tychat-contracts 1.5.3 → 1.6.0

package/dist/auth/auth-kafka.payloads.d.ts

@@ -35,6 +35,20 @@ export declare class ConfirmPasswordResetPayload {
     password: string;
 }
 /** Conclui reset de senha com 2FA (RMQ/Kafka → auth-service). */
+export declare class DeviceSessionsRevokePayload {
+    tenant: string;
+    userId: string;
+    sessionId: string;
+    password?: string;
+    totp?: string;
+}
+export declare class ChangeOwnPasswordPayload {
+    tenant: string;
+    userId: string;
+    new_password: string;
+    password?: string;
+    totp?: string;
+}
 export declare class PasswordResetFinalize2faPayload {
     tenant: string;
     pre_recovery_token: string;

package/dist/auth/auth-kafka.payloads.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-kafka.payloads.d.ts","sourceRoot":"","sources":["../../src/auth/auth-kafka.payloads.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEtD,qBAAa,YAAa,SAAQ,QAAQ;IAKxC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,+EAA+E;AAC/E,qBAAa,eAAe;IAK1B,MAAM,EAAE,MAAM,CAAC;IAKf,cAAc,EAAE,MAAM,CAAC;IAKvB,IAAI,EAAE,MAAM,CAAC;IAMb,WAAW,CAAC,EAAE,MAAM,CAAC;IAKrB,WAAW,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,KAAK,CAAC;IAMvC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAM3B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,qBAAa,eAAe;IAK1B,MAAM,EAAE,MAAM,CAAC;IAMf,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,cAAe,SAAQ,eAAe;IAKjD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,2FAA2F;AAC3F,qBAAa,iBAAiB;IAK5B,MAAM,EAAE,MAAM,CAAC;IAQf,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,2BAA2B;IAKtC,MAAM,EAAE,MAAM,CAAC;IAMf,KAAK,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,2BAA2B;IAKtC,MAAM,EAAE,MAAM,CAAC;IAMf,YAAY,EAAE,MAAM,CAAC;IAMrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,iEAAiE;AACjE,qBAAa,+BAA+B;IAK1C,MAAM,EAAE,MAAM,CAAC;IAMf,kBAAkB,EAAE,MAAM,CAAC;IAK3B,IAAI,EAAE,MAAM,CAAC;IAMb,QAAQ,EAAE,MAAM,CAAC;CAClB"}
+{"version":3,"file":"auth-kafka.payloads.d.ts","sourceRoot":"","sources":["../../src/auth/auth-kafka.payloads.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEtD,qBAAa,YAAa,SAAQ,QAAQ;IAKxC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,+EAA+E;AAC/E,qBAAa,eAAe;IAK1B,MAAM,EAAE,MAAM,CAAC;IAKf,cAAc,EAAE,MAAM,CAAC;IAKvB,IAAI,EAAE,MAAM,CAAC;IAMb,WAAW,CAAC,EAAE,MAAM,CAAC;IAKrB,WAAW,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,KAAK,CAAC;IAMvC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAM3B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,qBAAa,eAAe;IAK1B,MAAM,EAAE,MAAM,CAAC;IAMf,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,cAAe,SAAQ,eAAe;IAKjD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,2FAA2F;AAC3F,qBAAa,iBAAiB;IAK5B,MAAM,EAAE,MAAM,CAAC;IAQf,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,2BAA2B;IAKtC,MAAM,EAAE,MAAM,CAAC;IAMf,KAAK,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,2BAA2B;IAKtC,MAAM,EAAE,MAAM,CAAC;IAMf,YAAY,EAAE,MAAM,CAAC;IAMrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,iEAAiE;AACjE,qBAAa,2BAA2B;IAKtC,MAAM,EAAE,MAAM,CAAC;IAIf,MAAM,EAAE,MAAM,CAAC;IAIf,SAAS,EAAE,MAAM,CAAC;IAMlB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAMlB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,wBAAwB;IAKnC,MAAM,EAAE,MAAM,CAAC;IAIf,MAAM,EAAE,MAAM,CAAC;IAMf,YAAY,EAAE,MAAM,CAAC;IAMrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAMlB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,+BAA+B;IAK1C,MAAM,EAAE,MAAM,CAAC;IAMf,kBAAkB,EAAE,MAAM,CAAC;IAK3B,IAAI,EAAE,MAAM,CAAC;IAMb,QAAQ,EAAE,MAAM,CAAC;CAClB"}

