@vynelix/nestjs-multi-auth 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +124 -86
- package/dist/auth/entities/entities.d.ts +7 -2
- package/dist/auth/entities/entities.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1,29 +1,46 @@
|
|
|
1
1
|
# NestJS Multi-Auth
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
-
|
|
8
|
-
-
|
|
9
|
-
-
|
|
10
|
-
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
-
|
|
18
|
-
-
|
|
19
|
-
-
|
|
20
|
-
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
-
|
|
24
|
-
-
|
|
25
|
-
|
|
26
|
-
|
|
3
|
+
Build a complete authentication system in NestJS — without Firebase or Auth0.
|
|
4
|
+
|
|
5
|
+
nestjs-multi-auth is a self-hosted identity provider that handles:
|
|
6
|
+
- JWT + refresh tokens
|
|
7
|
+
- OAuth (Google, Facebook, Apple)
|
|
8
|
+
- Magic links (passwordless login)
|
|
9
|
+
- MFA / 2FA (TOTP)
|
|
10
|
+
- Account linking (multiple login methods per user)
|
|
11
|
+
|
|
12
|
+
All without coupling to your User entity or database schema.
|
|
13
|
+
|
|
14
|
+
## When should you use this?
|
|
15
|
+
|
|
16
|
+
Use this library if:
|
|
17
|
+
- You don’t want to build auth from scratch
|
|
18
|
+
- You want a Firebase/Auth0 alternative inside your NestJS backend
|
|
19
|
+
- You need multiple login methods (email, Google, phone, etc.)
|
|
20
|
+
- You want a clean separation between authentication and user profiles
|
|
21
|
+
|
|
22
|
+
Do NOT use this if:
|
|
23
|
+
- You only need simple JWT authentication
|
|
24
|
+
- You are already using an external auth provider (Firebase, Auth0)
|
|
25
|
+
|
|
26
|
+
## What you get
|
|
27
|
+
|
|
28
|
+
### Authentication
|
|
29
|
+
- JWT + refresh token rotation
|
|
30
|
+
- Cookie or Bearer transport
|
|
31
|
+
|
|
32
|
+
### Login Methods
|
|
33
|
+
- Email, Phone, Username
|
|
34
|
+
- Google, Facebook, Apple
|
|
35
|
+
|
|
36
|
+
### Advanced Features
|
|
37
|
+
- Account linking (multiple identities per user)
|
|
38
|
+
- Magic links (passwordless login)
|
|
39
|
+
- MFA / 2FA (TOTP)
|
|
40
|
+
|
|
41
|
+
### Identity System
|
|
42
|
+
- Firebase-style UID system
|
|
43
|
+
- Completely decoupled from your User model
|
|
27
44
|
|
|
28
45
|
---
|
|
29
46
|
|
|
@@ -63,81 +80,31 @@ If you want to use the local event system:
|
|
|
63
80
|
npm install @nestjs/event-emitter
|
|
64
81
|
```
|
|
65
82
|
|
|
66
|
-
---
|
|
67
|
-
|
|
68
|
-
## Quick Start
|
|
69
|
-
|
|
70
|
-
### 1. Register the `AuthModule`
|
|
71
|
-
|
|
72
|
-
#### Synchronous Registration
|
|
73
|
-
|
|
74
|
-
Import and configure the `AuthModule` in your root `AppModule`. No external service implementation is required!
|
|
75
|
-
|
|
76
83
|
```typescript
|
|
77
|
-
// src/app.module.ts
|
|
78
84
|
import { Module } from '@nestjs/common';
|
|
79
|
-
import { AuthModule,
|
|
85
|
+
import { AuthModule, AuthStrategy } from 'nestjs-multi-auth';
|
|
80
86
|
|
|
81
87
|
@Module({
|
|
82
88
|
imports: [
|
|
83
89
|
AuthModule.register({
|
|
84
90
|
jwtSecret: process.env.JWT_SECRET,
|
|
85
91
|
jwtRefreshSecret: process.env.JWT_REFRESH_SECRET,
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
AuthStrategy.EMAIL,
|
|
93
|
-
AuthStrategy.GOOGLE,
|
|
94
|
-
AuthStrategy.PHONE
|
|
95
|
-
],
|
|
96
|
-
|
|
97
|
-
// Required for Google strategy
|
|
98
|
-
googleClientId: process.env.GOOGLE_CLIENT_ID,
|
|
99
|
-
|
|
100
|
-
// Required for Facebook strategy
|
|
101
|
-
facebookAppId: process.env.FACEBOOK_APP_ID,
|
|
102
|
-
facebookAppSecret: process.env.FACEBOOK_APP_SECRET,
|
|
103
|
-
|
|
104
|
-
// Required for Apple strategy
|
|
105
|
-
appleClientId: process.env.APPLE_CLIENT_ID,
|
|
106
|
-
appleTeamId: process.env.APPLE_TEAM_ID,
|
|
107
|
-
|
|
108
|
-
// Optional: If strategy PHONE is enabled, defaults to false
|
|
109
|
-
phoneRequiresPassword: true,
|
|
110
|
-
|
|
111
|
-
// Optional: List of allowed phone number prefixes (e.g. ['+234', '+44']).
