@navios/jwt 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +7 -0
- package/README.md +119 -0
- package/dist/index.d.mts +1326 -0
- package/dist/index.d.ts +1326 -0
- package/dist/index.js +365 -0
- package/dist/index.js.map +1 -0
- package/dist/index.mjs +328 -0
- package/dist/index.mjs.map +1 -0
- package/package.json +43 -0
- package/src/index.mts +8 -0
- package/src/jwt-service.provider.mts +37 -0
- package/src/jwt.service.mts +202 -0
- package/src/options/jwt-service.options.mts +125 -0
package/dist/index.mjs
ADDED
|
@@ -0,0 +1,328 @@
|
|
|
1
|
+
var __create = Object.create;
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __knownSymbol = (name, symbol) => (symbol = Symbol[name]) ? symbol : Symbol.for("Symbol." + name);
|
|
5
|
+
var __typeError = (msg) => {
|
|
6
|
+
throw TypeError(msg);
|
|
7
|
+
};
|
|
8
|
+
var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
9
|
+
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
10
|
+
var __decoratorStart = (base) => [, , , __create((base == null ? void 0 : base[__knownSymbol("metadata")]) ?? null)];
|
|
11
|
+
var __decoratorStrings = ["class", "method", "getter", "setter", "accessor", "field", "value", "get", "set"];
|
|
12
|
+
var __expectFn = (fn) => fn !== void 0 && typeof fn !== "function" ? __typeError("Function expected") : fn;
|
|
13
|
+
var __decoratorContext = (kind, name, done, metadata, fns) => ({ kind: __decoratorStrings[kind], name, metadata, addInitializer: (fn) => done._ ? __typeError("Already initialized") : fns.push(__expectFn(fn || null)) });
|
|
14
|
+
var __decoratorMetadata = (array, target) => __defNormalProp(target, __knownSymbol("metadata"), array[3]);
|
|
15
|
+
var __runInitializers = (array, flags, self, value) => {
|
|
16
|
+
for (var i = 0, fns = array[flags >> 1], n = fns && fns.length; i < n; i++) flags & 1 ? fns[i].call(self) : value = fns[i].call(self, value);
|
|
17
|
+
return value;
|
|
18
|
+
};
|
|
19
|
+
var __decorateElement = (array, flags, name, decorators, target, extra) => {
|
|
20
|
+
var fn, it, done, ctx, access, k = flags & 7, s = !!(flags & 8), p = !!(flags & 16);
|
|
21
|
+
var j = k > 3 ? array.length + 1 : k ? s ? 1 : 2 : 0, key = __decoratorStrings[k + 5];
|
|
22
|
+
var initializers = k > 3 && (array[j - 1] = []), extraInitializers = array[j] || (array[j] = []);
|
|
23
|
+
var desc = k && (!p && !s && (target = target.prototype), k < 5 && (k > 3 || !p) && __getOwnPropDesc(k < 4 ? target : { get [name]() {
|
|
24
|
+
return __privateGet(this, extra);
|
|
25
|
+
}, set [name](x) {
|
|
26
|
+
return __privateSet(this, extra, x);
|
|
27
|
+
} }, name));
|
|
28
|
+
k ? p && k < 4 && __name(extra, (k > 2 ? "set " : k > 1 ? "get " : "") + name) : __name(target, name);
|
|
29
|
+
for (var i = decorators.length - 1; i >= 0; i--) {
|
|
30
|
+
ctx = __decoratorContext(k, name, done = {}, array[3], extraInitializers);
|
|
31
|
+
if (k) {
|
|
32
|
+
ctx.static = s, ctx.private = p, access = ctx.access = { has: p ? (x) => __privateIn(target, x) : (x) => name in x };
|
|
33
|
+
if (k ^ 3) access.get = p ? (x) => (k ^ 1 ? __privateGet : __privateMethod)(x, target, k ^ 4 ? extra : desc.get) : (x) => x[name];
|
|
34
|
+
if (k > 2) access.set = p ? (x, y) => __privateSet(x, target, y, k ^ 4 ? extra : desc.set) : (x, y) => x[name] = y;
|
|
35
|
+
}
|
|
36
|
+
it = (0, decorators[i])(k ? k < 4 ? p ? extra : desc[key] : k > 4 ? void 0 : { get: desc.get, set: desc.set } : target, ctx), done._ = 1;
|
|
37
|
+
if (k ^ 4 || it === void 0) __expectFn(it) && (k > 4 ? initializers.unshift(it) : k ? p ? extra = it : desc[key] = it : target = it);
|
|
38
|
+
else if (typeof it !== "object" || it === null) __typeError("Object expected");
|
|
39
|
+
else __expectFn(fn = it.get) && (desc.get = fn), __expectFn(fn = it.set) && (desc.set = fn), __expectFn(fn = it.init) && initializers.unshift(fn);
|
|
40
|
+
}
|
|
41
|
+
return k || __decoratorMetadata(array, target), desc && __defProp(target, name, desc), p ? k ^ 4 ? extra : desc : target;
|
|
42
|
+
};
|
|
43
|
+
var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
|
|
44
|
+
var __privateIn = (member, obj) => Object(obj) !== obj ? __typeError('Cannot use the "in" operator on this value') : member.has(obj);
|
|
45
|
+
var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
|
|
46
|
+
var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
|
|
47
|
+
var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
|
|
48
|
+
|
|
49
|
+
// packages/jwt/src/options/jwt-service.options.mts
|
|
50
|
+
import { z } from "zod";
|
|
51
|
+
var RequestType = /* @__PURE__ */ ((RequestType2) => {
|
|
52
|
+
RequestType2["Sign"] = "Sign";
|
|
53
|
+
RequestType2["Verify"] = "Verify";
|
|
54
|
+
return RequestType2;
|
|
55
|
+
})(RequestType || {});
|
|
56
|
+
var AlgorithmType = z.enum([
|
|
57
|
+
"HS256",
|
|
58
|
+
"HS384",
|
|
59
|
+
"HS512",
|
|
60
|
+
"RS256",
|
|
61
|
+
"RS384",
|
|
62
|
+
"RS512",
|
|
63
|
+
"ES256",
|
|
64
|
+
"ES384",
|
|
65
|
+
"ES512",
|
|
66
|
+
"PS256",
|
|
67
|
+
"PS384",
|
|
68
|
+
"PS512",
|
|
69
|
+
"none"
|
|
70
|
+
]);
|
|
71
|
+
var JwtHeaderSchema = z.object({
|
|
72
|
+
alg: AlgorithmType.or(z.string()),
|
|
73
|
+
typ: z.string().optional(),
|
|
74
|
+
cty: z.string().optional(),
|
|
75
|
+
crit: z.string().array().optional(),
|
|
76
|
+
kid: z.string().optional(),
|
|
77
|
+
jku: z.string().optional(),
|
|
78
|
+
x5u: z.union([z.string(), z.array(z.string())]).optional(),
|
|
79
|
+
"x5t#S256": z.string().optional(),
|
|
80
|
+
x5t: z.string().optional(),
|
|
81
|
+
x5c: z.union([z.string(), z.array(z.string())]).optional()
|
|
82
|
+
});
|
|
83
|
+
var SignOptionsSchema = z.object({
