nestjs-security-cli 1.0.0

package/README.md

@@ -0,0 +1,41 @@
+# NestJS Security CLI
+
+Advanced IP blocking, role-based security, and attack detection for NestJS applications.
+
+## Installation
+
+```bash
+npm install nestjs-security-cli
+```
+
+## Qucik Start
+```
+import { Module } from '@nestjs/common';
+import { SecurityShieldModule } from 'nestjs-security-cli';
+
+@Module({
+  imports: [
+    SecurityShieldModule.forRoot({
+      enableDatabase: true,
+      mongooseConnection: 'mongodb://localhost:27017/myapp',
+      defaultBlockDurationHours: 24,
+      enableAutoBlocking: true,
+    }),
+  ],
+})
+export class AppModule {}
+```
+
+## Features
+- 🛡️ IP Blacklisting with MongoDB persistence
+- 🚫 Automatic attack pattern detection
+- ⚡ Redis/Memory caching for fast lookups
+- 👥 Role-based access control (RBAC)
+- 📊 Security analytics and reporting
+- ⏰ Scheduled cleanup of expired blocks
+
+## API Documentation
+[need to add api docs]
+
+## License
+MIT

package/dist/controllers/security.controller.d.ts

@@ -0,0 +1,20 @@
+import { SecurityService } from '../services/security.service';
+export declare class SecurityController {
+    private readonly securityService;
+    constructor(securityService: SecurityService);
+    blacklistIp(body: {
+        ip: string;
+        hours?: number;
+        reason?: string;
+    }, req: any): Promise<{
+        message: string;
+    }>;
+    removeFromBlacklist(ip: string): Promise<{
+        message: string;
+    }>;
+    getBlacklisted(query: any): Promise<any[]>;
+    getAnalytics(days?: string): Promise<any>;
+    blockMalwareIp(req: any): Promise<{
+        message: string;
+    }>;
+}

package/dist/controllers/security.controller.js

@@ -0,0 +1,94 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityController = void 0;
+const common_1 = require("@nestjs/common");
+const security_service_1 = require("../services/security.service");
+const admin_guard_1 = require("../guards/admin.guard");
+let SecurityController = class SecurityController {
+    constructor(securityService) {
+        this.securityService = securityService;
+    }
+    async blacklistIp(body, req) {
+        const { ip, hours = 24, reason = 'Manual blacklist' } = body;
+        const blockedBy = req.user?._id || req.user?.id;
+        await this.securityService.blacklistIp(ip, hours, reason, blockedBy);
+        return { message: `IP ${ip} blacklisted for ${hours} hours` };
+    }
+    async removeFromBlacklist(ip) {
+        await this.securityService.removeFromBlacklist(ip);
+        return { message: `IP ${ip} removed from blacklist` };
+    }
+    async getBlacklisted(query) {
+        const options = {
+            active: query.active !== 'false',
+            limit: parseInt(query.limit) || 50,
+            skip: parseInt(query.skip) || 0,
+            sortBy: query.sortBy || 'createdAt',
+            sortOrder: query.sortOrder || 'desc'
+        };
+        return await this.securityService.getBlacklistedIps(options);
+    }
+    async getAnalytics(days = '7') {
+        return await this.securityService.getSecurityAnalytics(parseInt(days));
+    }
+    async blockMalwareIp(req) {
+        const blockedBy = req.user?._id || req.user?.id;
+        await this.securityService.blacklistIp('94.69.234.122', 24 * 30, 'Malware deployment attempt', blockedBy);
+        return { message: 'Malware IP blocked for 30 days' };
+    }
+};
+exports.SecurityController = SecurityController;
+__decorate([
+    (0, common_1.Post)('blacklist'),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Req)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], SecurityController.prototype, "blacklistIp", null);
+__decorate([
+    (0, common_1.Delete)('blacklist/:ip'),
+    __param(0, (0, common_1.Param)('ip')),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String]),
+    __metadata("design:returntype", Promise)
+], SecurityController.prototype, "removeFromBlacklist", null);
+__decorate([
+    (0, common_1.Get)('blacklist'),
+    __param(0, (0, common_1.Query)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], SecurityController.prototype, "getBlacklisted", null);
+__decorate([
+    (0, common_1.Get)('analytics'),
+    __param(0, (0, common_1.Query)('days')),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String]),
+    __metadata("design:returntype", Promise)
+], SecurityController.prototype, "getAnalytics", null);
+__decorate([
+    (0, common_1.Post)('block-malware-ip'),
+    __param(0, (0, common_1.Req)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], SecurityController.prototype, "blockMalwareIp", null);
+exports.SecurityController = SecurityController = __decorate([
+    (0, common_1.UseGuards)(admin_guard_1.AdminGuard),
+    (0, common_1.Controller)('security'),
+    __metadata("design:paramtypes", [security_service_1.SecurityService])
+], SecurityController);
+//# sourceMappingURL=security.controller.js.map

