max-nestjs 0.0.1

package/README.md

@@ -0,0 +1,88 @@
+# max-nestjs
+
+NestJS-библиотека для валидации `initData` из мини-приложений MAX. Пакет предоставляет DI-модуль, guard для проверки подписи `WebAppData` и decorator для доступа к текущему пользователю в контроллерах.
+
+Типы MAX Mini App берутся из `max-bridge`, поэтому не нужно дублировать модели `user`, `chat` и `initData`.
+
+## Установка
+
+```sh
+npm i max-nestjs
+```
+
+Пакет рассчитан на NestJS 10 или 11.
+
+## Подключение
+
+Подключите `MaxModule` в корневом модуле приложения:
+
+```ts
+import { Module } from '@nestjs/common'
+import { MaxModule } from 'max-nestjs'
+
+@Module({
+  imports: [
+    MaxModule.forRoot({
+      botToken: process.env.MAX_BOT_TOKEN!
+    })
+  ]
+})
+export class AppModule {}
+```
+
+Параметры модуля:
+
+- `botToken` - токен бота MAX для валидации подписи.
+- `headerName` - имя заголовка с raw init data. По умолчанию `x-max-init-data`.
+- `maxAgeSeconds` - максимальный возраст `auth_date` в секундах. По умолчанию `3600`.
+
+## Использование
+
+Клиент должен отправлять `window.WebApp.initData` в HTTP-заголовке `x-max-init-data`:
+
+```ts
+await fetch('/api/max/profile', {
+  headers: {
+    'x-max-init-data': window.WebApp.initData
+  }
+})
+```
+
+В контроллере подключите `MaxAuthGuard` и получите пользователя через `@MaxUser()`:
+
+```ts
+import { Controller, Get, UseGuards } from '@nestjs/common'
+import { MaxAuthGuard, MaxUser, type MaxUserData } from 'max-nestjs'
+
+@Controller('max')
+export class MaxController {
+  @Get('profile')
+  @UseGuards(MaxAuthGuard)
+  public getProfile(@MaxUser() user: MaxUserData) {
+    return {
+      id: user.id,
+      username: user.username
+    }
+  }
+}
+```
+
+Можно получить и отдельное поле пользователя:
+
+```ts
+public getProfile(@MaxUser('id') userId: number) {
+  return { userId }
+}
+```
+
+## Что делает guard
+
+`MaxAuthGuard`:
+
+- читает raw init data из заголовка
+- проверяет, что параметры не дублируются
+- собирает `launch_params` по правилам MAX
+- вычисляет HMAC-подпись по `WebAppData`
+- сравнивает `hash`
+- проверяет срок жизни `auth_date`
+- записывает данные в `request.maxInitData` и `request.maxUser`

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+export * from './max.constants';
+export * from './max.interface';
+export * from './max.module';
+export * from './max-auth.guard';
+export { MaxUser } from './max-user.decorator';
+export type { MaxInitData, MaxRequest, MaxUserData } from './types';
+export type { MaxBridgeInitData, MaxBridgeInitDataChat, MaxBridgeInitDataUser } from 'max-bridge';

package/dist/index.js

@@ -0,0 +1,24 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MaxUser = void 0;
+__exportStar(require("./max.constants"), exports);
+__exportStar(require("./max.interface"), exports);
+__exportStar(require("./max.module"), exports);
+__exportStar(require("./max-auth.guard"), exports);
+var max_user_decorator_1 = require("./max-user.decorator");
+Object.defineProperty(exports, "MaxUser", { enumerable: true, get: function () { return max_user_decorator_1.MaxUser; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,kDAA+B;AAC/B,kDAA+B;AAC/B,+CAA4B;AAC5B,mDAAgC;AAChC,2DAA8C;AAArC,6GAAA,OAAO,OAAA"}

package/dist/max-auth.guard.d.ts

@@ -0,0 +1,8 @@
+import { CanActivate, type ExecutionContext } from '@nestjs/common';
+import type { MaxResolvedModuleOptions } from './max.interface';
+export declare class MaxAuthGuard implements CanActivate {
+    private readonly options;
+    constructor(options: MaxResolvedModuleOptions);
+    canActivate(context: ExecutionContext): boolean;
+    private validateInitData;
+}

