ecrs-auth-core 1.0.105 → 1.0.106

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/auth-customer.controller.d.ts +2 -0
  2. package/dist/auth-customer.service.d.ts +3 -0
  3. package/dist/auth-customer.service.js +18 -2
  4. package/dist/entities/login-details-customer.entity.d.ts +1 -16
  5. package/dist/entities/user-customer-module-access.entity.d.ts +13 -0
  6. package/dist/entities/user-customer-module-access.entity.js +76 -0
  7. package/dist/entities/user-customer.entity.d.ts +4 -2
  8. package/dist/entities/user-customer.entity.js +10 -2
  9. package/dist/entities/user-feature-access.entity.js +25 -17
  10. package/dist/index.d.ts +41 -36
  11. package/dist/index.js +6 -0
  12. package/dist/interfaces/auth-customer-options.interface.d.ts +1 -1
  13. package/dist/jwt/jwt-customer.strategy.d.ts +2 -0
  14. package/dist/jwt/jwt-customer.strategy.js +25 -4
  15. package/dist/portal-auth.d.ts +3 -0
  16. package/dist/portal-auth.js +21 -0
  17. package/package.json +2 -1
package/dist/auth-customer.controller.d.ts CHANGED
@@ -25,6 +25,8 @@ export declare class AuthCustomerController {
25
25
  parentId: number;
26
26
  lastLoginTime: Date | null;
27
27
  is_reset_password: number;
28
+ is_ecrs_employee: boolean;
29
+ userId: number;
28
30
  profile_photo_url: string;
29
31
  };
30
32
  };
package/dist/auth-customer.service.d.ts CHANGED
@@ -55,10 +55,13 @@ export declare class AuthCustomerService {
55
55
  parentId: number;
56
56
  lastLoginTime: Date | null;
57
57
  is_reset_password: number;
58
+ is_ecrs_employee: boolean;
59
+ userId: number;
58
60
  profile_photo_url: string;
59
61
  };
60
62
  };
61
63
  access_token: string;
62
64
  }>;
63
65
  findUserById(id: number): Promise<UserCustomer | null>;
66
+ findEcrsEmployeeInCustomer(ecrsEmployeeId: number): Promise<UserCustomer | null>;
64
67
  }
package/dist/auth-customer.service.js CHANGED
@@ -71,8 +71,8 @@ let AuthCustomerService = class AuthCustomerService {
71
71
  const normalizedEmail = email.trim().toLowerCase();
72
72
  const whereClause = {
73
73
  email: (0, typeorm_1.ILike)(normalizedEmail),
74
- deletedBy: null,
75
- deletedAt: null,
74
+ deletedBy: (0, typeorm_1.IsNull)(),
75
+ deletedAt: (0, typeorm_1.IsNull)(),
76
76
  status: 1,
77
77
  };
78
78
  const user = await this.userRepo.findOne({ where: whereClause });
@@ -285,6 +285,8 @@ let AuthCustomerService = class AuthCustomerService {
285
285
  parentId: user.parentId,
286
286
  lastLoginTime,
287
287
  is_reset_password,
288
+ is_ecrs_employee: user.is_ecrs_employee ?? false, // ✅ ADD THIS
289
+ userId: user.userId, // ✅ ADD THIS
288
290
  };
289
291
  return {
290
292
  status: true,
@@ -305,6 +307,8 @@ let AuthCustomerService = class AuthCustomerService {
305
307
  parentId: user.parentId,
306
308
  lastLoginTime,
307
309
  is_reset_password,
310
+ is_ecrs_employee: user.is_ecrs_employee ?? false,
311
+ userId: user.userId,
308
312
  profile_photo_url: `${this.uploadPhotoDir}/${user.userImage}`,
309
313
  },
310
314
  },
@@ -314,6 +318,18 @@ let AuthCustomerService = class AuthCustomerService {
314
318
  async findUserById(id) {
315
319
  return this.userRepo.findOne({ where: { id } });
316
320
  }
321
+ // In auth-customer.service.ts — add this new method
322
+ async findEcrsEmployeeInCustomer(ecrsEmployeeId) {
323
+ return this.userRepo.findOne({
324
+ where: {
325
+ is_ecrs_employee: true,
326
+ referenceId: ecrsEmployeeId, // referenceId holds the ecrs employee id
327
+ status: 1,
328
+ deletedBy: (0, typeorm_1.IsNull)(),
329
+ deletedAt: (0, typeorm_1.IsNull)(),
330
+ },
331
+ });
332
+ }
317
333
  };
318
334
  exports.AuthCustomerService = AuthCustomerService;
