@chevre/domain 22.0.0-alpha.1 → 22.0.0-alpha.3

package/example/src/chevre/findReservationByCode.ts

@@ -28,11 +28,23 @@ async function main() {
         ticket: {
             ticketToken: CODE
         }
-    })({
-        authorization: authorizationRepo,
-        order: orderRepo,
-        ticket: ticketRepo
-    });
+    })(
+        {
+            authorization: authorizationRepo,
+            order: orderRepo,
+            ticket: ticketRepo
+        },
+        {
+            jwt: await chevre.credentials.JWT.createInstance({
+                secret: <string>process.env.TOKEN_SECRET,
+                issuers: (typeof process.env.TOKEN_ISSUERS_BY_AUTHORIZATION === 'string')
+                    ? process.env.TOKEN_ISSUERS_BY_AUTHORIZATION.split(' ')
+                    : [],
+                version: (typeof process.env.TOKEN_VERSION === 'string') ? process.env.TOKEN_VERSION : '2024-05-02',
+                payloadTypPrefix: (typeof process.env.TOKEN_PAYLOAD_TYP_PREFIX === 'string') ? process.env.TOKEN_PAYLOAD_TYP_PREFIX : 'chevre'
+            })
+        }
+    );
     console.log('verified.');
 
     const result = await (await chevre.service.reserve.createService()).findByCode({

package/example/src/chevre/findValidAuthorization.ts

@@ -33,10 +33,22 @@ async function main() {
         issuer: 'https://example.com',
         audience: 'https://example.com',
         useJti: true
-    })({
-        authorization: authorizationRepo,
-        ticket: ticketRepo
-    });
+    })(
+        {
+            authorization: authorizationRepo,
+            ticket: ticketRepo
+        },
+        {
+            jwt: await chevre.credentials.JWT.createInstance({
+                secret: <string>process.env.TOKEN_SECRET,
+                issuers: (typeof process.env.TOKEN_ISSUERS_BY_AUTHORIZATION === 'string')
+                    ? process.env.TOKEN_ISSUERS_BY_AUTHORIZATION.split(' ')
+                    : [],
+                version: (typeof process.env.TOKEN_VERSION === 'string') ? process.env.TOKEN_VERSION : '2024-05-02',
+                payloadTypPrefix: (typeof process.env.TOKEN_PAYLOAD_TYP_PREFIX === 'string') ? process.env.TOKEN_PAYLOAD_TYP_PREFIX : 'chevre'
+            })
+        }
+    );
     console.log('token:', token);
 }
 

package/lib/chevre/credentials/jwt.d.ts

@@ -0,0 +1,23 @@
+interface IOptions {
+    secret: string;
+    /**
+     * トークン検証時の発行者リスト
+     */
+    issuers: string[];
+    version: string;
+    payloadTypPrefix: string;
+}
+/**
+ * トークン認証情報
+ */
+declare class JWTCredentials {
+    readonly secret: string;
+    /**
+     * トークン検証時の発行者リスト
+     */
+    readonly issuers: string[];
+    readonly version: string;
+    readonly payloadTypPrefix: string;
+    constructor(options: IOptions);
+}
+export { JWTCredentials };

package/lib/chevre/credentials/jwt.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JWTCredentials = void 0;
+/**
+ * トークン認証情報
+ */
+class JWTCredentials {
+    constructor(options) {
+        this.version = '2024-05-02'; // 追加(2024-05-02~)
+        this.payloadTypPrefix = 'chevre';
+        const { secret, issuers, version, payloadTypPrefix } = options;
+        this.issuers = issuers;
+        this.payloadTypPrefix = payloadTypPrefix;
+        this.secret = secret;
+        this.version = version;
+    }
+}
+exports.JWTCredentials = JWTCredentials;

package/lib/chevre/credentials.d.ts

@@ -1,40 +1,35 @@
+import type { JWTCredentials } from './credentials/jwt';
 /**
  * 外部サービスを使用するための認証情報
  */
-export declare const credentials: {
-    aws: {
+export declare namespace credentials {
+    const aws: {
         accessKeyId: string;
         secretAccessKey: string;
         tokenIssuerEndpoint: string;
     };
-    chevre: {
-        authorizeServerDomain: string;
-        clientId: string;
-        clientSecret: string;
-        endpoint: string;
-    };
-    coa: {
+    const coa: {
         endpoint: string;
         refreshToken: string;
         timeout: number;
         useFetch: boolean;
     };
-    customSearch: {
+    const customSearch: {
         engineId: string;
         apiKey: string;
     };
-    gmo: {
+    const gmo: {
         timeout: number;
         timeoutBackground: number | undefined;
         useFetch: boolean;
     };
-    lineNotify: {
+    const lineNotify: {
         url: string | undefined;
         accessToken: string | undefined;
         accessTokenAlert: string | undefined;
         accessTokenInfo: string | undefined;
     };
-    movieticketReserve: {
+    const movieticketReserve: {
         /**
          * 着券時タイムアウト
          */
@@ -44,16 +39,11 @@ export declare const credentials: {
          */
         timeoutCheck: number;
     };
-    sendGrid: {
+    const sendGrid: {
         apiKey: string | undefined;
     };
-    jwt: {
-        secret: string;
-        /**
-         * トークン検証時の発行者リスト
-         */
-        issuers: string[];
-        version: string;
-        payloadTypPrefix: string;
-    };
-};
+    type JWT = JWTCredentials;
+    namespace JWT {
+        function createInstance(...params: ConstructorParameters<typeof JWTCredentials>): Promise<JWTCredentials>;
+    }
+}

