npm - @venizia/ignis - Versions diffs - 0.0.7-2 → 0.0.7-21 - Mend

@venizia/ignis 0.0.7-2 → 0.0.7-21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/dist/components/auth/authenticate/services/bearer/abstract.service.js ADDED Viewed

@@ -0,0 +1,177 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AbstractBearerTokenService = void 0;
+const base_1 = require("../../../../../base/services/base");
+const ignis_helpers_1 = require("@venizia/ignis-helpers");
+const common_1 = require("../../common");
+/** Abstract base for Bearer-token services (JWS, JWKS) with optional AES payload encryption. */
+class AbstractBearerTokenService extends base_1.BaseService {
+    constructor() {
+        super(...arguments);
+        this.aes = null;
+        this.applicationSecret = null;
+        this.fieldCodecs = new Map();
+    }
+    /** Standard JWT fields that are never encrypted. */
+    static { this.JWT_COMMON_FIELDS = new Set([
+        'iss',
+        'sub',
+        'aud',
+        'jti',
+        'nbf',
+        'exp',
+        'iat',
+    ]); }
+    /** Configures AES payload encryption and field codecs. Both aesAlgorithm and applicationSecret required to activate encryption. */
+    configurePayloadEncryption(opts) {
+        const { aesAlgorithm = 'aes-256-cbc', applicationSecret, fieldCodecs } = opts;
+        if (fieldCodecs) {
+            for (const codec of fieldCodecs) {
+                this.fieldCodecs.set(codec.key, codec);
+            }
+        }
+        if (!applicationSecret) {
+            return;
+        }
+        this.aes = ignis_helpers_1.AES.withAlgorithm(aesAlgorithm);
+        this.applicationSecret = applicationSecret;
+    }
+    extractCredentials(context) {
+        const request = context.req;
+        const authHeaderValue = request.header('Authorization');
+        if (!authHeaderValue) {
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_4.Unauthorized,
+                message: 'Unauthorized user! Missing authorization header',
+            });
+        }
+        if (!authHeaderValue.startsWith(common_1.Authentication.TYPE_BEARER)) {
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_4.Unauthorized,
+                message: 'Unauthorized user! Invalid schema of request token!',
+            });
+        }
+        const parts = authHeaderValue.split(' ');
+        if (parts.length !== 2) {
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_4.Unauthorized,
+                message: `Authorization header value is invalid format. It must follow the pattern: 'Bearer xx.yy.zz' where xx.yy.zz is a valid JWT token.`,
+            });
+        }
+        const [tokenType, tokenValue] = parts;
+        return { type: tokenType, token: tokenValue };
+    }
+    async verify(opts) {
+        const { token } = opts;
+        if (!token) {
+            this.logger.for(this.verify.name).error('Missing token for validating request!');
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_4.Unauthorized,
+                message: '[verify] Invalid request token!',
+            });
+        }
+        try {
+            return await this.doVerify(token);
+        }
+        catch (error) {
+            this.logger.for(this.verify.name).error('Failed to verify token | Error: %s', error);
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_4.Unauthorized,
+                message: '[verify] Invalid or expired token',
+            });
+        }
+    }
+    async generate(opts) {
+        const { payload, getTokenExpiresFn = this.getDefaultTokenExpiresFn() } = opts;
+        if (!payload) {
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_4.Unauthorized,
+                message: '[generate] Invalid token payload!',
+            });
+        }
+        const signer = await this.getSigner({ payload, getTokenExpiresFn });
+        try {
+            const rs = await signer.sign(await this.getSigningKey());
+            return rs;
+        }
+        catch (error) {
+            this.logger.for(this.generate.name).error('Failed to generate token | Error: %s', error);
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                message: '[generate] Failed to generate token',
+            });
+        }
+    }
+    serializeField(opts) {
+        const { key, value } = opts;
+        const codec = this.fieldCodecs.get(key);
+        if (codec) {
+            return codec.serialize({ value });
+        }
+        return JSON.stringify(value);
+    }
+    encryptPayload(payload) {
+        if (!this.aes || !this.applicationSecret) {
+            return payload;
+        }
+        const rs = {};
+        const keys = Object.keys(payload);
+        for (const key of keys) {
+            const value = payload[key];
+            if (AbstractBearerTokenService.JWT_COMMON_FIELDS.has(key)) {
+                rs[key] = value;
+                continue;
+            }
+            // NOTE: Skip undefined or null values because they cannot be encrypted
+            if (value === undefined || value === null) {
+                continue;
+            }
+            const encryptedKey = this.aes.encrypt({
+                message: key,
+                secret: this.applicationSecret,
+            });
+            const serialized = this.serializeField({ key, value });
+            rs[encryptedKey] = this.aes.encrypt({
+                message: serialized,
+                secret: this.applicationSecret,
+            });
+        }
+        return rs;
+    }
+    deserializeField(opts) {
+        const { key, value } = opts;
+        const codec = this.fieldCodecs.get(key);
+        if (codec) {
+            return codec.deserialize({ raw: value });
+        }
+        return JSON.parse(value);
+    }
+    decryptPayload(opts) {
+        const { payload, protectedHeader } = opts.result;
+        if (!this.aes || !this.applicationSecret) {
+            return payload;
+        }
+        this.logger
+            .for(this.decryptPayload.name)
+            .debug('JWT Token | payload: %j | header: %j', payload, protectedHeader);
+        const rs = {};
+        for (const key in payload) {
+            if (AbstractBearerTokenService.JWT_COMMON_FIELDS.has(key)) {
+                rs[key] = payload[key];
+                continue;
+            }
+            const decryptedKey = this.aes.decrypt({
+                message: key,
+                secret: this.applicationSecret,
+            });
+            const decryptedValue = this.aes.decrypt({
+                message: payload[key],
+                secret: this.applicationSecret,
+            });
+            rs[decryptedKey] = this.deserializeField({ key: decryptedKey, value: decryptedValue });
+        }
+        return rs;
+    }
+}
+exports.AbstractBearerTokenService = AbstractBearerTokenService;
+//# sourceMappingURL=abstract.service.js.map