|
|
84
|
+
algorithm: AlgorithmType.optional(),
|
|
85
|
+
keyid: z.string().optional(),
|
|
86
|
+
expiresIn: z.union([z.string(), z.number()]).optional(),
|
|
87
|
+
notBefore: z.union([z.string(), z.number()]).optional(),
|
|
88
|
+
audience: z.union([z.string(), z.string().array()]).optional(),
|
|
89
|
+
subject: z.string().optional(),
|
|
90
|
+
issuer: z.string().optional(),
|
|
91
|
+
jwtid: z.string().optional(),
|
|
92
|
+
mutatePayload: z.boolean().optional(),
|
|
93
|
+
noTimestamp: z.boolean().optional(),
|
|
94
|
+
header: JwtHeaderSchema.optional(),
|
|
95
|
+
encoding: z.string().optional(),
|
|
96
|
+
allowInsecureKeySizes: z.boolean().optional(),
|
|
97
|
+
allowInvalidAsymmetricKeyTypes: z.boolean().optional()
|
|
98
|
+
});
|
|
99
|
+
var VerifyOptionsSchema = z.object({
|
|
100
|
+
algorithms: AlgorithmType.array().optional(),
|
|
101
|
+
audience: z.union([z.string(), z.instanceof(RegExp), z.string().array()]).optional(),
|
|
102
|
+
clockTimestamp: z.number().optional(),
|
|
103
|
+
clockTolerance: z.number().optional(),
|
|
104
|
+
complete: z.boolean().optional(),
|
|
105
|
+
issuer: z.union([z.string(), z.string().array()]).optional(),
|
|
106
|
+
ignoreExpiration: z.boolean().optional(),
|
|
107
|
+
ignoreNotBefore: z.boolean().optional(),
|
|
108
|
+
jwtid: z.string().optional(),
|
|
109
|
+
nonce: z.string().optional(),
|
|
110
|
+
subject: z.string().optional(),
|
|
111
|
+
maxAge: z.union([z.string(), z.number()]).optional(),
|
|
112
|
+
allowInvalidAsymmetricKeyTypes: z.boolean().optional()
|
|
113
|
+
});
|
|
114
|
+
var SecretSchema = z.union([
|
|
115
|
+
z.string(),
|
|
116
|
+
z.instanceof(Buffer),
|
|
117
|
+
z.object({
|
|
118
|
+
type: z.string()
|
|
119
|
+
}).passthrough(),
|
|
120
|
+
z.object({
|
|
121
|
+
key: z.union([z.string(), z.instanceof(Buffer)]),
|
|
122
|
+
passphrase: z.string()
|
|
123
|
+
})
|
|
124
|
+
]);
|
|
125
|
+
var JwtServiceOptionsSchema = z.object({
|
|
126
|
+
signOptions: SignOptionsSchema.optional(),
|
|
127
|
+
secret: z.string().optional(),
|
|
128
|
+
publicKey: z.union([z.string(), z.instanceof(Buffer)]).optional(),
|
|
129
|
+
privateKey: SecretSchema.optional(),
|
|
130
|
+
verifyOptions: VerifyOptionsSchema.optional(),
|
|
131
|
+
secretOrKeyProvider: z.function().args(
|
|
132
|
+
z.nativeEnum(RequestType),
|
|
133
|
+
z.any(),
|
|
134
|
+
z.union([SignOptionsSchema, VerifyOptionsSchema]).optional()
|
|
135
|
+
).returns(z.union([SecretSchema, z.promise(SecretSchema)])).optional()
|
|
136
|
+
});
|
|
137
|
+
|
|
138
|
+
// packages/jwt/src/jwt.service.mts
|
|
139
|
+
import { Injectable, Logger, syncInject } from "@navios/core";
|
|
140
|
+
import * as jwt from "jsonwebtoken";
|
|
141
|
+
var _JwtService_decorators, _init;
|
|
142
|
+
_JwtService_decorators = [Injectable()];
|
|
143
|
+
var _JwtService = class _JwtService {
|
|
144
|
+
constructor(options = {}) {
|
|
145
|
+
this.options = options;
|
|
146
|
+
}
|
|
147
|
+
logger = syncInject(Logger, {
|
|
148
|
+
context: _JwtService.name
|
|
149
|
+
});
|
|
150
|
+
sign(payload, options = {}) {
|
|
151
|
+
const signOptions = this.mergeJwtOptions(
|
|
152
|
+
{ ...options },
|
|
153
|
+
"signOptions"
|
|
154
|
+
);
|
|
155
|
+
const secret = this.getSecretKey(
|
|
156
|
+
payload,
|
|
157
|
+
options,
|
|
158
|
+
"privateKey",
|
|
159
|
+
"Sign" /* Sign */
|
|
160
|
+
);
|
|
161
|
+
if (secret instanceof Promise) {
|
|
162
|
+
secret.catch(() => {
|
|
163
|
+
});
|
|
164
|
+
this.logger.warn(
|
|
165
|
+
'For async version of "secretOrKeyProvider", please use "signAsync".'
|
|
166
|
+
);
|
|
167
|
+
throw new Error();
|
|
168
|
+
}
|
|
169
|
+
const allowedSignOptKeys = ["secret", "privateKey"];
|
|
170
|
+
const signOptKeys = Object.keys(signOptions);
|
|
171
|
+
if (typeof payload === "string" && signOptKeys.some((k) => !allowedSignOptKeys.includes(k))) {
|
|
172
|
+
throw new Error(
|
|
173
|
+
"Payload as string is not allowed with the following sign options: " + signOptKeys.join(", ")
|
|
174
|
+
);
|
|
175
|
+
}
|
|
176
|
+
return jwt.sign(payload, secret, signOptions);
|
|
177
|
+
}
|
|
178
|
+
signAsync(payload, options = {}) {
|
|
179
|
+
const signOptions = this.mergeJwtOptions(
|
|
180
|
+
{ ...options },
|
|
181
|
+
"signOptions"
|
|
182
|
+
);
|
|
183
|
+
const secret = this.getSecretKey(
|
|
184
|
+
payload,
|
|
185
|
+
options,
|
|
186
|
+
"privateKey",
|
|
187
|
+
"Sign" /* Sign */
|
|
188
|
+
);
|
|
189
|
+
const allowedSignOptKeys = ["secret", "privateKey"];
|
|
190
|
+
const signOptKeys = Object.keys(signOptions);
|
|
191
|
+
if (typeof payload === "string" && signOptKeys.some((k) => !allowedSignOptKeys.includes(k))) {
|
|
192
|
+
throw new Error(
|
|
193
|
+
"Payload as string is not allowed with the following sign options: " + signOptKeys.join(", ")
|
|
194
|
+
);
|
|
195
|
+
}
|
|
196
|
+
return new Promise(
|
|
197
|
+
(resolve, reject) => Promise.resolve().then(() => secret).then((scrt) => {
|
|
198
|
+
jwt.sign(
|
|
199
|
+
payload,
|
|
200
|
+
scrt,
|
|
201
|
+
signOptions,
|
|
202
|
+
(err, encoded) => err ? reject(err) : resolve(encoded)
|
|
203
|
+
);
|
|
204
|
+
})
|
|
205
|
+
);
|
|
206
|
+
}
|
|
207
|
+
verify(token, options = {}) {
|
|
208
|
+
const verifyOptions = this.mergeJwtOptions({ ...options }, "verifyOptions");
|
|
209
|
+
const secret = this.getSecretKey(
|
|
210
|
+
token,
|
|
211
|
+
options,
|
|
212
|
+
"publicKey",
|
|
213
|
+
"Verify" /* Verify */
|
|
214
|
+
);
|
|
215
|
+
if (secret instanceof Promise) {
|
|
216
|
+
secret.catch(() => {
|
|
217
|
+
});
|
|
218
|
+
this.logger.warn(
|
|
219
|
+
'For async version of "secretOrKeyProvider", please use "verifyAsync".'
