@adatechnology/auth-keycloak 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +574 -285
- package/package.json +4 -3
package/dist/index.js
CHANGED
|
@@ -4,6 +4,7 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
|
4
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
5
|
var __getProtoOf = Object.getPrototypeOf;
|
|
6
6
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
7
|
+
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
7
8
|
var __commonJS = (cb, mod) => function __require() {
|
|
8
9
|
return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
|
|
9
10
|
};
|
|
@@ -28,21 +29,14 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
|
|
|
28
29
|
mod
|
|
29
30
|
));
|
|
30
31
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
31
|
-
var __decorateClass = (decorators, target, key, kind) => {
|
|
32
|
-
var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
|
|
33
|
-
for (var i = decorators.length - 1, decorator; i >= 0; i--)
|
|
34
|
-
if (decorator = decorators[i])
|
|
35
|
-
result = (kind ? decorator(target, key, result) : decorator(result)) || result;
|
|
36
|
-
if (kind && result) __defProp(target, key, result);
|
|
37
|
-
return result;
|
|
38
|
-
};
|
|
39
|
-
var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
|
|
40
32
|
|
|
41
33
|
// ../shared/dist/types.js
|
|
42
34
|
var require_types = __commonJS({
|
|
43
35
|
"../shared/dist/types.js"(exports2) {
|
|
44
36
|
"use strict";
|
|
45
|
-
Object.defineProperty(exports2, "__esModule", {
|
|
37
|
+
Object.defineProperty(exports2, "__esModule", {
|
|
38
|
+
value: true
|
|
39
|
+
});
|
|
46
40
|
}
|
|
47
41
|
});
|
|
48
42
|
|
|
@@ -50,15 +44,19 @@ var require_types = __commonJS({
|
|
|
50
44
|
var require_utils = __commonJS({
|
|
51
45
|
"../shared/dist/utils.js"(exports2) {
|
|
52
46
|
"use strict";
|
|
53
|
-
Object.defineProperty(exports2, "__esModule", {
|
|
47
|
+
Object.defineProperty(exports2, "__esModule", {
|
|
48
|
+
value: true
|
|
49
|
+
});
|
|
54
50
|
exports2.noop = noop;
|
|
55
51
|
exports2.prefixWith = prefixWith;
|
|
56
52
|
function noop() {
|
|
57
53
|
return void 0;
|
|
58
54
|
}
|
|
55
|
+
__name(noop, "noop");
|
|
59
56
|
function prefixWith(prefix, value) {
|
|
60
57
|
return `${prefix}-${value}`;
|
|
61
58
|
}
|
|
59
|
+
__name(prefixWith, "prefixWith");
|
|
62
60
|
}
|
|
63
61
|
});
|
|
64
62
|
|
|
@@ -66,23 +64,26 @@ var require_utils = __commonJS({
|
|
|
66
64
|
var require_base_app_error = __commonJS({
|
|
67
65
|
"../shared/dist/errors/base-app-error.js"(exports2) {
|
|
68
66
|
"use strict";
|
|
69
|
-
Object.defineProperty(exports2, "__esModule", {
|
|
67
|
+
Object.defineProperty(exports2, "__esModule", {
|
|
68
|
+
value: true
|
|
69
|
+
});
|
|
70
70
|
exports2.BaseAppError = void 0;
|
|
71
|
-
var
|
|
71
|
+
var _a;
|
|
72
|
+
var BaseAppError5 = (_a = class extends Error {
|
|
72
73
|
code;
|
|
73
74
|
status;
|
|
74
75
|
context;
|
|
75
76
|
constructor(params) {
|
|
76
|
-
var
|
|
77
|
+
var _a2;
|
|
77
78
|
super(params.message);
|
|
78
79
|
this.name = new.target.name;
|
|
79
80
|
this.status = params.status;
|
|
80
81
|
this.code = params.code;
|
|
81
82
|
this.context = params.context;
|
|
82
83
|
const capturable = Error;
|
|
83
|
-
(
|
|
84
|
+
(_a2 = capturable.captureStackTrace) == null ? void 0 : _a2.call(capturable, this, this.constructor);
|
|
84
85
|
}
|
|
85
|
-
};
|
|
86
|
+
}, __name(_a, "BaseAppError"), _a);
|
|
86
87
|
exports2.BaseAppError = BaseAppError5;
|
|
87
88
|
}
|
|
88
89
|
});
|
|
@@ -91,7 +92,9 @@ var require_base_app_error = __commonJS({
|
|
|
91
92
|
var require_errors_constants = __commonJS({
|
|
92
93
|
"../shared/dist/errors/errors.constants.js"(exports2) {
|
|
93
94
|
"use strict";
|
|
94
|
-
Object.defineProperty(exports2, "__esModule", {
|
|
95
|
+
Object.defineProperty(exports2, "__esModule", {
|
|
96
|
+
value: true
|
|
97
|
+
});
|
|
95
98
|
exports2.SHARED_INTERNAL_FRAME_RE = exports2.SHARED_ERROR_MESSAGES = exports2.SHARED_ERRORS = void 0;
|
|
96
99
|
exports2.SHARED_ERRORS = {
|
|
97
100
|
DEFAULT_STATUS: 502,
|
|
@@ -117,19 +120,21 @@ var require_error_mapper_service = __commonJS({
|
|
|
117
120
|
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
118
121
|
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
119
122
|
};
|
|
120
|
-
Object.defineProperty(exports2, "__esModule", {
|
|
123
|
+
Object.defineProperty(exports2, "__esModule", {
|
|
124
|
+
value: true
|
|
125
|
+
});
|
|
121
126
|
exports2.ErrorMapperService = void 0;
|
|
122
127
|
var common_1 = require("@nestjs/common");
|
|
123
128
|
var base_app_error_1 = require_base_app_error();
|
|
124
129
|
var errors_constants_1 = require_errors_constants();
|
|
125
|
-
var
|
|
130
|
+
var _a;
|
|
131
|
+
var ErrorMapperService = (_a = class {
|
|
126
132
|
/**
|
|
127
133
|
* Map an upstream/internal error to a BaseAppError with normalized fields.
|
|
128
134
|
* Keeps a small context to help tracing origin without leaking secrets.
|
|
129
135
|
*/
|
|
130
136
|
mapUpstreamError(err) {
|
|
131
|
-
if (err instanceof base_app_error_1.BaseAppError)
|
|
132
|
-
return err;
|
|
137
|
+
if (err instanceof base_app_error_1.BaseAppError) return err;
|
|
133
138
|
try {
|
|
134
139
|
const obj = err ?? void 0;
|
|
135
140
|
const context = {};
|
|
@@ -138,8 +143,7 @@ var require_error_mapper_service = __commonJS({
|
|
|
138
143
|
if (frames.length) {
|
|
139
144
|
context.stack = frames;
|
|
140
145
|
const origin = frames.find((f) => !this.isInternalFrame(f.file));
|
|
141
|
-
if (origin)
|
|
142
|
-
context.origin = origin;
|
|
146
|
+
if (origin) context.origin = origin;
|
|
143
147
|
}
|
|
144
148
|
}
|
|
145
149
|
if (obj && typeof obj.config === "object" && obj.config !== null) {
|
|
@@ -179,7 +183,9 @@ var require_error_mapper_service = __commonJS({
|
|
|
179
183
|
return new base_app_error_1.BaseAppError({
|
|
180
184
|
message: errors_constants_1.SHARED_ERROR_MESSAGES.MAPPING_FAILURE,
|
|
181
185
|
status: errors_constants_1.SHARED_ERRORS.INTERNAL_STATUS,
|
|
182
|
-
context: {
|
|
186
|
+
context: {
|
|
187
|
+
original: String(err)
|
|
188
|
+
}
|
|
183
189
|
});
|
|
184
190
|
}
|
|
185
191
|
}
|
|
@@ -194,17 +200,21 @@ var require_error_mapper_service = __commonJS({
|
|
|
194
200
|
const file = m[2];
|
|
195
201
|
const lineNum = parseInt(m[3], 10);
|
|
196
202
|
const colNum = parseInt(m[4], 10);
|
|
197
|
-
frames.push({
|
|
203
|
+
frames.push({
|
|
204
|
+
fn,
|
|
205
|
+
file,
|
|
206
|
+
line: lineNum,
|
|
207
|
+
column: colNum
|
|
208
|
+
});
|
|
198
209
|
}
|
|
199
210
|
}
|
|
200
211
|
return frames;
|
|
201
212
|
}
|
|
202
213
|
isInternalFrame(file) {
|
|
203
|
-
if (!file)
|
|
204
|
-
return false;
|
|
214
|
+
if (!file) return false;
|
|
205
215
|
return errors_constants_1.SHARED_INTERNAL_FRAME_RE.test(file);
|
|
206
216
|
}
|
|
207
|
-
};
|
|
217
|
+
}, __name(_a, "ErrorMapperService"), _a);
|
|
208
218
|
exports2.ErrorMapperService = ErrorMapperService;
|
|
209
219
|
exports2.ErrorMapperService = ErrorMapperService = __decorate([
|
|
210
220
|
(0, common_1.Injectable)()
|
|
@@ -216,23 +226,28 @@ var require_error_mapper_service = __commonJS({
|
|
|
216
226
|
var require_errors = __commonJS({
|
|
217
227
|
"../shared/dist/errors/index.js"(exports2) {
|
|
218
228
|
"use strict";
|
|
219
|
-
var __createBinding = exports2 && exports2.__createBinding || (Object.create ?