package/dist/components/auth/authenticate/services/bearer/abstract.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"abstract.service.js","sourceRoot":"","sources":["../../../../../../src/components/auth/authenticate/services/bearer/abstract.service.ts"],"names":[],"mappings":";;;AACA,+CAAmD;AACnD,0DAA+F;AAG/F,yCAKsB;AAEtB,gGAAgG;AAChG,MAAsB,0BAAgD,SAAQ,kBAAW;IAAzF;;QAYY,QAAG,GAAe,IAAI,CAAC;QACvB,sBAAiB,GAAkB,IAAI,CAAC;QACxC,gBAAW,GAAoC,IAAI,GAAG,EAAE,CAAC;IA4MrE,CAAC;IAzNC,oDAAoD;aACpC,sBAAiB,GAAG,IAAI,GAAG,CAAmB;QAC5D,KAAK;QACL,KAAK;QACL,KAAK;QACL,KAAK;QACL,KAAK;QACL,KAAK;QACL,KAAK;KACN,CAAC,AAR+B,CAQ9B;IAMH,mIAAmI;IACzH,0BAA0B,CAAC,IAIpC;QACC,MAAM,EAAE,YAAY,GAAG,aAAa,EAAE,iBAAiB,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;QAE9E,IAAI,WAAW,EAAE,CAAC;YAChB,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;gBAChC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QAED,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,OAAO;QACT,CAAC;QAED,IAAI,CAAC,GAAG,GAAG,mBAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QAC3C,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;IAC7C,CAAC;IAED,kBAAkB,CAAC,OAA4B;QAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC;QAE5B,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACxD,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY;gBAC9C,OAAO,EAAE,iDAAiD;aAC3D,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,uBAAc,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY;gBAC9C,OAAO,EAAE,qDAAqD;aAC/D,CAAC,CAAC;QACL,CAAC;QAED,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY;gBAC9C,OAAO,EAAE,kIAAkI;aAC5I,CAAC,CAAC;QACL,CAAC;QAED,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,KAAK,CAAC;QACtC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,IAAqC;QAChD,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;QACvB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;YACjF,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY;gBAC9C,OAAO,EAAE,iCAAiC;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YACrF,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY;gBAC9C,OAAO,EAAE,mCAAmC;aAC7C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAGd;QACC,MAAM,EAAE,OAAO,EAAE,iBAAiB,GAAG,IAAI,CAAC,wBAAwB,EAAE,EAAE,GAAG,IAAI,CAAC;QAE9E,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY;gBAC9C,OAAO,EAAE,mCAAmC;aAC7C,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;YACzD,OAAO,EAAE,CAAC;QACZ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;YACzF,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;gBACrD,OAAO,EAAE,qCAAqC;aAC/C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAES,cAAc,CAAC,IAAiC;QACxD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;QAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAExC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACpC,CAAC;QAED,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,cAAc,CAAC,OAAyB;QACtC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACzC,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,MAAM,EAAE,GAA2B,EAAE,CAAC;QAEtC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;YAE3B,IAAI,0BAA0B,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1D,EAAE,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;gBAChB,SAAS;YACX,CAAC;YAED,uEAAuE;YACvE,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBAC1C,SAAS;YACX,CAAC;YAED,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC;gBACpC,OAAO,EAAE,GAAG;gBACZ,MAAM,EAAE,IAAI,CAAC,iBAAiB;aAC/B,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;YAEvD,EAAE,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC;gBAClC,OAAO,EAAE,UAAU;gBACnB,MAAM,EAAE,IAAI,CAAC,iBAAiB;aAC/B,CAAC,CAAC;QACL,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;IAES,gBAAgB,CAAC,IAAoC;QAC7D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;QAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAExC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC,WAAW,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QAC3C,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAED,cAAc,CAAC,IAAmD;QAChE,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QAEjD,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACzC,OAAO,OAA2B,CAAC;QACrC,CAAC;QAED,IAAI,CAAC,MAAM;aACR,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;aAC7B,KAAK,CAAC,sCAAsC,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC;QAE3E,MAAM,EAAE,GAAQ,EAAE,CAAC;QACnB,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,IAAI,0BAA0B,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1D,EAAE,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;gBACvB,SAAS;YACX,CAAC;YAED,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC;gBACpC,OAAO,EAAE,GAAG;gBACZ,MAAM,EAAE,IAAI,CAAC,iBAAiB;aAC/B,CAAC,CAAC;YACH,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC;gBACtC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC;gBACrB,MAAM,EAAE,IAAI,CAAC,iBAAiB;aAC/B,CAAC,CAAC;YAEH,EAAE,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,gBAAgB,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QACzF,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;;AA9MH,gEA0NC"}

