tychat-contracts 1.0.48 → 1.0.49

package/dist/auth/auth-kafka.payloads.d.ts

@@ -1,5 +1,5 @@
-import { LoginDto } from "./login.dto";
-import { RefreshTokenDto } from "./refresh-token.dto";
+import { LoginDto } from './login.dto';
+import { RefreshTokenDto } from './refresh-token.dto';
 export declare class LoginPayload extends LoginDto {
     tenant: string;
 }
@@ -10,4 +10,13 @@ export declare class ValidatePayload {
 export declare class RefreshPayload extends RefreshTokenDto {
     tenant: string;
 }
+export declare class RequestPasswordResetPayload {
+    tenant: string;
+    email: string;
+}
+export declare class ConfirmPasswordResetPayload {
+    tenant: string;
+    verify_token: string;
+    password: string;
+}
 //# sourceMappingURL=auth-kafka.payloads.d.ts.map

package/dist/auth/auth-kafka.payloads.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-kafka.payloads.d.ts","sourceRoot":"","sources":["../../src/auth/auth-kafka.payloads.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEtD,qBAAa,YAAa,SAAQ,QAAQ;IAKxC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,eAAe;IAK1B,MAAM,EAAE,MAAM,CAAC;IAMf,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,cAAe,SAAQ,eAAe;IAKjD,MAAM,EAAE,MAAM,CAAC;CAChB"}
+{"version":3,"file":"auth-kafka.payloads.d.ts","sourceRoot":"","sources":["../../src/auth/auth-kafka.payloads.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEtD,qBAAa,YAAa,SAAQ,QAAQ;IAKxC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,eAAe;IAK1B,MAAM,EAAE,MAAM,CAAC;IAMf,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,cAAe,SAAQ,eAAe;IAKjD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,2BAA2B;IAKtC,MAAM,EAAE,MAAM,CAAC;IAMf,KAAK,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,2BAA2B;IAKtC,MAAM,EAAE,MAAM,CAAC;IAMf,YAAY,EAAE,MAAM,CAAC;IAMrB,QAAQ,EAAE,MAAM,CAAC;CAClB"}

package/dist/auth/auth-kafka.payloads.js

@@ -9,10 +9,10 @@ var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.RefreshPayload = exports.ValidatePayload = exports.LoginPayload = void 0;
+exports.ConfirmPasswordResetPayload = exports.RequestPasswordResetPayload = exports.RefreshPayload = exports.ValidatePayload = exports.LoginPayload = void 0;
 const swagger_1 = require("@nestjs/swagger");
-const login_dto_1 = require("./login.dto");
 const class_validator_1 = require("class-validator");
+const login_dto_1 = require("./login.dto");
 const refresh_token_dto_1 = require("./refresh-token.dto");
 class LoginPayload extends login_dto_1.LoginDto {
     tenant;
@@ -55,3 +55,49 @@ __decorate([
     (0, class_validator_1.MaxLength)(255),
     __metadata("design:type", String)
 ], RefreshPayload.prototype, "tenant", void 0);
+class RequestPasswordResetPayload {
+    tenant;
+    email;
+}
+exports.RequestPasswordResetPayload = RequestPasswordResetPayload;
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'ID do tenant', example: 'tenant1' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(1, { message: 'tenant não pode ser vazio' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], RequestPasswordResetPayload.prototype, "tenant", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'E-mail do usuário', example: 'usuario@empresa.com' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(1, { message: 'email não pode ser vazio' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], RequestPasswordResetPayload.prototype, "email", void 0);
+class ConfirmPasswordResetPayload {
+    tenant;
+    verify_token;
+    password;
+}
+exports.ConfirmPasswordResetPayload = ConfirmPasswordResetPayload;
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'ID do tenant', example: 'tenant1' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(1, { message: 'tenant não pode ser vazio' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], ConfirmPasswordResetPayload.prototype, "tenant", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Token de verificação para reset de senha', example: 'a3b5f3c1...' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(1, { message: 'verify_token não pode ser vazio' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], ConfirmPasswordResetPayload.prototype, "verify_token", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Nova senha do usuário', example: 'senha123' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(6, { message: 'password deve ter no mínimo 6 caracteres' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], ConfirmPasswordResetPayload.prototype, "password", void 0);

