@vynelix/nestjs-multi-auth 0.3.1 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/README.md +309 -18
- package/dist/auth/auth.controller.d.ts +3 -2
- package/dist/auth/auth.controller.js +32 -5
- package/dist/auth/auth.controller.js.map +1 -1
- package/dist/auth/auth.module.js +116 -68
- package/dist/auth/auth.module.js.map +1 -1
- package/dist/auth/auth.service.d.ts +53 -26
- package/dist/auth/auth.service.js +239 -328
- package/dist/auth/auth.service.js.map +1 -1
- package/dist/auth/core/auth-mapper.d.ts +1 -1
- package/dist/auth/core/database-otp.provider.d.ts +12 -0
- package/dist/auth/core/database-otp.provider.js +122 -0
- package/dist/auth/core/database-otp.provider.js.map +1 -0
- package/dist/auth/dto/requests/magic-link.dto.d.ts +1 -0
- package/dist/auth/dto/requests/magic-link.dto.js +6 -0
- package/dist/auth/dto/requests/magic-link.dto.js.map +1 -1
- package/dist/auth/dto/requests/mfa.dto.d.ts +5 -1
- package/dist/auth/dto/requests/mfa.dto.js +29 -8
- package/dist/auth/dto/requests/mfa.dto.js.map +1 -1
- package/dist/auth/enums/identifier-type.enum.d.ts +11 -0
- package/dist/auth/enums/identifier-type.enum.js +17 -0
- package/dist/auth/enums/identifier-type.enum.js.map +1 -0
- package/dist/auth/enums/mfa-type.enum.d.ts +5 -0
- package/dist/auth/enums/mfa-type.enum.js +10 -0
- package/dist/auth/enums/mfa-type.enum.js.map +1 -0
- package/dist/auth/enums/otp-purpose.enum.d.ts +8 -0
- package/dist/auth/enums/otp-purpose.enum.js +13 -0
- package/dist/auth/enums/otp-purpose.enum.js.map +1 -0
- package/dist/auth/enums/session-event.enum.d.ts +7 -0
- package/dist/auth/enums/session-event.enum.js +12 -0
- package/dist/auth/enums/session-event.enum.js.map +1 -0
- package/dist/auth/interfaces/auth-module-options.interface.d.ts +36 -1
- package/dist/auth/interfaces/auth-notification-provider.interface.d.ts +7 -1
- package/dist/auth/interfaces/auth-otp-provider.interface.d.ts +60 -0
- package/dist/auth/interfaces/auth-otp-provider.interface.js +7 -0
- package/dist/auth/interfaces/auth-otp-provider.interface.js.map +1 -0
- package/dist/auth/interfaces/models.interface.d.ts +91 -0
- package/dist/auth/interfaces/models.interface.js +3 -0
- package/dist/auth/interfaces/models.interface.js.map +1 -0
- package/dist/auth/interfaces/oauth-strategy.interface.d.ts +2 -2
- package/dist/auth/interfaces/repositories.interface.d.ts +70 -0
- package/dist/auth/interfaces/repositories.interface.js +3 -0
- package/dist/auth/interfaces/repositories.interface.js.map +1 -0
- package/dist/auth/interfaces/repository-tokens.d.ts +7 -0
- package/dist/auth/interfaces/repository-tokens.js +11 -0
- package/dist/auth/interfaces/repository-tokens.js.map +1 -0
- package/dist/auth/interfaces/signup-event-body.interface.d.ts +1 -1
- package/dist/auth/strategies/local-auth.strategy.d.ts +3 -5
- package/dist/auth/strategies/local-auth.strategy.js +64 -99
- package/dist/auth/strategies/local-auth.strategy.js.map +1 -1
- package/dist/auth/strategies/oauth/apple.strategy.d.ts +4 -6
- package/dist/auth/strategies/oauth/apple.strategy.js +57 -70
- package/dist/auth/strategies/oauth/apple.strategy.js.map +1 -1
- package/dist/auth/strategies/oauth/facebook.strategy.d.ts +4 -6
- package/dist/auth/strategies/oauth/facebook.strategy.js +58 -71
- package/dist/auth/strategies/oauth/facebook.strategy.js.map +1 -1
- package/dist/auth/strategies/oauth/google.strategy.d.ts +4 -6
- package/dist/auth/strategies/oauth/google.strategy.js +84 -155
- package/dist/auth/strategies/oauth/google.strategy.js.map +1 -1
- package/dist/auth/strategies/oauth/oauth.strategy.d.ts +2 -2
- package/dist/database/prisma/prisma-auth.adapter.d.ts +11 -0
- package/dist/database/prisma/prisma-auth.adapter.js +64 -0
- package/dist/database/prisma/prisma-auth.adapter.js.map +1 -0
- package/dist/database/prisma/repositories/auth-identifier.repository.d.ts +16 -0
- package/dist/database/prisma/repositories/auth-identifier.repository.js +41 -0
- package/dist/database/prisma/repositories/auth-identifier.repository.js.map +1 -0
- package/dist/database/prisma/repositories/auth.repository.d.ts +19 -0
- package/dist/database/prisma/repositories/auth.repository.js +49 -0
- package/dist/database/prisma/repositories/auth.repository.js.map +1 -0
- package/dist/database/prisma/repositories/index.d.ts +7 -0
- package/dist/database/prisma/repositories/index.js +24 -0
- package/dist/database/prisma/repositories/index.js.map +1 -0
- package/dist/database/prisma/repositories/mfa-method.repository.d.ts +11 -0
- package/dist/database/prisma/repositories/mfa-method.repository.js +33 -0
- package/dist/database/prisma/repositories/mfa-method.repository.js.map +1 -0
- package/dist/database/prisma/repositories/oauth-provider.repository.d.ts +14 -0
- package/dist/database/prisma/repositories/oauth-provider.repository.js +39 -0
- package/dist/database/prisma/repositories/oauth-provider.repository.js.map +1 -0
- package/dist/database/prisma/repositories/otp-token.repository.d.ts +13 -0
- package/dist/database/prisma/repositories/otp-token.repository.js +52 -0
- package/dist/database/prisma/repositories/otp-token.repository.js.map +1 -0
- package/dist/database/prisma/repositories/session-log.repository.d.ts +12 -0
- package/dist/database/prisma/repositories/session-log.repository.js +42 -0
- package/dist/database/prisma/repositories/session-log.repository.js.map +1 -0
- package/dist/database/prisma/repositories/session.repository.d.ts +16 -0
- package/dist/database/prisma/repositories/session.repository.js +41 -0
- package/dist/database/prisma/repositories/session.repository.js.map +1 -0
- package/dist/database/typeorm/entities/auth-identify.entity.d.ts +23 -0
- package/dist/database/typeorm/entities/auth-identify.entity.js +61 -0
- package/dist/database/typeorm/entities/auth-identify.entity.js.map +1 -0
- package/dist/database/typeorm/entities/auth.entity.d.ts +45 -0
- package/dist/database/typeorm/entities/auth.entity.js +129 -0
- package/dist/database/typeorm/entities/auth.entity.js.map +1 -0
- package/dist/database/typeorm/entities/base.entity.d.ts +7 -0
- package/dist/database/typeorm/entities/base.entity.js +44 -0
- package/dist/database/typeorm/entities/base.entity.js.map +1 -0
- package/dist/database/typeorm/entities/entities.d.ts +7 -0
- package/dist/database/typeorm/entities/entities.js +18 -0
- package/dist/database/typeorm/entities/entities.js.map +1 -0
- package/dist/database/typeorm/entities/mfa-method.entity.d.ts +10 -0
- package/dist/database/typeorm/entities/mfa-method.entity.js +47 -0
- package/dist/database/typeorm/entities/mfa-method.entity.js.map +1 -0
- package/dist/database/typeorm/entities/oauth-provider.entity.d.ts +38 -0
- package/dist/database/typeorm/entities/oauth-provider.entity.js +88 -0
- package/dist/database/typeorm/entities/oauth-provider.entity.js.map +1 -0
- package/dist/database/typeorm/entities/otp-token.entity.d.ts +15 -0
- package/dist/database/typeorm/entities/otp-token.entity.js +53 -0
- package/dist/database/typeorm/entities/otp-token.entity.js.map +1 -0
- package/dist/database/typeorm/entities/session.entity.d.ts +21 -0