package/dist/auth/auth-kafka.payloads.js

@@ -9,7 +9,7 @@ var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.PasswordResetFinalize2faPayload = exports.ConfirmPasswordResetPayload = exports.RequestPasswordResetPayload = exports.GetProfilePayload = exports.RefreshPayload = exports.ValidatePayload = exports.Login2faPayload = exports.LoginPayload = void 0;
+exports.PasswordResetFinalize2faPayload = exports.ChangeOwnPasswordPayload = exports.DeviceSessionsRevokePayload = exports.ConfirmPasswordResetPayload = exports.RequestPasswordResetPayload = exports.GetProfilePayload = exports.RefreshPayload = exports.ValidatePayload = exports.Login2faPayload = exports.LoginPayload = void 0;
 const swagger_1 = require("@nestjs/swagger");
 const class_validator_1 = require("class-validator");
 const login_dto_1 = require("./login.dto");
@@ -181,6 +181,86 @@ __decorate([
     __metadata("design:type", String)
 ], ConfirmPasswordResetPayload.prototype, "password", void 0);
 /** Conclui reset de senha com 2FA (RMQ/Kafka → auth-service). */
+class DeviceSessionsRevokePayload {
+    tenant;
+    userId;
+    sessionId;
+    password;
+    totp;
+}
+exports.DeviceSessionsRevokePayload = DeviceSessionsRevokePayload;
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'ID do tenant', example: 'tenant1' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(1, { message: 'tenant não pode ser vazio' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], DeviceSessionsRevokePayload.prototype, "tenant", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ format: 'uuid' }),
+    (0, class_validator_1.IsUUID)('4', { message: 'userId deve ser um UUID válido' }),
+    __metadata("design:type", String)
+], DeviceSessionsRevokePayload.prototype, "userId", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ format: 'uuid' }),
+    (0, class_validator_1.IsUUID)('4', { message: 'sessionId deve ser um UUID válido' }),
+    __metadata("design:type", String)
+], DeviceSessionsRevokePayload.prototype, "sessionId", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)(),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], DeviceSessionsRevokePayload.prototype, "password", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)(),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.Matches)(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' }),
+    __metadata("design:type", String)
+], DeviceSessionsRevokePayload.prototype, "totp", void 0);
+class ChangeOwnPasswordPayload {
+    tenant;
+    userId;
+    new_password;
+    password;
+    totp;
+}
+exports.ChangeOwnPasswordPayload = ChangeOwnPasswordPayload;
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'ID do tenant', example: 'tenant1' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(1, { message: 'tenant não pode ser vazio' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], ChangeOwnPasswordPayload.prototype, "tenant", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ format: 'uuid' }),
+    (0, class_validator_1.IsUUID)('4'),
+    __metadata("design:type", String)
+], ChangeOwnPasswordPayload.prototype, "userId", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ minLength: 6 }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(6),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], ChangeOwnPasswordPayload.prototype, "new_password", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)(),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], ChangeOwnPasswordPayload.prototype, "password", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)(),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.Matches)(/^\d{6}$/),
+    __metadata("design:type", String)
+], ChangeOwnPasswordPayload.prototype, "totp", void 0);
 class PasswordResetFinalize2faPayload {
     tenant;
     pre_recovery_token;

package/dist/auth/change-own-password.dto.d.ts

@@ -0,0 +1,8 @@
+/** Troca de senha autenticada: com 2FA usa apenas TOTP; sem 2FA usa senha atual. */
+export declare class ChangeOwnPasswordDto {
+    current_password?: string;
+    totp?: string;
+    new_password: string;
+    new_password_confirmation: string;
+}
+//# sourceMappingURL=change-own-password.dto.d.ts.map

