@verisoft/security-core 20.1.0 → 20.1.2

package/index.d.ts

@@ -0,0 +1,153 @@
+import * as i0 from '@angular/core';
+import { OnDestroy, TemplateRef, ViewContainerRef, Provider, EnvironmentProviders, ModuleWithProviders, InjectionToken } from '@angular/core';
+import * as _ngrx_store from '@ngrx/store';
+import { Store } from '@ngrx/store';
+import { Observable } from 'rxjs';
+import { Router, CanActivate, CanActivateChild, ActivatedRouteSnapshot, UrlTree } from '@angular/router';
+import * as _verisoft_security_core from '@verisoft/security-core';
+
+interface AuthenticatedUser {
+    userId?: string;
+    userName: string;
+    email: string;
+    displayName?: string;
+    roles: string[] | undefined;
+    permissions: string[] | undefined;
+}
+
+declare function hasRequiredPermission(user: AuthenticatedUser | undefined, permission: string | string[]): boolean;
+declare function hasRequiredRole(user: AuthenticatedUser | undefined, role: string | string[]): boolean;
+declare function convertJWTToUser(base64Token?: string): AuthenticatedUser | undefined;
+declare function decodeJwtPayload(jwt: string): any;
+
+interface SecurityConfig {
+    tokenStorageKey: string;
+    contextTokenStorageKey?: string;
+    loginPage?: string;
+    logoutPage?: string;
+    notAuthorizedPage?: string;
+    sendTokenHeader?: boolean;
+}
+
+declare class AuthContextService {
+    private store;
+    user$: Observable<AuthenticatedUser | undefined>;
+    isAuthenticated$: Observable<boolean>;
+    constructor(store: Store);
+    setUser(user: AuthenticatedUser | undefined): void;
+    hasRequiredPermission(requiredPermissions: string | string[]): Observable<boolean>;
+    hasRequiredRole(requiredPermissions: string | string[]): Observable<boolean>;
+    static ɵfac: i0.ɵɵFactoryDeclaration<AuthContextService, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<AuthContextService>;
+}
+
+interface TokenProvider {
+    getToken(): Observable<string | undefined>;
+}
+
+declare class LocalStorageTokenProvider implements TokenProvider {
+    private config;
+    getToken(): Observable<string | undefined>;
+    setToken(token: string): void;
+    removeToken(): void;
+    static ɵfac: i0.ɵɵFactoryDeclaration<LocalStorageTokenProvider, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<LocalStorageTokenProvider>;
+}
+
+declare function securityInitializerFactory(tokenProvider: TokenProvider, authService: AuthContextService, config: SecurityConfig, router: Router): () => Promise<unknown>;
+
+declare class SessionStorageTokenProvider implements TokenProvider {
+    private config;
+    getToken(): Observable<string | undefined>;
+    static ɵfac: i0.ɵɵFactoryDeclaration<SessionStorageTokenProvider, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<SessionStorageTokenProvider>;
+}
+
+declare class LoginService {
+    private config;
+    private tokenProvider;
+    private authService;
+    private router;
+    login(token?: string): void;
+    static ɵfac: i0.ɵɵFactoryDeclaration<LoginService, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<LoginService>;
+}
+
+declare class LogoutService {
+    private readonly tokenProvider;
+    private readonly authService;
+    logout(): void;
+    static ɵfac: i0.ɵɵFactoryDeclaration<LogoutService, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<LogoutService>;
+}
+
+declare class HasPermissionDirective<T> implements OnDestroy {
+    private templateRef;
+    private viewContainer;
+    private authContext;
+    private requiredPermissions;
+    private sub?;
+    constructor(templateRef: TemplateRef<T>, viewContainer: ViewContainerRef, authContext: AuthContextService);