|
|
112
|
-
allowedPhonePrefixes: ['+234', '+44'],
|
|
113
|
-
|
|
114
|
-
// Optional: App name shown in TOTP authenticator apps
|
|
115
|
-
appName: 'MyApp',
|
|
92
|
+
}),
|
|
93
|
+
],
|
|
94
|
+
})
|
|
95
|
+
export class AppModule {}
|
|
96
|
+
```
|
|
97
|
+
---
|
|
116
98
|
|
|
117
|
-
|
|
118
|
-
throttlerLimit: 10,
|
|
119
|
-
throttlerTtl: 60,
|
|
99
|
+
## Quick Start
|
|
120
100
|
|
|
121
|
-
|
|
122
|
-
// disableController: true,
|
|
123
|
-
// disableGlobalGuard: true,
|
|
124
|
-
// disableThrottler: true,
|
|
101
|
+
### 1. Register the `AuthModule`
|
|
125
102
|
|
|
126
|
-
|
|
127
|
-
otpExpiresIn: 15, // 15 minutes
|
|
128
|
-
otpResendInterval: 60, // 60 seconds
|
|
129
|
-
accessTokenExpiresIn: '15m', // Access token
|
|
130
|
-
refreshTokenExpiresIn: '7d', // Refresh token & Session
|
|
103
|
+
#### Synchronous Registration
|
|
131
104
|
|
|
132
|
-
|
|
133
|
-
frontendUrl: 'https://myapp.com',
|
|
105
|
+
Import and configure the `AuthModule` in your root `AppModule`. No external service implementation is required!
|
|
134
106
|
|
|
135
|
-
|
|
136
|
-
autoMigrate: true,
|
|
137
|
-
}),
|
|
138
|
-
],
|
|
139
|
-
})
|
|
140
|
-
export class AppModule {}
|
|
107
|
+
```
|
|
141
108
|
```
|
|
142
109
|
|
|
143
110
|
#### Asynchronous Registration (`forRootAsync`)
|
|
@@ -805,6 +772,77 @@ All options for `AuthModule.register()` / `AuthModule.forRootAsync()`:
|
|
|
805
772
|
| `disableThrottler` | `boolean` | `false` | Disable the built-in rate limiting entirely. |
|
|
806
773
|
| `autoMigrate` | `boolean` | `false` | Automatically run database schema migrations on startup. |
|
|
807
774
|
|
|
775
|
+
---
|
|
776
|
+
## Advanced Config
|
|
777
|
+
|
|
778
|
+
```typescript
|
|
779
|
+
// src/app.module.ts
|
|
780
|
+
import { Module } from '@nestjs/common';
|
|
781
|
+
import { AuthModule, AuthTransport, AuthStrategy } from 'nestjs-multi-auth';
|
|
782
|
+
|
|
783
|
+
@Module({
|
|
784
|
+
imports: [
|
|
785
|
+
AuthModule.register({
|
|
786
|
+
jwtSecret: process.env.JWT_SECRET,
|
|
787
|
+
jwtRefreshSecret: process.env.JWT_REFRESH_SECRET,
|
|
788
|
+
|
|
789
|
+
// Optional: defaults to [AuthTransport.BEARER]
|
|
790
|
+
transport: [AuthTransport.COOKIE, AuthTransport.BEARER],
|
|
791
|
+
|
|
792
|
+
// Optional: Enable individual strategies
|
|
793
|
+
enabledStrategies: [
|
|
794
|
+
AuthStrategy.EMAIL,
|
|
795
|
+
AuthStrategy.GOOGLE,
|
|
796
|
+
AuthStrategy.PHONE
|
|
797
|
+
],
|
|
798
|
+
|
|
799
|
+
// Required for Google strategy
|
|
800
|
+
googleClientId: process.env.GOOGLE_CLIENT_ID,
|
|
801
|
+
|
|
802
|
+
// Required for Facebook strategy
|
|
803
|
+
facebookAppId: process.env.FACEBOOK_APP_ID,
|
|
804
|
+
facebookAppSecret: process.env.FACEBOOK_APP_SECRET,
|
|
805
|
+
|
|
806
|
+
// Required for Apple strategy
|
|
807
|
+
appleClientId: process.env.APPLE_CLIENT_ID,
|
|
808
|
+
appleTeamId: process.env.APPLE_TEAM_ID,
|
|
809
|
+
|
|
810
|
+
// Optional: If strategy PHONE is enabled, defaults to false
|
|
811
|
+
phoneRequiresPassword: true,
|
|
812
|
+
|
|
813
|
+
// Optional: List of allowed phone number prefixes (e.g. ['+234', '+44']).
|
|
814
|
+
allowedPhonePrefixes: ['+234', '+44'],
|
|
815
|
+
|
|
816
|
+
// Optional: App name shown in TOTP authenticator apps
|
|
817
|
+
appName: 'MyApp',
|
|
818
|
+
|
|
819
|
+
// Optional: Rate limiting (defaults: limit=10, ttl=60s)
|
|
820
|
+
throttlerLimit: 10,
|
|
821
|
+
throttlerTtl: 60,
|
|
822
|
+
|
|
823
|
+
// Optional: defaults to false.
