@bearei/server-common 0.0.71 → 0.0.73
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/access/access.guard.js +23 -11
- package/dist/access/access.guard.js.map +1 -1
- package/dist/app.interface.d.ts +1 -1
- package/dist/external/external.interface.d.ts +2 -1
- package/dist/external/external.service.js +14 -3
- package/dist/external/external.service.js.map +1 -1
- package/dist/jwt/jwt.interface.d.ts +4 -2
- package/dist/jwt/jwt.service.d.ts +1 -1
- package/dist/jwt/jwt.service.js +5 -5
- package/dist/jwt/jwt.service.js.map +1 -1
- package/dist/permission/permission.guard.d.ts +1 -3
- package/dist/permission/permission.guard.js +2 -7
- package/dist/permission/permission.guard.js.map +1 -1
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/dist/util/index.d.ts +1 -0
- package/dist/util/index.js +1 -0
- package/dist/util/index.js.map +1 -1
- package/dist/util/sign.util.d.ts +3 -0
- package/dist/util/sign.util.js +25 -0
- package/dist/util/sign.util.js.map +1 -0
- package/package.json +3 -1
|
@@ -37,17 +37,29 @@ let AccessGuard = class AccessGuard {
|
|
|
37
37
|
const tokenKey = headers['ei-internal-authorization'] ? 'ei-internal-authorization' : 'authorization';
|
|
38
38
|
const token = (0, util_1.formatToken)(headers)(tokenKey);
|
|
39
39
|
!token && (0, util_1.throwAPIError)({ code: '401001', message: 'Authentication token does not exist' })(app_interface_1.APIError.UNAUTHORIZED);
|
|
40
|
-
const processVerifyResult = (request) =>
|
|
41
|
-
const
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
40
|
+
const processVerifyResult = (request) => {
|
|
41
|
+
const processBcryptResult = (request) => (result) => {
|
|
42
|
+
!result &&
|
|
43
|
+
(0, util_1.throwAPIError)({ code: '401007', message: 'Internal service signature verification failed' })(app_interface_1.APIError.FORBIDDEN);
|
|
44
|
+
request['internalAccess'] = result;
|
|
45
|
+
return result;
|
|
46
|
+
};
|
|
47
|
+
return (requiredAccesses) => ({ sub, iss }) => {
|
|
48
|
+
request['issuer'] = iss;
|
|
49
|
+
request['subject'] = sub;
|
|
50
|
+
if (request.headers['ei-internal-authorization']) {
|
|
51
|
+
return (0, util_1.compare)({
|
|
52
|
+
accessKey: this.configService.get('service.accessKey'),
|
|
53
|
+
secretKey: this.configService.get('service.secretKey'),
|
|
54
|
+
serviceName: this.configService.get('service.name'),
|
|
55
|
+
timestamp: request.headers['ei-timestamp']
|
|
56
|
+
})(sub).then(processBcryptResult(request));
|
|
57
|
+
}
|
|
58
|
+
sub === 'guest' &&
|
|
59
|
+
!requiredAccesses?.includes(access_interface_1.Access.GUEST) &&
|
|
60
|
+
(0, util_1.throwAPIError)({ code: '401002', message: 'Guest user do not have access to current resource' })(app_interface_1.APIError.UNAUTHORIZED);
|
|
61
|
+
return Boolean(sub);
|
|
62
|
+
};
|
|
51
63
|
};
|
|
52
64
|
return this.jwtService.verifyAsync(token).then(processVerifyResult(request)(requiredAccesses));
|
|
53
65
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.guard.js","sourceRoot":"","sources":["../../src/access/access.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAwE;AACxE,2CAA4C;AAC5C,uCAAsC;AACtC,oDAA8C;AAC9C,oDAAyC;AAEzC,gCAA6C;AAC7C,
|
|
1
|
+
