@nestjs-kitchen/authz 3.0.1 → 4.0.0

package/README.md

@@ -16,24 +16,43 @@ Simplest authentication & authorization module in NextJS.
 
 ## Features
 
-- JWT based authentication
-- Session based authentication
-- Customizable authorization
-- Simplified setups and APIs 
-- Anonymous access support
-- Simultaneous multiple strategy (JWT/Session) uses
+- ✅ Support JWT authentication
+
+- ✅ Support session authentication
+
+- ✅ Service based authentication/authorization -- Use Nestjs style services to implement authentication/authorization.
+
+- ✅ Support Anonymous access
+
+- ✅ Compatible with `Express` and `Fastify`
 
 ## Install
 
 Once completed NestJS project setup, install this package and its dependencies: 
 
 ```bash
-$ npm install --save @nestjs/passport passport @nestjs-kitchen/authz
+$ npm install --save @nestjs-kitchen/authz
 ```
 
+## Platform support
+
+Below platforms require different dependencies:
+
+- For `@nestjs/platform-express`:
+
+  It requires [`express-session`](https://www.npmjs.com/package/express-session).
+
+- For `@nestjs/platform-fastify`:
+
+  It requires [`@fastify/cookie`](https://www.npmjs.com/package/@fastify/cookie) and [`@fastify/session`](https://www.npmjs.com/package/@fastify/session).
+
+  Or [`@fastify/secure-session`](https://www.npmjs.com/package/@fastify/secure-session) instead.
+
 ## Beark change
 
-- From `@nestjs-kitchen/authz` **v3**, [`express-session`](https://www.npmjs.com/package/express-session) had been removed from dependency. Please setup session manually:
+- From **v4**, `Passport.js` is moved out without any api changes.
+
+- From **v3**, [`express-session`](https://www.npmjs.com/package/express-session) had been removed from dependency. Please setup session manually:
 
     ```typescript
     import * as session from 'express-session';

package/dist/authz.provider.d.ts

@@ -1,4 +1,3 @@
-import type { Request } from 'express';
 /**
  * Abstract base class for implementing custom authorization logic.
  *
@@ -26,7 +25,7 @@ export declare abstract class AuthzProviderClass<Payload, User> {
      * @param {Payload} payload - The payload to authenticate.
      * @returns {User | Promise<User>} The authenticated user, or a promise resolving to the user.
      */
-    abstract authenticate(payload: Payload, req?: Request): User | Promise<User>;
+    abstract authenticate(payload: Payload, req?: any): User | Promise<User>;
     /**
      * (**Optional**: Implement this method only if authorization is required.)
      *

package/dist/jwt/jwt-authz-als.middleware.d.ts

@@ -1,19 +1,15 @@
 import { AsyncLocalStorage } from 'node:async_hooks';
 import { type Type } from '@nestjs/common';
-import type { NextFunction, Request, Response } from 'express';
 import { JwtValidationType } from '../constants';
-import { type CookieOptionsWithSecret } from '../utils';
-import type { JwtAuthzOptions } from './jwt-authz.interface';
+import { type RawRequestWithShims, type RawResponseWithShims } from '../utils';
 export interface JwtAlsType<U> {
     user?: U;
     jwtVerifiedBy?: JwtValidationType;
     allowAnonymous?: boolean;
     guardResult?: boolean;
-    authOptions: JwtAuthzOptions;
-    setCookie: (name: string, value: string, options?: CookieOptionsWithSecret) => void;
+    setCookie: (name: string, value: string, options?: Record<string, any>) => void;
 }
-export declare const createJwtAuthzAlsMiddleware: ([ALS_PROVIDER, JWT_AUTHZ_OPTIONS]: [any, any]) => Type<Omit<{
+export declare const createJwtAuthzAlsMiddleware: ([ALS_PROVIDER]: [any]) => Type<Omit<{
     readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
-    readonly jwtAuthzOptions: JwtAuthzOptions;
-    use(req: Request, res: Response, next: NextFunction): void;
-}, "als" | "jwtAuthzOptions">>;
+    use(req: RawRequestWithShims, res: RawResponseWithShims, next: Function): void;
+}, "als">>;

