IAAI,IAAI,IAAI,CAEf;IAED;;OAEG;IACH,IAAI,WAAW,gBAEd;IAED;;OAEG;IACH,IAAI,KAAK,gBAER;IAED;;OAEG;IACH,IAAI,OAAO,WAEV;IAED;;OAEG;IACH,OAAO;IAIP;;OAEG;IACH,cAAc,CAAC,mBAAmB,EAAE,MAAM,EAAE;IAO5C;;OAEG;IACH,QAAQ,CAAC,aAAa,EAAE,MAAM,EAAE;IAOhC;;;OAGG;IACH,YAAY,IAAI,UAAU;IAQ1B;;;;OAIG;IACG,eAAe,CAAC,QAAQ,EAAE,MAAM;IAOtC;;;OAGG;IACG,SAAS;IAKf;;;;OAIG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM;CASlC"}

package/dist/services/user-manager.js

@@ -0,0 +1,122 @@
+import { ForbiddenException, UnauthorizedException } from '@nestjs/common';
+import { compare } from '@vnodes/crypto';
+export class JwtPayload {
+    sub;
+    username;
+    version;
+}
+export class User {
+    id;
+    version;
+    username;
+    password;
+    permissions;
+    roles;
+    constructor(user) {
+        Object.assign(this, user);
+        if (user.permissions && user.permissions?.length > 0) {
+            this.permissions = user.permissions;
+        }
+        if (user.roles && user.roles?.length > 0) {
+            this.roles = user.roles;
+        }
+    }
+}
+export class UserManager {
+    userData;
+    jwt;
+    constructor(userData, jwt) {
+        this.userData = userData;
+        this.jwt = jwt;
+    }
+    /**
+     * Get the user data
+     */
+    get user() {
+        return new User(this.userData);
+    }
+    /**
+     * Get the set of user permissions
+     */
+    get permisisons() {
+        return new Set(this.userData.permissions ?? []);
+    }
+    /**
+     * Get the set of user roles
+     */
+    get roles() {
+        return new Set(this.userData.roles ?? []);
+    }
+    /**
+     * Get the user version
+     */
+    get version() {
+        return this.userData.version;
+    }
+    /**
+     * Check the user has the "admin" role
+     */
+    isAdmin() {
+        return this.roles.has('admin');
+    }
+    /**
+     * Check the user has all {@link requiredPermissions} or throw {@link ForbiddenException}
+     */
+    hasPermissions(requiredPermissions) {
+        if (requiredPermissions.every((permission) => this.permisisons.has(permission))) {
+            return true;
+        }
+        throw new ForbiddenException('Insufficient permissions');
+    }
+    /**
+     * Check the user has one of the {@link requiredRoles} or throw {@link ForbiddenException}
+     */
+    hasRoles(requiredRoles) {
+        if (requiredRoles.some((role) => this.roles.has(role))) {
+            return true;
+        }
+        throw new ForbiddenException('Insufficient role');
+    }
+    /**
+     * Create the jwt payload object {@link JwtPayload}
+     * @returns -- {@link JwtPayload}
+     */
+    toJwtPayload() {
+        return {
+            sub: this.userData.id,
+            username: this.userData.username,
+            version: this.userData.version,
+        };
+    }
+    /**
+     * Compare the plain password with the hashed password
+     * @param password plain password
+     * @returns boolean or throw {@link UnauthorizedException}
+     */
+    async comparePassword(password) {
+        if (await compare(password, this.userData.password)) {
+            return true;
+        }
+        throw new UnauthorizedException(`Wrong password`);
+    }
+    /**
+     * Sign the jwt token
+     * @returns jwt token
+     */
+    async signToken() {
+        const token = await this.jwt.signAsync(this.toJwtPayload());
+        return token;
+    }
+    /**
+     * Verify jwt {@link token}
+     * @param token jwt token
+     * @returns string or throw {@link UnauthorizedException} that indicated invalid or old versioned token
+     */
+    async verifyToken(token) {
+        const jwtPayload = await this.jwt.verifyAsync(token);
+        if (jwtPayload.version === this.version) {
+            return jwtPayload;
+        }
+        throw new UnauthorizedException(`Invalid jwt version`);
+    }
+}

package/dist/services/user.service.d.ts

@@ -0,0 +1,20 @@
+import { JwtService } from '@nestjs/jwt';
+import { User, UserManager } from './user-manager.js';
+export declare class UserService {
+    protected readonly jwt: JwtService;
+    protected readonly usernameMap: Map<string, User>;
+    protected readonly tokenUsernameMap: Map<string, string>;
+    protected readonly usernameOtpMap: Map<string, string>;
+    constructor(jwt: JwtService);
+    update(user: User): void;
+    deleteByUsername(username: string): void;
+    load(users: User[]): void;
+    findByUsername(username: string): UserManager;
+    findByToken(token: string): UserManager;
+    deleteToken(token: string): boolean;
+    updateToken(token: string, username: string): void;
+    createOtp(username: string): string;
+    compareOtp(username: string, otp: string): boolean;
+    deleteOtp(username: string): void;
+}
+//# sourceMappingURL=user.service.d.ts.map

