@vynelix/nestjs-multi-auth 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,29 +1,46 @@
1
1
  # NestJS Multi-Auth
2
2
 
3
- A flexible, decoupled, and production-ready authentication library for NestJS applications. `nestjs-multi-auth` supports JWT/Refresh token rotation, dynamic configuration, and multiple authentication transports (Cookies and Bearer tokens), while remaining completely agnostic of your application's specific `User` entity or ORM structure.
4
-
5
- ## Features
6
-
7
- - **Identity-Only (Firebase Style)**: Pure authentication and session management. Agnostic of your application's user profiles and database structure.
8
- - **Grouped Identities**: Multiple login methods (Google, Password, etc.) are consolidated under a single, opaque `uid`.
9
- - **Account Linking**: Link additional auth methods (e.g., Google, Email, Phone) to an existing account under the same `uid`.
10
- - **Multiple OAuth Providers**: Link multiple social accounts (e.g., Google AND Facebook) to a single identity simultaneously.
11
- - **MFA/2FA Ready**: Built-in support for TOTP-based Multi-Factor Authentication (e.g., Google Authenticator).
12
- - **Magic Links**: Passwordless email login via a signed, time-limited magic link — no passwords required.
13
- - **Password Management**: Built-in flows for forgot password (email/phone/username), reset via OTP, in-session password update, and a security lock endpoint.
14
- - **Security Alerts**: Sends a "Secure My Account" link via email when a password change is detected from an unfamiliar device.
15
- - **Secure by Default**: Automatically registers a global authentication guard.
16
- - **Dynamic Configuration**: Configure JWT secrets, expiration times, and transport preferences both synchronously and asynchronously.
17
- - **Granular Strategy Selection**: Enable individual authentication methods (Email, Phone, Username, Google, Facebook, Apple).
18
- - **Flexible Phone Auth**: Choose whether phone-based authentication requires a password or is password-less by default.
19
- - **Phone Number Prefix Validation**: Restrict authentication to specific country codes or phone formats (e.g., `['+234', '+44']`).
20
- - **Multiple Auth Transports**: Supports HTTP-only Cookies, JSON body (Bearer token), or both.
21
- - **Token Rotation**: Built-in `/refresh` and `/logout` endpoints with automatic token rotation.
22
- - **Session Tracking**: Tracks IP and User Agent for basic session security.
23
- - **Built-in Rate Limiting**: Configurable throttling on all auth endpoints via `@nestjs/throttler`.
24
- - **Event-Driven Hooks**: Decoupled, reactive workflows using `@nestjs/event-emitter` (Optional).
25
- - **Account Management**: Built-in endpoints for viewing and deleting auth methods or entire accounts.
26
- - **Production Ready**: 10/10 code quality rating with standardized security patterns (e.g., Node.js built-in `crypto` for secure UUID generation).
3
+ Build a complete authentication system in NestJS without Firebase or Auth0.
4
+
5
+ nestjs-multi-auth is a self-hosted identity provider that handles:
6
+ - JWT + refresh tokens
7
+ - OAuth (Google, Facebook, Apple)
8
+ - Magic links (passwordless login)
9
+ - MFA / 2FA (TOTP)
10
+ - Account linking (multiple login methods per user)
11
+
12
+ All without coupling to your User entity or database schema.
13
+
14
+ ## When should you use this?
15
+
16
+ Use this library if:
17
+ - You don’t want to build auth from scratch
18
+ - You want a Firebase/Auth0 alternative inside your NestJS backend
19
+ - You need multiple login methods (email, Google, phone, etc.)
