@volontariapp/auth 1.0.0 → 2.0.0-next.20260407092728

package/dist/auth.module.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.module.d.ts","sourceRoot":"","sources":["../src/auth.module.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAIpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAGxD,qBAEa,UAAU;IACrB,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,UAAU,GAAG,aAAa;CAcpD"}
+{"version":3,"file":"auth.module.d.ts","sourceRoot":"","sources":["../src/auth.module.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAIpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAGxD,qBAEa,UAAU;IACrB,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,UAAU,GAAG,aAAa;CAkBpD"}

package/dist/auth.module.js

@@ -18,7 +18,11 @@ let AuthModule = AuthModule_1 = class AuthModule {
                     provide: AUTH_OPTIONS,
                     useValue: options,
                 },
-                JwtService,
+                {
+                    provide: JwtService,
+                    useFactory: (opts) => new JwtService(opts),
+                    inject: [AUTH_OPTIONS],
+                },
                 GrpcMetadataHelper,
             ],
             exports: [JwtService, GrpcMetadataHelper],

package/dist/auth.module.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.module.js","sourceRoot":"","sources":["../src/auth.module.ts"],"names":[],"mappings":";;;;;;;AACA,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AAIjE,IAAM,UAAU,kBAAhB,MAAM,UAAU;IACrB,MAAM,CAAC,QAAQ,CAAC,OAAmB;QACjC,OAAO;YACL,MAAM,EAAE,YAAU;YAClB,SAAS,EAAE;gBACT;oBACE,OAAO,EAAE,YAAY;oBACrB,QAAQ,EAAE,OAAO;iBAClB;gBACD,UAAU;gBACV,kBAAkB;aACnB;YACD,OAAO,EAAE,CAAC,UAAU,EAAE,kBAAkB,CAAC;SAC1C,CAAC;IACJ,CAAC;CACF,CAAA;AAfY,UAAU;IAFtB,MAAM,EAAE;IACR,MAAM,CAAC,EAAE,CAAC;GACE,UAAU,CAetB"}
+{"version":3,"file":"auth.module.js","sourceRoot":"","sources":["../src/auth.module.ts"],"names":[],"mappings":";;;;;;;AACA,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AAIjE,IAAM,UAAU,kBAAhB,MAAM,UAAU;IACrB,MAAM,CAAC,QAAQ,CAAC,OAAmB;QACjC,OAAO;YACL,MAAM,EAAE,YAAU;YAClB,SAAS,EAAE;gBACT;oBACE,OAAO,EAAE,YAAY;oBACrB,QAAQ,EAAE,OAAO;iBAClB;gBACD;oBACE,OAAO,EAAE,UAAU;oBACnB,UAAU,EAAE,CAAC,IAAgB,EAAE,EAAE,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;oBACtD,MAAM,EAAE,CAAC,YAAY,CAAC;iBACvB;gBACD,kBAAkB;aACnB;YACD,OAAO,EAAE,CAAC,UAAU,EAAE,kBAAkB,CAAC;SAC1C,CAAC;IACJ,CAAC;CACF,CAAA;AAnBY,UAAU;IAFtB,MAAM,EAAE;IACR,MAAM,CAAC,EAAE,CAAC;GACE,UAAU,CAmBtB"}

package/dist/guards/grpc-internal.guard.d.ts

@@ -1,5 +1,5 @@
 import type { CanActivate, ExecutionContext } from '@nestjs/common';
-import type { JwtService } from '../services/jwt.service.js';
+import { JwtService } from '../services/jwt.service.js';
 export declare class GrpcInternalGuard implements CanActivate {
     private readonly jwtService;
     private readonly logger;

package/dist/guards/grpc-internal.guard.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"grpc-internal.guard.d.ts","sourceRoot":"","sources":["../../src/guards/grpc-internal.guard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAIpE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAG7D,qBACa,iBAAkB,YAAW,WAAW;IAGvC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAFvC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAsC;gBAEhC,UAAU,EAAE,UAAU;IAE7C,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CA6B/D"}
+{"version":3,"file":"grpc-internal.guard.d.ts","sourceRoot":"","sources":["../../src/guards/grpc-internal.guard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAIpE,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAGxD,qBACa,iBAAkB,YAAW,WAAW;IAGvC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAFvC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAsC;gBAEhC,UAAU,EAAE,UAAU;IAE7C,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAgC/D"}

package/dist/guards/grpc-internal.guard.js

@@ -10,6 +10,7 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 var GrpcInternalGuard_1;
 import { Injectable, Logger } from '@nestjs/common';
 import { UnauthorizedError } from '@volontariapp/errors';
+import { JwtService } from '../services/jwt.service.js';
 import { INTERNAL_TOKEN_METADATA_KEY } from '../constants/index.js';
 let GrpcInternalGuard = GrpcInternalGuard_1 = class GrpcInternalGuard {
     jwtService;
@@ -29,6 +30,9 @@ let GrpcInternalGuard = GrpcInternalGuard_1 = class GrpcInternalGuard {
             throw new UnauthorizedError('Missing internal token');
         }
         const token = tokens[0];
+        if (typeof token !== 'string') {
+            throw new UnauthorizedError('Invalid internal token format');
+        }
         try {
             const user = await this.jwtService.verifyInternal(token);
             const rpcContext = rpcArgumentsHost.getContext();
@@ -44,7 +48,7 @@ let GrpcInternalGuard = GrpcInternalGuard_1 = class GrpcInternalGuard {
 };
 GrpcInternalGuard = GrpcInternalGuard_1 = __decorate([
     Injectable(),
-    __metadata("design:paramtypes", [Function])
+    __metadata("design:paramtypes", [JwtService])
 ], GrpcInternalGuard);
 export { GrpcInternalGuard };
 //# sourceMappingURL=grpc-internal.guard.js.map

