@simplysm/service-server 13.0.0-beta.11

package/README.md

@@ -0,0 +1,587 @@
+# @simplysm/service-server
+
+A Fastify-based HTTP/WebSocket server package. Provides server features needed for full-stack applications, including RPC-style service invocation, JWT authentication, file upload, static file serving, and real-time events.
+
+Used together with `@simplysm/service-client` to configure WebSocket/HTTP communication between client and server.
+
+## Installation
+
+```bash
+npm install @simplysm/service-server
+# or
+pnpm add @simplysm/service-server
+```
+
+## Main Modules
+
+### Core Classes
+
+| Module | Path | Description |
+|------|------|------|
+| `ServiceServer` | `service-server.ts` | Main server class. Creates Fastify instance and configures routes/plugins |
+| `ServiceBase` | `core/service-base.ts` | Service base abstract class. All custom services must inherit from this |
+| `ServiceExecutor` | `core/service-executor.ts` | Internal executor that handles service method discovery, auth checks, and execution |
+
+### Authentication
+
+| Module | Path | Description |
+|------|------|------|
+| `JwtManager` | `auth/jwt-manager.ts` | JWT token generation/verification/decoding based on jose library (HS256, 12-hour expiration) |
+| `Authorize` | `auth/auth.decorators.ts` | Stage 3 decorator. Sets authentication permissions at class or method level |
+| `AuthTokenPayload` | `auth/auth-token-payload.ts` | JWT payload interface (includes `roles`, `data`) |
+
+### Transport Layer - WebSocket
+
+| Module | Path | Description |
+|------|------|------|
+| `WebSocketHandler` | `transport/socket/websocket-handler.ts` | Handles WebSocket connection management, message routing, and event distribution |
+| `ServiceSocket` | `transport/socket/service-socket.ts` | Wraps individual WebSocket connections. Manages ping/pong, protocol encoding/decoding, event listener management |
+
+### Transport Layer - HTTP
+
+| Module | Path | Description |
+|------|------|------|
+| `HttpRequestHandler` | `transport/http/http-request-handler.ts` | Calls service methods via HTTP at `/api/:service/:method` route |
+| `UploadHandler` | `transport/http/upload-handler.ts` | Handles multipart file upload at `/upload` route (auth required) |
+| `StaticFileHandler` | `transport/http/static-file-handler.ts` | Serves static files. Prevents path traversal and blocks hidden files |
+
+### Protocol
+
+| Module | Path | Description |
+|------|------|------|
+| `ProtocolWrapper` | `protocol/protocol-wrapper.ts` | Message encoding/decoding wrapper. Messages over 30KB are processed in worker threads |
+
+### Built-in Services
+
+| Module | Path | Description |
+|------|------|------|
+| `OrmService` | `services/orm-service.ts` | DB connection/transaction/query execution (WebSocket only, auth required) |
+| `CryptoService` | `services/crypto-service.ts` | SHA256 hash and AES-256-CBC encryption/decryption |
+| `SmtpService` | `services/smtp-service.ts` | nodemailer-based email sending |
+| `AutoUpdateService` | `services/auto-update-service.ts` | App auto-update (provides latest version query and download path) |
+
+### Utilities
+
+| Module | Path | Description |
+|------|------|------|
+| `ConfigManager` | `utils/config-manager.ts` | JSON config file loading/caching/real-time monitoring (auto expiration based on LazyGcMap) |
+
+### Legacy
+
+| Module | Path | Description |
+|------|------|------|
+| `handleV1Connection` | `legacy/v1-auto-update-handler.ts` | V1 protocol client compatibility handling (supports auto-update only) |
+
+## Usage
+
+### Basic Server Configuration
+
+```typescript
+import { ServiceServer } from "@simplysm/service-server";
+
+const server = new ServiceServer({
+  port: 8080,
+  rootPath: "/app/data",
+  services: [MyService],
+});
+
+// Start server
+await server.listen();
+
+// Receive events
+server.on("ready", () => {
+  console.log("Server ready");
+});
+
+server.on("close", () => {
+  console.log("Server closed");
+});
+
+// Close server
+await server.close();
+```
+
+### Server Options (`ServiceServerOptions`)
+
+```typescript
+interface ServiceServerOptions {
+  /** Server root path (base directory for static files and config files) */
