@anarchitects/auth-nest 0.4.2 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +110 -37
- package/package.json +25 -12
- package/src/application/application.module-definition.d.ts +4 -21
- package/src/application/application.module-definition.js.map +1 -1
- package/src/application/application.module.d.ts +5 -22
- package/src/application/application.module.js +59 -8
- package/src/application/application.module.js.map +1 -1
- package/src/application/factories/ability.factory.js +3 -3
- package/src/application/factories/ability.factory.js.map +1 -1
- package/src/application/index.d.ts +8 -4
- package/src/application/index.js +7 -4
- package/src/application/index.js.map +1 -1
- package/src/application/resource-authorization.tokens.d.ts +1 -0
- package/src/application/resource-authorization.tokens.js +5 -0
- package/src/application/resource-authorization.tokens.js.map +1 -0
- package/src/application/resource-authorization.types.d.ts +16 -0
- package/src/application/resource-authorization.types.js +3 -0
- package/src/application/resource-authorization.types.js.map +1 -0
- package/src/application/services/auth-engine.port.d.ts +42 -0
- package/src/application/services/auth-engine.port.js +12 -0
- package/src/application/services/auth-engine.port.js.map +1 -0
- package/src/application/services/auth-orchestration.service.d.ts +41 -0
- package/src/application/services/auth-orchestration.service.js +161 -0
- package/src/application/services/auth-orchestration.service.js.map +1 -0
- package/src/application/services/jwt-auth.service.d.ts +6 -36
- package/src/application/services/jwt-auth.service.js +8 -201
- package/src/application/services/jwt-auth.service.js.map +1 -1
- package/src/application/services/persisted-policy-rule.d.ts +2 -0
- package/src/application/services/persisted-policy-rule.js +20 -0
- package/src/application/services/persisted-policy-rule.js.map +1 -0
- package/src/application/services/policies.service.js +7 -10
- package/src/application/services/policies.service.js.map +1 -1
- package/src/application/services/resource-authorization.d.ts +5 -0
- package/src/application/services/resource-authorization.js +18 -0
- package/src/application/services/resource-authorization.js.map +1 -0
- package/src/application/strategies/{jwt/strategy.d.ts → jwt-strategy.d.ts} +2 -1
- package/src/application/strategies/{jwt/strategy.js → jwt-strategy.js} +6 -4
- package/src/application/strategies/jwt-strategy.js.map +1 -0
- package/src/auth.module.d.ts +4 -11
- package/src/auth.module.js +40 -24
- package/src/auth.module.js.map +1 -1
- package/src/config/auth.config.d.ts +64 -0
- package/src/config/auth.config.js +115 -7
- package/src/config/auth.config.js.map +1 -1
- package/src/config/index.d.ts +1 -0
- package/src/config/index.js +1 -0
- package/src/config/index.js.map +1 -1
- package/src/config/module-options.d.ts +108 -0
- package/src/config/module-options.js +111 -0
- package/src/config/module-options.js.map +1 -0
- package/src/infrastructure-engine/better-auth/better-auth-auth-engine.adapter.d.ts +21 -0
- package/src/infrastructure-engine/better-auth/better-auth-auth-engine.adapter.js +180 -0
- package/src/infrastructure-engine/better-auth/better-auth-auth-engine.adapter.js.map +1 -0
- package/src/infrastructure-engine/better-auth/better-auth-spike.harness.d.ts +17 -0
- package/src/infrastructure-engine/better-auth/better-auth-spike.harness.js +32 -0
- package/src/infrastructure-engine/better-auth/better-auth-spike.harness.js.map +1 -0
- package/src/infrastructure-engine/better-auth/better-auth.module-loader.d.ts +7 -0
- package/src/infrastructure-engine/better-auth/better-auth.module-loader.js +15 -0
- package/src/infrastructure-engine/better-auth/better-auth.module-loader.js.map +1 -0
- package/src/infrastructure-engine/better-auth/dynamic-import.d.ts +1 -0
- package/src/infrastructure-engine/better-auth/dynamic-import.js +9 -0
- package/src/infrastructure-engine/better-auth/dynamic-import.js.map +1 -0
- package/src/infrastructure-engine/legacy-jwt-auth-engine.adapter.d.ts +22 -0
- package/src/infrastructure-engine/legacy-jwt-auth-engine.adapter.js +131 -0
- package/src/infrastructure-engine/legacy-jwt-auth-engine.adapter.js.map +1 -0
- package/src/infrastructure-mailer/index.d.ts +1 -0
- package/src/infrastructure-mailer/mailer.module.d.ts +4 -0
- package/src/infrastructure-mailer/mailer.module.js +31 -6
- package/src/infrastructure-mailer/mailer.module.js.map +1 -1
- package/src/infrastructure-persistence/index.d.ts +1 -0
- package/src/infrastructure-persistence/persistence.module-definition.d.ts +4 -9
- package/src/infrastructure-persistence/persistence.module-definition.js.map +1 -1
- package/src/infrastructure-persistence/persistence.module.d.ts +4 -2
- package/src/infrastructure-persistence/persistence.module.js +21 -4
- package/src/infrastructure-persistence/persistence.module.js.map +1 -1
- package/src/presentation/authorized-resource.request.d.ts +7 -0
- package/src/presentation/authorized-resource.request.js +16 -0
- package/src/presentation/authorized-resource.request.js.map +1 -0
- package/src/presentation/decorators/authorize-resource.decorator.d.ts +3 -0
- package/src/presentation/decorators/authorize-resource.decorator.js +9 -0
- package/src/presentation/decorators/authorize-resource.decorator.js.map +1 -0