- package/dist/database/typeorm/entities/session.entity.js +71 -0
- package/dist/database/typeorm/entities/session.entity.js.map +1 -0
- package/dist/database/typeorm/entities/session_log.entity.d.ts +25 -0
- package/dist/database/typeorm/entities/session_log.entity.js +78 -0
- package/dist/database/typeorm/entities/session_log.entity.js.map +1 -0
- package/dist/database/typeorm/migrations/auth-entities.d.ts +7 -0
- package/dist/database/typeorm/migrations/auth-entities.js +18 -0
- package/dist/database/typeorm/migrations/auth-entities.js.map +1 -0
- package/dist/database/typeorm/migrations/auth-schema.initializer.d.ts +9 -0
- package/dist/database/typeorm/migrations/auth-schema.initializer.js +36 -0
- package/dist/database/typeorm/migrations/auth-schema.initializer.js.map +1 -0
- package/dist/database/typeorm/migrations/auth.migration.v1.d.ts +12 -0
- package/dist/database/typeorm/migrations/auth.migration.v1.js +157 -0
- package/dist/database/typeorm/migrations/auth.migration.v1.js.map +1 -0
- package/dist/database/typeorm/migrations/auth.migration.v2.d.ts +8 -0
- package/dist/database/typeorm/migrations/auth.migration.v2.js +23 -0
- package/dist/database/typeorm/migrations/auth.migration.v2.js.map +1 -0
- package/dist/database/typeorm/migrations/auth.migrations.d.ts +2 -0
- package/dist/database/typeorm/migrations/auth.migrations.js +10 -0
- package/dist/database/typeorm/migrations/auth.migrations.js.map +1 -0
- package/dist/database/typeorm/migrations/migration.service.d.ts +9 -0
- package/dist/database/typeorm/migrations/migration.service.js +75 -0
- package/dist/database/typeorm/migrations/migration.service.js.map +1 -0
- package/dist/database/typeorm/repositories/auth-identifier.repository.d.ts +18 -0
- package/dist/database/typeorm/repositories/auth-identifier.repository.js +64 -0
- package/dist/database/typeorm/repositories/auth-identifier.repository.js.map +1 -0
- package/dist/database/typeorm/repositories/auth.repository.d.ts +21 -0
- package/dist/database/typeorm/repositories/auth.repository.js +71 -0
- package/dist/database/typeorm/repositories/auth.repository.js.map +1 -0
- package/dist/database/typeorm/repositories/index.d.ts +7 -0
- package/dist/database/typeorm/repositories/index.js +24 -0
- package/dist/database/typeorm/repositories/index.js.map +1 -0
- package/dist/database/typeorm/repositories/mfa-method.repository.d.ts +13 -0
- package/dist/database/typeorm/repositories/mfa-method.repository.js +46 -0
- package/dist/database/typeorm/repositories/mfa-method.repository.js.map +1 -0
- package/dist/database/typeorm/repositories/oauth-provider.repository.d.ts +16 -0
- package/dist/database/typeorm/repositories/oauth-provider.repository.js +52 -0
- package/dist/database/typeorm/repositories/oauth-provider.repository.js.map +1 -0
- package/dist/database/typeorm/repositories/otp-token.repository.d.ts +13 -0
- package/dist/database/typeorm/repositories/otp-token.repository.js +52 -0
- package/dist/database/typeorm/repositories/otp-token.repository.js.map +1 -0
- package/dist/database/typeorm/repositories/session-log.repository.d.ts +12 -0
- package/dist/database/typeorm/repositories/session-log.repository.js +47 -0
- package/dist/database/typeorm/repositories/session-log.repository.js.map +1 -0
- package/dist/database/typeorm/repositories/session.repository.d.ts +18 -0
- package/dist/database/typeorm/repositories/session.repository.js +84 -0
- package/dist/database/typeorm/repositories/session.repository.js.map +1 -0
- package/dist/database/typeorm/typeorm-auth.adapter.d.ts +2 -0
- package/dist/database/typeorm/typeorm-auth.adapter.js +50 -0
- package/dist/database/typeorm/typeorm-auth.adapter.js.map +1 -0
- package/dist/index.d.ts +11 -9
- package/dist/index.js +18 -10
- package/dist/index.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/fix-imports.js +46 -0
- package/fix-syntax.js +66 -0
- package/package.json +22 -20
- package/patch-local-specs.js +52 -0
- package/patch-oauth-specs.js +41 -0
- package/patch-specs.js +36 -0
- package/prompts/database_adapter.md +157 -0
- package/prompts/otp_provider.md +292 -0
- package/scratch/create-prisma-repos-final.js +139 -0
- package/scratch/create-prisma-repos.js +280 -0
- package/scratch/fix-events-spec.js +12 -0
- package/scratch/fix-imports.js +53 -0
- package/scratch/fix-prisma-interfaces.js +41 -0
- package/scratch/fix-prisma-interfaces2.js +36 -0
- package/scratch/fix-prisma-interfaces3.js +26 -0
- package/scratch/fix-prisma.js +28 -0
- package/scratch/fix-test-imports.js +51 -0
- package/scratch/fix-tests-advanced.js +68 -0
- package/scratch/fix-tests-advanced2.js +23 -0
- package/scratch/fix-tests-concrete.js +40 -0
- package/scratch/fix-tests-final.js +35 -0
- package/scratch/fix-tests-final2.js +28 -0
- package/scratch/fix-tests-final3.js +26 -0
- package/scratch/fix-tests-methods.js +40 -0
- package/scratch/fix-tests-proxy.js +67 -0
- package/scratch/fix-tests-types.js +24 -0
- package/scratch/rewrite-tests.js +110 -0
- package/tsc_errors.txt +60 -0
- package/tsc_errors2.txt +93 -0
- package/tmp-cv-test/package-lock.json +0 -250
- package/tmp-cv-test/package.json +0 -17
- package/tmp-cv-test/test.ts +0 -11
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
import { OtpPurpose } from '../enums/otp-purpose.enum';
|
|
2
|
+
export interface IssueOtpRequest {
|
|
3
|
+
uid: string;
|
|
4
|
+
authId: string;
|
|
5
|
+
identifier: string;
|
|
6
|
+
identifierType: 'email' | 'phone';
|
|
7
|
+
purpose: OtpPurpose;
|
|
8
|
+
expiresIn?: number;
|
|
9
|
+
}
|
|
10
|
+
export interface IssueOtpResult {
|
|
11
|
+
handledDelivery: boolean;
|
|
12
|
+
code?: string;
|
|
13
|
+
verificationId?: string;
|
|
14
|
+
expiresAt?: Date;
|
|
15
|
+
}
|
|
16
|
+
export interface VerifyOtpRequest {
|
|
17
|
+
uid: string;
|
|
18
|
+
code: string;
|
|
19
|
+
purpose?: OtpPurpose;
|
|
20
|
+
}
|
|
21
|
+
export interface VerifyOtpResult {
|
|
22
|
+
success: boolean;
|
|
23
|
+
metadata?: Record<string, any>;
|
|
24
|
+
authId?: string;
|
|
25
|
+
}
|
|
26
|
+
export interface ResendOtpRequest {
|
|
27
|
+
uid: string;
|
|
28
|
+
purpose?: OtpPurpose;
|
|
29
|
+
}
|
|
30
|
+
export interface ResendOtpResult {
|
|
31
|
+
handledDelivery: boolean;
|
|
32
|
+
code?: string;
|
|
33
|
+
verificationId?: string;
|
|
34
|
+
expiresAt?: Date;
|
|
35
|
+
metadata?: {
|
|
36
|
+
identifier: string;
|
|
37
|
+
identifierType: 'email' | 'phone';
|
|
38
|
+
purpose: string;
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
export declare const AUTH_OTP_PROVIDER = "AUTH_OTP_PROVIDER";
|
|
42
|
+
export declare const AUTH_OTP_PROVIDER_EMAIL = "AUTH_OTP_PROVIDER_EMAIL";
|
|
43
|
+
export declare const AUTH_OTP_PROVIDER_PHONE = "AUTH_OTP_PROVIDER_PHONE";
|
|
44
|
+
export interface AuthOtpProvider {
|
|
45
|
+
issue(request: IssueOtpRequest): Promise<IssueOtpResult>;
|
|
46
|
+
verify(request: VerifyOtpRequest): Promise<VerifyOtpResult>;
|
|
47
|
+
resend?(request: ResendOtpRequest): Promise<ResendOtpResult>;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Granular per-channel OTP provider map.
