@overlordai/server 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/database/migrations/001-init-schema.sql +226 -0
- package/database/migrations/002-add-indexes.sql +17 -0
- package/database/migrations/003-add-settings-table.sql +4 -0
- package/database/migrations/004-add-developer-id-index.sql +5 -0
- package/dist/adapters/adapter.interface.d.ts +41 -0
- package/dist/adapters/adapter.interface.d.ts.map +1 -0
- package/dist/adapters/adapter.interface.js +6 -0
- package/dist/adapters/adapter.interface.js.map +1 -0
- package/dist/adapters/adapter.module.d.ts +3 -0
- package/dist/adapters/adapter.module.d.ts.map +1 -0
- package/dist/adapters/adapter.module.js +54 -0
- package/dist/adapters/adapter.module.js.map +1 -0
- package/dist/adapters/adapter.registry.d.ts +19 -0
- package/dist/adapters/adapter.registry.d.ts.map +1 -0
- package/dist/adapters/adapter.registry.js +51 -0
- package/dist/adapters/adapter.registry.js.map +1 -0
- package/dist/adapters/lark/lark-card.builder.d.ts +48 -0
- package/dist/adapters/lark/lark-card.builder.d.ts.map +1 -0
- package/dist/adapters/lark/lark-card.builder.js +259 -0
- package/dist/adapters/lark/lark-card.builder.js.map +1 -0
- package/dist/adapters/lark/lark-message.parser.d.ts +51 -0
- package/dist/adapters/lark/lark-message.parser.d.ts.map +1 -0
- package/dist/adapters/lark/lark-message.parser.js +189 -0
- package/dist/adapters/lark/lark-message.parser.js.map +1 -0
- package/dist/adapters/lark/lark-signature.d.ts +13 -0
- package/dist/adapters/lark/lark-signature.d.ts.map +1 -0
- package/dist/adapters/lark/lark-signature.js +58 -0
- package/dist/adapters/lark/lark-signature.js.map +1 -0
- package/dist/adapters/lark/lark.adapter.d.ts +65 -0
- package/dist/adapters/lark/lark.adapter.d.ts.map +1 -0
- package/dist/adapters/lark/lark.adapter.js +565 -0
- package/dist/adapters/lark/lark.adapter.js.map +1 -0
- package/dist/adapters/lark/lark.controller.d.ts +21 -0
- package/dist/adapters/lark/lark.controller.d.ts.map +1 -0
- package/dist/adapters/lark/lark.controller.js +120 -0
- package/dist/adapters/lark/lark.controller.js.map +1 -0
- package/dist/adapters/slack/slack.adapter.d.ts +19 -0
- package/dist/adapters/slack/slack.adapter.d.ts.map +1 -0
- package/dist/adapters/slack/slack.adapter.js +42 -0
- package/dist/adapters/slack/slack.adapter.js.map +1 -0
- package/dist/app.module.d.ts +5 -0
- package/dist/app.module.d.ts.map +1 -0
- package/dist/app.module.js +48 -0
- package/dist/app.module.js.map +1 -0
- package/dist/auth/auth.controller.d.ts +15 -0
- package/dist/auth/auth.controller.d.ts.map +1 -0
- package/dist/auth/auth.controller.js +67 -0
- package/dist/auth/auth.controller.js.map +1 -0
- package/dist/auth/auth.module.d.ts +3 -0
- package/dist/auth/auth.module.d.ts.map +1 -0
- package/dist/auth/auth.module.js +46 -0
- package/dist/auth/auth.module.js.map +1 -0
- package/dist/auth/auth.service.d.ts +62 -0
- package/dist/auth/auth.service.d.ts.map +1 -0
- package/dist/auth/auth.service.js +307 -0
- package/dist/auth/auth.service.js.map +1 -0
- package/dist/auth/decorators/allow-totp-setup.decorator.d.ts +3 -0
- package/dist/auth/decorators/allow-totp-setup.decorator.d.ts.map +1 -0
- package/dist/auth/decorators/allow-totp-setup.decorator.js +8 -0
- package/dist/auth/decorators/allow-totp-setup.decorator.js.map +1 -0
- package/dist/auth/decorators/project-roles.decorator.d.ts +4 -0
- package/dist/auth/decorators/project-roles.decorator.d.ts.map +1 -0
- package/dist/auth/decorators/project-roles.decorator.js +8 -0
- package/dist/auth/decorators/project-roles.decorator.js.map +1 -0
- package/dist/auth/decorators/roles.decorator.d.ts +4 -0
- package/dist/auth/decorators/roles.decorator.d.ts.map +1 -0
- package/dist/auth/decorators/roles.decorator.js +8 -0
- package/dist/auth/decorators/roles.decorator.js.map +1 -0
- package/dist/auth/extract-user.middleware.d.ts +21 -0
- package/dist/auth/extract-user.middleware.d.ts.map +1 -0
- package/dist/auth/extract-user.middleware.js +57 -0
- package/dist/auth/extract-user.middleware.js.map +1 -0
- package/dist/auth/guards/jwt-auth.guard.d.ts +14 -0
- package/dist/auth/guards/jwt-auth.guard.d.ts.map +1 -0
- package/dist/auth/guards/jwt-auth.guard.js +139 -0
- package/dist/auth/guards/jwt-auth.guard.js.map +1 -0
- package/dist/auth/guards/project-role.guard.d.ts +10 -0
- package/dist/auth/guards/project-role.guard.d.ts.map +1 -0
- package/dist/auth/guards/project-role.guard.js +72 -0
- package/dist/auth/guards/project-role.guard.js.map +1 -0
- package/dist/auth/guards/roles.guard.d.ts +8 -0
- package/dist/auth/guards/roles.guard.d.ts.map +1 -0
- package/dist/auth/guards/roles.guard.js +56 -0
- package/dist/auth/guards/roles.guard.js.map +1 -0
- package/dist/auth/jwt.strategy.d.ts +23 -0
- package/dist/auth/jwt.strategy.d.ts.map +1 -0
- package/dist/auth/jwt.strategy.js +49 -0
- package/dist/auth/jwt.strategy.js.map +1 -0
- package/dist/common/crypto.service.d.ts +31 -0
- package/dist/common/crypto.service.d.ts.map +1 -0
- package/dist/common/crypto.service.js +120 -0
- package/dist/common/crypto.service.js.map +1 -0
- package/dist/common/error-filter.d.ts +6 -0
- package/dist/common/error-filter.d.ts.map +1 -0
- package/dist/common/error-filter.js +78 -0
- package/dist/common/error-filter.js.map +1 -0
- package/dist/common/health.controller.d.ts +13 -0
- package/dist/common/health.controller.d.ts.map +1 -0
- package/dist/common/health.controller.js +75 -0
- package/dist/common/health.controller.js.map +1 -0
- package/dist/common/logger.service.d.ts +11 -0
- package/dist/common/logger.service.d.ts.map +1 -0
- package/dist/common/logger.service.js +48 -0
- package/dist/common/logger.service.js.map +1 -0
- package/dist/common/pagination.d.ts +18 -0
- package/dist/common/pagination.d.ts.map +1 -0
- package/dist/common/pagination.js +39 -0
- package/dist/common/pagination.js.map +1 -0
- package/dist/common/rate-limit.guard.d.ts +48 -0
- package/dist/common/rate-limit.guard.d.ts.map +1 -0
- package/dist/common/rate-limit.guard.js +129 -0
- package/dist/common/rate-limit.guard.js.map +1 -0
- package/dist/common/sensitive-filter.d.ts +7 -0
- package/dist/common/sensitive-filter.d.ts.map +1 -0
- package/dist/common/sensitive-filter.js +20 -0
- package/dist/common/sensitive-filter.js.map +1 -0
- package/dist/database/database.module.d.ts +3 -0
- package/dist/database/database.module.d.ts.map +1 -0
- package/dist/database/database.module.js +22 -0
- package/dist/database/database.module.js.map +1 -0
- package/dist/database/database.service.d.ts +13 -0
- package/dist/database/database.service.d.ts.map +1 -0
- package/dist/database/database.service.js +107 -0
- package/dist/database/database.service.js.map +1 -0
- package/dist/database/migration-runner.d.ts +5 -0
- package/dist/database/migration-runner.d.ts.map +1 -0
- package/dist/database/migration-runner.js +86 -0
- package/dist/database/migration-runner.js.map +1 -0
