tychat-contracts 1.5.2 → 1.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/auth-kafka.payloads.d.ts +14 -0
- package/dist/auth/auth-kafka.payloads.d.ts.map +1 -1
- package/dist/auth/auth-kafka.payloads.js +81 -1
- package/dist/auth/change-own-password.dto.d.ts +8 -0
- package/dist/auth/change-own-password.dto.d.ts.map +1 -0
- package/dist/auth/change-own-password.dto.js +55 -0
- package/dist/auth/index.d.ts +4 -2
- package/dist/auth/index.d.ts.map +1 -1
- package/dist/auth/index.js +8 -1
- package/dist/auth/revoke-device-session.dto.d.ts +6 -0
- package/dist/auth/revoke-device-session.dto.d.ts.map +1 -0
- package/dist/auth/revoke-device-session.dto.js +36 -0
- package/dist/auth/totp-user.dto.d.ts +7 -1
- package/dist/auth/totp-user.dto.d.ts.map +1 -1
- package/dist/auth/totp-user.dto.js +36 -2
- package/package.json +1 -1
- package/src/auth/auth-kafka.payloads.ts +58 -0
- package/src/auth/change-own-password.dto.ts +34 -0
- package/src/auth/index.ts +5 -0
- package/src/auth/revoke-device-session.dto.ts +19 -0
- package/src/auth/totp-user.dto.ts +32 -3
|
@@ -35,6 +35,20 @@ export declare class ConfirmPasswordResetPayload {
|
|
|
35
35
|
password: string;
|
|
36
36
|
}
|
|
37
37
|
/** Conclui reset de senha com 2FA (RMQ/Kafka → auth-service). */
|
|
38
|
+
export declare class DeviceSessionsRevokePayload {
|
|
39
|
+
tenant: string;
|
|
40
|
+
userId: string;
|
|
41
|
+
sessionId: string;
|
|
42
|
+
password?: string;
|
|
43
|
+
totp?: string;
|
|
44
|
+
}
|
|
45
|
+
export declare class ChangeOwnPasswordPayload {
|
|
46
|
+
tenant: string;
|
|
47
|
+
userId: string;
|
|
48
|
+
new_password: string;
|
|
49
|
+
password?: string;
|
|
50
|
+
totp?: string;
|
|
51
|
+
}
|
|
38
52
|
export declare class PasswordResetFinalize2faPayload {
|
|
39
53
|
tenant: string;
|
|
40
54
|
pre_recovery_token: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-kafka.payloads.d.ts","sourceRoot":"","sources":["../../src/auth/auth-kafka.payloads.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEtD,qBAAa,YAAa,SAAQ,QAAQ;IAKxC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,+EAA+E;AAC/E,qBAAa,eAAe;IAK1B,MAAM,EAAE,MAAM,CAAC;IAKf,cAAc,EAAE,MAAM,CAAC;IAKvB,IAAI,EAAE,MAAM,CAAC;IAMb,WAAW,CAAC,EAAE,MAAM,CAAC;IAKrB,WAAW,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,KAAK,CAAC;IAMvC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAM3B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,qBAAa,eAAe;IAK1B,MAAM,EAAE,MAAM,CAAC;IAMf,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,cAAe,SAAQ,eAAe;IAKjD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,2FAA2F;AAC3F,qBAAa,iBAAiB;IAK5B,MAAM,EAAE,MAAM,CAAC;IAQf,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,2BAA2B;IAKtC,MAAM,EAAE,MAAM,CAAC;IAMf,KAAK,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,2BAA2B;IAKtC,MAAM,EAAE,MAAM,CAAC;IAMf,YAAY,EAAE,MAAM,CAAC;IAMrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,iEAAiE;AACjE,qBAAa,+BAA+B;IAK1C,MAAM,EAAE,MAAM,CAAC;IAMf,kBAAkB,EAAE,MAAM,CAAC;IAK3B,IAAI,EAAE,MAAM,CAAC;IAMb,QAAQ,EAAE,MAAM,CAAC;CAClB"}
|
|
1
|
+
{"version":3,"file":"auth-kafka.payloads.d.ts","sourceRoot":"","sources":["../../src/auth/auth-kafka.payloads.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEtD,qBAAa,YAAa,SAAQ,QAAQ;IAKxC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,+EAA+E;AAC/E,qBAAa,eAAe;IAK1B,MAAM,EAAE,MAAM,CAAC;IAKf,cAAc,EAAE,MAAM,CAAC;IAKvB,IAAI,EAAE,MAAM,CAAC;IAMb,WAAW,CAAC,EAAE,MAAM,CAAC;IAKrB,WAAW,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,KAAK,CAAC;IAMvC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAM3B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,qBAAa,eAAe;IAK1B,MAAM,EAAE,MAAM,CAAC;IAMf,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,cAAe,SAAQ,eAAe;IAKjD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,2FAA2F;AAC3F,qBAAa,iBAAiB;IAK5B,MAAM,EAAE,MAAM,CAAC;IAQf,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,2BAA2B;IAKtC,MAAM,EAAE,MAAM,CAAC;IAMf,KAAK,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,2BAA2B;IAKtC,MAAM,EAAE,MAAM,CAAC;IAMf,YAAY,EAAE,MAAM,CAAC;IAMrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,iEAAiE;AACjE,qBAAa,2BAA2B;IAKtC,MAAM,EAAE,MAAM,CAAC;IAIf,MAAM,EAAE,MAAM,CAAC;IAIf,SAAS,EAAE,MAAM,CAAC;IAMlB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAMlB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,wBAAwB;IAKnC,MAAM,EAAE,MAAM,CAAC;IAIf,MAAM,EAAE,MAAM,CAAC;IAMf,YAAY,EAAE,MAAM,CAAC;IAMrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAMlB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,+BAA+B;IAK1C,MAAM,EAAE,MAAM,CAAC;IAMf,kBAAkB,EAAE,MAAM,CAAC;IAK3B,IAAI,EAAE,MAAM,CAAC;IAMb,QAAQ,EAAE,MAAM,CAAC;CAClB"}
