tychat-contracts 1.5.2 → 1.5.3

package/dist/auth/index.d.ts

@@ -7,5 +7,5 @@ export { RequestPasswordResetResponseDto } from './request-password-reset-respon
 export { PasswordResetFinalize2faDto } from './password-reset-finalize-2fa.dto';
 export { AuthLoginResponseDto } from './auth-login-response.dto';
 export { Login2faDto } from './login-2fa.dto';
-export { TotpSetupConfirmDto, TotpDisableDto, TotpSetupStartResponseDto, } from './totp-user.dto';
+export { TotpSetupConfirmDto, TotpSetupConfirmResponseDto, TotpDisableDto, TotpSetupStartResponseDto, } from './totp-user.dto';
 //# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EACL,YAAY,EACZ,eAAe,EACf,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,2BAA2B,EAC3B,2BAA2B,EAC3B,+BAA+B,GAChC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,+BAA+B,EAAE,MAAM,uCAAuC,CAAC;AACxF,OAAO,EAAE,2BAA2B,EAAE,MAAM,mCAAmC,CAAC;AAChF,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,mBAAmB,EACnB,cAAc,EACd,yBAAyB,GAC1B,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EACL,YAAY,EACZ,eAAe,EACf,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,2BAA2B,EAC3B,2BAA2B,EAC3B,+BAA+B,GAChC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,+BAA+B,EAAE,MAAM,uCAAuC,CAAC;AACxF,OAAO,EAAE,2BAA2B,EAAE,MAAM,mCAAmC,CAAC;AAChF,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,mBAAmB,EACnB,2BAA2B,EAC3B,cAAc,EACd,yBAAyB,GAC1B,MAAM,iBAAiB,CAAC"}

package/dist/auth/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.TotpSetupStartResponseDto = exports.TotpDisableDto = exports.TotpSetupConfirmDto = exports.Login2faDto = exports.AuthLoginResponseDto = exports.PasswordResetFinalize2faDto = exports.RequestPasswordResetResponseDto = exports.ConfirmPasswordResetDto = exports.RequestPasswordResetDto = exports.RefreshTokenDto = exports.PasswordResetFinalize2faPayload = exports.ConfirmPasswordResetPayload = exports.RequestPasswordResetPayload = exports.GetProfilePayload = exports.RefreshPayload = exports.ValidatePayload = exports.Login2faPayload = exports.LoginPayload = exports.LoginDto = void 0;
+exports.TotpSetupStartResponseDto = exports.TotpDisableDto = exports.TotpSetupConfirmResponseDto = exports.TotpSetupConfirmDto = exports.Login2faDto = exports.AuthLoginResponseDto = exports.PasswordResetFinalize2faDto = exports.RequestPasswordResetResponseDto = exports.ConfirmPasswordResetDto = exports.RequestPasswordResetDto = exports.RefreshTokenDto = exports.PasswordResetFinalize2faPayload = exports.ConfirmPasswordResetPayload = exports.RequestPasswordResetPayload = exports.GetProfilePayload = exports.RefreshPayload = exports.ValidatePayload = exports.Login2faPayload = exports.LoginPayload = exports.LoginDto = void 0;
 var login_dto_1 = require("./login.dto");
 Object.defineProperty(exports, "LoginDto", { enumerable: true, get: function () { return login_dto_1.LoginDto; } });
 var auth_kafka_payloads_1 = require("./auth-kafka.payloads");
@@ -28,5 +28,6 @@ var login_2fa_dto_1 = require("./login-2fa.dto");
 Object.defineProperty(exports, "Login2faDto", { enumerable: true, get: function () { return login_2fa_dto_1.Login2faDto; } });
 var totp_user_dto_1 = require("./totp-user.dto");
 Object.defineProperty(exports, "TotpSetupConfirmDto", { enumerable: true, get: function () { return totp_user_dto_1.TotpSetupConfirmDto; } });
+Object.defineProperty(exports, "TotpSetupConfirmResponseDto", { enumerable: true, get: function () { return totp_user_dto_1.TotpSetupConfirmResponseDto; } });
 Object.defineProperty(exports, "TotpDisableDto", { enumerable: true, get: function () { return totp_user_dto_1.TotpDisableDto; } });
 Object.defineProperty(exports, "TotpSetupStartResponseDto", { enumerable: true, get: function () { return totp_user_dto_1.TotpSetupStartResponseDto; } });