package/dist/jwt/jwt-authz-als.middleware.js

@@ -16,30 +16,27 @@ exports.createJwtAuthzAlsMiddleware = void 0;
 const node_async_hooks_1 = require("node:async_hooks");
 const common_1 = require("@nestjs/common");
 const utils_1 = require("../utils");
-const createJwtAuthzAlsMiddleware = ([ALS_PROVIDER, JWT_AUTHZ_OPTIONS]) => {
+const createJwtAuthzAlsMiddleware = ([ALS_PROVIDER]) => {
     let JwtAuthzAlsMiddleware = class JwtAuthzAlsMiddleware {
-        constructor(als, jwtAuthzOptions) {
+        constructor(als) {
             this.als = als;
-            this.jwtAuthzOptions = jwtAuthzOptions;
         }
         use(req, res, next) {
-            this.als.run({
+            const store = {
                 user: undefined,
                 jwtVerifiedBy: undefined,
                 allowAnonymous: undefined,
                 guardResult: undefined,
-                // a workaround to pass jwtAuthzOptions to passport strategy.
-                authOptions: this.jwtAuthzOptions,
                 setCookie: (0, utils_1.createSetCookieFn)(req, res)
-            }, () => {
+            };
+            this.als.run(store, () => {
                 next();
             });
         }
     };
     JwtAuthzAlsMiddleware = __decorate([
         __param(0, (0, common_1.Inject)(ALS_PROVIDER)),
-        __param(1, (0, common_1.Inject)(JWT_AUTHZ_OPTIONS)),
-        __metadata("design:paramtypes", [node_async_hooks_1.AsyncLocalStorage, Object])
+        __metadata("design:paramtypes", [node_async_hooks_1.AsyncLocalStorage])
     ], JwtAuthzAlsMiddleware);
     return (0, common_1.mixin)(JwtAuthzAlsMiddleware);
 };

package/dist/jwt/jwt-authz.guard.d.ts

@@ -1,20 +1,15 @@
 import type { AsyncLocalStorage } from 'node:async_hooks';
 import { ExecutionContext, type Type } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
-import type { Observable } from 'rxjs';
 import { AuthzProviderClass } from '../authz.provider';
-import { type AuthzError } from '../errors';
+import { AuthzError } from '../errors';
 import type { JwtAuthzOptions } from './jwt-authz.interface';
 import type { JwtAlsType } from './jwt-authz-als.middleware';
-export declare const createJwtAuthzGuard: ([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER, JWT_META_KEY, JWT_REFRESH_META_KEY]: [string, any, any, any, any, any]) => Type<Omit<{
+export declare const createJwtAuthzGuard: ([AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER, JWT_META_KEY, JWT_REFRESH_META_KEY]: [any, any, any, any, any]) => Type<Omit<{
     readonly reflector: Reflector;
     readonly authzProvider: AuthzProviderClass<unknown, unknown>;
     readonly jwtAuthzOptions: JwtAuthzOptions;
     readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
-    getAuthenticateOptions(): {
-        property: string;
-        session: boolean;
-    };
     /**
      *
      * recives err, user, info from JwtStrategy.validate
@@ -28,21 +23,13 @@ export declare const createJwtAuthzGuard: ([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AU
      */
     handleRequest<T>(_err: unknown, user: T, info?: AuthzError): T;
     canActivate(context: ExecutionContext): Promise<boolean>;
-    logIn<TRequest extends {
-        logIn: Function;
-    } = any>(request: TRequest): Promise<void>;
-    getRequest(context: ExecutionContext): any;
-}, "als" | "jwtAuthzOptions" | "reflector" | "authzProvider">>;
-export declare const createJwtRefreshAuthzGuard: ([JWT_REFRESH_STRATEGY, JWT_AUTHZ_OPTIONS]: [string, any]) => Type<Omit<{
+    validate(req: any): Promise<[any, any?]>;
+}, "als" | "reflector" | "authzProvider" | "jwtAuthzOptions">>;
+export declare const createJwtRefreshAuthzGuard: ([JWT_AUTHZ_OPTIONS, AUTHZ_PROVIDER, ALS_PROVIDER]: [any, any, any]) => Type<Omit<{
     readonly jwtAuthzOptions: JwtAuthzOptions;
-    getAuthenticateOptions(): {
-        property: string;
-        session: boolean;
-    };
+    readonly authzProvider: AuthzProviderClass<unknown, unknown>;
+    readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
     handleRequest<T>(_err: unknown, user: T, info?: AuthzError): T;
-    canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean>;
-    logIn<TRequest extends {
-        logIn: Function;
-    } = any>(request: TRequest): Promise<void>;
-    getRequest(context: ExecutionContext): any;
-}, "jwtAuthzOptions">>;
+    canActivate(context: ExecutionContext): Promise<boolean>;
+    validate(req: any): Promise<[any, any?]>;
+}, "als" | "authzProvider" | "jwtAuthzOptions">>;