package/dist/auth/auth-login-response.dto.d.ts

@@ -0,0 +1,6 @@
+export declare class AuthLoginResponseDto {
+    access_token: string;
+    refresh_token: string;
+    force_change_password: boolean;
+}
+//# sourceMappingURL=auth-login-response.dto.d.ts.map

package/dist/auth/auth-login-response.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-login-response.dto.d.ts","sourceRoot":"","sources":["../../src/auth/auth-login-response.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,oBAAoB;IAE/B,YAAY,EAAE,MAAM,CAAC;IAGrB,aAAa,EAAE,MAAM,CAAC;IAMtB,qBAAqB,EAAE,OAAO,CAAC;CAChC"}

package/dist/auth/auth-login-response.dto.js

@@ -0,0 +1,34 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthLoginResponseDto = void 0;
+const swagger_1 = require("@nestjs/swagger");
+class AuthLoginResponseDto {
+    access_token;
+    refresh_token;
+    force_change_password;
+}
+exports.AuthLoginResponseDto = AuthLoginResponseDto;
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Token de acesso JWT' }),
+    __metadata("design:type", String)
+], AuthLoginResponseDto.prototype, "access_token", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Token de refresh JWT' }),
+    __metadata("design:type", String)
+], AuthLoginResponseDto.prototype, "refresh_token", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({
+        description: 'Indica se o usuário deve alterar a senha no primeiro acesso',
+        example: true,
+    }),
+    __metadata("design:type", Boolean)
+], AuthLoginResponseDto.prototype, "force_change_password", void 0);

package/dist/auth/confirm-password-reset.dto.d.ts

@@ -0,0 +1,6 @@
+export declare class ConfirmPasswordResetDto {
+    verify_token: string;
+    password: string;
+    password_confirmation: string;
+}
+//# sourceMappingURL=confirm-password-reset.dto.d.ts.map

package/dist/auth/confirm-password-reset.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"confirm-password-reset.dto.d.ts","sourceRoot":"","sources":["../../src/auth/confirm-password-reset.dto.ts"],"names":[],"mappings":"AAIA,qBAAa,uBAAuB;IAQlC,YAAY,EAAE,MAAM,CAAC;IAMrB,QAAQ,EAAE,MAAM,CAAC;IAajB,qBAAqB,EAAE,MAAM,CAAC;CAC/B"}

package/dist/auth/confirm-password-reset.dto.js

@@ -0,0 +1,52 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConfirmPasswordResetDto = void 0;
+const swagger_1 = require("@nestjs/swagger");
+const class_validator_1 = require("class-validator");
+const match_field_decorator_1 = require("./match-field.decorator");
+class ConfirmPasswordResetDto {
+    verify_token;
+    password;
+    password_confirmation;
+}
+exports.ConfirmPasswordResetDto = ConfirmPasswordResetDto;
+__decorate([
+    (0, swagger_1.ApiProperty)({
+        description: 'Token de verificação recebido para troca de senha',
+        example: 'a3b5f3c1ef65...',
+    }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(1, { message: 'verify_token não pode ser vazio' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], ConfirmPasswordResetDto.prototype, "verify_token", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Nova senha', example: 'senha123', minLength: 6 }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(6, { message: 'password deve ter no mínimo 6 caracteres' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], ConfirmPasswordResetDto.prototype, "password", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({
+        description: 'Confirmação da nova senha',
+        example: 'senha123',
+        minLength: 6,
+    }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(6, { message: 'password_confirmation deve ter no mínimo 6 caracteres' }),
+    (0, class_validator_1.MaxLength)(255),
+    (0, match_field_decorator_1.MatchField)('password', {
+        message: 'password_confirmation deve ser igual a password',
+    }),
+    __metadata("design:type", String)
+], ConfirmPasswordResetDto.prototype, "password_confirmation", void 0);