+    set hasPermission(value: string | string[]);
+    ngOnDestroy(): void;
+    private unregister;
+    private updateView;
+    static ɵfac: i0.ɵɵFactoryDeclaration<HasPermissionDirective<any>, never>;
+    static ɵdir: i0.ɵɵDirectiveDeclaration<HasPermissionDirective<any>, "[hasPermission]", never, { "hasPermission": { "alias": "hasPermission"; "required": false; }; }, {}, never, never, true, never>;
+}
+
+declare class HasRoleDirective<T> implements OnDestroy {
+    private templateRef;
+    private viewContainer;
+    private authContext;
+    private requiredRoles;
+    private sub?;
+    constructor(templateRef: TemplateRef<T>, viewContainer: ViewContainerRef, authContext: AuthContextService);
+    set hasRole(value: string | string[]);
+    ngOnDestroy(): void;
+    private unregister;
+    private updateView;
+    static ɵfac: i0.ɵɵFactoryDeclaration<HasRoleDirective<any>, never>;
+    static ɵdir: i0.ɵɵDirectiveDeclaration<HasRoleDirective<any>, "[hasRole]", never, { "hasRole": { "alias": "hasRole"; "required": false; }; }, {}, never, never, true, never>;
+}
+
+declare class AuthGuard implements CanActivate, CanActivateChild {
+    private config;
+    private router;
+    private authContext;
+    canActivate(route: ActivatedRouteSnapshot): Observable<boolean | UrlTree>;
+    canActivateChild(childRoute: ActivatedRouteSnapshot): Observable<boolean | UrlTree>;
+    private checkPermissionsAndRolesAndNavigate;
+    static ɵfac: i0.ɵɵFactoryDeclaration<AuthGuard, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<AuthGuard>;
+}
+
+declare const setUser: _ngrx_store.ActionCreator<"[Auth] Set User", (props: {
+    user: AuthenticatedUser | undefined;
+}) => {
+    user: AuthenticatedUser | undefined;
+} & _ngrx_store.Action<"[Auth] Set User">>;
+
+interface AuthState {
+    user: AuthenticatedUser | undefined;
+}
+declare const initialState: AuthState;
+
+declare const authReducer: _ngrx_store.ActionReducer<AuthState, _ngrx_store.Action<string>>;
+
+declare const selectIsAuthenticated: _ngrx_store.MemoizedSelector<Record<string, any>, boolean, (s1: _verisoft_security_core.AuthenticatedUser | undefined) => boolean>;
+declare const selectUser: _ngrx_store.MemoizedSelector<Record<string, any>, _verisoft_security_core.AuthenticatedUser | undefined, (featureState: _verisoft_security_core.AuthState) => _verisoft_security_core.AuthenticatedUser | undefined>;
+
+declare function provideSecurity(config?: Partial<SecurityConfig> | undefined): (Provider | EnvironmentProviders)[];
+declare class SecurityModule {
+    static forRoot(config?: Partial<SecurityConfig>): ModuleWithProviders<SecurityModule>;
+    static ɵfac: i0.ɵɵFactoryDeclaration<SecurityModule, never>;
+    static ɵmod: i0.ɵɵNgModuleDeclaration<SecurityModule, never, [typeof _ngrx_store.StoreFeatureModule], never>;
+    static ɵinj: i0.ɵɵInjectorDeclaration<SecurityModule>;
+}
+declare const SECURITY_CONTEXT_TOKEN_PROVIDER: InjectionToken<unknown>;
+declare const SECURITY_CONFIG: InjectionToken<unknown>;
+declare const SECURITY_INITIALIZER_PROVIDER: EnvironmentProviders;
+
+export { AuthContextService, AuthGuard, HasPermissionDirective, HasRoleDirective, LocalStorageTokenProvider, LoginService, LogoutService, SECURITY_CONFIG, SECURITY_CONTEXT_TOKEN_PROVIDER, SECURITY_INITIALIZER_PROVIDER, SecurityModule, SessionStorageTokenProvider, authReducer, convertJWTToUser, decodeJwtPayload, hasRequiredPermission, hasRequiredRole, initialState, provideSecurity, securityInitializerFactory, selectIsAuthenticated, selectUser, setUser };
+export type { AuthState, AuthenticatedUser, SecurityConfig, TokenProvider };

