@navios/jwt 0.9.0 → 1.0.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/CHANGELOG.md +22 -0
  2. package/README.md +6 -8
  3. package/dist/src/__tests__/jwt.service.spec.d.mts +2 -0
  4. package/dist/src/__tests__/jwt.service.spec.d.mts.map +1 -0
  5. package/dist/src/jwt.service.d.mts +6 -14
  6. package/dist/src/jwt.service.d.mts.map +1 -1
  7. package/dist/src/options/jwt-service.options.d.mts +2 -7
  8. package/dist/src/options/jwt-service.options.d.mts.map +1 -1
  9. package/dist/tsconfig.tsbuildinfo +1 -1
  10. package/lib/index.cjs +29 -34
  11. package/lib/index.cjs.map +1 -1
  12. package/lib/index.d.cts +8 -21
  13. package/lib/index.d.cts.map +1 -1
  14. package/lib/index.d.mts +8 -21
  15. package/lib/index.d.mts.map +1 -1
  16. package/lib/index.mjs +29 -34
  17. package/lib/index.mjs.map +1 -1
  18. package/package.json +3 -3
  19. package/src/__tests__/jwt.service.spec.mts +453 -0
  20. package/src/jwt.service.mts +64 -105
  21. package/src/options/jwt-service.options.mts +1 -1
package/lib/index.cjs CHANGED
@@ -150,7 +150,7 @@ const JwtServiceOptionsSchema = zod_v4.z.object({
150
150
  zod_v4.z.any(),
151
151
  zod_v4.z.union([SignOptionsSchema, VerifyOptionsSchema]).optional()
152
152
  ],
153
- output: zod_v4.z.union([SecretSchema, zod_v4.z.promise(SecretSchema)])
153
+ output: SecretSchema
154
154
  }).optional()
155
155
  });
156
156
 
@@ -455,27 +455,14 @@ var JwtService = class {
455
455
  }
456
456
  logger = (0, _navios_core.inject)(_navios_core.Logger, { context: _JwtService.name });
457
457
  sign(payload, options = {}) {
458
- const signOptions = this.mergeJwtOptions({ ...options }, "signOptions");
459
- const secret = this.getSecretKey(payload, options, "privateKey", RequestType.Sign);
460
- if (secret instanceof Promise) {
461
- secret.catch(() => {});
462
- this.logger.warn("For async version of \"secretOrKeyProvider\", please use \"signAsync\".");
463
- throw new Error();
464
- }
465
- const allowedSignOptKeys = ["secret", "privateKey"];
466
- const signOptKeys = Object.keys(signOptions);
467
- if (typeof payload === "string" && signOptKeys.some((k) => !allowedSignOptKeys.includes(k))) throw new Error("Payload as string is not allowed with the following sign options: " + signOptKeys.join(", "));
458
+ const { signOptions, secret } = this.prepareSign(payload, options);
468
459
  return jsonwebtoken.default.sign(payload, secret, signOptions);
469
460
  }
470
461
  signAsync(payload, options = {}) {
471
- const signOptions = this.mergeJwtOptions({ ...options }, "signOptions");
472
- const secret = this.getSecretKey(payload, options, "privateKey", RequestType.Sign);
473
- const allowedSignOptKeys = ["secret", "privateKey"];
474
- const signOptKeys = Object.keys(signOptions);
475
- if (typeof payload === "string" && signOptKeys.some((k) => !allowedSignOptKeys.includes(k))) throw new Error("Payload as string is not allowed with the following sign options: " + signOptKeys.join(", "));
476
- return new Promise((resolve, reject) => Promise.resolve().then(() => secret).then((scrt) => {
477
- jsonwebtoken.default.sign(payload, scrt, signOptions, (err, encoded) => err ? reject(err) : resolve(encoded));
478
- }));
462
+ const { signOptions, secret } = this.prepareSign(payload, options);
463
+ return new Promise((resolve, reject) => {
464
+ jsonwebtoken.default.sign(payload, secret, signOptions, (err, encoded) => err ? reject(err) : resolve(encoded));
465
+ });
479
466
  }
480
467
  /**
481
468
  * Verifies and decodes a JWT token synchronously.
@@ -490,7 +477,6 @@ var JwtService = class {
490
477
  * @throws {TokenExpiredError} If the token has expired
491
478
  * @throws {NotBeforeError} If the token is not yet valid (nbf claim)
492
479
  * @throws {JsonWebTokenError} If the token is invalid or malformed
493
- * @throws {Error} If `secretOrKeyProvider` returns a Promise (use `verifyAsync` instead)
494
480
  *
495
481
  * @example
496
482
  * ```ts
@@ -504,20 +490,13 @@ var JwtService = class {
504
490
  * }
505
491
  * ```
506
492
  */ verify(token, options = {}) {
507
- const verifyOptions = this.mergeJwtOptions({ ...options }, "verifyOptions");
508
- const secret = this.getSecretKey(token, options, "publicKey", RequestType.Verify);
509
- if (secret instanceof Promise) {
510
- secret.catch(() => {});
511
- this.logger.warn("For async version of \"secretOrKeyProvider\", please use \"verifyAsync\".");
512
- throw new Error();
513
- }
493
+ const { verifyOptions, secret } = this.prepareVerify(token, options);
514
494
  return jsonwebtoken.default.verify(token, secret, verifyOptions);
515
495
  }
516
496
  /**
517
497
  * Verifies and decodes a JWT token asynchronously.
518
498
  *
519
- * Use this method when `secretOrKeyProvider` returns a Promise or when you need
520
- * to handle async key resolution. Provides the same validation as `verify()`.
499
+ * Provides the same validation as `verify()`.
521
500
  *
522
501
  * @template T - The expected type of the decoded payload
523
502
  * @param token - The JWT token string to verify
@@ -539,11 +518,10 @@ var JwtService = class {
539
518
  * }
540
519
  * ```
541
520
  */ verifyAsync(token, options = {}) {
542
- const verifyOptions = this.mergeJwtOptions({ ...options }, "verifyOptions");
543
- const secret = this.getSecretKey(token, options, "publicKey", RequestType.Verify);
544
- return new Promise((resolve, reject) => Promise.resolve().then(() => secret).then((scrt) => {
545
- jsonwebtoken.default.verify(token, scrt, verifyOptions, (err, decoded) => err ? reject(err) : resolve(decoded));
546
- }).catch(reject));
521
+ const { verifyOptions, secret } = this.prepareVerify(token, options);
522
+ return new Promise((resolve, reject) => {
523
+ jsonwebtoken.default.verify(token, secret, verifyOptions, (err, decoded) => err ? reject(err) : resolve(decoded));
524
+ });
547
525
  }
548
526
  /**
549
527
  * Decodes a JWT token without verification.
@@ -568,6 +546,23 @@ var JwtService = class {
568
546
  */ decode(token, options) {
569
547
  return jsonwebtoken.default.decode(token, options);
570
548
  }
549
+ prepareSign(payload, options) {
550
+ const signOptions = this.mergeJwtOptions({ ...options }, "signOptions");
551
+ const secret = this.getSecretKey(payload, options, "privateKey", RequestType.Sign);
552
+ const allowedSignOptKeys = ["secret", "privateKey"];
553
+ const signOptKeys = Object.keys(signOptions);
554
+ if (typeof payload === "string" && signOptKeys.some((k) => !allowedSignOptKeys.includes(k))) throw new Error("Payload as string is not allowed with the following sign options: " + signOptKeys.join(", "));
555
+ return {
556
+ signOptions,
557
+ secret
558
+ };
559
+ }
560
+ prepareVerify(token, options) {
561
+ return {
562
+ verifyOptions: this.mergeJwtOptions({ ...options }, "verifyOptions"),
563
+ secret: this.getSecretKey(token, options, "publicKey", RequestType.Verify)
564
+ };
565
+ }
571
566
  mergeJwtOptions(options, key) {
572
567
  delete options.secret;
573
568
  if (key === "signOptions") delete options.privateKey;
package/lib/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.cjs","names":["z","RequestType","AlgorithmType","enum","JwtHeaderSchema","object","alg","or","string","typ","optional","cty","crit","array","kid","jku","x5u","union","x5t","x5c","SignOptionsSchema","algorithm","keyid","expiresIn","number","notBefore","audience","instanceof","RegExp","subject","issuer","jwtid","mutatePayload","boolean","noTimestamp","header","encoding","allowInsecureKeySizes","allowInvalidAsymmetricKeyTypes","VerifyOptionsSchema","algorithms","clockTimestamp","clockTolerance","complete","ignoreExpiration","ignoreNotBefore","nonce","maxAge","SecretSchema","Buffer","type","passthrough","key","passphrase","JwtServiceOptionsSchema","signOptions","secret","publicKey","privateKey","verifyOptions","secretOrKeyProvider","function","input","any","output","promise","inject","Injectable","InjectionToken","Logger","jwt","JwtServiceOptionsSchema","RequestType","JwtServiceToken","create","Symbol","for","token","JwtService","options","logger","context","name","sign","payload","signOptions","mergeJwtOptions","secret","getSecretKey","Sign","Promise","catch","warn","Error","allowedSignOptKeys","signOptKeys","Object","keys","some","k","includes","join","signAsync","resolve","reject","then","scrt","err","encoded","verify","verifyOptions","Verify","verifyAsync","decoded","decode","key","privateKey","publicKey","secretRequestType","secretOrKeyProvider","InjectionToken","JwtServiceToken","provideJwtService","config","factory","bound","jwt","TokenExpiredError","NotBeforeError","JsonWebTokenError"],"sources":["../src/options/jwt-service.options.mts","../src/jwt.service.mts","../src/jwt-service.provider.mts","../src/index.mts"],"sourcesContent":["import type { Secret as JwtSecret } from 'jsonwebtoken'\n\nimport { z } from 'zod/v4'\n\n/**\n * Request type for secret or key provider functions.\n *\n * Used to distinguish between signing and verification operations when\n * dynamically resolving secrets or keys.\n */\nexport enum RequestType {\n /** Request is for signing a token */\n Sign = 'Sign',\n /** Request is for verifying a token */\n Verify = 'Verify',\n}\n\n/**\n * Supported JWT algorithms.\n *\n * Includes symmetric (HMAC) and asymmetric (RSA, ECDSA, EdDSA) algorithms.\n */\nexport const AlgorithmType = z.enum([\n 'HS256',\n 'HS384',\n 'HS512',\n 'RS256',\n 'RS384',\n 'RS512',\n 'ES256',\n 'ES384',\n 'ES512',\n 'PS256',\n 'PS384',\n 'PS512',\n 'none',\n])\n\n/**\n * JWT header schema.\n *\n * Defines the structure of the JWT header with standard claims.\n */\nexport const JwtHeaderSchema = z.object({\n alg: AlgorithmType.or(z.string()),\n typ: z.string().optional(),\n cty: z.string().optional(),\n crit: z.string().array().optional(),\n kid: z.string().optional(),\n jku: z.string().optional(),\n x5u: z.union([z.string(), z.array(z.string())]).optional(),\n 'x5t#S256': z.string().optional(),\n x5t: z.string().optional(),\n x5c: z.union([z.string(), z.array(z.string())]).optional(),\n})\n\n/**\n * JWT header type.\n *\n * Contains algorithm, type, and optional header claims.\n */\nexport type JwtHeader = z.infer<typeof JwtHeaderSchema>\n\n/**\n * Schema for JWT signing options.\n *\n * Defines all available options for signing tokens including algorithm,\n * expiration, audience, issuer, and other standard JWT claims.\n */\nexport const SignOptionsSchema = z.object({\n algorithm: AlgorithmType.optional(),\n keyid: z.string().optional(),\n expiresIn: z.union([z.string(), z.number()]).optional(),\n notBefore: z.union([z.string(), z.number()]).optional(),\n audience: z\n .union([\n z.string(),\n z.instanceof(RegExp),\n z.array(z.union([z.string(), z.instanceof(RegExp)])),\n ])\n .optional(),\n subject: z.string().optional(),\n issuer: z.string().optional(),\n jwtid: z.string().optional(),\n mutatePayload: z.boolean().optional(),\n noTimestamp: z.boolean().optional(),\n header: JwtHeaderSchema.optional(),\n encoding: z.string().optional(),\n allowInsecureKeySizes: z.boolean().optional(),\n allowInvalidAsymmetricKeyTypes: z.boolean().optional(),\n})\n\n/**\n * Options for signing JWT tokens.\n *\n * @see SignOptionsSchema for the complete schema definition\n */\nexport type SignOptions = z.infer<typeof SignOptionsSchema>\n\n/**\n * Schema for JWT verification options.\n *\n * Defines all available options for verifying tokens including allowed\n * algorithms, audience, issuer, expiration handling, and other validation rules.\n */\nexport const VerifyOptionsSchema = z.object({\n algorithms: AlgorithmType.array().optional(),\n audience: z\n .union([\n z.string(),\n z.instanceof(RegExp),\n z.array(z.union([z.string(), z.instanceof(RegExp)])),\n ])\n .optional(),\n clockTimestamp: z.number().optional(),\n clockTolerance: z.number().optional(),\n complete: z.boolean().optional(),\n issuer: z.union([z.string(), z.string().array()]).optional(),\n ignoreExpiration: z.boolean().optional(),\n ignoreNotBefore: z.boolean().optional(),\n jwtid: z.string().optional(),\n nonce: z.string().optional(),\n subject: z.string().optional(),\n maxAge: z.union([z.string(), z.number()]).optional(),\n allowInvalidAsymmetricKeyTypes: z.boolean().optional(),\n})\n\n/**\n * Options for verifying JWT tokens.\n *\n * @see VerifyOptionsSchema for the complete schema definition\n */\nexport type VerifyOptions = z.infer<typeof VerifyOptionsSchema>\n\n/**\n * Schema for JWT secret/key types.\n *\n * Supports string secrets, Buffer objects, and key objects with passphrases.\n */\nexport const SecretSchema = z.union([\n z.string(),\n z.instanceof(Buffer),\n z\n .object({\n type: z.string(),\n })\n .passthrough(),\n z.object({\n key: z.union([z.string(), z.instanceof(Buffer)]),\n passphrase: z.string(),\n }),\n])\n\n/**\n * Secret or key type for JWT operations.\n *\n * Can be a string, Buffer, or an object with key and optional passphrase.\n */\nexport type Secret = z.infer<typeof SecretSchema>\n\nexport const JwtServiceOptionsSchema = z.object({\n signOptions: SignOptionsSchema.optional(),\n secret: z.string().optional(),\n publicKey: z.union([z.string(), z.instanceof(Buffer)]).optional(),\n privateKey: SecretSchema.optional(),\n verifyOptions: VerifyOptionsSchema.optional(),\n secretOrKeyProvider: z\n .function({\n input: [\n z.enum(RequestType),\n z.any(),\n z.union([SignOptionsSchema, VerifyOptionsSchema]).optional(),\n ],\n output: z.union([SecretSchema, z.promise(SecretSchema)]),\n })\n .optional(),\n})\n\n/**\n * Configuration options for the JWT service.