319
335
  exports.AuthCustomerService = AuthCustomerService = __decorate([
package/dist/entities/login-details-customer.entity.d.ts CHANGED
@@ -1,19 +1,4 @@
1
- export interface LoginDetailData {
2
- login_time: string;
3
- logout_time?: string;
4
- status: "success" | "failed" | "blocked";
5
- ip_address: string;
6
- browser?: string;
7
- device_type?: string;
8
- operating_system?: string;
9
- location?: string;
10
- module_id?: number;
11
- ip_address_name?: string;
12
- failure_reason?: string;
13
- user_agent?: string;
14
- session_duration_ms?: number;
15
- metadata?: Record<string, any>;
16
- }
1
+ import { LoginDetailData } from "./login-details.entity";
17
2
  export declare class LoginCustomerDetailsEntity {
18
3
  id: number;
19
4
  customer_user_id: number;
package/dist/entities/user-customer-module-access.entity.d.ts ADDED
@@ -0,0 +1,13 @@
1
+ export declare class UserCustomerModuleAccess {
2
+ id: number;
3
+ customer_user_id: number;
4
+ moduleId: number;
5
+ accessLevel: string;
6
+ status: number;
7
+ permissions: string[];
8
+ createdAt: Date;
9
+ updatedAt: Date;
10
+ createdBy: number;
11
+ updatedBy?: number;
12
+ isDeleted: number;
13
+ }
package/dist/entities/user-customer-module-access.entity.js ADDED
@@ -0,0 +1,76 @@
1
+ "use strict";
2
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
3
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
4
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
5
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
7
+ };
8
+ var __metadata = (this && this.__metadata) || function (k, v) {
9
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.UserCustomerModuleAccess = void 0;
13
+ // src/entities/user-module-access.entity.ts
14
+ const typeorm_1 = require("typeorm");
15
+ let UserCustomerModuleAccess = class UserCustomerModuleAccess {
16
+ };
17
+ exports.UserCustomerModuleAccess = UserCustomerModuleAccess;
18
+ __decorate([
19
+ (0, typeorm_1.PrimaryGeneratedColumn)(),
20
+ __metadata("design:type", Number)
21
+ ], UserCustomerModuleAccess.prototype, "id", void 0);
22
+ __decorate([
23
+ (0, typeorm_1.Column)({ name: "customer_user_id" }),
24
+ __metadata("design:type", Number)
25
+ ], UserCustomerModuleAccess.prototype, "customer_user_id", void 0);
26
+ __decorate([
27
+ (0, typeorm_1.Column)({ name: "module_id" }),
28
+ __metadata("design:type", Number)
29
+ ], UserCustomerModuleAccess.prototype, "moduleId", void 0);
30
+ __decorate([
31
+ (0, typeorm_1.Column)({ name: "access_level", default: "view" }),
32
+ __metadata("design:type", String)
33
+ ], UserCustomerModuleAccess.prototype, "accessLevel", void 0);
34
+ __decorate([
35
+ (0, typeorm_1.Column)({ type: "smallint", default: 1 }),
36
+ __metadata("design:type", Number)
37
+ ], UserCustomerModuleAccess.prototype, "status", void 0);
38
+ __decorate([
39
+ (0, typeorm_1.Column)({
40
+ name: "permissions",
41
+ type: "json",
42
+ nullable: true,
43
+ }),
44
+ __metadata("design:type", Array)
45
+ ], UserCustomerModuleAccess.prototype, "permissions", void 0);
46
+ __decorate([
47
+ (0, typeorm_1.Column)({
48
+ name: "created_at",
49
+ type: "timestamp",
50
+ default: () => "CURRENT_TIMESTAMP",
51
+ }),
52
+ __metadata("design:type", Date)
53
+ ], UserCustomerModuleAccess.prototype, "createdAt", void 0);
54
+ __decorate([
55
+ (0, typeorm_1.Column)({
56
+ name: "updated_at",
57
+ type: "timestamp",
58
+ default: () => "CURRENT_TIMESTAMP",
59
+ }),
60
+ __metadata("design:type", Date)
61
+ ], UserCustomerModuleAccess.prototype, "updatedAt", void 0);
62
+ __decorate([
63
+ (0, typeorm_1.Column)({ name: "created_by" }),
64