package/dist/components/auth/authenticate/services/bearer/index.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export * from './abstract.service';
+export * from './jwks';
+export * from './jws.service';
+//# sourceMappingURL=index.d.ts.map

package/dist/components/auth/authenticate/services/bearer/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/components/auth/authenticate/services/bearer/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC;AACnC,cAAc,QAAQ,CAAC;AACvB,cAAc,eAAe,CAAC"}

package/dist/components/auth/authenticate/services/bearer/index.js ADDED Viewed

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./abstract.service"), exports);
+__exportStar(require("./jwks"), exports);
+__exportStar(require("./jws.service"), exports);
+//# sourceMappingURL=index.js.map

package/dist/components/auth/authenticate/services/bearer/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../src/components/auth/authenticate/services/bearer/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAmC;AACnC,yCAAuB;AACvB,gDAA8B"}

package/dist/components/auth/authenticate/services/bearer/jwks/abstract.service.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { Env } from 'hono';
+import { AbstractBearerTokenService } from '../abstract.service';
+/**
+ * Base class for JWKS token services (Issuer + Verifier).
+ *
+ * Consolidates the lazy-initialization pattern with retry-on-failure semantics:
+ * if `initialize()` rejects, `initPromise` is reset so the next call retries
+ * instead of caching the failure permanently.
+ */
+export declare abstract class AbstractJWKSTokenService<E extends Env = Env> extends AbstractBearerTokenService<E> {
+    protected initialized: boolean;
+    protected initPromise: Promise<void> | null;
+    protected ensureInitialized(): Promise<void>;
+    protected abstract initialize(): Promise<void>;
+}
+//# sourceMappingURL=abstract.service.d.ts.map

package/dist/components/auth/authenticate/services/bearer/jwks/abstract.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"abstract.service.d.ts","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/abstract.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AAEjE;;;;;;GAMG;AACH,8BAAsB,wBAAwB,CAC5C,CAAC,SAAS,GAAG,GAAG,GAAG,CACnB,SAAQ,0BAA0B,CAAC,CAAC,CAAC;IACrC,SAAS,CAAC,WAAW,UAAS;IAC9B,SAAS,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAQ;cAEnC,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC;IAelD,SAAS,CAAC,QAAQ,CAAC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAC/C"}

package/dist/components/auth/authenticate/services/bearer/jwks/abstract.service.js ADDED Viewed

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AbstractJWKSTokenService = void 0;
+const abstract_service_1 = require("../abstract.service");
+/**
+ * Base class for JWKS token services (Issuer + Verifier).
+ *
+ * Consolidates the lazy-initialization pattern with retry-on-failure semantics:
+ * if `initialize()` rejects, `initPromise` is reset so the next call retries
+ * instead of caching the failure permanently.
+ */
+class AbstractJWKSTokenService extends abstract_service_1.AbstractBearerTokenService {
+    constructor() {
+        super(...arguments);
+        this.initialized = false;
+        this.initPromise = null;
+    }
+    async ensureInitialized() {
+        if (this.initialized) {
+            return;
+        }
+        if (!this.initPromise) {
+            this.initPromise = this.initialize().catch(error => {
+                this.initPromise = null;
+                throw error;
+            });
+        }
+        await this.initPromise;
+    }
+}
+exports.AbstractJWKSTokenService = AbstractJWKSTokenService;
+//# sourceMappingURL=abstract.service.js.map

