@nestjs-kitchen/authz 3.0.1 → 3.1.0

package/README.md

@@ -16,12 +16,15 @@ Simplest authentication & authorization module in NextJS.
 
 ## Features
 
-- JWT based authentication
-- Session based authentication
-- Customizable authorization
-- Simplified setups and APIs 
-- Anonymous access support
-- Simultaneous multiple strategy (JWT/Session) uses
+- ✅ JWT based authentication
+
+- ✅ Session based authentication
+
+- ✅ Flexible authorization
+
+- ✅ Support Anonymous access
+
+- ✅ Compatible with both `@nestjs/platform-express` and `@nestjs/platform-fastify`
 
 ## Install
 
@@ -31,6 +34,20 @@ Once completed NestJS project setup, install this package and its dependencies:
 $ npm install --save @nestjs/passport passport @nestjs-kitchen/authz
 ```
 
+## Platform prerequisite
+
+Different platforms require different dependencies:
+
+- For `@nestjs/platform-express`:
+
+  It requires [`express-session`](https://www.npmjs.com/package/express-session).
+
+- For `@nestjs/platform-fastify`:
+
+  It requires [`@fastify/cookie`](https://www.npmjs.com/package/@fastify/cookie) and [`@fastify/session`](https://www.npmjs.com/package/@fastify/session).
+
+  Or [`@fastify/secure-session`](https://www.npmjs.com/package/@fastify/secure-session) instead.
+
 ## Beark change
 
 - From `@nestjs-kitchen/authz` **v3**, [`express-session`](https://www.npmjs.com/package/express-session) had been removed from dependency. Please setup session manually:

package/dist/authz.provider.d.ts

@@ -1,4 +1,3 @@
-import type { Request } from 'express';
 /**
  * Abstract base class for implementing custom authorization logic.
  *
@@ -26,7 +25,7 @@ export declare abstract class AuthzProviderClass<Payload, User> {
      * @param {Payload} payload - The payload to authenticate.
      * @returns {User | Promise<User>} The authenticated user, or a promise resolving to the user.
      */
-    abstract authenticate(payload: Payload, req?: Request): User | Promise<User>;
+    abstract authenticate(payload: Payload, req?: any): User | Promise<User>;
     /**
      * (**Optional**: Implement this method only if authorization is required.)
      *

package/dist/jwt/jwt-authz-als.middleware.d.ts

@@ -1,8 +1,7 @@
 import { AsyncLocalStorage } from 'node:async_hooks';
 import { type Type } from '@nestjs/common';
-import type { NextFunction, Request, Response } from 'express';
 import { JwtValidationType } from '../constants';
-import { type CookieOptionsWithSecret } from '../utils';
+import { type RawRequestWithShims, type RawResponseWithShims } from '../utils';
 import type { JwtAuthzOptions } from './jwt-authz.interface';
 export interface JwtAlsType<U> {
     user?: U;
@@ -10,10 +9,10 @@ export interface JwtAlsType<U> {
     allowAnonymous?: boolean;
     guardResult?: boolean;
     authOptions: JwtAuthzOptions;
-    setCookie: (name: string, value: string, options?: CookieOptionsWithSecret) => void;
+    setCookie: (name: string, value: string, options?: Record<string, any>) => void;
 }
 export declare const createJwtAuthzAlsMiddleware: ([ALS_PROVIDER, JWT_AUTHZ_OPTIONS]: [any, any]) => Type<Omit<{
     readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
     readonly jwtAuthzOptions: JwtAuthzOptions;
-    use(req: Request, res: Response, next: NextFunction): void;
+    use(req: RawRequestWithShims, res: RawResponseWithShims, next: Function): void;
 }, "als" | "jwtAuthzOptions">>;

package/dist/jwt/jwt-authz-als.middleware.js

@@ -23,7 +23,7 @@ const createJwtAuthzAlsMiddleware = ([ALS_PROVIDER, JWT_AUTHZ_OPTIONS]) => {
             this.jwtAuthzOptions = jwtAuthzOptions;
         }
         use(req, res, next) {
-            this.als.run({
+            const store = {
                 user: undefined,
                 jwtVerifiedBy: undefined,
                 allowAnonymous: undefined,
@@ -31,7 +31,8 @@ const createJwtAuthzAlsMiddleware = ([ALS_PROVIDER, JWT_AUTHZ_OPTIONS]) => {
                 // a workaround to pass jwtAuthzOptions to passport strategy.
