@cargolift-cdi/common 1.0.94 → 1.0.96
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { CanActivate, ExecutionContext } from
|
|
2
|
-
import { Reflector } from
|
|
3
|
-
import { JwtVerifierService } from
|
|
4
|
-
import { LoggerContextService } from
|
|
1
|
+
import { CanActivate, ExecutionContext } from "@nestjs/common";
|
|
2
|
+
import { Reflector } from "@nestjs/core";
|
|
3
|
+
import { JwtVerifierService } from "./jwt-verifier.service.js";
|
|
4
|
+
import { LoggerContextService } from "../logger/logger.service.js";
|
|
5
5
|
export declare class AuthGuard implements CanActivate {
|
|
6
6
|
private readonly jwtVerifier;
|
|
7
7
|
private readonly reflector;
|
package/dist/auth/auth.guard.js
CHANGED
|
@@ -7,12 +7,12 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
|
|
|
7
7
|
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
8
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
9
|
};
|
|
10
|
-
import { Injectable, UnauthorizedException, ForbiddenException, } from
|
|
11
|
-
import { Reflector } from
|
|
12
|
-
import { JwtVerifierService } from
|
|
13
|
-
import { LoggerContextService } from
|
|
14
|
-
import { ROLES_KEY } from
|
|
15
|
-
import { API_CLIENT_ID_KEY } from
|
|
10
|
+
import { Injectable, UnauthorizedException, ForbiddenException, InternalServerErrorException } from "@nestjs/common";
|
|
11
|
+
import { Reflector } from "@nestjs/core";
|
|
12
|
+
import { JwtVerifierService } from "./jwt-verifier.service.js";
|
|
13
|
+
import { LoggerContextService } from "../logger/logger.service.js";
|
|
14
|
+
import { ROLES_KEY } from "./roles.decorator.js";
|
|
15
|
+
import { API_CLIENT_ID_KEY } from "./api-client.decorator.js";
|
|
16
16
|
let AuthGuard = class AuthGuard {
|
|
17
17
|
constructor(jwtVerifier, reflector, logger) {
|
|
18
18
|
this.jwtVerifier = jwtVerifier;
|
|
@@ -20,37 +20,44 @@ let AuthGuard = class AuthGuard {
|
|
|
20
20
|
this.logger = logger;
|
|
21
21
|
}
|
|
22
22
|
baseClientId() {
|
|
23
|
-
return process.env.KEYCLOAK_AUDIENCE ||
|
|
23
|
+
return process.env.KEYCLOAK_AUDIENCE || "api.util";
|
|
24
24
|
}
|
|
25
25
|
resolveApiClientId(context, payload) {
|
|
26
|
-
const decorated = this.reflector.getAllAndOverride(API_CLIENT_ID_KEY, [
|
|
27
|
-
context.getHandler(),
|
|
28
|
-
context.getClass(),
|
|
29
|
-
]);
|
|
26
|
+
const decorated = this.reflector.getAllAndOverride(API_CLIENT_ID_KEY, [context.getHandler(), context.getClass()]);
|
|
30
27
|
if (decorated)
|
|
31
28
|
return decorated;
|
|
32
|
-
if (payload?.aud && typeof payload.aud ===
|
|
29
|
+
if (payload?.aud && typeof payload.aud === "string")
|
|
33
30
|
return payload.aud;
|
|
34
31
|
return this.baseClientId();
|
|
35
32
|
}
|
|
36
33
|
async canActivate(context) {
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
34
|
+
let request;
|
|
35
|
+
try {
|
|
36
|
+
request = context.switchToHttp().getRequest();
|
|
37
|
+
}
|
|
38
|
+
catch (e) {
|
|
39
|
+
throw new InternalServerErrorException("Erro ao obter dados de autorização da requisição: " + e.message);
|
|
41
40
|
}
|
|
42
|
-
const
|
|
41
|
+
const auth = request.headers["authorization"] || request.headers["Authorization"];
|
|
42
|
+
if (!auth || typeof auth !== "string" || !auth.startsWith("Bearer ")) {
|
|
43
|
+
throw new UnauthorizedException("Autorização ausente ou inválida");
|
|
44
|
+
}
|
|
45
|
+
const token = auth.substring("Bearer ".length).trim();
|
|
43
46
|
let payload;
|
|
44
47
|
try {
|
|
45
48
|
payload = await this.jwtVerifier.verify(token);
|
|
46
49
|
}
|
|
47
50
|
catch (e) {
|
|
48
|
-
throw new UnauthorizedException(e.message ||
|
|
51
|
+
throw new UnauthorizedException(e.message || "Token inválido");
|
|
49
52
|
}
|
|
50
53
|
request.user = payload;
|
|
51
54
|
try {
|
|
52
|
-
const ip = payload?.clientAddress ||
|
|
53
|
-
|
|
55
|
+
const ip = payload?.clientAddress ||
|
|
56
|
+
request.headers["x-forwarded-for"]?.split(",")[0]?.trim() ||
|
|
57
|
+
request.ip ||
|
|
58
|
+
request.connection?.remoteAddress ||
|
|
59
|
+
undefined;
|
|
60
|
+
const userAgent = request.headers["user-agent"];
|
|
54
61
|
const username = payload?.preferred_username || payload?.username || payload?.name;
|
|
55
62
|
const email = payload?.email;
|
|
56
63
|
const userId = payload?.sub;
|
|
@@ -60,22 +67,20 @@ let AuthGuard = class AuthGuard {
|
|
|
60
67
|
user_email: email,
|
|
61
68
|
user_id: userId,
|
|
62
69
|
user_name: username,
|
|
63
|
-
application: payload?.azp || payload?.aud
|
|
70
|
+
