@pristine-ts/jwt 4.0.4 → 4.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -4,6 +4,11 @@ exports.InvalidJwtError = void 0;
4
4
  const common_1 = require("@pristine-ts/common");
5
5
  /**
6
6
  * This Error is thrown when you try to decode a JWT but the token is invalid.
7
+ *
8
+ * An invalid (missing signature, malformed, wrong issuer, …) token means the caller is
9
+ * not authenticated, so this surfaces as a `401 UNAUTHORIZED` — a client should send the
10
+ * user to login. An *expired* token is handled separately as a `TokenExpiredError`
11
+ * (`401 TOKEN_EXPIRED`) so the client can attempt a refresh instead.
7
12
  */
8
13
  class InvalidJwtError extends common_1.PristineError {
9
14
  /**
@@ -16,13 +21,17 @@ class InvalidJwtError extends common_1.PristineError {
16
21
  * @param publicKey The public key used to decode the JWT.
17
22
  */
18
23
  constructor(message, previousError, request, token, algorithm, publicKey) {
19
- super(message, { details: {
24
+ super(message, {
25
+ code: common_1.PristineErrorCode.Unauthorized,
26
+ httpStatus: 401,
27
+ details: {
20
28
  request,
21
29
  previousError,
22
30
  token,
23
31
  algorithm,
24
32
  publicKey,
25
- } });
33
+ },
34
+ });
26
35
  }
27
36
  }
28
37
  exports.InvalidJwtError = InvalidJwtError;
@@ -1 +1 @@
1
- {"version":3,"file":"invalid-jwt.error.js","sourceRoot":"","sources":["../../../../src/errors/invalid-jwt.error.ts"],"names":[],"mappings":";;;AAAA,gDAA2D;AAE3D;;GAEG;AACH,MAAa,eAAgB,SAAQ,sBAAa;IAEhD;;;;;;;;OAQG;IACH,YAAmB,OAAe,EAAE,aAAoB,EAAE,OAAgB,EAAE,KAAa,EAAE,SAAiB,EAAE,SAAiB;QAC7H,KAAK,CAAC,OAAO,EAAE,EAAC,OAAO,EAAE;gBACvB,OAAO;gBACP,aAAa;gBACb,KAAK;gBACL,SAAS;gBACT,SAAS;aACV,EAAC,CAAC,CAAC;IAAE,CAAC;CACV;AAnBD,0CAmBC"}
1
+ {"version":3,"file":"invalid-jwt.error.js","sourceRoot":"","sources":["../../../../src/errors/invalid-jwt.error.ts"],"names":[],"mappings":";;;AAAA,gDAA8E;AAE9E;;;;;;;GAOG;AACH,MAAa,eAAgB,SAAQ,sBAAa;IAEhD;;;;;;;;OAQG;IACH,YAAmB,OAAe,EAAE,aAAoB,EAAE,OAAgB,EAAE,KAAa,EAAE,SAAiB,EAAE,SAAiB;QAC7H,KAAK,CAAC,OAAO,EAAE;YACb,IAAI,EAAE,0BAAiB,CAAC,YAAY;YACpC,UAAU,EAAE,GAAG;YACf,OAAO,EAAE;gBACP,OAAO;gBACP,aAAa;gBACb,KAAK;gBACL,SAAS;gBACT,SAAS;aACV;SACF,CAAC,CAAC;IAAE,CAAC;CACT;AAvBD,0CAuBC"}
@@ -4,6 +4,10 @@ exports.JwtAuthorizationHeaderError = void 0;
4
4
  const common_1 = require("@pristine-ts/common");
5
5
  /**
6
6
  * This Error is thrown when there's you try to decode a JWT in a request but the AuthorizationHeader is missing.
7
+ *
8
+ * A missing (or malformed) Authorization header means the caller never presented a
9
+ * token, so this surfaces as a `401 UNAUTHORIZED` — the client should send the user to
10
+ * login rather than attempt a token refresh.
7
11
  */
8
12
  class JwtAuthorizationHeaderError extends common_1.PristineError {
9
13
  /**
@@ -12,9 +16,13 @@ class JwtAuthorizationHeaderError extends common_1.PristineError {
12
16
  * @param request The request that is missing the AuthorizationHeader.
