@globaltracking/auth-middleware 3.0.1 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +2 -0
- package/dist/config.js.map +1 -1
- package/dist/nestjs/guards/permissions.guard.d.ts +3 -0
- package/dist/nestjs/guards/permissions.guard.d.ts.map +1 -1
- package/dist/nestjs/guards/permissions.guard.js +14 -1
- package/dist/nestjs/guards/permissions.guard.js.map +1 -1
- package/dist/strategies/gateway-header.strategy.d.ts.map +1 -1
- package/dist/strategies/gateway-header.strategy.js +1 -0
- package/dist/strategies/gateway-header.strategy.js.map +1 -1
- package/dist/strategies/jwt.strategy.d.ts.map +1 -1
- package/dist/strategies/jwt.strategy.js +1 -0
- package/dist/strategies/jwt.strategy.js.map +1 -1
- package/dist/types.d.ts +19 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAgCzD;;GAEG;AACH,wBAAgB,QAAQ,CAAC,MAAM,GAAE,UAAe,GAAG,IAAI,CAsCtD;AAED,wBAAgB,SAAS,IAAI,kBAAkB,CAE9C;AAED,+CAA+C;AAC/C,wBAAgB,WAAW,IAAI,IAAI,CAElC"}
|
package/dist/config.js
CHANGED
|
@@ -60,6 +60,7 @@ const DEFAULT_CONFIG = {
|
|
|
60
60
|
internalGatewayToken: '',
|
|
61
61
|
trustedHeaderNames: { ...DEFAULT_TRUSTED_HEADERS },
|
|
62
62
|
rbacServiceUrl: '',
|
|
63
|
+
appScope: '',
|
|
63
64
|
permissionResolver: undefined,
|
|
64
65
|
};
|
|
65
66
|
let currentConfig = { ...DEFAULT_CONFIG, trustedHeaderNames: { ...DEFAULT_TRUSTED_HEADERS } };
|
|
@@ -88,6 +89,7 @@ function initAuth(config = {}) {
|
|
|
88
89
|
...config.trustedHeaderNames,
|
|
89
90
|
},
|
|
90
91
|
rbacServiceUrl: config.rbacServiceUrl ?? '',
|
|
92
|
+
appScope: config.appScope ?? DEFAULT_CONFIG.appScope,
|
|
91
93
|
permissionResolver: config.permissionResolver,
|
|
92
94
|
};
|
|
93
95
|
// Resolve public key: explicit config → env vars → empty (gateway-only mode)
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,4BAsCC;AAED,8BAEC;AAGD,kCAEC;AAnFD,uCAAyB;AAGzB,MAAM,uBAAuB,GAAG;IAC9B,MAAM,EAAE,WAAW;IACnB,KAAK,EAAE,UAAU;IACjB,QAAQ,EAAE,aAAa;IACvB,KAAK,EAAE,cAAc;IACrB,aAAa,EAAE,mBAAmB;IAClC,WAAW,EAAE,iBAAiB;IAC9B,SAAS,EAAE,cAAc;IACzB,YAAY,EAAE,iBAAiB;CACvB,CAAC;AAEX,MAAM,cAAc,GAAuB;IACzC,iBAAiB,EAAE,2BAA2B;IAC9C,SAAS,EAAE,qBAAqB;IAChC,SAAS,EAAE,EAAE;IACb,aAAa,EAAE,EAAE;IACjB,UAAU,EAAE,CAAC,gBAAgB,EAAE,KAAK,CAAC;IACrC,kEAAkE;IAClE,kEAAkE;IAClE,2DAA2D;IAC3D,UAAU,EAAE,CAAC,WAAW,CAAC;IACzB,oBAAoB,EAAE,EAAE;IACxB,kBAAkB,EAAE,EAAE,GAAG,uBAAuB,EAAE;IAClD,cAAc,EAAE,EAAE;IAClB,QAAQ,EAAE,EAAE;IACZ,kBAAkB,EAAE,SAAS;CAC9B,CAAC;AAEF,IAAI,aAAa,GAAuB,EAAE,GAAG,cAAc,EAAE,kBAAkB,EAAE,EAAE,GAAG,uBAAuB,EAAE,EAAE,CAAC;AAElH;;GAEG;AACH,SAAgB,QAAQ,CAAC,SAAqB,EAAE;IAC9C,4EAA4E;IAC5E,IAAI,UAAU,GAAG,cAAc,CAAC,UAAU,CAAC;IAC3C,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACtB,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IACjC,CAAC;SAAM,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QACjC,UAAU,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IACvC,CAAC;IAED,aAAa,GAAG;QACd,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,IAAI,cAAc,CAAC,iBAAiB;QAC/E,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,cAAc,CAAC,SAAS;QACvD,SAAS,EAAE,EAAE;QACb,aAAa,EAAE,EAAE;QACjB,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,cAAc,CAAC,UAAU;QAC1D,UAAU;QACV,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,EAAE;QAC7F,kBAAkB,EAAE;YAClB,GAAG,uBAAuB;YAC1B,