@stefaninigo/security-client 1.0.1

package/dist/guards/cognito-auth.guard.js

@@ -0,0 +1,112 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CognitoAuthGuard = void 0;
+const common_1 = require("@nestjs/common");
+const aws_jwt_verify_1 = require("aws-jwt-verify");
+const security_client_service_1 = require("../services/security-client.service");
+const security_client_service_2 = require("../services/security-client.service");
+let CognitoAuthGuard = class CognitoAuthGuard {
+    constructor(securityClient, config) {
+        this.securityClient = securityClient;
+        this.config = config;
+        this.useSecurityService = !!securityClient && !!config?.securityServiceUrl;
+    }
+    async canActivate(context) {
+        const request = context.switchToHttp().getRequest();
+        const token = this.extractTokenFromHeader(request);
+        if (!token) {
+            throw new common_1.UnauthorizedException('Token de acceso requerido');
+        }
+        const userPoolId = process.env.AWS_USER_POOL_ID;
+        const clientId = process.env.AWS_CLIENT_ID;
+        if (!userPoolId || !clientId) {
+            throw new common_1.UnauthorizedException('AWS Cognito configuration missing. AWS_USER_POOL_ID and AWS_CLIENT_ID must be configured');
+        }
+        const verifier = aws_jwt_verify_1.CognitoJwtVerifier.create({
+            userPoolId,
+            tokenUse: 'access',
+            clientId,
+        });
+        try {
+            const payload = await verifier.verify(token);
+            const username = typeof payload.username === 'string' ? payload.username : '';
+            if (!username) {
+                throw new common_1.UnauthorizedException('Token no contiene username válido');
+            }
+            let user;
+            if (this.useSecurityService && this.securityClient) {
+                try {
+                    user = await this.securityClient.validateTokenAndGetUser(token);
+                }
+                catch (serviceError) {
+                    if (serviceError instanceof Error) {
+                        const errorMsg = serviceError.message.toLowerCase();
+                        if (errorMsg.includes('security service error')) {
+                            const statusMatch = serviceError.message.match(/status: (\d+)/);
+                            if (statusMatch && statusMatch[1] === '401') {
+                                throw new common_1.UnauthorizedException('Token inválido o expirado');
+                            }
+                            if (statusMatch && statusMatch[1] === '404') {
+                                throw new common_1.UnauthorizedException('Usuario no encontrado');
+                            }
+                            throw new common_1.UnauthorizedException('Error al validar usuario con servicio Security');
+                        }
+                    }
+                    throw new common_1.UnauthorizedException('Error de autenticación');
+                }
+            }
+            else {
+                throw new common_1.UnauthorizedException('Security client service not configured. Please configure SecurityClientModule.');
+            }
+            if (user.status !== 'active') {
+                throw new common_1.UnauthorizedException('Usuario inactivo');
+            }
+            request.user = user;
+            return true;
+        }
+        catch (error) {
+            if (error instanceof common_1.UnauthorizedException) {
+                throw error;
+            }
+            if (error instanceof Error) {
+                const errorMsg = error.message.toLowerCase();
+                if (errorMsg.includes('expired') || errorMsg.includes('jwt expired')) {
+                    throw new common_1.UnauthorizedException('Token expirado');
+                }
+                if (errorMsg.includes('invalid') ||
+                    errorMsg.includes('signature') ||
+                    errorMsg.includes('malformed') ||
+                    errorMsg.includes('jwt malformed')) {
+                    throw new common_1.UnauthorizedException('Token inválido');
+                }
+            }
+            throw new common_1.UnauthorizedException('Error de autenticación');
+        }
+    }
+    extractTokenFromHeader(request) {
+        const [type, token] = request.headers.authorization?.split(' ') ?? [];
+        return type === 'Bearer' ? token : undefined;
+    }
+};
+exports.CognitoAuthGuard = CognitoAuthGuard;
+exports.CognitoAuthGuard = CognitoAuthGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Optional)()),
+    __param(0, (0, common_1.Inject)(security_client_service_1.SecurityClientService)),
+    __param(1, (0, common_1.Optional)()),
+    __param(1, (0, common_1.Inject)(security_client_service_2.SECURITY_CLIENT_CONFIG)),
+    __metadata("design:paramtypes", [security_client_service_1.SecurityClientService, Object])
+], CognitoAuthGuard);
+//# sourceMappingURL=cognito-auth.guard.js.map