package/dist/controllers/security.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.controller.js","sourceRoot":"","sources":["../../src/controllers/security.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAkG;AAClG,mEAA8D;AAC9D,uDAAkD;AAI3C,IAAM,kBAAkB,GAAxB,MAAM,kBAAkB;IAC9B,YAA6B,eAAgC;QAAhC,oBAAe,GAAf,eAAe,CAAiB;IAAG,CAAC;IAG3D,AAAN,KAAK,CAAC,WAAW,CAAS,IAAqD,EAAS,GAAQ;QAC/F,MAAM,EAAE,EAAE,EAAE,KAAK,GAAG,EAAE,EAAE,MAAM,GAAG,kBAAkB,EAAE,GAAG,IAAI,CAAA;QAC5D,MAAM,SAAS,GAAG,GAAG,CAAC,IAAI,EAAE,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,EAAE,CAAA;QAE/C,MAAM,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,CAAA;QACpE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,oBAAoB,KAAK,QAAQ,EAAE,CAAA;IAC9D,CAAC;IAGK,AAAN,KAAK,CAAC,mBAAmB,CAAc,EAAU;QAChD,MAAM,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAA;QAClD,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAA;IACtD,CAAC;IAGK,AAAN,KAAK,CAAC,cAAc,CAAU,KAAU;QACvC,MAAM,OAAO,GAAG;YACf,MAAM,EAAE,KAAK,CAAC,MAAM,KAAK,OAAO;YAChC,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE;YAClC,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;YAC/B,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,WAAW;YACnC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,MAAM;SACpC,CAAA;QACD,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAC7D,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CAAgB,OAAe,GAAG;QACnD,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC,oBAAoB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAA;IACvE,CAAC;IAGK,AAAN,KAAK,CAAC,cAAc,CAAQ,GAAQ;QACnC,MAAM,SAAS,GAAG,GAAG,CAAC,IAAI,EAAE,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,EAAE,CAAA;QAC/C,MAAM,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,eAAe,EAAE,EAAE,GAAG,EAAE,EAAE,4BAA4B,EAAE,SAAS,CAAC,CAAA;QACzG,OAAO,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAA;IACrD,CAAC;CACD,CAAA;AAzCY,gDAAkB;AAIxB;IADL,IAAA,aAAI,EAAC,WAAW,CAAC;IACC,WAAA,IAAA,aAAI,GAAE,CAAA;IAAyD,WAAA,IAAA,YAAG,GAAE,CAAA;;;;qDAMtF;AAGK;IADL,IAAA,eAAM,EAAC,eAAe,CAAC;IACG,WAAA,IAAA,cAAK,EAAC,IAAI,CAAC,CAAA;;;;6DAGrC;AAGK;IADL,IAAA,YAAG,EAAC,WAAW,CAAC;IACK,WAAA,IAAA,cAAK,GAAE,CAAA;;;;wDAS5B;AAGK;IADL,IAAA,YAAG,EAAC,WAAW,CAAC;IACG,WAAA,IAAA,cAAK,EAAC,MAAM,CAAC,CAAA;;;;sDAEhC;AAGK;IADL,IAAA,aAAI,EAAC,kBAAkB,CAAC;IACH,WAAA,IAAA,YAAG,GAAE,CAAA;;;;wDAI1B;6BAxCW,kBAAkB;IAF9B,IAAA,kBAAS,EAAC,wBAAU,CAAC;IACrB,IAAA,mBAAU,EAAC,UAAU,CAAC;qCAEwB,kCAAe;GADjD,kBAAkB,CAyC9B"}

package/dist/decorators/roles.decorator.d.ts

@@ -0,0 +1,3 @@
+import type { Role } from '../guards/roles.guard';
+export declare const ROLES_KEY = "roles";
+export declare const Roles: (...roles: Role[]) => import("@nestjs/common").CustomDecorator<string>;

package/dist/decorators/roles.decorator.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Roles = exports.ROLES_KEY = void 0;
+const common_1 = require("@nestjs/common");
+exports.ROLES_KEY = 'roles';
+const Roles = (...roles) => (0, common_1.SetMetadata)(exports.ROLES_KEY, roles);
+exports.Roles = Roles;
+//# sourceMappingURL=roles.decorator.js.map

