aaspai-authx 0.1.3 → 0.1.5

package/dist/nest/index.cjs

@@ -558,7 +558,7 @@ var AuthAdminService = class {
   }
   async updateUserPassword(userId, newPassword) {
     const hashed = await import_bcrypt.default.hash(newPassword, 10);
-    await OrgUser.findOneAndUpdate({ id: userId }, { password: hashed });
+    await OrgUser.findOneAndUpdate({ id: userId }, { passwordHash: hashed });
   }
   // -------------------------------------------------------------------
   // ADMIN TOKEN (self-issued JWT)
@@ -611,7 +611,6 @@ var EmailService = class {
     return import_jsonwebtoken3.default.verify(token, process.env.EMAIL_JWT_SECRET);
   }
   async send(to, subject, html) {
-    console.log("[EmailService] Attempting to send:", { to, subject });
     try {
       const info = await this.transporter.sendMail({
         from: process.env.EMAIL_FROM,
@@ -639,18 +638,6 @@ var EmailService = class {
     }
   }
   canSend(lastEmailSent) {
-    console.log(
-      process.env.EMAIL_PASSWORD,
-      "pssword",
-      process.env.EMAIL_USER,
-      "user",
-      process.env.EMAIL_SECURE,
-      "secure",
-      process.env.EMAIL_PORT,
-      "porat",
-      process.env.EMAIL_HOST,
-      "hosat"
-    );
     const now = Date.now();
     const windowStart = now - this.WINDOW_MINUTES * 60 * 1e3;
     const emailsInWindow = (lastEmailSent || []).map((d) => new Date(d)).filter((d) => d.getTime() >= windowStart);
@@ -664,6 +651,386 @@ var EmailService = class {
   }
 };
 
+// src/templates/email.templates.ts
+var colors = {
+  background: "#0a0a0a",
+  cardBackground: "#111111",
+  cardBorder: "#1a1a1a",
+  accent: "#ffffff",
+  accentMuted: "rgba(255, 255, 255, 0.9)",
+  textPrimary: "#ffffff",
+  textSecondary: "rgba(255, 255, 255, 0.7)",
+  textMuted: "rgba(255, 255, 255, 0.5)",
+  divider: "rgba(255, 255, 255, 0.1)",
+  subtle: "#161616",
+  highlight: "rgba(255, 255, 255, 0.05)"
+};
+var styles = {
+  wrapper: `
+    margin: 0;
+    padding: 40px 20px;
+    background-color: ${colors.background};
+    background-image: 
+      radial-gradient(ellipse at top, rgba(255,255,255,0.03) 0%, transparent 50%),
+      radial-gradient(ellipse at bottom, rgba(255,255,255,0.02) 0%, transparent 50%);
+    min-height: 100vh;
+  `,
+  container: `
+    max-width: 520px;
+    margin: 0 auto;
+    font-family: -apple-system, BlinkMacSystemFont, 'SF Pro Display', 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;
+    color: ${colors.textPrimary};
+    line-height: 1.7;
+  `,
+  card: `
+    background-color: ${colors.cardBackground};
+    border: 1px solid ${colors.cardBorder};
+    border-radius: 16px;
+    overflow: hidden;
+    box-shadow: 
+      0 0 0 1px rgba(255,255,255,0.05),
+      0 20px 50px -20px rgba(0,0,0,0.5),
+      0 30px 60px -30px rgba(0,0,0,0.3);
+  `,
+  header: `
+    padding: 48px 40px 32px;
+    text-align: center;
+    border-bottom: 1px solid ${colors.divider};
+  `,
+  iconWrapper: `
+    width: 64px;
+    height: 64px;
+    margin: 0 auto 24px;
+    background: linear-gradient(135deg, rgba(255,255,255,0.1) 0%, rgba(255,255,255,0.05) 100%);
+    border: 1px solid rgba(255,255,255,0.1);
+    border-radius: 16px;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    font-size: 28px;
+  `,
+  headerTitle: `
+    color: ${colors.textPrimary};
+    margin: 0;
+    font-size: 24px;
+    font-weight: 600;
+    letter-spacing: -0.5px;
+  `,
+  headerSubtitle: `
+    color: ${colors.textMuted};
+    margin: 8px 0 0;
+    font-size: 14px;
+    font-weight: 400;
+  `,
+  body: `
+    padding: 40px;
+  `,
+  greeting: `
+    margin: 0 0 24px;
+    color: ${colors.textPrimary};
+    font-size: 18px;
+    font-weight: 500;
+  `,
+  paragraph: `
+    margin: 0 0 20px;
+    color: ${colors.textSecondary};
+    font-size: 15px;
+    line-height: 1.7;
+  `,
+  buttonWrapper: `
+    text-align: center;
+    margin: 32px 0;
+  `,
+  button: `
+    display: inline-block;
+    background-color: ${colors.accent};
+    color: #000000 !important;
+    text-decoration: none;
+    padding: 14px 36px;
+    border-radius: 8px;
+    font-weight: 600;
+    font-size: 14px;
+    letter-spacing: 0.3px;
+    transition: all 0.2s ease;
+  `,
+  secondaryButton: `
+    display: inline-block;