package/lib/chevre/credentials.js

@@ -1,47 +1,75 @@
 "use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.credentials = void 0;
+// export const credentials = {
+// migrate to JWTCredentials(2024-07-11~)
+// jwt: {
+//     secret: <string>process.env.TOKEN_SECRET,
+//     // RESOURCE_SERVER_IDENTIFIERとは分離して指定可能に拡張(2024-05-02~)
+//     // issuer: (typeof process.env.TOKEN_ISSUER_BY_AUTHORIZATION === 'string')
+//     //     ? process.env.TOKEN_ISSUER_BY_AUTHORIZATION
+//     //     : <string>process.env.RESOURCE_SERVER_IDENTIFIER,
+//     /**
+//      * トークン検証時の発行者リスト
+//      */
+//     issuers: (typeof process.env.TOKEN_ISSUERS_BY_AUTHORIZATION === 'string')
+//         ? process.env.TOKEN_ISSUERS_BY_AUTHORIZATION.split(' ')
+//         : [], // 追加(2024-05-02~)
+//     version: (typeof process.env.TOKEN_VERSION === 'string') ? process.env.TOKEN_VERSION : '2024-05-02', // 追加(2024-05-02~)
+//     payloadTypPrefix: (typeof process.env.TOKEN_PAYLOAD_TYP_PREFIX === 'string') ? process.env.TOKEN_PAYLOAD_TYP_PREFIX : 'chevre'
+// }
+// };
 /**
  * 外部サービスを使用するための認証情報
  */
-exports.credentials = {
-    aws: {
+var credentials;
+(function (credentials) {
+    credentials.aws = {
         accessKeyId: process.env.AWS_ACCESS_KEY_ID,
         secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
         tokenIssuerEndpoint: process.env.TOKEN_ISSUER_ENDPOINT
-    },
-    chevre: {
-        authorizeServerDomain: process.env.CHEVRE_AUTHORIZE_SERVER_DOMAIN,
-        clientId: process.env.CHEVRE_CLIENT_ID,
-        clientSecret: process.env.CHEVRE_CLIENT_SECRET,
-        endpoint: process.env.CHEVRE_ENDPOINT
-    },
-    coa: {
+    };
+    // export const chevre = {
+    //     authorizeServerDomain: <string>process.env.CHEVRE_AUTHORIZE_SERVER_DOMAIN,
+    //     clientId: <string>process.env.CHEVRE_CLIENT_ID,
+    //     clientSecret: <string>process.env.CHEVRE_CLIENT_SECRET,
+    //     endpoint: <string>process.env.CHEVRE_ENDPOINT
+    // };
+    credentials.coa = {
         endpoint: process.env.COA_ENDPOINT,
         refreshToken: process.env.COA_REFRESH_TOKEN,
         // tslint:disable-next-line:no-magic-numbers
         timeout: (typeof process.env.COA_TIMEOUT === 'string') ? Number(process.env.COA_TIMEOUT) : 20000,
         useFetch: process.env.COA_USE_FETCH === '1'
-    },
-    customSearch: {
+    };
+    credentials.customSearch = {
         engineId: process.env.CUSTOM_SEARCH_ENGINE_ID,
         apiKey: process.env.GOOGLE_API_KEY
-    },
-    gmo: {
+    };
+    credentials.gmo = {
         // tslint:disable-next-line:no-magic-numbers
         timeout: (typeof process.env.GMO_TIMEOUT === 'string') ? Number(process.env.GMO_TIMEOUT) : 5000,
         timeoutBackground: (typeof process.env.GMO_TIMEOUT_BACKGROUND === 'string')
             ? Number(process.env.GMO_TIMEOUT_BACKGROUND)
             : undefined,
         useFetch: process.env.GMO_USE_FETCH === '1'
-    },
-    lineNotify: {
+    };
+    credentials.lineNotify = {
         url: process.env.LINE_NOTIFY_URL,
         accessToken: process.env.LINE_NOTIFY_ACCESS_TOKEN,
         accessTokenAlert: process.env.LINE_NOTIFY_ACCESS_TOKEN_ALERT,
         accessTokenInfo: process.env.LINE_NOTIFY_ACCESS_TOKEN_INFO
-    },
-    movieticketReserve: {
+    };
+    credentials.movieticketReserve = {
         /**
          * 着券時タイムアウト
          */
@@ -52,23 +80,21 @@ exports.credentials = {
          */
         // tslint:disable-next-line:no-magic-numbers
         timeoutCheck: (typeof process.env.MVTK_TIMEOUT_CHECK === 'string') ? Number(process.env.MVTK_TIMEOUT_CHECK) : 5000
-    },
-    sendGrid: {
+    };
+    credentials.sendGrid = {
         apiKey: process.env.SENDGRID_API_KEY
-    },
-    jwt: {
-        secret: process.env.TOKEN_SECRET,
-        // RESOURCE_SERVER_IDENTIFIERとは分離して指定可能に拡張(2024-05-02~)
-        // issuer: (typeof process.env.TOKEN_ISSUER_BY_AUTHORIZATION === 'string')
-        //     ? process.env.TOKEN_ISSUER_BY_AUTHORIZATION
-        //     : <string>process.env.RESOURCE_SERVER_IDENTIFIER,
-        /**
-         * トークン検証時の発行者リスト
-         */
-        issuers: (typeof process.env.TOKEN_ISSUERS_BY_AUTHORIZATION === 'string')
-            ? process.env.TOKEN_ISSUERS_BY_AUTHORIZATION.split(' ')
-            : [],
-        version: (typeof process.env.TOKEN_VERSION === 'string') ? process.env.TOKEN_VERSION : '2024-05-02',
-        payloadTypPrefix: (typeof process.env.TOKEN_PAYLOAD_TYP_PREFIX === 'string') ? process.env.TOKEN_PAYLOAD_TYP_PREFIX : 'chevre'
-    }
-};
+    };
+    let JWT;
+    (function (JWT) {
+        let cred;
+        function createInstance(...params) {
+            return __awaiter(this, void 0, void 0, function* () {
+                if (cred === undefined) {
+                    cred = (yield Promise.resolve().then(() => require('./credentials/jwt'))).JWTCredentials;
+                }
+                return new cred(...params);
+            });
+        }
+        JWT.createInstance = createInstance;
+    })(JWT = credentials.JWT || (credentials.JWT = {}));
+})(credentials = exports.credentials || (exports.credentials = {}));

