@bearei/server-common 0.0.70 → 0.0.72
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/access/access.guard.d.ts +6 -4
- package/dist/access/access.guard.js +22 -16
- package/dist/access/access.guard.js.map +1 -1
- package/dist/app.interface.d.ts +1 -1
- package/dist/authentication/authentication.service.d.ts +0 -1
- package/dist/authentication/authentication.service.js +0 -3
- package/dist/authentication/authentication.service.js.map +1 -1
- package/dist/external/external.interface.d.ts +0 -7
- package/dist/external/external.module.js +2 -1
- package/dist/external/external.module.js.map +1 -1
- package/dist/external/external.service.d.ts +4 -3
- package/dist/external/external.service.js +13 -6
- package/dist/external/external.service.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/jwt/index.d.ts +3 -0
- package/dist/jwt/index.js +20 -0
- package/dist/jwt/index.js.map +1 -0
- package/dist/jwt/jwt.interface.d.ts +15 -0
- package/dist/jwt/jwt.interface.js +3 -0
- package/dist/jwt/jwt.interface.js.map +1 -0
- package/dist/jwt/jwt.module.d.ts +2 -0
- package/dist/jwt/jwt.module.js +42 -0
- package/dist/jwt/jwt.module.js.map +1 -0
- package/dist/jwt/jwt.service.d.ts +8 -0
- package/dist/jwt/jwt.service.js +53 -0
- package/dist/jwt/jwt.service.js.map +1 -0
- package/dist/permission/permission.guard.d.ts +3 -1
- package/dist/permission/permission.guard.js +7 -2
- package/dist/permission/permission.guard.js.map +1 -1
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/dist/util/format.util.d.ts +1 -1
- package/dist/util/format.util.js +2 -2
- package/dist/util/format.util.js.map +1 -1
- package/package.json +3 -1
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import { ConfigService } from '@nestjs/config';
|
|
2
3
|
import { Reflector } from '@nestjs/core';
|
|
3
|
-
import {
|
|
4
|
+
import { JWTService } from '../jwt';
|
|
4
5
|
export declare class AccessGuard implements CanActivate {
|
|
5
|
-
private readonly
|
|
6
|
+
private readonly jwtService;
|
|
7
|
+
private readonly configService;
|
|
6
8
|
private readonly reflector;
|
|
7
|
-
constructor(
|
|
8
|
-
canActivate(context: ExecutionContext):
|
|
9
|
+
constructor(jwtService: JWTService, configService: ConfigService, reflector: Reflector);
|
|
10
|
+
canActivate(context: ExecutionContext): Promise<boolean>;
|
|
9
11
|
}
|
|
@@ -11,17 +11,20 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.AccessGuard = void 0;
|
|
13
13
|
const common_1 = require("@nestjs/common");
|
|
14
|
+
const config_1 = require("@nestjs/config");
|
|
14
15
|
const core_1 = require("@nestjs/core");
|
|
15
16
|
const app_decorator_1 = require("../app.decorator");
|
|
16
17
|
const app_interface_1 = require("../app.interface");
|
|
17
|
-
const
|
|
18
|
+
const jwt_1 = require("../jwt");
|
|
18
19
|
const util_1 = require("../util");
|
|
19
20
|
const access_interface_1 = require("./access.interface");
|
|
20
21
|
let AccessGuard = class AccessGuard {
|
|
21
|
-
|
|
22
|
+
jwtService;
|
|
23
|
+
configService;
|
|
22
24
|
reflector;
|
|
23
|
-
constructor(
|
|
24
|
-
this.
|
|
25
|
+
constructor(jwtService, configService, reflector) {
|
|
26
|
+
this.jwtService = jwtService;
|
|
27
|
+
this.configService = configService;
|
|
25
28
|
this.reflector = reflector;
|
|
26
29
|
}
|
|
27
30
|
canActivate(context) {
|
|
@@ -31,26 +34,29 @@ let AccessGuard = class AccessGuard {
|
|
|
31
34
|
]);
|
|
32
35
|
const request = context.switchToHttp().getRequest();
|
|
33
36
|
const headers = request.headers;
|
|
34
|
-
const
|
|
35
|
-
|
|
36
|
-
return true;
|
|
37
|
-
}
|
|
38
|
-
const token = (0, util_1.formatToken)(headers);
|
|
37
|
+
const tokenKey = headers['ei-internal-authorization'] ? 'ei-internal-authorization' : 'authorization';
|
|
38
|
+
const token = (0, util_1.formatToken)(headers)(tokenKey);
|
|
39
39
|
!token && (0, util_1.throwAPIError)({ code: '401001', message: 'Authentication token does not exist' })(app_interface_1.APIError.UNAUTHORIZED);
|
|
40
|
-
|
|
41
|
-
|
|
40
|
+