|
|
220
|
+
);
|
|
221
|
+
throw new Error();
|
|
222
|
+
}
|
|
223
|
+
return jwt.verify(token, secret, verifyOptions);
|
|
224
|
+
}
|
|
225
|
+
verifyAsync(token, options = {}) {
|
|
226
|
+
const verifyOptions = this.mergeJwtOptions({ ...options }, "verifyOptions");
|
|
227
|
+
const secret = this.getSecretKey(
|
|
228
|
+
token,
|
|
229
|
+
options,
|
|
230
|
+
"publicKey",
|
|
231
|
+
"Verify" /* Verify */
|
|
232
|
+
);
|
|
233
|
+
return new Promise(
|
|
234
|
+
(resolve, reject) => Promise.resolve().then(() => secret).then((scrt) => {
|
|
235
|
+
jwt.verify(
|
|
236
|
+
token,
|
|
237
|
+
scrt,
|
|
238
|
+
verifyOptions,
|
|
239
|
+
(err, decoded) => err ? reject(err) : resolve(decoded)
|
|
240
|
+
);
|
|
241
|
+
}).catch(reject)
|
|
242
|
+
);
|
|
243
|
+
}
|
|
244
|
+
decode(token, options) {
|
|
245
|
+
return jwt.decode(token, options);
|
|
246
|
+
}
|
|
247
|
+
mergeJwtOptions(options, key) {
|
|
248
|
+
delete options.secret;
|
|
249
|
+
if (key === "signOptions") {
|
|
250
|
+
delete options.privateKey;
|
|
251
|
+
} else {
|
|
252
|
+
delete options.publicKey;
|
|
253
|
+
}
|
|
254
|
+
return options ? {
|
|
255
|
+
...this.options[key] || {},
|
|
256
|
+
...options
|
|
257
|
+
} : (
|
|
258
|
+
// @ts-expect-error We check it
|
|
259
|
+
this.options[key]
|
|
260
|
+
);
|
|
261
|
+
}
|
|
262
|
+
overrideSecretFromOptions(secret) {
|
|
263
|
+
return secret;
|
|
264
|
+
}
|
|
265
|
+
getSecretKey(token, options, key, secretRequestType) {
|
|
266
|
+
const secret = this.options.secretOrKeyProvider ? this.options.secretOrKeyProvider(secretRequestType, token, options) : (options == null ? void 0 : options.secret) || this.options.secret || (key === "privateKey" ? (options == null ? void 0 : options.privateKey) || this.options.privateKey : (options == null ? void 0 : options.publicKey) || this.options.publicKey) || this.options[key];
|
|
267
|
+
return secret;
|
|
268
|
+
}
|
|
269
|
+
};
|
|
270
|
+
_init = __decoratorStart(null);
|
|
271
|
+
_JwtService = __decorateElement(_init, 0, "JwtService", _JwtService_decorators, _JwtService);
|
|
272
|
+
__runInitializers(_init, 1, _JwtService);
|
|
273
|
+
var JwtService = _JwtService;
|
|
274
|
+
|
|
275
|
+
// packages/jwt/src/jwt-service.provider.mts
|
|
276
|
+
import {
|
|
277
|
+
Injectable as Injectable2,
|
|
278
|
+
InjectableType,
|
|
279
|
+
InjectionToken,
|
|
280
|
+
resolveService
|
|
281
|
+
} from "@navios/core";
|
|
282
|
+
var JwtServiceToken = InjectionToken.create(
|
|
283
|
+
JwtService,
|
|
284
|
+
JwtServiceOptionsSchema
|
|
285
|
+
);
|
|
286
|
+
var _JwtServiceFactory_decorators, _init2;
|
|
287
|
+
_JwtServiceFactory_decorators = [Injectable2({
|
|
288
|
+
token: JwtServiceToken,
|
|
289
|
+
type: InjectableType.Factory
|
|
290
|
+
})];
|
|
291
|
+
var JwtServiceFactory = class {
|
|
292
|
+
create(ctx, args) {
|
|
293
|
+
return resolveService(ctx, JwtService, [args]);
|
|
294
|
+
}
|
|
295
|
+
};
|
|
296
|
+
_init2 = __decoratorStart(null);
|
|
297
|
+
JwtServiceFactory = __decorateElement(_init2, 0, "JwtServiceFactory", _JwtServiceFactory_decorators, JwtServiceFactory);
|
|
298
|
+
__runInitializers(_init2, 1, JwtServiceFactory);
|
|
299
|
+
function provideJwtService(config) {
|
|
300
|
+
if (typeof config === "function") {
|
|
301
|
+
return InjectionToken.factory(JwtServiceToken, config);
|
|
302
|
+
}
|
|
303
|
+
return InjectionToken.bound(JwtServiceToken, config);
|
|
304
|
+
}
|
|
305
|
+
|
|
306
|
+
// packages/jwt/src/index.mts
|
|
307
|
+
import {
|
|
308
|
+
TokenExpiredError,
|
|
309
|
+
NotBeforeError,
|
|
310
|
+
JsonWebTokenError
|
|
311
|
+
} from "jsonwebtoken";
|
|
312
|
+
export {
|
|
313
|
+
AlgorithmType,
|
|
314
|
+
JsonWebTokenError,
|
|
315
|
+
JwtHeaderSchema,
|
|
316
|
+
JwtService,
|
|
317
|
+
JwtServiceFactory,
|
|
318
|
+
JwtServiceOptionsSchema,
|
|
319
|
+
JwtServiceToken,
|
|
320
|
+
NotBeforeError,
|
|
321
|
+
RequestType,
|
|
322
|
+
SecretSchema,
|
|
323
|
+
SignOptionsSchema,
|
|
324
|
+
TokenExpiredError,
|
|
325
|
+
VerifyOptionsSchema,
|
|
326
|
+
provideJwtService
|
|
327
|
+
};
|
|
328
|
+
//# sourceMappingURL=index.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../../packages/jwt/src/options/jwt-service.options.mts","../../../../packages/jwt/src/jwt.service.mts","../../../../packages/jwt/src/jwt-service.provider.mts","../../../../packages/jwt/src/index.mts"],"sourcesContent":["import type { Secret as JwtSecret } from 'jsonwebtoken'\n\nimport { z } from 'zod'\n\nexport enum RequestType {\n Sign = 'Sign',\n Verify = 'Verify',\n}\n\nexport const AlgorithmType = z.enum([\n 'HS256',\n 'HS384',\n 'HS512',\n 'RS256',\n 'RS384',\n 'RS512',\n 'ES256',\n 'ES384',\n 'ES512',\n 'PS256',\n 'PS384',\n 'PS512',\n 'none',\n])\n\nexport const JwtHeaderSchema = z.object({\n alg: AlgorithmType.or(z.string()),\n typ: z.string().optional(),\n cty: z.string().optional(),\n crit: z.string().array().optional(),\n kid: z.string().optional(),\n jku: z.string().optional(),\n x5u: z.union([z.string(), z.array(z.string())]).optional(),\n 'x5t#S256': z.string().optional(),\n x5t: z.string().optional(),\n