package/dist/jwt/jwt-authz.guard.js

@@ -11,28 +11,29 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 var __param = (this && this.__param) || function (paramIndex, decorator) {
     return function (target, key) { decorator(target, key, paramIndex); }
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createJwtRefreshAuthzGuard = exports.createJwtAuthzGuard = void 0;
 const common_1 = require("@nestjs/common");
 const core_1 = require("@nestjs/core");
-const passport_1 = require("@nestjs/passport");
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const authz_provider_1 = require("../authz.provider");
+const constants_1 = require("../constants");
 const errors_1 = require("../errors");
 const utils_1 = require("../utils");
-const createJwtAuthzGuard = ([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER, JWT_META_KEY, JWT_REFRESH_META_KEY]) => {
-    let JwtAuthzGuard = class JwtAuthzGuard extends (0, passport_1.AuthGuard)(JWT_STRATEGY) {
+const extract_jwt_1 = require("./extract-jwt");
+const createJwtAuthzGuard = ([AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER, JWT_META_KEY, JWT_REFRESH_META_KEY]) => {
+    let JwtAuthzGuard = class JwtAuthzGuard {
         constructor(reflector, authzProvider, jwtAuthzOptions, als) {
-            super();
             this.reflector = reflector;
             this.authzProvider = authzProvider;
             this.jwtAuthzOptions = jwtAuthzOptions;
             this.als = als;
-        }
-        getAuthenticateOptions() {
-            return {
-                property: this.jwtAuthzOptions.passportProperty,
-                session: false
-            };
+            if (typeof this.authzProvider.authenticate !== 'function') {
+                throw new errors_1.AuthzError(`InternalError: Method 'authenticate' from abstract class 'AuthzProvider' must be implemented.`);
+            }
         }
         /**
          *
@@ -82,7 +83,7 @@ const createJwtAuthzGuard = ([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, A
             store.allowAnonymous = (0, utils_1.getAllowAnonymous)(contextParamsList, {
                 defaultAllowAnonymous: this.jwtAuthzOptions.defaultAllowAnonymous
             });
-            await super.canActivate(context);
+            req[this.jwtAuthzOptions.passportProperty] = this.handleRequest(undefined, ...(await this.validate(req)));
             // will be null if allowAnonymous=true.
             const user = (0, utils_1.getPassportProperty)(req);
             if (store.allowAnonymous && !user) {
@@ -95,6 +96,38 @@ const createJwtAuthzGuard = ([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, A
             }
             return true;
         }
+        async validate(req) {
+            const store = (0, utils_1.getAlsStore)(this.als);
+            const authOptions = this.jwtAuthzOptions;
+            if (!authOptions.jwt.verify) {
+                return [null, new errors_1.AuthzError(`InternalError: Refresh verify options must be implemented.`)];
+            }
+            const extractor = extract_jwt_1.ExtractJwt.fromExtractors(authOptions.jwt.jwtFromRequest);
+            req[constants_1.PASSPORT_PROPERTY] = authOptions.passportProperty;
+            const token = extractor(req);
+            if (!token) {
+                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find token.')];
+            }
+            let user = undefined;
+            try {
+                const payload = jsonwebtoken_1.default.verify(token, authOptions.jwt.secretOrPublicKey, authOptions.jwt.verify);
+                user = await this.authzProvider.authenticate(payload, req);
+            }
+            catch (error) {
+                return [
+                    null,
+                    error instanceof Error
+                        ? new errors_1.AuthzVerificationError(`${error.name}: ${error.message}`, error)
+                        : new errors_1.AuthzVerificationError(`${error}`)
+                ];
+            }
+            store.user = user;
+            store.jwtVerifiedBy = constants_1.JwtValidationType.JWT;
+            if (!user) {