package/dist/components/auth/authenticate/services/bearer/jwks/abstract.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"abstract.service.js","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/abstract.service.ts"],"names":[],"mappings":";;;AACA,0DAAiE;AAEjE;;;;;;GAMG;AACH,MAAsB,wBAEpB,SAAQ,6CAA6B;IAFvC;;QAGY,gBAAW,GAAG,KAAK,CAAC;QACpB,gBAAW,GAAyB,IAAI,CAAC;IAkBrD,CAAC;IAhBW,KAAK,CAAC,iBAAiB;QAC/B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;gBACjD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;gBACxB,MAAM,KAAK,CAAC;YACd,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,IAAI,CAAC,WAAW,CAAC;IACzB,CAAC;CAGF;AAtBD,4DAsBC"}

package/dist/components/auth/authenticate/services/bearer/jwks/index.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export * from './abstract.service';
+export * from './issuer.service';
+export * from './verifier.service';
+//# sourceMappingURL=index.d.ts.map

package/dist/components/auth/authenticate/services/bearer/jwks/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC;AACnC,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC"}

package/dist/components/auth/authenticate/services/bearer/jwks/index.js ADDED Viewed

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./abstract.service"), exports);
+__exportStar(require("./issuer.service"), exports);
+__exportStar(require("./verifier.service"), exports);
+//# sourceMappingURL=index.js.map

package/dist/components/auth/authenticate/services/bearer/jwks/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAmC;AACnC,mDAAiC;AACjC,qDAAmC"}

package/dist/components/auth/authenticate/services/bearer/jwks/issuer.service.d.ts ADDED Viewed

@@ -0,0 +1,46 @@
+import { TNullable, ValueOrPromise } from '@venizia/ignis-helpers';
+import { Env } from 'hono';
+import { CryptoKey, JWK, SignJWT } from 'jose';
+import { IJWKSIssuerOptions, IJWTTokenPayload, TGetTokenExpiresFn } from '../../../common';
+import { AbstractJWKSTokenService } from './abstract.service';
+export declare class JWKSIssuerTokenService<E extends Env = Env> extends AbstractJWKSTokenService<E> {
+    protected options: IJWKSIssuerOptions;
+    protected privateKey: TNullable<CryptoKey | Uint8Array>;
+    protected publicKey: TNullable<CryptoKey | Uint8Array>;
+    protected jwks: {
+        keys: JWK[];
+    } | null;
+    constructor(options: IJWKSIssuerOptions);
+    protected initialize(): Promise<void>;
+    protected resolveKeyContent(opts: {
+        keys: IJWKSIssuerOptions['keys'];
+    }): Promise<{
+        priv: string;
+        pub: string;
+    }>;
+    protected parseKeyMaterial(opts: {
+        raw: {
+            priv: string;
+            pub: string;
+        };
+        algorithm: IJWKSIssuerOptions['algorithm'];
+        keys: IJWKSIssuerOptions['keys'];
+    }): Promise<{
+        priv: Uint8Array<ArrayBufferLike> | import("node:crypto").webcrypto.CryptoKey;
+        pub: Uint8Array<ArrayBufferLike> | import("node:crypto").webcrypto.CryptoKey;
+    }>;
+    protected doVerify(token: string): Promise<IJWTTokenPayload>;
+    getSigner(opts: {
+        payload: IJWTTokenPayload;
+        getTokenExpiresFn: TGetTokenExpiresFn;
+    }): Promise<SignJWT>;
+    protected getSigningKey(): ValueOrPromise<Uint8Array | CryptoKey>;
+    protected getDefaultTokenExpiresFn(): TGetTokenExpiresFn;
+    getJWKS(): {
+        keys: JWK[];
+    };
+    getJWKSAsync(): Promise<{
+        keys: JWK[];
+    }>;
+}
+//# sourceMappingURL=issuer.service.d.ts.map