+    background-color: transparent;
+    color: ${colors.textPrimary} !important;
+    text-decoration: none;
+    padding: 12px 28px;
+    border-radius: 8px;
+    font-weight: 500;
+    font-size: 14px;
+    border: 1px solid ${colors.divider};
+  `,
+  infoCard: `
+    background-color: ${colors.subtle};
+    border: 1px solid ${colors.divider};
+    border-radius: 12px;
+    padding: 20px 24px;
+    margin: 28px 0;
+  `,
+  infoCardTitle: `
+    margin: 0 0 12px;
+    color: ${colors.textPrimary};
+    font-size: 13px;
+    font-weight: 600;
+    text-transform: uppercase;
+    letter-spacing: 0.5px;
+  `,
+  infoCardText: `
+    margin: 0;
+    color: ${colors.textSecondary};
+    font-size: 14px;
+    line-height: 1.6;
+  `,
+  warningCard: `
+    background: linear-gradient(135deg, rgba(255,180,0,0.1) 0%, rgba(255,140,0,0.05) 100%);
+    border: 1px solid rgba(255,180,0,0.2);
+    border-radius: 12px;
+    padding: 20px 24px;
+    margin: 28px 0;
+  `,
+  warningCardTitle: `
+    margin: 0 0 12px;
+    color: #ffc107;
+    font-size: 13px;
+    font-weight: 600;
+    text-transform: uppercase;
+    letter-spacing: 0.5px;
+  `,
+  warningCardText: `
+    margin: 0;
+    color: rgba(255,255,255,0.7);
+    font-size: 14px;
+    line-height: 1.6;
+  `,
+  successCard: `
+    background: linear-gradient(135deg, rgba(0,255,150,0.1) 0%, rgba(0,200,100,0.05) 100%);
+    border: 1px solid rgba(0,255,150,0.2);
+    border-radius: 12px;
+    padding: 20px 24px;
+    margin: 28px 0;
+  `,
+  successCardTitle: `
+    margin: 0 0 12px;
+    color: #00ff96;
+    font-size: 13px;
+    font-weight: 600;
+    text-transform: uppercase;
+    letter-spacing: 0.5px;
+  `,
+  linkSection: `
+    margin: 32px 0;
+    padding: 20px;
+    background-color: ${colors.subtle};
+    border-radius: 8px;
+    border: 1px solid ${colors.divider};
+  `,
+  linkLabel: `
+    margin: 0 0 8px;
+    color: ${colors.textMuted};
+    font-size: 12px;
+    text-transform: uppercase;
+    letter-spacing: 0.5px;
+  `,
+  linkText: `
+    word-break: break-all;
+    color: ${colors.textSecondary};
+    font-size: 13px;
+    font-family: 'SF Mono', 'Monaco', 'Inconsolata', 'Roboto Mono', monospace;
+    margin: 0;
+  `,
+  divider: `
+    border: none;
+    border-top: 1px solid ${colors.divider};
+    margin: 32px 0;
+  `,
+  footer: `
+    padding: 24px 40px 32px;
+    text-align: center;
+    border-top: 1px solid ${colors.divider};
+  `,
+  footerText: `
+    margin: 0;
+    color: ${colors.textMuted};
+    font-size: 12px;
+    line-height: 1.8;
+  `,
+  footerLink: `
+    color: ${colors.textSecondary};
+    text-decoration: none;
+  `,
+  badge: `
+    display: inline-block;
+    background-color: rgba(255,255,255,0.1);
+    color: ${colors.textSecondary};
+    padding: 4px 12px;
+    border-radius: 20px;
+    font-size: 12px;
+    font-weight: 500;
+    letter-spacing: 0.3px;
+  `,
+  listItem: `
+    color: ${colors.textSecondary};
+    font-size: 14px;
+    margin: 8px 0;
+    padding-left: 8px;
+  `,
+  metaRow: `
+    display: flex;
+    justify-content: space-between;
+    padding: 12px 0;
+    border-bottom: 1px solid ${colors.divider};
+  `,
+  metaLabel: `
+    color: ${colors.textMuted};
+    font-size: 13px;
+  `,
+  metaValue: `
+    color: ${colors.textPrimary};
+    font-size: 13px;
+    font-weight: 500;
+  `
+};
+function buildVerificationEmailTemplate(data) {
+  const { firstName, verificationUrl, expiresIn } = data;
+  return `
+    <!DOCTYPE html>
+    <html lang="en">
+    <head>
+      <meta charset="UTF-8">
+      <meta name="viewport" content="width=device-width, initial-scale=1.0">
+      <meta name="color-scheme" content="dark">
+      <meta name="supported-color-schemes" content="dark">
+      <title>Verify Your Email</title>
+      <!--[if mso]>
+      <style type="text/css">
+        body, table, td {font-family: Arial, Helvetica, sans-serif !important;}
+      </style>
+      <![endif]-->
+    </head>
+    <body style="${styles.wrapper}">
+      <div style="${styles.container}">
+        <div style="${styles.card}">
+          <!-- Header -->
+          <div style="${styles.header}">
+            <div style="${styles.iconWrapper}">
+              \u2709\uFE0F