+                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find user.')];
+            }
+            return [user];
+        }
     };
     JwtAuthzGuard = __decorate([
         __param(1, (0, common_1.Inject)(AUTHZ_PROVIDER)),
@@ -106,17 +139,15 @@ const createJwtAuthzGuard = ([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, A
     return (0, common_1.mixin)(JwtAuthzGuard);
 };
 exports.createJwtAuthzGuard = createJwtAuthzGuard;
-const createJwtRefreshAuthzGuard = ([JWT_REFRESH_STRATEGY, JWT_AUTHZ_OPTIONS]) => {
-    let JwtRefreshAuthzGuard = class JwtRefreshAuthzGuard extends (0, passport_1.AuthGuard)(JWT_REFRESH_STRATEGY) {
-        constructor(jwtAuthzOptions) {
-            super();
+const createJwtRefreshAuthzGuard = ([JWT_AUTHZ_OPTIONS, AUTHZ_PROVIDER, ALS_PROVIDER]) => {
+    let JwtRefreshAuthzGuard = class JwtRefreshAuthzGuard {
+        constructor(jwtAuthzOptions, authzProvider, als) {
             this.jwtAuthzOptions = jwtAuthzOptions;
-        }
-        getAuthenticateOptions() {
-            return {
-                property: this.jwtAuthzOptions.passportProperty,
-                session: false
-            };
+            this.authzProvider = authzProvider;
+            this.als = als;
+            if (typeof this.authzProvider.authenticate !== 'function') {
+                throw new errors_1.AuthzError(`InternalError: Method 'authenticate' from abstract class 'AuthzProvider' must be implemented.`);
+            }
         }
         handleRequest(_err, user, info) {
             if (info) {
@@ -124,10 +155,50 @@ const createJwtRefreshAuthzGuard = ([JWT_REFRESH_STRATEGY, JWT_AUTHZ_OPTIONS]) =
             }
             return user;
         }
+        async canActivate(context) {
+            const req = context.switchToHttp().getRequest();
+            req[this.jwtAuthzOptions.passportProperty] = this.handleRequest(undefined, ...(await this.validate(req)));
+            return true;
+        }
+        async validate(req) {
+            const store = (0, utils_1.getAlsStore)(this.als);
+            const authOptions = this.jwtAuthzOptions;
+            if (!authOptions.refresh.verify) {
+                return [null, new errors_1.AuthzError(`InternalError: Refresh verify options must be implemented.`)];
+            }
+            const extractor = extract_jwt_1.ExtractJwt.fromExtractors(authOptions.refresh.jwtFromRequest);
+            req[constants_1.PASSPORT_PROPERTY] = authOptions.passportProperty;
+            const token = extractor(req);
+            if (!token) {
+                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find token.')];
+            }
+            let user = undefined;
+            try {
+                const payload = jsonwebtoken_1.default.verify(token, authOptions.refresh.secretOrPublicKey, authOptions.refresh.verify);
+                const decodePayload = (0, utils_1.decodeMsgpackrString)(payload.data);
+                user = await this.authzProvider.authenticate(decodePayload, req);
+            }
+            catch (error) {
+                return [
+                    null,
+                    error instanceof Error
+                        ? new errors_1.AuthzVerificationError(`${error.name}: ${error.message}`, error)
+                        : new errors_1.AuthzVerificationError(`${error}`)
+                ];
+            }
+            store.user = user;
+            store.jwtVerifiedBy = constants_1.JwtValidationType.REFRESH;
+            if (!user) {
+                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find user.')];
+            }
+            return [user];
+        }
     };
     JwtRefreshAuthzGuard = __decorate([
         __param(0, (0, common_1.Inject)(JWT_AUTHZ_OPTIONS)),
-        __metadata("design:paramtypes", [Object])
+        __param(1, (0, common_1.Inject)(AUTHZ_PROVIDER)),
+        __param(2, (0, common_1.Inject)(ALS_PROVIDER)),
+        __metadata("design:paramtypes", [Object, authz_provider_1.AuthzProviderClass, Function])
     ], JwtRefreshAuthzGuard);
     return (0, common_1.mixin)(JwtRefreshAuthzGuard);
 };