\n *\n * @property signOptions - Default options for signing tokens\n * @property secret - Default secret for symmetric algorithms (HS256, HS384, HS512)\n * @property publicKey - Default public key for asymmetric algorithms (RS256, ES256, etc.)\n * @property privateKey - Default private key for asymmetric algorithms\n * @property verifyOptions - Default options for verifying tokens\n * @property secretOrKeyProvider - Optional function to dynamically resolve secrets/keys\n *\n * @example\n * ```ts\n * const options: JwtServiceOptions = {\n * secret: 'your-secret-key',\n * signOptions: {\n * expiresIn: '1h',\n * algorithm: 'HS256',\n * },\n * verifyOptions: {\n * algorithms: ['HS256'],\n * },\n * }\n * ```\n */\nexport type JwtServiceOptions = z.infer<typeof JwtServiceOptionsSchema>\n\n/**\n * Options for signing JWT tokens.\n *\n * Extends `SignOptions` with additional properties for specifying\n * the secret or private key to use for signing.\n *\n * @property secret - Secret key for symmetric algorithms (overrides service default)\n * @property privateKey - Private key for asymmetric algorithms (overrides service default)\n */\nexport interface JwtSignOptions extends SignOptions {\n /** Secret key for symmetric algorithms */\n secret?: string | Buffer\n /** Private key for asymmetric algorithms */\n privateKey?: Secret\n}\n\n/**\n * Options for verifying JWT tokens.\n *\n * Extends `VerifyOptions` with additional properties for specifying\n * the secret or public key to use for verification.\n *\n * @property secret - Secret key for symmetric algorithms (overrides service default)\n * @property publicKey - Public key for asymmetric algorithms (overrides service default)\n */\nexport interface JwtVerifyOptions extends VerifyOptions {\n /** Secret key for symmetric algorithms */\n secret?: string | Buffer\n /** Public key for asymmetric algorithms */\n publicKey?: string | Buffer\n}\n\n/**\n * Result type for secret/key resolution.\n *\n * Represents the possible return types from secret or key provider functions.\n */\nexport type GetSecretKeyResult = string | Buffer | JwtSecret\n","import { inject, Injectable, InjectionToken, Logger } from '@navios/core'\n\nimport jwt from 'jsonwebtoken'\n\nimport type {\n GetSecretKeyResult,\n JwtServiceOptions,\n JwtSignOptions,\n JwtVerifyOptions,\n SignOptions,\n VerifyOptions,\n} from './options/jwt-service.options.mjs'\n\nimport {\n JwtServiceOptionsSchema,\n RequestType,\n} from './options/jwt-service.options.mjs'\n\n/**\n * Injection token for JwtService.\n *\n * Used internally by the dependency injection system to register and resolve JwtService instances.\n */\nexport const JwtServiceToken = InjectionToken.create(\n Symbol.for('JwtService'),\n JwtServiceOptionsSchema,\n)\n\n/**\n * Service for signing, verifying, and decoding JSON Web Tokens (JWTs).\n *\n * This service provides a type-safe wrapper around the `jsonwebtoken` library with\n * seamless integration into Navios's dependency injection system. It supports both\n * symmetric (HS256, HS384, HS512) and asymmetric (RS256, ES256, etc.) algorithms.\n *\n * @example\n * ```ts\n * import { provideJwtService } from '@navios/jwt'\n * import { inject } from '@navios/core'\n *\n * const JwtService = provideJwtService({\n * secret: 'your-secret-key',\n * signOptions: { expiresIn: '1h' },\n * })\n *\n * @Injectable()\n * class AuthService {\n * jwtService = inject(JwtService)\n *\n * async login(userId: string) {\n * const token = this.jwtService.sign({ userId, role: 'user' })\n * return token\n * }\n * }\n * ```\n */\n@Injectable({\n token: JwtServiceToken,\n})\nexport class JwtService {\n logger = inject(Logger, {\n context: JwtService.name,\n })\n\n /**\n * Creates a new JwtService instance.\n *\n * @param options - Configuration options for the JWT service\n */\n constructor(private readonly options: JwtServiceOptions = {}) {}\n\n /**\n * Signs a JWT payload synchronously.\n *\n * When the payload is a string, only `secret` and `privateKey` options are allowed.\n * For object or Buffer payloads, all sign options are available.\n *\n * @param payload - The payload to sign. Can be a string, Buffer, or object.\n * @param options - Signing options. When payload is a string, only `secret` and `privateKey` are allowed.\n * @returns The signed JWT token as a string\n * @throws {Error} If `secretOrKeyProvider` returns a Promise (use `signAsync` instead)\n * @throws {Error} If payload is a string and invalid options are provided\n *\n * @example\n * ```ts\n * // Sign with object payload\n * const token = jwtService.sign(\n * { userId: '123', role: 'admin' },\n * { expiresIn: '1h' }\n * )\n *\n * // Sign with string payload (limited options)\n * const token = jwtService.sign('payload-string', { secret: 'key' })\n * ```\n */\n sign(\n payload: string,\n options?: Omit<JwtSignOptions, keyof SignOptions>,\n ): string\n /**\n * Signs a JWT payload synchronously.\n *\n * @param payload - The payload to sign. Can be a Buffer or object.\n * @param options - Signing options including algorithm, expiration, etc.\n * @returns The signed JWT token as a string\n */\n sign(payload: Buffer | object, options?: JwtSignOptions): string\n sign(\n payload: string | Buffer | object,\n options: JwtSignOptions = {},\n ): string {\n const signOptions = this.mergeJwtOptions(\n { ...options },\n 'signOptions',\n ) as jwt.SignOptions\n const secret = this.getSecretKey(\n payload,\n options,\n 'privateKey',\n RequestType.Sign,\n )\n\n if (secret instanceof Promise) {\n secret.catch(() => {}) // suppress rejection from async provider\n this.logger.warn(\n 'For async version of \"secretOrKeyProvider\", please use \"signAsync\".',\n )\n throw new Error()\n }\n\n const allowedSignOptKeys = ['secret', 'privateKey']\n const signOptKeys = Object.keys(signOptions)\n if (\n typeof payload === 'string' &&\n signOptKeys.some((k) => !allowedSignOptKeys.includes(k))\n ) {\n throw new Error(\n 'Payload as string is not allowed with the following sign options: ' +\n signOptKeys.join(', '),\n )\n }\n\n return jwt.sign(payload, secret, signOptions)\n }\n\n /**\n * Signs a JWT payload asynchronously.\n *\n * Use this method when `secretOrKeyProvider` returns a Promise or when you need\n * to handle async key resolution. Supports the same payload types and options as `sign()`.\n *\n * @param payload - The payload to sign. Can be a string, Buffer, or object.\n * @param options - Signing options. When payload is a string, only `secret` and `privateKey` are allowed.\n * @returns A Promise that resolves to the signed JWT token as a string\n * @throws {Error} If payload is a string and invalid options are provided\n *\n * @example\n * ```ts\n * // Sign with async key provider\n * const token = await jwtService.signAsync(\n * { userId: '123' },\n * { expiresIn: '1h' }\n * )\n * ```\n */\n signAsync(\n payload: string,\n options?: Omit<JwtSignOptions, keyof jwt.SignOptions>,\n ): Promise<string>\n /**\n * Signs a JWT payload asynchronously.\n *\n * @param payload - The payload to sign. Can be a Buffer or object.\n * @param options - Signing options including algorithm, expiration, etc.\n * @returns A Promise that resolves to the signed JWT token as a string\n */\n signAsync(payload: Buffer | object, options?: JwtSignOptions): Promise<string>\n signAsync(\n payload: string | Buffer | object,\n options: JwtSignOptions = {},\n ): Promise<string> {\n const signOptions = this.mergeJwtOptions(\n { ...options },\n 'signOptions',\n ) as jwt.SignOptions\n const secret = this.getSecretKey(\n payload,\n options,\n 'privateKey',\n RequestType.Sign,\n )\n\n const allowedSignOptKeys = ['secret', 'privateKey']\n const signOptKeys = Object.keys(signOptions)\n if (\n typeof payload === 'string' &&\n signOptKeys.some((k) => !allowedSignOptKeys.includes(k))\n ) {\n throw new Error(\n 'Payload as string is not allowed with the following sign options: ' +\n signOptKeys.join(', '),\n )\n }\n\n return new Promise((resolve, reject) =>\n Promise.resolve()\n .then(() => secret)\n .then((scrt: GetSecretKeyResult) => {\n jwt.sign(payload, scrt, signOptions, (err, encoded) =>\n err ? reject(err) : resolve(encoded as string),\n )\n }),\n )\n }\n\n /**\n * Verifies and decodes a JWT token synchronously.\n *\n * This method validates the token's signature, expiration, and other claims\n * according to the provided options. If verification fails, an error is thrown.\n *\n * @template T - The expected type of the decoded payload\n * @param token - The JWT token string to verify\n * @param options - Verification options including algorithms, audience, issuer, etc.\n * @returns The decoded payload as type T\n * @throws {TokenExpiredError} If the token has expired\n * @throws {NotBeforeError} If the token is not yet valid (nbf claim)\n * @throws {JsonWebTokenError} If the token is invalid or malformed\n * @throws {Error} If `secretOrKeyProvider` returns a Promise (use `verifyAsync` instead)\n *\n * @example\n * ```ts\n * try {\n * const payload = jwtService.verify<{ userId: string; role: string }>(token)\n * console.log(payload.userId) // '123'\n * } catch (error) {\n * if (error instanceof TokenExpiredError) {\n * console.error('Token expired')\n * }\n * }\n * ```\n */\n verify<T extends object = any>(\n token: string,\n options: JwtVerifyOptions = {},\n ): T {\n const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions')\n const secret = this.getSecretKey(\n token,\n options,\n 'publicKey',\n RequestType.Verify,\n )\n\n if (secret instanceof Promise) {\n secret.catch(() => {}) // suppress rejection from async provider\n this.logger.warn(\n 'For async version of \"secretOrKeyProvider\", please use \"verifyAsync\".',\n )\n throw new Error()\n }\n\n // @ts-expect-error We check it\n return jwt.verify(token, secret, verifyOptions) as unknown as T\n }\n\n /**\n * Verifies and decodes a JWT token asynchronously.\n *\n * Use this method when `secretOrKeyProvider` returns a Promise or when you need\n * to handle async key resolution. Provides the same validation as `verify()`.\n *\n * @template T - The expected type of the decoded payload\n * @param token - The JWT token string to verify\n * @param options - Verification options including algorithms, audience, issuer, etc.\n * @returns A Promise that resolves to the decoded payload as type T\n * @throws {TokenExpiredError} If the token has expired\n * @throws {NotBeforeError} If the token is not yet valid (nbf claim)\n * @throws {JsonWebTokenError} If the token is invalid or malformed\n *\n * @example\n * ```ts\n * try {\n * const payload = await jwtService.verifyAsync<{ userId: string }>(token)\n * console.log(payload.userId)\n * } catch (error) {\n * if (error instanceof TokenExpiredError) {\n * console.error('Token expired')\n * }\n * }\n * ```\n */\n verifyAsync<T extends object = any>(\n token: string,\n options: JwtVerifyOptions = {},\n ): Promise<T> {\n const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions')\n const secret = this.getSecretKey(\n token,\n options,\n 'publicKey',\n RequestType.Verify,\n )\n\n return new Promise((resolve, reject) =>\n Promise.resolve()\n .then(() => secret)\n .then((scrt: GetSecretKeyResult) => {\n // @ts-expect-error We check it\n jwt.verify(token, scrt, verifyOptions, (err, decoded) =>\n err ? reject(err) : resolve(decoded as T),\n )\n })\n .catch(reject),\n )\n }\n\n /**\n * Decodes a JWT token without verification.\n *\n * This method decodes the token without validating its signature or claims.\n * Use this only when you need to inspect the token contents without verification.\n * For secure token validation, use `verify()` or `verifyAsync()` instead.\n *\n * @template T - The expected type of the decoded payload\n * @param token - The JWT token string to decode\n * @param options - Decode options (complete, json, etc.)\n * @returns The decoded payload as type T, or null if decoding fails\n *\n * @example\n * ```ts\n * // Decode without verification (not recommended for production)\n * const payload = jwtService.decode<{ userId: string }>(token)\n * if (payload) {\n * console.log(payload.userId)\n * }\n * ```\n */\n decode<T = any>(token: string, options?: jwt.DecodeOptions): T {\n return jwt.decode(token, options) as T\n }\n\n private mergeJwtOptions(\n options: JwtVerifyOptions | JwtSignOptions,\n key: 'verifyOptions' | 'signOptions',\n ): VerifyOptions | SignOptions {\n delete options.secret\n if (key === 'signOptions') {\n delete (options as JwtSignOptions).privateKey\n } else {\n delete (options as JwtVerifyOptions).publicKey\n }\n return options\n ? {\n ...this.options[key],\n ...options,\n }\n : // @ts-expect-error We check it\n this.options[key]\n }\n\n private getSecretKey(\n token: string | object | Buffer,\n options: JwtVerifyOptions | JwtSignOptions,\n key: 'publicKey' | 'privateKey',\n secretRequestType: RequestType,\n ): GetSecretKeyResult | Promise<GetSecretKeyResult> {\n const secret = this.options.secretOrKeyProvider\n ? this.options.secretOrKeyProvider(secretRequestType, token, options)\n : options?.secret ||\n this.options.secret ||\n (key === 'privateKey'\n ? (options as JwtSignOptions)?.privateKey || this.options.privateKey\n : (options as JwtVerifyOptions)?.publicKey ||\n this.options.publicKey) ||\n this.options[key]\n\n return secret as GetSecretKeyResult\n }\n}\n","import type { BoundInjectionToken, FactoryInjectionToken } from '@navios/core'\n\nimport { InjectionToken } from '@navios/core'\n\nimport type { JwtServiceOptions } from './options/jwt-service.options.mjs'\n\nimport { JwtService, JwtServiceToken } from './jwt.service.mjs'\nimport { JwtServiceOptionsSchema } from './options/jwt-service.options.mjs'\n\n/**\n * Creates a JWT service provider for dependency injection.