@adatechnology/auth-keycloak 0.0.2 → 0.0.3

package/dist/keycloak.client.js

@@ -0,0 +1,320 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var KeycloakClient_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeycloakClient = void 0;
+const common_1 = require("@nestjs/common");
+const http_client_1 = require("@adatechnology/http-client");
+const logger_1 = require("@adatechnology/logger");
+const keycloak_error_1 = require("./errors/keycloak-error");
+const LIB_NAME = "@adatechnology/auth-keycloak";
+const LIB_VERSION = "0.0.2";
+function extractErrorInfo(err) {
+    // Support both raw AxiosError and our mapped HttpClientError
+    const statusCode = err?.status ?? err?.response?.status;
+    const details = err?.response?.data ?? err?.context?.data ?? err?.context ?? err?.details;
+    const errorCode = err?.code ?? err?.response?.data?.error;
+    let keycloakError = undefined;
+    if (details && typeof details === "object" && details !== null) {
+        const raw = details.error;
+        if (typeof raw === "string") {
+            keycloakError = raw;
+        }
+        else if (raw) {
+            try {
+                keycloakError = JSON.stringify(raw);
+            }
+            catch {
+                keycloakError = String(raw);
+            }
+        }
+    }
+    return {
+        statusCode,
+        details: details ?? err?.message,
+        keycloakError: keycloakError ??
+            (errorCode ? `NETWORK_ERROR_${String(errorCode)}` : undefined),
+    };
+}
+/**
+ * Minimal Keycloak client implementation without external shared infra dependencies.
+ */
+let KeycloakClient = KeycloakClient_1 = class KeycloakClient {
+    config;
+    httpProvider;
+    logger;
+    tokenCache = null;
+    tokenPromise = null;
+    constructor(config, httpProvider, logger) {
+        this.config = config;
+        this.httpProvider = httpProvider;
+        this.logger = logger;
+    }
+    log(level, message, libMethod, meta) {
+        if (!this.logger)
+            return;
+        // Support correlation by checking HTTP request context for a requestId
+        const httpCtx = (0, http_client_1.getHttpRequestContext)();
+        const requestId = httpCtx?.requestId;
+        const source = httpCtx?.className && httpCtx?.methodName
+            ? `${httpCtx.className}.${httpCtx.methodName}`
+            : undefined;
+        const payload = {
+            message,
+            context: "KeycloakClient",
+            lib: LIB_NAME,
+            libVersion: LIB_VERSION,
+            libMethod,
+            source,
+            requestId,
+            meta,
+        };
+        if (level === "debug")
+            this.logger.debug(payload);
+        else if (level === "info")
+            this.logger.info(payload);
+        else if (level === "warn")
+            this.logger.warn(payload);
+        else if (level === "error")
+            this.logger.error(payload);
+    }
+    async getAccessToken() {
+        const method = "getAccessToken";
+        this.log("debug", `${method} - Start`, method);
+        // Check cache
+        const now = Date.now();
+        if (this.tokenCache && now < this.tokenCache.expiresAt) {
+            this.log("debug", `${method} - Returning cached token`, method);
+            return this.tokenCache.token;
+        }
+        if (this.tokenPromise) {
+            this.log("debug", `${method} - Waiting for existing token request`, method);
+            return this.tokenPromise;
+        }
+        this.tokenPromise = (async () => {
+            try {
+                const tokenResponse = await this.requestToken();
+                const expiresAt = this.config.tokenCacheTtl
+                    ? Date.now() + this.config.tokenCacheTtl
+                    : Date.now() + (tokenResponse.expires_in - 60) * 1000;
+                this.tokenCache = { token: tokenResponse.access_token, expiresAt };
+                this.log("debug", `${method} - Token obtained and cached`, method);
+                return tokenResponse.access_token;
+            }
+            finally {
+                this.tokenPromise = null;
+            }
+        })();
+        return this.tokenPromise;
+    }
+    async getTokenWithCredentials(params) {
+        const method = "getTokenWithCredentials";
+        const { username } = params;
+        this.log("info", `${method} - Start for user: ${username}`, method);
+        const { password } = params;
+        const tokenUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token`;
+        const body = new URLSearchParams();
+        body.append("client_id", this.config.credentials.clientId);
+        body.append("grant_type", "password");
+        body.append("username", username);
+        body.append("password", password);
+        if (this.config.credentials.clientSecret) {
+            body.append("client_secret", this.config.credentials.clientSecret);
+        }
+        // include configured scopes (default to openid/profile/email)
+        body.append("scope", KeycloakClient_1.scopesToString(this.config.scopes));
+        try {
+            const response = await this.httpProvider.post({
+                url: tokenUrl,
+                data: body,
+                config: {
+                    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                    logContext: { className: "KeycloakClient", methodName: method },
+                },
+            });
+            this.log("info", `${method} - Success for user: ${username}`, method);
+            return response.data;
+        }
+        catch (err) {
+            const { statusCode, details, keycloakError } = extractErrorInfo(err);
+            this.log("error", `${method} - Failed for user: ${username}`, method, { statusCode, keycloakError });
+            throw new keycloak_error_1.KeycloakError("Failed to obtain token with credentials", {
+                statusCode,
+                details,
+                keycloakError,
+            });
+        }
+    }
+    async requestToken() {
+        const method = "requestToken";
+        this.log("debug", `${method} - Start`, method);
+        const tokenUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token`;
+        const data = new URLSearchParams();
+        data.append("client_id", this.config.credentials.clientId);
+        data.append("grant_type", this.config.credentials.grantType);
+        if (this.config.credentials.clientSecret) {
+            data.append("client_secret", this.config.credentials.clientSecret);
+        }
+        if (this.config.credentials.grantType === "password") {
