@cargolift-cdi/lib-common 0.0.2

package/LICENSE

@@ -0,0 +1,9 @@
+Licença MIT
+
+Copyright (c) 2025 Cargolift
+
+A permissão é concedida, gratuitamente, a qualquer pessoa que obtenha uma cópia deste software e dos arquivos de documentação associados (o "Software"), para lidar com o Software sem restrições, incluindo, sem limitação, os direitos de usar, copiar, modificar, mesclar, publicar, distribuir, sublicenciar e/ou vender cópias do Software, e permitir que pessoas a quem o Software é fornecido o façam, sujeito às seguintes condições:
+
+O aviso de copyright acima e este aviso de permissão devem ser incluídos em todas as cópias ou partes substanciais do Software.
+
+O SOFTWARE É FORNECIDO "NO ESTADO EM QUE SE ENCONTRA", SEM GARANTIA DE QUALQUER TIPO, EXPRESSA OU IMPLÍCITA, INCLUINDO, MAS NÃO SE LIMITANDO ÀS GARANTIAS DE COMERCIALIZAÇÃO, ADEQUAÇÃO A UM DETERMINADO FIM E NÃO VIOLAÇÃO. EM NENHUMA HIPÓTESE OS AUTORES OU DETENTORES DOS DIREITOS AUTORAIS SERÃO RESPONSÁVEIS POR QUALQUER REIVINDICAÇÃO, DANO OU OUTRA RESPONSABILIDADE, SEJA EM UMA AÇÃO DE CONTRATO, DELITO OU DE OUTRA FORMA, DECORRENTE DE, FORA DE OU EM CONEXÃO COM O SOFTWARE OU O USO OU OUTRAS NEGOCIAÇÕES NO SOFTWARE.

package/README.jwt-logger-context.md

@@ -0,0 +1,44 @@
+# Enriquecimento de LoggerContext com dados do JWT
+
+## Objetivo
+Propagar informações de usuário (id, name, email, ip, user-agent, aplicação de origem) extraídas do token JWT para:
+- Contexto de logs (LoggerContextService)
+- Envelope de mensagens publicadas (IntegrationEventPublisher / RabbitMQPublisherService)
+
+## Fluxo Implementado
+1. Middleware `APILoggerMiddleware` inicializa o contexto de log por requisição (correlation_id, trace básico, application.function via URL, etc).
+2. Guard `AuthGuard` valida o token e agora enriquece o contexto via `logger.updateSource()`, mesclando:
+   - `user_name` => preferred_username | username | name
+   - `user_id`   => sub
+   - `user_email`=> email
+   - `application` => azp | aud
+   - `ip` e `user_agent` (cabecalhos / request)
+3. Controller dispara `IntegrationEventPublisher.publish()`, que:
+   - Obtém `ctx = logger.getContext()`
+   - Mescla `ctx.source` + `opts.envelope.source` + fallback (ip/user_agent) para construir `envelope.source`
+   - Publica headers padronizados: `x-correlation-id`, `x-trace`, `x-source`
+
+## Ponto de Extensão
+Se quiser acrescentar campos customizados (ex: filial, tenant_id):
+```ts
+this.logger.updateSource({ tenant_id: payload?.tenant_id });
+```
+
+## Boas Práticas
+- Evitar sobrescrever `source` inteiro; sempre usar `updateSource` para merge incremental.
+- Caso haja Interceptor para métricas, pode ler `logger.getContext().source.user_id` sem recompor payload.
+- Em chamadas internas (sem HTTP), pode-se chamar manualmente:
+```ts
+this.logger.updateSource({ application: 'internal-task-runner' });
+```
+
+## Erros/Edge Cases
+- Se o middleware não rodar (ex: rota sem HTTP padrão), o guard ainda enriquece parcialmente o contexto.
+- Campos ausentes no token não sobrescrevem os já registrados.
+- `ip` extraído de `x-forwarded-for` (primeiro IP) se existir.
+
+## Alternativas Consideradas
+- Interceptor global pós-guard (maior latência e ordem de execução mais complexa).
+- Decorator por controller (repetitivo e sujeito a esquecimento).
+
+A abordagem atual centraliza a responsabilidade de *enriquecimento* no mesmo ponto da *autenticação*, garantindo consistência.