\n *\n * This function creates an injection token that can be used to register and resolve\n * `JwtService` instances in the Navios dependency injection container. It supports\n * both static configuration and async factory functions for dynamic configuration.\n *\n * @param config - Static JWT service configuration options\n * @returns A bound injection token that can be used with `inject()` or `syncInject()`\n *\n * @example\n * ```ts\n * // Static configuration\n * const JwtService = provideJwtService({\n * secret: 'your-secret-key',\n * signOptions: { expiresIn: '1h' },\n * })\n *\n * @Injectable()\n * class AuthService {\n * jwtService = inject(JwtService)\n * }\n * ```\n */\nexport function provideJwtService(\n config: JwtServiceOptions,\n): BoundInjectionToken<JwtService, typeof JwtServiceOptionsSchema>\n/**\n * Creates a JWT service provider with async configuration factory.\n *\n * Use this overload when you need to load configuration asynchronously, such as\n * fetching secrets from a configuration service or environment variables.\n *\n * @param config - Async factory function that returns JWT service configuration\n * @returns A factory injection token that resolves configuration asynchronously\n *\n * @example\n * ```ts\n * // Async configuration\n * const JwtService = provideJwtService(async () => {\n * const configService = await inject(ConfigService)\n * return {\n * secret: configService.jwt.secret,\n * signOptions: { expiresIn: configService.jwt.expiresIn },\n * }\n * })\n *\n * @Injectable()\n * class AuthService {\n * jwtService = inject(JwtService)\n * }\n * ```\n */\nexport function provideJwtService(\n config: () => Promise<JwtServiceOptions>,\n): FactoryInjectionToken<JwtService, typeof JwtServiceOptionsSchema>\nexport function provideJwtService(\n config: JwtServiceOptions | (() => Promise<JwtServiceOptions>),\n):\n | BoundInjectionToken<JwtService, typeof JwtServiceOptionsSchema>\n | FactoryInjectionToken<JwtService, typeof JwtServiceOptionsSchema> {\n if (typeof config === 'function') {\n return InjectionToken.factory(JwtServiceToken, config)\n }\n return InjectionToken.bound(JwtServiceToken, config)\n}\n","import jwt from 'jsonwebtoken'\n\nexport * from './options/jwt-service.options.mjs'\nexport * from './jwt.service.mjs'\nexport * from './jwt-service.provider.mjs'\n\n/**\n * Error thrown when a JWT token has expired.\n *\n * This error is thrown by `verify()` and `verifyAsync()` when the token's\n * expiration time (exp claim) has passed.\n *\n * @example\n * ```ts\n * try {\n * jwtService.verify(token)\n * } catch (error) {\n * if (error instanceof TokenExpiredError) {\n * console.error('Token expired at:', error.expiredAt)\n * }\n * }\n * ```\n */\nexport const TokenExpiredError = jwt.TokenExpiredError\n\n/**\n * Error thrown when a JWT token is not yet valid.\n *\n * This error is thrown by `verify()` and `verifyAsync()` when the token's\n * \"not before\" time (nbf claim) is in the future.\n *\n * @example\n * ```ts\n * try {\n * jwtService.verify(token)\n * } catch (error) {\n * if (error instanceof NotBeforeError) {\n * console.error('Token not valid until:', error.date)\n * }\n * }\n * ```\n */\nexport const NotBeforeError = jwt.NotBeforeError\n\n/**\n * Base error class for JWT-related errors.\n *\n * This is the base class for all JWT errors including `TokenExpiredError`\n * and `NotBeforeError`. It's thrown for invalid or malformed tokens.\n *\n * @example\n * ```ts\n * try {\n * jwtService.verify(token)\n * } catch (error) {\n * if (error instanceof JsonWebTokenError) {\n * console.error('JWT error:', error.message)\n * }\n * }\n * ```\n */\nexport const JsonWebTokenError = jwt.JsonWebTokenError\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAUA,IAAO,cAAKC,yBAAAA,eAAAA;sCACyB,eAAA,UAAA;wCAEE,eAAA,YAAA;QAH3BA;;;;;;GAYZ,MAAaC,gBAAgBF,SAAEG,KAAK;CAClC;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAA;;;;;GAOD,MAAaC,kBAAkBJ,SAAEK,OAAO;CACtCC,KAAKJ,cAAcK,GAAGP,SAAEQ,QAAM,CAAA;CAC9BC,KAAKT,SAAEQ,QAAM,CAAGE,UAAQ;CACxBC,KAAKX,SAAEQ,QAAM,CAAGE,UAAQ;CACxBE,MAAMZ,SAAEQ,QAAM,CAAGK,OAAK,CAAGH,UAAQ;CACjCI,KAAKd,SAAEQ,QAAM,CAAGE,UAAQ;CACxBK,KAAKf,SAAEQ,QAAM,CAAGE,UAAQ;CACxBM,KAAKhB,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAEa,MAAMb,SAAEQ,QAAM,CAAA,CAAI,CAAA,CAAEE,UAAQ;CACxD,YAAYV,SAAEQ,QAAM,CAAGE,UAAQ;CAC/BQ,KAAKlB,SAAEQ,QAAM,CAAGE,UAAQ;CACxBS,KAAKnB,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAEa,MAAMb,SAAEQ,QAAM,CAAA,CAAI,CAAA,CAAEE,UAAQ;CAC1D,CAAA;;;;;;GAeA,MAAaU,oBAAoBpB,SAAEK,OAAO;CACxCgB,WAAWnB,cAAcQ,UAAQ;CACjCY,OAAOtB,SAAEQ,QAAM,CAAGE,UAAQ;CAC1Ba,WAAWvB,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAEwB,QAAM,CAAG,CAAA,CAAEd,UAAQ;CACrDe,WAAWzB,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAEwB,QAAM,CAAG,CAAA,CAAEd,UAAQ;CACrDgB,UAAU1B,SACPiB,MAAM;EACLjB,SAAEQ,QAAM;EACRR,SAAE2B,WAAWC,OAAAA;EACb5B,SAAEa,MAAMb,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAE2B,WAAWC,OAAAA,CAAQ,CAAA,CAAA;EACnD,CAAA,CACAlB,UAAQ;CACXmB,SAAS7B,SAAEQ,QAAM,CAAGE,UAAQ;CAC5BoB,QAAQ9B,SAAEQ,QAAM,CAAGE,UAAQ;CAC3BqB,OAAO/B,SAAEQ,QAAM,CAAGE,UAAQ;CAC1BsB,eAAehC,SAAEiC,SAAO,CAAGvB,UAAQ;CACnCwB,aAAalC,SAAEiC,SAAO,CAAGvB,UAAQ;CACjCyB,QAAQ/B,gBAAgBM,UAAQ;CAChC0B,UAAUpC,SAAEQ,QAAM,CAAGE,UAAQ;CAC7B2B,uBAAuBrC,SAAEiC,SAAO,CAAGvB,UAAQ;CAC3C4B,gCAAgCtC,SAAEiC,SAAO,CAAGvB,UAAQ;CACtD,CAAA;;;;;;GAeA,MAAa6B,sBAAsBvC,SAAEK,OAAO;CAC1CmC,YAAYtC,cAAcW,OAAK,CAAGH,UAAQ;CAC1CgB,UAAU1B,SACPiB,MAAM;EACLjB,SAAEQ,QAAM;EACRR,SAAE2B,WAAWC,OAAAA;EACb5B,SAAEa,MAAMb,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAE2B,WAAWC,OAAAA,CAAQ,CAAA,CAAA;EACnD,CAAA,CACAlB,UAAQ;CACX+B,gBAAgBzC,SAAEwB,QAAM,CAAGd,UAAQ;CACnCgC,gBAAgB1C,SAAEwB,QAAM,CAAGd,UAAQ;CACnCiC,UAAU3C,SAAEiC,SAAO,CAAGvB,UAAQ;CAC9BoB,QAAQ9B,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAEQ,QAAM,CAAGK,OAAK,CAAG,CAAA,CAAEH,UAAQ;CAC1DkC,kBAAkB5C,SAAEiC,SAAO,CAAGvB,UAAQ;CACtCmC,iBAAiB7C,SAAEiC,SAAO,CAAGvB,UAAQ;CACrCqB,OAAO/B,SAAEQ,QAAM,CAAGE,UAAQ;CAC1BoC,OAAO9C,SAAEQ,QAAM,CAAGE,UAAQ;CAC1BmB,SAAS7B,SAAEQ,QAAM,CAAGE,UAAQ;CAC5BqC,QAAQ/C,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAEwB,QAAM,CAAG,CAAA,CAAEd,UAAQ;CAClD4B,gCAAgCtC,SAAEiC,SAAO,CAAGvB,UAAQ;CACtD,CAAA;;;;;GAcA,MAAasC,eAAehD,SAAEiB,MAAM;CAClCjB,SAAEQ,QAAM;CACRR,SAAE2B,WAAWsB,OAAAA;CACbjD,SACGK,OAAO,EACN6C,MAAMlD,SAAEQ,QAAM,EAChB,CAAA,CACC2C,aAAW;CACdnD,SAAEK,OAAO;EACP+C,KAAKpD,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAE2B,WAAWsB,OAAAA,CAAQ,CAAA;EAC/CI,YAAYrD,SAAEQ,QAAM;EACtB,CAAA;CACD,CAAA;AASD,MAAa8C,0BAA0BtD,SAAEK,OAAO;CAC9CkD,aAAanC,kBAAkBV,UAAQ;CACvC8C,QAAQxD,SAAEQ,QAAM,CAAGE,UAAQ;CAC3B+C,WAAWzD,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAE2B,WAAWsB,OAAAA,CAAQ,CAAA,CAAEvC,UAAQ;CAC/DgD,YAAYV,aAAatC,UAAQ;CACjCiD,eAAepB,oBAAoB7B,UAAQ;CAC3CkD,qBAAqB5D,SAClB6D,SAAS;EACRC,OAAO;GACL9D,SAAEG,KAAKF,YAAAA;GACPD,SAAE+D,KAAG;GACL/D,SAAEiB,MAAM,CAACG,mBAAmBmB,oBAAoB,CAAA,CAAE7B,UAAQ;GAC3D;EACDsD,QAAQhE,SAAEiB,MAAM,CAAC+B,cAAchD,SAAEiE,QAAQjB,aAAAA,CAAc,CAAA;EACzD,CAAA,CACCtC,UAAQ;CACb,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GCzJA,MAAa+D,kBAAkBL,4BAAeM,OAC5CC,OAAOC,IAAI,aAAA,EACXL,wBAAAA;;oCA+BU,EACVM,OAAOJ,iBACT,CAAA;AACO,IAAMK,aAAN,MAAMA;;;;;;;;;IAUX,YAAY,UAA8C,EAAE,EAAE;OAAjCC,UAAAA;;CAT7BC,kCAAgBX,qBAAQ,EACtBY,SAASH,YAAWI,MACtB,CAAA;CA6CAC,KACEC,SACAL,UAA0B,EAAE,EACpB;EACR,MAAMM,cAAc,KAAKC,gBACvB,EAAE,GAAGP,SAAQ,EACb,cAAA;EAEF,MAAMQ,SAAS,KAAKC,aAClBJ,SACAL,SACA,cACAP,YAAYiB,KAAI;AAGlB,MAAIF,kBAAkBG,SAAS;AAC7BH,UAAOI,YAAM,GAAO;AACpB,QAAKX,OAAOY,KACV,0EAAA;AAEF,SAAM,IAAIC,OAAAA;;EAGZ,MAAMC,qBAAqB,CAAC,UAAU,aAAa;EACnD,MAAMC,cAAcC,OAAOC,KAAKZ,YAAAA;AAChC,MACE,OAAOD,YAAY,YACnBW,YAAYG,MAAMC,MAAM,CAACL,mBAAmBM,SAASD,EAAAA,CAAAA,CAErD,OAAM,IAAIN,MACR,uEACEE,YAAYM,KAAK,KAAA,CAAA;AAIvB,SAAO/B,qBAAIa,KAAKC,SAASG,QAAQF,YAAAA;;CAmCnCiB,UACElB,SACAL,UAA0B,EAAE,EACX;EACjB,MAAMM,cAAc,KAAKC,gBACvB,EAAE,GAAGP,SAAQ,EACb,cAAA;EAEF,MAAMQ,SAAS,KAAKC,aAClBJ,SACAL,SACA,cACAP,YAAYiB,KAAI;EAGlB,MAAMK,qBAAqB,CAAC,UAAU,aAAa;EACnD,MAAMC,cAAcC,OAAOC,KAAKZ,YAAAA;AAChC,MACE,OAAOD,YAAY,YACnBW,YAAYG,MAAMC,MAAM,CAACL,mBAAmBM,SAASD,EAAAA,CAAAA,CAErD,OAAM,IAAIN,MACR,uEACEE,YAAYM,KAAK,KAAA,CAAA;AAIvB,SAAO,IAAIX,SAASa,SAASC,WAC3Bd,QAAQa,SAAO,CACZE,WAAWlB,OAAAA,CACXkB,MAAMC,SAAAA;AACLpC,wBAAIa,KAAKC,SAASsB,MAAMrB,cAAcsB,KAAKC,YACzCD,MAAMH,OAAOG,IAAAA,GAAOJ,QAAQK,QAAAA,CAAAA;IAEhC,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA+BNC,OACEhC,OACAE,UAA4B,EAAE,EAC3B;EACH,MAAM+B,gBAAgB,KAAKxB,gBAAgB,EAAE,GAAGP,SAAQ,EAAG,gBAAA;EAC3D,MAAMQ,SAAS,KAAKC,aAClBX,OACAE,SACA,aACAP,YAAYuC,OAAM;AAGpB,MAAIxB,kBAAkBG,SAAS;AAC7BH,UAAOI,YAAM,GAAO;AACpB,QAAKX,OAAOY,KACV,4EAAA;AAEF,SAAM,IAAIC,OAAAA;;AAIZ,SAAOvB,qBAAIuC,OAAOhC,OAAOU,QAAQuB,cAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;IA6BnCE,YACEnC,OACAE,UAA4B,EAAE,EAClB;EACZ,MAAM+B,gBAAgB,KAAKxB,gBAAgB,EAAE,GAAGP,SAAQ,EAAG,gBAAA;EAC3D,MAAMQ,SAAS,KAAKC,aAClBX,OACAE,SACA,aACAP,YAAYuC,OAAM;AAGpB,SAAO,IAAIrB,SAASa,SAASC,WAC3Bd,QAAQa,SAAO,CACZE,WAAWlB,OAAAA,CACXkB,MAAMC,SAAAA;AAELpC,wBAAIuC,OAAOhC,OAAO6B,MAAMI,gBAAgBH,KAAKM,YAC3CN,MAAMH,OAAOG,IAAAA,GAAOJ,QAAQU,QAAAA,CAAAA;IAEhC,CACCtB,MAAMa,OAAAA,CAAAA;;;;;;;;;;;;;;;;;;;;;;IAyBbU,OAAgBrC,OAAeE,SAAgC;AAC7D,SAAOT,qBAAI4C,OAAOrC,OAAOE,QAAAA;;CAGnBO,gBACNP,SACAoC,KAC6B;AAC7B,SAAOpC,QAAQQ;AACf,MAAI4B,QAAQ,cACV,QAAO,QAA4BC;MAEnC,QAAO,QAA8BC;AAEvC,SAAOtC,UACH;GACE,GAAG,KAAKA,QAAQoC;GAChB,GAAGpC;GACL,GAEA,KAAKA,QAAQoC;;CAGX3B,aACNX,OACAE,SACAoC,KACAG,mBACkD;AAWlD,SAVe,KAAKvC,QAAQwC,sBACxB,KAAKxC,QAAQwC,oBAAoBD,mBAAmBzC,OAAOE,QAAAA,GAC3DA,SAASQ,UACT,KAAKR,QAAQQ,WACZ4B,QAAQ,eACL,SAA6BC,cAAc,KAAKrC,QAAQqC,aACxD,SAA+BC,aAC/B,KAAKtC,QAAQsC,cACjB,KAAKtC,QAAQoC;;;;;;;;;ACtTrB,SAAgBO,kBACdC,QAA8D;AAI9D,KAAI,OAAOA,WAAW,WACpB,QAAOH,4BAAeI,QAAQH,iBAAiBE,OAAAA;AAEjD,QAAOH,4BAAeK,MAAMJ,iBAAiBE,OAAAA;;;;;;;;;;;;;;;;;;;;;GClD/C,MAAaI,oBAAoBD,qBAAIC;;;;;;;;;;;;;;;;;GAmBrC,MAAaC,iBAAiBF,qBAAIE;;;;;;;;;;;;;;;;;GAmBlC,MAAaC,oBAAoBH,qBAAIG"}
1
+ {"version":3,"file":"index.cjs","names":["z","RequestType","AlgorithmType","enum","JwtHeaderSchema","object","alg","or","string","typ","optional","cty","crit","array","kid","jku","x5u","union","x5t","x5c","SignOptionsSchema","algorithm","keyid","expiresIn","number","notBefore","audience","instanceof","RegExp","subject","issuer","jwtid","mutatePayload","boolean","noTimestamp","header","encoding","allowInsecureKeySizes","allowInvalidAsymmetricKeyTypes","VerifyOptionsSchema","algorithms","clockTimestamp","clockTolerance","complete","ignoreExpiration","ignoreNotBefore","nonce","maxAge","SecretSchema","Buffer","type","passthrough","key","passphrase","JwtServiceOptionsSchema","signOptions","secret","publicKey","privateKey","verifyOptions","secretOrKeyProvider","function","input","any","output","inject","Injectable","InjectionToken","Logger","jwt","JwtServiceOptionsSchema","RequestType","JwtServiceToken","create","Symbol","for","token","JwtService","options","logger","context","name","sign","payload","signOptions","secret","prepareSign","signAsync","Promise","resolve","reject","err","encoded","verify","verifyOptions","prepareVerify","verifyAsync","decoded","decode","mergeJwtOptions","getSecretKey","Sign","allowedSignOptKeys","signOptKeys","Object","keys","some","k","includes","Error","join","Verify","key","privateKey","publicKey","secretRequestType","secretOrKeyProvider","InjectionToken","JwtServiceToken","provideJwtService","config","factory","bound","jwt","TokenExpiredError","NotBeforeError","JsonWebTokenError"],"sources":["../src/options/jwt-service.options.mts","../src/jwt.service.mts","../src/jwt-service.provider.mts","../src/index.mts"],"sourcesContent":["import type { Secret as JwtSecret } from 'jsonwebtoken'\n\nimport { z } from 'zod/v4'\n\n/**\n * Request type for secret or key provider functions.\n *\n * Used to distinguish between signing and verification operations when\n * dynamically resolving secrets or keys.\n */\nexport enum RequestType {\n /** Request is for signing a token */\n Sign = 'Sign',\n /** Request is for verifying a token */\n Verify = 'Verify',\n}\n\n/**\n * Supported JWT algorithms.\n *\n * Includes symmetric (HMAC) and asymmetric (RSA, ECDSA, EdDSA) algorithms.\n */\nexport const AlgorithmType = z.enum([\n 'HS256',\n 'HS384',\n 'HS512',\n 'RS256',\n 'RS384',\n 'RS512',\n 'ES256',\n 'ES384',\n 'ES512',\n 'PS256',\n 'PS384',\n 'PS512',\n 'none',\n])\n\n/**\n * JWT header schema.\n *\n * Defines the structure of the JWT header with standard claims.\n */\nexport const JwtHeaderSchema = z.object({\n alg: AlgorithmType.or(z.string()),\n typ: z.string().optional(),\n cty: z.string().optional(),\n crit: z.string().array().optional(),\n kid: z.string().optional(),\n jku: z.string().optional(),\n x5u: z.union([z.string(), z.array(z.string())]).optional(),\n 'x5t#S256': z.string().optional(),\n x5t: z.string().optional(),\n x5c: z.union([z.string(), z.array(z.string())]).optional(),\n})\n\n/**\n * JWT header type.