npm - @ackplus/nest-auth - Versions diffs - 1.1.28 → 1.1.29 - Mend

@ackplus/nest-auth 1.1.28 → 1.1.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (980) hide show

package/src/lib/auth/guards/auth.guard.js DELETED Viewed

@@ -1,454 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.NestAuthAuthGuard = exports.OPTIONAL_AUTH_KEY = void 0;
-const tslib_1 = require("tslib");
-const common_1 = require("@nestjs/common");
-const auth_constants_1 = require("../../auth.constants");
-const core_1 = require("@nestjs/core");
-const jwt_service_1 = require("../../core/services/jwt.service");
-const session_manager_service_1 = require("../../session/services/session-manager.service");
-const access_key_service_1 = require("../../user/services/access-key.service");
-const skip_mfa_decorator_1 = require("../../core/decorators/skip-mfa.decorator");
-const permissions_decorator_1 = require("../../core/decorators/permissions.decorator");
-const role_decorator_1 = require("../../core/decorators/role.decorator");
-const auth_config_service_1 = require("../../core/services/auth-config.service");
-// Key for optional auth metadata
-exports.OPTIONAL_AUTH_KEY = 'optional_auth';
-/**
- * NestAuthAuthGuard
- *
- * Handles authentication and authorization for protected routes.
- * Token refresh is handled by RefreshTokenInterceptor (applied globally).
- *
- * This guard verifies:
- * - JWT tokens (Bearer)
- * - API keys
- * - MFA requirements
- * - Roles and permissions
- *
- * Note: For automatic token refresh, enable RefreshTokenInterceptor globally.
- */
-let NestAuthAuthGuard = class NestAuthAuthGuard {
-    constructor(reflector, jwtService, sessionManager, accessKeyService, authConfigService) {
-        this.reflector = reflector;
-        this.jwtService = jwtService;
-        this.sessionManager = sessionManager;
-        this.accessKeyService = accessKeyService;
-        this.authConfigService = authConfigService;
-    }
-    async canActivate(context) {
-        const request = context.switchToHttp().getRequest();
-        const response = context.switchToHttp().getResponse();
-        // Check if authentication is optional
-        const isOptional = this.reflector.getAllAndOverride(exports.OPTIONAL_AUTH_KEY, [
-            context.getHandler(),
-            context.getClass(),
-        ]);
-        // Initialize request properties
-        request.user = null;
-        request.session = null;
-        request.accessKey = null;
-        request.authType = null;
-        const authHeader = request.headers.authorization;
-        // If no auth header
-        if (!authHeader) {
-            if (isOptional) {
-                // Optional auth: allow request to proceed without user data
-                return true;
-            }
-            else {
-                // Required auth: throw error
-                throw new common_1.UnauthorizedException({
-                    message: 'No authentication provided',
-                    code: auth_constants_1.ERROR_CODES.NO_AUTH_PROVIDED
-                });
-            }
-        }
-        const [type, token] = authHeader.split(' ');
-        if (!type || !token) {
-            if (isOptional) {
-                return true;
-            }
-            else {
-                throw new common_1.UnauthorizedException({
-                    message: 'Invalid authentication format',
-                    code: auth_constants_1.ERROR_CODES.INVALID_AUTH_FORMAT
-                });
-            }
-        }
-        // Handle authentication
-        let isAuthenticated = false;
-        try {
-            switch (type.toLowerCase()) {
-                case 'bearer':
-                    isAuthenticated = await this.handleJwtAuth(context, request, response, token, isOptional);
-                    break;
-                case 'apikey':
-                    isAuthenticated = await this.handleApiKeyAuth(request, token, isOptional);
-                    break;
-                default:
-                    if (isOptional) {
-                        // Invalid auth type, but optional - proceed without user data
-                        return true;
-                    }
-                    else {
-                        throw new common_1.UnauthorizedException({
-                            message: 'Invalid authentication type',
-                            code: auth_constants_1.ERROR_CODES.INVALID_AUTH_TYPE
-                        });
-                    }
-            }
-        }
-        catch (error) {
-            if (isOptional) {
-                // If optional auth fails, silently proceed without user data
-                return true;
