@lenne.tech/nest-server 11.10.1 → 11.10.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/modules/auth/guards/auth.guard.d.ts +2 -2
- package/dist/core/modules/auth/guards/auth.guard.js +68 -8
- package/dist/core/modules/auth/guards/auth.guard.js.map +1 -1
- package/dist/core/modules/auth/guards/roles.guard.d.ts +3 -4
- package/dist/core/modules/auth/guards/roles.guard.js +64 -159
- package/dist/core/modules/auth/guards/roles.guard.js.map +1 -1
- package/dist/core/modules/better-auth/better-auth-token.service.d.ts +21 -0
- package/dist/core/modules/better-auth/better-auth-token.service.js +153 -0
- package/dist/core/modules/better-auth/better-auth-token.service.js.map +1 -0
- package/dist/core/modules/better-auth/better-auth.types.d.ts +13 -0
- package/dist/core/modules/better-auth/better-auth.types.js.map +1 -1
- package/dist/core/modules/better-auth/core-better-auth.module.d.ts +2 -0
- package/dist/core/modules/better-auth/core-better-auth.module.js +33 -4
- package/dist/core/modules/better-auth/core-better-auth.module.js.map +1 -1
- package/dist/core/modules/better-auth/core-better-auth.service.d.ts +1 -0
- package/dist/core/modules/better-auth/core-better-auth.service.js +4 -0
- package/dist/core/modules/better-auth/core-better-auth.service.js.map +1 -1
- package/dist/core/modules/better-auth/index.d.ts +1 -0
- package/dist/core/modules/better-auth/index.js +1 -0
- package/dist/core/modules/better-auth/index.js.map +1 -1
- package/dist/core.module.js +1 -0
- package/dist/core.module.js.map +1 -1
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/src/core/modules/auth/guards/auth.guard.ts +136 -23
- package/src/core/modules/auth/guards/roles.guard.ts +119 -239
- package/src/core/modules/better-auth/better-auth-token.service.ts +241 -0
- package/src/core/modules/better-auth/better-auth.types.ts +37 -0
- package/src/core/modules/better-auth/core-better-auth.controller.ts +1 -1
- package/src/core/modules/better-auth/core-better-auth.module.ts +51 -4
- package/src/core/modules/better-auth/core-better-auth.resolver.ts +1 -1
- package/src/core/modules/better-auth/core-better-auth.service.ts +13 -0
- package/src/core/modules/better-auth/index.ts +1 -0
- package/src/core.module.ts +3 -0
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { CanActivate } from '@nestjs/common';
|
|
1
|
+
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
2
|
import { Type } from '@nestjs/passport';
|
|
3
3
|
import { AuthGuardStrategy } from '../auth-guard-strategy.enum';
|
|
4
4
|
export type IAuthGuard = CanActivate & {
|
|
5
|
-
handleRequest<TUser = any>(err:
|
|
5
|
+
handleRequest<TUser = any>(err: Error | null, user: any, info: any, context: ExecutionContext): TUser;
|
|
6
6
|
};
|
|
7
7
|
export declare const AuthGuard: (type?: AuthGuardStrategy | string | string[]) => Type<IAuthGuard>;
|
|
@@ -14,11 +14,14 @@ var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.AuthGuard = void 0;
|
|
16
16
|
const common_1 = require("@nestjs/common");
|
|
17
|
+
const core_1 = require("@nestjs/core");
|
|
17
18
|
const graphql_1 = require("@nestjs/graphql");
|
|
18
19
|
const passport_1 = require("@nestjs/passport");
|
|
19
20
|
const options_1 = require("@nestjs/passport/dist/options");
|
|
20
21
|
const memoize_util_1 = require("@nestjs/passport/dist/utils/memoize.util");
|
|
21
22
|
const passport = require("passport");
|
|
23
|
+
const better_auth_token_service_1 = require("../../better-auth/better-auth-token.service");
|
|
24
|
+
const core_better_auth_service_1 = require("../../better-auth/core-better-auth.service");
|
|
22
25
|
const auth_guard_strategy_enum_1 = require("../auth-guard-strategy.enum");
|
|
23
26
|
const expired_refresh_token_exception_1 = require("../exceptions/expired-refresh-token.exception");
|
|
24
27
|
const expired_token_exception_1 = require("../exceptions/expired-token.exception");
|
|
@@ -33,16 +36,37 @@ const createPassportContext = (request, response) => (type, options, callback) =
|
|
|
33
36
|
catch (err) {
|
|
34
37
|
reject(err);
|
|
35
38
|
}
|
|
36
|
-
})(request, response, (err) => (err ? reject(err) : resolve)));
|
|
39
|
+
})(request, response, (err) => (err ? reject(err) : resolve(undefined))));
|
|
37
40
|