package/dist/max-auth.guard.js

@@ -0,0 +1,148 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MaxAuthGuard = void 0;
+const common_1 = require("@nestjs/common");
+const max_constants_1 = require("./max.constants");
+const common_2 = require("@nestjs/common");
+const crypto_1 = require("crypto");
+const max_constants_2 = require("./max.constants");
+let MaxAuthGuard = class MaxAuthGuard {
+    constructor(options) {
+        this.options = options;
+    }
+    canActivate(context) {
+        const request = context.switchToHttp().getRequest();
+        const headerValue = request.headers[this.options.headerName];
+        if (typeof headerValue !== 'string') {
+            throw new common_1.UnauthorizedException('MAX init data is missing');
+        }
+        const initData = this.validateInitData(headerValue);
+        request.maxInitData = initData;
+        request.maxUser = initData.user;
+        return true;
+    }
+    validateInitData(rawInitData) {
+        const params = parseRawParams(rawInitData);
+        const hashParam = getRequiredUniqueParam(params, 'hash');
+        const authDateParam = getRequiredUniqueParam(params, 'auth_date');
+        const userParam = getRequiredUniqueParam(params, 'user');
+        const launchParams = params
+            .filter((param) => param.key !== 'hash')
+            .sort((left, right) => left.key.localeCompare(right.key))
+            .map((param) => `${param.key}=${param.value}`)
+            .join('\n');
+        const secretKey = (0, crypto_1.createHmac)('sha256', max_constants_2.MAX_WEB_APP_DATA_KEY).update(this.options.botToken).digest();
+        const calculatedHash = (0, crypto_1.createHmac)('sha256', secretKey).update(launchParams).digest('hex');
+        if (!safeEqual(calculatedHash, hashParam.value)) {
+            throw new common_1.UnauthorizedException('Invalid MAX init data signature');
+        }
+        if (!/^\d+$/.test(authDateParam.value)) {
+            throw new common_2.BadRequestException('Invalid MAX init data auth_date');
+        }
+        const authDate = Number.parseInt(authDateParam.value, 10);
+        const maxAgeSeconds = this.options.maxAgeSeconds ?? max_constants_2.DEFAULT_MAX_AGE_SECONDS;
+        const nowSeconds = Math.floor(Date.now() / 1000);
+        if (nowSeconds - authDate > maxAgeSeconds) {
+            throw new common_1.UnauthorizedException('MAX init data expired');
+        }
+        return {
+            auth_date: authDate,
+            hash: hashParam.value,
+            ip: getOptionalParam(params, 'ip'),
+            query_id: getOptionalParam(params, 'query_id'),
+            start_param: getOptionalParam(params, 'start_param'),
+            chat: parseOptionalJsonParam(params, 'chat'),
+            user: parseJsonValue(userParam.key, userParam.value)
+        };
+    }
+};
+exports.MaxAuthGuard = MaxAuthGuard;
+exports.MaxAuthGuard = MaxAuthGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Inject)(max_constants_1.MAX_OPTIONS_SYMBOL)),
+    __metadata("design:paramtypes", [Object])
+], MaxAuthGuard);
+const parseRawParams = (rawInitData) => {
+    const parts = rawInitData.split('&');
+    if (!parts.length) {
+        throw new common_2.BadRequestException('MAX init data is empty');
+    }
+    const params = parts.map(parseRawParam);
+    const occurrences = new Map();
+    for (const param of params) {
+        occurrences.set(param.key, (occurrences.get(param.key) ?? 0) + 1);
+    }
+    for (const [key, count] of occurrences) {
+        if (count !== 1) {
+            throw new common_2.BadRequestException(`MAX init data contains duplicate parameter "${key}"`);
+        }
+    }
+    return params;
+};
+const parseRawParam = (rawParam) => {
+    const separatorIndex = rawParam.indexOf('=');
+    if (separatorIndex <= 0) {
+        throw new common_2.BadRequestException('Invalid MAX init data parameter');
+    }
+    const key = rawParam.slice(0, separatorIndex);
+    const encodedValue = rawParam.slice(separatorIndex + 1);
+    return {
+        key,
+        value: decodeValue(encodedValue)
+    };
+};
+const decodeValue = (value) => {
+    try {
+        return decodeURIComponent(value);
+    }
+    catch {
+        throw new common_2.BadRequestException('Failed to decode MAX init data parameter');
+    }
+};
+const getRequiredUniqueParam = (params, key) => {
+    const matches = params.filter((param) => param.key === key);
+    if (matches.length !== 1) {
+        throw new common_2.BadRequestException(`MAX init data must contain exactly one "${key}" parameter`);
+    }
+    return matches[0];
+};
+const getOptionalParam = (params, key) => {
+    const match = params.find((param) => param.key === key);
+    return match?.value;
+};
+const parseOptionalJsonParam = (params, key) => {
+    const value = getOptionalParam(params, key);
+    if (value === undefined) {
+        return undefined;
+    }
+    return parseJsonValue(key, value);
+};
+const parseJsonValue = (key, value) => {
+    try {
+        return JSON.parse(value);
+    }
+    catch {
+        throw new common_2.BadRequestException(`Invalid MAX init data JSON value for "${key}"`);
+    }
+};
+const safeEqual = (left, right) => {
+    const leftBuffer = Buffer.from(left, 'utf8');
+    const rightBuffer = Buffer.from(right, 'utf8');
+    if (leftBuffer.length !== rightBuffer.length) {
+        return false;
+    }
+    return (0, crypto_1.timingSafeEqual)(leftBuffer, rightBuffer);
+};
+//# sourceMappingURL=max-auth.guard.js.map

