@navios/jwt 0.5.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/CHANGELOG.md +24 -0
  2. package/README.md +211 -34
  3. package/dist/src/index.d.mts +51 -0
  4. package/dist/src/index.d.mts.map +1 -1
  5. package/dist/src/jwt-service.provider.d.mts +50 -0
  6. package/dist/src/jwt-service.provider.d.mts.map +1 -1
  7. package/dist/src/jwt.service.d.mts +170 -0
  8. package/dist/src/jwt.service.d.mts.map +1 -1
  9. package/dist/src/options/jwt-service.options.d.mts +106 -0
  10. package/dist/src/options/jwt-service.options.d.mts.map +1 -1
  11. package/dist/tsconfig.tsbuildinfo +1 -1
  12. package/lib/index.cjs +668 -0
  13. package/lib/index.cjs.map +1 -0
  14. package/lib/index.d.cts +936 -0
  15. package/lib/index.d.cts.map +1 -0
  16. package/lib/index.d.mts +936 -21
  17. package/lib/index.d.mts.map +1 -0
  18. package/lib/index.mjs +610 -270
  19. package/lib/index.mjs.map +1 -1
  20. package/package.json +5 -5
  21. package/project.json +2 -2
  22. package/src/index.mts +54 -0
  23. package/src/jwt-service.provider.mts +50 -0
  24. package/src/jwt.service.mts +170 -0
  25. package/src/options/jwt-service.options.mts +106 -0
  26. package/tsdown.config.mts +33 -0
  27. package/lib/_tsup-dts-rollup.d.mts +0 -624
  28. package/lib/_tsup-dts-rollup.d.ts +0 -624
  29. package/lib/index.d.ts +0 -21
  30. package/lib/index.js +0 -301
  31. package/lib/index.js.map +0 -1
  32. package/tsup.config.mts +0 -12
package/lib/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/options/jwt-service.options.mts","../src/jwt.service.mts","../src/jwt-service.provider.mts","../src/index.mts"],"names":["RequestType","InjectionToken","jwt"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIO,IAAK,WAAA,qBAAAA,YAAAA,KAAL;AACL,EAAAA,aAAA,MAAA,CAAA,GAAO,MAAA;AACP,EAAAA,aAAA,QAAA,CAAA,GAAS,QAAA;AAFC,EAAA,OAAAA,YAAAA;AAAA,CAAA,EAAA,WAAA,IAAA,EAAA;AAKL,IAAM,aAAA,GAAgB,EAAE,IAAA,CAAK;AAAA,EAClC,OAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA;AACF,CAAC;AAEM,IAAM,eAAA,GAAkB,EAAE,MAAA,CAAO;AAAA,EACtC,GAAA,EAAK,aAAA,CAAc,EAAA,CAAG,CAAA,CAAE,QAAQ,CAAA;AAAA,EAChC,GAAA,EAAK,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACzB,GAAA,EAAK,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACzB,MAAM,CAAA,CAAE,MAAA,EAAO,CAAE,KAAA,GAAQ,QAAA,EAAS;AAAA,EAClC,GAAA,EAAK,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACzB,GAAA,EAAK,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACzB,GAAA,EAAK,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,MAAA,EAAO,EAAG,CAAA,CAAE,KAAA,CAAM,EAAE,MAAA,EAAQ,CAAC,CAAC,EAAE,QAAA,EAAS;AAAA,EACzD,UAAA,EAAY,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,GAAA,EAAK,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACzB,GAAA,EAAK,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,MAAA,EAAO,EAAG,CAAA,CAAE,KAAA,CAAM,EAAE,MAAA,EAAQ,CAAC,CAAC,EAAE,QAAA;AAClD,CAAC;AAIM,IAAM,iBAAA,GAAoB,EAAE,MAAA,CAAO;AAAA,EACxC,SAAA,EAAW,cAAc,QAAA,EAAS;AAAA,EAClC,KAAA,EAAO,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,SAAA,EAAW,CAAA,CAAE,KAAA,CAAM,CAAC,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,MAAA,EAAQ,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACtD,SAAA,EAAW,CAAA,CAAE,KAAA,CAAM,CAAC,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,MAAA,EAAQ,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACtD,QAAA,EAAU,EACP,KAAA,CAAM;AAAA,IACL,EAAE,MAAA,EAAO;AAAA,IACT,CAAA,CAAE,WAAW,MAAM,CAAA;AAAA,IACnB,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,KAAA,CAAM,CAAC,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,UAAA,CAAW,MAAM,CAAC,CAAC,CAAC;AAAA,GACpD,EACA,QAAA,EAAS;AAAA,EACZ,OAAA,EAAS,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC7B,MAAA,EAAQ,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC5B,KAAA,EAAO,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,aAAA,EAAe,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EACpC,WAAA,EAAa,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EAClC,MAAA,EAAQ,gBAAgB,QAAA,EAAS;AAAA,EACjC,QAAA,EAAU,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC9B,qBAAA,EAAuB,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EAC5C,8BAAA,EAAgC,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AAC9C,CAAC;AAIM,IAAM,mBAAA,GAAsB,EAAE,MAAA,CAAO;AAAA,EAC1C,UAAA,EAAY,aAAA,CAAc,KAAA,EAAM,CAAE,QAAA,EAAS;AAAA,EAC3C,QAAA,EAAU,EACP,KAAA,CAAM;AAAA,IACL,EAAE,MAAA,EAAO;AAAA,IACT,CAAA,CAAE,WAAW,MAAM,CAAA;AAAA,IACnB,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,KAAA,CAAM,CAAC,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,UAAA,CAAW,MAAM,CAAC,CAAC,CAAC;AAAA,GACpD,EACA,QAAA,EAAS;AAAA,EACZ,cAAA,EAAgB,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACpC,cAAA,EAAgB,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACpC,QAAA,EAAU,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EAC/B,MAAA,EAAQ,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,MAAA,EAAO,EAAG,CAAA,CAAE,MAAA,EAAO,CAAE,KAAA,EAAO,CAAC,EAAE,QAAA,EAAS;AAAA,EAC3D,gBAAA,EAAkB,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EACvC,eAAA,EAAiB,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EACtC,KAAA,EAAO,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,KAAA,EAAO,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,OAAA,EAAS,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC7B,MAAA,EAAQ,CAAA,CAAE,KAAA,CAAM,CAAC,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,MAAA,EAAQ,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACnD,8BAAA,EAAgC,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AAC9C,CAAC;AAIM,IAAM,YAAA,GAAe,EAAE,KAAA,CAAM;AAAA,EAClC,EAAE,MAAA,EAAO;AAAA,EACT,CAAA,CAAE,WAAW,MAAM,CAAA;AAAA,EACnB,EACG,MAAA,CAAO;AAAA,IACN,IAAA,EAAM,EAAE,MAAA;AAAO,GAChB,EACA,WAAA,EAAY;AAAA,EACf,EAAE,MAAA,CAAO;AAAA,IACP,GAAA,EAAK,CAAA,CAAE,KAAA,CAAM,CAAC,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,UAAA,CAAW,MAAM,CAAC,CAAC,CAAA;AAAA,IAC/C,UAAA,EAAY,EAAE,MAAA;AAAO,GACtB;AACH,CAAC;AAIM,IAAM,uBAAA,GAA0B,EAAE,MAAA,CAAO;AAAA,EAC9C,WAAA,EAAa,kBAAkB,QAAA,EAAS;AAAA,EACxC,MAAA,EAAQ,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC5B,SAAA,EAAW,CAAA,CAAE,KAAA,CAAM,CAAC,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,UAAA,CAAW,MAAM,CAAC,CAAC,EAAE,QAAA,EAAS;AAAA,EAChE,UAAA,EAAY,aAAa,QAAA,EAAS;AAAA,EAClC,aAAA,EAAe,oBAAoB,QAAA,EAAS;AAAA,EAC5C,mBAAA,EAAqB,EAClB,QAAA,CAAS;AAAA,IACR,KAAA,EAAO;AAAA,MACL,CAAA,CAAE,KAAK,WAAW,CAAA;AAAA,MAClB,EAAE,GAAA,EAAI;AAAA,MACN,EAAE,KAAA,CAAM,CAAC,mBAAmB,mBAAmB,CAAC,EAAE,QAAA;AAAS,KAC7D;AAAA,IACA,MAAA,EAAQ,EAAE,KAAA,CAAM,CAAC,cAAc,CAAA,CAAE,OAAA,CAAQ,YAAY,CAAC,CAAC;AAAA,GACxD,EACA,QAAA;AACL,CAAC;ACvGM,IAAM,kBAAkB,cAAA,CAAe,MAAA;AAAA,EAC5C,MAAA,CAAO,IAAI,YAAY,CAAA;AAAA,EACvB;AACF;AArBA,IAAA,sBAAA,EAAA,KAAA;AAuBA,sBAAA,GAAA,CAAC,UAAA,CAAW;AAAA,EACV,KAAA,EAAO;AACT,CAAC,CAAA,CAAA;AACM,IAAM,WAAA,GAAN,MAAM,WAAA,CAAW;AAAA,EAKtB,WAAA,CAA6B,OAAA,GAA6B,EAAC,EAAG;AAAjC,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAAkC;AAAA,EAJ/D,MAAA,GAAS,OAAO,MAAA,EAAQ;AAAA,IACtB,SAAS,WAAA,CAAW;AAAA,GACrB,CAAA;AAAA,EASD,IAAA,CACE,OAAA,EACA,OAAA,GAA0B,EAAC,EACnB;AACR,IAAA,MAAM,cAAc,IAAA,CAAK,eAAA;AAAA,MACvB,EAAE,GAAG,OAAA,EAAQ;AAAA,MACb;AAAA,KACF;AACA,IAAA,MAAM,SAAS,IAAA,CAAK,YAAA;AAAA,MAClB,OAAA;AAAA,MACA,OAAA;AAAA,MACA,YAAA;AAAA,MAAA,MAAA;AAAA,KAEF;AAEA,IAAA,IAAI,kBAAkB,OAAA,EAAS;AAC7B,MAAA,MAAA,CAAO,MAAM,MAAM;AAAA,MAAC,CAAC,CAAA;AACrB,MAAA,IAAA,CAAK,MAAA,CAAO,IAAA;AAAA,QACV;AAAA,OACF;AACA,MAAA,MAAM,IAAI,KAAA,EAAM;AAAA,IAClB;AAEA,IAAA,MAAM,kBAAA,GAAqB,CAAC,QAAA,EAAU,YAAY,CAAA;AAClD,IAAA,MAAM,WAAA,GAAc,MAAA,CAAO,IAAA,CAAK,WAAW,CAAA;AAC3C,IAAA,IACE,OAAO,OAAA,KAAY,QAAA,IACnB,WAAA,CAAY,IAAA,CAAK,CAAC,CAAA,KAAM,CAAC,kBAAA,CAAmB,QAAA,CAAS,CAAC,CAAC,CAAA,EACvD;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,oEAAA,GACE,WAAA,CAAY,IAAA,CAAK,IAAI;AAAA,OACzB;AAAA,IACF;AAEA,IAAA,OAAO,GAAA,CAAI,IAAA,CAAK,OAAA,EAAS,MAAA,EAAQ,WAAW,CAAA;AAAA,EAC9C;AAAA,EAOA,SAAA,CACE,OAAA,EACA,OAAA,GAA0B,EAAC,EACV;AACjB,IAAA,MAAM,cAAc,IAAA,CAAK,eAAA;AAAA,MACvB,EAAE,GAAG,OAAA,EAAQ;AAAA,MACb;AAAA,KACF;AACA,IAAA,MAAM,SAAS,IAAA,CAAK,YAAA;AAAA,MAClB,OAAA;AAAA,MACA,OAAA;AAAA,MACA,YAAA;AAAA,MAAA,MAAA;AAAA,KAEF;AAEA,IAAA,MAAM,kBAAA,GAAqB,CAAC,QAAA,EAAU,YAAY,CAAA;AAClD,IAAA,MAAM,WAAA,GAAc,MAAA,CAAO,IAAA,CAAK,WAAW,CAAA;AAC3C,IAAA,IACE,OAAO,OAAA,KAAY,QAAA,IACnB,WAAA,CAAY,IAAA,CAAK,CAAC,CAAA,KAAM,CAAC,kBAAA,CAAmB,QAAA,CAAS,CAAC,CAAC,CAAA,EACvD;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,oEAAA,GACE,WAAA,CAAY,IAAA,CAAK,IAAI;AAAA,OACzB;AAAA,IACF;AAEA,IAAA,OAAO,IAAI,OAAA;AAAA,MAAQ,CAAC,OAAA,EAAS,MAAA,KAC3B,OAAA,CAAQ,OAAA,EAAQ,CACb,IAAA,CAAK,MAAM,MAAM,CAAA,CACjB,IAAA,CAAK,CAAC,IAAA,KAA6B;AAClC,QAAA,GAAA,CAAI,IAAA;AAAA,UAAK,OAAA;AAAA,UAAS,IAAA;AAAA,UAAM,WAAA;AAAA,UAAa,CAAC,KAAK,OAAA,KACzC,GAAA,GAAM,OAAO,GAAG,CAAA,GAAI,QAAQ,OAAiB;AAAA,SAC/C;AAAA,MACF,CAAC;AAAA,KACL;AAAA,EACF;AAAA,EAEA,MAAA,CACE,KAAA,EACA,OAAA,GAA4B,EAAC,EAC1B;AACH,IAAA,MAAM,gBAAgB,IAAA,CAAK,eAAA,CAAgB,EAAE,GAAG,OAAA,IAAW,eAAe,CAAA;AAC1E,IAAA,MAAM,SAAS,IAAA,CAAK,YAAA;AAAA,MAClB,KAAA;AAAA,MACA,OAAA;AAAA,MACA,WAAA;AAAA,MAAA,QAAA;AAAA,KAEF;AAEA,IAAA,IAAI,kBAAkB,OAAA,EAAS;AAC7B,MAAA,MAAA,CAAO,MAAM,MAAM;AAAA,MAAC,CAAC,CAAA;AACrB,MAAA,IAAA,CAAK,MAAA,CAAO,IAAA;AAAA,QACV;AAAA,OACF;AACA,MAAA,MAAM,IAAI,KAAA,EAAM;AAAA,IAClB;AAGA,IAAA,OAAO,GAAA,CAAI,MAAA,CAAO,KAAA,EAAO,MAAA,EAAQ,aAAa,CAAA;AAAA,EAChD;AAAA,EAEA,WAAA,CACE,KAAA,EACA,OAAA,GAA4B,EAAC,EACjB;AACZ,IAAA,MAAM,gBAAgB,IAAA,CAAK,eAAA,CAAgB,EAAE,GAAG,OAAA,IAAW,eAAe,CAAA;AAC1E,IAAA,MAAM,SAAS,IAAA,CAAK,YAAA;AAAA,MAClB,KAAA;AAAA,MACA,OAAA;AAAA,MACA,WAAA;AAAA,MAAA,QAAA;AAAA,KAEF;AAEA,IAAA,OAAO,IAAI,OAAA;AAAA,MAAQ,CAAC,OAAA,EAAS,MAAA,KAC3B,OAAA,CAAQ,OAAA,EAAQ,CACb,IAAA,CAAK,MAAM,MAAM,CAAA,CACjB,IAAA,CAAK,CAAC,IAAA,KAA6B;AAElC,QAAA,GAAA,CAAI,MAAA;AAAA,UAAO,KAAA;AAAA,UAAO,IAAA;AAAA,UAAM,aAAA;AAAA,UAAe,CAAC,KAAK,OAAA,KAC3C,GAAA,GAAM,OAAO,GAAG,CAAA,GAAI,QAAQ,OAAY;AAAA,SAC1C;AAAA,MACF,CAAC,CAAA,CACA,KAAA,CAAM,MAAM;AAAA,KACjB;AAAA,EACF;AAAA,EAEA,MAAA,CAAgB,OAAe,OAAA,EAAgC;AAC7D,IAAA,OAAO,GAAA,CAAI,MAAA,CAAO,KAAA,EAAO,OAAO,CAAA;AAAA,EAClC;AAAA,EAEQ,eAAA,CACN,SACA,GAAA,EAC6B;AAC7B,IAAA,OAAO,OAAA,CAAQ,MAAA;AACf,IAAA,IAAI,QAAQ,aAAA,EAAe;AACzB,MAAA,OAAQ,OAAA,CAA2B,UAAA;AAAA,IACrC,CAAA,MAAO;AACL,MAAA,OAAQ,OAAA,CAA6B,SAAA;AAAA,IACvC;AACA,IAAA,OAAO,OAAA,GACH;AAAA,MACE,GAAG,IAAA,CAAK,OAAA,CAAQ,GAAG,CAAA;AAAA,MACnB,GAAG;AAAA,KACL;AAAA;AAAA,MAEA,IAAA,CAAK,QAAQ,GAAG;AAAA,KAAA;AAAA,EACtB;AAAA,EAEQ,YAAA,CACN,KAAA,EACA,OAAA,EACA,GAAA,EACA,iBAAA,EACkD;AAClD,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,OAAA,CAAQ,mBAAA,GACxB,IAAA,CAAK,OAAA,CAAQ,mBAAA,CAAoB,iBAAA,EAAmB,KAAA,EAAO,OAAO,CAAA,GAClE,OAAA,EAAS,UACT,IAAA,CAAK,OAAA,CAAQ,MAAA,KACZ,GAAA,KAAQ,YAAA,GACJ,OAAA,EAA4B,UAAA,IAAc,IAAA,CAAK,OAAA,CAAQ,UAAA,GACvD,OAAA,EAA8B,SAAA,IAC/B,IAAA,CAAK,OAAA,CAAQ,SAAA,CAAA,IACjB,IAAA,CAAK,QAAQ,GAAG,CAAA;AAEpB,IAAA,OAAO,MAAA;AAAA,EACT;AACF,CAAA;AAvLO,KAAA,GAAA,gBAAA,CAAA,CAAA;AAAM,WAAA,GAAN,0CAHP,sBAAA,EAGa,WAAA,CAAA;AAAN,iBAAA,CAAA,KAAA,EAAA,CAAA,EAAM,WAAA,CAAA;AAAN,IAAM,UAAA,GAAN;ACXA,SAAS,kBACd,MAAA,EAGoE;AACpE,EAAA,IAAI,OAAO,WAAW,UAAA,EAAY;AAChC,IAAA,OAAOC,cAAAA,CAAe,OAAA,CAAQ,eAAA,EAAiB,MAAM,CAAA;AAAA,EACvD;AACA,EAAA,OAAOA,cAAAA,CAAe,KAAA,CAAM,eAAA,EAAiB,MAAM,CAAA;AACrD;;;ACnBO,IAAM,oBAAoBC,GAAAA,CAAI;AAC9B,IAAM,iBAAiBA,GAAAA,CAAI;AAC3B,IAAM,oBAAoBA,GAAAA,CAAI","file":"index.mjs","sourcesContent":["import type { Secret as JwtSecret } from 'jsonwebtoken'\n\nimport { z } from 'zod/v4'\n\nexport enum RequestType {\n Sign = 'Sign',\n Verify = 'Verify',\n}\n\nexport const AlgorithmType = z.enum([\n 'HS256',\n 'HS384',\n 'HS512',\n 'RS256',\n 'RS384',\n 'RS512',\n 'ES256',\n 'ES384',\n 'ES512',\n 'PS256',\n 'PS384',\n 'PS512',\n 'none',\n])\n\nexport const JwtHeaderSchema = z.object({\n alg: AlgorithmType.or(z.string()),\n typ: z.string().optional(),\n cty: z.string().optional(),\n crit: z.string().array().optional(),\n kid: z.string().optional(),\n jku: z.string().optional(),\n x5u: z.union([z.string(), z.array(z.string())]).optional(),\n 'x5t#S256': z.string().optional(),\n x5t: z.string().optional(),\n x5c: z.union([z.string(), z.array(z.string())]).optional(),\n})\n\nexport type JwtHeader = z.infer<typeof JwtHeaderSchema>\n\nexport const SignOptionsSchema = z.object({\n algorithm: AlgorithmType.optional(),\n keyid: z.string().optional(),\n expiresIn: z.union([z.string(), z.number()]).optional(),\n notBefore: z.union([z.string(), z.number()]).optional(),\n audience: z\n .union([\n z.string(),\n z.instanceof(RegExp),\n z.array(z.union([z.string(), z.instanceof(RegExp)])),\n ])\n .optional(),\n subject: z.string().optional(),\n issuer: z.string().optional(),\n jwtid: z.string().optional(),\n mutatePayload: z.boolean().optional(),\n noTimestamp: z.boolean().optional(),\n header: JwtHeaderSchema.optional(),\n encoding: z.string().optional(),\n allowInsecureKeySizes: z.boolean().optional(),\n allowInvalidAsymmetricKeyTypes: z.boolean().optional(),\n})\n\nexport type SignOptions = z.infer<typeof SignOptionsSchema>\n\nexport const VerifyOptionsSchema = z.object({\n algorithms: AlgorithmType.array().optional(),\n audience: z\n .union([\n z.string(),\n z.instanceof(RegExp),\n z.array(z.union([z.string(), z.instanceof(RegExp)])),\n ])\n .optional(),\n clockTimestamp: z.number().optional(),\n clockTolerance: z.number().optional(),\n complete: z.boolean().optional(),\n issuer: z.union([z.string(), z.string().array()]).optional(),\n ignoreExpiration: z.boolean().optional(),\n ignoreNotBefore: z.boolean().optional(),\n jwtid: z.string().optional(),\n nonce: z.string().optional(),\n subject: z.string().optional(),\n maxAge: z.union([z.string(), z.number()]).optional(),\n allowInvalidAsymmetricKeyTypes: z.boolean().optional(),\n})\n\nexport type VerifyOptions = z.infer<typeof VerifyOptionsSchema>\n\nexport const SecretSchema = z.union([\n z.string(),\n z.instanceof(Buffer),\n z\n .object({\n type: z.string(),\n })\n .passthrough(),\n z.object({\n key: z.union([z.string(), z.instanceof(Buffer)]),\n passphrase: z.string(),\n }),\n])\n\nexport type Secret = z.infer<typeof SecretSchema>\n\nexport const JwtServiceOptionsSchema = z.object({\n signOptions: SignOptionsSchema.optional(),\n secret: z.string().optional(),\n publicKey: z.union([z.string(), z.instanceof(Buffer)]).optional(),\n privateKey: SecretSchema.optional(),\n verifyOptions: VerifyOptionsSchema.optional(),\n secretOrKeyProvider: z\n .function({\n input: [\n z.enum(RequestType),\n z.any(),\n z.union([SignOptionsSchema, VerifyOptionsSchema]).optional(),\n ],\n output: z.union([SecretSchema, z.promise(SecretSchema)]),\n })\n .optional(),\n})\n\nexport type JwtServiceOptions = z.infer<typeof JwtServiceOptionsSchema>\n\nexport interface JwtSignOptions extends SignOptions {\n secret?: string | Buffer\n privateKey?: Secret\n}\n\nexport interface JwtVerifyOptions extends VerifyOptions {\n secret?: string | Buffer\n publicKey?: string | Buffer\n}\n\nexport type GetSecretKeyResult = string | Buffer | JwtSecret\n","import { inject, Injectable, InjectionToken, Logger } from '@navios/core'\n\nimport jwt from 'jsonwebtoken'\n\nimport type {\n GetSecretKeyResult,\n JwtServiceOptions,\n JwtSignOptions,\n JwtVerifyOptions,\n SignOptions,\n VerifyOptions,\n} from './options/jwt-service.options.mjs'\n\nimport {\n JwtServiceOptionsSchema,\n RequestType,\n} from './options/jwt-service.options.mjs'\n\nexport const JwtServiceToken = InjectionToken.create(\n Symbol.for('JwtService'),\n JwtServiceOptionsSchema,\n)\n\n@Injectable({\n token: JwtServiceToken,\n})\nexport class JwtService {\n logger = inject(Logger, {\n context: JwtService.name,\n })\n\n constructor(private readonly options: JwtServiceOptions = {}) {}\n\n sign(\n payload: string,\n options?: Omit<JwtSignOptions, keyof SignOptions>,\n ): string\n sign(payload: Buffer | object, options?: JwtSignOptions): string\n sign(\n payload: string | Buffer | object,\n options: JwtSignOptions = {},\n ): string {\n const signOptions = this.mergeJwtOptions(\n { ...options },\n 'signOptions',\n ) as jwt.SignOptions\n const secret = this.getSecretKey(\n payload,\n options,\n 'privateKey',\n RequestType.Sign,\n )\n\n if (secret instanceof Promise) {\n secret.catch(() => {}) // suppress rejection from async provider\n this.logger.warn(\n 'For async version of \"secretOrKeyProvider\", please use \"signAsync\".',\n )\n throw new Error()\n }\n\n const allowedSignOptKeys = ['secret', 'privateKey']\n const signOptKeys = Object.keys(signOptions)\n if (\n typeof payload === 'string' &&\n signOptKeys.some((k) => !allowedSignOptKeys.includes(k))\n ) {\n throw new Error(\n 'Payload as string is not allowed with the following sign options: ' +\n signOptKeys.join(', '),\n )\n }\n\n return jwt.sign(payload, secret, signOptions)\n }\n\n signAsync(\n payload: string,\n options?: Omit<JwtSignOptions, keyof jwt.SignOptions>,\n ): Promise<string>\n signAsync(payload: Buffer | object, options?: JwtSignOptions): Promise<string>\n signAsync(\n payload: string | Buffer | object,\n options: JwtSignOptions = {},\n ): Promise<string> {\n const signOptions = this.mergeJwtOptions(\n { ...options },\n 'signOptions',\n ) as jwt.SignOptions\n const secret = this.getSecretKey(\n payload,\n options,\n 'privateKey',\n RequestType.Sign,\n )\n\n const allowedSignOptKeys = ['secret', 'privateKey']\n const signOptKeys = Object.keys(signOptions)\n if (\n typeof payload === 'string' &&\n signOptKeys.some((k) => !allowedSignOptKeys.includes(k))\n ) {\n throw new Error(\n 'Payload as string is not allowed with the following sign options: ' +\n signOptKeys.join(', '),\n )\n }\n\n return new Promise((resolve, reject) =>\n Promise.resolve()\n .then(() => secret)\n .then((scrt: GetSecretKeyResult) => {\n jwt.sign(payload, scrt, signOptions, (err, encoded) =>\n err ? reject(err) : resolve(encoded as string),\n )\n }),\n )\n }\n\n verify<T extends object = any>(\n token: string,\n options: JwtVerifyOptions = {},\n ): T {\n const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions')\n const secret = this.getSecretKey(\n token,\n options,\n 'publicKey',\n RequestType.Verify,\n )\n\n if (secret instanceof Promise) {\n secret.catch(() => {}) // suppress rejection from async provider\n this.logger.warn(\n 'For async version of \"secretOrKeyProvider\", please use \"verifyAsync\".',\n )\n throw new Error()\n }\n\n // @ts-expect-error We check it\n return jwt.verify(token, secret, verifyOptions) as unknown as T\n }\n\n verifyAsync<T extends object = any>(\n token: string,\n options: JwtVerifyOptions = {},\n ): Promise<T> {\n const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions')\n const secret = this.getSecretKey(\n token,\n options,\n 'publicKey',\n RequestType.Verify,\n )\n\n return new Promise((resolve, reject) =>\n Promise.resolve()\n .then(() => secret)\n .then((scrt: GetSecretKeyResult) => {\n // @ts-expect-error We check it\n jwt.verify(token, scrt, verifyOptions, (err, decoded) =>\n err ? reject(err) : resolve(decoded as T),\n )\n })\n .catch(reject),\n )\n }\n\n decode<T = any>(token: string, options?: jwt.DecodeOptions): T {\n return jwt.decode(token, options) as T\n }\n\n private mergeJwtOptions(\n options: JwtVerifyOptions | JwtSignOptions,\n key: 'verifyOptions' | 'signOptions',\n ): VerifyOptions | SignOptions {\n delete options.secret\n if (key === 'signOptions') {\n delete (options as JwtSignOptions).privateKey\n } else {\n delete (options as JwtVerifyOptions).publicKey\n }\n return options\n ? {\n ...this.options[key],\n ...options,\n }\n : // @ts-expect-error We check it\n this.options[key]\n }\n\n private getSecretKey(\n token: string | object | Buffer,\n options: JwtVerifyOptions | JwtSignOptions,\n key: 'publicKey' | 'privateKey',\n secretRequestType: RequestType,\n ): GetSecretKeyResult | Promise<GetSecretKeyResult> {\n const secret = this.options.secretOrKeyProvider\n ? this.options.secretOrKeyProvider(secretRequestType, token, options)\n : options?.secret ||\n this.options.secret ||\n (key === 'privateKey'\n ? (options as JwtSignOptions)?.privateKey || this.options.privateKey\n : (options as JwtVerifyOptions)?.publicKey ||\n this.options.publicKey) ||\n this.options[key]\n\n return secret as GetSecretKeyResult\n }\n}\n","import type { BoundInjectionToken, FactoryInjectionToken } from '@navios/core'\n\nimport { InjectionToken } from '@navios/core'\n\nimport type { JwtServiceOptions } from './options/jwt-service.options.mjs'\n\nimport { JwtService, JwtServiceToken } from './jwt.service.mjs'\nimport { JwtServiceOptionsSchema } from './options/jwt-service.options.mjs'\n\nexport function provideJwtService(\n config: JwtServiceOptions,\n): BoundInjectionToken<JwtService, typeof JwtServiceOptionsSchema>\nexport function provideJwtService(\n config: () => Promise<JwtServiceOptions>,\n): FactoryInjectionToken<JwtService, typeof JwtServiceOptionsSchema>\nexport function provideJwtService(\n config: JwtServiceOptions | (() => Promise<JwtServiceOptions>),\n):\n | BoundInjectionToken<JwtService, typeof JwtServiceOptionsSchema>\n | FactoryInjectionToken<JwtService, typeof JwtServiceOptionsSchema> {\n if (typeof config === 'function') {\n return InjectionToken.factory(JwtServiceToken, config)\n }\n return InjectionToken.bound(JwtServiceToken, config)\n}\n","import jwt from 'jsonwebtoken'\n\nexport * from './options/jwt-service.options.mjs'\nexport * from './jwt.service.mjs'\nexport * from './jwt-service.provider.mjs'\nexport const TokenExpiredError = jwt.TokenExpiredError\nexport const NotBeforeError = jwt.NotBeforeError\nexport const JsonWebTokenError = jwt.JsonWebTokenError\n"]}
1
+ {"version":3,"file":"index.mjs","names":["z","RequestType","AlgorithmType","enum","JwtHeaderSchema","object","alg","or","string","typ","optional","cty","crit","array","kid","jku","x5u","union","x5t","x5c","SignOptionsSchema","algorithm","keyid","expiresIn","number","notBefore","audience","instanceof","RegExp","subject","issuer","jwtid","mutatePayload","boolean","noTimestamp","header","encoding","allowInsecureKeySizes","allowInvalidAsymmetricKeyTypes","VerifyOptionsSchema","algorithms","clockTimestamp","clockTolerance","complete","ignoreExpiration","ignoreNotBefore","nonce","maxAge","SecretSchema","Buffer","type","passthrough","key","passphrase","JwtServiceOptionsSchema","signOptions","secret","publicKey","privateKey","verifyOptions","secretOrKeyProvider","function","input","any","output","promise","inject","Injectable","InjectionToken","Logger","jwt","JwtServiceOptionsSchema","RequestType","JwtServiceToken","create","Symbol","for","token","JwtService","options","logger","context","name","sign","payload","signOptions","mergeJwtOptions","secret","getSecretKey","Sign","Promise","catch","warn","Error","allowedSignOptKeys","signOptKeys","Object","keys","some","k","includes","join","signAsync","resolve","reject","then","scrt","err","encoded","verify","verifyOptions","Verify","verifyAsync","decoded","decode","key","privateKey","publicKey","secretRequestType","secretOrKeyProvider","InjectionToken","JwtServiceToken","provideJwtService","config","factory","bound","jwt","TokenExpiredError","NotBeforeError","JsonWebTokenError"],"sources":["../src/options/jwt-service.options.mts","../src/jwt.service.mts","../src/jwt-service.provider.mts","../src/index.mts"],"sourcesContent":["import type { Secret as JwtSecret } from 'jsonwebtoken'\n\nimport { z } from 'zod/v4'\n\n/**\n * Request type for secret or key provider functions.\n *\n * Used to distinguish between signing and verification operations when\n * dynamically resolving secrets or keys.\n */\nexport enum RequestType {\n /** Request is for signing a token */\n Sign = 'Sign',\n /** Request is for verifying a token */\n Verify = 'Verify',\n}\n\n/**\n * Supported JWT algorithms.