|
|
@@ -9,7 +9,7 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
9
9
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.PasswordResetFinalize2faPayload = exports.ConfirmPasswordResetPayload = exports.RequestPasswordResetPayload = exports.GetProfilePayload = exports.RefreshPayload = exports.ValidatePayload = exports.Login2faPayload = exports.LoginPayload = void 0;
|
|
12
|
+
exports.PasswordResetFinalize2faPayload = exports.ChangeOwnPasswordPayload = exports.DeviceSessionsRevokePayload = exports.ConfirmPasswordResetPayload = exports.RequestPasswordResetPayload = exports.GetProfilePayload = exports.RefreshPayload = exports.ValidatePayload = exports.Login2faPayload = exports.LoginPayload = void 0;
|
|
13
13
|
const swagger_1 = require("@nestjs/swagger");
|
|
14
14
|
const class_validator_1 = require("class-validator");
|
|
15
15
|
const login_dto_1 = require("./login.dto");
|
|
@@ -181,6 +181,86 @@ __decorate([
|
|
|
181
181
|
__metadata("design:type", String)
|
|
182
182
|
], ConfirmPasswordResetPayload.prototype, "password", void 0);
|
|
183
183
|
/** Conclui reset de senha com 2FA (RMQ/Kafka → auth-service). */
|
|
184
|
+
class DeviceSessionsRevokePayload {
|
|
185
|
+
tenant;
|
|
186
|
+
userId;
|
|
187
|
+
sessionId;
|
|
188
|
+
password;
|
|
189
|
+
totp;
|
|
190
|
+
}
|
|
191
|
+
exports.DeviceSessionsRevokePayload = DeviceSessionsRevokePayload;
|
|
192
|
+
__decorate([
|
|
193
|
+
(0, swagger_1.ApiProperty)({ description: 'ID do tenant', example: 'tenant1' }),
|
|
194
|
+
(0, class_validator_1.IsString)(),
|
|
195
|
+
(0, class_validator_1.MinLength)(1, { message: 'tenant não pode ser vazio' }),
|
|
196
|
+
(0, class_validator_1.MaxLength)(255),
|
|
197
|
+
__metadata("design:type", String)
|
|
198
|
+
], DeviceSessionsRevokePayload.prototype, "tenant", void 0);
|
|
199
|
+
__decorate([
|
|
200
|
+
(0, swagger_1.ApiProperty)({ format: 'uuid' }),
|
|
201
|
+
(0, class_validator_1.IsUUID)('4', { message: 'userId deve ser um UUID válido' }),
|
|
202
|
+
__metadata("design:type", String)
|
|
203
|
+
], DeviceSessionsRevokePayload.prototype, "userId", void 0);
|
|
204
|
+
__decorate([
|
|
205
|
+
(0, swagger_1.ApiProperty)({ format: 'uuid' }),
|
|
206
|
+
(0, class_validator_1.IsUUID)('4', { message: 'sessionId deve ser um UUID válido' }),
|
|
207
|
+
__metadata("design:type", String)
|
|
208
|
+
], DeviceSessionsRevokePayload.prototype, "sessionId", void 0);
|
|
209
|
+
__decorate([
|
|
210
|
+
(0, swagger_1.ApiPropertyOptional)(),
|
|
211
|
+
(0, class_validator_1.IsOptional)(),
|
|
212
|
+
(0, class_validator_1.IsString)(),
|
|
213
|
+
(0, class_validator_1.MaxLength)(255),
|
|
214
|
+
__metadata("design:type", String)
|
|
215
|
+
], DeviceSessionsRevokePayload.prototype, "password", void 0);
|
|
216
|
+
__decorate([
|
|
217
|
+
(0, swagger_1.ApiPropertyOptional)(),
|
|
218
|
+
(0, class_validator_1.IsOptional)(),
|
|
219
|
+
(0, class_validator_1.IsString)(),
|
|
220
|
+
(0, class_validator_1.Matches)(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' }),
|
|
221
|
+
__metadata("design:type", String)
|
|
222
|
+
], DeviceSessionsRevokePayload.prototype, "totp", void 0);
|
|
223
|
+
class ChangeOwnPasswordPayload {
|
|
224
|
+
tenant;
|
|
225
|
+
userId;
|
|
226
|
+
new_password;
|
|
227
|
+
password;
|
|
228
|
+
totp;
|
|
229
|
+
}
|
|
230
|
+
exports.ChangeOwnPasswordPayload = ChangeOwnPasswordPayload;
|
|
231
|
+
__decorate([
|
|
232
|
+
(0, swagger_1.ApiProperty)({ description: 'ID do tenant', example: 'tenant1' }),
|
|
233
|
+
(0, class_validator_1.IsString)(),
|
|
234
|
+
(0, class_validator_1.MinLength)(1, { message: 'tenant não pode ser vazio' }),
|
|
235
|
+
(0, class_validator_1.MaxLength)(255),
|
|
236
|
+
__metadata("design:type", String)
|
|
237
|
+
], ChangeOwnPasswordPayload.prototype, "tenant", void 0);
|
|
238
|
+
__decorate([
|
|
239
|
+
(0, swagger_1.ApiProperty)({ format: 'uuid' }),
|
|
240
|
+
(0, class_validator_1.IsUUID)('4'),
|
|
241
|
+
__metadata("design:type", String)
|
|
242
|
+
], ChangeOwnPasswordPayload.prototype, "userId", void 0);
|
|
243
|
+
__decorate([
|
|
244
|
+
