@dofe/infra-clients 0.1.41 → 0.1.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/internal/sso/index.d.ts +1 -1
  2. package/dist/internal/sso/index.d.ts.map +1 -1
  3. package/dist/internal/sso/index.js.map +1 -1
  4. package/dist/internal/sso/sso-auth.client.d.ts +129 -8
  5. package/dist/internal/sso/sso-auth.client.d.ts.map +1 -1
  6. package/dist/internal/sso/sso-auth.client.js +139 -22
  7. package/dist/internal/sso/sso-auth.client.js.map +1 -1
  8. package/dist/internal/sso/sso-message-proxy.service.d.ts +2 -2
  9. package/dist/internal/sso/sso-message-proxy.service.js +5 -5
  10. package/package.json +6 -6
package/dist/internal/sso/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  export { SsoClientModule } from './sso.module';
2
2
  export { SsoMessageClient } from './sso-message.client';
3
3
  export { SsoMessageProxyService } from './sso-message-proxy.service';
4
- export { SsoAuthClient } from './sso-auth.client';
4
+ export { SsoAuthClient, SsoInternalUser, SsoInternalTenant, SsoOidcSessionInfo, SsoMainSessionInfo, SsoUserSessionsResponse, SsoKeyInfo, SsoKeyStatusResponse, SsoKeyRotateResponse, SsoKeyPurgeResponse, } from './sso-auth.client';
5
5
  //# sourceMappingURL=index.d.ts.map
package/dist/internal/sso/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/clients/src/internal/sso/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/clients/src/internal/sso/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EACL,aAAa,EACb,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,kBAAkB,EAClB,uBAAuB,EACvB,UAAU,EACV,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,mBAAmB,CAAC"}
package/dist/internal/sso/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/clients/src/internal/sso/index.ts"],"names":[],"mappings":";;;AAAA,2CAA+C;AAAtC,6GAAA,eAAe,OAAA;AACxB,2DAAwD;AAA/C,sHAAA,gBAAgB,OAAA;AACzB,yEAAqE;AAA5D,mIAAA,sBAAsB,OAAA;AAC/B,qDAAkD;AAAzC,gHAAA,aAAa,OAAA"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/clients/src/internal/sso/index.ts"],"names":[],"mappings":";;;AAAA,2CAA+C;AAAtC,6GAAA,eAAe,OAAA;AACxB,2DAAwD;AAA/C,sHAAA,gBAAgB,OAAA;AACzB,yEAAqE;AAA5D,mIAAA,sBAAsB,OAAA;AAC/B,qDAW2B;AAVzB,gHAAA,aAAa,OAAA"}
package/dist/internal/sso/sso-auth.client.d.ts CHANGED
@@ -1,11 +1,94 @@
1
- import { HttpService } from '@nestjs/axios';
2
- import { ConfigService } from '@nestjs/config';
3
- export declare class SsoAuthClient {
1
+ import { OnModuleInit } from "@nestjs/common";
2
+ import { HttpService } from "@nestjs/axios";
3
+ import { ConfigService } from "@nestjs/config";
4
+ /**
5
+ * User information from SSO internal API
6
+ */
7
+ export interface SsoInternalUser {
8
+ id: string;
9
+ nickname: string | null;
10
+ code: string | null;
11
+ email: string | null;
12
+ mobile: string | null;
13
+ avatarUrl: string | null;
14
+ isAdmin: boolean;
15
+ isActive: boolean;
16
+ }
17
+ /**
18
+ * Tenant information from SSO internal API
19
+ */
20
+ export interface SsoInternalTenant {
21
+ id: string;
22
+ name: string;
23
+ slug: string;
24
+ type: string;
25
+ plan: string;
26
+ status: string;
27
+ }
28
+ /**
29
+ * OIDC session information
30
+ */
31
+ export interface SsoOidcSessionInfo {
32
+ clientId: string;
33
+ scope?: string;
34
+ accessExpire: number;
35
+ authTime: number;
36
+ }
37
