@vnodes/auth 0.0.8 → 0.0.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth.controller.d.ts +2 -0
- package/dist/auth.controller.d.ts.map +1 -1
- package/dist/auth.controller.js +18 -2
- package/dist/auth.module.d.ts.map +1 -1
- package/dist/auth.module.js +3 -2
- package/dist/client/auth-client.module.d.ts +3 -0
- package/dist/client/auth-client.module.d.ts.map +1 -0
- package/dist/client/auth-client.module.js +21 -0
- package/dist/dto/can-activate-response-dto.d.ts +5 -0
- package/dist/dto/can-activate-response-dto.d.ts.map +1 -0
- package/dist/dto/can-activate-response-dto.js +12 -0
- package/dist/dto/can-activate.dto.d.ts +6 -0
- package/dist/dto/can-activate.dto.d.ts.map +1 -0
- package/dist/dto/can-activate.dto.js +17 -0
- package/dist/dto/forgot-password.dto.d.ts.map +1 -1
- package/dist/dto/forgot-password.dto.js +1 -1
- package/dist/dto/login-with-otp.dto.d.ts.map +1 -1
- package/dist/dto/login-with-otp.dto.js +2 -2
- package/dist/dto/login.dto.d.ts.map +1 -1
- package/dist/dto/login.dto.js +2 -2
- package/dist/guards/auth-client.guard.d.ts +14 -0
- package/dist/guards/auth-client.guard.d.ts.map +1 -0
- package/dist/guards/auth-client.guard.js +64 -0
- package/dist/guards/auth.guard.d.ts +2 -0
- package/dist/guards/auth.guard.d.ts.map +1 -1
- package/dist/guards/auth.guard.js +20 -14
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -0
- package/dist/providers/auth-client-options.provider.d.ts +5 -0
- package/dist/providers/auth-client-options.provider.d.ts.map +1 -0
- package/dist/providers/auth-client-options.provider.js +21 -0
- package/dist/services/auth-user.service.d.ts +6 -1
- package/dist/services/auth-user.service.d.ts.map +1 -1
- package/dist/services/auth-user.service.js +13 -2
- package/dist/services/auth.service.d.ts +4 -1
- package/dist/services/auth.service.d.ts.map +1 -1
- package/dist/services/auth.service.js +7 -0
- package/dist/types/auth-client-options.d.ts +6 -0
- package/dist/types/auth-client-options.d.ts.map +1 -0
- package/dist/types/auth-client-options.js +7 -0
- package/dist/types/user-manager.d.ts +10 -2
- package/dist/types/user-manager.d.ts.map +1 -1
- package/dist/types/user-manager.js +23 -6
- package/package.json +4 -4
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { CanActivateDto } from './dto/can-activate.dto.js';
|
|
1
2
|
import { ForgotPasswordDto } from './dto/forgot-password.dto.js';
|
|
2
3
|
import { LoginDto } from './dto/login.dto.js';
|
|
3
4
|
import { UpdatePasswordDto } from './dto/update-password.dto.js';
|
|
@@ -10,5 +11,6 @@ export declare class AuthController {
|
|
|
10
11
|
forgotPassword(body: ForgotPasswordDto): import("./index.js").MessageDto;
|
|
11
12
|
updatePassword(uuid: string, body: UpdatePasswordDto): Promise<import("./index.js").MessageDto>;
|
|
12
13
|
profile(uuid: string): import("./index.js").UserManager;
|
|
14
|
+
canActivate(username: string, body: CanActivateDto): Promise<import("./index.js").CanActivateResponseDto>;
|
|
13
15
|
}
|
|
14
16
|
//# sourceMappingURL=auth.controller.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.controller.d.ts","sourceRoot":"","sources":["../src/auth.controller.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"auth.controller.d.ts","sourceRoot":"","sources":["../src/auth.controller.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAEzD,qBAKa,cAAc;IACX,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW;gBAAxB,WAAW,EAAE,WAAW;IAIvD,KAAK,CAAS,IAAI,EAAE,QAAQ;IAK5B,MAAM,CAAgB,WAAW,EAAE,MAAM;IAMzC,cAAc,CAAS,IAAI,EAAE,iBAAiB;IAK9C,cAAc,CAAa,IAAI,EAAE,MAAM,EAAU,IAAI,EAAE,iBAAiB;IAKxE,OAAO,CAAa,IAAI,EAAE,MAAM;IAKhC,WAAW,CAAiB,QAAQ,EAAE,MAAM,EAAU,IAAI,EAAE,cAAc;CAG7E"}
|
package/dist/auth.controller.js
CHANGED
|
@@ -1,8 +1,10 @@
|
|
|
1
1
|
import { __decorate, __metadata, __param } from "tslib";
|
|
2
2
|
import { Body, Controller, Get, Post } from '@nestjs/common';
|
|
3
|
+
import { ApiBearerAuth } from '@nestjs/swagger';
|
|
3
4
|
import { Throttle } from '@nestjs/throttler';
|
|
4
|
-
import { Public } from '@vnodes/metadata';
|
|
5
|
-
import { AccessToken, UserUuid } from './context/context.js';
|
|
5
|
+
import { ByPassAutorization, Public, ResourceName } from '@vnodes/metadata';
|
|
6
|
+
import { AccessToken, UserUsername, UserUuid } from './context/context.js';
|
|
7
|
+
import { CanActivateDto } from './dto/can-activate.dto.js';
|
|
6
8
|
import { ForgotPasswordDto } from './dto/forgot-password.dto.js';
|
|
7
9
|
import { LoginDto } from './dto/login.dto.js';
|
|
8
10
|
import { UpdatePasswordDto } from './dto/update-password.dto.js';
|
|
@@ -27,6 +29,9 @@ let AuthController = class AuthController {
|
|
|
27
29
|
profile(uuid) {
|
|
28
30
|
return this.authService.profile(uuid);
|
|
29
31
|
}
|
|
32
|
+
canActivate(username, body) {
|
|
33
|
+
return this.authService.canActivate(username, body);
|
|
34
|
+
}
|
|
30
35
|
};
|
|
31
36
|
__decorate([
|
|
32
37
|
Public(),
|
|
@@ -66,8 +71,19 @@ __decorate([
|
|
|
66
71
|
__metadata("design:paramtypes", [String]),
|
|
67
72
|
__metadata("design:returntype", void 0)
|
|
68
73
|
], AuthController.prototype, "profile", null);
