@nestjs-kitchen/authz 2.0.2 → 2.0.4

package/dist/jwt/jwt-authz.guard.js

@@ -1,179 +1,134 @@
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
-var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
-var jwt_authz_guard_exports = {};
-__export(jwt_authz_guard_exports, {
-  createJwtAuthzGuard: () => createJwtAuthzGuard,
-  createJwtRefreshAuthzGuard: () => createJwtRefreshAuthzGuard
-});
-module.exports = __toCommonJS(jwt_authz_guard_exports);
-var import_common = require("@nestjs/common");
-var import_core = require("@nestjs/core");
-var import_passport = require("@nestjs/passport");
-var import_authz = require("../authz.provider");
-var import_errors = require("../errors");
-var import_utils = require("../utils");
-function _ts_decorate(decorators, target, key, desc) {
-  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-  return c > 3 && r && Object.defineProperty(target, key, r), r;
-}
-__name(_ts_decorate, "_ts_decorate");
-function _ts_metadata(k, v) {
-  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
-}
-__name(_ts_metadata, "_ts_metadata");
-function _ts_param(paramIndex, decorator) {
-  return function(target, key) {
-    decorator(target, key, paramIndex);
-  };
-}
-__name(_ts_param, "_ts_param");
-const createJwtAuthzGuard = /* @__PURE__ */ __name(([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER, JWT_META_KEY, JWT_REFRESH_META_KEY]) => {
-  var _a;
-  let JwtAuthzGuard = (_a = class extends (0, import_passport.AuthGuard)(JWT_STRATEGY) {
-    constructor(reflector, authzProvider, jwtAuthzOptions, als) {
-      super();
-      __publicField(this, "reflector");
-      __publicField(this, "authzProvider");
-      __publicField(this, "jwtAuthzOptions");
-      __publicField(this, "als");
-      this.reflector = reflector, this.authzProvider = authzProvider, this.jwtAuthzOptions = jwtAuthzOptions, this.als = als;
-    }
-    getAuthenticateOptions() {
-      return {
-        property: this.jwtAuthzOptions.passportProperty,
-        session: false
-      };
-    }
-    /**
-    *
-    * recives err, user, info from JwtStrategy.validate
-    *
-    * will return request.user=null if allowAnonymous=true
-    *
-    * @param _err will always be null
-    * @param user if user is null, then info will be AuthError. if user is defined, then info will be undefined.
-    * @param info AuthzError or undefined
-    * @returns
-    */
-    handleRequest(_err, user, info) {
-      const store = (0, import_utils.getAlsStore)(this.als);
-      if (info) {
-        if (store.allowAnonymous && info.name === import_errors.AuthzAnonymousError.name) {
-          return user;
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createJwtRefreshAuthzGuard = exports.createJwtAuthzGuard = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const passport_1 = require("@nestjs/passport");
+const authz_provider_1 = require("../authz.provider");
+const errors_1 = require("../errors");
+const utils_1 = require("../utils");
+const createJwtAuthzGuard = ([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER, JWT_META_KEY, JWT_REFRESH_META_KEY]) => {
+    let JwtAuthzGuard = class JwtAuthzGuard extends (0, passport_1.AuthGuard)(JWT_STRATEGY) {
+        constructor(reflector, authzProvider, jwtAuthzOptions, als) {
+            super();
+            this.reflector = reflector;
+            this.authzProvider = authzProvider;
+            this.jwtAuthzOptions = jwtAuthzOptions;
+            this.als = als;
+        }
+        getAuthenticateOptions() {
+            return {
+                property: this.jwtAuthzOptions.passportProperty,
+                session: false
+            };
+        }
+        /**
+         *
+         * recives err, user, info from JwtStrategy.validate
+         *
+         * will return request.user=null if allowAnonymous=true
+         *
+         * @param _err will always be null
+         * @param user if user is null, then info will be AuthError. if user is defined, then info will be undefined.
