@nestjs-kitchen/authz 1.0.0

package/dist/jwt/jwt-authz.module.js

@@ -0,0 +1,244 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+var jwt_authz_module_exports = {};
+__export(jwt_authz_module_exports, {
+  createJwtAuthzModule: () => createJwtAuthzModule
+});
+module.exports = __toCommonJS(jwt_authz_module_exports);
+var import_node_async_hooks = require("node:async_hooks");
+var import_common = require("@nestjs/common");
+var import_uid = require("uid");
+var import_constants = require("../constants");
+var import_errors = require("../errors");
+var import_utils = require("../utils");
+var import_jwt_authz_als = require("./jwt-authz-als.middleware");
+var import_jwt_authz = require("./jwt-authz.guard");
+var import_jwt_authz2 = require("./jwt-authz.interface");
+var import_jwt_authz3 = require("./jwt-authz.service");
+var import_jwt_authz4 = require("./jwt-authz.strategy");
+function _ts_decorate(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+__name(_ts_decorate, "_ts_decorate");
+function _ts_metadata(k, v) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+__name(_ts_metadata, "_ts_metadata");
+function _ts_param(paramIndex, decorator) {
+  return function(target, key) {
+    decorator(target, key, paramIndex);
+  };
+}
+__name(_ts_param, "_ts_param");
+const store = {
+  globalInited: 0
+};
+const { ConfigurableModuleClass, MODULE_OPTIONS_TOKEN, ASYNC_OPTIONS_TYPE, OPTIONS_TYPE } = new import_common.ConfigurableModuleBuilder({
+  moduleName: "JwtAuthModule"
+}).setFactoryMethodName("createJwtAuthzModuleOptions").setExtras({
+  authzProvider: void 0,
+  global: false
+}, (definition, extras) => {
+  const { authzProvider, global } = extras;
+  if (!authzProvider) {
+    throw new import_errors.AuthzError(`InternalError: Missing parameter 'authzProvider' in configuration.`);
+  }
+  const routes = (0, import_utils.normalizedArray)(extras.routes) ?? [];
+  const excludes = (0, import_utils.normalizedArray)(extras.excludes) ?? [];
+  if (!global && !routes.length) {
+    throw new import_errors.AuthzError(`InternalError: Missing parameter 'global' or 'routes' in configuration.`);
+  }
+  if (store.globalInited) {
+    throw new import_errors.AuthzError(`InternalError: Cannot initialize mutiple global modules. Only one global module is allowed.`);
+  }
+  if (global) {
+    store.globalInited += 1;
+  }
+  return (0, import_utils.mergeDynamicModuleConfigs)(definition, {
+    global,
+    providers: [
+      {
+        provide: import_constants.ROUTES_OPTIONS,
+        useValue: {
+          global,
+          excludes,
+          routes
+        }
+      }
+    ],
+    exports: []
+  });
+}).build();
+const createJwtAuthzModule = /* @__PURE__ */ __name((authzProvider) => {
+  var _a;
+  const id = `${import_constants.PREFIX}${(0, import_uid.uid)()}`;
+  const JWT_STRATEGY = `${id}_JWT_STRATEGY`;
+  const JWT_REFRESH_STRATEGY = `${id}_REFRESH_STRATEGY`;
+  const AUTHZ_PROVIDER = `${id}_AUTHZ_PROVIDER`;
+  const ALS_PROVIDER = `${id}_ALS_PROVIDER`;
+  const JWT_AUTHZ_OPTIONS = `${id}_JWT_AUTHZ_OPTIONS`;
+  const JWT_META_KEY = `${id}_JWT_META_KEY`;
+  const JWT_REFRESH_META_KEY = `${id}_REFRESH_META_KEY`;
+  const JwtAuthzService = (0, import_jwt_authz3.createJwtAuthzService)([
+    AUTHZ_PROVIDER,
+    JWT_AUTHZ_OPTIONS,
+    ALS_PROVIDER
+  ]);
+  const JwtAuthzAlsMiddleware = (0, import_jwt_authz_als.createJwtAuthzAlsMiddleware)([
+    ALS_PROVIDER,
+    JWT_AUTHZ_OPTIONS
+  ]);
+  const als = new import_node_async_hooks.AsyncLocalStorage();
+  const JwtStrategy = (0, import_jwt_authz4.createJwtStrategy)([
+    JWT_STRATEGY,
+    AUTHZ_PROVIDER,
+    ALS_PROVIDER
+  ]);
+  const RefreshStrategy = (0, import_jwt_authz4.createRefreshStrategy)([
+    JWT_REFRESH_STRATEGY,
+    AUTHZ_PROVIDER,
+    ALS_PROVIDER
+  ]);
+  let isStrategyInited = false;