+ __metadata("design:type", Number)
65
+ ], UserCustomerModuleAccess.prototype, "createdBy", void 0);
66
+ __decorate([
67
+ (0, typeorm_1.Column)({ name: "updated_by", nullable: true }),
68
+ __metadata("design:type", Number)
69
+ ], UserCustomerModuleAccess.prototype, "updatedBy", void 0);
70
+ __decorate([
71
+ (0, typeorm_1.Column)({ name: "is_deleted", type: "smallint", default: 0 }),
72
+ __metadata("design:type", Number)
73
+ ], UserCustomerModuleAccess.prototype, "isDeleted", void 0);
74
+ exports.UserCustomerModuleAccess = UserCustomerModuleAccess = __decorate([
75
+ (0, typeorm_1.Entity)({ name: "tbl_c_users_customer_module_access_new" })
76
+ ], UserCustomerModuleAccess);
package/dist/entities/user-customer.entity.d.ts CHANGED
@@ -10,6 +10,8 @@ export declare class UserCustomer {
10
10
  roleId: number;
11
11
  parentId: number;
12
12
  referenceId: number;
13
+ is_ecrs_employee: boolean;
14
+ userId: number;
13
15
  notificationToken: string;
14
16
  apiToken: string;
15
17
  deviceDetails: string;
@@ -20,8 +22,8 @@ export declare class UserCustomer {
20
22
  token_version: number;
21
23
  createdBy: number;
22
24
  updatedBy: number;
23
- deletedBy: number;
25
+ deletedBy: number | null;
24
26
  createdAt: Date;
25
27
  updatedAt: Date;
26
- deletedAt: Date;
28
+ deletedAt: Date | null;
27
29
  }
package/dist/entities/user-customer.entity.js CHANGED
@@ -59,6 +59,14 @@ __decorate([
59
59
  (0, typeorm_1.Column)({ type: "int", nullable: true }),
60
60
  __metadata("design:type", Number)
61
61
  ], UserCustomer.prototype, "referenceId", void 0);
62
+ __decorate([
63
+ (0, typeorm_1.Column)({ type: "boolean", default: false }),
64
+ __metadata("design:type", Boolean)
65
+ ], UserCustomer.prototype, "is_ecrs_employee", void 0);
66
+ __decorate([
67
+ (0, typeorm_1.Column)({ type: "int", nullable: true }),
68
+ __metadata("design:type", Number)
69
+ ], UserCustomer.prototype, "userId", void 0);
62
70
  __decorate([
63
71
  (0, typeorm_1.Column)({ type: "text", nullable: true }),
64
72
  __metadata("design:type", String)
@@ -101,7 +109,7 @@ __decorate([
101
109
  ], UserCustomer.prototype, "updatedBy", void 0);
102
110
  __decorate([
103
111
  (0, typeorm_1.Column)({ nullable: true }),
104
- __metadata("design:type", Number)
112
+ __metadata("design:type", Object)
105
113
  ], UserCustomer.prototype, "deletedBy", void 0);
106
114
  __decorate([
107
115
  (0, typeorm_1.Column)({ type: "timestamp", default: () => "CURRENT_TIMESTAMP" }),
@@ -113,7 +121,7 @@ __decorate([
113
121
  ], UserCustomer.prototype, "updatedAt", void 0);
114
122
  __decorate([
115
123
  (0, typeorm_1.Column)({ type: "timestamp", nullable: true }),
116
- __metadata("design:type", Date)
124
+ __metadata("design:type", Object)
117
125
  ], UserCustomer.prototype, "deletedAt", void 0);
118
126
  exports.UserCustomer = UserCustomer = __decorate([
119
127
  (0, typeorm_1.Entity)({ name: "tbl_users_customer" })
package/dist/entities/user-feature-access.entity.js CHANGED
@@ -20,69 +20,77 @@ __decorate([
20
20
  __metadata("design:type", Number)
21
21
  ], UserFeatureAccess.prototype, "id", void 0);
22
22
  __decorate([
23
- (0, typeorm_1.Column)({ name: 'user_id' }),
23
+ (0, typeorm_1.Column)({ name: "user_id" }),
24
24
  __metadata("design:type", Number)
25
25
  ], UserFeatureAccess.prototype, "userId", void 0);
26
26
  __decorate([
27
- (0, typeorm_1.Column)({ name: 'module_id' }),
27
+ (0, typeorm_1.Column)({ name: "module_id" }),
28
28
  __metadata("design:type", Number)
29
29
  ], UserFeatureAccess.prototype, "moduleId", void 0);
30
30
  __decorate([
31
- (0, typeorm_1.Column)({ name: 'feature_id' }),
31
