@nestjs-kitchen/authz 3.1.0 → 4.0.0

package/README.md

@@ -16,27 +16,27 @@ Simplest authentication & authorization module in NextJS.
 
 ## Features
 
-- ✅ JWT based authentication
+- ✅ Support JWT authentication
 
-- ✅ Session based authentication
+- ✅ Support session authentication
 
-- ✅ Flexible authorization
+- ✅ Service based authentication/authorization -- Use Nestjs style services to implement authentication/authorization.
 
 - ✅ Support Anonymous access
 
-- ✅ Compatible with both `@nestjs/platform-express` and `@nestjs/platform-fastify`
+- ✅ Compatible with `Express` and `Fastify`
 
 ## Install
 
 Once completed NestJS project setup, install this package and its dependencies: 
 
 ```bash
-$ npm install --save @nestjs/passport passport @nestjs-kitchen/authz
+$ npm install --save @nestjs-kitchen/authz
 ```
 
-## Platform prerequisite
+## Platform support
 
-Different platforms require different dependencies:
+Below platforms require different dependencies:
 
 - For `@nestjs/platform-express`:
 
@@ -50,7 +50,9 @@ Different platforms require different dependencies:
 
 ## Beark change
 
-- From `@nestjs-kitchen/authz` **v3**, [`express-session`](https://www.npmjs.com/package/express-session) had been removed from dependency. Please setup session manually:
+- From **v4**, `Passport.js` is moved out without any api changes.
+
+- From **v3**, [`express-session`](https://www.npmjs.com/package/express-session) had been removed from dependency. Please setup session manually:
 
     ```typescript
     import * as session from 'express-session';

package/dist/jwt/jwt-authz-als.middleware.d.ts

@@ -2,17 +2,14 @@ import { AsyncLocalStorage } from 'node:async_hooks';
 import { type Type } from '@nestjs/common';
 import { JwtValidationType } from '../constants';
 import { type RawRequestWithShims, type RawResponseWithShims } from '../utils';
-import type { JwtAuthzOptions } from './jwt-authz.interface';
 export interface JwtAlsType<U> {
     user?: U;
     jwtVerifiedBy?: JwtValidationType;
     allowAnonymous?: boolean;
     guardResult?: boolean;
-    authOptions: JwtAuthzOptions;
     setCookie: (name: string, value: string, options?: Record<string, any>) => void;
 }
-export declare const createJwtAuthzAlsMiddleware: ([ALS_PROVIDER, JWT_AUTHZ_OPTIONS]: [any, any]) => Type<Omit<{
+export declare const createJwtAuthzAlsMiddleware: ([ALS_PROVIDER]: [any]) => Type<Omit<{
     readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
-    readonly jwtAuthzOptions: JwtAuthzOptions;
     use(req: RawRequestWithShims, res: RawResponseWithShims, next: Function): void;
-}, "als" | "jwtAuthzOptions">>;
+}, "als">>;

package/dist/jwt/jwt-authz-als.middleware.js

@@ -16,11 +16,10 @@ exports.createJwtAuthzAlsMiddleware = void 0;
 const node_async_hooks_1 = require("node:async_hooks");
 const common_1 = require("@nestjs/common");
 const utils_1 = require("../utils");
-const createJwtAuthzAlsMiddleware = ([ALS_PROVIDER, JWT_AUTHZ_OPTIONS]) => {
+const createJwtAuthzAlsMiddleware = ([ALS_PROVIDER]) => {
     let JwtAuthzAlsMiddleware = class JwtAuthzAlsMiddleware {
-        constructor(als, jwtAuthzOptions) {
+        constructor(als) {
             this.als = als;
-            this.jwtAuthzOptions = jwtAuthzOptions;
         }
         use(req, res, next) {
             const store = {
@@ -28,8 +27,6 @@ const createJwtAuthzAlsMiddleware = ([ALS_PROVIDER, JWT_AUTHZ_OPTIONS]) => {
                 jwtVerifiedBy: undefined,
                 allowAnonymous: undefined,
                 guardResult: undefined,
-                // a workaround to pass jwtAuthzOptions to passport strategy.
-                authOptions: this.jwtAuthzOptions,
                 setCookie: (0, utils_1.createSetCookieFn)(req, res)
             };
             this.als.run(store, () => {
@@ -39,8 +36,7 @@ const createJwtAuthzAlsMiddleware = ([ALS_PROVIDER, JWT_AUTHZ_OPTIONS]) => {
     };
     JwtAuthzAlsMiddleware = __decorate([
         __param(0, (0, common_1.Inject)(ALS_PROVIDER)),
-        __param(1, (0, common_1.Inject)(JWT_AUTHZ_OPTIONS)),
-        __metadata("design:paramtypes", [node_async_hooks_1.AsyncLocalStorage, Object])
+        __metadata("design:paramtypes", [node_async_hooks_1.AsyncLocalStorage])
     ], JwtAuthzAlsMiddleware);
     return (0, common_1.mixin)(JwtAuthzAlsMiddleware);
 };