+         * @param info AuthzError or undefined
+         * @returns
+         */
+        handleRequest(_err, user, info) {
+            const store = (0, utils_1.getAlsStore)(this.als);
+            if (info) {
+                if (store.allowAnonymous && info.name === errors_1.AuthzAnonymousError.name) {
+                    // user is null.
+                    return user;
+                }
+                store.guardResult = false;
+                throw info;
+            }
+            return user;
+        }
+        async canActivate(context) {
+            const store = (0, utils_1.getAlsStore)(this.als);
+            if ((0, utils_1.isNotFalsy)(store.guardResult)) {
+                return store.guardResult;
+            }
+            const jwtRefreshMetaCollection = (0, utils_1.normalizedArray)(this.reflector.getAll(JWT_REFRESH_META_KEY, [context.getClass(), context.getHandler()]));
+            // authz decorator will be ignore when use refresh decorator together.
+            if (Boolean(this.jwtAuthzOptions.refresh) && jwtRefreshMetaCollection.length) {
+                store.guardResult = true;
+                return true;
+            }
+            const paramsList = (0, utils_1.normalizedArray)(this.reflector.getAll(JWT_META_KEY, [context.getClass(), context.getHandler()]));
+            // bypass if last meta is public
+            if (paramsList.length && Boolean(paramsList[paramsList.length - 1].options?.public)) {
+                store.guardResult = true;
+                return true;
+            }
+            const contextParamsList = (0, utils_1.getContextAuthzMetaParamsList)(paramsList, {
+                defaultOverride: this.jwtAuthzOptions.defaultOverride,
+                skipFalsyMetadata: this.jwtAuthzOptions.skipFalsyMetadata
+            });
+            const req = context.switchToHttp().getRequest();
+            store.allowAnonymous = (0, utils_1.getAllowAnonymous)(contextParamsList, {
+                defaultAllowAnonymous: this.jwtAuthzOptions.defaultAllowAnonymous
+            });
+            await super.canActivate(context);
+            // will be null if allowAnonymous=true.
+            const user = (0, utils_1.getPassportProperty)(req);
+            if (store.allowAnonymous && !user) {
+                return true;
+            }
+            for (const ele of contextParamsList) {
+                if (!(await this.authzProvider.authorize(user, ele.metaData))) {
+                    return false;
+                }
+            }
+            return true;
         }
-        store.guardResult = false;
-        throw info;
-      }
-      return user;
-    }
-    async canActivate(context) {
-      const store = (0, import_utils.getAlsStore)(this.als);
-      if ((0, import_utils.isNotFalsy)(store.guardResult)) {
-        return store.guardResult;
-      }
-      const jwtRefreshMetaCollection = (0, import_utils.normalizedArray)(this.reflector.getAll(JWT_REFRESH_META_KEY, [
-        context.getClass(),
-        context.getHandler()
-      ]));
-      if (Boolean(this.jwtAuthzOptions.refresh) && jwtRefreshMetaCollection.length) {
-        store.guardResult = true;
-        return true;
-      }
-      const paramsList = (0, import_utils.normalizedArray)(this.reflector.getAll(JWT_META_KEY, [
-        context.getClass(),
-        context.getHandler()
-      ]));
-      if (paramsList.length && Boolean(paramsList[paramsList.length - 1].options?.public)) {
-        store.guardResult = true;