package/dist/decorators/roles.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roles.decorator.js","sourceRoot":"","sources":["../../src/decorators/roles.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAA4C;AAG/B,QAAA,SAAS,GAAG,OAAO,CAAA;AACzB,MAAM,KAAK,GAAG,CAAC,GAAG,KAAa,EAAE,EAAE,CAAC,IAAA,oBAAW,EAAC,iBAAS,EAAE,KAAK,CAAC,CAAA;AAA3D,QAAA,KAAK,SAAsD"}

package/dist/guards/admin.guard.d.ts

@@ -0,0 +1,8 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+export declare class AdminGuard implements CanActivate {
+    private readonly logger;
+    private readonly jwtService;
+    private readonly configService;
+    canActivate(context: ExecutionContext): Promise<boolean>;
+    private extractTokenFromCookie;
+}

package/dist/guards/admin.guard.js

@@ -0,0 +1,56 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AdminGuard = void 0;
+const common_1 = require("@nestjs/common");
+const jwt_1 = require("@nestjs/jwt");
+const config_1 = require("@nestjs/config");
+const common_2 = require("@nestjs/common");
+let AdminGuard = class AdminGuard {
+    constructor() {
+        this.logger = new common_2.Logger('AdminGuard');
+        this.jwtService = new jwt_1.JwtService();
+        this.configService = new config_1.ConfigService();
+    }
+    async canActivate(context) {
+        const request = context.switchToHttp().getRequest();
+        const token = this.extractTokenFromCookie(request);
+        if (!token) {
+            throw new common_1.UnauthorizedException('You are not logged in.');
+        }
+        try {
+            const user = await this.jwtService.verifyAsync(token, {
+                secret: this.configService.get('JWT_SECRET')
+            });
+            request.user = user;
+            if (!user.roles || !user.roles.includes('ADMIN')) {
+                throw new common_1.ForbiddenException('Access denied: Admin role required');
+            }
+            return true;
+        }
+        catch (err) {
+            this.logger.error('Authentication/Authorization error:', err?.message);
+            if (err instanceof common_1.ForbiddenException) {
+                throw err;
+            }
+            let description = err?.message ?? err;
+            if (err?.message === 'jwt expired') {
+                description = 'Your session has expired. Please login again.';
+            }
+            throw new common_1.UnauthorizedException(description);
+        }
+    }
+    extractTokenFromCookie(request) {
+        return request?.cookies?.access_token;
+    }
+};
+exports.AdminGuard = AdminGuard;
+exports.AdminGuard = AdminGuard = __decorate([
+    (0, common_1.Injectable)()
+], AdminGuard);
+//# sourceMappingURL=admin.guard.js.map

package/dist/guards/admin.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin.guard.js","sourceRoot":"","sources":["../../src/guards/admin.guard.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAqH;AACrH,qCAAwC;AACxC,2CAA8C;AAE9C,2CAAuC;AAGhC,IAAM,UAAU,GAAhB,MAAM,UAAU;IAAhB;QACW,WAAM,GAAG,IAAI,eAAM,CAAC,YAAY,CAAC,CAAA;QACjC,eAAU,GAAG,IAAI,gBAAU,EAAE,CAAA;QAC7B,kBAAa,GAAG,IAAI,sBAAa,EAAE,CAAA;IA0CrD,CAAC;IAxCA,KAAK,CAAC,WAAW,CAAC,OAAyB;QAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAA;QAGnD,MAAM,KAAK,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAA;QAClD,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,MAAM,IAAI,8BAAqB,CAAC,wBAAwB,CAAC,CAAA;QAC1D,CAAC;QAED,IAAI,CAAC;YAEJ,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,EAAE;gBACrD,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,YAAY,CAAC;aACpD,CAAC,CAAA;YACF,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;YAGnB,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClD,MAAM,IAAI,2BAAkB,CAAC,oCAAoC,CAAC,CAAA;YACnE,CAAC;YAED,OAAO,IAAI,CAAA;QACZ,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YACnB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;YAEtE,IAAI,GAAG,YAAY,2BAAkB,EAAE,CAAC;gBACvC,MAAM,GAAG,CAAA;YACV,CAAC;YAED,IAAI,WAAW,GAAG,GAAG,EAAE,OAAO,IAAI,GAAG,CAAA;YACrC,IAAI,GAAG,EAAE,OAAO,KAAK,aAAa,EAAE,CAAC;gBACpC,WAAW,GAAG,+CAA+C,CAAA;YAC9D,CAAC;YACD,MAAM,IAAI,8BAAqB,CAAC,WAAW,CAAC,CAAA;QAC7C,CAAC;IACF,CAAC;IAEO,sBAAsB,CAAC,OAAY;QAC1C,OAAO,OAAO,EAAE,OAAO,EAAE,YAAY,CAAA;IACtC,CAAC;CACD,CAAA;AA7CY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;GACA,UAAU,CA6CtB"}