GAAG,MAAM,CAAC,kBAAkB;SAC7B;QACD,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,EAAE;QAC3C,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,cAAc,CAAC,QAAQ;QACpD,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;KAC9C,CAAC;IAEF,6EAA6E;IAC7E,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,aAAa,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;IAC7C,CAAC;SAAM,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QAChC,aAAa,CAAC,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACzE,aAAa,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;IACrD,CAAC;SAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;QACvC,aAAa,CAAC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IACxD,CAAC;SAAM,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC;QAC5C,aAAa,CAAC,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAC;QACrF,aAAa,CAAC,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACjE,CAAC;AACH,CAAC;AAED,SAAgB,SAAS;IACvB,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,+CAA+C;AAC/C,SAAgB,WAAW;IACzB,aAAa,GAAG,EAAE,GAAG,cAAc,EAAE,kBAAkB,EAAE,EAAE,GAAG,uBAAuB,EAAE,EAAE,CAAC;AAC5F,CAAC"}
|
|
@@ -11,6 +11,9 @@ import { ResolvedAuthConfig } from '../../types';
|
|
|
11
11
|
*
|
|
12
12
|
* Bypass rules:
|
|
13
13
|
* - `user.isSystemAdmin === true` → unconditional bypass (cross-tenant).
|
|
14
|
+
* - When `config.appScope` is set, the user's `app_access` claim must include
|
|
15
|
+
* it (checked AFTER the system-admin bypass, BEFORE the admin-role bypass)
|
|
16
|
+
* — otherwise denied, even for an org_admin. Fail-closed on a missing claim.
|
|
14
17
|
* - Any role in `config.adminRoles` (default `['org_admin']`) → bypass
|
|
15
18
|
* within the user's own tenant (their orgId is JWT-bound, so they
|
|
16
19
|
* can't target another tenant; bypass is implicitly in-tenant only).
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissions.guard.d.ts","sourceRoot":"","sources":["../../../src/nestjs/guards/permissions.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAkD,MAAM,gBAAgB,CAAC;AAC/G,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAY,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAE3D
|
|
1
|
+
{"version":3,"file":"permissions.guard.d.ts","sourceRoot":"","sources":["../../../src/nestjs/guards/permissions.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAkD,MAAM,gBAAgB,CAAC;AAC/G,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAY,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAE3D;;;;;;;;;;;;;;;;GAgBG;AACH,qBACa,kBAAmB,YAAW,WAAW;IAI1B,OAAO,CAAC,QAAQ,CAAC,MAAM;IAC/C,OAAO,CAAC,QAAQ,CAAC,SAAS;IAJ5B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAuC;gBAGnB,MAAM,EAAE,kBAAkB,EAClD,SAAS,EAAE,SAAS;IAGjC,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;YAkFhD,kBAAkB;YAwBlB,cAAc;CA+C7B"}
|
|
@@ -27,6 +27,9 @@ const constants_1 = require("../constants");
|
|
|
27
27
|
*
|
|
28
28
|
* Bypass rules:
|
|
29
29
|
* - `user.isSystemAdmin === true` → unconditional bypass (cross-tenant).
|
|
30
|
+
* - When `config.appScope` is set, the user's `app_access` claim must include
|
|
31
|
+
* it (checked AFTER the system-admin bypass, BEFORE the admin-role bypass)
|
|
32
|
+
* — otherwise denied, even for an org_admin. Fail-closed on a missing claim.