x5c: z.union([z.string(), z.array(z.string())]).optional(),\n})\n\nexport type JwtHeader = z.infer<typeof JwtHeaderSchema>\n\nexport const SignOptionsSchema = z.object({\n algorithm: AlgorithmType.optional(),\n keyid: z.string().optional(),\n expiresIn: z.union([z.string(), z.number()]).optional(),\n notBefore: z.union([z.string(), z.number()]).optional(),\n audience: z.union([z.string(), z.string().array()]).optional(),\n subject: z.string().optional(),\n issuer: z.string().optional(),\n jwtid: z.string().optional(),\n mutatePayload: z.boolean().optional(),\n noTimestamp: z.boolean().optional(),\n header: JwtHeaderSchema.optional(),\n encoding: z.string().optional(),\n allowInsecureKeySizes: z.boolean().optional(),\n allowInvalidAsymmetricKeyTypes: z.boolean().optional(),\n})\n\nexport type SignOptions = z.infer<typeof SignOptionsSchema>\n\nexport const VerifyOptionsSchema = z.object({\n algorithms: AlgorithmType.array().optional(),\n audience: z\n .union([z.string(), z.instanceof(RegExp), z.string().array()])\n .optional(),\n clockTimestamp: z.number().optional(),\n clockTolerance: z.number().optional(),\n complete: z.boolean().optional(),\n issuer: z.union([z.string(), z.string().array()]).optional(),\n ignoreExpiration: z.boolean().optional(),\n ignoreNotBefore: z.boolean().optional(),\n jwtid: z.string().optional(),\n nonce: z.string().optional(),\n subject: z.string().optional(),\n maxAge: z.union([z.string(), z.number()]).optional(),\n allowInvalidAsymmetricKeyTypes: z.boolean().optional(),\n})\n\nexport type VerifyOptions = z.infer<typeof VerifyOptionsSchema>\n\nexport const SecretSchema = z.union([\n z.string(),\n z.instanceof(Buffer),\n z\n .object({\n type: z.string(),\n })\n .passthrough(),\n z.object({\n key: z.union([z.string(), z.instanceof(Buffer)]),\n passphrase: z.string(),\n }),\n])\n\nexport type Secret = z.infer<typeof SecretSchema>\n\nexport const JwtServiceOptionsSchema = z.object({\n signOptions: SignOptionsSchema.optional(),\n secret: z.string().optional(),\n publicKey: z.union([z.string(), z.instanceof(Buffer)]).optional(),\n privateKey: SecretSchema.optional(),\n verifyOptions: VerifyOptionsSchema.optional(),\n secretOrKeyProvider: z\n .function()\n .args(\n z.nativeEnum(RequestType),\n z.any(),\n z.union([SignOptionsSchema, VerifyOptionsSchema]).optional(),\n )\n .returns(z.union([SecretSchema, z.promise(SecretSchema)]))\n .optional(),\n})\n\nexport type JwtServiceOptions = z.infer<typeof JwtServiceOptionsSchema>\n\nexport interface JwtSignOptions extends SignOptions {\n secret?: string | Buffer\n privateKey?: Secret\n}\n\nexport interface JwtVerifyOptions extends VerifyOptions {\n secret?: string | Buffer\n publicKey?: string | Buffer\n}\n\nexport type GetSecretKeyResult = string | Buffer | JwtSecret\n","import { Injectable, Logger, syncInject } from '@navios/core'\n\nimport * as jwt from 'jsonwebtoken'\n\nimport type {\n GetSecretKeyResult,\n JwtServiceOptions,\n JwtSignOptions,\n JwtVerifyOptions,\n SignOptions,\n VerifyOptions,\n} from './options/jwt-service.options.mjs'\n\nimport { RequestType } from './options/jwt-service.options.mjs'\n\n@Injectable()\nexport class JwtService {\n logger = syncInject(Logger, {\n context: JwtService.name,\n })\n\n constructor(private readonly options: JwtServiceOptions = {}) {}\n\n sign(\n payload: string,\n options?: Omit<JwtSignOptions, keyof SignOptions>,\n ): string\n sign(payload: Buffer | object, options?: JwtSignOptions): string\n sign(\n payload: string | Buffer | object,\n options: JwtSignOptions = {},\n ): string {\n const signOptions = this.mergeJwtOptions(\n { ...options },\n 'signOptions',\n ) as jwt.SignOptions\n const secret = this.getSecretKey(\n payload,\n options,\n 'privateKey',\n RequestType.Sign,\n )\n\n if (secret instanceof Promise) {\n secret.catch(() => {}) // suppress rejection from async provider\n this.logger.warn(\n 'For async version of \"secretOrKeyProvider\", please use \"signAsync\".',\n )\n throw new Error()\n }\n\n const allowedSignOptKeys = ['secret', 'privateKey']\n const signOptKeys = Object.keys(signOptions)\n if (\n typeof payload === 'string' &&\n signOptKeys.some((k) => !allowedSignOptKeys.includes(k))\n ) {\n throw new Error(\n 'Payload as string is not allowed with the following sign options: ' +\n signOptKeys.join(', '),\n )\n }\n\n return jwt.sign(payload, secret, signOptions)\n }\n\n signAsync(\n payload: string,\n options?: Omit<JwtSignOptions, keyof jwt.SignOptions>,\n ): Promise<string>\n signAsync(payload: Buffer | object, options?: JwtSignOptions): Promise<string>\n signAsync(\n payload: string | Buffer | object,\n options: JwtSignOptions = {},\n ): Promise<string> {\n const signOptions = this.mergeJwtOptions(\n { ...options },\n 'signOptions',\n ) as jwt.SignOptions\n const secret = this.getSecretKey(\n payload,\n options,\n 'privateKey',\n RequestType.Sign,\n )\n\n const allowedSignOptKeys = ['secret', 'privateKey']\n const signOptKeys = Object.keys(signOptions)\n if (\n typeof payload === 'string' &&\n signOptKeys.some((k) => !allowedSignOptKeys.includes(k))\n ) {\n throw new