+ /**
38
+ * Main session information
39
+ */
40
+ export interface SsoMainSessionInfo {
41
+ accessExpire: number;
42
+ expire: number;
43
+ isAnonymity: boolean;
44
+ }
45
+ /**
46
+ * User sessions response
47
+ */
48
+ export interface SsoUserSessionsResponse {
49
+ mainSession?: SsoMainSessionInfo;
50
+ oidcSessions: SsoOidcSessionInfo[];
51
+ }
52
+ /**
53
+ * Key status information
54
+ */
55
+ export interface SsoKeyInfo {
56
+ kid: string;
57
+ status: "active" | "rotating" | "retired";
58
+ createdAt: string;
59
+ retiredAt?: string;
60
+ }
61
+ /**
62
+ * Key status response
63
+ */
64
+ export interface SsoKeyStatusResponse {
65
+ keys: SsoKeyInfo[];
66
+ activeKid?: string;
67
+ totalKeys: number;
68
+ }
69
+ /**
70
+ * Key rotate response
71
+ */
72
+ export interface SsoKeyRotateResponse {
73
+ newKid: string;
74
+ oldKid: string;
75
+ }
76
+ /**
77
+ * Key purge response
78
+ */
79
+ export interface SsoKeyPurgeResponse {
80
+ purgedCount: number;
81
+ }
82
+ export declare class SsoAuthClient implements OnModuleInit {
4
83
  private readonly httpService;
5
84
  private readonly configService;
85
+ private ssoInternalUrl;
86
+ private ssoBaseUrl;
87
+ private serviceToken;
88
+ private serviceName;
6
89
  constructor(httpService: HttpService, configService: ConfigService);
7
- private get ssoInternalUrl();
8
- private get ssoBaseUrl();
90
+ onModuleInit(): void;
91
+ private getInternalHeaders;
9
92
  /**
10
93
  * 验证 access token 有效性
11
94
  */
@@ -14,20 +97,58 @@ export declare class SsoAuthClient {
14
97
  userId?: string;
15
98
  expiresAt?: number;
16
99
  }>;
100
+ /**
101
+ * 按 ID 获取用户信息
102
+ */
103
+ getUser(userId: string): Promise<SsoInternalUser>;
104
+ /**
105
+ * 批量获取用户信息
106
+ * @param userIds - 用户 ID 数组(最多 100 个)
107
+ */
108
+ batchGetUsers(userIds: string[]): Promise<Record<string, SsoInternalUser>>;
109
+ /**
110
+ * 按 ID 获取租户信息
111
+ */
112
+ getTenant(tenantId: string): Promise<SsoInternalTenant>;
17
113
  /**
18
114
  * 检查 SSO 会话状态(跨子域 cookie)
115
+ * 注意:此方法不使用内部 API 认证,而是传递用户 cookie
19
116
  */
20
117
  getSession(cookieHeader?: string): Promise<unknown>;
21
118
  /**
22
- * 按 ID 获取用户信息
119
+ * 获取用户活跃会话列表
120
+ */
121
+ getUserSessions(userId: string): Promise<SsoUserSessionsResponse>;
122
+ /**
123
+ * 撤销用户特定 OIDC 会话
124
+ */
125
+ revokeSession(userId: string, clientId: string): Promise<{
126
+ success: boolean;
127
+ }>;
128
+ /**
129
+ * 撤销用户所有会话
130
+ */
131
+ revokeAllSessions(userId: string): Promise<{
132
+ success: boolean;
133
+ }>;
134
+ /**
135
+ * 获取密钥状态
136
+ */
137
+ getKeyStatus(): Promise<SsoKeyStatusResponse>;
138
+ /**
139
+ * 轮换密钥
140
+ */
141
+ rotateKeys(): Promise<SsoKeyRotateResponse>;
142
+ /**
143
+ * 清理过期密钥
23
144
  */
24
- getUser(userId: string): Promise<unknown>;
145
+ purgeKeys(): Promise<SsoKeyPurgeResponse>;
25
146
  /**
26
147
  * 获取 JWKS 公钥集合
148
+ * 注意:此方法是公开的,不需要认证
27
149
  */
28
150
  getJwks(): Promise<{
29
151
  keys: Array<Record<string, unknown>>;
30
152
  }>;
31
- private getServiceToken;
32
153
  }
33
154
  //# sourceMappingURL=sso-auth.client.d.ts.map