+  rootPath: string;
+  /** Listen port */
+  port: number;
+  /** SSL/TLS config (enables HTTPS) */
+  ssl?: {
+    pfxBytes: Uint8Array;
+    passphrase: string;
+  };
+  /** JWT authentication config */
+  auth?: {
+    jwtSecret: string;
+  };
+  /** List of service classes to register */
+  services: Type<ServiceBase>[];
+}
+```
+
+The following structure is expected under `rootPath`:
+
+```
+rootPath/
+  .config.json        # Root config file
+  www/                # Static file root
+    uploads/          # Upload file storage directory
+    {clientName}/     # Per-client directory
+      .config.json    # Per-client config file
+      index.html
+```
+
+### SSL/HTTPS Server
+
+```typescript
+import { fsReadFile } from "@simplysm/core-node";
+
+const pfxBytes = await fsReadFile("/path/to/cert.pfx");
+
+const server = new ServiceServer({
+  port: 443,
+  rootPath: "/app/data",
+  ssl: {
+    pfxBytes,
+    passphrase: "certificate-password",
+  },
+  auth: { jwtSecret: "my-secret-key" },
+  services: [],
+});
+
+await server.listen();
+```
+
+### Custom Service Definition
+
+Define services by inheriting from `ServiceBase`. Service methods are called via RPC from the client.
+
+```typescript
+import { ServiceBase } from "@simplysm/service-server";
+
+class MyService extends ServiceBase {
+  async hello(name: string): Promise<string> {
+    return `Hello, ${name}!`;
+  }
+
+  async getServerTime(): Promise<Date> {
+    return new Date();
+  }
+}
+```
+
+Context accessible within services:
+
+| Property | Type | Description |
+|------|------|------|
+| `this.server` | `ServiceServer` | Server instance reference |
+| `this.socket` | `ServiceSocket \| undefined` | WebSocket connection (`undefined` for HTTP calls) |
+| `this.http` | `{ clientName, authTokenPayload? }` | HTTP request context |
+| `this.authInfo` | `TAuthInfo \| undefined` | Authenticated user info |
+| `this.clientName` | `string \| undefined` | Client app name |
+| `this.clientPath` | `string \| undefined` | Per-client directory path |
+
+### Config File Reference
+
+Read sections from `.config.json` files using `ServiceBase.getConfig()`. Root and per-client configs are automatically merged.
+
+```typescript
+class MyService extends ServiceBase {
+  async getDbHost(): Promise<string> {
+    // Read "mySection" key from rootPath/.config.json or clientPath/.config.json
+    const config = await this.getConfig<{ host: string }>("mySection");
+    return config.host;
+  }
+}
+```
+
+`.config.json` example:
+
+```json
+{
+  "mySection": {
+    "host": "localhost"
+  },
+  "orm": {
+    "default": {
+      "dialect": "mysql",
+      "host": "localhost",
+      "port": 3306,
+      "database": "mydb",
+      "user": "root",
+      "password": "password"
+    }
+  }
+}
+```
+
+`ConfigManager` caches config files and automatically refreshes the cache on file changes (LazyGcMap-based, auto expires after 1 hour).
+
+### Authentication (`Authorize` Decorator)
+
+Use Stage 3 decorators to set authentication requirements on services or methods. Only works when `ServiceServerOptions.auth` is configured.
+
+```typescript
+import { ServiceBase, Authorize } from "@simplysm/service-server";
+
+// Class level: all methods require login
+@Authorize()
+class UserService extends ServiceBase<{ userId: number; role: string }> {
+  // Login only required (inherits from class level)
+  async getProfile(): Promise<unknown> {
+    const userId = this.authInfo?.userId;
+    // ...
+  }
+
+  // Method level: specific role required (overrides class level)
+  @Authorize(["admin"])
+  async deleteUser(targetId: number): Promise<void> {
+    // Only users with admin role can call
+  }
+}
+
+// No authentication required (no decorator)
+class PublicService extends ServiceBase {
+  async healthCheck(): Promise<string> {
+    return "OK";
+  }
+}
+```
+
+Decorator behavior:
+
+| Target | `@Authorize()` | `@Authorize(["admin"])` |
+|-----------|----------------|-------------------------|
+| Class | All methods require login | All methods require admin role |
+| Method | Method requires login | Method requires admin role |
+| None | No auth required (Public) | - |
+
+Method-level decorators override class-level settings.