\n *\n * Includes symmetric (HMAC) and asymmetric (RSA, ECDSA, EdDSA) algorithms.\n */\nexport const AlgorithmType = z.enum([\n 'HS256',\n 'HS384',\n 'HS512',\n 'RS256',\n 'RS384',\n 'RS512',\n 'ES256',\n 'ES384',\n 'ES512',\n 'PS256',\n 'PS384',\n 'PS512',\n 'none',\n])\n\n/**\n * JWT header schema.\n *\n * Defines the structure of the JWT header with standard claims.\n */\nexport const JwtHeaderSchema = z.object({\n alg: AlgorithmType.or(z.string()),\n typ: z.string().optional(),\n cty: z.string().optional(),\n crit: z.string().array().optional(),\n kid: z.string().optional(),\n jku: z.string().optional(),\n x5u: z.union([z.string(), z.array(z.string())]).optional(),\n 'x5t#S256': z.string().optional(),\n x5t: z.string().optional(),\n x5c: z.union([z.string(), z.array(z.string())]).optional(),\n})\n\n/**\n * JWT header type.\n *\n * Contains algorithm, type, and optional header claims.\n */\nexport type JwtHeader = z.infer<typeof JwtHeaderSchema>\n\n/**\n * Schema for JWT signing options.\n *\n * Defines all available options for signing tokens including algorithm,\n * expiration, audience, issuer, and other standard JWT claims.\n */\nexport const SignOptionsSchema = z.object({\n algorithm: AlgorithmType.optional(),\n keyid: z.string().optional(),\n expiresIn: z.union([z.string(), z.number()]).optional(),\n notBefore: z.union([z.string(), z.number()]).optional(),\n audience: z\n .union([\n z.string(),\n z.instanceof(RegExp),\n z.array(z.union([z.string(), z.instanceof(RegExp)])),\n ])\n .optional(),\n subject: z.string().optional(),\n issuer: z.string().optional(),\n jwtid: z.string().optional(),\n mutatePayload: z.boolean().optional(),\n noTimestamp: z.boolean().optional(),\n header: JwtHeaderSchema.optional(),\n encoding: z.string().optional(),\n allowInsecureKeySizes: z.boolean().optional(),\n allowInvalidAsymmetricKeyTypes: z.boolean().optional(),\n})\n\n/**\n * Options for signing JWT tokens.\n *\n * @see SignOptionsSchema for the complete schema definition\n */\nexport type SignOptions = z.infer<typeof SignOptionsSchema>\n\n/**\n * Schema for JWT verification options.\n *\n * Defines all available options for verifying tokens including allowed\n * algorithms, audience, issuer, expiration handling, and other validation rules.\n */\nexport const VerifyOptionsSchema = z.object({\n algorithms: AlgorithmType.array().optional(),\n audience: z\n .union([\n z.string(),\n z.instanceof(RegExp),\n z.array(z.union([z.string(), z.instanceof(RegExp)])),\n ])\n .optional(),\n clockTimestamp: z.number().optional(),\n clockTolerance: z.number().optional(),\n complete: z.boolean().optional(),\n issuer: z.union([z.string(), z.string().array()]).optional(),\n ignoreExpiration: z.boolean().optional(),\n ignoreNotBefore: z.boolean().optional(),\n jwtid: z.string().optional(),\n nonce: z.string().optional(),\n subject: z.string().optional(),\n maxAge: z.union([z.string(), z.number()]).optional(),\n allowInvalidAsymmetricKeyTypes: z.boolean().optional(),\n})\n\n/**\n * Options for verifying JWT tokens.\n *\n * @see VerifyOptionsSchema for the complete schema definition\n */\nexport type VerifyOptions = z.infer<typeof VerifyOptionsSchema>\n\n/**\n * Schema for JWT secret/key types.\n *\n * Supports string secrets, Buffer objects, and key objects with passphrases.\n */\nexport const SecretSchema = z.union([\n z.string(),\n z.instanceof(Buffer),\n z\n .object({\n type: z.string(),\n })\n .passthrough(),\n z.object({\n key: z.union([z.string(), z.instanceof(Buffer)]),\n passphrase: z.string(),\n }),\n])\n\n/**\n * Secret or key type for JWT operations.\n *\n * Can be a string, Buffer, or an object with key and optional passphrase.\n */\nexport type Secret = z.infer<typeof SecretSchema>\n\nexport const JwtServiceOptionsSchema = z.object({\n signOptions: SignOptionsSchema.optional(),\n secret: z.string().optional(),\n publicKey: z.union([z.string(), z.instanceof(Buffer)]).optional(),\n privateKey: SecretSchema.optional(),\n verifyOptions: VerifyOptionsSchema.optional(),\n secretOrKeyProvider: z\n .function({\n input: [\n z.enum(RequestType),\n z.any(),\n z.union([SignOptionsSchema, VerifyOptionsSchema]).optional(),\n ],\n output: z.union([SecretSchema, z.promise(SecretSchema)]),\n })\n .optional(),\n})\n\n/**\n * Configuration options for the JWT service.\n *\n * @property signOptions - Default options for signing tokens\n * @property secret - Default secret for symmetric algorithms (HS256, HS384, HS512)\n * @property publicKey - Default public key for asymmetric algorithms (RS256, ES256, etc.)\n * @property privateKey - Default private key for asymmetric algorithms\n * @property verifyOptions - Default options for verifying tokens\n * @property secretOrKeyProvider - Optional function to dynamically resolve secrets/keys\n *\n * @example\n * ```ts\n * const options: JwtServiceOptions = {\n * secret: 'your-secret-key',\n * signOptions: {\n * expiresIn: '1h',\n * algorithm: 'HS256',\n * },\n * verifyOptions: {\n * algorithms: ['HS256'],\n * },\n * }\n * ```\n */\nexport type JwtServiceOptions = z.infer<typeof JwtServiceOptionsSchema>\n\n/**\n * Options for signing JWT tokens.\n *\n * Extends `SignOptions` with additional properties for specifying\n * the secret or private key to use for signing.\n *\n * @property secret - Secret key for symmetric algorithms (overrides service default)\n * @property privateKey - Private key for asymmetric algorithms (overrides service default)\n */\nexport interface JwtSignOptions extends SignOptions {\n /** Secret key for symmetric algorithms */\n secret?: string | Buffer\n /** Private key for asymmetric algorithms */\n privateKey?: Secret\n}\n\n/**\n * Options for verifying JWT tokens.\n *\n * Extends `VerifyOptions` with additional properties for specifying\n * the secret or public key to use for verification.\n *\n * @property secret - Secret key for symmetric algorithms (overrides service default)\n * @property publicKey - Public key for asymmetric algorithms (overrides service default)\n */\nexport interface JwtVerifyOptions extends VerifyOptions {\n /** Secret key for symmetric algorithms */\n secret?: string | Buffer\n /** Public key for asymmetric algorithms */\n publicKey?: string | Buffer\n}\n\n/**\n * Result type for secret/key resolution.\n *\n * Represents the possible return types from secret or key provider functions.\n */\nexport type GetSecretKeyResult = string | Buffer | JwtSecret\n","import { inject, Injectable, InjectionToken, Logger } from '@navios/core'\n\nimport jwt from 'jsonwebtoken'\n\nimport type {\n GetSecretKeyResult,\n JwtServiceOptions,\n JwtSignOptions,\n JwtVerifyOptions,\n SignOptions,\n VerifyOptions,\n} from './options/jwt-service.options.mjs'\n\nimport {\n JwtServiceOptionsSchema,\n RequestType,\n} from './options/jwt-service.options.mjs'\n\n/**\n * Injection token for JwtService.\n *\n * Used internally by the dependency injection system to register and resolve JwtService instances.\n */\nexport const JwtServiceToken = InjectionToken.create(\n Symbol.for('JwtService'),\n JwtServiceOptionsSchema,\n)\n\n/**\n * Service for signing, verifying, and decoding JSON Web Tokens (JWTs).\n *\n * This service provides a type-safe wrapper around the `jsonwebtoken` library with\n * seamless integration into Navios's dependency injection system. It supports both\n * symmetric (HS256, HS384, HS512) and asymmetric (RS256, ES256, etc.) algorithms.\n *\n * @example\n * ```ts\n * import { provideJwtService } from '@navios/jwt'\n * import { inject } from '@navios/core'\n *\n * const JwtService = provideJwtService({\n * secret: 'your-secret-key',\n * signOptions: { expiresIn: '1h' },\n * })\n *\n * @Injectable()\n * class AuthService {\n * jwtService = inject(JwtService)\n *\n * async login(userId: string) {\n * const token = this.jwtService.sign({ userId, role: 'user' })\n * return token\n * }\n * }\n * ```\n */\n@Injectable({\n token: JwtServiceToken,\n})\nexport class JwtService {\n logger = inject(Logger, {\n context: JwtService.name,\n })\n\n /**\n * Creates a new JwtService instance.