package/dist/guards/ip-blacklist.guard.d.ts

@@ -0,0 +1,13 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { SecurityService } from '../services/security.service';
+export declare const suspiciousPatterns: {
+    pattern: string;
+    name: string;
+}[];
+export declare class IpBlacklistGuard implements CanActivate {
+    private readonly securityService;
+    constructor(securityService: SecurityService);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+    private getClientIp;
+    private checkSuspiciousActivity;
+}

package/dist/guards/ip-blacklist.guard.js

@@ -0,0 +1,109 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IpBlacklistGuard = exports.suspiciousPatterns = void 0;
+const common_1 = require("@nestjs/common");
+const security_service_1 = require("../services/security.service");
+exports.suspiciousPatterns = [
+    { pattern: '/shell', name: 'Shell Access Attempt' },
+    { pattern: '/.env', name: 'Environment File Scan' },
+    { pattern: '/cgi-bin', name: 'CGI Exploit Attempt' },
+    { pattern: '/actuator', name: 'Spring Boot Probe' },
+    { pattern: 'wget+http', name: 'Malware Download' },
+    { pattern: 'chmod+777', name: 'Permission Escalation' },
+    { pattern: '../../', name: 'Path Traversal' },
+    { pattern: '%2e%2e', name: 'Encoded Path Traversal' },
+    { pattern: '/bin/sh', name: 'Shell Execution' },
+    { pattern: '/favicon.ico', name: 'Favicon' },
+    { pattern: '/robots.txt', name: 'Robots.txt' },
+    { pattern: '/.well-known', name: 'Well-Known Directory' },
+    { pattern: '/wp-admin', name: 'WordPress Admin Panel' },
+    { pattern: '/admin', name: 'WordPress Admin Panel' },
+    { pattern: '/wp-config.php', name: 'WordPress Configuration File' },
+    { pattern: '/config.php', name: 'WordPress Configuration File' },
+    { pattern: '/phpMyAdmin', name: 'phpMyAdmin' },
+    { pattern: '/wp-content/plugins', name: 'WordPress Plugin Directory' },
+    { pattern: '/wp-content/themes', name: 'WordPress Theme Directory' },
+    { pattern: '/wp-content/uploads', name: 'WordPress Upload Directory' },
+    { pattern: '/wp-content/cache', name: 'WordPress Cache Directory' },
+    { pattern: '/wp-content/languages', name: 'WordPress Language Directory' },
+    { pattern: '/wp-content/db.php', name: 'WordPress Database File' },
+    { pattern: '/wp-content/wp-settings.php', name: 'WordPress Settings File' },
+    { pattern: '/wp-content/index.php', name: 'WordPress Index File' },
+    { pattern: '/wp-content/plugins/index.php', name: 'WordPress Plugin Index File' },
+    { pattern: '/wp-content/themes/index.php', name: 'WordPress Theme Index File' },
+    { pattern: '/wp-content/uploads/index.php', name: 'WordPress Upload Index File' },
+    { pattern: '/wp-content/cache/index.php', name: 'WordPress Cache Index File' },
+    { pattern: '/wp-content/languages/index.php', name: 'WordPress Language Index File' },
+    { pattern: '/wp-content/db.php', name: 'WordPress Database File' },
+    { pattern: '/wp-content/wp-settings.php', name: 'WordPress Settings File' },
+    { pattern: '/wp-content/index.php', name: 'WordPress Index File' },
+    { pattern: '/webpages', name: 'Webpages' },
+    { pattern: '/manager', name: 'Manager' },
+    { pattern: '/.git', name: 'Git Repository' },
+    { pattern: '/.svn', name: 'Subversion Repository' },
+    { pattern: '/ecp', name: 'ECP' },
+    { pattern: '/app_dev.php', name: 'app dev php' },
+    { pattern: '/?phpinfo', name: 'phpinfo' },
+    { pattern: '/+CSCOE+', name: 'Cisco' },
+    { pattern: '/debug', name: 'debug' },
+    { pattern: '/config', name: 'config' },
+    { pattern: '/.json', name: 'json' },
+    { pattern: '/library', name: 'library' },
+    { pattern: '/API', name: 'API' },
+    { pattern: '\x16', name: 'special characters' },
+    { pattern: '/form.html', name: 'form' },
+    { pattern: '/upl.php', name: 'upl' },
+    { pattern: '/t4', name: 't4' },
+    { pattern: '/geoip', name: 'geoip' }
+];
+let IpBlacklistGuard = class IpBlacklistGuard {
+    constructor(securityService) {
+        this.securityService = securityService;
+    }
+    async canActivate(context) {
+        const request = context.switchToHttp().getRequest();
+        const clientIp = this.getClientIp(request);
+        const isBlacklisted = await this.securityService.isBlacklisted(clientIp);
+        if (isBlacklisted) {
+            throw new common_1.ForbiddenException('Access denied: IP address blocked');
+        }
+        await this.checkSuspiciousActivity(clientIp, request);
+        return true;
+    }
+    getClientIp(request) {
+        return (request.headers['x-forwarded-for']?.split(',')[0]?.trim() ||
+            request.headers['x-real-ip'] ||
+            request.connection?.remoteAddress ||
+            request.ip ||
+            'unknown');
+    }
+    async checkSuspiciousActivity(ip, request) {
+        const url = request.url.toLowerCase();
+        const userAgent = request.headers['user-agent']?.toLowerCase() || '';
+        for (const { pattern, name } of exports.suspiciousPatterns) {
+            if (url.includes(pattern) || userAgent.includes(pattern)) {
+                await this.securityService.blacklistIp(ip, 3600, `Auto-blocked: ${name}`, undefined, {
+                    userAgent,
+                    requestUrl: url,
+                    attackPattern: name
+                });
+                throw new common_1.ForbiddenException(`Access denied: ${name} detected`);
+            }
+        }
+    }
+};
+exports.IpBlacklistGuard = IpBlacklistGuard;
+exports.IpBlacklistGuard = IpBlacklistGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [security_service_1.SecurityService])
+], IpBlacklistGuard);
+//# sourceMappingURL=ip-blacklist.guard.js.map