(0, swagger_1.ApiProperty)({ minLength: 6 }),
|
|
245
|
+
(0, class_validator_1.IsString)(),
|
|
246
|
+
(0, class_validator_1.MinLength)(6),
|
|
247
|
+
(0, class_validator_1.MaxLength)(255),
|
|
248
|
+
__metadata("design:type", String)
|
|
249
|
+
], ChangeOwnPasswordPayload.prototype, "new_password", void 0);
|
|
250
|
+
__decorate([
|
|
251
|
+
(0, swagger_1.ApiPropertyOptional)(),
|
|
252
|
+
(0, class_validator_1.IsOptional)(),
|
|
253
|
+
(0, class_validator_1.IsString)(),
|
|
254
|
+
(0, class_validator_1.MaxLength)(255),
|
|
255
|
+
__metadata("design:type", String)
|
|
256
|
+
], ChangeOwnPasswordPayload.prototype, "password", void 0);
|
|
257
|
+
__decorate([
|
|
258
|
+
(0, swagger_1.ApiPropertyOptional)(),
|
|
259
|
+
(0, class_validator_1.IsOptional)(),
|
|
260
|
+
(0, class_validator_1.IsString)(),
|
|
261
|
+
(0, class_validator_1.Matches)(/^\d{6}$/),
|
|
262
|
+
__metadata("design:type", String)
|
|
263
|
+
], ChangeOwnPasswordPayload.prototype, "totp", void 0);
|
|
184
264
|
class PasswordResetFinalize2faPayload {
|
|
185
265
|
tenant;
|
|
186
266
|
pre_recovery_token;
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
/** Troca de senha autenticada: com 2FA usa apenas TOTP; sem 2FA usa senha atual. */
|
|
2
|
+
export declare class ChangeOwnPasswordDto {
|
|
3
|
+
current_password?: string;
|
|
4
|
+
totp?: string;
|
|
5
|
+
new_password: string;
|
|
6
|
+
new_password_confirmation: string;
|
|
7
|
+
}
|
|
8
|
+
//# sourceMappingURL=change-own-password.dto.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"change-own-password.dto.d.ts","sourceRoot":"","sources":["../../src/auth/change-own-password.dto.ts"],"names":[],"mappings":"AAIA,oFAAoF;AACpF,qBAAa,oBAAoB;IAM/B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAM1B,IAAI,CAAC,EAAE,MAAM,CAAC;IAMd,YAAY,EAAE,MAAM,CAAC;IASrB,yBAAyB,EAAE,MAAM,CAAC;CACnC"}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.ChangeOwnPasswordDto = void 0;
|
|
13
|
+
const swagger_1 = require("@nestjs/swagger");
|
|
14
|
+
const class_validator_1 = require("class-validator");
|
|
15
|
+
const match_field_decorator_1 = require("./match-field.decorator");
|
|
16
|
+
/** Troca de senha autenticada: com 2FA usa apenas TOTP; sem 2FA usa senha atual. */
|
|
17
|
+
class ChangeOwnPasswordDto {
|
|
18
|
+
current_password;
|
|
19
|
+
totp;
|
|
20
|
+
new_password;
|
|
21
|
+
new_password_confirmation;
|
|
22
|
+
}
|
|
23
|
+
exports.ChangeOwnPasswordDto = ChangeOwnPasswordDto;
|
|
24
|
+
__decorate([
|
|
25
|
+
(0, swagger_1.ApiPropertyOptional)({ description: 'Senha atual (se 2FA desativado)' }),
|
|
26
|
+
(0, class_validator_1.IsOptional)(),
|
|
27
|
+
(0, class_validator_1.IsString)(),
|
|
28
|
+
(0, class_validator_1.MinLength)(1),
|
|
29
|
+
(0, class_validator_1.MaxLength)(255),
|
|
30
|
+
__metadata("design:type", String)
|
|
31
|
+
], ChangeOwnPasswordDto.prototype, "current_password", void 0);
|
|
32
|
+
__decorate([
|
|
33
|
+
(0, swagger_1.ApiPropertyOptional)({ description: 'Código TOTP (se 2FA ativo)' }),
|
|
34
|
+
(0, class_validator_1.IsOptional)(),
|
|
35
|
+
(0, class_validator_1.IsString)(),
|
|
36
|
+
(0, class_validator_1.Matches)(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' }),
|
|
37
|
+
__metadata("design:type", String)
|
|
38
|
+
], ChangeOwnPasswordDto.prototype, "totp", void 0);
|
|
39
|
+
__decorate([
|
|
40
|
+
(0, swagger_1.ApiProperty)({ minLength: 6 }),
|
|
41
|
+
(0, class_validator_1.IsString)(),
|
|
42
|
+
(0, class_validator_1.MinLength)(6, { message: 'new_password deve ter no mínimo 6 caracteres' }),
|
|
43
|
+
(0, class_validator_1.MaxLength)(255),
|
|
44
|
+
__metadata("design:type", String)
|
|
45
|
+
], ChangeOwnPasswordDto.prototype, "new_password", void 0);
|
|
46
|
+
__decorate([
|
|
47
|
+
(0, swagger_1.ApiProperty)({ minLength: 6 }),
|
|
48
|
+
(0, class_validator_1.IsString)(),
|
|
49
|
+
(0, class_validator_1.MinLength)(6, { message: 'new_password_confirmation deve ter no mínimo 6 caracteres' }),
|
|
50
|
+
(0, class_validator_1.MaxLength)(255),
|
|
51
|
+
(0, match_field_decorator_1.MatchField)('new_password', {
|
|
52
|
+
message: 'new_password_confirmation deve ser igual a new_password',
|
|
53
|
+
}),
|
|
54
|
+
__metadata("design:type", String)
|
|
55
|
+
], ChangeOwnPasswordDto.prototype, "new_password_confirmation", void 0);
|
package/dist/auth/index.d.ts
CHANGED
|
@@ -1,11 +1,13 @@
|
|
|
1
1
|
