@verisoft/security-core 18.0.0 → 18.3.0

package/package.json

@@ -1,9 +1,11 @@
-{
-  "name": "@verisoft/security-core",
-  "version": "18.0.0",
-  "peerDependencies": {
-    "@angular/common": "^18.2.0",
-    "@angular/core": "^18.2.0"
-  },
-  "sideEffects": false
-}
+{
+  "name": "@verisoft/security-core",
+  "version": "18.3.0",
+  "peerDependencies": {
+    "@angular/core": "^18.2.0",
+    "rxjs": "~7.8.0",
+    "@angular/router": "18.2.8",
+    "@ngrx/store": "18.0.2"
+  },
+  "sideEffects": false
+}

package/src/lib/directives/has-permission.directive.ts

@@ -3,16 +3,16 @@ import {
   Input,
   TemplateRef,
   ViewContainerRef,
-  OnInit,
   OnDestroy,
 } from '@angular/core';
 import { distinctUntilChanged, Subscription } from 'rxjs';
 import { AuthContextService } from '../services';
 
 @Directive({
+  standalone: true,
   selector: '[hasPermission]',
 })
-export class HasPermissionDirective<T> implements OnInit, OnDestroy {
+export class HasPermissionDirective<T> implements OnDestroy {
   private requiredPermissions: string | string[] = '';
   private sub?: Subscription;
 
@@ -28,10 +28,6 @@ export class HasPermissionDirective<T> implements OnInit, OnDestroy {
     this.updateView();
   }
 
-  ngOnInit(): void {
-    this.updateView();
-  }
-
   ngOnDestroy(): void {
     this.unregister();
   }
@@ -42,7 +38,7 @@ export class HasPermissionDirective<T> implements OnInit, OnDestroy {
 
   private updateView(): void {
     this.unregister();
-    if (!this.requiredPermissions) {
+    if (this.requiredPermissions || this.requiredPermissions.length) {
       this.sub = this.authContext
         .hasRequiredPermission(this.requiredPermissions)
         .pipe(distinctUntilChanged())

package/src/lib/directives/has-role.directive.ts

@@ -3,16 +3,16 @@ import {
   Input,
   TemplateRef,
   ViewContainerRef,
-  OnInit,
   OnDestroy,
 } from '@angular/core';
 import { distinctUntilChanged, Subscription } from 'rxjs';
 import { AuthContextService } from '../services';
 
 @Directive({
+  standalone: true,
   selector: '[hasRole]',
 })
-export class HasRoleDirective<T> implements OnInit, OnDestroy {
+export class HasRoleDirective<T> implements OnDestroy {
   private requiredRoles: string | string[] | undefined;
   private sub?: Subscription;
 
@@ -28,10 +28,6 @@ export class HasRoleDirective<T> implements OnInit, OnDestroy {
     this.updateView();
   }
 
-  ngOnInit(): void {
-    this.updateView();
-  }
-
   ngOnDestroy(): void {
     this.unregister();
   }
@@ -42,7 +38,7 @@ export class HasRoleDirective<T> implements OnInit, OnDestroy {
 
   private updateView(): void {
     this.unregister();
-    if (this.requiredRoles) {
+    if (this.requiredRoles || this.requiredRoles?.length) {
       this.sub = this.authContext
         .hasRequiredRole(this.requiredRoles)
         .pipe(distinctUntilChanged())

package/src/lib/guards/auth.guard.ts

@@ -19,7 +19,7 @@ export class AuthGuard implements CanActivate, CanActivateChild {
   private config = inject<SecurityConfig>(SECURITY_CONFIG);
   private router = inject(Router);
   private authContext = inject(AuthContextService);
-  
+
   canActivate(route: ActivatedRouteSnapshot): Observable<boolean | UrlTree> {
     return this.checkPermissionsAndRolesAndNavigate(route, this.config.notAuthorizedPage);
   }
@@ -34,16 +34,12 @@ export class AuthGuard implements CanActivate, CanActivateChild {
     route: ActivatedRouteSnapshot,
     notAuthorizedUrl: string | undefined
   ): Observable<boolean | UrlTree> {
-    const requiredPermissions = route.data['permissions'] as
-      | string
-      | string[]
-      | undefined;
+    const requiredPermissions = route.data['permissions'] as | string | string[] | undefined;
     const requiredRoles = route.data['roles'] as string | string[] | undefined;
 