package/dist/auth/change-own-password.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"change-own-password.dto.d.ts","sourceRoot":"","sources":["../../src/auth/change-own-password.dto.ts"],"names":[],"mappings":"AAIA,oFAAoF;AACpF,qBAAa,oBAAoB;IAM/B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAM1B,IAAI,CAAC,EAAE,MAAM,CAAC;IAMd,YAAY,EAAE,MAAM,CAAC;IASrB,yBAAyB,EAAE,MAAM,CAAC;CACnC"}

package/dist/auth/change-own-password.dto.js

@@ -0,0 +1,55 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChangeOwnPasswordDto = void 0;
+const swagger_1 = require("@nestjs/swagger");
+const class_validator_1 = require("class-validator");
+const match_field_decorator_1 = require("./match-field.decorator");
+/** Troca de senha autenticada: com 2FA usa apenas TOTP; sem 2FA usa senha atual. */
+class ChangeOwnPasswordDto {
+    current_password;
+    totp;
+    new_password;
+    new_password_confirmation;
+}
+exports.ChangeOwnPasswordDto = ChangeOwnPasswordDto;
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({ description: 'Senha atual (se 2FA desativado)' }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(1),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], ChangeOwnPasswordDto.prototype, "current_password", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({ description: 'Código TOTP (se 2FA ativo)' }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.Matches)(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' }),
+    __metadata("design:type", String)
+], ChangeOwnPasswordDto.prototype, "totp", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ minLength: 6 }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(6, { message: 'new_password deve ter no mínimo 6 caracteres' }),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], ChangeOwnPasswordDto.prototype, "new_password", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ minLength: 6 }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(6, { message: 'new_password_confirmation deve ter no mínimo 6 caracteres' }),
+    (0, class_validator_1.MaxLength)(255),
+    (0, match_field_decorator_1.MatchField)('new_password', {
+        message: 'new_password_confirmation deve ser igual a new_password',
+    }),
+    __metadata("design:type", String)
+], ChangeOwnPasswordDto.prototype, "new_password_confirmation", void 0);

package/dist/auth/index.d.ts

@@ -1,10 +1,12 @@
 export { LoginDto } from './login.dto';
-export { LoginPayload, Login2faPayload, ValidatePayload, RefreshPayload, GetProfilePayload, RequestPasswordResetPayload, ConfirmPasswordResetPayload, PasswordResetFinalize2faPayload, } from './auth-kafka.payloads';
+export { LoginPayload, Login2faPayload, ValidatePayload, RefreshPayload, GetProfilePayload, RequestPasswordResetPayload, ConfirmPasswordResetPayload, PasswordResetFinalize2faPayload, DeviceSessionsRevokePayload, ChangeOwnPasswordPayload, } from './auth-kafka.payloads';
 export { RefreshTokenDto } from './refresh-token.dto';
 export { RequestPasswordResetDto } from './request-password-reset.dto';
 export { ConfirmPasswordResetDto } from './confirm-password-reset.dto';
 export { RequestPasswordResetResponseDto } from './request-password-reset-response.dto';
 export { PasswordResetFinalize2faDto } from './password-reset-finalize-2fa.dto';
+export { RevokeDeviceSessionDto } from './revoke-device-session.dto';
+export { ChangeOwnPasswordDto } from './change-own-password.dto';
 export { AuthLoginResponseDto } from './auth-login-response.dto';
 export { Login2faDto } from './login-2fa.dto';
 export { TotpSetupConfirmDto, TotpSetupConfirmResponseDto, TotpDisableDto, TotpSetupStartResponseDto, } from './totp-user.dto';

package/dist/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EACL,YAAY,EACZ,eAAe,EACf,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,2BAA2B,EAC3B,2BAA2B,EAC3B,+BAA+B,GAChC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,+BAA+B,EAAE,MAAM,uCAAuC,CAAC;AACxF,OAAO,EAAE,2BAA2B,EAAE,MAAM,mCAAmC,CAAC;AAChF,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,mBAAmB,EACnB,2BAA2B,EAC3B,cAAc,EACd,yBAAyB,GAC1B,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EACL,YAAY,EACZ,eAAe,EACf,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,2BAA2B,EAC3B,2BAA2B,EAC3B,+BAA+B,EAC/B,2BAA2B,EAC3B,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,+BAA+B,EAAE,MAAM,uCAAuC,CAAC;AACxF,OAAO,EAAE,2BAA2B,EAAE,MAAM,mCAAmC,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,mBAAmB,EACnB,2BAA2B,EAC3B,cAAc,EACd,yBAAyB,GAC1B,MAAM,iBAAiB,CAAC"}