                 authOptions: this.jwtAuthzOptions,
                 setCookie: (0, utils_1.createSetCookieFn)(req, res)
-            }, () => {
+            };
+            this.als.run(store, () => {
                 next();
             });
         }

package/dist/jwt/jwt-authz.module.d.ts

@@ -1,9 +1,9 @@
 import { AsyncLocalStorage } from 'node:async_hooks';
 import { type ConfigurableModuleAsyncOptions, DynamicModule, type ExecutionContext, MiddlewareConsumer, type Type } from '@nestjs/common';
-import type { Reflector } from '@nestjs/core';
+import { type Reflector } from '@nestjs/core';
 import { AuthzProviderClass } from '../authz.provider';
 import { AuthzError } from '../errors';
-import { type AbstractConstructor, type ApplyDecorators, type AuthzDecoParams, type AuthzModuleBaseOptions, type AuthzModuleRoutesOptions, type CookieOptionsWithSecret, type DeepReadonly, type MethodParameters, type RoutesOptions } from '../utils';
+import { type AbstractConstructor, type ApplyDecorators, type AuthzDecoParams, type AuthzModuleBaseOptions, type AuthzModuleRoutesOptions, type DeepReadonly, type MethodParameters, type RoutesOptions } from '../utils';
 import { type JwtAuthzModuleOptions, type JwtAuthzOptions, type JwtOptions } from './jwt-authz.interface';
 import { type JwtAlsType } from './jwt-authz-als.middleware';
 declare const ASYNC_OPTIONS_TYPE: ConfigurableModuleAsyncOptions<JwtAuthzModuleOptions, "createJwtAuthzModuleOptions"> & Partial<{
@@ -197,7 +197,7 @@ export declare const createJwtAuthzModule: <P, U, T extends AuthzProviderClass<P
         refresh(user?: U | undefined): Promise<{
             token: string;
         } | undefined>;
-        setCookie(name: string, value: string, options?: CookieOptionsWithSecret | undefined): void;
+        setCookie(name: string, value: string, options?: Record<string, any> | undefined): void;
         getUser(): DeepReadonly<U> | undefined;
     }, "als" | "jwtAuthzOptions" | "authzProvider">>;
 };

package/dist/jwt/jwt-authz.module.js

@@ -53,6 +53,7 @@ const { ConfigurableModuleClass, MODULE_OPTIONS_TOKEN, ASYNC_OPTIONS_TYPE, OPTIO
     return (0, utils_1.mergeDynamicModuleConfigs)(definition, {
         global,
         providers: [
+            ...(0, utils_1.createOnceAdapterShimProvider)(),
             {
                 provide: constants_1.ROUTES_OPTIONS,
                 useValue: {

package/dist/jwt/jwt-authz.service.d.ts

@@ -1,7 +1,7 @@
 import { AsyncLocalStorage } from 'node:async_hooks';
 import { type Type } from '@nestjs/common';
 import { AuthzProviderClass } from '../authz.provider';
-import { type CookieOptionsWithSecret, type DeepReadonly } from '../utils';
+import { type DeepReadonly } from '../utils';
 import type { JwtAuthzOptions } from './jwt-authz.interface';
 import type { JwtAlsType } from './jwt-authz-als.middleware';
 export declare const createJwtAuthzService: <P = unknown, U = unknown>([AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER]: [any, any, any]) => Type<Omit<{
@@ -36,7 +36,7 @@ export declare const createJwtAuthzService: <P = unknown, U = unknown>([AUTHZ_PR
     /**
      * Sets a secure HTTP cookie with the given name, value, and optional cookie options.
      */
-    setCookie(name: string, value: string, options?: CookieOptionsWithSecret | undefined): void;
+    setCookie(name: string, value: string, options?: Record<string, any> | undefined): void;
     /**
      * Retrieves the current user associated with the request, if available.