export { LoginDto } from './login.dto';
|
|
2
|
-
export { LoginPayload, Login2faPayload, ValidatePayload, RefreshPayload, GetProfilePayload, RequestPasswordResetPayload, ConfirmPasswordResetPayload, PasswordResetFinalize2faPayload, } from './auth-kafka.payloads';
|
|
2
|
+
export { LoginPayload, Login2faPayload, ValidatePayload, RefreshPayload, GetProfilePayload, RequestPasswordResetPayload, ConfirmPasswordResetPayload, PasswordResetFinalize2faPayload, DeviceSessionsRevokePayload, ChangeOwnPasswordPayload, } from './auth-kafka.payloads';
|
|
3
3
|
export { RefreshTokenDto } from './refresh-token.dto';
|
|
4
4
|
export { RequestPasswordResetDto } from './request-password-reset.dto';
|
|
5
5
|
export { ConfirmPasswordResetDto } from './confirm-password-reset.dto';
|
|
6
6
|
export { RequestPasswordResetResponseDto } from './request-password-reset-response.dto';
|
|
7
7
|
export { PasswordResetFinalize2faDto } from './password-reset-finalize-2fa.dto';
|
|
8
|
+
export { RevokeDeviceSessionDto } from './revoke-device-session.dto';
|
|
9
|
+
export { ChangeOwnPasswordDto } from './change-own-password.dto';
|
|
8
10
|
export { AuthLoginResponseDto } from './auth-login-response.dto';
|
|
9
11
|
export { Login2faDto } from './login-2fa.dto';
|
|
10
|
-
export { TotpSetupConfirmDto, TotpDisableDto, TotpSetupStartResponseDto, } from './totp-user.dto';
|
|
12
|
+
export { TotpSetupConfirmDto, TotpSetupConfirmResponseDto, TotpDisableDto, TotpSetupStartResponseDto, } from './totp-user.dto';
|
|
11
13
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/auth/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EACL,YAAY,EACZ,eAAe,EACf,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,2BAA2B,EAC3B,2BAA2B,EAC3B,+BAA+B,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EACL,YAAY,EACZ,eAAe,EACf,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,2BAA2B,EAC3B,2BAA2B,EAC3B,+BAA+B,EAC/B,2BAA2B,EAC3B,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,+BAA+B,EAAE,MAAM,uCAAuC,CAAC;AACxF,OAAO,EAAE,2BAA2B,EAAE,MAAM,mCAAmC,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,mBAAmB,EACnB,2BAA2B,EAC3B,cAAc,EACd,yBAAyB,GAC1B,MAAM,iBAAiB,CAAC"}
|
package/dist/auth/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.TotpSetupStartResponseDto = exports.TotpDisableDto = exports.TotpSetupConfirmDto = exports.Login2faDto = exports.AuthLoginResponseDto = exports.PasswordResetFinalize2faDto = exports.RequestPasswordResetResponseDto = exports.ConfirmPasswordResetDto = exports.RequestPasswordResetDto = exports.RefreshTokenDto = exports.PasswordResetFinalize2faPayload = exports.ConfirmPasswordResetPayload = exports.RequestPasswordResetPayload = exports.GetProfilePayload = exports.RefreshPayload = exports.ValidatePayload = exports.Login2faPayload = exports.LoginPayload = exports.LoginDto = void 0;
|
|
3
|
+
exports.TotpSetupStartResponseDto = exports.TotpDisableDto = exports.TotpSetupConfirmResponseDto = exports.TotpSetupConfirmDto = exports.Login2faDto = exports.AuthLoginResponseDto = exports.ChangeOwnPasswordDto = exports.RevokeDeviceSessionDto = exports.PasswordResetFinalize2faDto = exports.RequestPasswordResetResponseDto = exports.ConfirmPasswordResetDto = exports.RequestPasswordResetDto = exports.RefreshTokenDto = exports.ChangeOwnPasswordPayload = exports.DeviceSessionsRevokePayload = exports.PasswordResetFinalize2faPayload = exports.ConfirmPasswordResetPayload = exports.RequestPasswordResetPayload = exports.GetProfilePayload = exports.RefreshPayload = exports.ValidatePayload = exports.Login2faPayload = exports.LoginPayload = exports.LoginDto = void 0;
|
|
4
4
|
var login_dto_1 = require("./login.dto");
|
|
5
5
|
Object.defineProperty(exports, "LoginDto", { enumerable: true, get: function () { return login_dto_1.LoginDto; } });
|
|
6
6
|
var auth_kafka_payloads_1 = require("./auth-kafka.payloads");
|
|
@@ -12,6 +12,8 @@ Object.defineProperty(exports, "GetProfilePayload", { enumerable: true, get: fun
|
|
|
12
12
|
Object.defineProperty(exports, "RequestPasswordResetPayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.RequestPasswordResetPayload; } });
|
|
13
13
|
Object.defineProperty(exports, "ConfirmPasswordResetPayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.ConfirmPasswordResetPayload; } });
|
|
14
14
|
Object.defineProperty(exports, "PasswordResetFinalize2faPayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.PasswordResetFinalize2faPayload; } });