application: payload?.azp || payload?.aud,
|
|
64
71
|
});
|
|
65
72
|
}
|
|
66
|
-
catch {
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
context.getClass(),
|
|
70
|
-
]);
|
|
73
|
+
catch {
|
|
74
|
+
}
|
|
75
|
+
const requiredRoles = this.reflector.getAllAndOverride(ROLES_KEY, [context.getHandler(), context.getClass()]);
|
|
71
76
|
if (!requiredRoles || requiredRoles.length === 0) {
|
|
72
77
|
return true;
|
|
73
78
|
}
|
|
74
79
|
const apiClientId = this.resolveApiClientId(context, payload);
|
|
75
80
|
const roles = payload?.resource_access?.[apiClientId]?.roles || [];
|
|
76
|
-
const missing = requiredRoles.filter(r => !roles.includes(r));
|
|
81
|
+
const missing = requiredRoles.filter((r) => !roles.includes(r));
|
|
77
82
|
if (missing.length > 0) {
|
|
78
|
-
throw new ForbiddenException(`Sem permissão para acessar este recurso. Cliente: ${apiClientId}, regra: ${missing.join(
|
|
83
|
+
throw new ForbiddenException(`Sem permissão para acessar este recurso. Cliente: ${apiClientId}, regra: ${missing.join(", ")}`);
|
|
79
84
|
}
|
|
80
85
|
return true;
|
|
81
86
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.guard.js","sourceRoot":"","sources":["../../src/auth/auth.guard.ts"],"names":[],"mappings":";;;;;;;;;AACA,OAAO,
|
|
1
|
+
{"version":3,"file":"auth.guard.js","sourceRoot":"","sources":["../../src/auth/auth.guard.ts"],"names":[],"mappings":";;;;;;;;;AACA,OAAO,EAAiC,UAAU,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,4BAA4B,EAAE,MAAM,gBAAgB,CAAC;AACpJ,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAGvD,IAAM,SAAS,GAAf,MAAM,SAAS;IACpB,YACmB,WAA+B,EAC/B,SAAoB,EACpB,MAA4B;QAF5B,gBAAW,GAAX,WAAW,CAAoB;QAC/B,cAAS,GAAT,SAAS,CAAW;QACpB,WAAM,GAAN,MAAM,CAAsB;IAC5C,CAAC;IAGI,YAAY;QAClB,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,UAAU,CAAC;IACrD,CAAC;IAEO,kBAAkB,CAAC,OAAyB,EAAE,OAAY;QAMhE,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAS,iBAAiB,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1H,IAAI,SAAS;YAAE,OAAO,SAAS,CAAC;QAEhC,IAAI,OAAO,EAAE,GAAG,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC;QAExE,OAAO,IAAI,CAAC,YAAY,EAAE,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,IAAI,OAAO,CAAC;QACZ,IAAI,CAAC;YACH,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QAChD,CAAC;QAAC,OAAM,CAAC,EAAE,CAAC;YACV,MAAM,IAAI,4BAA4B,CAAC,oDAAoD,GAAI,CAAW,CAAC,OAAO,CAAC,CAAC;QACtH,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAClF,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,qBAAqB,CAAC,iCAAiC,CAAC,CAAC;QACrE,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,OAAY,CAAC;QACjB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,IAAI,qBAAqB,CAAC,CAAC,CAAC,OAAO,IAAI,gBAAgB,CAAC,CAAC;QACjE,CAAC;QAGD,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC;QAGvB,IAAI,CAAC;YACH,MAAM,EAAE,GACN,OAAO,EAAE,aAAa;gBACtB,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;gBACzD,OAAO,CAAC,EAAE;gBACV,OAAO,CAAC,UAAU,EAAE,aAAa;gBACjC,SAAS,CAAC;YACZ,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAChD,MAAM,QAAQ,GAAG,OAAO,EAAE,kBAAkB,IAAI,OAAO,EAAE,QAAQ,IAAI,OAAO,EAAE,IAAI,CAAC;YACnF,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;YAC7B,MAAM,MAAM,GAAG,OAAO,EAAE,GAAG,CAAC;YAC5B,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;gBACvB,EAAE,EAAE,EAAE;gBACN,UAAU,EAAE,SAAS;gBACrB,UAAU,EAAE,KAAK;gBACjB,OAAO,EAAE,MAAM;gBACf,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,OAAO,EAAE,GAAG,IAAI,OAAO,EAAE,GAAG;aAC1C,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAGD,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAW,SAAS,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAExH,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAE9D,MAAM,KAAK,GAAa,OAAO,EAAE,eAAe,EAAE,CAAC,WAAW,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QAE7E,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAChE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,kBAAkB,CAC1B,qDAAqD,WAAW,YAAY,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACjG,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AA9FY,SAAS;IADrB,UAAU,EAAE;qCAGqB,kBAAkB;QACpB,SAAS;QACZ,oBAAoB;GAJpC,SAAS,CA8FrB"}
|
|
@@ -2,6 +2,6 @@ import { HttpException } from "@nestjs/common";
|
|
|
2
2
|
import { ErrorOptions } from "./base.error.js";
|
|
3
3
|
export declare class InvalidPayloadBusinessError extends HttpException {
|
|
4
4
|
data: Record<string, unknown>;
|
|
5
|
-
cause:
|
|
5
|
+
cause: Error | string | string[];
|
|
6
6
|
constructor(message: string, errors: string[], options?: ErrorOptions);
|
|
7
7
|
}
|