function createAuthGuard(type) {
|
|
38
41
|
let MixinAuthGuard = class MixinAuthGuard {
|
|
39
|
-
constructor(options) {
|
|
42
|
+
constructor(options, moduleRef) {
|
|
40
43
|
this.options = options;
|
|
44
|
+
this.moduleRef = moduleRef;
|
|
45
|
+
this.logger = new common_1.Logger('AuthGuard');
|
|
46
|
+
this.betterAuthService = null;
|
|
47
|
+
this.tokenService = null;
|
|
48
|
+
this.servicesResolved = false;
|
|
41
49
|
this.options = this.options || {};
|
|
42
50
|
if (!type && !this.options.defaultStrategy) {
|
|
43
|
-
|
|
51
|
+
this.logger.error(NO_STRATEGY_ERROR);
|
|
44
52
|
}
|
|
45
53
|
}
|
|
54
|
+
resolveServices() {
|
|
55
|
+
if (this.servicesResolved || !this.moduleRef) {
|
|
56
|
+
return;
|
|
57
|
+
}
|
|
58
|
+
try {
|
|
59
|
+
this.betterAuthService = this.moduleRef.get(core_better_auth_service_1.CoreBetterAuthService, { strict: false });
|
|
60
|
+
}
|
|
61
|
+
catch {
|
|
62
|
+
}
|
|
63
|
+
try {
|
|
64
|
+
this.tokenService = this.moduleRef.get(better_auth_token_service_1.BetterAuthTokenService, { strict: false });
|
|
65
|
+
}
|
|
66
|
+
catch {
|
|
67
|
+
}
|
|
68
|
+
this.servicesResolved = true;
|
|
69
|
+
}
|
|
46
70
|
async canActivate(context) {
|
|
47
71
|
const args = context.getArgs();
|
|
48
72
|
if (args.length > 0 && args[args.length - 1]?.operation?.operation === 'subscription') {
|
|
@@ -56,12 +80,45 @@ function createAuthGuard(type) {
|
|
|
56
80
|
request[options.property || options_1.defaultOptions.property] = validatedUser;
|
|
57
81
|
return true;
|
|
58
82
|
}
|
|
83
|
+
if (type === auth_guard_strategy_enum_1.AuthGuardStrategy.BETTER_AUTH) {
|
|
84
|
+
return this.handleBetterAuthStrategy(context, request, options);
|
|
85
|
+
}
|
|
59
86
|
const response = context?.switchToHttp()?.getResponse();
|
|
60
87
|
const passportFn = createPassportContext(request, response);
|
|
61
|
-
const user = await passportFn(type || this.options
|
|
88
|
+
const user = await passportFn(type || this.options?.defaultStrategy, options, (err, currentUser, info) => this.handleRequest(err, currentUser, info, context));
|
|
62
89
|
request[options.property || options_1.defaultOptions.property] = user;
|
|
63
90
|
return true;
|
|
64
91
|
}
|
|
92
|
+
async handleBetterAuthStrategy(context, request, options) {
|
|
93
|
+
this.resolveServices();
|
|
94
|
+
if (!this.betterAuthService?.isEnabled()) {
|
|
95
|
+
this.logger.warn('BETTER_AUTH strategy used but BetterAuth is not enabled');
|
|
96
|
+
throw new invalid_token_exception_1.InvalidTokenException();
|
|
97
|
+
}
|
|
98
|
+
const user = await this.verifyBetterAuthToken(request);
|
|
99
|
+
if (!user) {
|
|
100
|
+
throw new invalid_token_exception_1.InvalidTokenException();
|
|
101
|
+
}
|
|
102
|
+
const validatedUser = this.handleRequest(null, user, null, context);
|
|
103
|
+
request[options.property || options_1.defaultOptions.property] = validatedUser;
|
|
104
|
+
return true;
|
|
105
|
+
}
|
|
106
|
+
async verifyBetterAuthToken(request) {
|
|
107
|
+
if (!this.tokenService) {
|
|
108
|
+
return null;
|
|
109
|
+
}
|
|
110
|
+
try {
|
|
111
|
+
const { token } = this.tokenService.extractTokenFromRequest(request);
|
|
112
|
+
if (!token) {
|
|
113
|
+
return null;
|
|
114
|
+
}
|
|
115
|
+
return await this.tokenService.verifyAndLoadUser(token);
|
|
116
|
+
}
|
|
117
|
+
catch (error) {
|
|
118
|
+
this.logger.debug(`BetterAuth token verification failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
|
|
119
|
+
return null;
|
|
120
|
+
}
|
|
121
|
+
}
|
|
65
122
|
getRequest(context) {
|
|
66
123
|
try {
|
|
67
124
|
const ctx = graphql_1.GqlExecutionContext.create(context)?.getContext();
|
|
@@ -69,14 +126,15 @@ function createAuthGuard(type) {
|
|
|
69
126
|
return ctx.req;
|
|
70
127
|
}
|
|
71
128
|
}
|
|
72
|
-
catch
|
|
129
|
+
catch {
|
|
130
|
+
}
|
|
73
131
|
return context && context.switchToHttp() ? context.switchToHttp().getRequest() : null;
|
|
74
132
|
}
|
|
75
133
|
async logIn(request) {
|
|
76
|
-
const user = request[this.options
|
|
134
|
+
const user = request[this.options?.property || options_1.defaultOptions.property];
|
|
77
135
|
await new Promise((resolve, reject) => request.logIn(user, (err) => (err ? reject(err) : resolve())));
