@wazobiatech/auth-middleware 1.0.8 → 1.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -11
- package/dist/middlewares/express.helper.d.ts +1 -1
- package/dist/middlewares/express.helper.d.ts.map +1 -1
- package/dist/middlewares/express.helper.js +2 -2
- package/dist/middlewares/express.helper.js.map +1 -1
- package/dist/middlewares/gql.helper.d.ts +56 -7
- package/dist/middlewares/gql.helper.d.ts.map +1 -1
- package/dist/middlewares/gql.helper.js +177 -31
- package/dist/middlewares/gql.helper.js.map +1 -1
- package/dist/middlewares/jwt.guard.d.ts +1 -1
- package/dist/middlewares/jwt.guard.d.ts.map +1 -1
- package/dist/middlewares/jwt.guard.js +23 -22
- package/dist/middlewares/jwt.guard.js.map +1 -1
- package/dist/middlewares/project.guard.d.ts +38 -13
- package/dist/middlewares/project.guard.d.ts.map +1 -1
- package/dist/middlewares/project.guard.js +245 -95
- package/dist/middlewares/project.guard.js.map +1 -1
- package/dist/nestjs/decorators/auth.decorator.d.ts +42 -1
- package/dist/nestjs/decorators/auth.decorator.d.ts.map +1 -1
- package/dist/nestjs/decorators/auth.decorator.js +67 -2
- package/dist/nestjs/decorators/auth.decorator.js.map +1 -1
- package/dist/nestjs/guards/project.guard.d.ts +24 -22
- package/dist/nestjs/guards/project.guard.d.ts.map +1 -1
- package/dist/nestjs/guards/project.guard.js +258 -114
- package/dist/nestjs/guards/project.guard.js.map +1 -1
- package/dist/nestjs/index.d.ts +1 -1
- package/dist/nestjs/index.d.ts.map +1 -1
- package/dist/nestjs/index.js +16 -3
- package/dist/nestjs/index.js.map +1 -1
- package/dist/nestjs/jwt-auth.module.d.ts +6 -0
- package/dist/nestjs/jwt-auth.module.d.ts.map +1 -1
- package/dist/nestjs/jwt-auth.module.js +34 -7
- package/dist/nestjs/jwt-auth.module.js.map +1 -1
- package/dist/nestjs/strategies/jwt-strategy.d.ts +1 -1
- package/dist/nestjs/strategies/jwt-strategy.d.ts.map +1 -1
- package/dist/nestjs/strategies/jwt-strategy.js +31 -59
- package/dist/nestjs/strategies/jwt-strategy.js.map +1 -1
- package/dist/types/jwt-payload.d.ts +93 -20
- package/dist/types/jwt-payload.d.ts.map +1 -1
- package/dist/utils/redis.connection.d.ts.map +1 -1
- package/dist/utils/redis.connection.js +3 -9
- package/dist/utils/redis.connection.js.map +1 -1
- package/package.json +1 -1
|
@@ -1,19 +1,44 @@
|
|
|
1
1
|
import { Response, NextFunction } from 'express';
|
|
2
2
|
import { AuthenticatedRequest } from '../types/jwt-payload';
|
|
3
3
|
export declare class ProjectAuthMiddleware {
|
|
4
|
-
private
|
|
4
|
+
private serviceJwksCacheKey;
|
|
5
5
|
private jwksCacheTTL;
|
|
6
|
-
|
|
6
|
+
private serviceName;
|
|
7
|
+
constructor(serviceName: string);
|
|
7
8
|
/**
|
|
8
|
-
* Main authentication middleware for project tokens
|
|
9
|
+
* Main authentication middleware for platform, project and service tokens
|
|
9
10
|
*/
|
|
10
11
|
authenticate(req: AuthenticatedRequest): Promise<void>;
|
|
11
12
|
/**
|
|
12
|
-
*
|
|
13
|
+
* Inject platform token context
|
|
14
|
+
*/
|
|
15
|
+
private injectPlatformContext;
|
|
16
|
+
/**
|
|
17
|
+
* Inject project token context
|
|
18
|
+
*/
|
|
19
|
+
private injectProjectContext;
|
|
20
|
+
/**
|
|
21
|
+
* Inject service token context
|
|
22
|
+
*/
|
|
23
|
+
private injectServiceContext;
|
|
24
|
+
/**
|
|
25
|
+
* Validate token using cached JWKS + RSA verification
|
|
26
|
+
*/
|
|
27
|
+
private validateToken;
|
|
28
|
+
/**
|
|
29
|
+
* Validate platform token structure and revocation
|
|
30
|
+
*/
|
|
31
|
+
private validatePlatformToken;
|
|
32
|
+
/**
|
|
33
|
+
* Validate project token structure, secret version, and revocation
|
|
13
34
|
*/
|
|
14
35
|
private validateProjectToken;
|
|
15
36
|
/**
|
|
16
|
-
*
|
|
37
|
+
* Validate service token structure (stateless - no revocation check)
|
|
38
|
+
*/
|
|
39
|
+
private validateServiceToken;
|
|
40
|
+
/**
|
|
41
|
+
* Get RSA public key from cached JWKS with auto-refresh on key miss
|
|
17
42
|
*/
|
|
18
43
|
private getPublicKeyFromCache;
|
|
19
44
|
/**
|
|
@@ -25,21 +50,21 @@ export declare class ProjectAuthMiddleware {
|
|
|
25
50
|
*/
|
|
26
51
|
private decodeJwtHeader;
|
|
27
52
|
/**
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
private
|
|
53
|
+
* Decode JWT payload to extract tenant_id and type (without verification)
|
|
54
|
+
*/
|
|
55
|
+
private decodeJwtPayload;
|
|
56
|
+
/**
|
|
57
|
+
* Get current secret version from Redis (cached by Mercury)
|
|
58
|
+
*/
|
|
59
|
+
private getCurrentSecretVersion;
|
|
31
60
|
/**
|
|
32
61
|
* Express middleware factory
|
|
33
62
|
*/
|
|
34
|
-
static middleware(): (req: AuthenticatedRequest, res: Response, next: NextFunction) => Promise<void>;
|
|
63
|
+
static middleware(serviceName: string): (req: AuthenticatedRequest, res: Response, next: NextFunction) => Promise<void>;
|
|
35
64
|
/**
|
|
36
65
|
* Update JWKS cache TTL (can be increased beyond 5 hours)
|
|
37
66
|
*/
|
|
38
67
|
setCacheTTL(seconds: number): void;
|
|
39
|
-
/**
|
|
40
|
-
* Manually refresh JWKS cache
|
|
41
|
-
*/
|
|
42
|
-
refreshJWKSCache(): Promise<void>;
|
|
43
68
|
/**
|
|
44
69
|
* Cleanup Redis connection
|
|
45
70
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"project.guard.d.ts","sourceRoot":"","sources":["../../src/middlewares/project.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAKjD,OAAO,
|
|
1
|
+