|
|
30
33
|
* - Any role in `config.adminRoles` (default `['org_admin']`) → bypass
|
|
31
34
|
* within the user's own tenant (their orgId is JWT-bound, so they
|
|
32
35
|
* can't target another tenant; bypass is implicitly in-tenant only).
|
|
@@ -54,10 +57,20 @@ let GtPermissionsGuard = GtPermissionsGuard_1 = class GtPermissionsGuard {
|
|
|
54
57
|
if (!user) {
|
|
55
58
|
throw new common_1.ForbiddenException('No user context found');
|
|
56
59
|
}
|
|
57
|
-
// System admin: unconditional bypass (cross-tenant authority).
|
|
60
|
+
// System admin: unconditional bypass (cross-tenant authority, all products).
|
|
58
61
|
if (user.isSystemAdmin) {
|
|
59
62
|
return true;
|
|
60
63
|
}
|
|
64
|
+
// Product (app) entitlement gate. When a service declares an `appScope`
|
|
65
|
+
// (e.g. 'genset'), the token's `app_access` claim must include it. Checked
|
|
66
|
+
// AFTER the system-admin bypass (platform staff span every product) but
|
|
67
|
+
// BEFORE the org_admin bypass — so a fleet org_admin not entitled to a
|
|
68
|
+
// separate product is denied here rather than waved through. Fail-closed:
|
|
69
|
+
// a missing/empty claim → denied.
|
|
70
|
+
if (this.config.appScope &&
|
|
71
|
+
!(user.appAccess ?? []).includes(this.config.appScope)) {
|
|
72
|
+
throw new common_1.ForbiddenException('Your account is not entitled to this application');
|
|
73
|
+
}
|
|
61
74
|
// RBAC admin roles: in-tenant bypass.
|
|
62
75
|
if (user.roles.some((r) => this.config.adminRoles.includes(r))) {
|
|
63
76
|
return true;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissions.guard.js","sourceRoot":"","sources":["../../../src/nestjs/guards/permissions.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAA+G;AAC/G,uCAAyC;AACzC,4CAA8E;AAG9E
|
|
1
|
+
{"version":3,"file":"permissions.guard.js","sourceRoot":"","sources":["../../../src/nestjs/guards/permissions.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAA+G;AAC/G,uCAAyC;AACzC,4CAA8E;AAG9E;;;;;;;;;;;;;;;;GAgBG;AAEI,IAAM,kBAAkB,0BAAxB,MAAM,kBAAkB;IAG7B,YAC0B,MAA2C,EAClD,SAAoB;QADI,WAAM,GAAN,MAAM,CAAoB;QAClD,cAAS,GAAT,SAAS,CAAW;QAJtB,WAAM,GAAG,IAAI,eAAM,CAAC,oBAAkB,CAAC,IAAI,CAAC,CAAC;IAK3D,CAAC;IAEJ,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAU,yBAAa,EAAE;YACxE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QAEH,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,mBAAmB,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAC1D,2BAAe,EACf,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAC3C,CAAC;QAEF,IAAI,CAAC,mBAAmB,IAAI,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,IAAI,GAAa,OAAO,CAAC,IAAI,CAAC;QAEpC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,2BAAkB,CAAC,uBAAuB,CAAC,CAAC;QACxD,CAAC;QAED,6EAA6E;QAC7E,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,wEAAwE;QACxE,2EAA2E;QAC3E,wEAAwE;QACxE,uEAAuE;QACvE,0EAA0E;QAC1E,kCAAkC;QAClC,IACE,IAAI,CAAC,MAAM,CAAC,QAAQ;YACpB,CAAC,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EACtD,CAAC;YACD,MAAM,IAAI,2BAAkB,CAC1B,kDAAkD,CACnD,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,0CAA0C;QAC1C,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC5C,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,2BAAkB,CAC1B,kEAAkE,CACnE,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,+EAA+E;QAC/E,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;QAC5D,CAAC;QAED,oCAAoC;QACpC,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;QACxD,CAAC;QAED,iDAAiD;QACjD,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,0EAA0E,IAAI,CAAC,MAAM,GAAG,CACzF,CAAC;QACF,MAAM,IAAI,2BAAkB,CAC1B,kEAAkE,CACnE,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,IAAc,EACd,mBAA6B;QAE7B,KAAK,MAAM,IAAI,IAAI,mBAAmB,EAAE,CAAC;YACvC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC3C,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM;gBAAE,SAAS;YAEnC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,kBAAmB,CACzD,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,MAAM,EACX,QAAQ,EACR,MAAM,CACP,CAAC;YAEF,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,MAAM,IAAI,2BAAkB,CAC1B,kEAAkE,CACnE,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,KAAK,CAAC,cAAc,CAC1B,IAAc,EACd,mBAA6B;QAE7B,KAAK,MAAM,IAAI,IAAI,mBAAmB,EAAE,CAAC;YACvC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC3C,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM;gBAAE,SAAS;YAEnC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,mBAAmB,CAAC;YAC7D,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;oBAChC,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE;wBACP,cAAc,EAAE,kBAAkB;wBAClC,WAAW,EAAE,IAAI,CAAC,MAAM;wBACxB,UAAU,EAAE,IAAI,CAAC,KAAK;wBACtB,aAAa,EAAE,IAAI,CAAC,IAAI;wBACxB,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;wBACpC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,oBAAoB;4BAClC,CAAC,CAAC,EAAE,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,oBAAoB,EAAE;4BACzD,CAAC,CAAC,EAAE,CAAC;qBACR;oBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;iBAC3C,CAAC,CAAC;gBAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,MAAM,IAAI,2BAAkB,CAC1B,kEAAkE,CACnE,CAAC;gBACJ,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA2B,CAAC;gBAC5D,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;oBAClB,MAAM,IAAI,2BAAkB,CAC1B,kEAAkE,CACnE,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,GAAG,YAAY,2BAAkB;oBAAE,MAAM,GAAG,CAAC;gBACjD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,6BAA6B,GAAG,EAAE,EAAG,GAAa,CAAC,KAAK,CAAC,CAAC;gBAC5E,MAAM,IAAI,2BAAkB,CAC1B,oDAAoD,CACrD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AAjKY,gDAAkB;6BAAlB,kBAAkB;IAD9B,IAAA,mBAAU,GAAE;IAKR,WAAA,IAAA,eAAM,EAAC,0BAAc,CAAC,CAAA;6CACK,gBAAS;GAL5B,kBAAkB,CAiK9B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway-header.strategy.d.ts","sourceRoot":"","sources":["../../src/strategies/gateway-header.strategy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,QAAQ,EAAc,MAAM,UAAU,CAAC;AAEhD,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAE9D;;;GAGG;AACH,qBAAa,qBAAsB,YAAW,sBAAsB;IAClE,QAAQ,CAAC,IAAI,oBAAoB;IAEjC,SAAS,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO;IAKhC,OAAO,CAAC,GAAG,EAAE,OAAO,GAAG,QAAQ;
|
|
1
|
+
{"version":3,"file":"gateway-header.strategy.d.ts","sourceRoot":"","sources":["../../src/strategies/gateway-header.strategy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,QAAQ,EAAc,MAAM,UAAU,CAAC;AAEhD,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAE9D;;;GAGG;AACH,qBAAa,qBAAsB,YAAW,sBAAsB;IAClE,QAAQ,CAAC,IAAI,oBAAoB;IAEjC,SAAS,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO;IAKhC,OAAO,CAAC,GAAG,EAAE,OAAO,GAAG,QAAQ;CA0ChC"}
|
|
@@ -49,6 +49,7 @@ class GatewayHeaderStrategy {
|
|
|
49
49
|
orgId: payload.org_id || '',
|
|
50
50
|
tenantId: payload.tenant_id || payload.org_id || '',
|
|
51
51
|
permissions: Array.isArray(payload.permissions) ? payload.permissions : [],
|
|
52
|
+
appAccess: Array.isArray(payload.app_access) ? payload.app_access : [],
|
|
52
53
|
requestId: req.headers['x-request-id'] || '',
|
|
53
54
|
authSource: 'gateway-header',
|
|
54
55