|
|
229
|
+
var __createBinding = exports2 && exports2.__createBinding || (Object.create ? function(o, m, k, k2) {
|
|
220
230
|
if (k2 === void 0) k2 = k;
|
|
221
231
|
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
222
232
|
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
223
|
-
desc = {
|
|
224
|
-
|
|
225
|
-
|
|
233
|
+
desc = {
|
|
234
|
+
enumerable: true,
|
|
235
|
+
get: /* @__PURE__ */ __name(function() {
|
|
236
|
+
return m[k];
|
|
237
|
+
}, "get")
|
|
238
|
+
};
|
|
226
239
|
}
|
|
227
240
|
Object.defineProperty(o, k2, desc);
|
|
228
|
-
}
|
|
241
|
+
} : function(o, m, k, k2) {
|
|
229
242
|
if (k2 === void 0) k2 = k;
|
|
230
243
|
o[k2] = m[k];
|
|
231
|
-
})
|
|
232
|
-
var __exportStar = exports2 && exports2.__exportStar || function(m,
|
|
233
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(
|
|
244
|
+
});
|
|
245
|
+
var __exportStar = exports2 && exports2.__exportStar || function(m, exports1) {
|
|
246
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports1, p)) __createBinding(exports1, m, p);
|
|
234
247
|
};
|
|
235
|
-
Object.defineProperty(exports2, "__esModule", {
|
|
248
|
+
Object.defineProperty(exports2, "__esModule", {
|
|
249
|
+
value: true
|
|
250
|
+
});
|
|
236
251
|
__exportStar(require_base_app_error(), exports2);
|
|
237
252
|
__exportStar(require_error_mapper_service(), exports2);
|
|
238
253
|
}
|
|
@@ -242,23 +257,28 @@ var require_errors = __commonJS({
|
|
|
242
257
|
var require_dist = __commonJS({
|
|
243
258
|
"../shared/dist/index.js"(exports2) {
|
|
244
259
|
"use strict";
|
|
245
|
-
var __createBinding = exports2 && exports2.__createBinding || (Object.create ?
|
|
260
|
+
var __createBinding = exports2 && exports2.__createBinding || (Object.create ? function(o, m, k, k2) {
|
|
246
261
|
if (k2 === void 0) k2 = k;
|
|
247
262
|
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
248
263
|
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
249
|
-
desc = {
|
|
250
|
-
|
|
251
|
-
|
|
264
|
+
desc = {
|
|
265
|
+
enumerable: true,
|
|
266
|
+
get: /* @__PURE__ */ __name(function() {
|
|
267
|
+
return m[k];
|
|
268
|
+
}, "get")
|
|
269
|
+
};
|
|
252
270
|
}
|
|
253
271
|
Object.defineProperty(o, k2, desc);
|
|
254
|
-
}
|
|
272
|
+
} : function(o, m, k, k2) {
|
|
255
273
|
if (k2 === void 0) k2 = k;
|
|
256
274
|
o[k2] = m[k];
|
|
257
|
-
})
|
|
258
|
-
var __exportStar = exports2 && exports2.__exportStar || function(m,
|
|
259
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(
|
|
275
|
+
});
|
|
276
|
+
var __exportStar = exports2 && exports2.__exportStar || function(m, exports1) {
|
|
277
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports1, p)) __createBinding(exports1, m, p);
|
|
260
278
|
};
|
|
261
|
-
Object.defineProperty(exports2, "__esModule", {
|
|
279
|
+
Object.defineProperty(exports2, "__esModule", {
|
|
280
|
+
value: true
|
|
281
|
+
});
|
|
262
282
|
__exportStar(require_types(), exports2);
|
|
263
283
|
__exportStar(require_utils(), exports2);
|
|
264
284
|
__exportStar(require_errors(), exports2);
|
|
@@ -290,12 +310,19 @@ __export(index_exports, {
|
|
|
290
310
|
module.exports = __toCommonJS(index_exports);
|
|
291
311
|
|
|
292
312
|
// src/keycloak.module.ts
|
|
293
|
-
var
|
|
313
|
+
var import_common9 = require("@nestjs/common");
|
|
294
314
|
var import_core2 = require("@nestjs/core");
|
|
295
315
|
var import_http_client3 = require("@adatechnology/http-client");
|
|
296
316
|
var import_logger3 = require("@adatechnology/logger");
|
|
297
317
|
var import_cache3 = require("@adatechnology/cache");
|
|
298
318
|
|
|
319
|
+
// src/api-auth.guard.ts
|
|
320
|
+
var import_common4 = require("@nestjs/common");
|
|
321
|
+
var import_shared3 = __toESM(require_dist());
|
|
322
|
+
|
|
323
|
+
// src/b2b.guard.ts
|
|
324
|
+
var import_common2 = require("@nestjs/common");
|
|
325
|
+
|
|
299
326
|
// src/bearer-token.guard.ts
|
|
300
327
|
var import_common = require("@nestjs/common");
|
|
301
328
|
var import_logger = require("@adatechnology/logger");
|
|
@@ -311,7 +338,7 @@ var KEYCLOAK_PROVIDER = "KEYCLOAK_PROVIDER";
|
|
|
311
338
|
// package.json
|
|
312
339
|
var package_default = {
|
|
313
340
|
name: "@adatechnology/auth-keycloak",
|
|
314
|
-
version: "0.1.
|
|
341
|
+
version: "0.1.3",
|
|
315
342
|
publishConfig: {
|
|
316
343
|
access: "public"
|
|
317
344
|
},
|
|
@@ -339,6 +366,7 @@ var package_default = {
|
|
|
339
366
|
devDependencies: {
|
|
340
367
|
"@adatechnology/shared": "workspace:*",
|
|
341
368
|
"@esbuild-plugins/tsconfig-paths": "^0.1.2",
|
|
369
|
+
"@swc/core": "^1.15.24",
|
|
342
370
|
tsup: "^8.5.1",
|
|
343
371
|
typescript: "^5.2.0"
|
|
344
372
|
}
|
|
@@ -368,7 +396,26 @@ var ROLES_ERROR_CODE = {
|
|
|
368
396
|
};
|
|
369
397
|
|
|
370
398
|
// src/bearer-token.guard.ts
|
|
371
|
-
|
|
399
|
+
function _ts_decorate(decorators, target, key, desc) {
|
|
400
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
401
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
402
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
403
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
404
|
+
}
|
|
405
|
+
__name(_ts_decorate, "_ts_decorate");
|
|
406
|
+
function _ts_metadata(k, v) {
|
|
407
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
408
|
+
}
|
|
409
|
+
__name(_ts_metadata, "_ts_metadata");
|
|
410
|
+
function _ts_param(paramIndex, decorator) {
|
|
411
|
+
return function(target, key) {
|
|
412
|
+
decorator(target, key, paramIndex);
|
|
413
|
+
};
|
|
414
|
+
}
|
|
415
|
+
__name(_ts_param, "_ts_param");
|
|
416
|
+
var _BearerTokenGuard = class _BearerTokenGuard {
|
|
417
|
+
keycloakClient;
|
|
418
|
+
logger;
|
|
372
419
|
constructor(keycloakClient, logger) {
|
|
373
420
|
this.keycloakClient = keycloakClient;
|
|
374
421
|
this.logger = logger;
|
|
@@ -425,12 +472,16 @@ var BearerTokenGuard = class {
|
|
|
425
472
|
isValid = await this.keycloakClient.validateToken(token);
|
|
426
473
|
} catch (err) {
|
|
427
474
|
const detail = err instanceof Error ? err.message : String(err);
|
|
428
|
-
this.log("error", `${method} - Token validation failed`, method, {
|
|
475
|
+
this.log("error", `${method} - Token validation failed`, method, {
|
|
476
|
+
detail
|
|
477
|
+
});
|
|
429
478
|
throw new import_shared.BaseAppError({
|
|
430
479
|
message: "Token validation failed",
|
|
431
480
|
status: HTTP_STATUS.UNAUTHORIZED,
|
|
432
481
|
code: BEARER_ERROR_CODE.TOKEN_VALIDATION_FAILED,
|
|
433
|
-
context: {
|
|
482
|
+
context: {
|
|
483
|
+
detail
|
|
484
|
+
}
|
|
434
485
|
});
|
|
435
486
|
}
|
|
436
487
|
if (!isValid) {
|
|
@@ -446,23 +497,199 @@ var BearerTokenGuard = class {
|
|
|
446
497
|
return true;
|
|
447
498
|
}
|
|
448
499
|
};
|
|
449
|
-
BearerTokenGuard
|
|
500
|
+
__name(_BearerTokenGuard, "BearerTokenGuard");
|
|
501
|
+
var BearerTokenGuard = _BearerTokenGuard;
|
|
502
|
+