|
|
78
136
|
}
|
|
79
|
-
handleRequest(err, user, info,
|
|
137
|
+
handleRequest(err, user, info, _context) {
|
|
80
138
|
if (err) {
|
|
81
139
|
throw new invalid_token_exception_1.InvalidTokenException();
|
|
82
140
|
}
|
|
@@ -96,7 +154,9 @@ function createAuthGuard(type) {
|
|
|
96
154
|
};
|
|
97
155
|
MixinAuthGuard = __decorate([
|
|
98
156
|
__param(0, (0, common_1.Optional)()),
|
|
99
|
-
|
|
157
|
+
__param(1, (0, common_1.Optional)()),
|
|
158
|
+
__metadata("design:paramtypes", [passport_1.AuthModuleOptions,
|
|
159
|
+
core_1.ModuleRef])
|
|
100
160
|
], MixinAuthGuard);
|
|
101
161
|
const guard = (0, common_1.mixin)(MixinAuthGuard);
|
|
102
162
|
return guard;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.guard.js","sourceRoot":"","sources":["../../../../../src/core/modules/auth/guards/auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAwF;AACxF,6CAAsD;AACtD,+CAA2D;AAC3D,2DAA+D;AAC/D,2EAAmE;AACnE,qCAAsC;AAEtC,0EAAgE;AAChE,mGAA6F;AAC7F,mFAA8E;AAC9E,mFAA8E;AAK9E,MAAM,iBAAiB,GACrB,qFAAqF;IACrF,kFAAkF,CAAC;AAcrF,MAAM,qBAAqB,
|
|
1
|
+
{"version":3,"file":"auth.guard.js","sourceRoot":"","sources":["../../../../../src/core/modules/auth/guards/auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAwF;AACxF,uCAAyC;AACzC,6CAAsD;AACtD,+CAA2D;AAC3D,2DAA+D;AAC/D,2EAAmE;AACnE,qCAAsC;AAEtC,2FAAqF;AAErF,yFAAmF;AACnF,0EAAgE;AAChE,mGAA6F;AAC7F,mFAA8E;AAC9E,mFAA8E;AAK9E,MAAM,iBAAiB,GACrB,qFAAqF;IACrF,kFAAkF,CAAC;AAcrF,MAAM,qBAAqB,GACzB,CAAC,OAAY,EAAE,QAAa,EAAE,EAAE,CAAC,CAAC,IAAS,EAAE,OAAY,EAAE,QAAmC,EAAE,EAAE,CAChG,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,CAC9B,QAAQ,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,GAAQ,EAAE,IAAS,EAAE,IAAS,EAAE,EAAE;IACtE,IAAI,CAAC;QACH,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;QACxB,OAAO,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,CAAC,CAAC;IACd,CAAC;AACH,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAC9E,CAAC;AAoBN,SAAS,eAAe,CAAC,IAA4C;IACnE,IAAM,cAAc,GAApB,MAAM,cAAc;QASlB,YACc,OAA8C,EAC9C,SAAsC;YADnB,YAAO,GAAP,OAAO,CAAoB;YAC7B,cAAS,GAAT,SAAS,CAAY;YAVnC,WAAM,GAAG,IAAI,eAAM,CAAC,WAAW,CAAC,CAAC;YAC1C,sBAAiB,GAAiC,IAAI,CAAC;YACvD,iBAAY,GAAkC,IAAI,CAAC;YACnD,qBAAgB,GAAG,KAAK,CAAC;YAS/B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;gBAC3C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAKO,eAAe;YACrB,IAAI,IAAI,CAAC,gBAAgB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC7C,OAAO;YACT,CAAC;YAED,IAAI,CAAC;gBACH,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,gDAAqB,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACxF,CAAC;YAAC,MAAM,CAAC;YAET,CAAC;YAED,IAAI,CAAC;gBACH,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,kDAAsB,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACpF,CAAC;YAAC,MAAM,CAAC;YAET,CAAC;YAED,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC/B,CAAC;QAKD,KAAK,CAAC,WAAW,CAAC,OAAyB;YACzC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;YAC/B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS,KAAK,cAAc,EAAE,CAAC;gBACtF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,OAAO,GAAG,EAAE,GAAG,wBAAc,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YACvD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAKzC,MAAM,YAAY,GAAG,OAAO,EAAE,CAAC,OAAO,CAAC,QAAQ,IAAI,wBAAc,CAAC,QAAQ,CAAC,CAAC;YAC5E,IAAI,YAAY,IAAI,YAAY,CAAC,2BAA2B,KAAK,IAAI,EAAE,CAAC;gBAGtE,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC5E,OAAO,CAAC,OAAO,CAAC,QAAQ,IAAI,wBAAc,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC;gBACrE,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,IAAI,IAAI,KAAK,4CAAiB,CAAC,WAAW,EAAE,CAAC;gBAC3C,OAAO,IAAI,CAAC,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAClE,CAAC;YAGD,MAAM,QAAQ,GAAG,OAAO,EAAE,YAAY,EAAE,EAAE,WAAW,EAAE,CAAC;YACxD,MAAM,UAAU,GAAG,qBAAqB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC5D,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,CAAC,GAAQ,EAAE,WAAgB,EAAE,IAAS,EAAE,EAAE,CACtH,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,CAAC,CACpD,CAAC;YACF,OAAO,CAAC,OAAO,CAAC,QAAQ,IAAI,wBAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC;YAC5D,OAAO,IAAI,CAAC;QACd,CAAC;QAMO,KAAK,CAAC,wBAAwB,CACpC,OAAyB,EACzB,OAAY,EACZ,OAA0B;YAG1B,IAAI,CAAC,eAAe,EAAE,CAAC;YAEvB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,SAAS,EAAE,EAAE,CAAC;gBACzC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;gBAC5E,MAAM,IAAI,+CAAqB,EAAE,CAAC;YACpC,CAAC;YAGD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAEvD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,+CAAqB,EAAE,CAAC;YACpC,CAAC;YAGD,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YACpE,OAAO,CAAC,OAAO,CAAC,QAAQ,IAAI,wBAAc,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC;YACrE,OAAO,IAAI,CAAC;QACd,CAAC;QAUO,KAAK,CAAC,qBAAqB,CAAC,OAAY;YAC9C,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,CAAC;gBAEH,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;gBACrE,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO,IAAI,CAAC;gBACd,CAAC;gBAGD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,yCAAyC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACpG,CAAC;gBACF,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAKD,UAAU,CAAU,OAAyB;YAE3C,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,6BAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC;gBAC9D,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC;oBACb,OAAO,GAAG,CAAC,GAAG,CAAC;gBACjB,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;YAET,CAAC;YAGD,OAAO,OAAO,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACxF,CAAC;QAKD,KAAK,CAAC,KAAK,CAA8D,OAAiB;YACxF,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,IAAI,wBAAc,CAAC,QAAQ,CAAC,CAAC;YACxE,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;QACnH,CAAC;QAKD,aAAa,CAAC,GAAiB,EAAE,IAAS,EAAE,IAAS,EAAE,QAA0B;YAC/E,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,IAAI,+CAAqB,EAAE,CAAC;YACpC,CAAC;YACD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,IAAI,IAAI,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;oBACvC,IAAI,IAAI,KAAK,4CAAiB,CAAC,WAAW,EAAE,CAAC;wBAC3C,MAAM,IAAI,8DAA4B,EAAE,CAAC;oBAC3C,CAAC;yBAAM,CAAC;wBACN,MAAM,IAAI,+CAAqB,EAAE,CAAC;oBACpC,CAAC;gBACH,CAAC;gBACD,MAAM,IAAI,+CAAqB,EAAE,CAAC;YACpC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAA;IA1LK,cAAc;QAUf,WAAA,IAAA,iBAAQ,GAAE,CAAA;QACV,WAAA,IAAA,iBAAQ,GAAE,CAAA;yCAD8B,4BAAiB;YACjB,gBAAS;OAXhD,cAAc,CA0LnB;IAED,MAAM,KAAK,GAAG,IAAA,cAAK,EAAiB,cAAc,CAAC,CAAC;IACpD,OAAO,KAAK,CAAC;AACf,CAAC;AAKY,QAAA,SAAS,GAAuE,IAAA,sBAAO,EAAC,eAAe,CAAC,CAAC"}
|
|
@@ -6,15 +6,14 @@ export declare class RolesGuard extends RolesGuard_base {
|
|
|
6
6
|
private readonly moduleRef?;
|
|
7
7
|
private readonly logger;
|
|
8
8
|
private betterAuthService;
|
|
9
|
-
private
|
|
9
|
+
private tokenService;
|
|
10
10
|
private servicesResolved;
|
|
11
11
|
constructor(reflector: Reflector, moduleRef?: ModuleRef);
|
|
12
12
|
private resolveServices;
|
|
13
13
|
canActivate(context: ExecutionContext): Promise<boolean>;
|
|
14
14
|
private verifyBetterAuthTokenFromContext;
|
|
15
|
-
private
|
|
16
|
-
|
|
17
|
-
handleRequest(err: any, user: any, info: any, context: any): any;
|
|
15
|
+
private extractRequestFromContext;
|
|
16
|
+
handleRequest(err: Error | null, user: any, info: any, context: ExecutionContext): any;
|
|
18
17
|
getRequest(context: ExecutionContext): any;
|
|
19
18
|
}
|
|
20
19
|
export {};
|
|
@@ -17,10 +17,9 @@ exports.RolesGuard = void 0;
|
|
|
17
17
|
const common_1 = require("@nestjs/common");
|
|
18
18
|
const core_1 = require("@nestjs/core");
|
|
19
19
|
const graphql_1 = require("@nestjs/graphql");
|
|
20
|
-
const mongoose_1 = require("@nestjs/mongoose");
|
|
21
|
-
const mongoose_2 = require("mongoose");
|
|
22
20
|
const rxjs_1 = require("rxjs");
|
|
23
21
|
const role_enum_1 = require("../../../common/enums/role.enum");
|
|
22
|
+
const better_auth_token_service_1 = require("../../better-auth/better-auth-token.service");
|
|
24
23
|
const core_better_auth_service_1 = require("../../better-auth/core-better-auth.service");
|
|
25
24
|
const error_code_1 = require("../../error-code");
|
|
26
25
|
const auth_guard_strategy_enum_1 = require("../auth-guard-strategy.enum");
|
|
@@ -34,7 +33,7 @@ let RolesGuard = RolesGuard_1 = class RolesGuard extends (0, auth_guard_1.AuthGu
|
|
|
34
33
|
this.moduleRef = moduleRef;
|
|
35
34
|
this.logger = new common_1.Logger(RolesGuard_1.name);
|
|
36
35
|
this.betterAuthService = null;
|
|
37
|
-
this.
