@adatechnology/auth-keycloak 0.0.1

package/dist/src/index.d.ts

@@ -0,0 +1,3 @@
+export { KeycloakModule } from "./keycloak.module";
+export { KEYCLOAK_CONFIG, KEYCLOAK_CLIENT, KEYCLOAK_HTTP_INTERCEPTOR, } from "./keycloak.token";
+export type { KeycloakConfig, KeycloakClientInterface, KeycloakTokenResponse, } from "./keycloak.interface";

package/dist/src/index.js

@@ -0,0 +1,2 @@
+export { KeycloakModule } from "./keycloak.module";
+export { KEYCLOAK_CONFIG, KEYCLOAK_CLIENT, KEYCLOAK_HTTP_INTERCEPTOR, } from "./keycloak.token";

package/dist/src/keycloak.client.d.ts

@@ -0,0 +1,20 @@
+import type { HttpProviderInterface } from "@adatechnology/http-client";
+import type { KeycloakClientInterface, KeycloakConfig, KeycloakTokenResponse } from "./keycloak.interface";
+/**
+ * Minimal Keycloak client implementation without external shared infra dependencies.
+ */
+export declare class KeycloakClient implements KeycloakClientInterface {
+    private readonly config;
+    private readonly httpProvider;
+    private tokenCache;
+    private tokenPromise?;
+    constructor(config: KeycloakConfig, httpProvider: HttpProviderInterface);
+    getAccessToken(): Promise<string>;
+    getTokenWithCredentials(username: string, password: string): Promise<any>;
+    private requestToken;
+    refreshToken(refreshToken: string): Promise<KeycloakTokenResponse>;
+    validateToken(token: string): Promise<boolean>;
+    getUserInfo(token: string): Promise<any>;
+    clearTokenCache(): void;
+    private static maskToken;
+}

package/dist/src/keycloak.client.js

@@ -0,0 +1,140 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+import { Inject, Injectable } from "@nestjs/common";
+import { HTTP_PROVIDER } from "@adatechnology/http-client";
+/**
+ * Minimal Keycloak client implementation without external shared infra dependencies.
+ */
+let KeycloakClient = class KeycloakClient {
+    config;
+    httpProvider;
+    tokenCache = null;
+    tokenPromise = null;
+    constructor(config, httpProvider) {
+        this.config = config;
+        this.httpProvider = httpProvider;
+    }
+    async getAccessToken() {
+        // Check cache
+        const now = Date.now();
+        if (this.tokenCache && now < this.tokenCache.expiresAt) {
+            return this.tokenCache.token;
+        }
+        if (this.tokenPromise)
+            return this.tokenPromise;
+        this.tokenPromise = (async () => {
+            try {
+                const tokenResponse = await this.requestToken();
+                const expiresAt = Date.now() + (tokenResponse.expires_in - 60) * 1000;
+                this.tokenCache = { token: tokenResponse.access_token, expiresAt };
+                return tokenResponse.access_token;
+            }
+            finally {
+                this.tokenPromise = null;
+            }
+        })();
+        return this.tokenPromise;
+    }
+    async getTokenWithCredentials(username, password) {
+        const tokenUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token`;
+        const data = new URLSearchParams();
+        data.append("client_id", this.config.credentials.clientId);
+        data.append("grant_type", "password");
+        data.append("username", username);
+        data.append("password", password);
+        if (this.config.credentials.clientSecret) {
+            data.append("client_secret", this.config.credentials.clientSecret);
+        }
+        const response = await this.httpProvider.post(tokenUrl, data, {
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        });
+        return response.data;
+    }
+    async requestToken() {
+        const tokenUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token`;
+        const data = new URLSearchParams();
+        data.append("client_id", this.config.credentials.clientId);
+        data.append("grant_type", this.config.credentials.grantType);
+        if (this.config.credentials.clientSecret) {
+            data.append("client_secret", this.config.credentials.clientSecret);
+        }
+        if (this.config.credentials.grantType === "password") {
+            if (this.config.credentials.username &&
+                this.config.credentials.password) {
+                data.append("username", this.config.credentials.username);
+                data.append("password", this.config.credentials.password);
+            }
+        }
+        const response = await this.httpProvider.post(tokenUrl, data, {
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        });
+        return response.data;
+    }
+    async refreshToken(refreshToken) {
+        const tokenUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token`;
+        const data = new URLSearchParams();
+        data.append("client_id", this.config.credentials.clientId);
+        data.append("grant_type", "refresh_token");
+        data.append("refresh_token", refreshToken);
+        if (this.config.credentials.clientSecret) {
+            data.append("client_secret", this.config.credentials.clientSecret);
+        }
+        const response = await this.httpProvider.post(tokenUrl, data, {
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        });
+        const expiresAt = Date.now() + (response.data.expires_in - 60) * 1000;
+        this.tokenCache = { token: response.data.access_token, expiresAt };
+        return response.data;
+    }
+    async validateToken(token) {
+        try {
+            const introspectUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token/introspect`;
+            const data = new URLSearchParams();
+            data.append("token", token);
+            data.append("client_id", this.config.credentials.clientId);
+            if (this.config.credentials.clientSecret) {
+                data.append("client_secret", this.config.credentials.clientSecret);
+            }
+            const response = await this.httpProvider.post(introspectUrl, data, {
+                headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            });
+            return response.data.active === true;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+    async getUserInfo(token) {
+        const userInfoUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/userinfo`;
+        const response = await this.httpProvider.get(userInfoUrl, {
+            headers: { Authorization: `Bearer ${token}` },
+        });
+        return response.data;
+    }
+    clearTokenCache() {
+        this.tokenCache = null;
+    }
+    static maskToken(token, visibleChars = 8) {
+        if (!token || typeof token !== "string")
+            return "";
+        return token.length <= visibleChars
+            ? token
+            : `${token.slice(0, visibleChars)}...`;
+    }
+};
+KeycloakClient = __decorate([
+    Injectable(),
+    __param(1, Inject(HTTP_PROVIDER)),
+    __metadata("design:paramtypes", [Object, Object])
+], KeycloakClient);
+export { KeycloakClient };