      */

package/dist/jwt/jwt-authz.strategy.d.ts

@@ -1,17 +1,16 @@
 import { AsyncLocalStorage } from 'node:async_hooks';
 import { type Type } from '@nestjs/common';
-import type { Request } from 'express';
 import { AuthzProviderClass } from '../authz.provider';
 import type { JwtAlsType } from './jwt-authz-als.middleware';
 export declare const createJwtStrategy: ([JWT_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]: [string, any, any]) => Type<Omit<{
     readonly authzProvider: AuthzProviderClass<unknown, unknown>;
     readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
-    validate(req: Request): Promise<{}>;
-    authenticate(req: Request, options?: any): any;
+    validate(req: any): Promise<{}>;
+    authenticate(req: import("express").Request, options?: any): any;
 }, "als" | "authzProvider">>;
 export declare const createRefreshStrategy: ([JWT_REFRESH_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]: [string, any, any]) => Type<Omit<{
     readonly authzProvider: AuthzProviderClass<unknown, unknown>;
     readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
-    validate(req: Request): Promise<{}>;
-    authenticate(req: Request, options?: any): any;
+    validate(req: any): Promise<{}>;
+    authenticate(req: import("express").Request, options?: any): any;
 }, "als" | "authzProvider">>;

package/dist/session/session-authz-als.middleware.d.ts

@@ -1,7 +1,6 @@
 import { AsyncLocalStorage } from 'node:async_hooks';
 import { type Type } from '@nestjs/common';
-import type { NextFunction, Request, Response } from 'express';
-import { type CookieOptionsWithSecret } from '../utils';
+import { type RawRequestWithShims, type RawResponseWithShims } from '../utils';
 import type { SessionAuthzOptions } from './session-authz.interface';
 export interface SessionAlsType<P, U> {
     user?: U;
@@ -10,10 +9,10 @@ export interface SessionAlsType<P, U> {
     authOptions: SessionAuthzOptions;
     logIn: (user: P) => Promise<void>;
     logOut: () => Promise<void>;
-    setCookie: (name: string, value: string, options?: CookieOptionsWithSecret) => void;
+    setCookie: (name: string, value: string, options?: Record<string, any>) => void;
 }
 export declare const createSessionAuthzAlsMiddleware: ([ALS_PROVIDER, SESSION_AUTHZ_OPTIONS]: [any, any]) => Type<Omit<{
     readonly als: AsyncLocalStorage<SessionAlsType<unknown, unknown>>;
     readonly sessionAuthzOptions: SessionAuthzOptions;
-    use(req: Request, res: Response, next: NextFunction): void;
+    use(req: RawRequestWithShims, res: RawResponseWithShims, next: Function): void;
 }, "als" | "sessionAuthzOptions">>;

package/dist/session/session-authz-als.middleware.js

@@ -16,7 +16,6 @@ exports.createSessionAuthzAlsMiddleware = void 0;
 const node_async_hooks_1 = require("node:async_hooks");
 const common_1 = require("@nestjs/common");
 const constants_1 = require("../constants");
-const errors_1 = require("../errors");
 const utils_1 = require("../utils");
 const createSessionAuthzAlsMiddleware = ([ALS_PROVIDER, SESSION_AUTHZ_OPTIONS]) => {
     let SessionAuthzAlsMiddleware = class SessionAuthzAlsMiddleware {
@@ -26,64 +25,45 @@ const createSessionAuthzAlsMiddleware = ([ALS_PROVIDER, SESSION_AUTHZ_OPTIONS])
         }
         use(req, res, next) {
             const keepSessionInfo = Boolean(this.sessionAuthzOptions.keepSessionInfo);
-            if (!req.session) {
-                return next(new errors_1.AuthzError('Login sessions require session support. Did you forget to use `express-session` middleware?'));
-            }
-            const prevSession = req.session;
             const store = {
                 user: undefined,
                 allowAnonymous: undefined,
                 guardResult: undefined,
                 authOptions: this.sessionAuthzOptions,
                 // ref: https://github.com/jaredhanson/passport/blob/217018dbc46dcd4118dd6f2c60c8d97010c587f8/lib/sessionmanager.js#L14
-                logIn: (user) => {
-                    return new Promise((resolve, reject) => {
-                        req.session.regenerate(function (err) {
-                            if (err) {
-                                return reject(err);
+                logIn: async (user) => {
+                    const prevSession = req.shims.getAllSession();
+                    await req.shims.regenerateSession();
+                    if (keepSessionInfo) {
+                        for (const key in prevSession) {
+                            if (req.shims.sessionContains(key)) {
+                                req.shims.setSession(key, prevSession[key]);
                             }
-                            if (keepSessionInfo) {
-                                (0, utils_1.merge)(req.session, prevSession);
-                            }
-                            // @ts-ignore
-                            if (!req.session[constants_1.SESSION_PASSPORT_KEY]) {
-                                // @ts-ignore
-                                req.session[constants_1.SESSION_PASSPORT_KEY] = {};
-                            }
-                            // @ts-ignore
-                            req.session[constants_1.SESSION_PASSPORT_KEY].user = user;
-                            req.session.save(function (err) {
-                                if (err) {
-                                    return reject(err);
-                                }
-                                resolve();
-                            });
-                        });
-                    });
+                        }
+                    }
+                    const passportSession = req.shims.getSession(constants_1.SESSION_PASSPORT_KEY) ?? {};
+                    passportSession.user = user;
+                    req.shims.setSession(constants_1.SESSION_PASSPORT_KEY, passportSession);
+                    await req.shims.saveSession();
