@internetderdinge/api 1.229.0 → 1.229.2

package/dist/src/accounts/accounts.controller.js

@@ -0,0 +1,89 @@
+import httpStatus from "http-status";
+import deviceNotifications from "../devicesNotifications/devicesNotifications.service";
+import ApiError from "../utils/ApiError.js";
+import catchAsync from "../utils/catchAsync.js";
+import * as accountsService from "./accounts.service.js";
+const getAccountById = catchAsync(async (req, res) => {
+    const account = await accountsService.getAccountById(req.auth.sub);
+    const entryDeviceNotifications = await deviceNotifications.getByUser(req.auth.sub);
+    if (!account) {
+        throw new ApiError(httpStatus.NOT_FOUND, "Account not found");
+    }
+    res.send({
+        ...account.data,
+        notification: entryDeviceNotifications?.settings,
+    });
+});
+const setDeviceToken = catchAsync(async (req, res) => {
+    const account = await accountsService.getAccountById(req.auth.sub);
+    const devices = account.data.app_metadata.devices || [];
+    const alreadyExisting = devices.find((d) => d.fck === req.body.token);
+    if (!alreadyExisting) {
+        devices.push({ fck: req.body.token });
+    }
+    const update = {
+        ...account.app_metadata,
+        devices: devices.slice(Math.max(devices.length - 3, 1)),
+    };
+    const entry = await accountsService.updateMetaDataById(req.auth.sub, update);
+    res.send(entry);
+});
+const avatar = catchAsync(async (req, res) => {
+    const avatarImage = await auth0.avatar(req.auth.sub);
+    res.send(avatarImage);
+});
+const updateEntry = catchAsync(async (req, res) => {
+    const account = await accountsService.getAccountById(req.auth.sub);
+    const { isSocial } = account?.data.identities[0];
+    const { given_name, family_name, email, notification, ...updateBody } = req.body;
+    const trimmedGivenName = typeof given_name === "string" ? given_name.trim() : undefined;
+    const trimmedFamilyName = typeof family_name === "string" ? family_name.trim() : undefined;
+    const hasGivenName = !!trimmedGivenName;
+    const hasFamilyName = !!trimmedFamilyName;
+    const update = isSocial
+        ? {
+            ...account.data.app_metadata,
+            ...updateBody,
+            ...(hasGivenName ? { first_name: trimmedGivenName } : {}),
+            ...(hasFamilyName ? { last_name: trimmedFamilyName } : {}),
+        }
+        : updateBody;
+    const entry = await accountsService.updateMetaDataById(req.auth.sub, update);
+    if (notification) {
+        await deviceNotifications.updateByUserId(req.auth.sub, {
+            settings: notification,
+        });
+    }
+    if (!isSocial && (hasGivenName || hasFamilyName || email)) {
+        try {
+            await accountsService.updateUserById(req.auth.sub, {
+                ...(hasGivenName ? { given_name: trimmedGivenName } : {}),
+                ...(hasFamilyName ? { family_name: trimmedFamilyName } : {}),
+                ...(email ? { email } : {}),
+            });
+        }
+        catch (error) {
+            console.error("error", error.message);
+            throw new ApiError(httpStatus.CONFLICT, error.message);
+        }
+    }
+    res.send(entry);
+});
+const deleteCurrent = catchAsync(async (req, res) => {
+    const entry = await accountsService.deleteById(req.auth.sub);
+    res.send(entry);
+});
+const current = catchAsync(async (req, res) => {
+    const user = await accountsService.getAccountById(req.auth.sub);
+    res.send(user.data);
+});
+const mfaEnroll = catchAsync(async (req, res) => {
+    const { mfaEnroll } = req.body;
+    const user = await accountsService.mfaEnroll(req.auth.sub, mfaEnroll);
+    res.send(user);
+});
+const mfaDisable = catchAsync(async (req, res) => {
+    const user = await accountsService.mfaDisable(req.auth.sub);
+    res.send(user);
+});
+export { avatar, getAccountById, current, setDeviceToken, mfaEnroll, updateEntry, deleteCurrent, mfaDisable, };