Error(\n 'Payload as string is not allowed with the following sign options: ' +\n signOptKeys.join(', '),\n )\n }\n\n return new Promise((resolve, reject) =>\n Promise.resolve()\n .then(() => secret)\n .then((scrt: GetSecretKeyResult) => {\n jwt.sign(payload, scrt, signOptions, (err, encoded) =>\n err ? reject(err) : resolve(encoded as string),\n )\n }),\n )\n }\n\n verify<T extends object = any>(\n token: string,\n options: JwtVerifyOptions = {},\n ): T {\n const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions')\n const secret = this.getSecretKey(\n token,\n options,\n 'publicKey',\n RequestType.Verify,\n )\n\n if (secret instanceof Promise) {\n secret.catch(() => {}) // suppress rejection from async provider\n this.logger.warn(\n 'For async version of \"secretOrKeyProvider\", please use \"verifyAsync\".',\n )\n throw new Error()\n }\n\n return jwt.verify(token, secret, verifyOptions) as unknown as T\n }\n\n verifyAsync<T extends object = any>(\n token: string,\n options: JwtVerifyOptions = {},\n ): Promise<T> {\n const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions')\n const secret = this.getSecretKey(\n token,\n options,\n 'publicKey',\n RequestType.Verify,\n )\n\n return new Promise((resolve, reject) =>\n Promise.resolve()\n .then(() => secret)\n .then((scrt: GetSecretKeyResult) => {\n jwt.verify(token, scrt, verifyOptions, (err, decoded) =>\n err ? reject(err) : resolve(decoded as T),\n )\n })\n .catch(reject),\n )\n }\n\n decode<T = any>(token: string, options?: jwt.DecodeOptions): T {\n return jwt.decode(token, options) as T\n }\n\n private mergeJwtOptions(\n options: JwtVerifyOptions | JwtSignOptions,\n key: 'verifyOptions' | 'signOptions',\n ): VerifyOptions | SignOptions {\n delete options.secret\n if (key === 'signOptions') {\n delete (options as JwtSignOptions).privateKey\n } else {\n delete (options as JwtVerifyOptions).publicKey\n }\n return options\n ? {\n ...(this.options[key] || {}),\n ...options,\n }\n : // @ts-expect-error We check it\n this.options[key]\n }\n\n private overrideSecretFromOptions(secret: GetSecretKeyResult) {\n return secret\n }\n\n private getSecretKey(\n token: string | object | Buffer,\n options: JwtVerifyOptions | JwtSignOptions,\n key: 'publicKey' | 'privateKey',\n secretRequestType: RequestType,\n ): GetSecretKeyResult | Promise<GetSecretKeyResult> {\n const secret = this.options.secretOrKeyProvider\n ? this.options.secretOrKeyProvider(secretRequestType, token, options)\n : options?.secret ||\n this.options.secret ||\n (key === 'privateKey'\n ? (options as JwtSignOptions)?.privateKey || this.options.privateKey\n : (options as JwtVerifyOptions)?.publicKey ||\n this.options.publicKey) ||\n this.options[key]\n\n return secret as GetSecretKeyResult\n }\n}\n","import type { ServiceLocatorAbstractFactoryContext } from '@navios/core'\n\nimport {\n Injectable,\n InjectableType,\n InjectionToken,\n resolveService,\n} from '@navios/core'\n\nimport type { JwtServiceOptions } from './options/jwt-service.options.mjs'\n\nimport { JwtService } from './jwt.service.mjs'\nimport { JwtServiceOptionsSchema } from './options/jwt-service.options.mjs'\n\nexport const JwtServiceToken = InjectionToken.create(\n JwtService,\n JwtServiceOptionsSchema,\n)\n\n@Injectable({\n token: JwtServiceToken,\n type: InjectableType.Factory,\n})\nexport class JwtServiceFactory {\n create(ctx: ServiceLocatorAbstractFactoryContext, args: JwtServiceOptions) {\n return resolveService(ctx, JwtService, [args])\n }\n}\n\nexport function provideJwtService(\n config: JwtServiceOptions | (() => Promise<JwtServiceOptions>),\n): InjectionToken<JwtService, undefined> {\n if (typeof config === 'function') {\n return InjectionToken.factory(JwtServiceToken, config)\n }\n return InjectionToken.bound(JwtServiceToken, config)\n}\n","export * from './options/jwt-service.options.mjs'\nexport * from './jwt.service.mjs'\nexport * from './jwt-service.provider.mjs'\nexport {\n TokenExpiredError,\n NotBeforeError,\n JsonWebTokenError,\n} from 'jsonwebtoken'\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,SAAS,SAAS;AAEX,IAAK,cAAL,kBAAKA,iBAAL;AACL,EAAAA,aAAA,UAAO;AACP,EAAAA,aAAA,YAAS;AAFC,SAAAA;AAAA,GAAA;AAKL,IAAM,gBAAgB,EAAE,KAAK;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAEM,IAAM,kBAAkB,EAAE,OAAO;AAAA,EACtC,KAAK,cAAc,GAAG,EAAE,OAAO,CAAC;AAAA,EAChC,KAAK,EAAE,OAAO,EAAE,SAAS;AAAA,EACzB,KAAK,EAAE,OAAO,EAAE,SAAS;AAAA,EACzB,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS;AAAA,EAClC,KAAK,EAAE,OAAO,EAAE,SAAS;AAAA,EACzB,KAAK,EAAE,OAAO,EAAE,SAAS;AAAA,EACzB,KAAK,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,SAAS;AAAA,EACzD,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,KAAK,EAAE,OAAO,EAAE,SAAS;AAAA,EACzB,KAAK,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,SAAS;AAC3D,CAAC;AAIM,IAAM,oBAAoB,EAAE,OAAO;AAAA,EACxC,WAAW,cAAc,SAAS;AAAA,EAClC,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,WAAW,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC,CAAC,EAAE,SAAS;AAAA,EACtD,WAAW,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC,CAAC,EAAE,SAAS;AAAA,EACtD,UAAU,