package/dist/max-auth.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"max-auth.guard.js","sourceRoot":"","sources":["../src/max-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAMuB;AACvB,mDAAoD;AAGpD,2CAAoD;AACpD,mCAAoD;AACpD,mDAA+E;AASxE,IAAM,YAAY,GAAlB,MAAM,YAAY;IACvB,YAEmB,OAAiC;QAAjC,YAAO,GAAP,OAAO,CAA0B;IACjD,CAAC;IAEG,WAAW,CAAC,OAAyB;QAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAc,CAAA;QAC/D,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;QAE5D,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,8BAAqB,CAAC,0BAA0B,CAAC,CAAA;QAC7D,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAA;QAEnD,OAAO,CAAC,WAAW,GAAG,QAAQ,CAAA;QAC9B,OAAO,CAAC,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAA;QAE/B,OAAO,IAAI,CAAA;IACb,CAAC;IAEO,gBAAgB,CAAC,WAAmB;QAC1C,MAAM,MAAM,GAAG,cAAc,CAAC,WAAW,CAAC,CAAA;QAC1C,MAAM,SAAS,GAAG,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QACxD,MAAM,aAAa,GAAG,sBAAsB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAA;QACjE,MAAM,SAAS,GAAG,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QAExD,MAAM,YAAY,GAAG,MAAM;aACxB,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,KAAK,MAAM,CAAC;aACvC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aACxD,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,GAAG,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;aAC7C,IAAI,CAAC,IAAI,CAAC,CAAA;QAEb,MAAM,SAAS,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,oCAAoB,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAA;QACnG,MAAM,cAAc,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAEzF,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,8BAAqB,CAAC,iCAAiC,CAAC,CAAA;QACpE,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,4BAAmB,CAAC,iCAAiC,CAAC,CAAA;QAClE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;QAEzD,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,IAAI,uCAAuB,CAAA;QAC3E,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;QAEhD,IAAI,UAAU,GAAG,QAAQ,GAAG,aAAa,EAAE,CAAC;YAC1C,MAAM,IAAI,8BAAqB,CAAC,uBAAuB,CAAC,CAAA;QAC1D,CAAC;QAED,OAAO;YACL,SAAS,EAAE,QAAQ;YACnB,IAAI,EAAE,SAAS,CAAC,KAAK;YACrB,EAAE,EAAE,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC;YAClC,QAAQ,EAAE,gBAAgB,CAAC,MAAM,EAAE,UAAU,CAAC;YAC9C,WAAW,EAAE,gBAAgB,CAAC,MAAM,EAAE,aAAa,CAAC;YACpD,IAAI,EAAE,sBAAsB,CAAsB,MAAM,EAAE,MAAM,CAAC;YACjE,IAAI,EAAE,cAAc,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,KAAK,CAAC;SACrD,CAAA;IACH,CAAC;CACF,CAAA;AAhEY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;IAGR,WAAA,IAAA,eAAM,EAAC,kCAAkB,CAAC,CAAA;;GAFlB,YAAY,CAgExB;AAED,MAAM,cAAc,GAAG,CAAC,WAAmB,EAAc,EAAE;IACzD,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEpC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,IAAI,4BAAmB,CAAC,wBAAwB,CAAC,CAAA;IACzD,CAAC;IAED,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;IACvC,MAAM,WAAW,GAAG,IAAI,GAAG,EAAkB,CAAA;IAE7C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;IACnE,CAAC;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC;QACvC,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;YAChB,MAAM,IAAI,4BAAmB,CAAC,+CAA+C,GAAG,GAAG,CAAC,CAAA;QACtF,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC,CAAA;AAED,MAAM,aAAa,GAAG,CAAC,QAAgB,EAAY,EAAE;IACnD,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAE5C,IAAI,cAAc,IAAI,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,4BAAmB,CAAC,iCAAiC,CAAC,CAAA;IAClE,CAAC;IAED,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAA;IAC7C,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,CAAA;IAEvD,OAAO;QACL,GAAG;QACH,KAAK,EAAE,WAAW,CAAC,YAAY,CAAC;KACjC,CAAA;AACH,CAAC,CAAA;AAED,MAAM,WAAW,GAAG,CAAC,KAAa,EAAU,EAAE;IAC5C,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAA;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,4BAAmB,CAAC,0CAA0C,CAAC,CAAA;IAC3E,CAAC;AACH,CAAC,CAAA;AAED,MAAM,sBAAsB,GAAG,CAAC,MAAkB,EAAE,GAAW,EAAY,EAAE;IAC3E,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,KAAK,GAAG,CAAC,CAAA;IAE3D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,4BAAmB,CAAC,2CAA2C,GAAG,aAAa,CAAC,CAAA;IAC5F,CAAC;IAED,OAAO,OAAO,CAAC,CAAC,CAAC,CAAA;AACnB,CAAC,CAAA;AAED,MAAM,gBAAgB,GAAG,CAAC,MAAkB,EAAE,GAAW,EAAsB,EAAE;IAC/E,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,KAAK,GAAG,CAAC,CAAA;IAEvD,OAAO,KAAK,EAAE,KAAK,CAAA;AACrB,CAAC,CAAA;AAED,MAAM,sBAAsB,GAAG,CAAI,MAAkB,EAAE,GAAW,EAAiB,EAAE;IACnF,MAAM,KAAK,GAAG,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAE3C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,OAAO,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;AACnC,CAAC,CAAA;AAED,MAAM,cAAc,GAAG,CAAI,GAAW,EAAE,KAAa,EAAK,EAAE;IAC1D,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAM,CAAA;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,4BAAmB,CAAC,yCAAyC,GAAG,GAAG,CAAC,CAAA;IAChF,CAAC;AACH,CAAC,CAAA;AAED,MAAM,SAAS,GAAG,CAAC,IAAY,EAAE,KAAa,EAAW,EAAE;IACzD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;IAE9C,IAAI,UAAU,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAA,wBAAe,EAAC,UAAU,EAAE,WAAW,CAAC,CAAA;AACjD,CAAC,CAAA"}