- package/dist/database/repositories/audit-log.repository.d.ts +29 -0
- package/dist/database/repositories/audit-log.repository.d.ts.map +1 -0
- package/dist/database/repositories/audit-log.repository.js +80 -0
- package/dist/database/repositories/audit-log.repository.js.map +1 -0
- package/dist/database/repositories/bot.repository.d.ts +67 -0
- package/dist/database/repositories/bot.repository.d.ts.map +1 -0
- package/dist/database/repositories/bot.repository.js +133 -0
- package/dist/database/repositories/bot.repository.js.map +1 -0
- package/dist/database/repositories/developer-token.repository.d.ts +40 -0
- package/dist/database/repositories/developer-token.repository.d.ts.map +1 -0
- package/dist/database/repositories/developer-token.repository.js +84 -0
- package/dist/database/repositories/developer-token.repository.js.map +1 -0
- package/dist/database/repositories/developer.repository.d.ts +25 -0
- package/dist/database/repositories/developer.repository.d.ts.map +1 -0
- package/dist/database/repositories/developer.repository.js +139 -0
- package/dist/database/repositories/developer.repository.js.map +1 -0
- package/dist/database/repositories/machine.repository.d.ts +39 -0
- package/dist/database/repositories/machine.repository.d.ts.map +1 -0
- package/dist/database/repositories/machine.repository.js +176 -0
- package/dist/database/repositories/machine.repository.js.map +1 -0
- package/dist/database/repositories/notification.repository.d.ts +19 -0
- package/dist/database/repositories/notification.repository.d.ts.map +1 -0
- package/dist/database/repositories/notification.repository.js +94 -0
- package/dist/database/repositories/notification.repository.js.map +1 -0
- package/dist/database/repositories/project-member.repository.d.ts +30 -0
- package/dist/database/repositories/project-member.repository.d.ts.map +1 -0
- package/dist/database/repositories/project-member.repository.js +75 -0
- package/dist/database/repositories/project-member.repository.js.map +1 -0
- package/dist/database/repositories/project.repository.d.ts +24 -0
- package/dist/database/repositories/project.repository.d.ts.map +1 -0
- package/dist/database/repositories/project.repository.js +154 -0
- package/dist/database/repositories/project.repository.js.map +1 -0
- package/dist/database/repositories/session.repository.d.ts +19 -0
- package/dist/database/repositories/session.repository.d.ts.map +1 -0
- package/dist/database/repositories/session.repository.js +117 -0
- package/dist/database/repositories/session.repository.js.map +1 -0
- package/dist/database/repositories/task.repository.d.ts +37 -0
- package/dist/database/repositories/task.repository.d.ts.map +1 -0
- package/dist/database/repositories/task.repository.js +229 -0
- package/dist/database/repositories/task.repository.js.map +1 -0
- package/dist/database/repositories/worker-token.repository.d.ts +20 -0
- package/dist/database/repositories/worker-token.repository.d.ts.map +1 -0
- package/dist/database/repositories/worker-token.repository.js +94 -0
- package/dist/database/repositories/worker-token.repository.js.map +1 -0
- package/dist/database/repositories/workspace.repository.d.ts +19 -0
- package/dist/database/repositories/workspace.repository.d.ts.map +1 -0
- package/dist/database/repositories/workspace.repository.js +82 -0
- package/dist/database/repositories/workspace.repository.js.map +1 -0
- package/dist/dispatcher/capability.service.d.ts +50 -0
- package/dist/dispatcher/capability.service.d.ts.map +1 -0
- package/dist/dispatcher/capability.service.js +159 -0
- package/dist/dispatcher/capability.service.js.map +1 -0
- package/dist/dispatcher/cleanup.service.d.ts +23 -0
- package/dist/dispatcher/cleanup.service.d.ts.map +1 -0
- package/dist/dispatcher/cleanup.service.js +107 -0
- package/dist/dispatcher/cleanup.service.js.map +1 -0
- package/dist/dispatcher/dedup.service.d.ts +48 -0
- package/dist/dispatcher/dedup.service.d.ts.map +1 -0
- package/dist/dispatcher/dedup.service.js +189 -0
- package/dist/dispatcher/dedup.service.js.map +1 -0
- package/dist/dispatcher/dispatcher.module.d.ts +3 -0
- package/dist/dispatcher/dispatcher.module.d.ts.map +1 -0
- package/dist/dispatcher/dispatcher.module.js +76 -0
- package/dist/dispatcher/dispatcher.module.js.map +1 -0
- package/dist/dispatcher/dispatcher.service.d.ts +134 -0
- package/dist/dispatcher/dispatcher.service.d.ts.map +1 -0
- package/dist/dispatcher/dispatcher.service.js +1034 -0
- package/dist/dispatcher/dispatcher.service.js.map +1 -0
- package/dist/dispatcher/heartbeat.service.d.ts +50 -0
- package/dist/dispatcher/heartbeat.service.d.ts.map +1 -0
- package/dist/dispatcher/heartbeat.service.js +154 -0
- package/dist/dispatcher/heartbeat.service.js.map +1 -0
- package/dist/dispatcher/machine-selector.d.ts +18 -0
- package/dist/dispatcher/machine-selector.d.ts.map +1 -0
- package/dist/dispatcher/machine-selector.js +144 -0
- package/dist/dispatcher/machine-selector.js.map +1 -0
- package/dist/dispatcher/pty-relay.service.d.ts +75 -0
- package/dist/dispatcher/pty-relay.service.d.ts.map +1 -0
- package/dist/dispatcher/pty-relay.service.js +404 -0
- package/dist/dispatcher/pty-relay.service.js.map +1 -0
- package/dist/dispatcher/reconciler.d.ts +39 -0
- package/dist/dispatcher/reconciler.d.ts.map +1 -0
- package/dist/dispatcher/reconciler.js +556 -0
- package/dist/dispatcher/reconciler.js.map +1 -0
- package/dist/dispatcher/scheduler.service.d.ts +50 -0
- package/dist/dispatcher/scheduler.service.d.ts.map +1 -0
- package/dist/dispatcher/scheduler.service.js +287 -0
- package/dist/dispatcher/scheduler.service.js.map +1 -0
- package/dist/dispatcher/state-machine.d.ts +16 -0
- package/dist/dispatcher/state-machine.d.ts.map +1 -0
- package/dist/dispatcher/state-machine.js +77 -0
- package/dist/dispatcher/state-machine.js.map +1 -0
- package/dist/dispatcher/task-log-batcher.d.ts +50 -0
- package/dist/dispatcher/task-log-batcher.d.ts.map +1 -0
- package/dist/dispatcher/task-log-batcher.js +184 -0
- package/dist/dispatcher/task-log-batcher.js.map +1 -0
- package/dist/dispatcher/worker-connection.manager.d.ts +49 -0
- package/dist/dispatcher/worker-connection.manager.d.ts.map +1 -0
- package/dist/dispatcher/worker-connection.manager.js +128 -0
- package/dist/dispatcher/worker-connection.manager.js.map +1 -0
- package/dist/main.d.ts +2 -0
- package/dist/main.d.ts.map +1 -0
- package/dist/main.js +85 -0
- package/dist/main.js.map +1 -0
- package/dist/notifier/debouncer.d.ts +39 -0
- package/dist/notifier/debouncer.d.ts.map +1 -0
- package/dist/notifier/debouncer.js +123 -0
- package/dist/notifier/debouncer.js.map +1 -0
- package/dist/notifier/notification-consumer.d.ts +88 -0
- package/dist/notifier/notification-consumer.d.ts.map +1 -0
- package/dist/notifier/notification-consumer.js +186 -0
- package/dist/notifier/notification-consumer.js.map +1 -0
- package/dist/notifier/notifier.module.d.ts +9 -0