package/dist/guards/grpc-internal.guard.js.map

@@ -1 +1 @@
-{"version":3,"file":"grpc-internal.guard.js","sourceRoot":"","sources":["../../src/guards/grpc-internal.guard.ts"],"names":[],"mappings":";;;;;;;;;;AACA,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAGzD,OAAO,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AAG7D,IAAM,iBAAiB,yBAAvB,MAAM,iBAAiB;IAGC;IAFZ,MAAM,GAAG,IAAI,MAAM,CAAC,mBAAiB,CAAC,IAAI,CAAC,CAAC;IAE7D,YAA6B,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;IAAG,CAAC;IAEvD,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,IAAI,OAAO,CAAC,OAAO,EAAE,KAAK,KAAK,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,gBAAgB,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QAC/C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,UAAU,EAAY,CAAC;QACzD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QAEzD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,2BAA2B,cAAc,CAAC,CAAC;YACvE,MAAM,IAAI,iBAAiB,CAAC,wBAAwB,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAW,CAAC;QAElC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YAEzD,MAAM,UAAU,GAAG,gBAAgB,CAAC,UAAU,EAA2B,CAAC;YAC1E,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC;YAEvB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACzE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,OAAO,EAAE,CAAC,CAAC;YACxD,MAAM,IAAI,iBAAiB,CAAC,wBAAwB,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;CACF,CAAA;AAlCY,iBAAiB;IAD7B,UAAU,EAAE;;GACA,iBAAiB,CAkC7B"}
+{"version":3,"file":"grpc-internal.guard.js","sourceRoot":"","sources":["../../src/guards/grpc-internal.guard.ts"],"names":[],"mappings":";;;;;;;;;;AACA,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAEzD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AAG7D,IAAM,iBAAiB,yBAAvB,MAAM,iBAAiB;IAGC;IAFZ,MAAM,GAAG,IAAI,MAAM,CAAC,mBAAiB,CAAC,IAAI,CAAC,CAAC;IAE7D,YAA6B,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;IAAG,CAAC;IAEvD,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,IAAI,OAAO,CAAC,OAAO,EAAE,KAAK,KAAK,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,gBAAgB,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QAC/C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,UAAU,EAAY,CAAC;QACzD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QAEzD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,2BAA2B,cAAc,CAAC,CAAC;YACvE,MAAM,IAAI,iBAAiB,CAAC,wBAAwB,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,IAAI,iBAAiB,CAAC,+BAA+B,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YAEzD,MAAM,UAAU,GAAG,gBAAgB,CAAC,UAAU,EAA2B,CAAC;YAC1E,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC;YAEvB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACzE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,OAAO,EAAE,CAAC,CAAC;YACxD,MAAM,IAAI,iBAAiB,CAAC,wBAAwB,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;CACF,CAAA;AArCY,iBAAiB;IAD7B,UAAU,EAAE;qCAI8B,UAAU;GAHxC,iBAAiB,CAqC7B"}

package/dist/interceptors/grpc-internal.interceptor.d.ts

@@ -1,6 +1,6 @@
 import type { CallHandler, ExecutionContext, NestInterceptor } from '@nestjs/common';
 import type { Observable } from 'rxjs';
-import type { JwtService } from '../services/jwt.service.js';
+import { JwtService } from '../services/jwt.service.js';
 export declare class GrpcInternalInterceptor implements NestInterceptor {
     private readonly jwtService;
     constructor(jwtService: JwtService);

package/dist/interceptors/grpc-internal.interceptor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"grpc-internal.interceptor.d.ts","sourceRoot":"","sources":["../../src/interceptors/grpc-internal.interceptor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAErF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAG7D,qBACa,uBAAwB,YAAW,eAAe;IACjD,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAAV,UAAU,EAAE,UAAU;IAEnD,SAAS,CAAC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC;CAc7E"}
+{"version":3,"file":"grpc-internal.interceptor.d.ts","sourceRoot":"","sources":["../../src/interceptors/grpc-internal.interceptor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAErF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvC,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAGxD,qBACa,uBAAwB,YAAW,eAAe;IACjD,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAAV,UAAU,EAAE,UAAU;IAEnD,SAAS,CAAC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC;CAc7E"}

package/dist/interceptors/grpc-internal.interceptor.js

@@ -10,6 +10,7 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 import { Injectable } from '@nestjs/common';
 import { from } from 'rxjs';
 import { switchMap } from 'rxjs/operators';
+import { JwtService } from '../services/jwt.service.js';
 let GrpcInternalInterceptor = class GrpcInternalInterceptor {
     jwtService;
     constructor(jwtService) {
@@ -28,7 +29,7 @@ let GrpcInternalInterceptor = class GrpcInternalInterceptor {
 };
 GrpcInternalInterceptor = __decorate([
     Injectable(),
-    __metadata("design:paramtypes", [Function])
+    __metadata("design:paramtypes", [JwtService])
 ], GrpcInternalInterceptor);
 export { GrpcInternalInterceptor };
 //# sourceMappingURL=grpc-internal.interceptor.js.map

package/dist/interceptors/grpc-internal.interceptor.js.map

@@ -1 +1 @@
-{"version":3,"file":"grpc-internal.interceptor.js","sourceRoot":"","sources":["../../src/interceptors/grpc-internal.interceptor.ts"],"names":[],"mappings":";;;;;;;;;AACA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAKpC,IAAM,uBAAuB,GAA7B,MAAM,uBAAuB;IACL;IAA7B,YAA6B,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;IAAG,CAAC;IAEvD,SAAS,CAAC,OAAyB,EAAE,IAAiB;QACpD,MAAM,WAAW,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAuB,CAAC;QAC7E,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC;QAE9B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAClD,SAAS,CAAC,CAAC,MAAM,EAAE,EAAE;YACnB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;CACF,CAAA;AAjBY,uBAAuB;IADnC,UAAU,EAAE;;GACA,uBAAuB,CAiBnC"}
+{"version":3,"file":"grpc-internal.interceptor.js","sourceRoot":"","sources":["../../src/interceptors/grpc-internal.interceptor.ts"],"names":[],"mappings":";;;;;;;;;AACA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAIjD,IAAM,uBAAuB,GAA7B,MAAM,uBAAuB;IACL;IAA7B,YAA6B,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;IAAG,CAAC;IAEvD,SAAS,CAAC,OAAyB,EAAE,IAAiB;QACpD,MAAM,WAAW,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAuB,CAAC;QAC7E,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC;QAE9B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAClD,SAAS,CAAC,CAAC,MAAM,EAAE,EAAE;YACnB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;CACF,CAAA;AAjBY,uBAAuB;IADnC,UAAU,EAAE;qCAE8B,UAAU;GADxC,uBAAuB,CAiBnC"}

package/dist/interfaces/auth-config.interface.d.ts

@@ -1,7 +1,8 @@
 export interface AuthConfig {
-    internalSecret: string;
-    gatewaySecret: string;
-    internalExpiresIn: number;
-    gatewayExpiresIn: number;
+    internalPrivateKeyPath?: string;
+    internalPublicKeyPath?: string;
+    gatewayPublicKeyPath?: string;
+    internalExpiresIn: number | string;
+    gatewayExpiresIn: number | string;
 }
 //# sourceMappingURL=auth-config.interface.d.ts.map

package/dist/interfaces/auth-config.interface.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-config.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/auth-config.interface.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gBAAgB,EAAE,MAAM,CAAC;CAC1B"}
+{"version":3,"file":"auth-config.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/auth-config.interface.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,EAAE,MAAM,GAAG,MAAM,CAAC;IACnC,gBAAgB,EAAE,MAAM,GAAG,MAAM,CAAC;CACnC"}

package/dist/interfaces/auth-user.interface.d.ts

@@ -1,5 +1,6 @@
 export interface AuthUser {
     id: string;
     role: string;
+    [key: string]: unknown;
 }
 //# sourceMappingURL=auth-user.interface.d.ts.map

package/dist/interfaces/auth-user.interface.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-user.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/auth-user.interface.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;CACd"}
+{"version":3,"file":"auth-user.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/auth-user.interface.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB"}