const processVerifyResult = (request) => (requiredAccesses) => ({ sub, iss }) => {
|
|
41
|
+
const internalAccess = sub.startsWith(`internal:${this.configService.get('service.accessKey')}:${this.configService.get('service.secretKey')}`);
|
|
42
|
+
if (internalAccess) {
|
|
43
|
+
return true;
|
|
44
|
+
}
|
|
45
|
+
sub === 'guest' &&
|
|
42
46
|
!requiredAccesses?.includes(access_interface_1.Access.GUEST) &&
|
|
43
47
|
(0, util_1.throwAPIError)({ code: '401002', message: 'Guest user do not have access to current resource' })(app_interface_1.APIError.UNAUTHORIZED);
|
|
44
|
-
request['issuer'] =
|
|
45
|
-
request['subject'] =
|
|
46
|
-
return
|
|
47
|
-
}
|
|
48
|
+
request['issuer'] = iss;
|
|
49
|
+
request['subject'] = sub;
|
|
50
|
+
return Boolean(sub);
|
|
51
|
+
};
|
|
52
|
+
return this.jwtService.verifyAsync(token).then(processVerifyResult(request)(requiredAccesses));
|
|
48
53
|
}
|
|
49
54
|
};
|
|
50
55
|
exports.AccessGuard = AccessGuard;
|
|
51
56
|
exports.AccessGuard = AccessGuard = __decorate([
|
|
52
57
|
(0, common_1.Injectable)(),
|
|
53
|
-
__metadata("design:paramtypes", [
|
|
58
|
+
__metadata("design:paramtypes", [jwt_1.JWTService,
|
|
59
|
+
config_1.ConfigService,
|
|
54
60
|
core_1.Reflector])
|
|
55
61
|
], AccessGuard);
|
|
56
62
|
//# sourceMappingURL=access.guard.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.guard.js","sourceRoot":"","sources":["../../src/access/access.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAwE;AACxE,uCAAsC;AACtC,oDAA8C;AAC9C,oDAAyC;
|
|
1
|
+
{"version":3,"file":"access.guard.js","sourceRoot":"","sources":["../../src/access/access.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAwE;AACxE,2CAA4C;AAC5C,uCAAsC;AACtC,oDAA8C;AAC9C,oDAAyC;AAEzC,gCAA6C;AAC7C,kCAAkD;AAClD,yDAAyC;AAGlC,IAAM,WAAW,GAAjB,MAAM,WAAW;IAEC;IACA;IACA;IAHrB,YACqB,UAAsB,EACtB,aAA4B,EAC5B,SAAoB;QAFpB,eAAU,GAAV,UAAU,CAAY;QACtB,kBAAa,GAAb,aAAa,CAAe;QAC5B,cAAS,GAAT,SAAS,CAAW;IACtC,CAAC;IAEJ,WAAW,CAAC,OAAyB;QACjC,MAAM,gBAAgB,GAAa,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,6BAAa,EAAE;YAC/E,OAAO,CAAC,QAAQ,EAAE;YAClB,OAAO,CAAC,UAAU,EAAE;SACvB,CAAC,CAAA;QAEF,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAc,CAAA;QAC/D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAA;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,eAAe,CAAA;QACrG,MAAM,KAAK,GAAG,IAAA,kBAAW,EAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAA;QAE5C,CAAC,KAAK,IAAI,IAAA,oBAAa,EAAC,EAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qCAAqC,EAAC,CAAC,CAAC,wBAAQ,CAAC,YAAY,CAAC,CAAA;QAEhH,MAAM,mBAAmB,GACrB,CAAC,OAAmB,EAAE,EAAE,CACxB,CAAC,gBAA0B,EAAE,EAAE,CAC/B,CAAC,EAAC,GAAG,EAAE,GAAG,EAAa,EAAE,EAAE;YACvB,MAAM,cAAc,GAAG,GAAG,CAAC,UAAU,CACjC,YAAY,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CAC3G,CAAA;YAED,IAAI,cAAc,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAA;YACf,CAAC;YAED,GAAG,KAAK,OAAO;gBACX,CAAC,gBAAgB,EAAE,QAAQ,CAAC,yBAAM,CAAC,KAAK,CAAC;gBACzC,IAAA,oBAAa,EAAC,EAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,mDAAmD,EAAC,CAAC,CACzF,wBAAQ,CAAC,YAAY,CACxB,CAAA;YAEL,OAAO,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAA;YACvB,OAAO,CAAC,SAAS,CAAC,GAAG,GAAG,CAAA;YAExB,OAAO,OAAO,CAAC,GAAG,CAAC,CAAA;QACvB,CAAC,CAAA;QAEL,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAA;IAClG,CAAC;CACJ,CAAA;AA9CY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;qCAGwB,gBAAU;QACP,sBAAa;QACjB,gBAAS;GAJhC,WAAW,CA8CvB"}
|
package/dist/app.interface.d.ts
CHANGED
|
@@ -12,7 +12,7 @@ export declare enum Order {
|
|
|
12
12
|
ASC = "asc",
|
|
13
13
|
DESC = "desc"
|
|
14
14
|
}
|
|
15
|
-
export type CustomHeaders = Record<'ei-
|
|
15
|
+
export type CustomHeaders = Record<'ei-domain-id' | 'ei-ip' | 'ei-client' | 'ei-internal-authorization' | 'ei-subject', string>;
|
|
16
16
|
export type APIHeaders = Record<string, string> | CustomHeaders | AxiosRequestConfig['headers'];
|
|
17
17
|
export declare enum APIError {
|
|
18
18
|
BAD_REQUEST = "badRequest",
|
|
