@point3/logto-module 1.0.5 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client/__tests__/m2m-client.spec.js +14 -16
- package/dist/client/__tests__/m2m-client.spec.js.map +1 -1
- package/dist/client/__tests__/oauth-client.spec.js +15 -17
- package/dist/client/__tests__/oauth-client.spec.js.map +1 -1
- package/dist/client/config.js +4 -7
- package/dist/client/config.js.map +1 -1
- package/dist/client/index.js +5 -21
- package/dist/client/index.js.map +1 -1
- package/dist/client/logto-login-session.js +17 -23
- package/dist/client/logto-login-session.js.map +1 -1
- package/dist/client/m2m-client.js +29 -33
- package/dist/client/m2m-client.js.map +1 -1
- package/dist/client/oauth-client.js +26 -32
- package/dist/client/oauth-client.js.map +1 -1
- package/dist/client/types.js +10 -17
- package/dist/client/types.js.map +1 -1
- package/dist/errors.js +8 -19
- package/dist/errors.js.map +1 -1
- package/dist/index.js +4 -40
- package/dist/index.js.map +1 -1
- package/dist/module.js +19 -23
- package/dist/module.js.map +1 -1
- package/dist/stateless/decorator.js +4 -7
- package/dist/stateless/decorator.js.map +1 -1
- package/dist/stateless/guard.js +19 -55
- package/dist/stateless/guard.js.map +1 -1
- package/dist/stateless/guard.spec.js +22 -24
- package/dist/stateless/guard.spec.js.map +1 -1
- package/dist/stateless/index.js +2 -18
- package/dist/stateless/index.js.map +1 -1
- package/dist/token/access-token.js +1 -5
- package/dist/token/access-token.js.map +1 -1
- package/dist/token/index.js +2 -18
- package/dist/token/index.js.map +1 -1
- package/dist/token/verifier.js +15 -18
- package/dist/token/verifier.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/tsconfig.json +23 -22
package/dist/token/index.js
CHANGED
|
@@ -1,19 +1,3 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
-
};
|
|
16
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./access-token"), exports);
|
|
18
|
-
__exportStar(require("./verifier"), exports);
|
|
1
|
+
export * from "./access-token";
|
|
2
|
+
export * from "./verifier";
|
|
19
3
|
//# sourceMappingURL=index.js.map
|
package/dist/token/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../token/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../token/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC"}
|
package/dist/token/verifier.js
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
2
|
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
3
|
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
@@ -11,22 +10,20 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
11
10
|
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
11
|
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
12
|
};
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
const
|
|
18
|
-
const jose_1 = require("jose");
|
|
19
|
-
exports.LogtoTokenVerifierToken = Symbol.for("LogtoTokenVerifier");
|
|
13
|
+
import { Global, Inject, Injectable, UnauthorizedException } from "@nestjs/common";
|
|
14
|
+
import { ConfigService } from "@nestjs/config";
|
|
15
|
+
import { jwtVerify, createRemoteJWKSet } from "jose";
|
|
16
|
+
export const LogtoTokenVerifierToken = Symbol.for("LogtoTokenVerifier");
|
|
20
17
|
let LogtoTokenVerifier = class LogtoTokenVerifier {
|
|
21
18
|
constructor(configService) {
|
|
22
19
|
this.configService = configService;
|
|
23
20
|
}
|
|
24
21
|
async verifyToken(token, requiredScopes, requiredRoles) {
|
|
25
22
|
if (!token)
|
|
26
|
-
throw new
|
|
23
|
+
throw new UnauthorizedException('엑세스 토큰이 존재하지 않습니다.');
|
|
27
24
|
const jwksUri = this.configService.get("LOGTO_JWKS_URI") ?? 'http://localhost:3001/oidc/jwks';
|
|
28
25
|
const issuer = this.configService.get("LOGTO_AUTH_ISSUER");
|
|
29
|
-
const { payload } = await
|
|
26
|
+
const { payload } = await jwtVerify(token, createRemoteJWKSet(new URL(jwksUri)), { issuer });
|
|
30
27
|
const tokenPayload = payload;
|
|
31
28
|
if (requiredScopes || requiredRoles) {
|
|
32
29
|
this.shouldContainRequiredPrivileges(tokenPayload, requiredScopes, requiredRoles);
|
|
@@ -36,17 +33,17 @@ let LogtoTokenVerifier = class LogtoTokenVerifier {
|
|
|
36
33
|
async verifyIdToken(token) {
|
|