13
17
  */
14
18
  constructor(message, request) {
15
- super(message, { details: {
19
+ super(message, {
20
+ code: common_1.PristineErrorCode.Unauthorized,
21
+ httpStatus: 401,
22
+ details: {
16
23
  request,
17
- } });
24
+ },
25
+ });
18
26
  }
19
27
  }
20
28
  exports.JwtAuthorizationHeaderError = JwtAuthorizationHeaderError;
@@ -1 +1 @@
1
- {"version":3,"file":"jwt-authorization-header.error.js","sourceRoot":"","sources":["../../../../src/errors/jwt-authorization-header.error.ts"],"names":[],"mappings":";;;AAAA,gDAA2D;AAE3D;;GAEG;AACH,MAAa,2BAA4B,SAAQ,sBAAa;IAC5D;;;;OAIG;IACH,YAAmB,OAAe,EAAE,OAAgB;QAClD,KAAK,CAAC,OAAO,EAAE,EAAC,OAAO,EAAE;gBACvB,OAAO;aACR,EAAC,CAAC,CAAC;IAAE,CAAC;CACV;AAVD,kEAUC"}
1
+ {"version":3,"file":"jwt-authorization-header.error.js","sourceRoot":"","sources":["../../../../src/errors/jwt-authorization-header.error.ts"],"names":[],"mappings":";;;AAAA,gDAA8E;AAE9E;;;;;;GAMG;AACH,MAAa,2BAA4B,SAAQ,sBAAa;IAC5D;;;;OAIG;IACH,YAAmB,OAAe,EAAE,OAAgB;QAClD,KAAK,CAAC,OAAO,EAAE;YACb,IAAI,EAAE,0BAAiB,CAAC,YAAY;YACpC,UAAU,EAAE,GAAG;YACf,OAAO,EAAE;gBACP,OAAO;aACR;SACF,CAAC,CAAC;IAAE,CAAC;CACT;AAdD,kEAcC"}
@@ -25,14 +25,21 @@ let JwtProtectedGuard = class JwtProtectedGuard {
25
25
  }
26
26
  /**
27
27
  * Verifies if the JWT is valid and authorizes access if it is.
28
+ *
29
+ * On failure it does NOT swallow the error into a `false`: it propagates the typed error
30
+ * raised by the `JwtManager` (a `TokenExpiredError` → 401 TOKEN_EXPIRED, an
31
+ * `InvalidJwtError`/`JwtAuthorizationHeaderError` → 401 UNAUTHORIZED). The
32
+ * `AuthorizerManager` re-throws those typed auth errors so the client receives the
33
+ * precise code and can tell "refresh the token" from "log in" — a bare `false` would
34
+ * collapse every case into an indistinguishable 403.
28
35
  * @param request
29
36
  * @param identity
30
37
  */
31
38
  isAuthorized(request, identity) {
32
- return new Promise((resolve) => {
39
+ return new Promise((resolve, reject) => {
33
40
  this.jwtManager.validateAndDecode(request)
34
41
  .then(value => resolve(true))
35
- .catch(reason => resolve(false));
42
+ .catch(reason => reject(reason));
36
43
  });
37
44
  }
38
45
  /**
@@ -1 +1 @@
1
- {"version":3,"file":"jwt-protected.guard.js","sourceRoot":"","sources":["../../../../src/guards/jwt-protected.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,uCAA4C;AAE5C,gDAAuE;AAGvE;;GAEG;AAEI,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAI5B,YAA2C,UAAgD;QAA/B,eAAU,GAAV,UAAU,CAAqB;QAHpF,YAAO,GAAG,eAAe,CAAC;IAIjC,CAAC;IAED;;;;OAIG;IAEH,YAAY,CAAC,OAAgB,EAAE,QAA4B;QACzD,OAAO,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,EAAE;YACtC,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC;iBACvC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;iBAC5B,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,OAAY;QACrB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC;QAE5B,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF,CAAA;AA9BY,8CAAiB;AAa5B;IADC,IAAA,eAAM,GAAE;;qCACa,gBAAO;;qDAM5B;4BAnBU,iBAAiB;IAD7B,IAAA,qBAAU,GAAE;IAKE,WAAA,IAAA,iBAAM,EAAC,qBAAqB,CAAC,CAAA;;GAJ/B,iBAAiB,CA8B7B"}
