fa-mcp-sdk 0.4.93 → 0.4.96

package/config/_local.yaml

@@ -304,21 +304,25 @@ webServer:
     permanentServerTokens: [ ]
 
     #> ========================================================================
-    #> JWT TOKEN WITH SYMMETRIC ENCRYPTION
-    #> Custom JWT tokens with AES-256 encryption
-    #> CPU cost: Medium — decryption + JSON parsing
+    #> JWT TOKEN — standard signed JWT (HS256)
+    #> Tokens issued by this SDK are standard 3-segment JWTs `header.payload.signature`.
+    #> The verifier also temporarily accepts pre-migration legacy tokens
+    #> (`<expire_ms>.<hex>` AES-256-CTR format) for backward compatibility.
+    #> CPU cost: Medium — signature verification + JSON parsing
     #>
     #> To enable this authentication, you need to set auth.enabled = true and set
-    #> encryptKey to at least 20 characters
+    #> encryptKey to at least 8 characters (used as the HS256 signing secret).
     #> ========================================================================
     jwtToken:
-      #> Symmetric encryption key to generate a token for this MCP (minimum 8 chars)
+      #> HS256 signing secret used to sign/verify tokens for this MCP (minimum 8 chars)
       encryptKey: '{{webServer.auth.token.encryptKey}}'
       #> If webServer.auth.enabled and the parameter true, the service name and the service specified in the token will be checked
       checkMCPName: {{webServer.auth.token.checkMCPName}}
       #> If true and JWT token contains non-empty 'ip' field,
       #> the client IP will be checked against the allowed list in the token
       isCheckIP: false
+      #> Optional JWT `iss` claim. When non-empty, the generator stamps it and the verifier requires it.
+      issuer: ''
 
     #> ========================================================================
     #> Basic Authentication — Base64 encoded username:password
@@ -338,7 +342,10 @@ webServer:
     #> MCP endpoints, Admin panel, and Agent Tester.
     #> ========================================================================
     revoked:
-      #> Revoked JWT tokens. Each entry: { token: '<jwt>', note?: '<reason>' }
+      #> Revoked JWT entries. Each entry: { token: '<value>', note?: '<reason>' }.
+      #> `token` may be:
+      #>   - a full token string (legacy `<expire>.<hex>` or exact standard JWT `a.b.c`)
+      #>   - a standard JWT ID (`jti`) — preferred for revoking standard JWTs
       jwtTokens: [ ]
       #> Revoked usernames matched against JWT payload.user (case-insensitive)
       users: [ ]

package/config/custom-environment-variables.yaml

@@ -57,6 +57,7 @@ webServer:
       encryptKey: WS_TOKEN_ENCRYPT_KEY
       checkMCPName: WS_CHECK_MC_NAME
       isCheckIP: WS_JWT_CHECK_IP
+      issuer: WS_JWT_ISSUER
     basic:
       username: WS_AUTH_BASIC_USERNAME
       password: WS_AUTH_BASIC_PASSWORD

package/config/default.yaml

@@ -302,21 +302,26 @@ webServer:
     permanentServerTokens: [ ]
 
     #> ========================================================================
-    #> JWT TOKEN WITH SYMMETRIC ENCRYPTION
-    #> Custom JWT tokens with AES-256 encryption
-    #> CPU cost: Medium — decryption + JSON parsing
+    #> JWT TOKEN — standard signed JWT (HS256)
+    #> Tokens issued by this SDK are standard 3-segment JWTs `header.payload.signature`.
+    #> The verifier also temporarily accepts pre-migration legacy tokens
+    #> (`<expire_ms>.<hex>` AES-256-CTR format) for backward compatibility.
+    #> CPU cost: Medium — signature verification + JSON parsing
     #>
     #> To enable this authentication, you need to set auth.enabled = true and set
-    #> encryptKey to at least 20 characters
+    #> encryptKey to at least 8 characters (used as the HS256 signing secret).
     #> ========================================================================
     jwtToken:
-      #> Symmetric encryption key to generate a token for this MCP (minimum 8 chars)
+      #> HS256 signing secret used to sign/verify tokens for this MCP (minimum 8 chars)
       encryptKey: '***'
       #> If webServer.auth.enabled and the parameter true, the service name and the service specified in the token will be checked
       checkMCPName: true
       #> If true and JWT token contains non-empty 'ip' field,
       #> the client IP will be checked against the allowed list in the token
       isCheckIP: false
+      #> Optional JWT `iss` claim. When non-empty, the generator stamps it and the verifier requires it.
+      #> Leave empty to skip issuer enforcement.
+      issuer: ''
 
     #> ========================================================================
     #> Basic Authentication — Base64 encoded username:password
@@ -336,7 +341,10 @@ webServer:
     #> MCP endpoints, Admin panel, and Agent Tester.
     #> ========================================================================
     revoked:
-      #> Revoked JWT tokens. Each entry: { token: '<jwt>', note?: '<reason>' }
+      #> Revoked JWT entries. Each entry: { token: '<value>', note?: '<reason>' }.
+      #> `token` may be:
+      #>   - a full token string (legacy `<expire>.<hex>` or exact standard JWT `a.b.c`)
+      #>   - a standard JWT ID (`jti`) — preferred for revoking standard JWTs
       jwtTokens: [ ]
       #> Revoked usernames matched against JWT payload.user (case-insensitive)
       users: [ ]

package/dist/core/_types_/config.d.ts

@@ -19,6 +19,7 @@ interface IWebServerConfig {
                 encryptKey: string;
                 checkMCPName: boolean;
                 isCheckIP: boolean;
+                issuer?: string;
             };
             permanentServerTokens: string[];
             revoked?: {

