@nestjs-kitchen/authz 2.0.2 → 2.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authz.provider.js +15 -18
- package/dist/constants.js +2 -2
- package/dist/errors.js +6 -16
- package/dist/jwt/extract-jwt.js +52 -56
- package/dist/jwt/jwt-authz-als.middleware.js +30 -47
- package/dist/jwt/jwt-authz.guard.js +50 -73
- package/dist/jwt/jwt-authz.interface.js +31 -6
- package/dist/jwt/jwt-authz.module.js +139 -186
- package/dist/jwt/jwt-authz.service.js +47 -62
- package/dist/jwt/jwt-authz.strategy.js +44 -81
- package/dist/session/session-authz-als.middleware.js +23 -41
- package/dist/session/session-authz.guard.js +40 -57
- package/dist/session/session-authz.interface.js +2 -3
- package/dist/session/session-authz.module.js +129 -172
- package/dist/session/session-authz.service.js +29 -48
- package/dist/session/session-authz.strategy.js +23 -47
- package/dist/user.decorator.js +2 -3
- package/dist/utils/cookie-parsers.js +13 -20
- package/dist/utils/create-authz-decorator-factory.js +4 -5
- package/dist/utils/create-set-cookie-fn.js +2 -3
- package/dist/utils/generics.js +9 -12
- package/dist/utils/get-allow-anonymous.js +2 -3
- package/dist/utils/get-als-store.js +2 -3
- package/dist/utils/get-context-authz-meta-params-list.js +2 -3
- package/dist/utils/get-passport-property.js +2 -3
- package/dist/utils/merge-dynamic-module-configs.js +13 -23
- package/dist/utils/msgpackrs.js +4 -5
- package/package.json +4 -4
|
@@ -4,8 +4,6 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
|
4
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
5
|
var __getProtoOf = Object.getPrototypeOf;
|
|
6
6
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
7
|
-
var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
8
|
-
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
9
7
|
var __export = (target, all) => {
|
|
10
8
|
for (var name in all)
|
|
11
9
|
__defProp(target, name, { get: all[name], enumerable: true });
|
|
@@ -27,69 +25,52 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
|
|
|
27
25
|
mod
|
|
28
26
|
));
|
|
29
27
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
30
|
-
var
|
|
28
|
+
var __decorateClass = (decorators, target, key, kind) => {
|
|
29
|
+
var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
|
|
30
|
+
for (var i = decorators.length - 1, decorator; i >= 0; i--)
|
|
31
|
+
if (decorator = decorators[i])
|
|
32
|
+
result = (kind ? decorator(target, key, result) : decorator(result)) || result;
|
|
33
|
+
if (kind && result) __defProp(target, key, result);
|
|
34
|
+
return result;
|
|
35
|
+
};
|
|
36
|
+
var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
|
|
31
37
|
var jwt_authz_strategy_exports = {};
|
|
32
38
|
__export(jwt_authz_strategy_exports, {
|
|
33
39
|
createJwtStrategy: () => createJwtStrategy,
|
|
34
40
|
createRefreshStrategy: () => createRefreshStrategy
|
|
35
41
|
});
|
|
36
42
|
module.exports = __toCommonJS(jwt_authz_strategy_exports);
|
|
37
|
-
var import_node_async_hooks = require("node:async_hooks");
|
|
38
43
|
var import_common = require("@nestjs/common");
|
|
39
44
|
var import_passport = require("@nestjs/passport");
|
|
40
45
|
var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
|
|
41
46
|
var import_passport_custom = require("passport-custom");
|
|
42
|
-
var import_authz = require("../authz.provider");