+            if (this.config.credentials.username &&
+                this.config.credentials.password) {
+                data.append("username", this.config.credentials.username);
+                data.append("password", this.config.credentials.password);
+                // include configured scopes for resource-owner password grants
+                data.append("scope", KeycloakClient_1.scopesToString(this.config.scopes));
+            }
+        }
+        try {
+            const response = await this.httpProvider.post({
+                url: tokenUrl,
+                data,
+                config: {
+                    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                    logContext: { className: "KeycloakClient", methodName: method },
+                },
+            });
+            this.log("debug", `${method} - Success`, method);
+            return response.data;
+        }
+        catch (err) {
+            const { statusCode, details, keycloakError } = extractErrorInfo(err);
+            this.log("error", `${method} - Failed`, method, { statusCode, keycloakError });
+            throw new keycloak_error_1.KeycloakError("Failed to request token", {
+                statusCode,
+                details,
+                keycloakError,
+            });
+        }
+    }
+    async refreshToken(refreshToken) {
+        const method = "refreshToken";
+        this.log("debug", `${method} - Start`, method);
+        const tokenUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token`;
+        const data = new URLSearchParams();
+        data.append("client_id", this.config.credentials.clientId);
+        data.append("grant_type", "refresh_token");
+        data.append("refresh_token", refreshToken);
+        if (this.config.credentials.clientSecret) {
+            data.append("client_secret", this.config.credentials.clientSecret);
+        }
+        try {
+            const response = await this.httpProvider.post({
+                url: tokenUrl,
+                data,
+                config: {
+                    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                    logContext: { className: "KeycloakClient", methodName: method },
+                },
+            });
+            const expiresAt = this.config.tokenCacheTtl
+                ? Date.now() + this.config.tokenCacheTtl
+                : Date.now() + (response.data.expires_in - 60) * 1000;
+            this.tokenCache = { token: response.data.access_token, expiresAt };
+            this.log("debug", `${method} - Success`, method);
+            return response.data;
+        }
+        catch (err) {
+            const { statusCode, details, keycloakError } = extractErrorInfo(err);
+            this.log("error", `${method} - Failed`, method, { statusCode, keycloakError });
+            throw new keycloak_error_1.KeycloakError("Failed to refresh token", {
+                statusCode,
+                details,
+                keycloakError,
+            });
+        }
+    }
+    async validateToken(token) {
+        const method = "validateToken";
+        this.log("debug", `${method} - Start`, method);
+        try {
+            const introspectUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token/introspect`;
+            const data = new URLSearchParams();
+            data.append("token", token);
+            data.append("client_id", this.config.credentials.clientId);
+            if (this.config.credentials.clientSecret) {
+                data.append("client_secret", this.config.credentials.clientSecret);
+            }
+            const response = await this.httpProvider.post({
+                url: introspectUrl,
+                data,
+                config: {
+                    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                    logContext: { className: "KeycloakClient", methodName: method },
+                },
+            });
+            const active = response.data?.active === true;
+            this.log("debug", `${method} - Success (Active: ${active})`, method);
+            return active;
+        }
+        catch (error) {
+            const { statusCode, details, keycloakError } = extractErrorInfo(error);
+            this.log("error", `${method} - Failed`, method, { statusCode, keycloakError });
+            // wrap introspection errors for callers
+            throw new keycloak_error_1.KeycloakError("Token introspection failed", {
+                statusCode,
+                details,
+                keycloakError,
+            });
+        }
+    }
+    async getUserInfo(token) {
+        const method = "getUserInfo";
+        this.log("debug", `${method} - Start`, method);
+        const userInfoUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/userinfo`;
+        try {
+            const response = await this.httpProvider.get({
+                url: userInfoUrl,
+                config: {
+                    headers: { Authorization: `Bearer ${token}` },
+                    logContext: { className: "KeycloakClient", methodName: method },
+                },
+            });
+            this.log("debug", `${method} - Success`, method);
+            return response.data;
+        }
+        catch (err) {
+            const { statusCode, details, keycloakError } = extractErrorInfo(err);
+            this.log("error", `${method} - Failed`, method, { statusCode, keycloakError });
+            throw new keycloak_error_1.KeycloakError("Failed to retrieve userinfo", {
+                statusCode,
+                details,
+                keycloakError,
+            });
+        }
+    }
+    clearTokenCache() {
+        this.tokenCache = null;
+    }
+    static maskToken(token, visibleChars = 8) {
+        if (!token || typeof token !== "string")
+            return "";
+        return token.length <= visibleChars
+            ? token
+            : `${token.slice(0, visibleChars)}...`;
+    }
+    static scopesToString(scopes) {
+        if (!scopes)
+            return "openid profile email";
+        return Array.isArray(scopes) ? scopes.join(" ") : String(scopes);
+    }
+};
+exports.KeycloakClient = KeycloakClient;
+exports.KeycloakClient = KeycloakClient = KeycloakClient_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __param(1, (0, common_1.Inject)(http_client_1.HTTP_PROVIDER)),
+    __param(2, (0, common_1.Optional)()),
+    __param(2, (0, common_1.Inject)(logger_1.LOGGER_PROVIDER)),
+    __metadata("design:paramtypes", [Object, Object, Object])
+], KeycloakClient);
+//# sourceMappingURL=keycloak.client.js.map

