@navios/jwt 0.5.0 → 0.7.0

package/lib/index.cjs

@@ -0,0 +1,668 @@
+//#region rolldown:runtime
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+	if (from && typeof from === "object" || typeof from === "function") {
+		for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
+			key = keys[i];
+			if (!__hasOwnProp.call(to, key) && key !== except) {
+				__defProp(to, key, {
+					get: ((k) => from[k]).bind(null, key),
+					enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+				});
+			}
+		}
+	}
+	return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", {
+	value: mod,
+	enumerable: true
+}) : target, mod));
+
+//#endregion
+let jsonwebtoken = require("jsonwebtoken");
+jsonwebtoken = __toESM(jsonwebtoken);
+let zod_v4 = require("zod/v4");
+let __navios_core = require("@navios/core");
+
+//#region src/options/jwt-service.options.mts
+/**
+* Request type for secret or key provider functions.
+*
+* Used to distinguish between signing and verification operations when
+* dynamically resolving secrets or keys.
+*/ var RequestType = /* @__PURE__ */ function(RequestType$1) {
+	/** Request is for signing a token */ RequestType$1["Sign"] = "Sign";
+	/** Request is for verifying a token */ RequestType$1["Verify"] = "Verify";
+	return RequestType$1;
+}({});
+/**
+* Supported JWT algorithms.
+*
+* Includes symmetric (HMAC) and asymmetric (RSA, ECDSA, EdDSA) algorithms.
+*/ const AlgorithmType = zod_v4.z.enum([
+	"HS256",
+	"HS384",
+	"HS512",
+	"RS256",
+	"RS384",
+	"RS512",
+	"ES256",
+	"ES384",
+	"ES512",
+	"PS256",
+	"PS384",
+	"PS512",
+	"none"
+]);
+/**
+* JWT header schema.
+*
+* Defines the structure of the JWT header with standard claims.
+*/ const JwtHeaderSchema = zod_v4.z.object({
+	alg: AlgorithmType.or(zod_v4.z.string()),
+	typ: zod_v4.z.string().optional(),
+	cty: zod_v4.z.string().optional(),
+	crit: zod_v4.z.string().array().optional(),
+	kid: zod_v4.z.string().optional(),
+	jku: zod_v4.z.string().optional(),
+	x5u: zod_v4.z.union([zod_v4.z.string(), zod_v4.z.array(zod_v4.z.string())]).optional(),
+	"x5t#S256": zod_v4.z.string().optional(),
+	x5t: zod_v4.z.string().optional(),
+	x5c: zod_v4.z.union([zod_v4.z.string(), zod_v4.z.array(zod_v4.z.string())]).optional()
+});
+/**
+* Schema for JWT signing options.
+*
+* Defines all available options for signing tokens including algorithm,
+* expiration, audience, issuer, and other standard JWT claims.
+*/ const SignOptionsSchema = zod_v4.z.object({
+	algorithm: AlgorithmType.optional(),
+	keyid: zod_v4.z.string().optional(),
+	expiresIn: zod_v4.z.union([zod_v4.z.string(), zod_v4.z.number()]).optional(),
+	notBefore: zod_v4.z.union([zod_v4.z.string(), zod_v4.z.number()]).optional(),
+	audience: zod_v4.z.union([
+		zod_v4.z.string(),
+		zod_v4.z.instanceof(RegExp),
+		zod_v4.z.array(zod_v4.z.union([zod_v4.z.string(), zod_v4.z.instanceof(RegExp)]))
+	]).optional(),
+	subject: zod_v4.z.string().optional(),
+	issuer: zod_v4.z.string().optional(),
+	jwtid: zod_v4.z.string().optional(),
+	mutatePayload: zod_v4.z.boolean().optional(),
+	noTimestamp: zod_v4.z.boolean().optional(),
+	header: JwtHeaderSchema.optional(),
+	encoding: zod_v4.z.string().optional(),
+	allowInsecureKeySizes: zod_v4.z.boolean().optional(),
+	allowInvalidAsymmetricKeyTypes: zod_v4.z.boolean().optional()
+});
+/**
+* Schema for JWT verification options.