|
|
74
|
+
__decorate([
|
|
75
|
+
Post('can-activate'),
|
|
76
|
+
__param(0, UserUsername()),
|
|
77
|
+
__param(1, Body()),
|
|
78
|
+
__metadata("design:type", Function),
|
|
79
|
+
__metadata("design:paramtypes", [String, CanActivateDto]),
|
|
80
|
+
__metadata("design:returntype", void 0)
|
|
81
|
+
], AuthController.prototype, "canActivate", null);
|
|
69
82
|
AuthController = __decorate([
|
|
83
|
+
ByPassAutorization(),
|
|
70
84
|
Throttle({ default: { limit: 6, ttl: 30_000 } }),
|
|
85
|
+
ResourceName('Auth'),
|
|
86
|
+
ApiBearerAuth(),
|
|
71
87
|
Controller('auth'),
|
|
72
88
|
__metadata("design:paramtypes", [AuthService])
|
|
73
89
|
], AuthController);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.module.d.ts","sourceRoot":"","sources":["../src/auth.module.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"auth.module.d.ts","sourceRoot":"","sources":["../src/auth.module.ts"],"names":[],"mappings":"AAWA,qBAsBa,UAAU;CAAG"}
|
package/dist/auth.module.js
CHANGED
|
@@ -4,6 +4,7 @@ import { ConfigModule, ConfigService } from '@nestjs/config';
|
|
|
4
4
|
import { APP_GUARD } from '@nestjs/core';
|
|
5
5
|
import { EventEmitterModule } from '@nestjs/event-emitter';
|
|
6
6
|
import { JwtModule } from '@nestjs/jwt';
|
|
7
|
+
import { Env } from '@vnodes/metadata';
|
|
7
8
|
import { AuthController } from './auth.controller.js';
|
|
8
9
|
import { AuthGuard } from './guards/auth.guard.js';
|
|
9
10
|
import { AuthService } from './services/auth.service.js';
|
|
@@ -18,8 +19,8 @@ AuthModule = __decorate([
|
|
|
18
19
|
imports: [ConfigModule],
|
|
19
20
|
inject: [ConfigService],
|
|
20
21
|
useFactory(config) {
|
|
21
|
-
const secret = config.getOrThrow(
|
|
22
|
-
const expiresIn = config.getOrThrow(
|
|
22
|
+
const secret = config.getOrThrow(Env.JWT_SECRET);
|
|
23
|
+
const expiresIn = config.getOrThrow(Env.JWT_EXPIRES_IN);
|
|
23
24
|
return {
|
|
24
25
|
secret,
|
|
25
26
|
signOptions: {
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-client.module.d.ts","sourceRoot":"","sources":["../../src/client/auth-client.module.ts"],"names":[],"mappings":"AAMA,qBAUa,gBAAgB;CAAG"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { __decorate } from "tslib";
|
|
2
|
+
import { Module } from '@nestjs/common';
|
|
3
|
+
import { ConfigModule } from '@nestjs/config';
|
|
4
|
+
import { APP_GUARD } from '@nestjs/core';
|
|
5
|
+
import { AuthClientGuard } from '../guards/auth-client.guard.js';
|
|
6
|
+
import { provideAuthClientOptions } from '../providers/auth-client-options.provider.js';
|
|
7
|
+
let AuthClientModule = class AuthClientModule {
|
|
8
|
+
};
|
|
9
|
+
AuthClientModule = __decorate([
|
|
10
|
+
Module({
|
|
11
|
+
imports: [ConfigModule],
|
|
12
|
+
providers: [
|
|
13
|
+
provideAuthClientOptions(),
|
|
14
|
+
{
|
|
15
|
+
provide: APP_GUARD,
|
|
16
|
+
useClass: AuthClientGuard,
|
|
17
|
+
},
|
|
18
|
+
],
|
|
19
|
+
})
|
|
20
|
+
], AuthClientModule);
|
|
21
|
+
export { AuthClientModule };
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"can-activate-response-dto.d.ts","sourceRoot":"","sources":["../../src/dto/can-activate-response-dto.ts"],"names":[],"mappings":"AAEA,qBAAa,sBAAsB;IACvB,WAAW,EAAE,OAAO,CAAC;gBAEjB,IAAI,EAAE,sBAAsB;CAG3C"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { __decorate, __metadata } from "tslib";
|
|
2
|
+
import { Prop } from '@vnodes/property';
|
|
3
|
+
export class CanActivateResponseDto {
|
|
4
|
+
canActivate;
|
|
5
|
+
constructor(data) {
|
|
6
|
+
Object.assign(this, data);
|
|
7
|
+
}
|
|
8
|
+
}
|
|
9
|
+
__decorate([
|
|
10
|
+
Prop(),
|
|
11
|
+
__metadata("design:type", Boolean)
|
|
12
|
+
], CanActivateResponseDto.prototype, "canActivate", void 0);
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"can-activate.dto.d.ts","sourceRoot":"","sources":["../../src/dto/can-activate.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,cAAc;IACG,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;gBAC7C,IAAI,EAAE,cAAc;CAGnC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { __decorate, __metadata } from "tslib";
|
|
2
|
+
import { Prop } from '@vnodes/property';
|
|
3
|
+
export class CanActivateDto {
|
|
4
|
+
requiredRoles;
|
|
5
|
+
requiredPermissions;
|
|
6
|
+
constructor(data) {
|
|
7
|
+
Object.assign(this, data);
|
|
8
|
+
}
|
|
9
|
+
}
|
|
10
|
+
__decorate([
|
|
11
|
+
Prop({ type: [String] }),
|
|
12
|
+
__metadata("design:type", Array)
|
|
13
|
+
], CanActivateDto.prototype, "requiredRoles", void 0);
|
|
14
|
+
__decorate([
|
|
15
|
+
Prop({ type: [String] }),
|
|
16
|
+
__metadata("design:type", Array)
|
|
17
|
+
], CanActivateDto.prototype, "requiredPermissions", void 0);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"forgot-password.dto.d.ts","sourceRoot":"","sources":["../../src/dto/forgot-password.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,iBAAiB;
|
|
1
|
+
{"version":3,"file":"forgot-password.dto.d.ts","sourceRoot":"","sources":["../../src/dto/forgot-password.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,iBAAiB;IACA,QAAQ,EAAE,MAAM,CAAC;CAC9C"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login-with-otp.dto.d.ts","sourceRoot":"","sources":["../../src/dto/login-with-otp.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,eAAe;