+  const RefreshAuthzGuard = (0, import_jwt_authz.createJwtRefreshAuthzGuard)([
+    JWT_REFRESH_STRATEGY,
+    JWT_AUTHZ_OPTIONS
+  ]);
+  const JwtAuthzGuard = (0, import_jwt_authz.createJwtAuthzGuard)([
+    JWT_STRATEGY,
+    AUTHZ_PROVIDER,
+    JWT_AUTHZ_OPTIONS,
+    ALS_PROVIDER,
+    JWT_META_KEY,
+    JWT_REFRESH_META_KEY
+  ]);
+  const Verify = (0, import_utils.createAuthzDecoratorFactory)(JWT_META_KEY);
+  const NoVerify = /* @__PURE__ */ __name(() => {
+    return (0, import_common.SetMetadata)(JWT_META_KEY, {
+      options: {
+        public: true,
+        override: true
+      }
+    });
+  }, "NoVerify");
+  const Refresh = /* @__PURE__ */ __name(() => {
+    return (0, import_common.applyDecorators)(JwtAuthzGuard.NoVerify(), (0, import_common.SetMetadata)(JWT_REFRESH_META_KEY, true), (0, import_common.UseGuards)(RefreshAuthzGuard));
+  }, "Refresh");
+  const Apply = /* @__PURE__ */ __name((...rest) => {
+    return (0, import_common.applyDecorators)(JwtAuthzGuard.Verify(...rest), (0, import_common.UseGuards)(JwtAuthzGuard));
+  }, "Apply");
+  JwtAuthzGuard.Verify = Verify;
+  JwtAuthzGuard.NoVerify = NoVerify;
+  JwtAuthzGuard.Refresh = Refresh;
+  JwtAuthzGuard.Apply = Apply;
+  const getCommonConfigs = /* @__PURE__ */ __name(() => {
+    const configs = {
+      providers: [
+        {
+          provide: AUTHZ_PROVIDER,
+          useClass: authzProvider
+        },
+        {
+          provide: ALS_PROVIDER,
+          useValue: als
+        },
+        ...!isStrategyInited ? [
+          JwtStrategy,
+          RefreshStrategy
+        ] : [],
+        JwtAuthzService
+      ],
+      exports: [
+        AUTHZ_PROVIDER,
+        ALS_PROVIDER,
+        JWT_AUTHZ_OPTIONS,
+        JwtAuthzService
+      ]
+    };
+    isStrategyInited = true;
+    return configs;
+  }, "getCommonConfigs");
+  let JwtAuthzModule = (_a = class extends ConfigurableModuleClass {
+    constructor(routesOpt) {
+      super();
+      __publicField(this, "routesOpt");
+      this.routesOpt = routesOpt;
+    }
+    static register(options) {
+      const jwtAuthzOptions = (0, import_jwt_authz2.normalizedJwtAuthzModuleOptions)(options);
+      return (0, import_utils.mergeDynamicModuleConfigs)(super.register({
+        ...options,
+        authzProvider
+      }), getCommonConfigs(), {
+        providers: [
+          {
+            provide: JWT_AUTHZ_OPTIONS,
+            useValue: jwtAuthzOptions
+          }
+        ]
+      });
+    }
+    static registerAsync(options) {
+      return (0, import_utils.mergeDynamicModuleConfigs)(super.registerAsync({
+        ...options,
+        authzProvider
+      }), getCommonConfigs(), {
+        providers: [
+          {
+            provide: JWT_AUTHZ_OPTIONS,
+            useFactory: /* @__PURE__ */ __name((moduleOptions) => {
+              const jwtAuthzOptions = (0, import_jwt_authz2.normalizedJwtAuthzModuleOptions)(moduleOptions);
+              return jwtAuthzOptions;
+            }, "useFactory"),
+            inject: [
+              MODULE_OPTIONS_TOKEN
+            ]
+          }
+        ]
+      });
+    }
+    configure(consumer) {
+      consumer.apply(JwtAuthzAlsMiddleware).exclude(...this.routesOpt.excludes).forRoutes(...this.routesOpt.global ? [
+        "*"
+      ] : this.routesOpt.routes);
+    }
+  }, __name(_a, "JwtAuthzModule"), _a);
+  JwtAuthzModule = _ts_decorate([
+    (0, import_common.Module)({}),
+    _ts_param(0, (0, import_common.Inject)(import_constants.ROUTES_OPTIONS)),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+      typeof RoutesOptions === "undefined" ? Object : RoutesOptions
+    ])
+  ], JwtAuthzModule);
+  return {
+    AuthzModule: JwtAuthzModule,
+    AuthzGuard: JwtAuthzGuard,
+    AuthzService: JwtAuthzService
+  };
+}, "createJwtAuthzModule");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createJwtAuthzModule
+});