- package/dist/notifier/notifier.module.d.ts.map +1 -0
- package/dist/notifier/notifier.module.js +58 -0
- package/dist/notifier/notifier.module.js.map +1 -0
- package/dist/notifier/notifier.service.d.ts +40 -0
- package/dist/notifier/notifier.service.d.ts.map +1 -0
- package/dist/notifier/notifier.service.js +191 -0
- package/dist/notifier/notifier.service.js.map +1 -0
- package/dist/notifier/template.service.d.ts +42 -0
- package/dist/notifier/template.service.d.ts.map +1 -0
- package/dist/notifier/template.service.js +201 -0
- package/dist/notifier/template.service.js.map +1 -0
- package/dist/redis/redis.module.d.ts +3 -0
- package/dist/redis/redis.module.d.ts.map +1 -0
- package/dist/redis/redis.module.js +22 -0
- package/dist/redis/redis.module.js.map +1 -0
- package/dist/redis/redis.service.d.ts +19 -0
- package/dist/redis/redis.service.d.ts.map +1 -0
- package/dist/redis/redis.service.js +69 -0
- package/dist/redis/redis.service.js.map +1 -0
- package/dist/web/admin/admin-audit.controller.d.ts +7 -0
- package/dist/web/admin/admin-audit.controller.d.ts.map +1 -0
- package/dist/web/admin/admin-audit.controller.js +53 -0
- package/dist/web/admin/admin-audit.controller.js.map +1 -0
- package/dist/web/admin/admin-bot.controller.d.ts +79 -0
- package/dist/web/admin/admin-bot.controller.d.ts.map +1 -0
- package/dist/web/admin/admin-bot.controller.js +193 -0
- package/dist/web/admin/admin-bot.controller.js.map +1 -0
- package/dist/web/admin/admin-developer.controller.d.ts +52 -0
- package/dist/web/admin/admin-developer.controller.d.ts.map +1 -0
- package/dist/web/admin/admin-developer.controller.js +160 -0
- package/dist/web/admin/admin-developer.controller.js.map +1 -0
- package/dist/web/admin/admin-machine.controller.d.ts +64 -0
- package/dist/web/admin/admin-machine.controller.d.ts.map +1 -0
- package/dist/web/admin/admin-machine.controller.js +111 -0
- package/dist/web/admin/admin-machine.controller.js.map +1 -0
- package/dist/web/admin/admin-project.controller.d.ts +45 -0
- package/dist/web/admin/admin-project.controller.d.ts.map +1 -0
- package/dist/web/admin/admin-project.controller.js +207 -0
- package/dist/web/admin/admin-project.controller.js.map +1 -0
- package/dist/web/admin/admin-settings.controller.d.ts +18 -0
- package/dist/web/admin/admin-settings.controller.d.ts.map +1 -0
- package/dist/web/admin/admin-settings.controller.js +93 -0
- package/dist/web/admin/admin-settings.controller.js.map +1 -0
- package/dist/web/admin/admin-token.controller.d.ts +45 -0
- package/dist/web/admin/admin-token.controller.d.ts.map +1 -0
- package/dist/web/admin/admin-token.controller.js +182 -0
- package/dist/web/admin/admin-token.controller.js.map +1 -0
- package/dist/web/dashboard.controller.d.ts +16 -0
- package/dist/web/dashboard.controller.d.ts.map +1 -0
- package/dist/web/dashboard.controller.js +78 -0
- package/dist/web/dashboard.controller.js.map +1 -0
- package/dist/web/dashboard.service.d.ts +39 -0
- package/dist/web/dashboard.service.d.ts.map +1 -0
- package/dist/web/dashboard.service.js +234 -0
- package/dist/web/dashboard.service.js.map +1 -0
- package/dist/web/interaction.service.d.ts +42 -0
- package/dist/web/interaction.service.d.ts.map +1 -0
- package/dist/web/interaction.service.js +102 -0
- package/dist/web/interaction.service.js.map +1 -0
- package/dist/web/machine.controller.d.ts +102 -0
- package/dist/web/machine.controller.d.ts.map +1 -0
- package/dist/web/machine.controller.js +121 -0
- package/dist/web/machine.controller.js.map +1 -0
- package/dist/web/notification.controller.d.ts +22 -0
- package/dist/web/notification.controller.d.ts.map +1 -0
- package/dist/web/notification.controller.js +70 -0
- package/dist/web/notification.controller.js.map +1 -0
- package/dist/web/profile.controller.d.ts +70 -0
- package/dist/web/profile.controller.d.ts.map +1 -0
- package/dist/web/profile.controller.js +262 -0
- package/dist/web/profile.controller.js.map +1 -0
- package/dist/web/project.controller.d.ts +8 -0
- package/dist/web/project.controller.d.ts.map +1 -0
- package/dist/web/project.controller.js +54 -0
- package/dist/web/project.controller.js.map +1 -0
- package/dist/web/pty.gateway.d.ts +32 -0
- package/dist/web/pty.gateway.d.ts.map +1 -0
- package/dist/web/pty.gateway.js +358 -0
- package/dist/web/pty.gateway.js.map +1 -0
- package/dist/web/search.service.d.ts +34 -0
- package/dist/web/search.service.d.ts.map +1 -0
- package/dist/web/search.service.js +106 -0
- package/dist/web/search.service.js.map +1 -0
- package/dist/web/task.controller.d.ts +54 -0
- package/dist/web/task.controller.d.ts.map +1 -0
- package/dist/web/task.controller.js +266 -0
- package/dist/web/task.controller.js.map +1 -0
- package/dist/web/web.module.d.ts +3 -0
- package/dist/web/web.module.d.ts.map +1 -0
- package/dist/web/web.module.js +97 -0
- package/dist/web/web.module.js.map +1 -0
- package/dist/web/worker-channel.gateway.d.ts +45 -0
- package/dist/web/worker-channel.gateway.d.ts.map +1 -0
- package/dist/web/worker-channel.gateway.js +283 -0
- package/dist/web/worker-channel.gateway.js.map +1 -0
- package/dist/web/worker.controller.d.ts +14 -0
- package/dist/web/worker.controller.d.ts.map +1 -0
- package/dist/web/worker.controller.js +73 -0
- package/dist/web/worker.controller.js.map +1 -0
- package/dist/web/workspace.controller.d.ts +109 -0
- package/dist/web/workspace.controller.d.ts.map +1 -0
- package/dist/web/workspace.controller.js +386 -0
- package/dist/web/workspace.controller.js.map +1 -0
- package/package.json +61 -0
|
@@ -0,0 +1,307 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
19
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
20
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
21
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
22
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
23
|
+
};
|
|
24
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
25
|
+
var ownKeys = function(o) {
|
|
26
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
27
|
+
var ar = [];
|
|
28
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
29
|
+
return ar;
|
|
30
|
+
};
|
|
31
|
+
return ownKeys(o);
|
|
32
|
+
};
|
|
33
|
+
return function (mod) {
|
|
34
|
+
if (mod && mod.__esModule) return mod;
|
|
35
|
+
var result = {};
|
|
36
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
37
|
+
__setModuleDefault(result, mod);
|
|
38
|
+
return result;
|
|
39
|
+
};
|
|
40
|
+
})();
|
|
41
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
42
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
43
|
+
};
|
|
44
|
+
var AuthService_1;
|
|
45
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
46
|
+
exports.AuthService = void 0;
|
|
47
|
+
const common_1 = require("@nestjs/common");
|
|
48
|
+
const jwt_1 = require("@nestjs/jwt");
|
|
49
|
+
const bcrypt = __importStar(require("bcrypt"));
|
|
50
|
+
const otplib_1 = require("otplib");