\n *\n * Contains algorithm, type, and optional header claims.\n */\nexport type JwtHeader = z.infer<typeof JwtHeaderSchema>\n\n/**\n * Schema for JWT signing options.\n *\n * Defines all available options for signing tokens including algorithm,\n * expiration, audience, issuer, and other standard JWT claims.\n */\nexport const SignOptionsSchema = z.object({\n algorithm: AlgorithmType.optional(),\n keyid: z.string().optional(),\n expiresIn: z.union([z.string(), z.number()]).optional(),\n notBefore: z.union([z.string(), z.number()]).optional(),\n audience: z\n .union([\n z.string(),\n z.instanceof(RegExp),\n z.array(z.union([z.string(), z.instanceof(RegExp)])),\n ])\n .optional(),\n subject: z.string().optional(),\n issuer: z.string().optional(),\n jwtid: z.string().optional(),\n mutatePayload: z.boolean().optional(),\n noTimestamp: z.boolean().optional(),\n header: JwtHeaderSchema.optional(),\n encoding: z.string().optional(),\n allowInsecureKeySizes: z.boolean().optional(),\n allowInvalidAsymmetricKeyTypes: z.boolean().optional(),\n})\n\n/**\n * Options for signing JWT tokens.\n *\n * @see SignOptionsSchema for the complete schema definition\n */\nexport type SignOptions = z.infer<typeof SignOptionsSchema>\n\n/**\n * Schema for JWT verification options.\n *\n * Defines all available options for verifying tokens including allowed\n * algorithms, audience, issuer, expiration handling, and other validation rules.\n */\nexport const VerifyOptionsSchema = z.object({\n algorithms: AlgorithmType.array().optional(),\n audience: z\n .union([\n z.string(),\n z.instanceof(RegExp),\n z.array(z.union([z.string(), z.instanceof(RegExp)])),\n ])\n .optional(),\n clockTimestamp: z.number().optional(),\n clockTolerance: z.number().optional(),\n complete: z.boolean().optional(),\n issuer: z.union([z.string(), z.string().array()]).optional(),\n ignoreExpiration: z.boolean().optional(),\n ignoreNotBefore: z.boolean().optional(),\n jwtid: z.string().optional(),\n nonce: z.string().optional(),\n subject: z.string().optional(),\n maxAge: z.union([z.string(), z.number()]).optional(),\n allowInvalidAsymmetricKeyTypes: z.boolean().optional(),\n})\n\n/**\n * Options for verifying JWT tokens.\n *\n * @see VerifyOptionsSchema for the complete schema definition\n */\nexport type VerifyOptions = z.infer<typeof VerifyOptionsSchema>\n\n/**\n * Schema for JWT secret/key types.\n *\n * Supports string secrets, Buffer objects, and key objects with passphrases.\n */\nexport const SecretSchema = z.union([\n z.string(),\n z.instanceof(Buffer),\n z\n .object({\n type: z.string(),\n })\n .passthrough(),\n z.object({\n key: z.union([z.string(), z.instanceof(Buffer)]),\n passphrase: z.string(),\n }),\n])\n\n/**\n * Secret or key type for JWT operations.\n *\n * Can be a string, Buffer, or an object with key and optional passphrase.\n */\nexport type Secret = z.infer<typeof SecretSchema>\n\nexport const JwtServiceOptionsSchema = z.object({\n signOptions: SignOptionsSchema.optional(),\n secret: z.string().optional(),\n publicKey: z.union([z.string(), z.instanceof(Buffer)]).optional(),\n privateKey: SecretSchema.optional(),\n verifyOptions: VerifyOptionsSchema.optional(),\n secretOrKeyProvider: z\n .function({\n input: [\n z.enum(RequestType),\n z.any(),\n z.union([SignOptionsSchema, VerifyOptionsSchema]).optional(),\n ],\n output: SecretSchema,\n })\n .optional(),\n})\n\n/**\n * Configuration options for the JWT service.\n *\n * @property signOptions - Default options for signing tokens\n * @property secret - Default secret for symmetric algorithms (HS256, HS384, HS512)\n * @property publicKey - Default public key for asymmetric algorithms (RS256, ES256, etc.)\n * @property privateKey - Default private key for asymmetric algorithms\n * @property verifyOptions - Default options for verifying tokens\n * @property secretOrKeyProvider - Optional function to dynamically resolve secrets/keys\n *\n * @example\n * ```ts\n * const options: JwtServiceOptions = {\n * secret: 'your-secret-key',\n * signOptions: {\n * expiresIn: '1h',\n * algorithm: 'HS256',\n * },\n * verifyOptions: {\n * algorithms: ['HS256'],\n * },\n * }\n * ```\n */\nexport type JwtServiceOptions = z.infer<typeof JwtServiceOptionsSchema>\n\n/**\n * Options for signing JWT tokens.\n *\n * Extends `SignOptions` with additional properties for specifying\n * the secret or private key to use for signing.\n *\n * @property secret - Secret key for symmetric algorithms (overrides service default)\n * @property privateKey - Private key for asymmetric algorithms (overrides service default)\n */\nexport interface JwtSignOptions extends SignOptions {\n /** Secret key for symmetric algorithms */\n secret?: string | Buffer\n /** Private key for asymmetric algorithms */\n privateKey?: Secret\n}\n\n/**\n * Options for verifying JWT tokens.\n *\n * Extends `VerifyOptions` with additional properties for specifying\n * the secret or public key to use for verification.\n *\n * @property secret - Secret key for symmetric algorithms (overrides service default)\n * @property publicKey - Public key for asymmetric algorithms (overrides service default)\n */\nexport interface JwtVerifyOptions extends VerifyOptions {\n /** Secret key for symmetric algorithms */\n secret?: string | Buffer\n /** Public key for asymmetric algorithms */\n publicKey?: string | Buffer\n}\n\n/**\n * Result type for secret/key resolution.\n *\n * Represents the possible return types from secret or key provider functions.\n */\nexport type GetSecretKeyResult = string | Buffer | JwtSecret\n","import { inject, Injectable, InjectionToken, Logger } from '@navios/core'\n\nimport jwt from 'jsonwebtoken'\n\nimport type {\n GetSecretKeyResult,\n JwtServiceOptions,\n JwtSignOptions,\n JwtVerifyOptions,\n SignOptions,\n VerifyOptions,\n} from './options/jwt-service.options.mjs'\n\nimport {\n JwtServiceOptionsSchema,\n RequestType,\n} from './options/jwt-service.options.mjs'\n\n/**\n * Injection token for JwtService.\n *\n * Used internally by the dependency injection system to register and resolve JwtService instances.\n */\nexport const JwtServiceToken = InjectionToken.create(\n Symbol.for('JwtService'),\n JwtServiceOptionsSchema,\n)\n\n/**\n * Service for signing, verifying, and decoding JSON Web Tokens (JWTs).\n *\n * This service provides a type-safe wrapper around the `jsonwebtoken` library with\n * seamless integration into Navios's dependency injection system. It supports both\n * symmetric (HS256, HS384, HS512) and asymmetric (RS256, ES256, etc.) algorithms.\n *\n * @example\n * ```ts\n * import { provideJwtService } from '@navios/jwt'\n * import { inject } from '@navios/core'\n *\n * const JwtService = provideJwtService({\n * secret: 'your-secret-key',\n * signOptions: { expiresIn: '1h' },\n * })\n *\n * @Injectable()\n * class AuthService {\n * jwtService = inject(JwtService)\n *\n * async login(userId: string) {\n * const token = this.jwtService.sign({ userId, role: 'user' })\n * return token\n * }\n * }\n * ```\n */\n@Injectable({\n token: JwtServiceToken,\n})\nexport class JwtService {\n logger = inject(Logger, {\n context: JwtService.name,\n })\n\n /**\n * Creates a new JwtService instance.\n *\n * @param options - Configuration options for the JWT service\n */\n constructor(private readonly options: JwtServiceOptions = {}) {}\n\n /**\n * Signs a JWT payload synchronously.\n *\n * When the payload is a string, only `secret` and `privateKey` options are allowed.\n * For object or Buffer payloads, all sign options are available.\n *\n * @param payload - The payload to sign. Can be a string, Buffer, or object.\n * @param options - Signing options. When payload is a string, only `secret` and `privateKey` are allowed.\n * @returns The signed JWT token as a string\n * @throws {Error} If payload is a string and invalid options are provided\n *\n * @example\n * ```ts\n * // Sign with object payload\n * const token = jwtService.sign(\n * { userId: '123', role: 'admin' },\n * { expiresIn: '1h' }\n * )\n *\n * // Sign with string payload (limited options)\n * const token = jwtService.sign('payload-string', { secret: 'key' })\n * ```\n */\n sign(\n payload: string,\n options?: Omit<JwtSignOptions, keyof SignOptions>,\n ): string\n /**\n * Signs a JWT payload synchronously.\n *\n * @param payload - The payload to sign. Can be a Buffer or object.\n * @param options - Signing options including algorithm, expiration, etc.\n * @returns The signed JWT token as a string\n */\n sign(payload: Buffer | object, options?: JwtSignOptions): string\n sign(\n payload: string | Buffer | object,\n options: JwtSignOptions = {},\n ): string {\n const { signOptions, secret } = this.prepareSign(payload, options)\n return jwt.sign(payload, secret, signOptions)\n }\n\n /**\n * Signs a JWT payload asynchronously.\n *\n * Supports the same payload types and options as `sign()`.\n *\n * @param payload - The payload to sign. Can be a string, Buffer, or object.\n * @param options - Signing options. When payload is a string, only `secret` and `privateKey` are allowed.\n * @returns A Promise that resolves to the signed JWT token as a string\n * @throws {Error} If payload is a string and invalid options are provided\n *\n * @example\n * ```ts\n * const token = await jwtService.signAsync(\n * { userId: '123' },\n * { expiresIn: '1h' }\n * )\n * ```\n */\n signAsync(\n payload: string,\n options?: Omit<JwtSignOptions, keyof jwt.SignOptions>,\n ): Promise<string>\n /**\n * Signs a JWT payload asynchronously.\n *\n * @param payload - The payload to sign. Can be a Buffer or object.\n * @param options - Signing options including algorithm, expiration, etc.\n * @returns A Promise that resolves to the signed JWT token as a string\n */\n signAsync(payload: Buffer | object, options?: JwtSignOptions): Promise<string>\n signAsync(\n payload: string | Buffer | object,\n options: JwtSignOptions = {},\n ): Promise<string> {\n const { signOptions, secret } = this.prepareSign(payload, options)\n return new Promise((resolve, reject) => {\n jwt.sign(payload, secret, signOptions, (err, encoded) =>\n err ? reject(err) : resolve(encoded as string),\n )\n })\n }\n\n /**\n * Verifies and decodes a JWT token synchronously.\n *\n * This method validates the token's signature, expiration, and other claims\n * according to the provided options. If verification fails, an error is thrown.\n *\n * @template T - The expected type of the decoded payload\n * @param token - The JWT token string to verify\n * @param options - Verification options including algorithms, audience, issuer, etc.\n * @returns The decoded payload as type T\n * @throws {TokenExpiredError} If the token has expired\n * @throws {NotBeforeError} If the token is not yet valid (nbf claim)\n * @throws {JsonWebTokenError} If the token is invalid or malformed\n *\n * @example\n * ```ts\n * try {\n * const payload = jwtService.verify<{ userId: string; role: string }>(token)\n * console.log(payload.userId) // '123'\n * } catch (error) {\n * if (error instanceof TokenExpiredError) {\n * console.error('Token expired')\n * }\n * }\n * ```\n */\n verify<T extends object = any>(\n token: string,\n options: JwtVerifyOptions = {},\n ): T {\n const { verifyOptions, secret } = this.prepareVerify(token, options)\n // @ts-expect-error We check it\n return jwt.verify(token, secret, verifyOptions) as unknown as T\n }\n\n /**\n * Verifies and decodes a JWT token asynchronously.\n *\n * Provides the same validation as `verify()`.\n *\n * @template T - The expected type of the decoded payload\n * @param token - The JWT token string to verify\n * @param options - Verification options including algorithms, audience, issuer, etc.\n * @returns A Promise that resolves to the decoded payload as type T\n * @throws {TokenExpiredError} If the token has expired\n * @throws {NotBeforeError} If the token is not yet valid (nbf claim)\n * @throws {JsonWebTokenError} If the token is invalid or malformed\n *\n * @example\n * ```ts\n * try {\n * const payload = await jwtService.verifyAsync<{ userId: string }>(token)\n * console.log(payload.userId)\n * } catch (error) {\n * if (error instanceof TokenExpiredError) {\n * console.error('Token expired')\n * }\n * }\n * ```\n */\n verifyAsync<T extends object = any>(\n token: string,\n options: JwtVerifyOptions = {},\n ): Promise<T> {\n const { verifyOptions, secret } = this.prepareVerify(token, options)\n return new Promise((resolve, reject) => {\n // @ts-expect-error We check it\n jwt.verify(token, secret, verifyOptions, (err, decoded) =>\n err ? reject(err) : resolve(decoded as T),\n )\n })\n }\n\n /**\n * Decodes a JWT token without verification.\n *\n * This method decodes the token without validating its signature or claims.\n * Use this only when you need to inspect the token contents without verification.\n * For secure token validation, use `verify()` or `verifyAsync()` instead.\n *\n * @template T - The expected type of the decoded payload\n * @param token - The JWT token string to decode\n * @param options - Decode options (complete, json, etc.)