package/dist/internal/sso/sso-auth.client.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sso-auth.client.d.ts","sourceRoot":"","sources":["../../../../../packages/clients/src/internal/sso/sso-auth.client.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAG/C,qBACa,aAAa;IAEtB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,aAAa;gBADb,WAAW,EAAE,WAAW,EACxB,aAAa,EAAE,aAAa;IAG/C,OAAO,KAAK,cAAc,GAKzB;IAED,OAAO,KAAK,UAAU,GAKrB;IAED;;OAEG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;QAC9C,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IAiBF;;OAEG;IACG,UAAU,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAazD;;OAEG;IACG,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAY/C;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC;QAAE,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAA;KAAE,CAAC;IASlE,OAAO,CAAC,eAAe;CAGxB"}
1
+ {"version":3,"file":"sso-auth.client.d.ts","sourceRoot":"","sources":["../../../../../packages/clients/src/internal/sso/sso-auth.client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAY/C;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,OAAO,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC,YAAY,EAAE,kBAAkB,EAAE,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,QAAQ,GAAG,UAAU,GAAG,SAAS,CAAC;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,UAAU,EAAE,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,qBACa,aAAc,YAAW,YAAY;IAO9C,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAPhC,OAAO,CAAC,cAAc,CAAU;IAChC,OAAO,CAAC,UAAU,CAAU;IAC5B,OAAO,CAAC,YAAY,CAAU;IAC9B,OAAO,CAAC,WAAW,CAAU;gBAGV,WAAW,EAAE,WAAW,EACxB,aAAa,EAAE,aAAa;IAG/C,YAAY,IAAI,IAAI;IAkCpB,OAAO,CAAC,kBAAkB;IAY1B;;OAEG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;QAC9C,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IAoBF;;OAEG;IACG,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAavD;;;OAGG;IACG,aAAa,CACjB,OAAO,EAAE,MAAM,EAAE,GAChB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAkB3C;;OAEG;IACG,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAiB7D;;;OAGG;IACG,UAAU,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAazD;;OAEG;IACG,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAavE;;OAEG;IACG,aAAa,CACjB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IAchC;;OAEG;IACG,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IAkBtE;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC,oBAAoB,CAAC;IAanD;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,oBAAoB,CAAC;IAcjD;;OAEG;IACG,SAAS,IAAI,OAAO,CAAC,mBAAmB,CAAC;IAkB/C;;;OAGG;IACG,OAAO,IAAI,OAAO,CAAC;QAAE,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAA;KAAE,CAAC;CAWnE"}
package/dist/internal/sso/sso-auth.client.js CHANGED
@@ -17,38 +17,103 @@ const rxjs_1 = require("rxjs");
17
17
  let SsoAuthClient = class SsoAuthClient {
18
18
  httpService;
19
19
  configService;
20
+ ssoInternalUrl;
21
+ ssoBaseUrl;
22
+ serviceToken;
23
+ serviceName;
20
24
  constructor(httpService, configService) {
21
25
  this.httpService = httpService;
22
26
  this.configService = configService;
23
27
  }
24
- get ssoInternalUrl() {
25
- return (this.configService.get('SSO_INTERNAL_API_URL') ||
26
- 'http://localhost:3102/api');
28
+ onModuleInit() {
29
+ // 强制要求配置环境变量,不使用默认值
30
+ this.ssoInternalUrl =
31
+ this.configService.get("SSO_INTERNAL_API_URL") ?? "";
32
+ this.ssoBaseUrl = this.configService.get("SSO_API_URL") ?? "";
33
+ this.serviceToken =
34
+ this.configService.get("INTERNAL_API_SECRET") ?? "";
35
