@adatechnology/auth-keycloak 0.0.3 → 0.0.7

package/dist/index.d.ts

@@ -1,6 +1,132 @@
-export { KeycloakModule } from "./keycloak.module";
-export { KEYCLOAK_CONFIG, KEYCLOAK_CLIENT, KEYCLOAK_HTTP_INTERCEPTOR, } from "./keycloak.token";
-export type { KeycloakConfig, KeycloakClientInterface, KeycloakTokenResponse, } from "./keycloak.interface";
-export { Roles } from "./roles.decorator";
-export { RolesGuard } from "./roles.guard";
-export { KeycloakError } from "./errors/keycloak-error";
+import * as _nestjs_common from '@nestjs/common';
+import { DynamicModule, CanActivate, ExecutionContext } from '@nestjs/common';
+import { AxiosRequestConfig, AxiosInstance } from 'axios';
+import { Reflector } from '@nestjs/core';
+
+/**
+ * Keycloak token response
+ */
+interface KeycloakTokenResponse {
+    access_token: string;
+    expires_in: number;
+    refresh_expires_in: number;
+    refresh_token: string;
+    token_type: string;
+    "not-before-policy": number;
+    session_state: string;
+    scope: string;
+}
+/**
+ * Keycloak client credentials
+ */
+interface KeycloakCredentials {
+    clientId: string;
+    clientSecret: string;
+    username?: string;
+    password?: string;
+    grantType: "client_credentials" | "password";
+}
+/**
+ * Keycloak configuration
+ */
+interface KeycloakConfig {
+    baseUrl: string;
+    realm: string;
+    credentials: KeycloakCredentials;
+    /**
+     * Optional scopes to request when fetching tokens. Can be a space-separated string or array of scopes.
+     * Defaults to ['openid', 'profile', 'email'] when omitted.
+     */
+    scopes?: string | string[];
+    /**
+     * Optional token cache TTL in milliseconds. If provided, KeycloakClient will use this value to
+     * determine how long to cache the access token instead of deriving TTL from the token's expires_in.
+     */
+    tokenCacheTtl?: number;
+}
+/**
+ * Keycloak client interface
+ */
+interface KeycloakClientInterface {
+    /**
+     * Get access token
+     */
+    getAccessToken(): Promise<string>;
+    /**
+     * Obtain a token using resource-owner credentials (username/password).
+     * Returns the full Keycloak token response so callers can access refresh tokens and other fields.
+     */
+    getTokenWithCredentials(params: {
+        username: string;
+        password: string;
+    }): Promise<KeycloakTokenResponse>;
+    /**
+     * Refresh access token
+     */
+    refreshToken(refreshToken: string): Promise<KeycloakTokenResponse>;
+    /**
+     * Validate token
+     */
+    validateToken(token: string): Promise<boolean>;
+    /**
+     * Get user info
+     */
+    getUserInfo(token: string): Promise<Record<string, unknown>>;
+    /**
+     * Clear the internal access token cache maintained by the client.
+     */
+    clearTokenCache(): void;
+}
+/**
+ * Provider-facing interface type to be used when injecting the keycloak provider token.
+ * Exported separately to make the intended injection type explicit.
+ */
+type KeycloakProviderInterface = KeycloakClientInterface;
+
+declare class KeycloakModule {
+    static forRoot(config: KeycloakConfig, httpConfig?: AxiosRequestConfig | AxiosInstance): DynamicModule;
+}
+
+declare const KEYCLOAK_CONFIG = "KEYCLOAK_CONFIG";
+declare const KEYCLOAK_CLIENT = "KEYCLOAK_CLIENT";
+declare const KEYCLOAK_HTTP_INTERCEPTOR = "KEYCLOAK_HTTP_INTERCEPTOR";
+declare const KEYCLOAK_PROVIDER = "KEYCLOAK_PROVIDER";
+
+type RolesMode = "any" | "all";
+type RolesType = "realm" | "client" | "both";
+type RolesOptions = {
+    roles: string[];
+    mode?: RolesMode;
+    type?: RolesType;
+};
+/**
+ * Decorator to declare required roles for a route or controller.
+ * Accepts either a list of strings or a single options object.
+ * Examples:
+ *  @Roles('admin')
+ *  @Roles('admin','editor')
+ *  @Roles(['admin','editor'])
+ *  @Roles({ roles: ['a','b'], mode: 'all', type: 'client' })
+ */
+declare function Roles(...args: Array<string | string[] | RolesOptions>): _nestjs_common.CustomDecorator<string>;
+
+declare class RolesGuard implements CanActivate {
+    private readonly reflector;
+    private readonly config?;
+    constructor(reflector: Reflector, config?: KeycloakConfig);
+    canActivate(context: ExecutionContext): boolean | Promise<boolean>;
+    private decodeJwtPayload;
+}
+
+declare class KeycloakError extends Error {
+    readonly statusCode?: number;
+    readonly details?: unknown;
+    readonly keycloakError?: string;
+    constructor(message: string, opts?: {
+        statusCode?: number;
+        details?: unknown;
+        keycloakError?: string;
+    });
+}
+
+export { KEYCLOAK_CLIENT, KEYCLOAK_CONFIG, KEYCLOAK_HTTP_INTERCEPTOR, KEYCLOAK_PROVIDER, type KeycloakClientInterface, type KeycloakConfig, KeycloakError, KeycloakModule, type KeycloakProviderInterface, type KeycloakTokenResponse, Roles, RolesGuard };