+                    return;
                 },
                 // ref: https://github.com/jaredhanson/passport/blob/217018dbc46dcd4118dd6f2c60c8d97010c587f8/lib/sessionmanager.js#L57
-                logOut: () => {
-                    return new Promise((resolve, reject) => {
-                        // @ts-ignore
-                        if (req.session[constants_1.SESSION_PASSPORT_KEY]) {
-                            // @ts-ignore
-                            delete req.session[constants_1.SESSION_PASSPORT_KEY].user;
-                        }
-                        req.session.save(function (err) {
-                            if (err) {
-                                return reject(err);
+                logOut: async () => {
+                    if (req.shims.sessionContains(constants_1.SESSION_PASSPORT_KEY)) {
+                        const passportSession = req.shims.getSession(constants_1.SESSION_PASSPORT_KEY);
+                        delete passportSession.user;
+                        req.shims.setSession(constants_1.SESSION_PASSPORT_KEY, passportSession);
+                    }
+                    const prevSession = req.shims.getAllSession();
+                    await req.shims.saveSession();
+                    await req.shims.regenerateSession();
+                    if (keepSessionInfo) {
+                        for (const key in prevSession) {
+                            if (req.shims.sessionContains(key)) {
+                                req.shims.setSession(key, prevSession[key]);
                             }
-                            req.session.regenerate(function (err) {
-                                if (err) {
-                                    return reject(err);
-                                }
-                                if (keepSessionInfo) {
-                                    (0, utils_1.merge)(req.session, prevSession);
-                                }
-                                resolve();
-                            });
-                        });
-                    });
+                        }
+                    }
                 },
                 setCookie: (0, utils_1.createSetCookieFn)(req, res)
             };

package/dist/session/session-authz.guard.d.ts

@@ -2,7 +2,7 @@ import { ExecutionContext, type Type } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
 import type { AsyncLocalStorage } from 'async_hooks';
 import { AuthzProviderClass } from '../authz.provider';
-import { type AuthzError } from '../errors';
+import { AuthzError } from '../errors';
 import type { SessionAuthzOptions } from './session-authz.interface';
 import type { SessionAlsType } from './session-authz-als.middleware';
 export declare const createSessionAuthzGuard: ([SESSION_STRATEGY, AUTHZ_PROVIDER, SESSION_AUTHZ_OPTIONS, ALS_PROVIDER, SESSION_META_KEY]: [string, any, any, any, any]) => Type<Omit<{

package/dist/session/session-authz.module.d.ts

@@ -1,9 +1,9 @@
 import { AsyncLocalStorage } from 'node:async_hooks';
 import { type ConfigurableModuleAsyncOptions, DynamicModule, type ExecutionContext, MiddlewareConsumer, type Type } from '@nestjs/common';
-import type { Reflector } from '@nestjs/core';
+import { type Reflector } from '@nestjs/core';
 import { AuthzProviderClass } from '../authz.provider';
 import { AuthzError } from '../errors';
-import { type AbstractConstructor, type ApplyDecorators, type AuthzDecoParams, type AuthzModuleBaseOptions, type AuthzModuleRoutesOptions, type CookieOptionsWithSecret, type DeepReadonly, type MethodParameters, type RoutesOptions } from '../utils';
+import { type AbstractConstructor, type ApplyDecorators, type AuthzDecoParams, type AuthzModuleBaseOptions, type AuthzModuleRoutesOptions, type DeepReadonly, type MethodParameters, type RoutesOptions } from '../utils';
 import { type SessionAuthzModuleOptions, type SessionAuthzOptions } from './session-authz.interface';
 import { type SessionAlsType } from './session-authz-als.middleware';
 declare const ASYNC_OPTIONS_TYPE: ConfigurableModuleAsyncOptions<SessionAuthzModuleOptions, "createSessionAuthzModuleOptions"> & Partial<{
@@ -166,7 +166,7 @@ export declare const cereateSessionAuthzModule: <P, U, T extends AuthzProviderCl
         readonly als: AsyncLocalStorage<SessionAlsType<P, U>>;
         logIn(user: U): Promise<void>;
         logOut(): Promise<void>;
-        setCookie(name: string, value: string, options?: CookieOptionsWithSecret | undefined): void;
+        setCookie(name: string, value: string, options?: Record<string, any> | undefined): void;
         getUser(): DeepReadonly<U> | undefined;
     }, "als" | "authzProvider">>;
 };

package/dist/session/session-authz.module.js

@@ -53,6 +53,7 @@ const { ConfigurableModuleClass, MODULE_OPTIONS_TOKEN, ASYNC_OPTIONS_TYPE, OPTIO
     return (0, utils_1.mergeDynamicModuleConfigs)(definition, {
         global,
         providers: [
+            ...(0, utils_1.createOnceAdapterShimProvider)(),
             {
                 provide: constants_1.ROUTES_OPTIONS,
                 useValue: {

package/dist/session/session-authz.service.d.ts

@@ -1,7 +1,7 @@
 import { AsyncLocalStorage } from 'node:async_hooks';
 import { type Type } from '@nestjs/common';
 import { AuthzProviderClass } from '../authz.provider';
-import { type CookieOptionsWithSecret, type DeepReadonly } from '../utils';
+import { type DeepReadonly } from '../utils';
 import type { SessionAlsType } from './session-authz-als.middleware';
 export declare const createSessionAuthzService: <P = unknown, U = unknown>([AUTHZ_PROVIDER, ALS_PROVIDER]: [any, any]) => Type<Omit<{
     readonly authzProvider: AuthzProviderClass<P, U>;
@@ -19,7 +19,7 @@ export declare const createSessionAuthzService: <P = unknown, U = unknown>([AUTH
     /**
      * Sets a secure HTTP cookie with the given name, value, and optional cookie options.