- package/src/presentation/decorators/authorized-resource.decorator.d.ts +2 -0
- package/src/presentation/decorators/authorized-resource.decorator.js +32 -0
- package/src/presentation/decorators/authorized-resource.decorator.js.map +1 -0
- package/src/presentation/decorators/policies.decorator.d.ts +2 -2
- package/src/presentation/decorators/policies.decorator.js.map +1 -1
- package/src/presentation/guards/policies.guard.js +6 -5
- package/src/presentation/guards/policies.guard.js.map +1 -1
- package/src/presentation/guards/resource-authorization.guard.d.ts +11 -0
- package/src/presentation/guards/resource-authorization.guard.js +55 -0
- package/src/presentation/guards/resource-authorization.guard.js.map +1 -0
- package/src/presentation/guards/route-policy-matcher.d.ts +1 -0
- package/src/presentation/guards/route-policy-matcher.js +6 -0
- package/src/presentation/guards/route-policy-matcher.js.map +1 -0
- package/src/presentation/index.d.ts +5 -0
- package/src/presentation/index.js +4 -0
- package/src/presentation/index.js.map +1 -1
- package/src/presentation/presentation.module.d.ts +4 -0
- package/src/presentation/presentation.module.js +43 -2
- package/src/presentation/presentation.module.js.map +1 -1
- package/src/presentation/route-policy.d.ts +1 -0
- package/src/presentation/route-policy.js +3 -0
- package/src/presentation/route-policy.js.map +1 -0
- package/src/application/strategies/jwt/strategy.js.map +0 -1
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import { LoginRequestDTO, LoginResponseDTO, LogoutRequestDTO, RefreshTokenRequestDTO } from '@anarchitects/auth-ts/dtos';
|
|
2
|
+
export type AuthEngineFlowName = 'password-sign-in' | 'passkey-sign-in' | 'social-sign-in' | 'sign-out-or-refresh';
|
|
3
|
+
export type AuthEngineFlowSupport = {
|
|
4
|
+
flow: AuthEngineFlowName;
|
|
5
|
+
status: 'supported' | 'unsupported' | 'needs-config';
|
|
6
|
+
notes: string;
|
|
7
|
+
};
|
|
8
|
+
export type AuthEngineCapabilityReport = {
|
|
9
|
+
engine: 'legacy-jwt' | 'better-auth';
|
|
10
|
+
flows: AuthEngineFlowSupport[];
|
|
11
|
+
};
|
|
12
|
+
export type AuthPasskeySignInInput = {
|
|
13
|
+
autoFill?: boolean;
|
|
14
|
+
headers?: HeadersInit;
|
|
15
|
+
};
|
|
16
|
+
export type AuthSocialSignInInput = {
|
|
17
|
+
provider: 'github';
|
|
18
|
+
callbackURL: string;
|
|
19
|
+
errorCallbackURL?: string;
|
|
20
|
+
newUserCallbackURL?: string;
|
|
21
|
+
headers?: HeadersInit;
|
|
22
|
+
};
|
|
23
|
+
export type AuthSignOutOrRefreshInput = {
|
|
24
|
+
mode: 'refresh';
|
|
25
|
+
userId: string;
|
|
26
|
+
dto: RefreshTokenRequestDTO;
|
|
27
|
+
} | {
|
|
28
|
+
mode: 'sign-out';
|
|
29
|
+
headers?: HeadersInit;
|
|
30
|
+
};
|
|
31
|
+
export declare abstract class AuthEnginePort {
|
|
32
|
+
abstract login(dto: LoginRequestDTO): Promise<LoginResponseDTO>;
|
|
33
|
+
abstract logout(dto: LogoutRequestDTO): Promise<{
|
|
34
|
+
success: boolean;
|
|
35
|
+
}>;
|
|
36
|
+
abstract refreshTokens(userId: string, dto: RefreshTokenRequestDTO): Promise<LoginResponseDTO>;
|
|
37
|
+
abstract describeCapabilities(): Promise<AuthEngineCapabilityReport>;
|
|
38
|
+
abstract passwordSignIn(dto: LoginRequestDTO): Promise<LoginResponseDTO>;
|
|
39
|
+
abstract passkeySignIn(input: AuthPasskeySignInInput): Promise<unknown>;
|
|
40
|
+
abstract socialSignIn(input: AuthSocialSignInInput): Promise<unknown>;
|
|
41
|
+
abstract signOutOrRefresh(input: AuthSignOutOrRefreshInput): Promise<unknown>;
|
|
42
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AuthEnginePort = void 0;
|
|
4
|
+
const tslib_1 = require("tslib");
|
|
5
|
+
const common_1 = require("@nestjs/common");
|
|
6
|
+
let AuthEnginePort = class AuthEnginePort {
|
|
7
|
+
};
|
|
8
|
+
exports.AuthEnginePort = AuthEnginePort;
|
|
9
|
+
exports.AuthEnginePort = AuthEnginePort = tslib_1.__decorate([
|
|
10
|
+
(0, common_1.Injectable)()
|
|
11
|
+
], AuthEnginePort);
|
|
12
|
+
//# sourceMappingURL=auth-engine.port.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-engine.port.js","sourceRoot":"","sources":["../../../../../../../libs/auth/nest/src/application/services/auth-engine.port.ts"],"names":[],"mappings":";;;;AAAA,2CAA4C;AA2CrC,IAAe,cAAc,GAA7B,MAAe,cAAc;CAanC,CAAA;AAbqB,wCAAc;yBAAd,cAAc;IADnC,IAAA,mBAAU,GAAE;GACS,cAAc,CAanC"}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import { ActivateUserRequestDTO, ChangePasswordRequestDTO, ForgotPasswordRequestDTO, LoginRequestDTO, LoginResponseDTO, LogoutRequestDTO, RefreshTokenRequestDTO, RegisterRequestDTO, RegisterResponseDTO, ResetPasswordRequestDTO, UpdateEmailRequestDTO, VerifyEmailRequestDTO } from '@anarchitects/auth-ts/dtos';
|
|
2
|
+
import { PolicyRule, User } from '@anarchitects/auth-ts/models';
|
|
3
|
+
import { AuthUserRepository } from '../../infrastructure-persistence/repositories/auth-user.repository';
|
|
4
|
+
import { AuthEnginePort } from './auth-engine.port';
|
|
5
|
+
import { AuthService } from './auth.service';
|
|
6
|
+
import { HashService } from './hash.service';
|
|
7
|
+
export declare class AuthOrchestrationService implements AuthService {
|
|
8
|
+
private readonly hashService;
|
|
9
|
+
private readonly authUserRepository;
|
|
10
|
+
private readonly authEnginePort;
|
|
11
|
+