20
+ - You want a clean separation between authentication and user profiles
21
+
22
+ Do NOT use this if:
23
+ - You only need simple JWT authentication
24
+ - You are already using an external auth provider (Firebase, Auth0)
25
+
26
+ ## What you get
27
+
28
+ ### Authentication
29
+ - JWT + refresh token rotation
30
+ - Cookie or Bearer transport
31
+
32
+ ### Login Methods
33
+ - Email, Phone, Username
34
+ - Google, Facebook, Apple
35
+
36
+ ### Advanced Features
37
+ - Account linking (multiple identities per user)
38
+ - Magic links (passwordless login)
39
+ - MFA / 2FA (TOTP)
40
+
41
+ ### Identity System
42
+ - Firebase-style UID system
43
+ - Completely decoupled from your User model
27
44
 
28
45
  ---
29
46
 
@@ -63,81 +80,31 @@ If you want to use the local event system:
63
80
  npm install @nestjs/event-emitter
64
81
  ```
65
82
 
66
- ---
67
-
68
- ## Quick Start
69
-
70
- ### 1. Register the `AuthModule`
71
-
72
- #### Synchronous Registration
73
-
74
- Import and configure the `AuthModule` in your root `AppModule`. No external service implementation is required!
75
-
76
83
  ```typescript
77
- // src/app.module.ts
78
84
  import { Module } from '@nestjs/common';
79
- import { AuthModule, AuthTransport, AuthStrategy } from 'nestjs-multi-auth';
85
+ import { AuthModule, AuthStrategy } from 'nestjs-multi-auth';
80
86
 
81
87
  @Module({
82
88
  imports: [
83
89
  AuthModule.register({
84
90
  jwtSecret: process.env.JWT_SECRET,
85
91
  jwtRefreshSecret: process.env.JWT_REFRESH_SECRET,
86
-
87
- // Optional: defaults to [AuthTransport.BEARER]
88
- transport: [AuthTransport.COOKIE, AuthTransport.BEARER],
89
-
90
- // Optional: Enable individual strategies
91
- enabledStrategies: [
92
- AuthStrategy.EMAIL,
93
- AuthStrategy.GOOGLE,
94
- AuthStrategy.PHONE
95
- ],
96
-
97
- // Required for Google strategy
98
- googleClientId: process.env.GOOGLE_CLIENT_ID,
99
-
100
- // Required for Facebook strategy
101
- facebookAppId: process.env.FACEBOOK_APP_ID,
102
- facebookAppSecret: process.env.FACEBOOK_APP_SECRET,
103
-
104
- // Required for Apple strategy
105
- appleClientId: process.env.APPLE_CLIENT_ID,
106
- appleTeamId: process.env.APPLE_TEAM_ID,
107
-
108
- // Optional: If strategy PHONE is enabled, defaults to false
109
- phoneRequiresPassword: true,
110
-
111
- // Optional: List of allowed phone number prefixes (e.g. ['+234', '+44']).
112
- allowedPhonePrefixes: ['+234', '+44'],
113
-
114
- // Optional: App name shown in TOTP authenticator apps
115
- appName: 'MyApp',
92
+ }),
93
+ ],
94
+ })
95
+ export class AppModule {}
96
+ ```
97
+ ---
116
98
 
117
- // Optional: Rate limiting (defaults: limit=10, ttl=60s)
118
- throttlerLimit: 10,
119
- throttlerTtl: 60,
99
+ ## Quick Start
120
100
 
121
- // Optional: defaults to false.
122
- // disableController: true,
123
- // disableGlobalGuard: true,
124
- // disableThrottler: true,
101
+ ### 1. Register the `AuthModule`
125
102
 
126
- // Optional: Durations and Intervals
127
- otpExpiresIn: 15, // 15 minutes
128
- otpResendInterval: 60, // 60 seconds
129
- accessTokenExpiresIn: '15m', // Access token
130
- refreshTokenExpiresIn: '7d', // Refresh token & Session
103
+ #### Synchronous Registration
131
104
 
132
- // Required for Magic Links and Security Alert emails
133
- frontendUrl: 'https://myapp.com',
105
+ Import and configure the `AuthModule` in your root `AppModule`. No external service implementation is required!