package/dist/core/_types_/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/core/_types_/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE3D,OAAO,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAEzD,MAAM,MAAM,aAAa,GAAG,uBAAuB,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,CAAC;AACpF,MAAM,MAAM,kBAAkB,GAAG,aAAa,GAAG,MAAM,CAAC;AAExD,UAAU,gBAAgB;IACxB,SAAS,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,IAAI,EAAE;YACJ,OAAO,EAAE,OAAO,CAAC;YACjB,KAAK,CAAC,EAAE;gBACN,QAAQ,EAAE,MAAM,CAAC;gBACjB,QAAQ,EAAE,MAAM,CAAC;aAClB,CAAC;YACF,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC;gBACnB,YAAY,EAAE,OAAO,CAAC;gBACtB,SAAS,EAAE,OAAO,CAAC;aACpB,CAAC;YACF,qBAAqB,EAAE,MAAM,EAAE,CAAC;YAEhC,OAAO,CAAC,EAAE;gBAER,SAAS,CAAC,EAAE,KAAK,CAAC;oBAAE,KAAK,EAAE,MAAM,CAAC;oBAAC,IAAI,CAAC,EAAE,MAAM,CAAA;iBAAE,CAAC,CAAC;gBAEpD,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;aAClB,CAAC;SACH,CAAC;QACF,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;CACH;AAKD,UAAU,iBAAiB;IACzB,UAAU,CAAC,EAAE;QACX,OAAO,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,kBAAkB,GAAG,kBAAkB,EAAE,GAAG,IAAI,CAAC;KAC7D,CAAC;CACH;AAGD,UAAU,aAAa;IACrB,MAAM,EAAE;QACN,KAAK,EAAE,aAAa,CAAC;QACrB,aAAa,EAAE,OAAO,CAAC;QACvB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAED,UAAU,UAAU;IAClB,GAAG,EAAE;QACH,SAAS,EAAE;YACT,WAAW,EAAE,MAAM,CAAC;YACpB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;QAChC,KAAK,EAAE;YACL,QAAQ,EAAE,MAAM,GAAG,mBAAmB,CAAC;YACvC,eAAe,EAAE,OAAO,CAAC;SAC1B,CAAC;KACH,CAAC;CACH;AAED,UAAU,cAAc;IACtB,OAAO,EAAE;QACP,OAAO,CAAC,EAAE;YACR,GAAG,EAAE,MAAM,CAAC;YACZ,WAAW,EAAE,MAAM,CAAC;SACrB,EAAE,CAAC;KACL,CAAC;CACH;AAED,UAAU,kBAAkB;IAC1B,WAAW,CAAC,EAAE;QACZ,OAAO,EAAE,OAAO,CAAC;QACjB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,OAAO,EAAE,OAAO,CAAC;QACjB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,MAAM,CAAC,EAAE;YACP,MAAM,EAAE,MAAM,CAAC;YACf,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,cAAc,CAAC,EAAE,OAAO,CAAC;SAC1B,CAAC;QACF,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACtC,CAAC;CACH;AAED,UAAU,eAAe;IACvB,QAAQ,CAAC,EAAE;QACT,QAAQ,CAAC,EAAE;YACT,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC;QACF,UAAU,CAAC,EAAE;YACX,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC;KACH,CAAC;CACH;AAED,UAAU,YAAY;IACpB,KAAK,EAAE;QACL,UAAU,EAAE,GAAG,CAAC;QAChB,QAAQ,EAAE,IAAI,CAAC;KAChB,CAAC;CACH;AAED,MAAM,WAAW,SACf,SACE,SAAS,EACT,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,kBAAkB,EAClB,eAAe;IACjB,YAAY,EAAE,OAAO,CAAC;IAEtB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IAEpB,YAAY,EAAE,aAAa,CAAC;IAC5B,MAAM,EAAE,eAAe,GAAG;QACxB,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAC;YACb,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;IACF,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/core/_types_/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE3D,OAAO,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAEzD,MAAM,MAAM,aAAa,GAAG,uBAAuB,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,CAAC;AACpF,MAAM,MAAM,kBAAkB,GAAG,aAAa,GAAG,MAAM,CAAC;AAExD,UAAU,gBAAgB;IACxB,SAAS,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,IAAI,EAAE;YACJ,OAAO,EAAE,OAAO,CAAC;YACjB,KAAK,CAAC,EAAE;gBACN,QAAQ,EAAE,MAAM,CAAC;gBACjB,QAAQ,EAAE,MAAM,CAAC;aAClB,CAAC;YACF,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC;gBACnB,YAAY,EAAE,OAAO,CAAC;gBACtB,SAAS,EAAE,OAAO,CAAC;gBACnB,MAAM,CAAC,EAAE,MAAM,CAAC;aACjB,CAAC;YACF,qBAAqB,EAAE,MAAM,EAAE,CAAC;YAEhC,OAAO,CAAC,EAAE;gBAER,SAAS,CAAC,EAAE,KAAK,CAAC;oBAAE,KAAK,EAAE,MAAM,CAAC;oBAAC,IAAI,CAAC,EAAE,MAAM,CAAA;iBAAE,CAAC,CAAC;gBAEpD,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;aAClB,CAAC;SACH,CAAC;QACF,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;CACH;AAKD,UAAU,iBAAiB;IACzB,UAAU,CAAC,EAAE;QACX,OAAO,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,kBAAkB,GAAG,kBAAkB,EAAE,GAAG,IAAI,CAAC;KAC7D,CAAC;CACH;AAGD,UAAU,aAAa;IACrB,MAAM,EAAE;QACN,KAAK,EAAE,aAAa,CAAC;QACrB,aAAa,EAAE,OAAO,CAAC;QACvB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAED,UAAU,UAAU;IAClB,GAAG,EAAE;QACH,SAAS,EAAE;YACT,WAAW,EAAE,MAAM,CAAC;YACpB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;QAChC,KAAK,EAAE;YACL,QAAQ,EAAE,MAAM,GAAG,mBAAmB,CAAC;YACvC,eAAe,EAAE,OAAO,CAAC;SAC1B,CAAC;KACH,CAAC;CACH;AAED,UAAU,cAAc;IACtB,OAAO,EAAE;QACP,OAAO,CAAC,EAAE;YACR,GAAG,EAAE,MAAM,CAAC;YACZ,WAAW,EAAE,MAAM,CAAC;SACrB,EAAE,CAAC;KACL,CAAC;CACH;AAED,UAAU,kBAAkB;IAC1B,WAAW,CAAC,EAAE;QACZ,OAAO,EAAE,OAAO,CAAC;QACjB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,OAAO,EAAE,OAAO,CAAC;QACjB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,MAAM,CAAC,EAAE;YACP,MAAM,EAAE,MAAM,CAAC;YACf,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,cAAc,CAAC,EAAE,OAAO,CAAC;SAC1B,CAAC;QACF,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACtC,CAAC;CACH;AAED,UAAU,eAAe;IACvB,QAAQ,CAAC,EAAE;QACT,QAAQ,CAAC,EAAE;YACT,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC;QACF,UAAU,CAAC,EAAE;YACX,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC;KACH,CAAC;CACH;AAED,UAAU,YAAY;IACpB,KAAK,EAAE;QACL,UAAU,EAAE,GAAG,CAAC;QAChB,QAAQ,EAAE,IAAI,CAAC;KAChB,CAAC;CACH;AAED,MAAM,WAAW,SACf,SACE,SAAS,EACT,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,kBAAkB,EAClB,eAAe;IACjB,YAAY,EAAE,OAAO,CAAC;IAEtB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IAEpB,YAAY,EAAE,aAAa,CAAC;IAC5B,MAAM,EAAE,eAAe,GAAG;QACxB,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAC;YACb,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;IACF,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH"}

package/dist/core/auth/admin-auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin-auth.d.ts","sourceRoot":"","sources":["../../../src/core/auth/admin-auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAmC,cAAc,EAAE,MAAM,SAAS,CAAC;AAE1E,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAarD,YAAY,EAAE,aAAa,EAAE,CAAC;AAI9B;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,aAAa,EAAE,CAOnD;AA6CD;;;;GAIG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,GAAG,IAAI,CAavD;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,EAAE,CAe9C;AAmED;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,EAAE,CAqEpD"}
+{"version":3,"file":"admin-auth.d.ts","sourceRoot":"","sources":["../../../src/core/auth/admin-auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAmC,cAAc,EAAE,MAAM,SAAS,CAAC;AAE1E,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAarD,YAAY,EAAE,aAAa,EAAE,CAAC;AAI9B;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,aAAa,EAAE,CAOnD;AA6CD;;;;GAIG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,GAAG,IAAI,CAavD;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,EAAE,CAe9C;AAkED;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,EAAE,CAqEpD"}