package/dist/services/jwt.service.d.ts

@@ -1,11 +1,16 @@
 import type { AuthConfig, AuthUser } from '../interfaces/index.js';
 export declare class JwtService {
     private readonly options;
-    private readonly internalSecret;
-    private readonly gatewaySecret?;
+    private internalPrivateKey?;
+    private internalPublicKey?;
+    private gatewayPublicKey?;
     constructor(options: AuthConfig);
+    private getInternalPrivateKey;
+    private getInternalPublicKey;
+    private getGatewayPublicKey;
     signInternal(user: AuthUser): Promise<string>;
     verifyInternal(token: string): Promise<AuthUser>;
     verifyExternal(token: string): Promise<AuthUser>;
+    private isAuthUser;
 }
 //# sourceMappingURL=jwt.service.d.ts.map

package/dist/services/jwt.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.service.d.ts","sourceRoot":"","sources":["../../src/services/jwt.service.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAEnE,qBACa,UAAU;IAIa,OAAO,CAAC,QAAQ,CAAC,OAAO;IAH1D,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAa;IAC5C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAa;gBAEO,OAAO,EAAE,UAAU;IAkBhE,YAAY,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC;IAY7C,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAKhD,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;CAQvD"}
+{"version":3,"file":"jwt.service.d.ts","sourceRoot":"","sources":["../../src/services/jwt.service.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAEnE,qBAAa,UAAU;IAKT,OAAO,CAAC,QAAQ,CAAC,OAAO;IAJpC,OAAO,CAAC,kBAAkB,CAAC,CAAY;IACvC,OAAO,CAAC,iBAAiB,CAAC,CAAY;IACtC,OAAO,CAAC,gBAAgB,CAAC,CAAY;gBAER,OAAO,EAAE,UAAU;YASlC,qBAAqB;YAoBrB,oBAAoB;YAiBpB,mBAAmB;IAiB3B,YAAY,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC;IAa7C,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAShD,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAStD,OAAO,CAAC,UAAU;CAInB"}

package/dist/services/jwt.service.js

@@ -1,66 +1,94 @@
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-var __metadata = (this && this.__metadata) || function (k, v) {
-    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
-};
-var __param = (this && this.__param) || function (paramIndex, decorator) {
-    return function (target, key) { decorator(target, key, paramIndex); }
-};
-import { Inject, Injectable } from '@nestjs/common';
 import * as jose from 'jose';
+import fs from 'node:fs';
 import { InternalServerError } from '@volontariapp/errors';
-import { AUTH_OPTIONS } from '../constants/index.js';
-let JwtService = class JwtService {
+export class JwtService {
     options;
-    internalSecret;
-    gatewaySecret;
+    internalPrivateKey;
+    internalPublicKey;
+    gatewayPublicKey;
     constructor(options) {
         this.options = options;
-        if (!options.internalSecret) {
-            throw new InternalServerError('Internal secret not configured', 'AUTH_CONFIG_ERROR');
-        }
-        if (!options.internalExpiresIn) {
+        if (options.internalExpiresIn === '' || options.internalExpiresIn === 0) {
             throw new InternalServerError('Internal expiration time not configured', 'AUTH_CONFIG_ERROR');
         }
-        if (!options.gatewaySecret) {
-            throw new InternalServerError('Gateway secret not configured', 'AUTH_CONFIG_ERROR');
-        }
-        if (!options.gatewayExpiresIn) {
+        if (options.gatewayExpiresIn === '' || options.gatewayExpiresIn === 0) {
             throw new InternalServerError('Gateway expiration time not configured', 'AUTH_CONFIG_ERROR');
         }
-        this.internalSecret = new TextEncoder().encode(options.internalSecret);
-        this.gatewaySecret = new TextEncoder().encode(options.gatewaySecret);
+    }
+    async getInternalPrivateKey() {
+        if (this.internalPrivateKey)
+            return this.internalPrivateKey;
+        if (this.options.internalPrivateKeyPath === undefined) {
+            throw new InternalServerError('Internal private key path not configured', 'AUTH_CONFIG_ERROR');
+        }
+        try {
+            const key = fs.readFileSync(this.options.internalPrivateKeyPath, 'utf8');
+            this.internalPrivateKey = await jose.importPKCS8(key, 'RS256');
+            return this.internalPrivateKey;
+        }
+        catch (error) {
+            throw new InternalServerError(`Failed to import internal private key: ${error.message}`, 'AUTH_CONFIG_ERROR');
+        }
+    }
+    async getInternalPublicKey() {
+        if (this.internalPublicKey)
+            return this.internalPublicKey;
+        if (this.options.internalPublicKeyPath === undefined) {
+            throw new InternalServerError('Internal public key path not configured', 'AUTH_CONFIG_ERROR');
+        }
+        try {
+            const key = fs.readFileSync(this.options.internalPublicKeyPath, 'utf8');
+            this.internalPublicKey = await jose.importSPKI(key, 'RS256');
+            return this.internalPublicKey;
+        }
+        catch (error) {
+            throw new InternalServerError(`Failed to import internal public key: ${error.message}`, 'AUTH_CONFIG_ERROR');
+        }
+    }
+    async getGatewayPublicKey() {
+        if (this.gatewayPublicKey)
+            return this.gatewayPublicKey;
+        if (this.options.gatewayPublicKeyPath === undefined) {
+            throw new InternalServerError('Gateway public key path not configured', 'AUTH_CONFIG_ERROR');
+        }
+        try {
+            const key = fs.readFileSync(this.options.gatewayPublicKeyPath, 'utf8');
+            this.gatewayPublicKey = await jose.importSPKI(key, 'RS256');
+            return this.gatewayPublicKey;
+        }
+        catch (error) {
+            throw new InternalServerError(`Failed to import gateway public key: ${error.message}`, 'AUTH_CONFIG_ERROR');
+        }
     }
     async signInternal(user) {
+        const key = await this.getInternalPrivateKey();
         const sessionPayload = { ...user };
         const token = await new jose.SignJWT(sessionPayload)
-            .setProtectedHeader({ alg: 'HS256' })
+            .setProtectedHeader({ alg: 'RS256' })
             .setIssuedAt()
-            .setExpirationTime(this.options.internalExpiresIn.toString())
-            .sign(this.internalSecret);
+            .setExpirationTime(this.options.internalExpiresIn)
+            .sign(key);
         return token;
     }
     async verifyInternal(token) {
-        const { payload } = await jose.jwtVerify(token, this.internalSecret);
-        return payload;
+        const key = await this.getInternalPublicKey();
+        const { payload } = await jose.jwtVerify(token, key, { algorithms: ['RS256'] });
+        if (this.isAuthUser(payload)) {
+            return payload;
+        }
+        throw new InternalServerError('Invalid internal token payload', 'AUTH_TOKEN_ERROR');
     }
     async verifyExternal(token) {
-        const secret = this.gatewaySecret;
-        if (!secret) {
-            throw new InternalServerError('Gateway secret not configured', 'AUTH_CONFIG_ERROR');
+        const key = await this.getGatewayPublicKey();
+        const { payload } = await jose.jwtVerify(token, key, { algorithms: ['RS256'] });
+        if (this.isAuthUser(payload)) {
+            return payload;
         }
-        const { payload } = await jose.jwtVerify(token, secret);
-        return payload;
+        throw new InternalServerError('Invalid external token payload', 'AUTH_TOKEN_ERROR');
+    }
+    isAuthUser(payload) {
+        const p = payload;
+        return typeof p['id'] === 'string' && typeof p['role'] === 'string';
     }
-};
-JwtService = __decorate([
-    Injectable(),
-    __param(0, Inject(AUTH_OPTIONS)),
-    __metadata("design:paramtypes", [Object])
-], JwtService);
-export { JwtService };
+}
 //# sourceMappingURL=jwt.service.js.map