|
|
51
|
+
* Use this instead of (or alongside) the top-level `otpProvider` option
|
|
52
|
+
* when different identifier types should use different OTP backends.
|
|
53
|
+
*
|
|
54
|
+
* Any channel left undefined falls back to the top-level `otpProvider`,
|
|
55
|
+
* which itself defaults to `DatabaseOtpProvider`.
|
|
56
|
+
*/
|
|
57
|
+
export interface OtpProviderMap {
|
|
58
|
+
email?: any;
|
|
59
|
+
phone?: any;
|
|
60
|
+
}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AUTH_OTP_PROVIDER_PHONE = exports.AUTH_OTP_PROVIDER_EMAIL = exports.AUTH_OTP_PROVIDER = void 0;
|
|
4
|
+
exports.AUTH_OTP_PROVIDER = 'AUTH_OTP_PROVIDER';
|
|
5
|
+
exports.AUTH_OTP_PROVIDER_EMAIL = 'AUTH_OTP_PROVIDER_EMAIL';
|
|
6
|
+
exports.AUTH_OTP_PROVIDER_PHONE = 'AUTH_OTP_PROVIDER_PHONE';
|
|
7
|
+
//# sourceMappingURL=auth-otp-provider.interface.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-otp-provider.interface.js","sourceRoot":"","sources":["../../../src/auth/interfaces/auth-otp-provider.interface.ts"],"names":[],"mappings":";;;AA+Ca,QAAA,iBAAiB,GAAG,mBAAmB,CAAC;AACxC,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AACpD,QAAA,uBAAuB,GAAG,yBAAyB,CAAC"}
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
import { AuthStrategy } from '../enums/auth-type.enum';
|
|
2
|
+
import { IdentifierType, IdentifierSource } from '../enums/identifier-type.enum';
|
|
3
|
+
import { OAuthProviderType } from '../enums/auth-type.enum';
|
|
4
|
+
import { OtpPurpose } from '../enums/otp-purpose.enum';
|
|
5
|
+
import { MfaType } from '../enums/mfa-type.enum';
|
|
6
|
+
import { SessionEvent } from '../enums/session-event.enum';
|
|
7
|
+
export interface BaseDomainModel {
|
|
8
|
+
id: string;
|
|
9
|
+
createdAt: Date;
|
|
10
|
+
updatedAt: Date;
|
|
11
|
+
deletedAt?: Date;
|
|
12
|
+
}
|
|
13
|
+
export interface Auth extends BaseDomainModel {
|
|
14
|
+
uid: string;
|
|
15
|
+
strategy: AuthStrategy;
|
|
16
|
+
secretHash?: string;
|
|
17
|
+
isPrimary: boolean;
|
|
18
|
+
isVerified: boolean;
|
|
19
|
+
isActive: boolean;
|
|
20
|
+
meta?: Record<string, any>;
|
|
21
|
+
lastUsedAt?: Date;
|
|
22
|
+
identifiers?: AuthIdentifier[];
|
|
23
|
+
oauthProviders?: OAuthProvider[];
|
|
24
|
+
toMap(): Record<string, any>;
|
|
25
|
+
}
|
|
26
|
+
export interface AuthIdentifier extends BaseDomainModel {
|
|
27
|
+
auth?: Auth;
|
|
28
|
+
type: IdentifierType;
|
|
29
|
+
value: string;
|
|
30
|
+
isVerified: boolean;
|
|
31
|
+
source: IdentifierSource;
|
|
32
|
+
verifiedBy?: 'OTP' | 'PROVIDER' | 'ADMIN';
|
|
33
|
+
toMap(): Record<string, any>;
|
|
34
|
+
}
|
|
35
|
+
export interface OAuthProvider extends BaseDomainModel {
|
|
36
|
+
auth?: Auth;
|
|
37
|
+
provider: OAuthProviderType;
|
|
38
|
+
providerUserId: string;
|
|
39
|
+
accessToken?: string;
|
|
40
|
+
refreshToken?: string;
|
|
41
|
+
expiresAt?: Date;
|
|
42
|
+
displayName?: string;
|
|
43
|
+
avatarUrl?: string;
|
|
44
|
+
emailVerified?: boolean;
|
|
45
|
+
rawProfile?: Record<string, any>;
|
|
46
|
+
toMap(): Record<string, any>;
|
|
47
|
+
}
|
|
48
|
+
export interface OtpToken extends BaseDomainModel {
|
|
49
|
+
identifier: string;
|
|
50
|
+
purpose: OtpPurpose;
|
|
51
|
+
codeHash: string;
|
|
52
|
+
expiresAt: Date;
|
|
53
|
+
isUsed: boolean;
|
|
54
|
+
requestUserId?: string;
|
|
55
|
+
requestAuthId?: string;
|
|
56
|
+
toMap(): Record<string, any>;
|
|
57
|
+
}
|
|
58
|
+
export interface MfaMethod extends BaseDomainModel {
|
|
59
|
+
uid: string;
|
|
60
|
+
type: MfaType;
|
|
61
|
+
secret: string;
|
|
62
|
+
isEnabled: boolean;
|
|
63
|
+
isDefault: boolean;
|
|
64
|
+
lastUsedAt?: Date;
|
|
65
|
+
toMap(): Record<string, any>;
|
|
66
|
+
}
|
|
67
|
+
export interface Session {
|
|
68
|
+
id: string;
|
|
69
|
+
uid: string;
|
|
70
|
+
namespace?: string;
|
|
71
|
+
refreshTokenHash: string;
|
|
72
|
+
userAgent?: string;
|
|
73
|
+
deviceFingerprint?: string;
|
|
74
|
+
ipAddress?: string;
|
|
75
|
+
expiresAt: Date;
|
|
76
|
+
createdAt: Date;
|
|
77
|
+
toMap(): Record<string, any>;
|
|
78
|
+
}
|
|
79
|
+
export interface SessionLog {
|
|
80
|
+
id: string;
|
|
81
|
+
sessionId: string;
|
|
82
|
+
uid: string;
|
|
83
|
+
namespace?: string;
|
|
84
|
+
event: SessionEvent;
|
|
85
|
+
userAgent?: string;
|
|
86
|
+
deviceFingerprint?: string;
|
|
87
|
+
ipAddress?: string;
|
|
88
|
+
timestamp: Date;
|
|
89
|
+
reason?: string;
|
|
90
|
+
toMap(): Record<string, any>;
|
|
91
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"models.interface.js","sourceRoot":"","sources":["../../../src/auth/interfaces/models.interface.ts"],"names":[],"mappings":""}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { SignupDto } from '../dto/requests/signup.dto';
|
|
2
2
|
import { LoginDto } from '../dto/requests/login.dto';
|
|
3
|
-
import { Auth } from '../
|
|
4
|
-
import { AuthIdentifier } from '../
|
|
3
|
+
import { Auth } from '../interfaces/models.interface';
|
|
4
|
+
import { AuthIdentifier } from '../interfaces/models.interface';
|
|
5
5
|
export interface IOAuthStrategy {
|
|
6
6
|
registerCredentials(dto: SignupDto, uid?: string): Promise<{
|
|
7
7
|
auth: Auth;
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
import { Auth, AuthIdentifier, OAuthProvider, OtpToken, MfaMethod, Session, SessionLog } from './models.interface';
|
|
2
|
+
import { AuthStrategy } from '../enums/auth-type.enum';
|
|
3
|
+
export interface AuthRepository {
|
|
4
|
+
create(data: Partial<Auth>): Promise<Auth>;
|
|
5
|
+
findById(id: string): Promise<Auth | null>;
|
|
6
|
+
findByUid(uid: string): Promise<Auth | null>;
|
|
7
|
+
findAllByUid(uid: string): Promise<Auth[]>;
|
|
8
|
+
findAll(): Promise<Auth[]>;
|
|
9
|
+