package/dist/keycloak.client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keycloak.client.js","sourceRoot":"","sources":["../src/keycloak.client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAA8D;AAC9D,4DAAkF;AAElF,kDAAiF;AAOjF,4DAAwD;AAExD,MAAM,QAAQ,GAAG,8BAA8B,CAAC;AAChD,MAAM,WAAW,GAAG,OAAO,CAAC;AAE5B,SAAS,gBAAgB,CAAC,GAAQ;IAChC,6DAA6D;IAC7D,MAAM,UAAU,GAAG,GAAG,EAAE,MAAM,IAAI,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC;IACxD,MAAM,OAAO,GAAG,GAAG,EAAE,QAAQ,EAAE,IAAI,IAAI,GAAG,EAAE,OAAO,EAAE,IAAI,IAAI,GAAG,EAAE,OAAO,IAAI,GAAG,EAAE,OAAO,CAAC;IAC1F,MAAM,SAAS,GAAG,GAAG,EAAE,IAAI,IAAI,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC;IAE1D,IAAI,aAAa,GAAuB,SAAS,CAAC;IAElD,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QAC/D,MAAM,GAAG,GAAI,OAAmC,CAAC,KAAK,CAAC;QACvD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,aAAa,GAAG,GAAG,CAAC;QACtB,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACtC,CAAC;YAAC,MAAM,CAAC;gBACP,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,UAAU;QACV,OAAO,EAAE,OAAO,IAAI,GAAG,EAAE,OAAO;QAChC,aAAa,EACX,aAAa;YACb,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAiB,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;KACjE,CAAC;AACJ,CAAC;AAED;;GAEG;AAEI,IAAM,cAAc,sBAApB,MAAM,cAAc;IAKN;IACuB;IACc;IANhD,UAAU,GAAgD,IAAI,CAAC;IAC/D,YAAY,GAA4B,IAAI,CAAC;IAErD,YACmB,MAAsB,EACC,YAAmC,EACrB,MAAgC;QAFrE,WAAM,GAAN,MAAM,CAAgB;QACC,iBAAY,GAAZ,YAAY,CAAuB;QACrB,WAAM,GAAN,MAAM,CAA0B;IACrF,CAAC;IAEI,GAAG,CAAC,KAA0C,EAAE,OAAe,EAAE,SAAiB,EAAE,IAA8B;QACxH,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,OAAO;QAEzB,uEAAuE;QACvE,MAAM,OAAO,GAAG,IAAA,mCAAqB,GAAE,CAAC;QACxC,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;QACrC,MAAM,MAAM,GAAG,OAAO,EAAE,SAAS,IAAI,OAAO,EAAE,UAAU;YACtD,CAAC,CAAC,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,UAAU,EAAE;YAC9C,CAAC,CAAC,SAAS,CAAC;QAEd,MAAM,OAAO,GAAG;YACd,OAAO;YACP,OAAO,EAAE,gBAAgB;YACzB,GAAG,EAAE,QAAQ;YACb,UAAU,EAAE,WAAW;YACvB,SAAS;YACT,MAAM;YACN,SAAS;YACT,IAAI;SACL,CAAC;QAEF,IAAI,KAAK,KAAK,OAAO;YAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;aAC7C,IAAI,KAAK,KAAK,MAAM;YAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;aAChD,IAAI,KAAK,KAAK,MAAM;YAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;aAChD,IAAI,KAAK,KAAK,OAAO;YAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,MAAM,GAAG,gBAAgB,CAAC;QAChC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,UAAU,EAAE,MAAM,CAAC,CAAC;QAE/C,cAAc;QACd,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,UAAU,IAAI,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC;YACvD,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,2BAA2B,EAAE,MAAM,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QAC/B,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,uCAAuC,EAAE,MAAM,CAAC,CAAC;YAC5E,OAAO,IAAI,CAAC,YAAY,CAAC;QAC3B,CAAC;QAED,IAAI,CAAC,YAAY,GAAG,CAAC,KAAK,IAAqB,EAAE;YAC/C,IAAI,CAAC;gBACH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;gBAChD,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa;oBACzC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa;oBACxC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,aAAa,CAAC,UAAU,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC;gBACxD,IAAI,CAAC,UAAU,GAAG,EAAE,KAAK,EAAE,aAAa,CAAC,YAAY,EAAE,SAAS,EAAE,CAAC;gBACnE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,8BAA8B,EAAE,MAAM,CAAC,CAAC;gBACnE,OAAO,aAAa,CAAC,YAAY,CAAC;YACpC,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;YAC3B,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QAEL,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,MAG7B;QACC,MAAM,MAAM,GAAG,yBAAyB,CAAC;QACzC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QAC5B,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,sBAAsB,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;QAEpE,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QAC5B,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,WAAW,IAAI,CAAC,MAAM,CAAC,KAAK,gCAAgC,CAAC;QAEpG,MAAM,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;QACnC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAClC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAClC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC;YACzC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QACrE,CAAC;QAED,8DAA8D;QAC9D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,gBAAc,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;QAExE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAwB;gBACnE,GAAG,EAAE,QAAQ;gBACb,IAAI,EAAE,IAAI;gBACV,MAAM,EAAE;oBACN,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;oBAChE,UAAU,EAAE,EAAE,SAAS,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,EAAE;iBAChE;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,wBAAwB,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;YACtE,OAAO,QAAQ,CAAC,IAAI,CAAC;QACvB,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACrE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,uBAAuB,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;YAErG,MAAM,IAAI,8BAAa,CAAC,yCAAyC,EAAE;gBACjE,UAAU;gBACV,OAAO;gBACP,aAAa;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,MAAM,MAAM,GAAG,cAAc,CAAC;QAC9B,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,UAAU,EAAE,MAAM,CAAC,CAAC;QAE/C,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,WAAW,IAAI,CAAC,MAAM,CAAC,KAAK,gCAAgC,CAAC;QAEpG,MAAM,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