package/dist/components/auth/authenticate/services/bearer/jwks/issuer.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"issuer.service.d.ts","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/issuer.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAkB,SAAS,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACnF,OAAO,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,EACL,SAAS,EAKT,GAAG,EAEH,OAAO,EACR,MAAM,MAAM,CAAC;AAEd,OAAO,EAEL,kBAAkB,EAClB,gBAAgB,EAGhB,kBAAkB,EACnB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAE9D,qBAAa,sBAAsB,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAE,SAAQ,wBAAwB,CAAC,CAAC,CAAC;IAOxF,SAAS,CAAC,OAAO,EAAE,kBAAkB;IANvC,SAAS,CAAC,UAAU,EAAE,SAAS,CAAC,SAAS,GAAG,UAAU,CAAC,CAAQ;IAC/D,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,SAAS,GAAG,UAAU,CAAC,CAAQ;IAC9D,SAAS,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,GAAG,EAAE,CAAA;KAAE,GAAG,IAAI,CAAQ;gBAIlC,OAAO,EAAE,kBAAkB;cAWd,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;cA4BpC,iBAAiB,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAA;KAAE;;;;cA0B5D,gBAAgB,CAAC,IAAI,EAAE;QACrC,GAAG,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,GAAG,EAAE,MAAM,CAAA;SAAE,CAAC;QACnC,SAAS,EAAE,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAC3C,IAAI,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;KAClC;;;;cAoDwB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAM5D,SAAS,CAAC,IAAI,EAAE;QAC7B,OAAO,EAAE,gBAAgB,CAAC;QAC1B,iBAAiB,EAAE,kBAAkB,CAAC;KACvC;cAekB,aAAa,IAAI,cAAc,CAAC,UAAU,GAAG,SAAS,CAAC;cAQvD,wBAAwB,IAAI,kBAAkB;IAIjE,OAAO,IAAI;QAAE,IAAI,EAAE,GAAG,EAAE,CAAA;KAAE;IAWpB,YAAY,IAAI,OAAO,CAAC;QAAE,IAAI,EAAE,GAAG,EAAE,CAAA;KAAE,CAAC;CAI/C"}

package/dist/components/auth/authenticate/services/bearer/jwks/issuer.service.js ADDED Viewed