+*
+* Defines all available options for verifying tokens including allowed
+* algorithms, audience, issuer, expiration handling, and other validation rules.
+*/ const VerifyOptionsSchema = zod_v4.z.object({
+	algorithms: AlgorithmType.array().optional(),
+	audience: zod_v4.z.union([
+		zod_v4.z.string(),
+		zod_v4.z.instanceof(RegExp),
+		zod_v4.z.array(zod_v4.z.union([zod_v4.z.string(), zod_v4.z.instanceof(RegExp)]))
+	]).optional(),
+	clockTimestamp: zod_v4.z.number().optional(),
+	clockTolerance: zod_v4.z.number().optional(),
+	complete: zod_v4.z.boolean().optional(),
+	issuer: zod_v4.z.union([zod_v4.z.string(), zod_v4.z.string().array()]).optional(),
+	ignoreExpiration: zod_v4.z.boolean().optional(),
+	ignoreNotBefore: zod_v4.z.boolean().optional(),
+	jwtid: zod_v4.z.string().optional(),
+	nonce: zod_v4.z.string().optional(),
+	subject: zod_v4.z.string().optional(),
+	maxAge: zod_v4.z.union([zod_v4.z.string(), zod_v4.z.number()]).optional(),
+	allowInvalidAsymmetricKeyTypes: zod_v4.z.boolean().optional()
+});
+/**
+* Schema for JWT secret/key types.
+*
+* Supports string secrets, Buffer objects, and key objects with passphrases.
+*/ const SecretSchema = zod_v4.z.union([
+	zod_v4.z.string(),
+	zod_v4.z.instanceof(Buffer),
+	zod_v4.z.object({ type: zod_v4.z.string() }).passthrough(),
+	zod_v4.z.object({
+		key: zod_v4.z.union([zod_v4.z.string(), zod_v4.z.instanceof(Buffer)]),
+		passphrase: zod_v4.z.string()
+	})
+]);
+const JwtServiceOptionsSchema = zod_v4.z.object({
+	signOptions: SignOptionsSchema.optional(),
+	secret: zod_v4.z.string().optional(),
+	publicKey: zod_v4.z.union([zod_v4.z.string(), zod_v4.z.instanceof(Buffer)]).optional(),
+	privateKey: SecretSchema.optional(),
+	verifyOptions: VerifyOptionsSchema.optional(),
+	secretOrKeyProvider: zod_v4.z.function({
+		input: [
+			zod_v4.z.enum(RequestType),
+			zod_v4.z.any(),
+			zod_v4.z.union([SignOptionsSchema, VerifyOptionsSchema]).optional()
+		],
+		output: zod_v4.z.union([SecretSchema, zod_v4.z.promise(SecretSchema)])
+	}).optional()
+});
+
+//#endregion
+//#region src/jwt.service.mts
+function applyDecs2203RFactory() {
+	function createAddInitializerMethod(initializers, decoratorFinishedRef) {
+		return function addInitializer(initializer) {
+			assertNotFinished(decoratorFinishedRef, "addInitializer");
+			assertCallable(initializer, "An initializer");
+			initializers.push(initializer);
+		};
+	}
+	function memberDec(dec, name, desc, initializers, kind, isStatic, isPrivate, metadata, value) {
+		var kindStr;
+		switch (kind) {
+			case 1:
+				kindStr = "accessor";
+				break;
+			case 2:
+				kindStr = "method";
+				break;
+			case 3:
+				kindStr = "getter";
+				break;
+			case 4:
+				kindStr = "setter";
+				break;
+			default: kindStr = "field";
+		}
+		var ctx = {
+			kind: kindStr,
+			name: isPrivate ? "#" + name : name,
+			static: isStatic,
+			private: isPrivate,
+			metadata
+		};
+		var decoratorFinishedRef = { v: false };
+		ctx.addInitializer = createAddInitializerMethod(initializers, decoratorFinishedRef);
+		var get, set;
+		if (kind === 0) if (isPrivate) {
+			get = desc.get;
+			set = desc.set;
+		} else {
+			get = function() {
+				return this[name];
+			};
+			set = function(v) {
+				this[name] = v;
+			};
+		}
+		else if (kind === 2) get = function() {
+			return desc.value;
+		};
+		else {
+			if (kind === 1 || kind === 3) get = function() {
+				return desc.get.call(this);
+			};