package/dist/services/user.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.service.d.ts","sourceRoot":"","sources":["../../src/services/user.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEtD,qBACa,WAAW;IAKY,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE,UAAU;IAJlE,SAAS,CAAC,QAAQ,CAAC,WAAW,oBAA2B;IACzD,SAAS,CAAC,QAAQ,CAAC,gBAAgB,sBAA6B;IAChE,SAAS,CAAC,QAAQ,CAAC,cAAc,sBAA6B;gBAEX,GAAG,EAAE,UAAU;IAElE,MAAM,CAAC,IAAI,EAAE,IAAI;IAIjB,gBAAgB,CAAC,QAAQ,EAAE,MAAM;IAIjC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE;IAOlB,cAAc,CAAC,QAAQ,EAAE,MAAM;IAQ/B,WAAW,CAAC,KAAK,EAAE,MAAM;IASzB,WAAW,CAAC,KAAK,EAAE,MAAM;IAOzB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;IAI3C,SAAS,CAAC,QAAQ,EAAE,MAAM;IAM1B,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM;IAYxC,SAAS,CAAC,QAAQ,EAAE,MAAM;CAG7B"}

package/dist/services/user.service.js

@@ -0,0 +1,75 @@
+import { __decorate, __metadata, __param } from "tslib";
+import { Inject, Injectable, NotFoundException, UnauthorizedException } from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import { otp } from '@vnodes/crypto';
+import { UserManager } from './user-manager.js';
+let UserService = class UserService {
+    jwt;
+    usernameMap = new Map();
+    tokenUsernameMap = new Map();
+    usernameOtpMap = new Map();
+    constructor(jwt) {
+        this.jwt = jwt;
+    }
+    update(user) {
+        this.usernameMap.set(user.username, user);
+    }
+    deleteByUsername(username) {
+        this.usernameMap.delete(username);
+    }
+    load(users) {
+        this.usernameMap.clear();
+        for (const user of users) {
+            this.usernameMap.set(user.username, user);
+        }
+    }
+    findByUsername(username) {
+        const foundUser = this.usernameMap.get(username);
+        if (foundUser) {
+            return new UserManager(foundUser, this.jwt);
+        }
+        throw new NotFoundException(`The user ${username} not found`);
+    }
+    findByToken(token) {
+        const username = this.tokenUsernameMap.get(token);
+        if (username) {
+            return this.findByUsername(username);
+        }
+        throw new UnauthorizedException(`User not found by token`);
+    }
+    deleteToken(token) {
+        if (this.tokenUsernameMap.delete(token)) {
+            return true;
+        }
+        throw new NotFoundException('Token not found');
+    }
+    updateToken(token, username) {
+        this.tokenUsernameMap.set(token, username);
+    }
+    createOtp(username) {
+        const otpValue = otp();
+        this.usernameOtpMap.set(username, otpValue);
+        return otpValue;
+    }
+    compareOtp(username, otp) {
+        const foundOtp = this.usernameOtpMap.get(username);
+        if (foundOtp) {
+            if (foundOtp === otp) {
+                return true;
+            }
+            throw new UnauthorizedException(`Wrong otp`);
+        }
+        else {
+            throw new UnauthorizedException('Otp not found');
+        }
+    }
+    deleteOtp(username) {
+        this.usernameOtpMap.delete(username);
+    }
+};
+UserService = __decorate([
+    Injectable(),
+    __param(0, Inject(JwtService)),
+    __metadata("design:paramtypes", [JwtService])
+], UserService);
+export { UserService };

package/dist/types/auth-request.d.ts

@@ -0,0 +1,8 @@
+import { User } from '../services/user-manager.js';
+export type HeaderNames = 'authorization';
+export type AuthRequest = {
+    user: User;
+    headers: Record<HeaderNames, string>;
+    accessToken: string;
+};
+//# sourceMappingURL=auth-request.d.ts.map

package/dist/types/auth-request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-request.d.ts","sourceRoot":"","sources":["../../src/types/auth-request.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,6BAA6B,CAAC;AACnD,MAAM,MAAM,WAAW,GAAG,eAAe,CAAC;AAC1C,MAAM,MAAM,WAAW,GAAG;IACtB,IAAI,EAAE,IAAI,CAAC;IACX,OAAO,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IACrC,WAAW,EAAE,MAAM,CAAC;CACvB,CAAC"}

package/dist/types/auth-request.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -0,0 +1,68 @@
+{
+  "name": "@vnodes/auth",
+  "description": "Nestjs authentication and authorization module",
+  "homepage": "https://vnodes.github.io/vnodes/libs/auth",
+  "publishConfig": {
+    "access": "public",
+    "tag": "latest"
+  },
+  "author": {
+    "email": "robert.brightline+vnodes-auth@gmail.com",
+    "name": "Robert Brightline",
+    "url": "https://vnodes.github.io/vnodes/libs/auth"
+  },
+  "keywords": [],
+  "icon": "https://vnodes.github.io/vnodes/libs/auth/assets/favicon.png",
+  "funding": [
+    {
+      "type": "cashapp",
+      "url": "https://cash.app/$puqlib"
+    }
+  ],
+  "version": "0.0.3",
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "@vnodes/source": "./src/index.ts",
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "assets",
+    "dist",
+    "!**/*.tsbuildinfo"
+  ],
+  "nx": {
+    "sourceRoot": "libs/auth/src",
+    "targets": {
+      "build": {},
+      "lint": {},
+      "test": {},
+      "doc": {}
+    }
+  },
+  "dependencies": {
+    "@swc/helpers": "~0.5.11"
+  },
+  "devDependencies": {
+    "@nestjs/testing": "^11.1.13"
+  },
+  "peerDependencies": {
+    "@nestjs/common": "^11.1.14",
+    "@nestjs/config": "^4.0.3",
+    "@nestjs/core": "^11.1.14",
+    "@nestjs/event-emitter": "^3.0.1",
+    "@nestjs/jwt": "^11.0.2",
+    "@nestjs/swagger": "^11.2.6",
+    "@nestjs/throttler": "^6.5.0",
+    "@vnodes/crypto": "0.0.3",
+    "@vnodes/property": "0.0.3",
+    "@vnodes/metadata": "0.0.3"
+  }
+}