@nestjs-kitchen/authz 2.0.2 → 2.0.4

package/dist/jwt/jwt-authz.module.d.ts

@@ -1,26 +1,15 @@
-import './extract-jwt.js';
-import * as _nestjs_core from '@nestjs/core';
-import { JwtOptions, JwtAuthzModuleOptions, JwtAuthzOptions } from './jwt-authz.interface.js';
-import { AuthzProviderClass } from '../authz.provider.js';
-import { AbstractConstructor, RoutesOptions, AuthzModuleBaseOptions, AuthzModuleRoutesOptions, AuthzDecoParams, MethodParameters, ApplyDecorators, CookieOptionsWithSecret, DeepReadonly } from '../utils/types.js';
 import { AsyncLocalStorage } from 'node:async_hooks';
-import * as _nestjs_common from '@nestjs/common';
-import { MiddlewareConsumer, Type, DynamicModule } from '@nestjs/common';
-import { AuthzError } from '../errors.js';
-import { JwtAlsType } from './jwt-authz-als.middleware.js';
-import 'cookie';
-import 'crypto';
-import 'jsonwebtoken';
-import '@nestjs/common/interfaces';
-import 'express';
-import '../constants.js';
-
-declare const ASYNC_OPTIONS_TYPE: _nestjs_common.ConfigurableModuleAsyncOptions<JwtAuthzModuleOptions, "createJwtAuthzModuleOptions"> & Partial<{
+import { DynamicModule, MiddlewareConsumer, type Type } from '@nestjs/common';
+import { AuthzProviderClass } from '../authz.provider';
+import { AuthzError } from '../errors';
+import { type AbstractConstructor, type ApplyDecorators, type AuthzModuleRoutesOptions, type RoutesOptions } from '../utils';
+import { type JwtAlsType } from './jwt-authz-als.middleware';
+import { type JwtAuthzModuleOptions, type JwtAuthzOptions } from './jwt-authz.interface';
+declare const ASYNC_OPTIONS_TYPE: import("@nestjs/common").ConfigurableModuleAsyncOptions<JwtAuthzModuleOptions, "createJwtAuthzModuleOptions"> & Partial<{
     authzProvider?: Type<AuthzProviderClass<unknown, unknown>>;
-} & AuthzModuleRoutesOptions>;
-declare const OPTIONS_TYPE: Partial<AuthzModuleBaseOptions> & {
-    jwt: JwtOptions;
-    refresh?: JwtOptions;
+} & AuthzModuleRoutesOptions>, OPTIONS_TYPE: Partial<import("../utils").AuthzModuleBaseOptions> & {
+    jwt: import("./jwt-authz.interface").JwtOptions;
+    refresh?: import("./jwt-authz.interface").JwtOptions;
 } & Partial<{
     authzProvider?: Type<AuthzProviderClass<unknown, unknown>>;
 } & AuthzModuleRoutesOptions>;
@@ -31,7 +20,7 @@ declare const OPTIONS_TYPE: Partial<AuthzModuleBaseOptions> & {
  * @param authzProvider - The implementation class of `AuthzProviderClass`
  * @returns \{AuthzModule, AuthzGuard, AuthzService}
  */
-declare const createJwtAuthzModule: <P, U, T extends AuthzProviderClass<P, U>>(authzProvider: AbstractConstructor<T, P, U>) => {
+export declare const createJwtAuthzModule: <P, U, T extends AuthzProviderClass<P, U>>(authzProvider: AbstractConstructor<T, P, U>) => {
     /**
      * A dynamic module used to configure JWT based authentication and authorization features for the application.