package/lib/chevre/repo/authorization.d.ts

@@ -1,6 +1,5 @@
 import type { Connection, FilterQuery } from 'mongoose';
 import * as factory from '../factory';
-export type ICode = string;
 type IFindValidOneResult = Pick<factory.authorization.IAuthorization, 'object' | 'typeOf' | 'audience' | 'issuedBy'> & {
     id: string;
 };
@@ -26,7 +25,7 @@ export declare class AuthorizationRepo {
         project: {
             id: string;
         };
-        code: ICode;
+        code: string;
     }): Promise<IFindValidOneResult>;
     /**
      * 有効な承認を参照する

package/lib/chevre/service/code.d.ts

@@ -1,16 +1,19 @@
+/**
+ * 承認サービス
+ */
+import * as jwt from 'jsonwebtoken';
 import type { ActionRepo } from '../repo/action';
-import type { AuthorizationRepo, ICode } from '../repo/authorization';
+import type { AuthorizationRepo } from '../repo/authorization';
 import type { TicketRepo } from '../repo/ticket';
+import { JWTCredentials } from '../credentials/jwt';
 import * as factory from '../factory';
 type IToken = string;
-interface IPayload extends Pick<factory.clientUser.IClientUser, 'aud' | 'exp' | 'iat' | 'iss' | 'jti' | 'sub' | 'token_use' | 'typ' | 'version'> {
+interface IPayload extends Pick<factory.clientUser.IClientUser, 'aud' | 'exp' | 'iat' | 'iss' | 'sub' | 'token_use' | 'typ' | 'version'> {
     version: string;
     typ: string;
+    jti?: string;
 }
-type IPayloadWithNoVersion = factory.authorization.IObject & {
-    version?: never;
-    typ?: never;
-};
+type IAuthorizedObject = factory.authorization.IObject;
 /**
  * コードをトークンに変換する
  */
@@ -22,7 +25,7 @@ declare function getToken(params: {
     project: {
         id: string;
     };
-    code: ICode;
+    code: string;
     expiresIn: number;
     /**
      * jtw.payload.iss
@@ -39,7 +42,11 @@ declare function getToken(params: {
 }): (repos: {
     authorization: AuthorizationRepo;
     ticket: TicketRepo;
-}) => Promise<IToken>;
+}, credentials: {
+    jwt: JWTCredentials;
+}) => Promise<{
+    token: IToken;
+}>;
 declare function verifyToken(params: {
     project: {
         id: string;
@@ -51,5 +58,9 @@ declare function verifyToken(params: {
     action?: ActionRepo;
     authorization: AuthorizationRepo;
     ticket: TicketRepo;
-}) => Promise<factory.authorization.IObject | import("@chevre/factory/lib/action/accept/coaOffer").IPurpose>;
-export { IToken, ICode, IPayload, IPayloadWithNoVersion, getToken, verifyToken };
+}, credentials: {
+    jwt: JWTCredentials;
+}) => Promise<{
+    authorizedObject: IAuthorizedObject;
+}>;
+export { IPayload, getToken, verifyToken };