package/dist/guards/cognito-auth.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cognito-auth.guard.js","sourceRoot":"","sources":["../../src/guards/cognito-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAoH;AACpH,mDAAoD;AAEpD,iFAA4E;AAE5E,iFAA6E;AAGtE,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;IAG3B,YAC8D,cAAsC,EACrC,MAAwC;QADzC,mBAAc,GAAd,cAAc,CAAwB;QACrC,WAAM,GAAN,MAAM,CAAkC;QAErG,IAAI,CAAC,kBAAkB,GAAG,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC,MAAM,EAAE,kBAAkB,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAiC,CAAC;QACnF,MAAM,KAAK,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAEnD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,8BAAqB,CAAC,2BAA2B,CAAC,CAAC;QAC/D,CAAC;QAGD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;QAChD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;QAE3C,IAAI,CAAC,UAAU,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC7B,MAAM,IAAI,8BAAqB,CAAC,0FAA0F,CAAC,CAAC;QAC9H,CAAC;QAGD,MAAM,QAAQ,GAAG,mCAAkB,CAAC,MAAM,CAAC;YACzC,UAAU;YACV,QAAQ,EAAE,QAAQ;YAClB,QAAQ;SACT,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAE7C,MAAM,QAAQ,GAAG,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9E,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,8BAAqB,CAAC,mCAAmC,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,IAAc,CAAC;YAEnB,IAAI,IAAI,CAAC,kBAAkB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACnD,IAAI,CAAC;oBACH,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;gBAClE,CAAC;gBAAC,OAAO,YAAiB,EAAE,CAAC;oBAE3B,IAAI,YAAY,YAAY,KAAK,EAAE,CAAC;wBAClC,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;wBACpD,IAAI,QAAQ,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,CAAC;4BAChD,MAAM,WAAW,GAAG,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;4BAChE,IAAI,WAAW,IAAI,WAAW,CAAC,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;gCAC5C,MAAM,IAAI,8BAAqB,CAAC,2BAA2B,CAAC,CAAC;4BAC/D,CAAC;4BACD,IAAI,WAAW,IAAI,WAAW,CAAC,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;gCAC5C,MAAM,IAAI,8BAAqB,CAAC,uBAAuB,CAAC,CAAC;4BAC3D,CAAC;4BACD,MAAM,IAAI,8BAAqB,CAAC,gDAAgD,CAAC,CAAC;wBACpF,CAAC;oBACH,CAAC;oBACD,MAAM,IAAI,8BAAqB,CAAC,wBAAwB,CAAC,CAAC;gBAC5D,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,8BAAqB,CAAC,gFAAgF,CAAC,CAAC;YACpH,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAC7B,MAAM,IAAI,8BAAqB,CAAC,kBAAkB,CAAC,CAAC;YACtD,CAAC;YAED,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;YAEpB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,8BAAqB,EAAE,CAAC;gBAC3C,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;gBAE7C,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBACrE,MAAM,IAAI,8BAAqB,CAAC,gBAAgB,CAAC,CAAC;gBACpD,CAAC;gBAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;oBAC5B,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC;oBAC9B,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC;oBAC9B,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;oBACvC,MAAM,IAAI,8BAAqB,CAAC,gBAAgB,CAAC,CAAC;gBACpD,CAAC;YACH,CAAC;YAED,MAAM,IAAI,8BAAqB,CAAC,wBAAwB,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAEO,sBAAsB,CAAC,OAAgB;QAC7C,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACtE,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;IAC/C,CAAC;CACF,CAAA;AAtGY,4CAAgB;2BAAhB,gBAAgB;IAD5B,IAAA,mBAAU,GAAE;IAKR,WAAA,IAAA,iBAAQ,GAAE,CAAA;IAAE,WAAA,IAAA,eAAM,EAAC,+CAAqB,CAAC,CAAA;IACzC,WAAA,IAAA,iBAAQ,GAAE,CAAA;IAAE,WAAA,IAAA,eAAM,EAAC,gDAAsB,CAAC,CAAA;qCADkC,+CAAqB;GAJzF,gBAAgB,CAsG5B"}

