itlab-internal-services 2.15.7 → 2.16.0

package/dist/properties/index.d.ts

@@ -0,0 +1 @@
+export { PropertyContent } from './content.property';

package/dist/properties/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PropertyContent = void 0;
+var content_property_1 = require("./content.property");
+Object.defineProperty(exports, "PropertyContent", { enumerable: true, get: function () { return content_property_1.PropertyContent; } });

package/dist/swagger/index.d.ts

@@ -0,0 +1 @@
+export { initializeSwagger } from './swagger.function';

package/dist/swagger/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initializeSwagger = void 0;
+var swagger_function_1 = require("./swagger.function");
+Object.defineProperty(exports, "initializeSwagger", { enumerable: true, get: function () { return swagger_function_1.initializeSwagger; } });

package/dist/swagger/remove-public-route-auth.plugin.d.ts

@@ -0,0 +1,9 @@
+import { OpenAPIObject } from '@nestjs/swagger';
+/**
+ * Modifies Swagger documentation to remove "Auth Required" lock
+ * for routes marked with @Public() decorator.
+ *
+ * @param {OpenAPIObject} document - The generated Swagger document
+ * @returns {OpenAPIObject} - Modified Swagger document
+ */
+export declare function removePublicRouteAuth(document: OpenAPIObject): void;

package/dist/swagger/remove-public-route-auth.plugin.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.removePublicRouteAuth = removePublicRouteAuth;
+const service_auth_guard_1 = require("../modules/authentication/guards/service-auth.guard");
+/**
+ * Modifies Swagger documentation to remove "Auth Required" lock
+ * for routes marked with @Public() decorator.
+ *
+ * @param {OpenAPIObject} document - The generated Swagger document
+ * @returns {OpenAPIObject} - Modified Swagger document
+ */
+function removePublicRouteAuth(document) {
+    Object.values(document.paths).forEach((path) => {
+        Object.values(path).forEach((method) => {
+            if (Array.isArray(method.security) && method.security.includes('public')) {
+                method.security = [];
+                if (method.parameters) {
+                    method.parameters = method.parameters.filter((parameter) => parameter.name !== service_auth_guard_1.SERVICE_AUTH_HEADER_KEY);
+                }
+                delete method.responses['401'];
+                console.log(method);
+            }
+        });
+    });
+}

package/dist/swagger/swagger-options.interface.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Defines configurable options for setting up Swagger API documentation.
+ * This includes optional authentication mechanisms like JWT or Kubernetes API keys.
+ */
+export type SwaggerOptions = {
+    /**
+     * Title of the API documentation displayed in Swagger UI
+     */
+    title: string;
+    /**
+     * Short description of the API's purpose or scope
+     */
+    description: string;
+};

package/dist/swagger/swagger-options.interface.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/swagger/swagger.function.d.ts

@@ -0,0 +1,11 @@
+import { INestApplication } from '@nestjs/common';
+import { SwaggerOptions } from './swagger-options.interface';
+/**
+ * Initializes Swagger documentation for a NestJS application.
+ * This function configures Swagger with API metadata, security schemes,
+ * and serves the Swagger UI at the `/api` endpoint.
+ *
+ * @param {INestApplication} app - The NestJS application instance to attach Swagger to.
+ * @param {SwaggerOptions} [options] - Configuration for Swagger metadata.
+ */
+export declare function initializeSwagger(app: INestApplication, options: SwaggerOptions): void;