package/dist/jwt/jwt-authz.guard.d.ts

@@ -1,20 +1,15 @@
 import type { AsyncLocalStorage } from 'node:async_hooks';
 import { ExecutionContext, type Type } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
-import type { Observable } from 'rxjs';
 import { AuthzProviderClass } from '../authz.provider';
-import { type AuthzError } from '../errors';
+import { AuthzError } from '../errors';
 import type { JwtAuthzOptions } from './jwt-authz.interface';
 import type { JwtAlsType } from './jwt-authz-als.middleware';
-export declare const createJwtAuthzGuard: ([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER, JWT_META_KEY, JWT_REFRESH_META_KEY]: [string, any, any, any, any, any]) => Type<Omit<{
+export declare const createJwtAuthzGuard: ([AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER, JWT_META_KEY, JWT_REFRESH_META_KEY]: [any, any, any, any, any]) => Type<Omit<{
     readonly reflector: Reflector;
     readonly authzProvider: AuthzProviderClass<unknown, unknown>;
     readonly jwtAuthzOptions: JwtAuthzOptions;
     readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
-    getAuthenticateOptions(): {
-        property: string;
-        session: boolean;
-    };
     /**
      *
      * recives err, user, info from JwtStrategy.validate
@@ -28,21 +23,13 @@ export declare const createJwtAuthzGuard: ([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AU
      */
     handleRequest<T>(_err: unknown, user: T, info?: AuthzError): T;
     canActivate(context: ExecutionContext): Promise<boolean>;
-    logIn<TRequest extends {
-        logIn: Function;
-    } = any>(request: TRequest): Promise<void>;
-    getRequest(context: ExecutionContext): any;
-}, "als" | "jwtAuthzOptions" | "reflector" | "authzProvider">>;
-export declare const createJwtRefreshAuthzGuard: ([JWT_REFRESH_STRATEGY, JWT_AUTHZ_OPTIONS]: [string, any]) => Type<Omit<{
+    validate(req: any): Promise<[any, any?]>;
+}, "als" | "reflector" | "authzProvider" | "jwtAuthzOptions">>;
+export declare const createJwtRefreshAuthzGuard: ([JWT_AUTHZ_OPTIONS, AUTHZ_PROVIDER, ALS_PROVIDER]: [any, any, any]) => Type<Omit<{
     readonly jwtAuthzOptions: JwtAuthzOptions;
-    getAuthenticateOptions(): {
-        property: string;
-        session: boolean;
-    };
+    readonly authzProvider: AuthzProviderClass<unknown, unknown>;
+    readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
     handleRequest<T>(_err: unknown, user: T, info?: AuthzError): T;
-    canActivate(context: ExecutionContext): boolean | Promise<boolean> | Observable<boolean>;
-    logIn<TRequest extends {
-        logIn: Function;
-    } = any>(request: TRequest): Promise<void>;
-    getRequest(context: ExecutionContext): any;
-}, "jwtAuthzOptions">>;
+    canActivate(context: ExecutionContext): Promise<boolean>;
+    validate(req: any): Promise<[any, any?]>;
+}, "als" | "authzProvider" | "jwtAuthzOptions">>;