{"version":3,"file":"access.guard.js","sourceRoot":"","sources":["../../src/access/access.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAwE;AACxE,2CAA4C;AAC5C,uCAAsC;AACtC,oDAA8C;AAC9C,oDAAyC;AAEzC,gCAA6C;AAC7C,kCAA2D;AAC3D,yDAAyC;AAGlC,IAAM,WAAW,GAAjB,MAAM,WAAW;IAEC;IACA;IACA;IAHrB,YACqB,UAAsB,EACtB,aAA4B,EAC5B,SAAoB;QAFpB,eAAU,GAAV,UAAU,CAAY;QACtB,kBAAa,GAAb,aAAa,CAAe;QAC5B,cAAS,GAAT,SAAS,CAAW;IACtC,CAAC;IAEJ,WAAW,CAAC,OAAyB;QACjC,MAAM,gBAAgB,GAAa,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,6BAAa,EAAE;YAC/E,OAAO,CAAC,QAAQ,EAAE;YAClB,OAAO,CAAC,UAAU,EAAE;SACvB,CAAC,CAAA;QAEF,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAc,CAAA;QAC/D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAA;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,eAAe,CAAA;QACrG,MAAM,KAAK,GAAG,IAAA,kBAAW,EAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAA;QAE5C,CAAC,KAAK,IAAI,IAAA,oBAAa,EAAC,EAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qCAAqC,EAAC,CAAC,CAAC,wBAAQ,CAAC,YAAY,CAAC,CAAA;QAEhH,MAAM,mBAAmB,GAAG,CAAC,OAAmB,EAAE,EAAE;YAChD,MAAM,mBAAmB,GAAG,CAAC,OAAmB,EAAE,EAAE,CAAC,CAAC,MAAe,EAAE,EAAE;gBACrE,CAAC,MAAM;oBACH,IAAA,oBAAa,EAAC,EAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,gDAAgD,EAAC,CAAC,CACtF,wBAAQ,CAAC,SAAS,CACrB,CAAA;gBAEL,OAAO,CAAC,gBAAgB,CAAC,GAAG,MAAM,CAAA;gBAElC,OAAO,MAAM,CAAA;YACjB,CAAC,CAAA;YAED,OAAO,CAAC,gBAA0B,EAAE,EAAE,CAClC,CAAC,EAAC,GAAG,EAAE,GAAG,EAAa,EAAE,EAAE;gBACvB,OAAO,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAA;gBACvB,OAAO,CAAC,SAAS,CAAC,GAAG,GAAG,CAAA;gBAExB,IAAI,OAAO,CAAC,OAAO,CAAC,2BAA2B,CAAC,EAAE,CAAC;oBAC/C,OAAO,IAAA,cAAO,EAAC;wBACX,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,mBAAmB,CAAC;wBACtD,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,mBAAmB,CAAC;wBACtD,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC;wBACnD,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC;qBAC7C,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAA;gBAC9C,CAAC;gBAED,GAAG,KAAK,OAAO;oBACX,CAAC,gBAAgB,EAAE,QAAQ,CAAC,yBAAM,CAAC,KAAK,CAAC;oBACzC,IAAA,oBAAa,EAAC,EAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,mDAAmD,EAAC,CAAC,CACzF,wBAAQ,CAAC,YAAY,CACxB,CAAA;gBAEL,OAAO,OAAO,CAAC,GAAG,CAAC,CAAA;YACvB,CAAC,CAAA;QACT,CAAC,CAAA;QAED,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAA;IAClG,CAAC;CACJ,CAAA;AA1DY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;qCAGwB,gBAAU;QACP,sBAAa;QACjB,gBAAS;GAJhC,WAAW,CA0DvB"}
|
package/dist/app.interface.d.ts
CHANGED
|
@@ -12,7 +12,7 @@ export declare enum Order {
|
|
|
12
12
|
ASC = "asc",
|
|
13
13
|
DESC = "desc"
|
|
14
14
|
}
|
|
15
|
-
export type CustomHeaders = Record<'ei-domain-id' | 'ei-ip' | 'ei-client' | 'ei-internal-authorization' | 'ei-subject', string>;
|
|
15
|
+
export type CustomHeaders = Record<'ei-domain-id' | 'ei-ip' | 'ei-client' | 'ei-internal-authorization' | 'ei-subject' | 'ei-timestamp', string>;
|
|
16
16
|
export type APIHeaders = Record<string, string> | CustomHeaders | AxiosRequestConfig['headers'];
|
|
17
17
|
export declare enum APIError {
|
|
18
18
|
BAD_REQUEST = "badRequest",
|
|
@@ -8,11 +8,15 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
|
|
|
8
8
|
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
9
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
10
|
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
11
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
15
|