|
|
15
|
+
Object.defineProperty(exports, "DeviceSessionsRevokePayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.DeviceSessionsRevokePayload; } });
|
|
16
|
+
Object.defineProperty(exports, "ChangeOwnPasswordPayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.ChangeOwnPasswordPayload; } });
|
|
15
17
|
var refresh_token_dto_1 = require("./refresh-token.dto");
|
|
16
18
|
Object.defineProperty(exports, "RefreshTokenDto", { enumerable: true, get: function () { return refresh_token_dto_1.RefreshTokenDto; } });
|
|
17
19
|
var request_password_reset_dto_1 = require("./request-password-reset.dto");
|
|
@@ -22,11 +24,16 @@ var request_password_reset_response_dto_1 = require("./request-password-reset-re
|
|
|
22
24
|
Object.defineProperty(exports, "RequestPasswordResetResponseDto", { enumerable: true, get: function () { return request_password_reset_response_dto_1.RequestPasswordResetResponseDto; } });
|
|
23
25
|
var password_reset_finalize_2fa_dto_1 = require("./password-reset-finalize-2fa.dto");
|
|
24
26
|
Object.defineProperty(exports, "PasswordResetFinalize2faDto", { enumerable: true, get: function () { return password_reset_finalize_2fa_dto_1.PasswordResetFinalize2faDto; } });
|
|
27
|
+
var revoke_device_session_dto_1 = require("./revoke-device-session.dto");
|
|
28
|
+
Object.defineProperty(exports, "RevokeDeviceSessionDto", { enumerable: true, get: function () { return revoke_device_session_dto_1.RevokeDeviceSessionDto; } });
|
|
29
|
+
var change_own_password_dto_1 = require("./change-own-password.dto");
|
|
30
|
+
Object.defineProperty(exports, "ChangeOwnPasswordDto", { enumerable: true, get: function () { return change_own_password_dto_1.ChangeOwnPasswordDto; } });
|
|
25
31
|
var auth_login_response_dto_1 = require("./auth-login-response.dto");
|
|
26
32
|
Object.defineProperty(exports, "AuthLoginResponseDto", { enumerable: true, get: function () { return auth_login_response_dto_1.AuthLoginResponseDto; } });
|
|
27
33
|
var login_2fa_dto_1 = require("./login-2fa.dto");
|
|
28
34
|
Object.defineProperty(exports, "Login2faDto", { enumerable: true, get: function () { return login_2fa_dto_1.Login2faDto; } });
|
|
29
35
|
var totp_user_dto_1 = require("./totp-user.dto");
|
|
30
36
|
Object.defineProperty(exports, "TotpSetupConfirmDto", { enumerable: true, get: function () { return totp_user_dto_1.TotpSetupConfirmDto; } });
|
|
37
|
+
Object.defineProperty(exports, "TotpSetupConfirmResponseDto", { enumerable: true, get: function () { return totp_user_dto_1.TotpSetupConfirmResponseDto; } });
|
|
31
38
|
Object.defineProperty(exports, "TotpDisableDto", { enumerable: true, get: function () { return totp_user_dto_1.TotpDisableDto; } });
|
|
32
39
|
Object.defineProperty(exports, "TotpSetupStartResponseDto", { enumerable: true, get: function () { return totp_user_dto_1.TotpSetupStartResponseDto; } });
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"revoke-device-session.dto.d.ts","sourceRoot":"","sources":["../../src/auth/revoke-device-session.dto.ts"],"names":[],"mappings":"AAGA,gGAAgG;AAChG,qBAAa,sBAAsB;IAMjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAOlB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.RevokeDeviceSessionDto = void 0;
|
|
13
|
+
const swagger_1 = require("@nestjs/swagger");
|
|
14
|
+
const class_validator_1 = require("class-validator");
|
|
15
|
+
/** Corpo de `POST /device-sessions/:id/revoke` — confirma identidade antes do logout remoto. */
|
|
16
|
+
class RevokeDeviceSessionDto {
|
|
17
|
+
password;
|
|
18
|
+
totp;
|
|
19
|
+
}
|
|
20
|
+
exports.RevokeDeviceSessionDto = RevokeDeviceSessionDto;
|
|
21
|
+
__decorate([
|
|
22
|
+
(0, swagger_1.ApiPropertyOptional)({ description: 'Senha atual (obrigatória se 2FA não estiver ativo)' }),
|
|
23
|
+
(0, class_validator_1.IsOptional)(),
|
|
24
|
+
(0, class_validator_1.IsString)(),
|
|
25
|
+
(0, class_validator_1.MinLength)(1),
|
|
26
|
+
(0, class_validator_1.MaxLength)(255),
|
|
27
|
+
__metadata("design:type", String)
|
|
28
|
+
], RevokeDeviceSessionDto.prototype, "password", void 0);
|
|
29
|
+
__decorate([
|
|
30
|
+
(0, swagger_1.ApiPropertyOptional)({ description: 'Código TOTP de 6 dígitos (obrigatório se 2FA estiver ativo)' }),
|
|
31
|
+
(0, class_validator_1.IsOptional)(),
|
|
32
|
+
(0, class_validator_1.IsString)(),
|
|
33
|
+
(0, class_validator_1.MinLength)(6),
|