|
|
1
|
+
{"version":3,"file":"login-with-otp.dto.d.ts","sourceRoot":"","sources":["../../src/dto/login-with-otp.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,eAAe;IACE,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;CACzC"}
|
|
@@ -5,10 +5,10 @@ export class LoginWithOtpDto {
|
|
|
5
5
|
otp;
|
|
6
6
|
}
|
|
7
7
|
__decorate([
|
|
8
|
-
Prop({ required: true
|
|
8
|
+
Prop({ required: true }),
|
|
9
9
|
__metadata("design:type", String)
|
|
10
10
|
], LoginWithOtpDto.prototype, "username", void 0);
|
|
11
11
|
__decorate([
|
|
12
|
-
Prop({ required: true
|
|
12
|
+
Prop({ required: true }),
|
|
13
13
|
__metadata("design:type", String)
|
|
14
14
|
], LoginWithOtpDto.prototype, "otp", void 0);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.dto.d.ts","sourceRoot":"","sources":["../../src/dto/login.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,QAAQ;
|
|
1
|
+
{"version":3,"file":"login.dto.d.ts","sourceRoot":"","sources":["../../src/dto/login.dto.ts"],"names":[],"mappings":"AAEA,qBAAa,QAAQ;IACS,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAC9C"}
|
package/dist/dto/login.dto.js
CHANGED
|
@@ -5,10 +5,10 @@ export class LoginDto {
|
|
|
5
5
|
password;
|
|
6
6
|
}
|
|
7
7
|
__decorate([
|
|
8
|
-
Prop({ required: true
|
|
8
|
+
Prop({ required: true }),
|
|
9
9
|
__metadata("design:type", String)
|
|
10
10
|
], LoginDto.prototype, "username", void 0);
|
|
11
11
|
__decorate([
|
|
12
|
-
Prop({ required: true
|
|
12
|
+
Prop({ required: true }),
|
|
13
13
|
__metadata("design:type", String)
|
|
14
14
|
], LoginDto.prototype, "password", void 0);
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import { ConfigService } from '@nestjs/config';
|
|
3
|
+
import { Reflector } from '@nestjs/core';
|
|
4
|
+
import { AuthClientOptions } from '../types/auth-client-options.js';
|
|
5
|
+
import { AuthRequest } from '../types/auth-request.js';
|
|
6
|
+
export declare class AuthClientGuard implements CanActivate {
|
|
7
|
+
protected readonly reflector: Reflector;
|
|
8
|
+
protected readonly config: ConfigService;
|
|
9
|
+
protected readonly serviceOptions: AuthClientOptions;
|
|
10
|
+
constructor(reflector: Reflector, config: ConfigService, serviceOptions: AuthClientOptions);
|
|
11
|
+
canActivate(context: ExecutionContext): Promise<boolean>;
|
|
12
|
+
extractToken(request: AuthRequest): string;
|
|
13
|
+
}
|
|
14
|
+
//# sourceMappingURL=auth-client.guard.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-client.guard.d.ts","sourceRoot":"","sources":["../../src/guards/auth-client.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAqC,MAAM,gBAAgB,CAAC;AAClG,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAIzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,qBACa,eAAgB,YAAW,WAAW;IAE3C,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,SAAS;IACvC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,aAAa;IACb,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,iBAAiB;gBAF5D,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,aAAa,EACM,cAAc,EAAE,iBAAiB;IAG7E,WAAW,CAAC,OAAO,EAAE,gBAAgB;IAwC3C,YAAY,CAAC,OAAO,EAAE,WAAW;CAYpC"}
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
import { __decorate, __metadata, __param } from "tslib";
|
|
2
|
+
import { Injectable, UnauthorizedException } from '@nestjs/common';
|
|
3
|
+
import { ConfigService } from '@nestjs/config';
|
|
4
|
+
import { Reflector } from '@nestjs/core';
|
|
5
|
+
import { getOperationName, getPermissions, getRoles, isPublic } from '@vnodes/metadata';
|
|
6
|
+
import { CanActivateDto } from '../dto/can-activate.dto.js';
|
|
7
|
+
import { InjectAutoClientOptions } from '../providers/auth-client-options.provider.js';
|
|
8
|
+
import { AuthClientOptions } from '../types/auth-client-options.js';
|
|
9
|
+
let AuthClientGuard = class AuthClientGuard {
|
|
10
|
+
reflector;
|
|
11
|
+
config;
|
|
12
|
+
serviceOptions;
|
|
13
|
+
constructor(reflector, config, serviceOptions) {
|
|
14
|
+
this.reflector = reflector;
|
|
15
|
+
this.config = config;
|
|
16
|
+
this.serviceOptions = serviceOptions;
|
|
17
|
+
}
|
|
18
|
+
async canActivate(context) {
|
|
19
|
+
const req = context.switchToHttp().getRequest();
|
|
20
|
+
if (isPublic(this.reflector, context)) {
|
|
21
|
+
return true;
|
|
22
|
+
}
|
|
23
|
+
const headers = new Headers();
|
|
24
|
+
const resourceName = getOperationName(this.reflector, context);
|
|
25
|
+
const operationName = getOperationName(this.reflector, context);
|
|
26
|
+
const permit = `${this.serviceOptions.appId}.${resourceName}.${operationName}`;
|
|
27
|
+
const customPermissions = getPermissions(this.reflector, context) ?? [];
|
|
28
|
+
const customRoles = getRoles(this.reflector, context) ?? [];
|
|
29
|
+
const token = this.extractToken(req);
|
|
30
|
+
headers.set('authorization', token);
|
|
31
|
+
const policy = new CanActivateDto({
|
|
32
|
+
requiredRoles: [...customRoles],