      *
@@ -103,7 +92,7 @@ declare const createJwtAuthzModule: <P, U, T extends AuthzProviderClass<P, U>>(a
      * ```
      */
     AuthzGuard: Type<Omit<{
-        readonly reflector: _nestjs_core.Reflector;
+        readonly reflector: import("@nestjs/core").Reflector;
         readonly authzProvider: AuthzProviderClass<unknown, unknown>;
         readonly jwtAuthzOptions: JwtAuthzOptions;
         readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
@@ -112,11 +101,11 @@ declare const createJwtAuthzModule: <P, U, T extends AuthzProviderClass<P, U>>(a
             session: boolean;
         };
         handleRequest<T_1>(_err: unknown, user: T_1, info?: AuthzError): T_1;
-        canActivate(context: _nestjs_common.ExecutionContext): Promise<boolean>;
+        canActivate(context: import("@nestjs/common").ExecutionContext): Promise<boolean>;
         logIn<TRequest extends {
             logIn: Function;
         } = any>(request: TRequest): Promise<void>;
-        getRequest(context: _nestjs_common.ExecutionContext): any;
+        getRequest(context: import("@nestjs/common").ExecutionContext): any;
     }, "als" | "jwtAuthzOptions" | "reflector" | "authzProvider">> & {
         /**
          * Verifies the user's authorization for specific meta data.
@@ -135,7 +124,7 @@ declare const createJwtAuthzModule: <P, U, T extends AuthzProviderClass<P, U>>(a
          * }
          * ```
          */
-        Verify: (...args: AuthzDecoParams<MethodParameters<T, "authorize">[1]>) => ApplyDecorators;
+        Verify: (...args: import("../utils").AuthzDecoParams<import("../utils").MethodParameters<T, "authorize">[1]>) => ApplyDecorators;
         /**
          * Skips authentication & authorization checks for specific routes.
          *
@@ -188,7 +177,7 @@ declare const createJwtAuthzModule: <P, U, T extends AuthzProviderClass<P, U>>(a
          * }
          * ```
          */
-        Apply: (...rest: Parameters<(...args: AuthzDecoParams<MethodParameters<T, "authorize">[1]>) => ApplyDecorators>) => <TFunction extends Function, Y>(target: TFunction | object, propertyKey?: string | symbol, descriptor?: TypedPropertyDescriptor<Y>) => void;
+        Apply: (...rest: Parameters<(...args: import("../utils").AuthzDecoParams<import("../utils").MethodParameters<T, "authorize">[1]>) => ApplyDecorators>) => <TFunction extends Function, Y>(target: TFunction | object, propertyKey?: string | symbol, descriptor?: TypedPropertyDescriptor<Y>) => void;
     };
     /**
      * A custom servcie to provide methods to handle authentication and authorization.
@@ -207,9 +196,8 @@ declare const createJwtAuthzModule: <P, U, T extends AuthzProviderClass<P, U>>(a
         refresh(user?: U | undefined): Promise<{
             token: string;
         } | undefined>;
-        setCookie(name: string, value: string, options?: CookieOptionsWithSecret | undefined): void;
-        getUser(): DeepReadonly<U> | undefined;
+        setCookie(name: string, value: string, options?: import("../utils").CookieOptionsWithSecret | undefined): void;
+        getUser(): import("../utils").DeepReadonly<U> | undefined;
     }, "als" | "jwtAuthzOptions" | "authzProvider">>;
 };
-
-export { createJwtAuthzModule };
+export {};

package/dist/jwt/jwt-authz.module.js

@@ -1,308 +1,259 @@
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
-var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
-var jwt_authz_module_exports = {};
-__export(jwt_authz_module_exports, {
-  createJwtAuthzModule: () => createJwtAuthzModule
-});
-module.exports = __toCommonJS(jwt_authz_module_exports);
-var import_node_async_hooks = require("node:async_hooks");
-var import_common = require("@nestjs/common");
-var import_uid = require("uid");