-            }
-            else {
-                // If required auth fails, re-throw the error
-                throw error;
-            }
-        }
-        // If authentication failed and it's required, stop here
-        if (!isAuthenticated && !isOptional) {
-            return false;
-        }
-        // After successful authentication, check authorization (roles, permissions)
-        // Only check authorization if user is authenticated and we have user data
-        if (isAuthenticated && request.user) {
-            await this.checkAuthorization(context, request);
-        }
-        return true;
-    }
-    async handleJwtAuth(context, request, response, token, isOptional = false) {
-        try {
-            // Verify the JWT token
-            const payload = await this.jwtService.verifyToken(token);
-            const config = this.authConfigService.getConfig();
-            // Apply guards.beforeAuth hook if configured
-            if (config.guards?.beforeAuth) {
-                const result = await config.guards.beforeAuth(request, payload);
-                if (result && result.reject) {
-                    throw new common_1.UnauthorizedException({
-                        message: result.reason || 'Authentication rejected by custom guard',
-                        code: auth_constants_1.ERROR_CODES.ACCESS_DENIED
-                    });
-                }
-            }
-            request.user = payload;
-            request.authType = 'jwt';
-            // Verify session exists
-            const session = await this.sessionManager.getSession(payload.sessionId);
-            if (!session) {
-                if (isOptional) {
-                    // Session not found but auth is optional - reset user data and continue
-                    request.user = null;
-                    request.authType = null;
-                    return false;
-                }
-                else {
-                    throw new common_1.UnauthorizedException({
-                        message: 'Session not found',
-                        code: auth_constants_1.ERROR_CODES.SESSION_NOT_FOUND
-                    });
-                }
-            }
-            // Apply jwt.validateToken hook if configured
-            if (config.jwt?.validateToken) {
-                const isValid = await config.jwt.validateToken(payload, session);
-                if (!isValid) {
-                    throw new common_1.UnauthorizedException({
-                        message: 'Token validation failed',
-                        code: auth_constants_1.ERROR_CODES.INVALID_TOKEN
-                    });
-                }
-            }
-            request.session = session;
-            // Check if user is active
-            if (session.user && session.user.isActive === false) {
-                if (isOptional) {
-                    request.user = null;
-                    request.authType = null;
-                    return false;
-                }
-                else {
-                    throw new common_1.UnauthorizedException({
-                        message: 'User is not active',
-                        code: auth_constants_1.ERROR_CODES.ACCOUNT_INACTIVE
-                    });
-                }
-            }
-            // Check MFA requirements
-            await this.checkMfa(context, payload, isOptional);
-            // Apply guards.afterAuth hook if configured
-            if (config.guards?.afterAuth) {
-                // We need the full user object for the hook if possible, but the signature asks for NestAuthUser
-                // The payload is just the JWT payload. The session has the user data.
-                // Let's try to use session.data.user if available, otherwise we might need to fetch it or cast payload
-                // The interface says user: NestAuthUser. session.data.user is usually the user object.
-                if (session.data?.user) {
-                    await config.guards.afterAuth(request, session.data.user, session);
-                }
-            }
-            return true;
-        }
-        catch (error) {
-            // Token verification failed
-            // Note: Token refresh is handled by RefreshTokenInterceptor
-            if (isOptional) {
-                // Auth is optional - continue without user data
-                return false;
-            }
-            else {
-                // If it's already an HttpException (like UnauthorizedException from our checks), rethrow it
-                if (error instanceof common_1.UnauthorizedException || error.status) {
-                    throw error;