1
+ {"version":3,"file":"jwt-protected.guard.js","sourceRoot":"","sources":["../../../../src/guards/jwt-protected.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,uCAA4C;AAE5C,gDAAuE;AAGvE;;GAEG;AAEI,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAI5B,YAA2C,UAAgD;QAA/B,eAAU,GAAV,UAAU,CAAqB;QAHpF,YAAO,GAAG,eAAe,CAAC;IAIjC,CAAC;IAED;;;;;;;;;;;OAWG;IAEH,YAAY,CAAC,OAAgB,EAAE,QAA4B;QACzD,OAAO,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC9C,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC;iBACvC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;iBAC5B,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,OAAY;QACrB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC;QAE5B,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF,CAAA;AArCY,8CAAiB;AAoB5B;IADC,IAAA,eAAM,GAAE;;qCACa,gBAAO;;qDAM5B;4BA1BU,iBAAiB;IAD7B,IAAA,qBAAU,GAAE;IAKE,WAAA,IAAA,iBAAM,EAAC,qBAAqB,CAAC,CAAA;;GAJ/B,iBAAiB,CAqC7B"}
@@ -50,6 +50,12 @@ let JwtManager = class JwtManager {
50
50
  algorithms: [this.algorithm],
51
51
  }, (err, decoded) => {
52
52
  if (err) {
53
+ // `jsonwebtoken` names the expiry error `TokenExpiredError`. Surface it as a
54
+ // `TokenExpiredError` (401 TOKEN_EXPIRED) so a client can attempt a refresh,
55
+ // versus an invalid token (401 UNAUTHORIZED) which means "log in".
56
+ if (err.name === "TokenExpiredError") {
57
+ return reject(new common_1.TokenExpiredError("The JWT has expired.", { cause: err, details: { request } }));
58
+ }
53
59
  return reject(new invalid_jwt_error_1.InvalidJwtError("The JWT is invalid.", err, request, token, this.algorithm, this.publicKey));
54
60
  }
55
61
  return resolve(decoded);
@@ -1 +1 @@
1
- {"version":3,"file":"jwt.manager.js","sourceRoot":"","sources":["../../../../src/managers/jwt.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,4BAAyB;AACzB,uCAA4C;AAC5C,sEAA+D;AAC/D,gDAA6E;AAE7E,+CAA8C;AAC9C,6FAAqF;AACrF,mEAA4D;AAE5D,8DAAuD;AAEvD;;GAEG;AAII,IAAM,UAAU,GAAhB,MAAM,UAAU;IACrB;;;;;;OAMG;IACH,YACiE,SAAiB,EACjB,SAAoB,EACnB,UAAmB,EACnB,UAAmB;QAHpB,cAAS,GAAT,SAAS,CAAQ;QACjB,cAAS,GAAT,SAAS,CAAW;QACnB,eAAU,GAAV,UAAU,CAAS;QACnB,eAAU,GAAV,UAAU,CAAS;IAErF,CAAC;IAED;;;OAGG;IACI,iBAAiB,CAAC,OAAgB;QACvC,OAAO,IAAI,OAAO,CAAM,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,6BAA6B,CAAC,OAAO,CAAC,CAAC;gBAE1D,IAAA,qBAAM,EAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE;oBAC5B,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;iBAC7B,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;oBAClB,IAAI,GAAG,EAAE,CAAC;wBACR,OAAO,MAAM,CAAC,IAAI,mCAAe,CAAC,qBAAqB,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;oBACjH,CAAC;oBAED,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC;gBAC1B,CAAC,CAAC,CAAA;YAEJ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACK,6BAA6B,CAAC,OAAgB;QACpD,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,KAAK,KAAK,EAAE,CAAC;YAClF,MAAM,IAAI,4DAA2B,CAAC,uDAAuD,EAAE,OAAO,CAAC,CAAC;QAC1G,CAAC;QAED,MAAM,mBAAmB,GAAG,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAE/D,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,4DAA2B,CAAC,uDAAuD,EAAE,OAAO,CAAC