+			if (kind === 1 || kind === 4) set = function(v) {
+				desc.set.call(this, v);
+			};
+		}
+		ctx.access = get && set ? {
+			get,
+			set
+		} : get ? { get } : { set };
+		try {
+			return dec(value, ctx);
+		} finally {
+			decoratorFinishedRef.v = true;
+		}
+	}
+	function assertNotFinished(decoratorFinishedRef, fnName) {
+		if (decoratorFinishedRef.v) throw new Error("attempted to call " + fnName + " after decoration was finished");
+	}
+	function assertCallable(fn, hint) {
+		if (typeof fn !== "function") throw new TypeError(hint + " must be a function");
+	}
+	function assertValidReturnValue(kind, value) {
+		var type = typeof value;
+		if (kind === 1) {
+			if (type !== "object" || value === null) throw new TypeError("accessor decorators must return an object with get, set, or init properties or void 0");
+			if (value.get !== void 0) assertCallable(value.get, "accessor.get");
+			if (value.set !== void 0) assertCallable(value.set, "accessor.set");
+			if (value.init !== void 0) assertCallable(value.init, "accessor.init");
+		} else if (type !== "function") {
+			var hint;
+			if (kind === 0) hint = "field";
+			else if (kind === 10) hint = "class";
+			else hint = "method";
+			throw new TypeError(hint + " decorators must return a function or void 0");
+		}
+	}
+	function applyMemberDec(ret, base, decInfo, name, kind, isStatic, isPrivate, initializers, metadata) {
+		var decs = decInfo[0];
+		var desc, init, value;
+		if (isPrivate) if (kind === 0 || kind === 1) desc = {
+			get: decInfo[3],
+			set: decInfo[4]
+		};
+		else if (kind === 3) desc = { get: decInfo[3] };
+		else if (kind === 4) desc = { set: decInfo[3] };
+		else desc = { value: decInfo[3] };
+		else if (kind !== 0) desc = Object.getOwnPropertyDescriptor(base, name);
+		if (kind === 1) value = {
+			get: desc.get,
+			set: desc.set
+		};
+		else if (kind === 2) value = desc.value;
+		else if (kind === 3) value = desc.get;
+		else if (kind === 4) value = desc.set;
+		var newValue, get, set;
+		if (typeof decs === "function") {
+			newValue = memberDec(decs, name, desc, initializers, kind, isStatic, isPrivate, metadata, value);
+			if (newValue !== void 0) {
+				assertValidReturnValue(kind, newValue);
+				if (kind === 0) init = newValue;
+				else if (kind === 1) {
+					init = newValue.init;
+					get = newValue.get || value.get;
+					set = newValue.set || value.set;
+					value = {
+						get,
+						set
+					};
+				} else value = newValue;
+			}
+		} else for (var i = decs.length - 1; i >= 0; i--) {
+			var dec = decs[i];
+			newValue = memberDec(dec, name, desc, initializers, kind, isStatic, isPrivate, metadata, value);
+			if (newValue !== void 0) {
+				assertValidReturnValue(kind, newValue);
+				var newInit;
+				if (kind === 0) newInit = newValue;
+				else if (kind === 1) {
+					newInit = newValue.init;
+					get = newValue.get || value.get;
+					set = newValue.set || value.set;
+					value = {
+						get,
+						set
+					};
+				} else value = newValue;
+				if (newInit !== void 0) if (init === void 0) init = newInit;
+				else if (typeof init === "function") init = [init, newInit];
+				else init.push(newInit);
+			}
+		}
+		if (kind === 0 || kind === 1) {
+			if (init === void 0) init = function(instance, init$1) {
+				return init$1;
+			};
+			else if (typeof init !== "function") {
+				var ownInitializers = init;
+				init = function(instance, init$1) {
+					var value$1 = init$1;