;QACnC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC7D,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC;YACzC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;YACrD,IACE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ;gBAChC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAChC,CAAC;gBACD,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;gBAC1D,+DAA+D;gBAC/D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,gBAAc,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAwB;gBACnE,GAAG,EAAE,QAAQ;gBACb,IAAI;gBACJ,MAAM,EAAE;oBACN,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;oBAChE,UAAU,EAAE,EAAE,SAAS,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,EAAE;iBAChE;aACF,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,YAAY,EAAE,MAAM,CAAC,CAAC;YACjD,OAAO,QAAQ,CAAC,IAAI,CAAC;QACvB,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACrE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,WAAW,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;YAE/E,MAAM,IAAI,8BAAa,CAAC,yBAAyB,EAAE;gBACjD,UAAU;gBACV,OAAO;gBACP,aAAa;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,YAAoB;QACrC,MAAM,MAAM,GAAG,cAAc,CAAC;QAC9B,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,UAAU,EAAE,MAAM,CAAC,CAAC;QAE/C,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,WAAW,IAAI,CAAC,MAAM,CAAC,KAAK,gCAAgC,CAAC;QAEpG,MAAM,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;QACnC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAC3C,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QAC3C,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC;YACzC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAwB;gBACnE,GAAG,EAAE,QAAQ;gBACb,IAAI;gBACJ,MAAM,EAAE;oBACN,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;oBAChE,UAAU,EAAE,EAAE,SAAS,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,EAAE;iBAChE;aACF,CAAC,CAAC;YAEH,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa;gBACzC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa;gBACxC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC;YACxD,IAAI,CAAC,UAAU,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,YAAY,EAAE,SAAS,EAAE,CAAC;YAEnE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,YAAY,EAAE,MAAM,CAAC,CAAC;YACjD,OAAO,QAAQ,CAAC,IAAI,CAAC;QACvB,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACrE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,WAAW,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;YAE/E,MAAM,IAAI,8BAAa,CAAC,yBAAyB,EAAE;gBACjD,UAAU;gBACV,OAAO;gBACP,aAAa;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAAa;QAC/B,MAAM,MAAM,GAAG,eAAe,CAAC;QAC/B,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,UAAU,EAAE,MAAM,CAAC,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,WAAW,IAAI,CAAC,MAAM,CAAC,KAAK,2CAA2C,CAAC;YAEpH,MAAM,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;YACnC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAC5B,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;YAC3D,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC;gBACzC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;YACrE,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAsB;gBACjE,GAAG,EAAE,aAAa;gBAClB,IAAI;gBACJ,MAAM,EAAE;oBACN,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;oBAChE,UAAU,EAAE,EAAE,SAAS,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,EAAE;iBAChE;aACF,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;YAC9C,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,uBAAuB,MAAM,GAAG,EAAE,MAAM,CAAC,CAAC;YACrE,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACvE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,WAAW,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;YAE/E,wCAAwC;YACxC,MAAM,IAAI,8BAAa,CAAC,4BAA4B,EAAE;gBACpD,UAAU;gBACV,OAAO;gBACP,aAAa;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,MAAM,MAAM,GAAG,aAAa,CAAC;QAC7B,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,UAAU,EAAE,MAAM,CAAC,CAAC;QAE/C,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,WAAW,IAAI,CAAC,MAAM,CAAC,KAAK,mCAAmC,CAAC;QAC1G,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAA0B;gBACpE,GAAG,EAAE,WAAW;gBAChB,MAAM,EAAE;oBACN,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE;oBAC7C,UAAU,EAAE,EAAE,SAAS,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,EAAE;iBAChE;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,YAAY,EAAE,MAAM,CAAC,CAAC;YACjD,OAAO,QAAQ,CAAC,IAAI,CAAC;QACvB,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACrE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,WAAW,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;YAE/E,MAAM,IAAI,8BAAa,CAAC,6BAA6B,EAAE;gBACrD,UAAU;gBACV,OAAO;gBACP,aAAa;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,eAAe;QACb,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IACzB,CAAC;IAEO,MAAM,CAAC,SAAS,CAAC,KAAa,EAAE,YAAY,GAAG,CAAC;QACtD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,EAAE,CAAC;QACnD,OAAO,KAAK,CAAC,MAAM,IAAI,YAAY;YACjC,CAAC,CAAC,KAAK;YACP,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC;IAC3C,CAAC;IAEO,MAAM,CAAC,cAAc,CAAC,MAA0B;QACtD,IAAI,CAAC,MAAM;YAAE,OAAO,sBAAsB,CAAC;QAC3C,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACnE,CAAC;CACF,CAAA;AAlSY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,mBAAU,GAAE;IAOR,WAAA,IAAA,eAAM,EAAC,2BAAa,CAAC,CAAA;IACrB,WAAA,IAAA,iBAAQ,GAAE,CAAA;IAAE,WAAA,IAAA,eAAM,EAAC,wBAAe,CAAC,CAAA;;GAP3B,cAAc,CAkS1B"}