-                }
-                throw new common_1.UnauthorizedException({
-                    message: 'Invalid or expired token',
-                    code: auth_constants_1.ERROR_CODES.INVALID_TOKEN
-                });
-            }
-        }
-    }
-    async handleApiKeyAuth(request, token, isOptional = false) {
-        // Split the token into public and private parts
-        const [publicKey, privateKey] = token.split('.');
-        if (!publicKey || !privateKey) {
-            if (isOptional) {
-                // Invalid format but auth is optional - continue without user data
-                return false;
-            }
-            else {
-                throw new common_1.UnauthorizedException({
-                    message: 'Invalid API key format',
-                    code: auth_constants_1.ERROR_CODES.INVALID_API_KEY_FORMAT
-                });
-            }
-        }
-        try {
-            // Validate API key pair
-            const isValid = await this.accessKeyService.validateAccessKey(publicKey, privateKey);
-            if (!isValid) {
-                if (isOptional) {
-                    // Invalid API key but auth is optional - continue without user data
-                    return false;
-                }
-                else {
-                    throw new common_1.UnauthorizedException({
-                        message: 'Invalid API key',
-                        code: auth_constants_1.ERROR_CODES.INVALID_API_KEY
-                    });
-                }
-            }
-            // Get access key details
-            const accessKey = await this.accessKeyService.getAccessKey(publicKey);
-            // Update last used timestamp
-            await this.accessKeyService.updateAccessKeyLastUsed(publicKey);
-            // Attach user and access key to request
-            request.user = accessKey.user;
-            request.accessKey = accessKey;
-            request.authType = 'api-key';
-            return true;
-        }
-        catch (error) {
-            if (isOptional) {
-                // API key validation failed but auth is optional - continue without user data
-                return false;
-            }
-            else {
-                throw error;
-            }
-        }
-    }
-    async checkMfa(context, payload, isOptional = false) {
-        // Check if MFA should be skipped
-        const skipMfa = this.reflector.getAllAndOverride(skip_mfa_decorator_1.SKIP_MFA_KEY, [
-            context.getHandler(),
-            context.getClass(),
-        ]);
-        // Get MFA status from token
-        const isMfaEnabled = payload.isMfaEnabled;
-        const isMfaVerified = payload.isMfaVerified;
-        // If MFA is enabled and not verified, and route is not marked to skip MFA, require MFA verification
-        if (isMfaEnabled && !isMfaVerified && !skipMfa) {
-            if (isOptional) {
-                // MFA required but auth is optional - this creates a conflict
-                // In this case, we should not set user data since MFA is not verified
-                throw new Error('MFA verification required - cannot proceed with optional auth');
-            }
-            else {
-                throw new common_1.UnauthorizedException({
-                    message: 'Multi-factor authentication is required',
-                    code: auth_constants_1.ERROR_CODES.MFA_REQUIRED
-                });
-            }
-        }
-    }
-    /**
-     * Check authorization (roles, permissions) after successful authentication
-     */
-    async checkAuthorization(context, request) {
-        // Get required permissions and roles from decorators
-        const requiredPermissions = this.getRequiredPermissions(context);
-        const requiredRoles = this.getRequiredRoles(context);
-        // If no authorization requirements, allow access
-        if (!requiredPermissions.length && !requiredRoles.length) {
-            return;
-        }
-        const user = request.user;
-        // Check if user exists
-        if (!user) {
-            throw new common_1.ForbiddenException({
-                message: 'Access denied: User not authenticated',
-                code: auth_constants_1.ERROR_CODES.UNAUTHORIZED,
-            });
-        }
-        // If isFetchUser=false, we might not have roles in the user object (which is just payload)
-        // Unless roles are in payload.
-        // Assuming roles are NOT in payload by default unless configured.
-        // If we need roles check but have no roles/data, we must throw or fetch.
-        // For now, if defaults are used, user is just payload.