package/dist/auth/index.d.ts

@@ -1,4 +1,7 @@
 export { LoginDto } from './login.dto';
-export type { LoginPayload, ValidatePayload, RefreshPayload, } from './auth-kafka.payloads';
+export { LoginPayload, ValidatePayload, RefreshPayload, RequestPasswordResetPayload, ConfirmPasswordResetPayload, } from './auth-kafka.payloads';
 export { RefreshTokenDto } from './refresh-token.dto';
+export { RequestPasswordResetDto } from './request-password-reset.dto';
+export { ConfirmPasswordResetDto } from './confirm-password-reset.dto';
+export { AuthLoginResponseDto } from './auth-login-response.dto';
 //# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,YAAY,EACV,YAAY,EACZ,eAAe,EACf,cAAc,GACf,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EACL,YAAY,EACZ,eAAe,EACf,cAAc,EACd,2BAA2B,EAC3B,2BAA2B,GAC5B,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC"}

package/dist/auth/index.js

@@ -1,7 +1,19 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.RefreshTokenDto = exports.LoginDto = void 0;
+exports.AuthLoginResponseDto = exports.ConfirmPasswordResetDto = exports.RequestPasswordResetDto = exports.RefreshTokenDto = exports.ConfirmPasswordResetPayload = exports.RequestPasswordResetPayload = exports.RefreshPayload = exports.ValidatePayload = exports.LoginPayload = exports.LoginDto = void 0;
 var login_dto_1 = require("./login.dto");
 Object.defineProperty(exports, "LoginDto", { enumerable: true, get: function () { return login_dto_1.LoginDto; } });
+var auth_kafka_payloads_1 = require("./auth-kafka.payloads");
+Object.defineProperty(exports, "LoginPayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.LoginPayload; } });
+Object.defineProperty(exports, "ValidatePayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.ValidatePayload; } });
+Object.defineProperty(exports, "RefreshPayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.RefreshPayload; } });
+Object.defineProperty(exports, "RequestPasswordResetPayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.RequestPasswordResetPayload; } });
+Object.defineProperty(exports, "ConfirmPasswordResetPayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.ConfirmPasswordResetPayload; } });
 var refresh_token_dto_1 = require("./refresh-token.dto");
 Object.defineProperty(exports, "RefreshTokenDto", { enumerable: true, get: function () { return refresh_token_dto_1.RefreshTokenDto; } });
+var request_password_reset_dto_1 = require("./request-password-reset.dto");
+Object.defineProperty(exports, "RequestPasswordResetDto", { enumerable: true, get: function () { return request_password_reset_dto_1.RequestPasswordResetDto; } });
+var confirm_password_reset_dto_1 = require("./confirm-password-reset.dto");
+Object.defineProperty(exports, "ConfirmPasswordResetDto", { enumerable: true, get: function () { return confirm_password_reset_dto_1.ConfirmPasswordResetDto; } });
+var auth_login_response_dto_1 = require("./auth-login-response.dto");
+Object.defineProperty(exports, "AuthLoginResponseDto", { enumerable: true, get: function () { return auth_login_response_dto_1.AuthLoginResponseDto; } });

package/dist/auth/match-field.decorator.d.ts

@@ -0,0 +1,3 @@
+import { ValidationOptions } from 'class-validator';
+export declare function MatchField(sourceField: string, validationOptions?: ValidationOptions): (object: object, propertyName: string) => void;
+//# sourceMappingURL=match-field.decorator.d.ts.map

package/dist/auth/match-field.decorator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"match-field.decorator.d.ts","sourceRoot":"","sources":["../../src/auth/match-field.decorator.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,iBAAiB,EAClB,MAAM,iBAAiB,CAAC;AAEzB,wBAAgB,UAAU,CACxB,WAAW,EAAE,MAAM,EACnB,iBAAiB,CAAC,EAAE,iBAAiB,IAEpB,QAAQ,MAAM,EAAE,cAAc,MAAM,UAmBtD"}