package/package.json

@@ -1,11 +1,25 @@
 {
   "name": "@verisoft/security-core",
-  "version": "20.1.0",
+  "version": "20.1.2",
   "peerDependencies": {
     "@angular/core": "~20.2.0",
     "@angular/router": "~20.2.0",
     "@ngrx/store": "~20.0.0",
     "rxjs": "~7.8.0"
   },
-  "sideEffects": false
-}
+  "sideEffects": false,
+  "module": "fesm2022/verisoft-security-core.mjs",
+  "typings": "index.d.ts",
+  "exports": {
+    "./package.json": {
+      "default": "./package.json"
+    },
+    ".": {
+      "types": "./index.d.ts",
+      "default": "./fesm2022/verisoft-security-core.mjs"
+    }
+  },
+  "dependencies": {
+    "tslib": "^2.3.0"
+  }
+}

package/.eslintrc.json

@@ -1,48 +0,0 @@
-{
-  "extends": ["../../../../.eslintrc.base.json"],
-  "ignorePatterns": ["!**/*"],
-  "overrides": [
-    {
-      "files": ["*.ts"],
-      "extends": [
-        "plugin:@nx/angular",
-        "plugin:@angular-eslint/template/process-inline-templates"
-      ],
-      "rules": {
-        "@angular-eslint/directive-selector": [
-          "error",
-          {
-            "type": "attribute",
-            "prefix": "",
-            "style": "camelCase"
-          }
-        ],
-        "@angular-eslint/component-selector": [
-          "error",
-          {
-            "type": "element",
-            "prefix": "v-sec",
-            "style": "kebab-case"
-          }
-        ]
-      }
-    },
-    {
-      "files": ["*.html"],
-      "extends": ["plugin:@nx/angular-template"],
-      "rules": {}
-    },
-    {
-      "files": ["*.json"],
-      "parser": "jsonc-eslint-parser",
-      "rules": {
-        "@nx/dependency-checks": [
-          "error",
-          {
-            "ignoredFiles": ["{projectRoot}/eslint.config.{js,cjs,mjs}"]
-          }
-        ]
-      }
-    }
-  ]
-}

package/jest.config.ts

@@ -1,21 +0,0 @@
-export default {
-  displayName: 'security-core',
-  preset: '../../../../jest.preset.js',
-  setupFilesAfterEnv: ['<rootDir>/src/test-setup.ts'],
-  coverageDirectory: '../../../../coverage/src/libs/security/core',
-  transform: {
-    '^.+\\.(ts|mjs|js|html)$': [
-      'jest-preset-angular',
-      {
-        tsconfig: '<rootDir>/tsconfig.spec.json',
-        stringifyContentPathRegex: '\\.(html|svg)$',
-      },
-    ],
-  },
-  transformIgnorePatterns: ['node_modules/(?!.*\\.mjs$)'],
-  snapshotSerializers: [
-    'jest-preset-angular/build/serializers/no-ng-attributes',
-    'jest-preset-angular/build/serializers/ng-snapshot',
-    'jest-preset-angular/build/serializers/html-comment',
-  ],
-};

package/ng-package.json

@@ -1,7 +0,0 @@
-{
-  "$schema": "../../../../node_modules/ng-packagr/ng-package.schema.json",
-  "dest": "../../../../dist/src/libs/security/core",
-  "lib": {
-    "entryFile": "src/index.ts"
-  }
-}

package/project.json

@@ -1,36 +0,0 @@
-{
-  "name": "security-core",
-  "$schema": "../../../../node_modules/nx/schemas/project-schema.json",
-  "sourceRoot": "src/libs/security/core/src",
-  "prefix": "lib",
-  "projectType": "library",
-  "tags": [],
-  "targets": {
-    "build": {
-      "executor": "@nx/angular:package",
-      "outputs": ["{workspaceRoot}/dist/src/libs/security/core"],
-      "options": {
-        "project": "src/libs/security/core/ng-package.json"
-      },
-      "configurations": {
-        "production": {
-          "tsConfig": "src/libs/security/core/tsconfig.lib.prod.json"
-        },
-        "development": {
-          "tsConfig": "src/libs/security/core/tsconfig.lib.json"
-        }
-      },
-      "defaultConfiguration": "production"
-    },
-    "test": {
-      "executor": "@nx/jest:jest",
-      "outputs": ["{workspaceRoot}/coverage/{projectRoot}"],
-      "options": {
-        "jestConfig": "src/libs/security/core/jest.config.ts"
-      }
-    },
-    "lint": {
-      "executor": "@nx/eslint:lint"
-    }
-  }
-}