+ (0, typeorm_1.Column)({ name: "feature_id" }),
32
32
  __metadata("design:type", Number)
33
33
  ], UserFeatureAccess.prototype, "featureId", void 0);
34
34
  __decorate([
35
- (0, typeorm_1.Column)({ name: 'access_level', default: 'view' }),
35
+ (0, typeorm_1.Column)({ name: "access_level", default: "view" }),
36
36
  __metadata("design:type", String)
37
37
  ], UserFeatureAccess.prototype, "accessLevel", void 0);
38
38
  __decorate([
39
- (0, typeorm_1.Column)({ name: 'can_view', default: false }),
39
+ (0, typeorm_1.Column)({ name: "can_view", default: false }),
40
40
  __metadata("design:type", Boolean)
41
41
  ], UserFeatureAccess.prototype, "canView", void 0);
42
42
  __decorate([
43
- (0, typeorm_1.Column)({ name: 'can_create', default: false }),
43
+ (0, typeorm_1.Column)({ name: "can_create", default: false }),
44
44
  __metadata("design:type", Boolean)
45
45
  ], UserFeatureAccess.prototype, "canCreate", void 0);
46
46
  __decorate([
47
- (0, typeorm_1.Column)({ name: 'can_modify', default: false }),
47
+ (0, typeorm_1.Column)({ name: "can_modify", default: false }),
48
48
  __metadata("design:type", Boolean)
49
49
  ], UserFeatureAccess.prototype, "canModify", void 0);
50
50
  __decorate([
51
- (0, typeorm_1.Column)({ name: 'can_delete', default: false }),
51
+ (0, typeorm_1.Column)({ name: "can_delete", default: false }),
52
52
  __metadata("design:type", Boolean)
53
53
  ], UserFeatureAccess.prototype, "canDelete", void 0);
54
54
  __decorate([
55
- (0, typeorm_1.Column)({ name: 'can_import', default: false }),
55
+ (0, typeorm_1.Column)({ name: "can_import", default: false }),
56
56
  __metadata("design:type", Boolean)
57
57
  ], UserFeatureAccess.prototype, "canImport", void 0);
58
58
  __decorate([
59
- (0, typeorm_1.Column)({ name: 'can_export', default: false }),
59
+ (0, typeorm_1.Column)({ name: "can_export", default: false }),
60
60
  __metadata("design:type", Boolean)
61
61
  ], UserFeatureAccess.prototype, "canExport", void 0);
62
62
  __decorate([
63
- (0, typeorm_1.Column)({ type: 'smallint', default: 1 }),
63
+ (0, typeorm_1.Column)({ type: "smallint", default: 1 }),
64
64
  __metadata("design:type", Number)
65
65
  ], UserFeatureAccess.prototype, "status", void 0);
66
66
  __decorate([
67
- (0, typeorm_1.Column)({ name: 'created_at', type: 'timestamp', default: () => 'CURRENT_TIMESTAMP' }),
67
+ (0, typeorm_1.Column)({
68
+ name: "created_at",
69
+ type: "timestamp",
70
+ default: () => "CURRENT_TIMESTAMP",
71
+ }),
68
72
  __metadata("design:type", Date)
69
73
  ], UserFeatureAccess.prototype, "createdAt", void 0);
70
74
  __decorate([
71
- (0, typeorm_1.Column)({ name: 'updated_at', type: 'timestamp', default: () => 'CURRENT_TIMESTAMP' }),
75
+ (0, typeorm_1.Column)({
76
+ name: "updated_at",
77
+ type: "timestamp",
78
+ default: () => "CURRENT_TIMESTAMP",
79
+ }),
72
80
  __metadata("design:type", Date)
73
81
  ], UserFeatureAccess.prototype, "updatedAt", void 0);
74
82
  __decorate([
75
- (0, typeorm_1.Column)({ name: 'created_by' }),
83
+ (0, typeorm_1.Column)({ name: "created_by" }),
76
84
  __metadata("design:type", Number)
77
85
  ], UserFeatureAccess.prototype, "createdBy", void 0);
78
86
  __decorate([
79
- (0, typeorm_1.Column)({ name: 'updated_by', nullable: true }),
87
+ (0, typeorm_1.Column)({ name: "updated_by", nullable: true }),
80
88
  __metadata("design:type", Number)
81
89
  ], UserFeatureAccess.prototype, "updatedBy", void 0);
82
90
  __decorate([
83
- (0, typeorm_1.Column)({ name: 'is_deleted', type: 'smallint', default: 0 }),
91
+ (0, typeorm_1.Column)({ name: "is_deleted", type: "smallint", default: 0 }),
84
92
  __metadata("design:type", Number)
85