,CAAC;QAC1G,CAAC;QAED,IAAI,mBAAmB,CAAC,UAAU,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,CAAC;YACxD,MAAM,IAAI,4DAA2B,CAAC,gEAAgE,EAAE,OAAO,CAAC,CAAA;QAClH,CAAC;QAED,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACnE,CAAC;CACF,CAAA;AA/DY,gCAAU;qBAAV,UAAU;IAHtB,IAAA,qBAAY,EAAC,qCAAgB,CAAC;IAC9B,IAAA,YAAG,EAAC,qBAAqB,CAAC;IAC1B,IAAA,qBAAU,GAAE;IAUR,WAAA,IAAA,qBAAY,EAAC,6CAAoB,CAAC,SAAS,CAAC,CAAA;IAC5C,WAAA,IAAA,qBAAY,EAAC,6CAAoB,CAAC,SAAS,CAAC,CAAA;IAC5C,WAAA,IAAA,qBAAY,EAAC,6CAAoB,CAAC,UAAU,CAAC,CAAA;IAC7C,WAAA,IAAA,qBAAY,EAAC,6CAAoB,CAAC,UAAU,CAAC,CAAA;;GAZrC,UAAU,CA+DtB"}
1
+ {"version":3,"file":"jwt.manager.js","sourceRoot":"","sources":["../../../../src/managers/jwt.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,4BAAyB;AACzB,uCAA4C;AAC5C,sEAA+D;AAC/D,gDAAgG;AAEhG,+CAA8C;AAC9C,6FAAqF;AACrF,mEAA4D;AAE5D,8DAAuD;AAEvD;;GAEG;AAII,IAAM,UAAU,GAAhB,MAAM,UAAU;IACrB;;;;;;OAMG;IACH,YACiE,SAAiB,EACjB,SAAoB,EACnB,UAAmB,EACnB,UAAmB;QAHpB,cAAS,GAAT,SAAS,CAAQ;QACjB,cAAS,GAAT,SAAS,CAAW;QACnB,eAAU,GAAV,UAAU,CAAS;QACnB,eAAU,GAAV,UAAU,CAAS;IAErF,CAAC;IAED;;;OAGG;IACI,iBAAiB,CAAC,OAAgB;QACvC,OAAO,IAAI,OAAO,CAAM,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,6BAA6B,CAAC,OAAO,CAAC,CAAC;gBAE1D,IAAA,qBAAM,EAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE;oBAC5B,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;iBAC7B,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;oBAClB,IAAI,GAAG,EAAE,CAAC;wBACR,6EAA6E;wBAC7E,6EAA6E;wBAC7E,mEAAmE;wBACnE,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;4BACrC,OAAO,MAAM,CAAC,IAAI,0BAAiB,CAAC,sBAAsB,EAAE,EAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAC,OAAO,EAAC,EAAC,CAAC,CAAC,CAAC;wBACjG,CAAC;wBAED,OAAO,MAAM,CAAC,IAAI,mCAAe,CAAC,qBAAqB,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;oBACjH,CAAC;oBAED,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC;gBAC1B,CAAC,CAAC,CAAA;YAEJ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACK,6BAA6B,CAAC,OAAgB;QACpD,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,KAAK,KAAK,EAAE,CAAC;YAClF,MAAM,IAAI,4DAA2B,CAAC,uDAAuD,EAAE,OAAO,CAAC,CAAC;QAC1G,CAAC;QAED,MAAM,mBAAmB,GAAG,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAE/D,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,4DAA2B,CAAC,uDAAuD,EAAE,OAAO,CAAC,CAAC;QAC1G,CAAC;QAED,IAAI,mBAAmB,CAAC,UAAU,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,CAAC;YACxD,MAAM,IAAI,4DAA2B,CAAC,gEAAgE,EAAE,OAAO,CAAC,CAAA;QAClH,CAAC;QAED,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACnE,CAAC;CACF,CAAA;AAtEY,gCAAU;qBAAV,UAAU;IAHtB,IAAA,qBAAY,EAAC,qCAAgB,CAAC;IAC9B,IAAA,YAAG,EAAC,qBAAqB,CAAC;IAC1B,IAAA,qBAAU,GAAE;IAUR,WAAA,IAAA,qBAAY,EAAC,6CAAoB,CAAC,SAAS,CAAC,CAAA;IAC5C,WAAA,IAAA,qBAAY,EAAC,6CAAoB,CAAC,SAAS,CAAC,CAAA;IAC5C,WAAA,IAAA,qBAAY,EAAC,6CAAoB,CAAC,UAAU,CAAC,CAAA;IAC7C,WAAA,IAAA,qBAAY,EAAC,6CAAoB,CAAC,UAAU,CAAC,CAAA;;GAZrC,UAAU,CAsEtB"}
@@ -1,6 +1,11 @@
1
- import { PristineError } from "@pristine-ts/common";
1
+ import { PristineError, PristineErrorCode } from "@pristine-ts/common";
2
2
  /**
3
3
  * This Error is thrown when you try to decode a JWT but the token is invalid.