findByUidAndStrategy(uid: string, strategy: AuthStrategy): Promise<Auth | null>;
|
|
10
|
+
findByUidAndStrategies(uid: string, strategies: AuthStrategy[]): Promise<Auth | null>;
|
|
11
|
+
save(auth: Auth): Promise<Auth>;
|
|
12
|
+
update(id: string, data: Partial<Auth>): Promise<void>;
|
|
13
|
+
delete(id: string): Promise<void>;
|
|
14
|
+
deleteByUid(uid: string): Promise<void>;
|
|
15
|
+
findWithIdentifiers(id: string): Promise<Auth | null>;
|
|
16
|
+
}
|
|
17
|
+
export interface AuthIdentifierRepository {
|
|
18
|
+
create(data: Partial<AuthIdentifier>): Promise<AuthIdentifier>;
|
|
19
|
+
findByValue(value: string): Promise<AuthIdentifier | null>;
|
|
20
|
+
findByAuthId(authId: string): Promise<AuthIdentifier[]>;
|
|
21
|
+
findByUidAndTypes(uid: string, types: string[]): Promise<AuthIdentifier | null>;
|
|
22
|
+
findWithAuthByValue(value: string): Promise<{
|
|
23
|
+
identifier: AuthIdentifier;
|
|
24
|
+
auth: Auth;
|
|
25
|
+
} | null>;
|
|
26
|
+
save(identifier: AuthIdentifier): Promise<AuthIdentifier>;
|
|
27
|
+
markVerifiedByAuthId(authId: string): Promise<void>;
|
|
28
|
+
}
|
|
29
|
+
export interface OAuthProviderRepository {
|
|
30
|
+
create(data: Partial<OAuthProvider>): Promise<OAuthProvider>;
|
|
31
|
+
findByProviderUserId(provider: string, providerUserId: string): Promise<OAuthProvider | null>;
|
|
32
|
+
findWithAuthByProviderUserId(provider: string, providerUserId: string): Promise<{
|
|
33
|
+
provider: OAuthProvider;
|
|
34
|
+
auth: Auth;
|
|
35
|
+
} | null>;
|
|
36
|
+
save(provider: OAuthProvider): Promise<OAuthProvider>;
|
|
37
|
+
update(id: string, data: Partial<OAuthProvider>): Promise<void>;
|
|
38
|
+
}
|
|
39
|
+
export interface OtpTokenRepository {
|
|
40
|
+
create(data: Partial<OtpToken>): Promise<OtpToken>;
|
|
41
|
+
findLatestUnused(uid: string): Promise<OtpToken | null>;
|
|
42
|
+
findLatestUnusedByPurpose(uid: string, purpose: string): Promise<OtpToken | null>;
|
|
43
|
+
save(token: OtpToken): Promise<OtpToken>;
|
|
44
|
+
deleteByUid(uid: string): Promise<void>;
|
|
45
|
+
}
|
|
46
|
+
export interface MfaMethodRepository {
|
|
47
|
+
create(data: Partial<MfaMethod>): Promise<MfaMethod>;
|
|
48
|
+
findByUidAndType(uid: string, type: string): Promise<MfaMethod | null>;
|
|
49
|
+
findByUidAndEnabled(uid: string): Promise<MfaMethod | null>;
|
|
50
|
+
save(method: MfaMethod): Promise<MfaMethod>;
|
|
51
|
+
deleteByUid(uid: string): Promise<void>;
|
|
52
|
+
}
|
|
53
|
+
export interface SessionRepository {
|
|
54
|
+
create(data: Partial<Session>): Promise<Session>;
|
|
55
|
+
findById(id: string): Promise<Session | null>;
|
|
56
|
+
findDeviceSession(uid: string, namespace: string | undefined, deviceFingerprint: string): Promise<Session | null>;
|
|
57
|
+
findByUid(uid: string): Promise<Session[]>;
|
|
58
|
+
findByIdWithDetails(id: string, namespace?: string): Promise<Session | null>;
|
|
59
|
+
save(session: Session): Promise<Session>;
|
|
60
|
+
update(id: string, data: Partial<Session>): Promise<void>;
|
|
61
|
+
delete(id: string): Promise<void>;
|
|
62
|
+
deleteByUid(uid: string): Promise<void>;
|
|
63
|
+
transaction(runInTransaction: (repo: SessionRepository) => Promise<void>): Promise<void>;
|
|
64
|
+
}
|
|
65
|
+
export interface SessionLogRepository {
|
|
66
|
+
create(data: Partial<SessionLog>): Promise<SessionLog>;
|
|
67
|
+
save(log: SessionLog): Promise<SessionLog>;
|
|
68
|
+
saveMany(logs: SessionLog[]): Promise<SessionLog[]>;
|
|
69
|
+
findByUidAndNamespace(uid: string, namespace?: string): Promise<SessionLog[]>;
|
|
70
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"repositories.interface.js","sourceRoot":"","sources":["../../../src/auth/interfaces/repositories.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export declare const AUTH_REPOSITORY_TOKEN = "AUTH_REPOSITORY_TOKEN";
|
|
2
|
+
export declare const AUTH_IDENTIFIER_REPOSITORY_TOKEN = "AUTH_IDENTIFIER_REPOSITORY_TOKEN";
|
|
3
|
+
export declare const OAUTH_PROVIDER_REPOSITORY_TOKEN = "OAUTH_PROVIDER_REPOSITORY_TOKEN";
|
|
4
|
+
export declare const OTP_TOKEN_REPOSITORY_TOKEN = "OTP_TOKEN_REPOSITORY_TOKEN";
|
|
5
|
+
export declare const MFA_METHOD_REPOSITORY_TOKEN = "MFA_METHOD_REPOSITORY_TOKEN";
|
|
6
|
+
export declare const SESSION_REPOSITORY_TOKEN = "SESSION_REPOSITORY_TOKEN";
|
|
7
|
+
export declare const SESSION_LOG_REPOSITORY_TOKEN = "SESSION_LOG_REPOSITORY_TOKEN";
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.SESSION_LOG_REPOSITORY_TOKEN = exports.SESSION_REPOSITORY_TOKEN = exports.MFA_METHOD_REPOSITORY_TOKEN = exports.OTP_TOKEN_REPOSITORY_TOKEN = exports.OAUTH_PROVIDER_REPOSITORY_TOKEN = exports.AUTH_IDENTIFIER_REPOSITORY_TOKEN = exports.AUTH_REPOSITORY_TOKEN = void 0;
|
|
4
|
+
exports.AUTH_REPOSITORY_TOKEN = 'AUTH_REPOSITORY_TOKEN';
|
|
5
|
+
exports.AUTH_IDENTIFIER_REPOSITORY_TOKEN = 'AUTH_IDENTIFIER_REPOSITORY_TOKEN';
|
|
6
|
+
exports.OAUTH_PROVIDER_REPOSITORY_TOKEN = 'OAUTH_PROVIDER_REPOSITORY_TOKEN';
|
|
7
|
+
exports.OTP_TOKEN_REPOSITORY_TOKEN = 'OTP_TOKEN_REPOSITORY_TOKEN';
|
|
8
|
+
exports.MFA_METHOD_REPOSITORY_TOKEN = 'MFA_METHOD_REPOSITORY_TOKEN';
|
|
9
|
+
exports.SESSION_REPOSITORY_TOKEN = 'SESSION_REPOSITORY_TOKEN';
|
|
10
|
+
exports.SESSION_LOG_REPOSITORY_TOKEN = 'SESSION_LOG_REPOSITORY_TOKEN';
|
|
11
|
+
//# sourceMappingURL=repository-tokens.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"repository-tokens.js","sourceRoot":"","sources":["../../../src/auth/interfaces/repository-tokens.ts"],"names":[],"mappings":";;;AAAa,QAAA,qBAAqB,GAAG,uBAAuB,CAAC;AAChD,QAAA,gCAAgC,GAAG,kCAAkC,CAAC;AACtE,QAAA,+BAA+B,GAAG,iCAAiC,CAAC;AACpE,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,2BAA2B,GAAG,6BAA6B,CAAC;AAC5D,QAAA,wBAAwB,GAAG,0BAA0B,CAAC;AACtD,QAAA,4BAA4B,GAAG,8BAA8B,CAAC"}