package/dist/guards/role.guard.d.ts

@@ -0,0 +1,7 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+export declare class RoleGuard implements CanActivate {
+    private reflector;
+    constructor(reflector: Reflector);
+    canActivate(context: ExecutionContext): boolean;
+}

package/dist/guards/role.guard.js

@@ -0,0 +1,44 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RoleGuard = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const roles_decorator_1 = require("../decorators/roles.decorator");
+let RoleGuard = class RoleGuard {
+    constructor(reflector) {
+        this.reflector = reflector;
+    }
+    canActivate(context) {
+        const requiredRoles = this.reflector.getAllAndOverride(roles_decorator_1.ROLES_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        if (!requiredRoles) {
+            return true;
+        }
+        const { user } = context.switchToHttp().getRequest();
+        if (!user) {
+            throw new common_1.ForbiddenException('Usuario no autenticado');
+        }
+        const hasRole = requiredRoles.some((role) => user.role === role);
+        if (!hasRole) {
+            throw new common_1.ForbiddenException(`Se requiere uno de los siguientes roles: ${requiredRoles.join(', ')}`);
+        }
+        return true;
+    }
+};
+exports.RoleGuard = RoleGuard;
+exports.RoleGuard = RoleGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [core_1.Reflector])
+], RoleGuard);
+//# sourceMappingURL=role.guard.js.map

package/dist/guards/role.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"role.guard.js","sourceRoot":"","sources":["../../src/guards/role.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA+F;AAC/F,uCAAyC;AAEzC,mEAA0D;AAGnD,IAAM,SAAS,GAAf,MAAM,SAAS;IACpB,YAAoB,SAAoB;QAApB,cAAS,GAAT,SAAS,CAAW;IAAG,CAAC;IAE5C,WAAW,CAAC,OAAyB;QACnC,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAa,2BAAS,EAAE;YAC5E,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QAErD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,2BAAkB,CAAC,wBAAwB,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QAEjE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,2BAAkB,CAAC,4CAA4C,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvG,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AA3BY,8BAAS;oBAAT,SAAS;IADrB,IAAA,mBAAU,GAAE;qCAEoB,gBAAS;GAD7B,SAAS,CA2BrB"}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export * from './guards/cognito-auth.guard';
+export * from './guards/role.guard';
+export * from './decorators/roles.decorator';
+export * from './services/security-client.service';
+export * from './module/security-client.module';
+export * from './types/user.types';

package/dist/index.js

@@ -0,0 +1,23 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./guards/cognito-auth.guard"), exports);
+__exportStar(require("./guards/role.guard"), exports);
+__exportStar(require("./decorators/roles.decorator"), exports);
+__exportStar(require("./services/security-client.service"), exports);
+__exportStar(require("./module/security-client.module"), exports);
+__exportStar(require("./types/user.types"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,8DAA4C;AAC5C,sDAAoC;AACpC,+DAA6C;AAC7C,qEAAmD;AACnD,kEAAgD;AAChD,qDAAmC"}

package/dist/module/security-client.module.d.ts

@@ -0,0 +1,5 @@
+import { DynamicModule } from '@nestjs/common';
+import { SecurityClientConfig } from '../types/user.types';
+export declare class SecurityClientModule {
+    static forRoot(config: SecurityClientConfig): DynamicModule;
+}