package/dist/guards/ip-blacklist.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ip-blacklist.guard.js","sourceRoot":"","sources":["../../src/guards/ip-blacklist.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA8F;AAC9F,mEAA8D;AAEjD,QAAA,kBAAkB,GAAG;IACjC,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,sBAAsB,EAAE;IACnD,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,uBAAuB,EAAE;IACnD,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,qBAAqB,EAAE;IACpD,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,mBAAmB,EAAE;IACnD,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,kBAAkB,EAAE;IAClD,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,uBAAuB,EAAE;IACvD,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC7C,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,wBAAwB,EAAE;IACrD,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,EAAE;IAC/C,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,SAAS,EAAE;IAC5C,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,YAAY,EAAE;IAC9C,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,sBAAsB,EAAE;IACzD,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,uBAAuB,EAAE;IACvD,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,uBAAuB,EAAE;IACpD,EAAE,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,8BAA8B,EAAE;IACnE,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,8BAA8B,EAAE;IAChE,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,YAAY,EAAE;IAC9C,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,4BAA4B,EAAE;IACtE,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,2BAA2B,EAAE;IACpE,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,4BAA4B,EAAE;IACtE,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,2BAA2B,EAAE;IACnE,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,8BAA8B,EAAE;IAC1E,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,yBAAyB,EAAE;IAClE,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,yBAAyB,EAAE;IAC3E,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,sBAAsB,EAAE;IAClE,EAAE,OAAO,EAAE,+BAA+B,EAAE,IAAI,EAAE,6BAA6B,EAAE;IACjF,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,4BAA4B,EAAE;IAC/E,EAAE,OAAO,EAAE,+BAA+B,EAAE,IAAI,EAAE,6BAA6B,EAAE;IACjF,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,4BAA4B,EAAE;IAC9E,EAAE,OAAO,EAAE,iCAAiC,EAAE,IAAI,EAAE,+BAA+B,EAAE;IACrF,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,yBAAyB,EAAE;IAClE,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,yBAAyB,EAAE;IAC3E,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,sBAAsB,EAAE;IAClE,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,UAAU,EAAE;IAC1C,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE;IACxC,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC5C,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,uBAAuB,EAAE;IACnD,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE;IAChC,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE;IAChD,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE;IACzC,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE;IACtC,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE;IACpC,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE;IACtC,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE;IACnC,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE;IACxC,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE;IAChC,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,oBAAoB,EAAE;IAE/C,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE;IACvC,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE;IACpC,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE;IAC9B,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE;CACpC,CAAA;AAGM,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;IAC5B,YAA6B,eAAgC;QAAhC,oBAAe,GAAf,eAAe,CAAiB;IAAG,CAAC;IAEjE,KAAK,CAAC,WAAW,CAAC,OAAyB;QAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAA;QACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QAC1C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAA;QACxE,IAAI,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,2BAAkB,CAAC,mCAAmC,CAAC,CAAA;QAClE,CAAC;QACD,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QACrD,OAAO,IAAI,CAAA;IACZ,CAAC;IAEO,WAAW,CAAC,OAAY;QAC/B,OAAO,CACN,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;YACzD,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;YAC5B,OAAO,CAAC,UAAU,EAAE,aAAa;YACjC,OAAO,CAAC,EAAE;YACV,SAAS,CACT,CAAA;IACF,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,EAAU,EAAE,OAAY;QAC7D,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAA;QACrC,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAA;QACpE,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,0BAAkB,EAAE,CAAC;YACpD,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAE1D,MAAM,IAAI,CAAC,eAAe,CAAC,WAAW,CACrC,EAAE,EACF,IAAI,EACJ,iBAAiB,IAAI,EAAE,EACvB,SAAS,EACT;oBACC,SAAS;oBACT,UAAU,EAAE,GAAG;oBACf,aAAa,EAAE,IAAI;iBACnB,CACD,CAAA;gBACD,MAAM,IAAI,2BAAkB,CAAC,kBAAkB,IAAI,WAAW,CAAC,CAAA;YAChE,CAAC;QACF,CAAC;IACF,CAAC;CACD,CAAA;AA7CY,4CAAgB;2BAAhB,gBAAgB;IAD5B,IAAA,mBAAU,GAAE;qCAEkC,kCAAe;GADjD,gBAAgB,CA6C5B"}