package/dist/jwt/jwt-authz.guard.js

@@ -11,28 +11,29 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 var __param = (this && this.__param) || function (paramIndex, decorator) {
     return function (target, key) { decorator(target, key, paramIndex); }
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createJwtRefreshAuthzGuard = exports.createJwtAuthzGuard = void 0;
 const common_1 = require("@nestjs/common");
 const core_1 = require("@nestjs/core");
-const passport_1 = require("@nestjs/passport");
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const authz_provider_1 = require("../authz.provider");
+const constants_1 = require("../constants");
 const errors_1 = require("../errors");
 const utils_1 = require("../utils");
-const createJwtAuthzGuard = ([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER, JWT_META_KEY, JWT_REFRESH_META_KEY]) => {
-    let JwtAuthzGuard = class JwtAuthzGuard extends (0, passport_1.AuthGuard)(JWT_STRATEGY) {
+const extract_jwt_1 = require("./extract-jwt");
+const createJwtAuthzGuard = ([AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER, JWT_META_KEY, JWT_REFRESH_META_KEY]) => {
+    let JwtAuthzGuard = class JwtAuthzGuard {
         constructor(reflector, authzProvider, jwtAuthzOptions, als) {
-            super();
             this.reflector = reflector;
             this.authzProvider = authzProvider;
             this.jwtAuthzOptions = jwtAuthzOptions;
             this.als = als;
-        }
-        getAuthenticateOptions() {
-            return {
-                property: this.jwtAuthzOptions.passportProperty,
-                session: false
-            };
+            if (typeof this.authzProvider.authenticate !== 'function') {
+                throw new errors_1.AuthzError(`InternalError: Method 'authenticate' from abstract class 'AuthzProvider' must be implemented.`);
+            }
         }
         /**
          *
@@ -82,7 +83,7 @@ const createJwtAuthzGuard = ([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, A
             store.allowAnonymous = (0, utils_1.getAllowAnonymous)(contextParamsList, {
                 defaultAllowAnonymous: this.jwtAuthzOptions.defaultAllowAnonymous
             });
-            await super.canActivate(context);
+            req[this.jwtAuthzOptions.passportProperty] = this.handleRequest(undefined, ...(await this.validate(req)));
             // will be null if allowAnonymous=true.
             const user = (0, utils_1.getPassportProperty)(req);
             if (store.allowAnonymous && !user) {
@@ -95,6 +96,38 @@ const createJwtAuthzGuard = ([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, A
             }
             return true;
         }
+        async validate(req) {
+            const store = (0, utils_1.getAlsStore)(this.als);
+            const authOptions = this.jwtAuthzOptions;
+            if (!authOptions.jwt.verify) {
+                return [null, new errors_1.AuthzError(`InternalError: Refresh verify options must be implemented.`)];
+            }
+            const extractor = extract_jwt_1.ExtractJwt.fromExtractors(authOptions.jwt.jwtFromRequest);
+            req[constants_1.PASSPORT_PROPERTY] = authOptions.passportProperty;
+            const token = extractor(req);
+            if (!token) {
+                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find token.')];
+            }
+            let user = undefined;
+            try {
+                const payload = jsonwebtoken_1.default.verify(token, authOptions.jwt.secretOrPublicKey, authOptions.jwt.verify);
+                user = await this.authzProvider.authenticate(payload, req);
+            }
+            catch (error) {
+                return [
+                    null,
+                    error instanceof Error
+                        ? new errors_1.AuthzVerificationError(`${error.name}: ${error.message}`, error)
+                        : new errors_1.AuthzVerificationError(`${error}`)
+                ];
+            }
+            store.user = user;
+            store.jwtVerifiedBy = constants_1.JwtValidationType.JWT;
+            if (!user) {
+                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find user.')];
+            }
+            return [user];
+        }
     };
     JwtAuthzGuard = __decorate([
         __param(1, (0, common_1.Inject)(AUTHZ_PROVIDER)),
@@ -106,17 +139,15 @@ const createJwtAuthzGuard = ([JWT_STRATEGY, AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, A
     return (0, common_1.mixin)(JwtAuthzGuard);
 };
 exports.createJwtAuthzGuard = createJwtAuthzGuard;
-const createJwtRefreshAuthzGuard = ([JWT_REFRESH_STRATEGY, JWT_AUTHZ_OPTIONS]) => {
-    let JwtRefreshAuthzGuard = class JwtRefreshAuthzGuard extends (0, passport_1.AuthGuard)(JWT_REFRESH_STRATEGY) {
-        constructor(jwtAuthzOptions) {
-            super();
+const createJwtRefreshAuthzGuard = ([JWT_AUTHZ_OPTIONS, AUTHZ_PROVIDER, ALS_PROVIDER]) => {
+    let JwtRefreshAuthzGuard = class JwtRefreshAuthzGuard {
+        constructor(jwtAuthzOptions, authzProvider, als) {
             this.jwtAuthzOptions = jwtAuthzOptions;
-        }
-        getAuthenticateOptions() {
-            return {
-                property: this.jwtAuthzOptions.passportProperty,
-                session: false
-            };
+            this.authzProvider = authzProvider;
+            this.als = als;
+            if (typeof this.authzProvider.authenticate !== 'function') {
+                throw new errors_1.AuthzError(`InternalError: Method 'authenticate' from abstract class 'AuthzProvider' must be implemented.`);
+            }
         }
         handleRequest(_err, user, info) {
             if (info) {
@@ -124,10 +155,50 @@ const createJwtRefreshAuthzGuard = ([JWT_REFRESH_STRATEGY, JWT_AUTHZ_OPTIONS]) =
             }
             return user;
         }
+        async canActivate(context) {
+            const req = context.switchToHttp().getRequest();
+            req[this.jwtAuthzOptions.passportProperty] = this.handleRequest(undefined, ...(await this.validate(req)));
+            return true;
+        }
+        async validate(req) {
+            const store = (0, utils_1.getAlsStore)(this.als);
+            const authOptions = this.jwtAuthzOptions;
+            if (!authOptions.refresh.verify) {
+                return [null, new errors_1.AuthzError(`InternalError: Refresh verify options must be implemented.`)];
+            }
+            const extractor = extract_jwt_1.ExtractJwt.fromExtractors(authOptions.refresh.jwtFromRequest);
+            req[constants_1.PASSPORT_PROPERTY] = authOptions.passportProperty;
+            const token = extractor(req);
+            if (!token) {
+                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find token.')];
+            }
+            let user = undefined;
+            try {
+                const payload = jsonwebtoken_1.default.verify(token, authOptions.refresh.secretOrPublicKey, authOptions.refresh.verify);
+                const decodePayload = (0, utils_1.decodeMsgpackrString)(payload.data);
+                user = await this.authzProvider.authenticate(decodePayload, req);
+            }
+            catch (error) {
+                return [
+                    null,
+                    error instanceof Error
+                        ? new errors_1.AuthzVerificationError(`${error.name}: ${error.message}`, error)
+                        : new errors_1.AuthzVerificationError(`${error}`)
+                ];
+            }
+            store.user = user;
+            store.jwtVerifiedBy = constants_1.JwtValidationType.REFRESH;
+            if (!user) {
+                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find user.')];
+            }
+            return [user];
+        }
     };
     JwtRefreshAuthzGuard = __decorate([
         __param(0, (0, common_1.Inject)(JWT_AUTHZ_OPTIONS)),
-        __metadata("design:paramtypes", [Object])
+        __param(1, (0, common_1.Inject)(AUTHZ_PROVIDER)),
+        __param(2, (0, common_1.Inject)(ALS_PROVIDER)),
+        __metadata("design:paramtypes", [Object, authz_provider_1.AuthzProviderClass, Function])
     ], JwtRefreshAuthzGuard);
     return (0, common_1.mixin)(JwtRefreshAuthzGuard);
 };