|
|
43
47
|
var import_constants = require("../constants");
|
|
44
48
|
var import_errors = require("../errors");
|
|
45
49
|
var import_utils = require("../utils");
|
|
46
50
|
var import_extract_jwt = require("./extract-jwt");
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
50
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
51
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
52
|
-
}
|
|
53
|
-
__name(_ts_decorate, "_ts_decorate");
|
|
54
|
-
function _ts_metadata(k, v) {
|
|
55
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
56
|
-
}
|
|
57
|
-
__name(_ts_metadata, "_ts_metadata");
|
|
58
|
-
function _ts_param(paramIndex, decorator) {
|
|
59
|
-
return function(target, key) {
|
|
60
|
-
decorator(target, key, paramIndex);
|
|
61
|
-
};
|
|
62
|
-
}
|
|
63
|
-
__name(_ts_param, "_ts_param");
|
|
64
|
-
const createJwtStrategy = /* @__PURE__ */ __name(([JWT_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]) => {
|
|
65
|
-
var _a;
|
|
66
|
-
let JwtStrategy = (_a = class extends (0, import_passport.PassportStrategy)(import_passport_custom.Strategy, JWT_STRATEGY) {
|
|
51
|
+
const createJwtStrategy = ([JWT_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]) => {
|
|
52
|
+
let JwtStrategy = class extends (0, import_passport.PassportStrategy)(import_passport_custom.Strategy, JWT_STRATEGY) {
|
|
67
53
|
constructor(authzProvider, als) {
|
|
68
54
|
super();
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
this.authzProvider = authzProvider, this.als = als;
|
|
55
|
+
this.authzProvider = authzProvider;
|
|
56
|
+
this.als = als;
|
|
72
57
|
if (typeof this.authzProvider.authenticate !== "function") {
|
|
73
|
-
throw new import_errors.AuthzError(
|
|
58
|
+
throw new import_errors.AuthzError(
|
|
59
|
+
`InternalError: Method 'authenticate' from abstract class 'AuthzProvider' must be implemented.`
|
|
60
|
+
);
|
|
74
61
|
}
|
|
75
62
|
}
|
|
76
63
|
async validate(req) {
|
|
77
64
|
const store = (0, import_utils.getAlsStore)(this.als);
|
|
78
65
|
const authOptions = store.authOptions;
|
|
79
66
|
if (!authOptions.jwt.verify) {
|
|
80
|
-
return [
|
|
81
|
-
null,
|
|
82
|
-
new import_errors.AuthzError(`InternalError: Refresh verify options must be implemented.`)
|
|
83
|
-
];
|
|
67
|
+
return [null, new import_errors.AuthzError(`InternalError: Refresh verify options must be implemented.`)];
|
|
84
68
|
}
|
|
85
69
|
const extractor = import_extract_jwt.ExtractJwt.fromExtractors(authOptions.jwt.jwtFromRequest);
|
|
86
70
|
req[import_constants.PASSPORT_PROPERTY] = authOptions.passportProperty;
|
|
87
71
|
const token = extractor(req);
|
|
88
72
|
if (!token) {
|
|
89
|
-
return [
|
|
90
|
-
null,
|
|
91
|
-
new import_errors.AuthzAnonymousError("AnonymousError: Cannnot find token.")
|
|
92
|
-
];
|
|
73
|
+
return [null, new import_errors.AuthzAnonymousError("AnonymousError: Cannnot find token.")];
|
|
93
74
|
}
|
|
94
75
|
let user = void 0;
|
|
95
76
|
try {
|
|
@@ -104,58 +85,48 @@ const createJwtStrategy = /* @__PURE__ */ __name(([JWT_STRATEGY, AUTHZ_PROVIDER,
|
|
|
104
85
|
store.user = user;
|
|
105
86
|
store.jwtVerifiedBy = import_constants.JwtValidationType.JWT;
|
|
106
87
|
if (!user) {
|
|
107
|
-
return [
|
|
108
|
-
null,
|
|
109
|
-
new import_errors.AuthzAnonymousError("AnonymousError: Cannnot find user.")