@@ -4,6 +4,5 @@ import { AuthenticationPermissionOptions } from './authentication.interface';
|
|
|
4
4
|
export declare class AuthenticationService {
|
|
5
5
|
private readonly externalService;
|
|
6
6
|
constructor(externalService: ExternalService);
|
|
7
|
-
authenticationAccess(headers: APIHeaders): Promise<import("../external").AuthenticatedToken>;
|
|
8
7
|
authenticationPermission(headers: APIHeaders): (options: AuthenticationPermissionOptions) => Promise<any>;
|
|
9
8
|
}
|
|
@@ -17,9 +17,6 @@ let AuthenticationService = class AuthenticationService {
|
|
|
17
17
|
constructor(externalService) {
|
|
18
18
|
this.externalService = externalService;
|
|
19
19
|
}
|
|
20
|
-
async authenticationAccess(headers) {
|
|
21
|
-
return this.externalService.authenticationUserAccess(headers);
|
|
22
|
-
}
|
|
23
20
|
authenticationPermission(headers) {
|
|
24
21
|
return async (options) => this.externalService.authenticationUserPermission(headers)(options);
|
|
25
22
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authentication.service.js","sourceRoot":"","sources":["../../src/authentication/authentication.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAyC;AAEzC,0CAA2C;AAIpC,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IACD;IAA7B,YAA6B,eAAgC;QAAhC,oBAAe,GAAf,eAAe,CAAiB;IAAG,CAAC;IAEjE,
|
|
1
|
+
{"version":3,"file":"authentication.service.js","sourceRoot":"","sources":["../../src/authentication/authentication.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAyC;AAEzC,0CAA2C;AAIpC,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IACD;IAA7B,YAA6B,eAAgC;QAAhC,oBAAe,GAAf,eAAe,CAAiB;IAAG,CAAC;IAEjE,wBAAwB,CAAC,OAAmB;QACxC,OAAO,KAAK,EAAE,OAAwC,EAAE,EAAE,CACtD,IAAI,CAAC,eAAe,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAA;IAC3E,CAAC;CACJ,CAAA;AAPY,sDAAqB;gCAArB,qBAAqB;IADjC,IAAA,mBAAU,GAAE;qCAEqC,0BAAe;GADpD,qBAAqB,CAOjC"}
|
|
@@ -24,13 +24,6 @@ export interface AuthenticationExternalPermissionOptions {
|
|
|
24
24
|
keys: Permission[];
|
|
25
25
|
userId: string;
|
|
26
26
|
}
|
|
27
|
-
export interface AuthenticatedToken {
|
|
28
|
-
aud: string;
|
|
29
|
-
iss: string;
|
|
30
|
-
jti: string;
|
|
31
|
-
nbf: number;
|
|
32
|
-
sub: string;
|
|
33
|
-
}
|
|
34
27
|
export interface APIRequest {
|
|
35
28
|
headers: APIHeaders;
|
|
36
29
|
params: Record<string, string>;
|
|
@@ -10,6 +10,7 @@ exports.ExternalModule = void 0;
|
|
|
10
10
|
const axios_1 = require("@nestjs/axios");
|
|
11
11
|
const common_1 = require("@nestjs/common");
|
|
12
12
|
const config_1 = require("@nestjs/config");
|
|
13
|
+
const jwt_1 = require("../jwt");
|
|
13
14
|
const external_service_1 = require("./external.service");
|
|
14
15
|
let ExternalModule = class ExternalModule {
|
|
15
16
|
};
|
|
@@ -17,7 +18,7 @@ exports.ExternalModule = ExternalModule;
|
|
|
17
18
|
exports.ExternalModule = ExternalModule = __decorate([
|
|
18
19
|
(0, common_1.Module)({
|
|
19
20
|
exports: [external_service_1.ExternalService],
|
|
20
|
-
imports: [config_1.ConfigModule, axios_1.HttpModule.register({ timeout: 20000, maxRedirects: 5 })],
|
|
21
|
+
imports: [config_1.ConfigModule, axios_1.HttpModule.register({ timeout: 20000, maxRedirects: 5 }), jwt_1.JWTModule],
|
|
21
22
|
providers: [external_service_1.ExternalService]
|
|
22
23
|
})
|
|
23
24
|
], ExternalModule);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"external.module.js","sourceRoot":"","sources":["../../src/external/external.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,yCAAwC;AACxC,2CAAqC;AACrC,2CAA2C;AAC3C,yDAAkD;AAO3C,IAAM,cAAc,GAApB,MAAM,cAAc;CAAG,CAAA;AAAjB,wCAAc;yBAAd,cAAc;IAL1B,IAAA,eAAM,EAAC;QACJ,OAAO,EAAE,CAAC,kCAAe,CAAC;QAC1B,OAAO,EAAE,CAAC,qBAAY,EAAE,kBAAU,CAAC,QAAQ,CAAC,EAAC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,EAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"external.module.js","sourceRoot":"","sources":["../../src/external/external.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,yCAAwC;AACxC,2CAAqC;AACrC,2CAA2C;AAC3C,gCAAgC;AAChC,yDAAkD;AAO3C,IAAM,cAAc,GAApB,MAAM,cAAc;CAAG,CAAA;AAAjB,wCAAc;yBAAd,cAAc;IAL1B,IAAA,eAAM,EAAC;QACJ,OAAO,EAAE,CAAC,kCAAe,CAAC;QAC1B,OAAO,EAAE,CAAC,qBAAY,EAAE,kBAAU,CAAC,QAAQ,CAAC,EAAC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,EAAC,CAAC,EAAE,eAAS,CAAC;QAC1F,SAAS,EAAE,CAAC,kCAAe,CAAC;KAC/B,CAAC;GACW,cAAc,CAAG"}