BearerTokenGuard = _ts_decorate([
|
|
450
503
|
(0, import_common.Injectable)(),
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
504
|
+
_ts_param(0, (0, import_common.Optional)()),
|
|
505
|
+
_ts_param(0, (0, import_common.Inject)(KEYCLOAK_CLIENT)),
|
|
506
|
+
_ts_param(1, (0, import_common.Optional)()),
|
|
507
|
+
_ts_param(1, (0, import_common.Inject)(import_logger.LOGGER_PROVIDER)),
|
|
508
|
+
_ts_metadata("design:type", Function),
|
|
509
|
+
_ts_metadata("design:paramtypes", [
|
|
510
|
+
typeof KeycloakClientInterface === "undefined" ? Object : KeycloakClientInterface,
|
|
511
|
+
typeof LoggerProviderInterface === "undefined" ? Object : LoggerProviderInterface
|
|
512
|
+
])
|
|
455
513
|
], BearerTokenGuard);
|
|
456
514
|
|
|
515
|
+
// src/b2b.guard.ts
|
|
516
|
+
function _ts_decorate2(decorators, target, key, desc) {
|
|
517
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
518
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
519
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
520
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
521
|
+
}
|
|
522
|
+
__name(_ts_decorate2, "_ts_decorate");
|
|
523
|
+
function _ts_metadata2(k, v) {
|
|
524
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
525
|
+
}
|
|
526
|
+
__name(_ts_metadata2, "_ts_metadata");
|
|
527
|
+
var _B2BGuard = class _B2BGuard {
|
|
528
|
+
bearerTokenGuard;
|
|
529
|
+
constructor(bearerTokenGuard) {
|
|
530
|
+
this.bearerTokenGuard = bearerTokenGuard;
|
|
531
|
+
}
|
|
532
|
+
canActivate(context) {
|
|
533
|
+
return Promise.resolve(this.bearerTokenGuard.canActivate(context));
|
|
534
|
+
}
|
|
535
|
+
};
|
|
536
|
+
__name(_B2BGuard, "B2BGuard");
|
|
537
|
+
var B2BGuard = _B2BGuard;
|
|
538
|
+
B2BGuard = _ts_decorate2([
|
|
539
|
+
(0, import_common2.Injectable)(),
|
|
540
|
+
_ts_metadata2("design:type", Function),
|
|
541
|
+
_ts_metadata2("design:paramtypes", [
|
|
542
|
+
typeof BearerTokenGuard === "undefined" ? Object : BearerTokenGuard
|
|
543
|
+
])
|
|
544
|
+
], B2BGuard);
|
|
545
|
+
|
|
546
|
+
// src/b2c.guard.ts
|
|
547
|
+
var import_common3 = require("@nestjs/common");
|
|
548
|
+
var import_shared2 = __toESM(require_dist());
|
|
549
|
+
|
|
550
|
+
// src/keycloak.headers.ts
|
|
551
|
+
var state = {
|
|
552
|
+
headers: {
|
|
553
|
+
b2cToken: parseEnvHeader("KEYCLOAK_B2C_TOKEN_HEADER", "x-access-token"),
|
|
554
|
+
b2bToken: parseEnvHeader("KEYCLOAK_B2B_TOKEN_HEADER", "authorization")
|
|
555
|
+
},
|
|
556
|
+
claims: {
|
|
557
|
+
userId: parseEnvClaims("KEYCLOAK_USER_ID_CLAIM", [
|
|
558
|
+
"sub"
|
|
559
|
+
]),
|
|
560
|
+
callerId: parseEnvClaims("KEYCLOAK_CALLER_ID_CLAIM", [
|
|
561
|
+
"azp"
|
|
562
|
+
])
|
|
563
|
+
}
|
|
564
|
+
};
|
|
565
|
+
function configureTokenHeaders(cfg) {
|
|
566
|
+
if (cfg.b2cToken) state.headers.b2cToken = cfg.b2cToken.toLowerCase();
|
|
567
|
+
if (cfg.b2bToken) state.headers.b2bToken = cfg.b2bToken.toLowerCase();
|
|
568
|
+
}
|
|
569
|
+
__name(configureTokenHeaders, "configureTokenHeaders");
|
|
570
|
+
function configureTokenClaims(cfg) {
|
|
571
|
+
if (cfg.userId) state.claims.userId = normalizeClaims(cfg.userId);
|
|
572
|
+
if (cfg.callerId) state.claims.callerId = normalizeClaims(cfg.callerId);
|
|
573
|
+
}
|
|
574
|
+
__name(configureTokenClaims, "configureTokenClaims");
|
|
575
|
+
function getB2CTokenHeader() {
|
|
576
|
+
return state.headers.b2cToken;
|
|
577
|
+
}
|
|
578
|
+
__name(getB2CTokenHeader, "getB2CTokenHeader");
|
|
579
|
+
function getB2BTokenHeader() {
|
|
580
|
+
return state.headers.b2bToken;
|
|
581
|
+
}
|
|
582
|
+
__name(getB2BTokenHeader, "getB2BTokenHeader");
|
|
583
|
+
function getUserIdClaims() {
|
|
584
|
+
return state.claims.userId;
|
|
585
|
+
}
|
|
586
|
+
__name(getUserIdClaims, "getUserIdClaims");
|
|
587
|
+
function getCallerIdClaims() {
|
|
588
|
+
return state.claims.callerId;
|
|
589
|
+
}
|
|
590
|
+
__name(getCallerIdClaims, "getCallerIdClaims");
|
|
591
|
+
function parseEnvHeader(key, fallback) {
|
|
592
|
+
return (process.env[key] ?? fallback).toLowerCase();
|
|
593
|
+
}
|
|
594
|
+
__name(parseEnvHeader, "parseEnvHeader");
|
|
595
|
+
function parseEnvClaims(key, fallback) {
|
|
596
|
+
const raw = process.env[key];
|
|
597
|
+
if (!raw) return fallback;
|
|
598
|
+
return raw.split(",").map((c) => c.trim()).filter(Boolean);
|
|
599
|
+
}
|
|
600
|
+
__name(parseEnvClaims, "parseEnvClaims");
|
|
601
|
+
function normalizeClaims(value) {
|
|
602
|
+
if (Array.isArray(value)) return value.filter(Boolean);
|
|
603
|
+
return value.split(",").map((c) => c.trim()).filter(Boolean);
|
|
604
|
+
}
|
|
605
|
+
__name(normalizeClaims, "normalizeClaims");
|
|
606
|
+
|
|
607
|
+
// src/b2c.guard.ts
|
|
608
|
+
function _ts_decorate3(decorators, target, key, desc) {
|
|
609
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
610
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
611
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
612
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
613
|
+
}
|
|
614
|
+
__name(_ts_decorate3, "_ts_decorate");
|
|
615
|
+
var _B2CGuard = class _B2CGuard {
|
|
616
|
+
canActivate(context) {
|
|
617
|
+
var _a;
|
|
618
|
+
const request = context.switchToHttp().getRequest();
|
|
619
|
+
const accessToken = (_a = request.headers) == null ? void 0 : _a[getB2CTokenHeader()];
|
|
620
|
+
if (accessToken) return true;
|
|
621
|
+
throw new import_shared2.BaseAppError({
|
|
622
|
+
message: "Missing X-Access-Token header. Route requires Kong-forwarded user authentication.",
|
|
623
|
+
status: HTTP_STATUS.UNAUTHORIZED,
|
|
624
|
+
code: BEARER_ERROR_CODE.MISSING_TOKEN,
|
|
625
|
+
context: {}
|
|
626
|
+
});
|
|
627
|
+
}
|
|
628
|
+
};
|
|
629
|
+
__name(_B2CGuard, "B2CGuard");
|
|
630
|
+
var B2CGuard = _B2CGuard;
|
|
631
|
+
B2CGuard = _ts_decorate3([
|
|
632
|
+
(0, import_common3.Injectable)()
|
|
633
|
+
], B2CGuard);
|
|
634
|
+
|
|
635
|
+
// src/api-auth.guard.ts
|
|
636
|
+
function _ts_decorate4(decorators, target, key, desc) {
|
|
637
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
638
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
639
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
640
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
641
|
+
}
|
|
642
|
+
__name(_ts_decorate4, "_ts_decorate");
|
|
643
|
+
function _ts_metadata3(k, v) {
|
|
644
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
645
|
+
}
|
|
646
|
+
__name(_ts_metadata3, "_ts_metadata");
|
|
647
|
+
var _ApiAuthGuard = class _ApiAuthGuard {
|
|
648
|
+
b2bGuard;
|
|
649
|
+
b2cGuard;
|
|
650
|
+
constructor(b2bGuard, b2cGuard) {
|
|
651
|
+
this.b2bGuard = b2bGuard;
|
|
652
|
+
this.b2cGuard = b2cGuard;
|
|
653
|
+
}
|
|
654
|
+
async canActivate(context) {
|
|
655
|
+
var _a, _b;
|
|
656
|
+
const request = context.switchToHttp().getRequest();
|
|
657
|
+