{"version":3,"file":"project.guard.d.ts","sourceRoot":"","sources":["../../src/middlewares/project.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAKjD,OAAO,EACL,oBAAoB,EAIrB,MAAM,sBAAsB,CAAC;AAI9B,qBAAa,qBAAqB;IAChC,OAAO,CAAC,mBAAmB,CAAwB;IACnD,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,WAAW,CAAS;gBAEhB,WAAW,EAAE,MAAM;IAI/B;;OAEG;IACG,YAAY,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;IA+C5D;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAa7B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA4B5B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAmB5B;;OAEG;YACW,aAAa;IA8C3B;;OAEG;YACW,qBAAqB;IAkCnC;;OAEG;YACW,oBAAoB;IA2ClC;;OAEG;YACW,oBAAoB;IAsBlC;;OAEG;YACW,qBAAqB;IA0EnC;;OAEG;YACW,iBAAiB;IA0D/B;;OAEG;IACH,OAAO,CAAC,eAAe;IAUvB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAUxB;;OAEG;YACW,uBAAuB;IAoBrC;;OAEG;IACH,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,CACtC,GAAG,EAAE,oBAAoB,EACzB,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,KACf,OAAO,CAAC,IAAI,CAAC;IAelB;;OAEG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAIlC;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAI/B;AAED,eAAe,qBAAqB,CAAC"}
|
|
@@ -42,66 +42,109 @@ const axios_1 = __importDefault(require("axios"));
|
|
|
42
42
|
const jose = __importStar(require("node-jose"));
|
|
43
43
|
const crypto = __importStar(require("crypto"));
|
|
44
44
|
const redis_connection_1 = __importDefault(require("../utils/redis.connection"));
|
|
45
|
-
// Redis-cached JWKS Project
|
|
45
|
+
// Redis-cached JWKS Authentication Middleware for Platform, Project & Service Tokens
|
|
46
46
|
class ProjectAuthMiddleware {
|
|
47
|
-
constructor() {
|
|
48
|
-
this.
|
|
47
|
+
constructor(serviceName) {
|
|
48
|
+
this.serviceJwksCacheKey = 'service_jwks_cache';
|
|
49
49
|
this.jwksCacheTTL = 18000; // 5 hours in seconds
|
|
50
|
+
this.serviceName = serviceName.toLowerCase();
|
|
50
51
|
}
|
|
51
52
|
/**
|
|
52
|
-
* Main authentication middleware for project tokens
|
|
53
|
+
* Main authentication middleware for platform, project and service tokens
|
|
53
54
|
*/
|
|
54
55
|
async authenticate(req) {
|
|
55
56
|
try {
|
|
56
57
|
// Extract token from x-project-token header
|
|
57
58
|
const authHeader = req.headers['x-project-token'];
|
|
58
59
|
if (!authHeader) {
|
|
59
|
-
throw new Error(`No
|
|
60
|
+
throw new Error(`No token provided, required_header: 'x-project-token'`);
|
|
60
61
|
}
|
|
61
|
-
// Handle Bearer prefix
|
|
62
|
+
// Handle Bearer prefix
|
|
62
63
|
const token = authHeader.startsWith('Bearer ')
|
|
63
64
|
? authHeader.slice(7)
|
|
64
65
|
: authHeader;
|
|
65
66
|
if (!token) {
|
|
66
|
-
throw new Error('Empty
|
|
67
|
+
throw new Error('Empty token');
|
|
67
68
|
}
|
|
68
|
-
// Validate
|
|
69
|
-
const validation = await this.
|
|
69
|
+
// Validate token using cached JWKS
|
|
70
|
+
const validation = await this.validateToken(token);
|
|
70
71
|
if (!validation.isValid) {
|
|
71
|
-
throw new Error(`Invalid
|
|
72
|
-
return;
|
|
72
|
+
throw new Error(`Invalid token: ${validation.error}`);
|
|
73
73
|
}
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
74
|
+
const payload = validation.payload;
|
|
75
|
+
// Route based on token type
|
|
76
|
+
switch (payload.type) {
|
|
77
|
+
case 'platform':
|
|
78
|
+
this.injectPlatformContext(req, payload);
|
|
79
|
+
break;
|
|
80
|
+
case 'project':
|
|
81
|
+
this.injectProjectContext(req, payload);
|
|
82
|
+
break;
|
|
83
|
+
case 'service':
|
|
84
|
+
this.injectServiceContext(req, payload);
|
|
85
|
+
break;
|
|
86
|
+
default:
|
|
87
|
+
throw new Error(`Invalid token type: ${JSON.stringify(payload)}`);
|
|
78
88
|
}
|
|
79
|
-
const hasAccess = validation.payload.enabled_services.includes(serviceId);
|
|
80
|
-
if (!hasAccess) {
|
|
81
|
-
throw new Error(`
|
|
82
|
-
error: Service access denied,
|
|
83
|
-
service_id: ${serviceId},
|
|
84
|
-
project: ${validation.payload.project_uuid},
|
|
85
|
-
enabled_services: ${validation.payload.enabled_services}
|
|
86
|
-
`);
|
|
87
|
-
}
|
|
88
|
-
// Inject project context into request (NO user context)
|
|
89
|
-
req.project = {
|
|
90
|
-
project_uuid: validation.payload.project_uuid,
|
|
91
|
-
enabled_services: validation.payload.enabled_services,
|
|
92
|
-
secret_version: validation.payload.secret_version,
|
|
93
|
-
token_id: validation.payload.token_id,
|
|
94
|
-
expires_at: validation.payload.exp
|
|
95
|
-
};
|
|
96
89
|
}
|
|
97
90
|
catch (error) {
|
|
98
|
-
throw new Error(`Authentication service error ${error}`);
|
|
91
|
+
throw new Error(`Authentication service error: ${error.message}`);
|
|
99
92
|
}
|
|
100
93
|
}
|
|
101
94
|
/**
|
|
102
|
-
*
|
|
95
|
+
* Inject platform token context
|
|
96
|
+
*/
|
|
97
|
+
injectPlatformContext(req, payload) {
|
|
98
|
+
req.platform = {
|
|
99
|
+
tenant_id: payload.tenant_id,
|
|
100
|
+
project_uuid: payload.tenant_id,
|
|
101
|
+
scopes: payload.scopes || [],
|
|
102
|
+
token_id: payload.token_id,
|
|
103
|
+
expires_at: payload.exp
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
/**
|
|
107
|
+
* Inject project token context
|
|
108
|
+
*/
|
|
109
|
+
injectProjectContext(req, payload) {
|
|
110
|
+
// Check if current service is enabled for this project
|
|
111
|
+
const enabledServices = payload.enabled_services || [];
|
|
112
|
+
const serviceId = process.env.SERVICE_ID || this.serviceName;
|
|
113
|
+
if (!enabledServices.includes(serviceId)) {
|
|
114
|
+
throw new Error(`Service access denied. Service '${serviceId}' is not enabled for this project. ` +
|
|
115
|
+
`Enabled services: ${enabledServices.join(', ')}`);
|
|
116
|
+
}
|
|
117
|
+
// Inject project context into request
|
|
118
|
+
req.project = {
|
|
119
|
+
tenant_id: payload.tenant_id,
|
|
120
|
+
project_uuid: payload.tenant_id,
|
|
121
|
+
enabled_services: enabledServices,
|
|
122
|
+
scopes: payload.scopes || [],
|
|
123
|
+
secret_version: payload.secret_version,
|
|
124
|
+
token_id: payload.token_id,
|
|
125
|
+
expires_at: payload.exp
|
|
126
|
+
};
|
|
127
|
+
}
|
|
128
|
+
/**
|
|
129
|
+