|
|
110
|
-
];
|
|
88
|
+
return [null, new import_errors.AuthzAnonymousError("AnonymousError: Cannnot find user.")];
|
|
111
89
|
}
|
|
112
90
|
return user;
|
|
113
91
|
}
|
|
114
|
-
}
|
|
115
|
-
JwtStrategy =
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
_ts_metadata("design:type", Function),
|
|
119
|
-
_ts_metadata("design:paramtypes", [
|
|
120
|
-
typeof import_authz.AuthzProviderClass === "undefined" ? Object : import_authz.AuthzProviderClass,
|
|
121
|
-
typeof import_node_async_hooks.AsyncLocalStorage === "undefined" ? Object : import_node_async_hooks.AsyncLocalStorage
|
|
122
|
-
])
|
|
92
|
+
};
|
|
93
|
+
JwtStrategy = __decorateClass([
|
|
94
|
+
__decorateParam(0, (0, import_common.Inject)(AUTHZ_PROVIDER)),
|
|
95
|
+
__decorateParam(1, (0, import_common.Inject)(ALS_PROVIDER))
|
|
123
96
|
], JwtStrategy);
|
|
124
97
|
return (0, import_common.mixin)(JwtStrategy);
|
|
125
|
-
}
|
|
126
|
-
const createRefreshStrategy =
|
|
127
|
-
|
|
128
|
-
let RefreshStrategy = (_a = class extends (0, import_passport.PassportStrategy)(import_passport_custom.Strategy, JWT_REFRESH_STRATEGY) {
|
|
98
|
+
};
|
|
99
|
+
const createRefreshStrategy = ([JWT_REFRESH_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]) => {
|
|
100
|
+
let RefreshStrategy = class extends (0, import_passport.PassportStrategy)(import_passport_custom.Strategy, JWT_REFRESH_STRATEGY) {
|
|
129
101
|
constructor(authzProvider, als) {
|
|
130
102
|
super();
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
this.authzProvider = authzProvider, this.als = als;
|
|
103
|
+
this.authzProvider = authzProvider;
|
|
104
|
+
this.als = als;
|
|
134
105
|
if (typeof this.authzProvider.authenticate !== "function") {
|
|
135
|
-
throw new import_errors.AuthzError(
|
|
106
|
+
throw new import_errors.AuthzError(
|
|
107
|
+
`InternalError: Method 'authenticate' from abstract class 'AuthzProvider' must be implemented.`
|
|
108
|
+
);
|
|
136
109
|
}
|
|
137
110
|
}
|
|
138
111
|
async validate(req) {
|
|
139
112
|
const store = (0, import_utils.getAlsStore)(this.als);
|
|
140
113
|
const authOptions = store.authOptions;
|
|
141
114
|
if (!authOptions.refresh.verify) {
|
|
142
|
-
return [
|
|
143
|
-
null,
|
|
144
|
-
new import_errors.AuthzError(`InternalError: Refresh verify options must be implemented.`)
|
|
145
|
-
];
|
|
115
|
+
return [null, new import_errors.AuthzError(`InternalError: Refresh verify options must be implemented.`)];
|
|
146
116
|
}
|
|
147
117
|
const extractor = import_extract_jwt.ExtractJwt.fromExtractors(authOptions.refresh.jwtFromRequest);
|
|
148
118
|
req[import_constants.PASSPORT_PROPERTY] = authOptions.passportProperty;
|
|
149
119
|
const token = extractor(req);
|
|
150
120
|
if (!token) {
|
|
151
|
-
return [
|
|
152
|
-
null,
|
|
153
|
-
new import_errors.AuthzAnonymousError("AnonymousError: Cannnot find token.")
|
|
154
|
-
];
|
|
121
|
+
return [null, new import_errors.AuthzAnonymousError("AnonymousError: Cannnot find token.")];
|
|
155
122
|
}
|
|
156
123
|
let user = void 0;
|
|
157
124
|
try {
|
|
158
|
-
const payload = import_jsonwebtoken.default.verify(
|
|
125
|
+
const payload = import_jsonwebtoken.default.verify(
|
|
126
|
+
token,
|
|
127
|
+
authOptions.refresh.secretOrPublicKey,
|
|
128
|
+
authOptions.refresh.verify
|
|
129
|
+
);
|
|
159
130
|
const decodePayload = (0, import_utils.decodeMsgpackrString)(payload.data);
|
|
160
131
|
user = await this.authzProvider.authenticate(decodePayload);
|
|
161
132
|
} catch (error) {
|
|
@@ -167,26 +138,18 @@ const createRefreshStrategy = /* @__PURE__ */ __name(([JWT_REFRESH_STRATEGY, AUT
|
|
|
167
138
|
store.user = user;
|
|
168
139
|
store.jwtVerifiedBy = import_constants.JwtValidationType.REFRESH;
|
|
169
140
|
if (!user) {
|
|
170
|
-
return [
|
|
171
|
-
null,
|
|
172
|
-
new import_errors.AuthzAnonymousError("AnonymousError: Cannnot find user.")