package/dist/src/accounts/accounts.route.js

@@ -0,0 +1,101 @@
+import { Router } from "express";
+import buildRouterAndDocs from "../utils/buildRouterAndDocs.js";
+import auth from "../middlewares/auth.js";
+import * as accountsValidation from "./accounts.validation.js";
+import * as accountsController from "./accounts.controller.js";
+import { accountResponseSchema } from "./accounts.schemas.js";
+import { validateParamsAccount } from "../middlewares/validateCurrentAuthUser.js";
+export const accountsRouteSpecs = [
+    {
+        method: "get",
+        path: "/current",
+        validate: [auth("manageUsers")],
+        requestSchema: accountsValidation.currentAccountSchema,
+        responseSchema: accountResponseSchema,
+        privateDocs: true,
+        handler: accountsController.current,
+        summary: "Get the current account",
+    },
+    {
+        method: "post",
+        path: "/current/mfa/enroll",
+        validate: [auth("manageUsers")],
+        requestSchema: accountsValidation.currentAccountMfaEnrollSchema,
+        responseSchema: accountResponseSchema,
+        privateDocs: true,
+        handler: accountsController.mfaEnroll,
+        summary: "Enroll current account in MFA",
+    },
+    {
+        method: "post",
+        path: "/current/mfa/disable",
+        validate: [auth("manageUsers")],
+        requestSchema: accountsValidation.currentAccountMfaEnrollSchema,
+        responseSchema: accountResponseSchema,
+        privateDocs: true,
+        handler: accountsController.mfaDisable,
+        summary: "Disable current account MFA",
+    },
+    {
+        method: "post",
+        path: "/:accountId/setDeviceToken",
+        validate: [auth("manageUsers"), validateParamsAccount],
+        requestSchema: accountsValidation.setDeviceTokenSchema,
+        responseSchema: accountResponseSchema,
+        privateDocs: true,
+        handler: accountsController.setDeviceToken,
+        summary: "Set a device token for an account",
+    },
+    {
+        method: "get",
+        path: "/:accountId/avatar.jpg",
+        validate: [auth("manageUsers")],
+        requestSchema: accountsValidation.getAvatarSchema,
+        responseSchema: accountResponseSchema, // or a binary/blob schema if you have one
+        privateDocs: true,
+        handler: accountsController.avatar,
+        summary: "Fetch account avatar",
+    },
+    {
+        method: "delete",
+        path: "/deleteCurrent",
+        validate: [auth("manageUsers")],
+        requestSchema: accountsValidation.deleteCurrentSchema,
+        responseSchema: accountResponseSchema,
+        privateDocs: true,
+        handler: accountsController.deleteCurrent,
+        summary: "Delete the current account",
+    },
+    {
+        method: "get",
+        path: "/:accountId",
+        validate: [auth("getUsers"), validateParamsAccount],
+        requestSchema: accountsValidation.getAccountSchema,
+        responseSchema: accountResponseSchema,
+        handler: accountsController.getAccountById,
+        summary: "Get an account by ID",
+    },
+    {
+        method: "post",
+        path: "/:accountId",
+        validate: [auth("manageUsers"), validateParamsAccount],
+        requestSchema: accountsValidation.updateAccountSchema,
+        responseSchema: accountResponseSchema,
+        privateDocs: true,
+        handler: accountsController.updateEntry,
+        summary: "Create or replace an account by ID",
+    },
+    {
+        method: "patch",
+        path: "/:accountId",
+        validate: [auth("manageUsers"), validateParamsAccount],
+        requestSchema: accountsValidation.updateAccountSchema,
+        responseSchema: accountResponseSchema,
+        privateDocs: true,
+        handler: accountsController.updateEntry,
+        summary: "Update fields on an account by ID",
+    },
+];
+const router = Router();
+buildRouterAndDocs(router, accountsRouteSpecs, "/accounts", ["Accounts"]);
+export default router;

package/dist/src/accounts/accounts.schemas.js

@@ -0,0 +1,12 @@
+import { z } from 'zod';
+export const accountResponseSchema = z.object({
+    id: z.string().uuid(),
+    email: z.string().email(),
+    firstName: z.string().optional(),
+    lastName: z.string().optional(),
+    organizationId: z.string().uuid(),
+    roles: z.array(z.string()), // e.g. ['admin','user']
+    isMfaEnabled: z.boolean(),
+    createdAt: z.string(), // ISO timestamp
+    updatedAt: z.string(), // ISO timestamp
+});