package/dist/jwt/jwt-authz.service.d.ts

@@ -0,0 +1,33 @@
+import * as _nestjs_common from '@nestjs/common';
+import { AuthzProviderClass } from '../authz.provider.js';
+import { CookieOptionsWithSecret } from '../utils/types.js';
+import { AsyncLocalStorage } from 'node:async_hooks';
+import { JwtAlsType } from './jwt-authz-als.middleware.js';
+import { JwtAuthzOptions } from './jwt-authz.interface.js';
+import '@nestjs/common/interfaces';
+import 'express';
+import '../constants.js';
+import 'crypto';
+import 'jsonwebtoken';
+import './extract-jwt.js';
+import 'cookie';
+
+declare const createJwtAuthzService: <P = unknown, U = unknown>([AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER]: [any, any, any]) => _nestjs_common.Type<Omit<{
+    readonly authzProvider: AuthzProviderClass<P, U>;
+    readonly jwtAuthzOptions: JwtAuthzOptions;
+    readonly als: AsyncLocalStorage<JwtAlsType<U>>;
+    logIn(user: U): Promise<{
+        token: string;
+        refresh: string;
+    } | {
+        token: string;
+        refresh?: undefined;
+    }>;
+    refresh(user?: U): Promise<{
+        token: string;
+    } | undefined>;
+    setCookie(name: string, value: string, options?: CookieOptionsWithSecret | undefined): void;
+    getUser(): U | undefined;
+}, "als" | "jwtAuthzOptions" | "authzProvider">>;
+
+export { createJwtAuthzService };