-var import_constants = require("../constants");
-var import_errors = require("../errors");
-var import_utils = require("../utils");
-var import_jwt_authz_als = require("./jwt-authz-als.middleware");
-var import_jwt_authz = require("./jwt-authz.guard");
-var import_jwt_authz2 = require("./jwt-authz.interface");
-var import_jwt_authz3 = require("./jwt-authz.service");
-var import_jwt_authz4 = require("./jwt-authz.strategy");
-function _ts_decorate(decorators, target, key, desc) {
-  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-  return c > 3 && r && Object.defineProperty(target, key, r), r;
-}
-__name(_ts_decorate, "_ts_decorate");
-function _ts_metadata(k, v) {
-  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
-}
-__name(_ts_metadata, "_ts_metadata");
-function _ts_param(paramIndex, decorator) {
-  return function(target, key) {
-    decorator(target, key, paramIndex);
-  };
-}
-__name(_ts_param, "_ts_param");
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createJwtAuthzModule = void 0;
+const node_async_hooks_1 = require("node:async_hooks");
+const common_1 = require("@nestjs/common");
+const uid_1 = require("uid");
+const constants_1 = require("../constants");
+const errors_1 = require("../errors");
+const utils_1 = require("../utils");
+const jwt_authz_als_middleware_1 = require("./jwt-authz-als.middleware");
+const jwt_authz_guard_1 = require("./jwt-authz.guard");
+const jwt_authz_interface_1 = require("./jwt-authz.interface");
+const jwt_authz_service_1 = require("./jwt-authz.service");
+const jwt_authz_strategy_1 = require("./jwt-authz.strategy");
 const store = {
-  globalInited: 0
+    globalInited: 0
 };
-const { ConfigurableModuleClass, MODULE_OPTIONS_TOKEN, ASYNC_OPTIONS_TYPE, OPTIONS_TYPE } = new import_common.ConfigurableModuleBuilder({
-  moduleName: "JwtAuthModule"
-}).setFactoryMethodName("createJwtAuthzModuleOptions").setExtras({
-  authzProvider: void 0,
-  global: false
+const { ConfigurableModuleClass, MODULE_OPTIONS_TOKEN, ASYNC_OPTIONS_TYPE, OPTIONS_TYPE } = new common_1.ConfigurableModuleBuilder({
+    moduleName: 'JwtAuthModule'
+})
+    .setFactoryMethodName('createJwtAuthzModuleOptions')
+    .setExtras({
+    authzProvider: undefined,
+    global: false
 }, (definition, extras) => {
-  const { authzProvider, global } = extras;
-  if (!authzProvider) {
-    throw new import_errors.AuthzError(`InternalError: Missing parameter 'authzProvider' in configuration.`);
-  }
-  const routes = (0, import_utils.normalizedArray)(extras.routes) ?? [];
-  const excludes = (0, import_utils.normalizedArray)(extras.excludes) ?? [];
-  if (!global && !routes.length) {
-    throw new import_errors.AuthzError(`InternalError: Missing parameter 'global' or 'routes' in configuration.`);
-  }
-  if (store.globalInited) {
-    throw new import_errors.AuthzError(`InternalError: Cannot initialize mutiple global modules. Only one global module is allowed.`);
-  }
-  if (global) {
-    store.globalInited += 1;
-  }
-  return (0, import_utils.mergeDynamicModuleConfigs)(definition, {
-    global,
-    providers: [
-      {
-        provide: import_constants.ROUTES_OPTIONS,
-        useValue: {
-          global,
-          excludes,
-          routes
-        }
-      }
-    ],
-    exports: []
-  });
-}).build();
-const createJwtAuthzModule = /* @__PURE__ */ __name((authzProvider) => {
-  var _a;
-  const id = `${import_constants.PREFIX}${(0, import_uid.uid)()}`;
-  const JWT_STRATEGY = `${id}_JWT_STRATEGY`;
-  const JWT_REFRESH_STRATEGY = `${id}_REFRESH_STRATEGY`;
-  const AUTHZ_PROVIDER = `${id}_AUTHZ_PROVIDER`;
-  const ALS_PROVIDER = `${id}_ALS_PROVIDER`;
-  const JWT_AUTHZ_OPTIONS = `${id}_JWT_AUTHZ_OPTIONS`;
-  const JWT_META_KEY = `${id}_JWT_META_KEY`;