package/src/index.ts

@@ -1 +0,0 @@
-export * from './lib';

package/src/lib/directives/has-permission.directive.ts

@@ -1,54 +0,0 @@
-import {
-  Directive,
-  Input,
-  TemplateRef,
-  ViewContainerRef,
-  OnDestroy,
-} from '@angular/core';
-import { distinctUntilChanged, Subscription } from 'rxjs';
-import { AuthContextService } from '../services';
-
-@Directive({
-  standalone: true,
-  selector: '[hasPermission]',
-})
-export class HasPermissionDirective<T> implements OnDestroy {
-  private requiredPermissions: string | string[] = '';
-  private sub?: Subscription;
-
-  constructor(
-    private templateRef: TemplateRef<T>,
-    private viewContainer: ViewContainerRef,
-    private authContext: AuthContextService
-  ) {}
-
-  @Input()
-  set hasPermission(value: string | string[]) {
-    this.requiredPermissions = value;
-    this.updateView();
-  }
-
-  ngOnDestroy(): void {
-    this.unregister();
-  }
-
-  private unregister() {
-    this.sub?.unsubscribe();
-  }
-
-  private updateView(): void {
-    this.unregister();
-    if (this.requiredPermissions || this.requiredPermissions.length) {
-      this.sub = this.authContext
-        .hasRequiredPermission(this.requiredPermissions)
-        .pipe(distinctUntilChanged())
-        .subscribe((hasPerm) => {
-          if (hasPerm) {
-            this.viewContainer.createEmbeddedView(this.templateRef);
-          } else {
-            this.viewContainer.clear();
-          }
-        });
-    }
-  }
-}

package/src/lib/directives/has-role.directive.ts

@@ -1,54 +0,0 @@
-import {
-  Directive,
-  Input,
-  TemplateRef,
-  ViewContainerRef,
-  OnDestroy,
-} from '@angular/core';
-import { distinctUntilChanged, Subscription } from 'rxjs';
-import { AuthContextService } from '../services';
-
-@Directive({
-  standalone: true,
-  selector: '[hasRole]',
-})
-export class HasRoleDirective<T> implements OnDestroy {
-  private requiredRoles: string | string[] | undefined;
-  private sub?: Subscription;
-
-  constructor(
-    private templateRef: TemplateRef<T>,
-    private viewContainer: ViewContainerRef,
-    private authContext: AuthContextService
-  ) {}
-
-  @Input()
-  set hasRole(value: string | string[]) {
-    this.requiredRoles = value;
-    this.updateView();
-  }
-
-  ngOnDestroy(): void {
-    this.unregister();
-  }
-
-  private unregister() {
-    this.sub?.unsubscribe();
-  }
-
-  private updateView(): void {
-    this.unregister();
-    if (this.requiredRoles || this.requiredRoles?.length) {
-      this.sub = this.authContext
-        .hasRequiredRole(this.requiredRoles)
-        .pipe(distinctUntilChanged())
-        .subscribe((hasRole) => {
-          if (hasRole) {
-            this.viewContainer.createEmbeddedView(this.templateRef);
-          } else {
-            this.viewContainer.clear();
-          }
-        });
-    }
-  }
-}

package/src/lib/directives/index.ts

@@ -1,2 +0,0 @@
-export * from './has-permission.directive';
-export * from './has-role.directive';