package/dist/auth/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.TotpSetupStartResponseDto = exports.TotpDisableDto = exports.TotpSetupConfirmResponseDto = exports.TotpSetupConfirmDto = exports.Login2faDto = exports.AuthLoginResponseDto = exports.PasswordResetFinalize2faDto = exports.RequestPasswordResetResponseDto = exports.ConfirmPasswordResetDto = exports.RequestPasswordResetDto = exports.RefreshTokenDto = exports.PasswordResetFinalize2faPayload = exports.ConfirmPasswordResetPayload = exports.RequestPasswordResetPayload = exports.GetProfilePayload = exports.RefreshPayload = exports.ValidatePayload = exports.Login2faPayload = exports.LoginPayload = exports.LoginDto = void 0;
+exports.TotpSetupStartResponseDto = exports.TotpDisableDto = exports.TotpSetupConfirmResponseDto = exports.TotpSetupConfirmDto = exports.Login2faDto = exports.AuthLoginResponseDto = exports.ChangeOwnPasswordDto = exports.RevokeDeviceSessionDto = exports.PasswordResetFinalize2faDto = exports.RequestPasswordResetResponseDto = exports.ConfirmPasswordResetDto = exports.RequestPasswordResetDto = exports.RefreshTokenDto = exports.ChangeOwnPasswordPayload = exports.DeviceSessionsRevokePayload = exports.PasswordResetFinalize2faPayload = exports.ConfirmPasswordResetPayload = exports.RequestPasswordResetPayload = exports.GetProfilePayload = exports.RefreshPayload = exports.ValidatePayload = exports.Login2faPayload = exports.LoginPayload = exports.LoginDto = void 0;
 var login_dto_1 = require("./login.dto");
 Object.defineProperty(exports, "LoginDto", { enumerable: true, get: function () { return login_dto_1.LoginDto; } });
 var auth_kafka_payloads_1 = require("./auth-kafka.payloads");
@@ -12,6 +12,8 @@ Object.defineProperty(exports, "GetProfilePayload", { enumerable: true, get: fun
 Object.defineProperty(exports, "RequestPasswordResetPayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.RequestPasswordResetPayload; } });
 Object.defineProperty(exports, "ConfirmPasswordResetPayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.ConfirmPasswordResetPayload; } });
 Object.defineProperty(exports, "PasswordResetFinalize2faPayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.PasswordResetFinalize2faPayload; } });
+Object.defineProperty(exports, "DeviceSessionsRevokePayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.DeviceSessionsRevokePayload; } });
+Object.defineProperty(exports, "ChangeOwnPasswordPayload", { enumerable: true, get: function () { return auth_kafka_payloads_1.ChangeOwnPasswordPayload; } });
 var refresh_token_dto_1 = require("./refresh-token.dto");
 Object.defineProperty(exports, "RefreshTokenDto", { enumerable: true, get: function () { return refresh_token_dto_1.RefreshTokenDto; } });
 var request_password_reset_dto_1 = require("./request-password-reset.dto");
@@ -22,6 +24,10 @@ var request_password_reset_response_dto_1 = require("./request-password-reset-re
 Object.defineProperty(exports, "RequestPasswordResetResponseDto", { enumerable: true, get: function () { return request_password_reset_response_dto_1.RequestPasswordResetResponseDto; } });
 var password_reset_finalize_2fa_dto_1 = require("./password-reset-finalize-2fa.dto");
 Object.defineProperty(exports, "PasswordResetFinalize2faDto", { enumerable: true, get: function () { return password_reset_finalize_2fa_dto_1.PasswordResetFinalize2faDto; } });
+var revoke_device_session_dto_1 = require("./revoke-device-session.dto");
+Object.defineProperty(exports, "RevokeDeviceSessionDto", { enumerable: true, get: function () { return revoke_device_session_dto_1.RevokeDeviceSessionDto; } });
+var change_own_password_dto_1 = require("./change-own-password.dto");
+Object.defineProperty(exports, "ChangeOwnPasswordDto", { enumerable: true, get: function () { return change_own_password_dto_1.ChangeOwnPasswordDto; } });
 var auth_login_response_dto_1 = require("./auth-login-response.dto");
 Object.defineProperty(exports, "AuthLoginResponseDto", { enumerable: true, get: function () { return auth_login_response_dto_1.AuthLoginResponseDto; } });
 var login_2fa_dto_1 = require("./login-2fa.dto");