constructor(hashService: HashService, authUserRepository: AuthUserRepository, authEnginePort: AuthEnginePort);
|
|
12
|
+
registerUser(dto: RegisterRequestDTO): Promise<RegisterResponseDTO>;
|
|
13
|
+
activateUser(dto: ActivateUserRequestDTO): Promise<{
|
|
14
|
+
success: boolean;
|
|
15
|
+
}>;
|
|
16
|
+
login(dto: LoginRequestDTO): Promise<LoginResponseDTO>;
|
|
17
|
+
logout(dto: LogoutRequestDTO): Promise<{
|
|
18
|
+
success: boolean;
|
|
19
|
+
}>;
|
|
20
|
+
changePassword(userId: string, dto: ChangePasswordRequestDTO): Promise<{
|
|
21
|
+
success: boolean;
|
|
22
|
+
}>;
|
|
23
|
+
forgotPassword(dto: ForgotPasswordRequestDTO): Promise<{
|
|
24
|
+
success: boolean;
|
|
25
|
+
}>;
|
|
26
|
+
resetPassword(dto: ResetPasswordRequestDTO): Promise<{
|
|
27
|
+
success: boolean;
|
|
28
|
+
}>;
|
|
29
|
+
verifyEmail(dto: VerifyEmailRequestDTO): Promise<{
|
|
30
|
+
success: boolean;
|
|
31
|
+
}>;
|
|
32
|
+
updateEmail(userId: string, dto: UpdateEmailRequestDTO): Promise<{
|
|
33
|
+
success: boolean;
|
|
34
|
+
}>;
|
|
35
|
+
refreshTokens(userId: string, dto: RefreshTokenRequestDTO): Promise<LoginResponseDTO>;
|
|
36
|
+
getLoggedInUserInfo(userId: string): Promise<{
|
|
37
|
+
user: User;
|
|
38
|
+
rbac: PolicyRule[];
|
|
39
|
+
}>;
|
|
40
|
+
private getValidatedPolicyRules;
|
|
41
|
+
}
|
|
@@ -0,0 +1,161 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AuthOrchestrationService = void 0;
|
|
4
|
+
const tslib_1 = require("tslib");
|
|
5
|
+
const common_1 = require("@nestjs/common");
|
|
6
|
+
const auth_user_repository_1 = require("../../infrastructure-persistence/repositories/auth-user.repository");
|
|
7
|
+
const auth_engine_port_1 = require("./auth-engine.port");
|
|
8
|
+
const hash_service_1 = require("./hash.service");
|
|
9
|
+
const persisted_policy_rule_1 = require("./persisted-policy-rule");
|
|
10
|
+
let AuthOrchestrationService = class AuthOrchestrationService {
|
|
11
|
+
constructor(hashService, authUserRepository, authEnginePort) {
|
|
12
|
+
this.hashService = hashService;
|
|
13
|
+
this.authUserRepository = authUserRepository;
|
|
14
|
+
this.authEnginePort = authEnginePort;
|
|
15
|
+
}
|
|
16
|
+
async registerUser(dto) {
|
|
17
|
+
if (dto.password !== dto.confirmPassword) {
|
|
18
|
+
throw new common_1.BadRequestException('Passwords do not match');
|
|
19
|
+
}
|
|
20
|
+
const passwordHash = await this.hashService.hash(dto.password);
|
|
21
|
+
const token = crypto.randomUUID();
|
|
22
|
+
const { userName, email } = dto;
|
|
23
|
+
const user = {
|
|
24
|
+
email,
|
|
25
|
+
passwordHash,
|
|
26
|
+
isActive: false,
|
|
27
|
+
userName,
|
|
28
|
+
token,
|
|
29
|
+
roles: [
|
|
30
|
+
{
|
|
31
|
+
name: 'user',
|
|
32
|
+
},
|
|
33
|
+
],
|
|
34
|
+
};
|
|
35
|
+
await this.authUserRepository.create(user);
|
|
36
|
+
return { success: true };
|
|
37
|
+
}
|
|
38
|
+
async activateUser(dto) {
|
|
39
|
+
const { token } = dto;
|
|
40
|
+
const user = await this.authUserRepository.findOne(token);
|
|
41
|
+
await this.authUserRepository.update({
|
|
42
|
+
...user,
|
|
43
|
+
isActive: true,
|
|
44
|
+
token: null,
|
|
45
|
+
});
|
|
46
|
+
return { success: true };
|
|
47
|
+
}
|
|
48
|
+
async login(dto) {
|
|
49
|
+
return this.authEnginePort.login(dto);
|
|
50
|
+
}
|
|
51
|
+
async logout(dto) {
|
|
52
|
+
return this.authEnginePort.logout(dto);
|
|
53
|
+
}
|
|
54
|
+
async changePassword(userId, dto) {
|
|
55
|
+
const { currentPassword, newPassword, confirmPassword } = dto;
|
|
56
|
+
if (newPassword !== confirmPassword) {
|
|
57
|
+
throw new common_1.BadRequestException('Passwords do not match');
|
|
58
|
+
}
|
|
59
|
+
const user = await this.authUserRepository.findOne({
|
|
60
|
+
where: { id: userId },
|
|
61
|
+
});
|
|
62
|
+
if (!user) {
|
|
63
|
+
throw new common_1.BadRequestException('User not found');
|
|
64
|
+
}
|
|
65
|
+
const isCurrentPasswordValid = await this.hashService.compare(currentPassword, user.passwordHash);
|
|
66
|
+
if (!isCurrentPasswordValid) {
|
|
67
|
+
throw new common_1.BadRequestException('Invalid current password');
|
|
68
|
+
}
|
|
69
|
+
user.passwordHash = await this.hashService.hash(newPassword);
|
|
70
|
+
await this.authUserRepository.update(user);
|
|
71
|
+
return { success: true };
|
|
72
|
+
}
|
|
73
|
+
async forgotPassword(dto) {
|
|
74
|
+
const { email } = dto;
|
|
75
|
+
const user = await this.authUserRepository.findOne({ where: { email } });
|
|
76
|
+
if (!user) {
|
|
77
|
+
throw new common_1.BadRequestException('User not found');
|
|
78
|
+
}
|
|
79
|
+
const token = crypto.randomUUID();
|
|
80
|
+
user.token = token;
|
|
81
|
+
await this.authUserRepository.update(user);
|
|
82
|
+
return { success: true };
|
|
83
|
+
}
|
|
84
|
+
async resetPassword(dto) {
|
|
85
|
+
const { token, password, confirmPassword } = dto;
|
|
86
|
+
if (password !== confirmPassword) {
|
|
87
|
+
throw new common_1.BadRequestException('Passwords do not match');
|
|
88
|
+
}
|
|
89
|
+
const user = await this.authUserRepository.findOne({ where: { token } });
|
|
90
|
+
if (!user) {
|
|
91
|
+
throw new common_1.BadRequestException('Invalid token');
|
|
92
|
+
}
|
|
93
|
+
user.passwordHash = await this.hashService.hash(password);
|
|
94
|
+
user.token = null;
|
|
95
|
+
await this.authUserRepository.update(user);
|
|
96
|
+
return { success: true };
|