\n *\n * @param options - Configuration options for the JWT service\n */\n constructor(private readonly options: JwtServiceOptions = {}) {}\n\n /**\n * Signs a JWT payload synchronously.\n *\n * When the payload is a string, only `secret` and `privateKey` options are allowed.\n * For object or Buffer payloads, all sign options are available.\n *\n * @param payload - The payload to sign. Can be a string, Buffer, or object.\n * @param options - Signing options. When payload is a string, only `secret` and `privateKey` are allowed.\n * @returns The signed JWT token as a string\n * @throws {Error} If `secretOrKeyProvider` returns a Promise (use `signAsync` instead)\n * @throws {Error} If payload is a string and invalid options are provided\n *\n * @example\n * ```ts\n * // Sign with object payload\n * const token = jwtService.sign(\n * { userId: '123', role: 'admin' },\n * { expiresIn: '1h' }\n * )\n *\n * // Sign with string payload (limited options)\n * const token = jwtService.sign('payload-string', { secret: 'key' })\n * ```\n */\n sign(\n payload: string,\n options?: Omit<JwtSignOptions, keyof SignOptions>,\n ): string\n /**\n * Signs a JWT payload synchronously.\n *\n * @param payload - The payload to sign. Can be a Buffer or object.\n * @param options - Signing options including algorithm, expiration, etc.\n * @returns The signed JWT token as a string\n */\n sign(payload: Buffer | object, options?: JwtSignOptions): string\n sign(\n payload: string | Buffer | object,\n options: JwtSignOptions = {},\n ): string {\n const signOptions = this.mergeJwtOptions(\n { ...options },\n 'signOptions',\n ) as jwt.SignOptions\n const secret = this.getSecretKey(\n payload,\n options,\n 'privateKey',\n RequestType.Sign,\n )\n\n if (secret instanceof Promise) {\n secret.catch(() => {}) // suppress rejection from async provider\n this.logger.warn(\n 'For async version of \"secretOrKeyProvider\", please use \"signAsync\".',\n )\n throw new Error()\n }\n\n const allowedSignOptKeys = ['secret', 'privateKey']\n const signOptKeys = Object.keys(signOptions)\n if (\n typeof payload === 'string' &&\n signOptKeys.some((k) => !allowedSignOptKeys.includes(k))\n ) {\n throw new Error(\n 'Payload as string is not allowed with the following sign options: ' +\n signOptKeys.join(', '),\n )\n }\n\n return jwt.sign(payload, secret, signOptions)\n }\n\n /**\n * Signs a JWT payload asynchronously.\n *\n * Use this method when `secretOrKeyProvider` returns a Promise or when you need\n * to handle async key resolution. Supports the same payload types and options as `sign()`.\n *\n * @param payload - The payload to sign. Can be a string, Buffer, or object.\n * @param options - Signing options. When payload is a string, only `secret` and `privateKey` are allowed.\n * @returns A Promise that resolves to the signed JWT token as a string\n * @throws {Error} If payload is a string and invalid options are provided\n *\n * @example\n * ```ts\n * // Sign with async key provider\n * const token = await jwtService.signAsync(\n * { userId: '123' },\n * { expiresIn: '1h' }\n * )\n * ```\n */\n signAsync(\n payload: string,\n options?: Omit<JwtSignOptions, keyof jwt.SignOptions>,\n ): Promise<string>\n /**\n * Signs a JWT payload asynchronously.\n *\n * @param payload - The payload to sign. Can be a Buffer or object.\n * @param options - Signing options including algorithm, expiration, etc.\n * @returns A Promise that resolves to the signed JWT token as a string\n */\n signAsync(payload: Buffer | object, options?: JwtSignOptions): Promise<string>\n signAsync(\n payload: string | Buffer | object,\n options: JwtSignOptions = {},\n ): Promise<string> {\n const signOptions = this.mergeJwtOptions(\n { ...options },\n 'signOptions',\n ) as jwt.SignOptions\n const secret = this.getSecretKey(\n payload,\n options,\n 'privateKey',\n RequestType.Sign,\n )\n\n const allowedSignOptKeys = ['secret', 'privateKey']\n const signOptKeys = Object.keys(signOptions)\n if (\n typeof payload === 'string' &&\n signOptKeys.some((k) => !allowedSignOptKeys.includes(k))\n ) {\n throw new Error(\n 'Payload as string is not allowed with the following sign options: ' +\n signOptKeys.join(', '),\n )\n }\n\n return new Promise((resolve, reject) =>\n Promise.resolve()\n .then(() => secret)\n .then((scrt: GetSecretKeyResult) => {\n jwt.sign(payload, scrt, signOptions, (err, encoded) =>\n err ? reject(err) : resolve(encoded as string),\n )\n }),\n )\n }\n\n /**\n * Verifies and decodes a JWT token synchronously.\n *\n * This method validates the token's signature, expiration, and other claims\n * according to the provided options. If verification fails, an error is thrown.\n *\n * @template T - The expected type of the decoded payload\n * @param token - The JWT token string to verify\n * @param options - Verification options including algorithms, audience, issuer, etc.\n * @returns The decoded payload as type T\n * @throws {TokenExpiredError} If the token has expired\n * @throws {NotBeforeError} If the token is not yet valid (nbf claim)\n * @throws {JsonWebTokenError} If the token is invalid or malformed\n * @throws {Error} If `secretOrKeyProvider` returns a Promise (use `verifyAsync` instead)\n *\n * @example\n * ```ts\n * try {\n * const payload = jwtService.verify<{ userId: string; role: string }>(token)\n * console.log(payload.userId) // '123'\n * } catch (error) {\n * if (error instanceof TokenExpiredError) {\n * console.error('Token expired')\n * }\n * }\n * ```\n */\n verify<T extends object = any>(\n token: string,\n options: JwtVerifyOptions = {},\n ): T {\n const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions')\n const secret = this.getSecretKey(\n token,\n options,\n 'publicKey',\n RequestType.Verify,\n )\n\n if (secret instanceof Promise) {\n secret.catch(() => {}) // suppress rejection from async provider\n this.logger.warn(\n 'For async version of \"secretOrKeyProvider\", please use \"verifyAsync\".',\n )\n throw new Error()\n }\n\n // @ts-expect-error We check it\n return jwt.verify(token, secret, verifyOptions) as unknown as T\n }\n\n /**\n * Verifies and decodes a JWT token asynchronously.\n *\n * Use this method when `secretOrKeyProvider` returns a Promise or when you need\n * to handle async key resolution. Provides the same validation as `verify()`.\n *\n * @template T - The expected type of the decoded payload\n * @param token - The JWT token string to verify\n * @param options - Verification options including algorithms, audience, issuer, etc.\n * @returns A Promise that resolves to the decoded payload as type T\n * @throws {TokenExpiredError} If the token has expired\n * @throws {NotBeforeError} If the token is not yet valid (nbf claim)\n * @throws {JsonWebTokenError} If the token is invalid or malformed\n *\n * @example\n * ```ts\n * try {\n * const payload = await jwtService.verifyAsync<{ userId: string }>(token)\n * console.log(payload.userId)\n * } catch (error) {\n * if (error instanceof TokenExpiredError) {\n * console.error('Token expired')\n * }\n * }\n * ```\n */\n verifyAsync<T extends object = any>(\n token: string,\n options: JwtVerifyOptions = {},\n ): Promise<T> {\n const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions')\n const secret = this.getSecretKey(\n token,\n options,\n 'publicKey',\n RequestType.Verify,\n )\n\n return new Promise((resolve, reject) =>\n Promise.resolve()\n .then(() => secret)\n .then((scrt: GetSecretKeyResult) => {\n // @ts-expect-error We check it\n jwt.verify(token, scrt, verifyOptions, (err, decoded) =>\n err ? reject(err) : resolve(decoded as T),\n )\n })\n .catch(reject),\n )\n }\n\n /**\n * Decodes a JWT token without verification.