|
|
51
|
+
const uuid_1 = require("uuid");
|
|
52
|
+
const developer_repository_1 = require("../database/repositories/developer.repository");
|
|
53
|
+
const redis_service_1 = require("../redis/redis.service");
|
|
54
|
+
let AuthService = AuthService_1 = class AuthService {
|
|
55
|
+
jwtService;
|
|
56
|
+
developerRepo;
|
|
57
|
+
redis;
|
|
58
|
+
logger = new common_1.Logger(AuthService_1.name);
|
|
59
|
+
constructor(jwtService, developerRepo, redis) {
|
|
60
|
+
this.jwtService = jwtService;
|
|
61
|
+
this.developerRepo = developerRepo;
|
|
62
|
+
this.redis = redis;
|
|
63
|
+
}
|
|
64
|
+
onModuleInit() {
|
|
65
|
+
const defaultSecrets = ['default-jwt-secret', 'default-worker-jwt-secret'];
|
|
66
|
+
const jwtSecret = process.env.JWT_SECRET;
|
|
67
|
+
const workerJwtSecret = process.env.WORKER_JWT_SECRET;
|
|
68
|
+
const isProduction = process.env.NODE_ENV === 'production';
|
|
69
|
+
const jwtSecretIsDefault = !jwtSecret || defaultSecrets.includes(jwtSecret);
|
|
70
|
+
const workerSecretIsDefault = !workerJwtSecret || defaultSecrets.includes(workerJwtSecret);
|
|
71
|
+
if (isProduction) {
|
|
72
|
+
if (jwtSecretIsDefault) {
|
|
73
|
+
throw new Error('JWT_SECRET must be set to a non-default value in production');
|
|
74
|
+
}
|
|
75
|
+
if (workerSecretIsDefault) {
|
|
76
|
+
throw new Error('WORKER_JWT_SECRET must be set to a non-default value in production');
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
else {
|
|
80
|
+
if (jwtSecretIsDefault) {
|
|
81
|
+
this.logger.warn('JWT_SECRET is not set or is using the default value. This is insecure and must be changed before deploying to production.');
|
|
82
|
+
}
|
|
83
|
+
if (workerSecretIsDefault) {
|
|
84
|
+
this.logger.warn('WORKER_JWT_SECRET is not set or is using the default value. This is insecure and must be changed before deploying to production.');
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
async login(username, password, totpCode) {
|
|
89
|
+
// 1. Find developer by name
|
|
90
|
+
const developer = this.developerRepo.findByName(username);
|
|
91
|
+
// 2. Reject if not found or inactive
|
|
92
|
+
if (!developer) {
|
|
93
|
+
throw new common_1.UnauthorizedException('Invalid credentials');
|
|
94
|
+
}
|
|
95
|
+
if (developer.status !== 'active') {
|
|
96
|
+
throw new common_1.UnauthorizedException('Account is inactive');
|
|
97
|
+
}
|
|
98
|
+
if (!developer.passwordHash) {
|
|
99
|
+
throw new common_1.UnauthorizedException('Invalid credentials');
|
|
100
|
+
}
|
|
101
|
+
// 3. bcrypt.compare password
|
|
102
|
+
const passwordValid = await bcrypt.compare(password, developer.passwordHash);
|
|
103
|
+
if (!passwordValid) {
|
|
104
|
+
throw new common_1.UnauthorizedException('Invalid credentials');
|
|
105
|
+
}
|
|
106
|
+
// 4. If totp_secret IS NULL, sign scoped token for TOTP setup
|
|
107
|
+
if (!developer.totpSecret) {
|
|
108
|
+
const payload = {
|
|
109
|
+
sub: developer.id,
|
|
110
|
+
name: developer.name,
|
|
111
|
+
role: developer.role,
|
|
112
|
+
jti: (0, uuid_1.v4)(),
|
|
113
|
+
scope: 'totp_setup',
|
|
114
|
+
};
|
|
115
|
+
const accessToken = this.jwtService.sign(payload, {
|
|
116
|
+
secret: process.env.JWT_SECRET || 'default-jwt-secret',
|
|
117
|
+
expiresIn: '15m',
|
|
118
|
+
});
|
|
119
|
+
return { accessToken, totpSetup: true };
|
|
120
|
+
}
|
|
121
|
+
// 5. If totp_secret exists and no totpCode, throw 401 TOTP_REQUIRED
|
|
122
|
+
if (!totpCode) {
|
|
123
|
+
throw new common_1.UnauthorizedException('TOTP_REQUIRED');
|
|
124
|
+
}
|
|
125
|
+
// 6. Verify TOTP code
|
|
126
|
+
const totpValid = otplib_1.authenticator.verify({
|
|
127
|
+
token: totpCode,
|
|
128
|
+
secret: developer.totpSecret,
|
|
129
|
+
});
|
|
130
|
+
if (!totpValid) {
|
|
131
|
+
throw new common_1.UnauthorizedException('Invalid TOTP code');
|
|
132
|
+
}
|
|
133
|
+
// 7. Sign access + refresh tokens
|
|
134
|
+
const accessToken = this.signUserJwt(developer);
|
|
135
|
+
const refreshToken = this.signRefreshToken(developer);
|
|
136
|
+
return { accessToken, refreshToken };
|
|
137
|
+
}
|
|
138
|
+
async refresh(refreshToken) {
|
|
139
|
+
// 1. Verify signature
|
|
140
|
+
let payload;
|
|
141
|
+
try {
|
|
142
|
+
payload = this.jwtService.verify(refreshToken, {
|
|
143
|
+
secret: process.env.JWT_SECRET || 'default-jwt-secret',
|
|
144
|
+
});
|
|
145
|
+
}
|
|
146
|
+
catch {
|
|
147
|
+
throw new common_1.UnauthorizedException('Invalid refresh token');
|
|
148
|
+
}
|
|
149
|
+
if (payload.type !== 'refresh') {
|
|
150
|
+
throw new common_1.UnauthorizedException('Invalid token type');
|
|
151
|
+
}
|
|
152
|
+
// 2. Atomically blacklist the old refresh token (SET NX).
|
|
153
|
+
// If SET NX returns null, the token was already used — reject.
|
|
154
|
+
const nowSeconds = Math.floor(Date.now() / 1000);
|
|
155
|
+
const remainingTtl = payload.exp - nowSeconds;
|
|
156
|
+
if (remainingTtl > 0) {
|
|
157
|
+
const result = await this.redis.getClient().set(`rt:${payload.jti}`, '1', 'EX', remainingTtl, 'NX');
|
|
158
|
+
if (result === null) {
|
|
159
|
+
throw new common_1.UnauthorizedException('Token has been revoked');
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
else {
|
|
163
|
+
throw new common_1.UnauthorizedException('Token has been revoked');
|
|
164
|
+
}
|
|
165
|
+
// 3. Check developer still active
|
|
166
|
+
const developer = this.developerRepo.findById(payload.sub);
|
|
167
|
+
if (!developer || developer.status !== 'active') {
|
|
168
|
+
throw new common_1.UnauthorizedException('Account is inactive');
|
|
169
|
+
}
|
|
170
|
+
// 5. Sign new access token and refresh token
|
|
171
|
+
const accessToken = this.signUserJwt(developer);
|
|
172
|
+
const newRefreshToken = this.signRefreshToken(developer);
|
|
173
|
+
return { accessToken, refreshToken: newRefreshToken };
|
|
174
|
+
}
|
|
175
|
+
async logout(refreshToken) {
|
|
176
|
+
// 1. Decode token to get jti, exp, and sub
|
|
177
|
+
let payload;
|
|
178
|
+
try {
|
|
179
|
+
payload = this.jwtService.verify(refreshToken, {
|
|
180
|
+
secret: process.env.JWT_SECRET || 'default-jwt-secret',
|
|
181
|
+
});
|
|
182
|
+
}
|
|
183
|
+
catch {
|
|
184
|
+
// If token is already expired or invalid, nothing to blacklist
|
|
185
|
+
return;
|
|
186
|
+
}
|
|
187
|
+
const nowSeconds = Math.floor(Date.now() / 1000);
|
|
188
|
+
const remainingTtl = payload.exp - nowSeconds;
|
|
189
|
+
if (remainingTtl > 0) {
|
|
190
|
+
// 2. Blacklist the refresh token
|
|
191
|
+
await this.redis.getClient().set(`rt:${payload.jti}`, '1', 'EX', remainingTtl, 'NX');
|
|
192
|
+
// 3. Set a per-user logout timestamp so PTY revalidation can detect
|
|
193
|
+
// that the user logged out after their access token was issued.
|
|
194
|
+
// TTL matches access token lifetime (15 min) — after that the access
|
|
195
|
+
// token would expire naturally and PTY revalidation closes the socket.