package/dist/services/jwt.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.service.js","sourceRoot":"","sources":["../../src/services/jwt.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAI9C,IAAM,UAAU,GAAhB,MAAM,UAAU;IAI8B;IAHlC,cAAc,CAAa;IAC3B,aAAa,CAAc;IAE5C,YAAmD,OAAmB;QAAnB,YAAO,GAAP,OAAO,CAAY;QACpE,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;YAC5B,MAAM,IAAI,mBAAmB,CAAC,gCAAgC,EAAE,mBAAmB,CAAC,CAAC;QACvF,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;YAC/B,MAAM,IAAI,mBAAmB,CAAC,yCAAyC,EAAE,mBAAmB,CAAC,CAAC;QAChG,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC3B,MAAM,IAAI,mBAAmB,CAAC,+BAA+B,EAAE,mBAAmB,CAAC,CAAC;QACtF,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC9B,MAAM,IAAI,mBAAmB,CAAC,wCAAwC,EAAE,mBAAmB,CAAC,CAAC;QAC/F,CAAC;QAED,IAAI,CAAC,cAAc,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACvE,IAAI,CAAC,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAc;QAC/B,MAAM,cAAc,GAAoB,EAAE,GAAG,IAAI,EAAE,CAAC;QAEpD,MAAM,KAAK,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;aACjD,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;aACpC,WAAW,EAAE;aACb,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,QAAQ,EAAE,CAAC;aAC5D,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAE7B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAa;QAChC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;QACrE,OAAO,OAA8B,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAa;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC;QAClC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,mBAAmB,CAAC,+BAA+B,EAAE,mBAAmB,CAAC,CAAC;QACtF,CAAC;QACD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxD,OAAO,OAA8B,CAAC;IACxC,CAAC;CACF,CAAA;AA/CY,UAAU;IADtB,UAAU,EAAE;IAKE,WAAA,MAAM,CAAC,YAAY,CAAC,CAAA;;GAJtB,UAAU,CA+CtB"}
+{"version":3,"file":"jwt.service.js","sourceRoot":"","sources":["../../src/services/jwt.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAG3D,MAAM,OAAO,UAAU;IAKQ;IAJrB,kBAAkB,CAAa;IAC/B,iBAAiB,CAAa;IAC9B,gBAAgB,CAAa;IAErC,YAA6B,OAAmB;QAAnB,YAAO,GAAP,OAAO,CAAY;QAC9C,IAAI,OAAO,CAAC,iBAAiB,KAAK,EAAE,IAAI,OAAO,CAAC,iBAAiB,KAAK,CAAC,EAAE,CAAC;YACxE,MAAM,IAAI,mBAAmB,CAAC,yCAAyC,EAAE,mBAAmB,CAAC,CAAC;QAChG,CAAC;QACD,IAAI,OAAO,CAAC,gBAAgB,KAAK,EAAE,IAAI,OAAO,CAAC,gBAAgB,KAAK,CAAC,EAAE,CAAC;YACtE,MAAM,IAAI,mBAAmB,CAAC,wCAAwC,EAAE,mBAAmB,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,qBAAqB;QACjC,IAAI,IAAI,CAAC,kBAAkB;YAAE,OAAO,IAAI,CAAC,kBAAkB,CAAC;QAC5D,IAAI,IAAI,CAAC,OAAO,CAAC,sBAAsB,KAAK,SAAS,EAAE,CAAC;YACtD,MAAM,IAAI,mBAAmB,CAC3B,0CAA0C,EAC1C,mBAAmB,CACpB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACzE,IAAI,CAAC,kBAAkB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAC/D,OAAO,IAAI,CAAC,kBAAkB,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,mBAAmB,CAC3B,0CAA2C,KAAe,CAAC,OAAO,EAAE,EACpE,mBAAmB,CACpB,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,oBAAoB;QAChC,IAAI,IAAI,CAAC,iBAAiB;YAAE,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAC1D,IAAI,IAAI,CAAC,OAAO,CAAC,qBAAqB,KAAK,SAAS,EAAE,CAAC;YACrD,MAAM,IAAI,mBAAmB,CAAC,yCAAyC,EAAE,mBAAmB,CAAC,CAAC;QAChG,CAAC;QACD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;YACxE,IAAI,CAAC,iBAAiB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAC7D,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,mBAAmB,CAC3B,yCAA0C,KAAe,CAAC,OAAO,EAAE,EACnE,mBAAmB,CACpB,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,mBAAmB;QAC/B,IAAI,IAAI,CAAC,gBAAgB;YAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC;QACxD,IAAI,IAAI,CAAC,OAAO,CAAC,oBAAoB,KAAK,SAAS,EAAE,CAAC;YACpD,MAAM,IAAI,mBAAmB,CAAC,wCAAwC,EAAE,mBAAmB,CAAC,CAAC;QAC/F,CAAC;QACD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;YACvE,IAAI,CAAC,gBAAgB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC,gBAAgB,CAAC;QAC/B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,mBAAmB,CAC3B,wCAAyC,KAAe,CAAC,OAAO,EAAE,EAClE,mBAAmB,CACpB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAc;QAC/B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC/C,MAAM,cAAc,GAAoB,EAAE,GAAG,IAAI,EAAqB,CAAC;QAEvE,MAAM,KAAK,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;aACjD,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;aACpC,WAAW,EAAE;aACb,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC;aACjD,IAAI,CAAC,GAAG,CAAC,CAAC;QAEb,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAa;QAChC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC9C,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAChF,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,MAAM,IAAI,mBAAmB,CAAC,gCAAgC,EAAE,kBAAkB,CAAC,CAAC;IACtF,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAa;QAChC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC7C,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAChF,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,MAAM,IAAI,mBAAmB,CAAC,gCAAgC,EAAE,kBAAkB,CAAC,CAAC;IACtF,CAAC;IAEO,UAAU,CAAC,OAAwB;QACzC,MAAM,CAAC,GAAG,OAAkC,CAAC;QAC7C,OAAO,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,QAAQ,CAAC;IACtE,CAAC;CACF"}

package/dist/test/example/test.controller.d.ts

@@ -0,0 +1,11 @@
+import type { AuthUser } from '../../interfaces/auth-user.interface.js';
+export declare class AuthTestController {
+    getProtected(user: AuthUser): {
+        success: boolean;
+        user: AuthUser;
+    };
+    getPublic(): {
+        success: boolean;
+    };
+}
+//# sourceMappingURL=test.controller.d.ts.map

package/dist/test/example/test.controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test.controller.d.ts","sourceRoot":"","sources":["../../../src/test/example/test.controller.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,yCAAyC,CAAC;AAGxE,qBACa,kBAAkB;IAG7B,YAAY,CAAgB,IAAI,EAAE,QAAQ;;;;IAK1C,SAAS;;;CAGV"}