package/dist/src/accounts/accounts.service.js

@@ -0,0 +1,65 @@
+// @ts-nocheck
+import { auth0, mfaDisableAccount, mfaEnrollAccount } from "./auth0.service.js";
+/**
+ * Get user by id
+ * @param {ObjectId} id
+ * @returns {Promise<Stock>}
+ */
+export const getAccountById = async (id) => {
+    return auth0.users.get({ id });
+};
+/**
+ * Get user by email
+ * @param {string} email
+ * @returns {Promise<Stock>}
+ */
+/*
+export const getAccountByEmail = async (email: string): Promise<Stock> => {
+  return auth0.getUsersByEmail(email); // Fixed incorrect variable `postID` to `email`
+}; */
+/**
+ * Enroll user in MFA
+ * @param {ObjectId} userId
+ * @param {string} mfaToken
+ * @returns {Promise<Stock>}
+ */
+export const mfaEnroll = async (userId, mfaToken) => {
+    const params = { id: userId };
+    const body = {
+        mfa_token: mfaToken,
+    };
+    return mfaEnrollAccount(userId, body);
+};
+export const mfaDisable = async (userId) => {
+    await mfaDisableAccount(userId);
+    return { success: true };
+};
+/**
+ * Update user metadata by id
+ */
+export const updateMetaDataById = async (id, updateBody) => {
+    // now use the generic update and pass app_metadata
+    return auth0.users.update({ id }, { app_metadata: updateBody });
+};
+/**
+ * Update user by id
+ */
+export const updateUserById = async (id, updateBody) => {
+    // switch to the v3 ManagementClient users.update
+    return auth0.users.update({ id }, updateBody);
+};
+/**
+ * Delete user by id
+ */
+export const deleteById = async (userId) => {
+    return auth0.users.delete({ id: userId });
+};
+export default {
+    getAccountById,
+    // getAccountByEmail,
+    mfaEnroll,
+    mfaDisable,
+    updateMetaDataById,
+    updateUserById,
+    deleteById,
+};

package/dist/src/accounts/accounts.validation.js

@@ -0,0 +1,99 @@
+import { extendZodWithOpenApi } from "@asteasolutions/zod-to-openapi";
+import { z } from "zod";
+import { zPagination, zObjectId, zPatchBody, } from "../utils/zValidations.js";
+extendZodWithOpenApi(z);
+export const createAccountSchema = {
+    body: z.object({
+        name: z
+            .string()
+            .openapi({ example: "Sample Entry", description: "Name of the entry" })
+            .optional(),
+        medication: zObjectId.openapi({ description: "Medication ObjectId" }),
+        organization: zObjectId.openapi({ description: "Organization ObjectId" }),
+        patient: zObjectId.openapi({ description: "Patient ObjectId" }),
+        meta: z
+            .record(z.string(), z.any())
+            .openapi({
+            example: { key: "value" },
+            description: "Additional metadata for the entry",
+        })
+            .optional(),
+    }),
+};
+export const getUsersSchema = zPagination;
+export const getAccountSchema = {
+    params: z.object({
+        accountId: z
+            .string()
+            .openapi({
+            example: process.env.SCHEMA_EXAMPLE_ACCOUNT_ID || "auth0|60452f4c0dc85b0062326",
+            description: "Auth Account ID",
+        }),
+    }),
+};
+export const updateAccountSchema = {
+    params: z.object({
+        accountId: z
+            .string()
+            .openapi({
+            example: process.env.SCHEMA_EXAMPLE_ACCOUNT_ID || "auth0|60452f4c0dc85b0062326",
+            description: "Auth Account ID",
+        }),
+    }),
+    body: zPatchBody({
+        language: z
+            .string()
+            .nullable()
+            .optional()
+            .openapi({ example: "en", description: "Language code" }),
+        gender: z
+            .string()
+            .nullable()
+            .optional()
+            .openapi({ example: "female", description: "Gender" }),
+        email: z
+            .string()
+            .email()
+            .optional()
+            .openapi({ description: "User email address" }),
+        given_name: z
+            .string()
+            .optional()
+            .openapi({ example: "John", description: "Given name" }),
+        family_name: z
+            .string()
+            .optional()
+            .openapi({ example: "Doe", description: "Family name" }),
+        debug: z.boolean().optional(),
+        demo: z.boolean().optional(),
+        notification: z
+            .record(z.string(), z.any())
+            .optional()
+            .openapi({ description: "Notification settings object" }),
+    }),
+};
+export const deleteEntrySchema = {
+    params: z.object({
+        accountId: z
+            .string()
+            .openapi({
+            example: process.env.SCHEMA_EXAMPLE_ACCOUNT_ID || "auth0|60452f4c0dc85b0062326",
+            description: "Auth Account ID",
+        }),
+    }),
+};
+export const currentAccountSchema = {};
+export const currentAccountMfaEnrollSchema = {
+/* body: z.object({
+  mfaEnroll: z.string().openapi({ example: 'totp', description: 'MFA token to enroll' }),
+}), */
+};
+export const setDeviceTokenSchema = {
+    body: z.object({
+        token: z
+            .string()
+            .openapi({ example: "device-token", description: "Device token to set" }),
+    }),
+};
+export const getAvatarSchema = {};
+export const deleteCurrentSchema = {};