+ this.serviceName = this.configService.get("SSO_SERVICE_NAME") ?? "";
36
+ if (!this.ssoInternalUrl) {
37
+ throw new Error("SSO_INTERNAL_API_URL is required but not configured. Please set it in environment variables.");
38
+ }
39
+ if (!this.ssoBaseUrl) {
40
+ throw new Error("SSO_API_URL is required but not configured. Please set it in environment variables.");
41
+ }
42
+ if (!this.serviceToken) {
43
+ throw new Error("INTERNAL_API_SECRET is required but not configured. Please set it in environment variables.");
44
+ }
45
+ if (!this.serviceName) {
46
+ throw new Error('SSO_SERVICE_NAME is required but not configured. Please set it in environment variables (e.g., "models.dofe.ai" or "agents.dofe.ai").');
47
+ }
27
48
  }
28
- get ssoBaseUrl() {
29
- return (this.configService.get('SSO_API_URL') ||
30
- 'http://localhost:3102/api');
49
+ getInternalHeaders() {
50
+ return {
51
+ Authorization: `Bearer ${this.serviceToken}`,
52
+ "X-Service-Name": this.serviceName,
53
+ "Content-Type": "application/json",
54
+ };
31
55
  }
56
+ // ============================================================================
57
+ // Token Verification
58
+ // ============================================================================
32
59
  /**
33
60
  * 验证 access token 有效性
34
61
  */
35
62
  async verifyToken(accessToken) {
36
63
  const response = await (0, rxjs_1.firstValueFrom)(this.httpService.post(`${this.ssoInternalUrl}/internal/verify-token`, { token: accessToken }, {
37
- headers: {
38
- 'Authorization': `Bearer ${this.getServiceToken()}`,
39
- 'Content-Type': 'application/json',
40
- },
64
+ headers: this.getInternalHeaders(),
41
65
  timeout: 5000,
42
66
  }));
43
- return response.data;
67
+ return response.data.data;
68
+ }
69
+ // ============================================================================
70
+ // User Management
71
+ // ============================================================================
72
+ /**
73
+ * 按 ID 获取用户信息
74
+ */
75
+ async getUser(userId) {
76
+ const response = await (0, rxjs_1.firstValueFrom)(this.httpService.get(`${this.ssoInternalUrl}/internal/users/${userId}`, {
77
+ headers: this.getInternalHeaders(),
78
+ timeout: 5000,
79
+ }));
80
+ return response.data.data;
81
+ }
82
+ /**
83
+ * 批量获取用户信息
84
+ * @param userIds - 用户 ID 数组(最多 100 个)
85
+ */
86
+ async batchGetUsers(userIds) {
87
+ const response = await (0, rxjs_1.firstValueFrom)(this.httpService.post(`${this.ssoInternalUrl}/internal/users/batch`, { userIds }, {
88
+ headers: this.getInternalHeaders(),
89
+ timeout: 10000, // 批量请求可能需要更长超时
90
+ }));
91
+ return response.data.data;
92
+ }
93
+ // ============================================================================
94
+ // Tenant Management
95
+ // ============================================================================
96
+ /**
97
+ * 按 ID 获取租户信息
98
+ */
99
+ async getTenant(tenantId) {
100
+ const response = await (0, rxjs_1.firstValueFrom)(this.httpService.get(`${this.ssoInternalUrl}/internal/tenants/${tenantId}`, {
101
+ headers: this.getInternalHeaders(),
102
+ timeout: 5000,
103
+ }));
104
+ return response.data.data;
44
105
  }
106
+ // ============================================================================
107
+ // Session Management
108