+            </div>
+            <h1 style="${styles.headerTitle}">Verify your email</h1>
+            <p style="${styles.headerSubtitle}">One quick step to get started</p>
+          </div>
+          
+          <!-- Body -->
+          <div style="${styles.body}">
+            <p style="${styles.greeting}">Hi ${firstName},</p>
+            
+            <p style="${styles.paragraph}">
+              Thanks for signing up. To complete your registration and unlock all features, 
+              please verify your email address by clicking the button below.
+            </p>
+            
+            <div style="${styles.buttonWrapper}">
+              <a href="${verificationUrl}" style="${styles.button}" target="_blank">
+                Verify Email Address
+              </a>
+            </div>
+            
+            <div style="${styles.infoCard}">
+              <p style="${styles.infoCardTitle}">\u23F1 Time Sensitive</p>
+              <p style="${styles.infoCardText}">
+                This verification link will expire in <strong>${expiresIn}</strong>. 
+                If you didn't create an account, you can safely ignore this email.
+              </p>
+            </div>
+          </div>
+          
+          <!-- Footer -->
+          <div style="${styles.footer}">
+            <p style="${styles.footerText}">
+              This is an automated message \u2014 please do not reply.<br>
+              \xA9 ${(/* @__PURE__ */ new Date()).getFullYear()} All rights reserved.
+            </p>
+          </div>
+        </div>
+      </div>
+    </body>
+    </html>
+  `;
+}
+function buildResetPasswordEmailTemplate(data) {
+  const { firstName, resetUrl, expiresIn } = data;
+  return `
+    <!DOCTYPE html>
+    <html lang="en">
+    <head>
+      <meta charset="UTF-8">
+      <meta name="viewport" content="width=device-width, initial-scale=1.0">
+      <meta name="color-scheme" content="dark">
+      <meta name="supported-color-schemes" content="dark">
+      <title>Reset Your Password</title>
+    </head>
+    <body style="${styles.wrapper}">
+      <div style="${styles.container}">
+        <div style="${styles.card}">
+          <!-- Header -->
+          <div style="${styles.header}">
+            <div style="${styles.iconWrapper}">
+              \u{1F510}
+            </div>
+            <h1 style="${styles.headerTitle}">Reset your password</h1>
+            <p style="${styles.headerSubtitle}">We received a reset request</p>
+          </div>
+          
+          <!-- Body -->
+          <div style="${styles.body}">
+            <p style="${styles.greeting}">Hi ${firstName},</p>
+            
+            <p style="${styles.paragraph}">
+              We received a request to reset the password for your account. 
+              Click the button below to create a new password.
+            </p>
+            
+            <div style="${styles.buttonWrapper}">
+              <a href="${resetUrl}" style="${styles.button}" target="_blank">
+                Reset Password
+              </a>
+            </div>
+            
+            <div style="${styles.warningCard}">
+              <p style="${styles.warningCardTitle}">\u26A0\uFE0F Security Notice</p>
+              <p style="${styles.warningCardText}">
+                \u2022 This link expires in <strong>${expiresIn}</strong><br>
+                \u2022 This link can only be used once<br>
+                \u2022 If you didn't request this, ignore this email
+              </p>
+            </div>
+            
+            <hr style="${styles.divider}" />
+            
+            <p style="${styles.paragraph}; font-size: 13px; color: ${colors.textMuted};">
+              <strong>Didn't request this?</strong><br>
+              Your password remains unchanged. If you're concerned about your account 
+              security, please contact our support team immediately.
+            </p>
+          </div>
+          
+          <!-- Footer -->
+          <div style="${styles.footer}">
+            <p style="${styles.footerText}">
+              This is an automated message \u2014 please do not reply.<br>
+              \xA9 ${(/* @__PURE__ */ new Date()).getFullYear()} All rights reserved.