package/dist/jwt/jwt-authz.module.d.ts

@@ -1,9 +1,9 @@
 import { AsyncLocalStorage } from 'node:async_hooks';
 import { type ConfigurableModuleAsyncOptions, DynamicModule, type ExecutionContext, MiddlewareConsumer, type Type } from '@nestjs/common';
-import type { Reflector } from '@nestjs/core';
+import { type Reflector } from '@nestjs/core';
 import { AuthzProviderClass } from '../authz.provider';
 import { AuthzError } from '../errors';
-import { type AbstractConstructor, type ApplyDecorators, type AuthzDecoParams, type AuthzModuleBaseOptions, type AuthzModuleRoutesOptions, type CookieOptionsWithSecret, type DeepReadonly, type MethodParameters, type RoutesOptions } from '../utils';
+import { type AbstractConstructor, type ApplyDecorators, type AuthzDecoParams, type AuthzModuleBaseOptions, type AuthzModuleRoutesOptions, type DeepReadonly, type MethodParameters, type RoutesOptions } from '../utils';
 import { type JwtAuthzModuleOptions, type JwtAuthzOptions, type JwtOptions } from './jwt-authz.interface';
 import { type JwtAlsType } from './jwt-authz-als.middleware';
 declare const ASYNC_OPTIONS_TYPE: ConfigurableModuleAsyncOptions<JwtAuthzModuleOptions, "createJwtAuthzModuleOptions"> & Partial<{
@@ -97,17 +97,10 @@ export declare const createJwtAuthzModule: <P, U, T extends AuthzProviderClass<P
         readonly authzProvider: AuthzProviderClass<unknown, unknown>;
         readonly jwtAuthzOptions: JwtAuthzOptions;
         readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
-        getAuthenticateOptions(): {
-            property: string;
-            session: boolean;
-        };
         handleRequest<T_1>(_err: unknown, user: T_1, info?: AuthzError): T_1;
         canActivate(context: ExecutionContext): Promise<boolean>;
-        logIn<TRequest extends {
-            logIn: Function;
-        } = any>(request: TRequest): Promise<void>;
-        getRequest(context: ExecutionContext): any;
-    }, "als" | "jwtAuthzOptions" | "reflector" | "authzProvider">> & {
+        validate(req: any): Promise<[any, any?]>;
+    }, "als" | "reflector" | "authzProvider" | "jwtAuthzOptions">> & {
         /**
          * Verifies the user's authorization for specific meta data.
          *
@@ -197,8 +190,8 @@ export declare const createJwtAuthzModule: <P, U, T extends AuthzProviderClass<P
         refresh(user?: U | undefined): Promise<{
             token: string;
         } | undefined>;
-        setCookie(name: string, value: string, options?: CookieOptionsWithSecret | undefined): void;
+        setCookie(name: string, value: string, options?: Record<string, any> | undefined): void;
         getUser(): DeepReadonly<U> | undefined;
-    }, "als" | "jwtAuthzOptions" | "authzProvider">>;
+    }, "als" | "authzProvider" | "jwtAuthzOptions">>;
 };
 export {};