package/dist/keycloak.http.interceptor.d.ts

@@ -0,0 +1,9 @@
+import { CallHandler, ExecutionContext, NestInterceptor } from "@nestjs/common";
+import { Observable } from "rxjs";
+/**
+ * HTTP interceptor that automatically adds Keycloak tokens to requests
+ */
+export declare class KeycloakHttpInterceptor implements NestInterceptor {
+    constructor();
+    intercept(context: ExecutionContext, next: CallHandler): Observable<unknown>;
+}

package/dist/keycloak.http.interceptor.js

@@ -0,0 +1,37 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeycloakHttpInterceptor = void 0;
+const common_1 = require("@nestjs/common");
+/**
+ * HTTP interceptor that automatically adds Keycloak tokens to requests
+ */
+let KeycloakHttpInterceptor = class KeycloakHttpInterceptor {
+    constructor() { }
+    intercept(context, next) {
+        const request = context
+            .switchToHttp()
+            .getRequest();
+        // Only add token for external API calls (not Keycloak itself)
+        if (typeof request.url === "string" && !request.url.includes("keycloak")) {
+            // Note: In a real implementation, you might want to add the token here
+            // But since we're using HttpProvider, the token addition should be handled there
+            // This interceptor could be used for other HTTP client libraries
+        }
+        return next.handle();
+    }
+};
+exports.KeycloakHttpInterceptor = KeycloakHttpInterceptor;
+exports.KeycloakHttpInterceptor = KeycloakHttpInterceptor = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [])
+], KeycloakHttpInterceptor);
+//# sourceMappingURL=keycloak.http.interceptor.js.map