+            </p>
+          </div>
+        </div>
+      </div>
+    </body>
+    </html>
+  `;
+}
+
 // src/express/auth.routes.ts
 function createAuthRouter(options = {}) {
   const googleClientId = process.env.GOOGLE_CLIENT_ID;
@@ -695,10 +1062,8 @@ function createAuthRouter(options = {}) {
   );
   r.post("/login", validateLogin, async (req, res) => {
     const { email: emailAddress, password } = req.body || {};
-    console.log(emailAddress, password, "body");
     try {
       const user = await OrgUser.findOne({ email: emailAddress }).select("+password").lean();
-      console.log(user, "user");
       if (!user) {
         return res.status(400).json({
           error: "Invalid email or password",
@@ -772,10 +1137,20 @@ function createAuthRouter(options = {}) {
         emailService: email,
         user,
         subject: "Verify your email",
-        html: buildVerificationTemplate(
-          email.sign({ userId: kcUser.id, email: kcUser.email }),
-          options
-        )
+        // html: buildVerificationTemplate(
+        //   email.sign({ userId: kcUser.id, email: kcUser.email }),
+        //   options,
+        // ),
+        html: buildVerificationEmailTemplate({
+          firstName: user.firstName,
+          verificationUrl: `${getFrontendBaseUrl(options)}/verify-email?token=${email.sign(
+            {
+              userId: user.id,
+              email: user.email
+            }
+          )}`,
+          expiresIn: "1 hour"
+        })
       });
       if (emailResult.rateLimited) {
         return res.status(429).json({
@@ -855,7 +1230,17 @@ function createAuthRouter(options = {}) {
         emailService: email,
         user,
         subject: "Verify your email",
-        html: buildVerificationTemplate(token, options)
+        // html: buildVerificationTemplate(token, options),
+        html: buildVerificationEmailTemplate({
+          firstName: user.firstName,
+          verificationUrl: `${getFrontendBaseUrl(options)}/verify-email?token=${email.sign(
+            {
+              userId: user.id,
+              email: user.email
+            }
+          )}`,
+          expiresIn: "1 hour"
+        })
       });
       if (resendResult.rateLimited) {
         return res.status(429).json({
@@ -884,7 +1269,17 @@ function createAuthRouter(options = {}) {
       emailService: email,
       user,
       subject: "Reset password",
-      html: buildResetTemplate(resetToken, options)
+      // html: buildResetTemplate(resetToken, options),
+      html: buildResetPasswordEmailTemplate({
+        firstName: user.firstName,
+        resetUrl: `${getFrontendBaseUrl(options)}/reset-password?token=${email.sign(
+          {
+            userId: user.id,
+            email: user.email
+          }
+        )}`,
+        expiresIn: "1 hour"
+      })
     });
     if (resetResult.rateLimited) {
       return res.status(429).json({
@@ -897,9 +1292,16 @@ function createAuthRouter(options = {}) {
   });
   r.post("/reset-password", validateResetPassword, async (req, res) => {
     const { token, newPassword } = req.body || {};
+    if (!token || !newPassword) {
+      return res.status(400).json({
+        ok: false,
+        error: "Token and new password are required",
+        code: "MISSING_FIELDS"
+      });
+    }
     try {
       const payload = email.verify(token);
-      const user = await OrgUser.findOne({ keycloakId: payload.userId });
+      const user = await OrgUser.findOne({ id: payload.userId });
       if (!user) {
         return res.status(404).json({ ok: false, error: "User not found" });
       }
@@ -1290,12 +1692,6 @@ function respondWithKeycloakError(res, err, fallback, status = 400) {
   const description = err?.response?.data?.error_description || err?.response?.data?.errorMessage || err?.message || fallback;
   return res.status(status).json({ ok: false, error: description });
 }
-function buildVerificationTemplate(token, options) {
-  return `<a href="${getFrontendBaseUrl(options)}/auth/verify-email?token=${token}">Verify</a>`;
-}
-function buildResetTemplate(token, options) {
-  return `<a href="${getFrontendBaseUrl(options)}/auth/reset-password?token=${token}">Reset</a>`;
-}
 function getFrontendBaseUrl(options) {
   if (options.frontendBaseUrl)
     return options.frontendBaseUrl.replace(/\/$/, "");
@@ -1313,7 +1709,6 @@ async function sendRateLimitedEmail({
   if (!can.ok) {
     return { rateLimited: true, waitMs: can.waitMs };
   }
-  console.log(can, "can");
   await emailService.send(user.email, subject, html);
   user.lastEmailSent = [...user.lastEmailSent || [], /* @__PURE__ */ new Date()];
   await user.save();