package/dist/guards/roles.guard.d.ts

@@ -0,0 +1,8 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+export type Role = 'admin' | 'user' | 'moderator';
+export declare class RolesGuard implements CanActivate {
+    private reflector;
+    constructor(reflector: Reflector);
+    canActivate(context: ExecutionContext): boolean;
+}

package/dist/guards/roles.guard.js

@@ -0,0 +1,44 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RolesGuard = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const roles_decorator_1 = require("../decorators/roles.decorator");
+let RolesGuard = class RolesGuard {
+    constructor(reflector) {
+        this.reflector = reflector;
+    }
+    canActivate(context) {
+        const requiredRoles = this.reflector.getAllAndOverride(roles_decorator_1.ROLES_KEY, [
+            context.getHandler(),
+            context.getClass()
+        ]);
+        if (!requiredRoles) {
+            return true;
+        }
+        const { user } = context.switchToHttp().getRequest();
+        if (!user) {
+            throw new common_1.ForbiddenException('User not authenticated');
+        }
+        const hasRole = requiredRoles.some((role) => user.roles?.includes(role));
+        if (!hasRole) {
+            throw new common_1.ForbiddenException(`Access denied. Required roles: ${requiredRoles.join(', ')}`);
+        }
+        return true;
+    }
+};
+exports.RolesGuard = RolesGuard;
+exports.RolesGuard = RolesGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [core_1.Reflector])
+], RolesGuard);
+//# sourceMappingURL=roles.guard.js.map

package/dist/guards/roles.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roles.guard.js","sourceRoot":"","sources":["../../src/guards/roles.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA8F;AAC9F,uCAAwC;AACxC,mEAAyD;AAKlD,IAAM,UAAU,GAAhB,MAAM,UAAU;IACtB,YAAoB,SAAoB;QAApB,cAAS,GAAT,SAAS,CAAW;IAAG,CAAC;IAE5C,WAAW,CAAC,OAAyB;QACpC,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAS,2BAAS,EAAE;YACzE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SAClB,CAAC,CAAA;QAEF,IAAI,CAAC,aAAa,EAAE,CAAC;YACpB,OAAO,IAAI,CAAA;QACZ,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAA;QAEpD,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,MAAM,IAAI,2BAAkB,CAAC,wBAAwB,CAAC,CAAA;QACvD,CAAC;QAGD,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAA;QAExE,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,IAAI,2BAAkB,CAAC,kCAAkC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC3F,CAAC;QAED,OAAO,IAAI,CAAA;IACZ,CAAC;CACD,CAAA;AA5BY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;qCAEmB,gBAAS;GAD5B,UAAU,CA4BtB"}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+export { SecurityModule } from './security.module';
+export { SecurityService } from './services/security.service';
+export { IpBlacklistGuard } from './guards/ip-blacklist.guard';
+export { RolesGuard } from './guards/roles.guard';
+export { AdminGuard } from './guards/admin.guard';
+export { Roles } from './decorators/roles.decorator';
+export { BlacklistedIp, BlacklistedIpSchema } from './schemas/blacklisted-ip.schema';
+export { SecurityConfigInterface } from './interfaces/security-config.interface';
+export { SecurityController } from './controllers/security.controller';