@@ -0,0 +1,168 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var JWKSIssuerTokenService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JWKSIssuerTokenService = void 0;
+const injectors_1 = require("../../../../../../base/metadata/injectors");
+const ignis_helpers_1 = require("@venizia/ignis-helpers");
+const jose_1 = require("jose");
+const promises_1 = require("node:fs/promises");
+const common_1 = require("../../../common");
+const abstract_service_1 = require("./abstract.service");
+let JWKSIssuerTokenService = JWKSIssuerTokenService_1 = class JWKSIssuerTokenService extends abstract_service_1.AbstractJWKSTokenService {
+    constructor(options) {
+        super({ scope: JWKSIssuerTokenService_1.name });
+        this.options = options;
+        this.privateKey = null;
+        this.publicKey = null;
+        this.jwks = null;
+        this.configurePayloadEncryption({
+            aesAlgorithm: this.options.aesAlgorithm,
+            applicationSecret: this.options.applicationSecret,
+            fieldCodecs: this.options.fieldCodecs,
+        });
+    }
+    async initialize() {
+        const { keys, algorithm } = this.options;
+        const raw = await this.resolveKeyContent({ keys });
+        const built = await this.parseKeyMaterial({ raw, algorithm, keys });
+        this.privateKey = built.priv;
+        this.publicKey = built.pub;
+        const publicJWK = await (0, jose_1.exportJWK)(this.publicKey);
+        publicJWK.kid = this.options.kid;
+        publicJWK.alg = algorithm;
+        publicJWK.use = 'sig';
+        this.jwks = { keys: [publicJWK] };
+        this.initialized = true;
+        this.logger
+            .for(this.initialize.name)
+            .info('JWKS issuer initialized | driver: %s | format: %s | kid: %s', keys.driver, keys.format, this.options.kid);
+    }
+    async resolveKeyContent(opts) {
+        const { keys } = opts;
+        switch (keys.driver) {
+            case common_1.JWKSKeyDrivers.FILE: {
+                const [priv, pub] = await Promise.all([
+                    (0, promises_1.readFile)(keys.private, 'utf-8'),
+                    (0, promises_1.readFile)(keys.public, 'utf-8'),
+                ]);
+                return { priv, pub };
+            }
+            case common_1.JWKSKeyDrivers.TEXT: {
+                return {
+                    priv: keys.private,
+                    pub: keys.public,
+                };
+            }
+            default: {
+                throw (0, ignis_helpers_1.getError)({
+                    statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                    message: `[JWKSIssuerTokenService] Unknown key driver: ${keys.driver}`,
+                });
+            }
+        }
+    }
+    async parseKeyMaterial(opts) {
+        const { raw, algorithm, keys } = opts;
+        if (!raw.priv) {
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                message: '[JWKSIssuerTokenService] Invalid raw.priv key!',
+            });
+        }
+        if (!raw.pub) {
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                message: '[JWKSIssuerTokenService] Invalid raw.pub key!',
+            });
+        }
+        switch (keys.format) {
+            case common_1.JWKSKeyFormats.PEM: {
+                const priv = await (0, jose_1.importPKCS8)(raw.priv, algorithm);
+                const pub = await (0, jose_1.importSPKI)(raw.pub, algorithm);
+                return { priv, pub };
+            }
+            case common_1.JWKSKeyFormats.JWK: {
+                try {
+                    const parsed = {
+                        priv: JSON.parse(raw.priv),
+                        pub: JSON.parse(raw.pub),
+                    };
+                    const priv = await (0, jose_1.importJWK)(parsed.priv, algorithm);
+                    const pub = await (0, jose_1.importJWK)(parsed.pub, algorithm);
+                    return { priv, pub };
+                }
+                catch (error) {
+                    this.logger
+                        .for(this.parseKeyMaterial.name)
+                        .error('Invalid JWK key material | Error: %s', error);
+                    throw (0, ignis_helpers_1.getError)({
+                        statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                        message: '[JWKSIssuerTokenService] Invalid JWK key material',
+                    });
+                }
+            }
+            default: {
+                throw (0, ignis_helpers_1.getError)({
+                    statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                    message: `[JWKSIssuerTokenService] Unknown key format: ${keys.format}`,
+                });
+            }
+        }
+    }
+    async doVerify(token) {
+        await this.ensureInitialized();
+        const result = await (0, jose_1.jwtVerify)(token, this.publicKey);
+        return this.decryptPayload({ result });
+    }
+    async getSigner(opts) {
+        await this.ensureInitialized();
+        const now = Math.floor(Date.now() / 1000);
+        const expiresIn = await opts.getTokenExpiresFn();
+        const encryptedPayload = this.encryptPayload(opts.payload);
+        return new jose_1.SignJWT({ ...encryptedPayload })
+            .setProtectedHeader({ alg: this.options.algorithm, kid: this.options.kid })
+            .setIssuedAt()
+            .setExpirationTime(now + expiresIn)
+            .setNotBefore(now);
+    }
+    getSigningKey() {
+        if (!this.privateKey) {
+            throw (0, ignis_helpers_1.getError)({ message: '[getSigningKey] Invalid privateKey!' });
+        }
+        return this.privateKey;
+    }
+    getDefaultTokenExpiresFn() {
+        return this.options.getTokenExpiresFn;
+    }
+    getJWKS() {
+        if (!this.jwks) {
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                message: '[JWKSIssuerTokenService] JWKS not initialized yet. Call getJWKSAsync() instead.',
+            });
+        }
+        return this.jwks;
+    }
+    async getJWKSAsync() {
+        await this.ensureInitialized();
+        return this.jwks;
+    }
+};
+exports.JWKSIssuerTokenService = JWKSIssuerTokenService;
+exports.JWKSIssuerTokenService = JWKSIssuerTokenService = JWKSIssuerTokenService_1 = __decorate([
+    __param(0, (0, injectors_1.inject)({ key: common_1.AuthenticateBindingKeys.JWKS_OPTIONS })),
+    __metadata("design:paramtypes", [Object])
+], JWKSIssuerTokenService);
+//# sourceMappingURL=issuer.service.js.map