package/dist/module/security-client.module.js

@@ -0,0 +1,50 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var SecurityClientModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityClientModule = void 0;
+const common_1 = require("@nestjs/common");
+const security_client_service_1 = require("../services/security-client.service");
+const cognito_auth_guard_1 = require("../guards/cognito-auth.guard");
+const role_guard_1 = require("../guards/role.guard");
+let SecurityClientModule = SecurityClientModule_1 = class SecurityClientModule {
+    static forRoot(config) {
+        if (!config.securityServiceUrl || typeof config.securityServiceUrl !== 'string' || config.securityServiceUrl.trim() === '') {
+            throw new Error('securityServiceUrl is required and must be a non-empty string in SecurityClientConfig');
+        }
+        try {
+            new URL(config.securityServiceUrl);
+        }
+        catch {
+            throw new Error(`Invalid securityServiceUrl format: ${config.securityServiceUrl}. Must be a valid URL.`);
+        }
+        return {
+            module: SecurityClientModule_1,
+            providers: [
+                {
+                    provide: security_client_service_1.SECURITY_CLIENT_CONFIG,
+                    useValue: config,
+                },
+                security_client_service_1.SecurityClientService,
+                cognito_auth_guard_1.CognitoAuthGuard,
+                role_guard_1.RoleGuard,
+            ],
+            exports: [
+                security_client_service_1.SecurityClientService,
+                cognito_auth_guard_1.CognitoAuthGuard,
+                role_guard_1.RoleGuard,
+            ],
+        };
+    }
+};
+exports.SecurityClientModule = SecurityClientModule;
+exports.SecurityClientModule = SecurityClientModule = SecurityClientModule_1 = __decorate([
+    (0, common_1.Global)(),
+    (0, common_1.Module)({})
+], SecurityClientModule);
+//# sourceMappingURL=security-client.module.js.map

package/dist/module/security-client.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-client.module.js","sourceRoot":"","sources":["../../src/module/security-client.module.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAA+D;AAC/D,iFAAoG;AACpG,qEAAgE;AAChE,qDAAiD;AAK1C,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IAC/B,MAAM,CAAC,OAAO,CAAC,MAA4B;QAEzC,IAAI,CAAC,MAAM,CAAC,kBAAkB,IAAI,OAAO,MAAM,CAAC,kBAAkB,KAAK,QAAQ,IAAI,MAAM,CAAC,kBAAkB,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC3H,MAAM,IAAI,KAAK,CAAC,uFAAuF,CAAC,CAAC;QAC3G,CAAC;QAGD,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,sCAAsC,MAAM,CAAC,kBAAkB,wBAAwB,CAAC,CAAC;QAC3G,CAAC;QAED,OAAO;YACL,MAAM,EAAE,sBAAoB;YAC5B,SAAS,EAAE;gBACT;oBACE,OAAO,EAAE,gDAAsB;oBAC/B,QAAQ,EAAE,MAAM;iBACjB;gBACD,+CAAqB;gBACrB,qCAAgB;gBAChB,sBAAS;aACV;YACD,OAAO,EAAE;gBACP,+CAAqB;gBACrB,qCAAgB;gBAChB,sBAAS;aACV;SACF,CAAC;IACJ,CAAC;CACF,CAAA;AAhCY,oDAAoB;+BAApB,oBAAoB;IAFhC,IAAA,eAAM,GAAE;IACR,IAAA,eAAM,EAAC,EAAE,CAAC;GACE,oBAAoB,CAgChC"}

package/dist/services/security-client.service.d.ts

@@ -0,0 +1,11 @@
+import { SecurityClientConfig } from '../types/user.types';
+import { AuthUser } from '../types/user.types';
+export declare const SECURITY_CLIENT_CONFIG = "SECURITY_CLIENT_CONFIG";
+export declare class SecurityClientService {
+    private readonly config;
+    private readonly logger;
+    private readonly httpClient;
+    constructor(config: SecurityClientConfig);
+    validateTokenAndGetUser(token: string): Promise<AuthUser>;
+    getUserById(userId: string, token: string): Promise<AuthUser>;
+}