package/dist/auth/revoke-device-session.dto.d.ts

@@ -0,0 +1,6 @@
+/** Corpo de `POST /device-sessions/:id/revoke` — confirma identidade antes do logout remoto. */
+export declare class RevokeDeviceSessionDto {
+    password?: string;
+    totp?: string;
+}
+//# sourceMappingURL=revoke-device-session.dto.d.ts.map

package/dist/auth/revoke-device-session.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"revoke-device-session.dto.d.ts","sourceRoot":"","sources":["../../src/auth/revoke-device-session.dto.ts"],"names":[],"mappings":"AAGA,gGAAgG;AAChG,qBAAa,sBAAsB;IAMjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAOlB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf"}

package/dist/auth/revoke-device-session.dto.js

@@ -0,0 +1,36 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RevokeDeviceSessionDto = void 0;
+const swagger_1 = require("@nestjs/swagger");
+const class_validator_1 = require("class-validator");
+/** Corpo de `POST /device-sessions/:id/revoke` — confirma identidade antes do logout remoto. */
+class RevokeDeviceSessionDto {
+    password;
+    totp;
+}
+exports.RevokeDeviceSessionDto = RevokeDeviceSessionDto;
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({ description: 'Senha atual (obrigatória se 2FA não estiver ativo)' }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(1),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], RevokeDeviceSessionDto.prototype, "password", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({ description: 'Código TOTP de 6 dígitos (obrigatório se 2FA estiver ativo)' }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(6),
+    (0, class_validator_1.MaxLength)(6),
+    __metadata("design:type", String)
+], RevokeDeviceSessionDto.prototype, "totp", void 0);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tychat-contracts",
-  "version": "1.5.3",
+  "version": "1.6.0",
   "description": "DTOs compartilhados com class-validator (API e microserviços)",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/auth/auth-kafka.payloads.ts

@@ -135,6 +135,64 @@ export class ConfirmPasswordResetPayload {
 }
 
 /** Conclui reset de senha com 2FA (RMQ/Kafka → auth-service). */
+export class DeviceSessionsRevokePayload {
+  @ApiProperty({ description: 'ID do tenant', example: 'tenant1' })
+  @IsString()
+  @MinLength(1, { message: 'tenant não pode ser vazio' })
+  @MaxLength(255)
+  tenant: string;
+
+  @ApiProperty({ format: 'uuid' })
+  @IsUUID('4', { message: 'userId deve ser um UUID válido' })
+  userId: string;
+
+  @ApiProperty({ format: 'uuid' })
+  @IsUUID('4', { message: 'sessionId deve ser um UUID válido' })
+  sessionId: string;
+
+  @ApiPropertyOptional()
+  @IsOptional()
+  @IsString()
+  @MaxLength(255)
+  password?: string;
+
+  @ApiPropertyOptional()
+  @IsOptional()
+  @IsString()
+  @Matches(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' })
+  totp?: string;
+}
+
+export class ChangeOwnPasswordPayload {
+  @ApiProperty({ description: 'ID do tenant', example: 'tenant1' })
+  @IsString()
+  @MinLength(1, { message: 'tenant não pode ser vazio' })
+  @MaxLength(255)
+  tenant: string;
+
+  @ApiProperty({ format: 'uuid' })
+  @IsUUID('4')
+  userId: string;
+
+  @ApiProperty({ minLength: 6 })
+  @IsString()
+  @MinLength(6)
+  @MaxLength(255)
+  new_password: string;
+
+  @ApiPropertyOptional()
+  @IsOptional()
+  @IsString()
+  @MaxLength(255)
+  password?: string;
+
+  @ApiPropertyOptional()
+  @IsOptional()
+  @IsString()
+  @Matches(/^\d{6}$/)
+  totp?: string;
+}
+
 export class PasswordResetFinalize2faPayload {
   @ApiProperty({ description: 'ID do tenant', example: 'tenant1' })
   @IsString()