package/dist/core/auth/admin-auth.js

@@ -106,16 +106,15 @@ export function getAdminAuthMethods() {
     return [...new Set(methods)];
 }
 /**
- * Build an actionable 401 message: when the caller's credential clearly doesn't match any
- * configured auth type (e.g. a JWT into a permanentServerTokens-only panel), say so explicitly
- * instead of returning a generic "Authentication failed". `scheme` here is what
- * `getTokenFromHttpHeader` returned — already 'jwtToken' for the fa-mcp-sdk 2-segment format
- * `<13+digits>.<32+hex>`, 'basic' for Basic auth, or 'permanentServerTokens' otherwise.
+ * Build an actionable 401 message. `scheme` here is what `getTokenFromHttpHeader` returned:
+ * 'basic' for Basic auth, 'bearer' for anything else. `looksLikeJwt` indicates the bearer
+ * credential matches a known JWT format (legacy `<expire>.<hex>` or standard `a.b.c`) — but
+ * since permanent tokens may also contain dots, this is only a hint for diagnostics.
  */
-function buildAuthFailureMessage(scheme, allowedTypes) {
+function buildAuthFailureMessage(scheme, looksLikeJwt, allowedTypes) {
     const allowed = allowedTypes.length > 0 ? allowedTypes.join(', ') : 'none';
-    if (scheme === 'jwtToken' && !allowedTypes.includes('jwtToken')) {
-        return `Authentication failed: token has fa-mcp-sdk JWT format (timestamp.hex), but 'jwtToken' is not enabled in adminPanel.authType (configured: ${allowed}).`;
+    if (scheme === 'bearer' && looksLikeJwt && !allowedTypes.includes('jwtToken')) {
+        return `Authentication failed: token looks like a JWT, but 'jwtToken' is not enabled in adminPanel.authType (configured: ${allowed}).`;
     }
     if (scheme === 'basic' && !allowedTypes.includes('basic')) {
         return `Authentication failed: Basic auth is not enabled in adminPanel.authType (configured: ${allowed}).`;
@@ -203,7 +202,7 @@ export function createAdminAuthMW() {
                 username: 'Unknown',
                 domain: 'Unknown',
             };
-            const { scheme, credentials } = getTokenFromHttpHeader(req);
+            const { scheme, credentials, looksLikeJwt } = getTokenFromHttpHeader(req);
             // If no credentials provided, request authentication
             if (!credentials) {
                 return sendAuthRequired(res, standardTypes);
@@ -224,7 +223,7 @@ export function createAdminAuthMW() {
                 }
             }
             logger.debug('Admin auth failed: no matching auth type');
-            return sendAuthRequired(res, standardTypes, buildAuthFailureMessage(scheme || '', standardTypes));
+            return sendAuthRequired(res, standardTypes, buildAuthFailureMessage(scheme || '', !!looksLikeJwt, standardTypes));
         },
     ];
 }