\n * @returns The decoded payload as type T, or null if decoding fails\n *\n * @example\n * ```ts\n * // Decode without verification (not recommended for production)\n * const payload = jwtService.decode<{ userId: string }>(token)\n * if (payload) {\n * console.log(payload.userId)\n * }\n * ```\n */\n decode<T = any>(token: string, options?: jwt.DecodeOptions): T {\n return jwt.decode(token, options) as T\n }\n\n private prepareSign(\n payload: string | Buffer | object,\n options: JwtSignOptions,\n ): { signOptions: jwt.SignOptions; secret: GetSecretKeyResult } {\n const signOptions = this.mergeJwtOptions(\n { ...options },\n 'signOptions',\n ) as jwt.SignOptions\n const secret = this.getSecretKey(\n payload,\n options,\n 'privateKey',\n RequestType.Sign,\n )\n\n const allowedSignOptKeys = ['secret', 'privateKey']\n const signOptKeys = Object.keys(signOptions)\n if (\n typeof payload === 'string' &&\n signOptKeys.some((k) => !allowedSignOptKeys.includes(k))\n ) {\n throw new Error(\n 'Payload as string is not allowed with the following sign options: ' +\n signOptKeys.join(', '),\n )\n }\n\n return { signOptions, secret }\n }\n\n private prepareVerify(\n token: string,\n options: JwtVerifyOptions,\n ): {\n verifyOptions: VerifyOptions | SignOptions\n secret: GetSecretKeyResult\n } {\n const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions')\n const secret = this.getSecretKey(\n token,\n options,\n 'publicKey',\n RequestType.Verify,\n )\n return { verifyOptions, secret }\n }\n\n private mergeJwtOptions(\n options: JwtVerifyOptions | JwtSignOptions,\n key: 'verifyOptions' | 'signOptions',\n ): VerifyOptions | SignOptions {\n delete options.secret\n if (key === 'signOptions') {\n delete (options as JwtSignOptions).privateKey\n } else {\n delete (options as JwtVerifyOptions).publicKey\n }\n return options\n ? {\n ...this.options[key],\n ...options,\n }\n : // @ts-expect-error We check it\n this.options[key]\n }\n\n private getSecretKey(\n token: string | object | Buffer,\n options: JwtVerifyOptions | JwtSignOptions,\n key: 'publicKey' | 'privateKey',\n secretRequestType: RequestType,\n ): GetSecretKeyResult {\n const secret = this.options.secretOrKeyProvider\n ? this.options.secretOrKeyProvider(secretRequestType, token, options)\n : options?.secret ||\n this.options.secret ||\n (key === 'privateKey'\n ? (options as JwtSignOptions)?.privateKey || this.options.privateKey\n : (options as JwtVerifyOptions)?.publicKey ||\n this.options.publicKey) ||\n this.options[key]\n\n return secret as GetSecretKeyResult\n }\n}\n","import type { BoundInjectionToken, FactoryInjectionToken } from '@navios/core'\n\nimport { InjectionToken } from '@navios/core'\n\nimport type { JwtServiceOptions } from './options/jwt-service.options.mjs'\n\nimport { JwtService, JwtServiceToken } from './jwt.service.mjs'\nimport { JwtServiceOptionsSchema } from './options/jwt-service.options.mjs'\n\n/**\n * Creates a JWT service provider for dependency injection.\n *\n * This function creates an injection token that can be used to register and resolve\n * `JwtService` instances in the Navios dependency injection container. It supports\n * both static configuration and async factory functions for dynamic configuration.\n *\n * @param config - Static JWT service configuration options\n * @returns A bound injection token that can be used with `inject()` or `syncInject()`\n *\n * @example\n * ```ts\n * // Static configuration\n * const JwtService = provideJwtService({\n * secret: 'your-secret-key',\n * signOptions: { expiresIn: '1h' },\n * })\n *\n * @Injectable()\n * class AuthService {\n * jwtService = inject(JwtService)\n * }\n * ```\n */\nexport function provideJwtService(\n config: JwtServiceOptions,\n): BoundInjectionToken<JwtService, typeof JwtServiceOptionsSchema>\n/**\n * Creates a JWT service provider with async configuration factory.\n *\n * Use this overload when you need to load configuration asynchronously, such as\n * fetching secrets from a configuration service or environment variables.\n *\n * @param config - Async factory function that returns JWT service configuration\n * @returns A factory injection token that resolves configuration asynchronously\n *\n * @example\n * ```ts\n * // Async configuration\n * const JwtService = provideJwtService(async () => {\n * const configService = await inject(ConfigService)\n * return {\n * secret: configService.jwt.secret,\n * signOptions: { expiresIn: configService.jwt.expiresIn },\n * }\n * })\n *\n * @Injectable()\n * class AuthService {\n * jwtService = inject(JwtService)\n * }\n * ```\n */\nexport function provideJwtService(\n config: () => Promise<JwtServiceOptions>,\n): FactoryInjectionToken<JwtService, typeof JwtServiceOptionsSchema>\nexport function provideJwtService(\n config: JwtServiceOptions | (() => Promise<JwtServiceOptions>),\n):\n | BoundInjectionToken<JwtService, typeof JwtServiceOptionsSchema>\n | FactoryInjectionToken<JwtService, typeof JwtServiceOptionsSchema> {\n if (typeof config === 'function') {\n return InjectionToken.factory(JwtServiceToken, config)\n }\n return InjectionToken.bound(JwtServiceToken, config)\n}\n","import jwt from 'jsonwebtoken'\n\nexport * from './options/jwt-service.options.mjs'\nexport * from './jwt.service.mjs'\nexport * from './jwt-service.provider.mjs'\n\n/**\n * Error thrown when a JWT token has expired.\n *\n * This error is thrown by `verify()` and `verifyAsync()` when the token's\n * expiration time (exp claim) has passed.\n *\n * @example\n * ```ts\n * try {\n * jwtService.verify(token)\n * } catch (error) {\n * if (error instanceof TokenExpiredError) {\n * console.error('Token expired at:', error.expiredAt)\n * }\n * }\n * ```\n */\nexport const TokenExpiredError = jwt.TokenExpiredError\n\n/**\n * Error thrown when a JWT token is not yet valid.\n *\n * This error is thrown by `verify()` and `verifyAsync()` when the token's\n * \"not before\" time (nbf claim) is in the future.\n *\n * @example\n * ```ts\n * try {\n * jwtService.verify(token)\n * } catch (error) {\n * if (error instanceof NotBeforeError) {\n * console.error('Token not valid until:', error.date)\n * }\n * }\n * ```\n */\nexport const NotBeforeError = jwt.NotBeforeError\n\n/**\n * Base error class for JWT-related errors.\n *\n * This is the base class for all JWT errors including `TokenExpiredError`\n * and `NotBeforeError`. It's thrown for invalid or malformed tokens.\n *\n * @example\n * ```ts\n * try {\n * jwtService.verify(token)\n * } catch (error) {\n * if (error instanceof JsonWebTokenError) {\n * console.error('JWT error:', error.message)\n * }\n * }\n * ```\n */\nexport const JsonWebTokenError = jwt.JsonWebTokenError\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAUA,IAAO,cAAKC,yBAAAA,eAAAA;sCACyB,eAAA,UAAA;wCAEE,eAAA,YAAA;QAH3BA;;;;;;GAYZ,MAAaC,gBAAgBF,SAAEG,KAAK;CAClC;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAA;;;;;GAOD,MAAaC,kBAAkBJ,SAAEK,OAAO;CACtCC,KAAKJ,cAAcK,GAAGP,SAAEQ,QAAM,CAAA;CAC9BC,KAAKT,SAAEQ,QAAM,CAAGE,UAAQ;CACxBC,KAAKX,SAAEQ,QAAM,CAAGE,UAAQ;CACxBE,MAAMZ,SAAEQ,QAAM,CAAGK,OAAK,CAAGH,UAAQ;CACjCI,KAAKd,SAAEQ,QAAM,CAAGE,UAAQ;CACxBK,KAAKf,SAAEQ,QAAM,CAAGE,UAAQ;CACxBM,KAAKhB,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAEa,MAAMb,SAAEQ,QAAM,CAAA,CAAI,CAAA,CAAEE,UAAQ;CACxD,YAAYV,SAAEQ,QAAM,CAAGE,UAAQ;CAC/BQ,KAAKlB,SAAEQ,QAAM,CAAGE,UAAQ;CACxBS,KAAKnB,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAEa,MAAMb,SAAEQ,QAAM,CAAA,CAAI,CAAA,CAAEE,UAAQ;CAC1D,CAAA;;;;;;GAeA,MAAaU,oBAAoBpB,SAAEK,OAAO;CACxCgB,WAAWnB,cAAcQ,UAAQ;CACjCY,OAAOtB,SAAEQ,QAAM,CAAGE,UAAQ;CAC1Ba,WAAWvB,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAEwB,QAAM,CAAG,CAAA,CAAEd,UAAQ;CACrDe,WAAWzB,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAEwB,QAAM,CAAG,CAAA,CAAEd,UAAQ;CACrDgB,UAAU1B,SACPiB,MAAM;EACLjB,SAAEQ,QAAM;EACRR,SAAE2B,WAAWC,OAAAA;EACb5B,SAAEa,MAAMb,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAE2B,WAAWC,OAAAA,CAAQ,CAAA,CAAA;EACnD,CAAA,CACAlB,UAAQ;CACXmB,SAAS7B,SAAEQ,QAAM,CAAGE,UAAQ;CAC5BoB,QAAQ9B,SAAEQ,QAAM,CAAGE,UAAQ;CAC3BqB,OAAO/B,SAAEQ,QAAM,CAAGE,UAAQ;CAC1BsB,eAAehC,SAAEiC,SAAO,CAAGvB,UAAQ;CACnCwB,aAAalC,SAAEiC,SAAO,CAAGvB,UAAQ;CACjCyB,QAAQ/B,gBAAgBM,UAAQ;CAChC0B,UAAUpC,SAAEQ,QAAM,CAAGE,UAAQ;CAC7B2B,uBAAuBrC,SAAEiC,SAAO,CAAGvB,UAAQ;CAC3C4B,gCAAgCtC,SAAEiC,SAAO,CAAGvB,UAAQ;CACtD,CAAA;;;;;;GAeA,MAAa6B,sBAAsBvC,SAAEK,OAAO;CAC1CmC,YAAYtC,cAAcW,OAAK,CAAGH,UAAQ;CAC1CgB,UAAU1B,SACPiB,MAAM;EACLjB,SAAEQ,QAAM;EACRR,SAAE2B,WAAWC,OAAAA;EACb5B,SAAEa,MAAMb,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAE2B,WAAWC,OAAAA,CAAQ,CAAA,CAAA;EACnD,CAAA,CACAlB,UAAQ;CACX+B,gBAAgBzC,SAAEwB,QAAM,CAAGd,UAAQ;CACnCgC,gBAAgB1C,SAAEwB,QAAM,CAAGd,UAAQ;CACnCiC,UAAU3C,SAAEiC,SAAO,CAAGvB,UAAQ;CAC9BoB,QAAQ9B,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAEQ,QAAM,CAAGK,OAAK,CAAG,CAAA,CAAEH,UAAQ;CAC1DkC,kBAAkB5C,SAAEiC,SAAO,CAAGvB,UAAQ;CACtCmC,iBAAiB7C,SAAEiC,SAAO,CAAGvB,UAAQ;CACrCqB,OAAO/B,SAAEQ,QAAM,CAAGE,UAAQ;CAC1BoC,OAAO9C,SAAEQ,QAAM,CAAGE,UAAQ;CAC1BmB,SAAS7B,SAAEQ,QAAM,CAAGE,UAAQ;CAC5BqC,QAAQ/C,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAEwB,QAAM,CAAG,CAAA,CAAEd,UAAQ;CAClD4B,gCAAgCtC,SAAEiC,SAAO,CAAGvB,UAAQ;CACtD,CAAA;;;;;GAcA,MAAasC,eAAehD,SAAEiB,MAAM;CAClCjB,SAAEQ,QAAM;CACRR,SAAE2B,WAAWsB,OAAAA;CACbjD,SACGK,OAAO,EACN6C,MAAMlD,SAAEQ,QAAM,EAChB,CAAA,CACC2C,aAAW;CACdnD,SAAEK,OAAO;EACP+C,KAAKpD,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAE2B,WAAWsB,OAAAA,CAAQ,CAAA;EAC/CI,YAAYrD,SAAEQ,QAAM;EACtB,CAAA;CACD,CAAA;AASD,MAAa8C,0BAA0BtD,SAAEK,OAAO;CAC9CkD,aAAanC,kBAAkBV,UAAQ;CACvC8C,QAAQxD,SAAEQ,QAAM,CAAGE,UAAQ;CAC3B+C,WAAWzD,SAAEiB,MAAM,CAACjB,SAAEQ,QAAM,EAAIR,SAAE2B,WAAWsB,OAAAA,CAAQ,CAAA,CAAEvC,UAAQ;CAC/DgD,YAAYV,aAAatC,UAAQ;CACjCiD,eAAepB,oBAAoB7B,UAAQ;CAC3CkD,qBAAqB5D,SAClB6D,SAAS;EACRC,OAAO;GACL9D,SAAEG,KAAKF,YAAAA;GACPD,SAAE+D,KAAG;GACL/D,SAAEiB,MAAM,CAACG,mBAAmBmB,oBAAoB,CAAA,CAAE7B,UAAQ;GAC3D;EACDsD,QAAQhB;EACV,CAAA,CACCtC,UAAQ;CACb,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GCzJA,MAAa8D,kBAAkBL,4BAAeM,OAC5CC,OAAOC,IAAI,aAAA,EACXL,wBAAAA;;oCA+BU,EACVM,OAAOJ,iBACT,CAAA;AACO,IAAMK,aAAN,MAAMA;;;;;;;;;IAUX,YAAY,UAA8C,EAAE,EAAE;OAAjCC,UAAAA;;CAT7BC,kCAAgBX,qBAAQ,EACtBY,SAASH,YAAWI,MACtB,CAAA;CA4CAC,KACEC,SACAL,UAA0B,EAAE,EACpB;EACR,MAAM,EAAEM,aAAaC,WAAW,KAAKC,YAAYH,SAASL,QAAAA;AAC1D,SAAOT,qBAAIa,KAAKC,SAASE,QAAQD,YAAAA;;CAiCnCG,UACEJ,SACAL,UAA0B,EAAE,EACX;EACjB,MAAM,EAAEM,aAAaC,WAAW,KAAKC,YAAYH,SAASL,QAAAA;AAC1D,SAAO,IAAIU,SAASC,SAASC,WAAAA;AAC3BrB,wBAAIa,KAAKC,SAASE,QAAQD,cAAcO,KAAKC,YAC3CD,MAAMD,OAAOC,IAAAA,GAAOF,QAAQG,QAAAA,CAAAA;IAEhC;;;;;;;;;;;;;;;;;;;;;;;;;;;IA6BFC,OACEjB,OACAE,UAA4B,EAAE,EAC3B;EACH,MAAM,EAAEgB,eAAeT,WAAW,KAAKU,cAAcnB,OAAOE,QAAAA;AAE5D,SAAOT,qBAAIwB,OAAOjB,OAAOS,QAAQS,cAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;IA4BnCE,YACEpB,OACAE,UAA4B,EAAE,EAClB;EACZ,MAAM,EAAEgB,eAAeT,WAAW,KAAKU,cAAcnB,OAAOE,QAAAA;AAC5D,SAAO,IAAIU,SAASC,SAASC,WAAAA;AAE3BrB,wBAAIwB,OAAOjB,OAAOS,QAAQS,gBAAgBH,KAAKM,YAC7CN,MAAMD,OAAOC,IAAAA,GAAOF,QAAQQ,QAAAA,CAAAA;IAEhC;;;;;;;;;;;;;;;;;;;;;;IAwBFC,OAAgBtB,OAAeE,SAAgC;AAC7D,SAAOT,qBAAI6B,OAAOtB,OAAOE,QAAAA;;CAGnBQ,YACNH,SACAL,SAC8D;EAC9D,MAAMM,cAAc,KAAKe,gBACvB,EAAE,GAAGrB,SAAQ,EACb,cAAA;EAEF,MAAMO,SAAS,KAAKe,aAClBjB,SACAL,SACA,cACAP,YAAY8B,KAAI;EAGlB,MAAMC,qBAAqB,CAAC,UAAU,aAAa;EACnD,MAAMC,cAAcC,OAAOC,KAAKrB,YAAAA;AAChC,MACE,OAAOD,YAAY,YACnBoB,YAAYG,MAAMC,MAAM,CAACL,mBAAmBM,SAASD,EAAAA,CAAAA,CAErD,OAAM,IAAIE,MACR,uEACEN,YAAYO,KAAK,KAAA,CAAA;AAIvB,SAAO;GAAE1B;GAAaC;GAAO;;CAGvBU,cACNnB,OACAE,SAIA;AAQA,SAAO;GAAEgB,eAPa,KAAKK,gBAAgB,EAAE,GAAGrB,SAAQ,EAAG,gBAAA;GAOnCO,QANT,KAAKe,aAClBxB,OACAE,SACA,aACAP,YAAYwC,OAAM;GAEW;;CAGzBZ,gBACNrB,SACAkC,KAC6B;AAC7B,SAAOlC,QAAQO;AACf,MAAI2B,QAAQ,cACV,QAAO,QAA4BC;MAEnC,QAAO,QAA8BC;AAEvC,SAAOpC,UACH;GACE,GAAG,KAAKA,QAAQkC;GAChB,GAAGlC;GACL,GAEA,KAAKA,QAAQkC;;CAGXZ,aACNxB,OACAE,SACAkC,KACAG,mBACoB;AAWpB,SAVe,KAAKrC,QAAQsC,sBACxB,KAAKtC,QAAQsC,oBAAoBD,mBAAmBvC,OAAOE,QAAAA,GAC3DA,SAASO,UACT,KAAKP,QAAQO,WACZ2B,QAAQ,eACL,SAA6BC,cAAc,KAAKnC,QAAQmC,aACxD,SAA+BC,aAC/B,KAAKpC,QAAQoC,cACjB,KAAKpC,QAAQkC;;;;;;;;;AC7QrB,SAAgBO,kBACdC,QAA8D;AAI9D,KAAI,OAAOA,WAAW,WACpB,QAAOH,4BAAeI,QAAQH,iBAAiBE,OAAAA;AAEjD,QAAOH,4BAAeK,MAAMJ,iBAAiBE,OAAAA;;;;;;;;;;;;;;;;;;;;;GClD/C,MAAaI,oBAAoBD,qBAAIC;;;;;;;;;;;;;;;;;GAmBrC,MAAaC,iBAAiBF,qBAAIE;;;;;;;;;;;;;;;;;GAmBlC,MAAaC,oBAAoBH,qBAAIG"}
package/lib/index.d.cts CHANGED
@@ -375,17 +375,12 @@ declare const JwtServiceOptionsSchema: z.ZodObject<{
375
375
  subject: z.ZodOptional<z.ZodString>;
376
376
  maxAge: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
377
377
  allowInvalidAsymmetricKeyTypes: z.ZodOptional<z.ZodBoolean>;
378
- }, z.core.$strip>]>>], null>, z.ZodUnion<readonly [z.ZodUnion<readonly [z.ZodString, z.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>, z.ZodObject<{
378
+ }, z.core.$strip>]>>], null>, z.ZodUnion<readonly [z.ZodString, z.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>, z.ZodObject<{
379
379
  type: z.ZodString;
380
380
  }, z.core.$loose>, z.ZodObject<{
381
381
  key: z.ZodUnion<readonly [z.ZodString, z.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>]>;
382
382
  passphrase: z.ZodString;
383
- }, z.core.$strip>]>, z.ZodPromise<z.ZodUnion<readonly [z.ZodString, z.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>, z.ZodObject<{
384
- type: z.ZodString;
385
- }, z.core.$loose>, z.ZodObject<{
386
- key: z.ZodUnion<readonly [z.ZodString, z.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>]>;
387
- passphrase: z.ZodString;
388
- }, z.core.$strip>]>>]>>>;
383
+ }, z.core.$strip>]>>>;
389
384
  }, z.core.$strip>;
390
385
  /**
391
386
  * Configuration options for the JWT service.