package/dist/max-user.decorator.d.ts

@@ -0,0 +1 @@
+export declare const MaxUser: (...dataOrPipes: (keyof import("max-bridge").MaxBridgeInitDataUser | import("@nestjs/common").PipeTransform<any, any> | import("@nestjs/common").Type<import("@nestjs/common").PipeTransform<any, any>> | null | undefined)[]) => ParameterDecorator;

package/dist/max-user.decorator.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MaxUser = void 0;
+const common_1 = require("@nestjs/common");
+exports.MaxUser = (0, common_1.createParamDecorator)((prop = null, ctx) => {
+    const request = ctx.switchToHttp().getRequest();
+    const user = request.maxUser;
+    if (!user) {
+        return null;
+    }
+    return prop ? user[prop] : user;
+});
+//# sourceMappingURL=max-user.decorator.js.map

package/dist/max-user.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"max-user.decorator.js","sourceRoot":"","sources":["../src/max-user.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAA4E;AAG/D,QAAA,OAAO,GAAG,IAAA,6BAAoB,EACzC,CAAC,OAAiC,IAAI,EAAE,GAAqB,EAAE,EAAE;IAC/D,MAAM,OAAO,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC,UAAU,EAAc,CAAA;IAC3D,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAA;IAE5B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;AACjC,CAAC,CACF,CAAA"}

package/dist/max.constants.d.ts

@@ -0,0 +1,4 @@
+export declare const MAX_OPTIONS_SYMBOL: unique symbol;
+export declare const MAX_WEB_APP_DATA_KEY = "WebAppData";
+export declare const DEFAULT_MAX_INIT_DATA_HEADER = "x-max-init-data";
+export declare const DEFAULT_MAX_AGE_SECONDS: number;

package/dist/max.constants.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_MAX_AGE_SECONDS = exports.DEFAULT_MAX_INIT_DATA_HEADER = exports.MAX_WEB_APP_DATA_KEY = exports.MAX_OPTIONS_SYMBOL = void 0;
+exports.MAX_OPTIONS_SYMBOL = Symbol('MaxOptionsSymbol');
+exports.MAX_WEB_APP_DATA_KEY = 'WebAppData';
+exports.DEFAULT_MAX_INIT_DATA_HEADER = 'x-max-init-data';
+exports.DEFAULT_MAX_AGE_SECONDS = 60 * 60;
+//# sourceMappingURL=max.constants.js.map

package/dist/max.constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"max.constants.js","sourceRoot":"","sources":["../src/max.constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,kBAAkB,GAAG,MAAM,CAAC,kBAAkB,CAAC,CAAA;AAE/C,QAAA,oBAAoB,GAAG,YAAY,CAAA;AACnC,QAAA,4BAA4B,GAAG,iBAAiB,CAAA;AAChD,QAAA,uBAAuB,GAAG,EAAE,GAAG,EAAE,CAAA"}

package/dist/max.interface.d.ts

@@ -0,0 +1,23 @@
+import type { FactoryProvider, ModuleMetadata } from '@nestjs/common';
+export type MaxModuleOptions = {
+    /**
+     * Токен бота MAX, используемый для проверки подписи init data.
+     */
+    botToken: string;
+    /**
+     * Имя HTTP-заголовка, из которого guard читает raw init data.
+     * По умолчанию: `x-max-init-data`.
+     */
+    headerName?: string;
+    /**
+     * Максимальный возраст init data в секундах.
+     * По умолчанию: 3600.
+     */
+    maxAgeSeconds?: number;
+};
+export type MaxResolvedModuleOptions = {
+    botToken: string;
+    headerName: string;
+    maxAgeSeconds: number;
+};
+export type MaxModuleAsyncOptions = Pick<ModuleMetadata, 'imports'> & Pick<FactoryProvider<MaxModuleOptions>, 'useFactory' | 'inject'>;

package/dist/max.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=max.interface.js.map

package/dist/max.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"max.interface.js","sourceRoot":"","sources":["../src/max.interface.ts"],"names":[],"mappings":""}

package/dist/max.module.d.ts

@@ -0,0 +1,5 @@
+import { type DynamicModule } from '@nestjs/common';
+import type { MaxModuleOptions } from './max.interface';
+export declare class MaxModule {
+    static forRoot(options: MaxModuleOptions): DynamicModule;
+}