package/README.md

@@ -0,0 +1,232 @@
+# @cargolift-cdi/common
+
+Utilidades comuns e padronização de erros para projetos Cargolift CDI (NestJS).
+
+Este pacote provê:
+- Classes de erro de domínio (BusinessError) com código, dados adicionais e causa encadeada
+- Filtro global de exceções para APIs (APIExceptionsFilter) já integrado ao util-logger
+
+
+## Instalação
+
+Requisitos:
+- Node.js LTS (18+) e npm
+- Peer dependency: `@nestjs/common@^11`
+
+Instale:
+
+```cmd
+npm i @cargolift-cdi/common
+```
+
+O pacote depende de `@cargolift-cdi/util-logger` (instalado automaticamente).
+
+
+## Uso rápido
+
+### 1) Aplicar o filtro global de exceções (NestJS)
+
+```ts
+import { NestFactory } from '@nestjs/core';
+import { AppModule } from './app.module';
+import { APIExceptionsFilter } from '@cargolift-cdi/common';
+import { LoggerContextService } from '@cargolift-cdi/util-logger';
+
+async function bootstrap() {
+  const app = await NestFactory.create(AppModule, { bufferLogs: true });
+
+  // Usa o LoggerContextService já registrado no container
+  const logger = app.get(LoggerContextService);
+  app.useGlobalFilters(new APIExceptionsFilter(logger));
+
+  await app.listen(3000);
+}
+
+bootstrap();
+```
+
+O filtro padroniza o payload de erro, enriquece logs com `correlation_id` e trata mensagens conhecidas (ex.: erros de rede).
+
+Alternativa: registrar via provider global (APP_FILTER):
+
+```ts
+import { Module } from '@nestjs/common';
+import { APP_FILTER } from '@nestjs/core';
+import { APIExceptionsFilter } from '@cargolift-cdi/common';
+// Certifique-se de que o LoggerContextService esteja disponível no container
+import { LoggerContextService } from '@cargolift-cdi/util-logger';
+
+@Module({
+  providers: [
+    LoggerContextService, // ou importe o módulo que o fornece, se existir
+    { provide: APP_FILTER, useClass: APIExceptionsFilter },
+  ],
+})
+export class AppModule {}
+```
+
+### 2) Lançar erros de negócio no seu código
+
+```ts
+import { NotFoundBusinessError, GenericBusinessError } from '@cargolift-cdi/common';
+
+// Recurso não encontrado
+throw new NotFoundBusinessError('Order', '12345');
+
+// Erro de negócio genérico com código e dados extras
+throw new GenericBusinessError('Falha no provedor', {
+  code: 'PAYMENT_PROVIDER_ERROR',
+  data: { context: 'Pagamento', errorCode: 'PX-999', provider: 'AcmePay' },
+});
+```
+
+
+## API pública (exportada por `index`)
+
+- `BusinessError` (abstrata)
+  - Base para erros de domínio. Suporta `code?: string`, `data?: Record<string, unknown>`, `cause?: unknown` e serialização segura via `toJSON()`.
+- `GenericBusinessError`
+  - Erro de negócio genérico (mensagem padrão "Generic Business error" quando não informada). Útil para normalizar exceções desconhecidas.
+- `NotFoundBusinessError`
+  - Especialização para recursos não encontrados: construtor `(resourceType: string, resourceId: string|number, message?, options?)`.
+- `APIExceptionsFilter` (NestJS)
+  - Filtro global de exceções. Decide tipo do erro (business/application), aplica códigos padrão e registra logs estruturados via `LoggerContextService`.
+
+Observação: existem classes internas adicionais (ex.: `ApplicationError`, `GenericApplicationError`) que podem evoluir; utilize apenas a API pública acima para evitar quebras.
+
+## Contexto de Logs com AsyncLocalStorage (v2)
+
+A partir da versão que introduz esta seção, o `LoggerContextService` passou a ser singleton (escopo DEFAULT) e o isolamento por requisição/mensagem é garantido via `AsyncLocalStorage`.
+
+Benefícios:
+- Menos alocações de instâncias (melhor para alto throughput)
+- Propagação automática de contexto por callbacks/promises sem passar manualmente