|
97
|
+
}
|
|
98
|
+
async verifyEmail(dto) {
|
|
99
|
+
const { token } = dto;
|
|
100
|
+
const user = await this.authUserRepository.findOne({ where: { token } });
|
|
101
|
+
if (!user) {
|
|
102
|
+
throw new common_1.BadRequestException('Invalid token');
|
|
103
|
+
}
|
|
104
|
+
user.isActive = true;
|
|
105
|
+
user.token = null;
|
|
106
|
+
await this.authUserRepository.update(user);
|
|
107
|
+
return { success: true };
|
|
108
|
+
}
|
|
109
|
+
async updateEmail(userId, dto) {
|
|
110
|
+
const { newEmail, password } = dto;
|
|
111
|
+
const user = await this.authUserRepository.findOne({
|
|
112
|
+
where: { id: userId },
|
|
113
|
+
});
|
|
114
|
+
if (!user) {
|
|
115
|
+
throw new common_1.BadRequestException('User not found');
|
|
116
|
+
}
|
|
117
|
+
const isPasswordValid = password && (await this.hashService.compare(password, user.passwordHash));
|
|
118
|
+
if (!isPasswordValid) {
|
|
119
|
+
throw new common_1.BadRequestException('Invalid password');
|
|
120
|
+
}
|
|
121
|
+
user.email = newEmail;
|
|
122
|
+
await this.authUserRepository.update(user);
|
|
123
|
+
return { success: true };
|
|
124
|
+
}
|
|
125
|
+
async refreshTokens(userId, dto) {
|
|
126
|
+
return this.authEnginePort.refreshTokens(userId, dto);
|
|
127
|
+
}
|
|
128
|
+
async getLoggedInUserInfo(userId) {
|
|
129
|
+
const user = await this.authUserRepository.findOne({
|
|
130
|
+
where: { id: userId },
|
|
131
|
+
relations: ['roles', 'roles.permissions'],
|
|
132
|
+
});
|
|
133
|
+
if (!user) {
|
|
134
|
+
throw new common_1.BadRequestException('User not found');
|
|
135
|
+
}
|
|
136
|
+
const rbac = this.getValidatedPolicyRules(user);
|
|
137
|
+
return { user, rbac };
|
|
138
|
+
}
|
|
139
|
+
getValidatedPolicyRules(user) {
|
|
140
|
+
try {
|
|
141
|
+
const rbac = [];
|
|
142
|
+
user.roles?.forEach((role) => {
|
|
143
|
+
role.permissions?.forEach((permission) => {
|
|
144
|
+
rbac.push((0, persisted_policy_rule_1.toValidatedPersistedPolicyRule)(permission));
|
|
145
|
+
});
|
|
146
|
+
});
|
|
147
|
+
return rbac;
|
|
148
|
+
}
|
|
149
|
+
catch (error) {
|
|
150
|
+
throw new common_1.InternalServerErrorException(`Malformed persisted policy rule payload: ${error instanceof Error ? error.message : String(error)}`);
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
};
|
|
154
|
+
exports.AuthOrchestrationService = AuthOrchestrationService;
|
|
155
|
+
exports.AuthOrchestrationService = AuthOrchestrationService = tslib_1.__decorate([
|
|
156
|
+
(0, common_1.Injectable)(),
|
|
157
|
+
tslib_1.__metadata("design:paramtypes", [hash_service_1.HashService,
|
|
158
|
+
auth_user_repository_1.AuthUserRepository,
|
|
159
|
+
auth_engine_port_1.AuthEnginePort])
|
|
160
|
+
], AuthOrchestrationService);
|
|
161
|
+
//# sourceMappingURL=auth-orchestration.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-orchestration.service.js","sourceRoot":"","sources":["../../../../../../../libs/auth/nest/src/application/services/auth-orchestration.service.ts"],"names":[],"mappings":";;;;AAeA,2CAIwB;AACxB,6GAAwG;AACxG,yDAAoD;AAEpD,iDAA6C;AAC7C,mEAAyE;AAGlE,IAAM,wBAAwB,GAA9B,MAAM,wBAAwB;IACnC,YACmB,WAAwB,EACxB,kBAAsC,EACtC,cAA8B;QAF9B,gBAAW,GAAX,WAAW,CAAa;QACxB,uBAAkB,GAAlB,kBAAkB,CAAoB;QACtC,mBAAc,GAAd,cAAc,CAAgB;IAC9C,CAAC;IAEJ,KAAK,CAAC,YAAY,CAAC,GAAuB;QACxC,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,eAAe,EAAE,CAAC;YACzC,MAAM,IAAI,4BAAmB,CAAC,wBAAwB,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC/D,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAClC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;QAChC,MAAM,IAAI,GAAkB;YAC1B,KAAK;YACL,YAAY;YACZ,QAAQ,EAAE,KAAK;YACf,QAAQ;YACR,KAAK;YACL,KAAK,EAAE;gBACL;oBACE,IAAI,EAAE,MAAM;iBACL;aACV;SACF,CAAC;QACF,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,GAA2B;QAE3B,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;QACtB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC1D,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC;YACnC,GAAG,IAAI;YACP,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;QACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAoB;QAC9B,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAqB;QAChC,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,MAAc,EACd,GAA6B;QAE7B,MAAM,EAAE,eAAe,EAAE,WAAW,EAAE,eAAe,EAAE,GAAG,GAAG,CAAC;QAC9D,IAAI,WAAW,KAAK,eAAe,EAAE,CAAC;YACpC,MAAM,IAAI,4BAAmB,CAAC,wBAAwB,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC;YACjD,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;SACtB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,4BAAmB,CAAC,gBAAgB,CAAC,CAAC;QAClD,CAAC;QACD,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAC3D,eAAe,EACf,IAAI,CAAC,YAAY,CAClB,CAAC;QACF,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC5B,MAAM,IAAI,4BAAmB,CAAC,0BAA0B,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC7D,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,GAA6B;QAE7B,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;QACtB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QACzE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,4BAAmB,CAAC,gBAAgB,CAAC,CAAC;QAClD,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAClC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,GAA4B;QAE5B,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,GAAG,GAAG,CAAC