const accessToken = (_a = request.headers) == null ? void 0 : _a[getB2CTokenHeader()];
|
|
658
|
+
if (accessToken) {
|
|
659
|
+
return this.b2cGuard.canActivate(context);
|
|
660
|
+
}
|
|
661
|
+
const authHeader = (_b = request.headers) == null ? void 0 : _b[getB2BTokenHeader()];
|
|
662
|
+
if (authHeader == null ? void 0 : authHeader.toLowerCase().startsWith("bearer ")) {
|
|
663
|
+
return this.b2bGuard.canActivate(context);
|
|
664
|
+
}
|
|
665
|
+
throw new import_shared3.BaseAppError({
|
|
666
|
+
message: "Unauthorized: missing X-Access-Token (Kong/B2C) or Authorization header (B2B)",
|
|
667
|
+
status: HTTP_STATUS.UNAUTHORIZED,
|
|
668
|
+
code: BEARER_ERROR_CODE.MISSING_TOKEN,
|
|
669
|
+
context: {}
|
|
670
|
+
});
|
|
671
|
+
}
|
|
672
|
+
};
|
|
673
|
+
__name(_ApiAuthGuard, "ApiAuthGuard");
|
|
674
|
+
var ApiAuthGuard = _ApiAuthGuard;
|
|
675
|
+
ApiAuthGuard = _ts_decorate4([
|
|
676
|
+
(0, import_common4.Injectable)(),
|
|
677
|
+
_ts_metadata3("design:type", Function),
|
|
678
|
+
_ts_metadata3("design:paramtypes", [
|
|
679
|
+
typeof B2BGuard === "undefined" ? Object : B2BGuard,
|
|
680
|
+
typeof B2CGuard === "undefined" ? Object : B2CGuard
|
|
681
|
+
])
|
|
682
|
+
], ApiAuthGuard);
|
|
683
|
+
|
|
457
684
|
// src/keycloak.client.ts
|
|
458
|
-
var
|
|
685
|
+
var import_common5 = require("@nestjs/common");
|
|
459
686
|
var import_http_client2 = require("@adatechnology/http-client");
|
|
460
687
|
var import_logger2 = require("@adatechnology/logger");
|
|
461
688
|
var import_cache = require("@adatechnology/cache");
|
|
462
689
|
var import_cache2 = require("@adatechnology/cache");
|
|
463
690
|
|
|
464
691
|
// src/errors/keycloak-error.ts
|
|
465
|
-
var
|
|
692
|
+
var _KeycloakError = class _KeycloakError extends Error {
|
|
466
693
|
statusCode;
|
|
467
694
|
details;
|
|
468
695
|
keycloakError;
|
|
@@ -475,8 +702,27 @@ var KeycloakError = class _KeycloakError extends Error {
|
|
|
475
702
|
Object.setPrototypeOf(this, _KeycloakError.prototype);
|
|
476
703
|
}
|
|
477
704
|
};
|
|
705
|
+
__name(_KeycloakError, "KeycloakError");
|
|
706
|
+
var KeycloakError = _KeycloakError;
|
|
478
707
|
|
|
479
708
|
// src/keycloak.client.ts
|
|
709
|
+
function _ts_decorate5(decorators, target, key, desc) {
|
|
710
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
711
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
712
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
713
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
714
|
+
}
|
|
715
|
+
__name(_ts_decorate5, "_ts_decorate");
|
|
716
|
+
function _ts_metadata4(k, v) {
|
|
717
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
718
|
+
}
|
|
719
|
+
__name(_ts_metadata4, "_ts_metadata");
|
|
720
|
+
function _ts_param2(paramIndex, decorator) {
|
|
721
|
+
return function(target, key) {
|
|
722
|
+
decorator(target, key, paramIndex);
|
|
723
|
+
};
|
|
724
|
+
}
|
|
725
|
+
__name(_ts_param2, "_ts_param");
|
|
480
726
|
function extractErrorInfo(err) {
|
|
481
727
|
var _a, _b, _c, _d, _e;
|
|
482
728
|
const statusCode = (err == null ? void 0 : err.status) ?? ((_a = err == null ? void 0 : err.response) == null ? void 0 : _a.status);
|
|
@@ -501,15 +747,19 @@ function extractErrorInfo(err) {
|
|
|
501
747
|
keycloakError: keycloakError ?? (errorCode ? `NETWORK_ERROR_${String(errorCode)}` : void 0)
|
|
502
748
|
};
|
|
503
749
|
}
|
|
504
|
-
|
|
750
|
+
__name(extractErrorInfo, "extractErrorInfo");
|
|
751
|
+
var _KeycloakClient = class _KeycloakClient {
|
|
752
|
+
config;
|
|
753
|
+
httpProvider;
|
|
754
|
+
logger;
|
|
755
|
+
cacheProvider;
|
|
756
|
+
tokenPromise = null;
|
|
505
757
|
constructor(config, httpProvider, logger, cacheProvider) {
|
|
506
758
|
this.config = config;
|
|
507
759
|
this.httpProvider = httpProvider;
|
|
508
760
|
this.logger = logger;
|
|
509
761
|
this.cacheProvider = cacheProvider ?? new import_cache.InMemoryCacheProvider(logger);
|
|
510
762
|
}
|
|
511
|
-
cacheProvider;
|
|
512
|
-
tokenPromise = null;
|
|
513
763
|
log(level, message, libMethod, meta) {
|
|
514
764
|
if (!this.logger) return;
|
|
515
765
|
const loggerCtx = (0, import_logger2.getContext)();
|
|
@@ -571,21 +821,29 @@ var KeycloakClient = class {
|
|
|
571
821
|
if (this.config.credentials.clientSecret) {
|
|
572
822
|
body.append("client_secret", this.config.credentials.clientSecret);
|
|
573
823
|
}
|
|
574
|
-
body.append("scope",
|
|
824
|
+
body.append("scope", _KeycloakClient.scopesToString(this.config.scopes));
|
|
575
825
|
try {
|
|
576
826
|
const response = await this.httpProvider.post({
|
|
577
827
|
url: tokenUrl,
|
|
578
828
|
data: body,
|
|
579
829
|
config: {
|
|
580
|
-
headers: {
|
|
581
|
-
|
|
830
|
+
headers: {
|
|
831
|
+
"Content-Type": "application/x-www-form-urlencoded"
|
|
832
|
+
},
|
|
833
|
+
logContext: {
|
|
834
|
+
className: LOG_CONTEXT.KEYCLOAK_CLIENT,
|
|
835
|
+
methodName: method
|
|
836
|
+
}
|
|
582
837
|
}
|
|
583
838
|
});
|
|
584
839
|
this.log("info", `${method} - Success for user: ${username}`, method);
|
|
585
840
|
return response.data;
|
|
586
841
|
} catch (err) {
|
|
587
842
|
const { statusCode, details, keycloakError } = extractErrorInfo(err);
|
|
588
|
-
this.log("error", `${method} - Failed for user: ${username}`, method, {
|
|
843
|
+
this.log("error", `${method} - Failed for user: ${username}`, method, {
|
|
844
|
+
statusCode,
|
|
845
|
+
keycloakError
|
|
846
|
+
});
|
|
589
847
|
throw new KeycloakError("Failed to obtain token with credentials", {
|
|
590
848
|
statusCode,
|
|
591
849
|
details,
|
|
@@ -607,7 +865,7 @@ var KeycloakClient = class {
|
|
|
607
865
|
if (this.config.credentials.username && this.config.credentials.password) {
|
|
608
866
|
data.append("username", this.config.credentials.username);
|
|
609
867
|
data.append("password", this.config.credentials.password);
|
|
610
|
-
data.append("scope",
|
|
868
|
+
data.append("scope", _KeycloakClient.scopesToString(this.config.scopes));
|
|
611
869
|
}
|
|
612
870
|
}
|
|
613
871
|
try {
|
|
@@ -615,15 +873,23 @@ var KeycloakClient = class {
|
|
|
615
873
|
url: tokenUrl,
|
|
616
874
|
data,
|
|
617
875
|
config: {
|
|
618
|
-
headers: {
|
|
619
|
-
|
|
876
|
+
headers: {
|
|
877
|
+
"Content-Type": "application/x-www-form-urlencoded"
|
|
878
|
+
},
|
|
879
|
+
logContext: {
|
|
880
|
+
className: LOG_CONTEXT.KEYCLOAK_CLIENT,
|
|
881
|
+
methodName: method
|
|
882
|
+
}
|
|
620
883
|
}
|
|
621
884
|
});
|
|
622
885
|
this.log("debug", `${method} - Success`, method);
|
|
623
886
|
return response.data;
|
|
624
887
|
} catch (err) {
|
|
625
888
|
const { statusCode, details, keycloakError } = extractErrorInfo(err);
|
|
626
|
-
this.log("error", `${method} - Failed`, method, {
|
|
889
|
+
this.log("error", `${method} - Failed`, method, {
|
|
890
|
+
statusCode,
|
|
891
|
+
keycloakError
|
|
892
|
+
});
|
|
627
893
|
throw new KeycloakError("Failed to request token", {