37
34
|
const jwksUri = process.env.LOGTO_JWKS_URI ?? 'http://localhost:3001/oidc/jwks';
|
|
38
35
|
const issuer = process.env.LOGTO_AUTH_ISSUER;
|
|
39
|
-
const { payload } = await
|
|
36
|
+
const { payload } = await jwtVerify(token, createRemoteJWKSet(new URL(jwksUri)), { issuer });
|
|
40
37
|
return payload;
|
|
41
38
|
}
|
|
42
39
|
shouldContainRequiredPrivileges(payload, requiredScopes, requiredRoles) {
|
|
43
40
|
const { userScopes, userRoles } = payload;
|
|
44
41
|
const scopes = userScopes?.flat() ?? [];
|
|
45
42
|
if (this.hasInsufficientScopes(requiredScopes, scopes)) {
|
|
46
|
-
throw new
|
|
43
|
+
throw new UnauthorizedException({ code: 'auth.insufficient_scope', status: 403 }, { cause: requiredScopes });
|
|
47
44
|
}
|
|
48
45
|
if (this.hasInsufficientRoles(requiredRoles, userRoles)) {
|
|
49
|
-
throw new
|
|
46
|
+
throw new UnauthorizedException({ code: 'auth.role_mismatch', status: 403 }, { cause: requiredRoles });
|
|
50
47
|
}
|
|
51
48
|
}
|
|
52
49
|
hasInsufficientScopes(requiredScopes, userScopes) {
|
|
@@ -56,11 +53,11 @@ let LogtoTokenVerifier = class LogtoTokenVerifier {
|
|
|
56
53
|
return !!(requiredRoles && requiredRoles.length > 0 && !requiredRoles.some(role => userRoles.includes(role)));
|
|
57
54
|
}
|
|
58
55
|
};
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
(
|
|
62
|
-
(0,
|
|
63
|
-
|
|
64
|
-
__metadata("design:paramtypes", [config_1.ConfigService])
|
|
56
|
+
LogtoTokenVerifier = __decorate([
|
|
57
|
+
Global(),
|
|
58
|
+
Injectable(),
|
|
59
|
+
__param(0, Inject(ConfigService)),
|
|
60
|
+
__metadata("design:paramtypes", [ConfigService])
|
|
65
61
|
], LogtoTokenVerifier);
|
|
62
|
+
export { LogtoTokenVerifier };
|
|
66
63
|
//# sourceMappingURL=verifier.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../token/verifier.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../token/verifier.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AACnF,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,MAAM,CAAC;AAIrD,MAAM,CAAC,MAAM,uBAAuB,GAAG,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;AAIjE,IAAM,kBAAkB,GAAxB,MAAM,kBAAkB;IAC3B,YAEqB,aAA4B;QAA5B,kBAAa,GAAb,aAAa,CAAe;IAC7C,CAAC;IAYE,KAAK,CAAC,WAAW,CAAC,KAAa,EAAE,cAAyB,EAAE,aAAwB;QACvF,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,qBAAqB,CAAC,oBAAoB,CAAC,CAAC;QAElE,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,gBAAgB,CAAC,IAAI,iCAAiC,CAAC;QACtG,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,mBAAmB,CAAC,CAAC;QAEnE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAC/B,KAAK,EAAE,kBAAkB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,EAC3C,EAAE,MAAM,EAAE,CACb,CAAC;QAEF,MAAM,YAAY,GAAG,OAAmC,CAAC;QAEzD,IAAI,cAAc,IAAI,aAAa,EAAE,CAAC;YAClC,IAAI,CAAC,+BAA+B,CAChC,YAAY,EAAE,cAAc,EAAE,aAAa,CAAC,CAAC;QACrD,CAAC;QAED,OAAO,YAAY,CAAC;IACxB,CAAC;IAOM,KAAK,CAAC,aAAa,CAAC,KAAa;QACpC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,iCAAiC,CAAC;QAChF,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAE7C,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAC/B,KAAK,EACL,kBAAkB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,EACpC,EAAE,MAAM,EAAE,CACb,CAAC;QACF,OAAO,OAA+B,CAAC;IAC3C,CAAC;IAQO,+BAA+B,CACnC,OAAiC,EACjC,cAAyB,EACzB,aAAwB;QAExB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QAC1C,MAAM,MAAM,GAAG,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QAExC,IAAI,IAAI,CAAC,qBAAqB,CAAC,cAAc,EAAE,MAAM,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,qBAAqB,CAC3B,EAAE,IAAI,EAAE,yBAAyB,EAAE,MAAM,EAAE,GAAG,EAAE,EAChD,EAAE,KAAK,EAAE,cAAc,EAAE,CAC5B,CAAC;QACN,CAAC;QAED,IAAI,IAAI,CAAC,oBAAoB,CAAC,aAAa,EAAE,SAAS,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,qBAAqB,CAC3B,EAAE,IAAI,EAAE,oBAAoB,EAAE,MAAM,EAAE,GAAG,EAAE,EAC3C,EAAE,KAAK,EAAE,aAAa,EAAE,CAC3B,CAAC;QACN,CAAC;IACL,CAAC;IAEO,qBAAqB,CAAC,cAAoC,EAAE,UAAoB;QACpF,OAAO,CAAC,CAAC,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACzH,CAAC;IAEO,oBAAoB,CAAC,aAAmC,EAAE,SAAmB;QACjF,OAAO,CAAC,CAAC,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClH,CAAC;CACJ,CAAA;AA1FY,kBAAkB;IAF9B,MAAM,EAAE;IACR,UAAU,EAAE;IAGJ,WAAA,MAAM,CAAC,aAAa,CAAC,CAAA;qCACU,aAAa;GAHxC,kBAAkB,CA0F9B"}
|