|
|
@@ -1,15 +1,13 @@
|
|
|
1
|
-
import { DataSource, Repository } from 'typeorm';
|
|
2
1
|
import { LoginDto } from '../dto/requests/login.dto';
|
|
3
2
|
import { SignupDto } from '../dto/requests/signup.dto';
|
|
4
3
|
import { AuthModuleOptions } from '../interfaces/auth-module-options.interface';
|
|
5
|
-
import {
|
|
6
|
-
import { AuthIdentifier } from '../
|
|
4
|
+
import { AuthRepository, AuthIdentifierRepository } from '../interfaces/repositories.interface';
|
|
5
|
+
import { Auth, AuthIdentifier } from '../interfaces/models.interface';
|
|
7
6
|
export declare class LocalAuthStrategy {
|
|
8
|
-
private readonly dataSource;
|
|
9
7
|
private authRepo;
|
|
10
8
|
private identifierRepo;
|
|
11
9
|
private options;
|
|
12
|
-
constructor(
|
|
10
|
+
constructor(authRepo: AuthRepository, identifierRepo: AuthIdentifierRepository, options: AuthModuleOptions);
|
|
13
11
|
private readonly logger;
|
|
14
12
|
private validatePhoneFormat;
|
|
15
13
|
private requiresPassword;
|
|
@@ -15,21 +15,15 @@ var LocalAuthStrategy_1;
|
|
|
15
15
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
16
16
|
exports.LocalAuthStrategy = void 0;
|
|
17
17
|
const common_1 = require("@nestjs/common");
|
|
18
|
-
const typeorm_1 = require("typeorm");
|
|
19
|
-
const typeorm_2 = require("@nestjs/typeorm");
|
|
20
18
|
const bcrypt = require("bcrypt");
|
|
21
19
|
const crypto = require("crypto");
|
|
22
20
|
const auth_module_options_interface_1 = require("../interfaces/auth-module-options.interface");
|
|
23
|
-
const
|
|
24
|
-
|
|
25
|
-
const auth_entity_1 = require("../entities/auth.entity");
|
|
26
|
-
const auth_identify_entity_1 = require("../entities/auth-identify.entity");
|
|
21
|
+
const repository_tokens_1 = require("../interfaces/repository-tokens");
|
|
22
|
+
const identifier_type_enum_1 = require("../enums/identifier-type.enum");
|
|
27
23
|
// Enums
|
|
28
|
-
const auth_type_enum_1 = require("../enums/auth-type.enum");
|
|
29
|
-
// Services / DTOs
|
|
24
|
+
const auth_type_enum_1 = require("../enums/auth-type.enum");
|
|
30
25
|
let LocalAuthStrategy = LocalAuthStrategy_1 = class LocalAuthStrategy {
|
|
31
|
-
constructor(
|
|
32
|
-
this.dataSource = dataSource;
|
|
26
|
+
constructor(authRepo, identifierRepo, options) {
|
|
33
27
|
this.authRepo = authRepo;
|
|
34
28
|
this.identifierRepo = identifierRepo;
|
|
35
29
|
this.options = options;
|
|
@@ -46,13 +40,13 @@ let LocalAuthStrategy = LocalAuthStrategy_1 = class LocalAuthStrategy {
|
|
|
46
40
|
}
|
|
47
41
|
requiresPassword(type) {
|
|
48
42
|
switch (type) {
|
|
49
|
-
case
|
|
43
|
+
case identifier_type_enum_1.IdentifierType.EMAIL:
|
|
50
44
|
case 'EMAIL':
|
|
51
45
|
return this.options.emailRequiresPassword ?? true;
|
|
52
|
-
case
|
|
46
|
+
case identifier_type_enum_1.IdentifierType.PHONE:
|
|
53
47
|
case 'PHONE':
|
|
54
48
|
return this.options.phoneRequiresPassword ?? false;
|
|
55
|
-
case
|
|
49
|
+
case identifier_type_enum_1.IdentifierType.USERNAME:
|
|
56
50
|
case 'USERNAME':
|
|
57
51
|
return this.options.usernameRequiresPassword ?? true;
|
|
58
52
|
default:
|
|
@@ -61,7 +55,6 @@ let LocalAuthStrategy = LocalAuthStrategy_1 = class LocalAuthStrategy {
|
|
|
61
55
|
}
|
|
62
56
|
async registerCredentials(dto, uid) {
|
|
63
57
|
const enabledStrategies = this.options.enabledStrategies || Object.values(auth_type_enum_1.AuthStrategy);
|
|
64
|
-
// 1. Validation of identifiers against enabled strategies
|
|
65
58
|
if (dto.email && !enabledStrategies.includes(auth_type_enum_1.AuthStrategy.EMAIL) && !enabledStrategies.includes(auth_type_enum_1.AuthStrategy.LOCAL)) {
|
|
66
59
|
throw new common_1.BadRequestException('Email authentication is currently disabled.');
|
|
67
60
|
}
|
|
@@ -84,7 +77,6 @@ let LocalAuthStrategy = LocalAuthStrategy_1 = class LocalAuthStrategy {
|
|
|
84
77
|
if (!dto.password && passwordRequired) {
|
|
85
78
|
throw new common_1.BadRequestException('Password is required');
|
|
86
79
|
}
|
|
87
|
-
// 2. Prepare the list of identifiers we want to claim
|
|
88
80
|
const identifiersToCheck = [];
|
|
89
81
|
if (dto.email)
|
|
90
82
|
identifiersToCheck.push(dto.email.toLowerCase());
|
|
@@ -92,64 +84,60 @@ let LocalAuthStrategy = LocalAuthStrategy_1 = class LocalAuthStrategy {
|
|
|
92
84
|
identifiersToCheck.push(dto.phone);
|
|
93
85
|
if (dto.username)
|
|
94
86
|
identifiersToCheck.push(dto.username.toLowerCase());
|
|
95
|
-
|
|
96
|
-
const
|
|
97
|
-
const authRepo = manager.getRepository(auth_entity_1.Auth);
|
|
98
|
-
// 3. Check uniqueness
|
|
99
|
-
const existing = await authIdentifierRepo.findOne({
|
|
100
|
-
where: { value: (0, typeorm_1.In)(identifiersToCheck) },
|
|
101
|
-
});
|
|
87
|
+
for (const val of identifiersToCheck) {
|
|
88
|
+
const existing = await this.identifierRepo.findByValue(val);
|
|
102
89
|
if (existing) {
|
|
103
|
-
if (existing.type ===
|
|
90
|
+
if (existing.type === identifier_type_enum_1.IdentifierType.PHONE) {
|
|
104
91
|
throw new common_1.BadRequestException('Unable to signup with those credentials. Try changing phone number');
|
|
105
92
|
}
|
|
106
|
-
if (existing.type ===
|
|
93
|
+
if (existing.type === identifier_type_enum_1.IdentifierType.EMAIL) {
|
|
107
94
|
throw new common_1.BadRequestException('Unable to signup with those credentials. Try changing email');
|
|
108
95
|
}
|
|
109
|
-
if (existing.type ===
|
|
96
|
+
if (existing.type === identifier_type_enum_1.IdentifierType.USERNAME) {
|
|
110
97
|
throw new common_1.BadRequestException('Unable to signup with those credentials. Try changing username');
|
|
111
98
|
}
|
|
112
99
|
}
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
isPrimary: true,
|
|
126
|
-
});
|