+ // ============================================================================
45
109
  /**
46
110
  * 检查 SSO 会话状态(跨子域 cookie)
111
+ * 注意:此方法不使用内部 API 认证,而是传递用户 cookie
47
112
  */
48
113
  async getSession(cookieHeader) {
49
114
  const headers = {};
50
115
  if (cookieHeader)
51
- headers['Cookie'] = cookieHeader;
116
+ headers["Cookie"] = cookieHeader;
52
117
  const response = await (0, rxjs_1.firstValueFrom)(this.httpService.get(`${this.ssoBaseUrl}/auth/session`, {
53
118
  headers,
54
119
  timeout: 5000,
@@ -56,19 +121,74 @@ let SsoAuthClient = class SsoAuthClient {
56
121
  return response.data;
57
122
  }
58
123
  /**
59
- * 按 ID 获取用户信息
124
+ * 获取用户活跃会话列表
60
125
  */
61
- async getUser(userId) {
62
- const response = await (0, rxjs_1.firstValueFrom)(this.httpService.get(`${this.ssoInternalUrl}/internal/users/${userId}`, {
63
- headers: {
64
- 'Authorization': `Bearer ${this.getServiceToken()}`,
65
- },
126
+ async getUserSessions(userId) {
127
+ const response = await (0, rxjs_1.firstValueFrom)(this.httpService.get(`${this.ssoInternalUrl}/internal/users/${userId}/sessions`, {
128
+ headers: this.getInternalHeaders(),
66
129
  timeout: 5000,
67
130
  }));
68
- return response.data;
131
+ return response.data.data;
132
+ }
133
+ /**
134
+ * 撤销用户特定 OIDC 会话
135
+ */
136
+ async revokeSession(userId, clientId) {
137
+ const response = await (0, rxjs_1.firstValueFrom)(this.httpService.post(`${this.ssoInternalUrl}/internal/users/${userId}/sessions/${clientId}/revoke`, {}, {
138
+ headers: this.getInternalHeaders(),
139
+ timeout: 5000,
140
+ }));
141
+ return response.data.data;
142
+ }
143
+ /**
144
+ * 撤销用户所有会话
145
+ */
146
+ async revokeAllSessions(userId) {
147
+ const response = await (0, rxjs_1.firstValueFrom)(this.httpService.post(`${this.ssoInternalUrl}/internal/users/${userId}/sessions/revoke-all`, {}, {
148
+ headers: this.getInternalHeaders(),
149
+ timeout: 5000,
150
+ }));
151
+ return response.data.data;
152
+ }
153
+ // ============================================================================
154
+ // Key Management (JWKS rotation)
155
+ // ============================================================================
156
+ /**
157
+ * 获取密钥状态
158
+ */
159
+ async getKeyStatus() {
160
+ const response = await (0, rxjs_1.firstValueFrom)(this.httpService.get(`${this.ssoInternalUrl}/internal/keys/status`, {
161
+ headers: this.getInternalHeaders(),
162
+ timeout: 5000,
163
+ }));
164
+ return response.data.data;
165
+ }
166
+ /**
167
+ * 轮换密钥
168
+ */
169
+ async rotateKeys() {
170
+ const response = await (0, rxjs_1.firstValueFrom)(this.httpService.post(`${this.ssoInternalUrl}/internal/keys/rotate`, {}, {
171
+ headers: this.getInternalHeaders(),
172
+ timeout: 5000,
173
+ }));
174
+ return response.data.data;
69
175
  }
176
+ /**
177
+ * 清理过期密钥
178
+ */
179
+ async purgeKeys() {
180
+ const response = await (0, rxjs_1.firstValueFrom)(this.httpService.post(`${this.ssoInternalUrl}/internal/keys/purge`, {}, {
181
+ headers: this.getInternalHeaders(),
182
+ timeout: 5000,
183
+ }));
184
+ return response.data.data;
185
+ }
186
+ // ============================================================================
187
+ // JWKS (Public keys for JWT verification)
188
+ // ============================================================================