|
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
import { HttpService } from '@nestjs/axios';
|
|
2
2
|
import { ConfigService } from '@nestjs/config';
|
|
3
3
|
import { APIHeaders } from '../app.interface';
|
|
4
|
-
import {
|
|
4
|
+
import { JWTService } from '../jwt';
|
|
5
|
+
import { AuthenticationExternalPermissionOptions, CreateExternalActionLogOptions, RequestOptions } from './external.interface';
|
|
5
6
|
export declare class ExternalService {
|
|
6
7
|
private readonly configService;
|
|
7
8
|
private readonly httpService;
|
|
8
|
-
|
|
9
|
-
|
|
9
|
+
private readonly jwtService;
|
|
10
|
+
constructor(configService: ConfigService, httpService: HttpService, jwtService: JWTService);
|
|
10
11
|
authenticationUserPermission(headers: APIHeaders): (options: AuthenticationExternalPermissionOptions) => Promise<any>;
|
|
11
12
|
createActionLog(headers: APIHeaders): ({ action, serviceName, ...args }: CreateExternalActionLogOptions) => Promise<void>;
|
|
12
13
|
request({ baseURL, headers, method, params, path, serviceName, timeout, version, async, ...options }: RequestOptions): Promise<any>;
|
|
@@ -15,16 +15,16 @@ const common_1 = require("@nestjs/common");
|
|
|
15
15
|
const config_1 = require("@nestjs/config");
|
|
16
16
|
const rxjs_1 = require("rxjs");
|
|
17
17
|
const app_interface_1 = require("../app.interface");
|
|
18
|
+
const jwt_1 = require("../jwt");
|
|
18
19
|
const util_1 = require("../util");
|
|
19
20
|
let ExternalService = class ExternalService {
|
|
20
21
|
configService;
|
|
21
22
|
httpService;
|
|
22
|
-
|
|
23
|
+
jwtService;
|
|
24
|
+
constructor(configService, httpService, jwtService) {
|
|
23
25
|
this.configService = configService;
|
|
24
26
|
this.httpService = httpService;
|
|
25
|
-
|
|
26
|
-
async authenticationUserAccess(headers) {
|
|
27
|
-
return this.request({ headers, method: 'GET', path: '/user-authentications/access', serviceName: 'bearei-users' });
|
|
27
|
+
this.jwtService = jwtService;
|
|
28
28
|
}
|
|
29
29
|
authenticationUserPermission(headers) {
|
|
30
30
|
return async (options) => {
|
|
@@ -60,6 +60,12 @@ let ExternalService = class ExternalService {
|
|
|
60
60
|
};
|
|
61
61
|
}
|
|
62
62
|
async request({ baseURL, headers, method = 'GET', params, path = '/', serviceName, timeout, version, async = false, ...options }) {
|
|
63
|
+
const subject = `internal:${this.configService.get('service.accessKey')}:${this.configService.get('service.secretKey')}:${this.configService.get('service.name')}`;
|
|
64
|
+
const token = await this.jwtService.signAsync({
|
|
65
|
+
domainId: headers['ei-domainId'],
|
|
66
|
+
client: headers['ei-client'],
|
|
67
|
+
jwtSignOptions: { expiresIn: 180000 }
|
|
68
|
+
})(subject);
|
|
63
69
|
const processParams = (params = {}) => Object.entries(params).reduce((accumulator, [key, value]) => {
|
|
64
70
|
;
|
|
65
71
|
(Array.isArray(value) ? value.length : typeof value !== 'undefined') &&
|
|
@@ -75,7 +81,7 @@ let ExternalService = class ExternalService {
|
|
|
75
81
|
...(async && { 'x-fc-invocation-type': 'Async' }),
|
|
76
82
|
'ei-client': headers['ei-client'],
|
|
77
83
|
'ei-domainId': headers['ei-domainId'],
|
|
78
|
-
'ei-internal-
|
|
84
|
+
'ei-internal-authorization': token,
|
|
79
85
|
'ei-ip': headers['ei-ip'],
|
|
80
86
|
'ei-subject': headers['ei-subject'],
|
|
81
87
|
authorization: headers['authorization']
|
|
@@ -96,6 +102,7 @@ exports.ExternalService = ExternalService;
|
|
|
96
102
|
exports.ExternalService = ExternalService = __decorate([
|
|
97
103
|
(0, common_1.Injectable)(),
|
|
98
104
|
__metadata("design:paramtypes", [config_1.ConfigService,
|
|
99
|
-
axios_1.HttpService
|
|
105
|
+
axios_1.HttpService,
|
|
106
|
+
jwt_1.JWTService])