package/dist/keycloak.http.interceptor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keycloak.http.interceptor.js","sourceRoot":"","sources":["../src/keycloak.http.interceptor.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAMwB;AAMxB;;GAEG;AAEI,IAAM,uBAAuB,GAA7B,MAAM,uBAAuB;IAClC,gBAAe,CAAC;IAEhB,SAAS,CAAC,OAAyB,EAAE,IAAiB;QACpD,MAAM,OAAO,GAA4B,OAAO;aAC7C,YAAY,EAAE;aACd,UAAU,EAAE,CAAC;QAEhB,8DAA8D;QAC9D,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACzE,uEAAuE;YACvE,iFAAiF;YACjF,iEAAiE;QACnE,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;CACF,CAAA;AAjBY,0DAAuB;kCAAvB,uBAAuB;IADnC,IAAA,mBAAU,GAAE;;GACA,uBAAuB,CAiBnC"}

package/dist/keycloak.interface.d.ts

@@ -0,0 +1,74 @@
+/**
+ * Keycloak token response
+ */
+export interface KeycloakTokenResponse {
+    access_token: string;
+    expires_in: number;
+    refresh_expires_in: number;
+    refresh_token: string;
+    token_type: string;
+    "not-before-policy": number;
+    session_state: string;
+    scope: string;
+}
+/**
+ * Keycloak client credentials
+ */
+export interface KeycloakCredentials {
+    clientId: string;
+    clientSecret: string;
+    username?: string;
+    password?: string;
+    grantType: "client_credentials" | "password";
+}
+/**
+ * Keycloak configuration
+ */
+export interface KeycloakConfig {
+    baseUrl: string;
+    realm: string;
+    credentials: KeycloakCredentials;
+    /**
+     * Optional scopes to request when fetching tokens. Can be a space-separated string or array of scopes.
+     * Defaults to ['openid', 'profile', 'email'] when omitted.
+     */
+    scopes?: string | string[];
+    /**
+     * Optional token cache TTL in milliseconds. If provided, KeycloakClient will use this value to
+     * determine how long to cache the access token instead of deriving TTL from the token's expires_in.
+     */
+    tokenCacheTtl?: number;
+}
+/**
+ * Keycloak client interface
+ */
+export interface KeycloakClientInterface {
+    /**
+     * Get access token
+     */
+    getAccessToken(): Promise<string>;
+    /**
+     * Refresh access token
+     */
+    refreshToken(refreshToken: string): Promise<KeycloakTokenResponse>;
+    /**
+     * Validate token
+     */
+    validateToken(token: string): Promise<boolean>;
+    /**
+     * Get user info
+     */
+    getUserInfo(token: string): Promise<Record<string, unknown>>;
+}
+/**
+ * Minimal shape for decoded JWT payloads used by the RolesGuard.
+ */
+export interface KeycloakJwtPayload {
+    realm_access?: {
+        roles?: string[];
+    };
+    resource_access?: Record<string, {
+        roles?: string[];
+    }>;
+    [key: string]: unknown;
+}

package/dist/keycloak.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=keycloak.interface.js.map

package/dist/keycloak.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keycloak.interface.js","sourceRoot":"","sources":["../src/keycloak.interface.ts"],"names":[],"mappings":""}

package/dist/keycloak.module.d.ts

@@ -0,0 +1,6 @@
+import { DynamicModule } from "@nestjs/common";
+import type { AxiosRequestConfig, AxiosInstance } from "axios";
+import { KeycloakConfig } from "./keycloak.interface";
+export declare class KeycloakModule {
+    static forRoot(config: KeycloakConfig, httpConfig?: AxiosRequestConfig | AxiosInstance): DynamicModule;
+}