70
189
  /**
71
190
  * 获取 JWKS 公钥集合
191
+ * 注意:此方法是公开的,不需要认证
72
192
  */
73
193
  async getJwks() {
74
194
  const response = await (0, rxjs_1.firstValueFrom)(this.httpService.get(`${this.ssoBaseUrl}/.well-known/jwks.json`, {
@@ -76,9 +196,6 @@ let SsoAuthClient = class SsoAuthClient {
76
196
  }));
77
197
  return response.data;
78
198
  }
79
- getServiceToken() {
80
- return this.configService.get('INTERNAL_API_SECRET') || '';
81
- }
82
199
  };
83
200
  exports.SsoAuthClient = SsoAuthClient;
84
201
  exports.SsoAuthClient = SsoAuthClient = __decorate([
package/dist/internal/sso/sso-auth.client.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sso-auth.client.js","sourceRoot":"","sources":["../../../../../packages/clients/src/internal/sso/sso-auth.client.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4C;AAC5C,yCAA4C;AAC5C,2CAA+C;AAC/C,+BAAsC;AAG/B,IAAM,aAAa,GAAnB,MAAM,aAAa;IAEL;IACA;IAFnB,YACmB,WAAwB,EACxB,aAA4B;QAD5B,gBAAW,GAAX,WAAW,CAAa;QACxB,kBAAa,GAAb,aAAa,CAAe;IAC5C,CAAC;IAEJ,IAAY,cAAc;QACxB,OAAO,CACL,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,sBAAsB,CAAC;YACtD,2BAA2B,CAC5B,CAAC;IACJ,CAAC;IAED,IAAY,UAAU;QACpB,OAAO,CACL,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,aAAa,CAAC;YAC7C,2BAA2B,CAC5B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,WAAmB;QAKnC,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,IAAI,CACnB,GAAG,IAAI,CAAC,cAAc,wBAAwB,EAC9C,EAAE,KAAK,EAAE,WAAW,EAAE,EACtB;YACE,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,IAAI,CAAC,eAAe,EAAE,EAAE;gBACnD,cAAc,EAAE,kBAAkB;aACnC;YACD,OAAO,EAAE,IAAI;SACd,CACF,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,YAAqB;QACpC,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,IAAI,YAAY;YAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC;QAEnD,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,UAAU,eAAe,EAAE;YACtD,OAAO;YACP,OAAO,EAAE,IAAI;SACd,CAAC,CACH,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,MAAc;QAC1B,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,cAAc,mBAAmB,MAAM,EAAE,EAAE;YACtE,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,IAAI,CAAC,eAAe,EAAE,EAAE;aACpD;YACD,OAAO,EAAE,IAAI;SACd,CAAC,CACH,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,UAAU,wBAAwB,EAAE;YAC/D,OAAO,EAAE,IAAI;SACd,CAAC,CACH,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC;IACvB,CAAC;IAEO,eAAe;QACrB,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,qBAAqB,CAAC,IAAI,EAAE,CAAC;IACrE,CAAC;CACF,CAAA;AA1FY,sCAAa;wBAAb,aAAa;IADzB,IAAA,mBAAU,GAAE;qCAGqB,mBAAW;QACT,sBAAa;GAHpC,aAAa,CA0FzB"}
1
+ {"version":3,"file":"sso-auth.client.js","sourceRoot":"","sources":["../../../../../packages/clients/src/internal/sso/sso-auth.client.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA0D;AAC1D,yCAA4C;AAC5C,2CAA+C;AAC/C,+BAAsC;AAmG/B,IAAM,aAAa,GAAnB,MAAM,aAAa;IAOL;IACA;IAPX,cAAc,CAAU;IACxB,UAAU,CAAU;IACpB,YAAY,CAAU;IACtB,WAAW,CAAU;IAE7B,YACmB,WAAwB,EACxB,aAA4B;QAD5B,gBAAW,GAAX,WAAW,CAAa;QACxB,kBAAa,GAAb,aAAa,CAAe;IAC5C,CAAC;IAEJ,YAAY;QACV,oBAAoB;QACpB,IAAI,CAAC,cAAc;YACjB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,sBAAsB,CAAC,IAAI,EAAE,CAAC;QAC/D,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,aAAa,CAAC,IAAI,EAAE,CAAC;QACtE,IAAI,CAAC,YAAY;YACf,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