* Inject service token context
|
|
103
130
|
*/
|
|
104
|
-
|
|
131
|
+
injectServiceContext(req, payload) {
|
|
132
|
+
// Parse scopes from space-separated string
|
|
133
|
+
const scopes = payload.scope ? payload.scope.split(' ') : [];
|
|
134
|
+
req.service = {
|
|
135
|
+
client_id: payload.client_id,
|
|
136
|
+
service_name: payload.service_name,
|
|
137
|
+
scopes: scopes,
|
|
138
|
+
token_id: payload.jti,
|
|
139
|
+
issued_at: payload.iat,
|
|
140
|
+
expires_at: payload.exp
|
|
141
|
+
};
|
|
142
|
+
console.log(`Service authenticated: ${payload.service_name}, scopes: ${scopes.join(', ')}`);
|
|
143
|
+
}
|
|
144
|
+
/**
|
|
145
|
+
* Validate token using cached JWKS + RSA verification
|
|
146
|
+
*/
|
|
147
|
+
async validateToken(token) {
|
|
105
148
|
try {
|
|
106
149
|
// Get public key from cached JWKS
|
|
107
150
|
const publicKey = await this.getPublicKeyFromCache(token);
|
|
@@ -117,36 +160,22 @@ class ProjectAuthMiddleware {
|
|
|
117
160
|
};
|
|
118
161
|
}
|
|
119
162
|
const payload = verified;
|
|
120
|
-
// Validate
|
|
121
|
-
if (
|
|
122
|
-
return
|
|
123
|
-
isValid: false,
|
|
124
|
-
error: 'Invalid project token structure'
|
|
125
|
-
};
|
|
163
|
+
// Validate based on token type
|
|
164
|
+
if (payload.type === 'platform') {
|
|
165
|
+
return await this.validatePlatformToken(payload);
|
|
126
166
|
}
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
return {
|
|
130
|
-
isValid: false,
|
|
131
|
-
error: `Token secret version outdated (token: ${payload.secret_version}, current: ${currentSecretVersion}) - re-authentication required`
|
|
132
|
-
};
|
|
167
|
+
else if (payload.type === 'project') {
|
|
168
|
+
return await this.validateProjectToken(payload);
|
|
133
169
|
}
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
`project_token:${payload.token_id}`
|
|
139
|
-
]);
|
|
140
|
-
if (tokenExists === 0) {
|
|
170
|
+
else if (payload.type === 'service') {
|
|
171
|
+
return await this.validateServiceToken(payload);
|
|
172
|
+
}
|
|
173
|
+
else {
|
|
141
174
|
return {
|
|
142
175
|
isValid: false,
|
|
143
|
-
error:
|
|
176
|
+
error: `Unsupported token type: ${payload.type}.`
|
|
144
177
|
};
|
|
145
178
|
}
|
|
146
|
-
return {
|
|
147
|
-
isValid: true,
|
|
148
|
-
payload
|
|
149
|
-
};
|
|
150
179
|
}
|
|
151
180
|
catch (error) {
|
|
152
181
|
return {
|
|
@@ -156,7 +185,89 @@ class ProjectAuthMiddleware {
|
|
|
156
185
|
}
|
|
157
186
|
}
|
|
158
187
|
/**
|
|
159
|
-
*
|
|
188
|
+
* Validate platform token structure and revocation
|
|
189
|
+
*/
|
|
190
|
+
async validatePlatformToken(payload) {
|
|
191
|
+
// Validate structure
|
|
192
|
+
if (!payload.tenant_id || !payload.token_id) {
|
|
193
|
+
return {
|
|
194
|
+
isValid: false,
|
|
195
|
+
error: 'Invalid platform token structure'
|
|
196
|
+
};
|
|
197
|
+
}
|
|
198
|
+
const redis = await redis_connection_1.default.getInstance();
|
|
199
|
+
// Check if token is revoked
|
|
200
|
+
const tokenExists = await redis.sendCommand([
|
|
201
|
+
'EXISTS',
|
|
202
|
+
`platform_token:${payload.token_id}`
|
|
203
|
+
]);
|
|
204
|
+
if (tokenExists === 0) {
|
|
205
|
+
return {
|
|
206
|
+
isValid: false,
|
|
207
|
+
error: 'Token has been revoked'
|
|
208
|
+
};
|
|
209
|
+
}
|
|
210
|
+
return {
|
|
211
|
+
isValid: true,
|
|
212
|
+
payload
|
|
213
|
+
};
|
|
214
|
+
}
|
|
215
|
+
/**
|
|
216
|
+
* Validate project token structure, secret version, and revocation
|
|
217
|
+
*/
|
|
218
|
+
async validateProjectToken(payload) {
|
|
219
|
+
// Validate structure
|
|
220
|
+
if (!payload.tenant_id || !payload.token_id || !Array.isArray(payload.enabled_services)) {
|
|
221
|
+
return {
|
|
222
|
+
isValid: false,
|
|
223
|
+
error: 'Invalid project token structure'
|
|
224
|
+
};
|
|
225
|
+
}
|
|
226
|
+
const redis = await redis_connection_1.default.getInstance();
|
|
227
|
+
// Check secret version
|
|
228
|
+
const currentSecretVersion = await this.getCurrentSecretVersion(payload.tenant_id);
|
|
229
|
+
if (currentSecretVersion > 0 && payload.secret_version < currentSecretVersion) {
|
|
230
|
+
return {
|
|
231
|
+
isValid: false,
|
|
232
|
+
error: `Token secret version outdated (token: ${payload.secret_version}, current: ${currentSecretVersion}) - re-authentication required`
|
|
233
|
+
};
|
|
234
|
+
}
|
|
235
|
+
// Check if token is revoked
|
|
236
|
+
const tokenExists = await redis.sendCommand([
|
|
237
|
+
'EXISTS',
|
|
238
|
+
`project_token:${payload.token_id}`
|
|
239
|
+
]);
|
|
240
|
+
if (tokenExists === 0) {
|
|
241
|
+
return {
|
|
242
|
+
isValid: false,
|
|
243
|
+
error: 'Token has been revoked'
|
|
244
|
+
};
|
|
245
|
+
}
|
|
246
|
+
return {
|
|
247
|
+
isValid: true,
|
|
248
|
+
payload
|
|
249
|
+
};
|
|
250
|
+
}
|
|
251
|
+
/**
|
|
252
|
+
* Validate service token structure (stateless - no revocation check)
|
|
253
|
+
*/
|
|
254
|
+
async validateServiceToken(payload) {
|
|
255
|
+
// Validate structure
|
|
256
|
+
if (!payload.client_id || !payload.service_name || !payload.jti) {
|
|
257
|
+
return {
|
|
258
|
+
isValid: false,
|
|
259
|
+
error: 'Invalid service token structure'
|
|
260
|
+
};
|
|
261
|
+
}
|
|
262
|
+
// Service tokens are stateless - no Redis revocation check
|
|
263
|
+
// Only signature + expiration validation (done by jwt.verify)
|
|
264
|
+
return {
|
|
265
|
+
isValid: true,
|
|
266
|
+
payload
|
|
267
|
+
};
|
|
268
|
+
}
|
|
269
|
+
/**
|
|
270
|
+
* Get RSA public key from cached JWKS with auto-refresh on key miss
|
|
160
271
|
*/
|
|
161
272
|
async getPublicKeyFromCache(token) {
|
|
162
273
|
try {
|
|
@@ -165,30 +276,57 @@ class ProjectAuthMiddleware {
|
|
|
165
276
|
if (!header.kid) {
|
|
166
277
|
throw new Error('Missing key ID in token header');