-  const JWT_REFRESH_META_KEY = `${id}_REFRESH_META_KEY`;
-  const JwtAuthzService = (0, import_jwt_authz3.createJwtAuthzService)([
-    AUTHZ_PROVIDER,
-    JWT_AUTHZ_OPTIONS,
-    ALS_PROVIDER
-  ]);
-  const JwtAuthzAlsMiddleware = (0, import_jwt_authz_als.createJwtAuthzAlsMiddleware)([
-    ALS_PROVIDER,
-    JWT_AUTHZ_OPTIONS
-  ]);
-  const als = new import_node_async_hooks.AsyncLocalStorage();
-  const JwtStrategy = (0, import_jwt_authz4.createJwtStrategy)([
-    JWT_STRATEGY,
-    AUTHZ_PROVIDER,
-    ALS_PROVIDER
-  ]);
-  const RefreshStrategy = (0, import_jwt_authz4.createRefreshStrategy)([
-    JWT_REFRESH_STRATEGY,
-    AUTHZ_PROVIDER,
-    ALS_PROVIDER
-  ]);
-  let isStrategyInited = false;
-  const RefreshAuthzGuard = (0, import_jwt_authz.createJwtRefreshAuthzGuard)([
-    JWT_REFRESH_STRATEGY,
-    JWT_AUTHZ_OPTIONS
-  ]);
-  const JwtAuthzGuard = (0, import_jwt_authz.createJwtAuthzGuard)([
-    JWT_STRATEGY,
-    AUTHZ_PROVIDER,
-    JWT_AUTHZ_OPTIONS,
-    ALS_PROVIDER,
-    JWT_META_KEY,
-    JWT_REFRESH_META_KEY
-  ]);
-  const Verify = (0, import_utils.createAuthzDecoratorFactory)(JWT_META_KEY);
-  const NoVerify = /* @__PURE__ */ __name(() => {
-    return (0, import_common.SetMetadata)(JWT_META_KEY, {
-      options: {
-        public: true,
-        override: true
-      }
-    });
-  }, "NoVerify");
-  const Refresh = /* @__PURE__ */ __name(() => {
-    return (0, import_common.applyDecorators)(JwtAuthzGuard.NoVerify(), (0, import_common.SetMetadata)(JWT_REFRESH_META_KEY, true), (0, import_common.UseGuards)(RefreshAuthzGuard));
-  }, "Refresh");
-  const Apply = /* @__PURE__ */ __name((...rest) => {
-    return (0, import_common.applyDecorators)(JwtAuthzGuard.Verify(...rest), (0, import_common.UseGuards)(JwtAuthzGuard));
-  }, "Apply");
-  JwtAuthzGuard.Verify = Verify;
-  JwtAuthzGuard.NoVerify = NoVerify;
-  JwtAuthzGuard.Refresh = Refresh;
-  JwtAuthzGuard.Apply = Apply;
-  const getCommonConfigs = /* @__PURE__ */ __name(() => {
-    const configs = {
-      providers: [
-        {
-          provide: AUTHZ_PROVIDER,
-          useClass: authzProvider
-        },
-        {
-          provide: ALS_PROVIDER,
-          useValue: als
-        },
-        ...!isStrategyInited ? [
-          JwtStrategy,
-          RefreshStrategy
-        ] : [],
-        JwtAuthzService
-      ],
-      exports: [
-        AUTHZ_PROVIDER,
-        ALS_PROVIDER,
-        JWT_AUTHZ_OPTIONS,
-        JwtAuthzService
-      ]
-    };
-    isStrategyInited = true;
-    return configs;
-  }, "getCommonConfigs");
-  let JwtAuthzModule = (_a = class extends ConfigurableModuleClass {
-    constructor(routesOpt) {
-      super();
-      __publicField(this, "routesOpt");
-      this.routesOpt = routesOpt;
+    const { authzProvider, global } = extras;
+    if (!authzProvider) {
+        throw new errors_1.AuthzError(`InternalError: Missing parameter 'authzProvider' in configuration.`);
     }
-    /**
-    * Configures authz module.
-    */
-    static register(options) {
-      const jwtAuthzOptions = (0, import_jwt_authz2.normalizedJwtAuthzModuleOptions)(options);
-      return (0, import_utils.mergeDynamicModuleConfigs)(super.register({
-        ...options,
-        authzProvider
-      }), getCommonConfigs(), {
-        providers: [
-          {
-            provide: JWT_AUTHZ_OPTIONS,
-            useValue: jwtAuthzOptions
-          }
-        ]
-      });
+    const routes = (0, utils_1.normalizedArray)(extras.routes) ?? [];
+    const excludes = (0, utils_1.normalizedArray)(extras.excludes) ?? [];
+    if (!global && !routes.length) {
+        throw new errors_1.AuthzError(`InternalError: Missing parameter 'global' or 'routes' in configuration.`);
     }
-    /**
-    * Configures authz module asynchronously.