\n *\n * This method decodes the token without validating its signature or claims.\n * Use this only when you need to inspect the token contents without verification.\n * For secure token validation, use `verify()` or `verifyAsync()` instead.\n *\n * @template T - The expected type of the decoded payload\n * @param token - The JWT token string to decode\n * @param options - Decode options (complete, json, etc.)\n * @returns The decoded payload as type T, or null if decoding fails\n *\n * @example\n * ```ts\n * // Decode without verification (not recommended for production)\n * const payload = jwtService.decode<{ userId: string }>(token)\n * if (payload) {\n * console.log(payload.userId)\n * }\n * ```\n */\n decode<T = any>(token: string, options?: jwt.DecodeOptions): T {\n return jwt.decode(token, options) as T\n }\n\n private mergeJwtOptions(\n options: JwtVerifyOptions | JwtSignOptions,\n key: 'verifyOptions' | 'signOptions',\n ): VerifyOptions | SignOptions {\n delete options.secret\n if (key === 'signOptions') {\n delete (options as JwtSignOptions).privateKey\n } else {\n delete (options as JwtVerifyOptions).publicKey\n }\n return options\n ? {\n ...this.options[key],\n ...options,\n }\n : // @ts-expect-error We check it\n this.options[key]\n }\n\n private getSecretKey(\n token: string | object | Buffer,\n options: JwtVerifyOptions | JwtSignOptions,\n key: 'publicKey' | 'privateKey',\n secretRequestType: RequestType,\n ): GetSecretKeyResult | Promise<GetSecretKeyResult> {\n const secret = this.options.secretOrKeyProvider\n ? this.options.secretOrKeyProvider(secretRequestType, token, options)\n : options?.secret ||\n this.options.secret ||\n (key === 'privateKey'\n ? (options as JwtSignOptions)?.privateKey || this.options.privateKey\n : (options as JwtVerifyOptions)?.publicKey ||\n this.options.publicKey) ||\n this.options[key]\n\n return secret as GetSecretKeyResult\n }\n}\n","import type { BoundInjectionToken, FactoryInjectionToken } from '@navios/core'\n\nimport { InjectionToken } from '@navios/core'\n\nimport type { JwtServiceOptions } from './options/jwt-service.options.mjs'\n\nimport { JwtService, JwtServiceToken } from './jwt.service.mjs'\nimport { JwtServiceOptionsSchema } from './options/jwt-service.options.mjs'\n\n/**\n * Creates a JWT service provider for dependency injection.\n *\n * This function creates an injection token that can be used to register and resolve\n * `JwtService` instances in the Navios dependency injection container. It supports\n * both static configuration and async factory functions for dynamic configuration.\n *\n * @param config - Static JWT service configuration options\n * @returns A bound injection token that can be used with `inject()` or `syncInject()`\n *\n * @example\n * ```ts\n * // Static configuration\n * const JwtService = provideJwtService({\n * secret: 'your-secret-key',\n * signOptions: { expiresIn: '1h' },\n * })\n *\n * @Injectable()\n * class AuthService {\n * jwtService = inject(JwtService)\n * }\n * ```\n */\nexport function provideJwtService(\n config: JwtServiceOptions,\n): BoundInjectionToken<JwtService, typeof JwtServiceOptionsSchema>\n/**\n * Creates a JWT service provider with async configuration factory.\n *\n * Use this overload when you need to load configuration asynchronously, such as\n * fetching secrets from a configuration service or environment variables.\n *\n * @param config - Async factory function that returns JWT service configuration\n * @returns A factory injection token that resolves configuration asynchronously\n *\n * @example\n * ```ts\n * // Async configuration\n * const JwtService = provideJwtService(async () => {\n * const configService = await inject(ConfigService)\n * return {\n * secret: configService.jwt.secret,\n * signOptions: { expiresIn: configService.jwt.expiresIn },\n * }\n * })\n *\n * @Injectable()\n * class AuthService {\n * jwtService = inject(JwtService)\n * }\n * ```\n */\nexport function provideJwtService(\n config: () => Promise<JwtServiceOptions>,\n): FactoryInjectionToken<JwtService, typeof JwtServiceOptionsSchema>\nexport function provideJwtService(\n config: JwtServiceOptions | (() => Promise<JwtServiceOptions>),\n):\n | BoundInjectionToken<JwtService, typeof JwtServiceOptionsSchema>\n | FactoryInjectionToken<JwtService, typeof JwtServiceOptionsSchema> {\n if (typeof config === 'function') {\n return InjectionToken.factory(JwtServiceToken, config)\n }\n return InjectionToken.bound(JwtServiceToken, config)\n}\n","import jwt from 'jsonwebtoken'\n\nexport * from './options/jwt-service.options.mjs'\nexport * from './jwt.service.mjs'\nexport * from './jwt-service.provider.mjs'\n\n/**\n * Error thrown when a JWT token has expired.\n *\n * This error is thrown by `verify()` and `verifyAsync()` when the token's\n * expiration time (exp claim) has passed.\n *\n * @example\n * ```ts\n * try {\n * jwtService.verify(token)\n * } catch (error) {\n * if (error instanceof TokenExpiredError) {\n * console.error('Token expired at:', error.expiredAt)\n * }\n * }\n * ```\n */\nexport const TokenExpiredError = jwt.TokenExpiredError\n\n/**\n * Error thrown when a JWT token is not yet valid.\n *\n * This error is thrown by `verify()` and `verifyAsync()` when the token's\n * \"not before\" time (nbf claim) is in the future.\n *\n * @example\n * ```ts\n * try {\n * jwtService.verify(token)\n * } catch (error) {\n * if (error instanceof NotBeforeError) {\n * console.error('Token not valid until:', error.date)\n * }\n * }\n * ```\n */\nexport const NotBeforeError = jwt.NotBeforeError\n\n/**\n * Base error class for JWT-related errors.\n *\n * This is the base class for all JWT errors including `TokenExpiredError`\n * and `NotBeforeError`. It's thrown for invalid or malformed tokens.\n *\n * @example\n * ```ts\n * try {\n * jwtService.verify(token)\n * } catch (error) {\n * if (error instanceof JsonWebTokenError) {\n * console.error('JWT error:', error.message)\n * }\n * }\n * ```\n */\nexport const JsonWebTokenError = jwt.JsonWebTokenError\n"],"mappings":";;;;;;;;;;GAUA,IAAO,cAAKC,yBAAAA,eAAAA;sCACyB,eAAA,UAAA;wCAEE,eAAA,YAAA;QAH3BA;;;;;;GAYZ,MAAaC,gBAAgBF,EAAEG,KAAK;CAClC;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAA;;;;;GAOD,MAAaC,kBAAkBJ,EAAEK,OAAO;CACtCC,KAAKJ,cAAcK,GAAGP,EAAEQ,QAAM,CAAA;CAC9BC,KAAKT,EAAEQ,QAAM,CAAGE,UAAQ;CACxBC,KAAKX,EAAEQ,QAAM,CAAGE,UAAQ;CACxBE,MAAMZ,EAAEQ,QAAM,CAAGK,OAAK,CAAGH,UAAQ;CACjCI,KAAKd,EAAEQ,QAAM,CAAGE,UAAQ;CACxBK,KAAKf,EAAEQ,QAAM,CAAGE,UAAQ;CACxBM,KAAKhB,EAAEiB,MAAM,CAACjB,EAAEQ,QAAM,EAAIR,EAAEa,MAAMb,EAAEQ,QAAM,CAAA,CAAI,CAAA,CAAEE,UAAQ;CACxD,YAAYV,EAAEQ,QAAM,CAAGE,UAAQ;CAC/BQ,KAAKlB,EAAEQ,QAAM,CAAGE,UAAQ;CACxBS,KAAKnB,EAAEiB,MAAM,CAACjB,EAAEQ,QAAM,EAAIR,EAAEa,MAAMb,EAAEQ,QAAM,CAAA,CAAI,CAAA,CAAEE,UAAQ;CAC1D,CAAA;;;;;;GAeA,MAAaU,oBAAoBpB,EAAEK,OAAO;CACxCgB,WAAWnB,cAAcQ,UAAQ;CACjCY,OAAOtB,EAAEQ,QAAM,CAAGE,UAAQ;CAC1Ba,WAAWvB,EAAEiB,MAAM,CAACjB,EAAEQ,QAAM,EAAIR,EAAEwB,QAAM,CAAG,CAAA,CAAEd,UAAQ;CACrDe,WAAWzB,EAAEiB,MAAM,CAACjB,EAAEQ,QAAM,EAAIR,EAAEwB,QAAM,CAAG,CAAA,CAAEd,UAAQ;CACrDgB,UAAU1B,EACPiB,MAAM;EACLjB,EAAEQ,QAAM;EACRR,EAAE2B,WAAWC,OAAAA;EACb5B,EAAEa,MAAMb,EAAEiB,MAAM,CAACjB,EAAEQ,QAAM,EAAIR,EAAE2B,WAAWC,OAAAA,CAAQ,CAAA,CAAA;EACnD,CAAA,CACAlB,UAAQ;CACXmB,SAAS7B,EAAEQ,QAAM,CAAGE,UAAQ;CAC5BoB,QAAQ9B,EAAEQ,QAAM,CAAGE,UAAQ;CAC3BqB,OAAO/B,EAAEQ,QAAM,CAAGE,UAAQ;CAC1BsB,eAAehC,EAAEiC,SAAO,CAAGvB,UAAQ;CACnCwB,aAAalC,EAAEiC,SAAO,CAAGvB,UAAQ;CACjCyB,QAAQ/B,gBAAgBM,UAAQ;CAChC0B,UAAUpC,EAAEQ,QAAM,CAAGE,UAAQ;CAC7B2B,uBAAuBrC,EAAEiC,SAAO,CAAGvB,UAAQ;CAC3C4B,gCAAgCtC,EAAEiC,SAAO,CAAGvB,UAAQ;CACtD,CAAA;;;;;;GAeA,MAAa6B,sBAAsBvC,EAAEK,OAAO;CAC1CmC,YAAYtC,cAAcW,OAAK,CAAGH,UAAQ;CAC1CgB,UAAU1B,EACPiB,MAAM;EACLjB,EAAEQ,QAAM;EACRR,EAAE2B,WAAWC,OAAAA;EACb5B,EAAEa,MAAMb,EAAEiB,MAAM,CAACjB,EAAEQ,QAAM,EAAIR,EAAE2B,WAAWC,OAAAA,CAAQ,CAAA,CAAA;EACnD,CAAA,CACAlB,UAAQ;