4
+ *
5
+ * An invalid (missing signature, malformed, wrong issuer, …) token means the caller is
6
+ * not authenticated, so this surfaces as a `401 UNAUTHORIZED` — a client should send the
7
+ * user to login. An *expired* token is handled separately as a `TokenExpiredError`
8
+ * (`401 TOKEN_EXPIRED`) so the client can attempt a refresh instead.
4
9
  */
5
10
  export class InvalidJwtError extends PristineError {
6
11
  /**
@@ -13,13 +18,17 @@ export class InvalidJwtError extends PristineError {
13
18
  * @param publicKey The public key used to decode the JWT.
14
19
  */
15
20
  constructor(message, previousError, request, token, algorithm, publicKey) {
16
- super(message, { details: {
21
+ super(message, {
22
+ code: PristineErrorCode.Unauthorized,
23
+ httpStatus: 401,
24
+ details: {
17
25
  request,
18
26
  previousError,
19
27
  token,
20
28
  algorithm,
21
29
  publicKey,
22
- } });
30
+ },
31
+ });
23
32
  }
24
33
  }
25
34
  //# sourceMappingURL=invalid-jwt.error.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"invalid-jwt.error.js","sourceRoot":"","sources":["../../../../src/errors/invalid-jwt.error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAU,MAAM,qBAAqB,CAAC;AAE3D;;GAEG;AACH,MAAM,OAAO,eAAgB,SAAQ,aAAa;IAEhD;;;;;;;;OAQG;IACH,YAAmB,OAAe,EAAE,aAAoB,EAAE,OAAgB,EAAE,KAAa,EAAE,SAAiB,EAAE,SAAiB;QAC7H,KAAK,CAAC,OAAO,EAAE,EAAC,OAAO,EAAE;gBACvB,OAAO;gBACP,aAAa;gBACb,KAAK;gBACL,SAAS;gBACT,SAAS;aACV,EAAC,CAAC,CAAC;IAAE,CAAC;CACV"}
1
+ {"version":3,"file":"invalid-jwt.error.js","sourceRoot":"","sources":["../../../../src/errors/invalid-jwt.error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAE,iBAAiB,EAAU,MAAM,qBAAqB,CAAC;AAE9E;;;;;;;GAOG;AACH,MAAM,OAAO,eAAgB,SAAQ,aAAa;IAEhD;;;;;;;;OAQG;IACH,YAAmB,OAAe,EAAE,aAAoB,EAAE,OAAgB,EAAE,KAAa,EAAE,SAAiB,EAAE,SAAiB;QAC7H,KAAK,CAAC,OAAO,EAAE;YACb,IAAI,EAAE,iBAAiB,CAAC,YAAY;YACpC,UAAU,EAAE,GAAG;YACf,OAAO,EAAE;gBACP,OAAO;gBACP,aAAa;gBACb,KAAK;gBACL,SAAS;gBACT,SAAS;aACV;SACF,CAAC,CAAC;IAAE,CAAC;CACT"}
@@ -1,6 +1,10 @@
1
- import { PristineError } from "@pristine-ts/common";
1
+ import { PristineError, PristineErrorCode } from "@pristine-ts/common";
2
2
  /**
3
3
  * This Error is thrown when there's you try to decode a JWT in a request but the AuthorizationHeader is missing.
4
+ *
5
+ * A missing (or malformed) Authorization header means the caller never presented a
6
+ * token, so this surfaces as a `401 UNAUTHORIZED` — the client should send the user to
7
+ * login rather than attempt a token refresh.
4
8
  */
5
9
  export class JwtAuthorizationHeaderError extends PristineError {
6
10
  /**
@@ -9,9 +13,13 @@ export class JwtAuthorizationHeaderError extends PristineError {
9
13
  * @param request The request that is missing the AuthorizationHeader.