+					for (var i$1 = 0; i$1 < ownInitializers.length; i$1++) value$1 = ownInitializers[i$1].call(instance, value$1);
+					return value$1;
+				};
+			} else {
+				var originalInitializer = init;
+				init = function(instance, init$1) {
+					return originalInitializer.call(instance, init$1);
+				};
+			}
+			ret.push(init);
+		}
+		if (kind !== 0) {
+			if (kind === 1) {
+				desc.get = value.get;
+				desc.set = value.set;
+			} else if (kind === 2) desc.value = value;
+			else if (kind === 3) desc.get = value;
+			else if (kind === 4) desc.set = value;
+			if (isPrivate) if (kind === 1) {
+				ret.push(function(instance, args) {
+					return value.get.call(instance, args);
+				});
+				ret.push(function(instance, args) {
+					return value.set.call(instance, args);
+				});
+			} else if (kind === 2) ret.push(value);
+			else ret.push(function(instance, args) {
+				return value.call(instance, args);
+			});
+			else Object.defineProperty(base, name, desc);
+		}
+	}
+	function applyMemberDecs(Class, decInfos, metadata) {
+		var ret = [];
+		var protoInitializers;
+		var staticInitializers;
+		var existingProtoNonFields = /* @__PURE__ */ new Map();
+		var existingStaticNonFields = /* @__PURE__ */ new Map();
+		for (var i = 0; i < decInfos.length; i++) {
+			var decInfo = decInfos[i];
+			if (!Array.isArray(decInfo)) continue;
+			var kind = decInfo[1];
+			var name = decInfo[2];
+			var isPrivate = decInfo.length > 3;
+			var isStatic = kind >= 5;
+			var base;
+			var initializers;
+			if (isStatic) {
+				base = Class;
+				kind = kind - 5;
+				staticInitializers = staticInitializers || [];
+				initializers = staticInitializers;
+			} else {
+				base = Class.prototype;
+				protoInitializers = protoInitializers || [];
+				initializers = protoInitializers;
+			}
+			if (kind !== 0 && !isPrivate) {
+				var existingNonFields = isStatic ? existingStaticNonFields : existingProtoNonFields;
+				var existingKind = existingNonFields.get(name) || 0;
+				if (existingKind === true || existingKind === 3 && kind !== 4 || existingKind === 4 && kind !== 3) throw new Error("Attempted to decorate a public method/accessor that has the same name as a previously decorated public method/accessor. This is not currently supported by the decorators plugin. Property name was: " + name);
+				else if (!existingKind && kind > 2) existingNonFields.set(name, kind);
+				else existingNonFields.set(name, true);
+			}
+			applyMemberDec(ret, base, decInfo, name, kind, isStatic, isPrivate, initializers, metadata);
+		}
+		pushInitializers(ret, protoInitializers);
+		pushInitializers(ret, staticInitializers);
+		return ret;
+	}
+	function pushInitializers(ret, initializers) {
+		if (initializers) ret.push(function(instance) {
+			for (var i = 0; i < initializers.length; i++) initializers[i].call(instance);
+			return instance;
+		});
+	}
+	function applyClassDecs(targetClass, classDecs, metadata) {
+		if (classDecs.length > 0) {
+			var initializers = [];
+			var newClass = targetClass;
+			var name = targetClass.name;
+			for (var i = classDecs.length - 1; i >= 0; i--) {
+				var decoratorFinishedRef = { v: false };
+				try {
+					var nextNewClass = classDecs[i](newClass, {
+						kind: "class",
+						name,
+						addInitializer: createAddInitializerMethod(initializers, decoratorFinishedRef),
+						metadata
+					});
+				} finally {
+					decoratorFinishedRef.v = true;
+				}
+				if (nextNewClass !== void 0) {
+					assertValidReturnValue(10, nextNewClass);