;QACjD,IAAI,QAAQ,KAAK,eAAe,EAAE,CAAC;YACjC,MAAM,IAAI,4BAAmB,CAAC,wBAAwB,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QACzE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,4BAAmB,CAAC,eAAe,CAAC,CAAC;QACjD,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC1D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAA0B;QAC1C,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;QACtB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QACzE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,4BAAmB,CAAC,eAAe,CAAC,CAAC;QACjD,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,WAAW,CACf,MAAc,EACd,GAA0B;QAE1B,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC;QACnC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC;YACjD,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;SACtB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,4BAAmB,CAAC,gBAAgB,CAAC,CAAC;QAClD,CAAC;QACD,MAAM,eAAe,GACnB,QAAQ,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QAC5E,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,IAAI,4BAAmB,CAAC,kBAAkB,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC;QACtB,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,MAAc,EACd,GAA2B;QAE3B,OAAO,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,MAAc;QAEd,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC;YACjD,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,SAAS,EAAE,CAAC,OAAO,EAAE,mBAAmB,CAAC;SAC1C,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,4BAAmB,CAAC,gBAAgB,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAChD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAEO,uBAAuB,CAAC,IAAU;QACxC,IAAI,CAAC;YACH,MAAM,IAAI,GAAiB,EAAE,CAAC;YAC9B,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;gBAC3B,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;oBACvC,IAAI,CAAC,IAAI,CAAC,IAAA,sDAA8B,EAAC,UAAU,CAAC,CAAC,CAAC;gBACxD,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,qCAA4B,CACpC,4CACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;CACF,CAAA;AArLY,4DAAwB;mCAAxB,wBAAwB;IADpC,IAAA,mBAAU,GAAE;6CAGqB,0BAAW;QACJ,yCAAkB;QACtB,iCAAc;GAJtC,wBAAwB,CAqLpC"}
|
|
@@ -1,41 +1,11 @@
|
|
|
1
|
-
import { ActivateUserRequestDTO, ChangePasswordRequestDTO, ForgotPasswordRequestDTO, LoginRequestDTO, LoginResponseDTO, LogoutRequestDTO, RefreshTokenRequestDTO, RegisterRequestDTO, RegisterResponseDTO, ResetPasswordRequestDTO, UpdateEmailRequestDTO, VerifyEmailRequestDTO } from '@anarchitects/auth-ts/dtos';
|
|
2
|
-
import { PolicyRule, User } from '@anarchitects/auth-ts/models';
|
|
3
1
|
import { JwtService } from '@nestjs/jwt';
|
|
4
2
|
import { AuthUserRepository } from '../../infrastructure-persistence/repositories/auth-user.repository';
|
|
5
|
-
import {
|
|
3
|
+
import { AuthOrchestrationService } from './auth-orchestration.service';
|
|
6
4
|
import { HashService } from './hash.service';
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
5
|
+
/**
|
|
6
|
+
* @deprecated Use `AuthService` for controller-facing auth operations.
|
|
7
|
+
* JWT engine access is now an internal wiring concern behind `AuthEnginePort`.
|
|
8
|
+
*/
|
|
9
|
+
export declare class JwtAuthService extends AuthOrchestrationService {
|
|
11
10
|
constructor(hashService: HashService, authUserRepository: AuthUserRepository, jwtService: JwtService);
|
|
12
|
-
registerUser(dto: RegisterRequestDTO): Promise<RegisterResponseDTO>;
|
|
13
|
-
activateUser(dto: ActivateUserRequestDTO): Promise<{
|
|
14
|
-
success: boolean;
|
|
15
|
-
}>;
|
|
16
|
-
login(dto: LoginRequestDTO): Promise<LoginResponseDTO>;
|
|
17
|
-
logout(dto: LogoutRequestDTO): Promise<{
|
|
18
|
-
success: boolean;
|
|
19
|
-
}>;
|
|
20
|
-
changePassword(userId: string, dto: ChangePasswordRequestDTO): Promise<{
|
|
21
|
-
success: boolean;
|
|
22
|
-
}>;
|
|
23
|
-
forgotPassword(dto: ForgotPasswordRequestDTO): Promise<{
|
|
24
|
-
success: boolean;
|
|
25
|
-
}>;
|
|
26
|
-
resetPassword(dto: ResetPasswordRequestDTO): Promise<{
|
|
27
|
-
success: boolean;
|
|
28
|
-
}>;
|
|
29
|
-
verifyEmail(dto: VerifyEmailRequestDTO): Promise<{
|
|
30
|
-
success: boolean;
|
|
31
|
-
}>;
|
|
32
|
-
updateEmail(userId: string, dto: UpdateEmailRequestDTO): Promise<{
|
|
33
|
-
success: boolean;
|
|
34
|
-
}>;
|
|
35
|
-
refreshTokens(userId: string, dto: RefreshTokenRequestDTO): Promise<LoginResponseDTO>;
|
|
36
|
-
getLoggedInUserInfo(userId: string): Promise<{
|
|
37
|
-
user: User;
|
|
38
|
-
rbac: PolicyRule[];
|
|
39
|
-
}>;
|
|
40
|
-
private generateTokens;
|
|
41
11
|
}
|
|
@@ -4,210 +4,17 @@ exports.JwtAuthService = void 0;
|
|
|
4
4
|
const tslib_1 = require("tslib");
|
|
5
5
|
const common_1 = require("@nestjs/common");
|
|
6
6
|
const jwt_1 = require("@nestjs/jwt");
|
|
7
|
+
const legacy_jwt_auth_engine_adapter_1 = require("../../infrastructure-engine/legacy-jwt-auth-engine.adapter");
|
|
7
8
|
const auth_user_repository_1 = require("../../infrastructure-persistence/repositories/auth-user.repository");
|
|
9
|
+
const auth_orchestration_service_1 = require("./auth-orchestration.service");
|
|
8
10
|
const hash_service_1 = require("./hash.service");
|
|
9
|
-
|
|
11
|
+
/**
|
|
12
|
+
* @deprecated Use `AuthService` for controller-facing auth operations.
|
|
13
|
+
* JWT engine access is now an internal wiring concern behind `AuthEnginePort`.