package/dist/swagger/swagger.function.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initializeSwagger = initializeSwagger;
+const swagger_1 = require("@nestjs/swagger");
+const service_auth_guard_1 = require("../modules/authentication/guards/service-auth.guard");
+const remove_public_route_auth_plugin_1 = require("./remove-public-route-auth.plugin");
+/**
+ * Initializes Swagger documentation for a NestJS application.
+ * This function configures Swagger with API metadata, security schemes,
+ * and serves the Swagger UI at the `/api` endpoint.
+ *
+ * @param {INestApplication} app - The NestJS application instance to attach Swagger to.
+ * @param {SwaggerOptions} [options] - Configuration for Swagger metadata.
+ */
+function initializeSwagger(app, options) {
+    var _a;
+    // Create a new DocumentBuilder to configure the Swagger documentation
+    const documentBuilder = new swagger_1.DocumentBuilder()
+        .setTitle(options.title)
+        .setDescription(options.description)
+        .setContact('Timo Scheuermann', '', 'timo.scheuermann@sv-informatik.de');
+    // Add the base server URL. Falls back to localhost if SWAGGER_BASE_PATH is not set
+    const baseUrl = (_a = process.env.SWAGGER_BASE_PATH) !== null && _a !== void 0 ? _a : 'http://localhost:3000';
+    documentBuilder.addServer(baseUrl);
+    // Configure JWT Bearer authentication for user endpoints
+    documentBuilder.addBearerAuth({
+        type: 'http',
+        in: 'header',
+        bearerFormat: 'JWT',
+        description: 'Gesicherter Login Token',
+    }, 'Auth Token');
+    // Configure API key authentication for internal service-to-service communication
+    documentBuilder.addApiKey({
+        type: 'apiKey',
+        in: 'header',
+        name: service_auth_guard_1.SERVICE_AUTH_HEADER_KEY,
+        description: 'Token for service authentication',
+    }, 'Service Token');
+    // Build the Swagger configuration from the builder
+    const swaggerConfig = documentBuilder.build();
+    // Generate the Swagger document using the NestJS application instance
+    const swaggerDocument = swagger_1.SwaggerModule.createDocument(app, swaggerConfig);
+    // Remove security from @Public endpoints
+    (0, remove_public_route_auth_plugin_1.removePublicRouteAuth)(swaggerDocument);
+    // Serve Swagger UI at the '/api' endpoint
+    swagger_1.SwaggerModule.setup('api', app, swaggerDocument);
+}

package/dist/transform/boolean.transform.js

@@ -2,6 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.BooleanTransform = BooleanTransform;
 const class_transformer_1 = require("class-transformer");
+// Standardize boolean input formats (string, number, or boolean)
+const trueValues = [true, 'true', 1, '1', 'yes', 'on'];
+const falseValues = [false, 'false', 0, '0', 'no', 'off'];
 /**
  * Property decorator to normalize boolean-like input values.
  * It converts various representations of truthy and falsy values (e.g., "true", "1", 1) into actual booleans.
@@ -11,9 +14,6 @@ const class_transformer_1 = require("class-transformer");
  */
 function BooleanTransform() {
     return (0, class_transformer_1.Transform)(({ value }) => {
-        // Standardize boolean input formats (string, number, or boolean)
-        const trueValues = [true, 'true', 1, '1', 'yes', 'on'];
-        const falseValues = [false, 'false', 0, '0', 'no', 'off'];
         // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
         if (trueValues.includes(value))
             return true;

package/dist/viewable.interface.js

@@ -26,7 +26,7 @@ function PropertyViewedBy() {
 function ApiViewedBy() {
     return (0, swagger_1.ApiProperty)({
         name: 'viewedBy',
-        type: [models_1.AccountEntity],
+        type: [models_1.Account],
         default: [],
         description: 'Accounts that have viewed this entity.',
     });

package/package.json

@@ -4,7 +4,7 @@
     "name": "Timo Scheuermann",
     "email": "timo.scheuermann@sv-informatik.de"
   },
-  "version": "2.15.7",
+  "version": "2.16.0",
   "type": "commonjs",
   "files": [
     "dist"
@@ -35,7 +35,7 @@
     "cache-manager": "^7.1.1",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.2",
-    "itlab-functions": "^1.0.2",
+    "itlab-functions": "^1.0.4",
     "mongoose": "^8.17.1",
     "rxjs": "^7.8.2"
   },

package/dist/factories/index.d.ts

@@ -1 +0,0 @@
-export * from './virtuals.factory';