package/dist/core/auth/admin-auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"admin-auth.js","sourceRoot":"","sources":["../../../src/core/auth/admin-auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAI1B,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,MAAM,IAAI,GAAG,EAAE,MAAM,cAAc,CAAC;AAE7C,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,8CAA8C,CAAC;AAC3E,OAAO,EAAE,uBAAuB,EAAE,MAAM,4CAA4C,CAAC;AAErF,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;AAGtE,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;AACjC,MAAM,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC,SAAS,IAAI,EAAE,CAAC;AAE3C;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,GAAG,GAAG,UAAU,EAAE,QAAQ,CAAC;IACjC,IAAI,CAAC,GAAG,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QAC3B,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAsB,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,QAAuB;IACrD,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,uBAAuB,CAAC,CAAC,CAAC;YAC7B,MAAM,MAAM,GAAG,IAAI,EAAE,qBAAqB,CAAC;YAC3C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC;gBAC7D,OAAO,wBAAwB,QAAQ,wEAAwE,CAAC;YAClH,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE,QAAQ,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC;gBACzC,OAAO,wBAAwB,QAAQ,+DAA+D,CAAC;YACzG,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,MAAM,GAAG,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC3B,IAAI,CAAC,GAAG,EAAE,UAAU,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClD,OAAO,wBAAwB,QAAQ,qEAAqE,CAAC;YAC/G,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,wBAAwB,QAAQ,kEAAkE,CAAC;YAC5G,CAAC;YACD,MAAM;QACR,CAAC;QAED;YACE,OAAO,gCAAgC,QAAQ,mEAAmE,CAAC;IACvH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB;IACrC,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,CAAC,iCAAiC;IAChD,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,sBAAsB,CAAC,CAAC,CAAC,CAAC;QACxC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IACjC,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,CAAC;QACzB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;IAClC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,KAAK,uBAAuB,IAAI,CAAC,KAAK,UAAU,EAAE,CAAC;YACtD,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;aAAM,IAAI,CAAC,KAAK,OAAO,EAAE,CAAC;YACzB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QACD,mEAAmE;IACrE,CAAC;IACD,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;;GAMG;AACH,SAAS,uBAAuB,CAAC,MAAc,EAAE,YAA6B;IAC5E,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAE3E,IAAI,MAAM,KAAK,UAAU,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAChE,OAAO,6IAA6I,OAAO,IAAI,CAAC;IAClK,CAAC;IACD,IAAI,MAAM,KAAK,OAAO,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1D,OAAO,wFAAwF,OAAO,IAAI,CAAC;IAC7G,CAAC;IACD,OAAO,+CAA+C,OAAO,GAAG,CAAC;AACnE,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAClB,QAAuB,EACvB,MAAc,EACd,WAAmB;IAEnB,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,uBAAuB,CAAC,CAAC,CAAC;YAC7B,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC,CAAC,qBAAqB;YACvB,MAAM,MAAM,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;YAChD,OAAO,MAAM,CAAC,WAAW;gBACvB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,WAAW,EAAE;gBAC/C,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC;QACjD,CAAC;QAED,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC,CAAC,iBAAiB;YACnB,OAAO,cAAc,CAAC,WAAW,CAAC,CAAC;QACrC,CAAC;QAED,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC,CAAC,qBAAqB;YACvB,MAAM,MAAM,GAAG,aAAa,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;YACrD,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC;YACvD,CAAC;YACD,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,KAAK,WAAW,EAAE,CAAC;gBAC1C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,mEAAmE,EAAE,CAAC;YACxG,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC;QAClG,CAAC;QAED;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;IAElC,8EAA8E;IAC9E,+EAA+E;IAC/E,kDAAkD;IAClD,IAAI,CAAC,UAAU,EAAE,OAAO,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/C,IAAI,UAAU,EAAE,OAAO,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QACvE,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAClD,CAAC;QACD,OAAO;YACL,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;gBAClD,GAAG,CAAC,IAAI,GAAG;oBACT,eAAe,EAAE,KAAK;oBACtB,QAAQ,EAAE,WAAW;oBACrB,MAAM,EAAE,QAAQ;iBACjB,CAAC;gBACF,IAAI,EAAE,CAAC;YACT,CAAC;SACF,CAAC;IACJ,CAAC;IAED,yDAAyD;IACzD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;QAC9C,OAAO,uBAAuB,EAAE,CAAC;IACnC,CAAC;IAED,gFAAgF;IAChF,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;IAExD,6CAA6C;IAC7C,OAAO;QACL,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAClD,yEAAyE;YACzE,GAAG,CAAC,IAAI,GAAG;gBACT,eAAe,EAAE,KAAK;gBACtB,QAAQ,EAAE,SAAS;gBACnB,MAAM,EAAE,SAAS;aAClB,CAAC;YAEF,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;YAE5D,qDAAqD;YACrD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,gBAAgB,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;YAC9C,CAAC;YAED,yCAAyC;YACzC,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;gBACrC,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,EAAE,WAAW,CAAC,CAAC;gBAChE,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBAC7B,GAAG,CAAC,IAAI,GAAG;wBACT,eAAe,EAAE,IAAI;wBACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,eAAe;wBAC5C,MAAM,EAAE,QAAQ;qBACjB,CAAC;oBACF,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;wBAClB,GAAW,CAAC,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC;oBAC5C,CAAC;oBACD,OAAO,IAAI,EAAE,CAAC;gBAChB,CAAC;YACH,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;YACzD,OAAO,gBAAgB,CAAC,GAAG,EAAE,aAAa,EAAE,uBAAuB,CAAC,MAAM,IAAI,EAAE,EAAE,aAAa,CAAC,CAAC,CAAC;QACpG,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,GAAa,EAAE,SAA0B,EAAE,OAAgB;IACnF,MAAM,YAAY,GAAG,OAAO,IAAI,yBAAyB,CAAC;IAE1D,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAEhG,yDAAyD;IACzD,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,IAAI,SAAS,EAAE,CAAC;QACd,UAAU,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,UAAU,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QACtB,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QACnB,OAAO,EAAE,KAAK;QACd,KAAK,EAAE,YAAY;QACnB,gBAAgB,EAAE,SAAS;KAC5B,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"admin-auth.js","sourceRoot":"","sources":["../../../src/core/auth/admin-auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAI1B,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,MAAM,IAAI,GAAG,EAAE,MAAM,cAAc,CAAC;AAE7C,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,8CAA8C,CAAC;AAC3E,OAAO,EAAE,uBAAuB,EAAE,MAAM,4CAA4C,CAAC;AAErF,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;AAGtE,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;AACjC,MAAM,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC,SAAS,IAAI,EAAE,CAAC;AAE3C;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,GAAG,GAAG,UAAU,EAAE,QAAQ,CAAC;IACjC,IAAI,CAAC,GAAG,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QAC3B,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAsB,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,QAAuB;IACrD,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,uBAAuB,CAAC,CAAC,CAAC;YAC7B,MAAM,MAAM,GAAG,IAAI,EAAE,qBAAqB,CAAC;YAC3C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC;gBAC7D,OAAO,wBAAwB,QAAQ,wEAAwE,CAAC;YAClH,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE,QAAQ,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC;gBACzC,OAAO,wBAAwB,QAAQ,+DAA+D,CAAC;YACzG,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,MAAM,GAAG,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC3B,IAAI,CAAC,GAAG,EAAE,UAAU,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClD,OAAO,wBAAwB,QAAQ,qEAAqE,CAAC;YAC/G,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,wBAAwB,QAAQ,kEAAkE,CAAC;YAC5G,CAAC;YACD,MAAM;QACR,CAAC;QAED;YACE,OAAO,gCAAgC,QAAQ,mEAAmE,CAAC;IACvH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB;IACrC,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,CAAC,iCAAiC;IAChD,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,sBAAsB,CAAC,CAAC,CAAC,CAAC;QACxC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IACjC,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,CAAC;QACzB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;IAClC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,KAAK,uBAAuB,IAAI,CAAC,KAAK,UAAU,EAAE,CAAC;YACtD,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;aAAM,IAAI,CAAC,KAAK,OAAO,EAAE,CAAC;YACzB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QACD,mEAAmE;IACrE,CAAC;IACD,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;GAKG;AACH,SAAS,uBAAuB,CAAC,MAAc,EAAE,YAAqB,EAAE,YAA6B;IACnG,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAE3E,IAAI,MAAM,KAAK,QAAQ,IAAI,YAAY,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9E,OAAO,oHAAoH,OAAO,IAAI,CAAC;IACzI,CAAC;IACD,IAAI,MAAM,KAAK,OAAO,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1D,OAAO,wFAAwF,OAAO,IAAI,CAAC;IAC7G,CAAC;IACD,OAAO,+CAA+C,OAAO,GAAG,CAAC;AACnE,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAClB,QAAuB,EACvB,MAAc,EACd,WAAmB;IAEnB,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,uBAAuB,CAAC,CAAC,CAAC;YAC7B,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC,CAAC,qBAAqB;YACvB,MAAM,MAAM,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;YAChD,OAAO,MAAM,CAAC,WAAW;gBACvB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,WAAW,EAAE;gBAC/C,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC;QACjD,CAAC;QAED,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC,CAAC,iBAAiB;YACnB,OAAO,cAAc,CAAC,WAAW,CAAC,CAAC;QACrC,CAAC;QAED,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC,CAAC,qBAAqB;YACvB,MAAM,MAAM,GAAG,aAAa,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;YACrD,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC;YACvD,CAAC;YACD,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,KAAK,WAAW,EAAE,CAAC;gBAC1C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,mEAAmE,EAAE,CAAC;YACxG,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC;QAClG,CAAC;QAED;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;IAElC,8EAA8E;IAC9E,+EAA+E;IAC/E,kDAAkD;IAClD,IAAI,CAAC,UAAU,EAAE,OAAO,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/C,IAAI,UAAU,EAAE,OAAO,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QACvE,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAClD,CAAC;QACD,OAAO;YACL,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;gBAClD,GAAG,CAAC,IAAI,GAAG;oBACT,eAAe,EAAE,KAAK;oBACtB,QAAQ,EAAE,WAAW;oBACrB,MAAM,EAAE,QAAQ;iBACjB,CAAC;gBACF,IAAI,EAAE,CAAC;YACT,CAAC;SACF,CAAC;IACJ,CAAC;IAED,yDAAyD;IACzD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;QAC9C,OAAO,uBAAuB,EAAE,CAAC;IACnC,CAAC;IAED,gFAAgF;IAChF,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;IAExD,6CAA6C;IAC7C,OAAO;QACL,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAClD,yEAAyE;YACzE,GAAG,CAAC,IAAI,GAAG;gBACT,eAAe,EAAE,KAAK;gBACtB,QAAQ,EAAE,SAAS;gBACnB,MAAM,EAAE,SAAS;aAClB,CAAC;YAEF,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;YAE1E,qDAAqD;YACrD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,gBAAgB,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;YAC9C,CAAC;YAED,yCAAyC;YACzC,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;gBACrC,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,EAAE,WAAW,CAAC,CAAC;gBAChE,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBAC7B,GAAG,CAAC,IAAI,GAAG;wBACT,eAAe,EAAE,IAAI;wBACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,eAAe;wBAC5C,MAAM,EAAE,QAAQ;qBACjB,CAAC;oBACF,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;wBAClB,GAAW,CAAC,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC;oBAC5C,CAAC;oBACD,OAAO,IAAI,EAAE,CAAC;gBAChB,CAAC;YACH,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;YACzD,OAAO,gBAAgB,CAAC,GAAG,EAAE,aAAa,EAAE,uBAAuB,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC,CAAC;QACpH,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,GAAa,EAAE,SAA0B,EAAE,OAAgB;IACnF,MAAM,YAAY,GAAG,OAAO,IAAI,yBAAyB,CAAC;IAE1D,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAEhG,yDAAyD;IACzD,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,IAAI,SAAS,EAAE,CAAC;QACd,UAAU,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,UAAU,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QACtB,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QACnB,OAAO,EAAE,KAAK;QACd,KAAK,EAAE,YAAY;QACnB,gBAAgB,EAAE,SAAS;KAC5B,CAAC,CAAC;AACL,CAAC"}