|
|
196
|
+
await this.redis.getClient().set(`logout:${payload.sub}`, String(nowSeconds), 'EX', 900);
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
signUserJwt(developer) {
|
|
200
|
+
const payload = {
|
|
201
|
+
sub: developer.id,
|
|
202
|
+
name: developer.name,
|
|
203
|
+
role: developer.role,
|
|
204
|
+
jti: (0, uuid_1.v4)(),
|
|
205
|
+
};
|
|
206
|
+
return this.jwtService.sign(payload, {
|
|
207
|
+
secret: process.env.JWT_SECRET || 'default-jwt-secret',
|
|
208
|
+
expiresIn: '15m',
|
|
209
|
+
});
|
|
210
|
+
}
|
|
211
|
+
signRefreshToken(developer) {
|
|
212
|
+
const payload = {
|
|
213
|
+
sub: developer.id,
|
|
214
|
+
jti: (0, uuid_1.v4)(),
|
|
215
|
+
type: 'refresh',
|
|
216
|
+
};
|
|
217
|
+
return this.jwtService.sign(payload, {
|
|
218
|
+
secret: process.env.JWT_SECRET || 'default-jwt-secret',
|
|
219
|
+
expiresIn: '7d',
|
|
220
|
+
});
|
|
221
|
+
}
|
|
222
|
+
signWorkerJwt(machineId, tokenId) {
|
|
223
|
+
const payload = {
|
|
224
|
+
sub: machineId,
|
|
225
|
+
tokenId,
|
|
226
|
+
};
|
|
227
|
+
return this.jwtService.sign(payload, {
|
|
228
|
+
secret: process.env.WORKER_JWT_SECRET || 'default-worker-jwt-secret',
|
|
229
|
+
expiresIn: '7d',
|
|
230
|
+
});
|
|
231
|
+
}
|
|
232
|
+
signChannelToken(taskId, aud) {
|
|
233
|
+
const payload = {
|
|
234
|
+
taskId,
|
|
235
|
+
aud,
|
|
236
|
+
jti: (0, uuid_1.v4)(),
|
|
237
|
+
};
|
|
238
|
+
return this.jwtService.sign(payload, {
|
|
239
|
+
secret: process.env.WORKER_JWT_SECRET || 'default-worker-jwt-secret',
|
|
240
|
+
expiresIn: 30,
|
|
241
|
+
});
|
|
242
|
+
}
|
|
243
|
+
async validateChannelToken(token, expectedAud) {
|
|
244
|
+
let payload;
|
|
245
|
+
try {
|
|
246
|
+
payload = this.jwtService.verify(token, {
|
|
247
|
+
secret: process.env.WORKER_JWT_SECRET || 'default-worker-jwt-secret',
|
|
248
|
+
});
|
|
249
|
+
}
|
|
250
|
+
catch {
|
|
251
|
+
throw new common_1.UnauthorizedException('Invalid channel token');
|
|
252
|
+
}
|
|
253
|
+
if (payload.aud !== expectedAud) {
|
|
254
|
+
throw new common_1.UnauthorizedException(`Channel token audience mismatch: expected ${expectedAud}`);
|
|
255
|
+
}
|
|
256
|
+
// Atomically check and mark jti as used (SET NX) to prevent replay
|
|
257
|
+
const jtiKey = `channel_token:${payload.jti}`;
|
|
258
|
+
const nowSeconds = Math.floor(Date.now() / 1000);
|
|
259
|
+
const remainingTtl = payload.exp ? payload.exp - nowSeconds : 30;
|
|
260
|
+
if (remainingTtl <= 0) {
|
|
261
|
+
throw new common_1.UnauthorizedException('Channel token has expired');
|
|
262
|
+
}
|
|
263
|
+
const result = await this.redis
|
|
264
|
+
.getClient()
|
|
265
|
+
.set(jtiKey, 'used', 'EX', remainingTtl, 'NX');
|
|
266
|
+
if (result === null) {
|
|
267
|
+
throw new common_1.UnauthorizedException('Channel token has already been used');
|
|
268
|
+
}
|
|
269
|
+
return payload;
|
|
270
|
+
}
|
|
271
|
+
/**
|
|
272
|
+
* Verify a Worker JWT and return its payload.
|
|
273
|
+
* Throws UnauthorizedException on invalid/expired token.
|
|
274
|
+
*/
|
|
275
|
+
verifyWorkerJwt(token) {
|
|
276
|
+
try {
|
|
277
|
+
return this.jwtService.verify(token, {
|
|
278
|
+
secret: process.env.WORKER_JWT_SECRET || 'default-worker-jwt-secret',
|
|
279
|
+
});
|
|
280
|
+
}
|
|
281
|
+
catch {
|
|
282
|
+
throw new common_1.UnauthorizedException('Invalid worker JWT');
|
|
283
|
+
}
|
|
284
|
+
}
|
|
285
|
+
/**
|
|
286
|
+
* Verify a User JWT and return its payload.
|
|
287
|
+
* Throws UnauthorizedException on invalid/expired token.
|
|
288
|
+
*/
|
|
289
|
+
verifyUserJwt(token) {
|
|
290
|
+
try {
|
|
291
|
+
return this.jwtService.verify(token, {
|
|
292
|
+
secret: process.env.JWT_SECRET || 'default-jwt-secret',
|
|
293
|
+
});
|
|
294
|
+
}
|
|
295
|
+
catch {
|
|
296
|
+
throw new common_1.UnauthorizedException('Invalid user JWT');
|
|
297
|
+
}
|
|
298
|
+
}
|
|
299
|
+
};
|
|
300
|
+
exports.AuthService = AuthService;
|
|
301
|
+
exports.AuthService = AuthService = AuthService_1 = __decorate([
|
|
302
|
+
(0, common_1.Injectable)(),
|
|
303
|
+
__metadata("design:paramtypes", [jwt_1.JwtService,
|
|
304
|
+
developer_repository_1.DeveloperRepository,
|
|
305
|
+
redis_service_1.RedisService])
|
|
306
|
+
], AuthService);
|
|
307
|
+
//# sourceMappingURL=auth.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../src/auth/auth.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAKwB;AACxB,qCAAyC;AACzC,+CAAiC;AACjC,mCAAuC;AACvC,+BAAoC;AACpC,wFAAoF;AACpF,0DAAsD;AA6B/C,IAAM,WAAW,mBAAjB,MAAM,WAAW;IAIH;IACA;IACA;IALF,MAAM,GAAG,IAAI,eAAM,CAAC,aAAW,CAAC,IAAI,CAAC,CAAC;IAEvD,YACmB,UAAsB,EACtB,aAAkC,EAClC,KAAmB;QAFnB,eAAU,GAAV,UAAU,CAAY;QACtB,kBAAa,GAAb,aAAa,CAAqB;QAClC,UAAK,GAAL,KAAK,CAAc;IACnC,CAAC;IAEJ,YAAY;QACV,MAAM,cAAc,GAAG,CAAC,oBAAoB,EAAE,2BAA2B,CAAC,CAAC;QAC3E,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;QACzC,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACtD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;QAE3D,MAAM,kBAAkB,GAAG,CAAC,SAAS,IAAI,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC5E,MAAM,qBAAqB,GACzB,CAAC,eAAe,IAAI,cAAc,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;QAE/D,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,kBAAkB,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAC;YACJ,CAAC;YACD,IAAI,qBAAqB,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,kBAAkB,EAAE,CAAC;gBACvB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,2HAA2H,CAC5H,CAAC;YACJ,CAAC;YACD,IAAI,qBAAqB,EAAE,CAAC;gBAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,kIAAkI,CACnI,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK,CACT,QAAgB,EAChB,QAAgB,EAChB,QAAiB;QAKjB,4BAA4B;QAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAE1D,qCAAqC;QACrC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAClC,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;YAC5B,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,6BAA6B;QAC7B,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,OAAO,CACxC,QAAQ,EACR,SAAS,CAAC,YAAY,CACvB,CAAC;QAEF,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,8DAA8D;QAC9D,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAwB;gBACnC,GAAG,EAAE,SAAS,CAAC,EAAE;gBACjB,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,GAAG,EAAE,IAAA,SAAM,GAAE;gBACb,KAAK,EAAE,YAAY;aACpB,CAAC;YAEF,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;gBAChD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;gBACtD,SAAS,EAAE,KAAK;aACjB,CAAC,CAAC;YAEH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QAC1C,CAAC;QAED,oEAAoE;QACpE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,8BAAqB,CAAC,eAAe,CAAC,CAAC;QACnD,CAAC;QAED,sBAAsB;QACtB,MAAM,SAAS,GAAG,sBAAa,CAAC,MAAM,CAAC;YACrC,KAAK,EAAE,QAAQ;YACf,MAAM,EAAE,SAAS,CAAC,UAAU;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,mBAAmB,CAAC,CAAC;QACvD,CAAC;QAED,kCAAkC;QAClC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAEtD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,YAAoB;QAChC,sBAAsB;QACtB,IAAI,OAAgE,CAAC;QACrE,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,EAAE;gBAC7C,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;aACvD,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,8BAAqB,CAAC,uBAAuB,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC/B,MAAM,IAAI,8BAAqB,CAAC,oBAAoB,CAAC,CAAC;QACxD,CAAC;QAED,0DAA0D;QAC1D,kEAAkE;QAClE,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,GAAG,UAAU,CAAC;QAC9C,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,GAAG,CAC7C,MAAM,OAAO,CAAC,GAAG,EAAE,EACnB,GAAG,EACH,IAAI,EACJ,YAAY,EACZ,IAAI,CACL,CAAC;YACF,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;gBACpB,MAAM,IAAI,8BAAqB,CAAC,wBAAwB,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,8BAAqB,CAAC,wBAAwB,CAAC,CAAC;QAC5D,CAAC;QAED,kCAAkC;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3D,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,8BAAqB,CAAC,qBAAqB,CAAC,CAAC;QACzD,CAAC;QAED,6CAA6C;QAC7C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,eAAe,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAEzD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,eAAe,EAAE,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,YAAoB;QAC/B,2CAA2C;QAC3C,IAAI,OAAkD,CAAC;QACvD,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,EAAE;gBAC7C,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;aACvD,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,+DAA+D;YAC/D,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,GAAG,UAAU,CAAC;QAE9C,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YACrB,iCAAiC;YACjC,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,GAAG,CAC9B,MAAM,OAAO,CAAC,GAAG,EAAE,EACnB,GAAG,EACH,IAAI,EACJ,YAAY,EACZ,IAAI,CACL,CAAC;YAEF,oEAAoE;YACpE,gEAAgE;YAChE,qEAAqE;YACrE,uEAAuE;YACvE,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,GAAG,CAC9B,UAAU,OAAO,CAAC,GAAG,EAAE,EACvB,MAAM,CAAC,UAAU,CAAC,EAClB,IAAI,EACJ,GAAG,CACJ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,WAAW,CAAC,SAIX;QACC,MAAM,OAAO,GAAmB;YAC9B,GAAG,EAAE,SAAS,CAAC,EAAE;YACjB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,GAAG,EAAE,IAAA,SAAM,GAAE;SACd,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;YACtD,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB,CAAC,SAAyB;QACxC,MAAM,OAAO,GAAG;YACd,GAAG,EAAE,SAAS,CAAC,EAAE;YACjB,GAAG,EAAE,IAAA,SAAM,GAAE;YACb,IAAI,EAAE,SAAS;SAChB,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;YACtD,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;IACL,CAAC;IAED,aAAa,CAAC,SAAiB,EAAE,OAAe;QAC9C,MAAM,OAAO,GAAqB;YAChC,GAAG,EAAE,SAAS;YACd,OAAO;SACR,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,2BAA2B;YACpE,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB,CAAC,MAAc,EAAE,GAAqB;QACpD,MAAM,OAAO,GAAwB;YACnC,MAAM;YACN,GAAG;YACH,GAAG,EAAE,IAAA,SAAM,GAAE;SACd,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;YACnC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,2BAA2B;YACpE,SAAS,EAAE,EAAE;SACd,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,KAAa,EACb,WAA6B;QAE7B,IAAI,OAA+C,CAAC;QACpD,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAyC,KAAK,EAAE;gBAC9E,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,2BAA2B;aACrE,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,8BAAqB,CAAC,uBAAuB,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;YAChC,MAAM,IAAI,8BAAqB,CAC7B,6CAA6C,WAAW,EAAE,CAC3D,CAAC;QACJ,CAAC;QAED,mEAAmE;QACnE,MAAM,MAAM,GAAG,iBAAiB,OAAO,CAAC,GAAG,EAAE,CAAC;QAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;QAEjE,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,8BAAqB,CAAC,2BAA2B,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK;aAC5B,SAAS,EAAE;aACX,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;QAEjD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,MAAM,IAAI,8BAAqB,CAAC,qCAAqC,CAAC,CAAC;QACzE,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACH,eAAe,CAAC,KAAa;QAC3B,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAmB,KAAK,EAAE;gBACrD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,2BAA2B;aACrE,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,8BAAqB,CAAC,oBAAoB,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,KAAa;QACzB,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAiB,KAAK,EAAE;gBACnD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;aACvD,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,8BAAqB,CAAC,kBAAkB,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;CACF,CAAA;AArUY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;qCAKoB,gBAAU;QACP,0CAAmB;QAC3B,4BAAY;GAN3B,WAAW,CAqUvB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"allow-totp-setup.decorator.d.ts","sourceRoot":"","sources":["../../../src/auth/decorators/allow-totp-setup.decorator.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,oBAAoB,qBAAqB,CAAC;AACvD,eAAO,MAAM,cAAc,wDAAgD,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AllowTotpSetup = exports.ALLOW_TOTP_SETUP_KEY = void 0;
|
|
4
|
+
const common_1 = require("@nestjs/common");
|
|
5
|
+
exports.ALLOW_TOTP_SETUP_KEY = 'allow_totp_setup';
|
|
6
|
+
const AllowTotpSetup = () => (0, common_1.SetMetadata)(exports.ALLOW_TOTP_SETUP_KEY, true);
|
|
7
|
+
exports.AllowTotpSetup = AllowTotpSetup;
|
|
8
|
+
//# sourceMappingURL=allow-totp-setup.decorator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"allow-totp-setup.decorator.js","sourceRoot":"","sources":["../../../src/auth/decorators/allow-totp-setup.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAA6C;AAEhC,QAAA,oBAAoB,GAAG,kBAAkB,CAAC;AAChD,MAAM,cAAc,GAAG,GAAG,EAAE,CAAC,IAAA,oBAAW,EAAC,4BAAoB,EAAE,IAAI,CAAC,CAAC;AAA/D,QAAA,cAAc,kBAAiD"}
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import type { ProjectRole } from '@overlordai/protocol';
|
|
2
|
+
export declare const PROJECT_ROLES_KEY = "projectRoles";
|
|
3
|
+
export declare const ProjectRoles: (...roles: ProjectRole[]) => import("@nestjs/common").CustomDecorator<string>;
|
|
4
|
+
//# sourceMappingURL=project-roles.decorator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"project-roles.decorator.d.ts","sourceRoot":"","sources":["../../../src/auth/decorators/project-roles.decorator.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAExD,eAAO,MAAM,iBAAiB,iBAAiB,CAAC;AAChD,eAAO,MAAM,YAAY,GAAI,GAAG,OAAO,WAAW,EAAE,qDACb,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ProjectRoles = exports.PROJECT_ROLES_KEY = void 0;
|
|
4
|
+
const common_1 = require("@nestjs/common");
|
|
5
|
+
exports.PROJECT_ROLES_KEY = 'projectRoles';
|
|
6
|
+
const ProjectRoles = (...roles) => (0, common_1.SetMetadata)(exports.PROJECT_ROLES_KEY, roles);
|
|
7
|
+
exports.ProjectRoles = ProjectRoles;
|
|
8
|
+
//# sourceMappingURL=project-roles.decorator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"project-roles.decorator.js","sourceRoot":"","sources":["../../../src/auth/decorators/project-roles.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAA6C;AAGhC,QAAA,iBAAiB,GAAG,cAAc,CAAC;AACzC,MAAM,YAAY,GAAG,CAAC,GAAG,KAAoB,EAAE,EAAE,CACtD,IAAA,oBAAW,EAAC,yBAAiB,EAAE,KAAK,CAAC,CAAC;AAD3B,QAAA,YAAY,gBACe"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"roles.decorator.d.ts","sourceRoot":"","sources":["../../../src/auth/decorators/roles.decorator.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE1D,eAAO,MAAM,SAAS,UAAU,CAAC;AACjC,eAAO,MAAM,KAAK,GAAI,GAAG,OAAO,aAAa,EAAE,qDAChB,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.Roles = exports.ROLES_KEY = void 0;
|
|
4
|
+
const common_1 = require("@nestjs/common");
|
|
5
|
+
exports.ROLES_KEY = 'roles';
|
|
6
|
+
const Roles = (...roles) => (0, common_1.SetMetadata)(exports.ROLES_KEY, roles);
|
|
7
|
+
exports.Roles = Roles;
|
|
8
|
+
//# sourceMappingURL=roles.decorator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"roles.decorator.js","sourceRoot":"","sources":["../../../src/auth/decorators/roles.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAA6C;AAGhC,QAAA,SAAS,GAAG,OAAO,CAAC;AAC1B,MAAM,KAAK,GAAG,CAAC,GAAG,KAAsB,EAAE,EAAE,CACjD,IAAA,oBAAW,EAAC,iBAAS,EAAE,KAAK,CAAC,CAAC;AADnB,QAAA,KAAK,SACc"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { NestMiddleware } from '@nestjs/common';
|
|
2
|
+
import type { Request, Response, NextFunction } from 'express';
|
|
3
|
+
import { JwtService } from '@nestjs/jwt';
|
|
4
|
+
/**
|
|
5
|
+
* Middleware that attempts to extract the authenticated user from the JWT
|
|
6
|
+
* in the Authorization header and attach it to `request.user`.