|
|
628
894
|
statusCode,
|
|
629
895
|
details,
|
|
@@ -647,8 +913,13 @@ var KeycloakClient = class {
|
|
|
647
913
|
url: tokenUrl,
|
|
648
914
|
data,
|
|
649
915
|
config: {
|
|
650
|
-
headers: {
|
|
651
|
-
|
|
916
|
+
headers: {
|
|
917
|
+
"Content-Type": "application/x-www-form-urlencoded"
|
|
918
|
+
},
|
|
919
|
+
logContext: {
|
|
920
|
+
className: LOG_CONTEXT.KEYCLOAK_CLIENT,
|
|
921
|
+
methodName: method
|
|
922
|
+
}
|
|
652
923
|
}
|
|
653
924
|
});
|
|
654
925
|
const ttlSeconds = this.config.tokenCacheTtl ? Math.floor(this.config.tokenCacheTtl / 1e3) : response.data.expires_in - 60;
|
|
@@ -657,7 +928,10 @@ var KeycloakClient = class {
|
|
|
657
928
|
return response.data;
|
|
658
929
|
} catch (err) {
|
|
659
930
|
const { statusCode, details, keycloakError } = extractErrorInfo(err);
|
|
660
|
-
this.log("error", `${method} - Failed`, method, {
|
|
931
|
+
this.log("error", `${method} - Failed`, method, {
|
|
932
|
+
statusCode,
|
|
933
|
+
keycloakError
|
|
934
|
+
});
|
|
661
935
|
throw new KeycloakError("Failed to refresh token", {
|
|
662
936
|
statusCode,
|
|
663
937
|
details,
|
|
@@ -681,8 +955,13 @@ var KeycloakClient = class {
|
|
|
681
955
|
url: introspectUrl,
|
|
682
956
|
data,
|
|
683
957
|
config: {
|
|
684
|
-
headers: {
|
|
685
|
-
|
|
958
|
+
headers: {
|
|
959
|
+
"Content-Type": "application/x-www-form-urlencoded"
|
|
960
|
+
},
|
|
961
|
+
logContext: {
|
|
962
|
+
className: LOG_CONTEXT.KEYCLOAK_CLIENT,
|
|
963
|
+
methodName: method
|
|
964
|
+
}
|
|
686
965
|
}
|
|
687
966
|
});
|
|
688
967
|
const active = ((_a = response.data) == null ? void 0 : _a.active) === true;
|
|
@@ -690,7 +969,10 @@ var KeycloakClient = class {
|
|
|
690
969
|
return active;
|
|
691
970
|
} catch (error) {
|
|
692
971
|
const { statusCode, details, keycloakError } = extractErrorInfo(error);
|
|
693
|
-
this.log("error", `${method} - Failed`, method, {
|
|
972
|
+
this.log("error", `${method} - Failed`, method, {
|
|
973
|
+
statusCode,
|
|
974
|
+
keycloakError
|
|
975
|
+
});
|
|
694
976
|
throw new KeycloakError("Token introspection failed", {
|
|
695
977
|
statusCode,
|
|
696
978
|
details,
|
|
@@ -706,15 +988,23 @@ var KeycloakClient = class {
|
|
|
706
988
|
const response = await this.httpProvider.get({
|
|
707
989
|
url: userInfoUrl,
|
|
708
990
|
config: {
|
|
709
|
-
headers: {
|
|
710
|
-
|
|
991
|
+
headers: {
|
|
992
|
+
Authorization: `Bearer ${token}`
|
|
993
|
+
},
|
|
994
|
+
logContext: {
|
|
995
|
+
className: LOG_CONTEXT.KEYCLOAK_CLIENT,
|
|
996
|
+
methodName: method
|
|
997
|
+
}
|
|
711
998
|
}
|
|
712
999
|
});
|
|
713
1000
|
this.log("debug", `${method} - Success`, method);
|
|
714
1001
|
return response.data;
|
|
715
1002
|
} catch (err) {
|
|
716
1003
|
const { statusCode, details, keycloakError } = extractErrorInfo(err);
|
|
717
|
-
this.log("error", `${method} - Failed`, method, {
|
|
1004
|
+
this.log("error", `${method} - Failed`, method, {
|
|
1005
|
+
statusCode,
|
|
1006
|
+
keycloakError
|
|
1007
|
+
});
|
|
718
1008
|
throw new KeycloakError("Failed to retrieve userinfo", {
|
|
719
1009
|
statusCode,
|
|
720
1010
|
details,
|
|
@@ -730,18 +1020,38 @@ var KeycloakClient = class {
|
|
|
730
1020
|
return Array.isArray(scopes) ? scopes.join(" ") : String(scopes);
|
|
731
1021
|
}
|
|
732
1022
|
};
|
|
733
|
-
KeycloakClient
|
|
734
|
-
|
|
735
|
-
|
|
736
|
-
|
|
737
|
-
|
|
738
|
-
|
|
739
|
-
|
|
1023
|
+
__name(_KeycloakClient, "KeycloakClient");
|
|
1024
|
+
var KeycloakClient = _KeycloakClient;
|
|
1025
|
+
KeycloakClient = _ts_decorate5([
|
|
1026
|
+
(0, import_common5.Injectable)(),
|
|
1027
|
+
_ts_param2(1, (0, import_common5.Inject)(import_http_client2.HTTP_PROVIDER)),
|
|
1028
|
+
_ts_param2(2, (0, import_common5.Optional)()),
|
|
1029
|
+
_ts_param2(2, (0, import_common5.Inject)(import_logger2.LOGGER_PROVIDER)),
|
|
1030
|
+
_ts_param2(3, (0, import_common5.Optional)()),
|
|
1031
|
+
_ts_param2(3, (0, import_common5.Inject)(import_cache2.CACHE_PROVIDER)),
|
|
1032
|
+
_ts_metadata4("design:type", Function),
|
|
1033
|
+
_ts_metadata4("design:paramtypes", [
|
|
1034
|
+
typeof KeycloakConfig === "undefined" ? Object : KeycloakConfig,
|
|
1035
|
+
typeof HttpProviderInterface === "undefined" ? Object : HttpProviderInterface,
|
|
1036
|
+
typeof import_logger2.LoggerProviderInterface === "undefined" ? Object : import_logger2.LoggerProviderInterface,
|
|
1037
|
+
typeof CacheProviderInterface === "undefined" ? Object : CacheProviderInterface
|
|
1038
|
+
])
|
|
740
1039
|
], KeycloakClient);
|
|
741
1040
|
|
|
742
1041
|
// src/keycloak.http.interceptor.ts
|
|
743
|
-
var
|
|
744
|
-
|
|
1042
|
+
var import_common6 = require("@nestjs/common");
|
|
1043
|
+
function _ts_decorate6(decorators, target, key, desc) {
|
|
1044
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
1045
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
1046
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
1047
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
1048
|
+
}
|
|
1049
|
+
__name(_ts_decorate6, "_ts_decorate");
|
|
1050
|
+
function _ts_metadata5(k, v) {
|
|
1051
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
1052
|
+
}
|
|
1053
|
+
__name(_ts_metadata5, "_ts_metadata");
|
|
1054
|
+
var _KeycloakHttpInterceptor = class _KeycloakHttpInterceptor {
|
|
745
1055
|
constructor() {
|
|
746
1056
|
}
|
|
747
1057
|
intercept(context, next) {
|
|
@@ -751,43 +1061,51 @@ var KeycloakHttpInterceptor = class {
|
|
|
751
1061
|
return next.handle();
|
|
752
1062
|
}
|
|
753
1063
|
};
|
|
754
|
-
KeycloakHttpInterceptor
|
|
755
|
-
|
|
1064
|
+
__name(_KeycloakHttpInterceptor, "KeycloakHttpInterceptor");
|
|
1065
|
+
var KeycloakHttpInterceptor = _KeycloakHttpInterceptor;
|
|
1066
|
+
KeycloakHttpInterceptor = _ts_decorate6([
|
|
1067
|
+
(0, import_common6.Injectable)(),
|
|
1068
|
+
_ts_metadata5("design:type", Function),
|
|
1069
|
+
_ts_metadata5("design:paramtypes", [])
|
|
756
1070
|
], KeycloakHttpInterceptor);
|
|
757
1071
|
|
|
758
1072
|
// src/roles.guard.ts
|
|
759
|
-
var
|
|
1073
|
+
var import_common8 = require("@nestjs/common");
|
|
760
1074
|
var import_core = require("@nestjs/core");
|
|
761
1075
|
|
|
762
1076
|
// src/roles.decorator.ts
|
|
763
|
-
var
|
|
1077
|
+
var import_common7 = require("@nestjs/common");
|
|
764
1078
|
var ROLES_META_KEY = "roles";
|
|
765
1079
|
var B2C_ROLES_META_KEY = "roles:b2c";
|
|
766
1080
|
var B2B_ROLES_META_KEY = "roles:b2b";
|
|
767
1081
|
var TOKEN_ROLES_META_KEY = "roles:token";
|
|
768
1082
|
function Roles(...args) {
|
|
769
|
-
return (0,
|
|
1083
|
+
return (0, import_common7.SetMetadata)(ROLES_META_KEY, normalizeRolesOptions(args));
|
|
770
1084
|
}
|
|
1085
|
+
__name(Roles, "Roles");
|
|
771
1086
|
function B2CRoles(...args) {
|
|
772
|
-
return (0,
|
|
1087
|
+
return (0, import_common7.SetMetadata)(B2C_ROLES_META_KEY, normalizeRolesOptions(args));