-        return true;
-      }
-      const contextParamsList = (0, import_utils.getContextAuthzMetaParamsList)(paramsList, {
-        defaultOverride: this.jwtAuthzOptions.defaultOverride,
-        skipFalsyMetadata: this.jwtAuthzOptions.skipFalsyMetadata
-      });
-      const req = context.switchToHttp().getRequest();
-      store.allowAnonymous = (0, import_utils.getAllowAnonymous)(contextParamsList, {
-        defaultAllowAnonymous: this.jwtAuthzOptions.defaultAllowAnonymous
-      });
-      await super.canActivate(context);
-      const user = (0, import_utils.getPassportProperty)(req);
-      if (store.allowAnonymous && !user) {
-        return true;
-      }
-      for (const ele of contextParamsList) {
-        if (!await this.authzProvider.authorize(user, ele.metaData)) {
-          return false;
+    };
+    JwtAuthzGuard = __decorate([
+        __param(1, (0, common_1.Inject)(AUTHZ_PROVIDER)),
+        __param(2, (0, common_1.Inject)(JWT_AUTHZ_OPTIONS)),
+        __param(3, (0, common_1.Inject)(ALS_PROVIDER)),
+        __metadata("design:paramtypes", [core_1.Reflector,
+            authz_provider_1.AuthzProviderClass, Object, Function])
+    ], JwtAuthzGuard);
+    return (0, common_1.mixin)(JwtAuthzGuard);
+};
+exports.createJwtAuthzGuard = createJwtAuthzGuard;
+const createJwtRefreshAuthzGuard = ([JWT_REFRESH_STRATEGY, JWT_AUTHZ_OPTIONS]) => {
+    let JwtRefreshAuthzGuard = class JwtRefreshAuthzGuard extends (0, passport_1.AuthGuard)(JWT_REFRESH_STRATEGY) {
+        constructor(jwtAuthzOptions) {
+            super();
+            this.jwtAuthzOptions = jwtAuthzOptions;
+        }
+        getAuthenticateOptions() {
+            return {
+                property: this.jwtAuthzOptions.passportProperty,
+                session: false
+            };
         }
-      }
-      return true;
-    }
-  }, __name(_a, "JwtAuthzGuard"), _a);
-  JwtAuthzGuard = _ts_decorate([
-    _ts_param(1, (0, import_common.Inject)(AUTHZ_PROVIDER)),
-    _ts_param(2, (0, import_common.Inject)(JWT_AUTHZ_OPTIONS)),
-    _ts_param(3, (0, import_common.Inject)(ALS_PROVIDER)),
-    _ts_metadata("design:type", Function),
-    _ts_metadata("design:paramtypes", [
-      typeof import_core.Reflector === "undefined" ? Object : import_core.Reflector,
-      typeof import_authz.AuthzProviderClass === "undefined" ? Object : import_authz.AuthzProviderClass,
-      typeof JwtAuthzOptions === "undefined" ? Object : JwtAuthzOptions,
-      typeof AsyncLocalStorage === "undefined" ? Object : AsyncLocalStorage
-    ])
-  ], JwtAuthzGuard);
-  return (0, import_common.mixin)(JwtAuthzGuard);
-}, "createJwtAuthzGuard");
-const createJwtRefreshAuthzGuard = /* @__PURE__ */ __name(([JWT_REFRESH_STRATEGY, JWT_AUTHZ_OPTIONS]) => {
-  var _a;
-  let JwtRefreshAuthzGuard = (_a = class extends (0, import_passport.AuthGuard)(JWT_REFRESH_STRATEGY) {
-    constructor(jwtAuthzOptions) {
-      super();
-      __publicField(this, "jwtAuthzOptions");
-      this.jwtAuthzOptions = jwtAuthzOptions;
-    }
-    getAuthenticateOptions() {
-      return {
-        property: this.jwtAuthzOptions.passportProperty,
-        session: false
-      };
-    }
-    handleRequest(_err, user, info) {
-      if (info) {
-        throw info;
-      }
-      return user;
-    }
-  }, __name(_a, "JwtRefreshAuthzGuard"), _a);
-  JwtRefreshAuthzGuard = _ts_decorate([
-    _ts_param(0, (0, import_common.Inject)(JWT_AUTHZ_OPTIONS)),
-    _ts_metadata("design:type", Function),