+- Publishers/clients apenas usam `logger.getContext()`
+
+Helpers exportados:
+```ts
+import { runWithLoggerContext, getLoggerContext, updateLoggerContext } from '@cargolift-cdi/common';
+
+runWithLoggerContext({ correlation_id: 'abc' }, () => {
+  // Tudo aqui dentro (e awaits) mantém o contexto
+});
+```
+
+Fluxo HTTP (middleware `APILoggerMiddleware`):
+1. Abre `runWithLoggerContext({})`
+2. Chama `logger.setContextRequest(req)` (gera/propaga `correlation_id` e `trace`)
+3. Todos os logs subsequentes compartilham o mesmo contexto
+
+Fluxo RabbitMQ (consumer):
+1. Cria um child logger a partir dos headers da mensagem (`childFromRabbit`)
+2. Semeia o ALS com `runWithLoggerContext(child.getContext(), processMessage)`
+3. Dentro do processamento usa-se o `logger` base normalmente
+
+Caso precise anexar dados adicionais no meio da execução:
+```ts
+updateLoggerContext({ caller_info: { type: 'user', id: 'u-1' } });
+```
+
+Se um log for emitido fora de um escopo ALS (ex.: antes de bootstrap), o logger ainda funcionará, porém sem `correlation_id` fixo (um novo poderá ser gerado quando o contexto for definido).
+
+
+
+## Detalhes das classes
+
+### BusinessError
+
+Contrato básico:
+- `name: string` — Nome da classe (ex.: `NotFoundBusinessError`)
+- `message?: string` — Mensagem humana
+- `code?: string` — Ex.: `BUSINESS_RESOURCE_NOT_FOUND`, `INVALID_PAYLOAD`
+- `data?: Record<string, unknown>` — Dados serializáveis extras
+- `cause?: unknown` — Erro original para encadeamento
+- `toJSON()` — Retorna objeto serializável, inclusive com `stack` enumerável e `cause` segura
+
+`BusinessErrorOptions`:
+```ts
+type BusinessErrorOptions = {
+  code?: string;
+  cause?: unknown;
+  data?: Record<string, unknown>;
+};
+```
+
+### NotFoundBusinessError
+
+- Código padrão: `BUSINESS_RESOURCE_NOT_FOUND`
+- `data`: `{ resourceType: string, resourceId: string|number }`
+
+### GenericBusinessError
+
+- Código padrão: `BUSINESS_ERROR`
+- Permite enviar `data` adicional e causa original (`cause`).
+
+### APIExceptionsFilter
+
+- Inspeciona exceções do NestJS (`HttpException`) e erros comuns de infraestrutura (ex.: `ECONNREFUSED`, `ETIMEDOUT`)
+- Cria/propaga `correlation_id` no contexto de log
+- Resposta JSON padrão:
+
+```json
+{
+  "message": "<mensagem>",
+  "error": {
+    "statusCode": 500,
+    "timestamp": "2025-01-01T00:00:00.000Z",
+    "path": "/rota",
+    "errorCode": "INTERNAL_ERROR"
+  }
+}
+```
+
+
+# App Logger (Global)
+Use AppLoggerModule para configurar um log global com contexto.
+
+```ts
+import { AppLoggerModule, APP_LOGGER, LoggerContextService } from '@cargolift-cdi/common';
+
+@Module({
+  imports: [
+    AppLoggerModule.forRoot({
+      application: {
+        name: 'middleware-esb',
+        function: 'service',
+      },
+    }),
+  ],
+})
+export class AppModule {}
+
+@Injectable()
+export class SomeService {
+  constructor(@Inject(APP_LOGGER) private readonly appLogger: LoggerContextService) {}
+
+  doStuff() {
+    this.appLogger.log('App level log');
+  }
+}
+```
+
+Notes:
+- Este log possui um contexto único; não chame `setContext`.
+- Para logs por mensagem/requisição , use a versão de escopo TRANSIENT `LoggerContextService` e chame `setContextRabbitMQ`/`setContextRequest`.
+
+
+
+## Scripts do projeto
+
+- `npm run build` — Compila TypeScript para `dist/`
+- `npm publish` — Publica (executa `build` no `prepublishOnly`)
+
+
+## Contribuição
+
+- Abra issues e PRs no GitHub: https://github.com/cargolift-cdi/common
+- Padrões: TypeScript, NestJS 11, commits claros, linters/formatters do seu editor
+
+
+## Licença
+
+MIT © Cargolift CDI