|
|
773
1088
|
}
|
|
1089
|
+
__name(B2CRoles, "B2CRoles");
|
|
774
1090
|
function B2BRoles(...args) {
|
|
775
|
-
return (0,
|
|
1091
|
+
return (0, import_common7.SetMetadata)(B2B_ROLES_META_KEY, normalizeRolesOptions(args));
|
|
776
1092
|
}
|
|
1093
|
+
__name(B2BRoles, "B2BRoles");
|
|
777
1094
|
function normalizeRolesOptions(args) {
|
|
778
1095
|
let payload;
|
|
779
1096
|
if (args.length === 1 && typeof args[0] === "object" && !Array.isArray(args[0])) {
|
|
780
1097
|
payload = args[0];
|
|
781
1098
|
} else {
|
|
782
|
-
const roles = [].concat(
|
|
783
|
-
|
|
784
|
-
|
|
785
|
-
|
|
1099
|
+
const roles = [].concat(...args.map((a) => Array.isArray(a) ? a : String(a)));
|
|
1100
|
+
payload = {
|
|
1101
|
+
roles
|
|
1102
|
+
};
|
|
786
1103
|
}
|
|
787
1104
|
payload.mode = payload.mode ?? "any";
|
|
788
1105
|
payload.type = payload.type ?? "both";
|
|
789
1106
|
return payload;
|
|
790
1107
|
}
|
|
1108
|
+
__name(normalizeRolesOptions, "normalizeRolesOptions");
|
|
791
1109
|
function TokenRoles(options) {
|
|
792
1110
|
const normalized = {
|
|
793
1111
|
...options,
|
|
@@ -796,58 +1114,34 @@ function TokenRoles(options) {
|
|
|
796
1114
|
// auto-detect bearer stripping: true when header is 'authorization'
|
|
797
1115
|
bearer: options.bearer ?? options.header.toLowerCase() === "authorization"
|
|
798
1116
|
};
|
|
799
|
-
return (0,
|
|
1117
|
+
return (0, import_common7.SetMetadata)(TOKEN_ROLES_META_KEY, [
|
|
1118
|
+
normalized
|
|
1119
|
+
]);
|
|
800
1120
|
}
|
|
1121
|
+
__name(TokenRoles, "TokenRoles");
|
|
801
1122
|
|
|
802
1123
|
// src/roles.guard.ts
|
|
803
|
-
var
|
|
804
|
-
|
|
805
|
-
|
|
806
|
-
|
|
807
|
-
|
|
808
|
-
|
|
809
|
-
b2bToken: parseEnvHeader("KEYCLOAK_B2B_TOKEN_HEADER", "authorization")
|
|
810
|
-
},
|
|
811
|
-
claims: {
|
|
812
|
-
userId: parseEnvClaims("KEYCLOAK_USER_ID_CLAIM", ["sub"]),
|
|
813
|
-
callerId: parseEnvClaims("KEYCLOAK_CALLER_ID_CLAIM", ["azp"])
|
|
814
|
-
}
|
|
815
|
-
};
|
|
816
|
-
function configureTokenHeaders(cfg) {
|
|
817
|
-
if (cfg.b2cToken) state.headers.b2cToken = cfg.b2cToken.toLowerCase();
|
|
818
|
-
if (cfg.b2bToken) state.headers.b2bToken = cfg.b2bToken.toLowerCase();
|
|
819
|
-
}
|
|
820
|
-
function configureTokenClaims(cfg) {
|
|
821
|
-
if (cfg.userId) state.claims.userId = normalizeClaims(cfg.userId);
|
|
822
|
-
if (cfg.callerId) state.claims.callerId = normalizeClaims(cfg.callerId);
|
|
823
|
-
}
|
|
824
|
-
function getB2CTokenHeader() {
|
|
825
|
-
return state.headers.b2cToken;
|
|
826
|
-
}
|
|
827
|
-
function getB2BTokenHeader() {
|
|
828
|
-
return state.headers.b2bToken;
|
|
829
|
-
}
|
|
830
|
-
function getUserIdClaims() {
|
|
831
|
-
return state.claims.userId;
|
|
832
|
-
}
|
|
833
|
-
function getCallerIdClaims() {
|
|
834
|
-
return state.claims.callerId;
|
|
835
|
-
}
|
|
836
|
-
function parseEnvHeader(key, fallback) {
|
|
837
|
-
return (process.env[key] ?? fallback).toLowerCase();
|
|
1124
|
+
var import_shared4 = __toESM(require_dist());
|
|
1125
|
+
function _ts_decorate7(decorators, target, key, desc) {
|
|
1126
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
1127
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
1128
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
1129
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
838
1130
|
}
|
|
839
|
-
|
|
840
|
-
|
|
841
|
-
if (
|
|
842
|
-
return raw.split(",").map((c) => c.trim()).filter(Boolean);
|
|
1131
|
+
__name(_ts_decorate7, "_ts_decorate");
|
|
1132
|
+
function _ts_metadata6(k, v) {
|
|
1133
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
843
1134
|
}
|
|
844
|
-
|
|
845
|
-
|
|
846
|
-
return
|
|
1135
|
+
__name(_ts_metadata6, "_ts_metadata");
|
|
1136
|
+
function _ts_param3(paramIndex, decorator) {
|
|
1137
|
+
return function(target, key) {
|
|
1138
|
+
decorator(target, key, paramIndex);
|
|
1139
|
+
};
|
|
847
1140
|
}
|
|
848
|
-
|
|
849
|
-
|
|
850
|
-
|
|
1141
|
+
__name(_ts_param3, "_ts_param");
|
|
1142
|
+
var _RolesGuard = class _RolesGuard {
|
|
1143
|
+
reflector;
|
|
1144
|
+
config;
|
|
851
1145
|
constructor(reflector, config) {
|
|
852
1146
|
this.reflector = reflector;
|
|
853
1147
|
this.config = config;
|
|
@@ -858,10 +1152,10 @@ var RolesGuard = class {
|
|
|
858
1152
|
const b2cMeta = this.getMeta(B2C_ROLES_META_KEY, context);
|
|
859
1153
|
const b2bMeta = this.getMeta(B2B_ROLES_META_KEY, context);
|
|
860
1154
|
const genericMeta = this.getMeta(ROLES_META_KEY, context);
|
|
861
|
-
const tokenRules = this.reflector.getAllAndMerge(
|
|
862
|
-
|
|
863
|
-
|
|
864
|
-
) ?? [];
|
|
1155
|
+
const tokenRules = this.reflector.getAllAndMerge(TOKEN_ROLES_META_KEY, [
|
|
1156
|
+
context.getHandler(),
|
|
1157
|
+
context.getClass()
|
|
1158
|
+
]) ?? [];
|
|
865
1159
|
if (!b2cMeta && !b2bMeta && !genericMeta && tokenRules.length === 0) return true;
|
|
866
1160
|
if (b2cMeta) {
|
|
867
1161
|
const token = (_a = req.headers) == null ? void 0 : _a[getB2CTokenHeader()];
|
|
@@ -883,7 +1177,7 @@ var RolesGuard = class {
|
|
|
883
1177
|
const raw = (_d = req.headers) == null ? void 0 : _d[getB2BTokenHeader()];
|
|
884
1178
|
const token = (raw == null ? void 0 : raw.split(" ")[1]) ?? ((_e = req.query) == null ? void 0 : _e.token);
|
|
885
1179
|
if (!token) {
|
|
886
|
-
throw new
|
|
1180
|
+
throw new import_shared4.BaseAppError({
|
|
887
1181
|
message: "Authorization token not provided",
|
|
888
1182
|
status: HTTP_STATUS.FORBIDDEN,
|
|
889
1183
|
code: ROLES_ERROR_CODE.MISSING_TOKEN,
|
|
@@ -898,7 +1192,10 @@ var RolesGuard = class {
|
|
|
898
1192
|
const raw = (_f = req.headers) == null ? void 0 : _f[rule.header];
|
|
899
1193
|
const token = rule.bearer ? raw == null ? void 0 : raw.split(" ")[1] : raw;
|
|
900
1194
|
const roles = token ? this.extractRoles(token, "b2c") : /* @__PURE__ */ new Set();
|
|
901
|
-
this.assertRoles(roles, {
|
|
1195
|
+
this.assertRoles(roles, {
|
|
1196
|
+
roles: rule.roles,
|
|
1197
|
+
mode: rule.mode ?? "any"
|
|
1198
|
+
}, `header:${rule.header}`);
|
|
902
1199
|
}
|
|
903
1200
|
return true;
|
|
904
1201
|
}
|
|
@@ -925,11 +1222,14 @@ var RolesGuard = class {
|
|
|
925
1222
|
const hasMatch = meta.roles.map((r) => available.has(r));
|
|
926
1223
|
const passed = meta.mode === "all" ? hasMatch.every(Boolean) : hasMatch.some(Boolean);
|
|
927
1224
|
if (!passed) {
|
|
928
|
-
throw new
|
|
1225
|
+
throw new import_shared4.BaseAppError({
|
|
929
1226
|
message: `Insufficient roles for ${label} token`,
|
|
930
1227
|
status: HTTP_STATUS.FORBIDDEN,
|
|
931
1228
|
code: ROLES_ERROR_CODE.INSUFFICIENT_ROLES,
|
|
932
|
-
context: {
|
|
1229
|
+
context: {
|
|
1230
|
+
required: meta.roles,
|
|
1231
|
+
source: label
|
|
1232
|
+
}
|
|
933
1233
|
});
|
|
934
1234
|
}
|
|
935
1235
|
}
|
|
@@ -946,45 +1246,74 @@ var RolesGuard = class {
|
|
|
946
1246
|
}
|
|
947
1247
|
}
|
|
948
1248
|
};