package/src/auth/change-own-password.dto.ts

@@ -0,0 +1,34 @@
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+import { IsOptional, IsString, Matches, MaxLength, MinLength } from 'class-validator';
+import { MatchField } from './match-field.decorator';
+
+/** Troca de senha autenticada: com 2FA usa apenas TOTP; sem 2FA usa senha atual. */
+export class ChangeOwnPasswordDto {
+  @ApiPropertyOptional({ description: 'Senha atual (se 2FA desativado)' })
+  @IsOptional()
+  @IsString()
+  @MinLength(1)
+  @MaxLength(255)
+  current_password?: string;
+
+  @ApiPropertyOptional({ description: 'Código TOTP (se 2FA ativo)' })
+  @IsOptional()
+  @IsString()
+  @Matches(/^\d{6}$/, { message: 'totp deve ser exatamente 6 dígitos' })
+  totp?: string;
+
+  @ApiProperty({ minLength: 6 })
+  @IsString()
+  @MinLength(6, { message: 'new_password deve ter no mínimo 6 caracteres' })
+  @MaxLength(255)
+  new_password: string;
+
+  @ApiProperty({ minLength: 6 })
+  @IsString()
+  @MinLength(6, { message: 'new_password_confirmation deve ter no mínimo 6 caracteres' })
+  @MaxLength(255)
+  @MatchField('new_password', {
+    message: 'new_password_confirmation deve ser igual a new_password',
+  })
+  new_password_confirmation: string;
+}

package/src/auth/index.ts

@@ -8,12 +8,16 @@ export {
   RequestPasswordResetPayload,
   ConfirmPasswordResetPayload,
   PasswordResetFinalize2faPayload,
+  DeviceSessionsRevokePayload,
+  ChangeOwnPasswordPayload,
 } from './auth-kafka.payloads';
 export { RefreshTokenDto } from './refresh-token.dto';
 export { RequestPasswordResetDto } from './request-password-reset.dto';
 export { ConfirmPasswordResetDto } from './confirm-password-reset.dto';
 export { RequestPasswordResetResponseDto } from './request-password-reset-response.dto';
 export { PasswordResetFinalize2faDto } from './password-reset-finalize-2fa.dto';
+export { RevokeDeviceSessionDto } from './revoke-device-session.dto';
+export { ChangeOwnPasswordDto } from './change-own-password.dto';
 export { AuthLoginResponseDto } from './auth-login-response.dto';
 export { Login2faDto } from './login-2fa.dto';
 export {

package/src/auth/revoke-device-session.dto.ts

@@ -0,0 +1,19 @@
+import { ApiPropertyOptional } from '@nestjs/swagger';
+import { IsOptional, IsString, MaxLength, MinLength } from 'class-validator';
+
+/** Corpo de `POST /device-sessions/:id/revoke` — confirma identidade antes do logout remoto. */
+export class RevokeDeviceSessionDto {
+  @ApiPropertyOptional({ description: 'Senha atual (obrigatória se 2FA não estiver ativo)' })
+  @IsOptional()
+  @IsString()
+  @MinLength(1)
+  @MaxLength(255)
+  password?: string;
+
+  @ApiPropertyOptional({ description: 'Código TOTP de 6 dígitos (obrigatório se 2FA estiver ativo)' })
+  @IsOptional()
+  @IsString()
+  @MinLength(6)
+  @MaxLength(6)
+  totp?: string;
+}