     return this.authContext.user$.pipe(
       map(
-        (user) =>
-          user &&
+        (user) => user &&
           (!requiredPermissions ||
             hasRequiredPermission(user, requiredPermissions)) &&
           (!requiredRoles || hasRequiredPermission(user, requiredRoles))

package/src/lib/models/authenticated-user.model.ts

@@ -1,7 +1,8 @@
 export interface AuthenticatedUser {
+    userId?: string;
     userName: string;
     email: string;
-    displayName: string;
+    displayName?: string;
     roles: string[] | undefined;
     permissions: string[] | undefined;
-}
+}

package/src/lib/models/config.model.ts

@@ -1,7 +1,9 @@
 
 export interface SecurityConfig {
     tokenStorageKey: string;
+    contextTokenStorageKey?: string;
     loginPage?: string;
+    logoutPage?: string;
     notAuthorizedPage?: string;
     sendTokenHeader?: boolean;
-}
+}

package/src/lib/models/functions.ts

@@ -18,11 +18,11 @@ function hasItems(
   userItems: string[] | undefined,
   neededItems: string | string[]
 ): boolean {
-  if (!neededItems) {
+  if (!neededItems || !neededItems.length) {
     return true;
   }
 
-  if (!userItems) {
+  if (!userItems || !userItems.length) {
     return false;
   }
 
@@ -51,18 +51,16 @@ export function convertJWTToUser(
     if (parts.length < 2) {
       return undefined;
     }
+    const payload = decodeJwtPayload(parts[1]);
 
-    const payloadBase64 = parts[1];
-    const payloadJson = atob(payloadBase64);
-    const payload = JSON.parse(payloadJson);
-
-    const userName = payload['sub'] ?? payload['nameid'];
+    const userName = payload['unique_name'] ?? payload['nameid'];
     if (!userName) {
       return undefined;
     }
 
     const user: AuthenticatedUser = {
       userName,
+      userId: payload['nameid'],
       email: payload['email'],
       displayName: payload['name'],
       roles: convertToArray(payload, 'role'),
@@ -75,6 +73,19 @@ export function convertJWTToUser(
   }
 }
 
+export function decodeJwtPayload(jwt: string): any {
+  const base64 = jwt.replace(/-/g, '+').replace(/_/g, '/');
+
+  const jsonPayload = decodeURIComponent(
+    atob(base64)
+      .split('')
+      .map(c => '%' + c.charCodeAt(0).toString(16).padStart(2, '0'))
+      .join('')
+  );
+
+  return JSON.parse(jsonPayload);
+}
+
 function convertToArray(
   item: { [key: string]: string | string[] },
   propertyName: string

package/src/lib/provider.ts

@@ -7,7 +7,6 @@ import {
 } from '@angular/core';
 import { Router } from '@angular/router';
 import { StoreModule } from '@ngrx/store';
-import { HasPermissionDirective, HasRoleDirective } from './directives';
 import { AuthGuard } from './guards';
 import { SecurityConfig } from './models';
 import {
@@ -28,15 +27,13 @@ export function provideSecurity(
   return [
     AuthGuard,
     SECURITY_INITIALIZER_PROVIDER,
-    { provide: TOKEN_PROVIDER, useClass: LocalStorageTokenProvider },
+    { provide: SECURITY_CONTEXT_TOKEN_PROVIDER, useClass: LocalStorageTokenProvider },
     { provide: SECURITY_CONFIG, useValue: securityConfig },
   ];
 }
 
 @NgModule({
-  declarations: [HasPermissionDirective, HasRoleDirective],
   imports: [StoreModule.forFeature(SecurityFeature)],
-  exports: [HasPermissionDirective, HasRoleDirective],
 })
 export class SecurityModule {
   static forRoot(
@@ -49,13 +46,13 @@ export class SecurityModule {
   }
 }
 