package/dist/src/keycloak.http.interceptor.d.ts

@@ -0,0 +1,11 @@
+import { CallHandler, ExecutionContext, NestInterceptor } from "@nestjs/common";
+import { Observable } from "rxjs";
+import type { KeycloakClientInterface } from "./keycloak.interface";
+/**
+ * HTTP interceptor that automatically adds Keycloak tokens to requests
+ */
+export declare class KeycloakHttpInterceptor implements NestInterceptor {
+    private readonly keycloakClient;
+    constructor(keycloakClient: KeycloakClientInterface);
+    intercept(context: ExecutionContext, next: CallHandler): Observable<any>;
+}

package/dist/src/keycloak.http.interceptor.js

@@ -0,0 +1,39 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+import { Inject, Injectable, } from "@nestjs/common";
+import { KEYCLOAK_CLIENT } from "./keycloak.token";
+/**
+ * HTTP interceptor that automatically adds Keycloak tokens to requests
+ */
+let KeycloakHttpInterceptor = class KeycloakHttpInterceptor {
+    keycloakClient;
+    constructor(keycloakClient) {
+        this.keycloakClient = keycloakClient;
+    }
+    intercept(context, next) {
+        const request = context.switchToHttp().getRequest();
+        // Only add token for external API calls (not Keycloak itself)
+        if (request.url && !request.url.includes("keycloak")) {
+            // Note: In a real implementation, you might want to add the token here
+            // But since we're using HttpProvider, the token addition should be handled there
+            // This interceptor could be used for other HTTP client libraries
+        }
+        return next.handle();
+    }
+};
+KeycloakHttpInterceptor = __decorate([
+    Injectable(),
+    __param(0, Inject(KEYCLOAK_CLIENT)),
+    __metadata("design:paramtypes", [Object])
+], KeycloakHttpInterceptor);
+export { KeycloakHttpInterceptor };