package/dist/jwt/jwt-authz.module.d.ts

@@ -97,17 +97,10 @@ export declare const createJwtAuthzModule: <P, U, T extends AuthzProviderClass<P
         readonly authzProvider: AuthzProviderClass<unknown, unknown>;
         readonly jwtAuthzOptions: JwtAuthzOptions;
         readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
-        getAuthenticateOptions(): {
-            property: string;
-            session: boolean;
-        };
         handleRequest<T_1>(_err: unknown, user: T_1, info?: AuthzError): T_1;
         canActivate(context: ExecutionContext): Promise<boolean>;
-        logIn<TRequest extends {
-            logIn: Function;
-        } = any>(request: TRequest): Promise<void>;
-        getRequest(context: ExecutionContext): any;
-    }, "als" | "jwtAuthzOptions" | "reflector" | "authzProvider">> & {
+        validate(req: any): Promise<[any, any?]>;
+    }, "als" | "reflector" | "authzProvider" | "jwtAuthzOptions">> & {
         /**
          * Verifies the user's authorization for specific meta data.
          *
@@ -199,6 +192,6 @@ export declare const createJwtAuthzModule: <P, U, T extends AuthzProviderClass<P
         } | undefined>;
         setCookie(name: string, value: string, options?: Record<string, any> | undefined): void;
         getUser(): DeepReadonly<U> | undefined;
-    }, "als" | "jwtAuthzOptions" | "authzProvider">>;
+    }, "als" | "authzProvider" | "jwtAuthzOptions">>;
 };
 export {};

package/dist/jwt/jwt-authz.module.js

@@ -22,7 +22,6 @@ const utils_1 = require("../utils");
 const jwt_authz_guard_1 = require("./jwt-authz.guard");
 const jwt_authz_interface_1 = require("./jwt-authz.interface");
 const jwt_authz_service_1 = require("./jwt-authz.service");
-const jwt_authz_strategy_1 = require("./jwt-authz.strategy");
 const jwt_authz_als_middleware_1 = require("./jwt-authz-als.middleware");
 const store = {
     globalInited: 0
@@ -77,9 +76,6 @@ const { ConfigurableModuleClass, MODULE_OPTIONS_TOKEN, ASYNC_OPTIONS_TYPE, OPTIO
 const createJwtAuthzModule = (authzProvider) => {
     // prevent token overriding
     const id = `${constants_1.PREFIX}${(0, uid_1.uid)()}`;
-    // strategy tokens
-    const JWT_STRATEGY = `${id}_JWT_STRATEGY`;
-    const JWT_REFRESH_STRATEGY = `${id}_REFRESH_STRATEGY`;
     // provider tokens
     const AUTHZ_PROVIDER = `${id}_AUTHZ_PROVIDER`;
     const ALS_PROVIDER = `${id}_ALS_PROVIDER`;
@@ -89,20 +85,11 @@ const createJwtAuthzModule = (authzProvider) => {
     const JWT_REFRESH_META_KEY = `${id}_REFRESH_META_KEY`;
     // providers
     const JwtAuthzService = (0, jwt_authz_service_1.createJwtAuthzService)([AUTHZ_PROVIDER, JWT_AUTHZ_OPTIONS, ALS_PROVIDER]);
-    const JwtAuthzAlsMiddleware = (0, jwt_authz_als_middleware_1.createJwtAuthzAlsMiddleware)([ALS_PROVIDER, JWT_AUTHZ_OPTIONS]);
+    const JwtAuthzAlsMiddleware = (0, jwt_authz_als_middleware_1.createJwtAuthzAlsMiddleware)([ALS_PROVIDER]);
     const als = new node_async_hooks_1.AsyncLocalStorage();
-    // strategy
-    const JwtStrategy = (0, jwt_authz_strategy_1.createJwtStrategy)([JWT_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]);
-    const RefreshStrategy = (0, jwt_authz_strategy_1.createRefreshStrategy)([JWT_REFRESH_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]);
-    // each strategy can be only registered once in passport.
-    // no need to provide multiple times as
-    //  1. they use the same ALS and authzProvider instance.
-    //  2. guard use strategy through passport via strategy name.
-    let isStrategyInited = false;
     // guards
-    const RefreshAuthzGuard = (0, jwt_authz_guard_1.createJwtRefreshAuthzGuard)([JWT_REFRESH_STRATEGY, JWT_AUTHZ_OPTIONS]);
+    const RefreshAuthzGuard = (0, jwt_authz_guard_1.createJwtRefreshAuthzGuard)([JWT_AUTHZ_OPTIONS, AUTHZ_PROVIDER, ALS_PROVIDER]);
     const JwtAuthzGuard = (0, jwt_authz_guard_1.createJwtAuthzGuard)([
-        JWT_STRATEGY,
         AUTHZ_PROVIDER,
         JWT_AUTHZ_OPTIONS,
         ALS_PROVIDER,
@@ -136,12 +123,10 @@ const createJwtAuthzModule = (authzProvider) => {
                     provide: ALS_PROVIDER,
                     useValue: als
                 },
-                ...(!isStrategyInited ? [JwtStrategy, RefreshStrategy] : []),
                 JwtAuthzService
             ],
             exports: [AUTHZ_PROVIDER, ALS_PROVIDER, JWT_AUTHZ_OPTIONS, JwtAuthzService]
         };
-        isStrategyInited = true;
         return configs;
     };
     let JwtAuthzModule = class JwtAuthzModule extends ConfigurableModuleClass {

package/dist/jwt/jwt-authz.service.d.ts

@@ -41,4 +41,4 @@ export declare const createJwtAuthzService: <P = unknown, U = unknown>([AUTHZ_PR
      * Retrieves the current user associated with the request, if available.
      */
     getUser(): DeepReadonly<U> | undefined;
-}, "als" | "jwtAuthzOptions" | "authzProvider">>;
+}, "als" | "authzProvider" | "jwtAuthzOptions">>;

package/dist/session/session-authz-als.middleware.d.ts

@@ -6,7 +6,6 @@ export interface SessionAlsType<P, U> {
     user?: U;
     allowAnonymous?: boolean;
     guardResult?: boolean;
-    authOptions: SessionAuthzOptions;
     logIn: (user: P) => Promise<void>;
     logOut: () => Promise<void>;
     setCookie: (name: string, value: string, options?: Record<string, any>) => void;