93
  ], UserFeatureAccess.prototype, "isDeleted", void 0);
86
94
  exports.UserFeatureAccess = UserFeatureAccess = __decorate([
87
- (0, typeorm_1.Entity)({ name: 'tbl_c_user_feature_access' })
95
+ (0, typeorm_1.Entity)({ name: "tbl_c_user_feature_access" })
88
96
  ], UserFeatureAccess);
package/dist/index.d.ts CHANGED
@@ -1,36 +1,41 @@
1
- export * from './auth.module';
2
- export * from './auth.service';
3
- export * from './auth-customer.module';
4
- export * from './auth-customer.service';
5
- export * from './jwt/jwt-customer.strategy';
6
- export * from './jwt/jwt-customer.guard';
7
- export * from './dtos/login.dto';
8
- export * from './dtos/login-response.dto';
9
- export * from './decorators/current-user.decorator';
10
- export * from './decorators/feature.decorator';
11
- export * from './decorators/has-permission.decorator';
12
- export * from './decorators/roles.decorator';
13
- export * from './decorators/route-permission.decorator';
14
- export * from './decorators/api-key.decorator';
15
- export * from './guards/module.guard';
16
- export * from './guards/roles.guard';
17
- export * from './guards/feature.guard';
18
- export * from './guards/route.guard';
19
- export * from './guards/permission.guard';
20
- export * from './guards/api-key.guard';
21
- export * from './jwt/jwt.guard';
22
- export * from './jwt/jwt.strategy';
23
- export * from './interfaces/auth-core-options.interface';
24
- export * from './interfaces/auth-customer-options.interface';
25
- export * from './entities/user.entity';
26
- export * from './entities/role.entity';
27
- export * from './entities/module.entity';
28
- export * from './entities/feature.entity';
29
- export * from './entities/module-route.entity';
30
- export * from './entities/user-module-access.entity';
31
- export * from './entities/module-screen-permission.entity';
32
- export * from './entities/api-key.entity';
33
- export * from './entities/user-last-login.entity';
34
- export * from './entities/login-details.entity';
35
- export * from './entities/ip-access.entity';
36
- export * from './entities/work-profile.entity';
1
+ export * from "./auth.module";
2
+ export * from "./auth.service";
3
+ export * from "./auth-customer.module";
4
+ export * from "./auth-customer.service";
5
+ export * from "./jwt/jwt-customer.strategy";
6
+ export * from "./jwt/jwt-customer.guard";
7
+ export * from "./dtos/login.dto";
8
+ export * from "./dtos/login-response.dto";
9
+ export * from "./decorators/current-user.decorator";
10
+ export * from "./decorators/feature.decorator";
11
+ export * from "./decorators/has-permission.decorator";
12
+ export * from "./decorators/roles.decorator";
13
+ export * from "./decorators/route-permission.decorator";
14
+ export * from "./decorators/api-key.decorator";
15
+ export * from "./guards/module.guard";
16
+ export * from "./guards/roles.guard";
17
+ export * from "./guards/feature.guard";
18
+ export * from "./guards/route.guard";
19
+ export * from "./guards/permission.guard";
20
+ export * from "./guards/api-key.guard";
21
+ export * from "./jwt/jwt.guard";
22
+ export * from "./jwt/jwt.strategy";
23
+ export * from "./interfaces/auth-core-options.interface";
24
+ export * from "./interfaces/auth-customer-options.interface";
25
+ export * from "./entities/user.entity";
26
+ export * from "./entities/role.entity";
27
+ export * from "./entities/module.entity";
28
+ export * from "./entities/feature.entity";
29
+ export * from "./entities/module-route.entity";
30
+ export * from "./entities/user-module-access.entity";
31
+ export * from "./entities/module-screen-permission.entity";