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway-header.strategy.js","sourceRoot":"","sources":["../../src/strategies/gateway-header.strategy.ts"],"names":[],"mappings":";;;AACA,sCAAsC;AAEtC,sCAA8C;AAG9C;;;GAGG;AACH,MAAa,qBAAqB;IAAlC;QACW,SAAI,GAAG,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"gateway-header.strategy.js","sourceRoot":"","sources":["../../src/strategies/gateway-header.strategy.ts"],"names":[],"mappings":";;;AACA,sCAAsC;AAEtC,sCAA8C;AAG9C;;;GAGG;AACH,MAAa,qBAAqB;IAAlC;QACW,SAAI,GAAG,gBAAgB,CAAC;IAiDnC,CAAC;IA/CC,SAAS,CAAC,GAAY;QACpB,MAAM,MAAM,GAAG,IAAA,kBAAS,GAAE,CAAC;QAC3B,OAAO,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,CAAC,GAAY;QAClB,MAAM,MAAM,GAAG,IAAA,kBAAS,GAAE,CAAC;QAC3B,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAW,CAAC;QAEpE,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjE,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,0BAAiB,CAAC,iCAAiC,CAAC,CAAC;QACjE,CAAC;QAED,IAAI,OAAmB,CAAC;QACxB,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,0BAAiB,CAAC,6BAA6B,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACjB,MAAM,IAAI,0BAAiB,CAAC,mCAAmC,CAAC,CAAC;QACnE,CAAC;QAED,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC;YACxC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;YACjE,CAAC,CAAC,OAAO,CAAC,IAAI;gBACZ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;gBAChB,CAAC,CAAC,EAAE,CAAC;QAET,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;YAC1B,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,IAAI,EAAE;YACpC,KAAK;YACL,aAAa,EAAE,OAAO,CAAC,eAAe,KAAK,IAAI;YAC/C,KAAK,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;YAC3B,QAAQ,EAAE,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,MAAM,IAAI,EAAE;YACnD,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE;YAC1E,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;YACtE,SAAS,EAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAY,IAAI,EAAE;YACxD,UAAU,EAAE,gBAAgB;SAC7B,CAAC;IACJ,CAAC;CACF;AAlDD,sDAkDC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.strategy.d.ts","sourceRoot":"","sources":["../../src/strategies/jwt.strategy.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,QAAQ,EAAc,MAAM,UAAU,CAAC;AAEhD,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAE9D;;;GAGG;AACH,qBAAa,WAAY,YAAW,sBAAsB;IACxD,QAAQ,CAAC,IAAI,SAAS;IAEtB,SAAS,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO;IAIhC,OAAO,CAAC,GAAG,EAAE,OAAO,GAAG,QAAQ;
|
|
1
|
+
{"version":3,"file":"jwt.strategy.d.ts","sourceRoot":"","sources":["../../src/strategies/jwt.strategy.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,QAAQ,EAAc,MAAM,UAAU,CAAC;AAEhD,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAE9D;;;GAGG;AACH,qBAAa,WAAY,YAAW,sBAAsB;IACxD,QAAQ,CAAC,IAAI,SAAS;IAEtB,SAAS,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO;IAIhC,OAAO,CAAC,GAAG,EAAE,OAAO,GAAG,QAAQ;CAuDhC"}
|
|
@@ -92,6 +92,7 @@ class JwtStrategy {
|
|
|
92
92
|
orgId: decoded.org_id || '',
|
|
93
93
|
tenantId: decoded.tenant_id || decoded.org_id || '',
|
|
94
94
|
permissions: Array.isArray(decoded.permissions) ? decoded.permissions : [],
|
|
95
|
+
appAccess: Array.isArray(decoded.app_access) ? decoded.app_access : [],
|
|
95
96
|
requestId: req.headers['x-request-id'] || '',
|
|
96
97
|
authSource: 'jwt',
|
|
97
98