package/dist/session/session-authz-als.middleware.js

@@ -29,7 +29,6 @@ const createSessionAuthzAlsMiddleware = ([ALS_PROVIDER, SESSION_AUTHZ_OPTIONS])
                 user: undefined,
                 allowAnonymous: undefined,
                 guardResult: undefined,
-                authOptions: this.sessionAuthzOptions,
                 // ref: https://github.com/jaredhanson/passport/blob/217018dbc46dcd4118dd6f2c60c8d97010c587f8/lib/sessionmanager.js#L14
                 logIn: async (user) => {
                     const prevSession = req.shims.getAllSession();

package/dist/session/session-authz.guard.d.ts

@@ -5,15 +5,11 @@ import { AuthzProviderClass } from '../authz.provider';
 import { AuthzError } from '../errors';
 import type { SessionAuthzOptions } from './session-authz.interface';
 import type { SessionAlsType } from './session-authz-als.middleware';
-export declare const createSessionAuthzGuard: ([SESSION_STRATEGY, AUTHZ_PROVIDER, SESSION_AUTHZ_OPTIONS, ALS_PROVIDER, SESSION_META_KEY]: [string, any, any, any, any]) => Type<Omit<{
+export declare const createSessionAuthzGuard: ([AUTHZ_PROVIDER, SESSION_AUTHZ_OPTIONS, ALS_PROVIDER, SESSION_META_KEY]: [any, any, any, any]) => Type<Omit<{
     readonly reflector: Reflector;
     readonly authzProvider: AuthzProviderClass<unknown, unknown>;
     readonly sessionAuthzOptions: SessionAuthzOptions;
     readonly als: AsyncLocalStorage<SessionAlsType<unknown, unknown>>;
-    getAuthenticateOptions(): {
-        property: string;
-        session: boolean;
-    };
     /**
      *
      * recives err, user, info from JwtStrategy.validate
@@ -27,8 +23,5 @@ export declare const createSessionAuthzGuard: ([SESSION_STRATEGY, AUTHZ_PROVIDER
      */
     handleRequest<T>(_err: unknown, user: T, info?: AuthzError): T;
     canActivate(context: ExecutionContext): Promise<boolean>;
-    logIn<TRequest extends {
-        logIn: Function;
-    } = any>(request: TRequest): Promise<void>;
-    getRequest(context: ExecutionContext): any;
+    validate(req: any): Promise<[any, any?]>;
 }, "als" | "reflector" | "authzProvider" | "sessionAuthzOptions">>;

package/dist/session/session-authz.guard.js

@@ -15,24 +15,20 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createSessionAuthzGuard = void 0;
 const common_1 = require("@nestjs/common");
 const core_1 = require("@nestjs/core");
-const passport_1 = require("@nestjs/passport");
 const authz_provider_1 = require("../authz.provider");
+const constants_1 = require("../constants");
 const errors_1 = require("../errors");
 const utils_1 = require("../utils");
-const createSessionAuthzGuard = ([SESSION_STRATEGY, AUTHZ_PROVIDER, SESSION_AUTHZ_OPTIONS, ALS_PROVIDER, SESSION_META_KEY]) => {
-    let SessionAuthzGuard = class SessionAuthzGuard extends (0, passport_1.AuthGuard)(SESSION_STRATEGY) {
+const createSessionAuthzGuard = ([AUTHZ_PROVIDER, SESSION_AUTHZ_OPTIONS, ALS_PROVIDER, SESSION_META_KEY]) => {
+    let SessionAuthzGuard = class SessionAuthzGuard {
         constructor(reflector, authzProvider, sessionAuthzOptions, als) {
-            super();
             this.reflector = reflector;
             this.authzProvider = authzProvider;
             this.sessionAuthzOptions = sessionAuthzOptions;
             this.als = als;
-        }
-        getAuthenticateOptions() {
-            return {
-                property: this.sessionAuthzOptions.passportProperty,
-                session: false
-            };
+            if (typeof this.authzProvider.authenticate !== 'function') {
+                throw new errors_1.AuthzError(`InternalError: Method 'authenticate' from abstract class 'AuthzProvider' must be implemented.`);
+            }
         }
         /**
          *
@@ -76,7 +72,7 @@ const createSessionAuthzGuard = ([SESSION_STRATEGY, AUTHZ_PROVIDER, SESSION_AUTH
             store.allowAnonymous = (0, utils_1.getAllowAnonymous)(contextParamsList, {
                 defaultAllowAnonymous: this.sessionAuthzOptions.defaultAllowAnonymous
             });
-            await super.canActivate(context);
+            req[this.sessionAuthzOptions.passportProperty] = this.handleRequest(undefined, ...(await this.validate(req)));
             // will be null if allowAnonymous=true.
             const user = (0, utils_1.getPassportProperty)(req);
             if (store.allowAnonymous && !user) {
@@ -89,6 +85,32 @@ const createSessionAuthzGuard = ([SESSION_STRATEGY, AUTHZ_PROVIDER, SESSION_AUTH
             }
             return true;
         }
+        async validate(req) {
+            const store = (0, utils_1.getAlsStore)(this.als);
+            const authOptions = this.sessionAuthzOptions;
+            req[constants_1.PASSPORT_PROPERTY] = authOptions.passportProperty;
+            const payload = req?.session?.[constants_1.SESSION_PASSPORT_KEY]?.user;
+            if (!payload) {
+                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find session.')];
+            }
+            let user = undefined;
+            try {
+                user = await this.authzProvider.authenticate(payload, req);
+            }
+            catch (error) {
+                return [
+                    null,
+                    error instanceof Error
+                        ? new errors_1.AuthzVerificationError(`${error.name}: ${error.message}`, error)
+                        : new errors_1.AuthzVerificationError(`${error}`)
+                ];
+            }
+            store.user = user;
+            if (!user) {
+                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find user.')];
+            }
+            return [user];
+        }
     };
     SessionAuthzGuard = __decorate([
         __param(1, (0, common_1.Inject)(AUTHZ_PROVIDER)),