package/dist/index.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityController = exports.BlacklistedIpSchema = exports.BlacklistedIp = exports.Roles = exports.AdminGuard = exports.RolesGuard = exports.IpBlacklistGuard = exports.SecurityService = exports.SecurityModule = void 0;
+var security_module_1 = require("./security.module");
+Object.defineProperty(exports, "SecurityModule", { enumerable: true, get: function () { return security_module_1.SecurityModule; } });
+var security_service_1 = require("./services/security.service");
+Object.defineProperty(exports, "SecurityService", { enumerable: true, get: function () { return security_service_1.SecurityService; } });
+var ip_blacklist_guard_1 = require("./guards/ip-blacklist.guard");
+Object.defineProperty(exports, "IpBlacklistGuard", { enumerable: true, get: function () { return ip_blacklist_guard_1.IpBlacklistGuard; } });
+var roles_guard_1 = require("./guards/roles.guard");
+Object.defineProperty(exports, "RolesGuard", { enumerable: true, get: function () { return roles_guard_1.RolesGuard; } });
+var admin_guard_1 = require("./guards/admin.guard");
+Object.defineProperty(exports, "AdminGuard", { enumerable: true, get: function () { return admin_guard_1.AdminGuard; } });
+var roles_decorator_1 = require("./decorators/roles.decorator");
+Object.defineProperty(exports, "Roles", { enumerable: true, get: function () { return roles_decorator_1.Roles; } });
+var blacklisted_ip_schema_1 = require("./schemas/blacklisted-ip.schema");
+Object.defineProperty(exports, "BlacklistedIp", { enumerable: true, get: function () { return blacklisted_ip_schema_1.BlacklistedIp; } });
+Object.defineProperty(exports, "BlacklistedIpSchema", { enumerable: true, get: function () { return blacklisted_ip_schema_1.BlacklistedIpSchema; } });
+var security_controller_1 = require("./controllers/security.controller");
+Object.defineProperty(exports, "SecurityController", { enumerable: true, get: function () { return security_controller_1.SecurityController; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AACA,qDAAkD;AAAzC,iHAAA,cAAc,OAAA;AAGvB,gEAA6D;AAApD,mHAAA,eAAe,OAAA;AAGxB,kEAA8D;AAArD,sHAAA,gBAAgB,OAAA;AACzB,oDAAiD;AAAxC,yGAAA,UAAU,OAAA;AACnB,oDAAiD;AAAxC,yGAAA,UAAU,OAAA;AAGnB,gEAAoD;AAA3C,wGAAA,KAAK,OAAA;AAGd,yEAAoF;AAA3E,sHAAA,aAAa,OAAA;AAAE,4HAAA,mBAAmB,OAAA;AAM3C,yEAAsE;AAA7D,yHAAA,kBAAkB,OAAA"}

package/dist/interfaces/security-config.interface.d.ts

@@ -0,0 +1,25 @@
+export interface SecurityConfigInterface {
+    enableDatabase?: boolean;
+    mongooseConnection?: string;
+    cache?: {
+        ttl?: number;
+        max?: number;
+        store?: any;
+    };
+    enableAdminPanel?: boolean;
+    adminPath?: string;
+    enableAutoBlocking?: boolean;
+    suspiciousPatterns?: Array<{
+        pattern: string;
+        name: string;
+        blockDurationHours?: number;
+    }>;
+    defaultBlockDurationHours?: number;
+    enableRateLimit?: boolean;
+    rateLimitOptions?: {
+        windowMs?: number;
+        max?: number;
+    };
+    enableLogging?: boolean;
+    logLevel?: 'error' | 'warn' | 'info' | 'debug';
+}

package/dist/interfaces/security-config.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=security-config.interface.js.map

package/dist/interfaces/security-config.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-config.interface.js","sourceRoot":"","sources":["../../src/interfaces/security-config.interface.ts"],"names":[],"mappings":""}

package/dist/schemas/blacklisted-ip.schema.d.ts

@@ -0,0 +1,23 @@
+import { Document } from 'mongoose';
+export declare class BlacklistedIp extends Document {
+    ip: string;
+    reason: string;
+    blockedAt: Date;
+    expiresAt: Date;
+    durationHours: number;
+    blockedBy: string;
+    userAgent?: string;
+    requestUrl?: string;
+    active: boolean;
+    blockType: 'manual' | 'auto';
+    attackPattern?: string;
+}
+export declare const BlacklistedIpSchema: import("mongoose").Schema<BlacklistedIp, import("mongoose").Model<BlacklistedIp, any, any, any, Document<unknown, any, BlacklistedIp, any, {}> & BlacklistedIp & Required<{
+    _id: unknown;
+}> & {
+    __v: number;
+}, any>, {}, {}, {}, {}, import("mongoose").DefaultSchemaOptions, BlacklistedIp, Document<unknown, {}, import("mongoose").FlatRecord<BlacklistedIp>, {}, import("mongoose").ResolveSchemaOptions<import("mongoose").DefaultSchemaOptions>> & import("mongoose").FlatRecord<BlacklistedIp> & Required<{
+    _id: unknown;
+}> & {
+    __v: number;
+}>;