32
+ export * from "./entities/api-key.entity";
33
+ export * from "./entities/user-last-login.entity";
34
+ export * from "./entities/login-details.entity";
35
+ export * from "./entities/ip-access.entity";
36
+ export * from "./entities/work-profile.entity";
37
+ export * from "./entities/user-customer.entity";
38
+ export * from "./entities/role-customer.entity";
39
+ export * from "./entities/user-customer-module-access.entity";
40
+ export * from "./entities/user-customer-last-login.entity";
41
+ export * from "./entities/login-details-customer.entity";
package/dist/index.js CHANGED
@@ -59,3 +59,9 @@ __exportStar(require("./entities/user-last-login.entity"), exports);
59
59
  __exportStar(require("./entities/login-details.entity"), exports);
60
60
  __exportStar(require("./entities/ip-access.entity"), exports);
61
61
  __exportStar(require("./entities/work-profile.entity"), exports);
62
+ // ✅ Customer entities (needed by etscustomer backend)
63
+ __exportStar(require("./entities/user-customer.entity"), exports);
64
+ __exportStar(require("./entities/role-customer.entity"), exports);
65
+ __exportStar(require("./entities/user-customer-module-access.entity"), exports);
66
+ __exportStar(require("./entities/user-customer-last-login.entity"), exports);
67
+ __exportStar(require("./entities/login-details-customer.entity"), exports);
package/dist/interfaces/auth-customer-options.interface.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import { Repository } from "typeorm";
2
2
  import { UserCustomer } from "../entities/user-customer.entity";
3
3
  import { CustomerRole } from "../entities/role-customer.entity";
4
- import { UserCustomerModuleAccess } from "../entities/user-customer-module-access.entity copy";
4
+ import { UserCustomerModuleAccess } from "../entities/user-customer-module-access.entity";
5
5
  import { UserCustomerLastLoginEntity } from "../entities/user-customer-last-login.entity";
6
6
  import { LoginCustomerDetailsEntity } from "../entities/login-details-customer.entity";
7
7
  export interface CustomerRepositories {
package/dist/jwt/jwt-customer.strategy.d.ts CHANGED
@@ -9,6 +9,8 @@ export declare class JwtCustomerStrategy extends JwtCustomerStrategy_base {
9
9
  email: string;
10
10
  roleId: number;
11
11
  moduleId: any;
12
+ is_ecrs_employee: boolean;
13
+ referenceId: number;
12
14
  }>;
13
15
  }
14
16
  export {};
package/dist/jwt/jwt-customer.strategy.js CHANGED
@@ -24,16 +24,33 @@ let JwtCustomerStrategy = class JwtCustomerStrategy extends (0, passport_1.Passp
24
24
  this.authCustomerService = authCustomerService;
25
25
  }
26
26
  async validate(payload) {
27
+ // 1. Find user in tbl_users_customer
27
28
  const user = await this.authCustomerService.findUserById(payload.id);
28
29
  if (!user) {
29
30
  throw new common_1.UnauthorizedException("INVALID_USER");
30
31
  }
31
- // Token version check — rejects tokens issued before a password change / logout-all
32
+ // 2. Token version check — catches password change / logout-all
32
33
  if (user.token_version !== payload.tokenVersion) {
33
- console.warn(`⚠️ Token version mismatch for customer ${user.id}. Expected ${user.token_version}, got ${payload.tokenVersion}`);
34
+ console.warn(`⚠️ Token version mismatch for customer ${user.id}. ` +
35
+ `Expected ${user.token_version}, got ${payload.tokenVersion}`);
34
36
  throw new common_1.UnauthorizedException("TOKEN_EXPIRED");
35
37
  }
36
- // Module access check
38
+ // 3. ECRS employee extra check
39
+ // - Normal customer login → payload.is_ecrs_employee = false → skip
40
+ // - Portal token exchange → payload.is_ecrs_employee = true → verify