|
|
173
|
-
];
|
|
141
|
+
return [null, new import_errors.AuthzAnonymousError("AnonymousError: Cannnot find user.")];
|
|
174
142
|
}
|
|
175
143
|
return user;
|
|
176
144
|
}
|
|
177
|
-
}
|
|
178
|
-
RefreshStrategy =
|
|
145
|
+
};
|
|
146
|
+
RefreshStrategy = __decorateClass([
|
|
179
147
|
(0, import_common.Injectable)(),
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
_ts_metadata("design:type", Function),
|
|
183
|
-
_ts_metadata("design:paramtypes", [
|
|
184
|
-
typeof import_authz.AuthzProviderClass === "undefined" ? Object : import_authz.AuthzProviderClass,
|
|
185
|
-
typeof import_node_async_hooks.AsyncLocalStorage === "undefined" ? Object : import_node_async_hooks.AsyncLocalStorage
|
|
186
|
-
])
|
|
148
|
+
__decorateParam(0, (0, import_common.Inject)(AUTHZ_PROVIDER)),
|
|
149
|
+
__decorateParam(1, (0, import_common.Inject)(ALS_PROVIDER))
|
|
187
150
|
], RefreshStrategy);
|
|
188
151
|
return (0, import_common.mixin)(RefreshStrategy);
|
|
189
|
-
}
|
|
152
|
+
};
|
|
190
153
|
// Annotate the CommonJS export names for ESM import in node:
|
|
191
154
|
0 && (module.exports = {
|
|
192
155
|
createJwtStrategy,
|
|
@@ -2,8 +2,6 @@ var __defProp = Object.defineProperty;
|
|
|
2
2
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
3
3
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
4
4
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
5
|
-
var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
6
|
-
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
7
5
|
var __export = (target, all) => {
|
|
8
6
|
for (var name in all)
|
|
9
7
|
__defProp(target, name, { get: all[name], enumerable: true });
|
|
@@ -17,47 +15,36 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
return to;
|
|
18
16
|
};
|
|
19
17
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
20
|
-
var
|
|
18
|
+
var __decorateClass = (decorators, target, key, kind) => {
|
|
19
|
+
var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
|
|
20
|
+
for (var i = decorators.length - 1, decorator; i >= 0; i--)
|
|
21
|
+
if (decorator = decorators[i])
|
|
22
|
+
result = (kind ? decorator(target, key, result) : decorator(result)) || result;
|
|
23
|
+
if (kind && result) __defProp(target, key, result);
|
|
24
|
+
return result;
|
|
25
|
+
};
|
|
26
|
+
var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
|
|
21
27
|
var session_authz_als_middleware_exports = {};
|
|
22
28
|
__export(session_authz_als_middleware_exports, {
|
|
23
29
|
createSessionAuthzAlsMiddleware: () => createSessionAuthzAlsMiddleware
|
|
24
30
|
});
|
|
25
31
|
module.exports = __toCommonJS(session_authz_als_middleware_exports);
|
|
26
|
-
var import_node_async_hooks = require("node:async_hooks");
|
|
27
32
|
var import_common = require("@nestjs/common");
|
|
28
33
|
var import_constants = require("../constants");
|
|
29
34
|
var import_errors = require("../errors");
|
|
30
35
|
var import_utils = require("../utils");
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
34
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
35
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
36
|
-
}
|
|
37
|
-
__name(_ts_decorate, "_ts_decorate");
|
|
38
|
-
function _ts_metadata(k, v) {
|
|
39
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
40
|
-
}
|
|
41
|
-
__name(_ts_metadata, "_ts_metadata");
|
|
42
|
-
function _ts_param(paramIndex, decorator) {
|
|
43
|
-
return function(target, key) {
|
|
44
|
-
decorator(target, key, paramIndex);
|
|
45
|
-
};
|
|
46
|
-
}
|
|
47
|
-
__name(_ts_param, "_ts_param");
|
|
48
|
-
const createSessionAuthzAlsMiddleware = /* @__PURE__ */ __name(([ALS_PROVIDER, SESSION_AUTHZ_OPTIONS]) => {
|
|
49
|
-
var _a;
|
|
50
|
-
let SessionAuthzAlsMiddleware = (_a = class {
|
|
36
|
+
const createSessionAuthzAlsMiddleware = ([ALS_PROVIDER, SESSION_AUTHZ_OPTIONS]) => {
|
|
37
|
+
let SessionAuthzAlsMiddleware = class {
|
|
51
38
|
constructor(als, sessionAuthzOptions) {
|
|
52
|
-
__publicField(this, "als");
|
|
53
|
-
__publicField(this, "sessionAuthzOptions");
|
|
54
39
|
this.als = als;
|
|
55
40
|
this.sessionAuthzOptions = sessionAuthzOptions;
|
|
56
41
|
}
|
|
57
42
|
use(req, res, next) {
|
|
58
43
|
const keepSessionInfo = Boolean(this.sessionAuthzOptions.keepSessionInfo);
|
|
59
44
|
if (!req.session) {
|
|
60
|
-
return next(
|
|
45
|
+
return next(
|
|
46
|
+
new import_errors.AuthzError("Login sessions require session support. Did you forget to use `express-session` middleware?")