package/dist/session/session-authz.module.d.ts

@@ -93,16 +93,9 @@ export declare const cereateSessionAuthzModule: <P, U, T extends AuthzProviderCl
         readonly authzProvider: AuthzProviderClass<unknown, unknown>;
         readonly sessionAuthzOptions: SessionAuthzOptions;
         readonly als: AsyncLocalStorage<SessionAlsType<unknown, unknown>>;
-        getAuthenticateOptions(): {
-            property: string;
-            session: boolean;
-        };
         handleRequest<T_1>(_err: unknown, user: T_1, info?: AuthzError): T_1;
         canActivate(context: ExecutionContext): Promise<boolean>;
-        logIn<TRequest extends {
-            logIn: Function;
-        } = any>(request: TRequest): Promise<void>;
-        getRequest(context: ExecutionContext): any;
+        validate(req: any): Promise<[any, any?]>;
     }, "als" | "reflector" | "authzProvider" | "sessionAuthzOptions">> & {
         /**
          * Verifies the user's authorization for specific meta data.

package/dist/session/session-authz.module.js

@@ -22,7 +22,6 @@ const utils_1 = require("../utils");
 const session_authz_guard_1 = require("./session-authz.guard");
 const session_authz_interface_1 = require("./session-authz.interface");
 const session_authz_service_1 = require("./session-authz.service");
-const session_authz_strategy_1 = require("./session-authz.strategy");
 const session_authz_als_middleware_1 = require("./session-authz-als.middleware");
 const store = {
     globalInited: 0
@@ -76,28 +75,18 @@ const { ConfigurableModuleClass, MODULE_OPTIONS_TOKEN, ASYNC_OPTIONS_TYPE, OPTIO
  */
 const cereateSessionAuthzModule = (authzProvider) => {
     const id = `${constants_1.PREFIX}${(0, uid_1.uid)()}`;
-    // strategy tokens
-    const SESSION_STRATEGY = `${id}_SESSION_STRATEGY`;
     // provider tokens
     const AUTHZ_PROVIDER = `${id}_AUTHZ_PROVIDER`;
     const ALS_PROVIDER = `${id}_ALS_PROVIDER`;
     const SESSION_AUTHZ_OPTIONS = `${id}_SESSION_AUTHZ_OPTIONS`;
     // meta keys
     const SESSION_META_KEY = `${id}_SESSION_META_KEY`;
-    // strategies
-    const SessionAuthzStrategy = (0, session_authz_strategy_1.createSessionAuthzStrategy)([SESSION_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]);
     // providers
     const SessionAuthzService = (0, session_authz_service_1.createSessionAuthzService)([AUTHZ_PROVIDER, ALS_PROVIDER]);
     const SessionAuthzAlsMiddleware = (0, session_authz_als_middleware_1.createSessionAuthzAlsMiddleware)([ALS_PROVIDER, SESSION_AUTHZ_OPTIONS]);
     const als = new node_async_hooks_1.AsyncLocalStorage();
-    // each strategy can be only registered once in passport.
-    // no need to provide multiple times as
-    //  1. they use the same ALS and authzProvider instance.
-    //  2. guard use strategy through passport via strategy name.
-    let isStrategyInited = false;
     // guards
     const SessionAuthzGuard = (0, session_authz_guard_1.createSessionAuthzGuard)([
-        SESSION_STRATEGY,
         AUTHZ_PROVIDER,
         SESSION_AUTHZ_OPTIONS,
         ALS_PROVIDER,
@@ -126,12 +115,10 @@ const cereateSessionAuthzModule = (authzProvider) => {
                     provide: ALS_PROVIDER,
                     useValue: als
                 },
-                ...(!isStrategyInited ? [SessionAuthzStrategy] : []),
                 SessionAuthzService
             ],
             exports: [AUTHZ_PROVIDER, ALS_PROVIDER, SESSION_AUTHZ_OPTIONS, SessionAuthzService]
         };
-        isStrategyInited = true;
         return configs;
     };
     let SessionAuthzModule = class SessionAuthzModule extends ConfigurableModuleClass {

package/package.json

@@ -2,7 +2,7 @@
   "name": "@nestjs-kitchen/authz",
   "private": false,
   "description": "Simplest authentication & authorization module in NextJS",
-  "version": "3.1.0",
+  "version": "4.0.0",
   "homepage": "https://github.com/yikenman/nestjs-kitchen",
   "repository": "https://github.com/yikenman/nestjs-kitchen",
   "author": "yikenman",
@@ -22,7 +22,6 @@
     "cookie-parser": "^1.4.7",
     "jsonwebtoken": "^9.0.2",
     "msgpackr": "^1.11.2",
-    "passport-custom": "^1.1.1",
     "uid": "^2.0.2"
   },
   "devDependencies": {
@@ -38,7 +37,6 @@
     "@types/jest": "^30.0.0",
     "@types/jsonwebtoken": "^9.0.9",
     "@types/node": "^22.13.9",
-    "@types/passport": "^1.0.17",
     "@types/supertest": "^6.0.2",
     "express-session": "^1.18.2",
     "fastify": "^5.5.0",
@@ -65,8 +63,6 @@
     "JWT",
     "NextJS",
     "NodeJS",
-    "passport",
-    "Passport",
     "Session"
   ],
   "optionalDependencies": {
@@ -81,8 +77,6 @@
   "peerDependencies": {
     "@nestjs/common": "^11.0.0",
     "@nestjs/core": "^11.0.0",
-    "@nestjs/passport": "^11.0.0",
-    "passport": "^0.7.0",
     "reflect-metadata": "^0.2.2",
     "rxjs": "^7.8.2"
   },