package/lib/chevre/service/code.js

@@ -14,14 +14,17 @@ exports.verifyToken = exports.getToken = void 0;
  * 承認サービス
  */
 const jwt = require("jsonwebtoken");
-const credentials_1 = require("../credentials");
 const factory = require("../factory");
+// type IPayloadWithNoVersion = factory.authorization.IObject & {
+//     version?: never;
+//     typ?: never;
+// };
 const ALGORITHM = 'HS256';
 /**
  * コードをトークンに変換する
  */
 function getToken(params) {
-    return (repos) => __awaiter(this, void 0, void 0, function* () {
+    return (repos, credentials) => __awaiter(this, void 0, void 0, function* () {
         var _a;
         if (typeof params.project.id !== 'string' || params.project.id.length === 0) {
             throw new factory.errors.ArgumentNull('project.id');
@@ -37,7 +40,7 @@ function getToken(params) {
             throw new factory.errors.ArgumentNull('issuer');
         }
         let subject = authorization.id;
-        let typ = `${credentials_1.credentials.jwt.payloadTypPrefix}:${authorization.typeOf}`;
+        let typ = `${credentials.jwt.payloadTypPrefix}:${authorization.typeOf}`;
         let jti;
         if (params.useJti) {
             const { id } = yield repos.ticket.issueByTicketToken(Object.assign({ project: { id: params.project.id }, ticketToken: params.code }, (typeof ((_a = authorization.issuedBy) === null || _a === void 0 ? void 0 : _a.id) === 'string') ? { issuedBy: authorization.issuedBy } : undefined));
@@ -45,26 +48,23 @@ function getToken(params) {
             // ロール承認の場合、subjectはメンバーID,typはメンバータイプ
             if (authorization.object.typeOf === factory.iam.RoleType.OrganizationRole) {
                 subject = authorization.object.member.id;
-                typ = `${credentials_1.credentials.jwt.payloadTypPrefix}:${authorization.object.member.typeOf}`;
+                typ = `${credentials.jwt.payloadTypPrefix}:${authorization.object.member.typeOf}`;
             }
             else {
                 // useJtiの場合、subject,typはagent(2024-05-09~)
                 subject = params.agent.id;
-                typ = `${credentials_1.credentials.jwt.payloadTypPrefix}:${params.agent.typeOf}`;
+                typ = `${credentials.jwt.payloadTypPrefix}:${params.agent.typeOf}`;
             }
         }
-        // const isAuthorize4order: boolean = authorization.object.typeOf === factory.order.OrderType.Order;
         const payload = {
-            // NO_VERSIONを廃止(2024-05-06~)
-            // ...(USE_TOKEN_WITH_NO_VERSION && isAuthorize4order) ? authorization.object : undefined,
             // sub: authorization.id, // 拡張(2024-05-01~)
             token_use: 'access',
-            version: credentials_1.credentials.jwt.version,
+            version: credentials.jwt.version,
             typ //  拡張(2024-05-07~)
         };
-        return new Promise((resolve, reject) => {
+        const token = yield new Promise((resolve, reject) => {
             // 所有権を暗号化する
-            jwt.sign(payload, credentials_1.credentials.jwt.secret, Object.assign(Object.assign({ algorithm: ALGORITHM, 
+            jwt.sign(payload, credentials.jwt.secret, Object.assign(Object.assign({ algorithm: ALGORITHM, 
                 // issuer: credentials.jwt.issuer,
                 issuer: params.issuer, expiresIn: params.expiresIn, subject }, (typeof params.audience === 'string') ? { audience: params.audience } : undefined), (typeof jti === 'string') ? { jwtid: jti } : undefined // 拡張(2024-05-08~)
             ), (err, encoded) => {
@@ -81,13 +81,69 @@ function getToken(params) {
                 }
             });
         });
+        return { token };
     });
 }
 exports.getToken = getToken;
-function verifyToken(params) {
-    // tslint:disable-next-line:max-func-body-length
+function payload2authorizeObject(params) {
     return (repos) => __awaiter(this, void 0, void 0, function* () {
-        let result;
+        const { payload } = params;
+        let authorizedObject;
+        // token.payloadが承認のケースに対応(2024-05-02~)
+        if (typeof payload.version === 'string') {
+            if (typeof payload.sub !== 'string' || payload.sub.length === 0) {
+                throw new factory.errors.Unauthorized(`invalid token [sub:${payload.sub}]`);
+            }
+            // discontinue purposeTokenに対応(2024-07-10~)
+            // sskts.purposeTokenに対応
+            // let resourceTypeByPayload: string | undefined;
+            // if (typeof payload.typ === 'string') {
+            //     resourceTypeByPayload = payload.typ.split(`${credentials.jwt.payloadTypPrefix}:`)
+            //         .at(1);
+            // }
+            // if (resourceTypeByPayload === factory.transactionType.PlaceOrder) {
+            //     result = {
+            //         id: payload.sub,
+            //         typeOf: resourceTypeByPayload
+            //     };
+            // } else {
+            // }
+            if (typeof payload.jti === 'string') {
+                // jtiに対応(2024-05-08~)
+                const ticket = (yield repos.ticket.search({
+                    limit: 1,
+                    page: 1,
+                    project: { id: { $eq: params.project.id } },
+                    id: { $eq: payload.jti }
+                })).shift();
+                if (ticket === undefined) {
+                    throw new factory.errors.NotFound('Ticket');
+                }
+                // 承認を参照
+                const { object } = yield repos.authorization.findValidOneByCode({
+                    project: { id: params.project.id },
+                    code: ticket.ticketToken
+                });
+                authorizedObject = object;
+            }
+            else {
+                // 基本的にはsubで承認を参照
+                const { object } = yield repos.authorization.findValidOneById({
+                    project: { id: params.project.id },
+                    id: payload.sub
+                });
+                authorizedObject = object;
+            }
+        }
+        else {
+            // NO_VERSIONを廃止(2024-05-06~)
+            throw new factory.errors.NotImplemented('USE_TOKEN_WITH_NO_VERSION discontinued');
+        }
+        return { authorizedObject };
+    });
+}
+function verifyToken(params) {
+    return (repos, credentials) => __awaiter(this, void 0, void 0, function* () {
         let payload;
         let action;
         if (repos.action !== undefined) {
@@ -103,11 +159,12 @@ function verifyToken(params) {
             action = (yield repos.action.start(actionAttributes));
         }
         try {
+            // payload = await new Promise<IPayloadWithNoVersion | IPayload>((resolve, reject) => {
             payload = yield new Promise((resolve, reject) => {
-                jwt.verify(params.token, credentials_1.credentials.jwt.secret, Object.assign({ algorithms: [ALGORITHM], 
+                jwt.verify(params.token, credentials.jwt.secret, Object.assign({ algorithms: [ALGORITHM], 
                     // 互換性維持のために複数対応(2024-05-02~)
                     // issuer: credentials.jwt.issuer,
-                    issuer: credentials_1.credentials.jwt.issuers }, (Array.isArray(params.audience)) ? { audience: params.audience } : undefined), (err, decoded) => {
+                    issuer: credentials.jwt.issuers }, (Array.isArray(params.audience)) ? { audience: params.audience } : undefined), (err, decoded) => {
                     if (err instanceof Error) {
                         reject(err);
                     }
@@ -135,60 +192,7 @@ function verifyToken(params) {
         if (repos.action !== undefined && action !== undefined) {
             yield repos.action.completeWithVoid({ typeOf: action.typeOf, id: action.id, result: payload });
         }
-        // token.payloadが承認のケースに対応(2024-05-02~)
-        if (typeof payload.version === 'string') {
-            if (typeof payload.sub !== 'string' || payload.sub.length === 0) {
-                throw new factory.errors.Unauthorized(`invalid token [sub:${payload.sub}]`);
-            }
-            // sskts.purposeTokenに対応
-            let resourceTypeByPayload;
-            if (typeof payload.typ === 'string') {
-                resourceTypeByPayload = payload.typ.split(`${credentials_1.credentials.jwt.payloadTypPrefix}:`)
-                    .at(1);
-            }
-            if (resourceTypeByPayload === factory.transactionType.PlaceOrder) {
-                result = {
-                    id: payload.sub,
-                    typeOf: resourceTypeByPayload
-                };
-            }
-            else if (typeof payload.jti === 'string') {
-                // jtiに対応(2024-05-08~)
-                const ticket = (yield repos.ticket.search({
-                    limit: 1,
-                    page: 1,
-                    project: { id: { $eq: params.project.id } },
-                    id: { $eq: payload.jti }
-                })).shift();
-                if (ticket === undefined) {
-                    throw new factory.errors.NotFound('Ticket');
-                }
-                // 承認を参照
-                const { object } = yield repos.authorization.findValidOneByCode({
-                    project: { id: params.project.id },
-                    code: ticket.ticketToken
-                });
-                result = object;
-            }
-            else {
-                // 基本的にはsubで承認を参照
-                const { object } = yield repos.authorization.findValidOneById({
-                    project: { id: params.project.id },
-                    id: payload.sub
-                });
-                result = object;
-            }
-        }
-        else {
-            // NO_VERSIONを廃止(2024-05-06~)
-            throw new factory.errors.NotImplemented('USE_TOKEN_WITH_NO_VERSION discontinued');
-            // if (USE_TOKEN_WITH_NO_VERSION) {
-            //     result = payload;
-            // } else {
-            //     throw new factory.errors.NotImplemented('USE_TOKEN_WITH_NO_VERSION not implemented');
-            // }
-        }
-        return result;
+        return payload2authorizeObject({ payload, project: { id: params.project.id } })(repos);
     });
 }
 exports.verifyToken = verifyToken;