package/dist/src/accounts/auth0.service.js

@@ -0,0 +1,188 @@
+// @ts-nocheck
+import { AuthenticationClient, ManagementClient } from "auth0";
+import { promises as fs, readFileSync } from "fs";
+let tokenManagementClient = {
+    clientId: process.env.AUTH0_CLIENT_ID,
+    clientSecret: process.env.AUTH0_CLIENT_SECRET,
+};
+//if (config.env !== 'production') {
+try {
+    console.warn("Auth0 client: use local token from cache try");
+    const token = readFileSync("./token.txt", "utf8");
+    console.warn("Auth0 client: use local token from cache");
+    tokenManagementClient = { token };
+}
+catch (error) {
+    console.log("Auth0 Client: use new token");
+}
+//}
+// IoT Api
+/*
+export const auth0Management = new ManagementClient({
+  ...tokenManagementClient,
+  domain: process.env.AUTH0_MANAGEMENT_DOMAIN!,
+  grant_type: 'client_credentials',
+  audience: process.env.AUTH0_AUDIENCE!,
+} as ManagementClientOptions);
+ */
+// add this AuthenticationClient just for token fetching
+export const auth0AuthClient = new AuthenticationClient({
+    domain: process.env.AUTH0_MANAGEMENT_DOMAIN,
+    clientId: process.env.AUTH0_MANAGEMENT_CLIENT_ID,
+    clientSecret: process.env.AUTH0_MANAGEMENT_CLIENT_SECRET,
+});
+// In-memory cache for client-credentials tokens
+let cachedToken = null;
+let tokenExpiresAt = null;
+let pendingTokenPromise = null;
+let cachedManagementToken = null;
+let managementTokenExpiresAt = null;
+let pendingManagementTokenPromise = null;
+const TOKEN_FILE_PATH = "./token.txt";
+const MANAGEMENT_TOKEN_FILE_PATH = "./token.management.txt";
+const TOKEN_BUFFER_SECONDS = 60; // refresh a minute before expiry
+const TOKEN_FALLBACK_TTL_SECONDS = 3300; // ~55 minutes when no expiry metadata exists
+const loadTokenFromFile = async (filePath) => {
+    try {
+        const raw = await fs.readFile(filePath, "utf8");
+        try {
+            const parsed = JSON.parse(raw);
+            if (parsed?.token && parsed?.expiresAt) {
+                return { token: parsed.token, expiresAt: parsed.expiresAt };
+            }
+        }
+        catch (parseError) {
+            // Backward compatibility: token.txt previously contained only the token string
+            const now = Math.floor(Date.now() / 1000);
+            return { token: raw.trim(), expiresAt: now + TOKEN_FALLBACK_TTL_SECONDS };
+        }
+    }
+    catch (error) {
+        return null;
+    }
+    return null;
+};
+const writeTokenFile = async (filePath, token, expiresAt) => {
+    const payload = JSON.stringify({ token, expiresAt });
+    await fs.writeFile(filePath, payload, "utf8");
+};
+const tokenIsValid = (token, expiresAt, now) => {
+    if (!token || !expiresAt)
+        return false;
+    return now < expiresAt - TOKEN_BUFFER_SECONDS;
+};
+export const getAuth0Token = async () => {
+    const audience = process.env.AUTH0_AUDIENCE ||
+        process.env.AUTH0_MANAGEMENT_AUDIENCE ||
+        "localhost:3000/";
+    const grantOpts = { audience };
+    const now = Math.floor(Date.now() / 1000);
+    if (tokenIsValid(cachedToken, tokenExpiresAt, now))
+        return cachedToken;
+    if (pendingTokenPromise)
+        return pendingTokenPromise;
+    pendingTokenPromise = (async () => {
+        // Non-production: try to reuse a file-cached token (for local dev) before minting a new one
+        // if (process.env.NODE_ENV !== 'production') {
+        const fileToken = await loadTokenFromFile(TOKEN_FILE_PATH);
+        if (fileToken && fileToken.expiresAt > now + TOKEN_BUFFER_SECONDS) {
+            cachedToken = fileToken.token;
+            tokenExpiresAt = fileToken.expiresAt;
+            pendingTokenPromise = null;