package/dist/auth/match-field.decorator.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MatchField = MatchField;
+const class_validator_1 = require("class-validator");
+function MatchField(sourceField, validationOptions) {
+    return function (object, propertyName) {
+        (0, class_validator_1.registerDecorator)({
+            name: 'matchField',
+            target: object.constructor,
+            propertyName,
+            constraints: [sourceField],
+            options: validationOptions,
+            validator: {
+                validate(value, args) {
+                    const [field] = args.constraints;
+                    return value === args.object[field];
+                },
+                defaultMessage(args) {
+                    const [field] = args.constraints;
+                    return `${args.property} must match ${field}`;
+                },
+            },
+        });
+    };
+}

package/dist/auth/request-password-reset.dto.d.ts

@@ -0,0 +1,4 @@
+export declare class RequestPasswordResetDto {
+    email: string;
+}
+//# sourceMappingURL=request-password-reset.dto.d.ts.map

package/dist/auth/request-password-reset.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-password-reset.dto.d.ts","sourceRoot":"","sources":["../../src/auth/request-password-reset.dto.ts"],"names":[],"mappings":"AAGA,qBAAa,uBAAuB;IAKlC,KAAK,EAAE,MAAM,CAAC;CACf"}

package/dist/auth/request-password-reset.dto.js

@@ -0,0 +1,25 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RequestPasswordResetDto = void 0;
+const swagger_1 = require("@nestjs/swagger");
+const class_validator_1 = require("class-validator");
+class RequestPasswordResetDto {
+    email;
+}
+exports.RequestPasswordResetDto = RequestPasswordResetDto;
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'E-mail do usuário', example: 'usuario@empresa.com' }),
+    (0, class_validator_1.IsEmail)({}, { message: 'email deve ser um e-mail válido' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(1, { message: 'email não pode ser vazio' }),
+    __metadata("design:type", String)
+], RequestPasswordResetDto.prototype, "email", void 0);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tychat-contracts",
-  "version": "1.0.48",
+  "version": "1.0.49",
   "description": "DTOs compartilhados com class-validator (API e microserviços)",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/auth/auth-kafka.payloads.ts

@@ -1,7 +1,7 @@
-import { ApiProperty } from "@nestjs/swagger";
-import { LoginDto } from "./login.dto";
-import { IsString, MaxLength, MinLength } from "class-validator";
-import { RefreshTokenDto } from "./refresh-token.dto";
+import { ApiProperty } from '@nestjs/swagger';
+import { IsString, MaxLength, MinLength } from 'class-validator';
+import { LoginDto } from './login.dto';
+import { RefreshTokenDto } from './refresh-token.dto';
 
 export class LoginPayload extends LoginDto {
   @ApiProperty({ description: 'ID do tenant', example: 'tenant1' })
@@ -31,4 +31,38 @@ export class RefreshPayload extends RefreshTokenDto {
   @MinLength(1, { message: 'tenant não pode ser vazio' })
   @MaxLength(255)
   tenant: string;
+}
+
+export class RequestPasswordResetPayload {
+  @ApiProperty({ description: 'ID do tenant', example: 'tenant1' })
+  @IsString()
+  @MinLength(1, { message: 'tenant não pode ser vazio' })
+  @MaxLength(255)
+  tenant: string;
+
+  @ApiProperty({ description: 'E-mail do usuário', example: 'usuario@empresa.com' })
+  @IsString()
+  @MinLength(1, { message: 'email não pode ser vazio' })
+  @MaxLength(255)
+  email: string;
+}
+
+export class ConfirmPasswordResetPayload {
+  @ApiProperty({ description: 'ID do tenant', example: 'tenant1' })
+  @IsString()
+  @MinLength(1, { message: 'tenant não pode ser vazio' })
+  @MaxLength(255)
+  tenant: string;
+
+  @ApiProperty({ description: 'Token de verificação para reset de senha', example: 'a3b5f3c1...' })
+  @IsString()
+  @MinLength(1, { message: 'verify_token não pode ser vazio' })
+  @MaxLength(255)
+  verify_token: string;
+
+  @ApiProperty({ description: 'Nova senha do usuário', example: 'senha123' })
+  @IsString()
+  @MinLength(6, { message: 'password deve ter no mínimo 6 caracteres' })
+  @MaxLength(255)
+  password: string;
 }