CACX+B,gBAAgBzC,EAAEwB,QAAM,CAAGd,UAAQ;CACnCgC,gBAAgB1C,EAAEwB,QAAM,CAAGd,UAAQ;CACnCiC,UAAU3C,EAAEiC,SAAO,CAAGvB,UAAQ;CAC9BoB,QAAQ9B,EAAEiB,MAAM,CAACjB,EAAEQ,QAAM,EAAIR,EAAEQ,QAAM,CAAGK,OAAK,CAAG,CAAA,CAAEH,UAAQ;CAC1DkC,kBAAkB5C,EAAEiC,SAAO,CAAGvB,UAAQ;CACtCmC,iBAAiB7C,EAAEiC,SAAO,CAAGvB,UAAQ;CACrCqB,OAAO/B,EAAEQ,QAAM,CAAGE,UAAQ;CAC1BoC,OAAO9C,EAAEQ,QAAM,CAAGE,UAAQ;CAC1BmB,SAAS7B,EAAEQ,QAAM,CAAGE,UAAQ;CAC5BqC,QAAQ/C,EAAEiB,MAAM,CAACjB,EAAEQ,QAAM,EAAIR,EAAEwB,QAAM,CAAG,CAAA,CAAEd,UAAQ;CAClD4B,gCAAgCtC,EAAEiC,SAAO,CAAGvB,UAAQ;CACtD,CAAA;;;;;GAcA,MAAasC,eAAehD,EAAEiB,MAAM;CAClCjB,EAAEQ,QAAM;CACRR,EAAE2B,WAAWsB,OAAAA;CACbjD,EACGK,OAAO,EACN6C,MAAMlD,EAAEQ,QAAM,EAChB,CAAA,CACC2C,aAAW;CACdnD,EAAEK,OAAO;EACP+C,KAAKpD,EAAEiB,MAAM,CAACjB,EAAEQ,QAAM,EAAIR,EAAE2B,WAAWsB,OAAAA,CAAQ,CAAA;EAC/CI,YAAYrD,EAAEQ,QAAM;EACtB,CAAA;CACD,CAAA;AASD,MAAa8C,0BAA0BtD,EAAEK,OAAO;CAC9CkD,aAAanC,kBAAkBV,UAAQ;CACvC8C,QAAQxD,EAAEQ,QAAM,CAAGE,UAAQ;CAC3B+C,WAAWzD,EAAEiB,MAAM,CAACjB,EAAEQ,QAAM,EAAIR,EAAE2B,WAAWsB,OAAAA,CAAQ,CAAA,CAAEvC,UAAQ;CAC/DgD,YAAYV,aAAatC,UAAQ;CACjCiD,eAAepB,oBAAoB7B,UAAQ;CAC3CkD,qBAAqB5D,EAClB6D,SAAS;EACRC,OAAO;GACL9D,EAAEG,KAAKF,YAAAA;GACPD,EAAE+D,KAAG;GACL/D,EAAEiB,MAAM,CAACG,mBAAmBmB,oBAAoB,CAAA,CAAE7B,UAAQ;GAC3D;EACDsD,QAAQhE,EAAEiB,MAAM,CAAC+B,cAAchD,EAAEiE,QAAQjB,aAAAA,CAAc,CAAA;EACzD,CAAA,CACCtC,UAAQ;CACb,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GCzJA,MAAa+D,kBAAkBL,eAAeM,OAC5CC,OAAOC,IAAI,aAAA,EACXL,wBAAAA;;OA+BDJ,WAAW,EACVU,OAAOJ,iBACT,CAAA;AACO,IAAMK,aAAN,MAAMA;;;;;;;;;IAUX,YAAY,UAA8C,EAAE,EAAE;OAAjCC,UAAAA;;CAT7BC,SAASd,OAAOG,QAAQ,EACtBY,SAASH,YAAWI,MACtB,CAAA;CA6CAC,KACEC,SACAL,UAA0B,EAAE,EACpB;EACR,MAAMM,cAAc,KAAKC,gBACvB,EAAE,GAAGP,SAAQ,EACb,cAAA;EAEF,MAAMQ,SAAS,KAAKC,aAClBJ,SACAL,SACA,cACAP,YAAYiB,KAAI;AAGlB,MAAIF,kBAAkBG,SAAS;AAC7BH,UAAOI,YAAM,GAAO;AACpB,QAAKX,OAAOY,KACV,0EAAA;AAEF,SAAM,IAAIC,OAAAA;;EAGZ,MAAMC,qBAAqB,CAAC,UAAU,aAAa;EACnD,MAAMC,cAAcC,OAAOC,KAAKZ,YAAAA;AAChC,MACE,OAAOD,YAAY,YACnBW,YAAYG,MAAMC,MAAM,CAACL,mBAAmBM,SAASD,EAAAA,CAAAA,CAErD,OAAM,IAAIN,MACR,uEACEE,YAAYM,KAAK,KAAA,CAAA;AAIvB,SAAO/B,IAAIa,KAAKC,SAASG,QAAQF,YAAAA;;CAmCnCiB,UACElB,SACAL,UAA0B,EAAE,EACX;EACjB,MAAMM,cAAc,KAAKC,gBACvB,EAAE,GAAGP,SAAQ,EACb,cAAA;EAEF,MAAMQ,SAAS,KAAKC,aAClBJ,SACAL,SACA,cACAP,YAAYiB,KAAI;EAGlB,MAAMK,qBAAqB,CAAC,UAAU,aAAa;EACnD,MAAMC,cAAcC,OAAOC,KAAKZ,YAAAA;AAChC,MACE,OAAOD,YAAY,YACnBW,YAAYG,MAAMC,MAAM,CAACL,mBAAmBM,SAASD,EAAAA,CAAAA,CAErD,OAAM,IAAIN,MACR,uEACEE,YAAYM,KAAK,KAAA,CAAA;AAIvB,SAAO,IAAIX,SAASa,SAASC,WAC3Bd,QAAQa,SAAO,CACZE,WAAWlB,OAAAA,CACXkB,MAAMC,SAAAA;AACLpC,OAAIa,KAAKC,SAASsB,MAAMrB,cAAcsB,KAAKC,YACzCD,MAAMH,OAAOG,IAAAA,GAAOJ,QAAQK,QAAAA,CAAAA;IAEhC,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA+BNC,OACEhC,OACAE,UAA4B,EAAE,EAC3B;EACH,MAAM+B,gBAAgB,KAAKxB,gBAAgB,EAAE,GAAGP,SAAQ,EAAG,gBAAA;EAC3D,MAAMQ,SAAS,KAAKC,aAClBX,OACAE,SACA,aACAP,YAAYuC,OAAM;AAGpB,MAAIxB,kBAAkBG,SAAS;AAC7BH,UAAOI,YAAM,GAAO;AACpB,QAAKX,OAAOY,KACV,4EAAA;AAEF,SAAM,IAAIC,OAAAA;;AAIZ,SAAOvB,IAAIuC,OAAOhC,OAAOU,QAAQuB,cAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;IA6BnCE,YACEnC,OACAE,UAA4B,EAAE,EAClB;EACZ,MAAM+B,gBAAgB,KAAKxB,gBAAgB,EAAE,GAAGP,SAAQ,EAAG,gBAAA;EAC3D,MAAMQ,SAAS,KAAKC,aAClBX,OACAE,SACA,aACAP,YAAYuC,OAAM;AAGpB,SAAO,IAAIrB,SAASa,SAASC,WAC3Bd,QAAQa,SAAO,CACZE,WAAWlB,OAAAA,CACXkB,MAAMC,SAAAA;AAELpC,OAAIuC,OAAOhC,OAAO6B,MAAMI,gBAAgBH,KAAKM,YAC3CN,MAAMH,OAAOG,IAAAA,GAAOJ,QAAQU,QAAAA,CAAAA;IAEhC,CACCtB,MAAMa,OAAAA,CAAAA;;;;;;;;;;;;;;;;;;;;;;IAyBbU,OAAgBrC,OAAeE,SAAgC;AAC7D,SAAOT,IAAI4C,OAAOrC,OAAOE,QAAAA;;CAGnBO,gBACNP,SACAoC,KAC6B;AAC7B,SAAOpC,QAAQQ;AACf,MAAI4B,QAAQ,cACV,QAAO,QAA4BC;MAEnC,QAAO,QAA8BC;AAEvC,SAAOtC,UACH;GACE,GAAG,KAAKA,QAAQoC;GAChB,GAAGpC;GACL,GAEA,KAAKA,QAAQoC;;CAGX3B,aACNX,OACAE,SACAoC,KACAG,mBACkD;AAWlD,SAVe,KAAKvC,QAAQwC,sBACxB,KAAKxC,QAAQwC,oBAAoBD,mBAAmBzC,OAAOE,QAAAA,GAC3DA,SAASQ,UACT,KAAKR,QAAQQ,WACZ4B,QAAQ,eACL,SAA6BC,cAAc,KAAKrC,QAAQqC,aACxD,SAA+BC,aAC/B,KAAKtC,QAAQsC,cACjB,KAAKtC,QAAQoC;;;;;;;;;ACtTrB,SAAgBO,kBACdC,QAA8D;AAI9D,KAAI,OAAOA,WAAW,WACpB,QAAOH,eAAeI,QAAQH,iBAAiBE,OAAAA;AAEjD,QAAOH,eAAeK,MAAMJ,iBAAiBE,OAAAA;;;;;;;;;;;;;;;;;;;;;GClD/C,MAAaI,oBAAoBD,IAAIC;;;;;;;;;;;;;;;;;GAmBrC,MAAaC,iBAAiBF,IAAIE;;;;;;;;;;;;;;;;;GAmBlC,MAAaC,oBAAoBH,IAAIG"}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@navios/jwt",
3
3
  "description": "JWT authentication and authorization for Navios",
4
- "version": "0.5.0",
4
+ "version": "0.7.0",
5
5
  "author": {
6
6
  "name": "Oleksandr Hanzha",
7
7
  "email": "alex@granted.name"
@@ -13,7 +13,7 @@
13
13
  },
14
14
  "license": "MIT",
15
15
  "peerDependencies": {
16
- "@navios/core": "^0.5.0",
16
+ "@navios/core": "^0.7.0",
17
17
  "zod": "^3.25.0 || ^4.0.0"
18
18
  },
19
19
  "typings": "./lib/index.d.mts",
@@ -32,11 +32,11 @@
32
32
  }
33
33
  },
34
34
  "devDependencies": {
35
- "@navios/core": "^0.5.0",
35
+ "@navios/core": "^0.7.0",
36
36
  "@types/jsonwebtoken": "^9.0.10",
37
- "zod": "^4.1.8"
37
+ "zod": "^4.1.13"
38
38
  },
39
39
  "dependencies": {
40
- "jsonwebtoken": "^9.0.2"
40
+ "jsonwebtoken": "^9.0.3"
41
41
  }
42
42
  }
package/project.json CHANGED
@@ -33,11 +33,11 @@
33
33
  },
34
34
  "build": {
35
35
  "executor": "nx:run-commands",
36
- "inputs": ["projectSources"],
36
+ "inputs": ["projectSources", "{projectRoot}/tsdown.config.mts"],
37
37
  "outputs": ["{projectRoot}/lib"],
38
38
  "dependsOn": ["check", "lint"],
39
39
  "options": {
40
- "command": "tsup",
40
+ "command": "tsdown",
41
41
  "cwd": "packages/jwt"
42
42
  }
43
43
  },
package/src/index.mts CHANGED
@@ -3,6 +3,60 @@ import jwt from 'jsonwebtoken'
3
3
  export * from './options/jwt-service.options.mjs'
4
4
  export * from './jwt.service.mjs'
5
5
  export * from './jwt-service.provider.mjs'
6
+
7
+ /**
8
+ * Error thrown when a JWT token has expired.
9
+ *
10
+ * This error is thrown by `verify()` and `verifyAsync()` when the token's
11
+ * expiration time (exp claim) has passed.
12
+ *
13
+ * @example
14
+ * ```ts
15
+ * try {
16
+ * jwtService.verify(token)
17
+ * } catch (error) {
18
+ * if (error instanceof TokenExpiredError) {
19
+ * console.error('Token expired at:', error.expiredAt)
20
+ * }
21
+ * }
22
+ * ```
23
+ */
6
24
  export const TokenExpiredError = jwt.TokenExpiredError
25
+
26
+ /**
27
+ * Error thrown when a JWT token is not yet valid.
28
+ *
29
+ * This error is thrown by `verify()` and `verifyAsync()` when the token's
30
+ * "not before" time (nbf claim) is in the future.
31
+ *
32
+ * @example
33
+ * ```ts
34
+ * try {
35
+ * jwtService.verify(token)
36
+ * } catch (error) {
37
+ * if (error instanceof NotBeforeError) {
38
+ * console.error('Token not valid until:', error.date)
39
+ * }
40
+ * }
41
+ * ```
42
+ */
7
43
  export const NotBeforeError = jwt.NotBeforeError
44
+
45
+ /**
46
+ * Base error class for JWT-related errors.
47
+ *
48
+ * This is the base class for all JWT errors including `TokenExpiredError`
49
+ * and `NotBeforeError`. It's thrown for invalid or malformed tokens.
50
+ *
51
+ * @example
52
+ * ```ts
53
+ * try {
54
+ * jwtService.verify(token)
55
+ * } catch (error) {
56
+ * if (error instanceof JsonWebTokenError) {
57
+ * console.error('JWT error:', error.message)
58
+ * }
59
+ * }
60
+ * ```
61
+ */
8
62
  export const JsonWebTokenError = jwt.JsonWebTokenError
package/src/jwt-service.provider.mts CHANGED
@@ -7,9 +7,59 @@ import type { JwtServiceOptions } from './options/jwt-service.options.mjs'
7
7
  import { JwtService, JwtServiceToken } from './jwt.service.mjs'
8
8
  import { JwtServiceOptionsSchema } from './options/jwt-service.options.mjs'
9
9
 
10
+ /**
11
+ * Creates a JWT service provider for dependency injection.
12
+ *
13
+ * This function creates an injection token that can be used to register and resolve
14
+ * `JwtService` instances in the Navios dependency injection container. It supports
15
+ * both static configuration and async factory functions for dynamic configuration.