|
|
33
|
+
requiredPermissions: [permit, ...customPermissions],
|
|
34
|
+
});
|
|
35
|
+
const bodyAsString = JSON.stringify(policy);
|
|
36
|
+
const res = await fetch(this.serviceOptions.authServiceUrl, {
|
|
37
|
+
method: 'POST',
|
|
38
|
+
headers,
|
|
39
|
+
body: bodyAsString,
|
|
40
|
+
});
|
|
41
|
+
if (res.status > 200 && res.status < 300) {
|
|
42
|
+
return true;
|
|
43
|
+
}
|
|
44
|
+
return false;
|
|
45
|
+
}
|
|
46
|
+
extractToken(request) {
|
|
47
|
+
const rawToken = request.headers.authorization;
|
|
48
|
+
if (!rawToken) {
|
|
49
|
+
throw new UnauthorizedException('No token');
|
|
50
|
+
}
|
|
51
|
+
const [type, token] = rawToken.split(' ');
|
|
52
|
+
if (type === 'Bearer' && token)
|
|
53
|
+
return token;
|
|
54
|
+
throw new UnauthorizedException('Invalid token ');
|
|
55
|
+
}
|
|
56
|
+
};
|
|
57
|
+
AuthClientGuard = __decorate([
|
|
58
|
+
Injectable(),
|
|
59
|
+
__param(2, InjectAutoClientOptions()),
|
|
60
|
+
__metadata("design:paramtypes", [Reflector,
|
|
61
|
+
ConfigService,
|
|
62
|
+
AuthClientOptions])
|
|
63
|
+
], AuthClientGuard);
|
|
64
|
+
export { AuthClientGuard };
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
2
|
import { ConfigService } from '@nestjs/config';
|
|
3
3
|
import { Reflector } from '@nestjs/core';
|
|
4
|
+
import { UserManager } from 'src/types/user-manager.js';
|
|
4
5
|
import { AuthUserService } from '../services/auth-user.service.js';
|
|
5
6
|
import { AuthRequest } from '../types/auth-request.js';
|
|
6
7
|
export declare class AuthGuard implements CanActivate {
|
|
@@ -9,6 +10,7 @@ export declare class AuthGuard implements CanActivate {
|
|
|
9
10
|
protected readonly authUserService: AuthUserService;
|
|
10
11
|
constructor(config: ConfigService, reflector: Reflector, authUserService: AuthUserService);
|
|
11
12
|
canActivate(context: ExecutionContext): Promise<boolean>;
|
|
13
|
+
protected isAutorized(context: ExecutionContext, user: UserManager): boolean;
|
|
12
14
|
extractToken(request: AuthRequest): string;
|
|
13
15
|
}
|
|
14
16
|
//# sourceMappingURL=auth.guard.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.guard.d.ts","sourceRoot":"","sources":["../../src/guards/auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAqC,MAAM,gBAAgB,CAAC;AAClG,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"auth.guard.d.ts","sourceRoot":"","sources":["../../src/guards/auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAqC,MAAM,gBAAgB,CAAC;AAClG,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AASzC,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,qBACa,SAAU,YAAW,WAAW;IAErC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,aAAa;IACxC,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,SAAS;IACvC,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,eAAe;gBAFhC,MAAM,EAAE,aAAa,EACrB,SAAS,EAAE,SAAS,EACpB,eAAe,EAAE,eAAe;IAGjD,WAAW,CAAC,OAAO,EAAE,gBAAgB;IAgB3C,SAAS,CAAC,WAAW,CAAC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW;IAgClE,YAAY,CAAC,OAAO,EAAE,WAAW;CAYpC"}
|
|
@@ -2,7 +2,7 @@ import { __decorate, __metadata } from "tslib";
|
|
|
2
2
|
import { Injectable, UnauthorizedException } from '@nestjs/common';
|
|
3
3
|
import { ConfigService } from '@nestjs/config';
|
|
4
4
|
import { Reflector } from '@nestjs/core';
|
|
5
|
-
import { getOperationName, getPermissions, getResourceName, getRoles, isPublic } from '@vnodes/metadata';
|
|
5
|
+
import { getOperationName, getPermissions, getResourceName, getRoles, isByPassAuthorization, isPublic, } from '@vnodes/metadata';
|
|
6
6
|
import { AuthUserService } from '../services/auth-user.service.js';
|
|
7
7
|
let AuthGuard = class AuthGuard {
|
|
8
8
|
config;
|
|
@@ -17,30 +17,36 @@ let AuthGuard = class AuthGuard {
|
|
|
17
17
|
if (isPublic(this.reflector, context)) {
|
|
18
18
|
return true;
|
|
19
19
|
}
|
|
20
|
-
const
|
|
20
|
+
const req = context.switchToHttp().getRequest();
|
|
21
|
+
const token = this.extractToken(req);
|
|
22
|
+
const user = await this.authUserService.findByToken(token);
|
|
23
|
+
req.user = user.user;
|
|
24
|
+
if (isByPassAuthorization(this.reflector, context)) {
|
|
25
|
+
return true;
|
|
26
|
+
}
|
|
27
|
+
return this.isAutorized(context, user);
|
|
28
|
+
}
|
|
29
|
+
isAutorized(context, user) {
|
|
30
|
+
const appId = this.config.getOrThrow('APP_ID');
|
|
21
31
|
const resourceName = getResourceName(this.reflector, context);
|
|
22
32
|
const operationName = getOperationName(this.reflector, context);
|
|
23
|
-
const
|
|
24
|
-
const
|
|
25
|
-
const
|
|
26
|
-
const authRequest = context.switchToHttp().getRequest();
|
|
27
|
-
const token = this.extractToken(authRequest);
|
|
28
|
-
const user = await this.authUserService.findByToken(token);
|
|
29
|
-
authRequest.user = user.user;
|
|
33
|
+
const customPermits = getPermissions(this.reflector, context);
|
|
34
|
+
const customRoles = getRoles(this.reflector, context);
|
|
35
|
+
const permit = `${appId}.${resourceName}.${operationName}`;
|
|
30
36
|
if (user.isAdmin()) {
|
|
31
37
|
return true;
|
|
32
38
|
}
|
|
33
|
-
if (
|
|
34
|
-
if (!user.