|
|
167
278
|
}
|
|
279
|
+
// Extract payload to determine token type
|
|
280
|
+
const payload = this.decodeJwtPayload(token);
|
|
281
|
+
// Determine JWKS endpoint and cache key based on token type
|
|
282
|
+
let cacheKey;
|
|
283
|
+
let jwksPath;
|
|
284
|
+
if (payload.type === 'service') {
|
|
285
|
+
cacheKey = this.serviceJwksCacheKey;
|
|
286
|
+
jwksPath = 'auth/service/.well-known/jwks.json';
|
|
287
|
+
console.log('Service token detected, using service JWKS endpoint');
|
|
288
|
+
}
|
|
289
|
+
else {
|
|
290
|
+
// ✅ CACHE PER TENANT - Each tenant gets its own cache
|
|
291
|
+
const tenantId = payload.tenant_id;
|
|
292
|
+
cacheKey = `jwks_cache:${tenantId}`; // ← Per-tenant cache key
|
|
293
|
+
jwksPath = `auth/projects/${tenantId}/.well-known/jwks.json`;
|
|
294
|
+
console.log(`${payload.type} token detected, tenant_id: ${tenantId}`);
|
|
295
|
+
}
|
|
168
296
|
// Check Redis for cached JWKS
|
|
169
297
|
const redis = await redis_connection_1.default.getInstance();
|
|
170
298
|
const cachedJwks = await redis.sendCommand([
|
|
171
299
|
'GET',
|
|
172
|
-
|
|
300
|
+
cacheKey
|
|
173
301
|
]);
|
|
174
302
|
let keyStore;
|
|
175
303
|
if (cachedJwks) {
|
|
176
|
-
|
|
304
|
+
console.log('Using cached JWKS from Redis');
|
|
177
305
|
const jwksData = JSON.parse(cachedJwks);
|
|
178
306
|
keyStore = await jose.JWK.asKeyStore(jwksData);
|
|
307
|
+
// ✅ AUTO-REFRESH: Try to get the key, if not found fetch fresh JWKS
|
|
308
|
+
const key = keyStore.get(header.kid);
|
|
309
|
+
if (!key) {
|
|
310
|
+
console.log(`Key ${header.kid} not found in cache, fetching fresh JWKS`);
|
|
311
|
+
keyStore = await this.fetchAndCacheJWKS(jwksPath, cacheKey);
|
|
312
|
+
// Try again with fresh JWKS
|
|
313
|
+
const freshKey = keyStore.get(header.kid);
|
|
314
|
+
if (!freshKey) {
|
|
315
|
+
throw new Error(`Key ${header.kid} not found even after JWKS refresh`);
|
|
316
|
+
}
|
|
317
|
+
return freshKey.toPEM(false);
|
|
318
|
+
}
|
|
319
|
+
return key.toPEM(false);
|
|
179
320
|
}
|
|
180
321
|
else {
|
|
181
|
-
|
|
182
|
-
keyStore = await this.fetchAndCacheJWKS();
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
322
|
+
console.log('No cached JWKS found, fetching from Mercury');
|
|
323
|
+
keyStore = await this.fetchAndCacheJWKS(jwksPath, cacheKey);
|
|
324
|
+
const key = keyStore.get(header.kid);
|
|
325
|
+
if (!key) {
|
|
326
|
+
throw new Error(`Key ${header.kid} not found in JWKS`);
|
|
327
|
+
}
|
|
328
|
+
return key.toPEM(false);
|
|
188
329
|
}
|
|
189
|
-
// Return PEM format public key
|
|
190
|
-
const publicKey = key.toPEM(false);
|
|
191
|
-
return publicKey;
|
|
192
330
|
}
|
|
193
331
|
catch (error) {
|
|
194
332
|
throw new Error(`Failed to get public key: ${error.message}`);
|
|
@@ -197,20 +335,20 @@ class ProjectAuthMiddleware {
|
|
|
197
335
|
/**
|
|
198
336
|
* Fetch JWKS from Mercury and cache in Redis
|
|
199
337
|
*/
|
|
200
|
-
async fetchAndCacheJWKS() {
|
|
338
|
+
async fetchAndCacheJWKS(path, cacheKey) {
|
|
201
339
|
try {
|
|
202
|
-
const path = 'auth/project/.well-known/jwks.json';
|
|
203
340
|
const jwksUri = `${process.env.MERCURY_BASE_URL}/${path}`;
|
|
204
341
|
const timestamp = Date.now().toString();
|
|
205
342
|
const signatureInput = 'GET' + `/${path}` + timestamp;
|
|
206
343
|
const sharedSecret = process.env.SIGNATURE_SHARED_SECRET || '';
|
|
344
|
+
console.log(`Fetching JWKS from ${jwksUri}`);
|
|
207
345
|
const signature = crypto
|
|
208
346
|
.createHmac('sha256', sharedSecret)
|
|
209
347
|
.update(signatureInput)
|
|
210
348
|
.digest('hex');
|
|
211
349
|
const headers = {
|
|
212
350
|
Accept: 'application/json',
|
|
213
|
-
'User-Agent': '
|
|
351
|
+
'User-Agent': 'Mercury-Auth-SDK/2.0',
|
|
214
352
|
'X-Timestamp': timestamp,
|
|
215
353
|
'X-Signature': signature,
|
|
216
354
|
};
|
|
@@ -221,14 +359,15 @@ class ProjectAuthMiddleware {
|
|
|
221
359
|
if (!response.data || !response.data.keys) {
|
|
222
360
|
throw new Error('Invalid JWKS response');
|
|
223
361
|
}
|
|
224
|
-
// Cache JWKS in Redis
|
|
362
|
+
// Cache JWKS in Redis
|
|
225
363
|
const redis = await redis_connection_1.default.getInstance();
|
|
226
364
|
await redis.sendCommand([
|
|
227
365
|
'SETEX',
|
|
228
|
-
|
|
366
|
+
cacheKey,
|
|
229
367
|
this.jwksCacheTTL.toString(),
|
|
230
368
|
JSON.stringify(response.data)
|
|
231
369
|
]);
|
|
370
|
+
console.log(`JWKS cached successfully with key: ${cacheKey}`);
|
|
232
371
|
// Create and return key store
|
|
233
372
|
return await jose.JWK.asKeyStore(response.data);
|
|
234
373
|
}
|
|
@@ -255,34 +394,51 @@ class ProjectAuthMiddleware {
|
|
|
255
394
|
return JSON.parse(headerJson);
|
|
256
395
|
}
|
|
257
396
|
/**
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
397
|
+
* Decode JWT payload to extract tenant_id and type (without verification)
|
|
398
|
+
*/
|
|
399
|
+
decodeJwtPayload(token) {
|
|
400
|
+
const parts = token.split('.');
|
|
401
|
+
if (parts.length !== 3) {
|
|
402
|
+
throw new Error('Invalid JWT format');
|
|
403
|
+
}
|
|
404
|
+
const payloadJson = Buffer.from(parts[1], 'base64').toString();
|
|
405
|
+
return JSON.parse(payloadJson);
|
|
406
|
+
}
|
|
407
|
+
/**
|
|
408
|
+
* Get current secret version from Redis (cached by Mercury)
|
|
409
|
+
*/
|
|
410
|
+
async getCurrentSecretVersion(tenantId) {
|
|
261
411
|
try {
|
|
262
412
|
const redis = await redis_connection_1.default.getInstance();
|
|
263
|
-
const cacheKey = `
|
|
413
|
+
const cacheKey = `tenant_secret_version:${tenantId}`;
|
|
264
414
|
const cachedVersion = await redis.sendCommand([
|
|
265
415
|
'GET', cacheKey
|
|
266
416
|
]);
|
|
267
417
|
if (cachedVersion) {
|
|
268
418
|