|
|
36
|
+
this.tokenService = null;
|
|
38
37
|
this.servicesResolved = false;
|
|
39
38
|
}
|
|
40
39
|
resolveServices() {
|
|
@@ -47,198 +46,104 @@ let RolesGuard = RolesGuard_1 = class RolesGuard extends (0, auth_guard_1.AuthGu
|
|
|
47
46
|
catch {
|
|
48
47
|
}
|
|
49
48
|
try {
|
|
50
|
-
this.
|
|
49
|
+
this.tokenService = this.moduleRef.get(better_auth_token_service_1.BetterAuthTokenService, { strict: false });
|
|
51
50
|
}
|
|
52
51
|
catch {
|
|
53
52
|
}
|
|
54
53
|
this.servicesResolved = true;
|
|
55
54
|
}
|
|
56
55
|
async canActivate(context) {
|
|
56
|
+
const reflectorRoles = this.reflector.getAll('roles', [context.getHandler(), context.getClass()]);
|
|
57
|
+
const roles = reflectorRoles[0]
|
|
58
|
+
? reflectorRoles[1]
|
|
59
|
+
? [...reflectorRoles[0], ...reflectorRoles[1]]
|
|
60
|
+
: reflectorRoles[0]
|
|
61
|
+
: reflectorRoles[1];
|
|
62
|
+
if (roles && roles.includes(role_enum_1.RoleEnum.S_NO_ONE)) {
|
|
63
|
+
throw new common_1.UnauthorizedException(error_code_1.ErrorCode.UNAUTHORIZED);
|
|
64
|
+
}
|
|
65
|
+
if (!roles || !roles.some((value) => !!value) || roles.includes(role_enum_1.RoleEnum.S_EVERYONE)) {
|
|
66
|
+
return true;
|
|
67
|
+
}
|
|
57
68
|
this.resolveServices();
|
|
69
|
+
const request = this.getRequest(context);
|
|
70
|
+
const existingUser = request?.user;
|
|
71
|
+
if (existingUser && existingUser._authenticatedViaBetterAuth === true) {
|
|
72
|
+
this.handleRequest(null, existingUser, null, context);
|
|
73
|
+
return true;
|
|
74
|
+
}
|
|
75
|
+
if (this.betterAuthService?.isEnabled()) {
|
|
76
|
+
const user = await this.verifyBetterAuthTokenFromContext(context);
|
|
77
|
+
if (user) {
|
|
78
|
+
if (request) {
|
|
79
|
+
request.user = user;
|
|
80
|
+
}
|
|
81
|
+
this.handleRequest(null, user, null, context);
|
|
82
|
+
return true;
|
|
83
|
+
}
|
|
84
|
+
}
|
|
58
85
|
try {
|
|
59
86
|
const result = super.canActivate(context);
|
|
60
87
|
return (0, rxjs_1.isObservable)(result) ? await (0, rxjs_1.firstValueFrom)(result) : await result;
|
|
61
88
|
}
|
|
62
89
|
catch (passportError) {
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
90
|
+
const errorMessage = passportError instanceof Error ? passportError.message : String(passportError);
|
|
91
|
+
const isStrategyError = errorMessage.includes('Unknown authentication strategy');
|
|
92
|
+
if (this.betterAuthService?.isEnabled()) {
|
|
93
|
+
if (isStrategyError) {
|
|
94
|
+
throw new invalid_token_exception_1.InvalidTokenException();
|
|
95
|
+
}
|
|
96
|
+
const user = await this.verifyBetterAuthTokenFromContext(context);
|
|
97
|
+
if (user) {
|
|
98
|
+
if (request) {
|
|
99
|
+
request.user = user;
|
|
100
|
+
}
|
|
101
|
+
this.handleRequest(null, user, null, context);
|
|
102
|
+
return true;
|
|
103
|
+
}
|
|
73
104
|
}
|
|
74
|
-
|
|
75
|
-
return true;
|
|
105
|
+
throw passportError;
|
|
76
106
|
}
|
|
77
107
|
}
|
|
78
108
|
async verifyBetterAuthTokenFromContext(context) {
|
|
79
|
-
if (!this.