package/dist/core/auth/jwt.d.ts

@@ -1,25 +1,34 @@
 import { ICheckTokenResult } from './types.js';
 export declare const MIN_ENCRYPT_KEY_LENGTH = 8;
+export declare const legacyJwtRE: RegExp;
+export declare const standardJwtRE: RegExp;
 export declare const jwtTokenRE: RegExp;
 /**
- * Encrypts the transmitted text with a symmetric key taken from the config
+ * Legacy: encrypts text with the symmetric key from config.
+ * Retained ONLY for backward-compatible reading of pre-migration tokens.
  */
 export declare const encrypt: (text: string) => string;
 /**
- * Decrypts the transmitted text with a symmetric key taken from the config
+ * Legacy: decrypts text with the symmetric key from config.
+ * Retained ONLY for backward-compatible reading of pre-migration tokens.
  */
 export declare const decrypt: (encryptedStr: string) => string;
 /**
- * Creates a token by encrypting the username and expiration time.
- * To determine the expiration time in the JB form script, at the beginning of the token
- * deprecation timestamp is added
+ * Generates a standard signed JWT (HS256).
+ * - `user` becomes `sub`
+ * - `service` becomes `aud`
+ * - `expire` becomes `exp`
+ * - `jti` is auto-generated via crypto.randomUUID()
+ * - other payload keys are written as private claims
+ * - `iss` is added only when webServer.auth.jwtToken.issuer is configured
  */
 export declare const generateToken: (user: string, liveTimeSec: number, payload?: any) => string;
 /**
- * Checks the validity of the token:
- * - Token to be decrypted
- * - the obsolescence time must not be expired
- * - If a user is transferred, it must match
+ * Verifies a token.
+ * Routes by format:
+ *   - `header.payload.signature` → standard JWT verification
+ *   - `<expire_ms>.<hex>` → legacy AES-256-CTR fallback
+ * Returns a normalized `ITokenPayload`.
  */
 export declare const checkJwtToken: (arg: {
     token: string;

package/dist/core/auth/jwt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../src/core/auth/jwt.ts"],"names":[],"mappings":"AAWA,OAAO,EAAE,iBAAiB,EAAiB,MAAM,YAAY,CAAC;AAQ9D,eAAO,MAAM,sBAAsB,IAAI,CAAC;AASxC,eAAO,MAAM,UAAU,QAAmC,CAAC;AAE3D;;GAEG;AACH,eAAO,MAAM,OAAO,GAAI,MAAM,MAAM,KAAG,MAStC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO,GAAI,cAAc,MAAM,WAW3C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,aAAa,GAAI,MAAM,MAAM,EAAE,aAAa,MAAM,EAAE,UAAU,GAAG,KAAG,MAYhF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,aAAa,GAAI,KAAK;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,KAAG,iBAoFH,CAAC"}
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../src/core/auth/jwt.ts"],"names":[],"mappings":"AAYA,OAAO,EAAE,iBAAiB,EAAiB,MAAM,YAAY,CAAC;AAS9D,eAAO,MAAM,sBAAsB,IAAI,CAAC;AAQxC,eAAO,MAAM,WAAW,QAAmC,CAAC;AAC5D,eAAO,MAAM,aAAa,QAAqD,CAAC;AAEhF,eAAO,MAAM,UAAU,QAAkF,CAAC;AAI1G;;;GAGG;AACH,eAAO,MAAM,OAAO,GAAI,MAAM,MAAM,KAAG,MAMtC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,OAAO,GAAI,cAAc,MAAM,WAO3C,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,aAAa,GAAI,MAAM,MAAM,EAAE,aAAa,MAAM,EAAE,UAAU,GAAG,KAAG,MAgChF,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,aAAa,GAAI,KAAK;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,KAAG,iBAYH,CAAC"}