@@ -630,17 +625,12 @@ declare const JwtServiceToken: InjectionToken<unknown, zod_v40.ZodObject<{
630
625
  subject: zod_v40.ZodOptional<zod_v40.ZodString>;
631
626
  maxAge: zod_v40.ZodOptional<zod_v40.ZodUnion<readonly [zod_v40.ZodString, zod_v40.ZodNumber]>>;
632
627
  allowInvalidAsymmetricKeyTypes: zod_v40.ZodOptional<zod_v40.ZodBoolean>;
633
- }, zod_v4_core0.$strip>]>>], null>, zod_v40.ZodUnion<readonly [zod_v40.ZodUnion<readonly [zod_v40.ZodString, zod_v40.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>, zod_v40.ZodObject<{
634
- type: zod_v40.ZodString;
635
- }, zod_v4_core0.$loose>, zod_v40.ZodObject<{
636
- key: zod_v40.ZodUnion<readonly [zod_v40.ZodString, zod_v40.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>]>;
637
- passphrase: zod_v40.ZodString;
638
- }, zod_v4_core0.$strip>]>, zod_v40.ZodPromise<zod_v40.ZodUnion<readonly [zod_v40.ZodString, zod_v40.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>, zod_v40.ZodObject<{
628
+ }, zod_v4_core0.$strip>]>>], null>, zod_v40.ZodUnion<readonly [zod_v40.ZodString, zod_v40.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>, zod_v40.ZodObject<{
639
629
  type: zod_v40.ZodString;
640
630
  }, zod_v4_core0.$loose>, zod_v40.ZodObject<{
641
631
  key: zod_v40.ZodUnion<readonly [zod_v40.ZodString, zod_v40.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>]>;
642
632
  passphrase: zod_v40.ZodString;
643
- }, zod_v4_core0.$strip>]>>]>>>;
633
+ }, zod_v4_core0.$strip>]>>>;
644
634
  }, zod_v4_core0.$strip>, true>;
645
635
  /**
646
636
  * Service for signing, verifying, and decoding JSON Web Tokens (JWTs).
@@ -688,7 +678,6 @@ declare class JwtService {
688
678
  * @param payload - The payload to sign. Can be a string, Buffer, or object.
689
679
  * @param options - Signing options. When payload is a string, only `secret` and `privateKey` are allowed.
690
680
  * @returns The signed JWT token as a string
691
- * @throws {Error} If `secretOrKeyProvider` returns a Promise (use `signAsync` instead)
692
681
  * @throws {Error} If payload is a string and invalid options are provided
693
682
  *
694
683
  * @example
@@ -715,8 +704,7 @@ declare class JwtService {
715
704
  /**
716
705
  * Signs a JWT payload asynchronously.
717
706
  *
718
- * Use this method when `secretOrKeyProvider` returns a Promise or when you need
719
- * to handle async key resolution. Supports the same payload types and options as `sign()`.
707
+ * Supports the same payload types and options as `sign()`.
720
708
  *
721
709
  * @param payload - The payload to sign. Can be a string, Buffer, or object.
722
710
  * @param options - Signing options. When payload is a string, only `secret` and `privateKey` are allowed.
@@ -725,7 +713,6 @@ declare class JwtService {
725
713
  *
726
714
  * @example
727
715
  * ```ts
728
- * // Sign with async key provider
729
716
  * const token = await jwtService.signAsync(
730
717
  * { userId: '123' },
731
718
  * { expiresIn: '1h' }
@@ -754,7 +741,6 @@ declare class JwtService {
754
741
  * @throws {TokenExpiredError} If the token has expired
755
742
  * @throws {NotBeforeError} If the token is not yet valid (nbf claim)
756
743
  * @throws {JsonWebTokenError} If the token is invalid or malformed
757
- * @throws {Error} If `secretOrKeyProvider` returns a Promise (use `verifyAsync` instead)
758
744
  *
759
745
  * @example
760
746
  * ```ts
@@ -772,8 +758,7 @@ declare class JwtService {
772
758
  /**
773
759
  * Verifies and decodes a JWT token asynchronously.
774
760
  *
775
- * Use this method when `secretOrKeyProvider` returns a Promise or when you need
776
- * to handle async key resolution. Provides the same validation as `verify()`.
761
+ * Provides the same validation as `verify()`.
777
762
  *
778
763
  * @template T - The expected type of the decoded payload
779
764
  * @param token - The JWT token string to verify
@@ -818,6 +803,8 @@ declare class JwtService {
818
803
  * ```
819
804
  */
820
805
  decode<T = any>(token: string, options?: jwt.DecodeOptions): T;
806
+ private prepareSign;
807
+ private prepareVerify;
821
808
  private mergeJwtOptions;
822
809
  private getSecretKey;
823
810
  }
package/lib/index.d.cts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.cts","names":[],"sources":["../src/options/jwt-service.options.mts","../src/jwt.service.mts","../src/jwt-service.provider.mts","../src/index.mts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;AAUY,aAAA,WAAA;EAYC;EAqBA,IAAA,GAAA,MAAA;;;;;;;;;cArBA,eAAa,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;cAqBb,iBAAe,CAAA,CAAA;EAAA,GAAA,YAAA,CAAA,UAAA,CAAA;IAAA,KAAA,EAAA,OAAA;IAkBhB,KAAA,EAAA,OAAS;IAQR,KAAA,EAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;KARD,SAAA,GAAY,CAAA,CAAE,aAAa;;;;;;;cAQ1B,mBAAiB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAA,IAAA,EAAA,MAAA;IAAA,CAAA,CAAA,aAAA,CAAA,CAAA;IA4BlB,GAAA,eAAW,YAAkB,CAAA;IAQ5B,GAAA,eAoBX,YAAA,CAAA;;;;;;;;;;;;;;;;;;KA5BU,WAAA,GAAc,CAAA,CAAE,aAAa;;;;;;;cAQ5B,qBAAmB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;EAAA,QAAA,eAAA,aAAA,CAAA;EAAA,MAAA,eAAA,WAAA,CAAA,SAAA,YAAA,YAAA,YAAA,CAAA,CAAA,CAAA,CAAA;EA2BpB,gBAAa,eAAkB,aAAA,CAAA;EAO9B,eAYX,eAAA,aAAA,CAAA;EAZuB,KAAA,eAAA,YAAA,CAAA;EAAA,KAAA,eAAA,YAAA,CAAA;EAAA,OAAA,eAAA,YAAA,CAAA;EAAA,MAAA,eAAA,WAAA,CAAA,SAAA,YAAA,aAAA,CAAA,CAAA,CAAA;EAAA,8BAAA,eAAA,aAAA,CAAA;CAAA,eAAA,CAAA;;;;;;KAPb,aAAA,GAAgB,CAAA,CAAE,aAAa;;;;;;cAO9B,cAAY,CAAA,CAAA,mBAAA,CAAA,CAAA,WAAA,CAAA,CAAA,UAAA,OAAA,kBAAA,OAAA,mBAAA,CAAA,CAAA;;CAAA,eAAA,CAAA,aAAA,CAAA;EAAA,GAAA,YAAA,CAAA,SAAA,YAAA,aAAA,OAAA,gBAAA,CAAA,QAAA,gBAAA,CAAA,CAAA,CAAA,CAAA;EAmBb,UAAM,aAAkB;AAEpC,CAAA,eAAa,CAAA,CAAA,CAAA;;;;;;KAFD,MAAA,GAAS,CAAA,CAAE,aAAa;cAEvB,yBAAuB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA0CxB,iBAAA,GAAoB,CAAA,CAAE,aAAa;;;;;;;;;;UAW9B,cAAA,SAAuB;;oBAEpB;;eAEL;;;;;;;;;;;UAYE,gBAAA,SAAyB;;oBAEtB;;uBAEG;;;;;;;KAQX,kBAAA,YAA8B,SAAS;;;;;;;AAvOnD;AAYa,cCCA,eDDa,ECCE,cDDF,CAAA,OAAA,UCCE,SDDF,CAAA;EAqBb,WAAA,qBAWX,kBAAA,CAAA;mCC5BD,OAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QDiB2B,KAAA,EAAA,OAAA;QAAA,KAAA,EAAA,OAAA;QAkBP,KAAA,EAAA,OAAkB;QAQ1B,KAAA,EAAA,OAqBX;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MArB4B,IAAA,EAAA,MAAA;IAAA,CAAA,CAAA,CAAA;IA4BlB,KAAA,qBAA6B,mBAAR;IAQpB,SAAA,qBAoBX,iBAAA,CAAA,SAAA,sCAAA,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MApB8B,KAAA,EAAA,OAAA;MAAA,KAAA,EAAA,OAAA;MA2BpB,KAAA,EAAA,OAAa;MAOZ,KAAA,EAYX,OAAA;MAZuB,KAAA,EAAA,OAAA;MAAA,KAAA,EAAA,OAAA;MAAA,KAAA,EAAA,OAAA;MAAA,IAAA,EAAA,MAAA;IAAA,CAAA,CAAA,CAAA,CAAA;IAAA,QAAA,qBAAA,iBAAA,CAAA,SAAA,qCAAA,OAAA,QAAA,CAAA,kBAAA,iBAAA,CAAA,SAAA,qCAAA,OAAA,QAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA;;;IAAA,QAAA,qBAAA,oBAAA;;;;;;;;;;;EAAA,CAAA,sBAAA,mBAAA,CAAA;IAAA,GAAA,kBAAA,CAAA,SAAA,qCAAA,OAAA,gBAAA,CAAA,QAAA,gBAAA,CAAA,CAAA,CAAA,CAAA;IAmBb,UAAM,mBAAK;EAEV,CAAA,sBAgBX,CAAA,CAAA,oBAAA,iBAAA,CAAA,SAAA,qCAAA,OAAA,gBAAA,CAAA,QAAA,gBAAA,CAAA,CAAA,mBAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cCrHW,UAAA;;UAAU,aAAA,CACf;;;;;;wBASgC;;;;;;;;;;;;;;;;;;;;;;;;;kCA4B1B,KAAK,sBAAsB;;;;;;;;gBASzB,2BAA2B;;;;;;;;;;;;;;;;;;;;;uCA6D7B,KAAK,sBAAsB,GAAA,CAAI,eACxC;;;;;;;;qBAQgB,2BAA2B,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;0DAoEpD,mBACR;;;;;;;;;;;;;;;;;;;;;;;;;;;+DAiDQ,mBACR,QAAQ;;;;;;;;;;;;;;;;;;;;;;2CA2C8B,GAAA,CAAI,gBAAgB;;;;;;;;;;ADxU/D;AAYA;AAqBA;;;;;;;;;;;;;;;;;;iBEVgB,iBAAA,SACN,oBACP,oBAAoB,mBAAmB;;;;;;;;;;;;;;AF0B1C;AAQA;;;;;;;;;;;;iBEPgB,iBAAA,eACA,QAAQ,qBACrB,sBAAsB,mBAAmB;;;;;;;AFtD5C;AAYA;AAqBA;;;;;;;;;;;cGpBa,0BAAiB,GAAA,CAAA;;;;;;;;;;;;;;;;;;cAmBjB,uBAAc,GAAA,CAAA;;;AHmB3B;AAQA;;;;;;;;;;;;;;cGRa,0BAAiB,GAAA,CAAA"}
1