package/lib/chevre/service/offer/event/authorize/processStartReserve4chevre.d.ts

@@ -1,4 +1,5 @@
 import * as factory from '../../../../factory';
+import type { JWTCredentials } from '../../../../credentials/jwt';
 import type { ActionRepo } from '../../../../repo/action';
 import type { AssetTransactionRepo } from '../../../../repo/assetTransaction';
 import type { AuthorizationRepo } from '../../../../repo/authorization';
@@ -48,6 +49,8 @@ declare function processStartReserve4chevre(params: {
     task: TaskRepo;
     ticket: TicketRepo;
     assetTransaction: AssetTransactionRepo;
+}, credentials: {
+    jwt: JWTCredentials;
 }) => Promise<{
     acceptedOffers4result: factory.action.authorize.offer.eventService.IResultAcceptedOffer[];
 }>;

package/lib/chevre/service/offer/event/authorize/processStartReserve4chevre.js

@@ -15,7 +15,7 @@ const ReserveTransactionService = require("../../../assetTransaction/reserve");
 const CodeService = require("../../../code");
 const factory_1 = require("./factory");
 function processStartReserve4chevre(params) {
-    return (repos) => __awaiter(this, void 0, void 0, function* () {
+    return (repos, credentials) => __awaiter(this, void 0, void 0, function* () {
         const { event, transaction, transactionNumber } = params;
         let acceptedOffers4result = [];
         // 予約取引開始
@@ -23,7 +23,7 @@ function processStartReserve4chevre(params) {
             // object: <IObjectWithDetail>action.object,
             acceptedOffers: params.acceptedOffers, event: { id: event.id }, transaction,
             transactionNumber }, (params.broker !== undefined) ? { broker: params.broker } : undefined));
-        const startParamObject = yield validateObjectWithoutDetail(startParams)(repos);
+        const startParamObject = yield validateObjectWithoutDetail(startParams)(repos, credentials);
         const startReserveTransactionResult = yield ReserveTransactionService.start(Object.assign(Object.assign({}, startParams), { object: startParamObject, preSearchedEvent: event, preSearchedTicketOffers: params.ticketOffers, preSearchedUnitPriceOffers: params.unitPriceOffers, availableAtOrFrom: { id: params.availableAtOrFrom.id }, validateEvent: params.validateEvent, validateEventOfferPeriod: params.validateEventOfferPeriod, validateAppliesToMovieTicket: true, 
             // useHoldStockByTransactionNumber: params.useHoldStockByTransactionNumber, // discontinue(2024-07-02~)
             stockHoldUntilDaysAfterEventEnd: params.stockHoldUntilDaysAfterEventEnd }))(repos);
@@ -42,7 +42,7 @@ function processStartReserve4chevre(params) {
 }
 exports.processStartReserve4chevre = processStartReserve4chevre;
 function validateObjectWithoutDetail(params) {
-    return (repos) => __awaiter(this, void 0, void 0, function* () {
+    return (repos, credentials) => __awaiter(this, void 0, void 0, function* () {
         var _a, _b, _c, _d;
         const objectWithoutDetail = params.object;
         if (Array.isArray(objectWithoutDetail.acceptedOffer)) {
@@ -51,11 +51,12 @@ function validateObjectWithoutDetail(params) {
                 let programMembershipUsed = (_b = (_a = acceptedOffer.itemOffered) === null || _a === void 0 ? void 0 : _a.serviceOutput) === null || _b === void 0 ? void 0 : _b.programMembershipUsed;
                 // トークン化されたメンバーシップがリクエストされた場合、実メンバーシップ情報へ変換する
                 if (typeof programMembershipUsed === 'string' && programMembershipUsed.length > 0) {
-                    const permitOwnershipInfo = yield CodeService.verifyToken({
+                    const { authorizedObject } = yield CodeService.verifyToken({
                         project: params.project,
                         agent: params.project,
                         token: String(programMembershipUsed)
-                    })(repos);
+                    })(repos, credentials);
+                    const permitOwnershipInfo = authorizedObject;
                     if (Array.isArray(permitOwnershipInfo)) {
                         throw new factory.errors.NotImplemented('programMembershipUsed as an array not implemented');
                     }

package/lib/chevre/service/offer/event/authorize.d.ts

@@ -1,4 +1,5 @@
 import * as factory from '../../../factory';
+import type { JWTCredentials } from '../../../credentials/jwt';
 import type { ActionRepo } from '../../../repo/action';
 import type { AssetTransactionRepo } from '../../../repo/assetTransaction';
 import type { AuthorizationRepo } from '../../../repo/authorization';
@@ -43,7 +44,9 @@ interface IAuthorizeRepos {
     transaction: TransactionRepo;
     transactionNumber: TransactionNumberRepo;
 }
-type IAuthorizeOperation<T> = (repos: IAuthorizeRepos) => Promise<T>;
+type IAuthorizeOperation<T> = (repos: IAuthorizeRepos, credentials: {
+    jwt: JWTCredentials;
+}) => Promise<T>;
 type IAuthorizeOfferAction = factory.action.authorize.offer.eventService.IAction<factory.service.webAPI.Identifier>;
 type IObjectWithoutDetail = factory.action.authorize.offer.eventService.IObjectWithoutDetail<factory.service.webAPI.Identifier.Chevre>;
 /**