10
14
  */
11
15
  constructor(message, request) {
12
- super(message, { details: {
16
+ super(message, {
17
+ code: PristineErrorCode.Unauthorized,
18
+ httpStatus: 401,
19
+ details: {
13
20
  request,
14
- } });
21
+ },
22
+ });
15
23
  }
16
24
  }
17
25
  //# sourceMappingURL=jwt-authorization-header.error.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"jwt-authorization-header.error.js","sourceRoot":"","sources":["../../../../src/errors/jwt-authorization-header.error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAU,MAAM,qBAAqB,CAAC;AAE3D;;GAEG;AACH,MAAM,OAAO,2BAA4B,SAAQ,aAAa;IAC5D;;;;OAIG;IACH,YAAmB,OAAe,EAAE,OAAgB;QAClD,KAAK,CAAC,OAAO,EAAE,EAAC,OAAO,EAAE;gBACvB,OAAO;aACR,EAAC,CAAC,CAAC;IAAE,CAAC;CACV"}
1
+ {"version":3,"file":"jwt-authorization-header.error.js","sourceRoot":"","sources":["../../../../src/errors/jwt-authorization-header.error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAE,iBAAiB,EAAU,MAAM,qBAAqB,CAAC;AAE9E;;;;;;GAMG;AACH,MAAM,OAAO,2BAA4B,SAAQ,aAAa;IAC5D;;;;OAIG;IACH,YAAmB,OAAe,EAAE,OAAgB;QAClD,KAAK,CAAC,OAAO,EAAE;YACb,IAAI,EAAE,iBAAiB,CAAC,YAAY;YACpC,UAAU,EAAE,GAAG;YACf,OAAO,EAAE;gBACP,OAAO;aACR;SACF,CAAC,CAAC;IAAE,CAAC;CACT"}
@@ -22,14 +22,21 @@ let JwtProtectedGuard = class JwtProtectedGuard {
22
22
  }
23
23
  /**
24
24
  * Verifies if the JWT is valid and authorizes access if it is.
25
+ *
26
+ * On failure it does NOT swallow the error into a `false`: it propagates the typed error
27
+ * raised by the `JwtManager` (a `TokenExpiredError` → 401 TOKEN_EXPIRED, an
28
+ * `InvalidJwtError`/`JwtAuthorizationHeaderError` → 401 UNAUTHORIZED). The
29
+ * `AuthorizerManager` re-throws those typed auth errors so the client receives the
30
+ * precise code and can tell "refresh the token" from "log in" — a bare `false` would
31
+ * collapse every case into an indistinguishable 403.
25
32
  * @param request
26
33
  * @param identity
27
34
  */
28
35
  isAuthorized(request, identity) {
29
- return new Promise((resolve) => {
36
+ return new Promise((resolve, reject) => {
30
37
  this.jwtManager.validateAndDecode(request)
31
38
  .then(value => resolve(true))
32
- .catch(reason => resolve(false));
39
+ .catch(reason => reject(reason));
33
40
  });
34
41
  }
35
42
  /**
@@ -1 +1 @@
1
- {"version":3,"file":"jwt-protected.guard.js","sourceRoot":"","sources":["../../../../src/guards/jwt-protected.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAC,MAAM,EAAE,UAAU,EAAC,MAAM,UAAU,CAAC;AAE5C,OAAO,EAAoB,OAAO,EAAE,MAAM,EAAC,MAAM,qBAAqB,CAAC;AAGvE;;GAEG;AAEI,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAI5B,YAA2C,UAAgD;QAA/B,eAAU,GAAV,UAAU,CAAqB;QAHpF,YAAO,GAAG,eAAe,CAAC;IAIjC,CAAC;IAED;;;;OAIG;IAEH,YAAY,CAAC,OAAgB,EAAE,QAA4B;QACzD,OAAO,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,EAAE;YACtC,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC;iBACvC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;iBAC5B,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,OAAY;QACrB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC;QAE5B,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF,CAAA;AAjBC;IADC,MAAM,EAAE;;qCACa,OAAO;;qDAM5B;AAnBU,iBAAiB;IAD7B,UAAU,EAAE;IAKE,WAAA,MAAM,CAAC,qBAAqB,CAAC,CAAA;;GAJ/B,iBAAiB,CA8B7B"}
1