return parseInt(cachedVersion, 10);
|
|
269
419
|
}
|
|
270
|
-
// If not in Redis, this means Mercury hasn't cached it yet
|
|
271
|
-
// This shouldn't happen in normal flow, but fallback to allowing the token
|
|
272
|
-
// Mercury's Kafka handler will eventually populate this
|
|
273
420
|
return 0; // Default to allow if version not found
|
|
274
421
|
}
|
|
275
422
|
catch (error) {
|
|
276
|
-
throw new Error(`Failed to get
|
|
423
|
+
throw new Error(`Failed to get secret version: ${error.message}`);
|
|
277
424
|
}
|
|
278
425
|
}
|
|
279
426
|
/**
|
|
280
427
|
* Express middleware factory
|
|
281
428
|
*/
|
|
282
|
-
static middleware() {
|
|
283
|
-
const authMiddleware = new ProjectAuthMiddleware();
|
|
284
|
-
return (req) => {
|
|
285
|
-
|
|
429
|
+
static middleware(serviceName) {
|
|
430
|
+
const authMiddleware = new ProjectAuthMiddleware(serviceName);
|
|
431
|
+
return async (req, res, next) => {
|
|
432
|
+
try {
|
|
433
|
+
await authMiddleware.authenticate(req);
|
|
434
|
+
next();
|
|
435
|
+
}
|
|
436
|
+
catch (error) {
|
|
437
|
+
res.status(401).json({
|
|
438
|
+
error: 'Unauthorized',
|
|
439
|
+
message: error.message
|
|
440
|
+
});
|
|
441
|
+
}
|
|
286
442
|
};
|
|
287
443
|
}
|
|
288
444
|
/**
|
|
@@ -291,12 +447,6 @@ class ProjectAuthMiddleware {
|
|
|
291
447
|
setCacheTTL(seconds) {
|
|
292
448
|
this.jwksCacheTTL = seconds;
|
|
293
449
|
}
|
|
294
|
-
/**
|
|
295
|
-
* Manually refresh JWKS cache
|
|
296
|
-
*/
|
|
297
|
-
async refreshJWKSCache() {
|
|
298
|
-
await this.fetchAndCacheJWKS();
|
|
299
|
-
}
|
|
300
450
|
/**
|
|
301
451
|
* Cleanup Redis connection
|
|
302
452
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"project.guard.js","sourceRoot":"","sources":["../../src/middlewares/project.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,kDAAoC;AACpC,kDAA0B;AAC1B,gDAAkC;AAClC,+CAAiC;AAEjC,iFAA+D;AAE/D,sDAAsD;AACtD,MAAa,qBAAqB;IAIhC;QAHQ,iBAAY,GAAG,oBAAoB,CAAC;QACpC,iBAAY,GAAG,KAAK,CAAC,CAAC,qBAAqB;IAEnC,CAAC;IAEjB;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,GAAyB;QAC1C,IAAI,CAAC;YACH,4CAA4C;YAC5C,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAW,CAAC;YAE5D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;YACnF,CAAC;YAED,wBAAwB;YACxB,MAAM,KAAK,GAAG,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC;gBAC5C,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;gBACrB,CAAC,CAAC,UAAU,CAAC;YAEf,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACzC,CAAC;YAED,2CAA2C;YAC3C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YAE1D,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,mCAAmC,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;gBAEvE,OAAO;YACT,CAAC;YAED,uDAAuD;YACvD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;YACzC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC/C,CAAC;YAED,MAAM,SAAS,GAAG,UAAU,CAAC,OAAQ,CAAC,gBAAgB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YAC3E,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC;;wBAEA,SAAS;qBACZ,UAAU,CAAC,OAAQ,CAAC,YAAY;8BACvB,UAAU,CAAC,OAAQ,CAAC,gBAAgB;SACzD,CAAC,CAAC;YACL,CAAC;YAED,wDAAwD;YACxD,GAAG,CAAC,OAAO,GAAG;gBACZ,YAAY,EAAE,UAAU,CAAC,OAAQ,CAAC,YAAY;gBAC9C,gBAAgB,EAAE,UAAU,CAAC,OAAQ,CAAC,gBAAgB;gBACtD,cAAc,EAAE,UAAU,CAAC,OAAQ,CAAC,cAAc;gBAClD,QAAQ,EAAE,UAAU,CAAC,OAAQ,CAAC,QAAQ;gBACtC,UAAU,EAAE,UAAU,CAAC,OAAQ,CAAC,GAAG;aACpC,CAAC;QAGJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,gCAAgC,KAAK,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,oBAAoB,CAAC,KAAa;QAK9C,IAAI,CAAC;YACH,kCAAkC;YAClC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YAE1D,iCAAiC;YACjC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE;gBAC5C,UAAU,EAAE,CAAC,OAAO,CAAC;gBACrB,gBAAgB,EAAE,KAAK;aACxB,CAAC,CAAC;YAEH,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACtD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,uBAAuB;iBAC/B,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,QAA+B,CAAC;YAEhD,mCAAmC;YACnC,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC3F,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,iCAAiC;iBACzC,CAAC;YACJ,CAAC;YAED,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,8BAA8B,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC7F,IAAI,oBAAoB,GAAG,CAAC,IAAI,OAAO,CAAC,cAAc,GAAG,oBAAoB,EAAE,CAAC;gBAC9E,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,yCAAyC,OAAO,CAAC,cAAc,cAAc,oBAAoB,gCAAgC;iBACzI,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;YACzD,oDAAoD;YACpD,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC;gBAC1C,QAAQ;gBACR,iBAAiB,OAAO,CAAC,QAAQ,EAAE;aACpC,CAAW,CAAC;YAEb,IAAI,WAAW,KAAK,CAAC,EAAE,CAAC;gBACtB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,wBAAwB;iBAChC,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO;aACR,CAAC;QAEJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,yBAAyB;aAC1E,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,qBAAqB,CAAC,KAAa;QAC/C,IAAI,CAAC;YACH,8BAA8B;YAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;YACpD,CAAC;YAED,8BAA8B;YAC9B,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;YACzD,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC;gBACzC,KAAK;gBACL,IAAI,CAAC,YAAY;aAClB,CAAkB,CAAC;YAEpB,IAAI,QAA2B,CAAC;YAEhC,IAAI,UAAU,EAAE,CAAC;gBACf,kBAAkB;gBAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;gBACxC,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,6CAA6C;gBAC7C,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5C,CAAC;YAED,uBAAuB;YACvB,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAA6B,CAAC;YACjE,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,MAAM,IAAI,KAAK,CAAC,OAAO,MAAM,CAAC,GAAG,oBAAoB,CAAC,CAAC;YACzD,CAAC;YAED,+BAA+B;YAC/B,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnC,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,6BAA6B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB;QAC7B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,oCAAoC,CAAA;YACjD,MAAM,OAAO,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,EAAE,CAAC;YAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;YACxC,MAAM,cAAc,GAAG,KAAK,GAAG,IAAI,IAAI,EAAE,GAAG,SAAS,CAAC;YACtD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,EAAE,CAAC;YAE/D,MAAM,SAAS,GAAG,MAAM;iBACrB,UAAU,CAAC,QAAQ,EAAE,YAAY,CAAC;iBAClC,MAAM,CAAC,cAAc,CAAC;iBACtB,MAAM,CAAC,KAAK,CAAC,CAAC;YAEjB,MAAM,OAAO,GAAG;gBACd,MAAM,EAAE,kBAAkB;gBAC1B,YAAY,EAAE,uBAAuB;gBACrC,aAAa,EAAE,SAAS;gBACxB,aAAa,EAAE,SAAS;aACzB,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,eAAK,CAAC,GAAG,CAA0C,OAAO,EAAE;gBACjF,OAAO,EAAE,KAAK;gBACd,OAAO;aACR,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1C,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,CAAC;YAED,mCAAmC;YACnC,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;YACzD,MAAM,KAAK,CAAC,WAAW,CAAC;gBACtB,OAAO;gBACP,IAAI,CAAC,YAAY;gBACjB,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE;gBAC5B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC;aAC9B,CAAC,CAAC;YAEH,8BAA8B;YAC9B,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAElD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,eAAK,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9B,MAAM,UAAU,GAAG,KAAK,CAAC;gBACzB,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;oBACvC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBACjD,CAAC;gBAED,MAAM,IAAI,KAAK,CAAC,QAAQ,UAAU,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,KAAK,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7F,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,KAAa;QACnC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC9D,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAChC,CAAC;IAED;;KAEC;IACO,KAAK,CAAC,8BAA8B,CAAC,WAAmB;QAC9D,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;YACzD,MAAM,QAAQ,GAAG,0BAA0B,WAAW,EAAE,CAAC;YAEzD,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC;gBAC5C,KAAK,EAAE,QAAQ;aAChB,CAAkB,CAAC;YAEpB,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,2DAA2D;YAC3D,2EAA2E;YAC3E,wDAAwD;YACxD,OAAO,CAAC,CAAC,CAAC,wCAAwC;QAEpD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,yCAAyC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,UAAU;QACf,MAAM,cAAc,GAAG,IAAI,qBAAqB,EAAE,CAAC;QACnD,OAAO,CAAC,GAAyB,EAAE,EAAE;YACnC,OAAO,cAAc,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAC1C,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,OAAe;QACzB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB;QACpB,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;QACzD,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;IACrB,CAAC;CACF;AApTD,sDAoTC;AAED,kBAAe,qBAAqB,CAAC"}
|
|
1
|
+
{"version":3,"file":"project.guard.js","sourceRoot":"","sources":["../../src/middlewares/project.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,kDAAoC;AACpC,kDAA0B;AAC1B,gDAAkC;AAClC,+CAAiC;AAOjC,iFAA+D;AAE/D,qFAAqF;AACrF,MAAa,qBAAqB;IAKhC,YAAY,WAAmB;QAJvB,wBAAmB,GAAG,oBAAoB,CAAC;QAC3C,iBAAY,GAAG,KAAK,CAAC,CAAC,qBAAqB;QAIjD,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,GAAyB;QAC1C,IAAI,CAAC;YACH,4CAA4C;YAC5C,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAW,CAAC;YAE5D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC3E,CAAC;YAED,uBAAuB;YACvB,MAAM,KAAK,GAAG,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC;gBAC5C,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;gBACrB,CAAC,CAAC,UAAU,CAAC;YAEf,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC;YACjC,CAAC;YAED,mCAAmC;YACnC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAEnD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,kBAAkB,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;YACxD,CAAC;YAED,MAAM,OAAO,GAAG,UAAU,CAAC,OAAQ,CAAC;YAEpC,4BAA4B;YAC5B,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;gBACrB,KAAK,UAAU;oBACb,IAAI,CAAC,qBAAqB,CAAC,GAAG,EAAE,OAA+B,CAAC,CAAC;oBACjE,MAAM;gBACR,KAAK,SAAS;oBACZ,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,OAA8B,CAAC,CAAC;oBAC/D,MAAM;gBACR,KAAK,SAAS;oBACZ,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,OAA8B,CAAC,CAAC;oBAC/D,MAAM;gBACR;oBACE,MAAM,IAAI,KAAK,CAAC,uBAAuB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YACtE,CAAC;QAEH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,iCAAiC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED;;OAEG;IACK,qBAAqB,CAC3B,GAAyB,EACzB,OAA6B;QAE7B,GAAG,CAAC,QAAQ,GAAG;YACb,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,YAAY,EAAE,OAAO,CAAC,SAAS;YAC/B,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;YAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,GAAG;SACxB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,oBAAoB,CAC1B,GAAyB,EACzB,OAA4B;QAE5B,uDAAuD;QACvD,MAAM,eAAe,GAAG,OAAO,CAAC,gBAAgB,IAAI,EAAE,CAAC;QAEvD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,WAAW,CAAC;QAE7D,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACb,mCAAmC,SAAS,qCAAqC;gBACjF,qBAAqB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAClD,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,GAAG,CAAC,OAAO,GAAG;YACZ,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,YAAY,EAAE,OAAO,CAAC,SAAS;YAC/B,gBAAgB,EAAE,eAAe;YACjC,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;YAC5B,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,GAAG;SACxB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,oBAAoB,CAC1B,GAAyB,EACzB,OAA4B;QAE5B,2CAA2C;QAC3C,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAE7D,GAAG,CAAC,OAAO,GAAG;YACZ,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,OAAO,CAAC,GAAG;YACrB,SAAS,EAAE,OAAO,CAAC,GAAG;YACtB,UAAU,EAAE,OAAO,CAAC,GAAG;SACxB,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,0BAA0B,OAAO,CAAC,YAAY,aAAa,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC9F,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CAAC,KAAa;QAKvC,IAAI,CAAC;YACH,kCAAkC;YAClC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YAE1D,iCAAiC;YACjC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE;gBAC5C,UAAU,EAAE,CAAC,OAAO,CAAC;gBACrB,gBAAgB,EAAE,KAAK;aACxB,CAAC,CAAC;YAEH,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACtD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,uBAAuB;iBAC/B,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,QAAe,CAAC;YAEhC,+BAA+B;YAC/B,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBAChC,OAAO,MAAM,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;YACnD,CAAC;iBAAM,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACtC,OAAO,MAAM,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;YAClD,CAAC;iBAAM,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACtC,OAAO,MAAM,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;YAClD,CAAC;iBAAM,CAAC;gBACN,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,2BAA2B,OAAO,CAAC,IAAI,GAAG;iBAClD,CAAC;YACJ,CAAC;QAEH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,yBAAyB;aAC1E,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,qBAAqB,CAAC,OAAY;QAK9C,qBAAqB;QACrB,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC5C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,kCAAkC;aAC1C,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;QAEzD,4BAA4B;QAC5B,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC;YAC1C,QAAQ;YACR,kBAAkB,OAAO,CAAC,QAAQ,EAAE;SACrC,CAAW,CAAC;QAEb,IAAI,WAAW,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,wBAAwB;aAChC,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO;SACR,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,oBAAoB,CAAC,OAAY;QAK7C,qBAAqB;QACrB,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACxF,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,iCAAiC;aACzC,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;QAEzD,uBAAuB;QACvB,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACnF,IAAI,oBAAoB,GAAG,CAAC,IAAI,OAAO,CAAC,cAAc,GAAG,oBAAoB,EAAE,CAAC;YAC9E,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,yCAAyC,OAAO,CAAC,cAAc,cAAc,oBAAoB,gCAAgC;aACzI,CAAC;QACJ,CAAC;QAED,4BAA4B;QAC5B,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC;YAC1C,QAAQ;YACR,iBAAiB,OAAO,CAAC,QAAQ,EAAE;SACpC,CAAW,CAAC;QAEb,IAAI,WAAW,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,wBAAwB;aAChC,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO;SACR,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,oBAAoB,CAAC,OAAY;QAK7C,qBAAqB;QACrB,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAChE,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,iCAAiC;aACzC,CAAC;QACJ,CAAC;QAED,2DAA2D;QAC3D,8DAA8D;QAE9D,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO;SACR,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,qBAAqB,CAAC,KAAa;QAC/C,IAAI,CAAC;YACH,8BAA8B;YAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;YACpD,CAAC;YAED,0CAA0C;YAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;YAE7C,4DAA4D;YAC5D,IAAI,QAAgB,CAAC;YACrB,IAAI,QAAgB,CAAC;YAErB,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC/B,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC;gBACpC,QAAQ,GAAG,oCAAoC,CAAC;gBAChD,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;YACrE,CAAC;iBAAM,CAAC;gBACN,sDAAsD;gBACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC;gBACnC,QAAQ,GAAG,cAAc,QAAQ,EAAE,CAAC,CAAC,yBAAyB;gBAC9D,QAAQ,GAAG,iBAAiB,QAAQ,wBAAwB,CAAC;gBAC7D,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,+BAA+B,QAAQ,EAAE,CAAC,CAAC;YACxE,CAAC;YAED,8BAA8B;YAC9B,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;YACzD,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC;gBACzC,KAAK;gBACL,QAAQ;aACT,CAAkB,CAAC;YAEpB,IAAI,QAA2B,CAAC;YAEhC,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;gBAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;gBACxC,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;gBAE/C,oEAAoE;gBACpE,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAA6B,CAAC;gBAEjE,IAAI,CAAC,GAAG,EAAE,CAAC;oBACT,OAAO,CAAC,GAAG,CAAC,OAAO,MAAM,CAAC,GAAG,0CAA0C,CAAC,CAAC;oBACzE,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;oBAE5D,4BAA4B;oBAC5B,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAA6B,CAAC;oBACtE,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACd,MAAM,IAAI,KAAK,CAAC,OAAO,MAAM,CAAC,GAAG,oCAAoC,CAAC,CAAC;oBACzE,CAAC;oBAED,OAAO,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC/B,CAAC;gBAED,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC1B,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBAE5D,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAA6B,CAAC;gBACjE,IAAI,CAAC,GAAG,EAAE,CAAC;oBACT,MAAM,IAAI,KAAK,CAAC,OAAO,MAAM,CAAC,GAAG,oBAAoB,CAAC,CAAC;gBACzD,CAAC;gBAED,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,6BAA6B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAAC,IAAY,EAAE,QAAgB;QAC5D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,EAAE,CAAC;YAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;YACxC,MAAM,cAAc,GAAG,KAAK,GAAG,IAAI,IAAI,EAAE,GAAG,SAAS,CAAC;YACtD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,EAAE,CAAC;YAE/D,OAAO,CAAC,GAAG,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAC;YAE7C,MAAM,SAAS,GAAG,MAAM;iBACrB,UAAU,CAAC,QAAQ,EAAE,YAAY,CAAC;iBAClC,MAAM,CAAC,cAAc,CAAC;iBACtB,MAAM,CAAC,KAAK,CAAC,CAAC;YAEjB,MAAM,OAAO,GAAG;gBACd,MAAM,EAAE,kBAAkB;gBAC1B,YAAY,EAAE,sBAAsB;gBACpC,aAAa,EAAE,SAAS;gBACxB,aAAa,EAAE,SAAS;aACzB,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,eAAK,CAAC,GAAG,CAA