@hazeljs/auth 0.2.0-alpha.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +192 -0
- package/README.md +499 -0
- package/dist/auth.guard.d.ts +15 -0
- package/dist/auth.guard.d.ts.map +1 -0
- package/dist/auth.guard.js +96 -0
- package/dist/auth.service.d.ts +13 -0
- package/dist/auth.service.d.ts.map +1 -0
- package/dist/auth.service.js +38 -0
- package/dist/auth.test.d.ts +2 -0
- package/dist/auth.test.d.ts.map +1 -0
- package/dist/auth.test.js +682 -0
- package/dist/decorators/current-user.decorator.d.ts +26 -0
- package/dist/decorators/current-user.decorator.d.ts.map +1 -0
- package/dist/decorators/current-user.decorator.js +39 -0
- package/dist/guards/jwt-auth.guard.d.ts +24 -0
- package/dist/guards/jwt-auth.guard.d.ts.map +1 -0
- package/dist/guards/jwt-auth.guard.js +61 -0
- package/dist/guards/role.guard.d.ts +36 -0
- package/dist/guards/role.guard.d.ts.map +1 -0
- package/dist/guards/role.guard.js +66 -0
- package/dist/guards/tenant.guard.d.ts +54 -0
- package/dist/guards/tenant.guard.d.ts.map +1 -0
- package/dist/guards/tenant.guard.js +96 -0
- package/dist/index.d.ts +18 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +28 -0
- package/dist/jwt/jwt.module.d.ts +5 -0
- package/dist/jwt/jwt.module.d.ts.map +1 -0
- package/dist/jwt/jwt.module.js +27 -0
- package/dist/jwt/jwt.service.d.ts +25 -0
- package/dist/jwt/jwt.service.d.ts.map +1 -0
- package/dist/jwt/jwt.service.js +61 -0
- package/dist/tenant/tenant-context.d.ts +81 -0
- package/dist/tenant/tenant-context.d.ts.map +1 -0
- package/dist/tenant/tenant-context.js +108 -0
- package/dist/utils/role-hierarchy.d.ts +42 -0
- package/dist/utils/role-hierarchy.d.ts.map +1 -0
- package/dist/utils/role-hierarchy.js +57 -0
- package/package.json +55 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.guard.d.ts","sourceRoot":"","sources":["../src/auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAK/C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE7C,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,CAAC,OAAO,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACpF;AAMD,qBACa,SAAU,YAAW,UAAU;IAC9B,OAAO,CAAC,WAAW;gBAAX,WAAW,EAAE,WAAW;IAEtC,WAAW,CAAC,OAAO,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CA4CzF;AAGD,wBAAgB,IAAI,CAAC,OAAO,CAAC,EAAE,gBAAgB,IAE3C,QAAQ,OAAO,EACf,aAAa,MAAM,EACnB,YAAY,kBAAkB,KAC7B,kBAAkB,CA2BtB"}
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.AuthGuard = void 0;
|
|
16
|
+
exports.Auth = Auth;
|
|
17
|
+
const core_1 = require("@hazeljs/core");
|
|
18
|
+
const core_2 = __importDefault(require("@hazeljs/core"));
|
|
19
|
+
const core_3 = require("@hazeljs/core");
|
|
20
|
+
const auth_service_1 = require("./auth.service");
|
|
21
|
+
let AuthGuard = class AuthGuard {
|
|
22
|
+
constructor(authService) {
|
|
23
|
+
this.authService = authService;
|
|
24
|
+
}
|
|
25
|
+
async canActivate(context, options) {
|
|
26
|
+
const authHeader = context.headers['authorization'];
|
|
27
|
+
if (!authHeader) {
|
|
28
|
+
const error = new Error('No authorization header');
|
|
29
|
+
error.status = 400;
|
|
30
|
+
throw error;
|
|
31
|
+
}
|
|
32
|
+
const token = authHeader.split(' ')[1];
|
|
33
|
+
if (!token) {
|
|
34
|
+
const error = new Error('Invalid authorization header format');
|
|
35
|
+
error.status = 400;
|
|
36
|
+
throw error;
|
|
37
|
+
}
|
|
38
|
+
try {
|
|
39
|
+
const user = await this.authService.verifyToken(token);
|
|
40
|
+
if (!user) {
|
|
41
|
+
const error = new Error('Invalid token');
|
|
42
|
+
error.status = 401;
|
|
43
|
+
throw error;
|
|
44
|
+
}
|
|
45
|
+
// Check roles if specified
|
|
46
|
+
if (options?.roles && !options.roles.includes(user.role)) {
|
|
47
|
+
const error = new Error('Insufficient permissions');
|
|
48
|
+
error.status = 403;
|
|
49
|
+
throw error;
|
|
50
|
+
}
|
|
51
|
+
// Attach user to context
|
|
52
|
+