|
34
|
+
(0, class_validator_1.MaxLength)(6),
|
|
35
|
+
__metadata("design:type", String)
|
|
36
|
+
], RevokeDeviceSessionDto.prototype, "totp", void 0);
|
|
@@ -1,9 +1,15 @@
|
|
|
1
1
|
export declare class TotpSetupConfirmDto {
|
|
2
2
|
totp: string;
|
|
3
3
|
}
|
|
4
|
+
/** Resposta após confirmar o 2FA: códigos de recuperação mostrados uma única vez. */
|
|
5
|
+
export declare class TotpSetupConfirmResponseDto {
|
|
6
|
+
success: true;
|
|
7
|
+
recovery_codes: string[];
|
|
8
|
+
}
|
|
4
9
|
export declare class TotpDisableDto {
|
|
5
10
|
current_password: string;
|
|
6
|
-
totp
|
|
11
|
+
totp?: string;
|
|
12
|
+
recovery_code?: string;
|
|
7
13
|
}
|
|
8
14
|
export declare class TotpSetupStartResponseDto {
|
|
9
15
|
otpauth_url: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"totp-user.dto.d.ts","sourceRoot":"","sources":["../../src/auth/totp-user.dto.ts"],"names":[],"mappings":"AAGA,qBAAa,mBAAmB;IAI9B,IAAI,EAAE,MAAM,CAAC;CACd;AAED,qBAAa,cAAc;IAIzB,gBAAgB,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"totp-user.dto.d.ts","sourceRoot":"","sources":["../../src/auth/totp-user.dto.ts"],"names":[],"mappings":"AAGA,qBAAa,mBAAmB;IAI9B,IAAI,EAAE,MAAM,CAAC;CACd;AAED,qFAAqF;AACrF,qBAAa,2BAA2B;IAEtC,OAAO,EAAE,IAAI,CAAC;IAOd,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,qBAAa,cAAc;IAIzB,gBAAgB,EAAE,MAAM,CAAC;IASzB,IAAI,CAAC,EAAE,MAAM,CAAC;IAYd,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,qBAAa,yBAAyB;IAEpC,WAAW,EAAE,MAAM,CAAC;IAGpB,aAAa,EAAE,MAAM,CAAC;CACvB"}
|
|
@@ -9,7 +9,7 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
9
9
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.TotpSetupStartResponseDto = exports.TotpDisableDto = exports.TotpSetupConfirmDto = void 0;
|
|
12
|
+
exports.TotpSetupStartResponseDto = exports.TotpDisableDto = exports.TotpSetupConfirmResponseDto = exports.TotpSetupConfirmDto = void 0;
|
|
13
13
|
const swagger_1 = require("@nestjs/swagger");
|
|
14
14
|
const class_validator_1 = require("class-validator");
|
|
15
15
|
class TotpSetupConfirmDto {
|
|
@@ -22,9 +22,27 @@ __decorate([
|
|
|
22
22
|
(0, class_validator_1.Matches)(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' }),
|
|
23
23
|
__metadata("design:type", String)
|
|
24
24
|
], TotpSetupConfirmDto.prototype, "totp", void 0);
|
|
25
|
+
/** Resposta após confirmar o 2FA: códigos de recuperação mostrados uma única vez. */
|
|
26
|
+
class TotpSetupConfirmResponseDto {
|
|
27
|
+
success;
|
|
28
|
+
recovery_codes;
|
|
29
|
+
}
|
|
30
|
+
exports.TotpSetupConfirmResponseDto = TotpSetupConfirmResponseDto;
|
|
31
|
+
__decorate([
|
|
32
|
+
(0, swagger_1.ApiProperty)({ description: 'Confirmação de sucesso' }),
|
|
33
|
+
__metadata("design:type", Boolean)
|
|
34
|
+
], TotpSetupConfirmResponseDto.prototype, "success", void 0);
|
|
35
|
+
__decorate([
|
|
36
|
+
(0, swagger_1.ApiProperty)({
|
|
37
|
+
type: [String],
|
|
38
|
+
description: 'Seis códigos de recuperação (hex, 10 caracteres). Guardar em local seguro; não serão repetidos pela API.',
|
|
39
|
+
}),
|
|
40
|
+
__metadata("design:type", Array)
|
|
41
|
+
], TotpSetupConfirmResponseDto.prototype, "recovery_codes", void 0);
|
|
25
42
|
class TotpDisableDto {
|
|
26
43
|
current_password;
|
|
27
44
|
totp;
|
|
45
|
+
recovery_code;
|
|
28
46
|
}
|
|
29
47
|
exports.TotpDisableDto = TotpDisableDto;
|
|
30
48
|
__decorate([
|
|
@@ -34,11 +52,27 @@ __decorate([
|
|
|
34
52
|
__metadata("design:type", String)
|
|
35
53
|
], TotpDisableDto.prototype, "current_password", void 0);
|
|
36
54
|
__decorate([
|
|
37
|
-
(0, swagger_1.ApiProperty)({
|
|
55
|
+
(0, swagger_1.ApiProperty)({
|
|
56
|
+
required: false,
|
|
57
|
+
description: 'Código TOTP atual de 6 dígitos (obrigatório se não enviar recovery_code)',
|
|
58
|
+
}),
|
|
59
|
+
(0, class_validator_1.ValidateIf)((o) => o.recovery_code == null || String(o.recovery_code).trim() === ''),
|
|
38
60
|
(0, class_validator_1.IsString)(),
|
|
39
61
|
(0, class_validator_1.Matches)(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' }),
|
|
40
62
|
__metadata("design:type", String)
|
|
41
63
|
], TotpDisableDto.prototype, "totp", void 0);
|
|
64
|
+
__decorate([
|
|
65
|
+
(0, swagger_1.ApiProperty)({
|
|
66
|
+
required: false,
|
|
67
|
+
description: 'Um dos códigos de recuperação gerados na ativação (obrigatório se não enviar totp)',
|
|
68
|
+
}),
|
|
69
|
+