package/dist/auth/api-client.decorator.d.ts

@@ -0,0 +1,2 @@
+export declare const API_CLIENT_ID_KEY = "api_client_id";
+export declare const ApiClient: (clientId: string) => import("@nestjs/common").CustomDecorator<string>;

package/dist/auth/api-client.decorator.js

@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+export const API_CLIENT_ID_KEY = 'api_client_id';
+export const ApiClient = (clientId) => SetMetadata(API_CLIENT_ID_KEY, clientId);
+//# sourceMappingURL=api-client.decorator.js.map

package/dist/auth/api-client.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-client.decorator.js","sourceRoot":"","sources":["../../src/auth/api-client.decorator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE7C,MAAM,CAAC,MAAM,iBAAiB,GAAG,eAAe,CAAC;AACjD,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,QAAgB,EAAE,EAAE,CAAC,WAAW,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC"}

package/dist/auth/auth.guard.d.ts

@@ -0,0 +1,13 @@
+import { CanActivate, ExecutionContext } from "@nestjs/common";
+import { Reflector } from "@nestjs/core";
+import { JwtVerifierService } from "./jwt-verifier.service.js";
+import { LoggerContextService } from "../logger/logger.service.js";
+export declare class AuthGuard implements CanActivate {
+    private readonly jwtVerifier;
+    private readonly reflector;
+    private readonly logger;
+    constructor(jwtVerifier: JwtVerifierService, reflector: Reflector, logger: LoggerContextService);
+    private baseClientId;
+    private resolveApiClientId;
+    canActivate(context: ExecutionContext): Promise<boolean>;
+}

package/dist/auth/auth.guard.js

@@ -0,0 +1,95 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { Injectable, UnauthorizedException, ForbiddenException, InternalServerErrorException } from "@nestjs/common";
+import { Reflector } from "@nestjs/core";
+import { JwtVerifierService } from "./jwt-verifier.service.js";
+import { LoggerContextService } from "../logger/logger.service.js";
+import { ROLES_KEY } from "./roles.decorator.js";
+import { API_CLIENT_ID_KEY } from "./api-client.decorator.js";
+let AuthGuard = class AuthGuard {
+    constructor(jwtVerifier, reflector, logger) {
+        this.jwtVerifier = jwtVerifier;
+        this.reflector = reflector;
+        this.logger = logger;
+    }
+    baseClientId() {
+        return process.env.KEYCLOAK_AUDIENCE || "api.util";
+    }
+    resolveApiClientId(context, payload) {
+        const decorated = this.reflector.getAllAndOverride(API_CLIENT_ID_KEY, [context.getHandler(), context.getClass()]);
+        if (decorated)
+            return decorated;
+        if (payload?.aud && typeof payload.aud === "string")
+            return payload.aud;
+        return this.baseClientId();
+    }
+    async canActivate(context) {
+        let request;
+        try {
+            request = context.switchToHttp().getRequest();
+        }
+        catch (e) {
+            throw new InternalServerErrorException("Erro ao obter dados de autorização da requisição: " + e.message);
+        }
+        const auth = request.headers["authorization"] || request.headers["Authorization"];
+        if (!auth || typeof auth !== "string" || !auth.startsWith("Bearer ")) {
+            throw new UnauthorizedException("Autorização ausente ou inválida");
+        }
+        const token = auth.substring("Bearer ".length).trim();
+        let payload;
+        try {
+            payload = await this.jwtVerifier.verify(token);
+        }
+        catch (e) {
+            throw new UnauthorizedException("Falha ao obter autorização: " + (e.message || "Token inválido"));
+        }
+        request.user = payload;
+        try {
+            const ip = payload?.clientAddress ||
+                request.headers["x-forwarded-for"]?.split(",")[0]?.trim() ||
+                request.ip ||
+                request.connection?.remoteAddress ||
+                undefined;
+            const userAgent = request.headers["user-agent"];
+            const username = payload?.preferred_username || payload?.username || payload?.name;
+            const email = payload?.email;
+            const userId = payload?.sub;
+            this.logger.updateSource({
+                ip: ip,
+                user_agent: userAgent,
+                user_email: email,
+                user_id: userId,
+                user_name: username,
+                application: payload?.azp || payload?.aud,
+            });
+        }
+        catch {
+        }
+        const requiredRoles = this.reflector.getAllAndOverride(ROLES_KEY, [context.getHandler(), context.getClass()]);
+        if (!requiredRoles || requiredRoles.length === 0) {
+            return true;
+        }
+        const apiClientId = this.resolveApiClientId(context, payload);
+        const roles = payload?.resource_access?.[apiClientId]?.roles || [];
+        const missing = requiredRoles.filter((r) => !roles.includes(r));
+        if (missing.length > 0) {
+            throw new ForbiddenException(`Sem permissão para acessar este recurso. Cliente: ${apiClientId}, regra: ${missing.join(", ")}`);
+        }
+        return true;
+    }
+};
+AuthGuard = __decorate([
+    Injectable(),
+    __metadata("design:paramtypes", [JwtVerifierService,
+        Reflector,
+        LoggerContextService])
+], AuthGuard);
+export { AuthGuard };
+//# sourceMappingURL=auth.guard.js.map