package/src/auth/auth-login-response.dto.ts

@@ -0,0 +1,15 @@
+import { ApiProperty } from '@nestjs/swagger';
+
+export class AuthLoginResponseDto {
+  @ApiProperty({ description: 'Token de acesso JWT' })
+  access_token: string;
+
+  @ApiProperty({ description: 'Token de refresh JWT' })
+  refresh_token: string;
+
+  @ApiProperty({
+    description: 'Indica se o usuário deve alterar a senha no primeiro acesso',
+    example: true,
+  })
+  force_change_password: boolean;
+}

package/src/auth/confirm-password-reset.dto.ts

@@ -0,0 +1,33 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsString, MaxLength, MinLength } from 'class-validator';
+import { MatchField } from './match-field.decorator';
+
+export class ConfirmPasswordResetDto {
+  @ApiProperty({
+    description: 'Token de verificação recebido para troca de senha',
+    example: 'a3b5f3c1ef65...',
+  })
+  @IsString()
+  @MinLength(1, { message: 'verify_token não pode ser vazio' })
+  @MaxLength(255)
+  verify_token: string;
+
+  @ApiProperty({ description: 'Nova senha', example: 'senha123', minLength: 6 })
+  @IsString()
+  @MinLength(6, { message: 'password deve ter no mínimo 6 caracteres' })
+  @MaxLength(255)
+  password: string;
+
+  @ApiProperty({
+    description: 'Confirmação da nova senha',
+    example: 'senha123',
+    minLength: 6,
+  })
+  @IsString()
+  @MinLength(6, { message: 'password_confirmation deve ter no mínimo 6 caracteres' })
+  @MaxLength(255)
+  @MatchField('password', {
+    message: 'password_confirmation deve ser igual a password',
+  })
+  password_confirmation: string;
+}

package/src/auth/index.ts

@@ -1,7 +1,12 @@
 export { LoginDto } from './login.dto';
-export type {
+export {
   LoginPayload,
   ValidatePayload,
   RefreshPayload,
+  RequestPasswordResetPayload,
+  ConfirmPasswordResetPayload,
 } from './auth-kafka.payloads';
 export { RefreshTokenDto } from './refresh-token.dto';
+export { RequestPasswordResetDto } from './request-password-reset.dto';
+export { ConfirmPasswordResetDto } from './confirm-password-reset.dto';
+export { AuthLoginResponseDto } from './auth-login-response.dto';

package/src/auth/match-field.decorator.ts

@@ -0,0 +1,30 @@
+import {
+  registerDecorator,
+  ValidationArguments,
+  ValidationOptions,
+} from 'class-validator';
+
+export function MatchField(
+  sourceField: string,
+  validationOptions?: ValidationOptions,
+) {
+  return function (object: object, propertyName: string) {
+    registerDecorator({
+      name: 'matchField',
+      target: object.constructor,
+      propertyName,
+      constraints: [sourceField],
+      options: validationOptions,
+      validator: {
+        validate(value: unknown, args: ValidationArguments) {
+          const [field] = args.constraints as [string];
+          return value === (args.object as Record<string, unknown>)[field];
+        },
+        defaultMessage(args: ValidationArguments) {
+          const [field] = args.constraints as [string];
+          return `${args.property} must match ${field}`;
+        },
+      },
+    });
+  };
+}

package/src/auth/request-password-reset.dto.ts

@@ -0,0 +1,10 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsEmail, IsString, MinLength } from 'class-validator';
+
+export class RequestPasswordResetDto {
+  @ApiProperty({ description: 'E-mail do usuário', example: 'usuario@empresa.com' })
+  @IsEmail({}, { message: 'email deve ser um e-mail válido' })
+  @IsString()
+  @MinLength(1, { message: 'email não pode ser vazio' })
+  email: string;
+}