      */
-    setCookie(name: string, value: string, options?: CookieOptionsWithSecret | undefined): void;
+    setCookie(name: string, value: string, options?: Record<string, any> | undefined): void;
     /**
      * Retrieves the current user associated with the request, if available.
      */

package/dist/session/session-authz.strategy.d.ts

@@ -1,11 +1,10 @@
 import { AsyncLocalStorage } from 'node:async_hooks';
 import { type Type } from '@nestjs/common';
-import type { Request } from 'express';
 import { AuthzProviderClass } from '../authz.provider';
 import type { SessionAlsType } from './session-authz-als.middleware';
 export declare const createSessionAuthzStrategy: ([SESSION_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]: [string, any, any]) => Type<Omit<{
     readonly authzProvider: AuthzProviderClass<unknown, unknown>;
     readonly als: AsyncLocalStorage<SessionAlsType<unknown, unknown>>;
-    validate(req: Request): Promise<{}>;
-    authenticate(req: Request, options?: any): any;
+    validate(req: any): Promise<{}>;
+    authenticate(req: import("express").Request, options?: any): any;
 }, "als" | "authzProvider">>;

package/dist/utils/adapter-shim.d.ts

@@ -0,0 +1,28 @@
+import { type CanActivate, ExecutionContext, type OnModuleInit, type Provider } from '@nestjs/common';
+import { HttpAdapterHost } from '@nestjs/core';
+export type RawRequestWithShims = {
+    shims: {
+        getSession(key?: string): any;
+        getAllSession(): any;
+        setSession(key: string, value: any): void;
+        deleteSession(key: string): void;
+        sessionContains(key: string): boolean;
+        regenerateSession(): Promise<void>;
+        saveSession(): Promise<void>;
+    };
+    [key: string]: any;
+};
+export type RawResponseWithShims = {
+    shims: {
+        setCookie(key: string, value: string, options?: Record<string, any>): void;
+    };
+    [key: string]: any;
+};
+export declare class AdapterShim implements CanActivate, OnModuleInit {
+    private httpAdapterHost;
+    private addShims;
+    constructor(httpAdapterHost: HttpAdapterHost);
+    onModuleInit(): void;
+    canActivate(context: ExecutionContext): boolean;
+}
+export declare const createOnceAdapterShimProvider: () => Provider[];

package/dist/utils/adapter-shim.js

@@ -0,0 +1,174 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createOnceAdapterShimProvider = exports.AdapterShim = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const errors_1 = require("../errors");
+const safe_clone_1 = require("./safe-clone");
+const addExpressShims = (req, res) => {
+    const reqShims = {
+        getSession(key) {
+            return req.session?.[key];
+        },
+        getAllSession() {
+            return (0, safe_clone_1.safeClone)(req.session);
+        },
+        setSession(key, value) {
+            req.session[key] = value;
+        },
+        deleteSession(key) {
+            delete req.session?.[key];
+        },
+        sessionContains(key) {
+            if (!req.session) {
+                return false;
+            }
+            return key in req.session;
+        },
+        async regenerateSession() {
+            return new Promise((resolve, reject) => {
+                req.session.regenerate((err) => {
+                    if (err)
+                        return reject(err);
+                    resolve();
+                });
+            });
+        },
+        async saveSession() {
+            return new Promise((resolve, reject) => {
+                req.session.save((err) => {
+                    if (err)
+                        return reject(err);
+                    resolve();
+                });
+            });
+        }
+    };
+    const resShims = {
+        setCookie(key, value, options) {
+            res.cookie(key, value, options);
+        }
+    };
+    req.shims = reqShims;
+    res.shims = resShims;
+};
+const addFastifyShims = (req, res) => {
+    const reqShims = {
+        getSession(key) {
+            return req.session.get(key);
+        },
+        getAllSession() {
+            const cloned = (0, safe_clone_1.safeClone)(req.session);
+            // exclude cookie in @fastify/session
+            if (req.session?.cookie?.constructor?.name === 'Cookie') {
+                delete cloned.cookie;
+            }
+            // exclude built-in props in @fastify/secure-session
+            if (req.session?.constructor?.name === 'Session') {
+                delete cloned.changed;
+                delete cloned.deleted;
+            }
+            return cloned;
+        },
+        setSession(key, value) {
+            req.session.set(key, value);
+        },
+        deleteSession(key) {
+            req.session[key] = undefined;
+        },
+        sessionContains(key) {
+            if (!req.session) {
+                return false;
+            }
+            // fastify-session
+            if (key in req.session) {
+                return true;
+            }
+            // fastify-secure-session