,qBAAqB,CAAC,IAAI,EAAE,CAAC;QAC9D,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAE5E,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,8FAA8F,CAC/F,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CACb,qFAAqF,CACtF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CACb,uIAAuI,CACxI,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,kBAAkB;QACxB,OAAO;YACL,aAAa,EAAE,UAAU,IAAI,CAAC,YAAY,EAAE;YAC5C,gBAAgB,EAAE,IAAI,CAAC,WAAW;YAClC,cAAc,EAAE,kBAAkB;SACnC,CAAC;IACJ,CAAC;IAED,+EAA+E;IAC/E,qBAAqB;IACrB,+EAA+E;IAE/E;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,WAAmB;QAKnC,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,IAAI,CAGnB,GAAG,IAAI,CAAC,cAAc,wBAAwB,EAC9C,EAAE,KAAK,EAAE,WAAW,EAAE,EACtB;YACE,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAClC,OAAO,EAAE,IAAI;SACd,CACF,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED,+EAA+E;IAC/E,kBAAkB;IAClB,+EAA+E;IAE/E;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,MAAc;QAC1B,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAClB,GAAG,IAAI,CAAC,cAAc,mBAAmB,MAAM,EAAE,EACjD;YACE,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAClC,OAAO,EAAE,IAAI;SACd,CACF,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa,CACjB,OAAiB;QAEjB,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,IAAI,CACnB,GAAG,IAAI,CAAC,cAAc,uBAAuB,EAC7C,EAAE,OAAO,EAAE,EACX;YACE,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAClC,OAAO,EAAE,KAAK,EAAE,eAAe;SAChC,CACF,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED,+EAA+E;IAC/E,oBAAoB;IACpB,+EAA+E;IAE/E;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,QAAgB;QAC9B,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAClB,GAAG,IAAI,CAAC,cAAc,qBAAqB,QAAQ,EAAE,EACrD;YACE,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAClC,OAAO,EAAE,IAAI;SACd,CACF,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED,+EAA+E;IAC/E,qBAAqB;IACrB,+EAA+E;IAE/E;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,YAAqB;QACpC,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,IAAI,YAAY;YAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC;QAEnD,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,UAAU,eAAe,EAAE;YACtD,OAAO;YACP,OAAO,EAAE,IAAI;SACd,CAAC,CACH,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAClB,GAAG,IAAI,CAAC,cAAc,mBAAmB,MAAM,WAAW,EAC1D;YACE,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAClC,OAAO,EAAE,IAAI;SACd,CACF,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,MAAc,EACd,QAAgB;QAEhB,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,IAAI,CACnB,GAAG,IAAI,CAAC,cAAc,mBAAmB,MAAM,aAAa,QAAQ,SAAS,EAC7E,EAAE,EACF;YACE,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAClC,OAAO,EAAE,IAAI;SACd,CACF,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,MAAc;QACpC,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,IAAI,CACnB,GAAG,IAAI,CAAC,cAAc,mBAAmB,MAAM,sBAAsB,EACrE,EAAE,EACF;YACE,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAClC,OAAO,EAAE,IAAI;SACd,CACF,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED,+EAA+E;IAC/E,iCAAiC;IACjC,+EAA+E;IAE/E;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAClB,GAAG,IAAI,CAAC,cAAc,uBAAuB,EAC7C;YACE,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAClC,OAAO,EAAE,IAAI;SACd,CACF,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