-        // Check roles if required
-        if (requiredRoles.length > 0) {
-            await this.checkRoles(user, requiredRoles);
-        }
-        // Check permissions if required
-        if (requiredPermissions.length > 0) {
-            await this.checkPermissions(user, requiredPermissions);
-        }
-    }
-    /**
-     * Get required permissions from decorator
-     */
-    getRequiredPermissions(context) {
-        let permissions = this.reflector.getAllAndOverride(permissions_decorator_1.PERMISSIONS_KEY, [context.getHandler(), context.getClass()]);
-        if (!permissions) {
-            return [];
-        }
-        // Normalize to array
-        return typeof permissions === 'string' ? [permissions] : permissions;
-    }
-    /**
-     * Get required roles from decorator
-     */
-    getRequiredRoles(context) {
-        let roles = this.reflector.getAllAndOverride(role_decorator_1.ROLES_KEY, [context.getHandler(), context.getClass()]);
-        if (!roles) {
-            return [];
-        }
-        // Normalize to array
-        return typeof roles === 'string' ? [roles] : roles;
-    }
-    /**
-     * Check if user has required roles
-     */
-    /**
-     * Check if user has required roles
-     */
-    /**
-     * Helper to resolve user roles
-     */
-    async resolveUserRoles(user) {
-        const config = this.authConfigService.getConfig();
-        // Apply authorization.resolveRoles hook if configured
-        if (config.authorization?.resolveRoles) {
-            return await config.authorization.resolveRoles(user);
-        }
-        // Default behavior
-        if (!user.roles || !Array.isArray(user.roles)) {
-            // Return empty array instead of throwing, let the caller decide
-            return [];
-        }
-        // Get active role names
-        return user.roles
-            .filter((role) => role.isActive)
-            .map((role) => role.name);
-    }
-    /**
-     * Check if user has required roles
-     */
-    async checkRoles(user, requiredRoles) {
-        const userRoleNames = await this.resolveUserRoles(user);
-        if (userRoleNames.length === 0 && (!user.roles || !Array.isArray(user.roles))) {
-            throw new common_1.ForbiddenException({
-                message: 'Access denied: No roles assigned',
-                code: auth_constants_1.ERROR_CODES.NO_ROLES_ASSIGNED,
-            });
-        }
-        // Check if user has all required roles
-        const hasAllRoles = requiredRoles.every(role => userRoleNames.includes(role));
-        if (!hasAllRoles) {
-            const missingRoles = requiredRoles.filter(role => !userRoleNames.includes(role));
-            throw new common_1.ForbiddenException({
-                message: `Access denied: Missing required roles: ${missingRoles.join(', ')}`,
-                code: auth_constants_1.ERROR_CODES.MISSING_REQUIRED_ROLES,
-            });
-        }
-    }
-    /**
-     * Check if user has required permissions
-     */
-    /**
-     * Check if user has required permissions
-     */
-    /**
-     * Check if user has required permissions
-     */
-    async checkPermissions(user, requiredPermissions) {
-        const config = this.authConfigService.getConfig();
-        let userPermissions = [];
-        // Apply authorization.resolvePermissions hook if configured
-        if (config.authorization?.resolvePermissions) {
-            // Resolve roles first as they are needed for the hook
-            const roles = await this.resolveUserRoles(user);
-            userPermissions = await config.authorization.resolvePermissions(user, roles);
-        }
-        else {
-            // Default behavior
-            if (!user.roles || !Array.isArray(user.roles)) {
-                throw new common_1.ForbiddenException({
-                    message: 'Access denied: No roles assigned for permission check',
-                    code: auth_constants_1.ERROR_CODES.NO_ROLES_ASSIGNED,
-                });
-            }
-            // Get all permissions from user's roles
-            userPermissions = this.getUserPermissions(user.roles);
-        }
-        // Check if user has all required permissions
-        const hasAllPermissions = requiredPermissions.every(permission => userPermissions.includes(permission));
-        if (!hasAllPermissions) {
-            const missingPermissions = requiredPermissions.filter(permission => !userPermissions.includes(permission));
-            throw new common_1.ForbiddenException({
-                message: `Access denied: Missing required permissions: ${missingPermissions.join(', ')}`,