package/dist/auth/auth.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.guard.js","sourceRoot":"","sources":["../../src/auth/auth.guard.ts"],"names":[],"mappings":";;;;;;;;;AACA,OAAO,EAAiC,UAAU,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,4BAA4B,EAAE,MAAM,gBAAgB,CAAC;AACpJ,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAGvD,IAAM,SAAS,GAAf,MAAM,SAAS;IACpB,YACmB,WAA+B,EAC/B,SAAoB,EACpB,MAA4B;QAF5B,gBAAW,GAAX,WAAW,CAAoB;QAC/B,cAAS,GAAT,SAAS,CAAW;QACpB,WAAM,GAAN,MAAM,CAAsB;IAC5C,CAAC;IAGI,YAAY;QAClB,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,UAAU,CAAC;IACrD,CAAC;IAEO,kBAAkB,CAAC,OAAyB,EAAE,OAAY;QAMhE,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAS,iBAAiB,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1H,IAAI,SAAS;YAAE,OAAO,SAAS,CAAC;QAEhC,IAAI,OAAO,EAAE,GAAG,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC;QAExE,OAAO,IAAI,CAAC,YAAY,EAAE,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,IAAI,OAAO,CAAC;QACZ,IAAI,CAAC;YACH,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QAChD,CAAC;QAAC,OAAM,CAAC,EAAE,CAAC;YACV,MAAM,IAAI,4BAA4B,CAAC,oDAAoD,GAAI,CAAW,CAAC,OAAO,CAAC,CAAC;QACtH,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAClF,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,qBAAqB,CAAC,iCAAiC,CAAC,CAAC;QACrE,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,OAAY,CAAC;QACjB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,IAAI,qBAAqB,CAAC,8BAA8B,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,gBAAgB,CAAC,CAAC,CAAC;QACpG,CAAC;QAGD,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC;QAGvB,IAAI,CAAC;YACH,MAAM,EAAE,GACN,OAAO,EAAE,aAAa;gBACtB,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;gBACzD,OAAO,CAAC,EAAE;gBACV,OAAO,CAAC,UAAU,EAAE,aAAa;gBACjC,SAAS,CAAC;YACZ,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAChD,MAAM,QAAQ,GAAG,OAAO,EAAE,kBAAkB,IAAI,OAAO,EAAE,QAAQ,IAAI,OAAO,EAAE,IAAI,CAAC;YACnF,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;YAC7B,MAAM,MAAM,GAAG,OAAO,EAAE,GAAG,CAAC;YAC5B,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;gBACvB,EAAE,EAAE,EAAE;gBACN,UAAU,EAAE,SAAS;gBACrB,UAAU,EAAE,KAAK;gBACjB,OAAO,EAAE,MAAM;gBACf,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,OAAO,EAAE,GAAG,IAAI,OAAO,EAAE,GAAG;aAC1C,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAGD,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAW,SAAS,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAExH,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAE9D,MAAM,KAAK,GAAa,OAAO,EAAE,eAAe,EAAE,CAAC,WAAW,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QAE7E,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAChE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,kBAAkB,CAC1B,qDAAqD,WAAW,YAAY,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACjG,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AA9FY,SAAS;IADrB,UAAU,EAAE;qCAGqB,kBAAkB;QACpB,SAAS;QACZ,oBAAoB;GAJpC,SAAS,CA8FrB"}

package/dist/auth/auth.module.d.ts

@@ -0,0 +1,2 @@
+export declare class AuthModule {
+}

package/dist/auth/auth.module.js

@@ -0,0 +1,19 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { Module } from '@nestjs/common';
+import { JwtVerifierService } from './jwt-verifier.service.js';
+import { AuthGuard } from './auth.guard.js';
+let AuthModule = class AuthModule {
+};
+AuthModule = __decorate([
+    Module({
+        providers: [JwtVerifierService, AuthGuard],
+        exports: [JwtVerifierService, AuthGuard],
+    })
+], AuthModule);
+export { AuthModule };
+//# sourceMappingURL=auth.module.js.map