|
|
14
|
+
*/
|
|
15
|
+
let JwtAuthService = class JwtAuthService extends auth_orchestration_service_1.AuthOrchestrationService {
|
|
10
16
|
constructor(hashService, authUserRepository, jwtService) {
|
|
11
|
-
|
|
12
|
-
this.authUserRepository = authUserRepository;
|
|
13
|
-
this.jwtService = jwtService;
|
|
14
|
-
}
|
|
15
|
-
async registerUser(dto) {
|
|
16
|
-
if (dto.password !== dto.confirmPassword) {
|
|
17
|
-
throw new common_1.BadRequestException('Passwords do not match');
|
|
18
|
-
}
|
|
19
|
-
const passwordHash = await this.hashService.hash(dto.password);
|
|
20
|
-
const token = crypto.randomUUID();
|
|
21
|
-
const { userName, email } = dto;
|
|
22
|
-
const user = {
|
|
23
|
-
email,
|
|
24
|
-
passwordHash,
|
|
25
|
-
isActive: false,
|
|
26
|
-
userName,
|
|
27
|
-
token,
|
|
28
|
-
roles: [
|
|
29
|
-
{
|
|
30
|
-
name: 'user',
|
|
31
|
-
},
|
|
32
|
-
],
|
|
33
|
-
};
|
|
34
|
-
await this.authUserRepository.create(user);
|
|
35
|
-
return { success: true };
|
|
36
|
-
}
|
|
37
|
-
async activateUser(dto) {
|
|
38
|
-
const { token } = dto;
|
|
39
|
-
const user = await this.authUserRepository.findOne(token);
|
|
40
|
-
await this.authUserRepository.update({
|
|
41
|
-
...user,
|
|
42
|
-
isActive: true,
|
|
43
|
-
token: null,
|
|
44
|
-
});
|
|
45
|
-
return { success: true };
|
|
46
|
-
}
|
|
47
|
-
async login(dto) {
|
|
48
|
-
const { credential, password } = dto;
|
|
49
|
-
const user = await this.authUserRepository.findOne({
|
|
50
|
-
where: [{ email: credential }, { userName: credential }],
|
|
51
|
-
});
|
|
52
|
-
if (!user) {
|
|
53
|
-
throw new common_1.BadRequestException('Invalid credentials');
|
|
54
|
-
}
|
|
55
|
-
const isPasswordValid = await this.hashService.compare(password, user.passwordHash);
|
|
56
|
-
if (!isPasswordValid) {
|
|
57
|
-
throw new common_1.BadRequestException('Invalid credentials');
|
|
58
|
-
}
|
|
59
|
-
return this.generateTokens(user);
|
|
60
|
-
}
|
|
61
|
-
async logout(dto) {
|
|
62
|
-
const { accessToken, refreshToken } = dto;
|
|
63
|
-
if (!refreshToken) {
|
|
64
|
-
throw new common_1.BadRequestException('Refresh token is required');
|
|
65
|
-
}
|
|
66
|
-
const payload = await this.jwtService
|
|
67
|
-
.verifyAsync(refreshToken)
|
|
68
|
-
.catch(() => {
|
|
69
|
-
throw new common_1.BadRequestException('Invalid refresh token');
|
|
70
|
-
});
|
|
71
|
-
if (!payload?.sub) {
|
|
72
|
-
throw new common_1.BadRequestException('Invalid refresh token');
|
|
73
|
-
}
|
|
74
|
-
const user = await this.authUserRepository.findOne({
|
|
75
|
-
where: { id: payload.sub },
|
|
76
|
-
});
|
|
77
|
-
if (!user?.id) {
|
|
78
|
-
throw new common_1.BadRequestException('Invalid refresh token');
|
|
79
|
-
}
|
|
80
|
-
const tokenHashes = await Promise.all([accessToken, refreshToken]
|
|
81
|
-
.filter((token) => Boolean(token))
|
|
82
|
-
.map((token) => this.hashService.hash(token)));
|
|
83
|
-
await this.authUserRepository.invalidateTokens(tokenHashes, user.id);
|
|
84
|
-
return { success: true };
|
|
85
|
-
}
|
|
86
|
-
async changePassword(userId, dto) {
|
|
87
|
-
const { currentPassword, newPassword, confirmPassword } = dto;
|
|
88
|
-
if (newPassword !== confirmPassword) {
|
|
89
|
-
throw new common_1.BadRequestException('Passwords do not match');
|
|
90
|
-
}
|
|
91
|
-
const user = await this.authUserRepository.findOne({
|
|
92
|
-
where: { id: userId },
|
|
93
|
-
});
|
|
94
|
-
if (!user) {
|
|
95
|
-
throw new common_1.BadRequestException('User not found');
|
|
96
|
-
}
|
|
97
|
-
const isCurrentPasswordValid = await this.hashService.compare(currentPassword, user.passwordHash);
|
|
98
|
-
if (!isCurrentPasswordValid) {
|
|
99
|
-
throw new common_1.BadRequestException('Invalid current password');
|
|
100
|
-
}
|
|
101
|
-
user.passwordHash = await this.hashService.hash(newPassword);
|
|
102
|
-
await this.authUserRepository.update(user);
|
|
103
|
-
return { success: true };
|
|
104
|
-
}
|
|
105
|
-
async forgotPassword(dto) {
|
|
106
|
-
const { email } = dto;
|
|
107
|
-
const user = await this.authUserRepository.findOne({ where: { email } });
|
|
108
|
-
if (!user) {
|
|
109
|
-
throw new common_1.BadRequestException('User not found');
|
|
110
|
-
}
|
|
111
|
-
const token = crypto.randomUUID();
|
|
112
|
-
user.token = token;
|
|
113
|
-
await this.authUserRepository.update(user);
|
|
114
|
-
// Here you would typically send the token to the user's email
|
|
115
|
-
return { success: true };
|
|
116
|
-
}
|
|
117
|
-
async resetPassword(dto) {
|
|
118
|
-
const { token, password, confirmPassword } = dto;
|
|
119
|
-
if (password !== confirmPassword) {
|
|
120
|
-
throw new common_1.BadRequestException('Passwords do not match');
|
|
121
|
-
}
|
|
122
|
-
const user = await this.authUserRepository.findOne({ where: { token } });
|
|
123
|
-
if (!user) {
|
|
124
|
-
throw new common_1.BadRequestException('Invalid token');
|
|
125
|
-
}
|
|
126
|
-
user.passwordHash = await this.hashService.hash(password);