package/dist/jwt/jwt-authz.module.js

@@ -22,7 +22,6 @@ const utils_1 = require("../utils");
 const jwt_authz_guard_1 = require("./jwt-authz.guard");
 const jwt_authz_interface_1 = require("./jwt-authz.interface");
 const jwt_authz_service_1 = require("./jwt-authz.service");
-const jwt_authz_strategy_1 = require("./jwt-authz.strategy");
 const jwt_authz_als_middleware_1 = require("./jwt-authz-als.middleware");
 const store = {
     globalInited: 0
@@ -53,6 +52,7 @@ const { ConfigurableModuleClass, MODULE_OPTIONS_TOKEN, ASYNC_OPTIONS_TYPE, OPTIO
     return (0, utils_1.mergeDynamicModuleConfigs)(definition, {
         global,
         providers: [
+            ...(0, utils_1.createOnceAdapterShimProvider)(),
             {
                 provide: constants_1.ROUTES_OPTIONS,
                 useValue: {
@@ -76,9 +76,6 @@ const { ConfigurableModuleClass, MODULE_OPTIONS_TOKEN, ASYNC_OPTIONS_TYPE, OPTIO
 const createJwtAuthzModule = (authzProvider) => {
     // prevent token overriding
     const id = `${constants_1.PREFIX}${(0, uid_1.uid)()}`;
-    // strategy tokens
-    const JWT_STRATEGY = `${id}_JWT_STRATEGY`;
-    const JWT_REFRESH_STRATEGY = `${id}_REFRESH_STRATEGY`;
     // provider tokens
     const AUTHZ_PROVIDER = `${id}_AUTHZ_PROVIDER`;
     const ALS_PROVIDER = `${id}_ALS_PROVIDER`;
@@ -88,20 +85,11 @@ const createJwtAuthzModule = (authzProvider) => {
     const JWT_REFRESH_META_KEY = `${id}_REFRESH_META_KEY`;
     // providers
     const JwtAuthzService = (0, jwt_authz_service_1.createJwtAuthzService)([AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER]);
-    const JwtAuthzAlsMiddleware = (0, jwt_authz_als_middleware_1.createJwtAuthzAlsMiddleware)([ALS_PROVIDER, JWT_AUTHZ_OPTIONS]);
+    const JwtAuthzAlsMiddleware = (0, jwt_authz_als_middleware_1.createJwtAuthzAlsMiddleware)([ALS_PROVIDER]);
     const als = new node_async_hooks_1.AsyncLocalStorage();
-    // strategy
-    const JwtStrategy = (0, jwt_authz_strategy_1.createJwtStrategy)([JWT_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]);
-    const RefreshStrategy = (0, jwt_authz_strategy_1.createRefreshStrategy)([JWT_REFRESH_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]);
-    // each strategy can be only registered once in passport.
-    // no need to provide multiple times as
-    //  1. they use the same ALS and authzProvider instance.
-    //  2. guard use strategy through passport via strategy name.
-    let isStrategyInited = false;
     // guards
-    const RefreshAuthzGuard = (0, jwt_authz_guard_1.createJwtRefreshAuthzGuard)([JWT_REFRESH_STRATEGY, JWT_AUTHZ_OPTIONS]);
+    const RefreshAuthzGuard = (0, jwt_authz_guard_1.createJwtRefreshAuthzGuard)([JWT_AUTHZ_OPTIONS, AUTHZ_PROVIDER, ALS_PROVIDER]);
     const JwtAuthzGuard = (0, jwt_authz_guard_1.createJwtAuthzGuard)([
-        JWT_STRATEGY,
         AUTHZ_PROVIDER,
         JWT_AUTHZ_OPTIONS,
         ALS_PROVIDER,
@@ -135,12 +123,10 @@ const createJwtAuthzModule = (authzProvider) => {
                     provide: ALS_PROVIDER,
                     useValue: als
                 },
-                ...(!isStrategyInited ? [JwtStrategy, RefreshStrategy] : []),
                 JwtAuthzService
             ],
             exports: [AUTHZ_PROVIDER, ALS_PROVIDER, JWT_AUTHZ_OPTIONS, JwtAuthzService]
         };
-        isStrategyInited = true;
         return configs;
     };
     let JwtAuthzModule = class JwtAuthzModule extends ConfigurableModuleClass {

package/dist/jwt/jwt-authz.service.d.ts

@@ -1,7 +1,7 @@
 import { AsyncLocalStorage } from 'node:async_hooks';
 import { type Type } from '@nestjs/common';
 import { AuthzProviderClass } from '../authz.provider';
-import { type CookieOptionsWithSecret, type DeepReadonly } from '../utils';
+import { type DeepReadonly } from '../utils';
 import type { JwtAuthzOptions } from './jwt-authz.interface';
 import type { JwtAlsType } from './jwt-authz-als.middleware';
 export declare const createJwtAuthzService: <P = unknown, U = unknown>([AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER]: [any, any, any]) => Type<Omit<{
@@ -36,9 +36,9 @@ export declare const createJwtAuthzService: <P = unknown, U = unknown>([AUTHZ_PR
     /**
      * Sets a secure HTTP cookie with the given name, value, and optional cookie options.
      */
-    setCookie(name: string, value: string, options?: CookieOptionsWithSecret | undefined): void;
+    setCookie(name: string, value: string, options?: Record<string, any> | undefined): void;
     /**
      * Retrieves the current user associated with the request, if available.
      */
     getUser(): DeepReadonly<U> | undefined;
-}, "als" | "jwtAuthzOptions" | "authzProvider">>;
+}, "als" | "authzProvider" | "jwtAuthzOptions">>;