-    _ts_metadata("design:paramtypes", [
-      typeof JwtAuthzOptions === "undefined" ? Object : JwtAuthzOptions
-    ])
-  ], JwtRefreshAuthzGuard);
-  return (0, import_common.mixin)(JwtRefreshAuthzGuard);
-}, "createJwtRefreshAuthzGuard");
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  createJwtAuthzGuard,
-  createJwtRefreshAuthzGuard
-});
+        handleRequest(_err, user, info) {
+            if (info) {
+                throw info;
+            }
+            return user;
+        }
+    };
+    JwtRefreshAuthzGuard = __decorate([
+        __param(0, (0, common_1.Inject)(JWT_AUTHZ_OPTIONS)),
+        __metadata("design:paramtypes", [Object])
+    ], JwtRefreshAuthzGuard);
+    return (0, common_1.mixin)(JwtRefreshAuthzGuard);
+};
+exports.createJwtRefreshAuthzGuard = createJwtRefreshAuthzGuard;

package/dist/jwt/jwt-authz.interface.d.ts

@@ -1,14 +1,7 @@
-import * as crypto from 'crypto';
-import { VerifyOptions, SignOptions, Secret, PrivateKey, PublicKey } from 'jsonwebtoken';
-import { AuthzModuleBaseOptions } from '../utils/types.js';
-import { JwtFromRequestFunction } from './extract-jwt.js';
-import '@nestjs/common';
-import '@nestjs/common/interfaces';
-import 'express';
-import '../authz.provider.js';
-import 'cookie';
-
-type JwtOptions = Omit<VerifyOptions, 'algorithms' | 'audience' | 'issuer'> & SignOptions & {
+import { type PrivateKey, type PublicKey, type Secret, type SignOptions, type VerifyOptions } from 'jsonwebtoken';
+import { type AuthzModuleBaseOptions } from '../utils';
+import type { JwtFromRequestFunction } from './extract-jwt';
+export type JwtOptions = Omit<VerifyOptions, 'algorithms' | 'audience' | 'issuer'> & SignOptions & {
     /**
      * Function that accepts a request as the only parameter and returns either the JWT as a string or null.
      *
@@ -28,7 +21,7 @@ type JwtOptions = Omit<VerifyOptions, 'algorithms' | 'audience' | 'issuer'> & Si
      */
     publicKey?: PublicKey;
 };
-type JwtAuthzModuleOptions = Partial<AuthzModuleBaseOptions> & {
+export type JwtAuthzModuleOptions = Partial<AuthzModuleBaseOptions> & {
     /**
      * JWT sign & verify options.
      *
@@ -44,41 +37,39 @@ type JwtAuthzModuleOptions = Partial<AuthzModuleBaseOptions> & {
      */
     refresh?: JwtOptions;
 };
-declare const normalizedJwtAuthzModuleOptions: (options: JwtAuthzModuleOptions) => {
+export declare const normalizedJwtAuthzModuleOptions: (options: JwtAuthzModuleOptions) => {
     defaultOverride: boolean;
     passportProperty: string;
     skipFalsyMetadata: boolean;
     defaultAllowAnonymous: boolean;
     jwt: {
-        secretOrPrivateKey: string | Buffer<ArrayBufferLike> | crypto.KeyObject | {
+        secretOrPrivateKey: string | Buffer<ArrayBufferLike> | import("crypto").KeyObject | {
             key: string | Buffer;
             passphrase: string;
-        } | crypto.PrivateKeyInput | crypto.JsonWebKeyInput | null;
-        secretOrPublicKey: string | Buffer<ArrayBufferLike> | crypto.KeyObject | {
+        } | import("crypto").PrivateKeyInput | import("crypto").JsonWebKeyInput | null;
+        secretOrPublicKey: string | Buffer<ArrayBufferLike> | import("crypto").KeyObject | {
             key: string | Buffer;
             passphrase: string;
-        } | crypto.JsonWebKeyInput | crypto.PublicKeyInput | null;
+        } | import("crypto").JsonWebKeyInput | import("crypto").PublicKeyInput | null;
         jwtFromRequest: JwtFromRequestFunction<any>[];
         sign: SignOptions;