package/dist/auth/auth.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.module.js","sourceRoot":"","sources":["../../src/auth/auth.module.ts"],"names":[],"mappings":";;;;;;AACA,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAMrC,IAAM,UAAU,GAAhB,MAAM,UAAU;CAAG,CAAA;AAAb,UAAU;IAJtB,MAAM,CAAC;QACN,SAAS,EAAE,CAAC,kBAAkB,EAAE,SAAS,CAAC;QAC1C,OAAO,EAAE,CAAC,kBAAkB,EAAE,SAAS,CAAC;KACzC,CAAC;GACW,UAAU,CAAG"}

package/dist/auth/jwt-verifier.service.d.ts

@@ -0,0 +1,22 @@
+import { OnModuleInit } from '@nestjs/common';
+import { LoggerContextService } from '../logger/logger.service.js';
+export declare class JwtVerifierService implements OnModuleInit {
+    private readonly logger;
+    private openIdConfig?;
+    private keyCache;
+    private configFetchedAt?;
+    constructor(logger: LoggerContextService);
+    private readonly CONFIG_TTL_MS;
+    private readonly KEY_TTL_MS;
+    private get issuer();
+    private get audience();
+    private get wellKnownUrl();
+    private fetchOpenIdConfig;
+    private fetchJwks;
+    private getKeyByKid;
+    private parseJwt;
+    private verifySignatureRS256;
+    private assertClaims;
+    verify(token: string): Promise<any>;
+    onModuleInit(): Promise<void>;
+}