package/dist/auth/totp-user.dto.d.ts

@@ -1,9 +1,15 @@
 export declare class TotpSetupConfirmDto {
     totp: string;
 }
+/** Resposta após confirmar o 2FA: códigos de recuperação mostrados uma única vez. */
+export declare class TotpSetupConfirmResponseDto {
+    success: true;
+    recovery_codes: string[];
+}
 export declare class TotpDisableDto {
     current_password: string;
-    totp: string;
+    totp?: string;
+    recovery_code?: string;
 }
 export declare class TotpSetupStartResponseDto {
     otpauth_url: string;

package/dist/auth/totp-user.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"totp-user.dto.d.ts","sourceRoot":"","sources":["../../src/auth/totp-user.dto.ts"],"names":[],"mappings":"AAGA,qBAAa,mBAAmB;IAI9B,IAAI,EAAE,MAAM,CAAC;CACd;AAED,qBAAa,cAAc;IAIzB,gBAAgB,EAAE,MAAM,CAAC;IAKzB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,qBAAa,yBAAyB;IAEpC,WAAW,EAAE,MAAM,CAAC;IAGpB,aAAa,EAAE,MAAM,CAAC;CACvB"}
+{"version":3,"file":"totp-user.dto.d.ts","sourceRoot":"","sources":["../../src/auth/totp-user.dto.ts"],"names":[],"mappings":"AAGA,qBAAa,mBAAmB;IAI9B,IAAI,EAAE,MAAM,CAAC;CACd;AAED,qFAAqF;AACrF,qBAAa,2BAA2B;IAEtC,OAAO,EAAE,IAAI,CAAC;IAOd,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,qBAAa,cAAc;IAIzB,gBAAgB,EAAE,MAAM,CAAC;IASzB,IAAI,CAAC,EAAE,MAAM,CAAC;IAYd,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,qBAAa,yBAAyB;IAEpC,WAAW,EAAE,MAAM,CAAC;IAGpB,aAAa,EAAE,MAAM,CAAC;CACvB"}

package/dist/auth/totp-user.dto.js

@@ -9,7 +9,7 @@ var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.TotpSetupStartResponseDto = exports.TotpDisableDto = exports.TotpSetupConfirmDto = void 0;
+exports.TotpSetupStartResponseDto = exports.TotpDisableDto = exports.TotpSetupConfirmResponseDto = exports.TotpSetupConfirmDto = void 0;
 const swagger_1 = require("@nestjs/swagger");
 const class_validator_1 = require("class-validator");
 class TotpSetupConfirmDto {
@@ -22,9 +22,27 @@ __decorate([
     (0, class_validator_1.Matches)(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' }),
     __metadata("design:type", String)
 ], TotpSetupConfirmDto.prototype, "totp", void 0);
+/** Resposta após confirmar o 2FA: códigos de recuperação mostrados uma única vez. */
+class TotpSetupConfirmResponseDto {
+    success;
+    recovery_codes;
+}
+exports.TotpSetupConfirmResponseDto = TotpSetupConfirmResponseDto;
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Confirmação de sucesso' }),
+    __metadata("design:type", Boolean)
+], TotpSetupConfirmResponseDto.prototype, "success", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({
+        type: [String],
+        description: 'Seis códigos de recuperação (hex, 10 caracteres). Guardar em local seguro; não serão repetidos pela API.',
+    }),
+    __metadata("design:type", Array)
+], TotpSetupConfirmResponseDto.prototype, "recovery_codes", void 0);
 class TotpDisableDto {
     current_password;
     totp;
+    recovery_code;
 }
 exports.TotpDisableDto = TotpDisableDto;
 __decorate([
@@ -34,11 +52,27 @@ __decorate([
     __metadata("design:type", String)
 ], TotpDisableDto.prototype, "current_password", void 0);
 __decorate([
-    (0, swagger_1.ApiProperty)({ description: 'Código TOTP atual de 6 dígitos' }),
+    (0, swagger_1.ApiProperty)({
+        required: false,
+        description: 'Código TOTP atual de 6 dígitos (obrigatório se não enviar recovery_code)',
+    }),
+    (0, class_validator_1.ValidateIf)((o) => o.recovery_code == null || String(o.recovery_code).trim() === ''),
     (0, class_validator_1.IsString)(),
     (0, class_validator_1.Matches)(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' }),
     __metadata("design:type", String)
 ], TotpDisableDto.prototype, "totp", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({
+        required: false,
+        description: 'Um dos códigos de recuperação gerados na ativação (obrigatório se não enviar totp)',
+    }),
+    (0, class_validator_1.ValidateIf)((o) => o.totp == null || String(o.totp).trim() === ''),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(10, { message: 'recovery_code inválido' }),
+    (0, class_validator_1.MaxLength)(64, { message: 'recovery_code inválido' }),
+    (0, class_validator_1.Matches)(/^[a-fA-F0-9\s-]+$/, { message: 'recovery_code inválido' }),
+    __metadata("design:type", String)
+], TotpDisableDto.prototype, "recovery_code", void 0);
 class TotpSetupStartResponseDto {
     otpauth_url;
     secret_base32;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tychat-contracts",
-  "version": "1.5.2",
+  "version": "1.5.3",
   "description": "DTOs compartilhados com class-validator (API e microserviços)",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/auth/index.ts