package/lib/chevre/service/offer/event/authorize.js

@@ -20,7 +20,7 @@ const searchEventTicketOffers_1 = require("./searchEventTicketOffers");
  * 興行オファー承認
  */
 function authorize(params) {
-    return (repos) => __awaiter(this, void 0, void 0, function* () {
+    return (repos, credentials) => __awaiter(this, void 0, void 0, function* () {
         var _a;
         const noOfferSpecified = params.noOfferSpecified === true;
         const { transaction, event } = yield validateCreateRequest(params)(repos);
@@ -44,7 +44,7 @@ function authorize(params) {
             const processStartReserveResult = yield (0, processStartReserve4chevre_1.processStartReserve4chevre)(Object.assign({ acceptedOffers, event,
                 transactionNumber, transaction, availableAtOrFrom: { id: params.store.id }, ticketOffers, unitPriceOffers, validateEvent: params.validateEvent === true, validateEventOfferPeriod: params.validateEventOfferPeriod === true, 
                 // useHoldStockByTransactionNumber: params.useHoldStockByTransactionNumber, // discontinue(2024-07-02~)
-                stockHoldUntilDaysAfterEventEnd: params.stockHoldUntilDaysAfterEventEnd }, (typeof ((_a = params.object.broker) === null || _a === void 0 ? void 0 : _a.typeOf) === 'string') ? { broker: params.object.broker } : undefined))(repos);
+                stockHoldUntilDaysAfterEventEnd: params.stockHoldUntilDaysAfterEventEnd }, (typeof ((_a = params.object.broker) === null || _a === void 0 ? void 0 : _a.typeOf) === 'string') ? { broker: params.object.broker } : undefined))(repos, credentials);
             acceptedOffers4result = processStartReserveResult.acceptedOffers4result;
             // add orderInTransaction(2024-01-15~)
             if (!noOfferSpecified) {

package/lib/chevre/service/payment/any.d.ts

@@ -2,6 +2,7 @@
  * 汎用決済サービス
  */
 import * as factory from '../../factory';
+import type { JWTCredentials } from '../../credentials/jwt';
 import type { AccountingReportRepo } from '../../repo/accountingReport';
 import type { ActionRepo, IMinimizedPurchaseNumberAuthResult } from '../../repo/action';
 import type { AssetTransactionRepo } from '../../repo/assetTransaction';
@@ -87,7 +88,9 @@ interface IAuthorizeRepos {
     transactionNumber: TransactionNumberRepo;
     transactionProcess: TransactionProcessRepo;
 }
-type IAuthorizeOperation<T> = (repos: IAuthorizeRepos) => Promise<T>;
+type IAuthorizeOperation<T> = (repos: IAuthorizeRepos, credentials: {
+    jwt: JWTCredentials;
+}) => Promise<T>;
 interface IPublishPaymentUrlRepos {
     action: ActionRepo;
     assetTransaction: AssetTransactionRepo;

package/lib/chevre/service/payment/any.js

@@ -302,7 +302,7 @@ function minimizeObjectIncludingPaymentMethodDetails(authorizeObjectIncludingPay
  */
 function authorize(params) {
     // tslint:disable-next-line:cyclomatic-complexity max-func-body-length
-    return (repos) => __awaiter(this, void 0, void 0, function* () {
+    return (repos, credentials) => __awaiter(this, void 0, void 0, function* () {
         var _a, _b;
         if (params.purpose.typeOf !== factory.transactionType.PlaceOrder) {
             throw new factory.errors.NotImplemented(`purpose.typeOf '${params.purpose.typeOf} not implemented'`);
@@ -352,7 +352,9 @@ function authorize(params) {
             transactionNumber = publishTransactionNumberResult.transactionNumber;
         }
         const movieTickets = (Array.isArray(params.object.movieTickets)) ? params.object.movieTickets.map(factory_1.createMovieTicket) : undefined;
-        const { accountId } = yield fixAccountIdIfPossible({ object: params.object, project: { id: transaction.project.id } })(repos);
+        const { accountId } = yield fixAccountIdIfPossible({
+            object: params.object, project: { id: transaction.project.id }
+        })(repos, credentials);
         const authorizeObjectIncludingPaymentMethodDetails = Object.assign(Object.assign(Object.assign(Object.assign({}, params.object), { accountId, paymentMethodId: transactionNumber, typeOf: factory.action.authorize.paymentMethod.any.ResultType.Payment }), (creditCard !== undefined) ? { creditCard } : undefined), (Array.isArray(movieTickets)) ? { movieTickets } : undefined);
         const { authorizeObject } = minimizeObjectIncludingPaymentMethodDetails(authorizeObjectIncludingPaymentMethodDetails);
         // 承認アクションを開始する
@@ -428,7 +430,7 @@ exports.authorize = authorize;
  * 承認しようとしているobjectからaccountIdを決定する
  */
 function fixAccountIdIfPossible(params) {
-    return (repos) => __awaiter(this, void 0, void 0, function* () {
+    return (repos, credentials) => __awaiter(this, void 0, void 0, function* () {
         var _a, _b;
         // let accountId = params.object?.accountId;
         let accountId = '';
@@ -436,11 +438,12 @@ function fixAccountIdIfPossible(params) {
         const movieTickets = (_b = params.object) === null || _b === void 0 ? void 0 : _b.movieTickets;
         // トークン化されたペイメントカード情報でリクエストされた場合、実ペイメントカード情報へ変換する
         if (typeof fromLocation === 'string') {
-            const paymentCardOwnershipInfo = yield (0, code_1.verifyToken)({
+            const { authorizedObject } = yield (0, code_1.verifyToken)({
                 project: { id: params.project.id },
                 agent: { id: params.project.id, typeOf: factory.organizationType.Project },
                 token: fromLocation
-            })(repos);
+            })(repos, credentials);
+            const paymentCardOwnershipInfo = authorizedObject;
             if (Array.isArray(paymentCardOwnershipInfo)) {
                 throw new factory.errors.NotImplemented('fromLocation as an array not implemented');
             }

package/lib/chevre/service/reserve/verifyToken4reservation.d.ts

@@ -1,3 +1,4 @@
+import type { JWTCredentials } from '../../credentials/jwt';
 import * as factory from '../../factory';
 import type { AuthorizationRepo } from '../../repo/authorization';
 import type { OrderRepo } from '../../repo/order';
@@ -28,4 +29,6 @@ export declare function verifyToken4reservation(params: {
     authorization: AuthorizationRepo;
     order: OrderRepo;
     ticket: TicketRepo;
+}, credentials: {
+    jwt: JWTCredentials;
 }) => Promise<void>;