package/dist/services/security-client.service.js

@@ -0,0 +1,106 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var SecurityClientService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityClientService = exports.SECURITY_CLIENT_CONFIG = void 0;
+const common_1 = require("@nestjs/common");
+const axios_1 = __importDefault(require("axios"));
+exports.SECURITY_CLIENT_CONFIG = 'SECURITY_CLIENT_CONFIG';
+let SecurityClientService = SecurityClientService_1 = class SecurityClientService {
+    constructor(config) {
+        this.config = config;
+        this.logger = new common_1.Logger(SecurityClientService_1.name);
+        this.httpClient = axios_1.default.create({
+            baseURL: config.securityServiceUrl,
+            timeout: config.timeout || 5000,
+            headers: {
+                'Content-Type': 'application/json',
+            },
+        });
+    }
+    async validateTokenAndGetUser(token) {
+        try {
+            const response = await this.httpClient.get('/api/v1/security/users/me', {
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                },
+            });
+            if (!response.data || typeof response.data !== 'object') {
+                throw new Error('Invalid response format from security service');
+            }
+            const userData = response.data;
+            if (!userData.id || !userData.email || !userData.role || !userData.status) {
+                this.logger.warn('Security service returned incomplete user data', {
+                    hasId: !!userData.id,
+                    hasEmail: !!userData.email,
+                    hasRole: !!userData.role,
+                    hasStatus: !!userData.status
+                });
+                throw new Error('Incomplete user data from security service');
+            }
+            return userData;
+        }
+        catch (error) {
+            this.logger.error(`Error validating token: ${error.message}`);
+            if (error.response) {
+                const status = error.response.status;
+                const message = error.response.data?.message || error.response.data?.detail || 'Unknown error';
+                throw new Error(`Security service error: status: ${status} - ${message}`);
+            }
+            throw new Error(`Failed to connect to security service: ${error.message}`);
+        }
+    }
+    async getUserById(userId, token) {
+        try {
+            const response = await this.httpClient.get(`/api/v1/security/users/${userId}`, {
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                },
+            });
+            if (!response.data || typeof response.data !== 'object') {
+                throw new Error('Invalid response format from security service');
+            }
+            const userData = response.data;
+            if (!userData.id || !userData.email || !userData.role || !userData.status) {
+                this.logger.warn('Security service returned incomplete user data', {
+                    hasId: !!userData.id,
+                    hasEmail: !!userData.email,
+                    hasRole: !!userData.role,
+                    hasStatus: !!userData.status
+                });
+                throw new Error('Incomplete user data from security service');
+            }
+            return userData;
+        }
+        catch (error) {
+            this.logger.error(`Error getting user: ${error.message}`);
+            if (error.response) {
+                const status = error.response.status;
+                const message = error.response.data?.message || error.response.data?.detail || 'Unknown error';
+                throw new Error(`Security service error: status: ${status} - ${message}`);
+            }
+            throw new Error(`Failed to connect to security service: ${error.message}`);
+        }
+    }
+};
+exports.SecurityClientService = SecurityClientService;
+exports.SecurityClientService = SecurityClientService = SecurityClientService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Inject)(exports.SECURITY_CLIENT_CONFIG)),
+    __metadata("design:paramtypes", [Object])
+], SecurityClientService);
+//# sourceMappingURL=security-client.service.js.map