package/src/lib/guards/auth.guard.ts

@@ -1,55 +0,0 @@
-import { inject, Injectable } from '@angular/core';
-import {
-  ActivatedRouteSnapshot,
-  CanActivate,
-  CanActivateChild,
-  Router,
-  UrlTree,
-} from '@angular/router';
-import { map, Observable, of, switchMap } from 'rxjs';
-import { SecurityConfig } from '../models';
-import { hasRequiredPermission } from '../models/functions';
-import { SECURITY_CONFIG } from '../provider';
-import { AuthContextService } from '../services';
-
-@Injectable({
-  providedIn: 'root',
-})
-export class AuthGuard implements CanActivate, CanActivateChild {
-  private config = inject<SecurityConfig>(SECURITY_CONFIG);
-  private router = inject(Router);
-  private authContext = inject(AuthContextService);
-
-  canActivate(route: ActivatedRouteSnapshot): Observable<boolean | UrlTree> {
-    return this.checkPermissionsAndRolesAndNavigate(route, this.config.notAuthorizedPage);
-  }
-
-  canActivateChild(
-    childRoute: ActivatedRouteSnapshot
-  ): Observable<boolean | UrlTree> {
-    return this.checkPermissionsAndRolesAndNavigate(childRoute, this.config.notAuthorizedPage);
-  }
-
-  private checkPermissionsAndRolesAndNavigate(
-    route: ActivatedRouteSnapshot,
-    notAuthorizedUrl: string | undefined
-  ): Observable<boolean | UrlTree> {
-    const requiredPermissions = route.data['permissions'] as | string | string[] | undefined;
-    const requiredRoles = route.data['roles'] as string | string[] | undefined;
-
-    return this.authContext.user$.pipe(
-      map(
-        (user) => user &&
-          (!requiredPermissions ||
-            hasRequiredPermission(user, requiredPermissions)) &&
-          (!requiredRoles || hasRequiredPermission(user, requiredRoles))
-      ),
-      switchMap((hasPermission) => {
-        if (!hasPermission && notAuthorizedUrl) {
-          return of(this.router.parseUrl(notAuthorizedUrl));
-        }
-        return of(!!hasPermission);
-      })
-    );
-  }
-}

package/src/lib/guards/index.ts

@@ -1 +0,0 @@
-export * from './auth.guard';

package/src/lib/index.ts

@@ -1,6 +0,0 @@
-export * from './directives';
-export * from './guards';
-export * from './models';
-export * from './services';
-export * from './state';
-export * from './provider';

package/src/lib/models/authenticated-user.model.ts

@@ -1,8 +0,0 @@
-export interface AuthenticatedUser {
-    userId?: string;
-    userName: string;
-    email: string;
-    displayName?: string;
-    roles: string[] | undefined;
-    permissions: string[] | undefined;
-}

package/src/lib/models/config.model.ts

@@ -1,9 +0,0 @@
-
-export interface SecurityConfig {
-    tokenStorageKey: string;
-    contextTokenStorageKey?: string;
-    loginPage?: string;
-    logoutPage?: string;
-    notAuthorizedPage?: string;
-    sendTokenHeader?: boolean;
-}