package/dist/session/session-authz-als.middleware.d.ts

@@ -1,19 +1,17 @@
 import { AsyncLocalStorage } from 'node:async_hooks';
 import { type Type } from '@nestjs/common';
-import type { NextFunction, Request, Response } from 'express';
-import { type CookieOptionsWithSecret } from '../utils';
+import { type RawRequestWithShims, type RawResponseWithShims } from '../utils';
 import type { SessionAuthzOptions } from './session-authz.interface';
 export interface SessionAlsType<P, U> {
     user?: U;
     allowAnonymous?: boolean;
     guardResult?: boolean;
-    authOptions: SessionAuthzOptions;
     logIn: (user: P) => Promise<void>;
     logOut: () => Promise<void>;
-    setCookie: (name: string, value: string, options?: CookieOptionsWithSecret) => void;
+    setCookie: (name: string, value: string, options?: Record<string, any>) => void;
 }
 export declare const createSessionAuthzAlsMiddleware: ([ALS_PROVIDER, SESSION_AUTHZ_OPTIONS]: [any, any]) => Type<Omit<{
     readonly als: AsyncLocalStorage<SessionAlsType<unknown, unknown>>;
     readonly sessionAuthzOptions: SessionAuthzOptions;
-    use(req: Request, res: Response, next: NextFunction): void;
+    use(req: RawRequestWithShims, res: RawResponseWithShims, next: Function): void;
 }, "als" | "sessionAuthzOptions">>;

package/dist/session/session-authz-als.middleware.js

@@ -16,7 +16,6 @@ exports.createSessionAuthzAlsMiddleware = void 0;
 const node_async_hooks_1 = require("node:async_hooks");
 const common_1 = require("@nestjs/common");
 const constants_1 = require("../constants");
-const errors_1 = require("../errors");
 const utils_1 = require("../utils");
 const createSessionAuthzAlsMiddleware = ([ALS_PROVIDER, SESSION_AUTHZ_OPTIONS]) => {
     let SessionAuthzAlsMiddleware = class SessionAuthzAlsMiddleware {
@@ -26,64 +25,44 @@ const createSessionAuthzAlsMiddleware = ([ALS_PROVIDER, SESSION_AUTHZ_OPTIONS])
         }
         use(req, res, next) {
             const keepSessionInfo = Boolean(this.sessionAuthzOptions.keepSessionInfo);
-            if (!req.session) {
-                return next(new errors_1.AuthzError('Login sessions require session support. Did you forget to use `express-session` middleware?'));
-            }
-            const prevSession = req.session;
             const store = {
                 user: undefined,
                 allowAnonymous: undefined,
                 guardResult: undefined,
-                authOptions: this.sessionAuthzOptions,
                 // ref: https://github.com/jaredhanson/passport/blob/217018dbc46dcd4118dd6f2c60c8d97010c587f8/lib/sessionmanager.js#L14
-                logIn: (user) => {
-                    return new Promise((resolve, reject) => {
-                        req.session.regenerate(function (err) {
-                            if (err) {
-                                return reject(err);
+                logIn: async (user) => {
+                    const prevSession = req.shims.getAllSession();
+                    await req.shims.regenerateSession();
+                    if (keepSessionInfo) {
+                        for (const key in prevSession) {
+                            if (req.shims.sessionContains(key)) {
+                                req.shims.setSession(key, prevSession[key]);
                             }
-                            if (keepSessionInfo) {
-                                (0, utils_1.merge)(req.session, prevSession);
-                            }
-                            // @ts-ignore
-                            if (!req.session[constants_1.SESSION_PASSPORT_KEY]) {
-                                // @ts-ignore
-                                req.session[constants_1.SESSION_PASSPORT_KEY] = {};
-                            }
-                            // @ts-ignore
-                            req.session[constants_1.SESSION_PASSPORT_KEY].user = user;
-                            req.session.save(function (err) {
-                                if (err) {
-                                    return reject(err);
-                                }
-                                resolve();
-                            });
-                        });
-                    });
+                        }
+                    }
+                    const passportSession = req.shims.getSession(constants_1.SESSION_PASSPORT_KEY) ?? {};
+                    passportSession.user = user;
+                    req.shims.setSession(constants_1.SESSION_PASSPORT_KEY, passportSession);
+                    await req.shims.saveSession();
+                    return;
                 },
                 // ref: https://github.com/jaredhanson/passport/blob/217018dbc46dcd4118dd6f2c60c8d97010c587f8/lib/sessionmanager.js#L57
-                logOut: () => {
-                    return new Promise((resolve, reject) => {
-                        // @ts-ignore
-                        if (req.session[constants_1.SESSION_PASSPORT_KEY]) {
-                            // @ts-ignore
-                            delete req.session[constants_1.SESSION_PASSPORT_KEY].user;
-                        }
-                        req.session.save(function (err) {
-                            if (err) {
-                                return reject(err);
+                logOut: async () => {
+                    if (req.shims.sessionContains(constants_1.SESSION_PASSPORT_KEY)) {
+                        const passportSession = req.shims.getSession(constants_1.SESSION_PASSPORT_KEY);
+                        delete passportSession.user;
+                        req.shims.setSession(constants_1.SESSION_PASSPORT_KEY, passportSession);
+                    }
+                    const prevSession = req.shims.getAllSession();
+                    await req.shims.saveSession();
+                    await req.shims.regenerateSession();
+                    if (keepSessionInfo) {
+                        for (const key in prevSession) {
+                            if (req.shims.sessionContains(key)) {
+                                req.shims.setSession(key, prevSession[key]);
                             }
-                            req.session.regenerate(function (err) {
-                                if (err) {
-                                    return reject(err);
-                                }
-                                if (keepSessionInfo) {
-                                    (0, utils_1.merge)(req.session, prevSession);
-                                }
-                                resolve();
-                            });
-                        });
-                    });
+                        }
+                    }
                 },
                 setCookie: (0, utils_1.createSetCookieFn)(req, res)
             };