-                code: auth_constants_1.ERROR_CODES.MISSING_REQUIRED_PERMISSIONS,
-            });
-        }
-    }
-    /**
-     * Extract all permissions from user's roles
-     */
-    getUserPermissions(roles) {
-        const permissions = new Set();
-        roles.forEach(role => {
-            // Skip inactive roles
-            if (!role.isActive) {
-                return;
-            }
-            // Add permissions from this role
-            if (role.permissions && Array.isArray(role.permissions)) {
-                role.permissions.forEach(permission => permissions.add(permission));
-            }
-        });
-        return Array.from(permissions);
-    }
-};
-exports.NestAuthAuthGuard = NestAuthAuthGuard;
-exports.NestAuthAuthGuard = NestAuthAuthGuard = tslib_1.__decorate([
-    (0, common_1.Injectable)(),
-    tslib_1.__metadata("design:paramtypes", [core_1.Reflector,
-        jwt_service_1.JwtService,
-        session_manager_service_1.SessionManagerService,
-        access_key_service_1.AccessKeyService,
-        auth_config_service_1.AuthConfigService])
-], NestAuthAuthGuard);

package/src/lib/auth/index.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../packages/nest-auth/src/lib/auth/index.ts"],"names":[],"mappings":"AACA,cAAc,qBAAqB,CAAC;AACpC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAGxD,cAAc,0CAA0C,CAAC;AAGzD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yCAAyC,CAAC;AACxD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,kCAAkC,CAAC;AACjD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,mCAAmC,CAAC;AAClD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,qCAAqC,CAAC;AAGpD,cAAc,yBAAyB,CAAC;AACxC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,wBAAwB,CAAC;AACvC,cAAc,kCAAkC,CAAC;AAGjD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,8BAA8B,CAAC;AAG7C,cAAc,kCAAkC,CAAC;AACjD,cAAc,mCAAmC,CAAC;AAClD,cAAc,0CAA0C,CAAC;AACzD,cAAc,yCAAyC,CAAC;AACxD,cAAc,yCAAyC,CAAC;AACxD,cAAc,4CAA4C,CAAC;AAC3D,cAAc,2CAA2C,CAAC;AAC1D,cAAc,sDAAsD,CAAC;AACrE,cAAc,uDAAuD,CAAC;AACtE,cAAc,0CAA0C,CAAC;AACzD,cAAc,4CAA4C,CAAC;AAC3D,cAAc,uCAAuC,CAAC;AACtD,cAAc,0CAA0C,CAAC;AACzD,cAAc,uCAAuC,CAAC;AACtD,cAAc,8CAA8C,CAAC;AAC7D,cAAc,mCAAmC,CAAC;AAClD,cAAc,0CAA0C,CAAC;AACzD,cAAc,yCAAyC,CAAC;AACxD,cAAc,yCAAyC,CAAC;AACxD,cAAc,4CAA4C,CAAC;AAG3D,cAAc,uBAAuB,CAAC;AACtC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,kCAAkC,CAAC"}

package/src/lib/auth/index.js DELETED Viewed

@@ -1,53 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.OPTIONAL_AUTH_KEY = void 0;
-const tslib_1 = require("tslib");
-// Guards
-tslib_1.__exportStar(require("./guards/auth.guard"), exports);
-var auth_guard_1 = require("./guards/auth.guard");
-Object.defineProperty(exports, "OPTIONAL_AUTH_KEY", { enumerable: true, get: function () { return auth_guard_1.OPTIONAL_AUTH_KEY; } });
-// Interceptors
-tslib_1.__exportStar(require("./interceptors/refresh-token.interceptor"), exports);
-// Events
-tslib_1.__exportStar(require("./events/logged-out-all.event"), exports);
-tslib_1.__exportStar(require("./events/logged-out.event"), exports);
-tslib_1.__exportStar(require("./events/password-reset-requested.event"), exports);
-tslib_1.__exportStar(require("./events/password-reset.event"), exports);
-tslib_1.__exportStar(require("./events/user-2fa-verified.event"), exports);
-tslib_1.__exportStar(require("./events/user-logged-in.event"), exports);
-tslib_1.__exportStar(require("./events/user-refresh-token.event"), exports);
-tslib_1.__exportStar(require("./events/user-registered.event"), exports);
-tslib_1.__exportStar(require("./events/two-factor-code-sent.event"), exports);
-// Services
-tslib_1.__exportStar(require("./services/auth.service"), exports);
-tslib_1.__exportStar(require("./services/cookie.service"), exports);
-tslib_1.__exportStar(require("./services/mfa.service"), exports);
-tslib_1.__exportStar(require("./services/client-config.service"), exports);
-// Controllers
-tslib_1.__exportStar(require("./controllers/auth.controller"), exports);
-tslib_1.__exportStar(require("./controllers/mfa.controller"), exports);
-// DTOs
-tslib_1.__exportStar(require("./dto/requests/login.request.dto"), exports);
-tslib_1.__exportStar(require("./dto/requests/signup.request.dto"), exports);
-tslib_1.__exportStar(require("./dto/credentials/social-credentials.dto"), exports);
-tslib_1.__exportStar(require("./dto/credentials/email-credentials.dto"), exports);
-tslib_1.__exportStar(require("./dto/credentials/phone-credentials.dto"), exports);
-tslib_1.__exportStar(require("./dto/requests/forgot-password.request.dto"), exports);
-tslib_1.__exportStar(require("./dto/requests/reset-password.request.dto"), exports);