41
+ if (payload.is_ecrs_employee === true) {
42
+ // Re-verify the record is still active in tbl_users_customer
43
+ if (!user.is_ecrs_employee || // flag must still be true in DB
44
+ user.status !== 1 || // must be active
45
+ user.deletedAt !== null // must not be soft-deleted
46
+ ) {
47
+ console.warn(`⚠️ ECRS employee ${user.id} (referenceId: ${user.referenceId}) ` +
48
+ `no longer has customer portal access`);
49
+ throw new common_1.UnauthorizedException("CUSTOMER_ACCESS_REVOKED");
50
+ }
51
+ console.log(`✅ ECRS employee verified — userId: ${user.id}, referenceId: ${user.referenceId}`);
52
+ }
53
+ // 4. Module access check (both normal + ECRS employee)
37
54
  if (payload.moduleId) {
38
55
  const hasAccess = await this.authCustomerService.hasModuleAccess(user.id, payload.moduleId);
39
56
  if (!hasAccess) {
@@ -41,12 +58,16 @@ let JwtCustomerStrategy = class JwtCustomerStrategy extends (0, passport_1.Passp
41
58
  }
42
59
  console.log(`✅ Customer ${user.id} has access to module ${payload.moduleId}`);
43
60
  }
44
- console.log(`✅ JWT validated for customer user ${user.id}`);
61
+ console.log(`✅ JWT validated userId: ${user.id}, ` +
62
+ `is_ecrs_employee: ${user.is_ecrs_employee ?? false}`);
63
+ // 5. Return req.user object — available in all controllers via @Req()
45
64
  return {
46
65
  id: user.id,
47
66
  email: user.email,
48
67
  roleId: user.roleId,
49
68
  moduleId: payload.moduleId ?? user.moduleId,
69
+ is_ecrs_employee: user.is_ecrs_employee ?? false,
70
+ referenceId: user.referenceId ?? null,
50
71
  };
51
72
  }
52
73
  };
package/dist/portal-auth.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ export declare function generatePortalToken(etsApiBase: string, jwtToken: string): Promise<string>;
2
+ export declare function exchangePortalToken(customerApiBase: string, code: string): Promise<string>;
3
+ export declare function openCustomerPortal(portalUrl: string, code: string): void;
package/dist/portal-auth.js ADDED
@@ -0,0 +1,21 @@
1
+ "use strict";
2
+ // src/portal-auth.ts (new file in your package)
3
+ var __importDefault = (this && this.__importDefault) || function (mod) {
4
+ return (mod && mod.__esModule) ? mod : { "default": mod };
5
+ };
6
+ Object.defineProperty(exports, "__esModule", { value: true });
7
+ exports.generatePortalToken = generatePortalToken;
8
+ exports.exchangePortalToken = exchangePortalToken;
9
+ exports.openCustomerPortal = openCustomerPortal;
10
+ const axios_1 = __importDefault(require("axios"));
11
+ async function generatePortalToken(etsApiBase, jwtToken) {
12
+ const res = await axios_1.default.post(`${etsApiBase}/auth/generate-portal-token`, {}, { headers: { Authorization: `Bearer ${jwtToken}` } });
13
+ return res.data.code;
14
+ }
15
+ async function exchangePortalToken(customerApiBase, code) {
16
+ const res = await axios_1.default.post(`${customerApiBase}/auth/exchange-portal-token`, { code });
17
+ return res.data.jwt_token;
18
+ }
19
+ function openCustomerPortal(portalUrl, code) {
20
+ window.open(`${portalUrl}/auth/token?code=${code}`, "_blank", "noopener,noreferrer");
21
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "ecrs-auth-core",
3
- "version": "1.0.105",
3
+ "version": "1.0.106",
4
4
  "description": "Centralized authentication and authorization module for ECRS apps",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -32,6 +32,7 @@
32
32
  "@nestjs/jwt": "^11.0.0",
33
33
  "@nestjs/swagger": "^7.1.14",
34
34
  "@nestjs/typeorm": "^11.0.0",
35
+ "axios": "^1.16.1",
35
36
  "class-transformer": "^0.5.1",
36
37
  "class-validator": "^0.14.3",
37
38
  "jsonwebtoken": "^9.0.2",