|
|
100
107
|
], ExternalService);
|
|
101
108
|
//# sourceMappingURL=external.service.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"external.service.js","sourceRoot":"","sources":["../../src/external/external.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCAAyC;AACzC,2CAAyC;AACzC,2CAA4C;AAC5C,+BAA+C;AAC/C,oDAAqD;AACrD,kCAAqC;
|
|
1
|
+
{"version":3,"file":"external.service.js","sourceRoot":"","sources":["../../src/external/external.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCAAyC;AACzC,2CAAyC;AACzC,2CAA4C;AAC5C,+BAA+C;AAC/C,oDAAqD;AACrD,gCAAiC;AACjC,kCAAqC;AAQ9B,IAAM,eAAe,GAArB,MAAM,eAAe;IAEH;IACA;IACA;IAHrB,YACqB,aAA4B,EAC5B,WAAwB,EACxB,UAAsB;QAFtB,kBAAa,GAAb,aAAa,CAAe;QAC5B,gBAAW,GAAX,WAAW,CAAa;QACxB,eAAU,GAAV,UAAU,CAAY;IACxC,CAAC;IAEJ,4BAA4B,CAAC,OAAmB;QAC5C,OAAO,KAAK,EAAE,OAAgD,EAAE,EAAE;YAC9D,OAAO,IAAI,CAAC,OAAO,CAAC;gBAChB,OAAO;gBACP,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,mCAAmC;gBACzC,WAAW,EAAE,cAAc;aAC9B,CAAC,CAAA;QACN,CAAC,CAAA;IACL,CAAC;IAED,eAAe,CAAC,OAAmB;QAC/B,OAAO,KAAK,EAAE,EAAC,MAAM,EAAE,WAAW,EAAE,GAAG,IAAI,EAAiC,EAAE,EAAE;YAC5E,MAAM,IAAI,CAAC,OAAO,CAAC;gBACf,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,OAAO;gBACvC,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,cAAc;gBACpB,WAAW,EAAE,aAAa;gBAC1B,IAAI,EAAE;oBACF,GAAG,IAAI;oBACP,MAAM;oBACN,OAAO,EAAE,GAAG,MAAM,IAAI,WAAW,EAAE;oBACnC,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC;oBAC5B,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC;oBACjC,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC;oBACpB,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,aAAa,CAAC;oBAClD,SAAS,EAAE,OAAO,CAAC,YAAY,CAAC;oBAChC,MAAM,EAAE,OAAO,CAAC,YAAY,CAAC;iBAChC;gBACD,OAAO;aACV,CAAC,CAAA;QACN,CAAC,CAAA;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,EACV,OAAO,EACP,OAAO,EACP,MAAM,GAAG,KAAK,EACd,MAAM,EACN,IAAI,GAAG,GAAG,EACV,WAAW,EACX,OAAO,EACP,OAAO,EACP,KAAK,GAAG,KAAK,EACb,GAAG,OAAO,EACG;QACb,MAAM,OAAO,GAAG,YAAY,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAA;QAClK,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;YAC1C,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC;YAChC,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC;YAC5B,cAAc,EAAE,EAAC,SAAS,EAAE,MAAM,EAAC;SACtC,CAAC,CAAC,OAAO,CAAC,CAAA;QAEX,MAAM,aAAa,GAAG,CAAC,MAAM,GAAG,EAAE,EAAE,EAAE,CAClC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;YACxD,CAAC;YAAA,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,WAAW,CAAC;gBACjE,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;YAEvE,OAAO,WAAW,CAAA;QACtB,CAAC,EAAE,EAAE,CAAC,CAAA;QAEV,OAAO,IAAA,qBAAc,EACjB,IAAI,CAAC,WAAW;aACX,OAAO,CAAC;YACL,GAAG,OAAO;YACV,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,OAAO,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,gBAAgB,CAAC;YAC5D,OAAO,EAAE;gBACL,GAAG,CAAC,KAAK,IAAI,EAAC,sBAAsB,EAAE,OAAO,EAAC,CAAC;gBAC/C,WAAW,EAAE,OAAO,CAAC,WAAW,CAAC;gBACjC,aAAa,EAAE,OAAO,CAAC,aAAa,CAAC;gBACrC,2BAA2B,EAAE,KAAK;gBAClC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC;gBACzB,YAAY,EAAE,OAAO,CAAC,YAAY,CAAC;gBACnC,aAAa,EAAE,OAAO,CAAC,eAAe,CAAC;aAC1C;YACD,MAAM;YACN,OAAO,EAAE,OAAO,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,oBAAoB,CAAC;YAChE,GAAG,EAAE,IAAI,WAAW,IAAI,OAAO,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,IAAI,GAAG,IAAI,EAAE;YAChG,GAAG,CAAC,MAAM,IAAI,EAAC,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,EAAC,CAAC;SACjD,CAAC;aACD,IAAI,CACD,IAAA,iBAAU,EAAC,KAAK,CAAC,EAAE;YACf,KAAK,CAAC,IAAI,KAAK,WAAW;gBACtB,IAAA,oBAAa,EAAC,EAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,kCAAkC,EAAC,CAAC,CACzE,wBAAQ,CAAC,eAAe,CAC3B,CAAA;YAEL,MAAM,KAAK,CAAA;QACf,CAAC,CAAC,CACL,CACR,CAAC,IAAI,CAAC,CAAC,EAAC,IAAI,EAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAA;IAC5B,CAAC;CACJ,CAAA;AArGY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;qCAG2B,sBAAa;QACf,mBAAW;QACZ,gBAAU;GAJlC,eAAe,CAqG3B"}
|
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
|
@@ -24,6 +24,7 @@ __exportStar(require("./authentication"), exports);
|
|