package/dist/jwt/jwt-authz.service.js

@@ -0,0 +1,144 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+var jwt_authz_service_exports = {};
+__export(jwt_authz_service_exports, {
+  createJwtAuthzService: () => createJwtAuthzService
+});
+module.exports = __toCommonJS(jwt_authz_service_exports);
+var import_node_async_hooks = require("node:async_hooks");
+var import_common = require("@nestjs/common");
+var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
+var import_authz = require("../authz.provider");
+var import_constants = require("../constants");
+var import_errors = require("../errors");
+var import_utils = require("../utils");
+function _ts_decorate(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+__name(_ts_decorate, "_ts_decorate");
+function _ts_metadata(k, v) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+__name(_ts_metadata, "_ts_metadata");
+function _ts_param(paramIndex, decorator) {
+  return function(target, key) {
+    decorator(target, key, paramIndex);
+  };
+}
+__name(_ts_param, "_ts_param");
+const createJwtAuthzService = /* @__PURE__ */ __name(([AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER]) => {
+  var _a;
+  let JwtAuthzService = (_a = class {
+    constructor(authzProvider, jwtAuthzOptions, als) {
+      __publicField(this, "authzProvider");
+      __publicField(this, "jwtAuthzOptions");
+      __publicField(this, "als");
+      this.authzProvider = authzProvider;
+      this.jwtAuthzOptions = jwtAuthzOptions;
+      this.als = als;
+      if (typeof this.authzProvider.createPayload !== "function") {
+        throw new import_errors.AuthzError(`InternalError: Method 'createPayload' from abstract class 'AuthzProvider' must be implemented.`);
+      }
+      if (!jwtAuthzOptions.jwt?.sign) {
+        throw new import_errors.AuthzError(`InternalError: Missing JWT sign options.`);
+      }
+      if (this.jwtAuthzOptions.refresh && !this.jwtAuthzOptions.refresh.sign) {
+        throw new import_errors.AuthzError(`InternalError: Missing Refresh sign options.`);
+      }
+    }
+    async logIn(user) {
+      const payload = await this.authzProvider.createPayload(user);
+      const token = import_jsonwebtoken.default.sign(payload, this.jwtAuthzOptions.jwt.secretOrPrivateKey, this.jwtAuthzOptions.jwt.sign);
+      if (this.jwtAuthzOptions.refresh) {
+        const refresh = import_jsonwebtoken.default.sign({
+          data: (0, import_utils.encodeMsgpackrString)(payload)
+        }, this.jwtAuthzOptions.refresh.secretOrPrivateKey, this.jwtAuthzOptions.refresh.sign);
+        return {
+          token,
+          refresh
+        };
+      }
+      return {
+        token
+      };
+    }
+    async refresh(user) {
+      if (!this.jwtAuthzOptions.refresh) {
+        console.warn(`'refresh' method can only be called when configured in module options.`);
+        return void 0;
+      }
+      let userParams = user;
+      if (!user) {
+        const store = (0, import_utils.getAlsStore)(this.als);
+        if (store.jwtVerifiedBy !== import_constants.JwtValidationType.REFRESH) {
+          throw new import_errors.AuthzError(`InvocationError: Calling 'refresh' method without user parameter can only be called under @Refresh().`);
+        }
+        userParams = store.user;
+      }
+      if (!userParams) {
+        throw new import_errors.AuthzError(`ParameterError: User data is undefined.`);
+      }
+      const payload = await this.authzProvider.createPayload(userParams);
+      const token = import_jsonwebtoken.default.sign(payload, this.jwtAuthzOptions.jwt.secretOrPrivateKey, this.jwtAuthzOptions.jwt.sign);
+      return {
+        token
+      };
+    }
+    setCookie(...rest) {
+      const store = (0, import_utils.getAlsStore)(this.als);
+      store.setCookie(...rest);
+    }
+    getUser() {
+      const store = (0, import_utils.getAlsStore)(this.als);
+      const user = store.user;
+      return user;
+    }
+  }, __name(_a, "JwtAuthzService"), _a);
+  JwtAuthzService = _ts_decorate([
+    _ts_param(0, (0, import_common.Inject)(AUTHZ_PROVIDER)),
+    _ts_param(1, (0, import_common.Inject)(JWT_AUTHZ_OPTIONS)),
+    _ts_param(2, (0, import_common.Inject)(ALS_PROVIDER)),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+      typeof import_authz.AuthzProviderClass === "undefined" ? Object : import_authz.AuthzProviderClass,
+      typeof JwtAuthzOptions === "undefined" ? Object : JwtAuthzOptions,
+      typeof import_node_async_hooks.AsyncLocalStorage === "undefined" ? Object : import_node_async_hooks.AsyncLocalStorage
+    ])
+  ], JwtAuthzService);
+  return (0, import_common.mixin)(JwtAuthzService);
+}, "createJwtAuthzService");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createJwtAuthzService
+});

package/dist/jwt/jwt-authz.strategy.d.ts

@@ -0,0 +1,40 @@
+import * as _nestjs_common from '@nestjs/common';
+import { AsyncLocalStorage } from 'node:async_hooks';
+import { Request } from 'express';
+import { AuthzProviderClass } from '../authz.provider.js';
+import { JwtAlsType } from './jwt-authz-als.middleware.js';
+import '../constants.js';
+import '../utils/types.js';
+import '@nestjs/common/interfaces';
+import './jwt-authz.interface.js';
+import 'crypto';
+import 'jsonwebtoken';
+import './extract-jwt.js';
+import 'cookie';
+
+declare const createJwtStrategy: ([JWT_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]: [string, any, any]) => _nestjs_common.Type<Omit<{
+    readonly authzProvider: AuthzProviderClass<unknown, unknown>;
+    readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
+    validate(req: Request): Promise<{}>;
+    authenticate(req: Request, options?: any): any;
+    success(user: any, info?: any): void;
+    fail(challenge: any, status: number): void;
+    fail(status: number): void;
+    redirect(url: string, status?: number): void;
+    pass(): void;
+    error(err: Error): void;
+}, "als" | "authzProvider">>;
+declare const createRefreshStrategy: ([JWT_REFRESH_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]: [string, any, any]) => _nestjs_common.Type<Omit<{
+    readonly authzProvider: AuthzProviderClass<unknown, unknown>;
+    readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
+    validate(req: Request): Promise<{}>;
+    authenticate(req: Request, options?: any): any;
+    success(user: any, info?: any): void;
+    fail(challenge: any, status: number): void;
+    fail(status: number): void;
+    redirect(url: string, status?: number): void;
+    pass(): void;
+    error(err: Error): void;
+}, "als" | "authzProvider">>;
+
+export { createJwtStrategy, createRefreshStrategy };