package/dist/keycloak.module.js

@@ -0,0 +1,63 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var KeycloakModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeycloakModule = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const http_client_1 = require("@adatechnology/http-client");
+const logger_1 = require("@adatechnology/logger");
+const keycloak_client_1 = require("./keycloak.client");
+const keycloak_http_interceptor_1 = require("./keycloak.http.interceptor");
+const roles_guard_1 = require("./roles.guard");
+const keycloak_token_1 = require("./keycloak.token");
+const keycloak_token_2 = require("./keycloak.token");
+let KeycloakModule = KeycloakModule_1 = class KeycloakModule {
+    static forRoot(config, httpConfig) {
+        return {
+            module: KeycloakModule_1,
+            global: true,
+            imports: [
+                http_client_1.HttpModule.forRoot(httpConfig || { baseURL: config.baseUrl, timeout: 5000 }, {
+                    logging: {
+                        enabled: true,
+                        includeBody: true,
+                        context: "KeycloakHttpClient",
+                        environments: ["development", "test"],
+                    },
+                }),
+            ],
+            providers: [
+                { provide: core_1.Reflector, useClass: core_1.Reflector },
+                { provide: keycloak_token_2.KEYCLOAK_CONFIG, useValue: config },
+                {
+                    provide: keycloak_token_1.KEYCLOAK_CLIENT,
+                    useFactory: (cfg, httpProvider, logger) => new keycloak_client_1.KeycloakClient(cfg, httpProvider, logger),
+                    inject: [keycloak_token_2.KEYCLOAK_CONFIG, http_client_1.HTTP_PROVIDER, { token: logger_1.LOGGER_PROVIDER, optional: true }],
+                },
+                {
+                    provide: keycloak_token_1.KEYCLOAK_HTTP_INTERCEPTOR,
+                    useFactory: () => new keycloak_http_interceptor_1.KeycloakHttpInterceptor(),
+                },
+                roles_guard_1.RolesGuard,
+            ],
+            exports: [
+                core_1.Reflector,
+                keycloak_token_1.KEYCLOAK_CLIENT,
+                keycloak_token_1.KEYCLOAK_HTTP_INTERCEPTOR,
+                keycloak_token_2.KEYCLOAK_CONFIG,
+                roles_guard_1.RolesGuard,
+            ],
+        };
+    }
+};
+exports.KeycloakModule = KeycloakModule;
+exports.KeycloakModule = KeycloakModule = KeycloakModule_1 = __decorate([
+    (0, common_1.Module)({})
+], KeycloakModule);
+//# sourceMappingURL=keycloak.module.js.map

package/dist/keycloak.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keycloak.module.js","sourceRoot":"","sources":["../src/keycloak.module.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAAuD;AACvD,uCAAyC;AACzC,4DAAuE;AAEvE,kDAAwD;AAIxD,uDAAmD;AACnD,2EAAsE;AACtE,+CAA2C;AAC3C,qDAA8E;AAE9E,qDAAmD;AAG5C,IAAM,cAAc,sBAApB,MAAM,cAAc;IACzB,MAAM,CAAC,OAAO,CACZ,MAAsB,EACtB,UAA+C;QAE/C,OAAO;YACL,MAAM,EAAE,gBAAc;YACtB,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE;gBACP,wBAAU,CAAC,OAAO,CAChB,UAAU,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,EACxD;oBACE,OAAO,EAAE;wBACP,OAAO,EAAE,IAAI;wBACb,WAAW,EAAE,IAAI;wBACjB,OAAO,EAAE,oBAAoB;wBAC7B,YAAY,EAAE,CAAC,aAAa,EAAE,MAAM,CAAC;qBACtC;iBACF,CACF;aACF;YACD,SAAS,EAAE;gBACT,EAAE,OAAO,EAAE,gBAAS,EAAE,QAAQ,EAAE,gBAAS,EAAE;gBAC3C,EAAE,OAAO,EAAE,gCAAe,EAAE,QAAQ,EAAE,MAAM,EAAE;gBAC9C;oBACE,OAAO,EAAE,gCAAe;oBACxB,UAAU,EAAE,CACV,GAAmB,EACnB,YAAmC,EACnC,MAAgC,EAChC,EAAE,CAAC,IAAI,gCAAc,CAAC,GAAG,EAAE,YAAY,EAAE,MAAM,CAAC;oBAClD,MAAM,EAAE,CAAC,gCAAe,EAAE,2BAAa,EAAE,EAAE,KAAK,EAAE,wBAAe,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;iBACrF;gBACD;oBACE,OAAO,EAAE,0CAAyB;oBAClC,UAAU,EAAE,GAAG,EAAE,CAAC,IAAI,mDAAuB,EAAE;iBAChD;gBACD,wBAAU;aACX;YACD,OAAO,EAAE;gBACP,gBAAS;gBACT,gCAAe;gBACf,0CAAyB;gBACzB,gCAAe;gBACf,wBAAU;aACX;SACF,CAAC;IACJ,CAAC;CACF,CAAA;AAhDY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,eAAM,EAAC,EAAE,CAAC;GACE,cAAc,CAgD1B"}

package/dist/keycloak.token.d.ts

@@ -0,0 +1,3 @@
+export declare const KEYCLOAK_CONFIG = "KEYCLOAK_CONFIG";
+export declare const KEYCLOAK_CLIENT = "KEYCLOAK_CLIENT";
+export declare const KEYCLOAK_HTTP_INTERCEPTOR = "KEYCLOAK_HTTP_INTERCEPTOR";