package/dist/factories/virtuals.factory.d.ts

@@ -1,79 +0,0 @@
-import { Schema, VirtualTypeOptions } from 'mongoose';
-import { HubResource } from '../hub-resource.enum';
-/**
- * VirtualsFactory
- *
- * Provides a fluent, composable API for defining reusable Mongoose virtuals on schemas.
- * Helps keep schema definitions clean and DRY by centralizing the logic for frequently-used
- * virtual references (accounts, comments, likes, etc.), derived values, and hub-based resources.
- */
-export declare class VirtualsFactory {
-    private readonly schema;
-    private readonly resource;
-    /**
-     * @param {Schema} schema - the schema to create the virtual field on
-     * @param {HubResource} resource - the resource used for the virtual field
-     */
-    constructor(schema: Schema, resource: HubResource);
-    /**
-     * Registers a generic virtual with custom Mongoose options.
-     *
-     * @param {string} name - The virtual field name.
-     * @param {VirtualTypeOptions} [options] - The Mongoose virtual options.
-     * @returns {VirtualsFactory} - The VirtualsFactory instance for chaining.
-     */
-    virtual(name: string, options?: VirtualTypeOptions): VirtualsFactory;
-    /**
-     * Registers a virtual referencing a single Account by ID.
-     *
-     * @param {string} name - Virtual field name.
-     * @param {string} localField - Field containing the Account ID.
-     */
-    virtualSingleAccount(name: string, localField: string): VirtualsFactory;
-    /**
-     * Registers a virtual referencing multiple Accounts by ID array.
-     *
-     * @param {string} name - Virtual field name.
-     * @param {string} localField - Field containing array of Account IDs.
-     */
-    virtualMultipleAccounts(name: string, localField: string): VirtualsFactory;
-    /** Links `accountId` → `account` (single Account) */
-    get account(): VirtualsFactory;
-    /** Links `accountIds` → `accounts` (multiple Accounts) */
-    get accounts(): VirtualsFactory;
-    /** Links `authorId` → `author` (single Account) */
-    get author(): VirtualsFactory;
-    /** Links `authorIds` → `authors` (multiple Accounts) */
-    get authors(): VirtualsFactory;
-    /** Links `submitterId` → `submitter` (single Account) */
-    get submitter(): VirtualsFactory;
-    /** Links `submitterIds` → `submitters` (multiple Accounts) */
-    get submitters(): VirtualsFactory;
-    /** Links `contactId` → `contact` (single Account) */
-    get contact(): VirtualsFactory;
-    /** Links `contactIds` → `contacts` (multiple Accounts) */
-    get contacts(): VirtualsFactory;
-    /** Links `_viewedBy` → `viewedBy` and creates derived `views` counter */
-    get views(): VirtualsFactory;
-    /** Links `_likedBy` → `likedBy` and creates derived `likes` counter */
-    get likes(): VirtualsFactory;
-    /**
-     * Creates `comments` virtual for top-level comments on the resource.
-     * Filters out replies.
-     */
-    get comments(): VirtualsFactory;
-    /**
-     * Creates `commentsCount` virtual for counting all related comments on this resource.
-     */
-    get commentsCount(): VirtualsFactory;
-    /**
-     * Creates an empty virtual field for general content use.
-     * Placeholder to support virtual getter/setter extension in custom implementations.
-     */
-    get content(): VirtualsFactory;
-    /**
-     * Registers `ref-[resource]` virtuals for each known Hub resource.
-     * Used for polymorphic document relationships in the platform.
-     */
-    get hubResources(): VirtualsFactory;
-}