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,EAAE,SAAS;AAAA,EAC7D,SAAS,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,eAAe,EAAE,QAAQ,EAAE,SAAS;AAAA,EACpC,aAAa,EAAE,QAAQ,EAAE,SAAS;AAAA,EAClC,QAAQ,gBAAgB,SAAS;AAAA,EACjC,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,uBAAuB,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC5C,gCAAgC,EAAE,QAAQ,EAAE,SAAS;AACvD,CAAC;AAIM,IAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,YAAY,cAAc,MAAM,EAAE,SAAS;AAAA,EAC3C,UAAU,EACP,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,WAAW,MAAM,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,EAC5D,SAAS;AAAA,EACZ,gBAAgB,EAAE,OAAO,EAAE,SAAS;AAAA,EACpC,gBAAgB,EAAE,OAAO,EAAE,SAAS;AAAA,EACpC,UAAU,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC/B,QAAQ,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,EAAE,SAAS;AAAA,EAC3D,kBAAkB,EAAE,QAAQ,EAAE,SAAS;AAAA,EACvC,iBAAiB,EAAE,QAAQ,EAAE,SAAS;AAAA,EACtC,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,SAAS,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,QAAQ,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC,CAAC,EAAE,SAAS;AAAA,EACnD,gCAAgC,EAAE,QAAQ,EAAE,SAAS;AACvD,CAAC;AAIM,IAAM,eAAe,EAAE,MAAM;AAAA,EAClC,EAAE,OAAO;AAAA,EACT,EAAE,WAAW,MAAM;AAAA,EACnB,EACG,OAAO;AAAA,IACN,MAAM,EAAE,OAAO;AAAA,EACjB,CAAC,EACA,YAAY;AAAA,EACf,EAAE,OAAO;AAAA,IACP,KAAK,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,WAAW,MAAM,CAAC,CAAC;AAAA,IAC/C,YAAY,EAAE,OAAO;AAAA,EACvB,CAAC;AACH,CAAC;AAIM,IAAM,0BAA0B,EAAE,OAAO;AAAA,EAC9C,aAAa,kBAAkB,SAAS;AAAA,EACxC,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,WAAW,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,WAAW,MAAM,CAAC,CAAC,EAAE,SAAS;AAAA,EAChE,YAAY,aAAa,SAAS;AAAA,EAClC,eAAe,oBAAoB,SAAS;AAAA,EAC5C,qBAAqB,EAClB,SAAS,EACT;AAAA,IACC,EAAE,WAAW,WAAW;AAAA,IACxB,EAAE,IAAI;AAAA,IACN,EAAE,MAAM,CAAC,mBAAmB,mBAAmB,CAAC,EAAE,SAAS;AAAA,EAC7D,EACC,QAAQ,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,YAAY,CAAC,CAAC,CAAC,EACxD,SAAS;AACd,CAAC;;;AC9GD,SAAS,YAAY,QAAQ,kBAAkB;AAE/C,YAAY,SAAS;AAFrB;AAeA,0BAAC,WAAW;AACL,IAAM,cAAN,MAAM,YAAW;AAAA,EAKtB,YAA6B,UAA6B,CAAC,GAAG;AAAjC;AAAA,EAAkC;AAAA,EAJ/D,SAAS,WAAW,QAAQ;AAAA,IAC1B,SAAS,YAAW;AAAA,EACtB,CAAC;AAAA,EASD,KACE,SACA,UAA0B,CAAC,GACnB;AACR,UAAM,cAAc,KAAK;AAAA,MACvB,EAAE,GAAG,QAAQ;AAAA,MACb;AAAA,IACF;AACA,UAAM,SAAS,KAAK;AAAA,MAClB;AAAA,MACA;AAAA,MACA;AAAA;AAAA,IAEF;AAEA,QAAI,kBAAkB,SAAS;AAC7B,aAAO,MAAM,MAAM;AAAA,MAAC,CAAC;AACrB,WAAK,OAAO;AAAA,QACV;AAAA,MACF;AACA,YAAM,IAAI,MAAM;AAAA,IAClB;AAEA,UAAM,qBAAqB,CAAC,UAAU,YAAY;AAClD,UAAM,cAAc,OAAO,KAAK,WAAW;AAC3C,QACE,OAAO,YAAY,YACnB,YAAY,KAAK,CAAC,MAAM,CAAC,mBAAmB,SAAS,CAAC,CAAC,GACvD;AACA,YAAM,IAAI;AAAA,QACR,uEACE,YAAY,KAAK,IAAI;AAAA,MACzB;AAAA,IACF;AAEA,WAAW,SAAK,SAAS,QAAQ,WAAW;AAAA,EAC9C;AAAA,EAOA,UACE,SACA,UAA0B,CAAC,GACV;AACjB,UAAM,cAAc,KAAK;AAAA,MACvB,EAAE,GAAG,QAAQ;AAAA,MACb;AAAA,IACF;AACA,UAAM,SAAS,KAAK;AAAA,MAClB;AAAA,MACA;AAAA,MACA;AAAA;AAAA,IAEF;AAEA,UAAM,qBAAqB,CAAC,UAAU,YAAY;AAClD,UAAM,cAAc,OAAO,KAAK,WAAW;AAC3C,QACE,OAAO,YAAY,YACnB,YAAY,KAAK,CAAC,MAAM,CAAC,mBAAmB,SAAS,CAAC,CAAC,GACvD;AACA,YAAM,IAAI;AAAA,QACR,uEACE,YAAY,KAAK,IAAI;AAAA,MACzB;AAAA,IACF;AAEA,WAAO,IAAI;AAAA,MAAQ,CAAC,SAAS,WAC3B,QAAQ,QAAQ,EACb,KAAK,MAAM,MAAM,EACjB,KAAK,CAAC,SAA6B;AAClC,QAAI;AAAA,UAAK;AAAA,UAAS;AAAA,UAAM;AAAA,UAAa,CAAC,KAAK,YACzC,MAAM,OAAO,GAAG,IAAI,QAAQ,OAAiB;AAAA,QAC/C;AAAA,MACF,CAAC;AAAA,IACL;AAAA,EACF;AAAA,EAEA,OACE,OACA,UAA4B,CAAC,GAC1B;AACH,UAAM,gBAAgB,KAAK,gBAAgB,EAAE,GAAG,QAAQ,GAAG,eAAe;AAC1E,UAAM,SAAS,KAAK;AAAA,MAClB;AAAA,MACA;AAAA,MACA;AAAA;AAAA,IAEF;AAEA,QAAI,kBAAkB,SAAS;AAC7B,aAAO,MAAM,MAAM;AAAA,MAAC,CAAC;AACrB,WAAK,OAAO;AAAA,QACV;AAAA,MACF;AACA,YAAM,IAAI,MAAM;AAAA,IAClB;AAEA,WAAW,WAAO,OAAO,QAAQ,aAAa;AAAA,EAChD;AAAA,EAEA,YACE,OACA,UAA4B,CAAC,GACjB;AACZ,UAAM,gBAAgB,KAAK,gBAAgB,EAAE,GAAG,QAAQ,GAAG,eAAe;AAC1E,UAAM,SAAS,KAAK;AAAA,MAClB;AAAA,MACA;AAAA,MACA;AAAA;AAAA,IAEF;AAEA,WAAO,IAAI;AAAA,MAAQ,CAAC,SAAS,WAC3B,QAAQ,QAAQ,EACb,KAAK,MAAM,MAAM,EACjB,KAAK,CAAC,SAA6B;AAClC,QAAI;AAAA,UAAO;AAAA,UAAO;AAAA,UAAM;AAAA,UAAe,CAAC,KAAK,YAC3C,MAAM,OAAO,GAAG,IAAI,QAAQ,OAAY;AAAA,QAC1C;AAAA,MACF,CAAC,EACA,MAAM,MAAM;AAAA,IACjB;AAAA,EACF;AAAA,EAEA,OAAgB,OAAe,SAAgC;AAC7D,WAAW,WAAO,OAAO,OAAO;AAAA,EAClC;AAAA,EAEQ,gBACN,SACA,KAC6B;AAC7B,WAAO,QAAQ;AACf,QAAI,QAAQ,eAAe;AACzB,aAAQ,QAA2B;AAAA,IACrC,OAAO;AACL,aAAQ,QAA6B;AAAA,IACvC;AACA,WAAO,UACH;AAAA,MACE,GAAI,KAAK,QAAQ,GAAG,KAAK,CAAC;AAAA,MAC1B,GAAG;AAAA,IACL;AAAA;AAAA,MAEA,KAAK,QAAQ,GAAG;AAAA;AAAA,EACtB;AAAA,EAEQ,0BAA0B,QAA4B;AAC5D,WAAO;AAAA,EACT;AAAA,EAEQ,aACN,OACA,SACA,KACA,mBACkD;AAClD,UAAM,SAAS,KAAK,QAAQ,sBACxB,KAAK,QAAQ,oBAAoB,mBAAmB,OAAO,OAAO,KAClE,mCAAS,WACT,KAAK,QAAQ,WACZ,QAAQ,gBACJ,mCAA4B,eAAc,KAAK,QAAQ,cACvD,mCAA8B,cAC/B,KAAK,QAAQ,cACjB,KAAK,QAAQ,GAAG;AAEpB,WAAO;AAAA,EACT;AACF;AAzLO;AAAM,cAAN,0CADP,wBACa;AAAN,4BAAM;AAAN,IAAM,aAAN;;;ACdP;AAAA,EACE,cAAAC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAOA,IAAM,kBAAkB,eAAe;AAAA,EAC5C;AAAA,EACA;AACF;AAjBA,mCAAAC;AAmBA,iCAACC,YAAW;AAAA,EACV,OAAO;AAAA,EACP,MAAM,eAAe;AACvB,CAAC;AACM,IAAM,oBAAN,MAAwB;AAAA,EAC7B,OAAO,KAA2C,MAAyB;AACzE,WAAO,eAAe,KAAK,YAAY,CAAC,IAAI,CAAC;AAAA,EAC/C;AACF;AAJOD,SAAA;AAAM,oBAAN,kBAAAA,QAAA,wBAJP,+BAIa;AAAN,kBAAAA,QAAA,GAAM;AAMN,SAAS,kBACd,QACuC;AACvC,MAAI,OAAO,WAAW,YAAY;AAChC,WAAO,eAAe,QAAQ,iBAAiB,MAAM;AAAA,EACvD;AACA,SAAO,eAAe,MAAM,iBAAiB,MAAM;AACrD;;;ACjCA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;","names":["RequestType","Injectable","_init","Injectable"]}