package/dist/core/auth/jwt.js

@@ -1,82 +1,220 @@
 // noinspection UnnecessaryLocalVariableJS
 import crypto from 'crypto';
 import chalk from 'chalk';
+import jwt from 'jsonwebtoken';
 import { appConfig } from '../bootstrap/init-config.js';
 import { logger as lgr } from '../logger.js';
 import { isObject, trim } from '../utils/utils.js';
 import { parseIpList, isIpAllowed } from './ip-check.js';
-import { isJwtTokenRevoked, isUserRevoked } from './revocation.js';
+import { isJtiRevoked, isJwtTokenRevoked, isUserRevoked } from './revocation.js';
 const logger = lgr.getSubLogger({ name: chalk.cyan('token-auth') });
 const { jwtToken } = appConfig.webServer?.auth || {};
 const checkMCPName = jwtToken?.checkMCPName || false;
 const isCheckIP = jwtToken?.isCheckIP || false;
+const configuredIssuer = trim(jwtToken?.issuer);
 export const MIN_ENCRYPT_KEY_LENGTH = 8;
-const ALGORITHM = 'aes-256-ctr';
-const KEY = crypto
-    .createHash('sha256')
-    .update(String(jwtToken?.encryptKey || '11111111-7777-8888-9999-000000000000'))
-    .digest('base64')
-    .substring(0, 32);
-export const jwtTokenRE = /^(\d{13,})\.([\da-fA-F]{32,})$/;
+const ENCRYPT_KEY = String(jwtToken?.encryptKey || '11111111-7777-8888-9999-000000000000');
+// Legacy AES-256-CTR — used ONLY to read tokens issued before the migration to standard JWT.
+const LEGACY_ALGORITHM = 'aes-256-ctr';
+const LEGACY_KEY = crypto.createHash('sha256').update(ENCRYPT_KEY).digest('base64').substring(0, 32);
+export const legacyJwtRE = /^(\d{13,})\.([\da-fA-F]{32,})$/;
+export const standardJwtRE = /^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/;
+// "Looks like JWT" helper (either legacy or standard). Not used as the only criterion for auth routing.
+export const jwtTokenRE = /^(?:\d{13,}\.[\da-fA-F]{32,}|[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+)$/;
+const STANDARD_CLAIMS = new Set(['user', 'expire', 'iat', 'service', 'iss', 'sub', 'aud', 'exp', 'jti']);
 /**
- * Encrypts the transmitted text with a symmetric key taken from the config
+ * Legacy: encrypts text with the symmetric key from config.
+ * Retained ONLY for backward-compatible reading of pre-migration tokens.
  */
 export const encrypt = (text) => {
     const buffer = Buffer.from(text);
-    // Create an initialization vector
     const iv = crypto.randomBytes(16);
-    // Create a new cipher using the algorithm, key, and iv
-    const cipher = crypto.createCipheriv(ALGORITHM, KEY, iv);
-    // Create the new (encrypted) buffer
+    const cipher = crypto.createCipheriv(LEGACY_ALGORITHM, LEGACY_KEY, iv);
     const encryptedBuf = Buffer.concat([iv, cipher.update(buffer), cipher.final()]);
     return encryptedBuf.toString('hex');
 };
 /**
- * Decrypts the transmitted text with a symmetric key taken from the config
+ * Legacy: decrypts text with the symmetric key from config.
+ * Retained ONLY for backward-compatible reading of pre-migration tokens.
  */
 export const decrypt = (encryptedStr) => {
     const encryptedByf = Buffer.from(encryptedStr, 'hex');
-    // Get the iv: the first 16 bytes
     const iv2 = encryptedByf.subarray(0, 16);
-    // Get the rest
     const restBuf = encryptedByf.subarray(16);
-    // Create decipher
-    const decipher = crypto.createDecipheriv(ALGORITHM, KEY, iv2);
-    // Actually decrypt it
+    const decipher = crypto.createDecipheriv(LEGACY_ALGORITHM, LEGACY_KEY, iv2);
     const decryptedBuf = Buffer.concat([decipher.update(restBuf), decipher.final()]);
     return decryptedBuf.toString();
 };
 /**
- * Creates a token by encrypting the username and expiration time.
- * To determine the expiration time in the JB form script, at the beginning of the token
- * deprecation timestamp is added
+ * Generates a standard signed JWT (HS256).
+ * - `user` becomes `sub`
+ * - `service` becomes `aud`
+ * - `expire` becomes `exp`
+ * - `jti` is auto-generated via crypto.randomUUID()
+ * - other payload keys are written as private claims
+ * - `iss` is added only when webServer.auth.jwtToken.issuer is configured
  */
 export const generateToken = (user, liveTimeSec, payload) => {
     user = trim(user).toLowerCase();
     if (!user) {
         throw new Error('generateToken: Username is empty');
     }
-    const expire = Date.now() + liveTimeSec * 1000;
-    const issuedAt = new Date().toISOString();
-    payload = isObject(payload) ? payload : {};
-    payload.user = user;
-    payload.expire = expire;
-    payload.iat = issuedAt;
-    return `${expire}.${encrypt(JSON.stringify(payload))}`;
+    const inputPayload = isObject(payload) ? { ...payload } : {};
+    // Extract reserved fields and drop them from the private claims
+    const service = trim(inputPayload.service) || undefined;
+    delete inputPayload.user;
+    delete inputPayload.expire;
+    delete inputPayload.iat;
+    delete inputPayload.service;
+    delete inputPayload.sub;
+    delete inputPayload.aud;
+    delete inputPayload.exp;
+    delete inputPayload.iss;
+    delete inputPayload.jti;
+    const signOptions = {
+        algorithm: 'HS256',
+        subject: user,
+        expiresIn: liveTimeSec,
+        jwtid: crypto.randomUUID(),
+    };
+    if (service) {
+        signOptions.audience = service;
+    }
+    if (configuredIssuer) {
+        signOptions.issuer = configuredIssuer;
+    }
+    return jwt.sign(inputPayload, ENCRYPT_KEY, signOptions);
 };
 /**
- * Checks the validity of the token:
- * - Token to be decrypted
- * - the obsolescence time must not be expired
- * - If a user is transferred, it must match
+ * Verifies a token.
+ * Routes by format:
+ *   - `header.payload.signature` → standard JWT verification
+ *   - `<expire_ms>.<hex>` → legacy AES-256-CTR fallback
+ * Returns a normalized `ITokenPayload`.
  */
 export const checkJwtToken = (arg) => {
-    let { token, expectedUser, expectedService = appConfig.name, clientIp } = arg;
-    token = (token || '').trim();
+    const token = trim(arg.token);
     if (!token) {
         return { errorReason: 'Token not passed' };
     }
-    const [, expirePartStr, encryptedPayload] = jwtTokenRE.exec(token) || [];
+    if (standardJwtRE.test(token)) {
+        return checkStandardJwt(token, arg);
+    }
+    if (legacyJwtRE.test(token)) {
+        return checkLegacyJwt(token, arg);
+    }
+    return { errorReason: 'The token is not a JWT' };
+};
+function checkStandardJwt(token, arg) {
+    // Exact-match revoke against the full token string (works for legacy revoke records too)
+    if (isJwtTokenRevoked(token)) {
+        return { errorReason: 'JWT Token has been revoked' };
+    }
+    let decoded;
+    try {
+        const verifyOptions = { algorithms: ['HS256'] };
+        if (configuredIssuer) {
+            verifyOptions.issuer = configuredIssuer;
+        }
+        const result = jwt.verify(token, ENCRYPT_KEY, verifyOptions);
+        if (typeof result === 'string') {
+            return { errorReason: 'The token is not a JWT' };
+        }
+        decoded = result;
+    }
+    catch (err) {
+        if (err?.name === 'TokenExpiredError') {
+            const expiredAt = err.expiredAt instanceof Date ? err.expiredAt.getTime() : 0;
+            const expiredOn = expiredAt ? Date.now() - expiredAt : 0;
+            return {
+                isTokenDecrypted: true,
+                errorReason: expiredOn > 0 ? `JWT Token expired :: on ${expiredOn} mc` : 'JWT Token expired',
+            };
+        }
+        if (err?.name === 'JsonWebTokenError') {
+            if (typeof err.message === 'string' && err.message.toLowerCase().includes('signature')) {
+                return { errorReason: 'Invalid signature' };
+            }
+            if (typeof err.message === 'string' && err.message.toLowerCase().includes('issuer')) {
+                return { errorReason: `JWT Token: ${err.message}` };
+            }
+            return { errorReason: 'The token is not a JWT' };
+        }
+        logger.error(err);
+        return { errorReason: `Error verifying JWT token :: ${err?.message ?? 'unknown error'}` };
+    }
+    // Normalize to ITokenPayload shape
+    const sub = typeof decoded.sub === 'string' ? decoded.sub : '';
+    if (!sub) {
+        return { errorReason: 'JWT Token: missing subject' };
+    }
+    const expSec = typeof decoded.exp === 'number' ? decoded.exp : 0;
+    if (!expSec) {
+        return { isTokenDecrypted: true, errorReason: 'JWT Token: missing expiration' };
+    }
+    const iatSec = typeof decoded.iat === 'number' ? decoded.iat : 0;
+    const audValues = Array.isArray(decoded.aud)
+        ? decoded.aud.filter((value) => typeof value === 'string' && !!trim(value))
+        : typeof decoded.aud === 'string' && trim(decoded.aud)
+            ? [decoded.aud]
+            : [];
+    const expectedService = arg.expectedService ?? appConfig.name;
+    const normalizedService = expectedService && audValues.includes(expectedService) ? expectedService : audValues[0];
+    const payload = { user: sub, expire: expSec * 1000 };
+    if (iatSec) {
+        payload.iat = new Date(iatSec * 1000).toISOString();
+    }
+    if (normalizedService) {
+        payload.service = normalizedService;
+    }
+    if (typeof decoded.iss === 'string') {
+        payload.iss = decoded.iss;
+    }
+    if (typeof decoded.jti === 'string') {
+        payload.jti = decoded.jti;
+    }
+    // copy private claims (everything not in STANDARD_CLAIMS)
+    for (const [k, v] of Object.entries(decoded)) {
+        if (!STANDARD_CLAIMS.has(k)) {
+            payload[k] = v;
+        }
+    }
+    // Revoke by jti
+    if (payload.jti && isJtiRevoked(payload.jti)) {
+        return { isTokenDecrypted: true, errorReason: 'JWT Token has been revoked' };
+    }
+    if (isUserRevoked(payload.user)) {
+        return { isTokenDecrypted: true, errorReason: `JWT Token: user '${payload.user}' has been revoked` };
+    }
+    const expectedUser = trim(arg.expectedUser).toLowerCase();
+    if (expectedUser && payload.user !== expectedUser) {
+        return {
+            isTokenDecrypted: true,
+            errorReason: `JWT Token: user not match :: Expected  '${expectedUser}' / obtained from the token: '${payload.user}'`,
+        };
+    }
+    if (checkMCPName) {
+        const obtainedService = audValues.length > 1 ? audValues.join(', ') : payload.service;
+        if (expectedService && !audValues.includes(expectedService)) {
+            return {
+                isTokenDecrypted: true,
+                errorReason: `JWT Token: service not match :: Expected  '${expectedService}' / obtained from the token: '${obtainedService}'`,
+            };
+        }
+    }
+    if (isCheckIP && payload.ip && arg.clientIp) {
+        const allowedIps = parseIpList(payload.ip);
+        if (allowedIps.length > 0 && !isIpAllowed(arg.clientIp, allowedIps)) {
+            return {
+                isTokenDecrypted: true,
+                errorReason: `JWT Token: client IP ${arg.clientIp} is not in the allowed list`,
+            };
+        }
+    }
+    return { payload };
+}
+function checkLegacyJwt(token, arg) {
+    const [, expirePartStr, encryptedPayload] = legacyJwtRE.exec(token) || [];
     if (!expirePartStr || !encryptedPayload) {
         return { errorReason: 'The token is not a JWT' };
     }
@@ -108,7 +246,7 @@ export const checkJwtToken = (arg) => {
             errorReason: `JWT Token: user '${payload.user}' has been revoked`,
         };
     }
-    expectedUser = trim(expectedUser).toLowerCase();
+    const expectedUser = trim(arg.expectedUser).toLowerCase();
     if (expectedUser && payload.user !== expectedUser) {
         return {
             isTokenDecrypted: true,
@@ -116,6 +254,7 @@ export const checkJwtToken = (arg) => {
         };
     }
     if (checkMCPName) {
+        const expectedService = arg.expectedService ?? appConfig.name;
         if (expectedService && payload.service !== expectedService) {
             return {
                 isTokenDecrypted: true,
@@ -123,28 +262,23 @@ export const checkJwtToken = (arg) => {
             };
         }
     }
-    let expire = Number(expirePartStr) || 0;
+    const expire = Number(expirePartStr) || 0;
     const expiredOn = Date.now() - expire;
     if (expiredOn > 0) {
-        // Token deprecated
         return {
             isTokenDecrypted: true,
             errorReason: `JWT Token expired :: on ${expiredOn} mc`,
         };
     }
-    // IP check (after all other validations pass)
-    if (isCheckIP && payload.ip) {
-        if (clientIp) {
-            const allowedIps = parseIpList(payload.ip);
-            if (allowedIps.length > 0 && !isIpAllowed(clientIp, allowedIps)) {
-                return {
-                    isTokenDecrypted: true,
-                    errorReason: `JWT Token: client IP ${clientIp} is not in the allowed list`,
-                };
-            }
+    if (isCheckIP && payload.ip && arg.clientIp) {
+        const allowedIps = parseIpList(payload.ip);
+        if (allowedIps.length > 0 && !isIpAllowed(arg.clientIp, allowedIps)) {
+            return {
+                isTokenDecrypted: true,
+                errorReason: `JWT Token: client IP ${arg.clientIp} is not in the allowed list`,
+            };
         }
     }
-    // OK!
     return { payload };
-};
+}
 //# sourceMappingURL=jwt.js.map