         verify: VerifyOptions;
     };
     refresh: {
-        secretOrPrivateKey: string | Buffer<ArrayBufferLike> | crypto.KeyObject | {
+        secretOrPrivateKey: string | Buffer<ArrayBufferLike> | import("crypto").KeyObject | {
             key: string | Buffer;
             passphrase: string;
-        } | crypto.PrivateKeyInput | crypto.JsonWebKeyInput | null;
-        secretOrPublicKey: string | Buffer<ArrayBufferLike> | crypto.KeyObject | {
+        } | import("crypto").PrivateKeyInput | import("crypto").JsonWebKeyInput | null;
+        secretOrPublicKey: string | Buffer<ArrayBufferLike> | import("crypto").KeyObject | {
             key: string | Buffer;
             passphrase: string;
-        } | crypto.JsonWebKeyInput | crypto.PublicKeyInput | null;
+        } | import("crypto").JsonWebKeyInput | import("crypto").PublicKeyInput | null;
         jwtFromRequest: JwtFromRequestFunction<any>[];
         sign: SignOptions;
         verify: VerifyOptions;
     } | undefined;
 };
-type JwtAuthzOptions = ReturnType<typeof normalizedJwtAuthzModuleOptions>;
-interface RefreshPayload {
+export type JwtAuthzOptions = ReturnType<typeof normalizedJwtAuthzModuleOptions>;
+export interface RefreshPayload {
     data: string;
 }
-
-export { type JwtAuthzModuleOptions, type JwtAuthzOptions, type JwtOptions, type RefreshPayload, normalizedJwtAuthzModuleOptions };

package/dist/jwt/jwt-authz.interface.js

@@ -1,94 +1,71 @@
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.normalizedJwtAuthzModuleOptions = void 0;
+const constants_1 = require("../constants");
+const utils_1 = require("../utils");
+const normalizedJwtOptions = (jwtOptions) => {
+    if (!jwtOptions) {
+        return undefined;
+    }
+    const { jwtFromRequest, algorithm, audience, clockTimestamp, clockTolerance, complete, ignoreExpiration, ignoreNotBefore, issuer, jwtid, maxAge, nonce, privateKey, publicKey, secret, subject, allowInsecureKeySizes, encoding, expiresIn, header, keyid, mutatePayload, noTimestamp, notBefore, allowInvalidAsymmetricKeyTypes } = jwtOptions;
+    const formattedJwtFromRequest = (0, utils_1.normalizedArray)(jwtFromRequest);
+    const algorithms = (0, utils_1.normalizedArray)(algorithm);
+    const sign = {
+        algorithm: algorithms?.[0],
+        audience,
+        issuer,
+        jwtid,
+        subject,
+        allowInsecureKeySizes,
+        encoding,
+        expiresIn,
+        header,
+        keyid,
+        mutatePayload,
+        notBefore,
+        noTimestamp,
+        allowInvalidAsymmetricKeyTypes
+    };
+    const verify = {
+        algorithms,
+        audience,
+        clockTimestamp,
+        clockTolerance,
+        complete,
+        ignoreExpiration,
+        ignoreNotBefore,
+        issuer,
+        jwtid,
+        maxAge,
+        nonce,
+        subject,
+        allowInvalidAsymmetricKeyTypes
+    };
+    let secretOrPrivateKey = secret;
+    let secretOrPublicKey = secret;
+    if (privateKey || publicKey) {
+        secretOrPrivateKey = privateKey;
+        secretOrPublicKey = publicKey;
+        if (secret) {
+            console.warn(`Both secret and privateKey/publicKey have been set, only privateKey/publicKey will take effect.`);
+        }
+    }
+    return {
+        secretOrPrivateKey: secretOrPrivateKey ?? null,
+        secretOrPublicKey: secretOrPublicKey ?? null,
+        jwtFromRequest: formattedJwtFromRequest ?? [],
+        sign: (0, utils_1.normalizedObject)(sign) ?? {},