package/dist/components/auth/authenticate/services/bearer/jwks/issuer.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"issuer.service.js","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/issuer.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yDAAmD;AACnD,0DAAmF;AAEnF,+BASc;AACd,+CAA4C;AAC5C,4CAOyB;AACzB,yDAA8D;AAE9D,IAAa,sBAAsB,8BAAnC,MAAa,sBAA4C,SAAQ,2CAA2B;IAK1F,YAEE,OAAqC;QAErC,KAAK,CAAC,EAAE,KAAK,EAAE,wBAAsB,CAAC,IAAI,EAAE,CAAC,CAAC;QAFpC,YAAO,GAAP,OAAO,CAAoB;QAN7B,eAAU,GAAsC,IAAI,CAAC;QACrD,cAAS,GAAsC,IAAI,CAAC;QACpD,SAAI,GAA2B,IAAI,CAAC;QAQ5C,IAAI,CAAC,0BAA0B,CAAC;YAC9B,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY;YACvC,iBAAiB,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB;YACjD,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;SACtC,CAAC,CAAC;IACL,CAAC;IAEkB,KAAK,CAAC,UAAU;QACjC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QAEzC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACnD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC;QAE3B,MAAM,SAAS,GAAG,MAAM,IAAA,gBAAS,EAAC,IAAI,CAAC,SAAU,CAAC,CAAC;QACnD,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;QACjC,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC;QAC1B,SAAS,CAAC,GAAG,GAAG,KAAK,CAAC;QAEtB,IAAI,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC;QAElC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAExB,IAAI,CAAC,MAAM;aACR,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;aACzB,IAAI,CACH,6DAA6D,EAC7D,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,OAAO,CAAC,GAAG,CACjB,CAAC;IACN,CAAC;IAES,KAAK,CAAC,iBAAiB,CAAC,IAA0C;QAC1E,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;QAEtB,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;YACpB,KAAK,uBAAc,CAAC,IAAI,CAAC,CAAC,CAAC;gBACzB,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;oBACpC,IAAA,mBAAQ,EAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC;oBAC/B,IAAA,mBAAQ,EAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC;iBAC/B,CAAC,CAAC;gBACH,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;YACvB,CAAC;YACD,KAAK,uBAAc,CAAC,IAAI,CAAC,CAAC,CAAC;gBACzB,OAAO;oBACL,IAAI,EAAE,IAAI,CAAC,OAAO;oBAClB,GAAG,EAAE,IAAI,CAAC,MAAM;iBACjB,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAA,wBAAQ,EAAC;oBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;oBACrD,OAAO,EAAE,gDAAgD,IAAI,CAAC,MAAM,EAAE;iBACvE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,IAIhC;QACC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;QAEtC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;gBACrD,OAAO,EAAE,gDAAgD;aAC1D,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YACb,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;gBACrD,OAAO,EAAE,+CAA+C;aACzD,CAAC,CAAC;QACL,CAAC;QAED,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;YACpB,KAAK,uBAAc,CAAC,GAAG,CAAC,CAAC,CAAC;gBACxB,MAAM,IAAI,GAAG,MAAM,IAAA,kBAAW,EAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBACpD,MAAM,GAAG,GAAG,MAAM,IAAA,iBAAU,EAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBACjD,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;YACvB,CAAC;YACD,KAAK,uBAAc,CAAC,GAAG,CAAC,CAAC,CAAC;gBACxB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG;wBACb,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAQ;wBACjC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAQ;qBAChC,CAAC;oBAEF,MAAM,IAAI,GAAG,MAAM,IAAA,gBAAS,EAAC,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;oBACrD,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAS,EAAC,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;oBACnD,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;gBACvB,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,IAAI,CAAC,MAAM;yBACR,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;yBAC/B,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;oBACxD,MAAM,IAAA,wBAAQ,EAAC;wBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;wBACrD,OAAO,EAAE,mDAAmD;qBAC7D,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAA,wBAAQ,EAAC;oBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;oBACrD,OAAO,EAAE,gDAAgD,IAAI,CAAC,MAAM,EAAE;iBACvE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAEkB,KAAK,CAAC,QAAQ,CAAC,KAAa;QAC7C,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,IAAA,gBAAS,EAAmB,KAAK,EAAE,IAAI,CAAC,SAAU,CAAC,CAAC;QACzE,OAAO,IAAI,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IACzC,CAAC;IAEQ,KAAK,CAAC,SAAS,CAAC,IAGxB;QACC,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEjD,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE3D,OAAO,IAAI,cAAO,CAAC,EAAE,GAAG,gBAAgB,EAAE,CAAC;aACxC,kBAAkB,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;aAC1E,WAAW,EAAE;aACb,iBAAiB,CAAC,GAAG,GAAG,SAAS,CAAC;aAClC,YAAY,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAEkB,aAAa;QAC9B,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAA,wBAAQ,EAAC,EAAE,OAAO,EAAE,qCAAqC,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAEkB,wBAAwB;QACzC,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC;IACxC,CAAC;IAED,OAAO;QACL,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACf,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;gBACrD,OAAO,EAAE,iFAAiF;aAC3F,CAAC,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,IAAK,CAAC;IACpB,CAAC;CACF,CAAA;AAnLY,wDAAsB;iCAAtB,sBAAsB;IAM9B,WAAA,IAAA,kBAAM,EAAC,EAAE,GAAG,EAAE,gCAAuB,CAAC,YAAY,EAAE,CAAC,CAAA;;GAN7C,sBAAsB,CAmLlC"}

package/dist/components/auth/authenticate/services/bearer/jwks/verifier.service.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { Env } from 'hono';
+import { createRemoteJWKSet, SignJWT } from 'jose';
+import { IJWKSVerifierOptions, IJWTTokenPayload, TGetTokenExpiresFn } from '../../../common';
+import { AbstractJWKSTokenService } from './abstract.service';
+export declare class JWKSVerifierTokenService<E extends Env = Env> extends AbstractJWKSTokenService<E> {
+    protected options: IJWKSVerifierOptions;
+    protected jwksVerifier: ReturnType<typeof createRemoteJWKSet> | null;
+    constructor(options: IJWKSVerifierOptions);
+    protected initialize(): Promise<void>;
+    protected doVerify(token: string): Promise<IJWTTokenPayload>;
+    getSigner(_opts: {
+        payload: IJWTTokenPayload;
+        getTokenExpiresFn: TGetTokenExpiresFn;
+    }): Promise<SignJWT>;
+    protected getSigningKey(): never;
+    protected getDefaultTokenExpiresFn(): never;
+}
+//# sourceMappingURL=verifier.service.d.ts.map