|
|
39
|
+
if (customPermits && customPermits.length > 0) {
|
|
40
|
+
if (!user.hasAllPermissions(customPermits)) {
|
|
35
41
|
return false;
|
|
36
42
|
}
|
|
37
43
|
}
|
|
38
|
-
if (
|
|
39
|
-
if (!user.
|
|
44
|
+
if (customRoles && customRoles.length > 0) {
|
|
45
|
+
if (!user.hasSomeRoles(customRoles)) {
|
|
40
46
|
return false;
|
|
41
47
|
}
|
|
42
48
|
}
|
|
43
|
-
if (!user.
|
|
49
|
+
if (!user.hasAllPermissions([permit])) {
|
|
44
50
|
return false;
|
|
45
51
|
}
|
|
46
52
|
return true;
|
package/dist/index.d.ts
CHANGED
|
@@ -1,7 +1,10 @@
|
|
|
1
1
|
export * from './auth.controller.js';
|
|
2
2
|
export * from './auth.module.js';
|
|
3
|
+
export * from './client/auth-client.module.js';
|
|
3
4
|
export * from './context/context.js';
|
|
4
5
|
export * from './dto/access-token.dto.js';
|
|
6
|
+
export * from './dto/can-activate.dto.js';
|
|
7
|
+
export * from './dto/can-activate-response-dto.js';
|
|
5
8
|
export * from './dto/email-otp-event.dto.js';
|
|
6
9
|
export * from './dto/forgot-password.dto.js';
|
|
7
10
|
export * from './dto/login.dto.js';
|
|
@@ -11,9 +14,12 @@ export * from './dto/otp-response-dto.js';
|
|
|
11
14
|
export * from './dto/update-password.dto.js';
|
|
12
15
|
export * from './dto/update-password-event.dto.js';
|
|
13
16
|
export * from './guards/auth.guard.js';
|
|
17
|
+
export * from './guards/auth-client.guard.js';
|
|
18
|
+
export * from './providers/auth-client-options.provider.js';
|
|
14
19
|
export * from './services/auth.service.js';
|
|
15
20
|
export * from './services/auth-listener.service.js';
|
|
16
21
|
export * from './services/auth-user.service.js';
|
|
22
|
+
export * from './types/auth-client-options.js';
|
|
17
23
|
export * from './types/auth-request.js';
|
|
18
24
|
export * from './types/jwt-payload.js';
|
|
19
25
|
export * from './types/user.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,sBAAsB,CAAC;AACrC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,oBAAoB,CAAC;AACnC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,sBAAsB,CAAC;AACrC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,oCAAoC,CAAC;AACnD,cAAc,wBAAwB,CAAC;AACvC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qCAAqC,CAAC;AACpD,cAAc,iCAAiC,CAAC;AAChD,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,sBAAsB,CAAC;AACrC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,oCAAoC,CAAC;AACnD,cAAc,8BAA8B,CAAC;AAC7C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,oBAAoB,CAAC;AACnC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,sBAAsB,CAAC;AACrC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,oCAAoC,CAAC;AACnD,cAAc,wBAAwB,CAAC;AACvC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6CAA6C,CAAC;AAC5D,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qCAAqC,CAAC;AACpD,cAAc,iCAAiC,CAAC;AAChD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
// @index(['./**/*.ts', '!./**/*.spec.ts', '!./**/{main,serve,index}.ts', '!./**/prisma', '!./**/generated'], f => `export * from '${f.path}.js'`)
|
|
2
2
|
export * from './auth.controller.js';
|
|
3
3
|
export * from './auth.module.js';
|
|
4
|
+
export * from './client/auth-client.module.js';
|
|
4
5
|
export * from './context/context.js';
|
|
5
6
|
export * from './dto/access-token.dto.js';
|
|
7
|
+
export * from './dto/can-activate.dto.js';
|
|
8
|
+
export * from './dto/can-activate-response-dto.js';
|
|
6
9
|
export * from './dto/email-otp-event.dto.js';
|
|
7
10
|
export * from './dto/forgot-password.dto.js';
|
|
8
11
|
export * from './dto/login.dto.js';
|
|
@@ -12,9 +15,12 @@ export * from './dto/otp-response-dto.js';
|
|
|
12
15
|
export * from './dto/update-password.dto.js';
|
|
13
16
|
export * from './dto/update-password-event.dto.js';
|
|
14
17
|
export * from './guards/auth.guard.js';
|
|
18
|
+
export * from './guards/auth-client.guard.js';
|
|
19
|
+
export * from './providers/auth-client-options.provider.js';
|
|
15
20
|
export * from './services/auth.service.js';
|
|
16
21
|
export * from './services/auth-listener.service.js';
|
|
17
22
|
export * from './services/auth-user.service.js';
|
|
23
|
+
export * from './types/auth-client-options.js';
|
|
18
24
|
export * from './types/auth-request.js';
|
|
19
25
|
export * from './types/jwt-payload.js';
|
|
20
26
|
export * from './types/user.js';
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import { Provider } from '@nestjs/common';
|
|
2
|
+