|
24
24
|
__exportStar(require("./base"), exports);
|
|
25
25
|
__exportStar(require("./database"), exports);
|
|
26
26
|
__exportStar(require("./external"), exports);
|
|
27
|
+
__exportStar(require("./jwt"), exports);
|
|
27
28
|
__exportStar(require("./permission"), exports);
|
|
28
29
|
__exportStar(require("./redis"), exports);
|
|
29
30
|
__exportStar(require("./util"), exports);
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAwB;AACxB,+CAA4B;AAC5B,kDAA+B;AAC/B,4CAAyB;AACzB,+CAA4B;AAC5B,kDAA+B;AAC/B,mDAAgC;AAChC,yCAAsB;AACtB,6CAA0B;AAC1B,6CAA0B;AAC1B,+CAA4B;AAC5B,0CAAuB;AACvB,yCAAsB"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAwB;AACxB,+CAA4B;AAC5B,kDAA+B;AAC/B,4CAAyB;AACzB,+CAA4B;AAC5B,kDAA+B;AAC/B,mDAAgC;AAChC,yCAAsB;AACtB,6CAA0B;AAC1B,6CAA0B;AAC1B,wCAAqB;AACrB,+CAA4B;AAC5B,0CAAuB;AACvB,yCAAsB"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./jwt.interface"), exports);
|
|
18
|
+
__exportStar(require("./jwt.module"), exports);
|
|
19
|
+
__exportStar(require("./jwt.service"), exports);
|
|
20
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/jwt/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,kDAA+B;AAC/B,+CAA4B;AAC5B,gDAA6B"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { JwtSignOptions } from '@nestjs/jwt';
|
|
2
|
+
export interface JWTSignAsyncOptions {
|
|
3
|
+
domainId: string;
|
|
4
|
+
client: string;
|
|
5
|
+
jwtSignOptions?: JwtSignOptions;
|
|
6
|
+
}
|
|
7
|
+
export type JWTPayload = {
|
|
8
|
+
aud: string;
|
|
9
|
+
exp: number;
|
|
10
|
+
iat: number;
|
|
11
|
+
iss: string;
|
|
12
|
+
jti: string;
|
|
13
|
+
nbf: number;
|
|
14
|
+
sub: string;
|
|
15
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.interface.js","sourceRoot":"","sources":["../../src/jwt/jwt.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
9
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.JWTModule = void 0;
|
|
13
|
+
const common_1 = require("@nestjs/common");
|
|
14
|
+
const config_1 = require("@nestjs/config");
|
|
15
|
+
const jwt_1 = require("@nestjs/jwt");
|
|
16
|
+
const crypto_1 = __importDefault(require("crypto"));
|
|
17
|
+
const jwt_service_1 = require("./jwt.service");
|
|
18
|
+
let JWTModule = class JWTModule {
|
|
19
|
+
};
|
|
20
|
+
exports.JWTModule = JWTModule;
|
|
21
|
+
exports.JWTModule = JWTModule = __decorate([
|
|
22
|
+
(0, common_1.Module)({
|
|
23
|
+
imports: [
|
|
24
|
+
jwt_1.JwtModule.registerAsync({
|
|
25
|
+
imports: [config_1.ConfigModule],
|
|
26
|
+
useFactory: async (configService) => {
|
|
27
|
+
const jwk = JSON.parse(configService.get('jwt.privateKey'));
|
|
28
|
+
const privateKey = crypto_1.default.createPrivateKey({ key: jwk, format: 'jwk' });
|
|
29
|
+
const publicKey = crypto_1.default.createPublicKey({ key: jwk, format: 'jwk' });
|
|
30
|
+
return {
|
|
31
|
+
privateKey: privateKey.export({ format: 'pem', type: 'pkcs8' }),
|
|
32
|
+
publicKey: publicKey.export({ format: 'pem', type: 'spki' }),
|
|
33
|
+
signOptions: { expiresIn: configService.get('jwt.expiresIn'), algorithm: 'RS256' }
|
|
34
|
+
};
|
|
35
|
+
},
|
|
36
|
+
inject: [config_1.ConfigService]
|
|
37
|
+
})
|
|
38
|
+
],
|
|
39
|
+
providers: [jwt_service_1.JWTService]
|
|
40
|
+
})
|
|
41
|
+
], JWTModule);
|
|
42
|
+
//# sourceMappingURL=jwt.module.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.module.js","sourceRoot":"","sources":["../../src/jwt/jwt.module.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAqC;AACrC,2CAA0D;AAC1D,qCAAqC;AACrC,oDAA2B;AAC3B,+CAAwC;AAsBjC,IAAM,SAAS,GAAf,MAAM,SAAS;CAAG,CAAA;AAAZ,8BAAS;oBAAT,SAAS;IApBrB,IAAA,eAAM,EAAC;QACJ,OAAO,EAAE;YACL,eAAS,CAAC,aAAa,CAAC;gBACpB,OAAO,EAAE,CAAC,qBAAY,CAAC;gBACvB,UAAU,EAAE,KAAK,EAAC,aAAa,EAAC,EAAE;oBAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAA;oBAC3D,MAAM,UAAU,GAAG,gBAAM,CAAC,gBAAgB,CAAC,EAAC,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAC,CAAC,CAAA;oBACrE,MAAM,SAAS,GAAG,gBAAM,CAAC,eAAe,CAAC,EAAC,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAC,CAAC,CAAA;oBAEnE,OAAO;wBACH,UAAU,EAAE,UAAU,CAAC,MAAM,CAAC,EAAC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAC,CAAC;wBAC7D,SAAS,EAAE,SAAS,CAAC,MAAM,CAAC,EAAC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAC,CAAC;wBAC1D,WAAW,EAAE,EAAC,SAAS,EAAE,aAAa,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,SAAS,EAAE,OAAO,EAAC;qBACnF,CAAA;gBACL,CAAC;gBACD,MAAM,EAAE,CAAC,sBAAa,CAAC;aAC1B,CAAC;SACL;QACD,SAAS,EAAE,CAAC,wBAAU,CAAC;KAC1B,CAAC;GACW,SAAS,CAAG"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { JwtService } from '@nestjs/jwt';