-    */
-    static registerAsync(options) {
-      return (0, import_utils.mergeDynamicModuleConfigs)(super.registerAsync({
-        ...options,
-        authzProvider
-      }), getCommonConfigs(), {
-        providers: [
-          {
-            provide: JWT_AUTHZ_OPTIONS,
-            useFactory: /* @__PURE__ */ __name((moduleOptions) => {
-              const jwtAuthzOptions = (0, import_jwt_authz2.normalizedJwtAuthzModuleOptions)(moduleOptions);
-              return jwtAuthzOptions;
-            }, "useFactory"),
-            inject: [
-              MODULE_OPTIONS_TOKEN
-            ]
-          }
-        ]
-      });
+    if (store.globalInited) {
+        throw new errors_1.AuthzError(`InternalError: Cannot initialize mutiple global modules. Only one global module is allowed.`);
     }
-    configure(consumer) {
-      consumer.apply(JwtAuthzAlsMiddleware).exclude(...this.routesOpt.excludes).forRoutes(...this.routesOpt.global ? [
-        "*"
-      ] : this.routesOpt.routes);
+    if (global) {
+        store.globalInited += 1;
     }
-  }, __name(_a, "JwtAuthzModule"), _a);
-  JwtAuthzModule = _ts_decorate([
-    (0, import_common.Module)({}),
-    _ts_param(0, (0, import_common.Inject)(import_constants.ROUTES_OPTIONS)),
-    _ts_metadata("design:type", Function),
-    _ts_metadata("design:paramtypes", [
-      typeof RoutesOptions === "undefined" ? Object : RoutesOptions
-    ])
-  ], JwtAuthzModule);
-  return {
-    /**
-    * A dynamic module used to configure JWT based authentication and authorization features for the application.
-    *
-    * This module can be configured using 2 static methods:
-    *
-    * - `register`
-    * - `registerAsync`
-    *
-    * ### Usage
-    *
-    * ```typescript
-    * ⁣@Module({
-    *   imports: [
-    *     // Import and configure JWT strategy
-    *     AuthzModule.register({
-    *       jwt: {
-    *         jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
-    *         secret: '1234567890',
-    *         algorithm: 'HS256'
-    *       },
-    *       // Enable refresh token handling
-    *       refresh: {
-    *         jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
-    *         secret: '0987654321',
-    *         algorithm: 'HS256'
-    *       },
-    *       // Apply strategy to specific controllers.
-    *       routes: [BusinessController]
-    *     })
-    *   ],
-    *   controllers: [BusinessController]
-    * })
-    * export class BusinessModule {}
-    * ```
-    */
-    AuthzModule: JwtAuthzModule,
-    /**
-    * A custom guard that applies authentication to controllers.
-    *
-    * This guard also provides 4 utility decorators to apply and modify authorization:
-    *
-    * - `@AuthzGuard.Verify`: Used to verify the user's authorization for specific meta data.
-    * - `@AuthzGuard.NoVerify`: Used to `skip` authentication & authorization checks for specific routes.
-    * - `@AuthzGuard.Apply`: A simplified version of `@UseGuards(AuthzGuard)` and `@AuthzGuard.Verify`, combining both for convenience.
-    * - `@AuthzGuard.Refresh`: Used to ensure that only using refresh token for authentication on specific routes, for refreshing JWT tokens.
-    *
-    * ### Usage:
-    *
-    * ```typescript
-    * ⁣@UseGuards(AuthzGuard)
-    * ⁣@Controller(/⁣/ ...)
-    * export class BusinessController {
-    *   // ...
-    * }
-    * ```
-    */
-    AuthzGuard: JwtAuthzGuard,
-    /**
-    * A custom servcie to provide methods to handle authentication and authorization.
-    */
-    AuthzService: JwtAuthzService
-  };
-}, "createJwtAuthzModule");
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  createJwtAuthzModule
-});
+    return (0, utils_1.mergeDynamicModuleConfigs)(definition, {
+        global,
+        providers: [
+            {
+                provide: constants_1.ROUTES_OPTIONS,
+                useValue: {
+                    global,
+                    excludes,
+                    routes
+                }
+            }
+        ],
+        exports: []
+    });
+})
+    .build();
+/**
+ * Creates a JWT module along with its associated guard and service,
+ * with types inferred from the provided implementation of `AuthzProviderClass`.