export declare function getAuthClientOptionsToken(): string;
|
|
3
|
+
export declare function provideAuthClientOptions(): Provider;
|
|
4
|
+
export declare const InjectAutoClientOptions: () => PropertyDecorator & ParameterDecorator;
|
|
5
|
+
//# sourceMappingURL=auth-client-options.provider.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-client-options.provider.d.ts","sourceRoot":"","sources":["../../src/providers/auth-client-options.provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAKlD,wBAAgB,yBAAyB,WAExC;AAED,wBAAgB,wBAAwB,IAAI,QAAQ,CAanD;AAED,eAAO,MAAM,uBAAuB,8CAA4C,CAAC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { Inject } from '@nestjs/common';
|
|
2
|
+
import { ConfigService } from '@nestjs/config';
|
|
3
|
+
import { Env } from '@vnodes/metadata';
|
|
4
|
+
export function getAuthClientOptionsToken() {
|
|
5
|
+
return 'AUTH_CLIENT_OPTIONS_TOKEN';
|
|
6
|
+
}
|
|
7
|
+
export function provideAuthClientOptions() {
|
|
8
|
+
return {
|
|
9
|
+
inject: [ConfigService],
|
|
10
|
+
provide: getAuthClientOptionsToken(),
|
|
11
|
+
useFactory(config) {
|
|
12
|
+
const appId = config.getOrThrow(Env.APP_ID);
|
|
13
|
+
const authHost = config.getOrThrow(Env.AUTH_SERVICE_URL);
|
|
14
|
+
return {
|
|
15
|
+
appId,
|
|
16
|
+
authServiceUrl: `${authHost}/api/auth/can-activate`,
|
|
17
|
+
};
|
|
18
|
+
},
|
|
19
|
+
};
|
|
20
|
+
}
|
|
21
|
+
export const InjectAutoClientOptions = () => Inject(getAuthClientOptionsToken());
|
|
@@ -12,7 +12,12 @@ export declare class AuthUserService {
|
|
|
12
12
|
deleteByUsername(username: string): void;
|
|
13
13
|
load(users: User[]): void;
|
|
14
14
|
findByUsername(username: string): UserManager;
|
|
15
|
-
|
|
15
|
+
/**
|
|
16
|
+
* Find user by token and username or throw not found exception
|
|
17
|
+
* @param token
|
|
18
|
+
* @returns
|
|
19
|
+
*/
|
|
20
|
+
findByToken(token: string): Promise<UserManager>;
|
|
16
21
|
findByUuid(uuid: string): UserManager;
|
|
17
22
|
deleteToken(token: string): boolean;
|
|
18
23
|
updateToken(token: string, username: string): void;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-user.service.d.ts","sourceRoot":"","sources":["../../src/services/auth-user.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"auth-user.service.d.ts","sourceRoot":"","sources":["../../src/services/auth-user.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,qBACa,eAAe;IAMZ,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE,UAAU;IAL9C,SAAS,CAAC,QAAQ,CAAC,WAAW,oBAA2B;IACzD,SAAS,CAAC,QAAQ,CAAC,eAAe,sBAA6B;IAC/D,SAAS,CAAC,QAAQ,CAAC,gBAAgB,sBAA6B;IAChE,SAAS,CAAC,QAAQ,CAAC,cAAc,sBAA6B;gBAE/B,GAAG,EAAE,UAAU;IAE9C,MAAM,CAAC,IAAI,EAAE,IAAI;IAIjB,gBAAgB,CAAC,QAAQ,EAAE,MAAM;IAIjC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE;IAQlB,cAAc,CAAC,QAAQ,EAAE,MAAM;IAQ/B;;;;OAIG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM;IAa/B,UAAU,CAAC,IAAI,EAAE,MAAM;IAQvB,WAAW,CAAC,KAAK,EAAE,MAAM;IAOzB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;IAI3C,SAAS,CAAC,QAAQ,EAAE,MAAM;IAM1B,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM;IAYxC,SAAS,CAAC,QAAQ,EAAE,MAAM;CAG7B"}
|
|
@@ -32,12 +32,23 @@ let AuthUserService = class AuthUserService {
|
|
|
32
32
|
}
|
|
33
33
|
throw new NotFoundException(`The user ${username} not found`);
|
|
34
34
|
}
|
|
35
|
-
|
|
35
|
+
/**
|
|
36
|
+
* Find user by token and username or throw not found exception
|
|
37
|
+
* @param token
|
|
38
|
+
* @returns
|
|
39
|
+
*/
|
|
40
|
+
async findByToken(token) {
|
|
36
41
|
const username = this.tokenUsernameMap.get(token);
|
|
37
42
|
if (username) {
|
|
38
43
|
return this.findByUsername(username);
|
|
39
44
|
}
|
|
40
|
-
|
|
45
|
+
else {
|
|
46
|
+
const paylaod = await this.jwt.verifyAsync(token);
|
|
47
|
+
const userManager = this.findByUsername(paylaod.username);
|
|
48
|
+
userManager.verifyVersion(paylaod.version);
|
|
49
|
+
this.tokenUsernameMap.set(token, paylaod.username);
|
|
50
|
+
return this.findByUsername(paylaod.username);
|
|
51
|
+
}
|
|
41
52
|
}
|
|
42
53
|
findByUuid(uuid) {
|
|
43
54
|
const username = this.uuidUsernameMap.get(uuid);
|
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
import { EventEmitter2 } from '@nestjs/event-emitter';
|
|
2
|
-
import { UpdatePasswordDto } from 'src/dto/update-password.dto.js';
|
|
3
2
|
import { AccessTokenDto } from '../dto/access-token.dto.js';
|
|
3
|
+
import { CanActivateDto } from '../dto/can-activate.dto.js';