package/dist/core/auth/jwt.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../src/core/auth/jwt.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,OAAO,MAAM,MAAM,QAAQ,CAAC;AAE5B,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,MAAM,IAAI,GAAG,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAEnD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAGnE,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;AAEpE,MAAM,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC;AACrD,MAAM,YAAY,GAAG,QAAQ,EAAE,YAAY,IAAI,KAAK,CAAC;AACrD,MAAM,SAAS,GAAG,QAAQ,EAAE,SAAS,IAAI,KAAK,CAAC;AAE/C,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AAExC,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,GAAG,GAAG,MAAM;KACf,UAAU,CAAC,QAAQ,CAAC;KACpB,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,IAAI,sCAAsC,CAAC,CAAC;KAC9E,MAAM,CAAC,QAAQ,CAAC;KAChB,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAEpB,MAAM,CAAC,MAAM,UAAU,GAAG,gCAAgC,CAAC;AAE3D;;GAEG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,IAAY,EAAU,EAAE;IAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,kCAAkC;IAClC,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAClC,uDAAuD;IACvD,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACzD,oCAAoC;IACpC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAChF,OAAO,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACtC,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,YAAoB,EAAE,EAAE;IAC9C,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IACtD,iCAAiC;IACjC,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzC,eAAe;IACf,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC1C,kBAAkB;IAClB,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IAC9D,sBAAsB;IACtB,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACjF,OAAO,YAAY,CAAC,QAAQ,EAAE,CAAC;AACjC,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,IAAY,EAAE,WAAmB,EAAE,OAAa,EAAU,EAAE;IACxF,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,GAAG,IAAI,CAAC;IAC/C,MAAM,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC1C,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3C,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IACpB,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;IACxB,OAAO,CAAC,GAAG,GAAG,QAAQ,CAAC;IACvB,OAAO,GAAG,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;AACzD,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,GAK7B,EAAqB,EAAE;IACtB,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,eAAe,GAAG,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC;IAC9E,KAAK,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,CAAC,EAAE,aAAa,EAAE,gBAAgB,CAAC,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IAEzE,IAAI,CAAC,aAAa,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxC,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;IACnD,CAAC;IAED,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IACvD,CAAC;IAED,IAAI,UAAU,GAAW,EAAE,CAAC;IAC5B,IAAI,CAAC;QACH,UAAU,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;QACvC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,WAAW,EAAE,gEAAgE,EAAE,CAAC;QAC3F,CAAC;IACH,CAAC;IAAC,OAAO,GAAgB,EAAE,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,EAAE,WAAW,EAAE,iCAAiC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IACzE,CAAC;IACD,IAAI,OAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,GAAgB,EAAE,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,EAAE,WAAW,EAAE,+CAA+C,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IACvF,CAAC;IAED,IAAI,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,oBAAoB,OAAO,CAAC,IAAI,oBAAoB;SAClE,CAAC;IACJ,CAAC;IAED,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;IAChD,IAAI,YAAY,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAClD,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,2CAA2C,YAAY,iCAAiC,OAAO,CAAC,IAAI,GAAG;SACrH,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,eAAe,IAAI,OAAO,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;YAC3D,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,8CAA8C,eAAe,iCAAiC,OAAO,CAAC,OAAO,GAAG;aAC9H,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAI,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IAExC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC;IACtC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,mBAAmB;QACnB,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,2BAA2B,SAAS,KAAK;SACvD,CAAC;IACJ,CAAC;IAED,8CAA8C;IAC9C,IAAI,SAAS,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;QAC5B,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC3C,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,CAAC;gBAChE,OAAO;oBACL,gBAAgB,EAAE,IAAI;oBACtB,WAAW,EAAE,wBAAwB,QAAQ,6BAA6B;iBAC3E,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM;IACN,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC,CAAC"}
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../src/core/auth/jwt.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,OAAO,MAAM,MAAM,QAAQ,CAAC;AAE5B,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,GAA+C,MAAM,cAAc,CAAC;AAE3E,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,MAAM,IAAI,GAAG,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAEnD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAGjF,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;AAEpE,MAAM,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC;AACrD,MAAM,YAAY,GAAG,QAAQ,EAAE,YAAY,IAAI,KAAK,CAAC;AACrD,MAAM,SAAS,GAAG,QAAQ,EAAE,SAAS,IAAI,KAAK,CAAC;AAC/C,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AAEhD,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AAExC,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,EAAE,UAAU,IAAI,sCAAsC,CAAC,CAAC;AAE3F,6FAA6F;AAC7F,MAAM,gBAAgB,GAAG,aAAa,CAAC;AACvC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAErG,MAAM,CAAC,MAAM,WAAW,GAAG,gCAAgC,CAAC;AAC5D,MAAM,CAAC,MAAM,aAAa,GAAG,kDAAkD,CAAC;AAChF,wGAAwG;AACxG,MAAM,CAAC,MAAM,UAAU,GAAG,+EAA+E,CAAC;AAE1G,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAEzG;;;GAGG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,IAAY,EAAU,EAAE;IAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,gBAAgB,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;IACvE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAChF,OAAO,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACtC,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,YAAoB,EAAE,EAAE;IAC9C,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,gBAAgB,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACjF,OAAO,YAAY,CAAC,QAAQ,EAAE,CAAC;AACjC,CAAC,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,IAAY,EAAE,WAAmB,EAAE,OAAa,EAAU,EAAE;IACxF,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAE7D,gEAAgE;IAChE,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;IACxD,OAAO,YAAY,CAAC,IAAI,CAAC;IACzB,OAAO,YAAY,CAAC,MAAM,CAAC;IAC3B,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,OAAO,CAAC;IAC5B,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,GAAG,CAAC;IAExB,MAAM,WAAW,GAAgB;QAC/B,SAAS,EAAE,OAAO;QAClB,OAAO,EAAE,IAAI;QACb,SAAS,EAAE,WAAW;QACtB,KAAK,EAAE,MAAM,CAAC,UAAU,EAAE;KAC3B,CAAC;IACF,IAAI,OAAO,EAAE,CAAC;QACZ,WAAW,CAAC,QAAQ,GAAG,OAAO,CAAC;IACjC,CAAC;IACD,IAAI,gBAAgB,EAAE,CAAC;QACrB,WAAW,CAAC,MAAM,GAAG,gBAAgB,CAAC;IACxC,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;AAC1D,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,GAK7B,EAAqB,EAAE;IACtB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC9B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAC7C,CAAC;IACD,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,gBAAgB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;AACnD,CAAC,CAAC;AAEF,SAAS,gBAAgB,CACvB,KAAa,EACb,GAA2E;IAE3E,yFAAyF;IACzF,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IACvD,CAAC;IAED,IAAI,OAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,aAAa,GAAkB,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/D,IAAI,gBAAgB,EAAE,CAAC;YACrB,aAAa,CAAC,MAAM,GAAG,gBAAgB,CAAC;QAC1C,CAAC;QACD,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QAC7D,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;QACnD,CAAC;QACD,OAAO,GAAG,MAAM,CAAC;IACnB,CAAC;IAAC,OAAO,GAAgB,EAAE,CAAC;QAC1B,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACtC,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,YAAY,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9E,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;YACzD,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,2BAA2B,SAAS,KAAK,CAAC,CAAC,CAAC,mBAAmB;aAC7F,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACtC,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACvF,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAC;YAC9C,CAAC;YACD,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpF,OAAO,EAAE,WAAW,EAAE,cAAc,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;YACtD,CAAC;YACD,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;QACnD,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,EAAE,WAAW,EAAE,gCAAgC,GAAG,EAAE,OAAO,IAAI,eAAe,EAAE,EAAE,CAAC;IAC5F,CAAC;IAED,mCAAmC;IACnC,MAAM,GAAG,GAAG,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/D,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IACvD,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE,+BAA+B,EAAE,CAAC;IAClF,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC;QAC1C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5F,CAAC,CAAC,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;YACpD,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;YACf,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,eAAe,GAAG,GAAG,CAAC,eAAe,IAAI,SAAS,CAAC,IAAI,CAAC;IAC9D,MAAM,iBAAiB,GAAG,eAAe,IAAI,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAElH,MAAM,OAAO,GAAkB,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,CAAC;IACpE,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,GAAG,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IACtD,CAAC;IACD,IAAI,iBAAiB,EAAE,CAAC;QACtB,OAAO,CAAC,OAAO,GAAG,iBAAiB,CAAC;IACtC,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAC5B,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAC5B,CAAC;IACD,0DAA0D;IAC1D,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,IAAI,OAAO,CAAC,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE,oBAAoB,OAAO,CAAC,IAAI,oBAAoB,EAAE,CAAC;IACvG,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;IAC1D,IAAI,YAAY,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAClD,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,2CAA2C,YAAY,iCAAiC,OAAO,CAAC,IAAI,GAAG;SACrH,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;QACtF,IAAI,eAAe,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YAC5D,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,8CAA8C,eAAe,iCAAiC,eAAe,GAAG;aAC9H,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,SAAS,IAAI,OAAO,CAAC,EAAE,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC5C,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC3C,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,CAAC;YACpE,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,wBAAwB,GAAG,CAAC,QAAQ,6BAA6B;aAC/E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC;AAED,SAAS,cAAc,CACrB,KAAa,EACb,GAA2E;IAE3E,MAAM,CAAC,EAAE,aAAa,EAAE,gBAAgB,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IAC1E,IAAI,CAAC,aAAa,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxC,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;IACnD,CAAC;IAED,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IACvD,CAAC;IAED,IAAI,UAAU,GAAW,EAAE,CAAC;IAC5B,IAAI,CAAC;QACH,UAAU,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;QACvC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,WAAW,EAAE,gEAAgE,EAAE,CAAC;QAC3F,CAAC;IACH,CAAC;IAAC,OAAO,GAAgB,EAAE,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,EAAE,WAAW,EAAE,iCAAiC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IACzE,CAAC;IACD,IAAI,OAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,GAAgB,EAAE,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,EAAE,WAAW,EAAE,+CAA+C,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IACvF,CAAC;IAED,IAAI,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,oBAAoB,OAAO,CAAC,IAAI,oBAAoB;SAClE,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;IAC1D,IAAI,YAAY,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAClD,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,2CAA2C,YAAY,iCAAiC,OAAO,CAAC,IAAI,GAAG;SACrH,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,eAAe,GAAG,GAAG,CAAC,eAAe,IAAI,SAAS,CAAC,IAAI,CAAC;QAC9D,IAAI,eAAe,IAAI,OAAO,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;YAC3D,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,8CAA8C,eAAe,iCAAiC,OAAO,CAAC,OAAO,GAAG;aAC9H,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC;IACtC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,2BAA2B,SAAS,KAAK;SACvD,CAAC;IACJ,CAAC;IAED,IAAI,SAAS,IAAI,OAAO,CAAC,EAAE,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC5C,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC3C,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,CAAC;YACpE,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,wBAAwB,GAAG,CAAC,QAAQ,6BAA6B;aAC/E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC"}