+
+### JWT Token Management
+
+Generate and verify JWT tokens through the `ServiceServer` instance.
+
+```typescript
+// Generate token (12-hour expiration, HS256 algorithm)
+const token = await server.generateAuthToken({
+  roles: ["admin", "user"],
+  data: { userId: 1, name: "홍길동" },
+});
+
+// Verify token
+const payload = await server.verifyAuthToken(token);
+// payload.roles: ["admin", "user"]
+// payload.data: { userId: 1, name: "홍길동" }
+```
+
+`AuthTokenPayload` interface:
+
+```typescript
+interface AuthTokenPayload<TAuthInfo = unknown> extends JWTPayload {
+  /** User role list (used for permission check in Authorize decorator) */
+  roles: string[];
+  /** Custom auth info (generic type) */
+  data: TAuthInfo;
+}
+```
+
+### HTTP API Call
+
+Service methods can also be called via HTTP through the `/api/:service/:method` path.
+
+**GET Request:**
+
+```
+GET /api/MyService/hello?json=["World"]
+Header: x-sd-client-name: my-app
+Header: Authorization: Bearer <token>  (optional)
+```
+
+**POST Request:**
+
+```
+POST /api/MyService/hello
+Header: Content-Type: application/json
+Header: x-sd-client-name: my-app
+Header: Authorization: Bearer <token>  (optional)
+Body: ["World"]
+```
+
+- The `x-sd-client-name` header is required.
+- Parameters are passed in array form (in the order of method arguments).
+- For GET requests, pass a JSON-serialized array in the `json` query parameter.
+
+### File Upload
+
+Upload files via multipart request to the `/upload` endpoint. Auth token is required.
+
+```typescript
+// Client-side example
+const formData = new FormData();
+formData.append("file", file);
+
+const response = await fetch("/upload", {
+  method: "POST",
+  headers: {
+    Authorization: `Bearer ${token}`,
+  },
+  body: formData,
+});
+
+// Response: ServiceUploadResult[]
+const results = await response.json();
+// [{ path: "uploads/uuid.ext", filename: "original-filename.ext", size: 12345 }]
+```
+
+Uploaded files are stored in the `rootPath/www/uploads/` directory with UUID-based filenames.
+
+### Real-time Event Publishing
+
+Publish events to connected clients from the server.
+
+```typescript
+import { ServiceEventListener } from "@simplysm/service-common";
+
+// Event definition (from service-common)
+class OrderUpdatedEvent extends ServiceEventListener<
+  { orderId: number },
+  { status: string }
+> {
+  readonly eventName = "OrderUpdatedEvent";
+}
+
+// Publish event from server
+await server.emitEvent(
+  OrderUpdatedEvent,
+  (info) => info.orderId === 123,    // Target filter
+  { status: "completed" },           // Data to send
+);
+
+// Send reload command to all clients
+await server.broadcastReload("my-app", new Set(["main.js"]));
+```
+
+### Built-in Service: OrmService
+
+Provides database connection/query/transaction via WebSocket. `@Authorize()` decorator is applied, requiring login.
+
+```typescript
+const server = new ServiceServer({
+  port: 8080,
+  rootPath: "/app/data",
+  auth: { jwtSecret: "secret" },
+  services: [OrmService],
+});
+```
+
+Define ORM config in `.config.json`:
+
+```json
+{
+  "orm": {
+    "default": {
+      "dialect": "mysql",
+      "host": "localhost",
+      "port": 3306,
+      "database": "mydb",
+      "user": "root",
+      "password": "password"
+    }
+  }
+}
+```
+
+Methods provided by `OrmService`:
+
+| Method | Description |
+|--------|------|
+| `getInfo(opt)` | Query DB connection info (dialect, database, schema) |
+| `connect(opt)` | Create DB connection. Returns connection ID |
+| `close(connId)` | Close DB connection |
+| `beginTransaction(connId, isolationLevel?)` | Begin transaction |
+| `commitTransaction(connId)` | Commit transaction |
+| `rollbackTransaction(connId)` | Rollback transaction |
+| `executeParametrized(connId, query, params?)` | Execute parameterized query |
+| `executeDefs(connId, defs, options?)` | Execute QueryDef-based queries |
+| `bulkInsert(connId, tableName, columnDefs, records)` | Bulk INSERT |
+
+When a WebSocket connection is closed, all DB connections opened from that socket are automatically cleaned up.