|
|
47
|
+
);
|
|
61
48
|
}
|
|
62
49
|
const prevSession = req.session;
|
|
63
50
|
const store = {
|
|
@@ -66,7 +53,7 @@ const createSessionAuthzAlsMiddleware = /* @__PURE__ */ __name(([ALS_PROVIDER, S
|
|
|
66
53
|
guardResult: void 0,
|
|
67
54
|
authOptions: this.sessionAuthzOptions,
|
|
68
55
|
// ref: https://github.com/jaredhanson/passport/blob/217018dbc46dcd4118dd6f2c60c8d97010c587f8/lib/sessionmanager.js#L14
|
|
69
|
-
logIn:
|
|
56
|
+
logIn: (user) => {
|
|
70
57
|
return new Promise((resolve, reject) => {
|
|
71
58
|
req.session.regenerate(function(err) {
|
|
72
59
|
if (err) {
|
|
@@ -87,9 +74,9 @@ const createSessionAuthzAlsMiddleware = /* @__PURE__ */ __name(([ALS_PROVIDER, S
|
|
|
87
74
|
});
|
|
88
75
|
});
|
|
89
76
|
});
|
|
90
|
-
},
|
|
77
|
+
},
|
|
91
78
|
// ref: https://github.com/jaredhanson/passport/blob/217018dbc46dcd4118dd6f2c60c8d97010c587f8/lib/sessionmanager.js#L57
|
|
92
|
-
logOut:
|
|
79
|
+
logOut: () => {
|
|
93
80
|
return new Promise((resolve, reject) => {
|
|
94
81
|
if (req.session[import_constants.SESSION_PASSPORT_KEY]) {
|
|
95
82
|
delete req.session[import_constants.SESSION_PASSPORT_KEY].user;
|
|
@@ -109,25 +96,20 @@ const createSessionAuthzAlsMiddleware = /* @__PURE__ */ __name(([ALS_PROVIDER, S
|
|
|
109
96
|
});
|
|
110
97
|
});
|
|
111
98
|
});
|
|
112
|
-
},
|
|
99
|
+
},
|
|
113
100
|
setCookie: (0, import_utils.createSetCookieFn)(req, res)
|
|
114
101
|
};
|
|
115
102
|
this.als.run(store, () => {
|
|
116
103
|
next();
|
|
117
104
|
});
|
|
118
105
|
}
|
|
119
|
-
}
|
|
120
|
-
SessionAuthzAlsMiddleware =
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
_ts_metadata("design:type", Function),
|
|
124
|
-
_ts_metadata("design:paramtypes", [
|
|
125
|
-
typeof import_node_async_hooks.AsyncLocalStorage === "undefined" ? Object : import_node_async_hooks.AsyncLocalStorage,
|
|
126
|
-
typeof SessionAuthzOptions === "undefined" ? Object : SessionAuthzOptions
|
|
127
|
-
])
|
|
106
|
+
};
|
|
107
|
+
SessionAuthzAlsMiddleware = __decorateClass([
|
|
108
|
+
__decorateParam(0, (0, import_common.Inject)(ALS_PROVIDER)),
|
|
109
|
+
__decorateParam(1, (0, import_common.Inject)(SESSION_AUTHZ_OPTIONS))
|
|
128
110
|
], SessionAuthzAlsMiddleware);
|
|
129
111
|
return (0, import_common.mixin)(SessionAuthzAlsMiddleware);
|
|
130
|
-
}
|
|
112
|
+
};
|
|
131
113
|
// Annotate the CommonJS export names for ESM import in node:
|
|
132
114
|
0 && (module.exports = {
|
|
133
115
|
createSessionAuthzAlsMiddleware
|
|
@@ -2,8 +2,6 @@ var __defProp = Object.defineProperty;
|
|
|
2
2
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
3
3
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
4
4
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
5
|
-
var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
6
|
-
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
7
5
|
var __export = (target, all) => {
|
|
8
6
|
for (var name in all)
|
|
9
7
|
__defProp(target, name, { get: all[name], enumerable: true });
|
|
@@ -17,45 +15,38 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
return to;
|
|
18
16
|
};
|
|
19
17