+            return req.session.get(key) !== undefined;
+        },
+        async regenerateSession() {
+            if (typeof req.session.save === 'function') {
+                // fastify-session
+                return req.session.regenerate();
+            }
+            else {
+                // fastify-secure-session
+                try {
+                    req.session.regenerate();
+                    return Promise.resolve();
+                }
+                catch (err) {
+                    return Promise.reject(err);
+                }
+            }
+        },
+        async saveSession() {
+            if (typeof req.session.save === 'function') {
+                // fastify-session
+                return req.session.save();
+            }
+            else {
+                // fastify-secure-session does not have save method
+                return Promise.resolve();
+            }
+        }
+    };
+    const resShims = {
+        setCookie(key, value, options) {
+            res.setCookie(key, value, options);
+        }
+    };
+    req.raw.shims = reqShims;
+    res.raw.shims = resShims;
+};
+const getShimsFactory = (adapter) => {
+    switch (adapter) {
+        case 'ExpressAdapter':
+            return addExpressShims;
+        case 'FastifyAdapter':
+            return addFastifyShims;
+    }
+    throw new errors_1.AuthzError(`Cannot find shims factory for adapter "${adapter}".`);
+};
+let AdapterShim = class AdapterShim {
+    constructor(httpAdapterHost) {
+        this.httpAdapterHost = httpAdapterHost;
+    }
+    onModuleInit() {
+        const adapter = this.httpAdapterHost?.httpAdapter?.constructor?.name;
+        this.addShims = getShimsFactory(adapter);
+    }
+    canActivate(context) {
+        this.addShims(context.switchToHttp().getRequest(), context.switchToHttp().getResponse());
+        return true;
+    }
+};
+exports.AdapterShim = AdapterShim;
+exports.AdapterShim = AdapterShim = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [core_1.HttpAdapterHost])
+], AdapterShim);
+let guardRegistered = false;
+const createOnceAdapterShimProvider = () => {
+    if (guardRegistered) {
+        return [];
+    }
+    guardRegistered = true;
+    return [
+        {
+            provide: core_1.APP_GUARD,
+            useClass: AdapterShim
+        }
+    ];
+};
+exports.createOnceAdapterShimProvider = createOnceAdapterShimProvider;

package/dist/utils/cookie-parsers.d.ts

@@ -1,9 +1,8 @@
-import type { Request } from 'express';
-export declare const normalCookieParser: (req: Request, _secrets?: string[], decode?: (str: string) => string | undefined) => {
-    cookies: Record<string, any>;
-    signedCookies: Record<string, any>;
+export declare const normalCookieParser: (req: any, _secrets?: string[], decode?: (str: string) => string | undefined) => {
+    cookies: any;
+    signedCookies: any;
 };
-export declare const customCookieParser: (req: Request, secrets?: string[], decode?: (str: string) => string | undefined) => {
-    cookies: Record<string, any>;
-    signedCookies: Record<string, any>;
+export declare const customCookieParser: (req: any, secrets?: string[], decode?: (str: string) => string | undefined) => {
+    cookies: {};
+    signedCookies: {};
 };

package/dist/utils/cookie-parsers.js

@@ -42,8 +42,18 @@ const cookie_parser_1 = __importDefault(require("cookie-parser"));
 const normalCookieParser = (req, _secrets = [], decode) => {
     let cookies = req.cookies || {};
     let signedCookies = req.signedCookies || {};
+    // compatible to @fastify/cookie
+    if (typeof req.unsignCookie === 'function') {
+        for (const [key, value] of Object.entries(cookies)) {
+            const unsigned = req.unsignCookie(value);
+            if (unsigned.valid) {
+                signedCookies[key] = unsigned.value;
+            }
+        }
+    }
     if (!req.cookies && req.headers.cookie) {
         const parsedCookies = cookie.parse(req.headers.cookie, { decode });
+        // cookie-parser uses req.secret to decrypt cookies
         if (req.secret) {
             signedCookies = cookie_parser_1.default.JSONCookies(cookie_parser_1.default.signedCookies(parsedCookies, [req.secret]));
         }

package/dist/utils/create-set-cookie-fn.d.ts

@@ -1,3 +1,2 @@
-import type { Request, Response } from 'express';
-import type { CookieOptionsWithSecret } from './types';
-export declare const createSetCookieFn: (req: Request, res: Response) => (name: string, value: string, options?: CookieOptionsWithSecret) => void;
+import type { RawRequestWithShims, RawResponseWithShims } from './adapter-shim';
+export declare const createSetCookieFn: (req: RawRequestWithShims, res: RawResponseWithShims) => (name: string, value: string, options?: Record<string, any>) => void;

package/dist/utils/create-set-cookie-fn.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createSetCookieFn = void 0;
 const generics_1 = require("./generics");
+// @fastify/cookie does not use req.secret to encrypted.