0C,OAAO,EAAE;gBACjF,OAAO,EAAE,KAAK;gBACd,OAAO;aACR,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1C,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,CAAC;YAED,sBAAsB;YACtB,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;YACzD,MAAM,KAAK,CAAC,WAAW,CAAC;gBACtB,OAAO;gBACP,QAAQ;gBACR,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE;gBAC5B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC;aAC9B,CAAC,CAAC;YAEH,OAAO,CAAC,GAAG,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;YAE9D,8BAA8B;YAC9B,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAElD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,eAAK,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9B,MAAM,UAAU,GAAG,KAAK,CAAC;gBACzB,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;oBACvC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBACjD,CAAC;gBAED,MAAM,IAAI,KAAK,CAAC,QAAQ,UAAU,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,KAAK,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7F,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,KAAa;QACnC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC9D,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,KAAa;QACpC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC/D,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,uBAAuB,CAAC,QAAgB;QACpD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;YACzD,MAAM,QAAQ,GAAG,yBAAyB,QAAQ,EAAE,CAAC;YAErD,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC;gBAC5C,KAAK,EAAE,QAAQ;aAChB,CAAkB,CAAC;YAEpB,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YACrC,CAAC;YAED,OAAO,CAAC,CAAC,CAAC,wCAAwC;QAEpD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,iCAAiC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,UAAU,CAAC,WAAmB;QAKnC,MAAM,cAAc,GAAG,IAAI,qBAAqB,CAAC,WAAW,CAAC,CAAC;QAC9D,OAAO,KAAK,EAAE,GAAyB,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAC5E,IAAI,CAAC;gBACH,MAAM,cAAc,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;gBACvC,IAAI,EAAE,CAAC;YACT,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,cAAc;oBACrB,OAAO,EAAE,KAAK,CAAC,OAAO;iBACvB,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,OAAe;QACzB,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,MAAM,KAAK,GAAG,MAAM,0BAAsB,CAAC,WAAW,EAAE,CAAC;QACzD,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;IACrB,CAAC;CACF;AA5fD,sDA4fC;AAED,kBAAe,qBAAqB,CAAC"}
|
|
@@ -1,2 +1,43 @@
|
|
|
1
|
-
export declare
|
|
1
|
+
export declare const PROJECT_SCOPES_KEY = "project_scopes";
|
|
2
|
+
export declare const USER_SCOPES_KEY = "user_scopes";
|
|
3
|
+
export declare const SERVICE_SCOPES_KEY = "service_scopes";
|
|
4
|
+
/**
|
|
5
|
+
* Requires both User token (Authorization header) AND Project/Platform token (x-project-token header)
|
|
6
|
+
* Use for: Operations needing both user and project context
|
|
7
|
+
*
|
|
8
|
+
* @param options - Optional scopes for project and user
|
|
9
|
+
* @example
|
|
10
|
+
* @ProjectAndUserAuth({ projectScopes: ['billing:read'], userScopes: ['invoices:create'] })
|
|
11
|
+
*/
|
|
12
|
+
export declare function ProjectAndUserAuth(options?: {
|
|
13
|
+
projectScopes?: string[];
|
|
14
|
+
userScopes?: string[];
|
|
15
|
+
}): <TFunction extends Function, Y>(target: TFunction | object, propertyKey?: string | symbol, descriptor?: TypedPropertyDescriptor<Y>) => void;
|
|
16
|
+
/**
|
|
17
|
+
* Requires only Project/Platform token (x-project-token header)
|
|
18
|
+
* Use for: Project management, admin operations
|
|
19
|
+
*
|
|
20
|
+
* @param scopes - Optional required scopes
|
|
21
|
+
* @example
|
|
22
|
+
* @ProjectAuth(['projects:write', 'users:manage'])
|
|
23
|
+
*/
|
|
24
|
+
export declare function ProjectAuth(scopes?: string[]): <TFunction extends Function, Y>(target: TFunction | object, propertyKey?: string | symbol, descriptor?: TypedPropertyDescriptor<Y>) => void;
|
|
25
|
+
/**
|
|
26
|
+
* Requires only User token (Authorization header)
|
|
27
|
+
* Use for: User profile operations (me, updateMe, deleteMe)
|
|
28
|
+
*
|
|
29
|
+
* @param scopes - Optional required permissions
|
|
30
|
+
* @example
|
|
31
|
+
* @UserAuth(['users:delete'])
|
|
32
|
+
*/
|
|
33
|
+
export declare function UserAuth(scopes?: string[]): <TFunction extends Function, Y>(target: TFunction | object, propertyKey?: string | symbol, descriptor?: TypedPropertyDescriptor<Y>) => void;
|
|
34
|
+
/**
|
|
35
|
+
* Requires service token (x-project-token header with type: 'service')
|
|
36
|
+
* Use for: Service-to-service operations
|
|
37
|
+
*
|
|
38
|
+
* @param scopes - Required service scopes
|
|
39
|
+
* @example
|
|
40
|
+
* @ServiceAuth(['tokens:create', 'users:read'])
|
|
41
|
+
*/
|
|
42
|
+
export declare function ServiceAuth(scopes: string[]): <TFunction extends Function, Y>(target: TFunction | object, propertyKey?: string | symbol, descriptor?: TypedPropertyDescriptor<Y>) => void;
|
|
2
43
|
//# sourceMappingURL=auth.decorator.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.decorator.d.ts","sourceRoot":"","sources":["../../../src/nestjs/decorators/auth.decorator.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"auth.decorator.d.ts","sourceRoot":"","sources":["../../../src/nestjs/decorators/auth.decorator.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,kBAAkB,mBAAmB,CAAC;AACnD,eAAO,MAAM,eAAe,gBAAgB,CAAC;AAC7C,eAAO,MAAM,kBAAkB,mBAAmB,CAAC;AAEnD;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,CAAC,EAAE;IAC3C,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB,+IAYA;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,+IAQ5C;AAED;;;;;;;GAOG;AACH,wBAAgB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,+IAQzC;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,+IAK3C"}
|