package/lib/chevre/service/reserve/verifyToken4reservation.js

@@ -16,16 +16,17 @@ const code_1 = require("../code");
  * 予約使用のためのチケットトークンを検証する
  */
 function verifyToken4reservation(params) {
-    return (repos) => __awaiter(this, void 0, void 0, function* () {
+    return (repos, credentials) => __awaiter(this, void 0, void 0, function* () {
         // JWTと承認コードの両方に対応する(2024-02-28~)
         const { token, ticketToken } = params.ticket;
         let payload;
         if (typeof token === 'string' && token.length > 0) {
-            payload = yield (0, code_1.verifyToken)({
+            const { authorizedObject } = yield (0, code_1.verifyToken)({
                 project: params.project,
                 agent: params.agent,
                 token
-            })(repos);
+            })(repos, credentials);
+            payload = authorizedObject;
         }
         else if (typeof ticketToken === 'string' && ticketToken.length > 0) {
             const findValidOneByCodeResult = yield repos.authorization.findValidOneByCode({

package/lib/chevre/service/task/authorizePayment.js

@@ -32,35 +32,39 @@ const any_1 = require("../payment/any");
  */
 function call(params) {
     return (settings, options) => __awaiter(this, void 0, void 0, function* () {
-        if (settings.redisClient === undefined) {
+        const { connection, redisClient, jwtCredentials } = settings;
+        if (redisClient === undefined) {
             throw new factory.errors.Argument('settings', 'redisClient required');
         }
+        if (jwtCredentials === undefined) {
+            throw new factory.errors.Argument('settings', 'jwtCredentials required');
+        }
         // 遅延実行(executeByName)には対応しない
         if (!options.executeById) {
             return;
         }
         let callResult;
-        const actionRepo = new action_1.ActionRepo(settings.connection);
-        const transactionProcessRepo = new transactionProcess_1.TransactionProcessRepo(settings.redisClient, { lockExpiresInSeconds: 120 });
+        const actionRepo = new action_1.ActionRepo(connection);
+        const transactionProcessRepo = new transactionProcess_1.TransactionProcessRepo(redisClient, { lockExpiresInSeconds: 120 });
         try {
             yield (0, any_1.authorize)(Object.assign(Object.assign({}, params.data), { sameAs: { id: params.id } // タスクIDを関連付け(2024-04-20~)
              }))({
-                accountingReport: new accountingReport_1.AccountingReportRepo(settings.connection),
+                accountingReport: new accountingReport_1.AccountingReportRepo(connection),
                 action: actionRepo,
-                assetTransaction: new assetTransaction_1.AssetTransactionRepo(settings.connection),
-                authorization: new authorization_1.AuthorizationRepo(settings.connection),
-                confirmationNumber: new confirmationNumber_1.ConfirmationNumberRepo(settings.redisClient),
-                event: new event_1.EventRepo(settings.connection),
-                paymentAccepted: new sellerPaymentAccepted_1.SellerPaymentAcceptedRepo(settings.connection),
-                paymentService: new paymentService_1.PaymentServiceRepo(settings.connection),
-                paymentServiceProvider: new paymentServiceProvider_1.PaymentServiceProviderRepo(settings.connection),
-                product: new product_1.ProductRepo(settings.connection),
-                task: new task_1.TaskRepo(settings.connection),
-                ticket: new ticket_1.TicketRepo(settings.connection),
-                transaction: new transaction_1.TransactionRepo(settings.connection),
-                transactionNumber: new transactionNumber_1.TransactionNumberRepo(settings.redisClient),
+                assetTransaction: new assetTransaction_1.AssetTransactionRepo(connection),
+                authorization: new authorization_1.AuthorizationRepo(connection),
+                confirmationNumber: new confirmationNumber_1.ConfirmationNumberRepo(redisClient),
+                event: new event_1.EventRepo(connection),
+                paymentAccepted: new sellerPaymentAccepted_1.SellerPaymentAcceptedRepo(connection),
+                paymentService: new paymentService_1.PaymentServiceRepo(connection),
+                paymentServiceProvider: new paymentServiceProvider_1.PaymentServiceProviderRepo(connection),
+                product: new product_1.ProductRepo(connection),
+                task: new task_1.TaskRepo(connection),
+                ticket: new ticket_1.TicketRepo(connection),
+                transaction: new transaction_1.TransactionRepo(connection),
+                transactionNumber: new transactionNumber_1.TransactionNumberRepo(redisClient),
                 transactionProcess: transactionProcessRepo
-            });
+            }, { jwt: jwtCredentials });
         }
         catch (error) {
             let throwsError = true;

package/lib/chevre/service/task.d.ts

@@ -1,5 +1,6 @@
 import type { Connection } from 'mongoose';
 import type { RedisClientType } from 'redis';
+import { JWTCredentials } from '../credentials/jwt';
 import * as factory from '../factory';
 import type { IExecutableTask, IExecutableTaskKeys, TaskRepo } from '../repo/task';
 interface IConnectionSettings {
@@ -11,6 +12,7 @@ interface IConnectionSettings {
      * Redisクライアント
      */
     redisClient?: RedisClientType;
+    jwtCredentials?: JWTCredentials;
 }
 interface IExecuteOptions {
     executeById: boolean;

package/lib/chevre/service/transaction/moneyTransfer.d.ts

@@ -1,3 +1,4 @@
+import { JWTCredentials } from '../../credentials/jwt';
 import type { ActionRepo } from '../../repo/action';
 import type { AssetTransactionRepo } from '../../repo/assetTransaction';
 import type { AuthorizationRepo } from '../../repo/authorization';
@@ -24,7 +25,9 @@ export interface IStartOperationRepos {
     transactionNumber: TransactionNumberRepo;
     assetTransaction: AssetTransactionRepo;
 }
-export type IStartOperation<T> = (repos: IStartOperationRepos) => Promise<T>;
+export type IStartOperation<T> = (repos: IStartOperationRepos, credentials: {
+    jwt: JWTCredentials;
+}) => Promise<T>;
 export type ITaskAndTransactionOperation<T> = (repos: {
     task: TaskRepo;
     transaction: TransactionRepo;
@@ -48,6 +51,8 @@ export type IAuthorizeOperation<T> = (repos: {
     ticket: TicketRepo;
     transaction: TransactionRepo;
     assetTransaction: AssetTransactionRepo;
+}, credentials: {
+    jwt: JWTCredentials;
 }) => Promise<T>;
 /**
  * 取引確定