package/dist/factories/virtuals.factory.js

@@ -1,171 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.VirtualsFactory = void 0;
-const class_validator_1 = require("class-validator");
-const hub_resource_enum_1 = require("../hub-resource.enum");
-/**
- * VirtualsFactory
- *
- * Provides a fluent, composable API for defining reusable Mongoose virtuals on schemas.
- * Helps keep schema definitions clean and DRY by centralizing the logic for frequently-used
- * virtual references (accounts, comments, likes, etc.), derived values, and hub-based resources.
- */
-class VirtualsFactory {
-    /**
-     * @param {Schema} schema - the schema to create the virtual field on
-     * @param {HubResource} resource - the resource used for the virtual field
-     */
-    constructor(schema, resource) {
-        this.schema = schema;
-        this.resource = resource;
-    }
-    // ———————————————————————— Core Helper Methods ————————————————————————
-    /**
-     * Registers a generic virtual with custom Mongoose options.
-     *
-     * @param {string} name - The virtual field name.
-     * @param {VirtualTypeOptions} [options] - The Mongoose virtual options.
-     * @returns {VirtualsFactory} - The VirtualsFactory instance for chaining.
-     */
-    virtual(name, options) {
-        this.schema.virtual(name, options);
-        return this;
-    }
-    /**
-     * Registers a virtual referencing a single Account by ID.
-     *
-     * @param {string} name - Virtual field name.
-     * @param {string} localField - Field containing the Account ID.
-     */
-    virtualSingleAccount(name, localField) {
-        this.schema.virtual(name, {
-            ref: 'accounts',
-            foreignField: '_id',
-            localField,
-            justOne: true,
-        });
-        return this;
-    }
-    /**
-     * Registers a virtual referencing multiple Accounts by ID array.
-     *
-     * @param {string} name - Virtual field name.
-     * @param {string} localField - Field containing array of Account IDs.
-     */
-    virtualMultipleAccounts(name, localField) {
-        this.schema.virtual(name, {
-            ref: 'accounts',
-            foreignField: '_id',
-            localField,
-            justOne: false,
-        });
-        return this;
-    }
-    // ———————————————————————— Account-Related Virtuals ————————————————————————
-    /** Links `accountId` → `account` (single Account) */
-    get account() {
-        return this.virtualSingleAccount('account', 'accountId');
-    }
-    /** Links `accountIds` → `accounts` (multiple Accounts) */
-    get accounts() {
-        return this.virtualMultipleAccounts('accounts', 'accountIds');
-    }
-    /** Links `authorId` → `author` (single Account) */
-    get author() {
-        return this.virtualSingleAccount('author', 'authorId');
-    }
-    /** Links `authorIds` → `authors` (multiple Accounts) */
-    get authors() {
-        return this.virtualMultipleAccounts('authors', 'authorIds');
-    }
-    /** Links `submitterId` → `submitter` (single Account) */
-    get submitter() {
-        return this.virtualSingleAccount('submitter', 'submitterId');
-    }
-    /** Links `submitterIds` → `submitters` (multiple Accounts) */
-    get submitters() {
-        return this.virtualMultipleAccounts('submitters', 'submitterIds');
-    }
-    /** Links `contactId` → `contact` (single Account) */
-    get contact() {
-        return this.virtualSingleAccount('contact', 'contactId');
-    }
-    /** Links `contactIds` → `contacts` (multiple Accounts) */
-    get contacts() {
-        return this.virtualMultipleAccounts('contacts', 'contactIds');
-    }
-    /** Links `_viewedBy` → `viewedBy` and creates derived `views` counter */
-    get views() {
-        this.virtualMultipleAccounts('viewedBy', '_viewedBy');
-        this.schema.virtual('views').get(function () {
-            return (0, class_validator_1.isArray)(this._viewedBy) ? this._viewedBy.length : 0;
-        });
-        return this;
-    }
-    /** Links `_likedBy` → `likedBy` and creates derived `likes` counter */
-    get likes() {
-        this.virtualMultipleAccounts('likedBy', '_likedBy');
-        this.schema.virtual('likes').get(function () {
-            return (0, class_validator_1.isArray)(this._likedBy) ? this._likedBy.length : 0;
-        });
-        return this;
-    }
-    // ———————————————————————— Comment-Related Virtuals ————————————————————————
-    /**
-     * Creates `comments` virtual for top-level comments on the resource.
-     * Filters out replies.
-     */
-    get comments() {
-        this.schema.virtual('comments', {
-            ref: 'comments',
-            foreignField: '_resourceId',
-            localField: '_id',
-            match: {
-                _resource: this.resource,
-                _replyTo: { $exists: false },
-            },
-            justOne: false,
-        });
-        return this;
-    }
-    /**
-     * Creates `commentsCount` virtual for counting all related comments on this resource.
-     */
-    get commentsCount() {
-        this.schema.virtual('commentsCount', {
-            ref: 'comments',
-            foreignField: '_resourceId',
-            localField: '_id',
-            match: { _resource: this.resource },
-            count: true,
-        });
-        return this;
-    }
-    // ———————————————————————— Content and Utility Virtuals ————————————————————————
-    /**
-     * Creates an empty virtual field for general content use.
-     * Placeholder to support virtual getter/setter extension in custom implementations.
-     */
-    get content() {
-        this.schema.virtual('content');
-        return this;
-    }
-    // ———————————————————————— Hub Resource Virtuals ————————————————————————
-    /**
-     * Registers `ref-[resource]` virtuals for each known Hub resource.
-     * Used for polymorphic document relationships in the platform.
-     */
-    get hubResources() {
-        for (const resource of hub_resource_enum_1.HUB_RESOURCES) {
-            this.schema.virtual(`ref-${resource}`, {
-                ref: resource,
-                foreignField: '_id',
-                localField: '_resourceId',
-                match: { _resource: resource },
-                justOne: true,
-            });
-        }
-        return this;
-    }
-}
-exports.VirtualsFactory = VirtualsFactory;