(0, class_validator_1.ValidateIf)((o) => o.totp == null || String(o.totp).trim() === ''),
|
|
70
|
+
(0, class_validator_1.IsString)(),
|
|
71
|
+
(0, class_validator_1.MinLength)(10, { message: 'recovery_code inválido' }),
|
|
72
|
+
(0, class_validator_1.MaxLength)(64, { message: 'recovery_code inválido' }),
|
|
73
|
+
(0, class_validator_1.Matches)(/^[a-fA-F0-9\s-]+$/, { message: 'recovery_code inválido' }),
|
|
74
|
+
__metadata("design:type", String)
|
|
75
|
+
], TotpDisableDto.prototype, "recovery_code", void 0);
|
|
42
76
|
class TotpSetupStartResponseDto {
|
|
43
77
|
otpauth_url;
|
|
44
78
|
secret_base32;
|
package/package.json
CHANGED
|
@@ -135,6 +135,64 @@ export class ConfirmPasswordResetPayload {
|
|
|
135
135
|
}
|
|
136
136
|
|
|
137
137
|
/** Conclui reset de senha com 2FA (RMQ/Kafka → auth-service). */
|
|
138
|
+
export class DeviceSessionsRevokePayload {
|
|
139
|
+
@ApiProperty({ description: 'ID do tenant', example: 'tenant1' })
|
|
140
|
+
@IsString()
|
|
141
|
+
@MinLength(1, { message: 'tenant não pode ser vazio' })
|
|
142
|
+
@MaxLength(255)
|
|
143
|
+
tenant: string;
|
|
144
|
+
|
|
145
|
+
@ApiProperty({ format: 'uuid' })
|
|
146
|
+
@IsUUID('4', { message: 'userId deve ser um UUID válido' })
|
|
147
|
+
userId: string;
|
|
148
|
+
|
|
149
|
+
@ApiProperty({ format: 'uuid' })
|
|
150
|
+
@IsUUID('4', { message: 'sessionId deve ser um UUID válido' })
|
|
151
|
+
sessionId: string;
|
|
152
|
+
|
|
153
|
+
@ApiPropertyOptional()
|
|
154
|
+
@IsOptional()
|
|
155
|
+
@IsString()
|
|
156
|
+
@MaxLength(255)
|
|
157
|
+
password?: string;
|
|
158
|
+
|
|
159
|
+
@ApiPropertyOptional()
|
|
160
|
+
@IsOptional()
|
|
161
|
+
@IsString()
|
|
162
|
+
@Matches(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' })
|
|
163
|
+
totp?: string;
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
export class ChangeOwnPasswordPayload {
|
|
167
|
+
@ApiProperty({ description: 'ID do tenant', example: 'tenant1' })
|
|
168
|
+
@IsString()
|
|
169
|
+
@MinLength(1, { message: 'tenant não pode ser vazio' })
|
|
170
|
+
@MaxLength(255)
|
|
171
|
+
tenant: string;
|
|
172
|
+
|
|
173
|
+
@ApiProperty({ format: 'uuid' })
|
|
174
|
+
@IsUUID('4')
|
|
175
|
+
userId: string;
|
|
176
|
+
|
|
177
|
+
@ApiProperty({ minLength: 6 })
|
|
178
|
+
@IsString()
|
|
179
|
+
@MinLength(6)
|
|
180
|
+
@MaxLength(255)
|
|
181
|
+
new_password: string;
|
|
182
|
+
|
|
183
|
+
@ApiPropertyOptional()
|
|
184
|
+
@IsOptional()
|
|
185
|
+
@IsString()
|
|
186
|
+
@MaxLength(255)
|
|
187
|
+
password?: string;
|
|
188
|
+
|
|
189
|
+
@ApiPropertyOptional()
|
|
190
|
+
@IsOptional()
|
|
191
|
+
@IsString()
|
|
192
|
+
@Matches(/^\d{6}$/)
|
|
193
|
+
totp?: string;
|
|
194
|
+
}
|
|
195
|
+
|
|
138
196
|
export class PasswordResetFinalize2faPayload {
|
|
139
197
|
@ApiProperty({ description: 'ID do tenant', example: 'tenant1' })
|
|
140
198
|
@IsString()
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
|
|
2
|
+
import { IsOptional, IsString, Matches, MaxLength, MinLength } from 'class-validator';
|
|
3
|
+
import { MatchField } from './match-field.decorator';
|
|
4
|
+
|
|
5
|
+
/** Troca de senha autenticada: com 2FA usa apenas TOTP; sem 2FA usa senha atual. */
|
|
6
|
+
export class ChangeOwnPasswordDto {
|
|
7
|
+
@ApiPropertyOptional({ description: 'Senha atual (se 2FA desativado)' })
|
|
8
|
+
@IsOptional()
|
|
9
|
+
@IsString()
|
|
10
|
+
@MinLength(1)
|
|
11
|
+
@MaxLength(255)
|
|
12
|
+
current_password?: string;
|
|
13
|
+
|
|
14
|
+
@ApiPropertyOptional({ description: 'Código TOTP (se 2FA ativo)' })
|
|
15
|
+
@IsOptional()
|
|
16
|
+
@IsString()
|
|
17
|
+
@Matches(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' })
|
|
18
|
+
totp?: string;
|
|
19
|
+
|
|
20
|
+
@ApiProperty({ minLength: 6 })
|
|
21
|
+
@IsString()
|
|
22
|
+
@MinLength(6, { message: 'new_password deve ter no mínimo 6 caracteres' })
|
|
23
|
+
@MaxLength(255)
|
|
24
|
+
new_password: string;
|
|
25
|
+
|
|
26
|
+
@ApiProperty({ minLength: 6 })
|
|
27
|
+
@IsString()
|
|
28
|
+
@MinLength(6, { message: 'new_password_confirmation deve ter no mínimo 6 caracteres' })
|
|
29
|
+
@MaxLength(255)
|
|
30
|
+
@MatchField('new_password', {
|
|
31
|
+
message: 'new_password_confirmation deve ser igual a new_password',
|
|
32
|
+
})
|
|
33
|
+
new_password_confirmation: string;
|
|
34
|
+
}
|
package/src/auth/index.ts
CHANGED
|
@@ -8,16 +8,21 @@ export {
