@adatechnology/auth-keycloak 0.0.1 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +46 -0
- package/dist/errors/keycloak-error.d.ts +11 -0
- package/dist/errors/keycloak-error.js +20 -0
- package/dist/errors/keycloak-error.js.map +1 -0
- package/dist/index.d.ts +6 -65
- package/dist/index.js +16 -15132
- package/dist/index.js.map +1 -0
- package/dist/{src/keycloak.client.d.ts → keycloak.client.d.ts} +10 -3
- package/dist/keycloak.client.js +320 -0
- package/dist/keycloak.client.js.map +1 -0
- package/dist/{src/keycloak.http.interceptor.d.ts → keycloak.http.interceptor.d.ts} +2 -4
- package/dist/{src/keycloak.http.interceptor.js → keycloak.http.interceptor.js} +14 -16
- package/dist/keycloak.http.interceptor.js.map +1 -0
- package/dist/{src/keycloak.interface.d.ts → keycloak.interface.d.ts} +25 -3
- package/dist/keycloak.interface.js +3 -0
- package/dist/keycloak.interface.js.map +1 -0
- package/dist/keycloak.module.js +63 -0
- package/dist/keycloak.module.js.map +1 -0
- package/dist/keycloak.token.js +7 -0
- package/dist/keycloak.token.js.map +1 -0
- package/dist/roles.decorator.d.ts +19 -0
- package/dist/roles.decorator.js +34 -0
- package/dist/roles.decorator.js.map +1 -0
- package/dist/roles.guard.d.ts +10 -0
- package/dist/roles.guard.js +103 -0
- package/dist/roles.guard.js.map +1 -0
- package/package.json +13 -6
- package/dist/index.mjs +0 -15128
- package/dist/src/index.d.ts +0 -3
- package/dist/src/index.js +0 -2
- package/dist/src/keycloak.client.js +0 -140
- package/dist/src/keycloak.interface.js +0 -1
- package/dist/src/keycloak.module.js +0 -40
- package/dist/src/keycloak.token.js +0 -3
- package/dist/tsconfig.tsbuildinfo +0 -1
- /package/dist/{src/keycloak.module.d.ts → keycloak.module.d.ts} +0 -0
- /package/dist/{src/keycloak.token.d.ts → keycloak.token.d.ts} +0 -0
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { CanActivate, ExecutionContext } from "@nestjs/common";
|
|
2
|
+
import { Reflector } from "@nestjs/core";
|
|
3
|
+
import type { KeycloakConfig } from "./keycloak.interface";
|
|
4
|
+
export declare class RolesGuard implements CanActivate {
|
|
5
|
+
private readonly reflector;
|
|
6
|
+
private readonly config?;
|
|
7
|
+
constructor(reflector: Reflector, config?: KeycloakConfig);
|
|
8
|
+
canActivate(context: ExecutionContext): boolean | Promise<boolean>;
|
|
9
|
+
private decodeJwtPayload;
|
|
10
|
+
}
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.RolesGuard = void 0;
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
const core_1 = require("@nestjs/core");
|
|
18
|
+
const roles_decorator_1 = require("./roles.decorator");
|
|
19
|
+
const keycloak_token_1 = require("./keycloak.token");
|
|
20
|
+
const shared_1 = require("@adatechnology/shared");
|
|
21
|
+
let RolesGuard = class RolesGuard {
|
|
22
|
+
reflector;
|
|
23
|
+
config;
|
|
24
|
+
constructor(reflector, config) {
|
|
25
|
+
this.reflector = reflector;
|
|
26
|
+
this.config = config;
|
|
27
|
+
}
|
|
28
|
+
canActivate(context) {
|
|
29
|
+
const meta = this.reflector.get(roles_decorator_1.ROLES_META_KEY, context.getHandler()) ||
|
|
30
|
+
this.reflector.get(roles_decorator_1.ROLES_META_KEY, context.getClass());
|
|
31
|
+
if (!meta || !meta.roles || meta.roles.length === 0)
|
|
32
|
+
return true;
|
|
33
|
+
const req = context.switchToHttp().getRequest();
|
|
34
|
+
const authHeader = req.headers?.authorization || req.headers?.Authorization;
|
|
35
|
+
const token = authHeader
|
|
36
|
+
? String(authHeader).split(" ")[1]
|
|
37
|
+
: req.query?.token;
|
|
38
|
+
if (!token)
|
|
39
|
+