package/dist/core/auth/multi-auth.d.ts

@@ -1,8 +1,10 @@
 import { Request } from 'express';
-import { AuthDetectionResult, AuthResult, AuthType } from './types.js';
+import { AuthDetectionResult, AuthResult } from './types.js';
+export type AuthScheme = 'basic' | 'bearer';
 export declare const getTokenFromHttpHeader: (req: Request) => {
-    scheme?: AuthType;
+    scheme?: AuthScheme;
     credentials?: string;
+    looksLikeJwt?: boolean;
 };
 /**
  * Detects configured authentication types in priority order (ascending CPU load)

package/dist/core/auth/multi-auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"multi-auth.d.ts","sourceRoot":"","sources":["../../../src/core/auth/multi-auth.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAUlC,OAAO,EAAE,mBAAmB,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAsBvE,eAAO,MAAM,sBAAsB,GAAI,KAAK,OAAO,KAAG;IAAE,MAAM,CAAC,EAAE,QAAQ,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAiB9F,CAAC;AAyBF;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,mBAAmB,CAgD7D;AAsBD;;GAEG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,CAqFtE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,IAAI,CAa3C;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,CAuC/C"}
+{"version":3,"file":"multi-auth.d.ts","sourceRoot":"","sources":["../../../src/core/auth/multi-auth.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAUlC,OAAO,EAAE,mBAAmB,EAAE,UAAU,EAAY,MAAM,YAAY,CAAC;AAqBvE,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,QAAQ,CAAC;AAG5C,eAAO,MAAM,sBAAsB,GACjC,KAAK,OAAO,KACX;IAAE,MAAM,CAAC,EAAE,UAAU,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,OAAO,CAAA;CAcrE,CAAC;AAyBF;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,mBAAmB,CAgD7D;AAsBD;;GAEG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,CAgGtE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,IAAI,CAa3C;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,CAuC/C"}