+
+### Built-in Service: CryptoService
+
+Provides SHA256 hash and AES-256-CBC symmetric key encryption/decryption.
+
+```typescript
+const server = new ServiceServer({
+  port: 8080,
+  rootPath: "/app/data",
+  services: [CryptoService],
+});
+```
+
+`.config.json` config:
+
+```json
+{
+  "crypto": {
+    "key": "your-32-byte-secret-key-here!!"
+  }
+}
+```
+
+| Method | Description |
+|--------|------|
+| `encrypt(data)` | Generate SHA256 HMAC hash (one-way) |
+| `encryptAes(data)` | AES-256-CBC encryption. Returns hex string in `iv:encrypted` format |
+| `decryptAes(encText)` | AES-256-CBC decryption. Returns original binary |
+
+### Built-in Service: SmtpService
+
+A nodemailer-based email sending service. Can pass SMTP config directly or reference server config file.
+
+```typescript
+const server = new ServiceServer({
+  port: 8080,
+  rootPath: "/app/data",
+  services: [SmtpService],
+});
+```
+
+`.config.json` config (when using config reference method):
+
+```json
+{
+  "smtp": {
+    "default": {
+      "host": "smtp.example.com",
+      "port": 587,
+      "secure": false,
+      "user": "user@example.com",
+      "pass": "password",
+      "senderName": "My App",
+      "senderEmail": "noreply@example.com"
+    }
+  }
+}
+```
+
+| Method | Description |
+|--------|------|
+| `send(options)` | Send email by directly passing SMTP config |
+| `sendByConfig(configName, options)` | Send email by referencing SMTP config in config file |
+
+`send()` options:
+
+```typescript
+interface SmtpSendOption {
+  host: string;
+  port?: number;
+  secure?: boolean;
+  user?: string;
+  pass?: string;
+  from: string;
+  to: string;
+  cc?: string;
+  bcc?: string;
+  subject: string;
+  html: string;
+  attachments?: SmtpSendAttachment[];
+}
+```
+
+### Built-in Service: AutoUpdateService
+
+Supports auto-update for client apps. Searches for latest version files by platform in the client directory.
+
+```typescript
+const server = new ServiceServer({
+  port: 8080,
+  rootPath: "/app/data",
+  services: [AutoUpdateService],
+});
+```
+
+Update file structure:
+
+```
+rootPath/www/{clientName}/{platform}/updates/
+  1.0.0.exe    (Windows)
+  1.0.1.exe
+  1.0.0.apk    (Android)
+  1.0.1.apk
+```
+
+| Method | Description |
+|--------|------|
+| `getLastVersion(platform)` | Returns latest version and download path for the platform. Returns `undefined` if no update |
+
+Return value:
+
+```typescript
+{
+  version: string;       // e.g., "1.0.1"
+  downloadPath: string;  // e.g., "/my-app/android/updates/1.0.1.apk"
+}
+```
+
+### ConfigManager
+
+A static utility class that manages loading, caching, and real-time monitoring of JSON config files. Used internally by `ServiceBase.getConfig()`.
+
+```typescript
+import { ConfigManager } from "@simplysm/service-server";
+
+const config = await ConfigManager.getConfig<MyConfig>("/path/to/.config.json");
+```
+
+Behavior:
+- Caches file in `LazyGcMap` on first load.
+- Registers file change watch (`FsWatcher`) to auto-refresh cache on changes.
+- Cache auto-expires after 1 hour of no access, and associated watch is released.
+
+### ProtocolWrapper
+
+Handles encoding/decoding of WebSocket messages. Automatically branches between main thread and worker thread based on message size.
+
+| Condition | Processing Method |
+|------|-----------|
+| 30KB or less | Processed directly in main thread |
+| Over 30KB | Processed in worker thread (max 4GB memory allocation) |
+
+Messages containing large binary data (Uint8Array) also branch to worker thread.