|
127
|
-
// 7. Create the Identifiers (The "Lookups")
|
|
128
|
-
const newIdentifiers = [];
|
|
129
|
-
if (dto.email) {
|
|
130
|
-
newIdentifiers.push(authIdentifierRepo.create({
|
|
131
|
-
type: auth_identify_entity_1.IdentifierType.EMAIL,
|
|
132
|
-
value: dto.email.toLowerCase(),
|
|
133
|
-
}));
|
|
134
|
-
}
|
|
135
|
-
if (dto.phone) {
|
|
136
|
-
newIdentifiers.push(authIdentifierRepo.create({
|
|
137
|
-
type: auth_identify_entity_1.IdentifierType.PHONE,
|
|
138
|
-
value: dto.phone,
|
|
139
|
-
}));
|
|
140
|
-
}
|
|
141
|
-
if (dto.username) {
|
|
142
|
-
newIdentifiers.push(authIdentifierRepo.create({
|
|
143
|
-
type: auth_identify_entity_1.IdentifierType.USERNAME,
|
|
144
|
-
value: dto.username.toLowerCase(),
|
|
145
|
-
}));
|
|
146
|
-
}
|
|
147
|
-
// Attach identifiers to auth to save them together (Cascade)
|
|
148
|
-
newAuth.identifiers = newIdentifiers;
|
|
149
|
-
// 8. Save (Cascade will save Auth + Identifiers)
|
|
150
|
-
const auth = await authRepo.save(newAuth);
|
|
151
|
-
return { auth, identifier: auth.identifiers?.[0] };
|
|
100
|
+
}
|
|
101
|
+
const hash = dto.password ? await bcrypt.hash(dto.password, 10) : undefined;
|
|
102
|
+
const identityUid = uid || crypto.randomUUID();
|
|
103
|
+
const newAuth = await this.authRepo.create({
|
|
104
|
+
uid: identityUid,
|
|
105
|
+
strategy: dto.method || auth_type_enum_1.AuthStrategy.LOCAL,
|
|
106
|
+
secretHash: hash,
|
|
107
|
+
isActive: true,
|
|
108
|
+
isPrimary: true,
|
|
109
|
+
isVerified: false,
|
|
110
|
+
createdAt: new Date(),
|
|
111
|
+
updatedAt: new Date(),
|
|
152
112
|
});
|
|
113
|
+
const newIdentifiers = [];
|
|
114
|
+
if (dto.email) {
|
|
115
|
+
newIdentifiers.push(await this.identifierRepo.create({
|
|
116
|
+
type: identifier_type_enum_1.IdentifierType.EMAIL,
|
|
117
|
+
value: dto.email.toLowerCase(),
|
|
118
|
+
isVerified: false,
|
|
119
|
+
source: 'USER_INPUT',
|
|
120
|
+
}));
|
|
121
|
+
}
|
|
122
|
+
if (dto.phone) {
|
|
123
|
+
newIdentifiers.push(await this.identifierRepo.create({
|
|
124
|
+
type: identifier_type_enum_1.IdentifierType.PHONE,
|
|
125
|
+
value: dto.phone,
|
|
126
|
+
isVerified: false,
|
|
127
|
+
source: 'USER_INPUT',
|
|
128
|
+
}));
|
|
129
|
+
}
|
|
130
|
+
if (dto.username) {
|
|
131
|
+
newIdentifiers.push(await this.identifierRepo.create({
|
|
132
|
+
type: identifier_type_enum_1.IdentifierType.USERNAME,
|
|
133
|
+
value: dto.username.toLowerCase(),
|
|
134
|
+
isVerified: false,
|
|
135
|
+
source: 'USER_INPUT',
|
|
136
|
+
}));
|
|
137
|
+
}
|
|
138
|
+
newAuth.identifiers = newIdentifiers;
|
|
139
|
+
const auth = await this.authRepo.save(newAuth);
|
|
140
|
+
return { auth, identifier: auth.identifiers?.[0] };
|
|
153
141
|
}
|
|
154
142
|
async login(dto) {
|
|
155
143
|
const enabledStrategies = this.options.enabledStrategies || Object.values(auth_type_enum_1.AuthStrategy);
|
|
@@ -157,7 +145,6 @@ let LocalAuthStrategy = LocalAuthStrategy_1 = class LocalAuthStrategy {
|
|
|
157
145
|
if (!identifierValue) {
|
|
158
146
|
throw new common_1.BadRequestException('Email, phone or username is required');
|
|
159
147
|
}
|
|
160
|
-
// Validate identifier type against enabled strategies
|
|
161
148
|
const isEmail = !!dto.email || (!!dto.emailOrPhone && dto.emailOrPhone.includes('@'));
|
|
162
149
|
const isPhone = !!dto.phone || (!!dto.emailOrPhone && /^\+?[0-9]+$/.test(dto.emailOrPhone));
|
|
163
150
|
const isUsername = !!dto.username || (!isEmail && !isPhone);
|
|
@@ -179,17 +166,12 @@ let LocalAuthStrategy = LocalAuthStrategy_1 = class LocalAuthStrategy {
|
|
|
179
166
|
if (isUsername && !enabledStrategies.includes(auth_type_enum_1.AuthStrategy.USERNAME) && !enabledStrategies.includes(auth_type_enum_1.AuthStrategy.LOCAL)) {
|
|
180
167
|
throw new common_1.BadRequestException('Username authentication is currently disabled.');
|
|
181
168
|
}
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
const identifier = await this.identifierRepo.findOne({
|
|
185
|
-
where: { value: identifierValue.toLowerCase() },
|
|
186
|
-
relations: ['auth'],
|
|
187
|
-
});
|
|
188
|
-
if (!identifier || !identifier.auth) {
|
|
169
|
+
const result = await this.identifierRepo.findWithAuthByValue(identifierValue.toLowerCase());
|
|
170
|
+
if (!result || !result.auth) {
|
|
189
171
|
throw new common_1.UnauthorizedException('Invalid credentials');
|
|
190
172
|
}
|
|
191
|
-
const
|
|
192
|
-
|
|
173
|
+
const identifier = result.identifier;
|
|
174
|
+
const auth = result.auth;
|
|
193
175
|
const localStrategies = [
|
|
194
176
|
auth_type_enum_1.AuthStrategy.EMAIL,
|
|
195
177
|
auth_type_enum_1.AuthStrategy.PHONE,
|
|
@@ -199,33 +181,18 @@ let LocalAuthStrategy = LocalAuthStrategy_1 = class LocalAuthStrategy {
|
|
|
199
181
|
if (!localStrategies.includes(auth.strategy)) {
|
|
200
182
|
throw new common_1.UnauthorizedException('Please login with your Social Account');
|
|
201
183
|
}
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
const authWithSecret = await this.authRepo.findOne({
|
|
205
|
-
where: { id: auth.id },
|
|
206
|
-
select: ['id', 'secretHash'], // Explicitly select the hidden column
|
|
207
|
-
});
|
|
208
|
-
if (!authWithSecret) {
|
|
209
|
-
throw new common_1.UnauthorizedException('Invalid credentials');
|
|
210
|
-
}
|
|
211
|
-
// 4. Verify password (if password was provided or required)
|
|
212
|
-
if (dto.password && authWithSecret.secretHash) {
|
|
213
|
-
const valid = await bcrypt.compare(dto.password, authWithSecret.secretHash);
|
|
184
|
+
if (dto.password && auth.secretHash) {
|
|
185
|
+
const valid = await bcrypt.compare(dto.password, auth.secretHash);
|
|
214
186
|
if (!valid) {
|
|
215
187
|
throw new common_1.UnauthorizedException('Invalid credentials');