|
|
|
8
8
|
RequestPasswordResetPayload,
|
|
9
9
|
ConfirmPasswordResetPayload,
|
|
10
10
|
PasswordResetFinalize2faPayload,
|
|
11
|
+
DeviceSessionsRevokePayload,
|
|
12
|
+
ChangeOwnPasswordPayload,
|
|
11
13
|
} from './auth-kafka.payloads';
|
|
12
14
|
export { RefreshTokenDto } from './refresh-token.dto';
|
|
13
15
|
export { RequestPasswordResetDto } from './request-password-reset.dto';
|
|
14
16
|
export { ConfirmPasswordResetDto } from './confirm-password-reset.dto';
|
|
15
17
|
export { RequestPasswordResetResponseDto } from './request-password-reset-response.dto';
|
|
16
18
|
export { PasswordResetFinalize2faDto } from './password-reset-finalize-2fa.dto';
|
|
19
|
+
export { RevokeDeviceSessionDto } from './revoke-device-session.dto';
|
|
20
|
+
export { ChangeOwnPasswordDto } from './change-own-password.dto';
|
|
17
21
|
export { AuthLoginResponseDto } from './auth-login-response.dto';
|
|
18
22
|
export { Login2faDto } from './login-2fa.dto';
|
|
19
23
|
export {
|
|
20
24
|
TotpSetupConfirmDto,
|
|
25
|
+
TotpSetupConfirmResponseDto,
|
|
21
26
|
TotpDisableDto,
|
|
22
27
|
TotpSetupStartResponseDto,
|
|
23
28
|
} from './totp-user.dto';
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { ApiPropertyOptional } from '@nestjs/swagger';
|
|
2
|
+
import { IsOptional, IsString, MaxLength, MinLength } from 'class-validator';
|
|
3
|
+
|
|
4
|
+
/** Corpo de `POST /device-sessions/:id/revoke` — confirma identidade antes do logout remoto. */
|
|
5
|
+
export class RevokeDeviceSessionDto {
|
|
6
|
+
@ApiPropertyOptional({ description: 'Senha atual (obrigatória se 2FA não estiver ativo)' })
|
|
7
|
+
@IsOptional()
|
|
8
|
+
@IsString()
|
|
9
|
+
@MinLength(1)
|
|
10
|
+
@MaxLength(255)
|
|
11
|
+
password?: string;
|
|
12
|
+
|
|
13
|
+
@ApiPropertyOptional({ description: 'Código TOTP de 6 dígitos (obrigatório se 2FA estiver ativo)' })
|
|
14
|
+
@IsOptional()
|
|
15
|
+
@IsString()
|
|
16
|
+
@MinLength(6)
|
|
17
|
+
@MaxLength(6)
|
|
18
|
+
totp?: string;
|
|
19
|
+
}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { ApiProperty } from '@nestjs/swagger';
|
|
2
|
-
import { IsString, Matches, MinLength } from 'class-validator';
|
|
2
|
+
import { IsString, Matches, MaxLength, MinLength, ValidateIf } from 'class-validator';
|
|
3
3
|
|
|
4
4
|
export class TotpSetupConfirmDto {
|
|
5
5
|
@ApiProperty({ description: 'Código TOTP de 6 dígitos para confirmar o pareamento' })
|
|
@@ -8,16 +8,45 @@ export class TotpSetupConfirmDto {
|
|
|
8
8
|
totp: string;
|
|
9
9
|
}
|
|
10
10
|
|
|
11
|
+
/** Resposta após confirmar o 2FA: códigos de recuperação mostrados uma única vez. */
|
|
12
|
+
export class TotpSetupConfirmResponseDto {
|
|
13
|
+
@ApiProperty({ description: 'Confirmação de sucesso' })
|
|
14
|
+
success: true;
|
|
15
|
+
|
|
16
|
+
@ApiProperty({
|
|
17
|
+
type: [String],
|
|
18
|
+
description:
|
|
19
|
+
'Seis códigos de recuperação (hex, 10 caracteres). Guardar em local seguro; não serão repetidos pela API.',
|
|
20
|
+
})
|
|
21
|
+
recovery_codes: string[];
|
|
22
|
+
}
|
|
23
|
+
|
|
11
24
|
export class TotpDisableDto {
|
|
12
25
|
@ApiProperty({ description: 'Senha atual do utilizador' })
|
|
13
26
|
@IsString()
|
|
14
27
|
@MinLength(1, { message: 'current_password não pode ser vazio' })
|
|
15
28
|
current_password: string;
|
|
16
29
|
|
|
17
|
-
@ApiProperty({
|
|
30
|
+
@ApiProperty({
|
|
31
|
+
required: false,
|
|
32
|
+
description: 'Código TOTP atual de 6 dígitos (obrigatório se não enviar recovery_code)',
|
|
33
|
+
})
|
|
34
|
+
@ValidateIf((o) => o.recovery_code == null || String(o.recovery_code).trim() === '')
|
|
18
35
|
@IsString()
|
|
19
36
|
@Matches(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' })
|
|
20
|
-
totp
|
|
37
|
+
totp?: string;
|
|
38
|
+
|
|
39
|
+
@ApiProperty({
|
|
40
|
+
required: false,
|
|
41
|
+
description:
|
|
42
|
+
'Um dos códigos de recuperação gerados na ativação (obrigatório se não enviar totp)',
|
|
43
|
+
})
|
|
44
|
+
@ValidateIf((o) => o.totp == null || String(o.totp).trim() === '')
|
|
45
|
+
@IsString()
|
|
46
|
+
@MinLength(10, { message: 'recovery_code inválido' })
|
|
47
|
+
@MaxLength(64, { message: 'recovery_code inválido' })
|
|
48
|
+
@Matches(/^[a-fA-F0-9\s-]+$/, { message: 'recovery_code inválido' })
|
|
49
|
+
recovery_code?: string;
|
|
21
50
|
}
|
|
22
51
|
|
|
23
52
|
export class TotpSetupStartResponseDto {
|