package/dist/session/session-authz.guard.d.ts

@@ -2,18 +2,14 @@ import { ExecutionContext, type Type } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
 import type { AsyncLocalStorage } from 'async_hooks';
 import { AuthzProviderClass } from '../authz.provider';
-import { type AuthzError } from '../errors';
+import { AuthzError } from '../errors';
 import type { SessionAuthzOptions } from './session-authz.interface';
 import type { SessionAlsType } from './session-authz-als.middleware';
-export declare const createSessionAuthzGuard: ([SESSION_STRATEGY, AUTHZ_PROVIDER, SESSION_AUTHZ_OPTIONS, ALS_PROVIDER, SESSION_META_KEY]: [string, any, any, any, any]) => Type<Omit<{
+export declare const createSessionAuthzGuard: ([AUTHZ_PROVIDER, SESSION_AUTHZ_OPTIONS, ALS_PROVIDER, SESSION_META_KEY]: [any, any, any, any]) => Type<Omit<{
     readonly reflector: Reflector;
     readonly authzProvider: AuthzProviderClass<unknown, unknown>;
     readonly sessionAuthzOptions: SessionAuthzOptions;
     readonly als: AsyncLocalStorage<SessionAlsType<unknown, unknown>>;
-    getAuthenticateOptions(): {
-        property: string;
-        session: boolean;
-    };
     /**
      *
      * recives err, user, info from JwtStrategy.validate
@@ -27,8 +23,5 @@ export declare const createSessionAuthzGuard: ([SESSION_STRATEGY, AUTHZ_PROVIDER
      */
     handleRequest<T>(_err: unknown, user: T, info?: AuthzError): T;
     canActivate(context: ExecutionContext): Promise<boolean>;
-    logIn<TRequest extends {
-        logIn: Function;
-    } = any>(request: TRequest): Promise<void>;
-    getRequest(context: ExecutionContext): any;
+    validate(req: any): Promise<[any, any?]>;
 }, "als" | "reflector" | "authzProvider" | "sessionAuthzOptions">>;