package/src/lib/models/functions.spec.ts

@@ -1,159 +0,0 @@
-import { AuthenticatedUser } from './authenticated-user.model';
-import {
-  convertJWTToUser,
-  hasRequiredPermission,
-  hasRequiredRole,
-} from './functions';
-
-describe('Permissions Utils', () => {
-  let user: AuthenticatedUser;
-
-  beforeEach(() => {
-    user = {
-      userName: 'testUser',
-      email: 'test@email.cz',
-      displayName: 'Test User',
-      permissions: ['READ', 'WRITE', 'DELETE_USER'],
-      roles: ['ADMIN', 'USER'],
-    };
-  });
-
-  describe('hasRequiredPermission', () => {
-    it('should return false if user is undefined', () => {
-      expect(hasRequiredPermission(undefined, 'READ')).toBe(false);
-    });
-
-    it('should return false if user.permissions is undefined', () => {
-      const noPermissionsUser: AuthenticatedUser = {
-        ...user,
-        permissions: undefined,
-      };
-      expect(hasRequiredPermission(noPermissionsUser, 'READ')).toBe(false);
-    });
-
-    it('should return true for a single permission the user has', () => {
-      expect(hasRequiredPermission(user, 'READ')).toBe(true);
-    });
-
-    it('should return false for a single permission the user does not have', () => {
-      expect(hasRequiredPermission(user, 'UNKNOWN')).toBe(false);
-    });
-
-    it('should return true for comma-delimited permissions if user has ALL', () => {
-      expect(hasRequiredPermission(user, 'READ,WRITE')).toBe(true);
-    });
-
-    it('should return false for comma-delimited permissions if missing one', () => {
-      expect(hasRequiredPermission(user, 'READ,UPDATE_USER')).toBe(false);
-    });
-
-    it('should return true if user has ANY of the permissions in the array', () => {
-      expect(hasRequiredPermission(user, ['READ', 'UPDATE_USER'])).toBe(true);
-    });
-
-    it('should return false if user does not have ANY of the permissions in the array', () => {
-      expect(hasRequiredPermission(user, ['UPDATE_USER', 'CREATE_POST'])).toBe(
-        false
-      );
-    });
-  });
-
-  describe('hasRequiredRole', () => {
-    it('should return false if user is undefined', () => {
-      expect(hasRequiredRole(undefined, 'ADMIN')).toBe(false);
-    });
-
-    it('should return false if user.roles is undefined', () => {
-      const noRolesUser: AuthenticatedUser = { ...user, roles: undefined };
-      expect(hasRequiredRole(noRolesUser, 'ADMIN')).toBe(false);
-    });
-
-    it('should return true for a single role the user has', () => {
-      expect(hasRequiredRole(user, 'ADMIN')).toBe(true);
-    });
-
-    it('should return false for a single role the user does not have', () => {
-      expect(hasRequiredRole(user, 'MANAGER')).toBe(false);
-    });
-
-    it('should return true for comma-delimited roles if user has ALL', () => {
-      // user has 'ADMIN' and 'USER'
-      expect(hasRequiredRole(user, 'ADMIN,USER')).toBe(true);
-    });
-
-    it('should return false for comma-delimited roles if missing one', () => {
-      // user has 'ADMIN' and 'USER' but not 'MANAGER'
-      expect(hasRequiredRole(user, 'ADMIN,MANAGER')).toBe(false);
-    });
-
-    it('should return true if user has ANY of the roles in the array', () => {
-      expect(hasRequiredRole(user, ['USER', 'MANAGER'])).toBe(true);
-    });
-
-    it('should return false if user does not have ANY of the roles in the array', () => {
-      expect(hasRequiredRole(user, ['GUEST', 'MANAGER'])).toBe(false);
-    });
-  });
-
-  describe('convertJWTToUser', () => {
-    it('should return undefined if base64Token is undefined', () => {
-      expect(convertJWTToUser(undefined)).toBeUndefined();
-    });
-
-    it('should return undefined if base64Token is invalid', () => {
-      expect(convertJWTToUser('invalid.token')).toBeUndefined();
-    });
-
-    it('should return undefined if payload does not contain userName', () => {
-      const token =
-        btoa('header') + '.' + btoa(JSON.stringify({})) + '.signature';
-      expect(convertJWTToUser(token)).toBeUndefined();
-    });
-
-    it('should return a user object if payload contains userName', () => {
-      const payload = {
-        sub: 'testUser',
-        email: 'test@example.com',
-        name: 'Test User',
-        role: 'ADMIN',
-        permission: 'READ',
-      };
-      const token =
-        btoa('header') + '.' + btoa(JSON.stringify(payload)) + '.signature';
-      const user = convertJWTToUser(token);
-      expect(user).toEqual({
-        userName: 'testUser',
-        email: 'test@example.com',
-        displayName: 'Test User',
-        roles: ['ADMIN'],
-        permissions: ['READ'],
-      });
-    });
-
-    it('should return a user object if payload contains nameid', () => {
-      const payload = {
-        nameid: 'testUser',
-        email: 'test@example.com',
-        name: 'Test User',
-        role: 'ADMIN',
-        permission: 'READ',
-      };
-      const token =
-        btoa('header') + '.' + btoa(JSON.stringify(payload)) + '.signature';
-      const user = convertJWTToUser(token);
-      expect(user).toEqual({
-        userName: 'testUser',
-        email: 'test@example.com',
-        displayName: 'Test User',
-        roles: ['ADMIN'],
-        permissions: ['READ'],
-      });
-    });
-
-    it('should return undefined if an error occurs during parsing', () => {
-      const token =
-        btoa('header') + '.' + btoa('invalidPayload') + '.signature';
-      expect(convertJWTToUser(token)).toBeUndefined();
-    });
-  });
-});