|
|
2
|
+
import { JWTSignAsyncOptions } from './jwt.interface';
|
|
3
|
+
export declare class JWTService {
|
|
4
|
+
private readonly jwtService;
|
|
5
|
+
constructor(jwtService: JwtService);
|
|
6
|
+
signAsync({ domainId, client, jwtSignOptions }: JWTSignAsyncOptions): (subject: string) => Promise<string>;
|
|
7
|
+
verifyAsync(token: string): Promise<any>;
|
|
8
|
+
}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.JWTService = void 0;
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
const jwt_1 = require("@nestjs/jwt");
|
|
18
|
+
const dayjs_1 = __importDefault(require("dayjs"));
|
|
19
|
+
const utc_1 = __importDefault(require("dayjs/plugin/utc"));
|
|
20
|
+
const nanoid_1 = require("nanoid");
|
|
21
|
+
const app_interface_1 = require("../app.interface");
|
|
22
|
+
const util_1 = require("../util");
|
|
23
|
+
let JWTService = class JWTService {
|
|
24
|
+
jwtService;
|
|
25
|
+
constructor(jwtService) {
|
|
26
|
+
this.jwtService = jwtService;
|
|
27
|
+
dayjs_1.default.extend(utc_1.default);
|
|
28
|
+
}
|
|
29
|
+
signAsync({ domainId, client, jwtSignOptions }) {
|
|
30
|
+
return async (subject) => {
|
|
31
|
+
const payload = {
|
|
32
|
+
aud: client,
|
|
33
|
+
iss: domainId,
|
|
34
|
+
jti: (0, nanoid_1.nanoid)(),
|
|
35
|
+
nbf: parseInt(`${dayjs_1.default.utc().valueOf() / 1000}`),
|
|
36
|
+
sub: subject
|
|
37
|
+
};
|
|
38
|
+
const token = await this.jwtService.signAsync(payload, jwtSignOptions);
|
|
39
|
+
return token;
|
|
40
|
+
};
|
|
41
|
+
}
|
|
42
|
+
async verifyAsync(token) {
|
|
43
|
+
return this.jwtService
|
|
44
|
+
.verifyAsync(token)
|
|
45
|
+
.catch(error => (0, util_1.throwAPIError)({ message: error.message })(app_interface_1.APIError.UNAUTHORIZED));
|
|
46
|
+
}
|
|
47
|
+
};
|
|
48
|
+
exports.JWTService = JWTService;
|
|
49
|
+
exports.JWTService = JWTService = __decorate([
|
|
50
|
+
(0, common_1.Injectable)(),
|
|
51
|
+
__metadata("design:paramtypes", [jwt_1.JwtService])
|
|
52
|
+
], JWTService);
|
|
53
|
+
//# sourceMappingURL=jwt.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.service.js","sourceRoot":"","sources":["../../src/jwt/jwt.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAyC;AACzC,qCAAsC;AACtC,kDAAyB;AACzB,2DAAkC;AAClC,mCAA6B;AAC7B,oDAAyC;AACzC,kCAAqC;AAI9B,IAAM,UAAU,GAAhB,MAAM,UAAU;IACU;IAA7B,YAA6B,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;QAC/C,eAAK,CAAC,MAAM,CAAC,aAAG,CAAC,CAAA;IACrB,CAAC;IAED,SAAS,CAAC,EAAC,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAsB;QAC7D,OAAO,KAAK,EAAE,OAAe,EAAE,EAAE;YAC7B,MAAM,OAAO,GAAG;gBACZ,GAAG,EAAE,MAAM;gBACX,GAAG,EAAE,QAAQ;gBACb,GAAG,EAAE,IAAA,eAAM,GAAE;gBACb,GAAG,EAAE,QAAQ,CAAC,GAAG,eAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC;gBAChD,GAAG,EAAE,OAAO;aACf,CAAA;YAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,OAAO,EAAE,cAAc,CAAC,CAAA;YAEtE,OAAO,KAAK,CAAA;QAChB,CAAC,CAAA;IACL,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAa;QAC3B,OAAO,IAAI,CAAC,UAAU;aACjB,WAAW,CAAC,KAAK,CAAC;aAClB,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,IAAA,oBAAa,EAAC,EAAC,OAAO,EAAE,KAAK,CAAC,OAAO,EAAC,CAAC,CAAC,wBAAQ,CAAC,YAAY,CAAC,CAAC,CAAA;IACvF,CAAC;CACJ,CAAA;AA1BY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;qCAEgC,gBAAU;GAD1C,UAAU,CA0BtB"}
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import { ConfigService } from '@nestjs/config';
|
|
2
3
|
import { Reflector } from '@nestjs/core';
|
|
3
4
|
import { AuthenticationService } from '../authentication';
|
|
4
5
|