package/dist/components/auth/authenticate/services/bearer/jwks/verifier.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verifier.service.d.ts","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/verifier.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,EAAE,kBAAkB,EAAa,OAAO,EAAE,MAAM,MAAM,CAAC;AAC9D,OAAO,EAEL,oBAAoB,EACpB,gBAAgB,EAChB,kBAAkB,EACnB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAE9D,qBAAa,wBAAwB,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAE,SAAQ,wBAAwB,CAAC,CAAC,CAAC;IAK1F,SAAS,CAAC,OAAO,EAAE,oBAAoB;IAJzC,SAAS,CAAC,YAAY,EAAE,UAAU,CAAC,OAAO,kBAAkB,CAAC,GAAG,IAAI,CAAQ;gBAIhE,OAAO,EAAE,oBAAoB;cAUhB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;cAc3B,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAM5D,SAAS,CAAC,KAAK,EAAE;QAC9B,OAAO,EAAE,gBAAgB,CAAC;QAC1B,iBAAiB,EAAE,kBAAkB,CAAC;KACvC,GAAG,OAAO,CAAC,OAAO,CAAC;cAOD,aAAa,IAAI,KAAK;cAOtB,wBAAwB,IAAI,KAAK;CAMrD"}

package/dist/components/auth/authenticate/services/bearer/jwks/verifier.service.js ADDED Viewed

@@ -0,0 +1,73 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var JWKSVerifierTokenService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JWKSVerifierTokenService = void 0;
+const injectors_1 = require("../../../../../../base/metadata/injectors");
+const ignis_helpers_1 = require("@venizia/ignis-helpers");
+const jose_1 = require("jose");
+const common_1 = require("../../../common");
+const abstract_service_1 = require("./abstract.service");
+let JWKSVerifierTokenService = JWKSVerifierTokenService_1 = class JWKSVerifierTokenService extends abstract_service_1.AbstractJWKSTokenService {
+    constructor(options) {
+        super({ scope: JWKSVerifierTokenService_1.name });
+        this.options = options;
+        this.jwksVerifier = null;
+        this.configurePayloadEncryption({
+            aesAlgorithm: this.options.aesAlgorithm,
+            applicationSecret: this.options.applicationSecret,
+            fieldCodecs: this.options.fieldCodecs,
+        });
+    }
+    async initialize() {
+        const jwksUrl = new URL(this.options.jwksUrl);
+        this.jwksVerifier = (0, jose_1.createRemoteJWKSet)(jwksUrl, {
+            cacheMaxAge: this.options.cacheTtlMs ?? 43_200_000,
+            cooldownDuration: this.options.cooldownMs ?? 30_000,
+        });
+        this.initialized = true;
+        this.logger
+            .for(this.initialize.name)
+            .info('JWKS verifier initialized | url: %s', this.options.jwksUrl);
+    }
+    async doVerify(token) {
+        await this.ensureInitialized();
+        const result = await (0, jose_1.jwtVerify)(token, this.jwksVerifier);
+        return this.decryptPayload({ result });
+    }
+    async getSigner(_opts) {
+        throw (0, ignis_helpers_1.getError)({
+            statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+            message: '[JWKSVerifierTokenService] Verifier mode cannot sign tokens',
+        });
+    }
+    getSigningKey() {
+        throw (0, ignis_helpers_1.getError)({
+            statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+            message: '[JWKSVerifierTokenService] Verifier mode cannot sign tokens',
+        });
+    }
+    getDefaultTokenExpiresFn() {
+        throw (0, ignis_helpers_1.getError)({
+            statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+            message: '[JWKSVerifierTokenService] Verifier mode has no token expiry',
+        });
+    }
+};
+exports.JWKSVerifierTokenService = JWKSVerifierTokenService;
+exports.JWKSVerifierTokenService = JWKSVerifierTokenService = JWKSVerifierTokenService_1 = __decorate([
+    __param(0, (0, injectors_1.inject)({ key: common_1.AuthenticateBindingKeys.JWKS_OPTIONS })),
+    __metadata("design:paramtypes", [Object])
+], JWKSVerifierTokenService);
+//# sourceMappingURL=verifier.service.js.map