package/dist/test/example/test.controller.js

@@ -0,0 +1,42 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+import { Controller, Get, UseGuards } from '@nestjs/common';
+import { GrpcInternalGuard } from '../../guards/grpc-internal.guard.js';
+import { CurrentUser } from '../../decorators/current-user.decorator.js';
+let AuthTestController = class AuthTestController {
+    getProtected(user) {
+        return { success: true, user };
+    }
+    getPublic() {
+        return { success: true };
+    }
+};
+__decorate([
+    Get('protected'),
+    UseGuards(GrpcInternalGuard),
+    __param(0, CurrentUser()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", void 0)
+], AuthTestController.prototype, "getProtected", null);
+__decorate([
+    Get('public'),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", []),
+    __metadata("design:returntype", void 0)
+], AuthTestController.prototype, "getPublic", null);
+AuthTestController = __decorate([
+    Controller('test')
+], AuthTestController);
+export { AuthTestController };
+//# sourceMappingURL=test.controller.js.map

package/dist/test/example/test.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"test.controller.js","sourceRoot":"","sources":["../../../src/test/example/test.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AAExE,OAAO,EAAE,WAAW,EAAE,MAAM,4CAA4C,CAAC;AAGlE,IAAM,kBAAkB,GAAxB,MAAM,kBAAkB;IAG7B,YAAY,CAAgB,IAAc;QACxC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACjC,CAAC;IAGD,SAAS;QACP,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;CACF,CAAA;AARC;IAFC,GAAG,CAAC,WAAW,CAAC;IAChB,SAAS,CAAC,iBAAiB,CAAC;IACf,WAAA,WAAW,EAAE,CAAA;;;;sDAE1B;AAGD;IADC,GAAG,CAAC,QAAQ,CAAC;;;;mDAGb;AAVU,kBAAkB;IAD9B,UAAU,CAAC,MAAM,CAAC;GACN,kBAAkB,CAW9B"}

package/dist/test/factories/auth-user.factory.d.ts

@@ -0,0 +1,3 @@
+import type { AuthUser } from '../../interfaces/auth-user.interface.js';
+export declare const createAuthUser: (overrides?: Partial<AuthUser>) => AuthUser;
+//# sourceMappingURL=auth-user.factory.d.ts.map

package/dist/test/factories/auth-user.factory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-user.factory.d.ts","sourceRoot":"","sources":["../../../src/test/factories/auth-user.factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,yCAAyC,CAAC;AAExE,eAAO,MAAM,cAAc,eAAgB,OAAO,CAAC,QAAQ,CAAC,KAAG,QAI7D,CAAC"}

package/dist/test/factories/auth-user.factory.js

@@ -0,0 +1,6 @@
+export const createAuthUser = (overrides) => ({
+    id: 'user-123',
+    role: 'volunteer',
+    ...overrides,
+});
+//# sourceMappingURL=auth-user.factory.js.map

package/dist/test/factories/auth-user.factory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-user.factory.js","sourceRoot":"","sources":["../../../src/test/factories/auth-user.factory.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,SAA6B,EAAY,EAAE,CAAC,CAAC;IAC1E,EAAE,EAAE,UAAU;IACd,IAAI,EAAE,WAAW;IACjB,GAAG,SAAS;CACb,CAAC,CAAC"}

package/dist/test/helpers/context.helper.d.ts

@@ -0,0 +1,4 @@
+import type { ExecutionContext } from '@nestjs/common';
+import type { AuthUser } from '../../interfaces/auth-user.interface.js';
+export declare const createExecutionContext: (metadataValues?: Record<string, string[]>, user?: AuthUser) => ExecutionContext;
+//# sourceMappingURL=context.helper.d.ts.map

package/dist/test/helpers/context.helper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.helper.d.ts","sourceRoot":"","sources":["../../../src/test/helpers/context.helper.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAGvD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,yCAAyC,CAAC;AAExE,eAAO,MAAM,sBAAsB,oBACjB,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,SACjC,QAAQ,KACd,gBAiBF,CAAC"}

package/dist/test/helpers/context.helper.js

@@ -0,0 +1,18 @@
+import { jest } from '@jest/globals';
+import { createMock } from '@golevelup/ts-jest';
+export const createExecutionContext = (metadataValues = {}, user) => {
+    const metadataMock = createMock({
+        get: jest.fn((key) => metadataValues[key] ?? []),
+        set: jest.fn(),
+    });
+    const rpcContext = { user };
+    const rpcArgumentsHost = createMock();
+    rpcArgumentsHost.getContext.mockImplementation((key) => {
+        return key === 'metadata' || key === undefined ? metadataMock : rpcContext;
+    });
+    return createMock({
+        getType: () => 'rpc',
+        switchToRpc: () => rpcArgumentsHost,
+    });
+};
+//# sourceMappingURL=context.helper.js.map

package/dist/test/helpers/context.helper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.helper.js","sourceRoot":"","sources":["../../../src/test/helpers/context.helper.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAErC,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAIhD,MAAM,CAAC,MAAM,sBAAsB,GAAG,CACpC,iBAA2C,EAAE,EAC7C,IAAe,EACG,EAAE;IACpB,MAAM,YAAY,GAAG,UAAU,CAAW;QACxC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,GAAW,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACxD,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE;KACf,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,EAAE,IAAI,EAAE,CAAC;IAE5B,MAAM,gBAAgB,GAAG,UAAU,EAA+C,CAAC;IACnF,gBAAgB,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC,GAAY,EAAW,EAAE;QACvE,OAAO,GAAG,KAAK,UAAU,IAAI,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,UAAU,CAAC;IAC7E,CAAC,CAAC,CAAC;IAEH,OAAO,UAAU,CAAmB;QAClC,OAAO,EAAE,GAAG,EAAE,CAAC,KAAK;QACpB,WAAW,EAAE,GAAG,EAAE,CAAC,gBAAgB;KACpC,CAAC,CAAC;AACL,CAAC,CAAC"}

package/dist/test/integration/grpc-internal.guard.int.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=grpc-internal.guard.int.spec.d.ts.map

package/dist/test/integration/grpc-internal.guard.int.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grpc-internal.guard.int.spec.d.ts","sourceRoot":"","sources":["../../../src/test/integration/grpc-internal.guard.int.spec.ts"],"names":[],"mappings":""}