-export const TOKEN_PROVIDER = new InjectionToken('SECURITY_TOKEN_PROVIDER');
+export const SECURITY_CONTEXT_TOKEN_PROVIDER = new InjectionToken('SECURITY_CONTEXT_TOKEN_PROVIDER');
 
 export const SECURITY_CONFIG = new InjectionToken('SECURITY_CONFIG');
 
 export const SECURITY_INITIALIZER_PROVIDER: Provider = {
   provide: APP_INITIALIZER,
   useFactory: securityInitializerFactory,
-  deps: [TOKEN_PROVIDER, AuthContextService, SECURITY_CONFIG, Router],
+  deps: [SECURITY_CONTEXT_TOKEN_PROVIDER, AuthContextService, SECURITY_CONFIG, Router],
   multi: true,
 };

package/src/lib/services/index.ts

@@ -1,5 +1,7 @@
 export * from './auth-context.service';
-export * from './local-token-provider';
+export * from './local-storage-token-provider';
 export * from './security-initializer';
 export * from './session-token-provider';
 export * from './token-provider';
+export * from './login.service';
+export * from './logout.service';

package/src/lib/services/local-storage-token-provider.ts

@@ -0,0 +1,23 @@
+import { inject, Injectable } from '@angular/core';
+import { Observable, of } from 'rxjs';
+import { SecurityConfig } from '../models';
+import { SECURITY_CONFIG } from '../provider';
+import { TokenProvider } from './token-provider';
+
+@Injectable()
+export class LocalStorageTokenProvider implements TokenProvider {
+  private config = inject<SecurityConfig>(SECURITY_CONFIG);
+
+  getToken(): Observable<string | undefined> {
+    const token = localStorage.getItem(this.config.tokenStorageKey);
+    return of(token ?? undefined);
+  }
+
+  setToken(token: string): void {
+    localStorage.setItem(this.config.tokenStorageKey, token);
+  }
+
+  removeToken(): void {
+    localStorage.clear();
+  }
+}

package/src/lib/services/login.service.ts

@@ -0,0 +1,23 @@
+import { inject, Injectable } from '@angular/core';
+import { Router } from '@angular/router';
+import { convertJWTToUser, SecurityConfig } from '../models';
+import { SECURITY_CONFIG, SECURITY_CONTEXT_TOKEN_PROVIDER } from '../provider';
+import { AuthContextService } from './auth-context.service';
+import { LocalStorageTokenProvider } from './local-storage-token-provider';
+
+@Injectable()
+export class LoginService {
+    private config = inject<SecurityConfig>(SECURITY_CONFIG);
+    private tokenProvider = inject<LocalStorageTokenProvider>(SECURITY_CONTEXT_TOKEN_PROVIDER);
+    private authService = inject(AuthContextService);
+    private router = inject(Router);
+
+    login(token?: string): void {
+        if (token) {
+            this.tokenProvider.setToken(token);
+            this.authService.setUser(convertJWTToUser(token));
+        } else {
+            this.router.navigate([this.config.loginPage]);
+        }
+    }
+}

package/src/lib/services/logout.service.ts

@@ -0,0 +1,15 @@
+import { inject, Injectable } from '@angular/core';
+import { SECURITY_CONTEXT_TOKEN_PROVIDER } from '../provider';
+import { AuthContextService } from './auth-context.service';
+import { LocalStorageTokenProvider } from './local-storage-token-provider';
+
+@Injectable()
+export class LogoutService {
+    private readonly tokenProvider = inject<LocalStorageTokenProvider>(SECURITY_CONTEXT_TOKEN_PROVIDER);
+    private readonly authService = inject(AuthContextService);
+
+    logout(): void {
+        this.tokenProvider.removeToken();
+        this.authService.setUser(undefined);
+    }
+}

package/src/lib/services/token-provider.ts

@@ -1,5 +1,5 @@
 import { Observable } from "rxjs";
 
 export interface TokenProvider {
-    getToken(): Observable<string | undefined>;
-  }
+  getToken(): Observable<string | undefined>;
+}

package/src/lib/state/actions.ts

@@ -1,8 +1,7 @@
 import { createAction, props } from '@ngrx/store';
 import { AuthenticatedUser } from '../models';
 
-// sets or unsets the user
 export const setUser = createAction(
   '[Auth] Set User',
   props<{ user: AuthenticatedUser | undefined }>()
-);
+);