package/dist/keycloak.token.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KEYCLOAK_HTTP_INTERCEPTOR = exports.KEYCLOAK_CLIENT = exports.KEYCLOAK_CONFIG = void 0;
+exports.KEYCLOAK_CONFIG = 'KEYCLOAK_CONFIG';
+exports.KEYCLOAK_CLIENT = 'KEYCLOAK_CLIENT';
+exports.KEYCLOAK_HTTP_INTERCEPTOR = 'KEYCLOAK_HTTP_INTERCEPTOR';
+//# sourceMappingURL=keycloak.token.js.map

package/dist/keycloak.token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keycloak.token.js","sourceRoot":"","sources":["../src/keycloak.token.ts"],"names":[],"mappings":";;;AAAa,QAAA,eAAe,GAAG,iBAAiB,CAAC;AACpC,QAAA,eAAe,GAAG,iBAAiB,CAAC;AACpC,QAAA,yBAAyB,GAAG,2BAA2B,CAAC"}

package/dist/roles.decorator.d.ts

@@ -0,0 +1,19 @@
+export declare const ROLES_META_KEY = "roles";
+export type RolesMode = "any" | "all";
+export type RolesType = "realm" | "client" | "both";
+export type RolesOptions = {
+    roles: string[];
+    mode?: RolesMode;
+    type?: RolesType;
+};
+/**
+ * Decorator to declare required roles for a route or controller.
+ * Accepts either a list of strings or a single options object.
+ * Examples:
+ *  @Roles('admin')
+ *  @Roles('admin','editor')
+ *  @Roles(['admin','editor'])
+ *  @Roles({ roles: ['a','b'], mode: 'all', type: 'client' })
+ */
+export declare function Roles(...args: Array<string | string[] | RolesOptions>): import("@nestjs/common").CustomDecorator<string>;
+export default Roles;

package/dist/roles.decorator.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ROLES_META_KEY = void 0;
+exports.Roles = Roles;
+const common_1 = require("@nestjs/common");
+exports.ROLES_META_KEY = "roles";
+/**
+ * Decorator to declare required roles for a route or controller.
+ * Accepts either a list of strings or a single options object.
+ * Examples:
+ *  @Roles('admin')
+ *  @Roles('admin','editor')
+ *  @Roles(['admin','editor'])
+ *  @Roles({ roles: ['a','b'], mode: 'all', type: 'client' })
+ */
+function Roles(...args) {
+    let payload;
+    if (args.length === 1 &&
+        typeof args[0] === "object" &&
+        !Array.isArray(args[0])) {
+        payload = args[0];
+    }
+    else {
+        // flatten strings/arrays into roles array
+        const roles = [].concat(...args.map((a) => (Array.isArray(a) ? a : String(a))));
+        payload = { roles };
+    }
+    // defaults
+    payload.mode = payload.mode ?? "any";
+    payload.type = payload.type ?? "both";
+    return (0, common_1.SetMetadata)(exports.ROLES_META_KEY, payload);
+}
+exports.default = Roles;
+//# sourceMappingURL=roles.decorator.js.map

package/dist/roles.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roles.decorator.js","sourceRoot":"","sources":["../src/roles.decorator.ts"],"names":[],"mappings":";;;AAsBA,sBAsBC;AA5CD,2CAA6C;AAEhC,QAAA,cAAc,GAAG,OAAO,CAAC;AAWtC;;;;;;;;GAQG;AACH,SAAgB,KAAK,CAAC,GAAG,IAA6C;IACpE,IAAI,OAAqB,CAAC;IAE1B,IACE,IAAI,CAAC,MAAM,KAAK,CAAC;QACjB,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ;QAC3B,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EACvB,CAAC;QACD,OAAO,GAAG,IAAI,CAAC,CAAC,CAAiB,CAAC;IACpC,CAAC;SAAM,CAAC;QACN,0CAA0C;QAC1C,MAAM,KAAK,GAAc,EAAe,CAAC,MAAM,CAC7C,GAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAc,CACrE,CAAC;QACF,OAAO,GAAG,EAAE,KAAK,EAAE,CAAC;IACtB,CAAC;IAED,WAAW;IACX,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,KAAK,CAAC;IACrC,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,MAAM,CAAC;IAEtC,OAAO,IAAA,oBAAW,EAAC,sBAAc,EAAE,OAAO,CAAC,CAAC;AAC9C,CAAC;AAED,kBAAe,KAAK,CAAC"}

package/dist/roles.guard.d.ts

@@ -0,0 +1,10 @@
+import { CanActivate, ExecutionContext } from "@nestjs/common";
+import { Reflector } from "@nestjs/core";
+import type { KeycloakConfig } from "./keycloak.interface";
+export declare class RolesGuard implements CanActivate {
+    private readonly reflector;
+    private readonly config?;
+    constructor(reflector: Reflector, config?: KeycloakConfig);
+    canActivate(context: ExecutionContext): boolean | Promise<boolean>;
+    private decodeJwtPayload;
+}