rckrdmrd/template-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
template-saas/apps/backend/dist/modules/auth/services/auth.service.js
rckrdmrd 50a821a415
Some checks failed
CI / Backend CI (push) Has been cancelled
Details
CI / Frontend CI (push) Has been cancelled
Details
CI / Security Scan (push) Has been cancelled
Details
CI / CI Summary (push) Has been cancelled
Details
[SIMCO-V38] feat: Actualizar a SIMCO v3.8.0 
- HERENCIA-SIMCO.md actualizado con directivas v3.7 y v3.8
- Actualizaciones de configuracion

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-10 08:53:08 -06:00

338 lines
14 KiB
JavaScript
Raw Permalink Blame History

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
return function (target, key) { decorator(target, key, paramIndex); }
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthService = void 0;
const common_1 = require("@nestjs/common");
const typeorm_1 = require("@nestjs/typeorm");
const typeorm_2 = require("typeorm");
const jwt_1 = require("@nestjs/jwt");
const config_1 = require("@nestjs/config");
const bcrypt = __importStar(require("bcrypt"));
const crypto = __importStar(require("crypto"));
const entities_1 = require("../entities");
let AuthService = class AuthService {
constructor(userRepository, sessionRepository, tokenRepository, jwtService, configService, dataSource) {
this.userRepository = userRepository;
this.sessionRepository = sessionRepository;
this.tokenRepository = tokenRepository;
this.jwtService = jwtService;
this.configService = configService;
this.dataSource = dataSource;
}
async register(dto, tenantId, ip, userAgent) {
const existing = await this.userRepository.findOne({
where: { email: dto.email, tenant_id: tenantId },
});
if (existing) {
throw new common_1.ConflictException('Email ya registrado en esta organización');
}
const passwordHash = await bcrypt.hash(dto.password, 12);
const user = this.userRepository.create({
tenant_id: tenantId,
email: dto.email,
password_hash: passwordHash,
first_name: dto.first_name || null,
last_name: dto.last_name || null,
phone: dto.phone || null,
status: 'pending_verification',
email_verified: false,
});
await this.userRepository.save(user);
const tokens = await this.generateTokens(user, ip, userAgent);
await this.createVerificationToken(user);
return {
user: this.sanitizeUser(user),
...tokens,
};
}
async login(dto, tenantId, ip, userAgent) {
const user = await this.userRepository.findOne({
where: { email: dto.email, tenant_id: tenantId },
});
if (!user) {
throw new common_1.UnauthorizedException('Credenciales inválidas');
}
const isValid = await bcrypt.compare(dto.password, user.password_hash);
if (!isValid) {
throw new common_1.UnauthorizedException('Credenciales inválidas');
}
if (user.status === 'suspended') {
throw new common_1.UnauthorizedException('Cuenta suspendida');
}
if (user.status === 'inactive') {
throw new common_1.UnauthorizedException('Cuenta inactiva');
}
user.last_login_at = new Date();
user.last_login_ip = ip || null;
await this.userRepository.save(user);
const tokens = await this.generateTokens(user, ip, userAgent);
return {
user: this.sanitizeUser(user),
...tokens,
};
}
async logout(userId, sessionToken) {
await this.sessionRepository.update({ user_id: userId, session_token: sessionToken }, { is_active: false });
}
async logoutAll(userId) {
await this.sessionRepository.update({ user_id: userId }, { is_active: false });
}
async refreshToken(refreshToken, ip, userAgent) {
try {
const payload = this.jwtService.verify(refreshToken, {
secret: this.configService.get('jwt.secret'),
});
const user = await this.userRepository.findOne({
where: { id: payload.sub },
});
if (!user) {
throw new common_1.UnauthorizedException('Usuario no encontrado');
}
const refreshTokenHash = this.hashToken(refreshToken);
const session = await this.sessionRepository.findOne({
where: {
user_id: user.id,
refresh_token_hash: refreshTokenHash,
is_active: true,
},
});
if (!session) {
throw new common_1.UnauthorizedException('Sesión inválida');
}
if (new Date() > session.expires_at) {
await this.sessionRepository.update({ id: session.id }, { is_active: false });
throw new common_1.UnauthorizedException('Sesión expirada');
}
const tokens = await this.generateTokens(user, ip, userAgent, session.id);
return tokens;
}
catch (error) {
if (error instanceof common_1.UnauthorizedException) {
throw error;
}
throw new common_1.UnauthorizedException('Token inválido');
}
}
async changePassword(userId, dto) {
const user = await this.userRepository.findOne({
where: { id: userId },
});
if (!user) {
throw new common_1.NotFoundException('Usuario no encontrado');
}
const isValid = await bcrypt.compare(dto.currentPassword, user.password_hash);
if (!isValid) {
throw new common_1.BadRequestException('Password actual incorrecto');
}
if (dto.currentPassword === dto.newPassword) {
throw new common_1.BadRequestException('El nuevo password debe ser diferente al actual');
}
const newHash = await bcrypt.hash(dto.newPassword, 12);
await this.userRepository.update({ id: userId }, { password_hash: newHash });