exports.ExternalService = void 0;
|
|
13
16
|
const axios_1 = require("@nestjs/axios");
|
|
14
17
|
const common_1 = require("@nestjs/common");
|
|
15
18
|
const config_1 = require("@nestjs/config");
|
|
19
|
+
const dayjs_1 = __importDefault(require("dayjs"));
|
|
16
20
|
const rxjs_1 = require("rxjs");
|
|
17
21
|
const app_interface_1 = require("../app.interface");
|
|
18
22
|
const jwt_1 = require("../jwt");
|
|
@@ -60,10 +64,16 @@ let ExternalService = class ExternalService {
|
|
|
60
64
|
};
|
|
61
65
|
}
|
|
62
66
|
async request({ baseURL, headers, method = 'GET', params, path = '/', serviceName, timeout, version, async = false, ...options }) {
|
|
63
|
-
const
|
|
67
|
+
const requestTimestamp = `${dayjs_1.default.utc().valueOf()}`;
|
|
68
|
+
const subject = await (0, util_1.hash)(this.configService.get('service.secretKey'))({
|
|
69
|
+
accessKey: this.configService.get('service.accessKey'),
|
|
70
|
+
secretKey: this.configService.get('service.secretKey'),
|
|
71
|
+
serviceName,
|
|
72
|
+
timestamp: requestTimestamp
|
|
73
|
+
});
|
|
64
74
|
const token = await this.jwtService.signAsync({
|
|
65
|
-
|
|
66
|
-
|
|
75
|
+
audience: `internal:${this.configService.get('service.name')}`,
|
|
76
|
+
issuer: headers['ei-domainId'],
|
|
67
77
|
jwtSignOptions: { expiresIn: 180000 }
|
|
68
78
|
})(subject);
|
|
69
79
|
const processParams = (params = {}) => Object.entries(params).reduce((accumulator, [key, value]) => {
|
|
@@ -84,6 +94,7 @@ let ExternalService = class ExternalService {
|
|
|
84
94
|
'ei-internal-authorization': token,
|
|
85
95
|
'ei-ip': headers['ei-ip'],
|
|
86
96
|
'ei-subject': headers['ei-subject'],
|
|
97
|
+
'ei-timestamp': requestTimestamp,
|
|
87
98
|
authorization: headers['authorization']
|
|
88
99
|
},
|
|
89
100
|
method,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"external.service.js","sourceRoot":"","sources":["../../src/external/external.service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"external.service.js","sourceRoot":"","sources":["../../src/external/external.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,yCAAyC;AACzC,2CAAyC;AACzC,2CAA4C;AAC5C,kDAAyB;AACzB,+BAA+C;AAC/C,oDAAqD;AACrD,gCAAiC;AACjC,kCAA2C;AAQpC,IAAM,eAAe,GAArB,MAAM,eAAe;IAEH;IACA;IACA;IAHrB,YACqB,aAA4B,EAC5B,WAAwB,EACxB,UAAsB;QAFtB,kBAAa,GAAb,aAAa,CAAe;QAC5B,gBAAW,GAAX,WAAW,CAAa;QACxB,eAAU,GAAV,UAAU,CAAY;IACxC,CAAC;IAEJ,4BAA4B,CAAC,OAAmB;QAC5C,OAAO,KAAK,EAAE,OAAgD,EAAE,EAAE;YAC9D,OAAO,IAAI,CAAC,OAAO,CAAC;gBAChB,OAAO;gBACP,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,mCAAmC;gBACzC,WAAW,EAAE,cAAc;aAC9B,CAAC,CAAA;QACN,CAAC,CAAA;IACL,CAAC;IAED,eAAe,CAAC,OAAmB;QAC/B,OAAO,KAAK,EAAE,EAAC,MAAM,EAAE,WAAW,EAAE,GAAG,IAAI,EAAiC,EAAE,EAAE;YAC5E,MAAM,IAAI,CAAC,OAAO,CAAC;gBACf,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,OAAO;gBACvC,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,cAAc;gBACpB,WAAW,EAAE,aAAa;gBAC1B,IAAI,EAAE;oBACF,GAAG,IAAI;oBACP,MAAM;oBACN,OAAO,EAAE,GAAG,MAAM,IAAI,WAAW,EAAE;oBACnC,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC;oBAC5B,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC;oBACjC,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC;oBACpB,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,aAAa,CAAC;oBAClD,SAAS,EAAE,OAAO,CAAC,YAAY,CAAC;oBAChC,MAAM,EAAE,OAAO,CAAC,YAAY,CAAC;iBAChC;gBACD,OAAO;aACV,CAAC,CAAA;QACN,CAAC,CAAA;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,EACV,OAAO,EACP,OAAO,EACP,MAAM,GAAG,KAAK,EACd,MAAM,EACN,IAAI,GAAG,GAAG,EACV,WAAW,EACX,OAAO,EACP,OAAO,EACP,KAAK,GAAG,KAAK,EACb,GAAG,OAAO,EACG;QACb,MAAM,gBAAgB,GAAG,GAAG,eAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,CAAA;QACnD,MAAM,OAAO,GAAG,MAAM,IAAA,WAAI,EAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC;YACpE,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,mBAAmB,CAAC;YACtD,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,mBAAmB,CAAC;YACtD,WAAW;YACX,SAAS,EAAE,gBAAgB;SAC9B,CAAC,CAAA;QAEF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;YAC1C,QAAQ,EAAE,YAAY,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE;YAC9D,MAAM,EAAE,OAAO,CAAC,aAAa,CAAC;YAC9B,cAAc,EAAE,EAAC,SAAS,EAAE,MAAM,EAAC;SACtC,CAAC,CAAC,OAAO,CAAC,CAAA;QAEX,MAAM,aAAa,GAAG,CAAC,MAAM,GAAG,EAAE,EAAE,EAAE,CAClC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;YACxD,CAAC;YAAA,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,WAAW,CAAC;gBACjE,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;YAEvE,OAAO,WAAW,CAAA;QACtB,CAAC,EAAE,EAAE,CAAC,CAAA;QAEV,OAAO,IAAA,qBAAc,EACjB,IAAI,CAAC,WAAW;aACX,OAAO,CAAC;YACL,GAAG,OAAO;YACV,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,OAAO,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,gBAAgB,CAAC;YAC5D,OAAO,EAAE;gBACL,GAAG,CAAC,KAAK,IAAI,EAAC,sBAAsB,EAAE,OAAO,EAAC,CAAC;gBAC/C,WAAW,EAAE,OAAO,CAAC,WAAW,CAAC;gBACjC,aAAa,EAAE,OAAO,CAAC,aAAa,CAAC;gBACrC,2BAA2B,EAAE,KAAK;gBAClC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC;gBACzB,YAAY,EAAE,OAAO,CAAC,YAAY,CAAC;gBACnC,cAAc,EAAE,gBAAgB;gBAChC,aAAa,EAAE,OAAO,CAAC,eAAe,CAAC;aAC1C;YACD,MAAM;YACN,OAAO,EAAE,OAAO,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,oBAAoB,CAAC;YAChE,GAAG,EAAE,IAAI,WAAW,IAAI,OAAO,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,IAAI,GAAG,IAAI,EAAE;YAChG,GAAG,CAAC,MAAM,IAAI,EAAC,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,EAAC,CAAC;SACjD,CAAC;aACD,IAAI,CACD,IAAA,iBAAU,EAAC,KAAK,CAAC,EAAE;YACf,KAAK,CAAC,IAAI,KAAK,WAAW;gBACtB,IAAA,oBAAa,EAAC,EAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,kCAAkC,EAAC,CAAC,CACzE,wBAAQ,CAAC,eAAe,CAC3B,CAAA;YAEL,MAAM,KAAK,CAAA;QACf,CAAC,CAAC,CACL,CACR,CAAC,IAAI,CAAC,CAAC,EAAC,IAAI,EAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAA;IAC5B,CAAC;CACJ,CAAA;AA7GY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;qCAG2B,sBAAa;QACf,mBAAW;QACZ,gBAAU;GAJlC,eAAe,CA6G3B"}
|
|
@@ -1,8 +1,10 @@
|
|
|
1
1
|
import { JwtSignOptions } from '@nestjs/jwt';
|
|
2
2
|
export interface JWTSignAsyncOptions {
|
|
3
|
-
|
|
4
|
-
|
|
3
|
+
audience: string;
|
|
4
|
+
issuer: string;
|
|
5
|
+
jwtId?: string;
|
|
5
6
|
jwtSignOptions?: JwtSignOptions;
|
|
7
|
+
notBefore?: number;
|
|
6
8
|
}
|
|
7
9
|
export type JWTPayload = {
|
|
8
10
|
aud: string;
|
|
@@ -3,6 +3,6 @@ import { JWTSignAsyncOptions } from './jwt.interface';
|
|
|
3
3
|
export declare class JWTService {
|
|
4
4
|
private readonly jwtService;
|
|
5
5
|
constructor(jwtService: JwtService);
|
|
6
|
-
signAsync({
|
|
6
|
+
signAsync({ issuer, audience, jwtId, notBefore, jwtSignOptions }: JWTSignAsyncOptions): (subject: string) => Promise<string>;
|
|
7
7
|
verifyAsync(token: string): Promise<any>;