|
|
127
|
-
user.token = null;
|
|
128
|
-
await this.authUserRepository.update(user);
|
|
129
|
-
return { success: true };
|
|
130
|
-
}
|
|
131
|
-
async verifyEmail(dto) {
|
|
132
|
-
const { token } = dto;
|
|
133
|
-
const user = await this.authUserRepository.findOne({ where: { token } });
|
|
134
|
-
if (!user) {
|
|
135
|
-
throw new common_1.BadRequestException('Invalid token');
|
|
136
|
-
}
|
|
137
|
-
user.isActive = true;
|
|
138
|
-
user.token = null;
|
|
139
|
-
await this.authUserRepository.update(user);
|
|
140
|
-
return { success: true };
|
|
141
|
-
}
|
|
142
|
-
async updateEmail(userId, dto) {
|
|
143
|
-
const { newEmail, password } = dto;
|
|
144
|
-
const user = await this.authUserRepository.findOne({
|
|
145
|
-
where: { id: userId },
|
|
146
|
-
});
|
|
147
|
-
if (!user) {
|
|
148
|
-
throw new common_1.BadRequestException('User not found');
|
|
149
|
-
}
|
|
150
|
-
const isPasswordValid = password && (await this.hashService.compare(password, user.passwordHash));
|
|
151
|
-
if (!isPasswordValid) {
|
|
152
|
-
throw new common_1.BadRequestException('Invalid password');
|
|
153
|
-
}
|
|
154
|
-
user.email = newEmail;
|
|
155
|
-
await this.authUserRepository.update(user);
|
|
156
|
-
return { success: true };
|
|
157
|
-
}
|
|
158
|
-
async refreshTokens(userId, dto) {
|
|
159
|
-
const { refreshToken } = dto;
|
|
160
|
-
const payload = await this.jwtService
|
|
161
|
-
.verifyAsync(refreshToken)
|
|
162
|
-
.catch(() => {
|
|
163
|
-
throw new common_1.BadRequestException('Invalid refresh token');
|
|
164
|
-
});
|
|
165
|
-
if (!payload?.sub || payload.sub !== userId) {
|
|
166
|
-
throw new common_1.BadRequestException('Invalid refresh token');
|
|
167
|
-
}
|
|
168
|
-
const user = await this.authUserRepository.findOne({
|
|
169
|
-
where: { id: userId },
|
|
170
|
-
});
|
|
171
|
-
if (!user) {
|
|
172
|
-
throw new common_1.BadRequestException('User not found');
|
|
173
|
-
}
|
|
174
|
-
const isTokenInvalidated = await this.authUserRepository.isTokenInvalidated(await this.hashService.hash(refreshToken));
|
|
175
|
-
if (isTokenInvalidated) {
|
|
176
|
-
throw new common_1.BadRequestException('Refresh token has been invalidated');
|
|
177
|
-
}
|
|
178
|
-
return this.generateTokens(user);
|
|
179
|
-
}
|
|
180
|
-
async getLoggedInUserInfo(userId) {
|
|
181
|
-
const user = await this.authUserRepository.findOne({
|
|
182
|
-
where: { id: userId },
|
|
183
|
-
relations: ['roles', 'permissions'],
|
|
184
|
-
});
|
|
185
|
-
if (!user) {
|
|
186
|
-
throw new common_1.BadRequestException('User not found');
|
|
187
|
-
}
|
|
188
|
-
const rbac = [];
|
|
189
|
-
user.roles?.forEach((role) => {
|
|
190
|
-
role.permissions?.forEach((permission) => {
|
|
191
|
-
rbac.push({
|
|
192
|
-
action: permission.action,
|
|
193
|
-
subject: permission.subject,
|
|
194
|
-
conditions: permission.conditions ?? undefined,
|
|
195
|
-
fields: permission.fields ?? undefined,
|
|
196
|
-
reason: permission.reason ?? undefined,
|
|
197
|
-
inverted: permission.inverted ?? false,
|
|
198
|
-
});
|
|
199
|
-
});
|
|
200
|
-
});
|
|
201
|
-
return { user, rbac };
|
|
202
|
-
}
|
|
203
|
-
async generateTokens(user) {
|
|
204
|
-
const payload = {
|
|
205
|
-
sub: user.id,
|
|
206
|
-
roles: user.roles?.map((role) => role.name),
|
|
207
|
-
};
|
|
208
|
-
const accessToken = await this.jwtService.signAsync(payload);
|
|
209
|
-
const refreshToken = await this.jwtService.signAsync(payload);
|
|
210
|
-
return { accessToken, refreshToken };
|
|
17
|
+
super(hashService, authUserRepository, new legacy_jwt_auth_engine_adapter_1.LegacyJwtAuthEngineAdapter(hashService, authUserRepository, jwtService));
|
|
211
18
|
}
|
|
212
19
|
};
|
|
213
20
|
exports.JwtAuthService = JwtAuthService;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-auth.service.js","sourceRoot":"","sources":["../../../../../../../libs/auth/nest/src/application/services/jwt-auth.service.ts"],"names":[],"mappings":";;;;
|
|
1
|
+
{"version":3,"file":"jwt-auth.service.js","sourceRoot":"","sources":["../../../../../../../libs/auth/nest/src/application/services/jwt-auth.service.ts"],"names":[],"mappings":";;;;AAAA,2CAA4C;AAC5C,qCAAyC;AACzC,+GAAwG;AACxG,6GAAwG;AACxG,6EAAwE;AACxE,iDAA6C;AAE7C;;;GAGG;AAEI,IAAM,cAAc,GAApB,MAAM,cAAe,SAAQ,qDAAwB;IAC1D,YACE,WAAwB,EACxB,kBAAsC,EACtC,UAAsB;QAEtB,KAAK,CACH,WAAW,EACX,kBAAkB,EAClB,IAAI,2DAA0B,CAC5B,WAAW,EACX,kBAAkB,EAClB,UAAU,CACX,CACF,CAAC;IACJ,CAAC;CACF,CAAA;AAhBY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,mBAAU,GAAE;6CAGI,0BAAW;QACJ,yCAAkB;QAC1B,gBAAU;GAJb,cAAc,CAgB1B"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.toValidatedPersistedPolicyRule = void 0;
|
|
4
|
+
const dtos_1 = require("@anarchitects/auth-ts/dtos");
|
|
5
|
+
const cloneConditions = (conditions) => {
|
|
6
|
+
if (!conditions) {
|
|
7
|
+
return undefined;
|
|
8
|
+
}
|
|
9
|
+
return JSON.parse(JSON.stringify(conditions));
|
|
10
|
+
};
|
|
11