package/dist/jwt/jwt-authz.strategy.d.ts

@@ -1,16 +0,0 @@
-import { AsyncLocalStorage } from 'node:async_hooks';
-import { type Type } from '@nestjs/common';
-import { AuthzProviderClass } from '../authz.provider';
-import type { JwtAlsType } from './jwt-authz-als.middleware';
-export declare const createJwtStrategy: ([JWT_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]: [string, any, any]) => Type<Omit<{
-    readonly authzProvider: AuthzProviderClass<unknown, unknown>;
-    readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
-    validate(req: any): Promise<{}>;
-    authenticate(req: import("express").Request, options?: any): any;
-}, "als" | "authzProvider">>;
-export declare const createRefreshStrategy: ([JWT_REFRESH_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]: [string, any, any]) => Type<Omit<{
-    readonly authzProvider: AuthzProviderClass<unknown, unknown>;
-    readonly als: AsyncLocalStorage<JwtAlsType<unknown>>;
-    validate(req: any): Promise<{}>;
-    authenticate(req: import("express").Request, options?: any): any;
-}, "als" | "authzProvider">>;

package/dist/jwt/jwt-authz.strategy.js

@@ -1,134 +0,0 @@
-"use strict";
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-var __metadata = (this && this.__metadata) || function (k, v) {
-    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
-};
-var __param = (this && this.__param) || function (paramIndex, decorator) {
-    return function (target, key) { decorator(target, key, paramIndex); }
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createRefreshStrategy = exports.createJwtStrategy = void 0;
-const node_async_hooks_1 = require("node:async_hooks");
-const common_1 = require("@nestjs/common");
-const passport_1 = require("@nestjs/passport");
-const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
-const passport_custom_1 = require("passport-custom");
-const authz_provider_1 = require("../authz.provider");
-const constants_1 = require("../constants");
-const errors_1 = require("../errors");
-const utils_1 = require("../utils");
-const extract_jwt_1 = require("./extract-jwt");
-const createJwtStrategy = ([JWT_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]) => {
-    let JwtStrategy = class JwtStrategy extends (0, passport_1.PassportStrategy)(passport_custom_1.Strategy, JWT_STRATEGY) {
-        constructor(authzProvider, als) {
-            super();
-            this.authzProvider = authzProvider;
-            this.als = als;
-            if (typeof this.authzProvider.authenticate !== 'function') {
-                throw new errors_1.AuthzError(`InternalError: Method 'authenticate' from abstract class 'AuthzProvider' must be implemented.`);
-            }
-        }
-        async validate(req) {
-            const store = (0, utils_1.getAlsStore)(this.als);
-            const authOptions = store.authOptions;
-            if (!authOptions.jwt.verify) {
-                return [null, new errors_1.AuthzError(`InternalError: Refresh verify options must be implemented.`)];
-            }
-            const extractor = extract_jwt_1.ExtractJwt.fromExtractors(authOptions.jwt.jwtFromRequest);
-            req[constants_1.PASSPORT_PROPERTY] = authOptions.passportProperty;
-            const token = extractor(req);
-            if (!token) {
-                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find token.')];
-            }
-            let user = undefined;
-            try {
-                const payload = jsonwebtoken_1.default.verify(token, authOptions.jwt.secretOrPublicKey, authOptions.jwt.verify);
-                user = await this.authzProvider.authenticate(payload, req);
-            }
-            catch (error) {
-                return [
-                    null,
-                    error instanceof Error
-                        ? new errors_1.AuthzVerificationError(`${error.name}: ${error.message}`, error)
-                        : new errors_1.AuthzVerificationError(`${error}`)
-                ];
-            }
-            store.user = user;
-            store.jwtVerifiedBy = constants_1.JwtValidationType.JWT;
-            if (!user) {
-                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find user.')];
-            }
-            return user;
-        }
-    };
-    JwtStrategy = __decorate([
-        __param(0, (0, common_1.Inject)(AUTHZ_PROVIDER)),
-        __param(1, (0, common_1.Inject)(ALS_PROVIDER)),
-        __metadata("design:paramtypes", [authz_provider_1.AuthzProviderClass,
-            node_async_hooks_1.AsyncLocalStorage])
-    ], JwtStrategy);
-    return (0, common_1.mixin)(JwtStrategy);
-};
-exports.createJwtStrategy = createJwtStrategy;
-const createRefreshStrategy = ([JWT_REFRESH_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]) => {
-    let RefreshStrategy = class RefreshStrategy extends (0, passport_1.PassportStrategy)(passport_custom_1.Strategy, JWT_REFRESH_STRATEGY) {
-        constructor(authzProvider, als) {
-            super();
-            this.authzProvider = authzProvider;
-            this.als = als;
-            if (typeof this.authzProvider.authenticate !== 'function') {
-                throw new errors_1.AuthzError(`InternalError: Method 'authenticate' from abstract class 'AuthzProvider' must be implemented.`);
-            }
-        }
-        async validate(req) {
-            const store = (0, utils_1.getAlsStore)(this.als);
-            const authOptions = store.authOptions;
-            if (!authOptions.refresh.verify) {
-                return [null, new errors_1.AuthzError(`InternalError: Refresh verify options must be implemented.`)];
-            }
-            const extractor = extract_jwt_1.ExtractJwt.fromExtractors(authOptions.refresh.jwtFromRequest);
-            req[constants_1.PASSPORT_PROPERTY] = authOptions.passportProperty;
-            const token = extractor(req);
-            if (!token) {
-                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find token.')];
-            }
-            let user = undefined;
-            try {
-                const payload = jsonwebtoken_1.default.verify(token, authOptions.refresh.secretOrPublicKey, authOptions.refresh.verify);
-                const decodePayload = (0, utils_1.decodeMsgpackrString)(payload.data);
-                user = await this.authzProvider.authenticate(decodePayload, req);
-            }
-            catch (error) {
-                return [
-                    null,
-                    error instanceof Error
-                        ? new errors_1.AuthzVerificationError(`${error.name}: ${error.message}`, error)
-                        : new errors_1.AuthzVerificationError(`${error}`)
-                ];
-            }
-            store.user = user;
-            store.jwtVerifiedBy = constants_1.JwtValidationType.REFRESH;
-            if (!user) {
-                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find user.')];
-            }
-            return user;
-        }
-    };
-    RefreshStrategy = __decorate([
-        (0, common_1.Injectable)(),
-        __param(0, (0, common_1.Inject)(AUTHZ_PROVIDER)),
-        __param(1, (0, common_1.Inject)(ALS_PROVIDER)),
-        __metadata("design:paramtypes", [authz_provider_1.AuthzProviderClass,
-            node_async_hooks_1.AsyncLocalStorage])
-    ], RefreshStrategy);
-    return (0, common_1.mixin)(RefreshStrategy);
-};
-exports.createRefreshStrategy = createRefreshStrategy;