|
|
4
|
+
import { CanActivateResponseDto } from '../dto/can-activate-response-dto.js';
|
|
4
5
|
import { ForgotPasswordDto } from '../dto/forgot-password.dto.js';
|
|
5
6
|
import { LoginDto } from '../dto/login.dto.js';
|
|
6
7
|
import { LoginWithOtpDto } from '../dto/login-with-otp.dto.js';
|
|
7
8
|
import { MessageDto } from '../dto/message.dto.js';
|
|
9
|
+
import { UpdatePasswordDto } from '../dto/update-password.dto.js';
|
|
8
10
|
import { AuthUserService } from './auth-user.service.js';
|
|
9
11
|
export declare class AuthService {
|
|
10
12
|
protected readonly authUserService: AuthUserService;
|
|
@@ -41,5 +43,6 @@ export declare class AuthService {
|
|
|
41
43
|
*/
|
|
42
44
|
updatePassword(uuid: string, body: UpdatePasswordDto): Promise<MessageDto>;
|
|
43
45
|
profile(uuid: string): import("../index.js").UserManager;
|
|
46
|
+
canActivate(username: string, body: CanActivateDto): Promise<CanActivateResponseDto>;
|
|
44
47
|
}
|
|
45
48
|
//# sourceMappingURL=auth.service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/services/auth.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/services/auth.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,qBACa,WAAW;IAEhB,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,eAAe;IACnD,SAAS,CAAC,QAAQ,CAAC,YAAY,EAAE,aAAa;gBAD3B,eAAe,EAAE,eAAe,EAChC,YAAY,EAAE,aAAa;IAGlD;;;;OAIG;IACG,KAAK,CAAC,IAAI,EAAE,QAAQ;IAQ1B;;;;OAIG;IACG,YAAY,CAAC,IAAI,EAAE,eAAe;IAQxC;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM;IAKpB;;;;OAIG;IACH,cAAc,CAAC,IAAI,EAAE,iBAAiB;IAMtC;;;;OAIG;IACG,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB;IAK1D,OAAO,CAAC,IAAI,EAAE,MAAM;IAId,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc;CAO3D"}
|
|
@@ -3,6 +3,7 @@ import { Injectable } from '@nestjs/common';
|
|
|
3
3
|
import { EventEmitter2 } from '@nestjs/event-emitter';
|
|
4
4
|
import { hash } from '@vnodes/crypto';
|
|
5
5
|
import { AccessTokenDto } from '../dto/access-token.dto.js';
|
|
6
|
+
import { CanActivateResponseDto } from '../dto/can-activate-response-dto.js';
|
|
6
7
|
import { MessageDto } from '../dto/message.dto.js';
|
|
7
8
|
import { OtpResponseDto } from '../dto/otp-response-dto.js';
|
|
8
9
|
import { AuthUserService } from './auth-user.service.js';
|
|
@@ -68,6 +69,12 @@ let AuthService = class AuthService {
|
|
|
68
69
|
profile(uuid) {
|
|
69
70
|
return this.authUserService.findByUuid(uuid);
|
|
70
71
|
}
|
|
72
|
+
async canActivate(username, body) {
|
|
73
|
+
const found = this.authUserService.findByUsername(username);
|
|
74
|
+
return new CanActivateResponseDto({
|
|
75
|
+
canActivate: !!found.canActivate(body),
|
|
76
|
+
});
|
|
77
|
+
}
|
|
71
78
|
};
|
|
72
79
|
AuthService = __decorate([
|
|
73
80
|
Injectable(),
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-client-options.d.ts","sourceRoot":"","sources":["../../src/types/auth-client-options.ts"],"names":[],"mappings":"AAAA,qBAAa,iBAAiB;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;gBAEX,IAAI,EAAE,iBAAiB;CAGtC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { JwtService } from '@nestjs/jwt';
|
|
2
|
+
import { CanActivateDto } from 'src/dto/can-activate.dto.js';
|
|
2
3
|
import { JwtPayload } from './jwt-payload.js';
|
|
3
4
|
import { User } from './user.js';
|
|
4
5
|
export declare class UserManager {
|
|
@@ -28,11 +29,12 @@ export declare class UserManager {
|
|
|
28
29
|
/**
|
|
29
30
|
* Check the user has all {@link requiredPermissions} or throw {@link ForbiddenException}
|
|
30
31
|
*/
|
|
31
|
-
|
|
32
|
+
hasAllPermissions(requiredPermissions: string[]): boolean;
|
|
32
33
|
/**
|
|
33
34
|
* Check the user has one of the {@link requiredRoles} or throw {@link ForbiddenException}
|
|
34
35
|
*/
|
|
35
|
-
|
|
36
|
+
hasSomeRoles(requiredRoles: string[]): boolean;
|
|
37
|
+
canActivate(body: CanActivateDto): boolean | undefined;
|
|
36
38
|
/**
|
|
37
39
|
* Create the jwt payload object {@link JwtPayload}
|
|
38
40
|
* @returns -- {@link JwtPayload}
|
|
@@ -55,5 +57,11 @@ export declare class UserManager {
|
|
|
55
57
|
* @returns string or throw {@link UnauthorizedException} that indicated invalid or old versioned token
|
|
56
58
|
*/
|
|
57
59
|
verifyToken(token: string): Promise<JwtPayload>;
|
|
60
|
+
/**
|
|
61
|
+
* Check the jwt version matches with the provided token's version or thow Invalid Jwt version error
|
|
62
|
+
* @param version