134
106
 
135
- // Optional: Run DB migrations automatically on startup
136
- autoMigrate: true,
137
- }),
138
- ],
139
- })
140
- export class AppModule {}
107
+ ```
141
108
  ```
142
109
 
143
110
  #### Asynchronous Registration (`forRootAsync`)
@@ -805,6 +772,77 @@ All options for `AuthModule.register()` / `AuthModule.forRootAsync()`:
805
772
  | `disableThrottler` | `boolean` | `false` | Disable the built-in rate limiting entirely. |
806
773
  | `autoMigrate` | `boolean` | `false` | Automatically run database schema migrations on startup. |
807
774
 
775
+ ---
776
+ ## Advanced Config
777
+
778
+ ```typescript
779
+ // src/app.module.ts
780
+ import { Module } from '@nestjs/common';
781
+ import { AuthModule, AuthTransport, AuthStrategy } from 'nestjs-multi-auth';
782
+
783
+ @Module({
784
+ imports: [
785
+ AuthModule.register({
786
+ jwtSecret: process.env.JWT_SECRET,
787
+ jwtRefreshSecret: process.env.JWT_REFRESH_SECRET,
788
+
789
+ // Optional: defaults to [AuthTransport.BEARER]
790
+ transport: [AuthTransport.COOKIE, AuthTransport.BEARER],
791
+
792
+ // Optional: Enable individual strategies
793
+ enabledStrategies: [
794
+ AuthStrategy.EMAIL,
795
+ AuthStrategy.GOOGLE,
796
+ AuthStrategy.PHONE
797
+ ],
798
+
799
+ // Required for Google strategy
800
+ googleClientId: process.env.GOOGLE_CLIENT_ID,
801
+
802
+ // Required for Facebook strategy
803
+ facebookAppId: process.env.FACEBOOK_APP_ID,
804
+ facebookAppSecret: process.env.FACEBOOK_APP_SECRET,
805
+
806
+ // Required for Apple strategy
807
+ appleClientId: process.env.APPLE_CLIENT_ID,
808
+ appleTeamId: process.env.APPLE_TEAM_ID,
809
+
810
+ // Optional: If strategy PHONE is enabled, defaults to false
811
+ phoneRequiresPassword: true,
812
+
813
+ // Optional: List of allowed phone number prefixes (e.g. ['+234', '+44']).
814
+ allowedPhonePrefixes: ['+234', '+44'],
815
+
816
+ // Optional: App name shown in TOTP authenticator apps
817
+ appName: 'MyApp',
818
+
819
+ // Optional: Rate limiting (defaults: limit=10, ttl=60s)
820
+ throttlerLimit: 10,
821
+ throttlerTtl: 60,
822
+
823
+ // Optional: defaults to false.
824
+ // disableController: true,
825
+ // disableGlobalGuard: true,
826
+ // disableThrottler: true,
827
+
828
+ // Optional: Durations and Intervals
829
+ otpExpiresIn: 15, // 15 minutes
830
+ otpResendInterval: 60, // 60 seconds
831
+ accessTokenExpiresIn: '15m', // Access token
832
+ refreshTokenExpiresIn: '7d', // Refresh token & Session
833
+
834
+ // Required for Magic Links and Security Alert emails
835
+ frontendUrl: 'https://myapp.com',
836
+
837
+ // Optional: Run DB migrations automatically on startup
838
+ autoMigrate: true,
839
+ }),
840
+ ],
841
+ })
842
+ export class AppModule {}
843
+ ```
844
+
845
+
808
846
  ---
809
847
 
810
848
  ## Common Issues & Troubleshooting
@@ -0,0 +1,7 @@
1
+ import { Auth } from "./auth.entity";
2
+ import { AuthIdentifier } from "./auth-identify.entity";
3
+ import { OAuthProvider } from "./oauth-provider.entity";
4