export declare class PermissionGuard implements CanActivate {
|
|
5
6
|
private readonly authenticationService;
|
|
7
|
+
private readonly configService;
|
|
6
8
|
private readonly reflector;
|
|
7
|
-
constructor(authenticationService: AuthenticationService, reflector: Reflector);
|
|
9
|
+
constructor(authenticationService: AuthenticationService, configService: ConfigService, reflector: Reflector);
|
|
8
10
|
canActivate(context: ExecutionContext): true | Promise<boolean>;
|
|
9
11
|
}
|
|
@@ -11,14 +11,17 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.PermissionGuard = void 0;
|
|
13
13
|
const common_1 = require("@nestjs/common");
|
|
14
|
+
const config_1 = require("@nestjs/config");
|
|
14
15
|
const core_1 = require("@nestjs/core");
|
|
15
16
|
const app_decorator_1 = require("../app.decorator");
|
|
16
17
|
const authentication_1 = require("../authentication");
|
|
17
18
|
let PermissionGuard = class PermissionGuard {
|
|
18
19
|
authenticationService;
|
|
20
|
+
configService;
|
|
19
21
|
reflector;
|
|
20
|
-
constructor(authenticationService, reflector) {
|
|
22
|
+
constructor(authenticationService, configService, reflector) {
|
|
21
23
|
this.authenticationService = authenticationService;
|
|
24
|
+
this.configService = configService;
|
|
22
25
|
this.reflector = reflector;
|
|
23
26
|
}
|
|
24
27
|
canActivate(context) {
|
|
@@ -30,7 +33,8 @@ let PermissionGuard = class PermissionGuard {
|
|
|
30
33
|
return true;
|
|
31
34
|
}
|
|
32
35
|
const { headers, params, subject, issuer } = context.switchToHttp().getRequest();
|
|
33
|
-
const
|
|
36
|
+
const internalAccess = subject.startsWith(`internal:${this.configService.get('service.accessKey')}:${this.configService.get('service.secretKey')}`);
|
|
37
|
+
const publicPermission = [internalAccess, subject === params.id].some(Boolean);
|
|
34
38
|
if (publicPermission) {
|
|
35
39
|
return true;
|
|
36
40
|
}
|
|
@@ -43,6 +47,7 @@ exports.PermissionGuard = PermissionGuard;
|
|
|
43
47
|
exports.PermissionGuard = PermissionGuard = __decorate([
|
|
44
48
|
(0, common_1.Injectable)(),
|
|
45
49
|
__metadata("design:paramtypes", [authentication_1.AuthenticationService,
|
|
50
|
+
config_1.ConfigService,
|
|
46
51
|
core_1.Reflector])
|
|
47
52
|
], PermissionGuard);
|
|
48
53
|
//# sourceMappingURL=permission.guard.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permission.guard.js","sourceRoot":"","sources":["../../src/permission/permission.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAwE;AACxE,uCAAsC;AACtC,oDAA+D;AAC/D,sDAAuD;AAKhD,IAAM,eAAe,GAArB,MAAM,eAAe;IAEH;IACA;
|
|
1
|
+
{"version":3,"file":"permission.guard.js","sourceRoot":"","sources":["../../src/permission/permission.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAwE;AACxE,2CAA4C;AAC5C,uCAAsC;AACtC,oDAA+D;AAC/D,sDAAuD;AAKhD,IAAM,eAAe,GAArB,MAAM,eAAe;IAEH;IACA;IACA;IAHrB,YACqB,qBAA4C,EAC5C,aAA4B,EAC5B,SAAoB;QAFpB,0BAAqB,GAArB,qBAAqB,CAAuB;QAC5C,kBAAa,GAAb,aAAa,CAAe;QAC5B,cAAS,GAAT,SAAS,CAAW;IACtC,CAAC;IAEJ,WAAW,CAAC,OAAyB;QACjC,MAAM,mBAAmB,GAAiB,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,8CAA8B,EAAE;YACvG,OAAO,CAAC,QAAQ,EAAE;YAClB,OAAO,CAAC,UAAU,EAAE;SACvB,CAAC,CAAA;QAEF,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACf,CAAC;QAED,MAAM,EAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAC,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAc,CAAA;QAC1F,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CACrC,YAAY,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CAC3G,CAAA;QAED,MAAM,gBAAgB,GAAG,CAAC,cAAc,EAAE,OAAO,KAAK,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAE9E,IAAI,gBAAgB,EAAE,CAAC;YACnB,OAAO,IAAI,CAAA;QACf,CAAC;QAED,OAAO,IAAI,CAAC,qBAAqB;aAC5B,wBAAwB,CAAC,OAAO,CAAC,CAAC,EAAC,IAAI,EAAE,mBAAmB,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAC,CAAC;aACjG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;IACzB,CAAC;CACJ,CAAA;AAhCY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;qCAGmC,sCAAqB;QAC7B,sBAAa;QACjB,gBAAS;GAJhC,eAAe,CAgC3B"}
|