|
|
824
|
+
// disableController: true,
|
|
825
|
+
// disableGlobalGuard: true,
|
|
826
|
+
// disableThrottler: true,
|
|
827
|
+
|
|
828
|
+
// Optional: Durations and Intervals
|
|
829
|
+
otpExpiresIn: 15, // 15 minutes
|
|
830
|
+
otpResendInterval: 60, // 60 seconds
|
|
831
|
+
accessTokenExpiresIn: '15m', // Access token
|
|
832
|
+
refreshTokenExpiresIn: '7d', // Refresh token & Session
|
|
833
|
+
|
|
834
|
+
// Required for Magic Links and Security Alert emails
|
|
835
|
+
frontendUrl: 'https://myapp.com',
|
|
836
|
+
|
|
837
|
+
// Optional: Run DB migrations automatically on startup
|
|
838
|
+
autoMigrate: true,
|
|
839
|
+
}),
|
|
840
|
+
],
|
|
841
|
+
})
|
|
842
|
+
export class AppModule {}
|
|
843
|
+
```
|
|
844
|
+
|
|
845
|
+
|
|
808
846
|
---
|
|
809
847
|
|
|
810
848
|
## Common Issues & Troubleshooting
|
|
@@ -1,2 +1,7 @@
|
|
|
1
|
-
import {
|
|
2
|
-
|
|
1
|
+
import { Auth } from "./auth.entity";
|
|
2
|
+
import { AuthIdentifier } from "./auth-identify.entity";
|
|
3
|
+
import { OAuthProvider } from "./oauth-provider.entity";
|
|
4
|
+
import { OtpToken } from "./otp-token.entity";
|
|
5
|
+
import { MfaMethod } from "./mfa-method.entity";
|
|
6
|
+
import { Session } from "./session.entity";
|
|
7
|
+
export declare const AuthEntities: (typeof Auth | typeof AuthIdentifier | typeof OAuthProvider | typeof OtpToken | typeof Session | typeof MfaMethod)[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entities.js","sourceRoot":"","sources":["../../../src/auth/entities/entities.ts"],"names":[],"mappings":";;;AAAA,+CAAqC;AACrC,iEAAwD;AACxD,mEAAwD;AACxD,yDAA8C;AAE9C,2DAAgD;AAChD,qDAA2C;AAE9B,QAAA,YAAY,
|
|
1
|
+
{"version":3,"file":"entities.js","sourceRoot":"","sources":["../../../src/auth/entities/entities.ts"],"names":[],"mappings":";;;AAAA,+CAAqC;AACrC,iEAAwD;AACxD,mEAAwD;AACxD,yDAA8C;AAE9C,2DAAgD;AAChD,qDAA2C;AAE9B,QAAA,YAAY,GAAG;IACxB,kBAAI;IACJ,qCAAc;IACd,qCAAa;IACb,2BAAQ;IACR,wBAAO;IACP,6BAAS;CACZ,CAAC"}
|
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
|
@@ -38,4 +38,5 @@ __exportStar(require("./migrations/auth-schema.initializer"), exports);
|
|
|
38
38
|
__exportStar(require("./migrations/migration.service"), exports);
|
|
39
39
|
__exportStar(require("./auth/enums/auth.events"), exports);
|
|
40
40
|
__exportStar(require("./auth/entities/entities"), exports);
|
|
41
|
+
__exportStar(require("./auth/interfaces/auth-notification-provider.interface"), exports);
|
|
41
42
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,qDAAmC;AACnC,sDAAoC;AACpC,iGAAyG;AAAhG,oIAAA,mBAAmB,OAAA;AAC5B,0EAAwD;AAExD,oEAAkD;AAClD,sEAAoD;AACpD,8DAA4C;AAC5C,8DAA4C;AAC5C,iEAA+C;AAC/C,oEAAkD;AAClD,wEAAsD;AACtD,mEAAiD;AACjD,8DAA4C;AAC5C,gEAA8C;AAC9C,iEAA+C;AAC/C,wEAAsD;AACtD,+DAA6C;AAC7C,oEAAkD;AAClD,uEAAqD;AACrD,iEAA+C;AAC/C,2DAAyC;AACzC,2DAAyC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,qDAAmC;AACnC,sDAAoC;AACpC,iGAAyG;AAAhG,oIAAA,mBAAmB,OAAA;AAC5B,0EAAwD;AAExD,oEAAkD;AAClD,sEAAoD;AACpD,8DAA4C;AAC5C,8DAA4C;AAC5C,iEAA+C;AAC/C,oEAAkD;AAClD,wEAAsD;AACtD,mEAAiD;AACjD,8DAA4C;AAC5C,gEAA8C;AAC9C,iEAA+C;AAC/C,wEAAsD;AACtD,+DAA6C;AAC7C,oEAAkD;AAClD,uEAAqD;AACrD,iEAA+C;AAC/C,2DAAyC;AACzC,2DAAyC;AACzC,yFAAuE"}
|