+ {"version":3,"file":"index.d.cts","names":[],"sources":["../src/options/jwt-service.options.mts","../src/jwt.service.mts","../src/jwt-service.provider.mts","../src/index.mts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;AAUY,aAAA,WAAA;EAYC;EAqBA,IAAA,GAAA,MAAA;;;;;;;;;cArBA,eAAa,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;cAqBb,iBAAe,CAAA,CAAA;EAAA,GAAA,YAAA,CAAA,UAAA,CAAA;IAAA,KAAA,EAAA,OAAA;IAkBhB,KAAA,EAAA,OAAS;IAQR,KAAA,EAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;KARD,SAAA,GAAY,CAAA,CAAE,aAAa;;;;;;;cAQ1B,mBAAiB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAA,IAAA,EAAA,MAAA;IAAA,CAAA,CAAA,aAAA,CAAA,CAAA;IA4BlB,GAAA,eAAW,YAAkB,CAAA;IAQ5B,GAAA,eAoBX,YAAA,CAAA;;;;;;;;;;;;;;;;;;KA5BU,WAAA,GAAc,CAAA,CAAE,aAAa;;;;;;;cAQ5B,qBAAmB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;EAAA,QAAA,eAAA,aAAA,CAAA;EAAA,MAAA,eAAA,WAAA,CAAA,SAAA,YAAA,YAAA,YAAA,CAAA,CAAA,CAAA,CAAA;EA2BpB,gBAAa,eAAkB,aAAA,CAAA;EAO9B,eAYX,eAAA,aAAA,CAAA;EAZuB,KAAA,eAAA,YAAA,CAAA;EAAA,KAAA,eAAA,YAAA,CAAA;EAAA,OAAA,eAAA,YAAA,CAAA;EAAA,MAAA,eAAA,WAAA,CAAA,SAAA,YAAA,aAAA,CAAA,CAAA,CAAA;EAAA,8BAAA,eAAA,aAAA,CAAA;CAAA,eAAA,CAAA;;;;;;KAPb,aAAA,GAAgB,CAAA,CAAE,aAAa;;;;;;cAO9B,cAAY,CAAA,CAAA,mBAAA,CAAA,CAAA,WAAA,CAAA,CAAA,UAAA,OAAA,kBAAA,OAAA,mBAAA,CAAA,CAAA;;CAAA,eAAA,CAAA,aAAA,CAAA;EAAA,GAAA,YAAA,CAAA,SAAA,YAAA,aAAA,OAAA,gBAAA,CAAA,QAAA,gBAAA,CAAA,CAAA,CAAA,CAAA;EAmBb,UAAM,aAAkB;AAEpC,CAAA,eAAa,CAAA,CAAA,CAAA;;;;;;KAFD,MAAA,GAAS,CAAA,CAAE,aAAa;cAEvB,yBAAuB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA0CxB,iBAAA,GAAoB,CAAA,CAAE,aAAa;;;;;;;;;;UAW9B,cAAA,SAAuB;;oBAEpB;;eAEL;;;;;;;;;;;UAYE,gBAAA,SAAyB;;oBAEtB;;uBAEG;;;;;;;KAQX,kBAAA,YAA8B,SAAS;;;;;;;AAvOnD;AAYa,cCCA,eDDa,ECCE,cDDF,CAAA,OAAA,UCCE,SDDF,CAAA;EAqBb,WAAA,qBAWX,kBAAA,CAAA;mCC5BD,OAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QDiB2B,KAAA,EAAA,OAAA;QAAA,KAAA,EAAA,OAAA;QAkBP,KAAA,EAAA,OAAkB;QAQ1B,KAAA,EAAA,OAqBX;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MArB4B,IAAA,EAAA,MAAA;IAAA,CAAA,CAAA,CAAA;IA4BlB,KAAA,qBAA6B,mBAAR;IAQpB,SAAA,qBAoBX,iBAAA,CAAA,SAAA,sCAAA,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MApB8B,KAAA,EAAA,OAAA;MAAA,KAAA,EAAA,OAAA;MA2BpB,KAAA,EAAA,OAAa;MAOZ,KAAA,EAYX,OAAA;MAZuB,KAAA,EAAA,OAAA;MAAA,KAAA,EAAA,OAAA;MAAA,KAAA,EAAA,OAAA;MAAA,IAAA,EAAA,MAAA;IAAA,CAAA,CAAA,CAAA,CAAA;IAAA,QAAA,qBAAA,iBAAA,CAAA,SAAA,qCAAA,OAAA,QAAA,CAAA,kBAAA,iBAAA,CAAA,SAAA,qCAAA,OAAA,QAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA;;;IAAA,QAAA,qBAAA,oBAAA;;;;;;;;;;;EAAA,CAAA,sBAAA,mBAAA,CAAA;IAAA,GAAA,kBAAA,CAAA,SAAA,qCAAA,OAAA,gBAAA,CAAA,QAAA,gBAAA,CAAA,CAAA,CAAA,CAAA;IAmBb,UAAM,mBAAK;EAEV,CAAA,sBAgBX,CAAA,CAAA,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cCrHW,UAAA;;UAAU,aAAA,CACf;;;;;;wBASgC;;;;;;;;;;;;;;;;;;;;;;;;kCA2B1B,KAAK,sBAAsB;;;;;;;;gBASzB,2BAA2B;;;;;;;;;;;;;;;;;;;uCA6B7B,KAAK,sBAAsB,GAAA,CAAI,eACxC;;;;;;;;qBAQgB,2BAA2B,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;0DAyCpD,mBACR;;;;;;;;;;;;;;;;;;;;;;;;;;+DAiCQ,mBACR,QAAQ;;;;;;;;;;;;;;;;;;;;;;2CA+B8B,GAAA,CAAI,gBAAgB;;;;;;;;;;;;ADhP/D;AAYA;AAqBA;;;;;;;;;;;;;;;;;;iBEVgB,iBAAA,SACN,oBACP,oBAAoB,mBAAmB;;;;;;;;;;;;;;AF0B1C;AAQA;;;;;;;;;;;;iBEPgB,iBAAA,eACA,QAAQ,qBACrB,sBAAsB,mBAAmB;;;;;;;AFtD5C;AAYA;AAqBA;;;;;;;;;;;cGpBa,0BAAiB,GAAA,CAAA;;;;;;;;;;;;;;;;;;cAmBjB,uBAAc,GAAA,CAAA;;;AHmB3B;AAQA;;;;;;;;;;;;;;cGRa,0BAAiB,GAAA,CAAA"}
package/lib/index.d.mts CHANGED
@@ -375,17 +375,12 @@ declare const JwtServiceOptionsSchema: z.ZodObject<{
375
375
  subject: z.ZodOptional<z.ZodString>;
376
376
  maxAge: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
377
377
  allowInvalidAsymmetricKeyTypes: z.ZodOptional<z.ZodBoolean>;
378
- }, z.core.$strip>]>>], null>, z.ZodUnion<readonly [z.ZodUnion<readonly [z.ZodString, z.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>, z.ZodObject<{
378
+ }, z.core.$strip>]>>], null>, z.ZodUnion<readonly [z.ZodString, z.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>, z.ZodObject<{
379
379
  type: z.ZodString;
380
380
  }, z.core.$loose>, z.ZodObject<{
381
381
  key: z.ZodUnion<readonly [z.ZodString, z.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>]>;
382
382
  passphrase: z.ZodString;
383
- }, z.core.$strip>]>, z.ZodPromise<z.ZodUnion<readonly [z.ZodString, z.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>, z.ZodObject<{
384
- type: z.ZodString;
385
- }, z.core.$loose>, z.ZodObject<{
386
- key: z.ZodUnion<readonly [z.ZodString, z.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>]>;
387
- passphrase: z.ZodString;
388
- }, z.core.$strip>]>>]>>>;
383
+ }, z.core.$strip>]>>>;
389
384
  }, z.core.$strip>;
390
385
  /**
391
386
  * Configuration options for the JWT service.
@@ -630,17 +625,12 @@ declare const JwtServiceToken: InjectionToken<unknown, zod_v40.ZodObject<{
630
625
  subject: zod_v40.ZodOptional<zod_v40.ZodString>;
631
626
  maxAge: zod_v40.ZodOptional<zod_v40.ZodUnion<readonly [zod_v40.ZodString, zod_v40.ZodNumber]>>;
632
627
  allowInvalidAsymmetricKeyTypes: zod_v40.ZodOptional<zod_v40.ZodBoolean>;
633
- }, zod_v4_core0.$strip>]>>], null>, zod_v40.ZodUnion<readonly [zod_v40.ZodUnion<readonly [zod_v40.ZodString, zod_v40.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>, zod_v40.ZodObject<{
634
- type: zod_v40.ZodString;
635
- }, zod_v4_core0.$loose>, zod_v40.ZodObject<{
636
- key: zod_v40.ZodUnion<readonly [zod_v40.ZodString, zod_v40.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>]>;
637
- passphrase: zod_v40.ZodString;
638
- }, zod_v4_core0.$strip>]>, zod_v40.ZodPromise<zod_v40.ZodUnion<readonly [zod_v40.ZodString, zod_v40.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>, zod_v40.ZodObject<{
628
+ }, zod_v4_core0.$strip>]>>], null>, zod_v40.ZodUnion<readonly [zod_v40.ZodString, zod_v40.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>, zod_v40.ZodObject<{
639
629
  type: zod_v40.ZodString;
640
630
  }, zod_v4_core0.$loose>, zod_v40.ZodObject<{
641
631
  key: zod_v40.ZodUnion<readonly [zod_v40.ZodString, zod_v40.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>]>;
642
632
  passphrase: zod_v40.ZodString;
643
- }, zod_v4_core0.$strip>]>>]>>>;
633
+ }, zod_v4_core0.$strip>]>>>;
644
634
  }, zod_v4_core0.$strip>, true>;
645
635
  /**
646
636
  * Service for signing, verifying, and decoding JSON Web Tokens (JWTs).
@@ -688,7 +678,6 @@ declare class JwtService {
688
678
  * @param payload - The payload to sign. Can be a string, Buffer, or object.
689
679
  * @param options - Signing options. When payload is a string, only `secret` and `privateKey` are allowed.
690
680
  * @returns The signed JWT token as a string
691
- * @throws {Error} If `secretOrKeyProvider` returns a Promise (use `signAsync` instead)
692
681
  * @throws {Error} If payload is a string and invalid options are provided
693
682
  *
694
683
  * @example
@@ -715,8 +704,7 @@ declare class JwtService {
715
704
  /**
716
705
  * Signs a JWT payload asynchronously.
717
706
  *
718
- * Use this method when `secretOrKeyProvider` returns a Promise or when you need
719
- * to handle async key resolution. Supports the same payload types and options as `sign()`.
707
+ * Supports the same payload types and options as `sign()`.
720
708
  *
721
709
  * @param payload - The payload to sign. Can be a string, Buffer, or object.
722
710
  * @param options - Signing options. When payload is a string, only `secret` and `privateKey` are allowed.
@@ -725,7 +713,6 @@ declare class JwtService {
725
713
  *
726
714
  * @example
727
715
  * ```ts
728
- * // Sign with async key provider
729
716
  * const token = await jwtService.signAsync(
730
717
  * { userId: '123' },
731
718
  * { expiresIn: '1h' }
@@ -754,7 +741,6 @@ declare class JwtService {
754
741
  * @throws {TokenExpiredError} If the token has expired
755
742
  * @throws {NotBeforeError} If the token is not yet valid (nbf claim)
756
743
  * @throws {JsonWebTokenError} If the token is invalid or malformed
757
- * @throws {Error} If `secretOrKeyProvider` returns a Promise (use `verifyAsync` instead)
758
744
  *
759
745
  * @example
760
746
  * ```ts
@@ -772,8 +758,7 @@ declare class JwtService {
772
758
  /**
773
759
  * Verifies and decodes a JWT token asynchronously.
774
760
  *
775
- * Use this method when `secretOrKeyProvider` returns a Promise or when you need
776
- * to handle async key resolution. Provides the same validation as `verify()`.
761
+ * Provides the same validation as `verify()`.