package/dist/auth/jwt-verifier.service.js

@@ -0,0 +1,164 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { Injectable } from '@nestjs/common';
+import { createPublicKey, createVerify } from 'crypto';
+import { LoggerContextService } from '../logger/logger.service.js';
+function base64urlDecode(input) {
+    input = input.replace(/-/g, '+').replace(/_/g, '/');
+    const pad = input.length % 4;
+    if (pad)
+        input += '='.repeat(4 - pad);
+    return Buffer.from(input, 'base64');
+}
+let JwtVerifierService = class JwtVerifierService {
+    constructor(logger) {
+        this.logger = logger;
+        this.keyCache = new Map();
+        this.CONFIG_TTL_MS = 60_000;
+        this.KEY_TTL_MS = 10 * 60_000;
+    }
+    get issuer() {
+        return process.env.KEYCLOAK_ISSUER;
+    }
+    get audience() {
+        return process.env.KEYCLOAK_AUDIENCE;
+    }
+    get wellKnownUrl() {
+        const baseUrl = process.env.KEYCLOAK_BASE_URL;
+        const realm = process.env.KEYCLOAK_REALM;
+        return `${baseUrl}/realms/${realm}/.well-known/openid-configuration`;
+    }
+    async fetchOpenIdConfig() {
+        const now = Date.now();
+        if (this.openIdConfig && this.configFetchedAt && now - this.configFetchedAt < this.CONFIG_TTL_MS) {
+            return this.openIdConfig;
+        }
+        const res = await fetch(this.wellKnownUrl, { method: 'GET' }).catch(err => {
+            throw new Error(`Falha ao buscar configuração OpenID (${err.message})`);
+        });
+        if (!res.ok) {
+            throw new Error(`Falha ao carregar configuração OpenID: ${res.status}`);
+        }
+        const json = await res.json();
+        this.openIdConfig = { issuer: json.issuer, jwks_uri: json.jwks_uri };
+        this.configFetchedAt = now;
+        return this.openIdConfig;
+    }
+    async fetchJwks() {
+        const { jwks_uri } = await this.fetchOpenIdConfig();
+        const res = await fetch(jwks_uri, { method: 'GET' }).catch(err => {
+            throw new Error(`Falha ao buscar JWKS (${err.message})`);
+        });
+        if (!res.ok) {
+            throw new Error(`Falha ao carregar JWKS: ${res.status}`);
+        }
+        return res.json();
+    }
+    async getKeyByKid(kid) {
+        const now = Date.now();
+        const cached = this.keyCache.get(kid);
+        if (cached && now - cached.fetchedAt < this.KEY_TTL_MS) {
+            return cached.key;
+        }
+        const jwks = await this.fetchJwks();
+        const jwk = jwks.keys.find(k => k.kid === kid);
+        if (!jwk) {
+            throw new Error(`Chave com kid ${kid} não encontrada no JWKS`);
+        }
+        const key = createPublicKey({ key: jwk, format: 'jwk' });
+        this.keyCache.set(kid, { key, fetchedAt: now });
+        return key;
+    }
+    parseJwt(token) {
+        const parts = token.split('.');
+        if (parts.length !== 3)
+            throw new Error('Invalid JWT format');
+        const [encodedHeader, encodedPayload, encodedSig] = parts;
+        const header = JSON.parse(base64urlDecode(encodedHeader).toString('utf8'));
+        const payload = JSON.parse(base64urlDecode(encodedPayload).toString('utf8'));
+        const signature = base64urlDecode(encodedSig);
+        const signingInput = `${encodedHeader}.${encodedPayload}`;
+        return { header, payload, signature, signingInput };
+    }
+    verifySignatureRS256(signingInput, signature, publicKey) {
+        const verifier = createVerify('RSA-SHA256');
+        verifier.update(signingInput);
+        verifier.end();
+        return verifier.verify(publicKey, signature);
+    }
+    assertClaims(payload) {
+        const now = Math.floor(Date.now() / 1000);
+        if (typeof payload.exp === 'number' && now >= payload.exp) {
+            throw new Error('Token expirado');
+        }
+        if (typeof payload.nbf === 'number' && now < payload.nbf) {
+            throw new Error('Token ainda não válido (nbf)');
+        }
+        if (this.issuer && payload.iss !== this.issuer) {
+            throw new Error(`Invalid issuer: expected ${this.issuer}`);
+        }
+        if (this.audience) {
+            const aud = payload.aud;
+            const ok = aud === this.audience ||
+                (Array.isArray(aud) && aud.includes(this.audience));
+            if (!ok)
+                throw new Error(`Invalid audience, expected ${this.audience}`);
+        }
+    }
+    async verify(token) {
+        const { header, payload, signature, signingInput } = this.parseJwt(token);
+        if (header.alg !== 'RS256') {
+            throw new Error(`Unsupported alg: ${header.alg}`);
+        }
+        if (!header.kid) {
+            throw new Error('JWT missing kid');
+        }
+        const key = await this.getKeyByKid(header.kid);
+        const valid = this.verifySignatureRS256(signingInput, signature, key);
+        if (!valid)
+            throw new Error('Token com assinatura inválida');
+        this.assertClaims(payload);
+        return payload;
+    }
+    async onModuleInit() {
+        try {
+            if (!process.env.KEYCLOAK_BASE_URL || !process.env.KEYCLOAK_REALM) {
+                this.logger.warn('JWT verifier warmup skipped: KEYCLOAK environment variables not fully set');
+                return;
+            }
+            await this.fetchOpenIdConfig();
+            const jwks = await this.fetchJwks();
+            const now = Date.now();
+            let loaded = 0;
+            for (const jwk of jwks.keys) {
+                if (!jwk.kid)
+                    continue;
+                try {
+                    const key = createPublicKey({ key: jwk, format: 'jwk' });
+                    this.keyCache.set(jwk.kid, { key, fetchedAt: now });
+                    loaded++;
+                }
+                catch (e) {
+                    this.logger.warn(`Falha ao preparar chave kid=${jwk.kid}: ${e.message}`);
+                }
+            }
+            this.logger.log(`JWT verifier warmup concluído: ${loaded} chave(s) em cache`);
+        }
+        catch (e) {
+            this.logger.warn(`JWT verifier warmup falhou: ${e.message}`);
+        }
+    }
+};
+JwtVerifierService = __decorate([
+    Injectable(),
+    __metadata("design:paramtypes", [LoggerContextService])
+], JwtVerifierService);
+export { JwtVerifierService };
+//# sourceMappingURL=jwt-verifier.service.js.map