package/dist/test/integration/grpc-internal.guard.int.spec.js

@@ -0,0 +1,81 @@
+import { describe, it, expect, beforeEach, beforeAll, jest } from '@jest/globals';
+import fs from 'node:fs';
+import * as jose from 'jose';
+import { Test } from '@nestjs/testing';
+import { GrpcInternalGuard } from '../../guards/grpc-internal.guard.js';
+import { JwtService } from '../../services/jwt.service.js';
+import { AUTH_OPTIONS } from '../../constants/index.js';
+import { createAuthUser } from '../factories/auth-user.factory.js';
+import { createExecutionContext } from '../helpers/context.helper.js';
+import { UnauthorizedError } from '@volontariapp/errors';
+import { INTERNAL_TOKEN_METADATA_KEY } from '../../constants/index.js';
+describe('GrpcInternalGuard (Integration)', () => {
+    let guard;
+    let jwtService;
+    let internalPrivate;
+    let internalPublic;
+    let gatewayPublic;
+    const config = {
+        internalPrivateKeyPath: 'internal-private-path',
+        internalPublicKeyPath: 'internal-public-path',
+        gatewayPublicKeyPath: 'gateway-public-path',
+        internalExpiresIn: '1h',
+        gatewayExpiresIn: '1h',
+    };
+    beforeAll(async () => {
+        const internalKeys = await jose.generateKeyPair('RS256', { extractable: true });
+        internalPrivate = await jose.exportPKCS8(internalKeys.privateKey);
+        internalPublic = await jose.exportSPKI(internalKeys.publicKey);
+        const gatewayKeys = await jose.generateKeyPair('RS256', { extractable: true });
+        gatewayPublic = await jose.exportSPKI(gatewayKeys.publicKey);
+    });
+    beforeEach(async () => {
+        jest.restoreAllMocks();
+        jest.spyOn(fs, 'readFileSync').mockImplementation((path) => {
+            if (path === 'internal-private-path')
+                return internalPrivate;
+            if (path === 'internal-public-path')
+                return internalPublic;
+            if (path === 'gateway-public-path')
+                return gatewayPublic;
+            throw new Error('File not found');
+        });
+        const module = await Test.createTestingModule({
+            providers: [
+                GrpcInternalGuard,
+                {
+                    provide: JwtService,
+                    useFactory: (opts) => new JwtService(opts),
+                    inject: [AUTH_OPTIONS],
+                },
+                {
+                    provide: AUTH_OPTIONS,
+                    useValue: config,
+                },
+            ],
+        }).compile();
+        guard = module.get(GrpcInternalGuard);
+        jwtService = module.get(JwtService);
+    });
+    it('should allow access with a valid internal token', async () => {
+        const user = createAuthUser();
+        const token = await jwtService.signInternal(user);
+        const context = createExecutionContext({
+            [INTERNAL_TOKEN_METADATA_KEY]: [token],
+        });
+        const canActivate = await guard.canActivate(context);
+        expect(canActivate).toBe(true);
+        const rpcContext = context.switchToRpc().getContext();
+        expect(rpcContext.user).toEqual(expect.objectContaining({
+            id: user.id,
+            role: user.role,
+        }));
+    });
+    it('should deny access with an invalid token', async () => {
+        const context = createExecutionContext({
+            [INTERNAL_TOKEN_METADATA_KEY]: ['invalid-token'],
+        });
+        await expect(guard.canActivate(context)).rejects.toThrow(UnauthorizedError);
+    });
+});
+//# sourceMappingURL=grpc-internal.guard.int.spec.js.map

package/dist/test/integration/grpc-internal.guard.int.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"grpc-internal.guard.int.spec.js","sourceRoot":"","sources":["../../../src/test/integration/grpc-internal.guard.int.spec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAClF,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AACvC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,2BAA2B,EAAE,MAAM,0BAA0B,CAAC;AAGvE,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;IAC/C,IAAI,KAAwB,CAAC;IAC7B,IAAI,UAAsB,CAAC;IAC3B,IAAI,eAAuB,CAAC;IAC5B,IAAI,cAAsB,CAAC;IAC3B,IAAI,aAAqB,CAAC;IAE1B,MAAM,MAAM,GAAe;QACzB,sBAAsB,EAAE,uBAAuB;QAC/C,qBAAqB,EAAE,sBAAsB;QAC7C,oBAAoB,EAAE,qBAAqB;QAC3C,iBAAiB,EAAE,IAAI;QACvB,gBAAgB,EAAE,IAAI;KACvB,CAAC;IAEF,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QAChF,eAAe,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QAClE,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAE/D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/E,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC,kBAAkB,CAAC,CAAC,IAAI,EAAE,EAAE;YACzD,IAAI,IAAI,KAAK,uBAAuB;gBAAE,OAAO,eAAe,CAAC;YAC7D,IAAI,IAAI,KAAK,sBAAsB;gBAAE,OAAO,cAAc,CAAC;YAC3D,IAAI,IAAI,KAAK,qBAAqB;gBAAE,OAAO,aAAa,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC;YAC5C,SAAS,EAAE;gBACT,iBAAiB;gBACjB;oBACE,OAAO,EAAE,UAAU;oBACnB,UAAU,EAAE,CAAC,IAAgB,EAAE,EAAE,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;oBACtD,MAAM,EAAE,CAAC,YAAY,CAAC;iBACvB;gBACD;oBACE,OAAO,EAAE,YAAY;oBACrB,QAAQ,EAAE,MAAM;iBACjB;aACF;SACF,CAAC,CAAC,OAAO,EAAE,CAAC;QAEb,KAAK,GAAG,MAAM,CAAC,GAAG,CAAoB,iBAAiB,CAAC,CAAC;QACzD,UAAU,GAAG,MAAM,CAAC,GAAG,CAAa,UAAU,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAClD,MAAM,OAAO,GAAG,sBAAsB,CAAC;YACrC,CAAC,2BAA2B,CAAC,EAAE,CAAC,KAAK,CAAC;SACvC,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACrD,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE/B,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,UAAU,EAA2B,CAAC;QAC/E,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,CAC7B,MAAM,CAAC,gBAAgB,CAAC;YACtB,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC,CACH,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,OAAO,GAAG,sBAAsB,CAAC;YACrC,CAAC,2BAA2B,CAAC,EAAE,CAAC,eAAe,CAAC;SACjD,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/test/setup.d.ts

@@ -0,0 +1,2 @@
+import 'reflect-metadata';
+//# sourceMappingURL=setup.d.ts.map

package/dist/test/setup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/test/setup.ts"],"names":[],"mappings":"AAAA,OAAO,kBAAkB,CAAC"}

package/dist/test/setup.js

@@ -0,0 +1,2 @@
+import 'reflect-metadata';
+//# sourceMappingURL=setup.js.map

package/dist/test/setup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.js","sourceRoot":"","sources":["../../src/test/setup.ts"],"names":[],"mappings":"AAAA,OAAO,kBAAkB,CAAC"}

package/dist/test/unit/grpc-internal.guard.unit.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=grpc-internal.guard.unit.spec.d.ts.map

package/dist/test/unit/grpc-internal.guard.unit.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grpc-internal.guard.unit.spec.d.ts","sourceRoot":"","sources":["../../../src/test/unit/grpc-internal.guard.unit.spec.ts"],"names":[],"mappings":""}