+
+## Server Route Structure
+
+The following routes are automatically registered when `ServiceServer.listen()` is called:
+
+| Route | Method | Description |
+|--------|--------|------|
+| `/api/:service/:method` | GET, POST | Service method call via HTTP |
+| `/upload` | POST | Multipart file upload (auth required) |
+| `/` | WebSocket | WebSocket connection endpoint |
+| `/ws` | WebSocket | WebSocket connection endpoint (alias) |
+| `/*` | GET, etc. | Static file serving (based on `rootPath/www/`) |
+
+## Security
+
+- **Helmet**: `@fastify/helmet` plugin automatically sets security headers like CSP, HSTS.
+- **CORS**: `@fastify/cors` plugin configures CORS.
+- **Path Traversal Prevention**: Static file handler and client name validation block `..`, `/`, `\` characters.
+- **Hidden File Blocking**: Files starting with `.` return a 403 response.
+- **Graceful Shutdown**: Detects `SIGINT`/`SIGTERM` signals to safely close open WebSocket connections and server (10-second timeout).
+
+## Caveats
+
+- `OrmService` is WebSocket-only. Cannot be used via HTTP requests.
+- Config files (`.config.json`) contain sensitive information (DB passwords, JWT secrets, etc.), so hidden files (starting with `.`) are automatically blocked by the static file handler.
+- WebSocket connection requires query parameters `ver=2`, `clientId`, `clientName`. Without these parameters, it operates in V1 legacy mode.
+- If SSL is not configured, the `upgrade-insecure-requests` CSP directive is disabled.
+
+## License
+
+Apache-2.0

package/dist/auth/auth-token-payload.js

@@ -0,0 +1 @@
+//# sourceMappingURL=auth-token-payload.js.map

package/dist/auth/auth-token-payload.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": [],
+  "sourcesContent": [],
+  "mappings": "",
+  "names": []
+}

package/dist/auth/auth.decorators.js

@@ -0,0 +1,46 @@
+const classAuthMap = /* @__PURE__ */ new WeakMap();
+const methodAuthMap = /* @__PURE__ */ new WeakMap();
+const pendingMethodAuth = /* @__PURE__ */ new Map();
+function Authorize(permissions = []) {
+  return function(target, context) {
+    if (context.kind === "class") {
+      classAuthMap.set(target, permissions);
+      const className = context.name ?? "";
+      const pending = pendingMethodAuth.get(className);
+      if (pending != null) {
+        let methodMap = methodAuthMap.get(target);
+        if (methodMap == null) {
+          methodMap = /* @__PURE__ */ new Map();
+          methodAuthMap.set(target, methodMap);
+        }
+        for (const { permissions: perms, methodName } of pending) {
+          methodMap.set(methodName, perms);
+        }
+        pendingMethodAuth.delete(className);
+      }
+    } else {
+      const methodName = String(context.name);
+      context.addInitializer(function() {
+        const ctor = this.constructor;
+        let methodMap = methodAuthMap.get(ctor);
+        if (methodMap == null) {
+          methodMap = /* @__PURE__ */ new Map();
+          methodAuthMap.set(ctor, methodMap);
+        }
+        methodMap.set(methodName, permissions);
+      });
+    }
+  };
+}
+function getAuthPermissions(ctor, methodName) {
+  if (methodName != null) {
+    const perms = methodAuthMap.get(ctor)?.get(methodName);