+ import { OtpToken } from "./otp-token.entity";
5
+ import { MfaMethod } from "./mfa-method.entity";
6
+ import { Session } from "./session.entity";
7
+ export declare const AuthEntities: (typeof Auth | typeof AuthIdentifier | typeof OAuthProvider | typeof OtpToken | typeof Session | typeof MfaMethod)[];
@@ -0,0 +1,18 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.AuthEntities = void 0;
4
+ const auth_entity_1 = require("./auth.entity");
5
+ const auth_identify_entity_1 = require("./auth-identify.entity");
6
+ const oauth_provider_entity_1 = require("./oauth-provider.entity");
7
+ const otp_token_entity_1 = require("./otp-token.entity");
8
+ const mfa_method_entity_1 = require("./mfa-method.entity");
9
+ const session_entity_1 = require("./session.entity");
10
+ exports.AuthEntities = [
11
+ auth_entity_1.Auth,
12
+ auth_identify_entity_1.AuthIdentifier,
13
+ oauth_provider_entity_1.OAuthProvider,
14
+ otp_token_entity_1.OtpToken,
15
+ session_entity_1.Session,
16
+ mfa_method_entity_1.MfaMethod
17
+ ];
18
+ //# sourceMappingURL=entities.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"entities.js","sourceRoot":"","sources":["../../../src/auth/entities/entities.ts"],"names":[],"mappings":";;;AAAA,+CAAqC;AACrC,iEAAwD;AACxD,mEAAwD;AACxD,yDAA8C;AAE9C,2DAAgD;AAChD,qDAA2C;AAE9B,QAAA,YAAY,GAAG;IACxB,kBAAI;IACJ,qCAAc;IACd,qCAAa;IACb,2BAAQ;IACR,wBAAO;IACP,6BAAS;CACZ,CAAC"}
package/dist/index.d.ts CHANGED
@@ -20,3 +20,5 @@ export * from './auth/guards/optional-auth.guard';
20
20
  export * from './migrations/auth-schema.initializer';
21
21
  export * from './migrations/migration.service';
22
22
  export * from './auth/enums/auth.events';
23
+ export * from './auth/entities/entities';
24
+ export * from './auth/interfaces/auth-notification-provider.interface';
package/dist/index.js CHANGED
@@ -37,4 +37,6 @@ __exportStar(require("./auth/guards/optional-auth.guard"), exports);
37
37
  __exportStar(require("./migrations/auth-schema.initializer"), exports);
38
38
  __exportStar(require("./migrations/migration.service"), exports);
39
39
  __exportStar(require("./auth/enums/auth.events"), exports);
40
+ __exportStar(require("./auth/entities/entities"), exports);
41
+ __exportStar(require("./auth/interfaces/auth-notification-provider.interface"), exports);
40
42
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,qDAAmC;AACnC,sDAAoC;AACpC,iGAAyG;AAAhG,oIAAA,mBAAmB,OAAA;AAC5B,0EAAwD;AAExD,oEAAkD;AAClD,sEAAoD;AACpD,8DAA4C;AAC5C,8DAA4C;AAC5C,iEAA+C;AAC/C,oEAAkD;AAClD,wEAAsD;AACtD,mEAAiD;AACjD,8DAA4C;AAC5C,gEAA8C;AAC9C,iEAA+C;AAC/C,wEAAsD;AACtD,+DAA6C;AAC7C,oEAAkD;AAClD,uEAAqD;AACrD,iEAA+C;AAC/C,2DAAyC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,qDAAmC;AACnC,sDAAoC;AACpC,iGAAyG;AAAhG,oIAAA,mBAAmB,OAAA;AAC5B,0EAAwD;AAExD,oEAAkD;AAClD,sEAAoD;AACpD,8DAA4C;AAC5C,8DAA4C;AAC5C,iEAA+C;AAC/C,oEAAkD;AAClD,wEAAsD;AACtD,mEAAiD;AACjD,8DAA4C;AAC5C,gEAA8C;AAC9C,iEAA+C;AAC/C,wEAAsD;AACtD,+DAA6C;AAC7C,oEAAkD;AAClD,uEAAqD;AACrD,iEAA+C;AAC/C,2DAAyC;AACzC,2DAAyC;AACzC,yFAAuE"}