+ {"version":3,"file":"jwt-protected.guard.js","sourceRoot":"","sources":["../../../../src/guards/jwt-protected.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAC,MAAM,EAAE,UAAU,EAAC,MAAM,UAAU,CAAC;AAE5C,OAAO,EAAoB,OAAO,EAAE,MAAM,EAAC,MAAM,qBAAqB,CAAC;AAGvE;;GAEG;AAEI,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAI5B,YAA2C,UAAgD;QAA/B,eAAU,GAAV,UAAU,CAAqB;QAHpF,YAAO,GAAG,eAAe,CAAC;IAIjC,CAAC;IAED;;;;;;;;;;;OAWG;IAEH,YAAY,CAAC,OAAgB,EAAE,QAA4B;QACzD,OAAO,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC9C,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC;iBACvC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;iBAC5B,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,OAAY;QACrB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC;QAE5B,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF,CAAA;AAjBC;IADC,MAAM,EAAE;;qCACa,OAAO;;qDAM5B;AA1BU,iBAAiB;IAD7B,UAAU,EAAE;IAKE,WAAA,MAAM,CAAC,qBAAqB,CAAC,CAAA;;GAJ/B,iBAAiB,CAqC7B"}
@@ -13,7 +13,7 @@ var __param = (this && this.__param) || function (paramIndex, decorator) {
13
13
  import "reflect-metadata";
14
14
  import { injectable } from "tsyringe";
15
15
  import { JwtConfigurationKeys } from "../jwt.configuration-keys";
16
- import { injectConfig, moduleScoped, tag } from "@pristine-ts/common";
16
+ import { injectConfig, moduleScoped, tag, TokenExpiredError } from "@pristine-ts/common";
17
17
  import { verify } from "jsonwebtoken";
18
18
  import { JwtAuthorizationHeaderError } from "../errors/jwt-authorization-header.error";
19
19
  import { InvalidJwtError } from "../errors/invalid-jwt.error";
@@ -47,6 +47,12 @@ let JwtManager = class JwtManager {
47
47
  algorithms: [this.algorithm],
48
48
  }, (err, decoded) => {
49
49
  if (err) {
50
+ // `jsonwebtoken` names the expiry error `TokenExpiredError`. Surface it as a
51
+ // `TokenExpiredError` (401 TOKEN_EXPIRED) so a client can attempt a refresh,
52
+ // versus an invalid token (401 UNAUTHORIZED) which means "log in".
53
+ if (err.name === "TokenExpiredError") {
54
+ return reject(new TokenExpiredError("The JWT has expired.", { cause: err, details: { request } }));
55
+ }
50
56
  return reject(new InvalidJwtError("The JWT is invalid.", err, request, token, this.algorithm, this.publicKey));
51
57
  }
52
58
  return resolve(decoded);
@@ -1 +1 @@
1
- {"version":3,"file":"jwt.manager.js","sourceRoot":"","sources":["../../../../src/managers/jwt.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,kBAAkB,CAAA;AACzB,OAAO,EAAS,UAAU,EAAC,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAC,oBAAoB,EAAC,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAC,YAAY,EAAE,YAAY,EAAW,GAAG,EAAC,MAAM,qBAAqB,CAAC;AAE7E,OAAO,EAAY,MAAM,EAAC,MAAM,cAAc,CAAA;AAC9C,OAAO,EAAC,2BAA2B,EAAC,MAAM,0CAA0C,CAAC;AACrF,OAAO,EAAC,eAAe,EAAC,MAAM,6BAA6B,CAAC;AAE5D,OAAO,EAAC,gBAAgB,EAAC,MAAM,uBAAuB,CAAC;AAEvD;;GAEG;AAII,IAAM,UAAU,GAAhB,MAAM,UAAU;IACrB;;;;;;OAMG;IACH,YACiE,SAAiB,EACjB,SAAoB,EACnB,UAAmB,EACnB,UAAmB;QAHpB,cAAS,GAAT,SAAS,CAAQ;QACjB,cAAS,GAAT,SAAS,CAAW;QACnB,eAAU,GAAV,UAAU,CAAS;QACnB,eAAU,GAAV,UAAU,CAAS;IAErF,CAAC;IAED;;;OAGG;IACI,iBAAiB,CAAC,OAAgB;QACvC,OAAO,IAAI,OAAO,CAAM,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,6BAA6B,CAAC,OAAO,CAAC,CAAC;gBAE1D,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE;oBAC5B,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;iBAC7B,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;oBAClB,IAAI,GAAG,EAAE,CAAC;wBACR,OAAO,MAAM,CAAC,IAAI,eAAe,CAAC,qBAAqB,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;oBACjH,CAAC;oBAED,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC;gBAC1B,CAAC,CAAC,CAAA;YAEJ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACK,6BAA6B,CAAC,OAAgB;QACpD,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,KAAK,KAAK,EAAE,CAAC;YAClF,MAAM,IAAI,2BAA2B,CAAC,uDAAuD,EAAE,OAAO,CAAC,CAAC;QAC1G,CAAC;QAED,MAAM,mBAAmB,GAAG,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAE/D,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,2BAA2B,CAAC,uDAAuD,EAAE,OAAO,CAAC,CAAC;QAC1G,CAAC;QAED,IAAI,mBAAmB,CAAC,UAAU,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,CAAC;YACxD,MAAM,IAAI,2BAA2B,CAAC,gEAAgE,EAAE,OAAO,CAAC,CAAA;QAClH,CAAC;QAED,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACnE,CAAC;CACF,CAAA;AA/DY,UAAU;IAHtB,YAAY,CAAC,gBAAgB,CAAC;IAC9B,GAAG,CAAC,qBAAqB,CAAC;IAC1B,UAAU,EAAE;IAUR,WAAA,YAAY,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAA;IAC5C,WAAA,YAAY,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAA;IAC5C,WAAA,YAAY,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAA;IAC7C,WAAA,YAAY,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAA;;GAZrC,UAAU,CA+DtB"}
1
+ {"version":3,"file":"jwt.manager.js","sourceRoot":"","sources":["../../../../src/managers/jwt.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,kBAAkB,CAAA;AACzB,OAAO,EAAS,UAAU,EAAC,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAC,oBAAoB,EAAC,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAC,YAAY,EAAE,YAAY,EAAW,GAAG,EAAE,iBAAiB,EAAC,MAAM,qBAAqB,CAAC;AAEhG,OAAO,EAAY,MAAM,EAAC,MAAM,cAAc,CAAA;AAC9C,OAAO,EAAC,2BAA2B,EAAC,MAAM,0CAA0C,CAAC;AACrF,OAAO,EAAC,eAAe,EAAC,MAAM,6BAA6B,CAAC;AAE5D,OAAO,EAAC,gBAAgB,EAAC,MAAM,uBAAuB,CAAC;AAEvD;;GAEG;AAII,IAAM,UAAU,GAAhB,MAAM,UAAU;IACrB;;;;;;OAMG;IACH,YACiE,SAAiB,EACjB,SAAoB,EACnB,UAAmB,EACnB,UAAmB;QAHpB,cAAS,GAAT,SAAS,CAAQ;QACjB,cAAS,GAAT,SAAS,CAAW;QACnB,eAAU,GAAV,UAAU,CAAS;QACnB,eAAU,GAAV,UAAU,CAAS;IAErF,CAAC;IAED;;;OAGG;IACI,iBAAiB,CAAC,OAAgB;QACvC,OAAO,IAAI,OAAO,CAAM,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,6BAA6B,CAAC,OAAO,CAAC,CAAC;gBAE1D,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE;oBAC5B,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;iBAC7B,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;oBAClB,IAAI,GAAG,EAAE,CAAC;wBACR,6EAA6E;wBAC7E,6EAA6E;wBAC7E,mEAAmE;wBACnE,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;4BACrC,OAAO,MAAM,CAAC,IAAI,iBAAiB,CAAC,sBAAsB,EAAE,EAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAC,OAAO,EAAC,EAAC,CAAC,CAAC,CAAC;wBACjG,CAAC;wBAED,OAAO,MAAM,CAAC,IAAI,eAAe,CAAC,qBAAqB,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;oBACjH,CAAC;oBAED,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC;gBAC1B,CAAC,CAAC,CAAA;YAEJ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACK,6BAA6B,CAAC,OAAgB;QACpD,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,KAAK,KAAK,EAAE,CAAC;YAClF,MAAM,IAAI,2BAA2B,CAAC,uDAAuD,EAAE,OAAO,CAAC,CAAC;QAC1G,CAAC;QAED,MAAM,mBAAmB,GAAG,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAE/D,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,2BAA2B,CAAC,uDAAuD,EAAE,OAAO,CAAC,CAAC;QAC1G,CAAC;QAED,IAAI,mBAAmB,CAAC,UAAU,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,CAAC;YACxD,MAAM,IAAI,2BAA2B,CAAC,gEAAgE,EAAE,OAAO,CAAC,CAAA;QAClH,CAAC;QAED,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACnE,CAAC;CACF,CAAA;AAtEY,UAAU;IAHtB,YAAY,CAAC,gBAAgB,CAAC;IAC9B,GAAG,CAAC,qBAAqB,CAAC;IAC1B,UAAU,EAAE;IAUR,WAAA,YAAY,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAA;IAC5C,WAAA,YAAY,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAA;IAC5C,WAAA,YAAY,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAA;IAC7C,WAAA,YAAY,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAA;;GAZrC,UAAU,CAsEtB"}