package/dist/test/unit/grpc-internal.guard.unit.spec.js

@@ -0,0 +1,49 @@
+import { describe, it, expect, beforeEach, jest } from '@jest/globals';
+import { GrpcInternalGuard } from '../../guards/grpc-internal.guard.js';
+import { createAuthUser } from '../factories/auth-user.factory.js';
+import { createExecutionContext } from '../helpers/context.helper.js';
+import { createMock } from '@golevelup/ts-jest';
+import { INTERNAL_TOKEN_METADATA_KEY } from '../../constants/index.js';
+import { UnauthorizedError } from '@volontariapp/errors';
+describe('GrpcInternalGuard (Unit)', () => {
+    let guard;
+    let jwtService;
+    beforeEach(() => {
+        jest.restoreAllMocks();
+        jwtService = createMock();
+        guard = new GrpcInternalGuard(jwtService);
+    });
+    it('should return true if context is not rpc', async () => {
+        const context = createMock();
+        context.getType.mockReturnValue('http');
+        const result = await guard.canActivate(context);
+        expect(result).toBe(true);
+    });
+    it('should throw UnauthorizedError if metadata is missing internal token', async () => {
+        const context = createExecutionContext({});
+        await expect(guard.canActivate(context)).rejects.toThrow(UnauthorizedError);
+    });
+    it('should throw UnauthorizedError if token is invalid', async () => {
+        const context = createExecutionContext({
+            [INTERNAL_TOKEN_METADATA_KEY]: ['invalid-token'],
+        });
+        const verifySpy = jest
+            .spyOn(jwtService, 'verifyInternal')
+            .mockRejectedValue(new Error('Invalid'));
+        await expect(guard.canActivate(context)).rejects.toThrow(UnauthorizedError);
+        expect(verifySpy).toHaveBeenCalledWith('invalid-token');
+    });
+    it('should set user in context and return true for valid token', async () => {
+        const user = createAuthUser();
+        const context = createExecutionContext({
+            [INTERNAL_TOKEN_METADATA_KEY]: ['valid-token'],
+        });
+        const verifySpy = jest.spyOn(jwtService, 'verifyInternal').mockResolvedValue(user);
+        const result = await guard.canActivate(context);
+        expect(result).toBe(true);
+        const rpcContext = context.switchToRpc().getContext();
+        expect(rpcContext.user).toEqual(user);
+        expect(verifySpy).toHaveBeenCalledWith('valid-token');
+    });
+});
+//# sourceMappingURL=grpc-internal.guard.unit.spec.js.map

package/dist/test/unit/grpc-internal.guard.unit.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"grpc-internal.guard.unit.spec.js","sourceRoot":"","sources":["../../../src/test/unit/grpc-internal.guard.unit.spec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAEtE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,OAAO,EAAE,2BAA2B,EAAE,MAAM,0BAA0B,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAEzD,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,IAAI,KAAwB,CAAC;IAC7B,IAAI,UAAsB,CAAC;IAE3B,UAAU,CAAC,GAAG,EAAE;QACd,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,UAAU,GAAG,UAAU,EAAc,CAAC;QACtC,KAAK,GAAG,IAAI,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,OAAO,GAAG,UAAU,EAAoB,CAAC;QAC/C,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,MAAqB,CAAC,CAAC;QAEvD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAChD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,KAAK,IAAI,EAAE;QACpF,MAAM,OAAO,GAAG,sBAAsB,CAAC,EAAE,CAAC,CAAC;QAE3C,MAAM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,OAAO,GAAG,sBAAsB,CAAC;YACrC,CAAC,2BAA2B,CAAC,EAAE,CAAC,eAAe,CAAC;SACjD,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,IAAI;aACnB,KAAK,CAAC,UAAU,EAAE,gBAAgB,CAAC;aACnC,iBAAiB,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;QAE3C,MAAM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC5E,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;QAC1E,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,sBAAsB,CAAC;YACrC,CAAC,2BAA2B,CAAC,EAAE,CAAC,aAAa,CAAC;SAC/C,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAEnF,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEhD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,UAAU,EAA2B,CAAC;QAC/E,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/test/unit/grpc-internal.interceptor.unit.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=grpc-internal.interceptor.unit.spec.d.ts.map

package/dist/test/unit/grpc-internal.interceptor.unit.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grpc-internal.interceptor.unit.spec.d.ts","sourceRoot":"","sources":["../../../src/test/unit/grpc-internal.interceptor.unit.spec.ts"],"names":[],"mappings":""}

package/dist/test/unit/grpc-internal.interceptor.unit.spec.js

@@ -0,0 +1,42 @@
+import { describe, it, expect, beforeEach, jest } from '@jest/globals';
+import { GrpcInternalInterceptor } from '../../interceptors/grpc-internal.interceptor.js';
+import { createAuthUser } from '../factories/auth-user.factory.js';
+import { createMock } from '@golevelup/ts-jest';
+import { of } from 'rxjs';
+describe('GrpcInternalInterceptor (Unit)', () => {
+    let interceptor;
+    let jwtService;
+    beforeEach(() => {
+        jest.restoreAllMocks();
+        jwtService = createMock();
+        interceptor = new GrpcInternalInterceptor(jwtService);
+    });
+    it('should call next.handle() if user is not in request', (done) => {
+        const context = createMock();
+        const httpHost = context.switchToHttp();
+        jest.spyOn(httpHost, 'getRequest').mockReturnValue({});
+        const next = createMock();
+        next.handle.mockReturnValue(of({ success: true }));
+        const signSpy = jest.spyOn(jwtService, 'signInternal');
+        interceptor.intercept(context, next).subscribe((result) => {
+            expect(result).toEqual({ success: true });
+            expect(signSpy).not.toHaveBeenCalled();
+            done();
+        });
+    });
+    it('should sign internal token if user is present', (done) => {
+        const user = createAuthUser();
+        const context = createMock();
+        const httpHost = context.switchToHttp();
+        jest.spyOn(httpHost, 'getRequest').mockReturnValue({ user });
+        const next = createMock();
+        next.handle.mockReturnValue(of({ success: true }));
+        const signSpy = jest.spyOn(jwtService, 'signInternal').mockResolvedValue('signed-token');
+        interceptor.intercept(context, next).subscribe((result) => {
+            expect(result).toEqual({ success: true });
+            expect(signSpy).toHaveBeenCalledWith(user);
+            done();
+        });
+    });
+});
+//# sourceMappingURL=grpc-internal.interceptor.unit.spec.js.map

package/dist/test/unit/grpc-internal.interceptor.unit.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"grpc-internal.interceptor.unit.spec.js","sourceRoot":"","sources":["../../../src/test/unit/grpc-internal.interceptor.unit.spec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,iDAAiD,CAAC;AAC1F,OAAO,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGhD,OAAO,EAAE,EAAE,EAAE,MAAM,MAAM,CAAC;AAE1B,QAAQ,CAAC,gCAAgC,EAAE,GAAG,EAAE;IAC9C,IAAI,WAAoC,CAAC;IACzC,IAAI,UAAsB,CAAC;IAE3B,UAAU,CAAC,GAAG,EAAE;QACd,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,UAAU,GAAG,UAAU,EAAc,CAAC;QACtC,WAAW,GAAG,IAAI,uBAAuB,CAAC,UAAU,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,CAAC,IAAI,EAAE,EAAE;QACjE,MAAM,OAAO,GAAG,UAAU,EAAoB,CAAC;QAC/C,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;QACxC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;QAEvD,MAAM,IAAI,GAAG,UAAU,EAAe,CAAC;QACvC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAEnD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAEvD,WAAW,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,EAAE;YACxD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YAC1C,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACvC,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,CAAC,IAAI,EAAE,EAAE;QAC3D,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,UAAU,EAAoB,CAAC;QAC/C,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;QACxC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,eAAe,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAE7D,MAAM,IAAI,GAAG,UAAU,EAAe,CAAC;QACvC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAEnD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;QAEzF,WAAW,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,EAAE;YACxD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YAC1C,MAAM,CAAC,OAAO,CAAC,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;YAC3C,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/test/unit/jwt.service.unit.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=jwt.service.unit.spec.d.ts.map