|
|
63
|
+
* @returns
|
|
64
|
+
*/
|
|
65
|
+
verifyVersion(version: string): boolean;
|
|
58
66
|
}
|
|
59
67
|
//# sourceMappingURL=user-manager.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-manager.d.ts","sourceRoot":"","sources":["../../src/types/user-manager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,qBAAa,WAAW;IAEhB,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI;IACjC,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE,UAAU;gBADf,QAAQ,EAAE,IAAI,EACd,GAAG,EAAE,UAAU;IAGtC;;OAEG;IACH,IAAI,IAAI,IAAI,IAAI,CAEf;IAED;;OAEG;IACH,IAAI,WAAW,gBAEd;IAED;;OAEG;IACH,IAAI,KAAK,gBAER;IAED;;OAEG;IACH,IAAI,OAAO,WAEV;IAED;;OAEG;IACH,OAAO;IAIP;;OAEG;IACH,
|
|
1
|
+
{"version":3,"file":"user-manager.d.ts","sourceRoot":"","sources":["../../src/types/user-manager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,qBAAa,WAAW;IAEhB,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI;IACjC,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE,UAAU;gBADf,QAAQ,EAAE,IAAI,EACd,GAAG,EAAE,UAAU;IAGtC;;OAEG;IACH,IAAI,IAAI,IAAI,IAAI,CAEf;IAED;;OAEG;IACH,IAAI,WAAW,gBAEd;IAED;;OAEG;IACH,IAAI,KAAK,gBAER;IAED;;OAEG;IACH,IAAI,OAAO,WAEV;IAED;;OAEG;IACH,OAAO;IAIP;;OAEG;IACH,iBAAiB,CAAC,mBAAmB,EAAE,MAAM,EAAE;IAO/C;;OAEG;IACH,YAAY,CAAC,aAAa,EAAE,MAAM,EAAE;IAOpC,WAAW,CAAC,IAAI,EAAE,cAAc;IAYhC;;;OAGG;IACH,YAAY,IAAI,UAAU;IAQ1B;;;;OAIG;IACG,eAAe,CAAC,QAAQ,EAAE,MAAM;IAOtC;;;OAGG;IACG,SAAS;IAKf;;;;OAIG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM;IAM/B;;;;OAIG;IACH,aAAa,CAAC,OAAO,EAAE,MAAM;CAMhC"}
|
|
@@ -36,12 +36,12 @@ export class UserManager {
|
|
|
36
36
|
* Check the user has the "admin" role
|
|
37
37
|
*/
|
|
38
38
|
isAdmin() {
|
|
39
|
-
return this.roles.has('
|
|
39
|
+
return this.roles.has('Admin');
|
|
40
40
|
}
|
|
41
41
|
/**
|
|
42
42
|
* Check the user has all {@link requiredPermissions} or throw {@link ForbiddenException}
|
|
43
43
|
*/
|
|
44
|
-
|
|
44
|
+
hasAllPermissions(requiredPermissions) {
|
|
45
45
|
if (requiredPermissions.every((permission) => this.permisisons.has(permission))) {
|
|
46
46
|
return true;
|
|
47
47
|
}
|
|
@@ -50,12 +50,20 @@ export class UserManager {
|
|
|
50
50
|
/**
|
|
51
51
|
* Check the user has one of the {@link requiredRoles} or throw {@link ForbiddenException}
|
|
52
52
|
*/
|
|
53
|
-
|
|
53
|
+
hasSomeRoles(requiredRoles) {
|
|
54
54
|
if (requiredRoles.some((role) => this.roles.has(role))) {
|
|
55
55
|
return true;
|
|
56
56
|
}
|
|
57
57
|
throw new ForbiddenException('Insufficient role');
|
|
58
58
|
}
|
|
59
|
+
canActivate(body) {
|
|
60
|
+
const { requiredPermissions, requiredRoles } = body;
|
|
61
|
+
if (this.isAdmin()) {
|
|
62
|
+
return true;
|
|
63
|
+
}
|
|
64
|
+
return ((requiredRoles && this.hasSomeRoles(requiredRoles)) ||
|
|
65
|
+
(requiredPermissions && this.hasAllPermissions(requiredPermissions)));
|
|
66
|
+
}
|
|
59
67
|
/**
|
|
60
68
|
* Create the jwt payload object {@link JwtPayload}
|
|
61
69
|
* @returns -- {@link JwtPayload}
|
|
@@ -93,9 +101,18 @@ export class UserManager {
|
|
|
93
101
|
*/
|
|
94
102
|
async verifyToken(token) {
|
|
95
103
|
const jwtPayload = await this.jwt.verifyAsync(token);
|
|
96
|
-
|
|
97
|
-
|
|
104
|
+
this.verifyVersion(jwtPayload.version);
|
|
105
|
+
return jwtPayload;
|
|
106
|
+
}
|
|
107
|
+
/**
|
|
108
|
+
* Check the jwt version matches with the provided token's version or thow Invalid Jwt version error
|
|
109
|
+
* @param version
|
|
110
|
+
* @returns
|
|
111
|
+
*/
|
|
112
|
+
verifyVersion(version) {
|
|
113
|
+
if (this.version !== version) {
|
|
114
|
+
throw new UnauthorizedException(`Invalid jwt version`);
|
|
98
115
|
}
|
|
99
|
-
|
|
116
|
+
return true;
|
|
100
117
|
}
|
|
101
118
|
}
|
package/package.json
CHANGED
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
"url": "https://cash.app/$puqlib"
|
|
20
20
|
}
|
|
21
21
|
],
|
|
22
|
-
"version": "0.0.
|
|
22
|
+
"version": "0.0.11",
|
|
23
23
|
"type": "module",
|
|
24
24
|
"main": "./dist/index.js",
|
|
25
25
|
"module": "./dist/index.js",
|
|
@@ -61,8 +61,8 @@
|
|
|
61
61
|
"@nestjs/jwt": "^11.0.2",
|
|
62
62
|
"@nestjs/swagger": "^11.2.6",
|
|
63
63
|
"@nestjs/throttler": "^6.5.0",
|
|
64
|
-
"@vnodes/crypto": "0.0.
|
|
65
|
-
"@vnodes/metadata": "0.0.
|
|
66
|
-
"@vnodes/property": "0.0.
|
|
64
|
+
"@vnodes/crypto": "0.0.11",
|
|
65
|
+
"@vnodes/metadata": "0.0.11",
|
|
66
|
+
"@vnodes/property": "0.0.11"
|
|
67
67
|
}
|
|
68
68
|
}
|