throw new shared_1.BaseAppError({
|
|
40
|
+
message: "Authorization token not provided",
|
|
41
|
+
status: 403,
|
|
42
|
+
code: "FORBIDDEN_MISSING_TOKEN",
|
|
43
|
+
context: {},
|
|
44
|
+
});
|
|
45
|
+
const payload = this.decodeJwtPayload(token);
|
|
46
|
+
const availableRoles = new Set();
|
|
47
|
+
// realm roles
|
|
48
|
+
if (payload?.realm_access?.roles &&
|
|
49
|
+
Array.isArray(payload.realm_access.roles)) {
|
|
50
|
+
payload.realm_access.roles.forEach((r) => availableRoles.add(r));
|
|
51
|
+
}
|
|
52
|
+
// client roles (resource_access)
|
|
53
|
+
const clientId = this.config?.credentials?.clientId;
|
|
54
|
+
if (clientId && payload?.resource_access?.[clientId]?.roles) {
|
|
55
|
+
payload.resource_access[clientId].roles.forEach((r) => availableRoles.add(r));
|
|
56
|
+
}
|
|
57
|
+
// also consider all client roles if type is 'both' and resource_access exists
|
|
58
|
+
if (meta.type === "both" && payload?.resource_access) {
|
|
59
|
+
Object.values(payload.resource_access).forEach((entry) => {
|
|
60
|
+
if (entry?.roles && Array.isArray(entry.roles)) {
|
|
61
|
+
entry.roles.forEach((r) => availableRoles.add(r));
|
|
62
|
+
}
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
// matching
|
|
66
|
+
const required = meta.roles || [];
|
|
67
|
+
const hasMatch = required.map((r) => availableRoles.has(r));
|
|
68
|
+
const result = meta.mode === "all" ? hasMatch.every(Boolean) : hasMatch.some(Boolean);
|
|
69
|
+
if (!result)
|
|
70
|
+
throw new shared_1.BaseAppError({
|
|
71
|
+
message: "Insufficient roles",
|
|
72
|
+
status: 403,
|
|
73
|
+
code: "FORBIDDEN_INSUFFICIENT_ROLES",
|
|
74
|
+
context: { required: required },
|
|
75
|
+
});
|
|
76
|
+
return true;
|
|
77
|
+
}
|
|
78
|
+
decodeJwtPayload(token) {
|
|
79
|
+
try {
|
|
80
|
+
const parts = token.split(".");
|
|
81
|
+
if (parts.length < 2)
|
|
82
|
+
return {};
|
|
83
|
+
const payload = parts[1];
|
|
84
|
+
const BufferCtor = globalThis.Buffer;
|
|
85
|
+
if (!BufferCtor)
|
|
86
|
+
return {};
|
|
87
|
+
const decoded = BufferCtor.from(payload, "base64").toString("utf8");
|
|
88
|
+
return JSON.parse(decoded);
|
|
89
|
+
}
|
|
90
|
+
catch (e) {
|
|
91
|
+
return {};
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
};
|
|
95
|
+
exports.RolesGuard = RolesGuard;
|
|
96
|
+
exports.RolesGuard = RolesGuard = __decorate([
|
|
97
|
+
(0, common_1.Injectable)(),
|
|
98
|
+
__param(0, (0, common_1.Inject)(core_1.Reflector)),
|
|
99
|
+
__param(1, (0, common_1.Optional)()),
|
|
100
|
+
__param(1, (0, common_1.Inject)(keycloak_token_1.KEYCLOAK_CONFIG)),
|
|
101
|
+
__metadata("design:paramtypes", [core_1.Reflector, Object])
|
|
102
|
+
], RolesGuard);
|
|
103
|
+
//# sourceMappingURL=roles.guard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"roles.guard.js","sourceRoot":"","sources":["../src/roles.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAMwB;AACxB,uCAAyC;AACzC,uDAAiE;AACjE,qDAAmD;AAGnD,kDAAqD;AAG9C,IAAM,UAAU,GAAhB,MAAM,UAAU;IAGF;IAGA;IALnB,YAEmB,SAAoB,EAGpB,MAAuB;QAHvB,cAAS,GAAT,SAAS,CAAW;QAGpB,WAAM,GAAN,MAAM,CAAiB;IACvC,CAAC;IAEJ,WAAW,CAAC,OAAyB;QACnC,MAAM,IAAI,GACR,IAAI,CAAC,SAAS,CAAC,GAAG,CAAe,gCAAc,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC;YACtE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAe,gCAAc,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QAEvE,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEjE,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QAChD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,EAAE,aAAa,IAAI,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC;QAC5E,MAAM,KAAK,GAAG,UAAU;YACtB,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAClC,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC;QAErB,IAAI,CAAC,KAAK;YACR,MAAM,IAAI,qBAAY,CAAC;gBACrB,OAAO,EAAE,kCAAkC;gBAC3C,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,yBAAyB;gBAC/B,OAAO,EAAE,EAAE;aACZ,CAAC,CAAC;QAEL,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAE7C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;QAEzC,cAAc;QACd,IACE,OAAO,EAAE,YAAY,EAAE,KAAK;YAC5B,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,EACzC,CAAC;YACD,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3E,CAAC;QAED,iCAAiC;QACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC;QACpD,IAAI,QAAQ,IAAI,OAAO,EAAE,eAAe,EAAE,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,CAAC;YAC5D,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAS,EAAE,EAAE,CAC5D,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CACtB,CAAC;QACJ,CAAC;QAED,8EAA8E;QAC9E,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,EAAE,eAAe,EAAE,CAAC;YACrD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;gBACvD,IAAI,KAAK,EAAE,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC9C,KAAK,CAAC,KAAkB,CAAC,OAAO,CAAC,CAAC,CAAS,EAAE,EAAE,CAC9C,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CACtB,CAAC;gBACJ,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,WAAW;QACX,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAE5D,MAAM,MAAM,GACV,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEzE,IAAI,CAAC,MAAM;YACT,MAAM,IAAI,qBAAY,CAAC;gBACrB,OAAO,EAAE,oBAAoB;gBAC7B,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,8BAA8B;gBACpC,OAAO,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE;aAChC,CAAC,CAAC;QAEL,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,gBAAgB,CAAC,KAAa;QACpC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,OAAO,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,MAAM,UAAU,GACd,UAQD,CAAC,MAAM,CAAC;YACT,IAAI,CAAC,UAAU;gBAAE,OAAO,EAAE,CAAC;YAC3B,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACpE,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAuB,CAAC;QACnD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF,CAAA;AArGY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;IAGR,WAAA,IAAA,eAAM,EAAC,gBAAS,CAAC,CAAA;IAEjB,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,eAAM,EAAC,gCAAe,CAAC,CAAA;qCAFI,gBAAS;GAH5B,UAAU,CAqGtB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@adatechnology/auth-keycloak",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.3",
|
|
4
4
|
"publishConfig": {
|
|
5
5
|
"access": "public"
|
|
6
6
|
},
|
|
@@ -11,16 +11,23 @@
|
|
|
11
11
|
"dist"
|
|
12
12
|
],
|
|
13
13
|
"dependencies": {
|
|
14
|
-
"@adatechnology/http-client": "0.0.
|
|
14
|
+
"@adatechnology/http-client": "0.0.3",
|
|
15
|
+
"@adatechnology/logger": "0.0.2",
|
|
16
|
+
"@adatechnology/shared": "0.0.1"
|
|
15
17
|
},
|
|
16
18
|
"peerDependencies": {
|
|
17
|
-
"@nestjs/common": "^11",
|
|
19
|
+
"@nestjs/common": "^11.0.16",
|
|
18
20
|
"@nestjs/core": "^11"
|
|
19
21
|
},
|
|
20
|
-
"devDependencies": {
|
|
22
|
+
"devDependencies": {
|
|
23
|
+
"@esbuild-plugins/tsconfig-paths": "^0.1.2",
|
|
24
|
+
"tsup": "^8.5.1",
|
|
25
|
+
"typescript": "^5.2.0"
|
|
26
|
+
},
|
|
21
27
|
"scripts": {
|
|
22
|
-
"build": "tsc -
|
|
23
|
-
"build:watch": "
|
|
28
|
+
"build": "rm -rf dist && tsc -p tsconfig.build.json",
|
|
29
|
+
"build:watch": "tsup --watch",
|
|
30
|
+
"check": "tsc -p tsconfig.json --noEmit",
|
|
24
31
|
"test": "echo \"no tests\""
|
|
25
32
|
}
|
|
26
33
|
}
|