+        verify: (0, utils_1.normalizedObject)(verify) ?? {}
+    };
 };
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
+const normalizedJwtAuthzModuleOptions = (options) => {
+    return {
+        defaultOverride: options?.defaultOverride || false,
+        passportProperty: options?.passportProperty || constants_1.DEFAULT_PASSPORT_PROPERTY_VALUE,
+        skipFalsyMetadata: options?.skipFalsyMetadata || false,
+        defaultAllowAnonymous: options.defaultAllowAnonymous || false,
+        jwt: normalizedJwtOptions(options?.jwt),
+        refresh: normalizedJwtOptions(options?.refresh)
+    };
 };
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var jwt_authz_interface_exports = {};
-__export(jwt_authz_interface_exports, {
-  normalizedJwtAuthzModuleOptions: () => normalizedJwtAuthzModuleOptions
-});
-module.exports = __toCommonJS(jwt_authz_interface_exports);
-var import_constants = require("../constants");
-var import_utils = require("../utils");
-const normalizedJwtOptions = /* @__PURE__ */ __name((jwtOptions) => {
-  if (!jwtOptions) {
-    return void 0;
-  }
-  const { jwtFromRequest, algorithm, audience, clockTimestamp, clockTolerance, complete, ignoreExpiration, ignoreNotBefore, issuer, jwtid, maxAge, nonce, privateKey, publicKey, secret, subject, allowInsecureKeySizes, encoding, expiresIn, header, keyid, mutatePayload, noTimestamp, notBefore, allowInvalidAsymmetricKeyTypes } = jwtOptions;
-  const formattedJwtFromRequest = (0, import_utils.normalizedArray)(jwtFromRequest);
-  const algorithms = (0, import_utils.normalizedArray)(algorithm);
-  const sign = {
-    algorithm: algorithms?.[0],
-    audience,
-    issuer,
-    jwtid,
-    subject,
-    allowInsecureKeySizes,
-    encoding,
-    expiresIn,
-    header,
-    keyid,
-    mutatePayload,
-    notBefore,
-    noTimestamp,
-    allowInvalidAsymmetricKeyTypes
-  };
-  const verify = {
-    algorithms,
-    audience,
-    clockTimestamp,
-    clockTolerance,
-    complete,
-    ignoreExpiration,
-    ignoreNotBefore,
-    issuer,
-    jwtid,
-    maxAge,
-    nonce,
-    subject,
-    allowInvalidAsymmetricKeyTypes
-  };
-  let secretOrPrivateKey = secret;
-  let secretOrPublicKey = secret;
-  if (privateKey || publicKey) {
-    secretOrPrivateKey = privateKey;
-    secretOrPublicKey = publicKey;
-    if (secret) {
-      console.warn(`Both secret and privateKey/publicKey have been set, only privateKey/publicKey will take effect.`);
-    }
-  }
-  return {
-    secretOrPrivateKey: secretOrPrivateKey ?? null,
-    secretOrPublicKey: secretOrPublicKey ?? null,
-    jwtFromRequest: formattedJwtFromRequest ?? [],
-    sign: (0, import_utils.normalizedObject)(sign) ?? {},
-    verify: (0, import_utils.normalizedObject)(verify) ?? {}
-  };
-}, "normalizedJwtOptions");
-const normalizedJwtAuthzModuleOptions = /* @__PURE__ */ __name((options) => {
-  return {
-    defaultOverride: options?.defaultOverride || false,
-    passportProperty: options?.passportProperty || import_constants.DEFAULT_PASSPORT_PROPERTY_VALUE,
-    skipFalsyMetadata: options?.skipFalsyMetadata || false,
-    defaultAllowAnonymous: options.defaultAllowAnonymous || false,
-    jwt: normalizedJwtOptions(options?.jwt),
-    refresh: normalizedJwtOptions(options?.refresh)
-  };
-}, "normalizedJwtAuthzModuleOptions");
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  normalizedJwtAuthzModuleOptions
-});
+exports.normalizedJwtAuthzModuleOptions = normalizedJwtAuthzModuleOptions;