+					newClass = nextNewClass;
+				}
+			}
+			return [defineMetadata(newClass, metadata), function() {
+				for (var i$1 = 0; i$1 < initializers.length; i$1++) initializers[i$1].call(newClass);
+			}];
+		}
+	}
+	function defineMetadata(Class, metadata) {
+		return Object.defineProperty(Class, Symbol.metadata || Symbol.for("Symbol.metadata"), {
+			configurable: true,
+			enumerable: true,
+			value: metadata
+		});
+	}
+	return function applyDecs2203R(targetClass, memberDecs, classDecs, parentClass) {
+		if (parentClass !== void 0) var parentMetadata = parentClass[Symbol.metadata || Symbol.for("Symbol.metadata")];
+		var metadata = Object.create(parentMetadata === void 0 ? null : parentMetadata);
+		var e = applyMemberDecs(targetClass, memberDecs, metadata);
+		if (!classDecs.length) defineMetadata(targetClass, metadata);
+		return {
+			e,
+			get c() {
+				return applyClassDecs(targetClass, classDecs, metadata);
+			}
+		};
+	};
+}
+function _apply_decs_2203_r(targetClass, memberDecs, classDecs, parentClass) {
+	return (_apply_decs_2203_r = applyDecs2203RFactory())(targetClass, memberDecs, classDecs, parentClass);
+}
+var _dec, _initClass;
+/**
+* Injection token for JwtService.
+*
+* Used internally by the dependency injection system to register and resolve JwtService instances.
+*/ const JwtServiceToken = __navios_core.InjectionToken.create(Symbol.for("JwtService"), JwtServiceOptionsSchema);
+let _JwtService;
+_dec = (0, __navios_core.Injectable)({ token: JwtServiceToken });
+var JwtService = class {
+	options;
+	static {
+		({c: [_JwtService, _initClass]} = _apply_decs_2203_r(this, [], [_dec]));
+	}
+	/**
+	* Creates a new JwtService instance.
+	*
+	* @param options - Configuration options for the JWT service
+	*/ constructor(options = {}) {
+		this.options = options;
+	}
+	logger = (0, __navios_core.inject)(__navios_core.Logger, { context: _JwtService.name });
+	sign(payload, options = {}) {
+		const signOptions = this.mergeJwtOptions({ ...options }, "signOptions");
+		const secret = this.getSecretKey(payload, options, "privateKey", RequestType.Sign);
+		if (secret instanceof Promise) {
+			secret.catch(() => {});
+			this.logger.warn("For async version of \"secretOrKeyProvider\", please use \"signAsync\".");
+			throw new Error();
+		}
+		const allowedSignOptKeys = ["secret", "privateKey"];
+		const signOptKeys = Object.keys(signOptions);
+		if (typeof payload === "string" && signOptKeys.some((k) => !allowedSignOptKeys.includes(k))) throw new Error("Payload as string is not allowed with the following sign options: " + signOptKeys.join(", "));
+		return jsonwebtoken.default.sign(payload, secret, signOptions);
+	}
+	signAsync(payload, options = {}) {
+		const signOptions = this.mergeJwtOptions({ ...options }, "signOptions");
+		const secret = this.getSecretKey(payload, options, "privateKey", RequestType.Sign);
+		const allowedSignOptKeys = ["secret", "privateKey"];
+		const signOptKeys = Object.keys(signOptions);
+		if (typeof payload === "string" && signOptKeys.some((k) => !allowedSignOptKeys.includes(k))) throw new Error("Payload as string is not allowed with the following sign options: " + signOptKeys.join(", "));
+		return new Promise((resolve, reject) => Promise.resolve().then(() => secret).then((scrt) => {
+			jsonwebtoken.default.sign(payload, scrt, signOptions, (err, encoded) => err ? reject(err) : resolve(encoded));
+		}));
+	}
+	/**
+	* Verifies and decodes a JWT token synchronously.