package/dist/jwt/jwt-authz.strategy.js

@@ -0,0 +1,194 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+var jwt_authz_strategy_exports = {};
+__export(jwt_authz_strategy_exports, {
+  createJwtStrategy: () => createJwtStrategy,
+  createRefreshStrategy: () => createRefreshStrategy
+});
+module.exports = __toCommonJS(jwt_authz_strategy_exports);
+var import_node_async_hooks = require("node:async_hooks");
+var import_common = require("@nestjs/common");
+var import_passport = require("@nestjs/passport");
+var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
+var import_passport_custom = require("passport-custom");
+var import_authz = require("../authz.provider");
+var import_constants = require("../constants");
+var import_errors = require("../errors");
+var import_utils = require("../utils");
+var import_extract_jwt = require("./extract-jwt");
+function _ts_decorate(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+__name(_ts_decorate, "_ts_decorate");
+function _ts_metadata(k, v) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+__name(_ts_metadata, "_ts_metadata");
+function _ts_param(paramIndex, decorator) {
+  return function(target, key) {
+    decorator(target, key, paramIndex);
+  };
+}
+__name(_ts_param, "_ts_param");
+const createJwtStrategy = /* @__PURE__ */ __name(([JWT_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]) => {
+  var _a;
+  let JwtStrategy = (_a = class extends (0, import_passport.PassportStrategy)(import_passport_custom.Strategy, JWT_STRATEGY) {
+    constructor(authzProvider, als) {
+      super();
+      __publicField(this, "authzProvider");
+      __publicField(this, "als");
+      this.authzProvider = authzProvider, this.als = als;
+      if (typeof this.authzProvider.authenticate !== "function") {
+        throw new import_errors.AuthzError(`InternalError: Method 'authenticate' from abstract class 'AuthzProvider' must be implemented.`);
+      }
+    }
+    async validate(req) {
+      const store = (0, import_utils.getAlsStore)(this.als);
+      const authOptions = store.authOptions;
+      if (!authOptions.jwt.verify) {
+        return [
+          null,
+          new import_errors.AuthzError(`InternalError: Refresh verify options must be implemented.`)
+        ];
+      }
+      const extractor = import_extract_jwt.ExtractJwt.fromExtractors(authOptions.jwt.jwtFromRequest);
+      req[import_constants.PASSPORT_PROPERTY] = authOptions.passportProperty;
+      const token = extractor(req);
+      if (!token) {
+        return [
+          null,
+          new import_errors.AuthzAnonymousError("AnonymousError: Cannnot find token.")
+        ];
+      }
+      let user = void 0;
+      try {
+        const payload = import_jsonwebtoken.default.verify(token, authOptions.jwt.secretOrPublicKey, authOptions.jwt.verify);
+        user = await this.authzProvider.authenticate(payload);
+      } catch (error) {
+        return [
+          null,
+          error instanceof Error ? new import_errors.AuthzVerificationError(`${error.name}: ${error.message}`, error) : new import_errors.AuthzVerificationError(`${error}`)
+        ];
+      }
+      store.user = user;
+      store.jwtVerifiedBy = import_constants.JwtValidationType.JWT;
+      if (!user) {
+        return [
+          null,
+          new import_errors.AuthzAnonymousError("AnonymousError: Cannnot find user.")
+        ];
+      }
+      return user;
+    }
+  }, __name(_a, "JwtStrategy"), _a);
+  JwtStrategy = _ts_decorate([
+    _ts_param(0, (0, import_common.Inject)(AUTHZ_PROVIDER)),
+    _ts_param(1, (0, import_common.Inject)(ALS_PROVIDER)),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+      typeof import_authz.AuthzProviderClass === "undefined" ? Object : import_authz.AuthzProviderClass,