package/dist/modules/authentication/guards/auth.guard.d.ts

@@ -1,36 +0,0 @@
-import { CanActivate, ExecutionContext } from '@nestjs/common';
-import { Reflector } from '@nestjs/core';
-import { JwtService } from '@nestjs/jwt';
-import { AuthenticationModuleOptions } from '../authentication-module-options.interface';
-/**
- * AuthGuard
- *
- * @class
- * Implements route-level security using JWT authentication.
- * Allows bypassing auth for routes marked with the `IS_PUBLIC_METADATA_KEY` metadata.
- * If authentication is required, verifies the JWT and attaches the decoded payload to the request object.
- */
-export declare class AuthGuard implements CanActivate {
-    private readonly authOptions;
-    private readonly jwtService;
-    private readonly reflector;
-    constructor(authOptions: AuthenticationModuleOptions, jwtService: JwtService, reflector: Reflector);
-    /**
-     * Evaluates if the current request is authorized to proceed.
-     * Skips JWT validation for routes marked as public.
-     * If the route is protected, validates the JWT and attaches user data to the request.
-     *
-     * @param {ExecutionContext} context - The current request execution context.
-     * @returns {boolean} Whether the request is allowed to proceed.
-     * @throws {UnauthorizedException} If JWT is missing or invalid.
-     */
-    canActivate(context: ExecutionContext): boolean;
-}
-/**
- * Decorator that applies JWT authentication to a route or controller.
- * Combines NestJS guards and Swagger decorators to enforce security
- * and document the authentication requirement.
- *
- * @returns {MethodDecorator & ClassDecorator} A decorator that enforces JWT authentication.
- */
-export declare function RequireJwtAuth(): MethodDecorator & ClassDecorator;