package/lib/chevre/service/transaction/moneyTransfer.js

@@ -26,7 +26,7 @@ const CodeService = require("../code");
  * 通貨転送資産取引サービスを利用して転送取引を開始する
  */
 function start(params) {
-    return (repos) => __awaiter(this, void 0, void 0, function* () {
+    return (repos, credentials) => __awaiter(this, void 0, void 0, function* () {
         const { passport } = yield repos.passport.validatePassportTokenIfExist(params);
         const sellers = yield repos.seller.search({
             limit: 1,
@@ -54,7 +54,7 @@ function start(params) {
             transaction = yield repos.transaction.start(startParams);
             yield authorizePaymentCard({
                 transaction: Object.assign(Object.assign({}, transaction), { object: startParams.object, seller: startParams.seller, agent: startParams.agent, project: startParams.project, typeOf: startParams.typeOf })
-            })(repos);
+            })(repos, credentials);
         }
         catch (error) {
             throw error;
@@ -64,7 +64,7 @@ function start(params) {
 }
 exports.start = start;
 function authorizePaymentCard(params) {
-    return (repos) => __awaiter(this, void 0, void 0, function* () {
+    return (repos, credentials) => __awaiter(this, void 0, void 0, function* () {
         var _a;
         const transaction = params.transaction;
         const fromLocation = transaction.object.fromLocation;
@@ -95,7 +95,7 @@ function authorizePaymentCard(params) {
                             : String((_a = transaction.seller.name) === null || _a === void 0 ? void 0 : _a.ja)
                     }, price: 0, priceCurrency: factory.priceCurrency.JPY }, (typeof transaction.object.description === 'string') ? { description: transaction.object.description } : undefined),
                 purpose: { typeOf: transaction.typeOf, id: transaction.id }
-            })(repos);
+            })(repos, credentials);
         }
         else {
             throw new factory.errors.NotImplemented('Withdraw transaction not implemented');
@@ -160,7 +160,7 @@ function fixToLocation(params) {
  * 口座取引は、出金取引あるいは転送取引のどちらかを選択できます
  */
 function processAuthorizePaymentCard(params) {
-    return (repos) => __awaiter(this, void 0, void 0, function* () {
+    return (repos, credentials) => __awaiter(this, void 0, void 0, function* () {
         var _a;
         const transaction = yield repos.transaction.findInProgressById({
             typeOf: factory.transactionType.MoneyTransfer,
@@ -195,7 +195,7 @@ function processAuthorizePaymentCard(params) {
                 recipient: recipient,
                 transaction: transaction,
                 transactionNumber
-            })(repos);
+            })(repos, credentials);
             // アクションにchevre取引情報を保管
             yield repos.action.findByIdAndUpdate({
                 id: action.id,
@@ -276,7 +276,7 @@ function createAuthorizeMoneyTransferOfferActionAttributes(params) {
 }
 function processMoneyTransferTransaction(params) {
     // tslint:disable-next-line:max-func-body-length
-    return (repos) => __awaiter(this, void 0, void 0, function* () {
+    return (repos, credentials) => __awaiter(this, void 0, void 0, function* () {
         var _a, _b;
         let pendingTransaction;
         const transaction = params.transaction;
@@ -304,7 +304,7 @@ function processMoneyTransferTransaction(params) {
             throw new factory.errors.NotImplemented('Withdraw transaction not implemented');
         }
         else if (params.object.fromLocation !== undefined && params.object.itemOffered.toLocation !== undefined) {
-            const { fromLocation } = yield validateFromLocation({ id: params.project.id }, params.object.fromLocation, { id: issuedThroughId })(repos);
+            const { fromLocation } = yield validateFromLocation({ id: params.project.id }, params.object.fromLocation, { id: issuedThroughId })(repos, credentials);
             const { toLocation } = yield validateToLocation({ id: params.project.id }, {
                 typeOf: factory.permit.PermitType.Permit,
                 identifier: params.object.itemOffered.toLocation.identifier,
@@ -369,16 +369,17 @@ function processMoneyTransferTransaction(params) {
     });
 }
 function validateFromLocation(project, fromLocationBeforeStart, issuedThrough) {
-    return (repos) => __awaiter(this, void 0, void 0, function* () {
+    return (repos, credentials) => __awaiter(this, void 0, void 0, function* () {
         var _a, _b, _c;
         let fromLocation = fromLocationBeforeStart;
         // トークン化されたペイメントカード情報でリクエストされた場合、実ペイメントカード情報へ変換する
         if (typeof fromLocation === 'string') {
-            const paymentCardOwnershipInfo = yield CodeService.verifyToken({
+            const { authorizedObject } = yield CodeService.verifyToken({
                 project: { id: project.id },
                 agent: { id: project.id, typeOf: factory.organizationType.Project },
                 token: fromLocation
-            })(repos);
+            })(repos, credentials);
+            const paymentCardOwnershipInfo = authorizedObject;
             if (Array.isArray(paymentCardOwnershipInfo)) {
                 throw new factory.errors.NotImplemented('fromLocation as an array not implemented');
             }

package/package.json

@@ -11,7 +11,7 @@
   "dependencies": {
     "@aws-sdk/credential-providers": "3.433.0",
     "@chevre/factory": "4.378.0-alpha.0",
-    "@cinerino/sdk": "8.2.0",
+    "@cinerino/sdk": "9.0.0-alpha.1",
     "@motionpicture/coa-service": "9.4.0",
     "@motionpicture/gmo-service": "5.3.0",
     "@sendgrid/mail": "6.4.0",
@@ -110,5 +110,5 @@
     "postversion": "git push origin --tags",
     "prepublishOnly": "npm run clean && npm run build && npm test && npm run doc"
   },
-  "version": "22.0.0-alpha.1"
+  "version": "22.0.0-alpha.3"
 }