@@ -18,6 +18,7 @@ export { AuthLoginResponseDto } from './auth-login-response.dto';
 export { Login2faDto } from './login-2fa.dto';
 export {
   TotpSetupConfirmDto,
+  TotpSetupConfirmResponseDto,
   TotpDisableDto,
   TotpSetupStartResponseDto,
 } from './totp-user.dto';

package/src/auth/totp-user.dto.ts

@@ -1,5 +1,5 @@
 import { ApiProperty } from '@nestjs/swagger';
-import { IsString, Matches, MinLength } from 'class-validator';
+import { IsString, Matches, MaxLength, MinLength, ValidateIf } from 'class-validator';
 
 export class TotpSetupConfirmDto {
   @ApiProperty({ description: 'Código TOTP de 6 dígitos para confirmar o pareamento' })
@@ -8,16 +8,45 @@ export class TotpSetupConfirmDto {
   totp: string;
 }
 
+/** Resposta após confirmar o 2FA: códigos de recuperação mostrados uma única vez. */
+export class TotpSetupConfirmResponseDto {
+  @ApiProperty({ description: 'Confirmação de sucesso' })
+  success: true;
+
+  @ApiProperty({
+    type: [String],
+    description:
+      'Seis códigos de recuperação (hex, 10 caracteres). Guardar em local seguro; não serão repetidos pela API.',
+  })
+  recovery_codes: string[];
+}
+
 export class TotpDisableDto {
   @ApiProperty({ description: 'Senha atual do utilizador' })
   @IsString()
   @MinLength(1, { message: 'current_password não pode ser vazio' })
   current_password: string;
 
-  @ApiProperty({ description: 'Código TOTP atual de 6 dígitos' })
+  @ApiProperty({
+    required: false,
+    description: 'Código TOTP atual de 6 dígitos (obrigatório se não enviar recovery_code)',
+  })
+  @ValidateIf((o) => o.recovery_code == null || String(o.recovery_code).trim() === '')
   @IsString()
   @Matches(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' })
-  totp: string;
+  totp?: string;
+
+  @ApiProperty({
+    required: false,
+    description:
+      'Um dos códigos de recuperação gerados na ativação (obrigatório se não enviar totp)',
+  })
+  @ValidateIf((o) => o.totp == null || String(o.totp).trim() === '')
+  @IsString()
+  @MinLength(10, { message: 'recovery_code inválido' })
+  @MaxLength(64, { message: 'recovery_code inválido' })
+  @Matches(/^[a-fA-F0-9\s-]+$/, { message: 'recovery_code inválido' })
+  recovery_code?: string;
 }
 
 export class TotpSetupStartResponseDto {