package/dist/schemas/blacklisted-ip.schema.js

@@ -0,0 +1,69 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BlacklistedIpSchema = exports.BlacklistedIp = void 0;
+const mongoose_1 = require("@nestjs/mongoose");
+const mongoose_2 = require("mongoose");
+let BlacklistedIp = class BlacklistedIp extends mongoose_2.Document {
+};
+exports.BlacklistedIp = BlacklistedIp;
+__decorate([
+    (0, mongoose_1.Prop)({ required: true, unique: true }),
+    __metadata("design:type", String)
+], BlacklistedIp.prototype, "ip", void 0);
+__decorate([
+    (0, mongoose_1.Prop)({ required: true }),
+    __metadata("design:type", String)
+], BlacklistedIp.prototype, "reason", void 0);
+__decorate([
+    (0, mongoose_1.Prop)({ required: true }),
+    __metadata("design:type", Date)
+], BlacklistedIp.prototype, "blockedAt", void 0);
+__decorate([
+    (0, mongoose_1.Prop)({ required: true }),
+    __metadata("design:type", Date)
+], BlacklistedIp.prototype, "expiresAt", void 0);
+__decorate([
+    (0, mongoose_1.Prop)({ required: true }),
+    __metadata("design:type", Number)
+], BlacklistedIp.prototype, "durationHours", void 0);
+__decorate([
+    (0, mongoose_1.Prop)(),
+    __metadata("design:type", String)
+], BlacklistedIp.prototype, "blockedBy", void 0);
+__decorate([
+    (0, mongoose_1.Prop)(),
+    __metadata("design:type", String)
+], BlacklistedIp.prototype, "userAgent", void 0);
+__decorate([
+    (0, mongoose_1.Prop)(),
+    __metadata("design:type", String)
+], BlacklistedIp.prototype, "requestUrl", void 0);
+__decorate([
+    (0, mongoose_1.Prop)({ default: true }),
+    __metadata("design:type", Boolean)
+], BlacklistedIp.prototype, "active", void 0);
+__decorate([
+    (0, mongoose_1.Prop)({ default: 'manual' }),
+    __metadata("design:type", String)
+], BlacklistedIp.prototype, "blockType", void 0);
+__decorate([
+    (0, mongoose_1.Prop)(),
+    __metadata("design:type", String)
+], BlacklistedIp.prototype, "attackPattern", void 0);
+exports.BlacklistedIp = BlacklistedIp = __decorate([
+    (0, mongoose_1.Schema)({ timestamps: true })
+], BlacklistedIp);
+exports.BlacklistedIpSchema = mongoose_1.SchemaFactory.createForClass(BlacklistedIp);
+exports.BlacklistedIpSchema.index({ expiresAt: 1 });
+exports.BlacklistedIpSchema.index({ active: 1, expiresAt: 1 });
+exports.BlacklistedIpSchema.index({ createdAt: -1 });
+//# sourceMappingURL=blacklisted-ip.schema.js.map

package/dist/schemas/blacklisted-ip.schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"blacklisted-ip.schema.js","sourceRoot":"","sources":["../../src/schemas/blacklisted-ip.schema.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+CAA8D;AAC9D,uCAAmC;AAG5B,IAAM,aAAa,GAAnB,MAAM,aAAc,SAAQ,mBAAQ;CAiC1C,CAAA;AAjCY,sCAAa;AAEzB;IADC,IAAA,eAAI,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;;yCAC7B;AAGV;IADC,IAAA,eAAI,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;6CACX;AAGd;IADC,IAAA,eAAI,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;8BACd,IAAI;gDAAA;AAGf;IADC,IAAA,eAAI,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;8BACd,IAAI;gDAAA;AAGf;IADC,IAAA,eAAI,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;oDACJ;AAGrB;IADC,IAAA,eAAI,GAAE;;gDACU;AAGjB;IADC,IAAA,eAAI,GAAE;;gDACW;AAGlB;IADC,IAAA,eAAI,GAAE;;iDACY;AAGnB;IADC,IAAA,eAAI,EAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;;6CACT;AAGf;IADC,IAAA,eAAI,EAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;;gDACA;AAG5B;IADC,IAAA,eAAI,GAAE;;oDACe;wBAhCV,aAAa;IADzB,IAAA,iBAAM,EAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;GAChB,aAAa,CAiCzB;AAEY,QAAA,mBAAmB,GAAG,wBAAa,CAAC,cAAc,CAAC,aAAa,CAAC,CAAA;AAI9E,2BAAmB,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAA;AAC3C,2BAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAA;AACtD,2BAAmB,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,CAAA"}

package/dist/security.module.d.ts

@@ -0,0 +1,2 @@
+export declare class SecurityModule {
+}