16
+ *
17
+ * @param config - Static JWT service configuration options
18
+ * @returns A bound injection token that can be used with `inject()` or `syncInject()`
19
+ *
20
+ * @example
21
+ * ```ts
22
+ * // Static configuration
23
+ * const JwtService = provideJwtService({
24
+ * secret: 'your-secret-key',
25
+ * signOptions: { expiresIn: '1h' },
26
+ * })
27
+ *
28
+ * @Injectable()
29
+ * class AuthService {
30
+ * jwtService = inject(JwtService)
31
+ * }
32
+ * ```
33
+ */
10
34
  export function provideJwtService(
11
35
  config: JwtServiceOptions,
12
36
  ): BoundInjectionToken<JwtService, typeof JwtServiceOptionsSchema>
37
+ /**
38
+ * Creates a JWT service provider with async configuration factory.
39
+ *
40
+ * Use this overload when you need to load configuration asynchronously, such as
41
+ * fetching secrets from a configuration service or environment variables.
42
+ *
43
+ * @param config - Async factory function that returns JWT service configuration
44
+ * @returns A factory injection token that resolves configuration asynchronously
45
+ *
46
+ * @example
47
+ * ```ts
48
+ * // Async configuration
49
+ * const JwtService = provideJwtService(async () => {
50
+ * const configService = await inject(ConfigService)
51
+ * return {
52
+ * secret: configService.jwt.secret,
53
+ * signOptions: { expiresIn: configService.jwt.expiresIn },
54
+ * }
55
+ * })
56
+ *
57
+ * @Injectable()
58
+ * class AuthService {
59
+ * jwtService = inject(JwtService)
60
+ * }
61
+ * ```
62
+ */
13
63
  export function provideJwtService(
14
64
  config: () => Promise<JwtServiceOptions>,
15
65
  ): FactoryInjectionToken<JwtService, typeof JwtServiceOptionsSchema>
package/src/jwt.service.mts CHANGED
@@ -16,11 +16,44 @@ import {
16
16
  RequestType,
17
17
  } from './options/jwt-service.options.mjs'
18
18
 
19
+ /**
20
+ * Injection token for JwtService.
21
+ *
22
+ * Used internally by the dependency injection system to register and resolve JwtService instances.
23
+ */
19
24
  export const JwtServiceToken = InjectionToken.create(
20
25
  Symbol.for('JwtService'),
21
26
  JwtServiceOptionsSchema,
22
27
  )
23
28
 
29
+ /**
30
+ * Service for signing, verifying, and decoding JSON Web Tokens (JWTs).
31
+ *
32
+ * This service provides a type-safe wrapper around the `jsonwebtoken` library with
33
+ * seamless integration into Navios's dependency injection system. It supports both
34
+ * symmetric (HS256, HS384, HS512) and asymmetric (RS256, ES256, etc.) algorithms.
35
+ *
36
+ * @example
37
+ * ```ts
38
+ * import { provideJwtService } from '@navios/jwt'
39
+ * import { inject } from '@navios/core'
40
+ *
41
+ * const JwtService = provideJwtService({
42
+ * secret: 'your-secret-key',
43
+ * signOptions: { expiresIn: '1h' },
44
+ * })
45
+ *
46
+ * @Injectable()
47
+ * class AuthService {
48
+ * jwtService = inject(JwtService)
49
+ *
50
+ * async login(userId: string) {
51
+ * const token = this.jwtService.sign({ userId, role: 'user' })
52
+ * return token
53
+ * }
54
+ * }
55
+ * ```
56
+ */
24
57
  @Injectable({
25
58
  token: JwtServiceToken,
26
59
  })
@@ -29,12 +62,48 @@ export class JwtService {
29
62
  context: JwtService.name,
30
63
  })
31
64
 
65
+ /**
66
+ * Creates a new JwtService instance.
67
+ *
68
+ * @param options - Configuration options for the JWT service
69
+ */
32
70
  constructor(private readonly options: JwtServiceOptions = {}) {}
33
71
 
72
+ /**
73
+ * Signs a JWT payload synchronously.
74
+ *
75
+ * When the payload is a string, only `secret` and `privateKey` options are allowed.
76
+ * For object or Buffer payloads, all sign options are available.
77
+ *
78
+ * @param payload - The payload to sign. Can be a string, Buffer, or object.
79
+ * @param options - Signing options. When payload is a string, only `secret` and `privateKey` are allowed.
80
+ * @returns The signed JWT token as a string
81
+ * @throws {Error} If `secretOrKeyProvider` returns a Promise (use `signAsync` instead)
82
+ * @throws {Error} If payload is a string and invalid options are provided
83
+ *
84
+ * @example
85
+ * ```ts
86
+ * // Sign with object payload
87
+ * const token = jwtService.sign(
88
+ * { userId: '123', role: 'admin' },
89
+ * { expiresIn: '1h' }
90
+ * )
91
+ *
92
+ * // Sign with string payload (limited options)
93
+ * const token = jwtService.sign('payload-string', { secret: 'key' })
94
+ * ```
95
+ */
34
96
  sign(
35
97
  payload: string,
36
98
  options?: Omit<JwtSignOptions, keyof SignOptions>,
37
99
  ): string
100
+ /**
101
+ * Signs a JWT payload synchronously.
102
+ *
103
+ * @param payload - The payload to sign. Can be a Buffer or object.
104
+ * @param options - Signing options including algorithm, expiration, etc.
105
+ * @returns The signed JWT token as a string
106
+ */
38
107
  sign(payload: Buffer | object, options?: JwtSignOptions): string
39
108
  sign(
40
109
  payload: string | Buffer | object,
@@ -74,10 +143,37 @@ export class JwtService {
74
143
  return jwt.sign(payload, secret, signOptions)
75
144
  }
76
145
 
146
+ /**
147
+ * Signs a JWT payload asynchronously.
148
+ *
149
+ * Use this method when `secretOrKeyProvider` returns a Promise or when you need
150
+ * to handle async key resolution. Supports the same payload types and options as `sign()`.
151
+ *
152
+ * @param payload - The payload to sign. Can be a string, Buffer, or object.
153
+ * @param options - Signing options. When payload is a string, only `secret` and `privateKey` are allowed.
154
+ * @returns A Promise that resolves to the signed JWT token as a string
155
+ * @throws {Error} If payload is a string and invalid options are provided
156
+ *
157
+ * @example
158
+ * ```ts
159
+ * // Sign with async key provider
160
+ * const token = await jwtService.signAsync(
161
+ * { userId: '123' },
162
+ * { expiresIn: '1h' }
163
+ * )
164
+ * ```
165
+ */
77
166
  signAsync(
78
167
  payload: string,
79
168
  options?: Omit<JwtSignOptions, keyof jwt.SignOptions>,
80
169
  ): Promise<string>
170
+ /**
171
+ * Signs a JWT payload asynchronously.
172
+ *
173
+ * @param payload - The payload to sign. Can be a Buffer or object.
174
+ * @param options - Signing options including algorithm, expiration, etc.
175
+ * @returns A Promise that resolves to the signed JWT token as a string
176
+ */
81
177
  signAsync(payload: Buffer | object, options?: JwtSignOptions): Promise<string>
82
178
  signAsync(
83
179
  payload: string | Buffer | object,
@@ -117,6 +213,33 @@ export class JwtService {
117
213
  )
118
214
  }
119
215
 
216
+ /**
217
+ * Verifies and decodes a JWT token synchronously.
218
+ *
219
+ * This method validates the token's signature, expiration, and other claims
220
+ * according to the provided options. If verification fails, an error is thrown.
221
+ *
222
+ * @template T - The expected type of the decoded payload
223
+ * @param token - The JWT token string to verify
224
+ * @param options - Verification options including algorithms, audience, issuer, etc.
225
+ * @returns The decoded payload as type T
226
+ * @throws {TokenExpiredError} If the token has expired
227
+ * @throws {NotBeforeError} If the token is not yet valid (nbf claim)
228
+ * @throws {JsonWebTokenError} If the token is invalid or malformed
229
+ * @throws {Error} If `secretOrKeyProvider` returns a Promise (use `verifyAsync` instead)
230
+ *
231
+ * @example
232
+ * ```ts
233
+ * try {
234
+ * const payload = jwtService.verify<{ userId: string; role: string }>(token)
235
+ * console.log(payload.userId) // '123'
236
+ * } catch (error) {
237
+ * if (error instanceof TokenExpiredError) {
238
+ * console.error('Token expired')
239
+ * }
240
+ * }
241
+ * ```
242
+ */
120
243
  verify<T extends object = any>(
121
244
  token: string,
122
245
  options: JwtVerifyOptions = {},
@@ -141,6 +264,32 @@ export class JwtService {
141
264
  return jwt.verify(token, secret, verifyOptions) as unknown as T
142
265
  }
143
266
 
267
+ /**
268
+ * Verifies and decodes a JWT token asynchronously.
269
+ *
270
+ * Use this method when `secretOrKeyProvider` returns a Promise or when you need
271
+ * to handle async key resolution. Provides the same validation as `verify()`.
272
+ *
273
+ * @template T - The expected type of the decoded payload
274
+ * @param token - The JWT token string to verify
275
+ * @param options - Verification options including algorithms, audience, issuer, etc.
276
+ * @returns A Promise that resolves to the decoded payload as type T
277
+ * @throws {TokenExpiredError} If the token has expired
278
+ * @throws {NotBeforeError} If the token is not yet valid (nbf claim)
279
+ * @throws {JsonWebTokenError} If the token is invalid or malformed
280
+ *
281
+ * @example
282
+ * ```ts
283
+ * try {
284
+ * const payload = await jwtService.verifyAsync<{ userId: string }>(token)
285
+ * console.log(payload.userId)
286
+ * } catch (error) {
287
+ * if (error instanceof TokenExpiredError) {
288
+ * console.error('Token expired')
289
+ * }
290
+ * }
291
+ * ```
292
+ */
144
293
  verifyAsync<T extends object = any>(
145
294
  token: string,
146
295
  options: JwtVerifyOptions = {},
@@ -166,6 +315,27 @@ export class JwtService {
166
315
  )
167
316
  }
168
317
 
318
+ /**
319
+ * Decodes a JWT token without verification.
320
+ *
321
+ * This method decodes the token without validating its signature or claims.
322
+ * Use this only when you need to inspect the token contents without verification.
323
+ * For secure token validation, use `verify()` or `verifyAsync()` instead.
324
+ *
325
+ * @template T - The expected type of the decoded payload
326
+ * @param token - The JWT token string to decode
327
+ * @param options - Decode options (complete, json, etc.)
328
+ * @returns The decoded payload as type T, or null if decoding fails
329
+ *
330
+ * @example
331
+ * ```ts
332
+ * // Decode without verification (not recommended for production)
333
+ * const payload = jwtService.decode<{ userId: string }>(token)
334
+ * if (payload) {
335
+ * console.log(payload.userId)
336
+ * }
337
+ * ```
338
+ */
169
339
  decode<T = any>(token: string, options?: jwt.DecodeOptions): T {
170
340
  return jwt.decode(token, options) as T
171
341
  }