+ *
+ * @param authzProvider - The implementation class of `AuthzProviderClass`
+ * @returns \{AuthzModule, AuthzGuard, AuthzService}
+ */
+const createJwtAuthzModule = (authzProvider) => {
+    // prevent token overriding
+    const id = `${constants_1.PREFIX}${(0, uid_1.uid)()}`;
+    // strategy tokens
+    const JWT_STRATEGY = `${id}_JWT_STRATEGY`;
+    const JWT_REFRESH_STRATEGY = `${id}_REFRESH_STRATEGY`;
+    // provider tokens
+    const AUTHZ_PROVIDER = `${id}_AUTHZ_PROVIDER`;
+    const ALS_PROVIDER = `${id}_ALS_PROVIDER`;
+    const JWT_AUTHZ_OPTIONS = `${id}_JWT_AUTHZ_OPTIONS`;
+    // meta keys
+    const JWT_META_KEY = `${id}_JWT_META_KEY`;
+    const JWT_REFRESH_META_KEY = `${id}_REFRESH_META_KEY`;
+    // providers
+    const JwtAuthzService = (0, jwt_authz_service_1.createJwtAuthzService)([AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER]);
+    const JwtAuthzAlsMiddleware = (0, jwt_authz_als_middleware_1.createJwtAuthzAlsMiddleware)([ALS_PROVIDER, JWT_AUTHZ_OPTIONS]);
+    const als = new node_async_hooks_1.AsyncLocalStorage();
+    // strategy
+    const JwtStrategy = (0, jwt_authz_strategy_1.createJwtStrategy)([JWT_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]);
+    const RefreshStrategy = (0, jwt_authz_strategy_1.createRefreshStrategy)([JWT_REFRESH_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]);
+    // each strategy can be only registered once in passport.
+    // no need to provide multiple times as
+    //  1. they use the same ALS and authzProvider instance.
+    //  2. guard use strategy through passport via strategy name.
+    let isStrategyInited = false;
+    // guards
+    const RefreshAuthzGuard = (0, jwt_authz_guard_1.createJwtRefreshAuthzGuard)([JWT_REFRESH_STRATEGY, JWT_AUTHZ_OPTIONS]);
+    const JwtAuthzGuard = (0, jwt_authz_guard_1.createJwtAuthzGuard)([
+        JWT_STRATEGY,
+        AUTHZ_PROVIDER,
+        JWT_AUTHZ_OPTIONS,
+        ALS_PROVIDER,
+        JWT_META_KEY,
+        JWT_REFRESH_META_KEY
+    ]);
+    const Verify = (0, utils_1.createAuthzDecoratorFactory)(JWT_META_KEY);
+    const NoVerify = () => {
+        return (0, common_1.SetMetadata)(JWT_META_KEY, {
+            options: { public: true, override: true }
+        });
+    };
+    const Refresh = () => {
+        return (0, common_1.applyDecorators)(JwtAuthzGuard.NoVerify(), (0, common_1.SetMetadata)(JWT_REFRESH_META_KEY, true), (0, common_1.UseGuards)(RefreshAuthzGuard));
+    };
+    const Apply = (...rest) => {
+        return (0, common_1.applyDecorators)(JwtAuthzGuard.Verify(...rest), (0, common_1.UseGuards)(JwtAuthzGuard));
+    };
+    JwtAuthzGuard.Verify = Verify;
+    JwtAuthzGuard.NoVerify = NoVerify;
+    JwtAuthzGuard.Refresh = Refresh;
+    JwtAuthzGuard.Apply = Apply;
+    const getCommonConfigs = () => {
+        const configs = {
+            providers: [
+                {
+                    provide: AUTHZ_PROVIDER,
+                    useClass: authzProvider
+                },
+                {
+                    provide: ALS_PROVIDER,
+                    useValue: als
+                },
+                ...(!isStrategyInited ? [JwtStrategy, RefreshStrategy] : []),
+                JwtAuthzService
+            ],
+            exports: [AUTHZ_PROVIDER, ALS_PROVIDER, JWT_AUTHZ_OPTIONS, JwtAuthzService]
+        };
+        isStrategyInited = true;
+        return configs;
+    };
+    let JwtAuthzModule = class JwtAuthzModule extends ConfigurableModuleClass {
+        /**
+         * Configures authz module.