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
20
|
-
var
|
|
18
|
+
var __decorateClass = (decorators, target, key, kind) => {
|
|
19
|
+
var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
|
|
20
|
+
for (var i = decorators.length - 1, decorator; i >= 0; i--)
|
|
21
|
+
if (decorator = decorators[i])
|
|
22
|
+
result = (kind ? decorator(target, key, result) : decorator(result)) || result;
|
|
23
|
+
if (kind && result) __defProp(target, key, result);
|
|
24
|
+
return result;
|
|
25
|
+
};
|
|
26
|
+
var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
|
|
21
27
|
var session_authz_guard_exports = {};
|
|
22
28
|
__export(session_authz_guard_exports, {
|
|
23
29
|
createSessionAuthzGuard: () => createSessionAuthzGuard
|
|
24
30
|
});
|
|
25
31
|
module.exports = __toCommonJS(session_authz_guard_exports);
|
|
26
32
|
var import_common = require("@nestjs/common");
|
|
27
|
-
var import_core = require("@nestjs/core");
|
|
28
33
|
var import_passport = require("@nestjs/passport");
|
|
29
|
-
var import_authz = require("../authz.provider");
|
|
30
34
|
var import_errors = require("../errors");
|
|
31
35
|
var import_utils = require("../utils");
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
41
|
-
}
|
|
42
|
-
__name(_ts_metadata, "_ts_metadata");
|
|
43
|
-
function _ts_param(paramIndex, decorator) {
|
|
44
|
-
return function(target, key) {
|
|
45
|
-
decorator(target, key, paramIndex);
|
|
46
|
-
};
|
|
47
|
-
}
|
|
48
|
-
__name(_ts_param, "_ts_param");
|
|
49
|
-
const createSessionAuthzGuard = /* @__PURE__ */ __name(([SESSION_STRATEGY, AUTHZ_PROVIDER, SESSION_AUTHZ_OPTIONS, ALS_PROVIDER, SESSION_META_KEY]) => {
|
|
50
|
-
var _a;
|
|
51
|
-
let SessionAuthzGuard = (_a = class extends (0, import_passport.AuthGuard)(SESSION_STRATEGY) {
|
|
36
|
+
const createSessionAuthzGuard = ([
|
|
37
|
+
SESSION_STRATEGY,
|
|
38
|
+
AUTHZ_PROVIDER,
|
|
39
|
+
SESSION_AUTHZ_OPTIONS,
|
|
40
|
+
ALS_PROVIDER,
|
|
41
|
+
SESSION_META_KEY
|
|
42
|
+
]) => {
|
|
43
|
+
let SessionAuthzGuard = class extends (0, import_passport.AuthGuard)(SESSION_STRATEGY) {
|
|
52
44
|
constructor(reflector, authzProvider, sessionAuthzOptions, als) {
|
|
53
45
|
super();
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
this.reflector = reflector, this.authzProvider = authzProvider, this.sessionAuthzOptions = sessionAuthzOptions, this.als = als;
|
|
46
|
+
this.reflector = reflector;
|
|
47
|
+
this.authzProvider = authzProvider;
|
|
48
|
+
this.sessionAuthzOptions = sessionAuthzOptions;
|
|
49
|
+
this.als = als;
|
|
59
50
|
}
|
|
60
51
|
getAuthenticateOptions() {
|
|
61
52
|
return {
|
|
@@ -64,16 +55,16 @@ const createSessionAuthzGuard = /* @__PURE__ */ __name(([SESSION_STRATEGY, AUTHZ
|
|
|
64
55
|
};
|
|
65
56
|
}
|
|
66
57
|
/**
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
58
|
+
*
|
|
59
|
+
* recives err, user, info from JwtStrategy.validate
|
|
60
|
+
*
|
|
61
|
+
* will return request.user=null if allowAnonymous=true
|
|
62
|
+
*
|
|
63
|
+
* @param _err will always be null
|
|
64
|
+
* @param user if user is null, then info will be AuthError. if user is defined, then info will be undefined.