package/dist/max.module.js

@@ -0,0 +1,51 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var MaxModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MaxModule = void 0;
+const common_1 = require("@nestjs/common");
+const max_constants_1 = require("./max.constants");
+const max_auth_guard_1 = require("./max-auth.guard");
+let MaxModule = MaxModule_1 = class MaxModule {
+    static forRoot(options) {
+        return {
+            module: MaxModule_1,
+            providers: [
+                {
+                    provide: max_constants_1.MAX_OPTIONS_SYMBOL,
+                    useValue: normalizeOptions(options)
+                },
+                max_auth_guard_1.MaxAuthGuard
+            ],
+            exports: [max_constants_1.MAX_OPTIONS_SYMBOL, max_auth_guard_1.MaxAuthGuard],
+            global: true
+        };
+    }
+};
+exports.MaxModule = MaxModule;
+exports.MaxModule = MaxModule = MaxModule_1 = __decorate([
+    (0, common_1.Global)(),
+    (0, common_1.Module)({})
+], MaxModule);
+const normalizeOptions = (options) => {
+    const botToken = options.botToken.trim();
+    if (!botToken) {
+        throw new Error('MAX bot token is required');
+    }
+    const headerName = options.headerName?.trim() || max_constants_1.DEFAULT_MAX_INIT_DATA_HEADER;
+    const maxAgeSeconds = options.maxAgeSeconds ?? max_constants_1.DEFAULT_MAX_AGE_SECONDS;
+    if (!Number.isInteger(maxAgeSeconds) || maxAgeSeconds < 0) {
+        throw new Error('MAX maxAgeSeconds must be a non-negative integer');
+    }
+    return {
+        botToken,
+        headerName,
+        maxAgeSeconds
+    };
+};
+//# sourceMappingURL=max.module.js.map

package/dist/max.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"max.module.js","sourceRoot":"","sources":["../src/max.module.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAAmE;AACnE,mDAIwB;AAExB,qDAA+C;AAIxC,IAAM,SAAS,iBAAf,MAAM,SAAS;IACb,MAAM,CAAC,OAAO,CAAC,OAAyB;QAC7C,OAAO;YACL,MAAM,EAAE,WAAS;YACjB,SAAS,EAAE;gBACT;oBACE,OAAO,EAAE,kCAAkB;oBAC3B,QAAQ,EAAE,gBAAgB,CAAC,OAAO,CAAC;iBACpC;gBACD,6BAAY;aACb;YACD,OAAO,EAAE,CAAC,kCAAkB,EAAE,6BAAY,CAAC;YAC3C,MAAM,EAAE,IAAI;SACb,CAAA;IACH,CAAC;CACF,CAAA;AAfY,8BAAS;oBAAT,SAAS;IAFrB,IAAA,eAAM,GAAE;IACR,IAAA,eAAM,EAAC,EAAE,CAAC;GACE,SAAS,CAerB;AAED,MAAM,gBAAgB,GAAG,CAAC,OAAyB,EAA4B,EAAE;IAC/E,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;IAExC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAA;IAC9C,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,EAAE,IAAI,EAAE,IAAI,4CAA4B,CAAA;IAC7E,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,uCAAuB,CAAA;IAEtE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,aAAa,CAAC,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAA;IACrE,CAAC;IAED,OAAO;QACL,QAAQ;QACR,UAAU;QACV,aAAa;KACd,CAAA;AACH,CAAC,CAAA"}

package/dist/types.d.ts

@@ -0,0 +1,13 @@
+import type { Request } from 'express';
+import type { MaxBridgeInitData, MaxBridgeInitDataChat, MaxBridgeInitDataUser } from 'max-bridge';
+export type MaxUserData = MaxBridgeInitDataUser;
+export interface MaxInitData extends Omit<Partial<MaxBridgeInitData>, 'hash' | 'auth_date' | 'user' | 'chat'> {
+    hash: MaxBridgeInitData['hash'];
+    auth_date: MaxBridgeInitData['auth_date'];
+    user: MaxUserData;
+    chat?: MaxBridgeInitDataChat;
+}
+export interface MaxRequest extends Request {
+    maxInitData: MaxInitData;
+    maxUser: MaxUserData;
+}

package/dist/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "max-nestjs",
+  "version": "0.0.1",
+  "description": "NestJS helpers for validating MAX Mini App init data.",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "keywords": [
+    "max",
+    "nestjs",
+    "nestjs-module",
+    "messenger",
+    "max-messenger",
+    "webapp"
+  ],
+  "repository": "https://github.com/troovi/libs",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "sideEffects": false,
+  "scripts": {
+    "build": "rm -rf dist && tsc -p tsconfig.json"
+  },
+  "dependencies": {
+    "max-bridge": "*"
+  },
+  "devDependencies": {
+    "@nestjs/common": "^11.1.17",
+    "@nestjs/core": "^11.1.17"
+  },
+  "peerDependencies": {
+    "@nestjs/common": "^10.0.0 || ^11.0.0",
+    "@nestjs/core": "^10.0.0 || ^11.0.0"
+  }
+}