777
762
  *
778
763
  * @template T - The expected type of the decoded payload
779
764
  * @param token - The JWT token string to verify
@@ -818,6 +803,8 @@ declare class JwtService {
818
803
  * ```
819
804
  */
820
805
  decode<T = any>(token: string, options?: jwt.DecodeOptions): T;
806
+ private prepareSign;
807
+ private prepareVerify;
821
808
  private mergeJwtOptions;
822
809
  private getSecretKey;
823
810
  }
package/lib/index.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.mts","names":[],"sources":["../src/options/jwt-service.options.mts","../src/jwt.service.mts","../src/jwt-service.provider.mts","../src/index.mts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;AAUY,aAAA,WAAA;EAYC;EAqBA,IAAA,GAAA,MAAA;;;;;;;;;cArBA,eAAa,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;cAqBb,iBAAe,CAAA,CAAA;EAAA,GAAA,YAAA,CAAA,UAAA,CAAA;IAAA,KAAA,EAAA,OAAA;IAkBhB,KAAA,EAAA,OAAS;IAQR,KAAA,EAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;KARD,SAAA,GAAY,CAAA,CAAE,aAAa;;;;;;;cAQ1B,mBAAiB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAA,IAAA,EAAA,MAAA;IAAA,CAAA,CAAA,aAAA,CAAA,CAAA;IA4BlB,GAAA,eAAW,YAAkB,CAAA;IAQ5B,GAAA,eAoBX,YAAA,CAAA;;;;;;;;;;;;;;;;;;KA5BU,WAAA,GAAc,CAAA,CAAE,aAAa;;;;;;;cAQ5B,qBAAmB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;EAAA,QAAA,eAAA,aAAA,CAAA;EAAA,MAAA,eAAA,WAAA,CAAA,SAAA,YAAA,YAAA,YAAA,CAAA,CAAA,CAAA,CAAA;EA2BpB,gBAAa,eAAkB,aAAA,CAAA;EAO9B,eAYX,eAAA,aAAA,CAAA;EAZuB,KAAA,eAAA,YAAA,CAAA;EAAA,KAAA,eAAA,YAAA,CAAA;EAAA,OAAA,eAAA,YAAA,CAAA;EAAA,MAAA,eAAA,WAAA,CAAA,SAAA,YAAA,aAAA,CAAA,CAAA,CAAA;EAAA,8BAAA,eAAA,aAAA,CAAA;CAAA,eAAA,CAAA;;;;;;KAPb,aAAA,GAAgB,CAAA,CAAE,aAAa;;;;;;cAO9B,cAAY,CAAA,CAAA,mBAAA,CAAA,CAAA,WAAA,CAAA,CAAA,UAAA,OAAA,kBAAA,OAAA,mBAAA,CAAA,CAAA;;CAAA,eAAA,CAAA,aAAA,CAAA;EAAA,GAAA,YAAA,CAAA,SAAA,YAAA,aAAA,OAAA,gBAAA,CAAA,QAAA,gBAAA,CAAA,CAAA,CAAA,CAAA;EAmBb,UAAM,aAAkB;AAEpC,CAAA,eAAa,CAAA,CAAA,CAAA;;;;;;KAFD,MAAA,GAAS,CAAA,CAAE,aAAa;cAEvB,yBAAuB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA0CxB,iBAAA,GAAoB,CAAA,CAAE,aAAa;;;;;;;;;;UAW9B,cAAA,SAAuB;;oBAEpB;;eAEL;;;;;;;;;;;UAYE,gBAAA,SAAyB;;oBAEtB;;uBAEG;;;;;;;KAQX,kBAAA,YAA8B,SAAS;;;;;;;AAvOnD;AAYa,cCCA,eDDa,ECCE,cDDF,CAAA,OAAA,UCCE,SDDF,CAAA;EAqBb,WAAA,qBAWX,kBAAA,CAAA;mCC5BD,OAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QDiB2B,KAAA,EAAA,OAAA;QAAA,KAAA,EAAA,OAAA;QAkBP,KAAA,EAAA,OAAkB;QAQ1B,KAAA,EAAA,OAqBX;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MArB4B,IAAA,EAAA,MAAA;IAAA,CAAA,CAAA,CAAA;IA4BlB,KAAA,qBAA6B,mBAAR;IAQpB,SAAA,qBAoBX,iBAAA,CAAA,SAAA,sCAAA,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MApB8B,KAAA,EAAA,OAAA;MAAA,KAAA,EAAA,OAAA;MA2BpB,KAAA,EAAA,OAAa;MAOZ,KAAA,EAYX,OAAA;MAZuB,KAAA,EAAA,OAAA;MAAA,KAAA,EAAA,OAAA;MAAA,KAAA,EAAA,OAAA;MAAA,IAAA,EAAA,MAAA;IAAA,CAAA,CAAA,CAAA,CAAA;IAAA,QAAA,qBAAA,iBAAA,CAAA,SAAA,qCAAA,OAAA,QAAA,CAAA,kBAAA,iBAAA,CAAA,SAAA,qCAAA,OAAA,QAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA;;;IAAA,QAAA,qBAAA,oBAAA;;;;;;;;;;;EAAA,CAAA,sBAAA,mBAAA,CAAA;IAAA,GAAA,kBAAA,CAAA,SAAA,qCAAA,OAAA,gBAAA,CAAA,QAAA,gBAAA,CAAA,CAAA,CAAA,CAAA;IAmBb,UAAM,mBAAK;EAEV,CAAA,sBAgBX,CAAA,CAAA,oBAAA,iBAAA,CAAA,SAAA,qCAAA,OAAA,gBAAA,CAAA,QAAA,gBAAA,CAAA,CAAA,mBAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cCrHW,UAAA;;UAAU,aAAA,CACf;;;;;;wBASgC;;;;;;;;;;;;;;;;;;;;;;;;;kCA4B1B,KAAK,sBAAsB;;;;;;;;gBASzB,2BAA2B;;;;;;;;;;;;;;;;;;;;;uCA6D7B,KAAK,sBAAsB,GAAA,CAAI,eACxC;;;;;;;;qBAQgB,2BAA2B,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;0DAoEpD,mBACR;;;;;;;;;;;;;;;;;;;;;;;;;;;+DAiDQ,mBACR,QAAQ;;;;;;;;;;;;;;;;;;;;;;2CA2C8B,GAAA,CAAI,gBAAgB;;;;;;;;;;ADxU/D;AAYA;AAqBA;;;;;;;;;;;;;;;;;;iBEVgB,iBAAA,SACN,oBACP,oBAAoB,mBAAmB;;;;;;;;;;;;;;AF0B1C;AAQA;;;;;;;;;;;;iBEPgB,iBAAA,eACA,QAAQ,qBACrB,sBAAsB,mBAAmB;;;;;;;AFtD5C;AAYA;AAqBA;;;;;;;;;;;cGpBa,0BAAiB,GAAA,CAAA;;;;;;;;;;;;;;;;;;cAmBjB,uBAAc,GAAA,CAAA;;;AHmB3B;AAQA;;;;;;;;;;;;;;cGRa,0BAAiB,GAAA,CAAA"}
1
+ {"version":3,"file":"index.d.mts","names":[],"sources":["../src/options/jwt-service.options.mts","../src/jwt.service.mts","../src/jwt-service.provider.mts","../src/index.mts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;AAUY,aAAA,WAAA;EAYC;EAqBA,IAAA,GAAA,MAAA;;;;;;;;;cArBA,eAAa,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;cAqBb,iBAAe,CAAA,CAAA;EAAA,GAAA,YAAA,CAAA,UAAA,CAAA;IAAA,KAAA,EAAA,OAAA;IAkBhB,KAAA,EAAA,OAAS;IAQR,KAAA,EAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;KARD,SAAA,GAAY,CAAA,CAAE,aAAa;;;;;;;cAQ1B,mBAAiB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAA,IAAA,EAAA,MAAA;IAAA,CAAA,CAAA,aAAA,CAAA,CAAA;IA4BlB,GAAA,eAAW,YAAkB,CAAA;IAQ5B,GAAA,eAoBX,YAAA,CAAA;;;;;;;;;;;;;;;;;;KA5BU,WAAA,GAAc,CAAA,CAAE,aAAa;;;;;;;cAQ5B,qBAAmB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;EAAA,QAAA,eAAA,aAAA,CAAA;EAAA,MAAA,eAAA,WAAA,CAAA,SAAA,YAAA,YAAA,YAAA,CAAA,CAAA,CAAA,CAAA;EA2BpB,gBAAa,eAAkB,aAAA,CAAA;EAO9B,eAYX,eAAA,aAAA,CAAA;EAZuB,KAAA,eAAA,YAAA,CAAA;EAAA,KAAA,eAAA,YAAA,CAAA;EAAA,OAAA,eAAA,YAAA,CAAA;EAAA,MAAA,eAAA,WAAA,CAAA,SAAA,YAAA,aAAA,CAAA,CAAA,CAAA;EAAA,8BAAA,eAAA,aAAA,CAAA;CAAA,eAAA,CAAA;;;;;;KAPb,aAAA,GAAgB,CAAA,CAAE,aAAa;;;;;;cAO9B,cAAY,CAAA,CAAA,mBAAA,CAAA,CAAA,WAAA,CAAA,CAAA,UAAA,OAAA,kBAAA,OAAA,mBAAA,CAAA,CAAA;;CAAA,eAAA,CAAA,aAAA,CAAA;EAAA,GAAA,YAAA,CAAA,SAAA,YAAA,aAAA,OAAA,gBAAA,CAAA,QAAA,gBAAA,CAAA,CAAA,CAAA,CAAA;EAmBb,UAAM,aAAkB;AAEpC,CAAA,eAAa,CAAA,CAAA,CAAA;;;;;;KAFD,MAAA,GAAS,CAAA,CAAE,aAAa;cAEvB,yBAAuB,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA0CxB,iBAAA,GAAoB,CAAA,CAAE,aAAa;;;;;;;;;;UAW9B,cAAA,SAAuB;;oBAEpB;;eAEL;;;;;;;;;;;UAYE,gBAAA,SAAyB;;oBAEtB;;uBAEG;;;;;;;KAQX,kBAAA,YAA8B,SAAS;;;;;;;AAvOnD;AAYa,cCCA,eDDa,ECCE,cDDF,CAAA,OAAA,UCCE,SDDF,CAAA;EAqBb,WAAA,qBAWX,kBAAA,CAAA;mCC5BD,OAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QDiB2B,KAAA,EAAA,OAAA;QAAA,KAAA,EAAA,OAAA;QAkBP,KAAA,EAAA,OAAkB;QAQ1B,KAAA,EAAA,OAqBX;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MArB4B,IAAA,EAAA,MAAA;IAAA,CAAA,CAAA,CAAA;IA4BlB,KAAA,qBAA6B,mBAAR;IAQpB,SAAA,qBAoBX,iBAAA,CAAA,SAAA,sCAAA,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MApB8B,KAAA,EAAA,OAAA;MAAA,KAAA,EAAA,OAAA;MA2BpB,KAAA,EAAA,OAAa;MAOZ,KAAA,EAYX,OAAA;MAZuB,KAAA,EAAA,OAAA;MAAA,KAAA,EAAA,OAAA;MAAA,KAAA,EAAA,OAAA;MAAA,IAAA,EAAA,MAAA;IAAA,CAAA,CAAA,CAAA,CAAA;IAAA,QAAA,qBAAA,iBAAA,CAAA,SAAA,qCAAA,OAAA,QAAA,CAAA,kBAAA,iBAAA,CAAA,SAAA,qCAAA,OAAA,QAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA;;;IAAA,QAAA,qBAAA,oBAAA;;;;;;;;;;;EAAA,CAAA,sBAAA,mBAAA,CAAA;IAAA,GAAA,kBAAA,CAAA,SAAA,qCAAA,OAAA,gBAAA,CAAA,QAAA,gBAAA,CAAA,CAAA,CAAA,CAAA;IAmBb,UAAM,mBAAK;EAEV,CAAA,sBAgBX,CAAA,CAAA,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cCrHW,UAAA;;UAAU,aAAA,CACf;;;;;;wBASgC;;;;;;;;;;;;;;;;;;;;;;;;kCA2B1B,KAAK,sBAAsB;;;;;;;;gBASzB,2BAA2B;;;;;;;;;;;;;;;;;;;uCA6B7B,KAAK,sBAAsB,GAAA,CAAI,eACxC;;;;;;;;qBAQgB,2BAA2B,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;0DAyCpD,mBACR;;;;;;;;;;;;;;;;;;;;;;;;;;+DAiCQ,mBACR,QAAQ;;;;;;;;;;;;;;;;;;;;;;2CA+B8B,GAAA,CAAI,gBAAgB;;;;;;;;;;;;ADhP/D;AAYA;AAqBA;;;;;;;;;;;;;;;;;;iBEVgB,iBAAA,SACN,oBACP,oBAAoB,mBAAmB;;;;;;;;;;;;;;AF0B1C;AAQA;;;;;;;;;;;;iBEPgB,iBAAA,eACA,QAAQ,qBACrB,sBAAsB,mBAAmB;;;;;;;AFtD5C;AAYA;AAqBA;;;;;;;;;;;cGpBa,0BAAiB,GAAA,CAAA;;;;;;;;;;;;;;;;;;cAmBjB,uBAAc,GAAA,CAAA;;;AHmB3B;AAQA;;;;;;;;;;;;;;cGRa,0BAAiB,GAAA,CAAA"}
package/lib/index.mjs CHANGED
@@ -122,7 +122,7 @@ const JwtServiceOptionsSchema = z.object({
122
122
  z.any(),
123
123
  z.union([SignOptionsSchema, VerifyOptionsSchema]).optional()
124
124
  ],
125
- output: z.union([SecretSchema, z.promise(SecretSchema)])
125
+ output: SecretSchema
126
126
  }).optional()
127
127
  });
128
128
 
@@ -427,27 +427,14 @@ var JwtService = class {
427
427
  }
428
428
  logger = inject(Logger, { context: _JwtService.name });
429
429
  sign(payload, options = {}) {
430
- const signOptions = this.mergeJwtOptions({ ...options }, "signOptions");
431
- const secret = this.getSecretKey(payload, options, "privateKey", RequestType.Sign);
432
- if (secret instanceof Promise) {
433
- secret.catch(() => {});
434
- this.logger.warn("For async version of \"secretOrKeyProvider\", please use \"signAsync\".");
435
- throw new Error();
436
- }
437
- const allowedSignOptKeys = ["secret", "privateKey"];
438
- const signOptKeys = Object.keys(signOptions);
439
- if (typeof payload === "string" && signOptKeys.some((k) => !allowedSignOptKeys.includes(k))) throw new Error("Payload as string is not allowed with the following sign options: " + signOptKeys.join(", "));
430
+ const { signOptions, secret } = this.prepareSign(payload, options);
440
431
  return jwt.sign(payload, secret, signOptions);
441
432
  }
442
433
  signAsync(payload, options = {}) {
443
- const signOptions = this.mergeJwtOptions({ ...options }, "signOptions");
444
- const secret = this.getSecretKey(payload, options, "privateKey", RequestType.Sign);
445
- const allowedSignOptKeys = ["secret", "privateKey"];
446
- const signOptKeys = Object.keys(signOptions);
447
- if (typeof payload === "string" && signOptKeys.some((k) => !allowedSignOptKeys.includes(k))) throw new Error("Payload as string is not allowed with the following sign options: " + signOptKeys.join(", "));
448
- return new Promise((resolve, reject) => Promise.resolve().then(() => secret).then((scrt) => {
449
- jwt.sign(payload, scrt, signOptions, (err, encoded) => err ? reject(err) : resolve(encoded));
450
- }));
434
+ const { signOptions, secret } = this.prepareSign(payload, options);
435
+ return new Promise((resolve, reject) => {
436
+ jwt.sign(payload, secret, signOptions, (err, encoded) => err ? reject(err) : resolve(encoded));
437
+ });
451
438
  }
452
439
  /**
453
440
  * Verifies and decodes a JWT token synchronously.
@@ -462,7 +449,6 @@ var JwtService = class {
462
449
  * @throws {TokenExpiredError} If the token has expired
463
450
  * @throws {NotBeforeError} If the token is not yet valid (nbf claim)
464
451
  * @throws {JsonWebTokenError} If the token is invalid or malformed
465
- * @throws {Error} If `secretOrKeyProvider` returns a Promise (use `verifyAsync` instead)
466
452
  *
467
453
  * @example
468
454
  * ```ts
@@ -476,20 +462,13 @@ var JwtService = class {
476
462
  * }
477
463
  * ```
478
464
  */ verify(token, options = {}) {
479
- const verifyOptions = this.mergeJwtOptions({ ...options }, "verifyOptions");
480
- const secret = this.getSecretKey(token, options, "publicKey", RequestType.Verify);
481
- if (secret instanceof Promise) {
482
- secret.catch(() => {});
483
- this.logger.warn("For async version of \"secretOrKeyProvider\", please use \"verifyAsync\".");
484
- throw new Error();
485
- }
465
+ const { verifyOptions, secret } = this.prepareVerify(token, options);
486
466
  return jwt.verify(token, secret, verifyOptions);
487
467
  }
488
468
  /**
489
469
  * Verifies and decodes a JWT token asynchronously.
490
470
  *
491
- * Use this method when `secretOrKeyProvider` returns a Promise or when you need
492
- * to handle async key resolution. Provides the same validation as `verify()`.
471
+ * Provides the same validation as `verify()`.
493
472
  *
494
473
  * @template T - The expected type of the decoded payload
495
474
  * @param token - The JWT token string to verify
@@ -511,11 +490,10 @@ var JwtService = class {
511
490
  * }
512
491
  * ```
513
492
  */ verifyAsync(token, options = {}) {
514
- const verifyOptions = this.mergeJwtOptions({ ...options }, "verifyOptions");
515
- const secret = this.getSecretKey(token, options, "publicKey", RequestType.Verify);
516
- return new Promise((resolve, reject) => Promise.resolve().then(() => secret).then((scrt) => {
517
- jwt.verify(token, scrt, verifyOptions, (err, decoded) => err ? reject(err) : resolve(decoded));
518
- }).catch(reject));
493
+ const { verifyOptions, secret } = this.prepareVerify(token, options);
494
+ return new Promise((resolve, reject) => {
495
+ jwt.verify(token, secret, verifyOptions, (err, decoded) => err ? reject(err) : resolve(decoded));
496
+ });
519
497
  }
520
498
  /**
521
499
  * Decodes a JWT token without verification.
@@ -540,6 +518,23 @@ var JwtService = class {
540
518
  */ decode(token, options) {
541
519
  return jwt.decode(token, options);
542
520
  }
521
+ prepareSign(payload, options) {
522
+ const signOptions = this.mergeJwtOptions({ ...options }, "signOptions");
523
+ const secret = this.getSecretKey(payload, options, "privateKey", RequestType.Sign);
524
+ const allowedSignOptKeys = ["secret", "privateKey"];
525
+ const signOptKeys = Object.keys(signOptions);
526
+ if (typeof payload === "string" && signOptKeys.some((k) => !allowedSignOptKeys.includes(k))) throw new Error("Payload as string is not allowed with the following sign options: " + signOptKeys.join(", "));
527
+ return {
528
+ signOptions,
529
+ secret
530
+ };
531
+ }
532
+ prepareVerify(token, options) {
533
+ return {
534
+ verifyOptions: this.mergeJwtOptions({ ...options }, "verifyOptions"),
535
+ secret: this.getSecretKey(token, options, "publicKey", RequestType.Verify)
536
+ };
537
+ }
543
538
  mergeJwtOptions(options, key) {
544
539
  delete options.secret;
545
540
  if (key === "signOptions") delete options.privateKey;