package/dist/session/session-authz.strategy.d.ts

@@ -1,10 +0,0 @@
-import { AsyncLocalStorage } from 'node:async_hooks';
-import { type Type } from '@nestjs/common';
-import { AuthzProviderClass } from '../authz.provider';
-import type { SessionAlsType } from './session-authz-als.middleware';
-export declare const createSessionAuthzStrategy: ([SESSION_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]: [string, any, any]) => Type<Omit<{
-    readonly authzProvider: AuthzProviderClass<unknown, unknown>;
-    readonly als: AsyncLocalStorage<SessionAlsType<unknown, unknown>>;
-    validate(req: any): Promise<{}>;
-    authenticate(req: import("express").Request, options?: any): any;
-}, "als" | "authzProvider">>;

package/dist/session/session-authz.strategy.js

@@ -1,70 +0,0 @@
-"use strict";
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-var __metadata = (this && this.__metadata) || function (k, v) {
-    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
-};
-var __param = (this && this.__param) || function (paramIndex, decorator) {
-    return function (target, key) { decorator(target, key, paramIndex); }
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createSessionAuthzStrategy = void 0;
-const node_async_hooks_1 = require("node:async_hooks");
-const common_1 = require("@nestjs/common");
-const passport_1 = require("@nestjs/passport");
-const passport_custom_1 = require("passport-custom");
-const authz_provider_1 = require("../authz.provider");
-const constants_1 = require("../constants");
-const errors_1 = require("../errors");
-const utils_1 = require("../utils");
-const createSessionAuthzStrategy = ([SESSION_STRATEGY, AUTHZ_PROVIDER, ALS_PROVIDER]) => {
-    let SessionAuthzStrategy = class SessionAuthzStrategy extends (0, passport_1.PassportStrategy)(passport_custom_1.Strategy, SESSION_STRATEGY) {
-        constructor(authzProvider, als) {
-            super();
-            this.authzProvider = authzProvider;
-            this.als = als;
-            if (typeof this.authzProvider.authenticate !== 'function') {
-                throw new errors_1.AuthzError(`InternalError: Method 'authenticate' from abstract class 'AuthzProvider' must be implemented.`);
-            }
-        }
-        async validate(req) {
-            const store = (0, utils_1.getAlsStore)(this.als);
-            const authOptions = store.authOptions;
-            // @ts-ignore
-            req[constants_1.PASSPORT_PROPERTY] = authOptions.passportProperty;
-            const payload = req?.session?.[constants_1.SESSION_PASSPORT_KEY]?.user;
-            if (!payload) {
-                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find session.')];
-            }
-            let user = undefined;
-            try {
-                user = await this.authzProvider.authenticate(payload, req);
-            }
-            catch (error) {
-                return [
-                    null,
-                    error instanceof Error
-                        ? new errors_1.AuthzVerificationError(`${error.name}: ${error.message}`, error)
-                        : new errors_1.AuthzVerificationError(`${error}`)
-                ];
-            }
-            store.user = user;
-            if (!user) {
-                return [null, new errors_1.AuthzAnonymousError('AnonymousError: Cannnot find user.')];
-            }
-            return user;
-        }
-    };
-    SessionAuthzStrategy = __decorate([
-        __param(0, (0, common_1.Inject)(AUTHZ_PROVIDER)),
-        __param(1, (0, common_1.Inject)(ALS_PROVIDER)),
-        __metadata("design:paramtypes", [authz_provider_1.AuthzProviderClass,
-            node_async_hooks_1.AsyncLocalStorage])
-    ], SessionAuthzStrategy);
-    return (0, common_1.mixin)(SessionAuthzStrategy);
-};
-exports.createSessionAuthzStrategy = createSessionAuthzStrategy;