|
package/package.json
ADDED
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@navios/jwt",
|
|
3
|
+
"description": "JWT authentication and authorization for Navios",
|
|
4
|
+
"version": "0.1.0",
|
|
5
|
+
"author": {
|
|
6
|
+
"name": "Oleksandr Hanzha",
|
|
7
|
+
"email": "alex@granted.name"
|
|
8
|
+
},
|
|
9
|
+
"repository": {
|
|
10
|
+
"directory": "packages/jwt",
|
|
11
|
+
"type": "git",
|
|
12
|
+
"url": "https://github.com/Arilas/navios.git"
|
|
13
|
+
},
|
|
14
|
+
"license": "MIT",
|
|
15
|
+
"typings": "./dist/index.d.ts",
|
|
16
|
+
"main": "./dist/index.js",
|
|
17
|
+
"module": "./dist/index.mjs",
|
|
18
|
+
"peerDependencies": {
|
|
19
|
+
"@navios/core": "^0.1.4",
|
|
20
|
+
"zod": "^3.23.8"
|
|
21
|
+
},
|
|
22
|
+
"exports": {
|
|
23
|
+
".": {
|
|
24
|
+
"import": {
|
|
25
|
+
"types": "./dist/index.d.mts",
|
|
26
|
+
"default": "./dist/index.mjs"
|
|
27
|
+
},
|
|
28
|
+
"require": {
|
|
29
|
+
"types": "./dist/index.d.ts",
|
|
30
|
+
"default": "./dist/index.js"
|
|
31
|
+
}
|
|
32
|
+
},
|
|
33
|
+
"./package.json": "./package.json"
|
|
34
|
+
},
|
|
35
|
+
"devDependencies": {
|
|
36
|
+
"@navios/core": "^0.1.4",
|
|
37
|
+
"@types/jsonwebtoken": "^9",
|
|
38
|
+
"zod": "^3.24.3"
|
|
39
|
+
},
|
|
40
|
+
"dependencies": {
|
|
41
|
+
"jsonwebtoken": "^9.0.2"
|
|
42
|
+
}
|
|
43
|
+
}
|
package/src/index.mts
ADDED
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import type { ServiceLocatorAbstractFactoryContext } from '@navios/core'
|
|
2
|
+
|
|
3
|
+
import {
|
|
4
|
+
Injectable,
|
|
5
|
+
InjectableType,
|
|
6
|
+
InjectionToken,
|
|
7
|
+
resolveService,
|
|
8
|
+
} from '@navios/core'
|
|
9
|
+
|
|
10
|
+
import type { JwtServiceOptions } from './options/jwt-service.options.mjs'
|
|
11
|
+
|
|
12
|
+
import { JwtService } from './jwt.service.mjs'
|
|
13
|
+
import { JwtServiceOptionsSchema } from './options/jwt-service.options.mjs'
|
|
14
|
+
|
|
15
|
+
export const JwtServiceToken = InjectionToken.create(
|
|
16
|
+
JwtService,
|
|
17
|
+
JwtServiceOptionsSchema,
|
|
18
|
+
)
|
|
19
|
+
|
|
20
|
+
@Injectable({
|
|
21
|
+
token: JwtServiceToken,
|
|
22
|
+
type: InjectableType.Factory,
|
|
23
|
+
})
|
|
24
|
+
export class JwtServiceFactory {
|
|
25
|
+
create(ctx: ServiceLocatorAbstractFactoryContext, args: JwtServiceOptions) {
|
|
26
|
+
return resolveService(ctx, JwtService, [args])
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
export function provideJwtService(
|
|
31
|
+
config: JwtServiceOptions | (() => Promise<JwtServiceOptions>),
|
|
32
|
+
): InjectionToken<JwtService, undefined> {
|
|
33
|
+
if (typeof config === 'function') {
|
|
34
|
+
return InjectionToken.factory(JwtServiceToken, config)
|
|
35
|
+
}
|
|
36
|
+
return InjectionToken.bound(JwtServiceToken, config)
|
|
37
|
+
}
|
|
@@ -0,0 +1,202 @@
|
|
|
1
|
+
import { Injectable, Logger, syncInject } from '@navios/core'
|
|
2
|
+
|
|
3
|
+
import * as jwt from 'jsonwebtoken'
|
|
4
|
+
|
|
5
|
+
import type {
|
|
6
|
+
GetSecretKeyResult,
|
|
7
|
+
JwtServiceOptions,
|
|
8
|
+
JwtSignOptions,
|
|
9
|
+
JwtVerifyOptions,
|
|
10
|
+
SignOptions,
|
|
11
|
+
VerifyOptions,
|
|
12
|
+
} from './options/jwt-service.options.mjs'
|
|
13
|
+
|
|
14
|
+
import { RequestType } from './options/jwt-service.options.mjs'
|
|
15
|
+
|
|
16
|
+
@Injectable()
|
|
17
|
+
export class JwtService {
|
|
18
|
+
logger = syncInject(Logger, {
|
|
19
|
+
context: JwtService.name,
|
|
20
|
+
})
|
|
21
|
+
|
|
22
|
+
constructor(private readonly options: JwtServiceOptions = {}) {}
|
|
23
|
+
|
|
24
|
+
sign(
|
|
25
|
+
payload: string,
|
|
26
|
+
options?: Omit<JwtSignOptions, keyof SignOptions>,
|
|
27
|
+
): string
|
|
28
|
+
sign(payload: Buffer | object, options?: JwtSignOptions): string
|
|
29
|
+
sign(
|
|
30
|
+
payload: string | Buffer | object,
|
|
31
|
+
options: JwtSignOptions = {},
|
|
32
|
+
): string {
|
|
33
|
+
const signOptions = this.mergeJwtOptions(
|
|
34
|
+
{ ...options },
|
|
35
|
+
'signOptions',
|
|
36
|
+
) as jwt.SignOptions
|
|
37
|
+
const secret = this.getSecretKey(
|
|
38
|
+
payload,
|
|
39
|
+
options,
|
|
40
|
+
'privateKey',
|
|
41
|
+
RequestType.Sign,
|
|
42
|
+
)
|
|
43
|
+
|
|
44
|
+
if (secret instanceof Promise) {
|
|
45
|
+
secret.catch(() => {}) // suppress rejection from async provider
|
|
46
|
+
this.logger.warn(
|
|
47
|
+
'For async version of "secretOrKeyProvider", please use "signAsync".',
|
|
48
|
+
)
|
|
49
|
+
throw new Error()
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
const allowedSignOptKeys = ['secret', 'privateKey']
|
|
53
|
+
const signOptKeys = Object.keys(signOptions)
|
|
54
|
+
if (
|
|
55
|
+
typeof payload === 'string' &&
|
|
56
|
+
signOptKeys.some((k) => !allowedSignOptKeys.includes(k))
|
|
57
|
+
) {
|
|
58
|
+
throw new Error(
|
|
59
|
+
'Payload as string is not allowed with the following sign options: ' +