+            return cachedToken;
+        }
+        //}
+        const tokenResponse = await auth0AuthClient.oauth.clientCredentialsGrant(grantOpts);
+        const expiresIn = tokenResponse.data.expires_in || 3600;
+        cachedToken = tokenResponse.data.access_token;
+        tokenExpiresAt = now + expiresIn;
+        // if (process.env.NODE_ENV !== 'production') {
+        await writeTokenFile(TOKEN_FILE_PATH, cachedToken, tokenExpiresAt);
+        // }
+        pendingTokenPromise = null;
+        return cachedToken;
+    })();
+    return pendingTokenPromise;
+};
+export const getAuth0ManagementToken = async () => {
+    const audience = process.env.AUTH0_MANAGEMENT_AUDIENCE;
+    if (!audience) {
+        throw new Error("Missing AUTH0_MANAGEMENT_AUDIENCE; cannot mint Management API token");
+    }
+    const grantOpts = { audience };
+    const now = Math.floor(Date.now() / 1000);
+    if (tokenIsValid(cachedManagementToken, managementTokenExpiresAt, now))
+        return cachedManagementToken;
+    if (pendingManagementTokenPromise)
+        return pendingManagementTokenPromise;
+    pendingManagementTokenPromise = (async () => {
+        const fileToken = await loadTokenFromFile(MANAGEMENT_TOKEN_FILE_PATH);
+        if (fileToken && fileToken.expiresAt > now + TOKEN_BUFFER_SECONDS) {
+            cachedManagementToken = fileToken.token;
+            managementTokenExpiresAt = fileToken.expiresAt;
+            pendingManagementTokenPromise = null;
+            return cachedManagementToken;
+        }
+        const tokenResponse = await auth0AuthClient.oauth.clientCredentialsGrant(grantOpts);
+        const expiresIn = tokenResponse.data.expires_in || 3600;
+        cachedManagementToken = tokenResponse.data.access_token;
+        managementTokenExpiresAt = now + expiresIn;
+        await writeTokenFile(MANAGEMENT_TOKEN_FILE_PATH, cachedManagementToken, managementTokenExpiresAt);
+        pendingManagementTokenPromise = null;
+        return cachedManagementToken;
+    })();
+    return pendingManagementTokenPromise;
+};
+export const auth0 = new ManagementClient({
+    domain: process.env.AUTH0_MANAGEMENT_DOMAIN,
+    audience: process.env.AUTH0_MANAGEMENT_AUDIENCE,
+    token: getAuth0ManagementToken,
+});
+export const getUserIdByEmail = async (email) => {
+    // use the users resource to look up by email
+    return auth0.usersByEmail.getByEmail({ email });
+};
+export const sendVerificationEmail = async (userID) => {
+    return auth0.jobs.verifyEmail({ user_id: userID });
+};
+export const getUserById = async (userId) => {
+    return auth0.users.get({ id: userId });
+};
+export const avatar = async (userId) => {
+    return auth0.users.get({ id: userId });
+};
+export const mfaEnrollAccount = async (userId, mfaToken) => {
+    const ticketResponse = await auth0.guardian.createEnrollmentTicket({
+        user_id: userId,
+        send_mail: false,
+    });
+    return ticketResponse;
+};
+export const mfaDisableAccount = async (userId) => {
+    await auth0.users.deleteAuthenticationMethods({ id: userId });
+    return { success: true };
+};
+export const getUsersByIds = async (postIDs) => {
+    let q = "";
+    postIDs.forEach((e, i) => {
+        if (e)
+            q = `${q} ${i >= 2 ? " OR " : ""} user_id:"${e}"`;
+    });
+    const params = {
+        search_engine: "v3",
+        q,
+        per_page: 100,
+        page: 0,
+    };
+    return auth0.users.getAll(params);
+};
+export default {
+    auth0,
+    avatar,
+    getAuth0Token,
+    getUsersByIds,
+    getUserIdByEmail,
+    getUserById,
+    mfaEnrollAccount,
+    sendVerificationEmail,
+};