context.user = user;
|
|
53
|
+
return true;
|
|
54
|
+
}
|
|
55
|
+
catch (error) {
|
|
56
|
+
const authError = error;
|
|
57
|
+
core_2.default.error(`[${context.method}] ${context.url} - ${authError.message} (status: ${authError.status || 500})`);
|
|
58
|
+
if (process.env.NODE_ENV === 'development' && authError.stack) {
|
|
59
|
+
core_2.default.debug(authError.stack);
|
|
60
|
+
}
|
|
61
|
+
throw authError;
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
};
|
|
65
|
+
exports.AuthGuard = AuthGuard;
|
|
66
|
+
exports.AuthGuard = AuthGuard = __decorate([
|
|
67
|
+
(0, core_1.Injectable)(),
|
|
68
|
+
__metadata("design:paramtypes", [auth_service_1.AuthService])
|
|
69
|
+
], AuthGuard);
|
|
70
|
+
// Decorator factory for protecting routes
|
|
71
|
+
function Auth(options) {
|
|
72
|
+
return function (target, propertyKey, descriptor) {
|
|
73
|
+
const originalMethod = descriptor.value;
|
|
74
|
+
descriptor.value = async function (context) {
|
|
75
|
+
try {
|
|
76
|
+
// Get the auth guard instance from the container
|
|
77
|
+
const container = core_3.Container.getInstance();
|
|
78
|
+
const guard = container.resolve(AuthGuard);
|
|
79
|
+
if (!guard) {
|
|
80
|
+
throw new Error('AuthGuard not found. Make sure to provide an AuthGuard implementation.');
|
|
81
|
+
}
|
|
82
|
+
await guard.canActivate(context, options);
|
|
83
|
+
return originalMethod.call(this, context);
|
|
84
|
+
}
|
|
85
|
+
catch (error) {
|
|
86
|
+
const authError = error;
|
|
87
|
+
core_2.default.error(`[${context.method}] ${context.url} - ${authError.message} (status: ${authError.status || 500})`);
|
|
88
|
+
if (process.env.NODE_ENV === 'development' && authError.stack) {
|
|
89
|
+
core_2.default.debug(authError.stack);
|
|
90
|
+
}
|
|
91
|
+
throw authError;
|
|
92
|
+
}
|
|
93
|
+
};
|
|
94
|
+
return descriptor;
|
|
95
|
+
};
|
|
96
|
+
}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { JwtService } from './jwt/jwt.service';
|
|
2
|
+
export interface AuthUser {
|
|
3
|
+
id: string;
|
|
4
|
+
username?: string;
|
|
5
|
+
role: string;
|
|
6
|
+
[key: string]: unknown;
|
|
7
|
+
}
|
|
8
|
+
export declare class AuthService {
|
|
9
|
+
private readonly jwtService;
|
|
10
|
+
constructor(jwtService: JwtService);
|
|
11
|
+
verifyToken(token: string): Promise<AuthUser | null>;
|
|
12
|
+
}
|
|
13
|
+
//# sourceMappingURL=auth.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../src/auth.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAc,MAAM,mBAAmB,CAAC;AAE3D,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,qBACa,WAAW;IACV,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAAV,UAAU,EAAE,UAAU;IAE7C,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;CAa3D"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.AuthService = void 0;
|
|
13
|
+
const core_1 = require("@hazeljs/core");
|
|
14
|
+
const jwt_service_1 = require("./jwt/jwt.service");
|
|
15
|
+
let AuthService = class AuthService {
|
|
16
|
+
constructor(jwtService) {
|
|
17
|
+
this.jwtService = jwtService;
|
|
18
|
+
}
|
|
19
|
+
async verifyToken(token) {
|
|
20
|
+
try {
|
|
21
|
+
const payload = this.jwtService.verify(token);
|
|
22
|
+
return {
|
|
23
|
+
id: payload.sub,
|
|
24
|
+
username: payload.username || payload.email,
|
|
25
|
+
role: payload.role || 'user',
|
|
26
|
+
...payload,
|
|
27
|
+
};
|
|
28
|
+
}
|
|
29
|
+
catch {
|
|
30
|
+
return null;
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
};
|
|
34
|
+
exports.AuthService = AuthService;
|
|
35
|
+
exports.AuthService = AuthService = __decorate([
|
|
36
|
+
(0, core_1.Service)(),
|
|
37
|
+
__metadata("design:paramtypes", [jwt_service_1.JwtService])
|
|
38
|
+
], AuthService);
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.test.d.ts","sourceRoot":"","sources":["../src/auth.test.ts"],"names":[],"mappings":""}
|