|
|
8
8
|
}
|
package/dist/jwt/jwt.service.js
CHANGED
|
@@ -26,13 +26,13 @@ let JWTService = class JWTService {
|
|
|
26
26
|
this.jwtService = jwtService;
|
|
27
27
|
dayjs_1.default.extend(utc_1.default);
|
|
28
28
|
}
|
|
29
|
-
signAsync({
|
|
29
|
+
signAsync({ issuer, audience, jwtId, notBefore, jwtSignOptions }) {
|
|
30
30
|
return async (subject) => {
|
|
31
31
|
const payload = {
|
|
32
|
-
aud:
|
|
33
|
-
iss:
|
|
34
|
-
jti: (0, nanoid_1.nanoid)(),
|
|
35
|
-
nbf: parseInt(`${dayjs_1.default.utc().valueOf() / 1000}`),
|
|
32
|
+
aud: audience,
|
|
33
|
+
iss: issuer,
|
|
34
|
+
jti: jwtId ?? (0, nanoid_1.nanoid)(),
|
|
35
|
+
nbf: notBefore ?? parseInt(`${dayjs_1.default.utc().valueOf() / 1000}`),
|
|
36
36
|
sub: subject
|
|
37
37
|
};
|
|
38
38
|
const token = await this.jwtService.signAsync(payload, jwtSignOptions);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.service.js","sourceRoot":"","sources":["../../src/jwt/jwt.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAyC;AACzC,qCAAsC;AACtC,kDAAyB;AACzB,2DAAkC;AAClC,mCAA6B;AAC7B,oDAAyC;AACzC,kCAAqC;AAI9B,IAAM,UAAU,GAAhB,MAAM,UAAU;IACU;IAA7B,YAA6B,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;QAC/C,eAAK,CAAC,MAAM,CAAC,aAAG,CAAC,CAAA;IACrB,CAAC;IAED,SAAS,CAAC,EAAC,QAAQ,EAAE,
|
|
1
|
+
{"version":3,"file":"jwt.service.js","sourceRoot":"","sources":["../../src/jwt/jwt.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAyC;AACzC,qCAAsC;AACtC,kDAAyB;AACzB,2DAAkC;AAClC,mCAA6B;AAC7B,oDAAyC;AACzC,kCAAqC;AAI9B,IAAM,UAAU,GAAhB,MAAM,UAAU;IACU;IAA7B,YAA6B,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;QAC/C,eAAK,CAAC,MAAM,CAAC,aAAG,CAAC,CAAA;IACrB,CAAC;IAED,SAAS,CAAC,EAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,cAAc,EAAsB;QAC/E,OAAO,KAAK,EAAE,OAAe,EAAE,EAAE;YAC7B,MAAM,OAAO,GAAG;gBACZ,GAAG,EAAE,QAAQ;gBACb,GAAG,EAAE,MAAM;gBACX,GAAG,EAAE,KAAK,IAAI,IAAA,eAAM,GAAE;gBACtB,GAAG,EAAE,SAAS,IAAI,QAAQ,CAAC,GAAG,eAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC;gBAC7D,GAAG,EAAE,OAAO;aACf,CAAA;YAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,OAAO,EAAE,cAAc,CAAC,CAAA;YAEtE,OAAO,KAAK,CAAA;QAChB,CAAC,CAAA;IACL,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAa;QAC3B,OAAO,IAAI,CAAC,UAAU;aACjB,WAAW,CAAC,KAAK,CAAC;aAClB,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,IAAA,oBAAa,EAAC,EAAC,OAAO,EAAE,KAAK,CAAC,OAAO,EAAC,CAAC,CAAC,wBAAQ,CAAC,YAAY,CAAC,CAAC,CAAA;IACvF,CAAC;CACJ,CAAA;AA1BY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;qCAEgC,gBAAU;GAD1C,UAAU,CA0BtB"}
|
|
@@ -1,11 +1,9 @@
|
|
|
1
1
|
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import { ConfigService } from '@nestjs/config';
|
|
3
2
|
import { Reflector } from '@nestjs/core';
|
|
4
3
|
import { AuthenticationService } from '../authentication';
|
|
5
4
|
export declare class PermissionGuard implements CanActivate {
|
|
6
5
|
private readonly authenticationService;
|
|
7
|
-
private readonly configService;
|
|
8
6
|
private readonly reflector;
|
|
9
|
-
constructor(authenticationService: AuthenticationService,
|
|
7
|
+
constructor(authenticationService: AuthenticationService, reflector: Reflector);
|
|
10
8
|
canActivate(context: ExecutionContext): true | Promise<boolean>;
|
|
11
9
|
}
|
|