|
+
const toValidatedPersistedPolicyRule = (permission) => (0, dtos_1.parsePolicyRuleDTO)({
|
|
12
|
+
action: permission.action,
|
|
13
|
+
subject: permission.subject,
|
|
14
|
+
conditions: cloneConditions(permission.conditions),
|
|
15
|
+
fields: permission.fields ?? undefined,
|
|
16
|
+
inverted: permission.inverted ?? false,
|
|
17
|
+
reason: permission.reason ?? undefined,
|
|
18
|
+
});
|
|
19
|
+
exports.toValidatedPersistedPolicyRule = toValidatedPersistedPolicyRule;
|
|
20
|
+
//# sourceMappingURL=persisted-policy-rule.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"persisted-policy-rule.js","sourceRoot":"","sources":["../../../../../../../libs/auth/nest/src/application/services/persisted-policy-rule.ts"],"names":[],"mappings":";;;AAAA,qDAAgE;AAGhE,MAAM,eAAe,GAAG,CACtB,UAAsD,EACjB,EAAE;IACvC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAA4B,CAAC;AAC3E,CAAC,CAAC;AAEK,MAAM,8BAA8B,GAAG,CAC5C,UAGC,EACW,EAAE,CACd,IAAA,yBAAkB,EAAC;IACjB,MAAM,EAAE,UAAU,CAAC,MAAM;IACzB,OAAO,EAAE,UAAU,CAAC,OAAO;IAC3B,UAAU,EAAE,eAAe,CAAC,UAAU,CAAC,UAAU,CAAC;IAClD,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,SAAS;IACtC,QAAQ,EAAE,UAAU,CAAC,QAAQ,IAAI,KAAK;IACtC,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,SAAS;CACvC,CAAC,CAAC;AAbQ,QAAA,8BAA8B,kCAatC"}
|
|
@@ -2,10 +2,10 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.PoliciesService = void 0;
|
|
4
4
|
const tslib_1 = require("tslib");
|
|
5
|
-
/* eslint-disable @typescript-eslint/no-explicit-any */
|
|
6
5
|
const common_1 = require("@nestjs/common");
|
|
7
6
|
const auth_user_repository_1 = require("../../infrastructure-persistence/repositories/auth-user.repository");
|
|
8
7
|
const ability_factory_1 = require("../factories/ability.factory");
|
|
8
|
+
const persisted_policy_rule_1 = require("./persisted-policy-rule");
|
|
9
9
|
let PoliciesService = class PoliciesService {
|
|
10
10
|
constructor(authUserRepository, abilityFactory) {
|
|
11
11
|
this.authUserRepository = authUserRepository;
|
|
@@ -16,18 +16,15 @@ let PoliciesService = class PoliciesService {
|
|
|
16
16
|
where: { id: authUser.id },
|
|
17
17
|
relations: ['roles', 'roles.permissions'],
|
|
18
18
|
});
|
|
19
|
-
const inject = (c) => !c ? undefined : JSON.parse(JSON.stringify(c));
|
|
20
19
|
if (!user) {
|
|
21
20
|
return [];
|
|
22
21
|
}
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
reason: permission.reason ?? undefined,
|
|
30
|
-
})));
|
|
22
|
+
try {
|
|
23
|
+
return (user.roles ?? []).flatMap((role) => (role.permissions ?? []).map((permission) => (0, persisted_policy_rule_1.toValidatedPersistedPolicyRule)(permission)));
|
|
24
|
+
}
|
|
25
|
+
catch (error) {
|
|
26
|
+
throw new common_1.InternalServerErrorException(`Malformed persisted policy rule payload: ${error instanceof Error ? error.message : String(error)}`);
|
|
27
|
+
}
|
|
31
28
|
}
|
|
32
29
|
async buildAbilityForUser(authUser) {
|
|
33
30
|
return this.abilityFactory.buildAbility(await this.rulesForUser(authUser));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policies.service.js","sourceRoot":"","sources":["../../../../../../../libs/auth/nest/src/application/services/policies.service.ts"],"names":[],"mappings":";;;;AAAA,
|
|
1
|
+
{"version":3,"file":"policies.service.js","sourceRoot":"","sources":["../../../../../../../libs/auth/nest/src/application/services/policies.service.ts"],"names":[],"mappings":";;;;AAAA,2CAA0E;AAC1E,6GAAwG;AAExG,kEAA0E;AAC1E,mEAAyE;AAGlE,IAAM,eAAe,GAArB,MAAM,eAAe;IAC1B,YACmB,kBAAsC,EACtC,cAA8B;QAD9B,uBAAkB,GAAlB,kBAAkB,CAAoB;QACtC,mBAAc,GAAd,cAAc,CAAgB;IAC9C,CAAC;IAEJ,KAAK,CAAC,YAAY,CAAC,QAAc;QAC/B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC;YACjD,KAAK,EAAE,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE;YAC1B,SAAS,EAAE,CAAC,OAAO,EAAE,mBAAmB,CAAC;SAC1C,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,CAAC;YACH,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CACzC,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAC1C,IAAA,sDAA8B,EAAC,UAAU,CAAC,CAC3C,CACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,qCAA4B,CACpC,4CACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,QAAc;QACtC,OAAO,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7E,CAAC;CACF,CAAA;AAjCY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;6CAG4B,yCAAkB;QACtB,gCAAc;GAHtC,eAAe,CAiC3B"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import { Action, Subject } from '@anarchitects/auth-ts/models';
|
|
2
|
+
import { AppAbility } from '../factories/ability.factory';
|
|
3
|
+
import { AuthorizableResource } from '../resource-authorization.types';
|
|
4
|
+
export declare const toPolicySubject: <T extends AuthorizableResource>(subjectType: Subject, resource: T) => T & import("@casl/ability").ForcedSubject<Subject>;
|
|
5
|
+
export declare const assertCanAccessResource: <T extends AuthorizableResource>(ability: AppAbility, action: Action, subjectType: Subject, resource: T, field?: string) => void;
|