@tekcify/auth-backend 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -12
- package/{src/express/index.ts → dist/express/index.d.ts} +1 -0
- package/dist/express/index.d.ts.map +1 -0
- package/dist/express/index.js +6 -0
- package/dist/express/index.js.map +1 -0
- package/dist/express/middleware.d.ts +16 -0
- package/dist/express/middleware.d.ts.map +1 -0
- package/dist/express/middleware.js +39 -0
- package/dist/express/middleware.js.map +1 -0
- package/{src/index.ts → dist/index.d.ts} +1 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +22 -0
- package/dist/index.js.map +1 -0
- package/dist/nestjs/decorator.d.ts +2 -0
- package/dist/nestjs/decorator.d.ts.map +1 -0
- package/dist/nestjs/decorator.js +11 -0
- package/dist/nestjs/decorator.js.map +1 -0
- package/dist/nestjs/guard.d.ts +13 -0
- package/dist/nestjs/guard.d.ts.map +1 -0
- package/dist/nestjs/guard.js +56 -0
- package/dist/nestjs/guard.js.map +1 -0
- package/{src/nestjs/index.ts → dist/nestjs/index.d.ts} +1 -0
- package/dist/nestjs/index.d.ts.map +1 -0
- package/dist/nestjs/index.js +8 -0
- package/dist/nestjs/index.js.map +1 -0
- package/dist/types.d.ts +22 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +3 -0
- package/dist/types.js.map +1 -0
- package/dist/userinfo.d.ts +9 -0
- package/dist/userinfo.d.ts.map +1 -0
- package/dist/userinfo.js +16 -0
- package/dist/userinfo.js.map +1 -0
- package/dist/verify.d.ts +4 -0
- package/dist/verify.d.ts.map +1 -0
- package/dist/verify.js +38 -0
- package/dist/verify.js.map +1 -0
- package/package.json +13 -10
- package/src/__tests__/verify.test.ts +0 -80
- package/src/express/middleware.ts +0 -61
- package/src/nestjs/decorator.ts +0 -12
- package/src/nestjs/guard.ts +0 -57
- package/src/types.ts +0 -24
- package/src/userinfo.ts +0 -26
- package/src/verify.ts +0 -36
- package/tsconfig.json +0 -11
- package/tsconfig.tsbuildinfo +0 -1
- package/vitest.config.ts +0 -9
package/src/nestjs/guard.ts
DELETED
|
@@ -1,57 +0,0 @@
|
|
|
1
|
-
import {
|
|
2
|
-
Injectable,
|
|
3
|
-
CanActivate,
|
|
4
|
-
ExecutionContext,
|
|
5
|
-
UnauthorizedException,
|
|
6
|
-
} from '@nestjs/common';
|
|
7
|
-
import type { Request } from 'express';
|
|
8
|
-
import { verifyAccessToken } from '../verify';
|
|
9
|
-
import type { VerifyTokenOptions, UserPayload } from '../types';
|
|
10
|
-
|
|
11
|
-
export interface JwtAuthGuardOptions extends VerifyTokenOptions {
|
|
12
|
-
getUserInfo?: (userId: string) => Promise<{ email: string } | null>;
|
|
13
|
-
}
|
|
14
|
-
|
|
15
|
-
@Injectable()
|
|
16
|
-
export class JwtAuthGuard implements CanActivate {
|
|
17
|
-
constructor(private readonly options: JwtAuthGuardOptions) {}
|
|
18
|
-
|
|
19
|
-
async canActivate(context: ExecutionContext): Promise<boolean> {
|
|
20
|
-
const request = context
|
|
21
|
-
.switchToHttp()
|
|
22
|
-
.getRequest<Request & { user?: UserPayload }>();
|
|
23
|
-
const authHeader = request.headers.authorization as string | undefined;
|
|
24
|
-
|
|
25
|
-
if (!authHeader?.startsWith('Bearer ')) {
|
|
26
|
-
throw new UnauthorizedException(
|
|
27
|
-
'Missing or invalid authorization header',
|
|
28
|
-
);
|
|
29
|
-
}
|
|
30
|
-
|
|
31
|
-
const token = authHeader.substring(7);
|
|
32
|
-
const verified = verifyAccessToken(token, this.options);
|
|
33
|
-
|
|
34
|
-
if (!verified.valid) {
|
|
35
|
-
throw new UnauthorizedException('Invalid or expired token');
|
|
36
|
-
}
|
|
37
|
-
|
|
38
|
-
let email = '';
|
|
39
|
-
if (this.options.getUserInfo) {
|
|
40
|
-
const userInfo = await this.options.getUserInfo(verified.payload.sub);