|
|
7
|
+
*
|
|
8
|
+
* This runs BEFORE guards (middleware → guards → interceptors in NestJS),
|
|
9
|
+
* so the RateLimitGuard (APP_GUARD) can use `request.user` for per-user
|
|
10
|
+
* rate limiting even though JwtAuthGuard hasn't run yet.
|
|
11
|
+
*
|
|
12
|
+
* This middleware never rejects requests — if the token is missing, invalid,
|
|
13
|
+
* or expired, it silently continues. Actual auth enforcement is still done
|
|
14
|
+
* by JwtAuthGuard on protected routes.
|
|
15
|
+
*/
|
|
16
|
+
export declare class ExtractUserMiddleware implements NestMiddleware {
|
|
17
|
+
private readonly jwtService;
|
|
18
|
+
constructor(jwtService: JwtService);
|
|
19
|
+
use(req: Request, _res: Response, next: NextFunction): void;
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=extract-user.middleware.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"extract-user.middleware.d.ts","sourceRoot":"","sources":["../../src/auth/extract-user.middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC;;;;;;;;;;;GAWG;AACH,qBACa,qBAAsB,YAAW,cAAc;IAC9C,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAAV,UAAU,EAAE,UAAU;IAEnD,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI;CAkB5D"}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.ExtractUserMiddleware = void 0;
|
|
13
|
+
const common_1 = require("@nestjs/common");
|
|
14
|
+
const jwt_1 = require("@nestjs/jwt");
|
|
15
|
+
/**
|
|
16
|
+
* Middleware that attempts to extract the authenticated user from the JWT
|
|
17
|
+
* in the Authorization header and attach it to `request.user`.
|
|
18
|
+
*
|
|
19
|
+
* This runs BEFORE guards (middleware → guards → interceptors in NestJS),
|
|
20
|
+
* so the RateLimitGuard (APP_GUARD) can use `request.user` for per-user
|
|
21
|
+
* rate limiting even though JwtAuthGuard hasn't run yet.
|
|
22
|
+
*
|
|
23
|
+
* This middleware never rejects requests — if the token is missing, invalid,
|
|
24
|
+
* or expired, it silently continues. Actual auth enforcement is still done
|
|
25
|
+
* by JwtAuthGuard on protected routes.
|
|
26
|
+
*/
|
|
27
|
+
let ExtractUserMiddleware = class ExtractUserMiddleware {
|
|
28
|
+
jwtService;
|
|
29
|
+
constructor(jwtService) {
|
|
30
|
+
this.jwtService = jwtService;
|
|
31
|
+
}
|
|
32
|
+
use(req, _res, next) {
|
|
33
|
+
const authHeader = req.headers?.authorization;
|
|
34
|
+
if (authHeader?.startsWith('Bearer ')) {
|
|
35
|
+
const token = authHeader.slice(7);
|
|
36
|
+
// Only attempt for JWTs (contain dots), not PATs (64-char hex)
|
|
37
|
+
if (token.includes('.')) {
|
|
38
|
+
try {
|
|
39
|
+
const payload = this.jwtService.verify(token, {
|
|
40
|
+
secret: process.env.JWT_SECRET || 'default-jwt-secret',
|
|
41
|
+
});
|
|
42
|
+
req.user = payload;
|
|
43
|
+
}
|
|
44
|
+
catch {
|
|
45
|
+
// Token invalid/expired — don't populate user, auth guard will handle
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
next();
|
|
50
|
+
}
|
|
51
|
+
};
|
|
52
|
+
exports.ExtractUserMiddleware = ExtractUserMiddleware;
|
|
53
|
+
exports.ExtractUserMiddleware = ExtractUserMiddleware = __decorate([
|
|
54
|
+
(0, common_1.Injectable)(),
|
|
55
|
+
__metadata("design:paramtypes", [jwt_1.JwtService])
|
|
56
|
+
], ExtractUserMiddleware);
|
|
57
|
+
//# sourceMappingURL=extract-user.middleware.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"extract-user.middleware.js","sourceRoot":"","sources":["../../src/auth/extract-user.middleware.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4D;AAE5D,qCAAyC;AAEzC;;;;;;;;;;;GAWG;AAEI,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IACH;IAA7B,YAA6B,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;IAAG,CAAC;IAEvD,GAAG,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB;QAClD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC;QAC9C,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAClC,+DAA+D;YAC/D,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE;wBAC5C,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,oBAAoB;qBACvD,CAAC,CAAC;oBACF,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAC9B,CAAC;gBAAC,MAAM,CAAC;oBACP,sEAAsE;gBACxE,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,EAAE,CAAC;IACT,CAAC;CACF,CAAA;AArBY,sDAAqB;gCAArB,qBAAqB;IADjC,IAAA,mBAAU,GAAE;qCAE8B,gBAAU;GADxC,qBAAqB,CAqBjC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import { Reflector } from '@nestjs/core';
|
|
3
|
+
import { DeveloperTokenRepository } from '../../database/repositories/developer-token.repository';
|
|
4
|
+
import { DeveloperRepository } from '../../database/repositories/developer.repository';
|
|
5
|
+
declare const JwtAuthGuard_base: import("@nestjs/passport").Type<import("@nestjs/passport").IAuthGuard>;
|
|
6
|
+
export declare class JwtAuthGuard extends JwtAuthGuard_base {
|
|
7
|
+
private readonly developerTokenRepo;
|
|
8
|
+
private readonly developerRepo;
|
|
9
|
+
private readonly reflector;
|
|
10
|
+
constructor(developerTokenRepo: DeveloperTokenRepository, developerRepo: DeveloperRepository, reflector: Reflector);
|
|
11
|
+
canActivate(context: ExecutionContext): Promise<boolean>;
|
|
12
|
+
}
|
|
13
|
+
export {};
|
|
14
|
+
//# sourceMappingURL=jwt-auth.guard.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt-auth.guard.d.ts","sourceRoot":"","sources":["../../../src/auth/guards/jwt-auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,gBAAgB,EAAyB,MAAM,gBAAgB,CAAC;AACrF,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAGzC,OAAO,EAAE,wBAAwB,EAAE,MAAM,wDAAwD,CAAC;AAClG,OAAO,EAAE,mBAAmB,EAAE,MAAM,kDAAkD,CAAC;;AAGvF,qBACa,YAAa,SAAQ,iBAAgB;IAE9C,OAAO,CAAC,QAAQ,CAAC,kBAAkB;IACnC,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAFT,kBAAkB,EAAE,wBAAwB,EAC5C,aAAa,EAAE,mBAAmB,EAClC,SAAS,EAAE,SAAS;IAKjC,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAmF/D"}
|
|
@@ -0,0 +1,139 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
19
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
20
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
21
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
22
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
23
|
+
};
|
|
24
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
25
|
+
var ownKeys = function(o) {
|
|
26
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
27
|
+
var ar = [];
|
|
28
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
29
|
+
return ar;
|
|
30
|
+
};
|
|
31
|
+
return ownKeys(o);
|
|
32
|
+
};
|
|
33
|
+
return function (mod) {
|
|
34
|
+
if (mod && mod.__esModule) return mod;
|
|
35
|
+
var result = {};
|
|
36
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
37
|
+
__setModuleDefault(result, mod);
|
|
38
|
+
return result;
|
|
39
|
+
};
|
|
40
|
+
})();
|
|
41
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
42
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
43
|
+
};
|
|
44
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
45
|
+
exports.JwtAuthGuard = void 0;
|
|
46
|
+
const common_1 = require("@nestjs/common");
|
|
47
|
+
const core_1 = require("@nestjs/core");