|
|
109
|
+
if (!this.tokenService) {
|
|
80
110
|
return null;
|
|
81
111
|
}
|
|
82
112
|
try {
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
const ctx = gqlContext.getContext();
|
|
87
|
-
if (ctx?.req?.headers) {
|
|
88
|
-
authHeader = ctx.req.headers.authorization || ctx.req.headers.Authorization;
|
|
89
|
-
}
|
|
90
|
-
}
|
|
91
|
-
catch {
|
|
92
|
-
}
|
|
93
|
-
if (!authHeader) {
|
|
94
|
-
try {
|
|
95
|
-
const httpRequest = context.switchToHttp().getRequest();
|
|
96
|
-
if (httpRequest?.headers) {
|
|
97
|
-
authHeader = httpRequest.headers.authorization || httpRequest.headers.Authorization;
|
|
98
|
-
}
|
|
99
|
-
}
|
|
100
|
-
catch {
|
|
101
|
-
}
|
|
102
|
-
}
|
|
103
|
-
let token;
|
|
104
|
-
if (authHeader?.startsWith('Bearer ')) {
|
|
105
|
-
token = authHeader.substring(7);
|
|
106
|
-
}
|
|
107
|
-
else if (authHeader?.startsWith('bearer ')) {
|
|
108
|
-
token = authHeader.substring(7);
|
|
109
|
-
}
|
|
110
|
-
if (!token) {
|
|
111
|
-
let cookies;
|
|
112
|
-
try {
|
|
113
|
-
const gqlContext = graphql_1.GqlExecutionContext.create(context);
|
|
114
|
-
const ctx = gqlContext.getContext();
|
|
115
|
-
if (ctx?.req?.cookies) {
|
|
116
|
-
cookies = ctx.req.cookies;
|
|
117
|
-
}
|
|
118
|
-
}
|
|
119
|
-
catch {
|
|
120
|
-
}
|
|
121
|
-
if (!cookies) {
|
|
122
|
-
try {
|
|
123
|
-
const httpRequest = context.switchToHttp().getRequest();
|
|
124
|
-
if (httpRequest?.cookies) {
|
|
125
|
-
cookies = httpRequest.cookies;
|
|
126
|
-
}
|
|
127
|
-
}
|
|
128
|
-
catch {
|
|
129
|
-
}
|
|
130
|
-
}
|
|
131
|
-
if (cookies) {
|
|
132
|
-
const basePath = this.betterAuthService.getBasePath?.()?.replace(/^\//, '').replace(/\//g, '.') || 'iam';
|
|
133
|
-
const basePathCookie = `${basePath}.session_token`;
|
|
134
|
-
token =
|
|
135
|
-
cookies[basePathCookie] ||
|
|
136
|
-
cookies['better-auth.session_token'] ||
|
|
137
|
-
cookies['token'] ||
|
|
138
|
-
undefined;
|
|
139
|
-
}
|
|
113
|
+
const request = this.extractRequestFromContext(context);
|
|
114
|
+
if (!request) {
|
|
115
|
+
return null;
|
|
140
116
|
}
|
|
117
|
+
const { token } = this.tokenService.extractTokenFromRequest(request);
|
|
141
118
|
if (!token) {
|
|
142
119
|
return null;
|
|
143
120
|
}
|
|
144
|
-
|
|
145
|
-
try {
|
|
146
|
-
const payload = await this.betterAuthService.verifyJwtToken(token);
|
|
147
|
-
if (payload?.sub) {
|
|
148
|
-
const user = await this.loadUserFromPayload(payload);
|
|
149
|
-
if (user) {
|
|
150
|
-
return user;
|
|
151
|
-
}
|
|
152
|
-
}
|
|
153
|
-
}
|
|
154
|
-
catch {
|
|
155
|
-
}
|
|
156
|
-
}
|
|
157
|
-
try {
|
|
158
|
-
const sessionResult = await this.betterAuthService.getSessionByToken(token);
|
|
159
|
-
if (sessionResult?.user) {
|
|
160
|
-
return this.loadUserFromSessionResult(sessionResult.user);
|
|
161
|
-
}
|
|
162
|
-
}
|
|
163
|
-
catch {
|
|
164
|
-
}
|
|
165
|
-
return null;
|
|
121
|
+
return await this.tokenService.verifyAndLoadUser(token);
|
|
166
122
|
}
|
|
167
123
|
catch (error) {
|
|
168
|
-
this.logger.debug(`BetterAuth token
|
|
124
|
+
this.logger.debug(`BetterAuth token verification failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
|
|
169
125
|
return null;
|
|
170
126
|
}
|
|
171
127
|
}
|
|
172
|
-
|
|
173
|
-
if (!this.mongoConnection) {
|
|
174
|
-
return null;
|
|
175
|
-
}
|
|
128
|
+
extractRequestFromContext(context) {
|
|
176
129
|
try {
|
|
177
|
-
const
|
|
178
|
-
|
|
179
|
-
if (
|
|
180
|
-
|
|
181
|
-
}
|
|
182
|
-
if (!user) {
|
|
183
|
-
user = await usersCollection.findOne({ iamId: payload.sub });
|
|
130
|
+
const gqlContext = graphql_1.GqlExecutionContext.create(context);
|
|
131
|
+
const ctx = gqlContext.getContext();
|
|
132
|
+
if (ctx?.req) {
|
|
133
|
+
return ctx.req;
|
|
184
134
|
}
|
|
185
|
-
if (!user) {
|
|
186
|
-
return null;
|
|
187
|
-
}
|
|
188
|
-
const userObject = {
|
|
189
|
-
...user,
|
|
190
|
-
_authenticatedViaBetterAuth: true,
|
|
191
|
-
hasRole: (roles) => {
|
|
192
|
-
if (!user.roles || !Array.isArray(user.roles)) {
|
|
193
|
-
return false;
|
|
194
|
-
}
|
|
195
|
-
return roles.some((role) => user.roles.includes(role));
|
|
196
|
-
},
|
|
197
|
-
id: user._id?.toString(),
|
|
198
|
-
};
|
|
199
|
-
return userObject;
|
|
200
135
|
}
|
|
201
|
-
catch
|
|
202
|
-
this.logger.debug(`Failed to load user from payload: ${error instanceof Error ? error.message : 'Unknown error'}`);