package/dist/services/security-client.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-client.service.js","sourceRoot":"","sources":["../../src/services/security-client.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;AAAA,2CAA4D;AAC5D,kDAA6C;AAIhC,QAAA,sBAAsB,GAAG,wBAAwB,CAAC;AAGxD,IAAM,qBAAqB,6BAA3B,MAAM,qBAAqB;IAIhC,YACkC,MAA6C;QAA5B,WAAM,GAAN,MAAM,CAAsB;QAJ9D,WAAM,GAAG,IAAI,eAAM,CAAC,uBAAqB,CAAC,IAAI,CAAC,CAAC;QAM/D,IAAI,CAAC,UAAU,GAAG,eAAK,CAAC,MAAM,CAAC;YAC7B,OAAO,EAAE,MAAM,CAAC,kBAAkB;YAClC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI;YAC/B,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,KAAa;QACzC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,2BAA2B,EAAE;gBACtE,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,KAAK,EAAE;iBACjC;aACF,CAAC,CAAC;YAGH,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,OAAO,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACxD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YACnE,CAAC;YAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAW,CAAC;YACtC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC1E,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gDAAgD,EAAE;oBACjE,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE;oBACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK;oBAC1B,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI;oBACxB,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,MAAM;iBAC7B,CAAC,CAAC;gBACH,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAChE,CAAC;YAED,OAAO,QAAoB,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9D,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACnB,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACrC,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,IAAI,eAAe,CAAC;gBAC/F,MAAM,IAAI,KAAK,CAAC,mCAAmC,MAAM,MAAM,OAAO,EAAE,CAAC,CAAC;YAC5E,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,0CAA0C,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,MAAc,EAAE,KAAa;QAC7C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,0BAA0B,MAAM,EAAE,EAAE;gBAC7E,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,KAAK,EAAE;iBACjC;aACF,CAAC,CAAC;YAGH,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,OAAO,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACxD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YACnE,CAAC;YAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAW,CAAC;YACtC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC1E,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gDAAgD,EAAE;oBACjE,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE;oBACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK;oBAC1B,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI;oBACxB,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,MAAM;iBAC7B,CAAC,CAAC;gBACH,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAChE,CAAC;YAED,OAAO,QAAoB,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1D,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACnB,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACrC,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,IAAI,eAAe,CAAC;gBAC/F,MAAM,IAAI,KAAK,CAAC,mCAAmC,MAAM,MAAM,OAAO,EAAE,CAAC,CAAC;YAC5E,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,0CAA0C,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;CACF,CAAA;AAvFY,sDAAqB;gCAArB,qBAAqB;IADjC,IAAA,mBAAU,GAAE;IAMR,WAAA,IAAA,eAAM,EAAC,8BAAsB,CAAC,CAAA;;GALtB,qBAAqB,CAuFjC"}

package/dist/types/user.types.d.ts

@@ -0,0 +1,23 @@
+export declare enum UserRole {
+    ROOT = "root",
+    ADMIN = "admin",
+    DISPATCHER = "dispatcher",
+    TECHNICIAN = "technician"
+}
+export declare enum UserStatus {
+    ACTIVE = "active",
+    PENDING = "pending",
+    BLOCKED = "blocked"
+}
+export interface AuthUser {
+    id: string;
+    email: string;
+    role: UserRole;
+    providerId?: string;
+    status: UserStatus;
+    cognitoSub?: string;
+}
+export interface SecurityClientConfig {
+    securityServiceUrl: string;
+    timeout?: number;
+}

package/dist/types/user.types.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserStatus = exports.UserRole = void 0;
+var UserRole;
+(function (UserRole) {
+    UserRole["ROOT"] = "root";
+    UserRole["ADMIN"] = "admin";
+    UserRole["DISPATCHER"] = "dispatcher";
+    UserRole["TECHNICIAN"] = "technician";
+})(UserRole || (exports.UserRole = UserRole = {}));
+var UserStatus;
+(function (UserStatus) {
+    UserStatus["ACTIVE"] = "active";
+    UserStatus["PENDING"] = "pending";
+    UserStatus["BLOCKED"] = "blocked";
+})(UserStatus || (exports.UserStatus = UserStatus = {}));
+//# sourceMappingURL=user.types.js.map