|
|
48
|
+
const passport_1 = require("@nestjs/passport");
|
|
49
|
+
const crypto = __importStar(require("node:crypto"));
|
|
50
|
+
const developer_token_repository_1 = require("../../database/repositories/developer-token.repository");
|
|
51
|
+
const developer_repository_1 = require("../../database/repositories/developer.repository");
|
|
52
|
+
const allow_totp_setup_decorator_1 = require("../decorators/allow-totp-setup.decorator");
|
|
53
|
+
let JwtAuthGuard = class JwtAuthGuard extends (0, passport_1.AuthGuard)('jwt') {
|
|
54
|
+
developerTokenRepo;
|
|
55
|
+
developerRepo;
|
|
56
|
+
reflector;
|
|
57
|
+
constructor(developerTokenRepo, developerRepo, reflector) {
|
|
58
|
+
super();
|
|
59
|
+
this.developerTokenRepo = developerTokenRepo;
|
|
60
|
+
this.developerRepo = developerRepo;
|
|
61
|
+
this.reflector = reflector;
|
|
62
|
+
}
|
|
63
|
+
async canActivate(context) {
|
|
64
|
+
// Try JWT first
|
|
65
|
+
try {
|
|
66
|
+
const result = await super.canActivate(context);
|
|
67
|
+
if (result) {
|
|
68
|
+
// Check if the token has a restricted scope
|
|
69
|
+
const request = context.switchToHttp().getRequest();
|
|
70
|
+
const user = request.user;
|
|
71
|
+
if (user?.scope === 'totp_setup') {
|
|
72
|
+
const allowTotpSetup = this.reflector.getAllAndOverride(allow_totp_setup_decorator_1.ALLOW_TOTP_SETUP_KEY, [context.getHandler(), context.getClass()]);
|
|
73
|
+
if (!allowTotpSetup) {
|
|
74
|
+
throw new common_1.UnauthorizedException('This token can only be used for TOTP setup');
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
return true;
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
catch (err) {
|
|
81
|
+
// If it's our own scope rejection, re-throw immediately
|
|
82
|
+
if (err instanceof common_1.UnauthorizedException &&
|
|
83
|
+
(err.message === 'This token can only be used for TOTP setup')) {
|
|
84
|
+
throw err;
|
|
85
|
+
}
|
|
86
|
+
// JWT failed — try PAT below
|
|
87
|
+
}
|
|
88
|
+
// Fallback: try Personal Access Token
|
|
89
|
+
const request = context.switchToHttp().getRequest();
|
|
90
|
+
const authHeader = request.headers?.authorization;
|
|
91
|
+
if (!authHeader?.startsWith('Bearer ')) {
|
|
92
|
+
throw new common_1.UnauthorizedException();
|
|
93
|
+
}
|
|
94
|
+
const rawToken = authHeader.slice(7);
|
|
95
|
+
// PAT tokens are 64-char hex strings; JWTs are much longer and contain dots
|
|
96
|
+
if (rawToken.includes('.') || rawToken.length !== 64) {
|
|
97
|
+
throw new common_1.UnauthorizedException();
|
|
98
|
+
}
|
|
99
|
+
const tokenHash = crypto
|
|
100
|
+
.createHash('sha256')
|
|
101
|
+
.update(rawToken)
|
|
102
|
+
.digest('hex');
|
|
103
|
+
const tokenRecord = this.developerTokenRepo.findByTokenHash(tokenHash);
|
|
104
|
+
if (!tokenRecord || tokenRecord.status !== 'active') {
|
|
105
|
+
throw new common_1.UnauthorizedException();
|
|
106
|
+
}
|
|
107
|
+
// Check expiration — reject tokens with unparseable expiresAt values
|
|
108
|
+
if (tokenRecord.expiresAt) {
|
|
109
|
+
const expiry = new Date(tokenRecord.expiresAt);
|
|
110
|
+
if (isNaN(expiry.getTime())) {
|
|
111
|
+
throw new common_1.UnauthorizedException('Token has invalid expiration');
|
|
112
|
+
}
|
|
113
|
+
if (expiry < new Date()) {
|
|
114
|
+
throw new common_1.UnauthorizedException('Token expired');
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
// Load the developer
|
|
118
|
+
const developer = this.developerRepo.findById(tokenRecord.developerId);
|
|
119
|
+
if (!developer || developer.status !== 'active') {
|
|
120
|
+
throw new common_1.UnauthorizedException();
|
|
121
|
+
}
|
|
122
|
+
// Attach user to request (same shape as JWT payload)
|
|
123
|
+
request.user = {
|
|
124
|
+
sub: developer.id,
|
|
125
|
+
name: developer.name,
|
|
126
|
+
role: developer.role,
|
|
127
|
+
jti: `pat-${tokenRecord.id}`,
|
|
128
|
+
};
|
|
129
|
+
return true;
|
|
130
|
+
}
|
|
131
|
+
};
|
|
132
|
+
exports.JwtAuthGuard = JwtAuthGuard;
|
|
133
|
+
exports.JwtAuthGuard = JwtAuthGuard = __decorate([
|
|
134
|
+
(0, common_1.Injectable)(),
|
|
135
|
+
__metadata("design:paramtypes", [developer_token_repository_1.DeveloperTokenRepository,
|
|
136
|
+
developer_repository_1.DeveloperRepository,
|
|
137
|
+
core_1.Reflector])
|
|
138
|
+
], JwtAuthGuard);
|
|
139
|
+
//# sourceMappingURL=jwt-auth.guard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt-auth.guard.js","sourceRoot":"","sources":["../../../src/auth/guards/jwt-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAAqF;AACrF,uCAAyC;AACzC,+CAA6C;AAC7C,oDAAsC;AACtC,uGAAkG;AAClG,2FAAuF;AACvF,yFAAgF;AAGzE,IAAM,YAAY,GAAlB,MAAM,YAAa,SAAQ,IAAA,oBAAS,EAAC,KAAK,CAAC;IAE7B;IACA;IACA;IAHnB,YACmB,kBAA4C,EAC5C,aAAkC,EAClC,SAAoB;QAErC,KAAK,EAAE,CAAC;QAJS,uBAAkB,GAAlB,kBAAkB,CAA0B;QAC5C,kBAAa,GAAb,aAAa,CAAqB;QAClC,cAAS,GAAT,SAAS,CAAW;IAGvC,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,gBAAgB;QAChB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAO,KAAK,CAAC,WAAW,CAAC,OAAO,CAAsB,CAAC;YACtE,IAAI,MAAM,EAAE,CAAC;gBACX,4CAA4C;gBAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;gBACpD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;gBAC1B,IAAI,IAAI,EAAE,KAAK,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CACrD,iDAAoB,EACpB,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAC3C,CAAC;oBACF,IAAI,CAAC,cAAc,EAAE,CAAC;wBACpB,MAAM,IAAI,8BAAqB,CAC7B,4CAA4C,CAC7C,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,wDAAwD;YACxD,IACE,GAAG,YAAY,8BAAqB;gBACpC,CAAC,GAAG,CAAC,OAAO,KAAK,4CAA4C,CAAC,EAC9D,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,6BAA6B;QAC/B,CAAC;QAED,sCAAsC;QACtC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC;QAClD,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACpC,CAAC;QAED,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAErC,4EAA4E;QAC5E,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACrD,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACpC,CAAC;QAED,MAAM,SAAS,GAAG,MAAM;aACrB,UAAU,CAAC,QAAQ,CAAC;aACpB,MAAM,CAAC,QAAQ,CAAC;aAChB,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjB,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QACvE,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACpD,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACpC,CAAC;QAED,qEAAqE;QACrE,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YAC/C,IAAI,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,8BAAqB,CAAC,8BAA8B,CAAC,CAAC;YAClE,CAAC;YACD,IAAI,MAAM,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBACxB,MAAM,IAAI,8BAAqB,CAAC,eAAe,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QACvE,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACpC,CAAC;QAED,qDAAqD;QACrD,OAAO,CAAC,IAAI,GAAG;YACb,GAAG,EAAE,SAAS,CAAC,EAAE;YACjB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,GAAG,EAAE,OAAO,WAAW,CAAC,EAAE,EAAE;SAC7B,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AA5FY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;qCAG4B,qDAAwB;QAC7B,0CAAmB;QACvB,gBAAS;GAJ5B,YAAY,CA4FxB"}
|