-tslib_1.__exportStar(require("./dto/requests/reset-password-with-token.request.dto"), exports);
-tslib_1.__exportStar(require("./dto/requests/verify-forgot-password-otp-request-dto"), exports);
-tslib_1.__exportStar(require("./dto/requests/send-mfa-code.request.dto"), exports);
-tslib_1.__exportStar(require("./dto/requests/change-password.request.dto"), exports);
-tslib_1.__exportStar(require("./dto/requests/toggle-mfa.request.dto"), exports);
-tslib_1.__exportStar(require("./dto/requests/refresh-token.request.dto"), exports);
-tslib_1.__exportStar(require("./dto/requests/verify-2fa.request.dto"), exports);
-tslib_1.__exportStar(require("./dto/requests/verify-totp-setup.request.dto"), exports);
-tslib_1.__exportStar(require("./dto/responses/auth.response.dto"), exports);
-tslib_1.__exportStar(require("./dto/responses/auth-cookie.response.dto"), exports);
-tslib_1.__exportStar(require("./dto/responses/verify-otp.response.dto"), exports);
-tslib_1.__exportStar(require("./dto/responses/mfa-status.response.dto"), exports);
-tslib_1.__exportStar(require("./dto/responses/client-config.response.dto"), exports);
-// Entities
-tslib_1.__exportStar(require("./entities/otp.entity"), exports);
-tslib_1.__exportStar(require("./entities/mfa-secret.entity"), exports);
-tslib_1.__exportStar(require("./entities/trusted-device.entity"), exports);

package/src/lib/auth/interceptors/refresh-token.interceptor.d.ts DELETED Viewed

@@ -1,43 +0,0 @@
-import { NestInterceptor, ExecutionContext, CallHandler } from '@nestjs/common';
-import { Observable } from 'rxjs';
-import { AuthService } from '../services/auth.service';
-import { CookieService } from '../services/cookie.service';
-import { JwtService } from '../../core/services/jwt.service';
-import { AuthConfigService } from '../../core/services/auth-config.service';
-/**
- * RefreshTokenInterceptor
- *
- * Automatically handles token refresh when access token is expired.
- * This interceptor runs before guards and catches token expiration errors,
- * attempting to refresh the token transparently.
- *
- * Token delivery method (header vs cookie) respects the `accessTokenType` configuration:
- * - If `accessTokenType: 'header'` (default): Updates Authorization header only
- * - If `accessTokenType: 'cookie'`: Sets tokens in cookies
- *
- * Apply this globally to handle token refresh across your entire application.
- *
- * @example
- * ```typescript
- * // In AppModule or NestAuthModule configuration
- * providers: [
- *   {
- *     provide: APP_INTERCEPTOR,
- *     useClass: RefreshTokenInterceptor,
- *   },
- * ]
- * ```
- */
-export declare class RefreshTokenInterceptor implements NestInterceptor {
-    private readonly authService;
-    private readonly cookieService;
-    private readonly jwtService;
-    private readonly authConfig;
-    constructor(authService: AuthService, cookieService: CookieService, jwtService: JwtService, authConfig: AuthConfigService);
-    intercept(context: ExecutionContext, next: CallHandler): Promise<Observable<any>>;
-    /**
-     * Extract refresh token from cookies or headers
-     */
-    private extractRefreshToken;
-}
-//# sourceMappingURL=refresh-token.interceptor.d.ts.map

package/src/lib/auth/interceptors/refresh-token.interceptor.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"refresh-token.interceptor.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/interceptors/refresh-token.interceptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,eAAe,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC5F,OAAO,EAAE,UAAU,EAAc,MAAM,MAAM,CAAC;AAG9C,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AAG5E;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBACa,uBAAwB,YAAW,eAAe;IAEvD,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAHV,WAAW,EAAE,WAAW,EACxB,aAAa,EAAE,aAAa,EAC5B,UAAU,EAAE,UAAU,EACtB,UAAU,EAAE,iBAAiB;IAG5C,SAAS,CAAC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAuDvF;;OAEG;IACH,OAAO,CAAC,mBAAmB;CAe9B"}

package/src/lib/auth/interceptors/refresh-token.interceptor.js DELETED Viewed

@@ -1,115 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.RefreshTokenInterceptor = void 0;
-const tslib_1 = require("tslib");
-const common_1 = require("@nestjs/common");
-const auth_service_1 = require("../services/auth.service");
-const cookie_service_1 = require("../services/cookie.service");
-const jwt_service_1 = require("../../core/services/jwt.service");
-const auth_config_service_1 = require("../../core/services/auth-config.service");
-const auth_constants_1 = require("../../auth.constants");
-/**
- * RefreshTokenInterceptor
- *
- * Automatically handles token refresh when access token is expired.