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.strategy.js","sourceRoot":"","sources":["../../src/strategies/jwt.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,kDAAoC;AAEpC,sCAAsC;AAEtC,sCAA8C;AAG9C;;;GAGG;AACH,MAAa,WAAW;IAAxB;QACW,SAAI,GAAG,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"jwt.strategy.js","sourceRoot":"","sources":["../../src/strategies/jwt.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,kDAAoC;AAEpC,sCAAsC;AAEtC,sCAA8C;AAG9C;;;GAGG;AACH,MAAa,WAAW;IAAxB;QACW,SAAI,GAAG,KAAK,CAAC;IA6DxB,CAAC;IA3DC,SAAS,CAAC,GAAY;QACpB,OAAO,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IACrC,CAAC;IAED,OAAO,CAAC,GAAY;QAClB,MAAM,MAAM,GAAG,IAAA,kBAAS,GAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAc,CAAC;QAE9C,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,0BAAiB,CAAC,iEAAiE,CAAC,CAAC;QACjG,CAAC;QAED,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEvB,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YACtB,MAAM,IAAI,0BAAiB,CAAC,2DAA2D,CAAC,CAAC;QAC3F,CAAC;QAED,IAAI,OAAmB,CAAC;QACxB,IAAI,CAAC;YACH,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,SAAS,EAAE;gBAC5C,UAAU,EAAE,CAAC,OAAO,CAAC;gBACrB,MAAM,EAAE,MAAM,CAAC,SAAS,IAAI,SAAS;aACtC,CAAe,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;gBACzC,MAAM,IAAI,0BAAiB,CAAC,mBAAmB,CAAC,CAAC;YACnD,CAAC;YACD,IAAI,GAAG,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;gBACzC,MAAM,IAAI,0BAAiB,CAAC,kBAAkB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/D,CAAC;YACD,MAAM,IAAI,0BAAiB,CAAC,2BAA2B,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACjB,MAAM,IAAI,0BAAiB,CAAC,mCAAmC,CAAC,CAAC;QACnE,CAAC;QAED,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC;YACxC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;YACjE,CAAC,CAAC,OAAO,CAAC,IAAI;gBACZ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;gBAChB,CAAC,CAAC,EAAE,CAAC;QAET,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;YAC1B,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,IAAI,EAAE;YACpC,KAAK;YACL,aAAa,EAAE,OAAO,CAAC,eAAe,KAAK,IAAI;YAC/C,KAAK,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;YAC3B,QAAQ,EAAE,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,MAAM,IAAI,EAAE;YACnD,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE;YAC1E,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;YACtE,SAAS,EAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAY,IAAI,EAAE;YACxD,UAAU,EAAE,KAAK;SAClB,CAAC;IACJ,CAAC;CACF;AA9DD,kCA8DC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -32,6 +32,14 @@ export interface AuthUser {
|
|
|
32
32
|
targetOrgId: string;
|
|
33
33
|
};
|
|
34
34
|
permissions: string[];
|
|
35
|
+
/**
|
|
36
|
+
* Product entitlements the user holds (e.g. ['fleet'], ['genset'], or both),
|
|
37
|
+
* from the `app_access` JWT claim. The appScope gate uses this to decide
|
|
38
|
+
* whether the user may use the product a given service serves. Absent in
|
|
39
|
+
* trusted-header mode / on legacy tokens → treated as no entitlement
|
|
40
|
+
* (fail-closed) when a service sets `appScope`.
|
|
41
|
+
*/
|
|
42
|
+
appAccess?: string[];
|
|
35
43
|
requestId: string;
|
|
36
44
|
authSource: AuthStrategy;
|
|
37
45
|
}
|
|
@@ -77,6 +85,14 @@ export interface AuthConfig {
|
|
|
77
85
|
rbacServiceUrl?: string;
|
|
78
86
|
/** Custom permission resolver function (used by RBAC service itself) */
|
|
79
87
|
permissionResolver?: (orgId: string, userId: string, resource: string, action: string) => Promise<boolean>;
|
|
88
|
+
/**
|
|
89
|
+
* Product/app this service serves (e.g. 'genset' or 'fleet'). When set, the
|
|
90
|
+
* permissions guard denies any request whose token's `app_access` claim does
|
|
91
|
+
* NOT include this value — checked AFTER the system-admin bypass but BEFORE
|
|
92
|
+
* the org_admin bypass, so platform staff span all products while a fleet
|
|
93
|
+
* org_admin cannot reach a separately-entitled product. Default '' = no gate.