package/dist/types/user.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.types.js","sourceRoot":"","sources":["../../src/types/user.types.ts"],"names":[],"mappings":";;;AAAA,IAAY,QAKX;AALD,WAAY,QAAQ;IAClB,yBAAa,CAAA;IACb,2BAAe,CAAA;IACf,qCAAyB,CAAA;IACzB,qCAAyB,CAAA;AAC3B,CAAC,EALW,QAAQ,wBAAR,QAAQ,QAKnB;AAED,IAAY,UAIX;AAJD,WAAY,UAAU;IACpB,+BAAiB,CAAA;IACjB,iCAAmB,CAAA;IACnB,iCAAmB,CAAA;AACrB,CAAC,EAJW,UAAU,0BAAV,UAAU,QAIrB"}

package/dist/utils/mutator.d.ts

@@ -0,0 +1,3 @@
+import { AxiosRequestConfig } from 'axios';
+export declare const customInstance: <T>(config: AxiosRequestConfig, options?: AxiosRequestConfig) => Promise<T>;
+export default customInstance;

package/dist/utils/mutator.js

@@ -0,0 +1,22 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.customInstance = void 0;
+const axios_1 = __importDefault(require("axios"));
+const customInstance = (config, options) => {
+    const source = axios_1.default.CancelToken.source();
+    const promise = (0, axios_1.default)({
+        ...config,
+        ...options,
+        cancelToken: source.token,
+    }).then(({ data }) => data);
+    promise.cancel = () => {
+        source.cancel('Query was cancelled');
+    };
+    return promise;
+};
+exports.customInstance = customInstance;
+exports.default = exports.customInstance;
+//# sourceMappingURL=mutator.js.map

package/dist/utils/mutator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mutator.js","sourceRoot":"","sources":["../../src/utils/mutator.ts"],"names":[],"mappings":";;;;;;AAAA,kDAAkD;AAE3C,MAAM,cAAc,GAAG,CAC5B,MAA0B,EAC1B,OAA4B,EAChB,EAAE;IACd,MAAM,MAAM,GAAG,eAAK,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;IAC1C,MAAM,OAAO,GAAG,IAAA,eAAK,EAAC;QACpB,GAAG,MAAM;QACT,GAAG,OAAO;QACV,WAAW,EAAE,MAAM,CAAC,KAAK;KAC1B,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;IAG5B,OAAO,CAAC,MAAM,GAAG,GAAG,EAAE;QACpB,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IACvC,CAAC,CAAC;IAEF,OAAO,OAAO,CAAC;AACjB,CAAC,CAAC;AAjBW,QAAA,cAAc,kBAiBzB;AAEF,kBAAe,sBAAc,CAAC"}

package/package.json

@@ -0,0 +1,49 @@
+{
+  "name": "@stefaninigo/security-client",
+  "version": "1.0.1",
+  "description": "StefaniniGo Security Client SDK - Guards, decorators and HTTP client for authentication and authorization",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "nestjs",
+    "security",
+    "authentication",
+    "authorization",
+    "guards",
+    "cognito"
+  ],
+  "author": "StefaniniGo Team",
+  "license": "UNLICENSED",
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/stefanini-go/stefanini-go-security.git",
+    "directory": "packages/security-client"
+  },
+  "dependencies": {
+    "@nestjs/common": "^11.1.6",
+    "@nestjs/core": "^11.1.6",
+    "axios": "^1.7.9",
+    "aws-jwt-verify": "^5.1.1",
+    "reflect-metadata": "^0.2.2",
+    "rxjs": "^7.8.2"
+  },
+  "peerDependencies": {
+    "@nestjs/common": "^10.0.0 || ^11.0.0",
+    "@nestjs/core": "^10.0.0 || ^11.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^24.7.2",
+    "typescript": "^5.9.3"
+  }
+}