- * This interceptor runs before guards and catches token expiration errors,
- * attempting to refresh the token transparently.
- *
- * Token delivery method (header vs cookie) respects the `accessTokenType` configuration:
- * - If `accessTokenType: 'header'` (default): Updates Authorization header only
- * - If `accessTokenType: 'cookie'`: Sets tokens in cookies
- *
- * Apply this globally to handle token refresh across your entire application.
- *
- * @example
- * ```typescript
- * // In AppModule or NestAuthModule configuration
- * providers: [
- *   {
- *     provide: APP_INTERCEPTOR,
- *     useClass: RefreshTokenInterceptor,
- *   },
- * ]
- * ```
- */
-let RefreshTokenInterceptor = class RefreshTokenInterceptor {
-    constructor(authService, cookieService, jwtService, authConfig) {
-        this.authService = authService;
-        this.cookieService = cookieService;
-        this.jwtService = jwtService;
-        this.authConfig = authConfig;
-    }
-    async intercept(context, next) {
-        const request = context.switchToHttp().getRequest();
-        const response = context.switchToHttp().getResponse();
-        // Extract access token from Authorization header
-        const authHeader = request.headers.authorization;
-        if (!authHeader || !authHeader.startsWith('Bearer ')) {
-            // No bearer token, proceed normally
-            return next.handle();
-        }
-        const accessToken = authHeader.split(' ')[1];
-        if (!accessToken) {
-            return next.handle();
-        }
-        // Try to verify the access token
-        try {
-            await this.jwtService.verifyToken(accessToken);
-            // Token is valid, proceed normally
-            return next.handle();
-        }
-        catch (error) {
-            // Token is invalid or expired, try to refresh
-            const refreshToken = this.extractRefreshToken(request);
-            if (!refreshToken) {
-                // No refresh token available, let the guard handle it
-                return next.handle();
-            }
-            try {
-                // Attempt to refresh the token
-                const newSession = await this.authService.refreshToken(refreshToken);
-                // Get auth configuration
-                const config = this.authConfig.getConfig();
-                const useCookies = config.accessTokenType === 'cookie';
-                if (useCookies) {
-                    // Cookie-based auth: Set tokens in cookies
-                    this.cookieService.setTokens(response, newSession.accessToken, newSession.refreshToken);
-                }
-                else {
-                    // Header-based auth (default): Update Authorization header only
-                    request.headers.authorization = `Bearer ${newSession.accessToken}`;
-                }
-                // Proceed with the new token
-                return next.handle();
-            }
-            catch (refreshError) {
-                // Refresh failed, let the guard handle the authentication failure
-                return next.handle();
-            }
-        }
-    }
-    /**
-     * Extract refresh token from cookies or headers
-     */
-    extractRefreshToken(request) {
-        // Try to get refresh token from cookies
-        const tokenFromCookie = request.cookies?.[auth_constants_1.REFRESH_TOKEN_COOKIE_NAME];
-        if (tokenFromCookie) {
-            return tokenFromCookie;
-        }
-        // If not in cookies, try the custom header
-        const authHeader = request.headers['x-refresh-token'];
-        if (authHeader) {
-            return authHeader;
-        }
-        return null;
-    }
-};
-exports.RefreshTokenInterceptor = RefreshTokenInterceptor;
-exports.RefreshTokenInterceptor = RefreshTokenInterceptor = tslib_1.__decorate([
-    (0, common_1.Injectable)(),
-    tslib_1.__metadata("design:paramtypes", [auth_service_1.AuthService,
-        cookie_service_1.CookieService,
-        jwt_service_1.JwtService,
-        auth_config_service_1.AuthConfigService])
-], RefreshTokenInterceptor);