return { message: 'Password actualizado correctamente' };
}
async requestPasswordReset(email, tenantId) {
const user = await this.userRepository.findOne({
where: { email, tenant_id: tenantId },
});
if (!user) {
return { message: 'Si el email existe, recibirás instrucciones para restablecer tu password' };
}
const token = crypto.randomBytes(32).toString('hex');
const tokenHash = this.hashToken(token);
await this.tokenRepository.save({
user_id: user.id,
tenant_id: tenantId,
token_type: 'password_reset',
token_hash: tokenHash,
expires_at: new Date(Date.now() + 60 * 60 * 1000),
});
return { message: 'Si el email existe, recibirás instrucciones para restablecer tu password' };
}
async resetPassword(token, newPassword, tenantId) {
const tokenHash = this.hashToken(token);
const tokenRecord = await this.tokenRepository.findOne({
where: {
token_hash: tokenHash,
tenant_id: tenantId,
token_type: 'password_reset',
is_used: false,
},
});
if (!tokenRecord) {
throw new common_1.BadRequestException('Token inválido o expirado');
}
if (new Date() > tokenRecord.expires_at) {
throw new common_1.BadRequestException('Token expirado');
}
const passwordHash = await bcrypt.hash(newPassword, 12);
await this.userRepository.update({ id: tokenRecord.user_id }, { password_hash: passwordHash });
await this.tokenRepository.update({ id: tokenRecord.id }, { is_used: true, used_at: new Date() });
await this.logoutAll(tokenRecord.user_id);
return { message: 'Password restablecido correctamente' };
}
async verifyEmail(token, tenantId) {
const tokenHash = this.hashToken(token);
const tokenRecord = await this.tokenRepository.findOne({
where: {
token_hash: tokenHash,
tenant_id: tenantId,
token_type: 'email_verification',
is_used: false,
},
});
if (!tokenRecord) {
throw new common_1.BadRequestException('Token inválido o expirado');
}
if (new Date() > tokenRecord.expires_at) {
throw new common_1.BadRequestException('Token expirado');
}
await this.userRepository.update({ id: tokenRecord.user_id }, {
email_verified: true,
email_verified_at: new Date(),
status: 'active',
});
await this.tokenRepository.update({ id: tokenRecord.id }, { is_used: true, used_at: new Date() });
return { message: 'Email verificado correctamente' };
}
async validateUser(userId) {
return this.userRepository.findOne({
where: { id: userId, status: 'active' },
});
}
async getProfile(userId) {
const user = await this.userRepository.findOne({
where: { id: userId },
});
if (!user) {
throw new common_1.NotFoundException('Usuario no encontrado');
}
return this.sanitizeUser(user);
}
async generateTokens(user, ip, userAgent, existingSessionId) {
const payload = {
sub: user.id,
email: user.email,
tenant_id: user.tenant_id,
};
const accessTokenExpiry = this.configService.get('jwt.expiresIn') || '15m';
const refreshTokenExpiry = this.configService.get('jwt.refreshExpiresIn') || '7d';
const accessToken = this.jwtService.sign(payload, {
expiresIn: accessTokenExpiry,
});
const refreshToken = this.jwtService.sign(payload, {
expiresIn: refreshTokenExpiry,
});
const sessionToken = crypto.randomBytes(32).toString('hex');
const refreshTokenHash = this.hashToken(refreshToken);
if (existingSessionId) {
await this.sessionRepository.update({ id: existingSessionId }, {
refresh_token_hash: refreshTokenHash,
last_activity_at: new Date(),
expires_at: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
});
}
else {
await this.sessionRepository.save({
user_id: user.id,
tenant_id: user.tenant_id,
session_token: sessionToken,
refresh_token_hash: refreshTokenHash,
ip_address: ip || null,
user_agent: userAgent || null,
device_type: this.detectDeviceType(userAgent),
expires_at: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
last_activity_at: new Date(),
is_active: true,
});
}
return { accessToken, refreshToken };
}
async createVerificationToken(user) {
const token = crypto.randomBytes(32).toString('hex');
const tokenHash = this.hashToken(token);
await this.tokenRepository.save({
user_id: user.id,
tenant_id: user.tenant_id,
token_type: 'email_verification',
token_hash: tokenHash,
expires_at: new Date(Date.now() + 24 * 60 * 60 * 1000),
});
return token;
}
hashToken(token) {
return crypto.createHash('sha256').update(token).digest('hex');
}
sanitizeUser(user) {
const { password_hash, ...sanitized } = user;
return sanitized;
}
detectDeviceType(userAgent) {
if (!userAgent)
return 'unknown';
const ua = userAgent.toLowerCase();
if (/mobile|android|iphone|ipod/.test(ua))
return 'mobile';
if (/tablet|ipad/.test(ua))
return 'tablet';
return 'desktop';
}
};
exports.AuthService = AuthService;
exports.AuthService = AuthService = __decorate([
(0, common_1.Injectable)(),
__param(0, (0, typeorm_1.InjectRepository)(entities_1.User)),
__param(1, (0, typeorm_1.InjectRepository)(entities_1.Session)),
__param(2, (0, typeorm_1.InjectRepository)(entities_1.Token)),
__metadata("design:paramtypes", [typeorm_2.Repository,
typeorm_2.Repository,
typeorm_2.Repository,
jwt_1.JwtService,
config_1.ConfigService,
typeorm_2.DataSource])
], AuthService);
//# sourceMappingURL=auth.service.js.map
Reference in New Issue View Git Blame Copy Permalink