,IAAI,CACnB,GAAG,IAAI,CAAC,cAAc,uBAAuB,EAC7C,EAAE,EACF;YACE,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAClC,OAAO,EAAE,IAAI;SACd,CACF,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS;QACb,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,IAAI,CACnB,GAAG,IAAI,CAAC,cAAc,sBAAsB,EAC5C,EAAE,EACF;YACE,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAClC,OAAO,EAAE,IAAI;SACd,CACF,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED,+EAA+E;IAC/E,0CAA0C;IAC1C,+EAA+E;IAE/E;;;OAGG;IACH,KAAK,CAAC,OAAO;QACX,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAClB,GAAG,IAAI,CAAC,UAAU,wBAAwB,EAC1C;YACE,OAAO,EAAE,IAAI;SACd,CACF,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC;IACvB,CAAC;CACF,CAAA;AA/RY,sCAAa;wBAAb,aAAa;IADzB,IAAA,mBAAU,GAAE;qCAQqB,mBAAW;QACT,sBAAa;GARpC,aAAa,CA+RzB"}
package/dist/internal/sso/sso-message-proxy.service.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { HttpService } from '@nestjs/axios';
2
- import { ConfigService } from '@nestjs/config';
1
+ import { HttpService } from "@nestjs/axios";
2
+ import { ConfigService } from "@nestjs/config";
3
3
  export declare class SsoMessageProxyService {
4
4
  private readonly httpService;
5
5
  private readonly configService;
package/dist/internal/sso/sso-message-proxy.service.js CHANGED
@@ -22,22 +22,22 @@ let SsoMessageProxyService = class SsoMessageProxyService {
22
22
  this.configService = configService;
23
23
  }
24
24
  get ssoBaseUrl() {
25
- return (this.configService.get('SSO_API_URL') ||
26
- 'http://localhost:3102/api');
25
+ return (this.configService.get("SSO_API_URL") ||
26
+ "http://localhost:3102/api");
27
27
  }
28
28
  async forwardGet(path, params, authHeader) {
29
29
  const headers = {};
30
30
  if (authHeader)
31
- headers['Authorization'] = authHeader;
31
+ headers["Authorization"] = authHeader;
32
32
  const response = await (0, rxjs_1.firstValueFrom)(this.httpService.get(`${this.ssoBaseUrl}${path}`, { headers, params }));
33
33
  return response.data;
34
34
  }
35
35
  async forwardPatch(path, body, authHeader) {
36
36
  const headers = {
37
- 'Content-Type': 'application/json',
37
+ "Content-Type": "application/json",
38
38
  };
39
39
  if (authHeader)
40
- headers['Authorization'] = authHeader;
40
+ headers["Authorization"] = authHeader;
41
41
  const response = await (0, rxjs_1.firstValueFrom)(this.httpService.patch(`${this.ssoBaseUrl}${path}`, body, { headers }));
42
42
  return response.data;
43
43
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dofe/infra-clients",
3
- "version": "0.1.41",
3
+ "version": "0.1.43",
4
4
  "main": "dist/index.js",
5
5
  "types": "dist/index.d.ts",
6
6
  "exports": {
@@ -456,13 +456,13 @@
456
456
  "winston": "^3.13.0",
457
457
  "ws": "^8.18.3",
458
458
  "zod": "^4.3.6",
459
- "@dofe/infra-docker": "^0.1.41",
460
- "@dofe/infra-contracts": "^0.1.41"
459
+ "@dofe/infra-docker": "^0.1.43",
460
+ "@dofe/infra-contracts": "^0.1.43"
461
461
  },
462
462
  "dependencies": {
463
- "@dofe/infra-common": "^0.1.40",
464
- "@dofe/infra-redis": "^0.1.40",
465
- "@dofe/infra-utils": "^0.1.40"
463
+ "@dofe/infra-common": "^0.1.41",
464
+ "@dofe/infra-redis": "^0.1.41",
465
+ "@dofe/infra-utils": "^0.1.41"
466
466
  },
467
467
  "devDependencies": {
468
468
  "rimraf": "^6.1.3",