package/dist/auth/jwt-verifier.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-verifier.service.js","sourceRoot":"","sources":["../../src/auth/jwt-verifier.service.ts"],"names":[],"mappings":";;;;;;;;;AACA,OAAO,EAAE,UAAU,EAAgB,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,YAAY,EAAa,MAAM,QAAQ,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AAkBnE,SAAS,eAAe,CAAC,KAAa;IACpC,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;IAC7B,IAAI,GAAG;QAAE,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;IACtC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;AACtC,CAAC;AAGM,IAAM,kBAAkB,GAAxB,MAAM,kBAAkB;IAK7B,YAA6B,MAA4B;QAA5B,WAAM,GAAN,MAAM,CAAsB;QAHjD,aAAQ,GAAG,IAAI,GAAG,EAAiD,CAAC;QAM3D,kBAAa,GAAG,MAAM,CAAC;QACvB,eAAU,GAAG,EAAE,GAAG,MAAM,CAAC;IAJkB,CAAC;IAM7D,IAAY,MAAM;QAChB,OAAO,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC;IACtC,CAAC;IAED,IAAY,QAAQ;QAClB,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAkB,CAAC;IACxC,CAAC;IAED,IAAY,YAAY;QACtB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAkB,CAAC;QAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,cAAe,CAAC;QAC1C,OAAO,GAAG,OAAO,WAAW,KAAK,mCAAmC,CAAC;IACvE,CAAC;IAEO,KAAK,CAAC,iBAAiB;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,eAAe,IAAI,GAAG,GAAG,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YACjG,OAAO,IAAI,CAAC,YAAY,CAAC;QAC3B,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YACxE,MAAM,IAAI,KAAK,CAAC,wCAAwC,GAAG,CAAC,OAAO,GAAG,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,0CAA0C,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1E,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,IAAI,CAAC,YAAY,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACrE,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC;QAC3B,OAAO,IAAI,CAAC,YAAa,CAAC;IAC5B,CAAC;IAEO,KAAK,CAAC,SAAS;QACrB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACpD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YAC/D,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,OAAO,GAAG,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,GAAW;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,MAAM,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YACvD,OAAO,MAAM,CAAC,GAAG,CAAC;QACpB,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACpC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;QAC/C,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,iBAAiB,GAAG,yBAAyB,CAAC,CAAC;QACjE,CAAC;QAGD,MAAM,GAAG,GAAG,eAAe,CAAC,EAAE,GAAG,EAAE,GAAU,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAChE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,QAAQ,CAAC,KAAa;QAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAE9D,MAAM,CAAC,aAAa,EAAE,cAAc,EAAE,UAAU,CAAC,GAAG,KAAK,CAAC;QAC1D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAC3E,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAC7E,MAAM,SAAS,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;QAC9C,MAAM,YAAY,GAAG,GAAG,aAAa,IAAI,cAAc,EAAE,CAAC;QAC1D,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC;IACtD,CAAC;IAEO,oBAAoB,CAAC,YAAoB,EAAE,SAAiB,EAAE,SAAoB;QACxF,MAAM,QAAQ,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;QAC5C,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC9B,QAAQ,CAAC,GAAG,EAAE,CAAC;QACf,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAC/C,CAAC;IAEO,YAAY,CAAC,OAAY;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QACD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,4BAA4B,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;YACxB,MAAM,EAAE,GACN,GAAG,KAAK,IAAI,CAAC,QAAQ;gBACrB,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YACtD,IAAI,CAAC,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC1E,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE1E,IAAI,MAAM,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,oBAAoB,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;QAKD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,oBAAoB,CAAC,YAAY,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;QACtE,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAE7D,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAE3B,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,YAAY;QAEhB,IAAI,CAAC;YACH,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;gBAClE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2EAA2E,CAAC,CAAC;gBAC9F,OAAO;YACT,CAAC;YAED,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACpC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,MAAM,GAAG,CAAC,CAAC;YACf,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,CAAC,GAAG,CAAC,GAAG;oBAAE,SAAS;gBACvB,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,eAAe,CAAC,EAAE,GAAG,EAAE,GAAU,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;oBAChE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;oBACpD,MAAM,EAAE,CAAC;gBACX,CAAC;gBAAC,OAAO,CAAM,EAAE,CAAC;oBAChB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC3E,CAAC;YACH,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,kCAAkC,MAAM,oBAAoB,CAAC,CAAC;QAChF,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;CACF,CAAA;AAnKY,kBAAkB;IAD9B,UAAU,EAAE;qCAM0B,oBAAoB;GAL9C,kBAAkB,CAmK9B"}

package/dist/auth/roles.decorator.d.ts

@@ -0,0 +1,2 @@
+export declare const ROLES_KEY = "required_roles";
+export declare const RequireRoles: (...roles: string[]) => import("@nestjs/common").CustomDecorator<string>;

package/dist/auth/roles.decorator.js

@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+export const ROLES_KEY = 'required_roles';
+export const RequireRoles = (...roles) => SetMetadata(ROLES_KEY, roles);
+//# sourceMappingURL=roles.decorator.js.map

package/dist/auth/roles.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roles.decorator.js","sourceRoot":"","sources":["../../src/auth/roles.decorator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE7C,MAAM,CAAC,MAAM,SAAS,GAAG,gBAAgB,CAAC;AAC1C,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,GAAG,KAAe,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC"}