|
|
60
|
+
signOptKeys.join(', '),
|
|
61
|
+
)
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
return jwt.sign(payload, secret, signOptions)
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
signAsync(
|
|
68
|
+
payload: string,
|
|
69
|
+
options?: Omit<JwtSignOptions, keyof jwt.SignOptions>,
|
|
70
|
+
): Promise<string>
|
|
71
|
+
signAsync(payload: Buffer | object, options?: JwtSignOptions): Promise<string>
|
|
72
|
+
signAsync(
|
|
73
|
+
payload: string | Buffer | object,
|
|
74
|
+
options: JwtSignOptions = {},
|
|
75
|
+
): Promise<string> {
|
|
76
|
+
const signOptions = this.mergeJwtOptions(
|
|
77
|
+
{ ...options },
|
|
78
|
+
'signOptions',
|
|
79
|
+
) as jwt.SignOptions
|
|
80
|
+
const secret = this.getSecretKey(
|
|
81
|
+
payload,
|
|
82
|
+
options,
|
|
83
|
+
'privateKey',
|
|
84
|
+
RequestType.Sign,
|
|
85
|
+
)
|
|
86
|
+
|
|
87
|
+
const allowedSignOptKeys = ['secret', 'privateKey']
|
|
88
|
+
const signOptKeys = Object.keys(signOptions)
|
|
89
|
+
if (
|
|
90
|
+
typeof payload === 'string' &&
|
|
91
|
+
signOptKeys.some((k) => !allowedSignOptKeys.includes(k))
|
|
92
|
+
) {
|
|
93
|
+
throw new Error(
|
|
94
|
+
'Payload as string is not allowed with the following sign options: ' +
|
|
95
|
+
signOptKeys.join(', '),
|
|
96
|
+
)
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
return new Promise((resolve, reject) =>
|
|
100
|
+
Promise.resolve()
|
|
101
|
+
.then(() => secret)
|
|
102
|
+
.then((scrt: GetSecretKeyResult) => {
|
|
103
|
+
jwt.sign(payload, scrt, signOptions, (err, encoded) =>
|
|
104
|
+
err ? reject(err) : resolve(encoded as string),
|
|
105
|
+
)
|
|
106
|
+
}),
|
|
107
|
+
)
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
verify<T extends object = any>(
|
|
111
|
+
token: string,
|
|
112
|
+
options: JwtVerifyOptions = {},
|
|
113
|
+
): T {
|
|
114
|
+
const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions')
|
|
115
|
+
const secret = this.getSecretKey(
|
|
116
|
+
token,
|
|
117
|
+
options,
|
|
118
|
+
'publicKey',
|
|
119
|
+
RequestType.Verify,
|
|
120
|
+
)
|
|
121
|
+
|
|
122
|
+
if (secret instanceof Promise) {
|
|
123
|
+
secret.catch(() => {}) // suppress rejection from async provider
|
|
124
|
+
this.logger.warn(
|
|
125
|
+
'For async version of "secretOrKeyProvider", please use "verifyAsync".',
|
|
126
|
+
)
|
|
127
|
+
throw new Error()
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
return jwt.verify(token, secret, verifyOptions) as unknown as T
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
verifyAsync<T extends object = any>(
|
|
134
|
+
token: string,
|
|
135
|
+
options: JwtVerifyOptions = {},
|
|
136
|
+
): Promise<T> {
|
|
137
|
+
const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions')
|
|
138
|
+
const secret = this.getSecretKey(
|
|
139
|
+
token,
|
|
140
|
+
options,
|
|
141
|
+
'publicKey',
|
|
142
|
+
RequestType.Verify,
|
|
143
|
+
)
|
|
144
|
+
|
|
145
|
+
return new Promise((resolve, reject) =>
|
|
146
|
+
Promise.resolve()
|
|
147
|
+
.then(() => secret)
|
|
148
|
+
.then((scrt: GetSecretKeyResult) => {
|
|
149
|
+
jwt.verify(token, scrt, verifyOptions, (err, decoded) =>
|
|
150
|
+
err ? reject(err) : resolve(decoded as T),
|
|
151
|
+
)
|
|
152
|
+
})
|
|
153
|
+
.catch(reject),
|
|
154
|
+
)
|
|
155
|
+
}
|
|
156
|
+
|
|
157
|
+
decode<T = any>(token: string, options?: jwt.DecodeOptions): T {
|
|
158
|
+
return jwt.decode(token, options) as T
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
private mergeJwtOptions(
|
|
162
|
+
options: JwtVerifyOptions | JwtSignOptions,
|
|
163
|
+
key: 'verifyOptions' | 'signOptions',
|
|
164
|
+
): VerifyOptions | SignOptions {
|
|
165
|
+
delete options.secret
|
|
166
|
+
if (key === 'signOptions') {
|
|
167
|
+
delete (options as JwtSignOptions).privateKey
|
|
168
|
+
} else {
|
|
169
|
+
delete (options as JwtVerifyOptions).publicKey
|
|
170
|
+
}
|
|
171
|
+
return options
|
|
172
|
+
? {
|
|
173
|
+
...(this.options[key] || {}),
|
|
174
|
+
...options,
|
|
175
|
+
}
|
|
176
|
+
: // @ts-expect-error We check it
|
|
177
|
+
this.options[key]
|
|
178
|
+
}
|
|
179
|
+
|
|
180
|
+
private overrideSecretFromOptions(secret: GetSecretKeyResult) {
|
|
181
|
+
return secret
|
|
182
|
+
}
|
|
183
|
+
|
|
184
|
+
private getSecretKey(
|
|
185
|
+
token: string | object | Buffer,
|
|
186
|
+
options: JwtVerifyOptions | JwtSignOptions,
|
|
187
|
+
key: 'publicKey' | 'privateKey',
|
|
188
|
+
secretRequestType: RequestType,
|
|
189
|
+
): GetSecretKeyResult | Promise<GetSecretKeyResult> {
|
|
190
|
+
const secret = this.options.secretOrKeyProvider
|
|
191
|
+
? this.options.secretOrKeyProvider(secretRequestType, token, options)
|
|
192
|
+
: options?.secret ||
|
|
193
|
+
this.options.secret ||
|
|
194
|
+
(key === 'privateKey'
|
|
195
|
+
? (options as JwtSignOptions)?.privateKey || this.options.privateKey
|
|
196
|
+
: (options as JwtVerifyOptions)?.publicKey ||
|
|
197
|
+
this.options.publicKey) ||
|
|
198
|
+
this.options[key]
|
|
199
|
+
|
|
200
|
+
return secret as GetSecretKeyResult
|
|
201
|
+
}
|
|
202
|
+
}
|