@@ -11,17 +11,14 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.PermissionGuard = void 0;
|
|
13
13
|
const common_1 = require("@nestjs/common");
|
|
14
|
-
const config_1 = require("@nestjs/config");
|
|
15
14
|
const core_1 = require("@nestjs/core");
|
|
16
15
|
const app_decorator_1 = require("../app.decorator");
|
|
17
16
|
const authentication_1 = require("../authentication");
|
|
18
17
|
let PermissionGuard = class PermissionGuard {
|
|
19
18
|
authenticationService;
|
|
20
|
-
configService;
|
|
21
19
|
reflector;
|
|
22
|
-
constructor(authenticationService,
|
|
20
|
+
constructor(authenticationService, reflector) {
|
|
23
21
|
this.authenticationService = authenticationService;
|
|
24
|
-
this.configService = configService;
|
|
25
22
|
this.reflector = reflector;
|
|
26
23
|
}
|
|
27
24
|
canActivate(context) {
|
|
@@ -32,8 +29,7 @@ let PermissionGuard = class PermissionGuard {
|
|
|
32
29
|
if (!requiredPermissions) {
|
|
33
30
|
return true;
|
|
34
31
|
}
|
|
35
|
-
const { headers, params, subject, issuer } = context.switchToHttp().getRequest();
|
|
36
|
-
const internalAccess = subject.startsWith(`internal:${this.configService.get('service.accessKey')}:${this.configService.get('service.secretKey')}`);
|
|
32
|
+
const { headers, params, subject, issuer, internalAccess } = context.switchToHttp().getRequest();
|
|
37
33
|
const publicPermission = [internalAccess, subject === params.id].some(Boolean);
|
|
38
34
|
if (publicPermission) {
|
|
39
35
|
return true;
|
|
@@ -47,7 +43,6 @@ exports.PermissionGuard = PermissionGuard;
|
|
|
47
43
|
exports.PermissionGuard = PermissionGuard = __decorate([
|
|
48
44
|
(0, common_1.Injectable)(),
|
|
49
45
|
__metadata("design:paramtypes", [authentication_1.AuthenticationService,
|
|
50
|
-
config_1.ConfigService,
|
|
51
46
|
core_1.Reflector])
|
|
52
47
|
], PermissionGuard);
|
|
53
48
|
//# sourceMappingURL=permission.guard.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permission.guard.js","sourceRoot":"","sources":["../../src/permission/permission.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAwE;AACxE,
|
|
1
|
+
{"version":3,"file":"permission.guard.js","sourceRoot":"","sources":["../../src/permission/permission.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAwE;AACxE,uCAAsC;AACtC,oDAA+D;AAC/D,sDAAuD;AAKhD,IAAM,eAAe,GAArB,MAAM,eAAe;IAEH;IACA;IAFrB,YACqB,qBAA4C,EAC5C,SAAoB;QADpB,0BAAqB,GAArB,qBAAqB,CAAuB;QAC5C,cAAS,GAAT,SAAS,CAAW;IACtC,CAAC;IAEJ,WAAW,CAAC,OAAyB;QACjC,MAAM,mBAAmB,GAAiB,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,8CAA8B,EAAE;YACvG,OAAO,CAAC,QAAQ,EAAE;YAClB,OAAO,CAAC,UAAU,EAAE;SACvB,CAAC,CAAA;QAEF,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACf,CAAC;QAED,MAAM,EAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,cAAc,EAAC,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAc,CAAA;QAC1G,MAAM,gBAAgB,GAAG,CAAC,cAAc,EAAE,OAAO,KAAK,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAE9E,IAAI,gBAAgB,EAAE,CAAC;YACnB,OAAO,IAAI,CAAA;QACf,CAAC;QAED,OAAO,IAAI,CAAC,qBAAqB;aAC5B,wBAAwB,CAAC,OAAO,CAAC,CAAC,EAAC,IAAI,EAAE,mBAAmB,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAC,CAAC;aACjG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;IACzB,CAAC;CACJ,CAAA;AA3BY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;qCAGmC,sCAAqB;QACjC,gBAAS;GAHhC,eAAe,CA2B3B"}
|