+    if (perms != null) return perms;
+  }
+  return classAuthMap.get(ctor);
+}
+export {
+  Authorize,
+  getAuthPermissions
+};
+//# sourceMappingURL=auth.decorators.js.map

package/dist/auth/auth.decorators.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/auth/auth.decorators.ts"],
+  "sourcesContent": ["// WeakMap \uAE30\uBC18 \uBA54\uD0C0\uB370\uC774\uD130 \uC800\uC7A5 (reflect-metadata \uBBF8\uC0AC\uC6A9)\nconst classAuthMap = new WeakMap<Function, string[]>();\nconst methodAuthMap = new WeakMap<Function, Map<string, string[]>>();\n\n// \uBA54\uC18C\uB4DC \uB370\uCF54\uB808\uC774\uD130\uC5D0\uC11C \uD074\uB798\uC2A4 \uC0DD\uC131\uC790\uB97C \uB098\uC911\uC5D0 \uC5F0\uACB0\uD558\uAE30 \uC704\uD55C \uC784\uC2DC \uC800\uC7A5\uC18C\nconst pendingMethodAuth = new Map<string, { permissions: string[]; methodName: string }[]>();\n\n/**\n * \uC778\uC99D \uAD8C\uD55C\uC744 \uC124\uC815\uD558\uB294 \uB370\uCF54\uB808\uC774\uD130 (Stage 3 Decorators)\n * - \uD074\uB798\uC2A4 \uB808\uBCA8: \uBAA8\uB4E0 \uBA54\uC18C\uB4DC\uC5D0 \uAE30\uBCF8 \uAD8C\uD55C \uC801\uC6A9\n * - \uBA54\uC18C\uB4DC \uB808\uBCA8: \uD574\uB2F9 \uBA54\uC18C\uB4DC\uC5D0\uB9CC \uAD8C\uD55C \uC801\uC6A9 (\uD074\uB798\uC2A4 \uB808\uBCA8 \uC624\uBC84\uB77C\uC774\uB4DC)\n *\n * @param permissions \uD544\uC694\uD55C \uAD8C\uD55C \uBAA9\uB85D (\uBE48 \uBC30\uC5F4: \uB85C\uADF8\uC778\uB9CC \uD544\uC694)\n */\nexport function Authorize(permissions: string[] = []) {\n  return function <T extends Function | ((...args: unknown[]) => unknown)>(\n    target: T,\n    context: ClassDecoratorContext | ClassMethodDecoratorContext,\n  ): T | void {\n    if (context.kind === \"class\") {\n      // \uD074\uB798\uC2A4 \uB808\uBCA8\n      classAuthMap.set(target as Function, permissions);\n\n      // \uB300\uAE30 \uC911\uC778 \uBA54\uC18C\uB4DC \uAD8C\uD55C \uC5F0\uACB0\n      const className = context.name ?? \"\";\n      const pending = pendingMethodAuth.get(className);\n      if (pending != null) {\n        let methodMap = methodAuthMap.get(target as Function);\n        if (methodMap == null) {\n          methodMap = new Map();\n          methodAuthMap.set(target as Function, methodMap);\n        }\n        for (const { permissions: perms, methodName } of pending) {\n          methodMap.set(methodName, perms);\n        }\n        pendingMethodAuth.delete(className);\n      }\n    } else {\n      // \uBA54\uC18C\uB4DC \uB808\uBCA8 - \uD074\uB798\uC2A4 \uB370\uCF54\uB808\uC774\uD130\uAC00 \uB098\uC911\uC5D0 \uC2E4\uD589\uB418\uBBC0\uB85C \uC784\uC2DC \uC800\uC7A5\n      const methodName = String(context.name);\n\n      // addInitializer\uB97C \uD1B5\uD574 \uD074\uB798\uC2A4 \uC0DD\uC131\uC790\uC5D0 \uC811\uADFC\n      context.addInitializer(function (this: unknown) {\n        const ctor = (this as object).constructor;\n        let methodMap = methodAuthMap.get(ctor);\n        if (methodMap == null) {\n          methodMap = new Map();\n          methodAuthMap.set(ctor, methodMap);\n        }\n        methodMap.set(methodName, permissions);\n      });\n    }\n  };\n}\n\n/**\n * \uC778\uC99D \uAD8C\uD55C \uC870\uD68C\n * - \uBA54\uC18C\uB4DC \uB808\uBCA8 \uAD8C\uD55C \uC6B0\uC120\n * - \uC5C6\uC73C\uBA74 \uD074\uB798\uC2A4 \uB808\uBCA8 \uAD8C\uD55C \uBC18\uD658\n *\n * @param ctor \uC11C\uBE44\uC2A4 \uD074\uB798\uC2A4 \uC0DD\uC131\uC790\n * @param methodName \uBA54\uC18C\uB4DC \uC774\uB984 (\uC120\uD0DD)\n * @returns \uAD8C\uD55C \uBAA9\uB85D \uB610\uB294 undefined (Public API)\n */\nexport function getAuthPermissions(ctor: Function, methodName?: string): string[] | undefined {\n  if (methodName != null) {\n    const perms = methodAuthMap.get(ctor)?.get(methodName);\n    if (perms != null) return perms;\n  }\n  return classAuthMap.get(ctor);\n}\n"],
+  "mappings": "AACA,MAAM,eAAe,oBAAI,QAA4B;AACrD,MAAM,gBAAgB,oBAAI,QAAyC;AAGnE,MAAM,oBAAoB,oBAAI,IAA6D;AASpF,SAAS,UAAU,cAAwB,CAAC,GAAG;AACpD,SAAO,SACL,QACA,SACU;AACV,QAAI,QAAQ,SAAS,SAAS;AAE5B,mBAAa,IAAI,QAAoB,WAAW;AAGhD,YAAM,YAAY,QAAQ,QAAQ;AAClC,YAAM,UAAU,kBAAkB,IAAI,SAAS;AAC/C,UAAI,WAAW,MAAM;AACnB,YAAI,YAAY,cAAc,IAAI,MAAkB;AACpD,YAAI,aAAa,MAAM;AACrB,sBAAY,oBAAI,IAAI;AACpB,wBAAc,IAAI,QAAoB,SAAS;AAAA,QACjD;AACA,mBAAW,EAAE,aAAa,OAAO,WAAW,KAAK,SAAS;AACxD,oBAAU,IAAI,YAAY,KAAK;AAAA,QACjC;AACA,0BAAkB,OAAO,SAAS;AAAA,MACpC;AAAA,IACF,OAAO;AAEL,YAAM,aAAa,OAAO,QAAQ,IAAI;AAGtC,cAAQ,eAAe,WAAyB;AAC9C,cAAM,OAAQ,KAAgB;AAC9B,YAAI,YAAY,cAAc,IAAI,IAAI;AACtC,YAAI,aAAa,MAAM;AACrB,sBAAY,oBAAI,IAAI;AACpB,wBAAc,IAAI,MAAM,SAAS;AAAA,QACnC;AACA,kBAAU,IAAI,YAAY,WAAW;AAAA,MACvC,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAWO,SAAS,mBAAmB,MAAgB,YAA2C;AAC5F,MAAI,cAAc,MAAM;AACtB,UAAM,QAAQ,cAAc,IAAI,IAAI,GAAG,IAAI,UAAU;AACrD,QAAI,SAAS,KAAM,QAAO;AAAA,EAC5B;AACA,SAAO,aAAa,IAAI,IAAI;AAC9B;",
+  "names": []
+}

package/dist/auth/jwt-manager.js

@@ -0,0 +1,35 @@
+import * as jose from "jose";
+class JwtManager {
+  constructor(_server) {
+    this._server = _server;
+  }
+  async sign(payload) {
+    const jwtSecret = this._server.options.auth?.jwtSecret;
+    if (jwtSecret == null) throw new Error("JWT Secret\uC774 \uC815\uC758\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4.");
+    const secret = new TextEncoder().encode(jwtSecret);
+    return new jose.SignJWT(payload).setProtectedHeader({ alg: "HS256" }).setIssuedAt().setExpirationTime("12h").sign(secret);
+  }
+  async verify(token) {
+    const jwtSecret = this._server.options.auth?.jwtSecret;
+    if (jwtSecret == null) throw new Error("JWT Secret\uC774 \uC815\uC758\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4.");
+    const secret = new TextEncoder().encode(jwtSecret);
+    try {
+      const { payload } = await jose.jwtVerify(token, secret);
+      return payload;
+    } catch (err) {
+      if (err != null && typeof err === "object" && "code" in err && err.code === "ERR_JWT_EXPIRED") {
+        throw new Error("\uD1A0\uD070\uC774 \uB9CC\uB8CC\uB418\uC5C8\uC2B5\uB2C8\uB2E4.");
+      }
+      throw new Error("\uC720\uD6A8\uD558\uC9C0 \uC54A\uC740 \uD1A0\uD070\uC785\uB2C8\uB2E4.");
+    }
+  }
+  decode(token) {
+    const jwtSecret = this._server.options.auth?.jwtSecret;
+    if (jwtSecret == null) throw new Error("JWT Secret\uC774 \uC815\uC758\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4.");
+    return jose.decodeJwt(token);
+  }
+}
+export {
+  JwtManager
+};
+//# sourceMappingURL=jwt-manager.js.map