+      typeof import_node_async_hooks.AsyncLocalStorage === "undefined" ? Object : import_node_async_hooks.AsyncLocalStorage
+    ])
+  ], JwtStrategy);
+  return (0, import_common.mixin)(JwtStrategy);
+}, "createJwtStrategy");
+const createRefreshStrategy = /* @__PURE__ */ __name(([JWT_REFRESH_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]) => {
+  var _a;
+  let RefreshStrategy = (_a = class extends (0, import_passport.PassportStrategy)(import_passport_custom.Strategy, JWT_REFRESH_STRATEGY) {
+    constructor(authzProvider, als) {
+      super();
+      __publicField(this, "authzProvider");
+      __publicField(this, "als");
+      this.authzProvider = authzProvider, this.als = als;
+      if (typeof this.authzProvider.authenticate !== "function") {
+        throw new import_errors.AuthzError(`InternalError: Method 'authenticate' from abstract class 'AuthzProvider' must be implemented.`);
+      }
+    }
+    async validate(req) {
+      const store = (0, import_utils.getAlsStore)(this.als);
+      const authOptions = store.authOptions;
+      if (!authOptions.refresh.verify) {
+        return [
+          null,
+          new import_errors.AuthzError(`InternalError: Refresh verify options must be implemented.`)
+        ];
+      }
+      const extractor = import_extract_jwt.ExtractJwt.fromExtractors(authOptions.refresh.jwtFromRequest);
+      req[import_constants.PASSPORT_PROPERTY] = authOptions.passportProperty;
+      const token = extractor(req);
+      if (!token) {
+        return [
+          null,
+          new import_errors.AuthzAnonymousError("AnonymousError: Cannnot find token.")
+        ];
+      }
+      let user = void 0;
+      try {
+        const payload = import_jsonwebtoken.default.verify(token, authOptions.refresh.secretOrPublicKey, authOptions.refresh.verify);
+        const decodePayload = (0, import_utils.decodeMsgpackrString)(payload.data);
+        user = await this.authzProvider.authenticate(decodePayload);
+      } catch (error) {
+        return [
+          null,
+          error instanceof Error ? new import_errors.AuthzVerificationError(`${error.name}: ${error.message}`, error) : new import_errors.AuthzVerificationError(`${error}`)
+        ];
+      }
+      store.user = user;
+      store.jwtVerifiedBy = import_constants.JwtValidationType.REFRESH;
+      if (!user) {
+        return [
+          null,
+          new import_errors.AuthzAnonymousError("AnonymousError: Cannnot find user.")
+        ];
+      }
+      return user;
+    }
+  }, __name(_a, "RefreshStrategy"), _a);
+  RefreshStrategy = _ts_decorate([
+    (0, import_common.Injectable)(),
+    _ts_param(0, (0, import_common.Inject)(AUTHZ_PROVIDER)),
+    _ts_param(1, (0, import_common.Inject)(ALS_PROVIDER)),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+      typeof import_authz.AuthzProviderClass === "undefined" ? Object : import_authz.AuthzProviderClass,
+      typeof import_node_async_hooks.AsyncLocalStorage === "undefined" ? Object : import_node_async_hooks.AsyncLocalStorage
+    ])
+  ], RefreshStrategy);
+  return (0, import_common.mixin)(RefreshStrategy);
+}, "createRefreshStrategy");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createJwtStrategy,
+  createRefreshStrategy
+});

package/dist/session/index.d.ts

@@ -0,0 +1,12 @@
+export { cereateSessionAuthzModule } from './session-authz.module.js';
+import '@nestjs/core';
+import '../authz.provider.js';
+import '../utils/types.js';
+import '@nestjs/common';
+import '@nestjs/common/interfaces';
+import 'express';
+import 'node:async_hooks';
+import 'express-session';
+import '../errors.js';
+import './session-authz-als.middleware.js';
+import './session-authz.interface.js';