package/dist/modules/authentication/guards/auth.guard.js

@@ -1,107 +0,0 @@
-"use strict";
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-var __metadata = (this && this.__metadata) || function (k, v) {
-    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
-};
-var __param = (this && this.__param) || function (paramIndex, decorator) {
-    return function (target, key) { decorator(target, key, paramIndex); }
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthGuard = void 0;
-exports.RequireJwtAuth = RequireJwtAuth;
-const common_1 = require("@nestjs/common");
-const core_1 = require("@nestjs/core");
-const jwt_1 = require("@nestjs/jwt");
-const swagger_1 = require("@nestjs/swagger");
-const inject_auth_options_decorator_1 = require("../inject-auth-options.decorator");
-const public_guard_1 = require("./public.guard");
-/**
- * AuthGuard
- *
- * @class
- * Implements route-level security using JWT authentication.
- * Allows bypassing auth for routes marked with the `IS_PUBLIC_METADATA_KEY` metadata.
- * If authentication is required, verifies the JWT and attaches the decoded payload to the request object.
- */
-let AuthGuard = class AuthGuard {
-    constructor(authOptions, jwtService, reflector) {
-        this.authOptions = authOptions;
-        this.jwtService = jwtService;
-        this.reflector = reflector;
-    }
-    /**
-     * Evaluates if the current request is authorized to proceed.
-     * Skips JWT validation for routes marked as public.
-     * If the route is protected, validates the JWT and attaches user data to the request.
-     *
-     * @param {ExecutionContext} context - The current request execution context.
-     * @returns {boolean} Whether the request is allowed to proceed.
-     * @throws {UnauthorizedException} If JWT is missing or invalid.
-     */
-    canActivate(context) {
-        const isPublicRoute = this.reflector.getAllAndOverride(public_guard_1.IS_PUBLIC_METADATA_KEY, [
-            context.getHandler(),
-            context.getClass(),
-        ]);
-        if (isPublicRoute)
-            return true; // Public route; skip auth.
-        const request = context.switchToHttp().getRequest();
-        const token = extractBearerToken(request);
-        if (!token) {
-            // No token found in request headers.
-            throw new common_1.UnauthorizedException('Authorization token not found.');
-        }
-        try {
-            // Attempt to verify token using configured JWT secret.
-            const decodedUser = this.jwtService.verify(token, { secret: this.authOptions.jwtSecret });
-            // Attach the decoded JWT payload to the request object for later use.
-            request['user'] = decodedUser;
-        }
-        catch (_a) {
-            // Verification failed: could be malformed, expired, or invalid signature.
-            throw new common_1.UnauthorizedException('Invalid or expired token.');
-        }
-        return true;
-    }
-};
-exports.AuthGuard = AuthGuard;
-exports.AuthGuard = AuthGuard = __decorate([
-    (0, common_1.Injectable)(),
-    __param(0, (0, inject_auth_options_decorator_1.InjectAuthOptions)()),
-    __metadata("design:paramtypes", [Object, jwt_1.JwtService,
-        core_1.Reflector])
-], AuthGuard);
-/**
- * Extracts a JWT from the Authorization header of the HTTP request.
- * Accepts only the 'Bearer <token>' format.
- *
- * @param {Request} request - Incoming HTTP request from the client.
- * @returns {string | undefined} The extracted token if present and valid; otherwise, undefined.
- */
-function extractBearerToken(request) {
-    const authorizationHeader = request.headers.authorization;
-    if (!authorizationHeader)
-        return undefined;
-    const [scheme, token] = authorizationHeader.split(' ');
-    // Only accept Bearer token format
-    if (scheme !== 'Bearer' || !(token === null || token === void 0 ? void 0 : token.trim())) {
-        return undefined;
-    }
-    return token;
-}
-/**
- * Decorator that applies JWT authentication to a route or controller.
- * Combines NestJS guards and Swagger decorators to enforce security
- * and document the authentication requirement.
- *
- * @returns {MethodDecorator & ClassDecorator} A decorator that enforces JWT authentication.
- */
-function RequireJwtAuth() {
-    return (0, common_1.applyDecorators)((0, common_1.UseGuards)(AuthGuard), (0, swagger_1.ApiBearerAuth)(), // Indicates that the route uses bearer token auth.
-    (0, swagger_1.ApiUnauthorizedResponse)({ description: 'Unauthorized: Invalid or missing JWT' }));
-}

package/dist/modules/authentication/guards/internal.guard.d.ts

@@ -1,33 +0,0 @@
-import { CanActivate, ExecutionContext } from '@nestjs/common';
-import { AuthenticationModuleOptions } from '../authentication-module-options.interface';
-/**
- * INTERNAL_HEADER_KEY
- *
- * Custom HTTP header used to validate internal Kubernetes-based requests.
- * This header must contain a pre-configured token for access to protected internal routes.
- */
-export declare const INTERNAL_HEADER_KEY = "X-itlab-k8s-auth";
-/**
- * Guard that validates incoming requests against a shared internal token,
- * typically used for internal service-to-service communication (e.g. from Kubernetes).
- * Only requests with a matching token in the `X-itlab-k8s-auth` header are authorized.
- */
-export declare class InternalGuard implements CanActivate {
-    private readonly authOptions;
-    constructor(authOptions: AuthenticationModuleOptions);
-    /**
-     * Determines whether the request contains a valid internal auth token.
-     *
-     * @param {ExecutionContext} context - The current execution context of the request.
-     * @returns {boolean} Whether the request is authorized.
-     * @throws {UnauthorizedException} If the token is missing or invalid.
-     */
-    canActivate(context: ExecutionContext): boolean;
-}
-/**
- * Decorator that secures a controller or route to only be accessible by internal services
- * using the `InternalGuard`. Adds Swagger docs indicating the required custom header.
- *
- * @returns {MethodDecorator & ClassDecorator} Decorator to enforce internal-only access.
- */
-export declare function InternalOnly(): MethodDecorator & ClassDecorator;