|
|
65
|
+
* @param info AuthzError or undefined
|
|
66
|
+
* @returns
|
|
67
|
+
*/
|
|
77
68
|
handleRequest(_err, user, info) {
|
|
78
69
|
const store = (0, import_utils.getAlsStore)(this.als);
|
|
79
70
|
if (info) {
|
|
@@ -90,10 +81,9 @@ const createSessionAuthzGuard = /* @__PURE__ */ __name(([SESSION_STRATEGY, AUTHZ
|
|
|
90
81
|
if ((0, import_utils.isNotFalsy)(store.guardResult)) {
|
|
91
82
|
return store.guardResult;
|
|
92
83
|
}
|
|
93
|
-
const paramsList = (0, import_utils.normalizedArray)(
|
|
94
|
-
context.getClass(),
|
|
95
|
-
|
|
96
|
-
]));
|
|
84
|
+
const paramsList = (0, import_utils.normalizedArray)(
|
|
85
|
+
this.reflector.getAll(SESSION_META_KEY, [context.getClass(), context.getHandler()])
|
|
86
|
+
);
|
|
97
87
|
if (paramsList.length && Boolean(paramsList[paramsList.length - 1].options?.public)) {
|
|
98
88
|
store.guardResult = true;
|
|
99
89
|
return true;
|
|
@@ -118,21 +108,14 @@ const createSessionAuthzGuard = /* @__PURE__ */ __name(([SESSION_STRATEGY, AUTHZ
|
|
|
118
108
|
}
|
|
119
109
|
return true;
|
|
120
110
|
}
|
|
121
|
-
}
|
|
122
|
-
SessionAuthzGuard =
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
_ts_metadata("design:type", Function),
|
|
127
|
-
_ts_metadata("design:paramtypes", [
|
|
128
|
-
typeof import_core.Reflector === "undefined" ? Object : import_core.Reflector,
|
|
129
|
-
typeof import_authz.AuthzProviderClass === "undefined" ? Object : import_authz.AuthzProviderClass,
|
|
130
|
-
typeof SessionAuthzOptions === "undefined" ? Object : SessionAuthzOptions,
|
|
131
|
-
typeof AsyncLocalStorage === "undefined" ? Object : AsyncLocalStorage
|
|
132
|
-
])
|
|
111
|
+
};
|
|
112
|
+
SessionAuthzGuard = __decorateClass([
|
|
113
|
+
__decorateParam(1, (0, import_common.Inject)(AUTHZ_PROVIDER)),
|
|
114
|
+
__decorateParam(2, (0, import_common.Inject)(SESSION_AUTHZ_OPTIONS)),
|
|
115
|
+
__decorateParam(3, (0, import_common.Inject)(ALS_PROVIDER))
|
|
133
116
|
], SessionAuthzGuard);
|
|
134
117
|
return (0, import_common.mixin)(SessionAuthzGuard);
|
|
135
|
-
}
|
|
118
|
+
};
|
|
136
119
|
// Annotate the CommonJS export names for ESM import in node:
|
|
137
120
|
0 && (module.exports = {
|
|
138
121
|
createSessionAuthzGuard
|
|
@@ -2,7 +2,6 @@ var __defProp = Object.defineProperty;
|
|
|
2
2
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
3
3
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
4
4
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
5
|
-
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
6
5
|
var __export = (target, all) => {
|
|
7
6
|
for (var name in all)
|
|
8
7
|
__defProp(target, name, { get: all[name], enumerable: true });
|
|
@@ -22,7 +21,7 @@ __export(session_authz_interface_exports, {
|
|
|
22
21
|
});
|
|
23
22
|
module.exports = __toCommonJS(session_authz_interface_exports);
|
|
24
23
|
var import_constants = require("../constants");
|
|
25
|
-
const normalizedSessionAuthzModuleOptions =
|
|
24
|
+
const normalizedSessionAuthzModuleOptions = (options = {}) => {
|
|
26
25
|
const { keepSessionInfo, ...sessionOpts } = options.session ?? {};
|
|
27
26
|
return {
|
|
28
27
|
defaultOverride: options.defaultOverride || false,
|
|
@@ -36,7 +35,7 @@ const normalizedSessionAuthzModuleOptions = /* @__PURE__ */ __name((options = {}
|
|
|
36
35
|
...sessionOpts
|
|
37
36
|
}
|
|
38
37
|
};
|
|
39
|
-
}
|
|
38
|
+
};
|
|
40
39
|
// Annotate the CommonJS export names for ESM import in node:
|
|
41
40
|
0 && (module.exports = {
|
|
42
41
|
normalizedSessionAuthzModuleOptions
|