|
|
949
|
-
RolesGuard
|
|
950
|
-
|
|
951
|
-
|
|
952
|
-
|
|
953
|
-
|
|
1249
|
+
__name(_RolesGuard, "RolesGuard");
|
|
1250
|
+
var RolesGuard = _RolesGuard;
|
|
1251
|
+
RolesGuard = _ts_decorate7([
|
|
1252
|
+
(0, import_common8.Injectable)(),
|
|
1253
|
+
_ts_param3(0, (0, import_common8.Inject)(import_core.Reflector)),
|
|
1254
|
+
_ts_param3(1, (0, import_common8.Optional)()),
|
|
1255
|
+
_ts_param3(1, (0, import_common8.Inject)(KEYCLOAK_CONFIG)),
|
|
1256
|
+
_ts_metadata6("design:type", Function),
|
|
1257
|
+
_ts_metadata6("design:paramtypes", [
|
|
1258
|
+
typeof import_core.Reflector === "undefined" ? Object : import_core.Reflector,
|
|
1259
|
+
typeof KeycloakConfig === "undefined" ? Object : KeycloakConfig
|
|
1260
|
+
])
|
|
954
1261
|
], RolesGuard);
|
|
955
1262
|
|
|
956
1263
|
// src/keycloak.module.ts
|
|
957
|
-
|
|
1264
|
+
function _ts_decorate8(decorators, target, key, desc) {
|
|
1265
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
1266
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
1267
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
1268
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
1269
|
+
}
|
|
1270
|
+
__name(_ts_decorate8, "_ts_decorate");
|
|
1271
|
+
var _KeycloakModule = class _KeycloakModule {
|
|
958
1272
|
static forRoot(config, httpConfig) {
|
|
959
1273
|
if (config.headers) configureTokenHeaders(config.headers);
|
|
960
1274
|
if (config.claims) configureTokenClaims(config.claims);
|
|
961
1275
|
return {
|
|
962
|
-
module:
|
|
1276
|
+
module: _KeycloakModule,
|
|
963
1277
|
global: true,
|
|
964
1278
|
imports: [
|
|
965
|
-
import_http_client3.HttpModule.forRoot(
|
|
966
|
-
|
|
967
|
-
|
|
968
|
-
|
|
969
|
-
|
|
970
|
-
|
|
971
|
-
|
|
972
|
-
|
|
973
|
-
|
|
1279
|
+
import_http_client3.HttpModule.forRoot(httpConfig || {
|
|
1280
|
+
baseURL: config.baseUrl,
|
|
1281
|
+
timeout: 5e3
|
|
1282
|
+
}, {
|
|
1283
|
+
logging: {
|
|
1284
|
+
enabled: true,
|
|
1285
|
+
includeBody: true,
|
|
1286
|
+
context: "KeycloakHttpClient",
|
|
1287
|
+
environments: [
|
|
1288
|
+
"development",
|
|
1289
|
+
"test"
|
|
1290
|
+
]
|
|
974
1291
|
}
|
|
975
|
-
)
|
|
1292
|
+
})
|
|
976
1293
|
],
|
|
977
1294
|
providers: [
|
|
978
|
-
{
|
|
979
|
-
|
|
1295
|
+
{
|
|
1296
|
+
provide: import_core2.Reflector,
|
|
1297
|
+
useClass: import_core2.Reflector
|
|
1298
|
+
},
|
|
1299
|
+
{
|
|
1300
|
+
provide: KEYCLOAK_CONFIG,
|
|
1301
|
+
useValue: config
|
|
1302
|
+
},
|
|
980
1303
|
{
|
|
981
1304
|
provide: KEYCLOAK_CLIENT,
|
|
982
|
-
useFactory: (cfg, httpProvider, logger, cacheProvider) => new KeycloakClient(cfg, httpProvider, logger, cacheProvider),
|
|
1305
|
+
useFactory: /* @__PURE__ */ __name((cfg, httpProvider, logger, cacheProvider) => new KeycloakClient(cfg, httpProvider, logger, cacheProvider), "useFactory"),
|
|
983
1306
|
inject: [
|
|
984
1307
|
KEYCLOAK_CONFIG,
|
|
985
1308
|
import_http_client3.HTTP_PROVIDER,
|
|
986
|
-
{
|
|
987
|
-
|
|
1309
|
+
{
|
|
1310
|
+
token: import_logger3.LOGGER_PROVIDER,
|
|
1311
|
+
optional: true
|
|
1312
|
+
},
|
|
1313
|
+
{
|
|
1314
|
+
token: import_cache3.CACHE_PROVIDER,
|
|
1315
|
+
optional: true
|
|
1316
|
+
}
|
|
988
1317
|
]
|
|
989
1318
|
},
|
|
990
1319
|
{
|
|
@@ -993,10 +1322,13 @@ var KeycloakModule = class {
|
|
|
993
1322
|
},
|
|
994
1323
|
{
|
|
995
1324
|
provide: KEYCLOAK_HTTP_INTERCEPTOR,
|
|
996
|
-
useFactory: () => new KeycloakHttpInterceptor()
|
|
1325
|
+
useFactory: /* @__PURE__ */ __name(() => new KeycloakHttpInterceptor(), "useFactory")
|
|
997
1326
|
},
|
|
998
1327
|
RolesGuard,
|
|
999
|
-
BearerTokenGuard
|
|
1328
|
+
BearerTokenGuard,
|
|
1329
|
+
B2CGuard,
|
|
1330
|
+
B2BGuard,
|
|
1331
|
+
ApiAuthGuard
|
|
1000
1332
|
],
|
|
1001
1333
|
exports: [
|
|
1002
1334
|
import_core2.Reflector,
|
|
@@ -1005,150 +1337,108 @@ var KeycloakModule = class {
|
|
|
1005
1337
|
KEYCLOAK_HTTP_INTERCEPTOR,
|
|
1006
1338
|
KEYCLOAK_CONFIG,
|
|
1007
1339
|
RolesGuard,
|
|
1008
|
-
BearerTokenGuard
|
|
1340
|
+
BearerTokenGuard,
|
|
1341
|
+
B2CGuard,
|
|
1342
|
+
B2BGuard,
|
|
1343
|
+
ApiAuthGuard
|
|
1009
1344
|
]
|
|
1010
1345
|
};
|
|
1011
1346
|
}
|
|
1012
1347
|
};
|
|
1013
|
-
KeycloakModule
|
|
1014
|
-
|
|
1348
|
+
__name(_KeycloakModule, "KeycloakModule");
|
|
1349
|
+
var KeycloakModule = _KeycloakModule;
|
|
1350
|
+
KeycloakModule = _ts_decorate8([
|
|
1351
|
+
(0, import_common9.Module)({})
|
|
1015
1352
|
], KeycloakModule);
|
|
1016
1353
|
|
|
1017
|
-
// src/b2b.guard.ts
|
|
1018
|
-
var import_common7 = require("@nestjs/common");
|
|
1019
|
-
var B2BGuard = class {
|
|
1020
|
-
constructor(bearerTokenGuard) {
|
|
1021
|
-
this.bearerTokenGuard = bearerTokenGuard;
|
|
1022
|
-
}
|
|
1023
|
-
canActivate(context) {
|
|
1024
|
-
return Promise.resolve(this.bearerTokenGuard.canActivate(context));
|
|
1025
|
-
}
|
|
1026
|
-
};
|
|
1027
|
-
B2BGuard = __decorateClass([
|
|
1028
|
-
(0, import_common7.Injectable)()
|
|
1029
|
-
], B2BGuard);
|
|
1030
|
-
|
|
1031
|
-
// src/b2c.guard.ts
|
|
1032
|
-
var import_common8 = require("@nestjs/common");
|
|
1033
|
-
var import_shared3 = __toESM(require_dist());
|
|
1034
|
-
var B2CGuard = class {
|
|
1035
|
-
canActivate(context) {
|
|
1036
|
-
var _a;
|
|
1037
|
-
const request = context.switchToHttp().getRequest();
|
|
1038
|
-
const accessToken = (_a = request.headers) == null ? void 0 : _a[getB2CTokenHeader()];
|
|
1039
|
-
if (accessToken) return true;
|
|
1040
|
-
throw new import_shared3.BaseAppError({
|
|
1041
|
-
message: "Missing X-Access-Token header. Route requires Kong-forwarded user authentication.",
|
|
1042
|
-
status: HTTP_STATUS.UNAUTHORIZED,
|
|
1043
|
-
code: BEARER_ERROR_CODE.MISSING_TOKEN,
|
|
1044
|
-
context: {}
|
|
1045
|
-
});
|
|
1046
|
-
}
|
|
1047
|
-
};
|
|
1048
|
-
B2CGuard = __decorateClass([
|
|
1049
|
-
(0, import_common8.Injectable)()
|
|
1050
|
-
], B2CGuard);
|
|
1051
|
-
|
|
1052
|
-
// src/api-auth.guard.ts
|
|
1053
|
-
var import_common9 = require("@nestjs/common");
|
|
1054
|
-
var import_shared4 = __toESM(require_dist());
|
|
1055
|
-
var ApiAuthGuard = class {
|
|
1056
|
-
constructor(b2bGuard, b2cGuard) {
|
|
1057
|
-
this.b2bGuard = b2bGuard;
|
|
1058
|
-
this.b2cGuard = b2cGuard;
|
|
1059
|
-
}
|
|
1060
|
-
async canActivate(context) {
|
|
1061
|
-
var _a, _b;
|
|
1062
|
-
const request = context.switchToHttp().getRequest();
|
|
1063
|
-
const accessToken = (_a = request.headers) == null ? void 0 : _a[getB2CTokenHeader()];
|
|
1064
|
-
if (accessToken) {
|
|
1065
|
-
return this.b2cGuard.canActivate(context);
|
|
1066
|
-
}
|
|
1067
|
-
const authHeader = (_b = request.headers) == null ? void 0 : _b[getB2BTokenHeader()];
|
|
1068
|
-
if (authHeader == null ? void 0 : authHeader.toLowerCase().startsWith("bearer ")) {
|
|
1069
|
-
return this.b2bGuard.canActivate(context);
|
|
1070
|
-
}
|
|
1071
|
-
throw new import_shared4.BaseAppError({