+	*
+	* This method validates the token's signature, expiration, and other claims
+	* according to the provided options. If verification fails, an error is thrown.
+	*
+	* @template T - The expected type of the decoded payload
+	* @param token - The JWT token string to verify
+	* @param options - Verification options including algorithms, audience, issuer, etc.
+	* @returns The decoded payload as type T
+	* @throws {TokenExpiredError} If the token has expired
+	* @throws {NotBeforeError} If the token is not yet valid (nbf claim)
+	* @throws {JsonWebTokenError} If the token is invalid or malformed
+	* @throws {Error} If `secretOrKeyProvider` returns a Promise (use `verifyAsync` instead)
+	*
+	* @example
+	* ```ts
+	* try {
+	*   const payload = jwtService.verify<{ userId: string; role: string }>(token)
+	*   console.log(payload.userId) // '123'
+	* } catch (error) {
+	*   if (error instanceof TokenExpiredError) {
+	*     console.error('Token expired')
+	*   }
+	* }
+	* ```
+	*/ verify(token, options = {}) {
+		const verifyOptions = this.mergeJwtOptions({ ...options }, "verifyOptions");
+		const secret = this.getSecretKey(token, options, "publicKey", RequestType.Verify);
+		if (secret instanceof Promise) {
+			secret.catch(() => {});
+			this.logger.warn("For async version of \"secretOrKeyProvider\", please use \"verifyAsync\".");
+			throw new Error();
+		}
+		return jsonwebtoken.default.verify(token, secret, verifyOptions);
+	}
+	/**
+	* Verifies and decodes a JWT token asynchronously.
+	*
+	* Use this method when `secretOrKeyProvider` returns a Promise or when you need
+	* to handle async key resolution. Provides the same validation as `verify()`.
+	*
+	* @template T - The expected type of the decoded payload
+	* @param token - The JWT token string to verify
+	* @param options - Verification options including algorithms, audience, issuer, etc.
+	* @returns A Promise that resolves to the decoded payload as type T
+	* @throws {TokenExpiredError} If the token has expired
+	* @throws {NotBeforeError} If the token is not yet valid (nbf claim)
+	* @throws {JsonWebTokenError} If the token is invalid or malformed
+	*
+	* @example
+	* ```ts
+	* try {
+	*   const payload = await jwtService.verifyAsync<{ userId: string }>(token)
+	*   console.log(payload.userId)
+	* } catch (error) {
+	*   if (error instanceof TokenExpiredError) {
+	*     console.error('Token expired')
+	*   }
+	* }
+	* ```
+	*/ verifyAsync(token, options = {}) {
+		const verifyOptions = this.mergeJwtOptions({ ...options }, "verifyOptions");
+		const secret = this.getSecretKey(token, options, "publicKey", RequestType.Verify);
+		return new Promise((resolve, reject) => Promise.resolve().then(() => secret).then((scrt) => {
+			jsonwebtoken.default.verify(token, scrt, verifyOptions, (err, decoded) => err ? reject(err) : resolve(decoded));
+		}).catch(reject));
+	}
+	/**
+	* Decodes a JWT token without verification.
+	*
+	* This method decodes the token without validating its signature or claims.
+	* Use this only when you need to inspect the token contents without verification.
+	* For secure token validation, use `verify()` or `verifyAsync()` instead.
+	*
+	* @template T - The expected type of the decoded payload
+	* @param token - The JWT token string to decode
+	* @param options - Decode options (complete, json, etc.)