package/dist/users/user-update-constraints.d.ts

@@ -1,12 +0,0 @@
-import { ValidationArguments, ValidatorConstraintInterface } from 'class-validator';
-/** Ensures at least one of name, email, or password is provided for PATCH-style updates. */
-export declare class AtLeastOneUserUpdateFieldConstraint implements ValidatorConstraintInterface {
-    validate(_: unknown, args: ValidationArguments): boolean;
-    defaultMessage(): string;
-}
-/** Same as self-update, plus optional role (for admin PATCH). */
-export declare class AtLeastOneAdminUpdateFieldConstraint implements ValidatorConstraintInterface {
-    validate(_: unknown, args: ValidationArguments): boolean;
-    defaultMessage(): string;
-}
-//# sourceMappingURL=user-update-constraints.d.ts.map

package/dist/users/user-update-constraints.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"user-update-constraints.d.ts","sourceRoot":"","sources":["../../src/users/user-update-constraints.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EAEnB,4BAA4B,EAC7B,MAAM,iBAAiB,CAAC;AAEzB,4FAA4F;AAC5F,qBACa,mCAAoC,YAAW,4BAA4B;IACtF,QAAQ,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB;IAQ9C,cAAc;CAGf;AAED,iEAAiE;AACjE,qBACa,oCAAqC,YAAW,4BAA4B;IACvF,QAAQ,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB;IAc9C,cAAc;CAGf"}

package/dist/users/user-update-constraints.js

@@ -1,45 +0,0 @@
-"use strict";
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AtLeastOneAdminUpdateFieldConstraint = exports.AtLeastOneUserUpdateFieldConstraint = void 0;
-const class_validator_1 = require("class-validator");
-/** Ensures at least one of name, email, or password is provided for PATCH-style updates. */
-let AtLeastOneUserUpdateFieldConstraint = class AtLeastOneUserUpdateFieldConstraint {
-    validate(_, args) {
-        const o = args.object;
-        const hasName = o.name != null && String(o.name).trim() !== '';
-        const hasEmail = o.email != null && String(o.email).trim() !== '';
-        const hasPassword = o.password != null && String(o.password).length > 0;
-        return hasName || hasEmail || hasPassword;
-    }
-    defaultMessage() {
-        return 'Provide at least one of name, email, or password';
-    }
-};
-exports.AtLeastOneUserUpdateFieldConstraint = AtLeastOneUserUpdateFieldConstraint;
-exports.AtLeastOneUserUpdateFieldConstraint = AtLeastOneUserUpdateFieldConstraint = __decorate([
-    (0, class_validator_1.ValidatorConstraint)({ name: 'atLeastOneUserUpdateField', async: false })
-], AtLeastOneUserUpdateFieldConstraint);
-/** Same as self-update, plus optional role (for admin PATCH). */
-let AtLeastOneAdminUpdateFieldConstraint = class AtLeastOneAdminUpdateFieldConstraint {
-    validate(_, args) {
-        const o = args.object;
-        const hasName = o.name != null && String(o.name).trim() !== '';
-        const hasEmail = o.email != null && String(o.email).trim() !== '';
-        const hasPassword = o.password != null && String(o.password).length > 0;
-        const hasRole = o.role != null && String(o.role).trim() !== '';
-        return hasName || hasEmail || hasPassword || hasRole;
-    }
-    defaultMessage() {
-        return 'Provide at least one of name, email, password, or role';
-    }
-};
-exports.AtLeastOneAdminUpdateFieldConstraint = AtLeastOneAdminUpdateFieldConstraint;
-exports.AtLeastOneAdminUpdateFieldConstraint = AtLeastOneAdminUpdateFieldConstraint = __decorate([
-    (0, class_validator_1.ValidatorConstraint)({ name: 'atLeastOneAdminUpdateField', async: false })
-], AtLeastOneAdminUpdateFieldConstraint);