@globaltracking/auth-middleware 2.0.0

package/dist/utils/jwt.js

@@ -0,0 +1,104 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyToken = verifyToken;
+exports.decodeGatewayHeader = decodeGatewayHeader;
+const jwt = __importStar(require("jsonwebtoken"));
+const config_1 = require("../config");
+const errors_1 = require("../errors");
+/**
+ * Verify a JWT token using the configured RS256 public key.
+ * @deprecated Use JwtStrategy directly via extractUser(). Kept for backward compat.
+ */
+function verifyToken(token) {
+    const config = (0, config_1.getConfig)();
+    if (!config.publicKey) {
+        throw new errors_1.UnauthorizedError('JWT verification not configured — no public key available');
+    }
+    let decoded;
+    try {
+        decoded = jwt.verify(token, config.publicKey, {
+            algorithms: ['RS256'],
+            issuer: config.jwtIssuer || undefined,
+        });
+    }
+    catch (err) {
+        if (err instanceof jwt.TokenExpiredError) {
+            throw new errors_1.UnauthorizedError('Token has expired');
+        }
+        if (err instanceof jwt.JsonWebTokenError) {
+            throw new errors_1.UnauthorizedError(`Invalid token: ${err.message}`);
+        }
+        throw new errors_1.UnauthorizedError('Token verification failed');
+    }
+    return mapPayloadToUser(decoded, 'jwt');
+}
+/**
+ * Decode a base64-encoded JSON gateway header into AuthUser.
+ * @deprecated Use GatewayHeaderStrategy directly via extractUser(). Kept for backward compat.
+ */
+function decodeGatewayHeader(base64Value) {
+    let decoded;
+    try {
+        decoded = Buffer.from(base64Value, 'base64').toString('utf-8');
+    }
+    catch {
+        throw new errors_1.UnauthorizedError('Invalid gateway header encoding');
+    }
+    let payload;
+    try {
+        payload = JSON.parse(decoded);
+    }
+    catch {
+        throw new errors_1.UnauthorizedError('Invalid gateway header JSON');
+    }
+    return mapPayloadToUser(payload, 'gateway-header');
+}
+function mapPayloadToUser(payload, authSource) {
+    if (!payload.sub) {
+        throw new errors_1.UnauthorizedError('Token missing required claim: sub');
+    }
+    return {
+        userId: payload.sub,
+        email: payload.email || '',
+        role: payload.role || '',
+        tenantId: payload.tenant_id || payload.org_id || '',
+        orgId: payload.org_id || '',
+        permissions: Array.isArray(payload.permissions) ? payload.permissions : [],
+        requestId: '',
+        authSource,
+    };
+}
+//# sourceMappingURL=jwt.js.map

package/dist/utils/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../src/utils/jwt.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASA,kCA2BC;AAMD,kDAkBC;AA5DD,kDAAoC;AACpC,sCAAsC;AAEtC,sCAA8C;AAE9C;;;GAGG;AACH,SAAgB,WAAW,CAAC,KAAa;IACvC,MAAM,MAAM,GAAG,IAAA,kBAAS,GAAE,CAAC;IAE3B,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACtB,MAAM,IAAI,0BAAiB,CACzB,2DAA2D,CAC5D,CAAC;IACJ,CAAC;IAED,IAAI,OAAmB,CAAC;IAExB,IAAI,CAAC;QACH,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,SAAS,EAAE;YAC5C,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,MAAM,EAAE,MAAM,CAAC,SAAS,IAAI,SAAS;SACtC,CAAe,CAAC;IACnB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;YACzC,MAAM,IAAI,0BAAiB,CAAC,mBAAmB,CAAC,CAAC;QACnD,CAAC;QACD,IAAI,GAAG,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;YACzC,MAAM,IAAI,0BAAiB,CAAC,kBAAkB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,IAAI,0BAAiB,CAAC,2BAA2B,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,gBAAgB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;AAC1C,CAAC;AAED;;;GAGG;AACH,SAAgB,mBAAmB,CAAC,WAAmB;IACrD,IAAI,OAAe,CAAC;IAEpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,0BAAiB,CAAC,iCAAiC,CAAC,CAAC;IACjE,CAAC;IAED,IAAI,OAAmB,CAAC;IAExB,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,0BAAiB,CAAC,6BAA6B,CAAC,CAAC;IAC7D,CAAC;IAED,OAAO,gBAAgB,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAmB,EAAE,UAAoC;IACjF,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,MAAM,IAAI,0BAAiB,CAAC,mCAAmC,CAAC,CAAC;IACnE,CAAC;IAED,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,GAAG;QACnB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;QAC1B,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,EAAE;QACxB,QAAQ,EAAE,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,MAAM,IAAI,EAAE;QACnD,KAAK,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;QAC3B,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE;QAC1E,SAAS,EAAE,EAAE;QACb,UAAU;KACX,CAAC;AACJ,CAAC"}

package/package.json

@@ -0,0 +1,82 @@
+{
+  "name": "@globaltracking/auth-middleware",
+  "version": "2.0.0",
+  "description": "Unified authentication and authorization middleware for the Global Tracking platform (Express + NestJS)",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    },
+    "./nestjs": {
+      "types": "./dist/nestjs.d.ts",
+      "default": "./dist/nestjs.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "clean": "rm -rf dist",
+    "prebuild": "npm run clean",
+    "test": "jest --coverage",
+    "test:watch": "jest --watch",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "globaltracking",
+    "auth",
+    "middleware",
+    "express",
+    "nestjs",
+    "rbac",
+    "multi-tenant",
+    "jwt",
+    "rls"
+  ],
+  "author": "GeoSentry",
+  "license": "UNLICENSED",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/TrackCongoInfra/gt-auth-middleware.git"
+  },
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org",
+    "access": "public"
+  },
+  "peerDependencies": {
+    "express": "^4.18.0",
+    "@nestjs/common": "^11.0.0",
+    "@nestjs/core": "^11.0.0",
+    "typeorm": "^0.3.0",
+    "rxjs": "^7.0.0"
+  },
+  "peerDependenciesMeta": {
+    "@nestjs/common": { "optional": true },
+    "@nestjs/core": { "optional": true },
+    "typeorm": { "optional": true },
+    "rxjs": { "optional": true }
+  },
+  "dependencies": {
+    "jsonwebtoken": "^9.0.2"
+  },
+  "devDependencies": {
+    "@nestjs/common": "^11.1.18",
+    "@nestjs/core": "^11.1.18",
+    "@nestjs/testing": "^11.1.18",
+    "@types/express": "^4.17.21",
+    "@types/jest": "^29.5.14",
+    "@types/jsonwebtoken": "^9.0.9",
+    "@types/node": "^22.0.0",
+    "express": "^4.21.0",
+    "jest": "^29.7.0",
+    "reflect-metadata": "^0.2.2",
+    "rxjs": "^7.8.2",
+    "ts-jest": "^29.2.5",
+    "ts-node": "^10.9.2",
+    "typeorm": "^0.3.28",
+    "typescript": "^5.7.3"
+  }
+}