+         */
+        static register(options) {
+            const jwtAuthzOptions = (0, jwt_authz_interface_1.normalizedJwtAuthzModuleOptions)(options);
+            return (0, utils_1.mergeDynamicModuleConfigs)(super.register({ ...options, authzProvider }), getCommonConfigs(), {
+                providers: [
+                    {
+                        provide: JWT_AUTHZ_OPTIONS,
+                        useValue: jwtAuthzOptions
+                    }
+                ]
+            });
+        }
+        /**
+         * Configures authz module asynchronously.
+         */
+        static registerAsync(options) {
+            return (0, utils_1.mergeDynamicModuleConfigs)(super.registerAsync({ ...options, authzProvider }), getCommonConfigs(), {
+                providers: [
+                    {
+                        provide: JWT_AUTHZ_OPTIONS,
+                        useFactory: (moduleOptions) => {
+                            const jwtAuthzOptions = (0, jwt_authz_interface_1.normalizedJwtAuthzModuleOptions)(moduleOptions);
+                            return jwtAuthzOptions;
+                        },
+                        inject: [MODULE_OPTIONS_TOKEN]
+                    }
+                ]
+            });
+        }
+        constructor(routesOpt) {
+            super();
+            this.routesOpt = routesOpt;
+        }
+        configure(consumer) {
+            consumer
+                .apply(JwtAuthzAlsMiddleware)
+                .exclude(...this.routesOpt.excludes)
+                // nestjs v11 will be compatible with splat wildcard.
+                .forRoutes(...(this.routesOpt.global ? ['*'] : this.routesOpt.routes));
+        }
+    };
+    JwtAuthzModule = __decorate([
+        (0, common_1.Module)({}),
+        __param(0, (0, common_1.Inject)(constants_1.ROUTES_OPTIONS)),
+        __metadata("design:paramtypes", [Object])
+    ], JwtAuthzModule);
+    return {
+        /**
+         * A dynamic module used to configure JWT based authentication and authorization features for the application.
+         *
+         * This module can be configured using 2 static methods:
+         *
+         * - `register`
+         * - `registerAsync`
+         *
+         * ### Usage
+         *
+         * ```typescript
+         * ⁣@Module({
+         *   imports: [
+         *     // Import and configure JWT strategy
+         *     AuthzModule.register({
+         *       jwt: {
+         *         jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+         *         secret: '1234567890',
+         *         algorithm: 'HS256'
+         *       },
+         *       // Enable refresh token handling
+         *       refresh: {
+         *         jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+         *         secret: '0987654321',
+         *         algorithm: 'HS256'
+         *       },
+         *       // Apply strategy to specific controllers.
+         *       routes: [BusinessController]
+         *     })
+         *   ],
+         *   controllers: [BusinessController]
+         * })
+         * export class BusinessModule {}
+         * ```
+         */
+        AuthzModule: JwtAuthzModule,
+        /**
+         * A custom guard that applies authentication to controllers.
+         *
+         * This guard also provides 4 utility decorators to apply and modify authorization:
+         *
+         * - `@AuthzGuard.Verify`: Used to verify the user's authorization for specific meta data.
+         * - `@AuthzGuard.NoVerify`: Used to `skip` authentication & authorization checks for specific routes.
+         * - `@AuthzGuard.Apply`: A simplified version of `@UseGuards(AuthzGuard)` and `@AuthzGuard.Verify`, combining both for convenience.
+         * - `@AuthzGuard.Refresh`: Used to ensure that only using refresh token for authentication on specific routes, for refreshing JWT tokens.
+         *
+         * ### Usage:
+         *
+         * ```typescript
+         * ⁣@UseGuards(AuthzGuard)
+         * ⁣@Controller(/⁣/ ...)
+         * export class BusinessController {
+         *   // ...
+         * }
+         * ```
+         */
+        AuthzGuard: JwtAuthzGuard,
+        /**
+         * A custom servcie to provide methods to handle authentication and authorization.
+         */
+        AuthzService: JwtAuthzService
+    };
+};
+exports.createJwtAuthzModule = createJwtAuthzModule;