|
|
41
|
-
if (!userInfo) {
|
|
42
|
-
throw new UnauthorizedException('User not found');
|
|
43
|
-
}
|
|
44
|
-
email = userInfo.email;
|
|
45
|
-
}
|
|
46
|
-
|
|
47
|
-
request.user = {
|
|
48
|
-
userId: verified.payload.sub,
|
|
49
|
-
email,
|
|
50
|
-
scopes: Array.isArray(verified.payload.scopes)
|
|
51
|
-
? verified.payload.scopes
|
|
52
|
-
: [],
|
|
53
|
-
};
|
|
54
|
-
|
|
55
|
-
return true;
|
|
56
|
-
}
|
|
57
|
-
}
|
package/src/types.ts
DELETED
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
export interface TokenPayload {
|
|
2
|
-
sub: string;
|
|
3
|
-
type: 'access' | 'refresh' | 'temp';
|
|
4
|
-
scopes?: string[];
|
|
5
|
-
clientId?: string;
|
|
6
|
-
[key: string]: unknown;
|
|
7
|
-
}
|
|
8
|
-
|
|
9
|
-
export interface VerifyTokenOptions {
|
|
10
|
-
secret: string;
|
|
11
|
-
issuer?: string;
|
|
12
|
-
audience?: string;
|
|
13
|
-
}
|
|
14
|
-
|
|
15
|
-
export interface VerifiedToken {
|
|
16
|
-
payload: TokenPayload;
|
|
17
|
-
valid: boolean;
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
export interface UserPayload {
|
|
21
|
-
userId: string;
|
|
22
|
-
email: string;
|
|
23
|
-
scopes?: string[];
|
|
24
|
-
}
|
package/src/userinfo.ts
DELETED
|
@@ -1,26 +0,0 @@
|
|
|
1
|
-
import type { UserInfo, IntrospectResult } from '@tekcify/auth-core-client';
|
|
2
|
-
import { getUserInfo, introspectToken } from '@tekcify/auth-core-client';
|
|
3
|
-
|
|
4
|
-
export async function fetchUserInfo(
|
|
5
|
-
authServerUrl: string,
|
|
6
|
-
accessToken: string,
|
|
7
|
-
): Promise<UserInfo> {
|
|
8
|
-
return getUserInfo(authServerUrl, accessToken);
|
|
9
|
-
}
|
|
10
|
-
|
|
11
|
-
export interface IntrospectTokenOptions {
|
|
12
|
-
authServerUrl: string;
|
|
13
|
-
token: string;
|
|
14
|
-
clientId?: string;
|
|
15
|
-
clientSecret?: string;
|
|
16
|
-
}
|
|
17
|
-
|
|
18
|
-
export async function introspectAccessToken(
|
|
19
|
-
options: IntrospectTokenOptions,
|
|
20
|
-
): Promise<IntrospectResult> {
|
|
21
|
-
return introspectToken(options.authServerUrl, {
|
|
22
|
-
token: options.token,
|
|
23
|
-
clientId: options.clientId,
|
|
24
|
-
clientSecret: options.clientSecret,
|
|
25
|
-
});
|
|
26
|
-
}
|
package/src/verify.ts
DELETED
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
import jwt from 'jsonwebtoken';
|
|
2
|
-
import type { TokenPayload, VerifyTokenOptions, VerifiedToken } from './types';
|
|
3
|
-
|
|
4
|
-
export function verifyAccessToken(
|
|
5
|
-
token: string,
|
|
6
|
-
options: VerifyTokenOptions,
|
|
7
|
-
): VerifiedToken {
|
|
8
|
-
try {
|
|
9
|
-
const decoded = jwt.verify(token, options.secret, {
|
|
10
|
-
issuer: options.issuer ?? 'tekcify-auth',
|
|
11
|
-
audience: options.audience ?? 'tekcify-api',
|
|
12
|
-
}) as TokenPayload;
|
|
13
|
-
|
|
14
|
-
if (decoded.type !== 'access') {
|
|
15
|
-
return { payload: decoded, valid: false };
|
|
16
|
-
}
|
|
17
|
-
|
|
18
|
-
return { payload: decoded, valid: true };
|
|
19
|
-
} catch (error) {
|
|
20
|
-
if (error instanceof jwt.JsonWebTokenError) {
|
|
21
|
-
return { payload: {} as TokenPayload, valid: false };
|
|
22
|
-
}
|
|
23
|
-
if (error instanceof jwt.TokenExpiredError) {
|
|
24
|
-
return { payload: {} as TokenPayload, valid: false };
|
|
25
|
-
}
|
|
26
|
-
throw error;
|
|
27
|
-
}
|
|
28
|
-
}
|
|
29
|
-
|
|
30
|
-
export function decodeToken(token: string): TokenPayload | null {
|
|
31
|
-
try {
|
|
32
|
-
return jwt.decode(token) as TokenPayload | null;
|
|
33
|
-
} catch {
|
|
34
|
-
return null;
|
|
35
|
-
}
|
|
36
|
-
}
|