|
|
203
|
-
return null;
|
|
204
|
-
}
|
|
205
|
-
}
|
|
206
|
-
async loadUserFromSessionResult(sessionUser) {
|
|
207
|
-
if (!this.mongoConnection || !sessionUser) {
|
|
208
|
-
return null;
|
|
136
|
+
catch {
|
|
209
137
|
}
|
|
210
138
|
try {
|
|
211
|
-
const
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
user = await usersCollection.findOne({ email: sessionUser.email });
|
|
139
|
+
const httpRequest = context.switchToHttp().getRequest();
|
|
140
|
+
if (httpRequest) {
|
|
141
|
+
return httpRequest;
|
|
215
142
|
}
|
|
216
|
-
if (!user && sessionUser.id) {
|
|
217
|
-
user = await usersCollection.findOne({ iamId: sessionUser.id });
|
|
218
|
-
}
|
|
219
|
-
if (!user && sessionUser.id && mongoose_2.Types.ObjectId.isValid(sessionUser.id)) {
|
|
220
|
-
user = await usersCollection.findOne({ _id: new mongoose_2.Types.ObjectId(sessionUser.id) });
|
|
221
|
-
}
|
|
222
|
-
if (!user) {
|
|
223
|
-
return null;
|
|
224
|
-
}
|
|
225
|
-
const userObject = {
|
|
226
|
-
...user,
|
|
227
|
-
_authenticatedViaBetterAuth: true,
|
|
228
|
-
hasRole: (roles) => {
|
|
229
|
-
if (!user.roles || !Array.isArray(user.roles)) {
|
|
230
|
-
return false;
|
|
231
|
-
}
|
|
232
|
-
return roles.some((role) => user.roles.includes(role));
|
|
233
|
-
},
|
|
234
|
-
id: user._id?.toString(),
|
|
235
|
-
};
|
|
236
|
-
return userObject;
|
|
237
143
|
}
|
|
238
|
-
catch
|
|
239
|
-
this.logger.debug(`Failed to load user from session: ${error instanceof Error ? error.message : 'Unknown error'}`);
|
|
240
|
-
return null;
|
|
144
|
+
catch {
|
|
241
145
|
}
|
|
146
|
+
return null;
|
|
242
147
|
}
|
|
243
148
|
handleRequest(err, user, info, context) {
|
|
244
149
|
const reflectorRoles = this.reflector.getAll('roles', [context.getHandler(), context.getClass()]);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"roles.guard.js","sourceRoot":"","sources":["../../../../../src/core/modules/auth/guards/roles.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAA2H;AAC3H,uCAAoD;AACpD,6CAAsD;AACtD,+
|
|
1
|
+
{"version":3,"file":"roles.guard.js","sourceRoot":"","sources":["../../../../../src/core/modules/auth/guards/roles.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAA2H;AAC3H,uCAAoD;AACpD,6CAAsD;AACtD,+BAAoD;AAEpD,+DAA2D;AAC3D,2FAAqF;AAErF,yFAAmF;AACnF,iDAA6C;AAC7C,0EAAgE;AAChE,mFAA8E;AAC9E,mFAA8E;AAC9E,6CAAyC;AAuBlC,IAAM,UAAU,kBAAhB,MAAM,UAAW,SAAQ,IAAA,sBAAS,EAAC,4CAAiB,CAAC,GAAG,CAAC;IAS9D,YACqB,SAAoB,EAC3B,SAAsC;QAElD,KAAK,EAAE,CAAC;QAHW,cAAS,GAAT,SAAS,CAAW;QACV,cAAS,GAAT,SAAS,CAAY;QAVnC,WAAM,GAAG,IAAI,eAAM,CAAC,YAAU,CAAC,IAAI,CAAC,CAAC;QAC9C,sBAAiB,GAAiC,IAAI,CAAC;QACvD,iBAAY,GAAkC,IAAI,CAAC;QACnD,qBAAgB,GAAG,KAAK,CAAC;IAUjC,CAAC;IAKO,eAAe;QACrB,IAAI,IAAI,CAAC,gBAAgB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAC7C,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,gDAAqB,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACxF,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,kDAAsB,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACpF,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAED,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAC/B,CAAC;IAcQ,KAAK,CAAC,WAAW,CAAC,OAAyB;QAElD,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAa,OAAO,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC9G,MAAM,KAAK,GAAa,cAAc,CAAC,CAAC,CAAC;YACvC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;gBACjB,CAAC,CAAC,CAAC,GAAG,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;gBAC9C,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;YACrB,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;QAGtB,IAAI,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,8BAAqB,CAAC,sBAAS,CAAC,YAAY,CAAC,CAAC;QAC1D,CAAC;QAID,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACrF,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,IAAI,CAAC,eAAe,EAAE,CAAC;QAGvB,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACzC,MAAM,YAAY,GAAG,OAAO,EAAE,IAAI,CAAC;QAGnC,IAAI,YAAY,IAAI,YAAY,CAAC,2BAA2B,KAAK,IAAI,EAAE,CAAC;YACtE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;QAID,IAAI,IAAI,CAAC,iBAAiB,EAAE,SAAS,EAAE,EAAE,CAAC;YACxC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gCAAgC,CAAC,OAAO,CAAC,CAAC;YAClE,IAAI,IAAI,EAAE,CAAC;gBAET,IAAI,OAAO,EAAE,CAAC;oBACZ,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACtB,CAAC;gBAED,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC9C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAGD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAC1C,OAAO,IAAA,mBAAY,EAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC;QAC5E,CAAC;QAAC,OAAO,aAAa,EAAE,CAAC;YAGvB,MAAM,YAAY,GAAG,aAAa,YAAY,KAAK,CAAC,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACpG,MAAM,eAAe,GAAG,YAAY,CAAC,QAAQ,CAAC,iCAAiC,CAAC,CAAC;YAGjF,IAAI,IAAI,CAAC,iBAAiB,EAAE,SAAS,EAAE,EAAE,CAAC;gBAGxC,IAAI,eAAe,EAAE,CAAC;oBACpB,MAAM,IAAI,+CAAqB,EAAE,CAAC;gBACpC,CAAC;gBAGD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gCAAgC,CAAC,OAAO,CAAC,CAAC;gBAClE,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,OAAO,EAAE,CAAC;wBACZ,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;oBACtB,CAAC;oBACD,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;oBAC9C,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAGD,MAAM,aAAa,CAAC;QACtB,CAAC;IACH,CAAC;IAWO,KAAK,CAAC,gCAAgC,CAAC,OAAyB;QACtE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC;YAEH,MAAM,OAAO,GAAG,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC;YACxD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;YACrE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,yCAAyC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACpG,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IASO,yBAAyB,CAAC,OAAyB;QAKzD,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,6BAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACvD,MAAM,GAAG,GAAG,UAAU,CAAC,UAAU,EAAE,CAAC;YACpC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC;gBACb,OAAO,GAAG,CAAC,GAAG,CAAC;YACjB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAGD,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;YACxD,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,WAAW,CAAC;YACrB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAKQ,aAAa,CAAC,GAAiB,EAAE,IAAS,EAAE,IAAS,EAAE,OAAyB;QAEvF,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAa,OAAO,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC9G,MAAM,KAAK,GAAa,cAAc,CAAC,CAAC,CAAC;YACvC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;gBACjB,CAAC,CAAC,CAAC,GAAG,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;gBAC9C,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;YACrB,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;QAGtB,IAAI,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,8BAAqB,CAAC,sBAAS,CAAC,YAAY,CAAC,CAAC;QAC1D,CAAC;QAGD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9C,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;YAE5B,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBACrF,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,IAAI,+CAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,IAAI,IAAI,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;oBACvC,MAAM,IAAI,+CAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,IAAI,8BAAqB,CAAC,sBAAS,CAAC,YAAY,CAAC,CAAC;YAC1D,CAAC;YAGD,MAAM,IAAI,2BAAkB,CAAC,sBAAS,CAAC,aAAa,CAAC,CAAC;QACxD,CAAC;QAGD,OAAO,IAAI,CAAC;IACd,CAAC;IAKD,UAAU,CAAC,OAAyB;QAClC,MAAM,GAAG,GAAG,6BAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;IACvF,CAAC;CACF,CAAA;AApQY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;IAYR,WAAA,IAAA,iBAAQ,GAAE,CAAA;qCADmB,gBAAS;QACE,gBAAS;GAXzC,UAAU,CAoQtB"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { Connection } from 'mongoose';
|
|
2
|
+
import { BetterAuthenticatedUser } from './better-auth.types';
|
|
3
|
+
import { CoreBetterAuthService } from './core-better-auth.service';
|
|
4
|
+
export interface TokenExtractionResult {
|
|
5
|
+
source: 'cookie' | 'header' | null;
|
|
6
|
+
token: null | string;
|
|
7
|
+
}
|
|
8
|
+
export declare class BetterAuthTokenService {
|
|
9
|
+
private readonly betterAuthService?;
|
|
10
|
+
private readonly connection?;
|
|
11
|
+
private readonly logger;
|
|
12
|
+
constructor(betterAuthService?: CoreBetterAuthService, connection?: Connection);
|
|
13
|
+
extractTokenFromRequest(request: {
|
|
14
|
+
cookies?: Record<string, string>;
|
|
15
|
+
headers?: Record<string, string | string[] | undefined>;
|
|
16
|
+
}): TokenExtractionResult;
|
|
17
|
+
verifyAndLoadUser(token: string): Promise<BetterAuthenticatedUser | null>;
|
|
18
|
+
createUserWithHasRole(user: Record<string, unknown>): BetterAuthenticatedUser;
|
|
19
|
+
private loadUserFromPayload;
|
|
20
|
+
private loadUserFromSessionResult;
|
|
21
|
+
}
|