+	* @returns The decoded payload as type T, or null if decoding fails
+	*
+	* @example
+	* ```ts
+	* // Decode without verification (not recommended for production)
+	* const payload = jwtService.decode<{ userId: string }>(token)
+	* if (payload) {
+	*   console.log(payload.userId)
+	* }
+	* ```
+	*/ decode(token, options) {
+		return jsonwebtoken.default.decode(token, options);
+	}
+	mergeJwtOptions(options, key) {
+		delete options.secret;
+		if (key === "signOptions") delete options.privateKey;
+		else delete options.publicKey;
+		return options ? {
+			...this.options[key],
+			...options
+		} : this.options[key];
+	}
+	getSecretKey(token, options, key, secretRequestType) {
+		return this.options.secretOrKeyProvider ? this.options.secretOrKeyProvider(secretRequestType, token, options) : options?.secret || this.options.secret || (key === "privateKey" ? options?.privateKey || this.options.privateKey : options?.publicKey || this.options.publicKey) || this.options[key];
+	}
+	static {
+		_initClass();
+	}
+};
+
+//#endregion
+//#region src/jwt-service.provider.mts
+function provideJwtService(config) {
+	if (typeof config === "function") return __navios_core.InjectionToken.factory(JwtServiceToken, config);
+	return __navios_core.InjectionToken.bound(JwtServiceToken, config);
+}
+
+//#endregion
+//#region src/index.mts
+/**
+* Error thrown when a JWT token has expired.
+*
+* This error is thrown by `verify()` and `verifyAsync()` when the token's
+* expiration time (exp claim) has passed.
+*
+* @example
+* ```ts
+* try {
+*   jwtService.verify(token)
+* } catch (error) {
+*   if (error instanceof TokenExpiredError) {
+*     console.error('Token expired at:', error.expiredAt)
+*   }
+* }
+* ```
+*/ const TokenExpiredError = jsonwebtoken.default.TokenExpiredError;
+/**
+* Error thrown when a JWT token is not yet valid.
+*
+* This error is thrown by `verify()` and `verifyAsync()` when the token's
+* "not before" time (nbf claim) is in the future.
+*
+* @example
+* ```ts
+* try {
+*   jwtService.verify(token)
+* } catch (error) {
+*   if (error instanceof NotBeforeError) {
+*     console.error('Token not valid until:', error.date)
+*   }
+* }
+* ```
+*/ const NotBeforeError = jsonwebtoken.default.NotBeforeError;
+/**
+* Base error class for JWT-related errors.
+*
+* This is the base class for all JWT errors including `TokenExpiredError`
+* and `NotBeforeError`. It's thrown for invalid or malformed tokens.
+*
+* @example
+* ```ts
+* try {
+*   jwtService.verify(token)
+* } catch (error) {
+*   if (error instanceof JsonWebTokenError) {
+*     console.error('JWT error:', error.message)
+*   }
+* }
+* ```
+*/ const JsonWebTokenError = jsonwebtoken.default.JsonWebTokenError;
+
+//#endregion
+exports.AlgorithmType = AlgorithmType;
+exports.JsonWebTokenError = JsonWebTokenError;
+exports.JwtHeaderSchema = JwtHeaderSchema;
+Object.defineProperty(exports, 'JwtService', {
+  enumerable: true,
+  get: function () {
+    return _JwtService;
+  }
+});
+exports.JwtServiceOptionsSchema = JwtServiceOptionsSchema;
+exports.JwtServiceToken = JwtServiceToken;
+exports.NotBeforeError = NotBeforeError;
+exports.RequestType = RequestType;
+exports.SecretSchema = SecretSchema;
+exports.SignOptionsSchema = SignOptionsSchema;
+exports.TokenExpiredError = TokenExpiredError;
+exports.VerifyOptionsSchema = VerifyOptionsSchema;
+exports.provideJwtService = provideJwtService;
+//# sourceMappingURL=index.cjs.map