 const createSetCookieFn = (req, res) => (name, value, options = {}) => {
     const { secret, signed: optSigned, ...restOpts } = options;
     const secrets = (0, generics_1.normalizedArray)(secret) ?? [];
@@ -15,7 +16,7 @@ const createSetCookieFn = (req, res) => (name, value, options = {}) => {
     else {
         req.secret = undefined;
     }
-    res.cookie(name, value, {
+    res.shims.setCookie(name, value, {
         signed,
         ...restOpts
     });

package/dist/utils/generics.d.ts

@@ -1,4 +1,3 @@
 export declare const isNotFalsy: <T>(val: T) => val is T;
 export declare const normalizedArray: <T>(val?: T | T[]) => undefined extends T ? T[] | undefined : NonNullable<T>[];
 export declare const normalizedObject: <T extends Record<string, any>>(obj?: T) => T | undefined;
-export declare const merge: <T extends Record<string, any>, U extends Record<string, any>>(obj1: T, obj2?: U) => T & U;

package/dist/utils/generics.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.merge = exports.normalizedObject = exports.normalizedArray = exports.isNotFalsy = void 0;
+exports.normalizedObject = exports.normalizedArray = exports.isNotFalsy = void 0;
 const isNotFalsy = (val) => {
     return val !== undefined && val !== null && !Number.isNaN(val);
 };
@@ -27,14 +27,3 @@ const normalizedObject = (obj) => {
     return Object.fromEntries(filtered);
 };
 exports.normalizedObject = normalizedObject;
-// ref: https://github.com/jaredhanson/utils-merge/blob/master/index.js
-const merge = (obj1, obj2) => {
-    if (obj1 && obj2) {
-        for (var key in obj2) {
-            // @ts-ignore
-            obj1[key] = obj2[key];
-        }
-    }
-    return obj1;
-};
-exports.merge = merge;

package/dist/utils/get-passport-property.d.ts

@@ -1 +1 @@
-export declare const getPassportProperty: <T>(request: Express.Request) => T;
+export declare const getPassportProperty: <T>(request: any) => T;

package/dist/utils/get-passport-property.js

@@ -3,7 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getPassportProperty = void 0;
 const constants_1 = require("../constants");
 const getPassportProperty = (request) => {
-    // @ts-ignore
     return request[request[constants_1.PASSPORT_PROPERTY]];
 };
 exports.getPassportProperty = getPassportProperty;

package/dist/utils/index.d.ts

@@ -1,3 +1,4 @@
+export * from './adapter-shim';
 export * from './cookie-parsers';
 export * from './create-authz-decorator-factory';
 export * from './create-set-cookie-fn';
@@ -8,4 +9,5 @@ export * from './get-context-authz-meta-params-list';
 export * from './get-passport-property';
 export * from './merge-dynamic-module-configs';
 export * from './msgpackrs';
+export * from './safe-clone';
 export * from './types';

package/dist/utils/index.js

@@ -14,6 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./adapter-shim"), exports);
 __exportStar(require("./cookie-parsers"), exports);
 __exportStar(require("./create-authz-decorator-factory"), exports);
 __exportStar(require("./create-set-cookie-fn"), exports);
@@ -24,4 +25,5 @@ __exportStar(require("./get-context-authz-meta-params-list"), exports);
 __exportStar(require("./get-passport-property"), exports);
 __exportStar(require("./merge-dynamic-module-configs"), exports);
 __exportStar(require("./msgpackrs"), exports);
+__exportStar(require("./safe-clone"), exports);
 __exportStar(require("./types"), exports);

package/dist/utils/safe-clone.d.ts

@@ -0,0 +1 @@