package/dist/src/config/config.js

@@ -0,0 +1,48 @@
+import dotenv from "dotenv";
+// Load env from the current working directory
+dotenv.config();
+console.log("Current working directory:", process.cwd());
+console.log("Loaded environment variables:", {
+    NODE_ENV: process.env.NODE_ENV,
+    PORT: process.env.PORT,
+    MONGODB_URL: process.env.MONGODB_URL,
+});
+import Joi from "joi";
+const envVarsSchema = Joi.object()
+    .keys({
+    NODE_ENV: Joi.string()
+        .valid("production", "development", "test")
+        .required(),
+    PORT: Joi.number().default(3000),
+    MONGODB_URL: Joi.string().required().description("Mongo DB url"),
+})
+    .unknown();
+const { value: envVars, error } = envVarsSchema
+    .prefs({ errors: { label: "key" } })
+    .validate(process.env);
+if (error) {
+    throw new Error(`Config validation error: ${error.message}`);
+}
+export const config = {
+    env: envVars.NODE_ENV,
+    port: envVars.PORT,
+    mongoose: {
+        url: envVars.MONGODB_URL + (envVars.NODE_ENV === "test" ? "-test" : ""),
+        useCreateIndex: true,
+        useNewUrlParser: true,
+        useUnifiedTopology: true,
+        useFindAndModify: false,
+    },
+    /* email: {
+      smtp: {
+        host: envVars.SMTP_HOST,
+        port: envVars.SMTP_PORT,
+        auth: {
+          user: envVars.SMTP_USERNAME,
+          pass: envVars.SMTP_PASSWORD,
+        },
+      },
+      from: envVars.EMAIL_FROM,
+    }, */
+};
+export default config;

package/dist/src/config/logger.js

@@ -0,0 +1,27 @@
+// @ts-nocheck
+import winston from "winston";
+import config from "./config";
+const enumerateErrorFormat = winston.format((info) => {
+    if (info instanceof Error) {
+        Object.assign(info, { message: info.stack });
+    }
+    return info;
+});
+const logger = winston.createLogger({
+    level: config.env === "development" ? "debug" : "info",
+    format: winston.format.combine(enumerateErrorFormat(), config.env === "development"
+        ? winston.format.colorize()
+        : winston.format.uncolorize(), winston.format.splat(), winston.format.printf((info) => {
+        const { level, message, stack, ...rest } = info;
+        const restKeys = Object.keys(rest);
+        const restText = restKeys.length ? ` ${JSON.stringify(rest)}` : "";
+        const stackText = stack ? `\n${stack}` : "";
+        return `${level}: ${message}${stackText}${restText}`;
+    })),
+    transports: [
+        new winston.transports.Console({
+            stderrLevels: ["error"],
+        }),
+    ],
+});
+export default logger;

package/dist/src/config/morgan.js

@@ -0,0 +1,16 @@
+import morgan from 'morgan';
+import config from './config';
+import logger from './logger';
+morgan.token('message', (req, res) => res.locals.errorMessage || '');
+const getIpFormat = () => (config.env === 'production' ? ':remote-addr - ' : '');
+const successResponseFormat = `${getIpFormat()}:method :url :status - :response-time ms`;
+const errorResponseFormat = `${getIpFormat()}:method :url :status - :response-time ms - message: :message`;
+const successHandler = morgan(successResponseFormat, {
+    skip: (req, res) => res.statusCode >= 400,
+    stream: { write: (message) => logger.info(message.trim()) },
+});
+const errorHandler = morgan(errorResponseFormat, {
+    skip: (req, res) => res.statusCode < 400,
+    stream: { write: (message) => logger.error(message.trim()) },
+});
+export default { successHandler, errorHandler };

package/dist/src/config/passport.cjs

@@ -0,0 +1,28 @@
+"use strict";
+const { Strategy: JwtStrategy, ExtractJwt } = require('passport-jwt');
+const config = require('./config.cjs');
+const { tokenTypes } = require('./tokens.cjs');
+const { User } = require('../models.cjs');
+const jwtOptions = {
+    secretOrKey: config.jwt.secret,
+    jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+};
+const jwtVerify = async (payload, done) => {
+    try {
+        if (payload.type !== tokenTypes.ACCESS) {
+            throw new Error('Invalid token type');
+        }
+        const user = await User.findById(payload.sub);
+        if (!user) {
+            return done(null, false);
+        }
+        done(null, user);
+    }
+    catch (error) {
+        done(error, false);
+    }
+};
+const jwtStrategy = new JwtStrategy(jwtOptions, jwtVerify);
+module.exports = {
+    jwtStrategy,
+};