package/dist/src/keycloak.interface.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Keycloak token response
+ */
+export interface KeycloakTokenResponse {
+    access_token: string;
+    expires_in: number;
+    refresh_expires_in: number;
+    refresh_token: string;
+    token_type: string;
+    'not-before-policy': number;
+    session_state: string;
+    scope: string;
+}
+/**
+ * Keycloak client credentials
+ */
+export interface KeycloakCredentials {
+    clientId: string;
+    clientSecret: string;
+    username?: string;
+    password?: string;
+    grantType: 'client_credentials' | 'password';
+}
+/**
+ * Keycloak configuration
+ */
+export interface KeycloakConfig {
+    baseUrl: string;
+    realm: string;
+    credentials: KeycloakCredentials;
+}
+/**
+ * Keycloak client interface
+ */
+export interface KeycloakClientInterface {
+    /**
+     * Get access token
+     */
+    getAccessToken(): Promise<string>;
+    /**
+     * Refresh access token
+     */
+    refreshToken(refreshToken: string): Promise<KeycloakTokenResponse>;
+    /**
+     * Validate token
+     */
+    validateToken(token: string): Promise<boolean>;
+    /**
+     * Get user info
+     */
+    getUserInfo(token: string): Promise<any>;
+}

package/dist/src/keycloak.interface.js

@@ -0,0 +1 @@
+export {};

package/dist/src/keycloak.module.d.ts

@@ -0,0 +1,6 @@
+import { DynamicModule } from "@nestjs/common";
+import type { AxiosRequestConfig, AxiosInstance } from "axios";
+import { KeycloakConfig } from "./keycloak.interface";
+export declare class KeycloakModule {
+    static forRoot(config: KeycloakConfig, httpConfig?: AxiosRequestConfig | AxiosInstance): DynamicModule;
+}

package/dist/src/keycloak.module.js

@@ -0,0 +1,40 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var KeycloakModule_1;
+import { Module } from "@nestjs/common";
+import { HTTP_PROVIDER, HttpModule } from "@adatechnology/http-client";
+import { KeycloakClient } from "./keycloak.client";
+import { KeycloakHttpInterceptor } from "./keycloak.http.interceptor";
+import { KEYCLOAK_CLIENT, KEYCLOAK_HTTP_INTERCEPTOR } from "./keycloak.token";
+import { KEYCLOAK_CONFIG } from "./keycloak.token";
+let KeycloakModule = KeycloakModule_1 = class KeycloakModule {
+    static forRoot(config, httpConfig) {
+        return {
+            module: KeycloakModule_1,
+            global: true,
+            imports: [HttpModule.forRoot(httpConfig)],
+            providers: [
+                { provide: KEYCLOAK_CONFIG, useValue: config },
+                {
+                    provide: KEYCLOAK_CLIENT,
+                    useFactory: (cfg, httpProvider) => new KeycloakClient(cfg, httpProvider),
+                    inject: [KEYCLOAK_CONFIG, HTTP_PROVIDER],
+                },
+                {
+                    provide: KEYCLOAK_HTTP_INTERCEPTOR,
+                    useFactory: (client) => new KeycloakHttpInterceptor(client),
+                    inject: [KEYCLOAK_CLIENT],
+                },
+            ],
+            exports: [KEYCLOAK_CLIENT, KEYCLOAK_HTTP_INTERCEPTOR],
+        };
+    }
+};
+KeycloakModule = KeycloakModule_1 = __decorate([
+    Module({})
+], KeycloakModule);
+export { KeycloakModule };

package/dist/src/keycloak.token.d.ts

@@ -0,0 +1,3 @@
+export declare const KEYCLOAK_CONFIG = "KEYCLOAK_CONFIG";
+export declare const KEYCLOAK_CLIENT = "KEYCLOAK_CLIENT";
+export declare const KEYCLOAK_HTTP_INTERCEPTOR = "KEYCLOAK_HTTP_INTERCEPTOR";

package/dist/src/keycloak.token.js

@@ -0,0 +1,3 @@
+export const KEYCLOAK_CONFIG = 'KEYCLOAK_CONFIG';
+export const KEYCLOAK_CLIENT = 'KEYCLOAK_CLIENT';
+export const KEYCLOAK_HTTP_INTERCEPTOR = 'KEYCLOAK_HTTP_INTERCEPTOR';