|
|
1072
|
-
message: "Unauthorized: missing X-Access-Token (Kong/B2C) or Authorization header (B2B)",
|
|
1073
|
-
status: HTTP_STATUS.UNAUTHORIZED,
|
|
1074
|
-
code: BEARER_ERROR_CODE.MISSING_TOKEN,
|
|
1075
|
-
context: {}
|
|
1076
|
-
});
|
|
1077
|
-
}
|
|
1078
|
-
};
|
|
1079
|
-
ApiAuthGuard = __decorateClass([
|
|
1080
|
-
(0, import_common9.Injectable)()
|
|
1081
|
-
], ApiAuthGuard);
|
|
1082
|
-
|
|
1083
1354
|
// src/auth-user.decorator.ts
|
|
1084
1355
|
var import_common10 = require("@nestjs/common");
|
|
1085
|
-
var AuthUser = (0, import_common10.createParamDecorator)(
|
|
1086
|
-
|
|
1087
|
-
|
|
1088
|
-
|
|
1089
|
-
|
|
1090
|
-
|
|
1091
|
-
|
|
1092
|
-
|
|
1093
|
-
|
|
1094
|
-
|
|
1095
|
-
|
|
1096
|
-
|
|
1097
|
-
|
|
1098
|
-
|
|
1099
|
-
|
|
1100
|
-
|
|
1101
|
-
|
|
1102
|
-
|
|
1103
|
-
|
|
1104
|
-
|
|
1105
|
-
|
|
1106
|
-
);
|
|
1107
|
-
|
|
1108
|
-
(
|
|
1109
|
-
|
|
1110
|
-
const request = ctx.switchToHttp().getRequest();
|
|
1111
|
-
const h = (header == null ? void 0 : header.toLowerCase()) ?? getB2CTokenHeader();
|
|
1112
|
-
const raw = (_a = request.headers) == null ? void 0 : _a[h];
|
|
1113
|
-
return Array.isArray(raw) ? raw[0] : raw ?? "";
|
|
1114
|
-
}
|
|
1115
|
-
);
|
|
1356
|
+
var AuthUser = (0, import_common10.createParamDecorator)((param, ctx) => {
|
|
1357
|
+
var _a;
|
|
1358
|
+
const request = ctx.switchToHttp().getRequest();
|
|
1359
|
+
const { header, claims } = resolveB2CParam(param);
|
|
1360
|
+
const raw = (_a = request.headers) == null ? void 0 : _a[header];
|
|
1361
|
+
const token = Array.isArray(raw) ? raw[0] : raw;
|
|
1362
|
+
if (!token) return "";
|
|
1363
|
+
return decodeJwtClaims(String(token), claims) ?? "";
|
|
1364
|
+
});
|
|
1365
|
+
var CallerToken = (0, import_common10.createParamDecorator)((param, ctx) => {
|
|
1366
|
+
var _a;
|
|
1367
|
+
const request = ctx.switchToHttp().getRequest();
|
|
1368
|
+
const { header, claims } = resolveB2BParam(param);
|
|
1369
|
+
const raw = (_a = request.headers) == null ? void 0 : _a[header];
|
|
1370
|
+
const token = raw == null ? void 0 : raw.split(" ")[1];
|
|
1371
|
+
if (!token) return "";
|
|
1372
|
+
return decodeJwtClaims(token, claims) ?? "";
|
|
1373
|
+
});
|
|
1374
|
+
var AccessToken = (0, import_common10.createParamDecorator)((header, ctx) => {
|
|
1375
|
+
var _a;
|
|
1376
|
+
const request = ctx.switchToHttp().getRequest();
|
|
1377
|
+
const h = (header == null ? void 0 : header.toLowerCase()) ?? getB2CTokenHeader();
|
|
1378
|
+
const raw = (_a = request.headers) == null ? void 0 : _a[h];
|
|
1379
|
+
return Array.isArray(raw) ? raw[0] : raw ?? "";
|
|
1380
|
+
});
|
|
1116
1381
|
function resolveB2CParam(param) {
|
|
1117
1382
|
var _a;
|
|
1118
1383
|
if (!param) {
|
|
1119
|
-
return {
|
|
1384
|
+
return {
|
|
1385
|
+
header: getB2CTokenHeader(),
|
|
1386
|
+
claims: getUserIdClaims()
|
|
1387
|
+
};
|
|
1120
1388
|
}
|
|
1121
1389
|
if (typeof param === "string") {
|
|
1122
|
-
return {
|
|
1390
|
+
return {
|
|
1391
|
+
header: getB2CTokenHeader(),
|
|
1392
|
+
claims: [
|
|
1393
|
+
param
|
|
1394
|
+
]
|
|
1395
|
+
};
|
|
1123
1396
|
}
|
|
1124
1397
|
if (Array.isArray(param)) {
|
|
1125
|
-
return {
|
|
1398
|
+
return {
|
|
1399
|
+
header: getB2CTokenHeader(),
|
|
1400
|
+
claims: param
|
|
1401
|
+
};
|
|
1126
1402
|
}
|
|
1127
1403
|
return {
|
|
1128
1404
|
header: ((_a = param.header) == null ? void 0 : _a.toLowerCase()) ?? getB2CTokenHeader(),
|
|
1129
1405
|
claims: param.claim ? normalizeClaims2(param.claim) : getUserIdClaims()
|
|
1130
1406
|
};
|
|
1131
1407
|
}
|
|
1408
|
+
__name(resolveB2CParam, "resolveB2CParam");
|
|
1132
1409
|
function resolveB2BParam(param) {
|
|
1133
1410
|
var _a;
|
|
1134
1411
|
if (!param) {
|
|
1135
|
-
return {
|
|
1412
|
+
return {
|
|
1413
|
+
header: getB2BTokenHeader(),
|
|
1414
|
+
claims: getCallerIdClaims()
|
|
1415
|
+
};
|
|
1136
1416
|
}
|
|
1137
1417
|
if (typeof param === "string") {
|
|
1138
|
-
return {
|
|
1418
|
+
return {
|
|
1419
|
+
header: getB2BTokenHeader(),
|
|
1420
|
+
claims: [
|
|
1421
|
+
param
|
|
1422
|
+
]
|
|
1423
|
+
};
|
|
1139
1424
|
}
|
|
1140
1425
|
if (Array.isArray(param)) {
|
|
1141
|
-
return {
|
|
1426
|
+
return {
|
|
1427
|
+
header: getB2BTokenHeader(),
|
|
1428
|
+
claims: param
|
|
1429
|
+
};
|
|
1142
1430
|
}
|
|
1143
1431
|
return {
|
|
1144
1432
|
header: ((_a = param.header) == null ? void 0 : _a.toLowerCase()) ?? getB2BTokenHeader(),
|
|
1145
1433
|
claims: param.claim ? normalizeClaims2(param.claim) : getCallerIdClaims()
|
|
1146
1434
|
};
|
|
1147
1435
|
}
|
|
1436
|
+
__name(resolveB2BParam, "resolveB2BParam");
|
|
1148
1437
|
function normalizeClaims2(value) {
|
|
1149
1438
|
if (Array.isArray(value)) return value.filter(Boolean);
|
|
1150
1439
|
return value.split(",").map((c) => c.trim()).filter(Boolean);
|
|
1151
1440
|
}
|
|
1441
|
+
__name(normalizeClaims2, "normalizeClaims");
|
|
1152
1442
|
function decodeJwtClaims(token, claims) {
|
|
1153
1443
|
try {
|
|
1154
1444
|
const parts = token.split(".");
|
|
@@ -1156,9 +1446,7 @@ function decodeJwtClaims(token, claims) {
|
|
|
1156
1446
|
const padded = parts[1].replace(/-/g, "+").replace(/_/g, "/");
|
|
1157
1447
|
const BufferCtor = globalThis.Buffer;
|
|
1158
1448
|
if (!BufferCtor) return void 0;
|
|
1159
|
-
const payload = JSON.parse(
|
|
1160
|
-
BufferCtor.from(padded, "base64").toString("utf8")
|
|
1161
|
-
);
|
|
1449
|
+
const payload = JSON.parse(BufferCtor.from(padded, "base64").toString("utf8"));
|
|
1162
1450
|
for (const claim of claims) {
|
|
1163
1451
|
const value = payload[claim];
|
|
1164
1452
|
if (typeof value === "string" && value.length > 0) return value;
|
|
@@ -1168,6 +1456,7 @@ function decodeJwtClaims(token, claims) {
|
|
|
1168
1456
|
return void 0;
|
|
1169
1457
|
}
|
|
1170
1458
|
}
|
|
1459
|
+
__name(decodeJwtClaims, "decodeJwtClaims");
|
|
1171
1460
|
// Annotate the CommonJS export names for ESM import in node:
|
|
1172
1461
|
0 && (module.exports = {
|
|
1173
1462
|
AccessToken,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@adatechnology/auth-keycloak",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.3",
|
|
4
4
|
"publishConfig": {
|
|
5
5
|
"access": "public"
|
|
6
6
|
},
|
|
@@ -12,8 +12,8 @@
|
|
|
12
12
|
],
|
|
13
13
|
"dependencies": {
|
|
14
14
|
"@adatechnology/cache": "0.0.8",
|
|
15
|
-
"@adatechnology/
|
|
16
|
-
"@adatechnology/
|
|
15
|
+
"@adatechnology/logger": "0.0.7",
|
|
16
|
+
"@adatechnology/http-client": "0.0.9"
|
|
17
17
|
},
|
|
18
18
|
"peerDependencies": {
|
|
19
19
|
"@nestjs/common": "^11.0.16",
|
|
@@ -21,6 +21,7 @@
|
|
|
21
21
|
},
|
|
22
22
|
"devDependencies": {
|
|
23
23
|
"@esbuild-plugins/tsconfig-paths": "^0.1.2",
|
|
24
|
+
"@swc/core": "^1.15.24",
|
|
24
25
|
"tsup": "^8.5.1",
|
|
25
26
|
"typescript": "^5.2.0",
|
|
26
27
|
"@adatechnology/shared": "0.0.2"
|