|
|
216
188
|
}
|
|
217
189
|
}
|
|
218
|
-
else if (dto.password && !
|
|
219
|
-
// Identity has no password, but one was provided
|
|
190
|
+
else if (dto.password && !auth.secretHash) {
|
|
220
191
|
throw new common_1.UnauthorizedException('This account does not have a password set. Please use another method.');
|
|
221
192
|
}
|
|
222
|
-
else if (!dto.password &&
|
|
223
|
-
// Identity has a password, but none was provided
|
|
193
|
+
else if (!dto.password && auth.secretHash) {
|
|
224
194
|
throw new common_1.UnauthorizedException('Password is required for this account');
|
|
225
195
|
}
|
|
226
|
-
// If neither has a password, it's a password-less login (allowed for phone if verified elsewhere/contextually)
|
|
227
|
-
// 5. Update usage stats
|
|
228
|
-
// We update the original 'auth' object which has the User loaded, to return full context
|
|
229
196
|
auth.lastUsedAt = new Date();
|
|
230
197
|
await this.authRepo.save(auth);
|
|
231
198
|
return { auth, identifier };
|
|
@@ -234,11 +201,9 @@ let LocalAuthStrategy = LocalAuthStrategy_1 = class LocalAuthStrategy {
|
|
|
234
201
|
exports.LocalAuthStrategy = LocalAuthStrategy;
|
|
235
202
|
exports.LocalAuthStrategy = LocalAuthStrategy = LocalAuthStrategy_1 = __decorate([
|
|
236
203
|
(0, common_1.Injectable)(),
|
|
237
|
-
__param(
|
|
238
|
-
__param(
|
|
239
|
-
__param(
|
|
240
|
-
__metadata("design:paramtypes", [
|
|
241
|
-
typeorm_1.Repository,
|
|
242
|
-
typeorm_1.Repository, Object])
|
|
204
|
+
__param(0, (0, common_1.Inject)(repository_tokens_1.AUTH_REPOSITORY_TOKEN)),
|
|
205
|
+
__param(1, (0, common_1.Inject)(repository_tokens_1.AUTH_IDENTIFIER_REPOSITORY_TOKEN)),
|
|
206
|
+
__param(2, (0, common_1.Inject)(auth_module_options_interface_1.AUTH_MODULE_OPTIONS)),
|
|
207
|
+
__metadata("design:paramtypes", [Object, Object, Object])
|
|
243
208
|
], LocalAuthStrategy);
|
|
244
209
|
//# sourceMappingURL=local-auth.strategy.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"local-auth.strategy.js","sourceRoot":"","sources":["../../../src/auth/strategies/local-auth.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"local-auth.strategy.js","sourceRoot":"","sources":["../../../src/auth/strategies/local-auth.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAMwB;AACxB,iCAAiC;AAGjC,iCAAiC;AACjC,+FAAqG;AACrG,uEAA0G;AAK1G,wEAA+D;AAE/D,QAAQ;AACR,4DAAuD;AAGhD,IAAM,iBAAiB,yBAAvB,MAAM,iBAAiB;IAC5B,YACiC,QAAgC,EACrB,cAAgD,EAC7D,OAAkC;QAFxB,aAAQ,GAAR,QAAQ,CAAgB;QACb,mBAAc,GAAd,cAAc,CAA0B;QACrD,YAAO,GAAP,OAAO,CAAmB;QAGhD,WAAM,GAAW,IAAI,eAAM,CAAC,mBAAiB,CAAC,IAAI,CAAC,CAAC;IAFjE,CAAC;IAIG,mBAAmB,CAAC,KAAa;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC;QACnD,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAE/C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,4BAAmB,CAC3B,gCAAgC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,aAAa,KAAK,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxH,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,IAAqD;QAC5E,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,qCAAc,CAAC,KAAK,CAAC;YAC1B,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,IAAI,IAAI,CAAC;YACpD,KAAK,qCAAc,CAAC,KAAK,CAAC;YAC1B,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,IAAI,KAAK,CAAC;YACrD,KAAK,qCAAc,CAAC,QAAQ,CAAC;YAC7B,KAAK,UAAU;gBACb,OAAO,IAAI,CAAC,OAAO,CAAC,wBAAwB,IAAI,IAAI,CAAC;YACvD;gBACE,OAAO,IAAI,CAAC;QAChB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,GAAc,EAAE,GAAY;QACpD,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,MAAM,CAAC,MAAM,CAAC,6BAAY,CAAC,CAAC;QAExF,IAAI,GAAG,CAAC,KAAK,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,6BAAY,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,6BAAY,CAAC,KAAK,CAAC,EAAE,CAAC;YACpH,MAAM,IAAI,4BAAmB,CAAC,6CAA6C,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,GAAG,CAAC,KAAK,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,6BAAY,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,6BAAY,CAAC,KAAK,CAAC,EAAE,CAAC;YACpH,MAAM,IAAI,4BAAmB,CAAC,6CAA6C,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,GAAG,CAAC,QAAQ,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,6BAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,6BAAY,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1H,MAAM,IAAI,4BAAmB,CAAC,gDAAgD,CAAC,CAAC;QAClF,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC9C,MAAM,IAAI,4BAAmB,CAAC,sCAAsC,CAAC,CAAC;QACxE,CAAC;QAED,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACd,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACtC,CAAC;QAED,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACpE,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACpE,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QAEzE,MAAM,gBAAgB,GAAG,QAAQ,IAAI,QAAQ,IAAI,OAAO,CAAC;QAEzD,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,gBAAgB,EAAE,CAAC;YACtC,MAAM,IAAI,4BAAmB,CAAC,sBAAsB,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,IAAI,GAAG,CAAC,KAAK;YAAE,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QAChE,IAAI,GAAG,CAAC,KAAK;YAAE,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAClD,IAAI,GAAG,CAAC,QAAQ;YAAE,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QAEtE,KAAK,MAAM,GAAG,IAAI,kBAAkB,EAAE,CAAC;YACrC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YAC5D,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,QAAQ,CAAC,IAAI,KAAK,qCAAc,CAAC,KAAK,EAAE,CAAC;oBAC3C,MAAM,IAAI,4BAAmB,CAAC,oEAAoE,CAAC,CAAC;gBACtG,CAAC;gBACD,IAAI,QAAQ,CAAC,IAAI,KAAK,qCAAc,CAAC,KAAK,EAAE,CAAC;oBAC3C,MAAM,IAAI,4BAAmB,CAAC,6DAA6D,CAAC,CAAC;gBAC/F,CAAC;gBACD,IAAI,QAAQ,CAAC,IAAI,KAAK,qCAAc,CAAC,QAAQ,EAAE,CAAC;oBAC9C,MAAM,IAAI,4BAAmB,CAAC,gEAAgE,CAAC,CAAC;gBAClG,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC5E,MAAM,WAAW,GAAG,GAAG,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAE/C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzC,GAAG,EAAE,WAAW;YAChB,QAAQ,EAAE,GAAG,CAAC,MAAM,IAAI,6BAAY,CAAC,KAAK;YAC1C,UAAU,EAAE,IAAI;YAChB,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,IAAI;YACf,UAAU,EAAE,KAAK;YACjB,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC,CAAC;QAEH,MAAM,cAAc,GAAqB,EAAE,CAAC;QAE5C,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACd,cAAc,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC;gBACnD,IAAI,EAAE,qCAAc,CAAC,KAAK;gBAC1B,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE;gBAC9B,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,YAAmB;aAC5B,CAAC,CAAC,CAAC;QACN,CAAC;QAED,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACd,cAAc,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC;gBACnD,IAAI,EAAE,qCAAc,CAAC,KAAK;gBAC1B,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,YAAmB;aAC5B,CAAC,CAAC,CAAC;QACN,CAAC;QAED,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YACjB,cAAc,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC;gBACnD,IAAI,EAAE,qCAAc,CAAC,QAAQ;gBAC7B,KAAK,EAAE,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE;gBACjC,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,YAAmB;aAC5B,CAAC,CAAC,CAAC;QACN,CAAC;QAED,OAAO,CAAC,WAAW,GAAG,cAAc,CAAC;QACrC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/C,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAa;QACvB,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,MAAM,CAAC,MAAM,CAAC,6BAAY,CAAC,CAAC;QACxF,MAAM,eAAe,GAAG,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,QAAQ,CAAC;QAEnF,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,IAAI,4BAAmB,CAAC,sCAAsC,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QACtF,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;QAC5F,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,IAAI,CAAC,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;QAE5D,MAAM,gBAAgB,GACpB,CAAC,OAAO,IAAI,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC3C,CAAC,OAAO,IAAI,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC3C,CAAC,UAAU,IAAI,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,CAAC;QAEpD,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,gBAAgB,EAAE,CAAC;YACtC,MAAM,IAAI,4BAAmB,CAAC,sBAAsB,CAAC,CAAC;QACxD,CAAC;QAED,IAAI,OAAO,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,6BAAY,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,6BAAY,CAAC,KAAK,CAAC,EAAE,CAAC;YAClH,MAAM,IAAI,4BAAmB,CAAC,6CAA6C,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,OAAO,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,6BAAY,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,6BAAY,CAAC,KAAK,CAAC,EAAE,CAAC;YAClH,MAAM,IAAI,4BAAmB,CAAC,6CAA6C,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,UAAU,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,6BAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,6BAAY,CAAC,KAAK,CAAC,EAAE,CAAC;YACxH,MAAM,IAAI,4BAAmB,CAAC,gDAAgD,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,mBAAmB,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC,CAAC;QAE5F,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAC5B,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;QACrC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QAEzB,MAAM,eAAe,GAAG;YACtB,6BAAY,CAAC,KAAK;YAClB,6BAAY,CAAC,KAAK;YAClB,6BAAY,CAAC,QAAQ;YACrB,6BAAY,CAAC,KAAK;SACnB,CAAC;QAEF,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,8BAAqB,CAAC,uCAAuC,CAAC,CAAC;QAC3E,CAAC;QAED,IAAI,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpC,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;YAClE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YAC5C,MAAM,IAAI,8BAAqB,CAAC,uEAAuE,CAAC,CAAC;QAC3G,CAAC;aAAM,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAC5C,MAAM,IAAI,8BAAqB,CAAC,uCAAuC,CAAC,CAAC;QAC3E,CAAC;QAED,IAAI,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE/B,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;IAC9B,CAAC;CACF,CAAA;AA9MY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;IAGR,WAAA,IAAA,eAAM,EAAC,yCAAqB,CAAC,CAAA;IAC7B,WAAA,IAAA,eAAM,EAAC,oDAAgC,CAAC,CAAA;IACxC,WAAA,IAAA,eAAM,EAAC,mDAAmB,CAAC,CAAA;;GAJnB,iBAAiB,CA8M7B"}
|
|
@@ -1,19 +1,17 @@
|
|
|
1
|
-
import { DataSource, Repository } from 'typeorm';
|
|
2
1
|
import { LoginDto } from '../../dto/requests/login.dto';
|
|
3
2
|
import { SignupDto } from '../../dto/requests/signup.dto';
|
|
4
|
-
import { Auth } from '../../
|
|
5
|
-
import { OAuthProvider } from '../../entities/oauth-provider.entity';
|
|
6
|
-
import { AuthIdentifier } from '../../entities/auth-identify.entity';
|
|
3
|
+
import { Auth, AuthIdentifier } from '../../interfaces/models.interface';
|
|
7
4
|
import { AuthModuleOptions } from '../../interfaces/auth-module-options.interface';
|
|
8
5
|
import { IOAuthStrategy } from '../../interfaces/oauth-strategy.interface';
|
|
6
|
+
import { AuthRepository, AuthIdentifierRepository, OAuthProviderRepository } from '../../interfaces/repositories.interface';
|
|
9
7
|
export declare class AppleAuthStrategy implements IOAuthStrategy {
|
|
10
|
-
private readonly dataSource;
|
|
11
8
|
private authRepo;
|
|
9
|
+
private identifierRepo;
|
|
12
10
|
private oauthProviderRepo;
|
|
13
11
|
private options;
|
|
14
12
|
private applePublicKeys;
|
|
15
13
|
private lastKeysFetch;
|
|
16
|
-
constructor(
|
|
14
|
+
constructor(authRepo: AuthRepository, identifierRepo: AuthIdentifierRepository, oauthProviderRepo: OAuthProviderRepository, options: AuthModuleOptions);
|
|
17
15
|
private getApplePublicKeys;
|
|
18
16
|
private verifyToken;
|
|
19
17
|
registerCredentials(dto: SignupDto, uid?: string): Promise<{
|