|
|
94
|
+
*/
|
|
95
|
+
appScope?: string;
|
|
80
96
|
}
|
|
81
97
|
export interface JwtPayload {
|
|
82
98
|
sub: string;
|
|
@@ -93,6 +109,8 @@ export interface JwtPayload {
|
|
|
93
109
|
tenant_id: string;
|
|
94
110
|
org_id: string;
|
|
95
111
|
permissions: string[];
|
|
112
|
+
/** Product entitlements (['fleet'|'genset'...]); gates which app the user may use. */
|
|
113
|
+
app_access?: string[];
|
|
96
114
|
iss?: string;
|
|
97
115
|
exp?: number;
|
|
98
116
|
iat?: number;
|
|
@@ -108,6 +126,7 @@ export interface ResolvedAuthConfig {
|
|
|
108
126
|
internalGatewayToken: string;
|
|
109
127
|
trustedHeaderNames: Required<TrustedHeaderNames>;
|
|
110
128
|
rbacServiceUrl: string;
|
|
129
|
+
appScope: string;
|
|
111
130
|
permissionResolver?: (orgId: string, userId: string, resource: string, action: string) => Promise<boolean>;
|
|
112
131
|
}
|
|
113
132
|
declare global {
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG,gBAAgB,GAAG,iBAAiB,GAAG,KAAK,CAAC;AAExE,MAAM,MAAM,QAAQ,GAAG,cAAc,GAAG,WAAW,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAE7E,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,IAAI,EAAE,QAAQ,CAAC;IACf,4DAA4D;IAC5D,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB;;;;;OAKG;IACH,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB;;;;;OAKG;IACH,WAAW,CAAC,EAAE;QACZ,6DAA6D;QAC7D,SAAS,EAAE,MAAM,CAAC;QAClB,wDAAwD;QACxD,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,YAAY,CAAC;CAC1B;AAED,wEAAwE;AACxE,MAAM,MAAM,WAAW,GAAG,QAAQ,CAAC;AAEnC,MAAM,WAAW,kBAAkB;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,sFAAsF;IACtF,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,oFAAoF;IACpF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+DAA+D;IAC/D,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,oEAAoE;IACpE,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,4EAA4E;IAC5E,UAAU,CAAC,EAAE,YAAY,EAAE,CAAC;IAC5B;;;;;;;OAOG;IACH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,sFAAsF;IACtF,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gDAAgD;IAChD,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,gEAAgE;IAChE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,wEAAwE;IACxE,kBAAkB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG,gBAAgB,GAAG,iBAAiB,GAAG,KAAK,CAAC;AAExE,MAAM,MAAM,QAAQ,GAAG,cAAc,GAAG,WAAW,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAE7E,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,IAAI,EAAE,QAAQ,CAAC;IACf,4DAA4D;IAC5D,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB;;;;;OAKG;IACH,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB;;;;;OAKG;IACH,WAAW,CAAC,EAAE;QACZ,6DAA6D;QAC7D,SAAS,EAAE,MAAM,CAAC;QAClB,wDAAwD;QACxD,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,YAAY,CAAC;CAC1B;AAED,wEAAwE;AACxE,MAAM,MAAM,WAAW,GAAG,QAAQ,CAAC;AAEnC,MAAM,WAAW,kBAAkB;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,sFAAsF;IACtF,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,oFAAoF;IACpF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+DAA+D;IAC/D,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,oEAAoE;IACpE,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,4EAA4E;IAC5E,UAAU,CAAC,EAAE,YAAY,EAAE,CAAC;IAC5B;;;;;;;OAOG;IACH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,sFAAsF;IACtF,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gDAAgD;IAChD,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,gEAAgE;IAChE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,wEAAwE;IACxE,kBAAkB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC3G;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,kFAAkF;IAClF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sEAAsE;IACtE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB;;;OAGG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,sFAAsF;IACtF,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,gDAAgD;AAChD,MAAM,WAAW,kBAAkB;IACjC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,YAAY,EAAE,CAAC;IAC3B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IACjD,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,kBAAkB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAC5G;AAGD,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,OAAO;YACf,IAAI,CAAC,EAAE,QAAQ,CAAC;YAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACnB;KACF;CACF"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@globaltracking/auth-middleware",
|
|
3
|
-
"version": "3.0
|
|
3
|
+
"version": "3.1.0",
|
|
4
4
|
"description": "Unified authentication and authorization middleware for the Global Tracking platform (Express + NestJS)",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|