package/dist/test/unit/jwt.service.unit.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.service.unit.spec.d.ts","sourceRoot":"","sources":["../../../src/test/unit/jwt.service.unit.spec.ts"],"names":[],"mappings":""}

package/dist/test/unit/jwt.service.unit.spec.js

@@ -0,0 +1,75 @@
+import { describe, it, expect, beforeEach, beforeAll, jest } from '@jest/globals';
+import fs from 'node:fs';
+import * as jose from 'jose';
+import { JwtService } from '../../services/jwt.service.js';
+import { createAuthUser } from '../factories/auth-user.factory.js';
+describe('JwtService (Unit)', () => {
+    let jwtService;
+    let internalPrivate;
+    let internalPublic;
+    let gatewayPrivate;
+    let gatewayPublic;
+    const config = {
+        internalPrivateKeyPath: 'internal-private-path',
+        internalPublicKeyPath: 'internal-public-path',
+        gatewayPublicKeyPath: 'gateway-public-path',
+        internalExpiresIn: '1h',
+        gatewayExpiresIn: '1h',
+    };
+    beforeAll(async () => {
+        const internalKeys = await jose.generateKeyPair('RS256', { extractable: true });
+        internalPrivate = await jose.exportPKCS8(internalKeys.privateKey);
+        internalPublic = await jose.exportSPKI(internalKeys.publicKey);
+        const gatewayKeys = await jose.generateKeyPair('RS256', { extractable: true });
+        gatewayPublic = await jose.exportSPKI(gatewayKeys.publicKey);
+        gatewayPrivate = await jose.exportPKCS8(gatewayKeys.privateKey);
+    });
+    beforeEach(() => {
+        jest.restoreAllMocks();
+        jest.spyOn(fs, 'readFileSync').mockImplementation((path) => {
+            if (path === 'internal-private-path')
+                return internalPrivate;
+            if (path === 'internal-public-path')
+                return internalPublic;
+            if (path === 'gateway-public-path')
+                return gatewayPublic;
+            if (path === 'gateway-private-path')
+                return gatewayPrivate;
+            throw new Error('File not found');
+        });
+        jwtService = new JwtService(config);
+    });
+    describe('signInternal', () => {
+        it('should sign a token with the internal private key', async () => {
+            const user = createAuthUser();
+            const token = await jwtService.signInternal(user);
+            expect(typeof token).toBe('string');
+            expect(token.length).toBeGreaterThan(0);
+        });
+    });
+    describe('verifyInternal', () => {
+        it('should verify a valid internal token', async () => {
+            const user = createAuthUser();
+            const token = await jwtService.signInternal(user);
+            const payload = await jwtService.verifyInternal(token);
+            expect(payload.id).toBe(user.id);
+            expect(payload.role).toBe(user.role);
+        });
+        it('should throw when token is invalid', async () => {
+            await expect(jwtService.verifyInternal('invalid-token')).rejects.toThrow();
+        });
+    });
+    describe('verifyExternal', () => {
+        it('should verify a valid external token', async () => {
+            const user = createAuthUser();
+            const gatewaySvc = new JwtService({
+                ...config,
+                internalPrivateKeyPath: 'gateway-private-path',
+            });
+            const token = await gatewaySvc.signInternal(user);
+            const payload = await jwtService.verifyExternal(token);
+            expect(payload.id).toBe(user.id);
+        });
+    });
+});
+//# sourceMappingURL=jwt.service.unit.spec.js.map

package/dist/test/unit/jwt.service.unit.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.service.unit.spec.js","sourceRoot":"","sources":["../../../src/test/unit/jwt.service.unit.spec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAClF,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AAGnE,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,IAAI,UAAsB,CAAC;IAC3B,IAAI,eAAuB,CAAC;IAC5B,IAAI,cAAsB,CAAC;IAC3B,IAAI,cAAsB,CAAC;IAC3B,IAAI,aAAqB,CAAC;IAE1B,MAAM,MAAM,GAAe;QACzB,sBAAsB,EAAE,uBAAuB;QAC/C,qBAAqB,EAAE,sBAAsB;QAC7C,oBAAoB,EAAE,qBAAqB;QAC3C,iBAAiB,EAAE,IAAI;QACvB,gBAAgB,EAAE,IAAI;KACvB,CAAC;IAEF,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QAChF,eAAe,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QAClE,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAE/D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/E,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC7D,cAAc,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,UAAU,CAAC,GAAG,EAAE;QACd,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC,kBAAkB,CAAC,CAAC,IAAI,EAAE,EAAE;YACzD,IAAI,IAAI,KAAK,uBAAuB;gBAAE,OAAO,eAAe,CAAC;YAC7D,IAAI,IAAI,KAAK,sBAAsB;gBAAE,OAAO,cAAc,CAAC;YAC3D,IAAI,IAAI,KAAK,qBAAqB;gBAAE,OAAO,aAAa,CAAC;YACzD,IAAI,IAAI,KAAK,sBAAsB;gBAAE,OAAO,cAAc,CAAC;YAC3D,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QACH,UAAU,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;QAC5B,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;YACjE,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;YAElD,MAAM,CAAC,OAAO,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACpC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;YACpD,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;YAElD,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YAEvD,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAClD,MAAM,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QAC7E,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;YACpD,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;YAE9B,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC;gBAChC,GAAG,MAAM;gBACT,sBAAsB,EAAE,sBAAsB;aAC/C,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;YAElD,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@volontariapp/auth",
-  "version": "1.0.0",
+  "version": "2.0.0-next.20260407092728",
   "publishConfig": {
     "access": "public",
     "provenance": true
@@ -30,7 +30,8 @@
     "prepublishOnly": "yarn build",
     "build": "tsc -p tsconfig.json",
     "lint": "eslint src/",
-    "test": "echo \"No tests yet\""
+    "test": "node --experimental-vm-modules $(yarn bin jest)",
+    "test:watch": "node --experimental-vm-modules $(yarn bin jest) --watch"
   },
   "dependencies": {
     "@volontariapp/errors": "0.2.0",
@@ -45,11 +46,17 @@
     "@nestjs/microservices": "^10.0.0 || ^11.0.0"
   },
   "devDependencies": {
+    "@golevelup/ts-jest": "^0.6.1",
     "@grpc/grpc-js": "^1.12.0",
+    "@jest/globals": "^30.3.0",
     "@nestjs/common": "^11.0.0",
     "@nestjs/core": "^11.0.0",
     "@nestjs/microservices": "^11.0.0",
+    "@nestjs/testing": "^11.0.1",
+    "@types/jest": "^30.0.0",
     "@types/node": "^24.1.0",
+    "jest": "^30.3.0",
+    "ts-jest": "^29.4.6",
     "typescript": "5.7.3"
   }
 }