+export declare const safeClone: (obj: any) => any;

package/dist/utils/safe-clone.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.safeClone = void 0;
+const safeClone = (obj) => {
+    if (!obj) {
+        return {};
+    }
+    try {
+        return JSON.parse(JSON.stringify(obj));
+    }
+    catch {
+        return {};
+    }
+};
+exports.safeClone = safeClone;

package/dist/utils/types.d.ts

@@ -1,6 +1,5 @@
 import type { applyDecorators } from '@nestjs/common';
 import type { RouteInfo, Type } from '@nestjs/common/interfaces';
-import type { CookieOptions } from 'express';
 import type { AuthzProviderClass } from '../authz.provider';
 export type OmitClassInstance<T extends abstract new (...args: any) => any, K extends keyof any> = Type<Omit<InstanceType<T>, K>>;
 export type SetRequired<T, K extends keyof T> = T & {
@@ -12,12 +11,6 @@ export type IsUnknown<T> = unknown extends T ? IsNull<T> extends false ? true :
 export type DeepReadonly<T> = {
     readonly [K in keyof T]: T[K] extends object ? DeepReadonly<T[K]> : T[K];
 };
-export type CookieOptionsWithSecret = CookieOptions & {
-    /**
-     * a string or array used to sign cookies.
-     */
-    secret?: string | string[];
-};
 export interface AuthzDecoBaseOptions {
     /**
      * When set, overrides the previous metadatas during the authorization, instead of inheriting.

package/package.json

@@ -2,7 +2,7 @@
   "name": "@nestjs-kitchen/authz",
   "private": false,
   "description": "Simplest authentication & authorization module in NextJS",
-  "version": "3.0.1",
+  "version": "3.1.0",
   "homepage": "https://github.com/yikenman/nestjs-kitchen",
   "repository": "https://github.com/yikenman/nestjs-kitchen",
   "author": "yikenman",
@@ -26,16 +26,22 @@
     "uid": "^2.0.2"
   },
   "devDependencies": {
+    "@fastify/cookie": "^11.0.2",
+    "@fastify/secure-session": "^8.2.0",
+    "@fastify/session": "^11.1.0",
+    "@nestjs/platform-express": "^11.0.0",
+    "@nestjs/platform-fastify": "^11.0.0",
     "@nestjs/testing": "^11.0.0",
     "@types/cookie-parser": "^1.4.8",
     "@types/express": "^5.0.1",
-    "@types/express-session": "^1.18.1",
+    "@types/express-session": "^1.18.2",
     "@types/jest": "^30.0.0",
     "@types/jsonwebtoken": "^9.0.9",
     "@types/node": "^22.13.9",
     "@types/passport": "^1.0.17",
     "@types/supertest": "^6.0.2",
-    "express-session": "^1.18.1",
+    "express-session": "^1.18.2",
+    "fastify": "^5.5.0",
     "jest": "^30.0.5",
     "rimraf": "^6.0.1",
     "supertest": "^7.1.0",
@@ -52,16 +58,30 @@
     "authentication",
     "authorization",
     "authz",
+    "express",
+    "Express",
+    "fastify",
+    "Fastify",
     "JWT",
     "NextJS",
     "NodeJS",
+    "passport",
+    "Passport",
     "Session"
   ],
+  "optionalDependencies": {
+    "@fastify/cookie": "^11.0.2",
+    "@fastify/secure-session": "^8.2.0",
+    "@fastify/session": "^11.1.0",
+    "@nestjs/platform-express": "^11.0.0",
+    "@nestjs/platform-fastify": "^11.0.0",
+    "@types/express-session": "^1.18.2",
+    "express-session": "^1.18.2"
+  },
   "peerDependencies": {
-    "@nestjs/common": "^10.0.0 || ^11.0.0",
-    "@nestjs/core": "^10.0.0 || ^11.0.0",
-    "@nestjs/passport": "^10.0.0 || ^11.0.0",
-    "@nestjs/platform-express": "^10.0.0 || ^11.0.0",
+    "@nestjs/common": "^11.0.0",
+    "@nestjs/core": "^11.0.0",
+    "@nestjs/passport": "^11.0.0",
     "passport": "^0.7.0",
     "reflect-metadata": "^0.2.2",
     "rxjs": "^7.8.2"